diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-09 09:44:34 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-05-09 09:44:34 +0000 |
commit | a60b67632e088994fb6a708b83187ec3a9906ac2 (patch) | |
tree | 8f6973f257234908082d25734f2730f05d04e39e | |
parent | 54259eb93720b1544ebbc53e32bf33b77188af36 (diff) | |
download | gnutls-a60b67632e088994fb6a708b83187ec3a9906ac2.tar.gz |
credentials are now kept globaly (in order to minimize memory usage).gnutls-0-1-0-srp
This makes no harm since these are never modified by gnutls.
-rw-r--r-- | doc/API | 7 | ||||
-rw-r--r-- | lib/gnutls.h | 2 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 12 | ||||
-rw-r--r-- | lib/gnutls_auth_int.h | 2 | ||||
-rw-r--r-- | src/cli.c | 4 | ||||
-rw-r--r-- | src/serv.c | 4 |
6 files changed, 15 insertions, 16 deletions
@@ -93,12 +93,15 @@ void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...); not use that except for disabling algorithms that were not specified. -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size); +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred); Sets the needed credentials for the specified (in kx) authentication algorithm. Eg username, password - or public and private keys etc. The (void* cred) parameter is a structure that depends on the specified kx algorithm and on the current state (client or server). - cred_size is the size of the structure. + [ In order to minimize memory usage, and share credentials between + several threads gnutls keeps a pointer to cred not the whole cred + structure. Thus you will have to keep the structure allocated until + the last gnutls_deinit(). ] * For GNUTLS_KX_ANON cred should be NULL. * For GNUTLS_KX_SRP cred should be SRP_CLIENT_CREDENTIALS diff --git a/lib/gnutls.h b/lib/gnutls.h index 22fd04dff8..568fcc59b4 100644 --- a/lib/gnutls.h +++ b/lib/gnutls.h @@ -104,7 +104,7 @@ int gnutls_crypt_vrfy(const char* username, const char *passwd, char* salt); /* Functions for setting/clearing credentials */ int gnutls_clear_creds( GNUTLS_STATE state); /* cred is a structure defined by the kx algorithm */ -int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred, int cred_size); +int gnutls_set_kx_cred( GNUTLS_STATE, int kx, void* cred); /* Credential structures for SRP - used in gnutls_set_cred(); */ typedef struct { diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 1a345faa21..9ed24c4e3c 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -36,7 +36,6 @@ int gnutls_clear_creds( GNUTLS_STATE state) { ccred = state->gnutls_key->cred; while(ccred!=NULL) { ncred = ccred->next; - if (ccred->credentials!=NULL) gnutls_free(ccred->credentials); if (ccred!=NULL) gnutls_free(ccred); ccred = ncred; } @@ -50,7 +49,7 @@ int gnutls_clear_creds( GNUTLS_STATE state) { * This creates a linked list of the form: * { algorithm, credentials, pointer to next } */ -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) { +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred) { AUTH_CRED * ccred, *pcred; int exists=0; @@ -60,8 +59,7 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) { if (state->gnutls_key->cred == NULL) return GNUTLS_E_MEMORY_ERROR; /* copy credentials localy */ - state->gnutls_key->cred->credentials = gnutls_malloc(cred_size); - memcpy( state->gnutls_key->cred->credentials, cred, cred_size); + state->gnutls_key->cred->credentials = cred; state->gnutls_key->cred->next = NULL; state->gnutls_key->cred->algorithm = kx; @@ -83,15 +81,13 @@ int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size) { ccred = pcred->next; /* copy credentials localy */ - ccred->credentials = gnutls_malloc(cred_size); - memcpy( ccred->credentials, cred, cred_size); + ccred->credentials = cred; ccred->next = NULL; ccred->algorithm = kx; } else { /* modify existing entry */ gnutls_free(ccred->credentials); - ccred->credentials = gnutls_malloc(cred_size); - memcpy( ccred->credentials, cred, cred_size); + ccred->credentials = cred; } } diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index 6a3b8610a7..ffa27bd23d 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -1,4 +1,4 @@ int gnutls_clear_creds( GNUTLS_STATE state); -int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred, int cred_size); +int gnutls_set_kx_cred( GNUTLS_STATE state, int kx, void* cred); void *_gnutls_get_kx_cred( GNUTLS_KEY key, int kx, int* err); @@ -83,8 +83,8 @@ int main() gnutls_set_cipher_priority( state, 3, GNUTLS_3DES, GNUTLS_ARCFOUR, GNUTLS_RIJNDAEL); gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION); gnutls_set_kx_priority( state, 2, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH); - gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL, 0); - gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred, sizeof(cred)); + gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL); + gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred); gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); ret = gnutls_handshake(sd, state); diff --git a/src/serv.c b/src/serv.c index 6783f19135..a025cf1801 100644 --- a/src/serv.c +++ b/src/serv.c @@ -74,8 +74,8 @@ int main() gnutls_set_compression_priority( state, 2, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION); gnutls_set_kx_priority( state, 2, GNUTLS_KX_SRP, GNUTLS_KX_ANON_DH); - gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL, 0); - gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred, sizeof(cred)); + gnutls_set_kx_cred( state, GNUTLS_KX_ANON_DH, NULL); + gnutls_set_kx_cred( state, GNUTLS_KX_SRP, &cred); gnutls_set_mac_priority( state, 2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); sd = accept(listen_sd, (SA *) & sa_cli, &client_len); |