libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit e30a3a0a1c7423b435e6cb0a2a065c0ed3ac25be
parent 137077f15081248b401c93dcaf3a380ee7b91e30
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sun, 12 Oct 2008 20:52:17 +0000

dce

Diffstat:

Msrc/daemon/https/gnutls.h | 5-----


Msrc/daemon/https/tls/gnutls_handshake.c | 136+++++++++++++++++++++++++++----------------------------------------------------


Msrc/daemon/https/tls/gnutls_handshake.h | 23-----------------------


Msrc/daemon/https/tls/gnutls_rsa_export.c | 163-------------------------------------------------------------------------------


Msrc/daemon/https/tls/gnutls_rsa_export.h | 2+-


Msrc/daemon/https/x509/common.h | 2+-


Msrc/daemon/https/x509/privkey.h | 2+-


Msrc/daemon/https/x509/privkey_pkcs8.c | 2+-


Msrc/daemon/https/x509/x509.h | 18------------------


Msrc/daemon/https/x509/x509_privkey.c | 337++-----------------------------------------------------------------------------


10 files changed, 56 insertions(+), 634 deletions(-)

diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h
@@ -288,11 +288,6 @@ extern "C"
 
   void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
                                                   int allow);
-    MHD_gnutls_handshake_description_t
-    MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session);
-    MHD_gnutls_handshake_description_t
-    MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session);
-
 /*
  * Record layer functions.
  */
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
@@ -59,13 +59,39 @@
 #define TRUE 1
 #define FALSE 0
 
+
+/* This should be sufficient by now. It should hold all the extensions
+ * plus the headers in a hello message.
+ */
+#define MAX_EXT_DATA_LENGTH 1024
+
+
+static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
+                                           cipher_suite_st ** cipherSuites,
+                                           int numCipherSuites,
+                                           enum
+                                           MHD_GNUTLS_PublicKeyAlgorithm);
+static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
+                                  int datalen);
+
+static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len);
+
+static int MHD_gtls_handshake_common (MHD_gtls_session_t session);
+
+static int MHD_gtls_handshake_server (MHD_gtls_session_t session);
+
+#if MHD_DEBUG_TLS
+static int MHD_gtls_handshake_client (MHD_gtls_session_t session);
+#endif
+
+
 static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
                                               opaque * data, int datalen);
 
 
 /* Clears the handshake hash buffers and handles.
  */
-inline static void
+static void
 MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session)
 {
   MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL);
@@ -119,13 +145,13 @@ resume_copy_required_values (MHD_gtls_session_t session)
     session->internals.resumed_security_parameters.session_id_size;
 }
 
-void
+static void
 MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd)
 {
   memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE);
 }
 
-void
+static void
 MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd)
 {
   memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
@@ -243,7 +269,7 @@ MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret)
 /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data
  * and put it to dst.
  */
-int
+static int
 MHD_gtls_tls_create_random (opaque * dst)
 {
   uint32_t tim;
@@ -257,7 +283,7 @@ MHD_gtls_tls_create_random (opaque * dst)
   /* generate server random value */
   MHD_gtls_write_uint32 (tim, dst);
 
-  if (MHD_gc_nonce (&dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
+  if (MHD_gc_nonce ((char*) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
     {
       MHD_gnutls_assert ();
       return GNUTLS_E_RANDOM_FAILED;
@@ -268,7 +294,7 @@ MHD_gtls_tls_create_random (opaque * dst)
 
 /* returns the 0 on success or a negative value.
  */
-int
+static int
 MHD_gtls_negotiate_version (MHD_gtls_session_t session,
                             enum MHD_GNUTLS_Protocol adv_version)
 {
@@ -299,7 +325,7 @@ MHD_gtls_negotiate_version (MHD_gtls_session_t session,
   return ret;
 }
 
