diff options
Diffstat (limited to 'lib/libmicrohttpd/src/daemon/https')
117 files changed, 0 insertions, 35467 deletions
diff --git a/lib/libmicrohttpd/src/daemon/https/Makefile.am b/lib/libmicrohttpd/src/daemon/https/Makefile.am deleted file mode 100644 index 8b4c1aa15c..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -EXTRA_DIST = gnutls.h - -SUBDIRS = minitasn1 lgl x509 tls . diff --git a/lib/libmicrohttpd/src/daemon/https/Makefile.in b/lib/libmicrohttpd/src/daemon/https/Makefile.in deleted file mode 100644 index 069f1c6e87..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/Makefile.in +++ /dev/null @@ -1,575 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/daemon/https -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libcurl.m4 \ - $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/MHD_config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -SOURCES = -DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive -RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ - distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir -ETAGS = etags -CTAGS = ctags -DIST_SUBDIRS = $(SUBDIRS) -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -am__relativize = \ - dir0=`pwd`; \ - sed_first='s,^\([^/]*\)/.*$$,\1,'; \ - sed_rest='s,^[^/]*/*,,'; \ - sed_last='s,^.*/\([^/]*\)$$,\1,'; \ - sed_butlast='s,/*[^/]*$$,,'; \ - while test -n "$$dir1"; do \ - first=`echo "$$dir1" | sed -e "$$sed_first"`; \ - if test "$$first" != "."; then \ - if test "$$first" = ".."; then \ - dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ - dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ - else \ - first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ - if test "$$first2" = "$$first"; then \ - dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ - else \ - dir2="../$$dir2"; \ - fi; \ - dir0="$$dir0"/"$$first"; \ - fi; \ - fi; \ - dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ - done; \ - reldir="$$dir2" -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -EXT_LIBS = @EXT_LIBS@ -EXT_LIB_PATH = @EXT_LIB_PATH@ -FGREP = @FGREP@ -GREP = @GREP@ -HAVE_SOCAT = @HAVE_SOCAT@ -HAVE_ZZUF = @HAVE_ZZUF@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCURL = @LIBCURL@ -LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_VERSION_AGE = @LIB_VERSION_AGE@ -LIB_VERSION_CURRENT = @LIB_VERSION_CURRENT@ -LIB_VERSION_REVISION = @LIB_VERSION_REVISION@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MHD_LIBDEPS = @MHD_LIBDEPS@ -MHD_LIB_LDFLAGS = @MHD_LIB_LDFLAGS@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREAD_CPPFLAGS = @PTHREAD_CPPFLAGS@ -PTHREAD_LDFLAGS = @PTHREAD_LDFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -_libcurl_config = @_libcurl_config@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -EXTRA_DIST = gnutls.h -SUBDIRS = minitasn1 lgl x509 tls . -all: all-recursive - -.SUFFIXES: -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/daemon/https/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/daemon/https/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -# This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - dot_seen=yes; \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done; \ - if test "$$dot_seen" = "no"; then \ - $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ - fi; test -z "$$fail" - -$(RECURSIVE_CLEAN_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ - include_option=--etags-include; \ - empty_fix=.; \ - else \ - include_option=--include; \ - empty_fix=; \ - fi; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test ! -f $$subdir/TAGS || \ - set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ - fi; \ - done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - test -d "$(distdir)/$$subdir" \ - || $(MKDIR_P) "$(distdir)/$$subdir" \ - || exit 1; \ - fi; \ - done - @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ - if test "$$subdir" = .; then :; else \ - dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ - $(am__relativize); \ - new_distdir=$$reldir; \ - dir1=$$subdir; dir2="$(top_distdir)"; \ - $(am__relativize); \ - new_top_distdir=$$reldir; \ - echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ - echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ - ($(am__cd) $$subdir && \ - $(MAKE) $(AM_MAKEFLAGS) \ - top_distdir="$$new_top_distdir" \ - distdir="$$new_distdir" \ - am__remove_distdir=: \ - am__skip_length_check=: \ - am__skip_mode_fix=: \ - distdir) \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-recursive -all-am: Makefile -installdirs: installdirs-recursive -installdirs-am: -install: install-recursive -install-exec: install-exec-recursive -install-data: install-data-recursive -uninstall: uninstall-recursive - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-recursive -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-recursive - -clean-am: clean-generic clean-libtool mostlyclean-am - -distclean: distclean-recursive - -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-tags - -dvi: dvi-recursive - -dvi-am: - -html: html-recursive - -html-am: - -info: info-recursive - -info-am: - -install-data-am: - -install-dvi: install-dvi-recursive - -install-dvi-am: - -install-exec-am: - -install-html: install-html-recursive - -install-html-am: - -install-info: install-info-recursive - -install-info-am: - -install-man: - -install-pdf: install-pdf-recursive - -install-pdf-am: - -install-ps: install-ps-recursive - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-recursive - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-recursive - -mostlyclean-am: mostlyclean-generic mostlyclean-libtool - -pdf: pdf-recursive - -pdf-am: - -ps: ps-recursive - -ps-am: - -uninstall-am: - -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am check check-am clean clean-generic clean-libtool \ - ctags ctags-recursive distclean distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ - uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/libmicrohttpd/src/daemon/https/gnutls.h b/lib/libmicrohttpd/src/daemon/https/gnutls.h deleted file mode 100644 index f2f6f06925..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/gnutls.h +++ /dev/null @@ -1,697 +0,0 @@ -/* -*- c -*- - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 - * USA - * - */ - -/* This file contains the types and prototypes for all the - * high level functionality of gnutls main library. For the - * extra functionality (which is under the GNU GPL license) check - * the gnutls/extra.h header. The openssl compatibility layer is - * in gnutls/openssl.h. - * - * The low level cipher functionality is in libgcrypt. Check - * gcrypt.h - */ - -#ifndef GNUTLS_H -#define GNUTLS_H - -#ifdef __cplusplus -extern "C" -{ -#if 0 /* keep Emacsens' auto-indent happy */ -} -#endif -#endif - - -/** - * List of key exchange algorithms. - * Note that not all listed algorithms are necessarily - * supported by all builds of MHD. - */ -enum MHD_GNUTLS_KeyExchangeAlgorithm -{ - MHD_GNUTLS_KX_UNKNOWN = 0, - MHD_GNUTLS_KX_RSA = 1, -}; - -/** - * Server credentials type (note that not all types - * maybe supported by all MHD builds). - */ -enum MHD_GNUTLS_CredentialsType -{ - /** - * We have a x.509 certificate. - */ - MHD_GNUTLS_CRD_CERTIFICATE = 1, - -}; - -/** - * Enumeration of possible cryptographic - * hash functions (for MAC and Digest operations). - * Note that not all listed algorithms are necessarily - * supported by all builds of MHD. - */ -enum MHD_GNUTLS_HashAlgorithm -{ - MHD_GNUTLS_MAC_UNKNOWN = 0, - MHD_GNUTLS_MAC_NULL = 1, - MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_MAC_SHA1, - MHD_GNUTLS_MAC_SHA256 -}; - -/** - * List of compression methods. - * Note that not all listed algorithms are necessarily - * supported by all builds of MHD. - */ -enum MHD_GNUTLS_CompressionMethod -{ - MHD_GNUTLS_COMP_UNKNOWN = 0, - - /** - * No compression. - */ - MHD_GNUTLS_COMP_NULL = 1, - -}; -/** - * Types of certificates. - */ -enum MHD_GNUTLS_CertificateType -{ - MHD_GNUTLS_CRT_UNKNOWN = 0, - MHD_GNUTLS_CRT_X509 = 1 -}; - -/** - * List of public key algorithms. - * Note that not all listed algorithms are necessarily - * supported by all builds of MHD. - */ -enum MHD_GNUTLS_PublicKeyAlgorithm -{ - MHD_GNUTLS_PK_UNKNOWN = 0, - MHD_GNUTLS_PK_RSA = 1, - MHD_GNUTLS_KX_RSA_EXPORT -}; - - - -#define LIBGNUTLS_VERSION "2.2.3" - -/* Get size_t. */ -#include <stddef.h> - -#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC -#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC -#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC -#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128 - -#define GNUTLS_MAX_SESSION_ID 32 -#define TLS_MASTER_SIZE 48 -#define TLS_RANDOM_SIZE 32 - -#include "platform.h" -#include "microhttpd.h" - -typedef enum -{ - GNUTLS_PARAMS_RSA_EXPORT = 1, - GNUTLS_PARAMS_DH -} MHD_gnutls_params_type_t; - - /* exported for other gnutls headers. This is the maximum number of - * algorithms (ciphers, kx or macs). - */ -#define GNUTLS_MAX_ALGORITHM_NUM 16 -#define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE - -typedef enum -{ - GNUTLS_SERVER = 1, - GNUTLS_CLIENT -} MHD_gnutls_connection_end_t; - -typedef enum -{ - GNUTLS_AL_WARNING = 1, - GNUTLS_AL_FATAL -} MHD_gnutls_alert_level_t; - -typedef enum -{ - GNUTLS_A_CLOSE_NOTIFY, - GNUTLS_A_UNEXPECTED_MESSAGE = 10, - GNUTLS_A_BAD_RECORD_MAC = 20, - GNUTLS_A_DECRYPTION_FAILED, - GNUTLS_A_RECORD_OVERFLOW, - GNUTLS_A_DECOMPRESSION_FAILURE = 30, - GNUTLS_A_HANDSHAKE_FAILURE = 40, - GNUTLS_A_SSL3_NO_CERTIFICATE = 41, - GNUTLS_A_BAD_CERTIFICATE = 42, - GNUTLS_A_UNSUPPORTED_CERTIFICATE, - GNUTLS_A_CERTIFICATE_REVOKED, - GNUTLS_A_CERTIFICATE_EXPIRED, - GNUTLS_A_CERTIFICATE_UNKNOWN, - GNUTLS_A_ILLEGAL_PARAMETER, - GNUTLS_A_UNKNOWN_CA, - GNUTLS_A_ACCESS_DENIED, - GNUTLS_A_DECODE_ERROR = 50, - GNUTLS_A_DECRYPT_ERROR, - GNUTLS_A_EXPORT_RESTRICTION = 60, - GNUTLS_A_PROTOCOL_VERSION = 70, - GNUTLS_A_INSUFFICIENT_SECURITY, - GNUTLS_A_INTERNAL_ERROR = 80, - GNUTLS_A_USER_CANCELED = 90, - GNUTLS_A_NO_RENEGOTIATION = 100, - GNUTLS_A_UNSUPPORTED_EXTENSION = 110, - GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111, - GNUTLS_A_UNRECOGNIZED_NAME = 112, - GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115, -} MHD_gnutls_alert_description_t; - -typedef enum -{ GNUTLS_HANDSHAKE_HELLO_REQUEST = 0, - GNUTLS_HANDSHAKE_CLIENT_HELLO = 1, - GNUTLS_HANDSHAKE_SERVER_HELLO = 2, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16, - GNUTLS_HANDSHAKE_FINISHED = 20, - GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23 -} MHD_gnutls_handshake_description_t; - -typedef enum -{ - GNUTLS_CERT_INVALID = 2, /* will be set if the certificate - * was not verified. - */ - GNUTLS_CERT_REVOKED = 32, /* in X.509 this will be set only if CRLs are checked - */ - - /* Those are extra information about the verification - * process. Will be set only if the certificate was - * not verified. - */ - GNUTLS_CERT_SIGNER_NOT_FOUND = 64, - GNUTLS_CERT_SIGNER_NOT_CA = 128, - GNUTLS_CERT_INSECURE_ALGORITHM = 256 -} MHD_gnutls_certificate_status_t; - -typedef enum -{ - GNUTLS_CERT_IGNORE, - GNUTLS_CERT_REQUEST = 1, - GNUTLS_CERT_REQUIRE -} MHD_gnutls_certificate_request_t; - -typedef enum -{ - GNUTLS_SHUT_RDWR = 0, - GNUTLS_SHUT_WR = 1 -} MHD_gnutls_close_request_t; - -typedef enum -{ - GNUTLS_X509_FMT_DER, - GNUTLS_X509_FMT_PEM -} MHD_gnutls_x509_crt_fmt_t; - -typedef enum -{ - GNUTLS_SIGN_UNKNOWN = 0, - GNUTLS_SIGN_RSA_SHA1 = 1, - GNUTLS_SIGN_DSA_SHA1, - GNUTLS_SIGN_RSA_MD5, - GNUTLS_SIGN_RSA_MD2, - GNUTLS_SIGN_RSA_RMD160, - GNUTLS_SIGN_RSA_SHA256, - GNUTLS_SIGN_RSA_SHA384, - GNUTLS_SIGN_RSA_SHA512 -} MHD_gnutls_sign_algorithm_t; - -/* If you want to change this, then also change the define in - * MHD_gnutls_int.h, and recompile. - */ -typedef void *MHD_gnutls_transport_ptr_t; - -struct MHD_gtls_session_int; -typedef struct MHD_gtls_session_int *MHD_gtls_session_t; - -struct MHD_gtls_dh_params_int; -typedef struct MHD_gtls_dh_params_int *MHD_gtls_dh_params_t; - -struct MHD_gtls_x509_privkey_int; /* XXX ugly. */ -typedef struct MHD_gtls_x509_privkey_int *MHD_gtls_rsa_params_t; /* XXX ugly. */ - -struct MHD_gtls_priority_st; -typedef struct MHD_gtls_priority_st *MHD_gnutls_priority_t; - -typedef struct -{ - unsigned char *data; - unsigned int size; -} MHD_gnutls_datum_t; - - -typedef struct MHD_gnutls_params_st -{ - MHD_gnutls_params_type_t type; - union params - { - MHD_gtls_dh_params_t dh; - MHD_gtls_rsa_params_t rsa_export; - } params; - int deinit; -} MHD_gnutls_params_st; - -typedef int MHD_gnutls_params_function (MHD_gtls_session_t, - MHD_gnutls_params_type_t, - MHD_gnutls_params_st *); - -/* internal functions */ -int MHD__gnutls_global_init (void); -void MHD__gnutls_global_deinit (void); - -int MHD__gnutls_init (MHD_gtls_session_t * session, - MHD_gnutls_connection_end_t con_end); -void MHD__gnutls_deinit (MHD_gtls_session_t session); - -int MHD__gnutls_bye (MHD_gtls_session_t session, - MHD_gnutls_close_request_t how); -int MHD__gnutls_handshake (MHD_gtls_session_t session); -int MHD__gnutls_rehandshake (MHD_gtls_session_t session); - -MHD_gnutls_alert_description_t MHD_gnutls_alert_get (MHD_gtls_session_t - session); -int MHD__gnutls_alert_send (MHD_gtls_session_t session, - MHD_gnutls_alert_level_t level, - MHD_gnutls_alert_description_t desc); -int MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err); -const char *MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert); - -size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm - algorithm); - - /* error functions */ -int MHD_gtls_error_is_fatal (int error); -int MHD_gtls_error_to_alert (int err, int *level); -void MHD_gtls_perror (int error); -const char *MHD_gtls_strerror (int error); - -/* - * Record layer functions. - */ -ssize_t MHD__gnutls_record_send (MHD_gtls_session_t session, - const void *data, size_t sizeofdata); -ssize_t MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data, - size_t sizeofdata); - - /* provides extra compatibility */ -int MHD__gnutls_record_get_direction (MHD_gtls_session_t session); - -/* - * TLS Extensions - */ -typedef enum -{ - GNUTLS_NAME_DNS = 1 -} MHD_gnutls_server_name_type_t; - - /* Supplemental data, RFC 4680. */ -typedef enum -{ - GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0 -} MHD_gnutls_supplemental_data_format_type_t; - - -int MHD_tls_set_default_priority (MHD_gnutls_priority_t *, - const char *priority, const char **err_pos); -void MHD__gnutls_priority_deinit (MHD_gnutls_priority_t); - -int MHD__gnutls_priority_set (MHD_gtls_session_t session, - MHD_gnutls_priority_t); -int MHD__gnutls_priority_set_direct (MHD_gtls_session_t session, - const char *priority, - const char **err_pos); - -/* get the currently used protocol version */ -enum MHD_GNUTLS_Protocol -MHD__gnutls_protocol_get_version (MHD_gtls_session_t session); - -typedef - int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t); -void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t - session, size_t max); - -/* - * Functions for setting/clearing credentials - */ -void MHD__gnutls_credentials_clear (MHD_gtls_session_t session); - -/* - * cred is a structure defined by the kx algorithm - */ -int MHD__gnutls_credentials_set (MHD_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, - void *cred); - -/* Credential structures - used in MHD__gnutls_credentials_set(); */ -struct MHD_gtls_certificate_credentials_st; -typedef struct MHD_gtls_certificate_credentials_st - *MHD_gtls_cert_credentials_t; -typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials; -typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials; - -void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t - sc); -int -MHD__gnutls_certificate_allocate_credentials (MHD_gtls_cert_credentials_t - * res); - -void MHD__gnutls_certificate_free_keys (MHD_gtls_cert_credentials_t sc); -void MHD__gnutls_certificate_free_cas (MHD_gtls_cert_credentials_t sc); -void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc); - -int MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t - res, - const MHD_gnutls_datum_t * - CERT, - const MHD_gnutls_datum_t * - KEY, - MHD_gnutls_x509_crt_fmt_t type); - -void MHD__gnutls_certificate_send_x509_rdn_sequence (MHD_gtls_session_t - session, int status); - -/* - * New functions to allow setting already parsed X.509 stuff. - */ -struct MHD_gtls_x509_privkey_int; -typedef struct MHD_gtls_x509_privkey_int *MHD_gnutls_x509_privkey_t; - -struct MHD_gnutls_x509_crl_int; -typedef struct MHD_gnutls_x509_crl_int *MHD_gnutls_x509_crl_t; - -struct MHD_gnutls_x509_crt_int; -typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t; - -/* global state functions - */ - - -typedef void *(*MHD_gnutls_alloc_function) (size_t); -typedef int (*MHD_gnutls_is_secure_function) (const void *); -typedef void *(*MHD_gnutls_calloc_function) (size_t, size_t); -typedef void (*MHD_gnutls_free_function) (void *); -typedef void *(*MHD_gnutls_realloc_function) (void *, size_t); - -/* For use in callbacks */ -extern MHD_gnutls_alloc_function MHD_gnutls_malloc; -extern MHD_gnutls_alloc_function MHD_gnutls_secure_malloc; -extern MHD_gnutls_realloc_function MHD_gnutls_realloc; -extern MHD_gnutls_calloc_function MHD_gnutls_calloc; -extern MHD_gnutls_free_function MHD_gnutls_free; - -typedef void (*MHD_gnutls_log_func) (int, const char *); -void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func); -void MHD_gtls_global_set_log_level (int level); - -/* - * Diffie Hellman parameter handling. - */ -int MHD__gnutls_dh_params_init (MHD_gtls_dh_params_t * dh_params); -void MHD__gnutls_dh_params_deinit (MHD_gtls_dh_params_t dh_params); - - -/* RSA params */ -int MHD__gnutls_rsa_params_init (MHD_gtls_rsa_params_t * rsa_params); -void MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params); -int MHD__gnutls_rsa_params_generate2 (MHD_gtls_rsa_params_t params, - unsigned int bits); - - -/* - * Session stuff - */ -typedef ssize_t (*MHD_gtls_pull_func) (MHD_gnutls_transport_ptr_t, void *, - size_t); -typedef ssize_t (*MHD_gtls_push_func) (MHD_gnutls_transport_ptr_t, - const void *, size_t); -void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, - MHD_gnutls_transport_ptr_t ptr); -void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); - - -void MHD__gnutls_transport_set_push_function (MHD_gtls_session_t session, - MHD_gtls_push_func push_func); -void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, - MHD_gtls_pull_func pull_func); - -typedef enum MHD_gnutls_x509_subject_alt_name_t -{ - GNUTLS_SAN_DNSNAME = 1, - GNUTLS_SAN_RFC822NAME, - GNUTLS_SAN_URI, - GNUTLS_SAN_IPADDRESS, - GNUTLS_SAN_OTHERNAME, - GNUTLS_SAN_DN, - /* The following are "virtual" subject alternative name types, in - that they are represented by an otherName value and an OID. - Used by MHD_gnutls_x509_crt_get_subject_alt_othername_oid(). */ - GNUTLS_SAN_OTHERNAME_XMPP = 1000 -} MHD_gnutls_x509_subject_alt_name_t; - -typedef struct MHD_gnutls_retr_st -{ - enum MHD_GNUTLS_CertificateType type; - union cert - { - MHD_gnutls_x509_crt_t *x509; - } cert; - unsigned int ncerts; - - union key - { - MHD_gnutls_x509_privkey_t x509; - } key; - - unsigned int deinit_all; /* if non zero all keys will be deinited */ -} MHD_gnutls_retr_st; - -typedef int -MHD_gnutls_certificate_client_retrieve_function (MHD_gtls_session_t, - const MHD_gnutls_datum_t - * req_ca_rdn, int nreqs, - const enum - MHD_GNUTLS_PublicKeyAlgorithm - *pk_algos, - int pk_algos_length, - MHD_gnutls_retr_st *); - -typedef int -MHD_gnutls_certificate_server_retrieve_function (MHD_gtls_session_t, - MHD_gnutls_retr_st *); - - /* - * Functions that allow auth_info_t structures handling - */ -enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t - session); - /* - * DH - */ -void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, - unsigned int bits); - - /* External signing callback. Experimental. */ -typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, - void *userdata, - enum MHD_GNUTLS_CertificateType - cert_type, - const MHD_gnutls_datum_t * cert, - const MHD_gnutls_datum_t * hash, - MHD_gnutls_datum_t * signature); - - /* key_usage will be an OR of the following values: */ - /* when the key is to be used for signing: */ -#define GNUTLS_KEY_DIGITAL_SIGNATURE 128 -#define GNUTLS_KEY_NON_REPUDIATION 64 - /* when the key is to be used for encryption: */ -#define GNUTLS_KEY_KEY_ENCIPHERMENT 32 -#define GNUTLS_KEY_DATA_ENCIPHERMENT 16 -#define GNUTLS_KEY_KEY_AGREEMENT 8 -#define GNUTLS_KEY_KEY_CERT_SIGN 4 -#define GNUTLS_KEY_CRL_SIGN 2 -#define GNUTLS_KEY_ENCIPHER_ONLY 1 -#define GNUTLS_KEY_DECIPHER_ONLY 32768 - - /* - * Error codes. TLS alert mapping shown in comments. - */ -#define GNUTLS_E_SUCCESS 0 -#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 -#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 -#define GNUTLS_E_LARGE_PACKET -7 -#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ -#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ -#define GNUTLS_E_INVALID_SESSION -10 -#define GNUTLS_E_FATAL_ALERT_RECEIVED -12 -#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ -#define GNUTLS_E_WARNING_ALERT_RECEIVED -16 -#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 -#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 -#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ -#define GNUTLS_E_UNWANTED_ALGORITHM -22 -#define GNUTLS_E_MPI_SCAN_FAILED -23 -#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ -#define GNUTLS_E_MEMORY_ERROR -25 -#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ -#define GNUTLS_E_COMPRESSION_FAILED -27 -#define GNUTLS_E_AGAIN -28 -#define GNUTLS_E_EXPIRED -29 -#define GNUTLS_E_DB_ERROR -30 -#define GNUTLS_E_SRP_PWD_ERROR -31 -#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 -#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ -#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS -#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ - -#define GNUTLS_E_HASH_FAILED -33 -#define GNUTLS_E_BASE64_DECODING_ERROR -34 - -#define GNUTLS_E_MPI_PRINT_FAILED -35 -#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ -#define GNUTLS_E_GOT_APPLICATION_DATA -38 -#define GNUTLS_E_RECORD_LIMIT_REACHED -39 -#define GNUTLS_E_ENCRYPTION_FAILED -40 - -#define GNUTLS_E_PK_ENCRYPTION_FAILED -44 -#define GNUTLS_E_PK_DECRYPTION_FAILED -45 -#define GNUTLS_E_PK_SIGN_FAILED -46 -#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 -#define GNUTLS_E_KEY_USAGE_VIOLATION -48 -#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ -#define GNUTLS_E_INVALID_REQUEST -50 -#define GNUTLS_E_SHORT_MEMORY_BUFFER -51 -#define GNUTLS_E_INTERRUPTED -52 -#define GNUTLS_E_PUSH_ERROR -53 -#define GNUTLS_E_PULL_ERROR -54 -#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ -#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 -#define GNUTLS_E_PKCS1_WRONG_PAD -57 -#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 -#define GNUTLS_E_INTERNAL_ERROR -59 -#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63 -#define GNUTLS_E_FILE_ERROR -64 -#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78 -#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80 - - - /* returned if libextra functionality was requested but - * MHD_gnutls_global_init_extra() was not called. - */ -#define GNUTLS_E_INIT_LIBEXTRA -82 -#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83 - - - /* returned if you need to generate temporary RSA - * parameters. These are needed for export cipher suites. - */ -#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84 - -#define GNUTLS_E_LZO_INIT_FAILED -85 -#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86 -#define GNUTLS_E_NO_CIPHER_SUITES -87 - -#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89 - -#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90 -#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91 -#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93 - - /* For certificate and key stuff - */ -#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67 -#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68 -#define GNUTLS_E_ASN1_DER_ERROR -69 -#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70 -#define GNUTLS_E_ASN1_GENERIC_ERROR -71 -#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72 -#define GNUTLS_E_ASN1_TAG_ERROR -73 -#define GNUTLS_E_ASN1_TAG_IMPLICIT -74 -#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75 -#define GNUTLS_E_ASN1_SYNTAX_ERROR -76 -#define GNUTLS_E_ASN1_DER_OVERFLOW -77 -#define GNUTLS_E_CERTIFICATE_ERROR -43 -#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR -#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 -#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ -#define GNUTLS_E_X509_UNKNOWN_SAN -62 -#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 -#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96 -#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 -#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 -#define GNUTLS_E_INVALID_PASSWORD -99 -#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ -#define GNUTLS_E_CONSTRAINT_ERROR -101 - -#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102 -#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103 - -#define GNUTLS_E_IA_VERIFY_FAILED -104 - -#define GNUTLS_E_UNKNOWN_ALGORITHM -105 - -#define GNUTLS_E_BASE64_ENCODING_ERROR -201 -#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ -#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 -#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 - -#define GNUTLS_E_X509_UNSUPPORTED_OID -205 - -#define GNUTLS_E_RANDOM_FAILED -206 -#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207 - - -#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250 - -#define GNUTLS_E_APPLICATION_ERROR_MAX -65000 -#define GNUTLS_E_APPLICATION_ERROR_MIN -65500 - - -#if 0 /* keep Emacsens' auto-indent happy */ -{ -#endif -#ifdef __cplusplus -} -#endif - -#endif /* GNUTLS_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/lgl/Makefile.am b/lib/libmicrohttpd/src/daemon/https/lgl/Makefile.am deleted file mode 100644 index 5659d5c5ef..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/lgl/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/include @LIBGCRYPT_CFLAGS@ - -if USE_COVERAGE - AM_CFLAGS = -fprofile-arcs -ftest-coverage -endif - -noinst_LTLIBRARIES = liblgl.la - -liblgl_la_SOURCES = \ - gc-libgcrypt.c \ - gc.h -liblgl_la_LIBADD = @LIBGCRYPT_LIBS@ diff --git a/lib/libmicrohttpd/src/daemon/https/lgl/Makefile.in b/lib/libmicrohttpd/src/daemon/https/lgl/Makefile.in deleted file mode 100644 index ea0602fda9..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/lgl/Makefile.in +++ /dev/null @@ -1,495 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/daemon/https/lgl -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libcurl.m4 \ - $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/MHD_config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -liblgl_la_DEPENDENCIES = -am_liblgl_la_OBJECTS = gc-libgcrypt.lo -liblgl_la_OBJECTS = $(am_liblgl_la_OBJECTS) -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(liblgl_la_SOURCES) -DIST_SOURCES = $(liblgl_la_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -EXT_LIBS = @EXT_LIBS@ -EXT_LIB_PATH = @EXT_LIB_PATH@ -FGREP = @FGREP@ -GREP = @GREP@ -HAVE_SOCAT = @HAVE_SOCAT@ -HAVE_ZZUF = @HAVE_ZZUF@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCURL = @LIBCURL@ -LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_VERSION_AGE = @LIB_VERSION_AGE@ -LIB_VERSION_CURRENT = @LIB_VERSION_CURRENT@ -LIB_VERSION_REVISION = @LIB_VERSION_REVISION@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MHD_LIBDEPS = @MHD_LIBDEPS@ -MHD_LIB_LDFLAGS = @MHD_LIB_LDFLAGS@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREAD_CPPFLAGS = @PTHREAD_CPPFLAGS@ -PTHREAD_LDFLAGS = @PTHREAD_LDFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -_libcurl_config = @_libcurl_config@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/include @LIBGCRYPT_CFLAGS@ - -@USE_COVERAGE_TRUE@AM_CFLAGS = -fprofile-arcs -ftest-coverage -noinst_LTLIBRARIES = liblgl.la -liblgl_la_SOURCES = \ - gc-libgcrypt.c \ - gc.h - -liblgl_la_LIBADD = @LIBGCRYPT_LIBS@ -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/daemon/https/lgl/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/daemon/https/lgl/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -liblgl.la: $(liblgl_la_OBJECTS) $(liblgl_la_DEPENDENCIES) - $(LINK) $(liblgl_la_OBJECTS) $(liblgl_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gc-libgcrypt.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/libmicrohttpd/src/daemon/https/lgl/gc-libgcrypt.c b/lib/libmicrohttpd/src/daemon/https/lgl/gc-libgcrypt.c deleted file mode 100644 index 0995740584..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/lgl/gc-libgcrypt.c +++ /dev/null @@ -1,407 +0,0 @@ -/* gc-libgcrypt.c --- Crypto wrappers around Libgcrypt for GC. - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Simon Josefsson - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published - * by the Free Software Foundation; either version 2.1, or (at your - * option) any later version. - * - * This file is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this file; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - * - */ - -/* Note: This file is only built if GC uses Libgcrypt. */ - -#include "MHD_config.h" - -/* Get prototype. */ -#include "gc.h" - -#include <stdlib.h> -#include <string.h> - -/* Get libgcrypt API. */ -#include <gcrypt.h> - -#include <assert.h> - -/* Initialization. */ - -Gc_rc -MHD_gc_init (void) -{ - gcry_error_t err; - - err = gcry_control (GCRYCTL_ANY_INITIALIZATION_P); - if (err == GPG_ERR_NO_ERROR) - { - if (gcry_check_version (GCRYPT_VERSION) == NULL) - return GC_INIT_ERROR; - - err = gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); - if (err != GPG_ERR_NO_ERROR) - return GC_INIT_ERROR; - } - return GC_OK; -} - -void -MHD_gc_done (void) -{ - return; -} - -#ifdef GNULIB_GC_RANDOM - -/* Randomness. */ - -Gc_rc -MHD_gc_nonce (char *data, size_t datalen) -{ - gcry_create_nonce ((unsigned char *) data, datalen); - return GC_OK; -} - -Gc_rc -MHD_gc_pseudo_random (char *data, size_t datalen) -{ - gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM); - return GC_OK; -} - -#endif - -/* Memory allocation. */ - -/* Ciphers. */ - -Gc_rc -MHD_gc_cipher_open (Gc_cipher alg, - Gc_cipher_mode mode, MHD_gc_cipher_handle * outhandle) -{ - int gcryalg, gcrymode; - gcry_error_t err; - - switch (alg) - { - case GC_AES128: - gcryalg = GCRY_CIPHER_RIJNDAEL; - break; - - case GC_AES192: - gcryalg = GCRY_CIPHER_RIJNDAEL; - break; - - case GC_AES256: - gcryalg = GCRY_CIPHER_RIJNDAEL256; - break; - - case GC_3DES: - gcryalg = GCRY_CIPHER_3DES; - break; - - case GC_DES: - gcryalg = GCRY_CIPHER_DES; - break; - - case GC_ARCFOUR128: - case GC_ARCFOUR40: - gcryalg = GCRY_CIPHER_ARCFOUR; - break; - - case GC_ARCTWO40: - gcryalg = GCRY_CIPHER_RFC2268_40; - break; - - default: - return GC_INVALID_CIPHER; - } - - switch (mode) - { - case GC_ECB: - gcrymode = GCRY_CIPHER_MODE_ECB; - break; - - case GC_CBC: - gcrymode = GCRY_CIPHER_MODE_CBC; - break; - - case GC_STREAM: - gcrymode = GCRY_CIPHER_MODE_STREAM; - break; - - default: - return GC_INVALID_CIPHER; - } - - err = - gcry_cipher_open ((gcry_cipher_hd_t *) outhandle, gcryalg, gcrymode, 0); - if (gcry_err_code (err)) - return GC_INVALID_CIPHER; - - return GC_OK; -} - -Gc_rc -MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen, - const char *key) -{ - gcry_error_t err; - - err = gcry_cipher_setkey ((gcry_cipher_hd_t) handle, key, keylen); - if (gcry_err_code (err)) - return GC_INVALID_CIPHER; - - return GC_OK; -} - -Gc_rc -MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen, - const char *iv) -{ - gcry_error_t err; - - err = gcry_cipher_setiv ((gcry_cipher_hd_t) handle, iv, ivlen); - if (gcry_err_code (err)) - return GC_INVALID_CIPHER; - - return GC_OK; -} - -Gc_rc -MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len, - char *data) -{ - if (gcry_cipher_encrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) != - 0) - return GC_INVALID_CIPHER; - - return GC_OK; -} - -Gc_rc -MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len, - char *data) -{ - if (gcry_cipher_decrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) != - 0) - return GC_INVALID_CIPHER; - - return GC_OK; -} - -Gc_rc -MHD_gc_cipher_close (MHD_gc_cipher_handle handle) -{ - gcry_cipher_close (handle); - - return GC_OK; -} - -/* Hashes. */ - -typedef struct _MHD_gc_hash_ctx -{ - Gc_hash alg; - Gc_hash_mode mode; - gcry_md_hd_t gch; -} _MHD_gc_hash_ctx; - -Gc_rc -MHD_gc_hash_open (Gc_hash hash, Gc_hash_mode mode, - MHD_gc_hash_handle * outhandle) -{ - _MHD_gc_hash_ctx *ctx; - int gcryalg = 0, gcrymode = 0; - gcry_error_t err; - Gc_rc rc = GC_OK; - - ctx = calloc (sizeof (*ctx), 1); - if (!ctx) - return GC_MALLOC_ERROR; - - ctx->alg = hash; - ctx->mode = mode; - - switch (hash) - { - case GC_MD2: - gcryalg = GCRY_MD_NONE; - break; - - case GC_MD4: - gcryalg = GCRY_MD_MD4; - break; - - case GC_MD5: - gcryalg = GCRY_MD_MD5; - break; - - case GC_SHA1: - gcryalg = GCRY_MD_SHA1; - break; - - case GC_SHA256: - gcryalg = GCRY_MD_SHA256; - break; - - case GC_SHA384: - gcryalg = GCRY_MD_SHA384; - break; - - case GC_SHA512: - gcryalg = GCRY_MD_SHA512; - break; - - case GC_RMD160: - gcryalg = GCRY_MD_RMD160; - break; - - default: - rc = GC_INVALID_HASH; - } - - switch (mode) - { - case 0: - gcrymode = 0; - break; - - case GC_HMAC: - gcrymode = GCRY_MD_FLAG_HMAC; - break; - - default: - rc = GC_INVALID_HASH; - } - - if (rc == GC_OK && gcryalg != GCRY_MD_NONE) - { - err = gcry_md_open (&ctx->gch, gcryalg, gcrymode); - if (gcry_err_code (err)) - rc = GC_INVALID_HASH; - } - - if (rc == GC_OK) - *outhandle = ctx; - else - free (ctx); - - return rc; -} - -Gc_rc -MHD_gc_hash_clone (MHD_gc_hash_handle handle, MHD_gc_hash_handle * outhandle) -{ - _MHD_gc_hash_ctx *in = handle; - _MHD_gc_hash_ctx *out; - int err; - - *outhandle = out = calloc (sizeof (*out), 1); - if (!out) - return GC_MALLOC_ERROR; - - memcpy (out, in, sizeof (*out)); - - err = gcry_md_copy (&out->gch, in->gch); - if (err) - { - free (out); - return GC_INVALID_HASH; - } - - return GC_OK; -} - -size_t -MHD_gc_hash_digest_length (Gc_hash hash) -{ - size_t len; - - switch (hash) - { - case GC_MD2: - len = GC_MD2_DIGEST_SIZE; - break; - - case GC_MD4: - len = GC_MD4_DIGEST_SIZE; - break; - - case GC_MD5: - len = GC_MD5_DIGEST_SIZE; - break; - - case GC_RMD160: - len = GC_RMD160_DIGEST_SIZE; - break; - - case GC_SHA1: - len = GC_SHA1_DIGEST_SIZE; - break; - - case GC_SHA256: - len = GC_SHA256_DIGEST_SIZE; - break; - - case GC_SHA384: - len = GC_SHA384_DIGEST_SIZE; - break; - - case GC_SHA512: - len = GC_SHA512_DIGEST_SIZE; - break; - - default: - return 0; - } - - return len; -} - -void -MHD_gc_hash_MHD_hmac_setkey (MHD_gc_hash_handle handle, size_t len, - const char *key) -{ - _MHD_gc_hash_ctx *ctx = handle; - gcry_md_setkey (ctx->gch, key, len); -} - -void -MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, const char *data) -{ - _MHD_gc_hash_ctx *ctx = handle; - gcry_md_write (ctx->gch, data, len); -} - -const char * -MHD_gc_hash_read (MHD_gc_hash_handle handle) -{ - _MHD_gc_hash_ctx *ctx = handle; - const char *digest; - { - gcry_md_final (ctx->gch); - digest = (const char *) gcry_md_read (ctx->gch, 0); - } - - return digest; -} - -void -MHD_gc_hash_close (MHD_gc_hash_handle handle) -{ - _MHD_gc_hash_ctx *ctx = handle; - - gcry_md_close (ctx->gch); - - free (ctx); -} diff --git a/lib/libmicrohttpd/src/daemon/https/lgl/gc.h b/lib/libmicrohttpd/src/daemon/https/lgl/gc.h deleted file mode 100644 index 30c4e45bc2..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/lgl/gc.h +++ /dev/null @@ -1,172 +0,0 @@ -/* gc.h --- Header file for implementation agnostic crypto wrapper API. - * Copyright (C) 2002, 2003, 2004, 2005, 2007 Simon Josefsson - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published - * by the Free Software Foundation; either version 2.1, or (at your - * option) any later version. - * - * This file is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this file; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - * - */ - -#ifndef GC_H -#define GC_H - -/* Get size_t. */ -# include <stddef.h> - -enum Gc_rc -{ - GC_OK = 0, - GC_MALLOC_ERROR, - GC_INIT_ERROR, - GC_RANDOM_ERROR, - GC_INVALID_CIPHER, - GC_INVALID_HASH, - GC_PKCS5_INVALID_ITERATION_COUNT, - GC_PKCS5_INVALID_DERIVED_KEY_LENGTH, - GC_PKCS5_DERIVED_KEY_TOO_LONG -}; -typedef enum Gc_rc Gc_rc; - -/* Hash types. */ -enum Gc_hash -{ - GC_MD4, - GC_MD5, - GC_SHA1, - GC_MD2, - GC_RMD160, - GC_SHA256, - GC_SHA384, - GC_SHA512 -}; -typedef enum Gc_hash Gc_hash; - -enum Gc_hash_mode -{ - GC_HMAC = 1 -}; -typedef enum Gc_hash_mode Gc_hash_mode; - -typedef void *MHD_gc_hash_handle; - -#define GC_MD2_DIGEST_SIZE 16 -#define GC_MD4_DIGEST_SIZE 16 -#define GC_MD5_DIGEST_SIZE 16 -#define GC_RMD160_DIGEST_SIZE 20 -#define GC_SHA1_DIGEST_SIZE 20 -#define GC_SHA256_DIGEST_SIZE 32 -#define GC_SHA384_DIGEST_SIZE 48 -#define GC_SHA512_DIGEST_SIZE 64 - -/* Cipher types. */ -enum Gc_cipher -{ - GC_AES128, - GC_AES192, - GC_AES256, - GC_3DES, - GC_DES, - GC_ARCFOUR128, - GC_ARCFOUR40, - GC_ARCTWO40, - GC_CAMELLIA128, - GC_CAMELLIA256 -}; -typedef enum Gc_cipher Gc_cipher; - -enum Gc_cipher_mode -{ - GC_ECB, - GC_CBC, - GC_STREAM -}; -typedef enum Gc_cipher_mode Gc_cipher_mode; - -typedef void *MHD_gc_cipher_handle; - -/* Call before respectively after any other functions. */ -Gc_rc MHD_gc_init (void); -void MHD_gc_done (void); - -/* Memory allocation (avoid). */ -typedef void *(*MHD_gc_malloc_t) (size_t n); -typedef int (*MHD_gc_secure_check_t) (const void *); -typedef void *(*MHD_gc_realloc_t) (void *p, size_t n); -typedef void (*MHD_gc_free_t) (void *); -/* Randomness. */ -Gc_rc MHD_gc_nonce (char *data, size_t datalen); -Gc_rc MHD_gc_pseudo_random (char *data, size_t datalen); - -/* Ciphers. */ -Gc_rc MHD_gc_cipher_open (Gc_cipher cipher, - Gc_cipher_mode mode, - MHD_gc_cipher_handle * outhandle); -Gc_rc MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen, - const char *key); -Gc_rc MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen, - const char *iv); -Gc_rc MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len, - char *data); -Gc_rc MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len, - char *data); -Gc_rc MHD_gc_cipher_close (MHD_gc_cipher_handle handle); - -/* Hashes. */ - -Gc_rc MHD_gc_hash_open (Gc_hash hash, - Gc_hash_mode mode, MHD_gc_hash_handle * outhandle); -Gc_rc MHD_gc_hash_clone (MHD_gc_hash_handle handle, - MHD_gc_hash_handle * outhandle); -size_t MHD_gc_hash_digest_length (Gc_hash hash); -void MHD_gc_hash_MHD_hmac_setkey (MHD_gc_hash_handle handle, size_t len, - const char *key); -void MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, - const char *data); -const char *MHD_gc_hash_read (MHD_gc_hash_handle handle); -void MHD_gc_hash_close (MHD_gc_hash_handle handle); - -/* Compute a hash value over buffer IN of INLEN bytes size using the - algorithm HASH, placing the result in the pre-allocated buffer OUT. - The required size of OUT depends on HASH, and is generally - GC_<HASH>_DIGEST_SIZE. For example, for GC_MD5 the output buffer - must be 16 bytes. The return value is 0 (GC_OK) on success, or - another Gc_rc error code. */ -Gc_rc MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, - char *out); - -/* One-call interface. */ -Gc_rc MHD_gc_md2 (const void *in, size_t inlen, void *resbuf); -Gc_rc MHD_gc_md4 (const void *in, size_t inlen, void *resbuf); -Gc_rc MHD_gc_md5 (const void *in, size_t inlen, void *resbuf); -Gc_rc MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf); -Gc_rc MHD_gc_MHD_hmac_md5 (const void *key, - size_t keylen, const void *in, size_t inlen, - char *resbuf); -Gc_rc MHD_gc_MHD_hmac_sha1 (const void *key, size_t keylen, const void *in, - size_t inlen, char *resbuf); - -/* Derive cryptographic keys from a password P of length PLEN, with - salt S of length SLEN, placing the result in pre-allocated buffer - DK of length DKLEN. An iteration count is specified in C, where a - larger value means this function take more time (typical iteration - counts are 1000-20000). This function "stretches" the key to be - exactly dkLen bytes long. GC_OK is returned on success, otherwise - an Gc_rc error code is returned. */ -Gc_rc MHD_gc_pbkdf2_sha1 (const char *P, - size_t Plen, - const char *S, - size_t Slen, unsigned int c, char *DK, - size_t dkLen); - -#endif /* GC_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/Makefile.am b/lib/libmicrohttpd/src/daemon/https/minitasn1/Makefile.am deleted file mode 100644 index 1d5c68d99e..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/Makefile.am +++ /dev/null @@ -1,18 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/include \ - -I$(top_srcdir)/src/daemon/https/lgl \ - -I$(top_srcdir)/src/daemon/https/tls - -if USE_COVERAGE - AM_CFLAGS = -fprofile-arcs -ftest-coverage -endif - -noinst_LTLIBRARIES = libasn1.la - -libasn1_la_SOURCES = \ -libtasn1.h \ -mem.h \ -gstr.h \ -int.h \ -parser_aux.h structure.h element.h decoding.c gstr.c \ -parser_aux.c structure.c element.c coding.c diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/Makefile.in b/lib/libmicrohttpd/src/daemon/https/minitasn1/Makefile.in deleted file mode 100644 index 29440d3362..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/Makefile.in +++ /dev/null @@ -1,506 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/daemon/https/minitasn1 -DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libcurl.m4 \ - $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/MHD_config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libasn1_la_LIBADD = -am_libasn1_la_OBJECTS = decoding.lo gstr.lo parser_aux.lo structure.lo \ - element.lo coding.lo -libasn1_la_OBJECTS = $(am_libasn1_la_OBJECTS) -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libasn1_la_SOURCES) -DIST_SOURCES = $(libasn1_la_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -EXT_LIBS = @EXT_LIBS@ -EXT_LIB_PATH = @EXT_LIB_PATH@ -FGREP = @FGREP@ -GREP = @GREP@ -HAVE_SOCAT = @HAVE_SOCAT@ -HAVE_ZZUF = @HAVE_ZZUF@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCURL = @LIBCURL@ -LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_VERSION_AGE = @LIB_VERSION_AGE@ -LIB_VERSION_CURRENT = @LIB_VERSION_CURRENT@ -LIB_VERSION_REVISION = @LIB_VERSION_REVISION@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MHD_LIBDEPS = @MHD_LIBDEPS@ -MHD_LIB_LDFLAGS = @MHD_LIB_LDFLAGS@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREAD_CPPFLAGS = @PTHREAD_CPPFLAGS@ -PTHREAD_LDFLAGS = @PTHREAD_LDFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -_libcurl_config = @_libcurl_config@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/include \ - -I$(top_srcdir)/src/daemon/https/lgl \ - -I$(top_srcdir)/src/daemon/https/tls - -@USE_COVERAGE_TRUE@AM_CFLAGS = -fprofile-arcs -ftest-coverage -noinst_LTLIBRARIES = libasn1.la -libasn1_la_SOURCES = \ -libtasn1.h \ -mem.h \ -gstr.h \ -int.h \ -parser_aux.h structure.h element.h decoding.c gstr.c \ -parser_aux.c structure.c element.c coding.c - -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/daemon/https/minitasn1/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/daemon/https/minitasn1/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libasn1.la: $(libasn1_la_OBJECTS) $(libasn1_la_DEPENDENCIES) - $(LINK) $(libasn1_la_OBJECTS) $(libasn1_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/coding.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/decoding.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/element.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gstr.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser_aux.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/structure.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/README b/lib/libmicrohttpd/src/daemon/https/minitasn1/README deleted file mode 100644 index 9d484dfccc..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/README +++ /dev/null @@ -1,3 +0,0 @@ -This is just a mirror of the files in the libtasn1's -lib/ directory. - diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/coding.c b/lib/libmicrohttpd/src/daemon/https/minitasn1/coding.c deleted file mode 100644 index 02d046834c..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/coding.c +++ /dev/null @@ -1,1211 +0,0 @@ -/* - * Copyright (C) 2004, 2006 Free Software Foundation - * Copyright (C) 2002 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - - -/*****************************************************/ -/* File: coding.c */ -/* Description: Functions to create a DER coding of */ -/* an ASN1 type. */ -/*****************************************************/ - -#include <int.h> -#include "parser_aux.h" -#include <gstr.h> -#include "element.h" -#include <structure.h> - -#define MAX_TAG_LEN 16 - -/******************************************************/ -/* Function : MHD__asn1_error_description_value_not_found */ -/* Description: creates the ErrorDescription string */ -/* for the ASN1_VALUE_NOT_FOUND error. */ -/* Parameters: */ -/* node: node of the tree where the value is NULL. */ -/* ErrorDescription: string returned. */ -/* Return: */ -/******************************************************/ -static void -MHD__asn1_error_description_value_not_found (node_asn * node, - char *ErrorDescription) -{ - - if (ErrorDescription == NULL) - return; - - Estrcpy (ErrorDescription, ":: value of element '"); - MHD__asn1_hierarchical_name (node, - ErrorDescription + strlen (ErrorDescription), - MAX_ERROR_DESCRIPTION_SIZE - 40); - Estrcat (ErrorDescription, "' not found"); - -} - -/** - * MHD__asn1_length_der: - * @len: value to convert. - * @ans: string returned. - * @ans_len: number of meaningful bytes of ANS (ans[0]..ans[ans_len-1]). - * - * Creates the DER coding for the LEN parameter (only the length). - * The @ans buffer is pre-allocated and must have room for the output. - **/ -void -MHD__asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len) -{ - int k; - unsigned char temp[SIZEOF_UNSIGNED_LONG_INT]; - - if (len < 128) - { - /* short form */ - if (ans != NULL) - ans[0] = (unsigned char) len; - *ans_len = 1; - } - else - { - /* Long form */ - k = 0; - while (len) - { - temp[k++] = len & 0xFF; - len = len >> 8; - } - *ans_len = k + 1; - if (ans != NULL) - { - ans[0] = ((unsigned char) k & 0x7F) + 128; - while (k--) - ans[*ans_len - 1 - k] = temp[k]; - } - } -} - -/******************************************************/ -/* Function : MHD__asn1_tag_der */ -/* Description: creates the DER coding for the CLASS */ -/* and TAG parameters. */ -/* Parameters: */ -/* class: value to convert. */ -/* tag_value: value to convert. */ -/* ans: string returned. */ -/* ans_len: number of meaningful bytes of ANS */ -/* (ans[0]..ans[ans_len-1]). */ -/* Return: */ -/******************************************************/ -static void -MHD__asn1_tag_der (unsigned char class, unsigned int tag_value, - unsigned char *ans, int *ans_len) -{ - int k; - unsigned char temp[SIZEOF_UNSIGNED_INT]; - - if (tag_value < 31) - { - /* short form */ - ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F)); - *ans_len = 1; - } - else - { - /* Long form */ - ans[0] = (class & 0xE0) + 31; - k = 0; - while (tag_value) - { - temp[k++] = tag_value & 0x7F; - tag_value = tag_value >> 7; - } - *ans_len = k + 1; - while (k--) - ans[*ans_len - 1 - k] = temp[k] + 128; - ans[*ans_len - 1] -= 128; - } -} - -/** - * MHD__asn1_octet_der: - * @str: OCTET string. - * @str_len: STR length (str[0]..str[str_len-1]). - * @der: string returned. - * @der_len: number of meaningful bytes of DER (der[0]..der[ans_len-1]). - * - * Creates the DER coding for an OCTET type (length included). - **/ -void -MHD__asn1_octet_der (const unsigned char *str, int str_len, - unsigned char *der, int *der_len) -{ - int len_len; - - if (der == NULL || str_len < 0) - return; - MHD__asn1_length_der (str_len, der, &len_len); - memcpy (der + len_len, str, str_len); - *der_len = str_len + len_len; -} - -/******************************************************/ -/* Function : MHD__asn1_time_der */ -/* Description: creates the DER coding for a TIME */ -/* type (length included). */ -/* Parameters: */ -/* str: TIME null-terminated string. */ -/* der: string returned. */ -/* der_len: number of meaningful bytes of DER */ -/* (der[0]..der[ans_len-1]). Initially it */ -/* if must store the lenght of DER. */ -/* Return: */ -/* ASN1_MEM_ERROR when DER isn't big enough */ -/* ASN1_SUCCESS otherwise */ -/******************************************************/ -static MHD__asn1_retCode -MHD__asn1_time_der (unsigned char *str, unsigned char *der, int *der_len) -{ - int len_len; - int max_len; - - max_len = *der_len; - - MHD__asn1_length_der (strlen ((const char *) str), - (max_len > 0) ? der : NULL, &len_len); - - if ((len_len + (int) strlen ((const char *) str)) <= max_len) - memcpy (der + len_len, str, strlen ((const char *) str)); - *der_len = len_len + strlen ((const char *) str); - - if ((*der_len) > max_len) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - -/******************************************************/ -/* Function : MHD__asn1_objectid_der */ -/* Description: creates the DER coding for an */ -/* OBJECT IDENTIFIER type (length included). */ -/* Parameters: */ -/* str: OBJECT IDENTIFIER null-terminated string. */ -/* der: string returned. */ -/* der_len: number of meaningful bytes of DER */ -/* (der[0]..der[ans_len-1]). Initially it */ -/* must store the length of DER. */ -/* Return: */ -/* ASN1_MEM_ERROR when DER isn't big enough */ -/* ASN1_SUCCESS otherwise */ -/******************************************************/ -static MHD__asn1_retCode -MHD__asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len) -{ - int len_len, counter, k, first, max_len; - char *temp, *n_end, *n_start; - unsigned char bit7; - unsigned long val, val1 = 0; - - max_len = *der_len; - - temp = (char *) MHD__asn1_alloca (strlen ((const char *) str) + 2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - strcpy (temp, (const char *) str); - strcat (temp, "."); - - counter = 0; - n_start = temp; - while ((n_end = strchr (n_start, '.'))) - { - *n_end = 0; - val = strtoul (n_start, NULL, 10); - counter++; - - if (counter == 1) - val1 = val; - else if (counter == 2) - { - if (max_len > 0) - der[0] = 40 * val1 + val; - *der_len = 1; - } - else - { - first = 0; - for (k = 4; k >= 0; k--) - { - bit7 = (val >> (k * 7)) & 0x7F; - if (bit7 || first || !k) - { - if (k) - bit7 |= 0x80; - if (max_len > (*der_len)) - der[*der_len] = bit7; - (*der_len)++; - first = 1; - } - } - - } - n_start = n_end + 1; - } - - MHD__asn1_length_der (*der_len, NULL, &len_len); - if (max_len >= (*der_len + len_len)) - { - memmove (der + len_len, der, *der_len); - MHD__asn1_length_der (*der_len, der, &len_len); - } - *der_len += len_len; - - MHD__asn1_afree (temp); - - if (max_len < (*der_len)) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - - -const char MHD_bit_mask[] = - { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 }; - -/** - * MHD__asn1_bit_der: - * @str: BIT string. - * @bit_len: number of meaningful bits in STR. - * @der: string returned. - * @der_len: number of meaningful bytes of DER - * (der[0]..der[ans_len-1]). - * - * Creates the DER coding for a BIT STRING type (length and pad - * included). - **/ -void -MHD__asn1_bit_der (const unsigned char *str, int bit_len, - unsigned char *der, int *der_len) -{ - int len_len, len_byte, len_pad; - - if (der == NULL) - return; - len_byte = bit_len >> 3; - len_pad = 8 - (bit_len & 7); - if (len_pad == 8) - len_pad = 0; - else - len_byte++; - MHD__asn1_length_der (len_byte + 1, der, &len_len); - der[len_len] = len_pad; - memcpy (der + len_len + 1, str, len_byte); - der[len_len + len_byte] &= MHD_bit_mask[len_pad]; - *der_len = len_byte + len_len + 1; -} - - -/******************************************************/ -/* Function : MHD__asn1_complete_explicit_tag */ -/* Description: add the length coding to the EXPLICIT */ -/* tags. */ -/* Parameters: */ -/* node: pointer to the tree element. */ -/* der: string with the DER coding of the whole tree*/ -/* counter: number of meaningful bytes of DER */ -/* (der[0]..der[*counter-1]). */ -/* max_len: size of der vector */ -/* Return: */ -/* ASN1_MEM_ERROR if der vector isn't big enough, */ -/* otherwise ASN1_SUCCESS. */ -/******************************************************/ -static MHD__asn1_retCode -MHD__asn1_complete_explicit_tag (node_asn * node, unsigned char *der, - int *counter, int *max_len) -{ - node_asn *p; - int is_tag_implicit, len2, len3; - unsigned char temp[SIZEOF_UNSIGNED_INT]; - - is_tag_implicit = 0; - - if (node->type & CONST_TAG) - { - p = node->down; - /* When there are nested tags we must complete them reverse to - the order they were created. This is because completing a tag - modifies all data within it, including the incomplete tags - which store buffer positions -- simon@josefsson.org 2002-09-06 - */ - while (p->right) - p = p->right; - while (p && p != node->down->left) - { - if (type_field (p->type) == TYPE_TAG) - { - if (p->type & CONST_EXPLICIT) - { - len2 = strtol (p->name, NULL, 10); - MHD__asn1_set_name (p, NULL); - MHD__asn1_length_der (*counter - len2, temp, &len3); - if (len3 <= (*max_len)) - { - memmove (der + len2 + len3, der + len2, - *counter - len2); - memcpy (der + len2, temp, len3); - } - *max_len -= len3; - *counter += len3; - is_tag_implicit = 0; - } - else - { /* CONST_IMPLICIT */ - if (!is_tag_implicit) - { - is_tag_implicit = 1; - } - } - } - p = p->left; - } - } - - if (*max_len < 0) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - - -/******************************************************/ -/* Function : MHD__asn1_insert_tag_der */ -/* Description: creates the DER coding of tags of one */ -/* NODE. */ -/* Parameters: */ -/* node: pointer to the tree element. */ -/* der: string returned */ -/* counter: number of meaningful bytes of DER */ -/* (counter[0]..der[*counter-1]). */ -/* max_len: size of der vector */ -/* Return: */ -/* ASN1_GENERIC_ERROR if the type is unknown, */ -/* ASN1_MEM_ERROR if der vector isn't big enough, */ -/* otherwise ASN1_SUCCESS. */ -/******************************************************/ -static MHD__asn1_retCode -MHD__asn1_insert_tag_der (node_asn * node, unsigned char *der, int *counter, - int *max_len) -{ - node_asn *p; - int tag_len, is_tag_implicit; - unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1]; - unsigned long tag_implicit = 0; - char tag_der[MAX_TAG_LEN]; - - is_tag_implicit = 0; - - if (node->type & CONST_TAG) - { - p = node->down; - while (p) - { - if (type_field (p->type) == TYPE_TAG) - { - if (p->type & CONST_APPLICATION) - class = ASN1_CLASS_APPLICATION; - else if (p->type & CONST_UNIVERSAL) - class = ASN1_CLASS_UNIVERSAL; - else if (p->type & CONST_PRIVATE) - class = ASN1_CLASS_PRIVATE; - else - class = ASN1_CLASS_CONTEXT_SPECIFIC; - - if (p->type & CONST_EXPLICIT) - { - if (is_tag_implicit) - MHD__asn1_tag_der (class_implicit, tag_implicit, - (unsigned char *) tag_der, &tag_len); - else - MHD__asn1_tag_der (class | ASN1_CLASS_STRUCTURED, - strtoul ((const char *) p->value, NULL, - 10), - (unsigned char *) tag_der, &tag_len); - - *max_len -= tag_len; - if (*max_len >= 0) - memcpy (der + *counter, tag_der, tag_len); - *counter += tag_len; - - MHD__asn1_ltostr (*counter, (char *) temp); - MHD__asn1_set_name (p, (const char *) temp); - - is_tag_implicit = 0; - } - else - { /* CONST_IMPLICIT */ - if (!is_tag_implicit) - { - if ((type_field (node->type) == TYPE_SEQUENCE) || - (type_field (node->type) == TYPE_SEQUENCE_OF) || - (type_field (node->type) == TYPE_SET) || - (type_field (node->type) == TYPE_SET_OF)) - class |= ASN1_CLASS_STRUCTURED; - class_implicit = class; - tag_implicit = - strtoul ((const char *) p->value, NULL, 10); - is_tag_implicit = 1; - } - } - } - p = p->right; - } - } - - if (is_tag_implicit) - { - MHD__asn1_tag_der (class_implicit, tag_implicit, - (unsigned char *) tag_der, &tag_len); - } - else - { - switch (type_field (node->type)) - { - case TYPE_NULL: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_NULL, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_BOOLEAN: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BOOLEAN, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_INTEGER: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_INTEGER, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_ENUMERATED: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_ENUMERATED, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_OBJECT_ID: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OBJECT_ID, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_TIME: - if (node->type & CONST_UTC) - { - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_UTCTime, - (unsigned char *) tag_der, &tag_len); - } - else - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALIZEDTime, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_OCTET_STRING: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OCTET_STRING, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_GENERALSTRING: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALSTRING, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_BIT_STRING: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BIT_STRING, - (unsigned char *) tag_der, &tag_len); - break; - case TYPE_SEQUENCE: - case TYPE_SEQUENCE_OF: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, - ASN1_TAG_SEQUENCE, (unsigned char *) tag_der, - &tag_len); - break; - case TYPE_SET: - case TYPE_SET_OF: - MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, - ASN1_TAG_SET, (unsigned char *) tag_der, - &tag_len); - break; - case TYPE_TAG: - tag_len = 0; - break; - case TYPE_CHOICE: - tag_len = 0; - break; - case TYPE_ANY: - tag_len = 0; - break; - default: - return ASN1_GENERIC_ERROR; - } - } - - *max_len -= tag_len; - if (*max_len >= 0) - memcpy (der + *counter, tag_der, tag_len); - *counter += tag_len; - - if (*max_len < 0) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - -/******************************************************/ -/* Function : MHD__asn1_ordering_set */ -/* Description: puts the elements of a SET type in */ -/* the correct order according to DER rules. */ -/* Parameters: */ -/* der: string with the DER coding. */ -/* node: pointer to the SET element. */ -/* Return: */ -/******************************************************/ -static void -MHD__asn1_ordering_set (unsigned char *der, int der_len, node_asn * node) -{ - struct vet - { - int end; - uint32_t value; - struct vet *next, *prev; - }; - - int counter, len, len2; - struct vet *first, *last, *p_vet, *p2_vet; - node_asn *p; - unsigned char class, *temp; - unsigned long tag; - - counter = 0; - - if (type_field (node->type) != TYPE_SET) - return; - - p = node->down; - while ((p != NULL) && - ((type_field (p->type) == TYPE_TAG) - || (type_field (p->type) == TYPE_SIZE))) - p = p->right; - - if ((p == NULL) || (p->right == NULL)) - return; - - first = last = NULL; - while (p) - { - p_vet = (struct vet *) MHD__asn1_alloca (sizeof (struct vet)); - if (p_vet == NULL) - return; - - p_vet->next = NULL; - p_vet->prev = last; - if (first == NULL) - first = p_vet; - else - last->next = p_vet; - last = p_vet; - - /* tag value calculation */ - if (MHD__asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return; - p_vet->value = (class << 24) | tag; - counter += len2; - - /* extraction and length */ - len2 = - MHD__asn1_get_length_der (der + counter, der_len - counter, &len); - if (len2 < 0) - return; - counter += len + len2; - - p_vet->end = counter; - p = p->right; - } - - p_vet = first; - - while (p_vet) - { - p2_vet = p_vet->next; - counter = 0; - while (p2_vet) - { - if (p_vet->value > p2_vet->value) - { - /* change position */ - temp = - (unsigned char *) MHD__asn1_alloca (p_vet->end - counter); - if (temp == NULL) - return; - - memcpy (temp, der + counter, p_vet->end - counter); - memcpy (der + counter, der + p_vet->end, - p2_vet->end - p_vet->end); - memcpy (der + counter + p2_vet->end - p_vet->end, temp, - p_vet->end - counter); - MHD__asn1_afree (temp); - - tag = p_vet->value; - p_vet->value = p2_vet->value; - p2_vet->value = tag; - - p_vet->end = counter + (p2_vet->end - p_vet->end); - } - counter = p_vet->end; - - p2_vet = p2_vet->next; - p_vet = p_vet->next; - } - - if (p_vet != first) - p_vet->prev->next = NULL; - else - first = NULL; - MHD__asn1_afree (p_vet); - p_vet = first; - } -} - -/******************************************************/ -/* Function : MHD__asn1_ordering_set_of */ -/* Description: puts the elements of a SET OF type in */ -/* the correct order according to DER rules. */ -/* Parameters: */ -/* der: string with the DER coding. */ -/* node: pointer to the SET OF element. */ -/* Return: */ -/******************************************************/ -static void -MHD__asn1_ordering_set_of (unsigned char *der, int der_len, node_asn * node) -{ - struct vet - { - int end; - struct vet *next, *prev; - }; - - int counter, len, len2, change; - struct vet *first, *last, *p_vet, *p2_vet; - node_asn *p; - unsigned char *temp, class; - unsigned long k, max; - - counter = 0; - - if (type_field (node->type) != TYPE_SET_OF) - return; - - p = node->down; - while ((type_field (p->type) == TYPE_TAG) - || (type_field (p->type) == TYPE_SIZE)) - p = p->right; - p = p->right; - - if ((p == NULL) || (p->right == NULL)) - return; - - first = last = NULL; - while (p) - { - p_vet = (struct vet *) MHD__asn1_alloca (sizeof (struct vet)); - if (p_vet == NULL) - return; - - p_vet->next = NULL; - p_vet->prev = last; - if (first == NULL) - first = p_vet; - else - last->next = p_vet; - last = p_vet; - - /* extraction of tag and length */ - if (der_len - counter > 0) - { - - if (MHD__asn1_get_tag_der - (der + counter, der_len - counter, &class, &len, - NULL) != ASN1_SUCCESS) - return; - counter += len; - - len2 = - MHD__asn1_get_length_der (der + counter, der_len - counter, &len); - if (len2 < 0) - return; - counter += len + len2; - } - - p_vet->end = counter; - p = p->right; - } - - p_vet = first; - - while (p_vet) - { - p2_vet = p_vet->next; - counter = 0; - while (p2_vet) - { - if ((p_vet->end - counter) > (p2_vet->end - p_vet->end)) - max = p_vet->end - counter; - else - max = p2_vet->end - p_vet->end; - - change = -1; - for (k = 0; k < max; k++) - if (der[counter + k] > der[p_vet->end + k]) - { - change = 1; - break; - } - else if (der[counter + k] < der[p_vet->end + k]) - { - change = 0; - break; - } - - if ((change == -1) - && ((p_vet->end - counter) > (p2_vet->end - p_vet->end))) - change = 1; - - if (change == 1) - { - /* change position */ - temp = - (unsigned char *) MHD__asn1_alloca (p_vet->end - counter); - if (temp == NULL) - return; - - memcpy (temp, der + counter, (p_vet->end) - counter); - memcpy (der + counter, der + (p_vet->end), - (p2_vet->end) - (p_vet->end)); - memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp, - (p_vet->end) - counter); - MHD__asn1_afree (temp); - - p_vet->end = counter + (p2_vet->end - p_vet->end); - } - counter = p_vet->end; - - p2_vet = p2_vet->next; - p_vet = p_vet->next; - } - - if (p_vet != first) - p_vet->prev->next = NULL; - else - first = NULL; - MHD__asn1_afree (p_vet); - p_vet = first; - } -} - -/** - * MHD__asn1_der_coding - Creates the DER encoding for the NAME structure - * @element: pointer to an ASN1 element - * @name: the name of the structure you want to encode (it must be - * inside *POINTER). - * @ider: vector that will contain the DER encoding. DER must be a - * pointer to memory cells already allocated. - * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy - * holds the sizeof of der vector. - * @errorDescription : return the error description or an empty - * string if success. - * - * Creates the DER encoding for the NAME structure (inside *POINTER - * structure). - * - * Returns: - * - * ASN1_SUCCESS: DER encoding OK. - * - * ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element. - * - * ASN1_VALUE_NOT_FOUND: There is an element without a value. - * - * ASN1_MEM_ERROR: @ider vector isn't big enough. Also in this case - * LEN will contain the length needed. - * - **/ -MHD__asn1_retCode -MHD__asn1_der_coding (ASN1_TYPE element, const char *name, void *ider, - int *len, char *ErrorDescription) -{ - node_asn *node, *p, *p2; - char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1]; - int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old; - MHD__asn1_retCode err; - unsigned char *der = ider; - - node = MHD__asn1_find_node (element, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - /* Node is now a locally allocated variable. - * That is because in some point we modify the - * structure, and I don't know why! --nmav - */ - node = MHD__asn1_copy_structure3 (node); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - max_len = *len; - - counter = 0; - move = DOWN; - p = node; - while (1) - { - - counter_old = counter; - max_len_old = max_len; - if (move != UP) - { - err = MHD__asn1_insert_tag_der (p, der, &counter, &max_len); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - } - switch (type_field (p->type)) - { - case TYPE_NULL: - max_len--; - if (max_len >= 0) - der[counter] = 0; - counter++; - move = RIGHT; - break; - case TYPE_BOOLEAN: - if ((p->type & CONST_DEFAULT) && (p->value == NULL)) - { - counter = counter_old; - max_len = max_len_old; - } - else - { - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - max_len -= 2; - if (max_len >= 0) - { - der[counter++] = 1; - if (p->value[0] == 'F') - der[counter++] = 0; - else - der[counter++] = 0xFF; - } - else - counter += 2; - } - move = RIGHT; - break; - case TYPE_INTEGER: - case TYPE_ENUMERATED: - if ((p->type & CONST_DEFAULT) && (p->value == NULL)) - { - counter = counter_old; - max_len = max_len_old; - } - else - { - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2 + len3; - if (max_len >= 0) - memcpy (der + counter, p->value, len3 + len2); - counter += len3 + len2; - } - move = RIGHT; - break; - case TYPE_OBJECT_ID: - if ((p->type & CONST_DEFAULT) && (p->value == NULL)) - { - counter = counter_old; - max_len = max_len_old; - } - else - { - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = max_len; - err = MHD__asn1_objectid_der (p->value, der + counter, &len2); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - - max_len -= len2; - counter += len2; - } - move = RIGHT; - break; - case TYPE_TIME: - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = max_len; - err = MHD__asn1_time_der (p->value, der + counter, &len2); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - - max_len -= len2; - counter += len2; - move = RIGHT; - break; - case TYPE_OCTET_STRING: - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2 + len3; - if (max_len >= 0) - memcpy (der + counter, p->value, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_GENERALSTRING: - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2 + len3; - if (max_len >= 0) - memcpy (der + counter, p->value, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_BIT_STRING: - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2 + len3; - if (max_len >= 0) - memcpy (der + counter, p->value, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_SEQUENCE: - case TYPE_SET: - if (move != UP) - { - MHD__asn1_ltostr (counter, temp); - tlen = strlen (temp); - if (tlen > 0) - MHD__asn1_set_value (p, temp, tlen + 1); - if (p->down == NULL) - { - move = UP; - continue; - } - else - { - p2 = p->down; - while (p2 && (type_field (p2->type) == TYPE_TAG)) - p2 = p2->right; - if (p2) - { - p = p2; - move = RIGHT; - continue; - } - move = UP; - continue; - } - } - else - { /* move==UP */ - len2 = strtol ((const char *) p->value, NULL, 10); - MHD__asn1_set_value (p, NULL, 0); - if ((type_field (p->type) == TYPE_SET) && (max_len >= 0)) - MHD__asn1_ordering_set (der + len2, max_len - len2, p); - MHD__asn1_length_der (counter - len2, (unsigned char *) temp, - &len3); - max_len -= len3; - if (max_len >= 0) - { - memmove (der + len2 + len3, der + len2, counter - len2); - memcpy (der + len2, temp, len3); - } - counter += len3; - move = RIGHT; - } - break; - case TYPE_SEQUENCE_OF: - case TYPE_SET_OF: - if (move != UP) - { - MHD__asn1_ltostr (counter, temp); - tlen = strlen (temp); - - if (tlen > 0) - MHD__asn1_set_value (p, temp, tlen + 1); - p = p->down; - while ((type_field (p->type) == TYPE_TAG) - || (type_field (p->type) == TYPE_SIZE)) - p = p->right; - if (p->right) - { - p = p->right; - move = RIGHT; - continue; - } - else - p = MHD__asn1_find_up (p); - move = UP; - } - if (move == UP) - { - len2 = strtol ((const char *) p->value, NULL, 10); - MHD__asn1_set_value (p, NULL, 0); - if ((type_field (p->type) == TYPE_SET_OF) - && (max_len - len2 > 0)) - { - MHD__asn1_ordering_set_of (der + len2, max_len - len2, p); - } - MHD__asn1_length_der (counter - len2, (unsigned char *) temp, - &len3); - max_len -= len3; - if (max_len >= 0) - { - memmove (der + len2 + len3, der + len2, counter - len2); - memcpy (der + len2, temp, len3); - } - counter += len3; - move = RIGHT; - } - break; - case TYPE_ANY: - if (p->value == NULL) - { - MHD__asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2; - if (max_len >= 0) - memcpy (der + counter, p->value + len3, len2); - counter += len2; - move = RIGHT; - break; - default: - move = (move == UP) ? RIGHT : DOWN; - break; - } - - if ((move != DOWN) && (counter != counter_old)) - { - err = MHD__asn1_complete_explicit_tag (p, der, &counter, &max_len); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - } - - if (p == node && move != DOWN) - break; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - *len = counter; - - if (max_len < 0) - { - err = ASN1_MEM_ERROR; - goto error; - } - - err = ASN1_SUCCESS; - -error: - MHD__asn1_delete_structure (&node); - return err; -} diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/decoding.c b/lib/libmicrohttpd/src/daemon/https/minitasn1/decoding.c deleted file mode 100644 index 9a4e23a397..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/decoding.c +++ /dev/null @@ -1,1673 +0,0 @@ -/* - * Copyright (C) 2004, 2006 Free Software Foundation - * Copyright (C) 2002 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - - -/*****************************************************/ -/* File: decoding.c */ -/* Description: Functions to manage DER decoding */ -/*****************************************************/ - -#include <int.h> -#include "parser_aux.h" -#include <gstr.h> -#include "structure.h" -#include "element.h" - - -static void -MHD__asn1_error_description_tag_error (node_asn * node, - char *ErrorDescription) -{ - - Estrcpy (ErrorDescription, ":: tag error near element '"); - MHD__asn1_hierarchical_name (node, - ErrorDescription + strlen (ErrorDescription), - MAX_ERROR_DESCRIPTION_SIZE - 40); - Estrcat (ErrorDescription, "'"); - -} - -/** - * MHD__asn1_get_length_der: - * @der: DER data to decode. - * @der_len: Length of DER data to decode. - * @len: Output variable containing the length of the DER length field. - * - * Extract a length field from DER data. - * - * Return value: Return the decoded length value, or -1 on indefinite - * length, or -2 when the value was too big. - **/ -signed long -MHD__asn1_get_length_der (const unsigned char *der, int der_len, int *len) -{ - unsigned long ans; - int k, punt; - - *len = 0; - if (der_len <= 0) - return 0; - - if (!(der[0] & 128)) - { - /* short form */ - *len = 1; - return der[0]; - } - else - { - /* Long form */ - k = der[0] & 0x7F; - punt = 1; - if (k) - { /* definite length method */ - ans = 0; - while (punt <= k && punt < der_len) - { - unsigned long last = ans; - - ans = ans * 256 + der[punt++]; - if (ans < last) - /* we wrapped around, no bignum support... */ - return -2; - } - } - else - { /* indefinite length method */ - ans = -1; - } - - *len = punt; - return ans; - } -} - - - - -/** - * MHD__asn1_get_tag_der: - * @der: DER data to decode. - * @der_len: Length of DER data to decode. - * @cls: Output variable containing decoded class. - * @len: Output variable containing the length of the DER TAG data. - * @tag: Output variable containing the decoded tag. - * - * Decode the class and TAG from DER code. - * - * Return value: Returns ASN1_SUCCESS on success, or an error. - **/ -int -MHD__asn1_get_tag_der (const unsigned char *der, int der_len, - unsigned char *cls, int *len, unsigned long *tag) -{ - int punt, ris; - - if (der == NULL || der_len <= 0 || len == NULL) - return ASN1_DER_ERROR; - - *cls = der[0] & 0xE0; - if ((der[0] & 0x1F) != 0x1F) - { - /* short form */ - *len = 1; - ris = der[0] & 0x1F; - } - else - { - /* Long form */ - punt = 1; - ris = 0; - while (punt <= der_len && der[punt] & 128) - { - int last = ris; - ris = ris * 128 + (der[punt++] & 0x7F); - if (ris < last) - /* wrapper around, and no bignums... */ - return ASN1_DER_ERROR; - } - if (punt >= der_len) - return ASN1_DER_ERROR; - { - int last = ris; - ris = ris * 128 + (der[punt++] & 0x7F); - if (ris < last) - /* wrapper around, and no bignums... */ - return ASN1_DER_ERROR; - } - *len = punt; - } - if (tag) - *tag = ris; - return ASN1_SUCCESS; -} - - - - -/** - * MHD__asn1_get_octet_der: - * @der: DER data to decode containing the OCTET SEQUENCE. - * @der_len: Length of DER data to decode. - * @ret_len: Output variable containing the length of the DER data. - * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in. - * @str_size: Length of pre-allocated output buffer. - * @str_len: Output variable containing the length of the OCTET SEQUENCE. - * - * Extract an OCTET SEQUENCE from DER data. - * - * Return value: Returns ASN1_SUCCESS on success, or an error. - **/ -int -MHD__asn1_get_octet_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, int str_size, - int *str_len) -{ - int len_len; - - if (der_len <= 0) - return ASN1_GENERIC_ERROR; - - /* if(str==NULL) return ASN1_SUCCESS; */ - *str_len = MHD__asn1_get_length_der (der, der_len, &len_len); - - if (*str_len < 0) - return ASN1_DER_ERROR; - - *ret_len = *str_len + len_len; - if (str_size >= *str_len) - memcpy (str, der + len_len, *str_len); - else - { - return ASN1_MEM_ERROR; - } - - return ASN1_SUCCESS; -} - - - -/* Returns ASN1_SUCCESS on success or an error code on error. - */ -static int -MHD__asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len, - char *str, int str_size) -{ - int len_len, str_len; - - if (der_len <= 0 || str == NULL) - return ASN1_DER_ERROR; - str_len = MHD__asn1_get_length_der (der, der_len, &len_len); - if (str_len < 0 || str_size < str_len) - return ASN1_DER_ERROR; - memcpy (str, der + len_len, str_len); - str[str_len] = 0; - *ret_len = str_len + len_len; - - return ASN1_SUCCESS; -} - - - -static void -MHD__asn1_get_objectid_der (const unsigned char *der, int der_len, - int *ret_len, char *str, int str_size) -{ - int len_len, len, k; - char temp[20]; - unsigned long val, val1; - - *ret_len = 0; - if (str && str_size > 0) - str[0] = 0; /* no oid */ - - if (str == NULL || der_len <= 0) - return; - len = MHD__asn1_get_length_der (der, der_len, &len_len); - - if (len < 0 || len > der_len || len_len > der_len) - return; - - val1 = der[len_len] / 40; - val = der[len_len] - val1 * 40; - - MHD__asn1_str_cpy (str, str_size, MHD__asn1_ltostr (val1, temp)); - MHD__asn1_str_cat (str, str_size, "."); - MHD__asn1_str_cat (str, str_size, MHD__asn1_ltostr (val, temp)); - - val = 0; - for (k = 1; k < len; k++) - { - val = val << 7; - val |= der[len_len + k] & 0x7F; - if (!(der[len_len + k] & 0x80)) - { - MHD__asn1_str_cat (str, str_size, "."); - MHD__asn1_str_cat (str, str_size, MHD__asn1_ltostr (val, temp)); - val = 0; - } - } - *ret_len = len + len_len; -} - - - - -/** - * MHD__asn1_get_bit_der: - * @der: DER data to decode containing the BIT SEQUENCE. - * @der_len: Length of DER data to decode. - * @ret_len: Output variable containing the length of the DER data. - * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in. - * @str_size: Length of pre-allocated output buffer. - * @bit_len: Output variable containing the size of the BIT SEQUENCE. - * - * Extract a BIT SEQUENCE from DER data. - * - * Return value: Return ASN1_SUCCESS on success, or an error. - **/ -int -MHD__asn1_get_bit_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, int str_size, - int *bit_len) -{ - int len_len, len_byte; - - if (der_len <= 0) - return ASN1_GENERIC_ERROR; - len_byte = MHD__asn1_get_length_der (der, der_len, &len_len) - 1; - if (len_byte < 0) - return ASN1_DER_ERROR; - - *ret_len = len_byte + len_len + 1; - *bit_len = len_byte * 8 - der[len_len]; - - if (str_size >= len_byte) - memcpy (str, der + len_len + 1, len_byte); - else - { - return ASN1_MEM_ERROR; - } - - return ASN1_SUCCESS; -} - - - - -static int -MHD__asn1_extract_tag_der (node_asn * node, const unsigned char *der, - int der_len, int *ret_len) -{ - node_asn *p; - int counter, len2, len3, is_tag_implicit; - unsigned long tag, tag_implicit = 0; - unsigned char class, class2, class_implicit = 0; - - if (der_len <= 0) - return ASN1_GENERIC_ERROR; - - counter = is_tag_implicit = 0; - - if (node->type & CONST_TAG) - { - p = node->down; - while (p) - { - if (type_field (p->type) == TYPE_TAG) - { - if (p->type & CONST_APPLICATION) - class2 = ASN1_CLASS_APPLICATION; - else if (p->type & CONST_UNIVERSAL) - class2 = ASN1_CLASS_UNIVERSAL; - else if (p->type & CONST_PRIVATE) - class2 = ASN1_CLASS_PRIVATE; - else - class2 = ASN1_CLASS_CONTEXT_SPECIFIC; - - if (p->type & CONST_EXPLICIT) - { - if (MHD__asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > der_len) - return ASN1_DER_ERROR; - counter += len2; - len3 = - MHD__asn1_get_length_der (der + counter, - der_len - counter, &len2); - if (len3 < 0) - return ASN1_DER_ERROR; - counter += len2; - if (!is_tag_implicit) - { - if ((class != (class2 | ASN1_CLASS_STRUCTURED)) || - (tag != strtoul ((char *) p->value, NULL, 10))) - return ASN1_TAG_ERROR; - } - else - { /* ASN1_TAG_IMPLICIT */ - if ((class != class_implicit) || (tag != tag_implicit)) - return ASN1_TAG_ERROR; - } - - is_tag_implicit = 0; - } - else - { /* ASN1_TAG_IMPLICIT */ - if (!is_tag_implicit) - { - if ((type_field (node->type) == TYPE_SEQUENCE) || - (type_field (node->type) == TYPE_SEQUENCE_OF) || - (type_field (node->type) == TYPE_SET) || - (type_field (node->type) == TYPE_SET_OF)) - class2 |= ASN1_CLASS_STRUCTURED; - class_implicit = class2; - tag_implicit = strtoul ((char *) p->value, NULL, 10); - is_tag_implicit = 1; - } - } - } - p = p->right; - } - } - - if (is_tag_implicit) - { - if (MHD__asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > der_len) - return ASN1_DER_ERROR; - - if ((class != class_implicit) || (tag != tag_implicit)) - { - if (type_field (node->type) == TYPE_OCTET_STRING) - { - class_implicit |= ASN1_CLASS_STRUCTURED; - if ((class != class_implicit) || (tag != tag_implicit)) - return ASN1_TAG_ERROR; - } - else - return ASN1_TAG_ERROR; - } - } - else - { - if (type_field (node->type) == TYPE_TAG) - { - counter = 0; - *ret_len = counter; - return ASN1_SUCCESS; - } - - if (MHD__asn1_get_tag_der - (der + counter, der_len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > der_len) - return ASN1_DER_ERROR; - - switch (type_field (node->type)) - { - case TYPE_NULL: - if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_NULL)) - return ASN1_DER_ERROR; - break; - case TYPE_BOOLEAN: - if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BOOLEAN)) - return ASN1_DER_ERROR; - break; - case TYPE_INTEGER: - if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_INTEGER)) - return ASN1_DER_ERROR; - break; - case TYPE_ENUMERATED: - if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_ENUMERATED)) - return ASN1_DER_ERROR; - break; - case TYPE_OBJECT_ID: - if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_OBJECT_ID)) - return ASN1_DER_ERROR; - break; - case TYPE_TIME: - if (node->type & CONST_UTC) - { - if ((class != ASN1_CLASS_UNIVERSAL) - || (tag != ASN1_TAG_UTCTime)) - return ASN1_DER_ERROR; - } - else - { - if ((class != ASN1_CLASS_UNIVERSAL) - || (tag != ASN1_TAG_GENERALIZEDTime)) - return ASN1_DER_ERROR; - } - break; - case TYPE_OCTET_STRING: - if (((class != ASN1_CLASS_UNIVERSAL) - && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))) - || (tag != ASN1_TAG_OCTET_STRING)) - return ASN1_DER_ERROR; - break; - case TYPE_GENERALSTRING: - if ((class != ASN1_CLASS_UNIVERSAL) - || (tag != ASN1_TAG_GENERALSTRING)) - return ASN1_DER_ERROR; - break; - case TYPE_BIT_STRING: - if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BIT_STRING)) - return ASN1_DER_ERROR; - break; - case TYPE_SEQUENCE: - case TYPE_SEQUENCE_OF: - if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)) - || (tag != ASN1_TAG_SEQUENCE)) - return ASN1_DER_ERROR; - break; - case TYPE_SET: - case TYPE_SET_OF: - if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)) - || (tag != ASN1_TAG_SET)) - return ASN1_DER_ERROR; - break; - case TYPE_ANY: - counter -= len2; - break; - default: - return ASN1_DER_ERROR; - break; - } - } - - counter += len2; - *ret_len = counter; - return ASN1_SUCCESS; -} - - -static int -MHD__asn1_delete_not_used (node_asn * node) -{ - node_asn *p, *p2; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if (p->type & CONST_NOT_USED) - { - p2 = NULL; - if (p != node) - { - p2 = MHD__asn1_find_left (p); - if (!p2) - p2 = MHD__asn1_find_up (p); - } - MHD__asn1_delete_structure (&p); - p = p2; - } - - if (!p) - break; /* reach node */ - - if (p->down) - { - p = p->down; - } - else - { - if (p == node) - p = NULL; - else if (p->right) - p = p->right; - else - { - while (1) - { - p = MHD__asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p->right) - { - p = p->right; - break; - } - } - } - } - } - return ASN1_SUCCESS; -} - - -static MHD__asn1_retCode -MHD__asn1_get_octet_string (const unsigned char *der, node_asn * node, - int *len) -{ - int len2, len3, counter, counter2, counter_end, tot_len, indefinite; - unsigned char *temp, *temp2; - - counter = 0; - - if (*(der - 1) & ASN1_CLASS_STRUCTURED) - { - tot_len = 0; - indefinite = MHD__asn1_get_length_der (der, *len, &len3); - if (indefinite < -1) - return ASN1_DER_ERROR; - - counter += len3; - if (indefinite >= 0) - indefinite += len3; - - while (1) - { - if (counter > (*len)) - return ASN1_DER_ERROR; - - if (indefinite == -1) - { - if ((der[counter] == 0) && (der[counter + 1] == 0)) - { - counter += 2; - break; - } - } - else if (counter >= indefinite) - break; - - if (der[counter] != ASN1_TAG_OCTET_STRING) - return ASN1_DER_ERROR; - - counter++; - - len2 = - MHD__asn1_get_length_der (der + counter, *len - counter, &len3); - if (len2 <= 0) - return ASN1_DER_ERROR; - - counter += len3 + len2; - tot_len += len2; - } - - /* copy */ - if (node) - { - MHD__asn1_length_der (tot_len, NULL, &len2); - temp = MHD__asn1_alloca (len2 + tot_len); - if (temp == NULL) - { - return ASN1_MEM_ALLOC_ERROR; - } - - MHD__asn1_length_der (tot_len, temp, &len2); - tot_len += len2; - temp2 = temp + len2; - len2 = MHD__asn1_get_length_der (der, *len, &len3); - if (len2 < -1) - { - MHD__asn1_afree (temp); - return ASN1_DER_ERROR; - } - counter2 = len3 + 1; - - if (indefinite == -1) - counter_end = counter - 2; - else - counter_end = counter; - - while (counter2 < counter_end) - { - len2 = - MHD__asn1_get_length_der (der + counter2, *len - counter, - &len3); - if (len2 < -1) - { - MHD__asn1_afree (temp); - return ASN1_DER_ERROR; - } - - /* FIXME: to be checked. Is this ok? Has the - * size been checked before? - */ - memcpy (temp2, der + counter2 + len3, len2); - temp2 += len2; - counter2 += len2 + len3 + 1; - } - - MHD__asn1_set_value (node, temp, tot_len); - MHD__asn1_afree (temp); - } - } - else - { /* NOT STRUCTURED */ - len2 = MHD__asn1_get_length_der (der, *len, &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - if (len3 + len2 > *len) - return ASN1_DER_ERROR; - if (node) - MHD__asn1_set_value (node, der, len3 + len2); - counter = len3 + len2; - } - - *len = counter; - return ASN1_SUCCESS; - -} - - -static MHD__asn1_retCode -MHD__asn1_get_indefinite_length_string (const unsigned char *der, int *len) -{ - int len2, len3, counter, indefinite; - unsigned long tag; - unsigned char class; - - counter = indefinite = 0; - - while (1) - { - if ((*len) < counter) - return ASN1_DER_ERROR; - - if ((der[counter] == 0) && (der[counter + 1] == 0)) - { - counter += 2; - indefinite--; - if (indefinite <= 0) - break; - else - continue; - } - - if (MHD__asn1_get_tag_der - (der + counter, *len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > *len) - return ASN1_DER_ERROR; - counter += len2; - len2 = MHD__asn1_get_length_der (der + counter, *len - counter, &len3); - if (len2 < -1) - return ASN1_DER_ERROR; - if (len2 == -1) - { - indefinite++; - counter += 1; - } - else - { - counter += len2 + len3; - } - } - - *len = counter; - return ASN1_SUCCESS; - -} - - -/** - * MHD__asn1_der_decoding - Fill the structure *ELEMENT with values of a DER encoding string. - * @element: pointer to an ASN1 structure. - * @ider: vector that contains the DER encoding. - * @len: number of bytes of *@ider: @ider[0]..@ider[len-1]. - * @errorDescription: null-terminated string contains details when an - * error occurred. - * - * Fill the structure *ELEMENT with values of a DER encoding - * string. The sructure must just be created with function - * 'create_stucture'. If an error occurs during the decoding - * procedure, the *ELEMENT is deleted and set equal to - * %ASN1_TYPE_EMPTY. - * - * Returns: - * - * ASN1_SUCCESS: DER encoding OK. - * - * ASN1_ELEMENT_NOT_FOUND: ELEMENT is ASN1_TYPE_EMPTY. - * - * ASN1_TAG_ERROR,ASN1_DER_ERROR: The der encoding doesn't match - * the structure NAME. *ELEMENT deleted. - **/ - -MHD__asn1_retCode -MHD__asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len, - char *errorDescription) -{ - node_asn *node, *p, *p2, *p3; - char temp[128]; - int counter, len2, len3, len4, move, ris, tlen; - unsigned char class, *temp2; - unsigned long tag; - int indefinite, result; - const unsigned char *der = ider; - - node = *element; - - if (node == ASN1_TYPE_EMPTY) - return ASN1_ELEMENT_NOT_FOUND; - - if (node->type & CONST_OPTION) - { - MHD__asn1_delete_structure (element); - return ASN1_GENERIC_ERROR; - } - - counter = 0; - move = DOWN; - p = node; - while (1) - { - ris = ASN1_SUCCESS; - if (move != UP) - { - if (p->type & CONST_SET) - { - p2 = MHD__asn1_find_up (p); - len2 = strtol ((const char *) p2->value, NULL, 10); - if (len2 == -1) - { - if (!der[counter] && !der[counter + 1]) - { - p = p2; - move = UP; - counter += 2; - continue; - } - } - else if (counter == len2) - { - p = p2; - move = UP; - continue; - } - else if (counter > len2) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - p2 = p2->down; - while (p2) - { - if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) - { - if (type_field (p2->type) != TYPE_CHOICE) - ris = - MHD__asn1_extract_tag_der (p2, der + counter, - len - counter, &len2); - else - { - p3 = p2->down; - while (p3) - { - ris = - MHD__asn1_extract_tag_der (p3, der + counter, - len - counter, - &len2); - if (ris == ASN1_SUCCESS) - break; - p3 = p3->right; - } - } - if (ris == ASN1_SUCCESS) - { - p2->type &= ~CONST_NOT_USED; - p = p2; - break; - } - } - p2 = p2->right; - } - if (p2 == NULL) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - } - - if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) - { - p2 = MHD__asn1_find_up (p); - len2 = strtol ((const char *) p2->value, NULL, 10); - if (counter == len2) - { - if (p->right) - { - p2 = p->right; - move = RIGHT; - } - else - move = UP; - - if (p->type & CONST_OPTION) - MHD__asn1_delete_structure (&p); - - p = p2; - continue; - } - } - - if (type_field (p->type) == TYPE_CHOICE) - { - while (p->down) - { - if (counter < len) - ris = - MHD__asn1_extract_tag_der (p->down, der + counter, - len - counter, &len2); - else - ris = ASN1_DER_ERROR; - if (ris == ASN1_SUCCESS) - { - while (p->down->right) - { - p2 = p->down->right; - MHD__asn1_delete_structure (&p2); - } - break; - } - else if (ris == ASN1_ERROR_TYPE_ANY) - { - MHD__asn1_delete_structure (element); - return ASN1_ERROR_TYPE_ANY; - } - else - { - p2 = p->down; - MHD__asn1_delete_structure (&p2); - } - } - - if (p->down == NULL) - { - if (!(p->type & CONST_OPTION)) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - } - else - p = p->down; - } - - if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) - { - p2 = MHD__asn1_find_up (p); - len2 = strtol ((const char *) p2->value, NULL, 10); - if ((len2 != -1) && (counter > len2)) - ris = ASN1_TAG_ERROR; - } - - if (ris == ASN1_SUCCESS) - ris = - MHD__asn1_extract_tag_der (p, der + counter, len - counter, - &len2); - if (ris != ASN1_SUCCESS) - { - if (p->type & CONST_OPTION) - { - p->type |= CONST_NOT_USED; - move = RIGHT; - } - else if (p->type & CONST_DEFAULT) - { - MHD__asn1_set_value (p, NULL, 0); - move = RIGHT; - } - else - { - if (errorDescription != NULL) - MHD__asn1_error_description_tag_error (p, - errorDescription); - - MHD__asn1_delete_structure (element); - return ASN1_TAG_ERROR; - } - } - else - counter += len2; - } - - if (ris == ASN1_SUCCESS) - { - switch (type_field (p->type)) - { - case TYPE_NULL: - if (der[counter]) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - counter++; - move = RIGHT; - break; - case TYPE_BOOLEAN: - if (der[counter++] != 1) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - if (der[counter++] == 0) - MHD__asn1_set_value (p, "F", 1); - else - MHD__asn1_set_value (p, "T", 1); - move = RIGHT; - break; - case TYPE_INTEGER: - case TYPE_ENUMERATED: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - if (len2 + len3 > len - counter) - return ASN1_DER_ERROR; - MHD__asn1_set_value (p, der + counter, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_OBJECT_ID: - MHD__asn1_get_objectid_der (der + counter, len - counter, &len2, - temp, sizeof (temp)); - tlen = strlen (temp); - if (tlen > 0) - MHD__asn1_set_value (p, temp, tlen + 1); - counter += len2; - move = RIGHT; - break; - case TYPE_TIME: - result = - MHD__asn1_get_time_der (der + counter, len - counter, &len2, - temp, sizeof (temp) - 1); - if (result != ASN1_SUCCESS) - { - MHD__asn1_delete_structure (element); - return result; - } - tlen = strlen (temp); - if (tlen > 0) - MHD__asn1_set_value (p, temp, tlen + 1); - counter += len2; - move = RIGHT; - break; - case TYPE_OCTET_STRING: - len3 = len - counter; - ris = MHD__asn1_get_octet_string (der + counter, p, &len3); - if (ris != ASN1_SUCCESS) - return ris; - counter += len3; - move = RIGHT; - break; - case TYPE_GENERALSTRING: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - if (len3 + len2 > len - counter) - return ASN1_DER_ERROR; - MHD__asn1_set_value (p, der + counter, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_BIT_STRING: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - if (len3 + len2 > len - counter) - return ASN1_DER_ERROR; - MHD__asn1_set_value (p, der + counter, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_SEQUENCE: - case TYPE_SET: - if (move == UP) - { - len2 = strtol ((const char *) p->value, NULL, 10); - MHD__asn1_set_value (p, NULL, 0); - if (len2 == -1) - { /* indefinite length method */ - if (len - counter + 1 > 0) - { - if ((der[counter]) || der[counter + 1]) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - } - else - return ASN1_DER_ERROR; - counter += 2; - } - else - { /* definite length method */ - if (len2 != counter) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - } - move = RIGHT; - } - else - { /* move==DOWN || move==RIGHT */ - len3 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len2); - if (len3 < -1) - return ASN1_DER_ERROR; - counter += len2; - if (len3 > 0) - { - MHD__asn1_ltostr (counter + len3, temp); - tlen = strlen (temp); - if (tlen > 0) - MHD__asn1_set_value (p, temp, tlen + 1); - move = DOWN; - } - else if (len3 == 0) - { - p2 = p->down; - while (p2) - { - if (type_field (p2->type) != TYPE_TAG) - { - p3 = p2->right; - MHD__asn1_delete_structure (&p2); - p2 = p3; - } - else - p2 = p2->right; - } - move = RIGHT; - } - else - { /* indefinite length method */ - MHD__asn1_set_value (p, "-1", 3); - move = DOWN; - } - } - break; - case TYPE_SEQUENCE_OF: - case TYPE_SET_OF: - if (move == UP) - { - len2 = strtol ((const char *) p->value, NULL, 10); - if (len2 == -1) - { /* indefinite length method */ - if ((counter + 2) > len) - return ASN1_DER_ERROR; - if ((der[counter]) || der[counter + 1]) - { - MHD__asn1_append_sequence_set (p); - p = p->down; - while (p->right) - p = p->right; - move = RIGHT; - continue; - } - MHD__asn1_set_value (p, NULL, 0); - counter += 2; - } - else - { /* definite length method */ - if (len2 > counter) - { - MHD__asn1_append_sequence_set (p); - p = p->down; - while (p->right) - p = p->right; - move = RIGHT; - continue; - } - MHD__asn1_set_value (p, NULL, 0); - if (len2 != counter) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - } - } - else - { /* move==DOWN || move==RIGHT */ - len3 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len2); - if (len3 < -1) - return ASN1_DER_ERROR; - counter += len2; - if (len3) - { - if (len3 > 0) - { /* definite length method */ - MHD__asn1_ltostr (counter + len3, temp); - tlen = strlen (temp); - - if (tlen > 0) - MHD__asn1_set_value (p, temp, tlen + 1); - } - else - { /* indefinite length method */ - MHD__asn1_set_value (p, "-1", 3); - } - p2 = p->down; - while ((type_field (p2->type) == TYPE_TAG) - || (type_field (p2->type) == TYPE_SIZE)) - p2 = p2->right; - if (p2->right == NULL) - MHD__asn1_append_sequence_set (p); - p = p2; - } - } - move = RIGHT; - break; - case TYPE_ANY: - if (MHD__asn1_get_tag_der - (der + counter, len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > len) - return ASN1_DER_ERROR; - len4 = - MHD__asn1_get_length_der (der + counter + len2, - len - counter - len2, &len3); - if (len4 < -1) - return ASN1_DER_ERROR; - if (len4 > len - counter + len2 + len3) - return ASN1_DER_ERROR; - if (len4 != -1) - { - len2 += len4; - MHD__asn1_length_der (len2 + len3, NULL, &len4); - temp2 = - (unsigned char *) MHD__asn1_alloca (len2 + len3 + len4); - if (temp2 == NULL) - { - MHD__asn1_delete_structure (element); - return ASN1_MEM_ALLOC_ERROR; - } - - MHD__asn1_octet_der (der + counter, len2 + len3, temp2, - &len4); - MHD__asn1_set_value (p, temp2, len4); - MHD__asn1_afree (temp2); - counter += len2 + len3; - } - else - { /* indefinite length */ - /* Check indefinite lenth method in an EXPLICIT TAG */ - if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80)) - indefinite = 1; - else - indefinite = 0; - - len2 = len - counter; - ris = - MHD__asn1_get_indefinite_length_string (der + counter, - &len2); - if (ris != ASN1_SUCCESS) - { - MHD__asn1_delete_structure (element); - return ris; - } - MHD__asn1_length_der (len2, NULL, &len4); - temp2 = (unsigned char *) MHD__asn1_alloca (len2 + len4); - if (temp2 == NULL) - { - MHD__asn1_delete_structure (element); - return ASN1_MEM_ALLOC_ERROR; - } - - MHD__asn1_octet_der (der + counter, len2, temp2, &len4); - MHD__asn1_set_value (p, temp2, len4); - MHD__asn1_afree (temp2); - counter += len2; - - /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with - an indefinite length method. */ - if (indefinite) - { - if (!der[counter] && !der[counter + 1]) - { - counter += 2; - } - else - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - } - } - move = RIGHT; - break; - default: - move = (move == UP) ? RIGHT : DOWN; - break; - } - } - - if (p == node && move != DOWN) - break; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - if ((move == RIGHT) && !(p->type & CONST_SET)) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - MHD__asn1_delete_not_used (*element); - - if (counter != len) - { - MHD__asn1_delete_structure (element); - return ASN1_DER_ERROR; - } - - return ASN1_SUCCESS; -} - - -/** - * MHD__asn1_der_decoding_startEnd - Find the start and end point of an element in a DER encoding string. - * @element: pointer to an ASN1 element - * @ider: vector that contains the DER encoding. - * @len: number of bytes of *@ider: @ider[0]..