diff options
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | lib/Makefile.am | 4 | ||||
-rw-r--r-- | lib/auth_rsa.c | 2 | ||||
-rw-r--r-- | lib/cert_b64.c | 2 | ||||
-rw-r--r-- | lib/crypt_bcrypt.c | 6 | ||||
-rw-r--r-- | lib/crypt_srpsha1.c | 2 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 36 | ||||
-rw-r--r-- | lib/gnutls_datum.h | 6 | ||||
-rw-r--r-- | lib/gnutls_global.c | 15 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 2 | ||||
-rw-r--r-- | lib/gnutls_hash_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 17 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 2 | ||||
-rw-r--r-- | src/serv.c | 2 |
14 files changed, 57 insertions, 46 deletions
@@ -1,3 +1,8 @@ +Version 0.2.0 +- Partial support for X509v3 Certificate extensions. +- Added Internal memory handlers +- Removed gnutls_x509_set_cn() + Version 0.1.9 (30/07/2001) - Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate) - SRP is updated to conform to the newest draft. diff --git a/lib/Makefile.am b/lib/Makefile.am index 09f77c84ab..a5ab36780a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -16,7 +16,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h pkcs1.asn pkix.asn \ cert_asn1.h cert_der.h gnutls_datum.h auth_x509.h gnutls_gcry.h \ ext_dnsname.h gnutls_pk.h gnutls_record.h gnutls_cert.h \ gnutls_privkey.h gnutls_constate.h gnutls_global.h cert_verify.h \ - gnutls_sig.h + gnutls_sig.h gnutls_mem.h lib_LTLIBRARIES = libgnutls.la libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \ gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \ @@ -29,7 +29,7 @@ libgnutls_la_SOURCES = gnutls_record.c gnutls_compress.c debug.c \ cert_ASN.y cert_asn1.c cert_der.c gnutls_datum.c auth_rsa.c \ gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c cert_verify.c\ gnutls_global.c gnutls_privkey.c gnutls_constate.c gnutls_anon_cred.c \ - gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c + gnutls_sig_check.c pkix_asn1_tab.c pkcs1_asn1_tab.c gnutls_mem.c libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 8fe746f037..d89debb23a 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -294,7 +294,7 @@ int gen_rsa_certificate(GNUTLS_KEY key, opaque ** data) int proc_rsa_client_kx(GNUTLS_KEY key, opaque * data, int data_size) { - gnutls_datum plaintext; + gnutls_sdatum plaintext; gnutls_datum ciphertext; int ret, dsize; diff --git a/lib/cert_b64.c b/lib/cert_b64.c index e2dce38f4d..0854eee795 100644 --- a/lib/cert_b64.c +++ b/lib/cert_b64.c @@ -356,10 +356,8 @@ int _gnutls_fbase64_decode( uint8 * data, int data_size, if ((ret = _gnutls_base64_decode( kdata, kdata_size, result)) < 0) { gnutls_assert(); - gnutls_free(kdata); return GNUTLS_E_PARSING_ERROR; } - gnutls_free(kdata); return ret; } diff --git a/lib/crypt_bcrypt.c b/lib/crypt_bcrypt.c index c435851a15..eb017f8466 100644 --- a/lib/crypt_bcrypt.c +++ b/lib/crypt_bcrypt.c @@ -575,7 +575,7 @@ static short _blf_ExpandKey(blf_ctx * c, const uint8 * key, short keybytes, static blf_ctx *_blf_init(uint8 * salt, const char *key, int key_len, int cost) { - blf_ctx *state = malloc(sizeof(blf_ctx)); + blf_ctx *state = gnutls_malloc(sizeof(blf_ctx)); uint32 i, rcost; rcost = (uint32) 1 << cost; /* 2^cost */ @@ -592,7 +592,7 @@ static blf_ctx *_blf_init(uint8 * salt, const char *key, int key_len, static void _blf_deinit(blf_ctx * ctx) { - free(ctx); + gnutls_free(ctx); } static const char magic[] = "$2$"; @@ -620,7 +620,7 @@ char *crypt_bcrypt(const char* username, const char *passwd, const char *salt, M if (passwd_len > 56) passwd_len = 56; - local_salt = malloc(salt_size + 1); + local_salt = gnutls_malloc(salt_size + 1); strcpy((char *) local_salt, salt); sp = index( local_salt, ':'); /* move to salt - after verifier */ diff --git a/lib/crypt_srpsha1.c b/lib/crypt_srpsha1.c index e94eeb0d7d..ddb4052fbe 100644 --- a/lib/crypt_srpsha1.c +++ b/lib/crypt_srpsha1.c @@ -51,7 +51,7 @@ char *crypt_srpsha1(const char *username, const char *passwd, gnutls_hash_deinit(h1, r1); - local_salt = malloc(salt_size + 1); + local_salt = gnutls_malloc(salt_size + 1); strcpy((char *) local_salt, salt); sp = index( local_salt, ':'); /* move to salt - after verifier */ diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 9dac868e05..66331682e5 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1051,7 +1051,13 @@ _gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, } tmp_ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite)); + if (tmp_ciphers==NULL) return GNUTLS_E_MEMORY_ERROR; + *ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite)); + if (*ciphers==NULL) { + gnutls_free(tmp_ciphers); + return GNUTLS_E_MEMORY_ERROR; + } for (i = 0; i < count; i++) { @@ -1122,22 +1128,31 @@ _gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, int _gnutls_supported_ciphersuites(GNUTLS_STATE state, - GNUTLS_CipherSuite ** ciphers) + GNUTLS_CipherSuite ** _ciphers) { int i, ret_count, j; int count = _gnutls_cipher_suite_count(); GNUTLS_CipherSuite *tmp_ciphers; + GNUTLS_CipherSuite* ciphers; + + *_ciphers = NULL; if (count == 0) { - *ciphers = NULL; return 0; } tmp_ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite)); - *ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite)); + if ( tmp_ciphers==NULL) + return GNUTLS_E_MEMORY_ERROR; + ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite)); + if ( ciphers==NULL) { + gnutls_free( tmp_ciphers); + return GNUTLS_E_MEMORY_ERROR; + } + for (i = 0; i < count; i++) { tmp_ciphers[i].CipherSuite[0] = cs_algorithms[i].id.CipherSuite[0]; @@ -1161,26 +1176,25 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state, < 0) continue; - (*ciphers)[j].CipherSuite[0] = - tmp_ciphers[i].CipherSuite[0]; - (*ciphers)[j].CipherSuite[1] = - tmp_ciphers[i].CipherSuite[1]; + ciphers[j].CipherSuite[0] = tmp_ciphers[i].CipherSuite[0]; + ciphers[j].CipherSuite[1] = tmp_ciphers[i].CipherSuite[1]; j++; } ret_count = j; if (ret_count > 0 && ret_count != count) { - *ciphers = - gnutls_realloc(*ciphers, + ciphers = + gnutls_realloc(ciphers, ret_count * sizeof(GNUTLS_CipherSuite)); } else { if (ret_count != count) { - gnutls_free(*ciphers); - *ciphers = NULL; + gnutls_free(ciphers); + ciphers = NULL; } } + *_ciphers = ciphers; gnutls_free(tmp_ciphers); return ret_count; } diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h index 9d04cfea4b..4280b191e5 100644 --- a/lib/gnutls_datum.h +++ b/lib/gnutls_datum.h @@ -3,8 +3,10 @@ void WRITEdatum24( opaque* dest, gnutls_datum dat); void WRITEdatum32( opaque* dest, gnutls_datum dat); void WRITEdatum8( opaque* dest, gnutls_datum dat); +typedef gnutls_datum gnutls_sdatum; + int gnutls_set_datum( gnutls_datum* dat, const void* data, int data_size); /* uses secure_malloc */ -int gnutls_sset_datum( gnutls_datum* dat, const void* data, int data_size); +int gnutls_sset_datum( gnutls_sdatum* dat, const void* data, int data_size); void gnutls_free_datum( gnutls_datum* dat); -void gnutls_sfree_datum( gnutls_datum* dat); +void gnutls_sfree_datum( gnutls_sdatum* dat); diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 4b0e70851b..4bd10e3237 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -61,6 +61,8 @@ node_asn* _gnutls_get_pkcs() { * a front end to this function. This function should be * called once and after gnutls_global_init(). * + * RECV_FUNC is of the form: + * ssize_t (*RECV_FUNC)(SOCKET, void*, size_t,int); **/ void gnutls_global_set_recv_func( RECV_FUNC recv_func) { _gnutls_recv_func = recv_func; @@ -76,6 +78,9 @@ void gnutls_global_set_recv_func( RECV_FUNC recv_func) { * some external library (like gnu pthreads), which provide * a front end to this function. This function should be * called once and after gnutls_global_init(). + * + * SEND_FUNC is of the form: + * ssize_t (*SEND_FUNC)(SOCKET, const void*, size_t,int); **/ void gnutls_global_set_send_func( SEND_FUNC send_func) { _gnutls_send_func = send_func; @@ -89,14 +94,14 @@ void gnutls_global_set_send_func( SEND_FUNC