-int
+static int
 MHD_gtls_user_hello_func (MHD_gtls_session_t session,
                           enum MHD_GNUTLS_Protocol adv_version)
 {
@@ -469,7 +495,7 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data,
 
 /* here we hash all pending data.
  */
-inline static int
+static int
 MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session)
 {
   size_t siz;
@@ -669,7 +695,7 @@ MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
 /* This selects the best supported ciphersuite from the given ones. Then
  * it adds the suite to the session and performs some checks.
  */
-int
+static int
 MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
                               int datalen)
 {
@@ -1270,6 +1296,7 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data,
   return ret;
 }
 
+#if MHD_DEBUG_TLS
 /* This function checks if the given cipher suite is supported, and sets it
  * to the session;
  */
@@ -1352,6 +1379,7 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2])
   return 0;
 }
 
+
 /* This function sets the given comp method to the session.
  */
 static int
@@ -1407,7 +1435,8 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session,
   MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session,
                          session_id_len);
   MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
-                         MHD_gtls_bin2hex (session_id, session_id_len, buf,
+                         MHD_gtls_bin2hex (session_id, session_id_len, 
+					   (char*) buf,
                                            sizeof (buf)));
 
   if (session_id_len > 0 &&
@@ -1438,7 +1467,6 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session,
     }
 }
 
-
 /* This function reads and parses the server hello handshake message.
  * This function also restores resumed parameters if we are resuming a
  * session.
@@ -1653,12 +1681,6 @@ MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session,
   return datalen;
 }
 
-/* This should be sufficient by now. It should hold all the extensions
- * plus the headers in a hello message.
- */
-#define MAX_EXT_DATA_LENGTH 1024
-
-#if MHD_DEBUG_TLS
 /* This function sends the client hello handshake message.
  */
 static int
@@ -1930,7 +1952,7 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again)
 
       MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
                              MHD_gtls_bin2hex (SessionID, session_id_len,
-                                               buf, sizeof (buf)));
+                                               (char*) buf, sizeof (buf)));
 
       memcpy (&data[pos],
               session->security_parameters.current_cipher_suite.suite, 2);
@@ -2273,7 +2295,7 @@ MHD__gnutls_handshake (MHD_gtls_session_t session)
  * MHD_gtls_handshake_client
  * This function performs the client side of the handshake of the TLS/SSL protocol.
  */
-int
+static int
 MHD_gtls_handshake_client (MHD_gtls_session_t session)
 {
   int ret = 0;
@@ -2515,7 +2537,7 @@ MHD__gnutls_recv_handshake_final (MHD_gtls_session_t session, int init)
   * This function does the server stuff of the handshake protocol.
   */
 
-int
+static int
 MHD_gtls_handshake_server (MHD_gtls_session_t session)
 {
   int ret = 0;
@@ -2616,7 +2638,7 @@ MHD_gtls_handshake_server (MHD_gtls_session_t session)
   return 0;
 }
 
-int
+static int
 MHD_gtls_handshake_common (MHD_gtls_session_t session)
 {
   int ret = 0;
@@ -2651,12 +2673,12 @@ MHD_gtls_handshake_common (MHD_gtls_session_t session)
 
 }
 
-int
+static int
 MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len)
 {
   *len = TLS_MAX_SESSION_ID_SIZE;
 
-  if (MHD_gc_nonce (session_id, *len) != GC_OK)
+  if (MHD_gc_nonce ((char*) session_id, *len) != GC_OK)
     {
       MHD_gnutls_assert ();
       return GNUTLS_E_RANDOM_FAILED;
@@ -2811,7 +2833,7 @@ check_server_params (MHD_gtls_session_t session,
  * This does a more high level check than  MHD_gnutls_supported_ciphersuites(),
  * by checking certificates etc.
  */
-int
+static int
 MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
                                        cipher_suite_st ** cipherSuites,
                                        int numCipherSuites,
@@ -2939,75 +2961,9 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
 
