-Version 0.1.4
+Version 0.1.4 (22/06/2001)
- Corrected (srp) base64 encoding.
- Changed bcrypt algorithm to include username.
- Added RSA Ciphersuites (no certificate checking).
- Bugfixes in session resuming
- Updated Ciphersuite selection algorithm
- Added internal representation of x509 structures.
+- Added global state
Version 0.1.3 (01/06/2001)
- Updated API (and the way it is documented - we use inline documentation)
* Run the buildconf script before doing anything. This will create
the needed configure, makefiles etc. using Automake, Autoconf, and libtool.
+* Documentation:
+ view the doc/ directory and the examples in the src/ directory.
+
BUGS:
There should be plenty, but if you think you found any
AC_DEFINE_UNQUOTED(T_OS, "$target_os")
GNUTLS_MAJOR_VERSION=0
-GNUTLS_MINOR_VERSION=2
-GNUTLS_MICRO_VERSION=0
+GNUTLS_MINOR_VERSION=1
+GNUTLS_MICRO_VERSION=4
GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION")
-EXTRA_DIST = TODO gnutls-api.txt gnutls-api.html
+EXTRA_DIST = TODO gnutls-api.txt gnutls-api.html ASN1.readme.txt
gnutls-api: gnutls-api.html gnutls-api.txt
gnutls-api.html:
* Add Kerberos support (who wants that?)
* Audit the code (volunteers?)
* Fix renegotiate
-* Add certificate verification in order for clients to work
-* Optimize X509PKI_SERVER_CREDENTIALS so that there should be
- only one parse of the der structures.
-* Create global variables that hold read/write and initialize
- the ASN.1 parser's structures.
* Create certificate verification function(s)
* Modify SRP to conform the newest draft
+* make gnutls_allocate_x509_sc() work with certificate lists
+ ( now works with a single certificate)
crypt_bcrypt.c crypt.c gnutls_random.c crypt_srpsha1.c gnutls_srp.c \
auth_srp.c auth_srp_passwd.c gnutls_v2_compat.c auth_srp_sb64.c \
cert_ASN.y cert_asn1.c cert_der.c gnutls_datum.c auth_rsa.c \
- gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c
+ gnutls_gcry.c ext_dnsname.c gnutls_pk.c gnutls_cert.c \
+ gnutls_global.c
libgnutls_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
void gnutls_free_x509_sc( X509PKI_SERVER_CREDENTIALS sc);
int gnutls_allocate_x509_sc(X509PKI_SERVER_CREDENTIALS * res, char *CERTFILE, char *KEYFILE);
+/* global state functions
+ */
+/* In this version global_init accepts two files (pkix.asn, pkcs1.asn).
+ * This will not be the case in the final version. These files
+ * are located in the src/ directory of gnutls distribution.
+ */
+int gnutls_global_init(char* PKIX, char* PKCS1);
+void gnutls_global_deinit();
+
+
/* error codes appended here */
# include <errno.h>
#endif
+extern ssize_t (*recv_func)( SOCKET, void*, size_t, int);
+extern ssize_t (*send_func)( SOCKET,const void*, size_t, int);
+
+
int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, int length)
{
int old_buffer;
left = sizeOfPtr;
while (left > 0) {
- i = recv(fd, &ptr[i], left, flag);
+ i = recv_func(fd, &ptr[i], left, flag);
if (i < 0) {
return (0-errno);
} else {
/* This function is like write. But it does not return -1 on error.
* It does return -errno instead.
