removing more -- hopefully all -- openpgp related code

author: Christian Grothoff <christian@grothoff.org> 2008-08-24 15:34:34 +0000
committer: Christian Grothoff <christian@grothoff.org> 2008-08-24 15:34:34 +0000
commit: bde481fb521f299d9c5bf654573f73a7958d461a (patch)
tree: 0a23772d9f4e564baee6cababcbb047aef0e6937 /src/daemon/https/tls/auth_cert.c
parent: 2bdfce2c5a5348faa69ca52f1721a911d527c9fa (diff)
download: libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.tar.gz
libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.zip
1 files changed, 3 insertions, 465 deletions
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c
index 308c3878..643b32cb 100644
--- a/src/daemon/https/tls/auth_cert.c
+++ b/src/daemon/https/tls/auth_cert.c
@@ -43,15 +43,11 @@
 #include <gnutls_state.h>
 #include <gnutls_pk.h>
 #include <gnutls_x509.h>
-#include <gnutls_extra_hooks.h>
 #include "debug.h"
 static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
                                               unsigned);
 static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key);
-static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
-static gnutls_privkey *alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
-                                               key);
 /* Copies data from a internal certificate struct (gnutls_cert) to 
@@ -255,41 +251,6 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred,
 }
-/* Locates the most appropriate openpgp cert
- */
-static int
-_find_openpgp_cert (const mhd_gtls_cert_credentials_t cred,
-                    gnutls_pk_algorithm_t * pk_algos,
-                    int pk_algos_length, int *indx)
-{
-  unsigned i, j;
-  *indx = -1;
-  for (i = 0; i < cred->ncerts; i++)
-    {
-      for (j = 0; j < cred->cert_list_length[i]; j++)
-        {
-          /* If the *_SIGN algorithm matches
-           * the cert is our cert!
-           */
-          if ((_gnutls_check_pk_algo_in_list
-               (pk_algos, pk_algos_length,
-                cred->cert_list[i][0].subject_pk_algorithm) == 0)
-              && (cred->cert_list[i][0].cert_type == MHD_GNUTLS_CRT_OPENPGP))
-            {
-              *indx = i;
-              break;
-            }
-        }
-      if (*indx != -1)
-        break;
-    }
-  return 0;
-}
 /* Returns the number of issuers in the server's
 * certificate request packet.
 */
@@ -444,17 +405,9 @@ call_get_cert_callback (mhd_gtls_session_t session,
    }
  else
    {                           /* PGP */
-      if (st.ncerts > 1)
+      gnutls_assert ();
-        {
+      ret = GNUTLS_E_INVALID_REQUEST;
-          gnutls_assert ();
+      goto cleanup;
-          ret = GNUTLS_E_INVALID_REQUEST;
-          goto cleanup;
-        }
-      local_certs = alloc_and_load_pgp_certs (st.cert.pgp);
-      if (local_certs != NULL)
-        local_key = alloc_and_load_pgp_key (st.key.pgp);
    }
  mhd_gtls_selected_certs_set (session, local_certs,
@@ -477,22 +430,6 @@ cleanup:
          gnutls_x509_privkey_deinit (st.key.x509);
        }
    }
-  else
-    {
-      if (st.deinit_all)
-        {
-          if (_E_gnutls_openpgp_crt_deinit == NULL ||
-              _E_gnutls_openpgp_privkey_deinit == NULL)
-            {
-              gnutls_assert ();
-              return GNUTLS_E_INIT_LIBEXTRA;
-            }
-          _E_gnutls_openpgp_crt_deinit (st.cert.pgp);
-          _E_gnutls_openpgp_privkey_deinit (st.key.pgp);
-        }
-    }
  return ret;
 }
@@ -577,11 +514,6 @@ _select_client_cert (mhd_gtls_session_t session,
        result =
          _find_x509_cert (cred, _data, _data_size,
                           pk_algos, pk_algos_length, &indx);
-      if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP)
-        result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
      if (result < 0)
        {
          gnutls_assert ();
@@ -667,136 +599,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data)
  return ret;
 }
-enum PGPKeyDescriptorType
-{ PGP_KEY_FINGERPRINT, PGP_KEY };
-int
-mhd_gtls_gen_openpgp_certificate (mhd_gtls_session_t session, opaque ** data)
-{
-  int ret;
-  opaque *pdata;
-  gnutls_cert *apr_cert_list;
-  gnutls_privkey *apr_pkey;
-  int apr_cert_list_length;
-  /* find the appropriate certificate */
-  if ((ret =
-       mhd_gtls_get_selected_cert (session, &apr_cert_list,
-                                  &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  ret = 3 + 1 + 3;
-  if (apr_cert_list_length > 0)
