aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/x509')
-rw-r--r--src/daemon/https/x509/common.c12
-rw-r--r--src/daemon/https/x509/common.h59
-rw-r--r--src/daemon/https/x509/crl.c14
-rw-r--r--src/daemon/https/x509/crl_write.c4
-rw-r--r--src/daemon/https/x509/crq.c18
-rw-r--r--src/daemon/https/x509/dn.c27
-rw-r--r--src/daemon/https/x509/dn.h18
-rw-r--r--src/daemon/https/x509/dsa.c2
-rw-r--r--src/daemon/https/x509/extensions.c18
-rw-r--r--src/daemon/https/x509/extensions.h58
-rw-r--r--src/daemon/https/x509/mpi.c3
-rw-r--r--src/daemon/https/x509/mpi.h26
-rw-r--r--src/daemon/https/x509/pkcs12.h210
-rw-r--r--src/daemon/https/x509/pkcs12_bag.c16
-rw-r--r--src/daemon/https/x509/pkcs7.c16
-rw-r--r--src/daemon/https/x509/privkey.h4
-rw-r--r--src/daemon/https/x509/privkey_pkcs8.c2
-rw-r--r--src/daemon/https/x509/sign.c11
-rw-r--r--src/daemon/https/x509/sign.h18
-rw-r--r--src/daemon/https/x509/verify.h10
-rw-r--r--src/daemon/https/x509/x509.c26
-rw-r--r--src/daemon/https/x509/x509.h1283
-rw-r--r--src/daemon/https/x509/x509_privkey.c14
-rw-r--r--src/daemon/https/x509/x509_verify.c36
-rw-r--r--src/daemon/https/x509/x509_write.c16
25 files changed, 917 insertions, 1004 deletions
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c
index e8c21fe9..53ae4be8 100644
--- a/src/daemon/https/x509/common.c
+++ b/src/daemon/https/x509/common.c
@@ -440,7 +440,7 @@ _gnutls_x509_data2hex (const opaque * data,
440 return 0; 440 return 0;
441} 441}
442 442
443/* TIME functions 443/* TIME functions
444 * Convertions between generalized or UTC time to time_t 444 * Convertions between generalized or UTC time to time_t
445 * 445 *
446 */ 446 */
@@ -463,7 +463,7 @@ typedef struct fake_tm
463 * who placed it under public domain: 463 * who placed it under public domain:
464 */ 464 */
465 465
466/* The number of days in each month. 466/* The number of days in each month.
467 */ 467 */
468static const int MONTHDAYS[] = { 31, 468static const int MONTHDAYS[] = { 31,
469 28, 469 28,
@@ -498,12 +498,12 @@ mktime_utc (const struct fake_tm *tm)
498 /* We do allow some ill-formed dates, but we don't do anything special 498 /* We do allow some ill-formed dates, but we don't do anything special
499 * with them and our callers really shouldn't pass them to us. Do 499 * with them and our callers really shouldn't pass them to us. Do
500 * explicitly disallow the ones that would cause invalid array accesses 500 * explicitly disallow the ones that would cause invalid array accesses
501 * or other algorithm problems. 501 * or other algorithm problems.
502 */ 502 */
503 if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) 503 if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
504 return (time_t) - 1; 504 return (time_t) - 1;
505 505
506 /* Convert to a time_t. 506 /* Convert to a time_t.
507 */ 507 */
508 for (i = 1970; i < tm->tm_year; i++) 508 for (i = 1970; i < tm->tm_year; i++)
509 result += 365 + ISLEAP (i); 509 result += 365 + ISLEAP (i);
@@ -1319,7 +1319,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src,
1319 return algo; 1319 return algo;
1320 } 1320 }
1321 1321
1322 /* Now read the parameters' bits 1322 /* Now read the parameters' bits
1323 */ 1323 */
1324 mhd_gtls_str_cpy (name, sizeof (name), src_name); 1324 mhd_gtls_str_cpy (name, sizeof (name), src_name);
1325 mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); 1325 mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey");
@@ -1442,7 +1442,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src,
1442 signature->data = NULL; 1442 signature->data = NULL;
1443 signature->size = 0; 1443 signature->size = 0;
1444 1444
1445 /* Read the signature 1445 /* Read the signature
1446 */ 1446 */
1447 bits = 0; 1447 bits = 0;
1448 result = asn1_read_value (src, src_name, NULL, &bits); 1448 result = asn1_read_value (src, src_name, NULL, &bits);
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h
index 01b1bf30..0e91c96d 100644
--- a/src/daemon/https/x509/common.h
+++ b/src/daemon/https/x509/common.h
@@ -63,13 +63,13 @@ time_t _gnutls_x509_generalTime2gtime (const char *ttime);
63int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); 63int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
64 64
65int _gnutls_x509_decode_octet_string (const char *string_type, 65int _gnutls_x509_decode_octet_string (const char *string_type,
66 const opaque * der, size_t der_size, 66 const opaque * der, size_t der_size,
67 opaque * output, size_t * output_size); 67 opaque * output, size_t * output_size);
68int _gnutls_x509_oid_data2string (const char *OID, void *value, 68int _gnutls_x509_oid_data2string (const char *OID, void *value,
69 int value_size, char *res, 69 int value_size, char *res,
70 size_t * res_size); 70 size_t * res_size);
71int _gnutls_x509_data2hex (const opaque * data, size_t data_size, 71int _gnutls_x509_data2hex (const opaque * data, size_t data_size,
72 opaque * out, size_t * sizeof_out); 72 opaque * out, size_t * sizeof_out);
73 73
74const char *_gnutls_x509_oid2ldap_string (const char *OID); 74const char *_gnutls_x509_oid2ldap_string (const char *OID);
75 75
@@ -81,46 +81,47 @@ time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when);
81gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); 81gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type);
82 82
83int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, 83int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
84 ASN1_TYPE dest, const char *dest_name, 84 ASN1_TYPE dest, const char *dest_name,
85 int str); 85 int str);
86int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, 86int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
87 gnutls_datum_t * res, int str); 87 gnutls_datum_t * res, int str);
88 88
89int _gnutls_x509_export_int (ASN1_TYPE asn1_data, 89int _gnutls_x509_export_int (ASN1_TYPE asn1_data,
90 gnutls_x509_crt_fmt_t format, char *pem_header, 90 gnutls_x509_crt_fmt_t format, char *pem_header,
91 unsigned char *output_data, 91 unsigned char *output_data,
92 size_t * output_data_size); 92 size_t * output_data_size);
93 93
94int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, 94int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
95 gnutls_datum_t * ret, int str); 95 gnutls_datum_t * ret, int str);
96int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, 96int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
97 const gnutls_datum_t * data, int str); 97 const gnutls_datum_t * data, int str);
98 98
99int _gnutls_x509_encode_and_write_attribute (const char *given_oid, 99int _gnutls_x509_encode_and_write_attribute (const char *given_oid,
100 ASN1_TYPE asn1_struct, 100 ASN1_TYPE asn1_struct,
101 const char *where, 101 const char *where,
102 const void *data, 102 const void *data,
103 int sizeof_data, int multi); 103 int sizeof_data, int multi);
104int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, 104int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
105 const char *where, char *oid, 105 const char *where, char *oid,
106 int oid_size, 106 int oid_size,
107 gnutls_datum_t * value, int multi, 107 gnutls_datum_t * value, int multi,
108 int octet); 108 int octet);
109 109
110int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, 110int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
111 unsigned int *bits); 111 unsigned int *bits);
112 112
113int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, 113int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
114 const char *dst_name, 114 const char *dst_name,
115 enum MHD_GNUTLS_PublicKeyAlgorithm 115 enum
116 pk_algorithm, mpi_t * params, 116 MHD_GNUTLS_PublicKeyAlgorithm
117 int params_size); 117 pk_algorithm, mpi_t * params,
118 int params_size);
118int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, 119int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
119 ASN1_TYPE src, const char *src_name); 120 ASN1_TYPE src, const char *src_name);
120 121
121int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, 122int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
122 gnutls_datum_t * signed_data); 123 gnutls_datum_t * signed_data);
123int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, 124int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
124 gnutls_datum_t * signature); 125 gnutls_datum_t * signature);
125 126
126#endif 127#endif
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c
index 98eb4806..9ad49c67 100644
--- a/src/daemon/https/x509/crl.c
+++ b/src/daemon/https/x509/crl.c
@@ -73,7 +73,7 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
73 * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure 73 * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure
74 * @crl: The structure to be initialized 74 * @crl: The structure to be initialized
75 * 75 *
76 * This function will deinitialize a CRL structure. 76 * This function will deinitialize a CRL structure.
77 * 77 *
78 **/ 78 **/
79void 79void
@@ -168,7 +168,7 @@ cleanup:
168 * @buf: a pointer to a structure to hold the peer's name (may be null) 168 * @buf: a pointer to a structure to hold the peer's name (may be null)
169 * @sizeof_buf: initially holds the size of @buf 169 * @sizeof_buf: initially holds the size of @buf
170 * 170 *
171 * This function will copy the name of the CRL issuer in the provided buffer. The name 171 * This function will copy the name of the CRL issuer in the provided buffer. The name
172 * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output 172 * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output
173 * string will be ASCII or UTF-8 encoded, depending on the certificate data. 173 * string will be ASCII or UTF-8 encoded, depending on the certificate data.
174 * 174 *
@@ -208,7 +208,7 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
208 * string will be ASCII or UTF-8 encoded, depending on the certificate data. 208 * string will be ASCII or UTF-8 encoded, depending on the certificate data.
209 * 209 *
210 * Some helper macros with popular OIDs can be found in gnutls/x509.h 210 * Some helper macros with popular OIDs can be found in gnutls/x509.h
211 * If raw flag is zero, this function will only return known OIDs as text. Other OIDs 211 * If raw flag is zero, this function will only return known OIDs as text. Other OIDs
212 * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. 212 * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix.
213 * You can check about known OIDs using gnutls_x509_dn_oid_known(). 213 * You can check about known OIDs using gnutls_x509_dn_oid_known().
214 * 214 *
@@ -244,7 +244,7 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
244 * @sizeof_oid: initially holds the size of 'oid' 244 * @sizeof_oid: initially holds the size of 'oid'
245 * 245 *
246 * This function will extract the requested OID of the name of the CRL issuer, specified 246 * This function will extract the requested OID of the name of the CRL issuer, specified
247 * by the given index. 247 * by the given index.
248 * 248 *
249 * If oid is null then only the size will be filled. 249 * If oid is null then only the size will be filled.
250 * 250 *
@@ -273,8 +273,8 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
273 * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm 273 * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm
274 * @crl: should contain a gnutls_x509_crl_t structure 274 * @crl: should contain a gnutls_x509_crl_t structure
275 * 275 *
276 * This function will return a value of the gnutls_sign_algorithm_t enumeration that 276 * This function will return a value of the gnutls_sign_algorithm_t enumeration that
277 * is the signature algorithm. 277 * is the signature algorithm.
278 * 278 *
279 * Returns a negative value on error. 279 * Returns a negative value on error.
280 * 280 *
@@ -651,7 +651,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl,
651 * @dest: The structure where to copy 651 * @dest: The structure where to copy
652 * @src: The structure to be copied 652 * @src: The structure to be copied
653 * 653 *
654 * This function will copy an X.509 certificate structure. 654 * This function will copy an X.509 certificate structure.
655 * 655 *
656 * Returns 0 on success. 656 * Returns 0 on success.
657 * 657 *
diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c
index 7b651695..5e323be2 100644
--- a/src/daemon/https/x509/crl_write.c
+++ b/src/daemon/https/x509/crl_write.c
@@ -197,7 +197,7 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
197 * @serial_size: Holds the size of the serial field. 197 * @serial_size: Holds the size of the serial field.
198 * @revocation_time: The time this certificate was revoked 198 * @revocation_time: The time this certificate was revoked
199 * 199 *
200 * This function will set a revoked certificate's serial number to the CRL. 200 * This function will set a revoked certificate's serial number to the CRL.
201 * 201 *
202 * Returns 0 on success, or a negative value in case of an error. 202 * Returns 0 on success, or a negative value in case of an error.
203 * 203 *
@@ -262,7 +262,7 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
262 * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate 262 * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate
263 * @revocation_time: The time this certificate was revoked 263 * @revocation_time: The time this certificate was revoked
264 * 264 *
265 * This function will set a revoked certificate's serial number to the CRL. 265 * This function will set a revoked certificate's serial number to the CRL.
266 * 266 *
267 * Returns 0 on success, or a negative value in case of an error. 267 * Returns 0 on success, or a negative value in case of an error.
268 * 268 *
diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c
index 3868a455..68b0477a 100644
--- a/src/daemon/https/x509/crq.c
+++ b/src/daemon/https/x509/crq.c
@@ -46,7 +46,7 @@
46 * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure 46 * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure
47 * @crq: The structure to be initialized 47 * @crq: The structure to be initialized
48 * 48 *
49 * This function will initialize a PKCS10 certificate request structure. 49 * This function will initialize a PKCS10 certificate request structure.
50 * 50 *
51 * Returns 0 on success. 51 * Returns 0 on success.
52 * 52 *
@@ -76,7 +76,7 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
76 * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure 76 * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure
77 * @crq: The structure to be initialized 77 * @crq: The structure to be initialized
78 * 78 *
79 * This function will deinitialize a CRL structure. 79 * This function will deinitialize a CRL structure.
