[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-71-g80c4b5e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-71-g80c4b5e |
|
Date: |
Wed, 10 Oct 2012 06:42:17 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=80c4b5e316002b6b5d2ffaf22a22f8f8cce1a142
The branch, master has been updated
via 80c4b5e316002b6b5d2ffaf22a22f8f8cce1a142 (commit)
via 9ffddfaf6a983378358eef7d33f32b9da49662f7 (commit)
from b69e8d5531cc4db35fbb046e395eda559b5f499a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 80c4b5e316002b6b5d2ffaf22a22f8f8cce1a142
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Oct 10 08:32:07 2012 +0200
session->key no longer needs to be an allocated structure.
commit 9ffddfaf6a983378358eef7d33f32b9da49662f7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Oct 10 08:16:34 2012 +0200
The high level functions accept sflags and vflags as separate options.
-----------------------------------------------------------------------
Summary of changes:
lib/auth/anon.c | 4 +-
lib/auth/anon_ecdh.c | 4 +-
lib/auth/cert.c | 18 +++++-----
lib/auth/dh_common.c | 50 +++++++++++++++---------------
lib/auth/dhe.c | 4 +-
lib/auth/dhe_psk.c | 8 ++--
lib/auth/ecdh_common.c | 42 +++++++++++++-------------
lib/auth/psk.c | 16 +++++-----
lib/auth/psk_passwd.c | 2 +-
lib/auth/rsa.c | 44 ++++++++++++++--------------
lib/auth/rsa_export.c | 30 +++++++++---------
lib/auth/srp.c | 46 ++++++++++++++--------------
lib/auth/srp_passwd.c | 2 +-
lib/auth/srp_rsa.c | 2 +-
lib/ext/srp.c | 2 +-
lib/ext/status_request.c | 2 +-
lib/gnutls_auth.c | 64 +++++++++++++++++++--------------------
lib/gnutls_auth.h | 2 +-
lib/gnutls_cert.c | 2 +-
lib/gnutls_handshake.c | 12 ++++----
lib/gnutls_int.h | 2 +-
lib/gnutls_kx.c | 10 +++---
lib/gnutls_state.c | 58 ++++++++++++++----------------------
lib/gnutls_ui.c | 4 +-
lib/gnutls_x509.c | 2 +-
libdane/dane.c | 16 ++++++----
libdane/includes/gnutls/dane.h | 6 ++-
src/cli.c | 2 +-
28 files changed, 223 insertions(+), 233 deletions(-)
diff --git a/lib/auth/anon.c b/lib/auth/anon.c
index 789e908..0071761 100644
--- a/lib/auth/anon.c
+++ b/lib/auth/anon.c
@@ -69,7 +69,7 @@ gen_anon_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_anon_server_credentials_t cred;
cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -119,7 +119,7 @@ proc_anon_client_kx (gnutls_session_t session, uint8_t *
data,
const bigint_t *mpis;
cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c
index 63e72ed..b81f97e 100644
--- a/lib/auth/anon_ecdh.c
+++ b/lib/auth/anon_ecdh.c
@@ -67,7 +67,7 @@ gen_anon_ecdh_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_anon_server_credentials_t cred;
cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -99,7 +99,7 @@ proc_anon_ecdh_client_kx (gnutls_session_t session, uint8_t *
data,
gnutls_anon_server_credentials_t cred;
cred = (gnutls_anon_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_ANON, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index 44835f0..34bc6d2 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -475,7 +475,7 @@ call_get_cert_callback (gnutls_session_t session,
unsigned int pcert_length = 0;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -698,7 +698,7 @@ _select_client_cert (gnutls_session_t session,
gnutls_datum_t *issuers_dn = NULL;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -1080,7 +1080,7 @@ _gnutls_proc_x509_server_crt (gnutls_session_t session,
gnutls_datum_t tmp;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -1223,7 +1223,7 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session,
unsigned int subkey_id_set = 0;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -1402,7 +1402,7 @@ _gnutls_proc_crt (gnutls_session_t session, uint8_t *
data, size_t data_size)
gnutls_certificate_credentials_t cred;
cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
GNUTLS_CRD_CERTIFICATE,
NULL);
if (cred == NULL)
@@ -1465,7 +1465,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session,
uint8_t * data,
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -1553,7 +1553,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session,
uint8_t * data,
/* We should reply with a certificate message,
* even if we have no certificate to send.