-    ret += apr_cert_list[0].raw.size;
-  (*data) = gnutls_malloc (ret);
-  pdata = (*data);
-  if (pdata == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  mhd_gtls_write_uint24 (ret - 3, pdata);
-  pdata += 3;
-  *pdata = PGP_KEY;             /* whole key */
-  pdata++;
-  if (apr_cert_list_length > 0)
-    {
-      mhd_gtls_write_datum24 (pdata, apr_cert_list[0].raw);
-      pdata += (3 + apr_cert_list[0].raw.size);
-    }
-  else                          /* empty - no certificate */
-    mhd_gtls_write_uint24 (0, pdata);
-  return ret;
-}
-int
-mhd_gtls_gen_openpgp_certificate_fpr (mhd_gtls_session_t session, opaque ** data)
-{
-  int ret, packet_size;
-  size_t fpr_size;
-  opaque *pdata;
-  gnutls_cert *apr_cert_list;
-  gnutls_privkey *apr_pkey;
-  int apr_cert_list_length;
-  /* find the appropriate certificate */
-  if ((ret =
-       mhd_gtls_get_selected_cert (session, &apr_cert_list,
-                                  &apr_cert_list_length, &apr_pkey)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  packet_size = 3 + 1;
-  /* Only v4 fingerprints are sent 
-   */
-  if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
-    packet_size += 20 + 1;
-  else                          /* empty certificate case */
-    return mhd_gtls_gen_openpgp_certificate (session, data);
-  (*data) = gnutls_malloc (packet_size);
-  pdata = (*data);
-  if (pdata == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-  mhd_gtls_write_uint24 (packet_size - 3, pdata);
-  pdata += 3;
-  *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
-  pdata++;
-  *pdata = 20;
-  pdata++;
-  fpr_size = 20;
-  if (_E_gnutls_openpgp_fingerprint == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INIT_LIBEXTRA;
-    }
-  if ((ret =
-       _E_gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata,
-                                      &fpr_size)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  return packet_size;
-}
 int
 mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data)
 {
  switch (session->security_parameters.cert_type)
    {
-    case MHD_GNUTLS_CRT_OPENPGP:
-      if (mhd_gtls_openpgp_send_fingerprint (session) == 0)
-        return mhd_gtls_gen_openpgp_certificate (session, data);
-      else
-        return mhd_gtls_gen_openpgp_certificate_fpr (session, data);
    case MHD_GNUTLS_CRT_X509:
      return mhd_gtls_gen_x509_crt (session, data);
@@ -811,8 +618,6 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data
 {
  switch (session->security_parameters.cert_type)
    {
-    case MHD_GNUTLS_CRT_OPENPGP:
-      return mhd_gtls_gen_openpgp_certificate (session, data);
    case MHD_GNUTLS_CRT_X509:
      return mhd_gtls_gen_x509_crt (session, data);
    default:
@@ -967,184 +772,6 @@ cleanup:
 }
 #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x])
-int
-mhd_gtls_proc_openpgp_server_certificate (mhd_gtls_session_t session,
-                                         opaque * data, size_t data_size)
-{
-  int size, ret, len;
-  opaque *p = data;
-  cert_auth_info_t info;
-  mhd_gtls_cert_credentials_t cred;
-  ssize_t dsize = data_size;
-  int i, x;
-  gnutls_cert *peer_certificate_list = NULL;
-  int peer_certificate_list_size = 0;
-  gnutls_datum_t tmp, akey = { NULL, 0 };
-  cred = (mhd_gtls_cert_credentials_t)
-    mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  if (cred == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-    }
-  if ((ret =
-       mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
-                              sizeof (cert_auth_info_st), 1)) < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  info = mhd_gtls_get_auth_info (session);
-  if (data == NULL || data_size == 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_NO_CERTIFICATE_FOUND;
-    }
-  DECR_LEN (dsize, 3);
-  size = mhd_gtls_read_uint24 (p);
-  p += 3;
-  if (size == 0)
-    {
-      gnutls_assert ();
-      /* no certificate was sent */
-      return GNUTLS_E_NO_CERTIFICATE_FOUND;
-    }
-  i = dsize;
-  /* Read PGPKeyDescriptor */
-  DECR_LEN (dsize, 1);
-  if (*p == PGP_KEY_FINGERPRINT)
-    {                           /* the fingerprint */
-      p++;
-      DECR_LEN (dsize, 1);
-      len = (uint8_t) * p;
-      p++;
-      if (len != 20)
-        {
-          gnutls_assert ();
-          return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
-        }
-      DECR_LEN (dsize, 20);
-      /* request the actual key from our database, or
-       * a key server or anything.
