commit 42abf1bd87d3988c3e08feb93a2cc989c225cc36
parent b83c672f3e2656ad33dae2c38d1cc1a7eb4f106b
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 16 Nov 2008 01:19:13 +0000
dead code elimination
Diffstat:
30 files changed, 67 insertions(+), 2278 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,6 @@
+Sat Nov 15 17:34:24 MST 2008
+ Added build support for code coverage analysis. -CG
+
Sat Nov 15 00:31:33 MST 2008
Removing (broken) support for HTTPS servers with
anonymous (aka "no") certificates as well as
diff --git a/configure.ac b/configure.ac
@@ -335,9 +335,16 @@ AC_DEFINE([ENABLE_PKI],[0],[Include PKI support])
AC_DEFINE([DEBUG],[1],[Include gnutls debug message support])
AC_DEFINE([C99_MACROS],[1],[Include gnutls debug message support])
-AC_DEFINE([ENABLE_OPENSSL],[0],[Include ENABLE_OPENSSL support])
-AC_DEFINE([HAVE_LD_OUTPUT_DEF],[0],[Include HAVE_LD_OUTPUT_DEF support])
-AC_DEFINE([HAVE_LD_VERSION_SCRIPT],[0],[Include HAVE_LD_VERSION_SCRIPT support])
+
+
+# gcov compilation
+use_gcov=no
+AC_ARG_ENABLE([coverage], AS_HELP_STRING([--enable-coverage],
+ [Compile the library with code coverage support (default is NO)]),
+ [use_gcov=yes], [use_gcov=no])
+AM_CONDITIONAL([USE_COVERAGE], [test "x$use_gcov" = "xyes"])
+
+
AC_SUBST(CPPFLAGS)
diff --git a/contrib/coverage.sh b/contrib/coverage.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+# make sure configure was run with coverage enabled...
+lcov --directory . --zerocounters
+make check
+lcov --directory . --capture --output-file app.info
+mkdir /tmp/coverage
+genhtml -o /tmp/coverage app.info
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am
@@ -1,6 +1,10 @@
# including '.' mixes up build order when HTTPS is enabled.
SUBDIRS =
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon \
diff --git a/src/daemon/https/Makefile.am b/src/daemon/https/Makefile.am
@@ -1,2 +1,3 @@
EXTRA_DIST = gnutls.h
+
SUBDIRS = minitasn1 lgl x509 tls .
diff --git a/src/daemon/https/lgl/Makefile.am b/src/daemon/https/lgl/Makefile.am
@@ -6,6 +6,10 @@ AM_CPPFLAGS = -std=c99 \
# gc-gnulib.c
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
noinst_LTLIBRARIES = liblgl.la
liblgl_la_LDFLAGS = -lgcrypt
diff --git a/src/daemon/https/minitasn1/Makefile.am b/src/daemon/https/minitasn1/Makefile.am
@@ -4,6 +4,10 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/src/daemon/https/lgl \
-I$(top_srcdir)/src/daemon/https/tls
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
noinst_LTLIBRARIES = libasn1.la
libasn1_la_SOURCES = \
diff --git a/src/daemon/https/minitasn1/libtasn1.h b/src/daemon/https/minitasn1/libtasn1.h
@@ -156,9 +156,6 @@ extern "C"
MHD__asn1_retCode MHD__asn1_delete_structure (ASN1_TYPE * structure);
- MHD__asn1_retCode MHD__asn1_delete_element (ASN1_TYPE structure,
- const char *element_name);
-
MHD__asn1_retCode MHD__asn1_write_value (ASN1_TYPE node_root,
const char *name,
const void *ivalue, int len);
@@ -218,9 +215,6 @@ extern "C"
ASN1_TYPE MHD__asn1_find_node (ASN1_TYPE pointer, const char *name);
- MHD__asn1_retCode MHD__asn1_copy_node (ASN1_TYPE dst, const char *dst_name,
- ASN1_TYPE src, const char *src_name);
-
#ifdef __cplusplus
}
#endif
diff --git a/src/daemon/https/minitasn1/structure.c b/src/daemon/https/minitasn1/structure.c
@@ -267,49 +267,6 @@ MHD__asn1_delete_structure (ASN1_TYPE * structure)
return ASN1_SUCCESS;
}
-
-
-/**
- * MHD__asn1_delete_element - Deletes the element of a structure.
- * @structure: pointer to the structure that contains the element you
- * want to delete.
- * @element_name: element's name you want to delete.
- *
- * Deletes the element named *@element_name inside *@structure.
- *
- * Returns:
- *
- * ASN1_SUCCESS: Everything OK.
- *
- * ASN1_ELEMENT_NOT_FOUND: The name element was not found.
- *
- **/
-MHD__asn1_retCode
-MHD__asn1_delete_element (ASN1_TYPE structure, const char *element_name)
-{
- node_asn *p2, *p3, *source_node;
-
- source_node = MHD__asn1_find_node (structure, element_name);
-
- if (source_node == ASN1_TYPE_EMPTY)
- return ASN1_ELEMENT_NOT_FOUND;
-
- p2 = source_node->right;
- p3 = MHD__asn1_find_left (source_node);
- if (!p3)
- {
- p3 = MHD__asn1_find_up (source_node);
- if (p3)
- MHD__asn1_set_down (p3, p2);
- else if (source_node->right)
- source_node->right->left = NULL;
- }
- else
- MHD__asn1_set_right (p3, p2);
-
- return MHD__asn1_delete_structure (&source_node);
-}
-
node_asn *
MHD__asn1_copy_structure3 (node_asn * source_node)
{
@@ -730,54 +687,3 @@ MHD__asn1_find_structure_from_oid (ASN1_TYPE definitions,
return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
}
-/**
- * MHD__asn1_copy_node:
- * @dst: Destination ASN1_TYPE node.
- * @dst_name: Field name in destination node.
- * @src: Source ASN1_TYPE node.
- * @src_name: Field name in source node.
- *
- * Create a deep copy of a ASN1_TYPE variable.
- *
- * Return value: Return ASN1_SUCCESS on success.
- **/
-MHD__asn1_retCode
-MHD__asn1_copy_node (ASN1_TYPE dst, const char *dst_name,
- ASN1_TYPE src, const char *src_name)
-{
-/* FIXME: rewrite using copy_structure().
- * It seems quite hard to do.
- */
- int result;
- ASN1_TYPE dst_node;
- void *data = NULL;
- int size = 0;
-
- result = MHD__asn1_der_coding (src, src_name, NULL, &size, NULL);
- if (result != ASN1_MEM_ERROR)
- return result;
-
- data = MHD__asn1_malloc (size);
- if (data == NULL)
- return ASN1_MEM_ERROR;
-
- result = MHD__asn1_der_coding (src, src_name, data, &size, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD__asn1_free (data);
- return result;
- }
-
- dst_node = MHD__asn1_find_node (dst, dst_name);
- if (dst_node == NULL)
- {
- MHD__asn1_free (data);
- return ASN1_ELEMENT_NOT_FOUND;
- }
-
- result = MHD__asn1_der_decoding (&dst_node, data, size, NULL);
-
- MHD__asn1_free (data);
-
- return result;
-}
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
@@ -1,5 +1,9 @@
SUBDIRS = .
