summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2002-01-17 18:56:49 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2002-01-17 18:56:49 +0000
commit4d7a5a6520f7cdd2d903e13e9a4aade28009a269 (patch)
treec93953f1022734da5eeafaa1b179d5df64927217
parentc806339008d3737c87aada2fa785bb600a76054b (diff)
downloadgnutls-4d7a5a6520f7cdd2d903e13e9a4aade28009a269.tar.gz
Renamed gnutls_x509pki_s/get_dh_bits() to gnutls_dh_s/get_dhe_bits().
Renamed gnutls_anon_server/client_get_dh_bits() to gnutls_dh_get_dha_bits().
Diffstat
-rw-r--r--NEWS2
-rw-r--r--doc/tex/ex3.tex4
-rw-r--r--lib/auth_dhe_rsa.c4
-rw-r--r--lib/gnutls_algorithms.c19
-rw-r--r--lib/gnutls_cert.c34
-rw-r--r--lib/gnutls_handshake.c3
-rw-r--r--lib/gnutls_int.h27
-rw-r--r--lib/gnutls_ui.c38
-rw-r--r--lib/gnutls_ui.h15
-rw-r--r--src/common.h2
-rw-r--r--src/serv.c4
11 files changed, 81 insertions, 71 deletions
diff --git a/NEWS b/NEWS
index 10b87b1b43..53ebca1368 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ Version ?.?.?
- gnutls_check_pending() was renamed to gnutls_record_check_pending()
- Key exchange methods changed so they do not depend on the Certificate
type (GNUTLS_KX_X509PKI_* renamed to GNUTLS_KX_*)
+- Renamed gnutls_x509pki_s/get_dh_bits() to gnutls_dh_s/get_dhe_bits()
+- Renamed gnutls_anon_server/client_get_dh_bits() to gnutls_dh_get_dha_bits()
Version 0.3.2 (5/01/2002)
- Corrected bug which did not allow a client to accept multiple CA names
diff --git a/doc/tex/ex3.tex b/doc/tex/ex3.tex
index 3502020ecf..e7a2df3e07 100644
--- a/doc/tex/ex3.tex
+++ b/doc/tex/ex3.tex
@@ -33,7 +33,7 @@ int print_info(GNUTLS_STATE state)
switch (cred) {
case GNUTLS_ANON:
printf("- Anonymous DH using prime of %d bits\n",
- gnutls_anon_client_get_dh_bits(state));
+ gnutls_dh_get_dha_bits(state));
break;
case GNUTLS_X509PKI:
/* in case of X509 PKI
@@ -63,7 +63,7 @@ int print_info(GNUTLS_STATE state)
*/
if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) {
printf("\n- Ephemeral DH using prime of %d bits\n",
- gnutls_x509pki_server_get_dh_bits(state));
+ gnutls_dh_get_dhe_bits(state));
}
/* if the certificate list is available, then
diff --git a/lib/auth_dhe_rsa.c b/lib/auth_dhe_rsa.c
index b9cb10b373..23fd18938a 100644
--- a/lib/auth_dhe_rsa.c
+++ b/lib/auth_dhe_rsa.c
@@ -69,7 +69,7 @@ static int gen_dhe_rsa_server_kx(GNUTLS_STATE state, opaque ** data)
gnutls_datum signature, ddata;
X509PKI_AUTH_INFO info;
- bits = state->gnutls_internals.x509pki_dhe_bits;
+ bits = state->gnutls_internals.dhe_bits;
if (bits < MIN_BITS)
bits = DEFAULT_BITS; /* default */
@@ -361,7 +361,7 @@ static int proc_dhe_rsa_client_kx(GNUTLS_STATE state, opaque * data,
MPI g, p;
int bits, ret;
- bits = state->gnutls_internals.x509pki_dhe_bits;
+ bits = state->gnutls_internals.dhe_bits;
if (bits < MIN_BITS)
bits = DEFAULT_BITS; /* default */
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 8608f8a0e9..66b85f3360 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -23,13 +23,6 @@