@ider[len-1] - * @name_element: an element of NAME structure. - * @start: the position of the first byte of NAME_ELEMENT decoding - * (@ider[*start]) - * @end: the position of the last byte of NAME_ELEMENT decoding - * (@ider[*end]) - * - * Find the start and end point of an element in a DER encoding - * string. I mean that if you have a der encoding and you have - * already used the function "MHD__asn1_der_decoding" to fill a structure, - * it may happen that you want to find the piece of string concerning - * an element of the structure. - * - * Example: the sequence "tbsCertificate" inside an X509 certificate. - * - * Returns: - * - * ASN1_SUCCESS: DER encoding OK. - * - * ASN1_ELEMENT_NOT_FOUND: ELEMENT is ASN1_TYPE EMPTY or - * NAME_ELEMENT is not a valid element. - * - * ASN1_TAG_ERROR,ASN1_DER_ERROR: the der encoding doesn't match - * the structure ELEMENT. - * - **/ -MHD__asn1_retCode -MHD__asn1_der_decoding_startEnd (ASN1_TYPE element, const void *ider, int len, - const char *name_element, int *start, - int *end) -{ - node_asn *node, *node_to_find, *p, *p2, *p3; - int counter, len2, len3, len4, move, ris; - unsigned char class; - unsigned long tag; - int indefinite; - const unsigned char *der = ider; - - node = element; - - if (node == ASN1_TYPE_EMPTY) - return ASN1_ELEMENT_NOT_FOUND; - - node_to_find = MHD__asn1_find_node (node, name_element); - - if (node_to_find == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - if (node_to_find == node) - { - *start = 0; - *end = len - 1; - return ASN1_SUCCESS; - } - - if (node->type & CONST_OPTION) - return ASN1_GENERIC_ERROR; - - counter = 0; - move = DOWN; - p = node; - while (1) - { - ris = ASN1_SUCCESS; - - if (move != UP) - { - if (p->type & CONST_SET) - { - p2 = MHD__asn1_find_up (p); - len2 = strtol ((const char *) p2->value, NULL, 10); - if (len2 == -1) - { - if (!der[counter] && !der[counter + 1]) - { - p = p2; - move = UP; - counter += 2; - continue; - } - } - else if (counter == len2) - { - p = p2; - move = UP; - continue; - } - else if (counter > len2) - return ASN1_DER_ERROR; - p2 = p2->down; - while (p2) - { - if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) - { /* CONTROLLARE */ - if (type_field (p2->type) != TYPE_CHOICE) - ris = - MHD__asn1_extract_tag_der (p2, der + counter, - len - counter, &len2); - else - { - p3 = p2->down; - ris = - MHD__asn1_extract_tag_der (p3, der + counter, - len - counter, &len2); - } - if (ris == ASN1_SUCCESS) - { - p2->type &= ~CONST_NOT_USED; - p = p2; - break; - } - } - p2 = p2->right; - } - if (p2 == NULL) - return ASN1_DER_ERROR; - } - - if (p == node_to_find) - *start = counter; - - if (type_field (p->type) == TYPE_CHOICE) - { - p = p->down; - ris = - MHD__asn1_extract_tag_der (p, der + counter, len - counter, - &len2); - if (p == node_to_find) - *start = counter; - } - - if (ris == ASN1_SUCCESS) - ris = - MHD__asn1_extract_tag_der (p, der + counter, len - counter, - &len2); - if (ris != ASN1_SUCCESS) - { - if (p->type & CONST_OPTION) - { - p->type |= CONST_NOT_USED; - move = RIGHT; - } - else if (p->type & CONST_DEFAULT) - { - move = RIGHT; - } - else - { - return ASN1_TAG_ERROR; - } - } - else - counter += len2; - } - - if (ris == ASN1_SUCCESS) - { - switch (type_field (p->type)) - { - case TYPE_NULL: - if (der[counter]) - return ASN1_DER_ERROR; - counter++; - move = RIGHT; - break; - case TYPE_BOOLEAN: - if (der[counter++] != 1) - return ASN1_DER_ERROR; - counter++; - move = RIGHT; - break; - case TYPE_INTEGER: - case TYPE_ENUMERATED: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_OBJECT_ID: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - counter += len2 + len3; - move = RIGHT; - break; - case TYPE_TIME: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - counter += len2 + len3; - move = RIGHT; - break; - case TYPE_OCTET_STRING: - len3 = len - counter; - ris = MHD__asn1_get_octet_string (der + counter, NULL, &len3); - if (ris != ASN1_SUCCESS) - return ris; - counter += len3; - move = RIGHT; - break; - case TYPE_GENERALSTRING: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_BIT_STRING: - len2 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - counter += len3 + len2; - move = RIGHT; - break; - case TYPE_SEQUENCE: - case TYPE_SET: - if (move != UP) - { - len3 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len2); - if (len3 < -1) - return ASN1_DER_ERROR; - counter += len2; - if (len3 == 0) - move = RIGHT; - else - move = DOWN; - } - else - { - if (!der[counter] && !der[counter + 1]) /* indefinite length method */ - counter += 2; - move = RIGHT; - } - break; - case TYPE_SEQUENCE_OF: - case TYPE_SET_OF: - if (move != UP) - { - len3 = - MHD__asn1_get_length_der (der + counter, len - counter, - &len2); - if (len3 < -1) - return ASN1_DER_ERROR; - counter += len2; - if ((len3 == -1) && !der[counter] && !der[counter + 1]) - counter += 2; - else if (len3) - { - p2 = p->down; - while ((type_field (p2->type) == TYPE_TAG) || - (type_field (p2->type) == TYPE_SIZE)) - p2 = p2->right; - p = p2; - } - } - else - { - if (!der[counter] && !der[counter + 1]) /* indefinite length method */ - counter += 2; - } - move = RIGHT; - break; - case TYPE_ANY: - if (MHD__asn1_get_tag_der - (der + counter, len - counter, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - if (counter + len2 > len) - return ASN1_DER_ERROR; - - len4 = - MHD__asn1_get_length_der (der + counter + len2, - len - counter - len2, &len3); - if (len4 < -1) - return ASN1_DER_ERROR; - - if (len4 != -1) - { - counter += len2 + len4 + len3; - } - else - { /* indefinite length */ - /* Check indefinite lenth method in an EXPLICIT TAG */ - if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80)) - indefinite = 1; - else - indefinite = 0; - - len2 = len - counter; - ris = - MHD__asn1_get_indefinite_length_string (der + counter, - &len2); - if (ris != ASN1_SUCCESS) - return ris; - counter += len2; - - /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with - an indefinite length method. */ - if (indefinite) - { - if (!der[counter] && !der[counter + 1]) - counter += 2; - else - return ASN1_DER_ERROR; - } - } - move = RIGHT; - break; - default: - move = (move == UP) ? RIGHT : DOWN; - break; - } - } - - if ((p == node_to_find) && (move == RIGHT)) - { - *end = counter - 1; - return ASN1_SUCCESS; - } - - if (p == node && move != DOWN) - break; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - if ((move == RIGHT) && !(p->type & CONST_SET)) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - return ASN1_ELEMENT_NOT_FOUND; -} diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/element.c b/lib/libmicrohttpd/src/daemon/https/minitasn1/element.c deleted file mode 100644 index 4834c604a7..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/element.c +++ /dev/null @@ -1,902 +0,0 @@ -/* - * Copyright (C) 2004, 2006 Free Software Foundation - * Copyright (C) 2000, 2001, 2002, 2003 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -/*****************************************************/ -/* File: element.c */ -/* Description: Functions with the read and write */ -/* functions. */ -/*****************************************************/ - - -#include <int.h> -#include "parser_aux.h" -#include <gstr.h> -#include "structure.h" - -void -MHD__asn1_hierarchical_name (node_asn * node, char *name, int name_size) -{ - node_asn *p; - char tmp_name[64]; - - p = node; - - name[0] = 0; - - while (p != NULL) - { - if (p->name != NULL) - { - MHD__asn1_str_cpy (tmp_name, sizeof (tmp_name), name), - MHD__asn1_str_cpy (name, name_size, p->name); - MHD__asn1_str_cat (name, name_size, "."); - MHD__asn1_str_cat (name, name_size, tmp_name); - } - p = MHD__asn1_find_up (p); - } - - if (name[0] == 0) - MHD__asn1_str_cpy (name, name_size, "ROOT"); -} - - -/******************************************************************/ -/* Function : MHD__asn1_convert_integer */ -/* Description: converts an integer from a null terminated string */ -/* to der decoding. The convertion from a null */ -/* terminated string to an integer is made with */ -/* the 'strtol' function. */ -/* Parameters: */ -/* value: null terminated string to convert. */ -/* value_out: convertion result (memory must be already */ -/* allocated). */ -/* value_out_size: number of bytes of value_out. */ -/* len: number of significant byte of value_out. */ -/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */ -/******************************************************************/ -MHD__asn1_retCode -MHD__asn1_convert_integer (const char *value, unsigned char *value_out, - int value_out_size, int *len) -{ - char negative; - unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; - long valtmp; - int k, k2; - - valtmp = strtol (value, NULL, 10); - - for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) - { - val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF; - } - - if (val[0] & 0x80) - negative = 1; - else - negative = 0; - - for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) - { - if (negative && (val[k] != 0xFF)) - break; - else if (!negative && val[k]) - break; - } - - if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80))) - k--; - - *len = SIZEOF_UNSIGNED_LONG_INT - k; - - if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size) - /* VALUE_OUT is too short to contain the value conversion */ - return ASN1_MEM_ERROR; - - for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) - value_out[k2 - k] = val[k2]; - - return ASN1_SUCCESS; -} - - -int -MHD__asn1_append_sequence_set (node_asn * node) -{ - node_asn *p, *p2; - char temp[10]; - long n; - - if (!node || !(node->down)) - return ASN1_GENERIC_ERROR; - - p = node->down; - while ((type_field (p->type) == TYPE_TAG) - || (type_field (p->type) == TYPE_SIZE)) - p = p->right; - p2 = MHD__asn1_copy_structure3 (p); - while (p->right) - p = p->right; - MHD__asn1_set_right (p, p2); - - if (p->name == NULL) - MHD__asn1_str_cpy (temp, sizeof (temp), "?1"); - else - { - n = strtol (p->name + 1, NULL, 0); - n++; - temp[0] = '?'; - MHD__asn1_ltostr (n, temp + 1); - } - MHD__asn1_set_name (p2, temp); - /* p2->type |= CONST_OPTION; */ - - return ASN1_SUCCESS; -} - - -/** - * MHD__asn1_write_value - Set the value of one element inside a structure. - * @node_root: pointer to a structure - * @name: the name of the element inside the structure that you want to set. - * @ivalue: vector used to specify the value to set. If len is >0, - * VALUE must be a two's complement form integer. if len=0 *VALUE - * must be a null terminated string with an integer value. - * @len: number of bytes of *value to use to set the value: - * value[0]..value[len-1] or 0 if value is a null terminated string - * - * Set the value of one element inside a structure. - * - * If an element is OPTIONAL and you want to delete it, you must use - * the value=NULL and len=0. Using "pkix.asn": - * - * result=MHD__asn1_write_value(cert, "tbsCertificate.issuerUniqueID", - * NULL, 0); - * - * Description for each type: - * - * INTEGER: VALUE must contain a two's complement form integer. - * - * value[0]=0xFF , len=1 -> integer=-1. - * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1. - * value[0]=0x01 , len=1 -> integer= 1. - * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1. - * value="123" , len=0 -> integer= 123. - * - * ENUMERATED: As INTEGER (but only with not negative numbers). - * - * BOOLEAN: VALUE must be the null terminated string "TRUE" or - * "FALSE" and LEN != 0. - * - * value="TRUE" , len=1 -> boolean=TRUE. - * value="FALSE" , len=1 -> boolean=FALSE. - * - * OBJECT IDENTIFIER: VALUE must be a null terminated string with - * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0. - * - * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha. - * - * UTCTime: VALUE must be a null terminated string in one of these - * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ", - * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'", - * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0. - * - * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998 - * at 12h 00m Greenwich Mean Time - * - * GeneralizedTime: VALUE must be in one of this format: - * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ", - * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'", - * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s - * indicates the seconds with any precision like "10.1" or "01.02". - * LEN != 0 - * - * value="2001010112001.12-0700" , len=1 -> time=Jannuary - * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time - * - * OCTET STRING: VALUE contains the octet string and LEN is the - * number of octets. - * - * value="$\backslash$x01$\backslash$x02$\backslash$x03" , - * len=3 -> three bytes octet string - * - * GeneralString: VALUE contains the generalstring and LEN is the - * number of octets. - * - * value="$\backslash$x01$\backslash$x02$\backslash$x03" , - * len=3 -> three bytes generalstring - * - * BIT STRING: VALUE contains the bit string organized by bytes and - * LEN is the number of bits. - * - * value="$\backslash$xCF" , len=6 -> bit string="110011" (six - * bits) - * - * CHOICE: if NAME indicates a choice type, VALUE must specify one of - * the alternatives with a null terminated string. LEN != 0. Using - * "pkix.asn"\: - * - * result=MHD__asn1_write_value(cert, - * "certificate1.tbsCertificate.subject", "rdnSequence", - * 1); - * - * ANY: VALUE indicates the der encoding of a structure. LEN != 0. - * - * SEQUENCE OF: VALUE must be the null terminated string "NEW" and - * LEN != 0. With this instruction another element is appended in - * the sequence. The name of this element will be "?1" if it's the - * first one, "?2" for the second and so on. - * - * Using "pkix.asn"\: - * - * result=MHD__asn1_write_value(cert, - * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1); - * - * SET OF: the same as SEQUENCE OF. Using "pkix.asn": - * - * result=MHD__asn1_write_value(cert, - * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1); - * - * Returns: - * - * ASN1_SUCCESS: Set value OK. - * - * ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element. - * - * ASN1_VALUE_NOT_VALID: VALUE has a wrong format. - * - **/ -MHD__asn1_retCode -MHD__asn1_write_value (ASN1_TYPE node_root, const char *name, - const void *ivalue, int len) -{ - node_asn *node, *p, *p2; - unsigned char *temp, *value_temp = NULL, *default_temp = NULL; - int len2, k, k2, negative; - const char *value = ivalue; - - node = MHD__asn1_find_node (node_root, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) - { - MHD__asn1_delete_structure (&node); - return ASN1_SUCCESS; - } - - if ((type_field (node->type) == TYPE_SEQUENCE_OF) && (value == NULL) - && (len == 0)) - { - p = node->down; - while ((type_field (p->type) == TYPE_TAG) - || (type_field (p->type) == TYPE_SIZE)) - p = p->right; - - while (p->right) - MHD__asn1_delete_structure (&p->right); - - return ASN1_SUCCESS; - } - - switch (type_field (node->type)) - { - case TYPE_BOOLEAN: - if (!strcmp (value, "TRUE")) - { - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - if (p->type & CONST_TRUE) - MHD__asn1_set_value (node, NULL, 0); - else - MHD__asn1_set_value (node, "T", 1); - } - else - MHD__asn1_set_value (node, "T", 1); - } - else if (!strcmp (value, "FALSE")) - { - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - if (p->type & CONST_FALSE) - MHD__asn1_set_value (node, NULL, 0); - else - MHD__asn1_set_value (node, "F", 1); - } - else - MHD__asn1_set_value (node, "F", 1); - } - else - return ASN1_VALUE_NOT_VALID; - break; - case TYPE_INTEGER: - case TYPE_ENUMERATED: - if (len == 0) - { - if ((isdigit (value[0])) || (value[0] == '-')) - { - value_temp = - (unsigned char *) MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); - if (value_temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - MHD__asn1_convert_integer (value, value_temp, - SIZEOF_UNSIGNED_LONG_INT, &len); - } - else - { /* is an identifier like v1 */ - if (!(node->type & CONST_LIST)) - return ASN1_VALUE_NOT_VALID; - p = node->down; - while (p) - { - if (type_field (p->type) == TYPE_CONSTANT) - { - if ((p->name) && (!strcmp (p->name, value))) - { - value_temp = - (unsigned char *) - MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); - if (value_temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - MHD__asn1_convert_integer ((const char *) p->value, - value_temp, - SIZEOF_UNSIGNED_LONG_INT, - &len); - break; - } - } - p = p->right; - } - if (p == NULL) - return ASN1_VALUE_NOT_VALID; - } - } - else - { /* len != 0 */ - value_temp = (unsigned char *) MHD__asn1_alloca (len); - if (value_temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - memcpy (value_temp, value, len); - } - - - if (value_temp[0] & 0x80) - negative = 1; - else - negative = 0; - - if (negative && (type_field (node->type) == TYPE_ENUMERATED)) - { - MHD__asn1_afree (value_temp); - return ASN1_VALUE_NOT_VALID; - } - - for (k = 0; k < len - 1; k++) - if (negative && (value_temp[k] != 0xFF)) - break; - else if (!negative && value_temp[k]) - break; - - if ((negative && !(value_temp[k] & 0x80)) || - (!negative && (value_temp[k] & 0x80))) - k--; - - MHD__asn1_length_der (len - k, NULL, &len2); - temp = (unsigned char *) MHD__asn1_alloca (len - k + len2); - if (temp == NULL) - { - MHD__asn1_afree (value_temp); - return ASN1_MEM_ALLOC_ERROR; - } - - MHD__asn1_octet_der (value_temp + k, len - k, temp, &len2); - MHD__asn1_set_value (node, temp, len2); - - MHD__asn1_afree (temp); - - - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - if ((isdigit (p->value[0])) || (p->value[0] == '-')) - { - default_temp = - (unsigned char *) MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); - if (default_temp == NULL) - { - MHD__asn1_afree (value_temp); - return ASN1_MEM_ALLOC_ERROR; - } - - MHD__asn1_convert_integer ((const char *) p->value, - default_temp, - SIZEOF_UNSIGNED_LONG_INT, &len2); - } - else - { /* is an identifier like v1 */ - if (!(node->type & CONST_LIST)) - { - MHD__asn1_afree (value_temp); - return ASN1_VALUE_NOT_VALID; - } - p2 = node->down; - while (p2) - { - if (type_field (p2->type) == TYPE_CONSTANT) - { - if ((p2->name) - && (!strcmp (p2->name, (const char *) p->value))) - { - default_temp = - (unsigned char *) - MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT); - if (default_temp == NULL) - { - MHD__asn1_afree (value_temp); - return ASN1_MEM_ALLOC_ERROR; - } - - MHD__asn1_convert_integer ((const char *) p2->value, - default_temp, - SIZEOF_UNSIGNED_LONG_INT, - &len2); - break; - } - } - p2 = p2->right; - } - if (p2 == NULL) - { - MHD__asn1_afree (value_temp); - return ASN1_VALUE_NOT_VALID; - } - } - - - if ((len - k) == len2) - { - for (k2 = 0; k2 < len2; k2++) - if (value_temp[k + k2] != default_temp[k2]) - { - break; - } - if (k2 == len2) - MHD__asn1_set_value (node, NULL, 0); - } - MHD__asn1_afree (default_temp); - } - MHD__asn1_afree (value_temp); - break; - case TYPE_OBJECT_ID: - for (k = 0; k < strlen (value); k++) - if ((!isdigit (value[k])) && (value[k] != '.') && (value[k] != '+')) - return ASN1_VALUE_NOT_VALID; - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - if (!strcmp (value, (const char *) p->value)) - { - MHD__asn1_set_value (node, NULL, 0); - break; - } - } - MHD__asn1_set_value (node, value, strlen (value) + 1); - break; - case TYPE_TIME: - if (node->type & CONST_UTC) - { - if (strlen (value) < 11) - return ASN1_VALUE_NOT_VALID; - for (k = 0; k < 10; k++) - if (!isdigit (value[k])) - return ASN1_VALUE_NOT_VALID; - switch (strlen (value)) - { - case 11: - if (value[10] != 'Z') - return ASN1_VALUE_NOT_VALID; - break; - case 13: - if ((!isdigit (value[10])) || (!isdigit (value[11])) || - (value[12] != 'Z')) - return ASN1_VALUE_NOT_VALID; - break; - case 15: - if ((value[10] != '+') && (value[10] != '-')) - return ASN1_VALUE_NOT_VALID; - for (k = 11; k < 15; k++) - if (!isdigit (value[k])) - return ASN1_VALUE_NOT_VALID; - break; - case 17: - if ((!isdigit (value[10])) || (!isdigit (value[11]))) - return ASN1_VALUE_NOT_VALID; - if ((value[12] != '+') && (value[12] != '-')) - return ASN1_VALUE_NOT_VALID; - for (k = 13; k < 17; k++) - if (!isdigit (value[k])) - return ASN1_VALUE_NOT_VALID; - break; - default: - return ASN1_VALUE_NOT_FOUND; - } - MHD__asn1_set_value (node, value, strlen (value) + 1); - } - else - { /* GENERALIZED TIME */ - if (value) - MHD__asn1_set_value (node, value, strlen (value) + 1); - } - break; - case TYPE_OCTET_STRING: - if (len == 0) - len = strlen (value); - MHD__asn1_length_der (len, NULL, &len2); - temp = (unsigned char *) MHD__asn1_alloca (len + len2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2); - MHD__asn1_set_value (node, temp, len2); - MHD__asn1_afree (temp); - break; - case TYPE_GENERALSTRING: - if (len == 0) - len = strlen (value); - MHD__asn1_length_der (len, NULL, &len2); - temp = (unsigned char *) MHD__asn1_alloca (len + len2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2); - MHD__asn1_set_value (node, temp, len2); - MHD__asn1_afree (temp); - break; - case TYPE_BIT_STRING: - if (len == 0) - len = strlen (value); - MHD__asn1_length_der ((len >> 3) + 2, NULL, &len2); - temp = (unsigned char *) MHD__asn1_alloca ((len >> 3) + 2 + len2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - MHD__asn1_bit_der ((const unsigned char *) value, len, temp, &len2); - MHD__asn1_set_value (node, temp, len2); - MHD__asn1_afree (temp); - break; - case TYPE_CHOICE: - p = node->down; - while (p) - { - if (!strcmp (p->name, value)) - { - p2 = node->down; - while (p2) - { - if (p2 != p) - { - MHD__asn1_delete_structure (&p2); - p2 = node->down; - } - else - p2 = p2->right; - } - break; - } - p = p->right; - } - if (!p) - return ASN1_ELEMENT_NOT_FOUND; - break; - case TYPE_ANY: - MHD__asn1_length_der (len, NULL, &len2); - temp = (unsigned char *) MHD__asn1_alloca (len + len2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2); - MHD__asn1_set_value (node, temp, len2); - MHD__asn1_afree (temp); - break; - case TYPE_SEQUENCE_OF: - case TYPE_SET_OF: - if (strcmp (value, "NEW")) - return ASN1_VALUE_NOT_VALID; - MHD__asn1_append_sequence_set (node); - break; - default: - return ASN1_ELEMENT_NOT_FOUND; - break; - } - - return ASN1_SUCCESS; -} - - -#define PUT_VALUE( ptr, ptr_size, data, data_size) \ - *len = data_size; \ - if (ptr_size < data_size) { \ - return ASN1_MEM_ERROR; \ - } else { \ - memcpy( ptr, data, data_size); \ - } - -#define PUT_STR_VALUE( ptr, ptr_size, data) \ - *len = strlen(data) + 1; \ - if (ptr_size < *len) { \ - return ASN1_MEM_ERROR; \ - } else { \ - /* this strcpy is checked */ \ - strcpy(ptr, data); \ - } - -#define ADD_STR_VALUE( ptr, ptr_size, data) \ - *len = strlen(data) + 1; \ - if (ptr_size < strlen(ptr)+(*len)) { \ - return ASN1_MEM_ERROR; \ - } else { \ - /* this strcat is checked */ \ - strcat(ptr, data); \ - } - -/** - * MHD__asn1_read_value - Returns the value of one element inside a structure - * @root: pointer to a structure. - * @name: the name of the element inside a structure that you want to read. - * @ivalue: vector that will contain the element's content, must be a - * pointer to memory cells already allocated. - * @len: number of bytes of *value: value[0]..value[len-1]. Initialy - * holds the sizeof value. - * - * Returns the value of one element inside a structure. - * - * If an element is OPTIONAL and the function "read_value" returns - * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present - * in the der encoding that created the structure. The first element - * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and - * so on. - * - * INTEGER: VALUE will contain a two's complement form integer. - * - * integer=-1 -> value[0]=0xFF , len=1. - * integer=1 -> value[0]=0x01 , len=1. - * - * ENUMERATED: As INTEGER (but only with not negative numbers). - * - * BOOLEAN: VALUE will be the null terminated string "TRUE" or - * "FALSE" and LEN=5 or LEN=6. - * - * OBJECT IDENTIFIER: VALUE will be a null terminated string with - * each number separated by a dot (i.e. "1.2.3.543.1"). - * - * LEN = strlen(VALUE)+1 - * - * UTCTime: VALUE will be a null terminated string in one of these - * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". - * LEN=strlen(VALUE)+1. - * - * GeneralizedTime: VALUE will be a null terminated string in the - * same format used to set the value. - * - * OCTET STRING: VALUE will contain the octet string and LEN will be - * the number of octets. - * - * GeneralString: VALUE will contain the generalstring and LEN will - * be the number of octets. - * - * BIT STRING: VALUE will contain the bit string organized by bytes - * and LEN will be the number of bits. - * - * CHOICE: If NAME indicates a choice type, VALUE will specify the - * alternative selected. - * - * ANY: If NAME indicates an any type, VALUE will indicate the DER - * encoding of the structure actually used. - * - * Returns: - * - * ASN1_SUCCESS: Set value OK. - * - * ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element. - * - * ASN1_VALUE_NOT_FOUND: There isn't any value for the element selected. - * - * ASN1_MEM_ERROR: The value vector isn't big enough to store the result. - * In this case LEN will contain the number of bytes needed. - * - **/ -MHD__asn1_retCode -MHD__asn1_read_value (ASN1_TYPE root, const char *name, void *ivalue, - int *len) -{ - node_asn *node, *p, *p2; - int len2, len3; - int value_size = *len; - char *value = ivalue; - - node = MHD__asn1_find_node (root, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - if ((type_field (node->type) != TYPE_NULL) && - (type_field (node->type) != TYPE_CHOICE) && - !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) && - (node->value == NULL)) - return ASN1_VALUE_NOT_FOUND; - - switch (type_field (node->type)) - { - case TYPE_NULL: - PUT_STR_VALUE (value, value_size, "NULL"); - break; - case TYPE_BOOLEAN: - if ((node->type & CONST_DEFAULT) && (node->value == NULL)) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - if (p->type & CONST_TRUE) - { - PUT_STR_VALUE (value, value_size, "TRUE"); - } - else - { - PUT_STR_VALUE (value, value_size, "FALSE"); - } - } - else if (node->value[0] == 'T') - { - PUT_STR_VALUE (value, value_size, "TRUE"); - } - else - { - PUT_STR_VALUE (value, value_size, "FALSE"); - } - break; - case TYPE_INTEGER: - case TYPE_ENUMERATED: - if ((node->type & CONST_DEFAULT) && (node->value == NULL)) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - if ((isdigit (p->value[0])) || (p->value[0] == '-') - || (p->value[0] == '+')) - { - if (MHD__asn1_convert_integer - ((const char *) p->value, (unsigned char *) value, - value_size, len) != ASN1_SUCCESS) - return ASN1_MEM_ERROR; - } - else - { /* is an identifier like v1 */ - p2 = node->down; - while (p2) - { - if (type_field (p2->type) == TYPE_CONSTANT) - { - if ((p2->name) - && (!strcmp (p2->name, (const char *) p->value))) - { - if (MHD__asn1_convert_integer - ((const char *) p2->value, - (unsigned char *) value, value_size, - len) != ASN1_SUCCESS) - return ASN1_MEM_ERROR; - break; - } - } - p2 = p2->right; - } - } - } - else - { - len2 = -1; - if (MHD__asn1_get_octet_der - (node->value, node->value_len, &len2, (unsigned char *) value, - value_size, len) != ASN1_SUCCESS) - return ASN1_MEM_ERROR; - } - break; - case TYPE_OBJECT_ID: - if (node->type & CONST_ASSIGN) - { - value[0] = 0; - p = node->down; - while (p) - { - if (type_field (p->type) == TYPE_CONSTANT) - { - ADD_STR_VALUE (value, value_size, (const char *) p->value); - if (p->right) - { - ADD_STR_VALUE (value, value_size, "."); - } - } - p = p->right; - } - *len = strlen (value) + 1; - } - else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) - { - p = node->down; - while (type_field (p->type) != TYPE_DEFAULT) - p = p->right; - PUT_STR_VALUE (value, value_size, (const char *) p->value); - } - else - { - PUT_STR_VALUE (value, value_size, (const char *) node->value); - } - break; - case TYPE_TIME: - PUT_STR_VALUE (value, value_size, (const char *) node->value); - break; - case TYPE_OCTET_STRING: - len2 = -1; - if (MHD__asn1_get_octet_der - (node->value, node->value_len, &len2, (unsigned char *) value, - value_size, len) != ASN1_SUCCESS) - return ASN1_MEM_ERROR; - break; - case TYPE_GENERALSTRING: - len2 = -1; - if (MHD__asn1_get_octet_der - (node->value, node->value_len, &len2, (unsigned char *) value, - value_size, len) != ASN1_SUCCESS) - return ASN1_MEM_ERROR; - break; - case TYPE_BIT_STRING: - len2 = -1; - if (MHD__asn1_get_bit_der - (node->value, node->value_len, &len2, (unsigned char *) value, - value_size, len) != ASN1_SUCCESS) - return ASN1_MEM_ERROR; - break; - case TYPE_CHOICE: - PUT_STR_VALUE (value, value_size, node->down->name); - break; - case TYPE_ANY: - len3 = -1; - len2 = MHD__asn1_get_length_der (node->value, node->value_len, &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - PUT_VALUE (value, value_size, node->value + len3, len2); - break; - default: - return ASN1_ELEMENT_NOT_FOUND; - break; - } - return ASN1_SUCCESS; -} diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/element.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/element.h deleted file mode 100644 index e4484925d9..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/element.h +++ /dev/null @@ -1,14 +0,0 @@ - -#ifndef _ELEMENT_H -#define _ELEMENT_H - - -MHD__asn1_retCode MHD__asn1_append_sequence_set (node_asn * node); - -MHD__asn1_retCode MHD__asn1_convert_integer (const char *value, - unsigned char *value_out, - int value_out_size, int *len); - -void MHD__asn1_hierarchical_name (node_asn * node, char *name, int name_size); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/gstr.c b/lib/libmicrohttpd/src/daemon/https/minitasn1/gstr.c deleted file mode 100644 index 7068db51fc..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/gstr.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2006 Free Software Foundation - * Copyright (C) 2002 Nikos Mavroyanopoulos - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#include <int.h> - -/* These function are like strcat, strcpy. They only - * do bounds checking (they shouldn't cause buffer overruns), - * and they always produce null terminated strings. - * - * They should be used only with null terminated strings. - */ -void -MHD__asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) -{ - size_t str_size = strlen (src); - size_t dest_size = strlen (dest); - - if (dest_tot_size - dest_size > str_size) - { - strcat (dest, src); - } - else - { - if (dest_tot_size - dest_size > 0) - { - strncat (dest, src, (dest_tot_size - dest_size) - 1); - dest[dest_tot_size - 1] = 0; - } - } -} - -void -MHD__asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src) -{ - size_t str_size = strlen (src); - - if (dest_tot_size > str_size) - { - strcpy (dest, src); - } - else - { - if (dest_tot_size > 0) - { - strncpy (dest, src, (dest_tot_size) - 1); - dest[dest_tot_size - 1] = 0; - } - } -} diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/gstr.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/gstr.h deleted file mode 100644 index e0cda357b5..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/gstr.h +++ /dev/null @@ -1,5 +0,0 @@ -void MHD__asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src); -void MHD__asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); - -#define Estrcpy(x,y) MHD__asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) -#define Estrcat(x,y) MHD__asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/int.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/int.h deleted file mode 100644 index a99fb6dbb1..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/int.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (C) 2004, 2006 Free Software Foundation, Inc. - * Copyright (C) 2002 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#ifndef INT_H -#define INT_H - -#include <libtasn1.h> -#include <defines.h> - -/* -#define LIBTASN1_DEBUG -#define LIBTASN1_DEBUG_PARSER -#define LIBTASN1_DEBUG_INTEGER -*/ - -#include <mem.h> - -#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ - -/* Define used for visiting trees. */ -#define UP 1 -#define RIGHT 2 -#define DOWN 3 - -/****************************************/ -/* Returns the first 8 bits. */ -/* Used with the field type of node_asn */ -/****************************************/ -#define type_field(x) (x&0xFF) - -/* List of constants for field type of typedef node_asn */ -#define TYPE_CONSTANT 1 -#define TYPE_IDENTIFIER 2 -#define TYPE_INTEGER 3 -#define TYPE_BOOLEAN 4 -#define TYPE_SEQUENCE 5 -#define TYPE_BIT_STRING 6 -#define TYPE_OCTET_STRING 7 -#define TYPE_TAG 8 -#define TYPE_DEFAULT 9 -#define TYPE_SIZE 10 -#define TYPE_SEQUENCE_OF 11 -#define TYPE_OBJECT_ID 12 -#define TYPE_ANY 13 -#define TYPE_SET 14 -#define TYPE_SET_OF 15 -#define TYPE_DEFINITIONS 16 -#define TYPE_TIME 17 -#define TYPE_CHOICE 18 -#define TYPE_IMPORTS 19 -#define TYPE_NULL 20 -#define TYPE_ENUMERATED 21 -#define TYPE_GENERALSTRING 27 - - -/***********************************************************************/ -/* List of constants to better specify the type of typedef node_asn. */ -/***********************************************************************/ -/* Used with TYPE_TAG */ -#define CONST_UNIVERSAL (1<<8) -#define CONST_PRIVATE (1<<9) -#define CONST_APPLICATION (1<<10) -#define CONST_EXPLICIT (1<<11) -#define CONST_IMPLICIT (1<<12) - -#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ -#define CONST_OPTION (1<<14) -#define CONST_DEFAULT (1<<15) -#define CONST_TRUE (1<<16) -#define CONST_FALSE (1<<17) - -#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ -#define CONST_MIN_MAX (1<<19) - -#define CONST_1_PARAM (1<<20) - -#define CONST_SIZE (1<<21) - -#define CONST_DEFINED_BY (1<<22) - -#define CONST_GENERALIZED (1<<23) -#define CONST_UTC (1<<24) - -/* #define CONST_IMPORTS (1<<25) */ - -#define CONST_NOT_USED (1<<26) -#define CONST_SET (1<<27) -#define CONST_ASSIGN (1<<28) - -#define CONST_DOWN (1<<29) -#define CONST_RIGHT (1<<30) - -#endif /* INT_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h deleted file mode 100644 index f478d0b7a5..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/libtasn1.h +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright (C) 2004, 2005, 2006 Free Software Foundation - * Copyright (C) 2002 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * LIBTASN1 is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * LIBTASN1 is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with LIBTASN1; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - * - */ - -#ifndef LIBTASN1_H -# define LIBTASN1_H - -#include <stdio.h> /* for FILE* */ - -#ifdef __cplusplus -extern "C" -{ -#endif - -#define LIBTASN1_VERSION "1.2" - -#include <sys/types.h> -#include <time.h> - -#define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ - /* inside a file with ASN1 definitons */ -#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ - /* of a description message */ - /* (null character included) */ - - - typedef int MHD__asn1_retCode; /* type returned by libtasn1 functions */ - - /*****************************************/ - /* Errors returned by libtasn1 functions */ - /*****************************************/ -#define ASN1_SUCCESS 0 -#define ASN1_FILE_NOT_FOUND 1 -#define ASN1_ELEMENT_NOT_FOUND 2 -#define ASN1_IDENTIFIER_NOT_FOUND 3 -#define ASN1_DER_ERROR 4 -#define ASN1_VALUE_NOT_FOUND 5 -#define ASN1_GENERIC_ERROR 6 -#define ASN1_VALUE_NOT_VALID 7 -#define ASN1_TAG_ERROR 8 -#define ASN1_TAG_IMPLICIT 9 -#define ASN1_ERROR_TYPE_ANY 10 -#define ASN1_SYNTAX_ERROR 11 -#define ASN1_MEM_ERROR 12 -#define ASN1_MEM_ALLOC_ERROR 13 -#define ASN1_DER_OVERFLOW 14 -#define ASN1_NAME_TOO_LONG 15 -#define ASN1_ARRAY_ERROR 16 -#define ASN1_ELEMENT_NOT_EMPTY 17 - -/*************************************/ -/* Constants used in MHD__asn1_visit_tree */ -/*************************************/ -#define ASN1_PRINT_NAME 1 -#define ASN1_PRINT_NAME_TYPE 2 -#define ASN1_PRINT_NAME_TYPE_VALUE 3 -#define ASN1_PRINT_ALL 4 - -/*****************************************/ -/* Constants returned by MHD__asn1_read_tag */ -/*****************************************/ -#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ -#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ -#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ -#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ -#define ASN1_CLASS_STRUCTURED 0x20 - -/*****************************************/ -/* Constants returned by MHD__asn1_read_tag */ -/*****************************************/ -#define ASN1_TAG_BOOLEAN 0x01 -#define ASN1_TAG_INTEGER 0x02 -#define ASN1_TAG_SEQUENCE 0x10 -#define ASN1_TAG_SET 0x11 -#define ASN1_TAG_OCTET_STRING 0x04 -#define ASN1_TAG_BIT_STRING 0x03 -#define ASN1_TAG_UTCTime 0x17 -#define ASN1_TAG_GENERALIZEDTime 0x18 -#define ASN1_TAG_OBJECT_ID 0x06 -#define ASN1_TAG_ENUMERATED 0x0A -#define ASN1_TAG_NULL 0x05 -#define ASN1_TAG_GENERALSTRING 0x1B - -/******************************************************/ -/* Structure definition used for the node of the tree */ -/* that represent an ASN.1 DEFINITION. */ -/******************************************************/ - - struct node_asn_struct - { - char *name; /* Node name */ - unsigned int type; /* Node type */ - unsigned char *value; /* Node value */ - int value_len; - struct node_asn_struct *down; /* Pointer to the son node */ - struct node_asn_struct *right; /* Pointer to the brother node */ - struct node_asn_struct *left; /* Pointer to the next list element */ - }; - - typedef struct node_asn_struct node_asn; - - typedef node_asn *ASN1_TYPE; - -#define ASN1_TYPE_EMPTY NULL - - struct static_struct_asn - { - const char *name; /* Node name */ - unsigned int type; /* Node type */ - const void *value; /* Node value */ - }; - - typedef struct static_struct_asn ASN1_ARRAY_TYPE; - - - - /***********************************/ - /* Functions definitions */ - /***********************************/ - - MHD__asn1_retCode MHD__asn1_parser2tree (const char *file_name, - ASN1_TYPE * definitions, - char *errorDescription); - - MHD__asn1_retCode MHD__asn1_parser2array (const char *inputFileName, - const char *outputFileName, - const char *vectorName, - char *errorDescription); - - MHD__asn1_retCode MHD__asn1_array2tree (const ASN1_ARRAY_TYPE * array, - ASN1_TYPE * definitions, - char *errorDescription); - - MHD__asn1_retCode MHD__asn1_create_element (ASN1_TYPE definitions, - const char *source_name, - ASN1_TYPE * element); - - MHD__asn1_retCode MHD__asn1_delete_structure (ASN1_TYPE * structure); - - MHD__asn1_retCode MHD__asn1_write_value (ASN1_TYPE node_root, - const char *name, - const void *ivalue, int len); - - MHD__asn1_retCode MHD__asn1_read_value (ASN1_TYPE root, const char *name, - void *ivalue, int *len); - - MHD__asn1_retCode MHD__asn1_der_coding (ASN1_TYPE element, const char *name, - void *ider, int *len, - char *ErrorDescription); - - MHD__asn1_retCode MHD__asn1_der_decoding (ASN1_TYPE * element, - const void *ider, int len, - char *errorDescription); - - MHD__asn1_retCode MHD__asn1_der_decoding_startEnd (ASN1_TYPE element, - const void *ider, - int len, - const char *name_element, - int *start, int *end); - - /* DER utility functions. */ - - int MHD__asn1_get_tag_der (const unsigned char *der, int der_len, - unsigned char *cls, int *len, - unsigned long *tag); - - void MHD__asn1_octet_der (const unsigned char *str, int str_len, - unsigned char *der, int *der_len); - - MHD__asn1_retCode MHD__asn1_get_octet_der (const unsigned char *der, - int der_len, int *ret_len, - unsigned char *str, int str_size, - int *str_len); - - void MHD__asn1_bit_der (const unsigned char *str, int bit_len, - unsigned char *der, int *der_len); - - MHD__asn1_retCode MHD__asn1_get_bit_der (const unsigned char *der, - int der_len, int *ret_len, - unsigned char *str, int str_size, - int *bit_len); - - signed long MHD__asn1_get_length_der (const unsigned char *der, int der_len, - int *len); - - void MHD__asn1_length_der (unsigned long int len, unsigned char *ans, - int *ans_len); - - /* Other utility functions. */ - - ASN1_TYPE MHD__asn1_find_node (ASN1_TYPE pointer, const char *name); - -#ifdef __cplusplus -} -#endif - -#endif /* LIBTASN1_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/mem.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/mem.h deleted file mode 100644 index 76139df034..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/mem.h +++ /dev/null @@ -1,25 +0,0 @@ -#ifndef MEM_H -# define MEM_H - -/* Use MHD__asn1_afree() when calling alloca, or - * memory leaks may occur in systems which do not - * support alloca. - */ -#ifdef HAVE_ALLOCA -# ifdef HAVE_ALLOCA_H -# include <alloca.h> -# endif -# define MHD__asn1_alloca alloca -# define MHD__asn1_afree(x) -#else -# define MHD__asn1_alloca MHD__asn1_malloc -# define MHD__asn1_afree MHD__asn1_free -#endif /* HAVE_ALLOCA */ - -#define MHD__asn1_malloc malloc -#define MHD__asn1_free free -#define MHD__asn1_calloc calloc -#define MHD__asn1_realloc realloc -#define MHD__asn1_strdup strdup - -#endif /* MEM_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/parser_aux.c b/lib/libmicrohttpd/src/daemon/https/minitasn1/parser_aux.c deleted file mode 100644 index 0643ff4c56..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/parser_aux.c +++ /dev/null @@ -1,774 +0,0 @@ -/* - * Copyright (C) 2004, 2006, 2007 Free Software Foundation - * Copyright (C) 2000,2001 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#include <int.h> -#include "parser_aux.h" -#include "gstr.h" -#include "structure.h" -#include "element.h" - - - -char MHD__asn1_identifierMissing[MAX_NAME_SIZE + 1]; /* identifier name not found */ - -/***********************************************/ -/* Type: list_type */ -/* Description: type used in the list during */ -/* the structure creation. */ -/***********************************************/ -typedef struct list_struct -{ - node_asn *node; - struct list_struct *next; -} list_type; - - -/* Pointer to the first element of the list */ -list_type *MHD_firstElement = NULL; - -/******************************************************/ -/* Function : MHD__asn1_add_node */ -/* Description: creates a new NODE_ASN element and */ -/* puts it in the list pointed by MHD_firstElement. */ -/* Parameters: */ -/* type: type of the new element (see TYPE_ */ -/* and CONST_ constants). */ -/* Return: pointer to the new element. */ -/******************************************************/ -node_asn * -MHD__asn1_add_node (unsigned int type) -{ - list_type *listElement; - node_asn *punt; - - punt = (node_asn *) MHD__asn1_calloc (1, sizeof (node_asn)); - if (punt == NULL) - return NULL; - - listElement = (list_type *) MHD__asn1_malloc (sizeof (list_type)); - if (listElement == NULL) - { - MHD__asn1_free (punt); - return NULL; - } - - listElement->node = punt; - listElement->next = MHD_firstElement; - MHD_firstElement = listElement; - - punt->type = type; - - return punt; -} - -/** - * MHD__asn1_find_node: - * @pointer: NODE_ASN element pointer. - * @name: null terminated string with the element's name to find. - * - * Searches for an element called NAME starting from POINTER. The - * name is composed by differents identifiers separated by dots. When - * *POINTER has a name, the first identifier must be the name of - * *POINTER, otherwise it must be the name of one child of *POINTER. - * - * Return value: the searching result. NULL if not found. - **/ -ASN1_TYPE -MHD__asn1_find_node (ASN1_TYPE pointer, const char *name) -{ - node_asn *p; - char *n_end, n[MAX_NAME_SIZE + 1]; - const char *n_start; - - if (pointer == NULL) - return NULL; - - if (name == NULL) - return NULL; - - p = pointer; - n_start = name; - - if (p->name != NULL) - { /* has *pointer got a name ? */ - n_end = strchr (n_start, '.'); /* search the first dot */ - if (n_end) - { - memcpy (n, n_start, n_end - n_start); - n[n_end - n_start] = 0; - n_start = n_end; - n_start++; - } - else - { - MHD__asn1_str_cpy (n, sizeof (n), n_start); - n_start = NULL; - } - - while (p) - { - if ((p->name) && (!strcmp (p->name, n))) - break; - else - p = p->right; - } /* while */ - - if (p == NULL) - return NULL; - } - else - { /* *pointer doesn't have a name */ - if (n_start[0] == 0) - return p; - } - - while (n_start) - { /* Has the end of NAME been reached? */ - n_end = strchr (n_start, '.'); /* search the next dot */ - if (n_end) - { - memcpy (n, n_start, n_end - n_start); - n[n_end - n_start] = 0; - n_start = n_end; - n_start++; - } - else - { - MHD__asn1_str_cpy (n, sizeof (n), n_start); - n_start = NULL; - } - - if (p->down == NULL) - return NULL; - - p = p->down; - - /* The identifier "?LAST" indicates the last element - in the right chain. */ - if (!strcmp (n, "?LAST")) - { - if (p == NULL) - return NULL; - while (p->right) - p = p->right; - } - else - { /* no "?LAST" */ - while (p) - { - if ((p->name) && (!strcmp (p->name, n))) - break; - else - p = p->right; - } - if (p == NULL) - return NULL; - } - } /* while */ - - return p; -} - - -/******************************************************************/ -/* Function : MHD__asn1_set_value */ -/* Description: sets the field VALUE in a NODE_ASN element. The */ -/* previous value (if exist) will be lost */ -/* Parameters: */ -/* node: element pointer. */ -/* value: pointer to the value that you want to set. */ -/* len: character number of value. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -node_asn * -MHD__asn1_set_value (node_asn * node, const void *_value, unsigned int len) -{ - const unsigned char *value = _value; - - if (node == NULL) - return node; - if (node->value) - { - MHD__asn1_free (node->value); - node->value = NULL; - node->value_len = 0; - } - if (!len) - return node; - node->value = (unsigned char *) MHD__asn1_malloc (len); - if (node->value == NULL) - return NULL; - node->value_len = len; - - memcpy (node->value, value, len); - return node; -} - -/******************************************************************/ -/* Function : MHD__asn1_set_name */ -/* Description: sets the field NAME in a NODE_ASN element. The */ -/* previous value (if exist) will be lost */ -/* Parameters: */ -/* node: element pointer. */ -/* name: a null terminated string with the name that you want */ -/* to set. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -node_asn * -MHD__asn1_set_name (node_asn * node, const char *name) -{ - if (node == NULL) - return node; - - if (node->name) - { - MHD__asn1_free (node->name); - node->name = NULL; - } - - if (name == NULL) - return node; - - if (strlen (name)) - { - node->name = (char *) MHD__asn1_strdup (name); - if (node->name == NULL) - return NULL; - } - else - node->name = NULL; - return node; -} - -/******************************************************************/ -/* Function : MHD__asn1_set_right */ -/* Description: sets the field RIGHT in a NODE_ASN element. */ -/* Parameters: */ -/* node: element pointer. */ -/* right: pointer to a NODE_ASN element that you want be pointed*/ -/* by NODE. */ -/* Return: pointer to *NODE. */ -/******************************************************************/ -node_asn * -MHD__asn1_set_right (node_asn * node, node_asn * right) -{ - if (node == NULL) - return node; - node->right = right; - if (right) - right->left = node; - return node; -} - -/******************************************************************/ -/* Function : MHD__asn1_set_down */ -/* Description: sets the field DOWN in a NODE_ASN element. */ -/* Parameters: */ -/* node: element pointer. */ -/* down: pointer to a NODE_ASN element that you want be pointed */ -/* by NODE. */ -/* Return: pointer to *NODE. */ -/******************************************************************/ -node_asn * -MHD__asn1_set_down (node_asn * node, node_asn * down) -{ - if (node == NULL) - return node; - node->down = down; - if (down) - down->left = node; - return node; -} - -/******************************************************************/ -/* Function : MHD__asn1_remove_node */ -/* Description: gets free the memory allocated for an NODE_ASN */ -/* element (not the elements pointed by it). */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/******************************************************************/ -void -MHD__asn1_remove_node (node_asn * node) -{ - if (node == NULL) - return; - - if (node->name != NULL) - MHD__asn1_free (node->name); - if (node->value != NULL) - MHD__asn1_free (node->value); - MHD__asn1_free (node); -} - -/******************************************************************/ -/* Function : MHD__asn1_find_up */ -/* Description: return the father of the NODE_ASN element. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: Null if not found. */ -/******************************************************************/ -node_asn * -MHD__asn1_find_up (node_asn * node) -{ - node_asn *p; - - if (node == NULL) - return NULL; - - p = node; - - while ((p->left != NULL) && (p->left->right == p)) - p = p->left; - - return p->left; -} - -/******************************************************************/ -/* Function : MHD__asn1_delete_list */ -/* Description: deletes the list elements (not the elements */ -/* pointed by them). */ -/******************************************************************/ -void -MHD__asn1_delete_list (void) -{ - list_type *listElement; - - while (MHD_firstElement) - { - listElement = MHD_firstElement; - MHD_firstElement = MHD_firstElement->next; - MHD__asn1_free (listElement); - } -} - -/******************************************************************/ -/* Function : MHD__asn1_delete_list_and nodes */ -/* Description: deletes the list elements and the elements */ -/* pointed by them. */ -/******************************************************************/ -void -MHD__asn1_delete_list_and_nodes (void) -{ - list_type *listElement; - - while (MHD_firstElement) - { - listElement = MHD_firstElement; - MHD_firstElement = MHD_firstElement->next; - MHD__asn1_remove_node (listElement->node); - MHD__asn1_free (listElement); - } -} - - -char * -MHD__asn1_ltostr (long v, char *str) -{ - long d, r; - char temp[20]; - int count, k, start; - - if (v < 0) - { - str[0] = '-'; - start = 1; - v = -v; - } - else - start = 0; - - count = 0; - do - { - d = v / 10; - r = v - d * 10; - temp[start + count] = '0' + (char) r; - count++; - v = d; - } - while (v); - - for (k = 0; k < count; k++) - str[k + start] = temp[start + count - k - 1]; - str[count + start] = 0; - return str; -} - - -/******************************************************************/ -/* Function : MHD__asn1_change_integer_value */ -/* Description: converts into DER coding the value assign to an */ -/* INTEGER constant. */ -/* Parameters: */ -/* node: root of an ASN1element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -MHD__asn1_retCode -MHD__asn1_change_integer_value (ASN1_TYPE node) -{ - node_asn *p; - unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; - unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1]; - int len; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if ((type_field (p->type) == TYPE_INTEGER) && (p->type & CONST_ASSIGN)) - { - if (p->value) - { - MHD__asn1_convert_integer ((const char *) p->value, val, - sizeof (val), &len); - MHD__asn1_octet_der (val, len, val2, &len); - MHD__asn1_set_value (p, val2, len); - } - } - - if (p->down) - { - p = p->down; - } - else - { - if (p == node) - p = NULL; - else if (p->right) - p = p->right; - else - { - while (1) - { - p = MHD__asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p->right) - { - p = p->right; - break; - } - } - } - } - } - - return ASN1_SUCCESS; -} - - -/******************************************************************/ -/* Function : MHD__asn1_expand_object_id */ -/* Description: expand the IDs of an OBJECT IDENTIFIER constant. */ -/* Parameters: */ -/* node: root of an ASN1 element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -MHD__asn1_retCode -MHD__asn1_expand_object_id (ASN1_TYPE node) -{ - node_asn *p, *p2, *p3, *p4, *p5; - char name_root[MAX_NAME_SIZE], name2[2 * MAX_NAME_SIZE + 1]; - int move, tlen; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - MHD__asn1_str_cpy (name_root, sizeof (name_root), node->name); - - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if ((type_field (p->type) == TYPE_OBJECT_ID) - && (p->type & CONST_ASSIGN)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == TYPE_CONSTANT)) - { - if (p2->value && !isdigit (p2->value[0])) - { - MHD__asn1_str_cpy (name2, sizeof (name2), name_root); - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), - (const char *) p2->value); - p3 = MHD__asn1_find_node (node, name2); - if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) || - !(p3->type & CONST_ASSIGN)) - return ASN1_ELEMENT_NOT_FOUND; - MHD__asn1_set_down (p, p2->right); - MHD__asn1_remove_node (p2); - p2 = p; - p4 = p3->down; - while (p4) - { - if (type_field (p4->type) == TYPE_CONSTANT) - { - p5 = MHD__asn1_add_node_only (TYPE_CONSTANT); - MHD__asn1_set_name (p5, p4->name); - tlen = strlen ((const char *) p4->value); - if (tlen > 0) - MHD__asn1_set_value (p5, p4->value, tlen + 1); - if (p2 == p) - { - MHD__asn1_set_right (p5, p->down); - MHD__asn1_set_down (p, p5); - } - else - { - MHD__asn1_set_right (p5, p2->right); - MHD__asn1_set_right (p2, p5); - } - p2 = p5; - } - p4 = p4->right; - } - move = DOWN; - continue; - } - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - - /*******************************/ - /* expand DEFAULT */ - /*******************************/ - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if ((type_field (p->type) == TYPE_OBJECT_ID) && - (p->type & CONST_DEFAULT)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == TYPE_DEFAULT)) - { - MHD__asn1_str_cpy (name2, sizeof (name2), name_root); - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), - (const char *) p2->value); - p3 = MHD__asn1_find_node (node, name2); - if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) || - !(p3->type & CONST_ASSIGN)) - return ASN1_ELEMENT_NOT_FOUND; - p4 = p3->down; - name2[0] = 0; - while (p4) - { - if (type_field (p4->type) == TYPE_CONSTANT) - { - if (name2[0]) - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), - (const char *) p4->value); - } - p4 = p4->right; - } - tlen = strlen (name2); - if (tlen > 0) - MHD__asn1_set_value (p2, name2, tlen + 1); - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - -/******************************************************************/ -/* Function : MHD__asn1_check_identifier */ -/* Description: checks the definitions of all the identifiers */ -/* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */ -/* The MHD__asn1_identifierMissing global variable is filled if */ -/* necessary. */ -/* Parameters: */ -/* node: root of an ASN1 element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -MHD__asn1_retCode -MHD__asn1_check_identifier (ASN1_TYPE node) -{ - node_asn *p, *p2; - char name2[MAX_NAME_SIZE * 2 + 2]; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if (type_field (p->type) == TYPE_IDENTIFIER) - { - MHD__asn1_str_cpy (name2, sizeof (name2), node->name); - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), (const char *) p->value); - p2 = MHD__asn1_find_node (node, name2); - if (p2 == NULL) - { - strcpy (MHD__asn1_identifierMissing, (const char *) p->value); - return ASN1_IDENTIFIER_NOT_FOUND; - } - } - else if ((type_field (p->type) == TYPE_OBJECT_ID) && - (p->type & CONST_DEFAULT)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == TYPE_DEFAULT)) - { - MHD__asn1_str_cpy (name2, sizeof (name2), node->name); - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), - (const char *) p2->value); - strcpy (MHD__asn1_identifierMissing, (const char *) p2->value); - p2 = MHD__asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) - return ASN1_IDENTIFIER_NOT_FOUND; - else - MHD__asn1_identifierMissing[0] = 0; - } - } - else if ((type_field (p->type) == TYPE_OBJECT_ID) && - (p->type & CONST_ASSIGN)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == TYPE_CONSTANT)) - { - if (p2->value && !isdigit (p2->value[0])) - { - MHD__asn1_str_cpy (name2, sizeof (name2), node->name); - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), - (const char *) p2->value); - strcpy (MHD__asn1_identifierMissing, - (const char *) p2->value); - p2 = MHD__asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) - return ASN1_IDENTIFIER_NOT_FOUND; - else - MHD__asn1_identifierMissing[0] = 0; - } - } - } - - if (p->down) - { - p = p->down; - } - else if (p->right) - p = p->right; - else - { - while (1) - { - p = MHD__asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p->right) - { - p = p->right; - break; - } - } - } - } - - return ASN1_SUCCESS; -} diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/parser_aux.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/parser_aux.h deleted file mode 100644 index 4437fb191e..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/parser_aux.h +++ /dev/null @@ -1,37 +0,0 @@ - -#ifndef _PARSER_AUX_H -#define _PARSER_AUX_H - - -/***************************************/ -/* Functions used by ASN.1 parser */ -/***************************************/ -node_asn *MHD__asn1_add_node (unsigned int type); - -node_asn *MHD__asn1_set_value (node_asn * node, const void *value, - unsigned int len); - -node_asn *MHD__asn1_set_name (node_asn * node, const char *name); - -node_asn *MHD__asn1_set_right (node_asn * node, node_asn * right); - -node_asn *MHD__asn1_set_down (node_asn * node, node_asn * down); - -void MHD__asn1_remove_node (node_asn * node); - -void MHD__asn1_delete_list (void); - -void MHD__asn1_delete_list_and_nodes (void); - -char *MHD__asn1_ltostr (long v, char *str); - -node_asn *MHD__asn1_find_up (node_asn * node); - -MHD__asn1_retCode MHD__asn1_change_integer_value (ASN1_TYPE node); - -MHD__asn1_retCode MHD__asn1_expand_object_id (ASN1_TYPE node); - -MHD__asn1_retCode MHD__asn1_check_identifier (ASN1_TYPE node); - - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/structure.c b/lib/libmicrohttpd/src/daemon/https/minitasn1/structure.c deleted file mode 100644 index fdaeea471b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/structure.c +++ /dev/null @@ -1,585 +0,0 @@ -/* - * Copyright (C) 2004, 2006, 2007 Free Software Foundation - * Copyright (C) 2002 Fabio Fiorina - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - - -/*****************************************************/ -/* File: structure.c */ -/* Description: Functions to create and delete an */ -/* ASN1 tree. */ -/*****************************************************/ - - -#include <int.h> -#include <structure.h> -#include "parser_aux.h" -#include <gstr.h> - - -extern char MHD__asn1_identifierMissing[]; - -static node_asn *MHD__asn1_copy_structure2 (node_asn * root, - const char *source_name); - - - -/******************************************************/ -/* Function : MHD__asn1_add_node_only */ -/* Description: creates a new NODE_ASN element. */ -/* Parameters: */ -/* type: type of the new element (see TYPE_ */ -/* and CONST_ constants). */ -/* Return: pointer to the new element. */ -/******************************************************/ -node_asn * -MHD__asn1_add_node_only (unsigned int type) -{ - node_asn *punt; - - punt = (node_asn *) MHD__asn1_calloc (1, sizeof (node_asn)); - if (punt == NULL) - return NULL; - - punt->type = type; - - return punt; -} - - -/******************************************************************/ -/* Function : MHD__asn1_find_left */ -/* Description: returns the NODE_ASN element with RIGHT field that*/ -/* points the element NODE. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: NULL if not found. */ -/******************************************************************/ -node_asn * -MHD__asn1_find_left (node_asn * node) -{ - if ((node == NULL) || (node->left == NULL) || (node->left->down == node)) - return NULL; - - return node->left; -} - - - -/** - * MHD__asn1_array2tree - Creates the structures needed to manage the ASN1 definitions. - * @array: specify the array that contains ASN.1 declarations - * @definitions: return the pointer to the structure created by - * *ARRAY ASN.1 declarations - * @errorDescription: return the error description. - * - * Creates the structures needed to manage the ASN.1 definitions. - * @array is a vector created by MHD__asn1_parser2array(). - * - * Returns: - * - * ASN1_SUCCESS: Structure created correctly. - * - * ASN1_ELEMENT_NOT_EMPTY: *@definitions not ASN1_TYPE_EMPTY. - * - * ASN1_IDENTIFIER_NOT_FOUND: In the file there is an identifier that - * is not defined (see @errorDescription for more information). - * - * ASN1_ARRAY_ERROR: The array pointed by @array is wrong. - **/ -MHD__asn1_retCode -MHD__asn1_array2tree (const ASN1_ARRAY_TYPE * array, ASN1_TYPE * definitions, - char *errorDescription) -{ - node_asn *p, *p_last = NULL; - unsigned long k; - int move; - MHD__asn1_retCode result; - - - if (*definitions != ASN1_TYPE_EMPTY) - return ASN1_ELEMENT_NOT_EMPTY; - - move = UP; - - k = 0; - while (array[k].value || array[k].type || array[k].name) - { - p = MHD__asn1_add_node (array[k].type & (~CONST_DOWN)); - if (array[k].name) - MHD__asn1_set_name (p, array[k].name); - if (array[k].value) - MHD__asn1_set_value (p, array[k].value, strlen (array[k].value) + 1); - - if (*definitions == NULL) - *definitions = p; - - if (move == DOWN) - MHD__asn1_set_down (p_last, p); - else if (move == RIGHT) - MHD__asn1_set_right (p_last, p); - - p_last = p; - - if (array[k].type & CONST_DOWN) - move = DOWN; - else if (array[k].type & CONST_RIGHT) - move = RIGHT; - else - { - while (1) - { - if (p_last == *definitions) - break; - - p_last = MHD__asn1_find_up (p_last); - - if (p_last == NULL) - break; - - if (p_last->type & CONST_RIGHT) - { - p_last->type &= ~CONST_RIGHT; - move = RIGHT; - break; - } - } /* while */ - } - k++; - } /* while */ - - if (p_last == *definitions) - { - result = MHD__asn1_check_identifier (*definitions); - if (result == ASN1_SUCCESS) - { - MHD__asn1_change_integer_value (*definitions); - MHD__asn1_expand_object_id (*definitions); - } - } - else - { - result = ASN1_ARRAY_ERROR; - } - - if (errorDescription != NULL) - { - if (result == ASN1_IDENTIFIER_NOT_FOUND) - { - Estrcpy (errorDescription, ":: identifier '"); - Estrcat (errorDescription, MHD__asn1_identifierMissing); - Estrcat (errorDescription, "' not found"); - } - else - errorDescription[0] = 0; - } - - if (result != ASN1_SUCCESS) - { - MHD__asn1_delete_list_and_nodes (); - *definitions = ASN1_TYPE_EMPTY; - } - else - MHD__asn1_delete_list (); - - return result; -} - -/** - * MHD__asn1_delete_structure - Deletes the structure pointed by *ROOT. - * @structure: pointer to the structure that you want to delete. - * - * Deletes the structure *@structure. At the end, *@structure is set - * to ASN1_TYPE_EMPTY. - * - * Returns: - * - * ASN1_SUCCESS: Everything OK. - * - * ASN1_ELEMENT_NOT_FOUND: *@structure was ASN1_TYPE_EMPTY. - * - **/ -MHD__asn1_retCode -MHD__asn1_delete_structure (ASN1_TYPE * structure) -{ - node_asn *p, *p2, *p3; - - if (*structure == ASN1_TYPE_EMPTY) - return ASN1_ELEMENT_NOT_FOUND; - - p = *structure; - while (p) - { - if (p->down) - { - p = p->down; - } - else - { /* no down */ - p2 = p->right; - if (p != *structure) - { - p3 = MHD__asn1_find_up (p); - MHD__asn1_set_down (p3, p2); - MHD__asn1_remove_node (p); - p = p3; - } - else - { /* p==root */ - p3 = MHD__asn1_find_left (p); - if (!p3) - { - p3 = MHD__asn1_find_up (p); - if (p3) - MHD__asn1_set_down (p3, p2); - else - { - if (p->right) - p->right->left = NULL; - } - } - else - MHD__asn1_set_right (p3, p2); - MHD__asn1_remove_node (p); - p = NULL; - } - } - } - - *structure = ASN1_TYPE_EMPTY; - return ASN1_SUCCESS; -} - -node_asn * -MHD__asn1_copy_structure3 (node_asn * source_node) -{ - node_asn *dest_node, *p_s, *p_d, *p_d_prev; - int move; - - if (source_node == NULL) - return NULL; - - dest_node = MHD__asn1_add_node_only (source_node->type); - - p_s = source_node; - p_d = dest_node; - - move = DOWN; - - do - { - if (move != UP) - { - if (p_s->name) - MHD__asn1_set_name (p_d, p_s->name); - if (p_s->value) - MHD__asn1_set_value (p_d, p_s->value, p_s->value_len); - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p_s->down) - { - p_s = p_s->down; - p_d_prev = p_d; - p_d = MHD__asn1_add_node_only (p_s->type); - MHD__asn1_set_down (p_d_prev, p_d); - } - else - move = RIGHT; - } - - if (p_s == source_node) - break; - - if (move == RIGHT) - { - if (p_s->right) - { - p_s = p_s->right; - p_d_prev = p_d; - p_d = MHD__asn1_add_node_only (p_s->type); - MHD__asn1_set_right (p_d_prev, p_d); - } - else - move = UP; - } - if (move == UP) - { - p_s = MHD__asn1_find_up (p_s); - p_d = MHD__asn1_find_up (p_d); - } - } - while (p_s != source_node); - - return dest_node; -} - - -static node_asn * -MHD__asn1_copy_structure2 (node_asn * root, const char *source_name) -{ - node_asn *source_node; - - source_node = MHD__asn1_find_node (root, source_name); - - return MHD__asn1_copy_structure3 (source_node); - -} - - -static MHD__asn1_retCode -MHD__asn1_type_choice_config (node_asn * node) -{ - node_asn *p, *p2, *p3, *p4; - int move, tlen; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if ((type_field (p->type) == TYPE_CHOICE) && (p->type & CONST_TAG)) - { - p2 = p->down; - while (p2) - { - if (type_field (p2->type) != TYPE_TAG) - { - p2->type |= CONST_TAG; - p3 = MHD__asn1_find_left (p2); - while (p3) - { - if (type_field (p3->type) == TYPE_TAG) - { - p4 = MHD__asn1_add_node_only (p3->type); - tlen = strlen ((const char *) p3->value); - if (tlen > 0) - MHD__asn1_set_value (p4, p3->value, tlen + 1); - MHD__asn1_set_right (p4, p2->down); - MHD__asn1_set_down (p2, p4); - } - p3 = MHD__asn1_find_left (p3); - } - } - p2 = p2->right; - } - p->type &= ~(CONST_TAG); - p2 = p->down; - while (p2) - { - p3 = p2->right; - if (type_field (p2->type) == TYPE_TAG) - MHD__asn1_delete_structure (&p2); - p2 = p3; - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - - -static MHD__asn1_retCode -MHD__asn1_expand_identifier (node_asn ** node, node_asn * root) -{ - node_asn *p, *p2, *p3; - char name2[MAX_NAME_SIZE + 2]; - int move; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = *node; - move = DOWN; - - while (!((p == *node) && (move == UP))) - { - if (move != UP) - { - if (type_field (p->type) == TYPE_IDENTIFIER) - { - MHD__asn1_str_cpy (name2, sizeof (name2), root->name); - MHD__asn1_str_cat (name2, sizeof (name2), "."); - MHD__asn1_str_cat (name2, sizeof (name2), - (const char *) p->value); - p2 = MHD__asn1_copy_structure2 (root, name2); - if (p2 == NULL) - { - return ASN1_IDENTIFIER_NOT_FOUND; - } - MHD__asn1_set_name (p2, p->name); - p2->right = p->right; - p2->left = p->left; - if (p->right) - p->right->left = p2; - p3 = p->down; - if (p3) - { - while (p3->right) - p3 = p3->right; - MHD__asn1_set_right (p3, p2->down); - MHD__asn1_set_down (p2, p->down); - } - - p3 = MHD__asn1_find_left (p); - if (p3) - MHD__asn1_set_right (p3, p2); - else - { - p3 = MHD__asn1_find_up (p); - if (p3) - MHD__asn1_set_down (p3, p2); - else - { - p2->left = NULL; - } - } - - if (p->type & CONST_SIZE) - p2->type |= CONST_SIZE; - if (p->type & CONST_TAG) - p2->type |= CONST_TAG; - if (p->type & CONST_OPTION) - p2->type |= CONST_OPTION; - if (p->type & CONST_DEFAULT) - p2->type |= CONST_DEFAULT; - if (p->type & CONST_SET) - p2->type |= CONST_SET; - if (p->type & CONST_NOT_USED) - p2->type |= CONST_NOT_USED; - - if (p == *node) - *node = p2; - MHD__asn1_remove_node (p); - p = p2; - move = DOWN; - continue; - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == *node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = MHD__asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - - -/** - * MHD__asn1_create_element - Creates a structure of type SOURCE_NAME. - * @definitions: pointer to the structure returned by "parser_asn1" function - * @source_name: the name of the type of the new structure (must be - * inside p_structure). - * @element: pointer to the structure created. - * - * Creates a structure of type @source_name. Example using - * "pkix.asn": - * - * rc = MHD__asn1_create_structure(cert_def, "PKIX1.Certificate", - * certptr); - * - * Returns: - * - * ASN1_SUCCESS: Creation OK. - * - * ASN1_ELEMENT_NOT_FOUND: SOURCE_NAME isn't known - **/ -MHD__asn1_retCode -MHD__asn1_create_element (ASN1_TYPE definitions, const char *source_name, - ASN1_TYPE * element) -{ - node_asn *dest_node; - int res; - - dest_node = MHD__asn1_copy_structure2 (definitions, source_name); - - if (dest_node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - MHD__asn1_set_name (dest_node, ""); - - res = MHD__asn1_expand_identifier (&dest_node, definitions); - MHD__asn1_type_choice_config (dest_node); - - *element = dest_node; - - return res; -} diff --git a/lib/libmicrohttpd/src/daemon/https/minitasn1/structure.h b/lib/libmicrohttpd/src/daemon/https/minitasn1/structure.h deleted file mode 100644 index c447fc925b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/minitasn1/structure.h +++ /dev/null @@ -1,18 +0,0 @@ - -/*************************************************/ -/* File: structure.h */ -/* Description: list of exported object by */ -/* "structure.c" */ -/*************************************************/ - -#ifndef _STRUCTURE_H -#define _STRUCTURE_H - -node_asn *MHD__asn1_copy_structure3 (node_asn * source_node); - - -node_asn *MHD__asn1_add_node_only (unsigned int type); - -node_asn *MHD__asn1_find_left (node_asn * node); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/Makefile.am b/lib/libmicrohttpd/src/daemon/https/tls/Makefile.am deleted file mode 100644 index d6bb83074e..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/Makefile.am +++ /dev/null @@ -1,100 +0,0 @@ -AM_CPPFLAGS = \ --I$(top_srcdir)/src/include \ --I$(top_srcdir)/src/daemon/ \ --I$(top_srcdir)/src/daemon/https \ --I$(top_srcdir)/src/daemon/https/tls \ --I$(top_srcdir)/src/daemon/https/lgl \ --I$(top_srcdir)/src/daemon/https/minitasn1 \ --I$(top_srcdir)/src/daemon/https/x509 \ - @LIBGCRYPT_CFLAGS@ - -if USE_COVERAGE - AM_CFLAGS = -fprofile-arcs -ftest-coverage -endif - -noinst_LTLIBRARIES = libtls.la - -libtls_la_SOURCES = \ -auth_cert.c \ -auth_dhe.c \ -auth_dh_common.c \ -auth_rsa.c \ -auth_rsa_export.c \ -debug.c \ -defines.h \ -ext_cert_type.c \ -ext_max_record.c \ -ext_server_name.c \ -gnutls_alert.c \ -gnutls_algorithms.c \ -gnutls_asn1_tab.c \ -gnutls_auth.c \ -gnutls_buffers.c \ -gnutls_cert.c \ -gnutls_cipher.c \ -gnutls_cipher_int.c \ -gnutls_constate.c \ -gnutls_datum.c \ -gnutls_dh.c \ -gnutls_dh_primes.c \ -gnutls_errors.c \ -gnutls_extensions.c \ -gnutls_global.c \ -gnutls_handshake.c \ -gnutls_hash_int.c \ -gnutls_kx.c \ -gnutls_mem.c \ -gnutls_mpi.c \ -gnutls_num.c \ -gnutls_pk.c \ -gnutls_priority.c \ -gnutls_record.c \ -gnutls_rsa_export.c \ -gnutls_sig.c \ -gnutls_state.c \ -gnutls_str.c \ -gnutls_supplemental.c \ -gnutls_ui.c \ -gnutls_x509.c \ -pkix_asn1_tab.c \ -x509_b64.c \ -auth_cert.h \ -auth_dh_common.h \ -debug.h \ -defines.h \ -ext_cert_type.h \ -ext_max_record.h \ -ext_server_name.h \ -gnutls_algorithms.h \ -gnutls_auth.h \ -gnutls_auth_int.h \ -gnutls_buffers.h \ -gnutls_cert.h \ -gnutls_cipher.h \ -gnutls_cipher_int.h \ -gnutls_constate.h \ -gnutls_datum.h \ -gnutls_dh.h \ -gnutls_errors.h \ -gnutls_extensions.h \ -gnutls_global.h \ -gnutls_handshake.h \ -gnutls_hash_int.h \ -gnutls_int.h \ -gnutls_kx.h \ -gnutls_mem.h \ -gnutls_mpi.h \ -gnutls_num.h \ -gnutls_pk.h \ -gnutls_record.h \ -gnutls_rsa_export.h \ -gnutls_sig.h \ -gnutls_state.h \ -gnutls_str.h \ -gnutls_supplemental.h \ -gnutls_x509.h \ -x509_b64.h \ -memmem.c \ -str-two-way.h -libtls_la_LIBADD = @LIBGCRYPT_LIBS@ - diff --git a/lib/libmicrohttpd/src/daemon/https/tls/Makefile.in b/lib/libmicrohttpd/src/daemon/https/tls/Makefile.in deleted file mode 100644 index 23c09ff54d..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/Makefile.in +++ /dev/null @@ -1,635 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/daemon/https/tls -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libcurl.m4 \ - $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/MHD_config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libtls_la_DEPENDENCIES = -am_libtls_la_OBJECTS = auth_cert.lo auth_dhe.lo auth_dh_common.lo \ - auth_rsa.lo auth_rsa_export.lo debug.lo ext_cert_type.lo \ - ext_max_record.lo ext_server_name.lo gnutls_alert.lo \ - gnutls_algorithms.lo gnutls_asn1_tab.lo gnutls_auth.lo \ - gnutls_buffers.lo gnutls_cert.lo gnutls_cipher.lo \ - gnutls_cipher_int.lo gnutls_constate.lo gnutls_datum.lo \ - gnutls_dh.lo gnutls_dh_primes.lo gnutls_errors.lo \ - gnutls_extensions.lo gnutls_global.lo gnutls_handshake.lo \ - gnutls_hash_int.lo gnutls_kx.lo gnutls_mem.lo gnutls_mpi.lo \ - gnutls_num.lo gnutls_pk.lo gnutls_priority.lo gnutls_record.lo \ - gnutls_rsa_export.lo gnutls_sig.lo gnutls_state.lo \ - gnutls_str.lo gnutls_supplemental.lo gnutls_ui.lo \ - gnutls_x509.lo pkix_asn1_tab.lo x509_b64.lo memmem.lo -libtls_la_OBJECTS = $(am_libtls_la_OBJECTS) -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libtls_la_SOURCES) -DIST_SOURCES = $(libtls_la_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -EXT_LIBS = @EXT_LIBS@ -EXT_LIB_PATH = @EXT_LIB_PATH@ -FGREP = @FGREP@ -GREP = @GREP@ -HAVE_SOCAT = @HAVE_SOCAT@ -HAVE_ZZUF = @HAVE_ZZUF@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCURL = @LIBCURL@ -LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_VERSION_AGE = @LIB_VERSION_AGE@ -LIB_VERSION_CURRENT = @LIB_VERSION_CURRENT@ -LIB_VERSION_REVISION = @LIB_VERSION_REVISION@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MHD_LIBDEPS = @MHD_LIBDEPS@ -MHD_LIB_LDFLAGS = @MHD_LIB_LDFLAGS@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREAD_CPPFLAGS = @PTHREAD_CPPFLAGS@ -PTHREAD_LDFLAGS = @PTHREAD_LDFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -_libcurl_config = @_libcurl_config@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = \ --I$(top_srcdir)/src/include \ --I$(top_srcdir)/src/daemon/ \ --I$(top_srcdir)/src/daemon/https \ --I$(top_srcdir)/src/daemon/https/tls \ --I$(top_srcdir)/src/daemon/https/lgl \ --I$(top_srcdir)/src/daemon/https/minitasn1 \ --I$(top_srcdir)/src/daemon/https/x509 \ - @LIBGCRYPT_CFLAGS@ - -@USE_COVERAGE_TRUE@AM_CFLAGS = -fprofile-arcs -ftest-coverage -noinst_LTLIBRARIES = libtls.la -libtls_la_SOURCES = \ -auth_cert.c \ -auth_dhe.c \ -auth_dh_common.c \ -auth_rsa.c \ -auth_rsa_export.c \ -debug.c \ -defines.h \ -ext_cert_type.c \ -ext_max_record.c \ -ext_server_name.c \ -gnutls_alert.c \ -gnutls_algorithms.c \ -gnutls_asn1_tab.c \ -gnutls_auth.c \ -gnutls_buffers.c \ -gnutls_cert.c \ -gnutls_cipher.c \ -gnutls_cipher_int.c \ -gnutls_constate.c \ -gnutls_datum.c \ -gnutls_dh.c \ -gnutls_dh_primes.c \ -gnutls_errors.c \ -gnutls_extensions.c \ -gnutls_global.c \ -gnutls_handshake.c \ -gnutls_hash_int.c \ -gnutls_kx.c \ -gnutls_mem.c \ -gnutls_mpi.c \ -gnutls_num.c \ -gnutls_pk.c \ -gnutls_priority.c \ -gnutls_record.c \ -gnutls_rsa_export.c \ -gnutls_sig.c \ -gnutls_state.c \ -gnutls_str.c \ -gnutls_supplemental.c \ -gnutls_ui.c \ -gnutls_x509.c \ -pkix_asn1_tab.c \ -x509_b64.c \ -auth_cert.h \ -auth_dh_common.h \ -debug.h \ -defines.h \ -ext_cert_type.h \ -ext_max_record.h \ -ext_server_name.h \ -gnutls_algorithms.h \ -gnutls_auth.h \ -gnutls_auth_int.h \ -gnutls_buffers.h \ -gnutls_cert.h \ -gnutls_cipher.h \ -gnutls_cipher_int.h \ -gnutls_constate.h \ -gnutls_datum.h \ -gnutls_dh.h \ -gnutls_errors.h \ -gnutls_extensions.h \ -gnutls_global.h \ -gnutls_handshake.h \ -gnutls_hash_int.h \ -gnutls_int.h \ -gnutls_kx.h \ -gnutls_mem.h \ -gnutls_mpi.h \ -gnutls_num.h \ -gnutls_pk.h \ -gnutls_record.h \ -gnutls_rsa_export.h \ -gnutls_sig.h \ -gnutls_state.h \ -gnutls_str.h \ -gnutls_supplemental.h \ -gnutls_x509.h \ -x509_b64.h \ -memmem.c \ -str-two-way.h - -libtls_la_LIBADD = @LIBGCRYPT_LIBS@ -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/daemon/https/tls/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/daemon/https/tls/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libtls.la: $(libtls_la_OBJECTS) $(libtls_la_DEPENDENCIES) - $(LINK) $(libtls_la_OBJECTS) $(libtls_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cert.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_dh_common.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_dhe.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_rsa.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_rsa_export.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/debug.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_cert_type.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_max_record.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_server_name.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_alert.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_algorithms.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_asn1_tab.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_auth.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_buffers.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_cert.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_cipher.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_cipher_int.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_constate.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_datum.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_dh.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_dh_primes.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_errors.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_extensions.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_global.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_handshake.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_hash_int.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_kx.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_mem.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_mpi.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_num.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_pk.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_priority.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_record.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_rsa_export.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_sig.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_state.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_str.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_supplemental.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_ui.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_x509.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/memmem.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkix_asn1_tab.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_b64.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_cert.c b/lib/libmicrohttpd/src/daemon/https/tls/auth_cert.c deleted file mode 100644 index f4a784b5e3..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_cert.c +++ /dev/null @@ -1,1329 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* The certificate authentication functions which are needed in the handshake, - * and are common to RSA and DHE key exchange, are in this file. - */ - -#include <gnutls_int.h> -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include <gnutls_cert.h> -#include <auth_cert.h> -#include "gnutls_dh.h" -#include "gnutls_num.h" -#include "libtasn1.h" -#include "gnutls_datum.h" -#include <gnutls_pk.h> -#include <gnutls_algorithms.h> -#include <gnutls_global.h> -#include <gnutls_record.h> -#include <gnutls_sig.h> -#include <gnutls_state.h> -#include <gnutls_pk.h> -#include <gnutls_x509.h> -#include "debug.h" - -static MHD_gnutls_cert *alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * - certs, unsigned); -static MHD_gnutls_privkey *alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t - key); - - -/* Copies data from a internal certificate struct (MHD_gnutls_cert) to - * exported certificate struct (cert_auth_info_t) - */ -static int -MHD__gnutls_copy_certificate_auth_info (cert_auth_info_t info, - MHD_gnutls_cert * cert, int ncerts) -{ - /* Copy peer's information to auth_info_t - */ - int ret, i, j; - - if (ncerts == 0) - { - info->raw_certificate_list = NULL; - info->ncerts = 0; - return 0; - } - - info->raw_certificate_list = - MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * ncerts); - if (info->raw_certificate_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - for (i = 0; i < ncerts; i++) - { - if (cert->raw.size > 0) - { - ret = - MHD__gnutls_set_datum (&info->raw_certificate_list[i], - cert[i].raw.data, cert[i].raw.size); - if (ret < 0) - { - MHD_gnutls_assert (); - goto clear; - } - } - } - info->ncerts = ncerts; - - return 0; - -clear: - - for (j = 0; j < i; j++) - MHD__gnutls_free_datum (&info->raw_certificate_list[j]); - - MHD_gnutls_free (info->raw_certificate_list); - info->raw_certificate_list = NULL; - - return ret; -} - - - - -/* returns 0 if the algo_to-check exists in the pk_algos list, - * -1 otherwise. - */ -inline static int -MHD__gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm - *pk_algos, int pk_algos_length, - enum MHD_GNUTLS_PublicKeyAlgorithm - algo_to_check) -{ - int i; - for (i = 0; i < pk_algos_length; i++) - { - if (algo_to_check == pk_algos[i]) - { - return 0; - } - } - return -1; -} - - -/* Returns the issuer's Distinguished name in odn, of the certificate - * specified in cert. - */ -static int -MHD__gnutls_cert_get_issuer_dn (MHD_gnutls_cert * cert, - MHD_gnutls_datum_t * odn) -{ - ASN1_TYPE dn; - int len, result; - int start, end; - - if ((result = MHD__asn1_create_element - (MHD__gnutls_get_pkix (), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - result = MHD__asn1_der_decoding (&dn, cert->raw.data, cert->raw.size, NULL); - if (result != ASN1_SUCCESS) - { - /* couldn't decode DER */ - MHD_gnutls_assert (); - MHD__asn1_delete_structure (&dn); - return MHD_gtls_asn2err (result); - } - - result = - MHD__asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size, - "tbsCertificate.issuer", &start, &end); - - if (result != ASN1_SUCCESS) - { - /* couldn't decode DER */ - MHD_gnutls_assert (); - MHD__asn1_delete_structure (&dn); - return MHD_gtls_asn2err (result); - } - MHD__asn1_delete_structure (&dn); - - len = end - start + 1; - - odn->size = len; - odn->data = &cert->raw.data[start]; - - return 0; -} - - -/* Locates the most appropriate x509 certificate using the - * given DN. If indx == -1 then no certificate was found. - * - * That is to guess which certificate to use, based on the - * CAs and sign algorithms supported by the peer server. - */ -static int -_find_x509_cert (const MHD_gtls_cert_credentials_t cred, - opaque * _data, size_t _data_size, - const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, - int pk_algos_length, int *indx) -{ - unsigned size; - MHD_gnutls_datum_t odn; - opaque *data = _data; - ssize_t data_size = _data_size; - unsigned i, j; - int result, cert_pk; - - *indx = -1; - odn.size = 0; - odn.data = NULL; - do - { - - DECR_LENGTH_RET (data_size, 2, 0); - size = MHD_gtls_read_uint16 (data); - DECR_LENGTH_RET (data_size, size, 0); - data += 2; - - for (i = 0; i < cred->ncerts; i++) - { - for (j = 0; j < cred->cert_list_length[i]; j++) - { - if ((result = - MHD__gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], - &odn)) != 0) - { - MHD_gnutls_assert (); - return result; - } - - if (odn.size != size) - continue; - - /* If the DN matches and - * the *_SIGN algorithm matches - * the cert is our cert! - */ - cert_pk = cred->cert_list[i][0].subject_pk_algorithm; - - if ((memcmp (odn.data, data, size) == 0) && - (MHD__gnutls_check_pk_algo_in_list - (pk_algos, pk_algos_length, cert_pk) == 0)) - { - *indx = i; - break; - } - } - if (*indx != -1) - break; - } - - if (*indx != -1) - break; - - /* move to next record */ - data += size; - - } - while (1); - - return 0; - -} - -/* Returns the number of issuers in the server's - * certificate request packet. - */ -static int -get_issuers_num (MHD_gtls_session_t session, opaque * data, ssize_t data_size) -{ - int issuers_dn_len = 0, result; - unsigned size; - - /* Count the number of the given issuers; - * This is used to allocate the issuers_dn without - * using realloc(). - */ - - if (data_size == 0 || data == NULL) - return 0; - - if (data_size > 0) - do - { - /* This works like DECR_LEN() - */ - result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - DECR_LENGTH_COM (data_size, 2, goto error); - size = MHD_gtls_read_uint16 (data); - - result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - DECR_LENGTH_COM (data_size, size, goto error); - - data += 2; - - if (size > 0) - { - issuers_dn_len++; - data += size; - } - - if (data_size == 0) - break; - - } - while (1); - - return issuers_dn_len; - -error: - return result; -} - -/* Returns the issuers in the server's certificate request - * packet. - */ -static int -get_issuers (MHD_gtls_session_t session, - MHD_gnutls_datum_t * issuers_dn, int issuers_len, - opaque * data, size_t data_size) -{ - int i; - unsigned size; - - if (MHD_gnutls_certificate_type_get (session) != MHD_GNUTLS_CRT_X509) - return 0; - - /* put the requested DNs to req_dn, only in case - * of X509 certificates. - */ - if (issuers_len > 0) - { - - for (i = 0; i < issuers_len; i++) - { - /* The checks here for the buffer boundaries - * are not needed since the buffer has been - * parsed above. - */ - data_size -= 2; - - size = MHD_gtls_read_uint16 (data); - - data += 2; - - issuers_dn[i].data = data; - issuers_dn[i].size = size; - - data += size; - } - } - - return 0; -} - -/* Calls the client get callback. - */ -static int -call_get_cert_callback (MHD_gtls_session_t session, - MHD_gnutls_datum_t * issuers_dn, - int issuers_dn_length, - enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, - int pk_algos_length) -{ - unsigned i; - MHD_gnutls_cert *local_certs = NULL; - MHD_gnutls_privkey *local_key = NULL; - MHD_gnutls_retr_st st; - int ret; - enum MHD_GNUTLS_CertificateType type = - MHD_gnutls_certificate_type_get (session); - MHD_gtls_cert_credentials_t cred; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - memset (&st, 0, sizeof (st)); - - if (session->security_parameters.entity == GNUTLS_SERVER) - { - ret = cred->server_get_cert_callback (session, &st); - } - else - { /* CLIENT */ - ret = - cred->client_get_cert_callback (session, - issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length, &st); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (st.ncerts == 0) - return 0; /* no certificate was selected */ - - if (type != st.type) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } - - if (type == MHD_GNUTLS_CRT_X509) - { - local_certs = alloc_and_load_x509_certs (st.cert.x509, st.ncerts); - if (local_certs != NULL) - local_key = alloc_and_load_x509_key (st.key.x509); - - } - else - { /* PGP */ - MHD_gnutls_assert (); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } - - MHD_gtls_selected_certs_set (session, local_certs, - (local_certs != NULL) ? st.ncerts : 0, - local_key, 1); - - ret = 0; - -cleanup: - - if (st.type == MHD_GNUTLS_CRT_X509) - { - if (st.deinit_all) - { - for (i = 0; i < st.ncerts; i++) - { - MHD_gnutls_x509_crt_deinit (st.cert.x509[i]); - } - MHD_gnutls_free (st.cert.x509); - MHD_gnutls_x509_privkey_deinit (st.key.x509); - } - } - return ret; -} - -/* Finds the appropriate certificate depending on the cA Distinguished name - * advertized by the server. If none matches then returns 0 and -1 as index. - * In case of an error a negative value, is returned. - * - * 20020128: added ability to select a certificate depending on the SIGN - * algorithm (only in automatic mode). - */ -static int -_select_client_cert (MHD_gtls_session_t session, - opaque * _data, size_t _data_size, - enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos, - int pk_algos_length) -{ - int result; - int indx = -1; - MHD_gtls_cert_credentials_t cred; - opaque *data = _data; - ssize_t data_size = _data_size; - int issuers_dn_length; - MHD_gnutls_datum_t *issuers_dn = NULL; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - if (cred->client_get_cert_callback != NULL) - { - - /* use a callback to get certificate - */ - if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509) - issuers_dn_length = 0; - else - { - issuers_dn_length = get_issuers_num (session, data, data_size); - if (issuers_dn_length < 0) - { - MHD_gnutls_assert (); - return issuers_dn_length; - } - - if (issuers_dn_length > 0) - { - issuers_dn = - MHD_gnutls_malloc (sizeof (MHD_gnutls_datum_t) * - issuers_dn_length); - if (issuers_dn == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - result = - get_issuers (session, issuers_dn, issuers_dn_length, - data, data_size); - if (result < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - } - } - - result = - call_get_cert_callback (session, issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length); - goto cleanup; - - } - else - { - /* If we have no callbacks, try to guess. - */ - result = 0; - - if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509) - result = - _find_x509_cert (cred, _data, _data_size, - pk_algos, pk_algos_length, &indx); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - if (indx >= 0) - { - MHD_gtls_selected_certs_set (session, - &cred->cert_list[indx][0], - cred->cert_list_length[indx], - &cred->pkey[indx], 0); - } - else - { - MHD_gtls_selected_certs_set (session, NULL, 0, NULL, 0); - } - - result = 0; - } - -cleanup: - MHD_gnutls_free (issuers_dn); - return result; - -} - -/* Generate client certificate - */ -static int -MHD_gtls_gen_x509_crt (MHD_gtls_session_t session, opaque ** data) -{ - int ret, i; - opaque *pdata; - MHD_gnutls_cert *apr_cert_list; - MHD_gnutls_privkey *apr_pkey; - int apr_cert_list_length; - - /* find the appropriate certificate - */ - if ((ret = - MHD_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = 3; - for (i = 0; i < apr_cert_list_length; i++) - { - ret += apr_cert_list[i].raw.size + 3; - /* hold size - * for uint24 */ - } - - /* if no certificates were found then send: - * 0B 00 00 03 00 00 00 // Certificate with no certs - * instead of: - * 0B 00 00 00 // empty certificate handshake - * - * ( the above is the whole handshake message, not - * the one produced here ) - */ - - (*data) = MHD_gnutls_malloc (ret); - pdata = (*data); - - if (pdata == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - MHD_gtls_write_uint24 (ret - 3, pdata); - pdata += 3; - for (i = 0; i < apr_cert_list_length; i++) - { - MHD_gtls_write_datum24 (pdata, apr_cert_list[i].raw); - pdata += (3 + apr_cert_list[i].raw.size); - } - - return ret; -} - -int -MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t session, - opaque ** data) -{ - switch (session->security_parameters.cert_type) - { - case MHD_GNUTLS_CRT_X509: - return MHD_gtls_gen_x509_crt (session, data); - - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -} - -int -MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session, - opaque ** data) -{ - switch (session->security_parameters.cert_type) - { - case MHD_GNUTLS_CRT_X509: - return MHD_gtls_gen_x509_crt (session, data); - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -} - -/* Process server certificate - */ - -#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) -static int -MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session, - opaque * data, size_t data_size) -{ - int size, len, ret; - opaque *p = data; - cert_auth_info_t info; - MHD_gtls_cert_credentials_t cred; - ssize_t dsize = data_size; - int i, j, x; - MHD_gnutls_cert *peer_certificate_list; - int peer_certificate_list_size = 0; - MHD_gnutls_datum_t tmp; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - - if ((ret = - MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 1)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - info = MHD_gtls_get_auth_info (session); - - if (data == NULL || data_size == 0) - { - MHD_gnutls_assert (); - /* no certificate was sent */ - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - DECR_LEN (dsize, 3); - size = MHD_gtls_read_uint24 (p); - p += 3; - - /* some implementations send 0B 00 00 06 00 00 03 00 00 00 - * instead of just 0B 00 00 03 00 00 00 as an empty certificate message. - */ - if (size == 0 || size == 3) - { - MHD_gnutls_assert (); - /* no certificate was sent */ - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - i = dsize; - while (i > 0) - { - DECR_LEN (dsize, 3); - len = MHD_gtls_read_uint24 (p); - p += 3; - DECR_LEN (dsize, len); - peer_certificate_list_size++; - p += len; - i -= len + 3; - } - - if (peer_certificate_list_size == 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - /* Ok we now allocate the memory to hold the - * certificate list - */ - - peer_certificate_list = - MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * - (peer_certificate_list_size)); - - if (peer_certificate_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - memset (peer_certificate_list, 0, sizeof (MHD_gnutls_cert) * - peer_certificate_list_size); - - p = data + 3; - - /* Now we start parsing the list (again). - * We don't use DECR_LEN since the list has - * been parsed before. - */ - - for (j = 0; j < peer_certificate_list_size; j++) - { - len = MHD_gtls_read_uint24 (p); - p += 3; - - tmp.size = len; - tmp.data = p; - - if ((ret = - MHD_gtls_x509_raw_cert_to_gcert (&peer_certificate_list - [j], &tmp, - CERT_ONLY_EXTENSIONS)) < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - - p += len; - } - - - if ((ret = - MHD__gnutls_copy_certificate_auth_info (info, - peer_certificate_list, - peer_certificate_list_size)) < - 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - - if ((ret = - MHD__gnutls_check_key_usage (&peer_certificate_list[0], - MHD_gnutls_kx_get (session))) < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - - ret = 0; - -cleanup: - CLEAR_CERTS; - MHD_gnutls_free (peer_certificate_list); - return ret; - -} - -#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) - -int -MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t session, - opaque * data, size_t data_size) -{ - switch (session->security_parameters.cert_type) - { - case MHD_GNUTLS_CRT_X509: - return MHD_gtls_proc_x509_server_certificate (session, data, data_size); - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -} - -#define MAX_SIGN_ALGOS 2 -typedef enum CertificateSigType -{ RSA_SIGN = 1, DSA_SIGN -} CertificateSigType; - -/* Checks if we support the given signature algorithm - * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm - * if true; - */ -inline static int -MHD__gnutls_check_supported_sign_algo (CertificateSigType algo) -{ - switch (algo) - { - case RSA_SIGN: - return MHD_GNUTLS_PK_RSA; - default: - return -1; - } -} - -int -MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t session, opaque * data, - size_t data_size) -{ - int size, ret; - opaque *p; - MHD_gtls_cert_credentials_t cred; - ssize_t dsize; - int i, j; - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algos[MAX_SIGN_ALGOS]; - int pk_algos_length; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - if ((ret = - MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - p = data; - dsize = data_size; - - DECR_LEN (dsize, 1); - size = p[0]; - p++; - /* check if the sign algorithm is supported. - */ - pk_algos_length = j = 0; - for (i = 0; i < size; i++, p++) - { - DECR_LEN (dsize, 1); - if ((ret = MHD__gnutls_check_supported_sign_algo (*p)) > 0) - { - if (j < MAX_SIGN_ALGOS) - { - pk_algos[j++] = ret; - pk_algos_length++; - } - } - } - - if (pk_algos_length == 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_PK_ALGORITHM; - } - - if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) - { - /* read supported hashes */ - int hash_num; - DECR_LEN (dsize, 1); - - hash_num = p[0] & 0xFF; - p++; - - DECR_LEN (dsize, hash_num); - p += hash_num; - } - - /* read the certificate authorities */ - DECR_LEN (dsize, 2); - size = MHD_gtls_read_uint16 (p); - p += 2; - - DECR_LEN (dsize, size); - - /* now we ask the user to tell which one - * he wants to use. - */ - if ((ret = - _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* We should reply with a certificate message, - * even if we have no certificate to send. - */ - session->key->certificate_requested = 1; - - return 0; -} - -int -MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t session, - opaque ** data) -{ - int ret; - MHD_gnutls_cert *apr_cert_list; - MHD_gnutls_privkey *apr_pkey; - int apr_cert_list_length, size; - MHD_gnutls_datum_t signature; - - *data = NULL; - - /* find the appropriate certificate */ - if ((ret = - MHD_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (apr_cert_list_length > 0) - { - if ((ret = - MHD_gtls_tls_sign_hdata (session, - &apr_cert_list[0], - apr_pkey, &signature)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - else - { - return 0; - } - - *data = MHD_gnutls_malloc (signature.size + 2); - if (*data == NULL) - { - MHD__gnutls_free_datum (&signature); - return GNUTLS_E_MEMORY_ERROR; - } - size = signature.size; - MHD_gtls_write_uint16 (size, *data); - - memcpy (&(*data)[2], signature.data, size); - - MHD__gnutls_free_datum (&signature); - - return size + 2; -} - -int -MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t session, - opaque * data, size_t data_size) -{ - int size, ret; - ssize_t dsize = data_size; - opaque *pdata = data; - MHD_gnutls_datum_t sig; - cert_auth_info_t info = MHD_gtls_get_auth_info (session); - MHD_gnutls_cert peer_cert; - - if (info == NULL || info->ncerts == 0) - { - MHD_gnutls_assert (); - /* we need this in order to get peer's certificate */ - return GNUTLS_E_INTERNAL_ERROR; - } - - DECR_LEN (dsize, 2); - size = MHD_gtls_read_uint16 (pdata); - pdata += 2; - - DECR_LEN (dsize, size); - - sig.data = pdata; - sig.size = size; - - ret = MHD_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if ((ret = MHD_gtls_verify_sig_hdata (session, &peer_cert, &sig)) < 0) - { - MHD_gnutls_assert (); - MHD_gtls_gcert_deinit (&peer_cert); - return ret; - } - MHD_gtls_gcert_deinit (&peer_cert); - - return 0; -} - -#define CERTTYPE_SIZE 3 -int -MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t session, opaque ** data) -{ - MHD_gtls_cert_credentials_t cred; - int size; - opaque *pdata; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - /* Now we need to generate the RDN sequence. This is - * already in the CERTIFICATE_CRED structure, to improve - * performance. - */ - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - size = CERTTYPE_SIZE + 2; /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq - */ - - if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && - session->internals.ignore_rdn_sequence == 0) - size += cred->x509_rdn_sequence.size; - - if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) - /* Need at least one byte to announce the number of supported hash - functions (see below). */ - size += 1; - - (*data) = MHD_gnutls_malloc (size); - pdata = (*data); - - if (pdata == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - pdata[0] = CERTTYPE_SIZE - 1; - - pdata[1] = RSA_SIGN; - pdata[2] = DSA_SIGN; /* only these for now */ - pdata += CERTTYPE_SIZE; - - if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2) - { - /* Supported hashes (nothing for now -- FIXME). */ - *pdata = 0; - pdata++; - } - - if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 && - session->internals.ignore_rdn_sequence == 0) - { - MHD_gtls_write_datum16 (pdata, cred->x509_rdn_sequence); - /* pdata += cred->x509_rdn_sequence.size + 2; */ - } - else - { - MHD_gtls_write_uint16 (0, pdata); - /* pdata+=2; */ - } - - return size; -} - - -/* This function will return the appropriate certificate to use. - * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. - * The return value is a negative value on error. - * - * It is normal to return 0 with no certificates in client side. - * - */ -int -MHD_gtls_get_selected_cert (MHD_gtls_session_t session, - MHD_gnutls_cert ** apr_cert_list, - int *apr_cert_list_length, - MHD_gnutls_privkey ** apr_pkey) -{ - if (session->security_parameters.entity == GNUTLS_SERVER) - { - - /* select_client_cert() has been called before. - */ - - *apr_cert_list = session->internals.selected_cert_list; - *apr_pkey = session->internals.selected_key; - *apr_cert_list_length = session->internals.selected_cert_list_length; - - if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - } - else - { /* CLIENT SIDE - */ - - /* we have already decided which certificate - * to send. - */ - *apr_cert_list = session->internals.selected_cert_list; - *apr_cert_list_length = session->internals.selected_cert_list_length; - *apr_pkey = session->internals.selected_key; - - } - - return 0; -} - -/* converts the given x509 certificate to MHD_gnutls_cert* and allocates - * space for them. - */ -static MHD_gnutls_cert * -alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * certs, unsigned ncerts) -{ - MHD_gnutls_cert *local_certs; - int ret = 0; - unsigned i, j; - - if (certs == NULL) - return NULL; - - local_certs = MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * ncerts); - if (local_certs == NULL) - { - MHD_gnutls_assert (); - return NULL; - } - - for (i = 0; i < ncerts; i++) - { - ret = MHD_gtls_x509_crt_to_gcert (&local_certs[i], certs[i], 0); - if (ret < 0) - break; - } - - if (ret < 0) - { - MHD_gnutls_assert (); - for (j = 0; j < i; j++) - { - MHD_gtls_gcert_deinit (&local_certs[j]); - } - MHD_gnutls_free (local_certs); - return NULL; - } - - return local_certs; -} - -/* converts the given x509 key to MHD_gnutls_privkey* and allocates - * space for it. - */ -static MHD_gnutls_privkey * -alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t key) -{ - MHD_gnutls_privkey *local_key; - int ret = 0; - - if (key == NULL) - return NULL; - - local_key = MHD_gnutls_malloc (sizeof (MHD_gnutls_privkey)); - if (local_key == NULL) - { - MHD_gnutls_assert (); - return NULL; - } - - ret = MHD__gnutls_x509_privkey_to_gkey (local_key, key); - if (ret < 0) - { - MHD_gnutls_assert (); - return NULL; - } - - return local_key; -} - -void -MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session) -{ - if (session->internals.selected_need_free != 0) - { - int i; - - for (i = 0; i < session->internals.selected_cert_list_length; i++) - { - MHD_gtls_gcert_deinit (&session->internals.selected_cert_list[i]); - } - MHD_gnutls_free (session->internals.selected_cert_list); - session->internals.selected_cert_list = NULL; - session->internals.selected_cert_list_length = 0; - - MHD_gtls_gkey_deinit (session->internals.selected_key); - if (session->internals.selected_key) - { - MHD_gnutls_free (session->internals.selected_key); - session->internals.selected_key = NULL; - } - } - - return; -} - -void -MHD_gtls_selected_certs_set (MHD_gtls_session_t session, - MHD_gnutls_cert * certs, int ncerts, - MHD_gnutls_privkey * key, int need_free) -{ - MHD_gtls_selected_certs_deinit (session); - - session->internals.selected_cert_list = certs; - session->internals.selected_cert_list_length = ncerts; - session->internals.selected_key = key; - session->internals.selected_need_free = need_free; - -} - - -/* finds the most appropriate certificate in the cert list. - * The 'appropriate' is defined by the user. - * - * requested_algo holds the parameters required by the peer (RSA, DSA - * or -1 for any). - * - * Returns 0 on success and a negative value on error. The - * selected certificate will be in session->internals.selected_*. - * - */ -int -MHD_gtls_server_select_cert (MHD_gtls_session_t session, - enum MHD_GNUTLS_PublicKeyAlgorithm - requested_algo) -{ - unsigned i; - int idx, ret; - MHD_gtls_cert_credentials_t cred; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - /* If the callback which retrieves certificate has been set, - * use it and leave. - */ - if (cred->server_get_cert_callback != NULL) - return call_get_cert_callback (session, NULL, 0, NULL, 0); - - /* Otherwise... */ - - ret = 0; - idx = -1; /* default is use no certificate */ - - - for (i = 0; i < cred->ncerts; i++) - { - /* find one compatible certificate - */ - if (requested_algo == GNUTLS_PK_ANY || - requested_algo == cred->cert_list[i][0].subject_pk_algorithm) - { - /* if cert type matches - */ - if (session->security_parameters.cert_type == - cred->cert_list[i][0].cert_type) - { - idx = i; - break; - } - } - } - - /* store the certificate pointer for future use, in the handshake. - * (This will allow not calling this callback again.) - */ - if (idx >= 0 && ret == 0) - { - MHD_gtls_selected_certs_set (session, - &cred->cert_list[idx][0], - cred->cert_list_length[idx], - &cred->pkey[idx], 0); - } - else - /* Certificate does not support REQUESTED_ALGO. */ - ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS; - - return ret; -} - -/* Frees the MHD_gtls_rsa_info_st structure. - */ -void -MHD_gtls_free_rsa_info (rsa_info_st * rsa) -{ - MHD__gnutls_free_datum (&rsa->modulus); - MHD__gnutls_free_datum (&rsa->exponent); -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_cert.h b/lib/libmicrohttpd/src/daemon/https/tls/auth_cert.h deleted file mode 100644 index 395fdd29fc..