several fixes. Added client authentication with x509PKI

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-08-06 20:00:47 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2001-08-06 20:00:47 +0000
commit: 88202507ec10b6ea0a5a1a5a16cb6803342a601f (patch)
tree: bd3192163c36bca435a1502d8166ffc59fc871e2 /lib
parent: 645b83512a867ea3bb5b2cce432c679b0e2021d0 (diff)
download: gnutls-88202507ec10b6ea0a5a1a5a16cb6803342a601f.tar.gz
18 files changed, 109 insertions, 79 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index e195d347cb..1b510bbef1 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -85,8 +85,8 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) {
 
 	state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_SERVER_AUTH_INFO));
 	if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
-	((ANON_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(p);
-	state->gnutls_key->auth_info_size = sizeof(ANON_SERVER_AUTH_INFO);
+	((ANON_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(p);
+	state->gnutls_key->auth_info_size = sizeof(ANON_SERVER_AUTH_INFO_INT);
 
 	X = gnutls_calc_dh_secret(&x, g, p);
 	state->gnutls_key->dh_secret = x;
@@ -212,8 +212,8 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
 	/* set auth_info */
 	state->gnutls_key->auth_info = gnutls_malloc(sizeof(ANON_CLIENT_AUTH_INFO));
 	if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
-	((ANON_CLIENT_AUTH_INFO*)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(state->gnutls_key->client_p);
-	state->gnutls_key->auth_info_size = sizeof(ANON_CLIENT_AUTH_INFO);
+	((ANON_CLIENT_AUTH_INFO)state->gnutls_key->auth_info)->dh_bits = gcry_mpi_get_nbits(state->gnutls_key->client_p);
+	state->gnutls_key->auth_info_size = sizeof(ANON_CLIENT_AUTH_INFO_INT);
 
 	/* We should check signature in non-anonymous KX 
 	 * this is anonymous however
diff --git a/lib/auth_anon.h b/lib/auth_anon.h
index ef29ddee82..b706d2db67 100644
--- a/lib/auth_anon.h
+++ b/lib/auth_anon.h
@@ -7,8 +7,11 @@ typedef struct {
 
 #define ANON_SERVER_CREDENTIALS ANON_SERVER_CREDENTIALS_INT*
 
-typedef struct {
+typedef struct ANON_CLIENT_AUTH_INFO_INT {
 	int dh_bits;
-} ANON_CLIENT_AUTH_INFO;
+} *ANON_CLIENT_AUTH_INFO;
 
 typedef ANON_CLIENT_AUTH_INFO ANON_SERVER_AUTH_INFO;
+
+typedef struct ANON_CLIENT_AUTH_INFO_INT ANON_CLIENT_AUTH_INFO_INT;
+typedef ANON_CLIENT_AUTH_INFO_INT ANON_SERVER_AUTH_INFO_INT;
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index efb8668d0d..d2ad65984e 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -323,13 +323,9 @@ int proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size)
 		if (plaintext.size != TLS_MASTER_SIZE) {	/* WOW */
 			RANDOMIZE_KEY(state->gnutls_key->key, secure_malloc);
 		} else {
-			GNUTLS_Version ver;
-
-			ver = gnutls_get_current_version(state);
-
-			if (_gnutls_version_get_major(ver) != plaintext.data[0])
+			if (_gnutls_get_adv_version_major( state) != plaintext.data[0])
 				ret = GNUTLS_E_DECRYPTION_FAILED;
-			if (_gnutls_version_get_minor(ver) != plaintext.data[1])
+			if (_gnutls_get_adv_version_minor( state) != plaintext.data[1])
 				ret = GNUTLS_E_DECRYPTION_FAILED;
 			if (ret != 0) {
 				_gnutls_mpi_release(&state->gnutls_key->B);
@@ -354,7 +350,7 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size)
 {
 	int size, len, ret;
 	opaque *p = data;
-	X509PKI_CLIENT_AUTH_INFO *info;
+	X509PKI_CLIENT_AUTH_INFO info;
 	const X509PKI_CREDENTIALS cred;
 	int dsize = data_size;
 	int i, j;
@@ -363,18 +359,19 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size)
 	gnutls_datum tmp;
 	CertificateStatus verify;
 
