diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-10-12 21:40:47 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-10-12 21:40:47 +0000 |
commit | fd769761a5236eeead5f7895aa5209b1ffad7028 (patch) | |
tree | 81e662c3745c806d3bba1e7418bd1abba58a7d93 | |
parent | 19db7f74f4f6e37dc645f8363fd1259422a01462 (diff) | |
download | libmicrohttpd-fd769761a5236eeead5f7895aa5209b1ffad7028.tar.gz libmicrohttpd-fd769761a5236eeead5f7895aa5209b1ffad7028.zip |
removing dead extension code
-rw-r--r-- | src/daemon/https/x509/common.c | 82 | ||||
-rw-r--r-- | src/daemon/https/x509/common.h | 4 | ||||
-rw-r--r-- | src/daemon/https/x509/dn.c | 4 | ||||
-rw-r--r-- | src/daemon/https/x509/extensions.c | 736 | ||||
-rw-r--r-- | src/daemon/https/x509/extensions.h | 30 | ||||
-rw-r--r-- | src/daemon/https/x509/sign.c | 94 | ||||
-rw-r--r-- | src/daemon/https/x509/sign.h | 8 | ||||
-rw-r--r-- | src/daemon/https/x509/x509.c | 1576 | ||||
-rw-r--r-- | src/daemon/https/x509/x509.h | 131 |
9 files changed, 14 insertions, 2651 deletions
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c index 43da45c9..6e7e0853 100644 --- a/src/daemon/https/x509/common.c +++ b/src/daemon/https/x509/common.c | |||
@@ -381,7 +381,7 @@ MHD__gnutls_x509_oid_data2string (const char *oid, | |||
381 | } | 381 | } |
382 | else | 382 | else |
383 | { | 383 | { |
384 | result = MHD__gnutls_x509_data2hex (str, len, res, res_size); | 384 | result = MHD__gnutls_x509_data2hex ((const unsigned char*) str, len, (unsigned char*) res, res_size); |
385 | if (result < 0) | 385 | if (result < 0) |
386 | { | 386 | { |
387 | MHD_gnutls_assert (); | 387 | MHD_gnutls_assert (); |
@@ -425,8 +425,8 @@ MHD__gnutls_x509_data2hex (const opaque * data, | |||
425 | 425 | ||
426 | if (out) | 426 | if (out) |
427 | { | 427 | { |
428 | strcpy (out, "#"); | 428 | strcpy ((char*) out, "#"); |
429 | strcat (out, res); | 429 | strcat ((char*) out, res); |
430 | } | 430 | } |
431 | 431 | ||
432 | return 0; | 432 | return 0; |
@@ -521,7 +521,7 @@ mktime_utc (const struct fake_tm *tm) | |||
521 | * month|day|hour|minute|sec* (2 chars each) | 521 | * month|day|hour|minute|sec* (2 chars each) |
522 | * and year is given. Returns a time_t date. | 522 | * and year is given. Returns a time_t date. |
523 | */ | 523 | */ |
524 | time_t | 524 | static time_t |
525 | MHD__gnutls_x509_time2gtime (const char *ttime, int year) | 525 | MHD__gnutls_x509_time2gtime (const char *ttime, int year) |
526 | { | 526 | { |
527 | char xx[3]; | 527 | char xx[3]; |
@@ -588,7 +588,7 @@ MHD__gnutls_x509_time2gtime (const char *ttime, int year) | |||
588 | * | 588 | * |
589 | * (seconds are optional) | 589 | * (seconds are optional) |
590 | */ | 590 | */ |
591 | time_t | 591 | static time_t |
592 | MHD__gnutls_x509_utcTime2gtime (const char *ttime) | 592 | MHD__gnutls_x509_utcTime2gtime (const char *ttime) |
593 | { | 593 | { |
594 | char xx[3]; | 594 | char xx[3]; |
@@ -614,44 +614,11 @@ MHD__gnutls_x509_utcTime2gtime (const char *ttime) | |||
614 | return MHD__gnutls_x509_time2gtime (ttime, year); | 614 | return MHD__gnutls_x509_time2gtime (ttime, year); |
615 | } | 615 | } |
616 | 616 | ||
617 | /* returns a time value that contains the given time. | ||
618 | * The given time is expressed as: | ||
619 | * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2) | ||
620 | */ | ||
621 | int | ||
622 | MHD__gnutls_x509_gtime2utcTime (time_t gtime, char *str_time, int str_time_size) | ||
623 | { | ||
624 | size_t ret; | ||
625 | |||
626 | #ifdef HAVE_GMTIME_R | ||
627 | struct tm _tm; | ||
628 | |||
629 | gmtime_r (>ime, &_tm); | ||
630 | |||
631 | ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm); | ||
632 | #else | ||
633 | struct tm *_tm; | ||
634 | |||
635 | _tm = gmtime (>ime); | ||
636 | |||
637 | ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", _tm); | ||
638 | #endif | ||
639 | |||
640 | if (!ret) | ||
641 | { | ||
642 | MHD_gnutls_assert (); | ||
643 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
644 | } | ||
645 | |||
646 | return 0; | ||
647 | |||
648 | } | ||
649 | |||
650 | /* returns a time_t value that contains the given time. | 617 | /* returns a time_t value that contains the given time. |
651 | * The given time is expressed as: | 618 | * The given time is expressed as: |
652 | * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)* | 619 | * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)* |
653 | */ | 620 | */ |
654 | time_t | 621 | static time_t |
655 | MHD__gnutls_x509_generalTime2gtime (const char *ttime) | 622 | MHD__gnutls_x509_generalTime2gtime (const char *ttime) |
656 | { | 623 | { |
657 | char xx[5]; | 624 | char xx[5]; |
@@ -735,43 +702,6 @@ MHD__gnutls_x509_get_time (ASN1_TYPE c2, const char *when) | |||
735 | return c_time; | 702 | return c_time; |
736 | } | 703 | } |
737 | 704 | ||
738 | /* Sets the time in time_t in the ASN1_TYPE given. Where should | ||
739 | * be something like "tbsCertList.thisUpdate". | ||
740 | */ | ||
741 | int | ||
742 | MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim) | ||
743 | { | ||
744 | char str_time[MAX_TIME]; | ||
745 | char name[128]; | ||
746 | int result, len; | ||
747 | |||
748 | MHD_gtls_str_cpy (name, sizeof (name), where); | ||
749 | |||
750 | if ((result = MHD__asn1_write_value (c2, name, "utcTime", 1)) < 0) | ||
751 | { | ||
752 | MHD_gnutls_assert (); | ||
753 | return MHD_gtls_asn2err (result); | ||
754 | } | ||
755 | |||
756 | result = MHD__gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time)); | ||
757 | if (result < 0) | ||
758 | { | ||
759 | MHD_gnutls_assert (); | ||
760 | return result; | ||
761 | } | ||
762 | |||
763 | MHD_gtls_str_cat (name, sizeof (name), ".utcTime"); | ||
764 | |||
765 | len = strlen (str_time); | ||
766 | result = MHD__asn1_write_value (c2, name, str_time, len); | ||
767 | if (result != ASN1_SUCCESS) | ||
768 | { | ||
769 | MHD_gnutls_assert (); | ||
770 | return MHD_gtls_asn2err (result); | ||
771 | } | ||
772 | |||
773 | return 0; | ||
774 | } | ||
775 | 705 | ||
776 | MHD_gnutls_x509_subject_alt_name_t | 706 | MHD_gnutls_x509_subject_alt_name_t |
777 | MHD__gnutls_x509_san_find_type (char *str_type) | 707 | MHD__gnutls_x509_san_find_type (char *str_type) |
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h index 059fafe0..0102c5a7 100644 --- a/src/daemon/https/x509/common.h +++ b/src/daemon/https/x509/common.h | |||
@@ -58,10 +58,6 @@ | |||
58 | #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" | 58 | #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" |
59 | #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" | 59 | #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" |
60 | 60 | ||
61 | time_t MHD__gnutls_x509_utcTime2gtime (const char *ttime); | ||
62 | time_t MHD__gnutls_x509_generalTime2gtime (const char *ttime); | ||
63 | int MHD__gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); | ||
64 | |||
65 | int MHD__gnutls_x509_decode_octet_string (const char *string_type, | 61 | int MHD__gnutls_x509_decode_octet_string (const char *string_type, |
66 | const opaque * der, size_t der_size, | 62 | const opaque * der, size_t der_size, |
67 | opaque * output, size_t * output_size); | 63 | opaque * output, size_t * output_size); |
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c index 8dcc458a..eac31f33 100644 --- a/src/daemon/https/x509/dn.c +++ b/src/daemon/https/x509/dn.c | |||
@@ -273,7 +273,7 @@ MHD__gnutls_x509_parse_dn (ASN1_TYPE MHD__asn1_struct, | |||
273 | 273 | ||
274 | if (!printable || result < 0) | 274 | if (!printable || result < 0) |
275 | result = | 275 | result = |
276 | MHD__gnutls_x509_data2hex (value2, len, string, &sizeof_string); | 276 | MHD__gnutls_x509_data2hex ((const unsigned char*) value2, len, (unsigned char*) string, &sizeof_string); |
277 | 277 | ||
278 | if (result < 0) | 278 | if (result < 0) |
279 | { | 279 | { |
@@ -477,7 +477,7 @@ MHD__gnutls_x509_parse_dn_oid (ASN1_TYPE MHD__asn1_struct, | |||
477 | cbuf, sizeof_buf); | 477 | cbuf, sizeof_buf); |
478 | else | 478 | else |
479 | result = | 479 | result = |
480 | MHD__gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf); | 480 | MHD__gnutls_x509_data2hex (buf, len, (unsigned char*) cbuf, sizeof_buf); |
481 | 481 | ||
482 | if (result < 0) | 482 | if (result < 0) |
483 | { | 483 | { |
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c index f22fac36..8bf36000 100644 --- a/src/daemon/https/x509/extensions.c +++ b/src/daemon/https/x509/extensions.c | |||
@@ -259,191 +259,6 @@ MHD__gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert, | |||
259 | } | 259 | } |
260 | } | 260 | } |
261 | 261 | ||
262 | /* This function will attempt to set the requested extension in | ||
263 | * the given X509v3 certificate. | ||
264 | * | ||
265 | * Critical will be either 0 or 1. | ||
266 | */ | ||
267 | static int | ||
268 | set_extension (ASN1_TYPE asn, const char *extension_id, | ||
269 | const MHD_gnutls_datum_t * ext_data, unsigned int critical) | ||
270 | { | ||
271 | int result; | ||
272 | const char *str; | ||
273 | |||
274 | /* Add a new extension in the list. | ||
275 | */ | ||
276 | result = MHD__asn1_write_value (asn, "tbsCertificate.extensions", "NEW", 1); | ||
277 | if (result != ASN1_SUCCESS) | ||
278 | { | ||
279 | MHD_gnutls_assert (); | ||
280 | return MHD_gtls_asn2err (result); | ||
281 | } | ||
282 | |||
283 | result = | ||
284 | MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.extnID", | ||
285 | extension_id, 1); | ||
286 | if (result != ASN1_SUCCESS) | ||
287 | { | ||
288 | MHD_gnutls_assert (); | ||
289 | return MHD_gtls_asn2err (result); | ||
290 | } | ||
291 | |||
292 | if (critical == 0) | ||
293 | str = "FALSE"; | ||
294 | else | ||
295 | str = "TRUE"; | ||
296 | |||
297 | |||
298 | result = | ||
299 | MHD__asn1_write_value (asn, "tbsCertificate.extensions.?LAST.critical", | ||
300 | str, 1); | ||
301 | if (result != ASN1_SUCCESS) | ||
302 | { | ||
303 | MHD_gnutls_assert (); | ||
304 | return MHD_gtls_asn2err (result); | ||
305 | } | ||
306 | |||
307 | result = | ||
308 | MHD__gnutls_x509_write_value (asn, | ||
309 | "tbsCertificate.extensions.?LAST.extnValue", | ||
310 | ext_data, 0); | ||
311 | if (result < 0) | ||
312 | { | ||
313 | MHD_gnutls_assert (); | ||
314 | return result; | ||
315 | } | ||
316 | |||
317 | return 0; | ||
318 | } | ||
319 | |||
320 | /* Overwrite the given extension (using the index) | ||
321 | * index here starts from one. | ||
322 | */ | ||
323 | static int | ||
324 | overwrite_extension (ASN1_TYPE asn, unsigned int indx, | ||
325 | const MHD_gnutls_datum_t * ext_data, unsigned int critical) | ||
326 | { | ||
327 | char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; | ||
328 | const char *str; | ||
329 | int result; | ||
330 | |||
331 | snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", indx); | ||
332 | |||
333 | if (critical == 0) | ||
334 | str = "FALSE"; | ||
335 | else | ||
336 | str = "TRUE"; | ||
337 | |||
338 | MHD_gtls_str_cpy (name2, sizeof (name2), name); | ||
339 | MHD_gtls_str_cat (name2, sizeof (name2), ".critical"); | ||
340 | |||
341 | result = MHD__asn1_write_value (asn, name2, str, 1); | ||
342 | if (result != ASN1_SUCCESS) | ||
343 | { | ||
344 | MHD_gnutls_assert (); | ||
345 | return MHD_gtls_asn2err (result); | ||
346 | } | ||
347 | |||
348 | MHD_gtls_str_cpy (name2, sizeof (name2), name); | ||
349 | MHD_gtls_str_cat (name2, sizeof (name2), ".extnValue"); | ||
350 | |||
351 | result = MHD__gnutls_x509_write_value (asn, name2, ext_data, 0); | ||
352 | if (result < 0) | ||
353 | { | ||
354 | MHD_gnutls_assert (); | ||
355 | return result; | ||
356 | } | ||
357 | |||
358 | return 0; | ||
359 | } | ||
360 | |||
361 | /* This function will attempt to overwrite the requested extension with | ||
362 | * the given one. | ||
363 | * | ||
364 | * Critical will be either 0 or 1. | ||
365 | */ | ||
366 | int | ||
367 | MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert, | ||
368 | const char *ext_id, | ||
369 | const MHD_gnutls_datum_t * ext_data, | ||
370 | unsigned int critical) | ||
371 | { | ||
372 | int result; | ||
373 | int k, len; | ||
374 | char name[MAX_NAME_SIZE], name2[MAX_NAME_SIZE]; | ||
375 | char extnID[128]; | ||
376 | |||
377 | /* Find the index of the given extension. | ||
378 | */ | ||
379 | k = 0; | ||
380 | do | ||
381 | { | ||
382 | k++; | ||
383 | |||
384 | snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u", k); | ||
385 | |||
386 | len = sizeof (extnID) - 1; | ||
387 | result = MHD__asn1_read_value (cert->cert, name, extnID, &len); | ||
388 | |||
389 | /* move to next | ||
390 | */ | ||
391 | |||
392 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
393 | { | ||
394 | break; | ||
395 | } | ||
396 | |||
397 | do | ||
398 | { | ||
399 | |||
400 | MHD_gtls_str_cpy (name2, sizeof (name2), name); | ||
401 | MHD_gtls_str_cat (name2, sizeof (name2), ".extnID"); | ||
402 | |||
403 | len = sizeof (extnID) - 1; | ||
404 | result = MHD__asn1_read_value (cert->cert, name2, extnID, &len); | ||
405 | |||
406 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
407 | { | ||
408 | MHD_gnutls_assert (); | ||
409 | break; | ||
410 | } | ||
411 | else if (result != ASN1_SUCCESS) | ||
412 | { | ||
413 | MHD_gnutls_assert (); | ||
414 | return MHD_gtls_asn2err (result); | ||
415 | } | ||
416 | |||
417 | /* Handle Extension | ||
418 | */ | ||
419 | if (strcmp (extnID, ext_id) == 0) | ||
420 | { | ||
421 | /* extension was found | ||
422 | */ | ||
423 | return overwrite_extension (cert->cert, k, ext_data, critical); | ||
424 | } | ||
425 | |||
426 | |||
427 | } | ||
428 | while (0); | ||
429 | } | ||
430 | while (1); | ||
431 | |||
432 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
433 | { | ||
434 | return set_extension (cert->cert, ext_id, ext_data, critical); | ||
435 | } | ||
436 | else | ||
437 | { | ||
438 | MHD_gnutls_assert (); | ||
439 | return MHD_gtls_asn2err (result); | ||
440 | } | ||
441 | |||
442 | |||
443 | return 0; | ||
444 | } | ||
445 | |||
446 | |||
447 | /* Here we only extract the KeyUsage field, from the DER encoded | 262 | /* Here we only extract the KeyUsage field, from the DER encoded |
448 | * extension. | 263 | * extension. |
449 | */ | 264 | */ |
@@ -520,7 +335,7 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA, | |||
