several bug fixes.
-Version 0.1.3
+Version 0.1.3 (01/06/2001)
- Updated API (and the way it is documented - we use inline documentation)
- Added function to access alert messages.
- Added support for renegotiating parameters.
- Better and Faster Resume Database handling.
+- Several bugfixes
Version 0.1.2 (14/05/2001)
- Updated API
GNUTLS_MAJOR_VERSION=0
GNUTLS_MINOR_VERSION=1
-GNUTLS_MICRO_VERSION=4
+GNUTLS_MICRO_VERSION=3
GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION
AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION")
LIBS="${LIBS} -lmhash")])
if test $ac_cv_c_compiler_gnu != no; then
+ CFLAGS=""
if test $opt_profiler_mode = yes; then
CFLAGS="${CFLAGS} -O0 -fprofile-arcs -ftest-coverage -pg"
AC_CHECK_HEADERS(unistd.h pwd.h locale.h strings.h stdarg.h)
AC_CHECK_HEADERS(sys/stat.h sys/types.h sys/socket.h)
AC_CHECK_HEADERS(utime.h zlib.h errno.h)
-AC_CHECK_FUNCS(bzero memset fcntl,,)
+AC_CHECK_FUNCS(bzero memsetl,,)
AC_CHECK_FUNCS(lstat stat umask utime memmove bcopy getpwuid,,)
AC_CHECK_LIB(gdbm, gdbm_open,, AC_MSG_WARN("GDBM was not found. You will not be able to use Server side session resuming."))
switch(salt[1]) {
case '2':
cr = crypt_bcrypt(passwd, salt, g, n);
+ if (cr==NULL) return 1;
if (strncmp(cr, salt, strlen(cr))==0) return 0;
break;
}
default:
cr = crypt_srpsha1(username, passwd, salt, g, n);
+ if (cr==NULL) return 1;
if (strncmp(cr, salt, strlen(cr))==0) return 0;
break;
}
#endif
#if SIZEOF_UNSIGNED_LONG_INT == 8
+# define HAVE_UINT64
+/* only used native uint64 in 64 bit machines */
typedef unsigned long int uint64;
typedef signed long int sint64;
-#elif SIZEOF_UNSIGNED_LONG_LONG == 8
- typedef unsigned long long uint64;
- typedef signed long long sint64;
#else
-# error "Cannot find a 64 bit integer in your system, sorry."
+typedef struct { unsigned char i[8]; } uint64;
#endif
uint8 len;
if (state->security_parameters.entity == GNUTLS_SERVER) {
if (data_size > 0) {
- state->gnutls_key->auth_info = gnutls_malloc(sizeof(SRP_AUTH_INFO));
+ state->gnutls_key->auth_info = gnutls_calloc(1, sizeof(SRP_AUTH_INFO));
if (state->gnutls_key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR;
if (sizeof( ((SRP_AUTH_INFO*)state->gnutls_key->auth_info)->username) > data_size) {
#ifdef HARD_DEBUG
fprintf(stderr, "Record: Sending Packet[%d] %s(%d) with length: %d\n",
- (int) state->connection_state.read_sequence_number, _gnutls_packet2str(type), type, sizeofdata);
+ (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
#endif
for (i = 0; i < iterations; i++) {
}
#ifdef HARD_DEBUG
fprintf(stderr, "Record: Sended Packet[%d] %s(%d) with length: %d\n",
- (int) state->connection_state.read_sequence_number, _gnutls_packet2str(type), type, cipher_size);
+ (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, cipher_size);
#endif
- state->connection_state.write_sequence_number++;
+ uint64pp( &state->connection_state.write_sequence_number);
}
/* rest data */
if (iterations > 1) {
return GNUTLS_E_UNABLE_SEND_DATA;
}
- state->connection_state.write_sequence_number++;
+ uint64pp( &state->connection_state.write_sequence_number);
}
ret += sizeofdata;
#ifdef HARD_DEBUG
fprintf(stderr, "Record: Expected Packet[%d] %s(%d) with length: %d\n",
- (int) state->connection_state.read_sequence_number, _gnutls_packet2str(type), type, sizeofdata);
+ (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata);
fprintf(stderr, "Record: Received Packet[%d] %s(%d) with length: %d\n",
- (int) state->connection_state.read_sequence_number, _gnutls_packet2str(recv_type), recv_type, length);
+ (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length);
#endif
if (length > MAX_RECV_SIZE) {
#ifdef HARD_DEBUG
fprintf(stderr, "Record: Decrypted Packet[%d] %s(%d) with length: %d\n",
- (int) state->connection_state.read_sequence_number, _gnutls_packet2str(recv_type), recv_type, tmplen);
+ (int) uint64touint32(&state->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen);
#endif
gnutls_free(ciphertext);
/* Increase sequence number
* this is needed only here because we return immediately
*/
- state->connection_state.read_sequence_number++;
+ uint64pp( &state->connection_state.read_sequence_number);
/* if close notify is received and
* the alert is not fatal
/* Increase sequence number */
- state->connection_state.read_sequence_number++;
+ uint64pp( &state->connection_state.read_sequence_number);
/* Get Application data from buffer */
} SRP_SERVER_CREDENTIALS;
typedef struct {
- char* username;
+ char username[256];
} SRP_AUTH_INFO;
/* Credential structures for DH_ANON */
{
int rc, mac_size;
- state->connection_state.write_sequence_number = 0;
- state->connection_state.read_sequence_number = 0;
+ uint64zero(&state->connection_state.write_sequence_number);
+ uint64zero(&state->connection_state.read_sequence_number);
/* Update internals from CipherSuite selected.