*/
-ssize_t _gnutls_Write(int fd, const void *iptr, size_t n)
+ssize_t _gnutls_Write(int fd, const void *iptr, size_t n, int flags)
{
size_t left;
#ifdef WRITE_DEBUG
#endif
left = n;
while (left > 0) {
- i = write(fd, &ptr[i], left);
+ i = send(fd, &ptr[i], left, flags);
if (i == -1) {
return (0-errno);
}
int gnutls_insertDataBuffer(ContentType type, GNUTLS_STATE state, char *data, int length);
int gnutls_getDataBufferSize(ContentType type, GNUTLS_STATE state);
int gnutls_getDataFromBuffer(ContentType type, GNUTLS_STATE state, char *data, int length);
-ssize_t _gnutls_Read(int fd, void *iptr, size_t n, int flag);
-ssize_t _gnutls_Write(int fd, const void *iptr, size_t n);
+ssize_t _gnutls_Read(int fd, void *iptr, size_t n, int);
+ssize_t _gnutls_Write(int fd, const void *iptr, size_t n, int );
/* used in SSL3 */
int gnutls_getHashDataFromBuffer( GNUTLS_STATE state, char *data, int length);
}
/* allocate size for the parameters (2) */
- *params = gnutls_malloc(2 * sizeof(MPI));
+ *params = gnutls_calloc(1, 2 * sizeof(MPI));
if (gcry_mpi_scan(&(*params)[0], GCRYMPI_FMT_USG, str, &len) != 0) {
gnutls_assert();
#define _READ( str, OID, NAME, res) \
- if(!strcmp(str, OID)){ \
+ if(strcmp(str, OID)==0){ \
strcpy( str, "PKIX1Explicit88.X520"); \
strcat( str, NAME); \
- if (create_structure( NAME, str) != ASN_OK) \
+ strcpy( name2, "temp-structure-"); \
+ strcat( name2, NAME); \
+ if ( (result = create_structure( name2, str)) != ASN_OK) { \
+ gnutls_assert(); \
return GNUTLS_E_ASN1_ERROR; \
+ } \
if (read_value(name3,str,&len) != ASN_OK) { \
- delete_structure( NAME); \
- return GNUTLS_E_ASN1_PARSING_ERROR; \
+ delete_structure( name2); \
+ continue; \
+ } \
+ if (get_der( name2, str, len) != ASN_OK) { \
+ delete_structure( name2); \
+ continue; \
} \
- if (get_der( NAME, str, len) != ASN_OK) { \
- delete_structure( NAME); \
- return GNUTLS_E_ASN1_PARSING_ERROR; \
+ strcpy( name3,name2); \
+ if (read_value( name3, str, &len) != ASN_OK) { /* CHOICE */ \
+ delete_structure( name2); \
+ continue; \
} \
- strcpy( name3,NAME); \
- read_value( name3, str, &len); /* CHOICE */ \
- strcat( name3, "."); \
+ strcat( name3, "."); \
strcat( name3, str); \
if (read_value(name3,str,&len) != ASN_OK) { \
- delete_structure( NAME); \
- return GNUTLS_E_ASN1_PARSING_ERROR; \
+ delete_structure( name2); \
+ continue; \
} \
str[len]=0; \
res = strdup(str); \
- delete_structure(NAME); \
+ delete_structure(name2); \
}
/* This function will attempt to read a Name
strcat(name, ".rdnSequence.?");
ltostr(k, counter);
strcat(name, counter);
+
result = read_value(name, str, &len);
if (result == ASN_ELEMENT_NOT_FOUND)
break;
strcpy(name3, name2);
strcat(name3, ".type");
result = read_value(name3, str, &len);
+
if (result != ASN_OK) {
gnutls_assert();
return GNUTLS_E_ASN1_PARSING_ERROR;
}
strcpy(name3, name2);
strcat(name3, ".value");
+
if (result == ASN_OK) {
- _READ(str, "2 5 4 6", "Country",
- gCert->country);
- _READ(str, "2 5 4 10", "Organization",
+/* _READ(str, "2 5 4 6", "countryName",
+ * gCert->country);
+ * This one fails (with SIGSEGV).
+ */
+ _READ(str, "2 5 4 10", "OrganizationName",
gCert->organization);
_READ(str, "2 5 4 11",
"OrganizationalUnitName",
read_value
("certificate3.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey",
str, &len);
- delete_structure("certificate3");
if (result != ASN_OK) {
gnutls_assert();
}
}
- *alg = gnutls_malloc(sizeof(KXAlgorithm) * i);
+ *alg = gnutls_calloc(1, sizeof(KXAlgorithm) * i);
if (*alg == NULL)
return GNUTLS_E_MEMORY_ERROR;
--- /dev/null
+/*
+ * Copyright (C) 2001 Nikos Mavroyanopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <defines.h>
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <cert_asn1.h>
+#include <signal.h>
+
+static void* old_sig_handler;
+ssize_t (*recv_func)( SOCKET, void*, size_t, int);
+ssize_t (*send_func)( SOCKET,const void*, size_t, int);
+
+int gnutls_is_secure_memory(const void* mem) {
+ return 0;
+}
+
+/**
+ * gnutls_global_init - This function initializes the global state to defaults.
