diff options
-rw-r--r-- | doc/HACKING | 8 | ||||
-rw-r--r-- | lib/gnutls.c | 27 | ||||
-rw-r--r-- | lib/gnutls.h | 11 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 27 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 8 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 22 | ||||
-rw-r--r-- | lib/gnutls_hash_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_int.h | 16 | ||||
-rw-r--r-- | lib/gnutls_kx.c | 4 | ||||
-rw-r--r-- | src/cli.c | 4 |
10 files changed, 59 insertions, 72 deletions
diff --git a/doc/HACKING b/doc/HACKING index 177162fb9e..d7ae72ee61 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -1,7 +1,7 @@ [ this is mostly outdated... you should check the mailing list archives ] [ at http://lists.gnupg.org for more information on new functions. sorry ] -Last update: 26 Oct 2000 +Last update: 15 Nov 2000 (The functions which are prefixed by '_' are internal functions, not intended @@ -62,7 +62,11 @@ gnutls_set_kx_priority( ...) be used in the handshake. eg: gnutls_set_kx_priority( 1, GNUTLS_KX_ANON_DH); - +void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version); + sets the current version to the one specified. GNUTLS_Version has three + fields. Local is used for TLS versions that do not support the standard + 2 byte version. It is zero for TLS 1.0 (3.1). If local is 0 Major and Minor + are used as in TLS. HANDSHAKE FUNCTIONS: diff --git a/lib/gnutls.c b/lib/gnutls.c index 147f8714fc..df95fd1a67 100644 --- a/lib/gnutls.c +++ b/lib/gnutls.c @@ -51,10 +51,10 @@ GNUTLS_Version ver; return ver; } -void gnutls_set_current_version(GNUTLS_STATE state, int local, int major, int minor) { - state->connection_state.version.local = local; - state->connection_state.version.major = major; - state->connection_state.version.minor = minor; +void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version) { + state->connection_state.version.local = version.local; + state->connection_state.version.major = version.major; + state->connection_state.version.minor = version.minor; } int gnutls_is_secure_memory(const void* mem) { @@ -98,7 +98,7 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end) (*state)->gnutls_internals.client_hash = 0; (*state)->gnutls_internals.resumable = RESUME_TRUE; - gnutls_set_current_version ( (*state), 0, GNUTLS_DEFAULT_VERSION_MAJOR, GNUTLS_DEFAULT_VERSION_MINOR); + gnutls_set_current_version ( (*state), GNUTLS_TLS1); /* default */ (*state)->gnutls_internals.KEY = NULL; (*state)->gnutls_internals.client_Y = NULL; @@ -146,7 +146,7 @@ int gnutls_deinit(GNUTLS_STATE * state) } -void *_gnutls_cal_PRF_A(GNUTLS_STATE state, MACAlgorithm algorithm, void *secret, int secret_size, void *seed, int seed_size) +static void *_gnutls_cal_PRF_A( MACAlgorithm algorithm, void *secret, int secret_size, void *seed, int seed_size) { GNUTLS_MAC_HANDLE td1; @@ -159,7 +159,7 @@ void *_gnutls_cal_PRF_A(GNUTLS_STATE state, MACAlgorithm algorithm, void *secret /* Produces "total_bytes" bytes using the hash algorithm specified. * (used in the PRF function) */ -svoid *gnutls_P_hash(GNUTLS_STATE state, MACAlgorithm algorithm, opaque * secret, int secret_size, opaque * seed, int seed_size, int total_bytes) +static svoid *gnutls_P_hash( MACAlgorithm algorithm, opaque * secret, int secret_size, opaque * seed, int seed_size, int total_bytes) { GNUTLS_MAC_HANDLE td2; @@ -185,7 +185,7 @@ svoid *gnutls_P_hash(GNUTLS_STATE state, MACAlgorithm algorithm, opaque * secret td2 = gnutls_hmac_init(algorithm, secret, secret_size); /* here we calculate A(i+1) */ - Atmp = _gnutls_cal_PRF_A(state, algorithm, secret, secret_size, A, A_size); + Atmp = _gnutls_cal_PRF_A( algorithm, secret, secret_size, A, A_size); A_size = blocksize; gnutls_free(A); A = Atmp; @@ -213,7 +213,7 @@ svoid *gnutls_P_hash(GNUTLS_STATE