1 files changed, 0 insertions, 573 deletions
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c
index a2594332..1963ce08 100644
--- a/src/daemon/https/tls/gnutls_ui.c
+++ b/src/daemon/https/tls/gnutls_ui.c
@@ -27,7 +27,6 @@
 */
 #include <gnutls_int.h>
-#include <auth_anon.h>
 #include <auth_cert.h>
 #include <gnutls_errors.h>
 #include <gnutls_auth_int.h>
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits)
  session->internals.dh_prime_bits = bits;
 }
-/**
- * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication
- * @session: is a gnutls session
- * @raw_gen: will hold the generator.
- * @raw_prime: will hold the prime.
- *
- * This function will return the group parameters used in the last Diffie Hellman
- * authentication with the peer. These are the prime and the generator used.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
-                          MHD_gnutls_datum_t * raw_gen,
-                          MHD_gnutls_datum_t * raw_prime)
-{
-  MHD_gtls_dh_info_st *dh;
-  int ret;
-  mhd_anon_auth_info_t anon_info;
-  cert_auth_info_t cert_info;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      anon_info = MHD_gtls_get_auth_info (session);
-      if (anon_info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      dh = &anon_info->dh;
-      break;
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      cert_info = MHD_gtls_get_auth_info (session);
-      if (cert_info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      dh = &cert_info->dh;
-      break;
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      return ret;
-    }
-  ret =
-    MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
-  if (ret < 0)
-    {
-      MHD_gnutls_assert ();
-      MHD__gnutls_free_datum (raw_prime);
-      return ret;
-    }
-  return 0;
-}
-/**
- * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication
- * @session: is a gnutls session
- * @raw_key: will hold the public key.
- *
- * This function will return the peer's public key used in the last Diffie Hellman authentication.
- * This function should be used for both anonymous and ephemeral diffie Hellman.
- * The output parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
-                           MHD_gnutls_datum_t * raw_key)
-{
-  MHD_gtls_dh_info_st *dh;
-  mhd_anon_auth_info_t anon_info;
-  cert_auth_info_t cert_info;
-  cert_auth_info_t psk_info;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        anon_info = MHD_gtls_get_auth_info (session);
-        if (anon_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &anon_info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_PSK:
-      {
-        psk_info = MHD_gtls_get_auth_info (session);
-        if (psk_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &psk_info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_info = MHD_gtls_get_auth_info (session);
-        if (cert_info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &cert_info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return MHD__gnutls_set_datum (raw_key, dh->public_key.data,
-                                dh->public_key.size);
-}
-/**
- * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication
- * @session: is a gnutls session
- * @exponent: will hold the exponent.
- * @modulus: will hold the modulus.
- *
- * This function will return the peer's public key exponent and
- * modulus used in the last RSA-EXPORT authentication.  The output
- * parameters must be freed with MHD_gnutls_free().
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
-                                MHD_gnutls_datum_t * exponent,
-                                MHD_gnutls_datum_t * modulus)
-{
-  cert_auth_info_t info;
-  int ret;
-  if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE)
-    {
-      info = MHD_gtls_get_auth_info (session);
-      if (info == NULL)
-        return GNUTLS_E_INTERNAL_ERROR;
-      ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data,
-                                   info->rsa_export.modulus.size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          return ret;
-        }
-      ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data,
-                                   info->rsa_export.exponent.size);
-      if (ret < 0)
-        {
-          MHD_gnutls_assert ();
-          MHD__gnutls_free_datum (modulus);
-          return ret;
-        }
-      return 0;
-    }
-  return GNUTLS_E_INVALID_REQUEST;
-}
-/**
- * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session)
-{
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        return info->dh.secret_bits;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        return info->dh.secret_bits;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-}
-/**
- * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits of the prime used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return (dh->prime.size) * 8;
-}
-/**
- * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last RSA-EXPORT key exchange
- * with the peer.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-  return info->rsa_export.modulus.size * 8;
-}
-/**
- * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
- * @session: is a gnutls session
- *
- * This function will return the bits used in the last Diffie Hellman authentication
- * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session)
-{
-  MHD_gtls_dh_info_st *dh;
-  switch (MHD_gtls_auth_get_type (session))
-    {
-    case MHD_GNUTLS_CRD_ANON:
-      {
-        mhd_anon_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    case MHD_GNUTLS_CRD_CERTIFICATE:
-      {
-        cert_auth_info_t info;
-        info = MHD_gtls_get_auth_info (session);
-        if (info == NULL)
-          return GNUTLS_E_INTERNAL_ERROR;
-        dh = &info->dh;
-        break;
-      }
-    default:
-      MHD_gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return dh->public_key.size * 8;
-}
-/* CERTIFICATE STUFF */
-/**
- * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
- * @session: is a gnutls session
- *
- * This function will return the certificate as sent to the peer,
- * in the last handshake. These certificates are in raw format.