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon/ \
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c
@@ -28,30 +28,6 @@
#include <stdlib.h>
#include <gcrypt.h>
-#ifdef DEBUG
-
-
-void
-MHD__gnutls_print_state (MHD_gtls_session_t session)
-{
-
- MHD__gnutls_debug_log ("GNUTLS State:\n");
- MHD__gnutls_debug_log ("Connection End: %d\n",
- session->security_parameters.entity);
- MHD__gnutls_debug_log ("Cipher Algorithm: %d\n",
- session->security_parameters.
- read_bulk_cipher_algorithm);
- MHD__gnutls_debug_log ("MAC algorithm: %d\n",
- session->security_parameters.read_mac_algorithm);
- MHD__gnutls_debug_log ("Compression Algorithm: %d\n",
- session->security_parameters.
- read_compression_algorithm);
- MHD__gnutls_debug_log ("\n");
-
-}
-
-#endif
-
const char *
MHD__gnutls_packet2str (content_type_t packet)
{
diff --git a/src/daemon/https/tls/debug.h b/src/daemon/https/tls/debug.h
@@ -22,9 +22,6 @@
*
*/
-#ifdef DEBUG
-void MHD__gnutls_print_state (MHD_gtls_session_t session);
-#endif
const char *MHD__gnutls_packet2str (content_type_t packet);
const char *MHD__gnutls_handshake2str (MHD_gnutls_handshake_description_t
handshake);
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
@@ -1549,15 +1549,6 @@ MHD__gnutls_qsort (MHD_gtls_session_t session,
char *base = _base;
size_t snmemb = nmemb;
-#ifdef DEBUG
- if (size > MAX_ELEM_SIZE)
- {
- MHD_gnutls_assert ();
- MHD__gnutls_debug_log ("QSORT BUG\n");
- exit (1);
- }
-#endif
-
if (snmemb <= 1)
return;
pivot = MHD__gnutls_partition (session, _base, nmemb, size, compar);
diff --git a/src/daemon/https/tls/gnutls_errors.c b/src/daemon/https/tls/gnutls_errors.c
@@ -398,17 +398,3 @@ MHD_gtls_log (int level, const char *fmt, ...)
log_func (level, str);
}
-#ifndef DEBUG
-# ifndef C99_MACROS
-
-/* Without C99 macros these functions have to
- * be called. This may affect performance.
- */
-void
-MHD__gnutls_null_log (void *x, ...)
-{
- return;
-}
-
-# endif /* C99_MACROS */
-#endif /* DEBUG */
diff --git a/src/daemon/https/tls/gnutls_global.c b/src/daemon/https/tls/gnutls_global.c
@@ -145,15 +145,6 @@ MHD_gtls_global_set_mem_functions (MHD_gnutls_alloc_function alloc_func,
}
-#ifdef DEBUG
-static void
-MHD__gnutls_gcry_log_handler (void *dummy, int level,
- const char *fmt, va_list list)
-{
- MHD_gtls_log (level, fmt, list);
-}
-#endif
-
static int MHD__gnutls_init_level = 0;
/**
@@ -254,12 +245,6 @@ MHD__gnutls_global_init (void)
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
-#ifdef DEBUG
- /* applications may want to override that, so we only use
- * it in debugging mode.
- */
- gcry_set_log_handler (MHD__gnutls_gcry_log_handler, NULL);
-#endif
}
if (MHD_gc_init () != GC_OK)
@@ -269,10 +254,6 @@ MHD__gnutls_global_init (void)
return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY;
}
-#ifdef DEBUG
- MHD_gtls_global_set_log_function (MHD_tls_log_func);
-#endif
-
/* initialize parser
* This should not deal with files in the final
* version.
diff --git a/src/daemon/https/x509/Makefile.am b/src/daemon/https/x509/Makefile.am
@@ -1,3 +1,8 @@
+SUBDIRS = .
+
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
@@ -10,14 +15,11 @@ AM_CPPFLAGS = \
noinst_LTLIBRARIES = libx509.la
libx509_la_LDFLAGS = -lgcrypt
-# -l $(top_srcdir)/src/daemon/https/lgl/liblgl.la
libx509_la_SOURCES = \
common.c common.h \
-crq.c crq.h \
crl.c \
dn.c dn.h \
-dsa.c dsa.h \
extensions.c extensions.h \
mpi.c mpi.h \
pkcs12_encr.c pkcs12.h \
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
@@ -94,11 +94,6 @@ int MHD__gnutls_x509_read_value (ASN1_TYPE c, const char *root,
int MHD__gnutls_x509_write_value (ASN1_TYPE c, const char *root,
const MHD_gnutls_datum_t * data, int str);
-int MHD__gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE MHD__asn1_struct,
- const char *where,
- const void *data,
- int sizeof_data, int multi);
int MHD__gnutls_x509_decode_and_read_attribute (ASN1_TYPE MHD__asn1_struct,
const char *where, char *oid,
int oid_size,
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c
@@ -164,113 +164,6 @@ cleanup:
/**
- * MHD_gnutls_x509_crl_get_issuer_dn - This function returns the CRL's issuer distinguished name
- * @crl: should contain a MHD_gnutls_x509_crl_t structure
- * @buf: a pointer to a structure to hold the peer's name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will copy the name of the CRL issuer in the provided buffer. The name
- * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output
- * string will be ASCII or UTF-8 encoded, depending on the certificate data.
- *
- * If buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and
- * in that case the sizeof_buf will be updated with the required size, and
- * 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crl_get_issuer_dn (const MHD_gnutls_x509_crl_t crl, char *buf,
- size_t * sizeof_buf)
-{
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- buf, sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crl_get_issuer_dn_by_oid - This function returns the CRL's issuer distinguished name
- * @crl: should contain a MHD_gnutls_x509_crl_t structure
- * @oid: holds an Object Identified in null terminated string
- * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
- * @raw_flag: If non zero returns the raw DER data of the DN part.
- * @buf: a pointer to a structure to hold the peer's name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will extract the part of the name of the CRL issuer specified
- * by the given OID. The output will be encoded as described in RFC2253. The output
- * string will be ASCII or UTF-8 encoded, depending on the certificate data.
- *
- * Some helper macros with popular OIDs can be found in gnutls/x509.h
- * If raw flag is zero, this function will only return known OIDs as text. Other OIDs
- * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix.
- * You can check about known OIDs using MHD_gnutls_x509_dn_oid_known().
- *
- * If buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and
- * in that case the sizeof_buf will be updated with the required size,
- * and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
-{
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crl_get_dn_oid - This function returns the Certificate request issuer's distinguished name OIDs
- * @crl: should contain a MHD_gnutls_x509_crl_t structure
- * @indx: Specifies which DN OID to send. Use zero to get the first one.
- * @oid: a pointer to a structure to hold the name (may be null)
- * @sizeof_oid: initially holds the size of 'oid'
- *
- * This function will extract the requested OID of the name of the CRL issuer, specified
- * by the given index.
- *
- * If oid is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and
- * in that case the sizeof_oid will be updated with the required size.
- * On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crl_get_dn_oid (MHD_gnutls_x509_crl_t crl,
- int indx, void *oid, size_t * sizeof_oid)
-{
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_get_dn_oid (crl->crl,
- "tbsCertList.issuer.rdnSequence", indx,
- oid, sizeof_oid);
-}
-
-
-/**
* MHD_gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm
* @crl: should contain a MHD_gnutls_x509_crl_t structure
*
@@ -368,82 +261,6 @@ MHD_gnutls_x509_crl_get_signature (MHD_gnutls_x509_crl_t crl,
return 0;
}
-/**
- * MHD_gnutls_x509_crl_get_version - This function returns the CRL's version number
- * @crl: should contain a MHD_gnutls_x509_crl_t structure
- *
- * This function will return the version of the specified CRL.