 }
 
-/**
-  * MHD__gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message
-  * @session: is a #MHD_gtls_session_t structure.
-  * @max: is the maximum number.
-  *
-  * This function will set the maximum size of a handshake message.
-  * Handshake messages over this size are rejected.  The default value
-  * is 16kb which is large enough. Set this to 0 if you do not want to
-  * set an upper limit.
-  *
-  **/
-void
-MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session,
-                                            size_t max)
-{
-  session->internals.max_handshake_data_buffer_size = max;
-}
-
-void
-MHD_gtls_set_adv_version (MHD_gtls_session_t session,
-                          enum MHD_GNUTLS_Protocol ver)
-{
-  set_adv_version (session, MHD_gtls_version_get_major (ver),
-                   MHD_gtls_version_get_minor (ver));
-}
-
 enum MHD_GNUTLS_Protocol
 MHD_gtls_get_adv_version (MHD_gtls_session_t session)
 {
   return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session),
                                MHD__gnutls_get_adv_version_minor (session));
 }
-
-/**
-  * MHD_gtls_handshake_get_last_in - Returns the last handshake message received.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function is only useful to check where the last performed
-  * handshake failed.  If the previous handshake succeed or was not
-  * performed at all then no meaningful value will be returned.
-  *
-  * Check %MHD_gnutls_handshake_description_t in gnutls.h for the
-  * available handshake descriptions.
-  *
-  * Returns: the last handshake message type received, a
-  * %MHD_gnutls_handshake_description_t.
-  **/
-MHD_gnutls_handshake_description_t
-MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session)
-{
-  return session->internals.last_handshake_in;
-}
-
-/**
-  * MHD_gtls_handshake_get_last_out - Returns the last handshake message sent.
-  * @session: is a #MHD_gtls_session_t structure.
-  *
-  * This function is only useful to check where the last performed
-  * handshake failed.  If the previous handshake succeed or was not
-  * performed at all then no meaningful value will be returned.
-  *
-  * Check %MHD_gnutls_handshake_description_t in gnutls.h for the
-  * available handshake descriptions.
-  *
-  * Returns: the last handshake message type sent, a
-  * %MHD_gnutls_handshake_description_t.
-  **/
-MHD_gnutls_handshake_description_t
-MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session)
-{
-  return session->internals.last_handshake_out;
-}
diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h
@@ -36,29 +36,6 @@ int MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data,
 int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *,
                              MHD_gnutls_handshake_description_t,
                              Optional optional);
-int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len);
-int MHD_gtls_handshake_common (MHD_gtls_session_t session);
-int MHD_gtls_handshake_server (MHD_gtls_session_t session);
-void MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd);
-void MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd);
-int MHD_gtls_tls_create_random (opaque * dst);
-int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
-                                           cipher_suite_st ** cipherSuites,
-                                           int numCipherSuites,
-                                           enum
-                                           MHD_GNUTLS_PublicKeyAlgorithm);
-int MHD_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen);
-int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
-                                  int datalen);
-
-int MHD_gtls_negotiate_version (MHD_gtls_session_t session,
-                                enum MHD_GNUTLS_Protocol adv_version);
-int MHD_gtls_user_hello_func (MHD_gtls_session_t,
-                              enum MHD_GNUTLS_Protocol adv_version);
-
-#if MHD_DEBUG_TLS
-int MHD_gtls_handshake_client (MHD_gtls_session_t session);
-#endif
 
 #define STATE session->internals.handshake_state
 /* This returns true if we have got there
diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c
@@ -35,13 +35,6 @@
 #include "x509.h"
 #include "privkey.h"
 
