towards using libgnutls directly

README

@@ -74,21 +74,11 @@ reasonably complete.
 
 Missing features:
 =================
-- MHD_get_daemon_info options for SSL are not implemented (always return NULL)
 - SSL support does not work with SELECT-based threading modes
   (issue is that the gnutls state machine does not like EAGAIN/EINTR
    return values from send/recv, despite having tons of
    branches on those values).
-- SSL code is still too large:
-  * libgcrypt is used, and is also bloated
-  => integrate required portions of libgcrypt into our tree
-     instead of linking against it
-  * still some bloat in the SSL code;
-    consider removing "client" functionality
-  * most likely some headers declare functions, constants 
-    and types that are no longer present or used
-  * possibly other dead code
-- Make sure SSL works on non-GNU/Linux platforms
+- SSL code is not working (GNUtls integration broken)
 
 
 Untested features:

configure.ac

@@ -233,6 +233,7 @@ AM_PATH_LIBGCRYPT(1.2.2, gcrypt=true)
 MHD_GCRYPT_VERSION=1:1.2.2
 AC_DEFINE_UNQUOTED([MHD_GCRYPT_VERSION], "$MHD_GCRYPT_VERSION", [gcrypt lib version])
 
+AM_PATH_LIBGNUTLS(2.8.6, gnutls=true)
 
 # optional: HTTPS support.  Enabled by default
 AC_MSG_CHECKING(whether to enable HTTPS support)
@@ -243,13 +244,13 @@ AC_ARG_ENABLE([https],
    [enable_https="yes"])
 if test "$enable_https" = "yes"
 then
- if test "$gcrypt" = "true"
+ if test "$gcrypt" = "true" -a "$gnutls" = "true"
  then
    AC_DEFINE([HTTPS_SUPPORT],[1],[include HTTPS support])
    MHD_LIBDEPS="$LIBGCRYPT_LIBS"
  else
-   AC_DEFINE([HTTPS_SUPPORT],[0],[no libgcrypt])
-   enable_https="no (lacking libgcrypt)"
+   AC_DEFINE([HTTPS_SUPPORT],[0],[no libgcrypt or libgnutls])
+   enable_https="no (lacking libgcrypt or libgnutls)"
  fi
 else
  AC_DEFINE([HTTPS_SUPPORT],[0],[disable HTTPS support])
@@ -270,28 +271,6 @@ AC_CACHE_CHECK([whether -export-symbols-regex works],
   esac
  ])
 
-# optional: compile TLS client side code [only for test running] ?
-AC_MSG_CHECKING(whether to compile TLS client side code)
-AC_ARG_ENABLE(client-side,
-   [AS_HELP_STRING([--enable-client-side],
-               [compile client side code])],
-   [enable_client_side=$enableval],
-   [enable_client_side="no"])
-AC_MSG_RESULT($enable_client_side)
-if test "$enable_client_side" = "no"
-then
- AC_DEFINE([MHD_DEBUG_TLS],[0],[Compile client side code. This will enable running some test cases.])
- MSG_CLIENT_SIDE="disabled. running some test cases won't be possible"
- if test "x$gn_cv_export_symbols_regex_works" = "xyes"
- then
-  MHD_LIB_LDFLAGS="$MHD_LIB_LDFLAGS -export-symbols \$(srcdir)/EXPORT.sym"
- fi
-else
- AC_DEFINE([MHD_DEBUG_TLS],[1],[Compile client side code. This will enable running some test cases.])
- MSG_CLIENT_SIDE="enabled" 
-fi
-AM_CONDITIONAL(MHD_DEBUG_TLS, test "$enable_client_side" != "no")
-
 
 # Symbols required by GNU_TLS 
 AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
@@ -326,11 +305,6 @@ m4/Makefile
 src/Makefile
 src/include/Makefile
 src/daemon/Makefile
-src/daemon/https/Makefile
-src/daemon/https/tls/Makefile
-src/daemon/https/x509/Makefile
-src/daemon/https/lgl/Makefile
-src/daemon/https/minitasn1/Makefile
 src/examples/Makefile
 src/testcurl/Makefile
 src/testcurl/https/Makefile
@@ -368,7 +342,6 @@ AC_MSG_NOTICE([Configuration Summary:
 if test "$enable_https" = "yes"
 then
  AC_MSG_NOTICE([HTTPS subsystem configuration:
-  Client code dep.:  ${MSG_CLIENT_SIDE}    		
   License         :  LGPL only
  ])
 else

m4/Makefile.am

@@ -1 +1 @@
-EXTRA_DIST = libcurl.m4
+EXTRA_DIST = libcurl.m4 libgnutls.m4

src/daemon/https/tls/libgnutls.m4 → m4/libgnutls.m4

@@ -48,7 +48,7 @@ dnl
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <gnutls.h>
+#include <gnutls/gnutls.h>
 
 int
 main ()

src/daemon/Makefile.am

@@ -1,12 +1,8 @@
 AM_CPPFLAGS = \
   -I$(top_srcdir)/src/include \
   -I$(top_srcdir)/src/daemon \
-  -I$(top_srcdir)/src/daemon/https/lgl \
-  -I$(top_srcdir)/src/daemon/https/x509 \
-  -I$(top_srcdir)/src/daemon/https/minitasn1 \
-  -I$(top_srcdir)/src/daemon/https/tls \
-  -I$(top_srcdir)/src/daemon/https \
-  @LIBGCRYPT_CFLAGS@ 
+  @LIBGCRYPT_CFLAGS@ \
+  @LIBGNUTLS_CFLAGS@ 
 
 EXTRA_DIST = EXPORT.sym
 
@@ -31,14 +27,10 @@ endif
 
 
 if ENABLE_HTTPS
-SUBDIRS = https .
 libmicrohttpd_la_SOURCES += \
   connection_https.c connection_https.h
 libmicrohttpd_la_LIBADD = \
-  https/lgl/liblgl.la \
-  https/x509/libx509.la \
-  https/tls/libtls.la \
-  https/minitasn1/libasn1.la 
+  $(LIBGNUTLS_LIBS) 
 endif
 
 check_PROGRAMS = \

src/daemon/connection.c

@@ -1793,7 +1793,7 @@ MHD_connection_handle_write (struct MHD_Connection *connection)
 #if HTTPS_SUPPORT
           if (connection->daemon->options & MHD_USE_SSL)
             {
-              ret = MHD__gnutls_record_send (connection->tls_session,
+              ret = gnutls_record_send (connection->tls_session,
                                              &connection->response->data
                                              [connection->
                                               response_write_position -
@@ -2245,10 +2245,6 @@ MHD_set_http_calbacks (struct MHD_Connection *connection)
   connection->idle_handler = &MHD_connection_handle_idle;
 }
 
-#if HTTPS_SUPPORT
-#include "gnutls_int.h"
-#include "gnutls_record.h"
-#endif
 
 /**
  * Obtain information about the given connection.
@@ -2269,13 +2265,13 @@ MHD_get_connection_info (struct MHD_Connection *connection,
     case MHD_CONNECTION_INFO_CIPHER_ALGO:
       if (connection->tls_session == NULL)
 	return NULL;
-      return (const union MHD_ConnectionInfo *) &connection->
-        tls_session->security_parameters.read_bulk_cipher_algorithm;
+      connection->cipher = gnutls_cipher_get (connection->tls_session);
+      return (const union MHD_ConnectionInfo *) &connection->cipher;
     case MHD_CONNECTION_INFO_PROTOCOL:
       if (connection->tls_session == NULL)
 	return NULL;
-      return (const union MHD_ConnectionInfo *) &connection->
-        tls_session->security_parameters.version;
+      connection->protocol = gnutls_protocol_get_version (connection->tls_session);
+      return (const union MHD_ConnectionInfo *) &connection->protocol;
 #endif
     case MHD_CONNECTION_INFO_CLIENT_ADDRESS:
       return (const union MHD_ConnectionInfo *) &connection->addr;

src/daemon/connection_https.c

@@ -1,6 +1,6 @@
 /*
      This file is part of libmicrohttpd
-     (C) 2007, 2008 Daniel Pittman and Christian Grothoff
+     (C) 2007, 2008, 2010 Daniel Pittman and Christian Grothoff
 
      This library is free software; you can redistribute it and/or
      modify it under the terms of the GNU Lesser General Public
@@ -19,7 +19,7 @@
 */
 
 /**
- * @file connection.c
+ * @file connection_https.c
  * @brief  Methods for managing SSL/TLS connections. This file is only
  *         compiled if ENABLE_HTTPS is set.
  * @author Sagie Amir
@@ -31,13 +31,7 @@
 #include "memorypool.h"
 #include "response.h"
 #include "reason_phrase.h"
-
-/* get opaque type */
-#include "gnutls_int.h"
-#include "gnutls_record.h"
-
-/* TODO #include rm "gnutls_errors.h" */
-#include "gnutls_errors.h"
+#include <gnutls/gnutls.h>
 
 /**
  * This function is called once a secure connection has been marked
@@ -53,8 +47,8 @@ static void
 MHD_tls_connection_close (struct MHD_Connection *connection,
                           enum MHD_RequestTerminationCode termination_code)
 {
-  MHD__gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
-  connection->tls_session->internals.read_eof = 1;
+  gnutls_bye (connection->tls_session, GNUTLS_SHUT_WR);
+  /* connection->tls_session->internals.read_eof = 1; // FIXME_GHM: needed? */
   MHD_connection_close (connection, termination_code);
 }
 
@@ -107,6 +101,16 @@ MHD_tls_connection_handle_idle (struct MHD_Connection *connection)
   return MHD_YES;
 }
 
+/* FIXME_GHM: this is digging into gnutls/SSL internals
+   that is likely wrong... */
+/* Record Protocol */
+typedef enum content_type_t
+{
+  GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
+  GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
+  GNUTLS_INNER_APPLICATION = 24
+} content_type_t;
+
 /**
  * This function handles a particular SSL/TLS connection when
  * it has been determined that there is data to be read off a
@@ -157,7 +161,7 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
       if (connection->state == MHD_TLS_CONNECTION_INIT ||
           connection->state == MHD_TLS_HELLO_REQUEST)
         {
-          ret = MHD__gnutls_handshake (connection->tls_session);
+          ret = gnutls_handshake (connection->tls_session);
           if (ret == 0)
             {
               /* set connection state to enable HTTP processing */
@@ -194,13 +198,13 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
       return MHD_NO;
 
     case GNUTLS_ALERT:
+#if FIXME_GHM      
       /*
        * this call of MHD_gtls_recv_int expects 0 bytes read.
        * done to decrypt alert message
        */
-      MHD_gtls_recv_int (connection->tls_session, GNUTLS_ALERT,
-                         GNUTLS_HANDSHAKE_FINISHED, 0, 0);
-
+      gnutls_recv_int (connection->tls_session, GNUTLS_ALERT,
+		       GNUTLS_HANDSHAKE_FINISHED, 0, 0);
       /* CLOSE_NOTIFY */
       if (connection->tls_session->internals.last_alert ==
           GNUTLS_A_CLOSE_NOTIFY)
@@ -209,7 +213,8 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
           return MHD_YES;
         }
       /* non FATAL or WARNING */
-      else if (connection->tls_session->internals.last_alert_level !=
+      else
+	if (connection->tls_session->internals.last_alert_level !=
                GNUTLS_AL_FATAL)
         {
 #if HAVE_MESSAGES
@@ -239,12 +244,12 @@ MHD_tls_connection_handle_read (struct MHD_Connection *connection)
 #endif
           return MHD_NO;
         }
+#endif
 
 
       /* forward application level content to MHD */
     case GNUTLS_APPLICATION_DATA:
       return MHD_connection_handle_read (connection);
-
     case GNUTLS_INNER_APPLICATION:
       break;
     default:

src/daemon/daemon.c

@@ -32,8 +32,7 @@
 
 #if HTTPS_SUPPORT
 #include "connection_https.h"
-#include "gnutls_int.h"
-#include "gnutls_global.h"
+#include <gnutls/gnutls.h>
 #endif
 
 #ifdef HAVE_POLL_H
@@ -331,27 +330,7 @@ MHD_ip_limit_del(struct MHD_Daemon *daemon,
 }
 
 #if HTTPS_SUPPORT
-pthread_mutex_t MHD_gnutls_init_mutex;
-
-/**
- * Note: code duplication with code in MHD_gnutls_priority.c
- *
- * @return 0
- */
-static int
-_set_priority (MHD_gtls_priority_st * st, const int *list)
-{
-  int num = 0;
-
-  if (list == NULL)
-    return 0;
-  while ((list[num] != 0) && (num < MAX_ALGOS))
-    num++;
-  st->num_algorithms = num;
-  memcpy (st->priority, list, num * sizeof (int));
-  return 0;
-}
-
+static pthread_mutex_t MHD_gnutls_init_mutex;
 
 /**
  * Callback for receiving data from the socket.
@@ -364,7 +343,7 @@ _set_priority (MHD_gtls_priority_st * st, const int *list)
 static ssize_t
 recv_tls_adapter (struct MHD_Connection *connection, void *other, size_t i)
 {
-  return MHD__gnutls_record_recv (connection->tls_session, other, i);
+  return gnutls_record_recv (connection->tls_session, other, i);
 }
 
 /**
@@ -379,7 +358,7 @@ static ssize_t
 send_tls_adapter (struct MHD_Connection *connection,
                   const void *other, size_t i)
 {
-  return MHD__gnutls_record_send (connection->tls_session, other, i);
+  return gnutls_record_send (connection->tls_session, other, i);
 }
 
 
@@ -391,8 +370,8 @@ send_tls_adapter (struct MHD_Connection *connection,
 static int
 MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
 {
-  MHD_gnutls_datum_t key;
-  MHD_gnutls_datum_t cert;
+  gnutls_datum_t key;
+  gnutls_datum_t cert;
 
   /* certificate & key loaded from memory */
   if (daemon->https_mem_cert && daemon->https_mem_key)
@@ -402,7 +381,7 @@ MHD_init_daemon_certificate (struct MHD_Daemon *daemon)
       cert.data = (unsigned char *) daemon->https_mem_cert;
       cert.size = strlen (daemon->https_mem_cert);
 
-      return MHD__gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
+      return gnutls_certificate_set_x509_key_mem (daemon->x509_cred,
                                                        &cert, &key,
                                                        GNUTLS_X509_FMT_PEM);
     }
@@ -422,9 +401,9 @@ MHD_TLS_init (struct MHD_Daemon *daemon)
 {
   switch (daemon->cred_type)
     {
-    case MHD_GNUTLS_CRD_CERTIFICATE:
+    case GNUTLS_CRD_CERTIFICATE:
       if (0 !=
-          MHD__gnutls_certificate_allocate_credentials (&daemon->x509_cred))
+          gnutls_certificate_allocate_credentials (&daemon->x509_cred))
         return GNUTLS_E_MEMORY_ERROR;
       return MHD_init_daemon_certificate (daemon);
     default:
@@ -785,15 +764,13 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
       connection->send_cls = &send_tls_adapter;
       connection->state = MHD_TLS_CONNECTION_INIT;
       MHD_set_https_calbacks (connection);
-      MHD__gnutls_init (&connection->tls_session, GNUTLS_SERVER);
-      MHD__gnutls_priority_set (connection->tls_session,
-                                connection->daemon->priority_cache);
+      gnutls_init (&connection->tls_session, GNUTLS_SERVER);
       switch (connection->daemon->cred_type)
         {
           /* set needed credentials for certificate authentication. */
-        case MHD_GNUTLS_CRD_CERTIFICATE:
-          MHD__gnutls_credentials_set (connection->tls_session,
-                                       MHD_GNUTLS_CRD_CERTIFICATE,
+        case GNUTLS_CRD_CERTIFICATE:
+          gnutls_credentials_set (connection->tls_session,
+				  GNUTLS_CRD_CERTIFICATE,
                                        connection->daemon->x509_cred);
           break;
         default:
@@ -816,13 +793,13 @@ MHD_accept_connection (struct MHD_Daemon *daemon)
 		     );
  	  return MHD_NO;
         }
-      MHD__gnutls_transport_set_ptr (connection->tls_session,
-                                     (MHD_gnutls_transport_ptr_t) connection);
-      MHD__gnutls_transport_set_pull_function (connection->tls_session,
-                                               (MHD_gtls_pull_func) &
+      gnutls_transport_set_ptr (connection->tls_session,
+				(gnutls_transport_ptr_t) connection);
+      gnutls_transport_set_pull_function (connection->tls_session,
+					  (gnutls_pull_func) &
                                                recv_param_adapter);
-      MHD__gnutls_transport_set_push_function (connection->tls_session,
-                                               (MHD_gtls_push_func) &
+      gnutls_transport_set_push_function (connection->tls_session,
+					  (gnutls_push_func) &
                                                send_param_adapter);
     }
 #endif
@@ -893,7 +870,7 @@ MHD_cleanup_connections (struct MHD_Daemon *daemon)
           MHD_pool_destroy (pos->pool);
 #if HTTPS_SUPPORT
           if (pos->tls_session != NULL)
-            MHD__gnutls_deinit (pos->tls_session);
+            gnutls_deinit (pos->tls_session);
 #endif
           MHD_ip_limit_del (daemon, (struct sockaddr*)pos->addr, pos->addr_len);
           free (pos->addr);
@@ -1265,9 +1242,8 @@ parse_options_va (struct MHD_Daemon *daemon,
           break;
 #if HTTPS_SUPPORT
         case MHD_OPTION_PROTOCOL_VERSION:
-	  if (daemon->options & MHD_USE_SSL)
-	    _set_priority (&daemon->priority_cache->protocol,
-			   va_arg (ap, const int *));
+	  FPRINTF (stderr,
+		   "Protocol version setting currently not supported.\n");
 #if HAVE_MESSAGES
 	  else
 	    FPRINTF (stderr,
@@ -1296,9 +1272,8 @@ parse_options_va (struct MHD_Daemon *daemon,
 #endif
           break;
         case MHD_OPTION_CIPHER_ALGORITHM:
-	  if (daemon->options & MHD_USE_SSL)
-	    _set_priority (&daemon->priority_cache->cipher,
-			   va_arg (ap, const int *));
+	  FPRINTF (stderr,
+		   "CIPHER setting currently not supported\n");
 #if HAVE_MESSAGES
 	  else
 	    FPRINTF (stderr,
@@ -1478,9 +1453,7 @@ MHD_start_daemon_va (unsigned int options,
 #endif
 	  mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL);
 	}
-      /* set default priorities */
-      MHD_tls_set_default_priority (&retVal->priority_cache, "", NULL);
-      retVal->cred_type = MHD_GNUTLS_CRD_CERTIFICATE;
+      retVal->cred_type = GNUTLS_CRD_CERTIFICATE;
     }
 #endif
 
@@ -1874,9 +1847,8 @@ MHD_stop_daemon (struct MHD_Daemon *daemon)
 #if HTTPS_SUPPORT
   if (daemon->options & MHD_USE_SSL)
     {
-      MHD__gnutls_priority_deinit (daemon->priority_cache);
       if (daemon->x509_cred)
-        MHD__gnutls_certificate_free_credentials (daemon->x509_cred);
+        gnutls_certificate_free_credentials (daemon->x509_cred);
       /* lock MHD_gnutls_global mutex since it uses reference counting */
       if (0 != pthread_mutex_lock (&MHD_gnutls_init_mutex))
 	{
@@ -1993,7 +1965,7 @@ void ATTRIBUTE_CONSTRUCTOR MHD_init ()
   plibc_init ("GNU", "libmicrohttpd");
 #endif
 #if HTTPS_SUPPORT
-  MHD__gnutls_global_init ();
+  gnutls_global_init ();
   if (0 != pthread_mutex_init(&MHD_gnutls_init_mutex, NULL))
     abort();
 #endif
@@ -2002,7 +1974,7 @@ void ATTRIBUTE_CONSTRUCTOR MHD_init ()
 void ATTRIBUTE_DESTRUCTOR MHD_fini ()
 {
 #if HTTPS_SUPPORT
-  MHD__gnutls_global_deinit ();
+  gnutls_global_deinit ();
   if (0 != pthread_mutex_destroy(&MHD_gnutls_init_mutex))
     mhd_panic (mhd_panic_cls, __FILE__, __LINE__, NULL);
 #endif

src/daemon/https/Makefile.am

@@ -1,3 +0,0 @@
-EXTRA_DIST = gnutls.h
-
-SUBDIRS = minitasn1 lgl x509 tls .

src/daemon/https/gnutls.h

@@ -1,697 +0,0 @@
-/* -*- c -*-
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavroyanopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
- * USA
- *
- */
-
-/* This file contains the types and prototypes for all the
- * high level functionality of gnutls main library. For the
- * extra functionality (which is under the GNU GPL license) check
- * the gnutls/extra.h header. The openssl compatibility layer is
- * in gnutls/openssl.h.
- *
- * The low level cipher functionality is in libgcrypt. Check
- * gcrypt.h
- */
-
-#ifndef GNUTLS_H
-#define GNUTLS_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0                           /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-
-/**
- * List of key exchange algorithms.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-{
-  MHD_GNUTLS_KX_UNKNOWN = 0,
-  MHD_GNUTLS_KX_RSA = 1,
-};
-
-/**
- * Server credentials type (note that not all types
- * maybe supported by all MHD builds).
- */
-enum MHD_GNUTLS_CredentialsType
-{
-  /**
-   * We have a x.509 certificate.
-   */
-  MHD_GNUTLS_CRD_CERTIFICATE = 1,
-
-};
-
-/**
- * Enumeration of possible cryptographic
- * hash functions (for MAC and Digest operations).
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_HashAlgorithm
-{
-  MHD_GNUTLS_MAC_UNKNOWN = 0,
-  MHD_GNUTLS_MAC_NULL = 1,
-  MHD_GNUTLS_MAC_MD5,
-  MHD_GNUTLS_MAC_SHA1,
-  MHD_GNUTLS_MAC_SHA256
-};
-
-/**
- * List of compression methods.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_CompressionMethod
-{
-  MHD_GNUTLS_COMP_UNKNOWN = 0,
-
-  /**
-   * No compression.
-   */
-  MHD_GNUTLS_COMP_NULL = 1,
-
-};
-/**
- * Types of certificates.
- */
-enum MHD_GNUTLS_CertificateType
-{
-  MHD_GNUTLS_CRT_UNKNOWN = 0,
-  MHD_GNUTLS_CRT_X509 = 1
-};
-
-/**
- * List of public key algorithms.
- * Note that not all listed algorithms are necessarily
- * supported by all builds of MHD.
- */
-enum MHD_GNUTLS_PublicKeyAlgorithm
-{
-  MHD_GNUTLS_PK_UNKNOWN = 0,
-  MHD_GNUTLS_PK_RSA = 1,
-  MHD_GNUTLS_KX_RSA_EXPORT
-};
-
-
-
-#define LIBGNUTLS_VERSION "2.2.3"
-
-/* Get size_t. */
-#include <stddef.h>
-
-#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
-#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
-#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
-#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
-
-#define GNUTLS_MAX_SESSION_ID 32
-#define TLS_MASTER_SIZE 48
-#define TLS_RANDOM_SIZE 32
-
-#include "platform.h"
-#include "microhttpd.h"
-
-typedef enum
-{
-  GNUTLS_PARAMS_RSA_EXPORT = 1,
-  GNUTLS_PARAMS_DH
-} MHD_gnutls_params_type_t;
-
-  /* exported for other gnutls headers. This is the maximum number of
-   * algorithms (ciphers, kx or macs).
-   */
-#define GNUTLS_MAX_ALGORITHM_NUM 16
-#define GNUTLS_COMP_ZLIB GNUTLS_COMP_DEFLATE
-
-typedef enum
-{
-  GNUTLS_SERVER = 1,
-  GNUTLS_CLIENT
-} MHD_gnutls_connection_end_t;
-
-typedef enum
-{
-  GNUTLS_AL_WARNING = 1,
-  GNUTLS_AL_FATAL
-} MHD_gnutls_alert_level_t;
-
-typedef enum
-{
-  GNUTLS_A_CLOSE_NOTIFY,
-  GNUTLS_A_UNEXPECTED_MESSAGE = 10,
-  GNUTLS_A_BAD_RECORD_MAC = 20,
-  GNUTLS_A_DECRYPTION_FAILED,
-  GNUTLS_A_RECORD_OVERFLOW,
-  GNUTLS_A_DECOMPRESSION_FAILURE = 30,
-  GNUTLS_A_HANDSHAKE_FAILURE = 40,
-  GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
-  GNUTLS_A_BAD_CERTIFICATE = 42,
-  GNUTLS_A_UNSUPPORTED_CERTIFICATE,
-  GNUTLS_A_CERTIFICATE_REVOKED,
-  GNUTLS_A_CERTIFICATE_EXPIRED,
-  GNUTLS_A_CERTIFICATE_UNKNOWN,
-  GNUTLS_A_ILLEGAL_PARAMETER,
-  GNUTLS_A_UNKNOWN_CA,
-  GNUTLS_A_ACCESS_DENIED,
-  GNUTLS_A_DECODE_ERROR = 50,
-  GNUTLS_A_DECRYPT_ERROR,
-  GNUTLS_A_EXPORT_RESTRICTION = 60,
-  GNUTLS_A_PROTOCOL_VERSION = 70,
-  GNUTLS_A_INSUFFICIENT_SECURITY,
-  GNUTLS_A_INTERNAL_ERROR = 80,
-  GNUTLS_A_USER_CANCELED = 90,
-  GNUTLS_A_NO_RENEGOTIATION = 100,
-  GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
-  GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
-  GNUTLS_A_UNRECOGNIZED_NAME = 112,
-  GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
-} MHD_gnutls_alert_description_t;
-
-typedef enum
-{ GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
-  GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
-  GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
-  GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
-  GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
-  GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
-  GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
-  GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
-  GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
-  GNUTLS_HANDSHAKE_FINISHED = 20,
-  GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
-} MHD_gnutls_handshake_description_t;
-
-typedef enum
-{
-  GNUTLS_CERT_INVALID = 2,      /* will be set if the certificate
-                                 * was not verified.
-                                 */
-  GNUTLS_CERT_REVOKED = 32,     /* in X.509 this will be set only if CRLs are checked
-                                 */
-
-  /* Those are extra information about the verification
-   * process. Will be set only if the certificate was
-   * not verified.
-   */
-  GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
-  GNUTLS_CERT_SIGNER_NOT_CA = 128,
-  GNUTLS_CERT_INSECURE_ALGORITHM = 256
-} MHD_gnutls_certificate_status_t;
-
-typedef enum
-{
-  GNUTLS_CERT_IGNORE,
-  GNUTLS_CERT_REQUEST = 1,
-  GNUTLS_CERT_REQUIRE
-} MHD_gnutls_certificate_request_t;
-
-typedef enum
-{
-  GNUTLS_SHUT_RDWR = 0,
-  GNUTLS_SHUT_WR = 1
-} MHD_gnutls_close_request_t;
-
-typedef enum
-{
-  GNUTLS_X509_FMT_DER,
-  GNUTLS_X509_FMT_PEM
-} MHD_gnutls_x509_crt_fmt_t;
-
-typedef enum
-{
-  GNUTLS_SIGN_UNKNOWN = 0,
-  GNUTLS_SIGN_RSA_SHA1 = 1,
-  GNUTLS_SIGN_DSA_SHA1,
-  GNUTLS_SIGN_RSA_MD5,
-  GNUTLS_SIGN_RSA_MD2,
-  GNUTLS_SIGN_RSA_RMD160,
-  GNUTLS_SIGN_RSA_SHA256,
-  GNUTLS_SIGN_RSA_SHA384,
-  GNUTLS_SIGN_RSA_SHA512
-} MHD_gnutls_sign_algorithm_t;
-
-/* If you want to change this, then also change the define in
- * MHD_gnutls_int.h, and recompile.
- */
-typedef void *MHD_gnutls_transport_ptr_t;
-
-struct MHD_gtls_session_int;
-typedef struct MHD_gtls_session_int *MHD_gtls_session_t;
-
-struct MHD_gtls_dh_params_int;
-typedef struct MHD_gtls_dh_params_int *MHD_gtls_dh_params_t;
-
-struct MHD_gtls_x509_privkey_int;       /* XXX ugly. */
-typedef struct MHD_gtls_x509_privkey_int *MHD_gtls_rsa_params_t;        /* XXX ugly. */
-
-struct MHD_gtls_priority_st;
-typedef struct MHD_gtls_priority_st *MHD_gnutls_priority_t;
-
-typedef struct
-{
-  unsigned char *data;
-  unsigned int size;
-} MHD_gnutls_datum_t;
-
-
-typedef struct MHD_gnutls_params_st
-{
-  MHD_gnutls_params_type_t type;
-  union params
-  {
-    MHD_gtls_dh_params_t dh;
-    MHD_gtls_rsa_params_t rsa_export;
-  } params;
-  int deinit;
-} MHD_gnutls_params_st;
-
-typedef int MHD_gnutls_params_function (MHD_gtls_session_t,
-                                        MHD_gnutls_params_type_t,
-                                        MHD_gnutls_params_st *);
-
-/* internal functions */
-int MHD__gnutls_global_init (void);
-void MHD__gnutls_global_deinit (void);
-
-int MHD__gnutls_init (MHD_gtls_session_t * session,
-                      MHD_gnutls_connection_end_t con_end);
-void MHD__gnutls_deinit (MHD_gtls_session_t session);
-
-int MHD__gnutls_bye (MHD_gtls_session_t session,
-                     MHD_gnutls_close_request_t how);
-int MHD__gnutls_handshake (MHD_gtls_session_t session);
-int MHD__gnutls_rehandshake (MHD_gtls_session_t session);
-
-MHD_gnutls_alert_description_t MHD_gnutls_alert_get (MHD_gtls_session_t
-                                                     session);
-int MHD__gnutls_alert_send (MHD_gtls_session_t session,
-                            MHD_gnutls_alert_level_t level,
-                            MHD_gnutls_alert_description_t desc);
-int MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err);
-const char *MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert);
-
-size_t MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm
-                                        algorithm);
-
-  /* error functions */
-int MHD_gtls_error_is_fatal (int error);
-int MHD_gtls_error_to_alert (int err, int *level);
-void MHD_gtls_perror (int error);
-const char *MHD_gtls_strerror (int error);
-
-/*
- * Record layer functions.
- */
-ssize_t MHD__gnutls_record_send (MHD_gtls_session_t session,
-                                 const void *data, size_t sizeofdata);
-ssize_t MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data,
-                                 size_t sizeofdata);
-
-  /* provides extra compatibility */
-int MHD__gnutls_record_get_direction (MHD_gtls_session_t session);
-
-/*
- * TLS Extensions
- */
-typedef enum
-{
-  GNUTLS_NAME_DNS = 1
-} MHD_gnutls_server_name_type_t;
-
-  /* Supplemental data, RFC 4680. */
-typedef enum
-{
-  GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
-} MHD_gnutls_supplemental_data_format_type_t;
-
-
-int MHD_tls_set_default_priority (MHD_gnutls_priority_t *,
-                                  const char *priority, const char **err_pos);
-void MHD__gnutls_priority_deinit (MHD_gnutls_priority_t);
-
-int MHD__gnutls_priority_set (MHD_gtls_session_t session,
-                              MHD_gnutls_priority_t);
-int MHD__gnutls_priority_set_direct (MHD_gtls_session_t session,
-                                     const char *priority,
-                                     const char **err_pos);
-
-/* get the currently used protocol version */
-enum MHD_GNUTLS_Protocol
-MHD__gnutls_protocol_get_version (MHD_gtls_session_t session);
-
-typedef
-  int (*MHD_gnutls_handshake_post_client_hello_func) (MHD_gtls_session_t);
-void MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t
-                                                  session, size_t max);
-
-/*
- * Functions for setting/clearing credentials
- */
-void MHD__gnutls_credentials_clear (MHD_gtls_session_t session);
-
-/*
- * cred is a structure defined by the kx algorithm
- */
-int MHD__gnutls_credentials_set (MHD_gtls_session_t session,
-                                 enum MHD_GNUTLS_CredentialsType type,
-                                 void *cred);
-
-/* Credential structures - used in MHD__gnutls_credentials_set(); */
-struct MHD_gtls_certificate_credentials_st;
-typedef struct MHD_gtls_certificate_credentials_st
-  *MHD_gtls_cert_credentials_t;
-typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials;
-typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials;
-
-void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t
-                                               sc);
-int
-MHD__gnutls_certificate_allocate_credentials (MHD_gtls_cert_credentials_t
-                                              * res);
-
-void MHD__gnutls_certificate_free_keys (MHD_gtls_cert_credentials_t sc);
-void MHD__gnutls_certificate_free_cas (MHD_gtls_cert_credentials_t sc);
-void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc);
-
-int MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t
-                                              res,
-                                              const MHD_gnutls_datum_t *
-                                              CERT,
-                                              const MHD_gnutls_datum_t *
-                                              KEY,
-                                              MHD_gnutls_x509_crt_fmt_t type);
-
-void MHD__gnutls_certificate_send_x509_rdn_sequence (MHD_gtls_session_t
-                                                     session, int status);
-
-/*
- * New functions to allow setting already parsed X.509 stuff.
- */
-struct MHD_gtls_x509_privkey_int;
-typedef struct MHD_gtls_x509_privkey_int *MHD_gnutls_x509_privkey_t;
-
-struct MHD_gnutls_x509_crl_int;
-typedef struct MHD_gnutls_x509_crl_int *MHD_gnutls_x509_crl_t;
-
-struct MHD_gnutls_x509_crt_int;
-typedef struct MHD_gnutls_x509_crt_int *MHD_gnutls_x509_crt_t;
-
-/* global state functions
- */
-
-
-typedef void *(*MHD_gnutls_alloc_function) (size_t);
-typedef int (*MHD_gnutls_is_secure_function) (const void *);
-typedef void *(*MHD_gnutls_calloc_function) (size_t, size_t);
-typedef void (*MHD_gnutls_free_function) (void *);
-typedef void *(*MHD_gnutls_realloc_function) (void *, size_t);
-
-/* For use in callbacks */
-extern MHD_gnutls_alloc_function MHD_gnutls_malloc;
-extern MHD_gnutls_alloc_function MHD_gnutls_secure_malloc;
-extern MHD_gnutls_realloc_function MHD_gnutls_realloc;
-extern MHD_gnutls_calloc_function MHD_gnutls_calloc;
-extern MHD_gnutls_free_function MHD_gnutls_free;
-
-typedef void (*MHD_gnutls_log_func) (int, const char *);
-void MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func);
-void MHD_gtls_global_set_log_level (int level);
-
-/*
- * Diffie Hellman parameter handling.
- */
-int MHD__gnutls_dh_params_init (MHD_gtls_dh_params_t * dh_params);
-void MHD__gnutls_dh_params_deinit (MHD_gtls_dh_params_t dh_params);
-
-
-/* RSA params */
-int MHD__gnutls_rsa_params_init (MHD_gtls_rsa_params_t * rsa_params);
-void MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params);
-int MHD__gnutls_rsa_params_generate2 (MHD_gtls_rsa_params_t params,
-                                      unsigned int bits);
-
-
-/*
- * Session stuff
- */
-typedef ssize_t (*MHD_gtls_pull_func) (MHD_gnutls_transport_ptr_t, void *,
-                                       size_t);
-typedef ssize_t (*MHD_gtls_push_func) (MHD_gnutls_transport_ptr_t,
-                                       const void *, size_t);
-void MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
-                                    MHD_gnutls_transport_ptr_t ptr);
-void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num);
-
-
-void MHD__gnutls_transport_set_push_function (MHD_gtls_session_t session,
-                                              MHD_gtls_push_func push_func);
-void MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session,
-                                              MHD_gtls_pull_func pull_func);
-
-typedef enum MHD_gnutls_x509_subject_alt_name_t
-{
-  GNUTLS_SAN_DNSNAME = 1,
-  GNUTLS_SAN_RFC822NAME,
-  GNUTLS_SAN_URI,
-  GNUTLS_SAN_IPADDRESS,
-  GNUTLS_SAN_OTHERNAME,
-  GNUTLS_SAN_DN,
-  /* The following are "virtual" subject alternative name types, in
-     that they are represented by an otherName value and an OID.
-     Used by MHD_gnutls_x509_crt_get_subject_alt_othername_oid().  */
-  GNUTLS_SAN_OTHERNAME_XMPP = 1000
-} MHD_gnutls_x509_subject_alt_name_t;
-
-typedef struct MHD_gnutls_retr_st
-{
-  enum MHD_GNUTLS_CertificateType type;
-  union cert
-  {
-    MHD_gnutls_x509_crt_t *x509;
-  } cert;
-  unsigned int ncerts;
-
-  union key
-  {
-    MHD_gnutls_x509_privkey_t x509;
-  } key;
-
-  unsigned int deinit_all;      /* if non zero all keys will be deinited */
-} MHD_gnutls_retr_st;
-
-typedef int
-MHD_gnutls_certificate_client_retrieve_function (MHD_gtls_session_t,
-                                                 const MHD_gnutls_datum_t
-                                                 * req_ca_rdn, int nreqs,
-                                                 const enum
-                                                 MHD_GNUTLS_PublicKeyAlgorithm
-                                                 *pk_algos,
-                                                 int pk_algos_length,
-                                                 MHD_gnutls_retr_st *);
-
-typedef int
-MHD_gnutls_certificate_server_retrieve_function (MHD_gtls_session_t,
-                                                 MHD_gnutls_retr_st *);
-
-  /*
-   * Functions that allow auth_info_t structures handling
-   */
-enum MHD_GNUTLS_CredentialsType MHD_gtls_auth_get_type (MHD_gtls_session_t
-                                                        session);
-  /*
-   * DH
-   */
-void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session,
-                                    unsigned int bits);
-
-  /* External signing callback.  Experimental. */
-typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session,
-                                     void *userdata,
-                                     enum MHD_GNUTLS_CertificateType
-                                     cert_type,
-                                     const MHD_gnutls_datum_t * cert,
-                                     const MHD_gnutls_datum_t * hash,
-                                     MHD_gnutls_datum_t * signature);
-
-  /* key_usage will be an OR of the following values: */
-  /* when the key is to be used for signing: */
-#define GNUTLS_KEY_DIGITAL_SIGNATURE	128
-#define GNUTLS_KEY_NON_REPUDIATION	64
-  /* when the key is to be used for encryption: */
-#define GNUTLS_KEY_KEY_ENCIPHERMENT	32
-#define GNUTLS_KEY_DATA_ENCIPHERMENT	16
-#define GNUTLS_KEY_KEY_AGREEMENT	8
-#define GNUTLS_KEY_KEY_CERT_SIGN	4
-#define GNUTLS_KEY_CRL_SIGN		2
-#define GNUTLS_KEY_ENCIPHER_ONLY	1
-#define GNUTLS_KEY_DECIPHER_ONLY	32768
-
-  /*
-   * Error codes. TLS alert mapping shown in comments.
-   */
-#define GNUTLS_E_SUCCESS 0
-#define	GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
-#define	GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
-#define	GNUTLS_E_LARGE_PACKET -7
-#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8  /* GNUTLS_A_PROTOCOL_VERSION */
-#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9    /* GNUTLS_A_RECORD_OVERFLOW */
-#define GNUTLS_E_INVALID_SESSION -10
-#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
-#define GNUTLS_E_UNEXPECTED_PACKET -15  /* GNUTLS_A_UNEXPECTED_MESSAGE */
-#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
-#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
-#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
-#define	GNUTLS_E_UNKNOWN_CIPHER_SUITE -21       /* GNUTLS_A_HANDSHAKE_FAILURE */
-#define	GNUTLS_E_UNWANTED_ALGORITHM -22
-#define	GNUTLS_E_MPI_SCAN_FAILED -23
-#define GNUTLS_E_DECRYPTION_FAILED -24  /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
-#define GNUTLS_E_MEMORY_ERROR -25
-#define GNUTLS_E_DECOMPRESSION_FAILED -26       /* GNUTLS_A_DECOMPRESSION_FAILURE */
-#define GNUTLS_E_COMPRESSION_FAILED -27
-#define GNUTLS_E_AGAIN -28
-#define GNUTLS_E_EXPIRED -29
-#define GNUTLS_E_DB_ERROR -30
-#define GNUTLS_E_SRP_PWD_ERROR -31
-#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
-#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS      /* for backwards compatibility only */
-#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
-#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS     /* for backwards compatibility only */
-
-#define GNUTLS_E_HASH_FAILED -33
-#define GNUTLS_E_BASE64_DECODING_ERROR -34
-
-#define	GNUTLS_E_MPI_PRINT_FAILED -35
-#define GNUTLS_E_REHANDSHAKE -37        /* GNUTLS_A_NO_RENEGOTIATION */
-#define GNUTLS_E_GOT_APPLICATION_DATA -38
-#define GNUTLS_E_RECORD_LIMIT_REACHED -39
-#define GNUTLS_E_ENCRYPTION_FAILED -40
-
-#define GNUTLS_E_PK_ENCRYPTION_FAILED -44
-#define GNUTLS_E_PK_DECRYPTION_FAILED -45
-#define GNUTLS_E_PK_SIGN_FAILED -46
-#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
-#define GNUTLS_E_KEY_USAGE_VIOLATION -48
-#define GNUTLS_E_NO_CERTIFICATE_FOUND -49       /* GNUTLS_A_BAD_CERTIFICATE */
-#define GNUTLS_E_INVALID_REQUEST -50
-#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
-#define GNUTLS_E_INTERRUPTED -52
-#define GNUTLS_E_PUSH_ERROR -53
-#define GNUTLS_E_PULL_ERROR -54
-#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
-#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
-#define GNUTLS_E_PKCS1_WRONG_PAD -57
-#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
-#define GNUTLS_E_INTERNAL_ERROR -59
-#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
-#define GNUTLS_E_FILE_ERROR -64
-#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
-#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
-
-
-  /* returned if libextra functionality was requested but
-   * MHD_gnutls_global_init_extra() was not called.
-   */
-#define GNUTLS_E_INIT_LIBEXTRA -82
-#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
-
-
-  /* returned if you need to generate temporary RSA
-   * parameters. These are needed for export cipher suites.
-   */
-#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
-
-#define GNUTLS_E_LZO_INIT_FAILED -85
-#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
-#define GNUTLS_E_NO_CIPHER_SUITES -87
-
-#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
-
-#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
-#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
-#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
-
-  /* For certificate and key stuff
-   */
-#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
-#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
-#define GNUTLS_E_ASN1_DER_ERROR -69
-#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
-#define GNUTLS_E_ASN1_GENERIC_ERROR -71
-#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
-#define GNUTLS_E_ASN1_TAG_ERROR -73
-#define GNUTLS_E_ASN1_TAG_IMPLICIT -74
-#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
-#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
-#define GNUTLS_E_ASN1_DER_OVERFLOW -77
-#define GNUTLS_E_CERTIFICATE_ERROR -43
-#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
-#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
-#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61       /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
-#define GNUTLS_E_X509_UNKNOWN_SAN -62
-#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
-#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
-#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
-#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
-#define GNUTLS_E_INVALID_PASSWORD -99
-#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
-#define GNUTLS_E_CONSTRAINT_ERROR -101
-
-#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
-#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
-
-#define GNUTLS_E_IA_VERIFY_FAILED -104
-
-#define GNUTLS_E_UNKNOWN_ALGORITHM -105
-
-#define GNUTLS_E_BASE64_ENCODING_ERROR -201
-#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202       /* obsolete */
-#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
-#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
-
-#define GNUTLS_E_X509_UNSUPPORTED_OID -205
-
-#define GNUTLS_E_RANDOM_FAILED -206
-#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
-
-
-#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
-
-#define GNUTLS_E_APPLICATION_ERROR_MAX -65000
-#define GNUTLS_E_APPLICATION_ERROR_MIN -65500
-
-
-#if 0                           /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* GNUTLS_H */

src/daemon/https/lgl/Makefile.am

@@ -1,13 +0,0 @@
-AM_CPPFLAGS = \
-  -I$(top_srcdir)/src/include @LIBGCRYPT_CFLAGS@
-
-if USE_COVERAGE
-  AM_CFLAGS = -fprofile-arcs -ftest-coverage
-endif
-
-noinst_LTLIBRARIES = liblgl.la
-
-liblgl_la_SOURCES = \
-  gc-libgcrypt.c \
-  gc.h
-liblgl_la_LIBADD = @LIBGCRYPT_LIBS@

src/daemon/https/lgl/gc-libgcrypt.c

@@ -1,407 +0,0 @@
-/* gc-libgcrypt.c --- Crypto wrappers around Libgcrypt for GC.
- * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007  Simon Josefsson
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2.1, or (at your
- * option) any later version.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- *
- */
-
-/* Note: This file is only built if GC uses Libgcrypt. */
-
-#include "MHD_config.h"
-
-/* Get prototype. */
-#include "gc.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-/* Get libgcrypt API. */
-#include <gcrypt.h>
-
-#include <assert.h>
-
-/* Initialization. */
-
-Gc_rc
-MHD_gc_init (void)
-{
-  gcry_error_t err;
-
-  err = gcry_control (GCRYCTL_ANY_INITIALIZATION_P);
-  if (err == GPG_ERR_NO_ERROR)
-    {
-      if (gcry_check_version (GCRYPT_VERSION) == NULL)
-        return GC_INIT_ERROR;
-
-      err = gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
-      if (err != GPG_ERR_NO_ERROR)
-        return GC_INIT_ERROR;
-    }
-  return GC_OK;
-}
-
-void
-MHD_gc_done (void)
-{
-  return;
-}
-
-#ifdef GNULIB_GC_RANDOM
-
-/* Randomness. */
-
-Gc_rc
-MHD_gc_nonce (char *data, size_t datalen)
-{
-  gcry_create_nonce ((unsigned char *) data, datalen);
-  return GC_OK;
-}
-
-Gc_rc
-MHD_gc_pseudo_random (char *data, size_t datalen)
-{
-  gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM);
-  return GC_OK;
-}
-
-#endif
-
-/* Memory allocation. */
-
-/* Ciphers. */
-
-Gc_rc
-MHD_gc_cipher_open (Gc_cipher alg,
-                    Gc_cipher_mode mode, MHD_gc_cipher_handle * outhandle)
-{
-  int gcryalg, gcrymode;
-  gcry_error_t err;
-
-  switch (alg)
-    {
-    case GC_AES128:
-      gcryalg = GCRY_CIPHER_RIJNDAEL;
-      break;
-
-    case GC_AES192:
-      gcryalg = GCRY_CIPHER_RIJNDAEL;
-      break;
-
-    case GC_AES256:
-      gcryalg = GCRY_CIPHER_RIJNDAEL256;
-      break;
-
-    case GC_3DES:
-      gcryalg = GCRY_CIPHER_3DES;
-      break;
-
-    case GC_DES:
-      gcryalg = GCRY_CIPHER_DES;
-      break;
-
-    case GC_ARCFOUR128:
-    case GC_ARCFOUR40:
-      gcryalg = GCRY_CIPHER_ARCFOUR;
-      break;
-
-    case GC_ARCTWO40:
-      gcryalg = GCRY_CIPHER_RFC2268_40;
-      break;
-
-    default:
-      return GC_INVALID_CIPHER;
-    }
-
-  switch (mode)
-    {
-    case GC_ECB:
-      gcrymode = GCRY_CIPHER_MODE_ECB;
-      break;
-
-    case GC_CBC:
-      gcrymode = GCRY_CIPHER_MODE_CBC;
-      break;
-
-    case GC_STREAM:
-      gcrymode = GCRY_CIPHER_MODE_STREAM;
-      break;
-
-    default:
-      return GC_INVALID_CIPHER;
-    }
-
-  err =
-    gcry_cipher_open ((gcry_cipher_hd_t *) outhandle, gcryalg, gcrymode, 0);
-  if (gcry_err_code (err))
-    return GC_INVALID_CIPHER;
-
-  return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen,
-                      const char *key)
-{
-  gcry_error_t err;
-
-  err = gcry_cipher_setkey ((gcry_cipher_hd_t) handle, key, keylen);
-  if (gcry_err_code (err))
-    return GC_INVALID_CIPHER;
-
-  return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen,
-                     const char *iv)
-{
-  gcry_error_t err;
-
-  err = gcry_cipher_setiv ((gcry_cipher_hd_t) handle, iv, ivlen);
-  if (gcry_err_code (err))
-    return GC_INVALID_CIPHER;
-
-  return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len,
-                              char *data)
-{
-  if (gcry_cipher_encrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) !=
-      0)
-    return GC_INVALID_CIPHER;
-
-  return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len,
-                              char *data)
-{
-  if (gcry_cipher_decrypt ((gcry_cipher_hd_t) handle, data, len, NULL, len) !=
-      0)
-    return GC_INVALID_CIPHER;
-
-  return GC_OK;
-}
-
-Gc_rc
-MHD_gc_cipher_close (MHD_gc_cipher_handle handle)
-{
-  gcry_cipher_close (handle);
-
-  return GC_OK;
-}
-
-/* Hashes. */
-
-typedef struct _MHD_gc_hash_ctx
-{
-  Gc_hash alg;
-  Gc_hash_mode mode;
-  gcry_md_hd_t gch;
-} _MHD_gc_hash_ctx;
-
-Gc_rc
-MHD_gc_hash_open (Gc_hash hash, Gc_hash_mode mode,
-                  MHD_gc_hash_handle * outhandle)
-{
-  _MHD_gc_hash_ctx *ctx;
-  int gcryalg = 0, gcrymode = 0;
-  gcry_error_t err;
-  Gc_rc rc = GC_OK;
-
-  ctx = calloc (sizeof (*ctx), 1);
-  if (!ctx)
-    return GC_MALLOC_ERROR;
-
-  ctx->alg = hash;
-  ctx->mode = mode;
-
-  switch (hash)
-    {
-    case GC_MD2:
-      gcryalg = GCRY_MD_NONE;
-      break;
-
-    case GC_MD4:
-      gcryalg = GCRY_MD_MD4;
-      break;
-
-    case GC_MD5:
-      gcryalg = GCRY_MD_MD5;
-      break;
-
-    case GC_SHA1:
-      gcryalg = GCRY_MD_SHA1;
-      break;
-
-    case GC_SHA256:
-      gcryalg = GCRY_MD_SHA256;
-      break;
-
-    case GC_SHA384:
-      gcryalg = GCRY_MD_SHA384;
-      break;
-
-    case GC_SHA512:
-      gcryalg = GCRY_MD_SHA512;
-      break;
-
-    case GC_RMD160:
-      gcryalg = GCRY_MD_RMD160;
-      break;
-
-    default:
-      rc = GC_INVALID_HASH;
-    }
-
-  switch (mode)
-    {
-    case 0:
-      gcrymode = 0;
-      break;
-
-    case GC_HMAC:
-      gcrymode = GCRY_MD_FLAG_HMAC;
-      break;
-
-    default:
-      rc = GC_INVALID_HASH;
-    }
-
-  if (rc == GC_OK && gcryalg != GCRY_MD_NONE)
-    {
-      err = gcry_md_open (&ctx->gch, gcryalg, gcrymode);
-      if (gcry_err_code (err))
-        rc = GC_INVALID_HASH;
-    }
-
-  if (rc == GC_OK)
-    *outhandle = ctx;
-  else
-    free (ctx);
-
-  return rc;
-}
-
-Gc_rc
-MHD_gc_hash_clone (MHD_gc_hash_handle handle, MHD_gc_hash_handle * outhandle)
-{
-  _MHD_gc_hash_ctx *in = handle;
-  _MHD_gc_hash_ctx *out;
-  int err;
-
-  *outhandle = out = calloc (sizeof (*out), 1);
-  if (!out)
-    return GC_MALLOC_ERROR;
-
-  memcpy (out, in, sizeof (*out));
-
-  err = gcry_md_copy (&out->gch, in->gch);
-  if (err)
-    {
-      free (out);
-      return GC_INVALID_HASH;
-    }
-
-  return GC_OK;
-}
-
-size_t
-MHD_gc_hash_digest_length (Gc_hash hash)
-{
-  size_t len;
-
-  switch (hash)
-    {
-    case GC_MD2:
-      len = GC_MD2_DIGEST_SIZE;
-      break;
-
-    case GC_MD4:
-      len = GC_MD4_DIGEST_SIZE;
-      break;
-
-    case GC_MD5:
-      len = GC_MD5_DIGEST_SIZE;
-      break;
-
-    case GC_RMD160:
-      len = GC_RMD160_DIGEST_SIZE;
-      break;
-
-    case GC_SHA1:
-      len = GC_SHA1_DIGEST_SIZE;
-      break;
-
-    case GC_SHA256:
-      len = GC_SHA256_DIGEST_SIZE;
-      break;
-
-    case GC_SHA384:
-      len = GC_SHA384_DIGEST_SIZE;
-      break;
-
-    case GC_SHA512:
-      len = GC_SHA512_DIGEST_SIZE;
-      break;
-
-    default:
-      return 0;
-    }
-
-  return len;
-}
-
-void
-MHD_gc_hash_MHD_hmac_setkey (MHD_gc_hash_handle handle, size_t len,
-                             const char *key)
-{
-  _MHD_gc_hash_ctx *ctx = handle;
-  gcry_md_setkey (ctx->gch, key, len);
-}
-
-void
-MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, const char *data)
-{
-  _MHD_gc_hash_ctx *ctx = handle;
-  gcry_md_write (ctx->gch, data, len);
-}
-
-const char *
-MHD_gc_hash_read (MHD_gc_hash_handle handle)
-{
-  _MHD_gc_hash_ctx *ctx = handle;
-  const char *digest;
-  {
-    gcry_md_final (ctx->gch);
-    digest = (const char *) gcry_md_read (ctx->gch, 0);
-  }
-
-  return digest;
-}
-
-void
-MHD_gc_hash_close (MHD_gc_hash_handle handle)
-{
-  _MHD_gc_hash_ctx *ctx = handle;
-
-  gcry_md_close (ctx->gch);
-
-  free (ctx);
-}

src/daemon/https/lgl/gc.h

@@ -1,172 +0,0 @@
-/* gc.h --- Header file for implementation agnostic crypto wrapper API.
- * Copyright (C) 2002, 2003, 2004, 2005, 2007  Simon Josefsson
- *
- * This file is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published
- * by the Free Software Foundation; either version 2.1, or (at your
- * option) any later version.
- *
- * This file is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this file; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA.
- *
- */
-
-#ifndef GC_H
-#define GC_H
-
-/* Get size_t. */
-# include <stddef.h>
-
-enum Gc_rc
-{
-  GC_OK = 0,
-  GC_MALLOC_ERROR,
-  GC_INIT_ERROR,
-  GC_RANDOM_ERROR,
-  GC_INVALID_CIPHER,
-  GC_INVALID_HASH,
-  GC_PKCS5_INVALID_ITERATION_COUNT,
-  GC_PKCS5_INVALID_DERIVED_KEY_LENGTH,
-  GC_PKCS5_DERIVED_KEY_TOO_LONG
-};
-typedef enum Gc_rc Gc_rc;
-
-/* Hash types. */
-enum Gc_hash
-{
-  GC_MD4,
-  GC_MD5,
-  GC_SHA1,
-  GC_MD2,
-  GC_RMD160,
-  GC_SHA256,
-  GC_SHA384,
-  GC_SHA512
-};
-typedef enum Gc_hash Gc_hash;
-
-enum Gc_hash_mode
-{
-  GC_HMAC = 1
-};
-typedef enum Gc_hash_mode Gc_hash_mode;
-
-typedef void *MHD_gc_hash_handle;
-
-#define GC_MD2_DIGEST_SIZE 16
-#define GC_MD4_DIGEST_SIZE 16
-#define GC_MD5_DIGEST_SIZE 16
-#define GC_RMD160_DIGEST_SIZE 20
-#define GC_SHA1_DIGEST_SIZE 20
-#define GC_SHA256_DIGEST_SIZE 32
-#define GC_SHA384_DIGEST_SIZE 48
-#define GC_SHA512_DIGEST_SIZE 64
-
-/* Cipher types. */
-enum Gc_cipher
-{
-  GC_AES128,
-  GC_AES192,
-  GC_AES256,
-  GC_3DES,
-  GC_DES,
-  GC_ARCFOUR128,
-  GC_ARCFOUR40,
-  GC_ARCTWO40,
-  GC_CAMELLIA128,
-  GC_CAMELLIA256
-};
-typedef enum Gc_cipher Gc_cipher;
-
-enum Gc_cipher_mode
-{
-  GC_ECB,
-  GC_CBC,
-  GC_STREAM
-};
-typedef enum Gc_cipher_mode Gc_cipher_mode;
-
-typedef void *MHD_gc_cipher_handle;
-
-/* Call before respectively after any other functions. */
-Gc_rc MHD_gc_init (void);
-void MHD_gc_done (void);
-
-/* Memory allocation (avoid). */
-typedef void *(*MHD_gc_malloc_t) (size_t n);
-typedef int (*MHD_gc_secure_check_t) (const void *);
-typedef void *(*MHD_gc_realloc_t) (void *p, size_t n);
-typedef void (*MHD_gc_free_t) (void *);
-/* Randomness. */
-Gc_rc MHD_gc_nonce (char *data, size_t datalen);
-Gc_rc MHD_gc_pseudo_random (char *data, size_t datalen);
-
-/* Ciphers. */
-Gc_rc MHD_gc_cipher_open (Gc_cipher cipher,
-                          Gc_cipher_mode mode,
-                          MHD_gc_cipher_handle * outhandle);
-Gc_rc MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen,
-                            const char *key);
-Gc_rc MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen,
-                           const char *iv);
-Gc_rc MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len,
-                                    char *data);
-Gc_rc MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len,
-                                    char *data);
-Gc_rc MHD_gc_cipher_close (MHD_gc_cipher_handle handle);
-
-/* Hashes. */
-
-Gc_rc MHD_gc_hash_open (Gc_hash hash,
-                        Gc_hash_mode mode, MHD_gc_hash_handle * outhandle);
-Gc_rc MHD_gc_hash_clone (MHD_gc_hash_handle handle,
-                         MHD_gc_hash_handle * outhandle);
-size_t MHD_gc_hash_digest_length (Gc_hash hash);
-void MHD_gc_hash_MHD_hmac_setkey (MHD_gc_hash_handle handle, size_t len,
-                                  const char *key);
-void MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len,
-                        const char *data);
-const char *MHD_gc_hash_read (MHD_gc_hash_handle handle);
-void MHD_gc_hash_close (MHD_gc_hash_handle handle);
-
-/* Compute a hash value over buffer IN of INLEN bytes size using the
- algorithm HASH, placing the result in the pre-allocated buffer OUT.
- The required size of OUT depends on HASH, and is generally
- GC_<HASH>_DIGEST_SIZE.  For example, for GC_MD5 the output buffer
- must be 16 bytes.  The return value is 0 (GC_OK) on success, or
- another Gc_rc error code. */
-Gc_rc MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen,
-                          char *out);
-
-/* One-call interface. */
-Gc_rc MHD_gc_md2 (const void *in, size_t inlen, void *resbuf);
-Gc_rc MHD_gc_md4 (const void *in, size_t inlen, void *resbuf);
-Gc_rc MHD_gc_md5 (const void *in, size_t inlen, void *resbuf);
-Gc_rc MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf);
-Gc_rc MHD_gc_MHD_hmac_md5 (const void *key,
-                           size_t keylen, const void *in, size_t inlen,
-                           char *resbuf);
-Gc_rc MHD_gc_MHD_hmac_sha1 (const void *key, size_t keylen, const void *in,
-                            size_t inlen, char *resbuf);
-
-/* Derive cryptographic keys from a password P of length PLEN, with
- salt S of length SLEN, placing the result in pre-allocated buffer
- DK of length DKLEN.  An iteration count is specified in C, where a
- larger value means this function take more time (typical iteration
- counts are 1000-20000).  This function "stretches" the key to be
- exactly dkLen bytes long.  GC_OK is returned on success, otherwise
- an Gc_rc error code is returned.  */
-Gc_rc MHD_gc_pbkdf2_sha1 (const char *P,
-                          size_t Plen,
-                          const char *S,
-                          size_t Slen, unsigned int c, char *DK,
-                          size_t dkLen);
-
-#endif /* GC_H */

src/daemon/https/minitasn1/Makefile.am

@@ -1,18 +0,0 @@
-AM_CPPFLAGS = \
-  -I$(top_srcdir)/src/include \
-  -I$(top_srcdir)/src/daemon/https/lgl \
-  -I$(top_srcdir)/src/daemon/https/tls
-
-if USE_COVERAGE
-  AM_CFLAGS = -fprofile-arcs -ftest-coverage
-endif
-
-noinst_LTLIBRARIES = libasn1.la
-
-libasn1_la_SOURCES = \
-libtasn1.h \
-mem.h \
-gstr.h \
-int.h \
-parser_aux.h structure.h element.h decoding.c gstr.c \
-parser_aux.c structure.c element.c coding.c

src/daemon/https/minitasn1/README

@@ -1,3 +0,0 @@
-This is just a mirror of the files in the libtasn1's
-lib/ directory.
-

src/daemon/https/minitasn1/coding.c

@@ -1,1211 +0,0 @@
-/*
- *      Copyright (C) 2004, 2006 Free Software Foundation
- *      Copyright (C) 2002  Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-
-/*****************************************************/
-/* File: coding.c                                    */
-/* Description: Functions to create a DER coding of  */
-/*   an ASN1 type.                                   */
-/*****************************************************/
-
-#include <int.h>
-#include "parser_aux.h"
-#include <gstr.h>
-#include "element.h"
-#include <structure.h>
-
-#define MAX_TAG_LEN 16
-
-/******************************************************/
-/* Function : MHD__asn1_error_description_value_not_found */
-/* Description: creates the ErrorDescription string   */
-/* for the ASN1_VALUE_NOT_FOUND error.                */
-/* Parameters:                                        */
-/*   node: node of the tree where the value is NULL.  */
-/*   ErrorDescription: string returned.               */
-/* Return:                                            */
-/******************************************************/
-static void
-MHD__asn1_error_description_value_not_found (node_asn * node,
-                                             char *ErrorDescription)
-{
-
-  if (ErrorDescription == NULL)
-    return;
-
-  Estrcpy (ErrorDescription, ":: value of element '");
-  MHD__asn1_hierarchical_name (node,
-                               ErrorDescription + strlen (ErrorDescription),
-                               MAX_ERROR_DESCRIPTION_SIZE - 40);
-  Estrcat (ErrorDescription, "' not found");
-
-}
-
-/**
- * MHD__asn1_length_der:
- * @len: value to convert.
- * @ans: string returned.
- * @ans_len: number of meaningful bytes of ANS (ans[0]..ans[ans_len-1]).
- *
- * Creates the DER coding for the LEN parameter (only the length).
- * The @ans buffer is pre-allocated and must have room for the output.
- **/
-void
-MHD__asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len)
-{
-  int k;
-  unsigned char temp[SIZEOF_UNSIGNED_LONG_INT];
-
-  if (len < 128)
-    {
-      /* short form */
-      if (ans != NULL)
-        ans[0] = (unsigned char) len;
-      *ans_len = 1;
-    }
-  else
-    {
-      /* Long form */
-      k = 0;
-      while (len)
-        {
-          temp[k++] = len & 0xFF;
-          len = len >> 8;
-        }
-      *ans_len = k + 1;
-      if (ans != NULL)
-        {
-          ans[0] = ((unsigned char) k & 0x7F) + 128;
-          while (k--)
-            ans[*ans_len - 1 - k] = temp[k];
-        }
-    }
-}
-
-/******************************************************/
-/* Function : MHD__asn1_tag_der                           */
-/* Description: creates the DER coding for the CLASS  */
-/* and TAG parameters.                                */
-/* Parameters:                                        */
-/*   class: value to convert.                         */
-/*   tag_value: value to convert.                     */
-/*   ans: string returned.                            */
-/*   ans_len: number of meaningful bytes of ANS       */
-/*            (ans[0]..ans[ans_len-1]).               */
-/* Return:                                            */
-/******************************************************/
-static void
-MHD__asn1_tag_der (unsigned char class, unsigned int tag_value,
-                   unsigned char *ans, int *ans_len)
-{
-  int k;
-  unsigned char temp[SIZEOF_UNSIGNED_INT];
-
-  if (tag_value < 31)
-    {
-      /* short form */
-      ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
-      *ans_len = 1;
-    }
-  else
-    {
-      /* Long form */
-      ans[0] = (class & 0xE0) + 31;
-      k = 0;
-      while (tag_value)
-        {
-          temp[k++] = tag_value & 0x7F;
-          tag_value = tag_value >> 7;
-        }
-      *ans_len = k + 1;
-      while (k--)
-        ans[*ans_len - 1 - k] = temp[k] + 128;
-      ans[*ans_len - 1] -= 128;
-    }
-}
-
-/**
- * MHD__asn1_octet_der:
- * @str: OCTET string.
- * @str_len: STR length (str[0]..str[str_len-1]).
- * @der: string returned.
- * @der_len: number of meaningful bytes of DER (der[0]..der[ans_len-1]).
- *
- * Creates the DER coding for an OCTET type (length included).
- **/
-void
-MHD__asn1_octet_der (const unsigned char *str, int str_len,
-                     unsigned char *der, int *der_len)
-{
-  int len_len;
-
-  if (der == NULL || str_len < 0)
-    return;
-  MHD__asn1_length_der (str_len, der, &len_len);
-  memcpy (der + len_len, str, str_len);
-  *der_len = str_len + len_len;
-}
-
-/******************************************************/
-/* Function : MHD__asn1_time_der                          */
-/* Description: creates the DER coding for a TIME     */
-/* type (length included).                            */
-/* Parameters:                                        */
-/*   str: TIME null-terminated string.                */
-/*   der: string returned.                            */
-/*   der_len: number of meaningful bytes of DER       */
-/*            (der[0]..der[ans_len-1]). Initially it  */
-/*            if must store the lenght of DER.        */
-/* Return:                                            */
-/*   ASN1_MEM_ERROR when DER isn't big enough         */
-/*   ASN1_SUCCESS otherwise                           */
-/******************************************************/
-static MHD__asn1_retCode
-MHD__asn1_time_der (unsigned char *str, unsigned char *der, int *der_len)
-{
-  int len_len;
-  int max_len;
-
-  max_len = *der_len;
-
-  MHD__asn1_length_der (strlen ((const char *) str),
-                        (max_len > 0) ? der : NULL, &len_len);
-
-  if ((len_len + (int) strlen ((const char *) str)) <= max_len)
-    memcpy (der + len_len, str, strlen ((const char *) str));
-  *der_len = len_len + strlen ((const char *) str);
-
-  if ((*der_len) > max_len)
-    return ASN1_MEM_ERROR;
-
-  return ASN1_SUCCESS;
-}
-
-/******************************************************/
-/* Function : MHD__asn1_objectid_der                      */
-/* Description: creates the DER coding for an         */
-/* OBJECT IDENTIFIER  type (length included).         */
-/* Parameters:                                        */
-/*   str: OBJECT IDENTIFIER null-terminated string.   */
-/*   der: string returned.                            */
-/*   der_len: number of meaningful bytes of DER       */
-/*            (der[0]..der[ans_len-1]). Initially it  */
-/*            must store the length of DER.           */
-/* Return:                                            */
-/*   ASN1_MEM_ERROR when DER isn't big enough         */
-/*   ASN1_SUCCESS otherwise                           */
-/******************************************************/
-static MHD__asn1_retCode
-MHD__asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len)
-{
-  int len_len, counter, k, first, max_len;
-  char *temp, *n_end, *n_start;
-  unsigned char bit7;
-  unsigned long val, val1 = 0;
-
-  max_len = *der_len;
-
-  temp = (char *) MHD__asn1_alloca (strlen ((const char *) str) + 2);
-  if (temp == NULL)
-    return ASN1_MEM_ALLOC_ERROR;
-
-  strcpy (temp, (const char *) str);
-  strcat (temp, ".");
-
-  counter = 0;
-  n_start = temp;
-  while ((n_end = strchr (n_start, '.')))
-    {
-      *n_end = 0;
-      val = strtoul (n_start, NULL, 10);
-      counter++;
-
-      if (counter == 1)
-        val1 = val;
-      else if (counter == 2)
-        {
-          if (max_len > 0)
-            der[0] = 40 * val1 + val;
-          *der_len = 1;
-        }
-      else
-        {
-          first = 0;
-          for (k = 4; k >= 0; k--)
-            {
-              bit7 = (val >> (k * 7)) & 0x7F;
-              if (bit7 || first || !k)
-                {
-                  if (k)
-                    bit7 |= 0x80;
-                  if (max_len > (*der_len))
-                    der[*der_len] = bit7;
-                  (*der_len)++;
-                  first = 1;
-                }
-            }
-
-        }
-      n_start = n_end + 1;
-    }
-
-  MHD__asn1_length_der (*der_len, NULL, &len_len);
-  if (max_len >= (*der_len + len_len))
-    {
-      memmove (der + len_len, der, *der_len);
-      MHD__asn1_length_der (*der_len, der, &len_len);
-    }
-  *der_len += len_len;
-
-  MHD__asn1_afree (temp);
-
-  if (max_len < (*der_len))
-    return ASN1_MEM_ERROR;
-
-  return ASN1_SUCCESS;
-}
-
-
-const char MHD_bit_mask[] =
-  { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
-
-/**
- * MHD__asn1_bit_der:
- * @str: BIT string.
- * @bit_len: number of meaningful bits in STR.
- * @der: string returned.
- * @der_len: number of meaningful bytes of DER
- *   (der[0]..der[ans_len-1]).
- *
- * Creates the DER coding for a BIT STRING type (length and pad
- * included).
- **/
-void
-MHD__asn1_bit_der (const unsigned char *str, int bit_len,
-                   unsigned char *der, int *der_len)
-{
-  int len_len, len_byte, len_pad;
-
-  if (der == NULL)
-    return;
-  len_byte = bit_len >> 3;
-  len_pad = 8 - (bit_len & 7);
-  if (len_pad == 8)
-    len_pad = 0;
-  else
-    len_byte++;
-  MHD__asn1_length_der (len_byte + 1, der, &len_len);
-  der[len_len] = len_pad;
-  memcpy (der + len_len + 1, str, len_byte);
-  der[len_len + len_byte] &= MHD_bit_mask[len_pad];
-  *der_len = len_byte + len_len + 1;
-}
-
-
-/******************************************************/
-/* Function : MHD__asn1_complete_explicit_tag             */
-/* Description: add the length coding to the EXPLICIT */
-/* tags.                                              */
-/* Parameters:                                        */
-/*   node: pointer to the tree element.               */
-/*   der: string with the DER coding of the whole tree*/
-/*   counter: number of meaningful bytes of DER       */
-/*            (der[0]..der[*counter-1]).              */
-/*   max_len: size of der vector                      */
-/* Return:                                            */
-/*   ASN1_MEM_ERROR if der vector isn't big enough,   */
-/*   otherwise ASN1_SUCCESS.                          */
-/******************************************************/
-static MHD__asn1_retCode
-MHD__asn1_complete_explicit_tag (node_asn * node, unsigned char *der,
-                                 int *counter, int *max_len)
-{
-  node_asn *p;
-  int is_tag_implicit, len2, len3;
-  unsigned char temp[SIZEOF_UNSIGNED_INT];
-
-  is_tag_implicit = 0;
-
-  if (node->type & CONST_TAG)
-    {
-      p = node->down;
-      /* When there are nested tags we must complete them reverse to
-         the order they were created. This is because completing a tag
-         modifies all data within it, including the incomplete tags
-         which store buffer positions -- [email protected] 2002-09-06
-       */
-      while (p->right)
-        p = p->right;
-      while (p && p != node->down->left)
-        {
-          if (type_field (p->type) == TYPE_TAG)
-            {
-              if (p->type & CONST_EXPLICIT)
-                {
-                  len2 = strtol (p->name, NULL, 10);
-                  MHD__asn1_set_name (p, NULL);
-                  MHD__asn1_length_der (*counter - len2, temp, &len3);
-                  if (len3 <= (*max_len))
-                    {
-                      memmove (der + len2 + len3, der + len2,
-                               *counter - len2);
-                      memcpy (der + len2, temp, len3);
-                    }
-                  *max_len -= len3;
-                  *counter += len3;
-                  is_tag_implicit = 0;
-                }
-              else
-                {               /* CONST_IMPLICIT */
-                  if (!is_tag_implicit)
-                    {
-                      is_tag_implicit = 1;
-                    }
-                }
-            }
-          p = p->left;
-        }
-    }
-
-  if (*max_len < 0)
-    return ASN1_MEM_ERROR;
-
-  return ASN1_SUCCESS;
-}
-
-
-/******************************************************/
-/* Function : MHD__asn1_insert_tag_der                    */
-/* Description: creates the DER coding of tags of one */
-/* NODE.                                              */
-/* Parameters:                                        */
-/*   node: pointer to the tree element.               */
-/*   der: string returned                             */
-/*   counter: number of meaningful bytes of DER       */
-/*            (counter[0]..der[*counter-1]).          */
-/*   max_len: size of der vector                      */
-/* Return:                                            */
-/*   ASN1_GENERIC_ERROR if the type is unknown,       */
-/*   ASN1_MEM_ERROR if der vector isn't big enough,   */
-/*   otherwise ASN1_SUCCESS.                          */
-/******************************************************/
-static MHD__asn1_retCode
-MHD__asn1_insert_tag_der (node_asn * node, unsigned char *der, int *counter,
-                          int *max_len)
-{
-  node_asn *p;
-  int tag_len, is_tag_implicit;
-  unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
-  unsigned long tag_implicit = 0;
-  char tag_der[MAX_TAG_LEN];
-
-  is_tag_implicit = 0;
-
-  if (node->type & CONST_TAG)
-    {
-      p = node->down;
-      while (p)
-        {
-          if (type_field (p->type) == TYPE_TAG)
-            {
-              if (p->type & CONST_APPLICATION)
-                class = ASN1_CLASS_APPLICATION;
-              else if (p->type & CONST_UNIVERSAL)
-                class = ASN1_CLASS_UNIVERSAL;
-              else if (p->type & CONST_PRIVATE)
-                class = ASN1_CLASS_PRIVATE;
-              else
-                class = ASN1_CLASS_CONTEXT_SPECIFIC;
-
-              if (p->type & CONST_EXPLICIT)
-                {
-                  if (is_tag_implicit)
-                    MHD__asn1_tag_der (class_implicit, tag_implicit,
-                                       (unsigned char *) tag_der, &tag_len);
-                  else
-                    MHD__asn1_tag_der (class | ASN1_CLASS_STRUCTURED,
-                                       strtoul ((const char *) p->value, NULL,
-                                                10),
-                                       (unsigned char *) tag_der, &tag_len);
-
-                  *max_len -= tag_len;
-                  if (*max_len >= 0)
-                    memcpy (der + *counter, tag_der, tag_len);
-                  *counter += tag_len;
-
-                  MHD__asn1_ltostr (*counter, (char *) temp);
-                  MHD__asn1_set_name (p, (const char *) temp);
-
-                  is_tag_implicit = 0;
-                }
-              else
-                {               /* CONST_IMPLICIT */
-                  if (!is_tag_implicit)
-                    {
-                      if ((type_field (node->type) == TYPE_SEQUENCE) ||
-                          (type_field (node->type) == TYPE_SEQUENCE_OF) ||
-                          (type_field (node->type) == TYPE_SET) ||
-                          (type_field (node->type) == TYPE_SET_OF))
-                        class |= ASN1_CLASS_STRUCTURED;
-                      class_implicit = class;
-                      tag_implicit =
-                        strtoul ((const char *) p->value, NULL, 10);
-                      is_tag_implicit = 1;
-                    }
-                }
-            }
-          p = p->right;
-        }
-    }
-
-  if (is_tag_implicit)
-    {
-      MHD__asn1_tag_der (class_implicit, tag_implicit,
-                         (unsigned char *) tag_der, &tag_len);
-    }
-  else
-    {
-      switch (type_field (node->type))
-        {
-        case TYPE_NULL:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_NULL,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_BOOLEAN:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BOOLEAN,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_INTEGER:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_INTEGER,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_ENUMERATED:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_ENUMERATED,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_OBJECT_ID:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OBJECT_ID,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_TIME:
-          if (node->type & CONST_UTC)
-            {
-              MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_UTCTime,
-                                 (unsigned char *) tag_der, &tag_len);
-            }
-          else
-            MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALIZEDTime,
-                               (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_OCTET_STRING:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OCTET_STRING,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_GENERALSTRING:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALSTRING,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_BIT_STRING:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BIT_STRING,
-                             (unsigned char *) tag_der, &tag_len);
-          break;
-        case TYPE_SEQUENCE:
-        case TYPE_SEQUENCE_OF:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
-                             ASN1_TAG_SEQUENCE, (unsigned char *) tag_der,
-                             &tag_len);
-          break;
-        case TYPE_SET:
-        case TYPE_SET_OF:
-          MHD__asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
-                             ASN1_TAG_SET, (unsigned char *) tag_der,
-                             &tag_len);
-          break;
-        case TYPE_TAG:
-          tag_len = 0;
-          break;
-        case TYPE_CHOICE:
-          tag_len = 0;
-          break;
-        case TYPE_ANY:
-          tag_len = 0;
-          break;
-        default:
-          return ASN1_GENERIC_ERROR;
-        }
-    }
-
-  *max_len -= tag_len;
-  if (*max_len >= 0)
-    memcpy (der + *counter, tag_der, tag_len);
-  *counter += tag_len;
-
-  if (*max_len < 0)
-    return ASN1_MEM_ERROR;
-
-  return ASN1_SUCCESS;
-}
-
-/******************************************************/
-/* Function : MHD__asn1_ordering_set                      */
-/* Description: puts the elements of a SET type in    */
-/* the correct order according to DER rules.          */
-/* Parameters:                                        */
-/*   der: string with the DER coding.                 */
-/*   node: pointer to the SET element.                */
-/* Return:                                            */
-/******************************************************/
-static void
-MHD__asn1_ordering_set (unsigned char *der, int der_len, node_asn * node)
-{
-  struct vet
-  {
-    int end;
-    uint32_t value;
-    struct vet *next, *prev;
-  };
-
-  int counter, len, len2;
-  struct vet *first, *last, *p_vet, *p2_vet;
-  node_asn *p;
-  unsigned char class, *temp;
-  unsigned long tag;
-
-  counter = 0;
-
-  if (type_field (node->type) != TYPE_SET)
-    return;
-
-  p = node->down;
-  while ((p != NULL) &&
-         ((type_field (p->type) == TYPE_TAG)
-          || (type_field (p->type) == TYPE_SIZE)))
-    p = p->right;
-
-  if ((p == NULL) || (p->right == NULL))
-    return;
-
-  first = last = NULL;
-  while (p)
-    {
-      p_vet = (struct vet *) MHD__asn1_alloca (sizeof (struct vet));
-      if (p_vet == NULL)
-        return;
-
-      p_vet->next = NULL;
-      p_vet->prev = last;
-      if (first == NULL)
-        first = p_vet;
-      else
-        last->next = p_vet;
-      last = p_vet;
-
-      /* tag value calculation */
-      if (MHD__asn1_get_tag_der
-          (der + counter, der_len - counter, &class, &len2,
-           &tag) != ASN1_SUCCESS)
-        return;
-      p_vet->value = (class << 24) | tag;
-      counter += len2;
-
-      /* extraction and length */
-      len2 =
-        MHD__asn1_get_length_der (der + counter, der_len - counter, &len);
-      if (len2 < 0)
-        return;
-      counter += len + len2;
-
-      p_vet->end = counter;
-      p = p->right;
-    }
-
-  p_vet = first;
-
-  while (p_vet)
-    {
-      p2_vet = p_vet->next;
-      counter = 0;
-      while (p2_vet)
-        {
-          if (p_vet->value > p2_vet->value)
-            {
-              /* change position */
-              temp =
-                (unsigned char *) MHD__asn1_alloca (p_vet->end - counter);
-              if (temp == NULL)
-                return;
-
-              memcpy (temp, der + counter, p_vet->end - counter);
-              memcpy (der + counter, der + p_vet->end,
-                      p2_vet->end - p_vet->end);
-              memcpy (der + counter + p2_vet->end - p_vet->end, temp,
-                      p_vet->end - counter);
-              MHD__asn1_afree (temp);
-
-              tag = p_vet->value;
-              p_vet->value = p2_vet->value;
-              p2_vet->value = tag;
-
-              p_vet->end = counter + (p2_vet->end - p_vet->end);
-            }
-          counter = p_vet->end;
-
-          p2_vet = p2_vet->next;
-          p_vet = p_vet->next;
-        }
-
-      if (p_vet != first)
-        p_vet->prev->next = NULL;
-      else
-        first = NULL;
-      MHD__asn1_afree (p_vet);
-      p_vet = first;
-    }
-}
-
-/******************************************************/
-/* Function : MHD__asn1_ordering_set_of                   */
-/* Description: puts the elements of a SET OF type in */
-/* the correct order according to DER rules.          */
-/* Parameters:                                        */
-/*   der: string with the DER coding.                 */
-/*   node: pointer to the SET OF element.             */
-/* Return:                                            */
-/******************************************************/
-static void
-MHD__asn1_ordering_set_of (unsigned char *der, int der_len, node_asn * node)
-{
-  struct vet
-  {
-    int end;
-    struct vet *next, *prev;
-  };
-
-  int counter, len, len2, change;
-  struct vet *first, *last, *p_vet, *p2_vet;
-  node_asn *p;
-  unsigned char *temp, class;
-  unsigned long k, max;
-
-  counter = 0;
-
-  if (type_field (node->type) != TYPE_SET_OF)
-    return;
-
-  p = node->down;
-  while ((type_field (p->type) == TYPE_TAG)
-         || (type_field (p->type) == TYPE_SIZE))
-    p = p->right;
-  p = p->right;
-
-  if ((p == NULL) || (p->right == NULL))
-    return;
-
-  first = last = NULL;
-  while (p)
-    {
-      p_vet = (struct vet *) MHD__asn1_alloca (sizeof (struct vet));
-      if (p_vet == NULL)
-        return;
-
-      p_vet->next = NULL;
-      p_vet->prev = last;
-      if (first == NULL)
-        first = p_vet;
-      else
-        last->next = p_vet;
-      last = p_vet;
-
-      /* extraction of tag and length */
-      if (der_len - counter > 0)
-        {
-
-          if (MHD__asn1_get_tag_der
-              (der + counter, der_len - counter, &class, &len,
-               NULL) != ASN1_SUCCESS)
-            return;
-          counter += len;
-
-          len2 =
-            MHD__asn1_get_length_der (der + counter, der_len - counter, &len);
-          if (len2 < 0)
-            return;
-          counter += len + len2;
-        }
-
-      p_vet->end = counter;
-      p = p->right;
-    }
-
-  p_vet = first;
-
-  while (p_vet)
-    {
-      p2_vet = p_vet->next;
-      counter = 0;
-      while (p2_vet)
-        {
-          if ((p_vet->end - counter) > (p2_vet->end - p_vet->end))
-            max = p_vet->end - counter;
-          else
-            max = p2_vet->end - p_vet->end;
-
-          change = -1;
-          for (k = 0; k < max; k++)
-            if (der[counter + k] > der[p_vet->end + k])
-              {
-                change = 1;
-                break;
-              }
-            else if (der[counter + k] < der[p_vet->end + k])
-              {
-                change = 0;
-                break;
-              }
-
-          if ((change == -1)
-              && ((p_vet->end - counter) > (p2_vet->end - p_vet->end)))
-            change = 1;
-
-          if (change == 1)
-            {
-              /* change position */
-              temp =
-                (unsigned char *) MHD__asn1_alloca (p_vet->end - counter);
-              if (temp == NULL)
-                return;
-
-              memcpy (temp, der + counter, (p_vet->end) - counter);
-              memcpy (der + counter, der + (p_vet->end),
-                      (p2_vet->end) - (p_vet->end));
-              memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp,
-                      (p_vet->end) - counter);
-              MHD__asn1_afree (temp);
-
-              p_vet->end = counter + (p2_vet->end - p_vet->end);
-            }
-          counter = p_vet->end;
-
-          p2_vet = p2_vet->next;
-          p_vet = p_vet->next;
-        }
-
-      if (p_vet != first)
-        p_vet->prev->next = NULL;
-      else
-        first = NULL;
-      MHD__asn1_afree (p_vet);
-      p_vet = first;
-    }
-}
-
-/**
-  * MHD__asn1_der_coding - Creates the DER encoding for the NAME structure
-  * @element: pointer to an ASN1 element
-  * @name: the name of the structure you want to encode (it must be
-  *   inside *POINTER).
-  * @ider: vector that will contain the DER encoding. DER must be a
-  *   pointer to memory cells already allocated.
-  * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy
-  *   holds the sizeof of der vector.
-  * @errorDescription : return the error description or an empty
-  *   string if success.
-  *
-  * Creates the DER encoding for the NAME structure (inside *POINTER
-  * structure).
-  *
-  * Returns:
-  *
-  *   ASN1_SUCCESS: DER encoding OK.
-  *
-  *   ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
-  *
-  *   ASN1_VALUE_NOT_FOUND: There is an element without a value.
-  *
-  *   ASN1_MEM_ERROR: @ider vector isn't big enough. Also in this case
-  *     LEN will contain the length needed.
-  *
-  **/
-MHD__asn1_retCode
-MHD__asn1_der_coding (ASN1_TYPE element, const char *name, void *ider,
-                      int *len, char *ErrorDescription)
-{
-  node_asn *node, *p, *p2;
-  char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
-  int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old;
-  MHD__asn1_retCode err;
-  unsigned char *der = ider;
-
-  node = MHD__asn1_find_node (element, name);
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  /* Node is now a locally allocated variable.
-   * That is because in some point we modify the
-   * structure, and I don't know why! --nmav
-   */
-  node = MHD__asn1_copy_structure3 (node);
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  max_len = *len;
-
-  counter = 0;
-  move = DOWN;
-  p = node;
-  while (1)
-    {
-
-      counter_old = counter;
-      max_len_old = max_len;
-      if (move != UP)
-        {
-          err = MHD__asn1_insert_tag_der (p, der, &counter, &max_len);
-          if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
-            goto error;
-        }
-      switch (type_field (p->type))
-        {
-        case TYPE_NULL:
-          max_len--;
-          if (max_len >= 0)
-            der[counter] = 0;
-          counter++;
-          move = RIGHT;
-          break;
-        case TYPE_BOOLEAN:
-          if ((p->type & CONST_DEFAULT) && (p->value == NULL))
-            {
-              counter = counter_old;
-              max_len = max_len_old;
-            }
-          else
-            {
-              if (p->value == NULL)
-                {
-                  MHD__asn1_error_description_value_not_found (p,
-                                                               ErrorDescription);
-                  err = ASN1_VALUE_NOT_FOUND;
-                  goto error;
-                }
-              max_len -= 2;
-              if (max_len >= 0)
-                {
-                  der[counter++] = 1;
-                  if (p->value[0] == 'F')
-                    der[counter++] = 0;
-                  else
-                    der[counter++] = 0xFF;
-                }
-              else
-                counter += 2;
-            }
-          move = RIGHT;
-          break;
-        case TYPE_INTEGER:
-        case TYPE_ENUMERATED:
-          if ((p->type & CONST_DEFAULT) && (p->value == NULL))
-            {
-              counter = counter_old;
-              max_len = max_len_old;
-            }
-          else
-            {
-              if (p->value == NULL)
-                {
-                  MHD__asn1_error_description_value_not_found (p,
-                                                               ErrorDescription);
-                  err = ASN1_VALUE_NOT_FOUND;
-                  goto error;
-                }
-              len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3);
-              if (len2 < 0)
-                {
-                  err = ASN1_DER_ERROR;
-                  goto error;
-                }
-              max_len -= len2 + len3;
-              if (max_len >= 0)
-                memcpy (der + counter, p->value, len3 + len2);
-              counter += len3 + len2;
-            }
-          move = RIGHT;
-          break;
-        case TYPE_OBJECT_ID:
-          if ((p->type & CONST_DEFAULT) && (p->value == NULL))
-            {
-              counter = counter_old;
-              max_len = max_len_old;
-            }
-          else
-            {
-              if (p->value == NULL)
-                {
-                  MHD__asn1_error_description_value_not_found (p,
-                                                               ErrorDescription);
-                  err = ASN1_VALUE_NOT_FOUND;
-                  goto error;
-                }
-              len2 = max_len;
-              err = MHD__asn1_objectid_der (p->value, der + counter, &len2);
-              if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
-                goto error;
-
-              max_len -= len2;
-              counter += len2;
-            }
-          move = RIGHT;
-          break;
-        case TYPE_TIME:
-          if (p->value == NULL)
-            {
-              MHD__asn1_error_description_value_not_found (p,
-                                                           ErrorDescription);
-              err = ASN1_VALUE_NOT_FOUND;
-              goto error;
-            }
-          len2 = max_len;
-          err = MHD__asn1_time_der (p->value, der + counter, &len2);
-          if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
-            goto error;
-
-          max_len -= len2;
-          counter += len2;
-          move = RIGHT;
-          break;
-        case TYPE_OCTET_STRING:
-          if (p->value == NULL)
-            {
-              MHD__asn1_error_description_value_not_found (p,
-                                                           ErrorDescription);
-              err = ASN1_VALUE_NOT_FOUND;
-              goto error;
-            }
-          len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3);
-          if (len2 < 0)
-            {
-              err = ASN1_DER_ERROR;
-              goto error;
-            }
-          max_len -= len2 + len3;
-          if (max_len >= 0)
-            memcpy (der + counter, p->value, len3 + len2);
-          counter += len3 + len2;
-          move = RIGHT;
-          break;
-        case TYPE_GENERALSTRING:
-          if (p->value == NULL)
-            {
-              MHD__asn1_error_description_value_not_found (p,
-                                                           ErrorDescription);
-              err = ASN1_VALUE_NOT_FOUND;
-              goto error;
-            }
-          len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3);
-          if (len2 < 0)
-            {
-              err = ASN1_DER_ERROR;
-              goto error;
-            }
-          max_len -= len2 + len3;
-          if (max_len >= 0)
-            memcpy (der + counter, p->value, len3 + len2);
-          counter += len3 + len2;
-          move = RIGHT;
-          break;
-        case TYPE_BIT_STRING:
-          if (p->value == NULL)
-            {
-              MHD__asn1_error_description_value_not_found (p,
-                                                           ErrorDescription);
-              err = ASN1_VALUE_NOT_FOUND;
-              goto error;
-            }
-          len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3);
-          if (len2 < 0)
-            {
-              err = ASN1_DER_ERROR;
-              goto error;
-            }
-          max_len -= len2 + len3;
-          if (max_len >= 0)
-            memcpy (der + counter, p->value, len3 + len2);
-          counter += len3 + len2;
-          move = RIGHT;
-          break;
-        case TYPE_SEQUENCE:
-        case TYPE_SET:
-          if (move != UP)
-            {
-              MHD__asn1_ltostr (counter, temp);
-              tlen = strlen (temp);
-              if (tlen > 0)
-                MHD__asn1_set_value (p, temp, tlen + 1);
-              if (p->down == NULL)
-                {
-                  move = UP;
-                  continue;
-                }
-              else
-                {
-                  p2 = p->down;
-                  while (p2 && (type_field (p2->type) == TYPE_TAG))
-                    p2 = p2->right;
-                  if (p2)
-                    {
-                      p = p2;
-                      move = RIGHT;
-                      continue;
-                    }
-                  move = UP;
-                  continue;
-                }
-            }
-          else
-            {                   /* move==UP */
-              len2 = strtol ((const char *) p->value, NULL, 10);
-              MHD__asn1_set_value (p, NULL, 0);
-              if ((type_field (p->type) == TYPE_SET) && (max_len >= 0))
-                MHD__asn1_ordering_set (der + len2, max_len - len2, p);
-              MHD__asn1_length_der (counter - len2, (unsigned char *) temp,
-                                    &len3);
-              max_len -= len3;
-              if (max_len >= 0)
-                {
-                  memmove (der + len2 + len3, der + len2, counter - len2);
-                  memcpy (der + len2, temp, len3);
-                }
-              counter += len3;
-              move = RIGHT;
-            }
-          break;
-        case TYPE_SEQUENCE_OF:
-        case TYPE_SET_OF:
-          if (move != UP)
-            {
-              MHD__asn1_ltostr (counter, temp);
-              tlen = strlen (temp);
-
-              if (tlen > 0)
-                MHD__asn1_set_value (p, temp, tlen + 1);
-              p = p->down;
-              while ((type_field (p->type) == TYPE_TAG)
-                     || (type_field (p->type) == TYPE_SIZE))
-                p = p->right;
-              if (p->right)
-                {
-                  p = p->right;
-                  move = RIGHT;
-                  continue;
-                }
-              else
-                p = MHD__asn1_find_up (p);
-              move = UP;
-            }
-          if (move == UP)
-            {
-              len2 = strtol ((const char *) p->value, NULL, 10);
-              MHD__asn1_set_value (p, NULL, 0);
-              if ((type_field (p->type) == TYPE_SET_OF)
-                  && (max_len - len2 > 0))
-                {
-                  MHD__asn1_ordering_set_of (der + len2, max_len - len2, p);
-                }
-              MHD__asn1_length_der (counter - len2, (unsigned char *) temp,
-                                    &len3);
-              max_len -= len3;
-              if (max_len >= 0)
-                {
-                  memmove (der + len2 + len3, der + len2, counter - len2);
-                  memcpy (der + len2, temp, len3);
-                }
-              counter += len3;
-              move = RIGHT;
-            }
-          break;
-        case TYPE_ANY:
-          if (p->value == NULL)
-            {
-              MHD__asn1_error_description_value_not_found (p,
-                                                           ErrorDescription);
-              err = ASN1_VALUE_NOT_FOUND;
-              goto error;
-            }
-          len2 = MHD__asn1_get_length_der (p->value, p->value_len, &len3);
-          if (len2 < 0)
-            {
-              err = ASN1_DER_ERROR;
-              goto error;
-            }
-          max_len -= len2;
-          if (max_len >= 0)
-            memcpy (der + counter, p->value + len3, len2);
-          counter += len2;
-          move = RIGHT;
-          break;
-        default:
-          move = (move == UP) ? RIGHT : DOWN;
-          break;
-        }
-
-      if ((move != DOWN) && (counter != counter_old))
-        {
-          err = MHD__asn1_complete_explicit_tag (p, der, &counter, &max_len);
-          if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
-            goto error;
-        }
-
-      if (p == node && move != DOWN)
-        break;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-      if (move == RIGHT)
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-  *len = counter;
-
-  if (max_len < 0)
-    {
-      err = ASN1_MEM_ERROR;
-      goto error;
-    }
-
-  err = ASN1_SUCCESS;
-
-error:
-  MHD__asn1_delete_structure (&node);
-  return err;
-}