#include "gnutls_errors.h"
#include "gnutls_cert.h"
-#define MAX_CIPHER 256
-#define MAX_MAC 256
-#define MAX_KX 256
-#define MAX_CIPHERSUITE 256
-#define MAX_COMPRESSION 256
-#define MAX_VERSION 256
-
/* Cred type mappings to KX algorithms */
typedef struct {
@@ -401,7 +394,7 @@ const char *gnutls_mac_get_name(MACAlgorithm algorithm)
int _gnutls_mac_count()
{
uint8 i, counter = 0;
- for (i = 0; i < MAX_MAC; i++) {
+ for (i = 0; i < MAX_MAC_ALGOS; i++) {
if (_gnutls_mac_is_ok(i) == 0)
counter++;
}
@@ -483,7 +476,7 @@ CompressionMethod _gnutls_compression_get_id(int num)
int _gnutls_compression_count()
{
uint8 i, counter = 0;
- for (i = 0; i < MAX_COMPRESSION; i++) {
+ for (i = 0; i < MAX_COMPRESSION_ALGOS; i++) {
if (_gnutls_compression_is_ok(i) == 0)
counter++;
}
@@ -576,7 +569,7 @@ const char *gnutls_cipher_get_name(BulkCipherAlgorithm algorithm)
int _gnutls_cipher_count()
{
uint8 i, counter = 0;
- for (i = 0; i < MAX_CIPHER; i++) {
+ for (i = 0; i < MAX_CIPHER_ALGOS; i++) {
if (_gnutls_cipher_is_ok(i) == 0)
counter++;
}
@@ -638,7 +631,7 @@ const char *gnutls_kx_get_name(KXAlgorithm algorithm)
int _gnutls_kx_count()
{
uint8 i, counter = 0;
- for (i = 0; i < MAX_KX; i++) {
+ for (i = 0; i < MAX_KX_ALGOS; i++) {
if (_gnutls_kx_is_ok(i) == 0)
counter++;
}
@@ -853,7 +846,7 @@ int _gnutls_cipher_suite_count()
GNUTLS_CipherSuite suite;
int i, counter = 0, j;
- for (j = 0; j < MAX_CIPHERSUITE; j++) {
+ for (j = 0; j < MAX_CIPHERSUITES; j++) {
suite.CipherSuite[0] = j;
#ifdef DEBUG
# warning CHECK SUPPORTED CIPHER SUITES HERE
@@ -861,7 +854,7 @@ int _gnutls_cipher_suite_count()
if (j != 0x00 && j != 0xF6)
continue;
- for (i = 0; i < MAX_CIPHERSUITE; i++) {
+ for (i = 0; i < MAX_CIPHERSUITES; i++) {
suite.CipherSuite[1] = i;
if (_gnutls_cipher_suite_is_ok(suite) == 0)
counter++;
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 97d9124aa5..74372f69b2 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -47,11 +47,11 @@ typedef struct {
/* This table maps the Key exchange algorithms to
* the certificate algorithms. Eg. if we have
* RSA algorithm in the certificate then we can
- * use GNUTLS_KX_X509PKI_RSA or GNUTLS_KX_X509PKI_DHE_RSA.
+ * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
*/
static const gnutls_pk_map pk_mappings[] = {
- {GNUTLS_KX_X509PKI_RSA, GNUTLS_PK_RSA},
- {GNUTLS_KX_X509PKI_DHE_RSA, GNUTLS_PK_RSA},
+ {GNUTLS_KX_RSA, GNUTLS_PK_RSA},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA},
{0}
};
@@ -605,7 +605,7 @@ int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_da
}
/**
- * gnutls_x509pki_set_dh_bits - Used to set the bits for a DHE_* ciphersuite
+ * gnutls_dh_set_dhe_bits - Used to set the bits for a DHE_* ciphersuite
* @state: is a &GNUTLS_STATE structure.
* @bits: is the number of bits
*
@@ -613,11 +613,17 @@ int gnutls_x509pki_set_trust_mem(GNUTLS_X509PKI_CREDENTIALS res, const gnutls_da
* This value will only be used in case of DHE ciphersuite.
