diff options
35 files changed, 141 insertions, 34 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 7aa72f2619..16e53adb06 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -16,7 +16,13 @@ * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * */ + * + */ + +/* This file contains the Anonymous Diffie Hellman key exchange part of + * the anonymous authentication. The functions here are used in the + * handshake. + */ #include "gnutls_int.h" diff --git a/lib/auth_cert.c b/lib/auth_cert.c index f2c5b7a8c5..6448921abd 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -16,7 +16,12 @@ * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * */ + * + */ + +/* The certificate authentication functions which are needed in the handshake, + * and are common to RSA and DHE key exchange, are in this file. + */ #include <gnutls_int.h> #include "gnutls_auth_int.h" diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 62bfa09449..92abbe4d8e 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -16,8 +16,13 @@ * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * */ + * + */ +/* This file contains everything for the Ephemeral Diffie Hellman (DHE) + * key exchange. This is used in the handshake procedure of the certificate + * authentication. + */ #include "gnutls_int.h" #include "gnutls_auth_int.h" diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 3de7113a1d..5b9bfea96a 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -16,7 +16,12 @@ * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * */ + * + */ + +/* This file contains the RSA key exchange part of the certificate + * authentication. + */ #include "gnutls_int.h" #include "gnutls_auth_int.h" diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index d32b0109a6..dfa974ac96 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -19,6 +19,10 @@ * */ +/* This file contains the code the Certificate Type TLS extension. + * This extension is currently gnutls specific. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_num.h" diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c index 38e0dba6e3..2fccce533d 100644 --- a/lib/ext_max_record.c +++ b/lib/ext_max_record.c @@ -19,6 +19,9 @@ * */ +/* This file contains the code for the Max Record Size TLS extension. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_num.h" diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index fe6cc4cec7..eba4ae7bc8 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -19,13 +19,6 @@ * */ -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_num.h> -#include <gnutls_record.h> -#include <gnutls_buffers.h> -#include <gnutls_datum.h> - /* This is the only file that uses the berkeley sockets API. * * Also holds all the buffering code used in gnutls. @@ -51,6 +44,13 @@ * */ +#include <gnutls_int.h> +#include <gnutls_errors.h> +#include <gnutls_num.h> +#include <gnutls_record.h> +#include <gnutls_buffers.h> +#include <gnutls_datum.h> + #ifdef HAVE_ERRNO_H # include <errno.h> #endif diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index bcc16951f9..3b2525edd4 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -19,6 +19,10 @@ * */ +/* Some of the stuff needed for Certificate authentication is contained + * in this file. + */ + #include <gnutls_int.h> #include <gnutls_errors.h> #include <auth_cert.h> diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index 2740379354..cd226306ad 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -19,6 +19,10 @@ * */ +/* Some high level functions to be used in the record encryption are + * included here. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_compress.h" diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c index 589b38655e..cebc3d21ea 100644 --- a/lib/gnutls_compress.c +++ b/lib/gnutls_compress.c @@ -19,6 +19,10 @@ * */ +/* This file contains the functions which convert the TLS plaintext + * packet to TLS compressed packet. + */ + #include "gnutls_int.h" #include "gnutls_compress.h" #include "gnutls_errors.h" diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index ae4630c703..e8e9300d57 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -19,6 +19,10 @@ * */ +/* Functions that are supposed to run after the handshake procedure is + * finished. These functions activate the established security parameters. + */ + #include <gnutls_int.h> #include <gnutls_constate.h> #include <gnutls_errors.h> diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c index f8e5f38ed7..af9a3660bb 100644 --- a/lib/gnutls_datum.c +++ b/lib/gnutls_datum.c @@ -19,15 +19,16 @@ * */ +/* contains functions that make it easier to + * write vectors of <size|data>. The destination size + * should be preallocated (datum.size+(bits/8)) + */ + #include <gnutls_int.h> #include <gnutls_num.h> #include <gnutls_datum.h> #include <gnutls_errors.h> -/* contains functions that make it easier to - * write vectors of <size|data>. The destination size - * should be preallocated (datum.size+(bits/8)) - */ void _gnutls_write_datum16( opaque* dest, gnutls_datum