send_func) { * is going to use. This function only accepts a character array. * Normaly you may not use this function since * it is only used for debugging reasons. + * + * LOG_FUNC is of the form: + * void (*LOG_FUNC)( const char*); **/ void gnutls_global_set_log_func( LOG_FUNC log_func) { _gnutls_log_func = log_func; } -int gnutls_is_secure_memory(const void* mem) { - return 0; -} /* default logging function */ static void dlog( const char* str) { @@ -119,7 +124,7 @@ int gnutls_global_init() int result; /* for gcrypt in order to be able to allocate memory */ - gcry_set_allocation_handler(gnutls_malloc, secure_malloc, gnutls_is_secure_memory, gnutls_realloc, free); + gcry_set_allocation_handler(gnutls_malloc, secure_malloc, _gnutls_is_secure_memory, gnutls_realloc, gnutls_free); /* we need this */ #ifdef HAVE_SIGNAL @@ -130,7 +135,7 @@ int gnutls_global_init() */ _gnutls_recv_func = recv; _gnutls_send_func = send; - _gnutls_log_func = dlog; + gnutls_global_set_log_func( dlog); /* initialize parser * This should not deal with files in the final diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index c8ba0eb513..dacfdc2d00 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -404,7 +404,7 @@ static void ssl3_md5(int i, char *secret, int secret_len, char *random, } -void *gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, +svoid *gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes) { int size = 0, i = 0; diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index be368331db..be1066c4d4 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -60,7 +60,7 @@ int gnutls_hash_get_algo_len(MACAlgorithm algorithm); int gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, int textlen); void gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void* digest); -void *gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes); +svoid *gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes); GNUTLS_MAC_HANDLE gnutls_mac_init_ssl3_handshake(MACAlgorithm algorithm, void *key, int keylen); void gnutls_mac_deinit_ssl3_handshake(GNUTLS_MAC_HANDLE handle, void* digest); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 3f13411865..6f70e261c1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -29,10 +29,10 @@ #define WRITE_DEBUG #define HARD_DEBUG #define BUFFERS_DEBUG -#define RECORD_DEBUG*/ #define HANDSHAKE_DEBUG +#define RECORD_DEBUG #define DEBUG - +*/ #define SOCKET int #define LIST ... @@ -78,18 +78,7 @@ # include <gnutls_gcry.h> #endif -/* these are to be implemented - */ -#define svoid void /* for functions that allocate using secure_free */ -#define secure_free gnutls_free -#define secure_malloc malloc -#define secure_realloc realloc -#define secure_calloc calloc -#define gnutls_malloc malloc -#define gnutls_realloc realloc -#define gnutls_calloc calloc -#define gnutls_free free -#define gnutls_strdup strdup +#include <gnutls_mem.h> #define DECR_LEN(len, x) len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 53d93ac08d..4c957a63cb 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -109,7 +109,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, * pkey is the private key and n the modulus. */ -int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext, +int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, gnutls_datum ciphertext, MPI pkey, MPI n, int btype) { int k, esize, i, ret; diff --git a/src/serv.c b/src/serv.c index 524fbb0529..11d1cafdd9 100644 --- a/src/serv.c +++ b/src/serv.c @@ -94,8 +94,6 @@ GNUTLS_STATE initialize_state() */ gnutls_set_cipher_priority(state, GNUTLS_NULL_CIPHER, GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, GNUTLS_ARCFOUR, 0); - gnutls_set_cipher_priority(state, GNUTLS_NULL_CIPHER, - GNUTLS_RIJNDAEL_CBC, GNUTLS_3DES_CBC, 0); gnutls_set_compression_priority(state, GNUTLS_ZLIB, GNUTLS_NULL_COMPRESSION, 0); gnutls_set_kx_priority(state, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA, GNUTLS_KX_SRP, GNUTLS_KX_DH_ANON, 0); |