80 * 80 *
81 **/ 81 **/
82void 82void
@@ -336,7 +336,7 @@ parse_attribute (ASN1_TYPE asn1_struct,
336 336
337 /* Move to the attibute type and values 337 /* Move to the attibute type and values
338 */ 338 */
339 /* Read the OID 339 /* Read the OID
340 */ 340 */
341 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); 341 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
342 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 342 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -356,7 +356,7 @@ parse_attribute (ASN1_TYPE asn1_struct,
356 if (strcmp (oid, given_oid) == 0) 356 if (strcmp (oid, given_oid) == 0)
357 { /* Found the OID */ 357 { /* Found the OID */
358 358
359 /* Read the Value 359 /* Read the Value
360 */ 360 */
361 snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", 361 snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
362 tmpbuffer1, indx + 1); 362 tmpbuffer1, indx + 1);
@@ -421,7 +421,7 @@ cleanup:
421} 421}
422 422
423/** 423/**
424 * gnutls_x509_crq_get_challenge_password - This function will get the challenge password 424 * gnutls_x509_crq_get_challenge_password - This function will get the challenge password
425 * @crq: should contain a gnutls_x509_crq_t structure 425 * @crq: should contain a gnutls_x509_crq_t structure
426 * @pass: will hold a null terminated password 426 * @pass: will hold a null terminated password
427 * @sizeof_pass: Initially holds the size of @pass. 427 * @sizeof_pass: Initially holds the size of @pass.
@@ -499,7 +499,7 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
499} 499}
500 500
501/** 501/**
502 * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request 502 * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request
503 * @crq: should contain a gnutls_x509_crq_t structure 503 * @crq: should contain a gnutls_x509_crq_t structure
504 * @oid: holds an Object Identified in null terminated string 504 * @oid: holds an Object Identified in null terminated string
505 * @indx: In case multiple same OIDs exist in the attribute list, this specifies 505 * @indx: In case multiple same OIDs exist in the attribute list, this specifies
@@ -674,7 +674,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
674} 674}
675 675
676/** 676/**
677 * gnutls_x509_crq_set_challenge_password - This function will set a challenge password 677 * gnutls_x509_crq_set_challenge_password - This function will set a challenge password
678 * @crq: should contain a gnutls_x509_crq_t structure 678 * @crq: should contain a gnutls_x509_crq_t structure
679 * @pass: holds a null terminated password 679 * @pass: holds a null terminated password
680 * 680 *
@@ -849,11 +849,11 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq,
849 * @crq: should contain a gnutls_x509_crq_t structure 849 * @crq: should contain a gnutls_x509_crq_t structure
850 * @bits: if bits is non null it will hold the size of the parameters' in bits 850 * @bits: if bits is non null it will hold the size of the parameters' in bits
851 * 851 *
852 * This function will return the public key algorithm of a PKCS \#10 852 * This function will return the public key algorithm of a PKCS \#10
853 * certificate request. 853 * certificate request.
854 * 854 *
855 * If bits is non null, it should have enough size to hold the parameters 855 * If bits is non null, it should have enough size to hold the parameters
856 * size in bits. For RSA the bits returned is the modulus. 856 * size in bits. For RSA the bits returned is the modulus.
857 * For DSA the bits returned are of the public 857 * For DSA the bits returned are of the public
858 * exponent. 858 * exponent.
859 * 859 *
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c
index 784ac4a7..27c53084 100644
--- a/src/daemon/https/x509/dn.c
+++ b/src/daemon/https/x509/dn.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39/* Converts the given OID to an ldap acceptable string or 39/* Converts the given OID to an ldap acceptable string or
40 * a dotted OID. 40 * a dotted OID.
41 */ 41 */
42static const char * 42static const char *
43oid2ldap_string (const char *oid) 43oid2ldap_string (const char *oid)
@@ -173,7 +173,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
173 goto cleanup; 173 goto cleanup;
174 } 174 }
175 175
176 /* Read the OID 176 /* Read the OID
177 */ 177 */
178 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 178 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
179 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 179 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -190,7 +190,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
190 goto cleanup; 190 goto cleanup;
191 } 191 }
192 192
193 /* Read the Value 193 /* Read the Value
194 */ 194 */
195 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 195 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
196 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); 196 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
@@ -280,7 +280,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
280 gnutls_assert (); 280 gnutls_assert ();
281 _gnutls_x509_log 281 _gnutls_x509_log
282 ("Found OID: '%s' with value '%s'\n", 282 ("Found OID: '%s' with value '%s'\n",
283 oid, mhd_gtls_bin2hex (value2, len, escaped, sizeof_escaped)); 283 oid, mhd_gtls_bin2hex (value2, len, escaped,
284 sizeof_escaped));
284 goto cleanup; 285 goto cleanup;
285 } 286 }
286 STR_APPEND (str_escape (string, escaped, sizeof_escaped)); 287 STR_APPEND (str_escape (string, escaped, sizeof_escaped));
@@ -416,7 +417,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
416 goto cleanup; 417 goto cleanup;
417 } 418 }
418 419
419 /* Read the OID 420 /* Read the OID
420 */ 421 */
421 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 422 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
422 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 423 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -436,7 +437,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
436 if (strcmp (oid, given_oid) == 0 && indx == i++) 437 if (strcmp (oid, given_oid) == 0 && indx == i++)
437 { /* Found the OID */ 438 { /* Found the OID */
438 439
439 /* Read the Value 440 /* Read the Value
440 */ 441 */
441 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 442 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
442 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); 443 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
@@ -585,7 +586,7 @@ _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
585 goto cleanup; 586 goto cleanup;
586 } 587 }
587 588
588 /* Read the OID 589 /* Read the OID
589 */ 590 */
590 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); 591 mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
591 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); 592 mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
@@ -722,7 +723,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid,
722 723
723 if (multi != 0) 724 if (multi != 0)
724 { /* if not writing an AttributeTypeAndValue, but an Attribute */ 725 { /* if not writing an AttributeTypeAndValue, but an Attribute */
725 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ 726 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */
726 727
727 result = asn1_write_value (asn1_struct, tmp, "NEW", 1); 728 result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
728 if (result != ASN1_SUCCESS) 729 if (result != ASN1_SUCCESS)
@@ -777,7 +778,7 @@ _gnutls_x509_write_attribute (const char *given_oid,
777 778
778 if (multi != 0) 779 if (multi != 0)
779 { /* if not writing an AttributeTypeAndValue, but an Attribute */ 780 { /* if not writing an AttributeTypeAndValue, but an Attribute */
780 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ 781 mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */
781 782
782 result = asn1_write_value (asn1_struct, tmp, "NEW", 1); 783 result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
783 if (result != ASN1_SUCCESS) 784 if (result != ASN1_SUCCESS)
@@ -830,7 +831,7 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
830 char tmpbuffer[128]; 831 char tmpbuffer[128];
831 int len, result; 832 int len, result;
832 833
833 /* Read the OID 834 /* Read the OID
834 */ 835 */
835 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); 836 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
836 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); 837 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
@@ -845,14 +846,14 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
845 return result; 846 return result;
846 } 847 }
847 848
848 /* Read the Value 849 /* Read the Value
849 */ 850 */
850 851
851 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); 852 mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
852 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); 853 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
853 854
854 if (multi) 855 if (multi)
855 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ 856 mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
856 857
857 result = 858 result =
858 _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); 859 _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string);
@@ -899,7 +900,7 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
899 mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); 900 mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name);
900 mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); 901 mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence");
901 902
902 /* create a new element 903 /* create a new element
903 */ 904 */
904 result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); 905 result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1);
905 if (result != ASN1_SUCCESS) 906 if (result != ASN1_SUCCESS)
diff --git a/src/daemon/https/x509/dn.h b/src/daemon/https/x509/dn.h
index 93a9262c..97f85e16 100644
--- a/src/daemon/https/x509/dn.h
+++ b/src/daemon/https/x509/dn.h
@@ -38,21 +38,21 @@
38#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" 38#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
39 39
40int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, 40int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
41 const char *asn1_rdn_name, char *buf, 41 const char *asn1_rdn_name, char *buf,
42 size_t * sizeof_buf); 42 size_t * sizeof_buf);
43 43
44int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, 44int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
45 const char *asn1_rdn_name, const char *oid, 45 const char *asn1_rdn_name, const char *oid,
46 int indx, unsigned int raw_flag, void *buf, 46 int indx, unsigned int raw_flag, void *buf,
47 size_t * sizeof_buf); 47 size_t * sizeof_buf);
48 48
49int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, 49int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
50 const char *asn1_rdn_name, const char *oid, 50 const char *asn1_rdn_name, const char *oid,
51 int raw_flag, const char *name, int sizeof_name); 51 int raw_flag, const char *name, int sizeof_name);
52 52
53int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, 53int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
54 const char *asn1_rdn_name, 54 const char *asn1_rdn_name,
55 int indx, void *_oid, size_t * sizeof_oid); 55 int indx, void *_oid, size_t * sizeof_oid);
56 56
57 57
58#endif 58#endif
diff --git a/src/daemon/https/x509/dsa.c b/src/daemon/https/x509/dsa.c
index af403911..d65bcede 100644
--- a/src/daemon/https/x509/dsa.c
+++ b/src/daemon/https/x509/dsa.c
@@ -59,7 +59,7 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
59 return GNUTLS_E_INTERNAL_ERROR; 59 return GNUTLS_E_INTERNAL_ERROR;
60 } 60 }
61 61
62 /* generate the DSA key 62 /* generate the DSA key
63 */ 63 */
64 ret = gcry_pk_genkey (&key, parms); 64 ret = gcry_pk_genkey (&key, parms);
65 gcry_sexp_release (parms); 65 gcry_sexp_release (parms);
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c
index ea3891b0..5cf170af 100644
--- a/src/daemon/https/x509/extensions.c
+++ b/src/daemon/https/x509/extensions.c
@@ -99,11 +99,11 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
99 return mhd_gtls_asn2err (result); 99 return mhd_gtls_asn2err (result);
100 } 100 }
101 101
102 /* Handle Extension 102 /* Handle Extension
103 */ 103 */
104 if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) 104 if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
105 { 105 {
106 /* extension was found 106 /* extension was found
107 */ 107 */
108 108
109 /* read the critical status. 109 /* read the critical status.
@@ -170,7 +170,7 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
170} 170}
171 171
172/* This function will attempt to return the requested extension OID found in 172/* This function will attempt to return the requested extension OID found in
173 * the given X509v3 certificate. 173 * the given X509v3 certificate.
174 * 174 *
175 * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will 175 * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
176 * be returned. 176 * be returned.
@@ -223,7 +223,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
223 return mhd_gtls_asn2err (result); 223 return mhd_gtls_asn2err (result);
224 } 224 }
225 225
226 /* Handle Extension 226 /* Handle Extension
227 */ 227 */
228 if (indx == indx_counter++) 228 if (indx == indx_counter++)
229 { 229 {
@@ -260,7 +260,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
260} 260}
261 261
262/* This function will attempt to set the requested extension in 262/* This function will attempt to set the requested extension in
263 * the given X509v3 certificate. 263 * the given X509v3 certificate.
264 * 264 *
265 * Critical will be either 0 or 1. 265 * Critical will be either 0 or 1.
266 */ 266 */
@@ -359,7 +359,7 @@ overwrite_extension (ASN1_TYPE asn, unsigned int indx,
359} 359}
360 360
361/* This function will attempt to overwrite the requested extension with 361/* This function will attempt to overwrite the requested extension with
362 * the given one. 362 * the given one.
363 * 363 *
364 * Critical will be either 0 or 1. 364 * Critical will be either 0 or 1.
365 */ 365 */
@@ -414,11 +414,11 @@ _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
414 return mhd_gtls_asn2err (result); 414 return mhd_gtls_asn2err (result);
415 } 415 }
416 416
417 /* Handle Extension 417 /* Handle Extension
418 */ 418 */
419 if (strcmp (extnID, ext_id) == 0) 419 if (strcmp (extnID, ext_id) == 0)
420 { 420 {
421 /* extension was found 421 /* extension was found
422 */ 422 */
423 return overwrite_extension (cert->cert, k, ext_data, critical); 423 return overwrite_extension (cert->cert, k, ext_data, critical);
424 } 424 }
@@ -839,7 +839,7 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
839 839
840 840
841/* Creates and encodes the CRL Distribution points. data_string should be a name 841/* Creates and encodes the CRL Distribution points. data_string should be a name
842 * and type holds the type of the name. 842 * and type holds the type of the name.
