diff options
Diffstat (limited to 'src/daemon/https/x509')
25 files changed, 917 insertions, 1004 deletions
diff --git a/src/daemon/https/x509/common.c b/src/daemon/https/x509/common.c index e8c21fe9..53ae4be8 100644 --- a/src/daemon/https/x509/common.c +++ b/src/daemon/https/x509/common.c | |||
@@ -440,7 +440,7 @@ _gnutls_x509_data2hex (const opaque * data, | |||
440 | return 0; | 440 | return 0; |
441 | } | 441 | } |
442 | 442 | ||
443 | /* TIME functions | 443 | /* TIME functions |
444 | * Convertions between generalized or UTC time to time_t | 444 | * Convertions between generalized or UTC time to time_t |
445 | * | 445 | * |
446 | */ | 446 | */ |
@@ -463,7 +463,7 @@ typedef struct fake_tm | |||
463 | * who placed it under public domain: | 463 | * who placed it under public domain: |
464 | */ | 464 | */ |
465 | 465 | ||
466 | /* The number of days in each month. | 466 | /* The number of days in each month. |
467 | */ | 467 | */ |
468 | static const int MONTHDAYS[] = { 31, | 468 | static const int MONTHDAYS[] = { 31, |
469 | 28, | 469 | 28, |
@@ -498,12 +498,12 @@ mktime_utc (const struct fake_tm *tm) | |||
498 | /* We do allow some ill-formed dates, but we don't do anything special | 498 | /* We do allow some ill-formed dates, but we don't do anything special |
499 | * with them and our callers really shouldn't pass them to us. Do | 499 | * with them and our callers really shouldn't pass them to us. Do |
500 | * explicitly disallow the ones that would cause invalid array accesses | 500 | * explicitly disallow the ones that would cause invalid array accesses |
501 | * or other algorithm problems. | 501 | * or other algorithm problems. |
502 | */ | 502 | */ |
503 | if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) | 503 | if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) |
504 | return (time_t) - 1; | 504 | return (time_t) - 1; |
505 | 505 | ||
506 | /* Convert to a time_t. | 506 | /* Convert to a time_t. |
507 | */ | 507 | */ |
508 | for (i = 1970; i < tm->tm_year; i++) | 508 | for (i = 1970; i < tm->tm_year; i++) |
509 | result += 365 + ISLEAP (i); | 509 | result += 365 + ISLEAP (i); |
@@ -1319,7 +1319,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, | |||
1319 | return algo; | 1319 | return algo; |
1320 | } | 1320 | } |
1321 | 1321 | ||
1322 | /* Now read the parameters' bits | 1322 | /* Now read the parameters' bits |
1323 | */ | 1323 | */ |
1324 | mhd_gtls_str_cpy (name, sizeof (name), src_name); | 1324 | mhd_gtls_str_cpy (name, sizeof (name), src_name); |
1325 | mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); | 1325 | mhd_gtls_str_cat (name, sizeof (name), ".subjectPublicKey"); |
@@ -1442,7 +1442,7 @@ _gnutls_x509_get_signature (ASN1_TYPE src, | |||
1442 | signature->data = NULL; | 1442 | signature->data = NULL; |
1443 | signature->size = 0; | 1443 | signature->size = 0; |
1444 | 1444 | ||
1445 | /* Read the signature | 1445 | /* Read the signature |
1446 | */ | 1446 | */ |
1447 | bits = 0; | 1447 | bits = 0; |
1448 | result = asn1_read_value (src, src_name, NULL, &bits); | 1448 | result = asn1_read_value (src, src_name, NULL, &bits); |
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h index 01b1bf30..0e91c96d 100644 --- a/src/daemon/https/x509/common.h +++ b/src/daemon/https/x509/common.h | |||
@@ -63,13 +63,13 @@ time_t _gnutls_x509_generalTime2gtime (const char *ttime); | |||
63 | int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); | 63 | int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); |
64 | 64 | ||
65 | int _gnutls_x509_decode_octet_string (const char *string_type, | 65 | int _gnutls_x509_decode_octet_string (const char *string_type, |
66 | const opaque * der, size_t der_size, | 66 | const opaque * der, size_t der_size, |
67 | opaque * output, size_t * output_size); | 67 | opaque * output, size_t * output_size); |
68 | int _gnutls_x509_oid_data2string (const char *OID, void *value, | 68 | int _gnutls_x509_oid_data2string (const char *OID, void *value, |
69 | int value_size, char *res, | 69 | int value_size, char *res, |
70 | size_t * res_size); | 70 | size_t * res_size); |
71 | int _gnutls_x509_data2hex (const opaque * data, size_t data_size, | 71 | int _gnutls_x509_data2hex (const opaque * data, size_t data_size, |
72 | opaque * out, size_t * sizeof_out); | 72 | opaque * out, size_t * sizeof_out); |
73 | 73 | ||
74 | const char *_gnutls_x509_oid2ldap_string (const char *OID); | 74 | const char *_gnutls_x509_oid2ldap_string (const char *OID); |
75 | 75 | ||
@@ -81,46 +81,47 @@ time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when); | |||
81 | gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); | 81 | gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); |
82 | 82 | ||
83 | int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, | 83 | int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, |
84 | ASN1_TYPE dest, const char *dest_name, | 84 | ASN1_TYPE dest, const char *dest_name, |
85 | int str); | 85 | int str); |
86 | int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, | 86 | int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, |
87 | gnutls_datum_t * res, int str); | 87 | gnutls_datum_t * res, int str); |
88 | 88 | ||
89 | int _gnutls_x509_export_int (ASN1_TYPE asn1_data, | 89 | int _gnutls_x509_export_int (ASN1_TYPE asn1_data, |
90 | gnutls_x509_crt_fmt_t format, char *pem_header, | 90 | gnutls_x509_crt_fmt_t format, char *pem_header, |
91 | unsigned char *output_data, | 91 | unsigned char *output_data, |
92 | size_t * output_data_size); | 92 | size_t * output_data_size); |
93 | 93 | ||
94 | int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, | 94 | int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, |
95 | gnutls_datum_t * ret, int str); | 95 | gnutls_datum_t * ret, int str); |
96 | int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, | 96 | int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, |
97 | const gnutls_datum_t * data, int str); | 97 | const gnutls_datum_t * data, int str); |
98 | 98 | ||
99 | int _gnutls_x509_encode_and_write_attribute (const char *given_oid, | 99 | int _gnutls_x509_encode_and_write_attribute (const char *given_oid, |
100 | ASN1_TYPE asn1_struct, | 100 | ASN1_TYPE asn1_struct, |
101 | const char *where, | 101 | const char *where, |
102 | const void *data, | 102 | const void *data, |
103 | int sizeof_data, int multi); | 103 | int sizeof_data, int multi); |
104 | int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, | 104 | int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, |
105 | const char *where, char *oid, | 105 | const char *where, char *oid, |
106 | int oid_size, | 106 | int oid_size, |
107 | gnutls_datum_t * value, int multi, | 107 | gnutls_datum_t * value, int multi, |
108 | int octet); | 108 | int octet); |
109 | 109 | ||
110 | int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, | 110 | int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, |
111 | unsigned int *bits); | 111 | unsigned int *bits); |
112 | 112 | ||
113 | int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, | 113 | int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, |
114 | const char *dst_name, | 114 | const char *dst_name, |
115 | enum MHD_GNUTLS_PublicKeyAlgorithm | 115 | enum |
116 | pk_algorithm, mpi_t * params, | 116 | MHD_GNUTLS_PublicKeyAlgorithm |
117 | int params_size); | 117 | pk_algorithm, mpi_t * params, |
118 | int params_size); | ||
118 | int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, | 119 | int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, |
119 | ASN1_TYPE src, const char *src_name); | 120 | ASN1_TYPE src, const char *src_name); |
120 | 121 | ||
121 | int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, | 122 | int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, |
122 | gnutls_datum_t * signed_data); | 123 | gnutls_datum_t * signed_data); |
123 | int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, | 124 | int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, |
124 | gnutls_datum_t * signature); | 125 | gnutls_datum_t * signature); |
125 | 126 | ||
126 | #endif | 127 | #endif |
diff --git a/src/daemon/https/x509/crl.c b/src/daemon/https/x509/crl.c index 98eb4806..9ad49c67 100644 --- a/src/daemon/https/x509/crl.c +++ b/src/daemon/https/x509/crl.c | |||
@@ -73,7 +73,7 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl) | |||
73 | * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure | 73 | * gnutls_x509_crl_deinit - This function deinitializes memory used by a gnutls_x509_crl_t structure |
74 | * @crl: The structure to be initialized | 74 | * @crl: The structure to be initialized |
75 | * | 75 | * |
76 | * This function will deinitialize a CRL structure. | 76 | * This function will deinitialize a CRL structure. |
77 | * | 77 | * |
78 | **/ | 78 | **/ |
79 | void | 79 | void |
@@ -168,7 +168,7 @@ cleanup: | |||
168 | * @buf: a pointer to a structure to hold the peer's name (may be null) | 168 | * @buf: a pointer to a structure to hold the peer's name (may be null) |
169 | * @sizeof_buf: initially holds the size of @buf | 169 | * @sizeof_buf: initially holds the size of @buf |
170 | * | 170 | * |
171 | * This function will copy the name of the CRL issuer in the provided buffer. The name | 171 | * This function will copy the name of the CRL issuer in the provided buffer. The name |
172 | * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output | 172 | * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output |
173 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. | 173 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. |
174 | * | 174 | * |
@@ -208,7 +208,7 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, | |||
208 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. | 208 | * string will be ASCII or UTF-8 encoded, depending on the certificate data. |
209 | * | 209 | * |
210 | * Some helper macros with popular OIDs can be found in gnutls/x509.h | 210 | * Some helper macros with popular OIDs can be found in gnutls/x509.h |
211 | * If raw flag is zero, this function will only return known OIDs as text. Other OIDs | 211 | * If raw flag is zero, this function will only return known OIDs as text. Other OIDs |
212 | * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. | 212 | * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. |
213 | * You can check about known OIDs using gnutls_x509_dn_oid_known(). | 213 | * You can check about known OIDs using gnutls_x509_dn_oid_known(). |
214 | * | 214 | * |
@@ -244,7 +244,7 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, | |||
244 | * @sizeof_oid: initially holds the size of 'oid' | 244 | * @sizeof_oid: initially holds the size of 'oid' |
245 | * | 245 | * |