+ *
+ * This function initializes the global state to defaults.
+ * Every gnutls application has a global state which holds common parameters
+ * shared by gnutls state structures.
+ * You must call gnutls_global_deinit() when gnutls usage is no longer needed
+ * Returns zero on success.
+ **/
+int gnutls_global_init(char* PKIX, char* PKCS1)
+{
+ int result;
+
+ /* for gcrypt in order to be able to allocate memory */
+ gcry_set_allocation_handler(gnutls_malloc, secure_malloc, gnutls_is_secure_memory, gnutls_realloc, free);
+
+ /* we need this */
+ old_sig_handler = signal( SIGPIPE, SIG_IGN);
+
+ /* set default recv/send functions
+ */
+ recv_func = recv;
+ send_func = send;
+
+ /* initialize parser
+ * This should not deal with files in the final
+ * version.
+ */
+
+ result = parser_asn1(PKIX);
+
+ if (result != ASN_OK) {
+ return GNUTLS_E_ASN1_PARSING_ERROR;
+ }
+
+ result = parser_asn1(PKCS1);
+
+ if (result != ASN_OK) {
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_global_deinit - This function deinitializes the global state
+ *
+ * This function deinitializes the global state.
+ **/
+
+void gnutls_global_deinit() {
+
+ /* restore signal handler */
+ signal( SIGPIPE, old_sig_handler);
+
+
+
+}
}
}
-int gnutls_is_secure_memory(const void* mem) {
- return 0;
-}
-
/**
* gnutls_set_lowat - Used to set the lowat value in order for select to check for pending data.
* @state: is a &GNUTLS_STATE structure.
**/
int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end)
{
- /* for gcrypt in order to be able to allocate memory */
- gcry_set_allocation_handler(gnutls_malloc, secure_malloc, gnutls_is_secure_memory, gnutls_realloc, free);
*state = gnutls_calloc(1, sizeof(GNUTLS_STATE_INT));
#define GNUTLS_FREE(x) if(x!=NULL) gnutls_free(x)
/**
- * gnutls_init - This function clears all buffers associated with the &state
+ * gnutls_deinit - This function clears all buffers associated with the &state
* @state: is a &GNUTLS_STATE structure.
*
* This function clears all buffers associated with the &state.
WRITEuint16( cipher_size, &headers[3]);
- if (_gnutls_Write(cd, headers, HEADER_SIZE) != HEADER_SIZE) {
+ if (_gnutls_Write(cd, headers, HEADER_SIZE, flags) != HEADER_SIZE) {
state->gnutls_internals.valid_connection = VALID_FALSE;
state->gnutls_internals.resumable = RESUME_FALSE;
gnutls_assert();
return GNUTLS_E_UNABLE_SEND_DATA;
}
- if (_gnutls_Write(cd, cipher, cipher_size) != cipher_size) {
+ if (_gnutls_Write(cd, cipher, cipher_size, flags) != cipher_size) {
state->gnutls_internals.valid_connection = VALID_FALSE;
state->gnutls_internals.resumable = RESUME_FALSE;
gnutls_assert();
memmove( cipher, headers, HEADER_SIZE);
cipher_size += HEADER_SIZE;
- if (_gnutls_Write(cd, cipher, cipher_size) != cipher_size) {
+ if (_gnutls_Write(cd, cipher, cipher_size, flags) != cipher_size) {
state->gnutls_internals.valid_connection = VALID_FALSE;
state->gnutls_internals.resumable = RESUME_FALSE;
gnutls_assert();
WRITEuint16( 1, &headers[3]);
- if (_gnutls_Write(cd, headers, 5) != 5) {
+ if (_gnutls_Write(cd, headers, 5, 0) != 5) {
state->gnutls_internals.valid_connection = VALID_FALSE;
state->gnutls_internals.resumable = RESUME_FALSE;