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_cert.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef AUTH_CERT_H -#define AUTH_CERT_H - -#include "gnutls_cert.h" -#include "gnutls_auth.h" -#include "auth_dh_common.h" -#include "x509.h" - -/* This structure may be complex, but it's the only way to - * support a server that has multiple certificates - */ - -typedef struct MHD_gtls_certificate_credentials_st -{ - MHD_gtls_dh_params_t dh_params; - MHD_gtls_rsa_params_t rsa_params; - /* this callback is used to retrieve the DH or RSA - * parameters. - */ - MHD_gnutls_params_function *params_func; - - MHD_gnutls_cert **cert_list; - /* contains a list of a list of certificates. - * eg (X509): [0] certificate1, certificate11, certificate111 - * (if more than one, one certificate certifies the one before) - * [1] certificate2, certificate22, ... - */ - unsigned *cert_list_length; - /* contains the number of the certificates in a - * row (should be 1 for OpenPGP keys). - */ - unsigned ncerts; /* contains the number of columns in cert_list. - * This is the same with the number of pkeys. - */ - - MHD_gnutls_privkey *pkey; - /* private keys. It contains ncerts private - * keys. pkey[i] corresponds to certificate in - * cert_list[i][0]. - */ - - /* OpenPGP specific stuff */ - -#ifndef KEYRING_HACK - MHD_gnutls_openpgp_keyring_t keyring; -#else - MHD_gnutls_datum_t keyring; - int keyring_format; -#endif - - /* X509 specific stuff */ - - MHD_gnutls_x509_crt_t *x509_ca_list; - unsigned x509_ncas; /* number of CAs in the ca_list - */ - - MHD_gnutls_x509_crl_t *x509_crl_list; - unsigned x509_ncrls; /* number of CRLs in the crl_list - */ - - unsigned int verify_flags; /* flags to be used at - * certificate verification. - */ - unsigned int verify_depth; - unsigned int verify_bits; - - /* holds a sequence of the - * RDNs of the CAs above. - * This is better than - * generating on every handshake. - */ - MHD_gnutls_datum_t x509_rdn_sequence; - - MHD_gnutls_certificate_client_retrieve_function *client_get_cert_callback; - MHD_gnutls_certificate_server_retrieve_function *server_get_cert_callback; -} MHD_gtls_cert_credentials_st; - -typedef struct MHD_gtls_rsa_info_st -{ - MHD_gnutls_datum_t modulus; - MHD_gnutls_datum_t exponent; -} rsa_info_st; - -typedef struct MHD_gtls_cert_auth_info_st -{ - int certificate_requested; /* if the peer requested certificate - * this is non zero; - */ - - /* These (dh/rsa) are just copies from the credentials_t structure. - * They must be freed. - */ - MHD_gtls_dh_info_st dh; - rsa_info_st rsa_export; - - MHD_gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the - * peer. - */ - unsigned int ncerts; /* holds the size of the list above */ -} *cert_auth_info_t; - -typedef struct MHD_gtls_cert_auth_info_st cert_auth_info_st; - -void MHD_gtls_free_rsa_info (rsa_info_st * rsa); - -/* AUTH X509 functions */ -int MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t, opaque **); -int MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t, opaque **); -int MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t, opaque **); -int MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t, opaque **); -int MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t, opaque *, size_t); -int MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t, opaque *, - size_t); -int MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t, opaque *, - size_t); -int MHD_gtls_get_selected_cert (MHD_gtls_session_t session, - MHD_gnutls_cert ** apr_cert_list, - int *apr_cert_list_length, - MHD_gnutls_privkey ** apr_pkey); - -int MHD_gtls_server_select_cert (struct MHD_gtls_session_int *, - enum MHD_GNUTLS_PublicKeyAlgorithm); -void MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session); -void MHD_gtls_selected_certs_set (MHD_gtls_session_t session, - MHD_gnutls_cert * certs, int ncerts, - MHD_gnutls_privkey * key, int need_free); - -#define MHD__gnutls_proc_cert_client_certificate MHD_gtls_proc_cert_server_certificate - -MHD_gtls_rsa_params_t -MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params, - MHD_gnutls_params_function * func, - MHD_gtls_session_t); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_dh_common.c b/lib/libmicrohttpd/src/daemon/https/tls/auth_dh_common.c deleted file mode 100644 index 8fc6e3914a..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_dh_common.c +++ /dev/null @@ -1,327 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains common stuff in Ephemeral Diffie Hellman (DHE) and - * Anonymous DH key exchange(DHA). These are used in the handshake procedure - * of the certificate and anoymous authentication. - */ - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include "gnutls_dh.h" -#include "gnutls_num.h" -#include "gnutls_sig.h" -#include <gnutls_datum.h> -#include <gnutls_x509.h> -#include <gnutls_state.h> -#include <auth_dh_common.h> -#include <gnutls_algorithms.h> - -/* Frees the MHD_gtls_dh_info_st structure. - */ -void -MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh) -{ - dh->secret_bits = 0; - MHD__gnutls_free_datum (&dh->prime); - MHD__gnutls_free_datum (&dh->generator); - MHD__gnutls_free_datum (&dh->public_key); -} - -int -MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session, - opaque * data, size_t _data_size, - mpi_t g, mpi_t p) -{ - uint16_t n_Y; - size_t _n_Y; - int ret; - ssize_t data_size = _data_size; - - - DECR_LEN (data_size, 2); - n_Y = MHD_gtls_read_uint16 (&data[0]); - _n_Y = n_Y; - - DECR_LEN (data_size, n_Y); - if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y)) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - MHD_gtls_dh_set_peer_public (session, session->key->client_Y); - - session->key->KEY = - MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p); - - if (session->key->KEY == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD_gtls_mpi_release (&session->key->client_Y); - MHD_gtls_mpi_release (&session->key->dh_secret); - - ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY); - - MHD_gtls_mpi_release (&session->key->KEY); - - if (ret < 0) - { - return ret; - } - - return 0; -} - -int -MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data) -{ - mpi_t x = NULL, X = NULL; - size_t n_X; - int ret; - - *data = NULL; - - X = MHD_gtls_calc_dh_secret (&x, session->key->client_g, - session->key->client_p); - if (X == NULL || x == NULL) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x)); - - MHD_gtls_mpi_print (NULL, &n_X, X); - (*data) = MHD_gnutls_malloc (n_X + 2); - if (*data == NULL) - { - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - MHD_gtls_mpi_print (&(*data)[2], &n_X, X); - MHD_gtls_mpi_release (&X); - - MHD_gtls_write_uint16 (n_X, &(*data)[0]); - - /* calculate the key after calculating the message */ - session->key->KEY = - MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p); - - MHD_gtls_mpi_release (&x); - if (session->key->KEY == NULL) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - /* THESE SHOULD BE DISCARDED */ - MHD_gtls_mpi_release (&session->key->client_Y); - MHD_gtls_mpi_release (&session->key->client_p); - MHD_gtls_mpi_release (&session->key->client_g); - - ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY); - - MHD_gtls_mpi_release (&session->key->KEY); - - if (ret < 0) - { - MHD_gnutls_assert (); - goto error; - } - - return n_X + 2; - -error: - MHD_gtls_mpi_release (&x); - MHD_gtls_mpi_release (&X); - MHD_gnutls_free (*data); - *data = NULL; - return ret; -} - -int -MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session, - opaque * data, size_t _data_size, int psk) -{ - uint16_t n_Y, n_g, n_p; - size_t _n_Y, _n_g, _n_p; - uint8_t *data_p; - uint8_t *data_g; - uint8_t *data_Y; - int i, bits, psk_size, ret; - ssize_t data_size = _data_size; - - i = 0; - - if (psk != 0) - { - DECR_LEN (data_size, 2); - psk_size = MHD_gtls_read_uint16 (&data[i]); - DECR_LEN (data_size, psk_size); - i += 2 + psk_size; - } - - DECR_LEN (data_size, 2); - n_p = MHD_gtls_read_uint16 (&data[i]); - i += 2; - - DECR_LEN (data_size, n_p); - data_p = &data[i]; - i += n_p; - - DECR_LEN (data_size, 2); - n_g = MHD_gtls_read_uint16 (&data[i]); - i += 2; - - DECR_LEN (data_size, n_g); - data_g = &data[i]; - i += n_g; - - DECR_LEN (data_size, 2); - n_Y = MHD_gtls_read_uint16 (&data[i]); - i += 2; - - DECR_LEN (data_size, n_Y); - data_Y = &data[i]; - i += n_Y; - - _n_Y = n_Y; - _n_g = n_g; - _n_p = n_p; - - if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - bits = MHD_gtls_dh_get_allowed_prime_bits (session); - if (bits < 0) - { - MHD_gnutls_assert (); - return bits; - } - - if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits) - { - /* the prime used by the peer is not acceptable - */ - MHD_gnutls_assert (); - return GNUTLS_E_DH_PRIME_UNACCEPTABLE; - } - - MHD_gtls_dh_set_group (session, session->key->client_g, - session->key->client_p); - MHD_gtls_dh_set_peer_public (session, session->key->client_Y); - - ret = n_Y + n_p + n_g + 6; - if (psk != 0) - ret += 2; - - return ret; -} - -/* If the psk flag is set, then an empty psk_identity_hint will - * be inserted */ -int -MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session, - mpi_t g, mpi_t p, opaque ** data, int psk) -{ - mpi_t x, X; - size_t n_X, n_g, n_p; - int ret, data_size, pos; - uint8_t *pdata; - - X = MHD_gtls_calc_dh_secret (&x, g, p); - if (X == NULL || x == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - session->key->dh_secret = x; - MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x)); - - MHD_gtls_mpi_print (NULL, &n_g, g); - MHD_gtls_mpi_print (NULL, &n_p, p); - MHD_gtls_mpi_print (NULL, &n_X, X); - - data_size = n_g + n_p + n_X + 6; - if (psk != 0) - data_size += 2; - - (*data) = MHD_gnutls_malloc (data_size); - if (*data == NULL) - { - MHD_gtls_mpi_release (&X); - return GNUTLS_E_MEMORY_ERROR; - } - - pos = 0; - pdata = *data; - - if (psk != 0) - { - MHD_gtls_write_uint16 (0, &pdata[pos]); - pos += 2; - } - - MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p); - MHD_gtls_write_uint16 (n_p, &pdata[pos]); - - pos += n_p + 2; - - MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g); - MHD_gtls_write_uint16 (n_g, &pdata[pos]); - - pos += n_g + 2; - - MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X); - MHD_gtls_mpi_release (&X); - - MHD_gtls_write_uint16 (n_X, &pdata[pos]); - - ret = data_size; - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_dh_common.h b/lib/libmicrohttpd/src/daemon/https/tls/auth_dh_common.h deleted file mode 100644 index f09ce6dc4b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_dh_common.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef AUTH_DH_COMMON -# define AUTH_DH_COMMON - -typedef struct -{ - int secret_bits; - - MHD_gnutls_datum_t prime; - MHD_gnutls_datum_t generator; - MHD_gnutls_datum_t public_key; -} MHD_gtls_dh_info_st; - -void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh); -int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **); -int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session, - opaque * data, size_t _data_size, - mpi_t p, mpi_t g); -int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p, - opaque ** data, int psk); -int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session, - opaque * data, size_t _data_size, - int psk); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_dhe.c b/lib/libmicrohttpd/src/daemon/https/tls/auth_dhe.c deleted file mode 100644 index 38407f9dc2..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_dhe.c +++ /dev/null @@ -1,274 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains everything for the Ephemeral Diffie Hellman (DHE) - * key exchange. This is used in the handshake procedure of the certificate - * authentication. - */ - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include "gnutls_dh.h" -#include "gnutls_num.h" -#include "gnutls_sig.h" -#include <gnutls_datum.h> -#include <auth_cert.h> -#include <gnutls_x509.h> -#include <gnutls_state.h> -#include <auth_dh_common.h> - -static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **); -static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t); -static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t); - -const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = { - "DHE_RSA", - MHD_gtls_gen_cert_server_certificate, - MHD_gtls_gen_cert_client_certificate, - gen_dhe_server_kx, - MHD_gtls_gen_dh_common_client_kx, - MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - MHD_gtls_gen_cert_server_cert_req, /* server cert request */ - - MHD_gtls_proc_cert_server_certificate, - MHD__gnutls_proc_cert_client_certificate, - proc_dhe_server_kx, - proc_dhe_client_kx, - MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - MHD_gtls_proc_cert_cert_req /* proc server cert request */ -}; - -const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = { - "DHE_DSS", - MHD_gtls_gen_cert_server_certificate, - MHD_gtls_gen_cert_client_certificate, - gen_dhe_server_kx, - MHD_gtls_gen_dh_common_client_kx, - MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - MHD_gtls_gen_cert_server_cert_req, /* server cert request */ - - MHD_gtls_proc_cert_server_certificate, - MHD__gnutls_proc_cert_client_certificate, - proc_dhe_server_kx, - proc_dhe_client_kx, - MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - MHD_gtls_proc_cert_cert_req /* proc server cert request */ -}; - - -static int -gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data) -{ - mpi_t g, p; - const mpi_t *mpis; - int ret = 0, data_size; - MHD_gnutls_cert *apr_cert_list; - MHD_gnutls_privkey *apr_pkey; - int apr_cert_list_length; - MHD_gnutls_datum_t signature, ddata; - MHD_gtls_cert_credentials_t cred; - MHD_gtls_dh_params_t dh_params; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - /* find the appropriate certificate */ - if ((ret = - MHD_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - dh_params = - MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); - mpis = MHD_gtls_dh_params_to_mpi (dh_params); - if (mpis == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; - } - - p = mpis[0]; - g = mpis[1]; - - if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gtls_dh_set_group (session, g, p); - - ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - data_size = ret; - - /* Generate the signature. */ - - ddata.data = *data; - ddata.size = data_size; - - if (apr_cert_list_length > 0) - { - if ((ret = - MHD_gtls_tls_sign_params (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature)) < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (*data); - return ret; - } - } - else - { - MHD_gnutls_assert (); - return data_size; /* do not put a signature - ILLEGAL! */ - } - - *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2); - if (*data == NULL) - { - MHD__gnutls_free_datum (&signature); - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD_gtls_write_datum16 (&(*data)[data_size], signature); - data_size += signature.size + 2; - - MHD__gnutls_free_datum (&signature); - - return data_size; -} - -static int -proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data, - size_t _data_size) -{ - int sigsize; - MHD_gnutls_datum_t vparams, signature; - int ret; - cert_auth_info_t info = MHD_gtls_get_auth_info (session); - ssize_t data_size = _data_size; - MHD_gnutls_cert peer_cert; - - if (info == NULL || info->ncerts == 0) - { - MHD_gnutls_assert (); - /* we need this in order to get peer's certificate */ - return GNUTLS_E_INTERNAL_ERROR; - } - - ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* VERIFY SIGNATURE */ - - vparams.size = ret; - vparams.data = data; - - DECR_LEN (data_size, 2); - sigsize = MHD_gtls_read_uint16 (&data[vparams.size]); - - DECR_LEN (data_size, sigsize); - signature.data = &data[vparams.size + 2]; - signature.size = sigsize; - - if ((ret = - MHD_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = - MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); - - MHD_gtls_gcert_deinit (&peer_cert); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return ret; -} - - - -static int -proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data, - size_t _data_size) -{ - MHD_gtls_cert_credentials_t cred; - int ret; - mpi_t p, g; - const mpi_t *mpis; - MHD_gtls_dh_params_t dh_params; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - dh_params = - MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); - mpis = MHD_gtls_dh_params_to_mpi (dh_params); - if (mpis == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; - } - - p = mpis[0]; - g = mpis[1]; - - ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p); - - return ret; - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_rsa.c b/lib/libmicrohttpd/src/daemon/https/tls/auth_rsa.c deleted file mode 100644 index 9548a8f17b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_rsa.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains the RSA key exchange part of the certificate - * authentication. - */ - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include "gnutls_dh.h" -#include "gnutls_num.h" -#include "gnutls_datum.h" -#include "auth_cert.h" -#include <gnutls_pk.h> -#include <gnutls_algorithms.h> -#include <gnutls_global.h> -#include "debug.h" -#include <gnutls_sig.h> -#include <gnutls_x509.h> -#include <gc.h> - -int MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t, opaque **); -int MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t, opaque *, size_t); - -const MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct = { - "RSA", - MHD_gtls_gen_cert_server_certificate, - MHD_gtls_gen_cert_client_certificate, - NULL, /* gen server kx */ - MHD__gnutls_gen_rsa_client_kx, - MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - MHD_gtls_gen_cert_server_cert_req, /* server cert request */ - - MHD_gtls_proc_cert_server_certificate, - MHD__gnutls_proc_cert_client_certificate, - NULL, /* proc server kx */ - MHD__gnutls_proc_rsa_client_kx, /* proc client kx */ - MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - MHD_gtls_proc_cert_cert_req /* proc server cert request */ -}; - -/* This function reads the RSA parameters from peer's certificate; - */ -int -MHD__gnutls_get_public_rsa_params (MHD_gtls_session_t session, - mpi_t params[MAX_PUBLIC_PARAMS_SIZE], - int *params_len) -{ - int ret; - cert_auth_info_t info; - MHD_gnutls_cert peer_cert; - int i; - - /* normal non export case */ - - info = MHD_gtls_get_auth_info (session); - - if (info == NULL || info->ncerts == 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - ret = - MHD_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_ONLY_PUBKEY | CERT_NO_COPY); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - - /* EXPORT case: */ - if (MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite) - == MHD_GNUTLS_KX_RSA_EXPORT - && MHD__gnutls_mpi_get_nbits (peer_cert.params[0]) > 512) - { - - MHD_gtls_gcert_deinit (&peer_cert); - - if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (*params_len < 2) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - *params_len = 2; - for (i = 0; i < *params_len; i++) - { - params[i] = MHD__gnutls_mpi_copy (session->key->rsa[i]); - } - - return 0; - } - - /* end of export case */ - - if (*params_len < peer_cert.params_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - *params_len = peer_cert.params_size; - - for (i = 0; i < *params_len; i++) - { - params[i] = MHD__gnutls_mpi_copy (peer_cert.params[i]); - } - MHD_gtls_gcert_deinit (&peer_cert); - - return 0; -} - -/* This function reads the RSA parameters from the private key - */ -int -MHD__gnutls_get_private_rsa_params (MHD_gtls_session_t session, - mpi_t ** params, int *params_size) -{ - int bits; - MHD_gtls_cert_credentials_t cred; - MHD_gtls_rsa_params_t rsa_params; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - if (session->internals.selected_cert_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - bits = - MHD__gnutls_mpi_get_nbits (session->internals.selected_cert_list[0]. - params[0]); - - if (MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite) - == MHD_GNUTLS_KX_RSA_EXPORT && bits > 512) - { - - rsa_params = - MHD_gtls_certificate_get_rsa_params (cred->rsa_params, - cred->params_func, session); - /* EXPORT case: */ - if (rsa_params == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; - } - - /* In the export case, we do use temporary RSA params - * of 512 bits size. The params in the certificate are - * used to sign this temporary stuff. - */ - *params_size = RSA_PRIVATE_PARAMS; - *params = rsa_params->params; - - return 0; - } - - /* non export cipher suites. */ - - *params_size = session->internals.selected_key->params_size; - *params = session->internals.selected_key->params; - - return 0; -} - -int -MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t session, opaque * data, - size_t _data_size) -{ - MHD_gnutls_datum_t plaintext; - MHD_gnutls_datum_t ciphertext; - int ret, dsize; - mpi_t *params; - int params_len; - int randomize_key = 0; - ssize_t data_size = _data_size; - - if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) - { - /* SSL 3.0 - */ - ciphertext.data = data; - ciphertext.size = data_size; - } - else - { - /* TLS 1.0 - */ - DECR_LEN (data_size, 2); - ciphertext.data = &data[2]; - dsize = MHD_gtls_read_uint16 (data); - - if (dsize != data_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - ciphertext.size = dsize; - } - - ret = MHD__gnutls_get_private_rsa_params (session, ¶ms, ¶ms_len); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ - - if (ret < 0 || plaintext.size != TLS_MASTER_SIZE) - { - /* In case decryption fails then don't inform - * the peer. Just use a random key. (in order to avoid - * attack against pkcs-1 formating). - */ - MHD_gnutls_assert (); - MHD__gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n"); - randomize_key = 1; - } - else - { - /* If the secret was properly formatted, then - * check the version number. - */ - if (MHD__gnutls_get_adv_version_major (session) != plaintext.data[0] - || MHD__gnutls_get_adv_version_minor (session) != plaintext.data[1]) - { - /* No error is returned here, if the version number check - * fails. We proceed normally. - * That is to defend against the attack described in the paper - * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, - * Ondej Pokorny and Tomas Rosa. - */ - MHD_gnutls_assert (); - MHD__gnutls_x509_log - ("auth_rsa: Possible PKCS #1 version check format attack\n"); - } - } - - if (randomize_key != 0) - { - session->key->key.size = TLS_MASTER_SIZE; - session->key->key.data = MHD_gnutls_malloc (session->key->key.size); - if (session->key->key.data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - /* we do not need strong random numbers here. - */ - if (MHD_gc_nonce - ((char *) session->key->key.data, session->key->key.size) != GC_OK) - { - MHD_gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } - - } - else - { - session->key->key.data = plaintext.data; - session->key->key.size = plaintext.size; - } - - /* This is here to avoid the version check attack - * discussed above. - */ - session->key->key.data[0] = MHD__gnutls_get_adv_version_major (session); - session->key->key.data[1] = MHD__gnutls_get_adv_version_minor (session); - - return 0; -} - - - -/* return RSA(random) using the peers public key - */ -int -MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t session, opaque ** data) -{ - cert_auth_info_t auth; - MHD_gnutls_datum_t sdata; /* data to send */ - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_len = MAX_PUBLIC_PARAMS_SIZE; - int ret, i; - enum MHD_GNUTLS_Protocol ver; - - if (session->key == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - auth = session->key->auth_info; - if (auth == NULL) - { - /* this shouldn't have happened. The proc_certificate - * function should have detected that. - */ - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - session->key->key.size = TLS_MASTER_SIZE; - session->key->key.data = MHD_gnutls_secure_malloc (session->key->key.size); - - if (session->key->key.data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - if (MHD_gc_pseudo_random ((char *) session->key->key.data, - session->key->key.size) != GC_OK) - { - MHD_gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } - - ver = MHD_gtls_get_adv_version (session); - - if (session->internals.rsa_pms_version[0] == 0) - { - session->key->key.data[0] = MHD_gtls_version_get_major (ver); - session->key->key.data[1] = MHD_gtls_version_get_minor (ver); - } - else - { /* use the version provided */ - session->key->key.data[0] = session->internals.rsa_pms_version[0]; - session->key->key.data[1] = session->internals.rsa_pms_version[1]; - } - - /* move RSA parameters to key (session). - */ - if ((ret = - MHD__gnutls_get_public_rsa_params (session, params, ¶ms_len)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if ((ret = - MHD_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key, - params, params_len, 2)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - for (i = 0; i < params_len; i++) - MHD_gtls_mpi_release (¶ms[i]); - - if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) - { - /* SSL 3.0 */ - *data = sdata.data; - return sdata.size; - } - else - { /* TLS 1 */ - *data = MHD_gnutls_malloc (sdata.size + 2); - if (*data == NULL) - { - MHD__gnutls_free_datum (&sdata); - return GNUTLS_E_MEMORY_ERROR; - } - MHD_gtls_write_datum16 (*data, sdata); - ret = sdata.size + 2; - MHD__gnutls_free_datum (&sdata); - return ret; - } - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/auth_rsa_export.c b/lib/libmicrohttpd/src/daemon/https/tls/auth_rsa_export.c deleted file mode 100644 index 575a2b72e1..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/auth_rsa_export.c +++ /dev/null @@ -1,323 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains the RSA key exchange part of the certificate - * authentication. - */ - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include "gnutls_dh.h" -#include "gnutls_num.h" -#include "gnutls_datum.h" -#include "auth_cert.h" -#include <gnutls_pk.h> -#include <gnutls_algorithms.h> -#include <gnutls_global.h> -#include "debug.h" -#include <gnutls_sig.h> -#include <gnutls_x509.h> -#include <gnutls_rsa_export.h> -#include <gnutls_state.h> - -int MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t, opaque **); -int MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t, opaque *, size_t); -static int gen_rsa_export_server_kx (MHD_gtls_session_t, opaque **); -static int proc_rsa_export_server_kx (MHD_gtls_session_t, opaque *, size_t); - -const MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct = { - "RSA EXPORT", - MHD_gtls_gen_cert_server_certificate, - MHD_gtls_gen_cert_client_certificate, - gen_rsa_export_server_kx, - MHD__gnutls_gen_rsa_client_kx, - MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - MHD_gtls_gen_cert_server_cert_req, /* server cert request */ - - MHD_gtls_proc_cert_server_certificate, - MHD__gnutls_proc_cert_client_certificate, - proc_rsa_export_server_kx, - MHD__gnutls_proc_rsa_client_kx, /* proc client kx */ - MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - MHD_gtls_proc_cert_cert_req /* proc server cert request */ -}; - -static int -gen_rsa_export_server_kx (MHD_gtls_session_t session, opaque ** data) -{ - MHD_gtls_rsa_params_t rsa_params; - const mpi_t *rsa_mpis; - size_t n_e, n_m; - uint8_t *data_e, *data_m; - int ret = 0, data_size; - MHD_gnutls_cert *apr_cert_list; - MHD_gnutls_privkey *apr_pkey; - int apr_cert_list_length; - MHD_gnutls_datum_t signature, ddata; - MHD_gtls_cert_credentials_t cred; - - cred = (MHD_gtls_cert_credentials_t) - MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); - if (cred == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - /* find the appropriate certificate */ - if ((ret = - MHD_gtls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* abort sending this message if we have a certificate - * of 512 bits or less. - */ - if (apr_pkey && MHD__gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512) - { - MHD_gnutls_assert (); - return GNUTLS_E_INT_RET_0; - } - - rsa_params = - MHD_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, - session); - rsa_mpis = MHD__gnutls_rsa_params_to_mpi (rsa_params); - if (rsa_mpis == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; - } - - if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gtls_rsa_export_set_pubkey (session, rsa_mpis[1], rsa_mpis[0]); - - MHD_gtls_mpi_print (NULL, &n_m, rsa_mpis[0]); - MHD_gtls_mpi_print (NULL, &n_e, rsa_mpis[1]); - - (*data) = MHD_gnutls_malloc (n_e + n_m + 4); - if (*data == NULL) - { - return GNUTLS_E_MEMORY_ERROR; - } - - data_m = &(*data)[0]; - MHD_gtls_mpi_print (&data_m[2], &n_m, rsa_mpis[0]); - - MHD_gtls_write_uint16 (n_m, data_m); - - data_e = &data_m[2 + n_m]; - MHD_gtls_mpi_print (&data_e[2], &n_e, rsa_mpis[1]); - - MHD_gtls_write_uint16 (n_e, data_e); - - data_size = n_m + n_e + 4; - - - /* Generate the signature. */ - - ddata.data = *data; - ddata.size = data_size; - - if (apr_cert_list_length > 0) - { - if ((ret = - MHD_gtls_tls_sign_params (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature)) < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (*data); - *data = NULL; - return ret; - } - } - else - { - MHD_gnutls_assert (); - return data_size; /* do not put a signature - ILLEGAL! */ - } - - *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2); - if (*data == NULL) - { - MHD__gnutls_free_datum (&signature); - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD_gtls_write_datum16 (&((*data)[data_size]), signature); - data_size += signature.size + 2; - - MHD__gnutls_free_datum (&signature); - - return data_size; -} - -/* if the peer's certificate is of 512 bits or less, returns non zero. - */ -int -MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session) -{ - MHD_gnutls_cert peer_cert; - int ret; - cert_auth_info_t info = MHD_gtls_get_auth_info (session); - - if (info == NULL || info->ncerts == 0) - { - MHD_gnutls_assert (); - /* we need this in order to get peer's certificate */ - return 0; - } - - if ((ret = - MHD_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY)) < 0) - { - MHD_gnutls_assert (); - return 0; - } - - if (peer_cert.subject_pk_algorithm != MHD_GNUTLS_PK_RSA) - { - MHD_gnutls_assert (); - MHD_gtls_gcert_deinit (&peer_cert); - return 0; - } - - if (MHD__gnutls_mpi_get_nbits (peer_cert.params[0]) <= 512) - { - MHD_gtls_gcert_deinit (&peer_cert); - return 1; - } - - MHD_gtls_gcert_deinit (&peer_cert); - - return 0; -} - -static int -proc_rsa_export_server_kx (MHD_gtls_session_t session, - opaque * data, size_t _data_size) -{ - uint16_t n_m, n_e; - size_t _n_m, _n_e; - uint8_t *data_m; - uint8_t *data_e; - int i, sigsize; - MHD_gnutls_datum_t vparams, signature; - int ret; - ssize_t data_size = _data_size; - cert_auth_info_t info; - MHD_gnutls_cert peer_cert; - - info = MHD_gtls_get_auth_info (session); - if (info == NULL || info->ncerts == 0) - { - MHD_gnutls_assert (); - /* we need this in order to get peer's certificate */ - return GNUTLS_E_INTERNAL_ERROR; - } - - - i = 0; - - DECR_LEN (data_size, 2); - n_m = MHD_gtls_read_uint16 (&data[i]); - i += 2; - - DECR_LEN (data_size, n_m); - data_m = &data[i]; - i += n_m; - - DECR_LEN (data_size, 2); - n_e = MHD_gtls_read_uint16 (&data[i]); - i += 2; - - DECR_LEN (data_size, n_e); - data_e = &data[i]; - i += n_e; - - _n_e = n_e; - _n_m = n_m; - - if (MHD_gtls_mpi_scan_nz (&session->key->rsa[0], data_m, &_n_m) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - if (MHD_gtls_mpi_scan_nz (&session->key->rsa[1], data_e, &_n_e) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - MHD_gtls_rsa_export_set_pubkey (session, session->key->rsa[1], - session->key->rsa[0]); - - /* VERIFY SIGNATURE */ - - vparams.size = n_m + n_e + 4; - vparams.data = data; - - DECR_LEN (data_size, 2); - sigsize = MHD_gtls_read_uint16 (&data[vparams.size]); - - DECR_LEN (data_size, sigsize); - signature.data = &data[vparams.size + 2]; - signature.size = sigsize; - - if ((ret = - MHD_gtls_raw_cert_to_gcert (&peer_cert, - session->security_parameters.cert_type, - &info->raw_certificate_list[0], - CERT_NO_COPY)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = - MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); - - MHD_gtls_gcert_deinit (&peer_cert); - if (ret < 0) - { - MHD_gnutls_assert (); - } - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/debug.c b/lib/libmicrohttpd/src/daemon/https/tls/debug.c deleted file mode 100644 index e7e41d0bdb..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/debug.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include <stdio.h> -#include <stdlib.h> -#include <gcrypt.h> - -const char * -MHD__gnutls_packet2str (content_type_t packet) -{ - switch (packet) - { - case GNUTLS_CHANGE_CIPHER_SPEC: - return "Change Cipher Spec"; - case GNUTLS_ALERT: - return "Alert"; - case GNUTLS_HANDSHAKE: - return "Handshake"; - case GNUTLS_APPLICATION_DATA: - return "Application Data"; - case GNUTLS_INNER_APPLICATION: - return "Inner Application"; - - default: - return "Unknown Packet"; - } -} - -const char * -MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake) -{ - - switch (handshake) - { - case GNUTLS_HANDSHAKE_HELLO_REQUEST: - return "HELLO REQUEST"; - break; - case GNUTLS_HANDSHAKE_CLIENT_HELLO: - return "CLIENT HELLO"; - break; - case GNUTLS_HANDSHAKE_SERVER_HELLO: - return "SERVER HELLO"; - break; - case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: - return "CERTIFICATE"; - break; - case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: - return "SERVER KEY EXCHANGE"; - break; - case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: - return "CERTIFICATE REQUEST"; - break; - case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: - return "SERVER HELLO DONE"; - break; - case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: - return "CERTIFICATE VERIFY"; - break; - case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: - return "CLIENT KEY EXCHANGE"; - break; - case GNUTLS_HANDSHAKE_FINISHED: - return "FINISHED"; - break; - case GNUTLS_HANDSHAKE_SUPPLEMENTAL: - return "SUPPLEMENTAL"; - break; - default: - return "Unknown Handshake packet"; - - } -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/debug.h b/lib/libmicrohttpd/src/daemon/https/tls/debug.h deleted file mode 100644 index ba1f100609..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/debug.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -const char *MHD__gnutls_packet2str (content_type_t packet); -const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t - handshake); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/defines.h b/lib/libmicrohttpd/src/daemon/https/tls/defines.h deleted file mode 100644 index 9a63636058..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/defines.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef DEFINES_H -# define DEFINES_H - -#ifdef HAVE_CONFIG_H -# include "MHD_config.h" -#endif - -#include <stddef.h> -#include <string.h> -#include <stdlib.h> -#include <stdio.h> -#include <ctype.h> -#include <limits.h> -#include <stdint.h> - -#ifdef NO_SSIZE_T -# define HAVE_SSIZE_T -typedef int ssize_t; -#endif - -#include <sys/types.h> -#include <unistd.h> -#include <sys/stat.h> -#ifndef MINGW -#include <sys/socket.h> -#endif -#include <time.h> - -/* TODO check if these should go into config.h */ -#define SIZEOF_UNSIGNED_INT 4 -#define SIZEOF_UNSIGNED_LONG 8 -#define SIZEOF_UNSIGNED_LONG_INT SIZEOF_UNSIGNED_LONG - -/* some systems had problems with long long int, thus, - * it is not used. - */ -typedef struct -{ - unsigned char i[8]; -} uint64; - -#endif /* defines_h */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/ext_cert_type.c b/lib/libmicrohttpd/src/daemon/https/tls/ext_cert_type.c deleted file mode 100644 index 1e7966f454..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/ext_cert_type.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains the code the Certificate Type TLS extension. - * This extension is currently gnutls specific. - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include "gnutls_num.h" -#include "ext_cert_type.h" -#include "gnutls_state.h" -#include "gnutls_num.h" - -inline static int MHD__gnutls_num2cert_type (int num); -inline static int MHD__gnutls_cert_type2num (int record_size); - -/* - * In case of a server: if a CERT_TYPE extension type is received then it stores - * into the session security parameters the new value. The server may use MHD_gnutls_session_certificate_type_get(), - * to access it. - * - * In case of a client: If a cert_types have been specified then we send the extension. - * - */ - -int -MHD_gtls_cert_type_recv_params (MHD_gtls_session_t session, - const opaque * data, size_t _data_size) -{ - int new_type = -1, ret, i; - ssize_t data_size = _data_size; - -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - if (data_size > 0) - { - if (data_size != 1) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - new_type = MHD__gnutls_num2cert_type (data[0]); - - if (new_type < 0) - { - MHD_gnutls_assert (); - return new_type; - } - - /* Check if we support this cert_type */ - if ((ret = - MHD_gtls_session_cert_type_supported (session, new_type)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD__gnutls_session_cert_type_set (session, new_type); - } - } - else -#endif - - { /* SERVER SIDE - we must check if the sent cert type is the right one - */ - if (data_size > 1) - { - uint8_t len; - - len = data[0]; - DECR_LEN (data_size, len); - - for (i = 0; i < len; i++) - { - new_type = MHD__gnutls_num2cert_type (data[i + 1]); - - if (new_type < 0) - continue; - - /* Check if we support this cert_type */ - if ((ret = - MHD_gtls_session_cert_type_supported (session, - new_type)) < 0) - { - MHD_gnutls_assert (); - continue; - } - else - break; - /* new_type is ok */ - } - - if (new_type < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - - if ((ret = - MHD_gtls_session_cert_type_supported (session, new_type)) < 0) - { - MHD_gnutls_assert (); - /* The peer has requested unsupported certificate - * types. Instead of failing, procceed normally. - * (the ciphersuite selection would fail, or a - * non certificate ciphersuite will be selected). - */ - return 0; - } - - MHD__gnutls_session_cert_type_set (session, new_type); - } - - - } - - return 0; -} - -/* returns data_size or a negative number on failure - */ -int -MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data, - size_t data_size) -{ - unsigned int len; - - /* this function sends the client extension data (dnsname) */ -#if MHD_DEBUG_TLS - unsigned int i; - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - - if (session->internals.priorities.cert_type.num_algorithms > 0) - { - - len = session->internals.priorities.cert_type.num_algorithms; - - if (len == 1 && - session->internals.priorities.cert_type.priority[0] == - MHD_GNUTLS_CRT_X509) - { - /* We don't use this extension if X.509 certificates - * are used. - */ - return 0; - } - - if (data_size < len + 1) - { - MHD_gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - /* this is a vector! - */ - data[0] = (uint8_t) len; - - for (i = 0; i < len; i++) - { - data[i + 1] = - MHD__gnutls_cert_type2num (session->internals. - priorities.cert_type.priority[i]); - } - return len + 1; - } - - } - else -#endif - { /* server side */ - if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE) - { - len = 1; - if (data_size < len) - { - MHD_gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = - MHD__gnutls_cert_type2num (session-> - security_parameters.cert_type); - return len; - } - - - } - - return 0; -} - -/* Maps numbers to record sizes according to the - * extensions draft. - */ -inline static int -MHD__gnutls_num2cert_type (int num) -{ - switch (num) - { - case 0: - return MHD_GNUTLS_CRT_X509; - default: - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } -} - -/* Maps record size to numbers according to the - * extensions draft. - */ -inline static int -MHD__gnutls_cert_type2num (int cert_type) -{ - switch (cert_type) - { - case MHD_GNUTLS_CRT_X509: - return 0; - default: - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/ext_cert_type.h b/lib/libmicrohttpd/src/daemon/https/tls/ext_cert_type.h deleted file mode 100644 index f80f7ba8f5..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/ext_cert_type.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Maps record size to numbers according to the - * extensions draft. - */ -int MHD_gtls_cert_type_recv_params (MHD_gtls_session_t session, - const opaque * data, size_t data_size); -int MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data, - size_t); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/ext_max_record.c b/lib/libmicrohttpd/src/daemon/https/tls/ext_max_record.c deleted file mode 100644 index 421a1739a3..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/ext_max_record.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright (C) 2001, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains the code for the Max Record Size TLS extension. - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include "gnutls_num.h" -#include <ext_max_record.h> - -/* - * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores - * into the session the new value. The server may use MHD_gnutls_get_max_record_size(), - * in order to access it. - * - * In case of a client: If a different max record size (than the default) has - * been specified then it sends the extension. - * - */ - -int -MHD_gtls_max_record_recv_params (MHD_gtls_session_t session, - const opaque * data, size_t _data_size) -{ - ssize_t new_size; - ssize_t data_size = _data_size; - - if (session->security_parameters.entity == GNUTLS_SERVER) - { - if (data_size > 0) - { - DECR_LEN (data_size, 1); - - new_size = MHD_gtls_mre_num2record (data[0]); - - if (new_size < 0) - { - MHD_gnutls_assert (); - return new_size; - } - - session->security_parameters.max_record_send_size = new_size; - session->security_parameters.max_record_recv_size = new_size; - } - } - else - { /* CLIENT SIDE - we must check if the sent record size is the right one - */ - if (data_size > 0) - { - - if (data_size != 1) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - new_size = MHD_gtls_mre_num2record (data[0]); - - if (new_size < 0 - || new_size != session->internals.proposed_record_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - else - { - session->security_parameters.max_record_recv_size = - session->internals.proposed_record_size; - } - - } - - - } - - return 0; -} - -/* returns data_size or a negative number on failure - */ -int -MHD_gtls_max_record_send_params (MHD_gtls_session_t session, opaque * data, - size_t data_size) -{ - uint16_t len; - /* this function sends the client extension data (dnsname) */ -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - - if (session->internals.proposed_record_size != DEFAULT_MAX_RECORD_SIZE) - { - len = 1; - if (data_size < len) - { - MHD_gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = - (uint8_t) MHD_gtls_mre_record2num (session->internals. - proposed_record_size); - return len; - } - - } - else -#endif - { /* server side */ - - if (session->security_parameters.max_record_recv_size != - DEFAULT_MAX_RECORD_SIZE) - { - len = 1; - if (data_size < len) - { - MHD_gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = - (uint8_t) - MHD_gtls_mre_record2num - (session->security_parameters.max_record_recv_size); - return len; - } - - - } - - return 0; -} - -/* Maps numbers to record sizes according to the - * extensions draft. - */ -int -MHD_gtls_mre_num2record (int num) -{ - switch (num) - { - case 1: - return 512; - case 2: - return 1024; - case 3: - return 2048; - case 4: - return 4096; - default: - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } -} - -/* Maps record size to numbers according to the - * extensions draft. - */ -int -MHD_gtls_mre_record2num (uint16_t record_size) -{ - switch (record_size) - { - case 512: - return 1; - case 1024: - return 2; - case 2048: - return 3; - case 4096: - return 4; - default: - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/ext_max_record.h b/lib/libmicrohttpd/src/daemon/https/tls/ext_max_record.h deleted file mode 100644 index 1468625308..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/ext_max_record.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Maps record size to numbers according to the - * extensions draft. - */ -int MHD_gtls_mre_num2record (int num); -int MHD_gtls_mre_record2num (uint16_t record_size); -int MHD_gtls_max_record_recv_params (MHD_gtls_session_t session, - const opaque * data, size_t data_size); -int MHD_gtls_max_record_send_params (MHD_gtls_session_t session, - opaque * data, size_t); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/ext_server_name.c b/lib/libmicrohttpd/src/daemon/https/tls/ext_server_name.c deleted file mode 100644 index 911bd5302d..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/ext_server_name.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include "gnutls_num.h" -#include <ext_server_name.h> - -/* - * In case of a server: if a NAME_DNS extension type is received then it stores - * into the session the value of NAME_DNS. The server may use MHD_gnutls_ext_get_server_name(), - * in order to access it. - * - * In case of a client: If a proper NAME_DNS extension type is found in the session then - * it sends the extension to the peer. - * - */ - -int -MHD_gtls_server_name_recv_params (MHD_gtls_session_t session, - const opaque * data, size_t _data_size) -{ - int i; - const unsigned char *p; - uint16_t len, type; - ssize_t data_size = _data_size; - int server_names = 0; - - DECR_LENGTH_RET (data_size, 2, 0); - len = MHD_gtls_read_uint16 (data); - - if (len != data_size) - { - /* This is unexpected packet length, but - * just ignore it, for now. - */ - MHD_gnutls_assert (); - return 0; - } - - p = data + 2; - - /* Count all server_names in the packet. */ - while (data_size > 0) - { - DECR_LENGTH_RET (data_size, 1, 0); - p++; - - DECR_LEN (data_size, 2); - len = MHD_gtls_read_uint16 (p); - p += 2; - - /* make sure supplied server name is not empty */ - if (len > 0) - { - DECR_LENGTH_RET (data_size, len, 0); - server_names++; - p += len; - } - else - { -#if HAVE_MESSAGES - MHD__gnutls_handshake_log - ("HSK[%x]: Received zero size server name (under attack?)\n", - session); -#endif - } - } - - /* we cannot accept more server names. */ - if (server_names > MAX_SERVER_NAME_EXTENSIONS) - { -#if HAVE_MESSAGES - MHD__gnutls_handshake_log - ("HSK[%x]: Too many server names received (under attack?)\n", - session); -#endif - server_names = MAX_SERVER_NAME_EXTENSIONS; - } - - session->security_parameters.extensions.server_names_size = server_names; - if (server_names == 0) - return 0; /* no names found */ - - p = data + 2; - for (i = 0; i < server_names; i++) - { - type = *p; - p++; - - len = MHD_gtls_read_uint16 (p); - p += 2; - - switch (type) - { - case 0: /* NAME_DNS */ - if (len <= MAX_SERVER_NAME_SIZE) - { - memcpy (session->security_parameters.extensions. - server_names[i].name, p, len); - session->security_parameters.extensions.server_names[i]. - name_length = len; - session->security_parameters.extensions.server_names[i].type = - GNUTLS_NAME_DNS; - break; - } - } - - /* move to next record */ - p += len; - } - return 0; -} - -/* returns data_size or a negative number on failure - */ -int -MHD_gtls_server_name_send_params (MHD_gtls_session_t session, - opaque * data, size_t _data_size) -{ - int total_size = 0; -#if MHD_DEBUG_TLS - uint16_t len; - opaque *p; - unsigned i; - ssize_t data_size = _data_size; - - /* this function sends the client extension data (dnsname) */ - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - - if (session->security_parameters.extensions.server_names_size == 0) - return 0; - - /* uint16_t - */ - total_size = 2; - for (i = 0; - i < session->security_parameters.extensions.server_names_size; i++) - { - /* count the total size - */ - len = - session->security_parameters.extensions.server_names[i]. - name_length; - - /* uint8_t + uint16_t + size - */ - total_size += 1 + 2 + len; - } - - p = data; - - /* UINT16: write total size of all names - */ - DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); - MHD_gtls_write_uint16 (total_size - 2, p); - p += 2; - - for (i = 0; - i < session->security_parameters.extensions.server_names_size; i++) - { - - switch (session->security_parameters.extensions. - server_names[i].type) - { - case GNUTLS_NAME_DNS: - - len = - session->security_parameters.extensions. - server_names[i].name_length; - if (len == 0) - break; - - /* UINT8: type of this extension - * UINT16: size of the first name - * LEN: the actual server name. - */ - DECR_LENGTH_RET (data_size, len + 3, - GNUTLS_E_SHORT_MEMORY_BUFFER); - - *p = 0; /* NAME_DNS type */ - p++; - - MHD_gtls_write_uint16 (len, p); - p += 2; - - memcpy (p, - session->security_parameters.extensions. - server_names[0].name, len); - p += len; - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - } - } -#endif - return total_size; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/ext_server_name.h b/lib/libmicrohttpd/src/daemon/https/tls/ext_server_name.h deleted file mode 100644 index f74ce1913c..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/ext_server_name.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD_gtls_server_name_recv_params (MHD_gtls_session_t session, - const opaque * data, size_t data_size); -int MHD_gtls_server_name_send_params (MHD_gtls_session_t session, - opaque * data, size_t); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_alert.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_alert.c deleted file mode 100644 index 4925f6e731..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_alert.c +++ /dev/null @@ -1,296 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_record.h> -#include <debug.h> - -typedef struct -{ - MHD_gnutls_alert_description_t alert; - const char *desc; -} MHD_gnutls_alert_entry; - -static const MHD_gnutls_alert_entry MHD_gtls_sup_alerts[] = { - {GNUTLS_A_CLOSE_NOTIFY, "Close notify"}, - {GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message"}, - {GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC"}, - {GNUTLS_A_DECRYPTION_FAILED, "Decryption failed"}, - {GNUTLS_A_RECORD_OVERFLOW, "Record overflow"}, - {GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed"}, - {GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed"}, - {GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad"}, - {GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported"}, - {GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked"}, - {GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired"}, - {GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate"}, - {GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter"}, - {GNUTLS_A_UNKNOWN_CA, "CA is unknown"}, - {GNUTLS_A_ACCESS_DENIED, "Access was denied"}, - {GNUTLS_A_DECODE_ERROR, "Decode error"}, - {GNUTLS_A_DECRYPT_ERROR, "Decrypt error"}, - {GNUTLS_A_EXPORT_RESTRICTION, "Export restriction"}, - {GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version"}, - {GNUTLS_A_INSUFFICIENT_SECURITY, "Insufficient security"}, - {GNUTLS_A_USER_CANCELED, "User canceled"}, - {GNUTLS_A_INTERNAL_ERROR, "Internal error"}, - {GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed"}, - {GNUTLS_A_CERTIFICATE_UNOBTAINABLE, - "Could not retrieve the specified certificate"}, - {GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent"}, - {GNUTLS_A_UNRECOGNIZED_NAME, - "The server name sent was not recognized"}, - {GNUTLS_A_UNKNOWN_PSK_IDENTITY, - "The SRP/PSK username is missing or not known"}, -}; - -#define GNUTLS_ALERT_LOOP(b) \ - const MHD_gnutls_alert_entry *p; \ - for(p = MHD_gtls_sup_alerts; p->desc != NULL; p++) { b ; } - -#define GNUTLS_ALERT_ID_LOOP(a) \ - GNUTLS_ALERT_LOOP( if(p->alert == alert) { a; break; }) - - -/** - * MHD__gnutls_alert_get_name - Returns a string describing the alert number given - * @alert: is an alert number #MHD_gtls_session_t structure. - * - * This function will return a string that describes the given alert - * number or NULL. See MHD_gnutls_alert_get(). - * - **/ -const char * -MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert) -{ - const char *ret = NULL; - - GNUTLS_ALERT_ID_LOOP (ret = p->desc); - - return ret; -} - -/** - * MHD__gnutls_alert_send - This function sends an alert message to the peer - * @session: is a #MHD_gtls_session_t structure. - * @level: is the level of the alert - * @desc: is the alert description - * - * This function will send an alert to the peer in order to inform - * him of something important (eg. his Certificate could not be verified). - * If the alert level is Fatal then the peer is expected to close the - * connection, otherwise he may ignore the alert and continue. - * - * The error code of the underlying record send function will be returned, - * so you may also receive GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN as well. - * - * Returns 0 on success. - * - **/ -int -MHD__gnutls_alert_send (MHD_gtls_session_t session, - MHD_gnutls_alert_level_t level, - MHD_gnutls_alert_description_t desc) -{ - uint8_t data[2]; - int ret; - const char *name; - - data[0] = (uint8_t) level; - data[1] = (uint8_t) desc; - - name = MHD__gnutls_alert_get_name ((int) data[1]); - if (name == NULL) - name = "(unknown)"; - MHD__gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0], - data[1], name); - - if ((ret = MHD_gtls_send_int (session, GNUTLS_ALERT, -1, data, 2)) >= 0) - return 0; - else - return ret; -} - -/** - * MHD_gtls_error_to_alert - This function returns an alert code based on the given error code - * @err: is a negative integer - * @level: the alert level will be stored there - * - * Returns an alert depending on the error code returned by a gnutls - * function. All alerts sent by this function should be considered fatal. - * The only exception is when err == GNUTLS_E_REHANDSHAKE, where a warning - * alert should be sent to the peer indicating that no renegotiation will - * be performed. - * - * If there is no mapping to a valid alert the alert to indicate internal error - * is returned. - * - **/ -int -MHD_gtls_error_to_alert (int err, int *level) -{ - int ret, _level = -1; - - switch (err) - { /* send appropriate alert */ - case GNUTLS_E_DECRYPTION_FAILED: - /* GNUTLS_A_DECRYPTION_FAILED is not sent, because - * it is not defined in SSL3. Note that we must - * not distinguish Decryption failures from mac - * check failures, due to the possibility of some - * attacks. - */ - ret = GNUTLS_A_BAD_RECORD_MAC; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_DECOMPRESSION_FAILED: - ret = GNUTLS_A_DECOMPRESSION_FAILURE; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER: - case GNUTLS_E_ILLEGAL_SRP_USERNAME: - ret = GNUTLS_A_ILLEGAL_PARAMETER; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND: - case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND: - case GNUTLS_E_ASN1_DER_ERROR: - case GNUTLS_E_ASN1_VALUE_NOT_FOUND: - case GNUTLS_E_ASN1_GENERIC_ERROR: - case GNUTLS_E_ASN1_VALUE_NOT_VALID: - case GNUTLS_E_ASN1_TAG_ERROR: - case GNUTLS_E_ASN1_TAG_IMPLICIT: - case GNUTLS_E_ASN1_TYPE_ANY_ERROR: - case GNUTLS_E_ASN1_SYNTAX_ERROR: - case GNUTLS_E_ASN1_DER_OVERFLOW: - ret = GNUTLS_A_BAD_CERTIFICATE; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_UNKNOWN_CIPHER_SUITE: - case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM: - case GNUTLS_E_INSUFFICIENT_CREDENTIALS: - case GNUTLS_E_NO_CIPHER_SUITES: - case GNUTLS_E_NO_COMPRESSION_ALGORITHMS: - ret = GNUTLS_A_HANDSHAKE_FAILURE; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION: - ret = GNUTLS_A_UNSUPPORTED_EXTENSION; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_UNEXPECTED_PACKET: - case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET: - ret = GNUTLS_A_UNEXPECTED_MESSAGE; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_REHANDSHAKE: - ret = GNUTLS_A_NO_RENEGOTIATION; - _level = GNUTLS_AL_WARNING; - break; - case GNUTLS_E_UNSUPPORTED_VERSION_PACKET: - ret = GNUTLS_A_PROTOCOL_VERSION; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE: - ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: - ret = GNUTLS_A_RECORD_OVERFLOW; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_INTERNAL_ERROR: - case GNUTLS_E_NO_TEMPORARY_DH_PARAMS: - case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS: - ret = GNUTLS_A_INTERNAL_ERROR; - _level = GNUTLS_AL_FATAL; - break; - case GNUTLS_E_DH_PRIME_UNACCEPTABLE: - case GNUTLS_E_NO_CERTIFICATE_FOUND: - ret = GNUTLS_A_INSUFFICIENT_SECURITY; - _level = GNUTLS_AL_FATAL; - break; - default: - ret = GNUTLS_A_INTERNAL_ERROR; - _level = GNUTLS_AL_FATAL; - break; - } - - if (level != NULL) - *level = _level; - - return ret; -} - - -/** - * MHD__gnutls_alert_send_appropriate - This function sends an alert to the peer depending on the error code - * @session: is a #MHD_gtls_session_t structure. - * @err: is an integer - * - * Sends an alert to the peer depending on the error code returned by a gnutls - * function. This function will call MHD_gtls_error_to_alert() to determine - * the appropriate alert to send. - * - * This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED. - * - * If the return value is GNUTLS_E_INVALID_REQUEST, then no alert has - * been sent to the peer. - * - * Returns zero on success. - */ -int -MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err) -{ - int alert; - int level; - - alert = MHD_gtls_error_to_alert (err, &level); - if (alert < 0) - { - return alert; - } - - return MHD__gnutls_alert_send (session, level, alert); -} - -/** - * MHD_gnutls_alert_get - Returns the last alert number received. - * @session: is a #MHD_gtls_session_t structure. - * - * This function will return the last alert number received. This - * function should be called if GNUTLS_E_WARNING_ALERT_RECEIVED or - * GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls - * function. The peer may send alerts if he thinks some things were - * not right. Check gnutls.h for the available alert descriptions. - * - * If no alert has been received the returned value is undefined. - * - **/ -MHD_gnutls_alert_description_t -MHD_gnutls_alert_get (MHD_gtls_session_t session) -{ - return session->internals.last_alert; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c deleted file mode 100644 index f65ccbac9d..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.c +++ /dev/null @@ -1,1340 +0,0 @@ -/* - * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include "gnutls_int.h" -#include "gnutls_algorithms.h" -#include "gnutls_errors.h" -#include "gnutls_cert.h" -/* x509 */ -#include "common.h" - -/* Cred type mappings to KX algorithms - * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require - * more than one credentials type. - */ -typedef struct -{ - enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; - enum MHD_GNUTLS_CredentialsType client_type; - enum MHD_GNUTLS_CredentialsType server_type; /* The type of credentials a server - * needs to set */ -} MHD_gnutls_cred_map; - -static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { - {MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_CRD_CERTIFICATE, - MHD_GNUTLS_CRD_CERTIFICATE}, - {MHD_GNUTLS_KX_RSA_EXPORT, - MHD_GNUTLS_CRD_CERTIFICATE, - MHD_GNUTLS_CRD_CERTIFICATE}, - {0, - 0, - 0} -}; - -#define GNUTLS_KX_MAP_LOOP(b) \ - const MHD_gnutls_cred_map *p; \ - for(p = MHD_gtls_cred_mappings; p->algorithm != 0; p++) { b ; } - -#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \ - GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) - -#define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \ - GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; }) - -/* KX mappings to PK algorithms */ -typedef struct -{ - enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; - enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used - * for encryption, CIPHER_SIGN if signature only, - * CIPHER_IGN if this does not apply at all. - * - * This is useful to certificate cipher suites, which check - * against the certificate key usage bits. - */ -} MHD_gnutls_pk_map; - -/* This table maps the Key exchange algorithms to - * the certificate algorithms. Eg. if we have - * RSA algorithm in the certificate then we can - * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA. - */ -static const MHD_gnutls_pk_map MHD_gtls_pk_mappings[] = { - {MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_PK_RSA, - CIPHER_ENCRYPT}, - {MHD_GNUTLS_KX_RSA_EXPORT, - MHD_GNUTLS_PK_RSA, - CIPHER_SIGN}, - {0, - 0, - 0} -}; - -#define GNUTLS_PK_MAP_LOOP(b) \ - const MHD_gnutls_pk_map *p; \ - for(p = MHD_gtls_pk_mappings; p->kx_algorithm != 0; p++) { b } - -#define GNUTLS_PK_MAP_ALG_LOOP(a) \ - GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; }) - -/* TLS Versions */ - -typedef struct -{ - const char *name; - enum MHD_GNUTLS_Protocol id; /* gnutls internal version number */ - int major; /* defined by the protocol */ - int minor; /* defined by the protocol */ - int supported; /* 0 not supported, > 0 is supported */ -} MHD_gnutls_version_entry; - -static const MHD_gnutls_version_entry MHD_gtls_sup_versions[] = { - {"SSL3.0", - MHD_GNUTLS_PROTOCOL_SSL3, - 3, - 0, - 1}, - {"TLS1.0", - MHD_GNUTLS_PROTOCOL_TLS1_0, - 3, - 1, - 1}, - {"TLS1.1", - MHD_GNUTLS_PROTOCOL_TLS1_1, - 3, - 2, - 1}, - {"TLS1.2", - MHD_GNUTLS_PROTOCOL_TLS1_2, - 3, - 3, - 1}, - {0, - 0, - 0, - 0, - 0} -}; - -/* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_Protocol MHD_gtls_supported_protocols[] = -{ MHD_GNUTLS_PROTOCOL_SSL3, - MHD_GNUTLS_PROTOCOL_TLS1_0, - MHD_GNUTLS_PROTOCOL_TLS1_1, - MHD_GNUTLS_PROTOCOL_TLS1_2, - 0 -}; - -#define GNUTLS_VERSION_LOOP(b) \ - const MHD_gnutls_version_entry *p; \ - for(p = MHD_gtls_sup_versions; p->name != NULL; p++) { b ; } - -#define GNUTLS_VERSION_ALG_LOOP(a) \ - GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; }) - -struct MHD_gnutls_cipher_entry -{ - const char *name; - enum MHD_GNUTLS_CipherAlgorithm id; - uint16_t blocksize; - uint16_t keysize; - cipher_type_t block; - uint16_t iv; - int export_flag; /* 0 non export */ -}; -typedef struct MHD_gnutls_cipher_entry MHD_gnutls_cipher_entry; - -/* Note that all algorithms are in CBC or STREAM modes. - * Do not add any algorithms in other modes (avoid modified algorithms). - * View first: "The order of encryption and authentication for - * protecting communications" by Hugo Krawczyk - CRYPTO 2001 - */ -static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = { - {"AES-256-CBC", - MHD_GNUTLS_CIPHER_AES_256_CBC, - 16, - 32, - CIPHER_BLOCK, - 16, - 0}, - {"AES-128-CBC", - MHD_GNUTLS_CIPHER_AES_128_CBC, - 16, - 16, - CIPHER_BLOCK, - 16, - 0}, - {"3DES-CBC", - MHD_GNUTLS_CIPHER_3DES_CBC, - 8, - 24, - CIPHER_BLOCK, - 8, - 0}, - {"ARCFOUR-128", - MHD_GNUTLS_CIPHER_ARCFOUR_128, - 1, - 16, - CIPHER_STREAM, - 0, - 0}, - {"NULL", - MHD_GNUTLS_CIPHER_NULL, - 1, - 0, - CIPHER_STREAM, - 0, - 0}, - {0, - 0, - 0, - 0, - 0, - 0, - 0} -}; - -/* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_supported_ciphers[] = -{ MHD_GNUTLS_CIPHER_AES_256_CBC, - MHD_GNUTLS_CIPHER_AES_128_CBC, - MHD_GNUTLS_CIPHER_3DES_CBC, - MHD_GNUTLS_CIPHER_ARCFOUR_128, - MHD_GNUTLS_CIPHER_NULL, - 0 -}; - -#define GNUTLS_LOOP(b) \ - const MHD_gnutls_cipher_entry *p; \ - for(p = MHD_gtls_algorithms; p->name != NULL; p++) { b ; } - -#define GNUTLS_ALG_LOOP(a) \ - GNUTLS_LOOP( if(p->id == algorithm) { a; break; } ) - -struct MHD_gnutls_hash_entry -{ - const char *name; - const char *oid; - enum MHD_GNUTLS_HashAlgorithm id; - size_t key_size; /* in case of mac */ -}; -typedef struct MHD_gnutls_hash_entry MHD_gnutls_hash_entry; - -static const MHD_gnutls_hash_entry MHD_gtls_hash_algorithms[] = { - {"SHA1", - HASH_OID_SHA1, - MHD_GNUTLS_MAC_SHA1, - 20}, - {"MD5", - HASH_OID_MD5, - MHD_GNUTLS_MAC_MD5, - 16}, - {"SHA256", - HASH_OID_SHA256, - MHD_GNUTLS_MAC_SHA256, - 32}, - {"NULL", - NULL, - MHD_GNUTLS_MAC_NULL, - 0}, - {0, - 0, - 0, - 0} -}; - -/* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_HashAlgorithm MHD_gtls_supported_macs[] = -{ MHD_GNUTLS_MAC_SHA1, - MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_MAC_SHA256, - MHD_GNUTLS_MAC_NULL, - 0 -}; - -#define GNUTLS_HASH_LOOP(b) \ - const MHD_gnutls_hash_entry *p; \ - for(p = MHD_gtls_hash_algorithms; p->name != NULL; p++) { b ; } - -#define GNUTLS_HASH_ALG_LOOP(a) \ - GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) - -/* Compression Section */ -#define GNUTLS_COMPRESSION_ENTRY(name, id, wb, ml, cl) \ - { #name, name, id, wb, ml, cl} - -#define MAX_COMP_METHODS 5 -const int MHD__gnutls_comp_algorithms_size = MAX_COMP_METHODS; - -/* the compression entry is defined in MHD_gnutls_algorithms.h */ - -MHD_gnutls_compression_entry - MHD__gnutls_compression_algorithms[MAX_COMP_METHODS] = -{ - GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_NULL, 0x00, 0, 0, 0), - { - 0, 0, 0, 0, 0, 0} -}; - -static const enum MHD_GNUTLS_CompressionMethod - MHD_gtls_supported_compressions[] = -{ - MHD_GNUTLS_COMP_NULL, - 0 -}; - -#define GNUTLS_COMPRESSION_LOOP(b) \ - const MHD_gnutls_compression_entry *p; \ - for(p = MHD__gnutls_compression_algorithms; p->name != NULL; p++) { b ; } -#define GNUTLS_COMPRESSION_ALG_LOOP(a) \ - GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } ) -#define GNUTLS_COMPRESSION_ALG_LOOP_NUM(a) \ - GNUTLS_COMPRESSION_LOOP( if(p->num == num) { a; break; } ) - -/* Key Exchange Section */ -extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct; -extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; -extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; -extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; -extern MHD_gtls_mod_auth_st srp_auth_struct; -extern MHD_gtls_mod_auth_st psk_auth_struct; -extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; -extern MHD_gtls_mod_auth_st srp_rsa_auth_struct; -extern MHD_gtls_mod_auth_st srp_dss_auth_struct; - -typedef struct MHD_gtls_kx_algo_entry -{ - const char *name; - enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm; - MHD_gtls_mod_auth_st *auth_struct; - int needs_dh_params; - int needs_rsa_params; -} MHD_gtls_kx_algo_entry_t; - -static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { - {"RSA", - MHD_GNUTLS_KX_RSA, - &MHD_gtls_rsa_auth_struct, - 0, - 0}, - {"RSA-EXPORT", - MHD_GNUTLS_KX_RSA_EXPORT, - &MHD_rsa_export_auth_struct, - 0, - 1 /* needs RSA params */ }, - {0, - 0, - 0, - 0, - 0} -}; - -/* Keep the contents of this struct the same as the previous one. */ -static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = -{ - MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_KX_RSA_EXPORT, - 0 -}; - -#define GNUTLS_KX_LOOP(b) \ - const MHD_gtls_kx_algo_entry_t *p; \ - for(p = MHD_gtls_kx_algorithms; p->name != NULL; p++) { b ; } - -#define GNUTLS_KX_ALG_LOOP(a) \ - GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } ) - -/* Cipher SUITES */ -#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \ - { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version } - -typedef struct -{ - const char *name; - cipher_suite_st id; - enum MHD_GNUTLS_CipherAlgorithm block_algorithm; - enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; - enum MHD_GNUTLS_HashAlgorithm mac_algorithm; - enum MHD_GNUTLS_Protocol version; /* this cipher suite is supported - * from 'version' and above; - */ -} MHD_gtls_cipher_suite_entry; - -/* RSA with NULL cipher and MD5 MAC - * for test purposes. - */ -#define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } - -/* PSK (not in TLS 1.0) - * draft-ietf-tls-psk: - */ -#define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A } -#define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B } -#define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C } -#define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D } - -#define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E } -#define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F } -#define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 } -#define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 } - -/* SRP (rfc5054) - */ -#define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A } -#define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B } -#define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C } - -#define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D } -#define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E } -#define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F } - -#define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 } -#define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 } -#define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 } - -/* RSA - */ -#define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 } -#define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 } -#define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A } - -/* rfc3268: - */ -#define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F } -#define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 } - -/* rfc4132 */ -#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 } -#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 } - -/* DHE DSS - */ - -#define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 } - -/* draft-ietf-tls-56-bit-ciphersuites-01: - */ -#define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 } - -/* rfc3268: - */ -#define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 } -#define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 } - -/* rfc4132 */ -#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 } -#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 } - -/* DHE RSA - */ -#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 } - -/* rfc3268: - */ -#define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 } -#define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 } - -/* rfc4132 */ -#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 } -#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 } - -#define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 - -static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { - /* RSA */ - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, - MHD_GNUTLS_CIPHER_NULL, - MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_PROTOCOL_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, - MHD_GNUTLS_CIPHER_ARCFOUR_128, - MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, - MHD_GNUTLS_PROTOCOL_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, - MHD_GNUTLS_CIPHER_ARCFOUR_128, - MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5, - MHD_GNUTLS_PROTOCOL_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, - MHD_GNUTLS_CIPHER_3DES_CBC, - MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1, - MHD_GNUTLS_PROTOCOL_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, - MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), - GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, - MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA, - MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), - {0, - { - {0, - 0}}, - 0, - 0, - 0, - 0} -}; - -#define GNUTLS_CIPHER_SUITE_LOOP(b) \ - const MHD_gtls_cipher_suite_entry *p; \ - for(p = MHD_gtls_cs_algorithms; p->name != NULL; p++) { b ; } - -#define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \ - GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } ) - -/* Generic Functions */ - -int -MHD_gtls_mac_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algorithm) -{ /* actually returns the priority */ - unsigned int i; - for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++) - { - if (session->internals.priorities.mac.priority[i] == algorithm) - return i; - } - return -1; -} - - -int -MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm) -{ - ssize_t ret = -1; - GNUTLS_HASH_ALG_LOOP (ret = p->id); - if (ret >= 0) - ret = 0; - else - ret = 1; - return ret; -} - - -/** - * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm - * @algorithm: is a Compression algorithm - * - * Returns: a pointer to a string that contains the name of the - * specified compression algorithm, or %NULL. - **/ -const char * -MHD_gtls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm) -{ - const char *ret = NULL; - - /* avoid prefix */ - GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1); - - return ret; -} - -/** - * MHD_gtls_compression_get_id - Returns the gnutls id of the specified in string algorithm - * @algorithm: is a compression method name - * - * The names are compared in a case insensitive way. - * - * Returns: an id of the specified in a string compression method, or - * %GNUTLS_COMP_UNKNOWN on error. - * - **/ -enum MHD_GNUTLS_CompressionMethod -MHD_gtls_compression_get_id (const char *name) -{ - enum MHD_GNUTLS_CompressionMethod ret = MHD_GNUTLS_COMP_UNKNOWN; - - GNUTLS_COMPRESSION_LOOP (if - (strcasecmp - (p->name + sizeof ("GNUTLS_COMP_") - 1, - name) == 0) ret = p->id) - ; - - return ret; -} - - -/* return the tls number of the specified algorithm */ -int -MHD_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod algorithm) -{ - int ret = -1; - - /* avoid prefix */ - GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num); - - return ret; -} - -int -MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm) -{ - int ret = -1; - /* avoid prefix */ - GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits); - return ret; -} - -int -MHD_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod - algorithm) -{ - int ret = -1; - /* avoid prefix */ - GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level); - return ret; -} - -int -MHD_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod - algorithm) -{ - int ret = -1; - /* avoid prefix */ - GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level); - return ret; -} - -/* returns the gnutls internal ID of the TLS compression - * method num - */ -enum MHD_GNUTLS_CompressionMethod -MHD_gtls_compression_get_id_from_int (int num) -{ - enum MHD_GNUTLS_CompressionMethod ret = -1; - - /* avoid prefix */ - GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id); - - return ret; -} - -int -MHD_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm) -{ - ssize_t ret = -1; - GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id); - if (ret >= 0) - ret = 0; - else - ret = 1; - return ret; -} - -/* CIPHER functions */ -int -MHD_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->blocksize); - return ret; - -} - -/* returns the priority */ -int -MHD_gtls_cipher_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ - unsigned int i; - for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++) - { - if (session->internals.priorities.cipher.priority[i] == algorithm) - return i; - } - return -1; -} - -int -MHD_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ - size_t ret = 0; - - GNUTLS_ALG_LOOP (ret = p->block); - return ret; - -} - -/** - * MHD__gnutls_cipher_get_key_size - Returns the length of the cipher's key size - * @algorithm: is an encryption algorithm - * - * Returns: length (in bytes) of the given cipher's key size, o 0 if - * the given cipher is invalid. - **/ -size_t -MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ /* In bytes */ - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->keysize); - return ret; - -} - -int -MHD_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ /* In bytes */ - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->iv); - return ret; - -} - -int -MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ /* In bytes */ - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->export_flag); - return ret; - -} - - -int -MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm) -{ - ssize_t ret = -1; - GNUTLS_ALG_LOOP (ret = p->id); - if (ret >= 0) - ret = 0; - else - ret = 1; - return ret; -} - -/* Key EXCHANGE functions */ -MHD_gtls_mod_auth_st * -MHD_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) -{ - MHD_gtls_mod_auth_st *ret = NULL; - GNUTLS_KX_ALG_LOOP (ret = p->auth_struct); - return ret; - -} - -int -MHD_gtls_kx_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) -{ - unsigned int i; - for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++) - { - if (session->internals.priorities.kx.priority[i] == algorithm) - return i; - } - return -1; -} - - -int -MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) -{ - ssize_t ret = -1; - GNUTLS_KX_ALG_LOOP (ret = p->algorithm); - if (ret >= 0) - ret = 0; - else - ret = 1; - return ret; -} - -int -MHD_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) -{ - ssize_t ret = 0; - GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params); - return ret; -} - -int -MHD_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm) -{ - ssize_t ret = 0; - GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params); - return ret; -} - -/* Version */ -int -MHD_gtls_version_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_Protocol version) -{ /* actually returns the priority */ - unsigned int i; - - if (session->internals.priorities.protocol.priority == NULL) - { - MHD_gnutls_assert (); - return -1; - } - - for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++) - { - if (session->internals.priorities.protocol.priority[i] == version) - return i; - } - return -1; -} - - -enum MHD_GNUTLS_Protocol -MHD_gtls_version_max (MHD_gtls_session_t session) -{ /* returns the maximum version supported */ - unsigned int i, max = 0x00; - - if (session->internals.priorities.protocol.priority == NULL) - { - return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; - } - else - for (i = 0; i < session->internals.priorities.protocol.num_algorithms; - i++) - { - if (session->internals.priorities.protocol.priority[i] > max) - max = session->internals.priorities.protocol.priority[i]; - } - - if (max == 0x00) - return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */ - - return max; -} - -int -MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version) -{ - int ret = -1; - - GNUTLS_VERSION_ALG_LOOP (ret = p->minor); - return ret; -} - -enum MHD_GNUTLS_Protocol -MHD_gtls_version_get (int major, int minor) -{ - int ret = -1; - - GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor)) - ret = p->id) - ; - return ret; -} - -int -MHD_gtls_version_get_major (enum MHD_GNUTLS_Protocol version) -{ - int ret = -1; - - GNUTLS_VERSION_ALG_LOOP (ret = p->major); - return ret; -} - -/* Version Functions */ - -int -MHD_gtls_version_is_supported (MHD_gtls_session_t session, - const enum MHD_GNUTLS_Protocol version) -{ - int ret = 0; - - GNUTLS_VERSION_ALG_LOOP (ret = p->supported); - if (ret == 0) - return 0; - - if (MHD_gtls_version_priority (session, version) < 0) - return 0; /* disabled by the user */ - else - return 1; -} - -enum MHD_GNUTLS_CredentialsType -MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm, - int server) -{ - enum MHD_GNUTLS_CredentialsType ret = -1; - if (server) - { - GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = p->server_type) - ; - } - else - { - GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = p->client_type) - ; - } - - return ret; -} - -/* Cipher Suite's functions */ -enum MHD_GNUTLS_CipherAlgorithm -MHD_gtls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite) -{ - int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm); - return ret; -} - -enum MHD_GNUTLS_Protocol -MHD_gtls_cipher_suite_get_version (const cipher_suite_st * suite) -{ - int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version); - return ret; -} - -enum MHD_GNUTLS_KeyExchangeAlgorithm -MHD_gtls_cipher_suite_get_kx_algo (const cipher_suite_st * suite) -{ - int ret = 0; - - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm); - return ret; - -} - -enum MHD_GNUTLS_HashAlgorithm -MHD_gtls_cipher_suite_get_mac_algo (const cipher_suite_st * suite) -{ /* In bytes */ - int ret = 0; - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm); - return ret; - -} - -const char * -MHD_gtls_cipher_suite_get_name (cipher_suite_st * suite) -{ - const char *ret = NULL; - - /* avoid prefix */ - GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1); - - return ret; -} - -static inline int -MHD__gnutls_cipher_suite_is_ok (cipher_suite_st * suite) -{ - size_t ret; - const char *name = NULL; - - GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name); - if (name != NULL) - ret = 0; - else - ret = 1; - return ret; - -} - -#define SWAP(x, y) memcpy(tmp,x,size); \ - memcpy(x,y,size); \ - memcpy(y,tmp,size); - -#define MAX_ELEM_SIZE 4 -static inline int -MHD__gnutls_partition (MHD_gtls_session_t session, - void *_base, - size_t nmemb, - size_t size, - int (*compar) (MHD_gtls_session_t, - const void *, const void *)) -{ - uint8_t *base = _base; - uint8_t tmp[MAX_ELEM_SIZE]; - uint8_t ptmp[MAX_ELEM_SIZE]; - unsigned int pivot; - unsigned int i, j; - unsigned int full; - - i = pivot = 0; - j = full = (nmemb - 1) * size; - - memcpy (ptmp, &base[0], size); /* set pivot item */ - - while (i < j) - { - while ((compar (session, &base[i], ptmp) <= 0) && (i < full)) - { - i += size; - } - while ((compar (session, &base[j], ptmp) >= 0) && (j > 0)) - j -= size; - - if (i < j) - { - SWAP (&base[j], &base[i]); - } - } - - if (j > pivot) - { - SWAP (&base[pivot], &base[j]); - pivot = j; - } - else if (i < pivot) - { - SWAP (&base[pivot], &base[i]); - pivot = i; - } - return pivot / size; -} - -static void -MHD__gnutls_qsort (MHD_gtls_session_t session, - void *_base, - size_t nmemb, - size_t size, - int (*compar) (MHD_gtls_session_t, const void *, - const void *)) -{ - unsigned int pivot; - char *base = _base; - size_t snmemb = nmemb; - - if (snmemb <= 1) - return; - pivot = MHD__gnutls_partition (session, _base, nmemb, size, compar); - - MHD__gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 - : pivot, size, compar); - MHD__gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1, - size, compar); -} - -/* a compare function for KX algorithms (using priorities). - * For use with qsort - */ -static int -MHD__gnutls_compare_algo (MHD_gtls_session_t session, - const void *i_A1, const void *i_A2) -{ - enum MHD_GNUTLS_KeyExchangeAlgorithm kA1 = - MHD_gtls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1); - enum MHD_GNUTLS_KeyExchangeAlgorithm kA2 = - MHD_gtls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A2); - enum MHD_GNUTLS_CipherAlgorithm cA1 = - MHD_gtls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1); - enum MHD_GNUTLS_CipherAlgorithm cA2 = - MHD_gtls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2); - enum MHD_GNUTLS_HashAlgorithm mA1 = - MHD_gtls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1); - enum MHD_GNUTLS_HashAlgorithm mA2 = - MHD_gtls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2); - - int p1 = (MHD_gtls_kx_priority (session, kA1) + 1) * 64; - int p2 = (MHD_gtls_kx_priority (session, kA2) + 1) * 64; - p1 += (MHD_gtls_cipher_priority (session, cA1) + 1) * 8; - p2 += (MHD_gtls_cipher_priority (session, cA2) + 1) * 8; - p1 += MHD_gtls_mac_priority (session, mA1); - p2 += MHD_gtls_mac_priority (session, mA2); - - if (p1 > p2) - { - return 1; - } - else - { - if (p1 == p2) - { - return 0; - } - return -1; - } -} - -int -MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session, - cipher_suite_st ** ciphers) -{ - - int count; - - count = MHD_gtls_supported_ciphersuites (session, ciphers); - if (count <= 0) - { - MHD_gnutls_assert (); - return count; - } - MHD__gnutls_qsort (session, *ciphers, count, sizeof (cipher_suite_st), - MHD__gnutls_compare_algo); - - return count; -} - -int -MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, - cipher_suite_st ** _ciphers) -{ - - unsigned int i, ret_count, j; - unsigned int count = CIPHER_SUITES_COUNT; - cipher_suite_st *tmp_ciphers; - cipher_suite_st *ciphers; - enum MHD_GNUTLS_Protocol version; - - if (count == 0) - { - return 0; - } - - tmp_ciphers = MHD_gnutls_alloca (count * sizeof (cipher_suite_st)); - if (tmp_ciphers == NULL) - return GNUTLS_E_MEMORY_ERROR; - - ciphers = MHD_gnutls_malloc (count * sizeof (cipher_suite_st)); - if (ciphers == NULL) - { - MHD_gnutls_afree (tmp_ciphers); - return GNUTLS_E_MEMORY_ERROR; - } - - version = MHD__gnutls_protocol_get_version (session); - - for (i = 0; i < count; i++) - { - memcpy (&tmp_ciphers[i], &MHD_gtls_cs_algorithms[i].id, - sizeof (cipher_suite_st)); - } - - for (i = j = 0; i < count; i++) - { - /* remove private cipher suites, if requested. - */ - if (tmp_ciphers[i].suite[0] == 0xFF) - continue; - - /* remove cipher suites which do not support the - * protocol version used. - */ - if (MHD_gtls_cipher_suite_get_version (&tmp_ciphers[i]) > version) - continue; - - if (MHD_gtls_kx_priority (session, - MHD_gtls_cipher_suite_get_kx_algo - (&tmp_ciphers[i])) < 0) - continue; - if (MHD_gtls_mac_priority (session, - MHD_gtls_cipher_suite_get_mac_algo - (&tmp_ciphers[i])) < 0) - continue; - if (MHD_gtls_cipher_priority (session, - MHD_gtls_cipher_suite_get_cipher_algo - (&tmp_ciphers[i])) < 0) - continue; - - memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); - j++; - } - - ret_count = j; - - MHD_gnutls_afree (tmp_ciphers); - - /* This function can no longer return 0 cipher suites. - * It returns an error code instead. - */ - if (ret_count == 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (ciphers); - return GNUTLS_E_NO_CIPHER_SUITES; - } - *_ciphers = ciphers; - return ret_count; -} - -/* For compression */ - -#define MIN_PRIVATE_COMP_ALGO 0xEF - -/* returns the TLS numbers of the compression methods we support - */ -#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms -int -MHD_gtls_supported_compression_methods (MHD_gtls_session_t session, - uint8_t ** comp) -{ - unsigned int i, j; - - *comp = - MHD_gnutls_malloc (sizeof (uint8_t) * SUPPORTED_COMPRESSION_METHODS); - if (*comp == NULL) - return GNUTLS_E_MEMORY_ERROR; - - for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) - { - int tmp = - MHD_gtls_compression_get_num (session->internals.priorities. - compression.priority[i]); - - /* remove private compression algorithms, if requested. - */ - if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO)) - { - MHD_gnutls_assert (); - continue; - } - - (*comp)[j] = (uint8_t) tmp; - j++; - } - - if (j == 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (*comp); - *comp = NULL; - return GNUTLS_E_NO_COMPRESSION_ALGORITHMS; - } - return j; -} - -static const enum MHD_GNUTLS_CertificateType - MHD_gtls_supported_certificate_types[] = -{ MHD_GNUTLS_CRT_X509, - 0 -}; - - -/* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with - * the given enum MHD_GNUTLS_KeyExchangeAlgorithm. - */ -enum MHD_GNUTLS_PublicKeyAlgorithm -MHD_gtls_map_pk_get_pk (enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm) -{ - enum MHD_GNUTLS_PublicKeyAlgorithm ret = -1; - - GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret; -} - -/* Returns the encipher type for the given key exchange algorithm. - * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN. - * - * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT. - */ -enum encipher_type -MHD_gtls_kx_encipher_type (enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm) -{ - int ret = CIPHER_IGN; - GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret; - -} - -/* signature algorithms; - */ -struct MHD_gnutls_sign_entry -{ - const char *name; - const char *oid; - MHD_gnutls_sign_algorithm_t id; - enum MHD_GNUTLS_PublicKeyAlgorithm pk; - enum MHD_GNUTLS_HashAlgorithm mac; -}; -typedef struct MHD_gnutls_sign_entry MHD_gnutls_sign_entry; - -static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = { - {"RSA-SHA", - SIG_RSA_SHA1_OID, - GNUTLS_SIGN_RSA_SHA1, - MHD_GNUTLS_PK_RSA, - MHD_GNUTLS_MAC_SHA1}, - {"RSA-SHA256", - SIG_RSA_SHA256_OID, - GNUTLS_SIGN_RSA_SHA256, - MHD_GNUTLS_PK_RSA, - MHD_GNUTLS_MAC_SHA256}, - {"RSA-MD5", - SIG_RSA_MD5_OID, - GNUTLS_SIGN_RSA_MD5, - MHD_GNUTLS_PK_RSA, - MHD_GNUTLS_MAC_MD5}, - {"GOST R 34.10-2001", - SIG_GOST_R3410_2001_OID, - 0, - 0, - 0}, - {"GOST R 34.10-94", - SIG_GOST_R3410_94_OID, - 0, - 0, - 0}, - {0, - 0, - 0, - 0, - 0} -}; - -#define GNUTLS_SIGN_LOOP(b) \ - do { \ - const MHD_gnutls_sign_entry *p; \ - for(p = MHD_gtls_sign_algorithms; p->name != NULL; p++) { b ; } \ - } while (0) - -#define GNUTLS_SIGN_ALG_LOOP(a) \ - GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } ) - -/* pk algorithms; - */ -struct MHD_gnutls_pk_entry -{ - const char *name; - const char *oid; - enum MHD_GNUTLS_PublicKeyAlgorithm id; -}; -typedef struct MHD_gnutls_pk_entry MHD_gnutls_pk_entry; - -static const MHD_gnutls_pk_entry MHD_gtls_pk_algorithms[] = { - {"RSA", - PK_PKIX1_RSA_OID, - MHD_GNUTLS_PK_RSA}, - {"GOST R 34.10-2001", - PK_GOST_R3410_2001_OID, - 0}, - {"GOST R 34.10-94", - PK_GOST_R3410_94_OID, - 0}, - {0, - 0, - 0} -}; - -enum MHD_GNUTLS_PublicKeyAlgorithm -MHD_gtls_x509_oid2pk_algorithm (const char *oid) -{ - enum MHD_GNUTLS_PublicKeyAlgorithm ret = MHD_GNUTLS_PK_UNKNOWN; - const MHD_gnutls_pk_entry *p; - - for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++) - if (strcmp (p->oid, oid) == 0) - { - ret = p->id; - break; - } - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.h deleted file mode 100644 index 6a4021c7b3..