-       */
-      if (_E_gnutls_openpgp_request_key == NULL)
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INIT_LIBEXTRA;
-        }
-      if ((ret =
-           _E_gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
-        {
-          gnutls_assert ();
-          return ret;
-        }
-      tmp = akey;
-      peer_certificate_list_size++;
-    }
-  else if (*p == PGP_KEY)
-    {                           /* the whole key */
-      p++;
-      /* Read the actual certificate */
-      DECR_LEN (dsize, 3);
-      len = mhd_gtls_read_uint24 (p);
-      p += 3;
-      if (len == 0)
-        {
-          gnutls_assert ();
-          /* no certificate was sent */
-          return GNUTLS_E_NO_CERTIFICATE_FOUND;
-        }
-      DECR_LEN (dsize, len);
-      peer_certificate_list_size++;
-      tmp.size = len;
-      tmp.data = p;
-    }
-  else
-    {
-      gnutls_assert ();
-      return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
-    }
-  /* ok we now have the peer's key in tmp datum
-   */
-  if (peer_certificate_list_size == 0)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
-  peer_certificate_list =
-    gnutls_alloca (sizeof (gnutls_cert) * (peer_certificate_list_size));
-  if (peer_certificate_list == NULL)
-    {
-      gnutls_assert ();
-      ret = GNUTLS_E_MEMORY_ERROR;
-      goto cleanup;
-    }
-  memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
-          peer_certificate_list_size);
-  if (_E_gnutls_openpgp_raw_key_to_gcert == NULL)
-    {
-      gnutls_assert ();
-      ret = GNUTLS_E_INIT_LIBEXTRA;
-      goto cleanup;
-    }
-  if ((ret =
-       _E_gnutls_openpgp_raw_key_to_gcert (&peer_certificate_list[0],
-                                           &tmp)) < 0)
-    {
-      gnutls_assert ();
-      goto cleanup;
-    }
-  if ((ret =
-       _gnutls_copy_certificate_auth_info (info,
-                                           peer_certificate_list,
-                                           peer_certificate_list_size)) < 0)
-    {
-      gnutls_assert ();
-      goto cleanup;
-    }
-  if ((ret =
-       _gnutls_check_key_usage (&peer_certificate_list[0],
-                                gnutls_kx_get (session))) < 0)
-    {
-      gnutls_assert ();
-      goto cleanup;
-    }
-  ret = 0;
-cleanup:
-  _gnutls_free_datum (&akey);
-  CLEAR_CERTS;
-  gnutls_afree (peer_certificate_list);
-  return ret;
-}
 int
 mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,
@@ -1152,9 +779,6 @@ mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,
 {
  switch (session->security_parameters.cert_type)
    {
-    case MHD_GNUTLS_CRT_OPENPGP:
-      return mhd_gtls_proc_openpgp_server_certificate (session,
-                                                      data, data_size);
    case MHD_GNUTLS_CRT_X509:
      return mhd_gtls_proc_x509_server_certificate (session, data, data_size);
    default:
@@ -1262,13 +886,6 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
  size = mhd_gtls_read_uint16 (p);
  p += 2;
-  if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP
-      && size != 0)
-    {
-      gnutls_assert ();         // size should be zero
-      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
-    }
  DECR_LEN (dsize, size);
  /* now we ask the user to tell which one
@@ -1578,85 +1195,6 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key)
  return local_key;
 }
-/* converts the given pgp certificate to gnutls_cert* and allocates
- * space for them.
