From 5cb018a2c17e92dfb50e5bc1c03ccc080f6be87b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 29 Aug 2002 12:58:39 +0000 Subject: Renamed all the constructed types to have more consisten names, and some other minor improvements. --- lib/auth_anon.c | 88 +++--- lib/auth_anon.h | 2 +- lib/auth_cert.c | 170 +++++------ lib/auth_cert.h | 24 +- lib/auth_dhe.c | 110 ++++---- lib/auth_rsa.c | 66 ++--- lib/auth_rsa_export.c | 44 +-- lib/debug.c | 10 +- lib/debug.h | 2 +- lib/ext_cert_type.c | 34 +-- lib/ext_cert_type.h | 4 +- lib/ext_max_record.c | 26 +- lib/ext_max_record.h | 4 +- lib/gnutls.h.in.in | 345 +++++++++++++---------- lib/gnutls_alert.c | 38 +-- lib/gnutls_alert.h | 4 +- lib/gnutls_algorithms.c | 242 ++++++++-------- lib/gnutls_algorithms.h | 76 ++--- lib/gnutls_auth.c | 90 +++--- lib/gnutls_auth.h | 32 +-- lib/gnutls_auth_int.h | 14 +- lib/gnutls_buffers.c | 284 +++++++++---------- lib/gnutls_buffers.h | 54 ++-- lib/gnutls_cert.c | 88 +++--- lib/gnutls_cert.h | 12 +- lib/gnutls_cipher.c | 82 +++--- lib/gnutls_cipher.h | 8 +- lib/gnutls_cipher_int.c | 2 +- lib/gnutls_cipher_int.h | 2 +- lib/gnutls_compress.c | 8 +- lib/gnutls_compress.h | 4 +- lib/gnutls_compress_int.c | 2 +- lib/gnutls_compress_int.h | 4 +- lib/gnutls_constate.c | 346 +++++++++++------------ lib/gnutls_constate.h | 20 +- lib/gnutls_db.c | 106 +++---- lib/gnutls_db.h | 20 +- lib/gnutls_dh.h | 4 +- lib/gnutls_dh_primes.c | 14 +- lib/gnutls_extensions.c | 42 +-- lib/gnutls_extensions.h | 8 +- lib/gnutls_global.c | 28 +- lib/gnutls_handshake.c | 698 +++++++++++++++++++++++----------------------- lib/gnutls_handshake.h | 32 +-- lib/gnutls_hash_int.c | 10 +- lib/gnutls_hash_int.h | 12 +- lib/gnutls_int.h | 212 ++++++-------- lib/gnutls_int_compat.c | 33 ++- lib/gnutls_kx.c | 184 ++++++------ lib/gnutls_kx.h | 34 +-- lib/gnutls_priority.c | 74 ++--- lib/gnutls_priority.h | 12 +- lib/gnutls_record.c | 270 +++++++++--------- lib/gnutls_record.h | 8 +- lib/gnutls_rsa_export.c | 10 +- lib/gnutls_rsa_export.h | 4 +- lib/gnutls_session.c | 56 ++-- lib/gnutls_session.h | 4 +- lib/gnutls_session_pack.c | 82 +++--- lib/gnutls_session_pack.h | 6 +- lib/gnutls_sig.c | 32 +-- lib/gnutls_sig.h | 10 +- lib/gnutls_state.c | 387 +++++++++++++------------ lib/gnutls_state.h | 34 +-- lib/gnutls_ui.c | 70 ++--- lib/gnutls_ui.h | 41 +-- lib/gnutls_v2_compat.c | 56 ++-- lib/gnutls_v2_compat.h | 2 +- lib/gnutls_x509.c | 56 ++-- lib/gnutls_x509.h | 4 +- lib/x509_sig_check.c | 6 +- lib/x509_verify.c | 4 +- 72 files changed, 2522 insertions(+), 2484 deletions(-) (limited to 'lib') diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 16e53adb06..0a32d20145 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -36,10 +36,10 @@ #include "gnutls_mpi.h" #include -int gen_anon_server_kx( GNUTLS_STATE, opaque**); -int gen_anon_client_kx( GNUTLS_STATE, opaque**); -int proc_anon_server_kx( GNUTLS_STATE, opaque*, int); -int proc_anon_client_kx( GNUTLS_STATE, opaque*, int); +int gen_anon_server_kx( gnutls_session, opaque**); +int gen_anon_client_kx( gnutls_session, opaque**); +int proc_anon_server_kx( gnutls_session, opaque*, int); +int proc_anon_client_kx( gnutls_session, opaque*, int); const MOD_AUTH_STRUCT anon_auth_struct = { "ANON", @@ -62,7 +62,7 @@ const MOD_AUTH_STRUCT anon_auth_struct = { NULL }; -int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { +int gen_anon_server_kx( gnutls_session session, opaque** data) { GNUTLS_MPI x, X, g, p; int bits, ret; size_t n_X, n_g, n_p; @@ -72,13 +72,13 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { ANON_SERVER_AUTH_INFO info; const GNUTLS_ANON_SERVER_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_ANON, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - bits = _gnutls_dh_get_prime_bits( state); + bits = _gnutls_dh_get_prime_bits( session); g = gnutls_get_dh_params( cred->dh_params, &p, bits); if (g==NULL || p==NULL) { @@ -86,13 +86,13 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { return GNUTLS_E_MEMORY_ERROR; } - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_ANON, sizeof( ANON_SERVER_AUTH_INFO_INT), 1)) < 0) { + if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_ANON, sizeof( ANON_SERVER_AUTH_INFO_INT), 1)) < 0) { gnutls_assert(); return ret; } - info = _gnutls_get_auth_info( state); - if ((ret=_gnutls_dh_set_prime_bits( state, _gnutls_mpi_get_nbits(p))) < 0) { + info = _gnutls_get_auth_info( session); + if ((ret=_gnutls_dh_set_prime_bits( session, _gnutls_mpi_get_nbits(p))) < 0) { gnutls_assert(); return ret; } @@ -106,13 +106,13 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { _gnutls_mpi_release( &X); return GNUTLS_E_MEMORY_ERROR; } - ret=_gnutls_dh_set_secret_bits( state, _gnutls_mpi_get_nbits(x)); + ret=_gnutls_dh_set_secret_bits( session, _gnutls_mpi_get_nbits(x)); if (ret<0) { gnutls_assert(); return ret; } - state->gnutls_key->dh_secret = x; + session->gnutls_key->dh_secret = x; _gnutls_mpi_print( NULL, &n_g, g); _gnutls_mpi_print( NULL, &n_p, p); _gnutls_mpi_print( NULL, &n_X, X); @@ -144,20 +144,20 @@ int gen_anon_server_kx( GNUTLS_STATE state, opaque** data) { return n_p+n_g+n_X+6; } -int gen_anon_client_kx( GNUTLS_STATE state, opaque** data) { +int gen_anon_client_kx( gnutls_session session, opaque** data) { GNUTLS_MPI x, X; size_t n_X; int ret; - X = gnutls_calc_dh_secret(&x, state->gnutls_key->client_g, - state->gnutls_key->client_p); + X = gnutls_calc_dh_secret(&x, session->gnutls_key->client_g, + session->gnutls_key->client_p); if (X==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - ret=_gnutls_dh_set_secret_bits( state, _gnutls_mpi_get_nbits(x)); + ret=_gnutls_dh_set_secret_bits( session, _gnutls_mpi_get_nbits(x)); if (ret<0) { gnutls_assert(); return ret; @@ -176,17 +176,17 @@ int ret; _gnutls_write_uint16( n_X, &(*data)[0]); /* calculate the key after calculating the message */ - state->gnutls_key->KEY = gnutls_calc_dh_key(state->gnutls_key->client_Y, x, state->gnutls_key->client_p); - if (state->gnutls_key->KEY==NULL) + session->gnutls_key->KEY = gnutls_calc_dh_key(session->gnutls_key->client_Y, x, session->gnutls_key->client_p); + if (session->gnutls_key->KEY==NULL) return GNUTLS_E_MEMORY_ERROR; /* THESE SHOULD BE DISCARDED */ - _gnutls_mpi_release(&state->gnutls_key->client_Y); - _gnutls_mpi_release(&state->gnutls_key->client_p); - _gnutls_mpi_release(&state->gnutls_key->client_g); + _gnutls_mpi_release(&session->gnutls_key->client_Y); + _gnutls_mpi_release(&session->gnutls_key->client_p); + _gnutls_mpi_release(&session->gnutls_key->client_g); - ret = _gnutls_generate_key( state->gnutls_key); - _gnutls_mpi_release(&state->gnutls_key->KEY); + ret = _gnutls_generate_key( session->gnutls_key); + _gnutls_mpi_release(&session->gnutls_key->KEY); if (ret < 0) { return ret; @@ -194,7 +194,7 @@ int ret; return n_X+2; } -int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { +int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) { uint16 n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p; uint8 *data_p; @@ -234,43 +234,43 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, data_Y, &_n_Y) != 0 || state->gnutls_key->client_Y==NULL) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_Y, data_Y, &_n_Y) != 0 || session->gnutls_key->client_Y==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_g, data_g, &_n_g) != 0 || state->gnutls_key->client_g==NULL) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_g, data_g, &_n_g) != 0 || session->gnutls_key->client_g==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_p, data_p, &_n_p) != 0 || state->gnutls_key->client_p==NULL) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_p, data_p, &_n_p) != 0 || session->gnutls_key->client_p==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } /* set auth_info */ - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_ANON, sizeof( ANON_CLIENT_AUTH_INFO_INT), 1)) < 0) { + if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_ANON, sizeof( ANON_CLIENT_AUTH_INFO_INT), 1)) < 0) { gnutls_assert(); return ret; } - if ( _gnutls_mpi_get_nbits( state->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( state)) { + if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( session)) { /* the prime used by the peer is not acceptable */ gnutls_assert(); return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } - ret=_gnutls_dh_set_prime_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->client_p)); + ret=_gnutls_dh_set_prime_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->client_p)); if (ret<0) { gnutls_assert(); return ret; } - ret=_gnutls_dh_set_peer_public_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->client_Y)); + ret=_gnutls_dh_set_peer_public_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->client_Y)); if (ret<0) { gnutls_assert(); return ret; @@ -280,27 +280,27 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) { return 0; } -int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) { +int proc_anon_client_kx( gnutls_session session, opaque* data, int data_size) { uint16 n_Y; size_t _n_Y; GNUTLS_MPI g, p; int bits, ret; const GNUTLS_ANON_SERVER_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_ANON, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - bits = _gnutls_dh_get_prime_bits( state); + bits = _gnutls_dh_get_prime_bits( session); DECR_LEN( data_size, 2); n_Y = _gnutls_read_uint16( &data[0]); _n_Y = n_Y; DECR_LEN( data_size, n_Y); - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, &data[2], &_n_Y) !=0 || state->gnutls_key->client_Y==NULL) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_Y, &data[2], &_n_Y) !=0 || session->gnutls_key->client_Y==NULL) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } @@ -311,23 +311,23 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) { return GNUTLS_E_MEMORY_ERROR; } - ret=_gnutls_dh_set_peer_public_bits( state, _gnutls_mpi_get_nbits(state->gnutls_key->client_Y)); + ret=_gnutls_dh_set_peer_public_bits( session, _gnutls_mpi_get_nbits(session->gnutls_key->client_Y)); if (ret<0) { gnutls_assert(); return ret; } - state->gnutls_key->KEY = gnutls_calc_dh_key( state->gnutls_key->client_Y, state->gnutls_key->dh_secret, p); - if (state->gnutls_key->KEY==NULL) + session->gnutls_key->KEY = gnutls_calc_dh_key( session->gnutls_key->client_Y, session->gnutls_key->dh_secret, p); + if (session->gnutls_key->KEY==NULL) return GNUTLS_E_MEMORY_ERROR; - _gnutls_mpi_release(&state->gnutls_key->client_Y); - _gnutls_mpi_release(&state->gnutls_key->dh_secret); + _gnutls_mpi_release(&session->gnutls_key->client_Y); + _gnutls_mpi_release(&session->gnutls_key->dh_secret); _gnutls_mpi_release(&p); _gnutls_mpi_release(&g); - ret = _gnutls_generate_key( state->gnutls_key); - _gnutls_mpi_release(&state->gnutls_key->KEY); + ret = _gnutls_generate_key( session->gnutls_key); + _gnutls_mpi_release(&session->gnutls_key->KEY); if (ret < 0) { return ret; diff --git a/lib/auth_anon.h b/lib/auth_anon.h index 121c1c2ff7..a58c1264ce 100644 --- a/lib/auth_anon.h +++ b/lib/auth_anon.h @@ -2,7 +2,7 @@ #include typedef struct { - GNUTLS_DH_PARAMS dh_params; + gnutls_dh_params dh_params; } ANON_SERVER_CREDENTIALS_INT; #define GNUTLS_ANON_SERVER_CREDENTIALS ANON_SERVER_CREDENTIALS_INT* diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 5f1378c10f..9a79a978a1 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -148,9 +148,9 @@ int _gnutls_find_dn(gnutls_datum * odn, gnutls_cert * cert) * -1 otherwise. */ inline - static int _gnutls_check_pk_algo_in_list(PKAlgorithm * pk_algos, + static int _gnutls_check_pk_algo_in_list(gnutls_pk_algorithm * pk_algos, int pk_algos_length, - PKAlgorithm algo_to_check) + gnutls_pk_algorithm algo_to_check) { int i; for (i = 0; i < pk_algos_length; i++) { @@ -166,7 +166,7 @@ inline */ static int _find_x509_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred, opaque * _data, int _data_size, - PKAlgorithm * pk_algos, int pk_algos_length, + gnutls_pk_algorithm * pk_algos, int pk_algos_length, int *indx) { int size; @@ -235,7 +235,7 @@ static int _find_x509_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred, /* Locates the most appropriate openpgp cert */ static int _find_openpgp_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred, - PKAlgorithm * pk_algos, int pk_algos_length, + gnutls_pk_algorithm * pk_algos, int pk_algos_length, int *indx) { int i, j; @@ -272,10 +272,10 @@ static int _find_openpgp_cert(const GNUTLS_CERTIFICATE_CREDENTIALS cred, * 20020128: added ability to select a certificate depending on the SIGN * algorithm (only in automatic mode). */ -static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, +static int _gnutls_find_acceptable_client_cert(gnutls_session session, opaque * _data, int _data_size, int *ind, - PKAlgorithm * pk_algos, + gnutls_pk_algorithm * pk_algos, int pk_algos_length) { int result, size; @@ -286,20 +286,20 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, int data_size = _data_size; cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - if (state->gnutls_internals.client_cert_callback != NULL) { + if (session->internals.client_cert_callback != NULL) { /* if try>=0 then the client wants automatic * choose of certificate, otherwise (-1), he * will be prompted to choose one. */ try = - state->gnutls_internals.client_cert_callback(state, + session->internals.client_cert_callback(session, NULL, 0, NULL, 0); } @@ -308,14 +308,14 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, if (try >= 0) { result = 0; - if (state->security_parameters.cert_type == + if (session->security_parameters.cert_type == GNUTLS_CRT_X509) result = _find_x509_cert(cred, _data, _data_size, pk_algos, pk_algos_length, &indx); - if (state->security_parameters.cert_type == + if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) result = _find_openpgp_cert(cred, pk_algos, @@ -331,7 +331,7 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, /* use the callback */ - if (indx == -1 && state->gnutls_internals.client_cert_callback != NULL && cred->ncerts > 0) { /* use a callback to get certificate */ + if (indx == -1 && session->internals.client_cert_callback != NULL && cred->ncerts > 0) { /* use a callback to get certificate */ gnutls_datum *my_certs = NULL; gnutls_datum *issuers_dn = NULL; int issuers_dn_len = 0; @@ -370,7 +370,7 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, /* put the requested DNs to req_dn, only in case * of X509 certificates. */ - if (gnutls_cert_type_get(state) == GNUTLS_CRT_X509) { + if (gnutls_cert_type_get(session) == GNUTLS_CRT_X509) { data = _data; data_size = _data_size; @@ -416,7 +416,7 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, */ for (j = i = 0; i < cred->ncerts; i++) { if ((cred->cert_list[i][0].cert_type == - gnutls_cert_type_get(state)) && + gnutls_cert_type_get(session)) && (_gnutls_check_pk_algo_in_list(pk_algos, pk_algos_length, cred-> @@ -432,7 +432,7 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, } indx = - state->gnutls_internals.client_cert_callback(state, + session->internals.client_cert_callback(session, my_certs, j, issuers_dn, @@ -458,7 +458,7 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, /* Generate client certificate */ -int _gnutls_gen_x509_certificate(GNUTLS_STATE state, opaque ** data) +int _gnutls_gen_x509_certificate(gnutls_session session, opaque ** data) { int ret, i; opaque *pdata; @@ -468,7 +468,7 @@ int _gnutls_gen_x509_certificate(GNUTLS_STATE state, opaque ** data) /* find the appropriate certificate */ if ((ret = - _gnutls_find_apr_cert(state, &apr_cert_list, + _gnutls_find_apr_cert(session, &apr_cert_list, &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert(); @@ -510,7 +510,7 @@ int _gnutls_gen_x509_certificate(GNUTLS_STATE state, opaque ** data) enum PGPKeyDescriptorType { PGP_KEY_FINGERPRINT, PGP_KEY }; -int _gnutls_gen_openpgp_certificate(GNUTLS_STATE state, +int _gnutls_gen_openpgp_certificate(gnutls_session session, opaque ** data) { int ret; @@ -521,7 +521,7 @@ int _gnutls_gen_openpgp_certificate(GNUTLS_STATE state, /* find the appropriate certificate */ if ((ret = - _gnutls_find_apr_cert(state, &apr_cert_list, + _gnutls_find_apr_cert(session, &apr_cert_list, &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert(); @@ -560,7 +560,7 @@ OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint = NULL; OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key = NULL; extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; -int _gnutls_gen_openpgp_certificate_fpr(GNUTLS_STATE state, +int _gnutls_gen_openpgp_certificate_fpr(gnutls_session session, opaque ** data) { int ret, fpr_size, packet_size; @@ -571,7 +571,7 @@ int _gnutls_gen_openpgp_certificate_fpr(GNUTLS_STATE state, /* find the appropriate certificate */ if ((ret = - _gnutls_find_apr_cert(state, &apr_cert_list, + _gnutls_find_apr_cert(session, &apr_cert_list, &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert(); @@ -585,7 +585,7 @@ int _gnutls_gen_openpgp_certificate_fpr(GNUTLS_STATE state, if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4) packet_size += 20 + 1; else /* empty certificate case */ - return _gnutls_gen_openpgp_certificate(state, data); + return _gnutls_gen_openpgp_certificate(session, data); (*data) = gnutls_malloc(packet_size); pdata = (*data); @@ -621,21 +621,21 @@ int _gnutls_gen_openpgp_certificate_fpr(GNUTLS_STATE state, -int _gnutls_gen_cert_client_certificate(GNUTLS_STATE state, opaque ** data) +int _gnutls_gen_cert_client_certificate(gnutls_session session, opaque ** data) { - switch (state->security_parameters.cert_type) { + switch (session->security_parameters.cert_type) { case GNUTLS_CRT_OPENPGP: - if (_gnutls_openpgp_send_fingerprint(state) == 0) + if (_gnutls_openpgp_send_fingerprint(session) == 0) return - _gnutls_gen_openpgp_certificate(state, + _gnutls_gen_openpgp_certificate(session, data); else return _gnutls_gen_openpgp_certificate_fpr - (state, data); + (session, data); case GNUTLS_CRT_X509: - return _gnutls_gen_x509_certificate(state, data); + return _gnutls_gen_x509_certificate(session, data); default: gnutls_assert(); @@ -643,13 +643,13 @@ int _gnutls_gen_cert_client_certificate(GNUTLS_STATE state, opaque ** data) } } -int _gnutls_gen_cert_server_certificate(GNUTLS_STATE state, opaque ** data) +int _gnutls_gen_cert_server_certificate(gnutls_session session, opaque ** data) { - switch (state->security_parameters.cert_type) { + switch (session->security_parameters.cert_type) { case GNUTLS_CRT_OPENPGP: - return _gnutls_gen_openpgp_certificate(state, data); + return _gnutls_gen_openpgp_certificate(session, data); case GNUTLS_CRT_X509: - return _gnutls_gen_x509_certificate(state, data); + return _gnutls_gen_x509_certificate(session, data); default: gnutls_assert(); return GNUTLS_E_UNKNOWN_ERROR; @@ -660,7 +660,7 @@ int _gnutls_gen_cert_server_certificate(GNUTLS_STATE state, opaque ** data) */ #define CLEAR_CERTS for(x=0;xgnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); @@ -683,14 +683,14 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data, if ((ret = - _gnutls_auth_info_set(state, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, sizeof(CERTIFICATE_AUTH_INFO_INT), 1)) < 0) { gnutls_assert(); return ret; } - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (data == NULL || data_size == 0) { gnutls_assert(); @@ -779,7 +779,7 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data, if ((ret = _gnutls_check_x509_key_usage(&peer_certificate_list[0], - gnutls_kx_get(state))) + gnutls_kx_get(session))) < 0) { gnutls_assert(); CLEAR_CERTS; @@ -794,7 +794,7 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data, } #define CLEAR_CERTS for(x=0;xgnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); @@ -816,14 +816,14 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, } if ((ret = - _gnutls_auth_info_set(state, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, sizeof(CERTIFICATE_AUTH_INFO_INT), 1)) < 0) { gnutls_assert(); return ret; } - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (data == NULL || data_size == 0) { gnutls_assert(); @@ -947,7 +947,7 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, if ((ret = _gnutls_check_x509_key_usage(&peer_certificate_list[0], - gnutls_kx_get(state))) + gnutls_kx_get(session))) < 0) { gnutls_assert(); CLEAR_CERTS; @@ -961,15 +961,15 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state, return 0; } -int _gnutls_proc_cert_server_certificate(GNUTLS_STATE state, opaque * data, +int _gnutls_proc_cert_server_certificate(gnutls_session session, opaque * data, int data_size) { - switch (state->security_parameters.cert_type) { + switch (session->security_parameters.cert_type) { case GNUTLS_CRT_OPENPGP: - return _gnutls_proc_openpgp_server_certificate(state, data, + return _gnutls_proc_openpgp_server_certificate(session, data, data_size); case GNUTLS_CRT_X509: - return _gnutls_proc_x509_server_certificate(state, data, + return _gnutls_proc_x509_server_certificate(session, data, data_size); default: gnutls_assert(); @@ -982,7 +982,7 @@ typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN } CertificateSigType; /* Checks if we support the given signature algorithm - * (RSA or DSA). Returns the corresponding PKAlgorithm + * (RSA or DSA). Returns the corresponding gnutls_pk_algorithm * if true; */ inline static @@ -998,7 +998,7 @@ int _gnutls_check_supported_sign_algo(CertificateSigType algo) return -1; } -int _gnutls_proc_cert_cert_req(GNUTLS_STATE state, opaque * data, +int _gnutls_proc_cert_cert_req(gnutls_session session, opaque * data, int data_size) { int size, ret; @@ -1007,11 +1007,11 @@ int _gnutls_proc_cert_cert_req(GNUTLS_STATE state, opaque * data, CERTIFICATE_AUTH_INFO info; int dsize = data_size; int i, j, ind; - PKAlgorithm pk_algos[MAX_SIGN_ALGOS]; + gnutls_pk_algorithm pk_algos[MAX_SIGN_ALGOS]; int pk_algos_length; cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); @@ -1019,14 +1019,14 @@ int _gnutls_proc_cert_cert_req(GNUTLS_STATE state, opaque * data, } if ((ret = - _gnutls_auth_info_set(state, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, sizeof(CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { gnutls_assert(); return ret; } - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); DECR_LEN(dsize, 1); size = p[0]; @@ -1049,7 +1049,7 @@ int _gnutls_proc_cert_cert_req(GNUTLS_STATE state, opaque * data, return GNUTLS_E_UNKNOWN_KX_ALGORITHM; } - if (state->security_parameters.cert_type == GNUTLS_CRT_X509) { + if (session->security_parameters.cert_type == GNUTLS_CRT_X509) { DECR_LEN(dsize, 2); size = _gnutls_read_uint16(p); p += 2; @@ -1064,7 +1064,7 @@ int _gnutls_proc_cert_cert_req(GNUTLS_STATE state, opaque * data, * he wants to use. */ if ((ret = - _gnutls_find_acceptable_client_cert(state, p, size, + _gnutls_find_acceptable_client_cert(session, p, size, &ind, pk_algos, pk_algos_length)) < 0) { gnutls_assert(); @@ -1072,15 +1072,15 @@ int _gnutls_proc_cert_cert_req(GNUTLS_STATE state, opaque * data, } /* put the index of the client certificate to use */ - state->gnutls_internals.selected_cert_index = ind; + session->internals.selected_cert_index = ind; if (ind >= 0) - state->gnutls_key->certificate_requested = 1; + session->gnutls_key->certificate_requested = 1; return 0; } -int _gnutls_gen_cert_client_cert_vrfy(GNUTLS_STATE state, opaque ** data) +int _gnutls_gen_cert_client_cert_vrfy(gnutls_session session, opaque ** data) { int ret; gnutls_cert *apr_cert_list; @@ -1092,7 +1092,7 @@ int _gnutls_gen_cert_client_cert_vrfy(GNUTLS_STATE state, opaque ** data) /* find the appropriate certificate */ if ((ret = - _gnutls_find_apr_cert(state, &apr_cert_list, + _gnutls_find_apr_cert(session, &apr_cert_list, &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert(); @@ -1101,7 +1101,7 @@ int _gnutls_gen_cert_client_cert_vrfy(GNUTLS_STATE state, opaque ** data) if (apr_pkey != NULL) { if ((ret = - _gnutls_generate_sig_from_hdata(state, + _gnutls_generate_sig_from_hdata(session, &apr_cert_list[0], apr_pkey, &signature)) < 0) { @@ -1128,14 +1128,14 @@ int _gnutls_gen_cert_client_cert_vrfy(GNUTLS_STATE state, opaque ** data) return size + 2; } -int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data, +int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, opaque * data, int data_size) { int size, ret; int dsize = data_size; opaque *pdata = data; gnutls_datum sig; - CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(state); + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(session); gnutls_cert peer_cert; if (info == NULL || info->ncerts == 0) { @@ -1153,7 +1153,7 @@ int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data, sig.data = pdata; sig.size = size; - switch (state->security_parameters.cert_type) { + switch (session->security_parameters.cert_type) { case GNUTLS_CRT_X509: ret = _gnutls_x509_cert2gnutls_cert(&peer_cert, @@ -1182,7 +1182,7 @@ int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data, } if ((ret = - _gnutls_verify_sig_hdata(state, &peer_cert, &sig, + _gnutls_verify_sig_hdata(session, &peer_cert, &sig, data_size + HANDSHAKE_HEADER_SIZE)) < 0) { gnutls_assert(); @@ -1195,7 +1195,7 @@ int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE state, opaque * data, } #define CERTTYPE_SIZE 3 -int _gnutls_gen_cert_server_cert_req(GNUTLS_STATE state, opaque ** data) +int _gnutls_gen_cert_server_cert_req(gnutls_session session, opaque ** data) { const GNUTLS_CERTIFICATE_CREDENTIALS cred; int size; @@ -1207,17 +1207,17 @@ int _gnutls_gen_cert_server_cert_req(GNUTLS_STATE state, opaque ** data) */ cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - size = CERTTYPE_SIZE + 2; /* 2 for CertificateType + 2 for size of rdn_seq + size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type + 2 for size of rdn_seq */ - if (state->security_parameters.cert_type == GNUTLS_CRT_X509) + if (session->security_parameters.cert_type == GNUTLS_CRT_X509) size += cred->x509_rdn_sequence.size; (*data) = gnutls_malloc(size); @@ -1234,7 +1234,7 @@ int _gnutls_gen_cert_server_cert_req(GNUTLS_STATE state, opaque ** data) pdata[2] = DSA_SIGN; /* only these for now */ pdata += CERTTYPE_SIZE; - if (state->security_parameters.cert_type == GNUTLS_CRT_X509) { + if (session->security_parameters.cert_type == GNUTLS_CRT_X509) { _gnutls_write_datum16(pdata, cred->x509_rdn_sequence); pdata += cred->x509_rdn_sequence.size + 2; } @@ -1246,7 +1246,7 @@ int _gnutls_gen_cert_server_cert_req(GNUTLS_STATE state, opaque ** data) /* This function will return the appropriate certificate to use. The return * value depends on the side (client or server). */ -int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, +int _gnutls_find_apr_cert(gnutls_session session, gnutls_cert ** apr_cert_list, int *apr_cert_list_length, gnutls_private_key ** apr_pkey) { @@ -1254,7 +1254,7 @@ int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, int ind; cred = - _gnutls_get_kx_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_kx_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { @@ -1265,7 +1265,7 @@ int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, return GNUTLS_E_INSUFICIENT_CRED; } - if (state->security_parameters.entity == GNUTLS_SERVER) { + if (session->security_parameters.entity == GNUTLS_SERVER) { if (cred->ncerts == 0) { *apr_cert_list = NULL; @@ -1276,7 +1276,7 @@ int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, } else { /* find_cert_list_index() has been called before. */ - ind = state->gnutls_internals.selected_cert_index; + ind = session->internals.selected_cert_index; if (ind < 0) { *apr_cert_list = NULL; @@ -1302,7 +1302,7 @@ int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, /* we had already decided which certificate * to send. */ - ind = state->gnutls_internals.selected_cert_index; + ind = session->internals.selected_cert_index; if (ind < 0) { *apr_cert_list = NULL; @@ -1325,20 +1325,20 @@ int _gnutls_find_apr_cert(GNUTLS_STATE state, gnutls_cert ** apr_cert_list, * The 'appropriate' is defined by the user. * (frontend to _gnutls_server_find_cert_index()) */ -const gnutls_cert *_gnutls_server_find_cert(GNUTLS_STATE state, - PKAlgorithm requested_algo) +const gnutls_cert *_gnutls_server_find_cert(gnutls_session session, + gnutls_pk_algorithm requested_algo) { int i; const GNUTLS_CERTIFICATE_CREDENTIALS x509_cred; x509_cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (x509_cred == NULL) return NULL; - i = _gnutls_server_find_cert_list_index(state, + i = _gnutls_server_find_cert_list_index(session, x509_cred->cert_list, x509_cred->ncerts, requested_algo); @@ -1355,10 +1355,10 @@ const gnutls_cert *_gnutls_server_find_cert(GNUTLS_STATE state, * requested_algo holds the parameters required by the peer (RSA, DSA * or -1 for any). */ -int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, +int _gnutls_server_find_cert_list_index(gnutls_session session, gnutls_cert ** cert_list, int cert_list_length, - PKAlgorithm requested_algo) + gnutls_pk_algorithm requested_algo) { int i, index = -1, j; const GNUTLS_CERTIFICATE_CREDENTIALS cred; @@ -1366,7 +1366,7 @@ int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, int *ij_map = NULL; cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); @@ -1381,7 +1381,7 @@ int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, requested_algo == cred->cert_list[i][0].subject_pk_algorithm) { /* if cert type matches */ - if (state->security_parameters.cert_type == + if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type) { index = i; break; @@ -1390,7 +1390,7 @@ int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, } - if (state->gnutls_internals.server_cert_callback != NULL && cred->ncerts > 0) { /* use the callback to get certificate */ + if (session->internals.server_cert_callback != NULL && cred->ncerts > 0) { /* use the callback to get certificate */ gnutls_datum *my_certs = NULL; my_certs = @@ -1411,7 +1411,7 @@ int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, cred->cert_list[i][0].subject_pk_algorithm) { /* if cert type matches */ - if (state->security_parameters.cert_type == + if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type) { ij_map[j] = i; @@ -1423,7 +1423,7 @@ int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, my_certs_length = j; index = - state->gnutls_internals.server_cert_callback(state, + session->internals.server_cert_callback(session, my_certs, my_certs_length); @@ -1437,6 +1437,6 @@ int _gnutls_server_find_cert_list_index(GNUTLS_STATE state, /* store the index for future use, in the handshake. * (This will allow not calling this callback again.) */ - state->gnutls_internals.selected_cert_index = index; + session->internals.selected_cert_index = index; return index; } diff --git a/lib/auth_cert.h b/lib/auth_cert.h index 73a05d5295..7d9fedafd3 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -7,8 +7,8 @@ * support a server that has multiple certificates */ typedef struct { - GNUTLS_DH_PARAMS dh_params; - GNUTLS_RSA_PARAMS rsa_params; + gnutls_dh_params dh_params; + gnutls_rsa_params rsa_params; gnutls_cert ** cert_list; /* contains a list of a list of certificates. @@ -73,17 +73,17 @@ typedef struct CERTIFICATE_AUTH_INFO_INT { typedef struct CERTIFICATE_AUTH_INFO_INT CERTIFICATE_AUTH_INFO_INT; /* AUTH X509 functions */ -int _gnutls_gen_cert_server_certificate(GNUTLS_STATE, opaque **); -int _gnutls_gen_cert_client_certificate(GNUTLS_STATE, opaque **); -int _gnutls_gen_cert_client_cert_vrfy(GNUTLS_STATE, opaque **); -int _gnutls_gen_cert_server_cert_req(GNUTLS_STATE, opaque **); -int _gnutls_proc_cert_cert_req(GNUTLS_STATE, opaque *, int); -int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE, opaque *, int); -int _gnutls_proc_cert_server_certificate(GNUTLS_STATE, opaque *, int); -int _gnutls_find_apr_cert( GNUTLS_STATE state, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_private_key** apr_pkey); +int _gnutls_gen_cert_server_certificate(gnutls_session, opaque **); +int _gnutls_gen_cert_client_certificate(gnutls_session, opaque **); +int _gnutls_gen_cert_client_cert_vrfy(gnutls_session, opaque **); +int _gnutls_gen_cert_server_cert_req(gnutls_session, opaque **); +int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, int); +int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, int); +int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, int); +int _gnutls_find_apr_cert( gnutls_session session, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_private_key** apr_pkey); int _gnutls_find_dn( gnutls_datum* odn, gnutls_cert* cert); -const gnutls_cert* _gnutls_server_find_cert( struct GNUTLS_STATE_INT*, PKAlgorithm); -int _gnutls_server_find_cert_list_index( struct GNUTLS_STATE_INT*, gnutls_cert ** cert_list, int cert_list_length, PKAlgorithm); +const gnutls_cert* _gnutls_server_find_cert( struct gnutls_session_int*, gnutls_pk_algorithm); +int _gnutls_server_find_cert_list_index( struct gnutls_session_int*, gnutls_cert ** cert_list, int cert_list_length, gnutls_pk_algorithm); #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 7bec8731c2..8ae04509fd 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -36,10 +36,10 @@ #include #include -static int gen_dhe_server_kx(GNUTLS_STATE, opaque **); -static int gen_dhe_client_kx(GNUTLS_STATE, opaque **); -static int proc_dhe_server_kx(GNUTLS_STATE, opaque *, int); -static int proc_dhe_client_kx(GNUTLS_STATE, opaque *, int); +static int gen_dhe_server_kx(gnutls_session, opaque **); +static int gen_dhe_client_kx(gnutls_session, opaque **); +static int proc_dhe_server_kx(gnutls_session, opaque *, int); +static int proc_dhe_client_kx(gnutls_session, opaque *, int); const MOD_AUTH_STRUCT dhe_rsa_auth_struct = { "DHE_RSA", @@ -83,7 +83,7 @@ const MOD_AUTH_STRUCT dhe_dss_auth_struct = { _gnutls_proc_cert_cert_req /* proc server cert request */ }; -static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) +static int gen_dhe_server_kx(gnutls_session session, opaque ** data) { GNUTLS_MPI x, X, g, p; size_t n_X, n_g, n_p; @@ -99,17 +99,17 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) CERTIFICATE_AUTH_INFO info; const GNUTLS_CERTIFICATE_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - bits = _gnutls_dh_get_prime_bits( state); + bits = _gnutls_dh_get_prime_bits( session); /* find the appropriate certificate */ if ((ret = - _gnutls_find_apr_cert(state, &apr_cert_list, + _gnutls_find_apr_cert(session, &apr_cert_list, &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert(); @@ -122,13 +122,13 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { + if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { gnutls_assert(); return ret; } - info = _gnutls_get_auth_info( state); - ret=_gnutls_dh_set_prime_bits( state, _gnutls_mpi_get_nbits(p)); + info = _gnutls_get_auth_info( session); + ret=_gnutls_dh_set_prime_bits( session, _gnutls_mpi_get_nbits(p)); if (ret<0) { gnutls_assert(); return ret; @@ -141,8 +141,8 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->dh_secret = x; - ret=_gnutls_dh_set_secret_bits( state, _gnutls_mpi_get_nbits(x)); + session->gnutls_key->dh_secret = x; + ret=_gnutls_dh_set_secret_bits( session, _gnutls_mpi_get_nbits(x)); if (ret<0) { gnutls_assert(); return ret; @@ -188,7 +188,7 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) if (apr_pkey != NULL) { if ((ret = - _gnutls_generate_sig_params(state, &apr_cert_list[0], + _gnutls_generate_sig_params(session, &apr_cert_list[0], apr_pkey, &ddata, &signature)) < 0) { gnutls_assert(); @@ -215,14 +215,14 @@ static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) return data_size; } -static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) +static int gen_dhe_client_kx(gnutls_session session, opaque ** data) { GNUTLS_MPI x, X; size_t n_X; int ret; - X = gnutls_calc_dh_secret(&x, state->gnutls_key->client_g, - state->gnutls_key->client_p); + X = gnutls_calc_dh_secret(&x, session->gnutls_key->client_g, + session->gnutls_key->client_p); if (X == NULL || x == NULL) { gnutls_assert(); _gnutls_mpi_release(&x); @@ -230,7 +230,7 @@ static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - ret=_gnutls_dh_set_secret_bits( state, _gnutls_mpi_get_nbits(x)); + ret=_gnutls_dh_set_secret_bits( session, _gnutls_mpi_get_nbits(x)); if (ret<0) { gnutls_assert(); return ret; @@ -250,18 +250,18 @@ static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) _gnutls_write_uint16(n_X, &(*data)[0]); /* calculate the key after calculating the message */ - state->gnutls_key->KEY = - gnutls_calc_dh_key(state->gnutls_key->client_Y, x, - state->gnutls_key->client_p); + session->gnutls_key->KEY = + gnutls_calc_dh_key(session->gnutls_key->client_Y, x, + session->gnutls_key->client_p); _gnutls_mpi_release(&x); - if (state->gnutls_key->KEY == NULL) { + if (session->gnutls_key->KEY == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - ret=_gnutls_dh_set_peer_public_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->client_Y)); + ret=_gnutls_dh_set_peer_public_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->client_Y)); if (ret<0) { gnutls_assert(); return ret; @@ -269,12 +269,12 @@ static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) /* THESE SHOULD BE DISCARDED */ - _gnutls_mpi_release(&state->gnutls_key->client_Y); - _gnutls_mpi_release(&state->gnutls_key->client_p); - _gnutls_mpi_release(&state->gnutls_key->client_g); + _gnutls_mpi_release(&session->gnutls_key->client_Y); + _gnutls_mpi_release(&session->gnutls_key->client_p); + _gnutls_mpi_release(&session->gnutls_key->client_g); - ret = _gnutls_generate_key(state->gnutls_key); - _gnutls_mpi_release(&state->gnutls_key->KEY); + ret = _gnutls_generate_key(session->gnutls_key); + _gnutls_mpi_release(&session->gnutls_key->KEY); if (ret < 0) { return ret; @@ -285,7 +285,7 @@ static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert = NULL; -static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, +static int proc_dhe_server_kx(gnutls_session session, opaque * data, int data_size) { uint16 n_Y, n_g, n_p; @@ -296,7 +296,7 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, int i, sigsize; gnutls_datum vparams, signature; int ret; - CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( state); + CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); gnutls_cert peer_cert; if (info == NULL || info->ncerts==0) { @@ -343,36 +343,36 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, data_Y, &_n_Y) != 0) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_Y, data_Y, &_n_Y) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_g, data_g, &_n_g) != 0) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_g, data_g, &_n_g) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->client_p, data_p, &_n_p) != 0) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_p, data_p, &_n_p) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - ret=_gnutls_dh_set_peer_public_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->client_Y)); + ret=_gnutls_dh_set_peer_public_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->client_Y)); if (ret<0) { gnutls_assert(); return ret; } - if ( _gnutls_mpi_get_nbits( state->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( state)) { + if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( session)) { /* the prime used by the peer is not acceptable */ gnutls_assert(); return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } - ret=_gnutls_dh_set_prime_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->client_p)); + ret=_gnutls_dh_set_prime_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->client_p)); if (ret<0) { gnutls_assert(); return ret; @@ -390,7 +390,7 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, signature.data = &data[vparams.size + 2]; signature.size = sigsize; - switch( state->security_parameters.cert_type) { + switch( session->security_parameters.cert_type) { case GNUTLS_CRT_X509: if ((ret = _gnutls_x509_cert2gnutls_cert( &peer_cert, @@ -419,7 +419,7 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, } ret = - _gnutls_verify_sig_params(state, + _gnutls_verify_sig_params(session, &peer_cert, &vparams, &signature); @@ -432,7 +432,7 @@ static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, return ret; } -static int proc_dhe_client_kx(GNUTLS_STATE state, opaque * data, +static int proc_dhe_client_kx(gnutls_session session, opaque * data, int data_size) { uint16 n_Y; @@ -441,26 +441,26 @@ static int proc_dhe_client_kx(GNUTLS_STATE state, opaque * data, int bits, ret; const GNUTLS_CERTIFICATE_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - bits = _gnutls_dh_get_prime_bits( state); + bits = _gnutls_dh_get_prime_bits( session); DECR_LEN( data_size, 2); n_Y = _gnutls_read_uint16(&data[0]); _n_Y = n_Y; DECR_LEN( data_size, n_Y); - if (_gnutls_mpi_scan(&state->gnutls_key->client_Y, &data[2], &_n_Y)) { + if (_gnutls_mpi_scan(&session->gnutls_key->client_Y, &data[2], &_n_Y)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - ret=_gnutls_dh_set_peer_public_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->client_Y)); + ret=_gnutls_dh_set_peer_public_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->client_Y)); if (ret<0) { gnutls_assert(); return ret; @@ -474,21 +474,21 @@ static int proc_dhe_client_kx(GNUTLS_STATE state, opaque * data, return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->KEY = - gnutls_calc_dh_key(state->gnutls_key->client_Y, - state->gnutls_key->dh_secret, p); + session->gnutls_key->KEY = + gnutls_calc_dh_key(session->gnutls_key->client_Y, + session->gnutls_key->dh_secret, p); _gnutls_mpi_release(&g); _gnutls_mpi_release(&p); - if (state->gnutls_key->KEY == NULL) { + if (session->gnutls_key->KEY == NULL) { return GNUTLS_E_MEMORY_ERROR; } - _gnutls_mpi_release(&state->gnutls_key->client_Y); - _gnutls_mpi_release(&state->gnutls_key->dh_secret); + _gnutls_mpi_release(&session->gnutls_key->client_Y); + _gnutls_mpi_release(&session->gnutls_key->dh_secret); - ret = _gnutls_generate_key(state->gnutls_key); - _gnutls_mpi_release(&state->gnutls_key->KEY); + ret = _gnutls_generate_key(session->gnutls_key); + _gnutls_mpi_release(&session->gnutls_key->KEY); if (ret < 0) { return ret; diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index e1ceaf6121..e0677d1626 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -41,8 +41,8 @@ #include #include -int _gnutls_gen_rsa_client_kx(GNUTLS_STATE, opaque **); -int _gnutls_proc_rsa_client_kx(GNUTLS_STATE, opaque *, int); +int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **); +int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, int); const MOD_AUTH_STRUCT rsa_auth_struct = { "RSA", @@ -70,7 +70,7 @@ extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; /* This function reads the RSA parameters from peer's certificate; */ -int _gnutls_get_public_rsa_params(GNUTLS_STATE state, GNUTLS_MPI params[MAX_PARAMS_SIZE], int* params_len) +int _gnutls_get_public_rsa_params(gnutls_session session, GNUTLS_MPI params[MAX_PARAMS_SIZE], int* params_len) { int ret; CERTIFICATE_AUTH_INFO info; @@ -79,14 +79,14 @@ int i; /* normal non export case */ - info = _gnutls_get_auth_info( state); + info = _gnutls_get_auth_info( session); if (info==NULL || info->ncerts==0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_ERROR; } - switch( state->security_parameters.cert_type) { + switch( session->security_parameters.cert_type) { case GNUTLS_CRT_X509: if ((ret = _gnutls_x509_cert2gnutls_cert( &peer_cert, @@ -116,14 +116,14 @@ int i; /* EXPORT case: */ - if ( _gnutls_cipher_suite_get_kx_algo(state->security_parameters.current_cipher_suite) + if ( _gnutls_cipher_suite_get_kx_algo(session->security_parameters.current_cipher_suite) == GNUTLS_KX_RSA_EXPORT && _gnutls_mpi_get_nbits(peer_cert.params[0]) > 512) { _gnutls_free_cert( peer_cert); - if (state->gnutls_key->rsa[0] == NULL || - state->gnutls_key->rsa[1] == NULL) { + if (session->gnutls_key->rsa[0] == NULL || + session->gnutls_key->rsa[1] == NULL) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } @@ -134,7 +134,7 @@ int i; } *params_len = 2; for (i=0;i<*params_len;i++) { - params[i] = _gnutls_mpi_copy(state->gnutls_key->rsa[i]); + params[i] = _gnutls_mpi_copy(session->gnutls_key->rsa[i]); } return 0; @@ -158,23 +158,23 @@ int i; /* This function reads the RSA parameters from the private key */ -int _gnutls_get_private_rsa_params(GNUTLS_STATE state, GNUTLS_MPI **params, int* params_size) +int _gnutls_get_private_rsa_params(gnutls_session session, GNUTLS_MPI **params, int* params_size) { int index; const GNUTLS_CERTIFICATE_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - if ( (index=state->gnutls_internals.selected_cert_index) < 0) { + if ( (index=session->internals.selected_cert_index) < 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_ERROR; } - if ( _gnutls_cipher_suite_get_kx_algo(state->security_parameters.current_cipher_suite) + if ( _gnutls_cipher_suite_get_kx_algo(session->security_parameters.current_cipher_suite) == GNUTLS_KX_RSA_EXPORT && _gnutls_mpi_get_nbits(cred->cert_list[index][0].params[0]) > 512) { @@ -207,7 +207,7 @@ const GNUTLS_CERTIFICATE_CREDENTIALS cred; return GNUTLS_E_MEMORY_ERROR; \ } -int _gnutls_proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) +int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, int data_size) { gnutls_sdatum plaintext; gnutls_datum ciphertext; @@ -215,7 +215,7 @@ int _gnutls_proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) GNUTLS_MPI *params; int params_len; - if (gnutls_protocol_get_version(state) == GNUTLS_SSL3) { + if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) { /* SSL 3.0 */ ciphertext.data = data; ciphertext.size = data_size; @@ -231,7 +231,7 @@ int _gnutls_proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) ciphertext.size = dsize; } - ret = _gnutls_get_private_rsa_params(state, ¶ms, ¶ms_len); + ret = _gnutls_get_private_rsa_params(session, ¶ms, ¶ms_len); if (ret < 0) { gnutls_assert(); return ret; @@ -250,21 +250,21 @@ int _gnutls_proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) _gnutls_log("RSA_AUTH: Possible PKCS-1 format attack\n"); - RANDOMIZE_KEY(state->gnutls_key->key, + RANDOMIZE_KEY(session->gnutls_key->key, gnutls_secure_malloc, GNUTLS_WEAK_RANDOM); } else { ret = 0; - if (state->gnutls_internals.rsa_pms_check==0) - if (_gnutls_get_adv_version_major(state) != + if (session->internals.rsa_pms_check==0) + if (_gnutls_get_adv_version_major(session) != plaintext.data[0] - || _gnutls_get_adv_version_minor(state) != + || _gnutls_get_adv_version_minor(session) != plaintext.data[1]) { gnutls_assert(); ret = GNUTLS_E_DECRYPTION_FAILED; } - state->gnutls_key->key.data = plaintext.data; - state->gnutls_key->key.size = plaintext.size; + session->gnutls_key->key.data = plaintext.data; + session->gnutls_key->key.size = plaintext.size; } return ret; @@ -274,14 +274,14 @@ int _gnutls_proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) /* return RSA(random) using the peers public key */ -int _gnutls_gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data) +int _gnutls_gen_rsa_client_kx(gnutls_session session, opaque ** data) { - CERTIFICATE_AUTH_INFO auth = state->gnutls_key->auth_info; + CERTIFICATE_AUTH_INFO auth = session->gnutls_key->auth_info; gnutls_datum sdata; /* data to send */ GNUTLS_MPI params[MAX_PARAMS_SIZE]; int params_len = MAX_PARAMS_SIZE; int ret, i; - GNUTLS_Version ver; + gnutls_protocol_version ver; if (auth == NULL) { /* this shouldn't have happened. The proc_certificate @@ -290,23 +290,23 @@ int _gnutls_gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data) gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } - RANDOMIZE_KEY(state->gnutls_key->key, gnutls_secure_malloc, GNUTLS_STRONG_RANDOM); + RANDOMIZE_KEY(session->gnutls_key->key, gnutls_secure_malloc, GNUTLS_STRONG_RANDOM); - ver = _gnutls_get_adv_version(state); + ver = _gnutls_get_adv_version(session); - state->gnutls_key->key.data[0] = _gnutls_version_get_major(ver); - state->gnutls_key->key.data[1] = _gnutls_version_get_minor(ver); + session->gnutls_key->key.data[0] = _gnutls_version_get_major(ver); + session->gnutls_key->key.data[1] = _gnutls_version_get_minor(ver); - /* move RSA parameters to gnutls_key (state). + /* move RSA parameters to gnutls_key (session). */ if ((ret = - _gnutls_get_public_rsa_params(state, params, ¶ms_len)) < 0) { + _gnutls_get_public_rsa_params(session, params, ¶ms_len)) < 0) { gnutls_assert(); return ret; } if ((ret = - _gnutls_pkcs1_rsa_encrypt(&sdata, state->gnutls_key->key, + _gnutls_pkcs1_rsa_encrypt(&sdata, session->gnutls_key->key, params, params_len, 2)) < 0) { gnutls_assert(); return ret; @@ -315,7 +315,7 @@ int _gnutls_gen_rsa_client_kx(GNUTLS_STATE state, opaque ** data) for (i=0;i #include -int _gnutls_gen_rsa_client_kx(GNUTLS_STATE, opaque **); -int _gnutls_proc_rsa_client_kx(GNUTLS_STATE, opaque *, int); -static int gen_rsa_export_server_kx(GNUTLS_STATE, opaque **); -static int proc_rsa_export_server_kx(GNUTLS_STATE, opaque *, int); +int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **); +int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, int); +static int gen_rsa_export_server_kx(gnutls_session, opaque **); +static int proc_rsa_export_server_kx(gnutls_session, opaque *, int); const MOD_AUTH_STRUCT rsa_export_auth_struct = { "RSA EXPORT", @@ -72,7 +72,7 @@ const MOD_AUTH_STRUCT rsa_export_auth_struct = { extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; -static int gen_rsa_export_server_kx(GNUTLS_STATE state, opaque ** data) +static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data) { const GNUTLS_MPI *rsa_params; size_t n_e, n_m; @@ -85,7 +85,7 @@ static int gen_rsa_export_server_kx(GNUTLS_STATE state, opaque ** data) CERTIFICATE_AUTH_INFO info; const GNUTLS_CERTIFICATE_CREDENTIALS cred; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; @@ -93,7 +93,7 @@ static int gen_rsa_export_server_kx(GNUTLS_STATE state, opaque ** data) /* find the appropriate certificate */ if ((ret = - _gnutls_find_apr_cert(state, &apr_cert_list, + _gnutls_find_apr_cert(session, &apr_cert_list, &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert(); @@ -113,13 +113,13 @@ static int gen_rsa_export_server_kx(GNUTLS_STATE state, opaque ** data) return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; } - if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { + if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { gnutls_assert(); return ret; } - info = _gnutls_get_auth_info( state); - ret=_gnutls_rsa_export_set_modulus_bits( state, _gnutls_mpi_get_nbits(rsa_params[0])); + info = _gnutls_get_auth_info( session); + ret=_gnutls_rsa_export_set_modulus_bits( session, _gnutls_mpi_get_nbits(rsa_params[0])); if (ret<0) { gnutls_assert(); return ret; @@ -153,7 +153,7 @@ static int gen_rsa_export_server_kx(GNUTLS_STATE state, opaque ** data) if (apr_pkey != NULL) { if ((ret = - _gnutls_generate_sig_params(state, &apr_cert_list[0], + _gnutls_generate_sig_params(session, &apr_cert_list[0], apr_pkey, &ddata, &signature)) < 0) { gnutls_assert(); @@ -182,11 +182,11 @@ static int gen_rsa_export_server_kx(GNUTLS_STATE state, opaque ** data) /* if the peer's certificate is of 512 bits or less, returns non zero. */ -int _gnutls_peers_cert_less_512( GNUTLS_STATE state) +int _gnutls_peers_cert_less_512( gnutls_session session) { gnutls_cert peer_cert; int ret; -CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( state); +CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); if (info == NULL || info->ncerts==0) { gnutls_assert(); @@ -194,7 +194,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( state); return 0; } - switch( state->security_parameters.cert_type) { + switch( session->security_parameters.cert_type) { case GNUTLS_CRT_X509: if ((ret = _gnutls_x509_cert2gnutls_cert( &peer_cert, @@ -238,7 +238,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( state); return 0; } -static int proc_rsa_export_server_kx(GNUTLS_STATE state, opaque * data, +static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, int data_size) { uint16 n_m, n_e; @@ -251,7 +251,7 @@ static int proc_rsa_export_server_kx(GNUTLS_STATE state, opaque * data, CERTIFICATE_AUTH_INFO info; gnutls_cert peer_cert; - info = _gnutls_get_auth_info( state); + info = _gnutls_get_auth_info( session); if (info == NULL || info->ncerts==0) { gnutls_assert(); /* we need this in order to get peer's certificate */ @@ -288,18 +288,18 @@ static int proc_rsa_export_server_kx(GNUTLS_STATE state, opaque * data, _n_e = n_e; _n_m = n_m; - if (_gnutls_mpi_scan(&state->gnutls_key->rsa[0], data_m, &_n_m) != 0) { + if (_gnutls_mpi_scan(&session->gnutls_key->rsa[0], data_m, &_n_m) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - if (_gnutls_mpi_scan(&state->gnutls_key->rsa[1], data_e, &_n_e) != 0) { + if (_gnutls_mpi_scan(&session->gnutls_key->rsa[1], data_e, &_n_e) != 0) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - ret=_gnutls_rsa_export_set_modulus_bits( state, _gnutls_mpi_get_nbits( - state->gnutls_key->rsa[0])); + ret=_gnutls_rsa_export_set_modulus_bits( session, _gnutls_mpi_get_nbits( + session->gnutls_key->rsa[0])); if (ret<0) { gnutls_assert(); return ret; @@ -317,7 +317,7 @@ static int proc_rsa_export_server_kx(GNUTLS_STATE state, opaque * data, signature.data = &data[vparams.size + 2]; signature.size = sigsize; - switch( state->security_parameters.cert_type) { + switch( session->security_parameters.cert_type) { case GNUTLS_CRT_X509: if ((ret = _gnutls_x509_cert2gnutls_cert( &peer_cert, @@ -346,7 +346,7 @@ static int proc_rsa_export_server_kx(GNUTLS_STATE state, opaque * data, } ret = - _gnutls_verify_sig_params(state, + _gnutls_verify_sig_params(session, &peer_cert, &vparams, &signature); diff --git a/lib/debug.c b/lib/debug.c index b69317801d..7047bcefc1 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -55,18 +55,18 @@ char *_gnutls_bin2hex(const unsigned char *old, const size_t oldlen) return (new); } -void _gnutls_print_state(GNUTLS_STATE state) +void _gnutls_print_state(gnutls_session session) { _gnutls_log( "GNUTLS State:\n"); _gnutls_log( "Connection End: %d\n", - state->security_parameters.entity); + session->security_parameters.entity); _gnutls_log( "Cipher Algorithm: %d\n", - state->security_parameters.read_bulk_cipher_algorithm); + session->security_parameters.read_bulk_cipher_algorithm); _gnutls_log( "MAC algorithm: %d\n", - state->security_parameters.read_mac_algorithm); + session->security_parameters.read_mac_algorithm); _gnutls_log( "Compression Algorithm: %d\n", - state->security_parameters.read_compression_algorithm); + session->security_parameters.read_compression_algorithm); _gnutls_log( "\n"); } diff --git a/lib/debug.h b/lib/debug.h index 471f94f36d..18f67a9219 100644 --- a/lib/debug.h +++ b/lib/debug.h @@ -19,7 +19,7 @@ */ #ifdef DEBUG -void _gnutls_print_state(GNUTLS_STATE state); +void _gnutls_print_state(gnutls_session session); char * _gnutls_bin2hex(const unsigned char *old, const size_t oldlen); void _gnutls_dump_mpi(char* prefix,MPI a); const char* _gnutls_packet2str( int packet); diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index dfa974ac96..78ee239a31 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -31,17 +31,17 @@ /* * In case of a server: if a CERT_TYPE extension type is received then it stores - * into the state security parameters the new value. The server may use gnutls_state_cert_type_get(), + * into the session security parameters the new value. The server may use gnutls_session_cert_type_get(), * to access it. * * In case of a client: If a cert_types have been specified then we send the extension. * */ -int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) { +int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, int data_size) { int new_type = -1, ret, i; - if (state->security_parameters.entity == GNUTLS_CLIENT) { + if (session->security_parameters.entity == GNUTLS_CLIENT) { if (data_size > 0) { if ( data_size != 1) { gnutls_assert(); @@ -56,12 +56,12 @@ int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int d } /* Check if we support this cert_type */ - if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) { + if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) { gnutls_assert(); return ret; } - _gnutls_state_cert_type_set( state, new_type); + _gnutls_session_cert_type_set( session, new_type); } } else { /* SERVER SIDE - we must check if the sent cert type is the right one */ @@ -78,7 +78,7 @@ int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int d if (new_type < 0) continue; /* Check if we support this cert_type */ - if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) { + if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) { gnutls_assert(); continue; } else break; @@ -90,12 +90,12 @@ int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int d return GNUTLS_E_ILLEGAL_PARAMETER; } - if ( (ret=_gnutls_state_cert_type_supported( state, new_type)) < 0) { + if ( (ret=_gnutls_session_cert_type_supported( session, new_type)) < 0) { gnutls_assert(); return ret; } - _gnutls_state_cert_type_set( state, new_type); + _gnutls_session_cert_type_set( session, new_type); } @@ -107,18 +107,18 @@ int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int d /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int data_size) { +int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, int data_size) { uint16 len, i; /* this function sends the client extension data (dnsname) */ - if (state->security_parameters.entity == GNUTLS_CLIENT) { + if (session->security_parameters.entity == GNUTLS_CLIENT) { - if (state->gnutls_internals.cert_type_priority.algorithms > 0) { + if (session->internals.cert_type_priority.algorithms > 0) { - len = state->gnutls_internals.cert_type_priority.algorithms; + len = session->internals.cert_type_priority.algorithms; if (len==1 && - state->gnutls_internals.cert_type_priority.algorithm_priority[0]==GNUTLS_CRT_X509) + session->internals.cert_type_priority.priority[0]==GNUTLS_CRT_X509) { /* We don't use this extension if X.509 certificates * are used. @@ -132,22 +132,22 @@ int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int data_si } for (i=0;ignutls_internals. - cert_type_priority.algorithm_priority[i]); + data[i] = _gnutls_cert_type2num( session->internals. + cert_type_priority.priority[i]); } return len; } } else { /* server side */ - if ( state->security_parameters.cert_type != DEFAULT_CERT_TYPE) { + if ( session->security_parameters.cert_type != DEFAULT_CERT_TYPE) { len = 1; if (data_size < len) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - data[0] = _gnutls_cert_type2num( state->security_parameters.cert_type); + data[0] = _gnutls_cert_type2num( session->security_parameters.cert_type); return len; } diff --git a/lib/ext_cert_type.h b/lib/ext_cert_type.h index e8d341b275..d6b0fc4d25 100644 --- a/lib/ext_cert_type.h +++ b/lib/ext_cert_type.h @@ -3,5 +3,5 @@ */ int _gnutls_num2cert_type( int num); int _gnutls_cert_type2num( int record_size); -int _gnutls_cert_type_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); -int _gnutls_cert_type_send_params( GNUTLS_STATE state, opaque* data, int); +int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, int data_size); +int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, int); diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c index 6dbe74b7bf..bf5371e74a 100644 --- a/lib/ext_max_record.c +++ b/lib/ext_max_record.c @@ -29,7 +29,7 @@ /* * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores - * into the state the new value. The server may use gnutls_get_max_record_size(), + * into the session the new value. The server may use gnutls_get_max_record_size(), * in order to access it. * * In case of a client: If a different max record size (than the default) has @@ -37,10 +37,10 @@ * */ -int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int data_size) { +int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, int data_size) { size_t new_size; - if (state->security_parameters.entity == GNUTLS_SERVER) { + if (session->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) { if ( data_size != 1) { gnutls_assert(); @@ -54,8 +54,8 @@ int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int return new_size; } - state->security_parameters.max_record_send_size = new_size; - state->security_parameters.max_record_recv_size = new_size; + session->security_parameters.max_record_send_size = new_size; + session->security_parameters.max_record_recv_size = new_size; } } else { /* CLIENT SIDE - we must check if the sent record size is the right one */ @@ -68,11 +68,11 @@ int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int new_size = _gnutls_mre_num2record(data[0]); - if (new_size < 0 || new_size != state->gnutls_internals.proposed_record_size) { + if (new_size < 0 || new_size != session->internals.proposed_record_size) { gnutls_assert(); return GNUTLS_E_ILLEGAL_PARAMETER; } else { - state->security_parameters.max_record_recv_size = state->gnutls_internals.proposed_record_size; + session->security_parameters.max_record_recv_size = session->internals.proposed_record_size; } } @@ -86,12 +86,12 @@ int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int data_size) { +int _gnutls_max_record_send_params( gnutls_session session, opaque* data, int data_size) { uint16 len; /* this function sends the client extension data (dnsname) */ - if (state->security_parameters.entity == GNUTLS_CLIENT) { + if (session->security_parameters.entity == GNUTLS_CLIENT) { - if (state->gnutls_internals.proposed_record_size != DEFAULT_MAX_RECORD_SIZE) { + if (session->internals.proposed_record_size != DEFAULT_MAX_RECORD_SIZE) { gnutls_assert(); len = 1; @@ -100,20 +100,20 @@ int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int data_s return GNUTLS_E_INVALID_REQUEST; } - data[0] = _gnutls_mre_record2num( state->gnutls_internals.proposed_record_size); + data[0] = _gnutls_mre_record2num( session->internals.proposed_record_size); return len; } } else { /* server side */ - if (state->security_parameters.max_record_recv_size != DEFAULT_MAX_RECORD_SIZE) { + if (session->security_parameters.max_record_recv_size != DEFAULT_MAX_RECORD_SIZE) { len = 1; if (data_size < len) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - data[0] = _gnutls_mre_record2num( state->security_parameters.max_record_recv_size); + data[0] = _gnutls_mre_record2num( session->security_parameters.max_record_recv_size); return len; } diff --git a/lib/ext_max_record.h b/lib/ext_max_record.h index c6243304c0..0e719c6e11 100644 --- a/lib/ext_max_record.h +++ b/lib/ext_max_record.h @@ -3,5 +3,5 @@ */ int _gnutls_mre_num2record( int num); int _gnutls_mre_record2num( int record_size); -int _gnutls_max_record_recv_params( GNUTLS_STATE state, const opaque* data, int data_size); -int _gnutls_max_record_send_params( GNUTLS_STATE state, opaque* data, int); +int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, int data_size); +int _gnutls_max_record_send_params( gnutls_session session, opaque* data, int); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 16018c79ac..e5bbe1c2fe 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -36,31 +36,35 @@ extern "C" { #define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_RIJNDAEL_128_CBC #define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 -typedef enum GNUTLS_BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, +typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_CIPHER_ARCFOUR_40 -} GNUTLS_BulkCipherAlgorithm; +} gnutls_cipher_algorithm; -typedef enum GNUTLS_KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, +typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP, GNUTLS_KX_RSA_EXPORT -} GNUTLS_KXAlgorithm; +} gnutls_kx_algorithm; -typedef enum GNUTLS_CredType { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } GNUTLS_CredType; +typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type; -typedef enum GNUTLS_MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } GNUTLS_MACAlgorithm; -typedef enum GNUTLS_DigestAlgorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA } GNUTLS_DigestAlgorithm; +typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } gnutls_mac_algorithm; + +typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA } gnutls_digest_algorithm; /* exported for other gnutls headers. This is the maximum number * of algorithms (ciphers, kx or macs). */ #define GNUTLS_MAX_ALGORITHM_NUM 8 -typedef enum GNUTLS_CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } GNUTLS_CompressionMethod; -typedef enum GNUTLS_ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT } GNUTLS_ConnectionEnd; -typedef enum GNUTLS_AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } GNUTLS_AlertLevel; -typedef enum GNUTLS_AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, +typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } gnutls_compression_method; + +typedef enum gnutls_connection_end { GNUTLS_SERVER=1, GNUTLS_CLIENT } gnutls_connection_end; + +typedef enum gnutls_alert_level { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL } gnutls_alert_level; + +typedef enum gnutls_alert_description { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, GNUTLS_A_BAD_RECORD_MAC=20, GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_RECORD_OVERFLOW, GNUTLS_A_DECOMPRESSION_FAILURE=30, GNUTLS_A_HANDSHAKE_FAILURE=40, GNUTLS_A_SSL3_NO_CERTIFICATE=41, GNUTLS_A_BAD_CERTIFICATE=42, GNUTLS_A_UNSUPPORTED_CERTIFICATE, @@ -69,52 +73,47 @@ typedef enum GNUTLS_AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTE GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, GNUTLS_A_NO_RENEGOTIATION=100 -} GNUTLS_AlertDescription; +} gnutls_alert_description; -typedef enum GNUTLS_CertificateStatus { +typedef enum gnutls_certificate_status { GNUTLS_CERT_NOT_TRUSTED=2, GNUTLS_CERT_INVALID=4, GNUTLS_CERT_CORRUPTED=16, GNUTLS_CERT_REVOKED=32 -} GNUTLS_CertificateStatus; +} gnutls_certificate_status; -typedef enum GNUTLS_CertificateRequest { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } GNUTLS_CertificateRequest; +typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request; -typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, +typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY, GNUTLS_OPENPGP_KEY_FINGERPRINT -} GNUTLS_OpenPGPKeyStatus; +} gnutls_openpgp_key_status; -typedef enum GNUTLS_CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } GNUTLS_CloseRequest; +typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request; -typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version; +typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1 } gnutls_protocol_version; -typedef enum GNUTLS_CertificateType { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP -} GNUTLS_CertificateType; +typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP +} gnutls_certificate_type; -typedef enum GNUTLS_X509_CertificateFmt { GNUTLS_X509_FMT_DER, - GNUTLS_X509_FMT_PEM } GNUTLS_X509_CertificateFmt; +typedef enum gnutls_x509_certificate_fmt { GNUTLS_X509_FMT_DER, + GNUTLS_X509_FMT_PEM } gnutls_x509_certificate_fmt; -typedef enum GNUTLS_PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA -} GNUTLS_PKAlgorithm; +typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA +} gnutls_pk_algorithm; /* If you want to change this, then also change the * define in gnutls_int.h, and recompile. */ -#define GNUTLS_TRANSPORT_PTR int +typedef int gnutls_transport_ptr; -typedef const int* GNUTLS_LIST; +struct gnutls_session_int; +typedef struct gnutls_session_int* gnutls_session; -/* STATE is not really descriptive. Think of it as - * as session. - */ -struct GNUTLS_STATE_INT; -typedef struct GNUTLS_STATE_INT* GNUTLS_STATE; - -struct GNUTLS_DH_PARAMS_INT; -typedef struct GNUTLS_DH_PARAMS_INT* GNUTLS_DH_PARAMS; +struct gnutls_dh_params_int; +typedef struct gnutls_dh_params_int* gnutls_dh_params; -struct GNUTLS_RSA_PARAMS_INT; -typedef struct GNUTLS_RSA_PARAMS_INT* GNUTLS_RSA_PARAMS; +struct gnutls_rsa_params_int; +typedef struct gnutls_rsa_params_int* gnutls_rsa_params; typedef struct { unsigned char * data; @@ -123,36 +122,36 @@ typedef struct { /* internal functions */ -int gnutls_init(GNUTLS_STATE * state, GNUTLS_ConnectionEnd con_end); -void gnutls_deinit(GNUTLS_STATE state); -int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how); -#define gnutls_close gnutls_bye +int gnutls_session_init(gnutls_session * session, gnutls_connection_end con_end); +void gnutls_session_deinit(gnutls_session session); +void _gnutls_session_deinit(gnutls_session session); +int gnutls_bye( gnutls_session session, gnutls_close_request how); -int gnutls_handshake( GNUTLS_STATE state); -int gnutls_rehandshake( GNUTLS_STATE state); +int gnutls_handshake( gnutls_session session); +int gnutls_rehandshake( gnutls_session session); -int gnutls_handshake_get_direction(GNUTLS_STATE state); +int gnutls_handshake_get_direction(gnutls_session session); -GNUTLS_AlertDescription gnutls_alert_get( GNUTLS_STATE state); -int gnutls_alert_send( GNUTLS_STATE, GNUTLS_AlertLevel, GNUTLS_AlertDescription); -int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err); +gnutls_alert_description gnutls_alert_get( gnutls_session session); +int gnutls_alert_send( gnutls_session, gnutls_alert_level, gnutls_alert_description); +int gnutls_alert_send_appropriate( gnutls_session session, int err); const char* gnutls_alert_get_name( int alert); -/* get information on the current state */ -GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state); -GNUTLS_KXAlgorithm gnutls_kx_get( GNUTLS_STATE state); -GNUTLS_MACAlgorithm gnutls_mac_get( GNUTLS_STATE state); -GNUTLS_CompressionMethod gnutls_compression_get( GNUTLS_STATE state); -GNUTLS_CertificateType gnutls_cert_type_get( GNUTLS_STATE state); +/* get information on the current session */ +gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session); +gnutls_kx_algorithm gnutls_kx_get( gnutls_session session); +gnutls_mac_algorithm gnutls_mac_get( gnutls_session session); +gnutls_compression_method gnutls_compression_get( gnutls_session session); +gnutls_certificate_type gnutls_cert_type_get( gnutls_session session); -size_t gnutls_cipher_get_key_size( GNUTLS_BulkCipherAlgorithm algorithm); +size_t gnutls_cipher_get_key_size( gnutls_cipher_algorithm algorithm); /* the name of the specified algorithms */ -const char *gnutls_cipher_get_name( GNUTLS_BulkCipherAlgorithm); -const char *gnutls_mac_get_name( GNUTLS_MACAlgorithm); -const char *gnutls_compression_get_name( GNUTLS_CompressionMethod); -const char *gnutls_kx_get_name( GNUTLS_KXAlgorithm algorithm); -const char *gnutls_cert_type_get_name( GNUTLS_CertificateType type); +const char *gnutls_cipher_get_name( gnutls_cipher_algorithm); +const char *gnutls_mac_get_name( gnutls_mac_algorithm); +const char *gnutls_compression_get_name( gnutls_compression_method); +const char *gnutls_kx_get_name( gnutls_kx_algorithm algorithm); +const char *gnutls_cert_type_get_name( gnutls_certificate_type type); /* error functions */ @@ -163,126 +162,121 @@ const char* gnutls_strerror( int error); /* Semi-internal functions. */ -void gnutls_handshake_set_private_extensions(GNUTLS_STATE state, int allow); -void gnutls_record_set_cbc_protection(GNUTLS_STATE state, int prot); -void gnutls_handshake_set_rsa_pms_check(GNUTLS_STATE state, int check); +void gnutls_handshake_set_private_extensions(gnutls_session session, int allow); +void gnutls_record_set_cbc_protection(gnutls_session session, int prot); +void gnutls_handshake_set_rsa_pms_check(gnutls_session session, int check); /* Record layer functions. */ -ssize_t gnutls_record_send( GNUTLS_STATE state, const void *data, size_t sizeofdata); -ssize_t gnutls_record_recv( GNUTLS_STATE state, void *data, size_t sizeofdata); +ssize_t gnutls_record_send( gnutls_session session, const void *data, size_t sizeofdata); +ssize_t gnutls_record_recv( gnutls_session session, void *data, size_t sizeofdata); #define gnutls_read gnutls_record_recv #define gnutls_write gnutls_record_send -size_t gnutls_record_get_max_size( GNUTLS_STATE state); -ssize_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size); +size_t gnutls_record_get_max_size( gnutls_session session); +ssize_t gnutls_record_set_max_size( gnutls_session session, size_t size); -size_t gnutls_record_check_pending(GNUTLS_STATE state); +size_t gnutls_record_check_pending(gnutls_session session); /* functions to set priority of cipher suites */ -int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_cert_type_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_cipher_set_priority( gnutls_session session, const int*); +int gnutls_mac_set_priority( gnutls_session session, const int*); +int gnutls_compression_set_priority( gnutls_session session, const int*); +int gnutls_kx_set_priority( gnutls_session session, const int*); +int gnutls_protocol_set_priority( gnutls_session session, const int*); +int gnutls_cert_type_set_priority( gnutls_session session, const int*); /* Returns the name of a cipher suite */ -const char *gnutls_cipher_suite_get_name(GNUTLS_KXAlgorithm kx_algorithm, - GNUTLS_BulkCipherAlgorithm cipher_algorithm, GNUTLS_MACAlgorithm mac_algorithm); +const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm kx_algorithm, + gnutls_cipher_algorithm cipher_algorithm, gnutls_mac_algorithm mac_algorithm); /* get the currently used protocol version */ -GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state); +gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session); -const char *gnutls_protocol_get_name(GNUTLS_Version version); +const char *gnutls_protocol_get_name(gnutls_protocol_version version); /* get/set session */ -int gnutls_session_set_data( GNUTLS_STATE state, void* session, int session_size); -int gnutls_session_get_data( GNUTLS_STATE state, void* session, int *session_size); +int gnutls_session_set_data( gnutls_session session, const void* session_data, int session_data_size); +int gnutls_session_get_data( gnutls_session session, void* session_data, int *session_data_size); /* returns the session ID */ -int gnutls_session_get_id( GNUTLS_STATE state, void* session, int *session_size); +int gnutls_session_get_id( gnutls_session session, void* session_id, int *session_id_size); /* checks if this session is a resumed one */ -int gnutls_session_is_resumed(GNUTLS_STATE state); +int gnutls_session_is_resumed(gnutls_session session); -typedef int (*GNUTLS_DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data); -typedef int (*GNUTLS_DB_REMOVE_FUNC)(void*, gnutls_datum key); -typedef gnutls_datum (*GNUTLS_DB_RETR_FUNC)(void*, gnutls_datum key); +typedef int (*gnutls_db_store_func)(void*, gnutls_datum key, gnutls_datum data); +typedef int (*gnutls_db_remove_func)(void*, gnutls_datum key); +typedef gnutls_datum (*gnutls_db_retr_func)(void*, gnutls_datum key); -void gnutls_db_set_cache_expiration( GNUTLS_STATE state, int seconds); +void gnutls_db_set_cache_expiration( gnutls_session session, int seconds); -void gnutls_db_remove_session( GNUTLS_STATE state); -void gnutls_db_set_retrieve_function( GNUTLS_STATE, GNUTLS_DB_RETR_FUNC); -void gnutls_db_set_remove_function( GNUTLS_STATE, GNUTLS_DB_REMOVE_FUNC); -void gnutls_db_set_store_function( GNUTLS_STATE, GNUTLS_DB_STORE_FUNC); -void gnutls_db_set_ptr( GNUTLS_STATE, void* db_ptr); -void* gnutls_db_get_ptr( GNUTLS_STATE); -int gnutls_db_check_entry( GNUTLS_STATE state, gnutls_datum session_entry); +void gnutls_db_remove_session( gnutls_session session); +void gnutls_db_set_retrieve_function( gnutls_session, gnutls_db_retr_func); +void gnutls_db_set_remove_function( gnutls_session, gnutls_db_remove_func); +void gnutls_db_set_store_function( gnutls_session, gnutls_db_store_func); +void gnutls_db_set_ptr( gnutls_session, void* db_ptr); +void* gnutls_db_get_ptr( gnutls_session); +int gnutls_db_check_entry( gnutls_session session, gnutls_datum session_entry); -void gnutls_handshake_set_max_packet_length( GNUTLS_STATE state, int max); +void gnutls_handshake_set_max_packet_length( gnutls_session session, int max); /* returns libgnutls version */ const char* gnutls_check_version( const char*); /* Functions for setting/clearing credentials */ -int gnutls_clear_creds( GNUTLS_STATE state); +int gnutls_clear_creds( gnutls_session session); /* cred is a structure defined by the kx algorithm */ -int gnutls_cred_set( GNUTLS_STATE, GNUTLS_CredType type, void* cred); +int gnutls_cred_set( gnutls_session, gnutls_credentials_type type, void* cred); /* Credential structures for SRP - used in gnutls_set_cred(); */ struct DSTRUCT; -typedef struct DSTRUCT* GNUTLS_CERTIFICATE_CREDENTIALS; -typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS; -typedef GNUTLS_CERTIFICATE_CREDENTIALS GNUTLS_CERTIFICATE_SERVER_CREDENTIALS; +typedef struct DSTRUCT* gnutls_certificate_credentials; +typedef gnutls_certificate_credentials gnutls_certificate_server_credentials; +typedef gnutls_certificate_credentials gnutls_certificate_client_credentials; -typedef struct DSTRUCT* GNUTLS_ANON_SERVER_CREDENTIALS; -typedef struct DSTRUCT* GNUTLS_ANON_CLIENT_CREDENTIALS; +typedef struct DSTRUCT* gnutls_anon_server_credentials; +typedef struct DSTRUCT* gnutls_anon_client_credentials; -void gnutls_anon_free_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS sc); -int gnutls_anon_allocate_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS *sc); -#define gnutls_anon_free_server_sc gnutls_anon_free_server_cred -#define gnutls_anon_allocate_server_sc gnutls_anon_allocate_server_cred +void gnutls_anon_free_server_cred( gnutls_anon_server_credentials sc); +int gnutls_anon_allocate_server_cred( gnutls_anon_server_credentials *sc); -int gnutls_anon_set_server_cred( GNUTLS_ANON_SERVER_CREDENTIALS res); -void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS); +int gnutls_anon_set_server_cred( gnutls_anon_server_credentials res); +void gnutls_anon_set_server_dh_params( gnutls_anon_server_credentials res, gnutls_dh_params); -void gnutls_anon_free_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS sc); -int gnutls_anon_allocate_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS *sc); -#define gnutls_anon_free_client_sc gnutls_anon_free_client_cred -#define gnutls_anon_allocate_client_sc gnutls_anon_allocate_client_cred +void gnutls_anon_free_client_cred( gnutls_anon_server_credentials sc); +int gnutls_anon_allocate_client_cred( gnutls_anon_server_credentials *sc); -int gnutls_anon_set_client_cred( GNUTLS_ANON_SERVER_CREDENTIALS res); + +int gnutls_anon_set_client_cred( gnutls_anon_server_credentials res); /* CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). */ -void gnutls_certificate_free_cred( GNUTLS_CERTIFICATE_CREDENTIALS sc); -int gnutls_certificate_allocate_cred( GNUTLS_CERTIFICATE_CREDENTIALS *sc); -#define gnutls_certificate_free_sc gnutls_certificate_free_cred -#define gnutls_certificate_allocate_sc gnutls_certificate_allocate_cred +void gnutls_certificate_free_cred( gnutls_certificate_credentials sc); +int gnutls_certificate_allocate_cred( gnutls_certificate_credentials *sc); -int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS); -int gnutls_certificate_set_rsa_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_RSA_PARAMS rsa_params); +int gnutls_certificate_set_dh_params(gnutls_certificate_credentials res, gnutls_dh_params); +int gnutls_certificate_set_rsa_params(gnutls_certificate_credentials res, gnutls_rsa_params rsa_params); -int gnutls_certificate_set_x509_trust_file( GNUTLS_CERTIFICATE_CREDENTIALS res, const char* CAFILE, - GNUTLS_X509_CertificateFmt); -int gnutls_certificate_set_x509_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, - const gnutls_datum *CA, GNUTLS_X509_CertificateFmt); +int gnutls_certificate_set_x509_trust_file( gnutls_certificate_credentials res, const char* CAFILE, + gnutls_x509_certificate_fmt); +int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials res, + const gnutls_datum *CA, gnutls_x509_certificate_fmt); -int gnutls_certificate_set_x509_key_file( GNUTLS_CERTIFICATE_CREDENTIALS res, - const char *CERTFILE, const char* KEYFILE, GNUTLS_X509_CertificateFmt); -int gnutls_certificate_set_x509_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, +int gnutls_certificate_set_x509_key_file( gnutls_certificate_credentials res, + const char *CERTFILE, const char* KEYFILE, gnutls_x509_certificate_fmt); +int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials res, const gnutls_datum* CERT, const gnutls_datum* KEY, - GNUTLS_X509_CertificateFmt); + gnutls_x509_certificate_fmt); /* global state functions */ @@ -297,54 +291,97 @@ void gnutls_global_set_mem_functions( void *(*gnutls_alloc_func)(size_t), void* (*gnutls_secure_alloc_func)(size_t), int (*gnutls_is_secure_func)(const void*), void *(*gnutls_realloc_func)(void *, size_t), void (*gnutls_free_func)(void*)); -#define gnutls_global_set_mem_func gnutls_global_set_mem_functions -typedef void (*GNUTLS_LOG_FUNC)( const char*); -void gnutls_global_set_log_function( GNUTLS_LOG_FUNC log_func); -#define gnutls_global_set_log_func gnutls_global_set_log_function +typedef void (*gnutls_log_func)( const char*); +void gnutls_global_set_log_function( gnutls_log_func log_func); /* DH params */ -int gnutls_dh_params_set( GNUTLS_DH_PARAMS, gnutls_datum prime, gnutls_datum generator, int bits); -int gnutls_dh_params_init( GNUTLS_DH_PARAMS*); -void gnutls_dh_params_deinit( GNUTLS_DH_PARAMS); +int gnutls_dh_params_set( gnutls_dh_params, gnutls_datum prime, gnutls_datum generator, int bits); +int gnutls_dh_params_init( gnutls_dh_params*); +void gnutls_dh_params_deinit( gnutls_dh_params); int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int bits); /* RSA params */ -int gnutls_rsa_params_set(GNUTLS_RSA_PARAMS rsa_params, +int gnutls_rsa_params_set(gnutls_rsa_params rsa_params, gnutls_datum m, gnutls_datum e, gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u, int bits); int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, gnutls_datum* u, int bits); -int gnutls_rsa_params_init(GNUTLS_RSA_PARAMS * rsa_params); -void gnutls_rsa_params_deinit(GNUTLS_RSA_PARAMS rsa_params); +int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params); +void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params); -typedef ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_TRANSPORT_PTR, void*, size_t); -typedef ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t); -void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR ptr); -void gnutls_transport_set_ptr2(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR recv_ptr, - GNUTLS_TRANSPORT_PTR send_ptr); +typedef ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, void*, size_t); +typedef ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t); +void gnutls_transport_set_ptr(gnutls_session session, gnutls_transport_ptr ptr); +void gnutls_transport_set_ptr2(gnutls_session session, gnutls_transport_ptr recv_ptr, + gnutls_transport_ptr send_ptr); -GNUTLS_TRANSPORT_PTR gnutls_transport_get_ptr(GNUTLS_STATE state); -void gnutls_transport_get_ptr2(GNUTLS_STATE state, - GNUTLS_TRANSPORT_PTR *recv_ptr, - GNUTLS_TRANSPORT_PTR *send_ptr); +gnutls_transport_ptr gnutls_transport_get_ptr(gnutls_session session); +void gnutls_transport_get_ptr2(gnutls_session session, + gnutls_transport_ptr *recv_ptr, + gnutls_transport_ptr *send_ptr); -void gnutls_transport_set_lowat( GNUTLS_STATE state, int num); +void gnutls_transport_set_lowat( gnutls_session session, int num); -void gnutls_transport_set_push_function( GNUTLS_STATE, GNUTLS_PUSH_FUNC push_func); -void gnutls_transport_set_pull_function( GNUTLS_STATE, GNUTLS_PULL_FUNC pull_func); -#define gnutls_transport_set_push_func gnutls_transport_set_push_function -#define gnutls_transport_set_pull_func gnutls_transport_set_pull_function +void gnutls_transport_set_push_function( gnutls_session, gnutls_push_func push_func); +void gnutls_transport_set_pull_function( gnutls_session, gnutls_pull_func pull_func); -/* state specific +/* session specific */ -void gnutls_state_set_ptr(GNUTLS_STATE state, void* ptr); -void* gnutls_state_get_ptr(GNUTLS_STATE state); +void gnutls_session_set_ptr(gnutls_session session, void* ptr); +void* gnutls_session_get_ptr(gnutls_session session); + +void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status status); + +int gnutls_x509_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, char* result, size_t* result_size); -void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status); +/* defines for compatibility with older versions. + */ +#define GNUTLS_RSA_PARAMS gnutls_rsa_params +#define GNUTLS_DH_PARAMS gnutls_dh_params +#define GNUTLS_STATE gnutls_session +#define GNUTLS_LIST const int* +#define GNUTLS_TRANSPORT_PTR gnutls_transport_ptr +#define GNUTLS_PKAlgorithm gnutls_pk_algorithm +#define GNUTLS_X509_CertificateFmt gnutls_x509_certificate_fmt +#define GNUTLS_CertificateType gnutls_certificate_type +#define GNUTLS_Version gnutls_protocol_version +#define GNUTLS_CloseRequest gnutls_close_request +#define GNUTLS_OpenPGPKeyStatus gnutls_openpgp_key_status +#define GNUTLS_CertificateRequest gnutls_certificate_request +#define GNUTLS_CertificateStatus gnutls_certificate_status +#define GNUTLS_ConnectionEnd gnutls_connection_end +#define GNUTLS_CompressionMethod gnutls_compression_method +#define GNUTLS_DigestAlgorithm gnutls_digest_algorithm +#define GNUTLS_CredType gnutls_credentials_type +#define GNUTLS_KXAlgorithm gnutls_kx_algorithm +#define GNUTLS_BulkCipherAlgorithm gnutls_cipher_algorithm +#define GNUTLS_MACAlgorithm gnutls_mac_algorithm +#define GNUTLS_AlertLevel gnutls_alert_level +#define GNUTLS_AlertDescription gnutls_alert_description +#define GNUTLS_CERTIFICATE_CLIENT_CREDENTIALS gnutls_certificate_client_credentials +#define GNUTLS_CERTIFICATE_SERVER_CREDENTIALS gnutls_certificate_server_credentials +#define GNUTLS_CERTIFICATE_CREDENTIALS gnutls_certificate_credentials +#define GNUTLS_ANON_SERVER_CREDENTIALS gnutls_anon_server_credentials +#define GNUTLS_ANON_CLIENT_CREDENTIALS gnutls_anon_client_credentials +#define gnutls_anon_free_client_sc gnutls_anon_free_client_cred +#define gnutls_anon_allocate_client_sc gnutls_anon_allocate_client_cred +#define gnutls_anon_free_server_sc gnutls_anon_free_server_cred +#define gnutls_anon_allocate_server_sc gnutls_anon_allocate_server_cred +#define gnutls_transport_set_push_func gnutls_transport_set_push_function +#define gnutls_transport_set_pull_func gnutls_transport_set_pull_function +#define gnutls_global_set_log_func gnutls_global_set_log_function +#define gnutls_global_set_mem_func gnutls_global_set_mem_functions +#define gnutls_certificate_free_sc gnutls_certificate_free_cred +#define gnutls_certificate_allocate_sc gnutls_certificate_allocate_cred -int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* data, char* result, size_t* result_size); +#define gnutls_state_get_ptr gnutls_session_get_ptr +#define gnutls_state_set_ptr gnutls_session_set_ptr +#define gnutls_init gnutls_session_init +#define gnutls_deinit gnutls_session_deinit +#define _gnutls_deinit _gnutls_session_deinit +#define gnutls_handshake_set_exportable_detection(x,y) 0 diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index c3f5d3fcd3..6164fe936d 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -66,7 +66,7 @@ static const gnutls_alert_entry sup_alerts[] = { /** * gnutls_alert_get_name - Returns a string describing the alert number given - * @alert: is an alert number &GNUTLS_STATE structure. + * @alert: is an alert number &gnutls_session structure. * * Returns a string that describes the given alert number. * See. gnutls_alert_get(). @@ -82,7 +82,7 @@ const char* ret = NULL; /** * gnutls_alert_send - This function sends an alert message to the peer - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @level: is the level of the alert * @desc: is the alert description * @@ -93,7 +93,7 @@ const char* ret = NULL; * Returns 0 on success. * **/ -int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_AlertDescription desc) +int gnutls_alert_send( gnutls_session session, GNUTLS_AlertLevel level, GNUTLS_AlertDescription desc) { uint8 data[2]; int ret; @@ -103,7 +103,7 @@ int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_Alert _gnutls_record_log( "REC: Sending Alert[%d|%d] - %s\n", data[0], data[1], gnutls_alert_get_name((int)data[1])); - if ( (ret = gnutls_send_int( state, GNUTLS_ALERT, -1, data, 2)) >= 0) + if ( (ret = gnutls_send_int( session, GNUTLS_ALERT, -1, data, 2)) >= 0) return 0; else return ret; @@ -114,7 +114,7 @@ int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_Alert */ /** * gnutls_alert_send_appropriate - This function sends an alert to the peer depending on the error code - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @err: is an integer * * Sends an alert to the peer depending on the error code returned by a gnutls @@ -129,20 +129,20 @@ int gnutls_alert_send( GNUTLS_STATE state, GNUTLS_AlertLevel level, GNUTLS_Alert * been sent to the peer. * **/ -int gnutls_alert_send_appropriate( GNUTLS_STATE state, int err) { +int gnutls_alert_send_appropriate( gnutls_session session, int err) { int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; switch (err) { /* send appropriate alert */ case GNUTLS_E_DECRYPTION_FAILED: /* GNUTLS_A_DECRYPTION_FAILED is not sent, because * it is not defined in SSL3. */ - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_BAD_RECORD_MAC); break; case GNUTLS_E_DECOMPRESSION_FAILED: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_DECOMPRESSION_FAILURE); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_DECOMPRESSION_FAILURE); break; case GNUTLS_E_ILLEGAL_PARAMETER: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_ILLEGAL_PARAMETER); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_ILLEGAL_PARAMETER); break; case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND: case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND: @@ -156,25 +156,25 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; case GNUTLS_E_ASN1_SYNTAX_ERROR: case GNUTLS_E_ASN1_DER_OVERFLOW: case GNUTLS_E_NO_CERTIFICATE_FOUND: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_BAD_CERTIFICATE); break; case GNUTLS_E_UNKNOWN_CIPHER_SUITE: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_HANDSHAKE_FAILURE); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_HANDSHAKE_FAILURE); break; case GNUTLS_E_UNEXPECTED_PACKET: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_UNEXPECTED_MESSAGE); break; case GNUTLS_E_REHANDSHAKE: - ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); + ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_NO_RENEGOTIATION); break; case GNUTLS_E_UNSUPPORTED_VERSION_PACKET: - ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_PROTOCOL_VERSION); + ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_PROTOCOL_VERSION); break; case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE: - ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_UNSUPPORTED_CERTIFICATE); + ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_UNSUPPORTED_CERTIFICATE); break; case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: - ret = gnutls_alert_send( state, GNUTLS_AL_FATAL, GNUTLS_A_RECORD_OVERFLOW); + ret = gnutls_alert_send( session, GNUTLS_AL_FATAL, GNUTLS_A_RECORD_OVERFLOW); break; } return ret; @@ -182,7 +182,7 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; /** * gnutls_alert_get - Returns the last alert number received. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the last alert number received. This function * should be called if GNUTLS_E_WARNING_ALERT_RECEIVED or @@ -190,7 +190,7 @@ int ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; * The peer may send alerts if he thinks some things were not * right. Check gnutls.h for the available alert descriptions. **/ -GNUTLS_AlertDescription gnutls_alert_get( GNUTLS_STATE state) { - return state->gnutls_internals.last_alert; +GNUTLS_AlertDescription gnutls_alert_get( gnutls_session session) { + return session->internals.last_alert; } diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h index 14e887890d..ad9b747467 100644 --- a/lib/gnutls_alert.h +++ b/lib/gnutls_alert.h @@ -18,5 +18,5 @@ typedef enum AlertDescription { } AlertDescription; #define GNUTLS_AlertDescription AlertDescription -AlertDescription gnutls_alert_get( GNUTLS_STATE state); -int gnutls_alert_send( GNUTLS_STATE state, AlertLevel level, AlertDescription desc); +AlertDescription gnutls_alert_get( gnutls_session session); +int gnutls_alert_send( gnutls_session session, AlertLevel level, AlertDescription desc); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 289807bede..563da79ae9 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -27,8 +27,8 @@ /* Cred type mappings to KX algorithms */ typedef struct { - KXAlgorithm algorithm; - CredType type; + gnutls_kx_algorithm algorithm; + gnutls_credentials_type type; } gnutls_cred_map; static const gnutls_cred_map cred_mappings[] = { @@ -53,7 +53,7 @@ static const gnutls_cred_map cred_mappings[] = { typedef struct { const char *name; - GNUTLS_Version id; /* gnutls internal version number */ + gnutls_protocol_version id; /* gnutls internal version number */ int major; /* defined by the protocol */ int minor; /* defined by the protocol */ int supported; /* 0 not supported, > 0 is supported */ @@ -76,7 +76,7 @@ static const gnutls_version_entry sup_versions[] = { struct gnutls_cipher_entry { const char *name; - BulkCipherAlgorithm id; + gnutls_cipher_algorithm id; size_t blocksize; size_t keysize; CipherType block; @@ -111,7 +111,7 @@ static const gnutls_cipher_entry algorithms[] = { struct gnutls_hash_entry { const char *name; - MACAlgorithm id; + gnutls_mac_algorithm id; size_t digestsize; }; typedef struct gnutls_hash_entry gnutls_hash_entry; @@ -137,7 +137,7 @@ static const gnutls_hash_entry hash_algorithms[] = { struct gnutls_compression_entry { const char *name; - CompressionMethod id; + gnutls_compression_method id; int num; /* the number reserved in TLS for the specific compression method */ }; @@ -199,10 +199,10 @@ gnutls_kx_algo_entry _gnutls_kx_algorithms[MAX_KX_ALGOS] = { typedef struct { const char *name; GNUTLS_CipherSuite id; - BulkCipherAlgorithm block_algorithm; - KXAlgorithm kx_algorithm; - MACAlgorithm mac_algorithm; - GNUTLS_Version version; /* this cipher suite is supported + gnutls_cipher_algorithm block_algorithm; + gnutls_kx_algorithm kx_algorithm; + gnutls_mac_algorithm mac_algorithm; + gnutls_protocol_version version; /* this cipher suite is supported * from 'version' and above; */ } gnutls_cipher_suite_entry; @@ -389,7 +389,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* Generic Functions */ /* HASHES */ -int _gnutls_mac_get_digest_size(MACAlgorithm algorithm) +int _gnutls_mac_get_digest_size(gnutls_mac_algorithm algorithm) { size_t ret = 0; GNUTLS_HASH_ALG_LOOP(ret = p->digestsize); @@ -397,14 +397,14 @@ int _gnutls_mac_get_digest_size(MACAlgorithm algorithm) } -inline int _gnutls_mac_priority(GNUTLS_STATE state, MACAlgorithm algorithm) +inline int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm algorithm) { /* actually returns the priority */ int i; for (i = 0; - i < state->gnutls_internals.MACAlgorithmPriority.algorithms; + i < session->internals.mac_algorithm_priority.algorithms; i++) { - if (state->gnutls_internals. - MACAlgorithmPriority.algorithm_priority[i] == + if (session->internals. + mac_algorithm_priority.priority[i] == algorithm) return i; } @@ -418,7 +418,7 @@ inline int _gnutls_mac_priority(GNUTLS_STATE state, MACAlgorithm algorithm) * Returns a string that contains the name * of the specified MAC algorithm. **/ -const char *gnutls_mac_get_name( GNUTLS_MACAlgorithm algorithm) +const char *gnutls_mac_get_name( gnutls_mac_algorithm algorithm) { const char *ret = NULL; @@ -429,7 +429,7 @@ const char *gnutls_mac_get_name( GNUTLS_MACAlgorithm algorithm) return ret; } -int _gnutls_mac_is_ok(MACAlgorithm algorithm) +int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm) { size_t ret = -1; GNUTLS_HASH_ALG_LOOP(ret = p->id); @@ -442,16 +442,16 @@ int _gnutls_mac_is_ok(MACAlgorithm algorithm) /* Compression Functions */ inline - int _gnutls_compression_priority(GNUTLS_STATE state, - CompressionMethod algorithm) + int _gnutls_compression_priority(gnutls_session session, + gnutls_compression_method algorithm) { /* actually returns the priority */ int i; for (i = 0; i < - state->gnutls_internals.CompressionMethodPriority.algorithms; + session->internals.compression_method_priority.algorithms; i++) { - if (state->gnutls_internals. - CompressionMethodPriority.algorithm_priority[i] == + if (session->internals. + compression_method_priority.priority[i] == algorithm) return i; } @@ -465,7 +465,7 @@ inline * Returns a pointer to a string that contains the name * of the specified compression algorithm. **/ -const char *gnutls_compression_get_name( GNUTLS_CompressionMethod algorithm) +const char *gnutls_compression_get_name( gnutls_compression_method algorithm) { const char *ret = NULL; @@ -478,7 +478,7 @@ const char *gnutls_compression_get_name( GNUTLS_CompressionMethod algorithm) } /* return the tls number of the specified algorithm */ -int _gnutls_compression_get_num(CompressionMethod algorithm) +int _gnutls_compression_get_num(gnutls_compression_method algorithm) { int ret = -1; @@ -491,9 +491,9 @@ int _gnutls_compression_get_num(CompressionMethod algorithm) /* returns the gnutls internal ID of the TLS compression * method num */ -CompressionMethod _gnutls_compression_get_id(int num) +gnutls_compression_method _gnutls_compression_get_id(int num) { - CompressionMethod ret = -1; + gnutls_compression_method ret = -1; /* avoid prefix */ GNUTLS_COMPRESSION_ALG_LOOP_NUM(ret = p->id); @@ -501,7 +501,7 @@ CompressionMethod _gnutls_compression_get_id(int num) return ret; } -int _gnutls_compression_is_ok(CompressionMethod algorithm) +int _gnutls_compression_is_ok(gnutls_compression_method algorithm) { size_t ret = -1; GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id); @@ -515,7 +515,7 @@ int _gnutls_compression_is_ok(CompressionMethod algorithm) /* CIPHER functions */ -int _gnutls_cipher_get_block_size(BulkCipherAlgorithm algorithm) +int _gnutls_cipher_get_block_size(gnutls_cipher_algorithm algorithm) { size_t ret = 0; GNUTLS_ALG_LOOP(ret = p->blocksize); @@ -526,15 +526,15 @@ int _gnutls_cipher_get_block_size(BulkCipherAlgorithm algorithm) /* returns the priority */ inline int -_gnutls_cipher_priority(GNUTLS_STATE state, BulkCipherAlgorithm algorithm) +_gnutls_cipher_priority(gnutls_session session, gnutls_cipher_algorithm algorithm) { int i; for (i = 0; i < - state->gnutls_internals. - BulkCipherAlgorithmPriority.algorithms; i++) { - if (state->gnutls_internals. - BulkCipherAlgorithmPriority.algorithm_priority[i] == + session->internals. + cipher_algorithm_priority.algorithms; i++) { + if (session->internals. + cipher_algorithm_priority.priority[i] == algorithm) return i; } @@ -542,7 +542,7 @@ _gnutls_cipher_priority(GNUTLS_STATE state, BulkCipherAlgorithm algorithm) } -int _gnutls_cipher_is_block(BulkCipherAlgorithm algorithm) +int _gnutls_cipher_is_block(gnutls_cipher_algorithm algorithm) { size_t ret = 0; @@ -559,7 +559,7 @@ int _gnutls_cipher_is_block(BulkCipherAlgorithm algorithm) * Returns 0 if the given cipher is invalid. * **/ -size_t gnutls_cipher_get_key_size( GNUTLS_BulkCipherAlgorithm algorithm) +size_t gnutls_cipher_get_key_size( gnutls_cipher_algorithm algorithm) { /* In bytes */ size_t ret = 0; GNUTLS_ALG_LOOP(ret = p->keysize); @@ -567,7 +567,7 @@ size_t gnutls_cipher_get_key_size( GNUTLS_BulkCipherAlgorithm algorithm) } -int _gnutls_cipher_get_iv_size(BulkCipherAlgorithm algorithm) +int _gnutls_cipher_get_iv_size(gnutls_cipher_algorithm algorithm) { /* In bytes */ size_t ret = 0; GNUTLS_ALG_LOOP(ret = p->iv); @@ -575,7 +575,7 @@ int _gnutls_cipher_get_iv_size(BulkCipherAlgorithm algorithm) } -int _gnutls_cipher_get_export_flag(BulkCipherAlgorithm algorithm) +int _gnutls_cipher_get_export_flag(gnutls_cipher_algorithm algorithm) { /* In bytes */ size_t ret = 0; GNUTLS_ALG_LOOP(ret = p->export_flag); @@ -590,7 +590,7 @@ int _gnutls_cipher_get_export_flag(BulkCipherAlgorithm algorithm) * Returns a pointer to a string that contains the name * of the specified cipher. **/ -const char *gnutls_cipher_get_name( GNUTLS_BulkCipherAlgorithm algorithm) +const char *gnutls_cipher_get_name( gnutls_cipher_algorithm algorithm) { const char *ret = NULL; @@ -600,7 +600,7 @@ const char *gnutls_cipher_get_name( GNUTLS_BulkCipherAlgorithm algorithm) return ret; } -int _gnutls_cipher_is_ok(BulkCipherAlgorithm algorithm) +int _gnutls_cipher_is_ok(gnutls_cipher_algorithm algorithm) { size_t ret = -1; GNUTLS_ALG_LOOP(ret = p->id); @@ -613,7 +613,7 @@ int _gnutls_cipher_is_ok(BulkCipherAlgorithm algorithm) /* Key EXCHANGE functions */ -MOD_AUTH_STRUCT *_gnutls_kx_auth_struct(KXAlgorithm algorithm) +MOD_AUTH_STRUCT *_gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm) { MOD_AUTH_STRUCT *ret = NULL; GNUTLS_KX_ALG_LOOP(ret = p->auth_struct); @@ -621,14 +621,14 @@ MOD_AUTH_STRUCT *_gnutls_kx_auth_struct(KXAlgorithm algorithm) } -inline int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm) +inline int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algorithm) { int i; for (i = 0; - i < state->gnutls_internals.KXAlgorithmPriority.algorithms; + i < session->internals.kx_algorithm_priority.algorithms; i++) { - if (state->gnutls_internals. - KXAlgorithmPriority.algorithm_priority[i] == algorithm) + if (session->internals. + kx_algorithm_priority.priority[i] == algorithm) return i; } return -1; @@ -641,7 +641,7 @@ inline int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm) * Returns a pointer to a string that contains the name * of the specified key exchange algorithm. **/ -const char *gnutls_kx_get_name( GNUTLS_KXAlgorithm algorithm) +const char *gnutls_kx_get_name( gnutls_kx_algorithm algorithm) { const char *ret = NULL; @@ -651,7 +651,7 @@ const char *gnutls_kx_get_name( GNUTLS_KXAlgorithm algorithm) return ret; } -int _gnutls_kx_is_ok(KXAlgorithm algorithm) +int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm) { size_t ret = -1; GNUTLS_KX_ALG_LOOP(ret = p->algorithm); @@ -663,38 +663,38 @@ int _gnutls_kx_is_ok(KXAlgorithm algorithm) } /* Version */ -int _gnutls_version_priority(GNUTLS_STATE state, - GNUTLS_Version version) +int _gnutls_version_priority(gnutls_session session, + gnutls_protocol_version version) { /* actually returns the priority */ int i; - if (state->gnutls_internals.ProtocolPriority.algorithm_priority==NULL) { + if (session->internals.protocol_priority.priority==NULL) { gnutls_assert(); return -1; } for (i = 0; i < - state->gnutls_internals.ProtocolPriority.algorithms; + session->internals.protocol_priority.algorithms; i++) { - if (state->gnutls_internals. - ProtocolPriority.algorithm_priority[i] == + if (session->internals. + protocol_priority.priority[i] == version) return i; } return -1; } -GNUTLS_Version _gnutls_version_lowest(GNUTLS_STATE state) +gnutls_protocol_version _gnutls_version_lowest(gnutls_session session) { /* returns the lowest version supported */ int i, min = 0xff; - if (state->gnutls_internals.ProtocolPriority.algorithm_priority==NULL) { + if (session->internals.protocol_priority.priority==NULL) { return GNUTLS_VERSION_UNKNOWN; } else - for (i=0;ignutls_internals.ProtocolPriority.algorithms;i++) { - if (state->gnutls_internals.ProtocolPriority.algorithm_priority[i] < min) - min = state->gnutls_internals.ProtocolPriority.algorithm_priority[i]; + for (i=0;iinternals.protocol_priority.algorithms;i++) { + if (session->internals.protocol_priority.priority[i] < min) + min = session->internals.protocol_priority.priority[i]; } if (min==0xff) return GNUTLS_VERSION_UNKNOWN; /* unknown version */ @@ -702,16 +702,16 @@ GNUTLS_Version _gnutls_version_lowest(GNUTLS_STATE state) return min; } -GNUTLS_Version _gnutls_version_max(GNUTLS_STATE state) +gnutls_protocol_version _gnutls_version_max(gnutls_session session) { /* returns the maximum version supported */ int i, max=0x00; - if (state->gnutls_internals.ProtocolPriority.algorithm_priority==NULL) { + if (session->internals.protocol_priority.priority==NULL) { return GNUTLS_VERSION_UNKNOWN; } else - for (i=0;ignutls_internals.ProtocolPriority.algorithms;i++) { - if (state->gnutls_internals.ProtocolPriority.algorithm_priority[i] > max) - max = state->gnutls_internals.ProtocolPriority.algorithm_priority[i]; + for (i=0;iinternals.protocol_priority.algorithms;i++) { + if (session->internals.protocol_priority.priority[i] > max) + max = session->internals.protocol_priority.priority[i]; } if (max==0x00) return GNUTLS_VERSION_UNKNOWN; /* unknown version */ @@ -727,7 +727,7 @@ GNUTLS_Version _gnutls_version_max(GNUTLS_STATE state) * Returns a string that contains the name * of the specified TLS version. **/ -const char *gnutls_protocol_get_name( GNUTLS_Version version) +const char *gnutls_protocol_get_name( gnutls_protocol_version version) { const char *ret = NULL; @@ -737,7 +737,7 @@ const char *gnutls_protocol_get_name( GNUTLS_Version version) return ret; } -int _gnutls_version_get_minor(GNUTLS_Version version) +int _gnutls_version_get_minor(gnutls_protocol_version version) { int ret = -1; @@ -745,7 +745,7 @@ int _gnutls_version_get_minor(GNUTLS_Version version) return ret; } -GNUTLS_Version _gnutls_version_get(int major, int minor) +gnutls_protocol_version _gnutls_version_get(int major, int minor) { int ret = -1; @@ -754,7 +754,7 @@ GNUTLS_Version _gnutls_version_get(int major, int minor) return ret; } -int _gnutls_version_get_major(GNUTLS_Version version) +int _gnutls_version_get_major(gnutls_protocol_version version) { int ret = -1; @@ -765,32 +765,32 @@ int _gnutls_version_get_major(GNUTLS_Version version) /* Version Functions */ int -_gnutls_version_is_supported(GNUTLS_STATE state, - const GNUTLS_Version version) +_gnutls_version_is_supported(gnutls_session session, + const gnutls_protocol_version version) { int ret=0; GNUTLS_VERSION_ALG_LOOP(ret = p->supported); if (ret == 0) return 0; - if (_gnutls_version_priority( state, version) < 0) + if (_gnutls_version_priority( session, version) < 0) return 0; /* disabled by the user */ else return 1; } /* Type to KX mappings */ -KXAlgorithm _gnutls_map_kx_get_kx(CredType type) +gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type) { - KXAlgorithm ret = -1; + gnutls_kx_algorithm ret = -1; GNUTLS_KX_MAP_ALG_LOOP(ret = p->algorithm); return ret; } -CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm) +gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm algorithm) { - CredType ret = -1; + gnutls_credentials_type ret = -1; GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->type); return ret; @@ -798,7 +798,7 @@ CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm) /* Cipher Suite's functions */ -BulkCipherAlgorithm +gnutls_cipher_algorithm _gnutls_cipher_suite_get_cipher_algo(const GNUTLS_CipherSuite suite) { int ret = 0; @@ -806,7 +806,7 @@ _gnutls_cipher_suite_get_cipher_algo(const GNUTLS_CipherSuite suite) return ret; } -GNUTLS_Version +gnutls_protocol_version _gnutls_cipher_suite_get_version(const GNUTLS_CipherSuite suite) { int ret = 0; @@ -814,7 +814,7 @@ _gnutls_cipher_suite_get_version(const GNUTLS_CipherSuite suite) return ret; } -KXAlgorithm _gnutls_cipher_suite_get_kx_algo(const GNUTLS_CipherSuite +gnutls_kx_algorithm _gnutls_cipher_suite_get_kx_algo(const GNUTLS_CipherSuite suite) { int ret = 0; @@ -824,7 +824,7 @@ KXAlgorithm _gnutls_cipher_suite_get_kx_algo(const GNUTLS_CipherSuite } -MACAlgorithm +gnutls_mac_algorithm _gnutls_cipher_suite_get_mac_algo(const GNUTLS_CipherSuite suite) { /* In bytes */ int ret = 0; @@ -858,8 +858,8 @@ const char *_gnutls_cipher_suite_get_name(GNUTLS_CipherSuite suite) * by TLS or SSL depending of the protocol in use. * **/ -const char *gnutls_cipher_suite_get_name(GNUTLS_KXAlgorithm kx_algorithm, - GNUTLS_BulkCipherAlgorithm cipher_algorithm, GNUTLS_MACAlgorithm mac_algorithm) +const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm kx_algorithm, + gnutls_cipher_algorithm cipher_algorithm, gnutls_mac_algorithm mac_algorithm) { const char *ret = NULL; @@ -894,9 +894,9 @@ static int _gnutls_cipher_suite_is_ok(GNUTLS_CipherSuite suite) #define MAX_ELEM_SIZE 4 inline - static int _gnutls_partition(GNUTLS_STATE state, void *_base, + static int _gnutls_partition(gnutls_session session, void *_base, size_t nmemb, size_t size, - int (*compar) (GNUTLS_STATE, const void *, + int (*compar) (gnutls_session, const void *, const void *)) { uint8 *base = _base; @@ -912,10 +912,10 @@ inline memcpy(ptmp, &base[0], size); /* set pivot item */ while (i < j) { - while ((compar(state, &base[i], ptmp) <= 0) && (i < full)) { + while ((compar(session, &base[i], ptmp) <= 0) && (i < full)) { i += size; } - while ((compar(state, &base[j], ptmp) >= 0) && (j > 0)) + while ((compar(session, &base[j], ptmp) >= 0) && (j > 0)) j -= size; if (i < j) { @@ -934,8 +934,8 @@ inline } static void -_gnutls_qsort(GNUTLS_STATE state, void *_base, size_t nmemb, size_t size, - int (*compar) (GNUTLS_STATE, const void *, const void *)) +_gnutls_qsort(gnutls_session session, void *_base, size_t nmemb, size_t size, + int (*compar) (gnutls_session, const void *, const void *)) { int pivot; char *base = _base; @@ -951,11 +951,11 @@ _gnutls_qsort(GNUTLS_STATE state, void *_base, size_t nmemb, size_t size, if (snmemb <= 1) return; - pivot = _gnutls_partition(state, _base, nmemb, size, compar); + pivot = _gnutls_partition(session, _base, nmemb, size, compar); - _gnutls_qsort(state, base, pivot < nmemb ? pivot + 1 : pivot, size, + _gnutls_qsort(session, base, pivot < nmemb ? pivot + 1 : pivot, size, compar); - _gnutls_qsort(state, &base[(pivot + 1) * size], nmemb - pivot - 1, + _gnutls_qsort(session, &base[(pivot + 1) * size], nmemb - pivot - 1, size, compar); } @@ -964,32 +964,32 @@ _gnutls_qsort(GNUTLS_STATE state, void *_base, size_t nmemb, size_t size, * For use with qsort */ static int -_gnutls_compare_algo(GNUTLS_STATE state, const void *i_A1, +_gnutls_compare_algo(gnutls_session session, const void *i_A1, const void *i_A2) { - KXAlgorithm kA1 = + gnutls_kx_algorithm kA1 = _gnutls_cipher_suite_get_kx_algo(*(const GNUTLS_CipherSuite *) i_A1); - KXAlgorithm kA2 = + gnutls_kx_algorithm kA2 = _gnutls_cipher_suite_get_kx_algo(*(const GNUTLS_CipherSuite *) i_A2); - BulkCipherAlgorithm cA1 = + gnutls_cipher_algorithm cA1 = _gnutls_cipher_suite_get_cipher_algo(*(const GNUTLS_CipherSuite *) i_A1); - BulkCipherAlgorithm cA2 = + gnutls_cipher_algorithm cA2 = _gnutls_cipher_suite_get_cipher_algo(*(const GNUTLS_CipherSuite *) i_A2); - MACAlgorithm mA1 = + gnutls_mac_algorithm mA1 = _gnutls_cipher_suite_get_mac_algo(*(const GNUTLS_CipherSuite *) i_A1); - MACAlgorithm mA2 = + gnutls_mac_algorithm mA2 = _gnutls_cipher_suite_get_mac_algo(*(const GNUTLS_CipherSuite *) i_A2); - int p1 = (_gnutls_kx_priority(state, kA1) + 1) * 64; - int p2 = (_gnutls_kx_priority(state, kA2) + 1) * 64; - p1 += (_gnutls_cipher_priority(state, cA1) + 1) * 8; - p2 += (_gnutls_cipher_priority(state, cA2) + 1) * 8; - p1 += _gnutls_mac_priority(state, mA1); - p2 += _gnutls_mac_priority(state, mA2); + int p1 = (_gnutls_kx_priority(session, kA1) + 1) * 64; + int p2 = (_gnutls_kx_priority(session, kA2) + 1) * 64; + p1 += (_gnutls_cipher_priority(session, cA1) + 1) * 8; + p2 += (_gnutls_cipher_priority(session, cA2) + 1) * 8; + p1 += _gnutls_mac_priority(session, mA1); + p2 += _gnutls_mac_priority(session, mA2); if (p1 > p2) { return 1; @@ -1003,8 +1003,8 @@ _gnutls_compare_algo(GNUTLS_STATE state, const void *i_A1, #ifdef SORT_DEBUG static void -_gnutls_bsort(GNUTLS_STATE state, void *_base, size_t nmemb, - size_t size, int (*compar) (GNUTLS_STATE, const void *, +_gnutls_bsort(gnutls_session session, void *_base, size_t nmemb, + size_t size, int (*compar) (gnutls_session, const void *, const void *)) { int i, j; @@ -1014,7 +1014,7 @@ _gnutls_bsort(GNUTLS_STATE state, void *_base, size_t nmemb, for (i = 0; i < full; i += size) { for (j = 0; j < full; j += size) { - if (compar(state, &base[i], &base[j]) < 0) { + if (compar(session, &base[i], &base[j]) < 0) { SWAP(&base[j], &base[i]); } } @@ -1024,7 +1024,7 @@ _gnutls_bsort(GNUTLS_STATE state, void *_base, size_t nmemb, #endif int -_gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, +_gnutls_supported_ciphersuites_sorted(gnutls_session session, GNUTLS_CipherSuite ** ciphers) { @@ -1033,7 +1033,7 @@ _gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, #endif int count; - count = _gnutls_supported_ciphersuites( state, ciphers); + count = _gnutls_supported_ciphersuites( session, ciphers); if (count<=0) { gnutls_assert(); return count; @@ -1046,7 +1046,7 @@ _gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, _gnutls_cipher_suite_get_name((*ciphers)[i])); #endif - _gnutls_qsort(state, *ciphers, count, + _gnutls_qsort(session, *ciphers, count, sizeof(GNUTLS_CipherSuite), _gnutls_compare_algo); #ifdef SORT_DEBUG @@ -1060,7 +1060,7 @@ _gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, } int -_gnutls_supported_ciphersuites(GNUTLS_STATE state, +_gnutls_supported_ciphersuites(gnutls_session session, GNUTLS_CipherSuite ** _ciphers) { @@ -1068,7 +1068,7 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state, int count = CIPHER_SUITES_COUNT; GNUTLS_CipherSuite *tmp_ciphers; GNUTLS_CipherSuite* ciphers; - GNUTLS_Version version; + gnutls_protocol_version version; *_ciphers = NULL; @@ -1076,7 +1076,7 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state, return 0; } - version = gnutls_protocol_get_version( state); + version = gnutls_protocol_get_version( session); tmp_ciphers = gnutls_alloca(count * sizeof(GNUTLS_CipherSuite)); if ( tmp_ciphers==NULL) @@ -1096,7 +1096,7 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state, for (i = j = 0; i < count; i++) { /* remove private cipher suites, if requested. */ - if ( state->gnutls_internals.enable_private == 0 && + if ( session->internals.enable_private == 0 && tmp_ciphers[i].CipherSuite[0] == 0xFF) continue; @@ -1107,16 +1107,16 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state, continue; if (_gnutls_kx_priority - (state, + (session, _gnutls_cipher_suite_get_kx_algo(tmp_ciphers[i])) < 0) continue; if (_gnutls_mac_priority - (state, + (session, _gnutls_cipher_suite_get_mac_algo(tmp_ciphers[i])) < 0) continue; if (_gnutls_cipher_priority - (state, + (session, _gnutls_cipher_suite_get_cipher_algo(tmp_ciphers[i])) < 0) continue; @@ -1155,9 +1155,9 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state, #define MIN_PRIVATE_COMP_ALGO 0x0F /* returns the TLS numbers of the compression methods we support */ -#define SUPPORTED_COMPRESSION_METHODS state->gnutls_internals.CompressionMethodPriority.algorithms +#define SUPPORTED_COMPRESSION_METHODS session->internals.compression_method_priority.algorithms int -_gnutls_supported_compression_methods(GNUTLS_STATE state, uint8 ** comp) +_gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp) { int i, tmp, j=0; @@ -1166,13 +1166,13 @@ _gnutls_supported_compression_methods(GNUTLS_STATE state, uint8 ** comp) return GNUTLS_E_MEMORY_ERROR; for (i = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { - tmp = _gnutls_compression_get_num(state->gnutls_internals. - CompressionMethodPriority. - algorithm_priority[i]); + tmp = _gnutls_compression_get_num(session->internals. + compression_method_priority. + priority[i]); /* remove private compression algorithms, if requested. */ - if (tmp == -1 || (state->gnutls_internals.enable_private == 0 && + if (tmp == -1 || (session->internals.enable_private == 0 && tmp >= MIN_PRIVATE_COMP_ALGO)) { gnutls_assert(); @@ -1193,7 +1193,7 @@ _gnutls_supported_compression_methods(GNUTLS_STATE state, uint8 ** comp) * Returns a string that contains the name * of the specified MAC algorithm. **/ -const char *gnutls_cert_type_get_name( GNUTLS_CertificateType type) +const char *gnutls_cert_type_get_name( gnutls_certificate_type type) { const char *ret = NULL; diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 3996c447ae..a86607946d 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -22,63 +22,63 @@ /* functions for version */ -GNUTLS_Version _gnutls_version_lowest( GNUTLS_STATE state); -GNUTLS_Version _gnutls_version_max( GNUTLS_STATE state); -int _gnutls_version_priority(GNUTLS_STATE state, GNUTLS_Version version); -int _gnutls_version_is_supported(GNUTLS_STATE state, const GNUTLS_Version version); -int _gnutls_version_get_major( GNUTLS_Version ver); -int _gnutls_version_get_minor( GNUTLS_Version ver); -GNUTLS_Version _gnutls_version_get( int major, int minor); +gnutls_protocol_version _gnutls_version_lowest( gnutls_session session); +gnutls_protocol_version _gnutls_version_max( gnutls_session session); +int _gnutls_version_priority(gnutls_session session, gnutls_protocol_version version); +int _gnutls_version_is_supported(gnutls_session session, const gnutls_protocol_version version); +int _gnutls_version_get_major( gnutls_protocol_version ver); +int _gnutls_version_get_minor( gnutls_protocol_version ver); +gnutls_protocol_version _gnutls_version_get( int major, int minor); /* functions for macs */ -int _gnutls_mac_get_digest_size(MACAlgorithm algorithm); -const char* gnutls_mac_get_name(MACAlgorithm algorithm); -int _gnutls_mac_is_ok(MACAlgorithm algorithm); -int _gnutls_mac_priority(GNUTLS_STATE state, MACAlgorithm algorithm); +int _gnutls_mac_get_digest_size(gnutls_mac_algorithm algorithm); +const char* gnutls_mac_get_name(gnutls_mac_algorithm algorithm); +int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm); +int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm algorithm); /* functions for cipher suites */ -int _gnutls_supported_ciphersuites(GNUTLS_STATE state, GNUTLS_CipherSuite **ciphers); -int _gnutls_supported_ciphersuites_sorted(GNUTLS_STATE state, GNUTLS_CipherSuite **ciphers); -int _gnutls_supported_compression_methods(GNUTLS_STATE state, uint8 **comp); +int _gnutls_supported_ciphersuites(gnutls_session session, GNUTLS_CipherSuite **ciphers); +int _gnutls_supported_ciphersuites_sorted(gnutls_session session, GNUTLS_CipherSuite **ciphers); +int _gnutls_supported_compression_methods(gnutls_session session, uint8 **comp); const char* _gnutls_cipher_suite_get_name(GNUTLS_CipherSuite algorithm); -BulkCipherAlgorithm _gnutls_cipher_suite_get_cipher_algo(const GNUTLS_CipherSuite algorithm); -KXAlgorithm _gnutls_cipher_suite_get_kx_algo(const GNUTLS_CipherSuite algorithm); -MACAlgorithm _gnutls_cipher_suite_get_mac_algo(const GNUTLS_CipherSuite algorithm); -GNUTLS_Version _gnutls_cipher_suite_get_version(const GNUTLS_CipherSuite algorithm); +gnutls_cipher_algorithm _gnutls_cipher_suite_get_cipher_algo(const GNUTLS_CipherSuite algorithm); +gnutls_kx_algorithm _gnutls_cipher_suite_get_kx_algo(const GNUTLS_CipherSuite algorithm); +gnutls_mac_algorithm _gnutls_cipher_suite_get_mac_algo(const GNUTLS_CipherSuite algorithm); +gnutls_protocol_version _gnutls_cipher_suite_get_version(const GNUTLS_CipherSuite algorithm); GNUTLS_CipherSuite _gnutls_cipher_suite_get_suite_name(GNUTLS_CipherSuite algorithm); /* functions for ciphers */ -int _gnutls_cipher_priority(GNUTLS_STATE state, BulkCipherAlgorithm algorithm); -int _gnutls_cipher_get_block_size(BulkCipherAlgorithm algorithm); -int _gnutls_cipher_is_block(BulkCipherAlgorithm algorithm); -int _gnutls_cipher_is_ok(BulkCipherAlgorithm algorithm); -size_t gnutls_cipher_get_key_size(BulkCipherAlgorithm algorithm); -int _gnutls_cipher_get_iv_size(BulkCipherAlgorithm algorithm); -int _gnutls_cipher_get_export_flag(BulkCipherAlgorithm algorithm); -const char *gnutls_cipher_get_name(BulkCipherAlgorithm algorithm); +int _gnutls_cipher_priority(gnutls_session session, gnutls_cipher_algorithm algorithm); +int _gnutls_cipher_get_block_size(gnutls_cipher_algorithm algorithm); +int _gnutls_cipher_is_block(gnutls_cipher_algorithm algorithm); +int _gnutls_cipher_is_ok(gnutls_cipher_algorithm algorithm); +size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm algorithm); +int _gnutls_cipher_get_iv_size(gnutls_cipher_algorithm algorithm); +int _gnutls_cipher_get_export_flag(gnutls_cipher_algorithm algorithm); +const char *gnutls_cipher_get_name(gnutls_cipher_algorithm algorithm); /* functions for key exchange */ -int _gnutls_kx_priority(GNUTLS_STATE state, KXAlgorithm algorithm); +int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algorithm); -MOD_AUTH_STRUCT * _gnutls_kx_auth_struct(KXAlgorithm algorithm); -const char *gnutls_kx_get_name(KXAlgorithm algorithm); -int _gnutls_kx_is_ok(KXAlgorithm algorithm); +MOD_AUTH_STRUCT * _gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm); +const char *gnutls_kx_get_name(gnutls_kx_algorithm algorithm); +int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm); /* functions for compression */ -int _gnutls_compression_priority(GNUTLS_STATE state, CompressionMethod algorithm); -int _gnutls_compression_is_ok(CompressionMethod algorithm); -int _gnutls_compression_get_num(CompressionMethod algorithm); -CompressionMethod _gnutls_compression_get_id(int num); -const char *gnutls_compression_get_name(CompressionMethod algorithm); +int _gnutls_compression_priority(gnutls_session session, gnutls_compression_method algorithm); +int _gnutls_compression_is_ok(gnutls_compression_method algorithm); +int _gnutls_compression_get_num(gnutls_compression_method algorithm); +gnutls_compression_method _gnutls_compression_get_id(int num); +const char *gnutls_compression_get_name(gnutls_compression_method algorithm); /* Type to KX mappings */ -KXAlgorithm _gnutls_map_kx_get_kx(CredType type); -CredType _gnutls_map_kx_get_cred(KXAlgorithm algorithm); +gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type); +gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm algorithm); struct gnutls_kx_algo_entry { const char *name; - KXAlgorithm algorithm; + gnutls_kx_algorithm algorithm; MOD_AUTH_STRUCT *auth_struct; }; typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 00f290c226..868e9dbdbe 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -34,17 +34,17 @@ */ /* This clears the whole linked list */ -int gnutls_clear_creds( GNUTLS_STATE state) { +int gnutls_clear_creds( gnutls_session session) { AUTH_CRED * ccred, *ncred; - if (state->gnutls_key->cred!