+#warning "NO SERVER SIDE YET"
 	cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL);
 	if (cred == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_INSUFICIENT_CRED;
 	}
 	if (state->gnutls_key->auth_info == NULL)
-		state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO));
+		state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO_INT));
 	if (state->gnutls_key->auth_info == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
 	}
-	state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO);
+	state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO_INT);
 
 	DECR_LEN(dsize, 3);
 	size = READuint24(p);
@@ -437,7 +434,7 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size)
 	/* store the required parameters for the handshake
 	 */
 	if ((ret =
-	     _gnutls_get_rsa_params(NULL, &state->gnutls_key->A, &state->gnutls_key->u,
+	     _gnutls_get_rsa_params(NULL, &state->gnutls_key->a, &state->gnutls_key->x,
 				    peer_certificate_list[0].raw)) < 0) {
 		gnutls_assert();
 		gnutls_free(peer_certificate_list);
@@ -459,7 +456,7 @@ int proc_rsa_certificate(GNUTLS_STATE state, opaque * data, int data_size)
  */
 int gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data)
 {
-	X509PKI_CLIENT_AUTH_INFO *auth = state->gnutls_key->auth_info;
+	X509PKI_CLIENT_AUTH_INFO auth = state->gnutls_key->auth_info;
 	gnutls_datum sdata;	/* data to send */
 	MPI pkey, n;
 	int ret;
@@ -474,20 +471,20 @@ int gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data)
 	}
 	RANDOMIZE_KEY(state->gnutls_key->key, secure_malloc);
 
-	ver = gnutls_get_current_version(state);
+	ver = _gnutls_version_max(state);
 
 	state->gnutls_key->key.data[0] = _gnutls_version_get_major(ver);
 	state->gnutls_key->key.data[1] = _gnutls_version_get_minor(ver);
 
 	if ((ret =
-	     _gnutls_pkcs1_rsa_encrypt(&sdata, state->gnutls_key->key, state->gnutls_key->u, state->gnutls_key->A, 2)) < 0) {
+	     _gnutls_pkcs1_rsa_encrypt(&sdata, state->gnutls_key->key, state->gnutls_key->x, state->gnutls_key->a, 2)) < 0) {
 		gnutls_assert();
 		_gnutls_mpi_release(&pkey);
 		_gnutls_mpi_release(&n);
 		return ret;
 	}
-	_gnutls_mpi_release(&state->gnutls_key->A);
-	_gnutls_mpi_release(&state->gnutls_key->u);
+	_gnutls_mpi_release(&state->gnutls_key->a);
+	_gnutls_mpi_release(&state->gnutls_key->x);
 
 	if (_gnutls_version_ssl3(ver) == 0) {
 		/* SSL 3.0 */
@@ -605,12 +602,12 @@ int proc_rsa_cert_req(GNUTLS_STATE state, opaque * data, int data_size)
 	state->gnutls_key->certificate_requested = 1;
 
 	if (state->gnutls_key->auth_info == NULL)
-		state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO));
+		state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(X509PKI_CLIENT_AUTH_INFO_INT));
 	if (state->gnutls_key->auth_info == NULL) {
 		gnutls_assert();
 		return GNUTLS_E_MEMORY_ERROR;
 	}
-	state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO);
+	state->gnutls_key->auth_info_size = sizeof(X509PKI_CLIENT_AUTH_INFO_INT);
 
 	DECR_LEN(dsize, 1);
 	size = p[0];
@@ -656,6 +653,8 @@ int gen_rsa_client_cert_vrfy(GNUTLS_STATE state, opaque ** data)
 	int apr_cert_list_length, size;
 	gnutls_datum signature;
 
+	*data = NULL;
+	
 	cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_X509PKI, NULL);
 	if (cred == NULL) {
 		gnutls_assert();
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index ca793f48aa..8497c4d9ab 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -78,7 +78,7 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data)
 		return GNUTLS_E_INSUFICIENT_CRED;
 	}
 
