more dce

configure.ac

@@ -292,49 +292,13 @@ fi
 AM_CONDITIONAL(MHD_DEBUG_TLS, test "$enable_client_side" != "no")
 
 
-# optional: TLS support. Included by default
-AC_MSG_CHECKING(--enable-TLS argument)
-AC_ARG_ENABLE([TLS],
-   [AS_HELP_STRING([--enable-TLS],
-               [enable TLS support (default is yes)])],
-   [enable_TLS=$enableval],
-   [enable_TLS="yes"])
-AC_MSG_RESULT($enable_TLS)
-
-
-# optional: SSLv3 support. Exclude by default
-AC_MSG_CHECKING(--enable-SSL argument)
-AC_ARG_ENABLE([SSL],
-   [AS_HELP_STRING([--enable-SSL],
-               [enable SSLv3 support (default is no)])],
-   [enable_SSL=$enableval],
-   [enable_SSL="no"])
-AC_MSG_RESULT($enable_SSL)
-
-
-# optional: x509 certificate support. Include by default
-AC_MSG_CHECKING(--enable-x509 argument)
-AC_ARG_ENABLE([x509],
-   [AS_HELP_STRING([--enable-x509],
-               [enable x509 support (default is yes)])],
-   [enable_x509=$enableval],
-   [enable_x509="yes"])
-AC_MSG_RESULT($enable_x509)
-
 # test for libz (optional feature for HTTPS)
 zlib=1
 AC_CHECK_LIB(z, compress,,zlib=0)
 AM_CONDITIONAL(HAVE_LIBZ, test x$zlib = x1)
 
 # Symbols required by GNU_TLS 
-AC_DEFINE([ENABLE_MINITASN1],[1],[Include minitasn1 support])
-AC_DEFINE([GNULIB_GC_HMAC_SHA1],[1],[GNULIB_GC_HMAC_SHA1])
 AC_DEFINE([GNULIB_GC_RANDOM],[1],[GNULIB_GC_RANDOM])
-AC_DEFINE([ENABLE_PKI],[0],[Include PKI support])
-# gnutls debug support
-AC_DEFINE([DEBUG],[1],[Include gnutls debug message support])
-AC_DEFINE([C99_MACROS],[1],[Include gnutls debug message support])
-
 
 
 # gcov compilation
@@ -403,9 +367,6 @@ AC_MSG_NOTICE([Configuration Summary:
 if test "$enable_HTTPS" = "yes"
 then
  AC_MSG_NOTICE([HTTPS subsystem configuration:
-  TLS support:       ${enable_TLS}
-  SSLv3 support:     ${enable_SSL}
-  x509 support:      ${enable_x509}
   Client code dep.:  ${MSG_CLIENT_SIDE}    		
  ])
  if test "$zlib" != 1

src/daemon/https/lgl/gc-libgcrypt.c

@@ -121,16 +121,6 @@ MHD_gc_cipher_open (Gc_cipher alg,
       gcryalg = GCRY_CIPHER_RFC2268_40;
       break;
 
-#ifdef ENABLE_CAMELLIA
-    case GC_CAMELLIA128:
-      gcryalg = GCRY_CIPHER_CAMELLIA128;
-      break;
-
-    case GC_CAMELLIA256:
-      gcryalg = GCRY_CIPHER_CAMELLIA256;
-      break;
-#endif
-
     default:
       return GC_INVALID_CIPHER;
     }

src/daemon/https/tls/Makefile.am

@@ -25,7 +25,6 @@ debug.c \
 defines.h \
 ext_cert_type.c \
 ext_max_record.c \
-ext_oprfi.c \
 ext_server_name.c \
 gnutls_alert.c \
 gnutls_algorithms.c \