- * In X.509 this is a certificate list. In OpenPGP this is a single
- * certificate.
- * Returns NULL in case of an error, or if no certificate was used.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_ours (MHD_gtls_session_t session)
-{
-  MHD_gtls_cert_credentials_t cred;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  cred
-    = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
-                                                       MHD_GNUTLS_CRD_CERTIFICATE,
-                                                       NULL);
-  if (cred == NULL || cred->cert_list == NULL)
-    {
-      MHD_gnutls_assert ();
-      return NULL;
-    }
-  if (session->internals.selected_cert_list == NULL)
-    return NULL;
-  return &session->internals.selected_cert_list[0].raw;
-}
-/**
- * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate
- * @session: is a gnutls session
- * @list_size: is the length of the certificate list
- *
- * This function will return the peer's raw certificate (chain) as
- * sent by the peer. These certificates are in raw format (DER encoded
- * for X.509). In case of a X.509 then a certificate list may be present.
- * The first certificate in the list is the peer's certificate,
- * following the issuer's certificate, then the issuer's issuer etc.
- *
- * In case of OpenPGP keys a single key will be returned
- * in raw format.
- *
- * Returns NULL in case of an error, or if no certificate was sent.
- *
- **/
-const MHD_gnutls_datum_t *
-MHD_gtls_certificate_get_peers (MHD_gtls_session_t
-                                session, unsigned int *list_size)
-{
-  cert_auth_info_t info;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return NULL;
-  *list_size = info->ncerts;
-  return info->raw_certificate_list;
-}
-/**
- * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status
- * @session: is a gnutls session
- *
- * This function will return 0 if the peer (server) did not request client
- * authentication or 1 otherwise.
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session)
-{
-  cert_auth_info_t info;
-  CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0);
-  info = MHD_gtls_get_auth_info (session);
-  if (info == NULL)
-    return GNUTLS_E_INTERNAL_ERROR;
-  return info->certificate_requested;
-}
-/**
- * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data
- * @algo: is a digest algorithm
- * @data: is the data
- * @result: is the place where the result will be copied (may be null).
- * @result_size: should hold the size of the result. The actual size
- * of the returned result will also be copied there.
- *
- * This function will calculate a fingerprint (actually a hash), of the
- * given data. The result is not printable data. You should convert it
- * to hex, or to something else printable.
- *
- * This is the usual way to calculate a fingerprint of an X.509
- * DER encoded certificate. Note however that the fingerprint
- * of an OpenPGP is not just a hash and cannot be calculated with
- * this function.
- *
- * Returns a negative value in case of an error.
- *
- **/
-int
-MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
-                         const MHD_gnutls_datum_t * data,
-                         void *result, size_t * result_size)
-{
-  GNUTLS_HASH_HANDLE td;
-  int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo));
-  if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
-    {
-      *result_size = hash_len;
-      return GNUTLS_E_SHORT_MEMORY_BUFFER;
-    }
-  *result_size = hash_len;
-  if (result)
-    {
-      td = MHD_gtls_hash_init (HASH2MAC (algo));
-      if (td == NULL)
-        return GNUTLS_E_HASH_FAILED;
-      MHD_gnutls_hash (td, data->data, data->size);
-      MHD_gnutls_hash_deinit (td, result);
-    }
-  return 0;
-}
-/**
- * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @dh_params: is a structure that holds diffie hellman parameters.