246 | * This function will extract the requested OID of the name of the CRL issuer, specified | 246 | * This function will extract the requested OID of the name of the CRL issuer, specified |
247 | * by the given index. | 247 | * by the given index. |
248 | * | 248 | * |
249 | * If oid is null then only the size will be filled. | 249 | * If oid is null then only the size will be filled. |
250 | * | 250 | * |
@@ -273,8 +273,8 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, | |||
273 | * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm | 273 | * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm |
274 | * @crl: should contain a gnutls_x509_crl_t structure | 274 | * @crl: should contain a gnutls_x509_crl_t structure |
275 | * | 275 | * |
276 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that | 276 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that |
277 | * is the signature algorithm. | 277 | * is the signature algorithm. |
278 | * | 278 | * |
279 | * Returns a negative value on error. | 279 | * Returns a negative value on error. |
280 | * | 280 | * |
@@ -651,7 +651,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl, | |||
651 | * @dest: The structure where to copy | 651 | * @dest: The structure where to copy |
652 | * @src: The structure to be copied | 652 | * @src: The structure to be copied |
653 | * | 653 | * |
654 | * This function will copy an X.509 certificate structure. | 654 | * This function will copy an X.509 certificate structure. |
655 | * | 655 | * |
656 | * Returns 0 on success. | 656 | * Returns 0 on success. |
657 | * | 657 | * |
diff --git a/src/daemon/https/x509/crl_write.c b/src/daemon/https/x509/crl_write.c index 7b651695..5e323be2 100644 --- a/src/daemon/https/x509/crl_write.c +++ b/src/daemon/https/x509/crl_write.c | |||
@@ -197,7 +197,7 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) | |||
197 | * @serial_size: Holds the size of the serial field. | 197 | * @serial_size: Holds the size of the serial field. |
198 | * @revocation_time: The time this certificate was revoked | 198 | * @revocation_time: The time this certificate was revoked |
199 | * | 199 | * |
200 | * This function will set a revoked certificate's serial number to the CRL. | 200 | * This function will set a revoked certificate's serial number to the CRL. |
201 | * | 201 | * |
202 | * Returns 0 on success, or a negative value in case of an error. | 202 | * Returns 0 on success, or a negative value in case of an error. |
203 | * | 203 | * |
@@ -262,7 +262,7 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, | |||
262 | * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate | 262 | * @crt: should contain a gnutls_x509_crt_t structure with the revoked certificate |
263 | * @revocation_time: The time this certificate was revoked | 263 | * @revocation_time: The time this certificate was revoked |
264 | * | 264 | * |
265 | * This function will set a revoked certificate's serial number to the CRL. | 265 | * This function will set a revoked certificate's serial number to the CRL. |
266 | * | 266 | * |
267 | * Returns 0 on success, or a negative value in case of an error. | 267 | * Returns 0 on success, or a negative value in case of an error. |
268 | * | 268 | * |
diff --git a/src/daemon/https/x509/crq.c b/src/daemon/https/x509/crq.c index 3868a455..68b0477a 100644 --- a/src/daemon/https/x509/crq.c +++ b/src/daemon/https/x509/crq.c | |||
@@ -46,7 +46,7 @@ | |||
46 | * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure | 46 | * gnutls_x509_crq_init - This function initializes a gnutls_x509_crq_t structure |
47 | * @crq: The structure to be initialized | 47 | * @crq: The structure to be initialized |
48 | * | 48 | * |
49 | * This function will initialize a PKCS10 certificate request structure. | 49 | * This function will initialize a PKCS10 certificate request structure. |
50 | * | 50 | * |
51 | * Returns 0 on success. | 51 | * Returns 0 on success. |
52 | * | 52 | * |
@@ -76,7 +76,7 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq) | |||
76 | * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure | 76 | * gnutls_x509_crq_deinit - This function deinitializes memory used by a gnutls_x509_crq_t structure |
77 | * @crq: The structure to be initialized | 77 | * @crq: The structure to be initialized |
78 | * | 78 | * |
79 | * This function will deinitialize a CRL structure. | 79 | * This function will deinitialize a CRL structure. |
80 | * | 80 | * |
81 | **/ | 81 | **/ |
82 | void | 82 | void |
@@ -336,7 +336,7 @@ parse_attribute (ASN1_TYPE asn1_struct, | |||
336 | 336 | ||
337 | /* Move to the attibute type and values | 337 | /* Move to the attibute type and values |
338 | */ | 338 | */ |
339 | /* Read the OID | 339 | /* Read the OID |
340 | */ | 340 | */ |
341 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); | 341 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); |
342 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 342 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -356,7 +356,7 @@ parse_attribute (ASN1_TYPE asn1_struct, | |||
356 | if (strcmp (oid, given_oid) == 0) | 356 | if (strcmp (oid, given_oid) == 0) |
357 | { /* Found the OID */ | 357 | { /* Found the OID */ |
358 | 358 | ||
359 | /* Read the Value | 359 | /* Read the Value |
360 | */ | 360 | */ |
361 | snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", | 361 | snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", |
362 | tmpbuffer1, indx + 1); | 362 | tmpbuffer1, indx + 1); |
@@ -421,7 +421,7 @@ cleanup: | |||
421 | } | 421 | } |
422 | 422 | ||
423 | /** | 423 | /** |
424 | * gnutls_x509_crq_get_challenge_password - This function will get the challenge password | 424 | * gnutls_x509_crq_get_challenge_password - This function will get the challenge password |
425 | * @crq: should contain a gnutls_x509_crq_t structure | 425 | * @crq: should contain a gnutls_x509_crq_t structure |
426 | * @pass: will hold a null terminated password | 426 | * @pass: will hold a null terminated password |
427 | * @sizeof_pass: Initially holds the size of @pass. | 427 | * @sizeof_pass: Initially holds the size of @pass. |
@@ -499,7 +499,7 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, | |||
499 | } | 499 | } |
500 | 500 | ||
501 | /** | 501 | /** |
502 | * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request | 502 | * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request |
503 | * @crq: should contain a gnutls_x509_crq_t structure | 503 | * @crq: should contain a gnutls_x509_crq_t structure |
504 | * @oid: holds an Object Identified in null terminated string | 504 | * @oid: holds an Object Identified in null terminated string |
505 | * @indx: In case multiple same OIDs exist in the attribute list, this specifies | 505 | * @indx: In case multiple same OIDs exist in the attribute list, this specifies |
@@ -674,7 +674,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) | |||
674 | } | 674 | } |
675 | 675 | ||
676 | /** | 676 | /** |
677 | * gnutls_x509_crq_set_challenge_password - This function will set a challenge password | 677 | * gnutls_x509_crq_set_challenge_password - This function will set a challenge password |
678 | * @crq: should contain a gnutls_x509_crq_t structure | 678 | * @crq: should contain a gnutls_x509_crq_t structure |
679 | * @pass: holds a null terminated password | 679 | * @pass: holds a null terminated password |
680 | * | 680 | * |
@@ -849,11 +849,11 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq, | |||
849 | * @crq: should contain a gnutls_x509_crq_t structure | 849 | * @crq: should contain a gnutls_x509_crq_t structure |
850 | * @bits: if bits is non null it will hold the size of the parameters' in bits | 850 | * @bits: if bits is non null it will hold the size of the parameters' in bits |
851 | * | 851 | * |
852 | * This function will return the public key algorithm of a PKCS \#10 | 852 | * This function will return the public key algorithm of a PKCS \#10 |
853 | * certificate request. | 853 | * certificate request. |
854 | * | 854 | * |
855 | * If bits is non null, it should have enough size to hold the parameters | 855 | * If bits is non null, it should have enough size to hold the parameters |
856 | * size in bits. For RSA the bits returned is the modulus. | 856 | * size in bits. For RSA the bits returned is the modulus. |
857 | * For DSA the bits returned are of the public | 857 | * For DSA the bits returned are of the public |
858 | * exponent. | 858 | * exponent. |
859 | * | 859 | * |
diff --git a/src/daemon/https/x509/dn.c b/src/daemon/https/x509/dn.c index 784ac4a7..27c53084 100644 --- a/src/daemon/https/x509/dn.c +++ b/src/daemon/https/x509/dn.c | |||
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | /* Converts the given OID to an ldap acceptable string or | 39 | /* Converts the given OID to an ldap acceptable string or |
40 | * a dotted OID. | 40 | * a dotted OID. |
41 | */ | 41 | */ |
42 | static const char * | 42 | static const char * |
43 | oid2ldap_string (const char *oid) | 43 | oid2ldap_string (const char *oid) |
@@ -173,7 +173,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | |||
173 | goto cleanup; | 173 | goto cleanup; |
174 | } | 174 | } |
175 | 175 | ||
176 | /* Read the OID | 176 | /* Read the OID |
177 | */ | 177 | */ |
178 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 178 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
179 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 179 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -190,7 +190,7 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | |||
190 | goto cleanup; | 190 | goto cleanup; |
191 | } | 191 | } |
192 | 192 | ||
193 | /* Read the Value | 193 | /* Read the Value |
194 | */ | 194 | */ |
195 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 195 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
196 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); | 196 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); |
@@ -280,7 +280,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | |||
280 | gnutls_assert (); | 280 | gnutls_assert (); |
281 | _gnutls_x509_log | 281 | _gnutls_x509_log |
282 | ("Found OID: '%s' with value '%s'\n", | 282 | ("Found OID: '%s' with value '%s'\n", |
283 | oid, mhd_gtls_bin2hex (value2, len, escaped, sizeof_escaped)); | 283 | oid, mhd_gtls_bin2hex (value2, len, escaped, |
284 | sizeof_escaped)); | ||
284 | goto cleanup; | 285 | goto cleanup; |
285 | } | 286 | } |
286 | STR_APPEND (str_escape (string, escaped, sizeof_escaped)); | 287 | STR_APPEND (str_escape (string, escaped, sizeof_escaped)); |
@@ -416,7 +417,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, | |||
416 | goto cleanup; | 417 | goto cleanup; |
417 | } | 418 | } |
418 | 419 | ||
419 | /* Read the OID | 420 | /* Read the OID |
420 | */ | 421 | */ |