* If we are resuming just copy the connection state
fprintf(stderr, "Cipher Suite: %s\n",
_gnutls_cipher_suite_get_name(state->
gnutls_internals.current_cipher_suite));
- fprintf(stderr, "Cipher: %s\n",
- _gnutls_cipher_get_name(state->security_parameters.
- bulk_cipher_algorithm));
- fprintf(stderr, "MAC: %s\n",
- _gnutls_mac_get_name(state->security_parameters.
- mac_algorithm));
- fprintf(stderr, "Compression: %s\n", _gnutls_compression_get_name(state->security_parameters.compression_algorithm));
#endif
if (state->connection_state.write_mac_secret!=NULL)
uint8 *data;
uint8 pad;
uint8 *rand;
- uint64 seq_num;
+ uint8* seq_num;
int length;
GNUTLS_MAC_HANDLE td;
int blocksize =
c_length = CONVuint16(compressed->length);
seq_num =
- CONVuint64(state->connection_state.write_sequence_number);
+ CONVuint64(&state->connection_state.write_sequence_number);
+ if (seq_num==NULL) {
+ gnutls_free(*cipher);
+ gnutls_free(content);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
if (td != GNUTLS_MAC_FAILED) { /* actually when the algorithm in not the NULL one */
- gnutls_hmac(td, &seq_num, 8);
+ gnutls_hmac(td, seq_num, 8);
+ gnutls_free( seq_num);
+
gnutls_hmac(td, &compressed->type, 1);
if (_gnutls_version_ssl3(state->connection_state.version) != 0) { /* TLS 1.0 only */
gnutls_hmac(td, &compressed->version.major, 1);
uint16 c_length;
uint8 *data;
uint8 pad;
- uint64 seq_num;
+ uint8* seq_num;
uint16 length;
GNUTLS_MAC_HANDLE td;
int blocksize =
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
- seq_num = CONVuint64(state->connection_state.read_sequence_number);
c_length = CONVuint16((uint16) compressed->length);
+ seq_num = CONVuint64( &state->connection_state.read_sequence_number);
+ if (seq_num==NULL) {
+ gnutls_free(*compress);
+ gnutls_free(content);
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
if (td != GNUTLS_MAC_FAILED) {
- gnutls_hmac(td, &seq_num, 8);
+ gnutls_hmac(td, seq_num, 8);
+ gnutls_free( seq_num);
+
gnutls_hmac(td, &compressed->type, 1);
if (_gnutls_version_ssl3(state->connection_state.version) != 0) { /* TLS 1.0 only */
gnutls_hmac(td, &compressed->version.major, 1);
*
* This function initiates the handshake of the TLS/SSL protocol.
* Here we will receive - if requested and supported by the ciphersuite -
- * the peer's certificate. By calling this function you it is your job
- * to check the peer's identity (by checking the certificate etc.).
+ * the peer's certificate.
*
* This function will fail if any problem in the handshake is encountered.