-	pwd_entry = _gnutls_srp_pwd_read_entry( state->gnutls_key, ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username, &err);
+	pwd_entry = _gnutls_srp_pwd_read_entry( state->gnutls_key, ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username, &err);
 
 	if (pwd_entry == NULL) {
 		if (err==0)
diff --git a/lib/auth_srp.h b/lib/auth_srp.h
index 0d182daa78..1f7a597734 100644
--- a/lib/auth_srp.h
+++ b/lib/auth_srp.h
@@ -15,9 +15,11 @@ typedef struct {
 #define SRP_SERVER_CREDENTIALS SRP_SERVER_CREDENTIALS_INT*
 
 /* these structures should not use allocated data */
-typedef struct {
+typedef struct SRP_SERVER_AUTH_INFO_INT {
 	char username[256];
-} SRP_SERVER_AUTH_INFO;
+} *SRP_SERVER_AUTH_INFO;
 
 int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size);
 int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data);
+
+typedef struct  SRP_SERVER_AUTH_INFO_INT  SRP_SERVER_AUTH_INFO_INT;
diff --git a/lib/auth_x509.c b/lib/auth_x509.c
index 3419c1d6cf..a90615990a 100644
--- a/lib/auth_x509.c
+++ b/lib/auth_x509.c
@@ -26,7 +26,7 @@
 /* Copies data from a internal certificate struct (gnutls_cert) to 
  * exported certificate struct (X509PKI_CLIENT_AUTH_INFO)
  */
-void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify) {
+void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO info, gnutls_cert* cert, CertificateStatus verify) {
  /* Copy peer's information to AUTH_INFO
   */
   	memcpy( &info->peer_dn, &cert->cert_info, sizeof(gnutls_DN));
diff --git a/lib/auth_x509.h b/lib/auth_x509.h
index 80d7d2efc7..cc3bdc6d14 100644
--- a/lib/auth_x509.h
+++ b/lib/auth_x509.h
@@ -31,7 +31,7 @@ typedef struct {
 /* typedef X509PKI_CREDENTIALS_INT * X509PKI_CREDENTIALS; */
 #define X509PKI_CREDENTIALS X509PKI_CREDENTIALS_INT*
 
-typedef struct {
+typedef struct X509PKI_CLIENT_AUTH_INFO_INT {
 	gnutls_DN	  peer_dn;
 	gnutls_DN	  issuer_dn;
 	CertificateStatus peer_certificate_status;
@@ -41,9 +41,11 @@ typedef struct {
 	char		  subjectAltName[X509_CN_SIZE];
 	unsigned char	  keyUsage;
 	int		  certificate_requested;
-} X509PKI_CLIENT_AUTH_INFO;
+} *X509PKI_CLIENT_AUTH_INFO;
+
+typedef struct X509PKI_CLIENT_AUTH_INFO_INT X509PKI_CLIENT_AUTH_INFO_INT;
 
-void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO* info, gnutls_cert* cert, CertificateStatus verify);
+void _gnutls_copy_x509_client_auth_info( X509PKI_CLIENT_AUTH_INFO info, gnutls_cert* cert, CertificateStatus verify);
 
 #endif
 
diff --git a/lib/ext_srp.c b/lib/ext_srp.c
index be2034bc0e..887bfbbf56 100644
--- a/lib/ext_srp.c
+++ b/lib/ext_srp.c
@@ -39,15 +39,15 @@ int _gnutls_srp_recv_params( GNUTLS_STATE state, const opaque* data, int data_si
 			state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(SRP_SERVER_AUTH_INFO));
 			if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
 			
-			if (sizeof( ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username) > data_size) {
+			if (sizeof( ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username) > data_size) {
 				len = data[0];
 				if (len > data_size) {
 					gnutls_assert();
 					return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
 				}
-				memcpy( ((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username, &data[1], len);
-				((SRP_SERVER_AUTH_INFO*)state->gnutls_key->auth_info)->username[len]=0; /* null terminated */
-				state->gnutls_key->auth_info_size = sizeof(SRP_SERVER_AUTH_INFO);
+				memcpy( ((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username, &data[1], len);
+				((SRP_SERVER_AUTH_INFO)state->gnutls_key->auth_info)->username[len]=0; /* null terminated */
+				state->gnutls_key->auth_info_size = sizeof(SRP_SERVER_AUTH_INFO_INT);
 			} else {
 				state->gnutls_key->auth_info_size = 0;
 				gnutls_free(state->gnutls_key->auth_info);
diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index 4b294ca5f6..55891e2f4f 100644
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -132,7 +132,7 @@ int gnutls_clear_creds( GNUTLS_STATE state);
 int gnutls_set_cred( GNUTLS_STATE, CredType type, void* cred);
 