gnutls_assert();
return GNUTLS_E_UNABLE_SEND_DATA;
}
- if (_gnutls_Write(cd, &data, 1) != 1) {
+ if (_gnutls_Write(cd, &data, 1, 0) != 1) {
state->gnutls_internals.valid_connection = VALID_FALSE;
state->gnutls_internals.resumable = RESUME_FALSE;
gnutls_assert();
#include <string.h>
#include <unistd.h>
#include "../lib/gnutls.h"
-#include <signal.h>
#include <sys/time.h>
#define SA struct sockaddr
#define MAX(X,Y) (X >= Y ? X : Y);
-#include "pk.h"
-
static int print_info( GNUTLS_STATE state) {
char *tmp;
const ANON_AUTH_INFO *dh_info;
if (x509_info != NULL) {
switch( x509_info->peer_certificate_status) {
case GNUTLS_NOT_VERIFIED:
- printf("- Peer's Certificate was NOT verified\n");
+ printf("- Peer's X509 Certificate was NOT verified\n");
break;
case GNUTLS_EXPIRED:
- printf("- Peer's Certificate was verified but is expired\n");
- break;
- case GNUTLS_INVALID:
- printf("- Peer's Certificate was invalid\n");
+ printf("- Peer's X509 Certificate was verified but is expired\n");
break;
case GNUTLS_VERIFIED:
- printf("- Peer's Certificate was verified\n");
+ printf("- Peer's X509 Certificate was verified\n");
break;
+ case GNUTLS_INVALID:
+ default:
+ printf("- Peer's X509 Certificate was invalid\n");
+ break;
+
}
}
}
fprintf(stderr, "Usage: cli [host] [port]\n");
exit(1);
}
- PARSE();
+
+ if (gnutls_global_init("pkix.asn", "pkcs1.asn") < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
cred.username = "test";
cred.password = "test";
- signal(SIGPIPE, SIG_IGN);
-
sd = socket(AF_INET, SOCK_STREAM, 0);
ERR(sd, "socket");
close(sd);
gnutls_deinit( state);
+
+ gnutls_global_deinit();
+
return 0;
}
+++ /dev/null
-#define PKIX "pkix.asn"
-#define PKCS "pkcs1.asn"
-void PARSE()
-{
- /* this is to be moved to gnutls */
- int result = parser_asn1(PKIX);
-
- signal( SIGPIPE, SIG_IGN);
-
- if (result == ASN_SYNTAX_ERROR) {
- printf("%s: PARSE ERROR\n", PKIX);
- return;
- } else if (result == ASN_IDENTIFIER_NOT_FOUND) {
- printf("%s: IDENTIFIER NOT FOUND\n", PKIX);
- return;
- }
-
- result = parser_asn1(PKCS);
-
- if (result == ASN_SYNTAX_ERROR) {
- printf("%s: PARSE ERROR\n", PKCS);
- return;
- } else if (result == ASN_IDENTIFIER_NOT_FOUND) {
- printf("%s: IDENTIFIER NOT FOUND\n", PKCS);
- return;
- }
-
-}
#include <unistd.h>
#include "../lib/gnutls.h"
#include <port.h>
-#include <signal.h>
-#include "pk.h"
#define KEYFILE "key.pem"
#define CERTFILE "cert.pem"
GNUTLS_STATE state;
int ret;
- if (gnutls_allocate_x509_sc(&x509_cred, CERTFILE, KEYFILE) < 0) {
- fprintf(stderr, "X509 PARSE ERROR\n");
- exit(1);
- }
/* this is a password file (created with the included crypt utility)
* Read README.crypt prior to using SRP.
}
}
- PARSE();
+ if (gnutls_global_init("pkix.asn", "pkcs1.asn") < 0) {
+ fprintf(stderr, "global state initialization error\n");
+ exit(1);
+ }
+
+ if (gnutls_allocate_x509_sc(&x509_cred, CERTFILE, KEYFILE) < 0) {
+ fprintf(stderr, "X509 PARSE ERROR\n");
+ exit(1);
+ }
+
listen_sd = socket(AF_INET, SOCK_STREAM, 0);
ERR(listen_sd, "socket");
gnutls_deinit(state);
}
close(listen_sd);
+
+ gnutls_free_x509_sc(x509_cred);
+
+ gnutls_global_deinit();
+
return 0;
}
projects / thirdparty / gnutls.git / commitdiff