- * However this failure will not be fatal. You may choose to
+ * However this failure will not be fatal. However you may choose to
* continue the handshake - eg. even if the certificate cannot
- * be verified- by calling gnutls_handshake_finish()
+ * be verified- by calling gnutls_handshake_finish().
**/
int gnutls_handshake_begin(int cd, GNUTLS_STATE state)
{
/*
- * Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2001 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
#include <defines.h>
#include <gnutls_int.h>
+#include <gnutls_num.h>
+#include <gnutls_errors.h>
-#define rotl64(x,n) (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n))))
-#define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n))))
#define rotl32(x,n) (((x) << ((uint16)(n))) | ((x) >> (32 - (uint16)(n))))
#define rotr32(x,n) (((x) >> ((uint16)(n))) | ((x) << (32 - (uint16)(n))))
#define rotl16(x,n) (((x) << ((uint16)(n))) | ((x) >> (16 - (uint16)(n))))
#define rotr16(x,n) (((x) >> ((uint16)(n))) | ((x) << (16 - (uint16)(n))))
#define byteswap16(x) ((rotl16(x, 8) & 0x00ff) | (rotr16(x, 8) & 0xff00))
-#define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ff) | (rotr32(x, 8) & 0xff00ff00))
-#define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffLL) | (rotr64(x, 8) & 0xff00ff00ff00ff00LL))
+#define byteswap32(x) ((rotl32(x, 8) & 0x00ff00ffU) | (rotr32(x, 8) & 0xff00ff00U))
+
+#ifndef HAVE_UINT64
+
+int uint64zero( uint64 *x) {
+
+ memset( x->i, 0, 8);
+ return 0;
+}
+
+int uint64pp( uint64 *x) {
+register int i, y = 0;
+
+ for (i=7;i>=0;i--) {
+ if ( x->i[i] == 0xff) {
+ x->i[i] = 0;
+ y = 1;
+ } else (x->i[i])++;
+
+ if (y==0) break;
+ else y=0;
+ }
+
+ return 0;
+}
+
+#endif /* HAVE_UINT64 */
-inline
uint32 uint24touint32( uint24 num) {
uint32 ret=0;
return ret;
}
-inline
uint24 uint32touint24( uint32 num) {
uint24 ret;
}
/* data should be at least 3 bytes */
-inline
uint32 READuint24( const opaque* data) {
uint32 res;
uint24 num;
return res;
}
-inline
void WRITEuint24( uint32 num, opaque* data) {
uint24 tmp;
return;
}
-inline
uint32 READuint32( const opaque* data) {
uint32 res;
return res;
}
-inline
void WRITEuint32( uint32 num, opaque* data) {
#ifndef WORDS_BIGENDIAN
return;
}
-inline
uint16 READuint16( const opaque* data) {
uint16 res;
memcpy( &res, data, sizeof(uint16));
return res;
}
-inline
void WRITEuint16( uint16 num, opaque* data) {
#ifndef WORDS_BIGENDIAN
return;
}
-inline
uint32 CONVuint32( uint32 data) {
#ifndef WORDS_BIGENDIAN
return byteswap32( data);
#endif
}
-inline
uint16 CONVuint16( uint16 data) {
#ifndef WORDS_BIGENDIAN
return byteswap16( data);
#endif
}
-inline
-uint64 READuint64( const opaque* data) {
-uint64 res;
-
- memcpy( &res, data, sizeof(uint64));
-#ifndef WORDS_BIGENDIAN
- res = byteswap64( res);
+uint8* CONVuint64( const uint64* data) {
+uint8* ret = gnutls_malloc( 8);
+#ifdef HAVE_UINT64
+uint64 tmp = *data;
#endif
-return res;
+
+if (ret==NULL) {
+ gnutls_assert();
+ return NULL;
}
-inline
-void WRITEuint64( uint64 num, opaque* data) {
+#ifdef HAVE_UINT64
+# ifndef WORDS_BIGENDIAN
+ tmp = byteswap64( tmp);
+ memcpy( ret, &tmp, 8);
+
+# else
+ memcpy( ret, &tmp, 8);
-#ifndef WORDS_BIGENDIAN
- num = byteswap64( num);
-#endif
- memcpy( data, &num, sizeof(uint64));
- return;