 CredType gnutls_get_auth_info_type( GNUTLS_STATE);
-const void* gnutls_get_auth_info( GNUTLS_STATE);
+void* gnutls_get_auth_info( GNUTLS_STATE);
 
 /* A null terminated string containing the dnsname.
  * This will only exist if the client supports the dnsname
@@ -210,9 +210,9 @@ void gnutls_global_set_recv_func( RECV_FUNC recv_func);
 
 /* Auth_Info structures */
 
-typedef struct X509PKI_CLIENT_AUTH_INFO X509PKI_CLIENT_AUTH_INFO;
-typedef struct SRP_CLIENT_AUTH_INFO SRP_CLIENT_AUTH_INFO;
-typedef struct SRP_SERVER_AUTH_INFO SRP_SERVER_AUTH_INFO;
-typedef struct ANON_CLIENT_AUTH_INFO ANON_CLIENT_AUTH_INFO;
-typedef struct ANON_SERVER_AUTH_INFO ANON_SERVER_AUTH_INFO;
+typedef struct X509PKI_CLIENT_AUTH_INFO_INT *X509PKI_CLIENT_AUTH_INFO;
+typedef struct SRP_CLIENT_AUTH_INFO_INT *SRP_CLIENT_AUTH_INFO;
+typedef struct SRP_SERVER_AUTH_INFO_INT *SRP_SERVER_AUTH_INFO;
+typedef struct ANON_CLIENT_AUTH_INFO_INT *ANON_CLIENT_AUTH_INFO;
+typedef struct ANON_SERVER_AUTH_INFO_INT *ANON_SERVER_AUTH_INFO;
 
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index e9dfd0fcd1..2ddd04e8d0 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -178,7 +178,7 @@ const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) {
   * In case of GNUTLS_X509PKI returns a pointer to structure &X509PKI_(SERVER/CLIENT)_AUTH_INFO;
   * In case of GNUTLS_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO;
   **/
-const void* gnutls_get_auth_info( GNUTLS_STATE state) {
+void* gnutls_get_auth_info( GNUTLS_STATE state) {
 	return state->gnutls_key->auth_info;
 }
 
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index cadf19a91c..fcc7d82582 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -27,7 +27,9 @@
 extern ssize_t (*_gnutls_recv_func)( SOCKET, void*, size_t, int);
 extern ssize_t (*_gnutls_send_func)( SOCKET,const void*, size_t, int);
 
-
+/* Buffers received packets of type APPLICATION DATA and
+ * HANDSHAKE DATA.
+ */
 int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, int length)
 {
 	int old_buffer;
@@ -38,7 +40,7 @@ int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, in
 
 		state->gnutls_internals.buffer.size += length;
 #ifdef BUFFERS_DEBUG
-	_gnutls_log( "BUFFER: Inserted %d bytes of Data(%d)\n", length, type);
+	_gnutls_log( "RECORD BUFFER: Inserted %d bytes of Data(%d)\n", length, type);
 #endif
 		state->gnutls_internals.buffer.data =
 		    gnutls_realloc(state->gnutls_internals.buffer.data,
@@ -50,7 +52,7 @@ int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, in
 