*/
- session->key->crt_requested = 1;
+ session->key.crt_requested = 1;
return 0;
}
@@ -1722,7 +1722,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session,
*/
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -2082,7 +2082,7 @@ _gnutls_server_select_cert (gnutls_session_t session,
char server_name[MAX_CN];
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index dda96fa..bb1e217 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -66,31 +66,31 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
_n_Y = n_Y;
DECR_LEN (data_size, n_Y);
- if (_gnutls_mpi_scan_nz (&session->key->client_Y, &data[2], _n_Y))
+ if (_gnutls_mpi_scan_nz (&session->key.client_Y, &data[2], _n_Y))
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- _gnutls_dh_set_peer_public (session, session->key->client_Y);
+ _gnutls_dh_set_peer_public (session, session->key.client_Y);
ret =
- gnutls_calc_dh_key (&session->key->KEY, session->key->client_Y,
session->key->dh_secret, p);
+ gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y,
session->key.dh_secret, p);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_mpi_release (&session->key->client_Y);
- _gnutls_mpi_release (&session->key->dh_secret);
+ _gnutls_mpi_release (&session->key.client_Y);
+ _gnutls_mpi_release (&session->key.dh_secret);
if (psk_key == NULL)
{
- ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
}
else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
- ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
+ ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
if (ret < 0)
{
gnutls_assert ();
@@ -102,7 +102,7 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
}
- _gnutls_mpi_release (&session->key->KEY);
+ _gnutls_mpi_release (&session->key.KEY);
if (ret < 0)
{
@@ -123,8 +123,8 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
bigint_t x = NULL, X = NULL;
int ret;
- ret = gnutls_calc_dh_secret (&X, &x, session->key->client_g,
- session->key->client_p, 0);
+ ret = gnutls_calc_dh_secret (&X, &x, session->key.client_g,
+ session->key.client_p, 0);
if (ret < 0)
{
gnutls_assert ();
@@ -142,7 +142,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
/* calculate the key after calculating the message */
ret =
- gnutls_calc_dh_key (&session->key->KEY, session->key->client_Y, x,
session->key->client_p);
+ gnutls_calc_dh_key (&session->key.KEY, session->key.client_Y, x,
session->key.client_p);
if (ret < 0)
{
gnutls_assert();
@@ -150,21 +150,21 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
}
/* THESE SHOULD BE DISCARDED */
- _gnutls_mpi_release (&session->key->client_Y);
- _gnutls_mpi_release (&session->key->client_p);
- _gnutls_mpi_release (&session->key->client_g);
+ _gnutls_mpi_release (&session->key.client_Y);
+ _gnutls_mpi_release (&session->key.client_p);
+ _gnutls_mpi_release (&session->key.client_g);
if (_gnutls_cipher_suite_get_kx_algo
(session->security_parameters.cipher_suite)
!= GNUTLS_KX_DHE_PSK)
{
- ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
}
else /* In DHE_PSK the key is set differently */
{
gnutls_datum_t tmp_dh_key;
- ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
+ ret = _gnutls_mpi_dprint (session->key.KEY, &tmp_dh_key);
if (ret < 0)
{
gnutls_assert ();
@@ -175,7 +175,7 @@ _gnutls_gen_dh_common_client_kx_int (gnutls_session_t
session, gnutls_buffer_st*
_gnutls_free_datum (&tmp_dh_key);
}
- _gnutls_mpi_release (&session->key->KEY);
+ _gnutls_mpi_release (&session->key.KEY);
if (ret < 0)
{
@@ -233,18 +233,18 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t
session,
_n_g = n_g;
_n_p = n_p;
- if (_gnutls_mpi_scan_nz (&session->key->client_Y, data_Y, _n_Y) != 0)
+ if (_gnutls_mpi_scan_nz (&session->key.client_Y, data_Y, _n_Y) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (_gnutls_mpi_scan_nz (&session->key->client_g, data_g, _n_g) != 0)
+ if (_gnutls_mpi_scan_nz (&session->key.client_g, data_g, _n_g) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (_gnutls_mpi_scan_nz (&session->key->client_p, data_p, _n_p) != 0)
+ if (_gnutls_mpi_scan_nz (&session->key.client_p, data_p, _n_p) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -257,7 +257,7 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session,
return bits;
}
- if (_gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits)
+ if (_gnutls_mpi_get_nbits (session->key.client_p) < (size_t) bits)
{
/* the prime used by the peer is not acceptable
*/
@@ -265,9 +265,9 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session,
return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
}
- _gnutls_dh_set_group (session, session->key->client_g,
- session->key->client_p);
- _gnutls_dh_set_peer_public (session, session->key->client_Y);
+ _gnutls_dh_set_group (session, session->key.client_g,
+ session->key.client_p);
+ _gnutls_dh_set_peer_public (session, session->key.client_Y);
ret = n_Y + n_p + n_g + 6;
@@ -290,7 +290,7 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t session,
return ret;
}
- session->key->dh_secret = x;
+ session->key.dh_secret = x;
_gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c
index 26e0718..946cc9e 100644
--- a/lib/auth/dhe.c
+++ b/lib/auth/dhe.c
@@ -128,7 +128,7 @@ gen_dhe_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -346,7 +346,7 @@ proc_dhe_client_kx (gnutls_session_t session, uint8_t *
data,
gnutls_dh_params_t dh_params;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c
index 410c7c5..5205cf5 100644
--- a/lib/auth/dhe_psk.c
+++ b/lib/auth/dhe_psk.c
@@ -93,7 +93,7 @@ gen_psk_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_datum_t username, key;
cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
@@ -144,7 +144,7 @@ gen_psk_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_psk_server_credentials_t cred;
cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -225,7 +225,7 @@ proc_psk_client_kx (gnutls_session_t session, uint8_t *
data,
ssize_t data_size = _data_size;
cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
@@ -301,7 +301,7 @@ proc_ecdhe_psk_client_kx (gnutls_session_t session, uint8_t
* data,
ssize_t data_size = _data_size;
cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
diff --git a/lib/auth/ecdh_common.c b/lib/auth/ecdh_common.c
index 72b7564..3655cad 100644
--- a/lib/auth/ecdh_common.c
+++ b/lib/auth/ecdh_common.c
@@ -47,22 +47,22 @@ gnutls_pk_params_st pub;
int ret;
memset(&pub,0,sizeof(pub));
- pub.params[ECC_PRIME] = session->key->ecdh_params.params[ECC_PRIME];
- pub.params[ECC_ORDER] = session->key->ecdh_params.params[ECC_ORDER];
- pub.params[ECC_A] = session->key->ecdh_params.params[ECC_A];