- */
-static gnutls_cert *
-alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
-{
-  gnutls_cert *local_certs;
-  int ret = 0;
-  if (cert == NULL)
-    return NULL;
-  local_certs = gnutls_malloc (sizeof (gnutls_cert));
-  if (local_certs == NULL)
-    {
-      gnutls_assert ();
-      return NULL;
-    }
-  if (_E_gnutls_openpgp_crt_to_gcert == NULL)
-    {
-      gnutls_assert ();
-      return NULL;
-    }
-  ret = _E_gnutls_openpgp_crt_to_gcert (local_certs, cert);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return NULL;
-    }
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      mhd_gtls_gcert_deinit (local_certs);
-      gnutls_free (local_certs);
-      return NULL;
-    }
-  return local_certs;
-}
-/* converts the given raw key to gnutls_privkey* and allocates
- * space for it.
- */
-static gnutls_privkey *
-alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key)
-{
-  gnutls_privkey *local_key;
-  int ret = 0;
-  if (key == NULL)
-    return NULL;
-  local_key = gnutls_malloc (sizeof (gnutls_privkey));
-  if (local_key == NULL)
-    {
-      gnutls_assert ();
-      return NULL;
-    }
-  if (_E_gnutls_openpgp_privkey_to_gkey == NULL)
-    {
-      gnutls_assert ();
-      return NULL;
-    }
-  ret = _E_gnutls_openpgp_privkey_to_gkey (local_key, key);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return NULL;
-    }
-  return local_key;
-}
 void
 mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session)
 {
author	Christian Grothoff <christian@grothoff.org>	2008-08-24 15:34:34 +0000
committer	Christian Grothoff <christian@grothoff.org>	2008-08-24 15:34:34 +0000
commit	bde481fb521f299d9c5bf654573f73a7958d461a (patch)
tree	0a23772d9f4e564baee6cababcbb047aef0e6937 /src/daemon/https/tls/auth_cert.c
parent	2bdfce2c5a5348faa69ca52f1721a911d527c9fa (diff)
download	libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.tar.gz libmicrohttpd-bde481fb521f299d9c5bf654573f73a7958d461a.zip

diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index 308c3878..643b32cb 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c
@@ -43,15 +43,11 @@
43	#include <gnutls_state.h>	43	#include <gnutls_state.h>
44	#include <gnutls_pk.h>	44	#include <gnutls_pk.h>
45	#include <gnutls_x509.h>	45	#include <gnutls_x509.h>
46	#include <gnutls_extra_hooks.h>
47	#include "debug.h"	46	#include "debug.h"
48		47
49	static gnutls_cert alloc_and_load_x509_certs (gnutls_x509_crt_t certs,	48	static gnutls_cert alloc_and_load_x509_certs (gnutls_x509_crt_t certs,
50	unsigned);	49	unsigned);
51	static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key);	50	static gnutls_privkey *alloc_and_load_x509_key (gnutls_x509_privkey_t key);
52	static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
53	static gnutls_privkey *alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
54	key);
55		51
56		52
57	/* Copies data from a internal certificate struct (gnutls_cert) to	53	/* Copies data from a internal certificate struct (gnutls_cert) to
@@ -255,41 +251,6 @@ _find_x509_cert (const mhd_gtls_cert_credentials_t cred,
255		251
256	}	252	}
257		253
258	/* Locates the most appropriate openpgp cert
259	*/
260	static int
261	_find_openpgp_cert (const mhd_gtls_cert_credentials_t cred,
262	gnutls_pk_algorithm_t * pk_algos,
263	int pk_algos_length, int *indx)
264	{
265	unsigned i, j;
266
267	*indx = -1;
268
269	for (i = 0; i < cred->ncerts; i++)
270	{
271	for (j = 0; j < cred->cert_list_length[i]; j++)
272	{
273
274	/* If the *_SIGN algorithm matches
275	* the cert is our cert!
