From 5e78e8f167091a9699247469232e9f67faf2d8a0 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 13 Mar 2004 09:14:35 +0000 Subject: * Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() and gnutls_x509_privkey_cpy(). --- NEWS | 2 ++ configure.in | 2 +- doc/tex/auth.tex | 7 +++++-- includes/gnutls/x509.h | 1 + lib/gnutls.h.in.in | 2 ++ lib/gnutls_anon_cred.c | 10 ++++++---- lib/gnutls_cert.c | 22 ++++++++++++---------- lib/gnutls_dh.h | 1 + lib/gnutls_dh_primes.c | 24 ++++++++++++++++++++++++ lib/gnutls_int.h | 14 +++++++++++--- lib/gnutls_rsa_export.c | 15 +++++++++++++++ lib/gnutls_rsa_export.h | 1 + lib/gnutls_state.c | 42 +++++++++++++++++++++++++++++++++--------- lib/gnutls_ui.h | 1 + lib/x509/privkey.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ lib/x509/privkey.h | 1 + 16 files changed, 161 insertions(+), 29 deletions(-) diff --git a/NEWS b/NEWS index 17c88233d5..66cdc83fee 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,8 @@ Version 1.1.7 - Added gnutls_certificate_set_params_function() and gnutls_anon_set_params_function() that set the RSA or DH parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). Version 1.1.6 (24/02/2004) - Several bug fixes, by Arne Thomassen. diff --git a/configure.in b/configure.in index c0b6d289e3..ac7c0ce165 100644 --- a/configure.in +++ b/configure.in @@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name]) dnl Gnutls Version GNUTLS_MAJOR_VERSION=1 GNUTLS_MINOR_VERSION=1 -GNUTLS_MICRO_VERSION=6 +GNUTLS_MICRO_VERSION=7 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls]) diff --git a/doc/tex/auth.tex b/doc/tex/auth.tex index ff303aca00..7e925ed62c 100644 --- a/doc/tex/auth.tex +++ b/doc/tex/auth.tex @@ -93,8 +93,8 @@ KX\_ANON\_DH & CRD\_ANON & CRD\_ANON Several parameters such as the ones used for Diffie-Hellman authentication are stored within the credentials structures, so all sessions can access -them. Those parameters are stored in structures such as {\bf gnutls_dh_params} -and {\bf gnutls_rsa_params}, and functions like +them. Those parameters are stored in structures such as {\bf gnutls\_dh\_params} +and {\bf gnutls\_rsa\_params}, and functions like \printfunc{gnutls_certificate_set_dh_params}{gnutls\_certificate\_set\_dh\_params} and \printfunc{gnutls_certificate_set_rsa_export_params}{gnutls\_certificate\_set\_rsa\_export\_params} @@ -128,6 +128,9 @@ static int get_params( gnutls_session session, gnutls_params_type type, else return -1; st->type = type; + /* do not deinitialize those parameters. + */ + st->deinit = 0; return 0; } diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index ab8346d3c9..75a6647cf4 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -311,6 +311,7 @@ typedef enum gnutls_pkcs_encrypt_flags { int gnutls_x509_privkey_init(gnutls_x509_privkey * key); void gnutls_x509_privkey_deinit(gnutls_x509_privkey key); +int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src); int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data, gnutls_x509_crt_fmt format); int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, const gnutls_datum * data, diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 3bd7d3cb32..c5682ea772 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -440,12 +440,14 @@ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params, gnutls_x509_crt_fmt format, unsigned char* params_data, size_t* params_data_size); int gnutls_dh_params_export_raw(gnutls_dh_params params, gnutls_datum * prime, gnutls_datum * generator, unsigned int *bits); +int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src); /* RSA params */ int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params); void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params); +int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src); int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params, const gnutls_datum *m, const gnutls_datum *e, const gnutls_datum *d, const gnutls_datum *p, diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index dbfc28c0aa..835c23ae18 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -59,18 +59,20 @@ gnutls_dh_params _gnutls_anon_get_dh_params(const gnutls_anon_server_credentials gnutls_params_st params; int ret; - if (session->internals.anon_dh_params) return session->internals.anon_dh_params; + if (session->internals.params.anon_dh_params) + return session->internals.params.anon_dh_params; if (sc->dh_params) { - session->internals.anon_dh_params = sc->dh_params; + session->internals.params.anon_dh_params = sc->dh_params; } else if (sc->params_func) { ret = sc->params_func( session, GNUTLS_PARAMS_DH, ¶ms); if (ret == 0 && params.type == GNUTLS_PARAMS_DH) { - session->internals.anon_dh_params = params.params.dh; + session->internals.params.anon_dh_params = params.params.dh; + session->internals.params.free_anon_dh_params = params.deinit; } } - return session->internals.anon_dh_params; + return session->internals.params.anon_dh_params; } /** diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 7c23a8ee71..67d1520da2 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -139,20 +139,21 @@ gnutls_dh_params _gnutls_certificate_get_dh_params(const gnutls_certificate_cred gnutls_params_st params; int ret; - if (session->internals.cert_dh_params) { - return session->internals.cert_dh_params; + if (session->internals.params.cert_dh_params) { + return