- *
- * This function will set the diffie hellman parameters for a
- * certificate server to use. These parameters will be used in
- * Ephemeral Diffie Hellman cipher suites.  Note that only a pointer
- * to the parameters are stored in the certificate handle, so if you
- * deallocate the parameters before the certificate is deallocated,
- * you must change the parameters stored in the certificate first.
- *
- **/
-void
-MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
-                                       MHD_gtls_dh_params_t dh_params)
-{
-  res->dh_params = dh_params;
-}
-/**
- * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for certificate authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res,
-                                            MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}
-/**
- * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @flags: are the flags
- *
- * This function will set the flags to be used at verification of the
- * certificates.  Flags must be OR of the
- * #MHD_gnutls_certificate_verify_flags enumerations.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
-                                          res, unsigned int flags)
-{
-  res->verify_flags = flags;
-}
-/**
- * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification
- * @res: is a MHD_gnutls_certificate_credentials structure
- * @max_bits: is the number of bits of an acceptable certificate (default 8200)
- * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
- *
- * This function will set some upper limits for the default verification function,
- * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks.
- * You can set them to zero to disable limits.
- *
- **/
-void
-MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
-                                           res,
-                                           unsigned int max_bits,
-                                           unsigned int max_depth)
-{
-  res->verify_depth = max_depth;
-  res->verify_bits = max_bits;
-}
-/**
- * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use
- * @res: is a MHD_gtls_cert_credentials_t structure
- * @rsa_params: is a structure that holds temporary RSA parameters.
- *
- * This function will set the temporary RSA parameters for a certificate
- * server to use. These parameters will be used in RSA-EXPORT
- * cipher suites.
- *
- **/
-void
-MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
-                                               res,
-                                               MHD_gtls_rsa_params_t
-                                               rsa_params)
-{
-  res->rsa_params = rsa_params;
-}
-/**
- * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback
- * @res: is a MHD_gtls_anon_server_credentials_t structure
- * @func: is the function to be called
- *
- * This function will set a callback in order for the server to get the
- * diffie hellman or RSA parameters for anonymous authentication. The callback
- * should return zero on success.
- *
- **/
-void
-MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
-                                     MHD_gnutls_params_function * func)
-{
-  res->params_func = func;
-}

diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c index a2594332..1963ce08 100644 --- a/src/daemon/https/tls/gnutls_ui.c +++ b/src/daemon/https/tls/gnutls_ui.c
@@ -27,7 +27,6 @@
27	*/	27	*/
28		28
29	#include <gnutls_int.h>	29	#include <gnutls_int.h>
30	#include <auth_anon.h>
31	#include <auth_cert.h>	30	#include <auth_cert.h>
32	#include <gnutls_errors.h>	31	#include <gnutls_errors.h>
33	#include <gnutls_auth_int.h>	32	#include <gnutls_auth_int.h>
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits)
58	session->internals.dh_prime_bits = bits;	57	session->internals.dh_prime_bits = bits;
59	}	58	}
60		59
61	/**
62	* MHD__gnutls_dh_get_group - This function returns the group of the DH authentication
63	* @session: is a gnutls session
64	* @raw_gen: will hold the generator.
65	* @raw_prime: will hold the prime.
66	*
67	* This function will return the group parameters used in the last Diffie Hellman
68	* authentication with the peer. These are the prime and the generator used.
69	* This function should be used for both anonymous and ephemeral diffie Hellman.
70	* The output parameters must be freed with MHD_gnutls_free().
71	*
72	* Returns a negative value in case of an error.
