diff options
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | doc/tex/ex1.tex | 11 | ||||
-rw-r--r-- | doc/tex/ex2.tex | 9 | ||||
-rw-r--r-- | doc/tex/srp1.tex | 9 | ||||
-rw-r--r-- | lib/gnutls.h.in | 17 | ||||
-rw-r--r-- | lib/gnutls_buffers.c | 33 | ||||
-rw-r--r-- | lib/gnutls_buffers.h | 14 | ||||
-rw-r--r-- | lib/gnutls_db.c | 6 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 134 | ||||
-rw-r--r-- | lib/gnutls_handshake.h | 20 | ||||
-rw-r--r-- | lib/gnutls_int.h | 9 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 74 | ||||
-rw-r--r-- | lib/gnutls_kx.h | 32 | ||||
-rw-r--r-- | lib/gnutls_record.c | 82 | ||||
-rw-r--r-- | lib/gnutls_record.h | 6 | ||||
-rw-r--r-- | src/cli.c | 19 | ||||
-rw-r--r-- | src/serv.c | 23 |
17 files changed, 267 insertions, 236 deletions
@@ -1,3 +1,8 @@ +Version ?.?.? +- gnutls_handshake(), gnutls_read() etc. functions no longer require + the 'SOCKET cd' argument. This argument is set using the function + gnutls_set_transport_ptr(). + Version 0.2.11 (16/11/2001) - Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value is returned, then the caller should perform a handshake or send diff --git a/doc/tex/ex1.tex b/doc/tex/ex1.tex index c0a15f6030..891f01f3ce 100644 --- a/doc/tex/ex1.tex +++ b/doc/tex/ex1.tex @@ -73,9 +73,12 @@ int main() gnutls_set_current_session(state, session, session_size); free(session); } + + gnutls_set_transport_ptr( state, sd); + /* Perform the TLS handshake */ - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); if (ret < 0) { fprintf(stderr, "*** Handshake failed\n"); @@ -121,9 +124,9 @@ int main() */ print_info(state); - gnutls_write(sd, state, MSG, strlen(MSG)); + gnutls_write( state, MSG, strlen(MSG)); - ret = gnutls_read(sd, state, buffer, MAX_BUF); + ret = gnutls_read( state, buffer, MAX_BUF); if (gnutls_is_fatal_error(ret) == 1 || ret == 0) { if (ret == 0) { printf("- Peer has closed the GNUTLS connection\n"); @@ -147,7 +150,7 @@ int main() } fputs("\n", stdout); } - gnutls_bye(sd, state, GNUTLS_SHUT_RDWR); + gnutls_bye( state, GNUTLS_SHUT_RDWR); end: diff --git a/doc/tex/ex2.tex b/doc/tex/ex2.tex index 7871a285c9..b8c9637033 100644 --- a/doc/tex/ex2.tex +++ b/doc/tex/ex2.tex @@ -83,9 +83,10 @@ int main() gnutls_set_cred(state, GNUTLS_X509PKI, xcred); + gnutls_set_transport_ptr( state, sd); /* Perform the TLS handshake */ - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); if (ret < 0) { fprintf(stderr, "*** Handshake failed\n"); @@ -95,9 +96,9 @@ int main() printf("- Handshake was completed\n"); } - gnutls_write(sd, state, MSG, strlen(MSG)); + gnutls_write( state, MSG, strlen(MSG)); - ret = gnutls_read(sd, state, buffer, MAX_BUF); + ret = gnutls_read( state, buffer, MAX_BUF); if (gnutls_is_fatal_error(ret) == 1 || ret == 0) { if (ret == 0) { printf("- Peer has closed the GNUTLS connection\n"); @@ -121,7 +122,7 @@ int main() } fputs("\n", stdout); } - gnutls_bye(sd, state, GNUTLS_SHUT_RDWR); + gnutls_bye( state, GNUTLS_SHUT_RDWR); end: diff --git a/doc/tex/srp1.tex b/doc/tex/srp1.tex index 901971df48..365581652a 100644 --- a/doc/tex/srp1.tex +++ b/doc/tex/srp1.tex @@ -79,10 +79,11 @@ int main() */ gnutls_set_cred(state, GNUTLS_SRP, xcred); + gnutls_set_transport_ptr( state, sd); /* Perform the TLS handshake */ - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); if (ret < 0) { fprintf(stderr, "*** Handshake failed\n"); @@ -92,9 +93,9 @@ int main() printf("- Handshake was completed\n"); } - gnutls_write(sd, state, MSG, strlen(MSG)); + gnutls_write( state, MSG, strlen(MSG)); - ret = gnutls_read(sd, state, buffer, MAX_BUF); + ret = gnutls_read( state, buffer, MAX_BUF); if (gnutls_is_fatal_error(ret) == 1 || ret == 0) { if (ret == 0) { printf("- Peer has closed the GNUTLS connection\n"); @@ -118,7 +119,7 @@ int main() } fputs("\n", stdout); } - gnutls_bye(sd, state, 0); + gnutls_bye( state, 0); end: diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in index 87b6cf684b..f3871f7acf 100644 --- a/lib/gnutls.h.in +++ b/lib/gnutls.h.in @@ -85,16 +85,16 @@ typedef struct gnutls_private_key gnutls_private_key; int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end); int gnutls_deinit(GNUTLS_STATE state); -int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how); +int gnutls_bye( GNUTLS_STATE state, CloseRequest how); -int gnutls_handshake(SOCKET cd, GNUTLS_STATE state); +int gnutls_handshake( GNUTLS_STATE state); int gnutls_check_pending(GNUTLS_STATE state); -int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state); +int gnutls_rehandshake( GNUTLS_STATE state); AlertDescription gnutls_get_last_alert( GNUTLS_STATE state); int gnutls_send_alert(SOCKET, GNUTLS_STATE, AlertLevel, AlertDescription); -int gnutls_send_appropriate_alert( SOCKET cd, GNUTLS_STATE state, int err); +int gnutls_send_appropriate_alert( GNUTLS_STATE state, int err); /* get information on the current state */ BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state); @@ -114,10 +114,10 @@ int gnutls_is_fatal_error( int error); void gnutls_perror( int error); const char* gnutls_strerror( int error); -#define gnutls_send(a,b,c,d,e,f) gnutls_write(a,b,c,d,e) -#define gnutls_recv(a,b,c,d,e,f) gnutls_read(a,b,c,d,e) -ssize_t gnutls_write(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata); -ssize_t gnutls_read(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata); +#define gnutls_send(a,b,c,d,e) gnutls_write(a,b,c,d) +#define gnutls_recv(a,b,c,d,e) gnutls_read(a,b,c,d) +ssize_t gnutls_write( GNUTLS_STATE state, void *data, size_t sizeofdata); +ssize_t gnutls_read( GNUTLS_STATE state, void *data, size_t sizeofdata); /* functions to set priority of cipher suites */ int gnutls_set_cipher_priority( GNUTLS_STATE state, GNUTLS_LIST); @@ -232,6 +232,7 @@ int gnutls_dh_generate_params( gnutls_datum* prime, gnutls_datum* generator, int typedef ssize_t (*PULL_FUNC)(SOCKET, void*, size_t); typedef ssize_t (*PUSH_FUNC)(SOCKET, const void*, size_t); +void gnutls_set_transport_ptr(GNUTLS_STATE state, SOCKET ptr); typedef void (*LOG_FUNC)( const char*); diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index e5c712a8ef..8ea7b8bf60 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -181,7 +181,7 @@ int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int * * Flags are only used if the default recv() function is being used. */ -static ssize_t _gnutls_read( SOCKET fd, GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, int flags) +static ssize_t _gnutls_read( GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, int flags) { size_t left; ssize_t i=0; @@ -189,7 +189,7 @@ static ssize_t _gnutls_read( SOCKET fd, GNUTLS_STATE state, void *iptr, size_t s #ifdef READ_DEBUG int j,x, sum=0; #endif - + SOCKET fd = state->gnutls_internals.transport_ptr; left = sizeOfPtr; while (left > 0) { @@ -252,7 +252,7 @@ static ssize_t _gnutls_read( SOCKET fd, GNUTLS_STATE state, void *iptr, size_t s #define RCVLOWAT state->gnutls_internals.lowat -int _gnutls_clear_peeked_data( SOCKET cd, GNUTLS_STATE state) { +int _gnutls_clear_peeked_data( GNUTLS_STATE state) { char peekdata1[10]; char *peekdata2; char * peek; @@ -277,7 +277,7 @@ int ret, sum; /* this was already read by using MSG_PEEK - so it shouldn't fail */ sum = 0; do { /* we need this to finish now */ - ret = _gnutls_read( cd, state, peek, RCVLOWAT-sum, 0); + ret = _gnutls_read( state, peek, RCVLOWAT-sum, 0); if (ret > 0) sum+=ret; } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN || sum < RCVLOWAT); @@ -310,7 +310,7 @@ void _gnutls_clear_read_buffer( GNUTLS_STATE state) { * This is not a general purpose function. It returns EXACTLY the data requested. * */ -ssize_t _gnutls_read_buffered( int fd, GNUTLS_STATE state, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) +ssize_t _gnutls_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) { ssize_t ret=0, ret2=0; int min, buf_pos; @@ -369,7 +369,7 @@ ssize_t _gnutls_read_buffered( int fd, GNUTLS_STATE state, opaque **iptr, size_t /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */ if ( recvdata - recvlowat > 0) { - ret = _gnutls_read( fd, state, &buf[buf_pos], recvdata - recvlowat, 0); + ret = _gnutls_read( state, &buf[buf_pos], recvdata - recvlowat, 0); /* return immediately if we got an interrupt or eagain * error. @@ -396,7 +396,7 @@ ssize_t _gnutls_read_buffered( int fd, GNUTLS_STATE state, opaque **iptr, size_t * select think, that the socket is ready for reading */ if (ret == (recvdata - recvlowat) && recvlowat > 0) { - ret2 = _gnutls_read( fd, state, &buf[buf_pos], recvlowat, MSG_PEEK); + ret2 = _gnutls_read( state, &buf[buf_pos], recvlowat, MSG_PEEK); if (ret2 < 0 && gnutls_is_fatal_error(ret2)==0) { return ret2; @@ -508,7 +508,7 @@ static int _gnutls_buffer_get( gnutls_datum * buffer, const opaque ** ptr, size_ * to decrypt and verify the integrity. * */ -ssize_t _gnutls_write_buffered(SOCKET fd, GNUTLS_STATE state, const void *iptr, size_t n) +ssize_t _gnutls_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) { size_t left; #ifdef WRITE_DEBUG @@ -517,6 +517,7 @@ ssize_t _gnutls_write_buffered(SOCKET fd, GNUTLS_STATE state, const void *iptr, ssize_t retval, i; const opaque * ptr; int ret; + SOCKET fd = state->gnutls_internals.transport_ptr; ptr = iptr; @@ -611,14 +612,14 @@ ssize_t _gnutls_write_buffered(SOCKET fd, GNUTLS_STATE state, const void *iptr, * TLS write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_write_flush(SOCKET fd, GNUTLS_STATE state) +ssize_t _gnutls_write_flush( GNUTLS_STATE state) { ssize_t ret; if (state->gnutls_internals.send_buffer.size == 0) return 0; /* done */ - ret = _gnutls_write_buffered(fd, state, NULL, 0); + ret = _gnutls_write_buffered( state, NULL, 0); #ifdef WRITE_DEBUG _gnutls_log("WRITE FLUSH: %d [buffer: %d]\n", ret, state->gnutls_internals.send_buffer.size); #endif @@ -630,10 +631,10 @@ ssize_t _gnutls_write_flush(SOCKET fd, GNUTLS_STATE state) * Handshake write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_handshake_write_flush(SOCKET fd, GNUTLS_STATE state) +ssize_t _gnutls_handshake_write_flush( GNUTLS_STATE state) { ssize_t ret; - ret = _gnutls_handshake_send_int(fd, state, 0, 0, NULL, 0); + ret = _gnutls_handshake_send_int( state, 0, 0, NULL, 0); if (ret < 0) { gnutls_assert(); return ret; @@ -657,7 +658,7 @@ ssize_t _gnutls_handshake_write_flush(SOCKET fd, GNUTLS_STATE state) /* This is a send function for the gnutls handshake * protocol. Just makes sure that all data have been sent. */ -ssize_t _gnutls_handshake_send_int( SOCKET fd, GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *iptr, size_t n) +ssize_t _gnutls_handshake_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *iptr, size_t n) { size_t left; ssize_t i = 0, ret=0; @@ -716,7 +717,7 @@ ssize_t _gnutls_handshake_send_int( SOCKET fd, GNUTLS_STATE state, ContentType t left = n; while (left > 0) { - ret = gnutls_send_int(fd, state, type, htype, &ptr[n-left], left); + ret = gnutls_send_int( state, type, htype, &ptr[n-left], left); if (ret <= 0) { if (ret==0) { @@ -762,7 +763,7 @@ ssize_t _gnutls_handshake_send_int( SOCKET fd, GNUTLS_STATE state, ContentType t /* This is a receive function for the gnutls handshake * protocol. Makes sure that we have received all data. */ -ssize_t _gnutls_handshake_recv_int(int fd, GNUTLS_STATE state, ContentType type, HandshakeType htype, void *iptr, size_t sizeOfPtr) +ssize_t _gnutls_handshake_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, void *iptr, size_t sizeOfPtr) { size_t left; ssize_t i; @@ -806,7 +807,7 @@ ssize_t _gnutls_handshake_recv_int(int fd, GNUTLS_STATE state, ContentType type, while (left > 0) { dsize = sizeOfPtr - left; - i = gnutls_recv_int(fd, state, type, htype, &ptr[dsize], left); + i = gnutls_recv_int( state, type, htype, &ptr[dsize], left); if (i < 0) { if (dsize > 0 && (i==GNUTLS_E_INTERRUPTED || i==GNUTLS_E_AGAIN)) { diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index 28f54a595d..e4c98d298c 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -21,11 +21,11 @@ int gnutls_insert_to_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length); int gnutls_get_data_buffer_size(ContentType type, GNUTLS_STATE state); int gnutls_get_data_buffer(ContentType type, GNUTLS_STATE state, char *data, int length); -ssize_t _gnutls_read_buffered(int fd, GNUTLS_STATE, opaque **iptr, size_t n, ContentType); +ssize_t _gnutls_read_buffered( GNUTLS_STATE, opaque **iptr, size_t n, ContentType); void _gnutls_clear_read_buffer( GNUTLS_STATE); -int _gnutls_clear_peeked_data( SOCKET cd, GNUTLS_STATE state); +int _gnutls_clear_peeked_data( GNUTLS_STATE state); -ssize_t _gnutls_write_buffered(int fd, GNUTLS_STATE, const void *iptr, size_t n ); +ssize_t _gnutls_write_buffered( GNUTLS_STATE, const void *iptr, size_t n ); /* used in SSL3 */ int gnutls_get_handshake_buffer( GNUTLS_STATE state, char *data, int length); @@ -34,7 +34,7 @@ int gnutls_read_handshake_buffer( GNUTLS_STATE state, char *data, int length); int gnutls_insert_to_handshake_buffer( GNUTLS_STATE state, char *data, int length); int gnutls_clear_handshake_buffer( GNUTLS_STATE state); -ssize_t _gnutls_handshake_recv_int(SOCKET fd, GNUTLS_STATE, ContentType, HandshakeType, void *, size_t); -ssize_t _gnutls_handshake_send_int(SOCKET fd, GNUTLS_STATE, ContentType, HandshakeType, const void *, size_t); -ssize_t _gnutls_write_flush(SOCKET fd, GNUTLS_STATE state); -ssize_t _gnutls_handshake_write_flush(SOCKET fd, GNUTLS_STATE state); +ssize_t _gnutls_handshake_recv_int( GNUTLS_STATE, ContentType, HandshakeType, void *, size_t); +ssize_t _gnutls_handshake_send_int( GNUTLS_STATE, ContentType, HandshakeType, const void *, size_t); +ssize_t _gnutls_write_flush( GNUTLS_STATE state); +ssize_t _gnutls_handshake_write_flush( GNUTLS_STATE state); diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 155c23bad7..311b295ba5 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -47,7 +47,7 @@ * This function should only be used if you do * not plan to use the included gdbm backend. * - * The first argument to store_func() will be null unless gnutls_db_set_db_ptr() + * The first argument to store_func() will be null unless gnutls_set_db_ptr() * has been called. * **/ @@ -65,7 +65,7 @@ void gnutls_set_db_retrieve_function( GNUTLS_STATE state, DB_RETR_FUNC retr_func * This function should only be used if you do * not plan to use the included gdbm backend. * - * The first argument to rem_func() will be null unless gnutls_db_set_db_ptr() + * The first argument to rem_func() will be null unless gnutls_set_db_ptr() * has been called. * **/ @@ -83,7 +83,7 @@ void gnutls_set_db_remove_function( GNUTLS_STATE state, DB_REMOVE_FUNC rem_func) * This function should only be used if you do * not plan to use the included gdbm backend. * - * The first argument to store_func() will be null unless gnutls_db_set_ptr() + * The first argument to store_func() will be null unless gnutls_set_db_ptr() * has been called. * **/ diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index e97641a5d2..ef9e339d0e 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -400,7 +400,7 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, * and initializing encryption. This is the first encrypted message * we send. */ -int _gnutls_send_finished(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_finished( GNUTLS_STATE state, int again) { uint8 *data=NULL; int ret; @@ -421,7 +421,7 @@ int _gnutls_send_finished(SOCKET cd, GNUTLS_STATE state, int again) } } ret = - _gnutls_send_handshake(cd, state, data, data_size, + _gnutls_send_handshake( state, data, data_size, GNUTLS_FINISHED); gnutls_free(data); @@ -431,7 +431,7 @@ int _gnutls_send_finished(SOCKET cd, GNUTLS_STATE state, int again) /* This is to be called after sending our finished message. If everything * went fine we have negotiated a secure connection */ -int _gnutls_recv_finished(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_finished( GNUTLS_STATE state) { uint8 *data, *vrfy; int data_size; @@ -441,7 +441,7 @@ int _gnutls_recv_finished(SOCKET cd, GNUTLS_STATE state) ret = 0; ret = - _gnutls_recv_handshake(cd, state, &vrfy, &vrfysize, + _gnutls_recv_handshake( state, &vrfy, &vrfysize, GNUTLS_FINISHED, MANDATORY_PACKET); if (ret < 0) { ERR("recv finished int", ret); @@ -576,14 +576,14 @@ int _gnutls_server_SelectCompMethod(GNUTLS_STATE state, * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again * (until it returns ok), with NULL parameters. */ -int _gnutls_send_empty_handshake(SOCKET cd, GNUTLS_STATE state, HandshakeType