1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
|
/*
* Copyright (C) 2001 Nikos Mavroyanopoulos
* Copyright (C) 2004 Free Software Foundation
*
* This file is part of GNUTLS.
*
* GNUTLS-EXTRA is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUTLS-EXTRA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_extensions.h>
#include <ext_srp.h>
#include <gnutls_openpgp.h>
#include <gnutls_extra.h>
#include <gnutls_algorithms.h>
#ifdef USE_LZO
# include <minilzo.h>
#endif
extern gnutls_extension_entry _gnutls_extensions[];
extern const int _gnutls_extensions_size;
extern const int _gnutls_kx_algorithms_size;
extern gnutls_kx_algo_entry _gnutls_kx_algorithms[];
#define TOSTR(x) #x
#ifdef ENABLE_SRP
static int _gnutls_add_srp_extension(void) {
int i;
/* find the last element */
for(i=0;i<_gnutls_extensions_size;i++) {
if (_gnutls_extensions[i].name==NULL) break;
}
if (_gnutls_extensions[i].name==NULL && (i < _gnutls_extensions_size-1)) {
_gnutls_extensions[i].name = TOSTR(GNUTLS_EXTENSION_SRP);
_gnutls_extensions[i].type = GNUTLS_EXTENSION_SRP;
_gnutls_extensions[i].gnutls_ext_func_recv = _gnutls_srp_recv_params;
_gnutls_extensions[i].gnutls_ext_func_send = _gnutls_srp_send_params;
_gnutls_extensions[i+1].name = 0;
return 0; /* ok */
}
return GNUTLS_E_MEMORY_ERROR;
}
extern mod_auth_st srp_auth_struct;
extern mod_auth_st srp_rsa_auth_struct;
extern mod_auth_st srp_dss_auth_struct;
static int _gnutls_add_srp_auth_struct(void) {
int i;
/* find the last element */
for(i=0;i<_gnutls_kx_algorithms_size;i++) {
if (_gnutls_kx_algorithms[i].name==NULL) break;
}
if (_gnutls_kx_algorithms[i].name==NULL && (i < _gnutls_kx_algorithms_size-1)) {
_gnutls_kx_algorithms[i].name = "SRP";
_gnutls_kx_algorithms[i].algorithm = GNUTLS_KX_SRP;
_gnutls_kx_algorithms[i].auth_struct = &srp_auth_struct;
_gnutls_kx_algorithms[i].needs_dh_params = 0;
_gnutls_kx_algorithms[i].needs_rsa_params = 0;
_gnutls_kx_algorithms[i+1].name = 0;
}
i++;
if (_gnutls_kx_algorithms[i].name==NULL && (i < _gnutls_kx_algorithms_size-1)) {
_gnutls_kx_algorithms[i].name = "SRP RSA";
_gnutls_kx_algorithms[i].algorithm = GNUTLS_KX_SRP_RSA;
_gnutls_kx_algorithms[i].auth_struct = &srp_rsa_auth_struct;
_gnutls_kx_algorithms[i].needs_dh_params = 0;
_gnutls_kx_algorithms[i].needs_rsa_params = 0;
_gnutls_kx_algorithms[i+1].name = 0;
}
i++;
if (_gnutls_kx_algorithms[i].name==NULL && (i < _gnutls_kx_algorithms_size-1)) {
_gnutls_kx_algorithms[i].name = "SRP DSS";
_gnutls_kx_algorithms[i].algorithm = GNUTLS_KX_SRP_DSS;
_gnutls_kx_algorithms[i].auth_struct = &srp_dss_auth_struct;
_gnutls_kx_algorithms[i].needs_dh_params = 0;
_gnutls_kx_algorithms[i].needs_rsa_params = 0;
_gnutls_kx_algorithms[i+1].name = 0;
return 0; /* ok */
}
return GNUTLS_E_MEMORY_ERROR;
}
#endif
/* the number of the compression algorithms available in the compression
* structure.
*/
extern int _gnutls_comp_algorithms_size;
/* Functions in gnutls that have not been initialized.