- *
- * Returns a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_crl_get_version (MHD_gnutls_x509_crl_t crl)
-{
- opaque version[5];
- int len, result;
-
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- if ((result =
- MHD__asn1_read_value (crl->crl, "tbsCertList.version", version,
- &len)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return (int) version[0] + 1;
-}
-
-/**
- * MHD_gnutls_x509_crl_get_this_update - This function returns the CRL's thisUpdate time
- * @crl: should contain a MHD_gnutls_x509_crl_t structure
- *
- * This function will return the time this CRL was issued.
- *
- * Returns (time_t)-1 on error.
- *
- **/
-time_t
-MHD_gnutls_x509_crl_get_this_update (MHD_gnutls_x509_crl_t crl)
-{
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- return MHD__gnutls_x509_get_time (crl->crl, "tbsCertList.thisUpdate");
-}
-
-/**
- * MHD_gnutls_x509_crl_get_next_update - This function returns the CRL's nextUpdate time
- * @crl: should contain a MHD_gnutls_x509_crl_t structure
- *
- * This function will return the time the next CRL will be issued.
- * This field is optional in a CRL so it might be normal to get
- * an error instead.
- *
- * Returns (time_t)-1 on error.
- *
- **/
-time_t
-MHD_gnutls_x509_crl_get_next_update (MHD_gnutls_x509_crl_t crl)
-{
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return (time_t) - 1;
- }
-
- return MHD__gnutls_x509_get_time (crl->crl, "tbsCertList.nextUpdate");
-}
/**
* MHD_gnutls_x509_crl_get_crt_count - This function returns the number of revoked certificates in a CRL
@@ -617,95 +434,4 @@ cleanup:
return result;
}
-/**
- * MHD_gnutls_x509_crl_export - This function will export the CRL
- * @crl: Holds the revocation list
- * @format: the format of output params. One of PEM or DER.
- * @output_data: will contain a private key PEM or DER encoded
- * @output_data_size: holds the size of output_data (and will be replaced by the actual size of parameters)
- *
- * This function will export the revocation list to DER or PEM format.
- *
- * If the buffer provided is not long enough to hold the output, then
- * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
- *
- * If the structure is PEM encoded, it will have a header
- * of "BEGIN X509 CRL".
- *
- * Returns 0 on success, and a negative value on failure.
- *
- **/
-int
-MHD_gnutls_x509_crl_export (MHD_gnutls_x509_crl_t crl,
- MHD_gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size)
-{
- if (crl == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_export_int (crl->crl, format, PEM_CRL,
- output_data, output_data_size);
-}
-
-/*-
- * MHD__gnutls_x509_crl_cpy - This function copies a MHD_gnutls_x509_crl_t structure
- * @dest: The structure where to copy
- * @src: The structure to be copied
- *
- * This function will copy an X.509 certificate structure.
- *
- * Returns 0 on success.
- *
- -*/
-int
-MHD__gnutls_x509_crl_cpy (MHD_gnutls_x509_crl_t dest,
- MHD_gnutls_x509_crl_t src)
-{
- int ret;
- size_t der_size;
- opaque *der;
- MHD_gnutls_datum_t tmp;
-
- ret =
- MHD_gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
- if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- der = MHD_gnutls_alloca (der_size);
- if (der == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- ret = MHD_gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_afree (der);
- return ret;
- }
-
- tmp.data = der;
- tmp.size = der_size;
- ret = MHD_gnutls_x509_crl_import (dest, &tmp, GNUTLS_X509_FMT_DER);
-
- MHD_gnutls_afree (der);
-
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return 0;
-
-}
-
#endif
diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c
@@ -1,898 +0,0 @@
-/*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains functions to handle PKCS #10 certificate requests.
- */
-
-#include <gnutls_int.h>
-
-#ifdef ENABLE_PKI
-
-#include <gnutls_datum.h>
-#include <gnutls_global.h>
-#include <gnutls_errors.h>
-#include <common.h>
-#include <gnutls_x509.h>
-#include <x509_b64.h>
-#include <crq.h>
-#include <dn.h>
-#include <mpi.h>
-#include <sign.h>
-#include <extensions.h>
-#include <libtasn1.h>
-
-/**
- * MHD_gnutls_x509_crq_init - This function initializes a MHD_gnutls_x509_crq_t structure
- * @crq: The structure to be initialized
- *
- * This function will initialize a PKCS10 certificate request structure.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_init (MHD_gnutls_x509_crq_t * crq)
-{
- *crq = MHD_gnutls_calloc (1, sizeof (MHD_gnutls_x509_crq_int));
-
- if (*crq)
- {
- int result = MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.pkcs-10-CertificationRequest",
- &((*crq)->crq));
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD_gnutls_free (*crq);
- return MHD_gtls_asn2err (result);
- }
- return 0; /* success */
- }
- return GNUTLS_E_MEMORY_ERROR;
-}
-
-/**
- * MHD_gnutls_x509_crq_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crq_t structure
- * @crq: The structure to be initialized
- *
- * This function will deinitialize a CRL structure.
- *
- **/
-void
-MHD_gnutls_x509_crq_deinit (MHD_gnutls_x509_crq_t crq)
-{
- if (!crq)
- return;
-
- if (crq->crq)
- MHD__asn1_delete_structure (&crq->crq);
-
- MHD_gnutls_free (crq);
-}
-
-#define PEM_CRQ "NEW CERTIFICATE REQUEST"
-#define PEM_CRQ2 "CERTIFICATE REQUEST"
-
-/**
- * MHD_gnutls_x509_crq_import - This function will import a DER or PEM encoded Certificate request
- * @crq: The structure to store the parsed certificate request.
- * @data: The DER or PEM encoded certificate.
- * @format: One of DER or PEM
- *
- * This function will convert the given DER or PEM encoded Certificate
- * to the native MHD_gnutls_x509_crq_t format. The output will be stored in @cert.
- *
- * If the Certificate is PEM encoded it should have a header of "NEW CERTIFICATE REQUEST".
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_import (MHD_gnutls_x509_crq_t crq,
- const MHD_gnutls_datum_t * data,
- MHD_gnutls_x509_crt_fmt_t format)
-{
- int result = 0, need_free = 0;
- MHD_gnutls_datum_t _data;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM)
- {
- opaque *out;
-
- /* Try the first header */
- result =
- MHD__gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &out);
-
- if (result <= 0) /* Go for the second header */
- result =
- MHD__gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out);
-
- if (result <= 0)
- {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- MHD_gnutls_assert ();
- return result;
- }
-
- _data.data = out;
- _data.size = result;
-
- need_free = 1;
- }
-
- result = MHD__asn1_der_decoding (&crq->crq, _data.data, _data.size, NULL);
- if (result != ASN1_SUCCESS)
- {
- result = MHD_gtls_asn2err (result);
- MHD_gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
- if (need_free)
- MHD__gnutls_free_datum (&_data);
- return result;
-}
-
-
-
-/**
- * MHD_gnutls_x509_crq_get_dn - This function returns the Certificate request subject's distinguished name
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will copy the name of the Certificate request
- * subject in the provided buffer. The name will be in the form
- * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
- * will be ASCII or UTF-8 encoded, depending on the certificate data.
