1 files changed, 0 insertions, 317 deletions
diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c
deleted file mode 100644
index 5e323be2..00000000
--- a/src/daemon/https/x509/crl_write.c
+++ /dev/null
@@ -1,317 +0,0 @@
-/*
- * Copyright (C) 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavrogiannopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-/* This file contains functions to handle CRL generation.
- */
-#include <gnutls_int.h>
-#ifdef ENABLE_PKI
-#include <gnutls_datum.h>
-#include <gnutls_global.h>
-#include <gnutls_errors.h>
-#include <common.h>
-#include <gnutls_x509.h>
-#include <x509_b64.h>
-#include <crq.h>
-#include <dn.h>
-#include <mpi.h>
-#include <sign.h>
-#include <extensions.h>
-#include <libtasn1.h>
-static void disable_optional_stuff (gnutls_x509_crl_t crl);
-/**
-  * gnutls_x509_crl_set_version - This function will set the CRL version
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @version: holds the version number. For CRLv1 crls must be 1.
-  *
-  * This function will set the version of the CRL. This
-  * must be one for CRL version 1, and so on. The CRLs generated
-  * by gnutls should have a version number of 2.
-  *
-  * Returns 0 on success.
-  *
-  **/
-int
-gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
-{
-  int result;
-  char null = version;
-  if (crl == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  null -= 1;
-  if (null < 0)
-    null = 0;
-  result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return mhd_gtls_asn2err (result);
-    }
-  return 0;
-}
-/**
-  * gnutls_x509_crl_sign2 - This function will sign a CRL with a key
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @issuer: is the certificate of the certificate issuer
-  * @issuer_key: holds the issuer's private key
-  * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
-  * @flags: must be 0
-  *
-  * This function will sign the CRL with the issuer's private key, and
-  * will copy the issuer's information into the CRL.
-  *
-  * This must be the last step in a certificate CRL since all
-  * the previously set parameters are now signed.
-  *
-  * Returns 0 on success.
-  *
-  **/
-int
-gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
-                       gnutls_x509_privkey_t issuer_key,
-                       enum MHD_GNUTLS_HashAlgorithm dig, unsigned int flags)
-{
-  int result;
-  if (crl == NULL || issuer == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  /* disable all the unneeded OPTIONAL fields.
-   */
-  disable_optional_stuff (crl);
-  result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList",
-                                   dig, issuer, issuer_key);
-  if (result < 0)
-    {
-      gnutls_assert ();
-      return result;
-    }
-  return 0;
-}
-/**
-  * gnutls_x509_crl_sign - This function will sign a CRL with a key
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @issuer: is the certificate of the certificate issuer
-  * @issuer_key: holds the issuer's private key
-  *
-  * This function is the same a gnutls_x509_crl_sign2() with no flags, and
-  * SHA1 as the hash algorithm.
-  *
-  * Returns 0 on success.
-  *
-  **/
-int
-gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
-                      gnutls_x509_privkey_t issuer_key)
-{
-  return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, MHD_GNUTLS_MAC_SHA1,
-                                0);
-}
-/**
-  * gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @act_time: The actual time
-  *
-  * This function will set the time this CRL was issued.
-  *
-  * Returns 0 on success, or a negative value in case of an error.
-  *
-  **/
-int
-gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
-{
-  if (crl == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time);
-}
-/**
-  * gnutls_x509_crl_set_next_update - This function will set the CRL next update time
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @exp_time: The actual time
-  *
-  * This function will set the time this CRL will be updated.
-  *
-  * Returns 0 on success, or a negative value in case of an error.
-  *
-  **/
-int
-gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
-{
-  if (crl == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  return _gnutls_x509_set_time (crl->crl, "tbsCertList.nextUpdate", exp_time);
-}
-/**
-  * gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @serial: The revoked certificate's serial number
-  * @serial_size: Holds the size of the serial field.
-  * @revocation_time: The time this certificate was revoked
-  *
-  * This function will set a revoked certificate's serial number to the CRL.
-  *
-  * Returns 0 on success, or a negative value in case of an error.
-  *
-  **/
-int
-gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
-                                const void *serial, size_t serial_size,
-                                time_t revocation_time)
-{
-  int ret;
-  if (crl == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  ret =
-    asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
-  if (ret != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return mhd_gtls_asn2err (ret);
-    }
-  ret =
-    asn1_write_value (crl->crl,
-                      "tbsCertList.revokedCertificates.?LAST.userCertificate",
-                      serial, serial_size);
-  if (ret != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return mhd_gtls_asn2err (ret);
-    }
-  ret =
-    _gnutls_x509_set_time (crl->crl,
-                           "tbsCertList.revokedCertificates.?LAST.revocationDate",
-                           revocation_time);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  ret =
-    asn1_write_value (crl->crl,
-                      "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
-                      NULL, 0);
-  if (ret != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return mhd_gtls_asn2err (ret);
-    }
-  return 0;
-}
-/**
-  * gnutls_x509_crl_set_crt - This function will set a revoked certificate's serial number
-  * @crl: should contain a gnutls_x509_crl_t structure
-  * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate
-  * @revocation_time: The time this certificate was revoked
-  *
-  * This function will set a revoked certificate's serial number to the CRL.