*/
#ifdef USE_LZO
typedef int (*LZO_FUNC)();
extern LZO_FUNC _gnutls_lzo1x_decompress_safe;
extern LZO_FUNC _gnutls_lzo1x_1_compress;
extern gnutls_compression_entry _gnutls_compression_algorithms[];
static int _gnutls_add_lzo_comp(void)
{
int i;
/* find the last element */
for(i=0;i<_gnutls_comp_algorithms_size;i++) {
if (_gnutls_compression_algorithms[i].name==NULL) break;
}
if (_gnutls_compression_algorithms[i].name==NULL && (i < _gnutls_comp_algorithms_size-1)) {
_gnutls_compression_algorithms[i].name = "GNUTLS_COMP_LZO";
_gnutls_compression_algorithms[i].id = GNUTLS_COMP_LZO;
_gnutls_compression_algorithms[i].num = 0xf2;
_gnutls_compression_algorithms[i+1].name = 0;
/* Now enable the lzo functions: */
_gnutls_lzo1x_decompress_safe = lzo1x_decompress_safe;
_gnutls_lzo1x_1_compress = lzo1x_1_compress;
return 0; /* ok */
}
return GNUTLS_E_MEMORY_ERROR;
}
#endif
extern OPENPGP_KEY_CREATION_TIME_FUNC _E_gnutls_openpgp_get_raw_key_creation_time;
extern OPENPGP_KEY_EXPIRATION_TIME_FUNC _E_gnutls_openpgp_get_raw_key_expiration_time;
extern OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key;
extern OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint;
extern OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key;
extern OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert;
extern OPENPGP_RAW_PRIVKEY_TO_GKEY _E_gnutls_openpgp_raw_privkey_to_gkey;
extern OPENPGP_KEY_TO_GCERT _E_gnutls_openpgp_key_to_gcert;
extern OPENPGP_PRIVKEY_TO_GKEY _E_gnutls_openpgp_privkey_to_gkey;
extern OPENPGP_KEY_DEINIT _E_gnutls_openpgp_key_deinit;
extern OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit;
static void _gnutls_add_openpgp_functions(void) {
#ifdef USE_OPENPGP
_E_gnutls_openpgp_verify_key = _gnutls_openpgp_verify_key;
_E_gnutls_openpgp_get_raw_key_expiration_time = _gnutls_openpgp_get_raw_key_expiration_time;
_E_gnutls_openpgp_get_raw_key_creation_time = _gnutls_openpgp_get_raw_key_creation_time;
_E_gnutls_openpgp_fingerprint = _gnutls_openpgp_fingerprint;
_E_gnutls_openpgp_request_key = _gnutls_openpgp_request_key;
_E_gnutls_openpgp_raw_key_to_gcert = _gnutls_openpgp_raw_key_to_gcert;
_E_gnutls_openpgp_raw_privkey_to_gkey = _gnutls_openpgp_raw_privkey_to_gkey;
_E_gnutls_openpgp_key_to_gcert = _gnutls_openpgp_key_to_gcert;
_E_gnutls_openpgp_privkey_to_gkey = _gnutls_openpgp_privkey_to_gkey;
_E_gnutls_openpgp_key_deinit = gnutls_openpgp_key_deinit;
_E_gnutls_openpgp_privkey_deinit = gnutls_openpgp_privkey_deinit;
#endif
}
extern const char* gnutls_check_version( const char*);
static int _gnutls_init_extra = 0;
/**
* gnutls_global_init_extra - This function initializes the global state of gnutls-extra
*
* This function initializes the global state of gnutls-extra library to defaults.
* Returns zero on success.
*
* Note that gnutls_global_init() has to be called before this function.
* If this function is not called then the gnutls-extra library will not
* be usable.
*
**/
int gnutls_global_init_extra(void) {
int ret;
/* If the version of libgnutls != version of
* libextra, then do not initialize the library.
* This is because it may break things.
*/
if (strcmp( gnutls_check_version(NULL), GNUTLS_VERSION)!=0) {
return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
}
_gnutls_init_extra++;
if (_gnutls_init_extra!=1) {
return 0;
}
/* Initialize the LZO library
*/
#ifdef USE_LZO
if (lzo_init() != LZO_E_OK) {
return GNUTLS_E_LZO_INIT_FAILED;
}
/* Add the LZO compression method in the list of compression
* methods.
*/
ret = _gnutls_add_lzo_comp();
if (ret < 0) {
gnutls_assert();
return ret;
}
#endif
#ifdef ENABLE_SRP
/* Add the SRP authentication to the list of authentication
* methods.
*/
ret = _gnutls_add_srp_auth_struct();
if (ret < 0) {
gnutls_assert();
return ret;
}
/* Do the same of the extension
*/
ret = _gnutls_add_srp_extension();
if (ret < 0) {
gnutls_assert();
return ret;
}
#endif
/* Register the openpgp functions. This is because some
* of them are defined to be NULL in the main library.
*/
_gnutls_add_openpgp_functions();
return 0;
}
/* Taken from libgcrypt. Needed to configure scripts.
*/
static const char*
parse_version_number( const char *s, int *number )
{
int val = 0;
if( *s == '0' && isdigit(s[1]) )
return NULL; /* leading zeros are not allowed */
for ( ; isdigit(*s); s++ ) {
val *= 10;
val += *s - '0';
}
*number = val;
return val < 0? NULL : s;
}
/* The parse version functions were copied from libgcrypt.
*/
static const char *
parse_version_string( const char *s, int *major, int *minor, int *micro )
{
s = parse_version_number( s, major );
if( !s || *s != '.' )
return NULL;
s++;
s = parse_version_number( s, minor );
if( !s || *s != '.' )
return NULL;
s++;
s = parse_version_number( s, micro );
if( !s )
return NULL;
return s; /* patchlevel */
}
/****************
* Check that the version of the library is at minimum the requested one
* and return the version string; return NULL if the condition is not
* satisfied. If a NULL is passed to this function, no check is done,
* but the version string is simply returned.
*/
const char *
gnutls_extra_check_version( const char *req_version )
{
const char *ver = GNUTLS_VERSION;
int my_major, my_minor, my_micro;
int rq_major, rq_minor, rq_micro;
const char *my_plvl, *rq_plvl;
if ( !req_version )
return ver;
my_plvl = parse_version_string( ver, &my_major, &my_minor, &my_micro );
if ( !my_plvl )
return NULL; /* very strange our own version is bogus */
rq_plvl = parse_version_string( req_version, &rq_major, &rq_minor,
&rq_micro );
if ( !rq_plvl )
return NULL; /* req version string is invalid */
if ( my_major > rq_major
|| (my_major == rq_major && my_minor > rq_minor)
|| (my_major == rq_major && my_minor == rq_minor
&& my_micro > rq_micro)
|| (my_major == rq_major && my_minor == rq_minor
&& my_micro == rq_micro
&& strcmp( my_plvl, rq_plvl ) >= 0) ) {
return ver;
}
return NULL;
}
|
