diff options
-rw-r--r-- | lib/auth_anon.c | 14 | ||||
-rw-r--r-- | lib/auth_dhe_dss.c | 18 | ||||
-rw-r--r-- | lib/auth_srp.c | 24 | ||||
-rw-r--r-- | lib/gnutls.c | 14 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 16 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 27 | ||||
-rw-r--r-- | lib/gnutls_num.c | 45 | ||||
-rw-r--r-- | lib/gnutls_num.h | 5 | ||||
-rw-r--r-- | lib/gnutls_v2_compat.c | 4 |
9 files changed, 85 insertions, 82 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 5d6c80a4b2..579c858a41 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -48,7 +48,6 @@ MOD_AUTH_STRUCT anon_auth_struct = { int gen_anon_server_kx( GNUTLS_KEY key, opaque** data) { GNUTLS_MPI x, X, g, p; size_t n_X, n_g, n_p; - uint16 _n_X, _n_g, _n_p; uint8 *data_p; uint8 *data_g; uint8 *data_X; @@ -64,22 +63,19 @@ int gen_anon_server_kx( GNUTLS_KEY key, opaque** data) { gcry_mpi_print(GCRYMPI_FMT_USG, &data_p[2], &n_p, p); gnutls_mpi_release(p); - _n_p = CONVuint16( (uint16)n_p); - memmove(data_p, &_n_p, 2); + WRITEuint16( n_p, data_p); data_g = &data_p[2 + n_p]; gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, g); gnutls_mpi_release(g); - _n_g = CONVuint16( (uint16)n_g); - memmove(data_g, &_n_g, 2); + WRITEuint16( n_g, data_g); data_X = &data_g[2 + n_g]; gcry_mpi_print(GCRYMPI_FMT_USG, &data_X[2], &n_X, X); gnutls_mpi_release(X); - _n_X = CONVuint16( (uint16)n_X); - memmove(data_X, &_n_X, 2); + WRITEuint16( n_X, data_X); return n_p+n_g+n_X+6; } @@ -87,7 +83,6 @@ int gen_anon_server_kx( GNUTLS_KEY key, opaque** data) { int gen_anon_client_kx( GNUTLS_KEY key, opaque** data) { GNUTLS_MPI x, X; size_t n_X; -uint16 _n_X; X = _gnutls_calc_dh_secret(&x, key->client_g, key->client_p); @@ -100,8 +95,7 @@ uint16 _n_X; certificate */ gnutls_mpi_release(X); - _n_X = CONVuint16( (uint16)n_X); - memmove(&(*data)[0], &_n_X, 2); + WRITEuint16( n_X, &(*data)[0]); /* calculate the key after calculating the message */ key->KEY = _gnutls_calc_dh_key(key->client_Y, x, key->client_p); diff --git a/lib/auth_dhe_dss.c b/lib/auth_dhe_dss.c index 9b202c804c..2f7df74acc 100644 --- a/lib/auth_dhe_dss.c +++ b/lib/auth_dhe_dss.c @@ -18,7 +18,9 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -/* DHE_DSS is not really working. It is used as a template */ +/* DHE_DSS is not really working. It is used as a template + * (it may work BUT it does not check certificates) + */ #include <defines.h> #include "gnutls_int.h" @@ -56,7 +58,6 @@ MOD_AUTH_STRUCT dhe_dss_auth_struct = { int gen_dhe_dss_server_kx( GNUTLS_KEY key, opaque** data) { GNUTLS_MPI x, X, g, p; size_t n_X, n_g, n_p; - uint16 _n_X, _n_g, _n_p; uint8 *data_p; uint8 *data_g; uint8 *data_X; @@ -73,22 +74,19 @@ int gen_dhe_dss_server_kx( GNUTLS_KEY key, opaque** data) { gcry_mpi_print(GCRYMPI_FMT_USG, &data_p[2], &n_p, p); gnutls_mpi_release(p); - _n_p = CONVuint16((uint16)n_p); - memmove(data_p, &_n_p, 2); + WRITEuint16( n_p, data_p); data_g = &data_p[2 + n_p]; gcry_mpi_print(GCRYMPI_FMT_USG, &data_g[2], &n_g, g); gnutls_mpi_release(g); - _n_g = CONVuint16((uint16)n_g); - memmove(data_g, &_n_g, 2); + WRITEuint16( n_g, data_g); data_X = &data_g[2 + n_g]; gcry_mpi_print(GCRYMPI_FMT_USG, &data_X[2], &n_X, X); gnutls_mpi_release(X); - _n_X = CONVuint16((uint16)n_X); - memmove(data_X, &_n_X, 2); + WRITEuint16( n_X, data_X); ret = n_p+n_g+n_X+6; @@ -98,7 +96,6 @@ int gen_dhe_dss_server_kx( GNUTLS_KEY key, opaque** data) { int gen_dhe_dss_client_kx( GNUTLS_KEY key, opaque** data) { GNUTLS_MPI x, X; size_t n_X; -uint16 _n_X; X = _gnutls_calc_dh_secret(&x, key->client_g, key->client_p); @@ -111,8 +108,7 @@ uint16 _n_X; certificate */ gnutls_mpi_release(X); - _n_X = CONVuint16((uint16)n_X); - memmove(&(*data)[0], &_n_X, 2); + WRITEuint16( n_X, &(*data)[0]); /* calculate the key after calculating the message */ key->KEY = _gnutls_calc_dh_key(key->client_Y, x, key->client_p); diff --git a/lib/auth_srp.c b/lib/auth_srp.c index d8855116d2..ba513f5e49 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -65,8 +65,7 @@ MOD_AUTH_STRUCT srp_auth_struct = { /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number */ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data) { - size_t n_g, n_n; - uint16 _n_n, _n_g, _n_s; + size_t n_g, n_n, n_s; size_t ret; uint8 *data_n, *data_s; uint8 *data_g; @@ -121,8 +120,7 @@ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data) return GNUTLS_E_MPI_PRINT_FAILED; } - _n_g = CONVuint16( n_g); - memcpy(data_g, &_n_g, 2); + WRITEuint16( n_g, data_g); /* copy N (mod n) */ data_n = &data_g[2 + n_g]; @@ -132,16 +130,14 @@ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data) return GNUTLS_E_MPI_PRINT_FAILED; } - _n_n = CONVuint16( n_n); - memcpy(data_n, &_n_n, 2); + WRITEuint16( n_n, data_n); /* copy the salt */ data_s = &data_n[2 + n_n]; - _n_s = pwd_entry->salt_size; - memcpy(&data_s[2], pwd_entry->salt, _n_s); + n_s = pwd_entry->salt_size; + memcpy(&data_s[2], pwd_entry->salt, n_s); - _n_s = CONVuint16( _n_s); - memcpy(data_s, &_n_s, 2); + WRITEuint16( n_s, data_s); ret = n_g + n_n + pwd_entry->salt_size + 6 + 1; _gnutls_srp_clear_pwd_entry(pwd_entry); @@ -153,7 +149,6 @@ int gen_srp_server_kx(GNUTLS_KEY key, opaque ** data) int gen_srp_server_kx2(GNUTLS_KEY key, opaque ** data) { size_t n_b; - uint16 _n_b; uint8 *data_b; /* calculate: B = (v + g^b) % N */ @@ -169,8 +164,7 @@ int gen_srp_server_kx2(GNUTLS_KEY key, opaque ** data) if (gcry_mpi_print(GCRYMPI_FMT_USG, &data_b[2], &n_b, B)!=0) return GNUTLS_E_MPI_PRINT_FAILED; - _n_b = CONVuint16( n_b); - memcpy(data_b, &_n_b, 2); + WRITEuint16( n_b, data_b); /* calculate u */ key->u = _gnutls_calc_srp_u(B); @@ -192,7 +186,6 @@ int gen_srp_server_kx2(GNUTLS_KEY key, opaque ** data) int gen_srp_client_kx0(GNUTLS_KEY key, opaque ** data) { size_t n_a; - uint16 _n_a; uint8 *data_a; char *username; char *password; @@ -221,8 +214,7 @@ int gen_srp_client_kx0(GNUTLS_KEY key, opaque ** data) if (gcry_mpi_print(GCRYMPI_FMT_USG, &data_a[2], &n_a, A)!=0) return GNUTLS_E_MPI_PRINT_FAILED; - _n_a = CONVuint16( (uint16)n_a); - memcpy(data_a, &_n_a, 2); + WRITEuint16( n_a, data_a); return n_a + 2; } diff --git a/lib/gnutls.c b/lib/gnutls.c index a4175746b2..571b1ccdf6 100644 --- a/lib/gnutls.c +++ b/lib/gnutls.c @@ -414,7 +414,6 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, void *_dat int i, cipher_size; int ret = 0; int iterations; - uint16 length; int Size; uint8 headers[5]; uint8 *data=_data; @@ -446,9 +445,8 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, void *_dat cipher_size = _gnutls_encrypt( state, &data[i*Size], Size, &cipher, type); if (cipher_size <= 0) return cipher_size; /* error */ - length = CONVuint16( cipher_size); - - memmove( &headers[3], &length, sizeof(uint16)); + WRITEuint16( cipher_size, &headers[3]); + /* cipher does not have headers * and DOES have size for them */ @@ -474,9 +472,8 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, void *_dat cipher_size = _gnutls_encrypt( state, &data[i*Size], Size, &cipher, type); if (cipher_size<=0) return cipher_size; - length = CONVuint16( cipher_size); + WRITEuint16( cipher_size, &headers[3]); - memmove( &headers[3], &length, sizeof(uint16)); memmove( cipher, headers, HEADER_SIZE); cipher_size += HEADER_SIZE; @@ -502,7 +499,6 @@ ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, void *_dat */ ssize_t _gnutls_send_change_cipher_spec(int cd, GNUTLS_STATE state) { - uint16 length; int ret = 0; uint8 type=GNUTLS_CHANGE_CIPHER_SPEC; char data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC }; @@ -520,9 +516,7 @@ ssize_t _gnutls_send_change_cipher_spec(int cd, GNUTLS_STATE state) fprintf(stderr, "ChangeCipherSpec was sent\n"); #endif - length = CONVuint16( 1); - - memmove( &headers[3], &length, sizeof(uint16)); + WRITEuint16( 1, &headers[3]); if (_gnutls_Write(cd, headers, 5) != 5) { state->gnutls_internals.valid_connection = VALID_FALSE; diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 5025dcb159..026648afac 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -94,17 +94,15 @@ int pos=0; uint8 type; const opaque* sdata; int (*ext_func_recv)( GNUTLS_STATE, const opaque*, int); -uint16 size, next1; +uint16 size; if (data_size < 2) return 0; - memcpy( &next1, data, 2); - next = CONVuint16(next1); + next = READuint16( data); + pos+=2; if (data_size < next) return 0; - pos+=2; - do { next--; if (next < 0) return 0; memcpy( &type, &data[pos], 1); @@ -133,7 +131,6 @@ int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data) { int next, size; uint16 pos=0; opaque* sdata; -uint16 ssize; int (*ext_func_send)( GNUTLS_STATE, opaque**); @@ -150,9 +147,7 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**); (*data) = gnutls_realloc( (*data), pos+size+3); (*data)[pos++] = (uint8) next; /* set type */ - ssize = CONVuint16( (uint16)size); - - memcpy( &(*data)[pos], &ssize, 2); + WRITEuint16( size, &(*data)[pos]); pos+=2; memcpy( &(*data)[pos], sdata, size); @@ -165,8 +160,7 @@ int (*ext_func_send)( GNUTLS_STATE, opaque**); size = pos; pos-=2; /* remove the size of the size header! */ - pos = CONVuint16(pos); - memcpy( (*data), &pos, sizeof(uint16)); + WRITEuint16( pos, (*data)); if (size==2) { /* empty */ size = 0; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 4cda4ea2e5..29747e81ff 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -161,7 +161,6 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, int ret = 0; uint16 sizeOfSuites; GNUTLS_Version version; - time_t cur_time; char *rand; int len = datalen; int err; @@ -194,9 +193,8 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, pos += 32; /* generate server random value */ - cur_time = CONVuint32( (uint32)time(NULL)); + WRITEuint32( time(NULL), state->security_parameters.server_random); - memcpy(state->security_parameters.server_random, &cur_time, 4); rand = _gnutls_get_random(28, GNUTLS_STRONG_RANDOM); memcpy(&state->security_parameters.server_random[4], rand, 28); _gnutls_free_rand(rand); @@ -475,21 +473,17 @@ int _gnutls_send_handshake(int cd, GNUTLS_STATE state, void *i_data, { int ret; uint8 *data; - uint24 length24; uint32 datasize; int pos = 0; - datasize = CONVuint32( i_datasize); - - length24 = uint32touint24( datasize); + datasize = i_datasize; i_datasize += HANDSHAKE_HEADERS_SIZE; data = gnutls_malloc(i_datasize); memcpy(&data[pos++], &type, 1); - memcpy(&data[pos++], &length24.pint[0], 1); - memcpy(&data[pos++], &length24.pint[1], 1); - memcpy(&data[pos++], &length24.pint[2], 1); + WRITEuint24( datasize, &data[pos]); + pos+=3; if (i_datasize > 4) memcpy(&data[pos], i_data, i_datasize - 4); @@ -901,7 +895,6 @@ int _gnutls_send_hello(int cd, GNUTLS_STATE state) opaque *extdata; int extdatalen; uint8 z; - uint32 