=NULL) { /* begining of the list */ - ccred = state->gnutls_key->cred; + if (session->gnutls_key->cred!=NULL) { /* begining of the list */ + ccred = session->gnutls_key->cred; while(ccred!=NULL) { ncred = ccred->next; if (ccred!=NULL) gnutls_free(ccred); ccred = ncred; } - state->gnutls_key->cred = NULL; + session->gnutls_key->cred = NULL; } return 0; @@ -56,14 +56,14 @@ int gnutls_clear_creds( GNUTLS_STATE state) { */ /** * gnutls_cred_set - Sets the needed credentials for the specified authentication algorithm. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @type: is the type of the credentials * @cred: is a pointer to a structure. * * Sets the needed credentials for the specified type. * Eg username, password - or public and private keys etc. * The (void* cred) parameter is a structure that depends on the - * specified type and on the current state (client or server). + * specified type and on the current session (client or server). * [ In order to minimize memory usage, and share credentials between * several threads gnutls keeps a pointer to cred, and not the whole cred * structure. Thus you will have to keep the structure allocated until @@ -80,22 +80,22 @@ int gnutls_clear_creds( GNUTLS_STATE state) { * in case of a client, and CERTIFICATE_SERVER_CREDENTIALS, in case * of a server. **/ -int gnutls_cred_set( GNUTLS_STATE state, GNUTLS_CredType type, void* cred) { +int gnutls_cred_set( gnutls_session session, gnutls_credentials_type type, void* cred) { AUTH_CRED * ccred=NULL, *pcred=NULL; int exists=0; - if (state->gnutls_key->cred==NULL) { /* begining of the list */ + if (session->gnutls_key->cred==NULL) { /* begining of the list */ - state->gnutls_key->cred = gnutls_malloc(sizeof(AUTH_CRED)); - if (state->gnutls_key->cred == NULL) return GNUTLS_E_MEMORY_ERROR; + session->gnutls_key->cred = gnutls_malloc(sizeof(AUTH_CRED)); + if (session->gnutls_key->cred == NULL) return GNUTLS_E_MEMORY_ERROR; /* copy credentials localy */ - state->gnutls_key->cred->credentials = cred; + session->gnutls_key->cred->credentials = cred; - state->gnutls_key->cred->next = NULL; - state->gnutls_key->cred->algorithm = type; + session->gnutls_key->cred->next = NULL; + session->gnutls_key->cred->algorithm = type; } else { - ccred = state->gnutls_key->cred; + ccred = session->gnutls_key->cred; while(ccred!=NULL) { if (ccred->algorithm==type) { exists=1; @@ -129,7 +129,7 @@ int gnutls_cred_set( GNUTLS_STATE state, GNUTLS_CredType type, void* cred) { /** * gnutls_auth_get_type - Returns the type of credentials for the current authentication schema. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns type of credentials for the current authentication schema. * The returned information is to be used to distinguish the function used @@ -138,21 +138,21 @@ int gnutls_cred_set( GNUTLS_STATE state, GNUTLS_CredType type, void* cred) { * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), * the same function are to be used to access the authentication data. **/ -GNUTLS_CredType gnutls_auth_get_type( GNUTLS_STATE state) { +gnutls_credentials_type gnutls_auth_get_type( gnutls_session session) { return _gnutls_map_kx_get_cred( _gnutls_cipher_suite_get_kx_algo - (state->security_parameters.current_cipher_suite)); + (session->security_parameters.current_cipher_suite)); } /* * This returns an pointer to the linked list. Don't * free that!!! */ -const void *_gnutls_get_kx_cred( GNUTLS_KEY key, KXAlgorithm algo, int *err) { +const void *_gnutls_get_kx_cred( GNUTLS_KEY key, gnutls_kx_algorithm algo, int *err) { return _gnutls_get_cred( key, _gnutls_map_kx_get_cred(algo), err); } -const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) { +const void *_gnutls_get_cred( GNUTLS_KEY key, gnutls_credentials_type type, int *err) { AUTH_CRED * ccred; if (key == NULL) return NULL; @@ -175,7 +175,7 @@ const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) { /*- * _gnutls_get_auth_info - Returns a pointer to authentication information. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * This function must be called after a succesful gnutls_handshake(). * Returns a pointer to authentication information. That information @@ -186,25 +186,25 @@ const void *_gnutls_get_cred( GNUTLS_KEY key, CredType type, int *err) { * In case of GNUTLS_CRD_CERTIFICATE returns a pointer to structure &CERTIFICATE_(SERVER/CLIENT)_AUTH_INFO; * In case of GNUTLS_CRD_SRP returns a pointer to structure &SRP_(SERVER/CLIENT)_AUTH_INFO; -*/ -void* _gnutls_get_auth_info( GNUTLS_STATE state) { - return state->gnutls_key->auth_info; +void* _gnutls_get_auth_info( gnutls_session session) { + return session->gnutls_key->auth_info; } /*- * _gnutls_free_auth_info - Frees the auth info structure - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * this function frees the auth info structure and sets it to * null. It must be called since some structures contain malloced * elements. -*/ -void _gnutls_free_auth_info( GNUTLS_STATE state) { - if (state==NULL || state->gnutls_key==NULL) { +void _gnutls_free_auth_info( gnutls_session session) { + if (session==NULL || session->gnutls_key==NULL) { gnutls_assert(); return; } - switch ( state->gnutls_key->auth_info_type) { + switch ( session->gnutls_key->auth_info_type) { case GNUTLS_CRD_SRP: case GNUTLS_CRD_ANON: @@ -212,7 +212,7 @@ void _gnutls_free_auth_info( GNUTLS_STATE state) { case GNUTLS_CRD_CERTIFICATE: { int i; CERTIFICATE_AUTH_INFO info = - _gnutls_get_auth_info(state); + _gnutls_get_auth_info(session); if (info==NULL) break; for (i=0;incerts;i++) { @@ -231,10 +231,10 @@ void _gnutls_free_auth_info( GNUTLS_STATE state) { } - gnutls_free( state->gnutls_key->auth_info); - state->gnutls_key->auth_info = NULL; - state->gnutls_key->auth_info_size = 0; - state->gnutls_key->auth_info_type = 0; + gnutls_free( session->gnutls_key->auth_info); + session->gnutls_key->auth_info = NULL; + session->gnutls_key->auth_info_size = 0; + session->gnutls_key->auth_info_type = 0; } @@ -243,15 +243,15 @@ void _gnutls_free_auth_info( GNUTLS_STATE state) { * If allow change is !=0 then this will allow changing the auth * info structure to a different type. */ -int _gnutls_auth_info_set( GNUTLS_STATE state, CredType type, int size, int allow_change) { - if ( state->gnutls_key->auth_info == NULL) { - state->gnutls_key->auth_info = gnutls_calloc( 1, size); - if (state->gnutls_key->auth_info == NULL) { +int _gnutls_auth_info_set( gnutls_session session, gnutls_credentials_type type, int size, int allow_change) { + if ( session->gnutls_key->auth_info == NULL) { + session->gnutls_key->auth_info = gnutls_calloc( 1, size); + if (session->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_type = type; - state->gnutls_key->auth_info_size = size; + session->gnutls_key->auth_info_type = type; + session->gnutls_key->auth_info_size = size; } else { if (allow_change==0) { /* If the credentials for the current authentication scheme, @@ -260,7 +260,7 @@ int _gnutls_auth_info_set( GNUTLS_STATE state, CredType type, int size, int allo * ciphersuite which is negotiated has different authentication * schema. */ - if ( gnutls_auth_get_type( state) != state->gnutls_key->auth_info_type) { + if ( gnutls_auth_get_type( session) != session->gnutls_key->auth_info_type) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -271,16 +271,16 @@ int _gnutls_auth_info_set( GNUTLS_STATE state, CredType type, int size, int allo * certificate (in order to prevent revealing the certificate's contents, * to passive eavesdropers. */ - if ( gnutls_auth_get_type( state) != state->gnutls_key->auth_info_type) { - state->gnutls_key->auth_info = gnutls_realloc_fast( - state->gnutls_key->auth_info, size); - if (state->gnutls_key->auth_info == NULL) { + if ( gnutls_auth_get_type( session) != session->gnutls_key->auth_info_type) { + session->gnutls_key->auth_info = gnutls_realloc_fast( + session->gnutls_key->auth_info, size); + if (session->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - memset( state->gnutls_key->auth_info, 0, size); - state->gnutls_key->auth_info_type = type; - state->gnutls_key->auth_info_size = size; + memset( session->gnutls_key->auth_info, 0, size); + session->gnutls_key->auth_info_type = type; + session->gnutls_key->auth_info_size = size; } } } diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index 846b0816ee..21d3acb6ea 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -3,23 +3,23 @@ typedef struct MOD_AUTH_STRUCT_INT { const char* name; /* null terminated */ - int (*gnutls_generate_server_certificate)( GNUTLS_STATE, opaque**); - int (*gnutls_generate_client_certificate)( GNUTLS_STATE, opaque**); - int (*gnutls_generate_server_kx)( GNUTLS_STATE, opaque**); - int (*gnutls_generate_server_kx2)( GNUTLS_STATE, opaque**); /* used in SRP */ - int (*gnutls_generate_client_kx0)( GNUTLS_STATE, opaque**); - int (*gnutls_generate_client_kx)( GNUTLS_STATE, opaque**); /* used in SRP */ - int (*gnutls_generate_client_cert_vrfy) ( GNUTLS_STATE, opaque**); - int (*gnutls_generate_server_certificate_request) ( GNUTLS_STATE, opaque**); + int (*gnutls_generate_server_certificate)( gnutls_session, opaque**); + int (*gnutls_generate_client_certificate)( gnutls_session, opaque**); + int (*gnutls_generate_server_kx)( gnutls_session, opaque**); + int (*gnutls_generate_server_kx2)( gnutls_session, opaque**); /* used in SRP */ + int (*gnutls_generate_client_kx0)( gnutls_session, opaque**); + int (*gnutls_generate_client_kx)( gnutls_session, opaque**); /* used in SRP */ + int (*gnutls_generate_client_cert_vrfy) ( gnutls_session, opaque**); + int (*gnutls_generate_server_certificate_request) ( gnutls_session, opaque**); - int (*gnutls_process_server_certificate)( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_client_certificate)( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_server_kx)( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_server_kx2)( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_client_kx0)( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_client_kx)( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_client_cert_vrfy) ( GNUTLS_STATE, opaque*, int); - int (*gnutls_process_server_certificate_request) ( GNUTLS_STATE, opaque*, int); + int (*gnutls_process_server_certificate)( gnutls_session, opaque*, int); + int (*gnutls_process_client_certificate)( gnutls_session, opaque*, int); + int (*gnutls_process_server_kx)( gnutls_session, opaque*, int); + int (*gnutls_process_server_kx2)( gnutls_session, opaque*, int); + int (*gnutls_process_client_kx0)( gnutls_session, opaque*, int); + int (*gnutls_process_client_kx)( gnutls_session, opaque*, int); + int (*gnutls_process_client_cert_vrfy) ( gnutls_session, opaque*, int); + int (*gnutls_process_server_certificate_request) ( gnutls_session, opaque*, int); } MOD_AUTH_STRUCT; #endif diff --git a/lib/gnutls_auth_int.h b/lib/gnutls_auth_int.h index f2129e1abe..c57d3c114f 100644 --- a/lib/gnutls_auth_int.h +++ b/lib/gnutls_auth_int.h @@ -1,8 +1,8 @@ -int gnutls_clear_creds( GNUTLS_STATE state); -int gnutls_cred_set( GNUTLS_STATE state, CredType type, void* cred); -const void *_gnutls_get_cred( GNUTLS_KEY key, CredType kx, int* err); -const void *_gnutls_get_kx_cred( GNUTLS_KEY key, KXAlgorithm algo, int *err); +int gnutls_clear_creds( gnutls_session session); +int gnutls_cred_set( gnutls_session session, gnutls_credentials_type type, void* cred); +const void *_gnutls_get_cred( GNUTLS_KEY key, gnutls_credentials_type kx, int* err); +const void *_gnutls_get_kx_cred( GNUTLS_KEY key, gnutls_kx_algorithm algo, int *err); int _gnutls_generate_key(GNUTLS_KEY key); -CredType gnutls_auth_get_type( GNUTLS_STATE state); -void* _gnutls_get_auth_info( GNUTLS_STATE state); -int _gnutls_auth_info_set( GNUTLS_STATE state, CredType type, int size, int allow_change); +gnutls_credentials_type gnutls_auth_get_type( gnutls_session session); +void* _gnutls_get_auth_info( gnutls_session session); +int _gnutls_auth_info_set( gnutls_session session, gnutls_credentials_type type, int size, int allow_change); diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 4bfbd376a3..3faa2e6ce0 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -72,13 +72,13 @@ static int RET( int err) { /* Buffers received packets of type APPLICATION DATA and * HANDSHAKE DATA. */ -int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, int length) +int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, int length) { if (length==0) return 0; switch( type) { case GNUTLS_APPLICATION_DATA: - if ( gnutls_datum_append( &state->gnutls_internals.application_data_buffer, + if ( gnutls_datum_append( &session->internals.application_data_buffer, data, length) < 0) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -87,7 +87,7 @@ int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, break; case GNUTLS_HANDSHAKE: - if ( gnutls_datum_append( &state->gnutls_internals.handshake_data_buffer, + if ( gnutls_datum_append( &session->internals.handshake_data_buffer, data, length) < 0) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -106,14 +106,14 @@ int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, } -int _gnutls_record_buffer_get_size(ContentType type, GNUTLS_STATE state) +int _gnutls_record_buffer_get_size(ContentType type, gnutls_session session) { switch( type) { case GNUTLS_APPLICATION_DATA: - return state->gnutls_internals.application_data_buffer.size; + return session->internals.application_data_buffer.size; case GNUTLS_HANDSHAKE: - return state->gnutls_internals.handshake_data_buffer.size; + return session->internals.handshake_data_buffer.size; default: return GNUTLS_E_INVALID_PARAMETERS; @@ -123,7 +123,7 @@ int _gnutls_record_buffer_get_size(ContentType type, GNUTLS_STATE state) /** * gnutls_record_check_pending - checks if there are any data to receive in gnutls buffers. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * This function checks if there are any data to receive * in the gnutls buffers. Returns the size of that data or 0. @@ -132,11 +132,11 @@ int _gnutls_record_buffer_get_size(ContentType type, GNUTLS_STATE state) * (gnutls leaves some data in the tcp buffer in order for select * to work). **/ -size_t gnutls_record_check_pending(GNUTLS_STATE state) { - return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, state); +size_t gnutls_record_check_pending(gnutls_session session) { + return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, session); } -int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, int length) +int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, int length) { if (length < 0 || data==NULL) { gnutls_assert(); @@ -146,19 +146,19 @@ int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, switch(type) { case GNUTLS_APPLICATION_DATA: - if (length > state->gnutls_internals.application_data_buffer.size) { - length = state->gnutls_internals.application_data_buffer.size; + if (length > session->internals.application_data_buffer.size) { + length = session->internals.application_data_buffer.size; } _gnutls_buffers_log( "BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", length, type); - state->gnutls_internals.application_data_buffer.size -= length; - memcpy(data, state->gnutls_internals.application_data_buffer.data, length); + session->internals.application_data_buffer.size -= length; + memcpy(data, session->internals.application_data_buffer.data, length); /* overwrite buffer */ - memmove(state->gnutls_internals.application_data_buffer.data, - &state->gnutls_internals.application_data_buffer.data[length], - state->gnutls_internals.application_data_buffer.size); + memmove(session->internals.application_data_buffer.data, + &session->internals.application_data_buffer.data[length], + session->internals.application_data_buffer.size); /* we do no longer realloc the application_data_buffer.data, * since it serves no practical reason. It also decreases @@ -167,19 +167,19 @@ int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, break; case GNUTLS_HANDSHAKE: - if (length > state->gnutls_internals.handshake_data_buffer.size) { - length = state->gnutls_internals.handshake_data_buffer.size; + if (length > session->internals.handshake_data_buffer.size) { + length = session->internals.handshake_data_buffer.size; } _gnutls_buffers_log( "BUF[REC][HD]: Read %d bytes of Data(%d)\n", length, type); - state->gnutls_internals.handshake_data_buffer.size -= length; - memcpy(data, state->gnutls_internals.handshake_data_buffer.data, length); + session->internals.handshake_data_buffer.size -= length; + memcpy(data, session->internals.handshake_data_buffer.data, length); /* overwrite buffer */ - memmove(state->gnutls_internals.handshake_data_buffer.data, - &state->gnutls_internals.handshake_data_buffer.data[length], - state->gnutls_internals.handshake_data_buffer.size); + memmove(session->internals.handshake_data_buffer.data, + &session->internals.handshake_data_buffer.data[length], + session->internals.handshake_data_buffer.size); break; default: @@ -197,7 +197,7 @@ int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, * * Flags are only used if the default recv() function is being used. */ -static ssize_t _gnutls_read( GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, int flags) +static ssize_t _gnutls_read( gnutls_session session, void *iptr, size_t sizeOfPtr, int flags) { size_t left; ssize_t i=0; @@ -205,15 +205,15 @@ static ssize_t _gnutls_read( GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, i #ifdef READ_DEBUG int j,x, sum=0; #endif - GNUTLS_TRANSPORT_PTR fd = state->gnutls_internals.transport_recv_ptr; + gnutls_transport_ptr fd = session->internals.transport_recv_ptr; left = sizeOfPtr; while (left > 0) { - if (state->gnutls_internals._gnutls_pull_func==NULL) + if (session->internals._gnutls_pull_func==NULL) i = recv(fd, &ptr[sizeOfPtr-left], left, flags); else - i = state->gnutls_internals._gnutls_pull_func(fd, &ptr[sizeOfPtr-left], left); + i = session->internals._gnutls_pull_func(fd, &ptr[sizeOfPtr-left], left); if (i < 0) { _gnutls_read_log( "READ: %d returned from %d, errno=%d\n", i, fd, errno); @@ -265,16 +265,16 @@ static ssize_t _gnutls_read( GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, i } -#define RCVLOWAT state->gnutls_internals.lowat +#define RCVLOWAT session->internals.lowat /* This function is only used with berkeley style sockets. * Clears the peeked data (read with MSG_PEEK). */ -int _gnutls_io_clear_peeked_data( GNUTLS_STATE state) { +int _gnutls_io_clear_peeked_data( gnutls_session session) { char *peekdata = NULL; int ret, sum; - if (state->gnutls_internals.have_peeked_data==0 || RCVLOWAT==0) + if (session->internals.have_peeked_data==0 || RCVLOWAT==0) return 0; peekdata = gnutls_alloca( RCVLOWAT); @@ -286,7 +286,7 @@ int ret, sum; /* this was already read by using MSG_PEEK - so it shouldn't fail */ sum = 0; do { /* we need this to finish now */ - ret = _gnutls_read( state, peekdata, RCVLOWAT-sum, 0); + ret = _gnutls_read( session, peekdata, RCVLOWAT-sum, 0); if (ret > 0) sum+=ret; } while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN || sum < RCVLOWAT); @@ -297,14 +297,14 @@ int ret, sum; return ret; } - state->gnutls_internals.have_peeked_data=0; + session->internals.have_peeked_data=0; return 0; } -void _gnutls_io_clear_read_buffer( GNUTLS_STATE state) { - state->gnutls_internals.record_recv_buffer.size = 0; +void _gnutls_io_clear_read_buffer( gnutls_session session) { + session->internals.record_recv_buffer.size = 0; } /* This function is like recv(with MSG_PEEK). But it does not return -1 on error. @@ -315,10 +315,10 @@ void _gnutls_io_clear_read_buffer( GNUTLS_STATE state) { * sizeOfPtr should be unsigned. * * This is not a general purpose function. It returns EXACTLY the data requested, - * which are stored in a local (in the state) buffer. A pointer (iptr) to this buffer is returned. + * which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned. * */ -ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) +ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) { ssize_t ret=0, ret2=0; int min, buf_pos; @@ -326,27 +326,27 @@ ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t size int recvlowat = RCVLOWAT; int recvdata, alloc_size; - *iptr = state->gnutls_internals.record_recv_buffer.data; + *iptr = session->internals.record_recv_buffer.data; if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0 - || (state->gnutls_internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) { + || (session->internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) { gnutls_assert(); /* internal error */ return GNUTLS_E_INVALID_PARAMETERS; } /* leave peeked data to the kernel space only if application data * is received and we don't have any peeked - * data in gnutls state. + * data in gnutls session. */ if ( recv_type != GNUTLS_APPLICATION_DATA - && state->gnutls_internals.have_peeked_data==0) + && session->internals.have_peeked_data==0) recvlowat = 0; /* calculate the actual size, ie. get the minimum of the * buffered data and the requested data. */ - min = GMIN( state->gnutls_internals.record_recv_buffer.size, sizeOfPtr); + min = GMIN( session->internals.record_recv_buffer.size, sizeOfPtr); if ( min > 0) { /* if we have enough buffered data * then just return them. @@ -364,22 +364,22 @@ ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t size /* Allocate the data required to store the new packet. */ - alloc_size = recvdata+state->gnutls_internals.record_recv_buffer.size; - state->gnutls_internals.record_recv_buffer.data = gnutls_realloc_fast( - state->gnutls_internals.record_recv_buffer.data, alloc_size); - if ( state->gnutls_internals.record_recv_buffer.data==NULL) { + alloc_size = recvdata+session->internals.record_recv_buffer.size; + session->internals.record_recv_buffer.data = gnutls_realloc_fast( + session->internals.record_recv_buffer.data, alloc_size); + if ( session->internals.record_recv_buffer.data==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - buf_pos = state->gnutls_internals.record_recv_buffer.size; - buf = state->gnutls_internals.record_recv_buffer.data; + buf_pos = session->internals.record_recv_buffer.size; + buf = session->internals.record_recv_buffer.data; *iptr = buf; /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */ if ( recvdata - recvlowat > 0) { - ret = _gnutls_read( state, &buf[buf_pos], recvdata - recvlowat, 0); + ret = _gnutls_read( session, &buf[buf_pos], recvdata - recvlowat, 0); /* return immediately if we got an interrupt or eagain * error. @@ -392,11 +392,11 @@ ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t size /* copy fresh data to our buffer. */ if (ret > 0) { - _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.record_recv_buffer.size, ret, sizeOfPtr); - state->gnutls_internals.record_recv_buffer.size += ret; + _gnutls_read_log("RB: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", session->internals.record_recv_buffer.size, ret, sizeOfPtr); + session->internals.record_recv_buffer.size += ret; } - buf_pos = state->gnutls_internals.record_recv_buffer.size; + buf_pos = session->internals.record_recv_buffer.size; /* This is hack in order for select to work. Just leave recvlowat data, * into the kernel buffer (using a read with MSG_PEEK), thus making @@ -404,7 +404,7 @@ ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t size * MSG_PEEK is only used with berkeley style sockets. */ if (ret == (recvdata - recvlowat) && recvlowat > 0) { - ret2 = _gnutls_read( state, &buf[buf_pos], recvlowat, MSG_PEEK); + ret2 = _gnutls_read( session, &buf[buf_pos], recvlowat, MSG_PEEK); if (ret2 < 0 && gnutls_error_is_fatal(ret2)==0) { return ret2; @@ -412,9 +412,9 @@ ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t size if (ret2 > 0) { _gnutls_read_log("RB-PEEK: Read %d bytes in PEEK MODE.\n", ret2); - _gnutls_read_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", state->gnutls_internals.record_recv_buffer.size, ret2, sizeOfPtr); - state->gnutls_internals.have_peeked_data = 1; - state->gnutls_internals.record_recv_buffer.size += ret2; + _gnutls_read_log("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", session->internals.record_recv_buffer.size, ret2, sizeOfPtr); + session->internals.have_peeked_data = 1; + session->internals.record_recv_buffer.size += ret2; } } @@ -437,7 +437,7 @@ ssize_t _gnutls_io_read_buffered( GNUTLS_STATE state, opaque **iptr, size_t size return 0; } - ret = state->gnutls_internals.record_recv_buffer.size; + ret = session->internals.record_recv_buffer.size; if ((ret > 0) && (ret < sizeOfPtr)) { /* Short Read */ @@ -513,7 +513,7 @@ static int _gnutls_buffer_get( gnutls_datum * buffer, const opaque ** ptr, size_ * to decrypt and verify the integrity. * */ -ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t n) +ssize_t _gnutls_io_write_buffered( gnutls_session session, const void *iptr, size_t n) { size_t left; #ifdef WRITE_DEBUG @@ -522,7 +522,7 @@ ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t ssize_t retval, i; const opaque * ptr; int ret; - GNUTLS_TRANSPORT_PTR fd = state->gnutls_internals.transport_send_ptr; + gnutls_transport_ptr fd = session->internals.transport_send_ptr; ptr = iptr; @@ -530,7 +530,7 @@ ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t * iptr != NULL and we have data in the buffer. * If this is true then return an error. */ - if (state->gnutls_internals.record_send_buffer.size > 0 && iptr != NULL) { + if (session->internals.record_send_buffer.size > 0 && iptr != NULL) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } @@ -539,7 +539,7 @@ ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t */ if (iptr == NULL) { /* checking is handled above */ - ret = _gnutls_buffer_get( &state->gnutls_internals.record_send_buffer, &ptr, &n); + ret = _gnutls_buffer_get( &session->internals.record_send_buffer, &ptr, &n); if (ret < 0) { gnutls_assert(); return retval; @@ -554,16 +554,16 @@ ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t left = n; while (left > 0) { - if (state->gnutls_internals._gnutls_push_func==NULL) + if (session->internals._gnutls_push_func==NULL) i = send(fd, &ptr[n-left], left, 0); else - i = state->gnutls_internals._gnutls_push_func(fd, &ptr[n-left], left); + i = session->internals._gnutls_push_func(fd, &ptr[n-left], left); if (i == -1) { if (errno == EAGAIN || errno == EINTR) { - state->gnutls_internals.record_send_buffer_prev_size += n - left; + session->internals.record_send_buffer_prev_size += n - left; - retval = _gnutls_buffer_insert( &state->gnutls_internals.record_send_buffer, &ptr[n-left], left); + retval = _gnutls_buffer_insert( &session->internals.record_send_buffer, &ptr[n-left], left); if (retval < 0) { gnutls_assert(); return retval; @@ -600,10 +600,10 @@ ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t } - retval = n + state->gnutls_internals.record_send_buffer_prev_size; + retval = n + session->internals.record_send_buffer_prev_size; - state->gnutls_internals.record_send_buffer.size = 0; - state->gnutls_internals.record_send_buffer_prev_size = 0; + session->internals.record_send_buffer.size = 0; + session->internals.record_send_buffer_prev_size = 0; return retval; @@ -612,11 +612,11 @@ ssize_t _gnutls_io_write_buffered( GNUTLS_STATE state, const void *iptr, size_t /* This is exactly like write_buffered, but will use two buffers to read * from. */ -ssize_t _gnutls_io_write_buffered2( GNUTLS_STATE state, const void *iptr, size_t n, const void* iptr2, size_t n2) +ssize_t _gnutls_io_write_buffered2( gnutls_session session, const void *iptr, size_t n, const void* iptr2, size_t n2) { if (n==0) { - return _gnutls_io_write_buffered( state, iptr2, n2); + return _gnutls_io_write_buffered( session, iptr2, n2); } else { opaque* sptr; ssize_t ret; @@ -630,7 +630,7 @@ ssize_t _gnutls_io_write_buffered2( GNUTLS_STATE state, const void *iptr, size_t memcpy( sptr, iptr, n); memcpy( &sptr[n], iptr2, n2); - ret = _gnutls_io_write_buffered( state, sptr, n+n2); + ret = _gnutls_io_write_buffered( session, sptr, n+n2); gnutls_afree( sptr); return ret; @@ -642,15 +642,15 @@ ssize_t _gnutls_io_write_buffered2( GNUTLS_STATE state, const void *iptr, size_t * TLS write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_io_write_flush( GNUTLS_STATE state) +ssize_t _gnutls_io_write_flush( gnutls_session session) { ssize_t ret; - if (state->gnutls_internals.record_send_buffer.size == 0) + if (session->internals.record_send_buffer.size == 0) return 0; /* done */ - ret = _gnutls_io_write_buffered( state, NULL, 0); - _gnutls_write_log("WRITE FLUSH: %d [buffer: %d]\n", ret, state->gnutls_internals.record_send_buffer.size); + ret = _gnutls_io_write_buffered( session, NULL, 0); + _gnutls_write_log("WRITE FLUSH: %d [buffer: %d]\n", ret, session->internals.record_send_buffer.size); return ret; } @@ -659,10 +659,10 @@ ssize_t _gnutls_io_write_flush( GNUTLS_STATE state) * Handshake write buffer (ie. because the previous write was * interrupted. */ -ssize_t _gnutls_handshake_io_write_flush( GNUTLS_STATE state) +ssize_t _gnutls_handshake_io_write_flush( gnutls_session session) { ssize_t ret; - ret = _gnutls_handshake_io_send_int( state, 0, 0, NULL, 0); + ret = _gnutls_handshake_io_send_int( session, 0, 0, NULL, 0); if (ret < 0) { gnutls_assert(); return ret; @@ -670,10 +670,10 @@ ssize_t _gnutls_handshake_io_write_flush( GNUTLS_STATE state) _gnutls_write_log("HANDSHAKE_FLUSH: written[1] %d bytes\n", ret); - if (state->gnutls_internals.handshake_send_buffer.size == 0) { - ret = state->gnutls_internals.handshake_send_buffer_prev_size; /* done */ - state->gnutls_internals.handshake_send_buffer_prev_size = 0; - state->gnutls_internals.handshake_send_buffer.size = 0; + if (session->internals.handshake_send_buffer.size == 0) { + ret = session->internals.handshake_send_buffer_prev_size; /* done */ + session->internals.handshake_send_buffer_prev_size = 0; + session->internals.handshake_send_buffer.size = 0; return ret; } @@ -685,7 +685,7 @@ ssize_t _gnutls_handshake_io_write_flush( GNUTLS_STATE state) /* This is a send function for the gnutls handshake * protocol. Just makes sure that all data have been sent. */ -ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *iptr, size_t n) +ssize_t _gnutls_handshake_io_send_int( gnutls_session session, ContentType type, HandshakeType htype, const void *iptr, size_t n) { size_t left; ssize_t i = 0, ret=0; @@ -694,27 +694,27 @@ ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, Han ptr = iptr; - if (state->gnutls_internals.handshake_send_buffer.size > 0 && ptr==NULL && n == 0) { + if (session->internals.handshake_send_buffer.size > 0 && ptr==NULL && n == 0) { /* resuming previously interrupted write */ gnutls_assert(); - ret = _gnutls_buffer_get( &state->gnutls_internals.handshake_send_buffer, &ptr, &n); + ret = _gnutls_buffer_get( &session->internals.handshake_send_buffer, &ptr, &n); if (ret < 0) { gnutls_assert(); return retval; } - type = state->gnutls_internals.handshake_send_buffer_type; - htype = state->gnutls_internals.handshake_send_buffer_htype; + type = session->internals.handshake_send_buffer_type; + htype = session->internals.handshake_send_buffer_htype; - } else if (state->gnutls_internals.handshake_send_buffer.size > 0) { + } else if (session->internals.handshake_send_buffer.size > 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_ERROR; } else { #ifdef WRITE_DEBUG size_t sum=0, x, j; - _gnutls_write_log( "HWRITE: will write %d bytes to %d.\n", n, gnutls_transport_get_ptr(state)); + _gnutls_write_log( "HWRITE: will write %d bytes to %d.\n", n, gnutls_transport_get_ptr(session)); for (x=0;x<((n)/16)+1;x++) { if (sum>n) break; @@ -744,7 +744,7 @@ ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, Han left = n; while (left > 0) { - ret = gnutls_send_int( state, type, htype, &ptr[n-left], left); + ret = gnutls_send_int( session, type, htype, &ptr[n-left], left); if (ret <= 0) { if (ret==0) { @@ -755,20 +755,20 @@ ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, Han if ( left > 0 && (ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN)) { gnutls_assert(); - retval = _gnutls_buffer_insert( &state->gnutls_internals.handshake_send_buffer, &ptr[n-left], left); + retval = _gnutls_buffer_insert( &session->internals.handshake_send_buffer, &ptr[n-left], left); if (retval < 0) { gnutls_assert(); return retval; } - state->gnutls_internals.handshake_send_buffer_prev_size += n-left; + session->internals.handshake_send_buffer_prev_size += n-left; - state->gnutls_internals.handshake_send_buffer_type = type; - state->gnutls_internals.handshake_send_buffer_htype = htype; + session->internals.handshake_send_buffer_type = type; + session->internals.handshake_send_buffer_htype = htype; } else { - state->gnutls_internals.handshake_send_buffer_prev_size = 0; - state->gnutls_internals.handshake_send_buffer.size = 0; + session->internals.handshake_send_buffer_prev_size = 0; + session->internals.handshake_send_buffer.size = 0; } gnutls_assert(); @@ -778,10 +778,10 @@ ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, Han left -= i; } - retval = n + state->gnutls_internals.handshake_send_buffer_prev_size; + retval = n + session->internals.handshake_send_buffer_prev_size; - state->gnutls_internals.handshake_send_buffer.size = 0; - state->gnutls_internals.handshake_send_buffer_prev_size = 0; + session->internals.handshake_send_buffer.size = 0; + session->internals.handshake_send_buffer_prev_size = 0; return retval; @@ -790,7 +790,7 @@ ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE state, ContentType type, Han /* This is a receive function for the gnutls handshake * protocol. Makes sure that we have received all data. */ -ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, void *iptr, size_t sizeOfPtr) +ssize_t _gnutls_handshake_io_recv_int( gnutls_session session, ContentType type, HandshakeType htype, void *iptr, size_t sizeOfPtr) { size_t left; ssize_t i; @@ -805,56 +805,56 @@ ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE state, ContentType type, Han return GNUTLS_E_INVALID_PARAMETERS; } - if (state->gnutls_internals.handshake_recv_buffer.size > 0) { + if (session->internals.handshake_recv_buffer.size > 0) { /* if we have already received some data */ - if (sizeOfPtr <= state->gnutls_internals.handshake_recv_buffer.size) { + if (sizeOfPtr <= session->internals.handshake_recv_buffer.size) { /* if requested less data then return it. */ gnutls_assert(); - memcpy( iptr, state->gnutls_internals.handshake_recv_buffer.data, sizeOfPtr); + memcpy( iptr, session->internals.handshake_recv_buffer.data, sizeOfPtr); - state->gnutls_internals.handshake_recv_buffer.size -= sizeOfPtr; + session->internals.handshake_recv_buffer.size -= sizeOfPtr; - memmove( state->gnutls_internals.handshake_recv_buffer.data, - &state->gnutls_internals.handshake_recv_buffer.data[sizeOfPtr], - state->gnutls_internals.handshake_recv_buffer.size); + memmove( session->internals.handshake_recv_buffer.data, + &session->internals.handshake_recv_buffer.data[sizeOfPtr], + session->internals.handshake_recv_buffer.size); return sizeOfPtr; } gnutls_assert(); - memcpy( iptr, state->gnutls_internals.handshake_recv_buffer.data, state->gnutls_internals.handshake_recv_buffer.size); + memcpy( iptr, session->internals.handshake_recv_buffer.data, session->internals.handshake_recv_buffer.size); - htype = state->gnutls_internals.handshake_recv_buffer_htype; - type = state->gnutls_internals.handshake_recv_buffer_type; + htype = session->internals.handshake_recv_buffer_htype; + type = session->internals.handshake_recv_buffer_type; - left -= state->gnutls_internals.handshake_recv_buffer.size; + left -= session->internals.handshake_recv_buffer.size; - state->gnutls_internals.handshake_recv_buffer.size = 0; + session->internals.handshake_recv_buffer.size = 0; } while (left > 0) { dsize = sizeOfPtr - left; - i = gnutls_recv_int( state, type, htype, &ptr[dsize], left); + i = gnutls_recv_int( session, type, htype, &ptr[dsize], left); if (i < 0) { if (dsize > 0 && (i==GNUTLS_E_INTERRUPTED || i==GNUTLS_E_AGAIN)) { gnutls_assert(); - state->gnutls_internals.handshake_recv_buffer.data = gnutls_realloc_fast( - state->gnutls_internals.handshake_recv_buffer.data, dsize); - if (state->gnutls_internals.handshake_recv_buffer.data==NULL) { + session->internals.handshake_recv_buffer.data = gnutls_realloc_fast( + session->internals.handshake_recv_buffer.data, dsize); + if (session->internals.handshake_recv_buffer.data==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - memcpy( state->gnutls_internals.handshake_recv_buffer.data, iptr, dsize); + memcpy( session->internals.handshake_recv_buffer.data, iptr, dsize); - state->gnutls_internals.handshake_recv_buffer_htype = htype; - state->gnutls_internals.handshake_recv_buffer_type = type; + session->internals.handshake_recv_buffer_htype = htype; + session->internals.handshake_recv_buffer_type = type; - state->gnutls_internals.handshake_recv_buffer.size = dsize; + session->internals.handshake_recv_buffer.size = dsize; } else - state->gnutls_internals.handshake_recv_buffer.size = 0; + session->internals.handshake_recv_buffer.size = 0; gnutls_assert(); @@ -868,7 +868,7 @@ ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE state, ContentType type, Han } - state->gnutls_internals.handshake_recv_buffer.size = 0; + session->internals.handshake_recv_buffer.size = 0; return sizeOfPtr - left; } @@ -877,21 +877,21 @@ ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE state, ContentType type, Han * for finished messages to use them. Used in HMAC calculation * and finished messages. */ -int _gnutls_handshake_buffer_put( GNUTLS_STATE state, char *data, int length) +int _gnutls_handshake_buffer_put( gnutls_session session, char *data, int length) { if (length==0) return 0; - if ( (state->gnutls_internals.max_handshake_data_buffer_size > 0) && - ((length+state->gnutls_internals.handshake_hash_buffer.size) > - state->gnutls_internals.max_handshake_data_buffer_size)) { + if ( (session->internals.max_handshake_data_buffer_size > 0) && + ((length+session->internals.handshake_hash_buffer.size) > + session->internals.max_handshake_data_buffer_size)) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } _gnutls_buffers_log( "BUF[HSK]: Inserted %d bytes of Data\n", length); - if ( gnutls_datum_append( &state->gnutls_internals.handshake_hash_buffer, + if ( gnutls_datum_append( &session->internals.handshake_hash_buffer, data, length) < 0) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -900,65 +900,65 @@ int _gnutls_handshake_buffer_put( GNUTLS_STATE state, char *data, int length) return 0; } -int _gnutls_handshake_buffer_get_size( GNUTLS_STATE state) +int _gnutls_handshake_buffer_get_size( gnutls_session session) { - return state->gnutls_internals.handshake_hash_buffer.size; + return session->internals.handshake_hash_buffer.size; } /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int _gnutls_handshake_buffer_peek( GNUTLS_STATE state, char *data, int length) +int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int length) { - if (length > state->gnutls_internals.handshake_hash_buffer.size) { - length = state->gnutls_internals.handshake_hash_buffer.size; + if (length > session->internals.handshake_hash_buffer.size) { + length = session->internals.handshake_hash_buffer.size; } _gnutls_buffers_log( "BUF[HSK]: Peeked %d bytes of Data\n", length); - memcpy(data, state->gnutls_internals.handshake_hash_buffer.data, length); + memcpy(data, session->internals.handshake_hash_buffer.data, length); return length; } /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int _gnutls_handshake_buffer_get_ptr( GNUTLS_STATE state, char **data_ptr, int *length) +int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, int *length) { if (length!=NULL) - *length = state->gnutls_internals.handshake_hash_buffer.size; + *length = session->internals.handshake_hash_buffer.size; _gnutls_buffers_log( "BUF[HSK]: Peeded %d bytes of Data\n", length); if (data_ptr!=NULL) - *data_ptr = state->gnutls_internals.handshake_hash_buffer.data; + *data_ptr = session->internals.handshake_hash_buffer.data; return 0; } /* Does not free the buffer */ -int _gnutls_handshake_buffer_empty( GNUTLS_STATE state) +int _gnutls_handshake_buffer_empty( gnutls_session session) { _gnutls_buffers_log( "BUF[HSK]: Emptied buffer\n"); - state->gnutls_internals.handshake_hash_buffer.size = 0; + session->internals.handshake_hash_buffer.size = 0; return 0; } -int _gnutls_handshake_buffer_clear( GNUTLS_STATE state) +int _gnutls_handshake_buffer_clear( gnutls_session session) { _gnutls_buffers_log( "BUF[HSK]: Cleared Data from buffer\n"); - state->gnutls_internals.handshake_hash_buffer.size = 0; - if (state->gnutls_internals.handshake_hash_buffer.data!=NULL) - gnutls_free(state->gnutls_internals.handshake_hash_buffer.data); - state->gnutls_internals.handshake_hash_buffer.data = NULL; + session->internals.handshake_hash_buffer.size = 0; + if (session->internals.handshake_hash_buffer.data!=NULL) + gnutls_free(session->internals.handshake_hash_buffer.data); + session->internals.handshake_hash_buffer.data = NULL; return 0; } diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index 2e31040548..8481e9f659 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -18,36 +18,36 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_record_buffer_put(ContentType type, GNUTLS_STATE state, char *data, int length); -int _gnutls_record_buffer_get_size(ContentType type, GNUTLS_STATE state); -int _gnutls_record_buffer_get(ContentType type, GNUTLS_STATE state, char *data, int length); -ssize_t _gnutls_io_read_buffered( GNUTLS_STATE, opaque **iptr, size_t n, ContentType); -void _gnutls_io_clear_read_buffer( GNUTLS_STATE); -int _gnutls_io_clear_peeked_data( GNUTLS_STATE state); +int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, int length); +int _gnutls_record_buffer_get_size(ContentType type, gnutls_session session); +int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, int length); +ssize_t _gnutls_io_read_buffered( gnutls_session, opaque **iptr, size_t n, ContentType); +void _gnutls_io_clear_read_buffer( gnutls_session); +int _gnutls_io_clear_peeked_data( gnutls_session session); -ssize_t _gnutls_io_write_buffered( GNUTLS_STATE, const void *iptr, size_t n ); -ssize_t _gnutls_io_write_buffered2( GNUTLS_STATE, const void *iptr, size_t n, +ssize_t _gnutls_io_write_buffered( gnutls_session, const void *iptr, size_t n ); +ssize_t _gnutls_io_write_buffered2( gnutls_session, const void *iptr, size_t n, const void* iptr2, size_t n2); -int _gnutls_handshake_buffer_get_size( GNUTLS_STATE state); -int _gnutls_handshake_buffer_peek( GNUTLS_STATE state, char *data, int length); -int _gnutls_handshake_buffer_put( GNUTLS_STATE state, char *data, int length); -int _gnutls_handshake_buffer_clear( GNUTLS_STATE state); -int _gnutls_handshake_buffer_empty( GNUTLS_STATE state); -int _gnutls_handshake_buffer_get_ptr( GNUTLS_STATE state, char **data_ptr, int *length); +int _gnutls_handshake_buffer_get_size( gnutls_session session); +int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int length); +int _gnutls_handshake_buffer_put( gnutls_session session, char *data, int length); +int _gnutls_handshake_buffer_clear( gnutls_session session); +int _gnutls_handshake_buffer_empty( gnutls_session session); +int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, int *length); -#define _gnutls_handshake_io_buffer_clear( state) \ - gnutls_free( state->gnutls_internals.handshake_send_buffer.data); \ - gnutls_free( state->gnutls_internals.handshake_recv_buffer.data); \ - state->gnutls_internals.handshake_send_buffer.data = NULL; \ - state->gnutls_internals.handshake_recv_buffer.data = NULL; \ - state->gnutls_internals.handshake_send_buffer.size = 0; \ - state->gnutls_internals.handshake_recv_buffer.size = 0; \ - state->gnutls_internals.handshake_send_buffer_prev_size = 0 +#define _gnutls_handshake_io_buffer_clear( session) \ + gnutls_free( session->internals.handshake_send_buffer.data); \ + gnutls_free( session->internals.handshake_recv_buffer.data); \ + session->internals.handshake_send_buffer.data = NULL; \ + session->internals.handshake_recv_buffer.data = NULL; \ + session->internals.handshake_send_buffer.size = 0; \ + session->internals.handshake_recv_buffer.size = 0; \ + session->internals.handshake_send_buffer_prev_size = 0 -ssize_t _gnutls_handshake_io_recv_int( GNUTLS_STATE, ContentType, HandshakeType, void *, size_t); -ssize_t _gnutls_handshake_io_send_int( GNUTLS_STATE, ContentType, HandshakeType, const void *, size_t); -ssize_t _gnutls_io_write_flush( GNUTLS_STATE state); -ssize_t _gnutls_handshake_io_write_flush( GNUTLS_STATE state); +ssize_t _gnutls_handshake_io_recv_int( gnutls_session, ContentType, HandshakeType, void *, size_t); +ssize_t _gnutls_handshake_io_send_int( gnutls_session, ContentType, HandshakeType, const void *, size_t); +ssize_t _gnutls_io_write_flush( gnutls_session session); +ssize_t _gnutls_handshake_io_write_flush( gnutls_session session); -size_t gnutls_record_check_pending(GNUTLS_STATE state); +size_t gnutls_record_check_pending(gnutls_session session); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index cf84172f9a..abff0dacc7 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -44,8 +44,8 @@ /* KX mappings to PK algorithms */ typedef struct { - KXAlgorithm kx_algorithm; - PKAlgorithm pk_algorithm; + gnutls_kx_algorithm kx_algorithm; + gnutls_pk_algorithm pk_algorithm; } gnutls_pk_map; /* This table maps the Key exchange algorithms to @@ -69,12 +69,12 @@ static const gnutls_pk_map pk_mappings[] = { GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) -/* returns the PKAlgorithm which is compatible with - * the given KXAlgorithm. +/* returns the gnutls_pk_algorithm which is compatible with + * the given gnutls_kx_algorithm. */ -PKAlgorithm _gnutls_map_pk_get_pk(KXAlgorithm kx_algorithm) +gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm) { - PKAlgorithm ret = -1; + gnutls_pk_algorithm ret = -1; GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm); return ret; @@ -161,13 +161,13 @@ int gnutls_certificate_allocate_cred(GNUTLS_CERTIFICATE_CREDENTIALS * res) * This function also uses the KeyUsage field of the certificate * extensions in order to disable unneded algorithms. */ -int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, +int _gnutls_cert_supported_kx(const gnutls_cert * cert, gnutls_kx_algorithm ** alg, int *alg_size) { - KXAlgorithm kx; + gnutls_kx_algorithm kx; int i; - PKAlgorithm pk; - KXAlgorithm kxlist[MAX_ALGOS]; + gnutls_pk_algorithm pk; + gnutls_kx_algorithm kxlist[MAX_ALGOS]; i = 0; for (kx = 0; kx < MAX_ALGOS; kx++) { @@ -194,13 +194,13 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, return GNUTLS_E_INVALID_PARAMETERS; } - *alg = gnutls_calloc(1, sizeof(KXAlgorithm) * i); + *alg = gnutls_calloc(1, sizeof(gnutls_kx_algorithm) * i); if (*alg == NULL) return GNUTLS_E_MEMORY_ERROR; *alg_size = i; - memcpy(*alg, kxlist, i * sizeof(KXAlgorithm)); + memcpy(*alg, kxlist, i * sizeof(gnutls_kx_algorithm)); return 0; } @@ -208,7 +208,7 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, /** * gnutls_certificate_server_set_request - Used to set whether to request a client certificate - * @state: is an &GNUTLS_STATE structure. + * @session: is an &gnutls_session structure. * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE * * This function specifies if we (in case of a server) are going @@ -218,19 +218,19 @@ int _gnutls_cert_supported_kx(const gnutls_cert * cert, KXAlgorithm ** alg, * call this function then the client will not be asked to * send a certificate. **/ -void gnutls_certificate_server_set_request(GNUTLS_STATE state, - CertificateRequest req) +void gnutls_certificate_server_set_request(gnutls_session session, + gnutls_certificate_request req) { - state->gnutls_internals.send_cert_req = req; + session->internals.send_cert_req = req; } /** * gnutls_certificate_client_set_select_function - Used to set a callback while selecting the proper (client) certificate - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @func: is the callback function * * The callback's function form is: - * int (*callback)(GNUTLS_STATE, gnutls_datum *client_cert, int ncerts, gnutls_datum* req_ca_cert, int nreqs); + * int (*callback)(gnutls_session, gnutls_datum *client_cert, int ncerts, gnutls_datum* req_ca_cert, int nreqs); * * 'client_cert' contains 'ncerts' gnutls_datum structures which hold * the raw certificates (DER for X.509 or binary for OpenPGP), of the @@ -265,20 +265,20 @@ void gnutls_certificate_server_set_request(GNUTLS_STATE state, * * This function returns 0 on success. **/ -void gnutls_certificate_client_set_select_function(GNUTLS_STATE state, +void gnutls_certificate_client_set_select_function(gnutls_session session, certificate_client_select_func * func) { - state->gnutls_internals.client_cert_callback = func; + session->internals.client_cert_callback = func; } /** * gnutls_certificate_server_set_select_function - Used to set a callback while selecting the proper (server) certificate - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @func: is the callback function * * The callback's function form is: - * int (*callback)(GNUTLS_STATE, gnutls_datum *server_cert, int ncerts); + * int (*callback)(gnutls_session, gnutls_datum *server_cert, int ncerts); * * 'server_cert' contains 'ncerts' gnutls_datum structures which hold * the raw certificate (DER encoded in X.509) of the server. @@ -297,11 +297,11 @@ void gnutls_certificate_client_set_select_function(GNUTLS_STATE state, * choosen by the server. -1 indicates an error. * **/ -void gnutls_certificate_server_set_select_function(GNUTLS_STATE state, +void gnutls_certificate_server_set_select_function(gnutls_session session, certificate_server_select_func * func) { - state->gnutls_internals.server_cert_callback = func; + session->internals.server_cert_callback = func; } /* These are set by the gnutls_extra library's initialization function. @@ -313,26 +313,26 @@ OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key = NULL; /*- * _gnutls_openpgp_cert_verify_peers - This function returns the peer's certificate status - * @state: is a gnutls state + * @session: is a gnutls session * * This function will try to verify the peer's certificate and return it's status (TRUSTED, INVALID etc.). * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. * -*/ -int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state) +int _gnutls_openpgp_cert_verify_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; const GNUTLS_CERTIFICATE_CREDENTIALS cred; - CertificateStatus verify; + gnutls_certificate_status verify; int peer_certificate_list_size; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_INVALID_REQUEST; - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; @@ -373,24 +373,24 @@ int _gnutls_openpgp_cert_verify_peers(GNUTLS_STATE state) /** * gnutls_certificate_verify_peers - This function returns the peer's certificate verification status - * @state: is a gnutls state + * @session: is a gnutls session * * This function will try to verify the peer's certificate and return it's status (trusted, invalid etc.). * However you must also check the peer's name in order to check if the verified certificate belongs to the * actual peer. * - * The return value should be one or more of the CertificateStatus + * The return value should be one or more of the gnutls_certificate_status * enumerated elements bitwise or'd. This is the same as * gnutls_x509_verify_certificate(). * **/ -int gnutls_certificate_verify_peers(GNUTLS_STATE state) +int gnutls_certificate_verify_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) { gnutls_assert(); return GNUTLS_E_NO_CERTIFICATE_FOUND; @@ -399,11 +399,11 @@ int gnutls_certificate_verify_peers(GNUTLS_STATE state) if (info->raw_certificate_list == NULL || info->ncerts == 0) return GNUTLS_E_NO_CERTIFICATE_FOUND; - switch( gnutls_cert_type_get( state)) { + switch( gnutls_cert_type_get( session)) { case GNUTLS_CRT_X509: - return _gnutls_x509_cert_verify_peers( state); + return _gnutls_x509_cert_verify_peers( session); case GNUTLS_CRT_OPENPGP: - return _gnutls_openpgp_cert_verify_peers( state); + return _gnutls_openpgp_cert_verify_peers( session); default: return GNUTLS_E_INVALID_REQUEST; } @@ -411,20 +411,20 @@ int gnutls_certificate_verify_peers(GNUTLS_STATE state) /** * gnutls_certificate_expiration_time_peers - This function returns the peer's certificate expiration time - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the peer's certificate expiration time. * * Returns (time_t) -1 on error. * **/ -time_t gnutls_certificate_expiration_time_peers(GNUTLS_STATE state) +time_t gnutls_certificate_expiration_time_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) { gnutls_assert(); return (time_t) -1; @@ -435,7 +435,7 @@ time_t gnutls_certificate_expiration_time_peers(GNUTLS_STATE state) return (time_t) -1; } - switch( gnutls_cert_type_get( state)) { + switch( gnutls_cert_type_get( session)) { case GNUTLS_CRT_X509: return gnutls_x509_extract_certificate_expiration_time( &info->raw_certificate_list[0]); @@ -451,7 +451,7 @@ time_t gnutls_certificate_expiration_time_peers(GNUTLS_STATE state) /** * gnutls_certificate_activation_time_peers - This function returns the peer's certificate activation time - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the peer's certificate activation time. * This is the creation time for openpgp keys. @@ -459,13 +459,13 @@ time_t gnutls_certificate_expiration_time_peers(GNUTLS_STATE state) * Returns (time_t) -1 on error. * **/ -time_t gnutls_certificate_activation_time_peers(GNUTLS_STATE state) +time_t gnutls_certificate_activation_time_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) { gnutls_assert(); return (time_t) -1; @@ -476,7 +476,7 @@ time_t gnutls_certificate_activation_time_peers(GNUTLS_STATE state) return (time_t) -1; } - switch( gnutls_cert_type_get( state)) { + switch( gnutls_cert_type_get( session)) { case GNUTLS_CRT_X509: return gnutls_x509_extract_certificate_activation_time( &info->raw_certificate_list[0]); diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index c86943d42f..f88d7e1d17 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -34,7 +34,7 @@ typedef struct gnutls_cert { */ int params_size; /* holds the size of MPI params */ - PKAlgorithm subject_pk_algorithm; + gnutls_pk_algorithm subject_pk_algorithm; gnutls_datum