diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 232 |
1 files changed, 0 insertions, 232 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index a326ac01..3ec47e94 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -50,7 +50,6 @@ | |||
50 | #include "x509.h" | 50 | #include "x509.h" |
51 | #include "verify.h" | 51 | #include "verify.h" |
52 | #include "mpi.h" | 52 | #include "mpi.h" |
53 | #include "pkcs7.h" | ||
54 | #include "privkey.h" | 53 | #include "privkey.h" |
55 | 54 | ||
56 | 55 | ||
@@ -536,15 +535,6 @@ MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | |||
536 | } | 535 | } |
537 | 536 | ||
538 | ret = MHD_gnutls_x509_privkey_import (tmpkey, raw_key, type); | 537 | ret = MHD_gnutls_x509_privkey_import (tmpkey, raw_key, type); |
539 | |||
540 | #ifdef ENABLE_PKI | ||
541 | /* If normal key decoding doesn't work try decoding a plain PKCS #8 key */ | ||
542 | if (ret < 0) | ||
543 | ret = | ||
544 | MHD_gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL, | ||
545 | GNUTLS_PKCS_PLAIN); | ||
546 | #endif | ||
547 | |||
548 | if (ret < 0) | 538 | if (ret < 0) |
549 | { | 539 | { |
550 | MHD_gnutls_assert (); | 540 | MHD_gnutls_assert (); |
@@ -972,225 +962,3 @@ MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t | |||
972 | return ret; | 962 | return ret; |
973 | } | 963 | } |
974 | 964 | ||
975 | #ifdef ENABLE_PKI | ||
976 | |||
977 | static int | ||
978 | parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | ||
979 | const opaque * input_crl, int input_crl_size) | ||
980 | { | ||
981 | int size, i; | ||
982 | const opaque *ptr; | ||
983 | MHD_gnutls_datum_t tmp; | ||
984 | int ret, count; | ||
985 | |||
986 | /* move to the certificate | ||
987 | */ | ||
988 | ptr = memmem (input_crl, input_crl_size, | ||
989 | PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); | ||
990 | if (ptr == NULL) | ||
991 | { | ||
992 | MHD_gnutls_assert (); | ||
993 | return GNUTLS_E_BASE64_DECODING_ERROR; | ||
994 | } | ||
995 | |||
996 | size = input_crl_size - (ptr - input_crl); | ||
997 | |||
998 | i = *ncrls + 1; | ||
999 | count = 0; | ||
1000 | |||
1001 | do | ||
1002 | { | ||
1003 | |||
1004 | *crl_list = | ||
1005 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, | ||
1006 | i * | ||
1007 | sizeof | ||
1008 | (MHD_gnutls_x509_crl_t)); | ||
1009 | |||
1010 | if (*crl_list == NULL) | ||
1011 | { | ||
1012 | MHD_gnutls_assert (); | ||
1013 | return GNUTLS_E_MEMORY_ERROR; | ||
1014 | } | ||
1015 | |||
1016 | ret = MHD_gnutls_x509_crl_init (&crl_list[0][i - 1]); | ||
1017 | if (ret < 0) | ||
1018 | { | ||
1019 | MHD_gnutls_assert (); | ||
1020 | return ret; | ||
1021 | } | ||
1022 | |||
1023 | tmp.data = (unsigned char *) ptr; | ||
1024 | tmp.size = size; | ||
1025 | |||
1026 | ret = | ||
1027 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], | ||
1028 | &tmp, GNUTLS_X509_FMT_PEM); | ||
1029 | if (ret < 0) | ||
1030 | { | ||
1031 | MHD_gnutls_assert (); | ||
1032 | return ret; | ||
1033 | } | ||
1034 | |||
1035 | /* now we move ptr after the pem header | ||
1036 | */ | ||
1037 | ptr++; | ||
1038 | /* find the next certificate (if any) | ||
1039 | */ | ||
1040 | |||
1041 | size = input_crl_size - (ptr - input_crl); | ||
1042 | |||
1043 | if (size > 0) | ||
1044 | ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); | ||
1045 | else | ||
1046 | ptr = NULL; | ||
1047 | i++; | ||
1048 | count++; | ||
1049 | |||
1050 | } | ||
1051 | while (ptr != NULL); | ||
1052 | |||
1053 | *ncrls = i - 1; | ||
1054 | |||
1055 | return count; | ||
1056 | } | ||
1057 | |||
1058 | /* Reads a DER encoded certificate list from memory and stores it to | ||
1059 | * a MHD_gnutls_cert structure. | ||
1060 | * returns the number of certificates parsed. | ||
1061 | */ | ||
1062 | static int | ||
1063 | parse_der_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | ||
1064 | const void *input_crl, int input_crl_size) | ||
1065 | { | ||
1066 | int i; | ||
1067 | MHD_gnutls_datum_t tmp; | ||
1068 | int ret; | ||
1069 | |||
1070 | i = *ncrls + 1; | ||
1071 | |||