src/daemon/https/minitasn1/decoding.c

@@ -1,1673 +0,0 @@
-/*
- *      Copyright (C) 2004, 2006 Free Software Foundation
- *      Copyright (C) 2002 Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-
-/*****************************************************/
-/* File: decoding.c                                  */
-/* Description: Functions to manage DER decoding     */
-/*****************************************************/
-
-#include <int.h>
-#include "parser_aux.h"
-#include <gstr.h>
-#include "structure.h"
-#include "element.h"
-
-
-static void
-MHD__asn1_error_description_tag_error (node_asn * node,
-                                       char *ErrorDescription)
-{
-
-  Estrcpy (ErrorDescription, ":: tag error near element '");
-  MHD__asn1_hierarchical_name (node,
-                               ErrorDescription + strlen (ErrorDescription),
-                               MAX_ERROR_DESCRIPTION_SIZE - 40);
-  Estrcat (ErrorDescription, "'");
-
-}
-
-/**
- * MHD__asn1_get_length_der:
- * @der: DER data to decode.
- * @der_len: Length of DER data to decode.
- * @len: Output variable containing the length of the DER length field.
- *
- * Extract a length field from DER data.
- *
- * Return value: Return the decoded length value, or -1 on indefinite
- *   length, or -2 when the value was too big.
- **/
-signed long
-MHD__asn1_get_length_der (const unsigned char *der, int der_len, int *len)
-{
-  unsigned long ans;
-  int k, punt;
-
-  *len = 0;
-  if (der_len <= 0)
-    return 0;
-
-  if (!(der[0] & 128))
-    {
-      /* short form */
-      *len = 1;
-      return der[0];
-    }
-  else
-    {
-      /* Long form */
-      k = der[0] & 0x7F;
-      punt = 1;
-      if (k)
-        {                       /* definite length method */
-          ans = 0;
-          while (punt <= k && punt < der_len)
-            {
-              unsigned long last = ans;
-
-              ans = ans * 256 + der[punt++];
-              if (ans < last)
-                /* we wrapped around, no bignum support... */
-                return -2;
-            }
-        }
-      else
-        {                       /* indefinite length method */
-          ans = -1;
-        }
-
-      *len = punt;
-      return ans;
-    }
-}
-
-
-
-
-/**
- * MHD__asn1_get_tag_der:
- * @der: DER data to decode.
- * @der_len: Length of DER data to decode.
- * @cls: Output variable containing decoded class.
- * @len: Output variable containing the length of the DER TAG data.
- * @tag: Output variable containing the decoded tag.
- *
- * Decode the class and TAG from DER code.
- *
- * Return value: Returns ASN1_SUCCESS on success, or an error.
- **/
-int
-MHD__asn1_get_tag_der (const unsigned char *der, int der_len,
-                       unsigned char *cls, int *len, unsigned long *tag)
-{
-  int punt, ris;
-
-  if (der == NULL || der_len <= 0 || len == NULL)
-    return ASN1_DER_ERROR;
-
-  *cls = der[0] & 0xE0;
-  if ((der[0] & 0x1F) != 0x1F)
-    {
-      /* short form */
-      *len = 1;
-      ris = der[0] & 0x1F;
-    }
-  else
-    {
-      /* Long form */
-      punt = 1;
-      ris = 0;
-      while (punt <= der_len && der[punt] & 128)
-        {
-          int last = ris;
-          ris = ris * 128 + (der[punt++] & 0x7F);
-          if (ris < last)
-            /* wrapper around, and no bignums... */
-            return ASN1_DER_ERROR;
-        }
-      if (punt >= der_len)
-        return ASN1_DER_ERROR;
-      {
-        int last = ris;
-        ris = ris * 128 + (der[punt++] & 0x7F);
-        if (ris < last)
-          /* wrapper around, and no bignums... */
-          return ASN1_DER_ERROR;
-      }
-      *len = punt;
-    }
-  if (tag)
-    *tag = ris;
-  return ASN1_SUCCESS;
-}
-
-
-
-
-/**
- * MHD__asn1_get_octet_der:
- * @der: DER data to decode containing the OCTET SEQUENCE.
- * @der_len: Length of DER data to decode.
- * @ret_len: Output variable containing the length of the DER data.
- * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in.
- * @str_size: Length of pre-allocated output buffer.
- * @str_len: Output variable containing the length of the OCTET SEQUENCE.
- *
- * Extract an OCTET SEQUENCE from DER data.
- *
- * Return value: Returns ASN1_SUCCESS on success, or an error.
- **/
-int
-MHD__asn1_get_octet_der (const unsigned char *der, int der_len,
-                         int *ret_len, unsigned char *str, int str_size,
-                         int *str_len)
-{
-  int len_len;
-
-  if (der_len <= 0)
-    return ASN1_GENERIC_ERROR;
-
-  /* if(str==NULL) return ASN1_SUCCESS; */
-  *str_len = MHD__asn1_get_length_der (der, der_len, &len_len);
-
-  if (*str_len < 0)
-    return ASN1_DER_ERROR;
-
-  *ret_len = *str_len + len_len;
-  if (str_size >= *str_len)
-    memcpy (str, der + len_len, *str_len);
-  else
-    {
-      return ASN1_MEM_ERROR;
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-
-/* Returns ASN1_SUCCESS on success or an error code on error.
- */
-static int
-MHD__asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len,
-                        char *str, int str_size)
-{
-  int len_len, str_len;
-
-  if (der_len <= 0 || str == NULL)
-    return ASN1_DER_ERROR;
-  str_len = MHD__asn1_get_length_der (der, der_len, &len_len);
-  if (str_len < 0 || str_size < str_len)
-    return ASN1_DER_ERROR;
-  memcpy (str, der + len_len, str_len);
-  str[str_len] = 0;
-  *ret_len = str_len + len_len;
-
-  return ASN1_SUCCESS;
-}
-
-
-
-static void
-MHD__asn1_get_objectid_der (const unsigned char *der, int der_len,
-                            int *ret_len, char *str, int str_size)
-{
-  int len_len, len, k;
-  char temp[20];
-  unsigned long val, val1;
-
-  *ret_len = 0;
-  if (str && str_size > 0)
-    str[0] = 0;                 /* no oid */
-
-  if (str == NULL || der_len <= 0)
-    return;
-  len = MHD__asn1_get_length_der (der, der_len, &len_len);
-
-  if (len < 0 || len > der_len || len_len > der_len)
-    return;
-
-  val1 = der[len_len] / 40;
-  val = der[len_len] - val1 * 40;
-
-  MHD__asn1_str_cpy (str, str_size, MHD__asn1_ltostr (val1, temp));
-  MHD__asn1_str_cat (str, str_size, ".");
-  MHD__asn1_str_cat (str, str_size, MHD__asn1_ltostr (val, temp));
-
-  val = 0;
-  for (k = 1; k < len; k++)
-    {
-      val = val << 7;
-      val |= der[len_len + k] & 0x7F;
-      if (!(der[len_len + k] & 0x80))
-        {
-          MHD__asn1_str_cat (str, str_size, ".");
-          MHD__asn1_str_cat (str, str_size, MHD__asn1_ltostr (val, temp));
-          val = 0;
-        }
-    }
-  *ret_len = len + len_len;
-}
-
-
-
-
-/**
- * MHD__asn1_get_bit_der:
- * @der: DER data to decode containing the BIT SEQUENCE.
- * @der_len: Length of DER data to decode.
- * @ret_len: Output variable containing the length of the DER data.
- * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in.
- * @str_size: Length of pre-allocated output buffer.
- * @bit_len: Output variable containing the size of the BIT SEQUENCE.
- *
- * Extract a BIT SEQUENCE from DER data.
- *
- * Return value: Return ASN1_SUCCESS on success, or an error.
- **/
-int
-MHD__asn1_get_bit_der (const unsigned char *der, int der_len,
-                       int *ret_len, unsigned char *str, int str_size,
-                       int *bit_len)
-{
-  int len_len, len_byte;
-
-  if (der_len <= 0)
-    return ASN1_GENERIC_ERROR;
-  len_byte = MHD__asn1_get_length_der (der, der_len, &len_len) - 1;
-  if (len_byte < 0)
-    return ASN1_DER_ERROR;
-
-  *ret_len = len_byte + len_len + 1;
-  *bit_len = len_byte * 8 - der[len_len];
-
-  if (str_size >= len_byte)
-    memcpy (str, der + len_len + 1, len_byte);
-  else
-    {
-      return ASN1_MEM_ERROR;
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-
-
-static int
-MHD__asn1_extract_tag_der (node_asn * node, const unsigned char *der,
-                           int der_len, int *ret_len)
-{
-  node_asn *p;
-  int counter, len2, len3, is_tag_implicit;
-  unsigned long tag, tag_implicit = 0;
-  unsigned char class, class2, class_implicit = 0;
-
-  if (der_len <= 0)
-    return ASN1_GENERIC_ERROR;
-
-  counter = is_tag_implicit = 0;
-
-  if (node->type & CONST_TAG)
-    {
-      p = node->down;
-      while (p)
-        {
-          if (type_field (p->type) == TYPE_TAG)
-            {
-              if (p->type & CONST_APPLICATION)
-                class2 = ASN1_CLASS_APPLICATION;
-              else if (p->type & CONST_UNIVERSAL)
-                class2 = ASN1_CLASS_UNIVERSAL;
-              else if (p->type & CONST_PRIVATE)
-                class2 = ASN1_CLASS_PRIVATE;
-              else
-                class2 = ASN1_CLASS_CONTEXT_SPECIFIC;
-
-              if (p->type & CONST_EXPLICIT)
-                {
-                  if (MHD__asn1_get_tag_der
-                      (der + counter, der_len - counter, &class, &len2,
-                       &tag) != ASN1_SUCCESS)
-                    return ASN1_DER_ERROR;
-                  if (counter + len2 > der_len)
-                    return ASN1_DER_ERROR;
-                  counter += len2;
-                  len3 =
-                    MHD__asn1_get_length_der (der + counter,
-                                              der_len - counter, &len2);
-                  if (len3 < 0)
-                    return ASN1_DER_ERROR;
-                  counter += len2;
-                  if (!is_tag_implicit)
-                    {
-                      if ((class != (class2 | ASN1_CLASS_STRUCTURED)) ||
-                          (tag != strtoul ((char *) p->value, NULL, 10)))
-                        return ASN1_TAG_ERROR;
-                    }
-                  else
-                    {           /* ASN1_TAG_IMPLICIT */
-                      if ((class != class_implicit) || (tag != tag_implicit))
-                        return ASN1_TAG_ERROR;
-                    }
-
-                  is_tag_implicit = 0;
-                }
-              else
-                {               /* ASN1_TAG_IMPLICIT */
-                  if (!is_tag_implicit)
-                    {
-                      if ((type_field (node->type) == TYPE_SEQUENCE) ||
-                          (type_field (node->type) == TYPE_SEQUENCE_OF) ||
-                          (type_field (node->type) == TYPE_SET) ||
-                          (type_field (node->type) == TYPE_SET_OF))
-                        class2 |= ASN1_CLASS_STRUCTURED;
-                      class_implicit = class2;
-                      tag_implicit = strtoul ((char *) p->value, NULL, 10);
-                      is_tag_implicit = 1;
-                    }
-                }
-            }
-          p = p->right;
-        }
-    }
-
-  if (is_tag_implicit)
-    {
-      if (MHD__asn1_get_tag_der
-          (der + counter, der_len - counter, &class, &len2,
-           &tag) != ASN1_SUCCESS)
-        return ASN1_DER_ERROR;
-      if (counter + len2 > der_len)
-        return ASN1_DER_ERROR;
-
-      if ((class != class_implicit) || (tag != tag_implicit))
-        {
-          if (type_field (node->type) == TYPE_OCTET_STRING)
-            {
-              class_implicit |= ASN1_CLASS_STRUCTURED;
-              if ((class != class_implicit) || (tag != tag_implicit))
-                return ASN1_TAG_ERROR;
-            }
-          else
-            return ASN1_TAG_ERROR;
-        }
-    }
-  else
-    {
-      if (type_field (node->type) == TYPE_TAG)
-        {
-          counter = 0;
-          *ret_len = counter;
-          return ASN1_SUCCESS;
-        }
-
-      if (MHD__asn1_get_tag_der
-          (der + counter, der_len - counter, &class, &len2,
-           &tag) != ASN1_SUCCESS)
-        return ASN1_DER_ERROR;
-      if (counter + len2 > der_len)
-        return ASN1_DER_ERROR;
-
-      switch (type_field (node->type))
-        {
-        case TYPE_NULL:
-          if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_NULL))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_BOOLEAN:
-          if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BOOLEAN))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_INTEGER:
-          if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_INTEGER))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_ENUMERATED:
-          if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_ENUMERATED))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_OBJECT_ID:
-          if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_OBJECT_ID))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_TIME:
-          if (node->type & CONST_UTC)
-            {
-              if ((class != ASN1_CLASS_UNIVERSAL)
-                  || (tag != ASN1_TAG_UTCTime))
-                return ASN1_DER_ERROR;
-            }
-          else
-            {
-              if ((class != ASN1_CLASS_UNIVERSAL)
-                  || (tag != ASN1_TAG_GENERALIZEDTime))
-                return ASN1_DER_ERROR;
-            }
-          break;
-        case TYPE_OCTET_STRING:
-          if (((class != ASN1_CLASS_UNIVERSAL)
-               && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)))
-              || (tag != ASN1_TAG_OCTET_STRING))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_GENERALSTRING:
-          if ((class != ASN1_CLASS_UNIVERSAL)
-              || (tag != ASN1_TAG_GENERALSTRING))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_BIT_STRING:
-          if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BIT_STRING))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_SEQUENCE:
-        case TYPE_SEQUENCE_OF:
-          if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))
-              || (tag != ASN1_TAG_SEQUENCE))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_SET:
-        case TYPE_SET_OF:
-          if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))
-              || (tag != ASN1_TAG_SET))
-            return ASN1_DER_ERROR;
-          break;
-        case TYPE_ANY:
-          counter -= len2;
-          break;
-        default:
-          return ASN1_DER_ERROR;
-          break;
-        }
-    }
-
-  counter += len2;
-  *ret_len = counter;
-  return ASN1_SUCCESS;
-}
-
-
-static int
-MHD__asn1_delete_not_used (node_asn * node)
-{
-  node_asn *p, *p2;
-
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  p = node;
-  while (p)
-    {
-      if (p->type & CONST_NOT_USED)
-        {
-          p2 = NULL;
-          if (p != node)
-            {
-              p2 = MHD__asn1_find_left (p);
-              if (!p2)
-                p2 = MHD__asn1_find_up (p);
-            }
-          MHD__asn1_delete_structure (&p);
-          p = p2;
-        }
-
-      if (!p)
-        break;                  /* reach node */
-
-      if (p->down)
-        {
-          p = p->down;
-        }
-      else
-        {
-          if (p == node)
-            p = NULL;
-          else if (p->right)
-            p = p->right;
-          else
-            {
-              while (1)
-                {
-                  p = MHD__asn1_find_up (p);
-                  if (p == node)
-                    {
-                      p = NULL;
-                      break;
-                    }
-                  if (p->right)
-                    {
-                      p = p->right;
-                      break;
-                    }
-                }
-            }
-        }
-    }
-  return ASN1_SUCCESS;
-}
-
-
-static MHD__asn1_retCode
-MHD__asn1_get_octet_string (const unsigned char *der, node_asn * node,
-                            int *len)
-{
-  int len2, len3, counter, counter2, counter_end, tot_len, indefinite;
-  unsigned char *temp, *temp2;
-
-  counter = 0;
-
-  if (*(der - 1) & ASN1_CLASS_STRUCTURED)
-    {
-      tot_len = 0;
-      indefinite = MHD__asn1_get_length_der (der, *len, &len3);
-      if (indefinite < -1)
-        return ASN1_DER_ERROR;
-
-      counter += len3;
-      if (indefinite >= 0)
-        indefinite += len3;
-
-      while (1)
-        {
-          if (counter > (*len))
-            return ASN1_DER_ERROR;
-
-          if (indefinite == -1)
-            {
-              if ((der[counter] == 0) && (der[counter + 1] == 0))
-                {
-                  counter += 2;
-                  break;
-                }
-            }
-          else if (counter >= indefinite)
-            break;
-
-          if (der[counter] != ASN1_TAG_OCTET_STRING)
-            return ASN1_DER_ERROR;
-
-          counter++;
-
-          len2 =
-            MHD__asn1_get_length_der (der + counter, *len - counter, &len3);
-          if (len2 <= 0)
-            return ASN1_DER_ERROR;
-
-          counter += len3 + len2;
-          tot_len += len2;
-        }
-
-      /* copy */
-      if (node)
-        {
-          MHD__asn1_length_der (tot_len, NULL, &len2);
-          temp = MHD__asn1_alloca (len2 + tot_len);
-          if (temp == NULL)
-            {
-              return ASN1_MEM_ALLOC_ERROR;
-            }
-
-          MHD__asn1_length_der (tot_len, temp, &len2);
-          tot_len += len2;
-          temp2 = temp + len2;
-          len2 = MHD__asn1_get_length_der (der, *len, &len3);
-          if (len2 < -1)
-            {
-              MHD__asn1_afree (temp);
-              return ASN1_DER_ERROR;
-            }
-          counter2 = len3 + 1;
-
-          if (indefinite == -1)
-            counter_end = counter - 2;
-          else
-            counter_end = counter;
-
-          while (counter2 < counter_end)
-            {
-              len2 =
-                MHD__asn1_get_length_der (der + counter2, *len - counter,
-                                          &len3);
-              if (len2 < -1)
-                {
-                  MHD__asn1_afree (temp);
-                  return ASN1_DER_ERROR;
-                }
-
-              /* FIXME: to be checked. Is this ok? Has the
-               * size been checked before?
-               */
-              memcpy (temp2, der + counter2 + len3, len2);
-              temp2 += len2;
-              counter2 += len2 + len3 + 1;
-            }
-
-          MHD__asn1_set_value (node, temp, tot_len);
-          MHD__asn1_afree (temp);
-        }
-    }
-  else
-    {                           /* NOT STRUCTURED */
-      len2 = MHD__asn1_get_length_der (der, *len, &len3);
-      if (len2 < 0)
-        return ASN1_DER_ERROR;
-      if (len3 + len2 > *len)
-        return ASN1_DER_ERROR;
-      if (node)
-        MHD__asn1_set_value (node, der, len3 + len2);
-      counter = len3 + len2;
-    }
-
-  *len = counter;
-  return ASN1_SUCCESS;
-
-}
-
-
-static MHD__asn1_retCode
-MHD__asn1_get_indefinite_length_string (const unsigned char *der, int *len)
-{
-  int len2, len3, counter, indefinite;
-  unsigned long tag;
-  unsigned char class;
-
-  counter = indefinite = 0;
-
-  while (1)
-    {
-      if ((*len) < counter)
-        return ASN1_DER_ERROR;
-
-      if ((der[counter] == 0) && (der[counter + 1] == 0))
-        {
-          counter += 2;
-          indefinite--;
-          if (indefinite <= 0)
-            break;
-          else
-            continue;
-        }
-
-      if (MHD__asn1_get_tag_der
-          (der + counter, *len - counter, &class, &len2,
-           &tag) != ASN1_SUCCESS)
-        return ASN1_DER_ERROR;
-      if (counter + len2 > *len)
-        return ASN1_DER_ERROR;
-      counter += len2;
-      len2 = MHD__asn1_get_length_der (der + counter, *len - counter, &len3);
-      if (len2 < -1)
-        return ASN1_DER_ERROR;
-      if (len2 == -1)
-        {
-          indefinite++;
-          counter += 1;
-        }
-      else
-        {
-          counter += len2 + len3;
-        }
-    }
-
-  *len = counter;
-  return ASN1_SUCCESS;
-
-}
-
-
-/**
-  * MHD__asn1_der_decoding - Fill the structure *ELEMENT with values of a DER encoding string.
-  * @element: pointer to an ASN1 structure.
-  * @ider: vector that contains the DER encoding.
-  * @len: number of bytes of *@ider: @ider[0]..@ider[len-1].
-  * @errorDescription: null-terminated string contains details when an
-  *   error occurred.
-  *
-  * Fill the structure *ELEMENT with values of a DER encoding
-  * string. The sructure must just be created with function
-  * 'create_stucture'.  If an error occurs during the decoding
-  * procedure, the *ELEMENT is deleted and set equal to
-  * %ASN1_TYPE_EMPTY.
-  *
-  * Returns:
-  *
-  *   ASN1_SUCCESS: DER encoding OK.
-  *
-  *   ASN1_ELEMENT_NOT_FOUND: ELEMENT is ASN1_TYPE_EMPTY.
-  *
-  *   ASN1_TAG_ERROR,ASN1_DER_ERROR: The der encoding doesn't match
-  *     the structure NAME. *ELEMENT deleted.
-  **/
-
-MHD__asn1_retCode
-MHD__asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len,
-                        char *errorDescription)
-{
-  node_asn *node, *p, *p2, *p3;
-  char temp[128];
-  int counter, len2, len3, len4, move, ris, tlen;
-  unsigned char class, *temp2;
-  unsigned long tag;
-  int indefinite, result;
-  const unsigned char *der = ider;
-
-  node = *element;
-
-  if (node == ASN1_TYPE_EMPTY)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  if (node->type & CONST_OPTION)
-    {
-      MHD__asn1_delete_structure (element);
-      return ASN1_GENERIC_ERROR;
-    }
-
-  counter = 0;
-  move = DOWN;
-  p = node;
-  while (1)
-    {
-      ris = ASN1_SUCCESS;
-      if (move != UP)
-        {
-          if (p->type & CONST_SET)
-            {
-              p2 = MHD__asn1_find_up (p);
-              len2 = strtol ((const char *) p2->value, NULL, 10);
-              if (len2 == -1)
-                {
-                  if (!der[counter] && !der[counter + 1])
-                    {
-                      p = p2;
-                      move = UP;
-                      counter += 2;
-                      continue;
-                    }
-                }
-              else if (counter == len2)
-                {
-                  p = p2;
-                  move = UP;
-                  continue;
-                }
-              else if (counter > len2)
-                {
-                  MHD__asn1_delete_structure (element);
-                  return ASN1_DER_ERROR;
-                }
-              p2 = p2->down;
-              while (p2)
-                {
-                  if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
-                    {
-                      if (type_field (p2->type) != TYPE_CHOICE)
-                        ris =
-                          MHD__asn1_extract_tag_der (p2, der + counter,
-                                                     len - counter, &len2);
-                      else
-                        {
-                          p3 = p2->down;
-                          while (p3)
-                            {
-                              ris =
-                                MHD__asn1_extract_tag_der (p3, der + counter,
-                                                           len - counter,
-                                                           &len2);
-                              if (ris == ASN1_SUCCESS)
-                                break;
-                              p3 = p3->right;
-                            }
-                        }
-                      if (ris == ASN1_SUCCESS)
-                        {
-                          p2->type &= ~CONST_NOT_USED;
-                          p = p2;
-                          break;
-                        }
-                    }
-                  p2 = p2->right;
-                }
-              if (p2 == NULL)
-                {
-                  MHD__asn1_delete_structure (element);
-                  return ASN1_DER_ERROR;
-                }
-            }
-
-          if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
-            {
-              p2 = MHD__asn1_find_up (p);
-              len2 = strtol ((const char *) p2->value, NULL, 10);
-              if (counter == len2)
-                {
-                  if (p->right)
-                    {
-                      p2 = p->right;
-                      move = RIGHT;
-                    }
-                  else
-                    move = UP;
-
-                  if (p->type & CONST_OPTION)
-                    MHD__asn1_delete_structure (&p);
-
-                  p = p2;
-                  continue;
-                }
-            }
-
-          if (type_field (p->type) == TYPE_CHOICE)
-            {
-              while (p->down)
-                {
-                  if (counter < len)
-                    ris =
-                      MHD__asn1_extract_tag_der (p->down, der + counter,
-                                                 len - counter, &len2);
-                  else
-                    ris = ASN1_DER_ERROR;
-                  if (ris == ASN1_SUCCESS)
-                    {
-                      while (p->down->right)
-                        {
-                          p2 = p->down->right;
-                          MHD__asn1_delete_structure (&p2);
-                        }
-                      break;
-                    }
-                  else if (ris == ASN1_ERROR_TYPE_ANY)
-                    {
-                      MHD__asn1_delete_structure (element);
-                      return ASN1_ERROR_TYPE_ANY;
-                    }
-                  else
-                    {
-                      p2 = p->down;
-                      MHD__asn1_delete_structure (&p2);
-                    }
-                }
-
-              if (p->down == NULL)
-                {
-                  if (!(p->type & CONST_OPTION))
-                    {
-                      MHD__asn1_delete_structure (element);
-                      return ASN1_DER_ERROR;
-                    }
-                }
-              else
-                p = p->down;
-            }
-
-          if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
-            {
-              p2 = MHD__asn1_find_up (p);
-              len2 = strtol ((const char *) p2->value, NULL, 10);
-              if ((len2 != -1) && (counter > len2))
-                ris = ASN1_TAG_ERROR;
-            }
-
-          if (ris == ASN1_SUCCESS)
-            ris =
-              MHD__asn1_extract_tag_der (p, der + counter, len - counter,
-                                         &len2);
-          if (ris != ASN1_SUCCESS)
-            {
-              if (p->type & CONST_OPTION)
-                {
-                  p->type |= CONST_NOT_USED;
-                  move = RIGHT;
-                }
-              else if (p->type & CONST_DEFAULT)
-                {
-                  MHD__asn1_set_value (p, NULL, 0);
-                  move = RIGHT;
-                }
-              else
-                {
-                  if (errorDescription != NULL)
-                    MHD__asn1_error_description_tag_error (p,
-                                                           errorDescription);
-
-                  MHD__asn1_delete_structure (element);
-                  return ASN1_TAG_ERROR;
-                }
-            }
-          else
-            counter += len2;
-        }
-
-      if (ris == ASN1_SUCCESS)
-        {
-          switch (type_field (p->type))
-            {
-            case TYPE_NULL:
-              if (der[counter])
-                {
-                  MHD__asn1_delete_structure (element);
-                  return ASN1_DER_ERROR;
-                }
-              counter++;
-              move = RIGHT;
-              break;
-            case TYPE_BOOLEAN:
-              if (der[counter++] != 1)
-                {
-                  MHD__asn1_delete_structure (element);
-                  return ASN1_DER_ERROR;
-                }
-              if (der[counter++] == 0)
-                MHD__asn1_set_value (p, "F", 1);
-              else
-                MHD__asn1_set_value (p, "T", 1);
-              move = RIGHT;
-              break;
-            case TYPE_INTEGER:
-            case TYPE_ENUMERATED:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              if (len2 + len3 > len - counter)
-                return ASN1_DER_ERROR;
-              MHD__asn1_set_value (p, der + counter, len3 + len2);
-              counter += len3 + len2;
-              move = RIGHT;
-              break;
-            case TYPE_OBJECT_ID:
-              MHD__asn1_get_objectid_der (der + counter, len - counter, &len2,
-                                          temp, sizeof (temp));
-              tlen = strlen (temp);
-              if (tlen > 0)
-                MHD__asn1_set_value (p, temp, tlen + 1);
-              counter += len2;
-              move = RIGHT;
-              break;
-            case TYPE_TIME:
-              result =
-                MHD__asn1_get_time_der (der + counter, len - counter, &len2,
-                                        temp, sizeof (temp) - 1);
-              if (result != ASN1_SUCCESS)
-                {
-                  MHD__asn1_delete_structure (element);
-                  return result;
-                }
-              tlen = strlen (temp);
-              if (tlen > 0)
-                MHD__asn1_set_value (p, temp, tlen + 1);
-              counter += len2;
-              move = RIGHT;
-              break;
-            case TYPE_OCTET_STRING:
-              len3 = len - counter;
-              ris = MHD__asn1_get_octet_string (der + counter, p, &len3);
-              if (ris != ASN1_SUCCESS)
-                return ris;
-              counter += len3;
-              move = RIGHT;
-              break;
-            case TYPE_GENERALSTRING:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              if (len3 + len2 > len - counter)
-                return ASN1_DER_ERROR;
-              MHD__asn1_set_value (p, der + counter, len3 + len2);
-              counter += len3 + len2;
-              move = RIGHT;
-              break;
-            case TYPE_BIT_STRING:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              if (len3 + len2 > len - counter)
-                return ASN1_DER_ERROR;
-              MHD__asn1_set_value (p, der + counter, len3 + len2);
-              counter += len3 + len2;
-              move = RIGHT;
-              break;
-            case TYPE_SEQUENCE:
-            case TYPE_SET:
-              if (move == UP)
-                {
-                  len2 = strtol ((const char *) p->value, NULL, 10);
-                  MHD__asn1_set_value (p, NULL, 0);
-                  if (len2 == -1)
-                    {           /* indefinite length method */
-                      if (len - counter + 1 > 0)
-                        {
-                          if ((der[counter]) || der[counter + 1])
-                            {
-                              MHD__asn1_delete_structure (element);
-                              return ASN1_DER_ERROR;
-                            }
-                        }
-                      else
-                        return ASN1_DER_ERROR;
-                      counter += 2;
-                    }
-                  else
-                    {           /* definite length method */
-                      if (len2 != counter)
-                        {
-                          MHD__asn1_delete_structure (element);
-                          return ASN1_DER_ERROR;
-                        }
-                    }
-                  move = RIGHT;
-                }
-              else
-                {               /* move==DOWN || move==RIGHT */
-                  len3 =
-                    MHD__asn1_get_length_der (der + counter, len - counter,
-                                              &len2);
-                  if (len3 < -1)
-                    return ASN1_DER_ERROR;
-                  counter += len2;
-                  if (len3 > 0)
-                    {
-                      MHD__asn1_ltostr (counter + len3, temp);
-                      tlen = strlen (temp);
-                      if (tlen > 0)
-                        MHD__asn1_set_value (p, temp, tlen + 1);
-                      move = DOWN;
-                    }
-                  else if (len3 == 0)
-                    {
-                      p2 = p->down;
-                      while (p2)
-                        {
-                          if (type_field (p2->type) != TYPE_TAG)
-                            {
-                              p3 = p2->right;
-                              MHD__asn1_delete_structure (&p2);
-                              p2 = p3;
-                            }
-                          else
-                            p2 = p2->right;
-                        }
-                      move = RIGHT;
-                    }
-                  else
-                    {           /* indefinite length method */
-                      MHD__asn1_set_value (p, "-1", 3);
-                      move = DOWN;
-                    }
-                }
-              break;
-            case TYPE_SEQUENCE_OF:
-            case TYPE_SET_OF:
-              if (move == UP)
-                {
-                  len2 = strtol ((const char *) p->value, NULL, 10);
-                  if (len2 == -1)
-                    {           /* indefinite length method */
-                      if ((counter + 2) > len)
-                        return ASN1_DER_ERROR;
-                      if ((der[counter]) || der[counter + 1])
-                        {
-                          MHD__asn1_append_sequence_set (p);
-                          p = p->down;
-                          while (p->right)
-                            p = p->right;
-                          move = RIGHT;
-                          continue;
-                        }
-                      MHD__asn1_set_value (p, NULL, 0);
-                      counter += 2;
-                    }
-                  else
-                    {           /* definite length method */
-                      if (len2 > counter)
-                        {
-                          MHD__asn1_append_sequence_set (p);
-                          p = p->down;
-                          while (p->right)
-                            p = p->right;
-                          move = RIGHT;
-                          continue;
-                        }
-                      MHD__asn1_set_value (p, NULL, 0);
-                      if (len2 != counter)
-                        {
-                          MHD__asn1_delete_structure (element);
-                          return ASN1_DER_ERROR;
-                        }
-                    }
-                }
-              else
-                {               /* move==DOWN || move==RIGHT */
-                  len3 =
-                    MHD__asn1_get_length_der (der + counter, len - counter,
-                                              &len2);
-                  if (len3 < -1)
-                    return ASN1_DER_ERROR;
-                  counter += len2;
-                  if (len3)
-                    {
-                      if (len3 > 0)
-                        {       /* definite length method */
-                          MHD__asn1_ltostr (counter + len3, temp);
-                          tlen = strlen (temp);
-
-                          if (tlen > 0)
-                            MHD__asn1_set_value (p, temp, tlen + 1);
-                        }
-                      else
-                        {       /* indefinite length method */
-                          MHD__asn1_set_value (p, "-1", 3);
-                        }
-                      p2 = p->down;
-                      while ((type_field (p2->type) == TYPE_TAG)
-                             || (type_field (p2->type) == TYPE_SIZE))
-                        p2 = p2->right;
-                      if (p2->right == NULL)
-                        MHD__asn1_append_sequence_set (p);
-                      p = p2;
-                    }
-                }
-              move = RIGHT;
-              break;
-            case TYPE_ANY:
-              if (MHD__asn1_get_tag_der
-                  (der + counter, len - counter, &class, &len2,
-                   &tag) != ASN1_SUCCESS)
-                return ASN1_DER_ERROR;
-              if (counter + len2 > len)
-                return ASN1_DER_ERROR;
-              len4 =
-                MHD__asn1_get_length_der (der + counter + len2,
-                                          len - counter - len2, &len3);
-              if (len4 < -1)
-                return ASN1_DER_ERROR;
-              if (len4 > len - counter + len2 + len3)
-                return ASN1_DER_ERROR;
-              if (len4 != -1)
-                {
-                  len2 += len4;
-                  MHD__asn1_length_der (len2 + len3, NULL, &len4);
-                  temp2 =
-                    (unsigned char *) MHD__asn1_alloca (len2 + len3 + len4);
-                  if (temp2 == NULL)
-                    {
-                      MHD__asn1_delete_structure (element);
-                      return ASN1_MEM_ALLOC_ERROR;
-                    }
-
-                  MHD__asn1_octet_der (der + counter, len2 + len3, temp2,
-                                       &len4);
-                  MHD__asn1_set_value (p, temp2, len4);
-                  MHD__asn1_afree (temp2);
-                  counter += len2 + len3;
-                }
-              else
-                {               /* indefinite length */
-                  /* Check indefinite lenth method in an EXPLICIT TAG */
-                  if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
-                    indefinite = 1;
-                  else
-                    indefinite = 0;
-
-                  len2 = len - counter;
-                  ris =
-                    MHD__asn1_get_indefinite_length_string (der + counter,
-                                                            &len2);
-                  if (ris != ASN1_SUCCESS)
-                    {
-                      MHD__asn1_delete_structure (element);
-                      return ris;
-                    }
-                  MHD__asn1_length_der (len2, NULL, &len4);
-                  temp2 = (unsigned char *) MHD__asn1_alloca (len2 + len4);
-                  if (temp2 == NULL)
-                    {
-                      MHD__asn1_delete_structure (element);
-                      return ASN1_MEM_ALLOC_ERROR;
-                    }
-
-                  MHD__asn1_octet_der (der + counter, len2, temp2, &len4);
-                  MHD__asn1_set_value (p, temp2, len4);
-                  MHD__asn1_afree (temp2);
-                  counter += len2;
-
-                  /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
-                     an indefinite length method. */
-                  if (indefinite)
-                    {
-                      if (!der[counter] && !der[counter + 1])
-                        {
-                          counter += 2;
-                        }
-                      else
-                        {
-                          MHD__asn1_delete_structure (element);
-                          return ASN1_DER_ERROR;
-                        }
-                    }
-                }
-              move = RIGHT;
-              break;
-            default:
-              move = (move == UP) ? RIGHT : DOWN;
-              break;
-            }
-        }
-
-      if (p == node && move != DOWN)
-        break;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-      if ((move == RIGHT) && !(p->type & CONST_SET))
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-  MHD__asn1_delete_not_used (*element);
-
-  if (counter != len)
-    {
-      MHD__asn1_delete_structure (element);
-      return ASN1_DER_ERROR;
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-/**
-  * MHD__asn1_der_decoding_startEnd - Find the start and end point of an element in a DER encoding string.
-  * @element: pointer to an ASN1 element
-  * @ider: vector that contains the DER encoding.
-  * @len: number of bytes of *@ider: @ider[0]..@ider[len-1]
-  * @name_element: an element of NAME structure.
-  * @start: the position of the first byte of NAME_ELEMENT decoding
-  *   (@ider[*start])
-  * @end: the position of the last byte of NAME_ELEMENT decoding
-  *  (@ider[*end])
-  *
-  * Find the start and end point of an element in a DER encoding
-  * string. I mean that if you have a der encoding and you have
-  * already used the function "MHD__asn1_der_decoding" to fill a structure,
-  * it may happen that you want to find the piece of string concerning
-  * an element of the structure.
-  *
-  * Example: the sequence "tbsCertificate" inside an X509 certificate.
-  *
-  * Returns:
-  *
-  *   ASN1_SUCCESS: DER encoding OK.
-  *
-  *   ASN1_ELEMENT_NOT_FOUND: ELEMENT is ASN1_TYPE EMPTY or
-  *   NAME_ELEMENT is not a valid element.
-  *
-  *   ASN1_TAG_ERROR,ASN1_DER_ERROR: the der encoding doesn't match
-  *   the structure ELEMENT.
-  *
-  **/
-MHD__asn1_retCode
-MHD__asn1_der_decoding_startEnd (ASN1_TYPE element, const void *ider, int len,
-                                 const char *name_element, int *start,
-                                 int *end)
-{
-  node_asn *node, *node_to_find, *p, *p2, *p3;
-  int counter, len2, len3, len4, move, ris;
-  unsigned char class;
-  unsigned long tag;
-  int indefinite;
-  const unsigned char *der = ider;
-
-  node = element;
-
-  if (node == ASN1_TYPE_EMPTY)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  node_to_find = MHD__asn1_find_node (node, name_element);
-
-  if (node_to_find == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  if (node_to_find == node)
-    {
-      *start = 0;
-      *end = len - 1;
-      return ASN1_SUCCESS;
-    }
-
-  if (node->type & CONST_OPTION)
-    return ASN1_GENERIC_ERROR;
-
-  counter = 0;
-  move = DOWN;
-  p = node;
-  while (1)
-    {
-      ris = ASN1_SUCCESS;
-
-      if (move != UP)
-        {
-          if (p->type & CONST_SET)
-            {
-              p2 = MHD__asn1_find_up (p);
-              len2 = strtol ((const char *) p2->value, NULL, 10);
-              if (len2 == -1)
-                {
-                  if (!der[counter] && !der[counter + 1])
-                    {
-                      p = p2;
-                      move = UP;
-                      counter += 2;
-                      continue;
-                    }
-                }
-              else if (counter == len2)
-                {
-                  p = p2;
-                  move = UP;
-                  continue;
-                }
-              else if (counter > len2)
-                return ASN1_DER_ERROR;
-              p2 = p2->down;
-              while (p2)
-                {
-                  if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
-                    {           /* CONTROLLARE */
-                      if (type_field (p2->type) != TYPE_CHOICE)
-                        ris =
-                          MHD__asn1_extract_tag_der (p2, der + counter,
-                                                     len - counter, &len2);
-                      else
-                        {
-                          p3 = p2->down;
-                          ris =
-                            MHD__asn1_extract_tag_der (p3, der + counter,
-                                                       len - counter, &len2);
-                        }
-                      if (ris == ASN1_SUCCESS)
-                        {
-                          p2->type &= ~CONST_NOT_USED;
-                          p = p2;
-                          break;
-                        }
-                    }
-                  p2 = p2->right;
-                }
-              if (p2 == NULL)
-                return ASN1_DER_ERROR;
-            }
-
-          if (p == node_to_find)
-            *start = counter;
-
-          if (type_field (p->type) == TYPE_CHOICE)
-            {
-              p = p->down;
-              ris =
-                MHD__asn1_extract_tag_der (p, der + counter, len - counter,
-                                           &len2);
-              if (p == node_to_find)
-                *start = counter;
-            }
-
-          if (ris == ASN1_SUCCESS)
-            ris =
-              MHD__asn1_extract_tag_der (p, der + counter, len - counter,
-                                         &len2);
-          if (ris != ASN1_SUCCESS)
-            {
-              if (p->type & CONST_OPTION)
-                {
-                  p->type |= CONST_NOT_USED;
-                  move = RIGHT;
-                }
-              else if (p->type & CONST_DEFAULT)
-                {
-                  move = RIGHT;
-                }
-              else
-                {
-                  return ASN1_TAG_ERROR;
-                }
-            }
-          else
-            counter += len2;
-        }
-
-      if (ris == ASN1_SUCCESS)
-        {
-          switch (type_field (p->type))
-            {
-            case TYPE_NULL:
-              if (der[counter])
-                return ASN1_DER_ERROR;
-              counter++;
-              move = RIGHT;
-              break;
-            case TYPE_BOOLEAN:
-              if (der[counter++] != 1)
-                return ASN1_DER_ERROR;
-              counter++;
-              move = RIGHT;
-              break;
-            case TYPE_INTEGER:
-            case TYPE_ENUMERATED:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              counter += len3 + len2;
-              move = RIGHT;
-              break;
-            case TYPE_OBJECT_ID:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              counter += len2 + len3;
-              move = RIGHT;
-              break;
-            case TYPE_TIME:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              counter += len2 + len3;
-              move = RIGHT;
-              break;
-            case TYPE_OCTET_STRING:
-              len3 = len - counter;
-              ris = MHD__asn1_get_octet_string (der + counter, NULL, &len3);
-              if (ris != ASN1_SUCCESS)
-                return ris;
-              counter += len3;
-              move = RIGHT;
-              break;
-            case TYPE_GENERALSTRING:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              counter += len3 + len2;
-              move = RIGHT;
-              break;
-            case TYPE_BIT_STRING:
-              len2 =
-                MHD__asn1_get_length_der (der + counter, len - counter,
-                                          &len3);
-              if (len2 < 0)
-                return ASN1_DER_ERROR;
-              counter += len3 + len2;
-              move = RIGHT;
-              break;
-            case TYPE_SEQUENCE:
-            case TYPE_SET:
-              if (move != UP)
-                {
-                  len3 =
-                    MHD__asn1_get_length_der (der + counter, len - counter,
-                                              &len2);
-                  if (len3 < -1)
-                    return ASN1_DER_ERROR;
-                  counter += len2;
-                  if (len3 == 0)
-                    move = RIGHT;
-                  else
-                    move = DOWN;
-                }
-              else
-                {
-                  if (!der[counter] && !der[counter + 1])       /* indefinite length method */
-                    counter += 2;
-                  move = RIGHT;
-                }
-              break;
-            case TYPE_SEQUENCE_OF:
-            case TYPE_SET_OF:
-              if (move != UP)
-                {
-                  len3 =
-                    MHD__asn1_get_length_der (der + counter, len - counter,
-                                              &len2);
-                  if (len3 < -1)
-                    return ASN1_DER_ERROR;
-                  counter += len2;
-                  if ((len3 == -1) && !der[counter] && !der[counter + 1])
-                    counter += 2;
-                  else if (len3)
-                    {
-                      p2 = p->down;
-                      while ((type_field (p2->type) == TYPE_TAG) ||
-                             (type_field (p2->type) == TYPE_SIZE))
-                        p2 = p2->right;
-                      p = p2;
-                    }
-                }
-              else
-                {
-                  if (!der[counter] && !der[counter + 1])       /* indefinite length method */
-                    counter += 2;
-                }
-              move = RIGHT;
-              break;
-            case TYPE_ANY:
-              if (MHD__asn1_get_tag_der
-                  (der + counter, len - counter, &class, &len2,
-                   &tag) != ASN1_SUCCESS)
-                return ASN1_DER_ERROR;
-              if (counter + len2 > len)
-                return ASN1_DER_ERROR;
-
-              len4 =
-                MHD__asn1_get_length_der (der + counter + len2,
-                                          len - counter - len2, &len3);
-              if (len4 < -1)
-                return ASN1_DER_ERROR;
-
-              if (len4 != -1)
-                {
-                  counter += len2 + len4 + len3;
-                }
-              else
-                {               /* indefinite length */
-                  /* Check indefinite lenth method in an EXPLICIT TAG */
-                  if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
-                    indefinite = 1;
-                  else
-                    indefinite = 0;
-
-                  len2 = len - counter;
-                  ris =
-                    MHD__asn1_get_indefinite_length_string (der + counter,
-                                                            &len2);
-                  if (ris != ASN1_SUCCESS)
-                    return ris;
-                  counter += len2;
-
-                  /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
-                     an indefinite length method. */
-                  if (indefinite)
-                    {
-                      if (!der[counter] && !der[counter + 1])
-                        counter += 2;
-                      else
-                        return ASN1_DER_ERROR;
-                    }
-                }
-              move = RIGHT;
-              break;
-            default:
-              move = (move == UP) ? RIGHT : DOWN;
-              break;
-            }
-        }
-
-      if ((p == node_to_find) && (move == RIGHT))
-        {
-          *end = counter - 1;
-          return ASN1_SUCCESS;
-        }
-
-      if (p == node && move != DOWN)
-        break;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-      if ((move == RIGHT) && !(p->type & CONST_SET))
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-  return ASN1_ELEMENT_NOT_FOUND;
-}

src/daemon/https/minitasn1/element.c

@@ -1,902 +0,0 @@
-/*
- *      Copyright (C) 2004, 2006 Free Software Foundation
- *      Copyright (C) 2000, 2001, 2002, 2003 Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-/*****************************************************/
-/* File: element.c                                   */
-/* Description: Functions with the read and write    */
-/*   functions.                                      */
-/*****************************************************/
-
-
-#include <int.h>
-#include "parser_aux.h"
-#include <gstr.h>
-#include "structure.h"
-
-void
-MHD__asn1_hierarchical_name (node_asn * node, char *name, int name_size)
-{
-  node_asn *p;
-  char tmp_name[64];
-
-  p = node;
-
-  name[0] = 0;
-
-  while (p != NULL)
-    {
-      if (p->name != NULL)
-        {
-          MHD__asn1_str_cpy (tmp_name, sizeof (tmp_name), name),
-            MHD__asn1_str_cpy (name, name_size, p->name);
-          MHD__asn1_str_cat (name, name_size, ".");
-          MHD__asn1_str_cat (name, name_size, tmp_name);
-        }
-      p = MHD__asn1_find_up (p);
-    }
-
-  if (name[0] == 0)
-    MHD__asn1_str_cpy (name, name_size, "ROOT");
-}
-
-
-/******************************************************************/
-/* Function : MHD__asn1_convert_integer                               */
-/* Description: converts an integer from a null terminated string */
-/*              to der decoding. The convertion from a null       */
-/*              terminated string to an integer is made with      */
-/*              the 'strtol' function.                            */
-/* Parameters:                                                    */
-/*   value: null terminated string to convert.                    */
-/*   value_out: convertion result (memory must be already         */
-/*              allocated).                                       */
-/*   value_out_size: number of bytes of value_out.                */
-/*   len: number of significant byte of value_out.                */
-/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS                         */
-/******************************************************************/
-MHD__asn1_retCode
-MHD__asn1_convert_integer (const char *value, unsigned char *value_out,
-                           int value_out_size, int *len)
-{
-  char negative;
-  unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
-  long valtmp;
-  int k, k2;
-
-  valtmp = strtol (value, NULL, 10);
-
-  for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
-    {
-      val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF;
-    }
-
-  if (val[0] & 0x80)
-    negative = 1;
-  else
-    negative = 0;
-
-  for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++)
-    {
-      if (negative && (val[k] != 0xFF))
-        break;
-      else if (!negative && val[k])
-        break;
-    }
-
-  if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80)))
-    k--;
-
-  *len = SIZEOF_UNSIGNED_LONG_INT - k;
-
-  if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
-    /* VALUE_OUT is too short to contain the value conversion */
-    return ASN1_MEM_ERROR;
-
-  for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
-    value_out[k2 - k] = val[k2];
-
-  return ASN1_SUCCESS;
-}
-
-
-int
-MHD__asn1_append_sequence_set (node_asn * node)
-{
-  node_asn *p, *p2;
-  char temp[10];
-  long n;
-
-  if (!node || !(node->down))
-    return ASN1_GENERIC_ERROR;
-
-  p = node->down;
-  while ((type_field (p->type) == TYPE_TAG)
-         || (type_field (p->type) == TYPE_SIZE))
-    p = p->right;
-  p2 = MHD__asn1_copy_structure3 (p);
-  while (p->right)
-    p = p->right;
-  MHD__asn1_set_right (p, p2);
-
-  if (p->name == NULL)
-    MHD__asn1_str_cpy (temp, sizeof (temp), "?1");
-  else
-    {
-      n = strtol (p->name + 1, NULL, 0);
-      n++;
-      temp[0] = '?';
-      MHD__asn1_ltostr (n, temp + 1);
-    }
-  MHD__asn1_set_name (p2, temp);
-  /*  p2->type |= CONST_OPTION; */
-
-  return ASN1_SUCCESS;
-}
-
-
-/**
-  * MHD__asn1_write_value - Set the value of one element inside a structure.
-  * @node_root: pointer to a structure
-  * @name: the name of the element inside the structure that you want to set.
-  * @ivalue: vector used to specify the value to set. If len is >0,
-  *   VALUE must be a two's complement form integer.  if len=0 *VALUE
-  *   must be a null terminated string with an integer value.
-  * @len: number of bytes of *value to use to set the value:
-  *   value[0]..value[len-1] or 0 if value is a null terminated string
-  *
-  * Set the value of one element inside a structure.
-  *
-  * If an element is OPTIONAL and you want to delete it, you must use
-  * the value=NULL and len=0.  Using "pkix.asn":
-  *
-  * result=MHD__asn1_write_value(cert, "tbsCertificate.issuerUniqueID",
-  * NULL, 0);
-  *
-  * Description for each type:
-  *
-  * INTEGER: VALUE must contain a two's complement form integer.
-  *
-  *            value[0]=0xFF ,               len=1 -> integer=-1.
-  *            value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1.
-  *            value[0]=0x01 ,               len=1 -> integer= 1.
-  *            value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1.
-  *            value="123"                 , len=0 -> integer= 123.
-  *
-  * ENUMERATED: As INTEGER (but only with not negative numbers).
-  *
-  * BOOLEAN: VALUE must be the null terminated string "TRUE" or
-  *   "FALSE" and LEN != 0.
-  *
-  *            value="TRUE" , len=1 -> boolean=TRUE.
-  *            value="FALSE" , len=1 -> boolean=FALSE.
-  *
-  * OBJECT IDENTIFIER: VALUE must be a null terminated string with
-  *   each number separated by a dot (e.g. "1.2.3.543.1").  LEN != 0.
-  *
-  *            value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha.
-  *
-  * UTCTime: VALUE must be a null terminated string in one of these
-  *   formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ",
-  *   "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'",
-  *   "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'".  LEN != 0.
-  *
-  *            value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998
-  *            at 12h 00m Greenwich Mean Time
-  *
-  * GeneralizedTime: VALUE must be in one of this format:
-  *   "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ",
-  *   "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'",
-  *   "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s
-  *   indicates the seconds with any precision like "10.1" or "01.02".
-  *   LEN != 0
-  *
-  *            value="2001010112001.12-0700" , len=1 -> time=Jannuary
-  *            1st, 2001 at 12h 00m 01.12s Pacific Daylight Time
-  *
-  * OCTET STRING: VALUE contains the octet string and LEN is the
-  *   number of octets.
-  *
-  *            value="$\backslash$x01$\backslash$x02$\backslash$x03" ,
-  *            len=3 -> three bytes octet string
-  *
-  * GeneralString: VALUE contains the generalstring and LEN is the
-  *   number of octets.
-  *
-  *            value="$\backslash$x01$\backslash$x02$\backslash$x03" ,
-  *            len=3 -> three bytes generalstring
-  *
-  * BIT STRING: VALUE contains the bit string organized by bytes and
-  *   LEN is the number of bits.
-  *
-  *   value="$\backslash$xCF" , len=6 -> bit string="110011" (six
-  *   bits)
-  *
-  * CHOICE: if NAME indicates a choice type, VALUE must specify one of
-  *   the alternatives with a null terminated string. LEN != 0. Using
-  *   "pkix.asn"\:
-  *
-  *           result=MHD__asn1_write_value(cert,
-  *           "certificate1.tbsCertificate.subject", "rdnSequence",
-  *           1);
-  *
-  * ANY: VALUE indicates the der encoding of a structure.  LEN != 0.
-  *
-  * SEQUENCE OF: VALUE must be the null terminated string "NEW" and
-  *   LEN != 0. With this instruction another element is appended in
-  *   the sequence. The name of this element will be "?1" if it's the
-  *   first one, "?2" for the second and so on.
-  *
-  *   Using "pkix.asn"\:
-  *
-  *   result=MHD__asn1_write_value(cert,
-  *   "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1);
-  *
-  * SET OF: the same as SEQUENCE OF.  Using "pkix.asn":
-  *
-  *           result=MHD__asn1_write_value(cert,
-  *           "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1);
-  *
-  * Returns:
-  *
-  *   ASN1_SUCCESS: Set value OK.
-  *
-  *   ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
-  *
-  *   ASN1_VALUE_NOT_VALID: VALUE has a wrong format.
-  *
-  **/
-MHD__asn1_retCode
-MHD__asn1_write_value (ASN1_TYPE node_root, const char *name,
-                       const void *ivalue, int len)
-{
-  node_asn *node, *p, *p2;
-  unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
-  int len2, k, k2, negative;
-  const char *value = ivalue;
-
-  node = MHD__asn1_find_node (node_root, name);
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0))
-    {
-      MHD__asn1_delete_structure (&node);
-      return ASN1_SUCCESS;
-    }
-
-  if ((type_field (node->type) == TYPE_SEQUENCE_OF) && (value == NULL)
-      && (len == 0))
-    {
-      p = node->down;
-      while ((type_field (p->type) == TYPE_TAG)
-             || (type_field (p->type) == TYPE_SIZE))
-        p = p->right;
-
-      while (p->right)
-        MHD__asn1_delete_structure (&p->right);
-
-      return ASN1_SUCCESS;
-    }
-
-  switch (type_field (node->type))
-    {
-    case TYPE_BOOLEAN:
-      if (!strcmp (value, "TRUE"))
-        {
-          if (node->type & CONST_DEFAULT)
-            {
-              p = node->down;
-              while (type_field (p->type) != TYPE_DEFAULT)
-                p = p->right;
-              if (p->type & CONST_TRUE)
-                MHD__asn1_set_value (node, NULL, 0);
-              else
-                MHD__asn1_set_value (node, "T", 1);
-            }
-          else
-            MHD__asn1_set_value (node, "T", 1);
-        }
-      else if (!strcmp (value, "FALSE"))
-        {
-          if (node->type & CONST_DEFAULT)
-            {
-              p = node->down;
-              while (type_field (p->type) != TYPE_DEFAULT)
-                p = p->right;
-              if (p->type & CONST_FALSE)
-                MHD__asn1_set_value (node, NULL, 0);
-              else
-                MHD__asn1_set_value (node, "F", 1);
-            }
-          else
-            MHD__asn1_set_value (node, "F", 1);
-        }
-      else
-        return ASN1_VALUE_NOT_VALID;
-      break;
-    case TYPE_INTEGER:
-    case TYPE_ENUMERATED:
-      if (len == 0)
-        {
-          if ((isdigit ((unsigned char) value[0])) || (value[0] == '-'))
-            {
-              value_temp =
-                (unsigned char *) MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT);
-              if (value_temp == NULL)
-                return ASN1_MEM_ALLOC_ERROR;
-
-              MHD__asn1_convert_integer (value, value_temp,
-                                         SIZEOF_UNSIGNED_LONG_INT, &len);
-            }
-          else
-            {                   /* is an identifier like v1 */
-              if (!(node->type & CONST_LIST))
-                return ASN1_VALUE_NOT_VALID;
-              p = node->down;
-              while (p)
-                {
-                  if (type_field (p->type) == TYPE_CONSTANT)
-                    {
-                      if ((p->name) && (!strcmp (p->name, value)))
-                        {
-                          value_temp =
-                            (unsigned char *)
-                            MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT);
-                          if (value_temp == NULL)
-                            return ASN1_MEM_ALLOC_ERROR;
-
-                          MHD__asn1_convert_integer ((const char *) p->value,
-                                                     value_temp,
-                                                     SIZEOF_UNSIGNED_LONG_INT,
-                                                     &len);
-                          break;
-                        }
-                    }
-                  p = p->right;
-                }
-              if (p == NULL)
-                return ASN1_VALUE_NOT_VALID;
-            }
-        }
-      else
-        {                       /* len != 0 */
-          value_temp = (unsigned char *) MHD__asn1_alloca (len);
-          if (value_temp == NULL)
-            return ASN1_MEM_ALLOC_ERROR;
-          memcpy (value_temp, value, len);
-        }
-
-
-      if (value_temp[0] & 0x80)
-        negative = 1;
-      else
-        negative = 0;
-
-      if (negative && (type_field (node->type) == TYPE_ENUMERATED))
-        {
-          MHD__asn1_afree (value_temp);
-          return ASN1_VALUE_NOT_VALID;
-        }
-
-      for (k = 0; k < len - 1; k++)
-        if (negative && (value_temp[k] != 0xFF))
-          break;
-        else if (!negative && value_temp[k])
-          break;
-
-      if ((negative && !(value_temp[k] & 0x80)) ||
-          (!negative && (value_temp[k] & 0x80)))
-        k--;
-
-      MHD__asn1_length_der (len - k, NULL, &len2);
-      temp = (unsigned char *) MHD__asn1_alloca (len - k + len2);
-      if (temp == NULL)
-        {
-          MHD__asn1_afree (value_temp);
-          return ASN1_MEM_ALLOC_ERROR;
-        }
-
-      MHD__asn1_octet_der (value_temp + k, len - k, temp, &len2);
-      MHD__asn1_set_value (node, temp, len2);
-
-      MHD__asn1_afree (temp);
-
-
-      if (node->type & CONST_DEFAULT)
-        {
-          p = node->down;
-          while (type_field (p->type) != TYPE_DEFAULT)
-            p = p->right;
-          if ((isdigit ((unsigned char) p->value[0])) || (p->value[0] == '-'))
-            {
-              default_temp =
-                (unsigned char *) MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT);
-              if (default_temp == NULL)
-                {
-                  MHD__asn1_afree (value_temp);
-                  return ASN1_MEM_ALLOC_ERROR;
-                }
-
-              MHD__asn1_convert_integer ((const char *) p->value,
-                                         default_temp,
-                                         SIZEOF_UNSIGNED_LONG_INT, &len2);
-            }
-          else
-            {                   /* is an identifier like v1 */
-              if (!(node->type & CONST_LIST))
-                {
-                  MHD__asn1_afree (value_temp);
-                  return ASN1_VALUE_NOT_VALID;
-                }
-              p2 = node->down;
-              while (p2)
-                {
-                  if (type_field (p2->type) == TYPE_CONSTANT)
-                    {
-                      if ((p2->name)
-                          && (!strcmp (p2->name, (const char *) p->value)))
-                        {
-                          default_temp =
-                            (unsigned char *)
-                            MHD__asn1_alloca (SIZEOF_UNSIGNED_LONG_INT);
-                          if (default_temp == NULL)
-                            {
-                              MHD__asn1_afree (value_temp);
-                              return ASN1_MEM_ALLOC_ERROR;
-                            }
-
-                          MHD__asn1_convert_integer ((const char *) p2->value,
-                                                     default_temp,
-                                                     SIZEOF_UNSIGNED_LONG_INT,
-                                                     &len2);
-                          break;
-                        }
-                    }
-                  p2 = p2->right;
-                }
-              if (p2 == NULL)
-                {
-                  MHD__asn1_afree (value_temp);
-                  return ASN1_VALUE_NOT_VALID;
-                }
-            }
-
-
-          if ((len - k) == len2)
-            {
-              for (k2 = 0; k2 < len2; k2++)
-                if (value_temp[k + k2] != default_temp[k2])
-                  {
-                    break;
-                  }
-              if (k2 == len2)
-                MHD__asn1_set_value (node, NULL, 0);
-            }
-          MHD__asn1_afree (default_temp);
-        }
-      MHD__asn1_afree (value_temp);
-      break;
-    case TYPE_OBJECT_ID:
-      for (k = 0; k < strlen (value); k++)
-        if ((!isdigit ((unsigned char) value[k])) && (value[k] != '.') && (value[k] != '+'))
-          return ASN1_VALUE_NOT_VALID;
-      if (node->type & CONST_DEFAULT)
-        {
-          p = node->down;
-          while (type_field (p->type) != TYPE_DEFAULT)
-            p = p->right;
-          if (!strcmp (value, (const char *) p->value))
-            {
-              MHD__asn1_set_value (node, NULL, 0);
-              break;
-            }
-        }
-      MHD__asn1_set_value (node, value, strlen (value) + 1);
-      break;
-    case TYPE_TIME:
-      if (node->type & CONST_UTC)
-        {
-          if (strlen (value) < 11)
-            return ASN1_VALUE_NOT_VALID;
-          for (k = 0; k < 10; k++)
-            if (!isdigit ( (unsigned char) value[k]))
-              return ASN1_VALUE_NOT_VALID;
-          switch (strlen (value))
-            {
-            case 11:
-              if (value[10] != 'Z')
-                return ASN1_VALUE_NOT_VALID;
-              break;
-            case 13:
-              if ((!isdigit ( (unsigned char) value[10])) || (!isdigit ( (unsigned char) value[11])) ||
-                  (value[12] != 'Z'))
-                return ASN1_VALUE_NOT_VALID;
-              break;
-            case 15:
-              if ((value[10] != '+') && (value[10] != '-'))
-                return ASN1_VALUE_NOT_VALID;
-              for (k = 11; k < 15; k++)
-                if (!isdigit ( (unsigned char) value[k]))
-                  return ASN1_VALUE_NOT_VALID;
-              break;
-            case 17:
-              if ((!isdigit ( (unsigned char) value[10])) || (!isdigit ( (unsigned char) value[11])))
-                return ASN1_VALUE_NOT_VALID;
-              if ((value[12] != '+') && (value[12] != '-'))
-                return ASN1_VALUE_NOT_VALID;
-              for (k = 13; k < 17; k++)
-                if (!isdigit ( (unsigned char) value[k]))
-                  return ASN1_VALUE_NOT_VALID;
-              break;
-            default:
-              return ASN1_VALUE_NOT_FOUND;
-            }
-          MHD__asn1_set_value (node, value, strlen (value) + 1);
-        }
-      else
-        {                       /* GENERALIZED TIME */
-          if (value)
-            MHD__asn1_set_value (node, value, strlen (value) + 1);
-        }
-      break;
-    case TYPE_OCTET_STRING:
-      if (len == 0)
-        len = strlen (value);
-      MHD__asn1_length_der (len, NULL, &len2);
-      temp = (unsigned char *) MHD__asn1_alloca (len + len2);
-      if (temp == NULL)
-        return ASN1_MEM_ALLOC_ERROR;
-
-      MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2);
-      MHD__asn1_set_value (node, temp, len2);
-      MHD__asn1_afree (temp);
-      break;
-    case TYPE_GENERALSTRING:
-      if (len == 0)
-        len = strlen (value);
-      MHD__asn1_length_der (len, NULL, &len2);
-      temp = (unsigned char *) MHD__asn1_alloca (len + len2);
-      if (temp == NULL)
-        return ASN1_MEM_ALLOC_ERROR;
-
-      MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2);
-      MHD__asn1_set_value (node, temp, len2);
-      MHD__asn1_afree (temp);
-      break;
-    case TYPE_BIT_STRING:
-      if (len == 0)
-        len = strlen (value);
-      MHD__asn1_length_der ((len >> 3) + 2, NULL, &len2);
-      temp = (unsigned char *) MHD__asn1_alloca ((len >> 3) + 2 + len2);
-      if (temp == NULL)
-        return ASN1_MEM_ALLOC_ERROR;
-
-      MHD__asn1_bit_der ((const unsigned char *) value, len, temp, &len2);
-      MHD__asn1_set_value (node, temp, len2);
-      MHD__asn1_afree (temp);
-      break;
-    case TYPE_CHOICE:
-      p = node->down;
-      while (p)
-        {
-          if (!strcmp (p->name, value))
-            {
-              p2 = node->down;
-              while (p2)
-                {
-                  if (p2 != p)
-                    {
-                      MHD__asn1_delete_structure (&p2);
-                      p2 = node->down;
-                    }
-                  else
-                    p2 = p2->right;
-                }
-              break;
-            }
-          p = p->right;
-        }
-      if (!p)
-        return ASN1_ELEMENT_NOT_FOUND;
-      break;
-    case TYPE_ANY:
-      MHD__asn1_length_der (len, NULL, &len2);
-      temp = (unsigned char *) MHD__asn1_alloca (len + len2);
-      if (temp == NULL)
-        return ASN1_MEM_ALLOC_ERROR;
-
-      MHD__asn1_octet_der ((const unsigned char *) value, len, temp, &len2);
-      MHD__asn1_set_value (node, temp, len2);
-      MHD__asn1_afree (temp);
-      break;
-    case TYPE_SEQUENCE_OF:
-    case TYPE_SET_OF:
-      if (strcmp (value, "NEW"))
-        return ASN1_VALUE_NOT_VALID;
-      MHD__asn1_append_sequence_set (node);
-      break;
-    default:
-      return ASN1_ELEMENT_NOT_FOUND;
-      break;
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-#define PUT_VALUE( ptr, ptr_size, data, data_size) \
-	*len = data_size; \
-	if (ptr_size < data_size) { \
-		return ASN1_MEM_ERROR; \
-	} else { \
-		memcpy( ptr, data, data_size); \
-	}
-
-#define PUT_STR_VALUE( ptr, ptr_size, data) \
-	*len = strlen(data) + 1; \
-	if (ptr_size < *len) { \
-		return ASN1_MEM_ERROR; \
-	} else { \
-		/* this strcpy is checked */ \
-		strcpy(ptr, data); \
-	}
-
-#define ADD_STR_VALUE( ptr, ptr_size, data) \
-	*len = strlen(data) + 1; \
-	if (ptr_size < strlen(ptr)+(*len)) { \
-		return ASN1_MEM_ERROR; \
-	} else { \
-		/* this strcat is checked */ \
-		strcat(ptr, data); \
-	}
-
-/**
-  * MHD__asn1_read_value - Returns the value of one element inside a structure
-  * @root: pointer to a structure.
-  * @name: the name of the element inside a structure that you want to read.
-  * @ivalue: vector that will contain the element's content, must be a
-  *   pointer to memory cells already allocated.
-  * @len: number of bytes of *value: value[0]..value[len-1]. Initialy
-  *   holds the sizeof value.
-  *
-  * Returns the value of one element inside a structure.
-  *
-  * If an element is OPTIONAL and the function "read_value" returns
-  * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present
-  * in the der encoding that created the structure.  The first element
-  * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and
-  * so on.
-  *
-  * INTEGER: VALUE will contain a two's complement form integer.
-  *
-  *            integer=-1  -> value[0]=0xFF , len=1.
-  *            integer=1   -> value[0]=0x01 , len=1.
-  *
-  * ENUMERATED: As INTEGER (but only with not negative numbers).
-  *
-  * BOOLEAN: VALUE will be the null terminated string "TRUE" or
-  *   "FALSE" and LEN=5 or LEN=6.
-  *
-  * OBJECT IDENTIFIER: VALUE will be a null terminated string with
-  *   each number separated by a dot (i.e. "1.2.3.543.1").
-  *
-  *                      LEN = strlen(VALUE)+1
-  *
-  * UTCTime: VALUE will be a null terminated string in one of these
-  *   formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'".
-  *   LEN=strlen(VALUE)+1.
-  *
-  * GeneralizedTime: VALUE will be a null terminated string in the
-  *   same format used to set the value.
-  *
-  * OCTET STRING: VALUE will contain the octet string and LEN will be
-  *   the number of octets.
-  *
-  * GeneralString: VALUE will contain the generalstring and LEN will
-  *   be the number of octets.
-  *
-  * BIT STRING: VALUE will contain the bit string organized by bytes
-  *   and LEN will be the number of bits.
-  *
-  * CHOICE: If NAME indicates a choice type, VALUE will specify the
-  *   alternative selected.
-  *
-  * ANY: If NAME indicates an any type, VALUE will indicate the DER
-  *   encoding of the structure actually used.
-  *
-  * Returns:
-  *
-  *   ASN1_SUCCESS: Set value OK.
-  *
-  *   ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
-  *
-  *   ASN1_VALUE_NOT_FOUND: There isn't any value for the element selected.
-  *
-  *   ASN1_MEM_ERROR: The value vector isn't big enough to store the result.
-  *   In this case LEN will contain the number of bytes needed.
-  *
-  **/
-MHD__asn1_retCode
-MHD__asn1_read_value (ASN1_TYPE root, const char *name, void *ivalue,
-                      int *len)
-{
-  node_asn *node, *p, *p2;
-  int len2, len3;
-  int value_size = *len;
-  char *value = ivalue;
-
-  node = MHD__asn1_find_node (root, name);
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  if ((type_field (node->type) != TYPE_NULL) &&
-      (type_field (node->type) != TYPE_CHOICE) &&
-      !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) &&
-      (node->value == NULL))
-    return ASN1_VALUE_NOT_FOUND;
-
-  switch (type_field (node->type))
-    {
-    case TYPE_NULL:
-      PUT_STR_VALUE (value, value_size, "NULL");
-      break;
-    case TYPE_BOOLEAN:
-      if ((node->type & CONST_DEFAULT) && (node->value == NULL))
-        {
-          p = node->down;
-          while (type_field (p->type) != TYPE_DEFAULT)
-            p = p->right;
-          if (p->type & CONST_TRUE)
-            {
-              PUT_STR_VALUE (value, value_size, "TRUE");
-            }
-          else
-            {
-              PUT_STR_VALUE (value, value_size, "FALSE");
-            }
-        }
-      else if (node->value[0] == 'T')
-        {
-          PUT_STR_VALUE (value, value_size, "TRUE");
-        }
-      else
-        {
-          PUT_STR_VALUE (value, value_size, "FALSE");
-        }
-      break;
-    case TYPE_INTEGER:
-    case TYPE_ENUMERATED:
-      if ((node->type & CONST_DEFAULT) && (node->value == NULL))
-        {
-          p = node->down;
-          while (type_field (p->type) != TYPE_DEFAULT)
-            p = p->right;
-          if ((isdigit ( (unsigned char) p->value[0])) || (p->value[0] == '-')
-              || (p->value[0] == '+'))
-            {
-              if (MHD__asn1_convert_integer
-                  ((const char *) p->value, (unsigned char *) value,
-                   value_size, len) != ASN1_SUCCESS)
-                return ASN1_MEM_ERROR;
-            }
-          else
-            {                   /* is an identifier like v1 */
-              p2 = node->down;
-              while (p2)
-                {
-                  if (type_field (p2->type) == TYPE_CONSTANT)
-                    {
-                      if ((p2->name)
-                          && (!strcmp (p2->name, (const char *) p->value)))
-                        {
-                          if (MHD__asn1_convert_integer
-                              ((const char *) p2->value,
-                               (unsigned char *) value, value_size,
-                               len) != ASN1_SUCCESS)
-                            return ASN1_MEM_ERROR;
-                          break;
-                        }
-                    }
-                  p2 = p2->right;
-                }
-            }
-        }
-      else
-        {
-          len2 = -1;
-          if (MHD__asn1_get_octet_der
-              (node->value, node->value_len, &len2, (unsigned char *) value,
-               value_size, len) != ASN1_SUCCESS)
-            return ASN1_MEM_ERROR;
-        }
-      break;
-    case TYPE_OBJECT_ID:
-      if (node->type & CONST_ASSIGN)
-        {
-          value[0] = 0;
-          p = node->down;
-          while (p)
-            {
-              if (type_field (p->type) == TYPE_CONSTANT)
-                {
-                  ADD_STR_VALUE (value, value_size, (const char *) p->value);
-                  if (p->right)
-                    {
-                      ADD_STR_VALUE (value, value_size, ".");
-                    }
-                }
-              p = p->right;
-            }
-          *len = strlen (value) + 1;
-        }
-      else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
-        {
-          p = node->down;
-          while (type_field (p->type) != TYPE_DEFAULT)
-            p = p->right;
-          PUT_STR_VALUE (value, value_size, (const char *) p->value);
-        }
-      else
-        {
-          PUT_STR_VALUE (value, value_size, (const char *) node->value);
-        }
-      break;
-    case TYPE_TIME:
-      PUT_STR_VALUE (value, value_size, (const char *) node->value);
-      break;
-    case TYPE_OCTET_STRING:
-      len2 = -1;
-      if (MHD__asn1_get_octet_der
-          (node->value, node->value_len, &len2, (unsigned char *) value,
-           value_size, len) != ASN1_SUCCESS)
-        return ASN1_MEM_ERROR;
-      break;
-    case TYPE_GENERALSTRING:
-      len2 = -1;
-      if (MHD__asn1_get_octet_der
-          (node->value, node->value_len, &len2, (unsigned char *) value,
-           value_size, len) != ASN1_SUCCESS)
-        return ASN1_MEM_ERROR;
-      break;
-    case TYPE_BIT_STRING:
-      len2 = -1;
-      if (MHD__asn1_get_bit_der
-          (node->value, node->value_len, &len2, (unsigned char *) value,
-           value_size, len) != ASN1_SUCCESS)
-        return ASN1_MEM_ERROR;
-      break;
-    case TYPE_CHOICE:
-      PUT_STR_VALUE (value, value_size, node->down->name);
-      break;
-    case TYPE_ANY:
-      len3 = -1;
-      len2 = MHD__asn1_get_length_der (node->value, node->value_len, &len3);
-      if (len2 < 0)
-        return ASN1_DER_ERROR;
-      PUT_VALUE (value, value_size, node->value + len3, len2);
-      break;
-    default:
-      return ASN1_ELEMENT_NOT_FOUND;
-      break;
-    }
-  return ASN1_SUCCESS;
-}

src/daemon/https/minitasn1/element.h

@@ -1,14 +0,0 @@
-
-#ifndef _ELEMENT_H
-#define _ELEMENT_H
-
-
-MHD__asn1_retCode MHD__asn1_append_sequence_set (node_asn * node);
-
-MHD__asn1_retCode MHD__asn1_convert_integer (const char *value,
-                                             unsigned char *value_out,
-                                             int value_out_size, int *len);
-
-void MHD__asn1_hierarchical_name (node_asn * node, char *name, int name_size);
-
-#endif

src/daemon/https/minitasn1/gstr.c

@@ -1,68 +0,0 @@
-/*
- *      Copyright (C) 2006 Free Software Foundation
- *      Copyright (C) 2002 Nikos Mavroyanopoulos
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-#include <int.h>
-
-/* These function are like strcat, strcpy. They only
- * do bounds checking (they shouldn't cause buffer overruns),
- * and they always produce null terminated strings.
- *
- * They should be used only with null terminated strings.
- */
-void
-MHD__asn1_str_cat (char *dest, size_t dest_tot_size, const char *src)
-{
-  size_t str_size = strlen (src);
-  size_t dest_size = strlen (dest);
-
-  if (dest_tot_size - dest_size > str_size)
-    {
-      strcat (dest, src);
-    }
-  else
-    {
-      if (dest_tot_size - dest_size > 0)
-        {
-          strncat (dest, src, (dest_tot_size - dest_size) - 1);
-          dest[dest_tot_size - 1] = 0;
-        }
-    }
-}
-
-void
-MHD__asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src)
-{
-  size_t str_size = strlen (src);
-
-  if (dest_tot_size > str_size)
-    {
-      strcpy (dest, src);
-    }
-  else
-    {
-      if (dest_tot_size > 0)
-        {
-          strncpy (dest, src, (dest_tot_size) - 1);
-          dest[dest_tot_size - 1] = 0;
-        }
-    }
-}

src/daemon/https/minitasn1/gstr.h

@@ -1,5 +0,0 @@
-void MHD__asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src);
-void MHD__asn1_str_cat (char *dest, size_t dest_tot_size, const char *src);
-
-#define Estrcpy(x,y) MHD__asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y)
-#define Estrcat(x,y) MHD__asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y)

src/daemon/https/minitasn1/int.h

@@ -1,112 +0,0 @@
-/*
- *      Copyright (C) 2004, 2006 Free Software Foundation, Inc.
- *      Copyright (C) 2002 Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-#ifndef INT_H
-#define INT_H
-
-#include <libtasn1.h>
-#include <defines.h>
-
-/*
-#define LIBTASN1_DEBUG
-#define LIBTASN1_DEBUG_PARSER
-#define LIBTASN1_DEBUG_INTEGER
-*/
-
-#include <mem.h>
-
-#define MAX_LOG_SIZE 1024       /* maximum number of characters of a log message */
-
-/* Define used for visiting trees. */
-#define UP     1
-#define RIGHT  2
-#define DOWN   3
-
-/****************************************/
-/* Returns the first 8 bits.            */
-/* Used with the field type of node_asn */
-/****************************************/
-#define type_field(x)     (x&0xFF)
-
-/* List of constants for field type of typedef node_asn  */
-#define TYPE_CONSTANT       1
-#define TYPE_IDENTIFIER     2
-#define TYPE_INTEGER        3
-#define TYPE_BOOLEAN        4
-#define TYPE_SEQUENCE       5
-#define TYPE_BIT_STRING     6
-#define TYPE_OCTET_STRING   7
-#define TYPE_TAG            8
-#define TYPE_DEFAULT        9
-#define TYPE_SIZE          10
-#define TYPE_SEQUENCE_OF   11
-#define TYPE_OBJECT_ID     12
-#define TYPE_ANY           13
-#define TYPE_SET           14
-#define TYPE_SET_OF        15
-#define TYPE_DEFINITIONS   16
-#define TYPE_TIME          17
-#define TYPE_CHOICE        18
-#define TYPE_IMPORTS       19
-#define TYPE_NULL          20
-#define TYPE_ENUMERATED    21
-#define TYPE_GENERALSTRING 27
-
-
-/***********************************************************************/
-/* List of constants to better specify the type of typedef node_asn.   */
-/***********************************************************************/
-/*  Used with TYPE_TAG  */
-#define CONST_UNIVERSAL   (1<<8)
-#define CONST_PRIVATE     (1<<9)
-#define CONST_APPLICATION (1<<10)
-#define CONST_EXPLICIT    (1<<11)
-#define CONST_IMPLICIT    (1<<12)
-
-#define CONST_TAG         (1<<13)       /*  Used in ASN.1 assignement  */
-#define CONST_OPTION      (1<<14)
-#define CONST_DEFAULT     (1<<15)
-#define CONST_TRUE        (1<<16)
-#define CONST_FALSE       (1<<17)
-
-#define CONST_LIST        (1<<18)       /*  Used with TYPE_INTEGER and TYPE_BIT_STRING  */
-#define CONST_MIN_MAX     (1<<19)
-
-#define CONST_1_PARAM     (1<<20)
-
-#define CONST_SIZE        (1<<21)
-
-#define CONST_DEFINED_BY  (1<<22)
-
-#define CONST_GENERALIZED (1<<23)
-#define CONST_UTC         (1<<24)
-
-/* #define CONST_IMPORTS     (1<<25) */
-
-#define CONST_NOT_USED    (1<<26)
-#define CONST_SET         (1<<27)
-#define CONST_ASSIGN      (1<<28)
-
-#define CONST_DOWN        (1<<29)
-#define CONST_RIGHT       (1<<30)
-
-#endif /* INT_H */

src/daemon/https/minitasn1/libtasn1.h

@@ -1,216 +0,0 @@
-/*
- *      Copyright (C) 2004, 2005, 2006 Free Software Foundation
- *      Copyright (C) 2002 Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * LIBTASN1 is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * LIBTASN1 is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with LIBTASN1; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- *
- */
-
-#ifndef LIBTASN1_H
-# define LIBTASN1_H
-
-#include <stdio.h>              /* for FILE* */
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#define LIBTASN1_VERSION "1.2"
-
-#include <sys/types.h>
-#include <time.h>
-
-#define MAX_NAME_SIZE 128       /* maximum number of characters of a name */
-  /* inside a file with ASN1 definitons     */
-#define MAX_ERROR_DESCRIPTION_SIZE 128  /* maximum number of characters */
-  /* of a description message     */
-  /* (null character included)    */
-
-
-  typedef int MHD__asn1_retCode;        /* type returned by libtasn1 functions */
-
-  /*****************************************/
-  /*  Errors returned by libtasn1 functions */
-  /*****************************************/
-#define ASN1_SUCCESS               0
-#define ASN1_FILE_NOT_FOUND        1
-#define ASN1_ELEMENT_NOT_FOUND     2
-#define ASN1_IDENTIFIER_NOT_FOUND  3
-#define ASN1_DER_ERROR             4
-#define ASN1_VALUE_NOT_FOUND       5
-#define ASN1_GENERIC_ERROR         6
-#define ASN1_VALUE_NOT_VALID       7
-#define ASN1_TAG_ERROR             8
-#define ASN1_TAG_IMPLICIT          9
-#define ASN1_ERROR_TYPE_ANY        10
-#define ASN1_SYNTAX_ERROR          11
-#define ASN1_MEM_ERROR		   12
-#define ASN1_MEM_ALLOC_ERROR	   13
-#define ASN1_DER_OVERFLOW          14
-#define ASN1_NAME_TOO_LONG         15
-#define ASN1_ARRAY_ERROR           16
-#define ASN1_ELEMENT_NOT_EMPTY     17
-
-/*************************************/
-/* Constants used in MHD__asn1_visit_tree */
-/*************************************/
-#define ASN1_PRINT_NAME             1
-#define ASN1_PRINT_NAME_TYPE        2
-#define ASN1_PRINT_NAME_TYPE_VALUE  3
-#define ASN1_PRINT_ALL              4
-
-/*****************************************/
-/* Constants returned by MHD__asn1_read_tag   */
-/*****************************************/
-#define ASN1_CLASS_UNIVERSAL        0x00        /* old: 1 */
-#define ASN1_CLASS_APPLICATION      0x40        /* old: 2 */
-#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80        /* old: 3 */
-#define ASN1_CLASS_PRIVATE          0xC0        /* old: 4 */
-#define ASN1_CLASS_STRUCTURED       0x20
-
-/*****************************************/
-/* Constants returned by MHD__asn1_read_tag   */
-/*****************************************/
-#define ASN1_TAG_BOOLEAN          0x01
-#define ASN1_TAG_INTEGER          0x02
-#define ASN1_TAG_SEQUENCE         0x10
-#define ASN1_TAG_SET              0x11
-#define ASN1_TAG_OCTET_STRING     0x04
-#define ASN1_TAG_BIT_STRING       0x03
-#define ASN1_TAG_UTCTime          0x17
-#define ASN1_TAG_GENERALIZEDTime  0x18
-#define ASN1_TAG_OBJECT_ID        0x06
-#define ASN1_TAG_ENUMERATED       0x0A
-#define ASN1_TAG_NULL             0x05
-#define ASN1_TAG_GENERALSTRING    0x1B
-
-/******************************************************/
-/* Structure definition used for the node of the tree */
-/* that represent an ASN.1 DEFINITION.                */
-/******************************************************/
-
-  struct node_asn_struct
-  {
-    char *name;                 /* Node name */
-    unsigned int type;          /* Node type */
-    unsigned char *value;       /* Node value */
-    int value_len;
-    struct node_asn_struct *down;       /* Pointer to the son node */
-    struct node_asn_struct *right;      /* Pointer to the brother node */
-    struct node_asn_struct *left;       /* Pointer to the next list element */
-  };
-
-  typedef struct node_asn_struct node_asn;
-
-  typedef node_asn *ASN1_TYPE;
-
-#define ASN1_TYPE_EMPTY  NULL
-
-  struct static_struct_asn
-  {
-    const char *name;           /* Node name */
-    unsigned int type;          /* Node type */
-    const void *value;          /* Node value */
-  };
-
-  typedef struct static_struct_asn ASN1_ARRAY_TYPE;
-
-
-
-  /***********************************/
-  /*  Functions definitions          */
-  /***********************************/
-
-  MHD__asn1_retCode MHD__asn1_parser2tree (const char *file_name,
-                                           ASN1_TYPE * definitions,
-                                           char *errorDescription);
-
-  MHD__asn1_retCode MHD__asn1_parser2array (const char *inputFileName,
-                                            const char *outputFileName,
-                                            const char *vectorName,
-                                            char *errorDescription);
-
-  MHD__asn1_retCode MHD__asn1_array2tree (const ASN1_ARRAY_TYPE * array,
-                                          ASN1_TYPE * definitions,
-                                          char *errorDescription);
-
-  MHD__asn1_retCode MHD__asn1_create_element (ASN1_TYPE definitions,
-                                              const char *source_name,
-                                              ASN1_TYPE * element);
-
-  MHD__asn1_retCode MHD__asn1_delete_structure (ASN1_TYPE * structure);
-
-  MHD__asn1_retCode MHD__asn1_write_value (ASN1_TYPE node_root,
-                                           const char *name,
-                                           const void *ivalue, int len);
-
-  MHD__asn1_retCode MHD__asn1_read_value (ASN1_TYPE root, const char *name,
-                                          void *ivalue, int *len);
-
-  MHD__asn1_retCode MHD__asn1_der_coding (ASN1_TYPE element, const char *name,
-                                          void *ider, int *len,
-                                          char *ErrorDescription);
-
-  MHD__asn1_retCode MHD__asn1_der_decoding (ASN1_TYPE * element,
-                                            const void *ider, int len,
-                                            char *errorDescription);
-
-  MHD__asn1_retCode MHD__asn1_der_decoding_startEnd (ASN1_TYPE element,
-                                                     const void *ider,
-                                                     int len,
-                                                     const char *name_element,
-                                                     int *start, int *end);
-
-  /* DER utility functions. */
-
-  int MHD__asn1_get_tag_der (const unsigned char *der, int der_len,
-                             unsigned char *cls, int *len,
-                             unsigned long *tag);
-
-  void MHD__asn1_octet_der (const unsigned char *str, int str_len,
-                            unsigned char *der, int *der_len);
-
-  MHD__asn1_retCode MHD__asn1_get_octet_der (const unsigned char *der,
-                                             int der_len, int *ret_len,
-                                             unsigned char *str, int str_size,
-                                             int *str_len);
-
-  void MHD__asn1_bit_der (const unsigned char *str, int bit_len,
-                          unsigned char *der, int *der_len);
-
-  MHD__asn1_retCode MHD__asn1_get_bit_der (const unsigned char *der,
-                                           int der_len, int *ret_len,
-                                           unsigned char *str, int str_size,
-                                           int *bit_len);
-
-  signed long MHD__asn1_get_length_der (const unsigned char *der, int der_len,
-                                        int *len);
-
-  void MHD__asn1_length_der (unsigned long int len, unsigned char *ans,
-                             int *ans_len);
-
-  /* Other utility functions. */
-
-  ASN1_TYPE MHD__asn1_find_node (ASN1_TYPE pointer, const char *name);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif                          /* LIBTASN1_H */

src/daemon/https/minitasn1/mem.h

@@ -1,25 +0,0 @@
-#ifndef MEM_H
-# define MEM_H
-
-/* Use MHD__asn1_afree() when calling alloca, or
- * memory leaks may occur in systems which do not
- * support alloca.
- */
-#ifdef HAVE_ALLOCA
-# ifdef HAVE_ALLOCA_H
-#  include <alloca.h>
-# endif
-# define MHD__asn1_alloca alloca
-# define MHD__asn1_afree(x)
-#else
-# define MHD__asn1_alloca MHD__asn1_malloc
-# define MHD__asn1_afree MHD__asn1_free
-#endif /* HAVE_ALLOCA */
-
-#define MHD__asn1_malloc malloc
-#define MHD__asn1_free free
-#define MHD__asn1_calloc calloc
-#define MHD__asn1_realloc realloc
-#define MHD__asn1_strdup strdup
-
-#endif /* MEM_H */