843 * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. 843 * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
844 * 844 *
845 */ 845 */
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h
index fb758c90..143775a6 100644
--- a/src/daemon/https/x509/extensions.h
+++ b/src/daemon/https/x509/extensions.h
@@ -23,46 +23,46 @@
23 */ 23 */
24 24
25int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, 25int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
26 const char *extension_id, int indx, 26 const char *extension_id, int indx,
27 gnutls_datum_t * ret, 27 gnutls_datum_t * ret,
28 unsigned int *critical); 28 unsigned int *critical);
29 29
30int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, 30int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
31 int indx, void *ret, 31 int indx, void *ret,
32 size_t * ret_size); 32 size_t * ret_size);
33int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, 33int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
34 opaque * extnValue, int extnValueLen); 34 opaque * extnValue, int extnValueLen);
35int _gnutls_x509_ext_extract_basicConstraints (int *CA, 35int _gnutls_x509_ext_extract_basicConstraints (int *CA,
36 int *pathLenConstraint, 36 int *pathLenConstraint,
37 opaque * extnValue, 37 opaque * extnValue,
38 int extnValueLen); 38 int extnValueLen);
39int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, 39int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
40 const char *extension_id, 40 const char *extension_id,
41 const gnutls_datum_t * ext_data, 41 const gnutls_datum_t * ext_data,
42 unsigned int critical); 42 unsigned int critical);
43int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, 43int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
44 gnutls_datum_t * der_ext); 44 gnutls_datum_t * der_ext);
45int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); 45int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
46int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t 46int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
47 type, const char *data_string, 47 type, const char *data_string,
48 gnutls_datum_t * der_ext); 48 gnutls_datum_t * der_ext);
49int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t 49int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
50 type, const void *data_string, 50 type, const void *data_string,
51 unsigned int reason_flags, 51 unsigned int reason_flags,
52 gnutls_datum_t * der_ext); 52 gnutls_datum_t * der_ext);
53int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, 53int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
54 gnutls_datum_t * der_data); 54 gnutls_datum_t * der_data);
55int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, 55int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
56 gnutls_datum_t * der_data); 56 gnutls_datum_t * der_data);
57 57
58int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, 58int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
59 char **policyLanguage, 59 char **policyLanguage,
60 char **policy, 60 char **policy,
61 size_t *sizeof_policy, 61 size_t * sizeof_policy,
62 opaque * extnValue, 62 opaque * extnValue,
63 int extnValueLen); 63 int extnValueLen);
64int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, 64int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
65 const char *policyLanguage, 65 const char *policyLanguage,
66 const char *policy, 66 const char *policy,
67 size_t sizeof_policy, 67 size_t sizeof_policy,
68 gnutls_datum_t * der_ext); 68 gnutls_datum_t * der_ext);
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c
index 73f091c1..c43b3dce 100644
--- a/src/daemon/https/x509/mpi.c
+++ b/src/daemon/https/x509/mpi.c
@@ -335,7 +335,8 @@ cleanup:asn1_delete_structure (&spk);
335int 335int
336_gnutls_x509_write_sig_params (ASN1_TYPE dst, 336_gnutls_x509_write_sig_params (ASN1_TYPE dst,
337 const char *dst_name, 337 const char *dst_name,
338 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, 338 enum MHD_GNUTLS_PublicKeyAlgorithm
339 pk_algorithm,
339 enum MHD_GNUTLS_HashAlgorithm dig, 340 enum MHD_GNUTLS_HashAlgorithm dig,
340 mpi_t * params, int params_size) 341 mpi_t * params, int params_size)
341{ 342{
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h
index 30f8fd77..69e725bd 100644
--- a/src/daemon/https/x509/mpi.h
+++ b/src/daemon/https/x509/mpi.h
@@ -26,32 +26,32 @@
26#include "x509.h" 26#include "x509.h"
27 27
28int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, 28int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
29 mpi_t * params, int *params_size); 29 mpi_t * params, int *params_size);
30int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); 30int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params);
31int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); 31int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params);
32int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); 32int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params);
33 33
34int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, 34int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size,
35 gnutls_datum_t * der); 35 gnutls_datum_t * der);
36int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, 36int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size,
37 gnutls_datum_t * der); 37 gnutls_datum_t * der);
38int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, 38int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size,
39 gnutls_datum_t * der); 39 gnutls_datum_t * der);
40 40
41int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, 41int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
42 unsigned int *ret); 42 unsigned int *ret);
43 43
44int 44int _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t * out);
45_gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t* out);
46 45
47int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, 46int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
48 mpi_t * ret_mpi); 47 mpi_t * ret_mpi);
49int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, 48int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi,
50 int lz); 49 int lz);
51int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, 50int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
52 uint32_t num); 51 uint32_t num);
53 52
54int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, 53int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
55 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, 54 enum MHD_GNUTLS_PublicKeyAlgorithm
56 enum MHD_GNUTLS_HashAlgorithm, mpi_t * params, 55 pk_algorithm,
57 int params_size); 56 enum MHD_GNUTLS_HashAlgorithm,
57 mpi_t * params, int params_size);
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h
index 3c75dff5..38131ece 100644
--- a/src/daemon/https/x509/pkcs12.h
+++ b/src/daemon/https/x509/pkcs12.h
@@ -28,7 +28,7 @@
28 28
29#ifdef __cplusplus 29#ifdef __cplusplus
30extern "C" 30extern "C"
31 { 31{
32#endif 32#endif
33 33
34#include <x509.h> 34#include <x509.h>
@@ -37,15 +37,15 @@ extern "C"
37 37
38/* PKCS12 structures handling 38/* PKCS12 structures handling
39 */ 39 */
40struct gnutls_pkcs12_int; 40 struct gnutls_pkcs12_int;
41 41
42struct gnutls_pkcs12_bag_int; 42 struct gnutls_pkcs12_bag_int;
43typedef struct gnutls_pkcs12_int 43 typedef struct gnutls_pkcs12_int
44 { 44 {
45 ASN1_TYPE pkcs12; 45 ASN1_TYPE pkcs12;
46 } gnutls_pkcs12_int; 46 } gnutls_pkcs12_int;
47 47
48typedef enum gnutls_pkcs12_bag_type_t 48 typedef enum gnutls_pkcs12_bag_type_t
49 { 49 {
50 GNUTLS_BAG_EMPTY = 0, 50 GNUTLS_BAG_EMPTY = 0,
51 51
@@ -57,7 +57,7 @@ typedef enum gnutls_pkcs12_bag_type_t
57 GNUTLS_BAG_UNKNOWN = 20 57 GNUTLS_BAG_UNKNOWN = 20
58 } gnutls_pkcs12_bag_type_t; 58 } gnutls_pkcs12_bag_type_t;
59 59
60struct bag_element 60 struct bag_element
61 { 61 {
62 gnutls_datum_t data; 62 gnutls_datum_t data;
63 gnutls_pkcs12_bag_type_t type; 63 gnutls_pkcs12_bag_type_t type;
@@ -65,7 +65,7 @@ struct bag_element
65 char *friendly_name; 65 char *friendly_name;
66 }; 66 };
67 67
68typedef struct gnutls_pkcs12_bag_int 68 typedef struct gnutls_pkcs12_bag_int
69 { 69 {
70 struct bag_element element[MAX_BAG_ELEMENTS]; 70 struct bag_element element[MAX_BAG_ELEMENTS];
71 int bag_elements; 71 int bag_elements;
@@ -75,68 +75,54 @@ typedef struct gnutls_pkcs12_bag_int
75#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" 75#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
76#define KEY_ID_OID "1.2.840.113549.1.9.21" 76#define KEY_ID_OID "1.2.840.113549.1.9.21"
77 77
78typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; 78 typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
79typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; 79 typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
80 80
81int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); 81 int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
82void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); 82 void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
83int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, 83 int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
84 const gnutls_datum_t * data, 84 const gnutls_datum_t * data,
85 gnutls_x509_crt_fmt_t format, 85 gnutls_x509_crt_fmt_t format, unsigned int flags);
86 unsigned int flags); 86 int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
87int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, 87 gnutls_x509_crt_fmt_t format,
88 gnutls_x509_crt_fmt_t format, 88 void *output_data, size_t * output_data_size);
89 void *output_data, 89
90 size_t * output_data_size); 90 int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
91 91 int indx, gnutls_pkcs12_bag_t bag);
92int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, 92 int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
93 int indx, 93
94 gnutls_pkcs12_bag_t bag); 94 int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
95int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, 95 int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
96 gnutls_pkcs12_bag_t bag); 96
97 97 int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
98int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, 98 int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag,
99 const char *pass); 99 const char *pass, unsigned int flags);
100int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, 100
101 const char *pass); 101 gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t
102 102 bag, int indx);
103int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, 103 int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag,
104 const char *pass); 104 int indx, gnutls_datum_t * data);
105int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, 105 int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
106 const char *pass, 106 gnutls_pkcs12_bag_type_t type,
107 unsigned int flags); 107 const gnutls_datum_t * data);
108 108 int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
109gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t 109 gnutls_x509_crl_t crl);
110 bag, 110 int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
111 int indx); 111 gnutls_x509_crt_t crt);
112int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, 112
113 int indx, 113 int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
114 gnutls_datum_t * data); 114 void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
115int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, 115 int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
116 gnutls_pkcs12_bag_type_t type, 116
117 const gnutls_datum_t * data); 117 int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag,
118int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, 118 int indx, gnutls_datum_t * id);
119 gnutls_x509_crl_t crl); 119 int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag,
120int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, 120 int indx, const gnutls_datum_t * id);
121 gnutls_x509_crt_t crt); 121
122 122 int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag,
123int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); 123 int indx, char **name);
124void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); 124 int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag,
125int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); 125 int indx, const char *name);
126
127int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag,
128 int indx,
129 gnutls_datum_t * id);
130int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag,
131 int indx,
132 const gnutls_datum_t * id);
133
134int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag,
135 int indx,
136 char **name);
137int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
138 int indx,
139 const char *name);
140 126
141#ifdef __cplusplus 127#ifdef __cplusplus
142} 128}
@@ -152,56 +138,48 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag,
152#define DATA_OID "1.2.840.113549.1.7.1" 138#define DATA_OID "1.2.840.113549.1.7.1"
153#define ENC_DATA_OID "1.2.840.113549.1.7.6" 139#define ENC_DATA_OID "1.2.840.113549.1.7.6"
154 140
155int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); 141int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
156void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); 142void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
157int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, 143int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
158 const gnutls_datum_t * data, 144 const gnutls_datum_t * data,
159 gnutls_x509_crt_fmt_t format, 145 gnutls_x509_crt_fmt_t format, unsigned int flags);
160 unsigned int flags);
161 146
162int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, 147int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
163 int indx, 148 int indx, gnutls_pkcs12_bag_t bag);
164 gnutls_pkcs12_bag_t bag);
165 149
166int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); 150int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
167void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); 151void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
168 152
169int _pkcs12_string_to_key(unsigned int id, 153int _pkcs12_string_to_key (unsigned int id,
170 const opaque * salt, 154 const opaque * salt,
171 unsigned int salt_size, 155 unsigned int salt_size,
172 unsigned int iter, 156 unsigned int iter,
173 const char *pw, 157 const char *pw,
174 unsigned int req_keylen, 158 unsigned int req_keylen, opaque * keybuf);
175 opaque * keybuf);
176 159
177int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, 160int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
178 const char *password, 161 const char *password, gnutls_datum_t * dec);
179 gnutls_datum_t * dec);
180 162
181typedef enum schema_id 163typedef enum schema_id
182 { 164{
183 PBES2, /* the stuff in PKCS #5 */ 165 PBES2, /* the stuff in PKCS #5 */
184 PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ 166 PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */
185 PKCS12_ARCFOUR_SHA1, 167 PKCS12_ARCFOUR_SHA1,
186 PKCS12_RC2_40_SHA1 168 PKCS12_RC2_40_SHA1
187 } schema_id; 169} schema_id;
188 170
189int _gnutls_pkcs7_encrypt_data(schema_id schema, 171int _gnutls_pkcs7_encrypt_data (schema_id schema,
190 const gnutls_datum_t * data, 172 const gnutls_datum_t * data,
191 const char *password, 173 const char *password, gnutls_datum_t * enc);
192 gnutls_datum_t * enc); 174int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
193int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, 175 gnutls_pkcs12_bag_t bag);
194 gnutls_pkcs12_bag_t bag); 176
195 177int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag,
196int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, 178 ASN1_TYPE * content, int *enc);
197 ASN1_TYPE * content, 179
198 int *enc); 180int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
199 181 const gnutls_datum_t * in, gnutls_datum_t * out);
200int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, 182int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
201 const gnutls_datum_t * in, 183 const gnutls_datum_t * raw, gnutls_datum_t * out);
202 gnutls_datum_t * out); 184
203int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, 185#endif /* GNUTLS_PKCS12_H */
204 const gnutls_datum_t * raw,
205 gnutls_datum_t * out);
206
207#endif /* GNUTLS_PKCS12_H */
diff --git a/src/daemon/https/x509/pkcs12_bag.c b/src/daemon/https/x509/pkcs12_bag.c
index 780dfb52..63b290bc 100644
--- a/src/daemon/https/x509/pkcs12_bag.c
+++ b/src/daemon/https/x509/pkcs12_bag.c
@@ -80,7 +80,7 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
80 * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure 80 * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure
81 * @bag: The structure to be initialized 81 * @bag: The structure to be initialized
82 * 82 *
83 * This function will deinitialize a PKCS12 Bag structure. 83 * This function will deinitialize a PKCS12 Bag structure.
84 * 84 *
85 **/ 85 **/
86void 86void
@@ -121,7 +121,7 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
121 * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count 121 * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count
122 * @bag: The bag 122 * @bag: The bag
123 * 123 *
124 * This function will return the number of the elements withing the bag. 124 * This function will return the number of the elements withing the bag.
125 * 125 *
126 **/ 126 **/
127int 127int
@@ -332,7 +332,7 @@ cleanup:
332 * @data: the data to be copied. 332 * @data: the data to be copied.
333 * 333 *
334 * This function will insert the given data of the given type into the 334 * This function will insert the given data of the given type into the
335 * bag. 335 * bag.
336 * 336 *
337 * Returns the index of the added bag on success, or a negative 337 * Returns the index of the added bag on success, or a negative
338 * value on error. 338 * value on error.
@@ -475,7 +475,7 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
475 * This function will add the given key ID, to the specified, by the index, bag 475 * This function will add the given key ID, to the specified, by the index, bag
476 * element. The key ID will be encoded as a 'Local key identifier' bag attribute, 476 * element. The key ID will be encoded as a 'Local key identifier' bag attribute,
477 * which is usually used to distinguish the local private key and the certificate pair. 477 * which is usually used to distinguish the local private key and the certificate pair.
478 * 478 *
479 * Returns 0 on success, or a negative value on error. 479 * Returns 0 on success, or a negative value on error.