-/* This function takes a number of bits and returns a supported
- * number of bits. Ie a number of bits that we have a prime in the
- * dh_primes structure.
- */
-
-#define MAX_SUPPORTED_BITS 512
-
 /* returns e and m, depends on the requested bits.
  * We only support limited key sizes.
  */
@@ -52,144 +45,9 @@ MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t rsa_params)
     {
       return NULL;
     }
-
   return rsa_params->params;
-
-}
-
-/* resarr will contain: modulus(0), public exponent(1), private exponent(2),
- * prime1 - p (3), prime2 - q(4), u (5).
- */
-int
-MHD__gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
-{
-
-  int ret;
-  gcry_sexp_t parms, key, list;
-
-  ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
-  if (ret != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  /* generate the RSA key */
-  ret = gcry_pk_genkey (&key, parms);
-  gcry_sexp_release (parms);
-
-  if (ret != 0)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  list = gcry_sexp_find_token (key, "n", 0);
-  if (list == NULL)
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (key);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
-  list = gcry_sexp_find_token (key, "e", 0);
-  if (list == NULL)
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (key);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
-  list = gcry_sexp_find_token (key, "d", 0);
-  if (list == NULL)
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (key);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
-  list = gcry_sexp_find_token (key, "p", 0);
-  if (list == NULL)
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (key);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
-
-  list = gcry_sexp_find_token (key, "q", 0);
-  if (list == NULL)
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (key);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
-
-  list = gcry_sexp_find_token (key, "u", 0);
-  if (list == NULL)
-    {
-      MHD_gnutls_assert ();
-      gcry_sexp_release (key);
-      return GNUTLS_E_INTERNAL_ERROR;
-    }
-
-  resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
-  gcry_sexp_release (list);
-
-  gcry_sexp_release (key);
-
-  MHD__gnutls_dump_mpi ("n: ", resarr[0]);
-  MHD__gnutls_dump_mpi ("e: ", resarr[1]);
-  MHD__gnutls_dump_mpi ("d: ", resarr[2]);
-  MHD__gnutls_dump_mpi ("p: ", resarr[3]);
-  MHD__gnutls_dump_mpi ("q: ", resarr[4]);
-  MHD__gnutls_dump_mpi ("u: ", resarr[5]);
-
-  *resarr_len = 6;
-
-  return 0;
-
 }
 
-/**
-  * MHD__gnutls_rsa_params_init - This function will initialize the temporary RSA parameters
-  * @rsa_params: Is a structure that will hold the parameters
-  *
-  * This function will initialize the temporary RSA parameters structure.
-  *
-  **/
-int
-MHD__gnutls_rsa_params_init (MHD_gtls_rsa_params_t * rsa_params)
-{
-  int ret;
-
-  ret = MHD_gnutls_x509_privkey_init (rsa_params);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-
-  (*rsa_params)->crippled = 1;
-
-  return 0;
-}
 
 /**
   * MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA parameters
@@ -204,24 +62,3 @@ MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params)
   MHD_gnutls_x509_privkey_deinit (rsa_params);
 }
 
-/**
-  * MHD__gnutls_rsa_params_generate2 - This function will generate temporary RSA parameters
-  * @params: The structure where the parameters will be stored
-  * @bits: is the prime's number of bits
-  *
-  * This function will generate new temporary RSA parameters for use in
-  * RSA-EXPORT ciphersuites.  This function is normally slow.
-  *
-  * Note that if the parameters are to be used in export cipher suites the
-  * bits value should be 512 or less.
-  * Also note that the generation of new RSA parameters is only useful
-  * to servers. Clients use the parameters sent by the server, thus it's
-  * no use calling this in client side.
-  *
-  **/
-int
-MHD__gnutls_rsa_params_generate2 (MHD_gtls_rsa_params_t params,
-                                 unsigned int bits)
-{
-  return MHD_gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0);
-}
diff --git a/src/daemon/https/tls/gnutls_rsa_export.h b/src/daemon/https/tls/gnutls_rsa_export.h
@@ -24,4 +24,4 @@
 
 const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t);
 int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session);
-int MHD__gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits);
+
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
@@ -116,7 +116,7 @@ int MHD__gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
                                              MHD_GNUTLS_PublicKeyAlgorithm
                                              pk_algorithm, mpi_t * params,
                                              int params_size);
-int MHD__gnutlsMHD__asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
+int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
                             ASN1_TYPE src, const char *src_name);
 
 int MHD__gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h
@@ -28,4 +28,4 @@ ASN1_TYPE MHD__gnutls_privkey_decode_pkcs1_rsa_key (const MHD_gnutls_datum_t *
                                                 raw_key,
                                                 MHD_gnutls_x509_privkey_t pkey);
 