type, int again) { +int _gnutls_send_empty_handshake( GNUTLS_STATE state, HandshakeType type, int again) { opaque data=0; opaque * ptr; if (again==0) ptr = &data; else ptr = NULL; - return _gnutls_send_handshake( cd, state, ptr, 0, type); + return _gnutls_send_handshake( state, ptr, 0, type); } /* This function sends a handshake message of type 'type' containing the @@ -591,7 +591,7 @@ opaque * ptr; * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again * (until it returns ok), with NULL parameters. */ -int _gnutls_send_handshake(SOCKET cd, GNUTLS_STATE state, void *i_data, +int _gnutls_send_handshake( GNUTLS_STATE state, void *i_data, uint32 i_datasize, HandshakeType type) { int ret; @@ -603,7 +603,7 @@ int _gnutls_send_handshake(SOCKET cd, GNUTLS_STATE state, void *i_data, /* we are resuming a previously interrupted * send. */ - ret = _gnutls_handshake_write_flush( cd, state); + ret = _gnutls_handshake_write_flush( state); return ret; } @@ -647,7 +647,7 @@ int _gnutls_send_handshake(SOCKET cd, GNUTLS_STATE state, void *i_data, } ret = - _gnutls_handshake_send_int(cd, state, GNUTLS_HANDSHAKE, type, + _gnutls_handshake_send_int( state, GNUTLS_HANDSHAKE, type, data, datasize); gnutls_free(data); @@ -660,7 +660,7 @@ int _gnutls_send_handshake(SOCKET cd, GNUTLS_STATE state, void *i_data, * returns UNEXPECTED_HANDSHAKE_PACKET. */ #define SSL2_HEADERS 1 -static int _gnutls_recv_handshake_header(SOCKET cd, GNUTLS_STATE state, +static int _gnutls_recv_handshake_header( GNUTLS_STATE state, HandshakeType type, HandshakeType * recv_type) { @@ -691,7 +691,7 @@ static int _gnutls_recv_handshake_header(SOCKET cd, GNUTLS_STATE state, */ if (state->gnutls_internals.handshake_header_buffer.header_size < SSL2_HEADERS) { ret = - _gnutls_handshake_recv_int(cd, state, GNUTLS_HANDSHAKE, type, + _gnutls_handshake_recv_int( state, GNUTLS_HANDSHAKE, type, dataptr, SSL2_HEADERS); if (ret < 0) { @@ -708,7 +708,7 @@ static int _gnutls_recv_handshake_header(SOCKET cd, GNUTLS_STATE state, if (state->gnutls_internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) { ret = - _gnutls_handshake_recv_int(cd, state, GNUTLS_HANDSHAKE, + _gnutls_handshake_recv_int( state, GNUTLS_HANDSHAKE, type, &dataptr[state->gnutls_internals.handshake_header_buffer.header_size], HANDSHAKE_HEADER_SIZE - @@ -787,7 +787,7 @@ static int _gnutls_recv_handshake_header(SOCKET cd, GNUTLS_STATE state, * send to _gnutls_recv_hello(). */ -int _gnutls_recv_handshake(SOCKET cd, GNUTLS_STATE state, uint8 ** data, +int _gnutls_recv_handshake( GNUTLS_STATE state, uint8 ** data, int *datalen, HandshakeType type, Optional optional) { @@ -796,7 +796,7 @@ int _gnutls_recv_handshake(SOCKET cd, GNUTLS_STATE state, uint8 ** data, opaque *dataptr; HandshakeType recv_type; - ret = _gnutls_recv_handshake_header(cd, state, type, &recv_type); + ret = _gnutls_recv_handshake_header( state, type, &recv_type); if (ret < 0) { if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET && optional == OPTIONAL_PACKET) { @@ -828,7 +828,7 @@ int _gnutls_recv_handshake(SOCKET cd, GNUTLS_STATE state, uint8 ** data, if (length32 > 0) { ret = - _gnutls_handshake_recv_int(cd, state, GNUTLS_HANDSHAKE, + _gnutls_handshake_recv_int( state, GNUTLS_HANDSHAKE, type, dataptr, length32); if (ret <= 0) { gnutls_assert(); @@ -864,7 +864,7 @@ int _gnutls_recv_handshake(SOCKET cd, GNUTLS_STATE state, uint8 ** data, switch (recv_type) { case GNUTLS_CLIENT_HELLO: case GNUTLS_SERVER_HELLO: - ret = _gnutls_recv_hello(cd, state, dataptr, length32); + ret = _gnutls_recv_hello( state, dataptr, length32); gnutls_free(dataptr); break; case GNUTLS_CERTIFICATE: @@ -1066,7 +1066,7 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, /* This function sends the client hello handshake message. */ -static int _gnutls_send_client_hello(SOCKET cd, GNUTLS_STATE state, int again) +static int _gnutls_send_client_hello( GNUTLS_STATE state, int again) { char *data = NULL; opaque *extdata; @@ -1206,14 +1206,14 @@ static int _gnutls_send_client_hello(SOCKET cd, GNUTLS_STATE state, int again) } ret = - _gnutls_send_handshake(cd, state, data, datalen, + _gnutls_send_handshake( state, data, datalen, GNUTLS_CLIENT_HELLO); gnutls_free(data); return ret; } -static int _gnutls_send_server_hello(SOCKET cd, GNUTLS_STATE state, int again) +static int _gnutls_send_server_hello( GNUTLS_STATE state, int again) { opaque *data; opaque *extdata; @@ -1298,7 +1298,7 @@ static int _gnutls_send_server_hello(SOCKET cd, GNUTLS_STATE state, int again) } ret = - _gnutls_send_handshake(cd, state, data, datalen, + _gnutls_send_handshake( state, data, datalen, GNUTLS_SERVER_HELLO); gnutls_free(data); @@ -1306,14 +1306,14 @@ static int _gnutls_send_server_hello(SOCKET cd, GNUTLS_STATE state, int again) return ret; } -int _gnutls_send_hello(SOCKET cd, GNUTLS_STATE state, int again) { +int _gnutls_send_hello( GNUTLS_STATE state, int again) { int ret; if (state->security_parameters.entity == GNUTLS_CLIENT) { - ret = _gnutls_send_client_hello(cd, state, again); + ret = _gnutls_send_client_hello( state, again); } else { /* SERVER */ - ret = _gnutls_send_server_hello(cd, state, again); + ret = _gnutls_send_server_hello( state, again); } return ret; @@ -1323,7 +1323,7 @@ int ret; * hello message is expected. It uses the security_parameters.current_cipher_suite * and gnutls_internals.compression_method. */ -int _gnutls_recv_hello(SOCKET cd, GNUTLS_STATE state, char *data, +int _gnutls_recv_hello( GNUTLS_STATE state, char *data, int datalen) { int ret; @@ -1373,7 +1373,6 @@ int _gnutls_recv_hello(SOCKET cd, GNUTLS_STATE state, char *data, /** * gnutls_rehandshake - This function will renegotiate security parameters - * @cd: is a connection descriptor, as returned by socket(). * @state: is a a &GNUTLS_STATE structure. * * This function will renegotiate security parameters with the @@ -1391,7 +1390,7 @@ int _gnutls_recv_hello(SOCKET cd, GNUTLS_STATE state, char *data, * GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be * GNUTLS_NO_RENEGOTIATION. **/ -int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state) +int gnutls_rehandshake( GNUTLS_STATE state) { int ret; @@ -1399,7 +1398,7 @@ int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state) if (state->security_parameters.entity == GNUTLS_CLIENT) return GNUTLS_E_UNIMPLEMENTED_FEATURE; - ret = _gnutls_send_empty_handshake(cd, state, GNUTLS_HELLO_REQUEST, AGAIN(STATE50)); + ret = _gnutls_send_empty_handshake( state, GNUTLS_HELLO_REQUEST, AGAIN(STATE50)); STATE = STATE50; if (ret < 0) { @@ -1413,7 +1412,6 @@ int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state) /** * gnutls_handshake - This the main function in the handshake protocol. - * @cd: is a connection descriptor, as returned by socket(). * @state: is a a &GNUTLS_STATE structure. * * This function does the handshake of the TLS/SSL protocol, @@ -1427,19 +1425,19 @@ int gnutls_rehandshake(SOCKET cd, GNUTLS_STATE state) * (call this function again, until it returns ok) * **/ -int gnutls_handshake(SOCKET cd, GNUTLS_STATE state) +int gnutls_handshake( GNUTLS_STATE state) { int ret; if (state->security_parameters.entity == GNUTLS_CLIENT) { - ret = gnutls_handshake_client(cd, state); + ret = gnutls_handshake_client( state); } else { - ret = gnutls_handshake_server(cd, state); + ret = gnutls_handshake_server( state); } if (ret < 0) return ret; - ret = gnutls_handshake_common(cd, state); + ret = gnutls_handshake_common( state); if (ret < 0) return ret; @@ -1466,7 +1464,7 @@ int gnutls_handshake(SOCKET cd, GNUTLS_STATE state) * gnutls_handshake_client * This function performs the client side of the handshake of the TLS/SSL protocol. */ -int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) +int gnutls_handshake_client( GNUTLS_STATE state) { int ret = 0; @@ -1485,14 +1483,14 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) switch( STATE) { case STATE0: case STATE1: - ret = _gnutls_send_hello(cd, state, AGAIN(STATE1)); + ret = _gnutls_send_hello( state, AGAIN(STATE1)); STATE = STATE1; IMED_RET("send hello", ret); case STATE2: /* receive the server hello */ ret = - _gnutls_recv_handshake(cd, state, NULL, NULL, + _gnutls_recv_handshake( state, NULL, NULL, GNUTLS_SERVER_HELLO, MANDATORY_PACKET); STATE = STATE2; IMED_RET("recv hello", ret); @@ -1500,14 +1498,14 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) case STATE3: /* RECV CERTIFICATE */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_certificate(cd, state); + ret = _gnutls_recv_server_certificate( state); STATE = STATE3; IMED_RET("recv server certificate", ret); case STATE4: /* receive the server key exchange */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_kx_message(cd, state); + ret = _gnutls_recv_server_kx_message( state); STATE = STATE4; IMED_RET("recv server kx message", ret); @@ -1516,7 +1514,7 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) * send the client key exchange for SRP */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_send_client_kx_message0(cd, state, AGAIN(STATE5)); + ret = _gnutls_send_client_kx_message0( state, AGAIN(STATE5)); STATE = STATE5; IMED_RET("send client kx0", ret); @@ -1525,7 +1523,7 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_certificate_request(cd, state); + ret = _gnutls_recv_server_certificate_request( state); STATE = STATE6; IMED_RET("recv server certificate request message", ret); @@ -1534,7 +1532,7 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_kx_message2(cd, state); + ret = _gnutls_recv_server_kx_message2( state); STATE = STATE7; IMED_RET("recv server kx message2", ret); @@ -1542,7 +1540,7 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) /* receive the server hello done */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_recv_handshake(cd, state, NULL, NULL, + _gnutls_recv_handshake( state, NULL, NULL, GNUTLS_SERVER_HELLO_DONE, MANDATORY_PACKET); STATE = STATE8; @@ -1552,20 +1550,20 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) /* send our certificate - if any and if requested */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_send_client_certificate(cd, state, AGAIN(STATE9)); + ret = _gnutls_send_client_certificate( state, AGAIN(STATE9)); STATE = STATE9; IMED_RET("send client certificate", ret); case STATE10: if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_send_client_kx_message(cd, state, AGAIN(STATE10)); + ret = _gnutls_send_client_kx_message( state, AGAIN(STATE10)); STATE = STATE10; IMED_RET("send client kx", ret); case STATE11: /* send client certificate verify */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_send_client_certificate_verify(cd, state, AGAIN(STATE11)); + ret = _gnutls_send_client_certificate_verify( state, AGAIN(STATE11)); STATE = STATE11; IMED_RET("send client certificate verify", ret); @@ -1578,7 +1576,7 @@ int gnutls_handshake_client(SOCKET cd, GNUTLS_STATE state) /* This function sends the final handshake packets and initializes connection */ -static int _gnutls_send_handshake_final(SOCKET cd, GNUTLS_STATE state, +static int _gnutls_send_handshake_final( GNUTLS_STATE state, int init) { int ret = 0; @@ -1588,7 +1586,7 @@ static int _gnutls_send_handshake_final(SOCKET cd, GNUTLS_STATE state, switch( STATE) { case STATE0: case STATE20: - ret = _gnutls_send_change_cipher_spec(cd, state, AGAIN(STATE20)); + ret = _gnutls_send_change_cipher_spec( state, AGAIN(STATE20)); STATE = STATE20; if (ret < 0) { ERR("send ChangeCipherSpec", ret); @@ -1614,7 +1612,7 @@ static int _gnutls_send_handshake_final(SOCKET cd, GNUTLS_STATE state, case STATE21: /* send the finished message */ - ret = _gnutls_send_finished(cd, state, AGAIN(STATE21)); + ret = _gnutls_send_finished( state, AGAIN(STATE21)); STATE = STATE21; if (ret < 0) { ERR("send Finished", ret); @@ -1632,7 +1630,7 @@ static int _gnutls_send_handshake_final(SOCKET cd, GNUTLS_STATE state, * And executes the appropriate function to initialize the * read state. */ -static int _gnutls_recv_handshake_final(SOCKET cd, GNUTLS_STATE state, +static int _gnutls_recv_handshake_final( GNUTLS_STATE state, int init) { int ret = 0; @@ -1642,7 +1640,7 @@ static int _gnutls_recv_handshake_final(SOCKET cd, GNUTLS_STATE state, case STATE0: case STATE30: ret = - gnutls_recv_int(cd, state, GNUTLS_CHANGE_CIPHER_SPEC, -1, + gnutls_recv_int( state, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); STATE = STATE30; if (ret <= 0) { @@ -1667,7 +1665,7 @@ static int _gnutls_recv_handshake_final(SOCKET cd, GNUTLS_STATE state, } case STATE31: - ret = _gnutls_recv_finished(cd, state); + ret = _gnutls_recv_finished( state); STATE = STATE31; if (ret < 0) { ERR("recv finished", ret); @@ -1686,7 +1684,7 @@ static int _gnutls_recv_handshake_final(SOCKET cd, GNUTLS_STATE state, * This function does the server stuff of the handshake protocol. */ -int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) +int gnutls_handshake_server( GNUTLS_STATE state) { int ret = 0; @@ -1694,13 +1692,13 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) case STATE0: case STATE1: ret = - _gnutls_recv_handshake(cd, state, NULL, NULL, + _gnutls_recv_handshake( state, NULL, NULL, GNUTLS_CLIENT_HELLO, MANDATORY_PACKET); STATE = STATE1; IMED_RET("recv hello", ret); case STATE2: - ret = _gnutls_send_hello(cd, state, AGAIN(STATE2)); + ret = _gnutls_send_hello( state, AGAIN(STATE2)); STATE = STATE2; IMED_RET("send hello", ret); @@ -1709,21 +1707,21 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) /* NOTE: these should not be send if we are resuming */ if (state->gnutls_internals.resumed == RESUME_FALSE) - ret = _gnutls_send_server_certificate(cd, state, AGAIN(STATE3)); + ret = _gnutls_send_server_certificate( state, AGAIN(STATE3)); STATE = STATE3; IMED_RET("send server certificate", ret); case STATE4: /* send server key exchange (A) */ if (state->gnutls_internals.resumed == RESUME_FALSE) - ret = _gnutls_send_server_kx_message(cd, state, AGAIN(STATE4)); + ret = _gnutls_send_server_kx_message( state, AGAIN(STATE4)); STATE = STATE4; IMED_RET("send server kx", ret); case STATE5: /* Send certificate request - if requested to */ if (state->gnutls_internals.resumed == RESUME_FALSE) - ret = _gnutls_send_server_certificate_request(cd, state, AGAIN(STATE5)); + ret = _gnutls_send_server_certificate_request( state, AGAIN(STATE5)); STATE = STATE5; IMED_RET("send server cert request", ret); @@ -1732,14 +1730,14 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) /* receive the client key exchange message */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_kx_message0(cd, state); + ret = _gnutls_recv_client_kx_message0( state); STATE = STATE6; IMED_RET("recv client kx0", ret); case STATE7: /* send server key exchange (B) */ if (state->gnutls_internals.resumed == RESUME_FALSE) - ret = _gnutls_send_server_kx_message2(cd, state, AGAIN(STATE7)); + ret = _gnutls_send_server_kx_message2( state, AGAIN(STATE7)); STATE = STATE7; IMED_RET("send server kx2", ret); @@ -1747,7 +1745,7 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) /* send the server hello done */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_send_empty_handshake(cd, state, GNUTLS_SERVER_HELLO_DONE, AGAIN(STATE8)); + _gnutls_send_empty_handshake( state, GNUTLS_SERVER_HELLO_DONE, AGAIN(STATE8)); STATE = STATE8; IMED_RET("send server hello done", ret); @@ -1756,14 +1754,14 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) case STATE9: /* receive the client certificate message */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_certificate(cd, state); + ret = _gnutls_recv_client_certificate( state); STATE = STATE9; IMED_RET("recv client certificate", ret); case STATE10: /* receive the client key exchange message */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_kx_message(cd, state); + ret = _gnutls_recv_client_kx_message( state); STATE = STATE10; IMED_RET("recv client kx", ret); @@ -1771,7 +1769,7 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) /* receive the client certificate verify message */ if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_recv_client_certificate_verify_message(cd, + _gnutls_recv_client_certificate_verify_message( state); STATE = STATE11; IMED_RET("recv client certificate verify", ret); @@ -1782,7 +1780,7 @@ int gnutls_handshake_server(SOCKET cd, GNUTLS_STATE state) return 0; } -int gnutls_handshake_common(SOCKET cd, GNUTLS_STATE state) +int gnutls_handshake_common( GNUTLS_STATE state) { int ret = 0; @@ -1794,17 +1792,17 @@ int gnutls_handshake_common(SOCKET cd, GNUTLS_STATE