signature; @@ -53,7 +53,7 @@ typedef struct gnutls_cert { /* holds the type (PGP, X509) */ - CertificateType cert_type; + gnutls_certificate_type cert_type; gnutls_datum raw; /* the raw certificate */ } gnutls_cert; @@ -77,15 +77,15 @@ typedef struct { */ int params_size; /* holds the number of params */ - PKAlgorithm pk_algorithm; + gnutls_pk_algorithm pk_algorithm; gnutls_datum raw; /* the raw key */ } gnutls_private_key; -struct GNUTLS_STATE_INT; /* because GNUTLS_STATE is not defined when this file is included */ +struct gnutls_session_int; /* because gnutls_session is not defined when this file is included */ -int _gnutls_cert_supported_kx( const gnutls_cert* cert, KXAlgorithm **alg, int *alg_size); -PKAlgorithm _gnutls_map_pk_get_pk(KXAlgorithm kx_algorithm); +int _gnutls_cert_supported_kx( const gnutls_cert* cert, gnutls_kx_algorithm **alg, int *alg_size); +gnutls_pk_algorithm _gnutls_map_pk_get_pk(gnutls_kx_algorithm kx_algorithm); void _gnutls_free_cert(gnutls_cert cert); diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index cd226306ad..c07477b1d7 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -39,16 +39,16 @@ #include "gnutls_constate.h" inline static int -is_write_comp_null( GNUTLS_STATE state) { - if (state->security_parameters.write_compression_algorithm == GNUTLS_COMP_NULL) +is_write_comp_null( gnutls_session session) { + if (session->security_parameters.write_compression_algorithm == GNUTLS_COMP_NULL) return 0; return 1; } inline static int -is_read_comp_null( GNUTLS_STATE state) { - if (state->security_parameters.read_compression_algorithm == GNUTLS_COMP_NULL) +is_read_comp_null( gnutls_session session) { + if (session->security_parameters.read_compression_algorithm == GNUTLS_COMP_NULL) return 0; return 1; @@ -60,7 +60,7 @@ is_read_comp_null( GNUTLS_STATE state) { * * If random pad != 0 then the random pad data will be appended. */ -int _gnutls_encrypt(GNUTLS_STATE state, const char* headers, int headers_size, +int _gnutls_encrypt(gnutls_session session, const char* headers, int headers_size, const char *data, size_t data_size, opaque * ciphertext, int ciphertext_size, ContentType type, int random_pad) { @@ -69,21 +69,21 @@ int _gnutls_encrypt(GNUTLS_STATE state, const char* headers, int headers_size, int ret; int free_comp = 1; - if (plain.size == 0 || is_write_comp_null( state)==0) { + if (plain.size == 0 || is_write_comp_null( session)==0) { comp = plain; free_comp = 0; } else { /* Here comp is allocated and must be * freed. */ - ret = _gnutls_m_plaintext2compressed(state, &comp, plain); + ret = _gnutls_m_plaintext2compressed(session, &comp, plain); if (ret < 0) { gnutls_assert(); return ret; } } - ret = _gnutls_compressed2ciphertext(state, &ciphertext[headers_size], + ret = _gnutls_compressed2ciphertext(session, &ciphertext[headers_size], ciphertext_size - headers_size, comp, type, random_pad); if (free_comp) @@ -103,7 +103,7 @@ int _gnutls_encrypt(GNUTLS_STATE state, const char* headers, int headers_size, } -int _gnutls_decrypt(GNUTLS_STATE state, char *ciphertext, +int _gnutls_decrypt(gnutls_session session, char *ciphertext, size_t ciphertext_size, uint8 * data, int data_size, ContentType type) { @@ -117,12 +117,12 @@ int _gnutls_decrypt(GNUTLS_STATE state, char *ciphertext, gcipher.size = ciphertext_size; gcipher.data = ciphertext; - ret = _gnutls_ciphertext2compressed(state, data, data_size, gcipher, type); + ret = _gnutls_ciphertext2compressed(session, data, data_size, gcipher, type); if (ret < 0) { return ret; } - if (ret==0 || is_read_comp_null( state)==0) { + if (ret==0 || is_read_comp_null( session)==0) { /* ret == ret */ } else { @@ -133,7 +133,7 @@ int _gnutls_decrypt(GNUTLS_STATE state, char *ciphertext, gcomp.data = data; gcomp.size = ret; - ret = _gnutls_m_compressed2plaintext(state, >xt, gcomp); + ret = _gnutls_m_compressed2plaintext(session, >xt, gcomp); if (ret < 0) { return ret; } @@ -154,7 +154,7 @@ int _gnutls_decrypt(GNUTLS_STATE state, char *ciphertext, } inline -static GNUTLS_MAC_HANDLE mac_init( MACAlgorithm mac, opaque* secret, int secret_size, int ver) { +static GNUTLS_MAC_HANDLE mac_init( gnutls_mac_algorithm mac, opaque* secret, int secret_size, int ver) { GNUTLS_MAC_HANDLE td; if ( ver == GNUTLS_SSL3) { /* SSL 3.0 */ @@ -179,7 +179,7 @@ static void mac_deinit( GNUTLS_MAC_HANDLE td, opaque* res, int ver) { } inline -static int calc_enc_length( GNUTLS_STATE state, int data_size, int hash_size, uint8* pad, int random_pad, +static int calc_enc_length( gnutls_session session, int data_size, int hash_size, uint8* pad, int random_pad, CipherType block_algo, int blocksize) { uint8 rand; @@ -200,7 +200,7 @@ int length; } /* make rand a multiple of blocksize */ - if ( state->security_parameters.version == GNUTLS_SSL3 || + if ( session->security_parameters.version == GNUTLS_SSL3 || random_pad==0) { rand = 0; } else { @@ -233,7 +233,7 @@ int length; * which has cipher_size size. * return the actual encrypted data length. */ -int _gnutls_compressed2ciphertext(GNUTLS_STATE state, +int _gnutls_compressed2ciphertext(gnutls_session session, opaque* cipher_data, int cipher_size, gnutls_datum compressed, ContentType _type, int random_pad) @@ -246,33 +246,33 @@ int _gnutls_compressed2ciphertext(GNUTLS_STATE state, GNUTLS_MAC_HANDLE td; uint8 type = _type; uint8 major, minor; - int hash_size = _gnutls_mac_get_digest_size(state->security_parameters.write_mac_algorithm); - GNUTLS_Version ver; + int hash_size = _gnutls_mac_get_digest_size(session->security_parameters.write_mac_algorithm); + gnutls_protocol_version ver; int blocksize = - _gnutls_cipher_get_block_size(state->security_parameters. + _gnutls_cipher_get_block_size(session->security_parameters. write_bulk_cipher_algorithm); - CipherType block_algo = _gnutls_cipher_is_block(state->security_parameters.write_bulk_cipher_algorithm); + CipherType block_algo = _gnutls_cipher_is_block(session->security_parameters.write_bulk_cipher_algorithm); - ver = gnutls_protocol_get_version( state); + ver = gnutls_protocol_get_version( session); minor = _gnutls_version_get_minor( ver); major = _gnutls_version_get_major( ver); /* Initialize MAC */ - td = mac_init(state->security_parameters.write_mac_algorithm, - state->connection_state.write_mac_secret.data, - state->connection_state.write_mac_secret.size, ver); + td = mac_init(session->security_parameters.write_mac_algorithm, + session->connection_state.write_mac_secret.data, + session->connection_state.write_mac_secret.size, ver); if (td == GNUTLS_MAC_FAILED - && state->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) { + && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } c_length = _gnutls_conv_uint16(compressed.size); seq_num = - _gnutls_conv_uint64(&state->connection_state.write_sequence_number); + _gnutls_conv_uint64(&session->connection_state.write_sequence_number); if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */ _gnutls_hmac(td, UINT64DATA(seq_num), 8); @@ -290,7 +290,7 @@ int _gnutls_compressed2ciphertext(GNUTLS_STATE state, /* Calculate the encrypted length (padding etc.) */ - length = calc_enc_length( state, compressed.size, hash_size, &pad, random_pad, block_algo, + length = calc_enc_length( session, compressed.size, hash_size, &pad, random_pad, block_algo, blocksize); if (length < 0) { gnutls_assert(); @@ -313,7 +313,7 @@ int _gnutls_compressed2ciphertext(GNUTLS_STATE state, /* Actual encryption (inplace). */ - if ( (ret = _gnutls_cipher_encrypt(state->connection_state. + if ( (ret = _gnutls_cipher_encrypt(session->connection_state. write_cipher_state, cipher_data, length)) < 0) { return ret; @@ -325,7 +325,7 @@ int _gnutls_compressed2ciphertext(GNUTLS_STATE state, /* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size. * Returns the actual compressed packet size. */ -int _gnutls_ciphertext2compressed(GNUTLS_STATE state, +int _gnutls_ciphertext2compressed(gnutls_session session, opaque* compress_data, int compress_size, gnutls_datum ciphertext, uint8 type) { @@ -337,24 +337,24 @@ int _gnutls_ciphertext2compressed(GNUTLS_STATE state, GNUTLS_MAC_HANDLE td; int blocksize, ret, i; uint8 major, minor; - GNUTLS_Version ver; - int hash_size = _gnutls_mac_get_digest_size(state->security_parameters.read_mac_algorithm); + gnutls_protocol_version ver; + int hash_size = _gnutls_mac_get_digest_size(session->security_parameters.read_mac_algorithm); - ver = gnutls_protocol_get_version( state); + ver = gnutls_protocol_get_version( session); minor = _gnutls_version_get_minor(ver); major = _gnutls_version_get_major(ver); - blocksize = _gnutls_cipher_get_block_size(state->security_parameters. + blocksize = _gnutls_cipher_get_block_size(session->security_parameters. read_bulk_cipher_algorithm); /* initialize MAC */ - td = mac_init( state->security_parameters.read_mac_algorithm, - state->connection_state.read_mac_secret.data, - state->connection_state.read_mac_secret.size, ver); + td = mac_init( session->security_parameters.read_mac_algorithm, + session->connection_state.read_mac_secret.data, + session->connection_state.read_mac_secret.size, ver); if (td == GNUTLS_MAC_FAILED - && state->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) { + && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } @@ -362,9 +362,9 @@ int _gnutls_ciphertext2compressed(GNUTLS_STATE state, /* actual decryption (inplace) */ - switch (_gnutls_cipher_is_block(state->security_parameters.read_bulk_cipher_algorithm)) { + switch (_gnutls_cipher_is_block(session->security_parameters.read_bulk_cipher_algorithm)) { case CIPHER_STREAM: - if ( (ret = _gnutls_cipher_decrypt(state->connection_state. + if ( (ret = _gnutls_cipher_decrypt(session->connection_state. read_cipher_state, ciphertext.data, ciphertext.size)) < 0) { gnutls_assert(); @@ -382,7 +382,7 @@ int _gnutls_ciphertext2compressed(GNUTLS_STATE state, return GNUTLS_E_DECRYPTION_FAILED; } - if ( (ret = _gnutls_cipher_decrypt(state->connection_state. + if ( (ret = _gnutls_cipher_decrypt(session->connection_state. read_cipher_state, ciphertext.data, ciphertext.size)) < 0) { gnutls_assert(); @@ -427,7 +427,7 @@ int _gnutls_ciphertext2compressed(GNUTLS_STATE state, c_length = _gnutls_conv_uint16((uint16) length); - seq_num = _gnutls_conv_uint64( &state->connection_state.read_sequence_number); + seq_num = _gnutls_conv_uint64( &session->connection_state.read_sequence_number); /* Pass the type, version, length and compressed through * MAC. diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h index dd83394b9d..c090d4e6aa 100644 --- a/lib/gnutls_cipher.h +++ b/lib/gnutls_cipher.h @@ -18,13 +18,13 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_encrypt( GNUTLS_STATE state, const char* headers, int headers_size, const char* data, size_t data_size, +int _gnutls_encrypt( gnutls_session session, const char* headers, int headers_size, const char* data, size_t data_size, uint8* ciphertext, int ciphertext_size, ContentType type, int random_pad); -int _gnutls_decrypt(GNUTLS_STATE state, char *ciphertext, +int _gnutls_decrypt(gnutls_session session, char *ciphertext, size_t ciphertext_size, uint8 * data, int data_size, ContentType type); -int _gnutls_compressed2ciphertext(GNUTLS_STATE state, opaque* cipher_data, int cipher_size, gnutls_datum compressed, +int _gnutls_compressed2ciphertext(gnutls_session session, opaque* cipher_data, int cipher_size, gnutls_datum compressed, ContentType _type, int random_pad); -int _gnutls_ciphertext2compressed(GNUTLS_STATE state, opaque * compress_data, int compress_size, +int _gnutls_ciphertext2compressed(gnutls_session session, opaque * compress_data, int compress_size, gnutls_datum ciphertext, uint8 type); diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 289fd4c448..9ed8eeda4e 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -24,7 +24,7 @@ #include #include -GNUTLS_CIPHER_HANDLE _gnutls_cipher_init( BulkCipherAlgorithm cipher, gnutls_datum key, gnutls_datum iv) +GNUTLS_CIPHER_HANDLE _gnutls_cipher_init( gnutls_cipher_algorithm cipher, gnutls_datum key, gnutls_datum iv) { GNUTLS_CIPHER_HANDLE ret; diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index 00af5ba064..b5712819c8 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -30,7 +30,7 @@ # define GNUTLS_CIPHER_FAILED NULL #endif -GNUTLS_CIPHER_HANDLE _gnutls_cipher_init( BulkCipherAlgorithm cipher, gnutls_datum key, gnutls_datum iv); +GNUTLS_CIPHER_HANDLE _gnutls_cipher_init( gnutls_cipher_algorithm cipher, gnutls_datum key, gnutls_datum iv); int _gnutls_cipher_encrypt(GNUTLS_CIPHER_HANDLE handle, void* text, int textlen); int _gnutls_cipher_decrypt(GNUTLS_CIPHER_HANDLE handle, void* ciphertext, int ciphertextlen); void _gnutls_cipher_deinit(GNUTLS_CIPHER_HANDLE handle); diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c index 03c34f394e..a20558dcf6 100644 --- a/lib/gnutls_compress.c +++ b/lib/gnutls_compress.c @@ -30,7 +30,7 @@ /* These functions allocate the return value internally */ -int _gnutls_m_plaintext2compressed(GNUTLS_STATE state, +int _gnutls_m_plaintext2compressed(gnutls_session session, gnutls_datum* compress, gnutls_datum plaintext) @@ -40,7 +40,7 @@ int _gnutls_m_plaintext2compressed(GNUTLS_STATE state, data=NULL; - size = _gnutls_compress( state->connection_state.write_compression_state, + size = _gnutls_compress( session->connection_state.write_compression_state, plaintext.data, plaintext.size, &data, MAX_RECORD_SEND_SIZE+1024); if (size < 0) { gnutls_assert(); @@ -52,7 +52,7 @@ int _gnutls_m_plaintext2compressed(GNUTLS_STATE state, return 0; } -int _gnutls_m_compressed2plaintext(GNUTLS_STATE state, +int _gnutls_m_compressed2plaintext(gnutls_session session, gnutls_datum* plain, gnutls_datum compressed) @@ -62,7 +62,7 @@ int _gnutls_m_compressed2plaintext(GNUTLS_STATE state, data=NULL; - size = _gnutls_decompress( state->connection_state.read_compression_state, + size = _gnutls_decompress( session->connection_state.read_compression_state, compressed.data, compressed.size, &data, MAX_RECORD_RECV_SIZE); if (size < 0) { gnutls_assert(); diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h index 4d87d48d44..47ba103804 100644 --- a/lib/gnutls_compress.h +++ b/lib/gnutls_compress.h @@ -18,5 +18,5 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_m_plaintext2compressed(GNUTLS_STATE state, gnutls_datum* compress, gnutls_datum plaintext); -int _gnutls_m_compressed2plaintext(GNUTLS_STATE state, gnutls_datum* plain, gnutls_datum compressed); +int _gnutls_m_plaintext2compressed(gnutls_session session, gnutls_datum* compress, gnutls_datum plaintext); +int _gnutls_m_compressed2plaintext(gnutls_session session, gnutls_datum* plain, gnutls_datum compressed); diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c index 69053088d7..c40e4ac2d5 100644 --- a/lib/gnutls_compress_int.c +++ b/lib/gnutls_compress_int.c @@ -26,7 +26,7 @@ /* The flag d is the direction (compressed, decompress). Non zero is * decompress. */ -GNUTLS_COMP_HANDLE _gnutls_comp_init( CompressionMethod method, int d) +GNUTLS_COMP_HANDLE _gnutls_comp_init( gnutls_compression_method method, int d) { GNUTLS_COMP_HANDLE ret; int err; diff --git a/lib/gnutls_compress_int.h b/lib/gnutls_compress_int.h index 037771a628..a5ac2e302a 100644 --- a/lib/gnutls_compress_int.h +++ b/lib/gnutls_compress_int.h @@ -29,10 +29,10 @@ typedef struct GNUTLS_COMP_HANDLE_STRUCT { void* handle; - CompressionMethod algo; + gnutls_compression_method algo; } *GNUTLS_COMP_HANDLE; -GNUTLS_COMP_HANDLE _gnutls_comp_init( CompressionMethod, int d); +GNUTLS_COMP_HANDLE _gnutls_comp_init( gnutls_compression_method, int d); void _gnutls_comp_deinit(GNUTLS_COMP_HANDLE handle, int d); int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, int compressed_size, char** plain, int max_record_size); diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index db1c89af68..3ca3b8e4de 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -48,10 +48,10 @@ static const int servwrite_length = sizeof(servwrite) - 1; /* This function is to be called after handshake, when master_secret, * client_random and server_random have been initialized. - * This function creates the keys and stores them into pending state. - * (state->cipher_specs) + * This function creates the keys and stores them into pending session. + * (session->cipher_specs) */ -int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, +int _gnutls_set_keys(gnutls_session session, int hash_size, int IV_size, int key_size, int export_flag) { @@ -63,11 +63,11 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, int pos, ret; int block_size; - if (state->cipher_specs.generated_keys != 0) { + if (session->cipher_specs.generated_keys != 0) { /* keys have already been generated. * reset generated_keys and exit normally. */ - state->cipher_specs.generated_keys = 0; + session->cipher_specs.generated_keys = 0; return 0; } @@ -81,19 +81,19 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, return GNUTLS_E_MEMORY_ERROR; } - memcpy(random, state->security_parameters.server_random, + memcpy(random, session->security_parameters.server_random, TLS_RANDOM_SIZE); memcpy(&random[TLS_RANDOM_SIZE], - state->security_parameters.client_random, TLS_RANDOM_SIZE); + session->security_parameters.client_random, TLS_RANDOM_SIZE); - memcpy(rrandom, state->security_parameters.client_random, + memcpy(rrandom, session->security_parameters.client_random, TLS_RANDOM_SIZE); memcpy(&rrandom[TLS_RANDOM_SIZE], - state->security_parameters.server_random, TLS_RANDOM_SIZE); + session->security_parameters.server_random, TLS_RANDOM_SIZE); - if (state->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ + if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ ret = - _gnutls_ssl3_generate_random(state-> + _gnutls_ssl3_generate_random(session-> security_parameters. master_secret, TLS_MASTER_SIZE, random, @@ -101,7 +101,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, block_size, key_block); } else { /* TLS 1.0 */ ret = - _gnutls_PRF(state->security_parameters.master_secret, + _gnutls_PRF(session->security_parameters.master_secret, TLS_MASTER_SIZE, keyexp, keyexp_length, random, 2 * TLS_RANDOM_SIZE, block_size, key_block); @@ -119,7 +119,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, pos = 0; if (hash_size > 0) { if (gnutls_sset_datum - (&state->cipher_specs.client_write_mac_secret, + (&session->cipher_specs.client_write_mac_secret, &key_block[pos], hash_size) < 0) { gnutls_free(key_block); return GNUTLS_E_MEMORY_ERROR; @@ -127,7 +127,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, pos += hash_size; if (gnutls_sset_datum - (&state->cipher_specs.server_write_mac_secret, + (&session->cipher_specs.server_write_mac_secret, &key_block[pos], hash_size) < 0) { gnutls_free(key_block); return GNUTLS_E_MEMORY_ERROR; @@ -173,7 +173,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, /* generate the final keys */ - if (state->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ + if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_hash_md5(&key_block[pos], key_size, rrandom, @@ -202,7 +202,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, client_write_key_size = EXPORT_FINAL_KEY_SIZE; pos += key_size; - if (state->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ + if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_hash_md5(&key_block[pos], key_size, random, 2 * TLS_RANDOM_SIZE, @@ -230,7 +230,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, } if (gnutls_sset_datum - (&state->cipher_specs.client_write_key, + (&session->cipher_specs.client_write_key, client_write_key, client_write_key_size) < 0) { gnutls_free(key_block); gnutls_free(server_write_key); @@ -243,7 +243,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, client_write_key_size)); if (gnutls_sset_datum - (&state->cipher_specs.server_write_key, + (&session->cipher_specs.server_write_key, server_write_key, server_write_key_size) < 0) { gnutls_free(key_block); gnutls_free(server_write_key); @@ -267,7 +267,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, */ if (IV_size > 0 && export_flag == 0) { if (gnutls_sset_datum - (&state->cipher_specs.client_write_IV, &key_block[pos], + (&session->cipher_specs.client_write_IV, &key_block[pos], IV_size) < 0) { gnutls_free(key_block); return GNUTLS_E_MEMORY_ERROR; @@ -275,7 +275,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, pos += IV_size; if (gnutls_sset_datum - (&state->cipher_specs.server_write_IV, &key_block[pos], + (&session->cipher_specs.server_write_IV, &key_block[pos], IV_size) < 0) { gnutls_free(key_block); return GNUTLS_E_MEMORY_ERROR; @@ -291,7 +291,7 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, return GNUTLS_E_MEMORY_ERROR; } - if (state->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ + if (session->security_parameters.version == GNUTLS_SSL3) { /* SSL 3 */ ret = _gnutls_ssl3_hash_md5( "", 0, rrandom, TLS_RANDOM_SIZE*2, @@ -323,14 +323,14 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, } if (gnutls_sset_datum - (&state->cipher_specs.client_write_IV, iv_block, + (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0) { gnutls_free(key_block); return GNUTLS_E_MEMORY_ERROR; } if (gnutls_sset_datum - (&state->cipher_specs.server_write_IV, + (&session->cipher_specs.server_write_IV, &iv_block[IV_size], IV_size) < 0) { gnutls_free(key_block); return GNUTLS_E_MEMORY_ERROR; @@ -339,48 +339,48 @@ int _gnutls_set_keys(GNUTLS_STATE state, int hash_size, int IV_size, gnutls_free(key_block); - state->cipher_specs.generated_keys = 1; + session->cipher_specs.generated_keys = 1; return 0; } -int _gnutls_set_read_keys(GNUTLS_STATE state) +int _gnutls_set_read_keys(gnutls_session session) { int hash_size; int IV_size; int key_size, export_flag; - BulkCipherAlgorithm algo; - MACAlgorithm mac_algo; + gnutls_cipher_algorithm algo; + gnutls_mac_algorithm mac_algo; - mac_algo = state->security_parameters.read_mac_algorithm; - algo = state->security_parameters.read_bulk_cipher_algorithm; + mac_algo = session->security_parameters.read_mac_algorithm; + algo = session->security_parameters.read_bulk_cipher_algorithm; hash_size = _gnutls_mac_get_digest_size(mac_algo); IV_size = _gnutls_cipher_get_iv_size(algo); key_size = gnutls_cipher_get_key_size(algo); export_flag = _gnutls_cipher_get_export_flag(algo); - return _gnutls_set_keys(state, hash_size, IV_size, key_size, + return _gnutls_set_keys(session, hash_size, IV_size, key_size, export_flag); } -int _gnutls_set_write_keys(GNUTLS_STATE state) +int _gnutls_set_write_keys(gnutls_session session) { int hash_size; int IV_size; int key_size, export_flag; - BulkCipherAlgorithm algo; - MACAlgorithm mac_algo; + gnutls_cipher_algorithm algo; + gnutls_mac_algorithm mac_algo; - mac_algo = state->security_parameters.write_mac_algorithm; - algo = state->security_parameters.write_bulk_cipher_algorithm; + mac_algo = session->security_parameters.write_mac_algorithm; + algo = session->security_parameters.write_bulk_cipher_algorithm; hash_size = _gnutls_mac_get_digest_size(mac_algo); IV_size = _gnutls_cipher_get_iv_size(algo); key_size = gnutls_cipher_get_key_size(algo); export_flag = _gnutls_cipher_get_export_flag(algo); - return _gnutls_set_keys(state, hash_size, IV_size, key_size, + return _gnutls_set_keys(session, hash_size, IV_size, key_size, export_flag); } @@ -420,19 +420,19 @@ static void _gnutls_cpy_write_security_parameters(SecurityParameters * dst, src->write_compression_algorithm; } -/* Sets the current connection state to conform with the - * Security parameters(pending state), and initializes encryption. +/* Sets the current connection session to conform with the + * Security parameters(pending session), and initializes encryption. * Actually it initializes and starts encryption ( so it needs * secrets and random numbers to have been negotiated) * This is to be called after sending the Change Cipher Spec packet. */ -int _gnutls_connection_state_init(GNUTLS_STATE state) +int _gnutls_connection_state_init(gnutls_session session) { int ret; /* Setup the master secret */ - if ((ret = _gnutls_generate_master(state)) < 0) { + if ((ret = _gnutls_generate_master(session)) < 0) { gnutls_assert(); return ret; } @@ -442,125 +442,125 @@ int _gnutls_connection_state_init(GNUTLS_STATE state) } -/* Initializes the read connection state +/* Initializes the read connection session * (read encrypted data) */ -int _gnutls_read_connection_state_init(GNUTLS_STATE state) +int _gnutls_read_connection_state_init(gnutls_session session) { int mac_size; int rc; - _gnutls_uint64zero(&state->connection_state.read_sequence_number); + _gnutls_uint64zero(&session->connection_state.read_sequence_number); /* Update internals from CipherSuite selected. - * If we are resuming just copy the connection state + * If we are resuming just copy the connection session */ - if (state->gnutls_internals.resumed == RESUME_FALSE) { - rc = _gnutls_set_read_cipher(state, + if (session->internals.resumed == RESUME_FALSE) { + rc = _gnutls_set_read_cipher(session, _gnutls_cipher_suite_get_cipher_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); if (rc < 0) return rc; - rc = _gnutls_set_read_mac(state, + rc = _gnutls_set_read_mac(session, _gnutls_cipher_suite_get_mac_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); if (rc < 0) return rc; - rc = _gnutls_set_kx(state, + rc = _gnutls_set_kx(session, _gnutls_cipher_suite_get_kx_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); if (rc < 0) return rc; - rc = _gnutls_set_read_compression(state, - state->gnutls_internals. + rc = _gnutls_set_read_compression(session, + session->internals. compression_method); if (rc < 0) return rc; } else { /* RESUME_TRUE */ - _gnutls_cpy_read_security_parameters(&state-> + _gnutls_cpy_read_security_parameters(&session-> security_parameters, - &state-> - gnutls_internals. + &session-> + internals. resumed_security_parameters); } - rc = _gnutls_set_read_keys(state); + rc = _gnutls_set_read_keys(session); if (rc < 0) return rc; _gnutls_handshake_log("HSK: Cipher Suite: %s\n", - _gnutls_cipher_suite_get_name(state-> + _gnutls_cipher_suite_get_name(session-> security_parameters. current_cipher_suite)); if (_gnutls_compression_is_ok - (state->security_parameters.read_compression_algorithm) != 0) { + (session->security_parameters.read_compression_algorithm) != 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } if (_gnutls_mac_is_ok - (state->security_parameters.read_mac_algorithm) != 0) { + (session->security_parameters.read_mac_algorithm) != 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } - /* Free all the previous keys/ states etc. + /* Free all the previous keys/ sessions etc. */ - if (state->connection_state.read_mac_secret.data != NULL) - gnutls_sfree_datum(&state->connection_state. + if (session->connection_state.read_mac_secret.data != NULL) + gnutls_sfree_datum(&session->connection_state. read_mac_secret); - if (state->connection_state.read_cipher_state != NULL) - _gnutls_cipher_deinit(state->connection_state. + if (session->connection_state.read_cipher_state != NULL) + _gnutls_cipher_deinit(session->connection_state. read_cipher_state); - if (state->connection_state.read_compression_state != NULL) - _gnutls_comp_deinit(state->connection_state. + if (session->connection_state.read_compression_state != NULL) + _gnutls_comp_deinit(session->connection_state. read_compression_state, 1); mac_size = - _gnutls_mac_get_digest_size(state->security_parameters. + _gnutls_mac_get_digest_size(session->security_parameters. read_mac_algorithm); _gnutls_handshake_log - ("HSK: Initializing internal [read] cipher states\n"); + ("HSK: Initializing internal [read] cipher sessions\n"); - switch (state->security_parameters.entity) { + switch (session->security_parameters.entity) { case GNUTLS_SERVER: - /* initialize cipher state + /* initialize cipher session */ - state->connection_state.read_cipher_state = - _gnutls_cipher_init(state->security_parameters. + session->connection_state.read_cipher_state = + _gnutls_cipher_init(session->security_parameters. read_bulk_cipher_algorithm, - state->cipher_specs. + session->cipher_specs. client_write_key, - state->cipher_specs. + session->cipher_specs. client_write_IV); - if (state->connection_state.read_cipher_state == + if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED - && state->security_parameters. + && session->security_parameters. read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } /* copy mac secrets from cipherspecs, to connection - * state. + * session. */ if (mac_size > 0) { - gnutls_sset_datum(&state->connection_state. + gnutls_sset_datum(&session->connection_state. read_mac_secret, - state->cipher_specs. + session->cipher_specs. client_write_mac_secret.data, - state->cipher_specs. + session->cipher_specs. client_write_mac_secret.size); } @@ -568,31 +568,31 @@ int _gnutls_read_connection_state_init(GNUTLS_STATE state) break; case GNUTLS_CLIENT: - state->connection_state.read_cipher_state = - _gnutls_cipher_init(state->security_parameters. + session->connection_state.read_cipher_state = + _gnutls_cipher_init(session->security_parameters. read_bulk_cipher_algorithm, - state->cipher_specs. + session->cipher_specs. server_write_key, - state->cipher_specs. + session->cipher_specs. server_write_IV); - if (state->connection_state.read_cipher_state == + if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED - && state->security_parameters. + && session->security_parameters. read_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } - /* copy mac secret to connection state + /* copy mac secret to connection session */ if (mac_size > 0) { - gnutls_sset_datum(&state->connection_state. + gnutls_sset_datum(&session->connection_state. read_mac_secret, - state->cipher_specs. + session->cipher_specs. server_write_mac_secret.data, - state->cipher_specs. + session->cipher_specs. server_write_mac_secret.size); } @@ -603,11 +603,11 @@ int _gnutls_read_connection_state_init(GNUTLS_STATE state) return GNUTLS_E_UNKNOWN_ERROR; } - state->connection_state.read_compression_state = - _gnutls_comp_init(state->security_parameters. + session->connection_state.read_compression_state = + _gnutls_comp_init(session->security_parameters. read_compression_algorithm, 1); - if (state->connection_state.read_compression_state == + if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED) { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; @@ -618,113 +618,113 @@ int _gnutls_read_connection_state_init(GNUTLS_STATE state) -/* Initializes the write connection state +/* Initializes the write connection session * (write encrypted data) */ -int _gnutls_write_connection_state_init(GNUTLS_STATE state) +int _gnutls_write_connection_state_init(gnutls_session session) { int mac_size; int rc; - _gnutls_uint64zero(&state->connection_state.write_sequence_number); + _gnutls_uint64zero(&session->connection_state.write_sequence_number); /* Update internals from CipherSuite selected. - * If we are resuming just copy the connection state + * If we are resuming just copy the connection session */ - if (state->gnutls_internals.resumed == RESUME_FALSE) { - rc = _gnutls_set_write_cipher(state, + if (session->internals.resumed == RESUME_FALSE) { + rc = _gnutls_set_write_cipher(session, _gnutls_cipher_suite_get_cipher_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); if (rc < 0) return rc; - rc = _gnutls_set_write_mac(state, + rc = _gnutls_set_write_mac(session, _gnutls_cipher_suite_get_mac_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); if (rc < 0) return rc; - rc = _gnutls_set_kx(state, + rc = _gnutls_set_kx(session, _gnutls_cipher_suite_get_kx_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); if (rc < 0) return rc; - rc = _gnutls_set_write_compression(state, - state->gnutls_internals. + rc = _gnutls_set_write_compression(session, + session->internals. compression_method); if (rc < 0) return rc; } else { /* RESUME_TRUE */ - _gnutls_cpy_write_security_parameters(&state-> + _gnutls_cpy_write_security_parameters(&session-> security_parameters, - &state-> - gnutls_internals. + &session-> + internals. resumed_security_parameters); } - rc = _gnutls_set_write_keys(state); + rc = _gnutls_set_write_keys(session); if (rc < 0) return rc; _gnutls_handshake_log("HSK: Cipher Suite: %s\n", - _gnutls_cipher_suite_get_name(state-> + _gnutls_cipher_suite_get_name(session-> security_parameters. current_cipher_suite)); if (_gnutls_compression_is_ok - (state->security_parameters.write_compression_algorithm) != + (session->security_parameters.write_compression_algorithm) != 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } if (_gnutls_mac_is_ok - (state->security_parameters.write_mac_algorithm) != 0) { + (session->security_parameters.write_mac_algorithm) != 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } - /* Free all the previous keys/ states etc. + /* Free all the previous keys/ sessions etc. */ - if (state->connection_state.write_mac_secret.data != NULL) - gnutls_sfree_datum(&state->connection_state. + if (session->connection_state.write_mac_secret.data != NULL) + gnutls_sfree_datum(&session->connection_state. write_mac_secret); - if (state->connection_state.write_cipher_state != NULL) - _gnutls_cipher_deinit(state->connection_state. + if (session->connection_state.write_cipher_state != NULL) + _gnutls_cipher_deinit(session->connection_state. write_cipher_state); - if (state->connection_state.write_compression_state != NULL) - _gnutls_comp_deinit(state->connection_state. + if (session->connection_state.write_compression_state != NULL) + _gnutls_comp_deinit(session->connection_state. write_compression_state, 0); mac_size = - _gnutls_mac_get_digest_size(state->security_parameters. + _gnutls_mac_get_digest_size(session->security_parameters. write_mac_algorithm); _gnutls_handshake_log - ("HSK: Initializing internal [write] cipher states\n"); + ("HSK: Initializing internal [write] cipher sessions\n"); - switch (state->security_parameters.entity) { + switch (session->security_parameters.entity) { case GNUTLS_SERVER: - /* initialize cipher state + /* initialize cipher session */ - state->connection_state.write_cipher_state = - _gnutls_cipher_init(state->security_parameters. + session->connection_state.write_cipher_state = + _gnutls_cipher_init(session->security_parameters. write_bulk_cipher_algorithm, - state->cipher_specs. + session->cipher_specs. server_write_key, - state->cipher_specs. + session->cipher_specs. server_write_IV); - if (state->connection_state.write_cipher_state == + if (session->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED - && state->security_parameters. + && session->security_parameters. write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; @@ -732,14 +732,14 @@ int _gnutls_write_connection_state_init(GNUTLS_STATE state) /* copy mac secrets from cipherspecs, to connection - * state. + * session. */ if (mac_size > 0) { - gnutls_sset_datum(&state->connection_state. + gnutls_sset_datum(&session->connection_state. write_mac_secret, - state->cipher_specs. + session->cipher_specs. server_write_mac_secret.data, - state->cipher_specs. + session->cipher_specs. server_write_mac_secret.size); } @@ -748,30 +748,30 @@ int _gnutls_write_connection_state_init(GNUTLS_STATE state) break; case GNUTLS_CLIENT: - state->connection_state.write_cipher_state = - _gnutls_cipher_init(state->security_parameters. + session->connection_state.write_cipher_state = + _gnutls_cipher_init(session->security_parameters. write_bulk_cipher_algorithm, - state->cipher_specs. + session->cipher_specs. client_write_key, - state->cipher_specs. + session->cipher_specs. client_write_IV); - if (state->connection_state.write_cipher_state == + if (session->connection_state.write_cipher_state == GNUTLS_CIPHER_FAILED - && state->security_parameters. + && session->security_parameters. write_bulk_cipher_algorithm != GNUTLS_CIPHER_NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER; } - /* copy mac secret to connection state + /* copy mac secret to connection session */ if (mac_size > 0) { - gnutls_sset_datum(&state->connection_state. + gnutls_sset_datum(&session->connection_state. write_mac_secret, - state->cipher_specs. + session->cipher_specs. client_write_mac_secret.data, - state->cipher_specs. + session->cipher_specs. client_write_mac_secret.size); } @@ -783,11 +783,11 @@ int _gnutls_write_connection_state_init(GNUTLS_STATE state) } - state->connection_state.write_compression_state = - _gnutls_comp_init(state->security_parameters. + session->connection_state.write_compression_state = + _gnutls_comp_init(session->security_parameters. write_compression_algorithm, 0); - if (state->connection_state.write_compression_state == + if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED) { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; @@ -796,18 +796,18 @@ int _gnutls_write_connection_state_init(GNUTLS_STATE state) return 0; } -/* Sets the specified cipher into the pending state +/* Sets the specified cipher into the pending session */ -int _gnutls_set_read_cipher(GNUTLS_STATE state, BulkCipherAlgorithm algo) +int _gnutls_set_read_cipher(gnutls_session session, gnutls_cipher_algorithm algo) { if (_gnutls_cipher_is_ok(algo) == 0) { - if (_gnutls_cipher_priority(state, algo) < 0) { + if (_gnutls_cipher_priority(session, algo) < 0) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; } - state->security_parameters.read_bulk_cipher_algorithm = + session->security_parameters.read_bulk_cipher_algorithm = algo; } else { @@ -819,16 +819,16 @@ int _gnutls_set_read_cipher(GNUTLS_STATE state, BulkCipherAlgorithm algo) } -int _gnutls_set_write_cipher(GNUTLS_STATE state, BulkCipherAlgorithm algo) +int _gnutls_set_write_cipher(gnutls_session session, gnutls_cipher_algorithm algo) { if (_gnutls_cipher_is_ok(algo) == 0) { - if (_gnutls_cipher_priority(state, algo) < 0) { + if (_gnutls_cipher_priority(session, algo) < 0) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; } - state->security_parameters.write_bulk_cipher_algorithm = + session->security_parameters.write_bulk_cipher_algorithm = algo; } else { @@ -841,14 +841,14 @@ int _gnutls_set_write_cipher(GNUTLS_STATE state, BulkCipherAlgorithm algo) } -/* Sets the specified algorithm into pending compression state +/* Sets the specified algorithm into pending compression session */ -int _gnutls_set_read_compression(GNUTLS_STATE state, - CompressionMethod algo) +int _gnutls_set_read_compression(gnutls_session session, + gnutls_compression_method algo) { if (_gnutls_compression_is_ok(algo) == 0) { - state->security_parameters.read_compression_algorithm = + session->security_parameters.read_compression_algorithm = algo; } else { gnutls_assert(); @@ -858,12 +858,12 @@ int _gnutls_set_read_compression(GNUTLS_STATE state, } -int _gnutls_set_write_compression(GNUTLS_STATE state, - CompressionMethod algo) +int _gnutls_set_write_compression(gnutls_session session, + gnutls_compression_method algo) { if (_gnutls_compression_is_ok(algo) == 0) { - state->security_parameters.write_compression_algorithm = + session->security_parameters.write_compression_algorithm = algo; } else { gnutls_assert(); @@ -873,18 +873,18 @@ int _gnutls_set_write_compression(GNUTLS_STATE state, } -/* Sets the specified kx algorithm into pending state +/* Sets the specified kx algorithm into pending session */ -int _gnutls_set_kx(GNUTLS_STATE state, KXAlgorithm algo) +int _gnutls_set_kx(gnutls_session session, gnutls_kx_algorithm algo) { if (_gnutls_kx_is_ok(algo) == 0) { - state->security_parameters.kx_algorithm = algo; + session->security_parameters.kx_algorithm = algo; } else { gnutls_assert(); return GNUTLS_E_UNKNOWN_KX_ALGORITHM; } - if (_gnutls_kx_priority(state, algo) < 0) { + if (_gnutls_kx_priority(session, algo) < 0) { gnutls_assert(); /* we shouldn't get here */ return GNUTLS_E_UNWANTED_ALGORITHM; @@ -894,17 +894,17 @@ int _gnutls_set_kx(GNUTLS_STATE state, KXAlgorithm algo) } -/* Sets the specified mac algorithm into pending state */ -int _gnutls_set_read_mac(GNUTLS_STATE state, MACAlgorithm algo) +/* Sets the specified mac algorithm into pending session */ +int _gnutls_set_read_mac(gnutls_session session, gnutls_mac_algorithm algo) { if (_gnutls_mac_is_ok(algo) == 0) { - state->security_parameters.read_mac_algorithm = algo; + session->security_parameters.read_mac_algorithm = algo; } else { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } - if (_gnutls_mac_priority(state, algo) < 0) { + if (_gnutls_mac_priority(session, algo) < 0) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; } @@ -914,16 +914,16 @@ int _gnutls_set_read_mac(GNUTLS_STATE state, MACAlgorithm algo) } -int _gnutls_set_write_mac(GNUTLS_STATE state, MACAlgorithm algo) +int _gnutls_set_write_mac(gnutls_session session, gnutls_mac_algorithm algo) { if (_gnutls_mac_is_ok(algo) == 0) { - state->security_parameters.write_mac_algorithm = algo; + session->security_parameters.write_mac_algorithm = algo; } else { gnutls_assert(); return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; } - if (_gnutls_mac_priority(state, algo) < 0) { + if (_gnutls_mac_priority(session, algo) < 0) { gnutls_assert(); return GNUTLS_E_UNWANTED_ALGORITHM; } diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h index 4623b712e0..a78afcd4ef 100644 --- a/lib/gnutls_constate.h +++ b/lib/gnutls_constate.h @@ -1,10 +1,10 @@ -int _gnutls_connection_state_init(GNUTLS_STATE state); -int _gnutls_read_connection_state_init(GNUTLS_STATE state); -int _gnutls_write_connection_state_init(GNUTLS_STATE state); -int _gnutls_set_write_cipher( GNUTLS_STATE state, BulkCipherAlgorithm algo); -int _gnutls_set_write_mac( GNUTLS_STATE state, MACAlgorithm algo); -int _gnutls_set_read_cipher( GNUTLS_STATE state, BulkCipherAlgorithm algo); -int _gnutls_set_read_mac( GNUTLS_STATE state, MACAlgorithm algo); -int _gnutls_set_read_compression( GNUTLS_STATE state, CompressionMethod algo); -int _gnutls_set_write_compression( GNUTLS_STATE state, CompressionMethod algo); -int _gnutls_set_kx(GNUTLS_STATE state, KXAlgorithm algo); +int _gnutls_connection_state_init(gnutls_session session); +int _gnutls_read_connection_state_init(gnutls_session session); +int _gnutls_write_connection_state_init(gnutls_session session); +int _gnutls_set_write_cipher( gnutls_session session, gnutls_cipher_algorithm algo); +int _gnutls_set_write_mac( gnutls_session session, gnutls_mac_algorithm algo); +int _gnutls_set_read_cipher( gnutls_session session, gnutls_cipher_algorithm algo); +int _gnutls_set_read_mac( gnutls_session session, gnutls_mac_algorithm algo); +int _gnutls_set_read_compression( gnutls_session session, gnutls_compression_method algo); +int _gnutls_set_write_compression( gnutls_session session, gnutls_compression_method algo); +int _gnutls_set_kx(gnutls_session session, gnutls_kx_algorithm algo); diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 14e1238439..770d935e82 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -32,7 +32,7 @@ /** * gnutls_db_set_retrieve_function - Sets the function that will be used to get data - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @retr_func: is the function. * * Sets the function that will be used to retrieve data from the resumed @@ -45,13 +45,13 @@ * has been called. * **/ -void gnutls_db_set_retrieve_function( GNUTLS_STATE state, GNUTLS_DB_RETR_FUNC retr_func) { - state->gnutls_internals.db_retrieve_func = retr_func; +void gnutls_db_set_retrieve_function( gnutls_session session, gnutls_db_retr_func retr_func) { + session->internals.db_retrieve_func = retr_func; } /** * gnutls_db_set_remove_function - Sets the function that will be used to remove data - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @rem_func: is the function. * * Sets the function that will be used to remove data from the resumed @@ -63,13 +63,13 @@ void gnutls_db_set_retrieve_function( GNUTLS_STATE state, GNUTLS_DB_RETR_FUNC re * has been called. * **/ -void gnutls_db_set_remove_function( GNUTLS_STATE state, GNUTLS_DB_REMOVE_FUNC rem_func) { - state->gnutls_internals.db_remove_func = rem_func; +void gnutls_db_set_remove_function( gnutls_session session, gnutls_db_remove_func rem_func) { + session->internals.db_remove_func = rem_func; } /** * gnutls_db_set_store_function - Sets the function that will be used to put data - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @store_func: is the function * * Sets the function that will be used to store data from the resumed @@ -81,50 +81,50 @@ void gnutls_db_set_remove_function( GNUTLS_STATE state, GNUTLS_DB_REMOVE_FUNC re * has been called. * **/ -void gnutls_db_set_store_function( GNUTLS_STATE state, GNUTLS_DB_STORE_FUNC store_func) { - state->gnutls_internals.db_store_func = store_func; +void gnutls_db_set_store_function( gnutls_session session, gnutls_db_store_func store_func) { + session->internals.db_store_func = store_func; } /** * gnutls_db_set_ptr - Sets a pointer to be sent to db functions - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @ptr: is the pointer * * Sets the pointer that will be sent to db store, retrieve and delete functions, as * the first argument. Should only be called if not using the gdbm backend. * **/ -void gnutls_db_set_ptr( GNUTLS_STATE state, void* ptr) { - state->gnutls_internals.db_ptr = ptr; +void gnutls_db_set_ptr( gnutls_session session, void* ptr) { + session->internals.db_ptr = ptr; } /** * gnutls_db_get_ptr - Returns the pointer which is sent to db functions - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the pointer that will be sent to db store, retrieve and delete functions, as * the first argument. Should only be used if not using the default (gdbm) backend. * **/ -void* gnutls_db_get_ptr( GNUTLS_STATE state) { - return state->gnutls_internals.db_ptr; +void* gnutls_db_get_ptr( gnutls_session session) { + return session->internals.db_ptr; } /** * gnutls_db_set_cache_expiration - Sets the expiration time for resumed sessions. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @seconds: is the number of seconds. * * Sets the expiration time for resumed sessions. The default is 3600 (one hour) * at the time writing this. **/ -void gnutls_db_set_cache_expiration( GNUTLS_STATE state, int seconds) { - state->gnutls_internals.expire_time = seconds; +void gnutls_db_set_cache_expiration( gnutls_session session, int seconds) { + session->internals.expire_time = seconds; } /** * gnutls_db_check_entry - checks if the given db entry has expired - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @session_entry: is the session data (not key) * * This function returns GNUTLS_E_EXPIRED, if the database entry @@ -133,13 +133,13 @@ void gnutls_db_set_cache_expiration( GNUTLS_STATE state, int seconds) { * backend. * **/ -int gnutls_db_check_entry( GNUTLS_STATE state, gnutls_datum session_entry) { +int gnutls_db_check_entry( gnutls_session session, gnutls_datum session_entry) { time_t timestamp; timestamp = time(0); if (session_entry.data != NULL) - if ( timestamp - ((SecurityParameters*)(session_entry.data))->timestamp <= state->gnutls_internals.expire_time || ((SecurityParameters*)(session_entry.data))->timestamp > timestamp|| ((SecurityParameters*)(session_entry.data))->timestamp == 0) + if ( timestamp - ((SecurityParameters*)(session_entry.data))->timestamp <= session->internals.expire_time || ((SecurityParameters*)(session_entry.data))->timestamp > timestamp|| ((SecurityParameters*)(session_entry.data))->timestamp == 0) return GNUTLS_E_EXPIRED; return 0; @@ -148,24 +148,24 @@ time_t timestamp; /* The format of storing data is: * (forget it). Check gnutls_session_pack.c */ -int _gnutls_server_register_current_session( GNUTLS_STATE state) +int _gnutls_server_register_current_session( gnutls_session session) { -gnutls_datum key = { state->security_parameters.session_id, state->security_parameters.session_id_size }; +gnutls_datum key = { session->security_parameters.session_id, session->security_parameters.session_id_size }; gnutls_datum content; int ret = 0; - if (state->gnutls_internals.resumable==RESUME_FALSE) { + if (session->internals.resumable==RESUME_FALSE) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } - if (state->security_parameters.session_id==NULL || state->security_parameters.session_id_size==0) { + if (session->security_parameters.session_id==NULL || session->security_parameters.session_id_size==0) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } /* allocate space for data */ - content.size = _gnutls_session_size( state); + content.size = _gnutls_session_size( session); if (content.size < 0) { gnutls_assert(); return content.size; @@ -178,14 +178,14 @@ int ret = 0; } /* copy data */ - ret = _gnutls_session_pack( state, &content); + ret = _gnutls_session_pack( session, &content); if (ret < 0) { gnutls_free( content.data); gnutls_assert(); return ret; } - ret = _gnutls_store_session( state, key, content); + ret = _gnutls_store_session( session, key, content); gnutls_free( content.data); @@ -195,26 +195,26 @@ int ret = 0; /* Checks if both db_store and db_retrieve functions have * been set up. */ -static int _gnutls_db_func_is_ok( GNUTLS_STATE state) { - if (state->gnutls_internals.db_store_func!=NULL && - state->gnutls_internals.db_retrieve_func!=NULL && - state->gnutls_internals.db_remove_func!=NULL) return 0; +static int _gnutls_db_func_is_ok( gnutls_session session) { + if (session->internals.db_store_func!=NULL && + session->internals.db_retrieve_func!=NULL && + session->internals.db_remove_func!=NULL) return 0; else return GNUTLS_E_DB_ERROR; } -int _gnutls_server_restore_session( GNUTLS_STATE state, uint8* session_id, int session_id_size) +int _gnutls_server_restore_session( gnutls_session session, uint8* session_id, int session_id_size) { gnutls_datum data; gnutls_datum key = { session_id, session_id_size }; int ret; - if (_gnutls_db_func_is_ok(state)!=0) { + if (_gnutls_db_func_is_ok(session)!=0) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } - data = _gnutls_retrieve_session( state, key); + data = _gnutls_retrieve_session( session, key); if (data.data==NULL) { gnutls_assert(); @@ -222,7 +222,7 @@ int ret; } /* expiration check is performed inside */ - ret = gnutls_session_set_data( state, data.data, data.size); + ret = gnutls_session_set_data( session, data.data, data.size); if (ret < 0) { gnutls_assert(); } @@ -234,26 +234,26 @@ int ret; return 0; } -int _gnutls_db_remove_session( GNUTLS_STATE state, uint8* session_id, int session_id_size) +int _gnutls_db_remove_session( gnutls_session session, uint8* session_id, int session_id_size) { gnutls_datum key = { session_id, session_id_size }; - return _gnutls_remove_session( state, key); + return _gnutls_remove_session( session, key); } /* Stores session data to the db backend. */ -int _gnutls_store_session( GNUTLS_STATE state, gnutls_datum session_id, gnutls_datum session_data) +int _gnutls_store_session( gnutls_session session, gnutls_datum session_id, gnutls_datum session_data) { int ret = 0; - if (state->gnutls_internals.resumable==RESUME_FALSE) { + if (session->internals.resumable==RESUME_FALSE) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } - if (_gnutls_db_func_is_ok(state)!=0) { + if (_gnutls_db_func_is_ok(session)!=0) { return GNUTLS_E_DB_ERROR; } @@ -268,8 +268,8 @@ int ret = 0; } /* if we can't read why bother writing? */ - if (state->gnutls_internals.db_store_func!=NULL) - ret = state->gnutls_internals.db_store_func( state->gnutls_internals.db_ptr, session_id, session_data); + if (session->internals.db_store_func!=NULL) + ret = session->internals.db_store_func( session->internals.db_ptr, session_id, session_data); return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); @@ -277,7 +277,7 @@ int ret = 0; /* Retrieves session data from the db backend. */ -gnutls_datum _gnutls_retrieve_session( GNUTLS_STATE state, gnutls_datum session_id) +gnutls_datum _gnutls_retrieve_session( gnutls_session session, gnutls_datum session_id) { gnutls_datum ret = { NULL, 0 }; @@ -286,8 +286,8 @@ gnutls_datum ret = { NULL, 0 }; return ret; } - if (state->gnutls_internals.db_retrieve_func!=NULL) - ret = state->gnutls_internals.db_retrieve_func( state->gnutls_internals.db_ptr, session_id); + if (session->internals.db_retrieve_func!=NULL) + ret = session->internals.db_retrieve_func( session->internals.db_ptr, session_id); return ret; @@ -295,11 +295,11 @@ gnutls_datum ret = { NULL, 0 }; /* Removes session data from the db backend. */ -int _gnutls_remove_session( GNUTLS_STATE state, gnutls_datum session_id) +int _gnutls_remove_session( gnutls_session session, gnutls_datum session_id) { int ret = 0; - if (_gnutls_db_func_is_ok(state)!=0) { + if (_gnutls_db_func_is_ok(session)!=0) { return GNUTLS_E_DB_ERROR; } @@ -307,8 +307,8 @@ int ret = 0; return GNUTLS_E_INVALID_SESSION; /* if we can't read why bother writing? */ - if (state->gnutls_internals.db_remove_func!=NULL) - ret = state->gnutls_internals.db_remove_func( state->gnutls_internals.db_ptr, session_id); + if (session->internals.db_remove_func!