480 * 480 *
481 **/ 481 **/
@@ -518,7 +518,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
518 * 518 *
519 * This function will return the key ID, of the specified bag element. 519 * This function will return the key ID, of the specified bag element.
520 * The key ID is usually used to distinguish the local private key and the certificate pair. 520 * The key ID is usually used to distinguish the local private key and the certificate pair.
521 * 521 *
522 * Returns 0 on success, or a negative value on error. 522 * Returns 0 on success, or a negative value on error.
523 * 523 *
524 **/ 524 **/
@@ -552,7 +552,7 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
552 * 552 *
553 * This function will return the friendly name, of the specified bag element. 553 * This function will return the friendly name, of the specified bag element.
554 * The key ID is usually used to distinguish the local private key and the certificate pair. 554 * The key ID is usually used to distinguish the local private key and the certificate pair.
555 * 555 *
556 * Returns 0 on success, or a negative value on error. 556 * Returns 0 on success, or a negative value on error.
557 * 557 *
558 **/ 558 **/
@@ -587,7 +587,7 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
587 * This function will add the given key friendly name, to the specified, by the index, bag 587 * This function will add the given key friendly name, to the specified, by the index, bag
588 * element. The name will be encoded as a 'Friendly name' bag attribute, 588 * element. The name will be encoded as a 'Friendly name' bag attribute,
589 * which is usually used to set a user name to the local private key and the certificate pair. 589 * which is usually used to set a user name to the local private key and the certificate pair.
590 * 590 *
591 * Returns 0 on success, or a negative value on error. 591 * Returns 0 on success, or a negative value on error.
592 * 592 *
593 **/ 593 **/
@@ -752,7 +752,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
752 return ret; 752 return ret;
753 } 753 }
754 754
755 /* encryption succeeded. 755 /* encryption succeeded.
756 */ 756 */
757 757
758 _pkcs12_bag_free_data (bag); 758 _pkcs12_bag_free_data (bag);
diff --git a/src/daemon/https/x509/pkcs7.c b/src/daemon/https/x509/pkcs7.c
index 3cef67c2..6af89425 100644
--- a/src/daemon/https/x509/pkcs7.c
+++ b/src/daemon/https/x509/pkcs7.c
@@ -40,7 +40,7 @@
40 40
41#define SIGNED_DATA_OID "1.2.840.113549.1.7.2" 41#define SIGNED_DATA_OID "1.2.840.113549.1.7.2"
42 42
43/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, 43/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE,
44 * which holds them. If raw is non null then the raw decoded 44 * which holds them. If raw is non null then the raw decoded
45 * data are copied (they are locally allocated) there. 45 * data are copied (they are locally allocated) there.
46 */ 46 */
@@ -175,7 +175,7 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
175 * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure 175 * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure
176 * @pkcs7: The structure to be initialized 176 * @pkcs7: The structure to be initialized
177 * 177 *
178 * This function will deinitialize a PKCS7 structure. 178 * This function will deinitialize a PKCS7 structure.
179 * 179 *
180 **/ 180 **/
181void 181void
@@ -298,7 +298,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
298 return result; 298 return result;
299 } 299 }
300 300
301 /* Step 2. Parse the CertificateSet 301 /* Step 2. Parse the CertificateSet
302 */ 302 */
303 303
304 snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); 304 snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
@@ -320,7 +320,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
320 goto cleanup; 320 goto cleanup;
321 } 321 }
322 322
323 /* if 'Certificate' is the choice found: 323 /* if 'Certificate' is the choice found:
324 */ 324 */
325 if (strcmp (oid, "certificate") == 0) 325 if (strcmp (oid, "certificate") == 0)
326 { 326 {
@@ -369,7 +369,7 @@ cleanup:
369 * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set 369 * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set
370 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure 370 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure
371 * 371 *
372 * This function will return the number of certifcates in the PKCS7 or 372 * This function will return the number of certifcates in the PKCS7 or
373 * RFC2630 certificate set. 373 * RFC2630 certificate set.
374 * 374 *
375 * Returns a negative value on failure. 375 * Returns a negative value on failure.
@@ -755,12 +755,12 @@ gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
755 return result; 755 return result;
756 } 756 }
757 757
758 /* Step 2. Parse the CertificateSet 758 /* Step 2. Parse the CertificateSet
759 */ 759 */
760 760
761 snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); 761 snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
762 762
763 /* Get the raw CRL 763 /* Get the raw CRL
764 */ 764 */
765 result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, 765 result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
766 root2, &start, &end); 766 root2, &start, &end);
@@ -799,7 +799,7 @@ cleanup:
799 * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set 799 * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set
800 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure 800 * @pkcs7_struct: should contain a gnutls_pkcs7_t structure
801 * 801 *
802 * This function will return the number of certifcates in the PKCS7 or 802 * This function will return the number of certifcates in the PKCS7 or
803 * RFC2630 crl set. 803 * RFC2630 crl set.
804 * 804 *
805 * Returns a negative value on failure. 805 * Returns a negative value on failure.
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h
index 6e645b9d..59dc936b 100644
--- a/src/daemon/https/x509/privkey.h
+++ b/src/daemon/https/x509/privkey.h
@@ -25,7 +25,7 @@
25#include "x509.h" 25#include "x509.h"
26 26
27ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * 27ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
28 raw_key, 28 raw_key,
29 gnutls_x509_privkey_t pkey); 29 gnutls_x509_privkey_t pkey);
30 30
31int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); 31int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c
index fa5b5c43..8b92f266 100644
--- a/src/daemon/https/x509/privkey_pkcs8.c
+++ b/src/daemon/https/x509/privkey_pkcs8.c
@@ -1284,7 +1284,7 @@ error:
1284/* Converts an OID to a gnutls cipher type. 1284/* Converts an OID to a gnutls cipher type.
1285 */ 1285 */
1286inline static int 1286inline static int
1287oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm * algo) 1287oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm *algo)
1288{ 1288{
1289 1289
1290 *algo = 0; 1290 *algo = 0;
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c
index 9a548665..2d367732 100644
--- a/src/daemon/https/x509/sign.c
+++ b/src/daemon/https/x509/sign.c
@@ -132,8 +132,9 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
132 * params[1] is public key 132 * params[1] is public key
133 */ 133 */
134static int 134static int
135pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, 135pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash,
136 mpi_t * params, int params_len, gnutls_datum_t * signature) 136 const gnutls_datum_t * text, mpi_t * params, int params_len,
137 gnutls_datum_t * signature)
137{ 138{
138 int ret; 139 int ret;
139 opaque _digest[MAX_HASH_SIZE]; 140 opaque _digest[MAX_HASH_SIZE];
@@ -163,7 +164,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text,
163 164
164 if ((ret = 165 if ((ret =
165 mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, 166 mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info,
166 signature)) < 0) 167 signature)) < 0)
167 { 168 {
168 gnutls_assert (); 169 gnutls_assert ();
169 _gnutls_free_datum (&info); 170 _gnutls_free_datum (&info);
@@ -179,7 +180,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text,
179 * private key. 180 * private key.
180 * 181 *
181 * returns 0 on success. 182 * returns 0 on success.
182 * 183 *
183 * 'tbs' is the data to be signed 184 * 'tbs' is the data to be signed
184 * 'signature' will hold the signature! 185 * 'signature' will hold the signature!
185 * 'hash' is only used in PKCS1 RSA signing. 186 * 'hash' is only used in PKCS1 RSA signing.
@@ -327,7 +328,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
327 } 328 }
328 329
329 /* Step 3. Move up and write the AlgorithmIdentifier, which is also 330 /* Step 3. Move up and write the AlgorithmIdentifier, which is also
330 * the same. 331 * the same.
331 */ 332 */
332 333
333 result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", 334 result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h
index c7da9e2e..86d9859c 100644
--- a/src/daemon/https/x509/sign.h
+++ b/src/daemon/https/x509/sign.h
@@ -23,14 +23,14 @@
23 */ 23 */
24 24
25int _gnutls_x509_sign (const gnutls_datum_t * tbs, 25int _gnutls_x509_sign (const gnutls_datum_t * tbs,
26 enum MHD_GNUTLS_HashAlgorithm hash, 26 enum MHD_GNUTLS_HashAlgorithm hash,
27 gnutls_x509_privkey_t signer, 27 gnutls_x509_privkey_t signer,
28 gnutls_datum_t * signature); 28 gnutls_datum_t * signature);
29int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, 29int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
30 enum MHD_GNUTLS_HashAlgorithm hash, 30 enum MHD_GNUTLS_HashAlgorithm hash,
31 gnutls_x509_privkey_t signer, 31 gnutls_x509_privkey_t signer,
32 gnutls_datum_t * signature); 32 gnutls_datum_t * signature);
33int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, 33int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
34 enum MHD_GNUTLS_HashAlgorithm, 34 enum MHD_GNUTLS_HashAlgorithm,
35 gnutls_x509_crt_t issuer, 35 gnutls_x509_crt_t issuer,
36 gnutls_x509_privkey_t issuer_key); 36 gnutls_x509_privkey_t issuer_key);
diff --git a/src/daemon/https/x509/verify.h b/src/daemon/https/x509/verify.h
index d7ca5151..c7e3c63d 100644
--- a/src/daemon/https/x509/verify.h
+++ b/src/daemon/https/x509/verify.h
@@ -25,10 +25,10 @@
25#include "x509.h" 25#include "x509.h"
26 26
27int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, 27int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
28 gnutls_x509_crt_t issuer); 28 gnutls_x509_crt_t issuer);
29int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, 29int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
30 const gnutls_datum_t * signature, 30 const gnutls_datum_t * signature,
31 gnutls_x509_crt_t issuer); 31 gnutls_x509_crt_t issuer);
32int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, 32int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
33 const gnutls_datum_t * signature, 33 const gnutls_datum_t * signature,
34 gnutls_x509_privkey_t issuer); 34 gnutls_x509_privkey_t issuer);
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c
index e8dff3c7..76ad46ac 100644
--- a/src/daemon/https/x509/x509.c
+++ b/src/daemon/https/x509/x509.c
@@ -76,7 +76,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
76 * @dest: The structure where to copy 76 * @dest: The structure where to copy
77 * @src: The structure to be copied 77 * @src: The structure to be copied
78 * 78 *
79 * This function will copy an X.509 certificate structure. 79 * This function will copy an X.509 certificate structure.
80 * 80 *
81 * Returns 0 on success. 81 * Returns 0 on success.
82 * 82 *
@@ -131,7 +131,7 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
131 * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure 131 * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure
132 * @cert: The structure to be initialized 132 * @cert: The structure to be initialized
133 * 133 *
134 * This function will deinitialize a CRL structure. 134 * This function will deinitialize a CRL structure.
135 * 135 *
136 **/ 136 **/
137void 137void
@@ -456,8 +456,8 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
456 * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm 456 * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm
457 * @cert: should contain a gnutls_x509_crt_t structure 457 * @cert: should contain a gnutls_x509_crt_t structure
458 * 458 *
459 * This function will return a value of the gnutls_sign_algorithm_t enumeration that 459 * This function will return a value of the gnutls_sign_algorithm_t enumeration that
460 * is the signature algorithm. 460 * is the signature algorithm.
461 * 461 *
462 * Returns a negative value on error. 462 * Returns a negative value on error.
463 * 463 *
@@ -635,11 +635,11 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
635 * @result: The place where the serial number will be copied 635 * @result: The place where the serial number will be copied
636 * @result_size: Holds the size of the result field. 636 * @result_size: Holds the size of the result field.
637 * 637 *
638 * This function will return the X.509 certificate's serial number. 638 * This function will return the X.509 certificate's serial number.
639 * This is obtained by the X509 Certificate serialNumber 639 * This is obtained by the X509 Certificate serialNumber
640 * field. Serial is not always a 32 or 64bit number. Some CAs use 640 * field. Serial is not always a 32 or 64bit number. Some CAs use
641 * large serial numbers, thus it may be wise to handle it as something 641 * large serial numbers, thus it may be wise to handle it as something
642 * opaque. 642 * opaque.
643 * 643 *
644 * Returns 0 on success and a negative value in case of an error. 644 * Returns 0 on success and a negative value in case of an error.
645 * 645 *
@@ -680,7 +680,7 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert,
680 * 680 *
681 * This function will return the X.509v3 certificate's subject key identifier. 681 * This function will return the X.509v3 certificate's subject key identifier.
682 * This is obtained by the X.509 Subject Key identifier extension 682 * This is obtained by the X.509 Subject Key identifier extension
683 * field (2.5.29.14). 683 * field (2.5.29.14).
684 * 684 *
685 * Returns 0 on success and a negative value in case of an error. 685 * Returns 0 on success and a negative value in case of an error.
686 * 686 *
@@ -850,11 +850,11 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
850 * @cert: should contain a gnutls_x509_crt_t structure 850 * @cert: should contain a gnutls_x509_crt_t structure
851 * @bits: if bits is non null it will hold the size of the parameters' in bits 851 * @bits: if bits is non null it will hold the size of the parameters' in bits
852 * 852 *
853 * This function will return the public key algorithm of an X.509 853 * This function will return the public key algorithm of an X.509
854 * certificate. 854 * certificate.
855 * 855 *
856 * If bits is non null, it should have enough size to hold the parameters 856 * If bits is non null, it should have enough size to hold the parameters
857 * size in bits. For RSA the bits returned is the modulus. 857 * size in bits. For RSA the bits returned is the modulus.
858 * For DSA the bits returned are of the public 858 * For DSA the bits returned are of the public
859 * exponent. 859 * exponent.
