diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-06 20:00:47 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-06 20:00:47 +0000 |
commit | 88202507ec10b6ea0a5a1a5a16cb6803342a601f (patch) | |
tree | bd3192163c36bca435a1502d8166ffc59fc871e2 /lib | |
parent | 645b83512a867ea3bb5b2cce432c679b0e2021d0 (diff) | |
download | gnutls-88202507ec10b6ea0a5a1a5a16cb6803342a601f.tar.gz |
several fixes. Added client authentication with x509PKI
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth_anon.c | 8 | ||||
-rw-r--r-- | lib/auth_anon.h | 7 | ||||
-rw-r--r-- | lib/auth_rsa.c | 33 | ||||
-rw-r--r-- | lib/auth_srp.c | 2 | ||||
-rw-r--r-- | lib/auth_srp.h | 6 | ||||
-rw-r--r-- | lib/auth_x509.c | 2 | ||||
-rw-r--r-- | lib/auth_x509.h | 8 | ||||
-rw-r--r-- | lib/ext_srp.c | 8 | ||||
-rw-r--r-- | lib/gnutls.h.in | 12 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 2 | ||||
-rw-r--r-- | lib/gnutls_buffers.c | 17 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 1 | ||||
-rw-r--r-- | lib/gnutls_handshake.h | 3 | ||||
-rw-r--r-- | lib/gnutls_int.h | 25 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 6 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 24 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 22 | ||||
-rw-r--r-- | lib/gnutls_v2_compat.c | 2 |
18 files changed, 109 insertions, 79 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index e195d347cb..1b510bbef1 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -85,8 +85,8 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_SERVER_AUTH_INFO)); if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; - ((ANON_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(p); - state->gnutls_key->auth_info_size = sizeof(ANON_SERVER_AUTH_INFO); + ((ANON_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(p); + state->gnutls_key->auth_info_size = sizeof(ANON_SERVER_AUTH_INFO_INT); X = gnutls_calc_dh_secret(&x, g, p); state->gnutls_key->dh_secret = x; @@ -212,8 +212,8 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { /* set auth_info */ state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_CLIENT_AUTH_INFO)); if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; - ((ANON_CLIENT_AUTH_INFO*)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(state->gnutls_key->client_p); - state->gnutls_key->auth_info_size = sizeof(ANON_CLIENT_AUTH_INFO); + ((ANON_CLIENT_AUTH_INFO)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(state->gnutls_key->client_p); + state->gnutls_key->auth_info_size = sizeof(ANON_CLIENT_AUTH_INFO_INT); /* We should check signature in non-anonymous KX * this is anonymous however diff --git a/lib/auth_anon.h b/lib/auth_anon.h index ef29ddee82..b706d2db67 100644 --- a/lib/auth_anon.h +++ b/lib/auth_anon.h @@ -7,8 +7,11 @@ typedef struct { #define ANON_SERVER_CREDENTIALS ANON_SERVER_CREDENTIALS_INT* -typedef struct { +typedef struct ANON_CLIENT_AUTH_INFO_INT { int dh_bits; -} ANON_CLIENT_AUTH_INFO; +} *ANON_CLIENT_AUTH_INFO; typedef ANON_CLIENT_AUTH_INFO ANON_SERVER_AUTH_INFO; + +typedef struct ANON_CLIENT_AUTH_INFO_INT ANON_CLIENT_AUTH_INFO_INT; +typedef ANON_CLIENT_AUTH_INFO_INT ANON_SERVER_AUTH_INFO_INT; diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index efb8668d0d..d2ad65984e 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -323,13 +323,9 @@ int proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) if (plaintext.size != TLS_MASTER_SIZE) { /* WOW */ RANDOMIZE_KEY(state->gnutls_key->key, secure_malloc); } else { - GNUTLS_Version ver; - - ver = gnutls_get_current_version(state); - - if (_gnutls_version_get_major(ver) != plaintext.data[0]) + if (_gnutls_get_adv_version_major( state) != plaintext.data[0]) ret = GNUTLS_E_DECRYPTION_FAILED; - if (_gnutls_version_get_minor(ver) != plaintext.data[1]) + if (_gnutls_get_adv_version_minor( state) != plaintext.data[1]) ret = GNUTLS_E_DECRYPTION_FAILED; if (ret != 0) { _gnutls_mpi_release(&state->gnutls_key->B); @@ -354,7 +350,7 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size) { int size, len, ret; opaque *p = data; - X509PKI_CLIENT_AUTH_INFO *info; + X509PKI_CLIENT_AUTH_INFO