=NULL) + ret = session->internals.db_remove_func( session->internals.db_ptr, session_id); return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); @@ -317,7 +317,7 @@ int ret = 0; /** * gnutls_db_remove_session - This function will remove the current session data from the database - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * This function will remove the current session data from the session * database. This will prevent future handshakes reusing these session @@ -327,9 +327,9 @@ int ret = 0; * Normally gnutls_deinit() will remove abnormally terminated sessions. * **/ -void gnutls_db_remove_session(GNUTLS_STATE state) { +void gnutls_db_remove_session(gnutls_session session) { /* if the session has failed abnormally it has * to be removed from the db */ - _gnutls_db_remove_session( state, state->security_parameters.session_id, state->security_parameters.session_id_size); + _gnutls_db_remove_session( session, session->security_parameters.session_id, session->security_parameters.session_id_size); } diff --git a/lib/gnutls_db.h b/lib/gnutls_db.h index 7b5269f53b..a5cac00bd9 100644 --- a/lib/gnutls_db.h +++ b/lib/gnutls_db.h @@ -18,13 +18,13 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -void gnutls_set_cache_expiration( GNUTLS_STATE state, int seconds); -int gnutls_db_set_name( GNUTLS_STATE state, const char* filename); -int _gnutls_server_register_current_session( GNUTLS_STATE state); -int _gnutls_server_restore_session( GNUTLS_STATE state, uint8* session_id, int session_id_size); -int gnutls_db_clean( GNUTLS_STATE state); -int _gnutls_db_remove_session( GNUTLS_STATE state, uint8* session_id, int session_id_size); -void gnutls_db_remove_session(GNUTLS_STATE state); -int _gnutls_store_session( GNUTLS_STATE state, gnutls_datum session_id, gnutls_datum session_data); -gnutls_datum _gnutls_retrieve_session( GNUTLS_STATE state, gnutls_datum session_id); -int _gnutls_remove_session( GNUTLS_STATE state, gnutls_datum session_id); +void gnutls_set_cache_expiration( gnutls_session session, int seconds); +int gnutls_db_set_name( gnutls_session session, const char* filename); +int _gnutls_server_register_current_session( gnutls_session session); +int _gnutls_server_restore_session( gnutls_session session, uint8* session_id, int session_id_size); +int gnutls_db_clean( gnutls_session session); +int _gnutls_db_remove_session( gnutls_session session, uint8* session_id, int session_id_size); +void gnutls_db_remove_session(gnutls_session session); +int _gnutls_store_session( gnutls_session session, gnutls_datum session_id, gnutls_datum session_data); +gnutls_datum _gnutls_retrieve_session( gnutls_session session, gnutls_datum session_id); +int _gnutls_remove_session( gnutls_session session, gnutls_datum session_id); diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index b98d1ddee9..aff0144ace 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -18,7 +18,7 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -MPI gnutls_get_dh_params(GNUTLS_DH_PARAMS, MPI *ret_p, int bits); +MPI gnutls_get_dh_params(gnutls_dh_params, MPI *ret_p, int bits); MPI gnutls_calc_dh_secret( MPI *ret_x, MPI g, MPI prime ); MPI gnutls_calc_dh_key( MPI f, MPI x, MPI prime ); int _gnutls_dh_generate_prime(MPI *ret_g, MPI* ret_n, int bits); @@ -26,4 +26,4 @@ void _gnutls_dh_clear_mpis(void); int _gnutls_dh_calc_mpis(void); MPI _gnutls_get_rnd_srp_params( MPI * ret_p, int bits); -extern _GNUTLS_DH_PARAMS _gnutls_dh_default_params; +extern _gnutls_dh_params _gnutls_dh_default_params; diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 1aa0349ef0..292639b231 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -232,7 +232,7 @@ static uint8 diffie_hellman_prime_2048[] = { 0x00, /* Holds the prime to be used in DH authentication. * Initialy the GNUTLS_MPIs are not calculated (must call global_init, or _gnutls_dh_calc_mpis()). */ -_GNUTLS_DH_PARAMS _gnutls_dh_default_params[] = { +_gnutls_dh_params _gnutls_dh_default_params[] = { {768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)} , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024} , 0} @@ -259,7 +259,7 @@ _GNUTLS_DH_PARAMS _gnutls_dh_default_params[] = { }; const -static _GNUTLS_DH_PARAMS _gnutls_dh_copy_params[] = { +static _gnutls_dh_params _gnutls_dh_copy_params[] = { {768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)} , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024} , 0} @@ -381,7 +381,7 @@ int _gnutls_dh_calc_mpis(void) /* returns g and p, depends on the requested bits. * We only support limited key sizes. */ -GNUTLS_MPI gnutls_get_dh_params(GNUTLS_DH_PARAMS dh_primes, +GNUTLS_MPI gnutls_get_dh_params(gnutls_dh_params dh_primes, GNUTLS_MPI * ret_p, int bits) { GNUTLS_MPI g = NULL, prime = NULL; @@ -533,12 +533,12 @@ static int check_bits(int bits) * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. * **/ -int gnutls_dh_params_set(GNUTLS_DH_PARAMS dh_params, gnutls_datum prime, +int gnutls_dh_params_set(gnutls_dh_params dh_params, gnutls_datum prime, gnutls_datum generator, int bits) { GNUTLS_MPI tmp_prime, tmp_g; int i = 0; - GNUTLS_DH_PARAMS sprime=NULL; + gnutls_dh_params sprime=NULL; size_t siz = 0; if (check_bits(bits) < 0) { @@ -606,7 +606,7 @@ int gnutls_dh_params_set(GNUTLS_DH_PARAMS dh_params, gnutls_datum prime, * This function will initialize the DH parameters structure. * **/ -int gnutls_dh_params_init(GNUTLS_DH_PARAMS * dh_params) +int gnutls_dh_params_init(gnutls_dh_params * dh_params) { (*dh_params) = gnutls_calloc(1, sizeof(_gnutls_dh_copy_params)); @@ -629,7 +629,7 @@ int gnutls_dh_params_init(GNUTLS_DH_PARAMS * dh_params) * This function will deinitialize the DH parameters structure. * **/ -void gnutls_dh_params_deinit(GNUTLS_DH_PARAMS dh_params) +void gnutls_dh_params_deinit(gnutls_dh_params dh_params) { int i; if (dh_params == NULL) diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index d95abb6e5b..a05902fb47 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -83,11 +83,11 @@ const char *_gnutls_extension_get_name(uint16 type) /* Checks if the extension we just received is one of the * requested ones. Otherwise it's a fatal error. */ -static int _gnutls_extension_list_check( GNUTLS_STATE state, uint8 type) { +static int _gnutls_extension_list_check( gnutls_session session, uint8 type) { int i; - if (state->security_parameters.entity==GNUTLS_CLIENT) { - for(i=0;ignutls_internals.extensions_sent_size;i++) { - if (type==state->gnutls_internals.extensions_sent[i]) + if (session->security_parameters.entity==GNUTLS_CLIENT) { + for(i=0;iinternals.extensions_sent_size;i++) { + if (type==session->internals.extensions_sent[i]) return 0; /* ok found */ } return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION; @@ -96,20 +96,20 @@ int i; return 0; } -int _gnutls_parse_extensions( GNUTLS_STATE state, const opaque* data, int data_size) { +int _gnutls_parse_extensions( gnutls_session session, const opaque* data, int data_size) { int next, ret; int pos=0; uint16 type; const opaque* sdata; -int (*ext_func_recv)( GNUTLS_STATE, const opaque*, int); +int (*ext_func_recv)( gnutls_session, const opaque*, int); uint16 size; #ifdef DEBUG int i; - if (state->security_parameters.entity==GNUTLS_CLIENT) - for (i=0;ignutls_internals.extensions_sent_size;i++) { - _gnutls_log("EXT: expecting extension %d\n", state->gnutls_internals.extensions_sent[i]); + if (session->security_parameters.entity==GNUTLS_CLIENT) + for (i=0;iinternals.extensions_sent_size;i++) { + _gnutls_log("EXT: expecting extension %d\n", session->internals.extensions_sent[i]); } #endif @@ -124,7 +124,7 @@ int i; type = _gnutls_read_uint16( &data[pos]); pos+=2; - if ( (ret=_gnutls_extension_list_check( state, type)) < 0) { + if ( (ret=_gnutls_extension_list_check( session, type)) < 0) { gnutls_assert(); return ret; } @@ -139,7 +139,7 @@ int i; ext_func_recv = _gnutls_ext_func_recv(type); if (ext_func_recv == NULL) continue; - if ( (ret=ext_func_recv( state, sdata, size)) < 0) { + if ( (ret=ext_func_recv( session, sdata, size)) < 0) { gnutls_assert(); return ret; } @@ -154,14 +154,14 @@ int i; * This list is used to check whether the (later) received * extensions are the ones we requested. */ -static void _gnutls_extension_list_add( GNUTLS_STATE state, uint8 type) { +static void _gnutls_extension_list_add( gnutls_session session, uint8 type) { - if (state->security_parameters.entity==GNUTLS_CLIENT) { - if (state->gnutls_internals.extensions_sent_size < - sizeof(state->gnutls_internals.extensions_sent)) { + if (session->security_parameters.entity==GNUTLS_CLIENT) { + if (session->internals.extensions_sent_size < + sizeof(session->internals.extensions_sent)) { - state->gnutls_internals.extensions_sent[state->gnutls_internals.extensions_sent_size] = type; - state->gnutls_internals.extensions_sent_size++; + session->internals.extensions_sent[session->internals.extensions_sent_size] = type; + session->internals.extensions_sent_size++; } else { #ifdef DEBUG _gnutls_log("EXT: Increase MAX_EXT_TYPES\n"); @@ -172,12 +172,12 @@ static void _gnutls_extension_list_add( GNUTLS_STATE state, uint8 type) { return; } -int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data) { +int _gnutls_gen_extensions( gnutls_session session, opaque** data) { int next, size; uint16 pos=0; opaque sdata[1024]; int sdata_size = sizeof(sdata); -int (*ext_func_send)( GNUTLS_STATE, opaque*, int); +int (*ext_func_send)( gnutls_session, opaque*, int); (*data) = gnutls_malloc(2); /* allocate size for size */ @@ -193,7 +193,7 @@ int (*ext_func_send)( GNUTLS_STATE, opaque*, int); next--; ext_func_send = _gnutls_ext_func_send(next); if (ext_func_send == NULL) continue; - size = ext_func_send( state, sdata, sdata_size); + size = ext_func_send( session, sdata, sdata_size); if (size > 0) { (*data) = gnutls_realloc( (*data), pos+size+4); @@ -215,7 +215,7 @@ int (*ext_func_send)( GNUTLS_STATE, opaque*, int); /* add this extension to the extension list */ - _gnutls_extension_list_add( state, next); + _gnutls_extension_list_add( session, next); } } while(next >= 0); diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h index 9c9fd5a23f..16ab105a20 100644 --- a/lib/gnutls_extensions.h +++ b/lib/gnutls_extensions.h @@ -23,12 +23,12 @@ void* _gnutls_ext_func_send(uint16 type); void* _gnutls_ext_func_recv(uint16 type); const char *_gnutls_extension_get_name(uint16 type); -int _gnutls_parse_extensions( GNUTLS_STATE, const opaque*, int); -int _gnutls_gen_extensions( GNUTLS_STATE state, opaque** data); +int _gnutls_parse_extensions( gnutls_session, const opaque*, int); +int _gnutls_gen_extensions( gnutls_session session, opaque** data); typedef struct { const char *name; uint16 type; - int (*gnutls_ext_func_recv)( GNUTLS_STATE, const opaque*, int); /* recv data */ - int (*gnutls_ext_func_send)( GNUTLS_STATE, opaque*, int); /* send data */ + int (*gnutls_ext_func_recv)( gnutls_session, const opaque*, int); /* recv data */ + int (*gnutls_ext_func_send)( gnutls_session, opaque*, int); /* send data */ } gnutls_extension_entry; diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index 69cebc0735..aac129ea90 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -126,11 +126,11 @@ void gnutls_global_set_mem_functions( static int _gnutls_init = 0; /** - * gnutls_global_init - This function initializes the global state to defaults. + * gnutls_global_init - This function initializes the global session to defaults. * - * This function initializes the global state to defaults. - * Every gnutls application has a global state which holds common parameters - * shared by gnutls state structures. + * This function initializes the global session to defaults. + * Every gnutls application has a global session which holds common parameters + * shared by gnutls session structures. * You must call gnutls_global_deinit() when gnutls usage is no longer needed * Returns zero on success. * @@ -191,9 +191,9 @@ int gnutls_global_init( void) } /** - * gnutls_global_deinit - This function deinitializes the global state + * gnutls_global_deinit - This function deinitializes the global session * - * This function deinitializes the global state. + * This function deinitializes the global session. * **/ @@ -218,7 +218,7 @@ void gnutls_global_deinit( void) { /** * gnutls_transport_set_pull_function - This function sets a read like function * @pull_func: it's a function like read - * @state: gnutls state + * @session: gnutls session * * This is the function where you set a function for gnutls * to receive data. Normaly, if you use berkeley style sockets, @@ -226,16 +226,16 @@ void gnutls_global_deinit( void) { * probably be ok. * This function should be called once and after gnutls_global_init(). * PULL_FUNC is of the form, - * ssize_t (*GNUTLS_PULL_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t); + * ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, const void*, size_t); **/ -void gnutls_transport_set_pull_function( GNUTLS_STATE state, GNUTLS_PULL_FUNC pull_func) { - state->gnutls_internals._gnutls_pull_func = pull_func; +void gnutls_transport_set_pull_function( gnutls_session session, gnutls_pull_func pull_func) { + session->internals._gnutls_pull_func = pull_func; } /** * gnutls_transport_set_push_function - This function sets the function to send data * @push_func: it's a function like write - * @state: gnutls state + * @session: gnutls session * * This is the function where you set a push function for gnutls * to use in order to send data. If you are going to use berkeley style @@ -245,10 +245,10 @@ void gnutls_transport_set_pull_function( GNUTLS_STATE state, GNUTLS_PULL_FUNC pu * * This function should be called once and after gnutls_global_init(). * PUSH_FUNC is of the form, - * ssize_t (*GNUTLS_PUSH_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t); + * ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t); **/ -void gnutls_transport_set_push_function( GNUTLS_STATE state, GNUTLS_PUSH_FUNC push_func) { - state->gnutls_internals._gnutls_push_func = push_func; +void gnutls_transport_set_push_function( gnutls_session session, gnutls_push_func push_func) { + session->internals._gnutls_push_func = push_func; } diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 56257d5fe2..122479546f 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -55,75 +55,75 @@ #define TRUE 1 #define FALSE 0 -int _gnutls_server_select_comp_method(GNUTLS_STATE state, +int _gnutls_server_select_comp_method(gnutls_session session, opaque * data, int datalen); /* Clears the handshake hash buffers and handles. */ inline static -void _gnutls_handshake_hash_buffers_clear( GNUTLS_STATE state) { - _gnutls_hash_deinit( state->gnutls_internals.handshake_mac_handle_md5, NULL); - _gnutls_hash_deinit( state->gnutls_internals.handshake_mac_handle_sha, NULL); - state->gnutls_internals.handshake_mac_handle_md5 = NULL; - state->gnutls_internals.handshake_mac_handle_sha = NULL; - _gnutls_handshake_buffer_clear( state); +void _gnutls_handshake_hash_buffers_clear( gnutls_session session) { + _gnutls_hash_deinit( session->internals.handshake_mac_handle_md5, NULL); + _gnutls_hash_deinit( session->internals.handshake_mac_handle_sha, NULL); + session->internals.handshake_mac_handle_md5 = NULL; + session->internals.handshake_mac_handle_sha = NULL; + _gnutls_handshake_buffer_clear( session); } /* this will copy the required values for resuming to - * gnutls_internals, and to security_parameters. + * internals, and to security_parameters. * this will keep as less data to security_parameters. */ -static void resume_copy_required_values(GNUTLS_STATE state) +static void resume_copy_required_values(gnutls_session session) { /* get the new random values */ - memcpy(state->gnutls_internals.resumed_security_parameters. + memcpy(session->internals.resumed_security_parameters. server_random, - state->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy(state->gnutls_internals.resumed_security_parameters. + session->security_parameters.server_random, TLS_RANDOM_SIZE); + memcpy(session->internals.resumed_security_parameters. client_random, - state->security_parameters.client_random, TLS_RANDOM_SIZE); + session->security_parameters.client_random, TLS_RANDOM_SIZE); /* keep the ciphersuite and compression * That is because the client must see these in our * hello message. */ - memcpy(state->security_parameters.current_cipher_suite. + memcpy(session->security_parameters.current_cipher_suite. CipherSuite, - state->gnutls_internals.resumed_security_parameters. + session->internals.resumed_security_parameters. current_cipher_suite.CipherSuite, 2); - state->gnutls_internals.compression_method = state->gnutls_internals.resumed_security_parameters.read_compression_algorithm; /* or write_compression_algorithm + session->internals.compression_method = session->internals.resumed_security_parameters.read_compression_algorithm; /* or write_compression_algorithm * they are the same */ - state->security_parameters.entity = - state->gnutls_internals.resumed_security_parameters.entity; + session->security_parameters.entity = + session->internals.resumed_security_parameters.entity; - _gnutls_set_current_version( state, state->gnutls_internals.resumed_security_parameters.version); + _gnutls_set_current_version( session, session->internals.resumed_security_parameters.version); - state->security_parameters.cert_type = - state->gnutls_internals.resumed_security_parameters.cert_type; + session->security_parameters.cert_type = + session->internals.resumed_security_parameters.cert_type; - memcpy(state->security_parameters.session_id, - state->gnutls_internals.resumed_security_parameters. - session_id, sizeof(state->security_parameters.session_id)); - state->security_parameters.session_id_size = - state->gnutls_internals.resumed_security_parameters. + memcpy(session->security_parameters.session_id, + session->internals.resumed_security_parameters. + session_id, sizeof(session->security_parameters.session_id)); + session->security_parameters.session_id_size = + session->internals.resumed_security_parameters. session_id_size; return; } -void _gnutls_set_server_random(GNUTLS_STATE state, uint8 * random) +void _gnutls_set_server_random(gnutls_session session, uint8 * random) { - memcpy(state->security_parameters.server_random, random, + memcpy(session->security_parameters.server_random, random, TLS_RANDOM_SIZE); } -void _gnutls_set_client_random(GNUTLS_STATE state, uint8 * random) +void _gnutls_set_client_random(gnutls_session session, uint8 * random) { - memcpy(state->security_parameters.client_random, random, + memcpy(session->security_parameters.client_random, random, TLS_RANDOM_SIZE); } @@ -132,20 +132,20 @@ void _gnutls_set_client_random(GNUTLS_STATE state, uint8 * random) #define SSL3_CLIENT_MSG "CLNT" #define SSL3_SERVER_MSG "SRVR" #define SSL_MSG_LEN 4 -static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, opaque * ret) +static int _gnutls_ssl3_finished(gnutls_session session, int type, opaque * ret) { const int siz = SSL_MSG_LEN; GNUTLS_MAC_HANDLE td_md5; GNUTLS_MAC_HANDLE td_sha; const opaque *mesg; - td_md5 = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_md5); + td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5); if (td_md5 == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; } - td_sha = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_sha); + td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha); if (td_sha == NULL) { gnutls_assert(); _gnutls_hash_deinit( td_md5, NULL); @@ -161,8 +161,8 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, opaque * ret) _gnutls_hash(td_md5, mesg, siz); _gnutls_hash(td_sha, mesg, siz); - _gnutls_mac_deinit_ssl3_handshake(td_md5, ret, state->security_parameters.master_secret, TLS_MASTER_SIZE); - _gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16], state->security_parameters.master_secret, TLS_MASTER_SIZE); + _gnutls_mac_deinit_ssl3_handshake(td_md5, ret, session->security_parameters.master_secret, TLS_MASTER_SIZE); + _gnutls_mac_deinit_ssl3_handshake(td_sha, &ret[16], session->security_parameters.master_secret, TLS_MASTER_SIZE); return 0; } @@ -172,7 +172,7 @@ static int _gnutls_ssl3_finished(GNUTLS_STATE state, int type, opaque * ret) #define SERVER_MSG "server finished" #define CLIENT_MSG "client finished" #define TLS_MSG_LEN 15 -int _gnutls_finished(GNUTLS_STATE state, int type, void *ret) +int _gnutls_finished(gnutls_session session, int type, void *ret) { const int siz = TLS_MSG_LEN; opaque concat[36]; @@ -181,13 +181,13 @@ int _gnutls_finished(GNUTLS_STATE state, int type, void *ret) GNUTLS_MAC_HANDLE td_sha; - td_md5 = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_md5); + td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5); if (td_md5 == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; } - td_sha = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_sha); + td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha); if (td_sha == NULL) { gnutls_assert(); _gnutls_hash_deinit( td_md5, NULL); @@ -204,7 +204,7 @@ int _gnutls_finished(GNUTLS_STATE state, int type, void *ret) mesg = CLIENT_MSG; } - return _gnutls_PRF(state->security_parameters.master_secret, + return _gnutls_PRF(session->security_parameters.master_secret, TLS_MASTER_SIZE, mesg, siz, concat, 36, 12, ret); } @@ -237,35 +237,35 @@ int _gnutls_create_random(opaque * dst) * or version 2.0 client hello (only for compatibility * since SSL version 2.0 is not supported). */ -int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, +int _gnutls_read_client_hello(gnutls_session session, opaque * data, int datalen) { uint8 session_id_len = 0, z; int pos = 0; int ret = 0; uint16 sizeOfSuites; - GNUTLS_Version version; + gnutls_protocol_version version; int len = datalen; opaque random[TLS_RANDOM_SIZE], *suite_ptr; - GNUTLS_Version ver; + gnutls_protocol_version ver; - if (state->gnutls_internals.v2_hello != 0) { /* version 2.0 */ - return _gnutls_read_client_hello_v2(state, data, datalen); + if (session->internals.v2_hello != 0) { /* version 2.0 */ + return _gnutls_read_client_hello_v2(session, data, datalen); } DECR_LEN(len, 2); _gnutls_handshake_log("HSK: Client's version: %d.%d\n", data[pos], data[pos + 1]); version = _gnutls_version_get(data[pos], data[pos + 1]); - set_adv_version(state, data[pos], data[pos + 1]); + set_adv_version(session, data[pos], data[pos + 1]); pos += 2; /* if we do not support that version */ - if (_gnutls_version_is_supported(state, version) == 0) { + if (_gnutls_version_is_supported(session, version) == 0) { /* If he requested something we do not support * then we send him the lowest we support. */ - ver = _gnutls_version_lowest(state); + ver = _gnutls_version_lowest(session); } else { ver = version; } @@ -277,18 +277,18 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, gnutls_assert(); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } - _gnutls_set_current_version(state, ver); + _gnutls_set_current_version(session, ver); /* Read client random value. */ DECR_LEN(len, TLS_RANDOM_SIZE); - _gnutls_set_client_random(state, &data[pos]); + _gnutls_set_client_random(session, &data[pos]); pos += TLS_RANDOM_SIZE; _gnutls_create_random(random); - _gnutls_set_server_random(state, random); + _gnutls_set_server_random(session, random); - state->security_parameters.timestamp = time(NULL); + session->security_parameters.timestamp = time(NULL); DECR_LEN(len, 1); session_id_len = data[pos++]; @@ -300,20 +300,20 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } DECR_LEN(len, session_id_len); - ret = _gnutls_server_restore_session(state, &data[pos], session_id_len); + ret = _gnutls_server_restore_session(session, &data[pos], session_id_len); pos += session_id_len; if (ret == 0) { /* resumed! */ - resume_copy_required_values(state); - state->gnutls_internals.resumed = RESUME_TRUE; + resume_copy_required_values(session); + session->internals.resumed = RESUME_TRUE; return 0; } else { - _gnutls_generate_session_id(state->security_parameters. + _gnutls_generate_session_id(session->security_parameters. session_id, - &state->security_parameters. + &session->security_parameters. session_id_size); - state->gnutls_internals.resumed = RESUME_FALSE; + session->internals.resumed = RESUME_FALSE; } /* Select a ciphersuite @@ -332,7 +332,7 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, z = data[pos++]; /* z is the number of compression methods */ DECR_LEN(len, z); - ret = _gnutls_server_select_comp_method(state, &data[pos], z); + ret = _gnutls_server_select_comp_method(session, &data[pos], z); pos += z; if (ret < 0) { @@ -343,7 +343,7 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, /* Parse the extensions (if any) */ if (ver >= GNUTLS_TLS1) { - ret = _gnutls_parse_extensions(state, &data[pos], len); /* len is the rest of the parsed length */ + ret = _gnutls_parse_extensions(session, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert(); return ret; @@ -352,7 +352,7 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, /* select an appropriate cipher suite */ - ret = _gnutls_server_select_suite(state, suite_ptr, sizeOfSuites); + ret = _gnutls_server_select_suite(session, suite_ptr, sizeOfSuites); if (ret < 0) { gnutls_assert(); return ret; @@ -364,29 +364,29 @@ int _gnutls_read_client_hello(GNUTLS_STATE state, opaque * data, /* here we hash all pending data. */ inline static int -_gnutls_handshake_hash_pending( GNUTLS_STATE state) { +_gnutls_handshake_hash_pending( gnutls_session session) { int siz, ret; char * data; - if (state->gnutls_internals.handshake_mac_handle_sha==NULL || - state->gnutls_internals.handshake_mac_handle_md5==NULL) { + if (session->internals.handshake_mac_handle_sha==NULL || + session->internals.handshake_mac_handle_md5==NULL) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; } /* We check if there are pending data to hash. */ - if ((ret=_gnutls_handshake_buffer_get_ptr(state, &data, &siz)) < 0) { + if ((ret=_gnutls_handshake_buffer_get_ptr(session, &data, &siz)) < 0) { gnutls_assert(); return ret; } if (siz > 0) { - _gnutls_hash( state->gnutls_internals.handshake_mac_handle_sha, data, siz); - _gnutls_hash( state->gnutls_internals.handshake_mac_handle_md5, data, siz); + _gnutls_hash( session->internals.handshake_mac_handle_sha, data, siz); + _gnutls_hash( session->internals.handshake_mac_handle_md5, data, siz); } - _gnutls_handshake_buffer_empty( state); + _gnutls_handshake_buffer_empty( session); return 0; } @@ -396,7 +396,7 @@ char * data; * and initializing encryption. This is the first encrypted message * we send. */ -int _gnutls_send_finished(GNUTLS_STATE state, int again) +int _gnutls_send_finished(gnutls_session session, int again) { uint8 data[36]; int ret=0; @@ -408,22 +408,22 @@ int _gnutls_send_finished(GNUTLS_STATE state, int again) /* This needed in order to hash all the required * messages. */ - if ((ret=_gnutls_handshake_hash_pending(state)) < 0) { + if ((ret=_gnutls_handshake_hash_pending(session)) < 0) { gnutls_assert(); return ret; } - if (gnutls_protocol_get_version( state) == GNUTLS_SSL3) { + if (gnutls_protocol_get_version( session) == GNUTLS_SSL3) { ret = - _gnutls_ssl3_finished(state, - state-> + _gnutls_ssl3_finished(session, + session-> security_parameters. entity, data); data_size = 36; } else { /* TLS 1.0 */ ret = - _gnutls_finished(state, - state->security_parameters. + _gnutls_finished(session, + session->security_parameters. entity, data); data_size = 12; } @@ -435,7 +435,7 @@ int _gnutls_send_finished(GNUTLS_STATE state, int again) } ret = - _gnutls_send_handshake(state, data, data_size, + _gnutls_send_handshake(session, data, data_size, GNUTLS_FINISHED); return ret; @@ -444,7 +444,7 @@ int _gnutls_send_finished(GNUTLS_STATE state, int again) /* This is to be called after sending our finished message. If everything * went fine we have negotiated a secure connection */ -int _gnutls_recv_finished(GNUTLS_STATE state) +int _gnutls_recv_finished(gnutls_session session) { uint8 data[36], *vrfy; int data_size; @@ -454,7 +454,7 @@ int _gnutls_recv_finished(GNUTLS_STATE state) ret = 0; ret = - _gnutls_recv_handshake(state, &vrfy, &vrfysize, + _gnutls_recv_handshake(session, &vrfy, &vrfysize, GNUTLS_FINISHED, MANDATORY_PACKET); if (ret < 0) { ERR("recv finished int", ret); @@ -463,7 +463,7 @@ int _gnutls_recv_finished(GNUTLS_STATE state) } - if ( gnutls_protocol_get_version( state) == GNUTLS_SSL3) { + if ( gnutls_protocol_get_version( session) == GNUTLS_SSL3) { data_size = 36; } else { data_size = 12; @@ -474,15 +474,15 @@ int _gnutls_recv_finished(GNUTLS_STATE state) return GNUTLS_E_ERROR_IN_FINISHED_PACKET; } - if (gnutls_protocol_get_version( state) == GNUTLS_SSL3) { + if (gnutls_protocol_get_version( session) == GNUTLS_SSL3) { ret = - _gnutls_ssl3_finished(state, - (state->security_parameters. + _gnutls_ssl3_finished(session, + (session->security_parameters. entity + 1) % 2, data); } else { /* TLS 1.0 */ ret = - _gnutls_finished(state, - (state->security_parameters.entity + + _gnutls_finished(session, + (session->security_parameters.entity + 1) % 2, data); } @@ -505,8 +505,8 @@ int _gnutls_recv_finished(GNUTLS_STATE state) */ int _gnutls_find_pk_algos_in_ciphersuites( opaque* data, int datalen) { int j; -PKAlgorithm algo=-1, prev_algo = 0; -KXAlgorithm kx; +gnutls_pk_algorithm algo=-1, prev_algo = 0; +gnutls_kx_algorithm kx; for (j = 0; j < datalen; j += 2) { kx = _gnutls_cipher_suite_get_kx_algo(*((GNUTLS_CipherSuite *) & data[j])); @@ -524,20 +524,20 @@ KXAlgorithm kx; /* This selects the best supported ciphersuite from the ones supported. Then - * it adds the suite into the state and performs some checks. + * it adds the suite into the session and performs some checks. */ -int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) +int _gnutls_server_select_suite(gnutls_session session, opaque *data, int datalen) { int x, i, j; GNUTLS_CipherSuite *ciphers; int retval, err; - PKAlgorithm pk_algo; /* will hold the pk algorithms + gnutls_pk_algorithm pk_algo; /* will hold the pk algorithms * supported by the peer. */ pk_algo = _gnutls_find_pk_algos_in_ciphersuites( data, datalen); - x = _gnutls_supported_ciphersuites(state, &ciphers); + x = _gnutls_supported_ciphersuites(session, &ciphers); if (x<=0) { gnutls_assert(); if (x<0) return x; @@ -548,7 +548,7 @@ int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) * the certificate requested, or to the * authentication requested (eg SRP). */ - x = _gnutls_remove_unwanted_ciphersuites(state, &ciphers, x, pk_algo); + x = _gnutls_remove_unwanted_ciphersuites(session, &ciphers, x, pk_algo); if (x<=0) { gnutls_assert(); if (x<0) return x; @@ -566,7 +566,7 @@ int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) _gnutls_handshake_log("\t%s\n", _gnutls_cipher_suite_get_name(ciphers[j])); #endif - memset(state->security_parameters.current_cipher_suite.CipherSuite, '\0', 2); + memset(session->security_parameters.current_cipher_suite.CipherSuite, '\0', 2); retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE; @@ -578,7 +578,7 @@ int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) _gnutls_handshake_log("%s\n", _gnutls_cipher_suite_get_name(* ((GNUTLS_CipherSuite *) & data[j]))); - memcpy(state->security_parameters.current_cipher_suite.CipherSuite, ciphers[i].CipherSuite, 2); + memcpy(session->security_parameters.current_cipher_suite.CipherSuite, ciphers[i].CipherSuite, 2); retval = 0; goto finish; } @@ -596,8 +596,8 @@ int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) /* check if the credentials (username, public key etc. are ok) */ if (_gnutls_get_kx_cred - (state->gnutls_key, - _gnutls_cipher_suite_get_kx_algo(state->security_parameters. + (session->gnutls_key, + _gnutls_cipher_suite_get_kx_algo(session->security_parameters. current_cipher_suite), &err) == NULL && err != 0) { gnutls_assert(); @@ -609,11 +609,11 @@ int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) * according to the KX algorithm. This is needed since all the * handshake functions are read from there; */ - state->gnutls_internals.auth_struct = + session->internals.auth_struct = _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); - if (state->gnutls_internals.auth_struct == NULL) { + if (session->internals.auth_struct == NULL) { _gnutls_handshake_log ("HSK: Cannot find the appropriate handler for the KX algorithm\n"); @@ -628,24 +628,24 @@ int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen) /* This selects the best supported compression method from the ones provided */ -int _gnutls_server_select_comp_method(GNUTLS_STATE state, opaque * data, +int _gnutls_server_select_comp_method(gnutls_session session, opaque * data, int datalen) { int x, i, j; uint8 *ciphers; - x = _gnutls_supported_compression_methods(state, &ciphers); - memset( &state->gnutls_internals.compression_method, '\0', sizeof(CompressionMethod)); + x = _gnutls_supported_compression_methods(session, &ciphers); + memset( &session->internals.compression_method, '\0', sizeof(gnutls_compression_method)); for (j = 0; j < datalen; j++) { for (i = 0; i < x; i++) { if (ciphers[i] == data[j]) { - state->gnutls_internals.compression_method = + session->internals.compression_method = _gnutls_compression_get_id(ciphers[i]); gnutls_free(ciphers); _gnutls_handshake_log("HSK: Selected Compression Method: %s\n", - gnutls_compression_get_name(state->gnutls_internals. + gnutls_compression_get_name(session->internals. compression_method)); @@ -668,7 +668,7 @@ int _gnutls_server_select_comp_method(GNUTLS_STATE state, opaque * data, * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again * (until it returns ok), with NULL parameters. */ -int _gnutls_send_empty_handshake(GNUTLS_STATE state, HandshakeType type, +int _gnutls_send_empty_handshake(gnutls_session session, HandshakeType type, int again) { opaque data = 0; @@ -679,25 +679,25 @@ int _gnutls_send_empty_handshake(GNUTLS_STATE state, HandshakeType type, else ptr = NULL; - return _gnutls_send_handshake(state, ptr, 0, type); + return _gnutls_send_handshake(session, ptr, 0, type); } /* This function will hash the handshake message we sent. */ static -int _gnutls_handshake_hash_add_sent( GNUTLS_STATE state, HandshakeType type, +int _gnutls_handshake_hash_add_sent( gnutls_session session, HandshakeType type, opaque* dataptr, uint32 datalen) { int ret; - if ( (ret=_gnutls_handshake_hash_pending( state)) < 0) { + if ( (ret=_gnutls_handshake_hash_pending( session)) < 0) { gnutls_assert(); return ret; } if ( type != GNUTLS_HELLO_REQUEST) { - _gnutls_hash( state->gnutls_internals.handshake_mac_handle_sha, dataptr, datalen); - _gnutls_hash( state->gnutls_internals.handshake_mac_handle_md5, dataptr, datalen); + _gnutls_hash( session->internals.handshake_mac_handle_sha, dataptr, datalen); + _gnutls_hash( session->internals.handshake_mac_handle_md5, dataptr, datalen); } return 0; @@ -709,7 +709,7 @@ int ret; * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again * (until it returns ok), with NULL parameters. */ -int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, +int _gnutls_send_handshake(gnutls_session session, void *i_data, uint32 i_datasize, HandshakeType type) { int ret; @@ -719,13 +719,13 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, /* to know where the procedure was interrupted. */ - state->gnutls_internals.handshake_direction = 1; /* write */ + session->internals.handshake_direction = 1; /* write */ if (i_data == NULL && i_datasize == 0) { /* we are resuming a previously interrupted * send. */ - ret = _gnutls_handshake_io_write_flush(state); + ret = _gnutls_handshake_io_write_flush(session); return ret; } @@ -757,14 +757,14 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, /* Here we keep the handshake messages in order to hash them... */ if ( type != GNUTLS_HELLO_REQUEST) - if ( (ret= _gnutls_handshake_hash_add_sent( state, type, data, datasize)) < 0) { + if ( (ret= _gnutls_handshake_hash_add_sent( session, type, data, datasize)) < 0) { gnutls_assert(); gnutls_afree(data); return ret; } ret = - _gnutls_handshake_io_send_int(state, GNUTLS_HANDSHAKE, type, + _gnutls_handshake_io_send_int(session, GNUTLS_HANDSHAKE, type, data, datasize); gnutls_afree(data); @@ -779,7 +779,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data, * FIXME: This function is complex. */ #define SSL2_HEADERS 1 -static int _gnutls_recv_handshake_header(GNUTLS_STATE state, +static int _gnutls_recv_handshake_header(gnutls_session session, HandshakeType type, HandshakeType * recv_type) { @@ -792,31 +792,31 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, * In order to return we need a full TLS handshake header, or in case of a version 2 * packet, then we return the first byte. */ - if (state->gnutls_internals.handshake_header_buffer.header_size == - handshake_header_size || (state->gnutls_internals.v2_hello != 0 + if (session->internals.handshake_header_buffer.header_size == + handshake_header_size || (session->internals.v2_hello != 0 && type == GNUTLS_CLIENT_HELLO - && state->gnutls_internals. + && session->internals. handshake_header_buffer. packet_length > 0)) { *recv_type = - state->gnutls_internals.handshake_header_buffer. + session->internals.handshake_header_buffer. recv_type; - return state->gnutls_internals.handshake_header_buffer. + return session->internals.handshake_header_buffer. packet_length; } /* Note: SSL2_HEADERS == 1 */ - dataptr = state->gnutls_internals.handshake_header_buffer.header; + dataptr = session->internals.handshake_header_buffer.header; /* If we haven't already read the handshake headers. */ - if (state->gnutls_internals.handshake_header_buffer.header_size < + if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS) { ret = - _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE, type, dataptr, SSL2_HEADERS); @@ -830,21 +830,21 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - state->gnutls_internals.handshake_header_buffer. + session->internals.handshake_header_buffer. header_size = SSL2_HEADERS; } - if (state->gnutls_internals.v2_hello == 0 + if (session->internals.v2_hello == 0 || type != GNUTLS_CLIENT_HELLO) { ret = - _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE, type, - &dataptr[state-> - gnutls_internals. + &dataptr[session-> + internals. handshake_header_buffer. header_size], HANDSHAKE_HEADER_SIZE - - state->gnutls_internals. + session->internals. handshake_header_buffer. header_size); if (ret <= 0) { @@ -855,7 +855,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, } if (ret != HANDSHAKE_HEADER_SIZE - - state->gnutls_internals.handshake_header_buffer. + session->internals.handshake_header_buffer. header_size) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; @@ -873,7 +873,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, length32 + HANDSHAKE_HEADER_SIZE); } else { /* v2 hello */ - length32 = state->gnutls_internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */ + length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */ handshake_header_size = SSL2_HEADERS; /* we've already read one byte */ @@ -890,11 +890,11 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, } /* put the packet into the buffer */ - state->gnutls_internals.handshake_header_buffer.header_size = + session->internals.handshake_header_buffer.header_size = handshake_header_size; - state->gnutls_internals.handshake_header_buffer.packet_length = + session->internals.handshake_header_buffer.packet_length = length32; - state->gnutls_internals.handshake_header_buffer.recv_type = + session->internals.handshake_header_buffer.recv_type = *recv_type; if (*recv_type != type) { @@ -905,7 +905,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, return length32; } -#define _gnutls_handshake_header_buffer_clear( state) state->gnutls_internals.handshake_header_buffer.header_size = 0 +#define _gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0 @@ -913,7 +913,7 @@ static int _gnutls_recv_handshake_header(GNUTLS_STATE state, * handshake data. */ static -int _gnutls_handshake_hash_add_recvd( GNUTLS_STATE state, HandshakeType recv_type, +int _gnutls_handshake_hash_add_recvd( gnutls_session session, HandshakeType recv_type, opaque* header, uint16 header_size, opaque* dataptr, uint32 datalen) { int ret; @@ -921,7 +921,7 @@ int ret; * and add the one we just received into the handshake_hash_buffer. */ - if ( (ret=_gnutls_handshake_hash_pending( state)) < 0) { + if ( (ret=_gnutls_handshake_hash_pending( session)) < 0) { gnutls_assert(); return ret; } @@ -930,7 +930,7 @@ int ret; if ( recv_type != GNUTLS_HELLO_REQUEST) { if ((ret = - _gnutls_handshake_buffer_put(state, + _gnutls_handshake_buffer_put(session, header, header_size)) < 0) { gnutls_assert(); return ret; @@ -938,7 +938,7 @@ int ret; if ( datalen > 0) { if ((ret = - _gnutls_handshake_buffer_put(state, dataptr, + _gnutls_handshake_buffer_put(session, dataptr, datalen)) < 0) { gnutls_assert(); return ret; @@ -955,7 +955,7 @@ int ret; * Eg. for the SERVER_HELLO message (if it is expected), it will be * send to _gnutls_recv_hello(). */ -int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, +int _gnutls_recv_handshake(gnutls_session session, uint8 ** data, int *datalen, HandshakeType type, Optional optional) { @@ -966,9 +966,9 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, /* to know where the procedure was interrupted. */ - state->gnutls_internals.handshake_direction = 0; /* read */ + session->internals.handshake_direction = 0; /* read */ - ret = _gnutls_recv_handshake_header(state, type, &recv_type); + ret = _gnutls_recv_handshake_header(session, type, &recv_type); if (ret < 0) { if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET && optional == OPTIONAL_PACKET) { @@ -1000,7 +1000,7 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, if (length32 > 0) { ret = - _gnutls_handshake_io_recv_int(state, GNUTLS_HANDSHAKE, + _gnutls_handshake_io_recv_int(session, GNUTLS_HANDSHAKE, type, dataptr, length32); if (ret <= 0) { gnutls_assert(); @@ -1018,12 +1018,12 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, *data = dataptr; - if ( (ret=_gnutls_handshake_hash_add_recvd( state, recv_type, - state->gnutls_internals.handshake_header_buffer.header, - state->gnutls_internals.handshake_header_buffer.header_size, + if ( (ret=_gnutls_handshake_hash_add_recvd( session, recv_type, + session->internals.handshake_header_buffer.header, + session->internals.handshake_header_buffer.header_size, dataptr, length32)) < 0) { gnutls_assert(); - _gnutls_handshake_header_buffer_clear(state); + _gnutls_handshake_header_buffer_clear(session); return ret; } @@ -1031,12 +1031,12 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, * have have received above. if we get here the we clear the handshake * header we received. */ - _gnutls_handshake_header_buffer_clear(state); + _gnutls_handshake_header_buffer_clear(session); switch (recv_type) { case GNUTLS_CLIENT_HELLO: case GNUTLS_SERVER_HELLO: - ret = _gnutls_recv_hello(state, dataptr, length32); + ret = _gnutls_recv_hello(session, dataptr, length32); /* dataptr is freed because the caller does not * need it */ gnutls_free(dataptr); @@ -1064,9 +1064,9 @@ int _gnutls_recv_handshake(GNUTLS_STATE state, uint8 ** data, } /* This function checks if the given cipher suite is supported, and sets it - * to the state; + * to the session; */ -static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, +static int _gnutls_client_set_ciphersuite(gnutls_session session, opaque suite[2]) { uint8 z; @@ -1075,7 +1075,7 @@ static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, int i, err; z = 1; - x = _gnutls_supported_ciphersuites(state, &cipher_suites); + x = _gnutls_supported_ciphersuites(session, &cipher_suites); for (i = 0; i < x; i++) { if (memcmp(&cipher_suites[i], suite, 2) == 0) { z = 0; @@ -1089,12 +1089,12 @@ static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } - memcpy(state->security_parameters. + memcpy(session->security_parameters. current_cipher_suite.CipherSuite, suite, 2); _gnutls_handshake_log("HSK: Selected cipher suite: "); _gnutls_handshake_log("%s\n", - _gnutls_cipher_suite_get_name(state-> + _gnutls_cipher_suite_get_name(session-> security_parameters. current_cipher_suite)); @@ -1103,8 +1103,8 @@ static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, * Actually checks if they exist. */ if (_gnutls_get_kx_cred - (state->gnutls_key, - _gnutls_cipher_suite_get_kx_algo(state-> + (session->gnutls_key, + _gnutls_cipher_suite_get_kx_algo(session-> security_parameters. current_cipher_suite), &err) == NULL && err != 0) { @@ -1117,12 +1117,12 @@ static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, * according to the KX algorithm. This is needed since all the * handshake functions are read from there; */ - state->gnutls_internals.auth_struct = + session->internals.auth_struct = _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); - if (state->gnutls_internals.auth_struct == NULL) { + if (session->internals.auth_struct == NULL) { _gnutls_handshake_log ("HSK: Cannot find the appropriate handler for the KX algorithm\n"); @@ -1134,16 +1134,16 @@ static int _gnutls_client_set_ciphersuite(GNUTLS_STATE state, return 0; } -/* This function sets the given comp method to the state. +/* This function sets the given comp method to the session. */ -static int _gnutls_client_set_comp_method(GNUTLS_STATE state, +static int _gnutls_client_set_comp_method(gnutls_session session, opaque comp_method) { uint8 z; uint8 *compression_methods; int i; - z = _gnutls_supported_compression_methods(state, + z = _gnutls_supported_compression_methods(session, &compression_methods); for (i = 0; i < z; i++) { if (compression_methods[i] == comp_method) { @@ -1158,7 +1158,7 @@ static int _gnutls_client_set_comp_method(GNUTLS_STATE state, return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; } - state->gnutls_internals.compression_method = + session->internals.compression_method = _gnutls_compression_get_id(comp_method); @@ -1166,10 +1166,10 @@ static int _gnutls_client_set_comp_method(GNUTLS_STATE state, } /* This function returns 0 if we are resuming a session or -1 otherwise. - * This also sets the variables in the state. Used only while reading a server + * This also sets the variables in the session. Used only while reading a server * hello. */ -static int _gnutls_client_check_if_resuming(GNUTLS_STATE state, +static int _gnutls_client_check_if_resuming(gnutls_session session, opaque * session_id, int session_id_len) { @@ -1178,30 +1178,30 @@ static int _gnutls_client_check_if_resuming(GNUTLS_STATE state, _gnutls_handshake_log("HSK: SessionID: %s\n", _gnutls_bin2hex(session_id, session_id_len)); - if ((state->gnutls_internals.resumed_security_parameters. + if ((session->internals.resumed_security_parameters. session_id_size > 0) && memcmp(session_id, - state->gnutls_internals. + session->internals. resumed_security_parameters.session_id, session_id_len) == 0) { /* resume session */ - memcpy(state->gnutls_internals. + memcpy(session->internals. resumed_security_parameters.server_random, - state->security_parameters.server_random, + session->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy(state->gnutls_internals. + memcpy(session->internals. resumed_security_parameters.client_random, - state->security_parameters.client_random, + session->security_parameters.client_random, TLS_RANDOM_SIZE); - state->gnutls_internals.resumed = RESUME_TRUE; /* we are resuming */ + session->internals.resumed = RESUME_TRUE; /* we are resuming */ return 0; } else { /* keep the new session id */ - state->gnutls_internals.resumed = RESUME_FALSE; /* we are not resuming */ - state->security_parameters.session_id_size = + session->internals.resumed = RESUME_FALSE; /* we are not resuming */ + session->security_parameters.session_id_size = session_id_len; - memcpy(state->security_parameters.session_id, + memcpy(session->security_parameters.session_id, session_id, session_id_len); return -1; @@ -1213,13 +1213,13 @@ static int _gnutls_client_check_if_resuming(GNUTLS_STATE state, * This function also restores resumed parameters if we are resuming a * session. */ -static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, +static int _gnutls_read_server_hello(gnutls_session session, char *data, int datalen) { uint8 session_id_len = 0; int pos = 0; int ret = 0; - GNUTLS_Version version; + gnutls_protocol_version version; int len = datalen; if (datalen < 38) { @@ -1231,17 +1231,17 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, DECR_LEN(len, 2); version = _gnutls_version_get(data[pos], data[pos + 1]); - if (_gnutls_version_is_supported(state, version) == 0) { + if (_gnutls_version_is_supported(session, version) == 0) { gnutls_assert(); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } else { - _gnutls_set_current_version(state, version); + _gnutls_set_current_version(session, version); } pos += 2; DECR_LEN(len, TLS_RANDOM_SIZE); - _gnutls_set_server_random(state, &data[pos]); + _gnutls_set_server_random(session, &data[pos]); pos += TLS_RANDOM_SIZE; @@ -1261,17 +1261,17 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, * values; */ if (_gnutls_client_check_if_resuming - (state, &data[pos], session_id_len) == 0) + (session, &data[pos], session_id_len) == 0) return 0; pos += session_id_len; /* Check if the given cipher suite is supported and copy - * it to the state. + * it to the session. */ DECR_LEN(len, 2); - ret = _gnutls_client_set_ciphersuite(state, &data[pos]); + ret = _gnutls_client_set_ciphersuite(session, &data[pos]); if (ret < 0) { gnutls_assert(); return ret; @@ -1284,7 +1284,7 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, */ DECR_LEN(len, 1); - ret = _gnutls_client_set_comp_method(state, data[pos++]); + ret = _gnutls_client_set_comp_method(session, data[pos++]); if (ret < 0) { gnutls_assert(); return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; @@ -1293,7 +1293,7 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, /* Parse extensions. */ if (version >= GNUTLS_TLS1) { - ret = _gnutls_parse_extensions(state, &data[pos], len); /* len is the rest of the parsed length */ + ret = _gnutls_parse_extensions(session, &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { gnutls_assert(); return ret; @@ -1306,7 +1306,7 @@ static int _gnutls_read_server_hello(GNUTLS_STATE state, char *data, /* This function copies the appropriate ciphersuites, to a localy allocated buffer * Needed in client hello messages. Returns the new data length. */ -static int _gnutls_copy_ciphersuites(GNUTLS_STATE state, +static int _gnutls_copy_ciphersuites(gnutls_session session, opaque ** ret_data) { int ret, i; @@ -1314,7 +1314,7 @@ static int _gnutls_copy_ciphersuites(GNUTLS_STATE state, uint16 cipher_num; int datalen, pos; - ret = _gnutls_supported_ciphersuites_sorted(state, &cipher_suites); + ret = _gnutls_supported_ciphersuites_sorted(session, &cipher_suites); if (ret <= 0) { gnutls_assert(); if (ret==0) return GNUTLS_E_INVALID_REQUEST; @@ -1326,7 +1326,7 @@ static int _gnutls_copy_ciphersuites(GNUTLS_STATE state, * authentication requested (eg SRP). */ ret = - _gnutls_remove_unwanted_ciphersuites(state, &cipher_suites, + _gnutls_remove_unwanted_ciphersuites(session, &cipher_suites, ret, -1); if (ret < 0) { gnutls_assert(); @@ -1371,7 +1371,7 @@ static int _gnutls_copy_ciphersuites(GNUTLS_STATE state, /* This function copies the appropriate compression methods, to a localy allocated buffer * Needed in hello messages. Returns the new data length. */ -static int _gnutls_copy_comp_methods(GNUTLS_STATE state, +static int _gnutls_copy_comp_methods(gnutls_session session, opaque ** ret_data) { int ret, i; @@ -1379,7 +1379,7 @@ static int _gnutls_copy_comp_methods(GNUTLS_STATE state, int datalen, pos; ret = - _gnutls_supported_compression_methods(state, + _gnutls_supported_compression_methods(session, &compression_methods); if (ret < 0) { gnutls_assert(); @@ -1410,7 +1410,7 @@ static int _gnutls_copy_comp_methods(GNUTLS_STATE state, /* This function sends the client hello handshake message. */ -static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) +static int _gnutls_send_client_hello(gnutls_session session, int again) { opaque *data = NULL; opaque *extdata; @@ -1418,12 +1418,12 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) int pos = 0; int datalen, ret = 0; opaque random[TLS_RANDOM_SIZE]; - GNUTLS_Version hver; + gnutls_protocol_version hver; opaque *SessionID = - state->gnutls_internals.resumed_security_parameters.session_id; + session->internals.resumed_security_parameters.session_id; uint8 session_id_len = - state->gnutls_internals.resumed_security_parameters. + session->internals.resumed_security_parameters. session_id_size; if (SessionID == NULL || session_id_len == 0) { @@ -1449,10 +1449,10 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) * version number to the previously established. */ if (SessionID == NULL) - hver = _gnutls_version_max(state); + hver = _gnutls_version_max(session); else { /* we are resuming a session */ hver = - state->gnutls_internals. + session->internals. resumed_security_parameters.version; } @@ -1469,7 +1469,7 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) /* Set the version we advertized as maximum * (RSA uses it). */ - _gnutls_set_adv_version( state, hver); + _gnutls_set_adv_version( session, hver); /* Some implementations do not interoperate if we send a * different version in the record layer. @@ -1479,19 +1479,19 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) * handshake packet and ignore the one in the packet's record * header. */ - if (state->gnutls_internals.default_record_version==0) - _gnutls_set_current_version(state, hver); - else _gnutls_set_current_version(state, - state->gnutls_internals.default_record_version); + if (session->internals.default_record_version==0) + _gnutls_set_current_version(session, hver); + else _gnutls_set_current_version(session, + session->internals.default_record_version); /* In order to know when this session was initiated. */ - state->security_parameters.timestamp = time(NULL); + session->security_parameters.timestamp = time(NULL); /* Generate random data */ _gnutls_create_random(random); - _gnutls_set_client_random(state, random); + _gnutls_set_client_random(session, random); memcpy(&data[pos], random, TLS_RANDOM_SIZE); pos += TLS_RANDOM_SIZE; @@ -1508,7 +1508,7 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) /* Copy the ciphersuites. */ - extdatalen = _gnutls_copy_ciphersuites(state, &extdata); + extdatalen = _gnutls_copy_ciphersuites(session, &extdata); if (extdatalen > 0) { datalen += extdatalen; data = gnutls_realloc(data, datalen); @@ -1533,7 +1533,7 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) /* Copy the compression methods. */ - extdatalen = _gnutls_copy_comp_methods(state, &extdata); + extdatalen = _gnutls_copy_comp_methods(session, &extdata); if (extdatalen > 0) { datalen += extdatalen; data = gnutls_realloc(data, datalen); @@ -1558,7 +1558,7 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) /* Generate and copy TLS extensions. */ if (hver >= GNUTLS_TLS1) { - extdatalen = _gnutls_gen_extensions(state, &extdata); + extdatalen = _gnutls_gen_extensions(session, &extdata); if (extdatalen > 0) { datalen += extdatalen; data = gnutls_realloc(data, datalen); @@ -1575,14 +1575,14 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again) } ret = - _gnutls_send_handshake(state, data, datalen, + _gnutls_send_handshake(session, data, datalen, GNUTLS_CLIENT_HELLO); gnutls_free(data); return ret; } -static int _gnutls_send_server_hello(GNUTLS_STATE state, int again) +static int _gnutls_send_server_hello(gnutls_session session, int again) { opaque *data; opaque *extdata; @@ -1590,8 +1590,8 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again) int pos = 0; int datalen, ret = 0; uint8 comp; - opaque *SessionID = state->security_parameters.session_id; - uint8 session_id_len = state->security_parameters.session_id_size; + opaque *SessionID = session->security_parameters.session_id; + uint8 session_id_len = session->security_parameters.session_id_size; if (SessionID == NULL) session_id_len = 0; @@ -1601,7 +1601,7 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again) if (again == 0) { datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; - extdatalen = _gnutls_gen_extensions(state, &extdata); + extdatalen = _gnutls_gen_extensions(session, &extdata); data = gnutls_alloca(datalen + extdatalen); if (data == NULL) { @@ -1611,14 +1611,14 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again) } data[pos++] = - _gnutls_version_get_major(state->security_parameters. + _gnutls_version_get_major(session->security_parameters. version); data[pos++] = - _gnutls_version_get_minor(state->security_parameters. + _gnutls_version_get_minor(session->security_parameters. version); memcpy(&data[pos], - state->security_parameters.server_random, + session->security_parameters.server_random, TLS_RANDOM_SIZE); pos += TLS_RANDOM_SIZE; @@ -1632,13 +1632,13 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again) _gnutls_bin2hex(SessionID, session_id_len)); memcpy(&data[pos], - state->security_parameters. + session->security_parameters. current_cipher_suite.CipherSuite, 2); pos += 2; comp = - (uint8) _gnutls_compression_get_num(state-> - gnutls_internals. + (uint8) _gnutls_compression_get_num(session-> + internals. compression_method); data[pos++] = comp; @@ -1652,22 +1652,22 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again) } ret = - _gnutls_send_handshake(state, data, datalen, + _gnutls_send_handshake(session, data, datalen, GNUTLS_SERVER_HELLO); gnutls_afree(data); return ret; } -int _gnutls_send_hello(GNUTLS_STATE state, int again) +int _gnutls_send_hello(gnutls_session session, int again) { int ret; - if (state->security_parameters.entity == GNUTLS_CLIENT) { - ret = _gnutls_send_client_hello(state, again); + if (session->security_parameters.entity == GNUTLS_CLIENT) { + ret = _gnutls_send_client_hello(session, again); } else { /* SERVER */ - ret = _gnutls_send_server_hello(state, again); + ret = _gnutls_send_server_hello(session, again); } return ret; @@ -1675,21 +1675,21 @@ int _gnutls_send_hello(GNUTLS_STATE state, int again) /* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a * hello message is expected. It uses the security_parameters.current_cipher_suite - * and gnutls_internals.compression_method. + * and internals.compression_method. */ -int _gnutls_recv_hello(GNUTLS_STATE state, char *data, int datalen) +int _gnutls_recv_hello(gnutls_session session, char *data, int datalen) { int ret; - if (state->security_parameters.entity == GNUTLS_CLIENT) { - ret = _gnutls_read_server_hello(state, data, datalen); + if (session->security_parameters.entity == GNUTLS_CLIENT) { + ret = _gnutls_read_server_hello(session, data, datalen); if (ret < 0) { gnutls_assert(); return ret; } } else { /* Server side reading a client hello */ - ret = _gnutls_read_client_hello(state, data, datalen); + ret = _gnutls_read_client_hello(session, data, datalen); if (ret < 0) { gnutls_assert(); return ret; @@ -1726,7 +1726,7 @@ int _gnutls_recv_hello(GNUTLS_STATE state, char *data, int datalen) /** * gnutls_rehandshake - This function will renegotiate security parameters - * @state: is a a &GNUTLS_STATE structure. + * @session: is a a &gnutls_session structure. * * This function will renegotiate security parameters with the * client. This should only be called in case of a server. @@ -1743,16 +1743,16 @@ int _gnutls_recv_hello(GNUTLS_STATE state, char *data, int datalen) * GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be * GNUTLS_A_NO_RENEGOTIATION. **/ -int gnutls_rehandshake(GNUTLS_STATE state) +int gnutls_rehandshake(gnutls_session session) { int ret; /* only server sends that handshake packet */ - if (state->security_parameters.entity == GNUTLS_CLIENT) + if (session->security_parameters.entity == GNUTLS_CLIENT) return GNUTLS_E_INVALID_REQUEST; ret = - _gnutls_send_empty_handshake(state, GNUTLS_HELLO_REQUEST, + _gnutls_send_empty_handshake(session, GNUTLS_HELLO_REQUEST, AGAIN(STATE50)); STATE = STATE50; @@ -1766,8 +1766,8 @@ int gnutls_rehandshake(GNUTLS_STATE state) } /** - * gnutls_handshake_get_direction - This function will return the state of the handshake protocol - * @state: is a a &GNUTLS_STATE structure. + * gnutls_handshake_get_direction - This function will return the session of the handshake protocol + * @session: is a a &gnutls_session structure. * * This function provides information about the handshake procedure, and * is only useful if the gnutls_handshake() call was interrupted for some @@ -1777,13 +1777,13 @@ int gnutls_rehandshake(GNUTLS_STATE state) * 1 otherwise. * **/ -int gnutls_handshake_get_direction(GNUTLS_STATE state) { - return state->gnutls_internals.handshake_direction; +int gnutls_handshake_get_direction(gnutls_session session) { + return session->internals.handshake_direction; } -static int _gnutls_abort_handshake( GNUTLS_STATE state, int ret) { +static int _gnutls_abort_handshake( gnutls_session session, int ret) { if ( ((ret==GNUTLS_E_WARNING_ALERT_RECEIVED) && - ( gnutls_alert_get(state) == GNUTLS_A_NO_RENEGOTIATION)) + ( gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION)) || ret==GNUTLS_E_GOT_APPLICATION_DATA) return 0; @@ -1792,24 +1792,24 @@ static int _gnutls_abort_handshake( GNUTLS_STATE state, int ret) { } -/* This function initialized the handshake hash state. +/* This function initialized the handshake hash session. * required for finished messages. */ inline -static int _gnutls_handshake_hash_init( GNUTLS_STATE state) { +static int _gnutls_handshake_hash_init( gnutls_session session) { - if ( state->gnutls_internals.handshake_mac_handle_md5==NULL) { - state->gnutls_internals.handshake_mac_handle_md5 = _gnutls_hash_init( GNUTLS_MAC_MD5); + if ( session->internals.handshake_mac_handle_md5==NULL) { + session->internals.handshake_mac_handle_md5 = _gnutls_hash_init( GNUTLS_MAC_MD5); - if (state->gnutls_internals.handshake_mac_handle_md5==GNUTLS_HASH_FAILED) { + if (session->internals.handshake_mac_handle_md5==GNUTLS_HASH_FAILED) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } } - if ( state->gnutls_internals.handshake_mac_handle_sha==NULL) { - state->gnutls_internals.handshake_mac_handle_sha = _gnutls_hash_init( GNUTLS_MAC_SHA); - if (state->gnutls_internals.handshake_mac_handle_sha==GNUTLS_HASH_FAILED) { + if ( session->internals.handshake_mac_handle_sha==NULL) { + session->internals.handshake_mac_handle_sha = _gnutls_hash_init( GNUTLS_MAC_SHA); + if (session->internals.handshake_mac_handle_sha==GNUTLS_HASH_FAILED) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } @@ -1820,7 +1820,7 @@ static int _gnutls_handshake_hash_init( GNUTLS_STATE state) { /** * gnutls_handshake - This the main function in the handshake protocol. - * @state: is a a &GNUTLS_STATE structure. + * @session: is a a &gnutls_session structure. * * This function does the handshake of the TLS/SSL protocol, * and initializes the TLS connection. @@ -1841,41 +1841,41 @@ static int _gnutls_handshake_hash_init( GNUTLS_STATE state) { * rejected the rehandshake request. * **/ -int gnutls_handshake(GNUTLS_STATE state) +int gnutls_handshake(gnutls_session session) { int ret; - if ( (ret=_gnutls_handshake_hash_init( state)) < 0) { + if ( (ret=_gnutls_handshake_hash_init( session)) < 0) { gnutls_assert(); return ret; } - if (state->security_parameters.entity == GNUTLS_CLIENT) { - ret = gnutls_handshake_client(state); + if (session->security_parameters.entity == GNUTLS_CLIENT) { + ret = gnutls_handshake_client(session); } else { - ret = gnutls_handshake_server(state); + ret = gnutls_handshake_server(session); } if (ret < 0) { /* In the case of a rehandshake abort - * we should reset the handshake's state + * we should reset the handshake's session */ - if (_gnutls_abort_handshake( state, ret) == 0) + if (_gnutls_abort_handshake( session, ret) == 0) STATE = STATE0; return ret; } - ret = gnutls_handshake_common(state); + ret = gnutls_handshake_common(session); if (ret < 0) { - if (_gnutls_abort_handshake( state, ret) == 0) + if (_gnutls_abort_handshake( session, ret) == 0) STATE = STATE0; return ret; } STATE = STATE0; - _gnutls_handshake_io_buffer_clear(state); - _gnutls_handshake_internal_state_clear(state); + _gnutls_handshake_io_buffer_clear(session); + _gnutls_handshake_internal_state_clear(session); return 0; } @@ -1885,7 +1885,7 @@ int gnutls_handshake(GNUTLS_STATE state) if (gnutls_error_is_fatal(ret)==0) return ret; \ gnutls_assert(); \ ERR( str, ret); \ - _gnutls_handshake_hash_buffers_clear(state); \ + _gnutls_handshake_hash_buffers_clear(session); \ return ret; \ } @@ -1895,18 +1895,18 @@ int gnutls_handshake(GNUTLS_STATE state) * gnutls_handshake_client * This function performs the client side of the handshake of the TLS/SSL protocol. */ -int gnutls_handshake_client(GNUTLS_STATE state) +int