[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_7-35-g1836ecf
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_7-35-g1836ecf |
|
Date: |
Wed, 09 Nov 2011 07:48:41 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1836ecf17d4821bfb8803ff150092a6a9fede5e4
The branch, master has been updated
via 1836ecf17d4821bfb8803ff150092a6a9fede5e4 (commit)
via e562008f319c3695937f989f342e98b65b7c7941 (commit)
via 8116cdc8f131edd586dad3128ae35dd744cfc32f (commit)
via 63b99057d90aa4257ccb05f024c55185c7cf8ca8 (commit)
via 395d620849722bd7fef44cb540a6bb435694d626 (commit)
via 8462e62e31fd8244ecf8c47cd7b6084837b9da17 (commit)
from e5d8a79fcc429902e8fb9b7cec91d66b965df5bb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1836ecf17d4821bfb8803ff150092a6a9fede5e4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Nov 9 08:50:16 2011 +0100
enable _gnutls_dump_mpi() when debugging.
commit e562008f319c3695937f989f342e98b65b7c7941
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Nov 9 08:49:26 2011 +0100
Revert "Remove dead code."
This reverts commit e5d8a79fcc429902e8fb9b7cec91d66b965df5bb.
commit 8116cdc8f131edd586dad3128ae35dd744cfc32f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 8 22:06:26 2011 +0100
No need to distribute the libgcrypt backend (which cannot even be compiled).
commit 63b99057d90aa4257ccb05f024c55185c7cf8ca8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 8 22:03:00 2011 +0100
updated to include padlock.
commit 395d620849722bd7fef44cb540a6bb435694d626
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 8 22:02:30 2011 +0100
release allocated memory on a cipher or mac failure to initialize.
commit 8462e62e31fd8244ecf8c47cd7b6084837b9da17
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 8 17:53:03 2011 +0100
clarified usage of gnutls_record_check_pending().
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 1 -
doc/cha-gtls-app.texi | 3 +-
lib/Makefile.am | 5 -
lib/accelerated/x86/README | 4 +-
lib/debug.c | 22 ++-
lib/debug.h | 1 +
lib/gcrypt/Makefile.am | 34 --
lib/gcrypt/cipher.c | 166 ---------
lib/gcrypt/init.c | 82 -----
lib/gcrypt/mac.c | 183 ----------
lib/gcrypt/mpi.c | 415 ---------------------
lib/gcrypt/pk.c | 859 --------------------------------------------
lib/gcrypt/rnd.c | 60 ---
lib/nettle/cipher.c | 1 +
lib/nettle/mac.c | 6 +-
15 files changed, 31 insertions(+), 1811 deletions(-)
delete mode 100644 lib/gcrypt/Makefile.am
delete mode 100644 lib/gcrypt/cipher.c
delete mode 100644 lib/gcrypt/init.c
delete mode 100644 lib/gcrypt/mac.c
delete mode 100644 lib/gcrypt/mpi.c
delete mode 100644 lib/gcrypt/pk.c
delete mode 100644 lib/gcrypt/rnd.c
diff --git a/configure.ac b/configure.ac
index 2e7e579..70554cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -487,7 +487,6 @@ AC_CONFIG_FILES([
lib/openpgp/Makefile
po/Makefile.in
lib/x509/Makefile
- lib/gcrypt/Makefile
lib/nettle/Makefile
tests/suite/Makefile
lib/accelerated/Makefile
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 72aab12..00eaeef 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -218,8 +218,7 @@ messages may arrive out of order.
@showfuncdesc{gnutls_record_recv_seq}
A helper function is available to check whether data
-to be read are pending in a @acronym{GnuTLS} session.
-This is the equivalent of @code{select} in @acronym{POSIX} systems.
+to be read are available in a @acronym{GnuTLS} session buffers.
@showfuncdesc{gnutls_record_check_pending}
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 1edaa5e..90c3369 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -81,8 +81,6 @@ endif
if ENABLE_NETTLE
SUBDIRS += nettle
-else
-SUBDIRS += gcrypt
endif
HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h \
@@ -138,9 +136,6 @@ endif
if ENABLE_NETTLE
libgnutls_la_LDFLAGS += $(LTLIBNETTLE)
libgnutls_la_LIBADD += nettle/libcrypto.la
-else
-libgnutls_la_LDFLAGS += $(LTLIBGCRYPT)
-libgnutls_la_LIBADD += gcrypt/libcrypto.la
endif
if HAVE_LD_OUTPUT_DEF
diff --git a/lib/accelerated/x86/README b/lib/accelerated/x86/README
index dc1f43f..9325982 100644
--- a/lib/accelerated/x86/README
+++ b/lib/accelerated/x86/README
@@ -1,3 +1,3 @@
-The AES-NI implementation by Andy Polyakov is not part of the GnuTLS library,
but is
-used with GnuTLS. Its license is included in license.txt.