-int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
+int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c
@@ -474,7 +474,7 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, MHD_gnutls_x509_privkey pkey)
 
     if (!pkey->crippled)
       {
-        ret = MHD__gnutlsMHD__asn1_encode_dsa (&pkey->key, pkey->params);
+        ret = MHD__gnutls_asn1_encode_dsa (&pkey->key, pkey->params);
         if (ret < 0)
           {
             MHD_gnutls_assert ();
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
@@ -560,8 +560,6 @@ extern "C"
                                           const MHD_gnutls_datum_t * p,
                                           const MHD_gnutls_datum_t * q,
                                           const MHD_gnutls_datum_t * u);
-  int MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key);
-
   int MHD_gnutls_x509_privkey_export_dsa_raw (MHD_gnutls_x509_privkey_t key,
                                           MHD_gnutls_datum_t * p,
                                           MHD_gnutls_datum_t * q,
@@ -581,10 +579,6 @@ extern "C"
                                       unsigned char *output_data,
                                       size_t * output_data_size);
 
-  int MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key,
-                                    enum MHD_GNUTLS_PublicKeyAlgorithm algo,
-                                    unsigned int bits, unsigned int flags);
-
   int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key,
                                   MHD_gnutls_x509_crt_fmt_t format,
                                   void *output_data,
@@ -603,14 +597,6 @@ extern "C"
                                           MHD_gnutls_datum_t * q,
                                           MHD_gnutls_datum_t * u);
 
-/* Signing stuff.
- */
-  int MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key,
-                                     enum MHD_GNUTLS_HashAlgorithm digest,
-                                     unsigned int flags,
-                                     const MHD_gnutls_datum_t * data,
-                                     void *signature,
-                                     size_t * signature_size);
   int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key,
                                        unsigned int flags,
                                        const MHD_gnutls_datum_t * data,
@@ -620,10 +606,6 @@ extern "C"
                                    const MHD_gnutls_datum_t * data,
                                    const MHD_gnutls_datum_t * signature);
 
-  int MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key,
-                                     const MHD_gnutls_datum_t * hash,
-                                     MHD_gnutls_datum_t * signature);
-
 /* Certificate request stuff.
  */
   struct MHD_gnutls_x509_crq_int;
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c
@@ -39,8 +39,8 @@
 #include <dsa.h>
 #include <verify.h>
 
-static int MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params);
-int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
+static int MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params);
+int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
 
 /* remove this when libgcrypt can handle the PKCS #1 coefficients from
  * rsa keys
@@ -127,7 +127,7 @@ MHD_gnutls_x509_privkey_cpy (MHD_gnutls_x509_privkey_t dst, MHD_gnutls_x509_priv
       switch (dst->pk_algorithm)
         {
         case MHD_GNUTLS_PK_RSA:
-          ret = MHD__gnutlsMHD__asn1_encode_rsa (&dst->key, dst->params);
+          ret = MHD__gnutls_asn1_encode_rsa (&dst->key, dst->params);
           if (ret < 0)
             {
               MHD_gnutls_assert ();
@@ -439,7 +439,7 @@ MHD_gnutls_x509_privkey_import_rsa_raw (MHD_gnutls_x509_privkey_t key,
 