state) && state->security_parameters.entity == GNUTLS_SERVER)) { /* if we are a client resuming - or we are a server not resuming */ - ret = _gnutls_recv_handshake_final(cd, state, TRUE); + ret = _gnutls_recv_handshake_final( state, TRUE); IMED_RET("recv handshake final", ret); - ret = _gnutls_send_handshake_final(cd, state, FALSE); + ret = _gnutls_send_handshake_final( state, FALSE); IMED_RET( "send handshake final", ret); } else { /* if we are a client not resuming - or we are a server resuming */ - ret = _gnutls_send_handshake_final(cd, state, TRUE); + ret = _gnutls_send_handshake_final( state, TRUE); IMED_RET("send handshake final 2", ret); - ret = _gnutls_recv_handshake_final(cd, state, FALSE); + ret = _gnutls_recv_handshake_final( state, FALSE); IMED_RET("recv handshake final 2", ret); } @@ -1836,7 +1834,7 @@ int _gnutls_generate_session_id(char *session_id, uint8 * len) return 0; } -int _gnutls_recv_hello_request(SOCKET cd, GNUTLS_STATE state, void *data, +int _gnutls_recv_hello_request( GNUTLS_STATE state, void *data, uint32 data_size) { uint8 type; diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index 0208caa4c1..d09c7a362a 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -20,17 +20,17 @@ typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; -int _gnutls_send_handshake(int cd, GNUTLS_STATE state, void* i_data, uint32 i_datasize, HandshakeType type); -int gnutls_send_hello_request(int cd, GNUTLS_STATE state); -int _gnutls_recv_hello_request(int cd, GNUTLS_STATE state, void* data, uint32 data_size); -int _gnutls_send_hello(int cd, GNUTLS_STATE state, int again); -int _gnutls_recv_hello(int cd, GNUTLS_STATE state, char* data, int datalen); -int gnutls_handshake(int cd, GNUTLS_STATE state); -int _gnutls_recv_handshake( int cd, GNUTLS_STATE state, uint8**, int*, HandshakeType, Optional optional); +int _gnutls_send_handshake( GNUTLS_STATE state, void* i_data, uint32 i_datasize, HandshakeType type); +int gnutls_send_hello_request( GNUTLS_STATE state); +int _gnutls_recv_hello_request( GNUTLS_STATE state, void* data, uint32 data_size); +int _gnutls_send_hello( GNUTLS_STATE state, int again); +int _gnutls_recv_hello( GNUTLS_STATE state, char* data, int datalen); +int gnutls_handshake( GNUTLS_STATE state); +int _gnutls_recv_handshake( GNUTLS_STATE state, uint8**, int*, HandshakeType, Optional optional); int _gnutls_generate_session_id( char* session_id, uint8* len); -int gnutls_handshake_common(int cd, GNUTLS_STATE state); -int gnutls_handshake_client(int cd, GNUTLS_STATE state); -int gnutls_handshake_server(int cd, GNUTLS_STATE state); +int gnutls_handshake_common( GNUTLS_STATE state); +int gnutls_handshake_client( GNUTLS_STATE state); +int gnutls_handshake_server( GNUTLS_STATE state); void _gnutls_set_server_random( GNUTLS_STATE state, uint8* random); void _gnutls_set_client_random( GNUTLS_STATE state, uint8* random); int _gnutls_create_random( opaque* dst); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 80cdabf745..3264bf1599 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -455,7 +455,11 @@ typedef struct { */ PULL_FUNC _gnutls_pull_func; PUSH_FUNC _gnutls_push_func; - + /* Holds the first argument of PUSH and PULL + * functions; + */ + int transport_ptr; + /* STORE & RETRIEVE functions. Only used if other * backend than gdbm is used. */ @@ -484,8 +488,7 @@ typedef struct GNUTLS_STATE_INT *GNUTLS_STATE; /* functions */ -int gnutls_send_alert( SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDescription desc); -int gnutls_close(SOCKET cd, GNUTLS_STATE state); +int gnutls_send_alert( GNUTLS_STATE state, AlertLevel level, AlertDescription desc); svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes); diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 20d6355c3b..1b41ad5527 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -89,7 +89,7 @@ char random[2*TLS_RANDOM_SIZE]; * server. It does nothing if this type of message is not required * by the selected ciphersuite. */ -int _gnutls_send_server_kx_message(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_server_kx_message( GNUTLS_STATE state, int again) { uint8 *data = NULL; int data_size = 0; @@ -110,7 +110,7 @@ int _gnutls_send_server_kx_message(SOCKET cd, GNUTLS_STATE state, int again) } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); gnutls_free(data); if (ret < 0) { @@ -123,7 +123,7 @@ int _gnutls_send_server_kx_message(SOCKET cd, GNUTLS_STATE state, int again) /* This function sends a certificate request message to the * client. */ -int _gnutls_send_server_certificate_request(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_server_certificate_request( GNUTLS_STATE state, int again) { uint8 *data = NULL; int data_size = 0; @@ -146,7 +146,7 @@ int _gnutls_send_server_certificate_request(SOCKET cd, GNUTLS_STATE state, int a return data_size; } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CERTIFICATE_REQUEST); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_REQUEST); gnutls_free(data); if (ret < 0) { @@ -157,7 +157,7 @@ int _gnutls_send_server_certificate_request(SOCKET cd, GNUTLS_STATE state, int a } /* Currently only used in SRP */ -int _gnutls_send_server_kx_message2(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_server_kx_message2( GNUTLS_STATE state, int again) { uint8 *data = NULL; int data_size = 0; @@ -178,7 +178,7 @@ int _gnutls_send_server_kx_message2(SOCKET cd, GNUTLS_STATE state, int again) } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); gnutls_free(data); if (ret<0) { @@ -192,7 +192,7 @@ int _gnutls_send_server_kx_message2(SOCKET cd, GNUTLS_STATE state, int again) /* This is the function for the client to send the key * exchange message */ -int _gnutls_send_client_kx_message(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_client_kx_message( GNUTLS_STATE state, int again) { uint8 *data; int data_size; @@ -212,7 +212,7 @@ int _gnutls_send_client_kx_message(SOCKET cd, GNUTLS_STATE state, int again) return data_size; } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); gnutls_free(data); if (ret<0) { @@ -225,7 +225,7 @@ int _gnutls_send_client_kx_message(SOCKET cd, GNUTLS_STATE state, int again) /* Only used in SRP currently */ -int _gnutls_send_client_kx_message0(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_client_kx_message0( GNUTLS_STATE state, int again) { uint8 *data; int data_size; @@ -246,7 +246,7 @@ int _gnutls_send_client_kx_message0(SOCKET cd, GNUTLS_STATE state, int again) return data_size; } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); gnutls_free(data); return ret; @@ -256,7 +256,7 @@ int _gnutls_send_client_kx_message0(SOCKET cd, GNUTLS_STATE state, int again) /* This is the function for the client to send the certificate * verify message */ -int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again) { uint8 *data; int ret = 0; @@ -292,7 +292,7 @@ int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state, int ag } ret = - _gnutls_send_handshake(cd, state, data, + _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_VERIFY); gnutls_free(data); @@ -301,7 +301,7 @@ int _gnutls_send_client_certificate_verify(SOCKET cd, GNUTLS_STATE state, int ag } -int _gnutls_recv_server_kx_message(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_server_kx_message( GNUTLS_STATE state) { uint8 *data; int datasize; @@ -310,7 +310,7 @@ int _gnutls_recv_server_kx_message(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_kx!=NULL) { ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) @@ -326,7 +326,7 @@ int _gnutls_recv_server_kx_message(SOCKET cd, GNUTLS_STATE state) return ret; } -int _gnutls_recv_server_certificate_request(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_server_certificate_request( GNUTLS_STATE state) { uint8 *data; int datasize; @@ -335,7 +335,7 @@ int _gnutls_recv_server_certificate_request(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate_request!