520 | if (pathLenConstraint) | 335 | if (pathLenConstraint) |
521 | { | 336 | { |
522 | result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint", | 337 | result = MHD__gnutls_x509_read_uint (ext, "pathLenConstraint", |
523 | pathLenConstraint); | 338 | (unsigned int*) pathLenConstraint); |
524 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) | 339 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) |
525 | *pathLenConstraint = -1; | 340 | *pathLenConstraint = -1; |
526 | else if (result != GNUTLS_E_SUCCESS) | 341 | else if (result != GNUTLS_E_SUCCESS) |
@@ -544,552 +359,3 @@ MHD__gnutls_x509_ext_extract_basicConstraints (int *CA, | |||
544 | 359 | ||
545 | return 0; | 360 | return 0; |
546 | } | 361 | } |
547 | |||
548 | /* generate the basicConstraints in a DER encoded extension | ||
549 | * Use 0 or 1 (TRUE) for CA. | ||
550 | * Use negative values for pathLenConstraint to indicate that the field | ||
551 | * should not be present, >= 0 to indicate set values. | ||
552 | */ | ||
553 | int | ||
554 | MHD__gnutls_x509_ext_gen_basicConstraints (int CA, | ||
555 | int pathLenConstraint, | ||
556 | MHD_gnutls_datum_t * der_ext) | ||
557 | { | ||
558 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
559 | const char *str; | ||
560 | int result; | ||
561 | |||
562 | if (CA == 0) | ||
563 | str = "FALSE"; | ||
564 | else | ||
565 | str = "TRUE"; | ||
566 | |||
567 | result = | ||
568 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext); | ||
569 | if (result != ASN1_SUCCESS) | ||
570 | { | ||
571 | MHD_gnutls_assert (); | ||
572 | return MHD_gtls_asn2err (result); | ||
573 | } | ||
574 | |||
575 | result = MHD__asn1_write_value (ext, "cA", str, 1); | ||
576 | if (result != ASN1_SUCCESS) | ||
577 | { | ||
578 | MHD_gnutls_assert (); | ||
579 | MHD__asn1_delete_structure (&ext); | ||
580 | return MHD_gtls_asn2err (result); | ||
581 | } | ||
582 | |||
583 | if (pathLenConstraint < 0) | ||
584 | { | ||
585 | result = MHD__asn1_write_value (ext, "pathLenConstraint", NULL, 0); | ||
586 | if (result < 0) | ||
587 | result = MHD_gtls_asn2err (result); | ||
588 | } | ||
589 | else | ||
590 | result = MHD__gnutls_x509_write_uint32 (ext, "pathLenConstraint", | ||
591 | pathLenConstraint); | ||
592 | if (result < 0) | ||
593 | { | ||
594 | MHD_gnutls_assert (); | ||
595 | MHD__asn1_delete_structure (&ext); | ||
596 | return result; | ||
597 | } | ||
598 | |||
599 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
600 | |||
601 | MHD__asn1_delete_structure (&ext); | ||
602 | |||
603 | if (result < 0) | ||
604 | { | ||
605 | MHD_gnutls_assert (); | ||
606 | return result; | ||
607 | } | ||
608 | |||
609 | return 0; | ||
610 | } | ||
611 | |||
612 | /* generate the keyUsage in a DER encoded extension | ||
613 | * Use an ORed SEQUENCE of GNUTLS_KEY_* for usage. | ||
614 | */ | ||
615 | int | ||
616 | MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext) | ||
617 | { | ||
618 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
619 | int result; | ||
620 | uint8_t str[2]; | ||
621 | |||
622 | result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.KeyUsage", &ext); | ||
623 | if (result != ASN1_SUCCESS) | ||
624 | { | ||
625 | MHD_gnutls_assert (); | ||
626 | return MHD_gtls_asn2err (result); | ||
627 | } | ||
628 | |||
629 | str[0] = usage & 0xff; | ||
630 | str[1] = usage >> 8; | ||
631 | |||
632 | result = MHD__asn1_write_value (ext, "", str, 9); | ||
633 | if (result != ASN1_SUCCESS) | ||
634 | { | ||
635 | MHD_gnutls_assert (); | ||
636 | MHD__asn1_delete_structure (&ext); | ||
637 | return MHD_gtls_asn2err (result); | ||
638 | } | ||
639 | |||
640 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
641 | |||
642 | MHD__asn1_delete_structure (&ext); | ||
643 | |||
644 | if (result < 0) | ||
645 | { | ||
646 | MHD_gnutls_assert (); | ||
647 | return result; | ||
648 | } | ||
649 | |||
650 | return 0; | ||
651 | } | ||
652 | |||
653 | static int | ||
654 | write_new_general_name (ASN1_TYPE ext, const char *ext_name, | ||
655 | MHD_gnutls_x509_subject_alt_name_t type, | ||
656 | const char *data_string) | ||
657 | { | ||
658 | const char *str; | ||
659 | int result; | ||
660 | char name[128]; | ||
661 | |||
662 | result = MHD__asn1_write_value (ext, ext_name, "NEW", 1); | ||
663 | if (result != ASN1_SUCCESS) | ||
664 | { | ||
665 | MHD_gnutls_assert (); | ||
666 | return MHD_gtls_asn2err (result); | ||
667 | } | ||
668 | |||
669 | switch (type) | ||
670 | { | ||
671 | case GNUTLS_SAN_DNSNAME: | ||
672 | str = "dNSName"; | ||
673 | break; | ||
674 | case GNUTLS_SAN_RFC822NAME: | ||
675 | str = "rfc822Name"; | ||
676 | break; | ||
677 | case GNUTLS_SAN_URI: | ||
678 | str = "uniformResourceIdentifier"; | ||
679 | break; | ||
680 | case GNUTLS_SAN_IPADDRESS: | ||
681 | str = "iPAddress"; | ||
682 | break; | ||
683 | default: | ||
684 | MHD_gnutls_assert (); | ||
685 | return GNUTLS_E_INTERNAL_ERROR; | ||
686 | } | ||
687 | |||
688 | if (ext_name[0] == 0) | ||
689 | { /* no dot */ | ||
690 | MHD_gtls_str_cpy (name, sizeof (name), "?LAST"); | ||
691 | } | ||
692 | else | ||
693 | { | ||
694 | MHD_gtls_str_cpy (name, sizeof (name), ext_name); | ||
695 | MHD_gtls_str_cat (name, sizeof (name), ".?LAST"); | ||
696 | } | ||
697 | |||
698 | result = MHD__asn1_write_value (ext, name, str, 1); | ||
699 | if (result != ASN1_SUCCESS) | ||
700 | { | ||
701 | MHD_gnutls_assert (); | ||
702 | return MHD_gtls_asn2err (result); | ||
703 | } | ||
704 | |||
705 | MHD_gtls_str_cat (name, sizeof (name), "."); | ||
706 | MHD_gtls_str_cat (name, sizeof (name), str); | ||
707 | |||
708 | result = MHD__asn1_write_value (ext, name, data_string, strlen (data_string)); | ||
709 | if (result != ASN1_SUCCESS) | ||
710 | { | ||
711 | MHD_gnutls_assert (); | ||
712 | MHD__asn1_delete_structure (&ext); | ||
713 | return MHD_gtls_asn2err (result); | ||
714 | } | ||
715 | |||
716 | return 0; | ||
717 | } | ||
718 | |||
719 | /* Convert the given name to GeneralNames in a DER encoded extension. | ||
720 | * This is the same as subject alternative name. | ||
721 | */ | ||
722 | int | ||
723 | MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t | ||
724 | type, const char *data_string, | ||
725 | MHD_gnutls_datum_t * der_ext) | ||
726 | { | ||
727 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
728 | int result; | ||
729 | |||
730 | result = | ||
731 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.GeneralNames", &ext); | ||
732 | if (result != ASN1_SUCCESS) | ||
733 | { | ||
734 | MHD_gnutls_assert (); | ||
735 | return MHD_gtls_asn2err (result); | ||
736 | } | ||
737 | |||
738 | result = write_new_general_name (ext, "", type, data_string); | ||
739 | if (result < 0) | ||
740 | { | ||
741 | MHD_gnutls_assert (); | ||
742 | MHD__asn1_delete_structure (&ext); | ||
743 | return result; | ||
744 | } | ||
745 | |||
746 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
747 | |||
748 | MHD__asn1_delete_structure (&ext); | ||
749 | |||
750 | if (result < 0) | ||
751 | { | ||
752 | MHD_gnutls_assert (); | ||
753 | return result; | ||
754 | } | ||
755 | |||
756 | return 0; | ||
757 | } | ||
758 | |||
759 | /* generate the SubjectKeyID in a DER encoded extension | ||
760 | */ | ||
761 | int | ||
762 | MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, | ||
763 | MHD_gnutls_datum_t * der_ext) | ||
764 | { | ||
765 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
766 | int result; | ||
767 | |||
768 | result = | ||
769 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
770 | "PKIX1.SubjectKeyIdentifier", &ext); | ||
771 | if (result != ASN1_SUCCESS) | ||
772 | { | ||
773 | MHD_gnutls_assert (); | ||
774 | return MHD_gtls_asn2err (result); | ||
775 | } | ||
776 | |||
777 | result = MHD__asn1_write_value (ext, "", id, id_size); | ||
778 | if (result != ASN1_SUCCESS) | ||
779 | { | ||
780 | MHD_gnutls_assert (); | ||
781 | MHD__asn1_delete_structure (&ext); | ||
782 | return MHD_gtls_asn2err (result); | ||
783 | } | ||
784 | |||
785 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
786 | |||
787 | MHD__asn1_delete_structure (&ext); | ||
788 | |||
789 | if (result < 0) | ||
790 | { | ||
791 | MHD_gnutls_assert (); | ||
792 | return result; | ||
793 | } | ||
794 | |||
795 | return 0; | ||
796 | } | ||
797 | |||
798 | /* generate the AuthorityKeyID in a DER encoded extension | ||
799 | */ | ||
800 | int | ||
801 | MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, | ||
802 | MHD_gnutls_datum_t * der_ext) | ||
803 | { | ||
804 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
805 | int result; | ||
806 | |||
807 | result = | ||
808 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
809 | "PKIX1.AuthorityKeyIdentifier", &ext); | ||
810 | if (result != ASN1_SUCCESS) | ||
811 | { | ||
812 | MHD_gnutls_assert (); | ||
813 | return MHD_gtls_asn2err (result); | ||
814 | } | ||
815 | |||
816 | result = MHD__asn1_write_value (ext, "keyIdentifier", id, id_size); | ||
817 | if (result != ASN1_SUCCESS) | ||
818 | { | ||
819 | MHD_gnutls_assert (); | ||
820 | MHD__asn1_delete_structure (&ext); | ||
821 | return MHD_gtls_asn2err (result); | ||
822 | } | ||
823 | |||
824 | MHD__asn1_write_value (ext, "authorityCertIssuer", NULL, 0); | ||
825 | MHD__asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0); | ||
826 | |||
827 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
828 | |||
829 | MHD__asn1_delete_structure (&ext); | ||
830 | |||
831 | if (result < 0) | ||
832 | { | ||
833 | MHD_gnutls_assert (); | ||
834 | return result; | ||
835 | } | ||
836 | |||
837 | return 0; | ||
838 | } | ||
839 | |||
840 | |||
841 | /* Creates and encodes the CRL Distribution points. data_string should be a name | ||
842 | * and type holds the type of the name. | ||
843 | * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. | ||
844 | * | ||
845 | */ | ||
846 | int | ||
847 | MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t | ||
848 | type, const void *data_string, | ||
849 | unsigned int reason_flags, | ||
850 | MHD_gnutls_datum_t * der_ext) | ||
851 | { | ||
852 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
853 | MHD_gnutls_datum_t gnames = { NULL, 0 }; | ||
854 | int result; | ||
855 | uint8_t reasons[2]; | ||
856 | |||
857 | reasons[0] = reason_flags & 0xff; | ||
858 | reasons[1] = reason_flags >> 8; | ||
859 | |||
860 | result = | ||
861 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
862 | "PKIX1.CRLDistributionPoints", &ext); | ||
863 | if (result != ASN1_SUCCESS) | ||
864 | { | ||
865 | MHD_gnutls_assert (); | ||
866 | result = MHD_gtls_asn2err (result); | ||
867 | goto cleanup; | ||
868 | } | ||
869 | |||
870 | result = MHD__asn1_write_value (ext, "", "NEW", 1); | ||
871 | if (result != ASN1_SUCCESS) | ||
872 | { | ||
873 | MHD_gnutls_assert (); | ||
874 | result = MHD_gtls_asn2err (result); | ||
875 | goto cleanup; | ||
876 | } | ||
877 | |||
878 | if (reason_flags) | ||
879 | { | ||
880 | result = MHD__asn1_write_value (ext, "?LAST.reasons", reasons, 9); | ||
881 | if (result != ASN1_SUCCESS) | ||
882 | { | ||
883 | MHD_gnutls_assert (); | ||
884 | result = MHD_gtls_asn2err (result); | ||
885 | goto cleanup; | ||
886 | } | ||
887 | } | ||
888 | else | ||
889 | { | ||
890 | result = MHD__asn1_write_value (ext, "?LAST.reasons", NULL, 0); | ||
891 | if (result != ASN1_SUCCESS) | ||
892 | { | ||
893 | MHD_gnutls_assert (); | ||
894 | result = MHD_gtls_asn2err (result); | ||
895 | goto cleanup; | ||
896 | } | ||
897 | } | ||
898 | |||
899 | result = MHD__asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0); | ||
900 | if (result != ASN1_SUCCESS) | ||
901 | { | ||
902 | MHD_gnutls_assert (); | ||
903 | result = MHD_gtls_asn2err (result); | ||
904 | goto cleanup; | ||
905 | } | ||
906 | |||
907 | /* When used as type CHOICE. | ||
908 | */ | ||
909 | result = MHD__asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1); | ||
910 | if (result != ASN1_SUCCESS) | ||
911 | { | ||
912 | MHD_gnutls_assert (); | ||
913 | result = MHD_gtls_asn2err (result); | ||
914 | goto cleanup; | ||
915 | } | ||
916 | |||
917 | #if 0 | ||
918 | /* only needed in old code (where defined as SEQUENCE OF) */ | ||
919 | MHD__asn1_write_value (ext, | ||
920 | "?LAST.distributionPoint.nameRelativeToCRLIssuer", | ||
921 | NULL, 0); | ||
922 | #endif | ||
923 | |||
924 | result = | ||
925 | write_new_general_name (ext, "?LAST.distributionPoint.fullName", | ||
926 | type, data_string); | ||
927 | if (result < 0) | ||
928 | { | ||
929 | MHD_gnutls_assert (); | ||
930 | goto cleanup; | ||
931 | } | ||
932 | |||
933 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
934 | |||
935 | if (result < 0) | ||
936 | { | ||
937 | MHD_gnutls_assert (); | ||
938 | goto cleanup; | ||
939 | } | ||
940 | |||
941 | result = 0; | ||
942 | |||
943 | cleanup: | ||
944 | MHD__gnutls_free_datum (&gnames); | ||
945 | MHD__asn1_delete_structure (&ext); | ||
946 | |||
947 | return result; | ||
948 | } | ||
949 | |||
950 | /* extract the proxyCertInfo from the DER encoded extension | ||
951 | */ | ||
952 | int | ||
953 | MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, | ||
954 | char **policyLanguage, | ||
955 | char **policy, | ||
956 | size_t * sizeof_policy, | ||
957 | opaque * extnValue, int extnValueLen) | ||
958 | { | ||
959 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
960 | int result; | ||
961 | MHD_gnutls_datum_t value; | ||
962 | |||
963 | if ((result = MHD__asn1_create_element | ||
964 | (MHD__gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS) | ||
965 | { | ||
966 | MHD_gnutls_assert (); | ||
967 | return MHD_gtls_asn2err (result); | ||
968 | } | ||
969 | |||
970 | result = MHD__asn1_der_decoding (&ext, extnValue, extnValueLen, NULL); | ||
971 | if (result != ASN1_SUCCESS) | ||
972 | { | ||
973 | MHD_gnutls_assert (); | ||
974 | MHD__asn1_delete_structure (&ext); | ||
975 | return MHD_gtls_asn2err (result); | ||
976 | } | ||
977 | |||
978 | if (pathLenConstraint) | ||
979 | { | ||
980 | result = MHD__gnutls_x509_read_uint (ext, "pCPathLenConstraint", | ||
981 | pathLenConstraint); | ||
982 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) | ||
983 | *pathLenConstraint = -1; | ||
984 | else if (result != GNUTLS_E_SUCCESS) | ||
985 | { | ||