- *
- * If @buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_dn (MHD_gnutls_x509_crq_t crq, char *buf,
- size_t * sizeof_buf)
-{
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- buf, sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crq_get_dn_by_oid - This function returns the Certificate request subject's distinguished name
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @oid: holds an Object Identified in null terminated string
- * @indx: In case multiple same OIDs exist in the RDN, this specifies
- * which to send. Use zero to get the first one.
- * @raw_flag: If non zero returns the raw DER data of the DN part.
- * @buf: a pointer to a structure to hold the name (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will extract the part of the name of the Certificate
- * request subject, specified by the given OID. The output will be
- * encoded as described in RFC2253. The output string will be ASCII
- * or UTF-8 encoded, depending on the certificate data.
- *
- * Some helper macros with popular OIDs can be found in gnutls/x509.h
- * If raw flag is zero, this function will only return known OIDs as
- * text. Other OIDs will be DER encoded, as described in RFC2253 --
- * in hex format with a '\#' prefix. You can check about known OIDs
- * using MHD_gnutls_x509_dn_oid_known().
- *
- * If @buf is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_buf will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_dn_by_oid (MHD_gnutls_x509_crq_t crq, const char *oid,
- int indx, unsigned int raw_flag,
- void *buf, size_t * sizeof_buf)
-{
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_parse_dn_oid (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- oid, indx, raw_flag, buf, sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crq_get_dn_oid - This function returns the Certificate request subject's distinguished name OIDs
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @indx: Specifies which DN OID to send. Use zero to get the first one.
- * @oid: a pointer to a structure to hold the name (may be null)
- * @sizeof_oid: initially holds the size of @oid
- *
- * This function will extract the requested OID of the name of the
- * Certificate request subject, specified by the given index.
- *
- * If oid is null then only the size will be filled.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
- * long enough, and in that case the *sizeof_oid will be updated with
- * the required size. On success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_dn_oid (MHD_gnutls_x509_crq_t crq,
- int indx, void *oid, size_t * sizeof_oid)
-{
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_get_dn_oid (crq->crq,
- "certificationRequestInfo.subject.rdnSequence",
- indx, oid, sizeof_oid);
-}
-
-/* Parses an Attribute list in the MHD__asn1_struct, and searches for the
- * given OID. The index indicates the attribute value to be returned.
- *
- * If raw==0 only printable data are returned, or GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE.
- *
- * MHD__asn1_attr_name must be a string in the form "certificationRequestInfo.attributes"
- *
- */
-static int
-parse_attribute (ASN1_TYPE MHD__asn1_struct,
- const char *attr_name, const char *given_oid, int indx,
- int raw, char *buf, size_t * sizeof_buf)
-{
- int k1, result;
- char tmpbuffer1[MAX_NAME_SIZE];
- char tmpbuffer3[MAX_NAME_SIZE];
- char value[200];
- char oid[128];
- int len, printable;
-
- if (*sizeof_buf == 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- buf[0] = 0;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "attribute.?1"
- */
- if (attr_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result =
- MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- MHD_gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- /* Move to the attibute type and values
- */
- /* Read the OID
- */
- MHD_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
- MHD_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result = MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- if (strcmp (oid, given_oid) == 0)
- { /* Found the OID */
-
- /* Read the Value
- */
- snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
- tmpbuffer1, indx + 1);
-
- len = sizeof (value) - 1;
- result =
- MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer3, value, &len);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- if (raw == 0)
- {
- printable = MHD__gnutls_x509_oid_data_printable (oid);
- if (printable == 1)
- {
- if ((result =
- MHD__gnutls_x509_oid_data2string
- (oid, value, len, buf, sizeof_buf)) < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
- return 0;
- }
- else
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
- }
- }
- else
- { /* raw!=0 */
- if (*sizeof_buf > (size_t) len)
- {
- *sizeof_buf = len;
- memcpy (buf, value, len);
-
- return 0;
- }
- else
- {
- *sizeof_buf = len;
- MHD_gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
- }
- }
-
- }
- while (1);
-
- MHD_gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
-}
-
-/**
- * MHD_gnutls_x509_crq_get_challenge_password - This function will get the challenge password
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @pass: will hold a null terminated password
- * @sizeof_pass: Initially holds the size of @pass.
- *
- * This function will return the challenge password in the
- * request.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_challenge_password (MHD_gnutls_x509_crq_t crq,
- char *pass, size_t * sizeof_pass)
-{
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass);
-}
-
-/**
- * MHD_gnutls_x509_crq_set_attribute_by_oid - This function will set an attribute in the request
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @oid: holds an Object Identified in null terminated string
- * @buf: a pointer to a structure that holds the attribute data
- * @sizeof_buf: holds the size of @buf
- *
- * This function will set the attribute in the certificate request specified
- * by the given Object ID. The attribute must be be DER encoded.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_set_attribute_by_oid (MHD_gnutls_x509_crq_t crq,
- const char *oid, void *buf,
- size_t sizeof_buf)
-{
- int result;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Add the attribute.
- */
- result =
- MHD__asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
- "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__gnutls_x509_encode_and_write_attribute (oid,
- crq->crq,
- "certificationRequestInfo.attributes.?LAST",
- buf, sizeof_buf, 1);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @oid: holds an Object Identified in null terminated string
- * @indx: In case multiple same OIDs exist in the attribute list, this specifies
- * which to send. Use zero to get the first one.
- * @buf: a pointer to a structure to hold the attribute data (may be null)
- * @sizeof_buf: initially holds the size of @buf
- *
- * This function will return the attribute in the certificate request specified
- * by the given Object ID. The attribute will be DER encoded.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_attribute_by_oid (MHD_gnutls_x509_crq_t crq,
- const char *oid, int indx,
- void *buf, size_t * sizeof_buf)
-{
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return parse_attribute (crq->crq, "certificationRequestInfo.attributes",
- oid, indx, 1, buf, sizeof_buf);
-}
-
-/**
- * MHD_gnutls_x509_crq_set_dn_by_oid - This function will set the Certificate request subject's distinguished name
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @oid: holds an Object Identifier in a null terminated string
- * @raw_flag: must be 0, or 1 if the data are DER encoded
- * @data: a pointer to the input data
- * @sizeof_data: holds the size of @data
- *
- * This function will set the part of the name of the Certificate request subject, specified
- * by the given OID. The input string should be ASCII or UTF-8 encoded.
- *
- * Some helper macros with popular OIDs can be found in gnutls/x509.h
- * With this function you can only set the known OIDs. You can test
- * for known OIDs using MHD_gnutls_x509_dn_oid_known(). For OIDs that are
- * not known (by gnutls) you should properly DER encode your data, and
- * call this function with raw_flag set.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_set_dn_by_oid (MHD_gnutls_x509_crq_t crq, const char *oid,
- unsigned int raw_flag, const void *data,
- unsigned int sizeof_data)
-{
- if (sizeof_data == 0 || data == NULL || crq == NULL)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_set_dn_oid (crq->crq,
- "certificationRequestInfo.subject", oid,
- raw_flag, data, sizeof_data);
-}
-
-/**
- * MHD_gnutls_x509_crq_set_version - This function will set the Certificate request version
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @version: holds the version number. For v1 Requests must be 1.