gnutls_handshake_client(gnutls_session session) { int ret = 0; #ifdef HANDSHAKE_DEBUG - if (state->gnutls_internals.resumed_security_parameters. + if (session->internals.resumed_security_parameters. session_id_size > 0) _gnutls_handshake_log("HSK: Ask to resume: %s\n", - _gnutls_bin2hex(state->gnutls_internals. + _gnutls_bin2hex(session->internals. resumed_security_parameters. session_id, - state->gnutls_internals. + session->internals. resumed_security_parameters. session_id_size)); #endif @@ -1914,14 +1914,14 @@ int gnutls_handshake_client(GNUTLS_STATE state) switch (STATE) { case STATE0: case STATE1: - ret = _gnutls_send_hello(state, AGAIN(STATE1)); + ret = _gnutls_send_hello(session, AGAIN(STATE1)); STATE = STATE1; IMED_RET("send hello", ret); case STATE2: /* receive the server hello */ ret = - _gnutls_recv_handshake(state, NULL, NULL, + _gnutls_recv_handshake(session, NULL, NULL, GNUTLS_SERVER_HELLO, MANDATORY_PACKET); STATE = STATE2; @@ -1929,15 +1929,15 @@ int gnutls_handshake_client(GNUTLS_STATE state) case STATE3: /* RECV CERTIFICATE */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_certificate(state); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_server_certificate(session); STATE = STATE3; IMED_RET("recv server certificate", ret); case STATE4: /* receive the server key exchange */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_kx_message(state); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_server_kx_message(session); STATE = STATE4; IMED_RET("recv server kx message", ret); @@ -1945,9 +1945,9 @@ int gnutls_handshake_client(GNUTLS_STATE state) /* Added for SRP, * send the client key exchange for SRP */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_send_client_kx_message0(state, + _gnutls_send_client_kx_message0(session, AGAIN(STATE5)); STATE = STATE5; IMED_RET("send client kx0", ret); @@ -1956,9 +1956,9 @@ int gnutls_handshake_client(GNUTLS_STATE state) /* receive the server certificate request - if any */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_recv_server_certificate_request(state); + _gnutls_recv_server_certificate_request(session); STATE = STATE6; IMED_RET("recv server certificate request message", ret); @@ -1966,16 +1966,16 @@ int gnutls_handshake_client(GNUTLS_STATE state) /* receive the server key exchange (B) (SRP only) */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_kx_message2(state); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_server_kx_message2(session); STATE = STATE7; IMED_RET("recv server kx message2", ret); case STATE8: /* receive the server hello done */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_recv_handshake(state, NULL, NULL, + _gnutls_recv_handshake(session, NULL, NULL, GNUTLS_SERVER_HELLO_DONE, MANDATORY_PACKET); STATE = STATE8; @@ -1984,26 +1984,26 @@ int gnutls_handshake_client(GNUTLS_STATE state) case STATE9: /* send our certificate - if any and if requested */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_send_client_certificate(state, + _gnutls_send_client_certificate(session, AGAIN(STATE9)); STATE = STATE9; IMED_RET("send client certificate", ret); case STATE10: - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_send_client_kx_message(state, + _gnutls_send_client_kx_message(session, AGAIN(STATE10)); STATE = STATE10; IMED_RET("send client kx", ret); case STATE11: /* send client certificate verify */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_send_client_certificate_verify(state, + _gnutls_send_client_certificate_verify(session, AGAIN (STATE11)); STATE = STATE11; @@ -2019,13 +2019,13 @@ int gnutls_handshake_client(GNUTLS_STATE state) /* This function sends the final handshake packets and initializes connection */ -static int _gnutls_send_handshake_final(GNUTLS_STATE state, int init) +static int _gnutls_send_handshake_final(gnutls_session session, int init) { int ret = 0; /* to know where the procedure was interrupted. */ - state->gnutls_internals.handshake_direction = 1; /* write */ + session->internals.handshake_direction = 1; /* write */ /* Send the CHANGE CIPHER SPEC PACKET */ @@ -2033,7 +2033,7 @@ static int _gnutls_send_handshake_final(GNUTLS_STATE state, int init) case STATE0: case STATE20: ret = - _gnutls_send_change_cipher_spec(state, AGAIN(STATE20)); + _gnutls_send_change_cipher_spec(session, AGAIN(STATE20)); STATE = STATE20; if (ret < 0) { ERR("send ChangeCipherSpec", ret); @@ -2041,17 +2041,17 @@ static int _gnutls_send_handshake_final(GNUTLS_STATE state, int init) return ret; } - /* Initialize the connection state (start encryption) - in case of client + /* Initialize the connection session (start encryption) - in case of client */ if (init == TRUE) { - ret = _gnutls_connection_state_init(state); + ret = _gnutls_connection_state_init(session); if (ret < 0) { gnutls_assert(); return ret; } } - ret = _gnutls_write_connection_state_init(state); + ret = _gnutls_write_connection_state_init(session); if (ret < 0) { gnutls_assert(); return ret; @@ -2059,7 +2059,7 @@ static int _gnutls_send_handshake_final(GNUTLS_STATE state, int init) case STATE21: /* send the finished message */ - ret = _gnutls_send_finished(state, AGAIN(STATE21)); + ret = _gnutls_send_finished(session, AGAIN(STATE21)); STATE = STATE21; if (ret < 0) { ERR("send Finished", ret); @@ -2076,22 +2076,22 @@ static int _gnutls_send_handshake_final(GNUTLS_STATE state, int init) /* This function receives the final handshake packets * And executes the appropriate function to initialize the - * read state. + * read session. */ -static int _gnutls_recv_handshake_final(GNUTLS_STATE state, int init) +static int _gnutls_recv_handshake_final(gnutls_session session, int init) { int ret = 0; uint8 ch; /* to know where the procedure was interrupted. */ - state->gnutls_internals.handshake_direction = 0; /* recv */ + session->internals.handshake_direction = 0; /* recv */ switch (STATE) { case STATE0: case STATE30: ret = - gnutls_recv_int(state, GNUTLS_CHANGE_CIPHER_SPEC, -1, + gnutls_recv_int(session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); STATE = STATE30; if (ret <= 0) { @@ -2102,23 +2102,23 @@ static int _gnutls_recv_handshake_final(GNUTLS_STATE state, int init) GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - /* Initialize the connection state (start encryption) - in case of server */ + /* Initialize the connection session (start encryption) - in case of server */ if (init == TRUE) { - ret = _gnutls_connection_state_init(state); + ret = _gnutls_connection_state_init(session); if (ret < 0) { gnutls_assert(); return ret; } } - ret = _gnutls_read_connection_state_init(state); + ret = _gnutls_read_connection_state_init(session); if (ret < 0) { gnutls_assert(); return ret; } case STATE31: - ret = _gnutls_recv_finished(state); + ret = _gnutls_recv_finished(session); STATE = STATE31; if (ret < 0) { ERR("recv finished", ret); @@ -2138,7 +2138,7 @@ static int _gnutls_recv_handshake_final(GNUTLS_STATE state, int init) * This function does the server stuff of the handshake protocol. */ -int gnutls_handshake_server(GNUTLS_STATE state) +int gnutls_handshake_server(gnutls_session session) { int ret = 0; @@ -2146,14 +2146,14 @@ int gnutls_handshake_server(GNUTLS_STATE state) case STATE0: case STATE1: ret = - _gnutls_recv_handshake(state, NULL, NULL, + _gnutls_recv_handshake(session, NULL, NULL, GNUTLS_CLIENT_HELLO, MANDATORY_PACKET); STATE = STATE1; IMED_RET("recv hello", ret); case STATE2: - ret = _gnutls_send_hello(state, AGAIN(STATE2)); + ret = _gnutls_send_hello(session, AGAIN(STATE2)); STATE = STATE2; IMED_RET("send hello", ret); @@ -2161,27 +2161,27 @@ int gnutls_handshake_server(GNUTLS_STATE state) case STATE3: /* NOTE: these should not be send if we are resuming */ - if (state->gnutls_internals.resumed == RESUME_FALSE) + if (session->internals.resumed == RESUME_FALSE) ret = - _gnutls_send_server_certificate(state, + _gnutls_send_server_certificate(session, AGAIN(STATE3)); STATE = STATE3; IMED_RET("send server certificate", ret); case STATE4: /* send server key exchange (A) */ - if (state->gnutls_internals.resumed == RESUME_FALSE) + if (session->internals.resumed == RESUME_FALSE) ret = - _gnutls_send_server_kx_message(state, + _gnutls_send_server_kx_message(session, AGAIN(STATE4)); STATE = STATE4; IMED_RET("send server kx", ret); case STATE5: /* Send certificate request - if requested to */ - if (state->gnutls_internals.resumed == RESUME_FALSE) + if (session->internals.resumed == RESUME_FALSE) ret = - _gnutls_send_server_certificate_request(state, + _gnutls_send_server_certificate_request(session, AGAIN (STATE5)); STATE = STATE5; @@ -2191,25 +2191,25 @@ int gnutls_handshake_server(GNUTLS_STATE state) /* Added for SRP which uses a different handshake */ /* receive the client key exchange message */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_kx_message0(state); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_client_kx_message0(session); STATE = STATE6; IMED_RET("recv client kx0", ret); case STATE7: /* send server key exchange (B) */ - if (state->gnutls_internals.resumed == RESUME_FALSE) + if (session->internals.resumed == RESUME_FALSE) ret = - _gnutls_send_server_kx_message2(state, + _gnutls_send_server_kx_message2(session, AGAIN(STATE7)); STATE = STATE7; IMED_RET("send server kx2", ret); case STATE8: /* send the server hello done */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = - _gnutls_send_empty_handshake(state, + _gnutls_send_empty_handshake(session, GNUTLS_SERVER_HELLO_DONE, AGAIN(STATE8)); STATE = STATE8; @@ -2219,67 +2219,67 @@ int gnutls_handshake_server(GNUTLS_STATE state) /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */ case STATE9: /* receive the client certificate message */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_certificate(state); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_client_certificate(session); STATE = STATE9; IMED_RET("recv client certificate", ret); case STATE10: /* receive the client key exchange message */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_kx_message(state); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_client_kx_message(session); STATE = STATE10; IMED_RET("recv client kx", ret); case STATE11: /* receive the client certificate verify message */ - if (state->gnutls_internals.resumed == RESUME_FALSE) /* if we are not resuming */ + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ ret = _gnutls_recv_client_certificate_verify_message - (state); + (session); STATE = STATE11; IMED_RET("recv client certificate verify", ret); - STATE = STATE0; /* finished thus clear state */ + STATE = STATE0; /* finished thus clear session */ default: } return 0; } -int gnutls_handshake_common(GNUTLS_STATE state) +int gnutls_handshake_common(gnutls_session session) { int ret = 0; /* send and recv the change cipher spec and finished messages */ - if ((state->gnutls_internals.resumed == RESUME_TRUE - && state->security_parameters.entity == GNUTLS_CLIENT) - || (state->gnutls_internals.resumed == RESUME_FALSE - && state->security_parameters.entity == GNUTLS_SERVER)) { + if ((session->internals.resumed == RESUME_TRUE + && session->security_parameters.entity == GNUTLS_CLIENT) + || (session->internals.resumed == RESUME_FALSE + && session->security_parameters.entity == GNUTLS_SERVER)) { /* if we are a client resuming - or we are a server not resuming */ - ret = _gnutls_recv_handshake_final(state, TRUE); + ret = _gnutls_recv_handshake_final(session, TRUE); IMED_RET("recv handshake final", ret); - ret = _gnutls_send_handshake_final(state, FALSE); + ret = _gnutls_send_handshake_final(session, FALSE); IMED_RET("send handshake final", ret); } else { /* if we are a client not resuming - or we are a server resuming */ - ret = _gnutls_send_handshake_final(state, TRUE); + ret = _gnutls_send_handshake_final(session, TRUE); IMED_RET("send handshake final 2", ret); - ret = _gnutls_recv_handshake_final(state, FALSE); + ret = _gnutls_recv_handshake_final(session, FALSE); IMED_RET("recv handshake final 2", ret); } - if (state->security_parameters.entity == GNUTLS_SERVER) { + if (session->security_parameters.entity == GNUTLS_SERVER) { /* in order to support session resuming */ - _gnutls_server_register_current_session(state); + _gnutls_server_register_current_session(session); } /* clear handshake buffer */ - _gnutls_handshake_hash_buffers_clear(state); + _gnutls_handshake_hash_buffers_clear(session); return ret; } @@ -2301,12 +2301,12 @@ int _gnutls_generate_session_id(char *session_id, uint8 * len) return 0; } -int _gnutls_recv_hello_request(GNUTLS_STATE state, void *data, +int _gnutls_recv_hello_request(gnutls_session session, void *data, uint32 data_size) { uint8 type; - if (state->security_parameters.entity == GNUTLS_SERVER) { + if (session->security_parameters.entity == GNUTLS_SERVER) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET; } @@ -2330,10 +2330,10 @@ int _gnutls_recv_hello_request(GNUTLS_STATE state, void *data, * This does a more high level check than gnutls_supported_ciphersuites(), * by checking certificates etc. */ -int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, +int _gnutls_remove_unwanted_ciphersuites(gnutls_session session, GNUTLS_CipherSuite ** cipherSuites, int numCipherSuites, - PKAlgorithm requested_pk_algo) + gnutls_pk_algorithm requested_pk_algo) { int ret = 0; @@ -2341,9 +2341,9 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, int newSuiteSize = 0, i, j, keep; const GNUTLS_CERTIFICATE_CREDENTIALS x509_cred; const gnutls_cert *cert = NULL; - KXAlgorithm *alg; + gnutls_kx_algorithm *alg; int alg_size; - KXAlgorithm kx; + gnutls_kx_algorithm kx; /* if we should use a specific certificate, @@ -2353,14 +2353,14 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, */ x509_cred = - _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); /* if x509_cred==NULL we should remove all X509 ciphersuites */ cert = NULL; - if (state->security_parameters.entity == GNUTLS_SERVER) - cert = _gnutls_server_find_cert(state, requested_pk_algo); + if (session->security_parameters.entity == GNUTLS_SERVER) + cert = _gnutls_server_find_cert(session, requested_pk_algo); if (cert == NULL) { /* No certificate was found @@ -2401,7 +2401,7 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, /* if it is defined but had no credentials */ if (_gnutls_get_kx_cred - (state->gnutls_key, kx, NULL) == NULL) { + (session->gnutls_key, kx, NULL) == NULL) { keep = 1; } else /* If there was no credentials to use with the specified @@ -2410,7 +2410,7 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, if (_gnutls_map_kx_get_cred(kx) == GNUTLS_CRD_CERTIFICATE) { keep = 1; /* do not keep */ if (x509_cred != NULL) { - if (state->security_parameters.entity == + if (session->security_parameters.entity == GNUTLS_SERVER) { /* here we check if the KX algorithm * is compatible with the certificate. @@ -2457,7 +2457,7 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, /** * gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message - * @state: is a a &GNUTLS_STATE structure. + * @session: is a a &gnutls_session structure. * @max: is the maximum number. * * This function will set the maximum size of a handshake message. @@ -2466,17 +2466,17 @@ int _gnutls_remove_unwanted_ciphersuites(GNUTLS_STATE state, * to set an upper limit. * **/ -void gnutls_handshake_set_max_packet_length(GNUTLS_STATE state, int max) +void gnutls_handshake_set_max_packet_length(gnutls_session session, int max) { - state->gnutls_internals.max_handshake_data_buffer_size = max; + session->internals.max_handshake_data_buffer_size = max; } -void _gnutls_set_adv_version( GNUTLS_STATE state, GNUTLS_Version ver) { - set_adv_version( state, _gnutls_version_get_major(ver), _gnutls_version_get_minor(ver)); +void _gnutls_set_adv_version( gnutls_session session, gnutls_protocol_version ver) { + set_adv_version( session, _gnutls_version_get_major(ver), _gnutls_version_get_minor(ver)); } -GNUTLS_Version _gnutls_get_adv_version( GNUTLS_STATE state) { - return _gnutls_version_get( _gnutls_get_adv_version_major( state), - _gnutls_get_adv_version_minor( state)); +gnutls_protocol_version _gnutls_get_adv_version( gnutls_session session) { + return _gnutls_version_get( _gnutls_get_adv_version_major( session), + _gnutls_get_adv_version_minor( session)); } diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index f337713c2d..e8a4750dba 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -20,26 +20,26 @@ typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; -int _gnutls_send_handshake( GNUTLS_STATE state, void* i_data, uint32 i_datasize, HandshakeType type); -int gnutls_send_hello_request( GNUTLS_STATE state); -int _gnutls_recv_hello_request( GNUTLS_STATE state, void* data, uint32 data_size); -int _gnutls_send_hello( GNUTLS_STATE state, int again); -int _gnutls_recv_hello( GNUTLS_STATE state, char* data, int datalen); -int gnutls_handshake( GNUTLS_STATE state); -int _gnutls_recv_handshake( GNUTLS_STATE state, uint8**, int*, HandshakeType, Optional optional); +int _gnutls_send_handshake( gnutls_session session, void* i_data, uint32 i_datasize, HandshakeType type); +int gnutls_send_hello_request( gnutls_session session); +int _gnutls_recv_hello_request( gnutls_session session, void* data, uint32 data_size); +int _gnutls_send_hello( gnutls_session session, int again); +int _gnutls_recv_hello( gnutls_session session, char* data, int datalen); +int gnutls_handshake( gnutls_session session); +int _gnutls_recv_handshake( gnutls_session session, uint8**, int*, HandshakeType, Optional optional); int _gnutls_generate_session_id( char* session_id, uint8* len); -int gnutls_handshake_common( GNUTLS_STATE state); -int gnutls_handshake_client( GNUTLS_STATE state); -int gnutls_handshake_server( GNUTLS_STATE state); -void _gnutls_set_server_random( GNUTLS_STATE state, uint8* random); -void _gnutls_set_client_random( GNUTLS_STATE state, uint8* random); +int gnutls_handshake_common( gnutls_session session); +int gnutls_handshake_client( gnutls_session session); +int gnutls_handshake_server( gnutls_session session); +void _gnutls_set_server_random( gnutls_session session, uint8* random); +void _gnutls_set_client_random( gnutls_session session, uint8* random); int _gnutls_create_random( opaque* dst); -int _gnutls_remove_unwanted_ciphersuites( GNUTLS_STATE state, GNUTLS_CipherSuite ** cipherSuites, int numCipherSuites, PKAlgorithm); -void gnutls_handshake_set_max_packet_length( GNUTLS_STATE state, int max); +int _gnutls_remove_unwanted_ciphersuites( gnutls_session session, GNUTLS_CipherSuite ** cipherSuites, int numCipherSuites, gnutls_pk_algorithm); +void gnutls_handshake_set_max_packet_length( gnutls_session session, int max); int _gnutls_find_pk_algos_in_ciphersuites( opaque* data, int datalen); -int _gnutls_server_select_suite(GNUTLS_STATE state, opaque *data, int datalen); +int _gnutls_server_select_suite(gnutls_session session, opaque *data, int datalen); -#define STATE state->gnutls_internals.handshake_state +#define STATE session->internals.handshake_state /* This returns true if we have got there * before (and not finished due to an interrupt). */ diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 634d3c96c8..9adec856f8 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -28,7 +28,7 @@ #include #include -GNUTLS_HASH_HANDLE _gnutls_hash_init(MACAlgorithm algorithm) +GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm) { GNUTLS_MAC_HANDLE ret; @@ -73,7 +73,7 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(MACAlgorithm algorithm) return ret; } -int _gnutls_hash_get_algo_len(MACAlgorithm algorithm) +int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm) { int ret; @@ -168,7 +168,7 @@ void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void *digest) } -GNUTLS_MAC_HANDLE _gnutls_hmac_init(MACAlgorithm algorithm, +GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm, const void *key, int keylen) { GNUTLS_MAC_HANDLE ret; @@ -221,7 +221,7 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(MACAlgorithm algorithm, } -int _gnutls_hmac_get_algo_len(MACAlgorithm algorithm) +int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm) { int ret; @@ -293,7 +293,7 @@ void _gnutls_hmac_deinit(GNUTLS_MAC_HANDLE handle, void *digest) return; } -GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3(MACAlgorithm algorithm, void *key, +GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3(gnutls_mac_algorithm algorithm, void *key, int keylen) { GNUTLS_MAC_HANDLE ret; diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 7607cdb0be..df526ab0aa 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -35,7 +35,7 @@ typedef struct { #else GCRY_MD_HD handle; #endif - MACAlgorithm algorithm; + gnutls_mac_algorithm algorithm; const void* key; int keysize; } GNUTLS_MAC_HANDLE_INT; @@ -45,16 +45,16 @@ typedef GNUTLS_MAC_HANDLE GNUTLS_HASH_HANDLE; #define GNUTLS_HASH_FAILED NULL #define GNUTLS_MAC_FAILED NULL -GNUTLS_MAC_HANDLE _gnutls_hmac_init( MACAlgorithm algorithm, const void* key, int keylen); -int _gnutls_hmac_get_algo_len(MACAlgorithm algorithm); +GNUTLS_MAC_HANDLE _gnutls_hmac_init( gnutls_mac_algorithm algorithm, const void* key, int keylen); +int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm); int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void* text, int textlen); void _gnutls_hmac_deinit( GNUTLS_MAC_HANDLE handle, void* digest); -GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3( MACAlgorithm algorithm, void* key, int keylen); +GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3( gnutls_mac_algorithm algorithm, void* key, int keylen); void _gnutls_mac_deinit_ssl3( GNUTLS_MAC_HANDLE handle, void* digest); -GNUTLS_HASH_HANDLE _gnutls_hash_init(MACAlgorithm algorithm); -int _gnutls_hash_get_algo_len(MACAlgorithm algorithm); +GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm); +int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm); int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, int textlen); void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void* digest); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 311ef2a40a..4f5caf182a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -40,9 +40,9 @@ /* It might be a good idea to replace int with void* * here. */ -#define GNUTLS_TRANSPORT_PTR int +typedef int gnutls_transport_ptr; -typedef const int* GNUTLS_LIST; +typedef const int* gnutls_list; #define MIN_BITS 767 @@ -81,8 +81,8 @@ typedef const int* GNUTLS_LIST; /* the maximum size of encrypted packets */ #define DEFAULT_MAX_RECORD_SIZE 16384 #define RECORD_HEADER_SIZE 5 -#define MAX_RECORD_SEND_SIZE state->security_parameters.max_record_send_size -#define MAX_RECORD_RECV_SIZE state->security_parameters.max_record_recv_size +#define MAX_RECORD_SEND_SIZE session->security_parameters.max_record_send_size +#define MAX_RECORD_RECV_SIZE session->security_parameters.max_record_recv_size #define MAX_PAD_SIZE 255 #define EXTRA_COMP_SIZE 2048 #define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE @@ -104,26 +104,20 @@ typedef struct { opaque pint[3]; } uint24; typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType; -typedef enum CertificateStatus { +typedef enum gnutls_certificate_status { GNUTLS_CERT_NOT_TRUSTED=2, GNUTLS_CERT_INVALID=4, GNUTLS_CERT_CORRUPTED=16, GNUTLS_CERT_REVOKED=32 -} CertificateStatus; -#define GNUTLS_CertificateStatus CertificateStatus +} gnutls_certificate_status; -typedef enum CertificateRequest { GNUTLS_CERT_IGNORE, - GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE -} CertificateRequest; -#define GNUTLS_CertificateRequest CertificateRequest +typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request; -typedef enum GNUTLS_OpenPGPKeyStatus { GNUTLS_OPENPGP_KEY, +typedef enum gnutls_openpgp_key_status { GNUTLS_OPENPGP_KEY, GNUTLS_OPENPGP_KEY_FINGERPRINT -} GNUTLS_OpenPGPKeyStatus; +} gnutls_openpgp_key_status; -typedef enum CloseRequest { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 -} CloseRequest; -#define GNUTLS_CloseRequest CloseRequest +typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutls_close_request; typedef enum HandshakeState { STATE0=0, STATE1, STATE2, STATE3, STATE4, STATE5, STATE6, STATE7, STATE8, STATE9, STATE10, STATE11, STATE20=20, STATE21, @@ -149,44 +143,33 @@ typedef gnutls_datum gnutls_sdatum; #define MAX_CIPHERSUITES 256 /* STATE */ -typedef enum ConnectionEnd { GNUTLS_SERVER=1, GNUTLS_CLIENT -} ConnectionEnd; -#define GNUTLS_ConnectionEnd ConnectionEnd -typedef enum BulkCipherAlgorithm { GNUTLS_CIPHER_NULL=1, +typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_NULL=1, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_TWOFISH_128_CBC, GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_CIPHER_ARCFOUR_40 -} BulkCipherAlgorithm; -#define GNUTLS_BulkCipherAlgorithm BulkCipherAlgorithm - -typedef enum Extensions { GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6, GNUTLS_EXTENSION_CERT_TYPE=7 -} Extensions; +} gnutls_cipher_algorithm; -typedef enum KXAlgorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, +typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_SRP, GNUTLS_KX_RSA_EXPORT -} KXAlgorithm; -#define GNUTLS_KXAlgorithm KXAlgorithm +} gnutls_kx_algorithm; -typedef enum CertificateType { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP -} CertificateType; -#define GNUTLS_CertificateType CertificateType +typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } gnutls_mac_algorithm; -typedef enum CredType { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP -} CredType; -#define GNUTLS_CredType CredType +typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB } gnutls_compression_method; -typedef enum CipherType { CIPHER_STREAM, CIPHER_BLOCK } CipherType; +typedef enum gnutls_connection_end { GNUTLS_SERVER=1, GNUTLS_CLIENT } gnutls_connection_end; -typedef enum CompressionMethod { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB -} CompressionMethod; -#define GNUTLS_CompressionMethod CompressionMethod +typedef enum Extensions { GNUTLS_EXTENSION_MAX_RECORD_SIZE=1, GNUTLS_EXTENSION_SRP=6, GNUTLS_EXTENSION_CERT_TYPE=7 +} Extensions; -typedef enum MACAlgorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, - GNUTLS_MAC_SHA -} MACAlgorithm; -#define GNUTLS_MACAlgorithm MACAlgorithm +typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type; + +typedef enum gnutls_certificate_type { GNUTLS_CRT_X509=1, GNUTLS_CRT_OPENPGP +} gnutls_certificate_type; + +typedef enum CipherType { CIPHER_STREAM, CIPHER_BLOCK } CipherType; typedef enum ValidSession { VALID_TRUE, VALID_FALSE } ValidSession; typedef enum ResumableSession { RESUME_TRUE, RESUME_FALSE } ResumableSession; @@ -196,36 +179,29 @@ typedef enum ContentType { GNUTLS_CHANGE_CIPHER_SPEC=20, GNUTLS_ALERT, GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA } ContentType; -typedef enum GNUTLS_X509_CertificateFmt { GNUTLS_X509_FMT_DER, - GNUTLS_X509_FMT_PEM } GNUTLS_X509_CertificateFmt; - -typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, /* sign only */ - GNUTLS_PK_UNKNOWN -} PKAlgorithm; +typedef enum gnutls_x509_certificate_fmt { GNUTLS_X509_FMT_DER, + GNUTLS_X509_FMT_PEM } gnutls_x509_certificate_fmt; -#define GNUTLS_PKAlgorithm PKAlgorithm +typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, + GNUTLS_PK_UNKNOWN = 0xff +} gnutls_pk_algorithm; /* STATE (stop) */ /* Pull & Push functions defines: */ -typedef ssize_t (*PULL_FUNC)(GNUTLS_TRANSPORT_PTR, void*, size_t); -typedef ssize_t (*PUSH_FUNC)(GNUTLS_TRANSPORT_PTR, const void*, size_t); -#define GNUTLS_PULL_FUNC PULL_FUNC -#define GNUTLS_PUSH_FUNC PUSH_FUNC +typedef ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, void*, size_t); +typedef ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t); /* Store & Retrieve functions defines: */ -typedef int (*DB_STORE_FUNC)(void*, gnutls_datum key, gnutls_datum data); -typedef int (*DB_REMOVE_FUNC)(void*, gnutls_datum key); -typedef gnutls_datum (*DB_RETR_FUNC)(void*, gnutls_datum key); -#define GNUTLS_DB_STORE_FUNC DB_STORE_FUNC -#define GNUTLS_DB_REMOVE_FUNC DB_REMOVE_FUNC -#define GNUTLS_DB_RETR_FUNC DB_RETR_FUNC +typedef int (*gnutls_db_store_func)(void*, gnutls_datum key, gnutls_datum data); +typedef int (*gnutls_db_remove_func)(void*, gnutls_datum key); +typedef gnutls_datum (*gnutls_db_retr_func)(void*, gnutls_datum key); typedef struct AUTH_CRED { - KXAlgorithm algorithm; + gnutls_kx_algorithm algorithm; /* the type of credentials depends on algorithm */ void* credentials; struct AUTH_CRED* next; @@ -258,7 +234,7 @@ struct GNUTLS_KEY_INT { * Rememember that this should be calloced! */ void* auth_info; - CredType auth_info_type; + gnutls_credentials_type auth_info_type; int auth_info_size; /* needed in order to store to db for restoring */ uint8 crypt_algo; @@ -292,7 +268,8 @@ typedef struct { /* Versions should be in order of the oldest * (eg. SSL3 is before TLS1) */ -typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1, GNUTLS_VERSION_UNKNOWN=0xff } GNUTLS_Version; +typedef enum gnutls_protocol_version { GNUTLS_SSL3=1, GNUTLS_TLS1, GNUTLS_VERSION_UNKNOWN=0xff } +gnutls_protocol_version; /* This structure holds parameters got from TLS extension * mechanism. (some extensions may hold parameters in AUTH_INFO @@ -310,7 +287,7 @@ typedef struct { /* This structure and AUTH_INFO, are stored in the resume database, * and are restored, in case of resume. * Holds all the required parameters to resume the current - * state. + * session. */ /* if you add anything in Security_Parameters struct, then @@ -322,22 +299,22 @@ typedef struct { * the handshake is in progress is the cipher suite value. */ typedef struct { - ConnectionEnd entity; - KXAlgorithm kx_algorithm; + gnutls_connection_end entity; + gnutls_kx_algorithm kx_algorithm; /* we've got separate write/read bulk/macs because * there is a time in handshake where the peer has * null cipher and we don't */ - BulkCipherAlgorithm read_bulk_cipher_algorithm; - MACAlgorithm read_mac_algorithm; - CompressionMethod read_compression_algorithm; + gnutls_cipher_algorithm read_bulk_cipher_algorithm; + gnutls_mac_algorithm read_mac_algorithm; + gnutls_compression_method read_compression_algorithm; - BulkCipherAlgorithm write_bulk_cipher_algorithm; - MACAlgorithm write_mac_algorithm; - CompressionMethod write_compression_algorithm; + gnutls_cipher_algorithm write_bulk_cipher_algorithm; + gnutls_mac_algorithm write_mac_algorithm; + gnutls_compression_method write_compression_algorithm; /* this is the ciphersuite we are going to use - * moved here from gnutls_internals in order to be restored + * moved here from internals in order to be restored * on resume; */ GNUTLS_CipherSuite current_cipher_suite; @@ -355,8 +332,8 @@ typedef struct { uint16 max_record_send_size; uint16 max_record_recv_size; /* holds the negotiated certificate type */ - CertificateType cert_type; - GNUTLS_Version version; /* moved here */ + gnutls_certificate_type cert_type; + gnutls_protocol_version version; /* moved here */ } SecurityParameters; /* This structure holds the generated keys @@ -388,20 +365,13 @@ typedef struct { typedef struct { - int algorithm_priority[MAX_ALGOS]; + int priority[MAX_ALGOS]; int algorithms; } GNUTLS_Priority; -#define BulkCipherAlgorithm_Priority GNUTLS_Priority -#define MACAlgorithm_Priority GNUTLS_Priority -#define KXAlgorithm_Priority GNUTLS_Priority -#define CompressionMethod_Priority GNUTLS_Priority -#define Protocol_Priority GNUTLS_Priority -#define CertType_Priority GNUTLS_Priority - -typedef int certificate_client_select_func(struct GNUTLS_STATE_INT*, const gnutls_datum *, int, const gnutls_datum *, int); -typedef int certificate_server_select_func(struct GNUTLS_STATE_INT*, const gnutls_datum *, int); -typedef int srp_server_select_func(struct GNUTLS_STATE_INT*, char**, char**, int); +typedef int certificate_client_select_func(struct gnutls_session_int*, const gnutls_datum *, int, const gnutls_datum *, int); +typedef int certificate_server_select_func(struct gnutls_session_int*, const gnutls_datum *, int); +typedef int srp_server_select_func(struct gnutls_session_int*, char**, char**, int); typedef struct { opaque header[HANDSHAKE_HEADER_SIZE]; @@ -435,15 +405,15 @@ typedef struct { int last_alert; /* last alert received */ /* this is the compression method we are going to use */ - CompressionMethod compression_method; + gnutls_compression_method compression_method; /* priorities */ - BulkCipherAlgorithm_Priority BulkCipherAlgorithmPriority; - MACAlgorithm_Priority MACAlgorithmPriority; - KXAlgorithm_Priority KXAlgorithmPriority; - CompressionMethod_Priority CompressionMethodPriority; - Protocol_Priority ProtocolPriority; - CertType_Priority cert_type_priority; - + GNUTLS_Priority cipher_algorithm_priority; + GNUTLS_Priority mac_algorithm_priority; + GNUTLS_Priority kx_algorithm_priority; + GNUTLS_Priority compression_method_priority; + GNUTLS_Priority protocol_priority; + GNUTLS_Priority cert_type_priority; + /* resumed session */ ResumableSession resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ SecurityParameters resumed_security_parameters; @@ -525,20 +495,20 @@ typedef struct { /* PUSH & PULL functions. */ - PULL_FUNC _gnutls_pull_func; - PUSH_FUNC _gnutls_push_func; + gnutls_pull_func _gnutls_pull_func; + gnutls_push_func _gnutls_push_func; /* Holds the first argument of PUSH and PULL * functions; */ - int transport_recv_ptr; - int transport_send_ptr; - + gnutls_transport_ptr transport_recv_ptr; + gnutls_transport_ptr transport_send_ptr; + /* STORE & RETRIEVE functions. Only used if other * backend than gdbm is used. */ - DB_STORE_FUNC db_store_func; - DB_RETR_FUNC db_retrieve_func; - DB_REMOVE_FUNC db_remove_func; + gnutls_db_store_func db_store_func; + gnutls_db_retr_func db_retrieve_func; + gnutls_db_remove_func db_remove_func; void* db_ptr; /* Holds the record size requested by the @@ -564,7 +534,7 @@ typedef struct { /* This holds the default version that our first * record packet will have. */ - GNUTLS_Version default_record_version; + gnutls_protocol_version default_record_version; int cbc_protection_hack; @@ -586,15 +556,15 @@ typedef struct { */ } GNUTLS_INTERNALS; -struct GNUTLS_STATE_INT { +struct gnutls_session_int { SecurityParameters security_parameters; CipherSpecs cipher_specs; ConnectionState connection_state; - GNUTLS_INTERNALS gnutls_internals; + GNUTLS_INTERNALS internals; GNUTLS_KEY gnutls_key; }; -typedef struct GNUTLS_STATE_INT *GNUTLS_STATE; +typedef struct gnutls_session_int *gnutls_session; typedef struct { int bits; @@ -605,38 +575,38 @@ typedef struct { int local; /* indicates if it is * not malloced, !=0 indicates malloced */ -} _GNUTLS_DH_PARAMS; +} _gnutls_dh_params; -#define GNUTLS_DH_PARAMS _GNUTLS_DH_PARAMS* +#define gnutls_dh_params _gnutls_dh_params* typedef struct { int bits; MPI params[RSA_PRIVATE_PARAMS]; -} _GNUTLS_RSA_PARAMS; +} _gnutls_rsa_params; -#define GNUTLS_RSA_PARAMS _GNUTLS_RSA_PARAMS* +#define gnutls_rsa_params _gnutls_rsa_params* /* functions */ -void _gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version); -GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state); -void _gnutls_free_auth_info( GNUTLS_STATE state); +void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version version); +gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session); +void _gnutls_free_auth_info( gnutls_session session); /* These two macros return the advertized TLS version of * the peer. */ -#define _gnutls_get_adv_version_major( state) \ - state->gnutls_internals.adv_version_major +#define _gnutls_get_adv_version_major( session) \ + session->internals.adv_version_major -#define _gnutls_get_adv_version_minor( state) \ - state->gnutls_internals.adv_version_minor +#define _gnutls_get_adv_version_minor( session) \ + session->internals.adv_version_minor -#define set_adv_version( state, major, minor) \ - state->gnutls_internals.adv_version_major = major; \ - state->gnutls_internals.adv_version_minor = minor +#define set_adv_version( session, major, minor) \ + session->internals.adv_version_major = major; \ + session->internals.adv_version_minor = minor -void _gnutls_set_adv_version( GNUTLS_STATE, GNUTLS_Version); -GNUTLS_Version _gnutls_get_adv_version( GNUTLS_STATE); +void _gnutls_set_adv_version( gnutls_session, gnutls_protocol_version); +gnutls_protocol_version _gnutls_get_adv_version( gnutls_session); #endif /* GNUTLS_INT_H */ diff --git a/lib/gnutls_int_compat.c b/lib/gnutls_int_compat.c index b6fb2f50f1..818a0b1e03 100644 --- a/lib/gnutls_int_compat.c +++ b/lib/gnutls_int_compat.c @@ -7,11 +7,42 @@ #ifdef GNUTLS_BACKWARDS_COMPATIBLE -void gnutls_handshake_set_exportable_detection(GNUTLS_STATE state, int det) +#undef gnutls_handshake_set_exportable_detection +void gnutls_handshake_set_exportable_detection(gnutls_session session, int det) { return; } +#undef gnutls_state_get_ptr +void* gnutls_state_get_ptr(gnutls_session session) +{ + return gnutls_session_get_ptr( session); +} + +#undef gnutls_state_set_ptr +void gnutls_state_set_ptr(gnutls_session session, void* ptr) +{ + return gnutls_state_set_ptr( session, ptr); +} + +#undef gnutls_init +int gnutls_init(gnutls_session * session, gnutls_connection_end con_end) +{ + return gnutls_session_init( session, con_end); +} + +#undef _gnutls_deinit +void _gnutls_deinit(gnutls_session session) +{ + _gnutls_session_deinit( session); +} + +#undef gnutls_deinit +void gnutls_deinit(gnutls_session session) +{ + gnutls_session_deinit( session); +} + /* nothing here */ #endif /* GNUTLS_BACKWARDS_COMPATIBLE */ diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 2fa4ec6784..b3e8be5256 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -40,46 +40,46 @@ */ #define MASTER_SECRET "master secret" -static int generate_normal_master( GNUTLS_STATE state); +static int generate_normal_master( gnutls_session session); -int _gnutls_generate_master( GNUTLS_STATE state) { - if (state->gnutls_internals.resumed==RESUME_FALSE) - return generate_normal_master(state); +int _gnutls_generate_master( gnutls_session session) { + if (session->internals.resumed==RESUME_FALSE) + return generate_normal_master(session); return 0; } /* here we generate the TLS Master secret. */ -#define PREMASTER state->gnutls_key->key -static int generate_normal_master( GNUTLS_STATE state) { +#define PREMASTER session->gnutls_key->key +static int generate_normal_master( gnutls_session session) { int ret = 0; char random[2*TLS_RANDOM_SIZE]; - memcpy(random, state->security_parameters.client_random, TLS_RANDOM_SIZE); - memcpy(&random[TLS_RANDOM_SIZE], state->security_parameters.server_random, TLS_RANDOM_SIZE); + memcpy(random, session->security_parameters.client_random, TLS_RANDOM_SIZE); + memcpy(&random[TLS_RANDOM_SIZE], session->security_parameters.server_random, TLS_RANDOM_SIZE); _gnutls_hard_log( "INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, _gnutls_bin2hex(PREMASTER.data, PREMASTER.size)); - _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(state->security_parameters.client_random,32)); - _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(state->security_parameters.server_random,32)); + _gnutls_hard_log( "INT: CLIENT RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.client_random,32)); + _gnutls_hard_log( "INT: SERVER RANDOM[%d]: %s\n", 32, _gnutls_bin2hex(session->security_parameters.server_random,32)); - if ( gnutls_protocol_get_version( state) == GNUTLS_SSL3) { + if ( gnutls_protocol_get_version( session) == GNUTLS_SSL3) { ret = _gnutls_ssl3_generate_random( PREMASTER.data, PREMASTER.size, random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE, - state->security_parameters.master_secret); + session->security_parameters.master_secret); } else { ret = _gnutls_PRF( PREMASTER.data, PREMASTER.size, MASTER_SECRET, strlen(MASTER_SECRET), random, 2*TLS_RANDOM_SIZE, TLS_MASTER_SIZE, - state->security_parameters.master_secret); + session->security_parameters.master_secret); } gnutls_sfree_datum(&PREMASTER); if (ret<0) return ret; - _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(state->security_parameters.master_secret, TLS_MASTER_SIZE)); + _gnutls_hard_log( "INT: MASTER SECRET: %s\n", _gnutls_bin2hex(session->security_parameters.master_secret, TLS_MASTER_SIZE)); return ret; } @@ -89,20 +89,20 @@ char random[2*TLS_RANDOM_SIZE]; * server. It does nothing if this type of message is not required * by the selected ciphersuite. */ -int _gnutls_send_server_kx_message( GNUTLS_STATE state, int again) +int _gnutls_send_server_kx_message( gnutls_session session, int again) { uint8 *data = NULL; int data_size = 0; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_generate_server_kx==NULL) + if (session->internals.auth_struct->gnutls_generate_server_kx==NULL) return 0; data = NULL; data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_kx( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_server_kx( session, &data); if (data_size == GNUTLS_E_INT_RET_0) { gnutls_assert(); @@ -115,7 +115,7 @@ int _gnutls_send_server_kx_message( GNUTLS_STATE state, int again) } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); gnutls_free(data); if (ret < 0) { @@ -128,30 +128,30 @@ int _gnutls_send_server_kx_message( GNUTLS_STATE state, int again) /* This function sends a certificate request message to the * client. */ -int _gnutls_send_server_certificate_request( GNUTLS_STATE state, int again) +int _gnutls_send_server_certificate_request( gnutls_session session, int again) { uint8 *data = NULL; int data_size = 0; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_generate_server_certificate_request==NULL) + if (session->internals.auth_struct->gnutls_generate_server_certificate_request==NULL) return 0; - if (state->gnutls_internals.send_cert_req <= 0) + if (session->internals.send_cert_req <= 0) return 0; data = NULL; data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_certificate_request( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_server_certificate_request( session, &data); if (data_size < 0) { gnutls_assert(); return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_REQUEST); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_REQUEST); gnutls_free(data); if (ret < 0) { @@ -162,20 +162,20 @@ int _gnutls_send_server_certificate_request( GNUTLS_STATE state, int again) } /* Currently only used in SRP */ -int _gnutls_send_server_kx_message2( GNUTLS_STATE state, int again) +int _gnutls_send_server_kx_message2( gnutls_session session, int again) { uint8 *data = NULL; int data_size = 0; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_generate_server_kx2 == NULL) + if (session->internals.auth_struct->gnutls_generate_server_kx2 == NULL) return 0; data = NULL; data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_kx2( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_server_kx2( session, &data); if (data_size<0) { gnutls_assert(); @@ -183,7 +183,7 @@ int _gnutls_send_server_kx_message2( GNUTLS_STATE state, int again) } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_SERVER_KEY_EXCHANGE); gnutls_free(data); if (ret<0) { @@ -197,13 +197,13 @@ int _gnutls_send_server_kx_message2( GNUTLS_STATE state, int again) /* This is the function for the client to send the key * exchange message */ -int _gnutls_send_client_kx_message( GNUTLS_STATE state, int again) +int _gnutls_send_client_kx_message( gnutls_session session, int again) { uint8 *data; int data_size; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_generate_client_kx==NULL) + if (session->internals.auth_struct->gnutls_generate_client_kx==NULL) return 0; @@ -211,13 +211,13 @@ int _gnutls_send_client_kx_message( GNUTLS_STATE state, int again) data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_client_kx( session, &data); if (data_size < 0) { gnutls_assert(); return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); gnutls_free(data); if (ret<0) { @@ -230,13 +230,13 @@ int _gnutls_send_client_kx_message( GNUTLS_STATE state, int again) /* Only used in SRP currently */ -int _gnutls_send_client_kx_message0( GNUTLS_STATE state, int again) +int _gnutls_send_client_kx_message0( gnutls_session session, int again) { uint8 *data; int data_size; int ret = 0; - if ( state->gnutls_internals.auth_struct->gnutls_generate_client_kx0 == NULL) + if ( session->internals.auth_struct->gnutls_generate_client_kx0 == NULL) return 0; @@ -244,14 +244,14 @@ int _gnutls_send_client_kx_message0( GNUTLS_STATE state, int again) data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_kx0( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_client_kx0( session, &data); if (data_size < 0) { gnutls_assert(); return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CLIENT_KEY_EXCHANGE); gnutls_free(data); return ret; @@ -261,7 +261,7 @@ int _gnutls_send_client_kx_message0( GNUTLS_STATE state, int again) /* This is the function for the client to send the certificate * verify message */ -int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again) +int _gnutls_send_client_certificate_verify( gnutls_session session, int again) { uint8 *data; int ret = 0; @@ -269,15 +269,15 @@ int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again) /* This is a packet that is only sent by the client */ - if (state->security_parameters.entity==GNUTLS_SERVER) return 0; + if (session->security_parameters.entity==GNUTLS_SERVER) return 0; /* if certificate verify is not needed just exit */ - if (state->gnutls_key->certificate_requested==0) { + if (session->gnutls_key->certificate_requested==0) { return 0; } - if (state->gnutls_internals.auth_struct->gnutls_generate_client_cert_vrfy==NULL) { + if (session->internals.auth_struct->gnutls_generate_client_cert_vrfy==NULL) { gnutls_assert(); return 0; /* this algorithm does not support cli_cert_vrfy */ @@ -287,7 +287,7 @@ int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again) data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_cert_vrfy( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_client_cert_vrfy( session, &data); if (data_size < 0) { gnutls_assert(); return data_size; @@ -297,7 +297,7 @@ int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again) } ret = - _gnutls_send_handshake( state, data, + _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_VERIFY); gnutls_free(data); @@ -306,24 +306,24 @@ int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again) } -int _gnutls_recv_server_kx_message( GNUTLS_STATE state) +int _gnutls_recv_server_kx_message( gnutls_session session) { uint8 *data = NULL; int datasize; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_process_server_kx!=NULL) { + if (session->internals.auth_struct->gnutls_process_server_kx!=NULL) { /* EXCEPTION FOR RSA_EXPORT cipher suite */ - if ( _gnutls_session_is_export( state) != 0 && - _gnutls_peers_cert_less_512(state) != 0) { + if ( _gnutls_session_is_export( session) != 0 && + _gnutls_peers_cert_less_512(session) != 0) { gnutls_assert(); return 0; } ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) { @@ -331,7 +331,7 @@ int _gnutls_recv_server_kx_message( GNUTLS_STATE state) return ret; } - ret = state->gnutls_internals.auth_struct->gnutls_process_server_kx( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_server_kx( session, data, datasize); gnutls_free(data); if (ret < 0) { @@ -343,16 +343,16 @@ int _gnutls_recv_server_kx_message( GNUTLS_STATE state) return ret; } -int _gnutls_recv_server_certificate_request( GNUTLS_STATE state) +int _gnutls_recv_server_certificate_request( gnutls_session session) { uint8 *data; int datasize; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate_request!=NULL) { + if (session->internals.auth_struct->gnutls_process_server_certificate_request!=NULL) { ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_CERTIFICATE_REQUEST, OPTIONAL_PACKET); if (ret < 0) @@ -361,7 +361,7 @@ int _gnutls_recv_server_certificate_request( GNUTLS_STATE state) if (ret==0 && datasize == 0) return 0; /* ignored */ - ret = state->gnutls_internals.auth_struct->gnutls_process_server_certificate_request( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_server_certificate_request( session, data, datasize); gnutls_free(data); if (ret < 0) return ret; @@ -370,24 +370,24 @@ int _gnutls_recv_server_certificate_request( GNUTLS_STATE state) return ret; } -int _gnutls_recv_server_kx_message2( GNUTLS_STATE state) +int _gnutls_recv_server_kx_message2( gnutls_session session) { uint8 *data; int datasize; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_process_server_kx2 != NULL) { + if (session->internals.auth_struct->gnutls_process_server_kx2 != NULL) { ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_SERVER_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) return ret; - ret = state->gnutls_internals.auth_struct->gnutls_process_server_kx2( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_server_kx2( session, data, datasize); gnutls_free(data); if (ret < 0) return ret; @@ -396,7 +396,7 @@ int _gnutls_recv_server_kx_message2( GNUTLS_STATE state) return ret; } -int _gnutls_recv_client_kx_message( GNUTLS_STATE state) +int _gnutls_recv_client_kx_message( gnutls_session session) { uint8 *data; int datasize; @@ -404,16 +404,16 @@ int _gnutls_recv_client_kx_message( GNUTLS_STATE state) /* Do key exchange only if the algorithm permits it */ - if (state->gnutls_internals.auth_struct->gnutls_process_client_kx != NULL) { + if (session->internals.auth_struct->gnutls_process_client_kx != NULL) { ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) return ret; - ret = state->gnutls_internals.auth_struct->gnutls_process_client_kx( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_client_kx( session, data, datasize); gnutls_free(data); if (ret < 0) return ret; @@ -424,23 +424,23 @@ int _gnutls_recv_client_kx_message( GNUTLS_STATE state) } /* only used in SRP */ -int _gnutls_recv_client_kx_message0( GNUTLS_STATE state) +int _gnutls_recv_client_kx_message0( gnutls_session session) { uint8 *data; int datasize; int ret = 0; /* Do key exchange only if the algorithm permits it */ - if (state->gnutls_internals.auth_struct->gnutls_process_client_kx0 != NULL) { + if (session->internals.auth_struct->gnutls_process_client_kx0 != NULL) { ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_CLIENT_KEY_EXCHANGE, MANDATORY_PACKET); if (ret < 0) return ret; - ret = state->gnutls_internals.auth_struct->gnutls_process_client_kx0( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_client_kx0( session, data, datasize); gnutls_free(data); if (ret < 0) return ret; @@ -451,31 +451,31 @@ int _gnutls_recv_client_kx_message0( GNUTLS_STATE state) /* This is called when we want send our certificate */ -int _gnutls_send_client_certificate( GNUTLS_STATE state, int again) +int _gnutls_send_client_certificate( gnutls_session session, int again) { uint8 *data = NULL; int data_size = 0; int ret = 0; - if (state->gnutls_key->certificate_requested == 0) + if (session->gnutls_key->certificate_requested == 0) return 0; - if (state->gnutls_internals.auth_struct->gnutls_generate_client_certificate==NULL) + if (session->internals.auth_struct->gnutls_generate_client_certificate==NULL) return 0; data = NULL; data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_client_certificate( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_client_certificate( session, &data); if (data_size < 0) { gnutls_assert(); return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_PKT); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_PKT); gnutls_free(data); if (ret<0) { @@ -489,28 +489,28 @@ int _gnutls_send_client_certificate( GNUTLS_STATE state, int again) /* This is called when we want send our certificate */ -int _gnutls_send_server_certificate( GNUTLS_STATE state, int again) +int _gnutls_send_server_certificate( gnutls_session session, int again) { uint8 *data = NULL; int data_size = 0; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_generate_server_certificate==NULL) + if (session->internals.auth_struct->gnutls_generate_server_certificate==NULL) return 0; data = NULL; data_size = 0; if (again == 0) { - data_size = state->gnutls_internals.auth_struct->gnutls_generate_server_certificate( state, &data); + data_size = session->internals.auth_struct->gnutls_generate_server_certificate( session, &data); if (data_size < 0) { gnutls_assert(); return data_size; } } - ret = _gnutls_send_handshake( state, data, data_size, GNUTLS_CERTIFICATE_PKT); + ret = _gnutls_send_handshake( session, data, data_size, GNUTLS_CERTIFICATE_PKT); gnutls_free(data); if (ret < 0) { @@ -522,35 +522,35 @@ int _gnutls_send_server_certificate( GNUTLS_STATE state, int again) } -int _gnutls_recv_client_certificate( GNUTLS_STATE state) +int _gnutls_recv_client_certificate( gnutls_session session) { int datasize; opaque * data; int ret = 0; int optional; - if (state->gnutls_internals.auth_struct->gnutls_process_client_certificate!=NULL) { + if (session->internals.auth_struct->gnutls_process_client_certificate!=NULL) { /* if we have not requested a certificate then just return */ - if ( state->gnutls_internals.send_cert_req == 0) { + if ( session->internals.send_cert_req == 0) { return 0; } - if ( state->gnutls_internals.send_cert_req == GNUTLS_CERT_REQUIRE) + if ( session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) optional = MANDATORY_PACKET; else optional = OPTIONAL_PACKET; ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_CERTIFICATE_PKT, optional); if (ret < 0) { if (optional == OPTIONAL_PACKET && ret==GNUTLS_E_WARNING_ALERT_RECEIVED && - gnutls_protocol_get_version(state) == GNUTLS_SSL3 && - gnutls_alert_get(state)==GNUTLS_A_SSL3_NO_CERTIFICATE) { + gnutls_protocol_get_version(session) == GNUTLS_SSL3 && + gnutls_alert_get(session)==GNUTLS_A_SSL3_NO_CERTIFICATE) { /* SSL3 does not send an empty certificate, * but this alert. So we just ignore it. @@ -574,7 +574,7 @@ int _gnutls_recv_client_certificate( GNUTLS_STATE state) } - ret = state->gnutls_internals.auth_struct->gnutls_process_client_certificate( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_client_certificate( session, data, datasize); gnutls_free(data); if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) { gnutls_assert(); @@ -586,23 +586,23 @@ int _gnutls_recv_client_certificate( GNUTLS_STATE state) if (ret==GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) ret = 0; else - state->gnutls_key->certificate_requested = 1; + session->gnutls_key->certificate_requested = 1; } return ret; } -int _gnutls_recv_server_certificate( GNUTLS_STATE state) +int _gnutls_recv_server_certificate( gnutls_session session) { int datasize; opaque * data; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_process_server_certificate!=NULL) { + if (session->internals.auth_struct->gnutls_process_server_certificate!