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_algorithms.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef ALGORITHMS_H -#define ALGORITHMS_H - -#include "gnutls_auth.h" - -/* Functions for version handling. */ -enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session); -int MHD_gtls_version_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_Protocol version); -int MHD_gtls_version_is_supported (MHD_gtls_session_t session, - const enum MHD_GNUTLS_Protocol version); -int MHD_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver); -int MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver); -enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor); - -/* Functions for MACs. */ -int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm); -/* Functions for cipher suites. */ -int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session, - cipher_suite_st ** ciphers); -int MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session, - cipher_suite_st ** ciphers); -int MHD_gtls_supported_compression_methods (MHD_gtls_session_t session, - uint8_t ** comp); -const char *MHD_gtls_cipher_suite_get_name (cipher_suite_st * algorithm); -enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_suite_get_cipher_algo (const - cipher_suite_st - * - algorithm); -enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_cipher_suite_get_kx_algo (const - cipher_suite_st - * - algorithm); -enum MHD_GNUTLS_HashAlgorithm MHD_gtls_cipher_suite_get_mac_algo (const - cipher_suite_st - * - algorithm); -enum MHD_GNUTLS_Protocol MHD_gtls_cipher_suite_get_version (const - cipher_suite_st * - algorithm); -cipher_suite_st MHD_gtls_cipher_suite_get_suite_name (cipher_suite_st * - algorithm); - -/* Functions for ciphers. */ -int MHD_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm - algorithm); -int MHD_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm); -int MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm); -int MHD_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm); -int MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm - algorithm); - -/* Functions for key exchange. */ -int MHD_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm - algorithm); -int MHD_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm - algorithm); -MHD_gtls_mod_auth_st *MHD_gtls_kx_auth_struct (enum - MHD_GNUTLS_KeyExchangeAlgorithm - algorithm); -int MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); - -/* Functions for compression. */ -int MHD_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm); -int MHD_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod - algorithm); -enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id_from_int (int - num); -int MHD_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod - algorithm); -int MHD_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod - algorithm); -int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod - algorithm); - -/* Type to KX mappings. */ -enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum - MHD_GNUTLS_KeyExchangeAlgorithm - algorithm, - int server); - -/* KX to PK mapping. */ -enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum - MHD_GNUTLS_KeyExchangeAlgorithm - kx_algorithm); -enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char - *oid); -enum encipher_type -{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN }; - -enum encipher_type MHD_gtls_kx_encipher_type (enum - MHD_GNUTLS_KeyExchangeAlgorithm - algorithm); - -struct MHD_gtls_compression_entry -{ - const char *name; - enum MHD_GNUTLS_CompressionMethod id; - int num; /* the number reserved in TLS for the specific compression method */ - - /* used in zlib compressor */ - int window_bits; - int mem_level; - int comp_level; -}; -typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry; - -/* Functions for sign algorithms. */ - -int MHD_gtls_mac_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algorithm); -int MHD_gtls_cipher_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algorithm); -int MHD_gtls_kx_priority (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm); - -enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name); -enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name); -enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name); -enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name); -enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char - *name); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c deleted file mode 100644 index 9b51152124..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_asn1_tab.c +++ /dev/null @@ -1,63 +0,0 @@ -#if HAVE_CONFIG_H -#include "MHD_config.h" -#endif - -#include <libtasn1.h> - -const ASN1_ARRAY_TYPE MHD_gnutlsMHD__asn1_tab[] = { - {"GNUTLS", 536872976, 0}, - {0, 1073741836, 0}, - {"RSAPublicKey", 1610612741, 0}, - {"modulus", 1073741827, 0}, - {"publicExponent", 3, 0}, - {"RSAPrivateKey", 1610612741, 0}, - {"version", 1073741826, "Version"}, - {"modulus", 1073741827, 0}, - {"publicExponent", 1073741827, 0}, - {"privateExponent", 1073741827, 0}, - {"prime1", 1073741827, 0}, - {"prime2", 1073741827, 0}, - {"exponent1", 1073741827, 0}, - {"exponent2", 1073741827, 0}, - {"coefficient", 1073741827, 0}, - {"otherPrimeInfos", 16386, "OtherPrimeInfos"}, - {"Version", 1610874883, 0}, - {"two-prime", 1073741825, "0"}, - {"multi", 1, "1"}, - {"OtherPrimeInfos", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "OtherPrimeInfo"}, - {"OtherPrimeInfo", 1610612741, 0}, - {"prime", 1073741827, 0}, - {"exponent", 1073741827, 0}, - {"coefficient", 3, 0}, - {"AlgorithmIdentifier", 1610612741, 0}, - {"algorithm", 1073741836, 0}, - {"parameters", 541081613, 0}, - {"algorithm", 1, 0}, - {"DigestInfo", 1610612741, 0}, - {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, - {"digest", 2, "Digest"}, - {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - {"Digest", 1073741831, 0}, - {"DSAPublicKey", 1073741827, 0}, - {"DSAParameters", 1610612741, 0}, - {"p", 1073741827, 0}, - {"q", 1073741827, 0}, - {"g", 3, 0}, - {"DSASignatureValue", 1610612741, 0}, - {"r", 1073741827, 0}, - {"s", 3, 0}, - {"DSAPrivateKey", 1610612741, 0}, - {"version", 1073741827, 0}, - {"p", 1073741827, 0}, - {"q", 1073741827, 0}, - {"g", 1073741827, 0}, - {"Y", 1073741827, 0}, - {"priv", 3, 0}, - {"DHParameter", 536870917, 0}, - {"prime", 1073741827, 0}, - {"base", 1073741827, 0}, - {"privateValueLength", 16387, 0}, - {0, 0, 0} -}; diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth.c deleted file mode 100644 index 7c820c4e66..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include "gnutls_auth.h" -#include "gnutls_auth_int.h" -#include "gnutls_algorithms.h" -#include "auth_cert.h" -#include <gnutls_datum.h> - -/* The functions here are used in order for authentication algorithms - * to be able to retrieve the needed credentials eg public and private - * key etc. - */ - -/** - * MHD__gnutls_credentials_clear - Clears all the credentials previously set - * @session: is a #MHD_gtls_session_t structure. - * - * Clears all the credentials previously set in this session. - * - **/ -void -MHD__gnutls_credentials_clear (MHD_gtls_session_t session) -{ - if (session->key && session->key->cred) - { /* beginning of the list */ - auth_cred_st *ccred, *ncred; - ccred = session->key->cred; - while (ccred != NULL) - { - ncred = ccred->next; - MHD_gnutls_free (ccred); - ccred = ncred; - } - session->key->cred = NULL; - } -} - -/* - * This creates a linked list of the form: - * { algorithm, credentials, pointer to next } - */ -/** - * MHD__gnutls_credentials_set - Sets the needed credentials for the specified authentication algorithm. - * @session: is a #MHD_gtls_session_t structure. - * @type: is the type of the credentials - * @cred: is a pointer to a structure. - * - * Sets the needed credentials for the specified type. - * Eg username, password - or public and private keys etc. - * The (void* cred) parameter is a structure that depends on the - * specified type and on the current session (client or server). - * [ In order to minimize memory usage, and share credentials between - * several threads gnutls keeps a pointer to cred, and not the whole cred - * structure. Thus you will have to keep the structure allocated until - * you call MHD__gnutls_deinit(). ] - * - * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t - * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case - * of a server. - * - * For GNUTLS_CRD_CERTIFICATE cred should be MHD_gtls_cert_credentials_t. - * - **/ -int -MHD__gnutls_credentials_set (MHD_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, void *cred) -{ - auth_cred_st *ccred = NULL, *pcred = NULL; - int exists = 0; - - if (session->key->cred == NULL) - { /* beginning of the list */ - - session->key->cred = MHD_gnutls_malloc (sizeof (auth_cred_st)); - if (session->key->cred == NULL) - return GNUTLS_E_MEMORY_ERROR; - - /* copy credentials locally */ - session->key->cred->credentials = cred; - - session->key->cred->next = NULL; - session->key->cred->algorithm = type; - } - else - { - ccred = session->key->cred; - while (ccred != NULL) - { - if (ccred->algorithm == type) - { - exists = 1; - break; - } - pcred = ccred; - ccred = ccred->next; - } - /* After this, pcred is not null. - */ - - if (exists == 0) - { /* new entry */ - pcred->next = MHD_gnutls_malloc (sizeof (auth_cred_st)); - if (pcred->next == NULL) - return GNUTLS_E_MEMORY_ERROR; - - ccred = pcred->next; - - /* copy credentials locally */ - ccred->credentials = cred; - - ccred->next = NULL; - ccred->algorithm = type; - } - else - { /* modify existing entry */ - MHD_gnutls_free (ccred->credentials); - ccred->credentials = cred; - } - } - - return 0; -} - -/** - * MHD_gtls_auth_get_type - Returns the type of credentials for the current authentication schema. - * @session: is a #MHD_gtls_session_t structure. - * - * Returns type of credentials for the current authentication schema. - * The returned information is to be used to distinguish the function used - * to access authentication data. - * - * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), - * the same function are to be used to access the authentication data. - **/ -enum MHD_GNUTLS_CredentialsType -MHD_gtls_auth_get_type (MHD_gtls_session_t session) -{ -/* This is not the credentials we must set, but the authentication data - * we get by the peer, so it should be reversed. - */ - int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1; - - return - MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), server); -} - -/* - * This returns a pointer to the linked list. Don't - * free that!!! - */ -const void * -MHD_gtls_get_kx_cred (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err) -{ - int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; - - return MHD_gtls_get_cred (session->key, - MHD_gtls_map_kx_get_cred (algo, server), err); -} - -const void * -MHD_gtls_get_cred (MHD_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type, - int *err) -{ - const void *retval = NULL; - int _err = -1; - auth_cred_st *ccred; - - if (key == NULL) - goto out; - - ccred = key->cred; - while (ccred != NULL) - { - if (ccred->algorithm == type) - { - break; - } - ccred = ccred->next; - } - if (ccred == NULL) - goto out; - - _err = 0; - retval = ccred->credentials; - -out: - if (err != NULL) - *err = _err; - return retval; -} - -/*- - * MHD_gtls_get_auth_info - Returns a pointer to authentication information. - * @session: is a #MHD_gtls_session_t structure. - * - * This function must be called after a succesful MHD__gnutls_handshake(). - * Returns a pointer to authentication information. That information - * is data obtained by the handshake protocol, the key exchange algorithm, - * and the TLS extensions messages. - * - * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; - * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; - -*/ -void * -MHD_gtls_get_auth_info (MHD_gtls_session_t session) -{ - return session->key->auth_info; -} - -/*- - * MHD_gtls_free_auth_info - Frees the auth info structure - * @session: is a #MHD_gtls_session_t structure. - * - * This function frees the auth info structure and sets it to - * null. It must be called since some structures contain malloced - * elements. - -*/ -void -MHD_gtls_free_auth_info (MHD_gtls_session_t session) -{ - MHD_gtls_dh_info_st *dh_info; - rsa_info_st *rsa_info; - - if (session == NULL || session->key == NULL) - { - MHD_gnutls_assert (); - return; - } - - switch (session->key->auth_info_type) - { - case MHD_GNUTLS_CRD_CERTIFICATE: - { - unsigned int i; - cert_auth_info_t info = MHD_gtls_get_auth_info (session); - - if (info == NULL) - break; - - dh_info = &info->dh; - rsa_info = &info->rsa_export; - for (i = 0; i < info->ncerts; i++) - { - MHD__gnutls_free_datum (&info->raw_certificate_list[i]); - } - - MHD_gnutls_free (info->raw_certificate_list); - info->raw_certificate_list = NULL; - info->ncerts = 0; - - MHD_gtls_free_dh_info (dh_info); - MHD_gtls_free_rsa_info (rsa_info); - } - - - break; - default: - return; - - } - - MHD_gnutls_free (session->key->auth_info); - session->key->auth_info = NULL; - session->key->auth_info_size = 0; - session->key->auth_info_type = 0; - -} - -/* This function will set the auth info structure in the key - * structure. - * If allow change is !=0 then this will allow changing the auth - * info structure to a different type. - */ -int -MHD_gtls_auth_info_set (MHD_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, int size, - int allow_change) -{ - if (session->key->auth_info == NULL) - { - session->key->auth_info = MHD_gnutls_calloc (1, size); - if (session->key->auth_info == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - session->key->auth_info_type = type; - session->key->auth_info_size = size; - } - else - { - if (allow_change == 0) - { - /* If the credentials for the current authentication scheme, - * are not the one we want to set, then it's an error. - * This may happen if a rehandshake is performed an the - * ciphersuite which is negotiated has different authentication - * schema. - */ - if (MHD_gtls_auth_get_type (session) != - session->key->auth_info_type) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - } - else - { - /* The new behaviour: Here we reallocate the auth info structure - * in order to be able to negotiate different authentication - * types. Ie. perform an auth_anon and then authenticate again using a - * certificate (in order to prevent revealing the certificate's contents, - * to passive eavesdropers. - */ - if (MHD_gtls_auth_get_type (session) != - session->key->auth_info_type) - { - - MHD_gtls_free_auth_info (session); - - session->key->auth_info = calloc (1, size); - if (session->key->auth_info == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - session->key->auth_info_type = type; - session->key->auth_info_size = size; - } - } - } - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth.h deleted file mode 100644 index 4956268cc8..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_AUTH_H -#define GNUTLS_AUTH_H - -typedef struct MHD_gtls_mod_auth_st_int -{ - const char *name; /* null terminated */ - int (*MHD_gtls_gen_server_certificate) (MHD_gtls_session_t, opaque **); - int (*MHD_gtls_gen_client_certificate) (MHD_gtls_session_t, opaque **); - int (*MHD_gtls_gen_server_kx) (MHD_gtls_session_t, opaque **); - int (*MHD_gtls_gen_client_kx) (MHD_gtls_session_t, opaque **); /* used in SRP */ - int (*MHD_gtls_gen_client_cert_vrfy) (MHD_gtls_session_t, opaque **); - int (*MHD_gtls_gen_server_certificate_request) (MHD_gtls_session_t, - opaque **); - - int (*MHD_gtls_process_server_certificate) (MHD_gtls_session_t, opaque *, - size_t); - int (*MHD_gtls_process_client_certificate) (MHD_gtls_session_t, opaque *, - size_t); - int (*MHD_gtls_process_server_kx) (MHD_gtls_session_t, opaque *, size_t); - int (*MHD_gtls_process_client_kx) (MHD_gtls_session_t, opaque *, size_t); - int (*MHD_gtls_process_client_cert_vrfy) (MHD_gtls_session_t, opaque *, - size_t); - int (*MHD_gtls_process_server_certificate_request) (MHD_gtls_session_t, - opaque *, size_t); -} MHD_gtls_mod_auth_st; - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth_int.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth_int.h deleted file mode 100644 index 425dc8a318..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_auth_int.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -const void *MHD_gtls_get_cred (MHD_gtls_key_st key, - enum MHD_GNUTLS_CredentialsType kx, int *err); -const void *MHD_gtls_get_kx_cred (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algo, - int *err); -void *MHD_gtls_get_auth_info (MHD_gtls_session_t session); -int MHD_gtls_auth_info_set (MHD_gtls_session_t session, - enum MHD_GNUTLS_CredentialsType type, int size, - int allow_change); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_buffers.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_buffers.c deleted file mode 100644 index c687cb2313..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_buffers.c +++ /dev/null @@ -1,1111 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This is the only file that uses the berkeley sockets API. - * - * Also holds all the buffering code used in gnutls. - * The buffering code works as: - * - * RECORD LAYER: - * 1. uses a buffer to hold data (application/handshake), - * we got but they were not requested, yet. - * (see MHD_gnutls_record_buffer_put(), MHD_gnutls_record_buffer_get_size() etc.) - * - * 2. uses a buffer to hold data that were incomplete (ie the read/write - * was interrupted) - * (see MHD_gtls_io_read_buffered(), MHD_gtls_io_write_buffered() etc.) - * - * HANDSHAKE LAYER: - * 1. Uses a buffer to hold data that was not sent or received - * complete. (E.g. sent 10 bytes of a handshake packet that is 20 bytes - * long). - * (see MHD__gnutls_handshake_send_int(), MHD__gnutls_handshake_recv_int()) - * - * 2. Uses buffer to hold the last received handshake message. - * (see MHD_gtls_handshake_buffer_put() etc.) - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_num.h> -#include <gnutls_record.h> -#include <gnutls_buffers.h> - -#include <errno.h> - -#ifdef _WIN32 -# include <winsock2.h> -#endif - -#ifndef EAGAIN -# define EAGAIN EWOULDBLOCK -#endif - -/* Buffers received packets of type APPLICATION DATA and - * HANDSHAKE DATA. - */ -int -MHD_gnutls_record_buffer_put (content_type_t type, - MHD_gtls_session_t session, opaque * data, - size_t length) -{ - MHD_gtls_buffer *buf; - - if (length == 0) - return 0; - - switch (type) - { - case GNUTLS_APPLICATION_DATA: - buf = &session->internals.application_data_buffer; - MHD__gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", - length, type); - break; - - case GNUTLS_HANDSHAKE: - buf = &session->internals.handshake_data_buffer; - MHD__gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", - length, type); - break; - - case GNUTLS_INNER_APPLICATION: - buf = &session->internals.ia_data_buffer; - MHD__gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", - length, type); - break; - - default: - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (MHD_gtls_buffer_append (buf, data, length) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; -} - -int -MHD_gnutls_record_buffer_get_size (content_type_t type, - MHD_gtls_session_t session) -{ - switch (type) - { - case GNUTLS_APPLICATION_DATA: - return session->internals.application_data_buffer.length; - - case GNUTLS_HANDSHAKE: - return session->internals.handshake_data_buffer.length; - - case GNUTLS_INNER_APPLICATION: - return session->internals.ia_data_buffer.length; - - default: - return GNUTLS_E_INVALID_REQUEST; - } -} - -int -MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session, - opaque * data, size_t length) -{ - if (length == 0 || data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - switch (type) - { - case GNUTLS_APPLICATION_DATA: - - if (length > session->internals.application_data_buffer.length) - { - length = session->internals.application_data_buffer.length; - } - - MHD__gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", - length, type); - - session->internals.application_data_buffer.length -= length; - memcpy (data, session->internals.application_data_buffer.data, length); - - /* overwrite buffer */ - memmove (session->internals.application_data_buffer.data, - &session->internals.application_data_buffer.data[length], - session->internals.application_data_buffer.length); - - /* we do no longer realloc the application_data_buffer.data, - * since it serves no practical reason. It also decreases - * performance. - */ - break; - - case GNUTLS_HANDSHAKE: - if (length > session->internals.handshake_data_buffer.length) - { - length = session->internals.handshake_data_buffer.length; - } - - MHD__gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", - length, type); - - session->internals.handshake_data_buffer.length -= length; - memcpy (data, session->internals.handshake_data_buffer.data, length); - - /* overwrite buffer */ - memmove (session->internals.handshake_data_buffer.data, - &session->internals.handshake_data_buffer.data[length], - session->internals.handshake_data_buffer.length); - - break; - - case GNUTLS_INNER_APPLICATION: - if (length > session->internals.ia_data_buffer.length) - length = session->internals.ia_data_buffer.length; - - MHD__gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", - length, type); - - session->internals.ia_data_buffer.length -= length; - memcpy (data, session->internals.ia_data_buffer.data, length); - - /* overwrite buffer */ - memmove (session->internals.ia_data_buffer.data, - &session->internals.ia_data_buffer.data[length], - session->internals.ia_data_buffer.length); - - break; - - default: - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - return length; -} - -/* This function is like read. But it does not return -1 on error. - * It does return MHD_gnutls_errno instead. - * - * Flags are only used if the default recv() function is being used. - */ -static ssize_t -MHD__gnutls_read (MHD_gtls_session_t session, void *iptr, - size_t sizeOfPtr, int flags) -{ - size_t left; - ssize_t i = 0; - char *ptr = iptr; - MHD_gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr; - - session->internals.direction = 0; - - left = sizeOfPtr; - while (left > 0) - { - session->internals.errnum = 0; - if (session->internals.MHD__gnutls_pull_func == NULL) - { - i = - recv (GNUTLS_POINTER_TO_INT (fd), &ptr[sizeOfPtr - left], left, - flags); -#if HAVE_WINSOCK - if (i < 0) - { - int tmperr = WSAGetLastError (); - switch (tmperr) - { - case WSAEWOULDBLOCK: - session->internals.errnum = EAGAIN; - break; - - case WSAEINTR: - session->internals.errnum = EINTR; - break; - - default: - session->internals.errnum = EIO; - break; - } - WSASetLastError (tmperr); - } -#endif - } - else - i = session->internals.MHD__gnutls_pull_func (fd, - &ptr[sizeOfPtr - left], - left); - if (i < 0) - { - int err = session->internals.errnum ? session->internals.errnum - : errno; - if ( (err == EAGAIN) || (err == EINTR) ) - { - if (sizeOfPtr - left > 0) - goto finish; - MHD_gnutls_assert (); - if (err == EAGAIN) - return GNUTLS_E_AGAIN; - return GNUTLS_E_INTERRUPTED; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_PULL_ERROR; - } - } - else - { - if (i == 0) - break; /* EOF */ - } - left -= i; - } - -finish: - return (sizeOfPtr - left); -} - -#define RCVLOWAT session->internals.lowat - -/* This function is only used with berkeley style sockets. - * Clears the peeked data (read with MSG_PEEK). - */ -int -MHD_gtls_io_clear_peeked_data (MHD_gtls_session_t session) -{ - char *peekdata; - int ret, sum; - - if (session->internals.have_peeked_data == 0 || RCVLOWAT == 0) - return 0; - - peekdata = MHD_gnutls_alloca (RCVLOWAT); - if (peekdata == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - /* this was already read by using MSG_PEEK - so it shouldn't fail */ - sum = 0; - do - { /* we need this to finish now */ - ret = MHD__gnutls_read (session, peekdata, RCVLOWAT - sum, 0); - if (ret > 0) - sum += ret; - } - while ( (ret == GNUTLS_E_INTERRUPTED) || - (ret == GNUTLS_E_AGAIN) || - (sum < RCVLOWAT) ); - - MHD_gnutls_afree (peekdata); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - session->internals.have_peeked_data = 0; - - return 0; -} - -void -MHD_gtls_io_clear_read_buffer (MHD_gtls_session_t session) -{ - session->internals.record_recv_buffer.length = 0; -} - -/* This function is like recv(with MSG_PEEK). But it does not return -1 on error. - * It does return MHD_gnutls_errno instead. - * This function reads data from the socket and keeps them in a buffer, of up to - * MAX_RECV_SIZE. - * - * This is not a general purpose function. It returns EXACTLY the data requested, - * which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned. - * - */ -ssize_t -MHD_gtls_io_read_buffered (MHD_gtls_session_t session, opaque ** iptr, - size_t sizeOfPtr, content_type_t recv_type) -{ - ssize_t ret = 0, ret2 = 0; - size_t min; - int buf_pos; - opaque *buf; - int recvlowat; - int recvdata, alloc_size; - - *iptr = session->internals.record_recv_buffer.data; - - if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0) - { - MHD_gnutls_assert (); /* internal error */ - return GNUTLS_E_INVALID_REQUEST; - } - - /* If an external pull function is used, then do not leave - * any data into the kernel buffer. - */ - if (session->internals.MHD__gnutls_pull_func != NULL) - { - recvlowat = 0; - } - else - { - /* leave peeked data to the kernel space only if application data - * is received and we don't have any peeked - * data in gnutls session. - */ - if (recv_type != GNUTLS_APPLICATION_DATA - && session->internals.have_peeked_data == 0) - recvlowat = 0; - else - recvlowat = RCVLOWAT; - } - - /* calculate the actual size, ie. get the minimum of the - * buffered data and the requested data. - */ - min = MIN (session->internals.record_recv_buffer.length, sizeOfPtr); - if (min > 0) - { - /* if we have enough buffered data - * then just return them. - */ - if (min == sizeOfPtr) - { - return min; - } - } - - /* min is over zero. recvdata is the data we must - * receive in order to return the requested data. - */ - recvdata = sizeOfPtr - min; - - /* Check if the previously read data plus the new data to - * receive are longer than the maximum receive buffer size. - */ - if ((session->internals.record_recv_buffer.length + recvdata) - > MAX_RECV_SIZE) - { - MHD_gnutls_assert (); /* internal error */ - return GNUTLS_E_INVALID_REQUEST; - } - - /* Allocate the data required to store the new packet. - */ - alloc_size = recvdata + session->internals.record_recv_buffer.length; - session->internals.record_recv_buffer.data = - MHD_gtls_realloc_fast (session->internals.record_recv_buffer.data, - alloc_size); - if (session->internals.record_recv_buffer.data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - buf_pos = session->internals.record_recv_buffer.length; - buf = session->internals.record_recv_buffer.data; - *iptr = buf; - - /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */ - if (recvdata - recvlowat > 0) - { - ret = - MHD__gnutls_read (session, &buf[buf_pos], recvdata - recvlowat, 0); - - /* return immediately if we got an interrupt or eagain - * error. - */ - if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) - { - return ret; - } - } - - /* copy fresh data to our buffer. - */ - if (ret > 0) - { - MHD__gnutls_read_log - ("RB: Have %d bytes into buffer. Adding %d bytes.\n", - session->internals.record_recv_buffer.length, ret); - MHD__gnutls_read_log ("RB: Requested %d bytes\n", sizeOfPtr); - session->internals.record_recv_buffer.length += ret; - } - - buf_pos = session->internals.record_recv_buffer.length; - - /* This is a hack placed in order for select to work. Just leave recvlowat data, - * into the kernel buffer (using a read with MSG_PEEK), thus making - * select think, that the socket is ready for reading. - * MSG_PEEK is only used with berkeley style sockets. - */ - if (ret == (recvdata - recvlowat) && recvlowat > 0) - { - ret2 = MHD__gnutls_read (session, &buf[buf_pos], recvlowat, MSG_PEEK); - - if (ret2 < 0 && MHD_gtls_error_is_fatal (ret2) == 0) - { - return ret2; - } - - if (ret2 > 0) - { - MHD__gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", - ret2); - MHD__gnutls_read_log - ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", - session->internals.record_recv_buffer.length, ret2, sizeOfPtr); - session->internals.have_peeked_data = 1; - session->internals.record_recv_buffer.length += ret2; - - } - } - - if (ret < 0 || ret2 < 0) - { - MHD_gnutls_assert (); - /* that's because they are initialized to 0 */ - return MIN (ret, ret2); - } - - ret += ret2; - - if (ret > 0 && ret < recvlowat) - { - MHD_gnutls_assert (); - return GNUTLS_E_AGAIN; - } - - if (ret == 0) - { /* EOF */ - MHD_gnutls_assert (); - return 0; - } - - ret = session->internals.record_recv_buffer.length; - - if ((ret > 0) && ((size_t) ret < sizeOfPtr)) - { - /* Short Read */ - MHD_gnutls_assert (); - return GNUTLS_E_AGAIN; - } - else - { - return ret; - } -} - -/* These two functions are used to insert data to the send buffer of the handshake or - * record protocol. The send buffer is kept if a send is interrupted and we need to keep - * the data left to sent, in order to send them later. - */ - -#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y)) - -inline static int -MHD__gnutls_buffer_insert (MHD_gtls_buffer * buffer, - const opaque * _data, size_t data_size) -{ - - if ((MEMSUB (_data, buffer->data) >= 0) - && (MEMSUB (_data, buffer->data) < (ssize_t) buffer->length)) - { - /* the given _data is part of the buffer. - */ - if (data_size > buffer->length) - { - MHD_gnutls_assert (); - /* this shouldn't have happened */ - return GNUTLS_E_INTERNAL_ERROR; - } - - if (_data == buffer->data) - { /* then don't even memmove */ - buffer->length = data_size; - return 0; - } - - memmove (buffer->data, _data, data_size); - buffer->length = data_size; - - return 0; - - } - - if (MHD_gtls_buffer_append (buffer, _data, data_size) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; -} - -inline static int -MHD__gnutls_buffer_get (MHD_gtls_buffer * buffer, - const opaque ** ptr, size_t * ptr_size) -{ - *ptr_size = buffer->length; - *ptr = buffer->data; - - return 0; -} - -/* This function is like write. But it does not return -1 on error. - * It does return MHD_gnutls_errno instead. - * - * In case of E_AGAIN and E_INTERRUPTED errors, you must call MHD_gnutls_write_flush(), - * until it returns ok (0). - * - * We need to push exactly the data in n, since we cannot send less - * data. In TLS the peer must receive the whole packet in order - * to decrypt and verify the integrity. - * - */ -ssize_t -MHD_gtls_io_write_buffered (MHD_gtls_session_t session, - const void *iptr, size_t n) -{ - size_t left; - unsigned j, x, sum = 0; - ssize_t retval, i; - const opaque *ptr; - int ret; - MHD_gnutls_transport_ptr_t fd = session->internals.transport_send_ptr; - - /* to know where the procedure was interrupted. - */ - session->internals.direction = 1; - - ptr = iptr; - - /* In case the previous write was interrupted, check if the - * iptr != NULL and we have data in the buffer. - * If this is true then return an error. - */ - if (session->internals.record_send_buffer.length > 0 && iptr != NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - /* If data in the buffer exist - */ - if (iptr == NULL) - { - /* checking is handled above */ - ret = - MHD__gnutls_buffer_get (&session->internals.record_send_buffer, &ptr, - &n); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD__gnutls_write_log - ("WRITE: Restoring old write. (%d bytes to send)\n", n); - } - - MHD__gnutls_write_log ("WRITE: Will write %d bytes to %d.\n", n, fd); - - i = 0; - left = n; - while (left > 0) - { - - session->internals.errnum = 0; - - if (session->internals.MHD__gnutls_push_func == NULL) - { - i = send (GNUTLS_POINTER_TO_INT (fd), &ptr[n - left], left, 0); -#if HAVE_WINSOCK - if (i < 0) - { - int tmperr = WSAGetLastError (); - switch (tmperr) - { - case WSAEWOULDBLOCK: - session->internals.errnum = EAGAIN; - break; - - case WSAEINTR: - session->internals.errnum = EINTR; - break; - - default: - session->internals.errnum = EIO; - break; - } - WSASetLastError (tmperr); - } -#endif - } - else - i = session->internals.MHD__gnutls_push_func (fd, &ptr[n - left], left); - if (i == -1) - { - int err = session->internals.errnum ? session->internals.errnum - : errno; - - if ( (err == EAGAIN) || (err == EINTR) ) - { - session->internals.record_send_buffer_prev_size += n - left; - - retval = - MHD__gnutls_buffer_insert (&session-> - internals.record_send_buffer, - &ptr[n - left], left); - if (retval < 0) - { - MHD_gnutls_assert (); - return retval; - } - if (err == EAGAIN) - return GNUTLS_E_AGAIN; - return GNUTLS_E_INTERRUPTED; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_PUSH_ERROR; - } - } - left -= i; - - if (MHD__gnutls_log_level >= 7) - { - char line[128]; - char tmp[16]; - - MHD__gnutls_write_log - ("WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n", - i, fd, left, n); - for (x = 0; x < (unsigned) ((i) / 16) + 1; x++) - { - line[0] = 0; - - if (sum > n - left) - break; - - sprintf (tmp, "%.4x - ", x); - MHD_gtls_str_cat (line, sizeof (line), tmp); - - for (j = 0; j < 16; j++) - { - if (sum < n - left) - { - sprintf (tmp, "%.2x ", ((unsigned char *) ptr)[sum++]); - MHD_gtls_str_cat (line, sizeof (line), tmp); - } - else - break; - } - MHD__gnutls_write_log ("%s\n", line); - } - } - } - - retval = n + session->internals.record_send_buffer_prev_size; - - session->internals.record_send_buffer.length = 0; - session->internals.record_send_buffer_prev_size = 0; - - return retval; - -} - -/* This function writes the data that are left in the - * TLS write buffer (ie. because the previous write was - * interrupted. - */ -ssize_t -MHD_gtls_io_write_flush (MHD_gtls_session_t session) -{ - ssize_t ret; - - if (session->internals.record_send_buffer.length == 0) - return 0; /* done */ - - ret = MHD_gtls_io_write_buffered (session, NULL, 0); - MHD__gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", ret, - session->internals.record_send_buffer.length); - - return ret; -} - -/* This function writes the data that are left in the - * Handshake write buffer (ie. because the previous write was - * interrupted. - */ -ssize_t -MHD_gtls_handshake_io_write_flush (MHD_gtls_session_t session) -{ - ssize_t ret; - ret = MHD_gtls_handshake_io_send_int (session, 0, 0, NULL, 0); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD__gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", ret); - - if (session->internals.handshake_send_buffer.length == 0) - { - ret = session->internals.handshake_send_buffer_prev_size; /* done */ - session->internals.handshake_send_buffer_prev_size = 0; - } - - return ret; -} - -/* This is a send function for the gnutls handshake - * protocol. Just makes sure that all data have been sent. - */ -ssize_t -MHD_gtls_handshake_io_send_int (MHD_gtls_session_t session, - content_type_t type, - MHD_gnutls_handshake_description_t htype, - const void *iptr, size_t n) -{ - size_t left; - ssize_t ret = 0; - const opaque *ptr; - ssize_t retval = 0; - - ptr = iptr; - - if (session->internals.handshake_send_buffer.length > 0 && ptr == NULL && n - == 0) - { - /* resuming previously interrupted write - */ - MHD_gnutls_assert (); - ret = MHD__gnutls_buffer_get (&session->internals.handshake_send_buffer, - &ptr, &n); - if (ret < 0) - { - MHD_gnutls_assert (); - return retval; - } - - type = session->internals.handshake_send_buffer_type; - htype = session->internals.handshake_send_buffer_htype; - - } - else if (session->internals.handshake_send_buffer.length > 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -#ifdef WRITE_DEBUG - else - { - size_t sum = 0, x, j; - - MHD__gnutls_write_log ("HWRITE: will write %d bytes to %d.\n", n, - MHD_gnutls_transport_get_ptr (session)); - for (x = 0; x < ((n) / 16) + 1; x++) - { - if (sum > n) - break; - - MHD__gnutls_write_log ("%.4x - ", x); - for (j = 0; j < 16; j++) - { - if (sum < n) - { - MHD__gnutls_write_log ("%.2x ", - ((unsigned char *) ptr)[sum++]); - } - else - break; - } - MHD__gnutls_write_log ("\n"); - } - MHD__gnutls_write_log ("\n"); - } -#endif - - if (n == 0) - { /* if we have no data to send */ - MHD_gnutls_assert (); - return 0; - } - else if (ptr == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - left = n; - while (left > 0) - { - ret = MHD_gtls_send_int (session, type, htype, &ptr[n - left], left); - - if (ret <= 0) - { - if (ret == 0) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - } - - if (left > 0 && (ret == GNUTLS_E_INTERRUPTED || ret - == GNUTLS_E_AGAIN)) - { - MHD_gnutls_assert (); - - retval = - MHD__gnutls_buffer_insert (&session->internals. - handshake_send_buffer, - &ptr[n - left], left); - if (retval < 0) - { - MHD_gnutls_assert (); - return retval; - } - - session->internals.handshake_send_buffer_prev_size += n - left; - - session->internals.handshake_send_buffer_type = type; - session->internals.handshake_send_buffer_htype = htype; - - } - else - { - session->internals.handshake_send_buffer_prev_size = 0; - session->internals.handshake_send_buffer.length = 0; - } - - MHD_gnutls_assert (); - return ret; - } - left -= ret; - } - - retval = n + session->internals.handshake_send_buffer_prev_size; - - session->internals.handshake_send_buffer.length = 0; - session->internals.handshake_send_buffer_prev_size = 0; - - return retval; - -} - -/* This is a receive function for the gnutls handshake - * protocol. Makes sure that we have received all data. - */ -ssize_t -MHD_gtls_handshake_io_recv_int (MHD_gtls_session_t session, - content_type_t type, - MHD_gnutls_handshake_description_t htype, - void *iptr, size_t sizeOfPtr) -{ - size_t left; - ssize_t i; - opaque *ptr; - size_t dsize; - - ptr = iptr; - left = sizeOfPtr; - - if (sizeOfPtr == 0 || iptr == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (session->internals.handshake_recv_buffer.length > 0) - { - /* if we have already received some data */ - if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) - { - /* if requested less data then return it. - */ - MHD_gnutls_assert (); - memcpy (iptr, session->internals.handshake_recv_buffer.data, - sizeOfPtr); - - session->internals.handshake_recv_buffer.length -= sizeOfPtr; - - memmove (session->internals.handshake_recv_buffer.data, - &session->internals.handshake_recv_buffer.data[sizeOfPtr], - session->internals.handshake_recv_buffer.length); - - return sizeOfPtr; - } - MHD_gnutls_assert (); - memcpy (iptr, session->internals.handshake_recv_buffer.data, - session->internals.handshake_recv_buffer.length); - - htype = session->internals.handshake_recv_buffer_htype; - type = session->internals.handshake_recv_buffer_type; - - left -= session->internals.handshake_recv_buffer.length; - - session->internals.handshake_recv_buffer.length = 0; - } - - while (left > 0) - { - dsize = sizeOfPtr - left; - i = MHD_gtls_recv_int (session, type, htype, &ptr[dsize], left); - if (i < 0) - { - - if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN)) - { - MHD_gnutls_assert (); - - session->internals.handshake_recv_buffer.data - = - MHD_gtls_realloc_fast (session->internals. - handshake_recv_buffer.data, dsize); - if (session->internals.handshake_recv_buffer.data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - memcpy (session->internals.handshake_recv_buffer.data, iptr, - dsize); - - session->internals.handshake_recv_buffer_htype = htype; - session->internals.handshake_recv_buffer_type = type; - - session->internals.handshake_recv_buffer.length = dsize; - } - else - session->internals.handshake_recv_buffer.length = 0; - - MHD_gnutls_assert (); - - return i; - } - else - { - if (i == 0) - break; /* EOF */ - } - - left -= i; - - } - - session->internals.handshake_recv_buffer.length = 0; - - return sizeOfPtr - left; -} - -/* Buffer for handshake packets. Keeps the packets in order - * for finished messages to use them. Used in HMAC calculation - * and finished messages. - */ -int -MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, - size_t length) -{ - - if (length == 0) - return 0; - - if ((session->internals.max_handshake_data_buffer_size > 0) && ((length - + - session-> - internals. - handshake_hash_buffer. - length) > - session-> - internals. - max_handshake_data_buffer_size)) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD__gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", length); - - if (MHD_gtls_buffer_append (&session->internals.handshake_hash_buffer, data, - length) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; -} - -/* this function does not touch the buffer - * and returns data from it (peek mode!) - */ -int -MHD_gtls_handshake_buffer_get_ptr (MHD_gtls_session_t session, - opaque ** data_ptr, size_t * length) -{ - if (length != NULL) - *length = session->internals.handshake_hash_buffer.length; - - MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", - session->internals.handshake_hash_buffer.length); - - if (data_ptr != NULL) - *data_ptr = session->internals.handshake_hash_buffer.data; - - return 0; -} - -/* Does not free the buffer - */ -int -MHD_gtls_handshake_buffer_empty (MHD_gtls_session_t session) -{ - - MHD__gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n"); - - session->internals.handshake_hash_buffer.length = 0; - - return 0; -} - -int -MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session) -{ - MHD__gnutls_buffers_log ("BUF[HSK]: Cleared Data from buffer\n"); - MHD_gtls_buffer_clear (&session->internals.handshake_hash_buffer); - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_buffers.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_buffers.h deleted file mode 100644 index e09506ac0d..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_buffers.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD_gnutls_record_buffer_put (content_type_t type, - MHD_gtls_session_t session, opaque * data, - size_t length); -int MHD_gnutls_record_buffer_get_size (content_type_t type, - MHD_gtls_session_t session); -int MHD_gtls_record_buffer_get (content_type_t type, - MHD_gtls_session_t session, opaque * data, - size_t length); -ssize_t MHD_gtls_io_read_buffered (MHD_gtls_session_t, opaque ** iptr, - size_t n, content_type_t); -void MHD_gtls_io_clear_read_buffer (MHD_gtls_session_t); -int MHD_gtls_io_clear_peeked_data (MHD_gtls_session_t session); - -ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr, - size_t n); -ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr, - size_t n, const void *iptr2, size_t n2); - -int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data, - size_t length); -int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session); -int MHD_gtls_handshake_buffer_empty (MHD_gtls_session_t session); -int MHD_gtls_handshake_buffer_get_ptr (MHD_gtls_session_t session, - opaque ** data_ptr, size_t * length); - -#define MHD__gnutls_handshake_io_buffer_clear( session) \ - MHD_gtls_buffer_clear( &session->internals.handshake_send_buffer); \ - MHD_gtls_buffer_clear( &session->internals.handshake_recv_buffer); \ - session->internals.handshake_send_buffer_prev_size = 0 - -ssize_t MHD_gtls_handshake_io_recv_int (MHD_gtls_session_t, content_type_t, - MHD_gnutls_handshake_description_t, - void *, size_t); -ssize_t MHD_gtls_handshake_io_send_int (MHD_gtls_session_t, content_type_t, - MHD_gnutls_handshake_description_t, - const void *, size_t); -ssize_t MHD_gtls_io_write_flush (MHD_gtls_session_t session); -ssize_t MHD_gtls_handshake_io_write_flush (MHD_gtls_session_t session); - -size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cert.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cert.c deleted file mode 100644 index c546b60766..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cert.c +++ /dev/null @@ -1,441 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Some of the stuff needed for Certificate authentication is contained - * in this file. - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <auth_cert.h> -#include <gnutls_cert.h> -#include <gnutls_datum.h> -#include <gnutls_mpi.h> -#include <gnutls_global.h> -#include <gnutls_algorithms.h> -#include <gnutls_dh.h> -#include <gnutls_str.h> -#include <gnutls_state.h> -#include <gnutls_auth_int.h> -#include <gnutls_x509.h> -/* x509 */ -#include "x509.h" -#include "mpi.h" - -/** - * MHD__gnutls_certificate_free_keys - Used to free all the keys from a MHD_gtls_cert_credentials_t structure - * @sc: is an #MHD_gtls_cert_credentials_t structure. - * - * This function will delete all the keys and the certificates associated - * with the given credentials. This function must not be called when a - * TLS negotiation that uses the credentials is in progress. - * - **/ -void -MHD__gnutls_certificate_free_keys (MHD_gtls_cert_credentials_t sc) -{ - unsigned i, j; - - for (i = 0; i < sc->ncerts; i++) - { - for (j = 0; j < sc->cert_list_length[i]; j++) - { - MHD_gtls_gcert_deinit (&sc->cert_list[i][j]); - } - MHD_gnutls_free (sc->cert_list[i]); - } - - MHD_gnutls_free (sc->cert_list_length); - sc->cert_list_length = NULL; - - MHD_gnutls_free (sc->cert_list); - sc->cert_list = NULL; - - for (i = 0; i < sc->ncerts; i++) - { - MHD_gtls_gkey_deinit (&sc->pkey[i]); - } - - MHD_gnutls_free (sc->pkey); - sc->pkey = NULL; - - sc->ncerts = 0; - -} - -/** - * MHD__gnutls_certificate_free_cas - Used to free all the CAs from a MHD_gtls_cert_credentials_t structure - * @sc: is an #MHD_gtls_cert_credentials_t structure. - * - * This function will delete all the CAs associated - * with the given credentials. Servers that do not use - * MHD_gtls_certificate_verify_peers2() may call this to - * save some memory. - * - **/ -void -MHD__gnutls_certificate_free_cas (MHD_gtls_cert_credentials_t sc) -{ - unsigned j; - - for (j = 0; j < sc->x509_ncas; j++) - { - MHD_gnutls_x509_crt_deinit (sc->x509_ca_list[j]); - } - - sc->x509_ncas = 0; - - MHD_gnutls_free (sc->x509_ca_list); - sc->x509_ca_list = NULL; - -} - -/** - * MHD__gnutls_certificate_free_ca_names - Used to free all the CA names from a MHD_gtls_cert_credentials_t structure - * @sc: is an #MHD_gtls_cert_credentials_t structure. - * - * This function will delete all the CA name in the - * given credentials. Clients may call this to save some memory - * since in client side the CA names are not used. - * - * CA names are used by servers to advertize the CAs they - * support to clients. - * - **/ -void -MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc) -{ - MHD__gnutls_free_datum (&sc->x509_rdn_sequence); -} - -/*- - * MHD_gtls_certificate_get_rsa_params - Returns the RSA parameters pointer - * @rsa_params: holds the RSA parameters or NULL. - * @func: function to retrieve the parameters or NULL. - * @session: The session. - * - * This function will return the rsa parameters pointer. - * - -*/ -MHD_gtls_rsa_params_t -MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params, - MHD_gnutls_params_function * func, - MHD_gtls_session_t session) -{ - MHD_gnutls_params_st params; - int ret; - - if (session->internals.params.rsa_params) - { - return session->internals.params.rsa_params; - } - - if (rsa_params) - { - session->internals.params.rsa_params = rsa_params; - } - else if (func) - { - ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, ¶ms); - if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) - { - session->internals.params.rsa_params = params.params.rsa_export; - session->internals.params.free_rsa_params = params.deinit; - } - } - - return session->internals.params.rsa_params; -} - - -/** - * MHD__gnutls_certificate_free_credentials - Used to free an allocated MHD_gtls_cert_credentials_t structure - * @sc: is an #MHD_gtls_cert_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) it. - * - * This function does not free any temporary parameters associated - * with this structure (ie RSA and DH parameters are not freed by - * this function). - **/ -void -MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t sc) -{ - MHD__gnutls_certificate_free_keys (sc); - MHD__gnutls_certificate_free_cas (sc); - MHD__gnutls_certificate_free_ca_names (sc); -#ifdef KEYRING_HACK - MHD__gnutls_free_datum (&sc->keyring); -#endif - - MHD_gnutls_free (sc); -} - - -/** - * MHD__gnutls_certificate_allocate_credentials - Used to allocate a MHD_gtls_cert_credentials_t structure - * @res: is a pointer to an #MHD_gtls_cert_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to allocate it. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ -int -MHD__gnutls_certificate_allocate_credentials (MHD_gtls_cert_credentials_t * - res) -{ - *res = MHD_gnutls_calloc (1, sizeof (MHD_gtls_cert_credentials_st)); - - if (*res == NULL) - return GNUTLS_E_MEMORY_ERROR; - - (*res)->verify_bits = DEFAULT_VERIFY_BITS; - (*res)->verify_depth = DEFAULT_VERIFY_DEPTH; - - return 0; -} - - -/* returns the KX algorithms that are supported by a - * certificate. (Eg a certificate with RSA params, supports - * GNUTLS_KX_RSA algorithm). - * This function also uses the KeyUsage field of the certificate - * extensions in order to disable unneded algorithms. - */ -int -MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm - **alg, int *alg_size) -{ - enum MHD_GNUTLS_KeyExchangeAlgorithm kx; - enum MHD_GNUTLS_PublicKeyAlgorithm pk; - enum MHD_GNUTLS_KeyExchangeAlgorithm kxlist[MAX_ALGOS]; - MHD_gnutls_cert *cert; - int i; - - if (session->internals.selected_cert_list_length == 0) - { - *alg_size = 0; - *alg = NULL; - return 0; - } - - cert = &session->internals.selected_cert_list[0]; - i = 0; - - for (kx = 0; kx < MAX_ALGOS; kx++) - { - pk = MHD_gtls_map_pk_get_pk (kx); - if (pk == cert->subject_pk_algorithm) - { - /* then check key usage */ - if (MHD__gnutls_check_key_usage (cert, kx) == 0) - { - kxlist[i] = kx; - i++; - } - } - } - - if (i == 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - *alg = - MHD_gnutls_calloc (1, sizeof (enum MHD_GNUTLS_KeyExchangeAlgorithm) * i); - if (*alg == NULL) - return GNUTLS_E_MEMORY_ERROR; - - *alg_size = i; - - memcpy (*alg, kxlist, i * sizeof (enum MHD_GNUTLS_KeyExchangeAlgorithm)); - - return 0; -} - - - -int -MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, - enum MHD_GNUTLS_CertificateType type, - const MHD_gnutls_datum_t * raw_cert, - int flags /* OR of ConvFlags */ ) -{ - switch (type) - { - case MHD_GNUTLS_CRT_X509: - return MHD_gtls_x509_raw_cert_to_gcert (gcert, raw_cert, flags); - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -} - -/* This function will convert a der certificate to a format - * (structure) that gnutls can understand and use. Actually the - * important thing on this function is that it extracts the - * certificate's (public key) parameters. - * - * The noext flag is used to complete the handshake even if the - * extensions found in the certificate are unsupported and critical. - * The critical extensions will be catched by the verification functions. - */ -int -MHD_gtls_x509_raw_cert_to_gcert (MHD_gnutls_cert * gcert, - const MHD_gnutls_datum_t * derCert, - int flags /* OR of ConvFlags */ ) -{ - int ret; - MHD_gnutls_x509_crt_t cert; - - ret = MHD_gnutls_x509_crt_init (&cert); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD_gnutls_x509_crt_import (cert, derCert, GNUTLS_X509_FMT_DER); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_x509_crt_deinit (cert); - return ret; - } - - ret = MHD_gtls_x509_crt_to_gcert (gcert, cert, flags); - MHD_gnutls_x509_crt_deinit (cert); - - return ret; -} - -/* Like above but it accepts a parsed certificate instead. - */ -int -MHD_gtls_x509_crt_to_gcert (MHD_gnutls_cert * gcert, - MHD_gnutls_x509_crt_t cert, unsigned int flags) -{ - int ret = 0; - - memset (gcert, 0, sizeof (MHD_gnutls_cert)); - gcert->cert_type = MHD_GNUTLS_CRT_X509; - - if (!(flags & CERT_NO_COPY)) - { -#define SMALL_DER 512 - opaque *der; - size_t der_size = SMALL_DER; - - /* initially allocate a bogus size, just in case the certificate - * fits in it. That way we minimize the DER encodings performed. - */ - der = MHD_gnutls_malloc (SMALL_DER); - if (der == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - MHD_gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, - &der_size); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - MHD_gnutls_assert (); - MHD_gnutls_free (der); - return ret; - } - - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - der = MHD_gnutls_realloc (der, der_size); - if (der == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - MHD_gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, - &der_size); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (der); - return ret; - } - } - - gcert->raw.data = der; - gcert->raw.size = der_size; - } - else - /* now we have 0 or a bitwise or of things to decode */ - flags ^= CERT_NO_COPY; - - - if (flags & CERT_ONLY_EXTENSIONS || flags == 0) - { - MHD_gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL); - gcert->version = MHD_gnutls_x509_crt_get_version (cert); - } - gcert->subject_pk_algorithm = - MHD_gnutls_x509_crt_get_pk_algorithm (cert, NULL); - - if (flags & CERT_ONLY_PUBKEY || flags == 0) - { - gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; - ret = - MHD__gnutls_x509_crt_get_mpis (cert, gcert->params, - &gcert->params_size); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - return 0; - -} - -void -MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert) -{ - int i; - - if (cert == NULL) - return; - - for (i = 0; i < cert->params_size; i++) - { - MHD_gtls_mpi_release (&cert->params[i]); - } - - MHD__gnutls_free_datum (&cert->raw); -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cert.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cert.h deleted file mode 100644 index 124ac96352..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cert.h +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_CERT_H -# define GNUTLS_CERT_H - -#include <gnutls_pk.h> -#include "x509.h" - -#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ - -/* parameters should not be larger than this limit */ -#define DSA_PUBLIC_PARAMS 4 -#define RSA_PUBLIC_PARAMS 2 - -/* For key Usage, test as: - * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ... - */ -#define KEY_DIGITAL_SIGNATURE 128 -#define KEY_NON_REPUDIATION 64 -#define KEY_KEY_ENCIPHERMENT 32 -#define KEY_DATA_ENCIPHERMENT 16 -#define KEY_KEY_AGREEMENT 8 -#define KEY_KEY_CERT_SIGN 4 -#define KEY_CRL_SIGN 2 -#define KEY_ENCIPHER_ONLY 1 -#define KEY_DECIPHER_ONLY 32768 - -typedef struct MHD_gnutls_cert -{ - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - * RSA: [0] is modulus - * [1] is public exponent - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is public key - */ - int params_size; /* holds the size of MPI params */ - - enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm; - - unsigned int key_usage; /* bits from KEY_* - */ - - unsigned int version; - /* holds the type (PGP, X509) - */ - enum MHD_GNUTLS_CertificateType cert_type; - - MHD_gnutls_datum_t raw; - -} MHD_gnutls_cert; - -typedef struct MHD_gnutls_privkey_int -{ - mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - */ - /* - * RSA: [0] is modulus - * [1] is public exponent - * [2] is private exponent - * [3] is prime1 (p) - * [4] is prime2 (q) - * [5] is coefficient (u == inverse of p mod q) - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is y (public key) - * [4] is x (private key) - */ - int params_size; /* holds the number of params */ - - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; -} MHD_gnutls_privkey; - -struct MHD_gtls_session_int; /* because MHD_gtls_session_t is not defined when this file is included */ - -typedef enum ConvFlags -{ - CERT_NO_COPY = 2, - CERT_ONLY_PUBKEY = 4, - CERT_ONLY_EXTENSIONS = 16 -} ConvFlags; - -int MHD_gtls_x509_raw_cert_to_gcert (MHD_gnutls_cert * gcert, - const MHD_gnutls_datum_t * derCert, - int flags); -int MHD_gtls_x509_crt_to_gcert (MHD_gnutls_cert * gcert, - MHD_gnutls_x509_crt_t cert, - unsigned int flags); - -void MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key); -void MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert); - -int MHD_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session, - enum MHD_GNUTLS_KeyExchangeAlgorithm - **alg, int *alg_size); - -int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert, - enum MHD_GNUTLS_CertificateType type, - const MHD_gnutls_datum_t * raw_cert, - int flags /* OR of ConvFlags */ ); -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher.c deleted file mode 100644 index 5004d13ce7..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher.c +++ /dev/null @@ -1,499 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Some high level functions to be used in the record encryption are - * included here. - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include "gnutls_cipher.h" -#include "gnutls_algorithms.h" -#include "gnutls_hash_int.h" -#include "gnutls_cipher_int.h" -#include "debug.h" -#include "gnutls_num.h" -#include "gnutls_datum.h" -#include "gnutls_kx.h" -#include "gnutls_record.h" -#include "gnutls_constate.h" -#include <gc.h> - -/* returns ciphertext which contains the headers too. This also - * calculates the size in the header field. - * - * If random pad != 0 then the random pad data will be appended. - */ -int -MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, int random_pad) -{ - MHD_gnutls_datum_t plain; - MHD_gnutls_datum_t comp; - int ret; - int free_comp = 1; - - plain.data = (opaque *) data; - plain.size = data_size; - - comp = plain; - free_comp = 0; - ret = MHD_gtls_compressed2ciphertext (session, &ciphertext[headers_size], - ciphertext_size - headers_size, - comp, type, random_pad); - - if (free_comp) - MHD__gnutls_free_datum (&comp); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - - /* copy the headers */ - memcpy (ciphertext, headers, headers_size); - MHD_gtls_write_uint16 (ret, &ciphertext[3]); - - return ret + headers_size; -} - -/* Decrypts the given data. - * Returns the decrypted data length. - */ -int -MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, - size_t max_data_size, content_type_t type) -{ - MHD_gnutls_datum_t gcipher; - - if (ciphertext_size == 0) - return 0; - - gcipher.size = ciphertext_size; - gcipher.data = ciphertext; - - return - MHD_gtls_ciphertext2compressed (session, data, max_data_size, - gcipher, type); -} - -inline static mac_hd_t -mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size, - int ver) -{ - mac_hd_t td; - - if (mac == MHD_GNUTLS_MAC_NULL) - return GNUTLS_MAC_FAILED; - - if (ver == MHD_GNUTLS_PROTOCOL_SSL3) - { /* SSL 3.0 */ - td = MHD_gnutls_mac_init_ssl3 (mac, secret, secret_size); - } - else - { /* TLS 1.x */ - td = MHD_gtls_MHD_hmac_init (mac, secret, secret_size); - } - - return td; -} - -inline static void -mac_deinit (mac_hd_t td, opaque * res, int ver) -{ - if (ver == MHD_GNUTLS_PROTOCOL_SSL3) - { /* SSL 3.0 */ - MHD_gnutls_mac_deinit_ssl3 (td, res); - } - else - { - MHD_gnutls_MHD_hmac_deinit (td, res); - } -} - -inline static int -calc_enc_length (MHD_gtls_session_t session, int data_size, - int hash_size, uint8_t * pad, int random_pad, - cipher_type_t block_algo, uint16_t blocksize) -{ - uint8_t rnd; - int length; - - *pad = 0; - - switch (block_algo) - { - case CIPHER_STREAM: - length = data_size + hash_size; - - break; - case CIPHER_BLOCK: - if (MHD_gc_nonce ((char *) &rnd, 1) != GC_OK) - { - MHD_gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } - - /* make rnd a multiple of blocksize */ - if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3 || - random_pad == 0) - { - rnd = 0; - } - else - { - rnd = (rnd / blocksize) * blocksize; - /* added to avoid the case of pad calculated 0 - * seen below for pad calculation. - */ - if (rnd > blocksize) - rnd -= blocksize; - } - - length = data_size + hash_size; - - *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd; - - length += *pad; - if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) - length += blocksize; /* for the IV */ - - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - return length; -} - -/* This is the actual encryption - * Encrypts the given compressed datum, and puts the result to cipher_data, - * which has cipher_size size. - * return the actual encrypted data length. - */ -int -MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session, - opaque * cipher_data, int cipher_size, - MHD_gnutls_datum_t compressed, - content_type_t _type, int random_pad) -{ - uint8_t MAC[MAX_HASH_SIZE]; - uint16_t c_length; - uint8_t pad; - int length, ret; - mac_hd_t td; - uint8_t type = _type; - uint8_t major, minor; - int hash_size = - MHD_gnutls_hash_get_algo_len (session->security_parameters. - write_mac_algorithm); - enum MHD_GNUTLS_Protocol ver; - int blocksize = - MHD_gtls_cipher_get_block_size (session->security_parameters. - write_bulk_cipher_algorithm); - cipher_type_t block_algo = - MHD_gtls_cipher_is_block (session->security_parameters. - write_bulk_cipher_algorithm); - opaque *data_ptr; - - - ver = MHD__gnutls_protocol_get_version (session); - minor = MHD_gtls_version_get_minor (ver); - major = MHD_gtls_version_get_major (ver); - - - /* Initialize MAC */ - td = mac_init (session->security_parameters.write_mac_algorithm, - session->connection_state.write_mac_secret.data, - session->connection_state.write_mac_secret.size, ver); - - if (td == GNUTLS_MAC_FAILED - && session->security_parameters.write_mac_algorithm != - MHD_GNUTLS_MAC_NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - c_length = MHD_gtls_conv_uint16 (compressed.size); - - if (td != GNUTLS_MAC_FAILED) - { /* actually when the algorithm in not the NULL one */ - MHD_gnutls_hash (td, - UINT64DATA (session->connection_state. - write_sequence_number), 8); - - MHD_gnutls_hash (td, &type, 1); - if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) - { /* TLS 1.0 or higher */ - MHD_gnutls_hash (td, &major, 1); - MHD_gnutls_hash (td, &minor, 1); - } - MHD_gnutls_hash (td, &c_length, 2); - MHD_gnutls_hash (td, compressed.data, compressed.size); - mac_deinit (td, MAC, ver); - } - - - /* Calculate the encrypted length (padding etc.) - */ - length = - calc_enc_length (session, compressed.size, hash_size, &pad, - random_pad, block_algo, blocksize); - if (length < 0) - { - MHD_gnutls_assert (); - return length; - } - - /* copy the encrypted data to cipher_data. - */ - if (cipher_size < length) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - data_ptr = cipher_data; - if (block_algo == CIPHER_BLOCK && - session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) - { - /* copy the random IV. - */ - if (MHD_gc_nonce ((char *) data_ptr, blocksize) != GC_OK) - { - MHD_gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } - data_ptr += blocksize; - } - - memcpy (data_ptr, compressed.data, compressed.size); - data_ptr += compressed.size; - - if (hash_size > 0) - { - memcpy (data_ptr, MAC, hash_size); - data_ptr += hash_size; - } - if (block_algo == CIPHER_BLOCK && pad > 0) - { - memset (data_ptr, pad - 1, pad); - } - - - /* Actual encryption (inplace). - */ - ret = - MHD_gtls_cipher_encrypt (session->connection_state.write_cipher_state, - cipher_data, length); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return length; -} - -/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size. - * Returns the actual compressed packet size. - */ -int -MHD_gtls_ciphertext2compressed (MHD_gtls_session_t session, - opaque * compress_data, - int compress_size, - MHD_gnutls_datum_t ciphertext, uint8_t type) -{ - uint8_t MAC[MAX_HASH_SIZE]; - uint16_t c_length; - uint8_t pad; - int length; - mac_hd_t td; - uint16_t blocksize; - int ret, i, pad_failed = 0; - uint8_t major, minor; - enum MHD_GNUTLS_Protocol ver; - int hash_size = - MHD_gnutls_hash_get_algo_len (session->security_parameters. - read_mac_algorithm); - - ver = MHD__gnutls_protocol_get_version (session); - minor = MHD_gtls_version_get_minor (ver); - major = MHD_gtls_version_get_major (ver); - - blocksize = - MHD_gtls_cipher_get_block_size (session->security_parameters. - read_bulk_cipher_algorithm); - - /* initialize MAC - */ - td = mac_init (session->security_parameters.read_mac_algorithm, - session->connection_state.read_mac_secret.data, - session->connection_state.read_mac_secret.size, ver); - - if (td == GNUTLS_MAC_FAILED - && session->security_parameters.read_mac_algorithm != - MHD_GNUTLS_MAC_NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - - /* actual decryption (inplace) - */ - switch (MHD_gtls_cipher_is_block - (session->security_parameters.read_bulk_cipher_algorithm)) - { - case CIPHER_STREAM: - if ((ret = - MHD_gtls_cipher_decrypt (session->connection_state. - read_cipher_state, ciphertext.data, - ciphertext.size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - length = ciphertext.size - hash_size; - - break; - case CIPHER_BLOCK: - if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) - { - MHD_gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } - - if ((ret = - MHD_gtls_cipher_decrypt (session->connection_state. - read_cipher_state, ciphertext.data, - ciphertext.size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* ignore the IV in TLS 1.1. - */ - if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1) - { - ciphertext.size -= blocksize; - ciphertext.data += blocksize; - - if (ciphertext.size == 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } - } - - pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ - - length = ciphertext.size - hash_size - pad; - - if (pad > ciphertext.size - hash_size) - { - MHD_gnutls_assert (); - /* We do not fail here. We check below for the - * the pad_failed. If zero means success. - */ - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } - - /* Check the pading bytes (TLS 1.x) - */ - if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0 && pad_failed == 0) - for (i = 2; i < pad; i++) - { - if (ciphertext.data[ciphertext.size - i] != - ciphertext.data[ciphertext.size - 1]) - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (length < 0) - length = 0; - c_length = MHD_gtls_conv_uint16 ((uint16_t) length); - - /* Pass the type, version, length and compressed through - * MAC. - */ - if (td != GNUTLS_MAC_FAILED) - { - MHD_gnutls_hash (td, - UINT64DATA (session->connection_state. - read_sequence_number), 8); - - MHD_gnutls_hash (td, &type, 1); - if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0) - { /* TLS 1.x */ - MHD_gnutls_hash (td, &major, 1); - MHD_gnutls_hash (td, &minor, 1); - } - MHD_gnutls_hash (td, &c_length, 2); - - if (length > 0) - MHD_gnutls_hash (td, ciphertext.data, length); - - mac_deinit (td, MAC, ver); - } - - /* This one was introduced to avoid a timing attack against the TLS - * 1.0 protocol. - */ - if (pad_failed != 0) - return pad_failed; - - /* HMAC was not the same. - */ - if ( (td != GNUTLS_MAC_FAILED) && - (memcmp (MAC, &ciphertext.data[length], hash_size) != 0) ) - { - MHD_gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } - - /* copy the decrypted stuff to compress_data. - */ - if (compress_size < length) - { - MHD_gnutls_assert (); - return GNUTLS_E_DECOMPRESSION_FAILED; - } - memcpy (compress_data, ciphertext.data, length); - - return length; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher.h deleted file mode 100644 index b8dc00701e..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, - int random_pad); - -int MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, - size_t data_size, content_type_t type); -int MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session, - opaque * cipher_data, int cipher_size, - MHD_gnutls_datum_t compressed, - content_type_t _type, int random_pad); -int MHD_gtls_ciphertext2compressed (MHD_gtls_session_t session, - opaque * compress_data, int compress_size, - MHD_gnutls_datum_t ciphertext, - uint8_t type); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher_int.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher_int.c deleted file mode 100644 index 7349436a06..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher_int.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (C) 2000, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_cipher_int.h> -#include <gnutls_datum.h> - -cipher_hd_t -MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, - const MHD_gnutls_datum_t * key, - const MHD_gnutls_datum_t * iv) -{ - cipher_hd_t ret = NULL; - int err = GC_INVALID_CIPHER; /* doesn't matter */ - - switch (cipher) - { - case MHD_GNUTLS_CIPHER_AES_128_CBC: - err = MHD_gc_cipher_open (GC_AES128, GC_CBC, &ret); - break; - case MHD_GNUTLS_CIPHER_AES_256_CBC: - err = MHD_gc_cipher_open (GC_AES256, GC_CBC, &ret); - break; - case MHD_GNUTLS_CIPHER_3DES_CBC: - err = MHD_gc_cipher_open (GC_3DES, GC_CBC, &ret); - break; - case MHD_GNUTLS_CIPHER_ARCFOUR_128: - err = MHD_gc_cipher_open (GC_ARCFOUR128, GC_STREAM, &ret); - break; - default: - return NULL; - } - - if (err == 0) - { - MHD_gc_cipher_setkey (ret, key->size, (const char *) key->data); - if (iv->data != NULL && iv->size > 0) - MHD_gc_cipher_setiv (ret, iv->size, (const char *) iv->data); - } - else if (cipher != MHD_GNUTLS_CIPHER_NULL) - { - MHD_gnutls_assert (); - MHD__gnutls_x509_log ("Crypto cipher[%d] error: %d\n", cipher, err); - /* FIXME: MHD_gc_strerror */ - } - - return ret; -} - -int -MHD_gtls_cipher_encrypt (cipher_hd_t handle, void *text, int textlen) -{ - if (handle != GNUTLS_CIPHER_FAILED) - { - if (MHD_gc_cipher_encrypt_inline (handle, textlen, text) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - } - return 0; -} - -int -MHD_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext, - int ciphertextlen) -{ - if (handle != GNUTLS_CIPHER_FAILED) - { - if (MHD_gc_cipher_decrypt_inline (handle, ciphertextlen, ciphertext) != - 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - } - return 0; -} - -void -MHD_gnutls_cipher_deinit (cipher_hd_t handle) -{ - if (handle != GNUTLS_CIPHER_FAILED) - { - MHD_gc_cipher_close (handle); - } -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher_int.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher_int.h deleted file mode 100644 index f00f945f74..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_cipher_int.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_CIPHER_INT -# define GNUTLS_CIPHER_INT - -#define cipher_hd_t MHD_gc_cipher_handle -#define GNUTLS_CIPHER_FAILED NULL - -// TODO MHD_gc_cipher_handle -> void * x3 -void *MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, - const MHD_gnutls_datum_t * key, - const MHD_gnutls_datum_t * iv); - -int MHD_gtls_cipher_encrypt (void *handle, void *text, int textlen); - -int MHD_gtls_cipher_decrypt (void *handle, - void *ciphertext, int ciphertextlen); - -void MHD_gnutls_cipher_deinit (void *handle); - -#endif /* GNUTLS_CIPHER_INT */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_constate.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_constate.c deleted file mode 100644 index 845abfe957..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_constate.c +++ /dev/null @@ -1,999 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions that are supposed to run after the handshake procedure is - * finished. These functions activate the established security parameters. - */ - -#include "MHD_config.h" -#include <gnutls_int.h> -#include <gnutls_constate.h> -#include <gnutls_errors.h> -#include <gnutls_kx.h> -#include <gnutls_algorithms.h> -#include <gnutls_num.h> -#include <gnutls_datum.h> -#include <gnutls_state.h> - -static const char keyexp[] = "key expansion"; -static const int keyexp_length = sizeof (keyexp) - 1; - -static const char ivblock[] = "IV block"; -static const int ivblock_length = sizeof (ivblock) - 1; - -static const char cliwrite[] = "client write key"; -static const int cliwrite_length = sizeof (cliwrite) - 1; - -static const char servwrite[] = "server write key"; -static const int servwrite_length = sizeof (servwrite) - 1; - -#define EXPORT_FINAL_KEY_SIZE 16 - -/* This function is to be called after handshake, when master_secret, - * client_random and server_random have been initialized. - * This function creates the keys and stores them into pending session. - * (session->cipher_specs) - */ -int -MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size, - int key_size, int export_flag) -{ - opaque *key_block; - opaque rnd[2 * TLS_RANDOM_SIZE]; - opaque rrnd[2 * TLS_RANDOM_SIZE]; - int pos, ret; - int block_size; - char buf[65]; - - if (session->cipher_specs.generated_keys != 0) - { - /* keys have already been generated. - * reset generated_keys and exit normally. - */ - session->cipher_specs.generated_keys = 0; - return 0; - } - - block_size = 2 * hash_size + 2 * key_size; - if (export_flag == 0) - block_size += 2 * IV_size; - - key_block = MHD_gnutls_secure_malloc (block_size); - if (key_block == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - memcpy (rnd, session->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy (&rnd[TLS_RANDOM_SIZE], - session->security_parameters.client_random, TLS_RANDOM_SIZE); - - memcpy (rrnd, session->security_parameters.client_random, TLS_RANDOM_SIZE); - memcpy (&rrnd[TLS_RANDOM_SIZE], - session->security_parameters.server_random, TLS_RANDOM_SIZE); - - if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) - { /* SSL 3 */ - ret = - MHD_gnutls_ssl3_generate_random - (session->security_parameters.master_secret, TLS_MASTER_SIZE, rnd, - 2 * TLS_RANDOM_SIZE, block_size, key_block); - } - else - { /* TLS 1.0 */ - ret = - MHD_gtls_PRF (session, - (const unsigned char *) session-> - security_parameters.master_secret, TLS_MASTER_SIZE, - keyexp, keyexp_length, rnd, 2 * TLS_RANDOM_SIZE, - block_size, key_block); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - return ret; - } - - MHD__gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, - MHD_gtls_bin2hex (key_block, block_size, buf, - sizeof (buf))); - - pos = 0; - if (hash_size > 0) - { - if (MHD__gnutls_sset_datum - (&session->cipher_specs.client_write_mac_secret, - &key_block[pos], hash_size) < 0) - { - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - pos += hash_size; - - if (MHD__gnutls_sset_datum - (&session->cipher_specs.server_write_mac_secret, - &key_block[pos], hash_size) < 0) - { - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - pos += hash_size; - } - - if (key_size > 0) - { - opaque *client_write_key, *server_write_key; - int client_write_key_size, server_write_key_size; - int free_keys = 0; - - if (export_flag == 0) - { - client_write_key = &key_block[pos]; - client_write_key_size = key_size; - - pos += key_size; - - server_write_key = &key_block[pos]; - server_write_key_size = key_size; - - pos += key_size; - - } - else - { /* export */ - free_keys = 1; - - client_write_key = MHD_gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE); - if (client_write_key == NULL) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - - server_write_key = MHD_gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE); - if (server_write_key == NULL) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - MHD_gnutls_free (client_write_key); - return GNUTLS_E_MEMORY_ERROR; - } - - /* generate the final keys */ - - if (session->security_parameters.version == - MHD_GNUTLS_PROTOCOL_SSL3) - { /* SSL 3 */ - ret = - MHD_gnutls_ssl3_hash_md5 (&key_block[pos], - key_size, rrnd, - 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - client_write_key); - - } - else - { /* TLS 1.0 */ - ret = - MHD_gtls_PRF (session, &key_block[pos], key_size, - cliwrite, cliwrite_length, - rrnd, - 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, client_write_key); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - MHD_gnutls_free (server_write_key); - MHD_gnutls_free (client_write_key); - return ret; - } - - client_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - - if (session->security_parameters.version == - MHD_GNUTLS_PROTOCOL_SSL3) - { /* SSL 3 */ - ret = - MHD_gnutls_ssl3_hash_md5 (&key_block[pos], key_size, - rnd, 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - server_write_key); - } - else - { /* TLS 1.0 */ - ret = - MHD_gtls_PRF (session, &key_block[pos], key_size, - servwrite, servwrite_length, - rrnd, 2 * TLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, server_write_key); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - MHD_gnutls_free (server_write_key); - MHD_gnutls_free (client_write_key); - return ret; - } - - server_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - } - - if (MHD__gnutls_sset_datum - (&session->cipher_specs.client_write_key, - client_write_key, client_write_key_size) < 0) - { - MHD_gnutls_free (key_block); - MHD_gnutls_free (server_write_key); - MHD_gnutls_free (client_write_key); - return GNUTLS_E_MEMORY_ERROR; - } - MHD__gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", - client_write_key_size, - MHD_gtls_bin2hex (client_write_key, - client_write_key_size, buf, - sizeof (buf))); - - if (MHD__gnutls_sset_datum - (&session->cipher_specs.server_write_key, - server_write_key, server_write_key_size) < 0) - { - MHD_gnutls_free (key_block); - MHD_gnutls_free (server_write_key); - MHD_gnutls_free (client_write_key); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD__gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", - server_write_key_size, - MHD_gtls_bin2hex (server_write_key, - server_write_key_size, buf, - sizeof (buf))); - - if (free_keys != 0) - { - MHD_gnutls_free (server_write_key); - MHD_gnutls_free (client_write_key); - } - } - - - /* IV generation in export and non export ciphers. - */ - if (IV_size > 0 && export_flag == 0) - { - if (MHD__gnutls_sset_datum - (&session->cipher_specs.client_write_IV, &key_block[pos], - IV_size) < 0) - { - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - pos += IV_size; - - if (MHD__gnutls_sset_datum - (&session->cipher_specs.server_write_IV, &key_block[pos], - IV_size) < 0) - { - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - pos += IV_size; - - } - else if (IV_size > 0 && export_flag != 0) - { - opaque *iv_block = MHD_gnutls_alloca (IV_size * 2); - if (iv_block == NULL) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - - if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3) - { /* SSL 3 */ - ret = MHD_gnutls_ssl3_hash_md5 ("", 0, - rrnd, TLS_RANDOM_SIZE * 2, - IV_size, iv_block); - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (key_block); - MHD_gnutls_afree (iv_block); - return ret; - } - - ret = MHD_gnutls_ssl3_hash_md5 ("", 0, rnd, - TLS_RANDOM_SIZE * 2, - IV_size, &iv_block[IV_size]); - - } - else - { /* TLS 1.0 */ - ret = MHD_gtls_PRF (session, (const unsigned char *) "", 0, - ivblock, ivblock_length, rrnd, - 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (iv_block); - MHD_gnutls_free (key_block); - return ret; - } - - if (MHD__gnutls_sset_datum - (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0) - { - MHD_gnutls_afree (iv_block); - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - - if (MHD__gnutls_sset_datum - (&session->cipher_specs.server_write_IV, - &iv_block[IV_size], IV_size) < 0) - { - MHD_gnutls_afree (iv_block); - MHD_gnutls_free (key_block); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD_gnutls_afree (iv_block); - } - - MHD_gnutls_free (key_block); - - session->cipher_specs.generated_keys = 1; - - return 0; -} - -int -MHD__gnutls_set_read_keys (MHD_gtls_session_t session) -{ - int hash_size; - int IV_size; - int key_size, export_flag; - enum MHD_GNUTLS_CipherAlgorithm algo; - enum MHD_GNUTLS_HashAlgorithm mac_algo; - - mac_algo = session->security_parameters.read_mac_algorithm; - algo = session->security_parameters.read_bulk_cipher_algorithm; - - hash_size = MHD_gnutls_hash_get_algo_len (mac_algo); - IV_size = MHD_gtls_cipher_get_iv_size (algo); - key_size = MHD__gnutls_cipher_get_key_size (algo); - export_flag = MHD_gtls_cipher_get_export_flag (algo); - - return MHD__gnutls_set_keys (session, hash_size, IV_size, key_size, - export_flag); -} - -int -MHD__gnutls_set_write_keys (MHD_gtls_session_t session) -{ - int hash_size; - int IV_size; - int key_size, export_flag; - enum MHD_GNUTLS_CipherAlgorithm algo; - enum MHD_GNUTLS_HashAlgorithm mac_algo; - - mac_algo = session->security_parameters.write_mac_algorithm; - algo = session->security_parameters.write_bulk_cipher_algorithm; - - hash_size = MHD_gnutls_hash_get_algo_len (mac_algo); - IV_size = MHD_gtls_cipher_get_iv_size (algo); - key_size = MHD__gnutls_cipher_get_key_size (algo); - export_flag = MHD_gtls_cipher_get_export_flag (algo); - - return MHD__gnutls_set_keys (session, hash_size, IV_size, key_size, - export_flag); -} - -#define CPY_COMMON dst->entity = src->entity; \ - dst->kx_algorithm = src->kx_algorithm; \ - memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \ - memcpy( dst->master_secret, src->master_secret, TLS_MASTER_SIZE); \ - memcpy( dst->client_random, src->client_random, TLS_RANDOM_SIZE); \ - memcpy( dst->server_random, src->server_random, TLS_RANDOM_SIZE); \ - memcpy( dst->session_id, src->session_id, TLS_MAX_SESSION_ID_SIZE); \ - dst->session_id_size = src->session_id_size; \ - dst->cert_type = src->cert_type; \ - dst->timestamp = src->timestamp; \ - dst->max_record_recv_size = src->max_record_recv_size; \ - dst->max_record_send_size = src->max_record_send_size; \ - dst->version = src->version; \ - memcpy( &dst->extensions, &src->extensions, sizeof(MHD_gtls_ext_st)); \ - memcpy( &dst->inner_secret, &src->inner_secret, TLS_MASTER_SIZE); - -static void -MHD__gnutls_cpy_read_security_parameters (MHD_gtls_security_param_st * - dst, - MHD_gtls_security_param_st * src) -{ - CPY_COMMON; - - dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm; - dst->read_mac_algorithm = src->read_mac_algorithm; - dst->read_compression_algorithm = src->read_compression_algorithm; -} - -static void -MHD__gnutls_cpy_write_security_parameters (MHD_gtls_security_param_st * - dst, - MHD_gtls_security_param_st * src) -{ - CPY_COMMON; - - dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm; - dst->write_mac_algorithm = src->write_mac_algorithm; - dst->write_compression_algorithm = src->write_compression_algorithm; -} - -/* Sets the current connection session to conform with the - * Security parameters(pending session), and initializes encryption. - * Actually it initializes and starts encryption ( so it needs - * secrets and random numbers to have been negotiated) - * This is to be called after sending the Change Cipher Spec packet. - */ -int -MHD_gtls_connection_state_init (MHD_gtls_session_t session) -{ - int ret; - -/* Setup the master secret - */ - if ((ret = MHD_gtls_generate_master (session, 0), 0) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - - return 0; -} - - -/* Initializes the read connection session - * (read encrypted data) - */ -int -MHD_gtls_read_connection_state_init (MHD_gtls_session_t session) -{ - int mac_size; - int rc; - - MHD__gnutls_uint64zero (session->connection_state.read_sequence_number); - -/* Update internals from CipherSuite selected. - * If we are resuming just copy the connection session - */ - if (session->internals.resumed == RESUME_FALSE) - { - rc = MHD_gtls_set_read_cipher (session, - MHD_gtls_cipher_suite_get_cipher_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - rc = MHD_gtls_set_read_mac (session, - MHD_gtls_cipher_suite_get_mac_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - - rc = MHD_gtls_set_kx (session, - MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - - rc = MHD_gtls_set_read_compression (session, - session->internals. - compression_method); - if (rc < 0) - return rc; - } - else - { /* RESUME_TRUE */ - MHD__gnutls_cpy_read_security_parameters (&session->security_parameters, - &session->internals. - resumed_security_parameters); - } - - - rc = MHD__gnutls_set_read_keys (session); - if (rc < 0) - return rc; - - MHD__gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", - session, - MHD_gtls_cipher_suite_get_name - (&session->security_parameters. - current_cipher_suite)); - - if (MHD_gtls_compression_is_ok - (session->security_parameters.read_compression_algorithm) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - } - - if (MHD_gnutls_mac_is_ok - (session->security_parameters.read_mac_algorithm) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* Free all the previous keys/ sessions etc. - */ - if (session->connection_state.read_mac_secret.data != NULL) - MHD__gnutls_free_datum (&session->connection_state.read_mac_secret); - - if (session->connection_state.read_cipher_state != NULL) - MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state); - - mac_size = - MHD_gnutls_hash_get_algo_len (session->security_parameters. - read_mac_algorithm); - - MHD__gnutls_handshake_log - ("HSK[%x]: Initializing internal [read] cipher sessions\n", session); - - switch (session->security_parameters.entity) - { - case GNUTLS_SERVER: - /* initialize cipher session - */ - session->connection_state.read_cipher_state = - MHD_gtls_cipher_init (session->security_parameters. - read_bulk_cipher_algorithm, - &session->cipher_specs.client_write_key, - &session->cipher_specs.client_write_IV); - if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED - && session->security_parameters.read_bulk_cipher_algorithm != - MHD_GNUTLS_CIPHER_NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* copy mac secrets from cipherspecs, to connection - * session. - */ - if (mac_size > 0) - { - if (MHD__gnutls_sset_datum - (&session->connection_state.read_mac_secret, - session->cipher_specs.client_write_mac_secret.data, - session->cipher_specs.client_write_mac_secret.size) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - } - - break; -#if MHD_DEBUG_TLS - case GNUTLS_CLIENT: - session->connection_state.read_cipher_state = - MHD_gtls_cipher_init (session->security_parameters. - read_bulk_cipher_algorithm, - &session->cipher_specs.server_write_key, - &session->cipher_specs.server_write_IV); - - if (session->connection_state.read_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters.read_bulk_cipher_algorithm != - MHD_GNUTLS_CIPHER_NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - - /* copy mac secret to connection session - */ - if (mac_size > 0) - { - if (MHD__gnutls_sset_datum - (&session->connection_state.read_mac_secret, - session->cipher_specs.server_write_mac_secret.data, - session->cipher_specs.server_write_mac_secret.size) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - } - - break; -#endif - default: /* this check is useless */ - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - return 0; -} - - - -/* Initializes the write connection session - * (write encrypted data) - */ -int -MHD_gtls_write_connection_state_init (MHD_gtls_session_t session) -{ - int mac_size; - int rc; - - MHD__gnutls_uint64zero (session->connection_state.write_sequence_number); - -/* Update internals from CipherSuite selected. - * If we are resuming just copy the connection session - */ - if (session->internals.resumed == RESUME_FALSE) - { - rc = MHD_gtls_set_write_cipher (session, - MHD_gtls_cipher_suite_get_cipher_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - rc = MHD_gtls_set_write_mac (session, - MHD_gtls_cipher_suite_get_mac_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - - rc = MHD_gtls_set_kx (session, - MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); - if (rc < 0) - return rc; - - rc = MHD_gtls_set_write_compression (session, - session->internals. - compression_method); - if (rc < 0) - return rc; - } - else - { /* RESUME_TRUE */ - MHD__gnutls_cpy_write_security_parameters - (&session->security_parameters, - &session->internals.resumed_security_parameters); - } - - rc = MHD__gnutls_set_write_keys (session); - if (rc < 0) - return rc; - - MHD__gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session, - MHD_gtls_cipher_suite_get_name - (&session->security_parameters. - current_cipher_suite)); - - if (MHD_gtls_compression_is_ok - (session->security_parameters.write_compression_algorithm) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - } - - if (MHD_gnutls_mac_is_ok - (session->security_parameters.write_mac_algorithm) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - - - /* Free all the previous keys/ sessions etc. - */ - if (session->connection_state.write_mac_secret.data != NULL) - MHD__gnutls_free_datum (&session->connection_state.write_mac_secret); - - if (session->connection_state.write_cipher_state != NULL) - MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state); - - mac_size = - MHD_gnutls_hash_get_algo_len (session->security_parameters. - write_mac_algorithm); - - MHD__gnutls_handshake_log - ("HSK[%x]: Initializing internal [write] cipher sessions\n", session); - - switch (session->security_parameters.entity) - { - case GNUTLS_SERVER: - /* initialize cipher session - */ - session->connection_state.write_cipher_state = - MHD_gtls_cipher_init (session->security_parameters. - write_bulk_cipher_algorithm, - &session->cipher_specs.server_write_key, - &session->cipher_specs.server_write_IV); - - if (session->connection_state.write_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters.write_bulk_cipher_algorithm != - MHD_GNUTLS_CIPHER_NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - - /* copy mac secrets from cipherspecs, to connection - * session. - */ - if (mac_size > 0) - { - if (MHD__gnutls_sset_datum - (&session->connection_state.write_mac_secret, - session->cipher_specs.server_write_mac_secret.data, - session->cipher_specs.server_write_mac_secret.size) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - } - - - break; -#if MHD_DEBUG_TLS - case GNUTLS_CLIENT: - session->connection_state.write_cipher_state = - MHD_gtls_cipher_init (session->security_parameters. - write_bulk_cipher_algorithm, - &session->cipher_specs.client_write_key, - &session->cipher_specs.client_write_IV); - - if (session->connection_state.write_cipher_state == - GNUTLS_CIPHER_FAILED - && session->security_parameters.write_bulk_cipher_algorithm != - MHD_GNUTLS_CIPHER_NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* copy mac secret to connection session - */ - if (mac_size > 0) - { - if (MHD__gnutls_sset_datum - (&session->connection_state.write_mac_secret, - session->cipher_specs.client_write_mac_secret.data, - session->cipher_specs.client_write_mac_secret.size) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - } - - break; -#endif - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - - return 0; -} - -/* Sets the specified cipher into the pending session - */ -int -MHD_gtls_set_read_cipher (MHD_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo) -{ - - if (MHD_gtls_cipher_is_ok (algo) == 0) - { - if (MHD_gtls_cipher_priority (session, algo) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNWANTED_ALGORITHM; - } - - session->security_parameters.read_bulk_cipher_algorithm = algo; - - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - return 0; - -} - -int -MHD_gtls_set_write_cipher (MHD_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo) -{ - - if (MHD_gtls_cipher_is_ok (algo) == 0) - { - if (MHD_gtls_cipher_priority (session, algo) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNWANTED_ALGORITHM; - } - - session->security_parameters.write_bulk_cipher_algorithm = algo; - - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - return 0; - -} - - -/* Sets the specified algorithm into pending compression session - */ -int -MHD_gtls_set_read_compression (MHD_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo) -{ - - if (MHD_gtls_compression_is_ok (algo) == 0) - { - session->security_parameters.read_compression_algorithm = algo; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - } - return 0; - -} - -int -MHD_gtls_set_write_compression (MHD_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo) -{ - - if (MHD_gtls_compression_is_ok (algo) == 0) - { - session->security_parameters.write_compression_algorithm = algo; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - } - return 0; - -} - -/* Sets the specified kx algorithm into pending session - */ -int -MHD_gtls_set_kx (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algo) -{ - - if (MHD_gtls_kx_is_ok (algo) == 0) - { - session->security_parameters.kx_algorithm = algo; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - if (MHD_gtls_kx_priority (session, algo) < 0) - { - MHD_gnutls_assert (); - /* we shouldn't get here */ - return GNUTLS_E_UNWANTED_ALGORITHM; - } - - return 0; - -} - -/* Sets the specified mac algorithm into pending session */ -int -MHD_gtls_set_read_mac (MHD_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algo) -{ - - if (MHD_gnutls_mac_is_ok (algo) == 0) - { - session->security_parameters.read_mac_algorithm = algo; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - if (MHD_gtls_mac_priority (session, algo) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNWANTED_ALGORITHM; - } - - - return 0; - -} - -int -MHD_gtls_set_write_mac (MHD_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algo) -{ - - if (MHD_gnutls_mac_is_ok (algo) == 0) - { - session->security_parameters.write_mac_algorithm = algo; - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - if (MHD_gtls_mac_priority (session, algo) < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNWANTED_ALGORITHM; - } - - - return 0; - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_constate.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_constate.h deleted file mode 100644 index 59b67249d4..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_constate.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD_gtls_connection_state_init (MHD_gtls_session_t session); -int MHD_gtls_read_connection_state_init (MHD_gtls_session_t session); -int MHD_gtls_write_connection_state_init (MHD_gtls_session_t session); -int MHD_gtls_set_write_cipher (MHD_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo); -int MHD_gtls_set_write_mac (MHD_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algo); -int MHD_gtls_set_read_cipher (MHD_gtls_session_t session, - enum MHD_GNUTLS_CipherAlgorithm algo); -int MHD_gtls_set_read_mac (MHD_gtls_session_t session, - enum MHD_GNUTLS_HashAlgorithm algo); -int MHD_gtls_set_read_compression (MHD_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo); -int MHD_gtls_set_write_compression (MHD_gtls_session_t session, - enum MHD_GNUTLS_CompressionMethod algo); -int MHD_gtls_set_kx (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm algo); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_datum.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_datum.c deleted file mode 100644 index 2f03da3bf2..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_datum.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* contains functions that make it easier to - * write vectors of <size|data>. The destination size - * should be preallocated (datum.size+(bits/8)) - */ - -#include <gnutls_int.h> -#include <gnutls_num.h> -#include <gnutls_datum.h> -#include <gnutls_errors.h> - - -void -MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat) -{ - MHD_gtls_write_uint16 (dat.size, dest); - if (dat.data != NULL) - memcpy (&dest[2], dat.data, dat.size); -} - -void -MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat) -{ - MHD_gtls_write_uint24 (dat.size, dest); - if (dat.data != NULL) - memcpy (&dest[3], dat.data, dat.size); -} - -int -MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, - size_t data_size, MHD_gnutls_alloc_function galloc_func) -{ - if (data_size == 0 || data == NULL) - { - dat->data = NULL; - dat->size = 0; - return 0; - } - - dat->data = galloc_func (data_size); - if (dat->data == NULL) - return GNUTLS_E_MEMORY_ERROR; - - dat->size = data_size; - memcpy (dat->data, data, data_size); - - return 0; -} - -void -MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, - MHD_gnutls_free_function gfree_func) -{ - if (dat->data != NULL) - gfree_func (dat->data); - - dat->data = NULL; - dat->size = 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_datum.