- *
- * This function will set the version of the certificate request. For
- * version 1 requests this must be one.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_set_version (MHD_gnutls_x509_crq_t crq,
- unsigned int version)
-{
- int result;
- unsigned char null = version;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (null > 0)
- null--;
-
- result =
- MHD__asn1_write_value (crq->crq, "certificationRequestInfo.version",
- &null, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crq_get_version - This function returns the Certificate request's version number
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- *
- * This function will return the version of the specified Certificate request.
- *
- * Returns a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_version (MHD_gnutls_x509_crq_t crq)
-{
- opaque version[5];
- int len, result;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- len = sizeof (version);
- if ((result =
- MHD__asn1_read_value (crq->crq, "certificationRequestInfo.version",
- version, &len)) != ASN1_SUCCESS)
- {
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- return 1; /* the DEFAULT version */
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return (int) version[0] + 1;
-}
-
-/**
- * MHD_gnutls_x509_crq_set_key - This function will associate the Certificate request with a key
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @key: holds a private key
- *
- * This function will set the public parameters from the given private key to the
- * request. Only RSA keys are currently supported.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_set_key (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_privkey_t key)
-{
- int result;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = MHD__gnutls_x509_encode_and_copy_PKI_params (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- key->pk_algorithm,
- key->params,
- key->params_size);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crq_set_challenge_password - This function will set a challenge password
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @pass: holds a null terminated password
- *
- * This function will set a challenge password to be used when revoking the request.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_set_challenge_password (MHD_gnutls_x509_crq_t crq,
- const char *pass)
-{
- int result;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Add the attribute.
- */
- result =
- MHD__asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
- "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__gnutls_x509_encode_and_write_attribute ("1.2.840.113549.1.9.7",
- crq->crq,
- "certificationRequestInfo.attributes.?LAST",
- pass, strlen (pass), 1);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crq_sign2 - This function will sign a Certificate request with a key
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @key: holds a private key
- * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
- * @flags: must be 0
- *
- * This function will sign the certificate request with a private key.
- * This must be the same key as the one used in MHD_gnutls_x509_crt_set_key() since a
- * certificate request is self signed.
- *
- * This must be the last step in a certificate request generation since all
- * the previously set parameters are now signed.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_sign2 (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_privkey_t key,
- enum MHD_GNUTLS_HashAlgorithm dig,
- unsigned int flags)
-{
- int result;
- MHD_gnutls_datum_t signature;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* Step 1. Self sign the request.
- */
- result =
- MHD__gnutls_x509_sign_tbs (crq->crq, "certificationRequestInfo",
- dig, key, &signature);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- /* Step 2. write the signature (bits)
- */
- result =
- MHD__asn1_write_value (crq->crq, "signature", signature.data,
- signature.size * 8);
-
- MHD__gnutls_free_datum (&signature);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- /* Step 3. Write the signatureAlgorithm field.
- */
- result = MHD__gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm",
- key->pk_algorithm, dig,
- key->params, key->params_size);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_crq_sign - This function will sign a Certificate request with a key
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @key: holds a private key
- *
- * This function is the same a MHD_gnutls_x509_crq_sign2() with no flags, and
- * SHA1 as the hash algorithm.
- *
- * Returns 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_sign (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_privkey_t key)
-{
- return MHD_gnutls_x509_crq_sign2 (crq, key, MHD_GNUTLS_MAC_SHA1, 0);
-}
-
-/**
- * MHD_gnutls_x509_crq_export - Export the generated certificate request
- * @crq: Holds the request
- * @format: the format of output params. One of PEM or DER.
- * @output_data: will contain a certificate request PEM or DER encoded
- * @output_data_size: holds the size of output_data (and will be
- * replaced by the actual size of parameters)
- *
- * This function will export the certificate request to a PKCS10
- *
- * If the buffer provided is not long enough to hold the output, then
- * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and
- * *output_data_size will be updated.
- *
- * If the structure is PEM encoded, it will have a header of "BEGIN
- * NEW CERTIFICATE REQUEST".
- *
- * Return value: In case of failure a negative value will be
- * returned, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_crq_export (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size)
-{
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return MHD__gnutls_x509_export_int (crq->crq, format, PEM_CRQ,
- output_data, output_data_size);
-}
-
-/**
- * MHD_gnutls_x509_crq_get_pk_algorithm - This function returns the certificate request's PublicKey algorithm
- * @crq: should contain a MHD_gnutls_x509_crq_t structure
- * @bits: if bits is non null it will hold the size of the parameters' in bits
- *
- * This function will return the public key algorithm of a PKCS \#10
- * certificate request.
- *
- * If bits is non null, it should have enough size to hold the parameters
- * size in bits. For RSA the bits returned is the modulus.
- * For DSA the bits returned are of the public
- * exponent.
- *
- * Returns a member of the enum MHD_GNUTLS_PublicKeyAlgorithm enumeration on success,
- * or a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_crq_get_pk_algorithm (MHD_gnutls_x509_crq_t crq,
- unsigned int *bits)
-{
- int result;
-
- if (crq == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- MHD__gnutls_x509_get_pk_algorithm (crq->crq,
- "certificationRequestInfo.subjectPKInfo",
- bits);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- }
-
- return result;
-}
-
-#endif /* ENABLE_PKI */
diff --git a/src/daemon/https/x509/crq.h b/src/daemon/https/x509/crq.h
@@ -1,30 +0,0 @@
-/*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-#include <x509.h>
-
-typedef struct MHD_gnutls_x509_crq_int
-{
- ASN1_TYPE crq;
-} MHD_gnutls_x509_crq_int;
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c
@@ -518,618 +518,6 @@ cleanup:
return result;
}
-
-/* Parses an X509 DN in the MHD__asn1_struct, and returns the requested
- * DN OID.
- *
- * MHD__asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
- * That is to point in the rndSequence.
- *
- * indx specifies which OID to return. Ie 0 means return the first specified
- * OID found, 1 the second etc.
- */
-int
-MHD__gnutls_x509_get_dn_oid (ASN1_TYPE MHD__asn1_struct,
- const char *MHD__asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid)
-{
- int k2, k1, result;
- char tmpbuffer1[MAX_NAME_SIZE];
- char tmpbuffer2[MAX_NAME_SIZE];
- char tmpbuffer3[MAX_NAME_SIZE];
- char value[256];
- char oid[128];
- int len;
- int i = 0;
-
- k1 = 0;
- do
- {
-
- k1++;
- /* create a string like "tbsCertList.issuer.rdnSequence.?1"
- */
- if (MHD__asn1_rdn_name[0] != 0)
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u",
- MHD__asn1_rdn_name, k1);
- else
- snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
-
- len = sizeof (value) - 1;
- result =
- MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer1, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- MHD_gnutls_assert ();
- break;
- }
-
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- k2 = 0;
-
- do
- { /* Move to the attibute type and values
- */
- k2++;
-
- if (tmpbuffer1[0] != 0)
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
- k2);
- else
- snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
-
- /* Try to read the RelativeDistinguishedName attributes.