info; const X509PKI_CREDENTIALS cred; int dsize = data_size; int i, j; @@ -363,18 +359,19 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size) gnutls_datum tmp; CertificateStatus verify; +#warning "NO SERVER SIDE YET" cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } if (state->gnutls_key->auth_info == NULL) - state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO)); + state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO_INT)); if (state->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO); + state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO_INT); DECR_LEN(dsize, 3); size = READuint24(p); @@ -437,7 +434,7 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size) /* store the required parameters for the handshake */ if ((ret = - _gnutls_get_rsa_params(NULL, &state->gnutls_key->A, &state->gnutls_key->u, + _gnutls_get_rsa_params(NULL, &state->gnutls_key->a, &state->gnutls_key->x, peer_certificate_list[0].raw)) < 0) { gnutls_assert(); gnutls_free(peer_certificate_list); @@ -459,7 +456,7 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size) */ int gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data) { - X509PKI_CLIENT_AUTH_INFO *auth = state->gnutls_key->auth_info; + X509PKI_CLIENT_AUTH_INFO auth = state->gnutls_key->auth_info; gnutls_datum sdata; /* data to send */ MPI pkey, n; int ret; @@ -474,20 +471,20 @@ int gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data) } RANDOMIZE_KEY(state->gnutls_key->key, secure_malloc); - ver = gnutls_get_current_version(state); + ver = _gnutls_version_max(state); state->gnutls_key->key.data[0] = _gnutls_version_get_major(ver); state->gnutls_key->key.data[1] = _gnutls_version_get_minor(ver); if ((ret = - _gnutls_pkcs1_rsa_encrypt(&sdata, state->gnutls_key->key, state->gnutls_key->u, state->gnutls_key->A, 2)) < 0) { + _gnutls_pkcs1_rsa_encrypt(&sdata, state->gnutls_key->key, state->gnutls_key->x, state->gnutls_key->a, 2)) < 0) { gnutls_assert(); _gnutls_mpi_release(&pkey); _gnutls_mpi_release(&n); return ret; } - _gnutls_mpi_release(&state->gnutls_key->A); - _gnutls_mpi_release(&state->gnutls_key->u); + _gnutls_mpi_release(&state->gnutls_key->a); + _gnutls_mpi_release(&state->gnutls_key->x); if (_gnutls_version_ssl3(ver) == 0) { /* SSL 3.0 */ @@ -605,12 +602,12 @@ int proc_rsa_cert_req(GNUTLS_STATE state, opaque * data, int data_size) state->gnutls_key->certificate_requested = 1; if (state->gnutls_key->auth_info == NULL) - state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO)); + state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO_INT)); if (state->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO); + state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO_INT); DECR_LEN(dsize, 1); size = p[0]; @@ -656,6 +653,8 @@ int gen_rsa_client_cert_vrfy(GNUTLS_STATE state, opaque ** data) int apr_cert_list_length, size; gnutls_datum signature; + *data = NULL; + cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL); if (cred == NULL) { gnutls_assert(); diff --git a/lib/auth_srp.c b/lib/auth_srp.c index ca793f48aa..8497c4d9ab 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -78,7 +78,7 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_INSUFICIENT_CRED; } - pwd_entry = _gnutls_srp_pwd_read_entry( state->gnutls_key, ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username, &err); + pwd_entry = _gnutls_srp_pwd_read_entry( state->gnutls_key, ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username, &err); if (pwd_entry == NULL) { if (err==0) diff --git a/lib/auth_srp.h b/lib/auth_srp.h index 0d182daa78..1f7a597734 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -15,9 +15,11 @@ typedef struct { #define SRP_SERVER_CREDENTIALS SRP_SERVER_CREDENTIALS_INT* /* these structures should not use allocated data */ -typedef struct { +typedef struct SRP_SERVER_AUTH_INFO_INT { char username[256]; -} SRP_SERVER_AUTH_INFO; +} *SRP_SERVER_AUTH_INFO; int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size); int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data); + +typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT; diff --git a/lib/auth_x509.c b/lib/auth_x509.c index 3419c1d6cf..a90615990a 100644 --- a/lib/auth_x509.c +++ b/lib/auth_x509.c @@ -26,7 +26,7 @@ /* Copies data from a internal certificate struct (gnutls_cert) to * exported certificate struct (X509PKI_CLIENT_AUTH_INFO) */ -void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify) { +void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO info, gnutls_cert* cert, CertificateStatus verify) { /* Copy peer's information to AUTH_INFO */ memcpy( &info->peer_dn, &cert->cert_info, sizeof(gnutls_DN)); diff --git a/lib/auth_x509.h b/lib/auth_x509.h index 80d7d2efc7..cc3bdc6d14 100644 --- a/lib/auth_x509.h +++ b/lib/auth_x509.h @@ -31,7 +31,7 @@ typedef struct { /* typedef X509PKI_CREDENTIALS_INT * X509PKI_CREDENTIALS; */ #define X509PKI_CREDENTIALS X509PKI_CREDENTIALS_INT* -typedef struct { +typedef struct X509PKI_CLIENT_AUTH_INFO_INT { gnutls_DN peer_dn; gnutls_DN issuer_dn; CertificateStatus peer_certificate_status; @@ -41,9 +41,11 @@ typedef struct { char subjectAltName[X509_CN_SIZE]; unsigned char keyUsage; int certificate_requested; -} X509PKI_CLIENT_AUTH_INFO; +} *X509PKI_CLIENT_AUTH_INFO; + +typedef struct X509PKI_CLIENT_AUTH_INFO_INT X509PKI_CLIENT_AUTH_INFO_INT; -void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify); +void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO info, gnutls_cert* cert, CertificateStatus verify); #endif diff --git a/lib/ext_srp.c b/lib/ext_srp.c index be2034bc0e..887bfbbf56 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -39,15 +39,15 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(SRP_SERVER_AUTH_INFO)); if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; - if (sizeof( ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username) > data_size) { + if (sizeof( ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username) > data_size) { len = data[0]; if (len > data_size) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - memcpy( ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username, &data[1], len); - ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username[len]=0; /* null terminated */ - state->gnutls_key->auth_info_size = sizeof(SRP_SERVER_AUTH_INFO); + memcpy( ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username, &data[1], len); + ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username[len]=0; /* null terminated */ + state->gnutls_key->auth_info_size = sizeof(SRP_SERVER_AUTH_INFO_INT); } else { state->gnutls_key->auth_info_size = 0; gnutls_free(state->gnutls_key->auth_info); diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index 4b294ca5f6..55891e2f4f 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -132,7 +132,7 @@ int gnutls_clear_creds( GNUTLS_STATE state); int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred); CredType gnutls_get_auth_info_type( GNUTLS_STATE); -const void* gnutls_get_auth_info( GNUTLS_STATE); +void* gnutls_get_auth_info( GNUTLS_STATE); /* A null terminated string containing the dnsname. * This will only exist if the client supports the dnsname @@ -210,9 +210,9 @@ void gnutls_global_set_recv_func( RECV_FUNC recv_func); /* Auth_Info structures */ -typedef struct X509PKI_CLIENT_AUTH_INFO X509PKI_CLIENT_AUTH_INFO; -typedef struct SRP_CLIENT_AUTH_INFO SRP_CLIENT_AUTH_INFO; -typedef struct SRP_SERVER_AUTH_INFO SRP_SERVER_AUTH_INFO; -typedef struct ANON_CLIENT_AUTH_INFO ANON_CLIENT_AUTH_INFO; -typedef struct ANON_SERVER_AUTH_INFO ANON_SERVER_AUTH_INFO; +typedef struct X509PKI_CLIENT_AUTH_INFO_INT *X509PKI_CLIENT_AUTH_INFO; +typedef struct SRP_CLIENT_AUTH_INFO_INT *SRP_CLIENT_AUTH_INFO; +typedef struct SRP_SERVER_AUTH_INFO_INT *SRP_SERVER_AUTH_INFO; +typedef struct ANON_CLIENT_AUTH_INFO_INT *ANON_CLIENT_AUTH_INFO; +typedef struct ANON_SERVER_AUTH_INFO_INT *ANON_SERVER_AUTH_INFO; diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index e9dfd0fcd1..2ddd04e8d0 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -178,7 +178,7 @@ const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) { * In case of GNUTLS_X509PKI returns a