src/daemon/https/tls/ext_oprfi.c

@@ -1,217 +0,0 @@
-/*
- * Copyright (C) 2007 Free Software Foundation
- *
- * Author: Simon Josefsson
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* Implementation of Opaque PRF Input:
- * http://tools.ietf.org/id/draft-rescorla-tls-opaque-prf-input-00.txt
- *
- */
-
-#include "MHD_config.h"
-#include <ext_oprfi.h>
-
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-
-static int
-oprfi_recv_server (MHD_gtls_session_t session,
-                   const opaque * data, size_t _data_size)
-{
-  ssize_t data_size = _data_size;
-  uint16_t len;
-
-  if (!session->security_parameters.extensions.oprfi_cb)
-    {
-      MHD_gnutls_assert ();
-      return 0;
-    }
-
-  DECR_LEN (data_size, 2);
-  len = MHD_gtls_read_uint16 (data);
-  data += 2;
-
-  if (len != data_size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  /* Store incoming data. */
-  session->security_parameters.extensions.oprfi_client_len = len;
-  session->security_parameters.extensions.oprfi_client =
-    MHD_gnutls_malloc (len);
-  if (!session->security_parameters.extensions.oprfi_client)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  memcpy (session->security_parameters.extensions.oprfi_client, data, len);
-
-  return 0;
-}
-
-#if MHD_DEBUG_TLS
-static int
-oprfi_recv_client (MHD_gtls_session_t session,
-                   const opaque * data, size_t _data_size)
-{
-  ssize_t data_size = _data_size;
-  uint16_t len;
-
-  if (session->security_parameters.extensions.oprfi_client == NULL)
-    {
-      MHD_gnutls_assert ();
-      return 0;
-    }
-
-  DECR_LEN (data_size, 2);
-  len = MHD_gtls_read_uint16 (data);
-  data += 2;
-
-  if (len != data_size)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-
-  if (len != session->security_parameters.extensions.oprfi_client_len)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-    }
-
-  /* Store incoming data. */
-  session->security_parameters.extensions.oprfi_server_len = len;
-  session->security_parameters.extensions.oprfi_server =
-    MHD_gnutls_malloc (len);
-  if (!session->security_parameters.extensions.oprfi_server)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  memcpy (session->security_parameters.extensions.oprfi_server, data, len);
-
-  return 0;
-}
-#endif
-
-int
-MHD_gtls_oprfi_recv_params (MHD_gtls_session_t session,
-                            const opaque * data, size_t data_size)
-{
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    return oprfi_recv_client (session, data, data_size);
-  else
-#endif
-    return oprfi_recv_server (session, data, data_size);
-}
-
-#if MHD_DEBUG_TLS
-static int
-oprfi_send_client (MHD_gtls_session_t session, opaque * data,
-                   size_t _data_size)
-{
-  opaque *p = data;
-  ssize_t data_size = _data_size;
-  int oprf_size = session->security_parameters.extensions.oprfi_client_len;
-
-  if (oprf_size == 0)
-    return 0;
-
-  DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
-  MHD_gtls_write_uint16 (oprf_size, p);
-  p += 2;
-
-  DECR_LENGTH_RET (data_size, oprf_size, GNUTLS_E_SHORT_MEMORY_BUFFER);
-
-  memcpy (p, session->security_parameters.extensions.oprfi_client, oprf_size);
-
-  return 2 + oprf_size;
-}
-#endif
-
-static int
-oprfi_send_server (MHD_gtls_session_t session, opaque * data,
-                   size_t _data_size)
-{
-  opaque *p = data;
-  int ret;
-  ssize_t data_size = _data_size;
-
-  if (!session->security_parameters.extensions.oprfi_client ||
-      !session->security_parameters.extensions.oprfi_cb)
-    return 0;
-
-  /* Allocate buffer for outgoing data. */
-  session->security_parameters.extensions.oprfi_server_len =
-    session->security_parameters.extensions.oprfi_client_len;
-  session->security_parameters.extensions.oprfi_server =
-    MHD_gnutls_malloc (session->security_parameters.extensions.
-                       oprfi_server_len);
-  if (!session->security_parameters.extensions.oprfi_server)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  /* Get outgoing data. */
-  ret = session->security_parameters.extensions.oprfi_cb
-    (session, session->security_parameters.extensions.oprfi_userdata,
-     session->security_parameters.extensions.oprfi_client_len,
-     session->security_parameters.extensions.oprfi_client,
-     session->security_parameters.extensions.oprfi_server);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD_gnutls_free (session->security_parameters.extensions.oprfi_server);
-      return ret;
-    }
-
-  DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
-  MHD_gtls_write_uint16 (session->security_parameters.extensions.
-                         oprfi_server_len, p);
-  p += 2;
-
-  DECR_LENGTH_RET (data_size,
-                   session->security_parameters.extensions.oprfi_server_len,
-                   GNUTLS_E_SHORT_MEMORY_BUFFER);
-
-  memcpy (p, session->security_parameters.extensions.oprfi_server,
-          session->security_parameters.extensions.oprfi_server_len);
-
-  return 2 + session->security_parameters.extensions.oprfi_server_len;
-}
-
-int
-MHD_gtls_oprfi_send_params (MHD_gtls_session_t session,
-                            opaque * data, size_t data_size)
-{
-#if MHD_DEBUG_TLS
-  if (session->security_parameters.entity == GNUTLS_CLIENT)
-    return oprfi_send_client (session, data, data_size);
-  else
-#endif
-    return oprfi_send_server (session, data, data_size);
-}
-