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_datum.h deleted file mode 100644 index c6813216f8..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_datum.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ -#include "gnutls_int.h" - -void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat); -void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat); - -int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data, - size_t data_size, MHD_gnutls_alloc_function); -#define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc) -#define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc) - -#define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc) - -void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat, - MHD_gnutls_free_function); -#define MHD__gnutls_free_datum(x) MHD_gtls_free_datum_m(x, MHD_gnutls_free) diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh.c deleted file mode 100644 index d9dd43442c..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh.c +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> - - -/* - --Example-- - you: X = g ^ x mod p; - peer:Y = g ^ y mod p; - - your_key = Y ^ x mod p; - his_key = X ^ y mod p; - -// generate our secret and the public value (X) for it - X = MHD_gtls_calc_dh_secret(&x, g, p); -// now we can calculate the shared secret - key = MHD_gtls_calc_dh_key(Y, x, g, p); - MHD_gtls_mpi_release(x); - MHD_gtls_mpi_release(g); -*/ - -#define MAX_BITS 18000 - -/* returns the public value (X), and the secret (ret_x). - */ -mpi_t -MHD_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime) -{ - mpi_t e, x; - int x_size = MHD__gnutls_mpi_get_nbits (prime) - 1; - /* The size of the secret key is less than - * prime/2 - */ - - if (x_size > MAX_BITS || x_size <= 0) - { - MHD_gnutls_assert (); - return NULL; - } - - x = MHD__gnutls_mpi_new (x_size); - if (x == NULL) - { - MHD_gnutls_assert (); - if (ret_x) - *ret_x = NULL; - - return NULL; - } - - /* FIXME: (x_size/8)*8 is there to overcome a bug in libgcrypt - * which does not really check the bits given but the bytes. - */ - do - { - MHD__gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM); - /* Check whether x is zero. - */ - } - while (MHD__gnutls_mpi_cmp_ui (x, 0) == 0); - - e = MHD__gnutls_mpi_alloc_like (prime); - if (e == NULL) - { - MHD_gnutls_assert (); - if (ret_x) - *ret_x = NULL; - - MHD_gtls_mpi_release (&x); - return NULL; - } - - MHD__gnutls_mpi_powm (e, g, x, prime); - - if (ret_x) - *ret_x = x; - else - MHD_gtls_mpi_release (&x); - return e; -} - - -mpi_t -MHD_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime) -{ - mpi_t k; - int bits; - - bits = MHD__gnutls_mpi_get_nbits (prime); - if (bits <= 0 || bits > MAX_BITS) - { - MHD_gnutls_assert (); - return NULL; - } - - k = MHD__gnutls_mpi_alloc_like (prime); - if (k == NULL) - return NULL; - MHD__gnutls_mpi_powm (k, f, x, prime); - return k; -} - -/*- - * MHD_gtls_get_dh_params - Returns the DH parameters pointer - * @dh_params: is an DH parameters structure, or NULL. - * @func: is a callback function to receive the parameters or NULL. - * @session: a gnutls session. - * - * This function will return the dh parameters pointer. - * - -*/ -MHD_gtls_dh_params_t -MHD_gtls_get_dh_params (MHD_gtls_dh_params_t dh_params, - MHD_gnutls_params_function * func, - MHD_gtls_session_t session) -{ - MHD_gnutls_params_st params; - int ret; - - /* if cached return the cached */ - if (session->internals.params.dh_params) - return session->internals.params.dh_params; - - if (dh_params) - { - session->internals.params.dh_params = dh_params; - } - else if (func) - { - ret = func (session, GNUTLS_PARAMS_DH, ¶ms); - if (ret == 0 && params.type == GNUTLS_PARAMS_DH) - { - session->internals.params.dh_params = params.params.dh; - session->internals.params.free_dh_params = params.deinit; - } - } - - return session->internals.params.dh_params; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh.h deleted file mode 100644 index 5d7341fc42..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_DH_H -# define GNUTLS_DH_H - -const mpi_t *MHD_gtls_dh_params_to_mpi (MHD_gtls_dh_params_t); -mpi_t MHD_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime); -mpi_t MHD_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime); -int MHD_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits); - -MHD_gtls_dh_params_t -MHD_gtls_get_dh_params (MHD_gtls_dh_params_t dh_params, - MHD_gnutls_params_function * func, - MHD_gtls_session_t session); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh_primes.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh_primes.c deleted file mode 100644 index a25759b0a5..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_dh_primes.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_datum.h> -#include <x509_b64.h> /* for PKCS3 PEM decoding */ -#include <gnutls_global.h> -#include <gnutls_dh.h> -#include "debug.h" -/* x509 */ -#include "mpi.h" - - -/* returns the prime and the generator of DH params. - */ -const mpi_t * -MHD_gtls_dh_params_to_mpi (MHD_gtls_dh_params_t dh_primes) -{ - if (dh_primes == NULL || dh_primes->params[1] == NULL - || dh_primes->params[0] == NULL) - { - return NULL; - } - - return dh_primes->params; -} - -int -MHD_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned int bits) -{ - mpi_t g = NULL, prime = NULL; - gcry_error_t err; - int result, times = 0, qbits; - mpi_t *factors = NULL; - - /* Calculate the size of a prime factor of (prime-1)/2. - * This is an emulation of the values in "Selecting Cryptographic Key Sizes" paper. - */ - if (bits < 256) - qbits = bits / 2; - else - { - qbits = (bits / 40) + 105; - } - - if (qbits & 1) /* better have an even number */ - qbits++; - - /* find a prime number of size bits. - */ - do - { - - if (times) - { - MHD_gtls_mpi_release (&prime); - gcry_prime_release_factors (factors); - } - - err = gcry_prime_generate (&prime, bits, qbits, &factors, NULL, NULL, - GCRY_STRONG_RANDOM, - GCRY_PRIME_FLAG_SPECIAL_FACTOR); - - if (err != 0) - { - MHD_gnutls_assert (); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - err = gcry_prime_check (prime, 0); - - times++; - } - while (err != 0 && times < 10); - - if (err != 0) - { - MHD_gnutls_assert (); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - /* generate the group generator. - */ - err = gcry_prime_group_generator (&g, prime, factors, NULL); - if (err != 0) - { - MHD_gnutls_assert (); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - gcry_prime_release_factors (factors); - factors = NULL; - - if (ret_g) - *ret_g = g; - else - MHD_gtls_mpi_release (&g); - if (ret_n) - *ret_n = prime; - else - MHD_gtls_mpi_release (&prime); - - return 0; - -cleanup:gcry_prime_release_factors (factors); - MHD_gtls_mpi_release (&g); - MHD_gtls_mpi_release (&prime); - - return result; - -} - -/* Replaces the prime in the static DH parameters, with a randomly - * generated one. - */ -/** - * MHD__gnutls_dh_params_init - This function will initialize the DH parameters - * @dh_params: Is a structure that will hold the prime numbers - * - * This function will initialize the DH parameters structure. - * - **/ -int -MHD__gnutls_dh_params_init (MHD_gtls_dh_params_t * dh_params) -{ - - (*dh_params) = MHD_gnutls_calloc (1, sizeof (MHD_gtls_dh_params_st)); - if (*dh_params == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; - -} - -/** - * MHD__gnutls_dh_params_deinit - This function will deinitialize the DH parameters - * @dh_params: Is a structure that holds the prime numbers - * - * This function will deinitialize the DH parameters structure. - * - **/ -void -MHD__gnutls_dh_params_deinit (MHD_gtls_dh_params_t dh_params) -{ - if (dh_params == NULL) - return; - - MHD_gtls_mpi_release (&dh_params->params[0]); - MHD_gtls_mpi_release (&dh_params->params[1]); - - MHD_gnutls_free (dh_params); - -} - -/** - * MHD__gnutls_dh_params_generate2 - This function will generate new DH parameters - * @params: Is the structure that the DH parameters will be stored - * @bits: is the prime's number of bits - * - * This function will generate a new pair of prime and generator for use in - * the Diffie-Hellman key exchange. The new parameters will be allocated using - * MHD_gnutls_malloc() and will be stored in the appropriate datum. - * This function is normally slow. - * - * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. - * Also note that the DH parameters are only useful to servers. - * Since clients use the parameters sent by the server, it's of - * no use to call this in client side. - * - **/ -int -MHD__gnutls_dh_params_generate2 (MHD_gtls_dh_params_t params, - unsigned int bits) -{ - int ret; - - ret = - MHD_gtls_dh_generate_prime (¶ms->params[1], ¶ms->params[0], bits); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_errors.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_errors.c deleted file mode 100644 index 48b8a562da..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_errors.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include "gnutls_errors.h" -#include <libtasn1.h> -#ifdef STDC_HEADERS -# include <stdarg.h> -#endif - -/* I18n of error codes. */ -#define _(String) (String) -#define N_(String) (String) - -extern LOG_FUNC MHD__gnutls_log_func; - -#define ERROR_ENTRY(desc, name, fatal) \ - { desc, #name, name, fatal} - -struct MHD_gnutls_error_entry -{ - const char *desc; - const char *_name; - int number; - int fatal; -}; -typedef struct MHD_gnutls_error_entry MHD_gnutls_error_entry; - -static const MHD_gnutls_error_entry MHD_gtls_error_algorithms[] = { - /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */ - ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0), - ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."), - GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1), - ERROR_ENTRY (N_("The cipher type is unsupported."), - GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1), - ERROR_ENTRY (N_("The certificate and the given key do not match."), - GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1), - ERROR_ENTRY (N_("Could not negotiate a supported compression method."), - GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1), - ERROR_ENTRY (N_("An unknown public key algorithm was encountered."), - GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1), - - ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."), - GNUTLS_E_UNWANTED_ALGORITHM, 1), - ERROR_ENTRY (N_("A large TLS record packet was received."), - GNUTLS_E_LARGE_PACKET, 1), - ERROR_ENTRY (N_("A record packet with illegal version was received."), - GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1), - ERROR_ENTRY (N_ - ("The Diffie Hellman prime sent by the server is not acceptable (not long enough)."), - GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1), - ERROR_ENTRY (N_("A TLS packet with unexpected length was received."), - GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1), - ERROR_ENTRY (N_ - ("The specified session has been invalidated for some reason."), - GNUTLS_E_INVALID_SESSION, 1), - - ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1), - ERROR_ENTRY (N_("An illegal TLS extension was received."), - GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1), - ERROR_ENTRY (N_("A TLS fatal alert has been received."), - GNUTLS_E_FATAL_ALERT_RECEIVED, 1), - ERROR_ENTRY (N_("An unexpected TLS packet was received."), - GNUTLS_E_UNEXPECTED_PACKET, 1), - ERROR_ENTRY (N_("A TLS warning alert has been received."), - GNUTLS_E_WARNING_ALERT_RECEIVED, 0), - ERROR_ENTRY (N_ - ("An error was encountered at the TLS Finished packet calculation."), - GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1), - ERROR_ENTRY (N_("The peer did not send any certificate."), - GNUTLS_E_NO_CERTIFICATE_FOUND, 1), - - ERROR_ENTRY (N_("No temporary RSA parameters were found."), - GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1), - ERROR_ENTRY (N_("No temporary DH parameters were found."), - GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1), - ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."), - GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1), - ERROR_ENTRY (N_("The scanning of a large integer has failed."), - GNUTLS_E_MPI_SCAN_FAILED, 1), - ERROR_ENTRY (N_("Could not export a large integer."), - GNUTLS_E_MPI_PRINT_FAILED, 1), - ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1), - ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1), - ERROR_ENTRY (N_("Public key decryption has failed."), - GNUTLS_E_PK_DECRYPTION_FAILED, 1), - ERROR_ENTRY (N_("Public key encryption has failed."), - GNUTLS_E_PK_ENCRYPTION_FAILED, 1), - ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED, - 1), - ERROR_ENTRY (N_("Public key signature verification has failed."), - GNUTLS_E_PK_SIG_VERIFY_FAILED, 1), - ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."), - GNUTLS_E_DECOMPRESSION_FAILED, 1), - ERROR_ENTRY (N_("Compression of the TLS record packet has failed."), - GNUTLS_E_COMPRESSION_FAILED, 1), - - ERROR_ENTRY (N_("Internal error in memory allocation."), - GNUTLS_E_MEMORY_ERROR, 1), - ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."), - GNUTLS_E_UNIMPLEMENTED_FEATURE, 1), - ERROR_ENTRY (N_("Insufficient credentials for that request."), - GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1), - ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1), - ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD, - 1), - ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1), - ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1), - ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR, - 1), - ERROR_ENTRY (N_("Base64 unexpected header error."), - GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR, - 1), - ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR, - 1), - ERROR_ENTRY (N_("Parsing error in password file."), - GNUTLS_E_SRP_PWD_PARSING_ERROR, 1), - ERROR_ENTRY (N_("The requested data were not available."), - GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0), - ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1), - ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1), - ERROR_ENTRY (N_ - ("The upper limit of record packet sequence numbers has been reached. Wow!"), - GNUTLS_E_RECORD_LIMIT_REACHED, 1), - ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR, - 1), - ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."), - GNUTLS_E_X509_UNKNOWN_SAN, 1), - - ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."), - GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1), - ERROR_ENTRY (N_("Key usage violation in certificate has been detected."), - GNUTLS_E_KEY_USAGE_VIOLATION, 1), - ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_AGAIN, 0), - ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0), - ERROR_ENTRY (N_("Rehandshake was requested by the peer."), - GNUTLS_E_REHANDSHAKE, 0), - ERROR_ENTRY (N_ - ("TLS Application data were received, while expecting handshake data."), - GNUTLS_E_GOT_APPLICATION_DATA, 1), - ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1), - ERROR_ENTRY (N_("The certificate type is not supported."), - GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1), - ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."), - GNUTLS_E_SHORT_MEMORY_BUFFER, 1), - ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1), - ERROR_ENTRY (N_("An illegal parameter has been received."), - GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1), - ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1), - - ERROR_ENTRY (N_("ASN1 parser: Element was not found."), - GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1), - ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"), - GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1), - ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."), - GNUTLS_E_ASN1_DER_ERROR, 1), - ERROR_ENTRY (N_("ASN1 parser: Value was not found."), - GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1), - ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."), - GNUTLS_E_ASN1_GENERIC_ERROR, 1), - ERROR_ENTRY (N_("ASN1 parser: Value is not valid."), - GNUTLS_E_ASN1_VALUE_NOT_VALID, 1), - ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1), - ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"), - GNUTLS_E_ASN1_TAG_IMPLICIT, 1), - ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."), - GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1), - ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR, - 1), - ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."), - GNUTLS_E_ASN1_DER_OVERFLOW, 1), - - ERROR_ENTRY (N_("Too many empty record packets have been received."), - GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1), - ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."), - GNUTLS_E_INIT_LIBEXTRA, 1), - ERROR_ENTRY (N_ - ("The GnuTLS library version does not match the GnuTLS-extra library version."), - GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1), - ERROR_ENTRY (N_("The gcrypt library version is too old."), - GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1), - - ERROR_ENTRY (N_("The tasn1 library version is too old."), - GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1), - - ERROR_ENTRY (N_("The initialization of LZO has failed."), - GNUTLS_E_LZO_INIT_FAILED, 1), - ERROR_ENTRY (N_("No supported compression algorithms have been found."), - GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1), - ERROR_ENTRY (N_("No supported cipher suites have been found."), - GNUTLS_E_NO_CIPHER_SUITES, 1), - ERROR_ENTRY (N_("The SRP username supplied is illegal."), - GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), - - ERROR_ENTRY (N_("The certificate has unsupported attributes."), - GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), - ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID, - 1), - ERROR_ENTRY (N_("The hash algorithm is unknown."), - GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1), - ERROR_ENTRY (N_("The PKCS structure's content type is unknown."), - GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1), - ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."), - GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1), - ERROR_ENTRY (N_("The given password contains invalid characters."), - GNUTLS_E_INVALID_PASSWORD, 1), - ERROR_ENTRY (N_("The Message Authentication Code verification failed."), - GNUTLS_E_MAC_VERIFY_FAILED, 1), - ERROR_ENTRY (N_("Some constraint limits were reached."), - GNUTLS_E_CONSTRAINT_ERROR, 1), - ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED, - 1), - - ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"), - GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0), - ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"), - GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0), - ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"), - GNUTLS_E_IA_VERIFY_FAILED, 1), - - ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."), - GNUTLS_E_UNKNOWN_ALGORITHM, 1), - - {NULL, NULL, 0, 0} -}; - -#define GNUTLS_ERROR_LOOP(b) \ - const MHD_gnutls_error_entry *p; \ - for(p = MHD_gtls_error_algorithms; p->desc != NULL; p++) { b ; } - -#define GNUTLS_ERROR_ALG_LOOP(a) \ - GNUTLS_ERROR_LOOP( if(p->number == error) { a; break; } ) - - - -/** - * MHD_gtls_error_is_fatal - Returns non-zero in case of a fatal error - * @error: is an error returned by a gnutls function. Error should be a negative value. - * - * If a function returns a negative value you may feed that value - * to this function to see if it is fatal. Returns 1 for a fatal - * error 0 otherwise. However you may want to check the - * error code manually, since some non-fatal errors to the protocol - * may be fatal for you (your program). - * - * This is only useful if you are dealing with errors from the - * record layer or the handshake layer. - * - * For positive @error values, 0 is returned. - * - **/ -int -MHD_gtls_error_is_fatal (int error) -{ - int ret = 1; - - /* Input sanitzation. Positive values are not errors at all, and - definitely not fatal. */ - if (error > 0) - return 0; - - GNUTLS_ERROR_ALG_LOOP (ret = p->fatal); - - return ret; -} - -/** - * MHD_gtls_perror - prints a string to stderr with a description of an error - * @error: is an error returned by a gnutls function. Error is always a negative value. - * - * This function is like perror(). The only difference is that it accepts an - * error number returned by a gnutls function. - **/ -void -MHD_gtls_perror (int error) -{ - const char *ret = NULL; - - /* avoid prefix */ - GNUTLS_ERROR_ALG_LOOP (ret = p->desc); - if (ret == NULL) - ret = "(unknown)"; - fprintf (stderr, "GNUTLS ERROR: %s\n", _(ret)); -} - - -/** - * MHD_gtls_strerror - Returns a string with a description of an error - * @error: is an error returned by a gnutls function. Error is always a negative value. - * - * This function is similar to strerror(). Differences: it accepts an error - * number returned by a gnutls function; In case of an unknown error - * a descriptive string is sent instead of NULL. - **/ -const char * -MHD_gtls_strerror (int error) -{ - const char *ret = NULL; - - /* avoid prefix */ - GNUTLS_ERROR_ALG_LOOP (ret = p->desc); - if (ret == NULL) - return "(unknown error code)"; - return _(ret); -} - -/* This will print the actual define of the - * given error code. - */ -const char * -MHD__gnutls_strerror (int error) -{ - const char *ret = NULL; - - /* avoid prefix */ - GNUTLS_ERROR_ALG_LOOP (ret = p->_name); - - return _(ret); -} - -int -MHD_gtls_asn2err (int asn_err) -{ - switch (asn_err) - { - case ASN1_FILE_NOT_FOUND: - return GNUTLS_E_FILE_ERROR; - case ASN1_ELEMENT_NOT_FOUND: - return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; - case ASN1_IDENTIFIER_NOT_FOUND: - return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND; - case ASN1_DER_ERROR: - return GNUTLS_E_ASN1_DER_ERROR; - case ASN1_VALUE_NOT_FOUND: - return GNUTLS_E_ASN1_VALUE_NOT_FOUND; - case ASN1_GENERIC_ERROR: - return GNUTLS_E_ASN1_GENERIC_ERROR; - case ASN1_VALUE_NOT_VALID: - return GNUTLS_E_ASN1_VALUE_NOT_VALID; - case ASN1_TAG_ERROR: - return GNUTLS_E_ASN1_TAG_ERROR; - case ASN1_TAG_IMPLICIT: - return GNUTLS_E_ASN1_TAG_IMPLICIT; - case ASN1_ERROR_TYPE_ANY: - return GNUTLS_E_ASN1_TYPE_ANY_ERROR; - case ASN1_SYNTAX_ERROR: - return GNUTLS_E_ASN1_SYNTAX_ERROR; - case ASN1_MEM_ERROR: - return GNUTLS_E_SHORT_MEMORY_BUFFER; - case ASN1_MEM_ALLOC_ERROR: - return GNUTLS_E_MEMORY_ERROR; - case ASN1_DER_OVERFLOW: - return GNUTLS_E_ASN1_DER_OVERFLOW; - default: - return GNUTLS_E_ASN1_GENERIC_ERROR; - } -} - - -/* this function will output a message using the - * caller provided function - */ -void -MHD_gtls_log (int level, const char *fmt, ...) -{ - va_list args; - char str[MAX_LOG_SIZE]; - void (*log_func) (int, const char *) = MHD__gnutls_log_func; - - if (MHD__gnutls_log_func == NULL) - return; - - va_start (args, fmt); - vsnprintf (str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */ - va_end (args); - - log_func (level, str); -} - -void -MHD__gnutls_null_log (void *n, ...) -{ -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_errors.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_errors.h deleted file mode 100644 index ecde580b11..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_errors.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <defines.h> - -#define GNUTLS_E_INT_RET_0 -1251 - -#ifdef __FILE__ -# ifdef __LINE__ -# define MHD_gnutls_assert() MHD__gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__); -# else -# define MHD_gnutls_assert() -# endif -#else /* __FILE__ not defined */ -# define MHD_gnutls_assert() -#endif - -int MHD_gtls_asn2err (int asn_err); -void MHD_gtls_log (int, const char *fmt, ...); - -extern int MHD__gnutls_log_level; - -#ifdef C99_MACROS -#define LEVEL(l, ...) if (MHD__gnutls_log_level >= l || MHD__gnutls_log_level > 9) \ - MHD_gtls_log( l, __VA_ARGS__) - -#define LEVEL_EQ(l, ...) if (MHD__gnutls_log_level == l || MHD__gnutls_log_level > 9) \ - MHD_gtls_log( l, __VA_ARGS__) - -# define MHD__gnutls_debug_log(...) LEVEL(2, __VA_ARGS__) -# define MHD__gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__) -# define MHD__gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__) -# define MHD__gnutls_hard_log(...) LEVEL(9, __VA_ARGS__) -# define MHD__gnutls_record_log(...) LEVEL(4, __VA_ARGS__) -# define MHD__gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__) -# define MHD__gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__) -# define MHD__gnutls_x509_log(...) LEVEL(1, __VA_ARGS__) -#else -# define MHD__gnutls_debug_log MHD__gnutls_null_log -# define MHD__gnutls_handshake_log MHD__gnutls_null_log -# define MHD__gnutls_buffers_log MHD__gnutls_null_log -# define MHD__gnutls_hard_log MHD__gnutls_null_log -# define MHD__gnutls_record_log MHD__gnutls_null_log -# define MHD__gnutls_read_log MHD__gnutls_null_log -# define MHD__gnutls_write_log MHD__gnutls_null_log -# define MHD__gnutls_x509_log MHD__gnutls_null_log - -void MHD__gnutls_null_log (void *, ...); - -#endif /* C99_MACROS */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_extensions.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_extensions.c deleted file mode 100644 index 8ee96c6594..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_extensions.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions that relate to the TLS hello extension parsing. - * Hello extensions are packets appended in the TLS hello packet, and - * allow for extra functionality. - */ - -#include "MHD_config.h" -#include "gnutls_int.h" -#include "gnutls_extensions.h" -#include "gnutls_errors.h" -#include "ext_max_record.h" -#include <ext_cert_type.h> -#include <ext_server_name.h> -#include <gnutls_num.h> - -/* Key Exchange Section */ -#define GNUTLS_EXTENSION_ENTRY(type, parse_type, ext_func_recv, ext_func_send) \ - { #type, type, parse_type, ext_func_recv, ext_func_send } - - -#define MAX_EXT_SIZE 10 -const int MHD_gtls_extensions_size = MAX_EXT_SIZE; - -MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = { - GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_MAX_RECORD_SIZE, - EXTENSION_TLS, - MHD_gtls_max_record_recv_params, - MHD_gtls_max_record_send_params), - GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_CERT_TYPE, - EXTENSION_TLS, - MHD_gtls_cert_type_recv_params, - MHD_gtls_cert_type_send_params), - GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SERVER_NAME, - EXTENSION_APPLICATION, - MHD_gtls_server_name_recv_params, - MHD_gtls_server_name_send_params), - {0, 0, 0, 0} -}; - -#define GNUTLS_EXTENSION_LOOP2(b) \ - MHD_gtls_extension_entry *p; \ - for(p = MHD_gtls_extensions; p->name != NULL; p++) { b ; } - -#define GNUTLS_EXTENSION_LOOP(a) \ - GNUTLS_EXTENSION_LOOP2( if(p->type == type) { a; break; } ) - - -/* EXTENSION functions */ - -MHD_gtls_ext_recv_func -MHD_gtls_ext_func_recv (uint16_t type, MHD_gtls_ext_parse_type_t parse_type) -{ - MHD_gtls_ext_recv_func ret = NULL; - GNUTLS_EXTENSION_LOOP (if - (parse_type == EXTENSION_ANY - || p->parse_type == parse_type) ret = - p->MHD_gnutls_ext_func_recv); - return ret; - -} - -MHD_gtls_ext_send_func -MHD_gtls_ext_func_send (uint16_t type) -{ - MHD_gtls_ext_send_func ret = NULL; - GNUTLS_EXTENSION_LOOP (ret = p->MHD_gnutls_ext_func_send); - return ret; - -} - -const char * -MHD_gtls_extension_get_name (uint16_t type) -{ - const char *ret = NULL; - - /* avoid prefix */ - GNUTLS_EXTENSION_LOOP (ret = p->name + sizeof ("GNUTLS_EXTENSION_") - 1); - - return ret; -} - -/* Checks if the extension we just received is one of the - * requested ones. Otherwise it's a fatal error. - */ -static int -MHD__gnutls_extension_list_check (MHD_gtls_session_t session, uint16_t type) -{ -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - int i; - for (i = 0; i < session->internals.extensions_sent_size; i++) - { - if (type == session->internals.extensions_sent[i]) - return 0; /* ok found */ - } - return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION; - } -#endif - return 0; -} - -int -MHD_gtls_parse_extensions (MHD_gtls_session_t session, - MHD_gtls_ext_parse_type_t parse_type, - const opaque * data, int data_size) -{ - int next, ret; - int pos = 0; - uint16_t type; - const opaque *sdata; - MHD_gtls_ext_recv_func ext_recv; - uint16_t size; - -#if MHD_DEBUG_TLS - int i; - if (session->security_parameters.entity == GNUTLS_CLIENT) - for (i = 0; i < session->internals.extensions_sent_size; i++) - { - MHD__gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", - session, - MHD_gtls_extension_get_name - (session->internals.extensions_sent[i])); - } -#endif - - DECR_LENGTH_RET (data_size, 2, 0); - next = MHD_gtls_read_uint16 (data); - pos += 2; - - DECR_LENGTH_RET (data_size, next, 0); - - do - { - DECR_LENGTH_RET (next, 2, 0); - type = MHD_gtls_read_uint16 (&data[pos]); - pos += 2; - - MHD__gnutls_debug_log ("EXT[%x]: Received extension '%s/%d'\n", session, - MHD_gtls_extension_get_name (type), type); - - if ((ret = MHD__gnutls_extension_list_check (session, type)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - DECR_LENGTH_RET (next, 2, 0); - size = MHD_gtls_read_uint16 (&data[pos]); - pos += 2; - - DECR_LENGTH_RET (next, size, 0); - sdata = &data[pos]; - pos += size; - - ext_recv = MHD_gtls_ext_func_recv (type, parse_type); - if (ext_recv == NULL) - continue; - if ((ret = ext_recv (session, sdata, size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - } - while (next > 2); - - return 0; - -} - -/* Adds the extension we want to send in the extensions list. - * This list is used to check whether the (later) received - * extensions are the ones we requested. - */ -static void -MHD__gnutls_extension_list_add (MHD_gtls_session_t session, uint16_t type) -{ -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - if (session->internals.extensions_sent_size < MAX_EXT_TYPES) - { - session->internals.extensions_sent[session->internals. - extensions_sent_size] = type; - session->internals.extensions_sent_size++; - } - else - { - MHD__gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n"); - } - } -#endif -} - -int -MHD_gtls_gen_extensions (MHD_gtls_session_t session, opaque * data, - size_t data_size) -{ - int size; - uint16_t pos = 0; - opaque *sdata; - int sdata_size; - MHD_gtls_ext_send_func ext_send; - MHD_gtls_extension_entry *p; - - if (data_size < 2) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* allocate enough data for each extension. - */ - sdata_size = data_size; - sdata = MHD_gnutls_malloc (sdata_size); - if (sdata == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - pos += 2; - for (p = MHD_gtls_extensions; p->name != NULL; p++) - { - ext_send = MHD_gtls_ext_func_send (p->type); - if (ext_send == NULL) - continue; - size = ext_send (session, sdata, sdata_size); - if (size > 0) - { - if (data_size < pos + (size_t) size + 4) - { - MHD_gnutls_assert (); - MHD_gnutls_free (sdata); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* write extension type */ - MHD_gtls_write_uint16 (p->type, &data[pos]); - pos += 2; - - /* write size */ - MHD_gtls_write_uint16 (size, &data[pos]); - pos += 2; - - memcpy (&data[pos], sdata, size); - pos += size; - - /* add this extension to the extension list - */ - MHD__gnutls_extension_list_add (session, p->type); - - MHD__gnutls_debug_log ("EXT[%x]: Sending extension %s\n", session, - MHD_gtls_extension_get_name (p->type)); - } - else if (size < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (sdata); - return size; - } - } - - size = pos; - pos -= 2; /* remove the size of the size header! */ - - MHD_gtls_write_uint16 (pos, data); - - if (size == 2) - { /* empty */ - size = 0; - } - - MHD_gnutls_free (sdata); - return size; - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_extensions.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_extensions.h deleted file mode 100644 index 9623b39b43..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_extensions.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> - -const char *MHD_gtls_extension_get_name (uint16_t type); -int MHD_gtls_parse_extensions (MHD_gtls_session_t, MHD_gtls_ext_parse_type_t, - const opaque *, int); -int MHD_gtls_gen_extensions (MHD_gtls_session_t session, opaque * data, - size_t data_size); - -typedef int (*MHD_gtls_ext_recv_func) (MHD_gtls_session_t, const opaque *, size_t); /* recv data */ -typedef int (*MHD_gtls_ext_send_func) (MHD_gtls_session_t, opaque *, size_t); /* send data */ - -MHD_gtls_ext_send_func MHD_gtls_ext_func_send (uint16_t type); -MHD_gtls_ext_recv_func MHD_gtls_ext_func_recv (uint16_t type, - MHD_gtls_ext_parse_type_t); - -typedef struct -{ - const char *name; - uint16_t type; - MHD_gtls_ext_parse_type_t parse_type; - MHD_gtls_ext_recv_func MHD_gnutls_ext_func_recv; - MHD_gtls_ext_send_func MHD_gnutls_ext_func_send; -} MHD_gtls_extension_entry; diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_global.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_global.c deleted file mode 100644 index 818a92a100..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_global.c +++ /dev/null @@ -1,298 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <libtasn1.h> -#include <gnutls_dh.h> - -/* this is used in order to make the multi-threaded initialization call to libgcrypt */ -#include <pthread.h> -#include <gcrypt.h> - -/* used to set the MHD_tls logging function */ -#include "internal.h" - -/* TODO fix : needed by GCRY_THREAD_OPTION_PTHREAD_IMPL but missing otherwise */ -#define ENOMEM 12 /* Out of memory */ - -#ifdef HAVE_WINSOCK -# include <winsock2.h> -#endif - - -GCRY_THREAD_OPTION_PTHREAD_IMPL; - -#define MHD_gnutls_log_func LOG_FUNC - -/* created by asn1c */ -extern const ASN1_ARRAY_TYPE MHD_gnutlsMHD__asn1_tab[]; -extern const ASN1_ARRAY_TYPE MHD_pkix_asn1_tab[]; - -LOG_FUNC MHD__gnutls_log_func; -int MHD__gnutls_log_level = 0; /* default log level */ - -ASN1_TYPE MHD__gnutls_pkix1_asn; -ASN1_TYPE MHD__gnutlsMHD__gnutls_asn; - -/** - * MHD_gtls_global_set_log_function - This function sets the logging function - * @log_func: it's a log function - * - * This is the function where you set the logging function gnutls - * is going to use. This function only accepts a character array. - * Normally you may not use this function since it is only used - * for debugging purposes. - * - * MHD_gnutls_log_func is of the form, - * void (*MHD_gnutls_log_func)( int level, const char*); - **/ -void -MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func) -{ - MHD__gnutls_log_func = log_func; -} - -/** - * MHD_gtls_global_set_log_level - This function sets the logging level - * @level: it's an integer from 0 to 9. - * - * This is the function that allows you to set the log level. - * The level is an integer between 0 and 9. Higher values mean - * more verbosity. The default value is 0. Larger values should - * only be used with care, since they may reveal sensitive information. - * - * Use a log level over 10 to enable all debugging options. - * - **/ -void -MHD_gtls_global_set_log_level (int level) -{ - MHD__gnutls_log_level = level; -} - -int MHD__gnutls_is_secure_mem_null (const void *); - -static int MHD__gnutls_init_level = 0; - -/** - * MHD__gnutls_global_init - This function initializes the global data to defaults. - * - * This function initializes the global data to defaults. - * Every gnutls application has a global data which holds common parameters - * shared by gnutls session structures. - * You must call MHD__gnutls_global_deinit() when gnutls usage is no longer needed - * Returns zero on success. - * - * Note that this function will also initialize libgcrypt, if it has not - * been initialized before. Thus if you want to manually initialize libgcrypt - * you must do it before calling this function. This is useful in cases you - * want to disable libgcrypt's internal lockings etc. - * - * This function increment a global counter, so that - * MHD__gnutls_global_deinit() only releases resources when it has been - * called as many times as MHD__gnutls_global_init(). This is useful when - * GnuTLS is used by more than one library in an application. This - * function can be called many times, but will only do something the - * first time. - * - * Note! This function is not thread safe. If two threads call this - * function simultaneously, they can cause a race between checking - * the global counter and incrementing it, causing both threads to - * execute the library initialization code. That would lead to a - * memory leak. To handle this, your application could invoke this - * function after aquiring a thread mutex. To ignore the potential - * memory leak is also an option. - * - **/ -int -MHD__gnutls_global_init () -{ - int result = 0; - int res; - - if (MHD__gnutls_init_level++) - return 0; - -#if HAVE_WINSOCK - { - WORD requested; - WSADATA data; - int err; - - requested = MAKEWORD (1, 1); - err = WSAStartup (requested, &data); - if (err != 0) - { - MHD__gnutls_debug_log ("WSAStartup failed: %d.\n", err); - return GNUTLS_E_LIBRARY_VERSION_MISMATCH; - } - - if (data.wVersion < requested) - { - MHD__gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n", - data.wVersion, requested); - WSACleanup (); - return GNUTLS_E_LIBRARY_VERSION_MISMATCH; - } - } -#endif - - /* bindtextdomain("mhd", "./"); */ - - if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0) - { - const char *p; - - /* to enable multi-threading this call must precede any other call made to libgcrypt */ - gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread); - - /* set p to point at the required version of gcrypt */ - p = strchr (MHD_GCRYPT_VERSION, ':'); - if (p == NULL) - p = MHD_GCRYPT_VERSION; - else - p++; - - /* this call initializes libgcrypt */ - if (gcry_check_version (p) == NULL) - { - MHD_gnutls_assert (); - MHD__gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p); - return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; - } - - /* for gcrypt in order to be able to allocate memory */ - gcry_set_allocation_handler (MHD_gnutls_malloc, - MHD_gnutls_secure_malloc, - MHD__gnutls_is_secure_memory, - MHD_gnutls_realloc, MHD_gnutls_free); - - /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */ - - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); - - } - - if (MHD_gc_init () != GC_OK) - { - MHD_gnutls_assert (); - MHD__gnutls_debug_log ("Initializing crypto backend failed\n"); - return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY; - } - - /* initialize parser - * This should not deal with files in the final - * version. - */ - res = - MHD__asn1_array2tree (MHD_pkix_asn1_tab, &MHD__gnutls_pkix1_asn, NULL); - if (res != ASN1_SUCCESS) - { - result = MHD_gtls_asn2err (res); - return result; - } - - res = - MHD__asn1_array2tree (MHD_gnutlsMHD__asn1_tab, - &MHD__gnutlsMHD__gnutls_asn, NULL); - if (res != ASN1_SUCCESS) - { - MHD__asn1_delete_structure (&MHD__gnutls_pkix1_asn); - result = MHD_gtls_asn2err (res); - return result; - } - - return result; -} - -/** - * MHD__gnutls_global_deinit - This function deinitializes the global data - * - * This function deinitializes the global data, that were initialized - * using MHD__gnutls_global_init(). - * - * Note! This function is not thread safe. See the discussion for - * MHD__gnutls_global_init() for more information. - * - **/ -void -MHD__gnutls_global_deinit () -{ - if (MHD__gnutls_init_level == 1) - { -#if HAVE_WINSOCK - WSACleanup (); -#endif - MHD__asn1_delete_structure (&MHD__gnutlsMHD__gnutls_asn); - MHD__asn1_delete_structure (&MHD__gnutls_pkix1_asn); - MHD_gc_done (); - } - MHD__gnutls_init_level--; -} - -/* These functions should be elsewere. Kept here for - * historical reasons. - */ - -/** - * MHD__gnutls_transport_set_pull_function - This function sets a read like function - * @pull_func: a callback function similar to read() - * @session: gnutls session - * - * This is the function where you set a function for gnutls - * to receive data. Normally, if you use berkeley style sockets, - * do not need to use this function since the default (recv(2)) will - * probably be ok. - * - * PULL_FUNC is of the form, - * ssize_t (*MHD_gtls_pull_func)(MHD_gnutls_transport_ptr_t, void*, size_t); - **/ -void -MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session, - MHD_gtls_pull_func pull_func) -{ - session->internals.MHD__gnutls_pull_func = pull_func; -} - -/** - * MHD__gnutls_transport_set_push_function - This function sets the function to send data - * @push_func: a callback function similar to write() - * @session: gnutls session - * - * This is the function where you set a push function for gnutls - * to use in order to send data. If you are going to use berkeley style - * sockets, you do not need to use this function since - * the default (send(2)) will probably be ok. Otherwise you should - * specify this function for gnutls to be able to send data. - * - * PUSH_FUNC is of the form, - * ssize_t (*MHD_gtls_push_func)(MHD_gnutls_transport_ptr_t, const void*, size_t); - **/ -void -MHD__gnutls_transport_set_push_function (MHD_gtls_session_t session, - MHD_gtls_push_func push_func) -{ - session->internals.MHD__gnutls_push_func = push_func; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_global.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_global.h deleted file mode 100644 index 50d6131c3d..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_global.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_GLOBAL_H -#define GNUTLS_GLOBAL_H - -#include "MHD_config.h" -#include <libtasn1.h> -#undef HAVE_CONFIG_H -#include <pthread.h> -#define HAVE_CONFIG_H 1 - -/* this mutex is used to synchronize threads attempting to call MHD__gnutls_global_init / MHD__gnutls_global_deinit */ -extern pthread_mutex_t MHD_gnutls_init_mutex; - -int MHD_gnutls_is_secure_memory (const void *mem); - -extern ASN1_TYPE MHD__gnutls_pkix1_asn; -extern ASN1_TYPE MHD__gnutlsMHD__gnutls_asn; - -#if !HAVE_MEMMEM -extern void *memmem (void const *__haystack, size_t __haystack_len, - void const *__needle, size_t __needle_len); -#endif - -/* removed const from node_asn* to - * prevent warnings, since libtasn1 doesn't - * use the const keywork in its functions. - */ -#define MHD__gnutls_getMHD__gnutls_asn() ((node_asn*) MHD__gnutlsMHD__gnutls_asn) -#define MHD__gnutls_get_pkix() ((node_asn*) MHD__gnutls_pkix1_asn) - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c deleted file mode 100644 index f12f4015c0..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c +++ /dev/null @@ -1,2804 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions that relate to the TLS handshake procedure. - */ - -#include "MHD_config.h" -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include "gnutls_dh.h" -#include "debug.h" -#include "gnutls_algorithms.h" -#include "gnutls_cipher.h" -#include "gnutls_buffers.h" -#include "gnutls_kx.h" -#include "gnutls_handshake.h" -#include "gnutls_num.h" -#include "gnutls_hash_int.h" -#include "gnutls_extensions.h" -#include "gnutls_supplemental.h" -#include "gnutls_auth_int.h" -#include "auth_cert.h" -#include "gnutls_cert.h" -#include "gnutls_constate.h" -#include "gnutls_record.h" -#include "gnutls_state.h" -#include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ -#include "gc.h" - -#ifdef HANDSHAKE_DEBUG -#define ERR(x, y) MHD__gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y) -#else -#define ERR(x, y) -#endif - -#define TRUE 1 -#define FALSE 0 - - -/* This should be sufficient by now. It should hold all the extensions - * plus the headers in a hello message. - */ -#define MAX_EXT_DATA_LENGTH 1024 - - -static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, - cipher_suite_st ** - cipherSuites, - int numCipherSuites, - enum - MHD_GNUTLS_PublicKeyAlgorithm); -static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, - opaque * data, int datalen); - -static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); - -static int MHD_gtls_handshake_common (MHD_gtls_session_t session); - -static int MHD_gtls_handshake_server (MHD_gtls_session_t session); - -#if MHD_DEBUG_TLS -static int MHD_gtls_handshake_client (MHD_gtls_session_t session); -#endif - - -static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, - opaque * data, int datalen); - - -/* Clears the handshake hash buffers and handles. - */ -static void -MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session) -{ - MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL); - MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_sha, NULL); - session->internals.handshake_mac_handle_md5 = NULL; - session->internals.handshake_mac_handle_sha = NULL; - MHD_gtls_handshake_buffer_clear (session); -} - -/** - * gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message - * @session: is a #gnutls_session_t structure. - * @max: is the maximum number. - * - * This function will set the maximum size of a handshake message. - * Handshake messages over this size are rejected. - * The default value is 16kb which is large enough. Set this to 0 if you do not want - * to set an upper limit. - * - **/ -void -MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, - size_t max) -{ - session->internals.max_handshake_data_buffer_size = max; -} - - -static void -MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd) -{ - memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); -} - -static void -MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd) -{ - memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); -} - -/* Calculate The SSL3 Finished message */ -#define SSL3_CLIENT_MSG "CLNT" -#define SSL3_SERVER_MSG "SRVR" -#define SSL_MSG_LEN 4 -static int -MHD__gnutls_ssl3_finished (MHD_gtls_session_t session, int type, opaque * ret) -{ - const int siz = SSL_MSG_LEN; - mac_hd_t td_md5; - mac_hd_t td_sha; - const char *mesg; - - td_md5 = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); - if (td_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); - if (td_sha == NULL) - { - MHD_gnutls_assert (); - MHD_gnutls_hash_deinit (td_md5, NULL); - return GNUTLS_E_HASH_FAILED; - } - - if (type == GNUTLS_SERVER) - { - mesg = SSL3_SERVER_MSG; - } - else - { - mesg = SSL3_CLIENT_MSG; - } - - MHD_gnutls_hash (td_md5, mesg, siz); - MHD_gnutls_hash (td_sha, mesg, siz); - - MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - - return 0; -} - -/* Hash the handshake messages as required by TLS 1.0 */ -#define SERVER_MSG "server finished" -#define CLIENT_MSG "client finished" -#define TLS_MSG_LEN 15 -static int -MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret) -{ - const int siz = TLS_MSG_LEN; - opaque concat[36]; - size_t len; - const char *mesg; - mac_hd_t td_md5 = NULL; - mac_hd_t td_sha; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) - { - td_md5 = - MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); - if (td_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - } - - td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); - if (td_sha == NULL) - { - MHD_gnutls_assert (); - if (td_md5 != NULL) - MHD_gnutls_hash_deinit (td_md5, NULL); - return GNUTLS_E_HASH_FAILED; - } - - if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) - { - MHD_gnutls_hash_deinit (td_md5, concat); - MHD_gnutls_hash_deinit (td_sha, &concat[16]); - len = 20 + 16; - } - else - { - MHD_gnutls_hash_deinit (td_sha, concat); - len = 20; - } - - if (type == GNUTLS_SERVER) - { - mesg = SERVER_MSG; - } - else - { - mesg = CLIENT_MSG; - } - - return MHD_gtls_PRF (session, session->security_parameters.master_secret, - TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); -} - -/* this function will produce TLS_RANDOM_SIZE==32 bytes of random data - * and put it to dst. - */ -static int -MHD_gtls_tls_create_random (opaque * dst) -{ - uint32_t tim; - - /* Use weak random numbers for the most of the - * buffer except for the first 4 that are the - * system's time. - */ - - tim = time (NULL); - /* generate server random value */ - MHD_gtls_write_uint32 (tim, dst); - - if (MHD_gc_nonce ((char *) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) - { - MHD_gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } - - return 0; -} - -/* returns the 0 on success or a negative value. - */ -static int -MHD_gtls_negotiate_version (MHD_gtls_session_t session, - enum MHD_GNUTLS_Protocol adv_version) -{ - int ret; - - /* if we do not support that version */ - if (MHD_gtls_version_is_supported (session, adv_version) == 0) - { - /* If he requested something we do not support - * then we send him the highest we support. - */ - ret = MHD_gtls_version_max (session); - } - else - { - ret = adv_version; - } - MHD_gtls_set_current_version (session, ret); - - return ret; -} - -/* Read a client hello packet. - * A client hello must be a known version client hello - * or version 2.0 client hello (only for compatibility - * since SSL version 2.0 is not supported). - */ -static int -MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, - int datalen) -{ - uint8_t session_id_len; - int pos = 0, ret = 0; - uint16_t suite_size, comp_size; - enum MHD_GNUTLS_Protocol adv_version; - int neg_version; - int len = datalen; - opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr; - - DECR_LEN (len, 2); - - MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session, - data[pos], data[pos + 1]); - - adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]); - set_adv_version (session, data[pos], data[pos + 1]); - pos += 2; - - neg_version = MHD_gtls_negotiate_version (session, adv_version); - if (neg_version < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* Read client random value. - */ - DECR_LEN (len, TLS_RANDOM_SIZE); - MHD_gtls_set_client_random (session, &data[pos]); - pos += TLS_RANDOM_SIZE; - - MHD_gtls_tls_create_random (rnd); - MHD_gtls_set_server_random (session, rnd); - - session->security_parameters.timestamp = time (NULL); - - DECR_LEN (len, 1); - session_id_len = data[pos++]; - - /* RESUME SESSION */ - if (session_id_len > TLS_MAX_SESSION_ID_SIZE) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - DECR_LEN (len, session_id_len); - - pos += session_id_len; - - MHD_gtls_generate_session_id (session->security_parameters.session_id, - &session->security_parameters. - session_id_size); - - session->internals.resumed = RESUME_FALSE; - /* Remember ciphersuites for later - */ - DECR_LEN (len, 2); - suite_size = MHD_gtls_read_uint16 (&data[pos]); - pos += 2; - - DECR_LEN (len, suite_size); - suite_ptr = &data[pos]; - pos += suite_size; - - /* Point to the compression methods - */ - DECR_LEN (len, 1); - comp_size = data[pos++]; /* z is the number of compression methods */ - - DECR_LEN (len, comp_size); - comp_ptr = &data[pos]; - pos += comp_size; - - /* Parse the extensions (if any) - */ - if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) - { - ret = MHD_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len); /* len is the rest of the parsed length */ - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0) - { - ret = MHD_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len); /* len is the rest of the parsed length */ - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - /* select an appropriate cipher suite - */ - ret = MHD_gtls_server_select_suite (session, suite_ptr, suite_size); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* select appropriate compression method */ - ret = MHD__gnutls_server_select_comp_method (session, comp_ptr, comp_size); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return 0; -} - -/* here we hash all pending data. - */ -static int -MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session) -{ - size_t siz; - int ret; - opaque *data; - - if (session->internals.handshake_mac_handle_sha == NULL || - session->internals.handshake_mac_handle_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* We check if there are pending data to hash. - */ - if ((ret = MHD_gtls_handshake_buffer_get_ptr (session, &data, &siz)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (siz > 0) - { - MHD_gnutls_hash (session->internals.handshake_mac_handle_sha, data, - siz); - MHD_gnutls_hash (session->internals.handshake_mac_handle_md5, data, - siz); - } - - MHD_gtls_handshake_buffer_empty (session); - - return 0; -} - - -/* This is to be called after sending CHANGE CIPHER SPEC packet - * and initializing encryption. This is the first encrypted message - * we send. - */ -static int -MHD__gnutls_send_finished (MHD_gtls_session_t session, int again) -{ - uint8_t data[36]; - int ret; - int data_size = 0; - - - if (again == 0) - { - - /* This is needed in order to hash all the required - * messages. - */ - if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (MHD__gnutls_protocol_get_version (session) == - MHD_GNUTLS_PROTOCOL_SSL3) - { - ret = - MHD__gnutls_ssl3_finished (session, - session->security_parameters.entity, - data); - data_size = 36; - } - else - { /* TLS 1.0 */ - ret = - MHD__gnutls_finished (session, - session->security_parameters.entity, data); - data_size = 12; - } - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - } - - ret = - MHD_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_FINISHED); - - return ret; -} - -/* This is to be called after sending our finished message. If everything - * went fine we have negotiated a secure connection - */ -static int -MHD__gnutls_recv_finished (MHD_gtls_session_t session) -{ - uint8_t data[36], *vrfy; - int data_size; - int ret; - int vrfysize; - - ret = - MHD_gtls_recv_handshake (session, &vrfy, &vrfysize, - GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); - if (ret < 0) - { - ERR ("recv finished int", ret); - MHD_gnutls_assert (); - return ret; - } - - - if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) - { - data_size = 36; - } - else - { - data_size = 12; - } - - if (vrfysize != data_size) - { - MHD_gnutls_assert (); - MHD_gnutls_free (vrfy); - return GNUTLS_E_ERROR_IN_FINISHED_PACKET; - } - - if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) - { - ret = - MHD__gnutls_ssl3_finished (session, - (session->security_parameters.entity + - 1) % 2, data); - } - else - { /* TLS 1.0 */ - ret = - MHD__gnutls_finished (session, - (session->security_parameters.entity + - 1) % 2, data); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (vrfy); - return ret; - } - - if (memcmp (vrfy, data, data_size) != 0) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET; - } - MHD_gnutls_free (vrfy); - - return ret; -} - -/* returns PK_RSA if the given cipher suite list only supports, - * RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none. - */ -static int -MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * - data, int datalen) -{ - int j; - enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0; - enum MHD_GNUTLS_KeyExchangeAlgorithm kx; - cipher_suite_st cs; - - if (datalen % 2 != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - for (j = 0; j < datalen; j += 2) - { - memcpy (&cs.suite, &data[j], 2); - kx = MHD_gtls_cipher_suite_get_kx_algo (&cs); - - if (MHD_gtls_map_kx_get_cred (kx, 1) == MHD_GNUTLS_CRD_CERTIFICATE) - { - algo = MHD_gtls_map_pk_get_pk (kx); - - if (algo != prev_algo && prev_algo != 0) - return GNUTLS_PK_ANY; - prev_algo = algo; - } - } - - return algo; -} - - -/* This selects the best supported ciphersuite from the given ones. Then - * it adds the suite to the session and performs some checks. - */ -static int -MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, - int datalen) -{ - int x, i, j; - cipher_suite_st *ciphers, cs; - int retval, err; - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo; /* will hold the pk algorithms - * supported by the peer. - */ - - pk_algo = MHD__gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); - - x = MHD_gtls_supported_ciphersuites (session, &ciphers); - if (x < 0) - { /* the case x==0 is handled within the function. */ - MHD_gnutls_assert (); - return x; - } - - /* Here we remove any ciphersuite that does not conform - * the certificate requested, or to the - * authentication requested (e.g. SRP). - */ - x = MHD_gtls_remove_unwanted_ciphersuites (session, &ciphers, x, pk_algo); - if (x <= 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (ciphers); - if (x < 0) - return x; - else - return GNUTLS_E_UNKNOWN_CIPHER_SUITE; - } - - /* Data length should be zero mod 2 since - * every ciphersuite is 2 bytes. (this check is needed - * see below). - */ - if (datalen % 2 != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - memset (session->security_parameters.current_cipher_suite.suite, '\0', 2); - - retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE; - - for (j = 0; j < datalen; j += 2) - { - for (i = 0; i < x; i++) - { - if (memcmp (ciphers[i].suite, &data[j], 2) == 0) - { - memcpy (&cs.suite, &data[j], 2); - - MHD__gnutls_handshake_log - ("HSK[%x]: Selected cipher suite: %s\n", session, - MHD_gtls_cipher_suite_get_name (&cs)); - memcpy (session->security_parameters.current_cipher_suite.suite, - ciphers[i].suite, 2); - retval = 0; - goto finish; - } - } - } - -finish: - MHD_gnutls_free (ciphers); - - if (retval != 0) - { - MHD_gnutls_assert (); - return retval; - } - - /* check if the credentials (username, public key etc.) are ok - */ - if (MHD_gtls_get_kx_cred - (session, - MHD_gtls_cipher_suite_get_kx_algo (&session->security_parameters. - current_cipher_suite), &err) == NULL - && err != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - - /* set the MHD_gtls_mod_auth_st to the appropriate struct - * according to the KX algorithm. This is needed since all the - * handshake functions are read from there; - */ - session->internals.auth_struct = - MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); - if (session->internals.auth_struct == NULL) - { - - MHD__gnutls_handshake_log - ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n", - session); - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - return 0; - -} - - -/* This selects the best supported compression method from the ones provided - */ -static int -MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, - opaque * data, int datalen) -{ - int x, i, j; - uint8_t *comps; - - x = MHD_gtls_supported_compression_methods (session, &comps); - if (x < 0) - { - MHD_gnutls_assert (); - return x; - } - - memset (&session->internals.compression_method, 0, - sizeof (enum MHD_GNUTLS_CompressionMethod)); - - for (j = 0; j < datalen; j++) - { - for (i = 0; i < x; i++) - { - if (comps[i] == data[j]) - { - enum MHD_GNUTLS_CompressionMethod method = - MHD_gtls_compression_get_id_from_int (comps[i]); - - session->internals.compression_method = method; - MHD_gnutls_free (comps); - return 0; - } - } - } - - /* we were not able to find a compatible compression - * algorithm - */ - MHD_gnutls_free (comps); - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - -} - -/* This function sends an empty handshake packet. (like hello request). - * If the previous MHD__gnutls_send_empty_handshake() returned - * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again - * (until it returns ok), with NULL parameters. - */ -static int -MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session, - MHD_gnutls_handshake_description_t type, - int again) -{ - opaque data = 0; - opaque *ptr; - - if (again == 0) - ptr = &data; - else - ptr = NULL; - - return MHD_gtls_send_handshake (session, ptr, 0, type); -} - - -/* This function will hash the handshake message we sent. */ -static int -MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session, - MHD_gnutls_handshake_description_t type, - opaque * dataptr, uint32_t datalen) -{ - int ret; - - if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) - { - MHD_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr, - datalen); - MHD_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr, - datalen); - } - - return 0; -} - - -/* This function sends a handshake message of type 'type' containing the - * data specified here. If the previous MHD_gtls_send_handshake() returned - * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again - * (until it returns ok), with NULL parameters. - */ -int -MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, - uint32_t i_datasize, - MHD_gnutls_handshake_description_t type) -{ - int ret; - uint8_t *data; - uint32_t datasize; - int pos = 0; - - if (i_data == NULL && i_datasize == 0) - { - /* we are resuming a previously interrupted - * send. - */ - ret = MHD_gtls_handshake_io_write_flush (session); - return ret; - - } - - if (i_data == NULL && i_datasize > 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - /* first run */ - datasize = i_datasize + HANDSHAKE_HEADER_SIZE; - data = MHD_gnutls_alloca (datasize); - if (data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - data[pos++] = (uint8_t) type; - MHD_gtls_write_uint24 (i_datasize, &data[pos]); - pos += 3; - - if (i_datasize > 0) - memcpy (&data[pos], i_data, i_datasize); - - /* Here we keep the handshake messages in order to hash them... - */ - if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) - if ((ret = - MHD__gnutls_handshake_hash_add_sent (session, type, data, - datasize)) < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (data); - return ret; - } - - session->internals.last_handshake_out = type; - - ret = - MHD_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type, - data, datasize); - - MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n", - session, MHD__gnutls_handshake2str (type), - (long) datasize); - - MHD_gnutls_afree (data); - - return ret; -} - -/* This function will read the handshake header and return it to the caller. If the - * received handshake packet is not the one expected then it buffers the header, and - * returns UNEXPECTED_HANDSHAKE_PACKET. - * - * FIXME: This function is complex. - */ -#define SSL2_HEADERS 1 -static int -MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session, - MHD_gnutls_handshake_description_t type, - MHD_gnutls_handshake_description_t * - recv_type) -{ - int ret; - uint32_t length32 = 0; - uint8_t *dataptr = NULL; /* for realloc */ - size_t handshake_header_size = HANDSHAKE_HEADER_SIZE; - - /* if we have data into the buffer then return them, do not read the next packet. - * In order to return we need a full TLS handshake header, or in case of a version 2 - * packet, then we return the first byte. - */ - if (session->internals.handshake_header_buffer.header_size == - handshake_header_size || (session->internals.v2_hello != 0 - && type == GNUTLS_HANDSHAKE_CLIENT_HELLO - && session->internals. - handshake_header_buffer.packet_length > 0)) - { - - *recv_type = session->internals.handshake_header_buffer.recv_type; - - return session->internals.handshake_header_buffer.packet_length; - } - - /* Note: SSL2_HEADERS == 1 */ - - dataptr = session->internals.handshake_header_buffer.header; - - /* If we haven't already read the handshake headers. - */ - if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS) - { - ret = - MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, dataptr, SSL2_HEADERS); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* The case ret==0 is caught here. - */ - if (ret != SSL2_HEADERS) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - session->internals.handshake_header_buffer.header_size = SSL2_HEADERS; - } - - if (session->internals.v2_hello == 0 - || type != GNUTLS_HANDSHAKE_CLIENT_HELLO) - { - ret = - MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, - &dataptr - [session->internals. - handshake_header_buffer.header_size], - HANDSHAKE_HEADER_SIZE - - session->internals. - handshake_header_buffer.header_size); - if (ret <= 0) - { - MHD_gnutls_assert (); - return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - if ((size_t) ret != - HANDSHAKE_HEADER_SIZE - - session->internals.handshake_header_buffer.header_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - *recv_type = dataptr[0]; - - /* we do not use DECR_LEN because we know - * that the packet has enough data. - */ - length32 = MHD_gtls_read_uint24 (&dataptr[1]); - handshake_header_size = HANDSHAKE_HEADER_SIZE; - - MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n", - session, - MHD__gnutls_handshake2str (dataptr[0]), - length32 + HANDSHAKE_HEADER_SIZE); - - } - else - { /* v2 hello */ - length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */ - - handshake_header_size = SSL2_HEADERS; /* we've already read one byte */ - - *recv_type = dataptr[0]; - - MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n", - session, - MHD__gnutls_handshake2str (*recv_type), - length32 + handshake_header_size); - - if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) - { /* it should be one or nothing */ - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; - } - } - - /* put the packet into the buffer */ - session->internals.handshake_header_buffer.header_size = - handshake_header_size; - session->internals.handshake_header_buffer.packet_length = length32; - session->internals.handshake_header_buffer.recv_type = *recv_type; - - if (*recv_type != type) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; - } - - return length32; -} - -#define MHD__gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0 - -/* This function will hash the handshake headers and the - * handshake data. - */ -static int -MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session, - MHD_gnutls_handshake_description_t - recv_type, opaque * header, - uint16_t header_size, opaque * dataptr, - uint32_t datalen) -{ - int ret; - - /* The idea here is to hash the previous message we received, - * and add the one we just received into the handshake_hash_buffer. - */ - - if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* here we buffer the handshake messages - needed at Finished message */ - if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST) - { - - if ((ret = - MHD_gtls_handshake_buffer_put (session, header, header_size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (datalen > 0) - { - if ((ret = - MHD_gtls_handshake_buffer_put (session, dataptr, datalen)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - } - - return 0; -} - -/* This function will receive handshake messages of the given types, - * and will pass the message to the right place in order to be processed. - * E.g. for the SERVER_HELLO message (if it is expected), it will be - * passed to MHD_gtls_recv_hello(). - */ -int -MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, - int *datalen, - MHD_gnutls_handshake_description_t type, - Optional optional) -{ - int ret; - uint32_t length32 = 0; - opaque *dataptr = NULL; - MHD_gnutls_handshake_description_t recv_type; - - ret = MHD__gnutls_recv_handshake_header (session, type, &recv_type); - if (ret < 0) - { - - if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET - && optional == OPTIONAL_PACKET) - { - if (datalen != NULL) - *datalen = 0; - if (data != NULL) - *data = NULL; - return 0; /* ok just ignore the packet */ - } - - return ret; - } - - session->internals.last_handshake_in = recv_type; - - length32 = ret; - - if (length32 > 0) - dataptr = MHD_gnutls_malloc (length32); - else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - if (dataptr == NULL && length32 > 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - if (datalen != NULL) - *datalen = length32; - - if (length32 > 0) - { - ret = - MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, dataptr, length32); - if (ret <= 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (dataptr); - return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret; - } - } - - if (data != NULL && length32 > 0) - *data = dataptr; - - - ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type, - session->internals. - handshake_header_buffer.header, - session->internals. - handshake_header_buffer.header_size, - dataptr, length32); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD__gnutls_handshake_header_buffer_clear (session); - return ret; - } - - /* If we fail before this then we will reuse the handshake header - * have have received above. if we get here the we clear the handshake - * header we received. - */ - MHD__gnutls_handshake_header_buffer_clear (session); - - switch (recv_type) - { - case GNUTLS_HANDSHAKE_CLIENT_HELLO: - case GNUTLS_HANDSHAKE_SERVER_HELLO: - ret = MHD_gtls_recv_hello (session, dataptr, length32); - /* dataptr is freed because the caller does not - * need it */ - MHD_gnutls_free (dataptr); - if (data != NULL) - *data = NULL; - break; - case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: - if (length32 == 0) - ret = 0; - else - ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - break; - case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: - case GNUTLS_HANDSHAKE_FINISHED: - case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: - case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: - case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: - case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: - case GNUTLS_HANDSHAKE_SUPPLEMENTAL: - ret = length32; - break; - default: - MHD_gnutls_assert (); - MHD_gnutls_free (dataptr); - if (data != NULL) - *data = NULL; - ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; - } - - return ret; -} - -#if MHD_DEBUG_TLS -/* This function checks if the given cipher suite is supported, and sets it - * to the session; - */ -static int -MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, - opaque suite[2]) -{ - uint8_t z; - cipher_suite_st *cipher_suites; - int cipher_suite_num; - int i, err; - - z = 1; - cipher_suite_num = - MHD_gtls_supported_ciphersuites (session, &cipher_suites); - if (cipher_suite_num < 0) - { - MHD_gnutls_assert (); - return cipher_suite_num; - } - - for (i = 0; i < cipher_suite_num; i++) - { - if (memcmp (&cipher_suites[i], suite, 2) == 0) - { - z = 0; - break; - } - } - - MHD_gnutls_free (cipher_suites); - - if (z != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_CIPHER_SUITE; - } - - memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); - - MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session, - MHD_gtls_cipher_suite_get_name - (&session->security_parameters. - current_cipher_suite)); - - - /* check if the credentials (username, public key etc.) are ok. - * Actually checks if they exist. - */ - if (MHD_gtls_get_kx_cred - (session, - MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters.current_cipher_suite), &err) == NULL - && err != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - - /* set the MHD_gtls_mod_auth_st to the appropriate struct - * according to the KX algorithm. This is needed since all the - * handshake functions are read from there; - */ - session->internals.auth_struct = - MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite)); - - if (session->internals.auth_struct == NULL) - { - - MHD__gnutls_handshake_log - ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n", - session); - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - - return 0; -} - - -/* This function sets the given comp method to the session. - */ -static int -MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session, - opaque comp_method) -{ - int comp_methods_num; - uint8_t *compression_methods; - int i; - - comp_methods_num = MHD_gtls_supported_compression_methods (session, - &compression_methods); - if (comp_methods_num < 0) - { - MHD_gnutls_assert (); - return comp_methods_num; - } - - for (i = 0; i < comp_methods_num; i++) - { - if (compression_methods[i] == comp_method) - { - comp_methods_num = 0; - break; - } - } - - MHD_gnutls_free (compression_methods); - - if (comp_methods_num != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - } - - session->internals.compression_method = - MHD_gtls_compression_get_id_from_int (comp_method); - - - return 0; -} - -/* This function returns 0 if we are resuming a session or -1 otherwise. - * This also sets the variables in the session. Used only while reading a server - * hello. - */ -static int -MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, - opaque * session_id, int session_id_len) -{ - opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; - - MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, - session_id_len); - MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, - MHD_gtls_bin2hex (session_id, session_id_len, - (char *) buf, sizeof (buf))); - - if (session_id_len > 0 && - session->internals.resumed_security_parameters.session_id_size == - session_id_len - && memcmp (session_id, - session->internals.resumed_security_parameters.session_id, - session_id_len) == 0) - { - /* resume session */ - memcpy (session->internals.resumed_security_parameters.server_random, - session->security_parameters.server_random, TLS_RANDOM_SIZE); - memcpy (session->internals.resumed_security_parameters.client_random, - session->security_parameters.client_random, TLS_RANDOM_SIZE); - session->internals.resumed = RESUME_TRUE; /* we are resuming */ - - return 0; - } - else - { - /* keep the new session id */ - session->internals.resumed = RESUME_FALSE; /* we are not resuming */ - session->security_parameters.session_id_size = session_id_len; - memcpy (session->security_parameters.session_id, - session_id, session_id_len); - - return -1; - } -} - -/* This function reads and parses the server hello handshake message. - * This function also restores resumed parameters if we are resuming a - * session. - */ -static int -MHD__gnutls_read_server_hello (MHD_gtls_session_t session, - opaque * data, int datalen) -{ - uint8_t session_id_len = 0; - int pos = 0; - int ret = 0; - enum MHD_GNUTLS_Protocol version; - int len = datalen; - - if (datalen < 38) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n", - session, data[pos], data[pos + 1]); - - DECR_LEN (len, 2); - version = MHD_gtls_version_get (data[pos], data[pos + 1]); - if (MHD_gtls_version_is_supported (session, version) == 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; - } - else - { - MHD_gtls_set_current_version (session, version); - } - - pos += 2; - - DECR_LEN (len, TLS_RANDOM_SIZE); - MHD_gtls_set_server_random (session, &data[pos]); - pos += TLS_RANDOM_SIZE; - - - /* Read session ID - */ - DECR_LEN (len, 1); - session_id_len = data[pos++]; - - if (len < session_id_len) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; - } - DECR_LEN (len, session_id_len); - - - /* check if we are resuming and set the appropriate - * values; - */ - if (MHD__gnutls_client_check_if_resuming - (session, &data[pos], session_id_len) == 0) - return 0; - pos += session_id_len; - - - /* Check if the given cipher suite is supported and copy - * it to the session. - */ - - DECR_LEN (len, 2); - ret = MHD__gnutls_client_set_ciphersuite (session, &data[pos]); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - pos += 2; - - - - /* move to compression */ - DECR_LEN (len, 1); - - ret = MHD__gnutls_client_set_comp_method (session, data[pos++]); - if (ret < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM; - } - - /* Parse extensions. - */ - if (version >= MHD_GNUTLS_PROTOCOL_TLS1_0) - { - ret = MHD_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len); /* len is the rest of the parsed length */ - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - return ret; -} - - -/* This function copies the appropriate ciphersuites to a locally allocated buffer - * Needed in client hello messages. Returns the new data length. - */ -int -MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session, - opaque * ret_data, size_t ret_data_size) -{ - int ret, i; - cipher_suite_st *cipher_suites; - uint16_t cipher_num; - int datalen, pos; - - ret = MHD_gtls_supported_ciphersuites_sorted (session, &cipher_suites); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* Here we remove any ciphersuite that does not conform - * the certificate requested, or to the - * authentication requested (eg SRP). - */ - ret = - MHD_gtls_remove_unwanted_ciphersuites (session, &cipher_suites, ret, -1); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (cipher_suites); - return ret; - } - - /* If no cipher suites were enabled. - */ - if (ret == 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (cipher_suites); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } - - cipher_num = ret; - - cipher_num *= sizeof (uint16_t); /* in order to get bytes */ - - datalen = pos = 0; - - datalen += sizeof (uint16_t) + cipher_num; - - if ((size_t) datalen > ret_data_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - MHD_gtls_write_uint16 (cipher_num, ret_data); - pos += 2; - - for (i = 0; i < (cipher_num / 2); i++) - { - memcpy (&ret_data[pos], cipher_suites[i].suite, 2); - pos += 2; - } - MHD_gnutls_free (cipher_suites); - - return datalen; -} - -/* This function copies the appropriate compression methods, to a locally allocated buffer - * Needed in hello messages. Returns the new data length. - */ -static int -MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, - opaque * ret_data, size_t ret_data_size) -{ - int ret, i; - uint8_t *compression_methods, comp_num; - int datalen, pos; - - ret = - MHD_gtls_supported_compression_methods (session, &compression_methods); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - comp_num = ret; - - datalen = pos = 0; - datalen += comp_num + 1; - - if ((size_t) datalen > ret_data_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - ret_data[pos++] = comp_num; /* put the number of compression methods */ - - for (i = 0; i < comp_num; i++) - { - ret_data[pos++] = compression_methods[i]; - } - - MHD_gnutls_free (compression_methods); - - return datalen; -} - -static void -MHD_gtls_set_adv_version (MHD_gtls_session_t session, - enum MHD_GNUTLS_Protocol ver) -{ - set_adv_version (session, MHD_gtls_version_get_major (ver), - MHD_gtls_version_get_minor (ver)); -} - -/* This function sends the client hello handshake message. - */ -static int -MHD__gnutls_send_client_hello (MHD_gtls_session_t session, int again) -{ - opaque *data = NULL; - int extdatalen; - int pos = 0; - int datalen = 0, ret = 0; - opaque rnd[TLS_RANDOM_SIZE]; - enum MHD_GNUTLS_Protocol hver; - opaque extdata[MAX_EXT_DATA_LENGTH]; - - opaque *SessionID = - session->internals.resumed_security_parameters.session_id; - uint8_t session_id_len = - session->internals.resumed_security_parameters.session_id_size; - - if (SessionID == NULL) - session_id_len = 0; - else if (session_id_len == 0) - SessionID = NULL; - - if (again == 0) - { - - datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE; - /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE) - */ - - data = MHD_gnutls_malloc (datalen); - if (data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - /* if we are resuming a session then we set the - * version number to the previously established. - */ - if (SessionID == NULL) - hver = MHD_gtls_version_max (session); - else - { /* we are resuming a session */ - hver = session->internals.resumed_security_parameters.version; - } - - if (hver == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN || hver == 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (data); - return GNUTLS_E_INTERNAL_ERROR; - } - - data[pos++] = MHD_gtls_version_get_major (hver); - data[pos++] = MHD_gtls_version_get_minor (hver); - - /* Set the version we advertized as maximum - * (RSA uses it). - */ - MHD_gtls_set_adv_version (session, hver); - - /* Some old implementations do not interoperate if we send a - * different version in the record layer. - * It seems they prefer to read the record's version - * as the one we actually requested. - * The proper behaviour is to use the one in the client hello - * handshake packet and ignore the one in the packet's record - * header. - */ - MHD_gtls_set_current_version (session, hver); - - /* In order to know when this session was initiated. - */ - session->security_parameters.timestamp = time (NULL); - - /* Generate random data - */ - MHD_gtls_tls_create_random (rnd); - MHD_gtls_set_client_random (session, rnd); - - memcpy (&data[pos], rnd, TLS_RANDOM_SIZE); - pos += TLS_RANDOM_SIZE; - - /* Copy the Session ID */ - data[pos++] = session_id_len; - - if (session_id_len > 0) - { - memcpy (&data[pos], SessionID, session_id_len); - pos += session_id_len; - } - - - /* Copy the ciphersuites. - */ - extdatalen = - MHD__gnutls_copy_ciphersuites (session, extdata, sizeof (extdata)); - if (extdatalen > 0) - { - datalen += extdatalen; - data = MHD_gtls_realloc_fast (data, datalen); - if (data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - memcpy (&data[pos], extdata, extdatalen); - pos += extdatalen; - - } - else - { - if (extdatalen == 0) - extdatalen = GNUTLS_E_INTERNAL_ERROR; - MHD_gnutls_free (data); - MHD_gnutls_assert (); - return extdatalen; - } - - - /* Copy the compression methods. - */ - extdatalen = - MHD__gnutls_copy_comp_methods (session, extdata, sizeof (extdata)); - if (extdatalen > 0) - { - datalen += extdatalen; - data = MHD_gtls_realloc_fast (data, datalen); - if (data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - memcpy (&data[pos], extdata, extdatalen); - pos += extdatalen; - - } - else - { - if (extdatalen == 0) - extdatalen = GNUTLS_E_INTERNAL_ERROR; - MHD_gnutls_free (data); - MHD_gnutls_assert (); - return extdatalen; - } - - /* Generate and copy TLS extensions. - */ - if (hver >= MHD_GNUTLS_PROTOCOL_TLS1_0) - { - extdatalen = - MHD_gtls_gen_extensions (session, extdata, sizeof (extdata)); - - if (extdatalen > 0) - { - datalen += extdatalen; - data = MHD_gtls_realloc_fast (data, datalen); - if (data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - memcpy (&data[pos], extdata, extdatalen); - } - else if (extdatalen < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_free (data); - return extdatalen; - } - } - } - - ret = - MHD_gtls_send_handshake (session, data, datalen, - GNUTLS_HANDSHAKE_CLIENT_HELLO); - MHD_gnutls_free (data); - - return ret; -} -#endif - -static int -MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) -{ - opaque *data = NULL; - opaque extdata[MAX_EXT_DATA_LENGTH]; - int extdatalen; - int pos = 0; - int datalen, ret = 0; - uint8_t comp; - opaque *SessionID = session->security_parameters.session_id; - uint8_t session_id_len = session->security_parameters.session_id_size; - opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; - - if (SessionID == NULL) - session_id_len = 0; - - datalen = 0; - - if (again == 0) - { - datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3; - extdatalen = - MHD_gtls_gen_extensions (session, extdata, sizeof (extdata)); - - if (extdatalen < 0) - { - MHD_gnutls_assert (); - return extdatalen; - } - - data = MHD_gnutls_alloca (datalen + extdatalen); - if (data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - data[pos++] = - MHD_gtls_version_get_major (session->security_parameters.version); - data[pos++] = - MHD_gtls_version_get_minor (session->security_parameters.version); - - memcpy (&data[pos], - session->security_parameters.server_random, TLS_RANDOM_SIZE); - pos += TLS_RANDOM_SIZE; - - data[pos++] = session_id_len; - if (session_id_len > 0) - { - memcpy (&data[pos], SessionID, session_id_len); - } - pos += session_id_len; - - MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, - MHD_gtls_bin2hex (SessionID, session_id_len, - (char *) buf, - sizeof (buf))); - - memcpy (&data[pos], - session->security_parameters.current_cipher_suite.suite, 2); - pos += 2; - - comp = - (uint8_t) MHD_gtls_compression_get_num (session-> - internals.compression_method); - data[pos++] = comp; - - - if (extdatalen > 0) - { - datalen += extdatalen; - - memcpy (&data[pos], extdata, extdatalen); - } - } - - ret = - MHD_gtls_send_handshake (session, data, datalen, - GNUTLS_HANDSHAKE_SERVER_HELLO); - MHD_gnutls_afree (data); - - return ret; -} - -int -MHD_gtls_send_hello (MHD_gtls_session_t session, int again) -{ - int ret; -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - ret = MHD__gnutls_send_client_hello (session, again); - - } - else -#endif - { /* SERVER */ - ret = MHD__gnutls_send_server_hello (session, again); - } - - return ret; -} - -/* RECEIVE A HELLO MESSAGE. This should be called from MHD_gnutls_recv_handshake_int only if a - * hello message is expected. It uses the security_parameters.current_cipher_suite - * and internals.compression_method. - */ -int -MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data, int datalen) -{ - int ret; -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - ret = MHD__gnutls_read_server_hello (session, data, datalen); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - else -#endif - { /* Server side reading a client hello */ - - ret = MHD__gnutls_read_client_hello (session, data, datalen); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - return ret; -} - -/* The packets in MHD__gnutls_handshake (it's more broad than original TLS handshake) - * - * Client Server - * - * ClientHello --------> - * <-------- ServerHello - * - * Certificate* - * ServerKeyExchange* - * <-------- CertificateRequest* - * - * <-------- ServerHelloDone - * Certificate* - * ClientKeyExchange - * CertificateVerify* - * [ChangeCipherSpec] - * Finished --------> - * [ChangeCipherSpec] - * <-------- Finished - * - * (*): means optional packet. - */ - -/** - * MHD__gnutls_rehandshake - This function will renegotiate security parameters - * @session: is a #MHD_gtls_session_t structure. - * - * This function will renegotiate security parameters with the - * client. This should only be called in case of a server. - * - * This message informs the peer that we want to renegotiate - * parameters (perform a handshake). - * - * If this function succeeds (returns 0), you must call the - * MHD__gnutls_handshake() function in order to negotiate the new - * parameters. - * - * If the client does not wish to renegotiate parameters he will - * should with an alert message, thus the return code will be - * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be - * %GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore - * this message. - * - * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. - * - **/ -int -MHD__gnutls_rehandshake (MHD_gtls_session_t session) -{ - int ret; - - ret = - MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, - AGAIN (STATE50)); - STATE = STATE50; - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - STATE = STATE0; - - return 0; -} - -inline static int -MHD__gnutls_abort_handshake (MHD_gtls_session_t session, int ret) -{ - if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) && - (MHD_gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION)) - || ret == GNUTLS_E_GOT_APPLICATION_DATA) - return 0; - - /* this doesn't matter */ - return GNUTLS_E_INTERNAL_ERROR; -} - -/* This function initialized the handshake hash session. - * required for finished messages. - */ -inline static int -MHD__gnutls_handshake_hash_init (MHD_gtls_session_t session) -{ - - if (session->internals.handshake_mac_handle_md5 == NULL) - { - session->internals.handshake_mac_handle_md5 = - MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); - - if (session->internals.handshake_mac_handle_md5 == GNUTLS_HASH_FAILED) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - } - - if (session->internals.handshake_mac_handle_sha == NULL) - { - session->internals.handshake_mac_handle_sha = - MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); - if (session->internals.handshake_mac_handle_sha == GNUTLS_HASH_FAILED) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - } - - return 0; -} - -static int -MHD__gnutls_send_supplemental (MHD_gtls_session_t session, int again) -{ - int ret = 0; - - MHD__gnutls_debug_log ("EXT[%x]: Sending supplemental data\n", session); - - if (again) - ret = MHD_gtls_send_handshake (session, NULL, 0, - GNUTLS_HANDSHAKE_SUPPLEMENTAL); - else - { - MHD_gtls_buffer buf; - MHD_gtls_buffer_init (&buf); - - ret = MHD__gnutls_gen_supplemental (session, &buf); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD_gtls_send_handshake (session, buf.data, buf.length, - GNUTLS_HANDSHAKE_SUPPLEMENTAL); - MHD_gtls_buffer_clear (&buf); - } - - return ret; -} - -static int -MHD__gnutls_recv_supplemental (MHD_gtls_session_t session) -{ - uint8_t *data = NULL; - int datalen = 0; - int ret; - - MHD__gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session); - - ret = MHD_gtls_recv_handshake (session, &data, &datalen, - GNUTLS_HANDSHAKE_SUPPLEMENTAL, - OPTIONAL_PACKET); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD__gnutls_parse_supplemental (session, data, datalen); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gnutls_free (data); - - return ret; -} - -/** - * MHD__gnutls_handshake - This is the main function in the handshake protocol. - * @session: is a #MHD_gtls_session_t structure. - * - * This function does the handshake of the TLS/SSL protocol, and - * initializes the TLS connection. - * - * This function will fail if any problem is encountered, and will - * return a negative error code. In case of a client, if the client - * has asked to resume a session, but the server couldn't, then a - * full handshake will be performed. - * - * The non-fatal errors such as %GNUTLS_E_AGAIN and - * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which - * should be later be resumed. Call this function again, until it - * returns 0; cf. MHD__gnutls_record_get_direction() and - * MHD_gtls_error_is_fatal(). - * - * If this function is called by a server after a rehandshake request - * then %GNUTLS_E_GOT_APPLICATION_DATA or - * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these - * are non fatal errors, only in the specific case of a rehandshake. - * Their meaning is that the client rejected the rehandshake request. - * - * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. - * - **/ -int -MHD__gnutls_handshake (MHD_gtls_session_t session) -{ - int ret; - - if ((ret = MHD__gnutls_handshake_hash_init (session)) < 0) - { - MHD_gnutls_assert (); - return ret; - } -#if MHD_DEBUG_TLS - if (session->security_parameters.entity == GNUTLS_CLIENT) - { - ret = MHD_gtls_handshake_client (session); - } - else -#endif - { - ret = MHD_gtls_handshake_server (session); - } - - if (ret < 0) - { - /* In the case of a rehandshake abort - * we should reset the handshake's internal state. - */ - if (MHD__gnutls_abort_handshake (session, ret) == 0) - STATE = STATE0; - - return ret; - } - - ret = MHD_gtls_handshake_common (session); - - if (ret < 0) - { - if (MHD__gnutls_abort_handshake (session, ret) == 0) - STATE = STATE0; - - return ret; - } - - STATE = STATE0; - - MHD__gnutls_handshake_io_buffer_clear (session); - MHD_gtls_handshake_internal_state_clear (session); - - return 0; -} - -#define IMED_RET( str, ret) do { \ - if (ret < 0) { \ - if (MHD_gtls_error_is_fatal(ret)==0) return ret; \ - MHD_gnutls_assert(); \ - ERR( str, ret); \ - MHD__gnutls_handshake_hash_buffers_clear(session); \ - return ret; \ - } } while (0) - - -#if MHD_DEBUG_TLS -/* - * MHD_gtls_handshake_client - * This function performs the client side of the handshake of the TLS/SSL protocol. - */ -static int -MHD_gtls_handshake_client (MHD_gtls_session_t session) -{ - int ret = 0; - - switch (STATE) - { - case STATE0: - case STATE1: - ret = MHD_gtls_send_hello (session, AGAIN (STATE1)); - STATE = STATE1; - IMED_RET ("send hello", ret); - - case STATE2: - /* receive the server hello */ - ret = - MHD_gtls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_SERVER_HELLO, - MANDATORY_PACKET); - STATE = STATE2; - IMED_RET ("recv hello", ret); - - case STATE70: - if (session->security_parameters.extensions.do_recv_supplemental) - { - ret = MHD__gnutls_recv_supplemental (session); - STATE = STATE70; - IMED_RET ("recv supplemental", ret); - } - - case STATE3: - /* RECV CERTIFICATE */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_recv_server_certificate (session); - STATE = STATE3; - IMED_RET ("recv server certificate", ret); - - case STATE4: - /* receive the server key exchange */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_recv_server_kx_message (session); - STATE = STATE4; - IMED_RET ("recv server kx message", ret); - - case STATE5: - /* receive the server certificate request - if any - */ - - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_recv_server_certificate_request (session); - STATE = STATE5; - IMED_RET ("recv server certificate request message", ret); - - case STATE6: - /* receive the server hello done */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - MHD_gtls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - MANDATORY_PACKET); - STATE = STATE6; - IMED_RET ("recv server hello done", ret); - - case STATE71: - if (session->security_parameters.extensions.do_send_supplemental) - { - ret = MHD__gnutls_send_supplemental (session, AGAIN (STATE71)); - STATE = STATE71; - IMED_RET ("send supplemental", ret); - } - - case STATE7: - /* send our certificate - if any and if requested - */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_send_client_certificate (session, AGAIN (STATE7)); - STATE = STATE7; - IMED_RET ("send client certificate", ret); - - case STATE8: - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_send_client_kx_message (session, AGAIN (STATE8)); - STATE = STATE8; - IMED_RET ("send client kx", ret); - - case STATE9: - /* send client certificate verify */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - MHD_gtls_send_client_certificate_verify (session, AGAIN (STATE9)); - STATE = STATE9; - IMED_RET ("send client certificate verify", ret); - - STATE = STATE0; - default: - break; - } - - - return 0; -} -#endif - -/* This function sends the final handshake packets and initializes connection - */ -static int -MHD__gnutls_send_handshake_final (MHD_gtls_session_t session, int init) -{ - int ret = 0; - - /* Send the CHANGE CIPHER SPEC PACKET */ - - switch (STATE) - { - case STATE0: - case STATE20: - ret = MHD_gtls_send_change_cipher_spec (session, AGAIN (STATE20)); - STATE = STATE20; - if (ret < 0) - { - ERR ("send ChangeCipherSpec", ret); - MHD_gnutls_assert (); - return ret; - } - - /* Initialize the connection session (start encryption) - in case of client - */ - if (init == TRUE) - { - ret = MHD_gtls_connection_state_init (session); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - ret = MHD_gtls_write_connection_state_init (session); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - case STATE21: - /* send the finished message */ - ret = MHD__gnutls_send_finished (session, AGAIN (STATE21)); - STATE = STATE21; - if (ret < 0) - { - ERR ("send Finished", ret); - MHD_gnutls_assert (); - return ret; - } - - STATE = STATE0; - default: - break; - } - - return 0; -} - -/* This function receives the final handshake packets - * And executes the appropriate function to initialize the - * read session. - */ -static int -MHD__gnutls_recv_handshake_final (MHD_gtls_session_t session, int init) -{ - int ret = 0; - uint8_t ch; - - switch (STATE) - { - case STATE0: - case STATE30: - ret = - MHD_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); - STATE = STATE30; - if (ret <= 0) - { - ERR ("recv ChangeCipherSpec", ret); - MHD_gnutls_assert (); - return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - /* Initialize the connection session (start encryption) - in case of server */ - if (init == TRUE) - { - ret = MHD_gtls_connection_state_init (session); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - ret = MHD_gtls_read_connection_state_init (session); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - case STATE31: - ret = MHD__gnutls_recv_finished (session); - STATE = STATE31; - if (ret < 0) - { - ERR ("recv finished", ret); - MHD_gnutls_assert (); - return ret; - } - STATE = STATE0; - default: - break; - } - - - return 0; -} - - /* - * MHD_gtls_handshake_server - * This function does the server stuff of the handshake protocol. - */ - -static int -MHD_gtls_handshake_server (MHD_gtls_session_t session) -{ - int ret = 0; - - switch (STATE) - { - case STATE0: - case STATE1: - ret = - MHD_gtls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_CLIENT_HELLO, - MANDATORY_PACKET); - STATE = STATE1; - IMED_RET ("recv hello", ret); - - case STATE2: - ret = MHD_gtls_send_hello (session, AGAIN (STATE2)); - STATE = STATE2; - IMED_RET ("send hello", ret); - - case STATE70: - if (session->security_parameters.extensions.do_send_supplemental) - { - ret = MHD__gnutls_send_supplemental (session, AGAIN (STATE70)); - STATE = STATE70; - IMED_RET ("send supplemental data", ret); - } - - /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */ - case STATE3: - /* NOTE: these should not be send if we are resuming */ - - if (session->internals.resumed == RESUME_FALSE) - ret = MHD_gtls_send_server_certificate (session, AGAIN (STATE3)); - STATE = STATE3; - IMED_RET ("send server certificate", ret); - - case STATE4: - /* send server key exchange (A) */ - if (session->internals.resumed == RESUME_FALSE) - ret = MHD_gtls_send_server_kx_message (session, AGAIN (STATE4)); - STATE = STATE4; - IMED_RET ("send server kx", ret); - - case STATE5: - /* Send certificate request - if requested to */ - if (session->internals.resumed == RESUME_FALSE) - ret = - MHD_gtls_send_server_certificate_request (session, AGAIN (STATE5)); - STATE = STATE5; - IMED_RET ("send server cert request", ret); - - case STATE6: - /* send the server hello done */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - MHD__gnutls_send_empty_handshake (session, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - AGAIN (STATE6)); - STATE = STATE6; - IMED_RET ("send server hello done", ret); - - case STATE71: - if (session->security_parameters.extensions.do_recv_supplemental) - { - ret = MHD__gnutls_recv_supplemental (session); - STATE = STATE71; - IMED_RET ("recv client supplemental", ret); - } - - /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */ - case STATE7: - /* receive the client certificate message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_recv_client_certificate (session); - STATE = STATE7; - IMED_RET ("recv client certificate", ret); - - case STATE8: - /* receive the client key exchange message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_recv_client_kx_message (session); - STATE = STATE8; - IMED_RET ("recv client kx", ret); - - case STATE9: - /* receive the client certificate verify message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = MHD_gtls_recv_client_certificate_verify_message (session); - STATE = STATE9; - IMED_RET ("recv client certificate verify", ret); - - STATE = STATE0; /* finished thus clear session */ - default: - break; - } - - return 0; -} - -static int -MHD_gtls_handshake_common (MHD_gtls_session_t session) -{ - int ret = 0; - - /* send and recv the change cipher spec and finished messages */ - if ((session->internals.resumed == RESUME_TRUE - && session->security_parameters.entity == GNUTLS_CLIENT) - || (session->internals.resumed == RESUME_FALSE - && session->security_parameters.entity == GNUTLS_SERVER)) - { - /* if we are a client resuming - or we are a server not resuming */ - - ret = MHD__gnutls_recv_handshake_final (session, TRUE); - IMED_RET ("recv handshake final", ret); - - ret = MHD__gnutls_send_handshake_final (session, FALSE); - IMED_RET ("send handshake final", ret); - } - else - { /* if we are a client not resuming - or we are a server resuming */ - - ret = MHD__gnutls_send_handshake_final (session, TRUE); - IMED_RET ("send handshake final 2", ret); - - ret = MHD__gnutls_recv_handshake_final (session, FALSE); - IMED_RET ("recv handshake final 2", ret); - } - - /* clear handshake buffer */ - MHD__gnutls_handshake_hash_buffers_clear (session); - return ret; - -} - -static int -MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) -{ - *len = TLS_MAX_SESSION_ID_SIZE; - - if (MHD_gc_nonce ((char *) session_id, *len) != GC_OK) - { - MHD_gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } - - return 0; -} - -int -MHD_gtls_recv_hello_request (MHD_gtls_session_t session, void *data, - uint32_t data_size) -{ - uint8_t type; - - if (session->security_parameters.entity == GNUTLS_SERVER) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - } - if (data_size < 1) - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - type = ((uint8_t *) data)[0]; - if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST) - return GNUTLS_E_REHANDSHAKE; - else - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - } -} - -/* Returns 1 if the given KX has not the corresponding parameters - * (DH or RSA) set up. Otherwise returns 0. - */ -inline static int -check_server_params (MHD_gtls_session_t session, - enum MHD_GNUTLS_KeyExchangeAlgorithm kx, - enum MHD_GNUTLS_KeyExchangeAlgorithm *alg, int alg_size) -{ - int cred_type; - MHD_gtls_dh_params_t dh_params = NULL; - MHD_gtls_rsa_params_t rsa_params = NULL; - int j; - - cred_type = MHD_gtls_map_kx_get_cred (kx, 1); - - /* Read the Diffie Hellman parameters, if any. - */ - if (cred_type == MHD_GNUTLS_CRD_CERTIFICATE) - { - int delete; - MHD_gtls_cert_credentials_t x509_cred = - (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, - cred_type, NULL); - - if (x509_cred != NULL) - { - dh_params = - MHD_gtls_get_dh_params (x509_cred->dh_params, - x509_cred->params_func, session); - rsa_params = - MHD_gtls_certificate_get_rsa_params (x509_cred->rsa_params, - x509_cred->params_func, - session); - } - - /* Check also if the certificate supports the - * KX method. - */ - delete = 1; - for (j = 0; j < alg_size; j++) - { - if (alg[j] == kx) - { - delete = 0; - break; - } - } - - if (delete == 1) - return 1; - - } - else - return 0; /* no need for params */ - - - /* If the key exchange method needs RSA or DH params, - * but they are not set then remove it. - */ - if (MHD_gtls_kx_needs_rsa_params (kx) != 0) - { - /* needs rsa params. */ - if (MHD__gnutls_rsa_params_to_mpi (rsa_params) == NULL) - { - MHD_gnutls_assert (); - return 1; - } - } - - if (MHD_gtls_kx_needs_dh_params (kx) != 0) - { - /* needs DH params. */ - if (MHD_gtls_dh_params_to_mpi (dh_params) == NULL) - { - MHD_gnutls_assert (); - return 1; - } - } - - return 0; -} - -/* This function will remove algorithms that are not supported by - * the requested authentication method. We remove an algorithm if - * we have a certificate with keyUsage bits set. - * - * This does a more high level check than MHD_gnutls_supported_ciphersuites(), - * by checking certificates etc. - */ -static int -MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, - cipher_suite_st ** cipherSuites, - int numCipherSuites, - enum MHD_GNUTLS_PublicKeyAlgorithm - requested_pk_algo) -{ - - int ret = 0; - cipher_suite_st *newSuite, cs; - int newSuiteSize = 0, i; - MHD_gtls_cert_credentials_t cert_cred; - enum MHD_GNUTLS_KeyExchangeAlgorithm kx; - int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; - enum MHD_GNUTLS_KeyExchangeAlgorithm *alg = NULL; - int alg_size = 0; - - /* if we should use a specific certificate, - * we should remove all algorithms that are not supported - * by that certificate and are on the same authentication - * method (CERTIFICATE). - */ - - cert_cred = - (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, - MHD_GNUTLS_CRD_CERTIFICATE, - NULL); - - /* If there are certificate credentials, find an appropriate certificate - * or disable them; - */ - if (session->security_parameters.entity == GNUTLS_SERVER - && cert_cred != NULL) - { - ret = MHD_gtls_server_select_cert (session, requested_pk_algo); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD__gnutls_x509_log - ("Could not find an appropriate certificate: %s\n", - MHD_gtls_strerror (ret)); - cert_cred = NULL; - } - } - - /* get all the key exchange algorithms that are - * supported by the X509 certificate parameters. - */ - if ((ret = - MHD_gtls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - newSuite = MHD_gnutls_malloc (numCipherSuites * sizeof (cipher_suite_st)); - if (newSuite == NULL) - { - MHD_gnutls_assert (); - MHD_gnutls_free (alg); - return GNUTLS_E_MEMORY_ERROR; - } - - /* now removes ciphersuites based on the KX algorithm - */ - for (i = 0; i < numCipherSuites; i++) - { - int delete = 0; - - /* finds the key exchange algorithm in - * the ciphersuite - */ - kx = MHD_gtls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]); - - /* if it is defined but had no credentials - */ - if (MHD_gtls_get_kx_cred (session, kx, NULL) == NULL) - { - delete = 1; - } - else - { - delete = 0; - - if (server) - delete = check_server_params (session, kx, alg, alg_size); - } - memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2); - - if (delete == 0) - { - - MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n", - session, - MHD_gtls_cipher_suite_get_name (&cs)); - - memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); - newSuiteSize++; - } - else - { - MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n", - session, - MHD_gtls_cipher_suite_get_name (&cs)); - - } - } - - MHD_gnutls_free (alg); - MHD_gnutls_free (*cipherSuites); - *cipherSuites = newSuite; - - ret = newSuiteSize; - - return ret; - -} - -enum MHD_GNUTLS_Protocol -MHD_gtls_get_adv_version (MHD_gtls_session_t session) -{ - return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session), - MHD__gnutls_get_adv_version_minor (session)); -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h deleted file mode 100644 index 58c95a84fe..