   if (!key->crippled)
     {
-      ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params);
+      ret = MHD__gnutls_asn1_encode_rsa (&key->key, key->params);
       if (ret < 0)
         {
           MHD_gnutls_assert ();
@@ -481,7 +481,7 @@ MHD_gnutls_x509_privkey_get_pk_algorithm (MHD_gnutls_x509_privkey_t key)
 /* Encodes the RSA parameters into an ASN.1 RSA private key structure.
  */
 static int
-MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
+MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
 {
   int result, i;
   size_t size[8], total;
@@ -712,7 +712,7 @@ cleanup:MHD_gtls_mpi_release (&u);
 /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
  */
 int
-MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
+MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
 {
   int result, i;
   size_t size[DSA_PRIVATE_PARAMS], total;
@@ -823,328 +823,3 @@ cleanup:MHD__asn1_delete_structure (c2);
   return result;
 }
 
-/**
- * MHD_gnutls_x509_privkey_generate - This function will generate a private key
- * @key: should contain a MHD_gnutls_x509_privkey_t structure
- * @algo: is one of RSA or DSA.
- * @bits: the size of the modulus
- * @flags: unused for now. Must be 0.
- *
- * This function will generate a random private key. Note that
- * this function must be called on an empty private key.
- *
- * Returns 0 on success or a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key,
-                              enum MHD_GNUTLS_PublicKeyAlgorithm algo,
-                              unsigned int bits, unsigned int flags)
-{
-  int ret, params_len;
-  int i;
-
-  if (key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  switch (algo)
-    {
-    case MHD_GNUTLS_PK_RSA:
-      ret = MHD__gnutls_rsa_generate_params (key->params, &params_len, bits);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-
-      if (!key->crippled)
-        {
-          ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params);
-          if (ret < 0)
-            {
-              MHD_gnutls_assert ();
-              goto cleanup;
-            }
-        }
-
-      key->params_size = params_len;
-      key->pk_algorithm = MHD_GNUTLS_PK_RSA;
-
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  return 0;
-
-cleanup:key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN;
-  key->params_size = 0;
-  for (i = 0; i < params_len; i++)
-    MHD_gtls_mpi_release (&key->params[i]);
-
-  return ret;
-}
-
-/**
- * MHD_gnutls_x509_privkey_get_key_id - Return unique ID of the key's parameters
- * @key: Holds the key
- * @flags: should be 0 for now
- * @output_data: will contain the key ID
- * @output_data_size: holds the size of output_data (and will be
- *   replaced by the actual size of parameters)
- *
- * This function will return a unique ID the depends on the public key
- * parameters. This ID can be used in checking whether a certificate
- * corresponds to the given key.
- *
- * If the buffer provided is not long enough to hold the output, then
- * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
- * be returned.  The output will normally be a SHA-1 hash output,
- * which is 20 bytes.
- *
- * Return value: In case of failure a negative value will be
- *   returned, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key,
-                                unsigned int flags,
-                                unsigned char *output_data,
-                                size_t * output_data_size)
-{
-  int result;
-  GNUTLS_HASH_HANDLE hd;
-  MHD_gnutls_datum_t der = { NULL,
-    0
-  };
-
-  if (key == NULL || key->crippled)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  if (*output_data_size < 20)
-    {
-      MHD_gnutls_assert ();
-      *output_data_size = 20;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-
-  if (key->pk_algorithm == MHD_GNUTLS_PK_RSA)
-    {
-      result = MHD__gnutls_x509_write_rsa_params (key->params, key->params_size,
-                                              &der);
-      if (result < 0)
-        {
-          MHD_gnutls_assert ();
-          goto cleanup;
-        }
-    }
-  else
-    return GNUTLS_E_INTERNAL_ERROR;
-
-  hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
-  if (hd == GNUTLS_HASH_FAILED)
-    {
-      MHD_gnutls_assert ();
-      result = GNUTLS_E_INTERNAL_ERROR;
-      goto cleanup;
-    }
-
-  MHD_gnutls_hash (hd, der.data, der.size);
-
-  MHD_gnutls_hash_deinit (hd, output_data);