73	*
74	**/
75	int
76	MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
77	MHD_gnutls_datum_t * raw_gen,
78	MHD_gnutls_datum_t * raw_prime)
79	{
80	MHD_gtls_dh_info_st *dh;
81	int ret;
82	mhd_anon_auth_info_t anon_info;
83	cert_auth_info_t cert_info;
84
85	switch (MHD_gtls_auth_get_type (session))
86	{
87	case MHD_GNUTLS_CRD_ANON:
88	anon_info = MHD_gtls_get_auth_info (session);
89	if (anon_info == NULL)
90	return GNUTLS_E_INTERNAL_ERROR;
91	dh = &anon_info->dh;
92	break;
93	case MHD_GNUTLS_CRD_CERTIFICATE:
94	cert_info = MHD_gtls_get_auth_info (session);
95	if (cert_info == NULL)
96	return GNUTLS_E_INTERNAL_ERROR;
97	dh = &cert_info->dh;
98	break;
99	default:
100	MHD_gnutls_assert ();
101	return GNUTLS_E_INVALID_REQUEST;
102	}
103
104	ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
105	if (ret < 0)
106	{
107	MHD_gnutls_assert ();
108	return ret;
109	}
110
111	ret =
112	MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
113	if (ret < 0)
114	{
115	MHD_gnutls_assert ();
116	MHD__gnutls_free_datum (raw_prime);
117	return ret;
118	}
119
120	return 0;
121	}
122
123	/**
124	* MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication
125	* @session: is a gnutls session
126	* @raw_key: will hold the public key.
127	*
128	* This function will return the peer's public key used in the last Diffie Hellman authentication.
129	* This function should be used for both anonymous and ephemeral diffie Hellman.
130	* The output parameters must be freed with MHD_gnutls_free().
131	*
132	* Returns a negative value in case of an error.
133	*
134	**/
135	int
136	MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
137	MHD_gnutls_datum_t * raw_key)
138	{
139	MHD_gtls_dh_info_st *dh;
140	mhd_anon_auth_info_t anon_info;
141	cert_auth_info_t cert_info;
142	cert_auth_info_t psk_info;
143
144	switch (MHD_gtls_auth_get_type (session))
145	{
146	case MHD_GNUTLS_CRD_ANON:
147	{
148	anon_info = MHD_gtls_get_auth_info (session);
149	if (anon_info == NULL)
150	return GNUTLS_E_INTERNAL_ERROR;
151	dh = &anon_info->dh;
152	break;
153	}
154	case MHD_GNUTLS_CRD_PSK:
155	{
156	psk_info = MHD_gtls_get_auth_info (session);
157	if (psk_info == NULL)
158	return GNUTLS_E_INTERNAL_ERROR;
159	dh = &psk_info->dh;
160	break;
161	}
162	case MHD_GNUTLS_CRD_CERTIFICATE:
163	{
164
165	cert_info = MHD_gtls_get_auth_info (session);
166	if (cert_info == NULL)
167	return GNUTLS_E_INTERNAL_ERROR;
168	dh = &cert_info->dh;
169	break;
170	}
171	default:
172	MHD_gnutls_assert ();
173	return GNUTLS_E_INVALID_REQUEST;
174	}
175
176	return MHD__gnutls_set_datum (raw_key, dh->public_key.data,
177	dh->public_key.size);
178	}
179
180	/**
181	* MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication
182	* @session: is a gnutls session
183	* @exponent: will hold the exponent.
184	* @modulus: will hold the modulus.
185	*
186	* This function will return the peer's public key exponent and
187	* modulus used in the last RSA-EXPORT authentication. The output
188	* parameters must be freed with MHD_gnutls_free().
189	*
190	* Returns a negative value in case of an error.
191	*
192	**/
193	int
194	MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
195	MHD_gnutls_datum_t * exponent,
196	MHD_gnutls_datum_t * modulus)
197	{
198	cert_auth_info_t info;
199	int ret;
200
201	if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE)
202	{
203	info = MHD_gtls_get_auth_info (session);
204	if (info == NULL)
205	return GNUTLS_E_INTERNAL_ERROR;
206
207	ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data,
208	info->rsa_export.modulus.size);
209	if (ret < 0)
210	{
211	MHD_gnutls_assert ();
212	return ret;
213	}
214
215	ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data,
216	info->rsa_export.exponent.size);
217	if (ret < 0)
218	{
219	MHD_gnutls_assert ();
220	MHD__gnutls_free_datum (modulus);
221	return ret;
222	}
223
224	return 0;
225	}
226
227	return GNUTLS_E_INVALID_REQUEST;
228	}
229
230	/**
231	* MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
232	* @session: is a gnutls session
233	*
234	* This function will return the bits used in the last Diffie Hellman authentication
235	* with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
236	* Returns a negative value in case of an error.
237	*
238	**/
239	int
240	MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session)
241	{
242	switch (MHD_gtls_auth_get_type (session))
243	{
244	case MHD_GNUTLS_CRD_ANON:
245	{
246	mhd_anon_auth_info_t info;
247
248	info = MHD_gtls_get_auth_info (session);
249	if (info == NULL)
250	return GNUTLS_E_INTERNAL_ERROR;
251	return info->dh.secret_bits;
252	}
253	case MHD_GNUTLS_CRD_CERTIFICATE:
254	{
255	cert_auth_info_t info;
256
257	info = MHD_gtls_get_auth_info (session);
258	if (info == NULL)
259	return GNUTLS_E_INTERNAL_ERROR;
260
261	return info->dh.secret_bits;
262	}
263	default:
264	MHD_gnutls_assert ();
265	return GNUTLS_E_INVALID_REQUEST;
266	}
267	}
268
269	/**
270	* MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
271	* @session: is a gnutls session
272	*
273	* This function will return the bits of the prime used in the last Diffie Hellman authentication
274	* with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
275	* Returns a negative value in case of an error.
276	*
277	**/
278	int
279	MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session)
280	{
281	MHD_gtls_dh_info_st *dh;
282
283	switch (MHD_gtls_auth_get_type (session))
284	{
285	case MHD_GNUTLS_CRD_ANON:
286	{
287	mhd_anon_auth_info_t info;
288
289	info = MHD_gtls_get_auth_info (session);
290	if (info == NULL)
291	return GNUTLS_E_INTERNAL_ERROR;
292	dh = &info->dh;
293	break;
294	}
295	case MHD_GNUTLS_CRD_CERTIFICATE:
296	{
297	cert_auth_info_t info;
298
299	info = MHD_gtls_get_auth_info (session);
300	if (info == NULL)
301	return GNUTLS_E_INTERNAL_ERROR;
302
303	dh = &info->dh;
304	break;
305	}
306	default:
307	MHD_gnutls_assert ();
308	return GNUTLS_E_INVALID_REQUEST;
309	}
310
311	return (dh->prime.size) * 8;
312
313	}
314
315	/**
316	* MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange
317	* @session: is a gnutls session
318	*
319	* This function will return the bits used in the last RSA-EXPORT key exchange
320	* with the peer.
321	* Returns a negative value in case of an error.
322	*
323	**/
324	int
325	MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session)
326	{
327	cert_auth_info_t info;
328
329	info = MHD_gtls_get_auth_info (session);
330	if (info == NULL)
331	return GNUTLS_E_INTERNAL_ERROR;
332
333	return info->rsa_export.modulus.size * 8;
334	}
335
336	/**
337	* MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
338	* @session: is a gnutls session
339	*
340	* This function will return the bits used in the last Diffie Hellman authentication
341	* with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
342	* Returns a negative value in case of an error.