- pub.params[ECC_B] = session->key->ecdh_params.params[ECC_B];
- pub.params[ECC_GX] = session->key->ecdh_params.params[ECC_GX];
- pub.params[ECC_GY] = session->key->ecdh_params.params[ECC_GY];
- pub.params[ECC_X] = session->key->ecdh_x;
- pub.params[ECC_Y] = session->key->ecdh_y;
+ pub.params[ECC_PRIME] = session->key.ecdh_params.params[ECC_PRIME];
+ pub.params[ECC_ORDER] = session->key.ecdh_params.params[ECC_ORDER];
+ pub.params[ECC_A] = session->key.ecdh_params.params[ECC_A];
+ pub.params[ECC_B] = session->key.ecdh_params.params[ECC_B];
+ pub.params[ECC_GX] = session->key.ecdh_params.params[ECC_GX];
+ pub.params[ECC_GY] = session->key.ecdh_params.params[ECC_GY];
+ pub.params[ECC_X] = session->key.ecdh_x;
+ pub.params[ECC_Y] = session->key.ecdh_y;
if (psk_key == NULL)
- ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key->key,
&session->key->ecdh_params, &pub);
+ ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key,
&session->key.ecdh_params, &pub);
else
{
gnutls_datum_t tmp_dh_key;
- ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key,
&session->key->ecdh_params, &pub);
+ ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key,
&session->key.ecdh_params, &pub);
if (ret < 0)
{
ret = gnutls_assert_val(ret);
@@ -84,9 +84,9 @@ int ret;
cleanup:
/* no longer needed */
- _gnutls_mpi_release (&session->key->ecdh_x);
- _gnutls_mpi_release (&session->key->ecdh_y);
- gnutls_pk_params_release( &session->key->ecdh_params);
+ _gnutls_mpi_release (&session->key.ecdh_x);
+ _gnutls_mpi_release (&session->key.ecdh_y);
+ gnutls_pk_params_release( &session->key.ecdh_params);
return ret;
}
@@ -110,7 +110,7 @@ _gnutls_proc_ecdh_common_client_kx (gnutls_session_t
session,
i+=1;
DECR_LEN (data_size, point_size);
- ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size,
&session->key->ecdh_x, &session->key->ecdh_y);
+ ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size,
&session->key.ecdh_x, &session->key.ecdh_y);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -139,12 +139,12 @@ _gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t
session,
int curve = _gnutls_session_ecc_curve_get(session);
/* generate temporal key */
- ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key->ecdh_params);
+ ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_ecc_ansi_x963_export(curve,
session->key->ecdh_params.params[6] /* x */,
- session->key->ecdh_params.params[7] /* y */, &out);
+ ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[6]
/* x */,
+ session->key.ecdh_params.params[7] /* y */, &out);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -192,7 +192,7 @@ _gnutls_proc_ecdh_common_server_kx (gnutls_session_t
session,
i++;
DECR_LEN (data_size, point_size);
- ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size,
&session->key->ecdh_x, &session->key->ecdh_y);
+ ret = _gnutls_ecc_ansi_x963_import(&data[i], point_size,
&session->key.ecdh_x, &session->key.ecdh_y);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -225,12 +225,12 @@ int _gnutls_ecdh_common_print_server_kx (gnutls_session_t
session, gnutls_buffer
return gnutls_assert_val(ret);
/* generate temporal key */
- ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key->ecdh_params);
+ ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_ecc_ansi_x963_export(curve,
session->key->ecdh_params.params[6] /* x */,
- session->key->ecdh_params.params[7] /* y */, &out);
+ ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[6]
/* x */,
+ session->key.ecdh_params.params[7] /* y */, &out);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/auth/psk.c b/lib/auth/psk.c
index 858f2f9..fa475aa 100644
--- a/lib/auth/psk.c
+++ b/lib/auth/psk.c
@@ -78,9 +78,9 @@ _gnutls_set_psk_session_key (gnutls_session_t session,
/* set the session key
*/
- session->key->key.size = 4 + dh_secret_size + ppsk->size;
- session->key->key.data = gnutls_malloc (session->key->key.size);
- if (session->key->key.data == NULL)
+ session->key.key.size = 4 + dh_secret_size + ppsk->size;
+ session->key.key.data = gnutls_malloc (session->key.key.size);
+ if (session->key.key.data == NULL)
{
gnutls_assert ();
ret = GNUTLS_E_MEMORY_ERROR;
@@ -93,7 +93,7 @@ _gnutls_set_psk_session_key (gnutls_session_t session,
* (uint16_t) psk_size
* the psk
*/
- p = session->key->key.data;
+ p = session->key.key.data;
_gnutls_write_uint16 (dh_secret_size, p);
p+=2;
if (dh_secret == NULL)
@@ -168,7 +168,7 @@ _gnutls_gen_psk_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_psk_client_credentials_t cred;
cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
@@ -217,7 +217,7 @@ _gnutls_proc_psk_client_kx (gnutls_session_t session,
uint8_t * data,
psk_auth_info_t info;
cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
@@ -292,7 +292,7 @@ _gnutls_gen_psk_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
gnutls_datum_t hint;
cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
@@ -327,7 +327,7 @@ _gnutls_proc_psk_server_kx (gnutls_session_t session,
uint8_t * data,
psk_auth_info_t info;
cred = (gnutls_psk_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c
index 8e60bf2..a27cb69 100644
--- a/lib/auth/psk_passwd.c
+++ b/lib/auth/psk_passwd.c
@@ -131,7 +131,7 @@ _gnutls_psk_pwd_find_entry (gnutls_session_t session, char
*username,
int ret;
cred = (gnutls_psk_server_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_PSK, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index 0be2653..4bd6b81 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -102,7 +102,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
GNUTLS_KX_RSA_EXPORT &&
_gnutls_pubkey_is_over_rsa_512(peer_cert.pubkey) == 0)
{
- if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL)
+ if (session->key.rsa[0] == NULL || session->key.rsa[1] == NULL)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -111,7 +111,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
for (i = 0; i < params->params_nr; i++)
{
- params->params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
+ params->params[i] = _gnutls_mpi_copy (session->key.rsa[i]);
}
ret = 0;
@@ -202,9 +202,9 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t *
data,
if (randomize_key != 0)
{
- session->key->key.size = GNUTLS_MASTER_SIZE;
- session->key->key.data = gnutls_malloc (session->key->key.size);
- if (session->key->key.data == NULL)
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data = gnutls_malloc (session->key.key.size);
+ if (session->key.key.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
@@ -212,8 +212,8 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t *
data,
/* we do not need strong random numbers here.