421 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 422 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
422 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 423 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -436,7 +437,7 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, | |||
436 | if (strcmp (oid, given_oid) == 0 && indx == i++) | 437 | if (strcmp (oid, given_oid) == 0 && indx == i++) |
437 | { /* Found the OID */ | 438 | { /* Found the OID */ |
438 | 439 | ||
439 | /* Read the Value | 440 | /* Read the Value |
440 | */ | 441 | */ |
441 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 442 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
442 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); | 443 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); |
@@ -585,7 +586,7 @@ _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, | |||
585 | goto cleanup; | 586 | goto cleanup; |
586 | } | 587 | } |
587 | 588 | ||
588 | /* Read the OID | 589 | /* Read the OID |
589 | */ | 590 | */ |
590 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); | 591 | mhd_gtls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); |
591 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); | 592 | mhd_gtls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); |
@@ -722,7 +723,7 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, | |||
722 | 723 | ||
723 | if (multi != 0) | 724 | if (multi != 0) |
724 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ | 725 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ |
725 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ | 726 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ |
726 | 727 | ||
727 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); | 728 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); |
728 | if (result != ASN1_SUCCESS) | 729 | if (result != ASN1_SUCCESS) |
@@ -777,7 +778,7 @@ _gnutls_x509_write_attribute (const char *given_oid, | |||
777 | 778 | ||
778 | if (multi != 0) | 779 | if (multi != 0) |
779 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ | 780 | { /* if not writing an AttributeTypeAndValue, but an Attribute */ |
780 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ | 781 | mhd_gtls_str_cat (tmp, sizeof (tmp), "s"); /* values */ |
781 | 782 | ||
782 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); | 783 | result = asn1_write_value (asn1_struct, tmp, "NEW", 1); |
783 | if (result != ASN1_SUCCESS) | 784 | if (result != ASN1_SUCCESS) |
@@ -830,7 +831,7 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, | |||
830 | char tmpbuffer[128]; | 831 | char tmpbuffer[128]; |
831 | int len, result; | 832 | int len, result; |
832 | 833 | ||
833 | /* Read the OID | 834 | /* Read the OID |
834 | */ | 835 | */ |
835 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); | 836 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); |
836 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); | 837 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); |
@@ -845,14 +846,14 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, | |||
845 | return result; | 846 | return result; |
846 | } | 847 | } |
847 | 848 | ||
848 | /* Read the Value | 849 | /* Read the Value |
849 | */ | 850 | */ |
850 | 851 | ||
851 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); | 852 | mhd_gtls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); |
852 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); | 853 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); |
853 | 854 | ||
854 | if (multi) | 855 | if (multi) |
855 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ | 856 | mhd_gtls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ |
856 | 857 | ||
857 | result = | 858 | result = |
858 | _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); | 859 | _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); |
@@ -899,7 +900,7 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, | |||
899 | mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); | 900 | mhd_gtls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); |
900 | mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); | 901 | mhd_gtls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); |
901 | 902 | ||
902 | /* create a new element | 903 | /* create a new element |
903 | */ | 904 | */ |
904 | result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); | 905 | result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); |
905 | if (result != ASN1_SUCCESS) | 906 | if (result != ASN1_SUCCESS) |
diff --git a/src/daemon/https/x509/dn.h b/src/daemon/https/x509/dn.h index 93a9262c..97f85e16 100644 --- a/src/daemon/https/x509/dn.h +++ b/src/daemon/https/x509/dn.h | |||
@@ -38,21 +38,21 @@ | |||
38 | #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" | 38 | #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" |
39 | 39 | ||
40 | int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, | 40 | int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, |
41 | const char *asn1_rdn_name, char *buf, | 41 | const char *asn1_rdn_name, char *buf, |
42 | size_t * sizeof_buf); | 42 | size_t * sizeof_buf); |
43 | 43 | ||
44 | int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, | 44 | int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, |
45 | const char *asn1_rdn_name, const char *oid, | 45 | const char *asn1_rdn_name, const char *oid, |
46 | int indx, unsigned int raw_flag, void *buf, | 46 | int indx, unsigned int raw_flag, void *buf, |
47 | size_t * sizeof_buf); | 47 | size_t * sizeof_buf); |
48 | 48 | ||
49 | int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, | 49 | int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, |
50 | const char *asn1_rdn_name, const char *oid, | 50 | const char *asn1_rdn_name, const char *oid, |
51 | int raw_flag, const char *name, int sizeof_name); | 51 | int raw_flag, const char *name, int sizeof_name); |
52 | 52 | ||
53 | int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, | 53 | int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, |
54 | const char *asn1_rdn_name, | 54 | const char *asn1_rdn_name, |
55 | int indx, void *_oid, size_t * sizeof_oid); | 55 | int indx, void *_oid, size_t * sizeof_oid); |
56 | 56 | ||
57 | 57 | ||
58 | #endif | 58 | #endif |
diff --git a/src/daemon/https/x509/dsa.c b/src/daemon/https/x509/dsa.c index af403911..d65bcede 100644 --- a/src/daemon/https/x509/dsa.c +++ b/src/daemon/https/x509/dsa.c | |||
@@ -59,7 +59,7 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) | |||
59 | return GNUTLS_E_INTERNAL_ERROR; | 59 | return GNUTLS_E_INTERNAL_ERROR; |
60 | } | 60 | } |
61 | 61 | ||
62 | /* generate the DSA key | 62 | /* generate the DSA key |
63 | */ | 63 | */ |
64 | ret = gcry_pk_genkey (&key, parms); | 64 | ret = gcry_pk_genkey (&key, parms); |
65 | gcry_sexp_release (parms); | 65 | gcry_sexp_release (parms); |
diff --git a/src/daemon/https/x509/extensions.c b/src/daemon/https/x509/extensions.c index ea3891b0..5cf170af 100644 --- a/src/daemon/https/x509/extensions.c +++ b/src/daemon/https/x509/extensions.c | |||
@@ -99,11 +99,11 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, | |||
99 | return mhd_gtls_asn2err (result); | 99 | return mhd_gtls_asn2err (result); |
100 | } | 100 | } |
101 | 101 | ||
102 | /* Handle Extension | 102 | /* Handle Extension |
103 | */ | 103 | */ |
104 | if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) | 104 | if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) |
105 | { | 105 | { |
106 | /* extension was found | 106 | /* extension was found |
107 | */ | 107 | */ |
108 | 108 | ||
109 | /* read the critical status. | 109 | /* read the critical status. |
@@ -170,7 +170,7 @@ _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, | |||
170 | } | 170 | } |
171 | 171 | ||
172 | /* This function will attempt to return the requested extension OID found in | 172 | /* This function will attempt to return the requested extension OID found in |
173 | * the given X509v3 certificate. | 173 | * the given X509v3 certificate. |
174 | * | 174 | * |
175 | * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will | 175 | * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will |
176 | * be returned. | 176 | * be returned. |
@@ -223,7 +223,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, | |||
223 | return mhd_gtls_asn2err (result); | 223 | return mhd_gtls_asn2err (result); |
224 | } | 224 | } |
225 | 225 | ||
226 | /* Handle Extension | 226 | /* Handle Extension |
227 | */ | 227 | */ |
228 | if (indx == indx_counter++) | 228 | if (indx == indx_counter++) |
229 | { | 229 | { |
@@ -260,7 +260,7 @@ _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, | |||
260 | } | 260 | } |
261 | 261 | ||
262 | /* This function will attempt to set the requested extension in | 262 | /* This function will attempt to set the requested extension in |
263 | * the given X509v3 certificate. | 263 | * the given X509v3 certificate. |
264 | * | 264 | * |
265 | * Critical will be either 0 or 1. | 265 | * Critical will be either 0 or 1. |
266 | */ | 266 | */ |
@@ -359,7 +359,7 @@ overwrite_extension (ASN1_TYPE asn, unsigned int indx, | |||
359 | } | 359 | } |
360 | 360 | ||
361 | /* This function will attempt to overwrite the requested extension with | 361 | /* This function will attempt to overwrite the requested extension with |
362 | * the given one. | 362 | * the given one. |
363 | * | 363 | * |
364 | * Critical will be either 0 or 1. | 364 | * Critical will be either 0 or 1. |
365 | */ | 365 | */ |
@@ -414,11 +414,11 @@ _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, | |||
414 | return mhd_gtls_asn2err (result); | 414 | return mhd_gtls_asn2err (result); |
415 | } | 415 | } |
416 | 416 | ||
417 | /* Handle Extension | 417 | /* Handle Extension |
418 | */ | 418 | */ |
419 | if (strcmp (extnID, ext_id) == 0) | 419 | if (strcmp (extnID, ext_id) == 0) |
420 | { | 420 | { |
421 | /* extension was found | 421 | /* extension was found |
422 | */ | 422 | */ |
423 | return overwrite_extension (cert->cert, k, ext_data, critical); | 423 | return overwrite_extension (cert->cert, k, ext_data, critical); |
424 | } | 424 | } |
@@ -839,7 +839,7 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, | |||
839 | 839 | ||
840 | 840 | ||
841 | /* Creates and encodes the CRL Distribution points. data_string should be a name | 841 | /* Creates and encodes the CRL Distribution points. data_string should be a name |
842 | * and type holds the type of the name. | 842 | * and type holds the type of the name. |
843 | * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. | 843 | * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. |
844 | * | 844 | * |
845 | */ | 845 | */ |