pointer to structure &X509PKI_(SERVER/CLIENT)_AUTH_INFO; * In case of GNUTLS_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO; **/ -const void* gnutls_get_auth_info( GNUTLS_STATE state) { +void* gnutls_get_auth_info( GNUTLS_STATE state) { return state->gnutls_key->auth_info; } diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index cadf19a91c..fcc7d82582 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -27,7 +27,9 @@ extern ssize_t (*_gnutls_recv_func)( SOCKET, void*, size_t, int); extern ssize_t (*_gnutls_send_func)( SOCKET,const void*, size_t, int); - +/* Buffers received packets of type APPLICATION DATA and + * HANDSHAKE DATA. + */ int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, int length) { int old_buffer; @@ -38,7 +40,7 @@ int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, in state->gnutls_internals.buffer.size += length; #ifdef BUFFERS_DEBUG - _gnutls_log( "BUFFER: Inserted %d bytes of Data(%d)\n", length, type); + _gnutls_log( "RECORD BUFFER: Inserted %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.buffer.data = gnutls_realloc(state->gnutls_internals.buffer.data, @@ -50,7 +52,7 @@ int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, in state->gnutls_internals.buffer_handshake.size += length; #ifdef BUFFERS_DEBUG - _gnutls_log( "BUFFER: Inserted %d bytes of Data(%d)\n", length, type); + _gnutls_log( "HANDSHAKE BUFFER: Inserted %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.buffer_handshake.data = gnutls_realloc(state->gnutls_internals.buffer_handshake.data, @@ -94,7 +96,7 @@ int gnutls_getDataFromBuffer(ContentType type, GNUTLS_STATE state, char *data, i length = state->gnutls_internals.buffer.size; } #ifdef BUFFERS_DEBUG - _gnutls_log( "BUFFER: Read %d bytes of Data(%d)\n", length, type); + _gnutls_log( "RECORD BUFFER: Read %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.buffer.size -= length; memcpy(data, state->gnutls_internals.buffer.data, length); @@ -112,7 +114,7 @@ int gnutls_getDataFromBuffer(ContentType type, GNUTLS_STATE state, char *data, i length = state->gnutls_internals.buffer_handshake.size; } #ifdef BUFFERS_DEBUG - _gnutls_log( "BUFFER: Read %d bytes of Data(%d)\n", length, type); + _gnutls_log( "HANDSHAKE BUFFER: Read %d bytes of Data(%d)\n", length, type); #endif state->gnutls_internals.buffer_handshake.size -= length; memcpy(data, state->gnutls_internals.buffer_handshake.data, length); @@ -256,6 +258,9 @@ ssize_t _gnutls_Recv_int(int fd, GNUTLS_STATE state, ContentType type, Handshake } #warning "FIX THIS FUNCTION - too many reallocs()" +/* Buffer for handshake packets. Keeps the packets in order + * for finished messages to use them. + */ int gnutls_insertHashDataBuffer( GNUTLS_STATE state, char *data, int length) { int old_buffer; @@ -265,7 +270,7 @@ int gnutls_insertHashDataBuffer( GNUTLS_STATE state, char *data, int length) state->gnutls_internals.hash_buffer.size += length; #ifdef BUFFERS_DEBUG - _gnutls_log( "HASH_BUFFER: Inserted %d bytes of Data\n", length); + _gnutls_log( "HASH BUFFER: Inserted %d bytes of Data\n", length); #endif state->gnutls_internals.hash_buffer.data = gnutls_realloc(state->gnutls_internals.hash_buffer.data, diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 7989d87788..90931c38af 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -250,6 +250,7 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, #endif version = _gnutls_version_get(data[pos], data[pos + 1]); + set_adv_version( state, data[pos], data[pos+1]); /* if we do not support that version */ if (_gnutls_version_is_supported(state, version) == 0) { diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index 983d0e88c8..9acae2b3fb 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -35,3 +35,6 @@ void _gnutls_set_client_random( GNUTLS_STATE state, uint8* random); int _gnutls_create_random( opaque* dst); int _gnutls_remove_unwanted_ciphersuites( GNUTLS_STATE state, GNUTLS_CipherSuite ** cipherSuites, int numCipherSuites); +#define set_adv_version( state, major, minor) \ + state->gnutls_internals.adv_version_major = data[pos]; \ + state->gnutls_internals.adv_version_minor = data[pos+1] diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 720f4aaa97..861cc7f7b4 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -31,9 +31,8 @@ #define HARD_DEBUG #define RECORD_DEBUG #define HANDSHAKE_DEBUG -*/ #define DEBUG - +*/ #define SOCKET int #define LIST ... @@ -156,10 +155,10 @@ struct GNUTLS_KEY_INT { MPI b; MPI a; MPI x; - /* RSA: - * modulus is A - * exponent is B - * private key is u; + /* RSA: peer: + * modulus is A a + * exponent is B b + * private key is u x */ /* this is used to hold the peers authentication data @@ -332,6 +331,11 @@ typedef struct { * certificate to use. -1 * if none. */ + /* this is the highest version available + * to the peer. + */ + uint8 adv_version_major; + uint8 adv_version_minor; } GNUTLS_INTERNALS; struct GNUTLS_STATE_INT { @@ -365,4 +369,13 @@ int _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state); #define _gnutls_version_cmp( ver1, ver2) ver1==ver2?0:1 #define _gnutls_version_ssl3(x) _gnutls_version_cmp(x, GNUTLS_SSL3) +/* These macros return the advertized TLS version of + * the peer. + */ +#define _gnutls_get_adv_version_major( state) \ + state->gnutls_internals.adv_version_major + +#define _gnutls_get_adv_version_minor( state) \ + state->gnutls_internals.adv_version_minor + #endif /* GNUTLS_INT_H */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index b4f6040f24..17666da8e9 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -38,9 +38,6 @@ int _gnutls_generate_master( GNUTLS_STATE state) { static int generate_normal_master( GNUTLS_STATE state) { int premaster_size; -#ifdef HARD_DEBUG -int i; -#endif opaque* premaster, *master; int ret = 0; char random[2*TLS_RANDOM_SIZE]; @@ -244,6 +241,9 @@ int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state) gnutls_assert(); return data_size; } + if (data_size == 0) + return 0; + ret = _gnutls_send_handshake(cd, state, data, data_size, diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 33efe099d7..1ae9f5760f 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -34,7 +34,7 @@ * called in case of SRP authentication and in case of a server. * **/ -const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info) { +const char* gnutls_srp_server_get_username( SRP_SERVER_AUTH_INFO info) { if (info==NULL) return NULL; return info->username; } @@ -49,7 +49,7 @@ const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info) { * with the peer. This should only be called in case of a server. * **/ -int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info) { +int gnutls_anon_server_get_dh_bits( ANON_SERVER_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->dh_bits; } @@ -62,7 +62,7 @@ int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info) { * with the peer. This should only be called in case of a client. * **/ -int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info) { +int gnutls_anon_client_get_dh_bits( ANON_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->dh_bits; } @@ -77,7 +77,7 @@ int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info) { * is a obtained by the peer's certificate. * **/ -const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info) { +const gnutls_DN* gnutls_x509pki_client_get_peer_dn( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return NULL; return &info->peer_dn; } @@ -90,7 +90,7 @@ const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_IN * is a obtained by the peer's certificate. * **/ -const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info) { +const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return NULL; return &info->issuer_dn; } @@ -104,7 +104,7 @@ const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_ * to check if the verified certificate belongs to the actual peer. * **/ -CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info) { +CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->peer_certificate_status; } @@ -117,7 +117,7 @@ CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509P * Version field. * **/ -int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info) { +int