dat) { _gnutls_write_uint16( dat.size, dest); diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index fd420595b5..14e1238439 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -19,9 +19,10 @@ * */ -/* This file contains functions that manipulate a database +/* This file contains functions that manipulate a database backend * for resumed sessions. */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_session.h" @@ -29,8 +30,6 @@ #include "debug.h" #include <gnutls_session_pack.h> -#define GNUTLS_DBNAME state->gnutls_internals.db_name - /** * gnutls_db_set_retrieve_function - Sets the function that will be used to get data * @state: is a &GNUTLS_STATE structure. @@ -210,7 +209,7 @@ gnutls_datum data; gnutls_datum key = { session_id, session_id_size }; int ret; - if (GNUTLS_DBNAME==NULL && _gnutls_db_func_is_ok(state)!=0) { + if (_gnutls_db_func_is_ok(state)!=0) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } @@ -254,7 +253,7 @@ int ret = 0; return GNUTLS_E_INVALID_SESSION; } - if (GNUTLS_DBNAME==NULL && _gnutls_db_func_is_ok(state)!=0) { + if (_gnutls_db_func_is_ok(state)!=0) { return GNUTLS_E_DB_ERROR; } @@ -300,7 +299,7 @@ int _gnutls_remove_session( GNUTLS_STATE state, gnutls_datum session_id) { int ret = 0; - if (GNUTLS_DBNAME==NULL && _gnutls_db_func_is_ok(state)!=0) { + if (_gnutls_db_func_is_ok(state)!=0) { return GNUTLS_E_DB_ERROR; } diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 37028d53e7..d95abb6e5b 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -19,6 +19,11 @@ * */ +/* Functions that relate to the TLS hello extension parsing. + * Hello extensions are packets appended in the TLS hello packet, and + * allow for extra functionality. + */ + #include "gnutls_int.h" #include "gnutls_extensions.h" #include "gnutls_errors.h" diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index c5a3c03bca..faea7d8e48 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -19,6 +19,9 @@ * */ +/* Functions that relate to the TLS handshake procedure. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_dh.h" diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index c12ee544d8..51eb9b985c 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -19,15 +19,15 @@ * */ -#include <gnutls_int.h> -#include <gnutls_hash_int.h> -#include <gnutls_errors.h> - /* This file handles all the internal functions that cope with hashes - * and hmacs. Currently it uses the functions provided by + * and HMACs. Currently it uses the functions provided by * the gcrypt library that this can be easily changed. */ +#include <gnutls_int.h> +#include <gnutls_hash_int.h> +#include <gnutls_errors.h> + GNUTLS_HASH_HANDLE _gnutls_hash_init(MACAlgorithm algorithm) { GNUTLS_MAC_HANDLE ret; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index b957da7e06..f5a72719ad 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -470,8 +470,6 @@ typedef struct { */ int have_peeked_data; - /* gdbm */ - char* db_name; int expire_time; /* after expire_time seconds this session will expire */ struct MOD_AUTH_STRUCT_INT* auth_struct; /* used in handshake packets and KX algorithms */ int v2_hello; /* 0 if the client hello is v3+. diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index f3afe38077..6570d5a458 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -19,6 +19,10 @@ * */ +/* This file contains functions which are wrappers for the key exchange + * part of TLS. They are called by the handshake functions (gnutls_handshake) + */ + #include "gnutls_int.h" #include "gnutls_handshake.h" #include "gnutls_kx.h" @@ -43,6 +47,8 @@ int _gnutls_generate_master( GNUTLS_STATE state) { return 0; } +/* here we generate the TLS Master secret. + */ #define PREMASTER state->gnutls_key->key static int generate_normal_master( GNUTLS_STATE state) { int ret = 0; diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 62595951bf..436a356ea3 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -19,6 +19,10 @@ * */ +/* Here lie everything that has to do with large numbers, libgcrypt and + * other stuff that didn't fit anywhere else. + */ + #include <gnutls_int.h> #include <libtasn1.h> #include <gnutls_errors.h> diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c index 8f165353d3..9925d6671a 100644 --- a/lib/gnutls_num.c +++ b/lib/gnutls_num.c @@ -19,6 +19,10 @@ * */ +/* This file contains the functions needed for 64 bit integer support in + * TLS, and functions which ease the access to TLS vectors (data of given size). + */ + #include <gnutls_int.h> #include <gnutls_num.h> #include <gnutls_errors.h> diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 28aa3da152..53af12d312 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -19,7 +19,8 @@ * */ -/* This file contains function for RSA/DSA etc. +/* This file contains the functions needed for RSA/DSA public key + * encryption and signatures. */ #include <gnutls_int.h> diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 246ad9be6b..a299dfd4d3 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -19,6 +19,9 @@ * */ +/* Here lies the code of the gnutls_*_set_priority() functions. + */ + #include "gnutls_int.h" #include "gnutls_algorithms.h" #include "gnutls_errors.h" diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index d3e34d013a..df78898e6d 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -19,6 +19,9 @@ * */ +/* This file contains functions needed to read DSA or RSA private keys + * from files, or memory. + */ #include <gnutls_int.h> #include <gnutls_errors.h> diff --git a/lib/gnutls_random.c b/lib/gnutls_random.c index 6c64c87aac..130e14f53f 100644 --- a/lib/gnutls_random.c +++ b/lib/gnutls_random.c @@ -19,6 +19,9 @@ * */ +/* Functions to return random bytes. + */ + #include <gnutls_int.h> #include <gnutls_random.h> #include <gnutls_errors.h> diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index e31119bb0a..72fb582331 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -19,6 +19,9 @@ * */ +/* Functions that are record layer specific, are included in this file. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "debug.h" diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index a8e5a71228..dd4ca6ab04 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -18,6 +18,11 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * */ + +/* Contains functions that are supposed to pack and unpack session data, + * before and after they are sent to the database backend. + */ + #include <gnutls_int.h> #include <auth_srp.h> #include <auth_anon.h> diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 3fc5756256..244111b57e 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -19,6 +19,10 @@ * */ +/* Functions to manipulate the state (gnutls_int.h), and some other stuff + * are included here. + */ + #include <gnutls_int.h> #include <gnutls_errors.h> #include <gnutls_auth_int.h> @@ -280,8 +284,6 @@ void _gnutls_deinit(GNUTLS_STATE state) state->gnutls_key = NULL; } - _gnutls_free(state->gnutls_internals.db_name); - memset( state, 0, sizeof(struct GNUTLS_STATE_INT)); gnutls_free(state); diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index 3e87691f95..d1a704dc2d 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -27,6 +27,8 @@ int _gnutls_dh_get_prime_bits( GNUTLS_STATE state); void gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); void _gnutls_handshake_internal_state_clear( GNUTLS_STATE); +int _gnutls_session_is_resumable( GNUTLS_STATE state); + int _gnutls_openpgp_send_fingerprint( GNUTLS_STATE state); int _gnutls_PRF( const opaque * secret, int secret_size, const uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes, void* ret); diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index a6894d1579..9bce05c51d 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -19,6 +19,10 @@ * */ +/* This file was intended to contains functions to be exported in the + * API and did not fit elsewhere. + */ + #include <gnutls_int.h> #include <auth_srp.h> #include <auth_anon.h> diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 3f6ab174af..32c473d343 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -19,6 +19,9 @@ * */ +/* Functions to parse the SSLv2.0 hello message. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_dh.h" diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 435b9b776c..71af0f30dc 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -19,6 +19,9 @@ * */ +/* Functions that relate to base64 encoding and decoding. + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include <gnutls_datum.h> diff --git a/lib/x509_extensions.c b/lib/x509_extensions.c index 175c30bea1..fc8eaa6255 100644 --- a/lib/x509_extensions.c +++ b/lib/x509_extensions.c @@ -19,6 +19,9 @@ * */ +/* Functions that relate to the X.509 extension parsing. + */ + #include <gnutls_int.h> #include <libtasn1.h> #include <gnutls_num.h> diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index 3987e7684a..b1982e65b8 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -19,6 +19,9 @@ * */ +/* Functions that relate to X.509 certificate signature checking. + */ + #include <gnutls_int.h> #include <gnutls_errors.h> #include <x509_b64.h> diff --git a/lib/x509_verify.c b/lib/x509_verify.c index c352b0aa5f..b1685079f4 100644 --- a/lib/x509_verify.c +++ b/lib/x509_verify.c @@ -19,6 +19,10 @@ * */ +/* All functions which relate to X.509 certificate verification stuff are + * included here + */ + #include "gnutls_int.h" #include "gnutls_errors.h" #include "gnutls_cert.h" diff --git a/lib/x509_xml.c b/lib/x509_xml.c index 9afa33cd0d..a8e1287664 100644 --- a/lib/x509_xml.c +++ b/lib/x509_xml.c @@ -19,6 +19,10 @@ */ +/* This file has the required functions to convert an X.509 DER certificate + * to XML format. + */ + #include <int.h> #include <errors.h> #include <structure.h> @@ -201,9 +205,6 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE structure, const char *name, &structure); ret = _gnutls_x509_expand_extensions( &structure, name); -//asn1_print_structure( stdout, structure, name, ASN1_PRINT_ALL); -//return 0; -//// p = root; while (p) { |