diff --git a/src/daemon/https/x509/extensions.h b/src/daemon/https/x509/extensions.h index fb758c90..143775a6 100644 --- a/src/daemon/https/x509/extensions.h +++ b/src/daemon/https/x509/extensions.h | |||
@@ -23,46 +23,46 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, | 25 | int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, |
26 | const char *extension_id, int indx, | 26 | const char *extension_id, int indx, |
27 | gnutls_datum_t * ret, | 27 | gnutls_datum_t * ret, |
28 | unsigned int *critical); | 28 | unsigned int *critical); |
29 | 29 | ||
30 | int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, | 30 | int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, |
31 | int indx, void *ret, | 31 | int indx, void *ret, |
32 | size_t * ret_size); | 32 | size_t * ret_size); |
33 | int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, | 33 | int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, |
34 | opaque * extnValue, int extnValueLen); | 34 | opaque * extnValue, int extnValueLen); |
35 | int _gnutls_x509_ext_extract_basicConstraints (int *CA, | 35 | int _gnutls_x509_ext_extract_basicConstraints (int *CA, |
36 | int *pathLenConstraint, | 36 | int *pathLenConstraint, |
37 | opaque * extnValue, | 37 | opaque * extnValue, |
38 | int extnValueLen); | 38 | int extnValueLen); |
39 | int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, | 39 | int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, |
40 | const char *extension_id, | 40 | const char *extension_id, |
41 | const gnutls_datum_t * ext_data, | 41 | const gnutls_datum_t * ext_data, |
42 | unsigned int critical); | 42 | unsigned int critical); |
43 | int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, | 43 | int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, |
44 | gnutls_datum_t * der_ext); | 44 | gnutls_datum_t * der_ext); |
45 | int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); | 45 | int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); |
46 | int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t | 46 | int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t |
47 | type, const char *data_string, | 47 | type, const char *data_string, |
48 | gnutls_datum_t * der_ext); | 48 | gnutls_datum_t * der_ext); |
49 | int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t | 49 | int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t |
50 | type, const void *data_string, | 50 | type, const void *data_string, |
51 | unsigned int reason_flags, | 51 | unsigned int reason_flags, |
52 | gnutls_datum_t * der_ext); | 52 | gnutls_datum_t * der_ext); |
53 | int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, | 53 | int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, |
54 | gnutls_datum_t * der_data); | 54 | gnutls_datum_t * der_data); |
55 | int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, | 55 | int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, |
56 | gnutls_datum_t * der_data); | 56 | gnutls_datum_t * der_data); |
57 | 57 | ||
58 | int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, | 58 | int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, |
59 | char **policyLanguage, | 59 | char **policyLanguage, |
60 | char **policy, | 60 | char **policy, |
61 | size_t *sizeof_policy, | 61 | size_t * sizeof_policy, |
62 | opaque * extnValue, | 62 | opaque * extnValue, |
63 | int extnValueLen); | 63 | int extnValueLen); |
64 | int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, | 64 | int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, |
65 | const char *policyLanguage, | 65 | const char *policyLanguage, |
66 | const char *policy, | 66 | const char *policy, |
67 | size_t sizeof_policy, | 67 | size_t sizeof_policy, |
68 | gnutls_datum_t * der_ext); | 68 | gnutls_datum_t * der_ext); |
diff --git a/src/daemon/https/x509/mpi.c b/src/daemon/https/x509/mpi.c index 73f091c1..c43b3dce 100644 --- a/src/daemon/https/x509/mpi.c +++ b/src/daemon/https/x509/mpi.c | |||
@@ -335,7 +335,8 @@ cleanup:asn1_delete_structure (&spk); | |||
335 | int | 335 | int |
336 | _gnutls_x509_write_sig_params (ASN1_TYPE dst, | 336 | _gnutls_x509_write_sig_params (ASN1_TYPE dst, |
337 | const char *dst_name, | 337 | const char *dst_name, |
338 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, | 338 | enum MHD_GNUTLS_PublicKeyAlgorithm |
339 | pk_algorithm, | ||
339 | enum MHD_GNUTLS_HashAlgorithm dig, | 340 | enum MHD_GNUTLS_HashAlgorithm dig, |
340 | mpi_t * params, int params_size) | 341 | mpi_t * params, int params_size) |
341 | { | 342 | { |
diff --git a/src/daemon/https/x509/mpi.h b/src/daemon/https/x509/mpi.h index 30f8fd77..69e725bd 100644 --- a/src/daemon/https/x509/mpi.h +++ b/src/daemon/https/x509/mpi.h | |||
@@ -26,32 +26,32 @@ | |||
26 | #include "x509.h" | 26 | #include "x509.h" |
27 | 27 | ||
28 | int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, | 28 | int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, |
29 | mpi_t * params, int *params_size); | 29 | mpi_t * params, int *params_size); |
30 | int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); | 30 | int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); |
31 | int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); | 31 | int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); |
32 | int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); | 32 | int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); |
33 | 33 | ||
34 | int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, | 34 | int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, |
35 | gnutls_datum_t * der); | 35 | gnutls_datum_t * der); |
36 | int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, | 36 | int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, |
37 | gnutls_datum_t * der); | 37 | gnutls_datum_t * der); |
38 | int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, | 38 | int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, |
39 | gnutls_datum_t * der); | 39 | gnutls_datum_t * der); |
40 | 40 | ||
41 | int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, | 41 | int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, |
42 | unsigned int *ret); | 42 | unsigned int *ret); |
43 | 43 | ||
44 | int | 44 | int _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t * out); |
45 | _gnutls_x509_read_der_int (opaque * der, int dersize, mpi_t* out); | ||
46 | 45 | ||
47 | int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, | 46 | int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, |
48 | mpi_t * ret_mpi); | 47 | mpi_t * ret_mpi); |
49 | int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, | 48 | int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, |
50 | int lz); | 49 | int lz); |
51 | int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, | 50 | int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, |
52 | uint32_t num); | 51 | uint32_t num); |
53 | 52 | ||
54 | int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, | 53 | int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, |
55 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm, | 54 | enum MHD_GNUTLS_PublicKeyAlgorithm |
56 | enum MHD_GNUTLS_HashAlgorithm, mpi_t * params, | 55 | pk_algorithm, |
57 | int params_size); | 56 | enum MHD_GNUTLS_HashAlgorithm, |
57 | mpi_t * params, int params_size); | ||
diff --git a/src/daemon/https/x509/pkcs12.h b/src/daemon/https/x509/pkcs12.h index 3c75dff5..38131ece 100644 --- a/src/daemon/https/x509/pkcs12.h +++ b/src/daemon/https/x509/pkcs12.h | |||
@@ -28,7 +28,7 @@ | |||
28 | 28 | ||
29 | #ifdef __cplusplus | 29 | #ifdef __cplusplus |
30 | extern "C" | 30 | extern "C" |
31 | { | 31 | { |
32 | #endif | 32 | #endif |
33 | 33 | ||
34 | #include <x509.h> | 34 | #include <x509.h> |
@@ -37,15 +37,15 @@ extern "C" | |||
37 | 37 | ||
38 | /* PKCS12 structures handling | 38 | /* PKCS12 structures handling |
39 | */ | 39 | */ |
40 | struct gnutls_pkcs12_int; | 40 | struct gnutls_pkcs12_int; |
41 | 41 | ||
42 | struct gnutls_pkcs12_bag_int; | 42 | struct gnutls_pkcs12_bag_int; |
43 | typedef struct gnutls_pkcs12_int | 43 | typedef struct gnutls_pkcs12_int |
44 | { | 44 | { |
45 | ASN1_TYPE pkcs12; | 45 | ASN1_TYPE pkcs12; |
46 | } gnutls_pkcs12_int; | 46 | } gnutls_pkcs12_int; |
47 | 47 | ||
48 | typedef enum gnutls_pkcs12_bag_type_t | 48 | typedef enum gnutls_pkcs12_bag_type_t |
49 | { | 49 | { |
50 | GNUTLS_BAG_EMPTY = 0, | 50 | GNUTLS_BAG_EMPTY = 0, |
51 | 51 | ||
@@ -57,7 +57,7 @@ typedef enum gnutls_pkcs12_bag_type_t | |||
57 | GNUTLS_BAG_UNKNOWN = 20 | 57 | GNUTLS_BAG_UNKNOWN = 20 |
58 | } gnutls_pkcs12_bag_type_t; | 58 | } gnutls_pkcs12_bag_type_t; |
59 | 59 | ||
60 | struct bag_element | 60 | struct bag_element |
61 | { | 61 | { |
62 | gnutls_datum_t data; | 62 | gnutls_datum_t data; |
63 | gnutls_pkcs12_bag_type_t type; | 63 | gnutls_pkcs12_bag_type_t type; |
@@ -65,7 +65,7 @@ struct bag_element | |||
65 | char *friendly_name; | 65 | char *friendly_name; |
66 | }; | 66 | }; |
67 | 67 | ||
68 | typedef struct gnutls_pkcs12_bag_int | 68 | typedef struct gnutls_pkcs12_bag_int |
69 | { | 69 | { |
70 | struct bag_element element[MAX_BAG_ELEMENTS]; | 70 | struct bag_element element[MAX_BAG_ELEMENTS]; |
71 | int bag_elements; | 71 | int bag_elements; |
@@ -75,68 +75,54 @@ typedef struct gnutls_pkcs12_bag_int | |||
75 | #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" | 75 | #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20" |
76 | #define KEY_ID_OID "1.2.840.113549.1.9.21" | 76 | #define KEY_ID_OID "1.2.840.113549.1.9.21" |
77 | 77 | ||
78 | typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; | 78 | typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; |
79 | typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; | 79 | typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; |
80 | 80 | ||
81 | int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); | 81 | int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); |
82 | void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); | 82 | void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); |
83 | int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, | 83 | int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, |
84 | const gnutls_datum_t * data, | 84 | const gnutls_datum_t * data, |
85 | gnutls_x509_crt_fmt_t format, | 85 | gnutls_x509_crt_fmt_t format, unsigned int flags); |
86 | unsigned int flags); | 86 | int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, |
87 | int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, | 87 | gnutls_x509_crt_fmt_t format, |
88 | gnutls_x509_crt_fmt_t format, | 88 | void *output_data, size_t * output_data_size); |
89 | void *output_data, | 89 | |
90 | size_t * output_data_size); | 90 | int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, |
91 | 91 | int indx, gnutls_pkcs12_bag_t bag); | |