src/daemon/https/tls/ext_oprfi.h

@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 2007 Free Software Foundation
- *
- * Author: Simon Josefsson
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <gnutls_int.h>
-
-int MHD_gtls_oprfi_recv_params (MHD_gtls_session_t state,
-                                const opaque * data, size_t data_size);
-
-int MHD_gtls_oprfi_send_params (MHD_gtls_session_t state,
-                                opaque * data, size_t data_size);

src/daemon/https/tls/gnutls_algorithms.c

@@ -235,14 +235,6 @@ static const MHD_gnutls_cipher_entry MHD_gtls_algorithms[] = {
    CIPHER_BLOCK,
    8,
    1},
-#ifdef	ENABLE_CAMELLIA
-  {"CAMELLIA-256-CBC", MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32,
-   CIPHER_BLOCK,
-   16, 0},
-  {"CAMELLIA-128-CBC", MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16,
-   CIPHER_BLOCK,
-   16, 0},
-#endif
   {"NULL",
    MHD_GNUTLS_CIPHER_NULL,
    1,
@@ -268,10 +260,6 @@ static const enum MHD_GNUTLS_CipherAlgorithm MHD_gtls_supported_ciphers[] =
   MHD_GNUTLS_CIPHER_ARCFOUR_128,
   MHD_GNUTLS_CIPHER_ARCFOUR_40,
   MHD_GNUTLS_CIPHER_RC2_40_CBC,
-#ifdef	ENABLE_CAMELLIA
-  MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
-  MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
   MHD_GNUTLS_CIPHER_NULL,
   0
 };
@@ -595,16 +583,6 @@ static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_DHE_DSS,
                              MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef	ENABLE_CAMELLIA
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-                             MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
-                             MHD_GNUTLS_KX_DHE_DSS,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
   /* DHE_RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_3DES_CBC,
@@ -618,16 +596,6 @@ static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
                              MHD_GNUTLS_CIPHER_AES_256_CBC,
                              MHD_GNUTLS_KX_DHE_RSA,
                              MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef	ENABLE_CAMELLIA
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-                             MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
-                             MHD_GNUTLS_KX_DHE_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
   /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
                              MHD_GNUTLS_CIPHER_NULL,
@@ -657,16 +625,6 @@ static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
                              MHD_GNUTLS_CIPHER_AES_256_CBC, MHD_GNUTLS_KX_RSA,
                              MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
-#ifdef	ENABLE_CAMELLIA
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
-                             MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
-                             MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
-                             MHD_GNUTLS_KX_RSA,
-                             MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
-#endif
   {0,
    {
     {0,
@@ -1245,39 +1203,11 @@ MHD__gnutls_compare_algo (MHD_gtls_session_t session,
     }
 }
 
-#ifdef SORT_DEBUG
-static void
-MHD__gnutls_bsort (MHD_gtls_session_t session, void *_base, size_t nmemb,
-                   size_t size, int (*compar) (MHD_gtls_session_t,
-                                               const void *, const void *))
-{
-  unsigned int i, j;
-  int full = nmemb * size;
-  char *base = _base;
-  char tmp[MAX_ELEM_SIZE];
-
-  for (i = 0; i < full; i += size)
-    {
-      for (j = 0; j < full; j += size)
-        {
-          if (compar (session, &base[i], &base[j]) < 0)
-            {
-              SWAP (&base[j], &base[i]);
-            }
-        }
-    }
-
-}
-#endif
-
 int
 MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session,
                                         cipher_suite_st ** ciphers)
 {
 