=NULL) { ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_CERTIFICATE_PKT, MANDATORY_PACKET); if (ret < 0) { @@ -610,7 +610,7 @@ int _gnutls_recv_server_certificate( GNUTLS_STATE state) return ret; } - ret = state->gnutls_internals.auth_struct->gnutls_process_server_certificate( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_server_certificate( session, data, datasize); gnutls_free(data); if (ret < 0) { gnutls_assert(); @@ -625,34 +625,34 @@ int _gnutls_recv_server_certificate( GNUTLS_STATE state) /* Recv the client certificate verify. This packet may not * arrive if the peer did not send us a certificate. */ -int _gnutls_recv_client_certificate_verify_message( GNUTLS_STATE state) +int _gnutls_recv_client_certificate_verify_message( gnutls_session session) { uint8 *data; int datasize; int ret = 0; - if (state->gnutls_internals.auth_struct->gnutls_process_client_cert_vrfy != NULL) { + if (session->internals.auth_struct->gnutls_process_client_cert_vrfy != NULL) { - if ( state->gnutls_internals.send_cert_req == 0 || - state->gnutls_key->certificate_requested == 0) { + if ( session->internals.send_cert_req == 0 || + session->gnutls_key->certificate_requested == 0) { return 0; } ret = - _gnutls_recv_handshake( state, &data, + _gnutls_recv_handshake( session, &data, &datasize, GNUTLS_CERTIFICATE_VERIFY, OPTIONAL_PACKET); if (ret < 0) return ret; - if (ret==0 && datasize == 0 && state->gnutls_internals.send_cert_req == GNUTLS_CERT_REQUIRE) { + if (ret==0 && datasize == 0 && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) { /* certificate was required */ gnutls_assert(); return GNUTLS_E_NO_CERTIFICATE_FOUND; } - ret = state->gnutls_internals.auth_struct->gnutls_process_client_cert_vrfy( state, data, datasize); + ret = session->internals.auth_struct->gnutls_process_client_cert_vrfy( session, data, datasize); gnutls_free(data); if (ret < 0) return ret; diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h index 0036e09dd2..ff4bba8fb0 100644 --- a/lib/gnutls_kx.h +++ b/lib/gnutls_kx.h @@ -18,21 +18,21 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_send_server_kx_message( GNUTLS_STATE state, int again); -int _gnutls_send_server_kx_message2( GNUTLS_STATE state, int again); -int _gnutls_send_client_kx_message( GNUTLS_STATE state, int again); -int _gnutls_send_client_kx_message0( GNUTLS_STATE state, int again); -int _gnutls_recv_server_kx_message( GNUTLS_STATE state); -int _gnutls_recv_server_kx_message2( GNUTLS_STATE state); -int _gnutls_recv_client_kx_message( GNUTLS_STATE state); -int _gnutls_recv_client_kx_message0( GNUTLS_STATE state); -int _gnutls_send_client_certificate_verify( GNUTLS_STATE state, int again); -int _gnutls_send_server_certificate( GNUTLS_STATE state, int again); -int _gnutls_generate_master( GNUTLS_STATE state); -int _gnutls_recv_client_certificate( GNUTLS_STATE state); -int _gnutls_recv_server_certificate( GNUTLS_STATE state); -int _gnutls_send_client_certificate( GNUTLS_STATE state, int again); -int _gnutls_recv_server_certificate_request( GNUTLS_STATE state); -int _gnutls_send_server_certificate_request( GNUTLS_STATE state, int again); -int _gnutls_recv_client_certificate_verify_message( GNUTLS_STATE state); +int _gnutls_send_server_kx_message( gnutls_session session, int again); +int _gnutls_send_server_kx_message2( gnutls_session session, int again); +int _gnutls_send_client_kx_message( gnutls_session session, int again); +int _gnutls_send_client_kx_message0( gnutls_session session, int again); +int _gnutls_recv_server_kx_message( gnutls_session session); +int _gnutls_recv_server_kx_message2( gnutls_session session); +int _gnutls_recv_client_kx_message( gnutls_session session); +int _gnutls_recv_client_kx_message0( gnutls_session session); +int _gnutls_send_client_certificate_verify( gnutls_session session, int again); +int _gnutls_send_server_certificate( gnutls_session session, int again); +int _gnutls_generate_master( gnutls_session session); +int _gnutls_recv_client_certificate( gnutls_session session); +int _gnutls_recv_server_certificate( gnutls_session session); +int _gnutls_send_client_certificate( gnutls_session session, int again); +int _gnutls_recv_server_certificate_request( gnutls_session session); +int _gnutls_send_server_certificate_request( gnutls_session session, int again); +int _gnutls_recv_client_certificate_verify_message( gnutls_session session); diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index a299dfd4d3..0aad4ddeaa 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -29,8 +29,8 @@ /** * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. - * @state: is a &GNUTLS_STATE structure. - * @list: is a 0 terminated list of BulkCipherAlgorithm elements. + * @session: is a &gnutls_session structure. + * @list: is a 0 terminated list of gnutls_cipher_algorithm elements. * * Sets the priority on the ciphers supported by gnutls. * Priority is higher for ciphers specified before others. @@ -39,8 +39,8 @@ * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { -GNUTLS_LIST _list = list; +int gnutls_cipher_set_priority( gnutls_session session, gnutls_list list) { +gnutls_list _list = list; int num=0, i; while( *_list != 0) { @@ -49,10 +49,10 @@ int num=0, i; } num = GMIN( MAX_ALGOS, num); - state->gnutls_internals.BulkCipherAlgorithmPriority.algorithms = num; + session->internals.cipher_algorithm_priority.algorithms = num; for (i=0;ignutls_internals.BulkCipherAlgorithmPriority.algorithm_priority[i] = list[i]; + session->internals.cipher_algorithm_priority.priority[i] = list[i]; } return 0; @@ -60,8 +60,8 @@ int num=0, i; /** * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls. - * @state: is a &GNUTLS_STATE structure. - * @list: is a 0 terminated list of KXAlgorithm elements. + * @session: is a &gnutls_session structure. + * @list: is a 0 terminated list of gnutls_kx_algorithm elements. * * Sets the priority on the key exchange algorithms supported by gnutls. * Priority is higher for algorithms specified before others. @@ -70,8 +70,8 @@ int num=0, i; * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { -GNUTLS_LIST _list = list; +int gnutls_kx_set_priority( gnutls_session session, gnutls_list list) { +gnutls_list _list = list; int num=0, i; while( *_list != 0) { @@ -81,10 +81,10 @@ int num=0, i; num = GMIN( MAX_ALGOS, num); - state->gnutls_internals.KXAlgorithmPriority.algorithms = num; + session->internals.kx_algorithm_priority.algorithms = num; for (i=0;ignutls_internals.KXAlgorithmPriority.algorithm_priority[i] = list[i]; + session->internals.kx_algorithm_priority.priority[i] = list[i]; } return 0; @@ -92,8 +92,8 @@ int num=0, i; /** * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls. - * @state: is a &GNUTLS_STATE structure. - * @list: is a 0 terminated list of MACAlgorithm elements. + * @session: is a &gnutls_session structure. + * @list: is a 0 terminated list of gnutls_mac_algorithm elements. * * Sets the priority on the mac algorithms supported by gnutls. * Priority is higher for algorithms specified before others. @@ -102,8 +102,8 @@ int num=0, i; * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ -int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { -GNUTLS_LIST _list = list; +int gnutls_mac_set_priority( gnutls_session session, gnutls_list list) { +gnutls_list _list = list; int num=0, i; while( *_list != 0) { @@ -113,10 +113,10 @@ int num=0, i; num = GMIN( MAX_ALGOS, num); - state->gnutls_internals.MACAlgorithmPriority.algorithms = num; + session->internals.mac_algorithm_priority.algorithms = num; for (i=0;ignutls_internals.MACAlgorithmPriority.algorithm_priority[i] = list[i]; + session->internals.mac_algorithm_priority.priority[i] = list[i]; } return 0; @@ -124,8 +124,8 @@ int num=0, i; /** * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls. - * @state: is a &GNUTLS_STATE structure. - * @list: is a 0 terminated list of CompressionMethod elements. + * @session: is a &gnutls_session structure. + * @list: is a 0 terminated list of gnutls_compression_method elements. * * Sets the priority on the compression algorithms supported by gnutls. * Priority is higher for algorithms specified before others. @@ -139,8 +139,8 @@ int num=0, i; * as gnutls extensions. * **/ -int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { -GNUTLS_LIST _list = list; +int gnutls_compression_set_priority( gnutls_session session, gnutls_list list) { +gnutls_list _list = list; int num=0, i; while( *_list != 0) { @@ -149,26 +149,26 @@ int num=0, i; } num = GMIN( MAX_ALGOS, num); - state->gnutls_internals.CompressionMethodPriority.algorithms = num; + session->internals.compression_method_priority.algorithms = num; for (i=0;ignutls_internals.CompressionMethodPriority.algorithm_priority[i] = list[i]; + session->internals.compression_method_priority.priority[i] = list[i]; } return 0; } /** * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls. - * @state: is a &GNUTLS_STATE structure. - * @list: is a 0 terminated list of GNUTLS_Version elements. + * @session: is a &gnutls_session structure. + * @list: is a 0 terminated list of gnutls_protocol_version elements. * * Sets the priority on the protocol versions supported by gnutls. * This function actually enables or disables protocols. Newer protocol * versions always have highest priority. * **/ -int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { -GNUTLS_LIST _list = list; +int gnutls_protocol_set_priority( gnutls_session session, gnutls_list list) { +gnutls_list _list = list; int num=0, i; while( *_list != 0) { @@ -178,25 +178,25 @@ int num=0, i; num = GMIN( MAX_ALGOS, num); - state->gnutls_internals.ProtocolPriority.algorithms = num; + session->internals.protocol_priority.algorithms = num; for (i=0;ignutls_internals.ProtocolPriority.algorithm_priority[i] = list[i]; + session->internals.protocol_priority.priority[i] = list[i]; } /* set the current version to the first in the chain. * This will be overriden later. */ if (num > 0) - _gnutls_set_current_version( state, state->gnutls_internals.ProtocolPriority.algorithm_priority[0]); + _gnutls_set_current_version( session, session->internals.protocol_priority.priority[0]); return 0; } /** * gnutls_cert_type_set_priority - Sets the priority on the certificate types supported by gnutls. - * @state: is a &GNUTLS_STATE structure. - * @list: is a 0 terminated list of GNUTLS_CertificateType elements. + * @session: is a &gnutls_session structure. + * @list: is a 0 terminated list of gnutls_certificate_type elements. * * Sets the priority on the certificate types supported by gnutls. * Priority is higher for types specified before others. @@ -205,9 +205,9 @@ int num=0, i; * The server does not use the cert type priority except for disabling * types that were not specified. **/ -int gnutls_cert_type_set_priority( GNUTLS_STATE state, GNUTLS_LIST list) { +int gnutls_cert_type_set_priority( gnutls_session session, gnutls_list list) { #ifdef HAVE_LIBOPENCDK -GNUTLS_LIST _list = list; +gnutls_list _list = list; int num=0, i; @@ -217,10 +217,10 @@ int num=0, i; } num = GMIN( MAX_ALGOS, num); - state->gnutls_internals.cert_type_priority.algorithms = num; + session->internals.cert_type_priority.algorithms = num; for (i=0;ignutls_internals.cert_type_priority.algorithm_priority[i] = list[i]; + session->internals.cert_type_priority.priority[i] = list[i]; } return 0; diff --git a/lib/gnutls_priority.h b/lib/gnutls_priority.h index a9e2deea3f..3caf224ed4 100644 --- a/lib/gnutls_priority.h +++ b/lib/gnutls_priority.h @@ -18,9 +18,9 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int gnutls_cipher_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_kx_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_mac_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_compression_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_protocol_set_priority( GNUTLS_STATE state, GNUTLS_LIST); -int gnutls_cert_type_set_priority( GNUTLS_STATE state, GNUTLS_LIST); +int gnutls_cipher_set_priority( gnutls_session session, gnutls_list); +int gnutls_kx_set_priority( gnutls_session session, gnutls_list); +int gnutls_mac_set_priority( gnutls_session session, gnutls_list); +int gnutls_compression_set_priority( gnutls_session session, gnutls_list); +int gnutls_protocol_set_priority( gnutls_session session, gnutls_list); +int gnutls_cert_type_set_priority( gnutls_session session, gnutls_list); diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 8e7344e4da..bf67644d4f 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -45,22 +45,22 @@ /** * gnutls_protocol_get_version - Returns the version of the currently used protocol - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the version of the currently used protocol. * **/ -GNUTLS_Version gnutls_protocol_get_version(GNUTLS_STATE state) { - return state->security_parameters.version; +gnutls_protocol_version gnutls_protocol_get_version(gnutls_session session) { + return session->security_parameters.version; } -void _gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version) { - state->security_parameters.version = version; +void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version version) { + session->security_parameters.version = version; } /** * gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @num: is the low water value. * * Used to set the lowat value in order for select to check @@ -71,13 +71,13 @@ void _gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version) { * Otherwise it must be called and set lowat to zero. * **/ -void gnutls_transport_set_lowat(GNUTLS_STATE state, int num) { - state->gnutls_internals.lowat = num; +void gnutls_transport_set_lowat(gnutls_session session, int num) { + session->internals.lowat = num; } /** * gnutls_transport_set_ptr - Used to set first argument of the transport functions - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @ptr: is the value. * * Used to set the first argument of the transport function (like PUSH and @@ -85,16 +85,16 @@ void gnutls_transport_set_lowat(GNUTLS_STATE state, int num) { * handle. * **/ -void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR ptr) +void gnutls_transport_set_ptr(gnutls_session session, gnutls_transport_ptr ptr) { - state->gnutls_internals.transport_recv_ptr = ptr; - state->gnutls_internals.transport_send_ptr = ptr; + session->internals.transport_recv_ptr = ptr; + session->internals.transport_send_ptr = ptr; } /** * gnutls_transport_set_ptr2 - Used to set first argument of the transport functions - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @recv_ptr: is the value for the pull function * @send_ptr: is the value for the push function * @@ -104,27 +104,27 @@ void gnutls_transport_set_ptr(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR ptr) * receiving and sending. * **/ -void gnutls_transport_set_ptr2(GNUTLS_STATE state, GNUTLS_TRANSPORT_PTR recv_ptr, - GNUTLS_TRANSPORT_PTR send_ptr) { - state->gnutls_internals.transport_send_ptr = send_ptr; - state->gnutls_internals.transport_recv_ptr = recv_ptr; +void gnutls_transport_set_ptr2(gnutls_session session, gnutls_transport_ptr recv_ptr, + gnutls_transport_ptr send_ptr) { + session->internals.transport_send_ptr = send_ptr; + session->internals.transport_recv_ptr = recv_ptr; } /** * gnutls_transport_get_ptr - Used to return the first argument of the transport functions - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Used to get the first argument of the transport function (like PUSH and * PULL). This must have been set using gnutls_transport_set_ptr(). * **/ -GNUTLS_TRANSPORT_PTR gnutls_transport_get_ptr(GNUTLS_STATE state) { - return state->gnutls_internals.transport_recv_ptr; +gnutls_transport_ptr gnutls_transport_get_ptr(gnutls_session session) { + return session->internals.transport_recv_ptr; } /** * gnutls_transport_get_ptr2 - Used to return the first argument of the transport functions - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @recv_ptr: will hold the value for the pull function * @send_ptr: will hold the value for the push function * @@ -132,18 +132,18 @@ GNUTLS_TRANSPORT_PTR gnutls_transport_get_ptr(GNUTLS_STATE state) { * PULL). This must have been set using gnutls_transport_set_ptr(). * **/ -void gnutls_transport_get_ptr2(GNUTLS_STATE state, - GNUTLS_TRANSPORT_PTR *recv_ptr, - GNUTLS_TRANSPORT_PTR *send_ptr) +void gnutls_transport_get_ptr2(gnutls_session session, + gnutls_transport_ptr *recv_ptr, + gnutls_transport_ptr *send_ptr) { - *recv_ptr = state->gnutls_internals.transport_recv_ptr; - *send_ptr = state->gnutls_internals.transport_send_ptr; + *recv_ptr = session->internals.transport_recv_ptr; + *send_ptr = session->internals.transport_send_ptr; } /** * gnutls_bye - This function terminates the current TLS/SSL connection. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @how: is an integer * * Terminates the current TLS/SSL connection. The connection should @@ -164,7 +164,7 @@ void gnutls_transport_get_ptr2(GNUTLS_STATE state, * This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED. * **/ -int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how) +int gnutls_bye( gnutls_session session, gnutls_close_request how) { int ret = 0, ret2 = 0; @@ -172,9 +172,9 @@ int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how) case STATE0: case STATE60: if (STATE==STATE60) { - ret = _gnutls_io_write_flush( state); + ret = _gnutls_io_write_flush( session); } else { - ret = gnutls_alert_send( state, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); + ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); STATE = STATE60; } @@ -182,8 +182,8 @@ int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how) return ret; case STATE61: if ( how == GNUTLS_SHUT_RDWR && ret >= 0) { - ret2 = gnutls_recv_int( state, GNUTLS_ALERT, -1, NULL, 0); - if (ret2 >= 0) state->gnutls_internals.may_read = 1; + ret2 = gnutls_recv_int( session, GNUTLS_ALERT, -1, NULL, 0); + if (ret2 >= 0) session->internals.may_read = 1; } STATE = STATE61; @@ -197,43 +197,43 @@ int gnutls_bye( GNUTLS_STATE state, GNUTLS_CloseRequest how) STATE = STATE0; - state->gnutls_internals.may_write = 1; + session->internals.may_write = 1; return 0; } inline -static void _gnutls_session_invalidate( GNUTLS_STATE state) { - state->gnutls_internals.valid_connection = VALID_FALSE; +static void _gnutls_session_invalidate( gnutls_session session) { + session->internals.valid_connection = VALID_FALSE; } inline -static void _gnutls_session_unresumable( GNUTLS_STATE state) { - state->gnutls_internals.resumable = RESUME_FALSE; +static void _gnutls_session_unresumable( gnutls_session session) { + session->internals.resumable = RESUME_FALSE; } /* returns 0 if session is valid */ inline -static int _gnutls_session_is_valid( GNUTLS_STATE state) { - if (state->gnutls_internals.valid_connection==VALID_FALSE) +static int _gnutls_session_is_valid( gnutls_session session) { + if (session->internals.valid_connection==VALID_FALSE) return GNUTLS_E_INVALID_SESSION; return 0; } static -ssize_t _gnutls_create_empty_record( GNUTLS_STATE state, ContentType type, +ssize_t _gnutls_create_empty_record( gnutls_session session, ContentType type, opaque* erecord, int erecord_size) { int cipher_size; int retval; int data2send; uint8 headers[5]; - GNUTLS_Version lver; + gnutls_protocol_version lver; if (type!=GNUTLS_APPLICATION_DATA || - _gnutls_cipher_is_block( gnutls_cipher_get(state))!=CIPHER_BLOCK) + _gnutls_cipher_is_block( gnutls_cipher_get(session))!=CIPHER_BLOCK) /* alert messages and stream ciphers * do not need this protection */ @@ -241,7 +241,7 @@ ssize_t _gnutls_create_empty_record( GNUTLS_STATE state, ContentType type, headers[0]=type; - lver = gnutls_protocol_get_version(state); + lver = gnutls_protocol_get_version(session); if (lver==GNUTLS_VERSION_UNKNOWN) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; @@ -252,7 +252,7 @@ ssize_t _gnutls_create_empty_record( GNUTLS_STATE state, ContentType type, data2send = 0; - cipher_size = _gnutls_encrypt( state, headers, RECORD_HEADER_SIZE, NULL, 0, erecord, erecord_size, type, 0); + cipher_size = _gnutls_encrypt( session, headers, RECORD_HEADER_SIZE, NULL, 0, erecord, erecord_size, type, 0); if (cipher_size <= 0) { gnutls_assert(); if (cipher_size==0) cipher_size = GNUTLS_E_ENCRYPTION_FAILED; @@ -263,8 +263,8 @@ ssize_t _gnutls_create_empty_record( GNUTLS_STATE state, ContentType type, /* increase sequence number */ - if (_gnutls_uint64pp( &state->connection_state.write_sequence_number) != 0) { - _gnutls_session_invalidate( state); + if (_gnutls_uint64pp( &session->connection_state.write_sequence_number) != 0) { + _gnutls_session_invalidate( session); gnutls_assert(); return GNUTLS_E_RECORD_LIMIT_REACHED; } @@ -273,9 +273,9 @@ ssize_t _gnutls_create_empty_record( GNUTLS_STATE state, ContentType type, } /* This function behave exactly like write(). The only difference is - * that it accepts, the gnutls_state and the ContentType of data to + * that it accepts, the gnutls_session and the ContentType of data to * send (if called by the user the Content is specific) - * It is intended to transfer data, under the current state. + * It is intended to transfer data, under the current session. * * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. * This makes the function much easier to read, and more error resistant @@ -286,7 +286,7 @@ ssize_t _gnutls_create_empty_record( GNUTLS_STATE state, ContentType type, * and only if the previous send was interrupted for some reason. * */ -ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void *_data, size_t sizeofdata) +ssize_t gnutls_send_int( gnutls_session session, ContentType type, HandshakeType htype, const void *_data, size_t sizeofdata) { uint8 *cipher; int cipher_size; @@ -294,7 +294,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty int data2send_size; uint8 headers[5]; const uint8 *data=_data; - GNUTLS_Version lver; + gnutls_protocol_version lver; int erecord_size = 0; opaque* erecord = NULL; @@ -302,14 +302,14 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty * If the previous send was interrupted then a null pointer is * ok, and means to resume. */ - if (state->gnutls_internals.record_send_buffer.size == 0 && + if (session->internals.record_send_buffer.size == 0 && (sizeofdata == 0 || _data==NULL)) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } if (type!=GNUTLS_ALERT) /* alert messages are sent anyway */ - if ( _gnutls_session_is_valid( state) || state->gnutls_internals.may_write != 0) { + if ( _gnutls_session_is_valid( session) || session->internals.may_write != 0) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } @@ -318,7 +318,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty headers[0]=type; - lver = gnutls_protocol_get_version(state); + lver = gnutls_protocol_get_version(session); if (lver==GNUTLS_VERSION_UNKNOWN) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; @@ -328,7 +328,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty headers[2]=_gnutls_version_get_minor( lver); _gnutls_record_log( "REC: Sending Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&state->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata); + (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata); if ( sizeofdata > MAX_RECORD_SEND_SIZE) data2send_size = MAX_RECORD_SEND_SIZE; @@ -338,14 +338,14 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* Only encrypt if we don't have data to send * from the previous run. - probably interrupted. */ - if (state->gnutls_internals.record_send_buffer.size > 0) { - ret = _gnutls_io_write_flush( state); + if (session->internals.record_send_buffer.size > 0) { + ret = _gnutls_io_write_flush( session); if (ret > 0) cipher_size = ret; else cipher_size = 0; cipher = NULL; - retval = state->gnutls_internals.record_send_buffer_user_size; + retval = session->internals.record_send_buffer_user_size; } else { /* Prepend our packet with an empty record. This is to @@ -353,7 +353,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty */ /* if this protection has been disabled */ - if (state->gnutls_internals.cbc_protection_hack!=0) { + if (session->internals.cbc_protection_hack!=0) { erecord_size = MAX_RECORD_OVERHEAD; erecord = gnutls_alloca( erecord_size); if (erecord==NULL) { @@ -362,7 +362,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } erecord_size = - _gnutls_create_empty_record( state, type, erecord, erecord_size); + _gnutls_create_empty_record( session, type, erecord, erecord_size); if (erecord_size < 0) { gnutls_assert(); return erecord_size; @@ -378,7 +378,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return GNUTLS_E_MEMORY_ERROR; } - cipher_size = _gnutls_encrypt( state, headers, RECORD_HEADER_SIZE, data, data2send_size, cipher, + cipher_size = _gnutls_encrypt( session, headers, RECORD_HEADER_SIZE, data, data2send_size, cipher, cipher_size, type, 1); if (cipher_size <= 0) { gnutls_assert(); @@ -389,19 +389,19 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } retval = data2send_size; - state->gnutls_internals.record_send_buffer_user_size = data2send_size; + session->internals.record_send_buffer_user_size = data2send_size; /* increase sequence number */ - if (_gnutls_uint64pp( &state->connection_state.write_sequence_number) != 0) { - _gnutls_session_invalidate( state); + if (_gnutls_uint64pp( &session->connection_state.write_sequence_number) != 0) { + _gnutls_session_invalidate( session); gnutls_assert(); gnutls_afree( erecord); gnutls_afree( cipher); return GNUTLS_E_RECORD_LIMIT_REACHED; } - ret = _gnutls_io_write_buffered2( state, erecord, erecord_size, cipher, cipher_size); + ret = _gnutls_io_write_buffered2( session, erecord, erecord_size, cipher, cipher_size); gnutls_afree( erecord); gnutls_afree( cipher); } @@ -420,16 +420,16 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty ret = GNUTLS_E_UNKNOWN_ERROR; } - _gnutls_session_unresumable( state); - _gnutls_session_invalidate( state); + _gnutls_session_unresumable( session); + _gnutls_session_invalidate( session); gnutls_assert(); return ret; } - state->gnutls_internals.record_send_buffer_user_size = 0; + session->internals.record_send_buffer_user_size = 0; _gnutls_record_log( "REC: Sent Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&state->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size); + (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size); return retval; } @@ -437,16 +437,16 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* This function is to be called if the handshake was successfully * completed. This sends a Change Cipher Spec packet to the peer. */ -ssize_t _gnutls_send_change_cipher_spec( GNUTLS_STATE state, int again) +ssize_t _gnutls_send_change_cipher_spec( gnutls_session session, int again) { opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC }; _gnutls_handshake_log( "REC: Sent ChangeCipherSpec\n"); if (again==0) - return gnutls_send_int( state, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); + return gnutls_send_int( session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); else { - return _gnutls_io_write_flush( state); + return _gnutls_io_write_flush( session); } } @@ -468,18 +468,18 @@ static int _gnutls_check_recv_type( ContentType recv_type) { /* Checks if there are pending data into the record buffers. If there are * then it copies the data. */ -static int _gnutls_check_buffers( GNUTLS_STATE state, ContentType type, opaque* data, int sizeofdata) { +static int _gnutls_check_buffers( gnutls_session session, ContentType type, opaque* data, int sizeofdata) { int ret = 0, ret2=0; - if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, state) > 0) { - ret = _gnutls_record_buffer_get(type, state, data, sizeofdata); + if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, session) > 0) { + ret = _gnutls_record_buffer_get(type, session, data, sizeofdata); if (ret < 0) { gnutls_assert(); return ret; } /* if the buffer just got empty */ - if (_gnutls_record_buffer_get_size(type, state)==0) { - if ( (ret2=_gnutls_io_clear_peeked_data( state)) < 0) { + if (_gnutls_record_buffer_get_size(type, session)==0) { + if ( (ret2=_gnutls_io_clear_peeked_data( session)) < 0) { gnutls_assert(); return ret2; } @@ -497,8 +497,8 @@ static int _gnutls_check_buffers( GNUTLS_STATE state, ContentType type, opaque* /* Checks the record headers and returns the length, version and * content type. */ -static int _gnutls_check_record_headers( GNUTLS_STATE state, uint8 headers[RECORD_HEADER_SIZE], ContentType type, - HandshakeType htype, /*output*/ ContentType *recv_type, GNUTLS_Version *version, uint16 *length, uint16* header_size) { +static int _gnutls_check_record_headers( gnutls_session session, uint8 headers[RECORD_HEADER_SIZE], ContentType type, + HandshakeType htype, /*output*/ ContentType *recv_type, gnutls_protocol_version *version, uint16 *length, uint16* header_size) { /* Read the first two bytes to determine if this is a * version 2 message @@ -520,7 +520,7 @@ static int _gnutls_check_record_headers( GNUTLS_STATE state, uint8 headers[RECOR /* in order to assist the handshake protocol. * V2 compatibility is a mess. */ - state->gnutls_internals.v2_hello = *length; + session->internals.v2_hello = *length; _gnutls_record_log( "REC: V2 packet received. Length: %d\n", *length); @@ -544,10 +544,10 @@ static int _gnutls_check_record_headers( GNUTLS_STATE state, uint8 headers[RECOR * negotiated in the handshake. */ inline -static int _gnutls_check_record_version( GNUTLS_STATE state, HandshakeType htype, GNUTLS_Version version) +static int _gnutls_check_record_version( gnutls_session session, HandshakeType htype, gnutls_protocol_version version) { #ifdef CHECK_RECORD_VERSION - if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) && gnutls_protocol_get_version(state) != version) { + if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) && gnutls_protocol_get_version(session) != version) { gnutls_assert(); _gnutls_record_log( "REC: INVALID VERSION PACKET: (%d) %d.%d\n", htype, _gnutls_version_get_major(version), _gnutls_version_get_minor(version)); @@ -562,20 +562,20 @@ static int _gnutls_check_record_version( GNUTLS_STATE state, HandshakeType htype /* This function will check if the received record type is * the one we actually expecting for. */ -static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type, +static int _gnutls_record_check_type( gnutls_session session, ContentType recv_type, ContentType type, HandshakeType htype, opaque* data, int data_size) { int ret; if ( (recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE)) { - _gnutls_record_buffer_put(type, state, (void *) data, data_size); + _gnutls_record_buffer_put(type, session, (void *) data, data_size); } else { switch (recv_type) { case GNUTLS_ALERT: _gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], gnutls_alert_get_name((int)data[1])); - state->gnutls_internals.last_alert = data[1]; + session->internals.last_alert = data[1]; /* if close notify is received and * the alert is not fatal @@ -594,8 +594,8 @@ static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type, gnutls_assert(); ret = GNUTLS_E_WARNING_ALERT_RECEIVED; if (data[0] == GNUTLS_AL_FATAL) { - _gnutls_session_unresumable( state); - _gnutls_session_invalidate( state); + _gnutls_session_unresumable( session); + _gnutls_session_invalidate( session); ret = GNUTLS_E_FATAL_ALERT_RECEIVED; } @@ -612,7 +612,7 @@ static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type, case GNUTLS_APPLICATION_DATA: /* even if data is unexpected put it into the buffer */ - if ( (ret=_gnutls_record_buffer_put(recv_type, state, (void *) data, data_size)) < 0) { + if ( (ret=_gnutls_record_buffer_put(recv_type, session, (void *) data, data_size)) < 0) { gnutls_assert(); return ret; } @@ -631,13 +631,13 @@ static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type, case GNUTLS_HANDSHAKE: /* This is only legal if HELLO_REQUEST is received - and we are a client */ - if ( state->security_parameters.entity==GNUTLS_SERVER) { + if ( session->security_parameters.entity==GNUTLS_SERVER) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET; } gnutls_assert(); - return _gnutls_recv_hello_request( state, data, data_size); + return _gnutls_recv_hello_request( session, data, data_size); break; default: @@ -656,15 +656,15 @@ static int _gnutls_record_check_type( GNUTLS_STATE state, ContentType recv_type, #define MAX_EMPTY_PACKETS_SEQUENCE 4 /* This function behave exactly like read(). The only difference is - * that it accepts, the gnutls_state and the ContentType of data to + * that it accepts, the gnutls_session and the ContentType of data to * send (if called by the user the Content is Userdata only) - * It is intended to receive data, under the current state. + * It is intended to receive data, under the current session. */ -ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, char *data, size_t sizeofdata) +ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType htype, char *data, size_t sizeofdata) { uint8 *tmpdata; int tmplen; - GNUTLS_Version version; + gnutls_protocol_version version; uint8 *headers; ContentType recv_type; uint16 length; @@ -690,7 +690,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return GNUTLS_E_INVALID_PARAMETERS; } - if ( _gnutls_session_is_valid(state)!=0 || state->gnutls_internals.may_read!=0) { + if ( _gnutls_session_is_valid(session)!=0 || session->internals.may_read!=0) { gnutls_assert(); return GNUTLS_E_INVALID_SESSION; } @@ -698,25 +698,25 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* If we have enough data in the cache do not bother receiving * a new packet. (in order to flush the cache) */ - ret = _gnutls_check_buffers( state, type, data, sizeofdata); + ret = _gnutls_check_buffers( session, type, data, sizeofdata); if (ret != 0) return ret; - if ( (ret = _gnutls_io_read_buffered( state, &headers, header_size, -1)) != header_size) { + if ( (ret = _gnutls_io_read_buffered( session, &headers, header_size, -1)) != header_size) { if (ret < 0 && gnutls_error_is_fatal(ret)==0) return ret; - _gnutls_session_invalidate( state); + _gnutls_session_invalidate( session); if (type==GNUTLS_ALERT) { gnutls_assert(); return 0; /* we were expecting close notify */ } - _gnutls_session_unresumable( state); + _gnutls_session_unresumable( session); gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - if ( (ret=_gnutls_check_record_headers( state, headers, type, htype, &recv_type, &version, &length, &header_size)) < 0) { + if ( (ret=_gnutls_check_record_headers( session, headers, type, htype, &recv_type, &version, &length, &header_size)) < 0) { gnutls_assert(); return ret; } @@ -733,34 +733,34 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* Here we check if the advertized version is the one we * negotiated in the handshake. */ - if ( (ret=_gnutls_check_record_version( state, htype, version)) < 0) { + if ( (ret=_gnutls_check_record_version( session, htype, version)) < 0) { gnutls_assert(); - _gnutls_session_invalidate( state); + _gnutls_session_invalidate( session); return ret; } _gnutls_record_log( "REC: Expected Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata); + (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata); _gnutls_record_log( "REC: Received Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length); + (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length); if (length > MAX_RECV_SIZE) { _gnutls_record_log( "REC: FATAL ERROR: Received packet with length: %d\n", length); - _gnutls_session_unresumable( state); - _gnutls_session_invalidate( state); + _gnutls_session_unresumable( session); + _gnutls_session_invalidate( session); gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } /* check if we have that data into buffer. */ - if ( (ret = _gnutls_io_read_buffered( state, &recv_data, header_size+length, recv_type)) != length+header_size) { + if ( (ret = _gnutls_io_read_buffered( session, &recv_data, header_size+length, recv_type)) != length+header_size) { if (ret<0 && gnutls_error_is_fatal(ret)==0) return ret; - _gnutls_session_unresumable( state); - _gnutls_session_invalidate( state); + _gnutls_session_unresumable( session); + _gnutls_session_invalidate( session); gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } @@ -768,7 +768,7 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /* ok now we are sure that we can read all the data - so * move on ! */ - _gnutls_io_clear_read_buffer( state); + _gnutls_io_clear_read_buffer( session); ciphertext = &recv_data[header_size]; /* decrypt the data we got. We allocate MAX_RECORD_RECV_SIZE @@ -782,10 +782,10 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty return GNUTLS_E_MEMORY_ERROR; } - tmplen = _gnutls_decrypt( state, ciphertext, length, tmpdata, tmplen, recv_type); + tmplen = _gnutls_decrypt( session, ciphertext, length, tmpdata, tmplen, recv_type); if (tmplen < 0) { - _gnutls_session_unresumable( state); - _gnutls_session_invalidate( state); + _gnutls_session_unresumable( session); + _gnutls_session_invalidate( session); gnutls_afree(tmpdata); gnutls_assert(); return tmplen; @@ -809,17 +809,17 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty } _gnutls_record_log( "REC: Decrypted Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen); + (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen); /* increase sequence number */ - if (_gnutls_uint64pp( &state->connection_state.read_sequence_number)!=0) { - _gnutls_session_invalidate( state); + if (_gnutls_uint64pp( &session->connection_state.read_sequence_number)!=0) { + _gnutls_session_invalidate( session); gnutls_afree(tmpdata); gnutls_assert(); return GNUTLS_E_RECORD_LIMIT_REACHED; } - if ( (ret=_gnutls_record_check_type( state, recv_type, type, htype, tmpdata, tmplen)) < 0) { + if ( (ret=_gnutls_record_check_type( session, recv_type, type, htype, tmpdata, tmplen)) < 0) { gnutls_afree(tmpdata); if (ret==GNUTLS_E_INT_RET_0) return 0; @@ -832,15 +832,15 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty */ if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && (recv_type == type)) { - ret = _gnutls_record_buffer_get(type, state, data, sizeofdata); + ret = _gnutls_record_buffer_get(type, session, data, sizeofdata); if (ret < 0) { gnutls_assert(); return ret; } /* if the buffer just got empty */ - if (_gnutls_record_buffer_get_size(type, state)==0) { - if ( (ret2 = _gnutls_io_clear_peeked_data( state)) < 0) { + if (_gnutls_record_buffer_get_size(type, session)==0) { + if ( (ret2 = _gnutls_io_clear_peeked_data( session)) < 0) { gnutls_assert(); return ret2; } @@ -870,12 +870,12 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty /** * gnutls_record_send - sends to the peer the specified data - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @data: contains the data to send * @sizeofdata: is the length of the data * * This function has the similar semantics to write(). The only - * difference is that is accepts a GNUTLS state, and uses different + * difference is that is accepts a GNUTLS session, and uses different * error codes. * * If the EINTR is returned by the internal push function (write()) @@ -890,18 +890,18 @@ ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType hty * Returns the number of bytes sent, or a negative error code. * **/ -ssize_t gnutls_record_send( GNUTLS_STATE state, const void *data, size_t sizeofdata) { - return gnutls_send_int( state, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); +ssize_t gnutls_record_send( gnutls_session session, const void *data, size_t sizeofdata) { + return gnutls_send_int( session, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); } /** * gnutls_record_recv - reads data from the TLS record protocol - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @data: contains the data to send * @sizeofdata: is the length of the data * * This function has the similar semantics to read(). The only - * difference is that is accepts a GNUTLS state. + * difference is that is accepts a GNUTLS session. * Also returns the number of bytes received, zero on EOF, but * a negative error code in case of an error. * @@ -910,30 +910,30 @@ ssize_t gnutls_record_send( GNUTLS_STATE state, const void *data, size_t sizeofd * or perform a handshake again. (only a client may receive this message) * **/ -ssize_t gnutls_record_recv( GNUTLS_STATE state, void *data, size_t sizeofdata) { - return gnutls_recv_int( state, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); +ssize_t gnutls_record_recv( gnutls_session session, void *data, size_t sizeofdata) { + return gnutls_recv_int( session, GNUTLS_APPLICATION_DATA, -1, data, sizeofdata); } /** * gnutls_record_get_max_size - returns the maximum record size - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * This function returns the maximum record size in this connection. * The maximum record size is negotiated by the client after the * first handshake message. * **/ -size_t gnutls_record_get_max_size( GNUTLS_STATE state) { +size_t gnutls_record_get_max_size( gnutls_session session) { /* Recv will hold the negotiated max record size * always. */ - return state->security_parameters.max_record_recv_size; + return session->security_parameters.max_record_recv_size; } /** * gnutls_record_set_max_size - sets the maximum record size - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @size: is the new size * * This function sets the maximum record size in this connection. @@ -949,10 +949,10 @@ size_t gnutls_record_get_max_size( GNUTLS_STATE state) { * Not all TLS implementations use or even understand this extension. * **/ -ssize_t gnutls_record_set_max_size( GNUTLS_STATE state, size_t size) { +ssize_t gnutls_record_set_max_size( gnutls_session session, size_t size) { ssize_t new_size; - if (state->security_parameters.entity==GNUTLS_SERVER) + if (session->security_parameters.entity==GNUTLS_SERVER) return GNUTLS_E_INVALID_REQUEST; new_size = _gnutls_mre_record2num( size); @@ -962,9 +962,9 @@ ssize_t new_size; return new_size; } - state->security_parameters.max_record_send_size = size; + session->security_parameters.max_record_send_size = size; - state->gnutls_internals.proposed_record_size = size; + session->internals.proposed_record_size = size; return 0; } diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index ea0872cdfb..9581aa4ab3 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -1,4 +1,4 @@ -ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType htype, const void* data, size_t sizeofdata); -ssize_t gnutls_recv_int( GNUTLS_STATE state, ContentType type, HandshakeType, char* data, size_t sizeofdata); -ssize_t _gnutls_send_change_cipher_spec( GNUTLS_STATE state, int again); -void gnutls_transport_set_lowat(GNUTLS_STATE state, int num); +ssize_t gnutls_send_int( gnutls_session session, ContentType type, HandshakeType htype, const void* data, size_t sizeofdata); +ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType, char* data, size_t sizeofdata); +ssize_t _gnutls_send_change_cipher_spec( gnutls_session session, int again); +void gnutls_transport_set_lowat(gnutls_session session, int num); diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index c4b8b82056..fc3fad8536 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -45,7 +45,7 @@ static int normalize_bits(int bits) /* returns e and m, depends on the requested bits. * We only support limited key sizes. */ -const GNUTLS_MPI* _gnutls_get_rsa_params(GNUTLS_RSA_PARAMS rsa_params, int bits) +const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params rsa_params, int bits) { if (rsa_params == NULL) { gnutls_assert(); @@ -187,7 +187,7 @@ static int check_bits(int bits) * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. * **/ -int gnutls_rsa_params_set(GNUTLS_RSA_PARAMS rsa_params, +int gnutls_rsa_params_set(gnutls_rsa_params rsa_params, gnutls_datum m, gnutls_datum e, gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u, int bits) @@ -257,10 +257,10 @@ int gnutls_rsa_params_set(GNUTLS_RSA_PARAMS rsa_params, * This function will initialize the temporary RSA parameters structure. * **/ -int gnutls_rsa_params_init(GNUTLS_RSA_PARAMS * rsa_params) +int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params) { - *rsa_params = gnutls_calloc( 1, sizeof(_GNUTLS_RSA_PARAMS)); + *rsa_params = gnutls_calloc( 1, sizeof(_gnutls_rsa_params)); if (*rsa_params==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -277,7 +277,7 @@ int gnutls_rsa_params_init(GNUTLS_RSA_PARAMS * rsa_params) * This function will deinitialize the RSA parameters structure. * **/ -void gnutls_rsa_params_deinit(GNUTLS_RSA_PARAMS rsa_params) +void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params) { int i; diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h index 3c0800dacb..ca9ee7780c 100644 --- a/lib/gnutls_rsa_export.h +++ b/lib/gnutls_rsa_export.h @@ -18,6 +18,6 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -const GNUTLS_MPI* _gnutls_get_rsa_params(GNUTLS_RSA_PARAMS, int bits); -int _gnutls_peers_cert_less_512( GNUTLS_STATE state); +const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params, int bits); +int _gnutls_peers_cert_less_512( gnutls_session session); diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c index 6d5fd567ce..93e5d912b2 100644 --- a/lib/gnutls_session.c +++ b/lib/gnutls_session.c @@ -23,13 +23,13 @@ #include "debug.h" #include -#define SESSION_SIZE _gnutls_session_size( state) +#define SESSION_SIZE _gnutls_session_size( session) /** * gnutls_session_get_data - Returns all session parameters. - * @state: is a &GNUTLS_STATE structure. - * @session: is a pointer to space to hold the session. - * @session_size: is the session's size, or it will be set by the function. + * @session: is a &gnutls_session structure. + * @session_data: is a pointer to space to hold the session. + * @session_data_size: is the session_data's size, or it will be set by the function. * * Returns all session parameters - in order to support resuming. * The client should call this - and keep the returned session - if he wants to @@ -38,30 +38,30 @@ * * Resuming sessions is really useful and speedups connections after a succesful one. **/ -int gnutls_session_get_data( GNUTLS_STATE state, opaque* session, int *session_size) { +int gnutls_session_get_data( gnutls_session session, opaque* session_data, int *session_data_size) { gnutls_datum psession; int ret; - if (*session_size < SESSION_SIZE || session==NULL) { - *session_size = SESSION_SIZE; - session = NULL; /* return with the new session_size value */ + if (*session_data_size < SESSION_SIZE || session_data==NULL) { + *session_data_size = SESSION_SIZE; + session_data = NULL; /* return with the new session_data_size value */ } - if (state->gnutls_internals.resumable==RESUME_FALSE) return GNUTLS_E_INVALID_SESSION; + if (session->internals.resumable==RESUME_FALSE) return GNUTLS_E_INVALID_SESSION; /* just return the session size */ - if (session==NULL) { + if (session_data==NULL) { return 0; } - psession.data = session; + psession.data = session_data; - ret = _gnutls_session_pack( state, &psession); + ret = _gnutls_session_pack( session, &psession); if (ret< 0) { gnutls_assert(); return ret; } - *session_size = psession.size; + *session_data_size = psession.size; return 0; } @@ -69,9 +69,9 @@ int gnutls_session_get_data( GNUTLS_STATE state, opaque* session, int *session_s /** * gnutls_session_get_id - Returns session id. - * @state: is a &GNUTLS_STATE structure. - * @session: is a pointer to space to hold the session id. - * @session_size: is the session id's size, or it will be set by the function. + * @session: is a &gnutls_session structure. + * @session_id: is a pointer to space to hold the session id. + * @session_id_size: is the session id's size, or it will be set by the function. * * Returns the current session id. This can be used if you want to check if * the next session you tried to resume was actually resumed. @@ -81,24 +81,24 @@ int gnutls_session_get_data( GNUTLS_STATE state, opaque* session, int *session_s * Session id is some data set by the server, that identify the current session. * In TLS 1.0 session id should not be more than 32 bytes. **/ -int gnutls_session_get_id( GNUTLS_STATE state, void* session, int *session_size) { +int gnutls_session_get_id( gnutls_session session, void* session_id, int *session_id_size) { - *session_size = state->security_parameters.session_id_size; + *session_id_size = session->security_parameters.session_id_size; /* just return the session size */ - if (session==NULL) { + if (session_id==NULL) { return 0; } - memcpy( session, &state->security_parameters.session_id, *session_size); + memcpy( session_id, &session->security_parameters.session_id, *session_id_size); return 0; } /** * gnutls_session_set_data - Sets all session parameters - * @state: is a &GNUTLS_STATE structure. - * @session: is a pointer to space to hold the session. - * @session_size: is the session's size + * @session: is a &gnutls_session structure. + * @session_data: is a pointer to space to hold the session. + * @session_data_size: is the session's size * * Sets all session parameters - in order to support resuming * session must be the one returned by gnutls_session_get_data(); @@ -107,15 +107,17 @@ int gnutls_session_get_id( GNUTLS_STATE state, void* session, int *session_size) * choose not to resume the session, thus a full handshake will be * performed. **/ -int gnutls_session_set_data( GNUTLS_STATE state, opaque* session, int session_size) { +int gnutls_session_set_data( gnutls_session session, const opaque* session_data, + int session_data_size) +{ int ret; - gnutls_datum psession = { session, session_size }; + gnutls_datum psession = { (opaque*)session_data, session_data_size }; - if (session==NULL || session_size == 0) { + if (session_data==NULL || session_data_size == 0) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_session_unpack( state, &psession); + ret = _gnutls_session_unpack( session, &psession); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/gnutls_session.h b/lib/gnutls_session.h index 9ed5b5cbf5..c9c25b4fa4 100644 --- a/lib/gnutls_session.h +++ b/lib/gnutls_session.h @@ -18,5 +18,5 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int gnutls_session_set_data( GNUTLS_STATE state, opaque* session, int session_size); -int gnutls_session_get_data( GNUTLS_STATE state, opaque* session, int *session_size); +int gnutls_session_set_data( gnutls_session session, const opaque* session_data, int session_data_size); +int gnutls_session_get_data( gnutls_session session, opaque* session_data, int *session_data_size); diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index dd4ca6ab04..e59a4a3f21 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -45,7 +45,7 @@ static int _gnutls_pack_certificate_auth_info_size( CERTIFICATE_AUTH_INFO info); * is required in order to pack these structures in a vector in * order to store them to the DB. */ -int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) +int _gnutls_session_pack(gnutls_session session, gnutls_datum * packed_session) { uint32 pack_size; int ret; @@ -56,19 +56,19 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) } - switch (gnutls_auth_get_type(state)) { + switch (gnutls_auth_get_type(session)) { #ifdef ENABLE_SRP case GNUTLS_CRD_SRP:{ SRP_SERVER_AUTH_INFO info = - _gnutls_get_auth_info(state); + _gnutls_get_auth_info(session); - if (info == NULL && state->gnutls_key->auth_info_size!=0) { + if (info == NULL && session->gnutls_key->auth_info_size!=0) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } - pack_size = state->gnutls_key->auth_info_size; + pack_size = session->gnutls_key->auth_info_size; packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof(uint32); @@ -77,10 +77,10 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) &packed_session-> data[PACK_HEADER_SIZE]); - if (state->gnutls_key->auth_info_size > 0) + if (session->gnutls_key->auth_info_size > 0) memcpy(&packed_session-> data[PACK_HEADER_SIZE + sizeof(uint32)], - info, state->gnutls_key->auth_info_size); + info, session->gnutls_key->auth_info_size); } @@ -88,31 +88,31 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) #endif case GNUTLS_CRD_ANON:{ ANON_CLIENT_AUTH_INFO info = - _gnutls_get_auth_info(state); - if (info == NULL && state->gnutls_key->auth_info_size!=0) { + _gnutls_get_auth_info(session); + if (info == NULL && session->gnutls_key->auth_info_size!=0) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } packed_session->size = - PACK_HEADER_SIZE + state->gnutls_key->auth_info_size + sizeof(uint32); + PACK_HEADER_SIZE + session->gnutls_key->auth_info_size + sizeof(uint32); packed_session->data[0] = GNUTLS_CRD_ANON; - _gnutls_write_uint32(state->gnutls_key->auth_info_size, + _gnutls_write_uint32(session->gnutls_key->auth_info_size, &packed_session-> data[PACK_HEADER_SIZE]); - if (state->gnutls_key->auth_info_size > 0) + if (session->gnutls_key->auth_info_size > 0) memcpy(&packed_session-> data[PACK_HEADER_SIZE + sizeof(uint32)], - info, state->gnutls_key->auth_info_size); + info, session->gnutls_key->auth_info_size); } break; case GNUTLS_CRD_CERTIFICATE:{ CERTIFICATE_AUTH_INFO info = - _gnutls_get_auth_info(state); - if (info == NULL && state->gnutls_key->auth_info_size!=0) { + _gnutls_get_auth_info(session); + if (info == NULL && session->gnutls_key->auth_info_size!=0) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } @@ -138,7 +138,7 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) _gnutls_write_uint32( sizeof(SecurityParameters), &packed_session->data[packed_session->size - sizeof(SecurityParameters) - sizeof(uint32)]); memcpy(&packed_session-> data[packed_session->size - sizeof(SecurityParameters)], - &state->security_parameters, sizeof(SecurityParameters)); + &session->security_parameters, sizeof(SecurityParameters)); return 0; @@ -146,20 +146,20 @@ int _gnutls_session_pack(GNUTLS_STATE state, gnutls_datum * packed_session) /* Returns the size needed to hold the current session. */ -int _gnutls_session_size( GNUTLS_STATE state) +int _gnutls_session_size( gnutls_session session) { uint32 pack_size; pack_size = PACK_HEADER_SIZE + sizeof(uint32); - switch ( gnutls_auth_get_type(state)) { + switch ( gnutls_auth_get_type(session)) { case GNUTLS_CRD_SRP: case GNUTLS_CRD_ANON: - pack_size += state->gnutls_key->auth_info_size; + pack_size += session->gnutls_key->auth_info_size; break; case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info = - _gnutls_get_auth_info(state); + _gnutls_get_auth_info(session); pack_size += _gnutls_pack_certificate_auth_info_size( info); } @@ -173,7 +173,7 @@ int _gnutls_session_size( GNUTLS_STATE state) return pack_size; } -int _gnutls_session_unpack(GNUTLS_STATE state, +int _gnutls_session_unpack(gnutls_session session, const gnutls_datum * packed_session) { uint32 pack_size; @@ -186,8 +186,8 @@ int _gnutls_session_unpack(GNUTLS_STATE state, return GNUTLS_E_UNIMPLEMENTED_FEATURE; } - if (state->gnutls_key->auth_info != NULL) { - _gnutls_free_auth_info( state); + if (session->gnutls_key->auth_info != NULL) { + _gnutls_free_auth_info( session); } switch ( packed_session->data[0]) { @@ -204,18 +204,18 @@ int _gnutls_session_unpack(GNUTLS_STATE state, return GNUTLS_E_DB_ERROR; } - state->gnutls_key->auth_info = + session->gnutls_key->auth_info = gnutls_malloc( pack_size); - if (state->gnutls_key->auth_info == NULL) { + if (session->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_size = + session->gnutls_key->auth_info_size = sizeof(SRP_SERVER_AUTH_INFO_INT); - memcpy(state->gnutls_key->auth_info, + memcpy(session->gnutls_key->auth_info, &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], pack_size); @@ -234,16 +234,16 @@ int _gnutls_session_unpack(GNUTLS_STATE state, return GNUTLS_E_DB_ERROR; } - state->gnutls_key->auth_info = + session->gnutls_key->auth_info = gnutls_malloc( pack_size); - if (state->gnutls_key->auth_info == NULL) { + if (session->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_size = pack_size; + session->gnutls_key->auth_info_size = pack_size; - memcpy(state->gnutls_key->auth_info, + memcpy(session->gnutls_key->auth_info, &packed_session->data[PACK_HEADER_SIZE + sizeof(uint32)], pack_size); } @@ -254,8 +254,8 @@ int _gnutls_session_unpack(GNUTLS_STATE state, data[PACK_HEADER_SIZE]); if (pack_size == 0) { - state->gnutls_key->auth_info = NULL; - state->gnutls_key->auth_info_size = 0; + session->gnutls_key->auth_info = NULL; + session->gnutls_key->auth_info_size = 0; break; } if (pack_size < sizeof(CERTIFICATE_AUTH_INFO_INT)) { @@ -263,18 +263,18 @@ int _gnutls_session_unpack(GNUTLS_STATE state, return GNUTLS_E_DB_ERROR; } - state->gnutls_key->auth_info = + session->gnutls_key->auth_info = gnutls_malloc( sizeof(CERTIFICATE_AUTH_INFO_INT)); - if (state->gnutls_key->auth_info == NULL) { + if (session->gnutls_key->auth_info == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - state->gnutls_key->auth_info_size = + session->gnutls_key->auth_info_size = sizeof(CERTIFICATE_AUTH_INFO_INT); ret = - _gnutls_unpack_certificate_auth_info(state-> + _gnutls_unpack_certificate_auth_info(session-> gnutls_key-> auth_info, packed_session); @@ -291,7 +291,7 @@ int _gnutls_session_unpack(GNUTLS_STATE state, } - state->gnutls_key->auth_info_type = packed_session->data[0]; + session->gnutls_key->auth_info_type = packed_session->data[0]; /* Auth_info structures copied. Now copy SecurityParameters. */ @@ -308,12 +308,12 @@ int _gnutls_session_unpack(GNUTLS_STATE state, 2 * sizeof(uint32) + pack_size], sizeof(SecurityParameters)); - if ( timestamp - sp.timestamp <= state->gnutls_internals.expire_time + if ( timestamp - sp.timestamp <= session->internals.expire_time && sp.timestamp <= timestamp) { - memcpy( &state->gnutls_internals.resumed_security_parameters, &sp, sizeof(SecurityParameters)); + memcpy( &session->internals.resumed_security_parameters, &sp, sizeof(SecurityParameters)); } else { - _gnutls_free_auth_info( state); + _gnutls_free_auth_info( session); gnutls_assert(); return GNUTLS_E_EXPIRED; } diff --git a/lib/gnutls_session_pack.h b/lib/gnutls_session_pack.h index 580ace5cdb..7686a8c7a9 100644 --- a/lib/gnutls_session_pack.h +++ b/lib/gnutls_session_pack.h @@ -1,3 +1,3 @@ -int _gnutls_session_pack( GNUTLS_STATE state, gnutls_datum* packed_session); -int _gnutls_session_unpack( GNUTLS_STATE state, const gnutls_datum* packed_session); -int _gnutls_session_size(GNUTLS_STATE state); +int _gnutls_session_pack( gnutls_session session, gnutls_datum* packed_session); +int _gnutls_session_unpack( gnutls_session session, const gnutls_datum* packed_session); +int _gnutls_session_size(gnutls_session session); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index e6d4b0c179..3e0d4d1f9e 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -41,7 +41,7 @@ int _gnutls_generate_sig( gnutls_cert* cert, gnutls_private_key *pkey, const gnu /* Generates a signature of all the previous sent packets in the * handshake procedure. */ -int _gnutls_generate_sig_from_hdata( GNUTLS_STATE state, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature) { +int _gnutls_generate_sig_from_hdata( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature) { gnutls_datum dconcat; int ret; opaque concat[36]; @@ -49,7 +49,7 @@ GNUTLS_MAC_HANDLE td_md5; GNUTLS_MAC_HANDLE td_sha; - td_sha = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_sha); + td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha); if (td_sha == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; @@ -59,7 +59,7 @@ GNUTLS_MAC_HANDLE td_sha; switch (cert->subject_pk_algorithm) { case GNUTLS_PK_RSA: - td_md5 = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_md5); + td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5); if (td_md5 == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; @@ -89,7 +89,7 @@ GNUTLS_MAC_HANDLE td_sha; /* Generates a signature of all the random data and the parameters. * Used in DHE_* ciphersuites. */ -int _gnutls_generate_sig_params( GNUTLS_STATE state, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum* params, gnutls_datum *signature) +int _gnutls_generate_sig_params( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum* params, gnutls_datum *signature) { gnutls_datum dconcat; int ret; @@ -104,8 +104,8 @@ opaque concat[36]; return GNUTLS_E_HASH_FAILED; } - _gnutls_hash( td_sha, state->security_parameters.client_random, TLS_RANDOM_SIZE); - _gnutls_hash( td_sha, state->security_parameters.server_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_sha, session->security_parameters.client_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_sha, session->security_parameters.server_random, TLS_RANDOM_SIZE); _gnutls_hash( td_sha, params->data, params->size); _gnutls_hash_deinit(td_sha, &concat[16]); @@ -118,8 +118,8 @@ opaque concat[36]; return GNUTLS_E_HASH_FAILED; } - _gnutls_hash( td_md5, state->security_parameters.client_random, TLS_RANDOM_SIZE); - _gnutls_hash( td_md5, state->security_parameters.server_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_md5, session->security_parameters.client_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_md5, session->security_parameters.server_random, TLS_RANDOM_SIZE); _gnutls_hash( td_md5, params->data, params->size); _gnutls_hash_deinit(td_md5, concat); @@ -261,20 +261,20 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *hash_co * verify message). ubuffer_size is a buffer to remove from the hash buffer * in order to avoid hashing the last message. */ -int _gnutls_verify_sig_hdata( GNUTLS_STATE state, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size) { +int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size) { int ret; opaque concat[36]; GNUTLS_MAC_HANDLE td_md5; GNUTLS_MAC_HANDLE td_sha; gnutls_datum dconcat; - td_md5 = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_md5); + td_md5 = _gnutls_hash_copy( session->internals.handshake_mac_handle_md5); if (td_md5 == NULL) { gnutls_assert(); return GNUTLS_E_HASH_FAILED; } - td_sha = _gnutls_hash_copy( state->gnutls_internals.handshake_mac_handle_sha); + td_sha = _gnutls_hash_copy( session->internals.handshake_mac_handle_sha); if (td_sha == NULL) { gnutls_assert(); _gnutls_hash_deinit( td_md5, NULL); @@ -300,7 +300,7 @@ gnutls_datum dconcat; /* Generates a signature of all the random data and the parameters. * Used in DHE_* ciphersuites. */ -int _gnutls_verify_sig_params( GNUTLS_STATE state, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum *signature) +int _gnutls_verify_sig_params( gnutls_session session, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum *signature) { gnutls_datum dconcat; int ret; @@ -321,12 +321,12 @@ opaque concat[36]; return GNUTLS_E_HASH_FAILED; } - _gnutls_hash( td_md5, state->security_parameters.client_random, TLS_RANDOM_SIZE); - _gnutls_hash( td_md5, state->security_parameters.server_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_md5, session->security_parameters.client_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_md5, session->security_parameters.server_random, TLS_RANDOM_SIZE); _gnutls_hash( td_md5, params->data, params->size); - _gnutls_hash( td_sha, state->security_parameters.client_random, TLS_RANDOM_SIZE); - _gnutls_hash( td_sha, state->security_parameters.server_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_sha, session->security_parameters.client_random, TLS_RANDOM_SIZE); + _gnutls_hash( td_sha, session->security_parameters.server_random, TLS_RANDOM_SIZE); _gnutls_hash( td_sha, params->data, params->size); _gnutls_hash_deinit(td_md5, concat); diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index b9b5559b35..8e2d568b77 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -2,11 +2,11 @@ # define GNUTLS_SIG_H # include -CertificateStatus gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer); +gnutls_certificate_status gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer); int _gnutls_pkcs1_rsa_generate_sig( gnutls_cert* cert, gnutls_private_key *pkey, const gnutls_datum* hash_concat, gnutls_datum *signature); -int _gnutls_generate_sig_from_hdata( GNUTLS_STATE state, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature); -int _gnutls_generate_sig_params( GNUTLS_STATE state, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum* params, gnutls_datum *signature); -int _gnutls_verify_sig_hdata( GNUTLS_STATE state, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size); -int _gnutls_verify_sig_params( GNUTLS_STATE state, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum* signature); +int _gnutls_generate_sig_from_hdata( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature); +int _gnutls_generate_sig_params( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum* params, gnutls_datum *signature); +int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size); +int _gnutls_verify_sig_params( gnutls_session session, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum* signature); #endif diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index b14ea09edb..221a4b05df 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -19,8 +19,9 @@ * */ -/* Functions to manipulate the state (gnutls_int.h), and some other stuff - * are included here. +/* Functions to manipulate the session (gnutls_int.h), and some other stuff + * are included here. The file's name is traditionaly gnutls_state even if the + * state has been renamed to session. */ #include @@ -39,75 +40,75 @@ #include #include -#define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(state) != auth) { \ +#define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \ gnutls_assert(); \ return ret; \ } -void _gnutls_state_cert_type_set( GNUTLS_STATE state, CertificateType ct) { - state->security_parameters.cert_type = ct; +void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type ct) { + session->security_parameters.cert_type = ct; } /** * gnutls_cipher_get - Returns the currently used cipher. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the currently used cipher. **/ -GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state) { - return state->security_parameters.read_bulk_cipher_algorithm; +gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session) { + return session->security_parameters.read_bulk_cipher_algorithm; } /** * gnutls_cert_type_get - Returns the currently used certificate type. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the currently used certificate type. The certificate type * is by default X.509, unless it is negotiated as a TLS extension. * **/ -GNUTLS_CertificateType gnutls_cert_type_get( GNUTLS_STATE state) { - return state->security_parameters.cert_type; +gnutls_certificate_type gnutls_cert_type_get( gnutls_session session) { + return session->security_parameters.cert_type; } /** * gnutls_kx_get - Returns the key exchange algorithm. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the key exchange algorithm used in the last handshake. **/ -GNUTLS_KXAlgorithm gnutls_kx_get( GNUTLS_STATE state) { - return state->security_parameters.kx_algorithm; +gnutls_kx_algorithm gnutls_kx_get( gnutls_session session) { + return session->security_parameters.kx_algorithm; } /** * gnutls_mac_get - Returns the currently used mac algorithm. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the currently used mac algorithm. **/ -GNUTLS_MACAlgorithm gnutls_mac_get( GNUTLS_STATE state) { - return state->security_parameters.read_mac_algorithm; +gnutls_mac_algorithm gnutls_mac_get( gnutls_session session) { + return session->security_parameters.read_mac_algorithm; } /** * gnutls_compression_get - Returns the currently used compression algorithm. - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * Returns the currently used compression method. **/ -GNUTLS_CompressionMethod gnutls_compression_get( GNUTLS_STATE state) { - return state->security_parameters.read_compression_algorithm; +gnutls_compression_method gnutls_compression_get( gnutls_session session) { + return session->security_parameters.read_compression_algorithm; } -int _gnutls_state_cert_type_supported( GNUTLS_STATE state, CertificateType cert_type) { +int _gnutls_session_cert_type_supported( gnutls_session session, gnutls_certificate_type cert_type) { int i; - if (state->gnutls_internals.cert_type_priority.algorithms==0 && cert_type == + if (session->internals.cert_type_priority.algorithms==0 && cert_type == DEFAULT_CERT_TYPE) return 0; - for (i=0;ignutls_internals.cert_type_priority.algorithms;i++) { - if (state->gnutls_internals.cert_type_priority.algorithm_priority[i] + for (i=0;iinternals.cert_type_priority.algorithms;i++) { + if (session->internals.cert_type_priority.priority[i] == cert_type) { return 0; /* ok */ } @@ -116,225 +117,221 @@ int i; return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } -/* This function will clear all the variables in gnutls_internals - * structure within the state, which depend on the current handshake. +/* This function will clear all the variables in internals + * structure within the session, which depend on the current handshake. * This is used to allow further handshakes. */ -void _gnutls_handshake_internal_state_clear( GNUTLS_STATE state) { - state->gnutls_internals.extensions_sent_size = 0; +void _gnutls_handshake_internal_state_clear( gnutls_session session) { + session->internals.extensions_sent_size = 0; /* by default no selected certificate */ - state->gnutls_internals.selected_cert_index = -1; - state->gnutls_internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE; - state->gnutls_internals.adv_version_major = 0; - state->gnutls_internals.adv_version_minor = 0; - state->gnutls_internals.v2_hello = 0; - memset( &state->gnutls_internals.handshake_header_buffer, 0, + session->internals.selected_cert_index = -1; + session->internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE; + session->internals.adv_version_major = 0; + session->internals.adv_version_minor = 0; + session->internals.v2_hello = 0; + memset( &session->internals.handshake_header_buffer, 0, sizeof(HANDSHAKE_HEADER_BUFFER)); - state->gnutls_internals.adv_version_minor = 0; - state->gnutls_internals.adv_version_minor = 0; - state->gnutls_internals.handshake_direction = 0; + session->internals.adv_version_minor = 0; + session->internals.adv_version_minor = 0; + session->internals.handshake_direction = 0; - state->gnutls_internals.resumable = RESUME_TRUE; + session->internals.resumable = RESUME_TRUE; } #define _gnutls_free(x) if(x!=NULL) gnutls_free(x) /** - * gnutls_init - This function initializes the state to null (null encryption etc...). - * @con_end: is used to indicate if this state is to be used for server or + * gnutls_session_init - This function initializes the session to null (null encryption etc...). + * @con_end: is used to indicate if this session is to be used for server or * client. Can be one of GNUTLS_CLIENT and GNUTLS_SERVER. - * @state: is a pointer to a &GNUTLS_STATE structure. + * @session: is a pointer to a &gnutls_session structure. * - * This function initializes the current state to null. Every state + * This function initializes the current session to null. Every session * must be initialized before use, so internal structures can be allocated. * This function allocates structures which can only be free'd * by calling gnutls_deinit(). Returns zero on success. **/ -int gnutls_init(GNUTLS_STATE * state, GNUTLS_ConnectionEnd con_end) +int gnutls_session_init(gnutls_session * session, gnutls_connection_end con_end) { -int default_protocol_list[] = { GNUTLS_TLS1, 0 }; - - *state = gnutls_calloc(1, sizeof(struct GNUTLS_STATE_INT)); - if (*state==NULL) return GNUTLS_E_MEMORY_ERROR; + *session = gnutls_calloc(1, sizeof(struct gnutls_session_int)); + if (*session==NULL) return GNUTLS_E_MEMORY_ERROR; - (*state)->security_parameters.entity = con_end; + (*session)->security_parameters.entity = con_end; /* the default certificate type for TLS */ - (*state)->security_parameters.cert_type = DEFAULT_CERT_TYPE; + (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE; /* Set the defaults for initial handshake */ - (*state)->security_parameters.read_bulk_cipher_algorithm = - (*state)->security_parameters.write_bulk_cipher_algorithm = GNUTLS_CIPHER_NULL; + (*session)->security_parameters.read_bulk_cipher_algorithm = + (*session)->security_parameters.write_bulk_cipher_algorithm = GNUTLS_CIPHER_NULL; - (*state)->security_parameters.read_mac_algorithm = - (*state)->security_parameters.write_mac_algorithm = GNUTLS_MAC_NULL; + (*session)->security_parameters.read_mac_algorithm = + (*session)->security_parameters.write_mac_algorithm = GNUTLS_MAC_NULL; - (*state)->security_parameters.read_compression_algorithm = GNUTLS_COMP_NULL; - (*state)->security_parameters.write_compression_algorithm = GNUTLS_COMP_NULL; + (*session)->security_parameters.read_compression_algorithm = GNUTLS_COMP_NULL; + (*session)->security_parameters.write_compression_algorithm = GNUTLS_COMP_NULL; - (*state)->gnutls_internals.enable_private = 0; + (*session)->internals.enable_private = 0; - gnutls_protocol_set_priority( *state, default_protocol_list); /* default */ - - (*state)->gnutls_key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT)); - if ( (*state)->gnutls_key == NULL) { - gnutls_free( *state); + (*session)->gnutls_key = gnutls_calloc(1, sizeof(struct GNUTLS_KEY_INT)); + if ( (*session)->gnutls_key == NULL) { + gnutls_free( *session); return GNUTLS_E_MEMORY_ERROR; } - (*state)->gnutls_internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ + (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ - gnutls_dh_set_prime_bits( (*state), MIN_BITS); + gnutls_dh_set_prime_bits( (*session), MIN_BITS); - gnutls_transport_set_lowat((*state), DEFAULT_LOWAT); /* the default for tcp */ + gnutls_transport_set_lowat((*session), DEFAULT_LOWAT); /* the default for tcp */ - gnutls_handshake_set_max_packet_length( (*state), MAX_HANDSHAKE_PACKET_SIZE); + gnutls_handshake_set_max_packet_length( (*session), MAX_HANDSHAKE_PACKET_SIZE); /* Allocate a minimum size for recv_data * This is allocated in order to avoid small messages, makeing * the receive procedure slow. */ - (*state)->gnutls_internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE); + (*session)->internals.record_recv_buffer.data = gnutls_malloc(INITIAL_RECV_BUFFER_SIZE); /* set the socket pointers to -1; */ - (*state)->gnutls_internals.transport_recv_ptr = -1; - (*state)->gnutls_internals.transport_send_ptr = -1; + (*session)->internals.transport_recv_ptr = -1; + (*session)->internals.transport_send_ptr = -1; /* set the default maximum record size for TLS */ - (*state)->security_parameters.max_record_recv_size = DEFAULT_MAX_RECORD_SIZE; - (*state)->security_parameters.max_record_send_size = DEFAULT_MAX_RECORD_SIZE; + (*session)->security_parameters.max_record_recv_size = DEFAULT_MAX_RECORD_SIZE; + (*session)->security_parameters.max_record_send_size = DEFAULT_MAX_RECORD_SIZE; /* everything else not initialized here is initialized * as NULL or 0. This is why calloc is used. */ - _gnutls_handshake_internal_state_clear( *state); + _gnutls_handshake_internal_state_clear( *session); return 0; } /* returns RESUME_FALSE or RESUME_TRUE. */ -int _gnutls_session_is_resumable( GNUTLS_STATE state) +int _gnutls_session_is_resumable( gnutls_session session) { - return state->gnutls_internals.resumable; + return session->internals.resumable; } /** - * _gnutls_deinit - This function clears all buffers associated with the &state - * @state: is a &GNUTLS_STATE structure. + * _gnutls_session_deinit - This function clears all buffers associated with the &session + * @session: is a &gnutls_session structure. * - * This function clears all buffers associated with the &state. + * This function clears all buffers associated with the &session. * The difference with gnutls_deinit() is that this function will not * interfere with the session database. * **/ -void _gnutls_deinit(GNUTLS_STATE state) +void _gnutls_session_deinit(gnutls_session session) { - if (state==NULL) return; + if (session==NULL) return; /* remove auth info firstly */ - _gnutls_free_auth_info(state ); - - _gnutls_handshake_io_buffer_clear( state); - - gnutls_sfree_datum(&state->connection_state.read_mac_secret); - gnutls_sfree_datum(&state->connection_state.write_mac_secret); - - _gnutls_free(state->gnutls_internals.application_data_buffer.data); - _gnutls_free(state->gnutls_internals.handshake_data_buffer.data); - _gnutls_free(state->gnutls_internals.handshake_hash_buffer.data); - _gnutls_free(state->gnutls_internals.record_recv_buffer.data); - _gnutls_free(state->gnutls_internals.record_send_buffer.data); - - gnutls_clear_creds( state); - - if (state->connection_state.read_cipher_state != NULL) - _gnutls_cipher_deinit(state->connection_state.read_cipher_state); - if (state->connection_state.write_cipher_state != NULL) - _gnutls_cipher_deinit(state->connection_state.write_cipher_state); - - if (state->connection_state.read_compression_state != NULL) - _gnutls_comp_deinit(state->connection_state.read_compression_state, 1); - if (state->connection_state.write_compression_state != NULL) - _gnutls_comp_deinit(state->connection_state.write_compression_state, 0); - - gnutls_sfree_datum( &state->cipher_specs.server_write_mac_secret); - gnutls_sfree_datum( &state->cipher_specs.client_write_mac_secret); - gnutls_sfree_datum( &state->cipher_specs.server_write_IV); - gnutls_sfree_datum( &state->cipher_specs.client_write_IV); - gnutls_sfree_datum( &state->cipher_specs.server_write_key); - gnutls_sfree_datum( &state->cipher_specs.client_write_key); - - if (state->gnutls_key != NULL) { - _gnutls_mpi_release(&state->gnutls_key->KEY); - _gnutls_mpi_release(&state->gnutls_key->client_Y); - _gnutls_mpi_release(&state->gnutls_key->client_p); - _gnutls_mpi_release(&state->gnutls_key->client_g); - - _gnutls_mpi_release(&state->gnutls_key->u); - _gnutls_mpi_release(&state->gnutls_key->a); - _gnutls_mpi_release(&state->gnutls_key->x); - _gnutls_mpi_release(&state->gnutls_key->A); - _gnutls_mpi_release(&state->gnutls_key->B); - _gnutls_mpi_release(&state->gnutls_key->b); + _gnutls_free_auth_info(session ); + + _gnutls_handshake_io_buffer_clear( session); + + gnutls_sfree_datum(&session->connection_state.read_mac_secret); + gnutls_sfree_datum(&session->connection_state.write_mac_secret); + + _gnutls_free(session->internals.application_data_buffer.data); + _gnutls_free(session->internals.handshake_data_buffer.data); + _gnutls_free(session->internals.handshake_hash_buffer.data); + _gnutls_free(session->internals.record_recv_buffer.data); + _gnutls_free(session->internals.record_send_buffer.data); + + gnutls_clear_creds( session); + + if (session->connection_state.read_cipher_state != NULL) + _gnutls_cipher_deinit(session->connection_state.read_cipher_state); + if (session->connection_state.write_cipher_state != NULL) + _gnutls_cipher_deinit(session->connection_state.write_cipher_state); + + if (session->connection_state.read_compression_state != NULL) + _gnutls_comp_deinit(session->connection_state.read_compression_state, 1); + if (session->connection_state.write_compression_state != NULL) + _gnutls_comp_deinit(session->connection_state.write_compression_state, 0); + + gnutls_sfree_datum( &session->cipher_specs.server_write_mac_secret); + gnutls_sfree_datum( &session->cipher_specs.client_write_mac_secret); + gnutls_sfree_datum( &session->cipher_specs.server_write_IV); + gnutls_sfree_datum( &session->cipher_specs.client_write_IV); + gnutls_sfree_datum( &session->cipher_specs.server_write_key); + gnutls_sfree_datum( &session->cipher_specs.client_write_key); + + if (session->gnutls_key != NULL) { + _gnutls_mpi_release(&session->gnutls_key->KEY); + _gnutls_mpi_release(&session->gnutls_key->client_Y); + _gnutls_mpi_release(&session->gnutls_key->client_p); + _gnutls_mpi_release(&session->gnutls_key->client_g); + + _gnutls_mpi_release(&session->gnutls_key->u); + _gnutls_mpi_release(&session->gnutls_key->a); + _gnutls_mpi_release(&session->gnutls_key->x); + _gnutls_mpi_release(&session->gnutls_key->A); + _gnutls_mpi_release(&session->gnutls_key->B); + _gnutls_mpi_release(&session->gnutls_key->b); /* RSA */ - _gnutls_mpi_release(&state->gnutls_key->rsa[0]); - _gnutls_mpi_release(&state->gnutls_key->rsa[1]); + _gnutls_mpi_release(&session->gnutls_key->rsa[0]); + _gnutls_mpi_release(&session->gnutls_key->rsa[1]); - _gnutls_mpi_release(&state->gnutls_key->dh_secret); - _gnutls_free(state->gnutls_key); + _gnutls_mpi_release(&session->gnutls_key->dh_secret); + _gnutls_free(session->gnutls_key); - state->gnutls_key = NULL; + session->gnutls_key = NULL; } - memset( state, 0, sizeof(struct GNUTLS_STATE_INT)); - gnutls_free(state); + memset( session, 0, sizeof(struct gnutls_session_int)); + gnutls_free(session); return; } /** - * gnutls_deinit - This function clears all buffers associated with the &state - * @state: is a &GNUTLS_STATE structure. + * gnutls_session_deinit - This function clears all buffers associated with the &session + * @session: is a &gnutls_session structure. * - * This function clears all buffers associated with the &state. + * This function clears all buffers associated with the &session. * This function will also remove session data from the session database * if the session was terminated abnormally. * **/ -void gnutls_deinit(GNUTLS_STATE state) +void gnutls_session_deinit(gnutls_session session) { - if (state==NULL) return; + if (session==NULL) return; /* If the session was terminated abnormally then remove * the session data. */ - if (_gnutls_session_is_resumable(state)==RESUME_FALSE) { - gnutls_db_remove_session( state); + if (_gnutls_session_is_resumable(session)==RESUME_FALSE) { + gnutls_db_remove_session( session); } - _gnutls_deinit( state); + _gnutls_deinit( session); } -int _gnutls_dh_get_prime_bits( GNUTLS_STATE state) { - return state->gnutls_internals.dh_prime_bits; +int _gnutls_dh_get_prime_bits( gnutls_session session) { + return session->internals.dh_prime_bits; } -int _gnutls_dh_set_peer_public_bits( GNUTLS_STATE state, int bits) { - switch( gnutls_auth_get_type( state)) { +int _gnutls_dh_set_peer_public_bits( gnutls_session session, int bits) { + switch( gnutls_auth_get_type( session)) { case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; info->dh_peer_public_bits = bits; @@ -343,7 +340,7 @@ int _gnutls_dh_set_peer_public_bits( GNUTLS_STATE state, int bits) { case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -358,11 +355,11 @@ int _gnutls_dh_set_peer_public_bits( GNUTLS_STATE state, int bits) { return 0; } -int _gnutls_dh_set_secret_bits( GNUTLS_STATE state, int bits) { - switch( gnutls_auth_get_type( state)) { +int _gnutls_dh_set_secret_bits( gnutls_session session, int bits) { + switch( gnutls_auth_get_type( session)) { case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; info->dh_secret_bits = bits; @@ -371,7 +368,7 @@ int _gnutls_dh_set_secret_bits( GNUTLS_STATE state, int bits) { case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -386,10 +383,10 @@ int _gnutls_dh_set_secret_bits( GNUTLS_STATE state, int bits) { return 0; } -int _gnutls_rsa_export_set_modulus_bits( GNUTLS_STATE state, int bits) { +int _gnutls_rsa_export_set_modulus_bits( gnutls_session session, int bits) { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -399,11 +396,11 @@ int _gnutls_rsa_export_set_modulus_bits( GNUTLS_STATE state, int bits) { } -int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) { - switch( gnutls_auth_get_type( state)) { +int _gnutls_dh_set_prime_bits( gnutls_session session, int bits) { + switch( gnutls_auth_get_type( session)) { case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; info->dh_prime_bits = bits; @@ -412,7 +409,7 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) { case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -430,7 +427,7 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) { /** * gnutls_openpgp_send_key - This function will order gnutls to send the openpgp fingerprint instead of the key - * @state: is a pointer to a &GNUTLS_STATE structure. + * @session: is a pointer to a &gnutls_session structure. * @status: is one of OPENPGP_KEY, or OPENPGP_KEY_FINGERPRINT * * This function will order gnutls to send the key fingerprint instead @@ -439,17 +436,17 @@ int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits) { * server can obtain the client's key. * **/ -void gnutls_openpgp_send_key(GNUTLS_STATE state, GNUTLS_OpenPGPKeyStatus status) { - state->gnutls_internals.pgp_fingerprint = status; +void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status status) { + session->internals.pgp_fingerprint = status; } -int _gnutls_openpgp_send_fingerprint(GNUTLS_STATE state) { - return state->gnutls_internals.pgp_fingerprint; +int _gnutls_openpgp_send_fingerprint(gnutls_session session) { + return session->internals.pgp_fingerprint; } /*- * _gnutls_record_set_default_version - Used to set the default version for the first record packet - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @version: is a tls version * * This function sets the default version that we will use in the first @@ -457,14 +454,14 @@ int _gnutls_openpgp_send_fingerprint(GNUTLS_STATE state) { * that know TLS internals and want to debug other implementations. * -*/ -void _gnutls_record_set_default_version(GNUTLS_STATE state, GNUTLS_Version version) +void _gnutls_record_set_default_version(gnutls_session session, gnutls_protocol_version version) { - state->gnutls_internals.default_record_version = version; + session->internals.default_record_version = version; } /** * gnutls_record_set_cbc_protection - Used to disable the CBC protection - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @prot: is an integer (0 or 1) * * A newly discovered attack against the record protocol requires some @@ -481,14 +478,14 @@ void _gnutls_record_set_default_version(GNUTLS_STATE state, GNUTLS_Version versi * 20 or more bytes per record packet. * **/ -void gnutls_record_set_cbc_protection(GNUTLS_STATE state, int prot) +void gnutls_record_set_cbc_protection(gnutls_session session, int prot) { - state->gnutls_internals.cbc_protection_hack = prot; + session->internals.cbc_protection_hack = prot; } /** * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @allow: is an integer (0 or 1) * * This function will enable or disable the use of private @@ -502,14 +499,14 @@ void gnutls_record_set_cbc_protection(GNUTLS_STATE state, int prot) * are not yet defined in any RFC or even internet draft. * **/ -void gnutls_handshake_set_private_extensions(GNUTLS_STATE state, int allow) +void gnutls_handshake_set_private_extensions(gnutls_session session, int allow) { - state->gnutls_internals.enable_private = allow; + session->internals.enable_private = allow; } /** * gnutls_handshake_set_rsa_pms_check - Used to disable the RSA PMS check - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @prot: is an integer (0 or 1) * * The TLS 1.0 handshake protocol includes a check in the in the RSA @@ -527,13 +524,13 @@ void gnutls_handshake_set_private_extensions(GNUTLS_STATE state, int allow) * 20 or more bytes per record packet. * **/ -void gnutls_handshake_set_rsa_pms_check(GNUTLS_STATE state, int check) +void gnutls_handshake_set_rsa_pms_check(gnutls_session session, int check) { - state->gnutls_internals.rsa_pms_check = check; + session->internals.rsa_pms_check = check; } inline -static void _gnutls_cal_PRF_A( MACAlgorithm algorithm, const void *secret, int secret_size, const void *seed, int seed_size, void* result) +static void _gnutls_cal_PRF_A( gnutls_mac_algorithm algorithm, const void *secret, int secret_size, const void *seed, int seed_size, void* result) { GNUTLS_MAC_HANDLE td1; @@ -549,7 +546,7 @@ static void _gnutls_cal_PRF_A( MACAlgorithm algorithm, const void *secret, int s /* Produces "total_bytes" bytes using the hash algorithm specified. * (used in the PRF function) */ -static int _gnutls_P_hash( MACAlgorithm algorithm, const opaque * secret, int secret_size, const opaque * seed, int seed_size, int total_bytes, opaque* ret) +static int _gnutls_P_hash( gnutls_mac_algorithm algorithm, const opaque * secret, int secret_size, const opaque * seed, int seed_size, int total_bytes, opaque* ret) { GNUTLS_MAC_HANDLE td2; @@ -674,21 +671,21 @@ int _gnutls_PRF( const opaque * secret, int secret_size, const uint8 * label, in /** * gnutls_session_is_resumed - Used to check whether this session is a resumed one - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * This function will return non zero if this session is a resumed one, * or a zero if this is a new session. * **/ -int gnutls_session_is_resumed(GNUTLS_STATE state) +int gnutls_session_is_resumed(gnutls_session session) { - if (state->security_parameters.entity==GNUTLS_CLIENT) { - if (memcmp( state->security_parameters.session_id, - state->gnutls_internals.resumed_security_parameters.session_id, - state->security_parameters.session_id_size)==0) + if (session->security_parameters.entity==GNUTLS_CLIENT) { + if (memcmp( session->security_parameters.session_id, + session->internals.resumed_security_parameters.session_id, + session->security_parameters.session_id_size)==0) return 1; } else { - if (state->gnutls_internals.resumed==RESUME_TRUE) + if (session->internals.resumed==RESUME_TRUE) return 1; } @@ -697,16 +694,16 @@ int gnutls_session_is_resumed(GNUTLS_STATE state) /*- * _gnutls_session_is_export - Used to check whether this session is of export grade - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * * This function will return non zero if this session is of export grade. * -*/ -int _gnutls_session_is_export(GNUTLS_STATE state) +int _gnutls_session_is_export(gnutls_session session) { - BulkCipherAlgorithm cipher; + gnutls_cipher_algorithm cipher; - cipher = _gnutls_cipher_suite_get_cipher_algo( state->security_parameters.current_cipher_suite); + cipher = _gnutls_cipher_suite_get_cipher_algo( session->security_parameters.current_cipher_suite); if (_gnutls_cipher_get_export_flag( cipher) != 0) return 1; @@ -715,28 +712,28 @@ int _gnutls_session_is_export(GNUTLS_STATE state) } /** - * gnutls_state_get_ptr - Used to get the user pointer from the state structure - * @state: is a &GNUTLS_STATE structure. + * gnutls_session_get_ptr - Used to get the user pointer from the session structure + * @session: is a &gnutls_session structure. * - * This function will return the user given pointer from the state structure. - * This is the pointer set with gnutls_state_set_ptr(). + * This function will return the user given pointer from the session structure. + * This is the pointer set with gnutls_session_set_ptr(). * **/ -void* gnutls_state_get_ptr(GNUTLS_STATE state) +void* gnutls_session_get_ptr(gnutls_session session) { - return state->gnutls_internals.user_ptr; + return session->internals.user_ptr; } /** - * gnutls_state_set_ptr - Used to set the user pointer to the state structure - * @state: is a &GNUTLS_STATE structure. + * gnutls_session_set_ptr - Used to set the user pointer to the session structure + * @session: is a &gnutls_session structure. * @ptr: is the user pointer * - * This function will set (assosiate) the user given pointer to the state structure. - * This is pointer can be accessed with gnutls_state_get_ptr(). + * This function will set (assosiate) the user given pointer to the session structure. + * This is pointer can be accessed with gnutls_session_get_ptr(). * **/ -void gnutls_state_set_ptr(GNUTLS_STATE state, void* ptr) +void gnutls_session_set_ptr(gnutls_session session, void* ptr) { - state->gnutls_internals.user_ptr = ptr; + session->internals.user_ptr = ptr; } diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index bdb0bf27f8..c5eba45527 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -3,36 +3,36 @@ #include -void _gnutls_record_set_default_version(GNUTLS_STATE state, GNUTLS_Version version); +void _gnutls_record_set_default_version(gnutls_session session, gnutls_protocol_version version); -void _gnutls_state_cert_type_set( GNUTLS_STATE state, CertificateType); -KXAlgorithm gnutls_kx_get( GNUTLS_STATE state); -GNUTLS_BulkCipherAlgorithm gnutls_cipher_get( GNUTLS_STATE state); -CertificateType gnutls_cert_type_get( GNUTLS_STATE state); +void _gnutls_session_cert_type_set( gnutls_session session, gnutls_certificate_type); +gnutls_kx_algorithm gnutls_kx_get( gnutls_session session); +gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session); +gnutls_certificate_type gnutls_cert_type_get( gnutls_session session); #include -#define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(state) != auth) { \ +#define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \ gnutls_assert(); \ return ret; \ } #endif -int _gnutls_state_cert_type_supported( GNUTLS_STATE, CertificateType); -int _gnutls_dh_set_peer_public_bits( GNUTLS_STATE state, int bits); -int _gnutls_dh_set_secret_bits( GNUTLS_STATE state, int bits); -int _gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); -int _gnutls_dh_get_prime_bits( GNUTLS_STATE state); -void gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); -void _gnutls_handshake_internal_state_clear( GNUTLS_STATE); +int _gnutls_session_cert_type_supported( gnutls_session, gnutls_certificate_type); +int _gnutls_dh_set_peer_public_bits( gnutls_session session, int bits); +int _gnutls_dh_set_secret_bits( gnutls_session session, int bits); +int _gnutls_dh_set_prime_bits( gnutls_session session, int bits); +int _gnutls_dh_get_prime_bits( gnutls_session session); +void gnutls_dh_set_prime_bits( gnutls_session session, int bits); +void _gnutls_handshake_internal_state_clear( gnutls_session); -int _gnutls_rsa_export_set_modulus_bits( GNUTLS_STATE state, int bits); +int _gnutls_rsa_export_set_modulus_bits( gnutls_session session, int bits); -int _gnutls_session_is_resumable( GNUTLS_STATE state); -int _gnutls_session_is_export( GNUTLS_STATE state); +int _gnutls_session_is_resumable( gnutls_session session); +int _gnutls_session_is_export( gnutls_session session); -int _gnutls_openpgp_send_fingerprint( GNUTLS_STATE state); +int _gnutls_openpgp_send_fingerprint( gnutls_session session); int _gnutls_PRF( const opaque * secret, int secret_size, const uint8 * label, int label_size, opaque * seed, int seed_size, int total_bytes, void* ret); diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 44c9e1937e..97ec07002e 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -35,7 +35,7 @@ /** * gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite - * @state: is a &GNUTLS_STATE structure. + * @session: is a &gnutls_session structure. * @bits: is the number of bits * * This function sets the number of bits, for use in an @@ -44,27 +44,27 @@ * minimum size of the prime that will be used for the handshake. * **/ -void gnutls_dh_set_prime_bits(GNUTLS_STATE state, int bits) +void gnutls_dh_set_prime_bits(gnutls_session session, int bits) { - state->gnutls_internals.dh_prime_bits = bits; + session->internals.dh_prime_bits = bits; } /** * gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the bits used in the last Diffie Hellman authentication * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. * Returns a negative value in case of an error. * **/ -int gnutls_dh_get_prime_bits(GNUTLS_STATE state) +int gnutls_dh_get_prime_bits(gnutls_session session) { - switch( gnutls_auth_get_type( state)) { + switch( gnutls_auth_get_type( session)) { case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->dh_prime_bits; @@ -72,7 +72,7 @@ int gnutls_dh_get_prime_bits(GNUTLS_STATE state) case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -86,20 +86,20 @@ int gnutls_dh_get_prime_bits(GNUTLS_STATE state) /** * gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the bits used in the last Diffie Hellman authentication * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. * Returns a negative value in case of an error. * **/ -int gnutls_dh_get_secret_bits(GNUTLS_STATE state) +int gnutls_dh_get_secret_bits(gnutls_session session) { - switch( gnutls_auth_get_type( state)) { + switch( gnutls_auth_get_type( session)) { case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->dh_secret_bits; @@ -107,7 +107,7 @@ int gnutls_dh_get_secret_bits(GNUTLS_STATE state) case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -122,18 +122,18 @@ int gnutls_dh_get_secret_bits(GNUTLS_STATE state) /** * gnutls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the bits used in the last RSA-EXPORT key exchange * with the peer. * Returns a negative value in case of an error. * **/ -int gnutls_rsa_export_get_modulus_bits(GNUTLS_STATE state) +int gnutls_rsa_export_get_modulus_bits(gnutls_session session) { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -142,20 +142,20 @@ CERTIFICATE_AUTH_INFO info; /** * gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the bits used in the last Diffie Hellman authentication * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. * Returns a negative value in case of an error. * **/ -int gnutls_dh_get_peers_public_bits(GNUTLS_STATE state) +int gnutls_dh_get_peers_public_bits(gnutls_session session) { - switch( gnutls_auth_get_type( state)) { + switch( gnutls_auth_get_type( session)) { case GNUTLS_CRD_ANON: { ANON_SERVER_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->dh_peer_public_bits; @@ -163,7 +163,7 @@ int gnutls_dh_get_peers_public_bits(GNUTLS_STATE state) case GNUTLS_CRD_CERTIFICATE: { CERTIFICATE_AUTH_INFO info; - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; @@ -179,7 +179,7 @@ int gnutls_dh_get_peers_public_bits(GNUTLS_STATE state) /** * gnutls_certificate_get_ours - This function returns the raw certificate sent in the last handshake - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return the raw certificate list as sent to the peer, * in the last handshake. These certificates are in raw format. @@ -188,20 +188,20 @@ int gnutls_dh_get_peers_public_bits(GNUTLS_STATE state) * Returns NULL in case of an error, or if no certificate was used. * **/ -const gnutls_datum *gnutls_certificate_get_ours(GNUTLS_STATE state) +const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session) { const GNUTLS_CERTIFICATE_CREDENTIALS cred; int index; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return NULL; } - index = state->gnutls_internals.selected_cert_index; + index = session->internals.selected_cert_index; if (index < 0) return NULL; /* no certificate */ return &cred->cert_list[index]->raw; @@ -209,7 +209,7 @@ const gnutls_datum *gnutls_certificate_get_ours(GNUTLS_STATE state) /** * gnutls_certificate_get_peers - This function returns the peer's raw certificate - * @state: is a gnutls state + * @session: is a gnutls session * @list_size: is the length of the certificate list * * This function will return the peer's raw certificate (list) as sent by the peer. @@ -220,13 +220,13 @@ const gnutls_datum *gnutls_certificate_get_ours(GNUTLS_STATE state) * Returns NULL in case of an error, or if no certificate was sent. * **/ -const gnutls_datum *gnutls_certificate_get_peers(GNUTLS_STATE state, int *list_size) +const gnutls_datum *gnutls_certificate_get_peers(gnutls_session session, int *list_size) { CERTIFICATE_AUTH_INFO info; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return NULL; @@ -237,27 +237,27 @@ const gnutls_datum *gnutls_certificate_get_peers(GNUTLS_STATE state, int *list_s /** * gnutls_certificate_client_get_request_status - This function returns the certificate request status - * @state: is a gnutls state + * @session: is a gnutls session * * This function will return 0 if the peer (server) did not request client * authentication or 1 otherwise. * Returns a negative value in case of an error. * **/ -int gnutls_certificate_client_get_request_status(GNUTLS_STATE state) +int gnutls_certificate_client_get_request_status(gnutls_session session) { CERTIFICATE_AUTH_INFO info; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, 0); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) return GNUTLS_E_UNKNOWN_ERROR; return info->certificate_requested; } -typedef MACAlgorithm GNUTLS_DigestAlgorithm; +typedef gnutls_mac_algorithm GNUTLS_DigestAlgorithm; /** * gnutls_x509_fingerprint - This function calculates the fingerprint of the given data * @algo: is a digest algorithm @@ -303,7 +303,7 @@ int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* dat * cipher suites. * **/ -void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTLS_DH_PARAMS dh_params) { +void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, gnutls_dh_params dh_params) { res->dh_params = dh_params; } @@ -317,7 +317,7 @@ void gnutls_anon_set_server_dh_params( GNUTLS_ANON_SERVER_CREDENTIALS res, GNUTL * cipher suites. * **/ -int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_DH_PARAMS dh_params) { +int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, gnutls_dh_params dh_params) { res->dh_params = dh_params; return 0; } @@ -332,7 +332,7 @@ int gnutls_certificate_set_dh_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_ * cipher suites. * **/ -int gnutls_certificate_set_rsa_params(GNUTLS_CERTIFICATE_CREDENTIALS res, GNUTLS_RSA_PARAMS rsa_params) { +int gnutls_certificate_set_rsa_params(GNUTLS_CERTIFICATE_CREDENTIALS res, gnutls_rsa_params rsa_params) { res->rsa_params = rsa_params; return 0; } diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 7ea287c00f..77226bcad1 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -28,10 +28,11 @@ typedef struct { char email[GNUTLS_X509_CN_SIZE]; } gnutls_openpgp_name; -typedef enum GNUTLS_X509_SUBJECT_ALT_NAME { +typedef enum gnutls_x509_subject_alt_name { GNUTLS_SAN_DNSNAME=1, GNUTLS_SAN_RFC822NAME, GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS -} GNUTLS_X509_SUBJECT_ALT_NAME; +} gnutls_x509_subject_alt_name; +#define GNUTLS_X509_SUBJECT_ALT_NAME gnutls_x509_subject_alt_name /* For key Usage, test as: * if (st.keyUsage & X509KEY_DIGITAL_SIGNATURE) ... @@ -49,34 +50,34 @@ typedef enum GNUTLS_X509_SUBJECT_ALT_NAME { # ifdef LIBGNUTLS_VERSION /* These are defined only in gnutls.h */ -typedef int gnutls_certificate_client_select_function(GNUTLS_STATE, const gnutls_datum *, int, const gnutls_datum *, int); -typedef int gnutls_certificate_server_select_function(GNUTLS_STATE, const gnutls_datum *, int); +typedef int gnutls_certificate_client_select_function(gnutls_session, const gnutls_datum *, int, const gnutls_datum *, int); +typedef int gnutls_certificate_server_select_function(gnutls_session, const gnutls_datum *, int); #define gnutls_certificate_client_select_func gnutls_certificate_client_select_function #define gnutls_certificate_server_select_func gnutls_certificate_server_select_function /* Functions that allow AUTH_INFO structures handling */ -GNUTLS_CredType gnutls_auth_get_type( GNUTLS_STATE state); +gnutls_credentials_type gnutls_auth_get_type( gnutls_session session); /* DH */ -void gnutls_dh_set_prime_bits( GNUTLS_STATE state, int bits); -int gnutls_dh_get_prime_bits( GNUTLS_STATE); -int gnutls_dh_get_secret_bits( GNUTLS_STATE); -int gnutls_dh_get_peers_public_bits( GNUTLS_STATE); +void gnutls_dh_set_prime_bits( gnutls_session session, int bits); +int gnutls_dh_get_prime_bits( gnutls_session); +int gnutls_dh_get_secret_bits( gnutls_session); +int gnutls_dh_get_peers_public_bits( gnutls_session); /* RSA */ -int gnutls_rsa_export_get_modulus_bits(GNUTLS_STATE state); +int gnutls_rsa_export_get_modulus_bits(gnutls_session session); /* X509PKI */ -void gnutls_certificate_client_set_select_function( GNUTLS_STATE, gnutls_certificate_client_select_function *); -void gnutls_certificate_server_set_select_function( GNUTLS_STATE, gnutls_certificate_server_select_function *); +void gnutls_certificate_client_set_select_function( gnutls_session, gnutls_certificate_client_select_function *); +void gnutls_certificate_server_set_select_function( gnutls_session, gnutls_certificate_server_select_function *); #define gnutls_certificate_client_set_select_func gnutls_certificate_client_set_select_function #define gnutls_certificate_server_set_select_func gnutls_certificate_server_set_select_function -void gnutls_certificate_server_set_request( GNUTLS_STATE, GNUTLS_CertificateRequest); +void gnutls_certificate_server_set_request( gnutls_session, gnutls_certificate_request); /* X.509 certificate handling functions */ int gnutls_x509_certificate_to_xml(const gnutls_datum * cert, gnutls_datum* res, int detail); @@ -95,15 +96,15 @@ int gnutls_x509_extract_certificate_pk_algorithm( const gnutls_datum * cert, int int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length); -/* get data from the state */ -const gnutls_datum* gnutls_certificate_get_peers( GNUTLS_STATE, int* list_size); -const gnutls_datum *gnutls_certificate_get_ours( GNUTLS_STATE state); +/* get data from the session */ +const gnutls_datum* gnutls_certificate_get_peers( gnutls_session, int* list_size); +const gnutls_datum *gnutls_certificate_get_ours( gnutls_session session); -time_t gnutls_certificate_activation_time_peers(GNUTLS_STATE state); -time_t gnutls_certificate_expiration_time_peers(GNUTLS_STATE state); +time_t gnutls_certificate_activation_time_peers(gnutls_session session); +time_t gnutls_certificate_expiration_time_peers(gnutls_session session); -int gnutls_certificate_client_get_request_status( GNUTLS_STATE); -int gnutls_certificate_verify_peers( GNUTLS_STATE); +int gnutls_certificate_client_get_request_status( gnutls_session); +int gnutls_certificate_verify_peers( gnutls_session); int gnutls_b64_encode_fmt( const char* msg, const gnutls_datum *data, char* result, int* result_size); int gnutls_b64_decode_fmt( const gnutls_datum *b64_data, char* result, int* result_size); diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 32c473d343..ac4576b1f4 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -40,7 +40,7 @@ #include "gnutls_auth_int.h" /* This selects the best supported ciphersuite from the ones provided */ -static int _gnutls_handshake_select_v2_suite(GNUTLS_STATE state, char *data, int datalen) +static int _gnutls_handshake_select_v2_suite(gnutls_session session, char *data, int datalen) { int i, j, ret; char* _data; @@ -63,7 +63,7 @@ static int _gnutls_handshake_select_v2_suite(GNUTLS_STATE state, char *data, int } } - ret = _gnutls_server_select_suite( state, _data, _datalen); + ret = _gnutls_server_select_suite( session, _data, _datalen); gnutls_free(_data); return ret; @@ -74,36 +74,36 @@ static int _gnutls_handshake_select_v2_suite(GNUTLS_STATE state, char *data, int /* Read a v2 client hello. Some browsers still use that beast! * However they set their version to 3.0 or 3.1. */ -int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, +int _gnutls_read_client_hello_v2(gnutls_session session, opaque * data, int datalen) { uint16 session_id_len = 0; int pos = 0; int ret = 0; uint16 sizeOfSuites; - GNUTLS_Version version; + gnutls_protocol_version version; opaque random[TLS_RANDOM_SIZE]; int len = datalen; int err; uint16 challenge; opaque session_id[TLS_MAX_SESSION_ID_SIZE]; - GNUTLS_Version ver; + gnutls_protocol_version ver; /* we only want to get here once - only in client hello */ - state->gnutls_internals.v2_hello = 0; + session->internals.v2_hello = 0; DECR_LEN(len, 2); _gnutls_handshake_log( "HSK: SSL 2.0 Hello: Client's version: %d.%d\n", data[pos], data[pos + 1]); - set_adv_version( state, data[pos], data[pos+1]); + set_adv_version( session, data[pos], data[pos+1]); version = _gnutls_version_get(data[pos], data[pos + 1]); /* if we do not support that version */ - if (_gnutls_version_is_supported(state, version) == 0) { - ver = _gnutls_version_lowest( state); + if (_gnutls_version_is_supported(session, version) == 0) { + ver = _gnutls_version_lowest( session); } else { ver = version; } @@ -113,7 +113,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } - _gnutls_set_current_version(state, ver); + _gnutls_set_current_version(session, ver); pos += 2; @@ -146,7 +146,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, /* find an appropriate cipher suite */ DECR_LEN(len, sizeOfSuites); - ret = _gnutls_handshake_select_v2_suite(state, &data[pos], sizeOfSuites); + ret = _gnutls_handshake_select_v2_suite(session, &data[pos], sizeOfSuites); pos += sizeOfSuites; if (ret < 0) { @@ -156,7 +156,7 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, /* check if the credentials (username, public key etc. are ok) */ - if (_gnutls_get_kx_cred( state->gnutls_key, _gnutls_cipher_suite_get_kx_algo(state->security_parameters.current_cipher_suite), &err) == NULL && err != 0) { + if (_gnutls_get_kx_cred( session->gnutls_key, _gnutls_cipher_suite_get_kx_algo(session->security_parameters.current_cipher_suite), &err) == NULL && err != 0) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; } @@ -165,11 +165,11 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, * according to the KX algorithm. This is needed since all the * handshake functions are read from there; */ - state->gnutls_internals.auth_struct = + session->internals.auth_struct = _gnutls_kx_auth_struct(_gnutls_cipher_suite_get_kx_algo - (state->security_parameters. + (session->security_parameters. current_cipher_suite)); - if (state->gnutls_internals.auth_struct == NULL) { + if (session->internals.auth_struct == NULL) { _gnutls_handshake_log( "HSK: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n"); @@ -190,39 +190,39 @@ int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, memcpy( &random[TLS_RANDOM_SIZE-challenge], &data[pos], challenge); - _gnutls_set_client_random( state, random); + _gnutls_set_client_random( session, random); /* generate server random value */ _gnutls_create_random( random); - _gnutls_set_server_random( state, random); + _gnutls_set_server_random( session, random); - state->security_parameters.timestamp = time(NULL); + session->security_parameters.timestamp = time(NULL); /* RESUME SESSION */ DECR_LEN(len, session_id_len); - ret = _gnutls_server_restore_session(state, session_id, session_id_len); + ret = _gnutls_server_restore_session(session, session_id, session_id_len); if (ret == 0) { /* resumed! */ /* get the new random values */ - memcpy(state->gnutls_internals.resumed_security_parameters.server_random, - state->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy(state->gnutls_internals.resumed_security_parameters.client_random, - state->security_parameters.client_random, TLS_RANDOM_SIZE); + memcpy(session->internals.resumed_security_parameters.server_random, + session->security_parameters.server_random, TLS_RANDOM_SIZE); + memcpy(session->internals.resumed_security_parameters.client_random, + session->security_parameters.client_random, TLS_RANDOM_SIZE); - state->gnutls_internals.resumed = RESUME_TRUE; + session->internals.resumed = RESUME_TRUE; return 0; } else { - _gnutls_generate_session_id(state->security_parameters. + _gnutls_generate_session_id(session->security_parameters. session_id, - &state->security_parameters. + &session->security_parameters. session_id_size); - state->gnutls_internals.resumed = RESUME_FALSE; + session->internals.resumed = RESUME_FALSE; } - state->gnutls_internals.compression_method = GNUTLS_COMP_NULL; + session->internals.compression_method = GNUTLS_COMP_NULL; return 0; } diff --git a/lib/gnutls_v2_compat.h b/lib/gnutls_v2_compat.h index 595d04d60b..77297cac3d 100644 --- a/lib/gnutls_v2_compat.h +++ b/lib/gnutls_v2_compat.h @@ -1 +1 @@ -int _gnutls_read_client_hello_v2(GNUTLS_STATE state, opaque * data, int datalen); +int _gnutls_read_client_hello_v2(gnutls_session session, opaque * data, int datalen); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index d5fc20b192..8e2da47d67 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -588,12 +588,12 @@ static GNUTLS_X509_SUBJECT_ALT_NAME _find_type( char* str_type) { * This is specified in X509v3 Certificate Extensions. * GNUTLS will return the Alternative name, or a negative * error code. - * Returns GNUTLS_E_INVALID_REQUEST if ret_size is not enough to hold the alternative name, - * or the type of alternative name if everything was ok. The type is one of the - * enumerated GNUTLS_X509_SUBJECT_ALT_NAME. + * Returns GNUTLS_E_INVALID_REQUEST if ret_size is not enough to hold the alternative + * name, or the type of alternative name if everything was ok. The type is + * one of the enumerated GNUTLS_X509_SUBJECT_ALT_NAME. * - * If the certificate does not have an Alternative name with the specified sequence number - * then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + * If the certificate does not have an Alternative name with the specified + * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; * **/ int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert, int seq, char *ret, int *ret_size) @@ -814,31 +814,31 @@ int gnutls_x509_extract_certificate_version(const gnutls_datum * cert) /*- * _gnutls_x509_cert_verify_peers - This function returns the peer's certificate status - * @state: is a gnutls state + * @session: is a gnutls session * * This function will try to verify the peer's certificate and return it's status (TRUSTED, EXPIRED etc.). - * The return value (status) should be one of the CertificateStatus enumerated elements. + * The return value (status) should be one of the gnutls_certificate_status enumerated elements. * However you must also check the peer's name in order to check if the verified certificate belongs to the * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. * -*/ -int _gnutls_x509_cert_verify_peers(GNUTLS_STATE state) +int _gnutls_x509_cert_verify_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; const GNUTLS_CERTIFICATE_CREDENTIALS cred; - CertificateStatus verify; + gnutls_certificate_status verify; gnutls_cert *peer_certificate_list; int peer_certificate_list_size, i, x, ret; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(state); + info = _gnutls_get_auth_info(session); if (info == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); + cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFICIENT_CRED; @@ -904,14 +904,14 @@ int _gnutls_x509_cert_verify_peers(GNUTLS_STATE state) * @CRL_list_length: not used * * This function will try to verify the given certificate list and return it's status (TRUSTED, EXPIRED etc.). - * The return value (status) should be one or more of the CertificateStatus + * The return value (status) should be one or more of the gnutls_certificate_status * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked * by this function, you should check them using the appropriate functions. * * However you must also check the peer's name in order to check if the verified certificate belongs to the * actual peer. * - * The return value (status) should be one or more of the CertificateStatus + * The return value (status) should be one or more of the gnutls_certificate_status * enumerated elements bitwise or'd. * * GNUTLS_CERT_NOT_TRUSTED\: the peer's certificate is not trusted. @@ -931,7 +931,7 @@ int _gnutls_x509_cert_verify_peers(GNUTLS_STATE state) **/ int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length) { - CertificateStatus verify; + gnutls_certificate_status verify; gnutls_cert *peer_certificate_list; gnutls_cert *ca_certificate_list; int peer_certificate_list_size, i, x, ret, ca_certificate_list_size; @@ -1277,7 +1277,7 @@ static int parse_pem_cert_mem( gnutls_cert** cert_list, int* ncerts, /* Reads a base64 encoded certificate from memory */ static int read_cert_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *cert, int cert_size, - GNUTLS_X509_CertificateFmt type) + gnutls_x509_certificate_fmt type) { int ret; @@ -1318,7 +1318,7 @@ static int read_cert_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *cert, i * This is to be called once. */ static int read_ca_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *ca, int ca_size, - GNUTLS_X509_CertificateFmt type) + gnutls_x509_certificate_fmt type) { if (type==GNUTLS_X509_FMT_DER) @@ -1375,12 +1375,12 @@ int _gnutls_der_check_if_rsa_key(const gnutls_datum * key_struct) * type indicates the certificate format. */ static int read_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *key, int key_size, - GNUTLS_X509_CertificateFmt type) + gnutls_x509_certificate_fmt type) { int ret; opaque *b64 = NULL; gnutls_datum tmp; - PKAlgorithm pk; + gnutls_pk_algorithm pk; /* allocate space for the pkey list */ @@ -1465,7 +1465,7 @@ static int read_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *key, int /* Reads a certificate file */ static int read_cert_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *certfile, - GNUTLS_X509_CertificateFmt type) + gnutls_x509_certificate_fmt type) { int siz; char x[MAX_FILE_SIZE]; @@ -1488,7 +1488,7 @@ static int read_cert_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *certfi * authorities). This is to be called once. */ static int read_ca_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *cafile, - GNUTLS_X509_CertificateFmt type) + gnutls_x509_certificate_fmt type) { int siz; char x[MAX_FILE_SIZE]; @@ -1513,7 +1513,7 @@ static int read_ca_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *cafile, * stores it). */ static int read_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *keyfile, - GNUTLS_X509_CertificateFmt type) + gnutls_x509_certificate_fmt type) { int siz; char x[MAX_FILE_SIZE]; @@ -1550,7 +1550,7 @@ static int read_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *keyfile * **/ int gnutls_certificate_set_x509_key_file(GNUTLS_CERTIFICATE_CREDENTIALS res, const char *CERTFILE, - const char *KEYFILE, GNUTLS_X509_CertificateFmt type) + const char *KEYFILE, gnutls_x509_certificate_fmt type) { int ret; @@ -1635,7 +1635,7 @@ opaque *pdata; * **/ int gnutls_certificate_set_x509_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, - const gnutls_datum *CA, GNUTLS_X509_CertificateFmt type) + const gnutls_datum *CA, gnutls_x509_certificate_fmt type) { int ret, ret2; @@ -1660,7 +1660,7 @@ int gnutls_certificate_set_x509_trust_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, * **/ int gnutls_certificate_set_x509_trust_file(GNUTLS_CERTIFICATE_CREDENTIALS res, - const char *CAFILE, GNUTLS_X509_CertificateFmt type) + const char *CAFILE, gnutls_x509_certificate_fmt type) { int ret, ret2; @@ -1694,7 +1694,7 @@ int gnutls_certificate_set_x509_trust_file(GNUTLS_CERTIFICATE_CREDENTIALS res, * **/ int gnutls_certificate_set_x509_key_mem(GNUTLS_CERTIFICATE_CREDENTIALS res, const gnutls_datum* CERT, - const gnutls_datum* KEY, GNUTLS_X509_CertificateFmt type) + const gnutls_datum* KEY, gnutls_x509_certificate_fmt type) { int ret; @@ -2134,11 +2134,11 @@ int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gCert, gnutls_datum derCert, } -/* Returns 0 if it's ok to use the KXAlgorithm with this cert +/* Returns 0 if it's ok to use the gnutls_kx_algorithm with this cert * (using KeyUsage field). */ int _gnutls_check_x509_key_usage(const gnutls_cert * cert, - KXAlgorithm alg) + gnutls_kx_algorithm alg) { if (_gnutls_map_kx_get_cred(alg) == GNUTLS_CRD_CERTIFICATE) { switch (alg) { @@ -2357,7 +2357,7 @@ int gnutls_x509_pkcs7_extract_certificate(const gnutls_datum * pkcs7_struct, int * For DSA the bits returned are of the public * exponent. * - * Returns a member of the GNUTLS_PKAlgorithm enumeration on success, + * Returns a member of the gnutls_pk_algorithm enumeration on success, * or a negative value on error. * **/ diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h index 92bbc40756..8fe3398e76 100644 --- a/lib/gnutls_x509.h +++ b/lib/gnutls_x509.h @@ -1,6 +1,6 @@ #include -int _gnutls_x509_cert_verify_peers(GNUTLS_STATE state); +int _gnutls_x509_cert_verify_peers(gnutls_session session); typedef enum ConvFlags { CERT_NO_COPY=2, @@ -15,7 +15,7 @@ void _gnutls_int2str(unsigned int k, char *data); #define PEM_CERT_SEP "-----BEGIN" -int _gnutls_check_x509_key_usage( const gnutls_cert * cert, KXAlgorithm alg); +int _gnutls_check_x509_key_usage( const gnutls_cert * cert, gnutls_kx_algorithm alg); time_t gnutls_x509_extract_certificate_activation_time( const gnutls_datum*); time_t gnutls_x509_extract_certificate_expiration_time( const gnutls_datum*); diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index b1982e65b8..83c745c60d 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -80,7 +80,7 @@ int start, end; /* we use DER here -- FIXME: use BER */ -static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int *digest_size) { +static int _gnutls_get_ber_digest_info( const gnutls_datum *info, gnutls_mac_algorithm *hash, opaque* digest, int *digest_size) { ASN1_TYPE dinfo; int result; opaque str[1024]; @@ -145,7 +145,7 @@ int len; static int _pkcs1_rsa_verify_sig( const gnutls_datum* signature, gnutls_datum* text, GNUTLS_MPI *params, int params_len) { - MACAlgorithm hash; + gnutls_mac_algorithm hash; int ret; opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE]; int digest_size; @@ -189,7 +189,7 @@ _pkcs1_rsa_verify_sig( const gnutls_datum* signature, gnutls_datum* text, GNUTLS /* verifies if the certificate is properly signed. * returns 0 on success. */ -CertificateStatus gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer) { +gnutls_certificate_status gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer) { gnutls_datum signature; gnutls_datum tbs; diff --git a/lib/x509_verify.c b/lib/x509_verify.c index b1685079f4..6f7b688550 100644 --- a/lib/x509_verify.c +++ b/lib/x509_verify.c @@ -39,7 +39,7 @@ static int check_if_ca(const gnutls_cert * cert, const gnutls_cert * issuer) { - CertificateStatus ret = GNUTLS_CERT_INVALID; + gnutls_certificate_status ret = GNUTLS_CERT_INVALID; /* Check if the issuer is the same with the * certificate. This is added in order for trusted @@ -253,7 +253,7 @@ int _gnutls_x509_verify_certificate(gnutls_cert * certificate_list, int crls_size) { int i = 0, ret; - CertificateStatus status = 0; + gnutls_certificate_status status = 0; if (clist_size == 0) { return GNUTLS_E_NO_CERTIFICATE_FOUND; -- cgit v1.2.1