276	*/
277	if ((_gnutls_check_pk_algo_in_list
278	(pk_algos, pk_algos_length,
279	cred->cert_list[i][0].subject_pk_algorithm) == 0)
280	&& (cred->cert_list[i][0].cert_type == MHD_GNUTLS_CRT_OPENPGP))
281	{
282	*indx = i;
283	break;
284	}
285	}
286	if (*indx != -1)
287	break;
288	}
289
290	return 0;
291	}
292
293	/* Returns the number of issuers in the server's	254	/* Returns the number of issuers in the server's
294	* certificate request packet.	255	* certificate request packet.
295	*/	256	*/
@@ -444,17 +405,9 @@ call_get_cert_callback (mhd_gtls_session_t session,
444	}	405	}
445	else	406	else
446	{ /* PGP */	407	{ /* PGP */
447	if (st.ncerts > 1)	408	gnutls_assert ();
448	{	409	ret = GNUTLS_E_INVALID_REQUEST;
449	gnutls_assert ();	410	goto cleanup;
450	ret = GNUTLS_E_INVALID_REQUEST;
451	goto cleanup;
452	}
453
454	local_certs = alloc_and_load_pgp_certs (st.cert.pgp);
455	if (local_certs != NULL)
456	local_key = alloc_and_load_pgp_key (st.key.pgp);
457
458	}	411	}
459		412
460	mhd_gtls_selected_certs_set (session, local_certs,	413	mhd_gtls_selected_certs_set (session, local_certs,
@@ -477,22 +430,6 @@ cleanup:
477	gnutls_x509_privkey_deinit (st.key.x509);	430	gnutls_x509_privkey_deinit (st.key.x509);
478	}	431	}
479	}	432	}
480	else
481	{
482	if (st.deinit_all)
483	{
484	if (_E_gnutls_openpgp_crt_deinit == NULL \|\|
485	_E_gnutls_openpgp_privkey_deinit == NULL)
486	{
487	gnutls_assert ();
488	return GNUTLS_E_INIT_LIBEXTRA;
489	}
490
491	_E_gnutls_openpgp_crt_deinit (st.cert.pgp);
492	_E_gnutls_openpgp_privkey_deinit (st.key.pgp);
493	}
494	}
495
496	return ret;	433	return ret;
497	}	434	}
498		435
@@ -577,11 +514,6 @@ _select_client_cert (mhd_gtls_session_t session,
577	result =	514	result =
578	_find_x509_cert (cred, _data, _data_size,	515	_find_x509_cert (cred, _data, _data_size,
579	pk_algos, pk_algos_length, &indx);	516	pk_algos, pk_algos_length, &indx);
580
581	if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP)
582	result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
583
584
585	if (result < 0)	517	if (result < 0)
586	{	518	{
587	gnutls_assert ();	519	gnutls_assert ();
@@ -667,136 +599,11 @@ mhd_gtls_gen_x509_crt (mhd_gtls_session_t session, opaque ** data)
667	return ret;	599	return ret;
668	}	600	}
669		601
670	enum PGPKeyDescriptorType
671	{ PGP_KEY_FINGERPRINT, PGP_KEY };
672
673	int
674	mhd_gtls_gen_openpgp_certificate (mhd_gtls_session_t session, opaque ** data)
675	{
676	int ret;
677	opaque *pdata;
678	gnutls_cert *apr_cert_list;
679	gnutls_privkey *apr_pkey;
680	int apr_cert_list_length;
681
682	/* find the appropriate certificate */
683	if ((ret =
684	mhd_gtls_get_selected_cert (session, &apr_cert_list,
685	&apr_cert_list_length, &apr_pkey)) < 0)
686	{
687	gnutls_assert ();
688	return ret;
689	}
690
691	ret = 3 + 1 + 3;
692
693	if (apr_cert_list_length > 0)
694	ret += apr_cert_list[0].raw.size;
695
696	(*data) = gnutls_malloc (ret);
697	pdata = (*data);
698
699	if (pdata == NULL)
700	{
701	gnutls_assert ();
702	return GNUTLS_E_MEMORY_ERROR;
703	}
704
705	mhd_gtls_write_uint24 (ret - 3, pdata);
706	pdata += 3;
707
708	pdata = PGP_KEY; / whole key */
709	pdata++;
710
711	if (apr_cert_list_length > 0)
712	{
713	mhd_gtls_write_datum24 (pdata, apr_cert_list[0].raw);
714	pdata += (3 + apr_cert_list[0].raw.size);
715	}
716	else /* empty - no certificate */
717	mhd_gtls_write_uint24 (0, pdata);
718
719	return ret;
720	}
721
722	int
723	mhd_gtls_gen_openpgp_certificate_fpr (mhd_gtls_session_t session, opaque ** data)
724	{
725	int ret, packet_size;
726	size_t fpr_size;
727	opaque *pdata;
728	gnutls_cert *apr_cert_list;
729	gnutls_privkey *apr_pkey;
730	int apr_cert_list_length;
731
732	/* find the appropriate certificate */
733	if ((ret =
734	mhd_gtls_get_selected_cert (session, &apr_cert_list,
735	&apr_cert_list_length, &apr_pkey)) < 0)
736	{
737	gnutls_assert ();
738	return ret;
739	}
740
741	packet_size = 3 + 1;
742
743	/* Only v4 fingerprints are sent
744	*/
745	if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
746	packet_size += 20 + 1;
747	else /* empty certificate case */
748	return mhd_gtls_gen_openpgp_certificate (session, data);
749
750	(*data) = gnutls_malloc (packet_size);
751	pdata = (*data);
752
753	if (pdata == NULL)
754	{
755	gnutls_assert ();
756	return GNUTLS_E_MEMORY_ERROR;
757	}
758
759	mhd_gtls_write_uint24 (packet_size - 3, pdata);
760	pdata += 3;
761
762	pdata = PGP_KEY_FINGERPRINT; / key fingerprint */
763	pdata++;
764
765	*pdata = 20;
766	pdata++;
767
768	fpr_size = 20;
769
770	if (_E_gnutls_openpgp_fingerprint == NULL)
771	{
772	gnutls_assert ();
773	return GNUTLS_E_INIT_LIBEXTRA;
774	}
775
776	if ((ret =
777	_E_gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata,
778	&fpr_size)) < 0)
779	{
780	gnutls_assert ();
781	return ret;
782	}
783
784	return packet_size;
785	}
786
787
788
789	int	602	int
790	mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data)	603	mhd_gtls_gen_cert_client_certificate (mhd_gtls_session_t session, opaque ** data)
791	{	604	{
792	switch (session->security_parameters.cert_type)	605	switch (session->security_parameters.cert_type)
793	{	606	{
794	case MHD_GNUTLS_CRT_OPENPGP:
795	if (mhd_gtls_openpgp_send_fingerprint (session) == 0)
796	return mhd_gtls_gen_openpgp_certificate (session, data);
797	else
798	return mhd_gtls_gen_openpgp_certificate_fpr (session, data);
799
800	case MHD_GNUTLS_CRT_X509:	607	case MHD_GNUTLS_CRT_X509:
801	return mhd_gtls_gen_x509_crt (session, data);	608	return mhd_gtls_gen_x509_crt (session, data);
802		609
@@ -811,8 +618,6 @@ mhd_gtls_gen_cert_server_certificate (mhd_gtls_session_t session, opaque ** data
811	{	618	{
812	switch (session->security_parameters.cert_type)	619	switch (session->security_parameters.cert_type)
813	{	620	{
814	case MHD_GNUTLS_CRT_OPENPGP:
815	return mhd_gtls_gen_openpgp_certificate (session, data);
816	case MHD_GNUTLS_CRT_X509:	621	case MHD_GNUTLS_CRT_X509:
817	return mhd_gtls_gen_x509_crt (session, data);	622	return mhd_gtls_gen_x509_crt (session, data);
818	default:	623	default:
@@ -967,184 +772,6 @@ cleanup:
967	}	772	}
968		773
969	#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x])	774	#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) mhd_gtls_gcert_deinit(&peer_certificate_list[x])
970	int
971	mhd_gtls_proc_openpgp_server_certificate (mhd_gtls_session_t session,
972	opaque * data, size_t data_size)
973	{
974	int size, ret, len;
975	opaque *p = data;
976	cert_auth_info_t info;
977	mhd_gtls_cert_credentials_t cred;
978	ssize_t dsize = data_size;
979	int i, x;
980	gnutls_cert *peer_certificate_list = NULL;
981	int peer_certificate_list_size = 0;
982	gnutls_datum_t tmp, akey = { NULL, 0 };
983
984	cred = (mhd_gtls_cert_credentials_t)