src/daemon/https/minitasn1/parser_aux.c

@@ -1,774 +0,0 @@
-/*
- *      Copyright (C) 2004, 2006, 2007 Free Software Foundation
- *      Copyright (C) 2000,2001 Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-#include <int.h>
-#include "parser_aux.h"
-#include "gstr.h"
-#include "structure.h"
-#include "element.h"
-
-
-
-char MHD__asn1_identifierMissing[MAX_NAME_SIZE + 1];    /* identifier name not found */
-
-/***********************************************/
-/* Type: list_type                             */
-/* Description: type used in the list during   */
-/* the structure creation.                     */
-/***********************************************/
-typedef struct list_struct
-{
-  node_asn *node;
-  struct list_struct *next;
-} list_type;
-
-
-/* Pointer to the first element of the list */
-list_type *MHD_firstElement = NULL;
-
-/******************************************************/
-/* Function : MHD__asn1_add_node                          */
-/* Description: creates a new NODE_ASN element and    */
-/* puts it in the list pointed by MHD_firstElement.       */
-/* Parameters:                                        */
-/*   type: type of the new element (see TYPE_         */
-/*         and CONST_ constants).                     */
-/* Return: pointer to the new element.                */
-/******************************************************/
-node_asn *
-MHD__asn1_add_node (unsigned int type)
-{
-  list_type *listElement;
-  node_asn *punt;
-
-  punt = (node_asn *) MHD__asn1_calloc (1, sizeof (node_asn));
-  if (punt == NULL)
-    return NULL;
-
-  listElement = (list_type *) MHD__asn1_malloc (sizeof (list_type));
-  if (listElement == NULL)
-    {
-      MHD__asn1_free (punt);
-      return NULL;
-    }
-
-  listElement->node = punt;
-  listElement->next = MHD_firstElement;
-  MHD_firstElement = listElement;
-
-  punt->type = type;
-
-  return punt;
-}
-
-/**
- * MHD__asn1_find_node:
- * @pointer: NODE_ASN element pointer.
- * @name: null terminated string with the element's name to find.
- *
- * Searches for an element called NAME starting from POINTER.  The
- * name is composed by differents identifiers separated by dots.  When
- * *POINTER has a name, the first identifier must be the name of
- * *POINTER, otherwise it must be the name of one child of *POINTER.
- *
- * Return value: the searching result. NULL if not found.
- **/
-ASN1_TYPE
-MHD__asn1_find_node (ASN1_TYPE pointer, const char *name)
-{
-  node_asn *p;
-  char *n_end, n[MAX_NAME_SIZE + 1];
-  const char *n_start;
-
-  if (pointer == NULL)
-    return NULL;
-
-  if (name == NULL)
-    return NULL;
-
-  p = pointer;
-  n_start = name;
-
-  if (p->name != NULL)
-    {                           /* has *pointer got a name ? */
-      n_end = strchr (n_start, '.');    /* search the first dot */
-      if (n_end)
-        {
-          memcpy (n, n_start, n_end - n_start);
-          n[n_end - n_start] = 0;
-          n_start = n_end;
-          n_start++;
-        }
-      else
-        {
-          MHD__asn1_str_cpy (n, sizeof (n), n_start);
-          n_start = NULL;
-        }
-
-      while (p)
-        {
-          if ((p->name) && (!strcmp (p->name, n)))
-            break;
-          else
-            p = p->right;
-        }                       /* while */
-
-      if (p == NULL)
-        return NULL;
-    }
-  else
-    {                           /* *pointer doesn't have a name */
-      if (n_start[0] == 0)
-        return p;
-    }
-
-  while (n_start)
-    {                           /* Has the end of NAME been reached? */
-      n_end = strchr (n_start, '.');    /* search the next dot */
-      if (n_end)
-        {
-          memcpy (n, n_start, n_end - n_start);
-          n[n_end - n_start] = 0;
-          n_start = n_end;
-          n_start++;
-        }
-      else
-        {
-          MHD__asn1_str_cpy (n, sizeof (n), n_start);
-          n_start = NULL;
-        }
-
-      if (p->down == NULL)
-        return NULL;
-
-      p = p->down;
-
-      /* The identifier "?LAST" indicates the last element
-         in the right chain. */
-      if (!strcmp (n, "?LAST"))
-        {
-          if (p == NULL)
-            return NULL;
-          while (p->right)
-            p = p->right;
-        }
-      else
-        {                       /* no "?LAST" */
-          while (p)
-            {
-              if ((p->name) && (!strcmp (p->name, n)))
-                break;
-              else
-                p = p->right;
-            }
-          if (p == NULL)
-            return NULL;
-        }
-    }                           /* while */
-
-  return p;
-}
-
-
-/******************************************************************/
-/* Function : MHD__asn1_set_value                                     */
-/* Description: sets the field VALUE in a NODE_ASN element. The   */
-/*              previous value (if exist) will be lost            */
-/* Parameters:                                                    */
-/*   node: element pointer.                                       */
-/*   value: pointer to the value that you want to set.            */
-/*   len: character number of value.                              */
-/* Return: pointer to the NODE_ASN element.                       */
-/******************************************************************/
-node_asn *
-MHD__asn1_set_value (node_asn * node, const void *_value, unsigned int len)
-{
-  const unsigned char *value = _value;
-
-  if (node == NULL)
-    return node;
-  if (node->value)
-    {
-      MHD__asn1_free (node->value);
-      node->value = NULL;
-      node->value_len = 0;
-    }
-  if (!len)
-    return node;
-  node->value = (unsigned char *) MHD__asn1_malloc (len);
-  if (node->value == NULL)
-    return NULL;
-  node->value_len = len;
-
-  memcpy (node->value, value, len);
-  return node;
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_set_name                                      */
-/* Description: sets the field NAME in a NODE_ASN element. The    */
-/*              previous value (if exist) will be lost            */
-/* Parameters:                                                    */
-/*   node: element pointer.                                       */
-/*   name: a null terminated string with the name that you want   */
-/*         to set.                                                */
-/* Return: pointer to the NODE_ASN element.                       */
-/******************************************************************/
-node_asn *
-MHD__asn1_set_name (node_asn * node, const char *name)
-{
-  if (node == NULL)
-    return node;
-
-  if (node->name)
-    {
-      MHD__asn1_free (node->name);
-      node->name = NULL;
-    }
-
-  if (name == NULL)
-    return node;
-
-  if (strlen (name))
-    {
-      node->name = (char *) MHD__asn1_strdup (name);
-      if (node->name == NULL)
-        return NULL;
-    }
-  else
-    node->name = NULL;
-  return node;
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_set_right                                     */
-/* Description: sets the field RIGHT in a NODE_ASN element.       */
-/* Parameters:                                                    */
-/*   node: element pointer.                                       */
-/*   right: pointer to a NODE_ASN element that you want be pointed*/
-/*          by NODE.                                              */
-/* Return: pointer to *NODE.                                      */
-/******************************************************************/
-node_asn *
-MHD__asn1_set_right (node_asn * node, node_asn * right)
-{
-  if (node == NULL)
-    return node;
-  node->right = right;
-  if (right)
-    right->left = node;
-  return node;
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_set_down                                      */
-/* Description: sets the field DOWN in a NODE_ASN element.        */
-/* Parameters:                                                    */
-/*   node: element pointer.                                       */
-/*   down: pointer to a NODE_ASN element that you want be pointed */
-/*          by NODE.                                              */
-/* Return: pointer to *NODE.                                      */
-/******************************************************************/
-node_asn *
-MHD__asn1_set_down (node_asn * node, node_asn * down)
-{
-  if (node == NULL)
-    return node;
-  node->down = down;
-  if (down)
-    down->left = node;
-  return node;
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_remove_node                                   */
-/* Description: gets free the memory allocated for an NODE_ASN    */
-/*              element (not the elements pointed by it).         */
-/* Parameters:                                                    */
-/*   node: NODE_ASN element pointer.                              */
-/******************************************************************/
-void
-MHD__asn1_remove_node (node_asn * node)
-{
-  if (node == NULL)
-    return;
-
-  if (node->name != NULL)
-    MHD__asn1_free (node->name);
-  if (node->value != NULL)
-    MHD__asn1_free (node->value);
-  MHD__asn1_free (node);
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_find_up                                       */
-/* Description: return the father of the NODE_ASN element.        */
-/* Parameters:                                                    */
-/*   node: NODE_ASN element pointer.                              */
-/* Return: Null if not found.                                     */
-/******************************************************************/
-node_asn *
-MHD__asn1_find_up (node_asn * node)
-{
-  node_asn *p;
-
-  if (node == NULL)
-    return NULL;
-
-  p = node;
-
-  while ((p->left != NULL) && (p->left->right == p))
-    p = p->left;
-
-  return p->left;
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_delete_list                                   */
-/* Description: deletes the list elements (not the elements       */
-/*  pointed by them).                                             */
-/******************************************************************/
-void
-MHD__asn1_delete_list (void)
-{
-  list_type *listElement;
-
-  while (MHD_firstElement)
-    {
-      listElement = MHD_firstElement;
-      MHD_firstElement = MHD_firstElement->next;
-      MHD__asn1_free (listElement);
-    }
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_delete_list_and nodes                         */
-/* Description: deletes the list elements and the elements        */
-/*  pointed by them.                                              */
-/******************************************************************/
-void
-MHD__asn1_delete_list_and_nodes (void)
-{
-  list_type *listElement;
-
-  while (MHD_firstElement)
-    {
-      listElement = MHD_firstElement;
-      MHD_firstElement = MHD_firstElement->next;
-      MHD__asn1_remove_node (listElement->node);
-      MHD__asn1_free (listElement);
-    }
-}
-
-
-char *
-MHD__asn1_ltostr (long v, char *str)
-{
-  long d, r;
-  char temp[20];
-  int count, k, start;
-
-  if (v < 0)
-    {
-      str[0] = '-';
-      start = 1;
-      v = -v;
-    }
-  else
-    start = 0;
-
-  count = 0;
-  do
-    {
-      d = v / 10;
-      r = v - d * 10;
-      temp[start + count] = '0' + (char) r;
-      count++;
-      v = d;
-    }
-  while (v);
-
-  for (k = 0; k < count; k++)
-    str[k + start] = temp[start + count - k - 1];
-  str[count + start] = 0;
-  return str;
-}
-
-
-/******************************************************************/
-/* Function : MHD__asn1_change_integer_value                          */
-/* Description: converts into DER coding the value assign to an   */
-/*   INTEGER constant.                                            */
-/* Parameters:                                                    */
-/*   node: root of an ASN1element.                                */
-/* Return:                                                        */
-/*   ASN1_ELEMENT_NOT_FOUND if NODE is NULL,                       */
-/*   otherwise ASN1_SUCCESS                                             */
-/******************************************************************/
-MHD__asn1_retCode
-MHD__asn1_change_integer_value (ASN1_TYPE node)
-{
-  node_asn *p;
-  unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
-  unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
-  int len;
-
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  p = node;
-  while (p)
-    {
-      if ((type_field (p->type) == TYPE_INTEGER) && (p->type & CONST_ASSIGN))
-        {
-          if (p->value)
-            {
-              MHD__asn1_convert_integer ((const char *) p->value, val,
-                                         sizeof (val), &len);
-              MHD__asn1_octet_der (val, len, val2, &len);
-              MHD__asn1_set_value (p, val2, len);
-            }
-        }
-
-      if (p->down)
-        {
-          p = p->down;
-        }
-      else
-        {
-          if (p == node)
-            p = NULL;
-          else if (p->right)
-            p = p->right;
-          else
-            {
-              while (1)
-                {
-                  p = MHD__asn1_find_up (p);
-                  if (p == node)
-                    {
-                      p = NULL;
-                      break;
-                    }
-                  if (p->right)
-                    {
-                      p = p->right;
-                      break;
-                    }
-                }
-            }
-        }
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-/******************************************************************/
-/* Function : MHD__asn1_expand_object_id                              */
-/* Description: expand the IDs of an OBJECT IDENTIFIER constant.  */
-/* Parameters:                                                    */
-/*   node: root of an ASN1 element.                               */
-/* Return:                                                        */
-/*   ASN1_ELEMENT_NOT_FOUND if NODE is NULL,                       */
-/*   otherwise ASN1_SUCCESS                                             */
-/******************************************************************/
-MHD__asn1_retCode
-MHD__asn1_expand_object_id (ASN1_TYPE node)
-{
-  node_asn *p, *p2, *p3, *p4, *p5;
-  char name_root[MAX_NAME_SIZE], name2[2 * MAX_NAME_SIZE + 1];
-  int move, tlen;
-
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  MHD__asn1_str_cpy (name_root, sizeof (name_root), node->name);
-
-  p = node;
-  move = DOWN;
-
-  while (!((p == node) && (move == UP)))
-    {
-      if (move != UP)
-        {
-          if ((type_field (p->type) == TYPE_OBJECT_ID)
-              && (p->type & CONST_ASSIGN))
-            {
-              p2 = p->down;
-              if (p2 && (type_field (p2->type) == TYPE_CONSTANT))
-                {
-                  if (p2->value && !isdigit (p2->value[0]))
-                    {
-                      MHD__asn1_str_cpy (name2, sizeof (name2), name_root);
-                      MHD__asn1_str_cat (name2, sizeof (name2), ".");
-                      MHD__asn1_str_cat (name2, sizeof (name2),
-                                         (const char *) p2->value);
-                      p3 = MHD__asn1_find_node (node, name2);
-                      if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) ||
-                          !(p3->type & CONST_ASSIGN))
-                        return ASN1_ELEMENT_NOT_FOUND;
-                      MHD__asn1_set_down (p, p2->right);
-                      MHD__asn1_remove_node (p2);
-                      p2 = p;
-                      p4 = p3->down;
-                      while (p4)
-                        {
-                          if (type_field (p4->type) == TYPE_CONSTANT)
-                            {
-                              p5 = MHD__asn1_add_node_only (TYPE_CONSTANT);
-                              MHD__asn1_set_name (p5, p4->name);
-                              tlen = strlen ((const char *) p4->value);
-                              if (tlen > 0)
-                                MHD__asn1_set_value (p5, p4->value, tlen + 1);
-                              if (p2 == p)
-                                {
-                                  MHD__asn1_set_right (p5, p->down);
-                                  MHD__asn1_set_down (p, p5);
-                                }
-                              else
-                                {
-                                  MHD__asn1_set_right (p5, p2->right);
-                                  MHD__asn1_set_right (p2, p5);
-                                }
-                              p2 = p5;
-                            }
-                          p4 = p4->right;
-                        }
-                      move = DOWN;
-                      continue;
-                    }
-                }
-            }
-          move = DOWN;
-        }
-      else
-        move = RIGHT;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-
-      if (p == node)
-        {
-          move = UP;
-          continue;
-        }
-
-      if (move == RIGHT)
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-
-  /*******************************/
-  /*       expand DEFAULT        */
-  /*******************************/
-  p = node;
-  move = DOWN;
-
-  while (!((p == node) && (move == UP)))
-    {
-      if (move != UP)
-        {
-          if ((type_field (p->type) == TYPE_OBJECT_ID) &&
-              (p->type & CONST_DEFAULT))
-            {
-              p2 = p->down;
-              if (p2 && (type_field (p2->type) == TYPE_DEFAULT))
-                {
-                  MHD__asn1_str_cpy (name2, sizeof (name2), name_root);
-                  MHD__asn1_str_cat (name2, sizeof (name2), ".");
-                  MHD__asn1_str_cat (name2, sizeof (name2),
-                                     (const char *) p2->value);
-                  p3 = MHD__asn1_find_node (node, name2);
-                  if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) ||
-                      !(p3->type & CONST_ASSIGN))
-                    return ASN1_ELEMENT_NOT_FOUND;
-                  p4 = p3->down;
-                  name2[0] = 0;
-                  while (p4)
-                    {
-                      if (type_field (p4->type) == TYPE_CONSTANT)
-                        {
-                          if (name2[0])
-                            MHD__asn1_str_cat (name2, sizeof (name2), ".");
-                          MHD__asn1_str_cat (name2, sizeof (name2),
-                                             (const char *) p4->value);
-                        }
-                      p4 = p4->right;
-                    }
-                  tlen = strlen (name2);
-                  if (tlen > 0)
-                    MHD__asn1_set_value (p2, name2, tlen + 1);
-                }
-            }
-          move = DOWN;
-        }
-      else
-        move = RIGHT;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-
-      if (p == node)
-        {
-          move = UP;
-          continue;
-        }
-
-      if (move == RIGHT)
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-  return ASN1_SUCCESS;
-}
-
-/******************************************************************/
-/* Function : MHD__asn1_check_identifier                              */
-/* Description: checks the definitions of all the identifiers     */
-/*   and the first element of an OBJECT_ID (e.g. {pkix 0 4}).     */
-/*   The MHD__asn1_identifierMissing global variable is filled if     */
-/*   necessary.                                                   */
-/* Parameters:                                                    */
-/*   node: root of an ASN1 element.                               */
-/* Return:                                                        */
-/*   ASN1_ELEMENT_NOT_FOUND      if NODE is NULL,                 */
-/*   ASN1_IDENTIFIER_NOT_FOUND   if an identifier is not defined, */
-/*   otherwise ASN1_SUCCESS                                       */
-/******************************************************************/
-MHD__asn1_retCode
-MHD__asn1_check_identifier (ASN1_TYPE node)
-{
-  node_asn *p, *p2;
-  char name2[MAX_NAME_SIZE * 2 + 2];
-
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  p = node;
-  while (p)
-    {
-      if (type_field (p->type) == TYPE_IDENTIFIER)
-        {
-          MHD__asn1_str_cpy (name2, sizeof (name2), node->name);
-          MHD__asn1_str_cat (name2, sizeof (name2), ".");
-          MHD__asn1_str_cat (name2, sizeof (name2), (const char *) p->value);
-          p2 = MHD__asn1_find_node (node, name2);
-          if (p2 == NULL)
-            {
-              strcpy (MHD__asn1_identifierMissing, (const char *) p->value);
-              return ASN1_IDENTIFIER_NOT_FOUND;
-            }
-        }
-      else if ((type_field (p->type) == TYPE_OBJECT_ID) &&
-               (p->type & CONST_DEFAULT))
-        {
-          p2 = p->down;
-          if (p2 && (type_field (p2->type) == TYPE_DEFAULT))
-            {
-              MHD__asn1_str_cpy (name2, sizeof (name2), node->name);
-              MHD__asn1_str_cat (name2, sizeof (name2), ".");
-              MHD__asn1_str_cat (name2, sizeof (name2),
-                                 (const char *) p2->value);
-              strcpy (MHD__asn1_identifierMissing, (const char *) p2->value);
-              p2 = MHD__asn1_find_node (node, name2);
-              if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) ||
-                  !(p2->type & CONST_ASSIGN))
-                return ASN1_IDENTIFIER_NOT_FOUND;
-              else
-                MHD__asn1_identifierMissing[0] = 0;
-            }
-        }
-      else if ((type_field (p->type) == TYPE_OBJECT_ID) &&
-               (p->type & CONST_ASSIGN))
-        {
-          p2 = p->down;
-          if (p2 && (type_field (p2->type) == TYPE_CONSTANT))
-            {
-              if (p2->value && !isdigit (p2->value[0]))
-                {
-                  MHD__asn1_str_cpy (name2, sizeof (name2), node->name);
-                  MHD__asn1_str_cat (name2, sizeof (name2), ".");
-                  MHD__asn1_str_cat (name2, sizeof (name2),
-                                     (const char *) p2->value);
-                  strcpy (MHD__asn1_identifierMissing,
-                          (const char *) p2->value);
-                  p2 = MHD__asn1_find_node (node, name2);
-                  if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) ||
-                      !(p2->type & CONST_ASSIGN))
-                    return ASN1_IDENTIFIER_NOT_FOUND;
-                  else
-                    MHD__asn1_identifierMissing[0] = 0;
-                }
-            }
-        }
-
-      if (p->down)
-        {
-          p = p->down;
-        }
-      else if (p->right)
-        p = p->right;
-      else
-        {
-          while (1)
-            {
-              p = MHD__asn1_find_up (p);
-              if (p == node)
-                {
-                  p = NULL;
-                  break;
-                }
-              if (p->right)
-                {
-                  p = p->right;
-                  break;
-                }
-            }
-        }
-    }
-
-  return ASN1_SUCCESS;
-}

src/daemon/https/minitasn1/parser_aux.h

@@ -1,37 +0,0 @@
-
-#ifndef _PARSER_AUX_H
-#define _PARSER_AUX_H
-
-
-/***************************************/
-/*  Functions used by ASN.1 parser     */
-/***************************************/
-node_asn *MHD__asn1_add_node (unsigned int type);
-
-node_asn *MHD__asn1_set_value (node_asn * node, const void *value,
-                               unsigned int len);
-
-node_asn *MHD__asn1_set_name (node_asn * node, const char *name);
-
-node_asn *MHD__asn1_set_right (node_asn * node, node_asn * right);
-
-node_asn *MHD__asn1_set_down (node_asn * node, node_asn * down);
-
-void MHD__asn1_remove_node (node_asn * node);
-
-void MHD__asn1_delete_list (void);
-
-void MHD__asn1_delete_list_and_nodes (void);
-
-char *MHD__asn1_ltostr (long v, char *str);
-
-node_asn *MHD__asn1_find_up (node_asn * node);
-
-MHD__asn1_retCode MHD__asn1_change_integer_value (ASN1_TYPE node);
-
-MHD__asn1_retCode MHD__asn1_expand_object_id (ASN1_TYPE node);
-
-MHD__asn1_retCode MHD__asn1_check_identifier (ASN1_TYPE node);
-
-
-#endif

src/daemon/https/minitasn1/structure.c

@@ -1,585 +0,0 @@
-/*
- *      Copyright (C) 2004, 2006, 2007 Free Software Foundation
- *      Copyright (C) 2002  Fabio Fiorina
- *
- * This file is part of LIBTASN1.
- *
- * The LIBTASN1 library is free software; you can redistribute it
- * and/or modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301, USA
- */
-
-
-/*****************************************************/
-/* File: structure.c                                 */
-/* Description: Functions to create and delete an    */
-/*  ASN1 tree.                                       */
-/*****************************************************/
-
-
-#include <int.h>
-#include <structure.h>
-#include "parser_aux.h"
-#include <gstr.h>
-
-
-extern char MHD__asn1_identifierMissing[];
-
-static node_asn *MHD__asn1_copy_structure2 (node_asn * root,
-                                            const char *source_name);
-
-
-
-/******************************************************/
-/* Function : MHD__asn1_add_node_only                     */
-/* Description: creates a new NODE_ASN element.       */
-/* Parameters:                                        */
-/*   type: type of the new element (see TYPE_         */
-/*         and CONST_ constants).                     */
-/* Return: pointer to the new element.                */
-/******************************************************/
-node_asn *
-MHD__asn1_add_node_only (unsigned int type)
-{
-  node_asn *punt;
-
-  punt = (node_asn *) MHD__asn1_calloc (1, sizeof (node_asn));
-  if (punt == NULL)
-    return NULL;
-
-  punt->type = type;
-
-  return punt;
-}
-
-
-/******************************************************************/
-/* Function : MHD__asn1_find_left                                     */
-/* Description: returns the NODE_ASN element with RIGHT field that*/
-/*              points the element NODE.                          */
-/* Parameters:                                                    */
-/*   node: NODE_ASN element pointer.                              */
-/* Return: NULL if not found.                                     */
-/******************************************************************/
-node_asn *
-MHD__asn1_find_left (node_asn * node)
-{
-  if ((node == NULL) || (node->left == NULL) || (node->left->down == node))
-    return NULL;
-
-  return node->left;
-}
-
-
-
-/**
-  * MHD__asn1_array2tree - Creates the structures needed to manage the ASN1 definitions.
-  * @array: specify the array that contains ASN.1 declarations
-  * @definitions: return the pointer to the structure created by
-  *   *ARRAY ASN.1 declarations
-  * @errorDescription: return the error description.
-  *
-  * Creates the structures needed to manage the ASN.1 definitions.
-  * @array is a vector created by MHD__asn1_parser2array().
-  *
-  * Returns:
-  *
-  * ASN1_SUCCESS: Structure created correctly.
-  *
-  * ASN1_ELEMENT_NOT_EMPTY: *@definitions not ASN1_TYPE_EMPTY.
-  *
-  * ASN1_IDENTIFIER_NOT_FOUND: In the file there is an identifier that
-  *   is not defined (see @errorDescription for more information).
-  *
-  * ASN1_ARRAY_ERROR: The array pointed by @array is wrong.
-  **/
-MHD__asn1_retCode
-MHD__asn1_array2tree (const ASN1_ARRAY_TYPE * array, ASN1_TYPE * definitions,
-                      char *errorDescription)
-{
-  node_asn *p, *p_last = NULL;
-  unsigned long k;
-  int move;
-  MHD__asn1_retCode result;
-
-
-  if (*definitions != ASN1_TYPE_EMPTY)
-    return ASN1_ELEMENT_NOT_EMPTY;
-
-  move = UP;
-
-  k = 0;
-  while (array[k].value || array[k].type || array[k].name)
-    {
-      p = MHD__asn1_add_node (array[k].type & (~CONST_DOWN));
-      if (array[k].name)
-        MHD__asn1_set_name (p, array[k].name);
-      if (array[k].value)
-        MHD__asn1_set_value (p, array[k].value, strlen (array[k].value) + 1);
-
-      if (*definitions == NULL)
-        *definitions = p;
-
-      if (move == DOWN)
-        MHD__asn1_set_down (p_last, p);
-      else if (move == RIGHT)
-        MHD__asn1_set_right (p_last, p);
-
-      p_last = p;
-
-      if (array[k].type & CONST_DOWN)
-        move = DOWN;
-      else if (array[k].type & CONST_RIGHT)
-        move = RIGHT;
-      else
-        {
-          while (1)
-            {
-              if (p_last == *definitions)
-                break;
-
-              p_last = MHD__asn1_find_up (p_last);
-
-              if (p_last == NULL)
-                break;
-
-              if (p_last->type & CONST_RIGHT)
-                {
-                  p_last->type &= ~CONST_RIGHT;
-                  move = RIGHT;
-                  break;
-                }
-            }                   /* while */
-        }
-      k++;
-    }                           /* while */
-
-  if (p_last == *definitions)
-    {
-      result = MHD__asn1_check_identifier (*definitions);
-      if (result == ASN1_SUCCESS)
-        {
-          MHD__asn1_change_integer_value (*definitions);
-          MHD__asn1_expand_object_id (*definitions);
-        }
-    }
-  else
-    {
-      result = ASN1_ARRAY_ERROR;
-    }
-
-  if (errorDescription != NULL)
-    {
-      if (result == ASN1_IDENTIFIER_NOT_FOUND)
-        {
-          Estrcpy (errorDescription, ":: identifier '");
-          Estrcat (errorDescription, MHD__asn1_identifierMissing);
-          Estrcat (errorDescription, "' not found");
-        }
-      else
-        errorDescription[0] = 0;
-    }
-
-  if (result != ASN1_SUCCESS)
-    {
-      MHD__asn1_delete_list_and_nodes ();
-      *definitions = ASN1_TYPE_EMPTY;
-    }
-  else
-    MHD__asn1_delete_list ();
-
-  return result;
-}
-
-/**
-  * MHD__asn1_delete_structure - Deletes the structure pointed by *ROOT.
-  * @structure: pointer to the structure that you want to delete.
-  *
-  * Deletes the structure *@structure.  At the end, *@structure is set
-  * to ASN1_TYPE_EMPTY.
-  *
-  * Returns:
-  *
-  * ASN1_SUCCESS: Everything OK.
-  *
-  * ASN1_ELEMENT_NOT_FOUND: *@structure was ASN1_TYPE_EMPTY.
-  *
-  **/
-MHD__asn1_retCode
-MHD__asn1_delete_structure (ASN1_TYPE * structure)
-{
-  node_asn *p, *p2, *p3;
-
-  if (*structure == ASN1_TYPE_EMPTY)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  p = *structure;
-  while (p)
-    {
-      if (p->down)
-        {
-          p = p->down;
-        }
-      else
-        {                       /* no down */
-          p2 = p->right;
-          if (p != *structure)
-            {
-              p3 = MHD__asn1_find_up (p);
-              MHD__asn1_set_down (p3, p2);
-              MHD__asn1_remove_node (p);
-              p = p3;
-            }
-          else
-            {                   /* p==root */
-              p3 = MHD__asn1_find_left (p);
-              if (!p3)
-                {
-                  p3 = MHD__asn1_find_up (p);
-                  if (p3)
-                    MHD__asn1_set_down (p3, p2);
-                  else
-                    {
-                      if (p->right)
-                        p->right->left = NULL;
-                    }
-                }
-              else
-                MHD__asn1_set_right (p3, p2);
-              MHD__asn1_remove_node (p);
-              p = NULL;
-            }
-        }
-    }
-
-  *structure = ASN1_TYPE_EMPTY;
-  return ASN1_SUCCESS;
-}
-
-node_asn *
-MHD__asn1_copy_structure3 (node_asn * source_node)
-{
-  node_asn *dest_node, *p_s, *p_d, *p_d_prev;
-  int move;
-
-  if (source_node == NULL)
-    return NULL;
-
-  dest_node = MHD__asn1_add_node_only (source_node->type);
-
-  p_s = source_node;
-  p_d = dest_node;
-
-  move = DOWN;
-
-  do
-    {
-      if (move != UP)
-        {
-          if (p_s->name)
-            MHD__asn1_set_name (p_d, p_s->name);
-          if (p_s->value)
-            MHD__asn1_set_value (p_d, p_s->value, p_s->value_len);
-          move = DOWN;
-        }
-      else
-        move = RIGHT;
-
-      if (move == DOWN)
-        {
-          if (p_s->down)
-            {
-              p_s = p_s->down;
-              p_d_prev = p_d;
-              p_d = MHD__asn1_add_node_only (p_s->type);
-              MHD__asn1_set_down (p_d_prev, p_d);
-            }
-          else
-            move = RIGHT;
-        }
-
-      if (p_s == source_node)
-        break;
-
-      if (move == RIGHT)
-        {
-          if (p_s->right)
-            {
-              p_s = p_s->right;
-              p_d_prev = p_d;
-              p_d = MHD__asn1_add_node_only (p_s->type);
-              MHD__asn1_set_right (p_d_prev, p_d);
-            }
-          else
-            move = UP;
-        }
-      if (move == UP)
-        {
-          p_s = MHD__asn1_find_up (p_s);
-          p_d = MHD__asn1_find_up (p_d);
-        }
-    }
-  while (p_s != source_node);
-
-  return dest_node;
-}
-
-
-static node_asn *
-MHD__asn1_copy_structure2 (node_asn * root, const char *source_name)
-{
-  node_asn *source_node;
-
-  source_node = MHD__asn1_find_node (root, source_name);
-
-  return MHD__asn1_copy_structure3 (source_node);
-
-}
-
-
-static MHD__asn1_retCode
-MHD__asn1_type_choice_config (node_asn * node)
-{
-  node_asn *p, *p2, *p3, *p4;
-  int move, tlen;
-
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  p = node;
-  move = DOWN;
-
-  while (!((p == node) && (move == UP)))
-    {
-      if (move != UP)
-        {
-          if ((type_field (p->type) == TYPE_CHOICE) && (p->type & CONST_TAG))
-            {
-              p2 = p->down;
-              while (p2)
-                {
-                  if (type_field (p2->type) != TYPE_TAG)
-                    {
-                      p2->type |= CONST_TAG;
-                      p3 = MHD__asn1_find_left (p2);
-                      while (p3)
-                        {
-                          if (type_field (p3->type) == TYPE_TAG)
-                            {
-                              p4 = MHD__asn1_add_node_only (p3->type);
-                              tlen = strlen ((const char *) p3->value);
-                              if (tlen > 0)
-                                MHD__asn1_set_value (p4, p3->value, tlen + 1);
-                              MHD__asn1_set_right (p4, p2->down);
-                              MHD__asn1_set_down (p2, p4);
-                            }
-                          p3 = MHD__asn1_find_left (p3);
-                        }
-                    }
-                  p2 = p2->right;
-                }
-              p->type &= ~(CONST_TAG);
-              p2 = p->down;
-              while (p2)
-                {
-                  p3 = p2->right;
-                  if (type_field (p2->type) == TYPE_TAG)
-                    MHD__asn1_delete_structure (&p2);
-                  p2 = p3;
-                }
-            }
-          move = DOWN;
-        }
-      else
-        move = RIGHT;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-
-      if (p == node)
-        {
-          move = UP;
-          continue;
-        }
-
-      if (move == RIGHT)
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-static MHD__asn1_retCode
-MHD__asn1_expand_identifier (node_asn ** node, node_asn * root)
-{
-  node_asn *p, *p2, *p3;
-  char name2[MAX_NAME_SIZE + 2];
-  int move;
-
-  if (node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  p = *node;
-  move = DOWN;
-
-  while (!((p == *node) && (move == UP)))
-    {
-      if (move != UP)
-        {
-          if (type_field (p->type) == TYPE_IDENTIFIER)
-            {
-              MHD__asn1_str_cpy (name2, sizeof (name2), root->name);
-              MHD__asn1_str_cat (name2, sizeof (name2), ".");
-              MHD__asn1_str_cat (name2, sizeof (name2),
-                                 (const char *) p->value);
-              p2 = MHD__asn1_copy_structure2 (root, name2);
-              if (p2 == NULL)
-                {
-                  return ASN1_IDENTIFIER_NOT_FOUND;
-                }
-              MHD__asn1_set_name (p2, p->name);
-              p2->right = p->right;
-              p2->left = p->left;
-              if (p->right)
-                p->right->left = p2;
-              p3 = p->down;
-              if (p3)
-                {
-                  while (p3->right)
-                    p3 = p3->right;
-                  MHD__asn1_set_right (p3, p2->down);
-                  MHD__asn1_set_down (p2, p->down);
-                }
-
-              p3 = MHD__asn1_find_left (p);
-              if (p3)
-                MHD__asn1_set_right (p3, p2);
-              else
-                {
-                  p3 = MHD__asn1_find_up (p);
-                  if (p3)
-                    MHD__asn1_set_down (p3, p2);
-                  else
-                    {
-                      p2->left = NULL;
-                    }
-                }
-
-              if (p->type & CONST_SIZE)
-                p2->type |= CONST_SIZE;
-              if (p->type & CONST_TAG)
-                p2->type |= CONST_TAG;
-              if (p->type & CONST_OPTION)
-                p2->type |= CONST_OPTION;
-              if (p->type & CONST_DEFAULT)
-                p2->type |= CONST_DEFAULT;
-              if (p->type & CONST_SET)
-                p2->type |= CONST_SET;
-              if (p->type & CONST_NOT_USED)
-                p2->type |= CONST_NOT_USED;
-
-              if (p == *node)
-                *node = p2;
-              MHD__asn1_remove_node (p);
-              p = p2;
-              move = DOWN;
-              continue;
-            }
-          move = DOWN;
-        }
-      else
-        move = RIGHT;
-
-      if (move == DOWN)
-        {
-          if (p->down)
-            p = p->down;
-          else
-            move = RIGHT;
-        }
-
-      if (p == *node)
-        {
-          move = UP;
-          continue;
-        }
-
-      if (move == RIGHT)
-        {
-          if (p->right)
-            p = p->right;
-          else
-            move = UP;
-        }
-      if (move == UP)
-        p = MHD__asn1_find_up (p);
-    }
-
-  return ASN1_SUCCESS;
-}
-
-
-/**
-  * MHD__asn1_create_element - Creates a structure of type SOURCE_NAME.
-  * @definitions: pointer to the structure returned by "parser_asn1" function
-  * @source_name: the name of the type of the new structure (must be
-  *   inside p_structure).
-  * @element: pointer to the structure created.
-  *
-  * Creates a structure of type @source_name.  Example using
-  *  "pkix.asn":
-  *
-  * rc = MHD__asn1_create_structure(cert_def, "PKIX1.Certificate",
-  * certptr);
-  *
-  * Returns:
-  *
-  * ASN1_SUCCESS: Creation OK.
-  *
-  * ASN1_ELEMENT_NOT_FOUND: SOURCE_NAME isn't known
-  **/
-MHD__asn1_retCode
-MHD__asn1_create_element (ASN1_TYPE definitions, const char *source_name,
-                          ASN1_TYPE * element)
-{
-  node_asn *dest_node;
-  int res;
-
-  dest_node = MHD__asn1_copy_structure2 (definitions, source_name);
-
-  if (dest_node == NULL)
-    return ASN1_ELEMENT_NOT_FOUND;
-
-  MHD__asn1_set_name (dest_node, "");
-
-  res = MHD__asn1_expand_identifier (&dest_node, definitions);
-  MHD__asn1_type_choice_config (dest_node);
-
-  *element = dest_node;
-
-  return res;
-}

src/daemon/https/minitasn1/structure.h

@@ -1,18 +0,0 @@
-
-/*************************************************/
-/* File: structure.h                             */
-/* Description: list of exported object by       */
-/*   "structure.c"                               */
-/*************************************************/
-
-#ifndef _STRUCTURE_H
-#define _STRUCTURE_H
-
-node_asn *MHD__asn1_copy_structure3 (node_asn * source_node);
-
-
-node_asn *MHD__asn1_add_node_only (unsigned int type);
-
-node_asn *MHD__asn1_find_left (node_asn * node);
-
-#endif

src/daemon/https/tls/Makefile.am

@@ -1,100 +0,0 @@
-AM_CPPFLAGS = \
--I$(top_srcdir)/src/include \
--I$(top_srcdir)/src/daemon/ \
--I$(top_srcdir)/src/daemon/https \
--I$(top_srcdir)/src/daemon/https/tls \
--I$(top_srcdir)/src/daemon/https/lgl \
--I$(top_srcdir)/src/daemon/https/minitasn1 \
--I$(top_srcdir)/src/daemon/https/x509 \
- @LIBGCRYPT_CFLAGS@ 
-
-if USE_COVERAGE
-  AM_CFLAGS = -fprofile-arcs -ftest-coverage
-endif
-
-noinst_LTLIBRARIES = libtls.la
-
-libtls_la_SOURCES = \
-auth_cert.c \
-auth_dhe.c \
-auth_dh_common.c \
-auth_rsa.c \
-auth_rsa_export.c \
-debug.c \
-defines.h \
-ext_cert_type.c \
-ext_max_record.c \
-ext_server_name.c \
-gnutls_alert.c \
-gnutls_algorithms.c \
-gnutls_asn1_tab.c \
-gnutls_auth.c \
-gnutls_buffers.c \
-gnutls_cert.c \
-gnutls_cipher.c \
-gnutls_cipher_int.c \
-gnutls_constate.c \
-gnutls_datum.c \
-gnutls_dh.c \
-gnutls_dh_primes.c \
-gnutls_errors.c \
-gnutls_extensions.c \
-gnutls_global.c \
-gnutls_handshake.c \
-gnutls_hash_int.c \
-gnutls_kx.c \
-gnutls_mem.c \
-gnutls_mpi.c \
-gnutls_num.c \
-gnutls_pk.c \
-gnutls_priority.c \
-gnutls_record.c \
-gnutls_rsa_export.c \
-gnutls_sig.c \
-gnutls_state.c \
-gnutls_str.c \
-gnutls_supplemental.c \
-gnutls_ui.c \
-gnutls_x509.c \
-pkix_asn1_tab.c \
-x509_b64.c \
-auth_cert.h \
-auth_dh_common.h \
-debug.h \
-defines.h \
-ext_cert_type.h \
-ext_max_record.h \
-ext_server_name.h \
-gnutls_algorithms.h \
-gnutls_auth.h \
-gnutls_auth_int.h \
-gnutls_buffers.h \
-gnutls_cert.h \
-gnutls_cipher.h \
-gnutls_cipher_int.h \
-gnutls_constate.h \
-gnutls_datum.h \
-gnutls_dh.h \
-gnutls_errors.h \
-gnutls_extensions.h \
-gnutls_global.h \
-gnutls_handshake.h \
-gnutls_hash_int.h \
-gnutls_int.h \
-gnutls_kx.h \
-gnutls_mem.h \
-gnutls_mpi.h \
-gnutls_num.h \
-gnutls_pk.h \
-gnutls_record.h \
-gnutls_rsa_export.h \
-gnutls_sig.h \
-gnutls_state.h \
-gnutls_str.h \
-gnutls_supplemental.h \
-gnutls_x509.h \
-x509_b64.h \
-memmem.c \
-str-two-way.h
-libtls_la_LIBADD = @LIBGCRYPT_LIBS@
-

src/daemon/https/tls/auth_cert.c

@@ -1,1329 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* The certificate authentication functions which are needed in the handshake,
- * and are common to RSA and DHE key exchange, are in this file.
- */
-
-#include <gnutls_int.h>
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include <gnutls_cert.h>
-#include <auth_cert.h>
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "libtasn1.h"
-#include "gnutls_datum.h"
-#include <gnutls_pk.h>
-#include <gnutls_algorithms.h>
-#include <gnutls_global.h>
-#include <gnutls_record.h>
-#include <gnutls_sig.h>
-#include <gnutls_state.h>
-#include <gnutls_pk.h>
-#include <gnutls_x509.h>
-#include "debug.h"
-
-static MHD_gnutls_cert *alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t *
-                                                   certs, unsigned);
-static MHD_gnutls_privkey *alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t
-                                                    key);
-
-
-/* Copies data from a internal certificate struct (MHD_gnutls_cert) to
- * exported certificate struct (cert_auth_info_t)
- */
-static int
-MHD__gnutls_copy_certificate_auth_info (cert_auth_info_t info,
-                                        MHD_gnutls_cert * cert, int ncerts)
-{
-  /* Copy peer's information to auth_info_t
-   */
-  int ret, i, j;
-
-  if (ncerts == 0)
-    {
-      info->raw_certificate_list = NULL;
-      info->ncerts = 0;
-      return 0;
-    }
-
-  info->raw_certificate_list =
-    MHD_gnutls_calloc (1, sizeof (MHD_gnutls_datum_t) * ncerts);
-  if (info->raw_certificate_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  for (i = 0; i < ncerts; i++)
-    {
-      if (cert->raw.size > 0)
-        {
-          ret =
-            MHD__gnutls_set_datum (&info->raw_certificate_list[i],
-                                   cert[i].raw.data, cert[i].raw.size);
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              goto clear;
-            }
-        }
-    }
-  info->ncerts = ncerts;
-
-  return 0;
-
-clear:
-
-  for (j = 0; j < i; j++)
-    MHD__gnutls_free_datum (&info->raw_certificate_list[j]);
-
-  MHD_gnutls_free (info->raw_certificate_list);
-  info->raw_certificate_list = NULL;
-
-  return ret;
-}
-
-
-
-
-/* returns 0 if the algo_to-check exists in the pk_algos list,
- * -1 otherwise.
- */
-inline static int
-MHD__gnutls_check_pk_algo_in_list (const enum MHD_GNUTLS_PublicKeyAlgorithm
-                                   *pk_algos, int pk_algos_length,
-                                   enum MHD_GNUTLS_PublicKeyAlgorithm
-                                   algo_to_check)
-{
-  int i;
-  for (i = 0; i < pk_algos_length; i++)
-    {
-      if (algo_to_check == pk_algos[i])
-        {
-          return 0;
-        }
-    }
-  return -1;
-}
-
-
-/* Returns the issuer's Distinguished name in odn, of the certificate
- * specified in cert.
- */
-static int
-MHD__gnutls_cert_get_issuer_dn (MHD_gnutls_cert * cert,
-                                MHD_gnutls_datum_t * odn)
-{
-  ASN1_TYPE dn;
-  int len, result;
-  int start, end;
-
-  if ((result = MHD__asn1_create_element
-       (MHD__gnutls_get_pkix (), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  result = MHD__asn1_der_decoding (&dn, cert->raw.data, cert->raw.size, NULL);
-  if (result != ASN1_SUCCESS)
-    {
-      /* couldn't decode DER */
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&dn);
-      return MHD_gtls_asn2err (result);
-    }
-
-  result =
-    MHD__asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size,
-                                     "tbsCertificate.issuer", &start, &end);
-
-  if (result != ASN1_SUCCESS)
-    {
-      /* couldn't decode DER */
-      MHD_gnutls_assert ();
-      MHD__asn1_delete_structure (&dn);
-      return MHD_gtls_asn2err (result);
-    }
-  MHD__asn1_delete_structure (&dn);
-
-  len = end - start + 1;
-
-  odn->size = len;
-  odn->data = &cert->raw.data[start];
-
-  return 0;
-}
-
-
-/* Locates the most appropriate x509 certificate using the
- * given DN. If indx == -1 then no certificate was found.
- *
- * That is to guess which certificate to use, based on the
- * CAs and sign algorithms supported by the peer server.
- */
-static int
-_find_x509_cert (const MHD_gtls_cert_credentials_t cred,
-                 opaque * _data, size_t _data_size,
-                 const enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos,
-                 int pk_algos_length, int *indx)
-{
-  unsigned size;
-  MHD_gnutls_datum_t odn;
-  opaque *data = _data;
-  ssize_t data_size = _data_size;
-  unsigned i, j;
-  int result, cert_pk;
-
-  *indx = -1;
-  odn.size = 0;
-  odn.data = NULL;
-  do
-    {
-
-      DECR_LENGTH_RET (data_size, 2, 0);
-      size = MHD_gtls_read_uint16 (data);
-      DECR_LENGTH_RET (data_size, size, 0);
-      data += 2;
-
-      for (i = 0; i < cred->ncerts; i++)
-        {
-          for (j = 0; j < cred->cert_list_length[i]; j++)
-            {
-              if ((result =
-                   MHD__gnutls_cert_get_issuer_dn (&cred->cert_list[i][j],
-                                                   &odn)) != 0)
-                {
-                  MHD_gnutls_assert ();
-                  return result;
-                }
-
-              if (odn.size != size)
-                continue;
-
-              /* If the DN matches and
-               * the *_SIGN algorithm matches
-               * the cert is our cert!
-               */
-              cert_pk = cred->cert_list[i][0].subject_pk_algorithm;
-
-              if ((memcmp (odn.data, data, size) == 0) &&
-                  (MHD__gnutls_check_pk_algo_in_list
-                   (pk_algos, pk_algos_length, cert_pk) == 0))
-                {
-                  *indx = i;
-                  break;
-                }
-            }
-          if (*indx != -1)
-            break;
-        }
-
-      if (*indx != -1)
-        break;
-
-      /* move to next record */
-      data += size;
-
-    }
-  while (1);
-
-  return 0;
-
-}
-
-/* Returns the number of issuers in the server's
- * certificate request packet.
- */
-static int
-get_issuers_num (MHD_gtls_session_t session, opaque * data, ssize_t data_size)
-{
-  int issuers_dn_len = 0, result;
-  unsigned size;
-
-  /* Count the number of the given issuers;
-   * This is used to allocate the issuers_dn without
-   * using realloc().
-   */
-
-  if (data_size == 0 || data == NULL)
-    return 0;
-
-  if (data_size > 0)
-    do
-      {
-        /* This works like DECR_LEN()
-         */
-        result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        DECR_LENGTH_COM (data_size, 2, goto error);
-        size = MHD_gtls_read_uint16 (data);
-
-        result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        DECR_LENGTH_COM (data_size, size, goto error);
-
-        data += 2;
-
-        if (size > 0)
-          {
-            issuers_dn_len++;
-            data += size;
-          }
-
-        if (data_size == 0)
-          break;
-
-      }
-    while (1);
-
-  return issuers_dn_len;
-
-error:
-  return result;
-}
-
-/* Returns the issuers in the server's certificate request
- * packet.
- */
-static int
-get_issuers (MHD_gtls_session_t session,
-             MHD_gnutls_datum_t * issuers_dn, int issuers_len,
-             opaque * data, size_t data_size)
-{
-  int i;
-  unsigned size;
-
-  if (MHD_gnutls_certificate_type_get (session) != MHD_GNUTLS_CRT_X509)
-    return 0;
-
-  /* put the requested DNs to req_dn, only in case
-   * of X509 certificates.
-   */
-  if (issuers_len > 0)
-    {
-
-      for (i = 0; i < issuers_len; i++)
-        {
-          /* The checks here for the buffer boundaries
-           * are not needed since the buffer has been
-           * parsed above.
-           */
-          data_size -= 2;
-
-          size = MHD_gtls_read_uint16 (data);
-
-          data += 2;
-
-          issuers_dn[i].data = data;
-          issuers_dn[i].size = size;
-
-          data += size;
-        }
-    }
-
-  return 0;
-}
-
-/* Calls the client get callback.
- */
-static int
-call_get_cert_callback (MHD_gtls_session_t session,
-                        MHD_gnutls_datum_t * issuers_dn,
-                        int issuers_dn_length,
-                        enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos,
-                        int pk_algos_length)
-{
-  unsigned i;
-  MHD_gnutls_cert *local_certs = NULL;
-  MHD_gnutls_privkey *local_key = NULL;
-  MHD_gnutls_retr_st st;
-  int ret;
-  enum MHD_GNUTLS_CertificateType type =
-    MHD_gnutls_certificate_type_get (session);
-  MHD_gtls_cert_credentials_t cred;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  memset (&st, 0, sizeof (st));
-
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      ret = cred->server_get_cert_callback (session, &st);
-    }
-  else
-    {                           /* CLIENT */
-      ret =
-        cred->client_get_cert_callback (session,
-                                        issuers_dn, issuers_dn_length,
-                                        pk_algos, pk_algos_length, &st);
-    }
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  if (st.ncerts == 0)
-    return 0;                   /* no certificate was selected */
-
-  if (type != st.type)
-    {
-      MHD_gnutls_assert ();
-      ret = GNUTLS_E_INVALID_REQUEST;
-      goto cleanup;
-    }
-
-  if (type == MHD_GNUTLS_CRT_X509)
-    {
-      local_certs = alloc_and_load_x509_certs (st.cert.x509, st.ncerts);
-      if (local_certs != NULL)
-        local_key = alloc_and_load_x509_key (st.key.x509);
-
-    }
-  else
-    {                           /* PGP */
-      MHD_gnutls_assert ();
-      ret = GNUTLS_E_INVALID_REQUEST;
-      goto cleanup;
-    }
-
-  MHD_gtls_selected_certs_set (session, local_certs,
-                               (local_certs != NULL) ? st.ncerts : 0,
-                               local_key, 1);
-
-  ret = 0;
-
-cleanup:
-
-  if (st.type == MHD_GNUTLS_CRT_X509)
-    {
-      if (st.deinit_all)
-        {
-          for (i = 0; i < st.ncerts; i++)
-            {
-              MHD_gnutls_x509_crt_deinit (st.cert.x509[i]);
-            }
-          MHD_gnutls_free (st.cert.x509);
-          MHD_gnutls_x509_privkey_deinit (st.key.x509);
-        }
-    }
-  return ret;
-}
-
-/* Finds the appropriate certificate depending on the cA Distinguished name
- * advertized by the server. If none matches then returns 0 and -1 as index.
- * In case of an error a negative value, is returned.
- *
- * 20020128: added ability to select a certificate depending on the SIGN
- * algorithm (only in automatic mode).
- */
-static int
-_select_client_cert (MHD_gtls_session_t session,
-                     opaque * _data, size_t _data_size,
-                     enum MHD_GNUTLS_PublicKeyAlgorithm *pk_algos,
-                     int pk_algos_length)
-{
-  int result;
-  int indx = -1;
-  MHD_gtls_cert_credentials_t cred;
-  opaque *data = _data;
-  ssize_t data_size = _data_size;
-  int issuers_dn_length;
-  MHD_gnutls_datum_t *issuers_dn = NULL;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  if (cred->client_get_cert_callback != NULL)
-    {
-
-      /* use a callback to get certificate
-       */
-      if (session->security_parameters.cert_type != MHD_GNUTLS_CRT_X509)
-        issuers_dn_length = 0;
-      else
-        {
-          issuers_dn_length = get_issuers_num (session, data, data_size);
-          if (issuers_dn_length < 0)
-            {
-              MHD_gnutls_assert ();
-              return issuers_dn_length;
-            }
-
-          if (issuers_dn_length > 0)
-            {
-              issuers_dn =
-                MHD_gnutls_malloc (sizeof (MHD_gnutls_datum_t) *
-                                   issuers_dn_length);
-              if (issuers_dn == NULL)
-                {
-                  MHD_gnutls_assert ();
-                  return GNUTLS_E_MEMORY_ERROR;
-                }
-
-              result =
-                get_issuers (session, issuers_dn, issuers_dn_length,
-                             data, data_size);
-              if (result < 0)
-                {
-                  MHD_gnutls_assert ();
-                  goto cleanup;
-                }
-            }
-        }
-
-      result =
-        call_get_cert_callback (session, issuers_dn, issuers_dn_length,
-                                pk_algos, pk_algos_length);
-      goto cleanup;
-
-    }
-  else
-    {
-      /* If we have no callbacks, try to guess.
-       */
-      result = 0;
-
-      if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509)
-        result =
-          _find_x509_cert (cred, _data, _data_size,
-                           pk_algos, pk_algos_length, &indx);
-      if (result < 0)
-        {
-          MHD_gnutls_assert ();
-          return result;
-        }
-
-      if (indx >= 0)
-        {
-          MHD_gtls_selected_certs_set (session,
-                                       &cred->cert_list[indx][0],
-                                       cred->cert_list_length[indx],
-                                       &cred->pkey[indx], 0);
-        }
-      else
-        {
-          MHD_gtls_selected_certs_set (session, NULL, 0, NULL, 0);
-        }
-
-      result = 0;
-    }
-
-cleanup:
-  MHD_gnutls_free (issuers_dn);
-  return result;
-
-}
-
-/* Generate client certificate
- */
-static int
-MHD_gtls_gen_x509_crt (MHD_gtls_session_t session, opaque ** data)
-{
-  int ret, i;
-  opaque *pdata;
-  MHD_gnutls_cert *apr_cert_list;
-  MHD_gnutls_privkey *apr_pkey;
-  int apr_cert_list_length;
-
-  /* find the appropriate certificate
-   */
-  if ((ret =
-       MHD_gtls_get_selected_cert (session, &apr_cert_list,
-                                   &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = 3;
-  for (i = 0; i < apr_cert_list_length; i++)
-    {
-      ret += apr_cert_list[i].raw.size + 3;
-      /* hold size
-       * for uint24 */
-    }
-
-  /* if no certificates were found then send:
-   * 0B 00 00 03 00 00 00    // Certificate with no certs
-   * instead of:
-   * 0B 00 00 00          // empty certificate handshake
-   *
-   * ( the above is the whole handshake message, not
-   * the one produced here )
-   */
-
-  (*data) = MHD_gnutls_malloc (ret);
-  pdata = (*data);
-
-  if (pdata == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  MHD_gtls_write_uint24 (ret - 3, pdata);
-  pdata += 3;
-  for (i = 0; i < apr_cert_list_length; i++)
-    {
-      MHD_gtls_write_datum24 (pdata, apr_cert_list[i].raw);
-      pdata += (3 + apr_cert_list[i].raw.size);
-    }
-
-  return ret;
-}
-
-int
-MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t session,
-                                      opaque ** data)
-{
-  switch (session->security_parameters.cert_type)
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return MHD_gtls_gen_x509_crt (session, data);
-
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-}
-
-int
-MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t session,
-                                      opaque ** data)
-{
-  switch (session->security_parameters.cert_type)
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return MHD_gtls_gen_x509_crt (session, data);
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-}
-
-/* Process server certificate
- */
-
-#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x])
-static int
-MHD_gtls_proc_x509_server_certificate (MHD_gtls_session_t session,
-                                       opaque * data, size_t data_size)
-{
-  int size, len, ret;
-  opaque *p = data;
-  cert_auth_info_t info;
-  MHD_gtls_cert_credentials_t cred;
-  ssize_t dsize = data_size;
-  int i, j, x;
-  MHD_gnutls_cert *peer_certificate_list;
-  int peer_certificate_list_size = 0;
-  MHD_gnutls_datum_t tmp;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-
-  if ((ret =
-       MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
-                               sizeof (cert_auth_info_st), 1)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  info = MHD_gtls_get_auth_info (session);
-
-  if (data == NULL || data_size == 0)
-    {
-      MHD_gnutls_assert ();
-      /* no certificate was sent */
-      return GNUTLS_E_NO_CERTIFICATE_FOUND;
-    }
-
-  DECR_LEN (dsize, 3);
-  size = MHD_gtls_read_uint24 (p);
-  p += 3;
-
-  /* some implementations send 0B 00 00 06 00 00 03 00 00 00
-   * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
-   */
-  if (size == 0 || size == 3)
-    {
-      MHD_gnutls_assert ();
-      /* no certificate was sent */
-      return GNUTLS_E_NO_CERTIFICATE_FOUND;
-    }
-
-  i = dsize;
-  while (i > 0)
-    {
-      DECR_LEN (dsize, 3);
-      len = MHD_gtls_read_uint24 (p);
-      p += 3;
-      DECR_LEN (dsize, len);
-      peer_certificate_list_size++;
-      p += len;
-      i -= len + 3;
-    }
-
-  if (peer_certificate_list_size == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_CERTIFICATE_FOUND;
-    }
-
-  /* Ok we now allocate the memory to hold the
-   * certificate list
-   */
-
-  peer_certificate_list =
-    MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) *
-                       (peer_certificate_list_size));
-
-  if (peer_certificate_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  memset (peer_certificate_list, 0, sizeof (MHD_gnutls_cert) *
-          peer_certificate_list_size);
-
-  p = data + 3;
-
-  /* Now we start parsing the list (again).
-   * We don't use DECR_LEN since the list has
-   * been parsed before.
-   */
-
-  for (j = 0; j < peer_certificate_list_size; j++)
-    {
-      len = MHD_gtls_read_uint24 (p);
-      p += 3;
-
-      tmp.size = len;
-      tmp.data = p;
-
-      if ((ret =
-           MHD_gtls_x509_raw_cert_to_gcert (&peer_certificate_list
-                                            [j], &tmp,
-                                            CERT_ONLY_EXTENSIONS)) < 0)
-        {
-          MHD_gnutls_assert ();
-          goto cleanup;
-        }
-
-      p += len;
-    }
-
-
-  if ((ret =
-       MHD__gnutls_copy_certificate_auth_info (info,
-                                               peer_certificate_list,
-                                               peer_certificate_list_size)) <
-      0)
-    {
-      MHD_gnutls_assert ();
-      goto cleanup;
-    }
-
-  if ((ret =
-       MHD__gnutls_check_key_usage (&peer_certificate_list[0],
-                                    MHD_gnutls_kx_get (session))) < 0)
-    {
-      MHD_gnutls_assert ();
-      goto cleanup;
-    }
-
-  ret = 0;
-
-cleanup:
-  CLEAR_CERTS;
-  MHD_gnutls_free (peer_certificate_list);
-  return ret;
-
-}
-
-#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x])
-
-int
-MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t session,
-                                       opaque * data, size_t data_size)
-{
-  switch (session->security_parameters.cert_type)
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return MHD_gtls_proc_x509_server_certificate (session, data, data_size);
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-}
-
-#define MAX_SIGN_ALGOS 2
-typedef enum CertificateSigType
-{ RSA_SIGN = 1, DSA_SIGN
-} CertificateSigType;
-
-/* Checks if we support the given signature algorithm
- * (RSA or DSA). Returns the corresponding enum MHD_GNUTLS_PublicKeyAlgorithm
- * if true;
- */
-inline static int
-MHD__gnutls_check_supported_sign_algo (CertificateSigType algo)
-{
-  switch (algo)
-    {
-    case RSA_SIGN:
-      return MHD_GNUTLS_PK_RSA;
-    default:
-      return -1;
-    }
-}
-
-int
-MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t session, opaque * data,
-                             size_t data_size)
-{
-  int size, ret;
-  opaque *p;
-  MHD_gtls_cert_credentials_t cred;
-  ssize_t dsize;
-  int i, j;
-  enum MHD_GNUTLS_PublicKeyAlgorithm pk_algos[MAX_SIGN_ALGOS];
-  int pk_algos_length;
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  if ((ret =
-       MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
-                               sizeof (cert_auth_info_st), 0)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  p = data;
-  dsize = data_size;
-
-  DECR_LEN (dsize, 1);
-  size = p[0];
-  p++;
-  /* check if the sign algorithm is supported.
-   */
-  pk_algos_length = j = 0;
-  for (i = 0; i < size; i++, p++)
-    {
-      DECR_LEN (dsize, 1);
-      if ((ret = MHD__gnutls_check_supported_sign_algo (*p)) > 0)
-        {
-          if (j < MAX_SIGN_ALGOS)
-            {
-              pk_algos[j++] = ret;
-              pk_algos_length++;
-            }
-        }
-    }
-
-  if (pk_algos_length == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
-    }
-
-  if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      /* read supported hashes */
-      int hash_num;
-      DECR_LEN (dsize, 1);
-
-      hash_num = p[0] & 0xFF;
-      p++;
-
-      DECR_LEN (dsize, hash_num);
-      p += hash_num;
-    }
-
-  /* read the certificate authorities */
-  DECR_LEN (dsize, 2);
-  size = MHD_gtls_read_uint16 (p);
-  p += 2;
-
-  DECR_LEN (dsize, size);
-
-  /* now we ask the user to tell which one
-   * he wants to use.
-   */
-  if ((ret =
-       _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* We should reply with a certificate message,
-   * even if we have no certificate to send.
-   */
-  session->key->certificate_requested = 1;
-
-  return 0;
-}
-
-int
-MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t session,
-                                    opaque ** data)
-{
-  int ret;
-  MHD_gnutls_cert *apr_cert_list;
-  MHD_gnutls_privkey *apr_pkey;
-  int apr_cert_list_length, size;
-  MHD_gnutls_datum_t signature;
-
-  *data = NULL;
-
-  /* find the appropriate certificate */
-  if ((ret =
-       MHD_gtls_get_selected_cert (session, &apr_cert_list,
-                                   &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  if (apr_cert_list_length > 0)
-    {
-      if ((ret =
-           MHD_gtls_tls_sign_hdata (session,
-                                    &apr_cert_list[0],
-                                    apr_pkey, &signature)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-  else
-    {
-      return 0;
-    }
-
-  *data = MHD_gnutls_malloc (signature.size + 2);
-  if (*data == NULL)
-    {
-      MHD__gnutls_free_datum (&signature);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  size = signature.size;
-  MHD_gtls_write_uint16 (size, *data);
-
-  memcpy (&(*data)[2], signature.data, size);
-
-  MHD__gnutls_free_datum (&signature);
-
-  return size + 2;
-}
-
-int
-MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t session,
-                                     opaque * data, size_t data_size)
-{
-  int size, ret;
-  ssize_t dsize = data_size;
-  opaque *pdata = data;
-  MHD_gnutls_datum_t sig;
-  cert_auth_info_t info = MHD_gtls_get_auth_info (session);
-  MHD_gnutls_cert peer_cert;
-
-  if (info == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      /* we need this in order to get peer's certificate */
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  DECR_LEN (dsize, 2);
-  size = MHD_gtls_read_uint16 (pdata);
-  pdata += 2;
-
-  DECR_LEN (dsize, size);
-
-  sig.data = pdata;
-  sig.size = size;
-
-  ret = MHD_gtls_raw_cert_to_gcert (&peer_cert,
-                                    session->security_parameters.cert_type,
-                                    &info->raw_certificate_list[0],
-                                    CERT_NO_COPY);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  if ((ret = MHD_gtls_verify_sig_hdata (session, &peer_cert, &sig)) < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gtls_gcert_deinit (&peer_cert);
-      return ret;
-    }
-  MHD_gtls_gcert_deinit (&peer_cert);
-
-  return 0;
-}
-
-#define CERTTYPE_SIZE 3
-int
-MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t session, opaque ** data)
-{
-  MHD_gtls_cert_credentials_t cred;
-  int size;
-  opaque *pdata;
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  /* Now we need to generate the RDN sequence. This is
-   * already in the CERTIFICATE_CRED structure, to improve
-   * performance.
-   */
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  size = CERTTYPE_SIZE + 2;     /* 2 for enum MHD_GNUTLS_CertificateType + 2 for size of rdn_seq
-                                 */
-
-  if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 &&
-      session->internals.ignore_rdn_sequence == 0)
-    size += cred->x509_rdn_sequence.size;
-
-  if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2)
-    /* Need at least one byte to announce the number of supported hash
-       functions (see below).  */
-    size += 1;
-
-  (*data) = MHD_gnutls_malloc (size);
-  pdata = (*data);
-
-  if (pdata == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  pdata[0] = CERTTYPE_SIZE - 1;
-
-  pdata[1] = RSA_SIGN;
-  pdata[2] = DSA_SIGN;          /* only these for now */
-  pdata += CERTTYPE_SIZE;
-
-  if (ver == MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      /* Supported hashes (nothing for now -- FIXME). */
-      *pdata = 0;
-      pdata++;
-    }
-
-  if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_X509 &&
-      session->internals.ignore_rdn_sequence == 0)
-    {
-      MHD_gtls_write_datum16 (pdata, cred->x509_rdn_sequence);
-      /* pdata += cred->x509_rdn_sequence.size + 2; */
-    }
-  else
-    {
-      MHD_gtls_write_uint16 (0, pdata);
-      /* pdata+=2; */
-    }
-
-  return size;
-}
-
-
-/* This function will return the appropriate certificate to use.
- * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey.
- * The return value is a negative value on error.
- *
- * It is normal to return 0 with no certificates in client side.
- *
- */
-int
-MHD_gtls_get_selected_cert (MHD_gtls_session_t session,
-                            MHD_gnutls_cert ** apr_cert_list,
-                            int *apr_cert_list_length,
-                            MHD_gnutls_privkey ** apr_pkey)
-{
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-
-      /* select_client_cert() has been called before.
-       */
-
-      *apr_cert_list = session->internals.selected_cert_list;
-      *apr_pkey = session->internals.selected_key;
-      *apr_cert_list_length = session->internals.selected_cert_list_length;
-
-      if (*apr_cert_list_length == 0 || *apr_cert_list == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-        }
-
-    }
-  else
-    {                           /* CLIENT SIDE
-                                 */
-
-      /* we have already decided which certificate
-       * to send.
-       */
-      *apr_cert_list = session->internals.selected_cert_list;
-      *apr_cert_list_length = session->internals.selected_cert_list_length;
-      *apr_pkey = session->internals.selected_key;
-
-    }
-
-  return 0;
-}
-
-/* converts the given x509 certificate to MHD_gnutls_cert* and allocates
- * space for them.
- */
-static MHD_gnutls_cert *
-alloc_and_load_x509_certs (MHD_gnutls_x509_crt_t * certs, unsigned ncerts)
-{
-  MHD_gnutls_cert *local_certs;
-  int ret = 0;
-  unsigned i, j;
-
-  if (certs == NULL)
-    return NULL;
-
-  local_certs = MHD_gnutls_malloc (sizeof (MHD_gnutls_cert) * ncerts);
-  if (local_certs == NULL)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-
-  for (i = 0; i < ncerts; i++)
-    {
-      ret = MHD_gtls_x509_crt_to_gcert (&local_certs[i], certs[i], 0);
-      if (ret < 0)
-        break;
-    }
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      for (j = 0; j < i; j++)
-        {
-          MHD_gtls_gcert_deinit (&local_certs[j]);
-        }
-      MHD_gnutls_free (local_certs);
-      return NULL;
-    }
-
-  return local_certs;
-}
-
-/* converts the given x509 key to MHD_gnutls_privkey* and allocates
- * space for it.
- */
-static MHD_gnutls_privkey *
-alloc_and_load_x509_key (MHD_gnutls_x509_privkey_t key)
-{
-  MHD_gnutls_privkey *local_key;
-  int ret = 0;
-
-  if (key == NULL)
-    return NULL;
-
-  local_key = MHD_gnutls_malloc (sizeof (MHD_gnutls_privkey));
-  if (local_key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-
-  ret = MHD__gnutls_x509_privkey_to_gkey (local_key, key);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-
-  return local_key;
-}
-
-void
-MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session)
-{
-  if (session->internals.selected_need_free != 0)
-    {
-      int i;
-
-      for (i = 0; i < session->internals.selected_cert_list_length; i++)
-        {
-          MHD_gtls_gcert_deinit (&session->internals.selected_cert_list[i]);
-        }
-      MHD_gnutls_free (session->internals.selected_cert_list);
-      session->internals.selected_cert_list = NULL;
-      session->internals.selected_cert_list_length = 0;
-
-      MHD_gtls_gkey_deinit (session->internals.selected_key);
-      if (session->internals.selected_key)
-        {
-          MHD_gnutls_free (session->internals.selected_key);
-          session->internals.selected_key = NULL;
-        }
-    }
-
-  return;
-}
-
-void
-MHD_gtls_selected_certs_set (MHD_gtls_session_t session,
-                             MHD_gnutls_cert * certs, int ncerts,
-                             MHD_gnutls_privkey * key, int need_free)
-{
-  MHD_gtls_selected_certs_deinit (session);
-
-  session->internals.selected_cert_list = certs;
-  session->internals.selected_cert_list_length = ncerts;
-  session->internals.selected_key = key;
-  session->internals.selected_need_free = need_free;
-
-}
-
-
-/* finds the most appropriate certificate in the cert list.
- * The 'appropriate' is defined by the user.
- *
- * requested_algo holds the parameters required by the peer (RSA, DSA
- * or -1 for any).
- *
- * Returns 0 on success and a negative value on error. The
- * selected certificate will be in session->internals.selected_*.
- *
- */
-int
-MHD_gtls_server_select_cert (MHD_gtls_session_t session,
-                             enum MHD_GNUTLS_PublicKeyAlgorithm
-                             requested_algo)
-{
-  unsigned i;
-  int idx, ret;
-  MHD_gtls_cert_credentials_t cred;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  /* If the callback which retrieves certificate has been set,
-   * use it and leave.
-   */
-  if (cred->server_get_cert_callback != NULL)
-    return call_get_cert_callback (session, NULL, 0, NULL, 0);
-
-  /* Otherwise... */
-
-  ret = 0;
-  idx = -1;                     /* default is use no certificate */
-
-
-  for (i = 0; i < cred->ncerts; i++)
-    {
-      /* find one compatible certificate
-       */
-      if (requested_algo == GNUTLS_PK_ANY ||
-          requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
-        {
-          /* if cert type matches
-           */
-          if (session->security_parameters.cert_type ==
-              cred->cert_list[i][0].cert_type)
-            {
-              idx = i;
-              break;
-            }
-        }
-    }
-
-  /* store the certificate pointer for future use, in the handshake.
-   * (This will allow not calling this callback again.)
-   */
-  if (idx >= 0 && ret == 0)
-    {
-      MHD_gtls_selected_certs_set (session,
-                                   &cred->cert_list[idx][0],
-                                   cred->cert_list_length[idx],
-                                   &cred->pkey[idx], 0);
-    }
-  else
-    /* Certificate does not support REQUESTED_ALGO.  */
-    ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-
-  return ret;
-}
-
-/* Frees the MHD_gtls_rsa_info_st structure.
- */
-void
-MHD_gtls_free_rsa_info (rsa_info_st * rsa)
-{
-  MHD__gnutls_free_datum (&rsa->modulus);
-  MHD__gnutls_free_datum (&rsa->exponent);
-}

src/daemon/https/tls/auth_cert.h

@@ -1,159 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef AUTH_CERT_H
-#define AUTH_CERT_H
-
-#include "gnutls_cert.h"
-#include "gnutls_auth.h"
-#include "auth_dh_common.h"
-#include "x509.h"
-
-/* This structure may be complex, but it's the only way to
- * support a server that has multiple certificates
- */
-
-typedef struct MHD_gtls_certificate_credentials_st
-{
-  MHD_gtls_dh_params_t dh_params;
-  MHD_gtls_rsa_params_t rsa_params;
-  /* this callback is used to retrieve the DH or RSA
-   * parameters.
-   */
-  MHD_gnutls_params_function *params_func;
-
-  MHD_gnutls_cert **cert_list;
-  /* contains a list of a list of certificates.
-   * eg (X509): [0] certificate1, certificate11, certificate111
-   * (if more than one, one certificate certifies the one before)
-   *       [1] certificate2, certificate22, ...
-   */
-  unsigned *cert_list_length;
-  /* contains the number of the certificates in a
-   * row (should be 1 for OpenPGP keys).
-   */
-  unsigned ncerts;              /* contains the number of columns in cert_list.
-                                 * This is the same with the number of pkeys.
-                                 */
-
-  MHD_gnutls_privkey *pkey;
-  /* private keys. It contains ncerts private
-   * keys. pkey[i] corresponds to certificate in
-   * cert_list[i][0].
-   */
-
-  /* OpenPGP specific stuff */
-
-#ifndef KEYRING_HACK
-  MHD_gnutls_openpgp_keyring_t keyring;
-#else
-  MHD_gnutls_datum_t keyring;
-  int keyring_format;
-#endif
-
-  /* X509 specific stuff */
-
-  MHD_gnutls_x509_crt_t *x509_ca_list;
-  unsigned x509_ncas;           /* number of CAs in the ca_list
-                                 */
-
-  MHD_gnutls_x509_crl_t *x509_crl_list;
-  unsigned x509_ncrls;          /* number of CRLs in the crl_list
-                                 */
-
-  unsigned int verify_flags;    /* flags to be used at
-                                 * certificate verification.
-                                 */
-  unsigned int verify_depth;
-  unsigned int verify_bits;
-
-  /* holds a sequence of the
-   * RDNs of the CAs above.
-   * This is better than
-   * generating on every handshake.
-   */
-  MHD_gnutls_datum_t x509_rdn_sequence;
-
-  MHD_gnutls_certificate_client_retrieve_function *client_get_cert_callback;
-  MHD_gnutls_certificate_server_retrieve_function *server_get_cert_callback;
-} MHD_gtls_cert_credentials_st;
-
-typedef struct MHD_gtls_rsa_info_st
-{
-  MHD_gnutls_datum_t modulus;
-  MHD_gnutls_datum_t exponent;
-} rsa_info_st;
-
-typedef struct MHD_gtls_cert_auth_info_st
-{
-  int certificate_requested;    /* if the peer requested certificate
-                                 * this is non zero;
-                                 */
-
-  /* These (dh/rsa) are just copies from the credentials_t structure.
-   * They must be freed.
-   */
-  MHD_gtls_dh_info_st dh;
-  rsa_info_st rsa_export;
-
-  MHD_gnutls_datum_t *raw_certificate_list;     /* holds the raw certificate of the
-                                                 * peer.
-                                                 */
-  unsigned int ncerts;          /* holds the size of the list above */
-} *cert_auth_info_t;
-
-typedef struct MHD_gtls_cert_auth_info_st cert_auth_info_st;
-
-void MHD_gtls_free_rsa_info (rsa_info_st * rsa);
-
-/* AUTH X509 functions */
-int MHD_gtls_gen_cert_server_certificate (MHD_gtls_session_t, opaque **);
-int MHD_gtls_gen_cert_client_certificate (MHD_gtls_session_t, opaque **);
-int MHD_gtls_gen_cert_client_cert_vrfy (MHD_gtls_session_t, opaque **);
-int MHD_gtls_gen_cert_server_cert_req (MHD_gtls_session_t, opaque **);
-int MHD_gtls_proc_cert_cert_req (MHD_gtls_session_t, opaque *, size_t);
-int MHD_gtls_proc_cert_client_cert_vrfy (MHD_gtls_session_t, opaque *,
-                                         size_t);
-int MHD_gtls_proc_cert_server_certificate (MHD_gtls_session_t, opaque *,
-                                           size_t);
-int MHD_gtls_get_selected_cert (MHD_gtls_session_t session,
-                                MHD_gnutls_cert ** apr_cert_list,
-                                int *apr_cert_list_length,
-                                MHD_gnutls_privkey ** apr_pkey);
-
-int MHD_gtls_server_select_cert (struct MHD_gtls_session_int *,
-                                 enum MHD_GNUTLS_PublicKeyAlgorithm);
-void MHD_gtls_selected_certs_deinit (MHD_gtls_session_t session);
-void MHD_gtls_selected_certs_set (MHD_gtls_session_t session,
-                                  MHD_gnutls_cert * certs, int ncerts,
-                                  MHD_gnutls_privkey * key, int need_free);
-
-#define MHD__gnutls_proc_cert_client_certificate MHD_gtls_proc_cert_server_certificate
-
-MHD_gtls_rsa_params_t
-MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params,
-                                     MHD_gnutls_params_function * func,
-                                     MHD_gtls_session_t);
-
-#endif

src/daemon/https/tls/auth_dh_common.c

@@ -1,327 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains common stuff in Ephemeral Diffie Hellman (DHE) and
- * Anonymous DH key exchange(DHA). These are used in the handshake procedure
- * of the certificate and anoymous authentication.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_sig.h"
-#include <gnutls_datum.h>
-#include <gnutls_x509.h>
-#include <gnutls_state.h>
-#include <auth_dh_common.h>
-#include <gnutls_algorithms.h>
-
-/* Frees the MHD_gtls_dh_info_st structure.
- */
-void
-MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh)
-{
-  dh->secret_bits = 0;
-  MHD__gnutls_free_datum (&dh->prime);
-  MHD__gnutls_free_datum (&dh->generator);
-  MHD__gnutls_free_datum (&dh->public_key);
-}
-
-int
-MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
-                                   opaque * data, size_t _data_size,
-                                   mpi_t g, mpi_t p)
-{
-  uint16_t n_Y;
-  size_t _n_Y;
-  int ret;
-  ssize_t data_size = _data_size;
-
-
-  DECR_LEN (data_size, 2);
-  n_Y = MHD_gtls_read_uint16 (&data[0]);
-  _n_Y = n_Y;
-
-  DECR_LEN (data_size, n_Y);
-  if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y))
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
-
-  session->key->KEY =
-    MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
-
-  if (session->key->KEY == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  MHD_gtls_mpi_release (&session->key->client_Y);
-  MHD_gtls_mpi_release (&session->key->dh_secret);
-
-  ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
-
-  MHD_gtls_mpi_release (&session->key->KEY);
-
-  if (ret < 0)
-    {
-      return ret;
-    }
-
-  return 0;
-}
-
-int
-MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data)
-{
-  mpi_t x = NULL, X = NULL;
-  size_t n_X;
-  int ret;
-
-  *data = NULL;
-
-  X = MHD_gtls_calc_dh_secret (&x, session->key->client_g,
-                               session->key->client_p);
-  if (X == NULL || x == NULL)
-    {
-      MHD_gnutls_assert ();
-      ret = GNUTLS_E_MEMORY_ERROR;
-      goto error;
-    }
-
-  MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
-
-  MHD_gtls_mpi_print (NULL, &n_X, X);
-  (*data) = MHD_gnutls_malloc (n_X + 2);
-  if (*data == NULL)
-    {
-      ret = GNUTLS_E_MEMORY_ERROR;
-      goto error;
-    }
-
-  MHD_gtls_mpi_print (&(*data)[2], &n_X, X);
-  MHD_gtls_mpi_release (&X);
-
-  MHD_gtls_write_uint16 (n_X, &(*data)[0]);
-
-  /* calculate the key after calculating the message */
-  session->key->KEY =
-    MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
-
-  MHD_gtls_mpi_release (&x);
-  if (session->key->KEY == NULL)
-    {
-      MHD_gnutls_assert ();
-      ret = GNUTLS_E_MEMORY_ERROR;
-      goto error;
-    }
-
-  /* THESE SHOULD BE DISCARDED */
-  MHD_gtls_mpi_release (&session->key->client_Y);
-  MHD_gtls_mpi_release (&session->key->client_p);
-  MHD_gtls_mpi_release (&session->key->client_g);
-
-  ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY);
-
-  MHD_gtls_mpi_release (&session->key->KEY);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      goto error;
-    }
-
-  return n_X + 2;
-
-error:
-  MHD_gtls_mpi_release (&x);
-  MHD_gtls_mpi_release (&X);
-  MHD_gnutls_free (*data);
-  *data = NULL;
-  return ret;
-}
-
-int
-MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
-                                   opaque * data, size_t _data_size, int psk)
-{
-  uint16_t n_Y, n_g, n_p;
-  size_t _n_Y, _n_g, _n_p;
-  uint8_t *data_p;
-  uint8_t *data_g;
-  uint8_t *data_Y;
-  int i, bits, psk_size, ret;
-  ssize_t data_size = _data_size;
-
-  i = 0;
-
-  if (psk != 0)
-    {
-      DECR_LEN (data_size, 2);
-      psk_size = MHD_gtls_read_uint16 (&data[i]);
-      DECR_LEN (data_size, psk_size);
-      i += 2 + psk_size;
-    }
-
-  DECR_LEN (data_size, 2);
-  n_p = MHD_gtls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_p);
-  data_p = &data[i];
-  i += n_p;
-
-  DECR_LEN (data_size, 2);
-  n_g = MHD_gtls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_g);
-  data_g = &data[i];
-  i += n_g;
-
-  DECR_LEN (data_size, 2);
-  n_Y = MHD_gtls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_Y);
-  data_Y = &data[i];
-  i += n_Y;
-
-  _n_Y = n_Y;
-  _n_g = n_g;
-  _n_p = n_p;
-
-  if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-  if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  bits = MHD_gtls_dh_get_allowed_prime_bits (session);
-  if (bits < 0)
-    {
-      MHD_gnutls_assert ();
-      return bits;
-    }
-
-  if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits)
-    {
-      /* the prime used by the peer is not acceptable
-       */
-      MHD_gnutls_assert ();
-      return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
-    }
-
-  MHD_gtls_dh_set_group (session, session->key->client_g,
-                         session->key->client_p);
-  MHD_gtls_dh_set_peer_public (session, session->key->client_Y);
-
-  ret = n_Y + n_p + n_g + 6;
-  if (psk != 0)
-    ret += 2;
-
-  return ret;
-}
-
-/* If the psk flag is set, then an empty psk_identity_hint will
- * be inserted */
-int
-MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session,
-                                    mpi_t g, mpi_t p, opaque ** data, int psk)
-{
-  mpi_t x, X;
-  size_t n_X, n_g, n_p;
-  int ret, data_size, pos;
-  uint8_t *pdata;
-
-  X = MHD_gtls_calc_dh_secret (&x, g, p);
-  if (X == NULL || x == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  session->key->dh_secret = x;
-  MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x));
-
-  MHD_gtls_mpi_print (NULL, &n_g, g);
-  MHD_gtls_mpi_print (NULL, &n_p, p);
-  MHD_gtls_mpi_print (NULL, &n_X, X);
-
-  data_size = n_g + n_p + n_X + 6;
-  if (psk != 0)
-    data_size += 2;
-
-  (*data) = MHD_gnutls_malloc (data_size);
-  if (*data == NULL)
-    {
-      MHD_gtls_mpi_release (&X);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  pos = 0;
-  pdata = *data;
-
-  if (psk != 0)
-    {
-      MHD_gtls_write_uint16 (0, &pdata[pos]);
-      pos += 2;
-    }
-
-  MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p);
-  MHD_gtls_write_uint16 (n_p, &pdata[pos]);
-
-  pos += n_p + 2;
-
-  MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g);
-  MHD_gtls_write_uint16 (n_g, &pdata[pos]);
-
-  pos += n_g + 2;
-
-  MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X);
-  MHD_gtls_mpi_release (&X);
-
-  MHD_gtls_write_uint16 (n_X, &pdata[pos]);
-
-  ret = data_size;
-
-  return ret;
-}

src/daemon/https/tls/auth_dh_common.h

@@ -1,48 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef AUTH_DH_COMMON
-# define AUTH_DH_COMMON
-
-typedef struct
-{
-  int secret_bits;
-
-  MHD_gnutls_datum_t prime;
-  MHD_gnutls_datum_t generator;
-  MHD_gnutls_datum_t public_key;
-} MHD_gtls_dh_info_st;
-
-void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh);
-int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **);
-int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session,
-                                       opaque * data, size_t _data_size,
-                                       mpi_t p, mpi_t g);
-int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p,
-                                        opaque ** data, int psk);
-int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session,
-                                       opaque * data, size_t _data_size,
-                                       int psk);
-
-#endif

src/daemon/https/tls/auth_dhe.c

@@ -1,274 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains everything for the Ephemeral Diffie Hellman (DHE)
- * key exchange. This is used in the handshake procedure of the certificate
- * authentication.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_sig.h"
-#include <gnutls_datum.h>
-#include <auth_cert.h>
-#include <gnutls_x509.h>
-#include <gnutls_state.h>
-#include <auth_dh_common.h>
-
-static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **);
-static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t);
-static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t);
-
-const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = {
-  "DHE_RSA",
-  MHD_gtls_gen_cert_server_certificate,
-  MHD_gtls_gen_cert_client_certificate,
-  gen_dhe_server_kx,
-  MHD_gtls_gen_dh_common_client_kx,
-  MHD_gtls_gen_cert_client_cert_vrfy,   /* gen client cert vrfy */
-  MHD_gtls_gen_cert_server_cert_req,    /* server cert request */
-
-  MHD_gtls_proc_cert_server_certificate,
-  MHD__gnutls_proc_cert_client_certificate,
-  proc_dhe_server_kx,
-  proc_dhe_client_kx,
-  MHD_gtls_proc_cert_client_cert_vrfy,  /* proc client cert vrfy */
-  MHD_gtls_proc_cert_cert_req   /* proc server cert request */
-};
-
-const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = {
-  "DHE_DSS",
-  MHD_gtls_gen_cert_server_certificate,
-  MHD_gtls_gen_cert_client_certificate,
-  gen_dhe_server_kx,
-  MHD_gtls_gen_dh_common_client_kx,
-  MHD_gtls_gen_cert_client_cert_vrfy,   /* gen client cert vrfy */
-  MHD_gtls_gen_cert_server_cert_req,    /* server cert request */
-
-  MHD_gtls_proc_cert_server_certificate,
-  MHD__gnutls_proc_cert_client_certificate,
-  proc_dhe_server_kx,
-  proc_dhe_client_kx,
-  MHD_gtls_proc_cert_client_cert_vrfy,  /* proc client cert vrfy */
-  MHD_gtls_proc_cert_cert_req   /* proc server cert request */
-};
-
-
-static int
-gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data)
-{
-  mpi_t g, p;
-  const mpi_t *mpis;
-  int ret = 0, data_size;
-  MHD_gnutls_cert *apr_cert_list;
-  MHD_gnutls_privkey *apr_pkey;
-  int apr_cert_list_length;
-  MHD_gnutls_datum_t signature, ddata;
-  MHD_gtls_cert_credentials_t cred;
-  MHD_gtls_dh_params_t dh_params;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  /* find the appropriate certificate */
-  if ((ret =
-       MHD_gtls_get_selected_cert (session, &apr_cert_list,
-                                   &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  dh_params =
-    MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
-  mpis = MHD_gtls_dh_params_to_mpi (dh_params);
-  if (mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
-    }
-
-  p = mpis[0];
-  g = mpis[1];
-
-  if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
-                                     sizeof (cert_auth_info_st), 0)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD_gtls_dh_set_group (session, g, p);
-
-  ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  data_size = ret;
-
-  /* Generate the signature. */
-
-  ddata.data = *data;
-  ddata.size = data_size;
-
-  if (apr_cert_list_length > 0)
-    {
-      if ((ret =
-           MHD_gtls_tls_sign_params (session, &apr_cert_list[0],
-                                     apr_pkey, &ddata, &signature)) < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (*data);
-          return ret;
-        }
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return data_size;         /* do not put a signature - ILLEGAL! */
-    }
-
-  *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2);
-  if (*data == NULL)
-    {
-      MHD__gnutls_free_datum (&signature);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  MHD_gtls_write_datum16 (&(*data)[data_size], signature);
-  data_size += signature.size + 2;
-
-  MHD__gnutls_free_datum (&signature);
-
-  return data_size;
-}
-
-static int
-proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data,
-                    size_t _data_size)
-{
-  int sigsize;
-  MHD_gnutls_datum_t vparams, signature;
-  int ret;
-  cert_auth_info_t info = MHD_gtls_get_auth_info (session);
-  ssize_t data_size = _data_size;
-  MHD_gnutls_cert peer_cert;
-
-  if (info == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      /* we need this in order to get peer's certificate */
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* VERIFY SIGNATURE */
-
-  vparams.size = ret;
-  vparams.data = data;
-
-  DECR_LEN (data_size, 2);
-  sigsize = MHD_gtls_read_uint16 (&data[vparams.size]);
-
-  DECR_LEN (data_size, sigsize);
-  signature.data = &data[vparams.size + 2];
-  signature.size = sigsize;
-
-  if ((ret =
-       MHD_gtls_raw_cert_to_gcert (&peer_cert,
-                                   session->security_parameters.cert_type,
-                                   &info->raw_certificate_list[0],
-                                   CERT_NO_COPY)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret =
-    MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
-
-  MHD_gtls_gcert_deinit (&peer_cert);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return ret;
-}
-
-
-
-static int
-proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data,
-                    size_t _data_size)
-{
-  MHD_gtls_cert_credentials_t cred;
-  int ret;
-  mpi_t p, g;
-  const mpi_t *mpis;
-  MHD_gtls_dh_params_t dh_params;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  dh_params =
-    MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
-  mpis = MHD_gtls_dh_params_to_mpi (dh_params);
-  if (mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
-    }
-
-  p = mpis[0];
-  g = mpis[1];
-
-  ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
-
-  return ret;
-
-}