1072 | *crl_list = | ||
1073 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, | ||
1074 | i * | ||
1075 | sizeof | ||
1076 | (MHD_gnutls_x509_crl_t)); | ||
1077 | |||
1078 | if (*crl_list == NULL) | ||
1079 | { | ||
1080 | MHD_gnutls_assert (); | ||
1081 | return GNUTLS_E_MEMORY_ERROR; | ||
1082 | } | ||
1083 | |||
1084 | tmp.data = (opaque *) input_crl; | ||
1085 | tmp.size = input_crl_size; | ||
1086 | |||
1087 | ret = MHD_gnutls_x509_crl_init (&crl_list[0][i - 1]); | ||
1088 | if (ret < 0) | ||
1089 | { | ||
1090 | MHD_gnutls_assert (); | ||
1091 | return ret; | ||
1092 | } | ||
1093 | |||
1094 | ret = | ||
1095 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], &tmp, | ||
1096 | GNUTLS_X509_FMT_DER); | ||
1097 | if (ret < 0) | ||
1098 | { | ||
1099 | MHD_gnutls_assert (); | ||
1100 | return ret; | ||
1101 | } | ||
1102 | |||
1103 | *ncrls = i; | ||
1104 | |||
1105 | return 1; /* one certificate parsed */ | ||
1106 | } | ||
1107 | |||
1108 | |||
1109 | /* Reads a DER or PEM CRL from memory | ||
1110 | */ | ||
1111 | static int | ||
1112 | read_crl_mem (MHD_gtls_cert_credentials_t res, const void *crl, | ||
1113 | int crl_size, MHD_gnutls_x509_crt_fmt_t type) | ||
1114 | { | ||
1115 | int ret; | ||
1116 | |||
1117 | /* allocate space for the certificate to add | ||
1118 | */ | ||
1119 | res->x509_crl_list = MHD_gtls_realloc_fast (res->x509_crl_list, | ||
1120 | (1 + | ||
1121 | res->x509_ncrls) * | ||
1122 | sizeof (MHD_gnutls_x509_crl_t)); | ||
1123 | if (res->x509_crl_list == NULL) | ||
1124 | { | ||
1125 | MHD_gnutls_assert (); | ||
1126 | return GNUTLS_E_MEMORY_ERROR; | ||
1127 | } | ||
1128 | |||
1129 | if (type == GNUTLS_X509_FMT_DER) | ||
1130 | ret = parse_der_crl_mem (&res->x509_crl_list, | ||
1131 | &res->x509_ncrls, crl, crl_size); | ||
1132 | else | ||
1133 | ret = parse_pem_crl_mem (&res->x509_crl_list, | ||
1134 | &res->x509_ncrls, crl, crl_size); | ||
1135 | |||
1136 | if (ret < 0) | ||
1137 | { | ||
1138 | MHD_gnutls_assert (); | ||
1139 | return ret; | ||
1140 | } | ||
1141 | |||
1142 | return ret; | ||
1143 | } | ||
1144 | |||
1145 | /** | ||
1146 | * MHD__gnutls_certificate_set_x509_crl_mem - Used to add CRLs in a MHD_gtls_cert_credentials_t structure | ||
1147 | * @res: is an #MHD_gtls_cert_credentials_t structure. | ||
1148 | * @CRL: is a list of trusted CRLs. They should have been verified before. | ||
1149 | * @type: is DER or PEM | ||
1150 | * | ||
1151 | * This function adds the trusted CRLs in order to verify client or | ||
1152 | * server certificates. In case of a client this is not required to | ||
1153 | * be called if the certificates are not verified using | ||
1154 | * MHD_gtls_certificate_verify_peers2(). This function may be called | ||
1155 | * multiple times. | ||
1156 | * | ||
1157 | * Returns: number of CRLs processed, or a negative value on error. | ||
1158 | **/ | ||
1159 | int | ||
1160 | MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t | ||
1161 | res, const MHD_gnutls_datum_t * CRL, | ||
1162 | MHD_gnutls_x509_crt_fmt_t type) | ||
1163 | { | ||
1164 | int ret; | ||
1165 | |||
1166 | if ((ret = read_crl_mem (res, CRL->data, CRL->size, type)) < 0) | ||
1167 | return ret; | ||
1168 | |||
1169 | return ret; | ||
1170 | } | ||
1171 | |||
1172 | /** | ||
1173 | * MHD__gnutls_certificate_free_crls - Used to free all the CRLs from a MHD_gtls_cert_credentials_t structure | ||
1174 | * @sc: is an #MHD_gtls_cert_credentials_t structure. | ||
1175 | * | ||
1176 | * This function will delete all the CRLs associated | ||
1177 | * with the given credentials. | ||
1178 | * | ||
1179 | **/ | ||
1180 | void | ||
1181 | MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc) | ||
1182 | { | ||
1183 | unsigned j; | ||
1184 | |||
1185 | for (j = 0; j < sc->x509_ncrls; j++) | ||
1186 | { | ||
1187 | MHD_gnutls_x509_crl_deinit (sc->x509_crl_list[j]); | ||
1188 | } | ||
1189 | |||
1190 | sc->x509_ncrls = 0; | ||
1191 | |||
1192 | MHD_gnutls_free (sc->x509_crl_list); | ||
1193 | sc->x509_crl_list = NULL; | ||
1194 | } | ||
1195 | |||
1196 | #endif | ||