=NULL) { ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_CERTIFICATE_REQUEST, OPTIONAL_PACKET); if (ret < 0) @@ -353,7 +353,7 @@ int _gnutls_recv_server_certificate_request(SOCKET cd, GNUTLS_STATE state) return ret; } -int _gnutls_recv_server_kx_message2(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_server_kx_message2( GNUTLS_STATE state) { uint8 *data; int datasize; @@ -363,7 +363,7 @@ int _gnutls_recv_server_kx_message2(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_kx2 != NULL) { ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) @@ -379,7 +379,7 @@ int _gnutls_recv_server_kx_message2(SOCKET cd, GNUTLS_STATE state) return ret; } -int _gnutls_recv_client_kx_message(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_client_kx_message( GNUTLS_STATE state) { uint8 *data; int datasize; @@ -390,7 +390,7 @@ int _gnutls_recv_client_kx_message(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_client_kx != NULL) { ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) @@ -407,7 +407,7 @@ int _gnutls_recv_client_kx_message(SOCKET cd, GNUTLS_STATE state) } /* only used in SRP */ -int _gnutls_recv_client_kx_message0(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_client_kx_message0( GNUTLS_STATE state) { uint8 *data; int datasize; @@ -417,7 +417,7 @@ int _gnutls_recv_client_kx_message0(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_client_kx0 != NULL) { ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) @@ -434,7 +434,7 @@ int _gnutls_recv_client_kx_message0(SOCKET cd, GNUTLS_STATE state) /* This is called when we want send our certificate */ -int _gnutls_send_client_certificate(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_client_certificate( GNUTLS_STATE state, int again) { uint8 *data = NULL; int data_size = 0; @@ -458,7 +458,7 @@ int _gnutls_send_client_certificate(SOCKET cd, GNUTLS_STATE state, int again) return data_size; } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CERTIFICATE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE); gnutls_free(data); if (ret<0) { @@ -472,7 +472,7 @@ int _gnutls_send_client_certificate(SOCKET cd, GNUTLS_STATE state, int again) /* This is called when we want send our certificate */ -int _gnutls_send_server_certificate(SOCKET cd, GNUTLS_STATE state, int again) +int _gnutls_send_server_certificate( GNUTLS_STATE state, int again) { uint8 *data = NULL; int data_size = 0; @@ -493,7 +493,7 @@ int _gnutls_send_server_certificate(SOCKET cd, GNUTLS_STATE state, int again) return data_size; } } - ret = _gnutls_send_handshake(cd, state, data, data_size, GNUTLS_CERTIFICATE); + ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE); gnutls_free(data); if (ret < 0) { @@ -505,7 +505,7 @@ int _gnutls_send_server_certificate(SOCKET cd, GNUTLS_STATE state, int again) } -int _gnutls_recv_client_certificate(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_client_certificate( GNUTLS_STATE state) { int datasize; opaque * data; @@ -526,7 +526,7 @@ int _gnutls_recv_client_certificate(SOCKET cd, GNUTLS_STATE state) optional = OPTIONAL_PACKET; ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_CERTIFICATE, optional); if (ret < 0) { @@ -542,7 +542,10 @@ int _gnutls_recv_client_certificate(SOCKET cd, GNUTLS_STATE state) } /* certificate was required */ if (optional==MANDATORY_PACKET) { - gnutls_send_alert( cd, state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE); +#ifdef DEBUG +# warning FIX THIS ALERT + gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE); +#endif gnutls_assert(); } return ret; @@ -576,7 +579,7 @@ int _gnutls_recv_client_certificate(SOCKET cd, GNUTLS_STATE state) return ret; } -int _gnutls_recv_server_certificate(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_server_certificate( GNUTLS_STATE state) { int datasize; opaque * data; @@ -585,7 +588,7 @@ int _gnutls_recv_server_certificate(SOCKET cd, GNUTLS_STATE state) if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate!=NULL) { ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_CERTIFICATE, MANDATORY_PACKET); if (ret < 0) { @@ -608,7 +611,7 @@ int _gnutls_recv_server_certificate(SOCKET cd, GNUTLS_STATE state) /* Recv the client certificate verify. This packet may not * arrive if the peer did not send us a certificate. */ -int _gnutls_recv_client_certificate_verify_message(SOCKET cd, GNUTLS_STATE state) +int _gnutls_recv_client_certificate_verify_message( GNUTLS_STATE state) { uint8 *data; int datasize; @@ -623,7 +626,7 @@ int _gnutls_recv_client_certificate_verify_message(SOCKET cd, GNUTLS_STATE state } ret = - _gnutls_recv_handshake(cd, state, &data, + _gnutls_recv_handshake( state, &data, &datasize, GNUTLS_CERTIFICATE_VERIFY, OPTIONAL_PACKET); if (ret < 0) @@ -631,7 +634,10 @@ int _gnutls_recv_client_certificate_verify_message(SOCKET cd, GNUTLS_STATE state if (ret==0 && datasize == 0 && state->gnutls_internals.send_cert_req == GNUTLS_CERT_REQUIRE) { /* certificate was required */ - gnutls_send_alert( cd, state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE); +#ifdef DEBUG +# warning FIX THIS ALERT + gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_BAD_CERTIFICATE); +#endif gnutls_assert(); return GNUTLS_E_NO_CERTIFICATE_FOUND; } diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h index 0bf69a7188..0036e09dd2 100644 --- a/lib/gnutls_kx.h +++ b/lib/gnutls_kx.h @@ -18,21 +18,21 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_send_server_kx_message(int cd, GNUTLS_STATE state, int again); -int _gnutls_send_server_kx_message2(int cd, GNUTLS_STATE state, int again); -int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state, int again); -int _gnutls_send_client_kx_message0(int cd, GNUTLS_STATE state, int again); -int _gnutls_recv_server_kx_message(int cd, GNUTLS_STATE state); -int _gnutls_recv_server_kx_message2(int cd, GNUTLS_STATE state); -int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state); -int _gnutls_recv_client_kx_message0(int cd, GNUTLS_STATE state); -int _gnutls_send_client_certificate_verify(int cd, GNUTLS_STATE state, int again); -int _gnutls_send_server_certificate(int cd, GNUTLS_STATE state, int again); +int _gnutls_send_server_kx_message( GNUTLS_STATE state, int again); +int _gnutls_send_server_kx_message2( GNUTLS_STATE state, int again); +int _gnutls_send_client_kx_message( GNUTLS_STATE state, int again); +int _gnutls_send_client_kx_message0( GNUTLS_STATE state, int again); +int _gnutls_recv_server_kx_message( GNUTLS_STATE state); +int _gnutls_recv_server_kx_message2( GNUTLS_STATE state); +int _gnutls_recv_client_kx_message( GNUTLS_STATE state); +int _gnutls_recv_client_kx_message0( GNUTLS_STATE state); +int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again); +int _gnutls_send_server_certificate( GNUTLS_STATE state, int again); int _gnutls_generate_master( GNUTLS_STATE state); -int _gnutls_recv_client_certificate(SOCKET cd, GNUTLS_STATE state); -int _gnutls_recv_server_certificate(SOCKET cd, GNUTLS_STATE state); -int _gnutls_send_client_certificate(SOCKET cd, GNUTLS_STATE state, int again); -int _gnutls_recv_server_certificate_request(SOCKET cd, GNUTLS_STATE state); -int _gnutls_send_server_certificate_request(SOCKET cd, GNUTLS_STATE state, int again); -int _gnutls_recv_client_certificate_verify_message(SOCKET cd, GNUTLS_STATE state); +int _gnutls_recv_client_certificate( GNUTLS_STATE state); +int _gnutls_recv_server_certificate( GNUTLS_STATE state); +int _gnutls_send_client_certificate( GNUTLS_STATE state, int again); +int _gnutls_recv_server_certificate_request( GNUTLS_STATE state); +int _gnutls_send_server_certificate_request( GNUTLS_STATE state, int again); +int _gnutls_recv_client_certificate_verify_message( GNUTLS_STATE state); diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 0f56ab912d..3f26919ac5 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -59,9 +59,22 @@ void _gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version) { * Otherwise it must be called and set lowat to zero. * **/ -int gnutls_set_lowat(GNUTLS_STATE state, int num) { +void gnutls_set_lowat(GNUTLS_STATE state, int num) { state->gnutls_internals.lowat = num; - return 0; +} + +/** + * gnutls_set_transport_ptr - Used to set first argument of the transport functions + * @state: is a &GNUTLS_STATE structure. + * @ptr: is the value. + * + * Used to set the first argument of the transport function (like PUSH and + * PULL). In berkeley style sockets this function will set the connection + * handle. + * + **/ +void gnutls_set_transport_ptr(GNUTLS_STATE state, SOCKET ptr) { + state->gnutls_internals.transport_ptr = ptr; } #define _gnutls_free(x) if(x!=NULL) gnutls_free(x) @@ -354,7 +367,6 @@ svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_si /** * gnutls_send_alert - This function sends an alert message to the peer - * @cd: is a connection descriptor. * @state: is a &GNUTLS_STATE structure. * @level: is the level of the alert * @desc: is the alert description @@ -366,7 +378,7 @@ svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_si * Returns 0 on success. * **/ -int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDescription desc) +int gnutls_send_alert( GNUTLS_STATE state, AlertLevel level, AlertDescription desc) { uint8 data[2]; int ret; @@ -378,7 +390,7 @@ int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDesc _gnutls_log( "Record: Sending Alert[%d|%d] - %s\n", data[0], data[1], _gnutls_alert2str((int)data[1])); #endif - if ( (ret = gnutls_send_int(cd, state, GNUTLS_ALERT, -1, data, 2)) >= 0) + if ( (ret = gnutls_send_int( state, GNUTLS_ALERT, -1, data, 2)) >= 0) return 0; else return ret; @@ -389,7 +401,6 @@ int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDesc */ /** * gnutls_send_appropriate_alert - This function sends an alert to the peer depending on the error code - * @cd: is a connection descriptor. * @state: is a &GNUTLS_STATE structure. * @err: is an integer * @@ -403,20 +414,20 @@ int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDesc * been sent to the peer. * **/ -int gnutls_send_appropriate_alert( SOCKET cd, GNUTLS_STATE state, int err) { +int gnutls_send_appropriate_alert( GNUTLS_STATE state, int err) { int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; switch (err) { /* send appropriate alert */ case GNUTLS_E_MAC_FAILED: - ret = gnutls_send_alert(cd, state, GNUTLS_FATAL, GNUTLS_BAD_RECORD_MAC); + ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_BAD_RECORD_MAC); break; case GNUTLS_E_DECRYPTION_FAILED: - ret = gnutls_send_alert(cd, state, GNUTLS_FATAL, GNUTLS_DECRYPTION_FAILED); + ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_DECRYPTION_FAILED); break; case GNUTLS_E_DECOMPRESSION_FAILED: - ret = gnutls_send_alert(cd, state, GNUTLS_FATAL, GNUTLS_DECOMPRESSION_FAILURE); + ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_DECOMPRESSION_FAILURE); break; case GNUTLS_E_ILLEGAL_PARAMETER: - ret = gnutls_send_alert(cd, state, GNUTLS_FATAL, GNUTLS_ILLEGAL_PARAMETER); + ret = gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_ILLEGAL_PARAMETER); break; } @@ -425,7 +436,6 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; /** * gnutls_bye - This function terminates the current TLS/SSL connection. - * @cd: is a connection descriptor. * @state: is a &GNUTLS_STATE structure. * @how: is an integer * @@ -444,7 +454,7 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; * This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED. * **/ -int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how) +int gnutls_bye( GNUTLS_STATE state, CloseRequest how) { int ret = 0, ret2 = 0; @@ -452,9 +462,9 @@ int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how) case STATE0: case STATE60: if (STATE==STATE60) { - ret = _gnutls_write_flush( cd, state); + ret = _gnutls_write_flush( state); } else { - ret = gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY); + ret = gnutls_send_alert( state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY); STATE = STATE60; } @@ -462,7 +472,7 @@ int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how) return ret; case STATE61: if ( how == GNUTLS_SHUT_RDWR && ret >= 0) { - ret2 = gnutls_recv_int(cd, state, GNUTLS_ALERT, -1, NULL, 0); + ret2 = gnutls_recv_int( state, GNUTLS_ALERT, -1, NULL, 0); if (ret2 >= 0) state->gnutls_internals.may_read = 1; } STATE = STATE61; @@ -489,7 +499,7 @@ int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how) * --nmav * */ -ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *_data, size_t sizeofdata) +ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *_data, size_t sizeofdata) { uint8 *cipher; int cipher_size; @@ -541,7 +551,7 @@ ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha * from the previous run. - probably interrupted. */ if (state->gnutls_internals.send_buffer.size > 0) { - ret = _gnutls_write_flush(cd, state); + ret = _gnutls_write_flush( state); if (ret > 0) cipher_size = ret; else cipher_size = 0; @@ -569,7 +579,7 @@ ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha return GNUTLS_E_RECORD_LIMIT_REACHED; } - ret = _gnutls_write_buffered(cd, state, cipher, cipher_size); + ret = _gnutls_write_buffered( state, cipher, cipher_size); } if ( ret != cipher_size) { @@ -609,7 +619,7 @@ ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha /* This function is to be called if the handshake was successfully * completed. This sends a Change Cipher Spec packet to the peer. */ -ssize_t _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state, int again) +ssize_t _gnutls_send_change_cipher_spec( GNUTLS_STATE state, int again) { opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC }; @@ -617,9 +627,9 @@ ssize_t _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state, int again _gnutls_log( "Record: Sent ChangeCipherSpec\n"); #endif if (again==0) - return gnutls_send_int( cd, state, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); + return gnutls_send_int( state, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); else { - return _gnutls_write_flush( cd, state); + return _gnutls_write_flush( state); } } @@ -644,7 +654,7 @@ static int _gnutls_check_recv_type( ContentType recv_type) { * send (if called by the user the Content is Userdata only) * It is intended to receive data, under the current state. */ -ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, HandshakeType htype, char *data, size_t sizeofdata) +ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, char *data, size_t sizeofdata) { uint8 *tmpdata; int tmplen; @@ -684,7 +694,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha /* if the buffer just got empty */ if (gnutls_get_data_buffer_size(type, state)==0) { - if ( (ret2=_gnutls_clear_peeked_data( cd, state)) < 0) { + if ( (ret2=_gnutls_clear_peeked_data( state)) < 0) { gnutls_assert(); return ret2; } @@ -696,7 +706,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha /* in order for GNUTLS_E_AGAIN to be returned the socket * must be set to non blocking mode */ - if ( (ret = _gnutls_read_buffered(cd, state, &headers, header_size, -1)) != header_size) { + if ( (ret = _gnutls_read_buffered( state, &headers, header_size, -1)) != header_size) { if (ret < 0 && gnutls_is_fatal_error(ret)==0) return ret; state->gnutls_internals.valid_connection = VALID_FALSE; @@ -761,7 +771,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha * we send them a close notify. * silently ignore that. */ - gnutls_send_alert(cd, state, GNUTLS_FATAL, GNUTLS_PROTOCOL_VERSION); + gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_PROTOCOL_VERSION); } state->gnutls_internals.resumable = RESUME_FALSE; return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; @@ -779,7 +789,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha #ifdef RECORD_DEBUG _gnutls_log( "Record: FATAL ERROR: Received packet with length: %d\n", length); #endif - gnutls_send_alert(cd, state, GNUTLS_FATAL, GNUTLS_RECORD_OVERFLOW); + gnutls_send_alert( state, GNUTLS_FATAL, GNUTLS_RECORD_OVERFLOW); state->gnutls_internals.valid_connection = VALID_FALSE; state->gnutls_internals.resumable = RESUME_FALSE; gnutls_assert(); @@ -788,7 +798,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha /* check if we have that data into buffer. */ - if ( (ret = _gnutls_read_buffered(cd, state, &recv_data, header_size+length, recv_type)) != length+header_size) { + if ( (ret = _gnutls_read_buffered( state, &recv_data, header_size+length, recv_type)) != length+header_size) { if (ret<0 && gnutls_is_fatal_error(ret)==0) return ret; state->gnutls_internals.valid_connection = VALID_FALSE; @@ -862,7 +872,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha * not call close(). */ if (type != GNUTLS_ALERT) - do ret=gnutls_bye( cd, state, GNUTLS_SHUT_WR); + do ret=gnutls_bye( state, GNUTLS_SHUT_WR); while(ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); gnutls_free(tmpdata); @@ -940,7 +950,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha /* if the buffer just got empty */ if (gnutls_get_data_buffer_size(type, state)==0) { - if ( (ret2 = _gnutls_clear_peeked_data( cd, state)) < 0) { + if ( (ret2 = _gnutls_clear_peeked_data( state)) < 0) { gnutls_assert(); return ret2; } @@ -950,7 +960,7 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha } else { if (recv_type == GNUTLS_HANDSHAKE) { /* we may get a hello request */ - ret = _gnutls_recv_hello_request( cd, state, tmpdata, tmplen); + ret = _gnutls_recv_hello_request( state, tmpdata, tmplen); } else { gnutls_assert(); ret = GNUTLS_E_UNEXPECTED_PACKET; @@ -1093,7 +1103,6 @@ AlertDescription gnutls_get_last_alert( GNUTLS_STATE state) { /** * gnutls_write - sends to the peer the specified data - * @cd: is a connection descriptor * @state: is a &GNUTLS_STATE structure. * @data: contains the data to send * @sizeofdata: is the length of the data @@ -1110,13 +1119,12 @@ AlertDescription gnutls_get_last_alert( GNUTLS_STATE state) { * Returns the number of bytes sent, or a negative error code. * **/ -ssize_t gnutls_write(SOCKET cd, GNUTLS_STATE state, const void *data, size_t sizeofdata) { - return gnutls_send_int( cd, state, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); +ssize_t gnutls_write( GNUTLS_STATE state, const void *data, size_t sizeofdata) { + return gnutls_send_int( state, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); } /** * gnutls_read - reads data from the TLS connection - * @cd: is a connection descriptor * @state: is a &GNUTLS_STATE structure. * @data: contains the data to send * @sizeofdata: is the length of the data @@ -1131,8 +1139,8 @@ ssize_t gnutls_write(SOCKET cd, GNUTLS_STATE state, const void *data, size_t siz * handshake. (only a client may receive this message) * **/ -ssize_t gnutls_read(SOCKET cd, GNUTLS_STATE state, void *data, size_t sizeofdata) { - return gnutls_recv_int( cd, state, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); +ssize_t gnutls_read( GNUTLS_STATE state, void *data, size_t sizeofdata) { + return gnutls_recv_int( state, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); } /** diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 517c3ea8c9..04ee6ab137 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -1,5 +1,5 @@ AlertDescription gnutls_get_last_alert( GNUTLS_STATE state); KXAlgorithm gnutls_get_current_kx( GNUTLS_STATE state); -ssize_t gnutls_send_int(SOCKET cd, GNUTLS_STATE state, ContentType type, HandshakeType htype, const void* data, size_t sizeofdata); -ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, HandshakeType, char* data, size_t sizeofdata); -ssize_t _gnutls_send_change_cipher_spec(SOCKET cd, GNUTLS_STATE state, int again); +ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void* data, size_t sizeofdata); +ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType, char* data, size_t sizeofdata); +ssize_t _gnutls_send_change_cipher_spec( GNUTLS_STATE state, int again); @@ -242,8 +242,9 @@ int main(int argc, char** argv) */ gnutls_ext_set_name_ind( state, GNUTLS_DNSNAME, "localhost"); + gnutls_set_transport_ptr( state, sd); do { - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); if (ret < 0) { @@ -268,7 +269,7 @@ int main(int argc, char** argv) printf("- Disconnecting\n"); do { - ret = gnutls_bye(sd, state, GNUTLS_SHUT_RDWR); + ret = gnutls_bye( state, GNUTLS_SHUT_RDWR); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); shutdown( sd, SHUT_WR); @@ -304,8 +305,10 @@ int main(int argc, char** argv) gnutls_set_current_session( state, session, session_size); free(session); #endif + + gnutls_set_transport_ptr( state, sd); do { - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); if (ret < 0) { @@ -348,7 +351,7 @@ int main(int argc, char** argv) if (FD_ISSET(sd, &rset)) { bzero(buffer, MAX_BUF+1); do { - ret = gnutls_read(sd, state, buffer, MAX_BUF); + ret = gnutls_read( state, buffer, MAX_BUF); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); /* remove new line */ @@ -366,7 +369,7 @@ int main(int argc, char** argv) printf("* Received alert [%d]\n", gnutls_get_last_alert(state)); if (ret==GNUTLS_E_REHANDSHAKE) { do { - ret = gnutls_handshake( sd, state); + ret = gnutls_handshake( state); } while( ret==GNUTLS_E_AGAIN || ret==GNUTLS_E_INTERRUPTED); if (ret==0) printf("* Rehandshake was performed\n"); else { @@ -387,19 +390,19 @@ int main(int argc, char** argv) if( fgets(buffer, MAX_BUF, stdin) == NULL) { do { - ret = gnutls_bye(sd, state, GNUTLS_SHUT_WR); + ret = gnutls_bye( state, GNUTLS_SHUT_WR); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); user_term = 1; continue; } do { - ret = gnutls_write( sd, state, buffer, strlen(buffer)); + ret = gnutls_write( state, buffer, strlen(buffer)); } while(ret==GNUTLS_E_AGAIN || ret==GNUTLS_E_INTERRUPTED); printf("- Sent: %d bytes\n", ret); } } - if (user_term!=0) do ret = gnutls_bye(sd, state, GNUTLS_SHUT_RDWR); + if (user_term!=0) do ret = gnutls_bye( state, GNUTLS_SHUT_RDWR); while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); shutdown( sd, SHUT_RDWR); /* no more receptions */ diff --git a/src/serv.c b/src/serv.c index c6efeb4c59..2daf33613a 100644 --- a/src/serv.c +++ b/src/serv.c @@ -214,7 +214,7 @@ void print_info(GNUTLS_STATE state) /* Creates html with the current state information. */ #define tmp2 &http_buffer[strlen(http_buffer)] -void peer_print_info(int cd, GNUTLS_STATE state) +void peer_print_info( GNUTLS_STATE state) { const char *tmp; unsigned char sesid[32]; @@ -283,7 +283,7 @@ void peer_print_info(int cd, GNUTLS_STATE state) /* actually something like readline. * if rnl!=1 then reads an http request in the form REQ\n\n */ -int read_request(int cd, GNUTLS_STATE state, char *data, int data_size, int rnl) +int read_request( GNUTLS_STATE state, char *data, int data_size, int rnl) { int n, rc, nl = 0; char c, *ptr, p1=0, p2=0; @@ -291,7 +291,7 @@ int read_request(int cd, GNUTLS_STATE state, char *data, int data_size, int rnl) ptr = data; for (n = 1; n < data_size; n++) { do { - rc = gnutls_read(cd, state, &c, 1); + rc = gnutls_read( state, &c, 1); } while( rc==GNUTLS_E_INTERRUPTED || rc==GNUTLS_E_AGAIN); if ( rc == 1) { @@ -416,8 +416,9 @@ int main(int argc, char **argv) sizeof(topbuf)), ntohs(sa_cli.sin_port)); + gnutls_set_transport_ptr( state, sd); do { - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); if (ret < 0) { @@ -435,7 +436,7 @@ int main(int argc, char **argv) i = 0; for (;;) { bzero(buffer, MAX_BUF + 1); - ret = read_request(sd, state, buffer, MAX_BUF, (http==0)?1:2); + ret = read_request( state, buffer, MAX_BUF, (http==0)?1:2); if (gnutls_is_fatal_error(ret) == 1 || ret == 0) { fflush(stdout); @@ -457,15 +458,15 @@ int main(int argc, char **argv) if (http == 0) { printf( "* Read %d bytes from client.\n", strlen(buffer)); do { - ret = gnutls_write(sd, state, buffer, strlen(buffer)); + ret = gnutls_write( state, buffer, strlen(buffer)); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); printf( "* Wrote %d bytes to client.\n", ret); } else { strcpy( http_buffer, HTTP_BEGIN); - peer_print_info(sd, state); + peer_print_info( state); strcat( http_buffer, HTTP_END); do { - ret = gnutls_write(sd, state, http_buffer, strlen(http_buffer)); + ret = gnutls_write( state, http_buffer, strlen(http_buffer)); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); printf("- Served request. Closing connection.\n"); @@ -476,14 +477,14 @@ int main(int argc, char **argv) #ifdef RENEGOTIATE if (i == 20) { do { - ret = gnutls_rehandshake(sd, state); + ret = gnutls_rehandshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); if (gnutls_get_last_alert(state)!=GNUTLS_NO_RENEGOTIATION) { printf("* Requesting rehandshake.\n"); /* continue handshake proccess */ do { - ret = gnutls_handshake(sd, state); + ret = gnutls_handshake( state); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); printf("* Rehandshake returned %d\n", ret); } @@ -498,7 +499,7 @@ int main(int argc, char **argv) } printf("\n"); do { - ret = gnutls_bye(sd, state, GNUTLS_SHUT_WR); + ret = gnutls_bye( state, GNUTLS_SHUT_WR); } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN); /* do not wait for * the peer to close the connection. |