-  *output_data_size = 20;
-
-  result = 0;
-
-cleanup:
-
-  MHD__gnutls_free_datum (&der);
-  return result;
-}
-
-#ifdef ENABLE_PKI
-
-/**
- * MHD_gnutls_x509_privkey_sign_data - This function will sign the given data using the private key params
- * @key: Holds the key
- * @digest: should be MD5 or SHA1
- * @flags: should be 0 for now
- * @data: holds the data to be signed
- * @signature: will contain the signature
- * @signature_size: holds the size of signature (and will be replaced
- *   by the new size)
- *
- * This function will sign the given data using a signature algorithm
- * supported by the private key. Signature algorithms are always used
- * together with a hash functions.  Different hash functions may be
- * used for the RSA algorithm, but only SHA-1 for the DSA keys.
- *
- * If the buffer provided is not long enough to hold the output, then
- * *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
- * be returned.
- *
- * In case of failure a negative value will be returned, and
- * 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key,
-                               enum MHD_GNUTLS_HashAlgorithm digest,
-                               unsigned int flags,
-                               const MHD_gnutls_datum_t * data,
-                               void *signature, size_t * signature_size)
-{
-  int result;
-  MHD_gnutls_datum_t sig = { NULL, 0 };
-
-  if (key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  result = MHD__gnutls_x509_sign (data, digest, key, &sig);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  if (*signature_size < sig.size)
-    {
-      *signature_size = sig.size;
-      MHD__gnutls_free_datum (&sig);
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-
-  *signature_size = sig.size;
-  memcpy (signature, sig.data, sig.size);
-
-  MHD__gnutls_free_datum (&sig);
-
-  return 0;
-}
-
-/**
- * MHD_gnutls_x509_privkey_sign_hash - This function will sign the given data using the private key params
- * @key: Holds the key
- * @hash: holds the data to be signed
- * @signature: will contain newly allocated signature
- *
- * This function will sign the given hash using the private key.
- *
- * Return value: In case of failure a negative value will be returned,
- * and 0 on success.
- **/
-int
-MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key,
-                               const MHD_gnutls_datum_t * hash,
-                               MHD_gnutls_datum_t * signature)
-{
-  int result;
-
-  if (key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  result = MHD_gtls_sign (key->pk_algorithm, key->params,
-                          key->params_size, hash, signature);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return result;
-    }
-
-  return 0;
-}
-
-/**
- * MHD_gnutls_x509_privkey_verify_data - This function will verify the given signed data.
- * @key: Holds the key
- * @flags: should be 0 for now
- * @data: holds the data to be signed
- * @signature: contains the signature
- *
- * This function will verify the given signed data, using the parameters in the
- * private key.
- *
- * In case of a verification failure 0 is returned, and
- * 1 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key,
-                                 unsigned int flags,
-                                 const MHD_gnutls_datum_t * data,
-                                 const MHD_gnutls_datum_t * signature)
-{
-  int result;
-
-  if (key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  result = MHD__gnutls_x509_privkey_verify_signature (data, signature, key);
-  if (result < 0)
-    {
-      MHD_gnutls_assert ();
-      return 0;
-    }
-
-  return result;
-}
-
-/**
- * MHD_gnutls_x509_privkey_fix - This function will recalculate some parameters of the key.
- * @key: Holds the key
- *
- * This function will recalculate the secondary parameters in a key.
- * In RSA keys, this can be the coefficient and exponent1,2.
- *
- * Return value: In case of failure a negative value will be
- *   returned, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key)
-{
-  int ret;
-
-  if (key == NULL)
-    {
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  if (!key->crippled)
-    MHD__asn1_delete_structure (&key->key);
-  switch (key->pk_algorithm)
-    {
-    case MHD_GNUTLS_PK_RSA:
-      ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  return 0;
-}
-
-#endif