- */
-
- len = sizeof (value) - 1;
- result =
- MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer2, value, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- {
- break;
- }
- if (result != ASN1_VALUE_NOT_FOUND)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- /* Read the OID
- */
- MHD_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
- MHD_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
-
- len = sizeof (oid) - 1;
- result =
- MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer3, oid, &len);
-
- if (result == ASN1_ELEMENT_NOT_FOUND)
- break;
- else if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- goto cleanup;
- }
-
- if (indx == i++)
- { /* Found the OID */
-
- len = strlen (oid) + 1;
-
- if (*sizeof_oid < (unsigned) len)
- {
- *sizeof_oid = len;
- MHD_gnutls_assert ();
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- memcpy (_oid, oid, len);
- *sizeof_oid = len - 1;
-
- return 0;
- }
- }
- while (1);
-
- }
- while (1);
-
- MHD_gnutls_assert ();
-
- result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
-
-cleanup:
- return result;
-}
-
-/* This will encode and write the AttributeTypeAndValue field.
- * 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute.
- * In all cases only one value is written.
- */
-int
-MHD__gnutls_x509_encode_and_write_attribute (const char *given_oid,
- ASN1_TYPE MHD__asn1_struct,
- const char *where,
- const void *_data,
- int sizeof_data, int multi)
-{
- const char *val_name;
- const opaque *data = _data;
- char tmp[128];
- ASN1_TYPE c2;
- int result;
-
-
- /* Find how to encode the data.
- */
- val_name =
- MHD__asn1_find_structure_from_oid (MHD__gnutls_get_pkix (), given_oid);
- if (val_name == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_X509_UNSUPPORTED_OID;
- }
-
- MHD_gtls_str_cpy (tmp, sizeof (tmp), "PKIX1.");
- MHD_gtls_str_cat (tmp, sizeof (tmp), val_name);
-
- result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), tmp, &c2);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- tmp[0] = 0;
-
- if ((result = MHD__gnutls_x509_oid_data_choice (given_oid)) > 0)
- {
- char *string_type;
- int i;
-
- string_type = "printableString";
-
- /* Check if the data is plain ascii, and use
- * the UTF8 string type if not.
- */
- for (i = 0; i < sizeof_data; i++)
- {
- if (!isascii (data[i]))
- {
- string_type = "utf8String";
- break;
- }
- }
-
- /* if the type is a CHOICE then write the
- * type we'll use.
- */
- result = MHD__asn1_write_value (c2, "", string_type, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
-
- MHD_gtls_str_cpy (tmp, sizeof (tmp), string_type);
- }
-
- result = MHD__asn1_write_value (c2, tmp, data, sizeof_data);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&c2);
- return MHD_gtls_asn2err (result);
- }
-
-
- /* write the data (value)
- */
-
- MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".value");
-
- if (multi != 0)
- { /* if not writing an AttributeTypeAndValue, but an Attribute */
- MHD_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */
-
- result = MHD__asn1_write_value (MHD__asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".?LAST");
-
- }
-
- result =
- MHD__gnutls_x509_der_encode_and_copy (c2, "", MHD__asn1_struct, tmp, 0);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- /* write the type
- */
- MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".type");
-
- result = MHD__asn1_write_value (MHD__asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
-
-/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
- * In all cases only one value is written.
- */
-static int
-MHD__gnutls_x509_write_attribute (const char *given_oid,
- ASN1_TYPE MHD__asn1_struct,
- const char *where, const void *_data,
- int sizeof_data)
-{
- char tmp[128];
- int result;
-
- /* write the data (value)
- */
-
- MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".value");
-
- result = MHD__asn1_write_value (MHD__asn1_struct, tmp, _data, sizeof_data);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- /* write the type
- */
- MHD_gtls_str_cpy (tmp, sizeof (tmp), where);
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".type");
-
- result = MHD__asn1_write_value (MHD__asn1_struct, tmp, given_oid, 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- return 0;
-}
-
-
-/* Decodes an X.509 Attribute (if multi==1) or an AttributeTypeAndValue
- * otherwise.
- *
- * octet_string should be non zero if we are to decode octet strings after
- * decoding.
- *
- * The output is allocated and stored in value.
- */
-int
-MHD__gnutls_x509_decode_and_read_attribute (ASN1_TYPE MHD__asn1_struct,
- const char *where, char *oid,
- int oid_size,
- MHD_gnutls_datum_t * value,
- int multi, int octet_string)
-{
- char tmpbuffer[128];
- int len, result;
-
- /* Read the OID
- */
- MHD_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
- MHD_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
-
- len = oid_size - 1;
- result = MHD__asn1_read_value (MHD__asn1_struct, tmpbuffer, oid, &len);
-
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- result = MHD_gtls_asn2err (result);
- return result;
- }
-
- /* Read the Value
- */
-
- MHD_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
- MHD_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
-
- if (multi)
- MHD_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
-
- result =
- MHD__gnutls_x509_read_value (MHD__asn1_struct, tmpbuffer, value,
- octet_string);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-
-}
-
-/* Sets an X509 DN in the MHD__asn1_struct, and puts the given OID in the DN.
- * The input is assumed to be raw data.
- *
- * MHD__asn1_rdn_name must be a string in the form "tbsCertificate.issuer".
- * That is to point before the rndSequence.
- *
- */
-int
-MHD__gnutls_x509_set_dn_oid (ASN1_TYPE MHD__asn1_struct,
- const char *MHD__asn1_name,
- const char *given_oid, int raw_flag,
- const char *name, int sizeof_name)
-{
- int result;
- char tmp[MAX_NAME_SIZE], MHD__asn1_rdn_name[MAX_NAME_SIZE];
-
- if (sizeof_name == 0 || name == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- /* create the rdnSequence
- */
- result =
- MHD__asn1_write_value (MHD__asn1_struct, MHD__asn1_name, "rdnSequence",
- 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- MHD_gtls_str_cpy (MHD__asn1_rdn_name, sizeof (MHD__asn1_rdn_name),
- MHD__asn1_name);
- MHD_gtls_str_cat (MHD__asn1_rdn_name, sizeof (MHD__asn1_rdn_name),
- ".rdnSequence");
-
- /* create a new element
- */
- result =
- MHD__asn1_write_value (MHD__asn1_struct, MHD__asn1_rdn_name, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- MHD_gtls_str_cpy (tmp, sizeof (tmp), MHD__asn1_rdn_name);
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".?LAST");
-
- /* create the set with only one element
- */
- result = MHD__asn1_write_value (MHD__asn1_struct, tmp, "NEW", 1);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
-
- /* Encode and write the data
- */
- MHD_gtls_str_cpy (tmp, sizeof (tmp), MHD__asn1_rdn_name);
- MHD_gtls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST");
-
- if (!raw_flag)
- {
- result =
- MHD__gnutls_x509_encode_and_write_attribute (given_oid,
- MHD__asn1_struct,
- tmp, name, sizeof_name,
- 0);
- }
- else
- {
- result =
- MHD__gnutls_x509_write_attribute (given_oid, MHD__asn1_struct,
- tmp, name, sizeof_name);
- }
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-
-/**
- * MHD_gnutls_x509_rdn_get - This function parses an RDN sequence and returns a string
- * @idn: should contain a DER encoded RDN sequence
- * @buf: a pointer to a structure to hold the peer's name
- * @sizeof_buf: holds the size of @buf
- *
- * This function will return the name of the given RDN sequence. The
- * name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
- * RFC2253.
- *
- * If the provided buffer is not long enough, returns
- * GNUTLS_E_SHORT_MEMORY_BUFFER and *sizeof_buf will be updated. On
- * success 0 is returned.