985	mhd_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL);
986	if (cred == NULL)
987	{
988	gnutls_assert ();
989	return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
990	}
991
992	if ((ret =
993	mhd_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE,
994	sizeof (cert_auth_info_st), 1)) < 0)
995	{
996	gnutls_assert ();
997	return ret;
998	}
999
1000	info = mhd_gtls_get_auth_info (session);
1001
1002	if (data == NULL \|\| data_size == 0)
1003	{
1004	gnutls_assert ();
1005	return GNUTLS_E_NO_CERTIFICATE_FOUND;
1006	}
1007
1008	DECR_LEN (dsize, 3);
1009	size = mhd_gtls_read_uint24 (p);
1010	p += 3;
1011
1012	if (size == 0)
1013	{
1014	gnutls_assert ();
1015	/* no certificate was sent */
1016	return GNUTLS_E_NO_CERTIFICATE_FOUND;
1017	}
1018	i = dsize;
1019
1020	/* Read PGPKeyDescriptor */
1021	DECR_LEN (dsize, 1);
1022	if (*p == PGP_KEY_FINGERPRINT)
1023	{ /* the fingerprint */
1024	p++;
1025
1026	DECR_LEN (dsize, 1);
1027	len = (uint8_t) * p;
1028	p++;
1029
1030	if (len != 20)
1031	{
1032	gnutls_assert ();
1033	return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
1034	}
1035
1036	DECR_LEN (dsize, 20);
1037
1038	/* request the actual key from our database, or
1039	* a key server or anything.
1040	*/
1041	if (_E_gnutls_openpgp_request_key == NULL)
1042	{
1043	gnutls_assert ();
1044	return GNUTLS_E_INIT_LIBEXTRA;
1045	}
1046	if ((ret =
1047	_E_gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
1048	{
1049	gnutls_assert ();
1050	return ret;
1051	}
1052	tmp = akey;
1053	peer_certificate_list_size++;
1054
1055	}
1056	else if (*p == PGP_KEY)
1057	{ /* the whole key */
1058
1059	p++;
1060
1061	/* Read the actual certificate */
1062	DECR_LEN (dsize, 3);
1063	len = mhd_gtls_read_uint24 (p);
1064	p += 3;
1065
1066	if (len == 0)
1067	{
1068	gnutls_assert ();
1069	/* no certificate was sent */
1070	return GNUTLS_E_NO_CERTIFICATE_FOUND;
1071	}
1072
1073	DECR_LEN (dsize, len);
1074	peer_certificate_list_size++;
1075
1076	tmp.size = len;
1077	tmp.data = p;
1078
1079	}
1080	else
1081	{
1082	gnutls_assert ();
1083	return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
1084	}
1085
1086	/* ok we now have the peer's key in tmp datum
1087	*/
1088
1089	if (peer_certificate_list_size == 0)
1090	{
1091	gnutls_assert ();
1092	return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
1093	}
1094
1095	peer_certificate_list =
1096	gnutls_alloca (sizeof (gnutls_cert) * (peer_certificate_list_size));
1097	if (peer_certificate_list == NULL)
1098	{
1099	gnutls_assert ();
1100	ret = GNUTLS_E_MEMORY_ERROR;
1101	goto cleanup;
1102	}
1103	memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
1104	peer_certificate_list_size);
1105
1106	if (_E_gnutls_openpgp_raw_key_to_gcert == NULL)
1107	{
1108	gnutls_assert ();
1109	ret = GNUTLS_E_INIT_LIBEXTRA;
1110	goto cleanup;
1111	}
1112
1113	if ((ret =
1114	_E_gnutls_openpgp_raw_key_to_gcert (&peer_certificate_list[0],
1115	&tmp)) < 0)
1116	{
1117	gnutls_assert ();
1118	goto cleanup;
1119	}
1120
1121	if ((ret =
1122	_gnutls_copy_certificate_auth_info (info,
1123	peer_certificate_list,
1124	peer_certificate_list_size)) < 0)
1125	{
1126	gnutls_assert ();
1127	goto cleanup;
1128	}
1129
1130	if ((ret =
1131	_gnutls_check_key_usage (&peer_certificate_list[0],
1132	gnutls_kx_get (session))) < 0)
1133	{
1134	gnutls_assert ();
1135	goto cleanup;
1136	}
1137
1138	ret = 0;
1139
1140	cleanup:
1141