-#ifdef SORT_DEBUG
-  unsigned int i;
-#endif
   int count;
 
   count = MHD_gtls_supported_ciphersuites (session, ciphers);
@@ -1286,23 +1216,9 @@ MHD_gtls_supported_ciphersuites_sorted (MHD_gtls_session_t session,
       MHD_gnutls_assert ();
       return count;
     }
-#ifdef SORT_DEBUG
-  MHD__gnutls_debug_log ("Unsorted: \n");
-  for (i = 0; i < count; i++)
-    MHD__gnutls_debug_log ("\t%d: %s\n", i,
-                           MHD_gtls_cipher_suite_get_name ((*ciphers)[i]));
-#endif
-
   MHD__gnutls_qsort (session, *ciphers, count, sizeof (cipher_suite_st),
                      MHD__gnutls_compare_algo);
 
-#ifdef SORT_DEBUG
-  MHD__gnutls_debug_log ("Sorted: \n");
-  for (i = 0; i < count; i++)
-    MHD__gnutls_debug_log ("\t%d: %s\n", i,
-                           MHD_gtls_cipher_suite_get_name ((*ciphers)[i]));
-#endif
-
   return count;
 }
 

src/daemon/https/tls/gnutls_cipher_int.c

@@ -65,16 +65,6 @@ MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher,
       err = MHD_gc_cipher_open (GC_ARCTWO40, GC_CBC, &ret);
       break;
 
-#ifdef	ENABLE_CAMELLIA
-    case MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC:
-      err = MHD_gc_cipher_open (GC_CAMELLIA128, GC_CBC, &ret);
-      break;
-
-    case MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC:
-      err = MHD_gc_cipher_open (GC_CAMELLIA256, GC_CBC, &ret);
-      break;
-#endif
-
     default:
       return NULL;
     }

src/daemon/https/tls/gnutls_compress_int.c

@@ -190,12 +190,6 @@ MHD_gtls_compress (comp_hd_t handle, const opaque * plain,
       return GNUTLS_E_INTERNAL_ERROR;
     }                           /* switch */
 
-#ifdef COMPRESSION_DEBUG
-  MHD__gnutls_debug_log ("Compression ratio: %f\n",
-                         (float) ((float) compressed_size /
-                                  (float) plain_size));
-#endif
-
   if ((size_t) compressed_size > max_comp_size)
     {
       MHD_gnutls_free (*compressed);

src/daemon/https/tls/gnutls_extensions.c

@@ -58,12 +58,6 @@ MHD_gtls_extension_entry MHD_gtls_extensions[MAX_EXT_SIZE] = {
                           EXTENSION_APPLICATION,
                           MHD_gtls_server_name_recv_params,
                           MHD_gtls_server_name_send_params),
-#ifdef ENABLE_OPRFI
-  GNUTLS_EXTENSION_ENTRY (GNUTLS_EXTENSION_OPAQUE_PRF_INPUT,
-                          EXTENSION_TLS,
-                          MHD_gtls_oprfi_recv_params,
-                          MHD_gtls_oprfi_send_params),
-#endif
   {0, 0, 0, 0}
 };
 

src/daemon/https/tls/gnutls_handshake.c

@@ -763,20 +763,6 @@ MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
       MHD_gnutls_assert ();
       return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
     }
-#ifdef HANDSHAKE_DEBUG
-
-  MHD__gnutls_handshake_log ("HSK[%x]: Requested cipher suites: \n", session);
-  for (j = 0; j < datalen; j += 2)
-    {
-      memcpy (&cs.suite, &data[j], 2);
-      MHD__gnutls_handshake_log ("\t%s\n",
-                                 MHD_gtls_cipher_suite_get_name (&cs));
-    }
-  MHD__gnutls_handshake_log ("HSK[%x]: Supported cipher suites: \n", session);
-  for (j = 0; j < x; j++)
-    MHD__gnutls_handshake_log ("\t%s\n",
-                               MHD_gtls_cipher_suite_get_name (&ciphers[j]));
-#endif
   memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
 
   retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
@@ -2315,18 +2301,6 @@ MHD_gtls_handshake_client (MHD_gtls_session_t session)
 {
   int ret = 0;
 
-#ifdef HANDSHAKE_DEBUG
-  char buf[64];
-
-  if (session->internals.resumed_security_parameters.session_id_size > 0)
-    MHD__gnutls_handshake_log ("HSK[%x]: Ask to resume: %s\n", session,
-                               MHD_gtls_bin2hex (session->
-                                                 internals.resumed_security_parameters.session_id,
-                                                 session->
-                                                 internals.resumed_security_parameters.session_id_size,
-                                                 buf, sizeof (buf)));
-#endif
-
   switch (STATE)
     {
     case STATE0: