*** new/lib/Makefile.am 2011-10-21 16:22:54.000000000
+0200
--- old/lib/Makefile.am 2010-08-01 22:37:50.000000000 +0200
***************
*** 60,66 ****
auth_srp_sb64.c auth_srp_rsa.c
PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c
OPRFI_COBJECTS = ext_oprfi.c
--- 60,66 ----
auth_srp_sb64.c auth_srp_rsa.c
PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
! auth_dhe_psk.c gnutls_psk_netconf.c
OPRFI_COBJECTS = ext_oprfi.c
***************
*** 103,109 ****
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
ext_session_ticket.h ext_signature.h
gnutls_cryptodev.h \
! ext_safe_renegotiation.h auth_rsa.h
# Separate so we can create the documentation
--- 103,109 ----
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
ext_session_ticket.h ext_signature.h
gnutls_cryptodev.h \
! ext_safe_renegotiation.h
# Separate so we can create the documentation
*** new/lib/Makefile.in 2011-10-31 11:12:46.000000000 +0100
--- old/lib/Makefile.in 2010-09-30 08:43:01.000000000 +0200
***************
*** 180,192 ****
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
! ext_safe_renegotiation.h auth_rsa.h gnutls_record.c \
! gnutls_compress.c debug.c gnutls_cipher.c gnutls_buffers.c \
! gnutls_handshake.c gnutls_num.c gnutls_errors.c \
! gnutls_algorithms.c gnutls_dh.c gnutls_kx.c gnutls_priority.c \
! gnutls_hash_int.c gnutls_cipher_int.c gnutls_session.c \
! gnutls_db.c x509_b64.c auth_anon.c gnutls_extensions.c \
! gnutls_auth.c gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \
gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \
gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \
pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \
--- 180,192 ----
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
! ext_safe_renegotiation.h gnutls_record.c gnutls_compress.c \
! debug.c gnutls_cipher.c gnutls_buffers.c gnutls_handshake.c \
! gnutls_num.c gnutls_errors.c gnutls_algorithms.c gnutls_dh.c \
! gnutls_kx.c gnutls_priority.c gnutls_hash_int.c \
! gnutls_cipher_int.c gnutls_session.c gnutls_db.c x509_b64.c \
! auth_anon.c gnutls_extensions.c gnutls_auth.c \
! gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \
gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \
gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \
pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \
***************
*** 200,207 ****
crypto-api.c ext_safe_renegotiation.c ext_oprfi.c ext_srp.c \
gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \
auth_srp_rsa.c auth_psk.c auth_psk_passwd.c gnutls_psk.c \
! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c \
! ext_session_ticket.c gnutls.asn pkix.asn libgnutls.map
am__objects_1 =
am__objects_2 = ext_oprfi.lo
@address@hidden = $(am__objects_2)
--- 200,207 ----
crypto-api.c ext_safe_renegotiation.c ext_oprfi.c ext_srp.c \
gnutls_srp.c auth_srp.c auth_srp_passwd.c auth_srp_sb64.c \
auth_srp_rsa.c auth_psk.c auth_psk_passwd.c gnutls_psk.c \
! auth_dhe_psk.c gnutls_psk_netconf.c ext_session_ticket.c \
! gnutls.asn pkix.asn libgnutls.map
am__objects_1 =
am__objects_2 = ext_oprfi.lo
@address@hidden = $(am__objects_2)
***************
*** 227,233 ****
am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \
auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo
am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \
! auth_dhe_psk.lo gnutls_psk_netconf.lo auth_rsa_psk.lo
am__objects_7 = ext_session_ticket.lo
am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_4) \
$(am__objects_5) $(am__objects_6) $(am__objects_7)
--- 227,233 ----
am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \
auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo
am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \
! auth_dhe_psk.lo gnutls_psk_netconf.lo
am__objects_7 = ext_session_ticket.lo
am_libgnutls_la_OBJECTS = $(am__objects_1) $(am__objects_4) \
$(am__objects_5) $(am__objects_6) $(am__objects_7)
***************
*** 995,1001 ****
auth_srp_sb64.c auth_srp_rsa.c
PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
! auth_dhe_psk.c gnutls_psk_netconf.c auth_rsa_psk.c