- *
- **/
-int
-MHD_gnutls_x509_rdn_get (const MHD_gnutls_datum_t * idn,
- char *buf, size_t * sizeof_buf)
-{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
-
- if (sizeof_buf == 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (buf)
- buf[0] = 0;
-
-
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&dn);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_parse_dn (dn, "rdnSequence", buf, sizeof_buf);
-
- MHD__asn1_delete_structure (&dn);
- return result;
-
-}
-
-/**
- * MHD_gnutls_x509_rdn_get_by_oid - This function parses an RDN sequence and returns a string
- * @idn: should contain a DER encoded RDN sequence
- * @oid: an Object Identifier
- * @indx: In case multiple same OIDs exist in the RDN indicates which
- * to send. Use 0 for the first one.
- * @raw_flag: If non zero then the raw DER data are returned.
- * @buf: a pointer to a structure to hold the peer's name
- * @sizeof_buf: holds the size of @buf
- *
- * This function will return the name of the given Object identifier,
- * of the RDN sequence. The name will be encoded using the rules
- * from RFC2253.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
- * the provided buffer is not long enough, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_rdn_get_by_oid (const MHD_gnutls_datum_t * idn,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf)
-{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
-
- if (sizeof_buf == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&dn);
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
- raw_flag, buf, sizeof_buf);
-
- MHD__asn1_delete_structure (&dn);
- return result;
-
-}
-
-/**
- * MHD_gnutls_x509_rdn_get_oid - This function parses an RDN sequence and returns an OID.
- * @idn: should contain a DER encoded RDN sequence
- * @indx: Indicates which OID to return. Use 0 for the first one.
- * @oid: a pointer to a structure to hold the peer's name OID
- * @sizeof_oid: holds the size of @oid
- *
- * This function will return the specified Object identifier, of the
- * RDN sequence.
- *
- * Returns GNUTLS_E_SHORT_MEMORY_BUFFER and updates *sizeof_buf if
- * the provided buffer is not long enough, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_rdn_get_oid (const MHD_gnutls_datum_t * idn,
- int indx, void *buf, size_t * sizeof_buf)
-{
- int result;
- ASN1_TYPE dn = ASN1_TYPE_EMPTY;
-
- if (sizeof_buf == 0)
- {
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_get_pkix (),
- "PKIX1.Name", &dn)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__asn1_der_decoding (&dn, idn->data, idn->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- /* couldn't decode DER */
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&dn);
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, sizeof_buf);
-
- MHD__asn1_delete_structure (&dn);
- return result;
-
-}
-
/*
* Compares the DER encoded part of a DN.
*
diff --git a/src/daemon/https/x509/dn.h b/src/daemon/https/x509/dn.h
@@ -47,14 +47,6 @@ int MHD__gnutls_x509_parse_dn_oid (ASN1_TYPE MHD__asn1_struct,
unsigned int raw_flag, void *buf,
size_t * sizeof_buf);
-int MHD__gnutls_x509_set_dn_oid (ASN1_TYPE MHD__asn1_struct,
- const char *MHD__asn1_rdn_name,
- const char *oid, int raw_flag,
- const char *name, int sizeof_name);
-
-int MHD__gnutls_x509_get_dn_oid (ASN1_TYPE MHD__asn1_struct,
- const char *MHD__asn1_rdn_name,
- int indx, void *_oid, size_t * sizeof_oid);
#endif
diff --git a/src/daemon/https/x509/dsa.c b/src/daemon/https/x509/dsa.c
@@ -1,142 +0,0 @@
-/*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-/* This file contains code for DSA keys.
- */
-
-#include <gnutls_int.h>
-#include <gnutls_errors.h>
-#include <gnutls_datum.h>
-#include <debug.h>
-
-/* resarr will contain: p(0), q(1), g(2), y(3), x(4).
- */
-int
-MHD__gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
-{
-
- int ret;
- gcry_sexp_t parms, key, list;
-
- /* FIXME: Remove me once we depend on 1.3.1 */
- if (bits > 1024 && gcry_check_version ("1.3.1") == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (bits < 512)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
- if (ret != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the DSA key
- */
- ret = gcry_pk_genkey (&key, parms);
- gcry_sexp_release (parms);
-
- if (ret != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- list = gcry_sexp_find_token (key, "p", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "q", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "g", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "y", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- list = gcry_sexp_find_token (key, "x", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- gcry_sexp_release (key);
-
- MHD__gnutls_dump_mpi ("p: ", resarr[0]);
- MHD__gnutls_dump_mpi ("q: ", resarr[1]);
- MHD__gnutls_dump_mpi ("g: ", resarr[2]);
- MHD__gnutls_dump_mpi ("y: ", resarr[3]);
- MHD__gnutls_dump_mpi ("x: ", resarr[4]);
-
- *resarr_len = 5;
-
- return 0;
-
-}
diff --git a/src/daemon/https/x509/dsa.h b/src/daemon/https/x509/dsa.h
@@ -1,26 +0,0 @@
-/*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-int MHD__gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len,
- int bits);
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
@@ -225,19 +225,6 @@ extern "C"
int MHD_gnutls_x509_crt_get_raw_dn (MHD_gnutls_x509_crt_t cert,
MHD_gnutls_datum_t * start);
-/* RDN handling.
- */
- int MHD_gnutls_x509_rdn_get (const MHD_gnutls_datum_t * idn,
- char *buf, size_t * sizeof_buf);
- int MHD_gnutls_x509_rdn_get_oid (const MHD_gnutls_datum_t * idn,
- int indx, void *buf, size_t * sizeof_buf);
-
- int MHD_gnutls_x509_rdn_get_by_oid (const MHD_gnutls_datum_t * idn,
- const char *oid,
- int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
-
typedef void *MHD_gnutls_x509_dn_t;
typedef struct MHD_gnutls_x509_ava_st
@@ -254,31 +241,9 @@ extern "C"
int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl);
void MHD_gnutls_x509_crl_deinit (MHD_gnutls_x509_crl_t crl);
- int MHD_gnutls_x509_crl_import (MHD_gnutls_x509_crl_t crl,
- const MHD_gnutls_datum_t * data,
- MHD_gnutls_x509_crt_fmt_t format);
- int MHD_gnutls_x509_crl_export (MHD_gnutls_x509_crl_t crl,
- MHD_gnutls_x509_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
-
- int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl,
- const char *oid,
- int indx,
- unsigned int raw_flag,
- void *buf,
- size_t * sizeof_buf);
- int MHD_gnutls_x509_crl_get_dn_oid (MHD_gnutls_x509_crl_t crl, int indx,
- void *oid, size_t * sizeof_oid);
-
int MHD_gnutls_x509_crl_get_signature_algorithm (MHD_gnutls_x509_crl_t crl);
int MHD_gnutls_x509_crl_get_signature (MHD_gnutls_x509_crl_t crl,
char *sig, size_t * sizeof_sig);
- int MHD_gnutls_x509_crl_get_version (MHD_gnutls_x509_crl_t crl);
-
- time_t MHD_gnutls_x509_crl_get_this_update (MHD_gnutls_x509_crl_t crl);
- time_t MHD_gnutls_x509_crl_get_next_update (MHD_gnutls_x509_crl_t crl);
-
int MHD_gnutls_x509_crl_get_crt_count (MHD_gnutls_x509_crl_t crl);
int MHD_gnutls_x509_crl_get_crt_serial (MHD_gnutls_x509_crl_t crl,
int indx,
@@ -494,66 +459,6 @@ extern "C"
const MHD_gnutls_datum_t *
signature);
-/* Certificate request stuff.