343	*
344	**/
345	int
346	MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session)
347	{
348	MHD_gtls_dh_info_st *dh;
349
350	switch (MHD_gtls_auth_get_type (session))
351	{
352	case MHD_GNUTLS_CRD_ANON:
353	{
354	mhd_anon_auth_info_t info;
355
356	info = MHD_gtls_get_auth_info (session);
357	if (info == NULL)
358	return GNUTLS_E_INTERNAL_ERROR;
359
360	dh = &info->dh;
361	break;
362	}
363	case MHD_GNUTLS_CRD_CERTIFICATE:
364	{
365	cert_auth_info_t info;
366
367	info = MHD_gtls_get_auth_info (session);
368	if (info == NULL)
369	return GNUTLS_E_INTERNAL_ERROR;
370
371	dh = &info->dh;
372	break;
373	}
374	default:
375	MHD_gnutls_assert ();
376	return GNUTLS_E_INVALID_REQUEST;
377	}
378
379	return dh->public_key.size * 8;
380
381	}
382
383	/* CERTIFICATE STUFF */
384
385	/**
386	* MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
387	* @session: is a gnutls session
388	*
389	* This function will return the certificate as sent to the peer,
390	* in the last handshake. These certificates are in raw format.
391	* In X.509 this is a certificate list. In OpenPGP this is a single
392	* certificate.
393	* Returns NULL in case of an error, or if no certificate was used.
394	*
395	**/
396	const MHD_gnutls_datum_t *
397	MHD_gtls_certificate_get_ours (MHD_gtls_session_t session)
398	{
399	MHD_gtls_cert_credentials_t cred;
400
401	CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
402
403	cred
404	= (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
405	MHD_GNUTLS_CRD_CERTIFICATE,
406	NULL);
407	if (cred == NULL \|\| cred->cert_list == NULL)
408	{
409	MHD_gnutls_assert ();
410	return NULL;
411	}
412
413	if (session->internals.selected_cert_list == NULL)
414	return NULL;
415
416	return &session->internals.selected_cert_list[0].raw;
417	}
418
419	/**
420	* MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate
421	* @session: is a gnutls session
422	* @list_size: is the length of the certificate list
423	*
424	* This function will return the peer's raw certificate (chain) as
425	* sent by the peer. These certificates are in raw format (DER encoded
426	* for X.509). In case of a X.509 then a certificate list may be present.
427	* The first certificate in the list is the peer's certificate,
428	* following the issuer's certificate, then the issuer's issuer etc.
429	*
430	* In case of OpenPGP keys a single key will be returned
431	* in raw format.
432	*
433	* Returns NULL in case of an error, or if no certificate was sent.
434	*
435	**/
436	const MHD_gnutls_datum_t *
437	MHD_gtls_certificate_get_peers (MHD_gtls_session_t
438	session, unsigned int *list_size)
439	{
440	cert_auth_info_t info;
441
442	CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
443
444	info = MHD_gtls_get_auth_info (session);
445	if (info == NULL)
446	return NULL;
447
448	*list_size = info->ncerts;
449	return info->raw_certificate_list;
450	}
451
452	/**
453	* MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status
454	* @session: is a gnutls session
455	*
456	* This function will return 0 if the peer (server) did not request client
457	* authentication or 1 otherwise.
458	* Returns a negative value in case of an error.
459	*
460	**/
461	int
462	MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session)
463	{
464	cert_auth_info_t info;
465
466	CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0);
467
468	info = MHD_gtls_get_auth_info (session);
469	if (info == NULL)
470	return GNUTLS_E_INTERNAL_ERROR;
471	return info->certificate_requested;
472	}
473
474	/**
475	* MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data
476	* @algo: is a digest algorithm
477	* @data: is the data
478	* @result: is the place where the result will be copied (may be null).
479	* @result_size: should hold the size of the result. The actual size
480	* of the returned result will also be copied there.
481	*
482	* This function will calculate a fingerprint (actually a hash), of the
483	* given data. The result is not printable data. You should convert it
484	* to hex, or to something else printable.
485	*
486	* This is the usual way to calculate a fingerprint of an X.509
487	* DER encoded certificate. Note however that the fingerprint
488	* of an OpenPGP is not just a hash and cannot be calculated with
489	* this function.
490	*
491	* Returns a negative value in case of an error.
492	*
493	**/
494	int
495	MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
496	const MHD_gnutls_datum_t * data,
497	void result, size_t result_size)
498	{
499	GNUTLS_HASH_HANDLE td;
500	int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo));
501
502	if (hash_len < 0 \|\| (unsigned) hash_len > *result_size \|\| result == NULL)
503	{
504	*result_size = hash_len;
505	return GNUTLS_E_SHORT_MEMORY_BUFFER;
506	}
507	*result_size = hash_len;
508
509	if (result)
510	{
511	td = MHD_gtls_hash_init (HASH2MAC (algo));
512	if (td == NULL)
513	return GNUTLS_E_HASH_FAILED;
514
515	MHD_gnutls_hash (td, data->data, data->size);
516
517	MHD_gnutls_hash_deinit (td, result);
518	}
519
520	return 0;
521	}
522
523	/**
524	* MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use
525	* @res: is a MHD_gtls_cert_credentials_t structure
526	* @dh_params: is a structure that holds diffie hellman parameters.
527	*
528	* This function will set the diffie hellman parameters for a
529	* certificate server to use. These parameters will be used in
530	* Ephemeral Diffie Hellman cipher suites. Note that only a pointer
531	* to the parameters are stored in the certificate handle, so if you
532	* deallocate the parameters before the certificate is deallocated,
533	* you must change the parameters stored in the certificate first.
534	*
535	**/
536	void
537	MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
538	MHD_gtls_dh_params_t dh_params)
539	{
540	res->dh_params = dh_params;
541	}
542
543	/**
544	* MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
545	* @res: is a MHD_gtls_cert_credentials_t structure
546	* @func: is the function to be called
547	*
548	* This function will set a callback in order for the server to get the
549	* diffie hellman or RSA parameters for certificate authentication. The callback
550	* should return zero on success.
551	*
552	**/
553	void
554	MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res,
555	MHD_gnutls_params_function * func)
556	{
557	res->params_func = func;
558	}
559
560	/**
561	* MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
562	* @res: is a MHD_gtls_cert_credentials_t structure
563	* @flags: are the flags
564	*
565	* This function will set the flags to be used at verification of the
566	* certificates. Flags must be OR of the
567	* #MHD_gnutls_certificate_verify_flags enumerations.
568	*
569	**/
570	void
571	MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
572	res, unsigned int flags)
573	{
574	res->verify_flags = flags;
575	}
576
577	/**
578	* MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification
579	* @res: is a MHD_gnutls_certificate_credentials structure
580	* @max_bits: is the number of bits of an acceptable certificate (default 8200)
581	* @max_depth: is maximum depth of the verification of a certificate chain (default 5)
582	*
583	* This function will set some upper limits for the default verification function,
584	* MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks.
585	* You can set them to zero to disable limits.
586	*
587	**/
588	void
589	MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
590	res,
591	unsigned int max_bits,
592	unsigned int max_depth)
593	{
594	res->verify_depth = max_depth;
595	res->verify_bits = max_bits;
596	}
597
598	/**
599	* MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use
600	* @res: is a MHD_gtls_cert_credentials_t structure
601	* @rsa_params: is a structure that holds temporary RSA parameters.
602	*
603	* This function will set the temporary RSA parameters for a certificate
604	* server to use. These parameters will be used in RSA-EXPORT
605	* cipher suites.
606	*
607	**/
608	void
609	MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
610	res,
611	MHD_gtls_rsa_params_t
612	rsa_params)
613	{
614	res->rsa_params = rsa_params;
615	}
616
617	/**
618	* MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback
619	* @res: is a MHD_gtls_anon_server_credentials_t structure
620	* @func: is the function to be called
621	*
622	* This function will set a callback in order for the server to get the
623	* diffie hellman or RSA parameters for anonymous authentication. The callback
624	* should return zero on success.
625	*
626	**/
627	void
628	MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
629	MHD_gnutls_params_function * func)
630	{
631	res->params_func = func;
632	}