src/daemon/https/tls/auth_rsa.c

@@ -1,415 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the RSA key exchange part of the certificate
- * authentication.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_datum.h"
-#include "auth_cert.h"
-#include <gnutls_pk.h>
-#include <gnutls_algorithms.h>
-#include <gnutls_global.h>
-#include "debug.h"
-#include <gnutls_sig.h>
-#include <gnutls_x509.h>
-#include <gc.h>
-
-int MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t, opaque **);
-int MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t, opaque *, size_t);
-
-const MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct = {
-  "RSA",
-  MHD_gtls_gen_cert_server_certificate,
-  MHD_gtls_gen_cert_client_certificate,
-  NULL,                         /* gen server kx */
-  MHD__gnutls_gen_rsa_client_kx,
-  MHD_gtls_gen_cert_client_cert_vrfy,   /* gen client cert vrfy */
-  MHD_gtls_gen_cert_server_cert_req,    /* server cert request */
-
-  MHD_gtls_proc_cert_server_certificate,
-  MHD__gnutls_proc_cert_client_certificate,
-  NULL,                         /* proc server kx */
-  MHD__gnutls_proc_rsa_client_kx,       /* proc client kx */
-  MHD_gtls_proc_cert_client_cert_vrfy,  /* proc client cert vrfy */
-  MHD_gtls_proc_cert_cert_req   /* proc server cert request */
-};
-
-/* This function reads the RSA parameters from peer's certificate;
- */
-int
-MHD__gnutls_get_public_rsa_params (MHD_gtls_session_t session,
-                                   mpi_t params[MAX_PUBLIC_PARAMS_SIZE],
-                                   int *params_len)
-{
-  int ret;
-  cert_auth_info_t info;
-  MHD_gnutls_cert peer_cert;
-  int i;
-
-  /* normal non export case */
-
-  info = MHD_gtls_get_auth_info (session);
-
-  if (info == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  ret =
-    MHD_gtls_raw_cert_to_gcert (&peer_cert,
-                                session->security_parameters.cert_type,
-                                &info->raw_certificate_list[0],
-                                CERT_ONLY_PUBKEY | CERT_NO_COPY);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-
-  /* EXPORT case: */
-  if (MHD_gtls_cipher_suite_get_kx_algo
-      (&session->security_parameters.current_cipher_suite)
-      == MHD_GNUTLS_KX_RSA_EXPORT
-      && MHD__gnutls_mpi_get_nbits (peer_cert.params[0]) > 512)
-    {
-
-      MHD_gtls_gcert_deinit (&peer_cert);
-
-      if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      if (*params_len < 2)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-      *params_len = 2;
-      for (i = 0; i < *params_len; i++)
-        {
-          params[i] = MHD__gnutls_mpi_copy (session->key->rsa[i]);
-        }
-
-      return 0;
-    }
-
-  /* end of export case */
-
-  if (*params_len < peer_cert.params_size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  *params_len = peer_cert.params_size;
-
-  for (i = 0; i < *params_len; i++)
-    {
-      params[i] = MHD__gnutls_mpi_copy (peer_cert.params[i]);
-    }
-  MHD_gtls_gcert_deinit (&peer_cert);
-
-  return 0;
-}
-
-/* This function reads the RSA parameters from the private key
- */
-int
-MHD__gnutls_get_private_rsa_params (MHD_gtls_session_t session,
-                                    mpi_t ** params, int *params_size)
-{
-  int bits;
-  MHD_gtls_cert_credentials_t cred;
-  MHD_gtls_rsa_params_t rsa_params;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  if (session->internals.selected_cert_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  bits =
-    MHD__gnutls_mpi_get_nbits (session->internals.selected_cert_list[0].
-                               params[0]);
-
-  if (MHD_gtls_cipher_suite_get_kx_algo
-      (&session->security_parameters.current_cipher_suite)
-      == MHD_GNUTLS_KX_RSA_EXPORT && bits > 512)
-    {
-
-      rsa_params =
-        MHD_gtls_certificate_get_rsa_params (cred->rsa_params,
-                                             cred->params_func, session);
-      /* EXPORT case: */
-      if (rsa_params == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
-        }
-
-      /* In the export case, we do use temporary RSA params
-       * of 512 bits size. The params in the certificate are
-       * used to sign this temporary stuff.
-       */
-      *params_size = RSA_PRIVATE_PARAMS;
-      *params = rsa_params->params;
-
-      return 0;
-    }
-
-  /* non export cipher suites. */
-
-  *params_size = session->internals.selected_key->params_size;
-  *params = session->internals.selected_key->params;
-
-  return 0;
-}
-
-int
-MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t session, opaque * data,
-                                size_t _data_size)
-{
-  MHD_gnutls_datum_t plaintext;
-  MHD_gnutls_datum_t ciphertext;
-  int ret, dsize;
-  mpi_t *params;
-  int params_len;
-  int randomize_key = 0;
-  ssize_t data_size = _data_size;
-
-  if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      /* SSL 3.0
-       */
-      ciphertext.data = data;
-      ciphertext.size = data_size;
-    }
-  else
-    {
-      /* TLS 1.0
-       */
-      DECR_LEN (data_size, 2);
-      ciphertext.data = &data[2];
-      dsize = MHD_gtls_read_uint16 (data);
-
-      if (dsize != data_size)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-      ciphertext.size = dsize;
-    }
-
-  ret = MHD__gnutls_get_private_rsa_params (session, &params, &params_len);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = MHD_gtls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2);    /* btype==2 */
-
-  if (ret < 0 || plaintext.size != TLS_MASTER_SIZE)
-    {
-      /* In case decryption fails then don't inform
-       * the peer. Just use a random key. (in order to avoid
-       * attack against pkcs-1 formating).
-       */
-      MHD_gnutls_assert ();
-      MHD__gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n");
-      randomize_key = 1;
-    }
-  else
-    {
-      /* If the secret was properly formatted, then
-       * check the version number.
-       */
-      if (MHD__gnutls_get_adv_version_major (session) != plaintext.data[0]
-          || MHD__gnutls_get_adv_version_minor (session) != plaintext.data[1])
-        {
-          /* No error is returned here, if the version number check
-           * fails. We proceed normally.
-           * That is to defend against the attack described in the paper
-           * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
-           * Ondej Pokorny and Tomas Rosa.
-           */
-          MHD_gnutls_assert ();
-          MHD__gnutls_x509_log
-            ("auth_rsa: Possible PKCS #1 version check format attack\n");
-        }
-    }
-
-  if (randomize_key != 0)
-    {
-      session->key->key.size = TLS_MASTER_SIZE;
-      session->key->key.data = MHD_gnutls_malloc (session->key->key.size);
-      if (session->key->key.data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      /* we do not need strong random numbers here.
-       */
-      if (MHD_gc_nonce
-          ((char *) session->key->key.data, session->key->key.size) != GC_OK)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_RANDOM_FAILED;
-        }
-
-    }
-  else
-    {
-      session->key->key.data = plaintext.data;
-      session->key->key.size = plaintext.size;
-    }
-
-  /* This is here to avoid the version check attack
-   * discussed above.
-   */
-  session->key->key.data[0] = MHD__gnutls_get_adv_version_major (session);
-  session->key->key.data[1] = MHD__gnutls_get_adv_version_minor (session);
-
-  return 0;
-}
-
-
-
-/* return RSA(random) using the peers public key
- */
-int
-MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t session, opaque ** data)
-{
-  cert_auth_info_t auth;
-  MHD_gnutls_datum_t sdata;     /* data to send */
-  mpi_t params[MAX_PUBLIC_PARAMS_SIZE];
-  int params_len = MAX_PUBLIC_PARAMS_SIZE;
-  int ret, i;
-  enum MHD_GNUTLS_Protocol ver;
-
-  if (session->key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  auth = session->key->auth_info;
-  if (auth == NULL)
-    {
-      /* this shouldn't have happened. The proc_certificate
-       * function should have detected that.
-       */
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  session->key->key.size = TLS_MASTER_SIZE;
-  session->key->key.data = MHD_gnutls_secure_malloc (session->key->key.size);
-
-  if (session->key->key.data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  if (MHD_gc_pseudo_random ((char *) session->key->key.data,
-                            session->key->key.size) != GC_OK)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
-    }
-
-  ver = MHD_gtls_get_adv_version (session);
-
-  if (session->internals.rsa_pms_version[0] == 0)
-    {
-      session->key->key.data[0] = MHD_gtls_version_get_major (ver);
-      session->key->key.data[1] = MHD_gtls_version_get_minor (ver);
-    }
-  else
-    {                           /* use the version provided */
-      session->key->key.data[0] = session->internals.rsa_pms_version[0];
-      session->key->key.data[1] = session->internals.rsa_pms_version[1];
-    }
-
-  /* move RSA parameters to key (session).
-   */
-  if ((ret =
-       MHD__gnutls_get_public_rsa_params (session, params, &params_len)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  if ((ret =
-       MHD_gtls_pkcs1_rsa_encrypt (&sdata, &session->key->key,
-                                   params, params_len, 2)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  for (i = 0; i < params_len; i++)
-    MHD_gtls_mpi_release (&params[i]);
-
-  if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      /* SSL 3.0 */
-      *data = sdata.data;
-      return sdata.size;
-    }
-  else
-    {                           /* TLS 1 */
-      *data = MHD_gnutls_malloc (sdata.size + 2);
-      if (*data == NULL)
-        {
-          MHD__gnutls_free_datum (&sdata);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      MHD_gtls_write_datum16 (*data, sdata);
-      ret = sdata.size + 2;
-      MHD__gnutls_free_datum (&sdata);
-      return ret;
-    }
-
-}

src/daemon/https/tls/auth_rsa_export.c

@@ -1,323 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the RSA key exchange part of the certificate
- * authentication.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "gnutls_num.h"
-#include "gnutls_datum.h"
-#include "auth_cert.h"
-#include <gnutls_pk.h>
-#include <gnutls_algorithms.h>
-#include <gnutls_global.h>
-#include "debug.h"
-#include <gnutls_sig.h>
-#include <gnutls_x509.h>
-#include <gnutls_rsa_export.h>
-#include <gnutls_state.h>
-
-int MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t, opaque **);
-int MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t, opaque *, size_t);
-static int gen_rsa_export_server_kx (MHD_gtls_session_t, opaque **);
-static int proc_rsa_export_server_kx (MHD_gtls_session_t, opaque *, size_t);
-
-const MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct = {
-  "RSA EXPORT",
-  MHD_gtls_gen_cert_server_certificate,
-  MHD_gtls_gen_cert_client_certificate,
-  gen_rsa_export_server_kx,
-  MHD__gnutls_gen_rsa_client_kx,
-  MHD_gtls_gen_cert_client_cert_vrfy,   /* gen client cert vrfy */
-  MHD_gtls_gen_cert_server_cert_req,    /* server cert request */
-
-  MHD_gtls_proc_cert_server_certificate,
-  MHD__gnutls_proc_cert_client_certificate,
-  proc_rsa_export_server_kx,
-  MHD__gnutls_proc_rsa_client_kx,       /* proc client kx */
-  MHD_gtls_proc_cert_client_cert_vrfy,  /* proc client cert vrfy */
-  MHD_gtls_proc_cert_cert_req   /* proc server cert request */
-};
-
-static int
-gen_rsa_export_server_kx (MHD_gtls_session_t session, opaque ** data)
-{
-  MHD_gtls_rsa_params_t rsa_params;
-  const mpi_t *rsa_mpis;
-  size_t n_e, n_m;
-  uint8_t *data_e, *data_m;
-  int ret = 0, data_size;
-  MHD_gnutls_cert *apr_cert_list;
-  MHD_gnutls_privkey *apr_pkey;
-  int apr_cert_list_length;
-  MHD_gnutls_datum_t signature, ddata;
-  MHD_gtls_cert_credentials_t cred;
-
-  cred = (MHD_gtls_cert_credentials_t)
-    MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  /* find the appropriate certificate */
-  if ((ret =
-       MHD_gtls_get_selected_cert (session, &apr_cert_list,
-                                   &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* abort sending this message if we have a certificate
-   * of 512 bits or less.
-   */
-  if (apr_pkey && MHD__gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INT_RET_0;
-    }
-
-  rsa_params =
-    MHD_gtls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
-                                         session);
-  rsa_mpis = MHD__gnutls_rsa_params_to_mpi (rsa_params);
-  if (rsa_mpis == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
-    }
-
-  if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
-                                     sizeof (cert_auth_info_st), 0)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD_gtls_rsa_export_set_pubkey (session, rsa_mpis[1], rsa_mpis[0]);
-
-  MHD_gtls_mpi_print (NULL, &n_m, rsa_mpis[0]);
-  MHD_gtls_mpi_print (NULL, &n_e, rsa_mpis[1]);
-
-  (*data) = MHD_gnutls_malloc (n_e + n_m + 4);
-  if (*data == NULL)
-    {
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  data_m = &(*data)[0];
-  MHD_gtls_mpi_print (&data_m[2], &n_m, rsa_mpis[0]);
-
-  MHD_gtls_write_uint16 (n_m, data_m);
-
-  data_e = &data_m[2 + n_m];
-  MHD_gtls_mpi_print (&data_e[2], &n_e, rsa_mpis[1]);
-
-  MHD_gtls_write_uint16 (n_e, data_e);
-
-  data_size = n_m + n_e + 4;
-
-
-  /* Generate the signature. */
-
-  ddata.data = *data;
-  ddata.size = data_size;
-
-  if (apr_cert_list_length > 0)
-    {
-      if ((ret =
-           MHD_gtls_tls_sign_params (session, &apr_cert_list[0],
-                                     apr_pkey, &ddata, &signature)) < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (*data);
-          *data = NULL;
-          return ret;
-        }
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return data_size;         /* do not put a signature - ILLEGAL! */
-    }
-
-  *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2);
-  if (*data == NULL)
-    {
-      MHD__gnutls_free_datum (&signature);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  MHD_gtls_write_datum16 (&((*data)[data_size]), signature);
-  data_size += signature.size + 2;
-
-  MHD__gnutls_free_datum (&signature);
-
-  return data_size;
-}
-
-/* if the peer's certificate is of 512 bits or less, returns non zero.
- */
-int
-MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session)
-{
-  MHD_gnutls_cert peer_cert;
-  int ret;
-  cert_auth_info_t info = MHD_gtls_get_auth_info (session);
-
-  if (info == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      /* we need this in order to get peer's certificate */
-      return 0;
-    }
-
-  if ((ret =
-       MHD_gtls_raw_cert_to_gcert (&peer_cert,
-                                   session->security_parameters.cert_type,
-                                   &info->raw_certificate_list[0],
-                                   CERT_NO_COPY)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return 0;
-    }
-
-  if (peer_cert.subject_pk_algorithm != MHD_GNUTLS_PK_RSA)
-    {
-      MHD_gnutls_assert ();
-      MHD_gtls_gcert_deinit (&peer_cert);
-      return 0;
-    }
-
-  if (MHD__gnutls_mpi_get_nbits (peer_cert.params[0]) <= 512)
-    {
-      MHD_gtls_gcert_deinit (&peer_cert);
-      return 1;
-    }
-
-  MHD_gtls_gcert_deinit (&peer_cert);
-
-  return 0;
-}
-
-static int
-proc_rsa_export_server_kx (MHD_gtls_session_t session,
-                           opaque * data, size_t _data_size)
-{
-  uint16_t n_m, n_e;
-  size_t _n_m, _n_e;
-  uint8_t *data_m;
-  uint8_t *data_e;
-  int i, sigsize;
-  MHD_gnutls_datum_t vparams, signature;
-  int ret;
-  ssize_t data_size = _data_size;
-  cert_auth_info_t info;
-  MHD_gnutls_cert peer_cert;
-
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL || info->ncerts == 0)
-    {
-      MHD_gnutls_assert ();
-      /* we need this in order to get peer's certificate */
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-  i = 0;
-
-  DECR_LEN (data_size, 2);
-  n_m = MHD_gtls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_m);
-  data_m = &data[i];
-  i += n_m;
-
-  DECR_LEN (data_size, 2);
-  n_e = MHD_gtls_read_uint16 (&data[i]);
-  i += 2;
-
-  DECR_LEN (data_size, n_e);
-  data_e = &data[i];
-  i += n_e;
-
-  _n_e = n_e;
-  _n_m = n_m;
-
-  if (MHD_gtls_mpi_scan_nz (&session->key->rsa[0], data_m, &_n_m) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  if (MHD_gtls_mpi_scan_nz (&session->key->rsa[1], data_e, &_n_e) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  MHD_gtls_rsa_export_set_pubkey (session, session->key->rsa[1],
-                                  session->key->rsa[0]);
-
-  /* VERIFY SIGNATURE */
-
-  vparams.size = n_m + n_e + 4;
-  vparams.data = data;
-
-  DECR_LEN (data_size, 2);
-  sigsize = MHD_gtls_read_uint16 (&data[vparams.size]);
-
-  DECR_LEN (data_size, sigsize);
-  signature.data = &data[vparams.size + 2];
-  signature.size = sigsize;
-
-  if ((ret =
-       MHD_gtls_raw_cert_to_gcert (&peer_cert,
-                                   session->security_parameters.cert_type,
-                                   &info->raw_certificate_list[0],
-                                   CERT_NO_COPY)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret =
-    MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature);
-
-  MHD_gtls_gcert_deinit (&peer_cert);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-    }
-
-  return ret;
-}

src/daemon/https/tls/debug.c

@@ -1,95 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <gcrypt.h>
-
-const char *
-MHD__gnutls_packet2str (content_type_t packet)
-{
-  switch (packet)
-    {
-    case GNUTLS_CHANGE_CIPHER_SPEC:
-      return "Change Cipher Spec";
-    case GNUTLS_ALERT:
-      return "Alert";
-    case GNUTLS_HANDSHAKE:
-      return "Handshake";
-    case GNUTLS_APPLICATION_DATA:
-      return "Application Data";
-    case GNUTLS_INNER_APPLICATION:
-      return "Inner Application";
-
-    default:
-      return "Unknown Packet";
-    }
-}
-
-const char *
-MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t handshake)
-{
-
-  switch (handshake)
-    {
-    case GNUTLS_HANDSHAKE_HELLO_REQUEST:
-      return "HELLO REQUEST";
-      break;
-    case GNUTLS_HANDSHAKE_CLIENT_HELLO:
-      return "CLIENT HELLO";
-      break;
-    case GNUTLS_HANDSHAKE_SERVER_HELLO:
-      return "SERVER HELLO";
-      break;
-    case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
-      return "CERTIFICATE";
-      break;
-    case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
-      return "SERVER KEY EXCHANGE";
-      break;
-    case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
-      return "CERTIFICATE REQUEST";
-      break;
-    case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
-      return "SERVER HELLO DONE";
-      break;
-    case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
-      return "CERTIFICATE VERIFY";
-      break;
-    case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
-      return "CLIENT KEY EXCHANGE";
-      break;
-    case GNUTLS_HANDSHAKE_FINISHED:
-      return "FINISHED";
-      break;
-    case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
-      return "SUPPLEMENTAL";
-      break;
-    default:
-      return "Unknown Handshake packet";
-
-    }
-}

src/daemon/https/tls/debug.h

@@ -1,27 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-const char *MHD__gnutls_packet2str (content_type_t packet);
-const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t
-                                       handshake);

src/daemon/https/tls/defines.h

@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef DEFINES_H
-# define DEFINES_H
-
-#ifdef HAVE_CONFIG_H
-# include "MHD_config.h"
-#endif
-
-#include <stddef.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <limits.h>
-#include <stdint.h>
-
-#ifdef NO_SSIZE_T
-# define HAVE_SSIZE_T
-typedef int ssize_t;
-#endif
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#ifndef MINGW
-#include <sys/socket.h>
-#endif
-#include <time.h>
-
-/* TODO check if these should go into config.h */
-#define SIZEOF_UNSIGNED_INT 4
-#define SIZEOF_UNSIGNED_LONG 8
-#define SIZEOF_UNSIGNED_LONG_INT SIZEOF_UNSIGNED_LONG
-
-/* some systems had problems with long long int, thus,
- * it is not used.
- */
-typedef struct
-{
-  unsigned char i[8];
-} uint64;
-
-#endif /* defines_h */

src/daemon/https/tls/ext_cert_type.c

@@ -1,246 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the code the Certificate Type TLS extension.
- * This extension is currently gnutls specific.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_num.h"
-#include "ext_cert_type.h"
-#include "gnutls_state.h"
-#include "gnutls_num.h"
-
-inline static int MHD__gnutls_num2cert_type (int num);
-inline static int MHD__gnutls_cert_type2num (int record_size);
-
-/*
- * In case of a server: if a CERT_TYPE extension type is received then it stores
- * into the session security parameters the new value. The server may use MHD_gnutls_session_certificate_type_get(),
- * to access it.
- *
- * In case of a client: If a cert_types have been specified then we send the extension.
- *
- */
-
-int
-MHD_gtls_cert_type_recv_params (MHD_gtls_session_t session,
-                                const opaque * data, size_t _data_size)
-{
-  int new_type = -1, ret, i;
-  ssize_t data_size = _data_size;
-
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      if (data_size > 0)
-        {
-          if (data_size != 1)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-            }
-
-          new_type = MHD__gnutls_num2cert_type (data[0]);
-
-          if (new_type < 0)
-            {
-              MHD_gnutls_assert ();
-              return new_type;
-            }
-
-          /* Check if we support this cert_type */
-          if ((ret =
-               MHD_gtls_session_cert_type_supported (session, new_type)) < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-
-          MHD__gnutls_session_cert_type_set (session, new_type);
-        }
-    }
-  else
-#endif
-
-    {                           /* SERVER SIDE - we must check if the sent cert type is the right one
-                                 */
-      if (data_size > 1)
-        {
-          uint8_t len;
-
-          len = data[0];
-          DECR_LEN (data_size, len);
-
-          for (i = 0; i < len; i++)
-            {
-              new_type = MHD__gnutls_num2cert_type (data[i + 1]);
-
-              if (new_type < 0)
-                continue;
-
-              /* Check if we support this cert_type */
-              if ((ret =
-                   MHD_gtls_session_cert_type_supported (session,
-                                                         new_type)) < 0)
-                {
-                  MHD_gnutls_assert ();
-                  continue;
-                }
-              else
-                break;
-              /* new_type is ok */
-            }
-
-          if (new_type < 0)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-            }
-
-          if ((ret =
-               MHD_gtls_session_cert_type_supported (session, new_type)) < 0)
-            {
-              MHD_gnutls_assert ();
-              /* The peer has requested unsupported certificate
-               * types. Instead of failing, procceed normally.
-               * (the ciphersuite selection would fail, or a
-               * non certificate ciphersuite will be selected).
-               */
-              return 0;
-            }
-
-          MHD__gnutls_session_cert_type_set (session, new_type);
-        }
-
-
-    }
-
-  return 0;
-}
-
-/* returns data_size or a negative number on failure
- */
-int
-MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data,
-                                size_t data_size)
-{
-  unsigned int len;
-
-  /* this function sends the client extension data (dnsname) */
-#if MHD_DEBUG_TLS
-  unsigned int i;
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-
-      if (session->internals.priorities.cert_type.num_algorithms > 0)
-        {
-
-          len = session->internals.priorities.cert_type.num_algorithms;
-
-          if (len == 1 &&
-              session->internals.priorities.cert_type.priority[0] ==
-              MHD_GNUTLS_CRT_X509)
-            {
-              /* We don't use this extension if X.509 certificates
-               * are used.
-               */
-              return 0;
-            }
-
-          if (data_size < len + 1)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_SHORT_MEMORY_BUFFER;
-            }
-
-          /* this is a vector!
-           */
-          data[0] = (uint8_t) len;
-
-          for (i = 0; i < len; i++)
-            {
-              data[i + 1] =
-                MHD__gnutls_cert_type2num (session->internals.
-                                           priorities.cert_type.priority[i]);
-            }
-          return len + 1;
-        }
-
-    }
-  else
-#endif
-    {                           /* server side */
-      if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
-        {
-          len = 1;
-          if (data_size < len)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_SHORT_MEMORY_BUFFER;
-            }
-
-          data[0] =
-            MHD__gnutls_cert_type2num (session->
-                                       security_parameters.cert_type);
-          return len;
-        }
-
-
-    }
-
-  return 0;
-}
-
-/* Maps numbers to record sizes according to the
- * extensions draft.
- */
-inline static int
-MHD__gnutls_num2cert_type (int num)
-{
-  switch (num)
-    {
-    case 0:
-      return MHD_GNUTLS_CRT_X509;
-    default:
-      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-    }
-}
-
-/* Maps record size to numbers according to the
- * extensions draft.
- */
-inline static int
-MHD__gnutls_cert_type2num (int cert_type)
-{
-  switch (cert_type)
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return 0;
-    default:
-      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-    }
-
-}

src/daemon/https/tls/ext_cert_type.h

@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Maps record size to numbers according to the
- * extensions draft.
- */
-int MHD_gtls_cert_type_recv_params (MHD_gtls_session_t session,
-                                    const opaque * data, size_t data_size);
-int MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data,
-                                    size_t);

src/daemon/https/tls/ext_max_record.c

@@ -1,198 +0,0 @@
-/*
- * Copyright (C) 2001, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the code for the Max Record Size TLS extension.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_num.h"
-#include <ext_max_record.h>
-
-/*
- * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores
- * into the session the new value. The server may use MHD_gnutls_get_max_record_size(),
- * in order to access it.
- *
- * In case of a client: If a different max record size (than the default) has
- * been specified then it sends the extension.
- *
- */
-
-int
-MHD_gtls_max_record_recv_params (MHD_gtls_session_t session,
-                                 const opaque * data, size_t _data_size)
-{
-  ssize_t new_size;
-  ssize_t data_size = _data_size;
-
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      if (data_size > 0)
-        {
-          DECR_LEN (data_size, 1);
-
-          new_size = MHD_gtls_mre_num2record (data[0]);
-
-          if (new_size < 0)
-            {
-              MHD_gnutls_assert ();
-              return new_size;
-            }
-
-          session->security_parameters.max_record_send_size = new_size;
-          session->security_parameters.max_record_recv_size = new_size;
-        }
-    }
-  else
-    {                           /* CLIENT SIDE - we must check if the sent record size is the right one
-                                 */
-      if (data_size > 0)
-        {
-
-          if (data_size != 1)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-            }
-
-          new_size = MHD_gtls_mre_num2record (data[0]);
-
-          if (new_size < 0
-              || new_size != session->internals.proposed_record_size)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-            }
-          else
-            {
-              session->security_parameters.max_record_recv_size =
-                session->internals.proposed_record_size;
-            }
-
-        }
-
-
-    }
-
-  return 0;
-}
-
-/* returns data_size or a negative number on failure
- */
-int
-MHD_gtls_max_record_send_params (MHD_gtls_session_t session, opaque * data,
-                                 size_t data_size)
-{
-  uint16_t len;
-  /* this function sends the client extension data (dnsname) */
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-
-      if (session->internals.proposed_record_size != DEFAULT_MAX_RECORD_SIZE)
-        {
-          len = 1;
-          if (data_size < len)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_SHORT_MEMORY_BUFFER;
-            }
-
-          data[0] =
-            (uint8_t) MHD_gtls_mre_record2num (session->internals.
-                                               proposed_record_size);
-          return len;
-        }
-
-    }
-  else
-#endif
-    {                           /* server side */
-
-      if (session->security_parameters.max_record_recv_size !=
-          DEFAULT_MAX_RECORD_SIZE)
-        {
-          len = 1;
-          if (data_size < len)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_SHORT_MEMORY_BUFFER;
-            }
-
-          data[0] =
-            (uint8_t)
-            MHD_gtls_mre_record2num
-            (session->security_parameters.max_record_recv_size);
-          return len;
-        }
-
-
-    }
-
-  return 0;
-}
-
-/* Maps numbers to record sizes according to the
- * extensions draft.
- */
-int
-MHD_gtls_mre_num2record (int num)
-{
-  switch (num)
-    {
-    case 1:
-      return 512;
-    case 2:
-      return 1024;
-    case 3:
-      return 2048;
-    case 4:
-      return 4096;
-    default:
-      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-    }
-}
-
-/* Maps record size to numbers according to the
- * extensions draft.
- */
-int
-MHD_gtls_mre_record2num (uint16_t record_size)
-{
-  switch (record_size)
-    {
-    case 512:
-      return 1;
-    case 1024:
-      return 2;
-    case 2048:
-      return 3;
-    case 4096:
-      return 4;
-    default:
-      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-    }
-
-}

src/daemon/https/tls/ext_max_record.h

@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Maps record size to numbers according to the
- * extensions draft.
- */
-int MHD_gtls_mre_num2record (int num);
-int MHD_gtls_mre_record2num (uint16_t record_size);
-int MHD_gtls_max_record_recv_params (MHD_gtls_session_t session,
-                                     const opaque * data, size_t data_size);
-int MHD_gtls_max_record_send_params (MHD_gtls_session_t session,
-                                     opaque * data, size_t);

src/daemon/https/tls/ext_server_name.c

@@ -1,223 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include "gnutls_int.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_num.h"
-#include <ext_server_name.h>
-
-/*
- * In case of a server: if a NAME_DNS extension type is received then it stores
- * into the session the value of NAME_DNS. The server may use MHD_gnutls_ext_get_server_name(),
- * in order to access it.
- *
- * In case of a client: If a proper NAME_DNS extension type is found in the session then
- * it sends the extension to the peer.
- *
- */
-
-int
-MHD_gtls_server_name_recv_params (MHD_gtls_session_t session,
-                                  const opaque * data, size_t _data_size)
-{
-  int i;
-  const unsigned char *p;
-  uint16_t len, type;
-  ssize_t data_size = _data_size;
-  int server_names = 0;
-
-  DECR_LENGTH_RET (data_size, 2, 0);
-  len = MHD_gtls_read_uint16 (data);
-
-  if (len != data_size)
-    {
-      /* This is unexpected packet length, but
-       * just ignore it, for now.
-       */
-      MHD_gnutls_assert ();
-      return 0;
-    }
-
-  p = data + 2;
-
-  /* Count all server_names in the packet. */
-  while (data_size > 0)
-    {
-      DECR_LENGTH_RET (data_size, 1, 0);
-      p++;
-
-      DECR_LEN (data_size, 2);
-      len = MHD_gtls_read_uint16 (p);
-      p += 2;
-
-      /* make sure supplied server name is not empty */
-      if (len > 0)
-        {
-          DECR_LENGTH_RET (data_size, len, 0);
-          server_names++;
-          p += len;
-        }
-      else
-        {
-#if HAVE_MESSAGES
-          MHD__gnutls_handshake_log
-            ("HSK[%x]: Received zero size server name (under attack?)\n",
-             session);
-#endif
-        }
-    }
-
-  /* we cannot accept more server names. */
-  if (server_names > MAX_SERVER_NAME_EXTENSIONS)
-    {
-#if HAVE_MESSAGES
-      MHD__gnutls_handshake_log
-        ("HSK[%x]: Too many server names received (under attack?)\n",
-         session);
-#endif
-      server_names = MAX_SERVER_NAME_EXTENSIONS;
-    }
-
-  session->security_parameters.extensions.server_names_size = server_names;
-  if (server_names == 0)
-    return 0;                   /* no names found */
-
-  p = data + 2;
-  for (i = 0; i < server_names; i++)
-    {
-      type = *p;
-      p++;
-
-      len = MHD_gtls_read_uint16 (p);
-      p += 2;
-
-      switch (type)
-        {
-        case 0:                /* NAME_DNS */
-          if (len <= MAX_SERVER_NAME_SIZE)
-            {
-              memcpy (session->security_parameters.extensions.
-                      server_names[i].name, p, len);
-              session->security_parameters.extensions.server_names[i].
-                name_length = len;
-              session->security_parameters.extensions.server_names[i].type =
-                GNUTLS_NAME_DNS;
-              break;
-            }
-        }
-
-      /* move to next record */
-      p += len;
-    }
-  return 0;
-}
-
-/* returns data_size or a negative number on failure
- */
-int
-MHD_gtls_server_name_send_params (MHD_gtls_session_t session,
-                                  opaque * data, size_t _data_size)
-{
-  int total_size = 0;
-#if MHD_DEBUG_TLS
-  uint16_t len;
-  opaque *p;
-  unsigned i;
-  ssize_t data_size = _data_size;
-
-  /* this function sends the client extension data (dnsname) */
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-
-      if (session->security_parameters.extensions.server_names_size == 0)
-        return 0;
-
-      /* uint16_t
-       */
-      total_size = 2;
-      for (i = 0;
-           i < session->security_parameters.extensions.server_names_size; i++)
-        {
-          /* count the total size
-           */
-          len =
-            session->security_parameters.extensions.server_names[i].
-            name_length;
-
-          /* uint8_t + uint16_t + size
-           */
-          total_size += 1 + 2 + len;
-        }
-
-      p = data;
-
-      /* UINT16: write total size of all names
-       */
-      DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
-      MHD_gtls_write_uint16 (total_size - 2, p);
-      p += 2;
-
-      for (i = 0;
-           i < session->security_parameters.extensions.server_names_size; i++)
-        {
-
-          switch (session->security_parameters.extensions.
-                  server_names[i].type)
-            {
-            case GNUTLS_NAME_DNS:
-
-              len =
-                session->security_parameters.extensions.
-                server_names[i].name_length;
-              if (len == 0)
-                break;
-
-              /* UINT8: type of this extension
-               * UINT16: size of the first name
-               * LEN: the actual server name.
-               */
-              DECR_LENGTH_RET (data_size, len + 3,
-                               GNUTLS_E_SHORT_MEMORY_BUFFER);
-
-              *p = 0;           /* NAME_DNS type */
-              p++;
-
-              MHD_gtls_write_uint16 (len, p);
-              p += 2;
-
-              memcpy (p,
-                      session->security_parameters.extensions.
-                      server_names[0].name, len);
-              p += len;
-              break;
-            default:
-              MHD_gnutls_assert ();
-              return GNUTLS_E_INTERNAL_ERROR;
-            }
-        }
-    }
-#endif
-  return total_size;
-}

src/daemon/https/tls/ext_server_name.h

@@ -1,28 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD_gtls_server_name_recv_params (MHD_gtls_session_t session,
-                                      const opaque * data, size_t data_size);
-int MHD_gtls_server_name_send_params (MHD_gtls_session_t session,
-                                      opaque * data, size_t);

src/daemon/https/tls/gnutls.asn

@@ -1,93 +0,0 @@
-GNUTLS { }
-
-DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
--- This file contains parts of PKCS-1 structures and some stuff
--- required for DSA keys.
-
-RSAPublicKey ::= SEQUENCE {
-        modulus                 INTEGER, -- n
-        publicExponent          INTEGER  -- e 
-}
-
--- 
--- Representation of RSA private key with information for the 
--- CRT algorithm.
---
-RSAPrivateKey ::= SEQUENCE {
-        version          	Version,
-        modulus          	INTEGER, -- (Usually large) n
-        publicExponent   	INTEGER, -- (Usually small) e
-        privateExponent  	INTEGER, -- (Usually large) d
-        prime1           	INTEGER, -- (Usually large) p
-	prime2           	INTEGER, -- (Usually large) q
-	exponent1        	INTEGER, -- (Usually large) d mod (p-1)
-	exponent2        	INTEGER, -- (Usually large) d mod (q-1)
-	coefficient      	INTEGER, -- (Usually large) (inverse of q) mod p
-	otherPrimeInfos 	OtherPrimeInfos OPTIONAL
-}
-
-Version ::= INTEGER { two-prime(0), multi(1) }
---	(CONSTRAINED BY { version must be multi if otherPrimeInfos present }) --
-
-OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
-
-OtherPrimeInfo ::= SEQUENCE {
-	prime INTEGER,  -- ri
-	exponent INTEGER, -- di
-	coefficient INTEGER -- ti 
-}
-
--- for signature calculation
--- added by nmav
-
-AlgorithmIdentifier ::= SEQUENCE  {
-     algorithm               OBJECT IDENTIFIER,
-     parameters              ANY DEFINED BY algorithm OPTIONAL  
-}
-                                -- contains a value of the type
-                                -- registered for use with the
-                                -- algorithm object identifier value
-
-DigestInfo ::= SEQUENCE {
-     digestAlgorithm DigestAlgorithmIdentifier,
-     digest Digest 
-}
-
-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
-Digest ::= OCTET STRING
-
-DSAPublicKey ::= INTEGER
-
-DSAParameters ::= SEQUENCE {
-        p                   INTEGER,
-        q                   INTEGER,
-        g                   INTEGER
-}
-
-DSASignatureValue ::= SEQUENCE {
-        r                   INTEGER,
-        s                   INTEGER
-}
-
-DSAPrivateKey ::= SEQUENCE {
-        version          	INTEGER, -- should be zero
-        p          		INTEGER,
-        q   			INTEGER,
-        g  			INTEGER,
-        Y	     	      	INTEGER, -- public
-	priv           		INTEGER
-}
-
--- from PKCS#3
-DHParameter ::= SEQUENCE {
-	prime INTEGER, -- p
-	base INTEGER, -- g
-	privateValueLength INTEGER OPTIONAL 
-}
-
-
-END

src/daemon/https/tls/gnutls.pc

@@ -1,23 +0,0 @@
-# Process this file with autoconf to produce a pkg-config metadata file.
-# Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
-# Author: Simon Josefsson
-# 
-# This file is free software; as a special exception the author gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-# 
-# This file is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-prefix=/home/lama/workbench/programming/c/gnunet/gnutls-2.2.3/build
-exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
-
-Name: GnuTLS
-Description: Transport Security Layer implementation for the GNU system
-Version: 2.2.3
-Libs: -L${libdir} -lgnutls
-Libs.private: -L${exec_prefix}/lib -lgnutls -L/usr/lib -ltasn1 -lgcrypt  
-Cflags: -I${includedir}

src/daemon/https/tls/gnutls_alert.c

@@ -1,296 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_record.h>
-#include <debug.h>
-
-typedef struct
-{
-  MHD_gnutls_alert_description_t alert;
-  const char *desc;
-} MHD_gnutls_alert_entry;
-
-static const MHD_gnutls_alert_entry MHD_gtls_sup_alerts[] = {
-  {GNUTLS_A_CLOSE_NOTIFY, "Close notify"},
-  {GNUTLS_A_UNEXPECTED_MESSAGE, "Unexpected message"},
-  {GNUTLS_A_BAD_RECORD_MAC, "Bad record MAC"},
-  {GNUTLS_A_DECRYPTION_FAILED, "Decryption failed"},
-  {GNUTLS_A_RECORD_OVERFLOW, "Record overflow"},
-  {GNUTLS_A_DECOMPRESSION_FAILURE, "Decompression failed"},
-  {GNUTLS_A_HANDSHAKE_FAILURE, "Handshake failed"},
-  {GNUTLS_A_BAD_CERTIFICATE, "Certificate is bad"},
-  {GNUTLS_A_UNSUPPORTED_CERTIFICATE, "Certificate is not supported"},
-  {GNUTLS_A_CERTIFICATE_REVOKED, "Certificate was revoked"},
-  {GNUTLS_A_CERTIFICATE_EXPIRED, "Certificate is expired"},
-  {GNUTLS_A_CERTIFICATE_UNKNOWN, "Unknown certificate"},
-  {GNUTLS_A_ILLEGAL_PARAMETER, "Illegal parameter"},
-  {GNUTLS_A_UNKNOWN_CA, "CA is unknown"},
-  {GNUTLS_A_ACCESS_DENIED, "Access was denied"},
-  {GNUTLS_A_DECODE_ERROR, "Decode error"},
-  {GNUTLS_A_DECRYPT_ERROR, "Decrypt error"},
-  {GNUTLS_A_EXPORT_RESTRICTION, "Export restriction"},
-  {GNUTLS_A_PROTOCOL_VERSION, "Error in protocol version"},
-  {GNUTLS_A_INSUFFICIENT_SECURITY, "Insufficient security"},
-  {GNUTLS_A_USER_CANCELED, "User canceled"},
-  {GNUTLS_A_INTERNAL_ERROR, "Internal error"},
-  {GNUTLS_A_NO_RENEGOTIATION, "No renegotiation is allowed"},
-  {GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
-   "Could not retrieve the specified certificate"},
-  {GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent"},
-  {GNUTLS_A_UNRECOGNIZED_NAME,
-   "The server name sent was not recognized"},
-  {GNUTLS_A_UNKNOWN_PSK_IDENTITY,
-   "The SRP/PSK username is missing or not known"},
-};
-
-#define GNUTLS_ALERT_LOOP(b) \
-        const MHD_gnutls_alert_entry *p; \
-                for(p = MHD_gtls_sup_alerts; p->desc != NULL; p++) { b ; }
-
-#define GNUTLS_ALERT_ID_LOOP(a) \
-                        GNUTLS_ALERT_LOOP( if(p->alert == alert) { a; break; })
-
-
-/**
-  * MHD__gnutls_alert_get_name - Returns a string describing the alert number given
-  * @alert: is an alert number #MHD_gtls_session_t structure.
-  *
-  * This function will return a string that describes the given alert
-  * number or NULL.  See MHD_gnutls_alert_get().
-  *
-  **/
-const char *
-MHD__gnutls_alert_get_name (MHD_gnutls_alert_description_t alert)
-{
-  const char *ret = NULL;
-
-  GNUTLS_ALERT_ID_LOOP (ret = p->desc);
-
-  return ret;
-}
-
-/**
-  * MHD__gnutls_alert_send - This function sends an alert message to the peer
-  * @session: is a #MHD_gtls_session_t structure.
-  * @level: is the level of the alert
-  * @desc: is the alert description
-  *
-  * This function will send an alert to the peer in order to inform
-  * him of something important (eg. his Certificate could not be verified).
-  * If the alert level is Fatal then the peer is expected to close the
-  * connection, otherwise he may ignore the alert and continue.
-  *
-  * The error code of the underlying record send function will be returned,
-  * so you may also receive GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN as well.
-  *
-  * Returns 0 on success.
-  *
-  **/
-int
-MHD__gnutls_alert_send (MHD_gtls_session_t session,
-                        MHD_gnutls_alert_level_t level,
-                        MHD_gnutls_alert_description_t desc)
-{
-  uint8_t data[2];
-  int ret;
-  const char *name;
-
-  data[0] = (uint8_t) level;
-  data[1] = (uint8_t) desc;
-
-  name = MHD__gnutls_alert_get_name ((int) data[1]);
-  if (name == NULL)
-    name = "(unknown)";
-  MHD__gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0],
-                          data[1], name);
-
-  if ((ret = MHD_gtls_send_int (session, GNUTLS_ALERT, -1, data, 2)) >= 0)
-    return 0;
-  else
-    return ret;
-}
-
-/**
-  * MHD_gtls_error_to_alert - This function returns an alert code based on the given error code
-  * @err: is a negative integer
-  * @level: the alert level will be stored there
-  *
-  * Returns an alert depending on the error code returned by a gnutls
-  * function. All alerts sent by this function should be considered fatal.
-  * The only exception is when err == GNUTLS_E_REHANDSHAKE, where a warning
-  * alert should be sent to the peer indicating that no renegotiation will
-  * be performed.
-  *
-  * If there is no mapping to a valid alert the alert to indicate internal error
-  * is returned.
-  *
-  **/
-int
-MHD_gtls_error_to_alert (int err, int *level)
-{
-  int ret, _level = -1;
-
-  switch (err)
-    {                           /* send appropriate alert */
-    case GNUTLS_E_DECRYPTION_FAILED:
-      /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
-       * it is not defined in SSL3. Note that we must
-       * not distinguish Decryption failures from mac
-       * check failures, due to the possibility of some
-       * attacks.
-       */
-      ret = GNUTLS_A_BAD_RECORD_MAC;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_DECOMPRESSION_FAILED:
-      ret = GNUTLS_A_DECOMPRESSION_FAILURE;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
-    case GNUTLS_E_ILLEGAL_SRP_USERNAME:
-      ret = GNUTLS_A_ILLEGAL_PARAMETER;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
-    case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
-    case GNUTLS_E_ASN1_DER_ERROR:
-    case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
-    case GNUTLS_E_ASN1_GENERIC_ERROR:
-    case GNUTLS_E_ASN1_VALUE_NOT_VALID:
-    case GNUTLS_E_ASN1_TAG_ERROR:
-    case GNUTLS_E_ASN1_TAG_IMPLICIT:
-    case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
-    case GNUTLS_E_ASN1_SYNTAX_ERROR:
-    case GNUTLS_E_ASN1_DER_OVERFLOW:
-      ret = GNUTLS_A_BAD_CERTIFICATE;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
-    case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
-    case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
-    case GNUTLS_E_NO_CIPHER_SUITES:
-    case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
-      ret = GNUTLS_A_HANDSHAKE_FAILURE;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
-      ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_UNEXPECTED_PACKET:
-    case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
-      ret = GNUTLS_A_UNEXPECTED_MESSAGE;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_REHANDSHAKE:
-      ret = GNUTLS_A_NO_RENEGOTIATION;
-      _level = GNUTLS_AL_WARNING;
-      break;
-    case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
-      ret = GNUTLS_A_PROTOCOL_VERSION;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
-      ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
-      ret = GNUTLS_A_RECORD_OVERFLOW;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_INTERNAL_ERROR:
-    case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
-    case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
-      ret = GNUTLS_A_INTERNAL_ERROR;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
-    case GNUTLS_E_NO_CERTIFICATE_FOUND:
-      ret = GNUTLS_A_INSUFFICIENT_SECURITY;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    default:
-      ret = GNUTLS_A_INTERNAL_ERROR;
-      _level = GNUTLS_AL_FATAL;
-      break;
-    }
-
-  if (level != NULL)
-    *level = _level;
-
-  return ret;
-}
-
-
-/**
- * MHD__gnutls_alert_send_appropriate - This function sends an alert to the peer depending on the error code
- * @session: is a #MHD_gtls_session_t structure.
- * @err: is an integer
- *
- * Sends an alert to the peer depending on the error code returned by a gnutls
- * function. This function will call MHD_gtls_error_to_alert() to determine
- * the appropriate alert to send.
- *
- * This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED.
- *
- * If the return value is GNUTLS_E_INVALID_REQUEST, then no alert has
- * been sent to the peer.
- *
- * Returns zero on success.
- */
-int
-MHD__gnutls_alert_send_appropriate (MHD_gtls_session_t session, int err)
-{
-  int alert;
-  int level;
-
-  alert = MHD_gtls_error_to_alert (err, &level);
-  if (alert < 0)
-    {
-      return alert;
-    }
-
-  return MHD__gnutls_alert_send (session, level, alert);
-}
-
-/**
-  * MHD_gnutls_alert_get - Returns the last alert number received.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function will return the last alert number received. This
-  * function should be called if GNUTLS_E_WARNING_ALERT_RECEIVED or
-  * GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls
-  * function.  The peer may send alerts if he thinks some things were
-  * not right. Check gnutls.h for the available alert descriptions.
-  *
-  * If no alert has been received the returned value is undefined.
-  *
-  **/
-MHD_gnutls_alert_description_t
-MHD_gnutls_alert_get (MHD_gtls_session_t session)
-{
-  return session->internals.last_alert;
-}

src/daemon/https/tls/gnutls_algorithms.c

@@ -1,1340 +0,0 @@
-/*
- * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include "gnutls_int.h"
-#include "gnutls_algorithms.h"
-#include "gnutls_errors.h"
-#include "gnutls_cert.h"
-/* x509 */
-#include "common.h"
-
-/* Cred type mappings to KX algorithms
- * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
- * more than one credentials type.
- */
-typedef struct
-{
-  enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm;
-  enum MHD_GNUTLS_CredentialsType client_type;
-  enum MHD_GNUTLS_CredentialsType server_type;  /* The type of credentials a server
-                                                 * needs to set */
-} MHD_gnutls_cred_map;
-
-static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
-  {MHD_GNUTLS_KX_RSA,
-   MHD_GNUTLS_CRD_CERTIFICATE,
-   MHD_GNUTLS_CRD_CERTIFICATE},
-  {MHD_GNUTLS_KX_RSA_EXPORT,
-   MHD_GNUTLS_CRD_CERTIFICATE,
-   MHD_GNUTLS_CRD_CERTIFICATE},
-  {0,
-   0,
-   0}
-};
-
-#define GNUTLS_KX_MAP_LOOP(b) \
-        const MHD_gnutls_cred_map *p; \
-                for(p = MHD_gtls_cred_mappings; p->algorithm != 0; p++) { b ; }
-
-#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
-                        GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
-
-#define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \
-                        GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; })
-
-/* KX mappings to PK algorithms */
-typedef struct
-{
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
-  enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
-  enum encipher_type encipher_type;     /* CIPHER_ENCRYPT if this algorithm is to be used
-                                         * for encryption, CIPHER_SIGN if signature only,
-                                         * CIPHER_IGN if this does not apply at all.
-                                         *
-                                         * This is useful to certificate cipher suites, which check
-                                         * against the certificate key usage bits.
-                                         */
-} MHD_gnutls_pk_map;
-
-/* This table maps the Key exchange algorithms to
- * the certificate algorithms. Eg. if we have
- * RSA algorithm in the certificate then we can
- * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
- */
-static const MHD_gnutls_pk_map MHD_gtls_pk_mappings[] = {
-  {MHD_GNUTLS_KX_RSA,
-   MHD_GNUTLS_PK_RSA,
-   CIPHER_ENCRYPT},
-  {MHD_GNUTLS_KX_RSA_EXPORT,
-   MHD_GNUTLS_PK_RSA,
-   CIPHER_SIGN},
-  {0,
-   0,
-   0}
-};
-
-#define GNUTLS_PK_MAP_LOOP(b) \
-        const MHD_gnutls_pk_map *p; \
-                for(p = MHD_gtls_pk_mappings; p->kx_algorithm != 0; p++) { b }
-
-#define GNUTLS_PK_MAP_ALG_LOOP(a) \
-                        GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
-
-/* TLS Versions */
-
-typedef struct
-{
-  const char *name;
-  enum MHD_GNUTLS_Protocol id;  /* gnutls internal version number */
-  int major;                    /* defined by the protocol */
-  int minor;                    /* defined by the protocol */
-  int supported;                /* 0 not supported, > 0 is supported */
-} MHD_gnutls_version_entry;
-
-static const MHD_gnutls_version_entry MHD_gtls_sup_versions[] = {
-  {"SSL3.0",
-   MHD_GNUTLS_PROTOCOL_SSL3,
-   3,
-   0,
-   1},
-  {"TLS1.0",
-   MHD_GNUTLS_PROTOCOL_TLS1_0,
-   3,
-   1,
-   1},
-  {"TLS1.1",
-   MHD_GNUTLS_PROTOCOL_TLS1_1,
-   3,
-   2,
-   1},
-  {"TLS1.2",
-   MHD_GNUTLS_PROTOCOL_TLS1_2,
-   3,
-   3,
-   1},
-  {0,
-   0,
-   0,
-   0,
-   0}
-};
-
-/* Keep the contents of this struct the same as the previous one. */
-static const enum MHD_GNUTLS_Protocol MHD_gtls_supported_protocols[] =
-{ MHD_GNUTLS_PROTOCOL_SSL3,
-  MHD_GNUTLS_PROTOCOL_TLS1_0,
-  MHD_GNUTLS_PROTOCOL_TLS1_1,
-  MHD_GNUTLS_PROTOCOL_TLS1_2,
-  0
-};
-
-#define GNUTLS_VERSION_LOOP(b) \
-        const MHD_gnutls_version_entry *p; \
-                for(p = MHD_gtls_sup_versions; p->name != NULL; p++) { b ; }
-
-#define GNUTLS_VERSION_ALG_LOOP(a) \
-                        GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
-
-struct MHD_gnutls_cipher_entry
-{
-  const char *name;
-  enum MHD_GNUTLS_CipherAlgorithm id;
-  uint16_t blocksize;
-  uint16_t keysize;
-  cipher_type_t block;
-  uint16_t iv;
-  int export_flag;              /* 0 non export */
-};
-typedef struct MHD_gnutls_cipher_entry MHD_gnutls_cipher_entry;
-
-/* Note that all algorithms are in CBC or STREAM modes.
- * Do not add any algorithms in other modes (avoid modified algorithms).
- * View first: "The order of encryption and authentication for
- * protecting communications" by Hugo Krawczyk - CRYPTO 2001
- */
-static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = {
-  {"AES-256-CBC",
-   MHD_GNUTLS_CIPHER_AES_256_CBC,
-   16,
-   32,
-   CIPHER_BLOCK,
-   16,
-   0},
-  {"AES-128-CBC",
-   MHD_GNUTLS_CIPHER_AES_128_CBC,
-   16,
-   16,
-   CIPHER_BLOCK,
-   16,
-   0},
-  {"3DES-CBC",
-   MHD_GNUTLS_CIPHER_3DES_CBC,
-   8,
-   24,
-   CIPHER_BLOCK,
-   8,
-   0},
-  {"ARCFOUR-128",
-   MHD_GNUTLS_CIPHER_ARCFOUR_128,
-   1,
-   16,
-   CIPHER_STREAM,
-   0,
-   0},
-  {"NULL",
-   MHD_GNUTLS_CIPHER_NULL,
-   1,
-   0,
-   CIPHER_STREAM,
-   0,
-   0},
-  {0,
-   0,
-   0,
-   0,
-   0,
-   0,
-   0}
-};
-
-/* Keep the contents of this struct the same as the previous one. */
-static const enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_supported_ciphers[] =
-{ MHD_GNUTLS_CIPHER_AES_256_CBC,
-  MHD_GNUTLS_CIPHER_AES_128_CBC,
-  MHD_GNUTLS_CIPHER_3DES_CBC,
-  MHD_GNUTLS_CIPHER_ARCFOUR_128,
-  MHD_GNUTLS_CIPHER_NULL,
-  0
-};
-
-#define GNUTLS_LOOP(b) \
-        const MHD_gnutls_cipher_entry *p; \
-                for(p = MHD_gtls_algorithms; p->name != NULL; p++) { b ; }
-
-#define GNUTLS_ALG_LOOP(a) \
-                        GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
-
-struct MHD_gnutls_hash_entry
-{
-  const char *name;
-  const char *oid;
-  enum MHD_GNUTLS_HashAlgorithm id;
-  size_t key_size;              /* in case of mac */
-};
-typedef struct MHD_gnutls_hash_entry MHD_gnutls_hash_entry;
-
-static const MHD_gnutls_hash_entry MHD_gtls_hash_algorithms[] = {
-  {"SHA1",
-   HASH_OID_SHA1,
-   MHD_GNUTLS_MAC_SHA1,
-   20},
-  {"MD5",
-   HASH_OID_MD5,
-   MHD_GNUTLS_MAC_MD5,
-   16},
-  {"SHA256",
-   HASH_OID_SHA256,
-   MHD_GNUTLS_MAC_SHA256,
-   32},
-  {"NULL",
-   NULL,
-   MHD_GNUTLS_MAC_NULL,
-   0},
-  {0,
-   0,
-   0,
-   0}
-};
-
-/* Keep the contents of this struct the same as the previous one. */
-static const enum MHD_GNUTLS_HashAlgorithm MHD_gtls_supported_macs[] =
-{ MHD_GNUTLS_MAC_SHA1,
-  MHD_GNUTLS_MAC_MD5,
-  MHD_GNUTLS_MAC_SHA256,
-  MHD_GNUTLS_MAC_NULL,
-  0
-};
-
-#define GNUTLS_HASH_LOOP(b) \
-        const MHD_gnutls_hash_entry *p; \
-                for(p = MHD_gtls_hash_algorithms; p->name != NULL; p++) { b ; }
-
-#define GNUTLS_HASH_ALG_LOOP(a) \
-                        GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
-
-/* Compression Section */
-#define GNUTLS_COMPRESSION_ENTRY(name, id, wb, ml, cl) \
-	{ #name, name, id, wb, ml, cl}
-
-#define MAX_COMP_METHODS 5
-const int MHD__gnutls_comp_algorithms_size = MAX_COMP_METHODS;
-
-/* the compression entry is defined in MHD_gnutls_algorithms.h */
-
-MHD_gnutls_compression_entry
-  MHD__gnutls_compression_algorithms[MAX_COMP_METHODS] =
-{
-  GNUTLS_COMPRESSION_ENTRY (MHD_GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
-  {
-  0, 0, 0, 0, 0, 0}
-};
-
-static const enum MHD_GNUTLS_CompressionMethod
-  MHD_gtls_supported_compressions[] =
-{
-  MHD_GNUTLS_COMP_NULL,
-  0
-};
-
-#define GNUTLS_COMPRESSION_LOOP(b) \
-        const MHD_gnutls_compression_entry *p; \
-                for(p = MHD__gnutls_compression_algorithms; p->name != NULL; p++) { b ; }
-#define GNUTLS_COMPRESSION_ALG_LOOP(a) \
-                        GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } )
-#define GNUTLS_COMPRESSION_ALG_LOOP_NUM(a) \
-                        GNUTLS_COMPRESSION_LOOP( if(p->num == num) { a; break; } )
-
-/* Key Exchange Section */
-extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct;
-extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct;
-extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct;
-extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct;
-extern MHD_gtls_mod_auth_st srp_auth_struct;
-extern MHD_gtls_mod_auth_st psk_auth_struct;
-extern MHD_gtls_mod_auth_st dhe_psk_auth_struct;
-extern MHD_gtls_mod_auth_st srp_rsa_auth_struct;
-extern MHD_gtls_mod_auth_st srp_dss_auth_struct;
-
-typedef struct MHD_gtls_kx_algo_entry
-{
-  const char *name;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm;
-  MHD_gtls_mod_auth_st *auth_struct;
-  int needs_dh_params;
-  int needs_rsa_params;
-} MHD_gtls_kx_algo_entry_t;
-
-static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
-  {"RSA",
-   MHD_GNUTLS_KX_RSA,
-   &MHD_gtls_rsa_auth_struct,
-   0,
-   0},
-  {"RSA-EXPORT",
-   MHD_GNUTLS_KX_RSA_EXPORT,
-   &MHD_rsa_export_auth_struct,
-   0,
-   1 /* needs RSA params */ },
-  {0,
-   0,
-   0,
-   0,
-   0}
-};
-
-/* Keep the contents of this struct the same as the previous one. */
-static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
-{
-  MHD_GNUTLS_KX_RSA,
-  MHD_GNUTLS_KX_RSA_EXPORT,
-  0
-};
-
-#define GNUTLS_KX_LOOP(b) \
-        const MHD_gtls_kx_algo_entry_t *p; \
-                for(p = MHD_gtls_kx_algorithms; p->name != NULL; p++) { b ; }
-
-#define GNUTLS_KX_ALG_LOOP(a) \
-                        GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
-
-/* Cipher SUITES */
-#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
-	{ #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
-
-typedef struct
-{
-  const char *name;
-  cipher_suite_st id;
-  enum MHD_GNUTLS_CipherAlgorithm block_algorithm;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
-  enum MHD_GNUTLS_HashAlgorithm mac_algorithm;
-  enum MHD_GNUTLS_Protocol version;     /* this cipher suite is supported
-                                         * from 'version' and above;
-                                         */
-} MHD_gtls_cipher_suite_entry;
-
-/* RSA with NULL cipher and MD5 MAC
- * for test purposes.
- */
-#define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
-
-/* PSK (not in TLS 1.0)
- * draft-ietf-tls-psk:
- */
-#define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
-#define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
-#define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
-#define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
-
-#define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
-#define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
-#define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
-#define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
-
-/* SRP (rfc5054)
- */
-#define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
-#define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
-#define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
-
-#define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
-#define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
-#define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
-
-#define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
-#define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
-#define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
-
-/* RSA
- */
-#define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
-#define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
-#define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
-
-/* rfc3268:
- */
-#define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
-#define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
-
-/* rfc4132 */
-#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
-#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
-
-/* DHE DSS
- */
-
-#define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
-
-/* draft-ietf-tls-56-bit-ciphersuites-01:
- */
-#define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
-
-/* rfc3268:
- */
-#define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
-#define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
-
-/* rfc4132 */
-#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
-#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
-
-/* DHE RSA
- */
-#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
-
-/* rfc3268:
- */
-#define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
-#define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
-
-/* rfc4132 */
-#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
-#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
-
-#define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1
-
-static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
-  /* RSA */
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
-                             MHD_GNUTLS_CIPHER_NULL,
-                             MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
-                             MHD_GNUTLS_CIPHER_ARCFOUR_128,
-                             MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1,
-                             MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
-                             MHD_GNUTLS_CIPHER_ARCFOUR_128,
-                             MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_MD5,
-                             MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_3DES_CBC,
-                             MHD_GNUTLS_KX_RSA, MHD_GNUTLS_MAC_SHA1,
-                             MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_AES_128_CBC, MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-  {0,
-   {
-    {0,
-     0}},
-   0,
-   0,
-   0,
-   0}
-};
-
-#define GNUTLS_CIPHER_SUITE_LOOP(b) \
-        const MHD_gtls_cipher_suite_entry *p; \
-                for(p = MHD_gtls_cs_algorithms; p->name != NULL; p++) { b ; }
-
-#define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
-                        GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
-
-/* Generic Functions */
-
-int
-MHD_gtls_mac_priority (MHD_gtls_session_t session,
-                       enum MHD_GNUTLS_HashAlgorithm algorithm)
-{                               /* actually returns the priority */
-  unsigned int i;
-  for (i = 0; i < session->internals.priorities.mac.num_algorithms; i++)
-    {
-      if (session->internals.priorities.mac.priority[i] == algorithm)
-        return i;
-    }
-  return -1;
-}
-
-
-int
-MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  ssize_t ret = -1;
-  GNUTLS_HASH_ALG_LOOP (ret = p->id);
-  if (ret >= 0)
-    ret = 0;
-  else
-    ret = 1;
-  return ret;
-}
-
-
-/**
- * MHD__gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm
- * @algorithm: is a Compression algorithm
- *
- * Returns: a pointer to a string that contains the name of the
- * specified compression algorithm, or %NULL.
- **/
-const char *
-MHD_gtls_compression_get_name (enum MHD_GNUTLS_CompressionMethod algorithm)
-{
-  const char *ret = NULL;
-
-  /* avoid prefix */
-  GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1);
-
-  return ret;
-}
-
-/**
- * MHD_gtls_compression_get_id - Returns the gnutls id of the specified in string algorithm
- * @algorithm: is a compression method name
- *
- * The names are compared in a case insensitive way.
- *
- * Returns: an id of the specified in a string compression method, or
- * %GNUTLS_COMP_UNKNOWN on error.
- *
- **/
-enum MHD_GNUTLS_CompressionMethod
-MHD_gtls_compression_get_id (const char *name)
-{
-  enum MHD_GNUTLS_CompressionMethod ret = MHD_GNUTLS_COMP_UNKNOWN;
-
-  GNUTLS_COMPRESSION_LOOP (if
-                           (strcasecmp
-                            (p->name + sizeof ("GNUTLS_COMP_") - 1,
-                             name) == 0) ret = p->id)
-    ;
-
-  return ret;
-}
-
-
-/* return the tls number of the specified algorithm */
-int
-MHD_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod algorithm)
-{
-  int ret = -1;
-
-  /* avoid prefix */
-  GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num);
-
-  return ret;
-}
-
-int
-MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod algorithm)
-{
-  int ret = -1;
-  /* avoid prefix */
-  GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits);
-  return ret;
-}
-
-int
-MHD_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod
-                                    algorithm)
-{
-  int ret = -1;
-  /* avoid prefix */
-  GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level);
-  return ret;
-}
-
-int
-MHD_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod
-                                     algorithm)
-{
-  int ret = -1;
-  /* avoid prefix */
-  GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level);
-  return ret;
-}
-
-/* returns the gnutls internal ID of the TLS compression
- * method num
- */
-enum MHD_GNUTLS_CompressionMethod
-MHD_gtls_compression_get_id_from_int (int num)
-{
-  enum MHD_GNUTLS_CompressionMethod ret = -1;
-
-  /* avoid prefix */
-  GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id);
-
-  return ret;
-}
-
-int
-MHD_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm)
-{
-  ssize_t ret = -1;
-  GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id);
-  if (ret >= 0)
-    ret = 0;
-  else
-    ret = 1;
-  return ret;
-}
-
-/* CIPHER functions */
-int
-MHD_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{
-  size_t ret = 0;
-  GNUTLS_ALG_LOOP (ret = p->blocksize);
-  return ret;
-
-}
-
-/* returns the priority */
-int
-MHD_gtls_cipher_priority (MHD_gtls_session_t session,
-                          enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{
-  unsigned int i;
-  for (i = 0; i < session->internals.priorities.cipher.num_algorithms; i++)
-    {
-      if (session->internals.priorities.cipher.priority[i] == algorithm)
-        return i;
-    }
-  return -1;
-}
-
-int
-MHD_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{
-  size_t ret = 0;
-
-  GNUTLS_ALG_LOOP (ret = p->block);
-  return ret;
-
-}
-
-/**
- * MHD__gnutls_cipher_get_key_size - Returns the length of the cipher's key size
- * @algorithm: is an encryption algorithm
- *
- * Returns: length (in bytes) of the given cipher's key size, o 0 if
- *   the given cipher is invalid.
- **/
-size_t
-MHD__gnutls_cipher_get_key_size (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{                               /* In bytes */
-  size_t ret = 0;
-  GNUTLS_ALG_LOOP (ret = p->keysize);
-  return ret;
-
-}
-
-int
-MHD_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{                               /* In bytes */
-  size_t ret = 0;
-  GNUTLS_ALG_LOOP (ret = p->iv);
-  return ret;
-
-}
-
-int
-MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{                               /* In bytes */
-  size_t ret = 0;
-  GNUTLS_ALG_LOOP (ret = p->export_flag);
-  return ret;
-
-}
-
-
-int
-MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm)
-{
-  ssize_t ret = -1;
-  GNUTLS_ALG_LOOP (ret = p->id);
-  if (ret >= 0)
-    ret = 0;
-  else
-    ret = 1;
-  return ret;
-}
-
-/* Key EXCHANGE functions */
-MHD_gtls_mod_auth_st *
-MHD_gtls_kx_auth_struct (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
-  MHD_gtls_mod_auth_st *ret = NULL;
-  GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
-  return ret;
-
-}
-
-int
-MHD_gtls_kx_priority (MHD_gtls_session_t session,
-                      enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
-  unsigned int i;
-  for (i = 0; i < session->internals.priorities.kx.num_algorithms; i++)
-    {
-      if (session->internals.priorities.kx.priority[i] == algorithm)
-        return i;
-    }
-  return -1;
-}
-
-
-int
-MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
-  ssize_t ret = -1;
-  GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
-  if (ret >= 0)
-    ret = 0;
-  else
-    ret = 1;
-  return ret;
-}
-
-int
-MHD_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
-  ssize_t ret = 0;
-  GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params);
-  return ret;
-}
-
-int
-MHD_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm)
-{
-  ssize_t ret = 0;
-  GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
-  return ret;
-}
-
-/* Version */
-int
-MHD_gtls_version_priority (MHD_gtls_session_t session,
-                           enum MHD_GNUTLS_Protocol version)
-{                               /* actually returns the priority */
-  unsigned int i;
-
-  if (session->internals.priorities.protocol.priority == NULL)
-    {
-      MHD_gnutls_assert ();
-      return -1;
-    }
-
-  for (i = 0; i < session->internals.priorities.protocol.num_algorithms; i++)
-    {
-      if (session->internals.priorities.protocol.priority[i] == version)
-        return i;
-    }
-  return -1;
-}
-
-
-enum MHD_GNUTLS_Protocol
-MHD_gtls_version_max (MHD_gtls_session_t session)
-{                               /* returns the maximum version supported */
-  unsigned int i, max = 0x00;
-
-  if (session->internals.priorities.protocol.priority == NULL)
-    {
-      return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN;
-    }
-  else
-    for (i = 0; i < session->internals.priorities.protocol.num_algorithms;
-         i++)
-      {
-        if (session->internals.priorities.protocol.priority[i] > max)
-          max = session->internals.priorities.protocol.priority[i];
-      }
-
-  if (max == 0x00)
-    return MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN; /* unknown version */
-
-  return max;
-}
-
-int
-MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol version)
-{
-  int ret = -1;
-
-  GNUTLS_VERSION_ALG_LOOP (ret = p->minor);
-  return ret;
-}
-
-enum MHD_GNUTLS_Protocol
-MHD_gtls_version_get (int major, int minor)
-{
-  int ret = -1;
-
-  GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
-                       ret = p->id)
-    ;
-  return ret;
-}
-
-int
-MHD_gtls_version_get_major (enum MHD_GNUTLS_Protocol version)
-{
-  int ret = -1;
-
-  GNUTLS_VERSION_ALG_LOOP (ret = p->major);
-  return ret;
-}
-
-/* Version Functions */
-
-int
-MHD_gtls_version_is_supported (MHD_gtls_session_t session,
-                               const enum MHD_GNUTLS_Protocol version)
-{
-  int ret = 0;
-
-  GNUTLS_VERSION_ALG_LOOP (ret = p->supported);
-  if (ret == 0)
-    return 0;
-
-  if (MHD_gtls_version_priority (session, version) < 0)
-    return 0;                   /* disabled by the user */
-  else
-    return 1;
-}
-
-enum MHD_GNUTLS_CredentialsType
-MHD_gtls_map_kx_get_cred (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm,
-                          int server)
-{
-  enum MHD_GNUTLS_CredentialsType ret = -1;
-  if (server)
-    {
-      GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = p->server_type)
-        ;
-    }
-  else
-    {
-      GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = p->client_type)
-        ;
-    }
-
-  return ret;
-}
-
-/* Cipher Suite's functions */
-enum MHD_GNUTLS_CipherAlgorithm
-MHD_gtls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite)
-{
-  int ret = 0;
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
-  return ret;
-}
-
-enum MHD_GNUTLS_Protocol
-MHD_gtls_cipher_suite_get_version (const cipher_suite_st * suite)
-{
-  int ret = 0;
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version);
-  return ret;
-}
-
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-MHD_gtls_cipher_suite_get_kx_algo (const cipher_suite_st * suite)
-{
-  int ret = 0;
-
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
-  return ret;
-
-}
-
-enum MHD_GNUTLS_HashAlgorithm
-MHD_gtls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
-{                               /* In bytes */
-  int ret = 0;
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
-  return ret;
-
-}
-
-const char *
-MHD_gtls_cipher_suite_get_name (cipher_suite_st * suite)
-{
-  const char *ret = NULL;
-
-  /* avoid prefix */
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
-
-  return ret;
-}
-
-static inline int
-MHD__gnutls_cipher_suite_is_ok (cipher_suite_st * suite)
-{
-  size_t ret;
-  const char *name = NULL;
-
-  GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name);
-  if (name != NULL)
-    ret = 0;
-  else
-    ret = 1;
-  return ret;
-
-}
-
-#define SWAP(x, y) memcpy(tmp,x,size); \
-		   memcpy(x,y,size); \
-		   memcpy(y,tmp,size);
-
-#define MAX_ELEM_SIZE 4
-static inline int
-MHD__gnutls_partition (MHD_gtls_session_t session,
-                       void *_base,
-                       size_t nmemb,
-                       size_t size,
-                       int (*compar) (MHD_gtls_session_t,
-                                      const void *, const void *))
-{
-  uint8_t *base = _base;
-  uint8_t tmp[MAX_ELEM_SIZE];
-  uint8_t ptmp[MAX_ELEM_SIZE];
-  unsigned int pivot;
-  unsigned int i, j;
-  unsigned int full;
-
-  i = pivot = 0;
-  j = full = (nmemb - 1) * size;
-
-  memcpy (ptmp, &base[0], size);        /* set pivot item */
-
-  while (i < j)
-    {
-      while ((compar (session, &base[i], ptmp) <= 0) && (i < full))
-        {
-          i += size;
-        }
-      while ((compar (session, &base[j], ptmp) >= 0) && (j > 0))
-        j -= size;
-
-      if (i < j)
-        {
-          SWAP (&base[j], &base[i]);
-        }
-    }
-
-  if (j > pivot)
-    {
-      SWAP (&base[pivot], &base[j]);
-      pivot = j;
-    }
-  else if (i < pivot)
-    {
-      SWAP (&base[pivot], &base[i]);
-      pivot = i;
-    }
-  return pivot / size;
-}
-
-static void
-MHD__gnutls_qsort (MHD_gtls_session_t session,
-                   void *_base,
-                   size_t nmemb,
-                   size_t size,
-                   int (*compar) (MHD_gtls_session_t, const void *,
-                                  const void *))
-{
-  unsigned int pivot;
-  char *base = _base;
-  size_t snmemb = nmemb;
-
-  if (snmemb <= 1)
-    return;
-  pivot = MHD__gnutls_partition (session, _base, nmemb, size, compar);
-
-  MHD__gnutls_qsort (session, base, pivot < nmemb ? pivot + 1
-                     : pivot, size, compar);
-  MHD__gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1,
-                     size, compar);
-}
-
-/* a compare function for KX algorithms (using priorities).
- * For use with qsort
- */
-static int
-MHD__gnutls_compare_algo (MHD_gtls_session_t session,
-                          const void *i_A1, const void *i_A2)
-{
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kA1 =
-    MHD_gtls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1);
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kA2 =
-    MHD_gtls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A2);
-  enum MHD_GNUTLS_CipherAlgorithm cA1 =
-    MHD_gtls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1);
-  enum MHD_GNUTLS_CipherAlgorithm cA2 =
-    MHD_gtls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2);
-  enum MHD_GNUTLS_HashAlgorithm mA1 =
-    MHD_gtls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1);
-  enum MHD_GNUTLS_HashAlgorithm mA2 =
-    MHD_gtls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2);
-
-  int p1 = (MHD_gtls_kx_priority (session, kA1) + 1) * 64;
-  int p2 = (MHD_gtls_kx_priority (session, kA2) + 1) * 64;
-  p1 += (MHD_gtls_cipher_priority (session, cA1) + 1) * 8;
-  p2 += (MHD_gtls_cipher_priority (session, cA2) + 1) * 8;
-  p1 += MHD_gtls_mac_priority (session, mA1);
-  p2 += MHD_gtls_mac_priority (session, mA2);
-
-  if (p1 > p2)
-    {
-      return 1;
-    }
-  else
-    {
-      if (p1 == p2)
-        {
-          return 0;
-        }
-      return -1;
-    }
-}
-
-int
-MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session,
-                                        cipher_suite_st ** ciphers)
-{
-
-  int count;
-
-  count = MHD_gtls_supported_ciphersuites (session, ciphers);
-  if (count <= 0)
-    {
-      MHD_gnutls_assert ();
-      return count;
-    }
-  MHD__gnutls_qsort (session, *ciphers, count, sizeof (cipher_suite_st),
-                     MHD__gnutls_compare_algo);
-
-  return count;
-}
-
-int
-MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session,
-                                 cipher_suite_st ** _ciphers)
-{
-
-  unsigned int i, ret_count, j;
-  unsigned int count = CIPHER_SUITES_COUNT;
-  cipher_suite_st *tmp_ciphers;
-  cipher_suite_st *ciphers;
-  enum MHD_GNUTLS_Protocol version;
-
-  if (count == 0)
-    {
-      return 0;
-    }
-
-  tmp_ciphers = MHD_gnutls_alloca (count * sizeof (cipher_suite_st));
-  if (tmp_ciphers == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  ciphers = MHD_gnutls_malloc (count * sizeof (cipher_suite_st));
-  if (ciphers == NULL)
-    {
-      MHD_gnutls_afree (tmp_ciphers);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  version = MHD__gnutls_protocol_get_version (session);
-
-  for (i = 0; i < count; i++)
-    {
-      memcpy (&tmp_ciphers[i], &MHD_gtls_cs_algorithms[i].id,
-              sizeof (cipher_suite_st));
-    }
-
-  for (i = j = 0; i < count; i++)
-    {
-      /* remove private cipher suites, if requested.
-       */
-      if (tmp_ciphers[i].suite[0] == 0xFF)
-        continue;
-
-      /* remove cipher suites which do not support the
-       * protocol version used.
-       */
-      if (MHD_gtls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
-        continue;
-
-      if (MHD_gtls_kx_priority (session,
-                                MHD_gtls_cipher_suite_get_kx_algo
-                                (&tmp_ciphers[i])) < 0)
-        continue;
-      if (MHD_gtls_mac_priority (session,
-                                 MHD_gtls_cipher_suite_get_mac_algo
-                                 (&tmp_ciphers[i])) < 0)
-        continue;
-      if (MHD_gtls_cipher_priority (session,
-                                    MHD_gtls_cipher_suite_get_cipher_algo
-                                    (&tmp_ciphers[i])) < 0)
-        continue;
-
-      memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
-      j++;
-    }
-
-  ret_count = j;
-
-  MHD_gnutls_afree (tmp_ciphers);
-
-  /* This function can no longer return 0 cipher suites.
-   * It returns an error code instead.
-   */
-  if (ret_count == 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (ciphers);
-      return GNUTLS_E_NO_CIPHER_SUITES;
-    }
-  *_ciphers = ciphers;
-  return ret_count;
-}
-
-/* For compression  */
-
-#define MIN_PRIVATE_COMP_ALGO 0xEF
-
-/* returns the TLS numbers of the compression methods we support
- */
-#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.num_algorithms
-int
-MHD_gtls_supported_compression_methods (MHD_gtls_session_t session,
-                                        uint8_t ** comp)
-{
-  unsigned int i, j;
-
-  *comp =
-    MHD_gnutls_malloc (sizeof (uint8_t) * SUPPORTED_COMPRESSION_METHODS);
-  if (*comp == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
-    {
-      int tmp =
-        MHD_gtls_compression_get_num (session->internals.priorities.
-                                      compression.priority[i]);
-
-      /* remove private compression algorithms, if requested.
-       */
-      if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO))
-        {
-          MHD_gnutls_assert ();
-          continue;
-        }
-
-      (*comp)[j] = (uint8_t) tmp;
-      j++;
-    }
-
-  if (j == 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (*comp);
-      *comp = NULL;
-      return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
-    }
-  return j;
-}
-
-static const enum MHD_GNUTLS_CertificateType
-  MHD_gtls_supported_certificate_types[] =
-{ MHD_GNUTLS_CRT_X509,
-  0
-};
-
-
-/* returns the enum MHD_GNUTLS_PublicKeyAlgorithm which is compatible with
- * the given enum MHD_GNUTLS_KeyExchangeAlgorithm.
- */
-enum MHD_GNUTLS_PublicKeyAlgorithm
-MHD_gtls_map_pk_get_pk (enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm)
-{
-  enum MHD_GNUTLS_PublicKeyAlgorithm ret = -1;
-
-  GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
-}
-
-/* Returns the encipher type for the given key exchange algorithm.
- * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
- *
- * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
- */
-enum encipher_type
-MHD_gtls_kx_encipher_type (enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm)
-{
-  int ret = CIPHER_IGN;
-  GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
-
-}
-
-/* signature algorithms;
- */
-struct MHD_gnutls_sign_entry
-{
-  const char *name;
-  const char *oid;
-  MHD_gnutls_sign_algorithm_t id;
-  enum MHD_GNUTLS_PublicKeyAlgorithm pk;
-  enum MHD_GNUTLS_HashAlgorithm mac;
-};
-typedef struct MHD_gnutls_sign_entry MHD_gnutls_sign_entry;
-
-static const MHD_gnutls_sign_entry MHD_gtls_sign_algorithms[] = {
-  {"RSA-SHA",
-   SIG_RSA_SHA1_OID,
-   GNUTLS_SIGN_RSA_SHA1,
-   MHD_GNUTLS_PK_RSA,
-   MHD_GNUTLS_MAC_SHA1},
-  {"RSA-SHA256",
-   SIG_RSA_SHA256_OID,
-   GNUTLS_SIGN_RSA_SHA256,
-   MHD_GNUTLS_PK_RSA,
-   MHD_GNUTLS_MAC_SHA256},
-  {"RSA-MD5",
-   SIG_RSA_MD5_OID,
-   GNUTLS_SIGN_RSA_MD5,
-   MHD_GNUTLS_PK_RSA,
-   MHD_GNUTLS_MAC_MD5},
-  {"GOST R 34.10-2001",
-   SIG_GOST_R3410_2001_OID,
-   0,
-   0,
-   0},
-  {"GOST R 34.10-94",
-   SIG_GOST_R3410_94_OID,
-   0,
-   0,
-   0},
-  {0,
-   0,
-   0,
-   0,
-   0}
-};
-
-#define GNUTLS_SIGN_LOOP(b) \
-  do {								       \
-    const MHD_gnutls_sign_entry *p;					       \
-    for(p = MHD_gtls_sign_algorithms; p->name != NULL; p++) { b ; }	       \
-  } while (0)
-
-#define GNUTLS_SIGN_ALG_LOOP(a) \
-  GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
-
-/* pk algorithms;
- */
-struct MHD_gnutls_pk_entry
-{
-  const char *name;
-  const char *oid;
-  enum MHD_GNUTLS_PublicKeyAlgorithm id;
-};
-typedef struct MHD_gnutls_pk_entry MHD_gnutls_pk_entry;
-
-static const MHD_gnutls_pk_entry MHD_gtls_pk_algorithms[] = {
-  {"RSA",
-   PK_PKIX1_RSA_OID,
-   MHD_GNUTLS_PK_RSA},
-  {"GOST R 34.10-2001",
-   PK_GOST_R3410_2001_OID,
-   0},
-  {"GOST R 34.10-94",
-   PK_GOST_R3410_94_OID,
-   0},
-  {0,
-   0,
-   0}
-};
-
-enum MHD_GNUTLS_PublicKeyAlgorithm
-MHD_gtls_x509_oid2pk_algorithm (const char *oid)
-{
-  enum MHD_GNUTLS_PublicKeyAlgorithm ret = MHD_GNUTLS_PK_UNKNOWN;
-  const MHD_gnutls_pk_entry *p;
-
-  for (p = MHD_gtls_pk_algorithms; p->name != NULL; p++)
-    if (strcmp (p->oid, oid) == 0)
-      {
-        ret = p->id;
-        break;
-      }
-
-  return ret;
-}

src/daemon/https/tls/gnutls_algorithms.h

@@ -1,148 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef ALGORITHMS_H
-#define ALGORITHMS_H
-
-#include "gnutls_auth.h"
-
-/* Functions for version handling. */
-enum MHD_GNUTLS_Protocol MHD_gtls_version_max (MHD_gtls_session_t session);
-int MHD_gtls_version_priority (MHD_gtls_session_t session,
-                               enum MHD_GNUTLS_Protocol version);
-int MHD_gtls_version_is_supported (MHD_gtls_session_t session,
-                                   const enum MHD_GNUTLS_Protocol version);
-int MHD_gtls_version_get_major (enum MHD_GNUTLS_Protocol ver);
-int MHD_gtls_version_get_minor (enum MHD_GNUTLS_Protocol ver);
-enum MHD_GNUTLS_Protocol MHD_gtls_version_get (int major, int minor);
-
-/* Functions for MACs. */
-int MHD_gnutls_mac_is_ok (enum MHD_GNUTLS_HashAlgorithm algorithm);
-/* Functions for cipher suites. */
-int MHD_gtls_supported_ciphersuites (MHD_gtls_session_t session,
-                                     cipher_suite_st ** ciphers);
-int MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session,
-                                            cipher_suite_st ** ciphers);
-int MHD_gtls_supported_compression_methods (MHD_gtls_session_t session,
-                                            uint8_t ** comp);
-const char *MHD_gtls_cipher_suite_get_name (cipher_suite_st * algorithm);
-enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_suite_get_cipher_algo (const
-                                                                       cipher_suite_st
-                                                                       *
-                                                                       algorithm);
-enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_cipher_suite_get_kx_algo (const
-                                                                        cipher_suite_st
-                                                                        *
-                                                                        algorithm);
-enum MHD_GNUTLS_HashAlgorithm MHD_gtls_cipher_suite_get_mac_algo (const
-                                                                  cipher_suite_st
-                                                                  *
-                                                                  algorithm);
-enum MHD_GNUTLS_Protocol MHD_gtls_cipher_suite_get_version (const
-                                                            cipher_suite_st *
-                                                            algorithm);
-cipher_suite_st MHD_gtls_cipher_suite_get_suite_name (cipher_suite_st *
-                                                      algorithm);
-
-/* Functions for ciphers. */
-int MHD_gtls_cipher_get_block_size (enum MHD_GNUTLS_CipherAlgorithm
-                                    algorithm);
-int MHD_gtls_cipher_is_block (enum MHD_GNUTLS_CipherAlgorithm algorithm);
-int MHD_gtls_cipher_is_ok (enum MHD_GNUTLS_CipherAlgorithm algorithm);
-int MHD_gtls_cipher_get_iv_size (enum MHD_GNUTLS_CipherAlgorithm algorithm);
-int MHD_gtls_cipher_get_export_flag (enum MHD_GNUTLS_CipherAlgorithm
-                                     algorithm);
-
-/* Functions for key exchange. */
-int MHD_gtls_kx_needs_dh_params (enum MHD_GNUTLS_KeyExchangeAlgorithm
-                                 algorithm);
-int MHD_gtls_kx_needs_rsa_params (enum MHD_GNUTLS_KeyExchangeAlgorithm
-                                  algorithm);
-MHD_gtls_mod_auth_st *MHD_gtls_kx_auth_struct (enum
-                                               MHD_GNUTLS_KeyExchangeAlgorithm
-                                               algorithm);
-int MHD_gtls_kx_is_ok (enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
-
-/* Functions for compression. */
-int MHD_gtls_compression_is_ok (enum MHD_GNUTLS_CompressionMethod algorithm);
-int MHD_gtls_compression_get_num (enum MHD_GNUTLS_CompressionMethod
-                                  algorithm);
-enum MHD_GNUTLS_CompressionMethod MHD_gtls_compression_get_id_from_int (int
-                                                                        num);
-int MHD_gtls_compression_get_mem_level (enum MHD_GNUTLS_CompressionMethod
-                                        algorithm);
-int MHD_gtls_compression_get_comp_level (enum MHD_GNUTLS_CompressionMethod
-                                         algorithm);
-int MHD_gtls_compression_get_wbits (enum MHD_GNUTLS_CompressionMethod
-                                    algorithm);
-
-/* Type to KX mappings. */
-enum MHD_GNUTLS_CredentialsType MHD_gtls_map_kx_get_cred (enum
-                                                          MHD_GNUTLS_KeyExchangeAlgorithm
-                                                          algorithm,
-                                                          int server);
-
-/* KX to PK mapping. */
-enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_map_pk_get_pk (enum
-                                                           MHD_GNUTLS_KeyExchangeAlgorithm
-                                                           kx_algorithm);
-enum MHD_GNUTLS_PublicKeyAlgorithm MHD_gtls_x509_oid2pk_algorithm (const char
-                                                                   *oid);
-enum encipher_type
-{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
-
-enum encipher_type MHD_gtls_kx_encipher_type (enum
-                                              MHD_GNUTLS_KeyExchangeAlgorithm
-                                              algorithm);
-
-struct MHD_gtls_compression_entry
-{
-  const char *name;
-  enum MHD_GNUTLS_CompressionMethod id;
-  int num;                      /* the number reserved in TLS for the specific compression method */
-
-  /* used in zlib compressor */
-  int window_bits;
-  int mem_level;
-  int comp_level;
-};
-typedef struct MHD_gtls_compression_entry MHD_gnutls_compression_entry;
-
-/* Functions for sign algorithms. */
-
-int MHD_gtls_mac_priority (MHD_gtls_session_t session,
-                           enum MHD_GNUTLS_HashAlgorithm algorithm);
-int MHD_gtls_cipher_priority (MHD_gtls_session_t session,
-                              enum MHD_GNUTLS_CipherAlgorithm algorithm);
-int MHD_gtls_kx_priority (MHD_gtls_session_t session,
-                          enum MHD_GNUTLS_KeyExchangeAlgorithm algorithm);
-
-enum MHD_GNUTLS_HashAlgorithm MHD_gtls_mac_get_id (const char *name);
-enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_cipher_get_id (const char *name);
-enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_kx_get_id (const char *name);
-enum MHD_GNUTLS_Protocol MHD_gtls_protocol_get_id (const char *name);
-enum MHD_GNUTLS_CertificateType MHD_gtls_certificate_type_get_id (const char
-                                                                  *name);
-
-#endif

src/daemon/https/tls/gnutls_asn1_tab.c

@@ -1,63 +0,0 @@
-#if HAVE_CONFIG_H
-#include "MHD_config.h"
-#endif
-
-#include <libtasn1.h>
-
-const ASN1_ARRAY_TYPE MHD_gnutlsMHD__asn1_tab[] = {
-  {"GNUTLS", 536872976, 0},
-  {0, 1073741836, 0},
-  {"RSAPublicKey", 1610612741, 0},
-  {"modulus", 1073741827, 0},
-  {"publicExponent", 3, 0},
-  {"RSAPrivateKey", 1610612741, 0},
-  {"version", 1073741826, "Version"},
-  {"modulus", 1073741827, 0},
-  {"publicExponent", 1073741827, 0},
-  {"privateExponent", 1073741827, 0},
-  {"prime1", 1073741827, 0},
-  {"prime2", 1073741827, 0},
-  {"exponent1", 1073741827, 0},
-  {"exponent2", 1073741827, 0},
-  {"coefficient", 1073741827, 0},
-  {"otherPrimeInfos", 16386, "OtherPrimeInfos"},
-  {"Version", 1610874883, 0},
-  {"two-prime", 1073741825, "0"},
-  {"multi", 1, "1"},
-  {"OtherPrimeInfos", 1612709899, 0},
-  {"MAX", 1074266122, "1"},
-  {0, 2, "OtherPrimeInfo"},
-  {"OtherPrimeInfo", 1610612741, 0},
-  {"prime", 1073741827, 0},
-  {"exponent", 1073741827, 0},
-  {"coefficient", 3, 0},
-  {"AlgorithmIdentifier", 1610612741, 0},
-  {"algorithm", 1073741836, 0},
-  {"parameters", 541081613, 0},
-  {"algorithm", 1, 0},
-  {"DigestInfo", 1610612741, 0},
-  {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
-  {"digest", 2, "Digest"},
-  {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
-  {"Digest", 1073741831, 0},
-  {"DSAPublicKey", 1073741827, 0},
-  {"DSAParameters", 1610612741, 0},
-  {"p", 1073741827, 0},
-  {"q", 1073741827, 0},
-  {"g", 3, 0},
-  {"DSASignatureValue", 1610612741, 0},
-  {"r", 1073741827, 0},
-  {"s", 3, 0},
-  {"DSAPrivateKey", 1610612741, 0},
-  {"version", 1073741827, 0},
-  {"p", 1073741827, 0},
-  {"q", 1073741827, 0},
-  {"g", 1073741827, 0},
-  {"Y", 1073741827, 0},
-  {"priv", 3, 0},
-  {"DHParameter", 536870917, 0},
-  {"prime", 1073741827, 0},
-  {"base", 1073741827, 0},
-  {"privateValueLength", 16387, 0},
-  {0, 0, 0}
-};