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -typedef enum Optional -{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional; - -int MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data, - uint32_t i_datasize, - MHD_gnutls_handshake_description_t type); -int MHD_gtls_recv_hello_request (MHD_gtls_session_t session, void *data, - uint32_t data_size); -int MHD_gtls_send_hello (MHD_gtls_session_t session, int again); -int MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data, - int datalen); -int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *, - MHD_gnutls_handshake_description_t, - Optional optional); -void -MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, - size_t max); - -#define STATE session->internals.handshake_state -/* This returns true if we have got there - * before (and not finished due to an interrupt). - */ -#define AGAIN(target) STATE==target?1:0 diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_hash_int.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_hash_int.c deleted file mode 100644 index cc61203d11..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_hash_int.c +++ /dev/null @@ -1,448 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file handles all the internal functions that cope with hashes - * and HMACs. - */ - -#include <gnutls_int.h> -#include <gnutls_hash_int.h> -#include <gnutls_errors.h> - -static inline Gc_hash -MHD__gnutls_mac2gc (enum MHD_GNUTLS_HashAlgorithm mac) -{ - switch (mac) - { - case MHD_GNUTLS_MAC_NULL: - return -1; - break; - case MHD_GNUTLS_MAC_SHA1: - return GC_SHA1; - break; - case MHD_GNUTLS_MAC_SHA256: - return GC_SHA256; - break; - case MHD_GNUTLS_MAC_MD5: - return GC_MD5; - break; - default: - MHD_gnutls_assert (); - return -1; - } - return -1; -} - -GNUTLS_HASH_HANDLE -MHD_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm algorithm) -{ - mac_hd_t ret; - int result; - - ret = MHD_gnutls_malloc (sizeof (mac_hd_st)); - if (ret == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_HASH_FAILED; - } - - ret->algorithm = algorithm; - - result = MHD_gc_hash_open (MHD__gnutls_mac2gc (algorithm), 0, &ret->handle); - if (result) - { - MHD_gnutls_assert (); - MHD_gnutls_free (ret); - ret = GNUTLS_HASH_FAILED; - } - - return ret; -} - -int -MHD_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm) -{ - int ret; - - ret = MHD_gc_hash_digest_length (MHD__gnutls_mac2gc (algorithm)); - - return ret; - -} - -int -MHD_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen) -{ - if (textlen > 0) - MHD_gc_hash_write (handle->handle, textlen, text); - return 0; -} - -GNUTLS_HASH_HANDLE -MHD_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle) -{ - GNUTLS_HASH_HANDLE ret; - int result; - - ret = MHD_gnutls_malloc (sizeof (mac_hd_st)); - - if (ret == NULL) - return GNUTLS_HASH_FAILED; - - ret->algorithm = handle->algorithm; - ret->key = NULL; /* it's a hash anyway */ - ret->keysize = 0; - - result = MHD_gc_hash_clone (handle->handle, &ret->handle); - - if (result) - { - MHD_gnutls_free (ret); - return GNUTLS_HASH_FAILED; - } - - return ret; -} - -void -MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest) -{ - const opaque *mac; - int maclen; - - maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); - - mac = (unsigned char *) MHD_gc_hash_read (handle->handle); - if (digest != NULL) - memcpy (digest, mac, maclen); - - MHD_gc_hash_close (handle->handle); - - MHD_gnutls_free (handle); -} - - -mac_hd_t -MHD_gtls_MHD_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, - const void *key, int keylen) -{ - mac_hd_t ret; - int result; - - ret = MHD_gnutls_malloc (sizeof (mac_hd_st)); - if (ret == NULL) - return GNUTLS_MAC_FAILED; - - result = - MHD_gc_hash_open (MHD__gnutls_mac2gc (algorithm), GC_HMAC, &ret->handle); - if (result) - { - MHD_gnutls_free (ret); - return GNUTLS_MAC_FAILED; - } - - MHD_gc_hash_MHD_hmac_setkey (ret->handle, keylen, key); - - ret->algorithm = algorithm; - ret->key = key; - ret->keysize = keylen; - - return ret; -} - -void -MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest) -{ - const opaque *mac; - int maclen; - - maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); - - mac = (unsigned char *) MHD_gc_hash_read (handle->handle); - - if (digest != NULL) - memcpy (digest, mac, maclen); - - MHD_gc_hash_close (handle->handle); - - MHD_gnutls_free (handle); -} - -inline static int -get_padsize (enum MHD_GNUTLS_HashAlgorithm algorithm) -{ - switch (algorithm) - { - case MHD_GNUTLS_MAC_MD5: - return 48; - case MHD_GNUTLS_MAC_SHA1: - return 40; - default: - return 0; - } -} - -mac_hd_t -MHD_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key, - int keylen) -{ - mac_hd_t ret; - opaque ipad[48]; - int padsize; - - padsize = get_padsize (algorithm); - if (padsize == 0) - { - MHD_gnutls_assert (); - return GNUTLS_MAC_FAILED; - } - - memset (ipad, 0x36, padsize); - - ret = MHD_gtls_hash_init (algorithm); - if (ret != GNUTLS_HASH_FAILED) - { - ret->key = key; - ret->keysize = keylen; - - if (keylen > 0) - MHD_gnutls_hash (ret, key, keylen); - MHD_gnutls_hash (ret, ipad, padsize); - } - - return ret; -} - -void -MHD_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest) -{ - opaque ret[MAX_HASH_SIZE]; - mac_hd_t td; - opaque opad[48]; - int padsize; - int block; - - padsize = get_padsize (handle->algorithm); - if (padsize == 0) - { - MHD_gnutls_assert (); - return; - } - - memset (opad, 0x5C, padsize); - - td = MHD_gtls_hash_init (handle->algorithm); - if (td != GNUTLS_MAC_FAILED) - { - if (handle->keysize > 0) - MHD_gnutls_hash (td, handle->key, handle->keysize); - - MHD_gnutls_hash (td, opad, padsize); - block = MHD_gnutls_hash_get_algo_len (handle->algorithm); - MHD_gnutls_hash_deinit (handle, ret); /* get the previous hash */ - MHD_gnutls_hash (td, ret, block); - - MHD_gnutls_hash_deinit (td, digest); - } -} - -void -MHD_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, - void *digest, opaque * key, - uint32_t key_size) -{ - opaque ret[MAX_HASH_SIZE]; - mac_hd_t td; - opaque opad[48]; - opaque ipad[48]; - int padsize; - int block; - - padsize = get_padsize (handle->algorithm); - if (padsize == 0) - { - MHD_gnutls_assert (); - return; - } - - memset (opad, 0x5C, padsize); - memset (ipad, 0x36, padsize); - - td = MHD_gtls_hash_init (handle->algorithm); - if (td != GNUTLS_HASH_FAILED) - { - if (key_size > 0) - MHD_gnutls_hash (td, key, key_size); - - MHD_gnutls_hash (td, opad, padsize); - block = MHD_gnutls_hash_get_algo_len (handle->algorithm); - - if (key_size > 0) - MHD_gnutls_hash (handle, key, key_size); - MHD_gnutls_hash (handle, ipad, padsize); - MHD_gnutls_hash_deinit (handle, ret); /* get the previous hash */ - - MHD_gnutls_hash (td, ret, block); - - MHD_gnutls_hash_deinit (td, digest); - } -} - -static int -ssl3_sha (int i, opaque * secret, int secret_len, - opaque * rnd, int rnd_len, void *digest) -{ - int j; - opaque text1[26]; - - GNUTLS_HASH_HANDLE td; - - for (j = 0; j < i + 1; j++) - { - text1[j] = 65 + i; /* A==65 */ - } - - td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); - if (td == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td, text1, i + 1); - MHD_gnutls_hash (td, secret, secret_len); - MHD_gnutls_hash (td, rnd, rnd_len); - - MHD_gnutls_hash_deinit (td, digest); - return 0; -} - -static int -ssl3_md5 (int i, opaque * secret, int secret_len, - opaque * rnd, int rnd_len, void *digest) -{ - opaque tmp[MAX_HASH_SIZE]; - mac_hd_t td; - int ret; - - td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); - if (td == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td, secret, secret_len); - - ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_hash_deinit (td, digest); - return ret; - } - - MHD_gnutls_hash (td, tmp, - MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1)); - - MHD_gnutls_hash_deinit (td, digest); - return 0; -} - -int -MHD_gnutls_ssl3_hash_md5 (void *first, int first_len, - void *second, int second_len, int ret_len, - opaque * ret) -{ - opaque digest[MAX_HASH_SIZE]; - mac_hd_t td; - int block = MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5); - - td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); - if (td == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td, first, first_len); - MHD_gnutls_hash (td, second, second_len); - - MHD_gnutls_hash_deinit (td, digest); - - if (ret_len > block) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - memcpy (ret, digest, ret_len); - - return 0; - -} - -int -MHD_gnutls_ssl3_generate_random (void *secret, int secret_len, - void *rnd, int rnd_len, - int ret_bytes, opaque * ret) -{ - int i = 0, copy, output_bytes; - opaque digest[MAX_HASH_SIZE]; - int block = MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5); - int result, times; - - output_bytes = 0; - do - { - output_bytes += block; - } - while (output_bytes < ret_bytes); - - times = output_bytes / block; - - for (i = 0; i < times; i++) - { - - result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - if ((1 + i) * block < ret_bytes) - { - copy = block; - } - else - { - copy = ret_bytes - (i) * block; - } - - memcpy (&ret[i * block], digest, copy); - } - - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_hash_int.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_hash_int.h deleted file mode 100644 index bd3dec2987..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_hash_int.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_HASH_INT_H -# define GNUTLS_HASH_INT_H - -#include <gnutls_int.h> - -/* for message digests */ - -typedef struct -{ - MHD_gc_hash_handle handle; - enum MHD_GNUTLS_HashAlgorithm algorithm; - const void *key; - int keysize; -} mac_hd_st; -typedef mac_hd_st *mac_hd_t; -typedef mac_hd_t GNUTLS_HASH_HANDLE; - -#define GNUTLS_HASH_FAILED NULL -#define GNUTLS_MAC_FAILED NULL - -mac_hd_t MHD_gtls_MHD_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm, - const void *key, int keylen); - -void MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest); - -mac_hd_t MHD_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, - void *key, int keylen); -void MHD_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest); - -GNUTLS_HASH_HANDLE MHD_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm - algorithm); -int MHD_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm); -int MHD_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, - size_t textlen); -void MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest); - -int MHD_gnutls_ssl3_generate_random (void *secret, int secret_len, - void *rnd, int random_len, int bytes, - opaque * ret); -int MHD_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second, - int second_len, int ret_len, opaque * ret); - -void MHD_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest, - opaque * key, uint32_t key_size); - -GNUTLS_HASH_HANDLE MHD_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle); - -#endif /* GNUTLS_HASH_INT_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_int.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_int.h deleted file mode 100644 index 25a861ed21..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_int.h +++ /dev/null @@ -1,642 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_INT_H -#define GNUTLS_INT_H - -#include <defines.h> - -#include "gnutls.h" -#include "microhttpd.h" - -#include "gnutls_mem.h" - -/* FIXME: delete this once opencdk has reentrant keyring functions - */ -#define KEYRING_HACK - -#ifndef MAX -#define MAX(X,Y) ((X) > (Y) ? (X) : (Y)) -#endif - -#define MAX32 4294967295 -#define MAX24 16777215 -#define MAX16 65535 - -/* The size of a handshake message should not - * be larger than this value. - */ -#define MAX_HANDSHAKE_PACKET_SIZE 48*1024 - -#define TLS_RANDOM_SIZE 32 -#define TLS_MAX_SESSION_ID_SIZE 32 -#define TLS_MASTER_SIZE 48 - -/* The maximum digest size of hash algorithms. - */ -#define MAX_HASH_SIZE 64 - -#define MAX_LOG_SIZE 1024 /* maximum size of log message */ -#define MAX_SERVER_NAME_SIZE 128 - -/* we can receive up to MAX_EXT_TYPES extensions. - */ -#define MAX_EXT_TYPES 64 - -/* The initial size of the receive - * buffer size. This will grow if larger - * packets are received. - */ -#define INITIAL_RECV_BUFFER_SIZE 256 - -/* the default for TCP */ -#define DEFAULT_LOWAT 1 - -/* expire time for resuming sessions */ -#define DEFAULT_EXPIRE_TIME 3600 - -/* the maximum size of encrypted packets */ -#define DEFAULT_MAX_RECORD_SIZE 16384 -#define RECORD_HEADER_SIZE 5 -#define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size -#define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size -#define MAX_PAD_SIZE 255 -#define EXTRA_COMP_SIZE 2048 -#define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE -#define MAX_RECV_SIZE MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE - -#define HANDSHAKE_HEADER_SIZE 4 - -/* defaults for verification functions - */ -#define DEFAULT_VERIFY_DEPTH 32 -#define DEFAULT_VERIFY_BITS 16*1024 - -#define DECR_LEN(len, x) do { len-=x; if (len<0) {MHD_gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0) -#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {MHD_gnutls_assert(); return RET;} } while (0) -#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {MHD_gnutls_assert(); COM;} } while (0) - -#define HASH2MAC(x) ((enum MHD_GNUTLS_HashAlgorithm)x) - -/* TODO rm */ -/* Additional cast to bring void* to a type castable to int. */ -#define GNUTLS_POINTER_TO_INT_CAST (long) - -#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_)) -#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_)) - -typedef unsigned char opaque; -typedef struct -{ - opaque pint[3]; -} uint24; - -#include <gnutls_mpi.h> - -typedef enum change_cipher_spec_t -{ - GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1 -} change_cipher_spec_t; - -typedef enum handshake_state_t -{ - STATE0 = 0, STATE1, STATE2, - STATE3, STATE4, STATE5, - STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, - STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62, - STATE70, STATE71 -} handshake_state_t; - -#include <gnutls_str.h> - -typedef MHD_gtls_string MHD_gtls_buffer; - -#define MHD_gtls_buffer_init(buf) MHD_gtls_string_init(buf, MHD_gnutls_malloc, MHD_gnutls_realloc, MHD_gnutls_free); -#define MHD_gtls_buffer_clear MHD_gtls_string_clear -#define MHD_gtls_buffer_append MHD_gtls_string_append_data - -/* This is the maximum number of algorithms (ciphers or macs etc). - * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h - */ -#define MAX_ALGOS 16 - -#define MAX_CIPHERSUITES 256 - -typedef enum extensions_t -{ GNUTLS_EXTENSION_SERVER_NAME = 0, - GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1, - GNUTLS_EXTENSION_CERT_TYPE = 9, - GNUTLS_EXTENSION_SRP = 12, - GNUTLS_EXTENSION_INNER_APPLICATION = 37703 -} extensions_t; - -typedef enum -{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t; - -typedef enum valid_session_t -{ VALID_TRUE, VALID_FALSE } valid_session_t; -typedef enum resumable_session_t -{ RESUME_TRUE, - RESUME_FALSE -} resumable_session_t; - -/* Record Protocol */ -typedef enum content_type_t -{ - GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT, - GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA, - GNUTLS_INNER_APPLICATION = 24 -} content_type_t; - -#define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1 -#define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2 - -/* STATE (stop) */ - -typedef void (*LOG_FUNC) (int, const char *); - -/* Store & Retrieve functions defines: */ -typedef struct MHD_gtls_auth_cred_st -{ - enum MHD_GNUTLS_CredentialsType algorithm; - - /* the type of credentials depends on algorithm - */ - void *credentials; - struct MHD_gtls_auth_cred_st *next; -} auth_cred_st; - -struct MHD_gtls_key -{ - /* For DH KX */ - MHD_gnutls_datum_t key; - mpi_t KEY; - mpi_t client_Y; - mpi_t client_g; - mpi_t client_p; - mpi_t dh_secret; - /* for SRP */ - mpi_t A; - mpi_t B; - mpi_t u; - mpi_t b; - mpi_t a; - mpi_t x; - /* RSA: e, m - */ - mpi_t rsa[2]; - - /* this is used to hold the peers authentication data - */ - /* auth_info_t structures SHOULD NOT contain malloced - * elements. Check MHD_gnutls_session_pack.c, and MHD_gnutls_auth.c. - * Rememember that this should be calloced! - */ - void *auth_info; - enum MHD_GNUTLS_CredentialsType auth_info_type; - int auth_info_size; /* needed in order to store to db for restoring - */ - uint8_t crypt_algo; - - auth_cred_st *cred; /* used to specify keys/certificates etc */ - - int certificate_requested; - /* some ciphersuites use this - * to provide client authentication. - * 1 if client auth was requested - * by the peer, 0 otherwise - *** In case of a server this - * holds 1 if we should wait - * for a client certificate verify - */ -}; -typedef struct MHD_gtls_key *MHD_gtls_key_st; - -/* STATE (cont) */ -#include <gnutls_hash_int.h> -#include <gnutls_cipher_int.h> -#include <gnutls_cert.h> - -typedef struct -{ - uint8_t suite[2]; -} cipher_suite_st; - -/* This structure holds parameters got from TLS extension - * mechanism. (some extensions may hold parameters in auth_info_t - * structures also - see SRP). - */ -typedef struct -{ - opaque name[MAX_SERVER_NAME_SIZE]; - unsigned name_length; - MHD_gnutls_server_name_type_t type; -} server_name_st; - -#define MAX_SERVER_NAME_EXTENSIONS 3 -typedef struct -{ - server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS]; - /* limit server_name extensions */ - unsigned server_names_size; - - /* TLS/IA data. */ - int MHD_gnutls_ia_enable, MHD_gnutls_ia_peer_enable; - int MHD_gnutls_ia_allowskip, MHD_gnutls_ia_peer_allowskip; - - /* Used by extensions that enable supplemental data. */ - int do_recv_supplemental, do_send_supplemental; - -} MHD_gtls_ext_st; - -/* This flag indicates for an extension whether - * it is useful to application level or TLS level only. - * This is used to parse the application level extensions - * before the user_hello callback is called. - */ -typedef enum tls_ext_parse_type_t -{ - EXTENSION_ANY, - EXTENSION_APPLICATION, - EXTENSION_TLS -} MHD_gtls_ext_parse_type_t; - -/* auth_info_t structures now MAY contain malloced - * elements. - */ - -/* This structure and auth_info_t, are stored in the resume database, - * and are restored, in case of resume. - * Holds all the required parameters to resume the current - * session. - */ - -/* if you add anything in Security_Parameters struct, then - * also modify CPY_COMMON in MHD_gnutls_constate.c - */ - -/* Note that the security parameters structure is set up after the - * handshake has finished. The only value you may depend on while - * the handshake is in progress is the cipher suite value. - */ -typedef struct -{ - MHD_gnutls_connection_end_t entity; - enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm; - /* we've got separate write/read bulk/macs because - * there is a time in handshake where the peer has - * null cipher and we don't - */ - enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm; - enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm; - enum MHD_GNUTLS_CompressionMethod read_compression_algorithm; - - enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm; - enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm; - enum MHD_GNUTLS_CompressionMethod write_compression_algorithm; - - /* this is the ciphersuite we are going to use - * moved here from internals in order to be restored - * on resume; - */ - cipher_suite_st current_cipher_suite; - opaque master_secret[TLS_MASTER_SIZE]; - opaque client_random[TLS_RANDOM_SIZE]; - opaque server_random[TLS_RANDOM_SIZE]; - opaque session_id[TLS_MAX_SESSION_ID_SIZE]; - uint8_t session_id_size; - time_t timestamp; - MHD_gtls_ext_st extensions; - - /* The send size is the one requested by the programmer. - * The recv size is the one negotiated with the peer. - */ - uint16_t max_record_send_size; - uint16_t max_record_recv_size; - /* holds the negotiated certificate type */ - enum MHD_GNUTLS_CertificateType cert_type; - enum MHD_GNUTLS_Protocol version; /* moved here */ - /* For TLS/IA. XXX: Move to IA credential? */ - opaque inner_secret[TLS_MASTER_SIZE]; -} MHD_gtls_security_param_st; - -/* This structure holds the generated keys - */ -typedef struct -{ - MHD_gnutls_datum_t server_write_mac_secret; - MHD_gnutls_datum_t client_write_mac_secret; - MHD_gnutls_datum_t server_write_IV; - MHD_gnutls_datum_t client_write_IV; - MHD_gnutls_datum_t server_write_key; - MHD_gnutls_datum_t client_write_key; - int generated_keys; /* zero if keys have not - * been generated. Non zero - * otherwise. - */ -} MHD_gtls_cipher_specs_st; - -typedef struct -{ - cipher_hd_t write_cipher_state; - cipher_hd_t read_cipher_state; - MHD_gnutls_datum_t read_mac_secret; - MHD_gnutls_datum_t write_mac_secret; - uint64 read_sequence_number; - uint64 write_sequence_number; -} MHD_gtls_conn_stat_st; - -typedef struct -{ - unsigned int priority[MAX_ALGOS]; - unsigned int num_algorithms; -} MHD_gtls_priority_st; - -/* For the external api */ -struct MHD_gtls_priority_st -{ - MHD_gtls_priority_st cipher; - MHD_gtls_priority_st mac; - MHD_gtls_priority_st kx; - MHD_gtls_priority_st compression; - MHD_gtls_priority_st protocol; - - /* certificate type : x509, OpenPGP, etc. */ - MHD_gtls_priority_st cert_type; - - /* to disable record padding */ - int no_padding; -}; - -/* DH and RSA parameters types. - */ -typedef struct MHD_gtls_dh_params_int -{ - /* [0] is the prime, [1] is the generator. - */ - mpi_t params[2]; -} MHD_gtls_dh_params_st; - -typedef struct -{ - MHD_gtls_dh_params_t dh_params; - int free_dh_params; - MHD_gtls_rsa_params_t rsa_params; - int free_rsa_params; -} MHD_gtls_internal_params_st; - -typedef struct -{ - opaque header[HANDSHAKE_HEADER_SIZE]; - /* this holds the number of bytes in the handshake_header[] */ - size_t header_size; - /* this holds the length of the handshake packet */ - size_t packet_length; - MHD_gnutls_handshake_description_t recv_type; -} MHD_gtls_handshake_header_buffer_st; - -typedef struct -{ - MHD_gtls_buffer application_data_buffer; /* holds data to be delivered to application layer */ - MHD_gtls_buffer handshake_hash_buffer; /* used to keep the last received handshake - * message */ - mac_hd_t handshake_mac_handle_sha; /* hash of the handshake messages */ - mac_hd_t handshake_mac_handle_md5; /* hash of the handshake messages */ - - MHD_gtls_buffer handshake_data_buffer; /* this is a buffer that holds the current handshake message */ - MHD_gtls_buffer ia_data_buffer; /* holds inner application data (TLS/IA) */ - resumable_session_t resumable; /* TRUE or FALSE - if we can resume that session */ - handshake_state_t handshake_state; /* holds - * a number which indicates where - * the handshake procedure has been - * interrupted. If it is 0 then - * no interruption has happened. - */ - - valid_session_t valid_connection; /* true or FALSE - if this session is valid */ - - int may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write - */ - int may_not_write; - int read_eof; /* non-zero if we have received a closure alert. */ - - int last_alert; /* last alert received */ - int last_alert_level; /* last alert level */ - - /* The last handshake messages sent or received. - */ - int last_handshake_in; - int last_handshake_out; - - /* this is the compression method we are going to use */ - enum MHD_GNUTLS_CompressionMethod compression_method; - - /* priorities */ - struct MHD_gtls_priority_st priorities; - - /* resumed session */ - resumable_session_t resumed; /* RESUME_TRUE or FALSE - if we are resuming a session */ - MHD_gtls_security_param_st resumed_security_parameters; - - /* sockets internals */ - int lowat; - - /* These buffers are used in the handshake - * protocol only. freed using MHD__gnutls_handshake_io_buffer_clear(); - */ - MHD_gtls_buffer handshake_send_buffer; - size_t handshake_send_buffer_prev_size; - content_type_t handshake_send_buffer_type; - MHD_gnutls_handshake_description_t handshake_send_buffer_htype; - content_type_t handshake_recv_buffer_type; - MHD_gnutls_handshake_description_t handshake_recv_buffer_htype; - MHD_gtls_buffer handshake_recv_buffer; - - /* this buffer holds a record packet -mostly used for - * non blocking IO. - */ - MHD_gtls_buffer record_recv_buffer; - MHD_gtls_buffer record_send_buffer; /* holds cached data - * for the MHD_gnutls_io_write_buffered() - * function. - */ - size_t record_send_buffer_prev_size; /* holds the - * data written in the previous runs. - */ - size_t record_send_buffer_user_size; /* holds the - * size of the user specified data to - * send. - */ - - /* 0 if no peeked data was kept, 1 otherwise. - */ - int have_peeked_data; - - int expire_time; /* after expire_time seconds this session will expire */ - struct MHD_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ - - /* TODO rm */ - int v2_hello; /* 0 if the client hello is v3+. - * non-zero if we got a v2 hello. - */ - /* keeps the headers of the handshake packet - */ - MHD_gtls_handshake_header_buffer_st handshake_header_buffer; - - /* this is the highest version available - * to the peer. (advertized version). - * This is obtained by the Handshake Client Hello - * message. (some implementations read the Record version) - */ - uint8_t adv_version_major; - uint8_t adv_version_minor; - - /* if this is non zero a certificate request message - * will be sent to the client. - only if the ciphersuite - * supports it. - */ - int send_cert_req; - - /* bits to use for DHE and DHA - * use MHD__gnutls_dh_get_prime_bits() and MHD__gnutls_dh_set_prime_bits() - * to access it. - */ - uint16_t dh_prime_bits; - - size_t max_handshake_data_buffer_size; - - /* PUSH & PULL functions. - */ - MHD_gtls_pull_func MHD__gnutls_pull_func; - MHD_gtls_push_func MHD__gnutls_push_func; - /* Holds the first argument of PUSH and PULL - * functions; - */ - MHD_gnutls_transport_ptr_t transport_recv_ptr; - MHD_gnutls_transport_ptr_t transport_send_ptr; - - /* Holds the record size requested by the - * user. - */ - uint16_t proposed_record_size; - - /* holds the selected certificate and key. - * use MHD_gtls_selected_certs_deinit() and MHD_gtls_selected_certs_set() - * to change them. - */ - MHD_gnutls_cert *selected_cert_list; - int selected_cert_list_length; - MHD_gnutls_privkey *selected_key; - int selected_need_free; - - /* holds the extensions we sent to the peer - * (in case of a client) - */ - uint16_t extensions_sent[MAX_EXT_TYPES]; - uint16_t extensions_sent_size; - - /* This holds the default version that our first - * record packet will have. */ - opaque default_record_version[2]; - - void *user_ptr; - - /* Holds 0 if the last called function was interrupted while - * receiving, and non zero otherwise. - */ - int direction; - - /* If non zero the server will not advertize the CA's he - * trusts (do not send an RDN sequence). - */ - int ignore_rdn_sequence; - - /* This is used to set an arbitary version in the RSA - * PMS secret. Can be used by clients to test whether the - * server checks that version. (** only used in gnutls-cli-debug) - */ - opaque rsa_pms_version[2]; - - /* Here we cache the DH or RSA parameters got from the - * credentials structure, or from a callback. That is to - * minimize external calls. - */ - MHD_gtls_internal_params_st params; - - /* This buffer is used by the record recv functions, - * as a temporary store buffer. - */ - MHD_gnutls_datum_t recv_buffer; - - /* To avoid using global variables, and especially on Windows where - * the application may use a different errno variable than GnuTLS, - * it is possible to use MHD__gnutls_transport_set_errno to set a - * session-specific errno variable in the user-replaceable push/pull - * functions. This value is used by the send/recv functions. (The - * strange name of this variable is because 'errno' is typically - * #define'd.) - */ - int errnum; - - /* Function used to perform public-key signing operation during - handshake. Used by MHD_gnutls_sig.c:MHD__gnutls_tls_sign(), see also - MHD_gtls_sign_callback_set(). */ - MHD_gnutls_sign_func sign_func; - void *sign_func_userdata; - - /* If you add anything here, check MHD_gtls_handshake_internal_state_clear(). - */ -} MHD_gtls_internals_st; - -struct MHD_gtls_session_int -{ - MHD_gtls_security_param_st security_parameters; - MHD_gtls_cipher_specs_st cipher_specs; - MHD_gtls_conn_stat_st connection_state; - MHD_gtls_internals_st internals; - MHD_gtls_key_st key; -}; - -/* functions */ -void MHD_gtls_set_current_version (MHD_gtls_session_t session, - enum MHD_GNUTLS_Protocol version); - -void MHD_gtls_free_auth_info (MHD_gtls_session_t session); - -/* These two macros return the advertized TLS version of - * the peer. - */ -#define MHD__gnutls_get_adv_version_major( session) \ - session->internals.adv_version_major - -#define MHD__gnutls_get_adv_version_minor( session) \ - session->internals.adv_version_minor - -#define set_adv_version( session, major, minor) \ - session->internals.adv_version_major = major; \ - session->internals.adv_version_minor = minor - -enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t); - -#endif /* GNUTLS_INT_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_kx.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_kx.c deleted file mode 100644 index a4041e390a..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_kx.c +++ /dev/null @@ -1,726 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2004, 2005, 2006 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains functions which are wrappers for the key exchange - * part of TLS. They are called by the handshake functions (MHD__gnutls_handshake) - */ - -#include "gnutls_int.h" -#include "gnutls_handshake.h" -#include "gnutls_kx.h" -#include "gnutls_dh.h" -#include "gnutls_errors.h" -#include "gnutls_algorithms.h" -#include "debug.h" -#include "gnutls_mpi.h" -#include <gnutls_state.h> -#include <gnutls_datum.h> -#include <gnutls_rsa_export.h> - -/* This file contains important thing for the TLS handshake procedure. - */ - -#define MASTER_SECRET "master secret" -static int generate_normal_master (MHD_gtls_session_t session, int); - -int -MHD_gtls_generate_master (MHD_gtls_session_t session, int keep_premaster) -{ - if (session->internals.resumed == RESUME_FALSE) - return generate_normal_master (session, keep_premaster); - return 0; -} - -/* here we generate the TLS Master secret. - */ -#define PREMASTER session->key->key -static int -generate_normal_master (MHD_gtls_session_t session, int keep_premaster) -{ - int ret = 0; - char buf[512]; - - MHD__gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, - MHD_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf, - sizeof (buf))); - MHD__gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, - MHD_gtls_bin2hex (session->security_parameters. - client_random, 32, buf, - sizeof (buf))); - MHD__gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, - MHD_gtls_bin2hex (session->security_parameters. - server_random, 32, buf, - sizeof (buf))); - - if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3) - { - opaque rnd[2 * TLS_RANDOM_SIZE + 1]; - - memcpy (rnd, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - memcpy (&rnd[TLS_RANDOM_SIZE], - session->security_parameters.server_random, TLS_RANDOM_SIZE); - - ret = - MHD_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, - rnd, 2 * TLS_RANDOM_SIZE, - TLS_MASTER_SIZE, - session->security_parameters. - master_secret); - - } - else - { - opaque rnd[2 * TLS_RANDOM_SIZE + 1]; - - memcpy (rnd, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - memcpy (&rnd[TLS_RANDOM_SIZE], - session->security_parameters.server_random, TLS_RANDOM_SIZE); - - ret = - MHD_gtls_PRF (session, PREMASTER.data, PREMASTER.size, - MASTER_SECRET, strlen (MASTER_SECRET), - rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE, - session->security_parameters.master_secret); - } - - /* TLS/IA inner secret is derived from the master secret. */ - memcpy (session->security_parameters.inner_secret, - session->security_parameters.master_secret, TLS_MASTER_SIZE); - - if (!keep_premaster) - MHD__gnutls_free_datum (&PREMASTER); - - if (ret < 0) - return ret; - - MHD__gnutls_hard_log ("INT: MASTER SECRET: %s\n", - MHD_gtls_bin2hex (session->security_parameters. - master_secret, TLS_MASTER_SIZE, buf, - sizeof (buf))); - - return ret; -} - - -/* This is called when we want to receive the key exchange message of the - * server. It does nothing if this type of message is not required - * by the selected ciphersuite. - */ -int -MHD_gtls_send_server_kx_message (MHD_gtls_session_t session, int again) -{ - uint8_t *data = NULL; - int data_size = 0; - int ret = 0; - - if (session->internals.auth_struct->MHD_gtls_gen_server_kx == NULL) - return 0; - - data = NULL; - data_size = 0; - - if (again == 0) - { - data_size = - session->internals.auth_struct->MHD_gtls_gen_server_kx (session, - &data); - - if (data_size == GNUTLS_E_INT_RET_0) - { - MHD_gnutls_assert (); - return 0; - } - - if (data_size < 0) - { - MHD_gnutls_assert (); - return data_size; - } - } - - ret = - MHD_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); - MHD_gnutls_free (data); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - return data_size; -} - -/* This function sends a certificate request message to the - * client. - */ -int -MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session, - int again) -{ - uint8_t *data = NULL; - int data_size = 0; - int ret = 0; - - if (session->internals.auth_struct-> - MHD_gtls_gen_server_certificate_request == NULL) - return 0; - - if (session->internals.send_cert_req <= 0) - return 0; - - data = NULL; - data_size = 0; - - if (again == 0) - { - data_size = - session->internals.auth_struct-> - MHD_gtls_gen_server_certificate_request (session, &data); - - if (data_size < 0) - { - MHD_gnutls_assert (); - return data_size; - } - } - ret = - MHD_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); - MHD_gnutls_free (data); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - return data_size; -} - - -/* This is the function for the client to send the key - * exchange message - */ -int -MHD_gtls_send_client_kx_message (MHD_gtls_session_t session, int again) -{ - uint8_t *data; - int data_size; - int ret = 0; - - if (session->internals.auth_struct->MHD_gtls_gen_client_kx == NULL) - return 0; - - - data = NULL; - data_size = 0; - - if (again == 0) - { - data_size = - session->internals.auth_struct->MHD_gtls_gen_client_kx (session, - &data); - if (data_size < 0) - { - MHD_gnutls_assert (); - return data_size; - } - } - ret = - MHD_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); - MHD_gnutls_free (data); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return ret; -} - - -/* This is the function for the client to send the certificate - * verify message - */ -int -MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session, - int again) -{ - uint8_t *data; - int ret = 0; - int data_size; - - /* This is a packet that is only sent by the client - */ - if (session->security_parameters.entity == GNUTLS_SERVER) - return 0; - - /* if certificate verify is not needed just exit - */ - if (session->key->certificate_requested == 0) - return 0; - - if (session->internals.auth_struct->MHD_gtls_gen_client_cert_vrfy == NULL) - { - MHD_gnutls_assert (); - return 0; /* this algorithm does not support cli_cert_vrfy - */ - } - - data = NULL; - data_size = 0; - - if (again == 0) - { - data_size = - session->internals.auth_struct-> - MHD_gtls_gen_client_cert_vrfy (session, &data); - if (data_size < 0) - { - MHD_gnutls_assert (); - return data_size; - } - if (data_size == 0) - return 0; - - } - ret = - MHD_gtls_send_handshake (session, data, - data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); - MHD_gnutls_free (data); - - return ret; -} - - -int -MHD_gtls_recv_server_kx_message (MHD_gtls_session_t session) -{ - uint8_t *data = NULL; - int datasize; - int ret = 0; - - if (session->internals.auth_struct->MHD_gtls_process_server_kx != NULL) - { - - /* EXCEPTION FOR RSA_EXPORT cipher suite - */ - if (MHD_gtls_session_is_export (session) != 0 && - MHD__gnutls_peers_cert_less_512 (session) != 0) - { - MHD_gnutls_assert (); - return 0; - } - - ret = - MHD_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, - MANDATORY_PACKET); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = - session->internals.auth_struct->MHD_gtls_process_server_kx (session, - data, - datasize); - MHD_gnutls_free (data); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - } - return ret; -} - -int -MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session) -{ - uint8_t *data; - int datasize; - int ret = 0; - - if (session->internals.auth_struct-> - MHD_gtls_process_server_certificate_request != NULL) - { - - ret = - MHD_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, - OPTIONAL_PACKET); - if (ret < 0) - return ret; - - if (ret == 0 && datasize == 0) - return 0; /* ignored */ - - ret = - session->internals.auth_struct-> - MHD_gtls_process_server_certificate_request (session, data, datasize); - MHD_gnutls_free (data); - if (ret < 0) - return ret; - - } - return ret; -} - -int -MHD_gtls_recv_client_kx_message (MHD_gtls_session_t session) -{ - uint8_t *data; - int datasize; - int ret = 0; - - - /* Do key exchange only if the algorithm permits it */ - if (session->internals.auth_struct->MHD_gtls_process_client_kx != NULL) - { - - ret = - MHD_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, - MANDATORY_PACKET); - if (ret < 0) - return ret; - - ret = - session->internals.auth_struct->MHD_gtls_process_client_kx (session, - data, - datasize); - MHD_gnutls_free (data); - if (ret < 0) - return ret; - - } - - return ret; -} - - -/* This is called when we want send our certificate - */ -int -MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again) -{ - uint8_t *data = NULL; - int data_size = 0; - int ret = 0; - - - if (session->key->certificate_requested == 0) - return 0; - - if (session->internals.auth_struct->MHD_gtls_gen_client_certificate == NULL) - return 0; - - data = NULL; - data_size = 0; - - if (again == 0) - { - if (MHD__gnutls_protocol_get_version (session) != - MHD_GNUTLS_PROTOCOL_SSL3 - || session->internals.selected_cert_list_length > 0) - { - /* TLS 1.0 or SSL 3.0 with a valid certificate - */ - data_size = - session->internals.auth_struct-> - MHD_gtls_gen_client_certificate (session, &data); - - if (data_size < 0) - { - MHD_gnutls_assert (); - return data_size; - } - } - } - - /* In the SSL 3.0 protocol we need to send a - * no certificate alert instead of an - * empty certificate. - */ - if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3 - && session->internals.selected_cert_list_length == 0) - { - ret = - MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING, - GNUTLS_A_SSL3_NO_CERTIFICATE); - - } - else - { /* TLS 1.0 or SSL 3.0 with a valid certificate - */ - ret = - MHD_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - MHD_gnutls_free (data); - } - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return data_size; -} - - -/* This is called when we want send our certificate - */ -int -MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again) -{ - uint8_t *data = NULL; - int data_size = 0; - int ret = 0; - - - if (session->internals.auth_struct->MHD_gtls_gen_server_certificate == NULL) - return 0; - - data = NULL; - data_size = 0; - - if (again == 0) - { - data_size = - session->internals.auth_struct-> - MHD_gtls_gen_server_certificate (session, &data); - - if (data_size < 0) - { - MHD_gnutls_assert (); - return data_size; - } - } - ret = - MHD_gtls_send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); - MHD_gnutls_free (data); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return data_size; -} - - -int -MHD_gtls_recv_client_certificate (MHD_gtls_session_t session) -{ - int datasize; - opaque *data; - int ret = 0; - int optional; - - if (session->internals.auth_struct->MHD_gtls_process_client_certificate != - NULL) - { - - /* if we have not requested a certificate then just return - */ - if (session->internals.send_cert_req == 0) - { - return 0; - } - - if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) - optional = MANDATORY_PACKET; - else - optional = OPTIONAL_PACKET; - - ret = - MHD_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); - - if (ret < 0) - { - /* Handle the case of old SSL3 clients who send - * a warning alert instead of an empty certificate to indicate - * no certificate. - */ - if (optional == OPTIONAL_PACKET && - ret == GNUTLS_E_WARNING_ALERT_RECEIVED && - MHD__gnutls_protocol_get_version (session) == - MHD_GNUTLS_PROTOCOL_SSL3 - && MHD_gnutls_alert_get (session) == - GNUTLS_A_SSL3_NO_CERTIFICATE) - { - - /* SSL3 does not send an empty certificate, - * but this alert. So we just ignore it. - */ - MHD_gnutls_assert (); - return 0; - } - - /* certificate was required - */ - if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - && optional == MANDATORY_PACKET) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - return ret; - } - - if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET) - { - /* Client has not sent the certificate message. - * well I'm not sure we should accept this - * behaviour. - */ - MHD_gnutls_assert (); - return 0; - } - ret = - session->internals.auth_struct-> - MHD_gtls_process_client_certificate (session, data, datasize); - - MHD_gnutls_free (data); - if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) - { - MHD_gnutls_assert (); - return ret; - } - - /* ok we should expect a certificate verify message now - */ - if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) - ret = 0; - else - session->key->certificate_requested = 1; - - } - - return ret; -} - -int -MHD_gtls_recv_server_certificate (MHD_gtls_session_t session) -{ - int datasize; - opaque *data; - int ret = 0; - - if (session->internals.auth_struct->MHD_gtls_process_server_certificate != - NULL) - { - - ret = - MHD_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, - MANDATORY_PACKET); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = - session->internals.auth_struct-> - MHD_gtls_process_server_certificate (session, data, datasize); - MHD_gnutls_free (data); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - - return ret; -} - - -/* Recv the client certificate verify. This packet may not - * arrive if the peer did not send us a certificate. - */ -int -MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t session) -{ - uint8_t *data; - int datasize; - int ret = 0; - - - if (session->internals.auth_struct->MHD_gtls_process_client_cert_vrfy != - NULL) - { - - if (session->internals.send_cert_req == 0 || - session->key->certificate_requested == 0) - { - return 0; - } - - ret = - MHD_gtls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, - OPTIONAL_PACKET); - if (ret < 0) - return ret; - - if (ret == 0 && datasize == 0 - && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) - { - /* certificate was required */ - MHD_gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - ret = - session->internals.auth_struct-> - MHD_gtls_process_client_cert_vrfy (session, data, datasize); - MHD_gnutls_free (data); - if (ret < 0) - return ret; - - } - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_kx.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_kx.h deleted file mode 100644 index 92144615f5..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_kx.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD_gtls_send_server_kx_message (MHD_gtls_session_t session, int again); -int MHD_gtls_send_client_kx_message (MHD_gtls_session_t session, int again); -int MHD_gtls_recv_server_kx_message (MHD_gtls_session_t session); -int MHD_gtls_recv_client_kx_message (MHD_gtls_session_t session); -int MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session, - int again); -int MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again); -int MHD_gtls_generate_master (MHD_gtls_session_t session, int keep_premaster); -int MHD_gtls_recv_client_certificate (MHD_gtls_session_t session); -int MHD_gtls_recv_server_certificate (MHD_gtls_session_t session); -int MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again); -int MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session); -int MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session, - int again); -int MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t - session); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mem.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mem.c deleted file mode 100644 index 44f1ccf5fc..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mem.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_num.h> - -MHD_gnutls_alloc_function MHD_gnutls_secure_malloc = malloc; -MHD_gnutls_alloc_function MHD_gnutls_malloc = malloc; -MHD_gnutls_free_function MHD_gnutls_free = free; -MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc; - -void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc; - -int -MHD__gnutls_is_secure_mem_null (const void *ign) -{ - return 0; -} - -int (*MHD__gnutls_is_secure_memory) (const void *) = - MHD__gnutls_is_secure_mem_null; - - - -/* This realloc will free ptr in case realloc - * fails. - */ -void * -MHD_gtls_realloc_fast (void *ptr, size_t size) -{ - void *ret; - - if (size == 0) - return ptr; - - ret = MHD_gnutls_realloc (ptr, size); - if (ret == NULL) - { - MHD_gnutls_free (ptr); - } - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mem.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mem.h deleted file mode 100644 index 0ea84a1089..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mem.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_MEM_H -# define GNUTLS_MEM_H - -#ifdef USE_DMALLOC -# include <dmalloc.h> -#endif - -typedef void svoid; /* for functions that allocate using MHD_gnutls_secure_malloc */ - -#ifdef HAVE_ALLOCA -# ifdef HAVE_ALLOCA_H -# include <alloca.h> -# endif -# ifndef MHD_gnutls_alloca -# define MHD_gnutls_alloca alloca -# define MHD_gnutls_afree(x) -# endif -#else -# ifndef MHD_gnutls_alloca -# define MHD_gnutls_alloca MHD_gnutls_malloc -# define MHD_gnutls_afree MHD_gnutls_free -# endif -#endif /* HAVE_ALLOCA */ - -extern int (*MHD__gnutls_is_secure_memory) (const void *); - -/* this realloc function will return ptr if size==0, and - * will free the ptr if the new allocation failed. - */ -void *MHD_gtls_realloc_fast (void *ptr, size_t size); - -svoid *MHD_gtls_secure_calloc (size_t nmemb, size_t size); - -void *MHD_gtls_calloc (size_t nmemb, size_t size); -char *MHD_gtls_strdup (const char *); - -#endif /* GNUTLS_MEM_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mpi.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mpi.c deleted file mode 100644 index 5a4e25a4c4..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mpi.c +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Here lie everything that has to do with large numbers, libgcrypt and - * other stuff that didn't fit anywhere else. - */ - -#include <gnutls_int.h> -#include <libtasn1.h> -#include <gnutls_errors.h> -#include <gnutls_num.h> - -/* Functions that refer to the libgcrypt library. - */ - -void -MHD_gtls_mpi_release (mpi_t * x) -{ - if (*x == NULL) - return; - gcry_mpi_release (*x); - *x = NULL; -} - -/* returns zero on success - */ -int -MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) -{ - int ret; - - ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes); - if (ret) - return GNUTLS_E_MPI_SCAN_FAILED; - - return 0; -} - -/* returns zero on success. Fails if the number is zero. - */ -int -MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes) -{ - int ret; - - ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes); - if (ret) - return GNUTLS_E_MPI_SCAN_FAILED; - - /* MPIs with 0 bits are illegal - */ - if (MHD__gnutls_mpi_get_nbits (*ret_mpi) == 0) - { - MHD_gtls_mpi_release (ret_mpi); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - return 0; -} - -int -MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a) -{ - int ret; - - if (nbytes == NULL || a == NULL) - return GNUTLS_E_INVALID_REQUEST; - - ret = gcry_mpi_print (GCRYMPI_FMT_USG, buffer, *nbytes, nbytes, a); - if (!ret) - return 0; - - return GNUTLS_E_MPI_PRINT_FAILED; -} - -/* Always has the first bit zero */ -static int -MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a) -{ - int ret; - - if (nbytes == NULL || a == NULL) - return GNUTLS_E_INVALID_REQUEST; - - ret = gcry_mpi_print (GCRYMPI_FMT_STD, buffer, *nbytes, nbytes, a); - if (!ret) - return 0; - - return GNUTLS_E_MPI_PRINT_FAILED; -} - -/* Always has the first bit zero */ -int -MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a) -{ - int ret; - opaque *buf = NULL; - size_t bytes = 0; - - if (dest == NULL || a == NULL) - return GNUTLS_E_INVALID_REQUEST; - - gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &bytes, a); - - if (bytes != 0) - buf = MHD_gnutls_malloc (bytes); - if (buf == NULL) - return GNUTLS_E_MEMORY_ERROR; - - ret = gcry_mpi_print (GCRYMPI_FMT_STD, buf, bytes, &bytes, a); - if (!ret) - { - dest->data = buf; - dest->size = bytes; - return 0; - } - - MHD_gnutls_free (buf); - return GNUTLS_E_MPI_PRINT_FAILED; -} - -int -MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a) -{ - int ret; - opaque *buf = NULL; - size_t bytes = 0; - - if (dest == NULL || a == NULL) - return GNUTLS_E_INVALID_REQUEST; - - gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &bytes, a); - - if (bytes != 0) - buf = MHD_gnutls_malloc (bytes); - if (buf == NULL) - return GNUTLS_E_MEMORY_ERROR; - - ret = gcry_mpi_print (GCRYMPI_FMT_USG, buf, bytes, &bytes, a); - if (!ret) - { - dest->data = buf; - dest->size = bytes; - return 0; - } - - MHD_gnutls_free (buf); - return GNUTLS_E_MPI_PRINT_FAILED; -} - - -/* this function reads an integer - * from asn1 structs. Combines the read and mpi_scan - * steps. - */ -int -MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, mpi_t * ret_mpi) -{ - int result; - size_t s_len; - opaque *tmpstr = NULL; - int tmpstr_size; - - tmpstr_size = 0; - result = MHD__asn1_read_value (node, value, NULL, &tmpstr_size); - if (result != ASN1_MEM_ERROR) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - tmpstr = MHD_gnutls_alloca (tmpstr_size); - if (tmpstr == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - result = MHD__asn1_read_value (node, value, tmpstr, &tmpstr_size); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (tmpstr); - return MHD_gtls_asn2err (result); - } - - s_len = tmpstr_size; - if (MHD_gtls_mpi_scan (ret_mpi, tmpstr, &s_len) != 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (tmpstr); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - MHD_gnutls_afree (tmpstr); - - return 0; -} - -/* Writes the specified integer into the specified node. - */ -int -MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, - int lz) -{ - opaque *tmpstr; - size_t s_len; - int result; - - s_len = 0; - if (lz) - result = MHD_gtls_mpi_print_lz (NULL, &s_len, mpi); - else - result = MHD_gtls_mpi_print (NULL, &s_len, mpi); - - tmpstr = MHD_gnutls_alloca (s_len); - if (tmpstr == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - if (lz) - result = MHD_gtls_mpi_print_lz (tmpstr, &s_len, mpi); - else - result = MHD_gtls_mpi_print (tmpstr, &s_len, mpi); - - if (result != 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (tmpstr); - return GNUTLS_E_MPI_PRINT_FAILED; - } - - result = MHD__asn1_write_value (node, value, tmpstr, s_len); - - MHD_gnutls_afree (tmpstr); - - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h deleted file mode 100644 index 77b7c9e4ac..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_mpi.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_MPI_H -#define GNUTLS_MPI_H - -# include <gnutls_int.h> -# include <gcrypt.h> -# include "gc.h" - -typedef gcry_mpi_t mpi_t; - -#define MHD__gnutls_mpi_cmp gcry_mpi_cmp -#define MHD__gnutls_mpi_cmp_ui gcry_mpi_cmp_ui -#define MHD__gnutls_mpi_new gcry_mpi_new -#define MHD__gnutls_mpi_snew gcry_mpi_snew -#define MHD__gnutls_mpi_copy gcry_mpi_copy -#define MHD__gnutls_mpi_randomize gcry_mpi_randomize -#define MHD__gnutls_mpi_get_nbits gcry_mpi_get_nbits -#define MHD__gnutls_mpi_powm gcry_mpi_powm -#define MHD__gnutls_mpi_invm gcry_mpi_invm -#define MHD__gnutls_mpi_alloc_like(x) MHD__gnutls_mpi_new(MHD__gnutls_mpi_get_nbits(x)) - -void MHD_gtls_mpi_release (mpi_t * x); - -int MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, - size_t * nbytes); -int MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, - size_t * nbytes); -int MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a); -int MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a); -int MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_num.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_num.c deleted file mode 100644 index 06d2e4eb20..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_num.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains the functions needed for 64 bit integer support in - * TLS, and functions which ease the access to TLS vectors (data of given size). - */ - -#include <gnutls_int.h> -#include <gnutls_num.h> -#include <gnutls_errors.h> - -/* This function will add one to uint64 x. - * Returns 0 on success, or -1 if the uint64 max limit - * has been reached. - */ -int -MHD_gtls_uint64pp (uint64 * x) -{ - register int i, y = 0; - - for (i = 7; i >= 0; i--) - { - y = 0; - if (x->i[i] == 0xff) - { - x->i[i] = 0; - y = 1; - } - else - x->i[i]++; - - if (y == 0) - break; - } - if (y != 0) - return -1; /* over 64 bits! WOW */ - - return 0; -} - -uint32_t -MHD_gtls_uint24touint32 (uint24 num) -{ - uint32_t ret = 0; - - ((uint8_t *) & ret)[1] = num.pint[0]; - ((uint8_t *) & ret)[2] = num.pint[1]; - ((uint8_t *) & ret)[3] = num.pint[2]; - return ret; -} - -uint24 -MHD_gtls_uint32touint24 (uint32_t num) -{ - uint24 ret; - - ret.pint[0] = ((uint8_t *) & num)[1]; - ret.pint[1] = ((uint8_t *) & num)[2]; - ret.pint[2] = ((uint8_t *) & num)[3]; - return ret; - -} - -/* data should be at least 3 bytes */ -uint32_t -MHD_gtls_read_uint24 (const opaque * data) -{ - uint32_t res; - uint24 num; - - num.pint[0] = data[0]; - num.pint[1] = data[1]; - num.pint[2] = data[2]; - - res = MHD_gtls_uint24touint32 (num); -#ifndef WORDS_BIGENDIAN - res = byteswap32 (res); -#endif - return res; -} - -void -MHD_gtls_write_uint24 (uint32_t num, opaque * data) -{ - uint24 tmp; - -#ifndef WORDS_BIGENDIAN - num = byteswap32 (num); -#endif - tmp = MHD_gtls_uint32touint24 (num); - - data[0] = tmp.pint[0]; - data[1] = tmp.pint[1]; - data[2] = tmp.pint[2]; -} - -uint32_t -MHD_gtls_read_uint32 (const opaque * data) -{ - uint32_t res; - - memcpy (&res, data, sizeof (uint32_t)); -#ifndef WORDS_BIGENDIAN - res = byteswap32 (res); -#endif - return res; -} - -void -MHD_gtls_write_uint32 (uint32_t num, opaque * data) -{ - -#ifndef WORDS_BIGENDIAN - num = byteswap32 (num); -#endif - memcpy (data, &num, sizeof (uint32_t)); -} - -uint16_t -MHD_gtls_read_uint16 (const opaque * data) -{ - uint16_t res; - memcpy (&res, data, sizeof (uint16_t)); -#ifndef WORDS_BIGENDIAN - res = byteswap16 (res); -#endif - return res; -} - -void -MHD_gtls_write_uint16 (uint16_t num, opaque * data) -{ - -#ifndef WORDS_BIGENDIAN - num = byteswap16 (num); -#endif - memcpy (data, &num, sizeof (uint16_t)); -} - -uint32_t -MHD_gtls_conv_uint32 (uint32_t data) -{ -#ifndef WORDS_BIGENDIAN - return byteswap32 (data); -#else - return data; -#endif -} - -uint16_t -MHD_gtls_conv_uint16 (uint16_t data) -{ -#ifndef WORDS_BIGENDIAN - return byteswap16 (data); -#else - return data; -#endif -} - -uint32_t -MHD_gtls_uint64touint32 (const uint64 * num) -{ - uint32_t ret; - - memcpy (&ret, &num->i[4], 4); -#ifndef WORDS_BIGENDIAN - ret = byteswap32 (ret); -#endif - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_num.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_num.h deleted file mode 100644 index 3a0f1f88d5..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_num.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> - -#define rotl32(x,n) (((x) << ((uint16_t)(n))) | ((x) >> (32 - (uint16_t)(n)))) -#define rotr32(x,n) (((x) >> ((uint16_t)(n))) | ((x) << (32 - (uint16_t)(n)))) -#define rotl16(x,n) (((x) << ((uint16_t)(n))) | ((x) >> (16 - (uint16_t)(n)))) -#define rotr16(x,n) (((x) >> ((uint16_t)(n))) | ((x) << (16 - (uint16_t)(n)))) - -#define byteswap16(x) ((rotl16(x, 8) & 0x00ff) | (rotr16(x, 8) & 0xff00)) -#define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ffUL) | (rotr32(x, 8) & 0xff00ff00UL)) - -uint32_t MHD_gtls_uint24touint32 (uint24 num); -uint24 MHD_gtls_uint32touint24 (uint32_t num); -uint32_t MHD_gtls_read_uint32 (const opaque * data); -uint16_t MHD_gtls_read_uint16 (const opaque * data); -uint32_t MHD_gtls_conv_uint32 (uint32_t data); -uint16_t MHD_gtls_conv_uint16 (uint16_t data); -uint32_t MHD_gtls_read_uint24 (const opaque * data); -void MHD_gtls_write_uint24 (uint32_t num, opaque * data); -void MHD_gtls_write_uint32 (uint32_t num, opaque * data); -void MHD_gtls_write_uint16 (uint16_t num, opaque * data); -uint32_t MHD_gtls_uint64touint32 (const uint64 *); - -int MHD_gtls_uint64pp (uint64 *); -#define MHD__gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0 -#define UINT64DATA(x) x.i diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_pk.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_pk.c deleted file mode 100644 index f8514cae8a..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_pk.c +++ /dev/null @@ -1,636 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains the functions needed for RSA/DSA public key - * encryption and signatures. - */ - -#include <gnutls_int.h> -#include <gnutls_mpi.h> -#include <gnutls_pk.h> -#include <gnutls_errors.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_num.h> -#include "debug.h" -#include <gc.h> - -/* x509 */ -#include "common.h" -#include "mpi.h" - -static int MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data, - mpi_t * pkey, int pkey_len); -static int MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, - mpi_t * pkey, int); -static int MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, - mpi_t * pkey, int); - - -/* Do PKCS-1 RSA encryption. - * params is modulus, public exp. - */ -int -MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext, - const MHD_gnutls_datum_t * plaintext, - mpi_t * params, unsigned params_len, - unsigned btype) -{ - unsigned int i, pad; - int ret; - mpi_t m, res; - opaque *edata, *ps; - size_t k, psize; - size_t mod_bits; - - mod_bits = MHD__gnutls_mpi_get_nbits (params[0]); - k = mod_bits / 8; - if (mod_bits % 8 != 0) - k++; - - if (plaintext->size > k - 11) - { - MHD_gnutls_assert (); - return GNUTLS_E_PK_ENCRYPTION_FAILED; - } - - edata = MHD_gnutls_alloca (k); - if (edata == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - /* EB = 00||BT||PS||00||D - * (use block type 'btype') - */ - - edata[0] = 0; - edata[1] = btype; - psize = k - 3 - plaintext->size; - - ps = &edata[2]; - switch (btype) - { - case 2: - /* using public key */ - if (params_len < RSA_PUBLIC_PARAMS) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (MHD_gc_pseudo_random ((char *) ps, psize) != GC_OK) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_RANDOM_FAILED; - } - for (i = 0; i < psize; i++) - while (ps[i] == 0) - { - if (MHD_gc_pseudo_random ((char *) &ps[i], 1) != GC_OK) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_RANDOM_FAILED; - } - } - break; - case 1: - /* using private key */ - - if (params_len < RSA_PRIVATE_PARAMS) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_INTERNAL_ERROR; - } - - for (i = 0; i < psize; i++) - ps[i] = 0xff; - break; - default: - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_INTERNAL_ERROR; - } - - ps[psize] = 0; - memcpy (&ps[psize + 1], plaintext->data, plaintext->size); - - if (MHD_gtls_mpi_scan_nz (&m, edata, &k) != 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_MPI_SCAN_FAILED; - } - MHD_gnutls_afree (edata); - - if (btype == 2) /* encrypt */ - ret = MHD__gnutls_pk_encrypt (GCRY_PK_RSA, &res, m, params, params_len); - else /* sign */ - ret = MHD__gnutls_pk_sign (GCRY_PK_RSA, &res, m, params, params_len); - - MHD_gtls_mpi_release (&m); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gtls_mpi_print (NULL, &psize, res); - - if (psize < k) - { - /* padding psize */ - pad = k - psize; - psize = k; - } - else if (psize == k) - { - pad = 0; - } - else - { /* psize > k !!! */ - /* This is an impossible situation */ - MHD_gnutls_assert (); - MHD_gtls_mpi_release (&res); - return GNUTLS_E_INTERNAL_ERROR; - } - - ciphertext->data = MHD_gnutls_malloc (psize); - if (ciphertext->data == NULL) - { - MHD_gnutls_assert (); - MHD_gtls_mpi_release (&res); - return GNUTLS_E_MEMORY_ERROR; - } - MHD_gtls_mpi_print (&ciphertext->data[pad], &psize, res); - for (i = 0; i < pad; i++) - ciphertext->data[i] = 0; - - ciphertext->size = k; - - MHD_gtls_mpi_release (&res); - - return 0; -} - - -/* Do PKCS-1 RSA decryption. - * params is modulus, public exp., private key - * Can decrypt block type 1 and type 2 packets. - */ -int -MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext, - const MHD_gnutls_datum_t * ciphertext, - mpi_t * params, unsigned params_len, - unsigned btype) -{ - unsigned k, i; - int ret; - mpi_t c, res; - opaque *edata; - size_t esize, mod_bits; - - mod_bits = MHD__gnutls_mpi_get_nbits (params[0]); - k = mod_bits / 8; - if (mod_bits % 8 != 0) - k++; - - esize = ciphertext->size; - - if (esize != k) - { - MHD_gnutls_assert (); - return GNUTLS_E_PK_DECRYPTION_FAILED; - } - - if (MHD_gtls_mpi_scan_nz (&c, ciphertext->data, &esize) != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* we can use btype to see if the private key is - * available. - */ - if (btype == 2) - ret = MHD__gnutls_pk_decrypt (GCRY_PK_RSA, &res, c, params, params_len); - else - { - ret = MHD__gnutls_pk_encrypt (GCRY_PK_RSA, &res, c, params, params_len); - } - MHD_gtls_mpi_release (&c); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gtls_mpi_print (NULL, &esize, res); - edata = MHD_gnutls_alloca (esize + 1); - if (edata == NULL) - { - MHD_gnutls_assert (); - MHD_gtls_mpi_release (&res); - return GNUTLS_E_MEMORY_ERROR; - } - MHD_gtls_mpi_print (&edata[1], &esize, res); - - MHD_gtls_mpi_release (&res); - - /* EB = 00||BT||PS||00||D - * (use block type 'btype') - * - * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to - * avoid attacks similar to the one described by Bleichenbacher in: - * "Chosen Ciphertext Attacks against Protocols Based on RSA - * Encryption Standard PKCS #1". - */ - - - edata[0] = 0; - esize++; - - if (edata[0] != 0 || edata[1] != btype) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_DECRYPTION_FAILED; - } - - ret = GNUTLS_E_DECRYPTION_FAILED; - switch (btype) - { - case 2: - for (i = 2; i < esize; i++) - { - if (edata[i] == 0) - { - ret = 0; - break; - } - } - break; - case 1: - for (i = 2; i < esize; i++) - { - if (edata[i] == 0 && i > 2) - { - ret = 0; - break; - } - if (edata[i] != 0xff) - { - MHD__gnutls_handshake_log ("PKCS #1 padding error"); - /* PKCS #1 padding error. Don't use - GNUTLS_E_PKCS1_WRONG_PAD here. */ - break; - } - } - break; - default: - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_DECRYPTION_FAILED; - } - i++; - - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_DECRYPTION_FAILED; - } - - if (MHD__gnutls_sset_datum (plaintext, &edata[i], esize - i) < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_afree (edata); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD_gnutls_afree (edata); - - return 0; -} - - -int -MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata, - const MHD_gnutls_datum_t * ciphertext, mpi_t * params, - int params_len, int btype) -{ - - MHD_gnutls_datum_t plain; - int ret; - - /* decrypt signature */ - if ((ret = - MHD_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, - btype)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (plain.size != vdata->size) - { - MHD_gnutls_assert (); - MHD__gnutls_free_datum (&plain); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; - } - - if (memcmp (plain.data, vdata->data, plain.size) != 0) - { - MHD_gnutls_assert (); - MHD__gnutls_free_datum (&plain); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; - } - - MHD__gnutls_free_datum (&plain); - - return 0; /* ok */ -} - - -/* this is taken from gnupg - */ - -/**************** - * Emulate our old PK interface here - sometime in the future we might - * change the internal design to directly fit to libgcrypt. - */ -static int -MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data, - mpi_t * pkey, int pkey_len) -{ - gcry_sexp_t s_ciph, s_data, s_pkey; - int rc = -1; - - /* make a sexp from pkey */ - switch (algo) - { - case GCRY_PK_RSA: - if (pkey_len >= 2) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(rsa(n%m)(e%m)))", - pkey[0], pkey[1]); - break; - - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (rc != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_data, NULL, "%m", data)) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_pkey); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* pass it to libgcrypt */ - rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey); - gcry_sexp_release (s_data); - gcry_sexp_release (s_pkey); - - if (rc != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_PK_ENCRYPTION_FAILED; - - } - else - { /* add better error handling or make gnupg use S-Exp directly */ - gcry_sexp_t list = gcry_sexp_find_token (s_ciph, "a", 0); - if (list == NULL) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_ciph); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - if (resarr[0] == NULL) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_ciph); - return GNUTLS_E_INTERNAL_ERROR; - } - } - - gcry_sexp_release (s_ciph); - return rc; -} - -static int -MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey, - int pkey_len) -{ - gcry_sexp_t s_plain, s_data, s_pkey; - int rc = -1; - - /* make a sexp from pkey */ - switch (algo) - { - case GCRY_PK_RSA: - if (pkey_len >= 6) - rc = gcry_sexp_build (&s_pkey, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pkey[0], pkey[1], pkey[2], pkey[3], - pkey[4], pkey[5]); - break; - - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (rc != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data)) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_pkey); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* pass it to libgcrypt */ - rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey); - gcry_sexp_release (s_data); - gcry_sexp_release (s_pkey); - - if (rc != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_PK_DECRYPTION_FAILED; - - } - else - { /* add better error handling or make gnupg use S-Exp directly */ - resarr[0] = gcry_sexp_nth_mpi (s_plain, 0, 0); - - if (resarr[0] == NULL) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_plain); - return GNUTLS_E_INTERNAL_ERROR; - } - } - - gcry_sexp_release (s_plain); - return rc; -} - - -/* in case of DSA puts into data, r,s - */ -static int -MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, mpi_t * pkey, - int pkey_len) -{ - gcry_sexp_t s_hash, s_key, s_sig; - int rc = -1; - - /* make a sexp from pkey */ - switch (algo) - { - case GCRY_PK_DSA: - if (pkey_len >= 5) - rc = gcry_sexp_build (&s_key, NULL, - "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", - pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]); - else - { - MHD_gnutls_assert (); - } - - break; - case GCRY_PK_RSA: - if (pkey_len >= 6) - rc = gcry_sexp_build (&s_key, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pkey[0], pkey[1], pkey[2], pkey[3], - pkey[4], pkey[5]); - else - { - MHD_gnutls_assert (); - } - break; - - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (rc != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_hash, NULL, "%m", hash)) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* pass it to libgcrypt */ - rc = gcry_pk_sign (&s_sig, s_hash, s_key); - gcry_sexp_release (s_hash); - gcry_sexp_release (s_key); - - if (rc != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_PK_SIGN_FAILED; - - } - else - { - gcry_sexp_t list; - - if (algo == GCRY_PK_DSA) - { - list = gcry_sexp_find_token (s_sig, "r", 0); - if (list == NULL) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_sig); - return GNUTLS_E_INTERNAL_ERROR; - } - - data[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (s_sig, "s", 0); - if (list == NULL) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_sig); - return GNUTLS_E_INTERNAL_ERROR; - } - - data[1] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - } - else - { /* GCRY_PK_RSA */ - list = gcry_sexp_find_token (s_sig, "s", 0); - if (list == NULL) - { - MHD_gnutls_assert (); - gcry_sexp_release (s_sig); - return GNUTLS_E_INTERNAL_ERROR; - } - - data[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - } - } - - gcry_sexp_release (s_sig); - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_pk.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_pk.h deleted file mode 100644 index 4653e76e1c..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_pk.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_PK_H -#define GNUTLS_PK_H - -int MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext, - const MHD_gnutls_datum_t * plaintext, - mpi_t * params, unsigned params_len, - unsigned btype); -int MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext, - const MHD_gnutls_datum_t * ciphertext, - mpi_t * params, unsigned params_len, - unsigned btype); -int MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata, - const MHD_gnutls_datum_t * ciphertext, - mpi_t * params, int params_len, int btype); - -#endif /* GNUTLS_PK_H */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_priority.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_priority.c deleted file mode 100644 index 035c53dc4c..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_priority.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Here lies the code of the MHD_gnutls_*_set_priority() functions. - */ - -#include "gnutls_int.h" -#include "gnutls_algorithms.h" -#include "gnutls_errors.h" -#include <gnutls_num.h> - -#define MAX_ELEMENTS 48 - -static int -_set_priority (MHD_gtls_priority_st * st, const int *list) -{ - int num = 0; - - while ((list[num] != 0) && (num < MAX_ALGOS)) - num++; - st->num_algorithms = num; - memcpy (st->priority, list, num * sizeof (int)); - return 0; -} - -static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1, - MHD_GNUTLS_PROTOCOL_TLS1_0, - MHD_GNUTLS_PROTOCOL_SSL3, - 0 -}; - -static const int MHD_gtls_cipher_priority_secure256[] = - { MHD_GNUTLS_CIPHER_AES_256_CBC, - 0 -}; - -static const int MHD_gtls_kx_priority_secure[] = { MHD_GNUTLS_KX_RSA, - 0 -}; - -static const int MHD_gtls_mac_priority_secure[] = { MHD_GNUTLS_MAC_SHA1, - 0 -}; - -static int MHD_gtls_cert_type_priority[] = { MHD_GNUTLS_CRT_X509, - 0 -}; - -static const int MHD_gtls_comp_priority[] = { MHD_GNUTLS_COMP_NULL, - 0 -}; - -/** - * MHD__gnutls_priority_set - Sets priorities for the cipher suites supported by gnutls. - * @session: is a #MHD_gtls_session_t structure. - * @priority: is a #MHD_gnutls_priority_t structure. - * - * Sets the priorities to use on the ciphers, key exchange methods, - * macs and compression methods. - * - * On success 0 is returned. - * - **/ -int -MHD__gnutls_priority_set (MHD_gtls_session_t session, - MHD_gnutls_priority_t priority) -{ - if (priority == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_NO_CIPHER_SUITES; - } - - memcpy (&session->internals.priorities, priority, - sizeof (struct MHD_gtls_priority_st)); - - return 0; -} - -/** - * MHD_tls_set_default_priority - Sets priorities for the cipher suites supported by gnutls. - * @priority_cache: is a #MHD_gnutls_prioritity_t structure. - * @priorities: is a string describing priorities - * @err_pos: In case of an error this will have the position in the string the error occured - * - * Sets priorities for the ciphers, key exchange methods, macs and - * compression methods. This is to avoid using the - * MHD_gnutls_*_priority() functions. - * - * The #priorities option allows you to specify a semi-colon - * separated list of the cipher priorities to enable. - * - * Unless the first keyword is "NONE" the defaults are: - * Protocols: TLS1.1, TLS1.0, and SSL3.0. - * Compression: NULL. - * Certificate types: X.509, OpenPGP. - * - * You can also use predefined sets of ciphersuites: "PERFORMANCE" - * all the "secure" ciphersuites are enabled, limited to 128 bit - * ciphers and sorted by terms of speed performance. - * - * "NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers - * are included as a fallback only. The ciphers are sorted by security margin. - * - * "SECURE128" flag enables all "secure" ciphersuites with ciphers up to - * 128 bits, sorted by security margin. - * - * "SECURE256" flag enables all "secure" ciphersuites including the 256 bit - * ciphers, sorted by security margin. - * - * "EXPORT" all the ciphersuites are enabled, including the - * low-security 40 bit ciphers. - * - * "NONE" nothing is enabled. This disables even protocols and - * compression methods. - * - * Special keywords: - * '!' or '-' appended with an algorithm will remove this algorithm. - * '+' appended with an algorithm will add this algorithm. - * '%COMPAT' will enable compatibility features for a server. - * - * To avoid collisions in order to specify a compression algorithm in - * this string you have to prefix it with "COMP-", protocol versions - * with "VERS-" and certificate types with "CTYPE-". All other - * algorithms don't need a prefix. - * - * For key exchange algorithms when in NORMAL or SECURE levels the - * perfect forward secrecy algorithms take precendence of the other - * protocols. In all cases all the supported key exchange algorithms - * are enabled (except for the RSA-EXPORT which is only enabled in - * EXPORT level). - * - * Note that although one can select very long key sizes (such as 256 bits) - * for symmetric algorithms, to actually increase security the public key - * algorithms have to use longer key sizes as well. - * - * Examples: "NORMAL:!AES-128-CBC", - * "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE:+CTYPE-OPENPGP", - * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL", - * "NORMAL:%COMPAT". - * - * Returns: On syntax error GNUTLS_E_INVALID_REQUEST is returned and - * 0 on success. - **/ -int -MHD_tls_set_default_priority (MHD_gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos) -{ - *priority_cache = - MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st)); - if (*priority_cache == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - /* set mode to "SECURE256" */ - _set_priority (&(*priority_cache)->protocol, MHD_gtls_protocol_priority); - _set_priority (&(*priority_cache)->cipher, - MHD_gtls_cipher_priority_secure256); - _set_priority (&(*priority_cache)->kx, MHD_gtls_kx_priority_secure); - _set_priority (&(*priority_cache)->mac, MHD_gtls_mac_priority_secure); - _set_priority (&(*priority_cache)->cert_type, MHD_gtls_cert_type_priority); - _set_priority (&(*priority_cache)->compression, MHD_gtls_comp_priority); - - (*priority_cache)->no_padding = 0; - return 0; -} - -/** - * MHD__gnutls_priority_deinit - Deinitialize the priorities cache for the cipher suites supported by gnutls. - * @priority_cache: is a #MHD_gnutls_prioritity_t structure. - * - * Deinitializes the priority cache. - * - **/ -void -MHD__gnutls_priority_deinit (MHD_gnutls_priority_t priority_cache) -{ - MHD_gnutls_free (priority_cache); -} - -/** - * MHD__gnutls_priority_set_direct - Sets priorities for the cipher suites supported by gnutls. - * @session: is a #MHD_gtls_session_t structure. - * @priorities: is a string describing priorities - * @err_pos: In case of an error this will have the position in the string the error occured - * - * Sets the priorities to use on the ciphers, key exchange methods, - * macs and compression methods. This function avoids keeping a - * priority cache and is used to directly set string priorities to a - * TLS session. For documentation check the MHD_tls_set_default_priority(). - * - * On syntax error GNUTLS_E_INVALID_REQUEST is returned and 0 on success. - * - **/ -int -MHD__gnutls_priority_set_direct (MHD_gtls_session_t session, - const char *priorities, const char **err_pos) -{ - MHD_gnutls_priority_t prio; - int ret; - - ret = MHD_tls_set_default_priority (&prio, priorities, err_pos); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD__gnutls_priority_set (session, prio); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD__gnutls_priority_deinit (prio); - - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_record.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_record.c deleted file mode 100644 index 07a7b46c47..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_record.c +++ /dev/null @@ -1,1087 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions that are record layer specific, are included in this file. - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include "debug.h" -#include "gnutls_cipher.h" -#include "gnutls_buffers.h" -#include "gnutls_handshake.h" -#include "gnutls_hash_int.h" -#include "gnutls_cipher_int.h" -#include "gnutls_algorithms.h" -#include "gnutls_auth_int.h" -#include "gnutls_num.h" -#include "gnutls_record.h" -#include "gnutls_datum.h" -#include "ext_max_record.h" -#include <gnutls_state.h> -#include <gnutls_dh.h> - -/** - * MHD__gnutls_protocol_get_version - Returns the version of the currently used protocol - * @session: is a #MHD_gtls_session_t structure. - * - * Returns: the version of the currently used protocol. - **/ -enum MHD_GNUTLS_Protocol -MHD__gnutls_protocol_get_version (MHD_gtls_session_t session) -{ - return session->security_parameters.version; -} - -void -MHD_gtls_set_current_version (MHD_gtls_session_t session, - enum MHD_GNUTLS_Protocol version) -{ - session->security_parameters.version = version; -} - -/** - * MHD__gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data. - * @session: is a #MHD_gtls_session_t structure. - * @num: is the low water value. - * - * Used to set the lowat value in order for select to check if there - * are pending data to socket buffer. Used only if you have changed - * the default low water value (default is 1). Normally you will not - * need that function. This function is only useful if using - * berkeley style sockets. Otherwise it must be called and set lowat - * to zero. - **/ -void -MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num) -{ - session->internals.lowat = num; -} - -/** - * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions - * @session: is a #MHD_gtls_session_t structure. - * @ptr: is the value. - * - * Used to set the first argument of the transport function (like - * PUSH and PULL). In berkeley style sockets this function will set - * the connection handle. - **/ -void -MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session, - MHD_gnutls_transport_ptr_t ptr) -{ - session->internals.transport_recv_ptr = ptr; - session->internals.transport_send_ptr = ptr; -} - -/** - * MHD__gnutls_bye - This function terminates the current TLS/SSL connection. - * @session: is a #MHD_gtls_session_t structure. - * @how: is an integer - * - * Terminates the current TLS/SSL connection. The connection should - * have been initiated using MHD__gnutls_handshake(). @how should be one - * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR. - * - * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets - * terminated and further receives and sends will be disallowed. If - * the return value is zero you may continue using the connection. - * %GNUTLS_SHUT_RDWR actually sends an alert containing a close - * request and waits for the peer to reply with the same message. - * - * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated - * and further sends will be disallowed. In order to reuse the - * connection you should wait for an EOF from the peer. - * %GNUTLS_SHUT_WR sends an alert containing a close request. - * - * Note that not all implementations will properly terminate a TLS - * connection. Some of them, usually for performance reasons, will - * terminate only the underlying transport layer, thus causing a - * transmission error to the peer. This error cannot be - * distinguished from a malicious party prematurely terminating the - * session, thus this behavior is not recommended. - * - * This function may also return %GNUTLS_E_AGAIN or - * %GNUTLS_E_INTERRUPTED; cf. MHD__gnutls_record_get_direction(). - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see - * function documentation for entire semantics. - **/ -int -MHD__gnutls_bye (MHD_gtls_session_t session, MHD_gnutls_close_request_t how) -{ - int ret = 0; - - switch (STATE) - { - case STATE0: - case STATE60: - ret = MHD_gtls_io_write_flush (session); - STATE = STATE60; - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - case STATE61: - ret = - MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING, - GNUTLS_A_CLOSE_NOTIFY); - STATE = STATE61; - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - case STATE62: - STATE = STATE62; - if (how == GNUTLS_SHUT_RDWR) - { - do - { - MHD_gtls_io_clear_peeked_data (session); - ret = MHD_gtls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0); - } - while (ret == GNUTLS_E_GOT_APPLICATION_DATA); - - if (ret >= 0) - session->internals.may_not_read = 1; - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - STATE = STATE62; - - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - STATE = STATE0; - - session->internals.may_not_write = 1; - return 0; -} - -inline static void -session_invalidate (MHD_gtls_session_t session) -{ - session->internals.valid_connection = VALID_FALSE; -} - -inline static void -session_unresumable (MHD_gtls_session_t session) -{ - session->internals.resumable = RESUME_FALSE; -} - -/* returns 0 if session is valid - */ -inline static int -session_is_valid (MHD_gtls_session_t session) -{ - if (session->internals.valid_connection == VALID_FALSE) - return GNUTLS_E_INVALID_SESSION; - - return 0; -} - -/* Copies the record version into the headers. The - * version must have 2 bytes at least. - */ -inline static void -copy_record_version (MHD_gtls_session_t session, - MHD_gnutls_handshake_description_t htype, - opaque version[2]) -{ - enum MHD_GNUTLS_Protocol lver; - - if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO - || session->internals.default_record_version[0] == 0) - { - lver = MHD__gnutls_protocol_get_version (session); - - version[0] = MHD_gtls_version_get_major (lver); - version[1] = MHD_gtls_version_get_minor (lver); - } - else - { - version[0] = session->internals.default_record_version[0]; - version[1] = session->internals.default_record_version[1]; - } -} - -/* This function behaves exactly like write(). The only difference is - * that it accepts, the MHD_gtls_session_t and the content_type_t of data to - * send (if called by the user the Content is specific) - * It is intended to transfer data, under the current session. - * - * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE. - * This makes the function much easier to read, and more error resistant - * (there were cases were the old function could mess everything up). - * --nmav - * - * This function may accept a NULL pointer for data, and 0 for size, if - * and only if the previous send was interrupted for some reason. - * - */ -ssize_t -MHD_gtls_send_int (MHD_gtls_session_t session, - content_type_t type, - MHD_gnutls_handshake_description_t htype, - const void *_data, size_t sizeofdata) -{ - uint8_t *cipher; - int cipher_size; - int retval, ret; - int data2send_size; - uint8_t headers[5]; - const uint8_t *data = _data; - - /* Do not allow null pointer if the send buffer is empty. - * If the previous send was interrupted then a null pointer is - * ok, and means to resume. - */ - if (session->internals.record_send_buffer.length == 0 && (sizeofdata == 0 - && _data == NULL)) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (type != GNUTLS_ALERT) /* alert messages are sent anyway */ - if (session_is_valid (session) || session->internals.may_not_write != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_SESSION; - } - - headers[0] = type; - - /* Use the default record version, if it is - * set. - */ - copy_record_version (session, htype, &headers[1]); - - MHD__gnutls_record_log - ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, - (int) MHD_gtls_uint64touint32 (&session->connection_state. - write_sequence_number), - MHD__gnutls_packet2str (type), type, sizeofdata); - - if (sizeofdata > MAX_RECORD_SEND_SIZE) - data2send_size = MAX_RECORD_SEND_SIZE; - else - data2send_size = sizeofdata; - - /* Only encrypt if we don't have data to send - * from the previous run. - probably interrupted. - */ - if (session->internals.record_send_buffer.length > 0) - { - ret = MHD_gtls_io_write_flush (session); - if (ret > 0) - cipher_size = ret; - else - cipher_size = 0; - - cipher = NULL; - - retval = session->internals.record_send_buffer_user_size; - } - else - { - /* now proceed to packet encryption - */ - cipher_size = data2send_size + MAX_RECORD_OVERHEAD; - cipher = MHD_gnutls_malloc (cipher_size); - if (cipher == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - cipher_size = - MHD_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data, - data2send_size, cipher, cipher_size, type, - (session->internals.priorities.no_padding == - 0) ? 