OPRFI_COBJECTS = ext_oprfi.c
SESSION_TICKET_COBJECTS = ext_session_ticket.c
--- 995,1001 ----
auth_srp_sb64.c auth_srp_rsa.c
PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
! auth_dhe_psk.c gnutls_psk_netconf.c
OPRFI_COBJECTS = ext_oprfi.c
SESSION_TICKET_COBJECTS = ext_session_ticket.c
***************
*** 1032,1038 ****
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
ext_session_ticket.h ext_signature.h
gnutls_cryptodev.h \
! ext_safe_renegotiation.h auth_rsa.h
# Separate so we can create the documentation
--- 1032,1038 ----
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
gnutls_supplemental.h ext_oprfi.h crypto.h random.h \
ext_session_ticket.h ext_signature.h
gnutls_cryptodev.h \
! ext_safe_renegotiation.h
# Separate so we can create the documentation
***************
*** 1168,1174 ****
@AMDEP_TRUE@@am__include@
@address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
- @AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@ @address@hidden/$(DEPDIR)/address@hidden@
@AMDEP_TRUE@@am__include@
@address@hidden/$(DEPDIR)/address@hidden@
--- 1168,1173 ----
*** new/lib/auth_psk.c 2011-10-21 16:22:54.000000000 +0200
--- old/lib/auth_psk.c 2010-08-01 22:37:50.000000000 +0200
***************
*** 38,45 ****
--- 38,49 ----
int _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque **
data);
int _gnutls_gen_psk_client_kx (gnutls_session_t, opaque **);
+
int _gnutls_proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
+ int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size);
+
const mod_auth_st psk_auth_struct = {
"PSK",
NULL,
*** new/lib/auth_psk.h 2011-10-21 16:22:54.000000000 +0200
--- old/lib/auth_psk.h 2010-08-01 22:37:50.000000000 +0200
***************
*** 69,80 ****
int
_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t *
psk2);
- int
- _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque ** data);
- int
- _gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** data);
- int
- _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data, size_t
_data_size);
#else
# define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
#endif /* ENABLE_PSK */
--- 69,74 ----
*** new/lib/auth_rsa.c 2011-10-21 16:22:54.000000000 +0200
--- old/lib/auth_rsa.c 2010-08-01 22:37:50.000000000 +0200
***************
*** 42,48 ****
#include <gnutls_x509.h>
#include <random.h>
#include <gnutls_mpi.h>
- #include <auth_rsa.h>
int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
int _gnutls_proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
--- 42,47 ----
***************
*** 66,72 ****
/* This function reads the RSA parameters from peer's certificate;
*/
! int
_gnutls_get_public_rsa_params (gnutls_session_t session,
bigint_t
params[MAX_PUBLIC_PARAMS_SIZE],
int *params_len)
--- 65,71 ----
/* This function reads the RSA parameters from peer's certificate;
*/
! static int
_gnutls_get_public_rsa_params (gnutls_session_t session,
bigint_t
params[MAX_PUBLIC_PARAMS_SIZE],
int *params_len)
***************
*** 147,153 ****
/* This function reads the RSA parameters from the private key
*/
! int
_gnutls_get_private_rsa_params (gnutls_session_t session,
bigint_t ** params, int *params_size)
{
--- 146,152 ----
/* This function reads the RSA parameters from the private key
*/
! static int
_gnutls_get_private_rsa_params (gnutls_session_t session,
bigint_t ** params, int *params_size)
{
*** new/lib/gnutls_algorithms.c 2011-10-21 16:22:54.000000000 +0200
--- old/lib/gnutls_algorithms.c 2010-08-01 22:37:50.000000000 +0200
***************
*** 51,57 ****
{GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE,
GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
{GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
- {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
{GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
{GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
--- 51,56 ----
***************
*** 91,97 ****
{GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
- {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
{0, 0, 0}
};
--- 90,95 ----