gnutls_x509pki_client_get_peer_certificate_version( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->peer_certificate_version; } @@ -130,7 +130,7 @@ int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUT * 00:00:00 UTC January 1, 1970). * **/ -time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info) { +time_t gnutls_x509pki_client_get_peer_certificate_activation_time( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->peer_certificate_activation_time; } @@ -143,7 +143,7 @@ time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI * 00:00:00 UTC January 1, 1970). * **/ -time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info) { +time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->peer_certificate_expiration_time; } @@ -157,7 +157,7 @@ time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI * Extensions and is an 8bit string. * **/ -unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info) { +unsigned char gnutls_x509pki_client_get_key_usage( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->keyUsage; } @@ -170,7 +170,7 @@ unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INF * authentication or 1 otherwise. * **/ -unsigned char gnutls_x509pki_client_get_certificate_request_status( const X509PKI_CLIENT_AUTH_INFO* info) { +unsigned char gnutls_x509pki_client_get_certificate_request_status( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->certificate_requested; } @@ -184,7 +184,7 @@ unsigned char gnutls_x509pki_client_get_certificate_request_status( const X509PK * Extensions. GNUTLS will only return the dnsName of the Alternative name, or a null string. * **/ -const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info) { +const char* gnutls_x509pki_client_get_subject_alt_name( X509PKI_CLIENT_AUTH_INFO info) { if (info==NULL) return NULL; return info->subjectAltName; } diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index dd2935c55a..ac8968f51f 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -41,24 +41,24 @@ typedef struct { /* SRP */ -const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info); +const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO info); /* ANON */ -int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info); -int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info); +int gnutls_anon_server_get_dh_bits( ANON_SERVER_AUTH_INFO info); +int gnutls_anon_client_get_dh_bits( ANON_CLIENT_AUTH_INFO info); /* X509PKI */ -const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info); -const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info); -CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info); -int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info); -time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info); -time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info); -unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info); -const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info); +const gnutls_DN* gnutls_x509pki_client_get_peer_dn( X509PKI_CLIENT_AUTH_INFO info); +const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( X509PKI_CLIENT_AUTH_INFO info); +CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( X509PKI_CLIENT_AUTH_INFO info); +int gnutls_x509pki_client_get_peer_certificate_version( X509PKI_CLIENT_AUTH_INFO info); +time_t gnutls_x509pki_client_get_peer_certificate_activation_time( X509PKI_CLIENT_AUTH_INFO info); +time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( X509PKI_CLIENT_AUTH_INFO info); +unsigned char gnutls_x509pki_client_get_key_usage( X509PKI_CLIENT_AUTH_INFO info); +const char* gnutls_x509pki_client_get_subject_alt_name( X509PKI_CLIENT_AUTH_INFO info); # endif /* LIBGNUTLS_VERSION */ #endif diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 9099659387..e585e799c6 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -122,6 +122,8 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, data[pos + 1]); #endif + set_adv_version( state, data[pos], data[pos+1]); + version = _gnutls_version_get(data[pos], data[pos + 1]); /* if we do not support that version */ |