*/
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
- session->key->key.size);
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data,
+ session->key.key.size);
if (ret < 0)
{
gnutls_assert ();
@@ -223,15 +223,15 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t *
data,
}
else
{
- session->key->key.data = plaintext.data;
- session->key->key.size = plaintext.size;
+ session->key.key.data = plaintext.data;
+ session->key.key.size = plaintext.size;
}
/* This is here to avoid the version check attack
* discussed above.
*/
- session->key->key.data[0] = _gnutls_get_adv_version_major (session);
- session->key->key.data[1] = _gnutls_get_adv_version_minor (session);
+ session->key.key.data[0] = _gnutls_get_adv_version_major (session);
+ session->key.key.data[1] = _gnutls_get_adv_version_minor (session);
return 0;
}
@@ -243,7 +243,7 @@ proc_rsa_client_kx (gnutls_session_t session, uint8_t *
data,
int
_gnutls_gen_rsa_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
{
- cert_auth_info_t auth = session->key->auth_info;
+ cert_auth_info_t auth = session->key.auth_info;
gnutls_datum_t sdata; /* data to send */
gnutls_pk_params_st params;
int ret;
@@ -258,17 +258,17 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- session->key->key.size = GNUTLS_MASTER_SIZE;
- session->key->key.data = gnutls_malloc (session->key->key.size);
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data = gnutls_malloc (session->key.key.size);
- if (session->key->key.data == NULL)
+ if (session->key.key.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data,
- session->key->key.size);
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key.key.data,
+ session->key.key.size);
if (ret < 0)
{
gnutls_assert ();
@@ -279,13 +279,13 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
if (session->internals.rsa_pms_version[0] == 0)
{
- session->key->key.data[0] = _gnutls_version_get_major (ver);
- session->key->key.data[1] = _gnutls_version_get_minor (ver);
+ session->key.key.data[0] = _gnutls_version_get_major (ver);
+ session->key.key.data[1] = _gnutls_version_get_minor (ver);
}
else
{ /* use the version provided */
- session->key->key.data[0] = session->internals.rsa_pms_version[0];
- session->key->key.data[1] = session->internals.rsa_pms_version[1];
+ session->key.key.data[0] = session->internals.rsa_pms_version[0];
+ session->key.key.data[1] = session->internals.rsa_pms_version[1];
}
/* move RSA parameters to key (session).
@@ -298,7 +298,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
}
ret =
- _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &session->key->key,
+ _gnutls_pk_encrypt (GNUTLS_PK_RSA, &sdata, &session->key.key,
¶ms);
gnutls_pk_params_release(¶ms);
diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c
index d547e39..95f815c 100644
--- a/lib/auth/rsa_export.c
+++ b/lib/auth/rsa_export.c
@@ -76,7 +76,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session,
gnutls_rsa_params_t rsa_params;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -193,9 +193,9 @@ proc_rsa_export_client_kx (gnutls_session_t session,
uint8_t * data,
if (randomize_key != 0)
{
- session->key->key.size = GNUTLS_MASTER_SIZE;
- session->key->key.data = gnutls_malloc (session->key->key.size);
- if (session->key->key.data == NULL)
+ session->key.key.size = GNUTLS_MASTER_SIZE;
+ session->key.key.data = gnutls_malloc (session->key.key.size);
+ if (session->key.key.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
@@ -203,8 +203,8 @@ proc_rsa_export_client_kx (gnutls_session_t session,
uint8_t * data,
/* we do not need strong random numbers here.
*/
- ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
- session->key->key.size);
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key.key.data,
+ session->key.key.size);
if (ret < 0)
{
gnutls_assert ();
@@ -214,15 +214,15 @@ proc_rsa_export_client_kx (gnutls_session_t session,
uint8_t * data,
}
else
{
- session->key->key.data = plaintext.data;
- session->key->key.size = plaintext.size;
+ session->key.key.data = plaintext.data;
+ session->key.key.size = plaintext.size;
}
/* This is here to avoid the version check attack
* discussed above.