860 * 860 *
@@ -1353,7 +1353,7 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
1353 * @key_usage: where the key usage bits will be stored 1353 * @key_usage: where the key usage bits will be stored
1354 * @critical: will be non zero if the extension is marked as critical 1354 * @critical: will be non zero if the extension is marked as critical
1355 * 1355 *
1356 * This function will return certificate's key usage, by reading the 1356 * This function will return certificate's key usage, by reading the
1357 * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: 1357 * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the:
1358 * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, 1358 * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION,
1359 * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, 1359 * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT,
@@ -1547,7 +1547,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
1547 * The extension OID will be stored as a string in the provided buffer. 1547 * The extension OID will be stored as a string in the provided buffer.
1548 * 1548 *
1549 * A negative value may be returned in case of parsing error. 1549 * A negative value may be returned in case of parsing error.
1550 * If your have reached the last extension available 1550 * If your have reached the last extension available
1551 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. 1551 * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
1552 * 1552 *
1553 **/ 1553 **/
@@ -2166,7 +2166,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
2166 } 2166 }
2167 2167
2168 result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, 2168 result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data,
2169 output_data_size); 2169 output_data_size);
2170 2170
2171 gnutls_afree (pubkey.data); 2171 gnutls_afree (pubkey.data);
2172 2172
@@ -2813,7 +2813,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
2813 } 2813 }
2814 } 2814 }
2815 2815
2816 /* now we move ptr after the pem header 2816 /* now we move ptr after the pem header
2817 */ 2817 */
2818 ptr++; 2818 ptr++;
2819 /* find the next certificate (if any) 2819 /* find the next certificate (if any)
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h
index f779759f..d718767a 100644
--- a/src/daemon/https/x509/x509.h
+++ b/src/daemon/https/x509/x509.h
@@ -29,7 +29,7 @@
29 29
30#ifdef __cplusplus 30#ifdef __cplusplus
31extern "C" 31extern "C"
32 { 32{
33#endif 33#endif
34 34
35#include <gnutls.h> 35#include <gnutls.h>
@@ -78,7 +78,7 @@ extern "C"
78 78
79/* Certificate handling functions. 79/* Certificate handling functions.
80 */ 80 */
81typedef enum gnutls_certificate_import_flags 81 typedef enum gnutls_certificate_import_flags
82 { 82 {
83 /* Fail if the certificates in the buffer are more than the space 83 /* Fail if the certificates in the buffer are more than the space
84 * allocated for certificates. The error code will be 84 * allocated for certificates. The error code will be
@@ -87,71 +87,61 @@ typedef enum gnutls_certificate_import_flags
87 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 87 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
88 } gnutls_certificate_import_flags; 88 } gnutls_certificate_import_flags;
89 89
90int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); 90 int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
91void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); 91 void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
92int gnutls_x509_crt_import(gnutls_x509_crt_t cert, 92 int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
93 const gnutls_datum_t * data, 93 const gnutls_datum_t * data,
94 gnutls_x509_crt_fmt_t format); 94 gnutls_x509_crt_fmt_t format);
95int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, 95 int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
96 unsigned int *cert_max, 96 unsigned int *cert_max,
97 const gnutls_datum_t * data, 97 const gnutls_datum_t * data,
98 gnutls_x509_crt_fmt_t format, 98 gnutls_x509_crt_fmt_t format,
99 unsigned int flags); 99 unsigned int flags);
100int gnutls_x509_crt_export(gnutls_x509_crt_t cert, 100 int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
101 gnutls_x509_crt_fmt_t format, 101 gnutls_x509_crt_fmt_t format,
102 void *output_data, 102 void *output_data, size_t * output_data_size);
103 size_t * output_data_size); 103 int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert,
104int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, 104 char *buf, size_t * sizeof_buf);
105 char *buf, 105 int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
106 size_t * sizeof_buf);
107int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert,
108 int indx,
109 void *oid,
110 size_t * sizeof_oid);
111int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
112 const char *oid,
113 int indx, 106 int indx,
114 unsigned int raw_flag, 107 void *oid, size_t * sizeof_oid);
115 void *buf, 108 int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
116 size_t * sizeof_buf); 109 const char *oid,
117int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, 110 int indx,
118 char *buf, 111 unsigned int raw_flag,
119 size_t * sizeof_buf); 112 void *buf, size_t * sizeof_buf);
120int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, 113 int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert,
121 int indx, 114 char *buf, size_t * sizeof_buf);
122 void *oid, 115 int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
123 size_t * sizeof_oid); 116 int indx, void *oid, size_t * sizeof_oid);
124int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, 117 int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
125 const char *oid, 118 const char *oid,
126 int indx, 119 int indx,
127 unsigned int raw_flag, 120 unsigned int raw_flag,
128 void *buf, 121 void *buf, size_t * sizeof_buf);
129 size_t * sizeof_buf); 122 int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
130int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, 123 const char *hostname);
131 const char *hostname); 124
132 125 int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
133int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); 126 int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
134int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, 127 char *sig, size_t * sizeof_sig);
135 char *sig, 128 int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
136 size_t *sizeof_sig); 129 int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
137int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); 130 unsigned int flags,
138int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, 131 unsigned char *output_data,
139 unsigned int flags, 132 size_t * output_data_size);
140 unsigned char *output_data, 133
141 size_t * output_data_size); 134 int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
142 135 const void *id, size_t id_size);
143int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, 136 int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
144 const void *id, 137 void *ret,
145 size_t id_size); 138 size_t * ret_size,
146int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, 139 unsigned int *critical);
147 void *ret, 140
148 size_t * ret_size, 141 int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
149 unsigned int *critical); 142 void *ret,
150 143 size_t * ret_size,
151int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, 144 unsigned int *critical);
152 void *ret,
153 size_t * ret_size,
154 unsigned int *critical);
155 145
156#define GNUTLS_CRL_REASON_UNUSED 128 146#define GNUTLS_CRL_REASON_UNUSED 128
157#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 147#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
@@ -163,336 +153,303 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert,
163#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 153#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
164#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 154#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
165 155
166int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, 156 int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
167 unsigned int seq, 157 unsigned int seq,
168 void *ret, 158 void *ret,
169 size_t * ret_size, 159 size_t * ret_size,
170 unsigned int *reason_flags, 160 unsigned int *reason_flags,
171 unsigned int *critical); 161 unsigned int *critical);
172int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, 162 int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
173 gnutls_x509_subject_alt_name_t 163 gnutls_x509_subject_alt_name_t
174 type, 164 type,
175 const void *data_string, 165 const void *data_string,
176 unsigned int reason_flags); 166 unsigned int reason_flags);
177int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, 167 int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
178 gnutls_x509_crt_t src); 168 gnutls_x509_crt_t src);
179 169
180time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); 170 time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
181time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); 171 time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
182int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, 172 int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert,
183 void *result, 173 void *result, size_t * result_size);
184 size_t * result_size); 174
185 175 int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
186int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, 176 unsigned int *bits);
187 unsigned int *bits); 177 int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
188int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, 178 gnutls_datum_t * m, gnutls_datum_t * e);
189 gnutls_datum_t * m, 179 int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
190 gnutls_datum_t * e); 180 gnutls_datum_t * p,
191int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, 181 gnutls_datum_t * q,
192 gnutls_datum_t * p, 182 gnutls_datum_t * g, gnutls_datum_t * y);
193 gnutls_datum_t * q, 183
194 gnutls_datum_t * g, 184 int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
195 gnutls_datum_t * y); 185 unsigned int seq,
196 186 void *ret,
197int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, 187 size_t * ret_size,
198 unsigned int seq, 188 unsigned int *critical);
199 void *ret, 189 int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
200 size_t * ret_size, 190 unsigned int seq,
201 unsigned int *critical); 191 void *ret,
202int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, 192 size_t * ret_size,
203 unsigned int seq, 193 unsigned int *ret_type,
204 void *ret, 194 unsigned int *critical);
205 size_t * ret_size, 195
206 unsigned int* ret_type, 196 int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
207 unsigned int *critical); 197 unsigned int seq,
208 198 void *ret,
209int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, 199 size_t * ret_size);
210 unsigned int seq, 200
211 void *ret, 201 int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
212 size_t * ret_size); 202 unsigned int *critical);
213 203 int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
214int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, 204 unsigned int *critical,
215 unsigned int *critical); 205 int *ca, int *pathlen);
216int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert,
217 unsigned int *critical,
218 int *ca,
219 int *pathlen);
220 206
221/* The key_usage flags are defined in gnutls.h. They are the 207/* The key_usage flags are defined in gnutls.h. They are the
222 * GNUTLS_KEY_* definitions. 208 * GNUTLS_KEY_* definitions.
223 */ 209 */
224int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, 210 int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
225 unsigned int *key_usage, 211 unsigned int *key_usage,
226 unsigned int *critical); 212 unsigned int *critical);
227int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, 213 int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
228 unsigned int usage); 214 unsigned int usage);
229 215
230int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, 216 int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
231 unsigned int *critical, 217 unsigned int *critical,
232 int *pathlen, 218 int *pathlen,
233 char **policyLanguage, 219 char **policyLanguage,
234 char **policy, 220 char **policy, size_t * sizeof_policy);
235 size_t *sizeof_policy);
236 221
237int gnutls_x509_dn_oid_known(const char *oid); 222 int gnutls_x509_dn_oid_known (const char *oid);
238 223
239/* Read extensions by OID. */ 224/* Read extensions by OID. */
240int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, 225 int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
241 int indx,
242 void *oid,
243 size_t * sizeof_oid);
244int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert,
245 const char *oid,
246 int indx, 226 int indx,
247 void *buf, 227 void *oid, size_t * sizeof_oid);
248 size_t * sizeof_buf, 228 int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
249 unsigned int *critical); 229 const char *oid,
230 int indx,
231 void *buf,
232 size_t * sizeof_buf,
233 unsigned int *critical);
250 234
251/* Read extensions by sequence number. */ 235/* Read extensions by sequence number. */
252int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, 236 int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert,
253 int indx, 237 int indx,
254 void *oid, 238 void *oid,
255 size_t * sizeof_oid, 239 size_t * sizeof_oid, int *critical);
256 int *critical); 240 int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert,
257int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, 241 int indx,
258 int indx, 242 void *data, size_t * sizeof_data);
259 void *data, 243
260 size_t * sizeof_data); 244 int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
261 245 const char *oid,
262int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, 246 const void *buf,
263 const char *oid, 247 size_t sizeof_buf,
264 const void *buf, 248 unsigned int critical);
265 size_t sizeof_buf,
266 unsigned int critical);
267 249
268/* X.509 Certificate writing. 250/* X.509 Certificate writing.
269 */ 251 */
270int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, 252 int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
271 const char *oid, 253 const char *oid,
272 unsigned int raw_flag, 254 unsigned int raw_flag,
273 const void *name, 255 const void *name,
274 unsigned int sizeof_name); 256 unsigned int sizeof_name);
275int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, 257 int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
276 const char *oid, 258 const char *oid,
277 unsigned int raw_flag, 259 unsigned int raw_flag,
278 const void *name, 260 const void *name,
279 unsigned int sizeof_name); 261 unsigned int sizeof_name);
280int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, 262 int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
281 unsigned int version); 263 unsigned int version);
282int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, 264 int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
283 gnutls_x509_privkey_t key); 265 gnutls_x509_privkey_t key);
284int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, 266 int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
285 unsigned int ca); 267 int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
286int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, 268 unsigned int ca,
287 unsigned int ca, 269 int pathLenConstraint);
288 int pathLenConstraint); 270 int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
289int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, 271 gnutls_x509_subject_alt_name_t
290 gnutls_x509_subject_alt_name_t 272 type,
291 type, 273 const char *data_string);
292 const char *data_string); 274 int gnutls_x509_crt_sign (gnutls_x509_crt_t crt,
293int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, 275 gnutls_x509_crt_t issuer,
294 gnutls_x509_crt_t issuer, 276 gnutls_x509_privkey_t issuer_key);
295 gnutls_x509_privkey_t issuer_key); 277 int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt,
296int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, 278 gnutls_x509_crt_t issuer,
297 gnutls_x509_crt_t issuer, 279 gnutls_x509_privkey_t issuer_key,
298 gnutls_x509_privkey_t issuer_key, 280 enum MHD_GNUTLS_HashAlgorithm,
299 enum MHD_GNUTLS_HashAlgorithm, 281 unsigned int flags);
300 unsigned int flags); 282 int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
301int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, 283 time_t act_time);
302 time_t act_time); 284 int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
303int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, 285 time_t exp_time);
304 time_t exp_time); 286 int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert,
305int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, 287 const void *serial, size_t serial_size);
306 const void *serial, 288
307 size_t serial_size); 289 int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
308 290 const void *id, size_t id_size);
309int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, 291
310 const void *id, 292 int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
311 size_t id_size); 293 gnutls_x509_crt_t eecrt,
312 294 unsigned int raw_flag,
313int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, 295 const void *name,
314 gnutls_x509_crt_t eecrt, 296 unsigned int sizeof_name);
315 unsigned int raw_flag, 297 int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
316 const void *name, 298 int pathLenConstraint,
317 unsigned int sizeof_name); 299 const char *policyLanguage,
318int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, 300 const char *policy, size_t sizeof_policy);
319 int pathLenConstraint, 301
320 const char *policyLanguage, 302 typedef enum gnutls_certificate_print_formats
321 const char *policy,
322 size_t sizeof_policy);
323
324typedef enum gnutls_certificate_print_formats
325 { 303 {
326 GNUTLS_X509_CRT_FULL, 304 GNUTLS_X509_CRT_FULL,
327 GNUTLS_X509_CRT_ONELINE, 305 GNUTLS_X509_CRT_ONELINE,
328 GNUTLS_X509_CRT_UNSIGNED_FULL 306 GNUTLS_X509_CRT_UNSIGNED_FULL
329 } gnutls_certificate_print_formats_t; 307 } gnutls_certificate_print_formats_t;
330 308
331int gnutls_x509_crt_print(gnutls_x509_crt_t cert, 309 int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
332 gnutls_certificate_print_formats_t format, 310 gnutls_certificate_print_formats_t format,
333 gnutls_datum_t *out); 311 gnutls_datum_t * out);
334int gnutls_x509_crl_print(gnutls_x509_crl_t crl, 312 int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
335 gnutls_certificate_print_formats_t format, 313 gnutls_certificate_print_formats_t format,
336 gnutls_datum_t *out); 314 gnutls_datum_t * out);
337 315
338/* Access to internal Certificate fields. 316/* Access to internal Certificate fields.