-  *
-  * Returns 0 on success, or a negative value in case of an error.
-  *
-  **/
-int
-gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
-                         time_t revocation_time)
-{
-  int ret;
-  opaque serial[128];
-  size_t serial_size;
-  if (crl == NULL || crt == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-  serial_size = sizeof (serial);
-  ret = gnutls_x509_crt_get_serial (crt, serial, &serial_size);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-  ret =
-    gnutls_x509_crl_set_crt_serial (crl, serial, serial_size,
-                                    revocation_time);
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return mhd_gtls_asn2err (ret);
-    }
-  return 0;
-}
-/* If OPTIONAL fields have not been initialized then
- * disable them.
- */
-static void
-disable_optional_stuff (gnutls_x509_crl_t crl)
-{
-  asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0);
-  return;
-}
-#endif /* ENABLE_PKI */

diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c deleted file mode 100644 index 5e323be2..00000000 --- a/src/daemon/https/x509/crl_write.c +++ /dev/null
@@ -1,317 +0,0 @@
1	/*
2	* Copyright (C) 2003, 2004, 2005 Free Software Foundation
3	*
4	* Author: Nikos Mavrogiannopoulos
5	*
6	* This file is part of GNUTLS.
7	*
8	* The GNUTLS library is free software; you can redistribute it and/or
9	* modify it under the terms of the GNU Lesser General Public License
10	* as published by the Free Software Foundation; either version 2.1 of
11	* the License, or (at your option) any later version.
12	*
13	* This library is distributed in the hope that it will be useful, but
14	* WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16	* Lesser General Public License for more details.
17	*
18	* You should have received a copy of the GNU Lesser General Public
19	* License along with this library; if not, write to the Free Software
20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21	* USA
22	*
23	*/
24
25	/* This file contains functions to handle CRL generation.
26	*/
27
28	#include <gnutls_int.h>
29
30	#ifdef ENABLE_PKI
31
32	#include <gnutls_datum.h>
33	#include <gnutls_global.h>
34	#include <gnutls_errors.h>
35	#include <common.h>
36	#include <gnutls_x509.h>
37	#include <x509_b64.h>
38	#include <crq.h>
39	#include <dn.h>
40	#include <mpi.h>
41	#include <sign.h>
42	#include <extensions.h>
43	#include <libtasn1.h>
44
45	static void disable_optional_stuff (gnutls_x509_crl_t crl);
46
47	/**
48	* gnutls_x509_crl_set_version - This function will set the CRL version
49	* @crl: should contain a gnutls_x509_crl_t structure
50	* @version: holds the version number. For CRLv1 crls must be 1.
51	*
52	* This function will set the version of the CRL. This
53	* must be one for CRL version 1, and so on. The CRLs generated
54	* by gnutls should have a version number of 2.
55	*
56	* Returns 0 on success.
57	*
58	**/
59	int
60	gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
61	{
62	int result;
63	char null = version;
64
65	if (crl == NULL)
66	{
67	gnutls_assert ();
68	return GNUTLS_E_INVALID_REQUEST;
69	}
70
71	null -= 1;
72	if (null < 0)
73	null = 0;
74
75	result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1);
76	if (result != ASN1_SUCCESS)
77	{
78	gnutls_assert ();
79	return mhd_gtls_asn2err (result);
80	}
81
82	return 0;
83	}
84
85	/**
86	* gnutls_x509_crl_sign2 - This function will sign a CRL with a key
87	* @crl: should contain a gnutls_x509_crl_t structure
88	* @issuer: is the certificate of the certificate issuer
89	* @issuer_key: holds the issuer's private key
90	* @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
91	* @flags: must be 0
92	*
93	* This function will sign the CRL with the issuer's private key, and
94	* will copy the issuer's information into the CRL.
95	*
96	* This must be the last step in a certificate CRL since all
97	* the previously set parameters are now signed.
98	*
99	* Returns 0 on success.
100	*
101	**/
102	int
103	gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
104	gnutls_x509_privkey_t issuer_key,
105	enum MHD_GNUTLS_HashAlgorithm dig, unsigned int flags)
106	{
107	int result;
108
109	if (crl == NULL \|\| issuer == NULL)
110	{
111	gnutls_assert ();
112	return GNUTLS_E_INVALID_REQUEST;
113	}
114
115	/* disable all the unneeded OPTIONAL fields.