986 | MHD__asn1_delete_structure (&ext); | ||
987 | return MHD_gtls_asn2err (result); | ||
988 | } | ||
989 | } | ||
990 | |||
991 | result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage", | ||
992 | &value, 0); | ||
993 | if (result < 0) | ||
994 | { | ||
995 | MHD_gnutls_assert (); | ||
996 | MHD__asn1_delete_structure (&ext); | ||
997 | return result; | ||
998 | } | ||
999 | |||
1000 | if (policyLanguage) | ||
1001 | *policyLanguage = MHD_gnutls_strdup (value.data); | ||
1002 | |||
1003 | result = MHD__gnutls_x509_read_value (ext, "proxyPolicy.policy", &value, 0); | ||
1004 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) | ||
1005 | { | ||
1006 | if (policy) | ||
1007 | *policy = NULL; | ||
1008 | if (sizeof_policy) | ||
1009 | *sizeof_policy = 0; | ||
1010 | } | ||
1011 | else if (result < 0) | ||
1012 | { | ||
1013 | MHD_gnutls_assert (); | ||
1014 | MHD__asn1_delete_structure (&ext); | ||
1015 | return result; | ||
1016 | } | ||
1017 | else | ||
1018 | { | ||
1019 | if (policy) | ||
1020 | *policy = value.data; | ||
1021 | if (sizeof_policy) | ||
1022 | *sizeof_policy = value.size; | ||
1023 | } | ||
1024 | |||
1025 | MHD__asn1_delete_structure (&ext); | ||
1026 | |||
1027 | return 0; | ||
1028 | } | ||
1029 | |||
1030 | /* generate the proxyCertInfo in a DER encoded extension | ||
1031 | */ | ||
1032 | int | ||
1033 | MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, | ||
1034 | const char *policyLanguage, | ||
1035 | const char *policy, | ||
1036 | size_t sizeof_policy, | ||
1037 | MHD_gnutls_datum_t * der_ext) | ||
1038 | { | ||
1039 | ASN1_TYPE ext = ASN1_TYPE_EMPTY; | ||
1040 | int result; | ||
1041 | |||
1042 | result = MHD__asn1_create_element (MHD__gnutls_get_pkix (), | ||
1043 | "PKIX1.ProxyCertInfo", &ext); | ||
1044 | if (result != ASN1_SUCCESS) | ||
1045 | { | ||
1046 | MHD_gnutls_assert (); | ||
1047 | return MHD_gtls_asn2err (result); | ||
1048 | } | ||
1049 | |||
1050 | if (pathLenConstraint < 0) | ||
1051 | { | ||
1052 | result = MHD__asn1_write_value (ext, "pCPathLenConstraint", NULL, 0); | ||
1053 | if (result < 0) | ||
1054 | result = MHD_gtls_asn2err (result); | ||
1055 | } | ||
1056 | else | ||
1057 | result = MHD__gnutls_x509_write_uint32 (ext, "pCPathLenConstraint", | ||
1058 | pathLenConstraint); | ||
1059 | if (result < 0) | ||
1060 | { | ||
1061 | MHD_gnutls_assert (); | ||
1062 | MHD__asn1_delete_structure (&ext); | ||
1063 | return result; | ||
1064 | } | ||
1065 | |||
1066 | result = MHD__asn1_write_value (ext, "proxyPolicy.policyLanguage", | ||
1067 | policyLanguage, 1); | ||
1068 | if (result < 0) | ||
1069 | { | ||
1070 | MHD_gnutls_assert (); | ||
1071 | MHD__asn1_delete_structure (&ext); | ||
1072 | return MHD_gtls_asn2err (result); | ||
1073 | } | ||
1074 | |||
1075 | result = MHD__asn1_write_value (ext, "proxyPolicy.policy", | ||
1076 | policy, sizeof_policy); | ||
1077 | if (result < 0) | ||
1078 | { | ||
1079 | MHD_gnutls_assert (); | ||
1080 | MHD__asn1_delete_structure (&ext); | ||
1081 | return MHD_gtls_asn2err (result); | ||
1082 | } | ||
1083 | |||
1084 | result = MHD__gnutls_x509_der_encode (ext, "", der_ext, 0); | ||
1085 | |||
1086 | MHD__asn1_delete_structure (&ext); | ||
1087 | |||
1088 | if (result < 0) | ||
1089 | { | ||
1090 | MHD_gnutls_assert (); | ||
1091 | return result; | ||
1092 | } | ||
1093 | |||
1094 | return 0; | ||
1095 | } | ||
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h index b314d0a7..a124290e 100644 --- a/src/daemon/https/x509/extensions.h +++ b/src/daemon/https/x509/extensions.h | |||
@@ -36,33 +36,3 @@ int MHD__gnutls_x509_ext_extract_basicConstraints (int *CA, | |||
36 | int *pathLenConstraint, | 36 | int *pathLenConstraint, |
37 | opaque * extnValue, | 37 | opaque * extnValue, |
38 | int extnValueLen); | 38 | int extnValueLen); |
39 | int MHD__gnutls_x509_crt_set_extension (MHD_gnutls_x509_crt_t cert, | ||
40 | const char *extension_id, | ||
41 | const MHD_gnutls_datum_t * ext_data, | ||
42 | unsigned int critical); | ||
43 | int MHD__gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, | ||
44 | MHD_gnutls_datum_t * der_ext); | ||
45 | int MHD__gnutls_x509_ext_gen_keyUsage (uint16_t usage, MHD_gnutls_datum_t * der_ext); | ||
46 | int MHD__gnutls_x509_ext_gen_subject_alt_name (MHD_gnutls_x509_subject_alt_name_t | ||
47 | type, const char *data_string, | ||
48 | MHD_gnutls_datum_t * der_ext); | ||
49 | int MHD__gnutls_x509_ext_gen_crl_dist_points (MHD_gnutls_x509_subject_alt_name_t | ||
50 | type, const void *data_string, | ||
51 | unsigned int reason_flags, | ||
52 | MHD_gnutls_datum_t * der_ext); | ||
53 | int MHD__gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, | ||
54 | MHD_gnutls_datum_t * der_data); | ||
55 | int MHD__gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, | ||
56 | MHD_gnutls_datum_t * der_data); | ||
57 | |||
58 | int MHD__gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, | ||
59 | char **policyLanguage, | ||
60 | char **policy, | ||
61 | size_t * sizeof_policy, | ||
62 | opaque * extnValue, | ||
63 | int extnValueLen); | ||
64 | int MHD__gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, | ||
65 | const char *policyLanguage, | ||
66 | const char *policy, | ||
67 | size_t sizeof_policy, | ||
68 | MHD_gnutls_datum_t * der_ext); | ||
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c index 8b89b038..eb3da891 100644 --- a/src/daemon/https/x509/sign.c +++ b/src/daemon/https/x509/sign.c | |||
@@ -103,7 +103,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | |||
103 | } | 103 | } |
104 | 104 | ||
105 | info->size = 0; | 105 | info->size = 0; |
106 | MHD__asn1_der_coding (dinfo, "", NULL, &info->size, NULL); | 106 | MHD__asn1_der_coding (dinfo, "", NULL, (int*) &info->size, NULL); |
107 | 107 | ||
108 | info->data = MHD_gnutls_malloc (info->size); | 108 | info->data = MHD_gnutls_malloc (info->size); |
109 | if (info->data == NULL) | 109 | if (info->data == NULL) |
@@ -113,7 +113,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | |||
113 | return GNUTLS_E_MEMORY_ERROR; | 113 | return GNUTLS_E_MEMORY_ERROR; |
114 | } | 114 | } |
115 | 115 | ||
116 | result = MHD__asn1_der_coding (dinfo, "", info->data, &info->size, NULL); | 116 | result = MHD__asn1_der_coding (dinfo, "", info->data, (int*) &info->size, NULL); |
117 | if (result != ASN1_SUCCESS) | 117 | if (result != ASN1_SUCCESS) |
118 | { | 118 | { |
119 | MHD_gnutls_assert (); | 119 | MHD_gnutls_assert (); |
@@ -185,7 +185,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, | |||
185 | * 'signature' will hold the signature! | 185 | * 'signature' will hold the signature! |
186 | * 'hash' is only used in PKCS1 RSA signing. | 186 | * 'hash' is only used in PKCS1 RSA signing. |
187 | */ | 187 | */ |
188 | int | 188 | static int |
189 | MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, | 189 | MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, |
190 | enum MHD_GNUTLS_HashAlgorithm hash, | 190 | enum MHD_GNUTLS_HashAlgorithm hash, |
191 | MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature) | 191 | MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature) |
@@ -255,93 +255,5 @@ MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, | |||
255 | return result; | 255 | return result; |
256 | } | 256 | } |
257 | 257 | ||
258 | /*- | ||
259 | * MHD__gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key | ||
260 | * @src: should contain an ASN1_TYPE | ||
261 | * @issuer: is the certificate of the certificate issuer | ||
262 | * @issuer_key: holds the issuer's private key | ||
263 | * | ||
264 | * This function will sign a CRL or a certificate with the issuer's private key, and | ||
265 | * will copy the issuer's information into the CRL or certificate. | ||
266 | * | ||
267 | * Returns 0 on success. | ||
268 | * | ||
269 | -*/ | ||
270 | int | ||
271 | MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | ||
272 | enum MHD_GNUTLS_HashAlgorithm dig, | ||
273 | MHD_gnutls_x509_crt_t issuer, | ||
274 | MHD_gnutls_x509_privkey_t issuer_key) | ||
275 | { | ||
276 | int result; | ||
277 | MHD_gnutls_datum_t signature; | ||
278 | char name[128]; | ||
279 | |||
280 | /* Step 1. Copy the issuer's name into the certificate. | ||
281 | */ | ||
282 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
283 | MHD_gtls_str_cat (name, sizeof (name), ".issuer"); | ||
284 | |||
285 | result = MHD__asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject"); | ||
286 | if (result != ASN1_SUCCESS) | ||
287 | { | ||
288 | MHD_gnutls_assert (); | ||
289 | return MHD_gtls_asn2err (result); | ||
290 | } | ||
291 | |||
292 | /* Step 1.5. Write the signature stuff in the tbsCertificate. | ||
293 | */ | ||
294 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
295 | MHD_gtls_str_cat (name, sizeof (name), ".signature"); | ||
296 | |||
297 | result = MHD__gnutls_x509_write_sig_params (src, name, | ||
298 | issuer_key->pk_algorithm, dig, | ||
299 | issuer_key->params, | ||
300 | issuer_key->params_size); | ||
301 | if (result < 0) | ||
302 | { | ||
303 | MHD_gnutls_assert (); | ||
304 | return result; | ||
305 | } | ||
306 | |||
307 | /* Step 2. Sign the certificate. | ||
308 | */ | ||
309 | result = MHD__gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature); | ||
310 | |||
311 | if (result < 0) | ||
312 | { | ||
313 | MHD_gnutls_assert (); | ||
314 | return result; | ||
315 | } | ||
316 | |||
317 | /* write the signature (bits) | ||
318 | */ | ||
319 | result = | ||
320 | MHD__asn1_write_value (src, "signature", signature.data, signature.size * 8); | ||
321 | |||
322 | MHD__gnutls_free_datum (&signature); | ||
323 | |||
324 | if (result != ASN1_SUCCESS) | ||
325 | { | ||
326 | MHD_gnutls_assert (); | ||
327 | return MHD_gtls_asn2err (result); | ||
328 | } | ||
329 | |||
330 | /* Step 3. Move up and write the AlgorithmIdentifier, which is also | ||
331 | * the same. | ||
332 | */ | ||
333 | |||
334 | result = MHD__gnutls_x509_write_sig_params (src, "signatureAlgorithm", | ||
335 | issuer_key->pk_algorithm, dig, | ||
336 | issuer_key->params, | ||
337 | issuer_key->params_size); | ||
338 | if (result < 0) | ||
339 | { | ||
340 | MHD_gnutls_assert (); | ||
341 | return result; | ||
342 | } | ||
343 | |||
344 | return 0; | ||
345 | } | ||
346 | 258 | ||
347 | #endif | 259 | #endif |
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h index b2f7d939..03993157 100644 --- a/src/daemon/https/x509/sign.h +++ b/src/daemon/https/x509/sign.h | |||
@@ -22,15 +22,7 @@ | |||
22 | * | 22 | * |
23 | */ | 23 | */ |
24 | 24 | ||
25 | int MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, | ||
26 | enum MHD_GNUTLS_HashAlgorithm hash, | ||
27 | MHD_gnutls_x509_privkey_t signer, | ||
28 | MHD_gnutls_datum_t * signature); | ||
29 | int MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, | 25 | int MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, |
30 | enum MHD_GNUTLS_HashAlgorithm hash, | 26 | enum MHD_GNUTLS_HashAlgorithm hash, |
31 | MHD_gnutls_x509_privkey_t signer, | 27 | MHD_gnutls_x509_privkey_t signer, |
32 | MHD_gnutls_datum_t * signature); | 28 | MHD_gnutls_datum_t * signature); |
33 | int MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | ||
34 | enum MHD_GNUTLS_HashAlgorithm, | ||
35 | MHD_gnutls_x509_crt_t issuer, | ||
36 | MHD_gnutls_x509_privkey_t issuer_key); | ||
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c index 599902ca..343030cc 100644 --- a/src/daemon/https/x509/x509.c +++ b/src/daemon/https/x509/x509.c | |||
@@ -71,62 +71,6 @@ MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert) | |||
71 | return 0; /* success */ | 71 | return 0; /* success */ |
72 | } | 72 | } |
73 | 73 | ||
74 | /*- | ||
75 | * MHD__gnutls_x509_crt_cpy - This function copies a MHD_gnutls_x509_crt_t structure | ||
76 | * @dest: The structure where to copy | ||
77 | * @src: The structure to be copied | ||
78 | * | ||
79 | * This function will copy an X.509 certificate structure. | ||
80 | * | ||
81 | * Returns 0 on success. | ||
82 | * | ||
83 | -*/ | ||
84 | int | ||
85 | MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src) | ||
86 | { | ||
87 | int ret; | ||
88 | size_t der_size; | ||
89 | opaque *der; | ||
90 | MHD_gnutls_datum_t tmp; | ||
91 | |||
92 | ret = MHD_gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size); | ||
93 | if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) | ||
94 | { | ||
95 | MHD_gnutls_assert (); | ||
96 | return ret; | ||
97 | } | ||
98 | |||
99 | der = MHD_gnutls_alloca (der_size); | ||
100 | if (der == NULL) | ||
101 | { | ||
102 | MHD_gnutls_assert (); | ||
103 | return GNUTLS_E_MEMORY_ERROR; | ||
104 | } | ||
105 | |||
106 | ret = MHD_gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size); | ||
107 | if (ret < 0) | ||
108 | { | ||
109 | MHD_gnutls_assert (); | ||
110 | MHD_gnutls_afree (der); | ||
111 | return ret; | ||
112 | } | ||
113 | |||
114 | tmp.data = der; | ||
115 | tmp.size = der_size; | ||
116 | ret = MHD_gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER); | ||
117 | |||
118 | MHD_gnutls_afree (der); | ||
119 | |||
120 | if (ret < 0) | ||
121 | { | ||
122 | MHD_gnutls_assert (); | ||
123 | return ret; | ||
124 | } | ||
125 | |||
126 | return 0; | ||
127 | |||
128 | } | ||
129 | |||
130 | /** | 74 | /** |
131 | * MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure | 75 | * MHD_gnutls_x509_crt_deinit - This function deinitializes memory used by a MHD_gnutls_x509_crt_t structure |
132 | * @cert: The structure to be initialized | 76 | * @cert: The structure to be initialized |
@@ -233,149 +177,6 @@ cleanup:MHD_gnutls_free (signature); | |||
233 | } | 177 | } |
234 | 178 | ||
235 | /** | 179 | /** |
236 | * MHD_gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name | ||
237 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
238 | * @buf: a pointer to a structure to hold the name (may be null) | ||
239 | * @sizeof_buf: initially holds the size of @buf | ||
240 | * | ||
241 | * This function will copy the name of the Certificate issuer in the | ||
242 | * provided buffer. The name will be in the form | ||
243 | * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string | ||
244 | * will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
245 | * | ||
246 | * If @buf is null then only the size will be filled. | ||
247 | * | ||
248 | * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
249 | * long enough, and in that case the *sizeof_buf will be updated with | ||
250 | * the required size. On success 0 is returned. | ||
251 | * | ||
252 | **/ | ||
253 | int | ||
254 | MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert, | ||
255 | char *buf, size_t * sizeof_buf) | ||
256 | { | ||
257 | if (cert == NULL) | ||
258 | { | ||
259 | MHD_gnutls_assert (); | ||
260 | return GNUTLS_E_INVALID_REQUEST; | ||
261 | } | ||
262 | |||
263 | return MHD__gnutls_x509_parse_dn (cert->cert, | ||
264 | "tbsCertificate.issuer.rdnSequence", buf, | ||
265 | sizeof_buf); | ||
266 | } | ||
267 | |||
268 | /** | ||
269 | * MHD_gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name | ||
270 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
271 | * @oid: holds an Object Identified in null terminated string | ||
272 | * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. | ||
273 | * @raw_flag: If non zero returns the raw DER data of the DN part. | ||
274 | * @buf: a pointer to a structure to hold the name (may be null) | ||
275 | * @sizeof_buf: initially holds the size of @buf | ||
276 | * | ||
277 | * This function will extract the part of the name of the Certificate | ||
278 | * issuer specified by the given OID. The output, if the raw flag is not | ||
279 | * used, will be encoded as described in RFC2253. Thus a string that is | ||
280 | * ASCII or UTF-8 encoded, depending on the certificate data. | ||
281 | * | ||
282 | * Some helper macros with popular OIDs can be found in gnutls/x509.h | ||
283 | * If raw flag is zero, this function will only return known OIDs as | ||
284 | * text. Other OIDs will be DER encoded, as described in RFC2253 -- | ||
285 | * in hex format with a '\#' prefix. You can check about known OIDs | ||
286 | * using MHD_gnutls_x509_dn_oid_known(). | ||
287 | * | ||
288 | * If @buf is null then only the size will be filled. | ||
289 | * | ||
290 | * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
291 | * long enough, and in that case the *sizeof_buf will be updated with | ||
292 | * the required size. On success 0 is returned. | ||
293 | * | ||
294 | **/ | ||
295 | int | ||
296 | MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert, | ||
297 | const char *oid, | ||
298 | int indx, | ||
299 | unsigned int raw_flag, | ||
300 | void *buf, size_t * sizeof_buf) | ||
301 | { | ||
302 | if (cert == NULL) | ||
303 | { | ||
304 | MHD_gnutls_assert (); | ||
305 | return GNUTLS_E_INVALID_REQUEST; | ||
306 | } | ||
307 | |||
308 | return MHD__gnutls_x509_parse_dn_oid (cert->cert, | ||
309 | "tbsCertificate.issuer.rdnSequence", oid, | ||
310 | indx, raw_flag, buf, sizeof_buf); | ||
311 | } | ||
312 | |||
313 | /** | ||
314 | * MHD_gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs | ||
315 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
316 | * @indx: This specifies which OID to return. Use zero to get the first one. | ||
317 | * @oid: a pointer to a buffer to hold the OID (may be null) | ||
318 | * @sizeof_oid: initially holds the size of @oid | ||
319 | * | ||
320 | * This function will extract the OIDs of the name of the Certificate | ||
321 | * issuer specified by the given index. | ||
322 | * | ||
323 | * If @oid is null then only the size will be filled. | ||
324 | * | ||
325 | * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
326 | * long enough, and in that case the *sizeof_oid will be updated with | ||
327 | * the required size. On success 0 is returned. | ||
328 | * | ||
329 | **/ | ||
330 | int | ||
331 | MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert, | ||
332 | int indx, void *oid, size_t * sizeof_oid) | ||
333 | { | ||
334 | if (cert == NULL) | ||
335 | { | ||
336 | MHD_gnutls_assert (); | ||
337 | return GNUTLS_E_INVALID_REQUEST; | ||
338 | } | ||
339 | |||
340 | return MHD__gnutls_x509_get_dn_oid (cert->cert, | ||
341 | "tbsCertificate.issuer.rdnSequence", indx, | ||
342 | oid, sizeof_oid); | ||
343 | } | ||
344 | |||
345 | /** | ||
346 | * MHD_gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name | ||
347 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
348 | * @buf: a pointer to a structure to hold the name (may be null) | ||
349 | * @sizeof_buf: initially holds the size of @buf | ||
350 | * | ||
351 | * This function will copy the name of the Certificate in the | ||
352 | * provided buffer. The name will be in the form | ||
353 | * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string | ||
354 | * will be ASCII or UTF-8 encoded, depending on the certificate data. | ||
355 | * | ||
356 | * If @buf is null then only the size will be filled. | ||
357 | * | ||
358 | * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
359 | * long enough, and in that case the *sizeof_buf will be updated with | ||
360 | * the required size. On success 0 is returned. | ||
361 | * | ||
362 | **/ | ||
363 | int | ||
364 | MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert, | ||
365 | char *buf, size_t * sizeof_buf) | ||
366 | { | ||
367 | if (cert == NULL) | ||
368 | { | ||
369 | MHD_gnutls_assert (); | ||
370 | return GNUTLS_E_INVALID_REQUEST; | ||
371 | } | ||
372 | |||
373 | return MHD__gnutls_x509_parse_dn (cert->cert, | ||
374 | "tbsCertificate.subject.rdnSequence", buf, | ||
375 | sizeof_buf); | ||
376 | } | ||
377 | |||
378 | /** | ||
379 | * MHD_gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name | 180 | * MHD_gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name |
380 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | 181 | * @cert: should contain a MHD_gnutls_x509_crt_t structure |
381 | * @oid: holds an Object Identified in null terminated string | 182 | * @oid: holds an Object Identified in null terminated string |
@@ -421,38 +222,6 @@ MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert, | |||
421 | } | 222 | } |
422 | 223 | ||
423 | /** | 224 | /** |
424 | * MHD_gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs | ||
425 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
426 | * @indx: This specifies which OID to return. Use zero to get the first one. | ||
427 | * @oid: a pointer to a buffer to hold the OID (may be null) | ||
428 | * @sizeof_oid: initially holds the size of @oid | ||
429 | * | ||
430 | * This function will extract the OIDs of the name of the Certificate | ||
431 | * subject specified by the given index. | ||
432 | * | ||
433 | * If oid is null then only the size will be filled. | ||
434 | * | ||
435 | * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not | ||
436 | * long enough, and in that case the *sizeof_oid will be updated with | ||
437 | * the required size. On success 0 is returned. | ||
438 | * | ||
439 | **/ | ||
440 | int | ||
441 | MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert, | ||
442 | int indx, void *oid, size_t * sizeof_oid) | ||
443 | { | ||
444 | if (cert == NULL) | ||
445 | { | ||
446 | MHD_gnutls_assert (); | ||
447 | return GNUTLS_E_INVALID_REQUEST; | ||
448 | } | ||
449 | |||
450 | return MHD__gnutls_x509_get_dn_oid (cert->cert, | ||
451 | "tbsCertificate.subject.rdnSequence", indx, | ||
452 | oid, sizeof_oid); | ||
453 | } | ||
454 | |||
455 | /** | ||
456 | * MHD_gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm | 225 | * MHD_gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm |
457 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | 226 | * @cert: should contain a MHD_gnutls_x509_crt_t structure |
458 | * | 227 | * |
@@ -671,179 +440,6 @@ MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, | |||
671 | return 0; | 440 | return 0; |
672 | } | 441 | } |
673 | 442 | ||
674 | /** | ||
675 | * MHD_gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier | ||
676 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
677 | * @ret: The place where the identifier will be copied | ||
678 | * @ret_size: Holds the size of the result field. | ||
679 | * @critical: will be non zero if the extension is marked as critical (may be null) | ||
680 | * | ||
681 | * This function will return the X.509v3 certificate's subject key identifier. | ||
682 | * This is obtained by the X.509 Subject Key identifier extension | ||
683 | * field (2.5.29.14). | ||
684 | * | ||
685 | * Returns 0 on success and a negative value in case of an error. | ||
686 | * | ||
687 | **/ | ||
688 | int | ||
689 | MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert, | ||
690 | void *ret, | ||
691 | size_t * ret_size, unsigned int *critical) | ||
692 | { | ||
693 | int result, len; | ||
694 | MHD_gnutls_datum_t id; | ||
695 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
696 | |||
697 | if (cert == NULL) | ||
698 | { | ||
699 | MHD_gnutls_assert (); | ||
700 | return GNUTLS_E_INVALID_REQUEST; | ||
701 | } | ||
702 | |||
703 | if (ret) | ||
704 | memset (ret, 0, *ret_size); | ||
705 | else | ||
706 | *ret_size = 0; | ||
707 | |||
708 | if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id, | ||
709 | critical)) < 0) | ||
710 | { | ||
711 | return result; | ||
712 | } | ||
713 | |||
714 | if (id.size == 0 || id.data == NULL) | ||
715 | { | ||
716 | MHD_gnutls_assert (); | ||
717 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
718 | } | ||
719 | |||
720 | result = | ||
721 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", | ||
722 | &c2); | ||
723 | if (result != ASN1_SUCCESS) | ||
724 | { | ||
725 | MHD_gnutls_assert (); | ||
726 | MHD__gnutls_free_datum (&id); | ||
727 | return MHD_gtls_asn2err (result); | ||
728 | } | ||
729 | |||
730 | result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL); | ||
731 | MHD__gnutls_free_datum (&id); | ||
732 | |||
733 | if (result != ASN1_SUCCESS) | ||
734 | { | ||
735 | MHD_gnutls_assert (); | ||
736 | MHD__asn1_delete_structure (&c2); | ||
737 | return MHD_gtls_asn2err (result); | ||
738 | } | ||
739 | |||
740 | len = *ret_size; | ||
741 | result = MHD__asn1_read_value (c2, "", ret, &len); | ||
742 | |||
743 | *ret_size = len; | ||
744 | MHD__asn1_delete_structure (&c2); | ||
745 | |||
746 | if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) | ||
747 | { | ||
748 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
749 | } | ||
750 | |||
751 | if (result != ASN1_SUCCESS) | ||
752 | { | ||
753 | MHD_gnutls_assert (); | ||
754 | return MHD_gtls_asn2err (result); | ||
755 | } | ||
756 | |||
757 | return 0; | ||
758 | } | ||
759 | |||
760 | /** | ||
761 | * MHD_gnutls_x509_crt_get_authority_key_id - This function returns the certificate authority's identifier | ||
762 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
763 | * @result: The place where the identifier will be copied | ||
764 | * @result_size: Holds the size of the result field. | ||
765 | * @critical: will be non zero if the extension is marked as critical (may be null) | ||
766 | * | ||
767 | * This function will return the X.509v3 certificate authority's key identifier. | ||
768 | * This is obtained by the X.509 Authority Key identifier extension | ||
769 | * field (2.5.29.35). Note that this function only returns the keyIdentifier | ||
770 | * field of the extension. | ||
771 | * | ||
772 | * Returns 0 on success and a negative value in case of an error. | ||
773 | * | ||
774 | **/ | ||
775 | int | ||
776 | MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert, | ||
777 | void *ret, | ||
778 | size_t * ret_size, | ||
779 | unsigned int *critical) | ||
780 | { | ||
781 | int result, len; | ||
782 | MHD_gnutls_datum_t id; | ||
783 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
784 | |||
785 | if (cert == NULL) | ||
786 | { | ||
787 | MHD_gnutls_assert (); | ||
788 | return GNUTLS_E_INVALID_REQUEST; | ||
789 | } | ||
790 | |||
791 | if (ret) | ||
792 | memset (ret, 0, *ret_size); | ||
793 | else | ||
794 | *ret_size = 0; | ||
795 | |||
796 | if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id, | ||
797 | critical)) < 0) | ||
798 | { | ||
799 | return result; | ||
800 | } | ||
801 | |||
802 | if (id.size == 0 || id.data == NULL) | ||
803 | { | ||
804 | MHD_gnutls_assert (); | ||
805 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
806 | } | ||
807 | |||
808 | result = | ||
809 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", | ||
810 | &c2); | ||
811 | if (result != ASN1_SUCCESS) | ||
812 | { | ||
813 | MHD_gnutls_assert (); | ||
814 | MHD__gnutls_free_datum (&id); | ||
815 | return MHD_gtls_asn2err (result); | ||
816 | } | ||
817 | |||
818 | result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL); | ||
819 | MHD__gnutls_free_datum (&id); | ||
820 | |||
821 | if (result != ASN1_SUCCESS) | ||
822 | { | ||
823 | MHD_gnutls_assert (); | ||
824 | MHD__asn1_delete_structure (&c2); | ||
825 | return MHD_gtls_asn2err (result); | ||
826 | } | ||
827 | |||
828 | len = *ret_size; | ||
829 | result = MHD__asn1_read_value (c2, "keyIdentifier", ret, &len); | ||
830 | |||
831 | *ret_size = len; | ||
832 | MHD__asn1_delete_structure (&c2); | ||
833 | |||
834 | if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) | ||
835 | { | ||
836 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
837 | } | ||
838 | |||
839 | if (result != ASN1_SUCCESS) | ||
840 | { | ||
841 | MHD_gnutls_assert (); | ||
842 | return MHD_gtls_asn2err (result); | ||
843 | } | ||
844 | |||
845 | return 0; | ||
846 | } | ||
847 | 443 | ||
848 | /** | 444 | /** |
849 | * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm | 445 | * MHD_gnutls_x509_crt_get_pk_algorithm - This function returns the certificate's PublicKey algorithm |
@@ -1194,70 +790,6 @@ MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert, | |||
1194 | } | 790 | } |
1195 | 791 | ||
1196 | /** | 792 | /** |
1197 | * MHD_gnutls_x509_crt_get_subject_alt_name2 - Get certificate's alternative name, if any | ||
1198 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1199 | * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) | ||
1200 | * @ret: is the place where the alternative name will be copied to | ||
1201 | * @ret_size: holds the size of ret. | ||
1202 | * @ret_type: holds the type of the alternative name (one of MHD_gnutls_x509_subject_alt_name_t). | ||
1203 | * @critical: will be non zero if the extension is marked as critical (may be null) | ||
1204 | * | ||
1205 | * This function will return the alternative names, contained in the | ||
1206 | * given certificate. It is the same as MHD_gnutls_x509_crt_get_subject_alt_name() | ||
1207 | * except for the fact that it will return the type of the alternative | ||
1208 | * name in @ret_type even if the function fails for some reason (i.e. | ||
1209 | * the buffer provided is not enough). | ||
1210 | * | ||
1211 | * The return values are the same as with MHD_gnutls_x509_crt_get_subject_alt_name(). | ||
1212 | * | ||
1213 | **/ | ||
1214 | int | ||
1215 | MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert, | ||
1216 | unsigned int seq, | ||
1217 | void *ret, | ||
1218 | size_t * ret_size, | ||
1219 | unsigned int *ret_type, | ||
1220 | unsigned int *critical) | ||
1221 | { | ||
1222 | return get_subject_alt_name (cert, seq, ret, ret_size, ret_type, critical, | ||
1223 | 0); | ||
1224 | } | ||
1225 | |||
1226 | /** | ||
1227 | * MHD_gnutls_x509_crt_get_subject_alt_othername_oid - Get SAN otherName OID | ||
1228 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1229 | * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) | ||
1230 | * @ret: is the place where the otherName OID will be copied to | ||
1231 | * @ret_size: holds the size of ret. | ||
1232 | * | ||
1233 | * This function will extract the type OID of an otherName Subject | ||
1234 | * Alternative Name, contained in the given certificate, and return | ||
1235 | * the type as an enumerated element. | ||
1236 | * | ||
1237 | * This function is only useful if | ||
1238 | * MHD_gnutls_x509_crt_get_subject_alt_name() returned | ||
1239 | * %GNUTLS_SAN_OTHERNAME. | ||
1240 | * | ||
1241 | * Returns the alternative subject name type on success. The type is | ||
1242 | * one of the enumerated MHD_gnutls_x509_subject_alt_name_t. For | ||
1243 | * supported OIDs, it will return one of the virtual | ||
1244 | * (GNUTLS_SAN_OTHERNAME_*) types, e.g. %GNUTLS_SAN_OTHERNAME_XMPP, | ||
1245 | * and %GNUTLS_SAN_OTHERNAME for unknown OIDs. It will return | ||
1246 | * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to | ||
1247 | * hold the value. In that case @ret_size will be updated with the | ||
1248 | * required size. If the certificate does not have an Alternative | ||
1249 | * name with the specified sequence number and with the otherName type | ||
1250 | * then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. | ||
1251 | **/ | ||
1252 | int | ||
1253 | MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert, | ||
1254 | unsigned int seq, | ||
1255 | void *ret, size_t * ret_size) | ||
1256 | { | ||
1257 | return get_subject_alt_name (cert, seq, ret, ret_size, NULL, NULL, 1); | ||
1258 | } | ||
1259 | |||
1260 | /** | ||
1261 | * MHD_gnutls_x509_crt_get_basic_constraints - This function returns the certificate basic constraints | 793 | * MHD_gnutls_x509_crt_get_basic_constraints - This function returns the certificate basic constraints |
1262 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | 794 | * @cert: should contain a MHD_gnutls_x509_crt_t structure |
1263 | * @critical: will be non zero if the extension is marked as critical | 795 | * @critical: will be non zero if the extension is marked as critical |
@@ -1277,7 +809,7 @@ MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert, | |||
1277 | * certificate does not contain the basicConstraints extension | 809 | * certificate does not contain the basicConstraints extension |
1278 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | 810 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. |
1279 | **/ | 811 | **/ |
1280 | int | 812 | static int |
1281 | MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert, | 813 | MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert, |
1282 | unsigned int *critical, | 814 | unsigned int *critical, |
1283 | int *ca, int *pathlen) | 815 | int *ca, int *pathlen) |
@@ -1409,66 +941,6 @@ MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert, | |||
1409 | return 0; | 941 | return 0; |
1410 | } | 942 | } |
1411 | 943 | ||
1412 | /** | ||
1413 | * MHD_gnutls_x509_crt_get_proxy - This function returns the proxy certificate info | ||
1414 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1415 | * @critical: will be non zero if the extension is marked as critical | ||
1416 | * @pathlen: pointer to output integer indicating path length (may be | ||
1417 | * NULL), non-negative values indicate a present pCPathLenConstraint | ||
1418 | * field and the actual value, -1 indicate that the field is absent. | ||
1419 | * | ||
1420 | * This function will read the certificate's basic constraints, and | ||
1421 | * return the certificates CA status. It reads the basicConstraints | ||
1422 | * X.509 extension (2.5.29.19). | ||
1423 | * | ||
1424 | * Return value: If the certificate is a CA a positive value will be | ||
1425 | * returned, or zero if the certificate does not have CA flag set. A | ||
1426 | * negative value may be returned in case of errors. If the | ||
1427 | * certificate does not contain the basicConstraints extension | ||
1428 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
1429 | **/ | ||
1430 | int | ||
1431 | MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert, | ||
1432 | unsigned int *critical, | ||
1433 | int *pathlen, | ||
1434 | char **policyLanguage, | ||
1435 | char **policy, size_t * sizeof_policy) | ||
1436 | { | ||
1437 | int result; | ||
1438 | MHD_gnutls_datum_t proxyCertInfo; | ||
1439 | |||
1440 | if (cert == NULL) | ||
1441 | { | ||
1442 | MHD_gnutls_assert (); | ||
1443 | return GNUTLS_E_INVALID_REQUEST; | ||
1444 | } | ||
1445 | |||
1446 | if ((result = MHD__gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0, | ||
1447 | &proxyCertInfo, | ||
1448 | critical)) < 0) | ||
1449 | { | ||
1450 | return result; | ||
1451 | } | ||
1452 | |||
1453 | if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL) | ||
1454 | { | ||
1455 | MHD_gnutls_assert (); | ||
1456 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
1457 | } | ||
1458 | |||
1459 | result = MHD__gnutls_x509_ext_extract_proxyCertInfo (pathlen, policyLanguage, | ||
1460 | policy, sizeof_policy, | ||
1461 | proxyCertInfo.data, | ||
1462 | proxyCertInfo.size); | ||
1463 | MHD__gnutls_free_datum (&proxyCertInfo); | ||
1464 | if (result < 0) | ||
1465 | { | ||
1466 | MHD_gnutls_assert (); | ||
1467 | return result; | ||
1468 | } | ||
1469 | |||
1470 | return 0; | ||
1471 | } | ||
1472 | 944 | ||
1473 | /** | 945 | /** |
1474 | * MHD_gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension | 946 | * MHD_gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension |
@@ -1488,7 +960,7 @@ MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert, | |||
1488 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | 960 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. |
1489 | * | 961 | * |
1490 | **/ | 962 | **/ |
1491 | int | 963 | static int |
1492 | MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert, | 964 | MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert, |
1493 | const char *oid, | 965 | const char *oid, |
1494 | int indx, | 966 | int indx, |
@@ -1536,167 +1008,6 @@ MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert, | |||
1536 | 1008 | ||
1537 | } | 1009 | } |
1538 | 1010 | ||
1539 | /** | ||
1540 | * MHD_gnutls_x509_crt_get_extension_oid - This function returns the specified extension OID | ||
1541 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1542 | * @indx: Specifies which extension OID to send. Use zero to get the first one. | ||
1543 | * @oid: a pointer to a structure to hold the OID (may be null) | ||
1544 | * @sizeof_oid: initially holds the size of @oid | ||
1545 | * | ||
1546 | * This function will return the requested extension OID in the certificate. | ||
1547 | * The extension OID will be stored as a string in the provided buffer. | ||
1548 | * | ||
1549 | * A negative value may be returned in case of parsing error. | ||
1550 | * If your have reached the last extension available | ||
1551 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
1552 | * | ||
1553 | **/ | ||
1554 | int | ||
1555 | MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert, | ||
1556 | int indx, void *oid, size_t * sizeof_oid) | ||
1557 | { | ||
1558 | int result; | ||
1559 | |||
1560 | if (cert == NULL) | ||
1561 | { | ||
1562 | MHD_gnutls_assert (); | ||
1563 | return GNUTLS_E_INVALID_REQUEST; | ||
1564 | } | ||
1565 | |||
1566 | result = MHD__gnutls_x509_crt_get_extension_oid (cert, indx, oid, sizeof_oid); | ||
1567 | if (result < 0) | ||
1568 | { | ||
1569 | return result; | ||
1570 | } | ||
1571 | |||
1572 | return 0; | ||
1573 | |||
1574 | } | ||
1575 | |||
1576 | /** | ||
1577 | * MHD_gnutls_x509_crt_get_extension_info - Get extension id and criticality | ||
1578 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1579 | * @indx: Specifies which extension OID to send. Use zero to get the first one. | ||
1580 | * @oid: a pointer to a structure to hold the OID | ||
1581 | * @sizeof_oid: initially holds the size of @oid | ||
1582 | * @critical: output variable with critical flag, may be NULL. | ||
1583 | * | ||
1584 | * This function will return the requested extension OID in the | ||
1585 | * certificate, and the critical flag for it. The extension OID will | ||
1586 | * be stored as a string in the provided buffer. Use | ||
1587 | * MHD_gnutls_x509_crt_get_extension_data() to extract the data. | ||
1588 | * | ||
1589 | * Return 0 on success. A negative value may be returned in case of | ||
1590 | * parsing error. If you have reached the last extension available | ||
1591 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
1592 | * | ||
1593 | **/ | ||
1594 | int | ||
1595 | MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert, | ||
1596 | int indx, | ||
1597 | void *oid, | ||
1598 | size_t * sizeof_oid, int *critical) | ||
1599 | { | ||
1600 | int result; | ||
1601 | char str_critical[10]; | ||
1602 | char name[MAX_NAME_SIZE]; | ||
1603 | int len; | ||
1604 | |||
1605 | if (!cert) | ||
1606 | { | ||
1607 | MHD_gnutls_assert (); | ||
1608 | return GNUTLS_E_INVALID_REQUEST; | ||
1609 | } | ||
1610 | |||
1611 | snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID", | ||
1612 | indx + 1); | ||
1613 | |||
1614 | len = *sizeof_oid; | ||
1615 | result = MHD__asn1_read_value (cert->cert, name, oid, &len); | ||
1616 | *sizeof_oid = len; | ||
1617 | |||
1618 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
1619 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
1620 | else if (result < 0) | ||
1621 | { | ||
1622 | MHD_gnutls_assert (); | ||
1623 | return MHD_gtls_asn2err (result); | ||
1624 | } | ||
1625 | |||
1626 | snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical", | ||
1627 | indx + 1); | ||
1628 | len = sizeof (str_critical); | ||
1629 | result = MHD__asn1_read_value (cert->cert, name, str_critical, &len); | ||
1630 | if (result < 0) | ||
1631 | { | ||
1632 | MHD_gnutls_assert (); | ||
1633 | return MHD_gtls_asn2err (result); | ||
1634 | } | ||
1635 | |||
1636 | if (critical) | ||
1637 | { | ||
1638 | if (str_critical[0] == 'T') | ||
1639 | *critical = 1; | ||
1640 | else | ||
1641 | *critical = 0; | ||
1642 | } | ||
1643 | |||
1644 | return 0; | ||
1645 | |||
1646 | } | ||
1647 | |||
1648 | /** | ||
1649 | * MHD_gnutls_x509_crt_get_extension_data - Get the specified extension data | ||
1650 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1651 | * @indx: Specifies which extension OID to send. Use zero to get the first one. | ||
1652 | * @data: a pointer to a structure to hold the data (may be null) | ||
1653 | * @sizeof_data: initially holds the size of @oid | ||
1654 | * | ||
1655 | * This function will return the requested extension data in the | ||
1656 | * certificate. The extension data will be stored as a string in the | ||
1657 | * provided buffer. | ||
1658 | * | ||
1659 | * Use MHD_gnutls_x509_crt_get_extension_info() to extract the OID and | ||
1660 | * critical flag. Use MHD_gnutls_x509_crt_get_extension_by_oid() instead, | ||
1661 | * if you want to get data indexed by the extension OID rather than | ||
1662 | * sequence. | ||
1663 | * | ||
1664 | * Return 0 on success. A negative value may be returned in case of | ||
1665 | * parsing error. If you have reached the last extension available | ||
1666 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | ||
1667 | **/ | ||
1668 | int | ||
1669 | MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert, | ||
1670 | int indx, | ||
1671 | void *data, size_t * sizeof_data) | ||
1672 | { | ||
1673 | int result, len; | ||
1674 | char name[MAX_NAME_SIZE]; | ||
1675 | |||
1676 | if (!cert) | ||
1677 | { | ||
1678 | MHD_gnutls_assert (); | ||
1679 | return GNUTLS_E_INVALID_REQUEST; | ||
1680 | } | ||
1681 | |||
1682 | snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue", | ||
1683 | indx + 1); | ||
1684 | |||
1685 | len = *sizeof_data; | ||
1686 | result = MHD__asn1_read_value (cert->cert, name, data, &len); | ||
1687 | *sizeof_data = len; | ||
1688 | |||
1689 | if (result == ASN1_ELEMENT_NOT_FOUND) | ||
1690 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
1691 | else if (result < 0) | ||
1692 | { | ||
1693 | MHD_gnutls_assert (); | ||
1694 | return MHD_gtls_asn2err (result); | ||
1695 | } | ||
1696 | |||
1697 | return 0; | ||
1698 | } | ||
1699 | |||
1700 | static int | 1011 | static int |
1701 | MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert, | 1012 | MHD__gnutls_x509_crt_get_raw_dn2 (MHD_gnutls_x509_crt_t cert, |
1702 | const char *whom, MHD_gnutls_datum_t * start) | 1013 | const char *whom, MHD_gnutls_datum_t * start) |
@@ -1817,171 +1128,6 @@ MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, MHD_gnutls_x509_dn_ | |||
1817 | } | 1128 | } |
1818 | 1129 | ||
1819 | /** | 1130 | /** |
1820 | * MHD_gnutls_x509_crt_get_issuer: get opaque issuer DN pointer | ||
1821 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1822 | * @dn: output variable with pointer to opaque DN | ||
1823 | * | ||
1824 | * Return the Certificate's Issuer DN as an opaque data type. You may | ||
1825 | * use MHD_gnutls_x509_dn_get_rdn_ava() to decode the DN. | ||
1826 | * | ||
1827 | * Note that @dn points into the @cert object, and thus you may not | ||