339 */ 317 */
340int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, 318 int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
341 gnutls_datum_t * start); 319 gnutls_datum_t * start);
342int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, 320 int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
343 gnutls_datum_t * start); 321 gnutls_datum_t * start);
344 322
345/* RDN handling. 323/* RDN handling.
346 */ 324 */
347int gnutls_x509_rdn_get(const gnutls_datum_t * idn, 325 int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
348 char *buf, 326 char *buf, size_t * sizeof_buf);
349 size_t * sizeof_buf); 327 int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
350int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, 328 int indx, void *buf, size_t * sizeof_buf);
351 int indx, 329
352 void *buf, 330 int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
353 size_t * sizeof_buf); 331 const char *oid,
354 332 int indx,
355int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, 333 unsigned int raw_flag,
356 const char *oid, 334 void *buf, size_t * sizeof_buf);
357 int indx, 335
358 unsigned int raw_flag, 336 typedef void *gnutls_x509_dn_t;
359 void *buf, 337
360 size_t * sizeof_buf); 338 typedef struct gnutls_x509_ava_st
361
362typedef void *gnutls_x509_dn_t;
363
364typedef struct gnutls_x509_ava_st
365 { 339 {
366 gnutls_datum_t oid; 340 gnutls_datum_t oid;
367 gnutls_datum_t value; 341 gnutls_datum_t value;
368 unsigned long value_tag; 342 unsigned long value_tag;
369 } gnutls_x509_ava_st; 343 } gnutls_x509_ava_st;
370 344
371int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, 345 int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
372 gnutls_x509_dn_t *dn); 346 gnutls_x509_dn_t * dn);
373int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, 347 int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
374 gnutls_x509_dn_t *dn); 348 gnutls_x509_dn_t * dn);
375int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, 349 int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
376 int irdn, 350 int irdn,
377 int iava, 351 int iava, gnutls_x509_ava_st * avast);
378 gnutls_x509_ava_st *avast);
379 352
380/* CRL handling functions. 353/* CRL handling functions.
381 */ 354 */
382int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); 355 int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
383void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); 356 void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
384 357
385int gnutls_x509_crl_import(gnutls_x509_crl_t crl, 358 int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
386 const gnutls_datum_t * data, 359 const gnutls_datum_t * data,
387 gnutls_x509_crt_fmt_t format); 360 gnutls_x509_crt_fmt_t format);
388int gnutls_x509_crl_export(gnutls_x509_crl_t crl, 361 int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
389 gnutls_x509_crt_fmt_t format, 362 gnutls_x509_crt_fmt_t format,
390 void *output_data, 363 void *output_data, size_t * output_data_size);
391 size_t * output_data_size); 364
392 365 int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
393int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, 366 char *buf, size_t * sizeof_buf);
394 char *buf, 367 int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
395 size_t * sizeof_buf); 368 const char *oid,
396int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, 369 int indx,
397 const char *oid, 370 unsigned int raw_flag,
398 int indx, 371 void *buf, size_t * sizeof_buf);
399 unsigned int raw_flag, 372 int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
400 void *buf, 373 int indx, void *oid, size_t * sizeof_oid);
401 size_t * sizeof_buf); 374
402int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, 375 int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
403 int indx, 376 int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
404 void *oid, 377 char *sig, size_t * sizeof_sig);
405 size_t * sizeof_oid); 378 int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
406 379
407int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); 380 time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
408int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, 381 time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
409 char *sig, 382
410 size_t *sizeof_sig); 383 int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
411int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); 384 int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl,
412 385 int indx,
413time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); 386 unsigned char *serial,
414time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); 387 size_t * serial_size, time_t * t);
415
416int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
417int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl,
418 int indx,
419 unsigned char *serial,
420 size_t * serial_size,
421 time_t * t);
422#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count 388#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
423#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial 389#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
424 390
425int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, 391 int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
426 gnutls_x509_crt_t issuer); 392 gnutls_x509_crt_t issuer);
427 393
428/* CRL writing. 394/* CRL writing.
429 */ 395 */
430int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, 396 int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
431 unsigned int version); 397 unsigned int version);
432int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, 398 int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
433 gnutls_x509_crt_t issuer, 399 gnutls_x509_crt_t issuer,
434 gnutls_x509_privkey_t issuer_key); 400 gnutls_x509_privkey_t issuer_key);
435int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, 401 int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
436 gnutls_x509_crt_t issuer, 402 gnutls_x509_crt_t issuer,
437 gnutls_x509_privkey_t issuer_key, 403 gnutls_x509_privkey_t issuer_key,
438 enum MHD_GNUTLS_HashAlgorithm, 404 enum MHD_GNUTLS_HashAlgorithm,
439 unsigned int flags); 405 unsigned int flags);
440int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, 406 int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
441 time_t act_time); 407 time_t act_time);
442int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, 408 int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
443 time_t exp_time); 409 time_t exp_time);
444int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, 410 int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
445 const void *serial, 411 const void *serial,
446 size_t serial_size, 412 size_t serial_size,
447 time_t revocation_time); 413 time_t revocation_time);
448int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, 414 int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
449 gnutls_x509_crt_t crt, 415 gnutls_x509_crt_t crt, time_t revocation_time);
450 time_t revocation_time);
451 416
452/* PKCS7 structures handling 417/* PKCS7 structures handling
453 */ 418 */
454struct gnutls_pkcs7_int; 419 struct gnutls_pkcs7_int;
455typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; 420 typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
456 421
457int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); 422 int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
458void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); 423 void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
459int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, 424 int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
460 const gnutls_datum_t * data, 425 const gnutls_datum_t * data,
461 gnutls_x509_crt_fmt_t format); 426 gnutls_x509_crt_fmt_t format);
462int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, 427 int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
463 gnutls_x509_crt_fmt_t format, 428 gnutls_x509_crt_fmt_t format,
464 void *output_data, 429 void *output_data, size_t * output_data_size);
465 size_t * output_data_size); 430
466 431 int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
467int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); 432 int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
468int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, 433 int indx,
469 int indx, 434 void *certificate, size_t * certificate_size);
470 void *certificate, 435
471 size_t * certificate_size); 436 int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
472 437 const gnutls_datum_t * crt);
473int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, 438 int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
474 const gnutls_datum_t * crt); 439 int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
475int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, 440
476 gnutls_x509_crt_t crt); 441 int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
477int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, 442 int indx, void *crl, size_t * crl_size);
478 int indx); 443 int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
479 444
480int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, 445 int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
481 int indx, 446 const gnutls_datum_t * crt);
482 void *crl, 447 int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
483 size_t * crl_size); 448 int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
484int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7);
485
486int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7,
487 const gnutls_datum_t * crt);
488int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7,
489 gnutls_x509_crl_t crl);
490int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7,
491 int indx);
492 449
493/* X.509 Certificate verification functions. 450/* X.509 Certificate verification functions.
494 */ 451 */
495typedef enum gnutls_certificate_verify_flags 452 typedef enum gnutls_certificate_verify_flags
496 { 453 {
497 /* If set a signer does not have to be a certificate authority. This 454 /* If set a signer does not have to be a certificate authority. This
498 * flag should normaly be disabled, unless you know what this means. 455 * flag should normaly be disabled, unless you know what this means.
@@ -527,58 +484,53 @@ typedef enum gnutls_certificate_verify_flags
527 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 484 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32
528 } gnutls_certificate_verify_flags; 485 } gnutls_certificate_verify_flags;
529 486
530int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, 487 int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
531 gnutls_x509_crt_t issuer); 488 gnutls_x509_crt_t issuer);
532 489
533int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, 490 int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
534 int cert_list_length, 491 int cert_list_length,
535 const gnutls_x509_crt_t * CA_list, 492 const gnutls_x509_crt_t * CA_list,
536 int CA_list_length, 493 int CA_list_length,
537 const gnutls_x509_crl_t * CRL_list, 494 const gnutls_x509_crl_t * CRL_list,
538 int CRL_list_length, 495 int CRL_list_length,
539 unsigned int flags, 496 unsigned int flags, unsigned int *verify);
540 unsigned int *verify); 497
541 498 int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
542int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, 499 const gnutls_x509_crt_t * CA_list,
543 const gnutls_x509_crt_t * CA_list, 500 int CA_list_length,
544 int CA_list_length, 501 unsigned int flags, unsigned int *verify);
545 unsigned int flags, 502 int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
546 unsigned int *verify); 503 const gnutls_x509_crt_t * CA_list,
547int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, 504 int CA_list_length,
548 const gnutls_x509_crt_t * CA_list, 505 unsigned int flags, unsigned int *verify);
549 int CA_list_length, 506
550 unsigned int flags, 507 int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
551 unsigned int *verify); 508 const gnutls_x509_crl_t *
552 509 crl_list, int crl_list_length);
553int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, 510
554 const gnutls_x509_crl_t * 511 int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
555 crl_list, 512 enum MHD_GNUTLS_HashAlgorithm algo,
556 int crl_list_length); 513 void *buf, size_t * sizeof_buf);
557 514
558int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, 515 int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
559 enum MHD_GNUTLS_HashAlgorithm algo, 516 int indx,
560 void *buf, 517 void *oid,
561 size_t * sizeof_buf); 518 size_t * sizeof_oid,
562 519 unsigned int *critical);
563int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, 520 int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
564 int indx, 521 const void *oid,
565 void *oid, 522 unsigned int critical);
566 size_t * sizeof_oid,
567 unsigned int *critical);
568int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert,
569 const void *oid,
570 unsigned int critical);
571 523
572/* Private key handling. 524/* Private key handling.
573 */ 525 */
574 526
575/* Flags for the gnutls_x509_privkey_export_pkcs8() function. 527/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
576 */ 528 */
577typedef enum gnutls_pkcs_encrypt_flags_t 529 typedef enum gnutls_pkcs_encrypt_flags_t
578 { 530 {
579 GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not 531 GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not
580 * be encrypted. 532 * be encrypted.
581 */ 533 */
582 GNUTLS_PKCS_USE_PKCS12_3DES = 2, 534 GNUTLS_PKCS_USE_PKCS12_3DES = 2,
583 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, 535 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
584 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, 536 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
@@ -590,154 +542,143 @@ typedef enum gnutls_pkcs_encrypt_flags_t
590#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR 542#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
591#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 543#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
592 544
593int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); 545 int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
594void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); 546 void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
595int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, 547 int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
596 gnutls_x509_privkey_t src); 548 gnutls_x509_privkey_t src);
597int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, 549 int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
598 const gnutls_datum_t * data, 550 const gnutls_datum_t * data,
599 gnutls_x509_crt_fmt_t format); 551 gnutls_x509_crt_fmt_t format);
600int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, 552 int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
601 const gnutls_datum_t * data, 553 const gnutls_datum_t * data,
602 gnutls_x509_crt_fmt_t format, 554 gnutls_x509_crt_fmt_t format,
603 const char *pass, 555 const char *pass, unsigned int flags);
604 unsigned int flags); 556 int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
605int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, 557 const gnutls_datum_t * m,
606 const gnutls_datum_t * m, 558 const gnutls_datum_t * e,
607 const gnutls_datum_t * e, 559 const gnutls_datum_t * d,
608 const gnutls_datum_t * d, 560 const gnutls_datum_t * p,
609 const gnutls_datum_t * p, 561 const gnutls_datum_t * q,
610 const gnutls_datum_t * q, 562 const gnutls_datum_t * u);
611 const gnutls_datum_t * u); 563 int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
612int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); 564
613 565 int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
614int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, 566 gnutls_datum_t * p,
615 gnutls_datum_t * p, 567 gnutls_datum_t * q,
616 gnutls_datum_t * q, 568 gnutls_datum_t * g,
617 gnutls_datum_t * g, 569 gnutls_datum_t * y,
618 gnutls_datum_t * y, 570 gnutls_datum_t * x);
619 gnutls_datum_t * x); 571 int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
620int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, 572 const gnutls_datum_t * p,
621 const gnutls_datum_t * p, 573 const gnutls_datum_t * q,
622 const gnutls_datum_t * q, 574 const gnutls_datum_t * g,
623 const gnutls_datum_t * g, 575 const gnutls_datum_t * y,
624 const gnutls_datum_t * y, 576 const gnutls_datum_t * x);
625 const gnutls_datum_t * x); 577
626 578 int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
627int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); 579 int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
628int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, 580 unsigned int flags,
629 unsigned int flags, 581 unsigned char *output_data,
630 unsigned char *output_data, 582 size_t * output_data_size);
631 size_t * output_data_size); 583
632 584 int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
633int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, 585 enum MHD_GNUTLS_PublicKeyAlgorithm algo,
634 enum MHD_GNUTLS_PublicKeyAlgorithm algo, 586 unsigned int bits, unsigned int flags);
635 unsigned int bits, 587
636 unsigned int flags); 588 int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
637 589 gnutls_x509_crt_fmt_t format,
638int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, 590 void *output_data,
639 gnutls_x509_crt_fmt_t format, 591 size_t * output_data_size);
640 void *output_data, 592 int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
641 size_t * output_data_size); 593 gnutls_x509_crt_fmt_t format,
642int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, 594 const char *password,
643 gnutls_x509_crt_fmt_t format, 595 unsigned int flags,
644 const char *password, 596 void *output_data,
645 unsigned int flags, 597 size_t * output_data_size);
646 void *output_data, 598 int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
647 size_t * output_data_size); 599 gnutls_datum_t * m,
648int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, 600 gnutls_datum_t * e,
649 gnutls_datum_t * m, 601 gnutls_datum_t * d,
650 gnutls_datum_t * e, 602 gnutls_datum_t * p,
651 gnutls_datum_t * d, 603 gnutls_datum_t * q,
652 gnutls_datum_t * p, 604 gnutls_datum_t * u);
653 gnutls_datum_t * q,
654 gnutls_datum_t * u);
655 605
656/* Signing stuff. 606/* Signing stuff.