 		state->gnutls_internals.buffer_handshake.size += length;
 #ifdef BUFFERS_DEBUG
-	_gnutls_log( "BUFFER: Inserted %d bytes of Data(%d)\n", length, type);
+	_gnutls_log( "HANDSHAKE BUFFER: Inserted %d bytes of Data(%d)\n", length, type);
 #endif
 		state->gnutls_internals.buffer_handshake.data =
 		    gnutls_realloc(state->gnutls_internals.buffer_handshake.data,
@@ -94,7 +96,7 @@ int gnutls_getDataFromBuffer(ContentType type, GNUTLS_STATE state, char *data, i
 			length = state->gnutls_internals.buffer.size;
 		}
 #ifdef BUFFERS_DEBUG
-	_gnutls_log( "BUFFER: Read %d bytes of Data(%d)\n", length, type);
+	_gnutls_log( "RECORD BUFFER: Read %d bytes of Data(%d)\n", length, type);
 #endif
 		state->gnutls_internals.buffer.size -= length;
 		memcpy(data, state->gnutls_internals.buffer.data, length);
@@ -112,7 +114,7 @@ int gnutls_getDataFromBuffer(ContentType type, GNUTLS_STATE state, char *data, i
 			length = state->gnutls_internals.buffer_handshake.size;
 		}
 #ifdef BUFFERS_DEBUG
-	_gnutls_log( "BUFFER: Read %d bytes of Data(%d)\n", length, type);
+	_gnutls_log( "HANDSHAKE BUFFER: Read %d bytes of Data(%d)\n", length, type);
 #endif
 		state->gnutls_internals.buffer_handshake.size -= length;
 		memcpy(data, state->gnutls_internals.buffer_handshake.data, length);
@@ -256,6 +258,9 @@ ssize_t _gnutls_Recv_int(int fd, GNUTLS_STATE state, ContentType type, Handshake
 }
 
 #warning "FIX THIS FUNCTION - too many reallocs()"
+/* Buffer for handshake packets. Keeps the packets in order
+ * for finished messages to use them.
+ */
 int gnutls_insertHashDataBuffer( GNUTLS_STATE state, char *data, int length)
 {
 	int old_buffer;
@@ -265,7 +270,7 @@ int gnutls_insertHashDataBuffer( GNUTLS_STATE state, char *data, int length)
 
 	state->gnutls_internals.hash_buffer.size += length;
 #ifdef BUFFERS_DEBUG
-	_gnutls_log( "HASH_BUFFER: Inserted %d bytes of Data\n", length);
+	_gnutls_log( "HASH BUFFER: Inserted %d bytes of Data\n", length);
 #endif
 	state->gnutls_internals.hash_buffer.data =
 		    gnutls_realloc(state->gnutls_internals.hash_buffer.data,
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7989d87788..90931c38af 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -250,6 +250,7 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data,
 #endif
 
 	version = _gnutls_version_get(data[pos], data[pos + 1]);
+	set_adv_version( state, data[pos], data[pos+1]);
 
 	/* if we do not support that version  */
 	if (_gnutls_version_is_supported(state, version) == 0) {
diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h
index 983d0e88c8..9acae2b3fb 100644
--- a/lib/gnutls_handshake.h
+++ b/lib/gnutls_handshake.h
@@ -35,3 +35,6 @@ void _gnutls_set_client_random( GNUTLS_STATE state, uint8* random);
 int _gnutls_create_random( opaque* dst);
 int _gnutls_remove_unwanted_ciphersuites( GNUTLS_STATE state, GNUTLS_CipherSuite ** cipherSuites, int numCipherSuites);
 
+#define set_adv_version( state, major, minor) \
+	state->gnutls_internals.adv_version_major = data[pos]; \
+	state->gnutls_internals.adv_version_minor = data[pos+1]
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 720f4aaa97..861cc7f7b4 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -31,9 +31,8 @@
 #define HARD_DEBUG
 #define RECORD_DEBUG
 #define HANDSHAKE_DEBUG
-*/
 #define DEBUG
-
+*/
 
 #define SOCKET int
 #define LIST ...
@@ -156,10 +155,10 @@ struct GNUTLS_KEY_INT {
 	MPI				b;
 	MPI				a;
 	MPI				x;
-	/* RSA: 
-	 * modulus is A
-	 * exponent is B
-	 * private key is u;
+	/* RSA:                   peer:
+	 * modulus is A            a
+	 * exponent is B           b
+	 * private key is u        x
 	 */
 	
 	/* this is used to hold the peers authentication data 
@@ -332,6 +331,11 @@ typedef struct {
 						* certificate to use. -1
 						* if none.
 						*/
+	/* this is the highest version available
+	 * to the peer.
+	 */
+	uint8				adv_version_major;
+	uint8				adv_version_minor;
 } GNUTLS_INTERNALS;
 
 struct GNUTLS_STATE_INT {
@@ -365,4 +369,13 @@ int _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state);
 #define _gnutls_version_cmp( ver1, ver2) ver1==ver2?0:1
 #define _gnutls_version_ssl3(x) _gnutls_version_cmp(x, GNUTLS_SSL3)
 