state, MACAlgorithm algorithm, opaque * secret /* The PRF function expands a given secret * needed by the TLS specification */ -svoid *gnutls_PRF(GNUTLS_STATE state, opaque * secret, int secret_size, uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes) +svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes) { int l_s, i, s_seed_size; char *o1, *o2; @@ -234,8 +234,8 @@ svoid *gnutls_PRF(GNUTLS_STATE state, opaque * secret, int secret_size, uint8 * l_s++; } - o1 = gnutls_P_hash(state, GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, total_bytes); - o2 = gnutls_P_hash(state, GNUTLS_MAC_SHA, s2, l_s, s_seed, s_seed_size, total_bytes); + o1 = gnutls_P_hash( GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, total_bytes); + o2 = gnutls_P_hash( GNUTLS_MAC_SHA, s2, l_s, s_seed, s_seed_size, total_bytes); gnutls_free(s_seed); @@ -271,7 +271,7 @@ int _gnutls_set_keys(GNUTLS_STATE state) memmove(&random[32], state->security_parameters.client_random, 32); key_block = - gnutls_PRF(state, state->security_parameters.master_secret, 48, + gnutls_PRF( state->security_parameters.master_secret, 48, keyexp, strlen(keyexp), random, 64, 2 * hash_size + 2 * key_size + 2 * IV_size); state->cipher_specs.client_write_mac_secret = secure_malloc(hash_size); @@ -617,7 +617,8 @@ ssize_t gnutls_recv_int(int cd, GNUTLS_STATE state, ContentType type, char *data gnutls_assert(); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } else { - gnutls_set_current_version(state, 0, gcipher.version.major, gcipher.version.minor); + GNUTLS_Version ver = { 0, gcipher.version.major, gcipher.version.minor }; + gnutls_set_current_version(state, ver); } if (Read(cd, &gcipher.length, 2) != 2) { diff --git a/lib/gnutls.h b/lib/gnutls.h index 6e71e32b0e..fba8ac3c5c 100644 --- a/lib/gnutls.h +++ b/lib/gnutls.h @@ -31,6 +31,15 @@ typedef enum CompressionMethod CompressionMethod; enum ConnectionEnd { GNUTLS_SERVER, GNUTLS_CLIENT }; typedef enum ConnectionEnd ConnectionEnd; +typedef struct { + unsigned char local; + unsigned char major; + unsigned char minor; +} GNUTLS_Version; +extern GNUTLS_Version GNUTLS_TLS1; +extern GNUTLS_Version GNUTLS_SSL3; + + struct GNUTLS_STATE_INT; typedef struct GNUTLS_STATE_INT* GNUTLS_STATE; @@ -53,7 +62,7 @@ void gnutls_set_kx_priority( int num, ...); void gnutls_set_mac_priority( int num, ...); /* set our version - local is 0x00 for TLS 1.0 and SSL3 */ -void gnutls_set_current_version(GNUTLS_STATE state, int local, int major, int minor); +void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); #define GNUTLS_E_MAC_FAILED -1 #define GNUTLS_E_UNKNOWN_CIPHER -2 diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index fc9b1e4f1e..3d797d678f 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -23,23 +23,19 @@ #include "gnutls_algorithms.h" /* TLS Versions */ -#define GNUTLS_VERSION_ENTRY( name, supported) \ - { #name, name, supported } typedef struct { char *name; - GNUTLS_Version id; + GNUTLS_Version *id; int supported; /* 0 not supported, > 0 is supported */ } gnutls_version_entry; -#define GNUTLS_SSLv3 { 0, 3, 0 } -#define GNUTLS_WTLS1 { 1, 1, 0 } -#define GNUTLS_TLS1 { 0, 3, 1 } +GNUTLS_Version GNUTLS_TLS1 = {0, 3, 1}; +GNUTLS_Version GNUTLS_SSL3 = {0, 3, 0}; static gnutls_version_entry sup_versions[] = { - GNUTLS_VERSION_ENTRY(GNUTLS_SSLv3, 0), - GNUTLS_VERSION_ENTRY(GNUTLS_WTLS1, 0), - GNUTLS_VERSION_ENTRY(GNUTLS_TLS1, 1), + { "SSL3", &GNUTLS_SSL3, 0 }, + { "TLS1", &GNUTLS_TLS1, 1 }, {0} }; @@ -48,8 +44,7 @@ static gnutls_version_entry sup_versions[] = { for(p = sup_versions; p->name != NULL; p++) { b ; } #define GNUTLS_VERSION_ALG_LOOP(a) \ - GNUTLS_VERSION_LOOP( if( memcmp( &p->id, &version, 2)==0) { a; break; } ) - + GNUTLS_VERSION_LOOP( if( (p->id->local == version.local)&&(p->id->major == version.major)&&(p->id->minor == version.minor) ) { a; break; } ) #define GNUTLS_CIPHER_ENTRY(name, blksize, keysize, block, iv, priority) \ @@ -213,8 +208,7 @@ static gnutls_cipher_suite_entry cs_algorithms[] = { for(p = cs_algorithms; p->name != NULL; p++) { b ; } #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \ - GNUTLS_CIPHER_SUITE_LOOP( if( memcmp( &p->id, &suite, 2)==0) { a; break; } ) - + GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.CipherSuite[0] == suite.CipherSuite[0]) && (p->id.CipherSuite[1] == suite.CipherSuite[1])) { a; break; } ) @@ -527,13 +521,6 @@ int _gnutls_version_cmp(GNUTLS_Version ver1, GNUTLS_Version ver2) { return 0; } -int _gnutls_version_ssl3(GNUTLS_Version ver) { - if (ver.major!=3) return 1; - if (ver.minor!=0) return 1; - if (ver.local!=0) return 1; - return 0; -} - int _gnutls_version_is_supported(const GNUTLS_Version version) { size_t ret = 0; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index b2490ceb37..c12f6d440a 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -63,7 +63,7 @@ int _gnutls_send_finished(int cd, GNUTLS_STATE state) state->gnutls_internals.client_md_sha1, 20); data = - gnutls_PRF(state, state->security_parameters.master_secret, + gnutls_PRF( state->security_parameters.master_secret, 48, CLIENT_MSG, strlen(CLIENT_MSG), concat, 36, 12); } else { /* server */ @@ -72,7 +72,7 @@ int _gnutls_send_finished(int cd, GNUTLS_STATE state) state->gnutls_internals.server_md_sha1, 20); data = - gnutls_PRF(state, state->security_parameters.master_secret, + gnutls_PRF( state->security_parameters.master_secret, 48, SERVER_MSG, strlen(SERVER_MSG), concat, 36, 12); } @@ -111,7 +111,7 @@ int _gnutls_recv_finished(int cd, GNUTLS_STATE state) state->gnutls_internals.server_md_sha1, 20); data = - gnutls_PRF(state, state->security_parameters.master_secret, + gnutls_PRF( state->security_parameters.master_secret, 48, SERVER_MSG, strlen(SERVER_MSG), concat, 36, 12); } else { /* server */ @@ -120,7 +120,7 @@ int _gnutls_recv_finished(int cd, GNUTLS_STATE state) state->gnutls_internals.client_md_sha1, 20); data = - gnutls_PRF(state, state->security_parameters.master_secret, + gnutls_PRF( state->security_parameters.master_secret, 48, CLIENT_MSG, strlen(CLIENT_MSG), concat, 36, 12); } diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index a0a9c1b9f1..787ad8e49e 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -116,7 +116,7 @@ char* ret; } -GNUTLS_MAC_HANDLE _gnutls_hmac_init( MACAlgorithm algorithm, char* key, int keylen, int dp) { +GNUTLS_MAC_HANDLE gnutls_hmac_init( MACAlgorithm algorithm, char* key, int keylen) { GNUTLS_MAC_HANDLE ret; switch (algorithm) { @@ -125,11 +125,7 @@ GNUTLS_MAC_HANDLE ret; break; case GNUTLS_MAC_SHA: #ifdef USE_MHASH - if (dp==0) { - ret = mhash_hmac_init( MHASH_SHA1, key, keylen, 0); - } else { - ret = mhash_hmac_init_dp( MHASH_SHA1, key, keylen, 0); - } + ret = mhash_hmac_init( MHASH_SHA1, key, keylen, 0); #else ret = gcry_md_open( GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); #endif @@ -137,11 +133,7 @@ GNUTLS_MAC_HANDLE ret; break; case GNUTLS_MAC_MD5: #ifdef USE_MHASH - if (dp==0) { - ret = mhash_hmac_init( MHASH_MD5, key, keylen, 0); - } else { - ret = mhash_hmac_init_dp( MHASH_MD5, key, keylen, 0); - } + ret = mhash_hmac_init( MHASH_MD5, key, keylen, 0); #else ret = gcry_md_open( GCRY_MD_MD5, GCRY_MD_FLAG_HMAC); #endif @@ -197,17 +189,13 @@ int gnutls_hmac(GNUTLS_MAC_HANDLE handle, void* text, int textlen) { } -void* _gnutls_hmac_deinit( GNUTLS_MAC_HANDLE handle, int dp) { +void* gnutls_hmac_deinit( GNUTLS_MAC_HANDLE handle) { char* mac; int maclen; char* ret; #ifdef USE_MHASH - if (dp==0) { - ret = mhash_hmac_end(handle); - } else { - ret = mhash_hmac_end_dp(handle); - } + ret = mhash_hmac_end(handle); #else maclen = gcry_md_get_algo_dlen(gcry_md_get_algo(handle)); ret = gnutls_malloc( maclen); diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 4b73696cb9..7beb5d0704 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -21,10 +21,10 @@ #define GNUTLS_HASH_FAILED NULL #define GNUTLS_MAC_FAILED NULL -GNUTLS_MAC_HANDLE _gnutls_hmac_init( MACAlgorithm algorithm, char* key, int keylen, int dp); +GNUTLS_MAC_HANDLE gnutls_hmac_init( MACAlgorithm algorithm, char* key, int keylen); int gnutls_hmac_get_algo_len(MACAlgorithm algorithm); int gnutls_hmac(GNUTLS_HASH_HANDLE handle, void* text, int textlen); -void* _gnutls_hmac_deinit( GNUTLS_HASH_HANDLE handle, int dp); +void* gnutls_hmac_deinit( GNUTLS_HASH_HANDLE handle); GNUTLS_HASH_HANDLE gnutls_hash_init(MACAlgorithm algorithm); int gnutls_hash_get_algo_len(MACAlgorithm algorithm); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 430880e2f3..2b151ff41f 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -140,6 +140,9 @@ typedef struct { uint8 minor; } GNUTLS_Version; +extern GNUTLS_Version GNUTLS_TLS1; +extern GNUTLS_Version GNUTLS_SSL3; + typedef struct { GNUTLS_Version version; opaque* read_compression_state; @@ -285,24 +288,17 @@ typedef struct { /* functions */ int _gnutls_send_alert( int cd, GNUTLS_STATE state, AlertLevel level, AlertDescription desc); int gnutls_close(int cd, GNUTLS_STATE state); -svoid *gnutls_PRF(GNUTLS_STATE state, opaque * secret, int secret_size, uint8 * label, +svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes); int _gnutls_valid_version( GNUTLS_STATE state, int major, int minor); -void gnutls_set_current_version(GNUTLS_STATE state, int local, int major, int minor); +void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); GNUTLS_Version gnutls_get_current_version(GNUTLS_STATE state); int _gnutls_set_keys(GNUTLS_STATE state); ssize_t gnutls_send_int(int cd, GNUTLS_STATE state, ContentType type, char* data, size_t sizeofdata); ssize_t gnutls_recv_int(int cd, GNUTLS_STATE state, ContentType type, char* data, size_t sizeofdata); int _gnutls_send_change_cipher_spec(int cd, GNUTLS_STATE state); int _gnutls_version_cmp(GNUTLS_Version ver1, GNUTLS_Version ver2); -int _gnutls_version_ssl3(GNUTLS_Version ver); - -#define gnutls_hmac_init(x,y,z) _gnutls_version_ssl3(state->connection_state.version) ? \ - _gnutls_hmac_init(x,y,z,1) : \ - _gnutls_hmac_init(x,y,z,0) -#define gnutls_hmac_deinit(x) _gnutls_version_ssl3(state->connection_state.version) ? \ - _gnutls_hmac_deinit(x,1) : \ - _gnutls_hmac_deinit(x,0) +#define _gnutls_version_ssl3(x) _gnutls_version_cmp(x, GNUTLS_SSL3) #endif /* GNUTLS_INT_H */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 73e9053ec4..b3dbd45e28 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -207,7 +207,7 @@ int _gnutls_send_client_kx_message(int cd, GNUTLS_STATE state) } master = - gnutls_PRF(state, premaster, premaster_size, + gnutls_PRF( premaster, premaster_size, MASTER_SECRET, strlen(MASTER_SECRET), random, 64, 48); secure_free(premaster); @@ -449,7 +449,7 @@ int _gnutls_recv_client_kx_message(int cd, GNUTLS_STATE state) } master = - gnutls_PRF(state, premaster, premaster_size, + gnutls_PRF( premaster, premaster_size, MASTER_SECRET, strlen(MASTER_SECRET), random, 64, 48); secure_free(premaster); #ifdef HARD_DEBUG @@ -56,7 +56,9 @@ int main() ERR(err, "connect"); gnutls_init(&state, GNUTLS_CLIENT); - gnutls_set_cipher_priority( 2, GNUTLS_3DES, GNUTLS_ARCFOUR); + gnutls_set_current_version( state, GNUTLS_TLS1); /* SSL3 */ + + gnutls_set_cipher_priority( 3, GNUTLS_ARCFOUR, GNUTLS_DES, GNUTLS_3DES); // gnutls_set_kx_priority( 1, GNUTLS_KX_ANON_DH); gnutls_set_kx_priority( 3, GNUTLS_KX_ANON_DH, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA); gnutls_set_mac_priority(2, GNUTLS_MAC_SHA, GNUTLS_MAC_MD5); |