*/
- session->key->key.data[0] = _gnutls_get_adv_version_major (session);
- session->key->key.data[1] = _gnutls_get_adv_version_minor (session);
+ session->key.key.data[0] = _gnutls_get_adv_version_major (session);
+ session->key.key.data[1] = _gnutls_get_adv_version_minor (session);
return 0;
}
@@ -242,7 +242,7 @@ gen_rsa_export_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
unsigned int bits = 0;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
@@ -413,20 +413,20 @@ proc_rsa_export_server_kx (gnutls_session_t session,
_n_e = n_e;
_n_m = n_m;
- if (_gnutls_mpi_scan_nz (&session->key->rsa[0], data_m, _n_m) != 0)
+ if (_gnutls_mpi_scan_nz (&session->key.rsa[0], data_m, _n_m) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (_gnutls_mpi_scan_nz (&session->key->rsa[1], data_e, _n_e) != 0)
+ if (_gnutls_mpi_scan_nz (&session->key.rsa[1], data_e, _n_e) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- _gnutls_rsa_export_set_pubkey (session, session->key->rsa[1],
- session->key->rsa[0]);
+ _gnutls_rsa_export_set_pubkey (session, session->key.rsa[1],
+ session->key.rsa[0]);
/* VERIFY SIGNATURE */
diff --git a/lib/auth/srp.c b/lib/auth/srp.c
index 835c871..b617d43 100644
--- a/lib/auth/srp.c
+++ b/lib/auth/srp.c
@@ -53,14 +53,14 @@ const mod_auth_st srp_auth_struct = {
};
-#define _b session->key->b
-#define B session->key->B
-#define _a session->key->a
-#define A session->key->A
-#define N session->key->client_p
-#define G session->key->client_g
-#define V session->key->x
-#define S session->key->KEY
+#define _b session->key.b
+#define B session->key.B
+#define _a session->key.a
+#define A session->key.A
+#define N session->key.client_p
+#define G session->key.client_g
+#define V session->key.x
+#define S session->key.KEY
/* Checks if a%n==0,+1,-1%n which is a fatal srp error.
* Returns a proper error code in that case, and 0 when
@@ -250,7 +250,7 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
priv = epriv.ptr;
cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
if (cred == NULL)
{
@@ -295,17 +295,17 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
*/
/* calculate u */
- session->key->u = _gnutls_calc_srp_u (A, B, N);
- if (session->key->u == NULL)
+ session->key.u = _gnutls_calc_srp_u (A, B, N);
+ if (session->key.u == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_log ("SRP U: ", session->key->u);
+ _gnutls_mpi_log ("SRP U: ", session->key.u);
/* S = (B - g^x) ^ (a + u * x) % N */
- S = _gnutls_calc_srp_S2 (B, G, session->key->x, _a, session->key->u, N);
+ S = _gnutls_calc_srp_S2 (B, G, session->key.x, _a, session->key.u, N);
if (S == NULL)
{
gnutls_assert ();
@@ -316,10 +316,10 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session,
gnutls_buffer_st* data)
_gnutls_mpi_release (&_b);
_gnutls_mpi_release (&V);
- _gnutls_mpi_release (&session->key->u);
+ _gnutls_mpi_release (&session->key.u);
_gnutls_mpi_release (&B);
- ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
_gnutls_mpi_release (&S);
if (ret < 0)
@@ -373,18 +373,18 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session,
uint8_t * data,
/* Start the SRP calculations.
* - Calculate u
*/
- session->key->u = _gnutls_calc_srp_u (A, B, N);
- if (session->key->u == NULL)
+ session->key.u = _gnutls_calc_srp_u (A, B, N);
+ if (session->key.u == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_log ("SRP U: ", session->key->u);
+ _gnutls_mpi_log ("SRP U: ", session->key.u);
/* S = (A * v^u) ^ b % N
*/
- S = _gnutls_calc_srp_S1 (A, _b, session->key->u, V, N);
+ S = _gnutls_calc_srp_S1 (A, _b, session->key.u, V, N);
if (S == NULL)
{
gnutls_assert ();
@@ -396,10 +396,10 @@ _gnutls_proc_srp_client_kx (gnutls_session_t session,
uint8_t * data,
_gnutls_mpi_release (&A);
_gnutls_mpi_release (&_b);
_gnutls_mpi_release (&V);
- _gnutls_mpi_release (&session->key->u);
+ _gnutls_mpi_release (&session->key.u);
_gnutls_mpi_release (&B);
- ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ ret = _gnutls_mpi_dprint (session->key.KEY, &session->key.key);
_gnutls_mpi_release (&S);
if (ret < 0)
@@ -812,7 +812,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session,
uint8_t * data,
priv = epriv.ptr;
cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
if (cred == NULL)
{
@@ -936,7 +936,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session,
uint8_t * data,
return ret;
}
- if (_gnutls_mpi_scan_nz (&session->key->x, hd, _n_g) != 0)
+ if (_gnutls_mpi_scan_nz (&session->key.x, hd, _n_g) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index 18a96ab..7ff8540 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -269,7 +269,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char
*username,
entry = *_entry;
cred = (gnutls_srp_server_credentials_t)
- _gnutls_get_cred (state->key, GNUTLS_CRD_SRP, NULL);
+ _gnutls_get_cred (state, GNUTLS_CRD_SRP, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c