+/* These macros return the advertized TLS version of
+ * the peer.
+ */
+#define _gnutls_get_adv_version_major( state) \
+	state->gnutls_internals.adv_version_major
+
+#define _gnutls_get_adv_version_minor( state) \
+	state->gnutls_internals.adv_version_minor
+
 #endif /* GNUTLS_INT_H */
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index b4f6040f24..17666da8e9 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -38,9 +38,6 @@ int _gnutls_generate_master( GNUTLS_STATE state) {
 
 static int generate_normal_master( GNUTLS_STATE state) {
 int premaster_size;
-#ifdef HARD_DEBUG
-int i;
-#endif
 opaque* premaster, *master;
 int ret = 0;
 char random[2*TLS_RANDOM_SIZE];
@@ -244,6 +241,9 @@ int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state)
 		gnutls_assert();
 		return data_size;
 	}
+	if (data_size == 0)
+		return 0;
+
 	ret =
 	    _gnutls_send_handshake(cd, state, data,
 				   data_size,
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 33efe099d7..1ae9f5760f 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -34,7 +34,7 @@
   * called in case of SRP authentication and in case of a server.
   *
   **/
-const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info) {
+const char* gnutls_srp_server_get_username(  SRP_SERVER_AUTH_INFO info) {
 	if (info==NULL) return NULL;
 	return info->username;
 }
@@ -49,7 +49,7 @@ const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info) {
   * with the peer. This should only be called in case of a server.
   *
   **/
-int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info) {
+int gnutls_anon_server_get_dh_bits(  ANON_SERVER_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->dh_bits;
 }
@@ -62,7 +62,7 @@ int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info) {
   * with the peer. This should only be called in case of a client.
   *
   **/
-int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info) {
+int gnutls_anon_client_get_dh_bits(  ANON_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->dh_bits;
 }
@@ -77,7 +77,7 @@ int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info) {
   * is a obtained by the peer's certificate.
   *
   **/
-const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info) {
+const gnutls_DN* gnutls_x509pki_client_get_peer_dn(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return NULL;
 	return &info->peer_dn;
 }
@@ -90,7 +90,7 @@ const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_IN
   * is a obtained by the peer's certificate.
   *
   **/
-const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info) {
+const gnutls_DN* gnutls_x509pki_client_get_issuer_dn(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return NULL;
 	return &info->issuer_dn;
 }
@@ -104,7 +104,7 @@ const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_
   * to check if the verified certificate belongs to the actual peer.
   *
   **/
-CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info) {
+CertificateStatus gnutls_x509pki_client_get_peer_certificate_status(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->peer_certificate_status;
 }
@@ -117,7 +117,7 @@ CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509P
   * Version field.
   *
   **/
-int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info) {
+int gnutls_x509pki_client_get_peer_certificate_version(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->peer_certificate_version;
 }
@@ -130,7 +130,7 @@ int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUT
   * 00:00:00 UTC January 1, 1970).
   *
   **/
-time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info) {
+time_t gnutls_x509pki_client_get_peer_certificate_activation_time(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->peer_certificate_activation_time;
 }
@@ -143,7 +143,7 @@ time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI
   * 00:00:00 UTC January 1, 1970).
   *
   **/
-time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info) {
+time_t gnutls_x509pki_client_get_peer_certificate_expiration_time(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->peer_certificate_expiration_time;
 }
@@ -157,7 +157,7 @@ time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI
   * Extensions and is an 8bit string.
   *
   **/
-unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info) {
+unsigned char gnutls_x509pki_client_get_key_usage(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->keyUsage;
 }
@@ -170,7 +170,7 @@ unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INF
   * authentication or 1 otherwise.
   *
   **/
-unsigned char gnutls_x509pki_client_get_certificate_request_status( const X509PKI_CLIENT_AUTH_INFO* info) {
+unsigned char gnutls_x509pki_client_get_certificate_request_status(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return GNUTLS_E_UNKNOWN_ERROR;
 	return info->certificate_requested;
 }
@@ -184,7 +184,7 @@ unsigned char gnutls_x509pki_client_get_certificate_request_status( const X509PK
   * Extensions. GNUTLS will only return the dnsName of the Alternative name, or a null string.
   *
   **/
-const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info) {
+const char* gnutls_x509pki_client_get_subject_alt_name(  X509PKI_CLIENT_AUTH_INFO info) {
 	if (info==NULL) return NULL;
 	return info->subjectAltName;
 }
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index dd2935c55a..ac8968f51f 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -41,24 +41,24 @@ typedef struct {
 