657 */ 607 */
658int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, 608 int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
659 enum MHD_GNUTLS_HashAlgorithm digest, 609 enum MHD_GNUTLS_HashAlgorithm digest,
660 unsigned int flags, 610 unsigned int flags,
661 const gnutls_datum_t * data, 611 const gnutls_datum_t * data,
662 void *signature, 612 void *signature,
663 size_t * signature_size); 613 size_t * signature_size);
664int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, 614 int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
665 unsigned int flags, 615 unsigned int flags,
666 const gnutls_datum_t * data, 616 const gnutls_datum_t * data,
667 const gnutls_datum_t * signature); 617 const gnutls_datum_t * signature);
668int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, 618 int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
669 unsigned int flags, 619 unsigned int flags,
670 const gnutls_datum_t * data, 620 const gnutls_datum_t * data,
671 const gnutls_datum_t * signature); 621 const gnutls_datum_t * signature);
672 622
673int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, 623 int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
674 const gnutls_datum_t * hash, 624 const gnutls_datum_t * hash,
675 gnutls_datum_t * signature); 625 gnutls_datum_t * signature);
676 626
677/* Certificate request stuff. 627/* Certificate request stuff.
678 */ 628 */
679struct gnutls_x509_crq_int; 629 struct gnutls_x509_crq_int;
680typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; 630 typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
681 631
682int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); 632 int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
683void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); 633 void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
684int gnutls_x509_crq_import(gnutls_x509_crq_t crq, 634 int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
685 const gnutls_datum_t * data, 635 const gnutls_datum_t * data,
686 gnutls_x509_crt_fmt_t format); 636 gnutls_x509_crt_fmt_t format);
687int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, 637 int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
688 unsigned int *bits); 638 unsigned int *bits);
689int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, 639 int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq,
690 char *buf, 640 char *buf, size_t * sizeof_buf);
691 size_t * sizeof_buf); 641 int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
692int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, 642 int indx, void *oid, size_t * sizeof_oid);
693 int indx, 643 int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
694 void *oid, 644 const char *oid,
695 size_t * sizeof_oid); 645 int indx,
696int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, 646 unsigned int raw_flag,
697 const char *oid, 647 void *buf, size_t * sizeof_buf);
698 int indx, 648 int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
699 unsigned int raw_flag, 649 const char *oid,
700 void *buf, 650 unsigned int raw_flag,
701 size_t * sizeof_buf); 651 const void *name,
702int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, 652 unsigned int sizeof_name);
703 const char *oid, 653 int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
704 unsigned int raw_flag, 654 unsigned int version);
705 const void *name, 655 int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
706 unsigned int sizeof_name); 656 gnutls_x509_privkey_t key);
707int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, 657 int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
708 unsigned int version); 658 gnutls_x509_privkey_t key,
709int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, 659 enum MHD_GNUTLS_HashAlgorithm,
710 gnutls_x509_privkey_t key); 660 unsigned int flags);
711int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, 661 int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key);
712 gnutls_x509_privkey_t key, 662
713 enum MHD_GNUTLS_HashAlgorithm, 663 int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
714 unsigned int flags); 664 const char *pass);
715int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, 665 int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
716 gnutls_x509_privkey_t key); 666 char *pass,
717 667 size_t * sizeof_pass);
718int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, 668
719 const char *pass); 669 int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
720int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, 670 const char *oid,
721 char *pass, 671 void *buf, size_t sizeof_buf);
722 size_t * sizeof_pass); 672 int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
723 673 const char *oid,
724int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, 674 int indx,
725 const char *oid, 675 void *buf, size_t * sizeof_buf);
726 void *buf, 676
727 size_t sizeof_buf); 677 int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
728int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, 678 gnutls_x509_crt_fmt_t format,
729 const char *oid, 679 void *output_data, size_t * output_data_size);
730 int indx, 680
731 void *buf, 681 int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
732 size_t * sizeof_buf);
733
734int gnutls_x509_crq_export(gnutls_x509_crq_t crq,
735 gnutls_x509_crt_fmt_t format,
736 void *output_data,
737 size_t * output_data_size);
738
739int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt,
740 gnutls_x509_crq_t crq);
741 682
742#ifdef __cplusplus 683#ifdef __cplusplus
743} 684}
@@ -752,17 +693,17 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt,
752#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" 693#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
753 694
754typedef struct gnutls_x509_crl_int 695typedef struct gnutls_x509_crl_int
755 { 696{
756 ASN1_TYPE crl; 697 ASN1_TYPE crl;
757 } gnutls_x509_crl_int; 698} gnutls_x509_crl_int;
758 699
759typedef struct gnutls_x509_crt_int 700typedef struct gnutls_x509_crt_int
760 { 701{
761 ASN1_TYPE cert; 702 ASN1_TYPE cert;
762 int use_extensions; 703 int use_extensions;
763 } gnutls_x509_crt_int; 704} gnutls_x509_crt_int;
764 705
765#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ 706#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */
766 707
767/* parameters should not be larger than this limit */ 708/* parameters should not be larger than this limit */
768#define DSA_PRIVATE_PARAMS 5 709#define DSA_PRIVATE_PARAMS 5
@@ -779,140 +720,130 @@ typedef struct gnutls_x509_crt_int
779#endif 720#endif
780 721
781typedef struct MHD_gtls_x509_privkey_int 722typedef struct MHD_gtls_x509_privkey_int
782 { 723{
783 mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public 724 mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public
784 * key algorithm 725 * key algorithm
785 */ 726 */
786 /* 727 /*
787 * RSA: [0] is modulus 728 * RSA: [0] is modulus
788 * [1] is public exponent 729 * [1] is public exponent
789 * [2] is private exponent 730 * [2] is private exponent
790 * [3] is prime1 (p) 731 * [3] is prime1 (p)
791 * [4] is prime2 (q) 732 * [4] is prime2 (q)
792 * [5] is coefficient (u == inverse of p mod q) 733 * [5] is coefficient (u == inverse of p mod q)
793 * note that other packages used inverse of q mod p, 734 * note that other packages used inverse of q mod p,
794 * so we need to perform conversions. 735 * so we need to perform conversions.
795 * DSA: [0] is p 736 * DSA: [0] is p
796 * [1] is q 737 * [1] is q
797 * [2] is g 738 * [2] is g
798 * [3] is y (public key) 739 * [3] is y (public key)
799 * [4] is x (private key) 740 * [4] is x (private key)
800 */ 741 */
801 int params_size; /* holds the number of params */ 742 int params_size; /* holds the number of params */
802 743
803 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; 744 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
804 745
805 int crippled; /* The crippled keys will not use the ASN1_TYPE key. 746 int crippled; /* The crippled keys will not use the ASN1_TYPE key.
806 * The encoding will only be performed at the export 747 * The encoding will only be performed at the export
807 * phase, to optimize copying etc. Cannot be used with 748 * phase, to optimize copying etc. Cannot be used with
808 * the exported API (used internally only). 749 * the exported API (used internally only).
809 */ 750 */
810 ASN1_TYPE key; 751 ASN1_TYPE key;
811 } gnutls_x509_privkey_int; 752} gnutls_x509_privkey_int;
812 753
813int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, 754int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
814 const char *oid, 755 const char *oid,
815 int indx, 756 int indx,
816 unsigned int raw_flag, 757 unsigned int raw_flag,
817 void *buf, 758 void *buf, size_t * sizeof_buf);
818 size_t * sizeof_buf); 759int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
819int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, 760 unsigned int seq,
820 unsigned int seq, 761 void *ret,
821 void *ret, 762 size_t * ret_size,
822 size_t * ret_size, 763 unsigned int *critical);
823 unsigned int *critical); 764int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
824int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, 765 const char *oid,
825 const char *oid,
826 int indx,
827 unsigned int raw_flag,
828 void *buf,
829 size_t * sizeof_buf);
830int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
831 unsigned int *critical);
832int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
833 unsigned int *bits);
834
835int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest,
836 gnutls_x509_crt_t src);
837
838int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert,
839 void *result,
840 size_t * result_size);
841
842int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
843 const gnutls_datum_t * dn2);
844
845int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
846 const gnutls_x509_crl_t * crl_list,
847 int crl_list_length);
848
849int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest,
850 gnutls_x509_crl_t src);
851int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
852 gnutls_datum_t * dn);
853int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
854int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl,
855 int indx, 766 int indx,
856 unsigned char *serial, 767 unsigned int raw_flag,
857 size_t * serial_size, 768 void *buf, size_t * sizeof_buf);
858 time_t * t); 769int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
859 770 unsigned int *critical);
860void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); 771int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
861int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); 772 unsigned int *bits);
862int gnutls_x509_crl_import(gnutls_x509_crl_t crl, 773
863 const gnutls_datum_t * data, 774int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
864 gnutls_x509_crt_fmt_t format); 775
865int gnutls_x509_crl_export(gnutls_x509_crl_t crl, 776int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert,
866 gnutls_x509_crt_fmt_t format, 777 void *result, size_t * result_size);
867 void *output_data, 778
868 size_t * output_data_size); 779int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
869 780 const gnutls_datum_t * dn2);
870int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); 781
871void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); 782int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
872int gnutls_x509_crt_import(gnutls_x509_crt_t cert, 783 const gnutls_x509_crl_t * crl_list,
873 const gnutls_datum_t * data, 784 int crl_list_length);
874 gnutls_x509_crt_fmt_t format); 785
875int gnutls_x509_crt_export(gnutls_x509_crt_t cert, 786int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
876 gnutls_x509_crt_fmt_t format, 787int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
877 void *output_data, 788 gnutls_datum_t * dn);
878 size_t * output_data_size); 789int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
879 790int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl,
880int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, 791 int indx,
881 unsigned int *key_usage, 792 unsigned char *serial,
882 unsigned int *critical); 793 size_t * serial_size, time_t * t);
883int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); 794
884int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); 795void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
885 796int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
886int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); 797int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
887void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); 798 const gnutls_datum_t * data,
888 799 gnutls_x509_crt_fmt_t format);
889int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, 800int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
890 enum MHD_GNUTLS_PublicKeyAlgorithm algo, 801 gnutls_x509_crt_fmt_t format,
891 unsigned int bits, 802 void *output_data, size_t * output_data_size);
892 unsigned int flags); 803
893 804int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
894int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, 805void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
895 const gnutls_datum_t * data, 806int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
896 gnutls_x509_crt_fmt_t format); 807 const gnutls_datum_t * data,
897int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); 808 gnutls_x509_crt_fmt_t format);
898int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, 809int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
899 const gnutls_datum_t * m, 810 gnutls_x509_crt_fmt_t format,
900 const gnutls_datum_t * e, 811 void *output_data, size_t * output_data_size);
901 const gnutls_datum_t * d, 812
902 const gnutls_datum_t * p, 813int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
903 const gnutls_datum_t * q, 814 unsigned int *key_usage,
904 const gnutls_datum_t * u); 815 unsigned int *critical);
905int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, 816int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
906 gnutls_datum_t * m, 817int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
907 gnutls_datum_t * e, 818
908 gnutls_datum_t * d, 819int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
909 gnutls_datum_t * p, 820void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
910 gnutls_datum_t * q, 821
911 gnutls_datum_t * u); 822int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
912int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, 823 enum MHD_GNUTLS_PublicKeyAlgorithm algo,
913 gnutls_x509_crt_fmt_t format, 824 unsigned int bits, unsigned int flags);
914 void *output_data, 825
915 size_t * output_data_size); 826int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
827 const gnutls_datum_t * data,
828 gnutls_x509_crt_fmt_t format);
829int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
830int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
831 const gnutls_datum_t * m,
832 const gnutls_datum_t * e,
833 const gnutls_datum_t * d,
834 const gnutls_datum_t * p,
835 const gnutls_datum_t * q,
836 const gnutls_datum_t * u);
837int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
838 gnutls_datum_t * m,
839 gnutls_datum_t * e,
840 gnutls_datum_t * d,
841 gnutls_datum_t * p,
842 gnutls_datum_t * q,
843 gnutls_datum_t * u);
844int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
845 gnutls_x509_crt_fmt_t format,
846 void *output_data, size_t * output_data_size);
916 847
917#define GNUTLS_CRL_REASON_UNUSED 128 848#define GNUTLS_CRL_REASON_UNUSED 128
918#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 849#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c
index 5e58cffb..e890843d 100644
--- a/src/daemon/https/x509/x509_privkey.c
+++ b/src/daemon/https/x509/x509_privkey.c
@@ -446,7 +446,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
446 * 446 *
447 * This function will convert the given RSA raw parameters 447 * This function will convert the given RSA raw parameters
448 * to the native gnutls_x509_privkey_t format. The output will be stored in @key. 448 * to the native gnutls_x509_privkey_t format. The output will be stored in @key.