*
**/
-void gnutls_x509pki_set_dh_bits(GNUTLS_STATE state, int bits)
+void gnutls_dh_set_dhe_bits(GNUTLS_STATE state, int bits)
{
- state->gnutls_internals.x509pki_dhe_bits = bits;
+ state->gnutls_internals.dhe_bits = bits;
}
+#ifdef DEBUG
+# warning REMOVE THIS ON LIBRARY VERSION CHANGE
+#endif
+void gnutls_x509pki_set_dh_bits(GNUTLS_STATE state, int bits) {
+ gnutls_dh_set_dhe_bits( state, bits);
+}
static int _read_rsa_params(opaque * der, int dersize, MPI * params)
{
@@ -1096,7 +1102,7 @@ int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert,
{
if (_gnutls_map_kx_get_cred(alg) == GNUTLS_X509PKI) {
switch (alg) {
- case GNUTLS_KX_X509PKI_RSA:
+ case GNUTLS_KX_RSA:
if (cert->keyUsage != 0) {
if (!
(cert->
@@ -1107,7 +1113,8 @@ int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert,
return 0;
}
return 0;
- case GNUTLS_KX_X509PKI_DHE_RSA:
+ case GNUTLS_KX_DHE_RSA:
+ case GNUTLS_KX_DHE_DSS:
if (cert->keyUsage != 0) {
if (!
(cert->
@@ -1128,7 +1135,7 @@ int _gnutls_check_x509pki_key_usage(const gnutls_cert * cert,
/* returns the KX algorithms that are supported by a
* certificate. (Eg a certificate with RSA params, supports
- * GNUTLS_KX_X509PKI_RSA algorithm).
+ * GNUTLS_KX_RSA algorithm).
* This function also uses the KeyUsage field of the certificate
* extensions in order to disable unneded algorithms.
*/
@@ -1138,10 +1145,10 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg,
KXAlgorithm kx;
int i;
PKAlgorithm pk;
- KXAlgorithm kxlist[255];
+ KXAlgorithm kxlist[MAX_KX_ALGOS];
i = 0;
- for (kx = 0; kx < 255; kx++) {
+ for (kx = 0; kx < MAX_KX_ALGOS; kx++) {
pk = _gnutls_map_pk_get_pk(kx);
if (pk == cert->subject_pk_algorithm) {
if (_gnutls_check_x509pki_key_usage(cert, kx) == 0) {
@@ -1151,6 +1158,11 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg,
}
}
+ if (i==0) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_PARAMETERS;
+ }
+
*alg = gnutls_calloc(1, sizeof(KXAlgorithm) * i);
if (*alg == NULL)
return GNUTLS_E_MEMORY_ERROR;
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index cfd2c254a6..db68d4714a 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -943,7 +943,8 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data,
ret = length32;
break;
case GNUTLS_SERVER_HELLO_DONE:
- ret = 0;
+ if (length32==0) ret = 0;
+ else ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
break;
case GNUTLS_FINISHED:
ret = length32;
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index c9539afdf1..dd78dd1857 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -127,10 +127,6 @@ typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_S
GNUTLS_FINISHED=20 } HandshakeType;
typedef struct {
- ChangeCipherSpecType type;
-} ChangeCipherSpec;
-
-typedef struct {
opaque * data;
int size;
} gnutls_datum;
@@ -141,6 +137,12 @@ typedef struct {
AlertDescription description;
} Alert;
+#define MAX_KX_ALGOS 16
+#define MAX_CIPHER_ALGOS 16
+#define MAX_MAC_ALGOS 16
+#define MAX_CIPHERSUITES 256
+#define MAX_COMPRESSION_ALGOS 4
+#define MAX_VERSIONS 4
/* STATE */
typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } ConnectionEnd;
@@ -172,10 +174,11 @@ typedef int (*DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data);
typedef int (*DB_REMOVE_FUNC)(void*, gnutls_datum key);
typedef gnutls_datum (*DB_RETR_FUNC)(void*, gnutls_datum key);
-typedef struct {
+typedef struct AUTH_CRED {
KXAlgorithm algorithm;
+ /* the type of credentials depends on algorithm */
void* credentials;
- void* next;
+ struct AUTH_CRED* next;
} AUTH_CRED;
@@ -251,7 +254,7 @@ typedef struct {
opaque srp_username[MAX_SRP_USERNAME];
} TLSExtensions;
-/* AUTH_INFO structures MUST NOT contain malloced
+/* AUTH_INFO structures now MAY contain malloced
* elements.