92 | int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, | 92 | int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); |
93 | int indx, | 93 | |
94 | gnutls_pkcs12_bag_t bag); | 94 | int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass); |
95 | int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, | 95 | int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass); |
96 | gnutls_pkcs12_bag_t bag); | 96 | |
97 | 97 | int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass); | |
98 | int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, | 98 | int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, |
99 | const char *pass); | 99 | const char *pass, unsigned int flags); |
100 | int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, | 100 | |
101 | const char *pass); | 101 | gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t |
102 | 102 | bag, int indx); | |
103 | int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, | 103 | int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, |
104 | const char *pass); | 104 | int indx, gnutls_datum_t * data); |
105 | int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, | 105 | int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, |
106 | const char *pass, | 106 | gnutls_pkcs12_bag_type_t type, |
107 | unsigned int flags); | 107 | const gnutls_datum_t * data); |
108 | 108 | int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, | |
109 | gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t | 109 | gnutls_x509_crl_t crl); |
110 | bag, | 110 | int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, |
111 | int indx); | 111 | gnutls_x509_crt_t crt); |
112 | int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, | 112 | |
113 | int indx, | 113 | int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); |
114 | gnutls_datum_t * data); | 114 | void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); |
115 | int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, | 115 | int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag); |
116 | gnutls_pkcs12_bag_type_t type, | 116 | |
117 | const gnutls_datum_t * data); | 117 | int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, |
118 | int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, | 118 | int indx, gnutls_datum_t * id); |
119 | gnutls_x509_crl_t crl); | 119 | int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, |
120 | int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, | 120 | int indx, const gnutls_datum_t * id); |
121 | gnutls_x509_crt_t crt); | 121 | |
122 | 122 | int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, | |
123 | int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); | 123 | int indx, char **name); |
124 | void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); | 124 | int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, |
125 | int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag); | 125 | int indx, const char *name); |
126 | |||
127 | int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, | ||
128 | int indx, | ||
129 | gnutls_datum_t * id); | ||
130 | int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, | ||
131 | int indx, | ||
132 | const gnutls_datum_t * id); | ||
133 | |||
134 | int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, | ||
135 | int indx, | ||
136 | char **name); | ||
137 | int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, | ||
138 | int indx, | ||
139 | const char *name); | ||
140 | 126 | ||
141 | #ifdef __cplusplus | 127 | #ifdef __cplusplus |
142 | } | 128 | } |
@@ -152,56 +138,48 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, | |||
152 | #define DATA_OID "1.2.840.113549.1.7.1" | 138 | #define DATA_OID "1.2.840.113549.1.7.1" |
153 | #define ENC_DATA_OID "1.2.840.113549.1.7.6" | 139 | #define ENC_DATA_OID "1.2.840.113549.1.7.6" |
154 | 140 | ||
155 | int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); | 141 | int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); |
156 | void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); | 142 | void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); |
157 | int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, | 143 | int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, |
158 | const gnutls_datum_t * data, | 144 | const gnutls_datum_t * data, |
159 | gnutls_x509_crt_fmt_t format, | 145 | gnutls_x509_crt_fmt_t format, unsigned int flags); |
160 | unsigned int flags); | ||
161 | 146 | ||
162 | int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, | 147 | int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, |
163 | int indx, | 148 | int indx, gnutls_pkcs12_bag_t bag); |
164 | gnutls_pkcs12_bag_t bag); | ||
165 | 149 | ||
166 | int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); | 150 | int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); |
167 | void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); | 151 | void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); |
168 | 152 | ||
169 | int _pkcs12_string_to_key(unsigned int id, | 153 | int _pkcs12_string_to_key (unsigned int id, |
170 | const opaque * salt, | 154 | const opaque * salt, |
171 | unsigned int salt_size, | 155 | unsigned int salt_size, |
172 | unsigned int iter, | 156 | unsigned int iter, |
173 | const char *pw, | 157 | const char *pw, |
174 | unsigned int req_keylen, | 158 | unsigned int req_keylen, opaque * keybuf); |
175 | opaque * keybuf); | ||
176 | 159 | ||
177 | int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, | 160 | int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, |
178 | const char *password, | 161 | const char *password, gnutls_datum_t * dec); |
179 | gnutls_datum_t * dec); | ||
180 | 162 | ||
181 | typedef enum schema_id | 163 | typedef enum schema_id |
182 | { | 164 | { |
183 | PBES2, /* the stuff in PKCS #5 */ | 165 | PBES2, /* the stuff in PKCS #5 */ |
184 | PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ | 166 | PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ |
185 | PKCS12_ARCFOUR_SHA1, | 167 | PKCS12_ARCFOUR_SHA1, |
186 | PKCS12_RC2_40_SHA1 | 168 | PKCS12_RC2_40_SHA1 |
187 | } schema_id; | 169 | } schema_id; |
188 | 170 | ||
189 | int _gnutls_pkcs7_encrypt_data(schema_id schema, | 171 | int _gnutls_pkcs7_encrypt_data (schema_id schema, |
190 | const gnutls_datum_t * data, | 172 | const gnutls_datum_t * data, |
191 | const char *password, | 173 | const char *password, gnutls_datum_t * enc); |
192 | gnutls_datum_t * enc); | 174 | int _pkcs12_decode_safe_contents (const gnutls_datum_t * content, |
193 | int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, | 175 | gnutls_pkcs12_bag_t bag); |
194 | gnutls_pkcs12_bag_t bag); | 176 | |
195 | 177 | int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, | |
196 | int _pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, | 178 | ASN1_TYPE * content, int *enc); |
197 | ASN1_TYPE * content, | 179 | |
198 | int *enc); | 180 | int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, |
199 | 181 | const gnutls_datum_t * in, gnutls_datum_t * out); | |
200 | int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, | 182 | int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, |
201 | const gnutls_datum_t * in, | 183 | const gnutls_datum_t * raw, gnutls_datum_t * out); |
202 | gnutls_datum_t * out); | 184 | |
203 | int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, | 185 | #endif /* GNUTLS_PKCS12_H */ |
204 | const gnutls_datum_t * raw, | ||
205 | gnutls_datum_t * out); | ||
206 | |||
207 | #endif /* GNUTLS_PKCS12_H */ | ||
diff --git a/src/daemon/https/x509/pkcs12_bag.c b/src/daemon/https/x509/pkcs12_bag.c index 780dfb52..63b290bc 100644 --- a/src/daemon/https/x509/pkcs12_bag.c +++ b/src/daemon/https/x509/pkcs12_bag.c | |||
@@ -80,7 +80,7 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag) | |||
80 | * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure | 80 | * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure |
81 | * @bag: The structure to be initialized | 81 | * @bag: The structure to be initialized |
82 | * | 82 | * |
83 | * This function will deinitialize a PKCS12 Bag structure. | 83 | * This function will deinitialize a PKCS12 Bag structure. |
84 | * | 84 | * |
85 | **/ | 85 | **/ |
86 | void | 86 | void |
@@ -121,7 +121,7 @@ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx) | |||
121 | * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count | 121 | * gnutls_pkcs12_bag_get_count - This function returns the bag's elements count |
122 | * @bag: The bag | 122 | * @bag: The bag |
123 | * | 123 | * |
124 | * This function will return the number of the elements withing the bag. | 124 | * This function will return the number of the elements withing the bag. |
125 | * | 125 | * |
126 | **/ | 126 | **/ |
127 | int | 127 | int |
@@ -332,7 +332,7 @@ cleanup: | |||
332 | * @data: the data to be copied. | 332 | * @data: the data to be copied. |
333 | * | 333 | * |
334 | * This function will insert the given data of the given type into the | 334 | * This function will insert the given data of the given type into the |
335 | * bag. | 335 | * bag. |
336 | * | 336 | * |
337 | * Returns the index of the added bag on success, or a negative | 337 | * Returns the index of the added bag on success, or a negative |
338 | * value on error. | 338 | * value on error. |
@@ -475,7 +475,7 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) | |||
475 | * This function will add the given key ID, to the specified, by the index, bag | 475 | * This function will add the given key ID, to the specified, by the index, bag |
476 | * element. The key ID will be encoded as a 'Local key identifier' bag attribute, | 476 | * element. The key ID will be encoded as a 'Local key identifier' bag attribute, |
477 | * which is usually used to distinguish the local private key and the certificate pair. | 477 | * which is usually used to distinguish the local private key and the certificate pair. |
478 | * | 478 | * |
479 | * Returns 0 on success, or a negative value on error. | 479 | * Returns 0 on success, or a negative value on error. |
480 | * | 480 | * |
481 | **/ | 481 | **/ |
@@ -518,7 +518,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, | |||
518 | * | 518 | * |
519 | * This function will return the key ID, of the specified bag element. | 519 | * This function will return the key ID, of the specified bag element. |
520 | * The key ID is usually used to distinguish the local private key and the certificate pair. | 520 | * The key ID is usually used to distinguish the local private key and the certificate pair. |
521 | * | 521 | * |
522 | * Returns 0 on success, or a negative value on error. | 522 | * Returns 0 on success, or a negative value on error. |
523 | * | 523 | * |
524 | **/ | 524 | **/ |
@@ -552,7 +552,7 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, | |||
552 | * | 552 | * |
553 | * This function will return the friendly name, of the specified bag element. | 553 | * This function will return the friendly name, of the specified bag element. |
554 | * The key ID is usually used to distinguish the local private key and the certificate pair. | 554 | * The key ID is usually used to distinguish the local private key and the certificate pair. |
555 | * | 555 | * |
556 | * Returns 0 on success, or a negative value on error. | 556 | * Returns 0 on success, or a negative value on error. |
557 | * | 557 | * |
558 | **/ | 558 | **/ |
@@ -587,7 +587,7 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, | |||
587 | * This function will add the given key friendly name, to the specified, by the index, bag | 587 | * This function will add the given key friendly name, to the specified, by the index, bag |
588 | * element. The name will be encoded as a 'Friendly name' bag attribute, | 588 | * element. The name will be encoded as a 'Friendly name' bag attribute, |
589 | * which is usually used to set a user name to the local private key and the certificate pair. | 589 | * which is usually used to set a user name to the local private key and the certificate pair. |
590 | * | 590 | * |
591 | * Returns 0 on success, or a negative value on error. | 591 | * Returns 0 on success, or a negative value on error. |
592 | * | 592 | * |
593 | **/ | 593 | **/ |
@@ -752,7 +752,7 @@ gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, | |||
752 | return ret; | 752 | return ret; |
753 | } | 753 | } |
754 | 754 | ||
755 | /* encryption succeeded. | 755 | /* encryption succeeded. |
756 | */ | 756 | */ |
757 | 757 | ||
758 | _pkcs12_bag_free_data (bag); | 758 | _pkcs12_bag_free_data (bag); |
diff --git a/src/daemon/https/x509/pkcs7.c b/src/daemon/https/x509/pkcs7.c index 3cef67c2..6af89425 100644 --- a/src/daemon/https/x509/pkcs7.c +++ b/src/daemon/https/x509/pkcs7.c | |||
@@ -40,7 +40,7 @@ | |||
40 | 40 | ||
41 | #define SIGNED_DATA_OID "1.2.840.113549.1.7.2" | 41 | #define SIGNED_DATA_OID "1.2.840.113549.1.7.2" |
42 | 42 | ||
43 | /* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, | 43 | /* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, |
44 | * which holds them. If raw is non null then the raw decoded | 44 | * which holds them. If raw is non null then the raw decoded |
45 | * data are copied (they are locally allocated) there. | 45 | * data are copied (they are locally allocated) there. |
46 | */ | 46 | */ |
@@ -175,7 +175,7 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7) | |||
175 | * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure | 175 | * gnutls_pkcs7_deinit - This function deinitializes memory used by a gnutls_pkcs7_t structure |
176 | * @pkcs7: The structure to be initialized | 176 | * @pkcs7: The structure to be initialized |
177 | * | 177 | * |
178 | * This function will deinitialize a PKCS7 structure. | 178 | * This function will deinitialize a PKCS7 structure. |
179 | * | 179 | * |
180 | **/ | 180 | **/ |
181 | void | 181 | void |
@@ -298,7 +298,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, | |||
298 | return result; | 298 | return result; |
299 | } | 299 | } |
300 | 300 | ||
301 | /* Step 2. Parse the CertificateSet | 301 | /* Step 2. Parse the CertificateSet |
302 | */ | 302 | */ |
303 | 303 | ||
304 | snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); | 304 | snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1); |
@@ -320,7 +320,7 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, | |||
320 | goto cleanup; | 320 | goto cleanup; |
321 | } | 321 | } |
322 | 322 | ||
323 | /* if 'Certificate' is the choice found: | 323 | /* if 'Certificate' is the choice found: |
324 | */ | 324 | */ |
325 | if (strcmp (oid, "certificate") == 0) | 325 | if (strcmp (oid, "certificate") == 0) |
326 | { | 326 | { |
@@ -369,7 +369,7 @@ cleanup: | |||
369 | * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set | 369 | * gnutls_pkcs7_get_crt_count - This function returns the number of certificates in a PKCS7 certificate set |
370 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure | 370 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure |
371 | * | 371 | * |
372 | * This function will return the number of certifcates in the PKCS7 or | 372 | * This function will return the number of certifcates in the PKCS7 or |
373 | * RFC2630 certificate set. | 373 | * RFC2630 certificate set. |
374 | * | 374 | * |
375 | * Returns a negative value on failure. | 375 | * Returns a negative value on failure. |
@@ -755,12 +755,12 @@ gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, | |||
755 | return result; | 755 | return result; |
756 | } | 756 | } |
757 | 757 | ||
758 | /* Step 2. Parse the CertificateSet | 758 | /* Step 2. Parse the CertificateSet |
759 | */ | 759 | */ |
760 | 760 | ||
761 | snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); | 761 | snprintf (root2, sizeof (root2), "crls.?%u", indx + 1); |
762 | 762 | ||
763 | /* Get the raw CRL | 763 | /* Get the raw CRL |
764 | */ | 764 | */ |
765 | result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, | 765 | result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, |
766 | root2, &start, &end); | 766 | root2, &start, &end); |
@@ -799,7 +799,7 @@ cleanup: | |||
799 | * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set | 799 | * gnutls_pkcs7_get_crl_count - This function returns the number of crls in a PKCS7 crl set |
800 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure | 800 | * @pkcs7_struct: should contain a gnutls_pkcs7_t structure |
801 | * | 801 | * |
802 | * This function will return the number of certifcates in the PKCS7 or | 802 | * This function will return the number of certifcates in the PKCS7 or |
803 | * RFC2630 crl set. | 803 | * RFC2630 crl set. |
804 | * | 804 | * |
805 | * Returns a negative value on failure. | 805 | * Returns a negative value on failure. |
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h index 6e645b9d..59dc936b 100644 --- a/src/daemon/https/x509/privkey.h +++ b/src/daemon/https/x509/privkey.h | |||
@@ -25,7 +25,7 @@ | |||
25 | #include "x509.h" | 25 | #include "x509.h" |
26 | 26 | ||
27 | ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * | 27 | ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * |
28 | raw_key, | 28 | raw_key, |
29 | gnutls_x509_privkey_t pkey); | 29 | gnutls_x509_privkey_t pkey); |
30 | 30 | ||
31 | int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | 31 | int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); |
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c index fa5b5c43..8b92f266 100644 --- a/src/daemon/https/x509/privkey_pkcs8.c +++ b/src/daemon/https/x509/privkey_pkcs8.c | |||
@@ -1284,7 +1284,7 @@ error: | |||
1284 | /* Converts an OID to a gnutls cipher type. | 1284 | /* Converts an OID to a gnutls cipher type. |
1285 | */ | 1285 | */ |
1286 | inline static int | 1286 | inline static int |
1287 | oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm * algo) | 1287 | oid2cipher (const char *oid, enum MHD_GNUTLS_CipherAlgorithm *algo) |
1288 | { | 1288 | { |
1289 | 1289 | ||
1290 | *algo = 0; | 1290 | *algo = 0; |
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c index 9a548665..2d367732 100644 --- a/src/daemon/https/x509/sign.c +++ b/src/daemon/https/x509/sign.c | |||
@@ -132,8 +132,9 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | |||
132 | * params[1] is public key | 132 | * params[1] is public key |
133 | */ | 133 | */ |
134 | static int | 134 | static int |
135 | pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, | 135 | pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, |
136 | mpi_t * params, int params_len, gnutls_datum_t * signature) | 136 | const gnutls_datum_t * text, mpi_t * params, int params_len, |
137 | gnutls_datum_t * signature) | ||
137 | { | 138 | { |
138 | int ret; | 139 | int ret; |
139 | opaque _digest[MAX_HASH_SIZE]; | 140 | opaque _digest[MAX_HASH_SIZE]; |
@@ -163,7 +164,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, | |||
163 | 164 | ||
164 | if ((ret = | 165 | if ((ret = |
165 | mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, | 166 | mhd_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, |
166 | signature)) < 0) | 167 | signature)) < 0) |
167 | { | 168 | { |
168 | gnutls_assert (); | 169 | gnutls_assert (); |
169 | _gnutls_free_datum (&info); | 170 | _gnutls_free_datum (&info); |
@@ -179,7 +180,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, const gnutls_datum_t * text, | |||
179 | * private key. | 180 | * private key. |
180 | * | 181 | * |
181 | * returns 0 on success. | 182 | * returns 0 on success. |
182 | * | 183 | * |
183 | * 'tbs' is the data to be signed | 184 | * 'tbs' is the data to be signed |
184 | * 'signature' will hold the signature! | 185 | * 'signature' will hold the signature! |
185 | * 'hash' is only used in PKCS1 RSA signing. | 186 | * 'hash' is only used in PKCS1 RSA signing. |
@@ -327,7 +328,7 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | |||
327 | } | 328 | } |
328 | 329 | ||
329 | /* Step 3. Move up and write the AlgorithmIdentifier, which is also | 330 | /* Step 3. Move up and write the AlgorithmIdentifier, which is also |
330 | * the same. | 331 | * the same. |
331 | */ | 332 | */ |
332 | 333 | ||
333 | result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", | 334 | result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", |
diff --git a/src/daemon/https/x509/sign.h b/src/daemon/https/x509/sign.h index c7da9e2e..86d9859c 100644 --- a/src/daemon/https/x509/sign.h +++ b/src/daemon/https/x509/sign.h | |||
@@ -23,14 +23,14 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | int _gnutls_x509_sign (const gnutls_datum_t * tbs, | 25 | int _gnutls_x509_sign (const gnutls_datum_t * tbs, |
26 | enum MHD_GNUTLS_HashAlgorithm hash, | 26 | enum MHD_GNUTLS_HashAlgorithm hash, |
27 | gnutls_x509_privkey_t signer, | 27 | gnutls_x509_privkey_t signer, |
28 | gnutls_datum_t * signature); | 28 | gnutls_datum_t * signature); |
29 | int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, | 29 | int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, |
30 | enum MHD_GNUTLS_HashAlgorithm hash, | 30 | enum MHD_GNUTLS_HashAlgorithm hash, |
31 | gnutls_x509_privkey_t signer, | 31 | gnutls_x509_privkey_t signer, |
32 | gnutls_datum_t * signature); | 32 | gnutls_datum_t * signature); |
33 | int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | 33 | int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, |
34 | enum MHD_GNUTLS_HashAlgorithm, | 34 | enum MHD_GNUTLS_HashAlgorithm, |
35 | gnutls_x509_crt_t issuer, | 35 | gnutls_x509_crt_t issuer, |
36 | gnutls_x509_privkey_t issuer_key); | 36 | gnutls_x509_privkey_t issuer_key); |