 /* SRP */
 
-const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO* info);
+const char* gnutls_srp_server_get_username( const SRP_SERVER_AUTH_INFO info);
 
 /* ANON */
 
-int gnutls_anon_server_get_dh_bits( const ANON_SERVER_AUTH_INFO* info);
-int gnutls_anon_client_get_dh_bits( const ANON_CLIENT_AUTH_INFO* info);
+int gnutls_anon_server_get_dh_bits(  ANON_SERVER_AUTH_INFO info);
+int gnutls_anon_client_get_dh_bits(  ANON_CLIENT_AUTH_INFO info);
 
 /* X509PKI */
 
 
-const gnutls_DN* gnutls_x509pki_client_get_peer_dn( const X509PKI_CLIENT_AUTH_INFO* info);
-const gnutls_DN* gnutls_x509pki_client_get_issuer_dn( const X509PKI_CLIENT_AUTH_INFO* info);
-CertificateStatus gnutls_x509pki_client_get_peer_certificate_status( const X509PKI_CLIENT_AUTH_INFO* info);
-int gnutls_x509pki_client_get_peer_certificate_version( const X509PKI_CLIENT_AUTH_INFO* info);
-time_t gnutls_x509pki_client_get_peer_certificate_activation_time( const X509PKI_CLIENT_AUTH_INFO* info);
-time_t gnutls_x509pki_client_get_peer_certificate_expiration_time( const X509PKI_CLIENT_AUTH_INFO* info);
-unsigned char gnutls_x509pki_client_get_key_usage( const X509PKI_CLIENT_AUTH_INFO* info);
-const char* gnutls_x509pki_client_get_subject_alt_name( const X509PKI_CLIENT_AUTH_INFO* info);
+const gnutls_DN* gnutls_x509pki_client_get_peer_dn(  X509PKI_CLIENT_AUTH_INFO info);
+const gnutls_DN* gnutls_x509pki_client_get_issuer_dn(  X509PKI_CLIENT_AUTH_INFO info);
+CertificateStatus gnutls_x509pki_client_get_peer_certificate_status(  X509PKI_CLIENT_AUTH_INFO info);
+int gnutls_x509pki_client_get_peer_certificate_version(  X509PKI_CLIENT_AUTH_INFO info);
+time_t gnutls_x509pki_client_get_peer_certificate_activation_time(  X509PKI_CLIENT_AUTH_INFO info);
+time_t gnutls_x509pki_client_get_peer_certificate_expiration_time(  X509PKI_CLIENT_AUTH_INFO info);
+unsigned char gnutls_x509pki_client_get_key_usage(  X509PKI_CLIENT_AUTH_INFO info);
+const char* gnutls_x509pki_client_get_subject_alt_name(  X509PKI_CLIENT_AUTH_INFO info);
 # endif /* LIBGNUTLS_VERSION */
 
 #endif
diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c
index 9099659387..e585e799c6 100644
--- a/lib/gnutls_v2_compat.c
+++ b/lib/gnutls_v2_compat.c
@@ -122,6 +122,8 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data,
 		data[pos + 1]);
 #endif
 
+	set_adv_version( state, data[pos], data[pos+1]);
+	
 	version = _gnutls_version_get(data[pos], data[pos + 1]);
 
 	/* if we do not support that version  */
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-08-06 20:00:47 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2001-08-06 20:00:47 +0000
commit	88202507ec10b6ea0a5a1a5a16cb6803342a601f (patch)
tree	bd3192163c36bca435a1502d8166ffc59fc871e2 /lib
parent	645b83512a867ea3bb5b2cce432c679b0e2021d0 (diff)
download	gnutls-88202507ec10b6ea0a5a1a5a16cb6803342a601f.tar.gz