src/daemon/https/tls/gnutls_auth.c

@@ -1,361 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_auth.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_algorithms.h"
-#include "auth_cert.h"
-#include <gnutls_datum.h>
-
-/* The functions here are used in order for authentication algorithms
- * to be able to retrieve the needed credentials eg public and private
- * key etc.
- */
-
-/**
-  * MHD__gnutls_credentials_clear - Clears all the credentials previously set
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * Clears all the credentials previously set in this session.
-  *
-  **/
-void
-MHD__gnutls_credentials_clear (MHD_gtls_session_t session)
-{
-  if (session->key && session->key->cred)
-    {                           /* beginning of the list */
-      auth_cred_st *ccred, *ncred;
-      ccred = session->key->cred;
-      while (ccred != NULL)
-        {
-          ncred = ccred->next;
-          MHD_gnutls_free (ccred);
-          ccred = ncred;
-        }
-      session->key->cred = NULL;
-    }
-}
-
-/*
- * This creates a linked list of the form:
- * { algorithm, credentials, pointer to next }
- */
-/**
-  * MHD__gnutls_credentials_set - Sets the needed credentials for the specified authentication algorithm.
-  * @session: is a #MHD_gtls_session_t structure.
-  * @type: is the type of the credentials
-  * @cred: is a pointer to a structure.
-  *
-  * Sets the needed credentials for the specified type.
-  * Eg username, password - or public and private keys etc.
-  * The (void* cred) parameter is a structure that depends on the
-  * specified type and on the current session (client or server).
-  * [ In order to minimize memory usage, and share credentials between
-  * several threads gnutls keeps a pointer to cred, and not the whole cred
-  * structure. Thus you will have to keep the structure allocated until
-  * you call MHD__gnutls_deinit(). ]
-  *
-  * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t
-  * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case
-  * of a server.
-  *
-  * For GNUTLS_CRD_CERTIFICATE cred should be MHD_gtls_cert_credentials_t.
-  *
-  **/
-int
-MHD__gnutls_credentials_set (MHD_gtls_session_t session,
-                             enum MHD_GNUTLS_CredentialsType type, void *cred)
-{
-  auth_cred_st *ccred = NULL, *pcred = NULL;
-  int exists = 0;
-
-  if (session->key->cred == NULL)
-    {                           /* beginning of the list */
-
-      session->key->cred = MHD_gnutls_malloc (sizeof (auth_cred_st));
-      if (session->key->cred == NULL)
-        return GNUTLS_E_MEMORY_ERROR;
-
-      /* copy credentials locally */
-      session->key->cred->credentials = cred;
-
-      session->key->cred->next = NULL;
-      session->key->cred->algorithm = type;
-    }
-  else
-    {
-      ccred = session->key->cred;
-      while (ccred != NULL)
-        {
-          if (ccred->algorithm == type)
-            {
-              exists = 1;
-              break;
-            }
-          pcred = ccred;
-          ccred = ccred->next;
-        }
-      /* After this, pcred is not null.
-       */
-
-      if (exists == 0)
-        {                       /* new entry */
-          pcred->next = MHD_gnutls_malloc (sizeof (auth_cred_st));
-          if (pcred->next == NULL)
-            return GNUTLS_E_MEMORY_ERROR;
-
-          ccred = pcred->next;
-
-          /* copy credentials locally */
-          ccred->credentials = cred;
-
-          ccred->next = NULL;
-          ccred->algorithm = type;
-        }
-      else
-        {                       /* modify existing entry */
-          MHD_gnutls_free (ccred->credentials);
-          ccred->credentials = cred;
-        }
-    }
-
-  return 0;
-}
-
-/**
-  * MHD_gtls_auth_get_type - Returns the type of credentials for the current authentication schema.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * Returns type of credentials for the current authentication schema.
-  * The returned information is to be used to distinguish the function used
-  * to access authentication data.
-  *
-  * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA),
-  * the same function are to be used to access the authentication data.
-  **/
-enum MHD_GNUTLS_CredentialsType
-MHD_gtls_auth_get_type (MHD_gtls_session_t session)
-{
-/* This is not the credentials we must set, but the authentication data
- * we get by the peer, so it should be reversed.
- */
-  int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
-
-  return
-    MHD_gtls_map_kx_get_cred (MHD_gtls_cipher_suite_get_kx_algo
-                              (&session->security_parameters.
-                               current_cipher_suite), server);
-}
-
-/*
- * This returns a pointer to the linked list. Don't
- * free that!!!
- */
-const void *
-MHD_gtls_get_kx_cred (MHD_gtls_session_t session,
-                      enum MHD_GNUTLS_KeyExchangeAlgorithm algo, int *err)
-{
-  int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
-
-  return MHD_gtls_get_cred (session->key,
-                            MHD_gtls_map_kx_get_cred (algo, server), err);
-}
-
-const void *
-MHD_gtls_get_cred (MHD_gtls_key_st key, enum MHD_GNUTLS_CredentialsType type,
-                   int *err)
-{
-  const void *retval = NULL;
-  int _err = -1;
-  auth_cred_st *ccred;
-
-  if (key == NULL)
-    goto out;
-
-  ccred = key->cred;
-  while (ccred != NULL)
-    {
-      if (ccred->algorithm == type)
-        {
-          break;
-        }
-      ccred = ccred->next;
-    }
-  if (ccred == NULL)
-    goto out;
-
-  _err = 0;
-  retval = ccred->credentials;
-
-out:
-  if (err != NULL)
-    *err = _err;
-  return retval;
-}
-
-/*-
-  * MHD_gtls_get_auth_info - Returns a pointer to authentication information.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function must be called after a succesful MHD__gnutls_handshake().
-  * Returns a pointer to authentication information. That information
-  * is data obtained by the handshake protocol, the key exchange algorithm,
-  * and the TLS extensions messages.
-  *
-  * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
-  * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
-  -*/
-void *
-MHD_gtls_get_auth_info (MHD_gtls_session_t session)
-{
-  return session->key->auth_info;
-}
-
-/*-
-  * MHD_gtls_free_auth_info - Frees the auth info structure
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function frees the auth info structure and sets it to
-  * null. It must be called since some structures contain malloced
-  * elements.
-  -*/
-void
-MHD_gtls_free_auth_info (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh_info;
-  rsa_info_st *rsa_info;
-
-  if (session == NULL || session->key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return;
-    }
-
-  switch (session->key->auth_info_type)
-    {
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        unsigned int i;
-        cert_auth_info_t info = MHD_gtls_get_auth_info (session);
-
-        if (info == NULL)
-          break;
-
-        dh_info = &info->dh;
-        rsa_info = &info->rsa_export;
-        for (i = 0; i < info->ncerts; i++)
-          {
-            MHD__gnutls_free_datum (&info->raw_certificate_list[i]);
-          }
-
-        MHD_gnutls_free (info->raw_certificate_list);
-        info->raw_certificate_list = NULL;
-        info->ncerts = 0;
-
-        MHD_gtls_free_dh_info (dh_info);
-        MHD_gtls_free_rsa_info (rsa_info);
-      }
-
-
-      break;
-    default:
-      return;
-
-    }
-
-  MHD_gnutls_free (session->key->auth_info);
-  session->key->auth_info = NULL;
-  session->key->auth_info_size = 0;
-  session->key->auth_info_type = 0;
-
-}
-
-/* This function will set the auth info structure in the key
- * structure.
- * If allow change is !=0 then this will allow changing the auth
- * info structure to a different type.
- */
-int
-MHD_gtls_auth_info_set (MHD_gtls_session_t session,
-                        enum MHD_GNUTLS_CredentialsType type, int size,
-                        int allow_change)
-{
-  if (session->key->auth_info == NULL)
-    {
-      session->key->auth_info = MHD_gnutls_calloc (1, size);
-      if (session->key->auth_info == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      session->key->auth_info_type = type;
-      session->key->auth_info_size = size;
-    }
-  else
-    {
-      if (allow_change == 0)
-        {
-          /* If the credentials for the current authentication scheme,
-           * are not the one we want to set, then it's an error.
-           * This may happen if a rehandshake is performed an the
-           * ciphersuite which is negotiated has different authentication
-           * schema.
-           */
-          if (MHD_gtls_auth_get_type (session) !=
-              session->key->auth_info_type)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_INVALID_REQUEST;
-            }
-        }
-      else
-        {
-          /* The new behaviour: Here we reallocate the auth info structure
-           * in order to be able to negotiate different authentication
-           * types. Ie. perform an auth_anon and then authenticate again using a
-           * certificate (in order to prevent revealing the certificate's contents,
-           * to passive eavesdropers.
-           */
-          if (MHD_gtls_auth_get_type (session) !=
-              session->key->auth_info_type)
-            {
-
-              MHD_gtls_free_auth_info (session);
-
-              session->key->auth_info = calloc (1, size);
-              if (session->key->auth_info == NULL)
-                {
-                  MHD_gnutls_assert ();
-                  return GNUTLS_E_MEMORY_ERROR;
-                }
-
-              session->key->auth_info_type = type;
-              session->key->auth_info_size = size;
-            }
-        }
-    }
-  return 0;
-}

src/daemon/https/tls/gnutls_auth.h

@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_AUTH_H
-#define GNUTLS_AUTH_H
-
-typedef struct MHD_gtls_mod_auth_st_int
-{
-  const char *name;             /* null terminated */
-  int (*MHD_gtls_gen_server_certificate) (MHD_gtls_session_t, opaque **);
-  int (*MHD_gtls_gen_client_certificate) (MHD_gtls_session_t, opaque **);
-  int (*MHD_gtls_gen_server_kx) (MHD_gtls_session_t, opaque **);
-  int (*MHD_gtls_gen_client_kx) (MHD_gtls_session_t, opaque **);        /* used in SRP */
-  int (*MHD_gtls_gen_client_cert_vrfy) (MHD_gtls_session_t, opaque **);
-  int (*MHD_gtls_gen_server_certificate_request) (MHD_gtls_session_t,
-                                                  opaque **);
-
-  int (*MHD_gtls_process_server_certificate) (MHD_gtls_session_t, opaque *,
-                                              size_t);
-  int (*MHD_gtls_process_client_certificate) (MHD_gtls_session_t, opaque *,
-                                              size_t);
-  int (*MHD_gtls_process_server_kx) (MHD_gtls_session_t, opaque *, size_t);
-  int (*MHD_gtls_process_client_kx) (MHD_gtls_session_t, opaque *, size_t);
-  int (*MHD_gtls_process_client_cert_vrfy) (MHD_gtls_session_t, opaque *,
-                                            size_t);
-  int (*MHD_gtls_process_server_certificate_request) (MHD_gtls_session_t,
-                                                      opaque *, size_t);
-} MHD_gtls_mod_auth_st;
-
-#endif

src/daemon/https/tls/gnutls_auth_int.h

@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-const void *MHD_gtls_get_cred (MHD_gtls_key_st key,
-                               enum MHD_GNUTLS_CredentialsType kx, int *err);
-const void *MHD_gtls_get_kx_cred (MHD_gtls_session_t session,
-                                  enum MHD_GNUTLS_KeyExchangeAlgorithm algo,
-                                  int *err);
-void *MHD_gtls_get_auth_info (MHD_gtls_session_t session);
-int MHD_gtls_auth_info_set (MHD_gtls_session_t session,
-                            enum MHD_GNUTLS_CredentialsType type, int size,
-                            int allow_change);

src/daemon/https/tls/gnutls_buffers.c

@@ -1,1111 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This is the only file that uses the berkeley sockets API.
- *
- * Also holds all the buffering code used in gnutls.
- * The buffering code works as:
- *
- * RECORD LAYER:
- *  1. uses a buffer to hold data (application/handshake),
- *    we got but they were not requested, yet.
- *  (see MHD_gnutls_record_buffer_put(), MHD_gnutls_record_buffer_get_size() etc.)
- *
- *  2. uses a buffer to hold data that were incomplete (ie the read/write
- *    was interrupted)
- *  (see MHD_gtls_io_read_buffered(), MHD_gtls_io_write_buffered() etc.)
- *
- * HANDSHAKE LAYER:
- *  1. Uses a buffer to hold data that was not sent or received
- *  complete. (E.g. sent 10 bytes of a handshake packet that is 20 bytes
- *  long).
- * (see MHD__gnutls_handshake_send_int(), MHD__gnutls_handshake_recv_int())
- *
- *  2. Uses buffer to hold the last received handshake message.
- *  (see MHD_gtls_handshake_buffer_put() etc.)
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-#include <gnutls_record.h>
-#include <gnutls_buffers.h>
-
-#include <errno.h>
-
-#ifdef _WIN32
-# include <winsock2.h>
-#endif
-
-#ifndef EAGAIN
-# define EAGAIN EWOULDBLOCK
-#endif
-
-/* Buffers received packets of type APPLICATION DATA and
- * HANDSHAKE DATA.
- */
-int
-MHD_gnutls_record_buffer_put (content_type_t type,
-                              MHD_gtls_session_t session, opaque * data,
-                              size_t length)
-{
-  MHD_gtls_buffer *buf;
-
-  if (length == 0)
-    return 0;
-
-  switch (type)
-    {
-    case GNUTLS_APPLICATION_DATA:
-      buf = &session->internals.application_data_buffer;
-      MHD__gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n",
-                               length, type);
-      break;
-
-    case GNUTLS_HANDSHAKE:
-      buf = &session->internals.handshake_data_buffer;
-      MHD__gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n",
-                               length, type);
-      break;
-
-    case GNUTLS_INNER_APPLICATION:
-      buf = &session->internals.ia_data_buffer;
-      MHD__gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n",
-                               length, type);
-      break;
-
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  if (MHD_gtls_buffer_append (buf, data, length) < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  return 0;
-}
-
-int
-MHD_gnutls_record_buffer_get_size (content_type_t type,
-                                   MHD_gtls_session_t session)
-{
-  switch (type)
-    {
-    case GNUTLS_APPLICATION_DATA:
-      return session->internals.application_data_buffer.length;
-
-    case GNUTLS_HANDSHAKE:
-      return session->internals.handshake_data_buffer.length;
-
-    case GNUTLS_INNER_APPLICATION:
-      return session->internals.ia_data_buffer.length;
-
-    default:
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-}
-
-int
-MHD_gtls_record_buffer_get (content_type_t type, MHD_gtls_session_t session,
-                            opaque * data, size_t length)
-{
-  if (length == 0 || data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  switch (type)
-    {
-    case GNUTLS_APPLICATION_DATA:
-
-      if (length > session->internals.application_data_buffer.length)
-        {
-          length = session->internals.application_data_buffer.length;
-        }
-
-      MHD__gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n",
-                               length, type);
-
-      session->internals.application_data_buffer.length -= length;
-      memcpy (data, session->internals.application_data_buffer.data, length);
-
-      /* overwrite buffer */
-      memmove (session->internals.application_data_buffer.data,
-               &session->internals.application_data_buffer.data[length],
-               session->internals.application_data_buffer.length);
-
-      /* we do no longer realloc the application_data_buffer.data,
-       * since it serves no practical reason. It also decreases
-       * performance.
-       */
-      break;
-
-    case GNUTLS_HANDSHAKE:
-      if (length > session->internals.handshake_data_buffer.length)
-        {
-          length = session->internals.handshake_data_buffer.length;
-        }
-
-      MHD__gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n",
-                               length, type);
-
-      session->internals.handshake_data_buffer.length -= length;
-      memcpy (data, session->internals.handshake_data_buffer.data, length);
-
-      /* overwrite buffer */
-      memmove (session->internals.handshake_data_buffer.data,
-               &session->internals.handshake_data_buffer.data[length],
-               session->internals.handshake_data_buffer.length);
-
-      break;
-
-    case GNUTLS_INNER_APPLICATION:
-      if (length > session->internals.ia_data_buffer.length)
-        length = session->internals.ia_data_buffer.length;
-
-      MHD__gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n",
-                               length, type);
-
-      session->internals.ia_data_buffer.length -= length;
-      memcpy (data, session->internals.ia_data_buffer.data, length);
-
-      /* overwrite buffer */
-      memmove (session->internals.ia_data_buffer.data,
-               &session->internals.ia_data_buffer.data[length],
-               session->internals.ia_data_buffer.length);
-
-      break;
-
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  return length;
-}
-
-/* This function is like read. But it does not return -1 on error.
- * It does return MHD_gnutls_errno instead.
- *
- * Flags are only used if the default recv() function is being used.
- */
-static ssize_t
-MHD__gnutls_read (MHD_gtls_session_t session, void *iptr,
-                  size_t sizeOfPtr, int flags)
-{
-  size_t left;
-  ssize_t i = 0;
-  char *ptr = iptr;
-  MHD_gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
-
-  session->internals.direction = 0;
-
-  left = sizeOfPtr;
-  while (left > 0)
-    {
-      session->internals.errnum = 0;
-      if (session->internals.MHD__gnutls_pull_func == NULL)
-        {
-          i =
-            recv (GNUTLS_POINTER_TO_INT (fd), &ptr[sizeOfPtr - left], left,
-                  flags);
-#if HAVE_WINSOCK
-          if (i < 0)
-            {
-              int tmperr = WSAGetLastError ();
-              switch (tmperr)
-                {
-                case WSAEWOULDBLOCK:
-                  session->internals.errnum = EAGAIN;
-                  break;
-
-                case WSAEINTR:
-                  session->internals.errnum = EINTR;
-                  break;
-
-                default:
-                  session->internals.errnum = EIO;
-                  break;
-                }
-              WSASetLastError (tmperr);
-            }
-#endif
-        }
-      else
-	i = session->internals.MHD__gnutls_pull_func (fd,
-						      &ptr[sizeOfPtr - left],
-						      left);
-      if (i < 0)
-        {
-          int err = session->internals.errnum ? session->internals.errnum
-            : errno;
-          if ( (err == EAGAIN) || (err == EINTR) )
-            {
-              if (sizeOfPtr - left > 0)
-		goto finish;       
-              MHD_gnutls_assert ();         
-              if (err == EAGAIN)
-                return GNUTLS_E_AGAIN;
-              return GNUTLS_E_INTERRUPTED;
-            }
-          else
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_PULL_ERROR;
-            }
-        }
-      else
-        {
-          if (i == 0)
-            break;              /* EOF */
-        }
-      left -= i;
-    }
-
-finish:
-  return (sizeOfPtr - left);
-}
-
-#define RCVLOWAT session->internals.lowat
-
-/* This function is only used with berkeley style sockets.
- * Clears the peeked data (read with MSG_PEEK).
- */
-int
-MHD_gtls_io_clear_peeked_data (MHD_gtls_session_t session)
-{
-  char *peekdata;
-  int ret, sum;
-
-  if (session->internals.have_peeked_data == 0 || RCVLOWAT == 0)
-    return 0;
-
-  peekdata = MHD_gnutls_alloca (RCVLOWAT);
-  if (peekdata == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  /* this was already read by using MSG_PEEK - so it shouldn't fail */
-  sum = 0;
-  do
-    {                           /* we need this to finish now */
-      ret = MHD__gnutls_read (session, peekdata, RCVLOWAT - sum, 0);
-      if (ret > 0)
-        sum += ret;
-    }
-  while ( (ret == GNUTLS_E_INTERRUPTED) || 
-	  (ret == GNUTLS_E_AGAIN) || 
-	  (sum < RCVLOWAT) );
-
-  MHD_gnutls_afree (peekdata);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  session->internals.have_peeked_data = 0;
-
-  return 0;
-}
-
-void
-MHD_gtls_io_clear_read_buffer (MHD_gtls_session_t session)
-{
-  session->internals.record_recv_buffer.length = 0;
-}
-
-/* This function is like recv(with MSG_PEEK). But it does not return -1 on error.
- * It does return MHD_gnutls_errno instead.
- * This function reads data from the socket and keeps them in a buffer, of up to
- * MAX_RECV_SIZE.
- *
- * This is not a general purpose function. It returns EXACTLY the data requested,
- * which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned.
- *
- */
-ssize_t
-MHD_gtls_io_read_buffered (MHD_gtls_session_t session, opaque ** iptr,
-                           size_t sizeOfPtr, content_type_t recv_type)
-{
-  ssize_t ret = 0, ret2 = 0;
-  size_t min;
-  int buf_pos;
-  opaque *buf;
-  int recvlowat;
-  int recvdata, alloc_size;
-
-  *iptr = session->internals.record_recv_buffer.data;
-
-  if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0)
-    {
-      MHD_gnutls_assert ();     /* internal error */
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  /* If an external pull function is used, then do not leave
-   * any data into the kernel buffer.
-   */
-  if (session->internals.MHD__gnutls_pull_func != NULL)
-    {
-      recvlowat = 0;
-    }
-  else
-    {
-      /* leave peeked data to the kernel space only if application data
-       * is received and we don't have any peeked
-       * data in gnutls session.
-       */
-      if (recv_type != GNUTLS_APPLICATION_DATA
-          && session->internals.have_peeked_data == 0)
-        recvlowat = 0;
-      else
-        recvlowat = RCVLOWAT;
-    }
-
-  /* calculate the actual size, ie. get the minimum of the
-   * buffered data and the requested data.
-   */
-  min = MIN (session->internals.record_recv_buffer.length, sizeOfPtr);
-  if (min > 0)
-    {
-      /* if we have enough buffered data
-       * then just return them.
-       */
-      if (min == sizeOfPtr)
-        {
-          return min;
-        }
-    }
-
-  /* min is over zero. recvdata is the data we must
-   * receive in order to return the requested data.
-   */
-  recvdata = sizeOfPtr - min;
-
-  /* Check if the previously read data plus the new data to
-   * receive are longer than the maximum receive buffer size.
-   */
-  if ((session->internals.record_recv_buffer.length + recvdata)
-      > MAX_RECV_SIZE)
-    {
-      MHD_gnutls_assert ();     /* internal error */
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  /* Allocate the data required to store the new packet.
-   */
-  alloc_size = recvdata + session->internals.record_recv_buffer.length;
-  session->internals.record_recv_buffer.data =
-    MHD_gtls_realloc_fast (session->internals.record_recv_buffer.data,
-                           alloc_size);
-  if (session->internals.record_recv_buffer.data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  buf_pos = session->internals.record_recv_buffer.length;
-  buf = session->internals.record_recv_buffer.data;
-  *iptr = buf;
-
-  /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer. */
-  if (recvdata - recvlowat > 0)
-    {
-      ret =
-        MHD__gnutls_read (session, &buf[buf_pos], recvdata - recvlowat, 0);
-
-      /* return immediately if we got an interrupt or eagain
-       * error.
-       */
-      if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0)
-        {
-          return ret;
-        }
-    }
-
-  /* copy fresh data to our buffer.
-   */
-  if (ret > 0)
-    {
-      MHD__gnutls_read_log
-        ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
-         session->internals.record_recv_buffer.length, ret);
-      MHD__gnutls_read_log ("RB: Requested %d bytes\n", sizeOfPtr);
-      session->internals.record_recv_buffer.length += ret;
-    }
-
-  buf_pos = session->internals.record_recv_buffer.length;
-
-  /* This is a hack placed in order for select to work. Just leave recvlowat data,
-   * into the kernel buffer (using a read with MSG_PEEK), thus making
-   * select think, that the socket is ready for reading.
-   * MSG_PEEK is only used with berkeley style sockets.
-   */
-  if (ret == (recvdata - recvlowat) && recvlowat > 0)
-    {
-      ret2 = MHD__gnutls_read (session, &buf[buf_pos], recvlowat, MSG_PEEK);
-
-      if (ret2 < 0 && MHD_gtls_error_is_fatal (ret2) == 0)
-        {
-          return ret2;
-        }
-
-      if (ret2 > 0)
-        {
-          MHD__gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n",
-                                ret2);
-          MHD__gnutls_read_log
-            ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
-             session->internals.record_recv_buffer.length, ret2, sizeOfPtr);
-          session->internals.have_peeked_data = 1;
-          session->internals.record_recv_buffer.length += ret2;
-
-        }
-    }
-
-  if (ret < 0 || ret2 < 0)
-    {
-      MHD_gnutls_assert ();
-      /* that's because they are initialized to 0 */
-      return MIN (ret, ret2);
-    }
-
-  ret += ret2;
-
-  if (ret > 0 && ret < recvlowat)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_AGAIN;
-    }
-
-  if (ret == 0)
-    {                           /* EOF */
-      MHD_gnutls_assert ();
-      return 0;
-    }
-
-  ret = session->internals.record_recv_buffer.length;
-
-  if ((ret > 0) && ((size_t) ret < sizeOfPtr))
-    {
-      /* Short Read */
-      MHD_gnutls_assert ();
-      return GNUTLS_E_AGAIN;
-    }
-  else
-    {
-      return ret;
-    }
-}
-
-/* These two functions are used to insert data to the send buffer of the handshake or
- * record protocol. The send buffer is kept if a send is interrupted and we need to keep
- * the data left to sent, in order to send them later.
- */
-
-#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
-
-inline static int
-MHD__gnutls_buffer_insert (MHD_gtls_buffer * buffer,
-                           const opaque * _data, size_t data_size)
-{
-
-  if ((MEMSUB (_data, buffer->data) >= 0)
-      && (MEMSUB (_data, buffer->data) < (ssize_t) buffer->length))
-    {
-      /* the given _data is part of the buffer.
-       */
-      if (data_size > buffer->length)
-        {
-          MHD_gnutls_assert ();
-          /* this shouldn't have happened */
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      if (_data == buffer->data)
-        {                       /* then don't even memmove */
-          buffer->length = data_size;
-          return 0;
-        }
-
-      memmove (buffer->data, _data, data_size);
-      buffer->length = data_size;
-
-      return 0;
-
-    }
-
-  if (MHD_gtls_buffer_append (buffer, _data, data_size) < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  return 0;
-}
-
-inline static int
-MHD__gnutls_buffer_get (MHD_gtls_buffer * buffer,
-                        const opaque ** ptr, size_t * ptr_size)
-{
-  *ptr_size = buffer->length;
-  *ptr = buffer->data;
-
-  return 0;
-}
-
-/* This function is like write. But it does not return -1 on error.
- * It does return MHD_gnutls_errno instead.
- *
- * In case of E_AGAIN and E_INTERRUPTED errors, you must call MHD_gnutls_write_flush(),
- * until it returns ok (0).
- *
- * We need to push exactly the data in n, since we cannot send less
- * data. In TLS the peer must receive the whole packet in order
- * to decrypt and verify the integrity.
- *
- */
-ssize_t
-MHD_gtls_io_write_buffered (MHD_gtls_session_t session,
-                            const void *iptr, size_t n)
-{
-  size_t left;
-  unsigned j, x, sum = 0;
-  ssize_t retval, i;
-  const opaque *ptr;
-  int ret;
-  MHD_gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
-
-  /* to know where the procedure was interrupted.
-   */
-  session->internals.direction = 1;
-
-  ptr = iptr;
-
-  /* In case the previous write was interrupted, check if the
-   * iptr != NULL and we have data in the buffer.
-   * If this is true then return an error.
-   */
-  if (session->internals.record_send_buffer.length > 0 && iptr != NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  /* If data in the buffer exist
-   */
-  if (iptr == NULL)
-    {
-      /* checking is handled above */
-      ret =
-        MHD__gnutls_buffer_get (&session->internals.record_send_buffer, &ptr,
-                                &n);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      MHD__gnutls_write_log
-        ("WRITE: Restoring old write. (%d bytes to send)\n", n);
-    }
-
-  MHD__gnutls_write_log ("WRITE: Will write %d bytes to %d.\n", n, fd);
-
-  i = 0;
-  left = n;
-  while (left > 0)
-    {
-
-      session->internals.errnum = 0;
-
-      if (session->internals.MHD__gnutls_push_func == NULL)
-        {
-          i = send (GNUTLS_POINTER_TO_INT (fd), &ptr[n - left], left, 0);
-#if HAVE_WINSOCK
-          if (i < 0)
-            {
-              int tmperr = WSAGetLastError ();
-              switch (tmperr)
-                {
-                case WSAEWOULDBLOCK:
-                  session->internals.errnum = EAGAIN;
-                  break;
-
-                case WSAEINTR:
-                  session->internals.errnum = EINTR;
-                  break;
-
-                default:
-                  session->internals.errnum = EIO;
-                  break;
-                }
-              WSASetLastError (tmperr);
-            }
-#endif
-        }
-      else
-	i = session->internals.MHD__gnutls_push_func (fd, &ptr[n - left], left);
-      if (i == -1)
-        {
-          int err = session->internals.errnum ? session->internals.errnum
-            : errno;
-
-          if ( (err == EAGAIN) || (err == EINTR) )
-            {
-              session->internals.record_send_buffer_prev_size += n - left;
-
-              retval =
-                MHD__gnutls_buffer_insert (&session->
-                                           internals.record_send_buffer,
-                                           &ptr[n - left], left);
-              if (retval < 0)
-                {
-                  MHD_gnutls_assert ();
-                  return retval;
-                }
-              if (err == EAGAIN)
-                return GNUTLS_E_AGAIN;
-              return GNUTLS_E_INTERRUPTED;
-            }
-          else
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_PUSH_ERROR;
-            }
-        }
-      left -= i;
-
-      if (MHD__gnutls_log_level >= 7)
-        {
-          char line[128];
-          char tmp[16];
-
-          MHD__gnutls_write_log
-            ("WRITE: wrote %d bytes to %d. Left %d bytes. Total %d bytes.\n",
-             i, fd, left, n);
-          for (x = 0; x < (unsigned) ((i) / 16) + 1; x++)
-            {
-              line[0] = 0;
-
-              if (sum > n - left)
-                break;
-
-              sprintf (tmp, "%.4x - ", x);
-              MHD_gtls_str_cat (line, sizeof (line), tmp);
-
-              for (j = 0; j < 16; j++)
-                {
-                  if (sum < n - left)
-                    {
-                      sprintf (tmp, "%.2x ", ((unsigned char *) ptr)[sum++]);
-                      MHD_gtls_str_cat (line, sizeof (line), tmp);
-                    }
-                  else
-                    break;
-                }
-              MHD__gnutls_write_log ("%s\n", line);
-            }
-        }
-    }
-
-  retval = n + session->internals.record_send_buffer_prev_size;
-
-  session->internals.record_send_buffer.length = 0;
-  session->internals.record_send_buffer_prev_size = 0;
-
-  return retval;
-
-}
-
-/* This function writes the data that are left in the
- * TLS write buffer (ie. because the previous write was
- * interrupted.
- */
-ssize_t
-MHD_gtls_io_write_flush (MHD_gtls_session_t session)
-{
-  ssize_t ret;
-
-  if (session->internals.record_send_buffer.length == 0)
-    return 0;                   /* done */
-
-  ret = MHD_gtls_io_write_buffered (session, NULL, 0);
-  MHD__gnutls_write_log ("WRITE FLUSH: %d [buffer: %d]\n", ret,
-                         session->internals.record_send_buffer.length);
-
-  return ret;
-}
-
-/* This function writes the data that are left in the
- * Handshake write buffer (ie. because the previous write was
- * interrupted.
- */
-ssize_t
-MHD_gtls_handshake_io_write_flush (MHD_gtls_session_t session)
-{
-  ssize_t ret;
-  ret = MHD_gtls_handshake_io_send_int (session, 0, 0, NULL, 0);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD__gnutls_write_log ("HANDSHAKE_FLUSH: written[1] %d bytes\n", ret);
-
-  if (session->internals.handshake_send_buffer.length == 0)
-    {
-      ret = session->internals.handshake_send_buffer_prev_size; /* done */
-      session->internals.handshake_send_buffer_prev_size = 0;
-    }
-
-  return ret;
-}
-
-/* This is a send function for the gnutls handshake
- * protocol. Just makes sure that all data have been sent.
- */
-ssize_t
-MHD_gtls_handshake_io_send_int (MHD_gtls_session_t session,
-                                content_type_t type,
-                                MHD_gnutls_handshake_description_t htype,
-                                const void *iptr, size_t n)
-{
-  size_t left;
-  ssize_t ret = 0;
-  const opaque *ptr;
-  ssize_t retval = 0;
-
-  ptr = iptr;
-
-  if (session->internals.handshake_send_buffer.length > 0 && ptr == NULL && n
-      == 0)
-    {
-      /* resuming previously interrupted write
-       */
-      MHD_gnutls_assert ();
-      ret = MHD__gnutls_buffer_get (&session->internals.handshake_send_buffer,
-                                    &ptr, &n);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return retval;
-        }
-
-      type = session->internals.handshake_send_buffer_type;
-      htype = session->internals.handshake_send_buffer_htype;
-
-    }
-  else if (session->internals.handshake_send_buffer.length > 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-#ifdef WRITE_DEBUG
-  else
-    {
-      size_t sum = 0, x, j;
-
-      MHD__gnutls_write_log ("HWRITE: will write %d bytes to %d.\n", n,
-                             MHD_gnutls_transport_get_ptr (session));
-      for (x = 0; x < ((n) / 16) + 1; x++)
-        {
-          if (sum > n)
-            break;
-
-          MHD__gnutls_write_log ("%.4x - ", x);
-          for (j = 0; j < 16; j++)
-            {
-              if (sum < n)
-                {
-                  MHD__gnutls_write_log ("%.2x ",
-                                         ((unsigned char *) ptr)[sum++]);
-                }
-              else
-                break;
-            }
-          MHD__gnutls_write_log ("\n");
-        }
-      MHD__gnutls_write_log ("\n");
-    }
-#endif
-
-  if (n == 0)
-    {                           /* if we have no data to send */
-      MHD_gnutls_assert ();
-      return 0;
-    }
-  else if (ptr == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  left = n;
-  while (left > 0)
-    {
-      ret = MHD_gtls_send_int (session, type, htype, &ptr[n - left], left);
-
-      if (ret <= 0)
-        {
-          if (ret == 0)
-            {
-              MHD_gnutls_assert ();
-              ret = GNUTLS_E_INTERNAL_ERROR;
-            }
-
-          if (left > 0 && (ret == GNUTLS_E_INTERRUPTED || ret
-                           == GNUTLS_E_AGAIN))
-            {
-              MHD_gnutls_assert ();
-
-              retval =
-                MHD__gnutls_buffer_insert (&session->internals.
-                                           handshake_send_buffer,
-                                           &ptr[n - left], left);
-              if (retval < 0)
-                {
-                  MHD_gnutls_assert ();
-                  return retval;
-                }
-
-              session->internals.handshake_send_buffer_prev_size += n - left;
-
-              session->internals.handshake_send_buffer_type = type;
-              session->internals.handshake_send_buffer_htype = htype;
-
-            }
-          else
-            {
-              session->internals.handshake_send_buffer_prev_size = 0;
-              session->internals.handshake_send_buffer.length = 0;
-            }
-
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      left -= ret;
-    }
-
-  retval = n + session->internals.handshake_send_buffer_prev_size;
-
-  session->internals.handshake_send_buffer.length = 0;
-  session->internals.handshake_send_buffer_prev_size = 0;
-
-  return retval;
-
-}
-
-/* This is a receive function for the gnutls handshake
- * protocol. Makes sure that we have received all data.
- */
-ssize_t
-MHD_gtls_handshake_io_recv_int (MHD_gtls_session_t session,
-                                content_type_t type,
-                                MHD_gnutls_handshake_description_t htype,
-                                void *iptr, size_t sizeOfPtr)
-{
-  size_t left;
-  ssize_t i;
-  opaque *ptr;
-  size_t dsize;
-
-  ptr = iptr;
-  left = sizeOfPtr;
-
-  if (sizeOfPtr == 0 || iptr == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  if (session->internals.handshake_recv_buffer.length > 0)
-    {
-      /* if we have already received some data */
-      if (sizeOfPtr <= session->internals.handshake_recv_buffer.length)
-        {
-          /* if requested less data then return it.
-           */
-          MHD_gnutls_assert ();
-          memcpy (iptr, session->internals.handshake_recv_buffer.data,
-                  sizeOfPtr);
-
-          session->internals.handshake_recv_buffer.length -= sizeOfPtr;
-
-          memmove (session->internals.handshake_recv_buffer.data,
-                   &session->internals.handshake_recv_buffer.data[sizeOfPtr],
-                   session->internals.handshake_recv_buffer.length);
-
-          return sizeOfPtr;
-        }
-      MHD_gnutls_assert ();
-      memcpy (iptr, session->internals.handshake_recv_buffer.data,
-              session->internals.handshake_recv_buffer.length);
-
-      htype = session->internals.handshake_recv_buffer_htype;
-      type = session->internals.handshake_recv_buffer_type;
-
-      left -= session->internals.handshake_recv_buffer.length;
-
-      session->internals.handshake_recv_buffer.length = 0;
-    }
-
-  while (left > 0)
-    {
-      dsize = sizeOfPtr - left;
-      i = MHD_gtls_recv_int (session, type, htype, &ptr[dsize], left);
-      if (i < 0)
-        {
-
-          if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN))
-            {
-              MHD_gnutls_assert ();
-
-              session->internals.handshake_recv_buffer.data
-                =
-                MHD_gtls_realloc_fast (session->internals.
-                                       handshake_recv_buffer.data, dsize);
-              if (session->internals.handshake_recv_buffer.data == NULL)
-                {
-                  MHD_gnutls_assert ();
-                  return GNUTLS_E_MEMORY_ERROR;
-                }
-
-              memcpy (session->internals.handshake_recv_buffer.data, iptr,
-                      dsize);
-
-              session->internals.handshake_recv_buffer_htype = htype;
-              session->internals.handshake_recv_buffer_type = type;
-
-              session->internals.handshake_recv_buffer.length = dsize;
-            }
-          else
-            session->internals.handshake_recv_buffer.length = 0;
-
-          MHD_gnutls_assert ();
-
-          return i;
-        }
-      else
-        {
-          if (i == 0)
-            break;              /* EOF */
-        }
-
-      left -= i;
-
-    }
-
-  session->internals.handshake_recv_buffer.length = 0;
-
-  return sizeOfPtr - left;
-}
-
-/* Buffer for handshake packets. Keeps the packets in order
- * for finished messages to use them. Used in HMAC calculation
- * and finished messages.
- */
-int
-MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
-                               size_t length)
-{
-
-  if (length == 0)
-    return 0;
-
-  if ((session->internals.max_handshake_data_buffer_size > 0) && ((length
-                                                                   +
-                                                                   session->
-                                                                   internals.
-                                                                   handshake_hash_buffer.
-                                                                   length) >
-                                                                  session->
-                                                                  internals.
-                                                                  max_handshake_data_buffer_size))
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  MHD__gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", length);
-
-  if (MHD_gtls_buffer_append (&session->internals.handshake_hash_buffer, data,
-                              length) < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  return 0;
-}
-
-/* this function does not touch the buffer
- * and returns data from it (peek mode!)
- */
-int
-MHD_gtls_handshake_buffer_get_ptr (MHD_gtls_session_t session,
-                                   opaque ** data_ptr, size_t * length)
-{
-  if (length != NULL)
-    *length = session->internals.handshake_hash_buffer.length;
-
-  MHD__gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n",
-                           session->internals.handshake_hash_buffer.length);
-
-  if (data_ptr != NULL)
-    *data_ptr = session->internals.handshake_hash_buffer.data;
-
-  return 0;
-}
-
-/* Does not free the buffer
- */
-int
-MHD_gtls_handshake_buffer_empty (MHD_gtls_session_t session)
-{
-
-  MHD__gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n");
-
-  session->internals.handshake_hash_buffer.length = 0;
-
-  return 0;
-}
-
-int
-MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session)
-{
-  MHD__gnutls_buffers_log ("BUF[HSK]: Cleared Data from buffer\n");
-  MHD_gtls_buffer_clear (&session->internals.handshake_hash_buffer);
-  return 0;
-}

src/daemon/https/tls/gnutls_buffers.h

@@ -1,64 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD_gnutls_record_buffer_put (content_type_t type,
-                                  MHD_gtls_session_t session, opaque * data,
-                                  size_t length);
-int MHD_gnutls_record_buffer_get_size (content_type_t type,
-                                       MHD_gtls_session_t session);
-int MHD_gtls_record_buffer_get (content_type_t type,
-                                MHD_gtls_session_t session, opaque * data,
-                                size_t length);
-ssize_t MHD_gtls_io_read_buffered (MHD_gtls_session_t, opaque ** iptr,
-                                   size_t n, content_type_t);
-void MHD_gtls_io_clear_read_buffer (MHD_gtls_session_t);
-int MHD_gtls_io_clear_peeked_data (MHD_gtls_session_t session);
-
-ssize_t MHD_gtls_io_write_buffered (MHD_gtls_session_t, const void *iptr,
-                                    size_t n);
-ssize_t MHD_gtls_io_write_buffered2 (MHD_gtls_session_t, const void *iptr,
-                                     size_t n, const void *iptr2, size_t n2);
-
-int MHD_gtls_handshake_buffer_put (MHD_gtls_session_t session, opaque * data,
-                                   size_t length);
-int MHD_gtls_handshake_buffer_clear (MHD_gtls_session_t session);
-int MHD_gtls_handshake_buffer_empty (MHD_gtls_session_t session);
-int MHD_gtls_handshake_buffer_get_ptr (MHD_gtls_session_t session,
-                                       opaque ** data_ptr, size_t * length);
-
-#define MHD__gnutls_handshake_io_buffer_clear( session) \
-        MHD_gtls_buffer_clear( &session->internals.handshake_send_buffer); \
-        MHD_gtls_buffer_clear( &session->internals.handshake_recv_buffer); \
-        session->internals.handshake_send_buffer_prev_size = 0
-
-ssize_t MHD_gtls_handshake_io_recv_int (MHD_gtls_session_t, content_type_t,
-                                        MHD_gnutls_handshake_description_t,
-                                        void *, size_t);
-ssize_t MHD_gtls_handshake_io_send_int (MHD_gtls_session_t, content_type_t,
-                                        MHD_gnutls_handshake_description_t,
-                                        const void *, size_t);
-ssize_t MHD_gtls_io_write_flush (MHD_gtls_session_t session);
-ssize_t MHD_gtls_handshake_io_write_flush (MHD_gtls_session_t session);
-
-size_t MHD_gtls_record_check_pending (MHD_gtls_session_t session);

src/daemon/https/tls/gnutls_cert.c

@@ -1,441 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Some of the stuff needed for Certificate authentication is contained
- * in this file.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <auth_cert.h>
-#include <gnutls_cert.h>
-#include <gnutls_datum.h>
-#include <gnutls_mpi.h>
-#include <gnutls_global.h>
-#include <gnutls_algorithms.h>
-#include <gnutls_dh.h>
-#include <gnutls_str.h>
-#include <gnutls_state.h>
-#include <gnutls_auth_int.h>
-#include <gnutls_x509.h>
-/* x509 */
-#include "x509.h"
-#include "mpi.h"
-
-/**
-  * MHD__gnutls_certificate_free_keys - Used to free all the keys from a MHD_gtls_cert_credentials_t structure
-  * @sc: is an #MHD_gtls_cert_credentials_t structure.
-  *
-  * This function will delete all the keys and the certificates associated
-  * with the given credentials. This function must not be called when a
-  * TLS negotiation that uses the credentials is in progress.
-  *
-  **/
-void
-MHD__gnutls_certificate_free_keys (MHD_gtls_cert_credentials_t sc)
-{
-  unsigned i, j;
-
-  for (i = 0; i < sc->ncerts; i++)
-    {
-      for (j = 0; j < sc->cert_list_length[i]; j++)
-        {
-          MHD_gtls_gcert_deinit (&sc->cert_list[i][j]);
-        }
-      MHD_gnutls_free (sc->cert_list[i]);
-    }
-
-  MHD_gnutls_free (sc->cert_list_length);
-  sc->cert_list_length = NULL;
-
-  MHD_gnutls_free (sc->cert_list);
-  sc->cert_list = NULL;
-
-  for (i = 0; i < sc->ncerts; i++)
-    {
-      MHD_gtls_gkey_deinit (&sc->pkey[i]);
-    }
-
-  MHD_gnutls_free (sc->pkey);
-  sc->pkey = NULL;
-
-  sc->ncerts = 0;
-
-}
-
-/**
-  * MHD__gnutls_certificate_free_cas - Used to free all the CAs from a MHD_gtls_cert_credentials_t structure
-  * @sc: is an #MHD_gtls_cert_credentials_t structure.
-  *
-  * This function will delete all the CAs associated
-  * with the given credentials. Servers that do not use
-  * MHD_gtls_certificate_verify_peers2() may call this to
-  * save some memory.
-  *
-  **/
-void
-MHD__gnutls_certificate_free_cas (MHD_gtls_cert_credentials_t sc)
-{
-  unsigned j;
-
-  for (j = 0; j < sc->x509_ncas; j++)
-    {
-      MHD_gnutls_x509_crt_deinit (sc->x509_ca_list[j]);
-    }
-
-  sc->x509_ncas = 0;
-
-  MHD_gnutls_free (sc->x509_ca_list);
-  sc->x509_ca_list = NULL;
-
-}
-
-/**
-  * MHD__gnutls_certificate_free_ca_names - Used to free all the CA names from a MHD_gtls_cert_credentials_t structure
-  * @sc: is an #MHD_gtls_cert_credentials_t structure.
-  *
-  * This function will delete all the CA name in the
-  * given credentials. Clients may call this to save some memory
-  * since in client side the CA names are not used.
-  *
-  * CA names are used by servers to advertize the CAs they
-  * support to clients.
-  *
-  **/
-void
-MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc)
-{
-  MHD__gnutls_free_datum (&sc->x509_rdn_sequence);
-}
-
-/*-
-  * MHD_gtls_certificate_get_rsa_params - Returns the RSA parameters pointer
-  * @rsa_params: holds the RSA parameters or NULL.
-  * @func: function to retrieve the parameters or NULL.
-  * @session: The session.
-  *
-  * This function will return the rsa parameters pointer.
-  *
-  -*/
-MHD_gtls_rsa_params_t
-MHD_gtls_certificate_get_rsa_params (MHD_gtls_rsa_params_t rsa_params,
-                                     MHD_gnutls_params_function * func,
-                                     MHD_gtls_session_t session)
-{
-  MHD_gnutls_params_st params;
-  int ret;
-
-  if (session->internals.params.rsa_params)
-    {
-      return session->internals.params.rsa_params;
-    }
-
-  if (rsa_params)
-    {
-      session->internals.params.rsa_params = rsa_params;
-    }
-  else if (func)
-    {
-      ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, &params);
-      if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT)
-        {
-          session->internals.params.rsa_params = params.params.rsa_export;
-          session->internals.params.free_rsa_params = params.deinit;
-        }
-    }
-
-  return session->internals.params.rsa_params;
-}
-
-
-/**
-  * MHD__gnutls_certificate_free_credentials - Used to free an allocated MHD_gtls_cert_credentials_t structure
-  * @sc: is an #MHD_gtls_cert_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus
-  * this helper function is provided in order to free (deallocate) it.
-  *
-  * This function does not free any temporary parameters associated
-  * with this structure (ie RSA and DH parameters are not freed by
-  * this function).
-  **/
-void
-MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t sc)
-{
-  MHD__gnutls_certificate_free_keys (sc);
-  MHD__gnutls_certificate_free_cas (sc);
-  MHD__gnutls_certificate_free_ca_names (sc);
-#ifdef KEYRING_HACK
-  MHD__gnutls_free_datum (&sc->keyring);
-#endif
-
-  MHD_gnutls_free (sc);
-}
-
-
-/**
-  * MHD__gnutls_certificate_allocate_credentials - Used to allocate a MHD_gtls_cert_credentials_t structure
-  * @res: is a pointer to an #MHD_gtls_cert_credentials_t structure.
-  *
-  * This structure is complex enough to manipulate directly thus this
-  * helper function is provided in order to allocate it.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-  **/
-int
-MHD__gnutls_certificate_allocate_credentials (MHD_gtls_cert_credentials_t *
-                                              res)
-{
-  *res = MHD_gnutls_calloc (1, sizeof (MHD_gtls_cert_credentials_st));
-
-  if (*res == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  (*res)->verify_bits = DEFAULT_VERIFY_BITS;
-  (*res)->verify_depth = DEFAULT_VERIFY_DEPTH;
-
-  return 0;
-}
-
-
-/* returns the KX algorithms that are supported by a
- * certificate. (Eg a certificate with RSA params, supports
- * GNUTLS_KX_RSA algorithm).
- * This function also uses the KeyUsage field of the certificate
- * extensions in order to disable unneded algorithms.
- */
-int
-MHD_gtls_selected_cert_supported_kx (MHD_gtls_session_t session,
-                                     enum MHD_GNUTLS_KeyExchangeAlgorithm
-                                     **alg, int *alg_size)
-{
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kx;
-  enum MHD_GNUTLS_PublicKeyAlgorithm pk;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kxlist[MAX_ALGOS];
-  MHD_gnutls_cert *cert;
-  int i;
-
-  if (session->internals.selected_cert_list_length == 0)
-    {
-      *alg_size = 0;
-      *alg = NULL;
-      return 0;
-    }
-
-  cert = &session->internals.selected_cert_list[0];
-  i = 0;
-
-  for (kx = 0; kx < MAX_ALGOS; kx++)
-    {
-      pk = MHD_gtls_map_pk_get_pk (kx);
-      if (pk == cert->subject_pk_algorithm)
-        {
-          /* then check key usage */
-          if (MHD__gnutls_check_key_usage (cert, kx) == 0)
-            {
-              kxlist[i] = kx;
-              i++;
-            }
-        }
-    }
-
-  if (i == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  *alg =
-    MHD_gnutls_calloc (1, sizeof (enum MHD_GNUTLS_KeyExchangeAlgorithm) * i);
-  if (*alg == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  *alg_size = i;
-
-  memcpy (*alg, kxlist, i * sizeof (enum MHD_GNUTLS_KeyExchangeAlgorithm));
-
-  return 0;
-}
-
-
-
-int
-MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
-                            enum MHD_GNUTLS_CertificateType type,
-                            const MHD_gnutls_datum_t * raw_cert,
-                            int flags /* OR of ConvFlags */ )
-{
-  switch (type)
-    {
-    case MHD_GNUTLS_CRT_X509:
-      return MHD_gtls_x509_raw_cert_to_gcert (gcert, raw_cert, flags);
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-}
-
-/* This function will convert a der certificate to a format
- * (structure) that gnutls can understand and use. Actually the
- * important thing on this function is that it extracts the
- * certificate's (public key) parameters.
- *
- * The noext flag is used to complete the handshake even if the
- * extensions found in the certificate are unsupported and critical.
- * The critical extensions will be catched by the verification functions.
- */
-int
-MHD_gtls_x509_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
-                                 const MHD_gnutls_datum_t * derCert,
-                                 int flags /* OR of ConvFlags */ )
-{
-  int ret;
-  MHD_gnutls_x509_crt_t cert;
-
-  ret = MHD_gnutls_x509_crt_init (&cert);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = MHD_gnutls_x509_crt_import (cert, derCert, GNUTLS_X509_FMT_DER);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_x509_crt_deinit (cert);
-      return ret;
-    }
-
-  ret = MHD_gtls_x509_crt_to_gcert (gcert, cert, flags);
-  MHD_gnutls_x509_crt_deinit (cert);
-
-  return ret;
-}
-
-/* Like above but it accepts a parsed certificate instead.
- */
-int
-MHD_gtls_x509_crt_to_gcert (MHD_gnutls_cert * gcert,
-                            MHD_gnutls_x509_crt_t cert, unsigned int flags)
-{
-  int ret = 0;
-
-  memset (gcert, 0, sizeof (MHD_gnutls_cert));
-  gcert->cert_type = MHD_GNUTLS_CRT_X509;
-
-  if (!(flags & CERT_NO_COPY))
-    {
-#define SMALL_DER 512
-      opaque *der;
-      size_t der_size = SMALL_DER;
-
-      /* initially allocate a bogus size, just in case the certificate
-       * fits in it. That way we minimize the DER encodings performed.
-       */
-      der = MHD_gnutls_malloc (SMALL_DER);
-      if (der == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      ret =
-        MHD_gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der,
-                                    &der_size);
-      if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (der);
-          return ret;
-        }
-
-      if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
-        {
-          der = MHD_gnutls_realloc (der, der_size);
-          if (der == NULL)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-          ret =
-            MHD_gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der,
-                                        &der_size);
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (der);
-              return ret;
-            }
-        }
-
-      gcert->raw.data = der;
-      gcert->raw.size = der_size;
-    }
-  else
-    /* now we have 0 or a bitwise or of things to decode */
-    flags ^= CERT_NO_COPY;
-
-
-  if (flags & CERT_ONLY_EXTENSIONS || flags == 0)
-    {
-      MHD_gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL);
-      gcert->version = MHD_gnutls_x509_crt_get_version (cert);
-    }
-  gcert->subject_pk_algorithm =
-    MHD_gnutls_x509_crt_get_pk_algorithm (cert, NULL);
-
-  if (flags & CERT_ONLY_PUBKEY || flags == 0)
-    {
-      gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
-      ret =
-        MHD__gnutls_x509_crt_get_mpis (cert, gcert->params,
-                                       &gcert->params_size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-
-  return 0;
-
-}
-
-void
-MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert)
-{
-  int i;
-
-  if (cert == NULL)
-    return;
-
-  for (i = 0; i < cert->params_size; i++)
-    {
-      MHD_gtls_mpi_release (&cert->params[i]);
-    }
-
-  MHD__gnutls_free_datum (&cert->raw);
-}

src/daemon/https/tls/gnutls_cert.h

@@ -1,127 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_CERT_H
-# define GNUTLS_CERT_H
-
-#include <gnutls_pk.h>
-#include "x509.h"
-
-#define MAX_PUBLIC_PARAMS_SIZE 4        /* ok for RSA and DSA */
-
-/* parameters should not be larger than this limit */
-#define DSA_PUBLIC_PARAMS 4
-#define RSA_PUBLIC_PARAMS 2
-
-/* For key Usage, test as:
- * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ...
- */
-#define KEY_DIGITAL_SIGNATURE 		128
-#define KEY_NON_REPUDIATION		64
-#define KEY_KEY_ENCIPHERMENT		32
-#define KEY_DATA_ENCIPHERMENT		16
-#define KEY_KEY_AGREEMENT		8
-#define KEY_KEY_CERT_SIGN		4
-#define KEY_CRL_SIGN			2
-#define KEY_ENCIPHER_ONLY		1
-#define KEY_DECIPHER_ONLY		32768
-
-typedef struct MHD_gnutls_cert
-{
-  mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public
-                                         * key algorithm
-                                         * RSA: [0] is modulus
-                                         *      [1] is public exponent
-                                         * DSA: [0] is p
-                                         *      [1] is q
-                                         *      [2] is g
-                                         *      [3] is public key
-                                         */
-  int params_size;              /* holds the size of MPI params */
-
-  enum MHD_GNUTLS_PublicKeyAlgorithm subject_pk_algorithm;
-
-  unsigned int key_usage;       /* bits from KEY_*
-                                 */
-
-  unsigned int version;
-  /* holds the type (PGP, X509)
-   */
-  enum MHD_GNUTLS_CertificateType cert_type;
-
-  MHD_gnutls_datum_t raw;
-
-} MHD_gnutls_cert;
-
-typedef struct MHD_gnutls_privkey_int
-{
-  mpi_t params[MAX_PRIV_PARAMS_SIZE];   /* the size of params depends on the public
-                                         * key algorithm
-                                         */
-  /*
-   * RSA: [0] is modulus
-   *      [1] is public exponent
-   *      [2] is private exponent
-   *      [3] is prime1 (p)
-   *      [4] is prime2 (q)
-   *      [5] is coefficient (u == inverse of p mod q)
-   * DSA: [0] is p
-   *      [1] is q
-   *      [2] is g
-   *      [3] is y (public key)
-   *      [4] is x (private key)
-   */
-  int params_size;              /* holds the number of params */
-
-  enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
-} MHD_gnutls_privkey;
-
-struct MHD_gtls_session_int;    /* because MHD_gtls_session_t is not defined when this file is included */
-
-typedef enum ConvFlags
-{
-  CERT_NO_COPY = 2,
-  CERT_ONLY_PUBKEY = 4,
-  CERT_ONLY_EXTENSIONS = 16
-} ConvFlags;
-
-int MHD_gtls_x509_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
-                                     const MHD_gnutls_datum_t * derCert,
-                                     int flags);
-int MHD_gtls_x509_crt_to_gcert (MHD_gnutls_cert * gcert,
-                                MHD_gnutls_x509_crt_t cert,
-                                unsigned int flags);
-
-void MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key);
-void MHD_gtls_gcert_deinit (MHD_gnutls_cert * cert);
-
-int MHD_gtls_selected_cert_supported_kx (struct MHD_gtls_session_int *session,
-                                         enum MHD_GNUTLS_KeyExchangeAlgorithm
-                                         **alg, int *alg_size);
-
-int MHD_gtls_raw_cert_to_gcert (MHD_gnutls_cert * gcert,
-                                enum MHD_GNUTLS_CertificateType type,
-                                const MHD_gnutls_datum_t * raw_cert,
-                                int flags /* OR of ConvFlags */ );
-#endif

src/daemon/https/tls/gnutls_cipher.c

@@ -1,499 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Some high level functions to be used in the record encryption are
- * included here.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_cipher.h"
-#include "gnutls_algorithms.h"
-#include "gnutls_hash_int.h"
-#include "gnutls_cipher_int.h"
-#include "debug.h"
-#include "gnutls_num.h"
-#include "gnutls_datum.h"
-#include "gnutls_kx.h"
-#include "gnutls_record.h"
-#include "gnutls_constate.h"
-#include <gc.h>
-
-/* returns ciphertext which contains the headers too. This also
- * calculates the size in the header field.
- *
- * If random pad != 0 then the random pad data will be appended.
- */
-int
-MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers,
-                  size_t headers_size, const opaque * data,
-                  size_t data_size, opaque * ciphertext,
-                  size_t ciphertext_size, content_type_t type, int random_pad)
-{
-  MHD_gnutls_datum_t plain;
-  MHD_gnutls_datum_t comp;
-  int ret;
-  int free_comp = 1;
-
-  plain.data = (opaque *) data;
-  plain.size = data_size;
-
-  comp = plain;
-  free_comp = 0;
-  ret = MHD_gtls_compressed2ciphertext (session, &ciphertext[headers_size],
-                                        ciphertext_size - headers_size,
-                                        comp, type, random_pad);
-
-  if (free_comp)
-    MHD__gnutls_free_datum (&comp);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-
-  /* copy the headers */
-  memcpy (ciphertext, headers, headers_size);
-  MHD_gtls_write_uint16 (ret, &ciphertext[3]);
-
-  return ret + headers_size;
-}
-
-/* Decrypts the given data.
- * Returns the decrypted data length.
- */
-int
-MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext,
-                  size_t ciphertext_size, uint8_t * data,
-                  size_t max_data_size, content_type_t type)
-{
-  MHD_gnutls_datum_t gcipher;
-
-  if (ciphertext_size == 0)
-    return 0;
-
-  gcipher.size = ciphertext_size;
-  gcipher.data = ciphertext;
-
-  return
-    MHD_gtls_ciphertext2compressed (session, data, max_data_size,
-                                    gcipher, type);
-}
-
-inline static mac_hd_t
-mac_init (enum MHD_GNUTLS_HashAlgorithm mac, opaque * secret, int secret_size,
-          int ver)
-{
-  mac_hd_t td;
-
-  if (mac == MHD_GNUTLS_MAC_NULL)
-    return GNUTLS_MAC_FAILED;
-
-  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
-    {                           /* SSL 3.0 */
-      td = MHD_gnutls_mac_init_ssl3 (mac, secret, secret_size);
-    }
-  else
-    {                           /* TLS 1.x */
-      td = MHD_gtls_MHD_hmac_init (mac, secret, secret_size);
-    }
-
-  return td;
-}
-
-inline static void
-mac_deinit (mac_hd_t td, opaque * res, int ver)
-{
-  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
-    {                           /* SSL 3.0 */
-      MHD_gnutls_mac_deinit_ssl3 (td, res);
-    }
-  else
-    {
-      MHD_gnutls_MHD_hmac_deinit (td, res);
-    }
-}
-
-inline static int
-calc_enc_length (MHD_gtls_session_t session, int data_size,
-                 int hash_size, uint8_t * pad, int random_pad,
-                 cipher_type_t block_algo, uint16_t blocksize)
-{
-  uint8_t rnd;
-  int length;
-
-  *pad = 0;
-
-  switch (block_algo)
-    {
-    case CIPHER_STREAM:
-      length = data_size + hash_size;
-
-      break;
-    case CIPHER_BLOCK:
-      if (MHD_gc_nonce ((char *) &rnd, 1) != GC_OK)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_RANDOM_FAILED;
-        }
-
-      /* make rnd a multiple of blocksize */
-      if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3 ||
-          random_pad == 0)
-        {
-          rnd = 0;
-        }
-      else
-        {
-          rnd = (rnd / blocksize) * blocksize;
-          /* added to avoid the case of pad calculated 0
-           * seen below for pad calculation.
-           */
-          if (rnd > blocksize)
-            rnd -= blocksize;
-        }
-
-      length = data_size + hash_size;
-
-      *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd;
-
-      length += *pad;
-      if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1)
-        length += blocksize;    /* for the IV */
-
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  return length;
-}
-
-/* This is the actual encryption
- * Encrypts the given compressed datum, and puts the result to cipher_data,
- * which has cipher_size size.
- * return the actual encrypted data length.
- */
-int
-MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session,
-                                opaque * cipher_data, int cipher_size,
-                                MHD_gnutls_datum_t compressed,
-                                content_type_t _type, int random_pad)
-{
-  uint8_t MAC[MAX_HASH_SIZE];
-  uint16_t c_length;
-  uint8_t pad;
-  int length, ret;
-  mac_hd_t td;
-  uint8_t type = _type;
-  uint8_t major, minor;
-  int hash_size =
-    MHD_gnutls_hash_get_algo_len (session->security_parameters.
-                                  write_mac_algorithm);
-  enum MHD_GNUTLS_Protocol ver;
-  int blocksize =
-    MHD_gtls_cipher_get_block_size (session->security_parameters.
-                                    write_bulk_cipher_algorithm);
-  cipher_type_t block_algo =
-    MHD_gtls_cipher_is_block (session->security_parameters.
-                              write_bulk_cipher_algorithm);
-  opaque *data_ptr;
-
-
-  ver = MHD__gnutls_protocol_get_version (session);
-  minor = MHD_gtls_version_get_minor (ver);
-  major = MHD_gtls_version_get_major (ver);
-
-
-  /* Initialize MAC */
-  td = mac_init (session->security_parameters.write_mac_algorithm,
-                 session->connection_state.write_mac_secret.data,
-                 session->connection_state.write_mac_secret.size, ver);
-
-  if (td == GNUTLS_MAC_FAILED
-      && session->security_parameters.write_mac_algorithm !=
-      MHD_GNUTLS_MAC_NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  c_length = MHD_gtls_conv_uint16 (compressed.size);
-
-  if (td != GNUTLS_MAC_FAILED)
-    {                           /* actually when the algorithm in not the NULL one */
-      MHD_gnutls_hash (td,
-                       UINT64DATA (session->connection_state.
-                                   write_sequence_number), 8);
-
-      MHD_gnutls_hash (td, &type, 1);
-      if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0)
-        {                       /* TLS 1.0 or higher */
-          MHD_gnutls_hash (td, &major, 1);
-          MHD_gnutls_hash (td, &minor, 1);
-        }
-      MHD_gnutls_hash (td, &c_length, 2);
-      MHD_gnutls_hash (td, compressed.data, compressed.size);
-      mac_deinit (td, MAC, ver);
-    }
-
-
-  /* Calculate the encrypted length (padding etc.)
-   */
-  length =
-    calc_enc_length (session, compressed.size, hash_size, &pad,
-                     random_pad, block_algo, blocksize);
-  if (length < 0)
-    {
-      MHD_gnutls_assert ();
-      return length;
-    }
-
-  /* copy the encrypted data to cipher_data.
-   */
-  if (cipher_size < length)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  data_ptr = cipher_data;
-  if (block_algo == CIPHER_BLOCK &&
-      session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1)
-    {
-      /* copy the random IV.
-       */
-      if (MHD_gc_nonce ((char *) data_ptr, blocksize) != GC_OK)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_RANDOM_FAILED;
-        }
-      data_ptr += blocksize;
-    }
-
-  memcpy (data_ptr, compressed.data, compressed.size);
-  data_ptr += compressed.size;
-
-  if (hash_size > 0)
-    {
-      memcpy (data_ptr, MAC, hash_size);
-      data_ptr += hash_size;
-    }
-  if (block_algo == CIPHER_BLOCK && pad > 0)
-    {
-      memset (data_ptr, pad - 1, pad);
-    }
-
-
-  /* Actual encryption (inplace).
-   */
-  ret =
-    MHD_gtls_cipher_encrypt (session->connection_state.write_cipher_state,
-                             cipher_data, length);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return length;
-}
-
-/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
- * Returns the actual compressed packet size.
- */
-int
-MHD_gtls_ciphertext2compressed (MHD_gtls_session_t session,
-                                opaque * compress_data,
-                                int compress_size,
-                                MHD_gnutls_datum_t ciphertext, uint8_t type)
-{
-  uint8_t MAC[MAX_HASH_SIZE];
-  uint16_t c_length;
-  uint8_t pad;
-  int length;
-  mac_hd_t td;
-  uint16_t blocksize;
-  int ret, i, pad_failed = 0;
-  uint8_t major, minor;
-  enum MHD_GNUTLS_Protocol ver;
-  int hash_size =
-    MHD_gnutls_hash_get_algo_len (session->security_parameters.
-                                  read_mac_algorithm);
-
-  ver = MHD__gnutls_protocol_get_version (session);
-  minor = MHD_gtls_version_get_minor (ver);
-  major = MHD_gtls_version_get_major (ver);
-
-  blocksize =
-    MHD_gtls_cipher_get_block_size (session->security_parameters.
-                                    read_bulk_cipher_algorithm);
-
-  /* initialize MAC
-   */
-  td = mac_init (session->security_parameters.read_mac_algorithm,
-                 session->connection_state.read_mac_secret.data,
-                 session->connection_state.read_mac_secret.size, ver);
-
-  if (td == GNUTLS_MAC_FAILED
-      && session->security_parameters.read_mac_algorithm !=
-      MHD_GNUTLS_MAC_NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-  /* actual decryption (inplace)
-   */
-  switch (MHD_gtls_cipher_is_block
-          (session->security_parameters.read_bulk_cipher_algorithm))
-    {
-    case CIPHER_STREAM:
-      if ((ret =
-           MHD_gtls_cipher_decrypt (session->connection_state.
-                                    read_cipher_state, ciphertext.data,
-                                    ciphertext.size)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      length = ciphertext.size - hash_size;
-
-      break;
-    case CIPHER_BLOCK:
-      if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0))
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_DECRYPTION_FAILED;
-        }
-
-      if ((ret =
-           MHD_gtls_cipher_decrypt (session->connection_state.
-                                    read_cipher_state, ciphertext.data,
-                                    ciphertext.size)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      /* ignore the IV in TLS 1.1.
-       */
-      if (session->security_parameters.version >= MHD_GNUTLS_PROTOCOL_TLS1_1)
-        {
-          ciphertext.size -= blocksize;
-          ciphertext.data += blocksize;
-
-          if (ciphertext.size == 0)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_DECRYPTION_FAILED;
-            }
-        }
-
-      pad = ciphertext.data[ciphertext.size - 1] + 1;   /* pad */
-
-      length = ciphertext.size - hash_size - pad;
-
-      if (pad > ciphertext.size - hash_size)
-        {
-          MHD_gnutls_assert ();
-          /* We do not fail here. We check below for the
-           * the pad_failed. If zero means success.
-           */
-          pad_failed = GNUTLS_E_DECRYPTION_FAILED;
-        }
-
-      /* Check the pading bytes (TLS 1.x)
-       */
-      if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0 && pad_failed == 0)
-        for (i = 2; i < pad; i++)
-          {
-            if (ciphertext.data[ciphertext.size - i] !=
-                ciphertext.data[ciphertext.size - 1])
-              pad_failed = GNUTLS_E_DECRYPTION_FAILED;
-          }
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  if (length < 0)
-    length = 0;
-  c_length = MHD_gtls_conv_uint16 ((uint16_t) length);
-
-  /* Pass the type, version, length and compressed through
-   * MAC.
-   */
-  if (td != GNUTLS_MAC_FAILED)
-    {
-      MHD_gnutls_hash (td,
-                       UINT64DATA (session->connection_state.
-                                   read_sequence_number), 8);
-
-      MHD_gnutls_hash (td, &type, 1);
-      if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_0)
-        {                       /* TLS 1.x */
-          MHD_gnutls_hash (td, &major, 1);
-          MHD_gnutls_hash (td, &minor, 1);
-        }
-      MHD_gnutls_hash (td, &c_length, 2);
-
-      if (length > 0)
-        MHD_gnutls_hash (td, ciphertext.data, length);
-
-      mac_deinit (td, MAC, ver);
-    }
-
-  /* This one was introduced to avoid a timing attack against the TLS
-   * 1.0 protocol.
-   */
-  if (pad_failed != 0)
-    return pad_failed;
-
-  /* HMAC was not the same.
-   */
-  if ( (td != GNUTLS_MAC_FAILED) &&
-       (memcmp (MAC, &ciphertext.data[length], hash_size) != 0) )
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_DECRYPTION_FAILED;
-    }
-
-  /* copy the decrypted stuff to compress_data.
-   */
-  if (compress_size < length)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_DECOMPRESSION_FAILED;
-    }
-  memcpy (compress_data, ciphertext.data, length);
-
-  return length;
-}

src/daemon/https/tls/gnutls_cipher.h

@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD_gtls_encrypt (MHD_gtls_session_t session, const opaque * headers,
-                      size_t headers_size, const opaque * data,
-                      size_t data_size, opaque * ciphertext,
-                      size_t ciphertext_size, content_type_t type,
-                      int random_pad);
-
-int MHD_gtls_decrypt (MHD_gtls_session_t session, opaque * ciphertext,
-                      size_t ciphertext_size, uint8_t * data,
-                      size_t data_size, content_type_t type);
-int MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session,
-                                    opaque * cipher_data, int cipher_size,
-                                    MHD_gnutls_datum_t compressed,
-                                    content_type_t _type, int random_pad);
-int MHD_gtls_ciphertext2compressed (MHD_gtls_session_t session,
-                                    opaque * compress_data, int compress_size,
-                                    MHD_gnutls_datum_t ciphertext,
-                                    uint8_t type);

src/daemon/https/tls/gnutls_cipher_int.c

@@ -1,109 +0,0 @@
-/*
- * Copyright (C) 2000, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_cipher_int.h>
-#include <gnutls_datum.h>
-
-cipher_hd_t
-MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
-                      const MHD_gnutls_datum_t * key,
-                      const MHD_gnutls_datum_t * iv)
-{
-  cipher_hd_t ret = NULL;
-  int err = GC_INVALID_CIPHER;  /* doesn't matter */
-
-  switch (cipher)
-    {
-    case MHD_GNUTLS_CIPHER_AES_128_CBC:
-      err = MHD_gc_cipher_open (GC_AES128, GC_CBC, &ret);
-      break;
-    case MHD_GNUTLS_CIPHER_AES_256_CBC:
-      err = MHD_gc_cipher_open (GC_AES256, GC_CBC, &ret);
-      break;
-    case MHD_GNUTLS_CIPHER_3DES_CBC:
-      err = MHD_gc_cipher_open (GC_3DES, GC_CBC, &ret);
-      break;
-    case MHD_GNUTLS_CIPHER_ARCFOUR_128:
-      err = MHD_gc_cipher_open (GC_ARCFOUR128, GC_STREAM, &ret);
-      break;
-    default:
-      return NULL;
-    }
-
-  if (err == 0)
-    {
-      MHD_gc_cipher_setkey (ret, key->size, (const char *) key->data);
-      if (iv->data != NULL && iv->size > 0)
-        MHD_gc_cipher_setiv (ret, iv->size, (const char *) iv->data);
-    }
-  else if (cipher != MHD_GNUTLS_CIPHER_NULL)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_x509_log ("Crypto cipher[%d] error: %d\n", cipher, err);
-      /* FIXME: MHD_gc_strerror */
-    }
-
-  return ret;
-}
-
-int
-MHD_gtls_cipher_encrypt (cipher_hd_t handle, void *text, int textlen)
-{
-  if (handle != GNUTLS_CIPHER_FAILED)
-    {
-      if (MHD_gc_cipher_encrypt_inline (handle, textlen, text) != 0)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-    }
-  return 0;
-}
-
-int
-MHD_gtls_cipher_decrypt (cipher_hd_t handle, void *ciphertext,
-                         int ciphertextlen)
-{
-  if (handle != GNUTLS_CIPHER_FAILED)
-    {
-      if (MHD_gc_cipher_decrypt_inline (handle, ciphertextlen, ciphertext) !=
-          0)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-    }
-  return 0;
-}
-
-void
-MHD_gnutls_cipher_deinit (cipher_hd_t handle)
-{
-  if (handle != GNUTLS_CIPHER_FAILED)
-    {
-      MHD_gc_cipher_close (handle);
-    }
-}

src/daemon/https/tls/gnutls_cipher_int.h

@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_CIPHER_INT
-# define GNUTLS_CIPHER_INT
-
-#define cipher_hd_t MHD_gc_cipher_handle
-#define GNUTLS_CIPHER_FAILED NULL
-
-// TODO MHD_gc_cipher_handle -> void * x3
-void *MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
-                            const MHD_gnutls_datum_t * key,
-                            const MHD_gnutls_datum_t * iv);
-
-int MHD_gtls_cipher_encrypt (void *handle, void *text, int textlen);
-
-int MHD_gtls_cipher_decrypt (void *handle,
-                             void *ciphertext, int ciphertextlen);
-
-void MHD_gnutls_cipher_deinit (void *handle);
-
-#endif /* GNUTLS_CIPHER_INT */

src/daemon/https/tls/gnutls_constate.c

@@ -1,999 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006  Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions that are supposed to run after the handshake procedure is
- * finished. These functions activate the established security parameters.
- */
-
-#include "MHD_config.h"
-#include <gnutls_int.h>
-#include <gnutls_constate.h>
-#include <gnutls_errors.h>
-#include <gnutls_kx.h>
-#include <gnutls_algorithms.h>
-#include <gnutls_num.h>
-#include <gnutls_datum.h>
-#include <gnutls_state.h>
-
-static const char keyexp[] = "key expansion";
-static const int keyexp_length = sizeof (keyexp) - 1;
-
-static const char ivblock[] = "IV block";
-static const int ivblock_length = sizeof (ivblock) - 1;
-
-static const char cliwrite[] = "client write key";
-static const int cliwrite_length = sizeof (cliwrite) - 1;
-
-static const char servwrite[] = "server write key";
-static const int servwrite_length = sizeof (servwrite) - 1;
-
-#define EXPORT_FINAL_KEY_SIZE 16
-
-/* This function is to be called after handshake, when master_secret,
- *  client_random and server_random have been initialized.
- * This function creates the keys and stores them into pending session.
- * (session->cipher_specs)
- */
-int
-MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size,
-                      int key_size, int export_flag)
-{
-  opaque *key_block;
-  opaque rnd[2 * TLS_RANDOM_SIZE];
-  opaque rrnd[2 * TLS_RANDOM_SIZE];
-  int pos, ret;
-  int block_size;
-  char buf[65];
-
-  if (session->cipher_specs.generated_keys != 0)
-    {
-      /* keys have already been generated.
-       * reset generated_keys and exit normally.
-       */
-      session->cipher_specs.generated_keys = 0;
-      return 0;
-    }
-
-  block_size = 2 * hash_size + 2 * key_size;
-  if (export_flag == 0)
-    block_size += 2 * IV_size;
-
-  key_block = MHD_gnutls_secure_malloc (block_size);
-  if (key_block == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  memcpy (rnd, session->security_parameters.server_random, TLS_RANDOM_SIZE);
-  memcpy (&rnd[TLS_RANDOM_SIZE],
-          session->security_parameters.client_random, TLS_RANDOM_SIZE);
-
-  memcpy (rrnd, session->security_parameters.client_random, TLS_RANDOM_SIZE);
-  memcpy (&rrnd[TLS_RANDOM_SIZE],
-          session->security_parameters.server_random, TLS_RANDOM_SIZE);
-
-  if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3)
-    {                           /* SSL 3 */
-      ret =
-        MHD_gnutls_ssl3_generate_random
-        (session->security_parameters.master_secret, TLS_MASTER_SIZE, rnd,
-         2 * TLS_RANDOM_SIZE, block_size, key_block);
-    }
-  else
-    {                           /* TLS 1.0 */
-      ret =
-        MHD_gtls_PRF (session,
-                      (const unsigned char *) session->
-                      security_parameters.master_secret, TLS_MASTER_SIZE,
-                      keyexp, keyexp_length, rnd, 2 * TLS_RANDOM_SIZE,
-                      block_size, key_block);
-    }
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (key_block);
-      return ret;
-    }
-
-  MHD__gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
-                        MHD_gtls_bin2hex (key_block, block_size, buf,
-                                          sizeof (buf)));
-
-  pos = 0;
-  if (hash_size > 0)
-    {
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.client_write_mac_secret,
-           &key_block[pos], hash_size) < 0)
-        {
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      pos += hash_size;
-
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.server_write_mac_secret,
-           &key_block[pos], hash_size) < 0)
-        {
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      pos += hash_size;
-    }
-
-  if (key_size > 0)
-    {
-      opaque *client_write_key, *server_write_key;
-      int client_write_key_size, server_write_key_size;
-      int free_keys = 0;
-
-      if (export_flag == 0)
-        {
-          client_write_key = &key_block[pos];
-          client_write_key_size = key_size;
-
-          pos += key_size;
-
-          server_write_key = &key_block[pos];
-          server_write_key_size = key_size;
-
-          pos += key_size;
-
-        }
-      else
-        {                       /* export */
-          free_keys = 1;
-
-          client_write_key = MHD_gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
-          if (client_write_key == NULL)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (key_block);
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-          server_write_key = MHD_gnutls_secure_malloc (EXPORT_FINAL_KEY_SIZE);
-          if (server_write_key == NULL)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (key_block);
-              MHD_gnutls_free (client_write_key);
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-          /* generate the final keys */
-
-          if (session->security_parameters.version ==
-              MHD_GNUTLS_PROTOCOL_SSL3)
-            {                   /* SSL 3 */
-              ret =
-                MHD_gnutls_ssl3_hash_md5 (&key_block[pos],
-                                          key_size, rrnd,
-                                          2 * TLS_RANDOM_SIZE,
-                                          EXPORT_FINAL_KEY_SIZE,
-                                          client_write_key);
-
-            }
-          else
-            {                   /* TLS 1.0 */
-              ret =
-                MHD_gtls_PRF (session, &key_block[pos], key_size,
-                              cliwrite, cliwrite_length,
-                              rrnd,
-                              2 * TLS_RANDOM_SIZE,
-                              EXPORT_FINAL_KEY_SIZE, client_write_key);
-            }
-
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (key_block);
-              MHD_gnutls_free (server_write_key);
-              MHD_gnutls_free (client_write_key);
-              return ret;
-            }
-
-          client_write_key_size = EXPORT_FINAL_KEY_SIZE;
-          pos += key_size;
-
-          if (session->security_parameters.version ==
-              MHD_GNUTLS_PROTOCOL_SSL3)
-            {                   /* SSL 3 */
-              ret =
-                MHD_gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
-                                          rnd, 2 * TLS_RANDOM_SIZE,
-                                          EXPORT_FINAL_KEY_SIZE,
-                                          server_write_key);
-            }
-          else
-            {                   /* TLS 1.0 */
-              ret =
-                MHD_gtls_PRF (session, &key_block[pos], key_size,
-                              servwrite, servwrite_length,
-                              rrnd, 2 * TLS_RANDOM_SIZE,
-                              EXPORT_FINAL_KEY_SIZE, server_write_key);
-            }
-
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (key_block);
-              MHD_gnutls_free (server_write_key);
-              MHD_gnutls_free (client_write_key);
-              return ret;
-            }
-
-          server_write_key_size = EXPORT_FINAL_KEY_SIZE;
-          pos += key_size;
-        }
-
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.client_write_key,
-           client_write_key, client_write_key_size) < 0)
-        {
-          MHD_gnutls_free (key_block);
-          MHD_gnutls_free (server_write_key);
-          MHD_gnutls_free (client_write_key);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      MHD__gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
-                            client_write_key_size,
-                            MHD_gtls_bin2hex (client_write_key,
-                                              client_write_key_size, buf,
-                                              sizeof (buf)));
-
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.server_write_key,
-           server_write_key, server_write_key_size) < 0)
-        {
-          MHD_gnutls_free (key_block);
-          MHD_gnutls_free (server_write_key);
-          MHD_gnutls_free (client_write_key);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      MHD__gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
-                            server_write_key_size,
-                            MHD_gtls_bin2hex (server_write_key,
-                                              server_write_key_size, buf,
-                                              sizeof (buf)));
-
-      if (free_keys != 0)
-        {
-          MHD_gnutls_free (server_write_key);
-          MHD_gnutls_free (client_write_key);
-        }
-    }
-
-
-  /* IV generation in export and non export ciphers.
-   */
-  if (IV_size > 0 && export_flag == 0)
-    {
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.client_write_IV, &key_block[pos],
-           IV_size) < 0)
-        {
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      pos += IV_size;
-
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.server_write_IV, &key_block[pos],
-           IV_size) < 0)
-        {
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      pos += IV_size;
-
-    }
-  else if (IV_size > 0 && export_flag != 0)
-    {
-      opaque *iv_block = MHD_gnutls_alloca (IV_size * 2);
-      if (iv_block == NULL)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      if (session->security_parameters.version == MHD_GNUTLS_PROTOCOL_SSL3)
-        {                       /* SSL 3 */
-          ret = MHD_gnutls_ssl3_hash_md5 ("", 0,
-                                          rrnd, TLS_RANDOM_SIZE * 2,
-                                          IV_size, iv_block);
-
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (key_block);
-              MHD_gnutls_afree (iv_block);
-              return ret;
-            }
-
-          ret = MHD_gnutls_ssl3_hash_md5 ("", 0, rnd,
-                                          TLS_RANDOM_SIZE * 2,
-                                          IV_size, &iv_block[IV_size]);
-
-        }
-      else
-        {                       /* TLS 1.0 */
-          ret = MHD_gtls_PRF (session, (const unsigned char *) "", 0,
-                              ivblock, ivblock_length, rrnd,
-                              2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block);
-        }
-
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_afree (iv_block);
-          MHD_gnutls_free (key_block);
-          return ret;
-        }
-
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0)
-        {
-          MHD_gnutls_afree (iv_block);
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      if (MHD__gnutls_sset_datum
-          (&session->cipher_specs.server_write_IV,
-           &iv_block[IV_size], IV_size) < 0)
-        {
-          MHD_gnutls_afree (iv_block);
-          MHD_gnutls_free (key_block);
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      MHD_gnutls_afree (iv_block);
-    }
-
-  MHD_gnutls_free (key_block);
-
-  session->cipher_specs.generated_keys = 1;
-
-  return 0;
-}
-
-int
-MHD__gnutls_set_read_keys (MHD_gtls_session_t session)
-{
-  int hash_size;
-  int IV_size;
-  int key_size, export_flag;
-  enum MHD_GNUTLS_CipherAlgorithm algo;
-  enum MHD_GNUTLS_HashAlgorithm mac_algo;
-
-  mac_algo = session->security_parameters.read_mac_algorithm;
-  algo = session->security_parameters.read_bulk_cipher_algorithm;
-
-  hash_size = MHD_gnutls_hash_get_algo_len (mac_algo);
-  IV_size = MHD_gtls_cipher_get_iv_size (algo);
-  key_size = MHD__gnutls_cipher_get_key_size (algo);
-  export_flag = MHD_gtls_cipher_get_export_flag (algo);
-
-  return MHD__gnutls_set_keys (session, hash_size, IV_size, key_size,
-                               export_flag);
-}
-
-int
-MHD__gnutls_set_write_keys (MHD_gtls_session_t session)
-{
-  int hash_size;
-  int IV_size;
-  int key_size, export_flag;
-  enum MHD_GNUTLS_CipherAlgorithm algo;
-  enum MHD_GNUTLS_HashAlgorithm mac_algo;
-
-  mac_algo = session->security_parameters.write_mac_algorithm;
-  algo = session->security_parameters.write_bulk_cipher_algorithm;
-
-  hash_size = MHD_gnutls_hash_get_algo_len (mac_algo);
-  IV_size = MHD_gtls_cipher_get_iv_size (algo);
-  key_size = MHD__gnutls_cipher_get_key_size (algo);
-  export_flag = MHD_gtls_cipher_get_export_flag (algo);
-
-  return MHD__gnutls_set_keys (session, hash_size, IV_size, key_size,
-                               export_flag);
-}
-
-#define CPY_COMMON dst->entity = src->entity; \
-	dst->kx_algorithm = src->kx_algorithm; \
-	memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \
-	memcpy( dst->master_secret, src->master_secret, TLS_MASTER_SIZE); \
-	memcpy( dst->client_random, src->client_random, TLS_RANDOM_SIZE); \
-	memcpy( dst->server_random, src->server_random, TLS_RANDOM_SIZE); \
-	memcpy( dst->session_id, src->session_id, TLS_MAX_SESSION_ID_SIZE); \
-	dst->session_id_size = src->session_id_size; \
-	dst->cert_type = src->cert_type; \
-	dst->timestamp = src->timestamp; \
-	dst->max_record_recv_size = src->max_record_recv_size; \
-	dst->max_record_send_size = src->max_record_send_size; \
-	dst->version = src->version; \
-	memcpy( &dst->extensions, &src->extensions, sizeof(MHD_gtls_ext_st)); \
-	memcpy( &dst->inner_secret, &src->inner_secret, TLS_MASTER_SIZE);
-
-static void
-MHD__gnutls_cpy_read_security_parameters (MHD_gtls_security_param_st *
-                                          dst,
-                                          MHD_gtls_security_param_st * src)
-{
-  CPY_COMMON;
-
-  dst->read_bulk_cipher_algorithm = src->read_bulk_cipher_algorithm;
-  dst->read_mac_algorithm = src->read_mac_algorithm;
-  dst->read_compression_algorithm = src->read_compression_algorithm;
-}
-
-static void
-MHD__gnutls_cpy_write_security_parameters (MHD_gtls_security_param_st *
-                                           dst,
-                                           MHD_gtls_security_param_st * src)
-{
-  CPY_COMMON;
-
-  dst->write_bulk_cipher_algorithm = src->write_bulk_cipher_algorithm;
-  dst->write_mac_algorithm = src->write_mac_algorithm;
-  dst->write_compression_algorithm = src->write_compression_algorithm;
-}
-
-/* Sets the current connection session to conform with the
- * Security parameters(pending session), and initializes encryption.
- * Actually it initializes and starts encryption ( so it needs
- * secrets and random numbers to have been negotiated)
- * This is to be called after sending the Change Cipher Spec packet.
- */
-int
-MHD_gtls_connection_state_init (MHD_gtls_session_t session)
-{
-  int ret;
-
-/* Setup the master secret
- */
-  if ((ret = MHD_gtls_generate_master (session, 0), 0) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-
-  return 0;
-}
-
-
-/* Initializes the read connection session
- * (read encrypted data)
- */
-int
-MHD_gtls_read_connection_state_init (MHD_gtls_session_t session)
-{
-  int mac_size;
-  int rc;
-
-  MHD__gnutls_uint64zero (session->connection_state.read_sequence_number);
-
-/* Update internals from CipherSuite selected.
- * If we are resuming just copy the connection session
- */
-  if (session->internals.resumed == RESUME_FALSE)
-    {
-      rc = MHD_gtls_set_read_cipher (session,
-                                     MHD_gtls_cipher_suite_get_cipher_algo
-                                     (&session->security_parameters.
-                                      current_cipher_suite));
-      if (rc < 0)
-        return rc;
-      rc = MHD_gtls_set_read_mac (session,
-                                  MHD_gtls_cipher_suite_get_mac_algo
-                                  (&session->security_parameters.
-                                   current_cipher_suite));
-      if (rc < 0)
-        return rc;
-
-      rc = MHD_gtls_set_kx (session,
-                            MHD_gtls_cipher_suite_get_kx_algo
-                            (&session->security_parameters.
-                             current_cipher_suite));
-      if (rc < 0)
-        return rc;
-
-      rc = MHD_gtls_set_read_compression (session,
-                                          session->internals.
-                                          compression_method);
-      if (rc < 0)
-        return rc;
-    }
-  else
-    {                           /* RESUME_TRUE */
-      MHD__gnutls_cpy_read_security_parameters (&session->security_parameters,
-                                                &session->internals.
-                                                resumed_security_parameters);
-    }
-
-
-  rc = MHD__gnutls_set_read_keys (session);
-  if (rc < 0)
-    return rc;
-
-  MHD__gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n",
-                             session,
-                             MHD_gtls_cipher_suite_get_name
-                             (&session->security_parameters.
-                              current_cipher_suite));
-
-  if (MHD_gtls_compression_is_ok
-      (session->security_parameters.read_compression_algorithm) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-    }
-
-  if (MHD_gnutls_mac_is_ok
-      (session->security_parameters.read_mac_algorithm) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* Free all the previous keys/ sessions etc.
-   */
-  if (session->connection_state.read_mac_secret.data != NULL)
-    MHD__gnutls_free_datum (&session->connection_state.read_mac_secret);
-
-  if (session->connection_state.read_cipher_state != NULL)
-    MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state);
-
-  mac_size =
-    MHD_gnutls_hash_get_algo_len (session->security_parameters.
-                                  read_mac_algorithm);
-
-  MHD__gnutls_handshake_log
-    ("HSK[%x]: Initializing internal [read] cipher sessions\n", session);
-
-  switch (session->security_parameters.entity)
-    {
-    case GNUTLS_SERVER:
-      /* initialize cipher session
-       */
-      session->connection_state.read_cipher_state =
-        MHD_gtls_cipher_init (session->security_parameters.
-                              read_bulk_cipher_algorithm,
-                              &session->cipher_specs.client_write_key,
-                              &session->cipher_specs.client_write_IV);
-      if (session->connection_state.read_cipher_state == GNUTLS_CIPHER_FAILED
-          && session->security_parameters.read_bulk_cipher_algorithm !=
-          MHD_GNUTLS_CIPHER_NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      /* copy mac secrets from cipherspecs, to connection
-       * session.
-       */
-      if (mac_size > 0)
-        {
-          if (MHD__gnutls_sset_datum
-              (&session->connection_state.read_mac_secret,
-               session->cipher_specs.client_write_mac_secret.data,
-               session->cipher_specs.client_write_mac_secret.size) < 0)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-        }
-
-      break;
-#if MHD_DEBUG_TLS
-    case GNUTLS_CLIENT:
-      session->connection_state.read_cipher_state =
-        MHD_gtls_cipher_init (session->security_parameters.
-                              read_bulk_cipher_algorithm,
-                              &session->cipher_specs.server_write_key,
-                              &session->cipher_specs.server_write_IV);
-
-      if (session->connection_state.read_cipher_state ==
-          GNUTLS_CIPHER_FAILED
-          && session->security_parameters.read_bulk_cipher_algorithm !=
-          MHD_GNUTLS_CIPHER_NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-
-      /* copy mac secret to connection session
-       */
-      if (mac_size > 0)
-        {
-          if (MHD__gnutls_sset_datum
-              (&session->connection_state.read_mac_secret,
-               session->cipher_specs.server_write_mac_secret.data,
-               session->cipher_specs.server_write_mac_secret.size) < 0)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-        }
-
-      break;
-#endif
-    default:                   /* this check is useless */
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  return 0;
-}
-
-
-
-/* Initializes the write connection session
- * (write encrypted data)
- */
-int
-MHD_gtls_write_connection_state_init (MHD_gtls_session_t session)
-{
-  int mac_size;
-  int rc;
-
-  MHD__gnutls_uint64zero (session->connection_state.write_sequence_number);
-
-/* Update internals from CipherSuite selected.
- * If we are resuming just copy the connection session
- */
-  if (session->internals.resumed == RESUME_FALSE)
-    {
-      rc = MHD_gtls_set_write_cipher (session,
-                                      MHD_gtls_cipher_suite_get_cipher_algo
-                                      (&session->security_parameters.
-                                       current_cipher_suite));
-      if (rc < 0)
-        return rc;
-      rc = MHD_gtls_set_write_mac (session,
-                                   MHD_gtls_cipher_suite_get_mac_algo
-                                   (&session->security_parameters.
-                                    current_cipher_suite));
-      if (rc < 0)
-        return rc;
-
-      rc = MHD_gtls_set_kx (session,
-                            MHD_gtls_cipher_suite_get_kx_algo
-                            (&session->security_parameters.
-                             current_cipher_suite));
-      if (rc < 0)
-        return rc;
-
-      rc = MHD_gtls_set_write_compression (session,
-                                           session->internals.
-                                           compression_method);
-      if (rc < 0)
-        return rc;
-    }
-  else
-    {                           /* RESUME_TRUE */
-      MHD__gnutls_cpy_write_security_parameters
-        (&session->security_parameters,
-         &session->internals.resumed_security_parameters);
-    }
-
-  rc = MHD__gnutls_set_write_keys (session);
-  if (rc < 0)
-    return rc;
-
-  MHD__gnutls_handshake_log ("HSK[%x]: Cipher Suite: %s\n", session,
-                             MHD_gtls_cipher_suite_get_name
-                             (&session->security_parameters.
-                              current_cipher_suite));
-
-  if (MHD_gtls_compression_is_ok
-      (session->security_parameters.write_compression_algorithm) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-    }
-
-  if (MHD_gnutls_mac_is_ok
-      (session->security_parameters.write_mac_algorithm) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-
-  /* Free all the previous keys/ sessions etc.
-   */
-  if (session->connection_state.write_mac_secret.data != NULL)
-    MHD__gnutls_free_datum (&session->connection_state.write_mac_secret);
-
-  if (session->connection_state.write_cipher_state != NULL)
-    MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
-
-  mac_size =
-    MHD_gnutls_hash_get_algo_len (session->security_parameters.
-                                  write_mac_algorithm);
-
-  MHD__gnutls_handshake_log
-    ("HSK[%x]: Initializing internal [write] cipher sessions\n", session);
-
-  switch (session->security_parameters.entity)
-    {
-    case GNUTLS_SERVER:
-      /* initialize cipher session
-       */
-      session->connection_state.write_cipher_state =
-        MHD_gtls_cipher_init (session->security_parameters.
-                              write_bulk_cipher_algorithm,
-                              &session->cipher_specs.server_write_key,
-                              &session->cipher_specs.server_write_IV);
-
-      if (session->connection_state.write_cipher_state ==
-          GNUTLS_CIPHER_FAILED
-          && session->security_parameters.write_bulk_cipher_algorithm !=
-          MHD_GNUTLS_CIPHER_NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-
-      /* copy mac secrets from cipherspecs, to connection
-       * session.
-       */
-      if (mac_size > 0)
-        {
-          if (MHD__gnutls_sset_datum
-              (&session->connection_state.write_mac_secret,
-               session->cipher_specs.server_write_mac_secret.data,
-               session->cipher_specs.server_write_mac_secret.size) < 0)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-        }
-
-
-      break;
-#if MHD_DEBUG_TLS
-    case GNUTLS_CLIENT:
-      session->connection_state.write_cipher_state =
-        MHD_gtls_cipher_init (session->security_parameters.
-                              write_bulk_cipher_algorithm,
-                              &session->cipher_specs.client_write_key,
-                              &session->cipher_specs.client_write_IV);
-
-      if (session->connection_state.write_cipher_state ==
-          GNUTLS_CIPHER_FAILED
-          && session->security_parameters.write_bulk_cipher_algorithm !=
-          MHD_GNUTLS_CIPHER_NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      /* copy mac secret to connection session
-       */
-      if (mac_size > 0)
-        {
-          if (MHD__gnutls_sset_datum
-              (&session->connection_state.write_mac_secret,
-               session->cipher_specs.client_write_mac_secret.data,
-               session->cipher_specs.client_write_mac_secret.size) < 0)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-        }
-
-      break;
-#endif
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-  return 0;
-}
-
-/* Sets the specified cipher into the pending session
- */
-int
-MHD_gtls_set_read_cipher (MHD_gtls_session_t session,
-                          enum MHD_GNUTLS_CipherAlgorithm algo)
-{
-
-  if (MHD_gtls_cipher_is_ok (algo) == 0)
-    {
-      if (MHD_gtls_cipher_priority (session, algo) < 0)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNWANTED_ALGORITHM;
-        }
-
-      session->security_parameters.read_bulk_cipher_algorithm = algo;
-
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  return 0;
-
-}
-
-int
-MHD_gtls_set_write_cipher (MHD_gtls_session_t session,
-                           enum MHD_GNUTLS_CipherAlgorithm algo)
-{
-
-  if (MHD_gtls_cipher_is_ok (algo) == 0)
-    {
-      if (MHD_gtls_cipher_priority (session, algo) < 0)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNWANTED_ALGORITHM;
-        }
-
-      session->security_parameters.write_bulk_cipher_algorithm = algo;
-
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  return 0;
-
-}
-
-
-/* Sets the specified algorithm into pending compression session
- */
-int
-MHD_gtls_set_read_compression (MHD_gtls_session_t session,
-                               enum MHD_GNUTLS_CompressionMethod algo)
-{
-
-  if (MHD_gtls_compression_is_ok (algo) == 0)
-    {
-      session->security_parameters.read_compression_algorithm = algo;
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-    }
-  return 0;
-
-}
-
-int
-MHD_gtls_set_write_compression (MHD_gtls_session_t session,
-                                enum MHD_GNUTLS_CompressionMethod algo)
-{
-
-  if (MHD_gtls_compression_is_ok (algo) == 0)
-    {
-      session->security_parameters.write_compression_algorithm = algo;
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-    }
-  return 0;
-
-}
-
-/* Sets the specified kx algorithm into pending session
- */
-int
-MHD_gtls_set_kx (MHD_gtls_session_t session,
-                 enum MHD_GNUTLS_KeyExchangeAlgorithm algo)
-{
-
-  if (MHD_gtls_kx_is_ok (algo) == 0)
-    {
-      session->security_parameters.kx_algorithm = algo;
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  if (MHD_gtls_kx_priority (session, algo) < 0)
-    {
-      MHD_gnutls_assert ();
-      /* we shouldn't get here */
-      return GNUTLS_E_UNWANTED_ALGORITHM;
-    }
-
-  return 0;
-
-}
-
-/* Sets the specified mac algorithm into pending session */
-int
-MHD_gtls_set_read_mac (MHD_gtls_session_t session,
-                       enum MHD_GNUTLS_HashAlgorithm algo)
-{
-
-  if (MHD_gnutls_mac_is_ok (algo) == 0)
-    {
-      session->security_parameters.read_mac_algorithm = algo;
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  if (MHD_gtls_mac_priority (session, algo) < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNWANTED_ALGORITHM;
-    }
-
-
-  return 0;
-
-}
-
-int
-MHD_gtls_set_write_mac (MHD_gtls_session_t session,
-                        enum MHD_GNUTLS_HashAlgorithm algo)
-{
-
-  if (MHD_gnutls_mac_is_ok (algo) == 0)
-    {
-      session->security_parameters.write_mac_algorithm = algo;
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  if (MHD_gtls_mac_priority (session, algo) < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNWANTED_ALGORITHM;
-    }
-
-
-  return 0;
-
-}