449 * 449 *
450 **/ 450 **/
451int 451int
452gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, 452gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
@@ -646,7 +646,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
646 * This function will export the RSA private key's parameters found in the given 646 * This function will export the RSA private key's parameters found in the given
647 * structure. The new parameters will be allocated using 647 * structure. The new parameters will be allocated using
648 * gnutls_malloc() and will be stored in the appropriate datum. 648 * gnutls_malloc() and will be stored in the appropriate datum.
649 * 649 *
650 **/ 650 **/
651int 651int
652gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, 652gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
@@ -760,7 +760,7 @@ error:_gnutls_free_datum (m);
760 * This function will export the DSA private key's parameters found in the given 760 * This function will export the DSA private key's parameters found in the given
761 * structure. The new parameters will be allocated using 761 * structure. The new parameters will be allocated using
762 * gnutls_malloc() and will be stored in the appropriate datum. 762 * gnutls_malloc() and will be stored in the appropriate datum.
763 * 763 *
764 **/ 764 **/
765int 765int
766gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, 766gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
@@ -960,7 +960,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
960 goto cleanup; 960 goto cleanup;
961 } 961 }
962 962
963 /* Write PRIME 963 /* Write PRIME
964 */ 964 */
965 if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) 965 if ((result = asn1_write_value (*c2, "modulus", m_data, size[0]))
966 != ASN1_SUCCESS) 966 != ASN1_SUCCESS)
@@ -1120,7 +1120,7 @@ _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
1120 goto cleanup; 1120 goto cleanup;
1121 } 1121 }
1122 1122
1123 /* Write PRIME 1123 /* Write PRIME
1124 */ 1124 */
1125 if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) 1125 if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
1126 { 1126 {
@@ -1183,7 +1183,7 @@ cleanup:asn1_delete_structure (c2);
1183 * @flags: unused for now. Must be 0. 1183 * @flags: unused for now. Must be 0.
1184 * 1184 *
1185 * This function will generate a random private key. Note that 1185 * This function will generate a random private key. Note that
1186 * this function must be called on an empty private key. 1186 * this function must be called on an empty private key.
1187 * 1187 *
1188 * Returns 0 on success or a negative value on error. 1188 * Returns 0 on success or a negative value on error.
1189 * 1189 *
@@ -1409,7 +1409,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
1409 } 1409 }
1410 1410
1411 result = mhd_gtls_sign (key->pk_algorithm, key->params, 1411 result = mhd_gtls_sign (key->pk_algorithm, key->params,
1412 key->params_size, hash, signature); 1412 key->params_size, hash, signature);
1413 if (result < 0) 1413 if (result < 0)
1414 { 1414 {
1415 gnutls_assert (); 1415 gnutls_assert ();
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c
index 646bdf10..e9d784ce 100644
--- a/src/daemon/https/x509/x509_verify.c
+++ b/src/daemon/https/x509/x509_verify.c
@@ -201,7 +201,7 @@ find_issuer (gnutls_x509_crt_t cert,
201{ 201{
202 int i; 202 int i;
203 203
204 /* this is serial search. 204 /* this is serial search.
205 */ 205 */
206 206
207 for (i = 0; i < tcas_size; i++) 207 for (i = 0; i < tcas_size; i++)
@@ -214,11 +214,11 @@ find_issuer (gnutls_x509_crt_t cert,
214 return NULL; 214 return NULL;
215} 215}
216 216
217/* 217/*
218 * Verifies the given certificate again a certificate list of 218 * Verifies the given certificate again a certificate list of
219 * trusted CAs. 219 * trusted CAs.
220 * 220 *
221 * Returns only 0 or 1. If 1 it means that the certificate 221 * Returns only 0 or 1. If 1 it means that the certificate
222 * was successfuly verified. 222 * was successfuly verified.
223 * 223 *
224 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. 224 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
@@ -435,7 +435,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
435 clist_size--; 435 clist_size--;
436 } 436 }
437 437
438 /* Verify the certificate path (chain) 438 /* Verify the certificate path (chain)
439 */ 439 */
440 for (i = clist_size - 1; i > 0; i--) 440 for (i = clist_size - 1; i > 0; i--)
441 { 441 {
@@ -465,7 +465,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
465 */ 465 */
466static int 466static int
467decode_ber_digest_info (const gnutls_datum_t * info, 467decode_ber_digest_info (const gnutls_datum_t * info,
468 enum MHD_GNUTLS_HashAlgorithm * hash, 468 enum MHD_GNUTLS_HashAlgorithm *hash,
469 opaque * digest, int *digest_size) 469 opaque * digest, int *digest_size)
470{ 470{
471 ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; 471 ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
@@ -664,7 +664,7 @@ verify_sig (const gnutls_datum_t * tbs,
664 664
665/* verifies if the certificate is properly signed. 665/* verifies if the certificate is properly signed.
666 * returns 0 on failure and 1 on success. 666 * returns 0 on failure and 1 on success.
667 * 667 *
668 * 'tbs' is the signed data 668 * 'tbs' is the signed data
669 * 'signature' is the signature! 669 * 'signature' is the signature!
670 */ 670 */
@@ -707,7 +707,7 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
707 707
708/* verifies if the certificate is properly signed. 708/* verifies if the certificate is properly signed.
709 * returns 0 on failure and 1 on success. 709 * returns 0 on failure and 1 on success.
710 * 710 *
711 * 'tbs' is the signed data 711 * 'tbs' is the signed data
712 * 'signature' is the signature! 712 * 'signature' is the signature!
713 */ 713 */
@@ -743,12 +743,12 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
743 * Note that expiration and activation dates are not checked 743 * Note that expiration and activation dates are not checked
744 * by this function, you should check them using the appropriate functions. 744 * by this function, you should check them using the appropriate functions.
745 * 745 *
746 * If no flags are specified (0), this function will use the 746 * If no flags are specified (0), this function will use the
747 * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate 747 * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate
748 * authority is allowed to sign a certificate. 748 * authority is allowed to sign a certificate.
749 * 749 *
750 * You must also check the peer's name in order to check if the verified 750 * You must also check the peer's name in order to check if the verified
751 * certificate belongs to the actual peer. 751 * certificate belongs to the actual peer.
752 * 752 *
753 * The certificate verification output will be put in @verify and will be 753 * The certificate verification output will be put in @verify and will be
754 * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. 754 * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.
@@ -774,7 +774,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
774 if (cert_list == NULL || cert_list_length == 0) 774 if (cert_list == NULL || cert_list_length == 0)
775 return GNUTLS_E_NO_CERTIFICATE_FOUND; 775 return GNUTLS_E_NO_CERTIFICATE_FOUND;
776 776
777 /* Verify certificate 777 /* Verify certificate
778 */ 778 */
779 *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, 779 *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length,
780 CA_list, CA_list_length, 780 CA_list, CA_list_length,
@@ -792,7 +792,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
792 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. 792 * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
793 * @verify: will hold the certificate verification output. 793 * @verify: will hold the certificate verification output.
794 * 794 *
795 * This function will try to verify the given certificate and return its status. 795 * This function will try to verify the given certificate and return its status.
796 * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. 796 * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID.
797 * 797 *
798 * Returns 0 on success and a negative value in case of an error. 798 * Returns 0 on success and a negative value in case of an error.
@@ -805,7 +805,7 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
805 unsigned int flags, unsigned int *verify) 805 unsigned int flags, unsigned int *verify)
806{ 806{
807 int ret; 807 int ret;
808 /* Verify certificate 808 /* Verify certificate
809 */ 809 */
810 ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, 810 ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags,
811 verify); 811 verify);
@@ -861,7 +861,7 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
861 unsigned int *verify) 861 unsigned int *verify)
862{ 862{
863 int ret; 863 int ret;
864 /* Verify crl 864 /* Verify crl
865 */ 865 */
866 ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); 866 ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify);
867 if (ret < 0) 867 if (ret < 0)
@@ -912,7 +912,7 @@ find_crl_issuer (gnutls_x509_crl_t crl,
912{ 912{
913 int i; 913 int i;
914 914
915 /* this is serial search. 915 /* this is serial search.
916 */ 916 */
917 917
918 for (i = 0; i < tcas_size; i++) 918 for (i = 0; i < tcas_size; i++)
@@ -925,14 +925,14 @@ find_crl_issuer (gnutls_x509_crl_t crl,
925 return NULL; 925 return NULL;
926} 926}
927 927
928/* 928/*
929 * Returns only 0 or 1. If 1 it means that the CRL 929 * Returns only 0 or 1. If 1 it means that the CRL
930 * was successfuly verified. 930 * was successfuly verified.
931 * 931 *
932 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. 932 * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
933 * 933 *
934 * Output will hold information about the verification 934 * Output will hold information about the verification
935 * procedure. 935 * procedure.
936 */ 936 */
937static int 937static int
938_gnutls_verify_crl2 (gnutls_x509_crl_t crl, 938_gnutls_verify_crl2 (gnutls_x509_crl_t crl,
diff --git a/src/daemon/https/x509/x509_write.c b/src/daemon/https/x509/x509_write.c
index 944b863c..342e117d 100644
--- a/src/daemon/https/x509/x509_write.c
+++ b/src/daemon/https/x509/x509_write.c
@@ -118,7 +118,7 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
118} 118}
119 119
120/** 120/**
121 * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name 121 * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name
122 * @crt: a gnutls_x509_crt_t structure with the new proxy cert 122 * @crt: a gnutls_x509_crt_t structure with the new proxy cert
123 * @eecrt: the end entity certificate that will be issuing the proxy 123 * @eecrt: the end entity certificate that will be issuing the proxy
124 * @raw_flag: must be 0, or 1 if the CN is DER encoded 124 * @raw_flag: must be 0, or 1 if the CN is DER encoded
@@ -407,7 +407,7 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
407 * @crt: should contain a gnutls_x509_crt_t structure 407 * @crt: should contain a gnutls_x509_crt_t structure
408 * @usage: an ORed sequence of the GNUTLS_KEY_* elements. 408 * @usage: an ORed sequence of the GNUTLS_KEY_* elements.
409 * 409 *
410 * This function will set the keyUsage certificate extension. 410 * This function will set the keyUsage certificate extension.
411 * 411 *
412 * Returns 0 on success. 412 * Returns 0 on success.
413 * 413 *
@@ -454,7 +454,7 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
454 * @type: is one of the gnutls_x509_subject_alt_name_t enumerations 454 * @type: is one of the gnutls_x509_subject_alt_name_t enumerations
455 * @data_string: The data to be set 455 * @data_string: The data to be set
456 * 456 *
457 * This function will set the subject alternative name certificate extension. 457 * This function will set the subject alternative name certificate extension.
458 * 458 *
459 * Returns 0 on success. 459 * Returns 0 on success.
460 * 460 *
@@ -520,7 +520,7 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
520 * and negative values indicate that the pathLenConstraints field should 520 * and negative values indicate that the pathLenConstraints field should
521 * not be present. 521 * not be present.
522 * @policyLanguage: OID describing the language of @policy. 522 * @policyLanguage: OID describing the language of @policy.
523 * @policy: opaque byte array with policy language, can be %NULL 523 * @policy: opaque byte array with policy language, can be %NULL
524 * @sizeof_policy: size of @policy. 524 * @sizeof_policy: size of @policy.
525 * 525 *
526 * This function will set the proxyCertInfo extension. 526 * This function will set the proxyCertInfo extension.
@@ -688,10 +688,10 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
688 * @serial: The serial number 688 * @serial: The serial number
689 * @serial_size: Holds the size of the serial field. 689 * @serial_size: Holds the size of the serial field.
690 * 690 *
691 * This function will set the X.509 certificate's serial number. 691 * This function will set the X.509 certificate's serial number.
692 * Serial is not always a 32 or 64bit number. Some CAs use 692 * Serial is not always a 32 or 64bit number. Some CAs use
693 * large serial numbers, thus it may be wise to handle it as something 693 * large serial numbers, thus it may be wise to handle it as something
694 * opaque. 694 * opaque.
695 * 695 *
696 * Returns 0 on success, or a negative value in case of an error. 696 * Returns 0 on success, or a negative value in case of an error.
697 * 697 *
@@ -748,7 +748,7 @@ disable_optional_stuff (gnutls_x509_crt_t cert)
748 * @data_string: The data to be set 748 * @data_string: The data to be set
749 * @reason_flags: revocation reasons 749 * @reason_flags: revocation reasons
750 * 750 *
751 * This function will set the CRL distribution points certificate extension. 751 * This function will set the CRL distribution points certificate extension.
752 * 752 *
753 * Returns 0 on success. 753 * Returns 0 on success.
754 * 754 *
@@ -814,7 +814,7 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
814 * @dst: should contain a gnutls_x509_crt_t structure 814 * @dst: should contain a gnutls_x509_crt_t structure
815 * @src: the certificate where the dist points will be copied from 815 * @src: the certificate where the dist points will be copied from
816 * 816 *
817 * This function will copy the CRL distribution points certificate 817 * This function will copy the CRL distribution points certificate
818 * extension, from the source to the destination certificate. 818 * extension, from the source to the destination certificate.
819 * This may be useful to copy from a CA certificate to issued ones. 819 * This may be useful to copy from a CA certificate to issued ones.
820 * 820 *
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 10:31:51 +0000