116	*/
117	disable_optional_stuff (crl);
118
119	result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList",
120	dig, issuer, issuer_key);
121	if (result < 0)
122	{
123	gnutls_assert ();
124	return result;
125	}
126
127	return 0;
128	}
129
130	/**
131	* gnutls_x509_crl_sign - This function will sign a CRL with a key
132	* @crl: should contain a gnutls_x509_crl_t structure
133	* @issuer: is the certificate of the certificate issuer
134	* @issuer_key: holds the issuer's private key
135	*
136	* This function is the same a gnutls_x509_crl_sign2() with no flags, and
137	* SHA1 as the hash algorithm.
138	*
139	* Returns 0 on success.
140	*
141	**/
142	int
143	gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
144	gnutls_x509_privkey_t issuer_key)
145	{
146	return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, MHD_GNUTLS_MAC_SHA1,
147	0);
148	}
149
150	/**
151	* gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time
152	* @crl: should contain a gnutls_x509_crl_t structure
153	* @act_time: The actual time
154	*
155	* This function will set the time this CRL was issued.
156	*
157	* Returns 0 on success, or a negative value in case of an error.
158	*
159	**/
160	int
161	gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
162	{
163	if (crl == NULL)
164	{
165	gnutls_assert ();
166	return GNUTLS_E_INVALID_REQUEST;
167	}
168
169	return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time);
170	}
171
172	/**
173	* gnutls_x509_crl_set_next_update - This function will set the CRL next update time
174	* @crl: should contain a gnutls_x509_crl_t structure
175	* @exp_time: The actual time
176	*
177	* This function will set the time this CRL will be updated.
178	*
179	* Returns 0 on success, or a negative value in case of an error.
180	*
181	**/
182	int
183	gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
184	{
185	if (crl == NULL)
186	{
187	gnutls_assert ();
188	return GNUTLS_E_INVALID_REQUEST;
189	}
190	return _gnutls_x509_set_time (crl->crl, "tbsCertList.nextUpdate", exp_time);
191	}
192
193	/**
194	* gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number
195	* @crl: should contain a gnutls_x509_crl_t structure
196	* @serial: The revoked certificate's serial number
197	* @serial_size: Holds the size of the serial field.
198	* @revocation_time: The time this certificate was revoked
199	*
200	* This function will set a revoked certificate's serial number to the CRL.
201	*
202	* Returns 0 on success, or a negative value in case of an error.
203	*
204	**/
205	int
206	gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
207	const void *serial, size_t serial_size,
208	time_t revocation_time)
209	{
210	int ret;
211
212	if (crl == NULL)
213	{
214	gnutls_assert ();
215	return GNUTLS_E_INVALID_REQUEST;
216	}
217
218	ret =
219	asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
220	if (ret != ASN1_SUCCESS)
221	{
222	gnutls_assert ();
223	return mhd_gtls_asn2err (ret);
224	}
225
226	ret =
227	asn1_write_value (crl->crl,
228	"tbsCertList.revokedCertificates.?LAST.userCertificate",
229	serial, serial_size);
230	if (ret != ASN1_SUCCESS)
231	{
232	gnutls_assert ();
233	return mhd_gtls_asn2err (ret);
234	}
235
236	ret =
237	_gnutls_x509_set_time (crl->crl,
238	"tbsCertList.revokedCertificates.?LAST.revocationDate",
239	revocation_time);
240	if (ret < 0)
241	{
242	gnutls_assert ();
243	return ret;
244	}
245
246	ret =
247	asn1_write_value (crl->crl,
248	"tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
249	NULL, 0);
250	if (ret != ASN1_SUCCESS)
251	{
252	gnutls_assert ();
253	return mhd_gtls_asn2err (ret);
254	}
255
256	return 0;
257	}
258
259	/**
260	* gnutls_x509_crl_set_crt - This function will set a revoked certificate's serial number
261	* @crl: should contain a gnutls_x509_crl_t structure
262	* @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate
263	* @revocation_time: The time this certificate was revoked
264	*
265	* This function will set a revoked certificate's serial number to the CRL.
266	*
267	* Returns 0 on success, or a negative value in case of an error.
268	*
269	**/
270	int
271	gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
272	time_t revocation_time)
273	{
274	int ret;
275	opaque serial[128];
276	size_t serial_size;
277
278	if (crl == NULL \|\| crt == NULL)
279	{
280	gnutls_assert ();
281	return GNUTLS_E_INVALID_REQUEST;
282	}
283
284	serial_size = sizeof (serial);
285	ret = gnutls_x509_crt_get_serial (crt, serial, &serial_size);
286	if (ret < 0)
287	{
288	gnutls_assert ();
289	return ret;
290	}
291
292	ret =
293	gnutls_x509_crl_set_crt_serial (crl, serial, serial_size,
294	revocation_time);
295	if (ret < 0)
296	{
297	gnutls_assert ();
298	return mhd_gtls_asn2err (ret);
299	}
300
301	return 0;
302	}
303
304
305	/* If OPTIONAL fields have not been initialized then
306	* disable them.
307	*/
308	static void
309	disable_optional_stuff (gnutls_x509_crl_t crl)
310	{
311
312	asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0);
313
314	return;
315	}
316
317	#endif /* ENABLE_PKI */