cur_time; int pos = 0; GNUTLS_CipherSuite *cipher_suites; uint8 *compression_methods; @@ -927,10 +920,7 @@ int _gnutls_send_hello(int cd, GNUTLS_STATE state) _gnutls_version_get_minor(state->connection_state. version); - cur_time = CONVuint32( (uint32)time(NULL)); - - memcpy(state->security_parameters.client_random, - &cur_time, 4); + WRITEuint32( time(NULL), state->security_parameters.client_random); rand = _gnutls_get_random(28, GNUTLS_STRONG_RANDOM); memcpy(&state->security_parameters.client_random[4], rand, @@ -954,12 +944,7 @@ int _gnutls_send_hello(int cd, GNUTLS_STATE state) &cipher_suites); x *= sizeof(uint16); /* in order to get bytes */ - x = CONVuint16( x); - - memcpy(&data[pos], &x, sizeof(uint16)); - - x = CONVuint16( x); - + WRITEuint16( x, &data[pos]); pos += sizeof(uint16); datalen += x; diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c index 1ca5126847..e4ed54b273 100644 --- a/lib/gnutls_num.c +++ b/lib/gnutls_num.c @@ -71,6 +71,21 @@ return res; } inline +void WRITEuint24( uint32 num, opaque* data) { +uint24 tmp; + +#ifndef WORDS_BIGENDIAN + num = byteswap32( num); +#endif + tmp = uint32touint24( num); + + data[0] = tmp.pint[0]; + data[1] = tmp.pint[1]; + data[2] = tmp.pint[2]; + return; +} + +inline uint32 READuint32( const opaque* data) { uint32 res; @@ -82,6 +97,16 @@ return res; } inline +void WRITEuint32( uint32 num, opaque* data) { + +#ifndef WORDS_BIGENDIAN + num = byteswap32( num); +#endif + memcpy( data, &num, sizeof(uint32)); + return; +} + +inline uint16 READuint16( const opaque* data) { uint16 res; memcpy( &res, data, sizeof(uint16)); @@ -92,6 +117,16 @@ return res; } inline +void WRITEuint16( uint16 num, opaque* data) { + +#ifndef WORDS_BIGENDIAN + num = byteswap16( num); +#endif + memcpy( data, &num, sizeof(uint16)); + return; +} + +inline uint32 CONVuint32( uint32 data) { #ifndef WORDS_BIGENDIAN return byteswap32( data); @@ -121,6 +156,16 @@ return res; } inline +void WRITEuint64( uint64 num, opaque* data) { + +#ifndef WORDS_BIGENDIAN + num = byteswap64( num); +#endif + memcpy( data, &num, sizeof(uint64)); + return; +} + +inline uint64 CONVuint64( uint64 data) { #ifndef WORDS_BIGENDIAN return byteswap64( data); diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h index 97da2f051b..12842f88fe 100644 --- a/lib/gnutls_num.h +++ b/lib/gnutls_num.h @@ -27,3 +27,8 @@ uint16 CONVuint16( uint16 data); uint16 READuint64( const opaque* data); uint32 CONVuint64( uint64 data); uint32 READuint24( const opaque* data); +void WRITEuint24( uint32 num, opaque* data); +void WRITEuint32( uint32 num, opaque* data); +void WRITEuint16( uint16 num, opaque* data); +void WRITEuint64( uint64 num, opaque* data); + diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 61119104fa..ac678ffd1b 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -109,7 +109,6 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, int ret = 0; uint16 sizeOfSuites; GNUTLS_Version version; - time_t cur_time; char *rand; int len = datalen; int err; @@ -214,9 +213,8 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, memcpy( state->security_parameters.client_random, &data[challenge > 32 ? (pos+challenge-32) : pos], challenge < 32 ? challenge : 32); /* generate server random value */ - cur_time = CONVuint32((uint32)time(NULL)); + WRITEuint32( time(NULL), state->security_parameters.server_random); - memmove(state->security_parameters.server_random, &cur_time, 4); rand = _gnutls_get_random(28, GNUTLS_STRONG_RANDOM); memmove(&state->security_parameters.server_random[4], rand, 28); _gnutls_free_rand(rand); |