1828 | * deallocate @cert and continue to access @dn. | ||
1829 | * | ||
1830 | * Returns: Returns 0 on success, or an error code. | ||
1831 | **/ | ||
1832 | int | ||
1833 | MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert, MHD_gnutls_x509_dn_t * dn) | ||
1834 | { | ||
1835 | return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn); | ||
1836 | } | ||
1837 | |||
1838 | /** | ||
1839 | * MHD_gnutls_x509_dn_get_rdn_ava: | ||
1840 | * @dn: input variable with opaque DN pointer | ||
1841 | * @irdn: index of RDN | ||
1842 | * @iava: index of AVA. | ||
1843 | * @ava: Pointer to structure which will hold output information. | ||
1844 | * | ||
1845 | * Get pointers to data within the DN. | ||
1846 | * | ||
1847 | * Note that @ava will contain pointers into the @dn structure, so you | ||
1848 | * should not modify any data or deallocate it. Note also that the DN | ||
1849 | * in turn points into the original certificate structure, and thus | ||
1850 | * you may not deallocate the certificate and continue to access @dn. | ||
1851 | * | ||
1852 | * Returns: Returns 0 on success, or an error code. | ||
1853 | **/ | ||
1854 | int | ||
1855 | MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn, | ||
1856 | int irdn, int iava, MHD_gnutls_x509_ava_st * ava) | ||
1857 | { | ||
1858 | ASN1_TYPE rdn, elem; | ||
1859 | long len; | ||
1860 | int lenlen, remlen, ret; | ||
1861 | char rbuf[MAX_NAME_SIZE]; | ||
1862 | unsigned char cls, *ptr; | ||
1863 | |||
1864 | iava++; | ||
1865 | irdn++; /* 0->1, 1->2 etc */ | ||
1866 | |||
1867 | snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava); | ||
1868 | rdn = MHD__asn1_find_node (dn, rbuf); | ||
1869 | if (!rdn) | ||
1870 | { | ||
1871 | MHD_gnutls_assert (); | ||
1872 | return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; | ||
1873 | } | ||
1874 | |||
1875 | snprintf (rbuf, sizeof (rbuf), "?%d.type", iava); | ||
1876 | elem = MHD__asn1_find_node (rdn, rbuf); | ||
1877 | if (!elem) | ||
1878 | { | ||
1879 | MHD_gnutls_assert (); | ||
1880 | return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; | ||
1881 | } | ||
1882 | |||
1883 | ava->oid.data = elem->value; | ||
1884 | ava->oid.size = elem->value_len; | ||
1885 | |||
1886 | snprintf (rbuf, sizeof (rbuf), "?%d.value", iava); | ||
1887 | elem = MHD__asn1_find_node (rdn, rbuf); | ||
1888 | if (!elem) | ||
1889 | { | ||
1890 | MHD_gnutls_assert (); | ||
1891 | return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND; | ||
1892 | } | ||
1893 | |||
1894 | /* The value still has the previous tag's length bytes, plus the | ||
1895 | * current value's tag and length bytes. Decode them. | ||
1896 | */ | ||
1897 | |||
1898 | ptr = elem->value; | ||
1899 | remlen = elem->value_len; | ||
1900 | len = MHD__asn1_get_length_der (ptr, remlen, &lenlen); | ||
1901 | if (len < 0) | ||
1902 | { | ||
1903 | MHD_gnutls_assert (); | ||
1904 | return GNUTLS_E_ASN1_DER_ERROR; | ||
1905 | } | ||
1906 | |||
1907 | ptr += lenlen; | ||
1908 | remlen -= lenlen; | ||
1909 | ret = MHD__asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag); | ||
1910 | if (ret) | ||
1911 | { | ||
1912 | MHD_gnutls_assert (); | ||
1913 | return MHD_gtls_asn2err (ret); | ||
1914 | } | ||
1915 | |||
1916 | ptr += lenlen; | ||
1917 | remlen -= lenlen; | ||
1918 | |||
1919 | ava->value.size = MHD__asn1_get_length_der (ptr, remlen, &lenlen); | ||
1920 | ava->value.data = ptr + lenlen; | ||
1921 | |||
1922 | return 0; | ||
1923 | } | ||
1924 | |||
1925 | /** | ||
1926 | * MHD_gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint | ||
1927 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
1928 | * @algo: is a digest algorithm | ||
1929 | * @buf: a pointer to a structure to hold the fingerprint (may be null) | ||
1930 | * @sizeof_buf: initially holds the size of @buf | ||
1931 | * | ||
1932 | * This function will calculate and copy the certificate's fingerprint | ||
1933 | * in the provided buffer. | ||
1934 | * | ||
1935 | * If the buffer is null then only the size will be filled. | ||
1936 | * | ||
1937 | * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is | ||
1938 | * not long enough, and in that case the *sizeof_buf will be updated | ||
1939 | * with the required size. On success 0 is returned. | ||
1940 | **/ | ||
1941 | int | ||
1942 | MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert, | ||
1943 | enum MHD_GNUTLS_HashAlgorithm algo, | ||
1944 | void *buf, size_t * sizeof_buf) | ||
1945 | { | ||
1946 | opaque *cert_buf; | ||
1947 | int cert_buf_size; | ||
1948 | int result; | ||
1949 | MHD_gnutls_datum_t tmp; | ||
1950 | |||
1951 | if (sizeof_buf == 0 || cert == NULL) | ||
1952 | { | ||
1953 | return GNUTLS_E_INVALID_REQUEST; | ||
1954 | } | ||
1955 | |||
1956 | cert_buf_size = 0; | ||
1957 | MHD__asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL); | ||
1958 | |||
1959 | cert_buf = MHD_gnutls_alloca (cert_buf_size); | ||
1960 | if (cert_buf == NULL) | ||
1961 | { | ||
1962 | MHD_gnutls_assert (); | ||
1963 | return GNUTLS_E_MEMORY_ERROR; | ||
1964 | } | ||
1965 | |||
1966 | result = MHD__asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL); | ||
1967 | |||
1968 | if (result != ASN1_SUCCESS) | ||
1969 | { | ||
1970 | MHD_gnutls_assert (); | ||
1971 | MHD_gnutls_afree (cert_buf); | ||
1972 | return MHD_gtls_asn2err (result); | ||
1973 | } | ||
1974 | |||
1975 | tmp.data = cert_buf; | ||
1976 | tmp.size = cert_buf_size; | ||
1977 | |||
1978 | result = MHD__gnutls_fingerprint (algo, &tmp, buf, sizeof_buf); | ||
1979 | MHD_gnutls_afree (cert_buf); | ||
1980 | |||
1981 | return result; | ||
1982 | } | ||
1983 | |||
1984 | /** | ||
1985 | * MHD_gnutls_x509_crt_export - This function will export the certificate | 1131 | * MHD_gnutls_x509_crt_export - This function will export the certificate |
1986 | * @cert: Holds the certificate | 1132 | * @cert: Holds the certificate |
1987 | * @format: the format of output params. One of PEM or DER. | 1133 | * @format: the format of output params. One of PEM or DER. |
@@ -2016,158 +1162,6 @@ MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, | |||
2016 | output_data, output_data_size); | 1162 | output_data, output_data_size); |
2017 | } | 1163 | } |
2018 | 1164 | ||
2019 | static int | ||
2020 | rsadsa_get_key_id (MHD_gnutls_x509_crt_t crt, | ||
2021 | int pk, | ||
2022 | unsigned char *output_data, size_t * output_data_size) | ||
2023 | { | ||
2024 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; | ||
2025 | int params_size = MAX_PUBLIC_PARAMS_SIZE; | ||
2026 | int i, result = 0; | ||
2027 | MHD_gnutls_datum_t der = { NULL, | ||
2028 | 0 | ||
2029 | }; | ||
2030 | GNUTLS_HASH_HANDLE hd; | ||
2031 | |||
2032 | result = MHD__gnutls_x509_crt_get_mpis (crt, params, ¶ms_size); | ||
2033 | if (result < 0) | ||
2034 | { | ||
2035 | MHD_gnutls_assert (); | ||
2036 | return result; | ||
2037 | } | ||
2038 | |||
2039 | if (pk == MHD_GNUTLS_PK_RSA) | ||
2040 | { | ||
2041 | result = MHD__gnutls_x509_write_rsa_params (params, params_size, &der); | ||
2042 | if (result < 0) | ||
2043 | { | ||
2044 | MHD_gnutls_assert (); | ||
2045 | goto cleanup; | ||
2046 | } | ||
2047 | } | ||
2048 | else | ||
2049 | return GNUTLS_E_INTERNAL_ERROR; | ||
2050 | |||
2051 | hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
2052 | if (hd == GNUTLS_HASH_FAILED) | ||
2053 | { | ||
2054 | MHD_gnutls_assert (); | ||
2055 | result = GNUTLS_E_INTERNAL_ERROR; | ||
2056 | goto cleanup; | ||
2057 | } | ||
2058 | |||
2059 | MHD_gnutls_hash (hd, der.data, der.size); | ||
2060 | |||
2061 | MHD_gnutls_hash_deinit (hd, output_data); | ||
2062 | *output_data_size = 20; | ||
2063 | |||
2064 | result = 0; | ||
2065 | |||
2066 | cleanup: | ||
2067 | |||
2068 | MHD__gnutls_free_datum (&der); | ||
2069 | |||
2070 | /* release all allocated MPIs | ||
2071 | */ | ||
2072 | for (i = 0; i < params_size; i++) | ||
2073 | { | ||
2074 | MHD_gtls_mpi_release (¶ms[i]); | ||
2075 | } | ||
2076 | return result; | ||
2077 | } | ||
2078 | |||
2079 | /** | ||
2080 | * MHD_gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters | ||
2081 | * @crt: Holds the certificate | ||
2082 | * @flags: should be 0 for now | ||
2083 | * @output_data: will contain the key ID | ||
2084 | * @output_data_size: holds the size of output_data (and will be | ||
2085 | * replaced by the actual size of parameters) | ||
2086 | * | ||
2087 | * This function will return a unique ID the depends on the public | ||
2088 | * key parameters. This ID can be used in checking whether a | ||
2089 | * certificate corresponds to the given private key. | ||
2090 | * | ||
2091 | * If the buffer provided is not long enough to hold the output, then | ||
2092 | * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
2093 | * be returned. The output will normally be a SHA-1 hash output, | ||
2094 | * which is 20 bytes. | ||
2095 | * | ||
2096 | * Return value: In case of failure a negative value will be | ||
2097 | * returned, and 0 on success. | ||
2098 | **/ | ||
2099 | int | ||
2100 | MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt, | ||
2101 | unsigned int flags, | ||
2102 | unsigned char *output_data, | ||
2103 | size_t * output_data_size) | ||
2104 | { | ||
2105 | int pk, result = 0; | ||
2106 | MHD_gnutls_datum_t pubkey; | ||
2107 | |||
2108 | if (crt == NULL) | ||
2109 | { | ||
2110 | MHD_gnutls_assert (); | ||
2111 | return GNUTLS_E_INVALID_REQUEST; | ||
2112 | } | ||
2113 | |||
2114 | if (*output_data_size < 20) | ||
2115 | { | ||
2116 | MHD_gnutls_assert (); | ||
2117 | *output_data_size = 20; | ||
2118 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
2119 | } | ||
2120 | |||
2121 | pk = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL); | ||
2122 | if (pk < 0) | ||
2123 | { | ||
2124 | MHD_gnutls_assert (); | ||
2125 | return pk; | ||
2126 | } | ||
2127 | |||
2128 | if (pk == MHD_GNUTLS_PK_RSA) | ||
2129 | { | ||
2130 | /* This is for compatibility with what GnuTLS has printed for | ||
2131 | RSA/DSA before the code below was added. The code below is | ||
2132 | applicable to all types, and it would probably be a better | ||
2133 | idea to use it for RSA/DSA too, but doing so would break | ||
2134 | backwards compatibility. */ | ||
2135 | return rsadsa_get_key_id (crt, pk, output_data, output_data_size); | ||
2136 | } | ||
2137 | |||
2138 | pubkey.size = 0; | ||
2139 | result = MHD__asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo", | ||
2140 | NULL, &pubkey.size, NULL); | ||
2141 | if (result != ASN1_MEM_ERROR) | ||
2142 | { | ||
2143 | MHD_gnutls_assert (); | ||
2144 | return MHD_gtls_asn2err (result); | ||
2145 | } | ||
2146 | |||
2147 | pubkey.data = MHD_gnutls_alloca (pubkey.size); | ||
2148 | if (pubkey.data == NULL) | ||
2149 | { | ||
2150 | MHD_gnutls_assert (); | ||
2151 | return GNUTLS_E_MEMORY_ERROR; | ||
2152 | } | ||
2153 | |||
2154 | result = MHD__asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo", | ||
2155 | pubkey.data, &pubkey.size, NULL); | ||
2156 | if (result != ASN1_SUCCESS) | ||
2157 | { | ||
2158 | MHD_gnutls_assert (); | ||
2159 | MHD_gnutls_afree (pubkey.data); | ||
2160 | return MHD_gtls_asn2err (result); | ||
2161 | } | ||
2162 | |||
2163 | result = MHD__gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, | ||
2164 | output_data_size); | ||
2165 | |||
2166 | MHD_gnutls_afree (pubkey.data); | ||
2167 | |||
2168 | return result; | ||
2169 | } | ||
2170 | |||
2171 | #ifdef ENABLE_PKI | 1165 | #ifdef ENABLE_PKI |
2172 | 1166 | ||
2173 | /** | 1167 | /** |
@@ -2276,571 +1270,5 @@ MHD_gnutls_x509_crt_check_revocation (MHD_gnutls_x509_crt_t cert, | |||
2276 | return 0; /* not revoked. */ | 1270 | return 0; /* not revoked. */ |
2277 | } | 1271 | } |
2278 | 1272 | ||
2279 | /** | ||
2280 | * MHD_gnutls_x509_crt_verify_data - This function will verify the given signed data. | ||
2281 | * @crt: Holds the certificate | ||
2282 | * @flags: should be 0 for now | ||
2283 | * @data: holds the data to be signed | ||
2284 | * @signature: contains the signature | ||
2285 | * | ||
2286 | * This function will verify the given signed data, using the | ||
2287 | * parameters from the certificate. | ||
2288 | * | ||
2289 | * Returns: In case of a verification failure 0 is returned, and 1 on | ||
2290 | * success. | ||
2291 | **/ | ||
2292 | int | ||
2293 | MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt, | ||
2294 | unsigned int flags, | ||
2295 | const MHD_gnutls_datum_t * data, | ||
2296 | const MHD_gnutls_datum_t * signature) | ||
2297 | { | ||
2298 | int result; | ||
2299 | |||
2300 | if (crt == NULL) | ||
2301 | { | ||
2302 | MHD_gnutls_assert (); | ||
2303 | return GNUTLS_E_INVALID_REQUEST; | ||
2304 | } | ||
2305 | |||
2306 | result = MHD__gnutls_x509_verify_signature (data, signature, crt); | ||
2307 | if (result < 0) | ||
2308 | { | ||
2309 | MHD_gnutls_assert (); | ||
2310 | return 0; | ||
2311 | } | ||
2312 | |||
2313 | return result; | ||
2314 | } | ||
2315 | |||
2316 | /** | ||
2317 | * MHD_gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points | ||
2318 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
2319 | * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) | ||
2320 | * @ret: is the place where the distribution point will be copied to | ||
2321 | * @ret_size: holds the size of ret. | ||
2322 | * @reason_flags: Revocation reasons flags. | ||
2323 | * @critical: will be non zero if the extension is marked as critical (may be null) | ||
2324 | * | ||
2325 | * This function will return the CRL distribution points (2.5.29.31), | ||
2326 | * contained in the given certificate. | ||
2327 | * | ||
2328 | * @reason_flags should be an ORed sequence of | ||
2329 | * GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE, | ||
2330 | * GNUTLS_CRL_REASON_CA_COMPROMISE, | ||
2331 | * GNUTLS_CRL_REASON_AFFILIATION_CHANGED, | ||
2332 | * GNUTLS_CRL_REASON_SUPERSEEDED, | ||
2333 | * GNUTLS_CRL_REASON_CESSATION_OF_OPERATION, | ||
2334 | * GNUTLS_CRL_REASON_CERTIFICATE_HOLD, | ||
2335 | * GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN, | ||
2336 | * GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons. | ||
2337 | * | ||
2338 | * This is specified in X509v3 Certificate Extensions. GNUTLS will | ||