1142	_gnutls_free_datum (&akey);
1143	CLEAR_CERTS;
1144	gnutls_afree (peer_certificate_list);
1145	return ret;
1146
1147	}
1148		775
1149	int	776	int
1150	mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,	777	mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,
@@ -1152,9 +779,6 @@ mhd_gtls_proc_cert_server_certificate (mhd_gtls_session_t session,
1152	{	779	{
1153	switch (session->security_parameters.cert_type)	780	switch (session->security_parameters.cert_type)
1154	{	781	{
1155	case MHD_GNUTLS_CRT_OPENPGP:
1156	return mhd_gtls_proc_openpgp_server_certificate (session,
1157	data, data_size);
1158	case MHD_GNUTLS_CRT_X509:	782	case MHD_GNUTLS_CRT_X509:
1159	return mhd_gtls_proc_x509_server_certificate (session, data, data_size);	783	return mhd_gtls_proc_x509_server_certificate (session, data, data_size);
1160	default:	784	default:
@@ -1262,13 +886,6 @@ mhd_gtls_proc_cert_cert_req (mhd_gtls_session_t session, opaque * data,
1262	size = mhd_gtls_read_uint16 (p);	886	size = mhd_gtls_read_uint16 (p);
1263	p += 2;	887	p += 2;
1264		888
1265	if (session->security_parameters.cert_type == MHD_GNUTLS_CRT_OPENPGP
1266	&& size != 0)
1267	{
1268	gnutls_assert (); // size should be zero
1269	return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
1270	}
1271
1272	DECR_LEN (dsize, size);	889	DECR_LEN (dsize, size);
1273		890
1274	/* now we ask the user to tell which one	891	/* now we ask the user to tell which one
@@ -1578,85 +1195,6 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key)
1578	return local_key;	1195	return local_key;
1579	}	1196	}
1580		1197
1581	/* converts the given pgp certificate to gnutls_cert* and allocates
1582	* space for them.
1583	*/
1584	static gnutls_cert *
1585	alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
1586	{
1587	gnutls_cert *local_certs;
1588	int ret = 0;
1589
1590	if (cert == NULL)
1591	return NULL;
1592
1593	local_certs = gnutls_malloc (sizeof (gnutls_cert));
1594	if (local_certs == NULL)
1595	{
1596	gnutls_assert ();
1597	return NULL;
1598	}
1599
1600	if (_E_gnutls_openpgp_crt_to_gcert == NULL)
1601	{
1602	gnutls_assert ();
1603	return NULL;
1604	}
1605
1606	ret = _E_gnutls_openpgp_crt_to_gcert (local_certs, cert);
1607	if (ret < 0)
1608	{
1609	gnutls_assert ();
1610	return NULL;
1611	}
1612
1613	if (ret < 0)
1614	{
1615	gnutls_assert ();
1616	mhd_gtls_gcert_deinit (local_certs);
1617	gnutls_free (local_certs);
1618	return NULL;
1619	}
1620
1621	return local_certs;
1622	}
1623
1624	/* converts the given raw key to gnutls_privkey* and allocates
1625	* space for it.
1626	*/
1627	static gnutls_privkey *
1628	alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t key)
1629	{
1630	gnutls_privkey *local_key;
1631	int ret = 0;
1632
1633	if (key == NULL)
1634	return NULL;
1635
1636	local_key = gnutls_malloc (sizeof (gnutls_privkey));
1637	if (local_key == NULL)
1638	{
1639	gnutls_assert ();
1640	return NULL;
1641	}
1642
1643	if (_E_gnutls_openpgp_privkey_to_gkey == NULL)
1644	{
1645	gnutls_assert ();
1646	return NULL;
1647	}
1648
1649	ret = _E_gnutls_openpgp_privkey_to_gkey (local_key, key);
1650	if (ret < 0)
1651	{
1652	gnutls_assert ();
1653	return NULL;
1654	}
1655
1656	return local_key;
1657	}
1658
1659
1660	void	1198	void
1661	mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session)	1199	mhd_gtls_selected_certs_deinit (mhd_gtls_session_t session)
1662	{	1200	{