index 135b762..4f6eb30 100644
--- a/lib/auth/srp_rsa.c
+++ b/lib/auth/srp_rsa.c
@@ -98,7 +98,7 @@ gen_srp_cert_server_kx (gnutls_session_t session,
gnutls_buffer_st* data)
ddata.size = data->length;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/ext/srp.c b/lib/ext/srp.c
index d8a3aae..c9fad8d 100644
--- a/lib/ext/srp.c
+++ b/lib/ext/srp.c
@@ -124,7 +124,7 @@ _gnutls_srp_send_params (gnutls_session_t session,
if (session->security_parameters.entity == GNUTLS_CLIENT)
{
gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL);
if (cred == NULL)
return 0;
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 8c8782b..e5bf67b 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -189,7 +189,7 @@ server_send (gnutls_session_t session,
gnutls_certificate_credentials_t cred;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL) /* no certificate authentication */
return gnutls_assert_val (0);
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 13eb63e..9f6a0ea 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -44,17 +44,17 @@
void
gnutls_credentials_clear (gnutls_session_t session)
{
- if (session->key && session->key->cred)
+ if (session->key.cred)
{ /* beginning of the list */
auth_cred_st *ccred, *ncred;
- ccred = session->key->cred;
+ ccred = session->key.cred;
while (ccred != NULL)
{
ncred = ccred->next;
gnutls_free (ccred);
ccred = ncred;
}
- session->key->cred = NULL;
+ session->key.cred = NULL;
}
}
@@ -99,22 +99,22 @@ gnutls_credentials_set (gnutls_session_t session,
auth_cred_st *ccred = NULL, *pcred = NULL;
int exists = 0;
- if (session->key->cred == NULL)
+ if (session->key.cred == NULL)
{ /* beginning of the list */
- session->key->cred = gnutls_malloc (sizeof (auth_cred_st));
- if (session->key->cred == NULL)
+ session->key.cred = gnutls_malloc (sizeof (auth_cred_st));
+ if (session->key.cred == NULL)
return GNUTLS_E_MEMORY_ERROR;
/* copy credentials locally */
- session->key->cred->credentials = cred;
+ session->key.cred->credentials = cred;
- session->key->cred->next = NULL;
- session->key->cred->algorithm = type;
+ session->key.cred->next = NULL;
+ session->key.cred->algorithm = type;
}
else
{
- ccred = session->key->cred;
+ ccred = session->key.cred;
while (ccred != NULL)
{
if (ccred->algorithm == type)
@@ -232,19 +232,17 @@ _gnutls_get_kx_cred (gnutls_session_t session,
{
int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- return _gnutls_get_cred (session->key,
+ return _gnutls_get_cred (session,
_gnutls_map_kx_get_cred (algo, server), err);
}
const void *
-_gnutls_get_cred (gnutls_key_st key, gnutls_credentials_type_t type, int *err)
+_gnutls_get_cred (gnutls_session_t session, gnutls_credentials_type_t type,
int *err)
{
const void *retval = NULL;
int _err = -1;
auth_cred_st *ccred;
-
- if (key == NULL)
- goto out;
+ gnutls_key_st * key = &session->key;
ccred = key->cred;
while (ccred != NULL)
@@ -283,7 +281,7 @@ out:
void *
_gnutls_get_auth_info (gnutls_session_t session)
{
- return session->key->auth_info;
+ return session->key.auth_info;
}
/*-
@@ -300,13 +298,13 @@ _gnutls_free_auth_info (gnutls_session_t session)
dh_info_st *dh_info;
rsa_info_st *rsa_info;
- if (session == NULL || session->key == NULL)
+ if (session == NULL)
{
gnutls_assert ();
return;
}
- switch (session->key->auth_info_type)
+ switch (session->key.auth_info_type)
{
case GNUTLS_CRD_SRP:
break;
@@ -362,10 +360,10 @@ _gnutls_free_auth_info (gnutls_session_t session)
}
- gnutls_free (session->key->auth_info);
- session->key->auth_info = NULL;
- session->key->auth_info_size = 0;
- session->key->auth_info_type = 0;
+ gnutls_free (session->key.auth_info);
+ session->key.auth_info = NULL;
+ session->key.auth_info_size = 0;
+ session->key.auth_info_type = 0;
}
@@ -379,16 +377,16 @@ _gnutls_auth_info_set (gnutls_session_t session,
gnutls_credentials_type_t type, int size,
int allow_change)
{
- if (session->key->auth_info == NULL)
+ if (session->key.auth_info == NULL)
{
- session->key->auth_info = gnutls_calloc (1, size);
- if (session->key->auth_info == NULL)
+ session->key.auth_info = gnutls_calloc (1, size);
+ if (session->key.auth_info == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- session->key->auth_info_type = type;
- session->key->auth_info_size = size;
+ session->key.auth_info_type = type;
+ session->key.auth_info_size = size;
}
else
{
@@ -400,7 +398,7 @@ _gnutls_auth_info_set (gnutls_session_t session,
* ciphersuite which is negotiated has different authentication
* schema.
*/
- if (gnutls_auth_get_type (session) != session->key->auth_info_type)
+ if (gnutls_auth_get_type (session) != session->key.auth_info_type)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -414,20 +412,20 @@ _gnutls_auth_info_set (gnutls_session_t session,
* certificate (in order to prevent revealing the certificate's
contents,
* to passive eavesdropers.