*/
@@ -412,7 +415,7 @@ typedef struct {
/* gdbm */
char* db_name;
- int expire_time;
+ int expire_time; /* after expire_time seconds this session will expire */
struct MOD_AUTH_STRUCT_INT* auth_struct; /* used in handshake packets and KX algorithms */
int v2_hello; /* 0 if the client hello is v3+.
* non-zero if we got a v2 hello.
@@ -429,7 +432,9 @@ typedef struct {
* if none.
*/
/* this is the highest version available
- * to the peer. (advertized version)
+ * to the peer. (advertized version).
+ * This is obtained by the Handshake Client Hello
+ * message. (some implementations read the Record version)
*/
uint8 adv_version_major;
uint8 adv_version_minor;
@@ -448,7 +453,9 @@ typedef struct {
*/
x509pki_client_cert_callback_func* client_cert_callback;
x509pki_server_cert_callback_func* server_cert_callback;
- int x509pki_dhe_bits;
+
+ /* how may bits to use for DHE? */
+ int dhe_bits;
int max_handshake_data_buffer_size;
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 60134f16b6..82e1ce6f73 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -55,15 +55,14 @@ const char *gnutls_srp_server_get_username(GNUTLS_STATE state)
/* ANON */
/**
- * gnutls_anon_server_get_dh_bits - This function returns the bits used in DH authentication
+ * gnutls_dh_get_dha_bits - This function returns the bits used in anonymous DH authentication
* @state: is a gnutls state
*
- * This function will return the bits used in the Diffie Hellman authentication
- * with the peer. This should only be called in case of a server.
- * Returns a negative value in case of an error.
+ * This function will return the bits used in the anonymous Diffie Hellman authentication
+ * with the peer. Returns a negative value in case of an error.
*
**/
-int gnutls_anon_server_get_dh_bits(GNUTLS_STATE state)
+int gnutls_dh_get_dha_bits(GNUTLS_STATE state)
{
ANON_SERVER_AUTH_INFO info;
@@ -75,25 +74,16 @@ int gnutls_anon_server_get_dh_bits(GNUTLS_STATE state)
return info->dh_bits;
}
-/**
- * gnutls_anon_client_get_dh_bits - This function returns the bits used in DH authentication
- * @state: is a gnutls state
- *
- * This function will return the bits used in the Diffie Hellman authentication
- * with the peer. This should only be called in case of a client.
- * Returns a negative value in case of an error.
- *
- **/
+#ifdef DEBUG
+# warning REMOVE THESE ON LIBRARY UPGRADE
+#endif
+int gnutls_anon_server_get_dh_bits(GNUTLS_STATE state)
+{
+ return gnutls_dh_get_dha_bits( state);
+}
int gnutls_anon_client_get_dh_bits(GNUTLS_STATE state)
{
- ANON_CLIENT_AUTH_INFO info;
-
- CHECK_AUTH(GNUTLS_ANON, GNUTLS_E_INVALID_REQUEST);
-
- info = _gnutls_get_auth_info(state);
- if (info == NULL)
- return GNUTLS_E_UNKNOWN_ERROR;
- return info->dh_bits;
+ return gnutls_dh_get_dha_bits( state);
}
@@ -126,7 +116,7 @@ const gnutls_datum *gnutls_x509pki_get_peer_certificate_list(GNUTLS_STATE state,
/**
- * gnutls_x509pki_get_dh_bits - This function returns the number of bits used in a DHE handshake
+ * gnutls_dh_get_dhe_bits - This function returns the number of bits used in a DHE handshake
* @state: is a gnutls state
*
* This function will return the number of bits used in a Diffie Hellman Handshake. This will only
@@ -135,7 +125,7 @@ const gnutls_datum *gnutls_x509pki_get_peer_certificate_list(GNUTLS_STATE state,
* Returns a negative value in case of an error.