src/daemon/https/tls/gnutls_constate.h

@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD_gtls_connection_state_init (MHD_gtls_session_t session);
-int MHD_gtls_read_connection_state_init (MHD_gtls_session_t session);
-int MHD_gtls_write_connection_state_init (MHD_gtls_session_t session);
-int MHD_gtls_set_write_cipher (MHD_gtls_session_t session,
-                               enum MHD_GNUTLS_CipherAlgorithm algo);
-int MHD_gtls_set_write_mac (MHD_gtls_session_t session,
-                            enum MHD_GNUTLS_HashAlgorithm algo);
-int MHD_gtls_set_read_cipher (MHD_gtls_session_t session,
-                              enum MHD_GNUTLS_CipherAlgorithm algo);
-int MHD_gtls_set_read_mac (MHD_gtls_session_t session,
-                           enum MHD_GNUTLS_HashAlgorithm algo);
-int MHD_gtls_set_read_compression (MHD_gtls_session_t session,
-                                   enum MHD_GNUTLS_CompressionMethod algo);
-int MHD_gtls_set_write_compression (MHD_gtls_session_t session,
-                                    enum MHD_GNUTLS_CompressionMethod algo);
-int MHD_gtls_set_kx (MHD_gtls_session_t session,
-                     enum MHD_GNUTLS_KeyExchangeAlgorithm algo);

src/daemon/https/tls/gnutls_datum.c

@@ -1,82 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* contains functions that make it easier to
- * write vectors of <size|data>. The destination size
- * should be preallocated (datum.size+(bits/8))
- */
-
-#include <gnutls_int.h>
-#include <gnutls_num.h>
-#include <gnutls_datum.h>
-#include <gnutls_errors.h>
-
-
-void
-MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat)
-{
-  MHD_gtls_write_uint16 (dat.size, dest);
-  if (dat.data != NULL)
-    memcpy (&dest[2], dat.data, dat.size);
-}
-
-void
-MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat)
-{
-  MHD_gtls_write_uint24 (dat.size, dest);
-  if (dat.data != NULL)
-    memcpy (&dest[3], dat.data, dat.size);
-}
-
-int
-MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
-                      size_t data_size, MHD_gnutls_alloc_function galloc_func)
-{
-  if (data_size == 0 || data == NULL)
-    {
-      dat->data = NULL;
-      dat->size = 0;
-      return 0;
-    }
-
-  dat->data = galloc_func (data_size);
-  if (dat->data == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  dat->size = data_size;
-  memcpy (dat->data, data, data_size);
-
-  return 0;
-}
-
-void
-MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
-                       MHD_gnutls_free_function gfree_func)
-{
-  if (dat->data != NULL)
-    gfree_func (dat->data);
-
-  dat->data = NULL;
-  dat->size = 0;
-}

src/daemon/https/tls/gnutls_datum.h

@@ -1,38 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-#include "gnutls_int.h"
-
-void MHD_gtls_write_datum16 (opaque * dest, MHD_gnutls_datum_t dat);
-void MHD_gtls_write_datum24 (opaque * dest, MHD_gnutls_datum_t dat);
-
-int MHD_gtls_set_datum_m (MHD_gnutls_datum_t * dat, const void *data,
-                          size_t data_size, MHD_gnutls_alloc_function);
-#define MHD__gnutls_set_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_malloc)
-#define MHD__gnutls_sset_datum( x, y, z) MHD_gtls_set_datum_m(x,y,z, MHD_gnutls_secure_malloc)
-
-#define MHD__gnutls_datum_append(x,y,z) MHD_gtls_datum_append_m(x,y,z, MHD_gnutls_realloc)
-
-void MHD_gtls_free_datum_m (MHD_gnutls_datum_t * dat,
-                            MHD_gnutls_free_function);
-#define MHD__gnutls_free_datum(x) MHD_gtls_free_datum_m(x, MHD_gnutls_free)

src/daemon/https/tls/gnutls_dh.c

@@ -1,162 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-
-
-/*
-	--Example--
-	you: X = g ^ x mod p;
-	peer:Y = g ^ y mod p;
-
-	your_key = Y ^ x mod p;
-	his_key  = X ^ y mod p;
-
-//      generate our secret and the public value (X) for it
-	X = MHD_gtls_calc_dh_secret(&x, g, p);
-//      now we can calculate the shared secret
-	key = MHD_gtls_calc_dh_key(Y, x, g, p);
-	MHD_gtls_mpi_release(x);
-	MHD_gtls_mpi_release(g);
-*/
-
-#define MAX_BITS 18000
-
-/* returns the public value (X), and the secret (ret_x).
- */
-mpi_t
-MHD_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime)
-{
-  mpi_t e, x;
-  int x_size = MHD__gnutls_mpi_get_nbits (prime) - 1;
-  /* The size of the secret key is less than
-   * prime/2
-   */
-
-  if (x_size > MAX_BITS || x_size <= 0)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-
-  x = MHD__gnutls_mpi_new (x_size);
-  if (x == NULL)
-    {
-      MHD_gnutls_assert ();
-      if (ret_x)
-        *ret_x = NULL;
-
-      return NULL;
-    }
-
-  /* FIXME: (x_size/8)*8 is there to overcome a bug in libgcrypt
-   * which does not really check the bits given but the bytes.
-   */
-  do
-    {
-      MHD__gnutls_mpi_randomize (x, (x_size / 8) * 8, GCRY_STRONG_RANDOM);
-      /* Check whether x is zero.
-       */
-    }
-  while (MHD__gnutls_mpi_cmp_ui (x, 0) == 0);
-
-  e = MHD__gnutls_mpi_alloc_like (prime);
-  if (e == NULL)
-    {
-      MHD_gnutls_assert ();
-      if (ret_x)
-        *ret_x = NULL;
-
-      MHD_gtls_mpi_release (&x);
-      return NULL;
-    }
-
-  MHD__gnutls_mpi_powm (e, g, x, prime);
-
-  if (ret_x)
-    *ret_x = x;
-  else
-    MHD_gtls_mpi_release (&x);
-  return e;
-}
-
-
-mpi_t
-MHD_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime)
-{
-  mpi_t k;
-  int bits;
-
-  bits = MHD__gnutls_mpi_get_nbits (prime);
-  if (bits <= 0 || bits > MAX_BITS)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-
-  k = MHD__gnutls_mpi_alloc_like (prime);
-  if (k == NULL)
-    return NULL;
-  MHD__gnutls_mpi_powm (k, f, x, prime);
-  return k;
-}
-
-/*-
-  * MHD_gtls_get_dh_params - Returns the DH parameters pointer
-  * @dh_params: is an DH parameters structure, or NULL.
-  * @func: is a callback function to receive the parameters or NULL.
-  * @session: a gnutls session.
-  *
-  * This function will return the dh parameters pointer.
-  *
-  -*/
-MHD_gtls_dh_params_t
-MHD_gtls_get_dh_params (MHD_gtls_dh_params_t dh_params,
-                        MHD_gnutls_params_function * func,
-                        MHD_gtls_session_t session)
-{
-  MHD_gnutls_params_st params;
-  int ret;
-
-  /* if cached return the cached */
-  if (session->internals.params.dh_params)
-    return session->internals.params.dh_params;
-
-  if (dh_params)
-    {
-      session->internals.params.dh_params = dh_params;
-    }
-  else if (func)
-    {
-      ret = func (session, GNUTLS_PARAMS_DH, &params);
-      if (ret == 0 && params.type == GNUTLS_PARAMS_DH)
-        {
-          session->internals.params.dh_params = params.params.dh;
-          session->internals.params.free_dh_params = params.deinit;
-        }
-    }
-
-  return session->internals.params.dh_params;
-}

src/daemon/https/tls/gnutls_dh.h

@@ -1,38 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_DH_H
-# define GNUTLS_DH_H
-
-const mpi_t *MHD_gtls_dh_params_to_mpi (MHD_gtls_dh_params_t);
-mpi_t MHD_gtls_calc_dh_secret (mpi_t * ret_x, mpi_t g, mpi_t prime);
-mpi_t MHD_gtls_calc_dh_key (mpi_t f, mpi_t x, mpi_t prime);
-int MHD_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned bits);
-
-MHD_gtls_dh_params_t
-MHD_gtls_get_dh_params (MHD_gtls_dh_params_t dh_params,
-                        MHD_gnutls_params_function * func,
-                        MHD_gtls_session_t session);
-
-#endif

src/daemon/https/tls/gnutls_dh_primes.c

@@ -1,214 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_datum.h>
-#include <x509_b64.h>           /* for PKCS3 PEM decoding */
-#include <gnutls_global.h>
-#include <gnutls_dh.h>
-#include "debug.h"
-/* x509 */
-#include "mpi.h"
-
-
-/* returns the prime and the generator of DH params.
- */
-const mpi_t *
-MHD_gtls_dh_params_to_mpi (MHD_gtls_dh_params_t dh_primes)
-{
-  if (dh_primes == NULL || dh_primes->params[1] == NULL
-      || dh_primes->params[0] == NULL)
-    {
-      return NULL;
-    }
-
-  return dh_primes->params;
-}
-
-int
-MHD_gtls_dh_generate_prime (mpi_t * ret_g, mpi_t * ret_n, unsigned int bits)
-{
-  mpi_t g = NULL, prime = NULL;
-  gcry_error_t err;
-  int result, times = 0, qbits;
-  mpi_t *factors = NULL;
-
-  /* Calculate the size of a prime factor of (prime-1)/2.
-   * This is an emulation of the values in "Selecting Cryptographic Key Sizes" paper.
-   */
-  if (bits < 256)
-    qbits = bits / 2;
-  else
-    {
-      qbits = (bits / 40) + 105;
-    }
-
-  if (qbits & 1)                /* better have an even number */
-    qbits++;
-
-  /* find a prime number of size bits.
-   */
-  do
-    {
-
-      if (times)
-        {
-          MHD_gtls_mpi_release (&prime);
-          gcry_prime_release_factors (factors);
-        }
-
-      err = gcry_prime_generate (&prime, bits, qbits, &factors, NULL, NULL,
-                                 GCRY_STRONG_RANDOM,
-                                 GCRY_PRIME_FLAG_SPECIAL_FACTOR);
-
-      if (err != 0)
-        {
-          MHD_gnutls_assert ();
-          result = GNUTLS_E_INTERNAL_ERROR;
-          goto cleanup;
-        }
-
-      err = gcry_prime_check (prime, 0);
-
-      times++;
-    }
-  while (err != 0 && times < 10);
-
-  if (err != 0)
-    {
-      MHD_gnutls_assert ();
-      result = GNUTLS_E_INTERNAL_ERROR;
-      goto cleanup;
-    }
-
-  /* generate the group generator.
-   */
-  err = gcry_prime_group_generator (&g, prime, factors, NULL);
-  if (err != 0)
-    {
-      MHD_gnutls_assert ();
-      result = GNUTLS_E_INTERNAL_ERROR;
-      goto cleanup;
-    }
-
-  gcry_prime_release_factors (factors);
-  factors = NULL;
-
-  if (ret_g)
-    *ret_g = g;
-  else
-    MHD_gtls_mpi_release (&g);
-  if (ret_n)
-    *ret_n = prime;
-  else
-    MHD_gtls_mpi_release (&prime);
-
-  return 0;
-
-cleanup:gcry_prime_release_factors (factors);
-  MHD_gtls_mpi_release (&g);
-  MHD_gtls_mpi_release (&prime);
-
-  return result;
-
-}
-
-/* Replaces the prime in the static DH parameters, with a randomly
- * generated one.
- */
-/**
- * MHD__gnutls_dh_params_init - This function will initialize the DH parameters
- * @dh_params: Is a structure that will hold the prime numbers
- *
- * This function will initialize the DH parameters structure.
- *
- **/
-int
-MHD__gnutls_dh_params_init (MHD_gtls_dh_params_t * dh_params)
-{
-
-  (*dh_params) = MHD_gnutls_calloc (1, sizeof (MHD_gtls_dh_params_st));
-  if (*dh_params == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  return 0;
-
-}
-
-/**
- * MHD__gnutls_dh_params_deinit - This function will deinitialize the DH parameters
- * @dh_params: Is a structure that holds the prime numbers
- *
- * This function will deinitialize the DH parameters structure.
- *
- **/
-void
-MHD__gnutls_dh_params_deinit (MHD_gtls_dh_params_t dh_params)
-{
-  if (dh_params == NULL)
-    return;
-
-  MHD_gtls_mpi_release (&dh_params->params[0]);
-  MHD_gtls_mpi_release (&dh_params->params[1]);
-
-  MHD_gnutls_free (dh_params);
-
-}
-
-/**
- * MHD__gnutls_dh_params_generate2 - This function will generate new DH parameters
- * @params: Is the structure that the DH parameters will be stored
- * @bits: is the prime's number of bits
- *
- * This function will generate a new pair of prime and generator for use in
- * the Diffie-Hellman key exchange. The new parameters will be allocated using
- * MHD_gnutls_malloc() and will be stored in the appropriate datum.
- * This function is normally slow.
- *
- * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
- * Also note that the DH parameters are only useful to servers.
- * Since clients use the parameters sent by the server, it's of
- * no use to call this in client side.
- *
- **/
-int
-MHD__gnutls_dh_params_generate2 (MHD_gtls_dh_params_t params,
-                                 unsigned int bits)
-{
-  int ret;
-
-  ret =
-    MHD_gtls_dh_generate_prime (&params->params[1], &params->params[0], bits);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}

src/daemon/https/tls/gnutls_errors.c

@@ -1,404 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include "gnutls_errors.h"
-#include <libtasn1.h>
-#ifdef STDC_HEADERS
-# include <stdarg.h>
-#endif
-
-/* I18n of error codes. */
-#define _(String) (String)
-#define N_(String) (String)
-
-extern LOG_FUNC MHD__gnutls_log_func;
-
-#define ERROR_ENTRY(desc, name, fatal) \
-	{ desc, #name, name, fatal}
-
-struct MHD_gnutls_error_entry
-{
-  const char *desc;
-  const char *_name;
-  int number;
-  int fatal;
-};
-typedef struct MHD_gnutls_error_entry MHD_gnutls_error_entry;
-
-static const MHD_gnutls_error_entry MHD_gtls_error_algorithms[] = {
-  /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
-  ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
-  ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
-               GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
-  ERROR_ENTRY (N_("The cipher type is unsupported."),
-               GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
-  ERROR_ENTRY (N_("The certificate and the given key do not match."),
-               GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
-  ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
-               GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
-  ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
-               GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
-
-  ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
-               GNUTLS_E_UNWANTED_ALGORITHM, 1),
-  ERROR_ENTRY (N_("A large TLS record packet was received."),
-               GNUTLS_E_LARGE_PACKET, 1),
-  ERROR_ENTRY (N_("A record packet with illegal version was received."),
-               GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
-  ERROR_ENTRY (N_
-               ("The Diffie Hellman prime sent by the server is not acceptable (not long enough)."),
-               GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
-  ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
-               GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
-  ERROR_ENTRY (N_
-               ("The specified session has been invalidated for some reason."),
-               GNUTLS_E_INVALID_SESSION, 1),
-
-  ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
-  ERROR_ENTRY (N_("An illegal TLS extension was received."),
-               GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
-  ERROR_ENTRY (N_("A TLS fatal alert has been received."),
-               GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
-  ERROR_ENTRY (N_("An unexpected TLS packet was received."),
-               GNUTLS_E_UNEXPECTED_PACKET, 1),
-  ERROR_ENTRY (N_("A TLS warning alert has been received."),
-               GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
-  ERROR_ENTRY (N_
-               ("An error was encountered at the TLS Finished packet calculation."),
-               GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
-  ERROR_ENTRY (N_("The peer did not send any certificate."),
-               GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
-
-  ERROR_ENTRY (N_("No temporary RSA parameters were found."),
-               GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
-  ERROR_ENTRY (N_("No temporary DH parameters were found."),
-               GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
-  ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
-               GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
-  ERROR_ENTRY (N_("The scanning of a large integer has failed."),
-               GNUTLS_E_MPI_SCAN_FAILED, 1),
-  ERROR_ENTRY (N_("Could not export a large integer."),
-               GNUTLS_E_MPI_PRINT_FAILED, 1),
-  ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
-  ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
-  ERROR_ENTRY (N_("Public key decryption has failed."),
-               GNUTLS_E_PK_DECRYPTION_FAILED, 1),
-  ERROR_ENTRY (N_("Public key encryption has failed."),
-               GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
-  ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
-               1),
-  ERROR_ENTRY (N_("Public key signature verification has failed."),
-               GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
-  ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
-               GNUTLS_E_DECOMPRESSION_FAILED, 1),
-  ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
-               GNUTLS_E_COMPRESSION_FAILED, 1),
-
-  ERROR_ENTRY (N_("Internal error in memory allocation."),
-               GNUTLS_E_MEMORY_ERROR, 1),
-  ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
-               GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
-  ERROR_ENTRY (N_("Insufficient credentials for that request."),
-               GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
-  ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
-  ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
-               1),
-  ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
-  ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
-  ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
-               1),
-  ERROR_ENTRY (N_("Base64 unexpected header error."),
-               GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
-               1),
-  ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
-               1),
-  ERROR_ENTRY (N_("Parsing error in password file."),
-               GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
-  ERROR_ENTRY (N_("The requested data were not available."),
-               GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0),
-  ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
-  ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
-  ERROR_ENTRY (N_
-               ("The upper limit of record packet sequence numbers has been reached. Wow!"),
-               GNUTLS_E_RECORD_LIMIT_REACHED, 1),
-  ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
-               1),
-  ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
-               GNUTLS_E_X509_UNKNOWN_SAN, 1),
-
-  ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
-               GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
-  ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
-               GNUTLS_E_KEY_USAGE_VIOLATION, 1),
-  ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_AGAIN, 0),
-  ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
-  ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
-               GNUTLS_E_REHANDSHAKE, 0),
-  ERROR_ENTRY (N_
-               ("TLS Application data were received, while expecting handshake data."),
-               GNUTLS_E_GOT_APPLICATION_DATA, 1),
-  ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
-  ERROR_ENTRY (N_("The certificate type is not supported."),
-               GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
-  ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
-               GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
-  ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
-  ERROR_ENTRY (N_("An illegal parameter has been received."),
-               GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
-  ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
-
-  ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
-               GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
-               GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
-               GNUTLS_E_ASN1_DER_ERROR, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
-               GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
-               GNUTLS_E_ASN1_GENERIC_ERROR, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
-               GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
-  ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
-               GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
-               GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
-  ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
-               1),
-  ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
-               GNUTLS_E_ASN1_DER_OVERFLOW, 1),
-
-  ERROR_ENTRY (N_("Too many empty record packets have been received."),
-               GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
-  ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
-               GNUTLS_E_INIT_LIBEXTRA, 1),
-  ERROR_ENTRY (N_
-               ("The GnuTLS library version does not match the GnuTLS-extra library version."),
-               GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
-  ERROR_ENTRY (N_("The gcrypt library version is too old."),
-               GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
-
-  ERROR_ENTRY (N_("The tasn1 library version is too old."),
-               GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
-
-  ERROR_ENTRY (N_("The initialization of LZO has failed."),
-               GNUTLS_E_LZO_INIT_FAILED, 1),
-  ERROR_ENTRY (N_("No supported compression algorithms have been found."),
-               GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
-  ERROR_ENTRY (N_("No supported cipher suites have been found."),
-               GNUTLS_E_NO_CIPHER_SUITES, 1),
-  ERROR_ENTRY (N_("The SRP username supplied is illegal."),
-               GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
-
-  ERROR_ENTRY (N_("The certificate has unsupported attributes."),
-               GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
-  ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
-               1),
-  ERROR_ENTRY (N_("The hash algorithm is unknown."),
-               GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
-  ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
-               GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
-  ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
-               GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
-  ERROR_ENTRY (N_("The given password contains invalid characters."),
-               GNUTLS_E_INVALID_PASSWORD, 1),
-  ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
-               GNUTLS_E_MAC_VERIFY_FAILED, 1),
-  ERROR_ENTRY (N_("Some constraint limits were reached."),
-               GNUTLS_E_CONSTRAINT_ERROR, 1),
-  ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
-               1),
-
-  ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
-               GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
-  ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
-               GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
-  ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
-               GNUTLS_E_IA_VERIFY_FAILED, 1),
-
-  ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
-               GNUTLS_E_UNKNOWN_ALGORITHM, 1),
-
-  {NULL, NULL, 0, 0}
-};
-
-#define GNUTLS_ERROR_LOOP(b) \
-        const MHD_gnutls_error_entry *p; \
-                for(p = MHD_gtls_error_algorithms; p->desc != NULL; p++) { b ; }
-
-#define GNUTLS_ERROR_ALG_LOOP(a) \
-                        GNUTLS_ERROR_LOOP( if(p->number == error) { a; break; } )
-
-
-
-/**
-  * MHD_gtls_error_is_fatal - Returns non-zero in case of a fatal error
-  * @error: is an error returned by a gnutls function. Error should be a negative value.
-  *
-  * If a function returns a negative value you may feed that value
-  * to this function to see if it is fatal. Returns 1 for a fatal
-  * error 0 otherwise. However you may want to check the
-  * error code manually, since some non-fatal errors to the protocol
-  * may be fatal for you (your program).
-  *
-  * This is only useful if you are dealing with errors from the
-  * record layer or the handshake layer.
-  *
-  * For positive @error values, 0 is returned.
-  *
-  **/
-int
-MHD_gtls_error_is_fatal (int error)
-{
-  int ret = 1;
-
-  /* Input sanitzation.  Positive values are not errors at all, and
-     definitely not fatal. */
-  if (error > 0)
-    return 0;
-
-  GNUTLS_ERROR_ALG_LOOP (ret = p->fatal);
-
-  return ret;
-}
-
-/**
-  * MHD_gtls_perror - prints a string to stderr with a description of an error
-  * @error: is an error returned by a gnutls function. Error is always a negative value.
-  *
-  * This function is like perror(). The only difference is that it accepts an
-  * error number returned by a gnutls function.
-  **/
-void
-MHD_gtls_perror (int error)
-{
-  const char *ret = NULL;
-
-  /* avoid prefix */
-  GNUTLS_ERROR_ALG_LOOP (ret = p->desc);
-  if (ret == NULL)
-    ret = "(unknown)";
-  fprintf (stderr, "GNUTLS ERROR: %s\n", _(ret));
-}
-
-
-/**
-  * MHD_gtls_strerror - Returns a string with a description of an error
-  * @error: is an error returned by a gnutls function. Error is always a negative value.
-  *
-  * This function is similar to strerror(). Differences: it accepts an error
-  * number returned by a gnutls function; In case of an unknown error
-  * a descriptive string is sent instead of NULL.
-  **/
-const char *
-MHD_gtls_strerror (int error)
-{
-  const char *ret = NULL;
-
-  /* avoid prefix */
-  GNUTLS_ERROR_ALG_LOOP (ret = p->desc);
-  if (ret == NULL)
-    return "(unknown error code)";
-  return _(ret);
-}
-
-/* This will print the actual define of the
- * given error code.
- */
-const char *
-MHD__gnutls_strerror (int error)
-{
-  const char *ret = NULL;
-
-  /* avoid prefix */
-  GNUTLS_ERROR_ALG_LOOP (ret = p->_name);
-
-  return _(ret);
-}
-
-int
-MHD_gtls_asn2err (int asn_err)
-{
-  switch (asn_err)
-    {
-    case ASN1_FILE_NOT_FOUND:
-      return GNUTLS_E_FILE_ERROR;
-    case ASN1_ELEMENT_NOT_FOUND:
-      return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
-    case ASN1_IDENTIFIER_NOT_FOUND:
-      return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
-    case ASN1_DER_ERROR:
-      return GNUTLS_E_ASN1_DER_ERROR;
-    case ASN1_VALUE_NOT_FOUND:
-      return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
-    case ASN1_GENERIC_ERROR:
-      return GNUTLS_E_ASN1_GENERIC_ERROR;
-    case ASN1_VALUE_NOT_VALID:
-      return GNUTLS_E_ASN1_VALUE_NOT_VALID;
-    case ASN1_TAG_ERROR:
-      return GNUTLS_E_ASN1_TAG_ERROR;
-    case ASN1_TAG_IMPLICIT:
-      return GNUTLS_E_ASN1_TAG_IMPLICIT;
-    case ASN1_ERROR_TYPE_ANY:
-      return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
-    case ASN1_SYNTAX_ERROR:
-      return GNUTLS_E_ASN1_SYNTAX_ERROR;
-    case ASN1_MEM_ERROR:
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    case ASN1_MEM_ALLOC_ERROR:
-      return GNUTLS_E_MEMORY_ERROR;
-    case ASN1_DER_OVERFLOW:
-      return GNUTLS_E_ASN1_DER_OVERFLOW;
-    default:
-      return GNUTLS_E_ASN1_GENERIC_ERROR;
-    }
-}
-
-
-/* this function will output a message using the
- * caller provided function
- */
-void
-MHD_gtls_log (int level, const char *fmt, ...)
-{
-  va_list args;
-  char str[MAX_LOG_SIZE];
-  void (*log_func) (int, const char *) = MHD__gnutls_log_func;
-
-  if (MHD__gnutls_log_func == NULL)
-    return;
-
-  va_start (args, fmt);
-  vsnprintf (str, MAX_LOG_SIZE - 1, fmt, args); /* Flawfinder: ignore */
-  va_end (args);
-
-  log_func (level, str);
-}
-
-void
-MHD__gnutls_null_log (void *n, ...)
-{
-}

src/daemon/https/tls/gnutls_errors.h

@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <defines.h>
-
-#define GNUTLS_E_INT_RET_0 -1251
-
-#ifdef __FILE__
-# ifdef __LINE__
-#  define MHD_gnutls_assert() MHD__gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__);
-# else
-#  define MHD_gnutls_assert()
-# endif
-#else /* __FILE__ not defined */
-# define MHD_gnutls_assert()
-#endif
-
-int MHD_gtls_asn2err (int asn_err);
-void MHD_gtls_log (int, const char *fmt, ...);
-
-extern int MHD__gnutls_log_level;
-
-#ifdef C99_MACROS
-#define LEVEL(l, ...) if (MHD__gnutls_log_level >= l || MHD__gnutls_log_level > 9) \
-	MHD_gtls_log( l, __VA_ARGS__)
-
-#define LEVEL_EQ(l, ...) if (MHD__gnutls_log_level == l || MHD__gnutls_log_level > 9) \
-	MHD_gtls_log( l, __VA_ARGS__)
-
-# define MHD__gnutls_debug_log(...) LEVEL(2, __VA_ARGS__)
-# define MHD__gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__)
-# define MHD__gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
-# define MHD__gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
-# define MHD__gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
-# define MHD__gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
-# define MHD__gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
-# define MHD__gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
-#else
-# define MHD__gnutls_debug_log MHD__gnutls_null_log
-# define MHD__gnutls_handshake_log MHD__gnutls_null_log
-# define MHD__gnutls_buffers_log MHD__gnutls_null_log
-# define MHD__gnutls_hard_log MHD__gnutls_null_log
-# define MHD__gnutls_record_log MHD__gnutls_null_log
-# define MHD__gnutls_read_log MHD__gnutls_null_log
-# define MHD__gnutls_write_log MHD__gnutls_null_log
-# define MHD__gnutls_x509_log MHD__gnutls_null_log
-
-void MHD__gnutls_null_log (void *, ...);
-
-#endif /* C99_MACROS */

src/daemon/https/tls/gnutls_extensions.c

@@ -1,301 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions that relate to the TLS hello extension parsing.
- * Hello extensions are packets appended in the TLS hello packet, and
- * allow for extra functionality.
- */
-
-#include "MHD_config.h"
-#include "gnutls_int.h"
-#include "gnutls_extensions.h"
-#include "gnutls_errors.h"
-#include "ext_max_record.h"
-#include <ext_cert_type.h>
-#include <ext_server_name.h>
-#include <gnutls_num.h>
-
-/* Key Exchange Section */
-#define GNUTLS_EXTENSION_ENTRY(type, parse_type, ext_func_recv, ext_func_send) \
-	{ #type, type, parse_type, ext_func_recv, ext_func_send }
-
-
-#define MAX_EXT_SIZE 10
-const int MHD_gtls_extensions_size = MAX_EXT_SIZE;
-
-MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = {
-  GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_MAX_RECORD_SIZE,
-                          EXTENSION_TLS,
-                          MHD_gtls_max_record_recv_params,
-                          MHD_gtls_max_record_send_params),
-  GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_CERT_TYPE,
-                          EXTENSION_TLS,
-                          MHD_gtls_cert_type_recv_params,
-                          MHD_gtls_cert_type_send_params),
-  GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_SERVER_NAME,
-                          EXTENSION_APPLICATION,
-                          MHD_gtls_server_name_recv_params,
-                          MHD_gtls_server_name_send_params),
-  {0, 0, 0, 0}
-};
-
-#define GNUTLS_EXTENSION_LOOP2(b) \
-        MHD_gtls_extension_entry *p; \
-                for(p = MHD_gtls_extensions; p->name != NULL; p++) { b ; }
-
-#define GNUTLS_EXTENSION_LOOP(a) \
-                        GNUTLS_EXTENSION_LOOP2( if(p->type == type) { a; break; } )
-
-
-/* EXTENSION functions */
-
-MHD_gtls_ext_recv_func
-MHD_gtls_ext_func_recv (uint16_t type, MHD_gtls_ext_parse_type_t parse_type)
-{
-  MHD_gtls_ext_recv_func ret = NULL;
-  GNUTLS_EXTENSION_LOOP (if
-                         (parse_type == EXTENSION_ANY
-                          || p->parse_type == parse_type) ret =
-                         p->MHD_gnutls_ext_func_recv);
-  return ret;
-
-}
-
-MHD_gtls_ext_send_func
-MHD_gtls_ext_func_send (uint16_t type)
-{
-  MHD_gtls_ext_send_func ret = NULL;
-  GNUTLS_EXTENSION_LOOP (ret = p->MHD_gnutls_ext_func_send);
-  return ret;
-
-}
-
-const char *
-MHD_gtls_extension_get_name (uint16_t type)
-{
-  const char *ret = NULL;
-
-  /* avoid prefix */
-  GNUTLS_EXTENSION_LOOP (ret = p->name + sizeof ("GNUTLS_EXTENSION_") - 1);
-
-  return ret;
-}
-
-/* Checks if the extension we just received is one of the
- * requested ones. Otherwise it's a fatal error.
- */
-static int
-MHD__gnutls_extension_list_check (MHD_gtls_session_t session, uint16_t type)
-{
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      int i;
-      for (i = 0; i < session->internals.extensions_sent_size; i++)
-        {
-          if (type == session->internals.extensions_sent[i])
-            return 0;           /* ok found */
-        }
-      return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
-    }
-#endif
-  return 0;
-}
-
-int
-MHD_gtls_parse_extensions (MHD_gtls_session_t session,
-                           MHD_gtls_ext_parse_type_t parse_type,
-                           const opaque * data, int data_size)
-{
-  int next, ret;
-  int pos = 0;
-  uint16_t type;
-  const opaque *sdata;
-  MHD_gtls_ext_recv_func ext_recv;
-  uint16_t size;
-
-#if MHD_DEBUG_TLS
-  int i;
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    for (i = 0; i < session->internals.extensions_sent_size; i++)
-      {
-        MHD__gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n",
-                               session,
-                               MHD_gtls_extension_get_name
-                               (session->internals.extensions_sent[i]));
-      }
-#endif
-
-  DECR_LENGTH_RET (data_size, 2, 0);
-  next = MHD_gtls_read_uint16 (data);
-  pos += 2;
-
-  DECR_LENGTH_RET (data_size, next, 0);
-
-  do
-    {
-      DECR_LENGTH_RET (next, 2, 0);
-      type = MHD_gtls_read_uint16 (&data[pos]);
-      pos += 2;
-
-      MHD__gnutls_debug_log ("EXT[%x]: Received extension '%s/%d'\n", session,
-                             MHD_gtls_extension_get_name (type), type);
-
-      if ((ret = MHD__gnutls_extension_list_check (session, type)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      DECR_LENGTH_RET (next, 2, 0);
-      size = MHD_gtls_read_uint16 (&data[pos]);
-      pos += 2;
-
-      DECR_LENGTH_RET (next, size, 0);
-      sdata = &data[pos];
-      pos += size;
-
-      ext_recv = MHD_gtls_ext_func_recv (type, parse_type);
-      if (ext_recv == NULL)
-        continue;
-      if ((ret = ext_recv (session, sdata, size)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    }
-  while (next > 2);
-
-  return 0;
-
-}
-
-/* Adds the extension we want to send in the extensions list.
- * This list is used to check whether the (later) received
- * extensions are the ones we requested.
- */
-static void
-MHD__gnutls_extension_list_add (MHD_gtls_session_t session, uint16_t type)
-{
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      if (session->internals.extensions_sent_size < MAX_EXT_TYPES)
-        {
-          session->internals.extensions_sent[session->internals.
-                                             extensions_sent_size] = type;
-          session->internals.extensions_sent_size++;
-        }
-      else
-        {
-          MHD__gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n");
-        }
-    }
-#endif
-}
-
-int
-MHD_gtls_gen_extensions (MHD_gtls_session_t session, opaque * data,
-                         size_t data_size)
-{
-  int size;
-  uint16_t pos = 0;
-  opaque *sdata;
-  int sdata_size;
-  MHD_gtls_ext_send_func ext_send;
-  MHD_gtls_extension_entry *p;
-
-  if (data_size < 2)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* allocate enough data for each extension.
-   */
-  sdata_size = data_size;
-  sdata = MHD_gnutls_malloc (sdata_size);
-  if (sdata == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  pos += 2;
-  for (p = MHD_gtls_extensions; p->name != NULL; p++)
-    {
-      ext_send = MHD_gtls_ext_func_send (p->type);
-      if (ext_send == NULL)
-        continue;
-      size = ext_send (session, sdata, sdata_size);
-      if (size > 0)
-        {
-          if (data_size < pos + (size_t) size + 4)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (sdata);
-              return GNUTLS_E_INTERNAL_ERROR;
-            }
-
-          /* write extension type */
-          MHD_gtls_write_uint16 (p->type, &data[pos]);
-          pos += 2;
-
-          /* write size */
-          MHD_gtls_write_uint16 (size, &data[pos]);
-          pos += 2;
-
-          memcpy (&data[pos], sdata, size);
-          pos += size;
-
-          /* add this extension to the extension list
-           */
-          MHD__gnutls_extension_list_add (session, p->type);
-
-          MHD__gnutls_debug_log ("EXT[%x]: Sending extension %s\n", session,
-                                 MHD_gtls_extension_get_name (p->type));
-        }
-      else if (size < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (sdata);
-          return size;
-        }
-    }
-
-  size = pos;
-  pos -= 2;                     /* remove the size of the size header! */
-
-  MHD_gtls_write_uint16 (pos, data);
-
-  if (size == 2)
-    {                           /* empty */
-      size = 0;
-    }
-
-  MHD_gnutls_free (sdata);
-  return size;
-
-}

src/daemon/https/tls/gnutls_extensions.h

@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-
-const char *MHD_gtls_extension_get_name (uint16_t type);
-int MHD_gtls_parse_extensions (MHD_gtls_session_t, MHD_gtls_ext_parse_type_t,
-                               const opaque *, int);
-int MHD_gtls_gen_extensions (MHD_gtls_session_t session, opaque * data,
-                             size_t data_size);
-
-typedef int (*MHD_gtls_ext_recv_func) (MHD_gtls_session_t, const opaque *, size_t);     /* recv data */
-typedef int (*MHD_gtls_ext_send_func) (MHD_gtls_session_t, opaque *, size_t);   /* send data */
-
-MHD_gtls_ext_send_func MHD_gtls_ext_func_send (uint16_t type);
-MHD_gtls_ext_recv_func MHD_gtls_ext_func_recv (uint16_t type,
-                                               MHD_gtls_ext_parse_type_t);
-
-typedef struct
-{
-  const char *name;
-  uint16_t type;
-  MHD_gtls_ext_parse_type_t parse_type;
-  MHD_gtls_ext_recv_func MHD_gnutls_ext_func_recv;
-  MHD_gtls_ext_send_func MHD_gnutls_ext_func_send;
-} MHD_gtls_extension_entry;

src/daemon/https/tls/gnutls_global.c

@@ -1,298 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <libtasn1.h>
-#include <gnutls_dh.h>
-
-/* this is used in order to make the multi-threaded initialization call to libgcrypt */
-#include <pthread.h>
-#include <gcrypt.h>
-
-/* used to set the MHD_tls logging function */
-#include "internal.h"
-
-/* TODO fix :  needed by GCRY_THREAD_OPTION_PTHREAD_IMPL but missing otherwise */
-#define ENOMEM    12            /* Out of memory */
-
-#ifdef HAVE_WINSOCK
-# include <winsock2.h>
-#endif
-
-
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
-
-#define MHD_gnutls_log_func LOG_FUNC
-
-/* created by asn1c */
-extern const ASN1_ARRAY_TYPE MHD_gnutlsMHD__asn1_tab[];
-extern const ASN1_ARRAY_TYPE MHD_pkix_asn1_tab[];
-
-LOG_FUNC MHD__gnutls_log_func;
-int MHD__gnutls_log_level = 0;  /* default log level */
-
-ASN1_TYPE MHD__gnutls_pkix1_asn;
-ASN1_TYPE MHD__gnutlsMHD__gnutls_asn;
-
-/**
- * MHD_gtls_global_set_log_function - This function sets the logging function
- * @log_func: it's a log function
- *
- * This is the function where you set the logging function gnutls
- * is going to use. This function only accepts a character array.
- * Normally you may not use this function since it is only used
- * for debugging purposes.
- *
- * MHD_gnutls_log_func is of the form,
- * void (*MHD_gnutls_log_func)( int level, const char*);
- **/
-void
-MHD_gtls_global_set_log_function (MHD_gnutls_log_func log_func)
-{
-  MHD__gnutls_log_func = log_func;
-}
-
-/**
- * MHD_gtls_global_set_log_level - This function sets the logging level
- * @level: it's an integer from 0 to 9.
- *
- * This is the function that allows you to set the log level.
- * The level is an integer between 0 and 9. Higher values mean
- * more verbosity. The default value is 0. Larger values should
- * only be used with care, since they may reveal sensitive information.
- *
- * Use a log level over 10 to enable all debugging options.
- *
- **/
-void
-MHD_gtls_global_set_log_level (int level)
-{
-  MHD__gnutls_log_level = level;
-}
-
-int MHD__gnutls_is_secure_mem_null (const void *);
-
-static int MHD__gnutls_init_level = 0;
-
-/**
- * MHD__gnutls_global_init - This function initializes the global data to defaults.
- *
- * This function initializes the global data to defaults.
- * Every gnutls application has a global data which holds common parameters
- * shared by gnutls session structures.
- * You must call MHD__gnutls_global_deinit() when gnutls usage is no longer needed
- * Returns zero on success.
- *
- * Note that this function will also initialize libgcrypt, if it has not
- * been initialized before. Thus if you want to manually initialize libgcrypt
- * you must do it before calling this function. This is useful in cases you
- * want to disable libgcrypt's internal lockings etc.
- *
- * This function increment a global counter, so that
- * MHD__gnutls_global_deinit() only releases resources when it has been
- * called as many times as MHD__gnutls_global_init().  This is useful when
- * GnuTLS is used by more than one library in an application.  This
- * function can be called many times, but will only do something the
- * first time.
- *
- * Note!  This function is not thread safe.  If two threads call this
- * function simultaneously, they can cause a race between checking
- * the global counter and incrementing it, causing both threads to
- * execute the library initialization code.  That would lead to a
- * memory leak.  To handle this, your application could invoke this
- * function after aquiring a thread mutex.  To ignore the potential
- * memory leak is also an option.
- *
- **/
-int
-MHD__gnutls_global_init ()
-{
-  int result = 0;
-  int res;
-
-  if (MHD__gnutls_init_level++)
-    return 0;
-
-#if HAVE_WINSOCK
-  {
-    WORD requested;
-    WSADATA data;
-    int err;
-
-    requested = MAKEWORD (1, 1);
-    err = WSAStartup (requested, &data);
-    if (err != 0)
-      {
-        MHD__gnutls_debug_log ("WSAStartup failed: %d.\n", err);
-        return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
-      }
-
-    if (data.wVersion < requested)
-      {
-        MHD__gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n",
-                               data.wVersion, requested);
-        WSACleanup ();
-        return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
-      }
-  }
-#endif
-
-  /* bindtextdomain("mhd", "./"); */
-
-  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
-    {
-      const char *p;
-
-      /* to enable multi-threading this call must precede any other call made to libgcrypt */
-      gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
-
-      /* set p to point at the required version of gcrypt */
-      p = strchr (MHD_GCRYPT_VERSION, ':');
-      if (p == NULL)
-        p = MHD_GCRYPT_VERSION;
-      else
-        p++;
-
-      /* this call initializes libgcrypt */
-      if (gcry_check_version (p) == NULL)
-        {
-          MHD_gnutls_assert ();
-          MHD__gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p);
-          return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
-        }
-
-      /* for gcrypt in order to be able to allocate memory */
-      gcry_set_allocation_handler (MHD_gnutls_malloc,
-                                   MHD_gnutls_secure_malloc,
-                                   MHD__gnutls_is_secure_memory,
-                                   MHD_gnutls_realloc, MHD_gnutls_free);
-
-      /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */
-
-      gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
-
-    }
-
-  if (MHD_gc_init () != GC_OK)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_debug_log ("Initializing crypto backend failed\n");
-      return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY;
-    }
-
-  /* initialize parser
-   * This should not deal with files in the final
-   * version.
-   */
-  res =
-    MHD__asn1_array2tree (MHD_pkix_asn1_tab, &MHD__gnutls_pkix1_asn, NULL);
-  if (res != ASN1_SUCCESS)
-    {
-      result = MHD_gtls_asn2err (res);
-      return result;
-    }
-
-  res =
-    MHD__asn1_array2tree (MHD_gnutlsMHD__asn1_tab,
-                          &MHD__gnutlsMHD__gnutls_asn, NULL);
-  if (res != ASN1_SUCCESS)
-    {
-      MHD__asn1_delete_structure (&MHD__gnutls_pkix1_asn);
-      result = MHD_gtls_asn2err (res);
-      return result;
-    }
-
-  return result;
-}
-
-/**
- * MHD__gnutls_global_deinit - This function deinitializes the global data
- *
- * This function deinitializes the global data, that were initialized
- * using MHD__gnutls_global_init().
- *
- * Note!  This function is not thread safe.  See the discussion for
- * MHD__gnutls_global_init() for more information.
- *
- **/
-void
-MHD__gnutls_global_deinit ()
-{
-  if (MHD__gnutls_init_level == 1)
-    {
-#if HAVE_WINSOCK
-      WSACleanup ();
-#endif
-      MHD__asn1_delete_structure (&MHD__gnutlsMHD__gnutls_asn);
-      MHD__asn1_delete_structure (&MHD__gnutls_pkix1_asn);
-      MHD_gc_done ();
-    }
-  MHD__gnutls_init_level--;
-}
-
-/* These functions should be elsewere. Kept here for
- * historical reasons.
- */
-
-/**
- * MHD__gnutls_transport_set_pull_function - This function sets a read like function
- * @pull_func: a callback function similar to read()
- * @session: gnutls session
- *
- * This is the function where you set a function for gnutls
- * to receive data. Normally, if you use berkeley style sockets,
- * do not need to use this function since the default (recv(2)) will
- * probably be ok.
- *
- * PULL_FUNC is of the form,
- * ssize_t (*MHD_gtls_pull_func)(MHD_gnutls_transport_ptr_t, void*, size_t);
- **/
-void
-MHD__gnutls_transport_set_pull_function (MHD_gtls_session_t session,
-                                         MHD_gtls_pull_func pull_func)
-{
-  session->internals.MHD__gnutls_pull_func = pull_func;
-}
-
-/**
- * MHD__gnutls_transport_set_push_function - This function sets the function to send data
- * @push_func: a callback function similar to write()
- * @session: gnutls session
- *
- * This is the function where you set a push function for gnutls
- * to use in order to send data. If you are going to use berkeley style
- * sockets, you do not need to use this function since
- * the default (send(2)) will probably be ok. Otherwise you should
- * specify this function for gnutls to be able to send data.
- *
- * PUSH_FUNC is of the form,
- * ssize_t (*MHD_gtls_push_func)(MHD_gnutls_transport_ptr_t, const void*, size_t);
- **/
-void
-MHD__gnutls_transport_set_push_function (MHD_gtls_session_t session,
-                                         MHD_gtls_push_func push_func)
-{
-  session->internals.MHD__gnutls_push_func = push_func;
-}

src/daemon/https/tls/gnutls_global.h

@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_GLOBAL_H
-#define GNUTLS_GLOBAL_H
-
-#include "MHD_config.h"
-#include <libtasn1.h>
-#undef HAVE_CONFIG_H
-#include <pthread.h>
-#define HAVE_CONFIG_H 1
-
-/* this mutex is used to synchronize threads attempting to call MHD__gnutls_global_init / MHD__gnutls_global_deinit */
-extern pthread_mutex_t MHD_gnutls_init_mutex;
-
-int MHD_gnutls_is_secure_memory (const void *mem);
-
-extern ASN1_TYPE MHD__gnutls_pkix1_asn;
-extern ASN1_TYPE MHD__gnutlsMHD__gnutls_asn;
-
-#if !HAVE_MEMMEM
-extern void *memmem (void const *__haystack, size_t __haystack_len,
-                     void const *__needle, size_t __needle_len);
-#endif
-
-/* removed const from node_asn* to
- * prevent warnings, since libtasn1 doesn't
- * use the const keywork in its functions.
- */
-#define MHD__gnutls_getMHD__gnutls_asn() ((node_asn*) MHD__gnutlsMHD__gnutls_asn)
-#define MHD__gnutls_get_pkix() ((node_asn*) MHD__gnutls_pkix1_asn)
-
-#endif

src/daemon/https/tls/gnutls_handshake.c

@@ -1,2804 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions that relate to the TLS handshake procedure.
- */
-
-#include "MHD_config.h"
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "gnutls_dh.h"
-#include "debug.h"
-#include "gnutls_algorithms.h"
-#include "gnutls_cipher.h"
-#include "gnutls_buffers.h"
-#include "gnutls_kx.h"
-#include "gnutls_handshake.h"
-#include "gnutls_num.h"
-#include "gnutls_hash_int.h"
-#include "gnutls_extensions.h"
-#include "gnutls_supplemental.h"
-#include "gnutls_auth_int.h"
-#include "auth_cert.h"
-#include "gnutls_cert.h"
-#include "gnutls_constate.h"
-#include "gnutls_record.h"
-#include "gnutls_state.h"
-#include "gnutls_rsa_export.h"  /* for MHD_gnutls_get_rsa_params() */
-#include "gc.h"
-
-#ifdef HANDSHAKE_DEBUG
-#define ERR(x, y) MHD__gnutls_handshake_log( "HSK[%x]: %s (%d)\n", session, x,y)
-#else
-#define ERR(x, y)
-#endif
-
-#define TRUE 1
-#define FALSE 0
-
-
-/* This should be sufficient by now. It should hold all the extensions
- * plus the headers in a hello message.
- */
-#define MAX_EXT_DATA_LENGTH 1024
-
-
-static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
-                                                  cipher_suite_st **
-                                                  cipherSuites,
-                                                  int numCipherSuites,
-                                                  enum
-                                                  MHD_GNUTLS_PublicKeyAlgorithm);
-static int MHD_gtls_server_select_suite (MHD_gtls_session_t session,
-                                         opaque * data, int datalen);
-
-static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len);
-
-static int MHD_gtls_handshake_common (MHD_gtls_session_t session);
-
-static int MHD_gtls_handshake_server (MHD_gtls_session_t session);
-
-#if MHD_DEBUG_TLS
-static int MHD_gtls_handshake_client (MHD_gtls_session_t session);
-#endif
-
-
-static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
-                                                  opaque * data, int datalen);
-
-
-/* Clears the handshake hash buffers and handles.
- */
-static void
-MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session)
-{
-  MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL);
-  MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_sha, NULL);
-  session->internals.handshake_mac_handle_md5 = NULL;
-  session->internals.handshake_mac_handle_sha = NULL;
-  MHD_gtls_handshake_buffer_clear (session);
-}
-
-/**
-  * gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message
-  * @session: is a #gnutls_session_t structure.
-  * @max: is the maximum number.
-  *
-  * This function will set the maximum size of a handshake message.
-  * Handshake messages over this size are rejected.
-  * The default value is 16kb which is large enough. Set this to 0 if you do not want
-  * to set an upper limit.
-  *
-  **/
-void
-MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session,
-                                             size_t max)
-{
-  session->internals.max_handshake_data_buffer_size = max;
-}
-
-
-static void
-MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd)
-{
-  memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE);
-}
-
-static void
-MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd)
-{
-  memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
-}
-
-/* Calculate The SSL3 Finished message */
-#define SSL3_CLIENT_MSG "CLNT"
-#define SSL3_SERVER_MSG "SRVR"
-#define SSL_MSG_LEN 4
-static int
-MHD__gnutls_ssl3_finished (MHD_gtls_session_t session, int type, opaque * ret)
-{
-  const int siz = SSL_MSG_LEN;
-  mac_hd_t td_md5;
-  mac_hd_t td_sha;
-  const char *mesg;
-
-  td_md5 = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
-  if (td_md5 == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
-  if (td_sha == NULL)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_hash_deinit (td_md5, NULL);
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  if (type == GNUTLS_SERVER)
-    {
-      mesg = SSL3_SERVER_MSG;
-    }
-  else
-    {
-      mesg = SSL3_CLIENT_MSG;
-    }
-
-  MHD_gnutls_hash (td_md5, mesg, siz);
-  MHD_gnutls_hash (td_sha, mesg, siz);
-
-  MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, ret,
-                                        session->security_parameters.
-                                        master_secret, TLS_MASTER_SIZE);
-  MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &ret[16],
-                                        session->security_parameters.
-                                        master_secret, TLS_MASTER_SIZE);
-
-  return 0;
-}
-
-/* Hash the handshake messages as required by TLS 1.0 */
-#define SERVER_MSG "server finished"
-#define CLIENT_MSG "client finished"
-#define TLS_MSG_LEN 15
-static int
-MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret)
-{
-  const int siz = TLS_MSG_LEN;
-  opaque concat[36];
-  size_t len;
-  const char *mesg;
-  mac_hd_t td_md5 = NULL;
-  mac_hd_t td_sha;
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      td_md5 =
-        MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
-      if (td_md5 == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_HASH_FAILED;
-        }
-    }
-
-  td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
-  if (td_sha == NULL)
-    {
-      MHD_gnutls_assert ();
-      if (td_md5 != NULL)
-        MHD_gnutls_hash_deinit (td_md5, NULL);
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      MHD_gnutls_hash_deinit (td_md5, concat);
-      MHD_gnutls_hash_deinit (td_sha, &concat[16]);
-      len = 20 + 16;
-    }
-  else
-    {
-      MHD_gnutls_hash_deinit (td_sha, concat);
-      len = 20;
-    }
-
-  if (type == GNUTLS_SERVER)
-    {
-      mesg = SERVER_MSG;
-    }
-  else
-    {
-      mesg = CLIENT_MSG;
-    }
-
-  return MHD_gtls_PRF (session, session->security_parameters.master_secret,
-                       TLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret);
-}
-
-/* this function will produce TLS_RANDOM_SIZE==32 bytes of random data
- * and put it to dst.
- */
-static int
-MHD_gtls_tls_create_random (opaque * dst)
-{
-  uint32_t tim;
-
-  /* Use weak random numbers for the most of the
-   * buffer except for the first 4 that are the
-   * system's time.
-   */
-
-  tim = time (NULL);
-  /* generate server random value */
-  MHD_gtls_write_uint32 (tim, dst);
-
-  if (MHD_gc_nonce ((char *) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
-    }
-
-  return 0;
-}
-
-/* returns the 0 on success or a negative value.
- */
-static int
-MHD_gtls_negotiate_version (MHD_gtls_session_t session,
-                            enum MHD_GNUTLS_Protocol adv_version)
-{
-  int ret;
-
-  /* if we do not support that version  */
-  if (MHD_gtls_version_is_supported (session, adv_version) == 0)
-    {
-      /* If he requested something we do not support
-       * then we send him the highest we support.
-       */
-      ret = MHD_gtls_version_max (session);
-    }
-  else
-    {
-      ret = adv_version;
-    }
-  MHD_gtls_set_current_version (session, ret);
-
-  return ret;
-}
-
-/* Read a client hello packet.
- * A client hello must be a known version client hello
- * or version 2.0 client hello (only for compatibility
- * since SSL version 2.0 is not supported).
- */
-static int
-MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data,
-                               int datalen)
-{
-  uint8_t session_id_len;
-  int pos = 0, ret = 0;
-  uint16_t suite_size, comp_size;
-  enum MHD_GNUTLS_Protocol adv_version;
-  int neg_version;
-  int len = datalen;
-  opaque rnd[TLS_RANDOM_SIZE], *suite_ptr, *comp_ptr;
-
-  DECR_LEN (len, 2);
-
-  MHD__gnutls_handshake_log ("HSK[%x]: Client's version: %d.%d\n", session,
-                             data[pos], data[pos + 1]);
-
-  adv_version = MHD_gtls_version_get (data[pos], data[pos + 1]);
-  set_adv_version (session, data[pos], data[pos + 1]);
-  pos += 2;
-
-  neg_version = MHD_gtls_negotiate_version (session, adv_version);
-  if (neg_version < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* Read client random value.
-   */
-  DECR_LEN (len, TLS_RANDOM_SIZE);
-  MHD_gtls_set_client_random (session, &data[pos]);
-  pos += TLS_RANDOM_SIZE;
-
-  MHD_gtls_tls_create_random (rnd);
-  MHD_gtls_set_server_random (session, rnd);
-
-  session->security_parameters.timestamp = time (NULL);
-
-  DECR_LEN (len, 1);
-  session_id_len = data[pos++];
-
-  /* RESUME SESSION */
-  if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-  DECR_LEN (len, session_id_len);
-
-  pos += session_id_len;
-
-  MHD_gtls_generate_session_id (session->security_parameters.session_id,
-                                &session->security_parameters.
-                                session_id_size);
-
-  session->internals.resumed = RESUME_FALSE;
-  /* Remember ciphersuites for later
-   */
-  DECR_LEN (len, 2);
-  suite_size = MHD_gtls_read_uint16 (&data[pos]);
-  pos += 2;
-
-  DECR_LEN (len, suite_size);
-  suite_ptr = &data[pos];
-  pos += suite_size;
-
-  /* Point to the compression methods
-   */
-  DECR_LEN (len, 1);
-  comp_size = data[pos++];      /* z is the number of compression methods */
-
-  DECR_LEN (len, comp_size);
-  comp_ptr = &data[pos];
-  pos += comp_size;
-
-  /* Parse the extensions (if any)
-   */
-  if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0)
-    {
-      ret = MHD_gtls_parse_extensions (session, EXTENSION_APPLICATION, &data[pos], len);        /* len is the rest of the parsed length */
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-
-  if (neg_version >= MHD_GNUTLS_PROTOCOL_TLS1_0)
-    {
-      ret = MHD_gtls_parse_extensions (session, EXTENSION_TLS, &data[pos], len);        /* len is the rest of the parsed length */
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-
-  /* select an appropriate cipher suite
-   */
-  ret = MHD_gtls_server_select_suite (session, suite_ptr, suite_size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* select appropriate compression method */
-  ret = MHD__gnutls_server_select_comp_method (session, comp_ptr, comp_size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}
-
-/* here we hash all pending data.
- */
-static int
-MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session)
-{
-  size_t siz;
-  int ret;
-  opaque *data;
-
-  if (session->internals.handshake_mac_handle_sha == NULL ||
-      session->internals.handshake_mac_handle_md5 == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* We check if there are pending data to hash.
-   */
-  if ((ret = MHD_gtls_handshake_buffer_get_ptr (session, &data, &siz)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  if (siz > 0)
-    {
-      MHD_gnutls_hash (session->internals.handshake_mac_handle_sha, data,
-                       siz);
-      MHD_gnutls_hash (session->internals.handshake_mac_handle_md5, data,
-                       siz);
-    }
-
-  MHD_gtls_handshake_buffer_empty (session);
-
-  return 0;
-}
-
-
-/* This is to be called after sending CHANGE CIPHER SPEC packet
- * and initializing encryption. This is the first encrypted message
- * we send.
- */
-static int
-MHD__gnutls_send_finished (MHD_gtls_session_t session, int again)
-{
-  uint8_t data[36];
-  int ret;
-  int data_size = 0;
-
-
-  if (again == 0)
-    {
-
-      /* This is needed in order to hash all the required
-       * messages.
-       */
-      if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      if (MHD__gnutls_protocol_get_version (session) ==
-          MHD_GNUTLS_PROTOCOL_SSL3)
-        {
-          ret =
-            MHD__gnutls_ssl3_finished (session,
-                                       session->security_parameters.entity,
-                                       data);
-          data_size = 36;
-        }
-      else
-        {                       /* TLS 1.0 */
-          ret =
-            MHD__gnutls_finished (session,
-                                  session->security_parameters.entity, data);
-          data_size = 12;
-        }
-
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    }
-
-  ret =
-    MHD_gtls_send_handshake (session, data, data_size,
-                             GNUTLS_HANDSHAKE_FINISHED);
-
-  return ret;
-}
-
-/* This is to be called after sending our finished message. If everything
- * went fine we have negotiated a secure connection
- */
-static int
-MHD__gnutls_recv_finished (MHD_gtls_session_t session)
-{
-  uint8_t data[36], *vrfy;
-  int data_size;
-  int ret;
-  int vrfysize;
-
-  ret =
-    MHD_gtls_recv_handshake (session, &vrfy, &vrfysize,
-                             GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET);
-  if (ret < 0)
-    {
-      ERR ("recv finished int", ret);
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-
-  if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      data_size = 36;
-    }
-  else
-    {
-      data_size = 12;
-    }
-
-  if (vrfysize != data_size)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (vrfy);
-      return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
-    }
-
-  if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      ret =
-        MHD__gnutls_ssl3_finished (session,
-                                   (session->security_parameters.entity +
-                                    1) % 2, data);
-    }
-  else
-    {                           /* TLS 1.0 */
-      ret =
-        MHD__gnutls_finished (session,
-                              (session->security_parameters.entity +
-                               1) % 2, data);
-    }
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (vrfy);
-      return ret;
-    }
-
-  if (memcmp (vrfy, data, data_size) != 0)
-    {
-      MHD_gnutls_assert ();
-      ret = GNUTLS_E_ERROR_IN_FINISHED_PACKET;
-    }
-  MHD_gnutls_free (vrfy);
-
-  return ret;
-}
-
-/* returns PK_RSA if the given cipher suite list only supports,
- * RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
- */
-static int
-MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
-                                                  data, int datalen)
-{
-  int j;
-  enum MHD_GNUTLS_PublicKeyAlgorithm algo = GNUTLS_PK_NONE, prev_algo = 0;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kx;
-  cipher_suite_st cs;
-
-  if (datalen % 2 != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  for (j = 0; j < datalen; j += 2)
-    {
-      memcpy (&cs.suite, &data[j], 2);
-      kx = MHD_gtls_cipher_suite_get_kx_algo (&cs);
-
-      if (MHD_gtls_map_kx_get_cred (kx, 1) == MHD_GNUTLS_CRD_CERTIFICATE)
-        {
-          algo = MHD_gtls_map_pk_get_pk (kx);
-
-          if (algo != prev_algo && prev_algo != 0)
-            return GNUTLS_PK_ANY;
-          prev_algo = algo;
-        }
-    }
-
-  return algo;
-}
-
-
-/* This selects the best supported ciphersuite from the given ones. Then
- * it adds the suite to the session and performs some checks.
- */
-static int
-MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
-                              int datalen)
-{
-  int x, i, j;
-  cipher_suite_st *ciphers, cs;
-  int retval, err;
-  enum MHD_GNUTLS_PublicKeyAlgorithm pk_algo;   /* will hold the pk algorithms
-                                                 * supported by the peer.
-                                                 */
-
-  pk_algo = MHD__gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
-
-  x = MHD_gtls_supported_ciphersuites (session, &ciphers);
-  if (x < 0)
-    {                           /* the case x==0 is handled within the function. */
-      MHD_gnutls_assert ();
-      return x;
-    }
-
-  /* Here we remove any ciphersuite that does not conform
-   * the certificate requested, or to the
-   * authentication requested (e.g. SRP).
-   */
-  x = MHD_gtls_remove_unwanted_ciphersuites (session, &ciphers, x, pk_algo);
-  if (x <= 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (ciphers);
-      if (x < 0)
-        return x;
-      else
-        return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
-    }
-
-  /* Data length should be zero mod 2 since
-   * every ciphersuite is 2 bytes. (this check is needed
-   * see below).
-   */
-  if (datalen % 2 != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-  memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
-
-  retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
-
-  for (j = 0; j < datalen; j += 2)
-    {
-      for (i = 0; i < x; i++)
-        {
-          if (memcmp (ciphers[i].suite, &data[j], 2) == 0)
-            {
-              memcpy (&cs.suite, &data[j], 2);
-
-              MHD__gnutls_handshake_log
-                ("HSK[%x]: Selected cipher suite: %s\n", session,
-                 MHD_gtls_cipher_suite_get_name (&cs));
-              memcpy (session->security_parameters.current_cipher_suite.suite,
-                      ciphers[i].suite, 2);
-              retval = 0;
-              goto finish;
-            }
-        }
-    }
-
-finish:
-  MHD_gnutls_free (ciphers);
-
-  if (retval != 0)
-    {
-      MHD_gnutls_assert ();
-      return retval;
-    }
-
-  /* check if the credentials (username, public key etc.) are ok
-   */
-  if (MHD_gtls_get_kx_cred
-      (session,
-       MHD_gtls_cipher_suite_get_kx_algo (&session->security_parameters.
-                                          current_cipher_suite), &err) == NULL
-      && err != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-
-  /* set the MHD_gtls_mod_auth_st to the appropriate struct
-   * according to the KX algorithm. This is needed since all the
-   * handshake functions are read from there;
-   */
-  session->internals.auth_struct =
-    MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo
-                             (&session->security_parameters.
-                              current_cipher_suite));
-  if (session->internals.auth_struct == NULL)
-    {
-
-      MHD__gnutls_handshake_log
-        ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n",
-         session);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  return 0;
-
-}
-
-
-/* This selects the best supported compression method from the ones provided
- */
-static int
-MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
-                                       opaque * data, int datalen)
-{
-  int x, i, j;
-  uint8_t *comps;
-
-  x = MHD_gtls_supported_compression_methods (session, &comps);
-  if (x < 0)
-    {
-      MHD_gnutls_assert ();
-      return x;
-    }
-
-  memset (&session->internals.compression_method, 0,
-          sizeof (enum MHD_GNUTLS_CompressionMethod));
-
-  for (j = 0; j < datalen; j++)
-    {
-      for (i = 0; i < x; i++)
-        {
-          if (comps[i] == data[j])
-            {
-              enum MHD_GNUTLS_CompressionMethod method =
-                MHD_gtls_compression_get_id_from_int (comps[i]);
-
-              session->internals.compression_method = method;
-              MHD_gnutls_free (comps);
-              return 0;
-            }
-        }
-    }
-
-  /* we were not able to find a compatible compression
-   * algorithm
-   */
-  MHD_gnutls_free (comps);
-  MHD_gnutls_assert ();
-  return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-
-}
-
-/* This function sends an empty handshake packet. (like hello request).
- * If the previous MHD__gnutls_send_empty_handshake() returned
- * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
- * (until it returns ok), with NULL parameters.
- */
-static int
-MHD__gnutls_send_empty_handshake (MHD_gtls_session_t session,
-                                  MHD_gnutls_handshake_description_t type,
-                                  int again)
-{
-  opaque data = 0;
-  opaque *ptr;
-
-  if (again == 0)
-    ptr = &data;
-  else
-    ptr = NULL;
-
-  return MHD_gtls_send_handshake (session, ptr, 0, type);
-}
-
-
-/* This function will hash the handshake message we sent. */
-static int
-MHD__gnutls_handshake_hash_add_sent (MHD_gtls_session_t session,
-                                     MHD_gnutls_handshake_description_t type,
-                                     opaque * dataptr, uint32_t datalen)
-{
-  int ret;
-
-  if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
-    {
-      MHD_gnutls_hash (session->internals.handshake_mac_handle_sha, dataptr,
-                       datalen);
-      MHD_gnutls_hash (session->internals.handshake_mac_handle_md5, dataptr,
-                       datalen);
-    }
-
-  return 0;
-}
-
-
-/* This function sends a handshake message of type 'type' containing the
- * data specified here. If the previous MHD_gtls_send_handshake() returned
- * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
- * (until it returns ok), with NULL parameters.
- */
-int
-MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data,
-                         uint32_t i_datasize,
-                         MHD_gnutls_handshake_description_t type)
-{
-  int ret;
-  uint8_t *data;
-  uint32_t datasize;
-  int pos = 0;
-
-  if (i_data == NULL && i_datasize == 0)
-    {
-      /* we are resuming a previously interrupted
-       * send.
-       */
-      ret = MHD_gtls_handshake_io_write_flush (session);
-      return ret;
-
-    }
-
-  if (i_data == NULL && i_datasize > 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  /* first run */
-  datasize = i_datasize + HANDSHAKE_HEADER_SIZE;
-  data = MHD_gnutls_alloca (datasize);
-  if (data == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  data[pos++] = (uint8_t) type;
-  MHD_gtls_write_uint24 (i_datasize, &data[pos]);
-  pos += 3;
-
-  if (i_datasize > 0)
-    memcpy (&data[pos], i_data, i_datasize);
-
-  /* Here we keep the handshake messages in order to hash them...
-   */
-  if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
-    if ((ret =
-         MHD__gnutls_handshake_hash_add_sent (session, type, data,
-                                              datasize)) < 0)
-      {
-        MHD_gnutls_assert ();
-        MHD_gnutls_afree (data);
-        return ret;
-      }
-
-  session->internals.last_handshake_out = type;
-
-  ret =
-    MHD_gtls_handshake_io_send_int (session, GNUTLS_HANDSHAKE, type,
-                                    data, datasize);
-
-  MHD__gnutls_handshake_log ("HSK[%x]: %s was sent [%ld bytes]\n",
-                             session, MHD__gnutls_handshake2str (type),
-                             (long) datasize);
-
-  MHD_gnutls_afree (data);
-
-  return ret;
-}
-
-/* This function will read the handshake header and return it to the caller. If the
- * received handshake packet is not the one expected then it buffers the header, and
- * returns UNEXPECTED_HANDSHAKE_PACKET.
- *
- * FIXME: This function is complex.
- */
-#define SSL2_HEADERS 1
-static int
-MHD__gnutls_recv_handshake_header (MHD_gtls_session_t session,
-                                   MHD_gnutls_handshake_description_t type,
-                                   MHD_gnutls_handshake_description_t *
-                                   recv_type)
-{
-  int ret;
-  uint32_t length32 = 0;
-  uint8_t *dataptr = NULL;      /* for realloc */
-  size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
-
-  /* if we have data into the buffer then return them, do not read the next packet.
-   * In order to return we need a full TLS handshake header, or in case of a version 2
-   * packet, then we return the first byte.
-   */
-  if (session->internals.handshake_header_buffer.header_size ==
-      handshake_header_size || (session->internals.v2_hello != 0
-                                && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
-                                && session->internals.
-                                handshake_header_buffer.packet_length > 0))
-    {
-
-      *recv_type = session->internals.handshake_header_buffer.recv_type;
-
-      return session->internals.handshake_header_buffer.packet_length;
-    }
-
-  /* Note: SSL2_HEADERS == 1 */
-
-  dataptr = session->internals.handshake_header_buffer.header;
-
-  /* If we haven't already read the handshake headers.
-   */
-  if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS)
-    {
-      ret =
-        MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
-                                        type, dataptr, SSL2_HEADERS);
-
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      /* The case ret==0 is caught here.
-       */
-      if (ret != SSL2_HEADERS)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-      session->internals.handshake_header_buffer.header_size = SSL2_HEADERS;
-    }
-
-  if (session->internals.v2_hello == 0
-      || type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
-    {
-      ret =
-        MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
-                                        type,
-                                        &dataptr
-                                        [session->internals.
-                                         handshake_header_buffer.header_size],
-                                        HANDSHAKE_HEADER_SIZE -
-                                        session->internals.
-                                        handshake_header_buffer.header_size);
-      if (ret <= 0)
-        {
-          MHD_gnutls_assert ();
-          return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-      if ((size_t) ret !=
-          HANDSHAKE_HEADER_SIZE -
-          session->internals.handshake_header_buffer.header_size)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-      *recv_type = dataptr[0];
-
-      /* we do not use DECR_LEN because we know
-       * that the packet has enough data.
-       */
-      length32 = MHD_gtls_read_uint24 (&dataptr[1]);
-      handshake_header_size = HANDSHAKE_HEADER_SIZE;
-
-      MHD__gnutls_handshake_log ("HSK[%x]: %s was received [%ld bytes]\n",
-                                 session,
-                                 MHD__gnutls_handshake2str (dataptr[0]),
-                                 length32 + HANDSHAKE_HEADER_SIZE);
-
-    }
-  else
-    {                           /* v2 hello */
-      length32 = session->internals.v2_hello - SSL2_HEADERS;    /* we've read the first byte */
-
-      handshake_header_size = SSL2_HEADERS;     /* we've already read one byte */
-
-      *recv_type = dataptr[0];
-
-      MHD__gnutls_handshake_log ("HSK[%x]: %s(v2) was received [%ld bytes]\n",
-                                 session,
-                                 MHD__gnutls_handshake2str (*recv_type),
-                                 length32 + handshake_header_size);
-
-      if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
-        {                       /* it should be one or nothing */
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
-        }
-    }
-
-  /* put the packet into the buffer */
-  session->internals.handshake_header_buffer.header_size =
-    handshake_header_size;
-  session->internals.handshake_header_buffer.packet_length = length32;
-  session->internals.handshake_header_buffer.recv_type = *recv_type;
-
-  if (*recv_type != type)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
-    }
-
-  return length32;
-}
-
-#define MHD__gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0
-
-/* This function will hash the handshake headers and the
- * handshake data.
- */
-static int
-MHD__gnutls_handshake_hash_add_recvd (MHD_gtls_session_t session,
-                                      MHD_gnutls_handshake_description_t
-                                      recv_type, opaque * header,
-                                      uint16_t header_size, opaque * dataptr,
-                                      uint32_t datalen)
-{
-  int ret;
-
-  /* The idea here is to hash the previous message we received,
-   * and add the one we just received into the handshake_hash_buffer.
-   */
-
-  if ((ret = MHD__gnutls_handshake_hash_pending (session)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* here we buffer the handshake messages - needed at Finished message */
-  if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
-    {
-
-      if ((ret =
-           MHD_gtls_handshake_buffer_put (session, header, header_size)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      if (datalen > 0)
-        {
-          if ((ret =
-               MHD_gtls_handshake_buffer_put (session, dataptr, datalen)) < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-        }
-    }
-
-  return 0;
-}
-
-/* This function will receive handshake messages of the given types,
- * and will pass the message to the right place in order to be processed.
- * E.g. for the SERVER_HELLO message (if it is expected), it will be
- * passed to MHD_gtls_recv_hello().
- */
-int
-MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data,
-                         int *datalen,
-                         MHD_gnutls_handshake_description_t type,
-                         Optional optional)
-{
-  int ret;
-  uint32_t length32 = 0;
-  opaque *dataptr = NULL;
-  MHD_gnutls_handshake_description_t recv_type;
-
-  ret = MHD__gnutls_recv_handshake_header (session, type, &recv_type);
-  if (ret < 0)
-    {
-
-      if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
-          && optional == OPTIONAL_PACKET)
-        {
-          if (datalen != NULL)
-            *datalen = 0;
-          if (data != NULL)
-            *data = NULL;
-          return 0;             /* ok just ignore the packet */
-        }
-
-      return ret;
-    }
-
-  session->internals.last_handshake_in = recv_type;
-
-  length32 = ret;
-
-  if (length32 > 0)
-    dataptr = MHD_gnutls_malloc (length32);
-  else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  if (dataptr == NULL && length32 > 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  if (datalen != NULL)
-    *datalen = length32;
-
-  if (length32 > 0)
-    {
-      ret =
-        MHD_gtls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
-                                        type, dataptr, length32);
-      if (ret <= 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (dataptr);
-          return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret;
-        }
-    }
-
-  if (data != NULL && length32 > 0)
-    *data = dataptr;
-
-
-  ret = MHD__gnutls_handshake_hash_add_recvd (session, recv_type,
-                                              session->internals.
-                                              handshake_header_buffer.header,
-                                              session->internals.
-                                              handshake_header_buffer.header_size,
-                                              dataptr, length32);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_handshake_header_buffer_clear (session);
-      return ret;
-    }
-
-  /* If we fail before this then we will reuse the handshake header
-   * have have received above. if we get here the we clear the handshake
-   * header we received.
-   */
-  MHD__gnutls_handshake_header_buffer_clear (session);
-
-  switch (recv_type)
-    {
-    case GNUTLS_HANDSHAKE_CLIENT_HELLO:
-    case GNUTLS_HANDSHAKE_SERVER_HELLO:
-      ret = MHD_gtls_recv_hello (session, dataptr, length32);
-      /* dataptr is freed because the caller does not
-       * need it */
-      MHD_gnutls_free (dataptr);
-      if (data != NULL)
-        *data = NULL;
-      break;
-    case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
-      if (length32 == 0)
-        ret = 0;
-      else
-        ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-      break;
-    case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
-    case GNUTLS_HANDSHAKE_FINISHED:
-    case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
-    case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
-    case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
-    case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
-    case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
-      ret = length32;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (dataptr);
-      if (data != NULL)
-        *data = NULL;
-      ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
-    }
-
-  return ret;
-}
-
-#if MHD_DEBUG_TLS
-/* This function checks if the given cipher suite is supported, and sets it
- * to the session;
- */
-static int
-MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session,
-                                    opaque suite[2])
-{
-  uint8_t z;
-  cipher_suite_st *cipher_suites;
-  int cipher_suite_num;
-  int i, err;
-
-  z = 1;
-  cipher_suite_num =
-    MHD_gtls_supported_ciphersuites (session, &cipher_suites);
-  if (cipher_suite_num < 0)
-    {
-      MHD_gnutls_assert ();
-      return cipher_suite_num;
-    }
-
-  for (i = 0; i < cipher_suite_num; i++)
-    {
-      if (memcmp (&cipher_suites[i], suite, 2) == 0)
-        {
-          z = 0;
-          break;
-        }
-    }
-
-  MHD_gnutls_free (cipher_suites);
-
-  if (z != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
-    }
-
-  memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2);
-
-  MHD__gnutls_handshake_log ("HSK[%x]: Selected cipher suite: %s\n", session,
-                             MHD_gtls_cipher_suite_get_name
-                             (&session->security_parameters.
-                              current_cipher_suite));
-
-
-  /* check if the credentials (username, public key etc.) are ok.
-   * Actually checks if they exist.
-   */
-  if (MHD_gtls_get_kx_cred
-      (session,
-       MHD_gtls_cipher_suite_get_kx_algo
-       (&session->security_parameters.current_cipher_suite), &err) == NULL
-      && err != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-
-  /* set the MHD_gtls_mod_auth_st to the appropriate struct
-   * according to the KX algorithm. This is needed since all the
-   * handshake functions are read from there;
-   */
-  session->internals.auth_struct =
-    MHD_gtls_kx_auth_struct (MHD_gtls_cipher_suite_get_kx_algo
-                             (&session->security_parameters.
-                              current_cipher_suite));
-
-  if (session->internals.auth_struct == NULL)
-    {
-
-      MHD__gnutls_handshake_log
-        ("HSK[%x]: Cannot find the appropriate handler for the KX algorithm\n",
-         session);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-
-  return 0;
-}
-
-
-/* This function sets the given comp method to the session.
- */
-static int
-MHD__gnutls_client_set_comp_method (MHD_gtls_session_t session,
-                                    opaque comp_method)
-{
-  int comp_methods_num;
-  uint8_t *compression_methods;
-  int i;
-
-  comp_methods_num = MHD_gtls_supported_compression_methods (session,
-                                                             &compression_methods);
-  if (comp_methods_num < 0)
-    {
-      MHD_gnutls_assert ();
-      return comp_methods_num;
-    }
-
-  for (i = 0; i < comp_methods_num; i++)
-    {
-      if (compression_methods[i] == comp_method)
-        {
-          comp_methods_num = 0;
-          break;
-        }
-    }
-
-  MHD_gnutls_free (compression_methods);
-
-  if (comp_methods_num != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-    }
-
-  session->internals.compression_method =
-    MHD_gtls_compression_get_id_from_int (comp_method);
-
-
-  return 0;
-}
-
-/* This function returns 0 if we are resuming a session or -1 otherwise.
- * This also sets the variables in the session. Used only while reading a server
- * hello.
- */
-static int
-MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session,
-                                      opaque * session_id, int session_id_len)
-{
-  opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
-
-  MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session,
-                             session_id_len);
-  MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
-                             MHD_gtls_bin2hex (session_id, session_id_len,
-                                               (char *) buf, sizeof (buf)));
-
-  if (session_id_len > 0 &&
-      session->internals.resumed_security_parameters.session_id_size ==
-      session_id_len
-      && memcmp (session_id,
-                 session->internals.resumed_security_parameters.session_id,
-                 session_id_len) == 0)
-    {
-      /* resume session */
-      memcpy (session->internals.resumed_security_parameters.server_random,
-              session->security_parameters.server_random, TLS_RANDOM_SIZE);
-      memcpy (session->internals.resumed_security_parameters.client_random,
-              session->security_parameters.client_random, TLS_RANDOM_SIZE);
-      session->internals.resumed = RESUME_TRUE; /* we are resuming */
-
-      return 0;
-    }
-  else
-    {
-      /* keep the new session id */
-      session->internals.resumed = RESUME_FALSE;        /* we are not resuming */
-      session->security_parameters.session_id_size = session_id_len;
-      memcpy (session->security_parameters.session_id,
-              session_id, session_id_len);
-
-      return -1;
-    }
-}
-
-/* This function reads and parses the server hello handshake message.
- * This function also restores resumed parameters if we are resuming a
- * session.
- */
-static int
-MHD__gnutls_read_server_hello (MHD_gtls_session_t session,
-                               opaque * data, int datalen)
-{
-  uint8_t session_id_len = 0;
-  int pos = 0;
-  int ret = 0;
-  enum MHD_GNUTLS_Protocol version;
-  int len = datalen;
-
-  if (datalen < 38)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  MHD__gnutls_handshake_log ("HSK[%x]: Server's version: %d.%d\n",
-                             session, data[pos], data[pos + 1]);
-
-  DECR_LEN (len, 2);
-  version = MHD_gtls_version_get (data[pos], data[pos + 1]);
-  if (MHD_gtls_version_is_supported (session, version) == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
-    }
-  else
-    {
-      MHD_gtls_set_current_version (session, version);
-    }
-
-  pos += 2;
-
-  DECR_LEN (len, TLS_RANDOM_SIZE);
-  MHD_gtls_set_server_random (session, &data[pos]);
-  pos += TLS_RANDOM_SIZE;
-
-
-  /* Read session ID
-   */
-  DECR_LEN (len, 1);
-  session_id_len = data[pos++];
-
-  if (len < session_id_len)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
-    }
-  DECR_LEN (len, session_id_len);
-
-
-  /* check if we are resuming and set the appropriate
-   * values;
-   */
-  if (MHD__gnutls_client_check_if_resuming
-      (session, &data[pos], session_id_len) == 0)
-    return 0;
-  pos += session_id_len;
-
-
-  /* Check if the given cipher suite is supported and copy
-   * it to the session.
-   */
-
-  DECR_LEN (len, 2);
-  ret = MHD__gnutls_client_set_ciphersuite (session, &data[pos]);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  pos += 2;
-
-
-
-  /* move to compression   */
-  DECR_LEN (len, 1);
-
-  ret = MHD__gnutls_client_set_comp_method (session, data[pos++]);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
-    }
-
-  /* Parse extensions.
-   */
-  if (version >= MHD_GNUTLS_PROTOCOL_TLS1_0)
-    {
-      ret = MHD_gtls_parse_extensions (session, EXTENSION_ANY, &data[pos], len);        /* len is the rest of the parsed length */
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-  return ret;
-}
-
-
-/* This function copies the appropriate ciphersuites to a locally allocated buffer
- * Needed in client hello messages. Returns the new data length.
- */
-int
-MHD__gnutls_copy_ciphersuites (MHD_gtls_session_t session,
-                               opaque * ret_data, size_t ret_data_size)
-{
-  int ret, i;
-  cipher_suite_st *cipher_suites;
-  uint16_t cipher_num;
-  int datalen, pos;
-
-  ret = MHD_gtls_supported_ciphersuites_sorted (session, &cipher_suites);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* Here we remove any ciphersuite that does not conform
-   * the certificate requested, or to the
-   * authentication requested (eg SRP).
-   */
-  ret =
-    MHD_gtls_remove_unwanted_ciphersuites (session, &cipher_suites, ret, -1);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (cipher_suites);
-      return ret;
-    }
-
-  /* If no cipher suites were enabled.
-   */
-  if (ret == 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (cipher_suites);
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-
-  cipher_num = ret;
-
-  cipher_num *= sizeof (uint16_t);      /* in order to get bytes */
-
-  datalen = pos = 0;
-
-  datalen += sizeof (uint16_t) + cipher_num;
-
-  if ((size_t) datalen > ret_data_size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  MHD_gtls_write_uint16 (cipher_num, ret_data);
-  pos += 2;
-
-  for (i = 0; i < (cipher_num / 2); i++)
-    {
-      memcpy (&ret_data[pos], cipher_suites[i].suite, 2);
-      pos += 2;
-    }
-  MHD_gnutls_free (cipher_suites);
-
-  return datalen;
-}
-
-/* This function copies the appropriate compression methods, to a locally allocated buffer
- * Needed in hello messages. Returns the new data length.
- */
-static int
-MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session,
-                               opaque * ret_data, size_t ret_data_size)
-{
-  int ret, i;
-  uint8_t *compression_methods, comp_num;
-  int datalen, pos;
-
-  ret =
-    MHD_gtls_supported_compression_methods (session, &compression_methods);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  comp_num = ret;
-
-  datalen = pos = 0;
-  datalen += comp_num + 1;
-
-  if ((size_t) datalen > ret_data_size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  ret_data[pos++] = comp_num;   /* put the number of compression methods */
-
-  for (i = 0; i < comp_num; i++)
-    {
-      ret_data[pos++] = compression_methods[i];
-    }
-
-  MHD_gnutls_free (compression_methods);
-
-  return datalen;
-}
-
-static void
-MHD_gtls_set_adv_version (MHD_gtls_session_t session,
-                          enum MHD_GNUTLS_Protocol ver)
-{
-  set_adv_version (session, MHD_gtls_version_get_major (ver),
-                   MHD_gtls_version_get_minor (ver));
-}
-
-/* This function sends the client hello handshake message.
- */
-static int
-MHD__gnutls_send_client_hello (MHD_gtls_session_t session, int again)
-{
-  opaque *data = NULL;
-  int extdatalen;
-  int pos = 0;
-  int datalen = 0, ret = 0;
-  opaque rnd[TLS_RANDOM_SIZE];
-  enum MHD_GNUTLS_Protocol hver;
-  opaque extdata[MAX_EXT_DATA_LENGTH];
-
-  opaque *SessionID =
-    session->internals.resumed_security_parameters.session_id;
-  uint8_t session_id_len =
-    session->internals.resumed_security_parameters.session_id_size;
-
-  if (SessionID == NULL)
-    session_id_len = 0;
-  else if (session_id_len == 0)
-    SessionID = NULL;
-
-  if (again == 0)
-    {
-
-      datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE;
-      /* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE)
-       */
-
-      data = MHD_gnutls_malloc (datalen);
-      if (data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      /* if we are resuming a session then we set the
-       * version number to the previously established.
-       */
-      if (SessionID == NULL)
-        hver = MHD_gtls_version_max (session);
-      else
-        {                       /* we are resuming a session */
-          hver = session->internals.resumed_security_parameters.version;
-        }
-
-      if (hver == MHD_GNUTLS_PROTOCOL_VERSION_UNKNOWN || hver == 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (data);
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      data[pos++] = MHD_gtls_version_get_major (hver);
-      data[pos++] = MHD_gtls_version_get_minor (hver);
-
-      /* Set the version we advertized as maximum
-       * (RSA uses it).
-       */
-      MHD_gtls_set_adv_version (session, hver);
-
-      /* Some old implementations do not interoperate if we send a
-       * different version in the record layer.
-       * It seems they prefer to read the record's version
-       * as the one we actually requested.
-       * The proper behaviour is to use the one in the client hello
-       * handshake packet and ignore the one in the packet's record
-       * header.
-       */
-      MHD_gtls_set_current_version (session, hver);
-
-      /* In order to know when this session was initiated.
-       */
-      session->security_parameters.timestamp = time (NULL);
-
-      /* Generate random data
-       */
-      MHD_gtls_tls_create_random (rnd);
-      MHD_gtls_set_client_random (session, rnd);
-
-      memcpy (&data[pos], rnd, TLS_RANDOM_SIZE);
-      pos += TLS_RANDOM_SIZE;
-
-      /* Copy the Session ID       */
-      data[pos++] = session_id_len;
-
-      if (session_id_len > 0)
-        {
-          memcpy (&data[pos], SessionID, session_id_len);
-          pos += session_id_len;
-        }
-
-
-      /* Copy the ciphersuites.
-       */
-      extdatalen =
-        MHD__gnutls_copy_ciphersuites (session, extdata, sizeof (extdata));
-      if (extdatalen > 0)
-        {
-          datalen += extdatalen;
-          data = MHD_gtls_realloc_fast (data, datalen);
-          if (data == NULL)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-          memcpy (&data[pos], extdata, extdatalen);
-          pos += extdatalen;
-
-        }
-      else
-        {
-          if (extdatalen == 0)
-            extdatalen = GNUTLS_E_INTERNAL_ERROR;
-          MHD_gnutls_free (data);
-          MHD_gnutls_assert ();
-          return extdatalen;
-        }
-
-
-      /* Copy the compression methods.
-       */
-      extdatalen =
-        MHD__gnutls_copy_comp_methods (session, extdata, sizeof (extdata));
-      if (extdatalen > 0)
-        {
-          datalen += extdatalen;
-          data = MHD_gtls_realloc_fast (data, datalen);
-          if (data == NULL)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_MEMORY_ERROR;
-            }
-
-          memcpy (&data[pos], extdata, extdatalen);
-          pos += extdatalen;
-
-        }
-      else
-        {
-          if (extdatalen == 0)
-            extdatalen = GNUTLS_E_INTERNAL_ERROR;
-          MHD_gnutls_free (data);
-          MHD_gnutls_assert ();
-          return extdatalen;
-        }
-
-      /* Generate and copy TLS extensions.
-       */
-      if (hver >= MHD_GNUTLS_PROTOCOL_TLS1_0)
-        {
-          extdatalen =
-            MHD_gtls_gen_extensions (session, extdata, sizeof (extdata));
-
-          if (extdatalen > 0)
-            {
-              datalen += extdatalen;
-              data = MHD_gtls_realloc_fast (data, datalen);
-              if (data == NULL)
-                {
-                  MHD_gnutls_assert ();
-                  return GNUTLS_E_MEMORY_ERROR;
-                }
-
-              memcpy (&data[pos], extdata, extdatalen);
-            }
-          else if (extdatalen < 0)
-            {
-              MHD_gnutls_assert ();
-              MHD_gnutls_free (data);
-              return extdatalen;
-            }
-        }
-    }
-
-  ret =
-    MHD_gtls_send_handshake (session, data, datalen,
-                             GNUTLS_HANDSHAKE_CLIENT_HELLO);
-  MHD_gnutls_free (data);
-
-  return ret;
-}
-#endif
-
-static int
-MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
-{
-  opaque *data = NULL;
-  opaque extdata[MAX_EXT_DATA_LENGTH];
-  int extdatalen;
-  int pos = 0;
-  int datalen, ret = 0;
-  uint8_t comp;
-  opaque *SessionID = session->security_parameters.session_id;
-  uint8_t session_id_len = session->security_parameters.session_id_size;
-  opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
-
-  if (SessionID == NULL)
-    session_id_len = 0;
-
-  datalen = 0;
-
-  if (again == 0)
-    {
-      datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
-      extdatalen =
-        MHD_gtls_gen_extensions (session, extdata, sizeof (extdata));
-
-      if (extdatalen < 0)
-        {
-          MHD_gnutls_assert ();
-          return extdatalen;
-        }
-
-      data = MHD_gnutls_alloca (datalen + extdatalen);
-      if (data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      data[pos++] =
-        MHD_gtls_version_get_major (session->security_parameters.version);
-      data[pos++] =
-        MHD_gtls_version_get_minor (session->security_parameters.version);
-
-      memcpy (&data[pos],
-              session->security_parameters.server_random, TLS_RANDOM_SIZE);
-      pos += TLS_RANDOM_SIZE;
-
-      data[pos++] = session_id_len;
-      if (session_id_len > 0)
-        {
-          memcpy (&data[pos], SessionID, session_id_len);
-        }
-      pos += session_id_len;
-
-      MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
-                                 MHD_gtls_bin2hex (SessionID, session_id_len,
-                                                   (char *) buf,
-                                                   sizeof (buf)));
-
-      memcpy (&data[pos],
-              session->security_parameters.current_cipher_suite.suite, 2);
-      pos += 2;
-
-      comp =
-        (uint8_t) MHD_gtls_compression_get_num (session->
-                                                internals.compression_method);
-      data[pos++] = comp;
-
-
-      if (extdatalen > 0)
-        {
-          datalen += extdatalen;
-
-          memcpy (&data[pos], extdata, extdatalen);
-        }
-    }
-
-  ret =
-    MHD_gtls_send_handshake (session, data, datalen,
-                             GNUTLS_HANDSHAKE_SERVER_HELLO);
-  MHD_gnutls_afree (data);
-
-  return ret;
-}
-
-int
-MHD_gtls_send_hello (MHD_gtls_session_t session, int again)
-{
-  int ret;
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      ret = MHD__gnutls_send_client_hello (session, again);
-
-    }
-  else
-#endif
-    {                           /* SERVER */
-      ret = MHD__gnutls_send_server_hello (session, again);
-    }
-
-  return ret;
-}
-
-/* RECEIVE A HELLO MESSAGE. This should be called from MHD_gnutls_recv_handshake_int only if a
- * hello message is expected. It uses the security_parameters.current_cipher_suite
- * and internals.compression_method.
- */
-int
-MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data, int datalen)
-{
-  int ret;
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      ret = MHD__gnutls_read_server_hello (session, data, datalen);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-  else
-#endif
-    {                           /* Server side reading a client hello */
-
-      ret = MHD__gnutls_read_client_hello (session, data, datalen);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-
-  return ret;
-}
-
-/* The packets in MHD__gnutls_handshake (it's more broad than original TLS handshake)
- *
- *     Client                                               Server
- *
- *     ClientHello                  -------->
- *                                  <--------         ServerHello
- *
- *                                                    Certificate*
- *                                              ServerKeyExchange*
- *                                  <--------   CertificateRequest*
- *
- *                                  <--------      ServerHelloDone
- *     Certificate*
- *     ClientKeyExchange
- *     CertificateVerify*
- *     [ChangeCipherSpec]
- *     Finished                     -------->
- *                                              [ChangeCipherSpec]
- *                                  <--------             Finished
- *
- * (*): means optional packet.
- */
-
-/**
-  * MHD__gnutls_rehandshake - This function will renegotiate security parameters
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function will renegotiate security parameters with the
-  * client.  This should only be called in case of a server.
-  *
-  * This message informs the peer that we want to renegotiate
-  * parameters (perform a handshake).
-  *
-  * If this function succeeds (returns 0), you must call the
-  * MHD__gnutls_handshake() function in order to negotiate the new
-  * parameters.
-  *
-  * If the client does not wish to renegotiate parameters he will
-  * should with an alert message, thus the return code will be
-  * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be
-  * %GNUTLS_A_NO_RENEGOTIATION.  A client may also choose to ignore
-  * this message.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
-  *
-  **/
-int
-MHD__gnutls_rehandshake (MHD_gtls_session_t session)
-{
-  int ret;
-
-  ret =
-    MHD__gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
-                                      AGAIN (STATE50));
-  STATE = STATE50;
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  STATE = STATE0;
-
-  return 0;
-}
-
-inline static int
-MHD__gnutls_abort_handshake (MHD_gtls_session_t session, int ret)
-{
-  if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
-       (MHD_gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION))
-      || ret == GNUTLS_E_GOT_APPLICATION_DATA)
-    return 0;
-
-  /* this doesn't matter */
-  return GNUTLS_E_INTERNAL_ERROR;
-}
-
-/* This function initialized the handshake hash session.
- * required for finished messages.
- */
-inline static int
-MHD__gnutls_handshake_hash_init (MHD_gtls_session_t session)
-{
-
-  if (session->internals.handshake_mac_handle_md5 == NULL)
-    {
-      session->internals.handshake_mac_handle_md5 =
-        MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
-
-      if (session->internals.handshake_mac_handle_md5 == GNUTLS_HASH_FAILED)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-    }
-
-  if (session->internals.handshake_mac_handle_sha == NULL)
-    {
-      session->internals.handshake_mac_handle_sha =
-        MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-      if (session->internals.handshake_mac_handle_sha == GNUTLS_HASH_FAILED)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-    }
-
-  return 0;
-}
-
-static int
-MHD__gnutls_send_supplemental (MHD_gtls_session_t session, int again)
-{
-  int ret = 0;
-
-  MHD__gnutls_debug_log ("EXT[%x]: Sending supplemental data\n", session);
-
-  if (again)
-    ret = MHD_gtls_send_handshake (session, NULL, 0,
-                                   GNUTLS_HANDSHAKE_SUPPLEMENTAL);
-  else
-    {
-      MHD_gtls_buffer buf;
-      MHD_gtls_buffer_init (&buf);
-
-      ret = MHD__gnutls_gen_supplemental (session, &buf);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      ret = MHD_gtls_send_handshake (session, buf.data, buf.length,
-                                     GNUTLS_HANDSHAKE_SUPPLEMENTAL);
-      MHD_gtls_buffer_clear (&buf);
-    }
-
-  return ret;
-}
-
-static int
-MHD__gnutls_recv_supplemental (MHD_gtls_session_t session)
-{
-  uint8_t *data = NULL;
-  int datalen = 0;
-  int ret;
-
-  MHD__gnutls_debug_log ("EXT[%x]: Expecting supplemental data\n", session);
-
-  ret = MHD_gtls_recv_handshake (session, &data, &datalen,
-                                 GNUTLS_HANDSHAKE_SUPPLEMENTAL,
-                                 OPTIONAL_PACKET);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = MHD__gnutls_parse_supplemental (session, data, datalen);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD_gnutls_free (data);
-
-  return ret;
-}
-
-/**
-  * MHD__gnutls_handshake - This is the main function in the handshake protocol.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function does the handshake of the TLS/SSL protocol, and
-  * initializes the TLS connection.
-  *
-  * This function will fail if any problem is encountered, and will
-  * return a negative error code. In case of a client, if the client
-  * has asked to resume a session, but the server couldn't, then a
-  * full handshake will be performed.
-  *
-  * The non-fatal errors such as %GNUTLS_E_AGAIN and
-  * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
-  * should be later be resumed.  Call this function again, until it
-  * returns 0; cf.  MHD__gnutls_record_get_direction() and
-  * MHD_gtls_error_is_fatal().
-  *
-  * If this function is called by a server after a rehandshake request
-  * then %GNUTLS_E_GOT_APPLICATION_DATA or
-  * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned.  Note that these
-  * are non fatal errors, only in the specific case of a rehandshake.
-  * Their meaning is that the client rejected the rehandshake request.
-  *
-  * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
-  *
-  **/
-int
-MHD__gnutls_handshake (MHD_gtls_session_t session)
-{
-  int ret;
-
-  if ((ret = MHD__gnutls_handshake_hash_init (session)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    {
-      ret = MHD_gtls_handshake_client (session);
-    }
-  else
-#endif
-    {
-      ret = MHD_gtls_handshake_server (session);
-    }
-
-  if (ret < 0)
-    {
-      /* In the case of a rehandshake abort
-       * we should reset the handshake's internal state.
-       */
-      if (MHD__gnutls_abort_handshake (session, ret) == 0)
-        STATE = STATE0;
-
-      return ret;
-    }
-
-  ret = MHD_gtls_handshake_common (session);
-
-  if (ret < 0)
-    {
-      if (MHD__gnutls_abort_handshake (session, ret) == 0)
-        STATE = STATE0;
-
-      return ret;
-    }
-
-  STATE = STATE0;
-
-  MHD__gnutls_handshake_io_buffer_clear (session);
-  MHD_gtls_handshake_internal_state_clear (session);
-
-  return 0;
-}
-
-#define IMED_RET( str, ret) do { \
-	if (ret < 0) { \
-		if (MHD_gtls_error_is_fatal(ret)==0) return ret; \
-		MHD_gnutls_assert(); \
-		ERR( str, ret); \
-		MHD__gnutls_handshake_hash_buffers_clear(session); \
-		return ret; \
-	} } while (0)
-
-
-#if MHD_DEBUG_TLS
-/*
- * MHD_gtls_handshake_client
- * This function performs the client side of the handshake of the TLS/SSL protocol.
- */
-static int
-MHD_gtls_handshake_client (MHD_gtls_session_t session)
-{
-  int ret = 0;
-
-  switch (STATE)
-    {
-    case STATE0:
-    case STATE1:
-      ret = MHD_gtls_send_hello (session, AGAIN (STATE1));
-      STATE = STATE1;
-      IMED_RET ("send hello", ret);
-
-    case STATE2:
-      /* receive the server hello */
-      ret =
-        MHD_gtls_recv_handshake (session, NULL, NULL,
-                                 GNUTLS_HANDSHAKE_SERVER_HELLO,
-                                 MANDATORY_PACKET);
-      STATE = STATE2;
-      IMED_RET ("recv hello", ret);
-
-    case STATE70:
-      if (session->security_parameters.extensions.do_recv_supplemental)
-        {
-          ret = MHD__gnutls_recv_supplemental (session);
-          STATE = STATE70;
-          IMED_RET ("recv supplemental", ret);
-        }
-
-    case STATE3:
-      /* RECV CERTIFICATE */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_recv_server_certificate (session);
-      STATE = STATE3;
-      IMED_RET ("recv server certificate", ret);
-
-    case STATE4:
-      /* receive the server key exchange */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_recv_server_kx_message (session);
-      STATE = STATE4;
-      IMED_RET ("recv server kx message", ret);
-
-    case STATE5:
-      /* receive the server certificate request - if any
-       */
-
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_recv_server_certificate_request (session);
-      STATE = STATE5;
-      IMED_RET ("recv server certificate request message", ret);
-
-    case STATE6:
-      /* receive the server hello done */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret =
-          MHD_gtls_recv_handshake (session, NULL, NULL,
-                                   GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
-                                   MANDATORY_PACKET);
-      STATE = STATE6;
-      IMED_RET ("recv server hello done", ret);
-
-    case STATE71:
-      if (session->security_parameters.extensions.do_send_supplemental)
-        {
-          ret = MHD__gnutls_send_supplemental (session, AGAIN (STATE71));
-          STATE = STATE71;
-          IMED_RET ("send supplemental", ret);
-        }
-
-    case STATE7:
-      /* send our certificate - if any and if requested
-       */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_send_client_certificate (session, AGAIN (STATE7));
-      STATE = STATE7;
-      IMED_RET ("send client certificate", ret);
-
-    case STATE8:
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_send_client_kx_message (session, AGAIN (STATE8));
-      STATE = STATE8;
-      IMED_RET ("send client kx", ret);
-
-    case STATE9:
-      /* send client certificate verify */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret =
-          MHD_gtls_send_client_certificate_verify (session, AGAIN (STATE9));
-      STATE = STATE9;
-      IMED_RET ("send client certificate verify", ret);
-
-      STATE = STATE0;
-    default:
-      break;
-    }
-
-
-  return 0;
-}
-#endif
-
-/* This function sends the final handshake packets and initializes connection
- */
-static int
-MHD__gnutls_send_handshake_final (MHD_gtls_session_t session, int init)
-{
-  int ret = 0;
-
-  /* Send the CHANGE CIPHER SPEC PACKET */
-
-  switch (STATE)
-    {
-    case STATE0:
-    case STATE20:
-      ret = MHD_gtls_send_change_cipher_spec (session, AGAIN (STATE20));
-      STATE = STATE20;
-      if (ret < 0)
-        {
-          ERR ("send ChangeCipherSpec", ret);
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      /* Initialize the connection session (start encryption) - in case of client
-       */
-      if (init == TRUE)
-        {
-          ret = MHD_gtls_connection_state_init (session);
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-        }
-
-      ret = MHD_gtls_write_connection_state_init (session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    case STATE21:
-      /* send the finished message */
-      ret = MHD__gnutls_send_finished (session, AGAIN (STATE21));
-      STATE = STATE21;
-      if (ret < 0)
-        {
-          ERR ("send Finished", ret);
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      STATE = STATE0;
-    default:
-      break;
-    }
-
-  return 0;
-}
-
-/* This function receives the final handshake packets
- * And executes the appropriate function to initialize the
- * read session.
- */
-static int
-MHD__gnutls_recv_handshake_final (MHD_gtls_session_t session, int init)
-{
-  int ret = 0;
-  uint8_t ch;
-
-  switch (STATE)
-    {
-    case STATE0:
-    case STATE30:
-      ret =
-        MHD_gtls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1);
-      STATE = STATE30;
-      if (ret <= 0)
-        {
-          ERR ("recv ChangeCipherSpec", ret);
-          MHD_gnutls_assert ();
-          return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-
-      /* Initialize the connection session (start encryption) - in case of server */
-      if (init == TRUE)
-        {
-          ret = MHD_gtls_connection_state_init (session);
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-        }
-
-      ret = MHD_gtls_read_connection_state_init (session);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    case STATE31:
-      ret = MHD__gnutls_recv_finished (session);
-      STATE = STATE31;
-      if (ret < 0)
-        {
-          ERR ("recv finished", ret);
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      STATE = STATE0;
-    default:
-      break;
-    }
-
-
-  return 0;
-}
-
- /*
-  * MHD_gtls_handshake_server
-  * This function does the server stuff of the handshake protocol.
-  */
-
-static int
-MHD_gtls_handshake_server (MHD_gtls_session_t session)
-{
-  int ret = 0;
-
-  switch (STATE)
-    {
-    case STATE0:
-    case STATE1:
-      ret =
-        MHD_gtls_recv_handshake (session, NULL, NULL,
-                                 GNUTLS_HANDSHAKE_CLIENT_HELLO,
-                                 MANDATORY_PACKET);
-      STATE = STATE1;
-      IMED_RET ("recv hello", ret);
-
-    case STATE2:
-      ret = MHD_gtls_send_hello (session, AGAIN (STATE2));
-      STATE = STATE2;
-      IMED_RET ("send hello", ret);
-
-    case STATE70:
-      if (session->security_parameters.extensions.do_send_supplemental)
-        {
-          ret = MHD__gnutls_send_supplemental (session, AGAIN (STATE70));
-          STATE = STATE70;
-          IMED_RET ("send supplemental data", ret);
-        }
-
-      /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
-    case STATE3:
-      /* NOTE: these should not be send if we are resuming */
-
-      if (session->internals.resumed == RESUME_FALSE)
-        ret = MHD_gtls_send_server_certificate (session, AGAIN (STATE3));
-      STATE = STATE3;
-      IMED_RET ("send server certificate", ret);
-
-    case STATE4:
-      /* send server key exchange (A) */
-      if (session->internals.resumed == RESUME_FALSE)
-        ret = MHD_gtls_send_server_kx_message (session, AGAIN (STATE4));
-      STATE = STATE4;
-      IMED_RET ("send server kx", ret);
-
-    case STATE5:
-      /* Send certificate request - if requested to */
-      if (session->internals.resumed == RESUME_FALSE)
-        ret =
-          MHD_gtls_send_server_certificate_request (session, AGAIN (STATE5));
-      STATE = STATE5;
-      IMED_RET ("send server cert request", ret);
-
-    case STATE6:
-      /* send the server hello done */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret =
-          MHD__gnutls_send_empty_handshake (session,
-                                            GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
-                                            AGAIN (STATE6));
-      STATE = STATE6;
-      IMED_RET ("send server hello done", ret);
-
-    case STATE71:
-      if (session->security_parameters.extensions.do_recv_supplemental)
-        {
-          ret = MHD__gnutls_recv_supplemental (session);
-          STATE = STATE71;
-          IMED_RET ("recv client supplemental", ret);
-        }
-
-      /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
-    case STATE7:
-      /* receive the client certificate message */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_recv_client_certificate (session);
-      STATE = STATE7;
-      IMED_RET ("recv client certificate", ret);
-
-    case STATE8:
-      /* receive the client key exchange message */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_recv_client_kx_message (session);
-      STATE = STATE8;
-      IMED_RET ("recv client kx", ret);
-
-    case STATE9:
-      /* receive the client certificate verify message */
-      if (session->internals.resumed == RESUME_FALSE)   /* if we are not resuming */
-        ret = MHD_gtls_recv_client_certificate_verify_message (session);
-      STATE = STATE9;
-      IMED_RET ("recv client certificate verify", ret);
-
-      STATE = STATE0;           /* finished thus clear session */
-    default:
-      break;
-    }
-
-  return 0;
-}
-
-static int
-MHD_gtls_handshake_common (MHD_gtls_session_t session)
-{
-  int ret = 0;
-
-  /* send and recv the change cipher spec and finished messages */
-  if ((session->internals.resumed == RESUME_TRUE
-       && session->security_parameters.entity == GNUTLS_CLIENT)
-      || (session->internals.resumed == RESUME_FALSE
-          && session->security_parameters.entity == GNUTLS_SERVER))
-    {
-      /* if we are a client resuming - or we are a server not resuming */
-
-      ret = MHD__gnutls_recv_handshake_final (session, TRUE);
-      IMED_RET ("recv handshake final", ret);
-
-      ret = MHD__gnutls_send_handshake_final (session, FALSE);
-      IMED_RET ("send handshake final", ret);
-    }
-  else
-    {                           /* if we are a client not resuming - or we are a server resuming */
-
-      ret = MHD__gnutls_send_handshake_final (session, TRUE);
-      IMED_RET ("send handshake final 2", ret);
-
-      ret = MHD__gnutls_recv_handshake_final (session, FALSE);
-      IMED_RET ("recv handshake final 2", ret);
-    }
-
-  /* clear handshake buffer */
-  MHD__gnutls_handshake_hash_buffers_clear (session);
-  return ret;
-
-}
-
-static int
-MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len)
-{
-  *len = TLS_MAX_SESSION_ID_SIZE;
-
-  if (MHD_gc_nonce ((char *) session_id, *len) != GC_OK)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_RANDOM_FAILED;
-    }
-
-  return 0;
-}
-
-int
-MHD_gtls_recv_hello_request (MHD_gtls_session_t session, void *data,
-                             uint32_t data_size)
-{
-  uint8_t type;
-
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET;
-    }
-  if (data_size < 1)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-  type = ((uint8_t *) data)[0];
-  if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
-    return GNUTLS_E_REHANDSHAKE;
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET;
-    }
-}
-
-/* Returns 1 if the given KX has not the corresponding parameters
- * (DH or RSA) set up. Otherwise returns 0.
- */
-inline static int
-check_server_params (MHD_gtls_session_t session,
-                     enum MHD_GNUTLS_KeyExchangeAlgorithm kx,
-                     enum MHD_GNUTLS_KeyExchangeAlgorithm *alg, int alg_size)
-{
-  int cred_type;
-  MHD_gtls_dh_params_t dh_params = NULL;
-  MHD_gtls_rsa_params_t rsa_params = NULL;
-  int j;
-
-  cred_type = MHD_gtls_map_kx_get_cred (kx, 1);
-
-  /* Read the Diffie Hellman parameters, if any.
-   */
-  if (cred_type == MHD_GNUTLS_CRD_CERTIFICATE)
-    {
-      int delete;
-      MHD_gtls_cert_credentials_t x509_cred =
-        (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
-                                                         cred_type, NULL);
-
-      if (x509_cred != NULL)
-        {
-          dh_params =
-            MHD_gtls_get_dh_params (x509_cred->dh_params,
-                                    x509_cred->params_func, session);
-          rsa_params =
-            MHD_gtls_certificate_get_rsa_params (x509_cred->rsa_params,
-                                                 x509_cred->params_func,
-                                                 session);
-        }
-
-      /* Check also if the certificate supports the
-       * KX method.
-       */
-      delete = 1;
-      for (j = 0; j < alg_size; j++)
-        {
-          if (alg[j] == kx)
-            {
-              delete = 0;
-              break;
-            }
-        }
-
-      if (delete == 1)
-        return 1;
-
-    }
-  else
-    return 0;                   /* no need for params */
-
-
-  /* If the key exchange method needs RSA or DH params,
-   * but they are not set then remove it.
-   */
-  if (MHD_gtls_kx_needs_rsa_params (kx) != 0)
-    {
-      /* needs rsa params. */
-      if (MHD__gnutls_rsa_params_to_mpi (rsa_params) == NULL)
-        {
-          MHD_gnutls_assert ();
-          return 1;
-        }
-    }
-
-  if (MHD_gtls_kx_needs_dh_params (kx) != 0)
-    {
-      /* needs DH params. */
-      if (MHD_gtls_dh_params_to_mpi (dh_params) == NULL)
-        {
-          MHD_gnutls_assert ();
-          return 1;
-        }
-    }
-
-  return 0;
-}
-
-/* This function will remove algorithms that are not supported by
- * the requested authentication method. We remove an algorithm if
- * we have a certificate with keyUsage bits set.
- *
- * This does a more high level check than  MHD_gnutls_supported_ciphersuites(),
- * by checking certificates etc.
- */
-static int
-MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
-                                       cipher_suite_st ** cipherSuites,
-                                       int numCipherSuites,
-                                       enum MHD_GNUTLS_PublicKeyAlgorithm
-                                       requested_pk_algo)
-{
-
-  int ret = 0;
-  cipher_suite_st *newSuite, cs;
-  int newSuiteSize = 0, i;
-  MHD_gtls_cert_credentials_t cert_cred;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kx;
-  int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm *alg = NULL;
-  int alg_size = 0;
-
-  /* if we should use a specific certificate,
-   * we should remove all algorithms that are not supported
-   * by that certificate and are on the same authentication
-   * method (CERTIFICATE).
-   */
-
-  cert_cred =
-    (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
-                                                     MHD_GNUTLS_CRD_CERTIFICATE,
-                                                     NULL);
-
-  /* If there are certificate credentials, find an appropriate certificate
-   * or disable them;
-   */
-  if (session->security_parameters.entity == GNUTLS_SERVER
-      && cert_cred != NULL)
-    {
-      ret = MHD_gtls_server_select_cert (session, requested_pk_algo);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD__gnutls_x509_log
-            ("Could not find an appropriate certificate: %s\n",
-             MHD_gtls_strerror (ret));
-          cert_cred = NULL;
-        }
-    }
-
-  /* get all the key exchange algorithms that are
-   * supported by the X509 certificate parameters.
-   */
-  if ((ret =
-       MHD_gtls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  newSuite = MHD_gnutls_malloc (numCipherSuites * sizeof (cipher_suite_st));
-  if (newSuite == NULL)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (alg);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  /* now removes ciphersuites based on the KX algorithm
-   */
-  for (i = 0; i < numCipherSuites; i++)
-    {
-      int delete = 0;
-
-      /* finds the key exchange algorithm in
-       * the ciphersuite
-       */
-      kx = MHD_gtls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]);
-
-      /* if it is defined but had no credentials
-       */
-      if (MHD_gtls_get_kx_cred (session, kx, NULL) == NULL)
-        {
-          delete = 1;
-        }
-      else
-        {
-          delete = 0;
-
-          if (server)
-            delete = check_server_params (session, kx, alg, alg_size);
-        }
-      memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
-
-      if (delete == 0)
-        {
-
-          MHD__gnutls_handshake_log ("HSK[%x]: Keeping ciphersuite: %s\n",
-                                     session,
-                                     MHD_gtls_cipher_suite_get_name (&cs));
-
-          memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2);
-          newSuiteSize++;
-        }
-      else
-        {
-          MHD__gnutls_handshake_log ("HSK[%x]: Removing ciphersuite: %s\n",
-                                     session,
-                                     MHD_gtls_cipher_suite_get_name (&cs));
-
-        }
-    }
-
-  MHD_gnutls_free (alg);
-  MHD_gnutls_free (*cipherSuites);
-  *cipherSuites = newSuite;
-
-  ret = newSuiteSize;
-
-  return ret;
-
-}
-
-enum MHD_GNUTLS_Protocol
-MHD_gtls_get_adv_version (MHD_gtls_session_t session)
-{
-  return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session),
-                               MHD__gnutls_get_adv_version_minor (session));
-}