*/
- if (gnutls_auth_get_type (session) != session->key->auth_info_type)
+ if (gnutls_auth_get_type (session) != session->key.auth_info_type)
{
_gnutls_free_auth_info (session);
- session->key->auth_info = calloc (1, size);
- if (session->key->auth_info == NULL)
+ session->key.auth_info = calloc (1, size);
+ if (session->key.auth_info == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
- session->key->auth_info_type = type;
- session->key->auth_info_size = size;
+ session->key.auth_info_type = type;
+ session->key.auth_info_size = size;
}
}
}
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index 51ffb35..fe367e8 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -47,7 +47,7 @@ typedef struct mod_auth_st_int
uint8_t *, size_t);
} mod_auth_st;
-const void *_gnutls_get_cred (gnutls_key_st key,
+const void *_gnutls_get_cred (gnutls_session_t session,
gnutls_credentials_type_t kx, int *err);
const void *_gnutls_get_kx_cred (gnutls_session_t session,
gnutls_kx_algorithm_t algo, int *err);
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index d5912e9..afdc7de 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -594,7 +594,7 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
return GNUTLS_E_INVALID_REQUEST;
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 84dcd70..5455ca3 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2477,7 +2477,7 @@ static int run_verify_callback(gnutls_session_t session,
unsigned int side)
int ret, type;
cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
GNUTLS_CRD_CERTIFICATE,
NULL);
@@ -3108,7 +3108,7 @@ check_server_params (gnutls_session_t session,
{
int delete;
gnutls_certificate_credentials_t x509_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
cred_type, NULL);
if (x509_cred != NULL)
@@ -3143,7 +3143,7 @@ check_server_params (gnutls_session_t session,
else if (cred_type == GNUTLS_CRD_ANON)
{
gnutls_anon_server_credentials_t anon_cred =
- (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key,
+ (gnutls_anon_server_credentials_t) _gnutls_get_cred (session,
cred_type, NULL);
if (anon_cred != NULL)
@@ -3158,7 +3158,7 @@ check_server_params (gnutls_session_t session,
else if (cred_type == GNUTLS_CRD_PSK)
{
gnutls_psk_server_credentials_t psk_cred =
- (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key,
+ (gnutls_psk_server_credentials_t) _gnutls_get_cred (session,
cred_type, NULL);
if (psk_cred != NULL)
@@ -3229,7 +3229,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t
session,
*/
cert_cred =
- (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session,
GNUTLS_CRD_CERTIFICATE,
NULL);
@@ -3303,7 +3303,7 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t
session,
SRP credential too. */
if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
{
- if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL))
+ if (!_gnutls_get_cred (session, GNUTLS_CRD_SRP, NULL))
{
delete = 1;
}
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 48a60eb..1f103cb 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -424,7 +424,7 @@ struct gnutls_key_st
* for a client certificate verify
*/
};
-typedef struct gnutls_key_st *gnutls_key_st;
+typedef struct gnutls_key_st gnutls_key_st;
struct pin_info_st
{
diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c
index 0cebd38..9654a5e 100644
--- a/lib/gnutls_kx.c
+++ b/lib/gnutls_kx.c
@@ -79,7 +79,7 @@ int
_gnutls_generate_master (gnutls_session_t session, int keep_premaster)
{
if (session->internals.resumed == RESUME_FALSE)
- return generate_normal_master (session, &session->key->key,
keep_premaster);
+ return generate_normal_master (session, &session->key.key, keep_premaster);
else if (session->internals.premaster_set)
{
gnutls_datum_t premaster;
@@ -306,7 +306,7 @@ _gnutls_send_client_certificate_verify (gnutls_session_t
session, int again)
/* if certificate verify is not needed just exit
*/
- if (session->key->crt_requested == 0)
+ if (session->key.crt_requested == 0)
return 0;
@@ -357,7 +357,7 @@ _gnutls_send_client_certificate (gnutls_session_t session,
int again)
int ret = 0;
- if (session->key->crt_requested == 0)
+ if (session->key.crt_requested == 0)
return 0;
if (session->internals.auth_struct->gnutls_generate_client_certificate ==
@@ -651,7 +651,7 @@ _gnutls_recv_client_certificate (gnutls_session_t session)
if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional != 0)
ret = 0;
else
- session->key->crt_requested = 1;
+ session->key.crt_requested = 1;
cleanup:
_gnutls_buffer_clear(&buf);
@@ -708,7 +708,7 @@ _gnutls_recv_client_certificate_verify_message
(gnutls_session_t session)
return 0;
if (session->internals.send_cert_req == 0 ||
- session->key->crt_requested == 0)
+ session->key.crt_requested == 0)
{
return 0;
}
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index a9a1ea0..84a62b7 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -183,7 +183,7 @@ _gnutls_session_cert_type_supported (gnutls_session_t
session,
if (session->security_parameters.entity == GNUTLS_SERVER)
{
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
@@ -341,14 +341,6 @@ gnutls_init (gnutls_session_t * session, unsigned int
flags)
_mbuffer_head_init (&(*session)->internals.handshake_send_buffer);
_gnutls_handshake_recv_buffer_init(*session);
- (*session)->key = gnutls_calloc (1, sizeof (struct gnutls_key_st));
- if ((*session)->key == NULL)
- {
- gnutls_free (*session);
- *session = NULL;
- return GNUTLS_E_MEMORY_ERROR;
- }
-
(*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour
default */
gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS);
@@ -467,33 +459,27 @@ gnutls_deinit (gnutls_session_t session)
gnutls_credentials_clear (session);
_gnutls_selected_certs_deinit (session);
- if (session->key != NULL)
- {
- gnutls_pk_params_release(&session->key->ecdh_params);
- _gnutls_mpi_release (&session->key->ecdh_x);