- */
- struct MHD_gnutls_x509_crq_int;
- typedef struct MHD_gnutls_x509_crq_int *MHD_gnutls_x509_crq_t;
-
- int MHD_gnutls_x509_crq_init (MHD_gnutls_x509_crq_t * crq);
- void MHD_gnutls_x509_crq_deinit (MHD_gnutls_x509_crq_t crq);
- int MHD_gnutls_x509_crq_import (MHD_gnutls_x509_crq_t crq,
- const MHD_gnutls_datum_t * data,
- MHD_gnutls_x509_crt_fmt_t format);
- int MHD_gnutls_x509_crq_get_pk_algorithm (MHD_gnutls_x509_crq_t crq,
- unsigned int *bits);
- int MHD_gnutls_x509_crq_get_dn (MHD_gnutls_x509_crq_t crq,
- char *buf, size_t * sizeof_buf);
- int MHD_gnutls_x509_crq_get_dn_oid (MHD_gnutls_x509_crq_t crq,
- int indx, void *oid,
- size_t * sizeof_oid);
- int MHD_gnutls_x509_crq_get_dn_by_oid (MHD_gnutls_x509_crq_t crq,
- const char *oid, int indx,
- unsigned int raw_flag, void *buf,
- size_t * sizeof_buf);
- int MHD_gnutls_x509_crq_set_dn_by_oid (MHD_gnutls_x509_crq_t crq,
- const char *oid,
- unsigned int raw_flag,
- const void *name,
- unsigned int sizeof_name);
- int MHD_gnutls_x509_crq_set_version (MHD_gnutls_x509_crq_t crq,
- unsigned int version);
- int MHD_gnutls_x509_crq_set_key (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_privkey_t key);
- int MHD_gnutls_x509_crq_sign2 (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_privkey_t key,
- enum MHD_GNUTLS_HashAlgorithm,
- unsigned int flags);
- int MHD_gnutls_x509_crq_sign (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_privkey_t key);
-
- int MHD_gnutls_x509_crq_set_challenge_password (MHD_gnutls_x509_crq_t crq,
- const char *pass);
- int MHD_gnutls_x509_crq_get_challenge_password (MHD_gnutls_x509_crq_t crq,
- char *pass,
- size_t * sizeof_pass);
-
- int MHD_gnutls_x509_crq_set_attribute_by_oid (MHD_gnutls_x509_crq_t crq,
- const char *oid,
- void *buf, size_t sizeof_buf);
- int MHD_gnutls_x509_crq_get_attribute_by_oid (MHD_gnutls_x509_crq_t crq,
- const char *oid,
- int indx,
- void *buf,
- size_t * sizeof_buf);
-
- int MHD_gnutls_x509_crq_export (MHD_gnutls_x509_crq_t crq,
- MHD_gnutls_x509_crt_fmt_t format,
- void *output_data,
- size_t * output_data_size);
-
- int MHD_gnutls_x509_crt_set_crq (MHD_gnutls_x509_crt_t crt,
- MHD_gnutls_x509_crq_t crq);
-
#ifdef __cplusplus
}
#endif
@@ -625,11 +530,6 @@ typedef struct MHD_gtls_x509_privkey_int
ASN1_TYPE key;
} MHD_gnutls_x509_privkey_int;
-int MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert,
- const char *oid,
- int indx,
- unsigned int raw_flag,
- void *buf, size_t * sizeof_buf);
int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert,
unsigned int seq,
void *ret,
@@ -655,8 +555,6 @@ int MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert,
const MHD_gnutls_x509_crl_t *
crl_list, int crl_list_length);
-int MHD__gnutls_x509_crl_cpy (MHD_gnutls_x509_crl_t dest,
- MHD_gnutls_x509_crl_t src);
int MHD__gnutls_x509_crl_get_raw_issuer_dn (MHD_gnutls_x509_crl_t crl,
MHD_gnutls_datum_t * dn);
int MHD_gnutls_x509_crl_get_crt_count (MHD_gnutls_x509_crl_t crl);
@@ -670,9 +568,6 @@ int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl);
int MHD_gnutls_x509_crl_import (MHD_gnutls_x509_crl_t crl,
const MHD_gnutls_datum_t * data,
MHD_gnutls_x509_crt_fmt_t format);
-int MHD_gnutls_x509_crl_export (MHD_gnutls_x509_crl_t crl,
- MHD_gnutls_x509_crt_fmt_t format,
- void *output_data, size_t * output_data_size);
int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert);
void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert);
diff --git a/src/daemon/internal.c b/src/daemon/internal.c
@@ -106,11 +106,12 @@ MHD_DLOG (const struct MHD_Daemon *daemon, const char *format, ...)
va_end (va);
}
#endif
+
void
MHD_tls_log_func (int level, const char *str)
{
-#ifdef DEBUG
- FPRINTF (stdout, "|<%d>| %s", level, str);
+#ifdef HAVE_MESSAGES
+ FPRINTF (stderr, "|<%d>| %s", level, str);
#endif
}
diff --git a/src/testcurl/Makefile.am b/src/testcurl/Makefile.am
@@ -1,5 +1,9 @@
SUBDIRS = .
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
if ENABLE_HTTPS
SUBDIRS += https
endif
@@ -24,6 +28,7 @@ check_PROGRAMS = \
daemontest_put11 \
daemontest_large_put11 \
daemontest_long_header \
+ daemontest_long_header11 \
daemontest_get_chunked \
daemontest_put_chunked
noinst_PROGRAMS = \
@@ -131,3 +136,9 @@ daemontest_long_header_LDADD = \
$(top_builddir)/src/daemon/libmicrohttpd.la \
@LIBCURL@
+daemontest_long_header11_SOURCES = \
+ daemontest_long_header.c
+daemontest_long_header11_LDADD = \
+ $(top_builddir)/src/daemon/libmicrohttpd.la \
+ @LIBCURL@
+
diff --git a/src/testcurl/https/Makefile.am b/src/testcurl/https/Makefile.am
@@ -1,5 +1,9 @@
SUBDIRS = .
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
AM_CPPFLAGS = \
-I$(top_srcdir)/src/include \
-I$(top_srcdir)/src/daemon/https \
diff --git a/src/testcurl/https/bug-test.c b/src/testcurl/https/bug-test.c
@@ -32,6 +32,8 @@
#include "gnutls.h"
#include <curl/curl.h>
+#define DEBUG 0
+
#define PAGE_NOT_FOUND "<html><head><title>File not found</title></head><body>File not found</body></html>"
#define MHD_E_MEM "Error: memory error\n"
@@ -172,7 +174,7 @@ test_daemon_get (FILE * test_fd, char *cipher_suite, int proto_version)
doc_path, test_file_name);
c = curl_easy_init ();
-#ifdef DEBUG
+#if DEBUG
curl_easy_setopt (c, CURLOPT_VERBOSE, 1);
#endif
curl_easy_setopt (c, CURLOPT_URL, url);
diff --git a/src/testzzuf/Makefile.am b/src/testzzuf/Makefile.am
@@ -1,5 +1,9 @@
SUBDIRS = .
+if USE_COVERAGE
+ AM_CFLAGS = -fprofile-arcs -ftest-coverage
+endif
+
INCLUDES = -I$(top_srcdir)/src/include
EXTRA_DIST = README socat.c