session->internals.params.cert_dh_params; } if (sc->dh_params) { - session->internals.cert_dh_params = sc->dh_params; + session->internals.params.cert_dh_params = sc->dh_params; } else if (sc->params_func) { ret = sc->params_func( session, GNUTLS_PARAMS_DH, ¶ms); if (ret == 0 && params.type == GNUTLS_PARAMS_DH) { - session->internals.cert_dh_params = params.params.dh; + session->internals.params.cert_dh_params = params.params.dh; + session->internals.params.free_cert_dh_params = params.deinit; } } - return session->internals.cert_dh_params; + return session->internals.params.cert_dh_params; } /*- @@ -168,20 +169,21 @@ gnutls_rsa_params _gnutls_certificate_get_rsa_params(const gnutls_certificate_cr gnutls_params_st params; int ret; - if (session->internals.rsa_params) { - return session->internals.rsa_params; + if (session->internals.params.rsa_params) { + return session->internals.params.rsa_params; } if (sc->rsa_params) { - session->internals.rsa_params = sc->rsa_params; + session->internals.params.rsa_params = sc->rsa_params; } else if (sc->params_func) { ret = sc->params_func( session, GNUTLS_PARAMS_RSA_EXPORT, ¶ms); if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) { - session->internals.rsa_params = params.params.rsa_export; + session->internals.params.rsa_params = params.params.rsa_export; + session->internals.params.free_rsa_params = params.deinit; } } - return session->internals.rsa_params; + return session->internals.params.rsa_params; } diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index f556dbee56..3cf53c7881 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -22,3 +22,4 @@ const GNUTLS_MPI* _gnutls_get_dh_params(gnutls_dh_params); GNUTLS_MPI gnutls_calc_dh_secret( GNUTLS_MPI *ret_x, GNUTLS_MPI g, GNUTLS_MPI prime ); GNUTLS_MPI gnutls_calc_dh_key( GNUTLS_MPI f, GNUTLS_MPI x, GNUTLS_MPI prime ); int _gnutls_dh_generate_prime(GNUTLS_MPI *ret_g, GNUTLS_MPI* ret_n, uint bits); +void gnutls_dh_params_deinit(gnutls_dh_params dh_params); diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 785b0b1fdc..b91a1cae0d 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -204,6 +204,30 @@ void gnutls_dh_params_deinit(gnutls_dh_params dh_params) } +/** + * gnutls_dh_params_cpy - This function will copy a DH parameters structure + * @dst: Is the destination structure, which should be initialized. + * @src: Is the source structure + * + * This function will copy the DH parameters structure from source + * to destination. + * + **/ +int gnutls_dh_params_cpy(gnutls_dh_params dst, gnutls_dh_params src) +{ + if (src == NULL) + return GNUTLS_E_INVALID_REQUEST; + + dst->params[0] = _gnutls_mpi_copy(src->params[0]); + dst->params[1] = _gnutls_mpi_copy(src->params[1]); + + if (dst->params[0]==NULL || dst->params[1] == NULL) + return GNUTLS_E_MEMORY_ERROR; + + return 0; +} + + /** * gnutls_dh_params_generate2 - This function will generate new DH parameters * @params: Is the structure that the DH parameters will be stored diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index a1b67ec0be..09d9f6faba 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -443,12 +443,22 @@ typedef struct { #define gnutls_rsa_params gnutls_x509_privkey +typedef struct gnutls_internal_params { + gnutls_dh_params anon_dh_params; + int free_anon_dh_params; + gnutls_dh_params cert_dh_params; + int free_cert_dh_params; + gnutls_rsa_params rsa_params; + int free_rsa_params; +} gnutls_internal_params; + typedef struct gnutls_params_st { gnutls_params_type type; union params { gnutls_dh_params dh; gnutls_rsa_params rsa_export; } params; + int deinit; } gnutls_params_st; @@ -673,9 +683,7 @@ typedef struct { * credentials structure, or from a callback. That is to * minimize external calls. */ - gnutls_dh_params anon_dh_params; - gnutls_dh_params cert_dh_params; - gnutls_rsa_params rsa_params; + gnutls_internal_params params; /* If you add anything here, check _gnutls_handshake_internal_state_clear(). */ diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index 05e82535ef..fa1ed8b853 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -29,6 +29,7 @@ #include #include #include "x509/x509.h" +#include "x509/privkey.h" #include "debug.h" /* This function takes a number of bits and returns a supported @@ -201,6 +202,20 @@ void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params) gnutls_x509_privkey_deinit(rsa_params); } +/** + * gnutls_rsa_params_cpy - This function will copy an RSA parameters structure + * @dst: Is the destination structure, which should be initialized. + * @src: Is the source structure + * + * This function will copy the RSA parameters structure from source + * to destination. + * + **/ +int gnutls_rsa_params_cpy(gnutls_rsa_params dst, gnutls_rsa_params src) +{ + return gnutls_x509_privkey_cpy( dst, src); +} + /** * gnutls_rsa_params_generate2 - This function will generate temporary RSA parameters * @params: The structure where the parameters will be stored diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h index 57897d32bb..765610e1a7 100644 --- a/lib/gnutls_rsa_export.h +++ b/lib/gnutls_rsa_export.h @@ -21,4 +21,5 @@ const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params); int _gnutls_peers_cert_less_512( gnutls_session session); int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int* resarr_len, int bits); +void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params); diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index a9907a0060..a16172bbd1 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -40,13 +40,15 @@ #include #include #include +#include #define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \ gnutls_assert(); \ return ret; \ } -void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type ct) { +void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type ct) +{ session->security_parameters.cert_type = ct; } @@ -68,7 +70,8 @@ gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session) { * is by default X.509, unless it is negotiated as a TLS extension. * **/ -gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session) { +gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session) +{ return session->security_parameters.cert_type; } @@ -78,7 +81,8 @@ gnutls_certificate_type gnutls_certificate_type_get( gnutls_session session) { * * Returns the key exchange algorithm used in the last handshake. **/ -gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) { +gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) +{ return session->security_parameters.kx_algorithm; } @@ -88,7 +92,8 @@ gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) { * * Returns the currently used mac algorithm. **/ -gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) { +gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) +{ return session->security_parameters.read_mac_algorithm; } @@ -98,11 +103,14 @@ gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) { * * Returns the currently used compression method. **/ -gnutls_compression_method gnutls_compression_get( gnutls_session session) { +gnutls_compression_method gnutls_compression_get( gnutls_session session) +{ return session->security_parameters.read_compression_algorithm; } -int _gnutls_session_cert_type_supported( gnutls_session session, gnutls_certificate_type cert_type) { +int _gnutls_session_cert_type_supported( gnutls_session session, + gnutls_certificate_type cert_type) +{ uint i; if (session->internals.cert_type_priority.algorithms==0 && cert_type == @@ -118,6 +126,24 @@ uint i; return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } +/* this function deinitializes all the internal parameters stored + * in a session struct. + */ +inline +static void deinit_internal_params( gnutls_session session) +{ + if (session->internals.params.free_anon_dh_params) + gnutls_dh_params_deinit( session->internals.params.anon_dh_params); + + if (session->internals.params.free_cert_dh_params) + gnutls_dh_params_deinit( session->internals.params.cert_dh_params); + + if (session->internals.params.rsa_params) + gnutls_rsa_params_deinit( session->internals.params.rsa_params); + + memset( &session->internals.params, 0, sizeof( session->internals.params)); +} + /* This function will clear all the variables in internals * structure within the session, which depend on the current handshake. * This is used to allow further handshakes. @@ -147,9 +173,7 @@ void _gnutls_handshake_internal_state_clear( gnutls_session session) session->internals.resumable = RESUME_TRUE; - session->internals.anon_dh_params = NULL; - session->internals.cert_dh_params = NULL; - session->internals.rsa_params = NULL; + deinit_internal_params( session); } diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 8f8fb28c07..4e04e832d4 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -135,6 +135,7 @@ typedef struct gnutls_params_st { gnutls_dh_params dh; gnutls_rsa_params rsa_export; } params; + int deinit; } gnutls_params_st; typedef int gnutls_params_function(gnutls_session, gnutls_params_type, diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 4798e221dd..70fe0ddc64 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -82,6 +82,51 @@ int i; gnutls_free(key); } +/** + * gnutls_x509_privkey_cpy - This function copies a private key + * @dst: The destination key, which should be initialized. + * @src: The source key + * + * This function will copy a private key from source to destination key. + * + **/ +int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src) +{ +int i, ret; + + if (!src || !dst) return GNUTLS_E_INVALID_REQUEST; + + for (i = 0; i < src->params_size; i++) { + dst->params[i] = _gnutls_mpi_copy( src->params[i]); + if (dst->params[i] == NULL) return GNUTLS_E_MEMORY_ERROR; + } + + dst->params_size = src->params_size; + dst->pk_algorithm = src->pk_algorithm; + + switch( dst->pk_algorithm) { + case GNUTLS_PK_DSA: + ret = _encode_dsa( &dst->key, dst->params); + if (ret < 0) { + gnutls_assert(); + return ret; + } + break; + case GNUTLS_PK_RSA: + ret = _encode_rsa( &dst->key, dst->params); + if (ret < 0) { + gnutls_assert(); + return ret; + } + break; + default: + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + return 0; +} + /* Converts an RSA PKCS#1 key to * an internal structure (gnutls_private_key) */ diff --git a/lib/x509/privkey.h b/lib/x509/privkey.h index 56dfd26190..b667326047 100644 --- a/lib/x509/privkey.h +++ b/lib/x509/privkey.h @@ -12,3 +12,4 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * dat gnutls_x509_crt_fmt format); ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum *raw_key, gnutls_x509_privkey pkey); +int gnutls_x509_privkey_cpy(gnutls_x509_privkey dst, gnutls_x509_privkey src); -- cgit v1.2.1