- _gnutls_mpi_release (&session->key->ecdh_y);
-
- _gnutls_mpi_release (&session->key->KEY);
- _gnutls_mpi_release (&session->key->client_Y);
- _gnutls_mpi_release (&session->key->client_p);
- _gnutls_mpi_release (&session->key->client_g);
-
- _gnutls_mpi_release (&session->key->u);
- _gnutls_mpi_release (&session->key->a);
- _gnutls_mpi_release (&session->key->x);
- _gnutls_mpi_release (&session->key->A);
- _gnutls_mpi_release (&session->key->B);
- _gnutls_mpi_release (&session->key->b);
-
- /* RSA */
- _gnutls_mpi_release (&session->key->rsa[0]);
- _gnutls_mpi_release (&session->key->rsa[1]);
-
- _gnutls_mpi_release (&session->key->dh_secret);
- gnutls_free (session->key);
-
- session->key = NULL;
- }
+ gnutls_pk_params_release(&session->key.ecdh_params);
+ _gnutls_mpi_release (&session->key.ecdh_x);
+ _gnutls_mpi_release (&session->key.ecdh_y);
+
+ _gnutls_mpi_release (&session->key.KEY);
+ _gnutls_mpi_release (&session->key.client_Y);
+ _gnutls_mpi_release (&session->key.client_p);
+ _gnutls_mpi_release (&session->key.client_g);
+
+ _gnutls_mpi_release (&session->key.u);
+ _gnutls_mpi_release (&session->key.a);
+ _gnutls_mpi_release (&session->key.x);
+ _gnutls_mpi_release (&session->key.A);
+ _gnutls_mpi_release (&session->key.B);
+ _gnutls_mpi_release (&session->key.b);
+
+ /* RSA */
+ _gnutls_mpi_release (&session->key.rsa[0]);
+ _gnutls_mpi_release (&session->key.rsa[1]);
+
+ _gnutls_mpi_release (&session->key.dh_secret);
memset (session, 0, sizeof (struct gnutls_session_int));
gnutls_free (session);
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 310627c..654810a 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -505,7 +505,7 @@ gnutls_certificate_get_ours (gnutls_session_t session)
CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL || cred->certs == NULL)
{
gnutls_assert ();
@@ -566,7 +566,7 @@ gnutls_certificate_get_peers (gnutls_session_t
int
gnutls_certificate_client_get_request_status (gnutls_session_t session)
{
- return session->key->crt_requested;
+ return session->key.crt_requested;
}
/**
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 1d7128b..309b267 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -208,7 +208,7 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
}
cred = (gnutls_certificate_credentials_t)
- _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
diff --git a/libdane/dane.c b/libdane/dane.c
index 4f4569a..0596f8e 100644
--- a/libdane/dane.c
+++ b/libdane/dane.c
@@ -436,7 +436,8 @@ cleanup:
* @hostname: The hostname associated with the chain
* @proto: The protocol of the service connecting (e.g. tcp)
* @port: The port of the service connecting (e.g. 443)
- * @flags: should be zero
+ * @sflags: Flags for the the initialization of @s (if NULL)
+ * @vflags: Verification flags; should be zero
* @verify: An OR'ed list of %dane_verify_status_t.
*
* This function will verify the given certificate chain against the
@@ -460,7 +461,8 @@ int dane_verify_crt (dane_state_t s,
const gnutls_datum_t *chain, unsigned chain_size,
gnutls_certificate_type_t chain_type,
const char * hostname, const char* proto, unsigned int port,
- unsigned int flags, unsigned int *verify)
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify)
{
dane_state_t _s = NULL;
dane_query_t r = NULL;
@@ -474,7 +476,7 @@ gnutls_datum_t data;
*verify = 0;
if (s == NULL) {
- ret = dane_state_init(&_s, flags);
+ ret = dane_state_init(&_s, sflags);
if (ret < 0) {
return ret;
}
@@ -523,7 +525,8 @@ cleanup:
* @hostname: The hostname associated with the chain
* @proto: The protocol of the service connecting (e.g. tcp)
* @port: The port of the service connecting (e.g. 443)
- * @flags: should be zero.
+ * @sflags: Flags for the the initialization of @s (if NULL)
+ * @vflags: Verification flags; should be zero
* @verify: An OR'ed list of %dane_verify_status_t.
*
* This function will verify session's certificate chain against the
@@ -538,7 +541,8 @@ int dane_verify_session_crt (
dane_state_t s,
gnutls_session_t session,
const char * hostname, const char* proto, unsigned int port,
- unsigned int flags, unsigned int *verify)
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify)
{
const gnutls_datum_t *cert_list;
unsigned int cert_list_size = 0;
@@ -551,5 +555,5 @@ unsigned int type;
type = gnutls_certificate_type_get(session);
- return dane_verify_crt(s, cert_list, cert_list_size, type, hostname,
proto, port, flags, verify);
+ return dane_verify_crt(s, cert_list, cert_list_size, type, hostname,
proto, port, sflags, vflags, verify);
}
diff --git a/libdane/includes/gnutls/dane.h b/libdane/includes/gnutls/dane.h
index 74a28f9..59392da 100644
--- a/libdane/includes/gnutls/dane.h
+++ b/libdane/includes/gnutls/dane.h
@@ -136,13 +136,15 @@ int dane_verify_crt (dane_state_t s,
const gnutls_datum_t *chain, unsigned chain_size,
gnutls_certificate_type_t chain_type,
const char * hostname, const char* proto, unsigned int port,
- unsigned int flags, unsigned int *verify);
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify);
int dane_verify_session_crt (
dane_state_t s,
gnutls_session_t session,
const char * hostname, const char* proto, unsigned int port,
- unsigned int flags, unsigned int *verify);
+ unsigned int sflags, unsigned int vflags,
+ unsigned int *verify);
const char * dane_strerror (int error);
diff --git a/src/cli.c b/src/cli.c
index 8dad548..a4bcc46 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -485,7 +485,7 @@ cert_verify_callback (gnutls_session_t session)
if (dane) /* try DANE auth */
{
rc = dane_verify_session_crt( NULL, session, hostname, udp?"udp":"tcp",
atoi(service),
- DANE_F_IGNORE_LOCAL_RESOLVER, &status);
+ DANE_F_IGNORE_LOCAL_RESOLVER, 0, &status);
if (rc < 0)
{
fprintf(stderr, "*** DANE verification error: %s\n",
dane_strerror(rc));
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_2-71-g80c4b5e,
Nikos Mavrogiannopoulos <=