diff --git a/src/daemon/https/x509/verify.h b/src/daemon/https/x509/verify.h index d7ca5151..c7e3c63d 100644 --- a/src/daemon/https/x509/verify.h +++ b/src/daemon/https/x509/verify.h | |||
@@ -25,10 +25,10 @@ | |||
25 | #include "x509.h" | 25 | #include "x509.h" |
26 | 26 | ||
27 | int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, | 27 | int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, |
28 | gnutls_x509_crt_t issuer); | 28 | gnutls_x509_crt_t issuer); |
29 | int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, | 29 | int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, |
30 | const gnutls_datum_t * signature, | 30 | const gnutls_datum_t * signature, |
31 | gnutls_x509_crt_t issuer); | 31 | gnutls_x509_crt_t issuer); |
32 | int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, | 32 | int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, |
33 | const gnutls_datum_t * signature, | 33 | const gnutls_datum_t * signature, |
34 | gnutls_x509_privkey_t issuer); | 34 | gnutls_x509_privkey_t issuer); |
diff --git a/src/daemon/https/x509/x509.c b/src/daemon/https/x509/x509.c index e8dff3c7..76ad46ac 100644 --- a/src/daemon/https/x509/x509.c +++ b/src/daemon/https/x509/x509.c | |||
@@ -76,7 +76,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) | |||
76 | * @dest: The structure where to copy | 76 | * @dest: The structure where to copy |
77 | * @src: The structure to be copied | 77 | * @src: The structure to be copied |
78 | * | 78 | * |
79 | * This function will copy an X.509 certificate structure. | 79 | * This function will copy an X.509 certificate structure. |
80 | * | 80 | * |
81 | * Returns 0 on success. | 81 | * Returns 0 on success. |
82 | * | 82 | * |
@@ -131,7 +131,7 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) | |||
131 | * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure | 131 | * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure |
132 | * @cert: The structure to be initialized | 132 | * @cert: The structure to be initialized |
133 | * | 133 | * |
134 | * This function will deinitialize a CRL structure. | 134 | * This function will deinitialize a CRL structure. |
135 | * | 135 | * |
136 | **/ | 136 | **/ |
137 | void | 137 | void |
@@ -456,8 +456,8 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, | |||
456 | * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm | 456 | * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm |
457 | * @cert: should contain a gnutls_x509_crt_t structure | 457 | * @cert: should contain a gnutls_x509_crt_t structure |
458 | * | 458 | * |
459 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that | 459 | * This function will return a value of the gnutls_sign_algorithm_t enumeration that |
460 | * is the signature algorithm. | 460 | * is the signature algorithm. |
461 | * | 461 | * |
462 | * Returns a negative value on error. | 462 | * Returns a negative value on error. |
463 | * | 463 | * |
@@ -635,11 +635,11 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) | |||
635 | * @result: The place where the serial number will be copied | 635 | * @result: The place where the serial number will be copied |
636 | * @result_size: Holds the size of the result field. | 636 | * @result_size: Holds the size of the result field. |
637 | * | 637 | * |
638 | * This function will return the X.509 certificate's serial number. | 638 | * This function will return the X.509 certificate's serial number. |
639 | * This is obtained by the X509 Certificate serialNumber | 639 | * This is obtained by the X509 Certificate serialNumber |
640 | * field. Serial is not always a 32 or 64bit number. Some CAs use | 640 | * field. Serial is not always a 32 or 64bit number. Some CAs use |
641 | * large serial numbers, thus it may be wise to handle it as something | 641 | * large serial numbers, thus it may be wise to handle it as something |
642 | * opaque. | 642 | * opaque. |
643 | * | 643 | * |
644 | * Returns 0 on success and a negative value in case of an error. | 644 | * Returns 0 on success and a negative value in case of an error. |
645 | * | 645 | * |
@@ -680,7 +680,7 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, | |||
680 | * | 680 | * |
681 | * This function will return the X.509v3 certificate's subject key identifier. | 681 | * This function will return the X.509v3 certificate's subject key identifier. |
682 | * This is obtained by the X.509 Subject Key identifier extension | 682 | * This is obtained by the X.509 Subject Key identifier extension |
683 | * field (2.5.29.14). | 683 | * field (2.5.29.14). |
684 | * | 684 | * |
685 | * Returns 0 on success and a negative value in case of an error. | 685 | * Returns 0 on success and a negative value in case of an error. |
686 | * | 686 | * |
@@ -850,11 +850,11 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, | |||
850 | * @cert: should contain a gnutls_x509_crt_t structure | 850 | * @cert: should contain a gnutls_x509_crt_t structure |
851 | * @bits: if bits is non null it will hold the size of the parameters' in bits | 851 | * @bits: if bits is non null it will hold the size of the parameters' in bits |
852 | * | 852 | * |
853 | * This function will return the public key algorithm of an X.509 | 853 | * This function will return the public key algorithm of an X.509 |
854 | * certificate. | 854 | * certificate. |
855 | * | 855 | * |
856 | * If bits is non null, it should have enough size to hold the parameters | 856 | * If bits is non null, it should have enough size to hold the parameters |
857 | * size in bits. For RSA the bits returned is the modulus. | 857 | * size in bits. For RSA the bits returned is the modulus. |
858 | * For DSA the bits returned are of the public | 858 | * For DSA the bits returned are of the public |
859 | * exponent. | 859 | * exponent. |
860 | * | 860 | * |
@@ -1353,7 +1353,7 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) | |||
1353 | * @key_usage: where the key usage bits will be stored | 1353 | * @key_usage: where the key usage bits will be stored |
1354 | * @critical: will be non zero if the extension is marked as critical | 1354 | * @critical: will be non zero if the extension is marked as critical |
1355 | * | 1355 | * |
1356 | * This function will return certificate's key usage, by reading the | 1356 | * This function will return certificate's key usage, by reading the |
1357 | * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: | 1357 | * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed values of the: |
1358 | * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, | 1358 | * GNUTLS_KEY_DIGITAL_SIGNATURE, GNUTLS_KEY_NON_REPUDIATION, |
1359 | * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, | 1359 | * GNUTLS_KEY_KEY_ENCIPHERMENT, GNUTLS_KEY_DATA_ENCIPHERMENT, |
@@ -1547,7 +1547,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, | |||
1547 | * The extension OID will be stored as a string in the provided buffer. | 1547 | * The extension OID will be stored as a string in the provided buffer. |
1548 | * | 1548 | * |
1549 | * A negative value may be returned in case of parsing error. | 1549 | * A negative value may be returned in case of parsing error. |
1550 | * If your have reached the last extension available | 1550 | * If your have reached the last extension available |
1551 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. | 1551 | * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. |
1552 | * | 1552 | * |
1553 | **/ | 1553 | **/ |
@@ -2166,7 +2166,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, | |||
2166 | } | 2166 | } |
2167 | 2167 | ||
2168 | result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, | 2168 | result = MHD_gnutls_fingerprint (MHD_GNUTLS_MAC_SHA1, &pubkey, output_data, |
2169 | output_data_size); | 2169 | output_data_size); |
2170 | 2170 | ||
2171 | gnutls_afree (pubkey.data); | 2171 | gnutls_afree (pubkey.data); |
2172 | 2172 | ||
@@ -2813,7 +2813,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, | |||
2813 | } | 2813 | } |
2814 | } | 2814 | } |
2815 | 2815 | ||
2816 | /* now we move ptr after the pem header | 2816 | /* now we move ptr after the pem header |
2817 | */ | 2817 | */ |
2818 | ptr++; | 2818 | ptr++; |
2819 | /* find the next certificate (if any) | 2819 | /* find the next certificate (if any) |
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h index f779759f..d718767a 100644 --- a/src/daemon/https/x509/x509.h +++ b/src/daemon/https/x509/x509.h | |||
@@ -29,7 +29,7 @@ | |||
29 | 29 | ||
30 | #ifdef __cplusplus | 30 | #ifdef __cplusplus |
31 | extern "C" | 31 | extern "C" |
32 | { | 32 | { |
33 | #endif | 33 | #endif |
34 | 34 | ||
35 | #include <gnutls.h> | 35 | #include <gnutls.h> |
@@ -78,7 +78,7 @@ extern "C" | |||
78 | 78 | ||
79 | /* Certificate handling functions. | 79 | /* Certificate handling functions. |
80 | */ | 80 | */ |
81 | typedef enum gnutls_certificate_import_flags | 81 | typedef enum gnutls_certificate_import_flags |
82 | { | 82 | { |
83 | /* Fail if the certificates in the buffer are more than the space | 83 | /* Fail if the certificates in the buffer are more than the space |
84 | * allocated for certificates. The error code will be | 84 | * allocated for certificates. The error code will be |
@@ -87,71 +87,61 @@ typedef enum gnutls_certificate_import_flags | |||
87 | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 | 87 | GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 |
88 | } gnutls_certificate_import_flags; | 88 | } gnutls_certificate_import_flags; |
89 | 89 | ||
90 | int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); | 90 | int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); |
91 | void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); | 91 | void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); |
92 | int gnutls_x509_crt_import(gnutls_x509_crt_t cert, | 92 | int gnutls_x509_crt_import (gnutls_x509_crt_t cert, |
93 | const gnutls_datum_t * data, | 93 | const gnutls_datum_t * data, |
94 | gnutls_x509_crt_fmt_t format); | 94 | gnutls_x509_crt_fmt_t format); |
95 | int gnutls_x509_crt_list_import(gnutls_x509_crt_t * certs, | 95 | int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, |
96 | unsigned int *cert_max, | 96 | unsigned int *cert_max, |
97 | const gnutls_datum_t * data, | 97 | const gnutls_datum_t * data, |
98 | gnutls_x509_crt_fmt_t format, | 98 | gnutls_x509_crt_fmt_t format, |
99 | unsigned int flags); | 99 | unsigned int flags); |
100 | int gnutls_x509_crt_export(gnutls_x509_crt_t cert, | 100 | int gnutls_x509_crt_export (gnutls_x509_crt_t cert, |
101 | gnutls_x509_crt_fmt_t format, | 101 | gnutls_x509_crt_fmt_t format, |
102 | void *output_data, | 102 | void *output_data, size_t * output_data_size); |
103 | size_t * output_data_size); | 103 | int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, |