***************
*** 273,279 ****
extern mod_auth_st srp_auth_struct;
extern mod_auth_st psk_auth_struct;
extern mod_auth_st dhe_psk_auth_struct;
- extern mod_auth_st rsa_psk_auth_struct;
extern mod_auth_st srp_rsa_auth_struct;
extern mod_auth_st srp_dss_auth_struct;
--- 271,276 ----
***************
*** 306,312 ****
{"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0,
0},
{"DHE-PSK", GNUTLS_KX_DHE_PSK,
&dhe_psk_auth_struct,
1 /* needs DHE params */ , 0},
- {"RSA-PSK", GNUTLS_KX_RSA_PSK,
&rsa_psk_auth_struct, 0, 0},
#endif
{0, 0, 0, 0, 0}
};
--- 303,308 ----
***************
*** 328,334 ****
#ifdef ENABLE_PSK
GNUTLS_KX_PSK,
GNUTLS_KX_DHE_PSK,
- GNUTLS_KX_RSA_PSK,
#endif
0
};
--- 324,329 ----
***************
*** 397,406 ****
#define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
#define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
- #define GNUTLS_RSA_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x92 }
- #define GNUTLS_RSA_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x93 }
- #define GNUTLS_RSA_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x94 }
- #define GNUTLS_RSA_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x95 }
/* SRP (rfc5054)
*/
--- 392,397 ----
***************
*** 562,585 ****
GNUTLS_MAC_SHA1, GNUTLS_TLS1,
GNUTLS_VERSION_MAX),
- /* RSA-PSK */
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_ARCFOUR_SHA1,
-
GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
-
GNUTLS_VERSION_MAX),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_3DES_EDE_CBC_SHA1,
-
GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
-
GNUTLS_VERSION_MAX),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_AES_128_CBC_SHA1,
-
GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
-
GNUTLS_VERSION_MAX),
- GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_PSK_SHA_AES_256_CBC_SHA1,
-
GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
- GNUTLS_MAC_SHA1, GNUTLS_TLS1,
-
GNUTLS_VERSION_MAX),
-
/* SRP */
GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_KX_SRP,
--- 553,558 ----
*** new/lib/gnutls_priority.c 2011-10-21 16:22:54.000000000 +0200
--- old/lib/gnutls_priority.c 2010-09-26 15:34:09.000000000 +0200
***************
*** 221,227 ****
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_PSK,
GNUTLS_KX_DHE_PSK,
- GNUTLS_KX_RSA_PSK,
GNUTLS_KX_SRP_RSA,
GNUTLS_KX_SRP_DSS,
GNUTLS_KX_SRP,
--- 221,226 ----
***************
*** 237,243 ****
GNUTLS_KX_DHE_DSS,
GNUTLS_KX_PSK,
GNUTLS_KX_DHE_PSK,
- GNUTLS_KX_RSA_PSK,
GNUTLS_KX_SRP_RSA,
GNUTLS_KX_SRP_DSS,
GNUTLS_KX_SRP,
--- 236,241 ----
***************
*** 254,260 ****
GNUTLS_KX_DHE_PSK,
GNUTLS_KX_SRP_RSA,
GNUTLS_KX_SRP_DSS,
- GNUTLS_KX_RSA_PSK,
GNUTLS_KX_RSA,
GNUTLS_KX_PSK,
GNUTLS_KX_SRP,
--- 252,257 ----
*** new/lib/gnutls_state.c 2011-10-21 16:22:54.000000000 +0200
--- old/lib/gnutls_state.c 2010-08-01 22:37:50.000000000 +0200
***************
*** 1240,1247 ****
kx =
_gnutls_cipher_suite_get_kx_algo
(&session->
security_parameters.current_cipher_suite);
! if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK
! || kx == GNUTLS_KX_RSA_PSK)
return 1;
return 0;
--- 1240,1246 ----
kx =
_gnutls_cipher_suite_get_kx_algo
(&session->
security_parameters.current_cipher_suite);
! if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK)
return 1;
return 0;
*** new/lib/includes/gnutls/gnutls.h.in 2011-10-21 16:22:52.000000000
+0200
--- old/lib/includes/gnutls/gnutls.h.in 2010-08-01 22:37:50.000000000
+0200
***************
*** 134,140 ****
* @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
* @GNUTLS_KX_PSK: PSK key-exchange algorithm.
* @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
- * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
*
* Enumeration of different key exchange algorithms.
*/
--- 134,139 ----
***************
*** 150,157 ****
GNUTLS_KX_SRP_RSA = 7,
GNUTLS_KX_SRP_DSS = 8,
GNUTLS_KX_PSK = 9,
! GNUTLS_KX_DHE_PSK = 10,
! GNUTLS_KX_RSA_PSK = 11
} gnutls_kx_algorithm_t;
/**
--- 149,155 ----
GNUTLS_KX_SRP_RSA = 7,
GNUTLS_KX_SRP_DSS = 8,
GNUTLS_KX_PSK = 9,
! GNUTLS_KX_DHE_PSK = 10
} gnutls_kx_algorithm_t;
/**