src/daemon/https/tls/gnutls_handshake.h

@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-typedef enum Optional
-{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
-
-int MHD_gtls_send_handshake (MHD_gtls_session_t session, void *i_data,
-                             uint32_t i_datasize,
-                             MHD_gnutls_handshake_description_t type);
-int MHD_gtls_recv_hello_request (MHD_gtls_session_t session, void *data,
-                                 uint32_t data_size);
-int MHD_gtls_send_hello (MHD_gtls_session_t session, int again);
-int MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data,
-                         int datalen);
-int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *,
-                             MHD_gnutls_handshake_description_t,
-                             Optional optional);
-void
-MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session,
-                                             size_t max);
-
-#define STATE session->internals.handshake_state
-/* This returns true if we have got there
- * before (and not finished due to an interrupt).
- */
-#define AGAIN(target) STATE==target?1:0

src/daemon/https/tls/gnutls_hash_int.c

@@ -1,448 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2004, 2005, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file handles all the internal functions that cope with hashes
- * and HMACs.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_hash_int.h>
-#include <gnutls_errors.h>
-
-static inline Gc_hash
-MHD__gnutls_mac2gc (enum MHD_GNUTLS_HashAlgorithm mac)
-{
-  switch (mac)
-    {
-    case MHD_GNUTLS_MAC_NULL:
-      return -1;
-      break;
-    case MHD_GNUTLS_MAC_SHA1:
-      return GC_SHA1;
-      break;
-    case MHD_GNUTLS_MAC_SHA256:
-      return GC_SHA256;
-      break;
-    case MHD_GNUTLS_MAC_MD5:
-      return GC_MD5;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return -1;
-    }
-  return -1;
-}
-
-GNUTLS_HASH_HANDLE
-MHD_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  mac_hd_t ret;
-  int result;
-
-  ret = MHD_gnutls_malloc (sizeof (mac_hd_st));
-  if (ret == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_HASH_FAILED;
-    }
-
-  ret->algorithm = algorithm;
-
-  result = MHD_gc_hash_open (MHD__gnutls_mac2gc (algorithm), 0, &ret->handle);
-  if (result)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (ret);
-      ret = GNUTLS_HASH_FAILED;
-    }
-
-  return ret;
-}
-
-int
-MHD_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  int ret;
-
-  ret = MHD_gc_hash_digest_length (MHD__gnutls_mac2gc (algorithm));
-
-  return ret;
-
-}
-
-int
-MHD_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen)
-{
-  if (textlen > 0)
-    MHD_gc_hash_write (handle->handle, textlen, text);
-  return 0;
-}
-
-GNUTLS_HASH_HANDLE
-MHD_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle)
-{
-  GNUTLS_HASH_HANDLE ret;
-  int result;
-
-  ret = MHD_gnutls_malloc (sizeof (mac_hd_st));
-
-  if (ret == NULL)
-    return GNUTLS_HASH_FAILED;
-
-  ret->algorithm = handle->algorithm;
-  ret->key = NULL;              /* it's a hash anyway */
-  ret->keysize = 0;
-
-  result = MHD_gc_hash_clone (handle->handle, &ret->handle);
-
-  if (result)
-    {
-      MHD_gnutls_free (ret);
-      return GNUTLS_HASH_FAILED;
-    }
-
-  return ret;
-}
-
-void
-MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest)
-{
-  const opaque *mac;
-  int maclen;
-
-  maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm);
-
-  mac = (unsigned char *) MHD_gc_hash_read (handle->handle);
-  if (digest != NULL)
-    memcpy (digest, mac, maclen);
-
-  MHD_gc_hash_close (handle->handle);
-
-  MHD_gnutls_free (handle);
-}
-
-
-mac_hd_t
-MHD_gtls_MHD_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm,
-                        const void *key, int keylen)
-{
-  mac_hd_t ret;
-  int result;
-
-  ret = MHD_gnutls_malloc (sizeof (mac_hd_st));
-  if (ret == NULL)
-    return GNUTLS_MAC_FAILED;
-
-  result =
-    MHD_gc_hash_open (MHD__gnutls_mac2gc (algorithm), GC_HMAC, &ret->handle);
-  if (result)
-    {
-      MHD_gnutls_free (ret);
-      return GNUTLS_MAC_FAILED;
-    }
-
-  MHD_gc_hash_MHD_hmac_setkey (ret->handle, keylen, key);
-
-  ret->algorithm = algorithm;
-  ret->key = key;
-  ret->keysize = keylen;
-
-  return ret;
-}
-
-void
-MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest)
-{
-  const opaque *mac;
-  int maclen;
-
-  maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm);
-
-  mac = (unsigned char *) MHD_gc_hash_read (handle->handle);
-
-  if (digest != NULL)
-    memcpy (digest, mac, maclen);
-
-  MHD_gc_hash_close (handle->handle);
-
-  MHD_gnutls_free (handle);
-}
-
-inline static int
-get_padsize (enum MHD_GNUTLS_HashAlgorithm algorithm)
-{
-  switch (algorithm)
-    {
-    case MHD_GNUTLS_MAC_MD5:
-      return 48;
-    case MHD_GNUTLS_MAC_SHA1:
-      return 40;
-    default:
-      return 0;
-    }
-}
-
-mac_hd_t
-MHD_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm, void *key,
-                          int keylen)
-{
-  mac_hd_t ret;
-  opaque ipad[48];
-  int padsize;
-
-  padsize = get_padsize (algorithm);
-  if (padsize == 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_MAC_FAILED;
-    }
-
-  memset (ipad, 0x36, padsize);
-
-  ret = MHD_gtls_hash_init (algorithm);
-  if (ret != GNUTLS_HASH_FAILED)
-    {
-      ret->key = key;
-      ret->keysize = keylen;
-
-      if (keylen > 0)
-        MHD_gnutls_hash (ret, key, keylen);
-      MHD_gnutls_hash (ret, ipad, padsize);
-    }
-
-  return ret;
-}
-
-void
-MHD_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest)
-{
-  opaque ret[MAX_HASH_SIZE];
-  mac_hd_t td;
-  opaque opad[48];
-  int padsize;
-  int block;
-
-  padsize = get_padsize (handle->algorithm);
-  if (padsize == 0)
-    {
-      MHD_gnutls_assert ();
-      return;
-    }
-
-  memset (opad, 0x5C, padsize);
-
-  td = MHD_gtls_hash_init (handle->algorithm);
-  if (td != GNUTLS_MAC_FAILED)
-    {
-      if (handle->keysize > 0)
-        MHD_gnutls_hash (td, handle->key, handle->keysize);
-
-      MHD_gnutls_hash (td, opad, padsize);
-      block = MHD_gnutls_hash_get_algo_len (handle->algorithm);
-      MHD_gnutls_hash_deinit (handle, ret);     /* get the previous hash */
-      MHD_gnutls_hash (td, ret, block);
-
-      MHD_gnutls_hash_deinit (td, digest);
-    }
-}
-
-void
-MHD_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle,
-                                      void *digest, opaque * key,
-                                      uint32_t key_size)
-{
-  opaque ret[MAX_HASH_SIZE];
-  mac_hd_t td;
-  opaque opad[48];
-  opaque ipad[48];
-  int padsize;
-  int block;
-
-  padsize = get_padsize (handle->algorithm);
-  if (padsize == 0)
-    {
-      MHD_gnutls_assert ();
-      return;
-    }
-
-  memset (opad, 0x5C, padsize);
-  memset (ipad, 0x36, padsize);
-
-  td = MHD_gtls_hash_init (handle->algorithm);
-  if (td != GNUTLS_HASH_FAILED)
-    {
-      if (key_size > 0)
-        MHD_gnutls_hash (td, key, key_size);
-
-      MHD_gnutls_hash (td, opad, padsize);
-      block = MHD_gnutls_hash_get_algo_len (handle->algorithm);
-
-      if (key_size > 0)
-        MHD_gnutls_hash (handle, key, key_size);
-      MHD_gnutls_hash (handle, ipad, padsize);
-      MHD_gnutls_hash_deinit (handle, ret);     /* get the previous hash */
-
-      MHD_gnutls_hash (td, ret, block);
-
-      MHD_gnutls_hash_deinit (td, digest);
-    }
-}
-
-static int
-ssl3_sha (int i, opaque * secret, int secret_len,
-          opaque * rnd, int rnd_len, void *digest)
-{
-  int j;
-  opaque text1[26];
-
-  GNUTLS_HASH_HANDLE td;
-
-  for (j = 0; j < i + 1; j++)
-    {
-      text1[j] = 65 + i;        /* A==65 */
-    }
-
-  td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-  if (td == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  MHD_gnutls_hash (td, text1, i + 1);
-  MHD_gnutls_hash (td, secret, secret_len);
-  MHD_gnutls_hash (td, rnd, rnd_len);
-
-  MHD_gnutls_hash_deinit (td, digest);
-  return 0;
-}
-
-static int
-ssl3_md5 (int i, opaque * secret, int secret_len,
-          opaque * rnd, int rnd_len, void *digest)
-{
-  opaque tmp[MAX_HASH_SIZE];
-  mac_hd_t td;
-  int ret;
-
-  td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
-  if (td == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  MHD_gnutls_hash (td, secret, secret_len);
-
-  ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_hash_deinit (td, digest);
-      return ret;
-    }
-
-  MHD_gnutls_hash (td, tmp,
-                   MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_SHA1));
-
-  MHD_gnutls_hash_deinit (td, digest);
-  return 0;
-}
-
-int
-MHD_gnutls_ssl3_hash_md5 (void *first, int first_len,
-                          void *second, int second_len, int ret_len,
-                          opaque * ret)
-{
-  opaque digest[MAX_HASH_SIZE];
-  mac_hd_t td;
-  int block = MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5);
-
-  td = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
-  if (td == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  MHD_gnutls_hash (td, first, first_len);
-  MHD_gnutls_hash (td, second, second_len);
-
-  MHD_gnutls_hash_deinit (td, digest);
-
-  if (ret_len > block)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  memcpy (ret, digest, ret_len);
-
-  return 0;
-
-}
-
-int
-MHD_gnutls_ssl3_generate_random (void *secret, int secret_len,
-                                 void *rnd, int rnd_len,
-                                 int ret_bytes, opaque * ret)
-{
-  int i = 0, copy, output_bytes;
-  opaque digest[MAX_HASH_SIZE];
-  int block = MHD_gnutls_hash_get_algo_len (MHD_GNUTLS_MAC_MD5);
-  int result, times;
-
-  output_bytes = 0;
-  do
-    {
-      output_bytes += block;
-    }
-  while (output_bytes < ret_bytes);
-
-  times = output_bytes / block;
-
-  for (i = 0; i < times; i++)
-    {
-
-      result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
-      if (result < 0)
-        {
-          MHD_gnutls_assert ();
-          return result;
-        }
-
-      if ((1 + i) * block < ret_bytes)
-        {
-          copy = block;
-        }
-      else
-        {
-          copy = ret_bytes - (i) * block;
-        }
-
-      memcpy (&ret[i * block], digest, copy);
-    }
-
-  return 0;
-}

src/daemon/https/tls/gnutls_hash_int.h

@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_HASH_INT_H
-# define GNUTLS_HASH_INT_H
-
-#include <gnutls_int.h>
-
-/* for message digests */
-
-typedef struct
-{
-  MHD_gc_hash_handle handle;
-  enum MHD_GNUTLS_HashAlgorithm algorithm;
-  const void *key;
-  int keysize;
-} mac_hd_st;
-typedef mac_hd_st *mac_hd_t;
-typedef mac_hd_t GNUTLS_HASH_HANDLE;
-
-#define GNUTLS_HASH_FAILED NULL
-#define GNUTLS_MAC_FAILED NULL
-
-mac_hd_t MHD_gtls_MHD_hmac_init (enum MHD_GNUTLS_HashAlgorithm algorithm,
-                                 const void *key, int keylen);
-
-void MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest);
-
-mac_hd_t MHD_gnutls_mac_init_ssl3 (enum MHD_GNUTLS_HashAlgorithm algorithm,
-                                   void *key, int keylen);
-void MHD_gnutls_mac_deinit_ssl3 (mac_hd_t handle, void *digest);
-
-GNUTLS_HASH_HANDLE MHD_gtls_hash_init (enum MHD_GNUTLS_HashAlgorithm
-                                       algorithm);
-int MHD_gnutls_hash_get_algo_len (enum MHD_GNUTLS_HashAlgorithm algorithm);
-int MHD_gnutls_hash (GNUTLS_HASH_HANDLE handle, const void *text,
-                     size_t textlen);
-void MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest);
-
-int MHD_gnutls_ssl3_generate_random (void *secret, int secret_len,
-                                     void *rnd, int random_len, int bytes,
-                                     opaque * ret);
-int MHD_gnutls_ssl3_hash_md5 (void *first, int first_len, void *second,
-                              int second_len, int ret_len, opaque * ret);
-
-void MHD_gnutls_mac_deinit_ssl3_handshake (mac_hd_t handle, void *digest,
-                                           opaque * key, uint32_t key_size);
-
-GNUTLS_HASH_HANDLE MHD_gnutls_hash_copy (GNUTLS_HASH_HANDLE handle);
-
-#endif /* GNUTLS_HASH_INT_H */

src/daemon/https/tls/gnutls_int.h

@@ -1,642 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_INT_H
-#define GNUTLS_INT_H
-
-#include <defines.h>
-
-#include "gnutls.h"
-#include "microhttpd.h"
-
-#include "gnutls_mem.h"
-
-/* FIXME: delete this once opencdk has reentrant keyring functions
- */
-#define KEYRING_HACK
-
-#ifndef MAX
-#define MAX(X,Y) ((X) > (Y) ? (X) : (Y))
-#endif
-
-#define MAX32 4294967295
-#define MAX24 16777215
-#define MAX16 65535
-
-/* The size of a handshake message should not
- * be larger than this value.
- */
-#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
-
-#define TLS_RANDOM_SIZE 32
-#define TLS_MAX_SESSION_ID_SIZE 32
-#define TLS_MASTER_SIZE 48
-
-/* The maximum digest size of hash algorithms.
- */
-#define MAX_HASH_SIZE 64
-
-#define MAX_LOG_SIZE 1024       /* maximum size of log message */
-#define MAX_SERVER_NAME_SIZE 128
-
-/* we can receive up to MAX_EXT_TYPES extensions.
- */
-#define MAX_EXT_TYPES 64
-
-/* The initial size of the receive
- * buffer size. This will grow if larger
- * packets are received.
- */
-#define INITIAL_RECV_BUFFER_SIZE 256
-
-/* the default for TCP */
-#define DEFAULT_LOWAT 1
-
-/* expire time for resuming sessions */
-#define DEFAULT_EXPIRE_TIME 3600
-
-/* the maximum size of encrypted packets */
-#define DEFAULT_MAX_RECORD_SIZE 16384
-#define RECORD_HEADER_SIZE 5
-#define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
-#define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size
-#define MAX_PAD_SIZE 255
-#define EXTRA_COMP_SIZE 2048
-#define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE
-#define MAX_RECV_SIZE MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE
-
-#define HANDSHAKE_HEADER_SIZE 4
-
-/* defaults for verification functions
- */
-#define DEFAULT_VERIFY_DEPTH 32
-#define DEFAULT_VERIFY_BITS 16*1024
-
-#define DECR_LEN(len, x) do { len-=x; if (len<0) {MHD_gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
-#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {MHD_gnutls_assert(); return RET;} } while (0)
-#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {MHD_gnutls_assert(); COM;} } while (0)
-
-#define HASH2MAC(x) ((enum MHD_GNUTLS_HashAlgorithm)x)
-
-/* TODO rm */
-/* Additional cast to bring void* to a type castable to int. */
-#define GNUTLS_POINTER_TO_INT_CAST (long)
-
-#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
-#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
-
-typedef unsigned char opaque;
-typedef struct
-{
-  opaque pint[3];
-} uint24;
-
-#include <gnutls_mpi.h>
-
-typedef enum change_cipher_spec_t
-{
-  GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
-} change_cipher_spec_t;
-
-typedef enum handshake_state_t
-{
-  STATE0 = 0, STATE1, STATE2,
-  STATE3, STATE4, STATE5,
-  STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21,
-  STATE30 = 30, STATE31, STATE50 = 50, STATE60 = 60, STATE61, STATE62,
-  STATE70, STATE71
-} handshake_state_t;
-
-#include <gnutls_str.h>
-
-typedef MHD_gtls_string MHD_gtls_buffer;
-
-#define MHD_gtls_buffer_init(buf) MHD_gtls_string_init(buf, MHD_gnutls_malloc, MHD_gnutls_realloc, MHD_gnutls_free);
-#define MHD_gtls_buffer_clear MHD_gtls_string_clear
-#define MHD_gtls_buffer_append MHD_gtls_string_append_data
-
-/* This is the maximum number of algorithms (ciphers or macs etc).
- * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h
- */
-#define MAX_ALGOS 16
-
-#define MAX_CIPHERSUITES 256
-
-typedef enum extensions_t
-{ GNUTLS_EXTENSION_SERVER_NAME = 0,
-  GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
-  GNUTLS_EXTENSION_CERT_TYPE = 9,
-  GNUTLS_EXTENSION_SRP = 12,
-  GNUTLS_EXTENSION_INNER_APPLICATION = 37703
-} extensions_t;
-
-typedef enum
-{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
-
-typedef enum valid_session_t
-{ VALID_TRUE, VALID_FALSE } valid_session_t;
-typedef enum resumable_session_t
-{ RESUME_TRUE,
-  RESUME_FALSE
-} resumable_session_t;
-
-/* Record Protocol */
-typedef enum content_type_t
-{
-  GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
-  GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
-  GNUTLS_INNER_APPLICATION = 24
-} content_type_t;
-
-#define GNUTLS_PK_ANY (enum MHD_GNUTLS_PublicKeyAlgorithm)-1
-#define GNUTLS_PK_NONE (enum MHD_GNUTLS_PublicKeyAlgorithm)-2
-
-/* STATE (stop) */
-
-typedef void (*LOG_FUNC) (int, const char *);
-
-/* Store & Retrieve functions defines:  */
-typedef struct MHD_gtls_auth_cred_st
-{
-  enum MHD_GNUTLS_CredentialsType algorithm;
-
-  /* the type of credentials depends on algorithm
-   */
-  void *credentials;
-  struct MHD_gtls_auth_cred_st *next;
-} auth_cred_st;
-
-struct MHD_gtls_key
-{
-  /* For DH KX */
-  MHD_gnutls_datum_t key;
-  mpi_t KEY;
-  mpi_t client_Y;
-  mpi_t client_g;
-  mpi_t client_p;
-  mpi_t dh_secret;
-  /* for SRP */
-  mpi_t A;
-  mpi_t B;
-  mpi_t u;
-  mpi_t b;
-  mpi_t a;
-  mpi_t x;
-  /* RSA: e, m
-   */
-  mpi_t rsa[2];
-
-  /* this is used to hold the peers authentication data
-   */
-  /* auth_info_t structures SHOULD NOT contain malloced
-   * elements. Check MHD_gnutls_session_pack.c, and MHD_gnutls_auth.c.
-   * Rememember that this should be calloced!
-   */
-  void *auth_info;
-  enum MHD_GNUTLS_CredentialsType auth_info_type;
-  int auth_info_size;           /* needed in order to store to db for restoring
-                                 */
-  uint8_t crypt_algo;
-
-  auth_cred_st *cred;           /* used to specify keys/certificates etc */
-
-  int certificate_requested;
-  /* some ciphersuites use this
-   * to provide client authentication.
-   * 1 if client auth was requested
-   * by the peer, 0 otherwise
-   *** In case of a server this
-   * holds 1 if we should wait
-   * for a client certificate verify
-   */
-};
-typedef struct MHD_gtls_key *MHD_gtls_key_st;
-
-/* STATE (cont) */
-#include <gnutls_hash_int.h>
-#include <gnutls_cipher_int.h>
-#include <gnutls_cert.h>
-
-typedef struct
-{
-  uint8_t suite[2];
-} cipher_suite_st;
-
-/* This structure holds parameters got from TLS extension
- * mechanism. (some extensions may hold parameters in auth_info_t
- * structures also - see SRP).
- */
-typedef struct
-{
-  opaque name[MAX_SERVER_NAME_SIZE];
-  unsigned name_length;
-  MHD_gnutls_server_name_type_t type;
-} server_name_st;
-
-#define MAX_SERVER_NAME_EXTENSIONS 3
-typedef struct
-{
-  server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
-  /* limit server_name extensions */
-  unsigned server_names_size;
-
-  /* TLS/IA data. */
-  int MHD_gnutls_ia_enable, MHD_gnutls_ia_peer_enable;
-  int MHD_gnutls_ia_allowskip, MHD_gnutls_ia_peer_allowskip;
-
-  /* Used by extensions that enable supplemental data. */
-  int do_recv_supplemental, do_send_supplemental;
-
-} MHD_gtls_ext_st;
-
-/* This flag indicates for an extension whether
- * it is useful to application level or TLS level only.
- * This is used to parse the application level extensions
- * before the user_hello callback is called.
- */
-typedef enum tls_ext_parse_type_t
-{
-  EXTENSION_ANY,
-  EXTENSION_APPLICATION,
-  EXTENSION_TLS
-} MHD_gtls_ext_parse_type_t;
-
-/* auth_info_t structures now MAY contain malloced
- * elements.
- */
-
-/* This structure and auth_info_t, are stored in the resume database,
- * and are restored, in case of resume.
- * Holds all the required parameters to resume the current
- * session.
- */
-
-/* if you add anything in Security_Parameters struct, then
- * also modify CPY_COMMON in MHD_gnutls_constate.c
- */
-
-/* Note that the security parameters structure is set up after the
- * handshake has finished. The only value you may depend on while
- * the handshake is in progress is the cipher suite value.
- */
-typedef struct
-{
-  MHD_gnutls_connection_end_t entity;
-  enum MHD_GNUTLS_KeyExchangeAlgorithm kx_algorithm;
-  /* we've got separate write/read bulk/macs because
-   * there is a time in handshake where the peer has
-   * null cipher and we don't
-   */
-  enum MHD_GNUTLS_CipherAlgorithm read_bulk_cipher_algorithm;
-  enum MHD_GNUTLS_HashAlgorithm read_mac_algorithm;
-  enum MHD_GNUTLS_CompressionMethod read_compression_algorithm;
-
-  enum MHD_GNUTLS_CipherAlgorithm write_bulk_cipher_algorithm;
-  enum MHD_GNUTLS_HashAlgorithm write_mac_algorithm;
-  enum MHD_GNUTLS_CompressionMethod write_compression_algorithm;
-
-  /* this is the ciphersuite we are going to use
-   * moved here from internals in order to be restored
-   * on resume;
-   */
-  cipher_suite_st current_cipher_suite;
-  opaque master_secret[TLS_MASTER_SIZE];
-  opaque client_random[TLS_RANDOM_SIZE];
-  opaque server_random[TLS_RANDOM_SIZE];
-  opaque session_id[TLS_MAX_SESSION_ID_SIZE];
-  uint8_t session_id_size;
-  time_t timestamp;
-  MHD_gtls_ext_st extensions;
-
-  /* The send size is the one requested by the programmer.
-   * The recv size is the one negotiated with the peer.
-   */
-  uint16_t max_record_send_size;
-  uint16_t max_record_recv_size;
-  /* holds the negotiated certificate type */
-  enum MHD_GNUTLS_CertificateType cert_type;
-  enum MHD_GNUTLS_Protocol version;     /* moved here */
-  /* For TLS/IA.  XXX: Move to IA credential? */
-  opaque inner_secret[TLS_MASTER_SIZE];
-} MHD_gtls_security_param_st;
-
-/* This structure holds the generated keys
- */
-typedef struct
-{
-  MHD_gnutls_datum_t server_write_mac_secret;
-  MHD_gnutls_datum_t client_write_mac_secret;
-  MHD_gnutls_datum_t server_write_IV;
-  MHD_gnutls_datum_t client_write_IV;
-  MHD_gnutls_datum_t server_write_key;
-  MHD_gnutls_datum_t client_write_key;
-  int generated_keys;           /* zero if keys have not
-                                 * been generated. Non zero
-                                 * otherwise.
-                                 */
-} MHD_gtls_cipher_specs_st;
-
-typedef struct
-{
-  cipher_hd_t write_cipher_state;
-  cipher_hd_t read_cipher_state;
-  MHD_gnutls_datum_t read_mac_secret;
-  MHD_gnutls_datum_t write_mac_secret;
-  uint64 read_sequence_number;
-  uint64 write_sequence_number;
-} MHD_gtls_conn_stat_st;
-
-typedef struct
-{
-  unsigned int priority[MAX_ALGOS];
-  unsigned int num_algorithms;
-} MHD_gtls_priority_st;
-
-/* For the external api */
-struct MHD_gtls_priority_st
-{
-  MHD_gtls_priority_st cipher;
-  MHD_gtls_priority_st mac;
-  MHD_gtls_priority_st kx;
-  MHD_gtls_priority_st compression;
-  MHD_gtls_priority_st protocol;
-
-  /* certificate type : x509, OpenPGP, etc. */
-  MHD_gtls_priority_st cert_type;
-
-  /* to disable record padding */
-  int no_padding;
-};
-
-/* DH and RSA parameters types.
- */
-typedef struct MHD_gtls_dh_params_int
-{
-  /* [0] is the prime, [1] is the generator.
-   */
-  mpi_t params[2];
-} MHD_gtls_dh_params_st;
-
-typedef struct
-{
-  MHD_gtls_dh_params_t dh_params;
-  int free_dh_params;
-  MHD_gtls_rsa_params_t rsa_params;
-  int free_rsa_params;
-} MHD_gtls_internal_params_st;
-
-typedef struct
-{
-  opaque header[HANDSHAKE_HEADER_SIZE];
-  /* this holds the number of bytes in the handshake_header[] */
-  size_t header_size;
-  /* this holds the length of the handshake packet */
-  size_t packet_length;
-  MHD_gnutls_handshake_description_t recv_type;
-} MHD_gtls_handshake_header_buffer_st;
-
-typedef struct
-{
-  MHD_gtls_buffer application_data_buffer;      /* holds data to be delivered to application layer */
-  MHD_gtls_buffer handshake_hash_buffer;        /* used to keep the last received handshake
-                                                 * message */
-  mac_hd_t handshake_mac_handle_sha;    /* hash of the handshake messages */
-  mac_hd_t handshake_mac_handle_md5;    /* hash of the handshake messages */
-
-  MHD_gtls_buffer handshake_data_buffer;        /* this is a buffer that holds the current handshake message */
-  MHD_gtls_buffer ia_data_buffer;       /* holds inner application data (TLS/IA) */
-  resumable_session_t resumable;        /* TRUE or FALSE - if we can resume that session */
-  handshake_state_t handshake_state;    /* holds
-                                         * a number which indicates where
-                                         * the handshake procedure has been
-                                         * interrupted. If it is 0 then
-                                         * no interruption has happened.
-                                         */
-
-  valid_session_t valid_connection;     /* true or FALSE - if this session is valid */
-
-  int may_not_read;             /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
-                                 */
-  int may_not_write;
-  int read_eof;                 /* non-zero if we have received a closure alert. */
-
-  int last_alert;               /* last alert received */
-  int last_alert_level;         /* last alert level */
-
-  /* The last handshake messages sent or received.
-   */
-  int last_handshake_in;
-  int last_handshake_out;
-
-  /* this is the compression method we are going to use */
-  enum MHD_GNUTLS_CompressionMethod compression_method;
-
-  /* priorities */
-  struct MHD_gtls_priority_st priorities;
-
-  /* resumed session */
-  resumable_session_t resumed;  /* RESUME_TRUE or FALSE - if we are resuming a session */
-  MHD_gtls_security_param_st resumed_security_parameters;
-
-  /* sockets internals */
-  int lowat;
-
-  /* These buffers are used in the handshake
-   * protocol only. freed using MHD__gnutls_handshake_io_buffer_clear();
-   */
-  MHD_gtls_buffer handshake_send_buffer;
-  size_t handshake_send_buffer_prev_size;
-  content_type_t handshake_send_buffer_type;
-  MHD_gnutls_handshake_description_t handshake_send_buffer_htype;
-  content_type_t handshake_recv_buffer_type;
-  MHD_gnutls_handshake_description_t handshake_recv_buffer_htype;
-  MHD_gtls_buffer handshake_recv_buffer;
-
-  /* this buffer holds a record packet -mostly used for
-   * non blocking IO.
-   */
-  MHD_gtls_buffer record_recv_buffer;
-  MHD_gtls_buffer record_send_buffer;   /* holds cached data
-                                         * for the MHD_gnutls_io_write_buffered()
-                                         * function.
-                                         */
-  size_t record_send_buffer_prev_size;  /* holds the
-                                         * data written in the previous runs.
-                                         */
-  size_t record_send_buffer_user_size;  /* holds the
-                                         * size of the user specified data to
-                                         * send.
-                                         */
-
-  /* 0 if no peeked data was kept, 1 otherwise.
-   */
-  int have_peeked_data;
-
-  int expire_time;              /* after expire_time seconds this session will expire */
-  struct MHD_gtls_mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
-
-  /* TODO rm */
-  int v2_hello;                 /* 0 if the client hello is v3+.
-                                 * non-zero if we got a v2 hello.
-                                 */
-  /* keeps the headers of the handshake packet
-   */
-  MHD_gtls_handshake_header_buffer_st handshake_header_buffer;
-
-  /* this is the highest version available
-   * to the peer. (advertized version).
-   * This is obtained by the Handshake Client Hello
-   * message. (some implementations read the Record version)
-   */
-  uint8_t adv_version_major;
-  uint8_t adv_version_minor;
-
-  /* if this is non zero a certificate request message
-   * will be sent to the client. - only if the ciphersuite
-   * supports it.
-   */
-  int send_cert_req;
-
-  /* bits to use for DHE and DHA
-   * use MHD__gnutls_dh_get_prime_bits() and MHD__gnutls_dh_set_prime_bits()
-   * to access it.
-   */
-  uint16_t dh_prime_bits;
-
-  size_t max_handshake_data_buffer_size;
-
-  /* PUSH & PULL functions.
-   */
-  MHD_gtls_pull_func MHD__gnutls_pull_func;
-  MHD_gtls_push_func MHD__gnutls_push_func;
-  /* Holds the first argument of PUSH and PULL
-   * functions;
-   */
-  MHD_gnutls_transport_ptr_t transport_recv_ptr;
-  MHD_gnutls_transport_ptr_t transport_send_ptr;
-
-  /* Holds the record size requested by the
-   * user.
-   */
-  uint16_t proposed_record_size;
-
-  /* holds the selected certificate and key.
-   * use MHD_gtls_selected_certs_deinit() and MHD_gtls_selected_certs_set()
-   * to change them.
-   */
-  MHD_gnutls_cert *selected_cert_list;
-  int selected_cert_list_length;
-  MHD_gnutls_privkey *selected_key;
-  int selected_need_free;
-
-  /* holds the extensions we sent to the peer
-   * (in case of a client)
-   */
-  uint16_t extensions_sent[MAX_EXT_TYPES];
-  uint16_t extensions_sent_size;
-
-  /* This holds the default version that our first
-   * record packet will have. */
-  opaque default_record_version[2];
-
-  void *user_ptr;
-
-  /* Holds 0 if the last called function was interrupted while
-   * receiving, and non zero otherwise.
-   */
-  int direction;
-
-  /* If non zero the server will not advertize the CA's he
-   * trusts (do not send an RDN sequence).
-   */
-  int ignore_rdn_sequence;
-
-  /* This is used to set an arbitary version in the RSA
-   * PMS secret. Can be used by clients to test whether the
-   * server checks that version. (** only used in gnutls-cli-debug)
-   */
-  opaque rsa_pms_version[2];
-
-  /* Here we cache the DH or RSA parameters got from the
-   * credentials structure, or from a callback. That is to
-   * minimize external calls.
-   */
-  MHD_gtls_internal_params_st params;
-
-  /* This buffer is used by the record recv functions,
-   * as a temporary store buffer.
-   */
-  MHD_gnutls_datum_t recv_buffer;
-
-  /* To avoid using global variables, and especially on Windows where
-   * the application may use a different errno variable than GnuTLS,
-   * it is possible to use MHD__gnutls_transport_set_errno to set a
-   * session-specific errno variable in the user-replaceable push/pull
-   * functions.  This value is used by the send/recv functions.  (The
-   * strange name of this variable is because 'errno' is typically
-   * #define'd.)
-   */
-  int errnum;
-
-  /* Function used to perform public-key signing operation during
-     handshake.  Used by MHD_gnutls_sig.c:MHD__gnutls_tls_sign(), see also
-     MHD_gtls_sign_callback_set(). */
-  MHD_gnutls_sign_func sign_func;
-  void *sign_func_userdata;
-
-  /* If you add anything here, check MHD_gtls_handshake_internal_state_clear().
-   */
-} MHD_gtls_internals_st;
-
-struct MHD_gtls_session_int
-{
-  MHD_gtls_security_param_st security_parameters;
-  MHD_gtls_cipher_specs_st cipher_specs;
-  MHD_gtls_conn_stat_st connection_state;
-  MHD_gtls_internals_st internals;
-  MHD_gtls_key_st key;
-};
-
-/* functions */
-void MHD_gtls_set_current_version (MHD_gtls_session_t session,
-                                   enum MHD_GNUTLS_Protocol version);
-
-void MHD_gtls_free_auth_info (MHD_gtls_session_t session);
-
-/* These two macros return the advertized TLS version of
- * the peer.
- */
-#define MHD__gnutls_get_adv_version_major( session) \
-	session->internals.adv_version_major
-
-#define MHD__gnutls_get_adv_version_minor( session) \
-	session->internals.adv_version_minor
-
-#define set_adv_version( session, major, minor) \
-	session->internals.adv_version_major = major; \
-	session->internals.adv_version_minor = minor
-
-enum MHD_GNUTLS_Protocol MHD_gtls_get_adv_version (MHD_gtls_session_t);
-
-#endif /* GNUTLS_INT_H */

src/daemon/https/tls/gnutls_kx.c

@@ -1,726 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2004, 2005, 2006  Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains functions which are wrappers for the key exchange
- * part of TLS. They are called by the handshake functions (MHD__gnutls_handshake)
- */
-
-#include "gnutls_int.h"
-#include "gnutls_handshake.h"
-#include "gnutls_kx.h"
-#include "gnutls_dh.h"
-#include "gnutls_errors.h"
-#include "gnutls_algorithms.h"
-#include "debug.h"
-#include "gnutls_mpi.h"
-#include <gnutls_state.h>
-#include <gnutls_datum.h>
-#include <gnutls_rsa_export.h>
-
-/* This file contains important thing for the TLS handshake procedure.
- */
-
-#define MASTER_SECRET "master secret"
-static int generate_normal_master (MHD_gtls_session_t session, int);
-
-int
-MHD_gtls_generate_master (MHD_gtls_session_t session, int keep_premaster)
-{
-  if (session->internals.resumed == RESUME_FALSE)
-    return generate_normal_master (session, keep_premaster);
-  return 0;
-}
-
-/* here we generate the TLS Master secret.
- */
-#define PREMASTER session->key->key
-static int
-generate_normal_master (MHD_gtls_session_t session, int keep_premaster)
-{
-  int ret = 0;
-  char buf[512];
-
-  MHD__gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size,
-                        MHD_gtls_bin2hex (PREMASTER.data, PREMASTER.size, buf,
-                                          sizeof (buf)));
-  MHD__gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32,
-                        MHD_gtls_bin2hex (session->security_parameters.
-                                          client_random, 32, buf,
-                                          sizeof (buf)));
-  MHD__gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32,
-                        MHD_gtls_bin2hex (session->security_parameters.
-                                          server_random, 32, buf,
-                                          sizeof (buf)));
-
-  if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      opaque rnd[2 * TLS_RANDOM_SIZE + 1];
-
-      memcpy (rnd, session->security_parameters.client_random,
-              TLS_RANDOM_SIZE);
-      memcpy (&rnd[TLS_RANDOM_SIZE],
-              session->security_parameters.server_random, TLS_RANDOM_SIZE);
-
-      ret =
-        MHD_gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size,
-                                         rnd, 2 * TLS_RANDOM_SIZE,
-                                         TLS_MASTER_SIZE,
-                                         session->security_parameters.
-                                         master_secret);
-
-    }
-  else
-    {
-      opaque rnd[2 * TLS_RANDOM_SIZE + 1];
-
-      memcpy (rnd, session->security_parameters.client_random,
-              TLS_RANDOM_SIZE);
-      memcpy (&rnd[TLS_RANDOM_SIZE],
-              session->security_parameters.server_random, TLS_RANDOM_SIZE);
-
-      ret =
-        MHD_gtls_PRF (session, PREMASTER.data, PREMASTER.size,
-                      MASTER_SECRET, strlen (MASTER_SECRET),
-                      rnd, 2 * TLS_RANDOM_SIZE, TLS_MASTER_SIZE,
-                      session->security_parameters.master_secret);
-    }
-
-  /* TLS/IA inner secret is derived from the master secret. */
-  memcpy (session->security_parameters.inner_secret,
-          session->security_parameters.master_secret, TLS_MASTER_SIZE);
-
-  if (!keep_premaster)
-    MHD__gnutls_free_datum (&PREMASTER);
-
-  if (ret < 0)
-    return ret;
-
-  MHD__gnutls_hard_log ("INT: MASTER SECRET: %s\n",
-                        MHD_gtls_bin2hex (session->security_parameters.
-                                          master_secret, TLS_MASTER_SIZE, buf,
-                                          sizeof (buf)));
-
-  return ret;
-}
-
-
-/* This is called when we want to receive the key exchange message of the
- * server. It does nothing if this type of message is not required
- * by the selected ciphersuite.
- */
-int
-MHD_gtls_send_server_kx_message (MHD_gtls_session_t session, int again)
-{
-  uint8_t *data = NULL;
-  int data_size = 0;
-  int ret = 0;
-
-  if (session->internals.auth_struct->MHD_gtls_gen_server_kx == NULL)
-    return 0;
-
-  data = NULL;
-  data_size = 0;
-
-  if (again == 0)
-    {
-      data_size =
-        session->internals.auth_struct->MHD_gtls_gen_server_kx (session,
-                                                                &data);
-
-      if (data_size == GNUTLS_E_INT_RET_0)
-        {
-          MHD_gnutls_assert ();
-          return 0;
-        }
-
-      if (data_size < 0)
-        {
-          MHD_gnutls_assert ();
-          return data_size;
-        }
-    }
-
-  ret =
-    MHD_gtls_send_handshake (session, data, data_size,
-                             GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
-  MHD_gnutls_free (data);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  return data_size;
-}
-
-/* This function sends a certificate request message to the
- * client.
- */
-int
-MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session,
-                                          int again)
-{
-  uint8_t *data = NULL;
-  int data_size = 0;
-  int ret = 0;
-
-  if (session->internals.auth_struct->
-      MHD_gtls_gen_server_certificate_request == NULL)
-    return 0;
-
-  if (session->internals.send_cert_req <= 0)
-    return 0;
-
-  data = NULL;
-  data_size = 0;
-
-  if (again == 0)
-    {
-      data_size =
-        session->internals.auth_struct->
-        MHD_gtls_gen_server_certificate_request (session, &data);
-
-      if (data_size < 0)
-        {
-          MHD_gnutls_assert ();
-          return data_size;
-        }
-    }
-  ret =
-    MHD_gtls_send_handshake (session, data, data_size,
-                             GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
-  MHD_gnutls_free (data);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  return data_size;
-}
-
-
-/* This is the function for the client to send the key
- * exchange message
- */
-int
-MHD_gtls_send_client_kx_message (MHD_gtls_session_t session, int again)
-{
-  uint8_t *data;
-  int data_size;
-  int ret = 0;
-
-  if (session->internals.auth_struct->MHD_gtls_gen_client_kx == NULL)
-    return 0;
-
-
-  data = NULL;
-  data_size = 0;
-
-  if (again == 0)
-    {
-      data_size =
-        session->internals.auth_struct->MHD_gtls_gen_client_kx (session,
-                                                                &data);
-      if (data_size < 0)
-        {
-          MHD_gnutls_assert ();
-          return data_size;
-        }
-    }
-  ret =
-    MHD_gtls_send_handshake (session, data, data_size,
-                             GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
-  MHD_gnutls_free (data);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return ret;
-}
-
-
-/* This is the function for the client to send the certificate
- * verify message
- */
-int
-MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session,
-                                         int again)
-{
-  uint8_t *data;
-  int ret = 0;
-  int data_size;
-
-  /* This is a packet that is only sent by the client
-   */
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    return 0;
-
-  /* if certificate verify is not needed just exit
-   */
-  if (session->key->certificate_requested == 0)
-    return 0;
-
-  if (session->internals.auth_struct->MHD_gtls_gen_client_cert_vrfy == NULL)
-    {
-      MHD_gnutls_assert ();
-      return 0;                 /* this algorithm does not support cli_cert_vrfy
-                                 */
-    }
-
-  data = NULL;
-  data_size = 0;
-
-  if (again == 0)
-    {
-      data_size =
-        session->internals.auth_struct->
-        MHD_gtls_gen_client_cert_vrfy (session, &data);
-      if (data_size < 0)
-        {
-          MHD_gnutls_assert ();
-          return data_size;
-        }
-      if (data_size == 0)
-        return 0;
-
-    }
-  ret =
-    MHD_gtls_send_handshake (session, data,
-                             data_size, GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
-  MHD_gnutls_free (data);
-
-  return ret;
-}
-
-
-int
-MHD_gtls_recv_server_kx_message (MHD_gtls_session_t session)
-{
-  uint8_t *data = NULL;
-  int datasize;
-  int ret = 0;
-
-  if (session->internals.auth_struct->MHD_gtls_process_server_kx != NULL)
-    {
-
-      /* EXCEPTION FOR RSA_EXPORT cipher suite
-       */
-      if (MHD_gtls_session_is_export (session) != 0 &&
-          MHD__gnutls_peers_cert_less_512 (session) != 0)
-        {
-          MHD_gnutls_assert ();
-          return 0;
-        }
-
-      ret =
-        MHD_gtls_recv_handshake (session, &data,
-                                 &datasize,
-                                 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
-                                 MANDATORY_PACKET);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      ret =
-        session->internals.auth_struct->MHD_gtls_process_server_kx (session,
-                                                                    data,
-                                                                    datasize);
-      MHD_gnutls_free (data);
-
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    }
-  return ret;
-}
-
-int
-MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session)
-{
-  uint8_t *data;
-  int datasize;
-  int ret = 0;
-
-  if (session->internals.auth_struct->
-      MHD_gtls_process_server_certificate_request != NULL)
-    {
-
-      ret =
-        MHD_gtls_recv_handshake (session, &data,
-                                 &datasize,
-                                 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
-                                 OPTIONAL_PACKET);
-      if (ret < 0)
-        return ret;
-
-      if (ret == 0 && datasize == 0)
-        return 0;               /* ignored */
-
-      ret =
-        session->internals.auth_struct->
-        MHD_gtls_process_server_certificate_request (session, data, datasize);
-      MHD_gnutls_free (data);
-      if (ret < 0)
-        return ret;
-
-    }
-  return ret;
-}
-
-int
-MHD_gtls_recv_client_kx_message (MHD_gtls_session_t session)
-{
-  uint8_t *data;
-  int datasize;
-  int ret = 0;
-
-
-  /* Do key exchange only if the algorithm permits it */
-  if (session->internals.auth_struct->MHD_gtls_process_client_kx != NULL)
-    {
-
-      ret =
-        MHD_gtls_recv_handshake (session, &data,
-                                 &datasize,
-                                 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
-                                 MANDATORY_PACKET);
-      if (ret < 0)
-        return ret;
-
-      ret =
-        session->internals.auth_struct->MHD_gtls_process_client_kx (session,
-                                                                    data,
-                                                                    datasize);
-      MHD_gnutls_free (data);
-      if (ret < 0)
-        return ret;
-
-    }
-
-  return ret;
-}
-
-
-/* This is called when we want send our certificate
- */
-int
-MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again)
-{
-  uint8_t *data = NULL;
-  int data_size = 0;
-  int ret = 0;
-
-
-  if (session->key->certificate_requested == 0)
-    return 0;
-
-  if (session->internals.auth_struct->MHD_gtls_gen_client_certificate == NULL)
-    return 0;
-
-  data = NULL;
-  data_size = 0;
-
-  if (again == 0)
-    {
-      if (MHD__gnutls_protocol_get_version (session) !=
-          MHD_GNUTLS_PROTOCOL_SSL3
-          || session->internals.selected_cert_list_length > 0)
-        {
-          /* TLS 1.0 or SSL 3.0 with a valid certificate
-           */
-          data_size =
-            session->internals.auth_struct->
-            MHD_gtls_gen_client_certificate (session, &data);
-
-          if (data_size < 0)
-            {
-              MHD_gnutls_assert ();
-              return data_size;
-            }
-        }
-    }
-
-  /* In the SSL 3.0 protocol we need to send a
-   * no certificate alert instead of an
-   * empty certificate.
-   */
-  if (MHD__gnutls_protocol_get_version (session) == MHD_GNUTLS_PROTOCOL_SSL3
-      && session->internals.selected_cert_list_length == 0)
-    {
-      ret =
-        MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING,
-                                GNUTLS_A_SSL3_NO_CERTIFICATE);
-
-    }
-  else
-    {                           /* TLS 1.0 or SSL 3.0 with a valid certificate
-                                 */
-      ret =
-        MHD_gtls_send_handshake (session, data, data_size,
-                                 GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
-      MHD_gnutls_free (data);
-    }
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return data_size;
-}
-
-
-/* This is called when we want send our certificate
- */
-int
-MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again)
-{
-  uint8_t *data = NULL;
-  int data_size = 0;
-  int ret = 0;
-
-
-  if (session->internals.auth_struct->MHD_gtls_gen_server_certificate == NULL)
-    return 0;
-
-  data = NULL;
-  data_size = 0;
-
-  if (again == 0)
-    {
-      data_size =
-        session->internals.auth_struct->
-        MHD_gtls_gen_server_certificate (session, &data);
-
-      if (data_size < 0)
-        {
-          MHD_gnutls_assert ();
-          return data_size;
-        }
-    }
-  ret =
-    MHD_gtls_send_handshake (session, data, data_size,
-                             GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
-  MHD_gnutls_free (data);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return data_size;
-}
-
-
-int
-MHD_gtls_recv_client_certificate (MHD_gtls_session_t session)
-{
-  int datasize;
-  opaque *data;
-  int ret = 0;
-  int optional;
-
-  if (session->internals.auth_struct->MHD_gtls_process_client_certificate !=
-      NULL)
-    {
-
-      /* if we have not requested a certificate then just return
-       */
-      if (session->internals.send_cert_req == 0)
-        {
-          return 0;
-        }
-
-      if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
-        optional = MANDATORY_PACKET;
-      else
-        optional = OPTIONAL_PACKET;
-
-      ret =
-        MHD_gtls_recv_handshake (session, &data,
-                                 &datasize,
-                                 GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
-
-      if (ret < 0)
-        {
-          /* Handle the case of old SSL3 clients who send
-           * a warning alert instead of an empty certificate to indicate
-           * no certificate.
-           */
-          if (optional == OPTIONAL_PACKET &&
-              ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
-              MHD__gnutls_protocol_get_version (session) ==
-              MHD_GNUTLS_PROTOCOL_SSL3
-              && MHD_gnutls_alert_get (session) ==
-              GNUTLS_A_SSL3_NO_CERTIFICATE)
-            {
-
-              /* SSL3 does not send an empty certificate,
-               * but this alert. So we just ignore it.
-               */
-              MHD_gnutls_assert ();
-              return 0;
-            }
-
-          /* certificate was required
-           */
-          if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
-               || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
-              && optional == MANDATORY_PACKET)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_NO_CERTIFICATE_FOUND;
-            }
-
-          return ret;
-        }
-
-      if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET)
-        {
-          /* Client has not sent the certificate message.
-           * well I'm not sure we should accept this
-           * behaviour.
-           */
-          MHD_gnutls_assert ();
-          return 0;
-        }
-      ret =
-        session->internals.auth_struct->
-        MHD_gtls_process_client_certificate (session, data, datasize);
-
-      MHD_gnutls_free (data);
-      if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      /* ok we should expect a certificate verify message now
-       */
-      if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
-        ret = 0;
-      else
-        session->key->certificate_requested = 1;
-
-    }
-
-  return ret;
-}
-
-int
-MHD_gtls_recv_server_certificate (MHD_gtls_session_t session)
-{
-  int datasize;
-  opaque *data;
-  int ret = 0;
-
-  if (session->internals.auth_struct->MHD_gtls_process_server_certificate !=
-      NULL)
-    {
-
-      ret =
-        MHD_gtls_recv_handshake (session, &data,
-                                 &datasize,
-                                 GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
-                                 MANDATORY_PACKET);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      ret =
-        session->internals.auth_struct->
-        MHD_gtls_process_server_certificate (session, data, datasize);
-      MHD_gnutls_free (data);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-    }
-
-  return ret;
-}
-
-
-/* Recv the client certificate verify. This packet may not
- * arrive if the peer did not send us a certificate.
- */
-int
-MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t session)
-{
-  uint8_t *data;
-  int datasize;
-  int ret = 0;
-
-
-  if (session->internals.auth_struct->MHD_gtls_process_client_cert_vrfy !=
-      NULL)
-    {
-
-      if (session->internals.send_cert_req == 0 ||
-          session->key->certificate_requested == 0)
-        {
-          return 0;
-        }
-
-      ret =
-        MHD_gtls_recv_handshake (session, &data,
-                                 &datasize,
-                                 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
-                                 OPTIONAL_PACKET);
-      if (ret < 0)
-        return ret;
-
-      if (ret == 0 && datasize == 0
-          && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
-        {
-          /* certificate was required */
-          MHD_gnutls_assert ();
-          return GNUTLS_E_NO_CERTIFICATE_FOUND;
-        }
-
-      ret =
-        session->internals.auth_struct->
-        MHD_gtls_process_client_cert_vrfy (session, data, datasize);
-      MHD_gnutls_free (data);
-      if (ret < 0)
-        return ret;
-
-    }
-
-  return ret;
-}

src/daemon/https/tls/gnutls_kx.h

@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD_gtls_send_server_kx_message (MHD_gtls_session_t session, int again);
-int MHD_gtls_send_client_kx_message (MHD_gtls_session_t session, int again);
-int MHD_gtls_recv_server_kx_message (MHD_gtls_session_t session);
-int MHD_gtls_recv_client_kx_message (MHD_gtls_session_t session);
-int MHD_gtls_send_client_certificate_verify (MHD_gtls_session_t session,
-                                             int again);
-int MHD_gtls_send_server_certificate (MHD_gtls_session_t session, int again);
-int MHD_gtls_generate_master (MHD_gtls_session_t session, int keep_premaster);
-int MHD_gtls_recv_client_certificate (MHD_gtls_session_t session);
-int MHD_gtls_recv_server_certificate (MHD_gtls_session_t session);
-int MHD_gtls_send_client_certificate (MHD_gtls_session_t session, int again);
-int MHD_gtls_recv_server_certificate_request (MHD_gtls_session_t session);
-int MHD_gtls_send_server_certificate_request (MHD_gtls_session_t session,
-                                              int again);
-int MHD_gtls_recv_client_certificate_verify_message (MHD_gtls_session_t
-                                                     session);

src/daemon/https/tls/gnutls_mem.c

@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-
-MHD_gnutls_alloc_function MHD_gnutls_secure_malloc = malloc;
-MHD_gnutls_alloc_function MHD_gnutls_malloc = malloc;
-MHD_gnutls_free_function MHD_gnutls_free = free;
-MHD_gnutls_realloc_function MHD_gnutls_realloc = realloc;
-
-void *(*MHD_gnutls_calloc) (size_t, size_t) = calloc;
-
-int
-MHD__gnutls_is_secure_mem_null (const void *ign)
-{
-  return 0;
-}
-
-int (*MHD__gnutls_is_secure_memory) (const void *) =
-  MHD__gnutls_is_secure_mem_null;
-
-
-
-/* This realloc will free ptr in case realloc
- * fails.
- */
-void *
-MHD_gtls_realloc_fast (void *ptr, size_t size)
-{
-  void *ret;
-
-  if (size == 0)
-    return ptr;
-
-  ret = MHD_gnutls_realloc (ptr, size);
-  if (ret == NULL)
-    {
-      MHD_gnutls_free (ptr);
-    }
-
-  return ret;
-}

src/daemon/https/tls/gnutls_mem.h

@@ -1,61 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_MEM_H
-# define GNUTLS_MEM_H
-
-#ifdef USE_DMALLOC
-# include <dmalloc.h>
-#endif
-
-typedef void svoid;             /* for functions that allocate using MHD_gnutls_secure_malloc */
-
-#ifdef HAVE_ALLOCA
-# ifdef HAVE_ALLOCA_H
-#  include <alloca.h>
-# endif
-# ifndef MHD_gnutls_alloca
-#  define MHD_gnutls_alloca alloca
-#  define MHD_gnutls_afree(x)
-# endif
-#else
-# ifndef MHD_gnutls_alloca
-#  define MHD_gnutls_alloca MHD_gnutls_malloc
-#  define MHD_gnutls_afree MHD_gnutls_free
-# endif
-#endif /* HAVE_ALLOCA */
-
-extern int (*MHD__gnutls_is_secure_memory) (const void *);
-
-/* this realloc function will return ptr if size==0, and
- * will free the ptr if the new allocation failed.
- */
-void *MHD_gtls_realloc_fast (void *ptr, size_t size);
-
-svoid *MHD_gtls_secure_calloc (size_t nmemb, size_t size);
-
-void *MHD_gtls_calloc (size_t nmemb, size_t size);
-char *MHD_gtls_strdup (const char *);
-
-#endif /* GNUTLS_MEM_H */

src/daemon/https/tls/gnutls_mpi.c

@@ -1,267 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Here lie everything that has to do with large numbers, libgcrypt and
- * other stuff that didn't fit anywhere else.
- */
-
-#include <gnutls_int.h>
-#include <libtasn1.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-
-/* Functions that refer to the libgcrypt library.
- */
-
-void
-MHD_gtls_mpi_release (mpi_t * x)
-{
-  if (*x == NULL)
-    return;
-  gcry_mpi_release (*x);
-  *x = NULL;
-}
-
-/* returns zero on success
- */
-int
-MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes)
-{
-  int ret;
-
-  ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes);
-  if (ret)
-    return GNUTLS_E_MPI_SCAN_FAILED;
-
-  return 0;
-}
-
-/* returns zero on success. Fails if the number is zero.
- */
-int
-MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer, size_t * nbytes)
-{
-  int ret;
-
-  ret = gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, buffer, *nbytes, nbytes);
-  if (ret)
-    return GNUTLS_E_MPI_SCAN_FAILED;
-
-  /* MPIs with 0 bits are illegal
-   */
-  if (MHD__gnutls_mpi_get_nbits (*ret_mpi) == 0)
-    {
-      MHD_gtls_mpi_release (ret_mpi);
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  return 0;
-}
-
-int
-MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a)
-{
-  int ret;
-
-  if (nbytes == NULL || a == NULL)
-    return GNUTLS_E_INVALID_REQUEST;
-
-  ret = gcry_mpi_print (GCRYMPI_FMT_USG, buffer, *nbytes, nbytes, a);
-  if (!ret)
-    return 0;
-
-  return GNUTLS_E_MPI_PRINT_FAILED;
-}
-
-/* Always has the first bit zero */
-static int
-MHD_gtls_mpi_print_lz (void *buffer, size_t * nbytes, const mpi_t a)
-{
-  int ret;
-
-  if (nbytes == NULL || a == NULL)
-    return GNUTLS_E_INVALID_REQUEST;
-
-  ret = gcry_mpi_print (GCRYMPI_FMT_STD, buffer, *nbytes, nbytes, a);
-  if (!ret)
-    return 0;
-
-  return GNUTLS_E_MPI_PRINT_FAILED;
-}
-
-/* Always has the first bit zero */
-int
-MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a)
-{
-  int ret;
-  opaque *buf = NULL;
-  size_t bytes = 0;
-
-  if (dest == NULL || a == NULL)
-    return GNUTLS_E_INVALID_REQUEST;
-
-  gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &bytes, a);
-
-  if (bytes != 0)
-    buf = MHD_gnutls_malloc (bytes);
-  if (buf == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  ret = gcry_mpi_print (GCRYMPI_FMT_STD, buf, bytes, &bytes, a);
-  if (!ret)
-    {
-      dest->data = buf;
-      dest->size = bytes;
-      return 0;
-    }
-
-  MHD_gnutls_free (buf);
-  return GNUTLS_E_MPI_PRINT_FAILED;
-}
-
-int
-MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a)
-{
-  int ret;
-  opaque *buf = NULL;
-  size_t bytes = 0;
-
-  if (dest == NULL || a == NULL)
-    return GNUTLS_E_INVALID_REQUEST;
-
-  gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &bytes, a);
-
-  if (bytes != 0)
-    buf = MHD_gnutls_malloc (bytes);
-  if (buf == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  ret = gcry_mpi_print (GCRYMPI_FMT_USG, buf, bytes, &bytes, a);
-  if (!ret)
-    {
-      dest->data = buf;
-      dest->size = bytes;
-      return 0;
-    }
-
-  MHD_gnutls_free (buf);
-  return GNUTLS_E_MPI_PRINT_FAILED;
-}
-
-
-/* this function reads an integer
- * from asn1 structs. Combines the read and mpi_scan
- * steps.
- */
-int
-MHD__gnutls_x509_read_int (ASN1_TYPE node, const char *value, mpi_t * ret_mpi)
-{
-  int result;
-  size_t s_len;
-  opaque *tmpstr = NULL;
-  int tmpstr_size;
-
-  tmpstr_size = 0;
-  result = MHD__asn1_read_value (node, value, NULL, &tmpstr_size);
-  if (result != ASN1_MEM_ERROR)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  tmpstr = MHD_gnutls_alloca (tmpstr_size);
-  if (tmpstr == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  result = MHD__asn1_read_value (node, value, tmpstr, &tmpstr_size);
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (tmpstr);
-      return MHD_gtls_asn2err (result);
-    }
-
-  s_len = tmpstr_size;
-  if (MHD_gtls_mpi_scan (ret_mpi, tmpstr, &s_len) != 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (tmpstr);
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  MHD_gnutls_afree (tmpstr);
-
-  return 0;
-}
-
-/* Writes the specified integer into the specified node.
- */
-int
-MHD__gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi,
-                            int lz)
-{
-  opaque *tmpstr;
-  size_t s_len;
-  int result;
-
-  s_len = 0;
-  if (lz)
-    result = MHD_gtls_mpi_print_lz (NULL, &s_len, mpi);
-  else
-    result = MHD_gtls_mpi_print (NULL, &s_len, mpi);
-
-  tmpstr = MHD_gnutls_alloca (s_len);
-  if (tmpstr == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  if (lz)
-    result = MHD_gtls_mpi_print_lz (tmpstr, &s_len, mpi);
-  else
-    result = MHD_gtls_mpi_print (tmpstr, &s_len, mpi);
-
-  if (result != 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (tmpstr);
-      return GNUTLS_E_MPI_PRINT_FAILED;
-    }
-
-  result = MHD__asn1_write_value (node, value, tmpstr, s_len);
-
-  MHD_gnutls_afree (tmpstr);
-
-  if (result != ASN1_SUCCESS)
-    {
-      MHD_gnutls_assert ();
-      return MHD_gtls_asn2err (result);
-    }
-
-  return 0;
-}

src/daemon/https/tls/gnutls_mpi.h

@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_MPI_H
-#define GNUTLS_MPI_H
-
-# include <gnutls_int.h>
-# include <gcrypt.h>
-# include "gc.h"
-
-typedef gcry_mpi_t mpi_t;
-
-#define MHD__gnutls_mpi_cmp gcry_mpi_cmp
-#define MHD__gnutls_mpi_cmp_ui gcry_mpi_cmp_ui
-#define MHD__gnutls_mpi_new gcry_mpi_new
-#define MHD__gnutls_mpi_snew gcry_mpi_snew
-#define MHD__gnutls_mpi_copy gcry_mpi_copy
-#define MHD__gnutls_mpi_randomize gcry_mpi_randomize
-#define MHD__gnutls_mpi_get_nbits gcry_mpi_get_nbits
-#define MHD__gnutls_mpi_powm gcry_mpi_powm
-#define MHD__gnutls_mpi_invm gcry_mpi_invm
-#define MHD__gnutls_mpi_alloc_like(x) MHD__gnutls_mpi_new(MHD__gnutls_mpi_get_nbits(x))
-
-void MHD_gtls_mpi_release (mpi_t * x);
-
-int MHD_gtls_mpi_scan_nz (mpi_t * ret_mpi, const opaque * buffer,
-                          size_t * nbytes);
-int MHD_gtls_mpi_scan (mpi_t * ret_mpi, const opaque * buffer,
-                       size_t * nbytes);
-int MHD_gtls_mpi_print (void *buffer, size_t * nbytes, const mpi_t a);
-int MHD_gtls_mpi_dprint_lz (MHD_gnutls_datum_t * dest, const mpi_t a);
-int MHD_gtls_mpi_dprint (MHD_gnutls_datum_t * dest, const mpi_t a);
-
-#endif

src/daemon/https/tls/gnutls_num.c

@@ -1,192 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the functions needed for 64 bit integer support in
- * TLS, and functions which ease the access to TLS vectors (data of given size).
- */
-
-#include <gnutls_int.h>
-#include <gnutls_num.h>
-#include <gnutls_errors.h>
-
-/* This function will add one to uint64 x.
- * Returns 0 on success, or -1 if the uint64 max limit
- * has been reached.
- */
-int
-MHD_gtls_uint64pp (uint64 * x)
-{
-  register int i, y = 0;
-
-  for (i = 7; i >= 0; i--)
-    {
-      y = 0;
-      if (x->i[i] == 0xff)
-        {
-          x->i[i] = 0;
-          y = 1;
-        }
-      else
-        x->i[i]++;
-
-      if (y == 0)
-        break;
-    }
-  if (y != 0)
-    return -1;                  /* over 64 bits! WOW */
-
-  return 0;
-}
-
-uint32_t
-MHD_gtls_uint24touint32 (uint24 num)
-{
-  uint32_t ret = 0;
-
-  ((uint8_t *) & ret)[1] = num.pint[0];
-  ((uint8_t *) & ret)[2] = num.pint[1];
-  ((uint8_t *) & ret)[3] = num.pint[2];
-  return ret;
-}
-
-uint24
-MHD_gtls_uint32touint24 (uint32_t num)
-{
-  uint24 ret;
-
-  ret.pint[0] = ((uint8_t *) & num)[1];
-  ret.pint[1] = ((uint8_t *) & num)[2];
-  ret.pint[2] = ((uint8_t *) & num)[3];
-  return ret;
-
-}
-
-/* data should be at least 3 bytes */
-uint32_t
-MHD_gtls_read_uint24 (const opaque * data)
-{
-  uint32_t res;
-  uint24 num;
-
-  num.pint[0] = data[0];
-  num.pint[1] = data[1];
-  num.pint[2] = data[2];
-
-  res = MHD_gtls_uint24touint32 (num);
-#ifndef WORDS_BIGENDIAN
-  res = byteswap32 (res);
-#endif
-  return res;
-}
-
-void
-MHD_gtls_write_uint24 (uint32_t num, opaque * data)
-{
-  uint24 tmp;
-
-#ifndef WORDS_BIGENDIAN
-  num = byteswap32 (num);
-#endif
-  tmp = MHD_gtls_uint32touint24 (num);
-
-  data[0] = tmp.pint[0];
-  data[1] = tmp.pint[1];
-  data[2] = tmp.pint[2];
-}
-
-uint32_t
-MHD_gtls_read_uint32 (const opaque * data)
-{
-  uint32_t res;
-
-  memcpy (&res, data, sizeof (uint32_t));
-#ifndef WORDS_BIGENDIAN
-  res = byteswap32 (res);
-#endif
-  return res;
-}
-
-void
-MHD_gtls_write_uint32 (uint32_t num, opaque * data)
-{
-
-#ifndef WORDS_BIGENDIAN
-  num = byteswap32 (num);
-#endif
-  memcpy (data, &num, sizeof (uint32_t));
-}
-
-uint16_t
-MHD_gtls_read_uint16 (const opaque * data)
-{
-  uint16_t res;
-  memcpy (&res, data, sizeof (uint16_t));
-#ifndef WORDS_BIGENDIAN
-  res = byteswap16 (res);
-#endif
-  return res;
-}
-
-void
-MHD_gtls_write_uint16 (uint16_t num, opaque * data)
-{
-
-#ifndef WORDS_BIGENDIAN
-  num = byteswap16 (num);
-#endif
-  memcpy (data, &num, sizeof (uint16_t));
-}
-
-uint32_t
-MHD_gtls_conv_uint32 (uint32_t data)
-{
-#ifndef WORDS_BIGENDIAN
-  return byteswap32 (data);
-#else
-  return data;
-#endif
-}
-
-uint16_t
-MHD_gtls_conv_uint16 (uint16_t data)
-{
-#ifndef WORDS_BIGENDIAN
-  return byteswap16 (data);
-#else
-  return data;
-#endif
-}
-
-uint32_t
-MHD_gtls_uint64touint32 (const uint64 * num)
-{
-  uint32_t ret;
-
-  memcpy (&ret, &num->i[4], 4);
-#ifndef WORDS_BIGENDIAN
-  ret = byteswap32 (ret);
-#endif
-
-  return ret;
-}