2339 | * return the distribution point type, or a negative error code on | ||
2340 | * error. | ||
2341 | * | ||
2342 | * Returns %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if | ||
2343 | * &@ret_size is not enough to hold the distribution point, or the | ||
2344 | * type of the distribution point if everything was ok. The type is | ||
2345 | * one of the enumerated %MHD_gnutls_x509_subject_alt_name_t. If the | ||
2346 | * certificate does not have an Alternative name with the specified | ||
2347 | * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is | ||
2348 | * returned. | ||
2349 | **/ | ||
2350 | int | ||
2351 | MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert, | ||
2352 | unsigned int seq, | ||
2353 | void *ret, | ||
2354 | size_t * ret_size, | ||
2355 | unsigned int *reason_flags, | ||
2356 | unsigned int *critical) | ||
2357 | { | ||
2358 | int result; | ||
2359 | MHD_gnutls_datum_t dist_points = { NULL, | ||
2360 | 0 | ||
2361 | }; | ||
2362 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
2363 | char name[MAX_NAME_SIZE]; | ||
2364 | int len; | ||
2365 | MHD_gnutls_x509_subject_alt_name_t type; | ||
2366 | uint8_t reasons[2]; | ||
2367 | |||
2368 | if (cert == NULL) | ||
2369 | { | ||
2370 | MHD_gnutls_assert (); | ||
2371 | return GNUTLS_E_INVALID_REQUEST; | ||
2372 | } | ||
2373 | |||
2374 | if (*ret_size > 0 && ret) | ||
2375 | memset (ret, 0, *ret_size); | ||
2376 | else | ||
2377 | *ret_size = 0; | ||
2378 | |||
2379 | if (reason_flags) | ||
2380 | *reason_flags = 0; | ||
2381 | |||
2382 | result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points, | ||
2383 | critical); | ||
2384 | if (result < 0) | ||
2385 | { | ||
2386 | return result; | ||
2387 | } | ||
2388 | |||
2389 | if (dist_points.size == 0 || dist_points.data == NULL) | ||
2390 | { | ||
2391 | MHD_gnutls_assert (); | ||
2392 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
2393 | } | ||
2394 | |||
2395 | result = | ||
2396 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", | ||
2397 | &c2); | ||
2398 | if (result != ASN1_SUCCESS) | ||
2399 | { | ||
2400 | MHD_gnutls_assert (); | ||
2401 | MHD__gnutls_free_datum (&dist_points); | ||
2402 | return MHD_gtls_asn2err (result); | ||
2403 | } | ||
2404 | |||
2405 | result = MHD__asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL); | ||
2406 | MHD__gnutls_free_datum (&dist_points); | ||
2407 | |||
2408 | if (result != ASN1_SUCCESS) | ||
2409 | { | ||
2410 | MHD_gnutls_assert (); | ||
2411 | MHD__asn1_delete_structure (&c2); | ||
2412 | return MHD_gtls_asn2err (result); | ||
2413 | } | ||
2414 | |||
2415 | /* Return the different names from the first CRLDistr. point. | ||
2416 | * The whole thing is a mess. | ||
2417 | */ | ||
2418 | MHD_gtls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName"); | ||
2419 | |||
2420 | result = parse_general_name (c2, name, seq, ret, ret_size, NULL, 0); | ||
2421 | if (result < 0) | ||
2422 | { | ||
2423 | MHD__asn1_delete_structure (&c2); | ||
2424 | return result; | ||
2425 | } | ||
2426 | |||
2427 | type = result; | ||
2428 | |||
2429 | /* Read the CRL reasons. | ||
2430 | */ | ||
2431 | if (reason_flags) | ||
2432 | { | ||
2433 | MHD_gtls_str_cpy (name, sizeof (name), "?1.reasons"); | ||
2434 | |||
2435 | reasons[0] = reasons[1] = 0; | ||
2436 | |||
2437 | len = sizeof (reasons); | ||
2438 | result = MHD__asn1_read_value (c2, name, reasons, &len); | ||
2439 | |||
2440 | if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) | ||
2441 | { | ||
2442 | MHD_gnutls_assert (); | ||
2443 | MHD__asn1_delete_structure (&c2); | ||
2444 | return MHD_gtls_asn2err (result); | ||
2445 | } | ||
2446 | |||
2447 | *reason_flags = reasons[0] | (reasons[1] << 8); | ||
2448 | } | ||
2449 | |||
2450 | return type; | ||
2451 | } | ||
2452 | |||
2453 | /** | ||
2454 | * MHD_gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs | ||
2455 | * @cert: should contain a MHD_gnutls_x509_crt_t structure | ||
2456 | * @indx: This specifies which OID to return. Use zero to get the first one. | ||
2457 | * @oid: a pointer to a buffer to hold the OID (may be null) | ||
2458 | * @sizeof_oid: initially holds the size of @oid | ||
2459 | * | ||
2460 | * This function will extract the key purpose OIDs of the Certificate | ||
2461 | * specified by the given index. These are stored in the Extended Key | ||
2462 | * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for | ||
2463 | * human readable names. | ||
2464 | * | ||
2465 | * If @oid is null then only the size will be filled. | ||
2466 | * | ||
2467 | * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is | ||
2468 | * not long enough, and in that case the *sizeof_oid will be updated | ||
2469 | * with the required size. On success 0 is returned. | ||
2470 | **/ | ||
2471 | int | ||
2472 | MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert, | ||
2473 | int indx, | ||
2474 | void *oid, | ||
2475 | size_t * sizeof_oid, | ||
2476 | unsigned int *critical) | ||
2477 | { | ||
2478 | char tmpstr[MAX_NAME_SIZE]; | ||
2479 | int result, len; | ||
2480 | MHD_gnutls_datum_t id; | ||
2481 | ASN1_TYPE c2 = ASN1_TYPE_EMPTY; | ||
2482 | |||
2483 | if (cert == NULL) | ||
2484 | { | ||
2485 | MHD_gnutls_assert (); | ||
2486 | return GNUTLS_E_INVALID_REQUEST; | ||
2487 | } | ||
2488 | |||
2489 | if (oid) | ||
2490 | memset (oid, 0, *sizeof_oid); | ||
2491 | else | ||
2492 | *sizeof_oid = 0; | ||
2493 | |||
2494 | if ((result = MHD__gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id, | ||
2495 | critical)) < 0) | ||
2496 | { | ||
2497 | return result; | ||
2498 | } | ||
2499 | |||
2500 | if (id.size == 0 || id.data == NULL) | ||
2501 | { | ||
2502 | MHD_gnutls_assert (); | ||
2503 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
2504 | } | ||
2505 | |||
2506 | result = | ||
2507 | MHD__asn1_create_element (MHD__gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2); | ||
2508 | if (result != ASN1_SUCCESS) | ||
2509 | { | ||
2510 | MHD_gnutls_assert (); | ||
2511 | MHD__gnutls_free_datum (&id); | ||
2512 | return MHD_gtls_asn2err (result); | ||
2513 | } | ||
2514 | |||
2515 | result = MHD__asn1_der_decoding (&c2, id.data, id.size, NULL); | ||
2516 | MHD__gnutls_free_datum (&id); | ||
2517 | |||
2518 | if (result != ASN1_SUCCESS) | ||
2519 | { | ||
2520 | MHD_gnutls_assert (); | ||
2521 | MHD__asn1_delete_structure (&c2); | ||
2522 | return MHD_gtls_asn2err (result); | ||
2523 | } | ||
2524 | |||
2525 | indx++; | ||
2526 | /* create a string like "?1" | ||
2527 | */ | ||
2528 | snprintf (tmpstr, sizeof (tmpstr), "?%u", indx); | ||
2529 | |||
2530 | len = *sizeof_oid; | ||
2531 | result = MHD__asn1_read_value (c2, tmpstr, oid, &len); | ||
2532 | |||
2533 | *sizeof_oid = len; | ||
2534 | MHD__asn1_delete_structure (&c2); | ||
2535 | |||
2536 | if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) | ||
2537 | { | ||
2538 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | ||
2539 | } | ||
2540 | |||
2541 | if (result != ASN1_SUCCESS) | ||
2542 | { | ||
2543 | MHD_gnutls_assert (); | ||
2544 | return MHD_gtls_asn2err (result); | ||
2545 | } | ||
2546 | |||
2547 | return 0; | ||
2548 | |||
2549 | } | ||
2550 | |||
2551 | /** | ||
2552 | * MHD_gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key | ||
2553 | * @crt: Holds the certificate | ||
2554 | * @m: will hold the modulus | ||
2555 | * @e: will hold the public exponent | ||
2556 | * | ||
2557 | * This function will export the RSA public key's parameters found in | ||
2558 | * the given structure. The new parameters will be allocated using | ||
2559 | * MHD_gnutls_malloc() and will be stored in the appropriate datum. | ||
2560 | * | ||
2561 | * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. | ||
2562 | **/ | ||
2563 | int | ||
2564 | MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt, | ||
2565 | MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e) | ||
2566 | { | ||
2567 | int ret; | ||
2568 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; | ||
2569 | int params_size = MAX_PUBLIC_PARAMS_SIZE; | ||
2570 | int i; | ||
2571 | |||
2572 | if (crt == NULL) | ||
2573 | { | ||
2574 | MHD_gnutls_assert (); | ||
2575 | return GNUTLS_E_INVALID_REQUEST; | ||
2576 | } | ||
2577 | |||
2578 | ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL); | ||
2579 | if (ret != MHD_GNUTLS_PK_RSA) | ||
2580 | { | ||
2581 | MHD_gnutls_assert (); | ||
2582 | return GNUTLS_E_INVALID_REQUEST; | ||
2583 | } | ||
2584 | |||
2585 | ret = MHD__gnutls_x509_crt_get_mpis (crt, params, ¶ms_size); | ||
2586 | if (ret < 0) | ||
2587 | { | ||
2588 | MHD_gnutls_assert (); | ||
2589 | return ret; | ||
2590 | } | ||
2591 | |||
2592 | ret = MHD_gtls_mpi_dprint (m, params[0]); | ||
2593 | if (ret < 0) | ||
2594 | { | ||
2595 | MHD_gnutls_assert (); | ||
2596 | goto cleanup; | ||
2597 | } | ||
2598 | |||
2599 | ret = MHD_gtls_mpi_dprint (e, params[1]); | ||
2600 | if (ret < 0) | ||
2601 | { | ||
2602 | MHD_gnutls_assert (); | ||
2603 | MHD__gnutls_free_datum (m); | ||
2604 | goto cleanup; | ||
2605 | } | ||
2606 | |||
2607 | ret = 0; | ||
2608 | |||
2609 | cleanup:for (i = 0; i < params_size; i++) | ||
2610 | { | ||
2611 | MHD_gtls_mpi_release (¶ms[i]); | ||
2612 | } | ||
2613 | return ret; | ||
2614 | } | ||
2615 | |||
2616 | /** | ||
2617 | * MHD_gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key | ||
2618 | * @crt: Holds the certificate | ||
2619 | * @p: will hold the p | ||
2620 | * @q: will hold the q | ||
2621 | * @g: will hold the g | ||
2622 | * @y: will hold the y | ||
2623 | * | ||
2624 | * This function will export the DSA public key's parameters found in | ||
2625 | * the given certificate. The new parameters will be allocated using | ||
2626 | * MHD_gnutls_malloc() and will be stored in the appropriate datum. | ||
2627 | * | ||
2628 | * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. | ||
2629 | **/ | ||
2630 | int | ||
2631 | MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt, | ||
2632 | MHD_gnutls_datum_t * p, | ||
2633 | MHD_gnutls_datum_t * q, | ||
2634 | MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y) | ||
2635 | { | ||
2636 | int ret; | ||
2637 | mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; | ||
2638 | int params_size = MAX_PUBLIC_PARAMS_SIZE; | ||
2639 | int i; | ||
2640 | |||
2641 | if (crt == NULL) | ||
2642 | { | ||
2643 | MHD_gnutls_assert (); | ||
2644 | return GNUTLS_E_INVALID_REQUEST; | ||
2645 | } | ||
2646 | |||
2647 | ret = MHD_gnutls_x509_crt_get_pk_algorithm (crt, NULL); | ||
2648 | |||
2649 | ret = MHD__gnutls_x509_crt_get_mpis (crt, params, ¶ms_size); | ||
2650 | if (ret < 0) | ||
2651 | { | ||
2652 | MHD_gnutls_assert (); | ||
2653 | return ret; | ||
2654 | } | ||
2655 | |||
2656 | /* P */ | ||
2657 | ret = MHD_gtls_mpi_dprint (p, params[0]); | ||
2658 | if (ret < 0) | ||
2659 | { | ||
2660 | MHD_gnutls_assert (); | ||
2661 | goto cleanup; | ||
2662 | } | ||
2663 | |||
2664 | /* Q */ | ||
2665 | ret = MHD_gtls_mpi_dprint (q, params[1]); | ||
2666 | if (ret < 0) | ||
2667 | { | ||
2668 | MHD_gnutls_assert (); | ||
2669 | MHD__gnutls_free_datum (p); | ||
2670 | goto cleanup; | ||
2671 | } | ||
2672 | |||
2673 | /* G */ | ||
2674 | ret = MHD_gtls_mpi_dprint (g, params[2]); | ||
2675 | if (ret < 0) | ||
2676 | { | ||
2677 | MHD_gnutls_assert (); | ||
2678 | MHD__gnutls_free_datum (p); | ||
2679 | MHD__gnutls_free_datum (q); | ||
2680 | goto cleanup; | ||
2681 | } | ||
2682 | |||
2683 | /* Y */ | ||
2684 | ret = MHD_gtls_mpi_dprint (y, params[3]); | ||
2685 | if (ret < 0) | ||
2686 | { | ||
2687 | MHD_gnutls_assert (); | ||
2688 | MHD__gnutls_free_datum (p); | ||
2689 | MHD__gnutls_free_datum (g); | ||
2690 | MHD__gnutls_free_datum (q); | ||
2691 | goto cleanup; | ||
2692 | } | ||
2693 | |||
2694 | ret = 0; | ||
2695 | |||
2696 | cleanup:for (i = 0; i < params_size; i++) | ||
2697 | { | ||
2698 | MHD_gtls_mpi_release (¶ms[i]); | ||
2699 | } | ||
2700 | return ret; | ||
2701 | |||
2702 | } | ||
2703 | |||
2704 | #endif | 1273 | #endif |
2705 | 1274 | ||
2706 | /** | ||
2707 | * MHD_gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list | ||
2708 | * @certs: The structures to store the parsed certificate. Must not be initialized. | ||
2709 | * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available. | ||
2710 | * @data: The PEM encoded certificate. | ||
2711 | * @format: One of DER or PEM. | ||
2712 | * @flags: must be zero or an OR'd sequence of MHD_gnutls_certificate_import_flags. | ||
2713 | * | ||
2714 | * This function will convert the given PEM encoded certificate list | ||
2715 | * to the native MHD_gnutls_x509_crt_t format. The output will be stored | ||
2716 | * in @certs. They will be automatically initialized. | ||
2717 | * | ||
2718 | * If the Certificate is PEM encoded it should have a header of "X509 | ||
2719 | * CERTIFICATE", or "CERTIFICATE". | ||
2720 | * | ||
2721 | * Returns: the number of certificates read or a negative error value. | ||
2722 | **/ | ||
2723 | int | ||
2724 | MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs, | ||
2725 | unsigned int *cert_max, | ||
2726 | const MHD_gnutls_datum_t * data, | ||
2727 | MHD_gnutls_x509_crt_fmt_t format, unsigned int flags) | ||
2728 | { | ||
2729 | int size; | ||
2730 | const char *ptr; | ||
2731 | MHD_gnutls_datum_t tmp; | ||
2732 | int ret, nocopy = 0; | ||
2733 | unsigned int count = 0, j; | ||
2734 | |||
2735 | if (format == GNUTLS_X509_FMT_DER) | ||
2736 | { | ||
2737 | if (*cert_max < 1) | ||
2738 | { | ||
2739 | *cert_max = 1; | ||
2740 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
2741 | } | ||
2742 | |||
2743 | count = 1; /* import only the first one */ | ||
2744 | |||
2745 | ret = MHD_gnutls_x509_crt_init (&certs[0]); | ||
2746 | if (ret < 0) | ||
2747 | { | ||
2748 | MHD_gnutls_assert (); | ||
2749 | goto error; | ||
2750 | } | ||
2751 | |||
2752 | ret = MHD_gnutls_x509_crt_import (certs[0], data, format); | ||
2753 | if (ret < 0) | ||
2754 | { | ||
2755 | MHD_gnutls_assert (); | ||
2756 | goto error; | ||
2757 | } | ||
2758 | |||
2759 | *cert_max = 1; | ||
2760 | return 1; | ||
2761 | } | ||
2762 | |||
2763 | /* move to the certificate | ||
2764 | */ | ||
2765 | ptr = MHD_memmem (data->data, data->size, | ||
2766 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | ||