+# endif /* WORDS_BIGENDIAN */
+#else
+ memcpy( ret, data->i, 8);
+
+#endif /* HAVE_UINT64 */
+ return ret;
}
-inline
-uint64 CONVuint64( uint64 data) {
-#ifndef WORDS_BIGENDIAN
- return byteswap64( data);
-#else
- return data;
-#endif
+uint32 uint64touint32( const uint64* num) {
+uint32 ret;
+
+#ifdef HAVE_UINT64
+ ret = (uint32) *num;
+#else
+ memcpy( &ret, &num->i[4], 4);
+# ifndef WORDS_BIGENDIAN
+ ret = byteswap32(ret);
+# endif
+
+#endif /* HAVE_UINT64 */
+
+ return ret;
}
+
+
+
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
+#include <gnutls_int.h>
+
uint32 uint24touint32( uint24 num);
uint24 uint32touint24( uint32 num);
uint32 READuint32( const opaque* data);
uint16 READuint16( const opaque* data);
uint32 CONVuint32( uint32 data);
uint16 CONVuint16( uint16 data);
-uint16 READuint64( const opaque* data);
-uint32 CONVuint64( uint64 data);
+uint8* CONVuint64( const uint64 *data); /* note: this returns malloced data */
uint32 READuint24( const opaque* data);
void WRITEuint24( uint32 num, opaque* data);
void WRITEuint32( uint32 num, opaque* data);
void WRITEuint16( uint16 num, opaque* data);
-void WRITEuint64( uint64 num, opaque* data);
+uint32 uint64touint32( const uint64*);
+
+#ifndef HAVE_UINT64
+int uint64zero( uint64 *);
+int uint64pp( uint64 *);
+#else
+
+# define rotl64(x,n) (((x) << ((uint16)(n))) | ((x) >> (64 - (uint16)(n))))
+# define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n))))
+# define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL))
+# define uint64pp(x) (*x)++
+# define uint64zero(x) (*x) = 0
+#endif
#include "debug.h"
/* These should be added in gcrypt.h */
-#define gcry_mpi_add mpi_add
-#define gcry_mpi_subm mpi_subm
-#define gcry_mpi_addm mpi_addm
-#define gcry_mpi_mul mpi_mul
-#define gcry_mpi_mulm mpi_mulm
-MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
+MPI _gcry_generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
MPI g, MPI **ret_factors );
/* Here functions for SRP (like g^x mod n) are defined
if (qbits & 1) /* better have a even one */
qbits++;
- prime = generate_elg_prime(0, bits, qbits, g, NULL);
+ prime = _gcry_generate_elg_prime(0, bits, qbits, g, NULL);
}
#include "../lib/cert_b64.h"
#include "prime-gaa.h"
-MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
+MPI _gcry_generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
MPI g, MPI **ret_factors );
int main(int argc, char **argv)
qbits++;
g = mpi_new(16);
- prime = generate_elg_prime( 0, info.bits, qbits, g, NULL);
+ prime = _gcry_generate_elg_prime( 0, info.bits, qbits, g, NULL);
/* print generator */
size = 0;
-test:i6Up8mTyhhysp96btJJGi7BUOdQEmI3kRznnWuovFoXGi12Ayx2gCZ6mDIuQn.6jpdUTwrhOHdf9aoGqCPkaZIE.zEP.PccXfTD/XE2d.bwlcLmkr/AAglwOoEG4cmDGiA/RfueIVCSE7sJYBCWSRMZpVW/vTbSmWOQr1oeW0Bfg:3EkIcF1pNQ4KTvvlXjwJyl:1
+test:Sp2yxWRqT4JkAwpi23/5249384lTEyKSYyqFf41GTmwY6ufidSwC.YAql/scboDjQlyCtc5/RJ89ECOSzlyyMeFX2TgwUedkHrQLvD0FHoyD1kPLSuZ9yu4QkoQRXg/aczDkFsCWyQq/CTowxr5haxjiiZ4L3pedPazxq0AwcR/y:6oMA08xvYxulpRzW7wh97:1
test2:2uTyiMxqKewx.hgReJmKBY6KL/8nZ5CdrKhmySdF/asJkvXzas5nAqSIh0icrlZP4cGgtuzpDaEafqRqAwjNOo/eEbiuYilO6r8DKnVvKrHIDDI8HzVhkoH1FoTkND33qhG3AbGof1gOxgdOOPOCa7MjdebZn.23PNPDY2dueE1rh:3U2EiG0NjswPJlh4rFyMm5:1
projects / thirdparty / gnutls.git / commitdiff