+The AES-NI and Padlock implementation by Andy Polyakov is not part of the
GnuTLS library, but is
+used with GnuTLS. Their license is included in license.txt.
diff --git a/lib/debug.c b/lib/debug.c
index 6aa2a09..19246e4 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2001-2011 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
@@ -25,6 +26,23 @@
#include <stdio.h>
#include <stdlib.h>
#include "debug.h"
+#include <gnutls_mpi.h>
+
+#ifdef DEBUG
+void
+_gnutls_dump_mpi (const char *prefix, bigint_t a)
+{
+ char buf[400];
+ char buf_hex[2 * sizeof (buf)];
+ size_t n = sizeof buf;
+
+ if (_gnutls_mpi_print (a, buf, &n))
+ strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
+ _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
+ NULL));
+}
+#endif
const char *
_gnutls_packet2str (content_type_t packet)
@@ -47,6 +65,7 @@ _gnutls_packet2str (content_type_t packet)
const char *
_gnutls_handshake2str (gnutls_handshake_description_t handshake)
{
+
switch (handshake)
{
case GNUTLS_HANDSHAKE_HELLO_REQUEST:
@@ -96,5 +115,6 @@ _gnutls_handshake2str (gnutls_handshake_description_t
handshake)
break;
default:
return "Unknown Handshake packet";
+
}
}
diff --git a/lib/debug.h b/lib/debug.h
index 4d3d2b0..d0ad693 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -22,3 +22,4 @@
const char *_gnutls_packet2str (content_type_t packet);
const char *_gnutls_handshake2str (gnutls_handshake_description_t handshake);
+void _gnutls_dump_mpi (const char *prefix, bigint_t a);
diff --git a/lib/gcrypt/Makefile.am b/lib/gcrypt/Makefile.am
deleted file mode 100644
index e2d7fc4..0000000
--- a/lib/gcrypt/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-## Process this file with automake to produce Makefile.in
-# Copyright (C) 2004-2011 Free Software Foundation, Inc.
-#
-# Author: Nikos Mavroyanopoulos
-#
-# This file is part of GNUTLS.
-#
-# The GNUTLS library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public License
-# as published by the Free Software Foundation; either version 3 of
-# the License, or (at your option) any later version.
-#
-# The GNUTLS library is distributed in the hope that it will be
-# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
-# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>
-
-AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
-AM_CPPFLAGS = \
- -I$(srcdir)/../../gl \
- -I$(srcdir)/../includes \
- -I$(builddir)/../includes \
- -I$(srcdir)/..
-
-if ENABLE_MINITASN1
-AM_CPPFLAGS += -I$(srcdir)/../minitasn1
-endif
-
-noinst_LTLIBRARIES = libcrypto.la
-
-libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c
diff --git a/lib/gcrypt/cipher.c b/lib/gcrypt/cipher.c
deleted file mode 100644
index e5427c6..0000000
--- a/lib/gcrypt/cipher.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * Copyright (C) 2008, 2010, 2011 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* Here lie everything that has to do with large numbers, libgcrypt and
- * other stuff that didn't fit anywhere else.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_cipher_int.h>
-#include <gcrypt.h>
-
-/* Functions that refer to the libgcrypt library.
- */
-
-#error GCM is missing
-
-static int
-wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx)
-{
- int err;
-
- switch (algo)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_AES_192_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_AES_256_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_3DES_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_DES_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_ARCFOUR_128:
- case GNUTLS_CIPHER_ARCFOUR_40:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR,
- GCRY_CIPHER_MODE_STREAM, 0);
- break;
-
- case GNUTLS_CIPHER_RC2_40_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_CAMELLIA_128_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
-
- case GNUTLS_CIPHER_CAMELLIA_256_CBC:
- err =
- gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256,
- GCRY_CIPHER_MODE_CBC, 0);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (err == 0)
- return 0;
-
- gnutls_assert ();
- return GNUTLS_E_ENCRYPTION_FAILED;
-}
-
-static int
-wrap_gcry_cipher_setkey (void *ctx, const void *key, size_t keysize)
-{
- gcry_cipher_setkey (ctx, key, keysize);
- return 0;
-}
-
-static int
-wrap_gcry_cipher_setiv (void *ctx, const void *iv, size_t ivsize)
-{
- gcry_cipher_setiv (ctx, iv, ivsize);
- return 0;
-}
-
-static int
-wrap_gcry_cipher_decrypt (void *ctx, const void *encr, size_t encrsize,
- void *plain, size_t plainsize)
-{
- int err;
-
- err = gcry_cipher_decrypt (ctx, plain, plainsize, encr, encrsize);
- if (err == 0)
- return 0;
-
- gnutls_assert ();
- return GNUTLS_E_ENCRYPTION_FAILED;
-}
-
-static int
-wrap_gcry_cipher_encrypt (void *ctx, const void *plain, size_t plainsize,
- void *encr, size_t encrsize)
-{
- int err;
-
- err = gcry_cipher_encrypt (ctx, encr, encrsize, plain, plainsize);
- if (err == 0)
- return 0;
-
- gnutls_assert ();
- return GNUTLS_E_ENCRYPTION_FAILED;
-}
-
-static void
-wrap_gcry_cipher_close (void *h)
-{
- gcry_cipher_close (h);
-}
-
-
-gnutls_crypto_cipher_st _gnutls_cipher_ops = {
- .init = wrap_gcry_cipher_init,
- .setkey = wrap_gcry_cipher_setkey,
- .setiv = wrap_gcry_cipher_setiv,
- .encrypt = wrap_gcry_cipher_encrypt,
- .decrypt = wrap_gcry_cipher_decrypt,
- .deinit = wrap_gcry_cipher_close,
-};
diff --git a/lib/gcrypt/init.c b/lib/gcrypt/init.c
deleted file mode 100644
index 3d69f44..0000000
--- a/lib/gcrypt/init.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (C) 2010-2011 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gcrypt.h>
-#include <locks.h>
-
-#define GNUTLS_MIN_LIBGCRYPT_VERSION "1.2.4"
-
-/* Functions that refer to the initialization of the libgcrypt library.
- */
-
-static struct gcry_thread_cbs gct = {
- .option = (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
- .init = NULL,
- .select = NULL,
- .waitpid = NULL,
- .accept = NULL,
- .connect = NULL,
- .sendmsg = NULL,
- .recvmsg = NULL,
-};
-
-int
-gnutls_crypto_init (void)
-{
- /* Initialize libgcrypt if it hasn't already been initialized. */
- if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
- {
- const char *p;
-
- if (gnutls_mutex_init != NULL)
- {
- gct.mutex_init = gnutls_mutex_init;
- gct.mutex_destroy = gnutls_mutex_deinit;
- gct.mutex_lock = gnutls_mutex_lock;
- gct.mutex_unlock = gnutls_mutex_unlock;
-
- gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
- }
-
- p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION);
-
- if (p == NULL)
- {
- gnutls_assert ();
- _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n",
- gcry_check_version (NULL),
- GNUTLS_MIN_LIBGCRYPT_VERSION);
- return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
- }
-
- /* for gcrypt in order to be able to allocate memory */
- gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
-
- gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
-
- gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
- }
-
- return 0;
-}
diff --git a/lib/gcrypt/mac.c b/lib/gcrypt/mac.c
deleted file mode 100644
index a72e65b..0000000
--- a/lib/gcrypt/mac.c
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Copyright (C) 2008-2011 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* This file provides is the backend hash/mac API for libgcrypt.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_hash_int.h>
-#include <gnutls_errors.h>
-#include <gcrypt.h>
-
-static int
-wrap_gcry_mac_init (gnutls_mac_algorithm_t algo, void **ctx)
-{
- int err;
- unsigned int flags = GCRY_MD_FLAG_HMAC;
-
- switch (algo)
- {
- case GNUTLS_MAC_MD5:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags);
- break;
- case GNUTLS_MAC_SHA1:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags);
- break;
- case GNUTLS_MAC_RMD160:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags);
- break;
- case GNUTLS_MAC_MD2:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags);
- break;
- case GNUTLS_MAC_SHA256:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags);
- break;
- case GNUTLS_MAC_SHA384:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags);
- break;
- case GNUTLS_MAC_SHA512:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (err == 0)
- return 0;
-
- gnutls_assert ();
- return GNUTLS_E_ENCRYPTION_FAILED;
-}
-
-static int
-wrap_gcry_md_setkey (void *ctx, const void *key, size_t keylen)
-{
- return gcry_md_setkey ((gcry_md_hd_t) ctx, key, keylen);
-}
-
-static int
-wrap_gcry_md_write (void *ctx, const void *text, size_t textsize)
-{
- gcry_md_write (ctx, text, textsize);
- return GNUTLS_E_SUCCESS;
-}
-
-static int
-wrap_gcry_md_copy (void **bhd, void *ahd)
-{
- return gcry_md_copy ((gcry_md_hd_t *) bhd, (gcry_md_hd_t) ahd);
-}
-
-static void
-wrap_gcry_md_close (void *hd)
-{
- gcry_md_close (hd);
-}
-
-static void
-wrap_gcry_md_reset (void *hd)
-{
- gcry_md_reset (hd);
-}
-
-static int
-wrap_gcry_hash_init (gnutls_mac_algorithm_t algo, void **ctx)
-{
- int err;
- unsigned int flags = 0;
-
- switch (algo)
- {
- case GNUTLS_DIG_MD5:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags);
- break;
- case GNUTLS_DIG_SHA1:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags);
- break;
- case GNUTLS_DIG_RMD160:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags);
- break;
- case GNUTLS_DIG_MD2:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags);
- break;
- case GNUTLS_DIG_SHA256:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags);
- break;
- case GNUTLS_DIG_SHA224:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA224, flags);
- break;
- case GNUTLS_DIG_SHA384:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags);
- break;
- case GNUTLS_DIG_SHA512:
- err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags);
- break;
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (err == 0)
- return 0;
-
- gnutls_assert ();
- return GNUTLS_E_ENCRYPTION_FAILED;
-}
-
-static int
-wrap_gcry_mac_output (void *src_ctx, void *digest, size_t digestsize)
-{
- opaque *_digest = gcry_md_read (src_ctx, 0);
-
- if (_digest != NULL)
- {
- unsigned int len = gcry_md_get_algo_dlen (gcry_md_get_algo (src_ctx));
-
- if (len <= digestsize && digest != NULL)
- memcpy (digest, _digest, len);
-
- return 0;
- }
-
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
-}
-
-
-gnutls_crypto_mac_st _gnutls_mac_ops = {
- .init = wrap_gcry_mac_init,
- .setkey = wrap_gcry_md_setkey,
- .hash = wrap_gcry_md_write,
- .reset = wrap_gcry_md_reset,
- .output = wrap_gcry_mac_output,
- .deinit = wrap_gcry_md_close,
-};
-
-gnutls_crypto_digest_st _gnutls_digest_ops = {
- .init = wrap_gcry_hash_init,
- .hash = wrap_gcry_md_write,
- .copy = wrap_gcry_md_copy,
- .reset = wrap_gcry_md_reset,
- .output = wrap_gcry_mac_output,
- .deinit = wrap_gcry_md_close,
-};
diff --git a/lib/gcrypt/mpi.c b/lib/gcrypt/mpi.c
deleted file mode 100644
index 5239d7c..0000000
--- a/lib/gcrypt/mpi.c
+++ /dev/null
@@ -1,415 +0,0 @@
-/*
- * Copyright (C) 2001-2011 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* Here lie everything that has to do with large numbers, libgcrypt and
- * other stuff that didn't fit anywhere else.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-#include <gnutls_mpi.h>
-#include <gcrypt.h>
-
-/* Functions that refer to the libgcrypt library.
- */
-
-static inline int
-_format_conv (gnutls_bigint_format_t format)
-{
- if (format == GNUTLS_MPI_FORMAT_USG)
- return GCRYMPI_FMT_USG;
- else if (format == GNUTLS_MPI_FORMAT_STD)
- return GCRYMPI_FMT_STD;
- else
- return GCRYMPI_FMT_PGP;
-}
-
-/* returns (0) on success
- */
-static bigint_t
-wrap_gcry_mpi_scan (const void *buffer, size_t nbytes,
- gnutls_bigint_format_t format)
-{
- gcry_mpi_t ret_mpi = NULL;
- int ret;
-
- ret = gcry_mpi_scan (&ret_mpi, _format_conv (format), buffer, nbytes, NULL);
- if (ret != 0)
- return NULL;
-
- return ret_mpi;
-}
-
-static int
-wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
- gnutls_bigint_format_t format)
-{
- int ret;
- size_t init_bytes = *nbytes;
-
- format = _format_conv (format);
-
- if (nbytes == NULL || a == NULL)
- return GNUTLS_E_INVALID_REQUEST;
-
- ret = gcry_mpi_print (format, buffer, *nbytes, nbytes, a);
- if (!ret)
- {
- if (buffer == NULL || init_bytes < *nbytes)
- {
-
- /* in STD format we may want to include
- * an extra byte for (0). Sometimes the gcry_
- * function doesn't add it.
- */
- if (format == GNUTLS_MPI_FORMAT_STD)
- (*nbytes)++;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- return 0;
- }
-
- return GNUTLS_E_MPI_PRINT_FAILED;
-}
-
-static bigint_t
-wrap_gcry_mpi_new (int nbits)
-{
- return gcry_mpi_new (nbits);
-}
-
-static int
-wrap_gcry_mpi_cmp (const bigint_t u, const bigint_t v)
-{
- return gcry_mpi_cmp (u, v);
-}
-
-static int
-wrap_gcry_mpi_cmp_ui (const bigint_t u, unsigned long v)
-{
- return gcry_mpi_cmp_ui (u, v);
-}
-
-static bigint_t
-wrap_gcry_mpi_set (bigint_t w, const bigint_t u)
-{
- return gcry_mpi_set (w, u);
-}
-
-static bigint_t
-wrap_gcry_mpi_set_ui (bigint_t w, unsigned long u)
-{
- return gcry_mpi_set_ui (w, u);
-}
-
-static unsigned int
-wrap_gcry_mpi_get_nbits (bigint_t a)
-{
- return gcry_mpi_get_nbits (a);
-}
-
-static void
-wrap_gcry_mpi_release (bigint_t a)
-{
- gcry_mpi_release (a);
-}
-
-#undef _gnutls_mpi_alloc_like
-#define _gnutls_mpi_alloc_like(x) gcry_mpi_new(gcry_mpi_get_nbits(x))
-
-static bigint_t
-wrap_gcry_mpi_mod (const bigint_t a, const bigint_t b)
-{
- bigint_t r = _gnutls_mpi_alloc_like (b);
-
- if (r == NULL)
- return NULL;
-
- gcry_mpi_mod (r, a, b);
-
- return r;
-}
-
-static bigint_t
-wrap_gcry_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
- const bigint_t m)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (m);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_powm (w, b, e, m);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (m);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_addm (w, a, b, m);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (m);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_subm (w, a, b, m);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
- const bigint_t m)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (m);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_mulm (w, a, b, m);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_add (bigint_t w, const bigint_t a, const bigint_t b)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (b);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_add (w, a, b);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (b);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_sub (w, a, b);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (b);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_mul (w, a, b);
-
- return w;
-}
-
-/* q = a / b */
-static bigint_t
-wrap_gcry_mpi_div (bigint_t q, const bigint_t a, const bigint_t b)
-{
- if (q == NULL)
- q = _gnutls_mpi_alloc_like (a);
-
- if (q == NULL)
- return NULL;
-
- gcry_mpi_div (q, NULL, a, b, 0);
-
- return q;
-}
-
-static bigint_t
-wrap_gcry_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (a);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_add_ui (w, a, b);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (a);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_sub_ui (w, a, b);
-
- return w;
-}
-
-static bigint_t
-wrap_gcry_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
-{
- if (w == NULL)
- w = _gnutls_mpi_alloc_like (a);
-
- if (w == NULL)
- return NULL;
-
- gcry_mpi_mul_ui (w, a, b);
-
- return w;
-}
-
-static int
-wrap_gcry_prime_check (bigint_t pp)
-{
- return gcry_prime_check (pp, 0);
-}
-
-static int
-wrap_gcry_generate_group (gnutls_group_st * group, unsigned int bits)
-{
- gcry_mpi_t g = NULL, prime = NULL;
- gcry_error_t err;
- int times = 0, qbits;
- gcry_mpi_t *factors = NULL;
-
- /* Calculate the size of a prime factor of (prime-1)/2.
- * This is an emulation of the values in "Selecting Cryptographic Key Sizes"
paper.
- */
- if (bits < 256)
- qbits = bits / 2;
- else
- {
- qbits = (bits / 40) + 105;
- }
-
- if (qbits & 1) /* better have an even number */
- qbits++;
-
- /* find a prime number of size bits.
- */
- do
- {
- if (times)
- {
- gcry_mpi_release (prime);
- gcry_prime_release_factors (factors);
- }
-
- err = gcry_prime_generate (&prime, bits, qbits, &factors,
- NULL, NULL, GCRY_STRONG_RANDOM,
- GCRY_PRIME_FLAG_SPECIAL_FACTOR);
- if (err != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- err = gcry_prime_check (prime, 0);
-
- times++;
- }
- while (err != 0 && times < 10);
-
- if (err != 0)
- {
- gnutls_assert ();
- gcry_mpi_release (prime);
- gcry_prime_release_factors (factors);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the group generator.
- */
- err = gcry_prime_group_generator (&g, prime, factors, NULL);
- gcry_prime_release_factors (factors);
- if (err != 0)
- {
- gnutls_assert ();
- gcry_mpi_release (prime);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- group->g = g;
- group->p = prime;
-
- return 0;
-}
-
-int crypto_bigint_prio = INT_MAX;
-
-gnutls_crypto_bigint_st _gnutls_mpi_ops = {
- .bigint_new = wrap_gcry_mpi_new,
- .bigint_cmp = wrap_gcry_mpi_cmp,
- .bigint_cmp_ui = wrap_gcry_mpi_cmp_ui,
- .bigint_mod = wrap_gcry_mpi_mod,
- .bigint_set = wrap_gcry_mpi_set,
- .bigint_set_ui = wrap_gcry_mpi_set_ui,
- .bigint_get_nbits = wrap_gcry_mpi_get_nbits,
- .bigint_powm = wrap_gcry_mpi_powm,
- .bigint_addm = wrap_gcry_mpi_addm,
- .bigint_subm = wrap_gcry_mpi_subm,
- .bigint_add = wrap_gcry_mpi_add,
- .bigint_sub = wrap_gcry_mpi_sub,
- .bigint_add_ui = wrap_gcry_mpi_add_ui,
- .bigint_sub_ui = wrap_gcry_mpi_sub_ui,
- .bigint_mul = wrap_gcry_mpi_mul,
- .bigint_mulm = wrap_gcry_mpi_mulm,
- .bigint_mul_ui = wrap_gcry_mpi_mul_ui,
- .bigint_div = wrap_gcry_mpi_div,
- .bigint_prime_check = wrap_gcry_prime_check,
- .bigint_release = wrap_gcry_mpi_release,
- .bigint_print = wrap_gcry_mpi_print,
- .bigint_scan = wrap_gcry_mpi_scan,
- .bigint_generate_group = wrap_gcry_generate_group
-};
diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c
deleted file mode 100644
index 11ff8b6..0000000
--- a/lib/gcrypt/pk.c
+++ /dev/null
@@ -1,859 +0,0 @@
-/*
- * Copyright (C) 2001-2011 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* This file contains the functions needed for RSA/DSA public key
- * encryption and signatures.
- */
-
-#error NO ECC SUPPORT
-
-#include <gnutls_int.h>
-#include <gnutls_mpi.h>
-#include <gnutls_pk.h>
-#include <gnutls_errors.h>
-#include <gnutls_datum.h>
-#include <gnutls_global.h>
-#include <gnutls_num.h>
-#include <x509/x509_int.h>
-#include <x509/common.h>
-#include <random.h>
-#include <gnutls_pk.h>
-#include <gcrypt.h>
-
-/* this is based on code from old versions of libgcrypt (centuries ago)
- */
-
-int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ ,
- gnutls_pk_params_st *);
-
-static int
-_wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- const gnutls_pk_params_st * pk_params)
-{
- gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL;
- int rc = -1;
- int ret;
- bigint_t data, res;
- gcry_sexp_t list;
-
- if (_gnutls_mpi_scan_nz (&data, plaintext->data, plaintext->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- if (pk_params->params_nr >= 2)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pk_params->params[0], pk_params->params[1]);
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_data, NULL, "%m", data))
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- /* pass it to libgcrypt */
- rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_ENCRYPTION_FAILED;
- goto cleanup;
- }
-
- list = gcry_sexp_find_token (s_ciph, "a", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
- if (res == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_size (res, ciphertext, plaintext->size);
- _gnutls_mpi_release (&res);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_mpi_release (&data);
- if (s_ciph)
- gcry_sexp_release (s_ciph);
- if (s_data)
- gcry_sexp_release (s_data);
- if (s_pkey)
- gcry_sexp_release (s_pkey);
-
- return ret;
-}
-
-static int
-_wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
- gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- const gnutls_pk_params_st * pk_params)
-{
- gcry_sexp_t s_plain = NULL, s_data = NULL, s_pkey = NULL;
- int rc = -1;
- int ret;
- bigint_t data, res;
-
- if (_gnutls_mpi_scan_nz (&data, ciphertext->data, ciphertext->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GNUTLS_PK_RSA:
- if (pk_params->params_nr >= 6)
- rc = gcry_sexp_build (&s_pkey, NULL,
-
"(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3],
- pk_params->params[4], pk_params->params[5]);
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data))
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- /* pass it to libgcrypt */
- rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_DECRYPTION_FAILED;
- goto cleanup;
- }
-
- res = gcry_sexp_nth_mpi (s_plain, 0, 0);
- if (res == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = _gnutls_mpi_dprint_size (res, plaintext, ciphertext->size);
- _gnutls_mpi_release (&res);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_mpi_release (&data);
- if (s_plain)
- gcry_sexp_release (s_plain);
- if (s_data)
- gcry_sexp_release (s_data);
- if (s_pkey)
- gcry_sexp_release (s_pkey);
-
- return ret;
-
-}
-
-
-/* in case of DSA puts into data, r,s
- */
-static int
-_wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
- const gnutls_datum_t * vdata,
- const gnutls_pk_params_st * pk_params)
-{
- gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL;
- gcry_sexp_t list = NULL;
- int rc = -1, ret;
- bigint_t hash;
- bigint_t res[2] = { NULL, NULL };
-
- if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GNUTLS_PK_DSA:
- if (pk_params->params_nr >= 5)
- rc = gcry_sexp_build (&s_key, NULL,
- "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3],
- pk_params->params[4]);
- else
- {
- gnutls_assert ();
- }
-
- break;
- case GNUTLS_PK_RSA:
- if (pk_params->params_nr >= 6)
- rc = gcry_sexp_build (&s_key, NULL,
-
"(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3],
- pk_params->params[4], pk_params->params[5]);
- else
- {
- gnutls_assert ();
- }
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
-
- /* pass it to libgcrypt */
- rc = gcry_pk_sign (&s_sig, s_hash, s_key);
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto cleanup;
- }
-
- ret = GNUTLS_E_INTERNAL_ERROR;
-
- switch (algo)
- {
- case GNUTLS_PK_DSA:
- {
- list = gcry_sexp_find_token (s_sig, "r", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (s_sig, "s", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res[1] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- break;
-
- case GNUTLS_PK_RSA:
- {
- list = gcry_sexp_find_token (s_sig, "s", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- res[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- ret = _gnutls_mpi_dprint (res[0], signature);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- }
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_mpi_release (&hash);
- if (res[0])
- _gnutls_mpi_release (&res[0]);
- if (res[1])
- _gnutls_mpi_release (&res[1]);
- if (s_sig)
- gcry_sexp_release (s_sig);
- if (s_hash)
- gcry_sexp_release (s_hash);
- if (s_key)
- gcry_sexp_release (s_key);
-
- return ret;
-}
-
-static int
-_wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
- const gnutls_datum_t * vdata,
- const gnutls_datum_t * signature,
- const gnutls_pk_params_st * pk_params)
-{
- gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
- int rc = -1, ret;
- bigint_t hash;
- bigint_t tmp[2] = { NULL, NULL };
-
- if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GNUTLS_PK_DSA:
- if (pk_params->params_nr >= 4)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- pk_params->params[0], pk_params->params[1],
- pk_params->params[2], pk_params->params[3]);
- break;
- case GNUTLS_PK_RSA:
- if (pk_params->params_nr >= 2)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pk_params->params[0], pk_params->params[1]);
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- switch (algo)
- {
- case GNUTLS_PK_DSA:
- ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- rc = gcry_sexp_build (&s_sig, NULL,
- "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]);
- _gnutls_mpi_release (&tmp[0]);
- _gnutls_mpi_release (&tmp[1]);
- break;
-
- case GNUTLS_PK_RSA:
- ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
- if (ret < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
- rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]);
- _gnutls_mpi_release (&tmp[0]);
- break;
-
- default:
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
-
- if (rc != 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- goto cleanup;
- }
-
- ret = 0;
-
-cleanup:
- _gnutls_mpi_release (&hash);
- if (s_sig)
- gcry_sexp_release (s_sig);
- if (s_hash)
- gcry_sexp_release (s_hash);
- if (s_pkey)
- gcry_sexp_release (s_pkey);
-
- return ret;
-}
-
-static int
-_dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
-{
-
- int ret;
- gcry_sexp_t parms, key, list;
-
- /* FIXME: Remove me once we depend on 1.3.1 */
- if (bits > 1024 && gcry_check_version ("1.3.1") == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bits < 512)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
- if (ret != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the DSA key
- */
- ret = gcry_pk_genkey (&key, parms);
- gcry_sexp_release (parms);
-
- if (ret != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- list = gcry_sexp_find_token (key, "p", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "q", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "g", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "y", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- list = gcry_sexp_find_token (key, "x", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
-
- gcry_sexp_release (list);
- gcry_sexp_release (key);
-
- _gnutls_mpi_log ("p: ", resarr[0]);
- _gnutls_mpi_log ("q: ", resarr[1]);
- _gnutls_mpi_log ("g: ", resarr[2]);
- _gnutls_mpi_log ("y: ", resarr[3]);
- _gnutls_mpi_log ("x: ", resarr[4]);
-
- *resarr_len = 5;
-
- return 0;
-
-}
-
-static int
-_rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
-{
-
- int ret, i;
- gcry_sexp_t parms, key, list;
- bigint_t tmp;
-
- if (*resarr_len < RSA_PRIVATE_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
- if (ret != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the RSA key */
- ret = gcry_pk_genkey (&key, parms);
- gcry_sexp_release (parms);
-
- if (ret != 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- list = gcry_sexp_find_token (key, "n", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "e", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "d", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "p", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- list = gcry_sexp_find_token (key, "q", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- list = gcry_sexp_find_token (key, "u", 0);
- if (list == NULL)
- {
- gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
-
- gcry_sexp_release (list);
- gcry_sexp_release (key);
-
- _gnutls_mpi_log ("n: ", resarr[0]);
- _gnutls_mpi_log ("e: ", resarr[1]);
- _gnutls_mpi_log ("d: ", resarr[2]);
- _gnutls_mpi_log ("p: ", resarr[3]);
- _gnutls_mpi_log ("q: ", resarr[4]);
- _gnutls_mpi_log ("u: ", resarr[5]);
-
- /* generate e1 and e2 */
-
- *resarr_len = 6;
-
- tmp = _gnutls_mpi_alloc_like (resarr[0]);
- if (tmp == NULL)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len);
- if (ret < 0)
- {
- gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- (*resarr_len) += 2;
-
- return 0;
-
-cleanup:
- for (i = 0; i < *resarr_len; i++)
- _gnutls_mpi_release (&resarr[i]);
-
- return ret;
-}
-
-
-static int
-wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo,
- unsigned int level /*bits */ ,
- gnutls_pk_params_st * params)
-{
-
- switch (algo)
- {
-
- case GNUTLS_PK_DSA:
- params->params_nr = DSA_PRIVATE_PARAMS;
- if (params->params_nr > GNUTLS_MAX_PK_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- return _dsa_generate_params (params->params, ¶ms->params_nr, level);
-
- case GNUTLS_PK_RSA:
- params->params_nr = RSA_PRIVATE_PARAMS;
- if (params->params_nr > GNUTLS_MAX_PK_PARAMS)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- return _rsa_generate_params (params->params, ¶ms->params_nr, level);
-
- default:
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-}
-
-
-static int
-wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
- gnutls_direction_t direction,
- gnutls_pk_params_st * params)
-{
- int ret, result;
-
- /* only for RSA we invert the coefficient --pgp type */
-
- if (algo != GNUTLS_PK_RSA)
- return 0;
-
- if (params->params[5] == NULL)
- params->params[5] =
- _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0]));
-
- if (params->params[5] == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = 1;
- if (direction == GNUTLS_IMPORT)
- {
- /* calculate exp1 [6] and exp2 [7] */
- _gnutls_mpi_release (¶ms->params[6]);
- _gnutls_mpi_release (¶ms->params[7]);
- result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- ret =
- gcry_mpi_invm (params->params[5], params->params[3],
- params->params[4]);
-
- params->params_nr = RSA_PRIVATE_PARAMS;
- }
- else if (direction == GNUTLS_EXPORT)
- ret =
- gcry_mpi_invm (params->params[5], params->params[4], params->params[3]);
- if (ret == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-}
-
-int crypto_pk_prio = INT_MAX;
-
-gnutls_crypto_pk_st _gnutls_pk_ops = {
- .encrypt = _wrap_gcry_pk_encrypt,
- .decrypt = _wrap_gcry_pk_decrypt,
- .sign = _wrap_gcry_pk_sign,
- .verify = _wrap_gcry_pk_verify,
- .generate = wrap_gcry_pk_generate_params,
- .pk_fixup_private_params = wrap_gcry_pk_fixup,
-};
diff --git a/lib/gcrypt/rnd.c b/lib/gcrypt/rnd.c
deleted file mode 100644
index 842b09e..0000000
--- a/lib/gcrypt/rnd.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2008-2011 Free Software Foundation, Inc.
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GnuTLS.
- *
- * The GnuTLS is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* Here is the libgcrypt random generator layer.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_num.h>
-#include <gnutls_mpi.h>
-#include <gcrypt.h>
-
-static int
-wrap_gcry_rnd_init (void **ctx)
-{
- char c;
-
- gcry_create_nonce (&c, 1);
- gcry_randomize (&c, 1, GCRY_STRONG_RANDOM);
-
- return 0;
-}
-
-static int
-wrap_gcry_rnd (void *ctx, int level, void *data, size_t datasize)
-{
- if (level == GNUTLS_RND_NONCE)
- gcry_create_nonce (data, datasize);
- else
- gcry_randomize (data, datasize, level);
-
- return 0;
-}
-
-int crypto_rnd_prio = INT_MAX;
-
-gnutls_crypto_rnd_st _gnutls_rnd_ops = {
- .init = wrap_gcry_rnd_init,
- .deinit = NULL,
- .rnd = wrap_gcry_rnd,
-};
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index 014a549..83da473 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -182,6 +182,7 @@ wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo,
void **_ctx, int enc)
break;
default:
gnutls_assert ();
+ gnutls_free(ctx);
return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
index a0f4ea5..4a77895 100644
--- a/lib/nettle/mac.c
+++ b/lib/nettle/mac.c
@@ -177,7 +177,10 @@ wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void
**_ctx)
ret = _hmac_ctx_init(algo, ctx);
if (ret < 0)
- return gnutls_assert_val(ret);
+ {
+ gnutls_free(ctx);
+ return gnutls_assert_val(ret);
+ }
*_ctx = ctx;
@@ -372,6 +375,7 @@ wrap_nettle_hash_init (gnutls_digest_algorithm_t algo, void
**_ctx)
if ((ret=_ctx_init( algo, ctx)) < 0)
{
gnutls_assert ();
+ gnutls_free(ctx);
return ret;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_7-35-g1836ecf,
Nikos Mavrogiannopoulos <=