2767 | if (ptr == NULL) | ||
2768 | ptr = MHD_memmem (data->data, data->size, | ||
2769 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | ||
2770 | |||
2771 | if (ptr == NULL) | ||
2772 | { | ||
2773 | MHD_gnutls_assert (); | ||
2774 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
2775 | } | ||
2776 | size = data->size - (ptr - (char *) data->data); | ||
2777 | |||
2778 | count = 0; | ||
2779 | |||
2780 | do | ||
2781 | { | ||
2782 | if (count >= *cert_max) | ||
2783 | { | ||
2784 | if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) | ||
2785 | break; | ||
2786 | else | ||
2787 | nocopy = 1; | ||
2788 | } | ||
2789 | |||
2790 | if (!nocopy) | ||
2791 | { | ||
2792 | ret = MHD_gnutls_x509_crt_init (&certs[count]); | ||
2793 | if (ret < 0) | ||
2794 | { | ||
2795 | MHD_gnutls_assert (); | ||
2796 | goto error; | ||
2797 | } | ||
2798 | |||
2799 | tmp.data = (void *) ptr; | ||
2800 | tmp.size = size; | ||
2801 | |||
2802 | ret = | ||
2803 | MHD_gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM); | ||
2804 | if (ret < 0) | ||
2805 | { | ||
2806 | MHD_gnutls_assert (); | ||
2807 | goto error; | ||
2808 | } | ||
2809 | } | ||
2810 | |||
2811 | /* now we move ptr after the pem header | ||
2812 | */ | ||
2813 | ptr++; | ||
2814 | /* find the next certificate (if any) | ||
2815 | */ | ||
2816 | size = data->size - (ptr - (char *) data->data); | ||
2817 | |||
2818 | if (size > 0) | ||
2819 | { | ||
2820 | char *ptr2; | ||
2821 | |||
2822 | ptr2 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | ||
2823 | if (ptr2 == NULL) | ||
2824 | ptr2 = | ||
2825 | MHD_memmem (ptr, size, PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | ||
2826 | |||
2827 | ptr = ptr2; | ||
2828 | } | ||
2829 | else | ||
2830 | ptr = NULL; | ||
2831 | |||
2832 | count++; | ||
2833 | } | ||
2834 | while (ptr != NULL); | ||
2835 | |||
2836 | *cert_max = count; | ||
2837 | |||
2838 | if (nocopy == 0) | ||
2839 | return count; | ||
2840 | else | ||
2841 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
2842 | |||
2843 | error:for (j = 0; j < count; j++) | ||
2844 | MHD_gnutls_x509_crt_deinit (certs[j]); | ||
2845 | return ret; | ||
2846 | } | ||
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h index ee28dc73..87a81954 100644 --- a/src/daemon/https/x509/x509.h +++ b/src/daemon/https/x509/x509.h | |||
@@ -92,33 +92,9 @@ extern "C" | |||
92 | int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, | 92 | int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert, |
93 | const MHD_gnutls_datum_t * data, | 93 | const MHD_gnutls_datum_t * data, |
94 | MHD_gnutls_x509_crt_fmt_t format); | 94 | MHD_gnutls_x509_crt_fmt_t format); |
95 | int MHD_gnutls_x509_crt_list_import (MHD_gnutls_x509_crt_t * certs, | ||
96 | unsigned int *cert_max, | ||
97 | const MHD_gnutls_datum_t * data, | ||
98 | MHD_gnutls_x509_crt_fmt_t format, | ||
99 | unsigned int flags); | ||
100 | int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, | 95 | int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert, |
101 | MHD_gnutls_x509_crt_fmt_t format, | 96 | MHD_gnutls_x509_crt_fmt_t format, |
102 | void *output_data, size_t * output_data_size); | 97 | void *output_data, size_t * output_data_size); |
103 | int MHD_gnutls_x509_crt_get_issuer_dn (MHD_gnutls_x509_crt_t cert, | ||
104 | char *buf, size_t * sizeof_buf); | ||
105 | int MHD_gnutls_x509_crt_get_issuer_dn_oid (MHD_gnutls_x509_crt_t cert, | ||
106 | int indx, | ||
107 | void *oid, size_t * sizeof_oid); | ||
108 | int MHD_gnutls_x509_crt_get_issuer_dn_by_oid (MHD_gnutls_x509_crt_t cert, | ||
109 | const char *oid, | ||
110 | int indx, | ||
111 | unsigned int raw_flag, | ||
112 | void *buf, size_t * sizeof_buf); | ||
113 | int MHD_gnutls_x509_crt_get_dn (MHD_gnutls_x509_crt_t cert, | ||
114 | char *buf, size_t * sizeof_buf); | ||
115 | int MHD_gnutls_x509_crt_get_dn_oid (MHD_gnutls_x509_crt_t cert, | ||
116 | int indx, void *oid, size_t * sizeof_oid); | ||
117 | int MHD_gnutls_x509_crt_get_dn_by_oid (MHD_gnutls_x509_crt_t cert, | ||
118 | const char *oid, | ||
119 | int indx, | ||
120 | unsigned int raw_flag, | ||
121 | void *buf, size_t * sizeof_buf); | ||
122 | int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert, | 98 | int MHD_gnutls_x509_crt_check_hostname (MHD_gnutls_x509_crt_t cert, |
123 | const char *hostname); | 99 | const char *hostname); |
124 | 100 | ||
@@ -126,22 +102,6 @@ extern "C" | |||
126 | int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert, | 102 | int MHD_gnutls_x509_crt_get_signature (MHD_gnutls_x509_crt_t cert, |
127 | char *sig, size_t * sizeof_sig); | 103 | char *sig, size_t * sizeof_sig); |
128 | int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); | 104 | int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert); |
129 | int MHD_gnutls_x509_crt_get_key_id (MHD_gnutls_x509_crt_t crt, | ||
130 | unsigned int flags, | ||
131 | unsigned char *output_data, | ||
132 | size_t * output_data_size); | ||
133 | |||
134 | int MHD_gnutls_x509_crt_set_authority_key_id (MHD_gnutls_x509_crt_t cert, | ||
135 | const void *id, size_t id_size); | ||
136 | int MHD_gnutls_x509_crt_get_authority_key_id (MHD_gnutls_x509_crt_t cert, | ||
137 | void *ret, | ||
138 | size_t * ret_size, | ||
139 | unsigned int *critical); | ||
140 | |||
141 | int MHD_gnutls_x509_crt_get_subject_key_id (MHD_gnutls_x509_crt_t cert, | ||
142 | void *ret, | ||
143 | size_t * ret_size, | ||
144 | unsigned int *critical); | ||
145 | 105 | ||
146 | #define GNUTLS_CRL_REASON_UNUSED 128 | 106 | #define GNUTLS_CRL_REASON_UNUSED 128 |
147 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | 107 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 |
@@ -153,20 +113,6 @@ extern "C" | |||
153 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 | 113 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 |
154 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 | 114 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 |
155 | 115 | ||
156 | int MHD_gnutls_x509_crt_get_crl_dist_points (MHD_gnutls_x509_crt_t cert, | ||
157 | unsigned int seq, | ||
158 | void *ret, | ||
159 | size_t * ret_size, | ||
160 | unsigned int *reason_flags, | ||
161 | unsigned int *critical); | ||
162 | int MHD_gnutls_x509_crt_set_crl_dist_points (MHD_gnutls_x509_crt_t crt, | ||
163 | MHD_gnutls_x509_subject_alt_name_t | ||
164 | type, | ||
165 | const void *data_string, | ||
166 | unsigned int reason_flags); | ||
167 | int MHD_gnutls_x509_crt_cpy_crl_dist_points (MHD_gnutls_x509_crt_t dst, | ||
168 | MHD_gnutls_x509_crt_t src); | ||
169 | |||
170 | time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert); | 116 | time_t MHD_gnutls_x509_crt_get_activation_time (MHD_gnutls_x509_crt_t cert); |
171 | time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert); | 117 | time_t MHD_gnutls_x509_crt_get_expiration_time (MHD_gnutls_x509_crt_t cert); |
172 | int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, | 118 | int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, |
@@ -174,36 +120,13 @@ extern "C" | |||
174 | 120 | ||
175 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, | 121 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, |
176 | unsigned int *bits); | 122 | unsigned int *bits); |
177 | int MHD_gnutls_x509_crt_get_pk_rsa_raw (MHD_gnutls_x509_crt_t crt, | ||
178 | MHD_gnutls_datum_t * m, MHD_gnutls_datum_t * e); | ||
179 | int MHD_gnutls_x509_crt_get_pk_dsa_raw (MHD_gnutls_x509_crt_t crt, | ||
180 | MHD_gnutls_datum_t * p, | ||
181 | MHD_gnutls_datum_t * q, | ||
182 | MHD_gnutls_datum_t * g, MHD_gnutls_datum_t * y); | ||
183 | |||
184 | int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert, | 123 | int MHD_gnutls_x509_crt_get_subject_alt_name (MHD_gnutls_x509_crt_t cert, |
185 | unsigned int seq, | 124 | unsigned int seq, |
186 | void *ret, | 125 | void *ret, |
187 | size_t * ret_size, | 126 | size_t * ret_size, |
188 | unsigned int *critical); | 127 | unsigned int *critical); |
189 | int MHD_gnutls_x509_crt_get_subject_alt_name2 (MHD_gnutls_x509_crt_t cert, | ||
190 | unsigned int seq, | ||
191 | void *ret, | ||
192 | size_t * ret_size, | ||
193 | unsigned int *ret_type, | ||
194 | unsigned int *critical); | ||
195 | |||
196 | int MHD_gnutls_x509_crt_get_subject_alt_othername_oid (MHD_gnutls_x509_crt_t cert, | ||
197 | unsigned int seq, | ||
198 | void *ret, | ||
199 | size_t * ret_size); | ||
200 | |||
201 | int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, | 128 | int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, |
202 | unsigned int *critical); | 129 | unsigned int *critical); |
203 | int MHD_gnutls_x509_crt_get_basic_constraints (MHD_gnutls_x509_crt_t cert, | ||
204 | unsigned int *critical, | ||
205 | int *ca, int *pathlen); | ||
206 | |||
207 | /* The key_usage flags are defined in gnutls.h. They are the | 130 | /* The key_usage flags are defined in gnutls.h. They are the |
208 | * GNUTLS_KEY_* definitions. | 131 | * GNUTLS_KEY_* definitions. |
209 | */ | 132 | */ |
@@ -213,34 +136,9 @@ extern "C" | |||
213 | int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, | 136 | int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt, |
214 | unsigned int usage); | 137 | unsigned int usage); |
215 | 138 | ||
216 | int MHD_gnutls_x509_crt_get_proxy (MHD_gnutls_x509_crt_t cert, | ||
217 | unsigned int *critical, | ||
218 | int *pathlen, | ||
219 | char **policyLanguage, | ||
220 | char **policy, size_t * sizeof_policy); | ||
221 | |||
222 | int MHD_gnutls_x509_dn_oid_known (const char *oid); | 139 | int MHD_gnutls_x509_dn_oid_known (const char *oid); |
223 | 140 | ||
224 | /* Read extensions by OID. */ | ||
225 | int MHD_gnutls_x509_crt_get_extension_oid (MHD_gnutls_x509_crt_t cert, | ||
226 | int indx, | ||
227 | void *oid, size_t * sizeof_oid); | ||
228 | int MHD_gnutls_x509_crt_get_extension_by_oid (MHD_gnutls_x509_crt_t cert, | ||
229 | const char *oid, | ||
230 | int indx, | ||
231 | void *buf, | ||
232 | size_t * sizeof_buf, | ||
233 | unsigned int *critical); | ||
234 | |||
235 | /* Read extensions by sequence number. */ | 141 | /* Read extensions by sequence number. */ |
236 | int MHD_gnutls_x509_crt_get_extension_info (MHD_gnutls_x509_crt_t cert, | ||
237 | int indx, | ||
238 | void *oid, | ||
239 | size_t * sizeof_oid, int *critical); | ||
240 | int MHD_gnutls_x509_crt_get_extension_data (MHD_gnutls_x509_crt_t cert, | ||
241 | int indx, | ||
242 | void *data, size_t * sizeof_data); | ||
243 | |||
244 | int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, | 142 | int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt, |
245 | const char *oid, | 143 | const char *oid, |
246 | const void *buf, | 144 | const void *buf, |
@@ -344,12 +242,6 @@ extern "C" | |||
344 | 242 | ||
345 | int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, | 243 | int MHD_gnutls_x509_crt_get_subject (MHD_gnutls_x509_crt_t cert, |
346 | MHD_gnutls_x509_dn_t * dn); | 244 | MHD_gnutls_x509_dn_t * dn); |
347 | int MHD_gnutls_x509_crt_get_issuer (MHD_gnutls_x509_crt_t cert, | ||
348 | MHD_gnutls_x509_dn_t * dn); | ||
349 | int MHD_gnutls_x509_dn_get_rdn_ava (MHD_gnutls_x509_dn_t dn, | ||
350 | int irdn, | ||
351 | int iava, MHD_gnutls_x509_ava_st * avast); | ||
352 | |||
353 | /* CRL handling functions. | 245 | /* CRL handling functions. |
354 | */ | 246 | */ |
355 | int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl); | 247 | int MHD_gnutls_x509_crl_init (MHD_gnutls_x509_crl_t * crl); |
@@ -362,8 +254,6 @@ extern "C" | |||
362 | MHD_gnutls_x509_crt_fmt_t format, | 254 | MHD_gnutls_x509_crt_fmt_t format, |
363 | void *output_data, size_t * output_data_size); | 255 | void *output_data, size_t * output_data_size); |
364 | 256 | ||
365 | int MHD_gnutls_x509_crl_get_issuer_dn (const MHD_gnutls_x509_crl_t crl, | ||
366 | char *buf, size_t * sizeof_buf); | ||
367 | int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl, | 257 | int MHD_gnutls_x509_crl_get_issuer_dn_by_oid (MHD_gnutls_x509_crl_t crl, |
368 | const char *oid, | 258 | const char *oid, |
369 | int indx, | 259 | int indx, |
@@ -508,21 +398,6 @@ extern "C" | |||
508 | const MHD_gnutls_x509_crl_t * | 398 | const MHD_gnutls_x509_crl_t * |
509 | crl_list, int crl_list_length); | 399 | crl_list, int crl_list_length); |
510 | 400 | ||
511 | int MHD_gnutls_x509_crt_get_fingerprint (MHD_gnutls_x509_crt_t cert, | ||
512 | enum MHD_GNUTLS_HashAlgorithm algo, | ||
513 | void *buf, size_t * sizeof_buf); | ||
514 | |||
515 | int MHD_gnutls_x509_crt_get_key_purpose_oid (MHD_gnutls_x509_crt_t cert, | ||
516 | int indx, | ||
517 | void *oid, | ||
518 | size_t * sizeof_oid, | ||
519 | unsigned int *critical); | ||
520 | int MHD_gnutls_x509_crt_set_key_purpose_oid (MHD_gnutls_x509_crt_t cert, | ||
521 | const void *oid, | ||
522 | unsigned int critical); | ||
523 | |||
524 | /* Private key handling. | ||
525 | */ | ||
526 | 401 | ||
527 | /* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function. | 402 | /* Flags for the MHD_gnutls_x509_privkey_export_pkcs8() function. |
528 | */ | 403 | */ |
@@ -601,10 +476,6 @@ extern "C" | |||
601 | unsigned int flags, | 476 | unsigned int flags, |
602 | const MHD_gnutls_datum_t * data, | 477 | const MHD_gnutls_datum_t * data, |
603 | const MHD_gnutls_datum_t * signature); | 478 | const MHD_gnutls_datum_t * signature); |
604 | int MHD_gnutls_x509_crt_verify_data (MHD_gnutls_x509_crt_t crt, | ||
605 | unsigned int flags, | ||
606 | const MHD_gnutls_datum_t * data, | ||
607 | const MHD_gnutls_datum_t * signature); | ||
608 | 479 | ||
609 | /* Certificate request stuff. | 480 | /* Certificate request stuff. |
610 | */ | 481 | */ |
@@ -753,8 +624,6 @@ int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert, | |||
753 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, | 624 | int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert, |
754 | unsigned int *bits); | 625 | unsigned int *bits); |
755 | 626 | ||
756 | int MHD__gnutls_x509_crt_cpy (MHD_gnutls_x509_crt_t dest, MHD_gnutls_x509_crt_t src); | ||
757 | |||
758 | int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, | 627 | int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert, |
759 | void *result, size_t * result_size); | 628 | void *result, size_t * result_size); |
760 | 629 | ||