1 : 0); - if (cipher_size <= 0) - { - MHD_gnutls_assert (); - if (cipher_size == 0) - cipher_size = GNUTLS_E_ENCRYPTION_FAILED; - MHD_gnutls_free (cipher); - return cipher_size; /* error */ - } - - retval = data2send_size; - session->internals.record_send_buffer_user_size = data2send_size; - - /* increase sequence number - */ - if (MHD_gtls_uint64pp - (&session->connection_state.write_sequence_number) != 0) - { - session_invalidate (session); - MHD_gnutls_assert (); - MHD_gnutls_free (cipher); - return GNUTLS_E_RECORD_LIMIT_REACHED; - } - - ret = MHD_gtls_io_write_buffered (session, cipher, cipher_size); - MHD_gnutls_free (cipher); - } - - if (ret != cipher_size) - { - if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) - { - /* If we have sent any data then just return - * the error value. Do not invalidate the session. - */ - MHD_gnutls_assert (); - return ret; - } - - if (ret > 0) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - } - session_unresumable (session); - session->internals.may_not_write = 1; - MHD_gnutls_assert (); - return ret; - } - - session->internals.record_send_buffer_user_size = 0; - - MHD__gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", - session, - (int) - MHD_gtls_uint64touint32 - (&session->connection_state.write_sequence_number), - MHD__gnutls_packet2str (type), type, cipher_size); - - return retval; -} - -/* This function is to be called if the handshake was successfully - * completed. This sends a Change Cipher Spec packet to the peer. - */ -ssize_t -MHD_gtls_send_change_cipher_spec (MHD_gtls_session_t session, int again) -{ - static const opaque data[1] = { - GNUTLS_TYPE_CHANGE_CIPHER_SPEC - }; - - MHD__gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); - - if (again == 0) - return MHD_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, - 1); - else - { - return MHD_gtls_io_write_flush (session); - } -} - -inline static int -check_recv_type (content_type_t recv_type) -{ - switch (recv_type) - { - case GNUTLS_CHANGE_CIPHER_SPEC: - case GNUTLS_ALERT: - case GNUTLS_HANDSHAKE: - case GNUTLS_APPLICATION_DATA: - case GNUTLS_INNER_APPLICATION: - return 0; - default: - MHD_gnutls_assert (); - return GNUTLS_A_UNEXPECTED_MESSAGE; - } - -} - -/* Checks if there are pending data in the record buffers. If there are - * then it copies the data. - */ -static int -check_buffers (MHD_gtls_session_t session, - content_type_t type, opaque * data, int sizeofdata) -{ - if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type - == GNUTLS_INNER_APPLICATION) - && MHD_gnutls_record_buffer_get_size (type, session) > 0) - { - int ret, ret2; - ret = MHD_gtls_record_buffer_get (type, session, data, sizeofdata); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* if the buffer just got empty */ - if (MHD_gnutls_record_buffer_get_size (type, session) == 0) - { - if ((ret2 = MHD_gtls_io_clear_peeked_data (session)) < 0) - { - MHD_gnutls_assert (); - return ret2; - } - } - - return ret; - } - - return 0; -} - -/* Checks the record headers and returns the length, version and - * content type. - */ -static int -record_check_headers (MHD_gtls_session_t session, - uint8_t headers[RECORD_HEADER_SIZE], - content_type_t type, - MHD_gnutls_handshake_description_t htype, - /*output */ content_type_t * recv_type, - opaque version[2], - uint16_t * length, uint16_t * header_size) -{ - - /* Read the first two bytes to determine if this is a - * version 2 message - */ - - if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE - && headers[0] > 127) - { - - /* if msb set and expecting handshake message - * it should be SSL 2 hello - */ - version[0] = 3; /* assume SSL 3.0 */ - version[1] = 0; - - *length = (((headers[0] & 0x7f) << 8)) | headers[1]; - - /* SSL 2.0 headers */ - *header_size = 2; - *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello - */ - - /* in order to assist the handshake protocol. - * V2 compatibility is a mess. - */ - session->internals.v2_hello = *length; - - MHD__gnutls_record_log ("REC[%x]: V2 packet received. Length: %d\n", - session, *length); - - } - else - { - /* version 3.x */ - *recv_type = headers[0]; - version[0] = headers[1]; - version[1] = headers[2]; - - /* No DECR_LEN, since headers has enough size. - */ - *length = MHD_gtls_read_uint16 (&headers[3]); - } - - return 0; -} - -/* Here we check if the advertized version is the one we - * negotiated in the handshake. - */ -inline static int -record_check_version (MHD_gtls_session_t session, - MHD_gnutls_handshake_description_t htype, - opaque version[2]) -{ - if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) - { - /* Reject hello packets with major version higher than 3. - */ - if (version[0] > 3) - { - MHD_gnutls_assert (); - MHD__gnutls_record_log - ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session, - htype, version[0], version[1]); - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; - } - } - else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO - && MHD__gnutls_protocol_get_version (session) - != MHD_gtls_version_get (version[0], version[1])) - { - /* Reject record packets that have a different version than the - * one negotiated. Note that this version is not protected by any - * mac. I don't really think that this check serves any purpose. - */ - MHD_gnutls_assert (); - MHD__gnutls_record_log ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", - session, htype, version[0], version[1]); - - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; - } - - return 0; -} - -/* This function will check if the received record type is - * the one we actually expect. - */ -static int -record_check_type (MHD_gtls_session_t session, - content_type_t recv_type, - content_type_t type, - MHD_gnutls_handshake_description_t htype, - opaque * data, int data_size) -{ - - int ret; - - if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type - == GNUTLS_HANDSHAKE - || type == GNUTLS_INNER_APPLICATION)) - { - MHD_gnutls_record_buffer_put (type, session, (void *) data, data_size); - } - else - { - switch (recv_type) - { - case GNUTLS_ALERT: - - MHD__gnutls_record_log - ("REC[%x]: Alert[%d|%d] - %s - was received\n", session, - data[0], data[1], MHD__gnutls_alert_get_name ((int) data[1])); - - session->internals.last_alert = data[1]; - session->internals.last_alert_level = data[0]; - - /* if close notify is received and - * the alert is not fatal - */ - if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) - { - /* If we have been expecting for an alert do - */ - session->internals.read_eof = 1; - return GNUTLS_E_INT_RET_0; /* EOF */ - } - else - { - - /* if the alert is FATAL or WARNING - * return the apropriate message - */ - MHD_gnutls_assert (); - ret = GNUTLS_E_WARNING_ALERT_RECEIVED; - if (data[0] == GNUTLS_AL_FATAL) - { - session_unresumable (session); - session_invalidate (session); - ret = GNUTLS_E_FATAL_ALERT_RECEIVED; - } - - return ret; - } - break; - - case GNUTLS_CHANGE_CIPHER_SPEC: - /* this packet is now handled in the recv_int() - * function - */ - MHD_gnutls_assert (); - - return GNUTLS_E_UNEXPECTED_PACKET; - - case GNUTLS_APPLICATION_DATA: - /* even if data is unexpected put it into the buffer */ - if ((ret = - MHD_gnutls_record_buffer_put (recv_type, session, - (void *) data, data_size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* the got_application data is only returned - * if expecting client hello (for rehandshake - * reasons). Otherwise it is an unexpected packet - */ - if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO - && type == GNUTLS_HANDSHAKE)) - return GNUTLS_E_GOT_APPLICATION_DATA; - else - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - } - - break; - case GNUTLS_HANDSHAKE: - /* This is legal if HELLO_REQUEST is received - and we are a client. - * If we are a server, a client may initiate a renegotiation at any time. - */ - if (session->security_parameters.entity == GNUTLS_SERVER) - { - MHD_gnutls_assert (); - return GNUTLS_E_REHANDSHAKE; - } - - /* If we are already in a handshake then a Hello - * Request is illegal. But here we don't really care - * since this message will never make it up here. - */ - - /* So we accept it */ - return MHD_gtls_recv_hello_request (session, data, data_size); - - break; - case GNUTLS_INNER_APPLICATION: - /* even if data is unexpected put it into the buffer */ - if ((ret = - MHD_gnutls_record_buffer_put (recv_type, session, - (void *) data, data_size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - break; - default: - - MHD__gnutls_record_log - ("REC[%x]: Received Unknown packet %d expecting %d\n", - session, recv_type, type); - - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - } - - return 0; - -} - -/* This function will return the internal (per session) temporary - * recv buffer. If the buffer was not initialized before it will - * also initialize it. - */ -inline static int -get_temp_recv_buffer (MHD_gtls_session_t session, MHD_gnutls_datum_t * tmp) -{ - size_t max_record_size; - - max_record_size = MAX_RECORD_RECV_SIZE; - - /* We allocate MAX_RECORD_RECV_SIZE length - * because we cannot predict the output data by the record - * packet length (due to compression). - */ - - if (max_record_size > session->internals.recv_buffer.size - || session->internals.recv_buffer.data == NULL) - { - - /* Initialize the internal buffer. - */ - session->internals.recv_buffer.data - = - MHD_gnutls_realloc (session->internals.recv_buffer.data, - max_record_size); - - if (session->internals.recv_buffer.data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - session->internals.recv_buffer.size = max_record_size; - } - - tmp->data = session->internals.recv_buffer.data; - tmp->size = session->internals.recv_buffer.size; - - return 0; -} - -#define MAX_EMPTY_PACKETS_SEQUENCE 4 - -/* This function behaves exactly like read(). The only difference is - * that it accepts the MHD_gtls_session_t and the content_type_t of data to - * receive (if called by the user the Content is Userdata only) - * It is intended to receive data, under the current session. - * - * The MHD_gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos. - */ -ssize_t -MHD_gtls_recv_int (MHD_gtls_session_t session, - content_type_t type, - MHD_gnutls_handshake_description_t htype, - opaque * data, size_t sizeofdata) -{ - MHD_gnutls_datum_t tmp; - int decrypted_length; - opaque version[2]; - uint8_t *headers; - content_type_t recv_type; - uint16_t length; - uint8_t *ciphertext; - uint8_t *recv_data; - int ret, ret2; - uint16_t header_size; - int empty_packet = 0; - - if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL)) - { - return GNUTLS_E_INVALID_REQUEST; - } - -begin: - - if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) - { - MHD_gnutls_assert (); - return GNUTLS_E_TOO_MANY_EMPTY_PACKETS; - } - - if (session->internals.read_eof != 0) - { - /* if we have already read an EOF - */ - return 0; - } - else if (session_is_valid (session) != 0 || session->internals.may_not_read - != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_SESSION; - } - - /* If we have enough data in the cache do not bother receiving - * a new packet. (in order to flush the cache) - */ - ret = check_buffers (session, type, data, sizeofdata); - if (ret != 0) - return ret; - - /* default headers for TLS 1.0 - */ - header_size = RECORD_HEADER_SIZE; - - if ((ret = MHD_gtls_io_read_buffered (session, &headers, header_size, -1)) - != header_size) - { - if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) - return ret; - - session_invalidate (session); - if (type == GNUTLS_ALERT) - { - MHD_gnutls_assert (); - return 0; /* we were expecting close notify */ - } - session_unresumable (session); - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - if ((ret = record_check_headers (session, headers, type, htype, &recv_type, - version, &length, &header_size)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* Here we check if the Type of the received packet is - * ok. - */ - if ((ret = check_recv_type (recv_type)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* Here we check if the advertized version is the one we - * negotiated in the handshake. - */ - if ((ret = record_check_version (session, htype, version)) < 0) - { - MHD_gnutls_assert (); - session_invalidate (session); - return ret; - } - - MHD__gnutls_record_log - ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, - (int) MHD_gtls_uint64touint32 (&session->connection_state. - read_sequence_number), - MHD__gnutls_packet2str (type), type, sizeofdata); - MHD__gnutls_record_log - ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, - (int) MHD_gtls_uint64touint32 (&session->connection_state. - read_sequence_number), - MHD__gnutls_packet2str (recv_type), recv_type, length); - - if (length > MAX_RECV_SIZE) - { - MHD__gnutls_record_log - ("REC[%x]: FATAL ERROR: Received packet with length: %d\n", - session, length); - - session_unresumable (session); - session_invalidate (session); - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - /* check if we have that data into buffer. - */ - if ((ret = MHD_gtls_io_read_buffered (session, &recv_data, - header_size + length, recv_type)) - != header_size + length) - { - if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0) - return ret; - - session_unresumable (session); - session_invalidate (session); - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - /* ok now we are sure that we can read all the data - so - * move on ! - */ - MHD_gtls_io_clear_read_buffer (session); - ciphertext = &recv_data[header_size]; - - ret = get_temp_recv_buffer (session, &tmp); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* decrypt the data we got. */ - ret = MHD_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size, - recv_type); - if (ret < 0) - { - session_unresumable (session); - session_invalidate (session); - MHD_gnutls_assert (); - return ret; - } - decrypted_length = ret; - - /* Check if this is a CHANGE_CIPHER_SPEC - */ - if (type == GNUTLS_CHANGE_CIPHER_SPEC && recv_type - == GNUTLS_CHANGE_CIPHER_SPEC) - { - - MHD__gnutls_record_log - ("REC[%x]: ChangeCipherSpec Packet was received\n", session); - - if ((size_t) ret != sizeofdata) - { /* sizeofdata should be 1 */ - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - memcpy (data, tmp.data, sizeofdata); - - return ret; - } - - MHD__gnutls_record_log - ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, - (int) MHD_gtls_uint64touint32 (&session->connection_state. - read_sequence_number), - MHD__gnutls_packet2str (recv_type), recv_type, decrypted_length); - - /* increase sequence number - */ - if (MHD_gtls_uint64pp (&session->connection_state.read_sequence_number) != - 0) - { - session_invalidate (session); - MHD_gnutls_assert (); - return GNUTLS_E_RECORD_LIMIT_REACHED; - } - - /* check type - this will also invalidate sessions if a fatal alert has been received */ - ret = record_check_type (session, recv_type, type, htype, tmp.data, - decrypted_length); - if (ret < 0) - { - if (ret == GNUTLS_E_INT_RET_0) - return 0; - MHD_gnutls_assert (); - return ret; - } - - /* Get Application data from buffer - */ - if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type - == GNUTLS_HANDSHAKE - || type == GNUTLS_INNER_APPLICATION)) - { - - ret = MHD_gtls_record_buffer_get (type, session, data, sizeofdata); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* if the buffer just got empty - */ - if (MHD_gnutls_record_buffer_get_size (type, session) == 0) - { - if ((ret2 = MHD_gtls_io_clear_peeked_data (session)) < 0) - { - MHD_gnutls_assert (); - return ret2; - } - } - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - /* we didn't get what we wanted to - */ - } - - /* (originally for) TLS 1.0 CBC protection. - * Actually this code is called if we just received - * an empty packet. An empty TLS packet is usually - * sent to protect some vulnerabilities in the CBC mode. - * In that case we go to the beginning and start reading - * the next packet. - */ - if (ret == 0) - { - empty_packet++; - goto begin; - } - - return ret; -} - -/** - * MHD__gnutls_record_send - sends to the peer the specified data - * @session: is a #MHD_gtls_session_t structure. - * @data: contains the data to send - * @sizeofdata: is the length of the data - * - * This function has the similar semantics with send(). The only - * difference is that is accepts a GNUTLS session, and uses different - * error codes. - * - * Note that if the send buffer is full, send() will block this - * function. See the send() documentation for full information. You - * can replace the default push function by using - * MHD__gnutls_transport_set_ptr2() with a call to send() with a - * MSG_DONTWAIT flag if blocking is a problem. - * - * If the EINTR is returned by the internal push function (the - * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If - * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must - * call this function again, with the same parameters; alternatively - * you could provide a %NULL pointer for data, and 0 for - * size. cf. MHD__gnutls_record_get_direction(). - * - * Returns: the number of bytes sent, or a negative error code. The - * number of bytes sent might be less than @sizeofdata. The maximum - * number of bytes this function can send in a single call depends on - * the negotiated maximum record size. - **/ -ssize_t -MHD__gnutls_record_send (MHD_gtls_session_t session, - const void *data, size_t sizeofdata) -{ - return MHD_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, - sizeofdata); -} - -/** - * MHD__gnutls_record_recv - reads data from the TLS record protocol - * @session: is a #MHD_gtls_session_t structure. - * @data: the buffer that the data will be read into - * @sizeofdata: the number of requested bytes - * - * This function has the similar semantics with recv(). The only - * difference is that is accepts a GNUTLS session, and uses different - * error codes. - * - * In the special case that a server requests a renegotiation, the - * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This - * message may be simply ignored, replied with an alert containing - * NO_RENEGOTIATION, or replied with a new handshake, depending on - * the client's will. - * - * If %EINTR is returned by the internal push function (the default - * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If - * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must - * call this function again to get the data. See also - * MHD__gnutls_record_get_direction(). - * - * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has - * initiated a handshake. In that case the server can only initiate a - * handshake or terminate the connection. - * - * Returns: the number of bytes received and zero on EOF. A negative - * error code is returned in case of an error. The number of bytes - * received might be less than @sizeofdata. - **/ -ssize_t -MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data, - size_t sizeofdata) -{ - return MHD_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, - sizeofdata); -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_record.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_record.h deleted file mode 100644 index fe7300b62b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_record.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -ssize_t MHD_gtls_send_int (MHD_gtls_session_t session, content_type_t type, - MHD_gnutls_handshake_description_t htype, - const void *data, size_t sizeofdata); -ssize_t MHD_gtls_recv_int (MHD_gtls_session_t session, content_type_t type, - MHD_gnutls_handshake_description_t, opaque * data, - size_t sizeofdata); -ssize_t MHD_gtls_send_change_cipher_spec (MHD_gtls_session_t session, - int again); -void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c deleted file mode 100644 index 65f97c76a1..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains code for RSA temporary keys. These keys are - * only used in export cipher suites. - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_datum.h> -#include <gnutls_rsa_export.h> -#include "debug.h" -/* x509 */ -#include "x509.h" -#include "privkey.h" - -/* returns e and m, depends on the requested bits. - * We only support limited key sizes. - */ -const mpi_t * -MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t rsa_params) -{ - if (rsa_params == NULL) - { - return NULL; - } - return rsa_params->params; -} - - -/** - * MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA parameters - * @rsa_params: Is a structure that holds the parameters - * - * This function will deinitialize the RSA parameters structure. - * - **/ -void -MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params) -{ - MHD_gnutls_x509_privkey_deinit (rsa_params); -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h deleted file mode 100644 index a28f429733..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t); -int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_sig.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_sig.c deleted file mode 100644 index e27c468413..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_sig.c +++ /dev/null @@ -1,476 +0,0 @@ -/* - * Copyright (C) 2001, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <x509_b64.h> -#include <auth_cert.h> -#include <gnutls_cert.h> -#include <gnutls_datum.h> -#include <gnutls_mpi.h> -#include <gnutls_global.h> -#include <gnutls_pk.h> -#include <debug.h> -#include <gnutls_buffers.h> -#include <gnutls_sig.h> -#include <gnutls_kx.h> - -static int MHD__gnutls_tls_sign (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_privkey * pkey, - const MHD_gnutls_datum_t * hash_concat, - MHD_gnutls_datum_t * signature); - -/* Generates a signature of all the previous sent packets in the - * handshake procedure. (20040227: now it works for SSL 3.0 as well) - */ -int -MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_privkey * pkey, - MHD_gnutls_datum_t * signature) -{ - MHD_gnutls_datum_t dconcat; - int ret; - opaque concat[36]; - mac_hd_t td_md5; - mac_hd_t td_sha; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); - if (td_sha == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - if (ver == MHD_GNUTLS_PROTOCOL_SSL3) - { - ret = MHD_gtls_generate_master (session, 1); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - } - else - MHD_gnutls_hash_deinit (td_sha, &concat[16]); - - switch (cert->subject_pk_algorithm) - { - case MHD_GNUTLS_PK_RSA: - td_md5 = - MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); - if (td_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - if (ver == MHD_GNUTLS_PROTOCOL_SSL3) - MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - else - MHD_gnutls_hash_deinit (td_md5, concat); - - dconcat.data = concat; - dconcat.size = 36; - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = MHD__gnutls_tls_sign (session, cert, pkey, &dconcat, signature); - if (ret < 0) - { - MHD_gnutls_assert (); - } - - return ret; -} - -/* Generates a signature of all the random data and the parameters. - * Used in DHE_* ciphersuites. - */ -int -MHD_gtls_tls_sign_params (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_privkey * pkey, - MHD_gnutls_datum_t * params, - MHD_gnutls_datum_t * signature) -{ - MHD_gnutls_datum_t dconcat; - int ret; - mac_hd_t td_sha; - opaque concat[36]; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - td_sha = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); - if (td_sha == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td_sha, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_sha, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_sha, params->data, params->size); - - switch (cert->subject_pk_algorithm) - { - case MHD_GNUTLS_PK_RSA: - if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) - { - mac_hd_t td_md5 = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); - if (td_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td_md5, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_md5, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_md5, params->data, params->size); - - MHD_gnutls_hash_deinit (td_md5, concat); - MHD_gnutls_hash_deinit (td_sha, &concat[16]); - - dconcat.size = 36; - } - else - { -#if 1 - /* Use NULL parameters. */ - memcpy (concat, - "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14", - 15); - MHD_gnutls_hash_deinit (td_sha, &concat[15]); - dconcat.size = 35; -#else - /* No parameters field. */ - memcpy (concat, - "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13); - MHD_gnutls_hash_deinit (td_sha, &concat[13]); - dconcat.size = 33; -#endif - } - dconcat.data = concat; - break; - default: - MHD_gnutls_assert (); - MHD_gnutls_hash_deinit (td_sha, NULL); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = MHD__gnutls_tls_sign (session, cert, pkey, &dconcat, signature); - if (ret < 0) - { - MHD_gnutls_assert (); - } - - return ret; - -} - -/* This will create a PKCS1 or DSA signature, using the given parameters, and the - * given data. The output will be allocated and be put in signature. - */ -static int -MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo, - mpi_t * params, - int params_size, - const MHD_gnutls_datum_t * data, - MHD_gnutls_datum_t * signature) -{ - int ret; - - switch (algo) - { - case MHD_GNUTLS_PK_RSA: - /* encrypt */ - if ((ret = - MHD_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size, - 1)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - break; - } - - return 0; -} - -/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol. - * Cert is the certificate of the corresponding private key. It is only checked if - * it supports signing. - */ -static int -MHD__gnutls_tls_sign (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_privkey * pkey, - const MHD_gnutls_datum_t * hash_concat, - MHD_gnutls_datum_t * signature) -{ - - /* If our certificate supports signing - */ - - if (cert != NULL) - if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) - { - MHD_gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } - - /* External signing. */ - if (!pkey || pkey->params_size == 0) - { - if (!session->internals.sign_func) - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - - return (*session->internals.sign_func) (session, - session->internals. - sign_func_userdata, - cert->cert_type, &cert->raw, - hash_concat, signature); - } - - return MHD_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size, - hash_concat, signature); -} - -static int -MHD__gnutls_verify_sig (MHD_gnutls_cert * cert, - const MHD_gnutls_datum_t * hash_concat, - MHD_gnutls_datum_t * signature, size_t sha1pos) -{ - int ret; - MHD_gnutls_datum_t vdata; - - if ((cert == NULL) || (cert->version == 0)) - { /* this is the only way to check - * if it is initialized - */ - MHD_gnutls_assert (); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - /* If the certificate supports signing continue. - */ - if (cert != NULL) - if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) - { - MHD_gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } - - switch (cert->subject_pk_algorithm) - { - case MHD_GNUTLS_PK_RSA: - - vdata.data = hash_concat->data; - vdata.size = hash_concat->size; - - /* verify signature */ - if ((ret = MHD_gtls_rsa_verify (&vdata, signature, cert->params, - cert->params_size, 1)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - return 0; -} - -/* Verifies a TLS signature (like the one in the client certificate - * verify message). - */ -int -MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_datum_t * signature) -{ - int ret; - opaque concat[36]; - mac_hd_t td_md5; - mac_hd_t td_sha; - MHD_gnutls_datum_t dconcat; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - td_md5 = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5); - if (td_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha); - if (td_sha == NULL) - { - MHD_gnutls_assert (); - MHD_gnutls_hash_deinit (td_md5, NULL); - return GNUTLS_E_HASH_FAILED; - } - - if (ver == MHD_GNUTLS_PROTOCOL_SSL3) - { - ret = MHD_gtls_generate_master (session, 1); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat, - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16], - session->security_parameters. - master_secret, TLS_MASTER_SIZE); - } - else - { - MHD_gnutls_hash_deinit (td_md5, concat); - MHD_gnutls_hash_deinit (td_sha, &concat[16]); - } - - dconcat.data = concat; - dconcat.size = 20 + 16; /* md5+ sha */ - - ret = MHD__gnutls_verify_sig (cert, &dconcat, signature, 16); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return ret; - -} - -/* Generates a signature of all the random data and the parameters. - * Used in DHE_* ciphersuites. - */ -int -MHD_gtls_verify_sig_params (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - const MHD_gnutls_datum_t * params, - MHD_gnutls_datum_t * signature) -{ - MHD_gnutls_datum_t dconcat; - int ret; - mac_hd_t td_md5 = NULL; - mac_hd_t td_sha; - opaque concat[36]; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) - { - td_md5 = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5); - if (td_md5 == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td_md5, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_md5, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_md5, params->data, params->size); - } - - td_sha = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); - if (td_sha == NULL) - { - MHD_gnutls_assert (); - if (td_md5) - MHD_gnutls_hash_deinit (td_md5, NULL); - return GNUTLS_E_HASH_FAILED; - } - - MHD_gnutls_hash (td_sha, session->security_parameters.client_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_sha, session->security_parameters.server_random, - TLS_RANDOM_SIZE); - MHD_gnutls_hash (td_sha, params->data, params->size); - - if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2) - { - MHD_gnutls_hash_deinit (td_md5, concat); - MHD_gnutls_hash_deinit (td_sha, &concat[16]); - dconcat.size = 36; - } - else - { -#if 1 - /* Use NULL parameters. */ - memcpy (concat, - "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14", - 15); - MHD_gnutls_hash_deinit (td_sha, &concat[15]); - dconcat.size = 35; -#else - /* No parameters field. */ - memcpy (concat, - "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13); - MHD_gnutls_hash_deinit (td_sha, &concat[13]); - dconcat.size = 33; -#endif - } - - dconcat.data = concat; - - ret = MHD__gnutls_verify_sig (cert, &dconcat, signature, dconcat.size - 20); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return ret; - -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_sig.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_sig.h deleted file mode 100644 index 020ef48988..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_sig.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_SIG_H -# define GNUTLS_SIG_H - -int MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_privkey * pkey, - MHD_gnutls_datum_t * signature); - -int MHD_gtls_tls_sign_params (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_privkey * pkey, - MHD_gnutls_datum_t * params, - MHD_gnutls_datum_t * signature); - -int MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - MHD_gnutls_datum_t * signature); - -int MHD_gtls_verify_sig_params (MHD_gtls_session_t session, - MHD_gnutls_cert * cert, - const MHD_gnutls_datum_t * params, - MHD_gnutls_datum_t * signature); - - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_state.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_state.c deleted file mode 100644 index 01f51abc7d..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_state.c +++ /dev/null @@ -1,804 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions to manipulate the session (MHD_gnutls_int.h), and some other stuff - * are included here. The file's name is traditionally MHD_gnutls_state even if the - * state has been renamed to session. - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_auth_int.h> -#include <gnutls_num.h> -#include <gnutls_datum.h> -#include <gnutls_record.h> -#include <gnutls_handshake.h> -#include <gnutls_dh.h> -#include <gnutls_buffers.h> -#include <gnutls_state.h> -#include <auth_cert.h> -#include <gnutls_algorithms.h> -#include <gnutls_rsa_export.h> - -void -MHD__gnutls_session_cert_type_set (MHD_gtls_session_t session, - enum MHD_GNUTLS_CertificateType ct) -{ - session->security_parameters.cert_type = ct; -} - -/** - * MHD_gnutls_cipher_get - Returns the currently used cipher. - * @session: is a #MHD_gtls_session_t structure. - * - * Returns: the currently used cipher. - **/ -enum MHD_GNUTLS_CipherAlgorithm -MHD_gnutls_cipher_get (MHD_gtls_session_t session) -{ - return session->security_parameters.read_bulk_cipher_algorithm; -} - -/** - * MHD_gnutls_certificate_type_get - Returns the currently used certificate type. - * @session: is a #MHD_gtls_session_t structure. - * - * The certificate type is by default X.509, unless it is negotiated - * as a TLS extension. - * - * Returns: the currently used %enum MHD_GNUTLS_CertificateType certificate - * type. - **/ -enum MHD_GNUTLS_CertificateType -MHD_gnutls_certificate_type_get (MHD_gtls_session_t session) -{ - return session->security_parameters.cert_type; -} - -/** - * MHD_gnutls_kx_get - Returns the key exchange algorithm. - * @session: is a #MHD_gtls_session_t structure. - * - * Returns: the key exchange algorithm used in the last handshake. - **/ -enum MHD_GNUTLS_KeyExchangeAlgorithm -MHD_gnutls_kx_get (MHD_gtls_session_t session) -{ - return session->security_parameters.kx_algorithm; -} - -/* Check if the given certificate type is supported. - * This means that it is enabled by the priority functions, - * and a matching certificate exists. - */ -int -MHD_gtls_session_cert_type_supported (MHD_gtls_session_t session, - enum MHD_GNUTLS_CertificateType - cert_type) -{ - unsigned i; - unsigned cert_found = 0; - MHD_gtls_cert_credentials_t cred; - - if (session->security_parameters.entity == GNUTLS_SERVER) - { - cred - = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, - MHD_GNUTLS_CRD_CERTIFICATE, - NULL); - - if (cred == NULL) - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - - if (cred->server_get_cert_callback == NULL) - { - for (i = 0; i < cred->ncerts; i++) - { - if (cred->cert_list[i][0].cert_type == cert_type) - { - cert_found = 1; - break; - } - } - - if (cert_found == 0) - /* no certificate is of that type. - */ - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - } - } - - if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type - == DEFAULT_CERT_TYPE) - return 0; - - for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++) - { - if (session->internals.priorities.cert_type.priority[i] == cert_type) - { - return 0; /* ok */ - } - } - - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; -} - -/* this function deinitializes all the internal parameters stored - * in a session struct. - */ -inline static void -deinit_internal_params (MHD_gtls_session_t session) -{ - if (session->internals.params.free_dh_params) - MHD__gnutls_dh_params_deinit (session->internals.params.dh_params); - - if (session->internals.params.free_rsa_params) - MHD__gnutls_rsa_params_deinit (session->internals.params.rsa_params); - - memset (&session->internals.params, 0, sizeof (session->internals.params)); -} - -/* This function will clear all the variables in internals - * structure within the session, which depend on the current handshake. - * This is used to allow further handshakes. - */ -void -MHD_gtls_handshake_internal_state_clear (MHD_gtls_session_t session) -{ - session->internals.extensions_sent_size = 0; - - /* by default no selected certificate */ - session->internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE; - session->internals.adv_version_major = 0; - session->internals.adv_version_minor = 0; - session->internals.v2_hello = 0; - memset (&session->internals.handshake_header_buffer, 0, - sizeof (MHD_gtls_handshake_header_buffer_st)); - session->internals.adv_version_minor = 0; - session->internals.adv_version_minor = 0; - session->internals.direction = 0; - - /* use out of band data for the last - * handshake messages received. - */ - session->internals.last_handshake_in = -1; - session->internals.last_handshake_out = -1; - - session->internals.resumable = RESUME_TRUE; - MHD__gnutls_free_datum (&session->internals.recv_buffer); - - deinit_internal_params (session); - -} - -#define MIN_DH_BITS 727 -/** - * MHD__gnutls_init - This function initializes the session to null (null encryption etc...). - * @con_end: indicate if this session is to be used for server or client. - * @session: is a pointer to a #MHD_gtls_session_t structure. - * - * This function initializes the current session to null. Every - * session must be initialized before use, so internal structures can - * be allocated. This function allocates structures which can only - * be free'd by calling MHD__gnutls_deinit(). Returns zero on success. - * - * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ - -/* TODO rm redundent pointer ref */ -int -MHD__gnutls_init (MHD_gtls_session_t * session, - MHD_gnutls_connection_end_t con_end) -{ - *session = MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_session_int)); - if (*session == NULL) - return GNUTLS_E_MEMORY_ERROR; - - (*session)->security_parameters.entity = con_end; - - /* the default certificate type for TLS */ - (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE; - - /* Set the defaults for initial handshake */ - (*session)->security_parameters.read_bulk_cipher_algorithm = - (*session)->security_parameters.write_bulk_cipher_algorithm = - MHD_GNUTLS_CIPHER_NULL; - - (*session)->security_parameters.read_mac_algorithm = - (*session)->security_parameters.write_mac_algorithm = MHD_GNUTLS_MAC_NULL; - - /* Initialize buffers */ - MHD_gtls_buffer_init (&(*session)->internals.application_data_buffer); - MHD_gtls_buffer_init (&(*session)->internals.handshake_data_buffer); - MHD_gtls_buffer_init (&(*session)->internals.handshake_hash_buffer); - MHD_gtls_buffer_init (&(*session)->internals.ia_data_buffer); - - MHD_gtls_buffer_init (&(*session)->internals.record_send_buffer); - MHD_gtls_buffer_init (&(*session)->internals.record_recv_buffer); - - MHD_gtls_buffer_init (&(*session)->internals.handshake_send_buffer); - MHD_gtls_buffer_init (&(*session)->internals.handshake_recv_buffer); - - (*session)->key = MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_key)); - if ((*session)->key == NULL) - { - cleanup_session:MHD_gnutls_free (*session); - *session = NULL; - return GNUTLS_E_MEMORY_ERROR; - } - - (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ - - MHD__gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); - - MHD__gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ - - MHD__gnutls_handshake_set_max_packet_length ((*session), - MAX_HANDSHAKE_PACKET_SIZE); - - /* Allocate a minimum size for recv_data - * This is allocated in order to avoid small messages, making - * the receive procedure slow. - */ - (*session)->internals.record_recv_buffer.data - = MHD_gnutls_malloc (INITIAL_RECV_BUFFER_SIZE); - if ((*session)->internals.record_recv_buffer.data == NULL) - { - MHD_gnutls_free ((*session)->key); - goto cleanup_session; - } - - /* set the socket pointers to -1; */ - (*session)->internals.transport_recv_ptr = (MHD_gnutls_transport_ptr_t) - 1; - (*session)->internals.transport_send_ptr = (MHD_gnutls_transport_ptr_t) - 1; - - /* set the default maximum record size for TLS - */ - (*session)->security_parameters.max_record_recv_size - = DEFAULT_MAX_RECORD_SIZE; - (*session)->security_parameters.max_record_send_size - = DEFAULT_MAX_RECORD_SIZE; - - /* everything else not initialized here is initialized - * as NULL or 0. This is why calloc is used. - */ - - MHD_gtls_handshake_internal_state_clear (*session); - - return 0; -} - - -/** - * MHD__gnutls_deinit - This function clears all buffers associated with a session - * @session: is a #MHD_gtls_session_t structure. - * - * This function clears all buffers associated with the @session. - * This function will also remove session data from the session - * database if the session was terminated abnormally. - **/ -void -MHD__gnutls_deinit (MHD_gtls_session_t session) -{ - - if (session == NULL) - return; - - /* remove auth info firstly */ - MHD_gtls_free_auth_info (session); - - MHD_gtls_handshake_internal_state_clear (session); - MHD__gnutls_handshake_io_buffer_clear (session); - - MHD__gnutls_free_datum (&session->connection_state.read_mac_secret); - MHD__gnutls_free_datum (&session->connection_state.write_mac_secret); - - MHD_gtls_buffer_clear (&session->internals.ia_data_buffer); - MHD_gtls_buffer_clear (&session->internals.handshake_hash_buffer); - MHD_gtls_buffer_clear (&session->internals.handshake_data_buffer); - MHD_gtls_buffer_clear (&session->internals.application_data_buffer); - MHD_gtls_buffer_clear (&session->internals.record_recv_buffer); - MHD_gtls_buffer_clear (&session->internals.record_send_buffer); - - MHD__gnutls_credentials_clear (session); - MHD_gtls_selected_certs_deinit (session); - - if (session->connection_state.read_cipher_state != NULL) - MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state); - if (session->connection_state.write_cipher_state != NULL) - MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state); - - MHD__gnutls_free_datum (&session->cipher_specs.server_write_mac_secret); - MHD__gnutls_free_datum (&session->cipher_specs.client_write_mac_secret); - MHD__gnutls_free_datum (&session->cipher_specs.server_write_IV); - MHD__gnutls_free_datum (&session->cipher_specs.client_write_IV); - MHD__gnutls_free_datum (&session->cipher_specs.server_write_key); - MHD__gnutls_free_datum (&session->cipher_specs.client_write_key); - - if (session->key != NULL) - { - MHD_gtls_mpi_release (&session->key->KEY); - MHD_gtls_mpi_release (&session->key->client_Y); - MHD_gtls_mpi_release (&session->key->client_p); - MHD_gtls_mpi_release (&session->key->client_g); - - MHD_gtls_mpi_release (&session->key->u); - MHD_gtls_mpi_release (&session->key->a); - MHD_gtls_mpi_release (&session->key->x); - MHD_gtls_mpi_release (&session->key->A); - MHD_gtls_mpi_release (&session->key->B); - MHD_gtls_mpi_release (&session->key->b); - - /* RSA */ - MHD_gtls_mpi_release (&session->key->rsa[0]); - MHD_gtls_mpi_release (&session->key->rsa[1]); - - MHD_gtls_mpi_release (&session->key->dh_secret); - MHD_gnutls_free (session->key); - - session->key = NULL; - } - - memset (session, 0, sizeof (struct MHD_gtls_session_int)); - MHD_gnutls_free (session); -} - -/* Returns the minimum prime bits that are acceptable. - */ -int -MHD_gtls_dh_get_allowed_prime_bits (MHD_gtls_session_t session) -{ - return session->internals.dh_prime_bits; -} - -int -MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public) -{ - MHD_gtls_dh_info_st *dh; - int ret; - - switch (MHD_gtls_auth_get_type (session)) - { - case MHD_GNUTLS_CRD_CERTIFICATE: - { - cert_auth_info_t info; - - info = MHD_gtls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - dh = &info->dh; - break; - } - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - ret = MHD_gtls_mpi_dprint_lz (&dh->public_key, public); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return 0; -} - -int -MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits) -{ - switch (MHD_gtls_auth_get_type (session)) - { - case MHD_GNUTLS_CRD_CERTIFICATE: - { - cert_auth_info_t info; - - info = MHD_gtls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - info->dh.secret_bits = bits; - break; - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - } - - return 0; -} - -/* This function will set in the auth info structure the - * RSA exponent and the modulus. - */ -int -MHD_gtls_rsa_export_set_pubkey (MHD_gtls_session_t session, - mpi_t exponent, mpi_t modulus) -{ - cert_auth_info_t info; - int ret; - - info = MHD_gtls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - ret = MHD_gtls_mpi_dprint_lz (&info->rsa_export.modulus, modulus); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD_gtls_mpi_dprint_lz (&info->rsa_export.exponent, exponent); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD__gnutls_free_datum (&info->rsa_export.modulus); - return ret; - } - - return 0; -} - -/* Sets the prime and the generator in the auth info structure. - */ -int -MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime) -{ - MHD_gtls_dh_info_st *dh; - int ret; - - switch (MHD_gtls_auth_get_type (session)) - { - case MHD_GNUTLS_CRD_CERTIFICATE: - { - cert_auth_info_t info; - - info = MHD_gtls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - dh = &info->dh; - break; - } - default: - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* prime - */ - ret = MHD_gtls_mpi_dprint_lz (&dh->prime, prime); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* generator - */ - ret = MHD_gtls_mpi_dprint_lz (&dh->generator, gen); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD__gnutls_free_datum (&dh->prime); - return ret; - } - - return 0; -} - -/** - * MHD__gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence - * @session: is a pointer to a #MHD_gtls_session_t structure. - * @status: is 0 or 1 - * - * If status is non zero, this function will order gnutls not to send - * the rdnSequence in the certificate request message. That is the - * server will not advertize it's trusted CAs to the peer. If status - * is zero then the default behaviour will take effect, which is to - * advertize the server's trusted CAs. - * - * This function has no effect in clients, and in authentication - * methods other than certificate with X.509 certificates. - **/ -void -MHD__gnutls_certificate_send_x509_rdn_sequence (MHD_gtls_session_t session, - int status) -{ - session->internals.ignore_rdn_sequence = status; -} - -/*- - * MHD__gnutls_record_set_default_version - Used to set the default version for the first record packet - * @session: is a #MHD_gtls_session_t structure. - * @major: is a tls major version - * @minor: is a tls minor version - * - * This function sets the default version that we will use in the first - * record packet (client hello). This function is only useful to people - * that know TLS internals and want to debug other implementations. - * - -*/ -void -MHD__gnutls_record_set_default_version (MHD_gtls_session_t session, - unsigned char major, - unsigned char minor) -{ - session->internals.default_record_version[0] = major; - session->internals.default_record_version[1] = minor; -} - -inline static int -MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm, - const void *secret, - int secret_size, - const void *seed, int seed_size, void *result) -{ - mac_hd_t td1; - - td1 = MHD_gtls_MHD_hmac_init (algorithm, secret, secret_size); - if (td1 == GNUTLS_MAC_FAILED) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - MHD_gnutls_hash (td1, seed, seed_size); - MHD_gnutls_MHD_hmac_deinit (td1, result); - - return 0; -} - -#define MAX_SEED_SIZE 200 - -/* Produces "total_bytes" bytes using the hash algorithm specified. - * (used in the PRF function) - */ -static int -MHD__gnutls_P_hash (enum MHD_GNUTLS_HashAlgorithm algorithm, - const opaque * secret, - int secret_size, - const opaque * seed, - int seed_size, int total_bytes, opaque * ret) -{ - - mac_hd_t td2; - int i, times, how, blocksize, A_size; - opaque final[20], Atmp[MAX_SEED_SIZE]; - int output_bytes, result; - - if (seed_size > MAX_SEED_SIZE || total_bytes <= 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - blocksize = MHD_gnutls_hash_get_algo_len (algorithm); - - output_bytes = 0; - do - { - output_bytes += blocksize; - } - while (output_bytes < total_bytes); - - /* calculate A(0) */ - - memcpy (Atmp, seed, seed_size); - A_size = seed_size; - - times = output_bytes / blocksize; - - for (i = 0; i < times; i++) - { - td2 = MHD_gtls_MHD_hmac_init (algorithm, secret, secret_size); - if (td2 == GNUTLS_MAC_FAILED) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* here we calculate A(i+1) */ - if ((result = - MHD__gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp, - A_size, Atmp)) < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_MHD_hmac_deinit (td2, final); - return result; - } - - A_size = blocksize; - - MHD_gnutls_hash (td2, Atmp, A_size); - MHD_gnutls_hash (td2, seed, seed_size); - MHD_gnutls_MHD_hmac_deinit (td2, final); - - if ((1 + i) * blocksize < total_bytes) - { - how = blocksize; - } - else - { - how = total_bytes - (i) * blocksize; - } - - if (how > 0) - { - memcpy (&ret[i * blocksize], final, how); - } - } - - return 0; -} - -/* Xor's two buffers and puts the output in the first one. - */ -inline static void -MHD__gnutls_xor (opaque * o1, opaque * o2, int length) -{ - int i; - for (i = 0; i < length; i++) - { - o1[i] ^= o2[i]; - } -} - -#define MAX_PRF_BYTES 200 - -/* The PRF function expands a given secret - * needed by the TLS specification. ret must have a least total_bytes - * available. - */ -int -MHD_gtls_PRF (MHD_gtls_session_t session, - const opaque * secret, - int secret_size, - const char *label, - int label_size, - const opaque * seed, int seed_size, int total_bytes, void *ret) -{ - int l_s, s_seed_size; - const opaque *s1, *s2; - opaque s_seed[MAX_SEED_SIZE]; - opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES]; - int result; - enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session); - - if (total_bytes > MAX_PRF_BYTES) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - /* label+seed = s_seed */ - s_seed_size = seed_size + label_size; - - if (s_seed_size > MAX_SEED_SIZE) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - memcpy (s_seed, label, label_size); - memcpy (&s_seed[label_size], seed, seed_size); - - if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_2) - { - result = - MHD__gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed, - s_seed_size, total_bytes, ret); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - } - else - { - l_s = secret_size / 2; - - s1 = &secret[0]; - s2 = &secret[l_s]; - - if (secret_size % 2 != 0) - { - l_s++; - } - - result = - MHD__gnutls_P_hash (MHD_GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, - total_bytes, o1); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - result = - MHD__gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, - total_bytes, o2); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - MHD__gnutls_xor (o1, o2, total_bytes); - - memcpy (ret, o1, total_bytes); - } - - return 0; /* ok */ - -} - - -/*- - * MHD_gtls_session_is_export - Used to check whether this session is of export grade - * @session: is a #MHD_gtls_session_t structure. - * - * This function will return non zero if this session is of export grade. - * - -*/ -int -MHD_gtls_session_is_export (MHD_gtls_session_t session) -{ - enum MHD_GNUTLS_CipherAlgorithm cipher; - - cipher = - MHD_gtls_cipher_suite_get_cipher_algo (&session->security_parameters. - current_cipher_suite); - - if (MHD_gtls_cipher_get_export_flag (cipher) != 0) - return 1; - - return 0; -} - -/** - * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call - * @session: is a #MHD_gtls_session_t structure. - * - * This function provides information about the internals of the - * record protocol and is only useful if a prior gnutls function call - * (e.g. MHD__gnutls_handshake()) was interrupted for some reason, that - * is, if a function returned %GNUTLS_E_INTERRUPTED or - * %GNUTLS_E_AGAIN. In such a case, you might want to call select() - * or poll() before calling the interrupted gnutls function again. - * To tell you whether a file descriptor should be selected for - * either reading or writing, MHD__gnutls_record_get_direction() returns 0 - * if the interrupted function was trying to read data, and 1 if it - * was trying to write data. - * - * Returns: 0 if trying to read data, 1 if trying to write data. - **/ -int -MHD__gnutls_record_get_direction (MHD_gtls_session_t session) -{ - return session->internals.direction; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_state.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_state.h deleted file mode 100644 index a6ff58929f..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_state.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_STATE_H -# define GNUTLS_STATE_H - -#include <gnutls_int.h> - -void MHD__gnutls_session_cert_type_set (MHD_gtls_session_t session, - enum MHD_GNUTLS_CertificateType); -enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t - session); -enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t - session); -enum MHD_GNUTLS_CertificateType -MHD_gnutls_certificate_type_get (MHD_gtls_session_t); - -#include <gnutls_auth_int.h> - -#define CHECK_AUTH(auth, ret) if (MHD_gtls_auth_get_type(session) != auth) { \ - MHD_gnutls_assert(); \ - return ret; \ - } - -#endif - -int MHD_gtls_session_cert_type_supported (MHD_gtls_session_t, - enum MHD_GNUTLS_CertificateType); - -int MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits); - -int MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public); -int MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, - mpi_t prime); - -int MHD_gtls_dh_get_allowed_prime_bits (MHD_gtls_session_t session); -void MHD_gtls_handshake_internal_state_clear (MHD_gtls_session_t); - -int MHD_gtls_rsa_export_set_pubkey (MHD_gtls_session_t session, - mpi_t exponent, mpi_t modulus); - -int MHD_gtls_session_is_resumable (MHD_gtls_session_t session); -int MHD_gtls_session_is_export (MHD_gtls_session_t session); - -int MHD_gtls_openpgp_send_fingerprint (MHD_gtls_session_t session); - -int MHD_gtls_PRF (MHD_gtls_session_t session, - const opaque * secret, int secret_size, - const char *label, int label_size, - const opaque * seed, int seed_size, - int total_bytes, void *ret); - -int MHD__gnutls_init (MHD_gtls_session_t * session, - MHD_gnutls_connection_end_t con_end); - -#define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509 diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_str.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_str.c deleted file mode 100644 index c8f17c2558..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_str.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright (C) 2002, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_num.h> -#include <gnutls_str.h> - -/* These function are like strcat, strcpy. They only - * do bound checking (they shouldn't cause buffer overruns), - * and they always produce null terminated strings. - * - * They should be used only with null terminated strings. - */ -void -MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src) -{ - size_t str_size = strlen (src); - size_t dest_size = strlen (dest); - - if (dest_tot_size - dest_size > str_size) - { - strcat (dest, src); - } - else - { - if (dest_tot_size - dest_size > 0) - { - strncat (dest, src, (dest_tot_size - dest_size) - 1); - dest[dest_tot_size - 1] = 0; - } - } -} - -void -MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src) -{ - size_t str_size = strlen (src); - - if (dest_tot_size > str_size) - { - strcpy (dest, src); - } - else - { - if (dest_tot_size > 0) - { - strncpy (dest, src, (dest_tot_size) - 1); - dest[dest_tot_size - 1] = 0; - } - } -} - -void -MHD_gtls_string_init (MHD_gtls_string * str, - MHD_gnutls_alloc_function alloc_func, - MHD_gnutls_realloc_function realloc_func, - MHD_gnutls_free_function free_func) -{ - str->data = NULL; - str->max_length = 0; - str->length = 0; - - str->alloc_func = alloc_func; - str->free_func = free_func; - str->realloc_func = realloc_func; -} - -void -MHD_gtls_string_clear (MHD_gtls_string * str) -{ - if (str == NULL || str->data == NULL) - return; - str->free_func (str->data); - - str->data = NULL; - str->max_length = 0; - str->length = 0; -} - -#define MIN_CHUNK 256 - - -int -MHD_gtls_string_append_data (MHD_gtls_string * dest, - const void *data, size_t data_size) -{ - size_t tot_len = data_size + dest->length; - - if (dest->max_length >= tot_len) - { - memcpy (&dest->data[dest->length], data, data_size); - dest->length = tot_len; - - return tot_len; - } - else - { - size_t new_len = - MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); - dest->data = dest->realloc_func (dest->data, new_len); - if (dest->data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - dest->max_length = new_len; - - memcpy (&dest->data[dest->length], data, data_size); - dest->length = tot_len; - - return tot_len; - } -} - -/* Converts the given string (old) to hex. A buffer must be provided - * to hold the new hex string. The new string will be null terminated. - * If the buffer does not have enough space to hold the string, a - * truncated hex string is returned (always null terminated). - */ -char * -MHD_gtls_bin2hex (const void *_old, - size_t oldlen, char *buffer, size_t buffer_size) -{ - unsigned int i, j; - const opaque *old = _old; - - for (i = j = 0; i < oldlen && j + 2 < buffer_size; j += 2) - { - sprintf (&buffer[j], "%.2x", old[i]); - i++; - } - buffer[j] = '\0'; - - return buffer; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_str.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_str.h deleted file mode 100644 index 51ed1bd155..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_str.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef GNUTLS_STR_H -#define GNUTLS_STR_H - -#include <gnutls_int.h> - -void MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src); -void MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src); - -typedef struct -{ - opaque *data; - size_t max_length; - size_t length; - MHD_gnutls_realloc_function realloc_func; - MHD_gnutls_alloc_function alloc_func; - MHD_gnutls_free_function free_func; -} MHD_gtls_string; - -void MHD_gtls_string_init (MHD_gtls_string *, MHD_gnutls_alloc_function, - MHD_gnutls_realloc_function, - MHD_gnutls_free_function); -void MHD_gtls_string_clear (MHD_gtls_string *); - -int MHD_gtls_string_append_data (MHD_gtls_string *, const void *data, - size_t data_size); -char *MHD_gtls_bin2hex (const void *old, size_t oldlen, char *buffer, - size_t buffer_size); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_supplemental.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_supplemental.c deleted file mode 100644 index 3b9641d4e4..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_supplemental.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (C) 2007 Free Software Foundation - * - * Author: Simon Josefsson - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains support functions for 'TLS Handshake Message for - * Supplemental Data' (RFC 4680). - * - * The idea here is simple. MHD__gnutls_handshake() in gnuts_handshake.c - * will call MHD__gnutls_gen_supplemental and MHD__gnutls_parse_supplemental - * when some extension requested that supplemental data be sent or - * received. Extension request this by setting the flags - * do_recv_supplemental or do_send_supplemental in the session. - * - * The functions in this file iterate through the MHD__gnutls_supplemental - * array, and calls the send/recv functions for each respective data - * type. - * - * The receive function of each data type is responsible for decoding - * its own data. If the extension did not expect to receive - * supplemental data, it should return GNUTLS_E_UNEXPECTED_PACKET. - * Otherwise, it just parse the data as normal. - * - * The send function needs to append the 2-byte data format type, and - * append the 2-byte length of its data, and the data. If it doesn't - * want to send any data, it is fine to return without doing anything. - */ - -#include "gnutls_int.h" -#include "gnutls_supplemental.h" -#include "gnutls_errors.h" -#include "gnutls_num.h" - -typedef int (*supp_recv_func) (MHD_gtls_session_t session, - const opaque * data, size_t data_size); -typedef int (*supp_send_func) (MHD_gtls_session_t session, - MHD_gtls_buffer * buf); - -typedef struct -{ - const char *name; - MHD_gnutls_supplemental_data_format_type_t type; - supp_recv_func supp_recv_func; - supp_send_func supp_send_func; -} MHD_gnutls_supplemental_entry; - -MHD_gnutls_supplemental_entry MHD__gnutls_supplemental[] = { - {0, 0, 0, 0} -}; - - -static supp_recv_func -get_supp_func_recv (MHD_gnutls_supplemental_data_format_type_t type) -{ - MHD_gnutls_supplemental_entry *p; - - for (p = MHD__gnutls_supplemental; p->name != NULL; p++) - if (p->type == type) - return p->supp_recv_func; - - return NULL; -} - -int -MHD__gnutls_gen_supplemental (MHD_gtls_session_t session, - MHD_gtls_buffer * buf) -{ - MHD_gnutls_supplemental_entry *p; - int ret; - - /* Make room for 3 byte length field. */ - ret = MHD_gtls_buffer_append (buf, "\0\0\0", 3); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - for (p = MHD__gnutls_supplemental; p->name; p++) - { - supp_send_func supp_send = p->supp_send_func; - size_t sizepos = buf->length; - int ret; - - /* Make room for supplement type and length byte length field. */ - ret = MHD_gtls_buffer_append (buf, "\0\0\0\0", 4); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = supp_send (session, buf); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - /* If data were added, store type+length, otherwise reset. */ - if (buf->length > sizepos + 4) - { - buf->data[sizepos] = 0; - buf->data[sizepos + 1] = p->type; - buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF; - buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF; - } - else - buf->length -= 4; - } - - buf->data[0] = ((buf->length - 3) >> 16) & 0xFF; - buf->data[1] = ((buf->length - 3) >> 8) & 0xFF; - buf->data[2] = (buf->length - 3) & 0xFF; - - MHD__gnutls_debug_log ("EXT[%x]: Sending %d bytes of supplemental data\n", - session, buf->length); - - return buf->length; -} - -int -MHD__gnutls_parse_supplemental (MHD_gtls_session_t session, - const uint8_t * data, int datalen) -{ - const opaque *p = data; - ssize_t dsize = datalen; - size_t total_size; - - DECR_LEN (dsize, 3); - total_size = MHD_gtls_read_uint24 (p); - p += 3; - - if (dsize != total_size) - { - MHD_gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - - do - { - uint16_t supp_data_type; - uint16_t supp_data_length; - supp_recv_func recv_func; - - DECR_LEN (dsize, 2); - supp_data_type = MHD_gtls_read_uint16 (p); - p += 2; - - DECR_LEN (dsize, 2); - supp_data_length = MHD_gtls_read_uint16 (p); - p += 2; - - MHD__gnutls_debug_log - ("EXT[%x]: Got supplemental type=%02x length=%d\n", session, - supp_data_type, supp_data_length); - - recv_func = get_supp_func_recv (supp_data_type); - if (recv_func) - { - int ret = recv_func (session, p, supp_data_length); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - else - { - MHD_gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - - DECR_LEN (dsize, supp_data_length); - p += supp_data_length; - } - while (dsize > 0); - - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_supplemental.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_supplemental.h deleted file mode 100644 index b7ad0c2923..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_supplemental.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (C) 2007 Free Software Foundation - * - * Author: Simon Josefsson - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> - -int MHD__gnutls_parse_supplemental (MHD_gtls_session_t session, - const uint8_t * data, int data_size); -int MHD__gnutls_gen_supplemental (MHD_gtls_session_t session, - MHD_gtls_buffer * buf); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_ui.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_ui.c deleted file mode 100644 index 5a1bfd3d18..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_ui.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* This file contains certificate authentication functions to be exported in the - * API and did not fit elsewhere. - */ - -#include <gnutls_int.h> -#include <auth_cert.h> -#include <gnutls_errors.h> -#include <gnutls_auth_int.h> -#include <gnutls_state.h> -#include <gnutls_datum.h> - -/* ANON & DHE */ - -/** - * MHD__gnutls_dh_set_prime_bits - Used to set the bits for a DH ciphersuite - * @session: is a #MHD_gtls_session_t structure. - * @bits: is the number of bits - * - * This function sets the number of bits, for use in an - * Diffie Hellman key exchange. This is used both in DH ephemeral and - * DH anonymous cipher suites. This will set the - * minimum size of the prime that will be used for the handshake. - * - * In the client side it sets the minimum accepted number of bits. - * If a server sends a prime with less bits than that - * GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the - * handshake. - * - **/ -void -MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits) -{ - session->internals.dh_prime_bits = bits; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_x509.c b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_x509.c deleted file mode 100644 index 685c9642bf..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_x509.c +++ /dev/null @@ -1,604 +0,0 @@ -/* - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include <gnutls_cert.h> -#include <auth_cert.h> -#include "gnutls_dh.h" -#include "gnutls_num.h" -#include "gnutls_datum.h" -#include <gnutls_pk.h> -#include <gnutls_algorithms.h> -#include <gnutls_global.h> -#include <gnutls_record.h> -#include <gnutls_sig.h> -#include <gnutls_state.h> -#include <gnutls_pk.h> -#include <gnutls_str.h> -#include <debug.h> -#include <x509_b64.h> -#include <gnutls_x509.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> - -/* x509 */ -#include "common.h" -#include "x509.h" -#include "mpi.h" -#include "privkey.h" - - -/* - * some x509 certificate parsing functions. - */ - -/* Check if the number of bits of the key in the certificate - * is unacceptable. - */ -inline static int -check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits) -{ - int ret; - unsigned int bits; - - ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, &bits); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - if (bits > max_bits && max_bits > 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_CONSTRAINT_ERROR; - } - - return 0; -} - - -#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) { \ - if (peer_certificate_list[x]) \ - MHD_gnutls_x509_crt_deinit(peer_certificate_list[x]); \ - } \ - MHD_gnutls_free( peer_certificate_list) - -/* - * Read certificates and private keys, from memory etc. - */ - -/* returns error if the certificate has different algorithm than - * the given key parameters. - */ -static int -MHD__gnutls_check_key_cert_match (MHD_gtls_cert_credentials_t res) -{ - MHD_gnutls_datum_t cid; - MHD_gnutls_datum_t kid; - unsigned pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm; - - if (res->pkey[res->ncerts - 1].pk_algorithm != pk) - { - MHD_gnutls_assert (); - return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; - } - - MHD__gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params, - res->pkey[res->ncerts - - 1].params_size, &kid); - - - MHD__gnutls_x509_write_rsa_params (res-> - cert_list[res->ncerts - 1][0].params, - res->cert_list[res->ncerts - - 1][0].params_size, &cid); - - if (cid.size != kid.size) - { - MHD_gnutls_assert (); - MHD__gnutls_free_datum (&kid); - MHD__gnutls_free_datum (&cid); - return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; - } - - if (memcmp (kid.data, cid.data, kid.size) != 0) - { - MHD_gnutls_assert (); - MHD__gnutls_free_datum (&kid); - MHD__gnutls_free_datum (&cid); - return GNUTLS_E_CERTIFICATE_KEY_MISMATCH; - } - - MHD__gnutls_free_datum (&kid); - MHD__gnutls_free_datum (&cid); - return 0; -} - -/* Reads a DER encoded certificate list from memory and stores it to - * a MHD_gnutls_cert structure. - * Returns the number of certificates parsed. - */ -static int -parse_crt_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, - MHD_gnutls_x509_crt_t cert) -{ - int i; - int ret; - - i = *ncerts + 1; - - *cert_list = - (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, - i * sizeof (MHD_gnutls_cert)); - - if (*cert_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = MHD_gtls_x509_crt_to_gcert (&cert_list[0][i - 1], cert, 0); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - *ncerts = i; - - return 1; /* one certificate parsed */ -} - -/* Reads a DER encoded certificate list from memory and stores it to - * a MHD_gnutls_cert structure. - * Returns the number of certificates parsed. - */ -static int -parse_der_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, - const void *input_cert, int input_cert_size) -{ - MHD_gnutls_datum_t tmp; - MHD_gnutls_x509_crt_t cert; - int ret; - - ret = MHD_gnutls_x509_crt_init (&cert); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - tmp.data = (opaque *) input_cert; - tmp.size = input_cert_size; - - ret = MHD_gnutls_x509_crt_import (cert, &tmp, GNUTLS_X509_FMT_DER); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_x509_crt_deinit (cert); - return ret; - } - - ret = parse_crt_mem (cert_list, ncerts, cert); - MHD_gnutls_x509_crt_deinit (cert); - - return ret; -} - -/* Reads a base64 encoded certificate list from memory and stores it to - * a MHD_gnutls_cert structure. Returns the number of certificate parsed. - */ -static int -parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, - const char *input_cert, int input_cert_size) -{ - int size, siz2, i; - const char *ptr; - opaque *ptr2; - MHD_gnutls_datum_t tmp; - int ret, count; - - /* move to the certificate - */ - ptr = memmem (input_cert, input_cert_size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr == NULL) - ptr = memmem (input_cert, input_cert_size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); - - if (ptr == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - size = input_cert_size - (ptr - input_cert); - - i = *ncerts + 1; - count = 0; - - do - { - - siz2 = - MHD__gnutls_fbase64_decode (NULL, (const unsigned char *) ptr, size, - &ptr2); - - if (siz2 < 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - - *cert_list = - (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, - i * - sizeof (MHD_gnutls_cert)); - - if (*cert_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - tmp.data = ptr2; - tmp.size = siz2; - - ret = MHD_gtls_x509_raw_cert_to_gcert (&cert_list[0][i - 1], &tmp, 0); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - MHD__gnutls_free_datum (&tmp); /* free ptr2 */ - - /* now we move ptr after the pem header - */ - ptr++; - /* find the next certificate (if any) - */ - size = input_cert_size - (ptr - input_cert); - - if (size > 0) - { - char *ptr3; - - ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr3 == NULL) - ptr3 = memmem (ptr, size, PEM_CERT_SEP2, - sizeof (PEM_CERT_SEP2) - 1); - - ptr = ptr3; - } - else - ptr = NULL; - - i++; - count++; - - } - while (ptr != NULL); - - *ncerts = i - 1; - - return count; -} - - - -/* Reads a DER or PEM certificate from memory - */ -static int -read_cert_mem (MHD_gtls_cert_credentials_t res, const void *cert, - int cert_size, MHD_gnutls_x509_crt_fmt_t type) -{ - int ret; - - /* allocate space for the certificate to add - */ - res->cert_list = MHD_gtls_realloc_fast (res->cert_list, - (1 + - res->ncerts) * - sizeof (MHD_gnutls_cert *)); - if (res->cert_list == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - res->cert_list_length = MHD_gtls_realloc_fast (res->cert_list_length, - (1 + - res->ncerts) * - sizeof (int)); - if (res->cert_list_length == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - res->cert_list[res->ncerts] = NULL; /* for realloc */ - res->cert_list_length[res->ncerts] = 0; - - if (type == GNUTLS_X509_FMT_DER) - ret = parse_der_cert_mem (&res->cert_list[res->ncerts], - &res->cert_list_length[res->ncerts], - cert, cert_size); - else - ret = - parse_pem_cert_mem (&res->cert_list[res->ncerts], - &res->cert_list_length[res->ncerts], cert, - cert_size); - - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return ret; -} - - -int -MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * dest, - MHD_gnutls_x509_privkey_t src) -{ - int i, ret; - - memset (dest, 0, sizeof (MHD_gnutls_privkey)); - - for (i = 0; i < src->params_size; i++) - { - dest->params[i] = MHD__gnutls_mpi_copy (src->params[i]); - if (dest->params[i] == NULL) - { - MHD_gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - } - - dest->pk_algorithm = src->pk_algorithm; - dest->params_size = src->params_size; - - return 0; - -cleanup: - - for (i = 0; i < src->params_size; i++) - { - MHD_gtls_mpi_release (&dest->params[i]); - } - return ret; -} - -void -MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key) -{ - int i; - if (key == NULL) - return; - - for (i = 0; i < key->params_size; i++) - { - MHD_gtls_mpi_release (&key->params[i]); - } -} - -int -MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, - const MHD_gnutls_datum_t * raw_key, - MHD_gnutls_x509_crt_fmt_t type) -{ - MHD_gnutls_x509_privkey_t tmpkey; - int ret; - - ret = MHD_gnutls_x509_privkey_init (&tmpkey); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - - ret = MHD_gnutls_x509_privkey_import (tmpkey, raw_key, type); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_x509_privkey_deinit (tmpkey); - return ret; - } - - ret = MHD__gnutls_x509_privkey_to_gkey (privkey, tmpkey); - if (ret < 0) - { - MHD_gnutls_assert (); - MHD_gnutls_x509_privkey_deinit (tmpkey); - return ret; - } - - MHD_gnutls_x509_privkey_deinit (tmpkey); - - return 0; -} - -/* Reads a PEM encoded PKCS-1 RSA/DSA private key from memory. Type - * indicates the certificate format. KEY can be NULL, to indicate - * that GnuTLS doesn't know the private key. - */ -static int -read_key_mem (MHD_gtls_cert_credentials_t res, - const void *key, int key_size, MHD_gnutls_x509_crt_fmt_t type) -{ - int ret; - MHD_gnutls_datum_t tmp; - - /* allocate space for the pkey list - */ - res->pkey = - MHD_gtls_realloc_fast (res->pkey, - (res->ncerts + 1) * sizeof (MHD_gnutls_privkey)); - if (res->pkey == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - if (key) - { - tmp.data = (opaque *) key; - tmp.size = key_size; - - ret = - MHD__gnutls_x509_raw_privkey_to_gkey (&res->pkey[res->ncerts], &tmp, - type); - if (ret < 0) - { - MHD_gnutls_assert (); - return ret; - } - } - else - memset (&res->pkey[res->ncerts], 0, sizeof (MHD_gnutls_privkey)); - - return 0; -} - -/** - * MHD__gnutls_certificate_set_x509_key_mem - Used to set keys in a MHD_gtls_cert_credentials_t structure - * @res: is an #MHD_gtls_cert_credentials_t structure. - * @cert: contains a certificate list (path) for the specified private key - * @key: is the private key, or %NULL - * @type: is PEM or DER - * - * This function sets a certificate/private key pair in the - * MHD_gtls_cert_credentials_t structure. This function may be called - * more than once (in case multiple keys/certificates exist for the - * server). - * - * Currently are supported: RSA PKCS-1 encoded private keys, - * DSA private keys. - * - * DSA private keys are encoded the OpenSSL way, which is an ASN.1 - * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. - * - * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates - * is supported. This means that certificates intended for signing cannot - * be used for ciphersuites that require encryption. - * - * If the certificate and the private key are given in PEM encoding - * then the strings that hold their values must be null terminated. - * - * The @key may be %NULL if you are using a sign callback, see - * MHD_gtls_sign_callback_set(). - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ -int -MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t - res, - const MHD_gnutls_datum_t * cert, - const MHD_gnutls_datum_t * key, - MHD_gnutls_x509_crt_fmt_t type) -{ - int ret; - - /* this should be first - */ - if ((ret = read_key_mem (res, key ? key->data : NULL, - key ? key->size : 0, type)) < 0) - return ret; - - if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0) - return ret; - - res->ncerts++; - - if (key && (ret = MHD__gnutls_check_key_cert_match (res)) < 0) - { - MHD_gnutls_assert (); - return ret; - } - - return 0; -} - -/* Returns 0 if it's ok to use the enum MHD_GNUTLS_KeyExchangeAlgorithm with this - * certificate (uses the KeyUsage field). - */ -int -MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, - enum MHD_GNUTLS_KeyExchangeAlgorithm alg) -{ - unsigned int key_usage = 0; - int encipher_type; - - if (cert == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (MHD_gtls_map_kx_get_cred (alg, 1) == MHD_GNUTLS_CRD_CERTIFICATE || - MHD_gtls_map_kx_get_cred (alg, 0) == MHD_GNUTLS_CRD_CERTIFICATE) - { - - key_usage = cert->key_usage; - - encipher_type = MHD_gtls_kx_encipher_type (alg); - - if (key_usage != 0 && encipher_type != CIPHER_IGN) - { - /* If key_usage has been set in the certificate - */ - - if (encipher_type == CIPHER_ENCRYPT) - { - /* If the key exchange method requires an encipher - * type algorithm, and key's usage does not permit - * encipherment, then fail. - */ - if (!(key_usage & KEY_KEY_ENCIPHERMENT)) - { - MHD_gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } - } - - if (encipher_type == CIPHER_SIGN) - { - /* The same as above, but for sign only keys - */ - if (!(key_usage & KEY_DIGITAL_SIGNATURE)) - { - MHD_gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } - } - } - } - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_x509.h b/lib/libmicrohttpd/src/daemon/https/tls/gnutls_x509.h deleted file mode 100644 index 0726932807..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/gnutls_x509.h +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <libtasn1.h> - -int MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, - unsigned int *status); - -#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" -#define PEM_CERT_SEP "-----BEGIN CERTIFICATE" - -#define PEM_CRL_SEP "-----BEGIN X509 CRL" - -#define PEM_KEY_RSA_SEP "-----BEGIN RSA" -#define PEM_KEY_DSA_SEP "-----BEGIN DSA" - -int MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, - enum MHD_GNUTLS_KeyExchangeAlgorithm alg); - -int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, - mpi_t * params); -int MHD__gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, - mpi_t * params); - -int MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, - const MHD_gnutls_datum_t * raw_key, - MHD_gnutls_x509_crt_fmt_t type); -int MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * privkey, - MHD_gnutls_x509_privkey_t); diff --git a/lib/libmicrohttpd/src/daemon/https/tls/memmem.c b/lib/libmicrohttpd/src/daemon/https/tls/memmem.c deleted file mode 100644 index 77143a7e1f..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/memmem.c +++ /dev/null @@ -1,78 +0,0 @@ -/* Copyright (C) 1991,92,93,94,96,97,98,2000,2004,2007,2008 Free Software - Foundation, Inc. - This file is part of the GNU C Library. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License along - with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ - -/* This particular implementation was written by Eric Blake, 2008. */ - -/* Specification of memmem. */ -#include "gnutls_global.h" -#include <string.h> - -#if !HAVE_MEMMEM - -#ifndef _LIBC -# define __builtin_expect(expr, val) (expr) -#endif - -#define RETURN_TYPE void * -#define AVAILABLE(h, h_l, j, n_l) ((j) <= (h_l) - (n_l)) -#include "str-two-way.h" - -/* Return the first occurrence of NEEDLE in HAYSTACK. Return HAYSTACK - if NEEDLE_LEN is 0, otherwise NULL if NEEDLE is not found in - HAYSTACK. */ -void * -memmem (const void *haystack_start, size_t haystack_len, - const void *needle_start, size_t needle_len) -{ - /* Abstract memory is considered to be an array of 'unsigned char' values, - not an array of 'char' values. See ISO C 99 section 6.2.6.1. */ - const unsigned char *haystack = (const unsigned char *) haystack_start; - const unsigned char *needle = (const unsigned char *) needle_start; - - if (needle_len == 0) - /* The first occurrence of the empty string is deemed to occur at - the beginning of the string. */ - return (void *) haystack; - - /* Sanity check, otherwise the loop might search through the whole - memory. */ - if (__builtin_expect (haystack_len < needle_len, 0)) - return NULL; - - /* Use optimizations in memchr when possible, to reduce the search - size of haystack using a linear algorithm with a smaller - coefficient. However, avoid memchr for long needles, since we - can often achieve sublinear performance. */ - if (needle_len < LONG_NEEDLE_THRESHOLD) - { - haystack = memchr (haystack, *needle, haystack_len); - if (!haystack || __builtin_expect (needle_len == 1, 0)) - return (void *) haystack; - haystack_len -= haystack - (const unsigned char *) haystack_start; - if (haystack_len < needle_len) - return NULL; - return two_way_short_needle (haystack, haystack_len, needle, - needle_len); - } - else - return two_way_long_needle (haystack, haystack_len, needle, needle_len); -} - -#undef LONG_NEEDLE_THRESHOLD - -#endif /* !HAVE_MEMMEM */ diff --git a/lib/libmicrohttpd/src/daemon/https/tls/pkix_asn1_tab.c b/lib/libmicrohttpd/src/daemon/https/tls/pkix_asn1_tab.c deleted file mode 100644 index 30b5ddd1c1..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/pkix_asn1_tab.c +++ /dev/null @@ -1,1130 +0,0 @@ -#if HAVE_CONFIG_H -#include "MHD_config.h" -#endif - -#include <libtasn1.h> - -const ASN1_ARRAY_TYPE MHD_pkix_asn1_tab[] = { - {"PKIX1", 536875024, 0}, - {0, 1073741836, 0}, - {"id-ce", 1879048204, 0}, - {"joint-iso-ccitt", 1073741825, "2"}, - {"ds", 1073741825, "5"}, - {0, 1, "29"}, - {"id-ce-authorityKeyIdentifier", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "35"}, - {"AuthorityKeyIdentifier", 1610612741, 0}, - {"keyIdentifier", 1610637314, "KeyIdentifier"}, - {0, 4104, "0"}, - {"authorityCertIssuer", 1610637314, "GeneralNames"}, - {0, 4104, "1"}, - {"authorityCertSerialNumber", 536895490, "CertificateSerialNumber"}, - {0, 4104, "2"}, - {"KeyIdentifier", 1073741831, 0}, - {"id-ce-subjectKeyIdentifier", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "14"}, - {"SubjectKeyIdentifier", 1073741826, "KeyIdentifier"}, - {"id-ce-keyUsage", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "15"}, - {"KeyUsage", 1610874886, 0}, - {"digitalSignature", 1073741825, "0"}, - {"nonRepudiation", 1073741825, "1"}, - {"keyEncipherment", 1073741825, "2"}, - {"dataEncipherment", 1073741825, "3"}, - {"keyAgreement", 1073741825, "4"}, - {"keyCertSign", 1073741825, "5"}, - {"cRLSign", 1073741825, "6"}, - {"encipherOnly", 1073741825, "7"}, - {"decipherOnly", 1, "8"}, - {"id-ce-privateKeyUsagePeriod", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "16"}, - {"PrivateKeyUsagePeriod", 1610612741, 0}, - {"notBefore", 1619025937, 0}, - {0, 4104, "0"}, - {"notAfter", 545284113, 0}, - {0, 4104, "1"}, - {"id-ce-certificatePolicies", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "32"}, - {"CertificatePolicies", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "PolicyInformation"}, - {"PolicyInformation", 1610612741, 0}, - {"policyIdentifier", 1073741826, "CertPolicyId"}, - {"policyQualifiers", 538984459, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "PolicyQualifierInfo"}, - {"CertPolicyId", 1073741836, 0}, - {"PolicyQualifierInfo", 1610612741, 0}, - {"policyQualifierId", 1073741826, "PolicyQualifierId"}, - {"qualifier", 541065229, 0}, - {"policyQualifierId", 1, 0}, - {"PolicyQualifierId", 1073741836, 0}, - {"CPSuri", 1073741826, "IA5String"}, - {"UserNotice", 1610612741, 0}, - {"noticeRef", 1073758210, "NoticeReference"}, - {"explicitText", 16386, "DisplayText"}, - {"NoticeReference", 1610612741, 0}, - {"organization", 1073741826, "DisplayText"}, - {"noticeNumbers", 536870923, 0}, - {0, 3, 0}, - {"DisplayText", 1610612754, 0}, - {"visibleString", 1612709890, "VisibleString"}, - {"200", 524298, "1"}, - {"bmpString", 1612709890, "BMPString"}, - {"200", 524298, "1"}, - {"utf8String", 538968066, "UTF8String"}, - {"200", 524298, "1"}, - {"id-ce-policyMappings", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "33"}, - {"PolicyMappings", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 536870917, 0}, - {"issuerDomainPolicy", 1073741826, "CertPolicyId"}, - {"subjectDomainPolicy", 2, "CertPolicyId"}, - {"DirectoryString", 1610612754, 0}, - {"teletexString", 1612709890, "TeletexString"}, - {"MAX", 524298, "1"}, - {"printableString", 1612709890, "PrintableString"}, - {"MAX", 524298, "1"}, - {"universalString", 1612709890, "UniversalString"}, - {"MAX", 524298, "1"}, - {"utf8String", 1612709890, "UTF8String"}, - {"MAX", 524298, "1"}, - {"bmpString", 1612709890, "BMPString"}, - {"MAX", 524298, "1"}, - {"ia5String", 538968066, "IA5String"}, - {"MAX", 524298, "1"}, - {"id-ce-subjectAltName", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "17"}, - {"SubjectAltName", 1073741826, "GeneralNames"}, - {"GeneralNames", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "GeneralName"}, - {"GeneralName", 1610612754, 0}, - {"otherName", 1610620930, "AnotherName"}, - {0, 4104, "0"}, - {"rfc822Name", 1610620930, "IA5String"}, - {0, 4104, "1"}, - {"dNSName", 1610620930, "IA5String"}, - {0, 4104, "2"}, - {"x400Address", 1610620930, "ORAddress"}, - {0, 4104, "3"}, - {"directoryName", 1610620930, "RDNSequence"}, - {0, 2056, "4"}, - {"ediPartyName", 1610620930, "EDIPartyName"}, - {0, 4104, "5"}, - {"uniformResourceIdentifier", 1610620930, "IA5String"}, - {0, 4104, "6"}, - {"iPAddress", 1610620935, 0}, - {0, 4104, "7"}, - {"registeredID", 536879116, 0}, - {0, 4104, "8"}, - {"AnotherName", 1610612741, 0}, - {"type-id", 1073741836, 0}, - {"value", 541073421, 0}, - {0, 1073743880, "0"}, - {"type-id", 1, 0}, - {"EDIPartyName", 1610612741, 0}, - {"nameAssigner", 1610637314, "DirectoryString"}, - {0, 4104, "0"}, - {"partyName", 536879106, "DirectoryString"}, - {0, 4104, "1"}, - {"id-ce-issuerAltName", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "18"}, - {"IssuerAltName", 1073741826, "GeneralNames"}, - {"id-ce-subjectDirectoryAttributes", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "9"}, - {"SubjectDirectoryAttributes", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "Attribute"}, - {"id-ce-basicConstraints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "19"}, - {"BasicConstraints", 1610612741, 0}, - {"cA", 1610645508, 0}, - {0, 131081, 0}, - {"pathLenConstraint", 537411587, 0}, - {"0", 10, "MAX"}, - {"id-ce-nameConstraints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "30"}, - {"NameConstraints", 1610612741, 0}, - {"permittedSubtrees", 1610637314, "GeneralSubtrees"}, - {0, 4104, "0"}, - {"excludedSubtrees", 536895490, "GeneralSubtrees"}, - {0, 4104, "1"}, - {"GeneralSubtrees", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "GeneralSubtree"}, - {"GeneralSubtree", 1610612741, 0}, - {"base", 1073741826, "GeneralName"}, - {"minimum", 1610653698, "BaseDistance"}, - {0, 1073741833, "0"}, - {0, 4104, "0"}, - {"maximum", 536895490, "BaseDistance"}, - {0, 4104, "1"}, - {"BaseDistance", 1611137027, 0}, - {"0", 10, "MAX"}, - {"id-ce-policyConstraints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "36"}, - {"PolicyConstraints", 1610612741, 0}, - {"requireExplicitPolicy", 1610637314, "SkipCerts"}, - {0, 4104, "0"}, - {"inhibitPolicyMapping", 536895490, "SkipCerts"}, - {0, 4104, "1"}, - {"SkipCerts", 1611137027, 0}, - {"0", 10, "MAX"}, - {"id-ce-cRLDistributionPoints", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "31"}, - {"CRLDistributionPoints", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "DistributionPoint"}, - {"DistributionPoint", 1610612741, 0}, - {"distributionPoint", 1610637314, "DistributionPointName"}, - {0, 2056, "0"}, - {"reasons", 1610637314, "ReasonFlags"}, - {0, 4104, "1"}, - {"cRLIssuer", 536895490, "GeneralNames"}, - {0, 4104, "2"}, - {"DistributionPointName", 1610612754, 0}, - {"fullName", 1610620930, "GeneralNames"}, - {0, 4104, "0"}, - {"nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"}, - {0, 4104, "1"}, - {"ReasonFlags", 1610874886, 0}, - {"unused", 1073741825, "0"}, - {"keyCompromise", 1073741825, "1"}, - {"cACompromise", 1073741825, "2"}, - {"affiliationChanged", 1073741825, "3"}, - {"superseded", 1073741825, "4"}, - {"cessationOfOperation", 1073741825, "5"}, - {"certificateHold", 1073741825, "6"}, - {"privilegeWithdrawn", 1073741825, "7"}, - {"aACompromise", 1, "8"}, - {"id-ce-extKeyUsage", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "37"}, - {"ExtKeyUsageSyntax", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "KeyPurposeId"}, - {"KeyPurposeId", 1073741836, 0}, - {"id-kp-serverAuth", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "1"}, - {"id-kp-clientAuth", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "2"}, - {"id-kp-codeSigning", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "3"}, - {"id-kp-emailProtection", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "4"}, - {"id-kp-ipsecEndSystem", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "5"}, - {"id-kp-ipsecTunnel", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "6"}, - {"id-kp-ipsecUser", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "7"}, - {"id-kp-timeStamping", 1879048204, 0}, - {0, 1073741825, "id-kp"}, - {0, 1, "8"}, - {"id-pe-authorityInfoAccess", 1879048204, 0}, - {0, 1073741825, "id-pe"}, - {0, 1, "1"}, - {"AuthorityInfoAccessSyntax", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "AccessDescription"}, - {"AccessDescription", 1610612741, 0}, - {"accessMethod", 1073741836, 0}, - {"accessLocation", 2, "GeneralName"}, - {"id-ce-cRLNumber", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "20"}, - {"CRLNumber", 1611137027, 0}, - {"0", 10, "MAX"}, - {"id-ce-issuingDistributionPoint", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "28"}, - {"IssuingDistributionPoint", 1610612741, 0}, - {"distributionPoint", 1610637314, "DistributionPointName"}, - {0, 4104, "0"}, - {"onlyContainsUserCerts", 1610653700, 0}, - {0, 1073872905, 0}, - {0, 4104, "1"}, - {"onlyContainsCACerts", 1610653700, 0}, - {0, 1073872905, 0}, - {0, 4104, "2"}, - {"onlySomeReasons", 1610637314, "ReasonFlags"}, - {0, 4104, "3"}, - {"indirectCRL", 536911876, 0}, - {0, 1073872905, 0}, - {0, 4104, "4"}, - {"id-ce-deltaCRLIndicator", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "27"}, - {"BaseCRLNumber", 1073741826, "CRLNumber"}, - {"id-ce-cRLReasons", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "21"}, - {"CRLReason", 1610874901, 0}, - {"unspecified", 1073741825, "0"}, - {"keyCompromise", 1073741825, "1"}, - {"cACompromise", 1073741825, "2"}, - {"affiliationChanged", 1073741825, "3"}, - {"superseded", 1073741825, "4"}, - {"cessationOfOperation", 1073741825, "5"}, - {"certificateHold", 1073741825, "6"}, - {"removeFromCRL", 1, "8"}, - {"id-ce-certificateIssuer", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "29"}, - {"CertificateIssuer", 1073741826, "GeneralNames"}, - {"id-ce-holdInstructionCode", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "23"}, - {"HoldInstructionCode", 1073741836, 0}, - {"holdInstruction", 1879048204, 0}, - {"joint-iso-itu-t", 1073741825, "2"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"x9cm", 1073741825, "10040"}, - {0, 1, "2"}, - {"id-holdinstruction-none", 1879048204, 0}, - {0, 1073741825, "holdInstruction"}, - {0, 1, "1"}, - {"id-holdinstruction-callissuer", 1879048204, 0}, - {0, 1073741825, "holdInstruction"}, - {0, 1, "2"}, - {"id-holdinstruction-reject", 1879048204, 0}, - {0, 1073741825, "holdInstruction"}, - {0, 1, "3"}, - {"id-ce-invalidityDate", 1879048204, 0}, - {0, 1073741825, "id-ce"}, - {0, 1, "24"}, - {"InvalidityDate", 1082130449, 0}, - {"VisibleString", 1610620935, 0}, - {0, 4360, "26"}, - {"NumericString", 1610620935, 0}, - {0, 4360, "18"}, - {"IA5String", 1610620935, 0}, - {0, 4360, "22"}, - {"TeletexString", 1610620935, 0}, - {0, 4360, "20"}, - {"PrintableString", 1610620935, 0}, - {0, 4360, "19"}, - {"UniversalString", 1610620935, 0}, - {0, 4360, "28"}, - {"BMPString", 1610620935, 0}, - {0, 4360, "30"}, - {"UTF8String", 1610620935, 0}, - {0, 4360, "12"}, - {"id-pkix", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"identified-organization", 1073741825, "3"}, - {"dod", 1073741825, "6"}, - {"internet", 1073741825, "1"}, - {"security", 1073741825, "5"}, - {"mechanisms", 1073741825, "5"}, - {"pkix", 1, "7"}, - {"id-pe", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "1"}, - {"id-qt", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "2"}, - {"id-kp", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "3"}, - {"id-ad", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "48"}, - {"id-qt-cps", 1879048204, 0}, - {0, 1073741825, "id-qt"}, - {0, 1, "1"}, - {"id-qt-unotice", 1879048204, 0}, - {0, 1073741825, "id-qt"}, - {0, 1, "2"}, - {"id-ad-ocsp", 1879048204, 0}, - {0, 1073741825, "id-ad"}, - {0, 1, "1"}, - {"id-ad-caIssuers", 1879048204, 0}, - {0, 1073741825, "id-ad"}, - {0, 1, "2"}, - {"Attribute", 1610612741, 0}, - {"type", 1073741826, "AttributeType"}, - {"values", 536870927, 0}, - {0, 2, "AttributeValue"}, - {"AttributeType", 1073741836, 0}, - {"AttributeValue", 1614807053, 0}, - {"type", 1, 0}, - {"AttributeTypeAndValue", 1610612741, 0}, - {"type", 1073741826, "AttributeType"}, - {"value", 2, "AttributeValue"}, - {"id-at", 1879048204, 0}, - {"joint-iso-ccitt", 1073741825, "2"}, - {"ds", 1073741825, "5"}, - {0, 1, "4"}, - {"id-at-initials", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "43"}, - {"X520initials", 1073741826, "DirectoryString"}, - {"id-at-generationQualifier", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "44"}, - {"X520generationQualifier", 1073741826, "DirectoryString"}, - {"id-at-surname", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "4"}, - {"X520surName", 1073741826, "DirectoryString"}, - {"id-at-givenName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "42"}, - {"X520givenName", 1073741826, "DirectoryString"}, - {"id-at-name", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "41"}, - {"X520name", 1073741826, "DirectoryString"}, - {"id-at-commonName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "3"}, - {"X520CommonName", 1073741826, "DirectoryString"}, - {"id-at-localityName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "7"}, - {"X520LocalityName", 1073741826, "DirectoryString"}, - {"id-at-stateOrProvinceName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "8"}, - {"X520StateOrProvinceName", 1073741826, "DirectoryString"}, - {"id-at-organizationName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "10"}, - {"X520OrganizationName", 1073741826, "DirectoryString"}, - {"id-at-organizationalUnitName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "11"}, - {"X520OrganizationalUnitName", 1073741826, "DirectoryString"}, - {"id-at-title", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "12"}, - {"X520Title", 1073741826, "DirectoryString"}, - {"id-at-description", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "13"}, - {"X520Description", 1073741826, "DirectoryString"}, - {"id-at-dnQualifier", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "46"}, - {"X520dnQualifier", 1073741826, "PrintableString"}, - {"id-at-countryName", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "6"}, - {"X520countryName", 1612709890, "PrintableString"}, - {0, 1048586, "2"}, - {"id-at-serialNumber", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "5"}, - {"X520serialNumber", 1073741826, "PrintableString"}, - {"id-at-telephoneNumber", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "20"}, - {"X520telephoneNumber", 1073741826, "PrintableString"}, - {"id-at-facsimileTelephoneNumber", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "23"}, - {"X520facsimileTelephoneNumber", 1073741826, "PrintableString"}, - {"id-at-pseudonym", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "65"}, - {"X520pseudonym", 1073741826, "DirectoryString"}, - {"id-at-name", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "41"}, - {"X520name", 1073741826, "DirectoryString"}, - {"id-at-streetAddress", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "9"}, - {"X520streetAddress", 1073741826, "DirectoryString"}, - {"id-at-postalAddress", 1880096780, "AttributeType"}, - {0, 1073741825, "id-at"}, - {0, 1, "16"}, - {"X520postalAddress", 1073741826, "PostalAddress"}, - {"PostalAddress", 1610612747, 0}, - {0, 2, "DirectoryString"}, - {"pkcs", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {"pkcs", 1, "1"}, - {"pkcs-9", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "9"}, - {"emailAddress", 1880096780, "AttributeType"}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "1"}, - {"Pkcs9email", 1612709890, "IA5String"}, - {"ub-emailaddress-length", 524298, "1"}, - {"Name", 1610612754, 0}, - {"rdnSequence", 2, "RDNSequence"}, - {"RDNSequence", 1610612747, 0}, - {0, 2, "RelativeDistinguishedName"}, - {"DistinguishedName", 1073741826, "RDNSequence"}, - {"RelativeDistinguishedName", 1612709903, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "AttributeTypeAndValue"}, - {"Certificate", 1610612741, 0}, - {"tbsCertificate", 1073741826, "TBSCertificate"}, - {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"signature", 6, 0}, - {"TBSCertificate", 1610612741, 0}, - {"version", 1610653698, "Version"}, - {0, 1073741833, "v1"}, - {0, 2056, "0"}, - {"serialNumber", 1073741826, "CertificateSerialNumber"}, - {"signature", 1073741826, "AlgorithmIdentifier"}, - {"issuer", 1073741826, "Name"}, - {"validity", 1073741826, "Validity"}, - {"subject", 1073741826, "Name"}, - {"subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"}, - {"issuerUniqueID", 1610637314, "UniqueIdentifier"}, - {0, 4104, "1"}, - {"subjectUniqueID", 1610637314, "UniqueIdentifier"}, - {0, 4104, "2"}, - {"extensions", 536895490, "Extensions"}, - {0, 2056, "3"}, - {"Version", 1610874883, 0}, - {"v1", 1073741825, "0"}, - {"v2", 1073741825, "1"}, - {"v3", 1, "2"}, - {"CertificateSerialNumber", 1073741827, 0}, - {"Validity", 1610612741, 0}, - {"notBefore", 1073741826, "Time"}, - {"notAfter", 2, "Time"}, - {"Time", 1610612754, 0}, - {"utcTime", 1090519057, 0}, - {"generalTime", 8388625, 0}, - {"UniqueIdentifier", 1073741830, 0}, - {"SubjectPublicKeyInfo", 1610612741, 0}, - {"algorithm", 1073741826, "AlgorithmIdentifier"}, - {"subjectPublicKey", 6, 0}, - {"Extensions", 1612709899, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "Extension"}, - {"Extension", 1610612741, 0}, - {"extnID", 1073741836, 0}, - {"critical", 1610645508, 0}, - {0, 131081, 0}, - {"extnValue", 7, 0}, - {"CertificateList", 1610612741, 0}, - {"tbsCertList", 1073741826, "TBSCertList"}, - {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"signature", 6, 0}, - {"TBSCertList", 1610612741, 0}, - {"version", 1073758210, "Version"}, - {"signature", 1073741826, "AlgorithmIdentifier"}, - {"issuer", 1073741826, "Name"}, - {"thisUpdate", 1073741826, "Time"}, - {"nextUpdate", 1073758210, "Time"}, - {"revokedCertificates", 1610629131, 0}, - {0, 536870917, 0}, - {"userCertificate", 1073741826, "CertificateSerialNumber"}, - {"revocationDate", 1073741826, "Time"}, - {"crlEntryExtensions", 16386, "Extensions"}, - {"crlExtensions", 536895490, "Extensions"}, - {0, 2056, "0"}, - {"AlgorithmIdentifier", 1610612741, 0}, - {"algorithm", 1073741836, 0}, - {"parameters", 541081613, 0}, - {"algorithm", 1, 0}, - {"pkcs-1", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "1"}, - {"rsaEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "1"}, - {"md2WithRSAEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "2"}, - {"md5WithRSAEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "4"}, - {"sha1WithRSAEncryption", 