*
**/
-int gnutls_x509pki_get_dh_bits(GNUTLS_STATE state)
+int gnutls_dh_get_dhe_bits(GNUTLS_STATE state)
{
X509PKI_AUTH_INFO info;
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index 9057fec8a1..0efa9d1484 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -52,8 +52,16 @@ const char* gnutls_srp_server_get_username( GNUTLS_STATE state);
/* ANON */
-int gnutls_anon_server_get_dh_bits( GNUTLS_STATE state);
-int gnutls_anon_client_get_dh_bits( GNUTLS_STATE state);
+int gnutls_dh_get_dha_bits( GNUTLS_STATE state);
+
+#define gnutls_anon_server_get_dh_bits gnutls_dh_get_dha_bits
+#define gnutls_anon_client_get_dh_bits gnutls_dh_get_dha_bits
+
+void gnutls_dh_set_dhe_bits( GNUTLS_STATE state, int bits);
+int gnutls_dh_get_dhe_bits( GNUTLS_STATE);
+
+#define gnutls_x509pki_set_dh_bits gnutls_dh_set_dhe_bits
+#define gnutls_x509pki_get_dh_bits gnutls_dh_get_dhe_bits
/* X509PKI */
@@ -62,8 +70,6 @@ void gnutls_x509pki_set_client_cert_callback( GNUTLS_X509PKI_CREDENTIALS, x509pk
void gnutls_x509pki_set_server_cert_callback( GNUTLS_X509PKI_CREDENTIALS, x509pki_server_cert_callback_func *);
void gnutls_x509pki_server_set_cert_request( GNUTLS_STATE, CertificateRequest);
-void gnutls_x509pki_set_dh_bits( GNUTLS_STATE state, int bits);
-
/* X.509 certificate handling functions */
int gnutls_x509pki_extract_dn( const gnutls_datum*, gnutls_DN*);
int gnutls_x509pki_extract_certificate_dn( const gnutls_datum*, gnutls_DN*);
@@ -76,7 +82,6 @@ int gnutls_x509pki_extract_subject_dns_name( const gnutls_datum*, char*, int*);
/* get data from the state */
const gnutls_datum* gnutls_x509pki_get_peer_certificate_list( GNUTLS_STATE, int* list_size);
-int gnutls_x509pki_get_dh_bits( GNUTLS_STATE);
int gnutls_x509pki_get_certificate_request_status( GNUTLS_STATE);
int gnutls_x509pki_get_peer_certificate_status( GNUTLS_STATE);
diff --git a/src/common.h b/src/common.h
index 9d2aee344f..8a475f2109 100644
--- a/src/common.h
+++ b/src/common.h
@@ -60,7 +60,7 @@ GNUTLS_KXAlgorithm kx;
*/
if (kx == GNUTLS_KX_X509PKI_DHE_RSA || kx == GNUTLS_KX_X509PKI_DHE_DSS) {
printf("\n- Ephemeral DH using prime of %d bits\n",
- gnutls_x509pki_server_get_dh_bits( state));
+ gnutls_dh_get_dhe_bits( state));
}
if (cert_list_size > 0) {
diff --git a/src/serv.c b/src/serv.c
index 0a8aa1a675..0f8efb9682 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -133,7 +133,7 @@ void peer_print_info( GNUTLS_STATE state)
if (gnutls_kx_get_algo(state) == GNUTLS_KX_ANON_DH) {
sprintf(tmp2, "<p> Connect using anonymous DH (prime of %d bits)</p>\n",
- gnutls_anon_server_get_dh_bits( state));
+ gnutls_dh_get_dha_bits( state));
}
/* print state information */
@@ -147,7 +147,7 @@ void peer_print_info( GNUTLS_STATE state)
if (gnutls_kx_get_algo(state) == GNUTLS_KX_X509PKI_DHE_RSA || gnutls_kx_get_algo(state) == GNUTLS_KX_X509PKI_DHE_DSS) {
sprintf(tmp2, "Ephemeral DH using prime of <b>%d</b> bits.<br>\n",
- gnutls_x509pki_server_get_dh_bits( state));
+ gnutls_dh_get_dhe_bits( state));
}
tmp =
View Lorry Controller Status