src/daemon/https/tls/gnutls_num.h

@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-
-#define rotl32(x,n)   (((x) << ((uint16_t)(n))) | ((x) >> (32 - (uint16_t)(n))))
-#define rotr32(x,n)   (((x) >> ((uint16_t)(n))) | ((x) << (32 - (uint16_t)(n))))
-#define rotl16(x,n)   (((x) << ((uint16_t)(n))) | ((x) >> (16 - (uint16_t)(n))))
-#define rotr16(x,n)   (((x) >> ((uint16_t)(n))) | ((x) << (16 - (uint16_t)(n))))
-
-#define byteswap16(x)  ((rotl16(x, 8) & 0x00ff) | (rotr16(x, 8) & 0xff00))
-#define byteswap32(x)  ((rotl32(x, 8) & 0x00ff00ffUL) | (rotr32(x, 8) & 0xff00ff00UL))
-
-uint32_t MHD_gtls_uint24touint32 (uint24 num);
-uint24 MHD_gtls_uint32touint24 (uint32_t num);
-uint32_t MHD_gtls_read_uint32 (const opaque * data);
-uint16_t MHD_gtls_read_uint16 (const opaque * data);
-uint32_t MHD_gtls_conv_uint32 (uint32_t data);
-uint16_t MHD_gtls_conv_uint16 (uint16_t data);
-uint32_t MHD_gtls_read_uint24 (const opaque * data);
-void MHD_gtls_write_uint24 (uint32_t num, opaque * data);
-void MHD_gtls_write_uint32 (uint32_t num, opaque * data);
-void MHD_gtls_write_uint16 (uint16_t num, opaque * data);
-uint32_t MHD_gtls_uint64touint32 (const uint64 *);
-
-int MHD_gtls_uint64pp (uint64 *);
-#define MHD__gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
-#define UINT64DATA(x) x.i

src/daemon/https/tls/gnutls_pk.c

@@ -1,636 +0,0 @@
-/*
- * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains the functions needed for RSA/DSA public key
- * encryption and signatures.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_mpi.h>
-#include <gnutls_pk.h>
-#include <gnutls_errors.h>
-#include <gnutls_datum.h>
-#include <gnutls_global.h>
-#include <gnutls_num.h>
-#include "debug.h"
-#include <gc.h>
-
-/* x509 */
-#include "common.h"
-#include "mpi.h"
-
-static int MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
-                                   mpi_t * pkey, int pkey_len);
-static int MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash,
-                                mpi_t * pkey, int);
-static int MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data,
-                                   mpi_t * pkey, int);
-
-
-/* Do PKCS-1 RSA encryption.
- * params is modulus, public exp.
- */
-int
-MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext,
-                            const MHD_gnutls_datum_t * plaintext,
-                            mpi_t * params, unsigned params_len,
-                            unsigned btype)
-{
-  unsigned int i, pad;
-  int ret;
-  mpi_t m, res;
-  opaque *edata, *ps;
-  size_t k, psize;
-  size_t mod_bits;
-
-  mod_bits = MHD__gnutls_mpi_get_nbits (params[0]);
-  k = mod_bits / 8;
-  if (mod_bits % 8 != 0)
-    k++;
-
-  if (plaintext->size > k - 11)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_PK_ENCRYPTION_FAILED;
-    }
-
-  edata = MHD_gnutls_alloca (k);
-  if (edata == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  /* EB = 00||BT||PS||00||D
-   * (use block type 'btype')
-   */
-
-  edata[0] = 0;
-  edata[1] = btype;
-  psize = k - 3 - plaintext->size;
-
-  ps = &edata[2];
-  switch (btype)
-    {
-    case 2:
-      /* using public key */
-      if (params_len < RSA_PUBLIC_PARAMS)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_afree (edata);
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      if (MHD_gc_pseudo_random ((char *) ps, psize) != GC_OK)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_afree (edata);
-          return GNUTLS_E_RANDOM_FAILED;
-        }
-      for (i = 0; i < psize; i++)
-        while (ps[i] == 0)
-          {
-            if (MHD_gc_pseudo_random ((char *) &ps[i], 1) != GC_OK)
-              {
-                MHD_gnutls_assert ();
-                MHD_gnutls_afree (edata);
-                return GNUTLS_E_RANDOM_FAILED;
-              }
-          }
-      break;
-    case 1:
-      /* using private key */
-
-      if (params_len < RSA_PRIVATE_PARAMS)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_afree (edata);
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      for (i = 0; i < psize; i++)
-        ps[i] = 0xff;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (edata);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  ps[psize] = 0;
-  memcpy (&ps[psize + 1], plaintext->data, plaintext->size);
-
-  if (MHD_gtls_mpi_scan_nz (&m, edata, &k) != 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (edata);
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-  MHD_gnutls_afree (edata);
-
-  if (btype == 2)               /* encrypt */
-    ret = MHD__gnutls_pk_encrypt (GCRY_PK_RSA, &res, m, params, params_len);
-  else                          /* sign */
-    ret = MHD__gnutls_pk_sign (GCRY_PK_RSA, &res, m, params, params_len);
-
-  MHD_gtls_mpi_release (&m);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD_gtls_mpi_print (NULL, &psize, res);
-
-  if (psize < k)
-    {
-      /* padding psize */
-      pad = k - psize;
-      psize = k;
-    }
-  else if (psize == k)
-    {
-      pad = 0;
-    }
-  else
-    {                           /* psize > k !!! */
-      /* This is an impossible situation */
-      MHD_gnutls_assert ();
-      MHD_gtls_mpi_release (&res);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  ciphertext->data = MHD_gnutls_malloc (psize);
-  if (ciphertext->data == NULL)
-    {
-      MHD_gnutls_assert ();
-      MHD_gtls_mpi_release (&res);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  MHD_gtls_mpi_print (&ciphertext->data[pad], &psize, res);
-  for (i = 0; i < pad; i++)
-    ciphertext->data[i] = 0;
-
-  ciphertext->size = k;
-
-  MHD_gtls_mpi_release (&res);
-
-  return 0;
-}
-
-
-/* Do PKCS-1 RSA decryption.
- * params is modulus, public exp., private key
- * Can decrypt block type 1 and type 2 packets.
- */
-int
-MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext,
-                            const MHD_gnutls_datum_t * ciphertext,
-                            mpi_t * params, unsigned params_len,
-                            unsigned btype)
-{
-  unsigned k, i;
-  int ret;
-  mpi_t c, res;
-  opaque *edata;
-  size_t esize, mod_bits;
-
-  mod_bits = MHD__gnutls_mpi_get_nbits (params[0]);
-  k = mod_bits / 8;
-  if (mod_bits % 8 != 0)
-    k++;
-
-  esize = ciphertext->size;
-
-  if (esize != k)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_PK_DECRYPTION_FAILED;
-    }
-
-  if (MHD_gtls_mpi_scan_nz (&c, ciphertext->data, &esize) != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MPI_SCAN_FAILED;
-    }
-
-  /* we can use btype to see if the private key is
-   * available.
-   */
-  if (btype == 2)
-    ret = MHD__gnutls_pk_decrypt (GCRY_PK_RSA, &res, c, params, params_len);
-  else
-    {
-      ret = MHD__gnutls_pk_encrypt (GCRY_PK_RSA, &res, c, params, params_len);
-    }
-  MHD_gtls_mpi_release (&c);
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD_gtls_mpi_print (NULL, &esize, res);
-  edata = MHD_gnutls_alloca (esize + 1);
-  if (edata == NULL)
-    {
-      MHD_gnutls_assert ();
-      MHD_gtls_mpi_release (&res);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  MHD_gtls_mpi_print (&edata[1], &esize, res);
-
-  MHD_gtls_mpi_release (&res);
-
-  /* EB = 00||BT||PS||00||D
-   * (use block type 'btype')
-   *
-   * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to
-   * avoid attacks similar to the one described by Bleichenbacher in:
-   * "Chosen Ciphertext Attacks against Protocols Based on RSA
-   * Encryption Standard PKCS #1".
-   */
-
-
-  edata[0] = 0;
-  esize++;
-
-  if (edata[0] != 0 || edata[1] != btype)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (edata);
-      return GNUTLS_E_DECRYPTION_FAILED;
-    }
-
-  ret = GNUTLS_E_DECRYPTION_FAILED;
-  switch (btype)
-    {
-    case 2:
-      for (i = 2; i < esize; i++)
-        {
-          if (edata[i] == 0)
-            {
-              ret = 0;
-              break;
-            }
-        }
-      break;
-    case 1:
-      for (i = 2; i < esize; i++)
-        {
-          if (edata[i] == 0 && i > 2)
-            {
-              ret = 0;
-              break;
-            }
-          if (edata[i] != 0xff)
-            {
-              MHD__gnutls_handshake_log ("PKCS #1 padding error");
-              /* PKCS #1 padding error.  Don't use
-                 GNUTLS_E_PKCS1_WRONG_PAD here.  */
-              break;
-            }
-        }
-      break;
-    default:
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (edata);
-      return GNUTLS_E_DECRYPTION_FAILED;
-    }
-  i++;
-
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (edata);
-      return GNUTLS_E_DECRYPTION_FAILED;
-    }
-
-  if (MHD__gnutls_sset_datum (plaintext, &edata[i], esize - i) < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_afree (edata);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  MHD_gnutls_afree (edata);
-
-  return 0;
-}
-
-
-int
-MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata,
-                     const MHD_gnutls_datum_t * ciphertext, mpi_t * params,
-                     int params_len, int btype)
-{
-
-  MHD_gnutls_datum_t plain;
-  int ret;
-
-  /* decrypt signature */
-  if ((ret =
-       MHD_gtls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len,
-                                   btype)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  if (plain.size != vdata->size)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (&plain);
-      return GNUTLS_E_PK_SIG_VERIFY_FAILED;
-    }
-
-  if (memcmp (plain.data, vdata->data, plain.size) != 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (&plain);
-      return GNUTLS_E_PK_SIG_VERIFY_FAILED;
-    }
-
-  MHD__gnutls_free_datum (&plain);
-
-  return 0;                     /* ok */
-}
-
-
-/* this is taken from gnupg
- */
-
-/****************
- * Emulate our old PK interface here - sometime in the future we might
- * change the internal design to directly fit to libgcrypt.
- */
-static int
-MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
-                        mpi_t * pkey, int pkey_len)
-{
-  gcry_sexp_t s_ciph, s_data, s_pkey;
-  int rc = -1;
-
-  /* make a sexp from pkey */
-  switch (algo)
-    {
-    case GCRY_PK_RSA:
-      if (pkey_len >= 2)
-        rc = gcry_sexp_build (&s_pkey, NULL,
-                              "(public-key(rsa(n%m)(e%m)))",
-                              pkey[0], pkey[1]);
-      break;
-
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  if (rc != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* put the data into a simple list */
-  if (gcry_sexp_build (&s_data, NULL, "%m", data))
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (s_pkey);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* pass it to libgcrypt */
-  rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
-  gcry_sexp_release (s_data);
-  gcry_sexp_release (s_pkey);
-
-  if (rc != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_PK_ENCRYPTION_FAILED;
-
-    }
-  else
-    {                           /* add better error handling or make gnupg use S-Exp directly */
-      gcry_sexp_t list = gcry_sexp_find_token (s_ciph, "a", 0);
-      if (list == NULL)
-        {
-          MHD_gnutls_assert ();
-          gcry_sexp_release (s_ciph);
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
-      gcry_sexp_release (list);
-
-      if (resarr[0] == NULL)
-        {
-          MHD_gnutls_assert ();
-          gcry_sexp_release (s_ciph);
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-    }
-
-  gcry_sexp_release (s_ciph);
-  return rc;
-}
-
-static int
-MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey,
-                        int pkey_len)
-{
-  gcry_sexp_t s_plain, s_data, s_pkey;
-  int rc = -1;
-
-  /* make a sexp from pkey */
-  switch (algo)
-    {
-    case GCRY_PK_RSA:
-      if (pkey_len >= 6)
-        rc = gcry_sexp_build (&s_pkey, NULL,
-                              "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
-                              pkey[0], pkey[1], pkey[2], pkey[3],
-                              pkey[4], pkey[5]);
-      break;
-
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  if (rc != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* put the data into a simple list */
-  if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data))
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (s_pkey);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* pass it to libgcrypt */
-  rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
-  gcry_sexp_release (s_data);
-  gcry_sexp_release (s_pkey);
-
-  if (rc != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_PK_DECRYPTION_FAILED;
-
-    }
-  else
-    {                           /* add better error handling or make gnupg use S-Exp directly */
-      resarr[0] = gcry_sexp_nth_mpi (s_plain, 0, 0);
-
-      if (resarr[0] == NULL)
-        {
-          MHD_gnutls_assert ();
-          gcry_sexp_release (s_plain);
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-    }
-
-  gcry_sexp_release (s_plain);
-  return rc;
-}
-
-
-/* in case of DSA puts into data, r,s
- */
-static int
-MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, mpi_t * pkey,
-                     int pkey_len)
-{
-  gcry_sexp_t s_hash, s_key, s_sig;
-  int rc = -1;
-
-  /* make a sexp from pkey */
-  switch (algo)
-    {
-    case GCRY_PK_DSA:
-      if (pkey_len >= 5)
-        rc = gcry_sexp_build (&s_key, NULL,
-                              "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
-                              pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]);
-      else
-        {
-          MHD_gnutls_assert ();
-        }
-
-      break;
-    case GCRY_PK_RSA:
-      if (pkey_len >= 6)
-        rc = gcry_sexp_build (&s_key, NULL,
-                              "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
-                              pkey[0], pkey[1], pkey[2], pkey[3],
-                              pkey[4], pkey[5]);
-      else
-        {
-          MHD_gnutls_assert ();
-        }
-      break;
-
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  if (rc != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* put the data into a simple list */
-  if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* pass it to libgcrypt */
-  rc = gcry_pk_sign (&s_sig, s_hash, s_key);
-  gcry_sexp_release (s_hash);
-  gcry_sexp_release (s_key);
-
-  if (rc != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_PK_SIGN_FAILED;
-
-    }
-  else
-    {
-      gcry_sexp_t list;
-
-      if (algo == GCRY_PK_DSA)
-        {
-          list = gcry_sexp_find_token (s_sig, "r", 0);
-          if (list == NULL)
-            {
-              MHD_gnutls_assert ();
-              gcry_sexp_release (s_sig);
-              return GNUTLS_E_INTERNAL_ERROR;
-            }
-
-          data[0] = gcry_sexp_nth_mpi (list, 1, 0);
-          gcry_sexp_release (list);
-
-          list = gcry_sexp_find_token (s_sig, "s", 0);
-          if (list == NULL)
-            {
-              MHD_gnutls_assert ();
-              gcry_sexp_release (s_sig);
-              return GNUTLS_E_INTERNAL_ERROR;
-            }
-
-          data[1] = gcry_sexp_nth_mpi (list, 1, 0);
-          gcry_sexp_release (list);
-        }
-      else
-        {                       /* GCRY_PK_RSA */
-          list = gcry_sexp_find_token (s_sig, "s", 0);
-          if (list == NULL)
-            {
-              MHD_gnutls_assert ();
-              gcry_sexp_release (s_sig);
-              return GNUTLS_E_INTERNAL_ERROR;
-            }
-
-          data[0] = gcry_sexp_nth_mpi (list, 1, 0);
-          gcry_sexp_release (list);
-        }
-    }
-
-  gcry_sexp_release (s_sig);
-  return 0;
-}

src/daemon/https/tls/gnutls_pk.h

@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_PK_H
-#define GNUTLS_PK_H
-
-int MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext,
-                                const MHD_gnutls_datum_t * plaintext,
-                                mpi_t * params, unsigned params_len,
-                                unsigned btype);
-int MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext,
-                                const MHD_gnutls_datum_t * ciphertext,
-                                mpi_t * params, unsigned params_len,
-                                unsigned btype);
-int MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata,
-                         const MHD_gnutls_datum_t * ciphertext,
-                         mpi_t * params, int params_len, int btype);
-
-#endif /* GNUTLS_PK_H */

src/daemon/https/tls/gnutls_priority.c

@@ -1,242 +0,0 @@
-/*
- * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Here lies the code of the MHD_gnutls_*_set_priority() functions.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_algorithms.h"
-#include "gnutls_errors.h"
-#include <gnutls_num.h>
-
-#define MAX_ELEMENTS 48
-
-static int
-_set_priority (MHD_gtls_priority_st * st, const int *list)
-{
-  int num = 0;
-
-  while ((list[num] != 0) && (num < MAX_ALGOS))
-    num++;
-  st->num_algorithms = num;
-  memcpy (st->priority, list, num * sizeof (int));
-  return 0;
-}
-
-static const int MHD_gtls_protocol_priority[] = { MHD_GNUTLS_PROTOCOL_TLS1_1,
-  MHD_GNUTLS_PROTOCOL_TLS1_0,
-  MHD_GNUTLS_PROTOCOL_SSL3,
-  0
-};
-
-static const int MHD_gtls_cipher_priority_secure256[] =
-  { MHD_GNUTLS_CIPHER_AES_256_CBC,
-  0
-};
-
-static const int MHD_gtls_kx_priority_secure[] = { MHD_GNUTLS_KX_RSA,
-  0
-};
-
-static const int MHD_gtls_mac_priority_secure[] = { MHD_GNUTLS_MAC_SHA1,
-  0
-};
-
-static int MHD_gtls_cert_type_priority[] = { MHD_GNUTLS_CRT_X509,
-  0
-};
-
-static const int MHD_gtls_comp_priority[] = { MHD_GNUTLS_COMP_NULL,
-  0
-};
-
-/**
- * MHD__gnutls_priority_set - Sets priorities for the cipher suites supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @priority: is a #MHD_gnutls_priority_t structure.
- *
- * Sets the priorities to use on the ciphers, key exchange methods,
- * macs and compression methods.
- *
- * On success 0 is returned.
- *
- **/
-int
-MHD__gnutls_priority_set (MHD_gtls_session_t session,
-                          MHD_gnutls_priority_t priority)
-{
-  if (priority == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_NO_CIPHER_SUITES;
-    }
-
-  memcpy (&session->internals.priorities, priority,
-          sizeof (struct MHD_gtls_priority_st));
-
-  return 0;
-}
-
-/**
- * MHD_tls_set_default_priority - Sets priorities for the cipher suites supported by gnutls.
- * @priority_cache: is a #MHD_gnutls_prioritity_t structure.
- * @priorities: is a string describing priorities
- * @err_pos: In case of an error this will have the position in the string the error occured
- *
- * Sets priorities for the ciphers, key exchange methods, macs and
- * compression methods. This is to avoid using the
- * MHD_gnutls_*_priority() functions.
- *
- * The #priorities option allows you to specify a semi-colon
- * separated list of the cipher priorities to enable.
- *
- * Unless the first keyword is "NONE" the defaults are:
- * Protocols: TLS1.1, TLS1.0, and SSL3.0.
- * Compression: NULL.
- * Certificate types: X.509, OpenPGP.
- *
- * You can also use predefined sets of ciphersuites: "PERFORMANCE"
- * all the "secure" ciphersuites are enabled, limited to 128 bit
- * ciphers and sorted by terms of speed performance.
- *
- * "NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers
- * are included as a fallback only. The ciphers are sorted by security margin.
- *
- * "SECURE128" flag enables all "secure" ciphersuites with ciphers up to
- * 128 bits, sorted by security margin.
- *
- * "SECURE256" flag enables all "secure" ciphersuites including the 256 bit
- * ciphers, sorted by security margin.
- *
- * "EXPORT" all the ciphersuites are enabled, including the
- * low-security 40 bit ciphers.
- *
- * "NONE" nothing is enabled. This disables even protocols and
- * compression methods.
- *
- * Special keywords:
- * '!' or '-' appended with an algorithm will remove this algorithm.
- * '+' appended with an algorithm will add this algorithm.
- * '%COMPAT' will enable compatibility features for a server.
- *
- * To avoid collisions in order to specify a compression algorithm in
- * this string you have to prefix it with "COMP-", protocol versions
- * with "VERS-" and certificate types with "CTYPE-". All other
- * algorithms don't need a prefix.
- *
- * For key exchange algorithms when in NORMAL or SECURE levels the
- * perfect forward secrecy algorithms take precendence of the other
- * protocols.  In all cases all the supported key exchange algorithms
- * are enabled (except for the RSA-EXPORT which is only enabled in
- * EXPORT level).
- *
- * Note that although one can select very long key sizes (such as 256 bits)
- * for symmetric algorithms, to actually increase security the public key
- * algorithms have to use longer key sizes as well.
- *
- * Examples: "NORMAL:!AES-128-CBC",
- * "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE:+CTYPE-OPENPGP",
- * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL",
- * "NORMAL:%COMPAT".
- *
- * Returns: On syntax error GNUTLS_E_INVALID_REQUEST is returned and
- * 0 on success.
- **/
-int
-MHD_tls_set_default_priority (MHD_gnutls_priority_t * priority_cache,
-                              const char *priorities, const char **err_pos)
-{
-  *priority_cache =
-    MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_priority_st));
-  if (*priority_cache == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  /* set mode to "SECURE256" */
-  _set_priority (&(*priority_cache)->protocol, MHD_gtls_protocol_priority);
-  _set_priority (&(*priority_cache)->cipher,
-                 MHD_gtls_cipher_priority_secure256);
-  _set_priority (&(*priority_cache)->kx, MHD_gtls_kx_priority_secure);
-  _set_priority (&(*priority_cache)->mac, MHD_gtls_mac_priority_secure);
-  _set_priority (&(*priority_cache)->cert_type, MHD_gtls_cert_type_priority);
-  _set_priority (&(*priority_cache)->compression, MHD_gtls_comp_priority);
-
-  (*priority_cache)->no_padding = 0;
-  return 0;
-}
-
-/**
- * MHD__gnutls_priority_deinit - Deinitialize the priorities cache for the cipher suites supported by gnutls.
- * @priority_cache: is a #MHD_gnutls_prioritity_t structure.
- *
- * Deinitializes the priority cache.
- *
- **/
-void
-MHD__gnutls_priority_deinit (MHD_gnutls_priority_t priority_cache)
-{
-  MHD_gnutls_free (priority_cache);
-}
-
-/**
- * MHD__gnutls_priority_set_direct - Sets priorities for the cipher suites supported by gnutls.
- * @session: is a #MHD_gtls_session_t structure.
- * @priorities: is a string describing priorities
- * @err_pos: In case of an error this will have the position in the string the error occured
- *
- * Sets the priorities to use on the ciphers, key exchange methods,
- * macs and compression methods. This function avoids keeping a
- * priority cache and is used to directly set string priorities to a
- * TLS session.  For documentation check the MHD_tls_set_default_priority().
- *
- * On syntax error GNUTLS_E_INVALID_REQUEST is returned and 0 on success.
- *
- **/
-int
-MHD__gnutls_priority_set_direct (MHD_gtls_session_t session,
-                                 const char *priorities, const char **err_pos)
-{
-  MHD_gnutls_priority_t prio;
-  int ret;
-
-  ret = MHD_tls_set_default_priority (&prio, priorities, err_pos);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = MHD__gnutls_priority_set (session, prio);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  MHD__gnutls_priority_deinit (prio);
-
-  return 0;
-}

src/daemon/https/tls/gnutls_record.c

@@ -1,1087 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions that are record layer specific, are included in this file.
- */
-
-#include "gnutls_int.h"
-#include "gnutls_errors.h"
-#include "debug.h"
-#include "gnutls_cipher.h"
-#include "gnutls_buffers.h"
-#include "gnutls_handshake.h"
-#include "gnutls_hash_int.h"
-#include "gnutls_cipher_int.h"
-#include "gnutls_algorithms.h"
-#include "gnutls_auth_int.h"
-#include "gnutls_num.h"
-#include "gnutls_record.h"
-#include "gnutls_datum.h"
-#include "ext_max_record.h"
-#include <gnutls_state.h>
-#include <gnutls_dh.h>
-
-/**
- * MHD__gnutls_protocol_get_version - Returns the version of the currently used protocol
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the version of the currently used protocol.
- **/
-enum MHD_GNUTLS_Protocol
-MHD__gnutls_protocol_get_version (MHD_gtls_session_t session)
-{
-  return session->security_parameters.version;
-}
-
-void
-MHD_gtls_set_current_version (MHD_gtls_session_t session,
-                              enum MHD_GNUTLS_Protocol version)
-{
-  session->security_parameters.version = version;
-}
-
-/**
- * MHD__gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data.
- * @session: is a #MHD_gtls_session_t structure.
- * @num: is the low water value.
- *
- * Used to set the lowat value in order for select to check if there
- * are pending data to socket buffer. Used only if you have changed
- * the default low water value (default is 1).  Normally you will not
- * need that function.  This function is only useful if using
- * berkeley style sockets.  Otherwise it must be called and set lowat
- * to zero.
- **/
-void
-MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num)
-{
-  session->internals.lowat = num;
-}
-
-/**
- * MHD__gnutls_transport_set_ptr - Used to set first argument of the transport functions
- * @session: is a #MHD_gtls_session_t structure.
- * @ptr: is the value.
- *
- * Used to set the first argument of the transport function (like
- * PUSH and PULL).  In berkeley style sockets this function will set
- * the connection handle.
- **/
-void
-MHD__gnutls_transport_set_ptr (MHD_gtls_session_t session,
-                               MHD_gnutls_transport_ptr_t ptr)
-{
-  session->internals.transport_recv_ptr = ptr;
-  session->internals.transport_send_ptr = ptr;
-}
-
-/**
- * MHD__gnutls_bye - This function terminates the current TLS/SSL connection.
- * @session: is a #MHD_gtls_session_t structure.
- * @how: is an integer
- *
- * Terminates the current TLS/SSL connection. The connection should
- * have been initiated using MHD__gnutls_handshake().  @how should be one
- * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
- *
- * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets
- * terminated and further receives and sends will be disallowed.  If
- * the return value is zero you may continue using the connection.
- * %GNUTLS_SHUT_RDWR actually sends an alert containing a close
- * request and waits for the peer to reply with the same message.
- *
- * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated
- * and further sends will be disallowed. In order to reuse the
- * connection you should wait for an EOF from the peer.
- * %GNUTLS_SHUT_WR sends an alert containing a close request.
- *
- * Note that not all implementations will properly terminate a TLS
- * connection.  Some of them, usually for performance reasons, will
- * terminate only the underlying transport layer, thus causing a
- * transmission error to the peer.  This error cannot be
- * distinguished from a malicious party prematurely terminating the
- * session, thus this behavior is not recommended.
- *
- * This function may also return %GNUTLS_E_AGAIN or
- * %GNUTLS_E_INTERRUPTED; cf.  MHD__gnutls_record_get_direction().
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
- *   function documentation for entire semantics.
- **/
-int
-MHD__gnutls_bye (MHD_gtls_session_t session, MHD_gnutls_close_request_t how)
-{
-  int ret = 0;
-
-  switch (STATE)
-    {
-    case STATE0:
-    case STATE60:
-      ret = MHD_gtls_io_write_flush (session);
-      STATE = STATE60;
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    case STATE61:
-      ret =
-        MHD__gnutls_alert_send (session, GNUTLS_AL_WARNING,
-                                GNUTLS_A_CLOSE_NOTIFY);
-      STATE = STATE61;
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-    case STATE62:
-      STATE = STATE62;
-      if (how == GNUTLS_SHUT_RDWR)
-        {
-          do
-            {
-              MHD_gtls_io_clear_peeked_data (session);
-              ret = MHD_gtls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0);
-            }
-          while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
-
-          if (ret >= 0)
-            session->internals.may_not_read = 1;
-
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-        }
-      STATE = STATE62;
-
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  STATE = STATE0;
-
-  session->internals.may_not_write = 1;
-  return 0;
-}
-
-inline static void
-session_invalidate (MHD_gtls_session_t session)
-{
-  session->internals.valid_connection = VALID_FALSE;
-}
-
-inline static void
-session_unresumable (MHD_gtls_session_t session)
-{
-  session->internals.resumable = RESUME_FALSE;
-}
-
-/* returns 0 if session is valid
- */
-inline static int
-session_is_valid (MHD_gtls_session_t session)
-{
-  if (session->internals.valid_connection == VALID_FALSE)
-    return GNUTLS_E_INVALID_SESSION;
-
-  return 0;
-}
-
-/* Copies the record version into the headers. The
- * version must have 2 bytes at least.
- */
-inline static void
-copy_record_version (MHD_gtls_session_t session,
-                     MHD_gnutls_handshake_description_t htype,
-                     opaque version[2])
-{
-  enum MHD_GNUTLS_Protocol lver;
-
-  if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
-      || session->internals.default_record_version[0] == 0)
-    {
-      lver = MHD__gnutls_protocol_get_version (session);
-
-      version[0] = MHD_gtls_version_get_major (lver);
-      version[1] = MHD_gtls_version_get_minor (lver);
-    }
-  else
-    {
-      version[0] = session->internals.default_record_version[0];
-      version[1] = session->internals.default_record_version[1];
-    }
-}
-
-/* This function behaves exactly like write(). The only difference is
- * that it accepts, the MHD_gtls_session_t and the content_type_t of data to
- * send (if called by the user the Content is specific)
- * It is intended to transfer data, under the current session.
- *
- * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
- * This makes the function much easier to read, and more error resistant
- * (there were cases were the old function could mess everything up).
- * --nmav
- *
- * This function may accept a NULL pointer for data, and 0 for size, if
- * and only if the previous send was interrupted for some reason.
- *
- */
-ssize_t
-MHD_gtls_send_int (MHD_gtls_session_t session,
-                   content_type_t type,
-                   MHD_gnutls_handshake_description_t htype,
-                   const void *_data, size_t sizeofdata)
-{
-  uint8_t *cipher;
-  int cipher_size;
-  int retval, ret;
-  int data2send_size;
-  uint8_t headers[5];
-  const uint8_t *data = _data;
-
-  /* Do not allow null pointer if the send buffer is empty.
-   * If the previous send was interrupted then a null pointer is
-   * ok, and means to resume.
-   */
-  if (session->internals.record_send_buffer.length == 0 && (sizeofdata == 0
-                                                            && _data == NULL))
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  if (type != GNUTLS_ALERT)     /* alert messages are sent anyway */
-    if (session_is_valid (session) || session->internals.may_not_write != 0)
-      {
-        MHD_gnutls_assert ();
-        return GNUTLS_E_INVALID_SESSION;
-      }
-
-  headers[0] = type;
-
-  /* Use the default record version, if it is
-   * set.
-   */
-  copy_record_version (session, htype, &headers[1]);
-
-  MHD__gnutls_record_log
-    ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session,
-     (int) MHD_gtls_uint64touint32 (&session->connection_state.
-                                    write_sequence_number),
-     MHD__gnutls_packet2str (type), type, sizeofdata);
-
-  if (sizeofdata > MAX_RECORD_SEND_SIZE)
-    data2send_size = MAX_RECORD_SEND_SIZE;
-  else
-    data2send_size = sizeofdata;
-
-  /* Only encrypt if we don't have data to send
-   * from the previous run. - probably interrupted.
-   */
-  if (session->internals.record_send_buffer.length > 0)
-    {
-      ret = MHD_gtls_io_write_flush (session);
-      if (ret > 0)
-        cipher_size = ret;
-      else
-        cipher_size = 0;
-
-      cipher = NULL;
-
-      retval = session->internals.record_send_buffer_user_size;
-    }
-  else
-    {
-      /* now proceed to packet encryption
-       */
-      cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
-      cipher = MHD_gnutls_malloc (cipher_size);
-      if (cipher == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      cipher_size =
-        MHD_gtls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
-                          data2send_size, cipher, cipher_size, type,
-                          (session->internals.priorities.no_padding ==
-                           0) ? 1 : 0);
-      if (cipher_size <= 0)
-        {
-          MHD_gnutls_assert ();
-          if (cipher_size == 0)
-            cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
-          MHD_gnutls_free (cipher);
-          return cipher_size;   /* error */
-        }
-
-      retval = data2send_size;
-      session->internals.record_send_buffer_user_size = data2send_size;
-
-      /* increase sequence number
-       */
-      if (MHD_gtls_uint64pp
-          (&session->connection_state.write_sequence_number) != 0)
-        {
-          session_invalidate (session);
-          MHD_gnutls_assert ();
-          MHD_gnutls_free (cipher);
-          return GNUTLS_E_RECORD_LIMIT_REACHED;
-        }
-
-      ret = MHD_gtls_io_write_buffered (session, cipher, cipher_size);
-      MHD_gnutls_free (cipher);
-    }
-
-  if (ret != cipher_size)
-    {
-      if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0)
-        {
-          /* If we have sent any data then just return
-           * the error value. Do not invalidate the session.
-           */
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      if (ret > 0)
-        {
-          MHD_gnutls_assert ();
-          ret = GNUTLS_E_INTERNAL_ERROR;
-        }
-      session_unresumable (session);
-      session->internals.may_not_write = 1;
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  session->internals.record_send_buffer_user_size = 0;
-
-  MHD__gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n",
-                          session,
-                          (int)
-                          MHD_gtls_uint64touint32
-                          (&session->connection_state.write_sequence_number),
-                          MHD__gnutls_packet2str (type), type, cipher_size);
-
-  return retval;
-}
-
-/* This function is to be called if the handshake was successfully
- * completed. This sends a Change Cipher Spec packet to the peer.
- */
-ssize_t
-MHD_gtls_send_change_cipher_spec (MHD_gtls_session_t session, int again)
-{
-  static const opaque data[1] = {
-    GNUTLS_TYPE_CHANGE_CIPHER_SPEC
-  };
-
-  MHD__gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session);
-
-  if (again == 0)
-    return MHD_gtls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data,
-                              1);
-  else
-    {
-      return MHD_gtls_io_write_flush (session);
-    }
-}
-
-inline static int
-check_recv_type (content_type_t recv_type)
-{
-  switch (recv_type)
-    {
-    case GNUTLS_CHANGE_CIPHER_SPEC:
-    case GNUTLS_ALERT:
-    case GNUTLS_HANDSHAKE:
-    case GNUTLS_APPLICATION_DATA:
-    case GNUTLS_INNER_APPLICATION:
-      return 0;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_A_UNEXPECTED_MESSAGE;
-    }
-
-}
-
-/* Checks if there are pending data in the record buffers. If there are
- * then it copies the data.
- */
-static int
-check_buffers (MHD_gtls_session_t session,
-               content_type_t type, opaque * data, int sizeofdata)
-{
-  if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type
-       == GNUTLS_INNER_APPLICATION)
-      && MHD_gnutls_record_buffer_get_size (type, session) > 0)
-    {
-      int ret, ret2;
-      ret = MHD_gtls_record_buffer_get (type, session, data, sizeofdata);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      /* if the buffer just got empty */
-      if (MHD_gnutls_record_buffer_get_size (type, session) == 0)
-        {
-          if ((ret2 = MHD_gtls_io_clear_peeked_data (session)) < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret2;
-            }
-        }
-
-      return ret;
-    }
-
-  return 0;
-}
-
-/* Checks the record headers and returns the length, version and
- * content type.
- */
-static int
-record_check_headers (MHD_gtls_session_t session,
-                      uint8_t headers[RECORD_HEADER_SIZE],
-                      content_type_t type,
-                      MHD_gnutls_handshake_description_t htype,
-                      /*output */ content_type_t * recv_type,
-                      opaque version[2],
-                      uint16_t * length, uint16_t * header_size)
-{
-
-  /* Read the first two bytes to determine if this is a
-   * version 2 message
-   */
-
-  if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
-      && headers[0] > 127)
-    {
-
-      /* if msb set and expecting handshake message
-       * it should be SSL 2 hello
-       */
-      version[0] = 3;           /* assume SSL 3.0 */
-      version[1] = 0;
-
-      *length = (((headers[0] & 0x7f) << 8)) | headers[1];
-
-      /* SSL 2.0 headers */
-      *header_size = 2;
-      *recv_type = GNUTLS_HANDSHAKE;    /* we accept only v2 client hello
-                                         */
-
-      /* in order to assist the handshake protocol.
-       * V2 compatibility is a mess.
-       */
-      session->internals.v2_hello = *length;
-
-      MHD__gnutls_record_log ("REC[%x]: V2 packet received. Length: %d\n",
-                              session, *length);
-
-    }
-  else
-    {
-      /* version 3.x */
-      *recv_type = headers[0];
-      version[0] = headers[1];
-      version[1] = headers[2];
-
-      /* No DECR_LEN, since headers has enough size.
-       */
-      *length = MHD_gtls_read_uint16 (&headers[3]);
-    }
-
-  return 0;
-}
-
-/* Here we check if the advertized version is the one we
- * negotiated in the handshake.
- */
-inline static int
-record_check_version (MHD_gtls_session_t session,
-                      MHD_gnutls_handshake_description_t htype,
-                      opaque version[2])
-{
-  if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
-    {
-      /* Reject hello packets with major version higher than 3.
-       */
-      if (version[0] > 3)
-        {
-          MHD_gnutls_assert ();
-          MHD__gnutls_record_log
-            ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session,
-             htype, version[0], version[1]);
-          return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
-        }
-    }
-  else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO
-           && MHD__gnutls_protocol_get_version (session)
-           != MHD_gtls_version_get (version[0], version[1]))
-    {
-      /* Reject record packets that have a different version than the
-       * one negotiated. Note that this version is not protected by any
-       * mac. I don't really think that this check serves any purpose.
-       */
-      MHD_gnutls_assert ();
-      MHD__gnutls_record_log ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n",
-                              session, htype, version[0], version[1]);
-
-      return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
-    }
-
-  return 0;
-}
-
-/* This function will check if the received record type is
- * the one we actually expect.
- */
-static int
-record_check_type (MHD_gtls_session_t session,
-                   content_type_t recv_type,
-                   content_type_t type,
-                   MHD_gnutls_handshake_description_t htype,
-                   opaque * data, int data_size)
-{
-
-  int ret;
-
-  if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type
-                              == GNUTLS_HANDSHAKE
-                              || type == GNUTLS_INNER_APPLICATION))
-    {
-      MHD_gnutls_record_buffer_put (type, session, (void *) data, data_size);
-    }
-  else
-    {
-      switch (recv_type)
-        {
-        case GNUTLS_ALERT:
-
-          MHD__gnutls_record_log
-            ("REC[%x]: Alert[%d|%d] - %s - was received\n", session,
-             data[0], data[1], MHD__gnutls_alert_get_name ((int) data[1]));
-
-          session->internals.last_alert = data[1];
-          session->internals.last_alert_level = data[0];
-
-          /* if close notify is received and
-           * the alert is not fatal
-           */
-          if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
-            {
-              /* If we have been expecting for an alert do
-               */
-              session->internals.read_eof = 1;
-              return GNUTLS_E_INT_RET_0;        /* EOF */
-            }
-          else
-            {
-
-              /* if the alert is FATAL or WARNING
-               * return the apropriate message
-               */
-              MHD_gnutls_assert ();
-              ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
-              if (data[0] == GNUTLS_AL_FATAL)
-                {
-                  session_unresumable (session);
-                  session_invalidate (session);
-                  ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
-                }
-
-              return ret;
-            }
-          break;
-
-        case GNUTLS_CHANGE_CIPHER_SPEC:
-          /* this packet is now handled in the recv_int()
-           * function
-           */
-          MHD_gnutls_assert ();
-
-          return GNUTLS_E_UNEXPECTED_PACKET;
-
-        case GNUTLS_APPLICATION_DATA:
-          /* even if data is unexpected put it into the buffer */
-          if ((ret =
-               MHD_gnutls_record_buffer_put (recv_type, session,
-                                             (void *) data, data_size)) < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-
-          /* the got_application data is only returned
-           * if expecting client hello (for rehandshake
-           * reasons). Otherwise it is an unexpected packet
-           */
-          if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
-                                       && type == GNUTLS_HANDSHAKE))
-            return GNUTLS_E_GOT_APPLICATION_DATA;
-          else
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_UNEXPECTED_PACKET;
-            }
-
-          break;
-        case GNUTLS_HANDSHAKE:
-          /* This is legal if HELLO_REQUEST is received - and we are a client.
-           * If we are a server, a client may initiate a renegotiation at any time.
-           */
-          if (session->security_parameters.entity == GNUTLS_SERVER)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_REHANDSHAKE;
-            }
-
-          /* If we are already in a handshake then a Hello
-           * Request is illegal. But here we don't really care
-           * since this message will never make it up here.
-           */
-
-          /* So we accept it */
-          return MHD_gtls_recv_hello_request (session, data, data_size);
-
-          break;
-        case GNUTLS_INNER_APPLICATION:
-          /* even if data is unexpected put it into the buffer */
-          if ((ret =
-               MHD_gnutls_record_buffer_put (recv_type, session,
-                                             (void *) data, data_size)) < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret;
-            }
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_PACKET;
-          break;
-        default:
-
-          MHD__gnutls_record_log
-            ("REC[%x]: Received Unknown packet %d expecting %d\n",
-             session, recv_type, type);
-
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-    }
-
-  return 0;
-
-}
-
-/* This function will return the internal (per session) temporary
- * recv buffer. If the buffer was not initialized before it will
- * also initialize it.
- */
-inline static int
-get_temp_recv_buffer (MHD_gtls_session_t session, MHD_gnutls_datum_t * tmp)
-{
-  size_t max_record_size;
-
-  max_record_size = MAX_RECORD_RECV_SIZE;
-
-  /* We allocate MAX_RECORD_RECV_SIZE length
-   * because we cannot predict the output data by the record
-   * packet length (due to compression).
-   */
-
-  if (max_record_size > session->internals.recv_buffer.size
-      || session->internals.recv_buffer.data == NULL)
-    {
-
-      /* Initialize the internal buffer.
-       */
-      session->internals.recv_buffer.data
-        =
-        MHD_gnutls_realloc (session->internals.recv_buffer.data,
-                            max_record_size);
-
-      if (session->internals.recv_buffer.data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-
-      session->internals.recv_buffer.size = max_record_size;
-    }
-
-  tmp->data = session->internals.recv_buffer.data;
-  tmp->size = session->internals.recv_buffer.size;
-
-  return 0;
-}
-
-#define MAX_EMPTY_PACKETS_SEQUENCE 4
-
-/* This function behaves exactly like read(). The only difference is
- * that it accepts the MHD_gtls_session_t and the content_type_t of data to
- * receive (if called by the user the Content is Userdata only)
- * It is intended to receive data, under the current session.
- *
- * The MHD_gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
- */
-ssize_t
-MHD_gtls_recv_int (MHD_gtls_session_t session,
-                   content_type_t type,
-                   MHD_gnutls_handshake_description_t htype,
-                   opaque * data, size_t sizeofdata)
-{
-  MHD_gnutls_datum_t tmp;
-  int decrypted_length;
-  opaque version[2];
-  uint8_t *headers;
-  content_type_t recv_type;
-  uint16_t length;
-  uint8_t *ciphertext;
-  uint8_t *recv_data;
-  int ret, ret2;
-  uint16_t header_size;
-  int empty_packet = 0;
-
-  if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL))
-    {
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-begin:
-
-  if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
-    }
-
-  if (session->internals.read_eof != 0)
-    {
-      /* if we have already read an EOF
-       */
-      return 0;
-    }
-  else if (session_is_valid (session) != 0 || session->internals.may_not_read
-           != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_SESSION;
-    }
-
-  /* If we have enough data in the cache do not bother receiving
-   * a new packet. (in order to flush the cache)
-   */
-  ret = check_buffers (session, type, data, sizeofdata);
-  if (ret != 0)
-    return ret;
-
-  /* default headers for TLS 1.0
-   */
-  header_size = RECORD_HEADER_SIZE;
-
-  if ((ret = MHD_gtls_io_read_buffered (session, &headers, header_size, -1))
-      != header_size)
-    {
-      if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0)
-        return ret;
-
-      session_invalidate (session);
-      if (type == GNUTLS_ALERT)
-        {
-          MHD_gnutls_assert ();
-          return 0;             /* we were expecting close notify */
-        }
-      session_unresumable (session);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  if ((ret = record_check_headers (session, headers, type, htype, &recv_type,
-                                   version, &length, &header_size)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* Here we check if the Type of the received packet is
-   * ok.
-   */
-  if ((ret = check_recv_type (recv_type)) < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* Here we check if the advertized version is the one we
-   * negotiated in the handshake.
-   */
-  if ((ret = record_check_version (session, htype, version)) < 0)
-    {
-      MHD_gnutls_assert ();
-      session_invalidate (session);
-      return ret;
-    }
-
-  MHD__gnutls_record_log
-    ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session,
-     (int) MHD_gtls_uint64touint32 (&session->connection_state.
-                                    read_sequence_number),
-     MHD__gnutls_packet2str (type), type, sizeofdata);
-  MHD__gnutls_record_log
-    ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session,
-     (int) MHD_gtls_uint64touint32 (&session->connection_state.
-                                    read_sequence_number),
-     MHD__gnutls_packet2str (recv_type), recv_type, length);
-
-  if (length > MAX_RECV_SIZE)
-    {
-      MHD__gnutls_record_log
-        ("REC[%x]: FATAL ERROR: Received packet with length: %d\n",
-         session, length);
-
-      session_unresumable (session);
-      session_invalidate (session);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  /* check if we have that data into buffer.
-   */
-  if ((ret = MHD_gtls_io_read_buffered (session, &recv_data,
-                                        header_size + length, recv_type))
-      != header_size + length)
-    {
-      if (ret < 0 && MHD_gtls_error_is_fatal (ret) == 0)
-        return ret;
-
-      session_unresumable (session);
-      session_invalidate (session);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  /* ok now we are sure that we can read all the data - so
-   * move on !
-   */
-  MHD_gtls_io_clear_read_buffer (session);
-  ciphertext = &recv_data[header_size];
-
-  ret = get_temp_recv_buffer (session, &tmp);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* decrypt the data we got. */
-  ret = MHD_gtls_decrypt (session, ciphertext, length, tmp.data, tmp.size,
-                          recv_type);
-  if (ret < 0)
-    {
-      session_unresumable (session);
-      session_invalidate (session);
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  decrypted_length = ret;
-
-  /* Check if this is a CHANGE_CIPHER_SPEC
-   */
-  if (type == GNUTLS_CHANGE_CIPHER_SPEC && recv_type
-      == GNUTLS_CHANGE_CIPHER_SPEC)
-    {
-
-      MHD__gnutls_record_log
-        ("REC[%x]: ChangeCipherSpec Packet was received\n", session);
-
-      if ((size_t) ret != sizeofdata)
-        {                       /* sizeofdata should be 1 */
-          MHD_gnutls_assert ();
-          return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-        }
-      memcpy (data, tmp.data, sizeofdata);
-
-      return ret;
-    }
-
-  MHD__gnutls_record_log
-    ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session,
-     (int) MHD_gtls_uint64touint32 (&session->connection_state.
-                                    read_sequence_number),
-     MHD__gnutls_packet2str (recv_type), recv_type, decrypted_length);
-
-  /* increase sequence number
-   */
-  if (MHD_gtls_uint64pp (&session->connection_state.read_sequence_number) !=
-      0)
-    {
-      session_invalidate (session);
-      MHD_gnutls_assert ();
-      return GNUTLS_E_RECORD_LIMIT_REACHED;
-    }
-
-  /* check type - this will also invalidate sessions if a fatal alert has been received */
-  ret = record_check_type (session, recv_type, type, htype, tmp.data,
-                           decrypted_length);
-  if (ret < 0)
-    {
-      if (ret == GNUTLS_E_INT_RET_0)
-        return 0;
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* Get Application data from buffer
-   */
-  if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type
-                              == GNUTLS_HANDSHAKE
-                              || type == GNUTLS_INNER_APPLICATION))
-    {
-
-      ret = MHD_gtls_record_buffer_get (type, session, data, sizeofdata);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      /* if the buffer just got empty
-       */
-      if (MHD_gnutls_record_buffer_get_size (type, session) == 0)
-        {
-          if ((ret2 = MHD_gtls_io_clear_peeked_data (session)) < 0)
-            {
-              MHD_gnutls_assert ();
-              return ret2;
-            }
-        }
-    }
-  else
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET;
-      /* we didn't get what we wanted to
-       */
-    }
-
-  /* (originally for) TLS 1.0 CBC protection.
-   * Actually this code is called if we just received
-   * an empty packet. An empty TLS packet is usually
-   * sent to protect some vulnerabilities in the CBC mode.
-   * In that case we go to the beginning and start reading
-   * the next packet.
-   */
-  if (ret == 0)
-    {
-      empty_packet++;
-      goto begin;
-    }
-
-  return ret;
-}
-
-/**
- * MHD__gnutls_record_send - sends to the peer the specified data
- * @session: is a #MHD_gtls_session_t structure.
- * @data: contains the data to send
- * @sizeofdata: is the length of the data
- *
- * This function has the similar semantics with send(). The only
- * difference is that is accepts a GNUTLS session, and uses different
- * error codes.
- *
- * Note that if the send buffer is full, send() will block this
- * function.  See the send() documentation for full information.  You
- * can replace the default push function by using
- * MHD__gnutls_transport_set_ptr2() with a call to send() with a
- * MSG_DONTWAIT flag if blocking is a problem.
- *
- * If the EINTR is returned by the internal push function (the
- * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If
- * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
- * call this function again, with the same parameters; alternatively
- * you could provide a %NULL pointer for data, and 0 for
- * size. cf. MHD__gnutls_record_get_direction().
- *
- * Returns: the number of bytes sent, or a negative error code.  The
- * number of bytes sent might be less than @sizeofdata.  The maximum
- * number of bytes this function can send in a single call depends on
- * the negotiated maximum record size.
- **/
-ssize_t
-MHD__gnutls_record_send (MHD_gtls_session_t session,
-                         const void *data, size_t sizeofdata)
-{
-  return MHD_gtls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data,
-                            sizeofdata);
-}
-
-/**
- * MHD__gnutls_record_recv - reads data from the TLS record protocol
- * @session: is a #MHD_gtls_session_t structure.
- * @data: the buffer that the data will be read into
- * @sizeofdata: the number of requested bytes
- *
- * This function has the similar semantics with recv(). The only
- * difference is that is accepts a GNUTLS session, and uses different
- * error codes.
- *
- * In the special case that a server requests a renegotiation, the
- * client may receive an error code of %GNUTLS_E_REHANDSHAKE.  This
- * message may be simply ignored, replied with an alert containing
- * NO_RENEGOTIATION, or replied with a new handshake, depending on
- * the client's will.
- *
- * If %EINTR is returned by the internal push function (the default
- * is recv()) then %GNUTLS_E_INTERRUPTED will be returned.  If
- * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
- * call this function again to get the data.  See also
- * MHD__gnutls_record_get_direction().
- *
- * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
- * initiated a handshake. In that case the server can only initiate a
- * handshake or terminate the connection.
- *
- * Returns: the number of bytes received and zero on EOF.  A negative
- * error code is returned in case of an error.  The number of bytes
- * received might be less than @sizeofdata.
- **/
-ssize_t
-MHD__gnutls_record_recv (MHD_gtls_session_t session, void *data,
-                         size_t sizeofdata)
-{
-  return MHD_gtls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data,
-                            sizeofdata);
-}

src/daemon/https/tls/gnutls_record.h

@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-ssize_t MHD_gtls_send_int (MHD_gtls_session_t session, content_type_t type,
-                           MHD_gnutls_handshake_description_t htype,
-                           const void *data, size_t sizeofdata);
-ssize_t MHD_gtls_recv_int (MHD_gtls_session_t session, content_type_t type,
-                           MHD_gnutls_handshake_description_t, opaque * data,
-                           size_t sizeofdata);
-ssize_t MHD_gtls_send_change_cipher_spec (MHD_gtls_session_t session,
-                                          int again);
-void MHD__gnutls_transport_set_lowat (MHD_gtls_session_t session, int num);

src/daemon/https/tls/gnutls_rsa_export.c

@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains code for RSA temporary keys. These keys are
- * only used in export cipher suites.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_datum.h>
-#include <gnutls_rsa_export.h>
-#include "debug.h"
-/* x509 */
-#include "x509.h"
-#include "privkey.h"
-
-/* returns e and m, depends on the requested bits.
- * We only support limited key sizes.
- */
-const mpi_t *
-MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t rsa_params)
-{
-  if (rsa_params == NULL)
-    {
-      return NULL;
-    }
-  return rsa_params->params;
-}
-
-
-/**
-  * MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA parameters
-  * @rsa_params: Is a structure that holds the parameters
-  *
-  * This function will deinitialize the RSA parameters structure.
-  *
-  **/
-void
-MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params)
-{
-  MHD_gnutls_x509_privkey_deinit (rsa_params);
-}

src/daemon/https/tls/gnutls_rsa_export.h

@@ -1,26 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t);
-int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session);

src/daemon/https/tls/gnutls_sig.c

@@ -1,476 +0,0 @@
-/*
- * Copyright (C) 2001, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <x509_b64.h>
-#include <auth_cert.h>
-#include <gnutls_cert.h>
-#include <gnutls_datum.h>
-#include <gnutls_mpi.h>
-#include <gnutls_global.h>
-#include <gnutls_pk.h>
-#include <debug.h>
-#include <gnutls_buffers.h>
-#include <gnutls_sig.h>
-#include <gnutls_kx.h>
-
-static int MHD__gnutls_tls_sign (MHD_gtls_session_t session,
-                                 MHD_gnutls_cert * cert,
-                                 MHD_gnutls_privkey * pkey,
-                                 const MHD_gnutls_datum_t * hash_concat,
-                                 MHD_gnutls_datum_t * signature);
-
-/* Generates a signature of all the previous sent packets in the
- * handshake procedure. (20040227: now it works for SSL 3.0 as well)
- */
-int
-MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session,
-                         MHD_gnutls_cert * cert,
-                         MHD_gnutls_privkey * pkey,
-                         MHD_gnutls_datum_t * signature)
-{
-  MHD_gnutls_datum_t dconcat;
-  int ret;
-  opaque concat[36];
-  mac_hd_t td_md5;
-  mac_hd_t td_sha;
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
-  if (td_sha == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      ret = MHD_gtls_generate_master (session, 1);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16],
-                                            session->security_parameters.
-                                            master_secret, TLS_MASTER_SIZE);
-    }
-  else
-    MHD_gnutls_hash_deinit (td_sha, &concat[16]);
-
-  switch (cert->subject_pk_algorithm)
-    {
-    case MHD_GNUTLS_PK_RSA:
-      td_md5 =
-        MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
-      if (td_md5 == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_HASH_FAILED;
-        }
-
-      if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
-        MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
-                                              session->security_parameters.
-                                              master_secret, TLS_MASTER_SIZE);
-      else
-        MHD_gnutls_hash_deinit (td_md5, concat);
-
-      dconcat.data = concat;
-      dconcat.size = 36;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  ret = MHD__gnutls_tls_sign (session, cert, pkey, &dconcat, signature);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-    }
-
-  return ret;
-}
-
-/* Generates a signature of all the random data and the parameters.
- * Used in DHE_* ciphersuites.
- */
-int
-MHD_gtls_tls_sign_params (MHD_gtls_session_t session,
-                          MHD_gnutls_cert * cert,
-                          MHD_gnutls_privkey * pkey,
-                          MHD_gnutls_datum_t * params,
-                          MHD_gnutls_datum_t * signature)
-{
-  MHD_gnutls_datum_t dconcat;
-  int ret;
-  mac_hd_t td_sha;
-  opaque concat[36];
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  td_sha = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-  if (td_sha == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  MHD_gnutls_hash (td_sha, session->security_parameters.client_random,
-                   TLS_RANDOM_SIZE);
-  MHD_gnutls_hash (td_sha, session->security_parameters.server_random,
-                   TLS_RANDOM_SIZE);
-  MHD_gnutls_hash (td_sha, params->data, params->size);
-
-  switch (cert->subject_pk_algorithm)
-    {
-    case MHD_GNUTLS_PK_RSA:
-      if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
-        {
-          mac_hd_t td_md5 = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
-          if (td_md5 == NULL)
-            {
-              MHD_gnutls_assert ();
-              return GNUTLS_E_HASH_FAILED;
-            }
-
-          MHD_gnutls_hash (td_md5, session->security_parameters.client_random,
-                           TLS_RANDOM_SIZE);
-          MHD_gnutls_hash (td_md5, session->security_parameters.server_random,
-                           TLS_RANDOM_SIZE);
-          MHD_gnutls_hash (td_md5, params->data, params->size);
-
-          MHD_gnutls_hash_deinit (td_md5, concat);
-          MHD_gnutls_hash_deinit (td_sha, &concat[16]);
-
-          dconcat.size = 36;
-        }
-      else
-        {
-#if 1
-          /* Use NULL parameters. */
-          memcpy (concat,
-                  "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
-                  15);
-          MHD_gnutls_hash_deinit (td_sha, &concat[15]);
-          dconcat.size = 35;
-#else
-          /* No parameters field. */
-          memcpy (concat,
-                  "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13);
-          MHD_gnutls_hash_deinit (td_sha, &concat[13]);
-          dconcat.size = 33;
-#endif
-        }
-      dconcat.data = concat;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      MHD_gnutls_hash_deinit (td_sha, NULL);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  ret = MHD__gnutls_tls_sign (session, cert, pkey, &dconcat, signature);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-    }
-
-  return ret;
-
-}
-
-/* This will create a PKCS1 or DSA signature, using the given parameters, and the
- * given data. The output will be allocated and be put in signature.
- */
-static int
-MHD_gtls_sign (enum MHD_GNUTLS_PublicKeyAlgorithm algo,
-               mpi_t * params,
-               int params_size,
-               const MHD_gnutls_datum_t * data,
-               MHD_gnutls_datum_t * signature)
-{
-  int ret;
-
-  switch (algo)
-    {
-    case MHD_GNUTLS_PK_RSA:
-      /* encrypt */
-      if ((ret =
-           MHD_gtls_pkcs1_rsa_encrypt (signature, data, params, params_size,
-                                       1)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-      break;
-    }
-
-  return 0;
-}
-
-/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
- * Cert is the certificate of the corresponding private key. It is only checked if
- * it supports signing.
- */
-static int
-MHD__gnutls_tls_sign (MHD_gtls_session_t session,
-                      MHD_gnutls_cert * cert,
-                      MHD_gnutls_privkey * pkey,
-                      const MHD_gnutls_datum_t * hash_concat,
-                      MHD_gnutls_datum_t * signature)
-{
-
-  /* If our certificate supports signing
-   */
-
-  if (cert != NULL)
-    if (cert->key_usage != 0)
-      if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_KEY_USAGE_VIOLATION;
-        }
-
-  /* External signing. */
-  if (!pkey || pkey->params_size == 0)
-    {
-      if (!session->internals.sign_func)
-        return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-
-      return (*session->internals.sign_func) (session,
-                                              session->internals.
-                                              sign_func_userdata,
-                                              cert->cert_type, &cert->raw,
-                                              hash_concat, signature);
-    }
-
-  return MHD_gtls_sign (pkey->pk_algorithm, pkey->params, pkey->params_size,
-                        hash_concat, signature);
-}
-
-static int
-MHD__gnutls_verify_sig (MHD_gnutls_cert * cert,
-                        const MHD_gnutls_datum_t * hash_concat,
-                        MHD_gnutls_datum_t * signature, size_t sha1pos)
-{
-  int ret;
-  MHD_gnutls_datum_t vdata;
-
-  if ((cert == NULL) || (cert->version == 0))
-    {                           /* this is the only way to check
-                                 * if it is initialized
-                                 */
-      MHD_gnutls_assert ();
-      return GNUTLS_E_CERTIFICATE_ERROR;
-    }
-
-  /* If the certificate supports signing continue.
-   */
-  if (cert != NULL)
-    if (cert->key_usage != 0)
-      if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_KEY_USAGE_VIOLATION;
-        }
-
-  switch (cert->subject_pk_algorithm)
-    {
-    case MHD_GNUTLS_PK_RSA:
-
-      vdata.data = hash_concat->data;
-      vdata.size = hash_concat->size;
-
-      /* verify signature */
-      if ((ret = MHD_gtls_rsa_verify (&vdata, signature, cert->params,
-                                      cert->params_size, 1)) < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  return 0;
-}
-
-/* Verifies a TLS signature (like the one in the client certificate
- * verify message).
- */
-int
-MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session,
-                           MHD_gnutls_cert * cert,
-                           MHD_gnutls_datum_t * signature)
-{
-  int ret;
-  opaque concat[36];
-  mac_hd_t td_md5;
-  mac_hd_t td_sha;
-  MHD_gnutls_datum_t dconcat;
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  td_md5 = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_md5);
-  if (td_md5 == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  td_sha = MHD_gnutls_hash_copy (session->internals.handshake_mac_handle_sha);
-  if (td_sha == NULL)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_hash_deinit (td_md5, NULL);
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  if (ver == MHD_GNUTLS_PROTOCOL_SSL3)
-    {
-      ret = MHD_gtls_generate_master (session, 1);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      MHD_gnutls_mac_deinit_ssl3_handshake (td_md5, concat,
-                                            session->security_parameters.
-                                            master_secret, TLS_MASTER_SIZE);
-      MHD_gnutls_mac_deinit_ssl3_handshake (td_sha, &concat[16],
-                                            session->security_parameters.
-                                            master_secret, TLS_MASTER_SIZE);
-    }
-  else
-    {
-      MHD_gnutls_hash_deinit (td_md5, concat);
-      MHD_gnutls_hash_deinit (td_sha, &concat[16]);
-    }
-
-  dconcat.data = concat;
-  dconcat.size = 20 + 16;       /* md5+ sha */
-
-  ret = MHD__gnutls_verify_sig (cert, &dconcat, signature, 16);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return ret;
-
-}
-
-/* Generates a signature of all the random data and the parameters.
- * Used in DHE_* ciphersuites.
- */
-int
-MHD_gtls_verify_sig_params (MHD_gtls_session_t session,
-                            MHD_gnutls_cert * cert,
-                            const MHD_gnutls_datum_t * params,
-                            MHD_gnutls_datum_t * signature)
-{
-  MHD_gnutls_datum_t dconcat;
-  int ret;
-  mac_hd_t td_md5 = NULL;
-  mac_hd_t td_sha;
-  opaque concat[36];
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      td_md5 = MHD_gtls_hash_init (MHD_GNUTLS_MAC_MD5);
-      if (td_md5 == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_HASH_FAILED;
-        }
-
-      MHD_gnutls_hash (td_md5, session->security_parameters.client_random,
-                       TLS_RANDOM_SIZE);
-      MHD_gnutls_hash (td_md5, session->security_parameters.server_random,
-                       TLS_RANDOM_SIZE);
-      MHD_gnutls_hash (td_md5, params->data, params->size);
-    }
-
-  td_sha = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-  if (td_sha == NULL)
-    {
-      MHD_gnutls_assert ();
-      if (td_md5)
-        MHD_gnutls_hash_deinit (td_md5, NULL);
-      return GNUTLS_E_HASH_FAILED;
-    }
-
-  MHD_gnutls_hash (td_sha, session->security_parameters.client_random,
-                   TLS_RANDOM_SIZE);
-  MHD_gnutls_hash (td_sha, session->security_parameters.server_random,
-                   TLS_RANDOM_SIZE);
-  MHD_gnutls_hash (td_sha, params->data, params->size);
-
-  if (ver < MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      MHD_gnutls_hash_deinit (td_md5, concat);
-      MHD_gnutls_hash_deinit (td_sha, &concat[16]);
-      dconcat.size = 36;
-    }
-  else
-    {
-#if 1
-      /* Use NULL parameters. */
-      memcpy (concat,
-              "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
-              15);
-      MHD_gnutls_hash_deinit (td_sha, &concat[15]);
-      dconcat.size = 35;
-#else
-      /* No parameters field. */
-      memcpy (concat,
-              "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13);
-      MHD_gnutls_hash_deinit (td_sha, &concat[13]);
-      dconcat.size = 33;
-#endif
-    }
-
-  dconcat.data = concat;
-
-  ret = MHD__gnutls_verify_sig (cert, &dconcat, signature, dconcat.size - 20);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return ret;
-
-}

src/daemon/https/tls/gnutls_sig.h

@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_SIG_H
-# define GNUTLS_SIG_H
-
-int MHD_gtls_tls_sign_hdata (MHD_gtls_session_t session,
-                             MHD_gnutls_cert * cert,
-                             MHD_gnutls_privkey * pkey,
-                             MHD_gnutls_datum_t * signature);
-
-int MHD_gtls_tls_sign_params (MHD_gtls_session_t session,
-                              MHD_gnutls_cert * cert,
-                              MHD_gnutls_privkey * pkey,
-                              MHD_gnutls_datum_t * params,
-                              MHD_gnutls_datum_t * signature);
-
-int MHD_gtls_verify_sig_hdata (MHD_gtls_session_t session,
-                               MHD_gnutls_cert * cert,
-                               MHD_gnutls_datum_t * signature);
-
-int MHD_gtls_verify_sig_params (MHD_gtls_session_t session,
-                                MHD_gnutls_cert * cert,
-                                const MHD_gnutls_datum_t * params,
-                                MHD_gnutls_datum_t * signature);
-
-
-#endif

src/daemon/https/tls/gnutls_state.c

@@ -1,804 +0,0 @@
-/*
- * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Functions to manipulate the session (MHD_gnutls_int.h), and some other stuff
- * are included here. The file's name is traditionally MHD_gnutls_state even if the
- * state has been renamed to session.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_auth_int.h>
-#include <gnutls_num.h>
-#include <gnutls_datum.h>
-#include <gnutls_record.h>
-#include <gnutls_handshake.h>
-#include <gnutls_dh.h>
-#include <gnutls_buffers.h>
-#include <gnutls_state.h>
-#include <auth_cert.h>
-#include <gnutls_algorithms.h>
-#include <gnutls_rsa_export.h>
-
-void
-MHD__gnutls_session_cert_type_set (MHD_gtls_session_t session,
-                                   enum MHD_GNUTLS_CertificateType ct)
-{
-  session->security_parameters.cert_type = ct;
-}
-
-/**
- * MHD_gnutls_cipher_get - Returns the currently used cipher.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the currently used cipher.
- **/
-enum MHD_GNUTLS_CipherAlgorithm
-MHD_gnutls_cipher_get (MHD_gtls_session_t session)
-{
-  return session->security_parameters.read_bulk_cipher_algorithm;
-}
-
-/**
- * MHD_gnutls_certificate_type_get - Returns the currently used certificate type.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * The certificate type is by default X.509, unless it is negotiated
- * as a TLS extension.
- *
- * Returns: the currently used %enum MHD_GNUTLS_CertificateType certificate
- *   type.
- **/
-enum MHD_GNUTLS_CertificateType
-MHD_gnutls_certificate_type_get (MHD_gtls_session_t session)
-{
-  return session->security_parameters.cert_type;
-}
-
-/**
- * MHD_gnutls_kx_get - Returns the key exchange algorithm.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * Returns: the key exchange algorithm used in the last handshake.
- **/
-enum MHD_GNUTLS_KeyExchangeAlgorithm
-MHD_gnutls_kx_get (MHD_gtls_session_t session)
-{
-  return session->security_parameters.kx_algorithm;
-}
-
-/* Check if the given certificate type is supported.
- * This means that it is enabled by the priority functions,
- * and a matching certificate exists.
- */
-int
-MHD_gtls_session_cert_type_supported (MHD_gtls_session_t session,
-                                      enum MHD_GNUTLS_CertificateType
-                                      cert_type)
-{
-  unsigned i;
-  unsigned cert_found = 0;
-  MHD_gtls_cert_credentials_t cred;
-
-  if (session->security_parameters.entity == GNUTLS_SERVER)
-    {
-      cred
-        = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
-                                                           MHD_GNUTLS_CRD_CERTIFICATE,
-                                                           NULL);
-
-      if (cred == NULL)
-        return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-
-      if (cred->server_get_cert_callback == NULL)
-        {
-          for (i = 0; i < cred->ncerts; i++)
-            {
-              if (cred->cert_list[i][0].cert_type == cert_type)
-                {
-                  cert_found = 1;
-                  break;
-                }
-            }
-
-          if (cert_found == 0)
-            /* no certificate is of that type.
-             */
-            return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-        }
-    }
-
-  if (session->internals.priorities.cert_type.num_algorithms == 0 && cert_type
-      == DEFAULT_CERT_TYPE)
-    return 0;
-
-  for (i = 0; i < session->internals.priorities.cert_type.num_algorithms; i++)
-    {
-      if (session->internals.priorities.cert_type.priority[i] == cert_type)
-        {
-          return 0;             /* ok */
-        }
-    }
-
-  return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-}
-
-/* this function deinitializes all the internal parameters stored
- * in a session struct.
- */
-inline static void
-deinit_internal_params (MHD_gtls_session_t session)
-{
-  if (session->internals.params.free_dh_params)
-    MHD__gnutls_dh_params_deinit (session->internals.params.dh_params);
-
-  if (session->internals.params.free_rsa_params)
-    MHD__gnutls_rsa_params_deinit (session->internals.params.rsa_params);
-
-  memset (&session->internals.params, 0, sizeof (session->internals.params));
-}
-
-/* This function will clear all the variables in internals
- * structure within the session, which depend on the current handshake.
- * This is used to allow further handshakes.
- */
-void
-MHD_gtls_handshake_internal_state_clear (MHD_gtls_session_t session)
-{
-  session->internals.extensions_sent_size = 0;
-
-  /* by default no selected certificate */
-  session->internals.proposed_record_size = DEFAULT_MAX_RECORD_SIZE;
-  session->internals.adv_version_major = 0;
-  session->internals.adv_version_minor = 0;
-  session->internals.v2_hello = 0;
-  memset (&session->internals.handshake_header_buffer, 0,
-          sizeof (MHD_gtls_handshake_header_buffer_st));
-  session->internals.adv_version_minor = 0;
-  session->internals.adv_version_minor = 0;
-  session->internals.direction = 0;
-
-  /* use out of band data for the last
-   * handshake messages received.
-   */
-  session->internals.last_handshake_in = -1;
-  session->internals.last_handshake_out = -1;
-
-  session->internals.resumable = RESUME_TRUE;
-  MHD__gnutls_free_datum (&session->internals.recv_buffer);
-
-  deinit_internal_params (session);
-
-}
-
-#define MIN_DH_BITS 727
-/**
- * MHD__gnutls_init - This function initializes the session to null (null encryption etc...).
- * @con_end: indicate if this session is to be used for server or client.
- * @session: is a pointer to a #MHD_gtls_session_t structure.
- *
- * This function initializes the current session to null. Every
- * session must be initialized before use, so internal structures can
- * be allocated.  This function allocates structures which can only
- * be free'd by calling MHD__gnutls_deinit().  Returns zero on success.
- *
- * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
- *
- * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
- **/
-
-/* TODO rm redundent pointer ref */
-int
-MHD__gnutls_init (MHD_gtls_session_t * session,
-                  MHD_gnutls_connection_end_t con_end)
-{
-  *session = MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_session_int));
-  if (*session == NULL)
-    return GNUTLS_E_MEMORY_ERROR;
-
-  (*session)->security_parameters.entity = con_end;
-
-  /* the default certificate type for TLS */
-  (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
-
-  /* Set the defaults for initial handshake */
-  (*session)->security_parameters.read_bulk_cipher_algorithm =
-    (*session)->security_parameters.write_bulk_cipher_algorithm =
-    MHD_GNUTLS_CIPHER_NULL;
-
-  (*session)->security_parameters.read_mac_algorithm =
-    (*session)->security_parameters.write_mac_algorithm = MHD_GNUTLS_MAC_NULL;
-
-  /* Initialize buffers */
-  MHD_gtls_buffer_init (&(*session)->internals.application_data_buffer);
-  MHD_gtls_buffer_init (&(*session)->internals.handshake_data_buffer);
-  MHD_gtls_buffer_init (&(*session)->internals.handshake_hash_buffer);
-  MHD_gtls_buffer_init (&(*session)->internals.ia_data_buffer);
-
-  MHD_gtls_buffer_init (&(*session)->internals.record_send_buffer);
-  MHD_gtls_buffer_init (&(*session)->internals.record_recv_buffer);
-
-  MHD_gtls_buffer_init (&(*session)->internals.handshake_send_buffer);
-  MHD_gtls_buffer_init (&(*session)->internals.handshake_recv_buffer);
-
-  (*session)->key = MHD_gnutls_calloc (1, sizeof (struct MHD_gtls_key));
-  if ((*session)->key == NULL)
-    {
-    cleanup_session:MHD_gnutls_free (*session);
-      *session = NULL;
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME;      /* one hour default */
-
-  MHD__gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS);
-
-  MHD__gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT);  /* the default for tcp */
-
-  MHD__gnutls_handshake_set_max_packet_length ((*session),
-                                               MAX_HANDSHAKE_PACKET_SIZE);
-
-  /* Allocate a minimum size for recv_data
-   * This is allocated in order to avoid small messages, making
-   * the receive procedure slow.
-   */
-  (*session)->internals.record_recv_buffer.data
-    = MHD_gnutls_malloc (INITIAL_RECV_BUFFER_SIZE);
-  if ((*session)->internals.record_recv_buffer.data == NULL)
-    {
-      MHD_gnutls_free ((*session)->key);
-      goto cleanup_session;
-    }
-
-  /* set the socket pointers to -1; */
-  (*session)->internals.transport_recv_ptr = (MHD_gnutls_transport_ptr_t) - 1;
-  (*session)->internals.transport_send_ptr = (MHD_gnutls_transport_ptr_t) - 1;
-
-  /* set the default maximum record size for TLS
-   */
-  (*session)->security_parameters.max_record_recv_size
-    = DEFAULT_MAX_RECORD_SIZE;
-  (*session)->security_parameters.max_record_send_size
-    = DEFAULT_MAX_RECORD_SIZE;
-
-  /* everything else not initialized here is initialized
-   * as NULL or 0. This is why calloc is used.
-   */
-
-  MHD_gtls_handshake_internal_state_clear (*session);
-
-  return 0;
-}
-
-
-/**
- * MHD__gnutls_deinit - This function clears all buffers associated with a session
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function clears all buffers associated with the @session.
- * This function will also remove session data from the session
- * database if the session was terminated abnormally.
- **/
-void
-MHD__gnutls_deinit (MHD_gtls_session_t session)
-{
-
-  if (session == NULL)
-    return;
-
-  /* remove auth info firstly */
-  MHD_gtls_free_auth_info (session);
-
-  MHD_gtls_handshake_internal_state_clear (session);
-  MHD__gnutls_handshake_io_buffer_clear (session);
-
-  MHD__gnutls_free_datum (&session->connection_state.read_mac_secret);
-  MHD__gnutls_free_datum (&session->connection_state.write_mac_secret);
-
-  MHD_gtls_buffer_clear (&session->internals.ia_data_buffer);
-  MHD_gtls_buffer_clear (&session->internals.handshake_hash_buffer);
-  MHD_gtls_buffer_clear (&session->internals.handshake_data_buffer);
-  MHD_gtls_buffer_clear (&session->internals.application_data_buffer);
-  MHD_gtls_buffer_clear (&session->internals.record_recv_buffer);
-  MHD_gtls_buffer_clear (&session->internals.record_send_buffer);
-
-  MHD__gnutls_credentials_clear (session);
-  MHD_gtls_selected_certs_deinit (session);
-
-  if (session->connection_state.read_cipher_state != NULL)
-    MHD_gnutls_cipher_deinit (session->connection_state.read_cipher_state);
-  if (session->connection_state.write_cipher_state != NULL)
-    MHD_gnutls_cipher_deinit (session->connection_state.write_cipher_state);
-
-  MHD__gnutls_free_datum (&session->cipher_specs.server_write_mac_secret);
-  MHD__gnutls_free_datum (&session->cipher_specs.client_write_mac_secret);
-  MHD__gnutls_free_datum (&session->cipher_specs.server_write_IV);
-  MHD__gnutls_free_datum (&session->cipher_specs.client_write_IV);
-  MHD__gnutls_free_datum (&session->cipher_specs.server_write_key);
-  MHD__gnutls_free_datum (&session->cipher_specs.client_write_key);
-
-  if (session->key != NULL)
-    {
-      MHD_gtls_mpi_release (&session->key->KEY);
-      MHD_gtls_mpi_release (&session->key->client_Y);
-      MHD_gtls_mpi_release (&session->key->client_p);
-      MHD_gtls_mpi_release (&session->key->client_g);
-
-      MHD_gtls_mpi_release (&session->key->u);
-      MHD_gtls_mpi_release (&session->key->a);
-      MHD_gtls_mpi_release (&session->key->x);
-      MHD_gtls_mpi_release (&session->key->A);
-      MHD_gtls_mpi_release (&session->key->B);
-      MHD_gtls_mpi_release (&session->key->b);
-
-      /* RSA */
-      MHD_gtls_mpi_release (&session->key->rsa[0]);
-      MHD_gtls_mpi_release (&session->key->rsa[1]);
-
-      MHD_gtls_mpi_release (&session->key->dh_secret);
-      MHD_gnutls_free (session->key);
-
-      session->key = NULL;
-    }
-
-  memset (session, 0, sizeof (struct MHD_gtls_session_int));
-  MHD_gnutls_free (session);
-}
-
-/* Returns the minimum prime bits that are acceptable.
- */
-int
-MHD_gtls_dh_get_allowed_prime_bits (MHD_gtls_session_t session)
-{
-  return session->internals.dh_prime_bits;
-}
-
-int
-MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public)
-{
-  MHD_gtls_dh_info_st *dh;
-  int ret;
-
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  ret = MHD_gtls_mpi_dprint_lz (&dh->public_key, public);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}
-
-int
-MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits)
-{
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        info->dh.secret_bits = bits;
-        break;
-    default:
-        MHD_gnutls_assert ();
-        return GNUTLS_E_INTERNAL_ERROR;
-      }
-    }
-
-  return 0;
-}
-
-/* This function will set in the auth info structure the
- * RSA exponent and the modulus.
- */
-int
-MHD_gtls_rsa_export_set_pubkey (MHD_gtls_session_t session,
-                                mpi_t exponent, mpi_t modulus)
-{
-  cert_auth_info_t info;
-  int ret;
-
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-
-  ret = MHD_gtls_mpi_dprint_lz (&info->rsa_export.modulus, modulus);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  ret = MHD_gtls_mpi_dprint_lz (&info->rsa_export.exponent, exponent);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (&info->rsa_export.modulus);
-      return ret;
-    }
-
-  return 0;
-}
-
-/* Sets the prime and the generator in the auth info structure.
- */
-int
-MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime)
-{
-  MHD_gtls_dh_info_st *dh;
-  int ret;
-
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* prime
-   */
-  ret = MHD_gtls_mpi_dprint_lz (&dh->prime, prime);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  /* generator
-   */
-  ret = MHD_gtls_mpi_dprint_lz (&dh->generator, gen);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (&dh->prime);
-      return ret;
-    }
-
-  return 0;
-}
-
-/**
- * MHD__gnutls_certificate_send_x509_rdn_sequence - This function will order gnutls to send or not the x.509 rdn sequence
- * @session: is a pointer to a #MHD_gtls_session_t structure.
- * @status: is 0 or 1
- *
- * If status is non zero, this function will order gnutls not to send
- * the rdnSequence in the certificate request message. That is the
- * server will not advertize it's trusted CAs to the peer. If status
- * is zero then the default behaviour will take effect, which is to
- * advertize the server's trusted CAs.
- *
- * This function has no effect in clients, and in authentication
- * methods other than certificate with X.509 certificates.
- **/
-void
-MHD__gnutls_certificate_send_x509_rdn_sequence (MHD_gtls_session_t session,
-                                                int status)
-{
-  session->internals.ignore_rdn_sequence = status;
-}
-
-/*-
- * MHD__gnutls_record_set_default_version - Used to set the default version for the first record packet
- * @session: is a #MHD_gtls_session_t structure.
- * @major: is a tls major version
- * @minor: is a tls minor version
- *
- * This function sets the default version that we will use in the first
- * record packet (client hello). This function is only useful to people
- * that know TLS internals and want to debug other implementations.
- *
- -*/
-void
-MHD__gnutls_record_set_default_version (MHD_gtls_session_t session,
-                                        unsigned char major,
-                                        unsigned char minor)
-{
-  session->internals.default_record_version[0] = major;
-  session->internals.default_record_version[1] = minor;
-}
-
-inline static int
-MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm,
-                       const void *secret,
-                       int secret_size,
-                       const void *seed, int seed_size, void *result)
-{
-  mac_hd_t td1;
-
-  td1 = MHD_gtls_MHD_hmac_init (algorithm, secret, secret_size);
-  if (td1 == GNUTLS_MAC_FAILED)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  MHD_gnutls_hash (td1, seed, seed_size);
-  MHD_gnutls_MHD_hmac_deinit (td1, result);
-
-  return 0;
-}
-
-#define MAX_SEED_SIZE 200
-
-/* Produces "total_bytes" bytes using the hash algorithm specified.
- * (used in the PRF function)
- */
-static int
-MHD__gnutls_P_hash (enum MHD_GNUTLS_HashAlgorithm algorithm,
-                    const opaque * secret,
-                    int secret_size,
-                    const opaque * seed,
-                    int seed_size, int total_bytes, opaque * ret)
-{
-
-  mac_hd_t td2;
-  int i, times, how, blocksize, A_size;
-  opaque final[20], Atmp[MAX_SEED_SIZE];
-  int output_bytes, result;
-
-  if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  blocksize = MHD_gnutls_hash_get_algo_len (algorithm);
-
-  output_bytes = 0;
-  do
-    {
-      output_bytes += blocksize;
-    }
-  while (output_bytes < total_bytes);
-
-  /* calculate A(0) */
-
-  memcpy (Atmp, seed, seed_size);
-  A_size = seed_size;
-
-  times = output_bytes / blocksize;
-
-  for (i = 0; i < times; i++)
-    {
-      td2 = MHD_gtls_MHD_hmac_init (algorithm, secret, secret_size);
-      if (td2 == GNUTLS_MAC_FAILED)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_INTERNAL_ERROR;
-        }
-
-      /* here we calculate A(i+1) */
-      if ((result =
-           MHD__gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp,
-                                  A_size, Atmp)) < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD_gnutls_MHD_hmac_deinit (td2, final);
-          return result;
-        }
-
-      A_size = blocksize;
-
-      MHD_gnutls_hash (td2, Atmp, A_size);
-      MHD_gnutls_hash (td2, seed, seed_size);
-      MHD_gnutls_MHD_hmac_deinit (td2, final);
-
-      if ((1 + i) * blocksize < total_bytes)
-        {
-          how = blocksize;
-        }
-      else
-        {
-          how = total_bytes - (i) * blocksize;
-        }
-
-      if (how > 0)
-        {
-          memcpy (&ret[i * blocksize], final, how);
-        }
-    }
-
-  return 0;
-}
-
-/* Xor's two buffers and puts the output in the first one.
- */
-inline static void
-MHD__gnutls_xor (opaque * o1, opaque * o2, int length)
-{
-  int i;
-  for (i = 0; i < length; i++)
-    {
-      o1[i] ^= o2[i];
-    }
-}
-
-#define MAX_PRF_BYTES 200
-
-/* The PRF function expands a given secret
- * needed by the TLS specification. ret must have a least total_bytes
- * available.
- */
-int
-MHD_gtls_PRF (MHD_gtls_session_t session,
-              const opaque * secret,
-              int secret_size,
-              const char *label,
-              int label_size,
-              const opaque * seed, int seed_size, int total_bytes, void *ret)
-{
-  int l_s, s_seed_size;
-  const opaque *s1, *s2;
-  opaque s_seed[MAX_SEED_SIZE];
-  opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
-  int result;
-  enum MHD_GNUTLS_Protocol ver = MHD__gnutls_protocol_get_version (session);
-
-  if (total_bytes > MAX_PRF_BYTES)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-  /* label+seed = s_seed */
-  s_seed_size = seed_size + label_size;
-
-  if (s_seed_size > MAX_SEED_SIZE)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  memcpy (s_seed, label, label_size);
-  memcpy (&s_seed[label_size], seed, seed_size);
-
-  if (ver >= MHD_GNUTLS_PROTOCOL_TLS1_2)
-    {
-      result =
-        MHD__gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, secret, secret_size, s_seed,
-                            s_seed_size, total_bytes, ret);
-      if (result < 0)
-        {
-          MHD_gnutls_assert ();
-          return result;
-        }
-    }
-  else
-    {
-      l_s = secret_size / 2;
-
-      s1 = &secret[0];
-      s2 = &secret[l_s];
-
-      if (secret_size % 2 != 0)
-        {
-          l_s++;
-        }
-
-      result =
-        MHD__gnutls_P_hash (MHD_GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
-                            total_bytes, o1);
-      if (result < 0)
-        {
-          MHD_gnutls_assert ();
-          return result;
-        }
-
-      result =
-        MHD__gnutls_P_hash (MHD_GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
-                            total_bytes, o2);
-      if (result < 0)
-        {
-          MHD_gnutls_assert ();
-          return result;
-        }
-
-      MHD__gnutls_xor (o1, o2, total_bytes);
-
-      memcpy (ret, o1, total_bytes);
-    }
-
-  return 0;                     /* ok */
-
-}
-
-
-/*-
- * MHD_gtls_session_is_export - Used to check whether this session is of export grade
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function will return non zero if this session is of export grade.
- *
- -*/
-int
-MHD_gtls_session_is_export (MHD_gtls_session_t session)
-{
-  enum MHD_GNUTLS_CipherAlgorithm cipher;
-
-  cipher =
-    MHD_gtls_cipher_suite_get_cipher_algo (&session->security_parameters.
-                                           current_cipher_suite);
-
-  if (MHD_gtls_cipher_get_export_flag (cipher) != 0)
-    return 1;
-
-  return 0;
-}
-
-/**
- * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function provides information about the internals of the
- * record protocol and is only useful if a prior gnutls function call
- * (e.g.  MHD__gnutls_handshake()) was interrupted for some reason, that
- * is, if a function returned %GNUTLS_E_INTERRUPTED or
- * %GNUTLS_E_AGAIN.  In such a case, you might want to call select()
- * or poll() before calling the interrupted gnutls function again.
- * To tell you whether a file descriptor should be selected for
- * either reading or writing, MHD__gnutls_record_get_direction() returns 0
- * if the interrupted function was trying to read data, and 1 if it
- * was trying to write data.
- *
- * Returns: 0 if trying to read data, 1 if trying to write data.
- **/
-int
-MHD__gnutls_record_get_direction (MHD_gtls_session_t session)
-{
-  return session->internals.direction;
-}

src/daemon/https/tls/gnutls_state.h

@@ -1,77 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#ifndef GNUTLS_STATE_H
-# define GNUTLS_STATE_H
-
-#include <gnutls_int.h>
-
-void MHD__gnutls_session_cert_type_set (MHD_gtls_session_t session,
-                                        enum MHD_GNUTLS_CertificateType);
-enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gnutls_kx_get (MHD_gtls_session_t
-                                                        session);
-enum MHD_GNUTLS_CipherAlgorithm MHD_gnutls_cipher_get (MHD_gtls_session_t
-                                                       session);
-enum MHD_GNUTLS_CertificateType
-MHD_gnutls_certificate_type_get (MHD_gtls_session_t);
-
-#include <gnutls_auth_int.h>
-
-#define CHECK_AUTH(auth, ret) if (MHD_gtls_auth_get_type(session) != auth) { \
-	MHD_gnutls_assert(); \
-	return ret; \
-	}
-
-#endif
-
-int MHD_gtls_session_cert_type_supported (MHD_gtls_session_t,
-                                          enum MHD_GNUTLS_CertificateType);
-
-int MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits);
-
-int MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public);
-int MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen,
-                           mpi_t prime);
-
-int MHD_gtls_dh_get_allowed_prime_bits (MHD_gtls_session_t session);
-void MHD_gtls_handshake_internal_state_clear (MHD_gtls_session_t);
-
-int MHD_gtls_rsa_export_set_pubkey (MHD_gtls_session_t session,
-                                    mpi_t exponent, mpi_t modulus);
-
-int MHD_gtls_session_is_resumable (MHD_gtls_session_t session);
-int MHD_gtls_session_is_export (MHD_gtls_session_t session);
-
-int MHD_gtls_openpgp_send_fingerprint (MHD_gtls_session_t session);
-
-int MHD_gtls_PRF (MHD_gtls_session_t session,
-                  const opaque * secret, int secret_size,
-                  const char *label, int label_size,
-                  const opaque * seed, int seed_size,
-                  int total_bytes, void *ret);
-
-int MHD__gnutls_init (MHD_gtls_session_t * session,
-                      MHD_gnutls_connection_end_t con_end);
-
-#define DEFAULT_CERT_TYPE MHD_GNUTLS_CRT_X509

src/daemon/https/tls/gnutls_str.c

@@ -1,157 +0,0 @@
-/*
- * Copyright (C) 2002, 2004, 2005, 2007  Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-#include <gnutls_str.h>
-
-/* These function are like strcat, strcpy. They only
- * do bound checking (they shouldn't cause buffer overruns),
- * and they always produce null terminated strings.
- *
- * They should be used only with null terminated strings.
- */
-void
-MHD_gtls_str_cat (char *dest, size_t dest_tot_size, const char *src)
-{
-  size_t str_size = strlen (src);
-  size_t dest_size = strlen (dest);
-
-  if (dest_tot_size - dest_size > str_size)
-    {
-      strcat (dest, src);
-    }
-  else
-    {
-      if (dest_tot_size - dest_size > 0)
-        {
-          strncat (dest, src, (dest_tot_size - dest_size) - 1);
-          dest[dest_tot_size - 1] = 0;
-        }
-    }
-}
-
-void
-MHD_gtls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
-{
-  size_t str_size = strlen (src);
-
-  if (dest_tot_size > str_size)
-    {
-      strcpy (dest, src);
-    }
-  else
-    {
-      if (dest_tot_size > 0)
-        {
-          strncpy (dest, src, (dest_tot_size) - 1);
-          dest[dest_tot_size - 1] = 0;
-        }
-    }
-}
-
-void
-MHD_gtls_string_init (MHD_gtls_string * str,
-                      MHD_gnutls_alloc_function alloc_func,
-                      MHD_gnutls_realloc_function realloc_func,
-                      MHD_gnutls_free_function free_func)
-{
-  str->data = NULL;
-  str->max_length = 0;
-  str->length = 0;
-
-  str->alloc_func = alloc_func;
-  str->free_func = free_func;
-  str->realloc_func = realloc_func;
-}
-
-void
-MHD_gtls_string_clear (MHD_gtls_string * str)
-{
-  if (str == NULL || str->data == NULL)
-    return;
-  str->free_func (str->data);
-
-  str->data = NULL;
-  str->max_length = 0;
-  str->length = 0;
-}
-
-#define MIN_CHUNK 256
-
-
-int
-MHD_gtls_string_append_data (MHD_gtls_string * dest,
-                             const void *data, size_t data_size)
-{
-  size_t tot_len = data_size + dest->length;
-
-  if (dest->max_length >= tot_len)
-    {
-      memcpy (&dest->data[dest->length], data, data_size);
-      dest->length = tot_len;
-
-      return tot_len;
-    }
-  else
-    {
-      size_t new_len =
-        MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
-      dest->data = dest->realloc_func (dest->data, new_len);
-      if (dest->data == NULL)
-        {
-          MHD_gnutls_assert ();
-          return GNUTLS_E_MEMORY_ERROR;
-        }
-      dest->max_length = new_len;
-
-      memcpy (&dest->data[dest->length], data, data_size);
-      dest->length = tot_len;
-
-      return tot_len;
-    }
-}
-
-/* Converts the given string (old) to hex. A buffer must be provided
- * to hold the new hex string. The new string will be null terminated.
- * If the buffer does not have enough space to hold the string, a
- * truncated hex string is returned (always null terminated).
- */
-char *
-MHD_gtls_bin2hex (const void *_old,
-                  size_t oldlen, char *buffer, size_t buffer_size)
-{
-  unsigned int i, j;
-  const opaque *old = _old;
-
-  for (i = j = 0; i < oldlen && j + 2 < buffer_size; j += 2)
-    {
-      sprintf (&buffer[j], "%.2x", old[i]);
-      i++;
-    }
-  buffer[j] = '\0';
-
-  return buffer;
-}