1879048204, 0}, - {0, 1073741825, "pkcs-1"}, - {0, 1, "5"}, - {"id-dsa-with-sha1", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"x9-57", 1073741825, "10040"}, - {"x9algorithm", 1073741825, "4"}, - {0, 1, "3"}, - {"Dss-Sig-Value", 1610612741, 0}, - {"r", 1073741827, 0}, - {"s", 3, 0}, - {"dhpublicnumber", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"ansi-x942", 1073741825, "10046"}, - {"number-type", 1073741825, "2"}, - {0, 1, "1"}, - {"DomainParameters", 1610612741, 0}, - {"p", 1073741827, 0}, - {"g", 1073741827, 0}, - {"q", 1073741827, 0}, - {"j", 1073758211, 0}, - {"validationParms", 16386, "ValidationParms"}, - {"ValidationParms", 1610612741, 0}, - {"seed", 1073741830, 0}, - {"pgenCounter", 3, 0}, - {"id-dsa", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"x9-57", 1073741825, "10040"}, - {"x9algorithm", 1073741825, "4"}, - {0, 1, "1"}, - {"Dss-Parms", 1610612741, 0}, - {"p", 1073741827, 0}, - {"q", 1073741827, 0}, - {"g", 3, 0}, - {"ORAddress", 1610612741, 0}, - {"built-in-standard-attributes", 1073741826, "BuiltInStandardAttributes"}, - {"built-in-domain-defined-attributes", 1073758210, - "BuiltInDomainDefinedAttributes"}, - {"extension-attributes", 16386, "ExtensionAttributes"}, - {"BuiltInStandardAttributes", 1610612741, 0}, - {"country-name", 1073758210, "CountryName"}, - {"administration-domain-name", 1073758210, "AdministrationDomainName"}, - {"network-address", 1610637314, "NetworkAddress"}, - {0, 2056, "0"}, - {"terminal-identifier", 1610637314, "TerminalIdentifier"}, - {0, 2056, "1"}, - {"private-domain-name", 1610637314, "PrivateDomainName"}, - {0, 2056, "2"}, - {"organization-name", 1610637314, "OrganizationName"}, - {0, 2056, "3"}, - {"numeric-user-identifier", 1610637314, "NumericUserIdentifier"}, - {0, 2056, "4"}, - {"personal-name", 1610637314, "PersonalName"}, - {0, 2056, "5"}, - {"organizational-unit-names", 536895490, "OrganizationalUnitNames"}, - {0, 2056, "6"}, - {"CountryName", 1610620946, 0}, - {0, 1073746952, "1"}, - {"x121-dcc-code", 1612709890, "NumericString"}, - {0, 1048586, "ub-country-name-numeric-length"}, - {"iso-3166-alpha2-code", 538968066, "PrintableString"}, - {0, 1048586, "ub-country-name-alpha-length"}, - {"AdministrationDomainName", 1610620946, 0}, - {0, 1073744904, "2"}, - {"numeric", 1612709890, "NumericString"}, - {"ub-domain-name-length", 524298, "0"}, - {"printable", 538968066, "PrintableString"}, - {"ub-domain-name-length", 524298, "0"}, - {"NetworkAddress", 1073741826, "X121Address"}, - {"X121Address", 1612709890, "NumericString"}, - {"ub-x121-address-length", 524298, "1"}, - {"TerminalIdentifier", 1612709890, "PrintableString"}, - {"ub-terminal-id-length", 524298, "1"}, - {"PrivateDomainName", 1610612754, 0}, - {"numeric", 1612709890, "NumericString"}, - {"ub-domain-name-length", 524298, "1"}, - {"printable", 538968066, "PrintableString"}, - {"ub-domain-name-length", 524298, "1"}, - {"OrganizationName", 1612709890, "PrintableString"}, - {"ub-organization-name-length", 524298, "1"}, - {"NumericUserIdentifier", 1612709890, "NumericString"}, - {"ub-numeric-user-id-length", 524298, "1"}, - {"PersonalName", 1610612750, 0}, - {"surname", 1814044674, "PrintableString"}, - {0, 1073745928, "0"}, - {"ub-surname-length", 524298, "1"}, - {"given-name", 1814061058, "PrintableString"}, - {0, 1073745928, "1"}, - {"ub-given-name-length", 524298, "1"}, - {"initials", 1814061058, "PrintableString"}, - {0, 1073745928, "2"}, - {"ub-initials-length", 524298, "1"}, - {"generation-qualifier", 740319234, "PrintableString"}, - {0, 1073745928, "3"}, - {"ub-generation-qualifier-length", 524298, "1"}, - {"OrganizationalUnitNames", 1612709899, 0}, - {"ub-organizational-units", 1074266122, "1"}, - {0, 2, "OrganizationalUnitName"}, - {"OrganizationalUnitName", 1612709890, "PrintableString"}, - {"ub-organizational-unit-name-length", 524298, "1"}, - {"BuiltInDomainDefinedAttributes", 1612709899, 0}, - {"ub-domain-defined-attributes", 1074266122, "1"}, - {0, 2, "BuiltInDomainDefinedAttribute"}, - {"BuiltInDomainDefinedAttribute", 1610612741, 0}, - {"type", 1612709890, "PrintableString"}, - {"ub-domain-defined-attribute-type-length", 524298, "1"}, - {"value", 538968066, "PrintableString"}, - {"ub-domain-defined-attribute-value-length", 524298, "1"}, - {"ExtensionAttributes", 1612709903, 0}, - {"ub-extension-attributes", 1074266122, "1"}, - {0, 2, "ExtensionAttribute"}, - {"ExtensionAttribute", 1610612741, 0}, - {"extension-attribute-type", 1611145219, 0}, - {0, 1073743880, "0"}, - {"0", 10, "ub-extension-attributes"}, - {"extension-attribute-value", 541073421, 0}, - {0, 1073743880, "1"}, - {"extension-attribute-type", 1, 0}, - {"common-name", 1342177283, "1"}, - {"CommonName", 1612709890, "PrintableString"}, - {"ub-common-name-length", 524298, "1"}, - {"teletex-common-name", 1342177283, "2"}, - {"TeletexCommonName", 1612709890, "TeletexString"}, - {"ub-common-name-length", 524298, "1"}, - {"teletex-organization-name", 1342177283, "3"}, - {"TeletexOrganizationName", 1612709890, "TeletexString"}, - {"ub-organization-name-length", 524298, "1"}, - {"teletex-personal-name", 1342177283, "4"}, - {"TeletexPersonalName", 1610612750, 0}, - {"surname", 1814044674, "TeletexString"}, - {0, 1073743880, "0"}, - {"ub-surname-length", 524298, "1"}, - {"given-name", 1814061058, "TeletexString"}, - {0, 1073743880, "1"}, - {"ub-given-name-length", 524298, "1"}, - {"initials", 1814061058, "TeletexString"}, - {0, 1073743880, "2"}, - {"ub-initials-length", 524298, "1"}, - {"generation-qualifier", 740319234, "TeletexString"}, - {0, 1073743880, "3"}, - {"ub-generation-qualifier-length", 524298, "1"}, - {"teletex-organizational-unit-names", 1342177283, "5"}, - {"TeletexOrganizationalUnitNames", 1612709899, 0}, - {"ub-organizational-units", 1074266122, "1"}, - {0, 2, "TeletexOrganizationalUnitName"}, - {"TeletexOrganizationalUnitName", 1612709890, "TeletexString"}, - {"ub-organizational-unit-name-length", 524298, "1"}, - {"pds-name", 1342177283, "7"}, - {"PDSName", 1612709890, "PrintableString"}, - {"ub-pds-name-length", 524298, "1"}, - {"physical-delivery-country-name", 1342177283, "8"}, - {"PhysicalDeliveryCountryName", 1610612754, 0}, - {"x121-dcc-code", 1612709890, "NumericString"}, - {0, 1048586, "ub-country-name-numeric-length"}, - {"iso-3166-alpha2-code", 538968066, "PrintableString"}, - {0, 1048586, "ub-country-name-alpha-length"}, - {"postal-code", 1342177283, "9"}, - {"PostalCode", 1610612754, 0}, - {"numeric-code", 1612709890, "NumericString"}, - {"ub-postal-code-length", 524298, "1"}, - {"printable-code", 538968066, "PrintableString"}, - {"ub-postal-code-length", 524298, "1"}, - {"physical-delivery-office-name", 1342177283, "10"}, - {"PhysicalDeliveryOfficeName", 1073741826, "PDSParameter"}, - {"physical-delivery-office-number", 1342177283, "11"}, - {"PhysicalDeliveryOfficeNumber", 1073741826, "PDSParameter"}, - {"extension-OR-address-components", 1342177283, "12"}, - {"ExtensionORAddressComponents", 1073741826, "PDSParameter"}, - {"physical-delivery-personal-name", 1342177283, "13"}, - {"PhysicalDeliveryPersonalName", 1073741826, "PDSParameter"}, - {"physical-delivery-organization-name", 1342177283, "14"}, - {"PhysicalDeliveryOrganizationName", 1073741826, "PDSParameter"}, - {"extension-physical-delivery-address-components", 1342177283, "15"}, - {"ExtensionPhysicalDeliveryAddressComponents", 1073741826, "PDSParameter"}, - {"unformatted-postal-address", 1342177283, "16"}, - {"UnformattedPostalAddress", 1610612750, 0}, - {"printable-address", 1814052875, 0}, - {"ub-pds-physical-address-lines", 1074266122, "1"}, - {0, 538968066, "PrintableString"}, - {"ub-pds-parameter-length", 524298, "1"}, - {"teletex-string", 740311042, "TeletexString"}, - {"ub-unformatted-address-length", 524298, "1"}, - {"street-address", 1342177283, "17"}, - {"StreetAddress", 1073741826, "PDSParameter"}, - {"post-office-box-address", 1342177283, "18"}, - {"PostOfficeBoxAddress", 1073741826, "PDSParameter"}, - {"poste-restante-address", 1342177283, "19"}, - {"PosteRestanteAddress", 1073741826, "PDSParameter"}, - {"unique-postal-name", 1342177283, "20"}, - {"UniquePostalName", 1073741826, "PDSParameter"}, - {"local-postal-attributes", 1342177283, "21"}, - {"LocalPostalAttributes", 1073741826, "PDSParameter"}, - {"PDSParameter", 1610612750, 0}, - {"printable-string", 1814052866, "PrintableString"}, - {"ub-pds-parameter-length", 524298, "1"}, - {"teletex-string", 740311042, "TeletexString"}, - {"ub-pds-parameter-length", 524298, "1"}, - {"extended-network-address", 1342177283, "22"}, - {"ExtendedNetworkAddress", 1610612754, 0}, - {"e163-4-address", 1610612741, 0}, - {"number", 1612718082, "NumericString"}, - {0, 1073743880, "0"}, - {"ub-e163-4-number-length", 524298, "1"}, - {"sub-address", 538992642, "NumericString"}, - {0, 1073743880, "1"}, - {"ub-e163-4-sub-address-length", 524298, "1"}, - {"psap-address", 536879106, "PresentationAddress"}, - {0, 2056, "0"}, - {"PresentationAddress", 1610612741, 0}, - {"pSelector", 1610637319, 0}, - {0, 2056, "0"}, - {"sSelector", 1610637319, 0}, - {0, 2056, "1"}, - {"tSelector", 1610637319, 0}, - {0, 2056, "2"}, - {"nAddresses", 538976271, 0}, - {0, 1073743880, "3"}, - {"MAX", 1074266122, "1"}, - {0, 7, 0}, - {"terminal-type", 1342177283, "23"}, - {"TerminalType", 1610874883, 0}, - {"telex", 1073741825, "3"}, - {"teletex", 1073741825, "4"}, - {"g3-facsimile", 1073741825, "5"}, - {"g4-facsimile", 1073741825, "6"}, - {"ia5-terminal", 1073741825, "7"}, - {"videotex", 1, "8"}, - {"teletex-domain-defined-attributes", 1342177283, "6"}, - {"TeletexDomainDefinedAttributes", 1612709899, 0}, - {"ub-domain-defined-attributes", 1074266122, "1"}, - {0, 2, "TeletexDomainDefinedAttribute"}, - {"TeletexDomainDefinedAttribute", 1610612741, 0}, - {"type", 1612709890, "TeletexString"}, - {"ub-domain-defined-attribute-type-length", 524298, "1"}, - {"value", 538968066, "TeletexString"}, - {"ub-domain-defined-attribute-value-length", 524298, "1"}, - {"ub-name", 1342177283, "32768"}, - {"ub-common-name", 1342177283, "64"}, - {"ub-locality-name", 1342177283, "128"}, - {"ub-state-name", 1342177283, "128"}, - {"ub-organization-name", 1342177283, "64"}, - {"ub-organizational-unit-name", 1342177283, "64"}, - {"ub-title", 1342177283, "64"}, - {"ub-match", 1342177283, "128"}, - {"ub-emailaddress-length", 1342177283, "128"}, - {"ub-common-name-length", 1342177283, "64"}, - {"ub-country-name-alpha-length", 1342177283, "2"}, - {"ub-country-name-numeric-length", 1342177283, "3"}, - {"ub-domain-defined-attributes", 1342177283, "4"}, - {"ub-domain-defined-attribute-type-length", 1342177283, "8"}, - {"ub-domain-defined-attribute-value-length", 1342177283, "128"}, - {"ub-domain-name-length", 1342177283, "16"}, - {"ub-extension-attributes", 1342177283, "256"}, - {"ub-e163-4-number-length", 1342177283, "15"}, - {"ub-e163-4-sub-address-length", 1342177283, "40"}, - {"ub-generation-qualifier-length", 1342177283, "3"}, - {"ub-given-name-length", 1342177283, "16"}, - {"ub-initials-length", 1342177283, "5"}, - {"ub-integer-options", 1342177283, "256"}, - {"ub-numeric-user-id-length", 1342177283, "32"}, - {"ub-organization-name-length", 1342177283, "64"}, - {"ub-organizational-unit-name-length", 1342177283, "32"}, - {"ub-organizational-units", 1342177283, "4"}, - {"ub-pds-name-length", 1342177283, "16"}, - {"ub-pds-parameter-length", 1342177283, "30"}, - {"ub-pds-physical-address-lines", 1342177283, "6"}, - {"ub-postal-code-length", 1342177283, "16"}, - {"ub-surname-length", 1342177283, "40"}, - {"ub-terminal-id-length", 1342177283, "24"}, - {"ub-unformatted-address-length", 1342177283, "180"}, - {"ub-x121-address-length", 1342177283, "16"}, - {"pkcs-7-ContentInfo", 1610612741, 0}, - {"contentType", 1073741826, "pkcs-7-ContentType"}, - {"content", 541073421, 0}, - {0, 1073743880, "0"}, - {"contentType", 1, 0}, - {"pkcs-7-DigestInfo", 1610612741, 0}, - {"digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"}, - {"digest", 2, "pkcs-7-Digest"}, - {"pkcs-7-Digest", 1073741831, 0}, - {"pkcs-7-ContentType", 1073741836, 0}, - {"pkcs-7-SignedData", 1610612741, 0}, - {"version", 1073741826, "pkcs-7-CMSVersion"}, - {"digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"}, - {"encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"}, - {"certificates", 1610637314, "pkcs-7-CertificateSet"}, - {0, 4104, "0"}, - {"crls", 1610637314, "pkcs-7-CertificateRevocationLists"}, - {0, 4104, "1"}, - {"signerInfos", 2, "pkcs-7-SignerInfos"}, - {"pkcs-7-CMSVersion", 1610874883, 0}, - {"v0", 1073741825, "0"}, - {"v1", 1073741825, "1"}, - {"v2", 1073741825, "2"}, - {"v3", 1073741825, "3"}, - {"v4", 1, "4"}, - {"pkcs-7-DigestAlgorithmIdentifiers", 1610612751, 0}, - {0, 2, "pkcs-7-DigestAlgorithmIdentifier"}, - {"pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, - {"pkcs-7-EncapsulatedContentInfo", 1610612741, 0}, - {"eContentType", 1073741826, "pkcs-7-ContentType"}, - {"eContent", 536895495, 0}, - {0, 2056, "0"}, - {"pkcs-7-CertificateRevocationLists", 1610612751, 0}, - {0, 13, 0}, - {"pkcs-7-CertificateChoices", 1610612754, 0}, - {"certificate", 13, 0}, - {"pkcs-7-CertificateSet", 1610612751, 0}, - {0, 2, "pkcs-7-CertificateChoices"}, - {"pkcs-7-SignerInfos", 1610612751, 0}, - {0, 13, 0}, - {"pkcs-10-CertificationRequestInfo", 1610612741, 0}, - {"version", 1610874883, 0}, - {"v1", 1, "0"}, - {"subject", 1073741826, "Name"}, - {"subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"}, - {"attributes", 536879106, "Attributes"}, - {0, 4104, "0"}, - {"Attributes", 1610612751, 0}, - {0, 2, "Attribute"}, - {"pkcs-10-CertificationRequest", 1610612741, 0}, - {"certificationRequestInfo", 1073741826, - "pkcs-10-CertificationRequestInfo"}, - {"signatureAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"signature", 6, 0}, - {"pkcs-9-ub-challengePassword", 1342177283, "255"}, - {"pkcs-9-certTypes", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "22"}, - {"pkcs-9-crlTypes", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "23"}, - {"pkcs-9-at-challengePassword", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "7"}, - {"pkcs-9-challengePassword", 1610612754, 0}, - {"printableString", 1612709890, "PrintableString"}, - {"pkcs-9-ub-challengePassword", 524298, "1"}, - {"utf8String", 538968066, "UTF8String"}, - {"pkcs-9-ub-challengePassword", 524298, "1"}, - {"pkcs-9-at-localKeyId", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "21"}, - {"pkcs-9-localKeyId", 1073741831, 0}, - {"pkcs-9-at-friendlyName", 1879048204, 0}, - {0, 1073741825, "pkcs-9"}, - {0, 1, "20"}, - {"pkcs-9-friendlyName", 1612709890, "BMPString"}, - {"255", 524298, "1"}, - {"pkcs-8-PrivateKeyInfo", 1610612741, 0}, - {"version", 1073741826, "pkcs-8-Version"}, - {"privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"privateKey", 1073741826, "pkcs-8-PrivateKey"}, - {"attributes", 536895490, "Attributes"}, - {0, 4104, "0"}, - {"pkcs-8-Version", 1610874883, 0}, - {"v1", 1, "0"}, - {"pkcs-8-PrivateKey", 1073741831, 0}, - {"pkcs-8-Attributes", 1610612751, 0}, - {0, 2, "Attribute"}, - {"pkcs-8-EncryptedPrivateKeyInfo", 1610612741, 0}, - {"encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"}, - {"encryptedData", 2, "pkcs-8-EncryptedData"}, - {"pkcs-8-EncryptedData", 1073741831, 0}, - {"pkcs-5", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "5"}, - {"pkcs-5-encryptionAlgorithm", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {0, 1, "3"}, - {"pkcs-5-des-EDE3-CBC", 1879048204, 0}, - {0, 1073741825, "pkcs-5-encryptionAlgorithm"}, - {0, 1, "7"}, - {"pkcs-5-des-EDE3-CBC-params", 1612709895, 0}, - {0, 1048586, "8"}, - {"pkcs-5-id-PBES2", 1879048204, 0}, - {0, 1073741825, "pkcs-5"}, - {0, 1, "13"}, - {"pkcs-5-PBES2-params", 1610612741, 0}, - {"keyDerivationFunc", 1073741826, "AlgorithmIdentifier"}, - {"encryptionScheme", 2, "AlgorithmIdentifier"}, - {"pkcs-5-id-PBKDF2", 1879048204, 0}, - {0, 1073741825, "pkcs-5"}, - {0, 1, "12"}, - {"pkcs-5-PBKDF2-params", 1610612741, 0}, - {"salt", 1610612754, 0}, - {"specified", 1073741831, 0}, - {"otherSource", 2, "AlgorithmIdentifier"}, - {"iterationCount", 1611137027, 0}, - {"1", 10, "MAX"}, - {"keyLength", 1611153411, 0}, - {"1", 10, "MAX"}, - {"prf", 16386, "AlgorithmIdentifier"}, - {"pkcs-12", 1879048204, 0}, - {0, 1073741825, "pkcs"}, - {0, 1, "12"}, - {"pkcs-12-PFX", 1610612741, 0}, - {"version", 1610874883, 0}, - {"v3", 1, "3"}, - {"authSafe", 1073741826, "pkcs-7-ContentInfo"}, - {"macData", 16386, "pkcs-12-MacData"}, - {"pkcs-12-PbeParams", 1610612741, 0}, - {"salt", 1073741831, 0}, - {"iterations", 3, 0}, - {"pkcs-12-MacData", 1610612741, 0}, - {"mac", 1073741826, "pkcs-7-DigestInfo"}, - {"macSalt", 1073741831, 0}, - {"iterations", 536903683, 0}, - {0, 9, "1"}, - {"pkcs-12-AuthenticatedSafe", 1610612747, 0}, - {0, 2, "pkcs-7-ContentInfo"}, - {"pkcs-12-SafeContents", 1610612747, 0}, - {0, 2, "pkcs-12-SafeBag"}, - {"pkcs-12-SafeBag", 1610612741, 0}, - {"bagId", 1073741836, 0}, - {"bagValue", 1614815245, 0}, - {0, 1073743880, "0"}, - {"badId", 1, 0}, - {"bagAttributes", 536887311, 0}, - {0, 2, "pkcs-12-PKCS12Attribute"}, - {"pkcs-12-bagtypes", 1879048204, 0}, - {0, 1073741825, "pkcs-12"}, - {0, 1073741825, "10"}, - {0, 1, "1"}, - {"pkcs-12-keyBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "1"}, - {"pkcs-12-pkcs8ShroudedKeyBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "2"}, - {"pkcs-12-certBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "3"}, - {"pkcs-12-crlBag", 1879048204, 0}, - {0, 1073741825, "pkcs-12-bagtypes"}, - {0, 1, "4"}, - {"pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"}, - {"pkcs-12-PKCS8ShroudedKeyBag", 1073741826, - "pkcs-8-EncryptedPrivateKeyInfo"}, - {"pkcs-12-CertBag", 1610612741, 0}, - {"certId", 1073741836, 0}, - {"certValue", 541073421, 0}, - {0, 1073743880, "0"}, - {"certId", 1, 0}, - {"pkcs-12-CRLBag", 1610612741, 0}, - {"crlId", 1073741836, 0}, - {"crlValue", 541073421, 0}, - {0, 1073743880, "0"}, - {"crlId", 1, 0}, - {"pkcs-12-PKCS12Attribute", 1073741826, "Attribute"}, - {"pkcs-7-data", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {"pkcs", 1073741825, "1"}, - {"pkcs7", 1073741825, "7"}, - {0, 1, "1"}, - {"pkcs-7-encryptedData", 1879048204, 0}, - {"iso", 1073741825, "1"}, - {"member-body", 1073741825, "2"}, - {"us", 1073741825, "840"}, - {"rsadsi", 1073741825, "113549"}, - {"pkcs", 1073741825, "1"}, - {"pkcs7", 1073741825, "7"}, - {0, 1, "6"}, - {"pkcs-7-Data", 1073741831, 0}, - {"pkcs-7-EncryptedData", 1610612741, 0}, - {"version", 1073741826, "pkcs-7-CMSVersion"}, - {"encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"}, - {"unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"}, - {0, 4104, "1"}, - {"pkcs-7-EncryptedContentInfo", 1610612741, 0}, - {"contentType", 1073741826, "pkcs-7-ContentType"}, - {"contentEncryptionAlgorithm", 1073741826, - "pkcs-7-ContentEncryptionAlgorithmIdentifier"}, - {"encryptedContent", 536895490, "pkcs-7-EncryptedContent"}, - {0, 4104, "0"}, - {"pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, - "AlgorithmIdentifier"}, - {"pkcs-7-EncryptedContent", 1073741831, 0}, - {"pkcs-7-UnprotectedAttributes", 1612709903, 0}, - {"MAX", 1074266122, "1"}, - {0, 2, "Attribute"}, - {"id-at-ldap-DC", 1880096780, "AttributeType"}, - {0, 1073741825, "0"}, - {0, 1073741825, "9"}, - {0, 1073741825, "2342"}, - {0, 1073741825, "19200300"}, - {0, 1073741825, "100"}, - {0, 1073741825, "1"}, - {0, 1, "25"}, - {"ldap-DC", 1073741826, "IA5String"}, - {"id-at-ldap-UID", 1880096780, "AttributeType"}, - {0, 1073741825, "0"}, - {0, 1073741825, "9"}, - {0, 1073741825, "2342"}, - {0, 1073741825, "19200300"}, - {0, 1073741825, "100"}, - {0, 1073741825, "1"}, - {0, 1, "1"}, - {"ldap-UID", 1073741826, "DirectoryString"}, - {"id-pda", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "9"}, - {"id-pda-dateOfBirth", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "1"}, - {"DateOfBirth", 1082130449, 0}, - {"id-pda-placeOfBirth", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "2"}, - {"PlaceOfBirth", 1073741826, "DirectoryString"}, - {"id-pda-gender", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "3"}, - {"Gender", 1612709890, "PrintableString"}, - {0, 1048586, "1"}, - {"id-pda-countryOfCitizenship", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "4"}, - {"CountryOfCitizenship", 1612709890, "PrintableString"}, - {0, 1048586, "2"}, - {"id-pda-countryOfResidence", 1880096780, "AttributeType"}, - {0, 1073741825, "id-pda"}, - {0, 1, "5"}, - {"CountryOfResidence", 1612709890, "PrintableString"}, - {0, 1048586, "2"}, - {"id-pe-proxyCertInfo", 1879048204, 0}, - {0, 1073741825, "id-pe"}, - {0, 1, "14"}, - {"id-ppl-inheritAll", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1073741825, "21"}, - {0, 1, "1"}, - {"id-ppl-independent", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1073741825, "21"}, - {0, 1, "2"}, - {"ProxyCertInfo", 1610612741, 0}, - {"pCPathLenConstraint", 1611153411, 0}, - {"0", 10, "MAX"}, - {"proxyPolicy", 2, "ProxyPolicy"}, - {"ProxyPolicy", 1610612741, 0}, - {"policyLanguage", 1073741836, 0}, - {"policy", 16391, 0}, - {"id-on", 1879048204, 0}, - {0, 1073741825, "id-pkix"}, - {0, 1, "8"}, - {"id-on-xmppAddr", 1879048204, 0}, - {0, 1073741825, "id-on"}, - {0, 1, "5"}, - {"XmppAddr", 2, "UTF8String"}, - {0, 0, 0} -}; diff --git a/lib/libmicrohttpd/src/daemon/https/tls/str-two-way.h b/lib/libmicrohttpd/src/daemon/https/tls/str-two-way.h deleted file mode 100644 index 29bb09f6a0..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/str-two-way.h +++ /dev/null @@ -1,429 +0,0 @@ -/* Byte-wise substring search, using the Two-Way algorithm. - Copyright (C) 2008 Free Software Foundation, Inc. - This file is part of the GNU C Library. - Written by Eric Blake <ebb9@byu.net>, 2008. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU Lesser General Public License as published by - the Free Software Foundation; either version 2.1, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public License along - with this program; if not, write to the Free Software Foundation, - Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ - -/* Before including this file, you need to include <config.h> and - <string.h>, and define: - RESULT_TYPE A macro that expands to the return type. - AVAILABLE(h, h_l, j, n_l) - A macro that returns nonzero if there are - at least N_L bytes left starting at H[J]. - H is 'unsigned char *', H_L, J, and N_L - are 'size_t'; H_L is an lvalue. For - NUL-terminated searches, H_L can be - modified each iteration to avoid having - to compute the end of H up front. - - For case-insensitivity, you may optionally define: - CMP_FUNC(p1, p2, l) A macro that returns 0 iff the first L - characters of P1 and P2 are equal. - CANON_ELEMENT(c) A macro that canonicalizes an element right after - it has been fetched from one of the two strings. - The argument is an 'unsigned char'; the result - must be an 'unsigned char' as well. - - This file undefines the macros documented above, and defines - LONG_NEEDLE_THRESHOLD. -*/ - -#include <limits.h> -#include <stdint.h> - -/* We use the Two-Way string matching algorithm, which guarantees - linear complexity with constant space. Additionally, for long - needles, we also use a bad character shift table similar to the - Boyer-Moore algorithm to achieve improved (potentially sub-linear) - performance. - - See http://www-igm.univ-mlv.fr/~lecroq/string/node26.html#SECTION00260 - and http://en.wikipedia.org/wiki/Boyer-Moore_string_search_algorithm -*/ - -/* Point at which computing a bad-byte shift table is likely to be - worthwhile. Small needles should not compute a table, since it - adds (1 << CHAR_BIT) + NEEDLE_LEN computations of preparation for a - speedup no greater than a factor of NEEDLE_LEN. The larger the - needle, the better the potential performance gain. On the other - hand, on non-POSIX systems with CHAR_BIT larger than eight, the - memory required for the table is prohibitive. */ -#if CHAR_BIT < 10 -# define LONG_NEEDLE_THRESHOLD 32U -#else -# define LONG_NEEDLE_THRESHOLD SIZE_MAX -#endif - -#ifndef MAX -# define MAX(a, b) ((a < b) ? (b) : (a)) -#endif - -#ifndef CANON_ELEMENT -# define CANON_ELEMENT(c) c -#endif -#ifndef CMP_FUNC -# define CMP_FUNC memcmp -#endif - -/* Perform a critical factorization of NEEDLE, of length NEEDLE_LEN. - Return the index of the first byte in the right half, and set - *PERIOD to the global period of the right half. - - The global period of a string is the smallest index (possibly its - length) at which all remaining bytes in the string are repetitions - of the prefix (the last repetition may be a subset of the prefix). - - When NEEDLE is factored into two halves, a local period is the - length of the smallest word that shares a suffix with the left half - and shares a prefix with the right half. All factorizations of a - non-empty NEEDLE have a local period of at least 1 and no greater - than NEEDLE_LEN. - - A critical factorization has the property that the local period - equals the global period. All strings have at least one critical - factorization with the left half smaller than the global period. - - Given an ordered alphabet, a critical factorization can be computed - in linear time, with 2 * NEEDLE_LEN comparisons, by computing the - larger of two ordered maximal suffixes. The ordered maximal - suffixes are determined by lexicographic comparison of - periodicity. */ -static size_t -critical_factorization (const unsigned char *needle, size_t needle_len, - size_t * period) -{ - /* Index of last byte of left half, or SIZE_MAX. */ - size_t max_suffix, max_suffix_rev; - size_t j; /* Index into NEEDLE for current candidate suffix. */ - size_t k; /* Offset into current period. */ - size_t p; /* Intermediate period. */ - unsigned char a, b; /* Current comparison bytes. */ - - /* Invariants: - 0 <= j < NEEDLE_LEN - 1 - -1 <= max_suffix{,_rev} < j (treating SIZE_MAX as if it were signed) - min(max_suffix, max_suffix_rev) < global period of NEEDLE - 1 <= p <= global period of NEEDLE - p == global period of the substring NEEDLE[max_suffix{,_rev}+1...j] - 1 <= k <= p - */ - - /* Perform lexicographic search. */ - max_suffix = SIZE_MAX; - j = 0; - k = p = 1; - while (j + k < needle_len) - { - a = CANON_ELEMENT (needle[j + k]); - b = CANON_ELEMENT (needle[max_suffix + k]); - if (a < b) - { - /* Suffix is smaller, period is entire prefix so far. */ - j += k; - k = 1; - p = j - max_suffix; - } - else if (a == b) - { - /* Advance through repetition of the current period. */ - if (k != p) - ++k; - else - { - j += p; - k = 1; - } - } - else /* b < a */ - { - /* Suffix is larger, start over from current location. */ - max_suffix = j++; - k = p = 1; - } - } - *period = p; - - /* Perform reverse lexicographic search. */ - max_suffix_rev = SIZE_MAX; - j = 0; - k = p = 1; - while (j + k < needle_len) - { - a = CANON_ELEMENT (needle[j + k]); - b = CANON_ELEMENT (needle[max_suffix_rev + k]); - if (b < a) - { - /* Suffix is smaller, period is entire prefix so far. */ - j += k; - k = 1; - p = j - max_suffix_rev; - } - else if (a == b) - { - /* Advance through repetition of the current period. */ - if (k != p) - ++k; - else - { - j += p; - k = 1; - } - } - else /* a < b */ - { - /* Suffix is larger, start over from current location. */ - max_suffix_rev = j++; - k = p = 1; - } - } - - /* Choose the longer suffix. Return the first byte of the right - half, rather than the last byte of the left half. */ - if (max_suffix_rev + 1 < max_suffix + 1) - return max_suffix + 1; - *period = p; - return max_suffix_rev + 1; -} - -/* Return the first location of non-empty NEEDLE within HAYSTACK, or - NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This - method is optimized for NEEDLE_LEN < LONG_NEEDLE_THRESHOLD. - Performance is guaranteed to be linear, with an initialization cost - of 2 * NEEDLE_LEN comparisons. - - If AVAILABLE does not modify HAYSTACK_LEN (as in memmem), then at - most 2 * HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching. - If AVAILABLE modifies HAYSTACK_LEN (as in strstr), then at most 3 * - HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching. */ -static RETURN_TYPE -two_way_short_needle (const unsigned char *haystack, size_t haystack_len, - const unsigned char *needle, size_t needle_len) -{ - size_t i; /* Index into current byte of NEEDLE. */ - size_t j; /* Index into current window of HAYSTACK. */ - size_t period; /* The period of the right half of needle. */ - size_t suffix; /* The index of the right half of needle. */ - - /* Factor the needle into two halves, such that the left half is - smaller than the global period, and the right half is - periodic (with a period as large as NEEDLE_LEN - suffix). */ - suffix = critical_factorization (needle, needle_len, &period); - - /* Perform the search. Each iteration compares the right half - first. */ - if (CMP_FUNC (needle, needle + period, suffix) == 0) - { - /* Entire needle is periodic; a mismatch can only advance by the - period, so use memory to avoid rescanning known occurrences - of the period. */ - size_t memory = 0; - j = 0; - while (AVAILABLE (haystack, haystack_len, j, needle_len)) - { - /* Scan for matches in right half. */ - i = MAX (suffix, memory); - while (i < needle_len && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - ++i; - if (needle_len <= i) - { - /* Scan for matches in left half. */ - i = suffix - 1; - while (memory < i + 1 && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - --i; - if (i + 1 < memory + 1) - return (RETURN_TYPE) (haystack + j); - /* No match, so remember how many repetitions of period - on the right half were scanned. */ - j += period; - memory = needle_len - period; - } - else - { - j += i - suffix + 1; - memory = 0; - } - } - } - else - { - /* The two halves of needle are distinct; no extra memory is - required, and any mismatch results in a maximal shift. */ - period = MAX (suffix, needle_len - suffix) + 1; - j = 0; - while (AVAILABLE (haystack, haystack_len, j, needle_len)) - { - /* Scan for matches in right half. */ - i = suffix; - while (i < needle_len && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - ++i; - if (needle_len <= i) - { - /* Scan for matches in left half. */ - i = suffix - 1; - while (i != SIZE_MAX && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - --i; - if (i == SIZE_MAX) - return (RETURN_TYPE) (haystack + j); - j += period; - } - else - j += i - suffix + 1; - } - } - return NULL; -} - -/* Return the first location of non-empty NEEDLE within HAYSTACK, or - NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This - method is optimized for LONG_NEEDLE_THRESHOLD <= NEEDLE_LEN. - Performance is guaranteed to be linear, with an initialization cost - of 3 * NEEDLE_LEN + (1 << CHAR_BIT) operations. - - If AVAILABLE does not modify HAYSTACK_LEN (as in memmem), then at - most 2 * HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching, - and sublinear performance O(HAYSTACK_LEN / NEEDLE_LEN) is possible. - If AVAILABLE modifies HAYSTACK_LEN (as in strstr), then at most 3 * - HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching, and - sublinear performance is not possible. */ -static RETURN_TYPE -two_way_long_needle (const unsigned char *haystack, size_t haystack_len, - const unsigned char *needle, size_t needle_len) -{ - size_t i; /* Index into current byte of NEEDLE. */ - size_t j; /* Index into current window of HAYSTACK. */ - size_t period; /* The period of the right half of needle. */ - size_t suffix; /* The index of the right half of needle. */ - size_t shift_table[1U << CHAR_BIT]; /* See below. */ - - /* Factor the needle into two halves, such that the left half is - smaller than the global period, and the right half is - periodic (with a period as large as NEEDLE_LEN - suffix). */ - suffix = critical_factorization (needle, needle_len, &period); - - /* Populate shift_table. For each possible byte value c, - shift_table[c] is the distance from the last occurrence of c to - the end of NEEDLE, or NEEDLE_LEN if c is absent from the NEEDLE. - shift_table[NEEDLE[NEEDLE_LEN - 1]] contains the only 0. */ - for (i = 0; i < 1U << CHAR_BIT; i++) - shift_table[i] = needle_len; - for (i = 0; i < needle_len; i++) - shift_table[CANON_ELEMENT (needle[i])] = needle_len - i - 1; - - /* Perform the search. Each iteration compares the right half - first. */ - if (CMP_FUNC (needle, needle + period, suffix) == 0) - { - /* Entire needle is periodic; a mismatch can only advance by the - period, so use memory to avoid rescanning known occurrences - of the period. */ - size_t memory = 0; - size_t shift; - j = 0; - while (AVAILABLE (haystack, haystack_len, j, needle_len)) - { - /* Check the last byte first; if it does not match, then - shift to the next possible match location. */ - shift = shift_table[CANON_ELEMENT (haystack[j + needle_len - 1])]; - if (0 < shift) - { - if (memory && shift < period) - { - /* Since needle is periodic, but the last period has - a byte out of place, there can be no match until - after the mismatch. */ - shift = needle_len - period; - memory = 0; - } - j += shift; - continue; - } - /* Scan for matches in right half. The last byte has - already been matched, by virtue of the shift table. */ - i = MAX (suffix, memory); - while (i < needle_len - 1 && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - ++i; - if (needle_len - 1 <= i) - { - /* Scan for matches in left half. */ - i = suffix - 1; - while (memory < i + 1 && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - --i; - if (i + 1 < memory + 1) - return (RETURN_TYPE) (haystack + j); - /* No match, so remember how many repetitions of period - on the right half were scanned. */ - j += period; - memory = needle_len - period; - } - else - { - j += i - suffix + 1; - memory = 0; - } - } - } - else - { - /* The two halves of needle are distinct; no extra memory is - required, and any mismatch results in a maximal shift. */ - size_t shift; - period = MAX (suffix, needle_len - suffix) + 1; - j = 0; - while (AVAILABLE (haystack, haystack_len, j, needle_len)) - { - /* Check the last byte first; if it does not match, then - shift to the next possible match location. */ - shift = shift_table[CANON_ELEMENT (haystack[j + needle_len - 1])]; - if (0 < shift) - { - j += shift; - continue; - } - /* Scan for matches in right half. The last byte has - already been matched, by virtue of the shift table. */ - i = suffix; - while (i < needle_len - 1 && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - ++i; - if (needle_len - 1 <= i) - { - /* Scan for matches in left half. */ - i = suffix - 1; - while (i != SIZE_MAX && (CANON_ELEMENT (needle[i]) - == CANON_ELEMENT (haystack[i + j]))) - --i; - if (i == SIZE_MAX) - return (RETURN_TYPE) (haystack + j); - j += period; - } - else - j += i - suffix + 1; - } - } - return NULL; -} - -#undef AVAILABLE -#undef CANON_ELEMENT -#undef CMP_FUNC -#undef MAX -#undef RETURN_TYPE diff --git a/lib/libmicrohttpd/src/daemon/https/tls/x509_b64.c b/lib/libmicrohttpd/src/daemon/https/tls/x509_b64.c deleted file mode 100644 index 152f740943..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/x509_b64.c +++ /dev/null @@ -1,413 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions that relate to base64 encoding and decoding. - */ - -#include "gnutls_int.h" -#include "gnutls_errors.h" -#include <gnutls_datum.h> -#include <x509_b64.h> - -static const uint8_t b64table[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -static const uint8_t asciitable[128] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, - 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, - 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */ - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, - 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, - 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, - 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, - 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, - 0xff, 0xff -}; - -#define INCR(what, size) \ - do { \ - what+=size; \ - if (what > ret) { \ - MHD_gnutls_assert(); \ - MHD_gnutls_free( (*result)); *result = NULL; \ - return GNUTLS_E_INTERNAL_ERROR; \ - } \ - } while(0) - - -inline static int -encode (char *result, const uint8_t * data, int left) -{ - - int data_len; - - if (left > 3) - data_len = 3; - else - data_len = left; - - switch (data_len) - { - case 3: - result[0] = b64table[(data[0] >> 2)]; - result[1] = - b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | - (data[1] >> 4))]; - result[2] = - b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))]; - result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)]; - break; - case 2: - result[0] = b64table[(data[0] >> 2)]; - result[1] = - b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | - (data[1] >> 4))]; - result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)]; - result[3] = '='; - break; - case 1: - result[0] = b64table[(data[0] >> 2)]; - result[1] = b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff))]; - result[2] = '='; - result[3] = '='; - break; - default: - return -1; - } - - return 4; - -} - -/* data must be 4 bytes - * result should be 3 bytes - */ -#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff) -inline static int -decode (uint8_t * result, const opaque * data) -{ - uint8_t a1, a2; - int ret = 3; - - a1 = TOASCII (data[0]); - a2 = TOASCII (data[1]); - if (a1 == 0xff || a2 == 0xff) - return -1; - result[0] = ((a1 << 2) & 0xff) | ((a2 >> 4) & 0xff); - - a1 = a2; - a2 = TOASCII (data[2]); - if (a2 == 0xff) - return -1; - result[1] = ((a1 << 4) & 0xff) | ((a2 >> 2) & 0xff); - - a1 = a2; - a2 = TOASCII (data[3]); - if (a2 == 0xff) - return -1; - result[2] = ((a1 << 6) & 0xff) | (a2 & 0xff); - - if (data[2] == '=') - ret--; - - if (data[3] == '=') - ret--; - return ret; -} - -/* encodes data and puts the result into result (locally allocated) - * The result_size (including the null terminator) is the return value. - */ -int -MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, - int data_size, uint8_t ** result) -{ - int i, ret, tmp, j; - char tmpres[4]; - uint8_t *ptr; - uint8_t top[80]; - uint8_t bottom[80]; - int pos, bytes, top_len, bottom_len; - size_t msglen = strlen (msg); - - if (msglen > 50) - { - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_ENCODING_ERROR; - } - - memset (bottom, 0, sizeof (bottom)); - memset (top, 0, sizeof (top)); - - strcat ((char *) top, "-----BEGIN "); /* Flawfinder: ignore */ - strcat ((char *) top, msg); /* Flawfinder: ignore */ - strcat ((char *) top, "-----"); /* Flawfinder: ignore */ - - strcat ((char *) bottom, "\n-----END "); /* Flawfinder: ignore */ - strcat ((char *) bottom, msg); /* Flawfinder: ignore */ - strcat ((char *) bottom, "-----\n"); /* Flawfinder: ignore */ - - top_len = strlen ((char *) top); - bottom_len = strlen ((char *) bottom); - - ret = B64FSIZE (msglen, data_size); - - (*result) = MHD_gnutls_calloc (1, ret + 1); - if ((*result) == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - bytes = pos = 0; - INCR (bytes, top_len); - pos = top_len; - - strcpy ((char *) *result, (char *) top); /* Flawfinder: ignore */ - - for (i = j = 0; i < data_size; i += 3, j += 4) - { - - tmp = encode (tmpres, &data[i], data_size - i); - if (tmp == -1) - { - MHD_gnutls_assert (); - MHD_gnutls_free ((*result)); - *result = NULL; - return GNUTLS_E_BASE64_ENCODING_ERROR; - } - - INCR (bytes, 4); - ptr = &(*result)[j + pos]; - - if ((j) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } - *ptr++ = tmpres[0]; - - if ((j + 1) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } - *ptr++ = tmpres[1]; - - if ((j + 2) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } - *ptr++ = tmpres[2]; - - if ((j + 3) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } - *ptr++ = tmpres[3]; - } - - INCR (bytes, bottom_len); - - memcpy (&(*result)[bytes - bottom_len], bottom, bottom_len); - (*result)[bytes] = 0; - - return ret + 1; -} - -/* decodes data and puts the result into result (locally allocated) - * The result_size is the return value - */ -int -MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size, - uint8_t ** result) -{ - unsigned int i, j; - int ret, tmp, est; - uint8_t tmpres[3]; - - est = ((data_size * 3) / 4) + 1; - (*result) = MHD_gnutls_malloc (est); - if ((*result) == NULL) - return GNUTLS_E_MEMORY_ERROR; - - ret = 0; - for (i = j = 0; i < data_size; i += 4, j += 3) - { - tmp = decode (tmpres, &data[i]); - if (tmp < 0) - { - MHD_gnutls_free (*result); - *result = NULL; - return tmp; - } - memcpy (&(*result)[j], tmpres, tmp); - ret += tmp; - } - return ret; -} - -/* copies data to result but removes newlines and <CR> - * returns the size of the data copied. - */ -inline static int -cpydata (const uint8_t * data, int data_size, uint8_t ** result) -{ - int i, j; - - (*result) = MHD_gnutls_malloc (data_size); - if (*result == NULL) - return GNUTLS_E_MEMORY_ERROR; - - for (j = i = 0; i < data_size; i++) - { - if (data[i] == '\n' || data[i] == '\r') - continue; - (*result)[j] = data[i]; - j++; - } - return j; -} - -/* Searches the given string for ONE PEM encoded certificate, and - * stores it in the result. - * - * The result_size is the return value - */ -#define ENDSTR "-----\n" -#define ENDSTR2 "-----\r" -int -MHD__gnutls_fbase64_decode (const char *header, const opaque * data, - size_t data_size, uint8_t ** result) -{ - int ret; - static const char top[] = "-----BEGIN "; - static const char bottom[] = "\n-----END "; - uint8_t *rdata; - int rdata_size; - uint8_t *kdata; - int kdata_size; - char pem_header[128]; - - MHD_gtls_str_cpy (pem_header, sizeof (pem_header), top); - if (header != NULL) - MHD_gtls_str_cat (pem_header, sizeof (pem_header), header); - - rdata = memmem (data, data_size, pem_header, strlen (pem_header)); - - if (rdata == NULL) - { - MHD_gnutls_assert (); - MHD__gnutls_debug_log ("Could not find '%s'\n", pem_header); - return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR; - } - - data_size -= (unsigned long int) rdata - (unsigned long int) data; - - if (data_size < 4 + strlen (bottom)) - { - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - - kdata = memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1); - /* allow CR as well. - */ - if (kdata == NULL) - kdata = memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1); - - if (kdata == NULL) - { - MHD_gnutls_assert (); - MHD__gnutls_x509_log ("Could not find '%s'\n", ENDSTR); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - data_size -= strlen (ENDSTR); - data_size -= (unsigned long int) kdata - (unsigned long int) rdata; - - rdata = kdata + strlen (ENDSTR); - - /* position is now after the ---BEGIN--- headers */ - - kdata = memmem (rdata, data_size, bottom, strlen (bottom)); - if (kdata == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - - /* position of kdata is before the ----END--- footer - */ - rdata_size = (unsigned long int) kdata - (unsigned long int) rdata; - - if (rdata_size < 4) - { - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - - kdata_size = cpydata (rdata, rdata_size, &kdata); - - if (kdata_size < 0) - { - MHD_gnutls_assert (); - return kdata_size; - } - - if (kdata_size < 4) - { - MHD_gnutls_assert (); - MHD_gnutls_free (kdata); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - - if ((ret = MHD__gnutls_base64_decode (kdata, kdata_size, result)) < 0) - { - MHD_gnutls_free (kdata); - MHD_gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - MHD_gnutls_free (kdata); - - return ret; -} diff --git a/lib/libmicrohttpd/src/daemon/https/tls/x509_b64.h b/lib/libmicrohttpd/src/daemon/https/tls/x509_b64.h deleted file mode 100644 index ebb48639f9..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/tls/x509_b64.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, - int data_size, uint8_t ** result); -int MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size, - uint8_t ** result); -int MHD__gnutls_fbase64_decode (const char *header, const uint8_t * data, - size_t data_size, uint8_t ** result); - -#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) - -/* The size for B64 encoding + newlines plus header - */ - -#define HEADSIZE( hsize) \ - sizeof("-----BEGIN ")-1+sizeof("-----")-1+ \ - sizeof("\n-----END ")-1+sizeof("-----\n")-1+hsize+hsize - -#define B64FSIZE( hsize, dsize) \ - (B64SIZE(dsize) + HEADSIZE(hsize) + /*newlines*/ \ - B64SIZE(dsize)/64 + (((B64SIZE(dsize) % 64) > 0) ? 1 : 0)) diff --git a/lib/libmicrohttpd/src/daemon/https/x509/Makefile.am b/lib/libmicrohttpd/src/daemon/https/x509/Makefile.am deleted file mode 100644 index 78844a11e0..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/Makefile.am +++ /dev/null @@ -1,24 +0,0 @@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/include \ - -I$(top_srcdir)/src/daemon/https \ - -I$(top_srcdir)/src/daemon/https/minitasn1 \ - -I$(top_srcdir)/src/daemon/https/lgl \ - -I$(top_srcdir)/src/daemon/https/tls \ - -I$(top_srcdir)/src/daemon/https/x509 \ - @LIBGCRYPT_CFLAGS@ - -noinst_LTLIBRARIES = libx509.la - -if USE_COVERAGE - AM_CFLAGS = -fprofile-arcs -ftest-coverage -endif - - -libx509_la_SOURCES = \ - common.c common.h \ - extensions.c extensions.h \ - mpi.c mpi.h \ - x509_privkey.c privkey.h \ - x509.c x509.h -libx509_la_LIBADD = @LIBGCRYPT_LIBS@ - diff --git a/lib/libmicrohttpd/src/daemon/https/x509/Makefile.in b/lib/libmicrohttpd/src/daemon/https/x509/Makefile.in deleted file mode 100644 index 3cba9132d6..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/Makefile.in +++ /dev/null @@ -1,509 +0,0 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -VPATH = @srcdir@ -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -subdir = src/daemon/https/x509 -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/libcurl.m4 \ - $(top_srcdir)/m4/libgcrypt.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/MHD_config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libx509_la_DEPENDENCIES = -am_libx509_la_OBJECTS = common.lo extensions.lo mpi.lo x509_privkey.lo \ - x509.lo -libx509_la_OBJECTS = $(am_libx509_la_OBJECTS) -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ - $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -CCLD = $(CC) -LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ - --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ - $(LDFLAGS) -o $@ -SOURCES = $(libx509_la_SOURCES) -DIST_SOURCES = $(libx509_la_SOURCES) -ETAGS = etags -CTAGS = ctags -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AR = @AR@ -AS = @AS@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -EXT_LIBS = @EXT_LIBS@ -EXT_LIB_PATH = @EXT_LIB_PATH@ -FGREP = @FGREP@ -GREP = @GREP@ -HAVE_SOCAT = @HAVE_SOCAT@ -HAVE_ZZUF = @HAVE_ZZUF@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LIBCURL = @LIBCURL@ -LIBCURL_CPPFLAGS = @LIBCURL_CPPFLAGS@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ -LIBOBJS = @LIBOBJS@ -LIBS = @LIBS@ -LIBTOOL = @LIBTOOL@ -LIB_VERSION_AGE = @LIB_VERSION_AGE@ -LIB_VERSION_CURRENT = @LIB_VERSION_CURRENT@ -LIB_VERSION_REVISION = @LIB_VERSION_REVISION@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBOBJS = @LTLIBOBJS@ -MAKEINFO = @MAKEINFO@ -MHD_LIBDEPS = @MHD_LIBDEPS@ -MHD_LIB_LDFLAGS = @MHD_LIB_LDFLAGS@ -MKDIR_P = @MKDIR_P@ -NM = @NM@ -NMEDIT = @NMEDIT@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PTHREAD_CPPFLAGS = @PTHREAD_CPPFLAGS@ -PTHREAD_LDFLAGS = @PTHREAD_LDFLAGS@ -PTHREAD_LIBS = @PTHREAD_LIBS@ -RANLIB = @RANLIB@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRIP = @STRIP@ -VERSION = @VERSION@ -_libcurl_config = @_libcurl_config@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/include \ - -I$(top_srcdir)/src/daemon/https \ - -I$(top_srcdir)/src/daemon/https/minitasn1 \ - -I$(top_srcdir)/src/daemon/https/lgl \ - -I$(top_srcdir)/src/daemon/https/tls \ - -I$(top_srcdir)/src/daemon/https/x509 \ - @LIBGCRYPT_CFLAGS@ - -noinst_LTLIBRARIES = libx509.la -@USE_COVERAGE_TRUE@AM_CFLAGS = -fprofile-arcs -ftest-coverage -libx509_la_SOURCES = \ - common.c common.h \ - extensions.c extensions.h \ - mpi.c mpi.h \ - x509_privkey.c privkey.h \ - x509.c x509.h - -libx509_la_LIBADD = @LIBGCRYPT_LIBS@ -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .o .obj -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/daemon/https/x509/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/daemon/https/x509/Makefile -.PRECIOUS: Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): - -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ - dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ - test "$$dir" != "$$p" || dir=.; \ - echo "rm -f \"$${dir}/so_locations\""; \ - rm -f "$${dir}/so_locations"; \ - done -libx509.la: $(libx509_la_OBJECTS) $(libx509_la_DEPENDENCIES) - $(LINK) $(libx509_la_OBJECTS) $(libx509_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/extensions.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpi.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_privkey.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs - -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - set x; \ - here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am -check: check-am -all-am: Makefile $(LTLIBRARIES) -installdirs: -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -mostlyclean-generic: - -clean-generic: - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." -clean: clean-am - -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am - -distclean: distclean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: - -.MAKE: install-am install-strip - -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-libtool clean-noinstLTLIBRARIES ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags uninstall uninstall-am - - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/lib/libmicrohttpd/src/daemon/https/x509/common.c b/lib/libmicrohttpd/src/daemon/https/x509/common.c deleted file mode 100644 index 0c8410d1b3..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/common.c +++ /dev/null @@ -1,447 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <libtasn1.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <gnutls_str.h> -#include <gnutls_x509.h> -#include <gnutls_num.h> -#include <x509_b64.h> -#include <common.h> -#include <mpi.h> -#include <time.h> - -/* A generic export function. Will export the given ASN.1 encoded data - * to PEM or DER raw data. - */ -int -MHD__gnutls_x509_export_int (ASN1_TYPE MHD__asn1_data, - MHD_gnutls_x509_crt_fmt_t format, - char *pem_header, - unsigned char *output_data, - size_t * output_data_size) -{ - int result, len; - - if (format == GNUTLS_X509_FMT_DER) - { - - if (output_data == NULL) - *output_data_size = 0; - - len = *output_data_size; - - if ((result = - MHD__asn1_der_coding (MHD__asn1_data, "", output_data, &len, - NULL)) != ASN1_SUCCESS) - { - *output_data_size = len; - if (result == ASN1_MEM_ERROR) - { - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - *output_data_size = len; - - } - else - { /* PEM */ - opaque *out; - MHD_gnutls_datum_t tmp; - - result = MHD__gnutls_x509_der_encode (MHD__asn1_data, "", &tmp, 0); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - result = - MHD__gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, &out); - - MHD__gnutls_free_datum (&tmp); - - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - if (result == 0) - { /* oooops */ - MHD_gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if ((unsigned) result > *output_data_size) - { - MHD_gnutls_assert (); - MHD_gnutls_free (out); - *output_data_size = result; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - *output_data_size = result; - - if (output_data) - { - memcpy (output_data, out, result); - - /* do not include the null character into output size. - */ - *output_data_size = result - 1; - } - MHD_gnutls_free (out); - - } - - return 0; -} - -/* Decodes an octet string. Leave string_type null for a normal - * octet string. Otherwise put something like BMPString, PrintableString - * etc. - */ -static int -MHD__gnutls_x509_decode_octet_string (const char *string_type, - const opaque * der, - size_t der_size, - opaque * output, size_t * output_size) -{ - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, tmp_output_size; - char strname[64]; - - if (string_type == NULL) - MHD_gtls_str_cpy (strname, sizeof (strname), "PKIX1.pkcs-7-Data"); - else - { - MHD_gtls_str_cpy (strname, sizeof (strname), "PKIX1."); - MHD_gtls_str_cat (strname, sizeof (strname), string_type); - } - - if ((result = - MHD__asn1_create_element (MHD__gnutls_get_pkix (), strname, - &c2)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - result = MHD__asn1_der_decoding (&c2, der, der_size, NULL); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - tmp_output_size = *output_size; - result = MHD__asn1_read_value (c2, "", output, &tmp_output_size); - *output_size = tmp_output_size; - - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - return 0; - -cleanup:if (c2) - MHD__asn1_delete_structure (&c2); - - return result; -} - -/* Reads a value from an ASN1 tree, and puts the output - * in an allocated variable in the given datum. - * flags == 0 do nothing with the DER output - * flags == 1 parse the DER output as OCTET STRING - * flags == 2 the value is a BIT STRING - */ -int -MHD__gnutls_x509_read_value (ASN1_TYPE c, - const char *root, MHD_gnutls_datum_t * ret, - int flags) -{ - int len = 0, result; - size_t slen; - opaque *tmp = NULL; - - result = MHD__asn1_read_value (c, root, NULL, &len); - if (result != ASN1_MEM_ERROR) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - return result; - } - - if (flags == 2) - len /= 8; - - tmp = MHD_gnutls_malloc (len); - if (tmp == NULL) - { - MHD_gnutls_assert (); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - result = MHD__asn1_read_value (c, root, tmp, &len); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - if (flags == 2) - len /= 8; - - /* Extract the OCTET STRING. - */ - - if (flags == 1) - { - slen = len; - result = - MHD__gnutls_x509_decode_octet_string (NULL, tmp, slen, tmp, &slen); - if (result < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - len = slen; - } - - ret->data = tmp; - ret->size = len; - - return 0; - -cleanup:MHD_gnutls_free (tmp); - return result; - -} - -/* DER Encodes the src ASN1_TYPE and stores it to - * the given datum. If str is non null then the data are encoded as - * an OCTET STRING. - */ -int -MHD__gnutls_x509_der_encode (ASN1_TYPE src, - const char *src_name, MHD_gnutls_datum_t * res, - int str) -{ - int size, result; - int asize; - opaque *data = NULL; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - size = 0; - result = MHD__asn1_der_coding (src, src_name, NULL, &size, NULL); - if (result != ASN1_MEM_ERROR) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - /* allocate data for the der - */ - - if (str) - size += 16; /* for later to include the octet tags */ - asize = size; - - data = MHD_gnutls_malloc (size); - if (data == NULL) - { - MHD_gnutls_assert (); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - result = MHD__asn1_der_coding (src, src_name, data, &size, NULL); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - if (str) - { - if ((result = - MHD__asn1_create_element (MHD__gnutls_get_pkix (), - "PKIX1.pkcs-7-Data", - &c2)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - result = MHD__asn1_write_value (c2, "", data, size); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - result = MHD__asn1_der_coding (c2, "", data, &asize, NULL); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - result = MHD_gtls_asn2err (result); - goto cleanup; - } - - size = asize; - - MHD__asn1_delete_structure (&c2); - } - - res->data = data; - res->size = size; - return 0; - -cleanup:MHD_gnutls_free (data); - MHD__asn1_delete_structure (&c2); - return result; - -} - -/* Reads and returns the PK algorithm of the given certificate-like - * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo". - */ -int -MHD__gnutls_x509_get_pk_algorithm (ASN1_TYPE src, - const char *src_name, unsigned int *bits) -{ - int result; - opaque *str = NULL; - int algo; - char oid[64]; - int len; - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; - char name[128]; - - MHD_gtls_str_cpy (name, sizeof (name), src_name); - MHD_gtls_str_cat (name, sizeof (name), ".algorithm.algorithm"); - - len = sizeof (oid); - result = MHD__asn1_read_value (src, name, oid, &len); - - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - algo = MHD_gtls_x509_oid2pk_algorithm (oid); - - if (bits == NULL) - { - MHD_gnutls_free (str); - return algo; - } - - /* Now read the parameters' bits - */ - MHD_gtls_str_cpy (name, sizeof (name), src_name); - MHD_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); - - len = 0; - result = MHD__asn1_read_value (src, name, NULL, &len); - if (result != ASN1_MEM_ERROR) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - if (len % 8 != 0) - { - MHD_gnutls_assert (); - return GNUTLS_E_CERTIFICATE_ERROR; - } - - len /= 8; - - str = MHD_gnutls_malloc (len); - if (str == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - MHD_gtls_str_cpy (name, sizeof (name), src_name); - MHD_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); - - result = MHD__asn1_read_value (src, name, str, &len); - - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - MHD_gnutls_free (str); - return MHD_gtls_asn2err (result); - } - - len /= 8; - - switch (algo) - { - case MHD_GNUTLS_PK_RSA: - { - if ((result = - MHD__gnutls_x509_read_rsa_params (str, len, params)) < 0) - { - MHD_gnutls_assert (); - return result; - } - - bits[0] = MHD__gnutls_mpi_get_nbits (params[0]); - - MHD_gtls_mpi_release (¶ms[0]); - MHD_gtls_mpi_release (¶ms[1]); - } - break; - default: - MHD__gnutls_x509_log - ("MHD__gnutls_x509_get_pk_algorithm: unhandled algorithm %d\n", algo); - } - - MHD_gnutls_free (str); - return algo; -} diff --git a/lib/libmicrohttpd/src/daemon/https/x509/common.h b/lib/libmicrohttpd/src/daemon/https/x509/common.h deleted file mode 100644 index d78c7cc28b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/common.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef COMMON_H -# define COMMON_H - -#include <gnutls.h> -#include <gnutls_algorithms.h> - -#define MAX_STRING_LEN 512 - -#define GNUTLS_XML_SHOW_ALL 1 - -#define PEM_CRL "X509 CRL" -#define PEM_X509_CERT "X509 CERTIFICATE" -#define PEM_X509_CERT2 "CERTIFICATE" -#define PEM_PKCS7 "PKCS7" -#define PEM_PKCS12 "PKCS12" - -/* public key algorithm's OIDs - */ -#define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1" -#define PK_DSA_OID "1.2.840.10040.4.1" -#define PK_GOST_R3410_94_OID "1.2.643.2.2.20" -#define PK_GOST_R3410_2001_OID "1.2.643.2.2.19" - -/* signature OIDs - */ -#define SIG_DSA_SHA1_OID "1.2.840.10040.4.3" -#define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4" -#define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2" -#define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5" -#define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11" -#define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12" -#define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13" -#define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2" -#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" -#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" - -int MHD__gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, - MHD_gnutls_datum_t * res, int str); - -int MHD__gnutls_x509_export_int (ASN1_TYPE MHD__asn1_data, - MHD_gnutls_x509_crt_fmt_t format, - char *pem_header, unsigned char *output_data, - size_t * output_data_size); - -int MHD__gnutls_x509_read_value (ASN1_TYPE c, const char *root, - MHD_gnutls_datum_t * ret, int str); - -int MHD__gnutls_x509_decode_and_read_attribute (ASN1_TYPE MHD__asn1_struct, - const char *where, char *oid, - int oid_size, - MHD_gnutls_datum_t * value, - int multi, int octet); - -int MHD__gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, - unsigned int *bits); - -int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, - ASN1_TYPE src, const char *src_name); - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/x509/extensions.c b/lib/libmicrohttpd/src/daemon/https/x509/extensions.c deleted file mode 100644 index 82fddc5d78..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/extensions.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions that relate to the X.509 extension parsing. - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_global.h> -#include <mpi.h> -#include <libtasn1.h> -#include <common.h> -#include <x509.h> -#include <extensions.h> -#include <gnutls_datum.h> - -/* This function will attempt to return the requested extension found in - * the given X509v3 certificate. The return value is allocated and stored into - * ret. - * - * Critical will be either 0 or 1. - * - * If the extension does not exist, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will - * be returned. - */ -int -MHD__gnutls_x509_crt_get_extension (MHD_gnutls_x509_crt_t cert, - const char *extension_id, int indx, - MHD_gnutls_datum_t * ret, - unsigned int *_critical) -{ - int k, result, len; - char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; - char str[1024]; - char str_critical[10]; - int critical = 0; - char extnID[128]; - MHD_gnutls_datum_t value; - int indx_counter = 0; - - ret->data = NULL; - ret->size = 0; - - k = 0; - do - { - k++; - - snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", k); - - len = sizeof (str) - 1; - result = MHD__asn1_read_value (cert->cert, name, str, &len); - - /* move to next - */ - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } - - do - { - - MHD_gtls_str_cpy (name2, sizeof (name2), name); - MHD_gtls_str_cat (name2, sizeof (name2), ".extnID"); - - len = sizeof (extnID) - 1; - result = MHD__asn1_read_value (cert->cert, name2, extnID, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - MHD_gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - /* Handle Extension - */ - if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) - { - /* extension was found - */ - - /* read the critical status. - */ - MHD_gtls_str_cpy (name2, sizeof (name2), name); - MHD_gtls_str_cat (name2, sizeof (name2), ".critical"); - - len = sizeof (str_critical); - result = - MHD__asn1_read_value (cert->cert, name2, str_critical, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - MHD_gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - if (str_critical[0] == 'T') - critical = 1; - else - critical = 0; - - /* read the value. - */ - MHD_gtls_str_cpy (name2, sizeof (name2), name); - MHD_gtls_str_cat (name2, sizeof (name2), ".extnValue"); - - result = - MHD__gnutls_x509_read_value (cert->cert, name2, &value, 0); - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - ret->data = value.data; - ret->size = value.size; - - if (_critical) - *_critical = critical; - - return 0; - } - - - } - while (0); - } - while (1); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - else - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } -} - -/* Here we only extract the KeyUsage field, from the DER encoded - * extension. - */ -int -MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, - opaque * extnValue, int extnValueLen) -{ - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - int len, result; - uint8_t str[2]; - - str[0] = str[1] = 0; - *keyUsage = 0; - - if ((result = MHD__asn1_create_element - (MHD__gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL); - - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - MHD__asn1_delete_structure (&ext); - return MHD_gtls_asn2err (result); - } - - len = sizeof (str); - result = MHD__asn1_read_value (ext, "", str, &len); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - MHD__asn1_delete_structure (&ext); - return 0; - } - - *keyUsage = str[0] | (str[1] << 8); - - MHD__asn1_delete_structure (&ext); - - return 0; -} diff --git a/lib/libmicrohttpd/src/daemon/https/x509/extensions.h b/lib/libmicrohttpd/src/daemon/https/x509/extensions.h deleted file mode 100644 index 5a945cb15b..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/extensions.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -int MHD__gnutls_x509_crt_get_extension (MHD_gnutls_x509_crt_t cert, - const char *extension_id, int indx, - MHD_gnutls_datum_t * ret, - unsigned int *critical); - -int MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert, - int indx, void *ret, - size_t * ret_size); -int MHD__gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, - opaque * extnValue, - int extnValueLen); diff --git a/lib/libmicrohttpd/src/daemon/https/x509/mpi.c b/lib/libmicrohttpd/src/daemon/https/x509/mpi.c deleted file mode 100644 index 4a54070204..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/mpi.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_global.h> -#include <libtasn1.h> -#include <gnutls_datum.h> -#include "common.h" -#include "x509.h" -#include <gnutls_num.h> -#include "mpi.h" - -/* - * some x509 certificate parsing functions that relate to MPI parameter - * extraction. This reads the BIT STRING subjectPublicKey. - * Returns 2 parameters (m,e). - */ -int -MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params) -{ - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - if ((result = - MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), - "GNUTLS.RSAPublicKey", - &spk)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - result = MHD__asn1_der_decoding (&spk, der, dersize, NULL); - - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - MHD__asn1_delete_structure (&spk); - return MHD_gtls_asn2err (result); - } - - if ((result = MHD__gnutls_x509_read_int (spk, "modulus", ¶ms[0])) < 0) - { - MHD_gnutls_assert (); - MHD__asn1_delete_structure (&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - if ((result = - MHD__gnutls_x509_read_int (spk, "publicExponent", ¶ms[1])) < 0) - { - MHD_gnutls_assert (); - MHD_gtls_mpi_release (¶ms[0]); - MHD__asn1_delete_structure (&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - MHD__asn1_delete_structure (&spk); - - return 0; - -} - - -/* Extracts DSA and RSA parameters from a certificate. - */ -int -MHD__gnutls_x509_crt_get_mpis (MHD_gnutls_x509_crt_t cert, - mpi_t * params, int *params_size) -{ - int result; - int pk_algorithm; - MHD_gnutls_datum_t tmp = { NULL, 0 }; - - /* Read the algorithm's OID - */ - pk_algorithm = MHD_gnutls_x509_crt_get_pk_algorithm (cert, NULL); - - /* Read the algorithm's parameters - */ - result - = MHD__gnutls_x509_read_value (cert->cert, - "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", - &tmp, 2); - - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - switch (pk_algorithm) - { - case MHD_GNUTLS_PK_RSA: - /* params[0] is the modulus, - * params[1] is the exponent - */ - if (*params_size < RSA_PUBLIC_PARAMS) - { - MHD_gnutls_assert (); - /* internal error. Increase the mpi_ts in params */ - result = GNUTLS_E_INTERNAL_ERROR; - goto error; - } - - if ((result = - MHD__gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0) - { - MHD_gnutls_assert (); - goto error; - } - *params_size = RSA_PUBLIC_PARAMS; - - break; - default: - /* other types like DH - * currently not supported - */ - MHD_gnutls_assert (); - result = GNUTLS_E_X509_CERTIFICATE_ERROR; - goto error; - } - - result = 0; - -error:MHD__gnutls_free_datum (&tmp); - return result; -} - -/* - * some x509 certificate functions that relate to MPI parameter - * setting. This writes the BIT STRING subjectPublicKey. - * Needs 2 parameters (m,e). - * - * Allocates the space used to store the DER data. - */ -int -MHD__gnutls_x509_write_rsa_params (mpi_t * params, - int params_size, MHD_gnutls_datum_t * der) -{ - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - der->data = NULL; - der->size = 0; - - if (params_size < 2) - { - MHD_gnutls_assert (); - result = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } - - if ((result = - MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), - "GNUTLS.RSAPublicKey", - &spk)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - result = MHD__gnutls_x509_write_int (spk, "modulus", params[0], 0); - if (result < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - - result = MHD__gnutls_x509_write_int (spk, "publicExponent", params[1], 0); - if (result < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - - result = MHD__gnutls_x509_der_encode (spk, "", der, 0); - if (result < 0) - { - MHD_gnutls_assert (); - goto cleanup; - } - - MHD__asn1_delete_structure (&spk); - return 0; - -cleanup:MHD__asn1_delete_structure (&spk); - - return result; -} diff --git a/lib/libmicrohttpd/src/daemon/https/x509/mpi.h b/lib/libmicrohttpd/src/daemon/https/x509/mpi.h deleted file mode 100644 index ff9fdc1912..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/mpi.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include "x509.h" - -int MHD__gnutls_x509_crt_get_mpis (MHD_gnutls_x509_crt_t cert, - mpi_t * params, int *params_size); -int MHD__gnutls_x509_read_rsa_params (opaque * der, int dersize, - mpi_t * params); -int MHD__gnutls_x509_write_rsa_params (mpi_t * params, int params_size, - MHD_gnutls_datum_t * der); -int MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, - mpi_t * ret_mpi); -int MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, - int lz); diff --git a/lib/libmicrohttpd/src/daemon/https/x509/privkey.h b/lib/libmicrohttpd/src/daemon/https/x509/privkey.h deleted file mode 100644 index 37c6870350..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/privkey.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include "x509.h" - -ASN1_TYPE MHD__gnutls_privkey_decode_pkcs1_rsa_key (const MHD_gnutls_datum_t * - raw_key, - MHD_gnutls_x509_privkey_t - pkey); - -int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); diff --git a/lib/libmicrohttpd/src/daemon/https/x509/x509.c b/lib/libmicrohttpd/src/daemon/https/x509/x509.c deleted file mode 100644 index ff0d21e816..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/x509.c +++ /dev/null @@ -1,364 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation - * Author: Nikos Mavrogiannopoulos, Simon Josefsson, Howard Chu - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -/* Functions on X.509 Certificate parsing - */ - -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <common.h> -#include <gnutls_x509.h> -#include <x509_b64.h> -#include <x509.h> -#include <extensions.h> -#include <libtasn1.h> -#include <mpi.h> -#include <privkey.h> - -/** - * MHD_gnutls_x509_crt_init - This function initializes a MHD_gnutls_x509_crt_t structure - * @cert: The structure to be initialized - * - * This function will initialize an X.509 certificate structure. - * - * Returns 0 on success. - * - **/ -int -MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert) -{ - MHD_gnutls_x509_crt_t tmp = - MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_crt_int)); - int result; - - if (!tmp) - return GNUTLS_E_MEMORY_ERROR; - - result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), - "PKIX1.Certificate", &tmp->cert); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - MHD_gnutls_free (tmp); - return MHD_gtls_asn2err (result); - } - - *cert = tmp; - - return 0; /* success */ -} - -/** - * MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure - * @cert: The structure to be initialized - * - * This function will deinitialize a CRL structure. - * - **/ -void -MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert) -{ - if (!cert) - return; - - if (cert->cert) - MHD__asn1_delete_structure (&cert->cert); - - MHD_gnutls_free (cert); -} - -/** - * MHD_gnutls_x509_crt_import - This function will import a DER or PEM encoded Certificate - * @cert: The structure to store the parsed certificate. - * @data: The DER or PEM encoded certificate. - * @format: One of DER or PEM - * - * This function will convert the given DER or PEM encoded Certificate - * to the native MHD_gnutls_x509_crt_t format. The output will be stored in @cert. - * - * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or - * "CERTIFICATE". - * - * Returns 0 on success. - * - **/ -int -MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, - const MHD_gnutls_datum_t * data, - MHD_gnutls_x509_crt_fmt_t format) -{ - int result = 0, need_free = 0; - MHD_gnutls_datum_t _data; - opaque *signature = NULL; - - if (cert == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) - { - opaque *out; - - /* Try the first header */ - result = - MHD__gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, - &out); - - if (result <= 0) - { - /* try for the second header */ - result = MHD__gnutls_fbase64_decode (PEM_X509_CERT, data->data, - data->size, &out); - - if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - MHD_gnutls_assert (); - return result; - } - } - - _data.data = out; - _data.size = result; - - need_free = 1; - } - - result = MHD__asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) - { - result = MHD_gtls_asn2err (result); - MHD_gnutls_assert (); - goto cleanup; - } - - /* Since we do not want to disable any extension - */ - cert->use_extensions = 1; - if (need_free) - MHD__gnutls_free_datum (&_data); - - return 0; - -cleanup:MHD_gnutls_free (signature); - if (need_free) - MHD__gnutls_free_datum (&_data); - return result; -} - -/** - * MHD_gnutls_x509_crt_get_version - This function returns the Certificate's version number - * @cert: should contain a MHD_gnutls_x509_crt_t structure - * - * This function will return the version of the specified Certificate. - * - * Returns a negative value on error. - * - **/ -int -MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert) -{ - opaque version[5]; - int len, result; - - if (cert == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - len = sizeof (version); - if ((result = - MHD__asn1_read_value (cert->cert, "tbsCertificate.version", version, - &len)) != ASN1_SUCCESS) - { - - if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ - MHD_gnutls_assert (); - return MHD_gtls_asn2err (result); - } - - return (int) version[0] + 1; -} - -/** - * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm - * @cert: should contain a MHD_gnutls_x509_crt_t structure - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an X.509 - * certificate. - * - * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public - * exponent. - * - * Returns a member of the enum MHD_GNUTLS_PublicKeyAlgorithm enumeration on success, - * or a negative value on error. - * - **/ -int -MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, - unsigned int *bits) -{ - int result; - - if (cert == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - result = MHD__gnutls_x509_get_pk_algorithm (cert->cert, - "tbsCertificate.subjectPublicKeyInfo", - bits); - - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - return result; - -} - -inline static int -is_type_printable (int type) -{ - if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME || type - == GNUTLS_SAN_URI) - return 1; - else - return 0; -} - -/** - * MHD_gnutls_x509_crt_get_key_usage - This function returns the certificate's key usage - * @cert: should contain a MHD_gnutls_x509_crt_t structure - * @key_usage: where the key usage bits will be stored - * @critical: will be non zero if the extension is marked as critical - * - * This function will return certificate's key usage, by reading the - * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: - * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, - * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, - * GNUTLS_KEY_KEY_AGREEMENT, GNUTLS_KEY_KEY_CERT_SIGN, - * GNUTLS_KEY_CRL_SIGN, GNUTLS_KEY_ENCIPHER_ONLY, - * GNUTLS_KEY_DECIPHER_ONLY. - * - * A negative value may be returned in case of parsing error. - * If the certificate does not contain the keyUsage extension - * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - * - **/ -int -MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical) -{ - int result; - MHD_gnutls_datum_t keyUsage; - uint16_t _usage; - - if (cert == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = - MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage, - critical)) < 0) - { - return result; - } - - if (keyUsage.size == 0 || keyUsage.data == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } - - result = MHD__gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data, - keyUsage.size); - MHD__gnutls_free_datum (&keyUsage); - - *key_usage = _usage; - - if (result < 0) - { - MHD_gnutls_assert (); - return result; - } - - return 0; -} - - -/** - * MHD_gnutls_x509_crt_export - This function will export the certificate - * @cert: Holds the certificate - * @format: the format of output params. One of PEM or DER. - * @output_data: will contain a certificate PEM or DER encoded - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will export the certificate to DER or PEM format. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will - * be returned. - * - * If the structure is PEM encoded, it will have a header - * of "BEGIN CERTIFICATE". - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - **/ -int -MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, - MHD_gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size) -{ - if (cert == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - return MHD__gnutls_x509_export_int (cert->cert, format, "CERTIFICATE", - output_data, output_data_size); -} diff --git a/lib/libmicrohttpd/src/daemon/https/x509/x509.h b/lib/libmicrohttpd/src/daemon/https/x509/x509.h deleted file mode 100644 index 9a01d95b93..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/x509.h +++ /dev/null @@ -1,409 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#ifndef X509_H -#define X509_H - -#ifndef MIN -#define MIN(X,Y) ((X) > (Y) ? (Y) : (X)); -#endif - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include <gnutls.h> -#include <libtasn1.h> -#include "gnutls_mpi.h" - -/* Some OIDs usually found in Distinguished names, or - * in Subject Directory Attribute extensions. - */ -#define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6" -#define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10" -#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" -#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" -#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" -#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" - -#define GNUTLS_OID_X520_INITIALS "2.5.4.43" -#define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44" -#define GNUTLS_OID_X520_SURNAME "2.5.4.4" -#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42" -#define GNUTLS_OID_X520_TITLE "2.5.4.12" -#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46" -#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65" - -#define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25" -#define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1" - -/* The following should not be included in DN. - */ -#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" - -#define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1" -#define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2" -#define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3" -#define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4" -#define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5" - -/* Key purpose Object Identifiers. - */ -#define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1" -#define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2" -#define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3" -#define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4" -#define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8" -#define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9" -#define GNUTLS_KP_ANY "2.5.29.37.0" - -/* Certificate handling functions. - */ - typedef enum MHD_gnutls_certificate_import_flags - { - /* Fail if the certificates in the buffer are more than the space - * allocated for certificates. The error code will be - * GNUTLS_E_SHORT_MEMORY_BUFFER. - */ - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 - } MHD_gnutls_certificate_import_flags; - - int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert); - void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert); - int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, - const MHD_gnutls_datum_t * data, - MHD_gnutls_x509_crt_fmt_t format); - int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, - MHD_gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); - -#define GNUTLS_CRL_REASON_UNUSED 128 -#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 -#define GNUTLS_CRL_REASON_CA_COMPROMISE 32 -#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16 -#define GNUTLS_CRL_REASON_SUPERSEEDED 8 -#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4 -#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2 -#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 -#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 - - int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, - unsigned int *bits); - int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, - unsigned int *critical); -/* The key_usage flags are defined in gnutls.h. They are the - * GNUTLS_KEY_* definitions. - */ - int MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical); - int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, - unsigned int usage); - -/* Read extensions by sequence number. */ - int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, - const char *oid, - const void *buf, - size_t sizeof_buf, - unsigned int critical); - -/* X.509 Certificate writing. - */ - int MHD_gnutls_x509_crt_set_dn_by_oid (MHD_gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); - int MHD_gnutls_x509_crt_set_issuer_dn_by_oid (MHD_gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); - int MHD_gnutls_x509_crt_set_version (MHD_gnutls_x509_crt_t crt, - unsigned int version); - int MHD_gnutls_x509_crt_set_key (MHD_gnutls_x509_crt_t crt, - MHD_gnutls_x509_privkey_t key); - int MHD_gnutls_x509_crt_set_ca_status (MHD_gnutls_x509_crt_t crt, - unsigned int ca); - int MHD_gnutls_x509_crt_set_basic_constraints (MHD_gnutls_x509_crt_t crt, - unsigned int ca, - int pathLenConstraint); - int MHD_gnutls_x509_crt_set_subject_alternative_name (MHD_gnutls_x509_crt_t - crt, - MHD_gnutls_x509_subject_alt_name_t - type, - const char - *data_string); - int MHD_gnutls_x509_crt_sign (MHD_gnutls_x509_crt_t crt, - MHD_gnutls_x509_crt_t issuer, - MHD_gnutls_x509_privkey_t issuer_key); - int MHD_gnutls_x509_crt_sign2 (MHD_gnutls_x509_crt_t crt, - MHD_gnutls_x509_crt_t issuer, - MHD_gnutls_x509_privkey_t issuer_key, - enum MHD_GNUTLS_HashAlgorithm, - unsigned int flags); - int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert, - const void *serial, size_t serial_size); - - int MHD_gnutls_x509_crt_set_subject_key_id (MHD_gnutls_x509_crt_t cert, - const void *id, size_t id_size); - - int MHD_gnutls_x509_crt_set_proxy_dn (MHD_gnutls_x509_crt_t crt, - MHD_gnutls_x509_crt_t eecrt, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); - int MHD_gnutls_x509_crt_set_proxy (MHD_gnutls_x509_crt_t crt, - int pathLenConstraint, - const char *policyLanguage, - const char *policy, - size_t sizeof_policy); - - typedef enum MHD_gnutls_certificate_print_formats - { - GNUTLS_X509_CRT_FULL, - GNUTLS_X509_CRT_ONELINE, - GNUTLS_X509_CRT_UNSIGNED_FULL - } MHD_gnutls_certificate_print_formats_t; - - int MHD_gnutls_x509_crt_print (MHD_gnutls_x509_crt_t cert, - MHD_gnutls_certificate_print_formats_t - format, MHD_gnutls_datum_t * out); -/* Access to internal Certificate fields. - */ - - typedef void *MHD_gnutls_x509_dn_t; - -/* X.509 Certificate verification functions. - */ - typedef enum MHD_gnutls_certificate_verify_flags - { - /* If set a signer does not have to be a certificate authority. This - * flag should normaly be disabled, unless you know what this means. - */ - GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, - - /* Allow only trusted CA certificates that have version 1. This is - * safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be - * used instead. That way only signers in your trusted list will be - * allowed to have certificates of version 1. - */ - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, - - /* If a certificate is not signed by anyone trusted but exists in - * the trusted CA list do not treat it as trusted. - */ - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, - - /* Allow CA certificates that have version 1 (both root and - * intermediate). This might be dangerous since those haven't the - * basicConstraints extension. Must be used in combination with - * GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. - */ - GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, - - /* Allow certificates to be signed using the broken MD2 algorithm. - */ - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, - - /* Allow certificates to be signed using the broken MD5 algorithm. - */ - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 - } MHD_gnutls_certificate_verify_flags; - - -/* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function. - */ - typedef enum MHD_gnutls_pkcs_encrypt_flags_t - { - GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not - * be encrypted. - */ - GNUTLS_PKCS_USE_PKCS12_3DES = 2, - GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, - GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, - GNUTLS_PKCS_USE_PBES2_3DES = 16 - } MHD_gnutls_pkcs_encrypt_flags_t; - -#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN -#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES -#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR -#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 - - int MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key); - void MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key); - int MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key, - const MHD_gnutls_datum_t * data, - MHD_gnutls_x509_crt_fmt_t format); - int MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); - - int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key, - MHD_gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - int MHD_gnutls_x509_privkey_export_pkcs8 (MHD_gnutls_x509_privkey_t key, - MHD_gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size); - int MHD_gnutls_x509_privkey_export_rsa_raw (MHD_gnutls_x509_privkey_t key, - MHD_gnutls_datum_t * m, - MHD_gnutls_datum_t * e, - MHD_gnutls_datum_t * d, - MHD_gnutls_datum_t * p, - MHD_gnutls_datum_t * q, - MHD_gnutls_datum_t * u); - - int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key, - unsigned int flags, - const MHD_gnutls_datum_t * data, - const MHD_gnutls_datum_t * - signature); - -#ifdef __cplusplus -} -#endif - -#define HASH_OID_SHA1 "1.3.14.3.2.26" -#define HASH_OID_MD5 "1.2.840.113549.2.5" -#define HASH_OID_MD2 "1.2.840.113549.2.2" -#define HASH_OID_RMD160 "1.3.36.3.2.1" -#define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1" -#define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2" -#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" - -typedef struct MHD_gnutls_x509_crt_int -{ - ASN1_TYPE cert; - int use_extensions; -} MHD_gnutls_x509_crt_int; - -#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ - -/* parameters should not be larger than this limit */ -#define DSA_PRIVATE_PARAMS 5 -#define DSA_PUBLIC_PARAMS 4 -#define RSA_PRIVATE_PARAMS 6 -#define RSA_PUBLIC_PARAMS 2 - -#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0 -# error INCREASE MAX_PRIV_PARAMS -#endif - -#if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0 -# error INCREASE MAX_PRIV_PARAMS -#endif - -typedef struct MHD_gtls_x509_privkey_int -{ - mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public - * key algorithm - */ - /* - * RSA: [0] is modulus - * [1] is public exponent - * [2] is private exponent - * [3] is prime1 (p) - * [4] is prime2 (q) - * [5] is coefficient (u == inverse of p mod q) - * note that other packages used inverse of q mod p, - * so we need to perform conversions. - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is y (public key) - * [4] is x (private key) - */ - int params_size; /* holds the number of params */ - - enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; - - int crippled; /* The crippled keys will not use the ASN1_TYPE key. - * The encoding will only be performed at the export - * phase, to optimize copying etc. Cannot be used with - * the exported API (used internally only). - */ - ASN1_TYPE key; -} MHD_gnutls_x509_privkey_int; - -int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, - unsigned int *bits); - -int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, - void *result, size_t * result_size); - -int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert); -void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert); -int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, - const MHD_gnutls_datum_t * data, - MHD_gnutls_x509_crt_fmt_t format); -int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, - MHD_gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); - -int MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical); -int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); - -int MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key); -void MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key); - -int MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key, - enum MHD_GNUTLS_PublicKeyAlgorithm algo, - unsigned int bits, unsigned int flags); - -int MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key, - const MHD_gnutls_datum_t * data, - MHD_gnutls_x509_crt_fmt_t format); -int MHD_gnutls_x509_privkey_export_rsa_raw (MHD_gnutls_x509_privkey_t key, - MHD_gnutls_datum_t * m, - MHD_gnutls_datum_t * e, - MHD_gnutls_datum_t * d, - MHD_gnutls_datum_t * p, - MHD_gnutls_datum_t * q, - MHD_gnutls_datum_t * u); -int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key, - MHD_gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); - -#define GNUTLS_CRL_REASON_UNUSED 128 -#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 -#define GNUTLS_CRL_REASON_CA_COMPROMISE 32 -#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16 -#define GNUTLS_CRL_REASON_SUPERSEEDED 8 -#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4 -#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2 -#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 -#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 - -#endif diff --git a/lib/libmicrohttpd/src/daemon/https/x509/x509_privkey.c b/lib/libmicrohttpd/src/daemon/https/x509/x509_privkey.c deleted file mode 100644 index e22da040b0..0000000000 --- a/lib/libmicrohttpd/src/daemon/https/x509/x509_privkey.c +++ /dev/null @@ -1,289 +0,0 @@ -/* - * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_datum.h> -#include <gnutls_global.h> -#include <gnutls_errors.h> -#include <gnutls_rsa_export.h> -#include <gnutls_sig.h> -#include <common.h> -#include <gnutls_x509.h> -#include <x509_b64.h> -#include <x509.h> -#include <mpi.h> -#include <extensions.h> - -/* remove this when libgcrypt can handle the PKCS #1 coefficients from - * rsa keys - */ -#define CALC_COEFF 1 - -/** - * MHD_gnutls_x509_privkey_init - This function initializes a MHD_gnutls_crl structure - * @key: The structure to be initialized - * - * This function will initialize an private key structure. - * - * Returns 0 on success. - * - **/ -int -MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key) -{ - *key = MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_privkey_int)); - - if (*key) - { - (*key)->key = ASN1_TYPE_EMPTY; - (*key)->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; - return 0; /* success */ - } - - return GNUTLS_E_MEMORY_ERROR; -} - -/** - * MHD_gnutls_x509_privkey_deinit - This function deinitializes memory used by a MHD_gnutls_x509_privkey_t structure - * @key: The structure to be initialized - * - * This function will deinitialize a private key structure. - * - **/ -void -MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key) -{ - int i; - - if (!key) - return; - - for (i = 0; i < key->params_size; i++) - { - MHD_gtls_mpi_release (&key->params[i]); - } - - MHD__asn1_delete_structure (&key->key); - MHD_gnutls_free (key); -} - - -/* Converts an RSA PKCS#1 key to - * an internal structure (MHD_gnutls_private_key) - */ -ASN1_TYPE -MHD__gnutls_privkey_decode_pkcs1_rsa_key (const MHD_gnutls_datum_t * raw_key, - MHD_gnutls_x509_privkey_t pkey) -{ - int result; - ASN1_TYPE pkey_asn; - - if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), - "GNUTLS.RSAPrivateKey", - &pkey_asn)) != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - return NULL; - } - - if ((sizeof (pkey->params) / sizeof (mpi_t)) < RSA_PRIVATE_PARAMS) - { - MHD_gnutls_assert (); - /* internal error. Increase the mpi_ts in params */ - return NULL; - } - - result = - MHD__asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) - { - MHD_gnutls_assert (); - goto error; - } - - if ((result = - MHD__gnutls_x509_read_int (pkey_asn, "modulus", &pkey->params[0])) < 0) - { - MHD_gnutls_assert (); - goto error; - } - - if ((result = MHD__gnutls_x509_read_int (pkey_asn, "publicExponent", - &pkey->params[1])) < 0) - { - MHD_gnutls_assert (); - goto error; - } - - if ((result = MHD__gnutls_x509_read_int (pkey_asn, "privateExponent", - &pkey->params[2])) < 0) - { - MHD_gnutls_assert (); - goto error; - } - - if ((result = - MHD__gnutls_x509_read_int (pkey_asn, "prime1", &pkey->params[3])) < 0) - { - MHD_gnutls_assert (); - goto error; - } - - if ((result = - MHD__gnutls_x509_read_int (pkey_asn, "prime2", &pkey->params[4])) < 0) - { - MHD_gnutls_assert (); - goto error; - } - -#ifdef CALC_COEFF - /* Calculate the coefficient. This is because the gcrypt - * library is uses the p,q in the reverse order. - */ - pkey->params[5] = - MHD__gnutls_mpi_snew (MHD__gnutls_mpi_get_nbits (pkey->params[0])); - - if (pkey->params[5] == NULL) - { - MHD_gnutls_assert (); - goto error; - } - - MHD__gnutls_mpi_invm (pkey->params[5], pkey->params[3], pkey->params[4]); - /* p, q */ -#else - if ((result = MHD__gnutls_x509_read_int (pkey_asn, "coefficient", - &pkey->params[5])) < 0) - { - MHD_gnutls_assert (); - goto error; - } -#endif - pkey->params_size = 6; - - return pkey_asn; - -error:MHD__asn1_delete_structure (&pkey_asn); - MHD_gtls_mpi_release (&pkey->params[0]); - MHD_gtls_mpi_release (&pkey->params[1]); - MHD_gtls_mpi_release (&pkey->params[2]); - MHD_gtls_mpi_release (&pkey->params[3]); - MHD_gtls_mpi_release (&pkey->params[4]); - MHD_gtls_mpi_release (&pkey->params[5]); - return NULL; - -} - -#define PEM_KEY_RSA "RSA PRIVATE KEY" - -/** - * MHD_gnutls_x509_privkey_import - This function will import a DER or PEM encoded key - * @key: The structure to store the parsed key - * @data: The DER or PEM encoded certificate. - * @format: One of DER or PEM - * - * This function will convert the given DER or PEM encoded key - * to the native MHD_gnutls_x509_privkey_t format. The output will be stored in @key . - * - * If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or - * "DSA PRIVATE KEY". - * - * Returns 0 on success. - * - **/ -int -MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key, - const MHD_gnutls_datum_t * data, - MHD_gnutls_x509_crt_fmt_t format) -{ - int result = 0, need_free = 0; - MHD_gnutls_datum_t _data; - - if (key == NULL) - { - MHD_gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; - - /* If the Certificate is in PEM format then decode it */ - if (format == GNUTLS_X509_FMT_PEM) - { - opaque *out; - - /* Try the first header */ - result - = - MHD__gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, - &out); - key->pk_algorithm = MHD_GNUTLS_PK_RSA; - - _data.data = out; - _data.size = result; - - need_free = 1; - } - - if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) - { - key->key = MHD__gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); - if (key->key == NULL) - MHD_gnutls_assert (); - } - else - { - /* Try decoding with both, and accept the one that succeeds. */ - key->pk_algorithm = MHD_GNUTLS_PK_RSA; - key->key = MHD__gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); - - // TODO rm -// if (key->key == NULL) -// { -// key->pk_algorithm = GNUTLS_PK_DSA; -// key->key = decode_dsa_key(&_data, key); -// if (key->key == NULL) -// MHD_gnutls_assert(); -// } - } - - if (key->key == NULL) - { - MHD_gnutls_assert (); - result = GNUTLS_E_ASN1_DER_ERROR; - key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; - return result; - } - - if (need_free) - MHD__gnutls_free_datum (&_data); - - /* The key has now been decoded. - */ - - return 0; -} |