104 | int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, | 104 | char *buf, size_t * sizeof_buf); |
105 | char *buf, | 105 | int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, |
106 | size_t * sizeof_buf); | ||
107 | int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, | ||
108 | int indx, | ||
109 | void *oid, | ||
110 | size_t * sizeof_oid); | ||
111 | int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, | ||
112 | const char *oid, | ||
113 | int indx, | 106 | int indx, |
114 | unsigned int raw_flag, | 107 | void *oid, size_t * sizeof_oid); |
115 | void *buf, | 108 | int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, |
116 | size_t * sizeof_buf); | 109 | const char *oid, |
117 | int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, | 110 | int indx, |
118 | char *buf, | 111 | unsigned int raw_flag, |
119 | size_t * sizeof_buf); | 112 | void *buf, size_t * sizeof_buf); |
120 | int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, | 113 | int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, |
121 | int indx, | 114 | char *buf, size_t * sizeof_buf); |
122 | void *oid, | 115 | int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, |
123 | size_t * sizeof_oid); | 116 | int indx, void *oid, size_t * sizeof_oid); |
124 | int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, | 117 | int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, |
125 | const char *oid, | 118 | const char *oid, |
126 | int indx, | 119 | int indx, |
127 | unsigned int raw_flag, | 120 | unsigned int raw_flag, |
128 | void *buf, | 121 | void *buf, size_t * sizeof_buf); |
129 | size_t * sizeof_buf); | 122 | int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, |
130 | int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, | 123 | const char *hostname); |
131 | const char *hostname); | 124 | |
132 | 125 | int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); | |
133 | int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); | 126 | int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, |
134 | int gnutls_x509_crt_get_signature(gnutls_x509_crt_t cert, | 127 | char *sig, size_t * sizeof_sig); |
135 | char *sig, | 128 | int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); |
136 | size_t *sizeof_sig); | 129 | int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, |
137 | int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); | 130 | unsigned int flags, |
138 | int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, | 131 | unsigned char *output_data, |
139 | unsigned int flags, | 132 | size_t * output_data_size); |
140 | unsigned char *output_data, | 133 | |
141 | size_t * output_data_size); | 134 | int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, |
142 | 135 | const void *id, size_t id_size); | |
143 | int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, | 136 | int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, |
144 | const void *id, | 137 | void *ret, |
145 | size_t id_size); | 138 | size_t * ret_size, |
146 | int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, | 139 | unsigned int *critical); |
147 | void *ret, | 140 | |
148 | size_t * ret_size, | 141 | int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, |
149 | unsigned int *critical); | 142 | void *ret, |
150 | 143 | size_t * ret_size, | |
151 | int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, | 144 | unsigned int *critical); |
152 | void *ret, | ||
153 | size_t * ret_size, | ||
154 | unsigned int *critical); | ||
155 | 145 | ||
156 | #define GNUTLS_CRL_REASON_UNUSED 128 | 146 | #define GNUTLS_CRL_REASON_UNUSED 128 |
157 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | 147 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 |
@@ -163,336 +153,303 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, | |||
163 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 | 153 | #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 |
164 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 | 154 | #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 |
165 | 155 | ||
166 | int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, | 156 | int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, |
167 | unsigned int seq, | 157 | unsigned int seq, |
168 | void *ret, | 158 | void *ret, |
169 | size_t * ret_size, | 159 | size_t * ret_size, |
170 | unsigned int *reason_flags, | 160 | unsigned int *reason_flags, |
171 | unsigned int *critical); | 161 | unsigned int *critical); |
172 | int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, | 162 | int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, |
173 | gnutls_x509_subject_alt_name_t | 163 | gnutls_x509_subject_alt_name_t |
174 | type, | 164 | type, |
175 | const void *data_string, | 165 | const void *data_string, |
176 | unsigned int reason_flags); | 166 | unsigned int reason_flags); |
177 | int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, | 167 | int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, |
178 | gnutls_x509_crt_t src); | 168 | gnutls_x509_crt_t src); |
179 | 169 | ||
180 | time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); | 170 | time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); |
181 | time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); | 171 | time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); |
182 | int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, | 172 | int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, |
183 | void *result, | 173 | void *result, size_t * result_size); |
184 | size_t * result_size); | 174 | |
185 | 175 | int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, | |
186 | int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, | 176 | unsigned int *bits); |
187 | unsigned int *bits); | 177 | int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, |
188 | int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, | 178 | gnutls_datum_t * m, gnutls_datum_t * e); |
189 | gnutls_datum_t * m, | 179 | int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, |
190 | gnutls_datum_t * e); | 180 | gnutls_datum_t * p, |
191 | int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, | 181 | gnutls_datum_t * q, |
192 | gnutls_datum_t * p, | 182 | gnutls_datum_t * g, gnutls_datum_t * y); |
193 | gnutls_datum_t * q, | 183 | |
194 | gnutls_datum_t * g, | 184 | int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, |
195 | gnutls_datum_t * y); | 185 | unsigned int seq, |
196 | 186 | void *ret, | |
197 | int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, | 187 | size_t * ret_size, |
198 | unsigned int seq, | 188 | unsigned int *critical); |
199 | void *ret, | 189 | int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, |
200 | size_t * ret_size, | 190 | unsigned int seq, |
201 | unsigned int *critical); | 191 | void *ret, |
202 | int gnutls_x509_crt_get_subject_alt_name2(gnutls_x509_crt_t cert, | 192 | size_t * ret_size, |
203 | unsigned int seq, | 193 | unsigned int *ret_type, |
204 | void *ret, | 194 | unsigned int *critical); |
205 | size_t * ret_size, | 195 | |
206 | unsigned int* ret_type, | 196 | int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, |
207 | unsigned int *critical); | 197 | unsigned int seq, |
208 | 198 | void *ret, | |
209 | int gnutls_x509_crt_get_subject_alt_othername_oid(gnutls_x509_crt_t cert, | 199 | size_t * ret_size); |
210 | unsigned int seq, | 200 | |
211 | void *ret, | 201 | int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, |
212 | size_t * ret_size); | 202 | unsigned int *critical); |
213 | 203 | int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, | |
214 | int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, | 204 | unsigned int *critical, |
215 | unsigned int *critical); | 205 | int *ca, int *pathlen); |
216 | int gnutls_x509_crt_get_basic_constraints(gnutls_x509_crt_t cert, | ||
217 | unsigned int *critical, | ||
218 | int *ca, | ||
219 | int *pathlen); | ||
220 | 206 | ||
221 | /* The key_usage flags are defined in gnutls.h. They are the | 207 | /* The key_usage flags are defined in gnutls.h. They are the |
222 | * GNUTLS_KEY_* definitions. | 208 | * GNUTLS_KEY_* definitions. |
223 | */ | 209 | */ |
224 | int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, | 210 | int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, |
225 | unsigned int *key_usage, | 211 | unsigned int *key_usage, |
226 | unsigned int *critical); | 212 | unsigned int *critical); |
227 | int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, | 213 | int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, |
228 | unsigned int usage); | 214 | unsigned int usage); |
229 | 215 | ||
230 | int gnutls_x509_crt_get_proxy(gnutls_x509_crt_t cert, | 216 | int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, |
231 | unsigned int *critical, | 217 | unsigned int *critical, |
232 | int *pathlen, | 218 | int *pathlen, |
233 | char **policyLanguage, | 219 | char **policyLanguage, |
234 | char **policy, | 220 | char **policy, size_t * sizeof_policy); |
235 | size_t *sizeof_policy); | ||
236 | 221 | ||
237 | int gnutls_x509_dn_oid_known(const char *oid); | 222 | int gnutls_x509_dn_oid_known (const char *oid); |
238 | 223 | ||
239 | /* Read extensions by OID. */ | 224 | /* Read extensions by OID. */ |
240 | int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, | 225 | int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, |
241 | int indx, | ||
242 | void *oid, | ||
243 | size_t * sizeof_oid); | ||
244 | int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, | ||
245 | const char *oid, | ||
246 | int indx, | 226 | int indx, |
247 | void *buf, | 227 | void *oid, size_t * sizeof_oid); |
248 | size_t * sizeof_buf, | 228 | int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, |
249 | unsigned int *critical); | 229 | const char *oid, |
230 | int indx, | ||
231 | void *buf, | ||
232 | size_t * sizeof_buf, | ||
233 | unsigned int *critical); | ||
250 | 234 | ||
251 | /* Read extensions by sequence number. */ | 235 | /* Read extensions by sequence number. */ |
252 | int gnutls_x509_crt_get_extension_info(gnutls_x509_crt_t cert, | 236 | int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, |
253 | int indx, | 237 | int indx, |
254 | void *oid, | 238 | void *oid, |
255 | size_t * sizeof_oid, | 239 | size_t * sizeof_oid, int *critical); |
256 | int *critical); | 240 | int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, |
257 | int gnutls_x509_crt_get_extension_data(gnutls_x509_crt_t cert, | 241 | int indx, |
258 | int indx, | 242 | void *data, size_t * sizeof_data); |
259 | void *data, | 243 | |
260 | size_t * sizeof_data); | 244 | int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, |
261 | 245 | const char *oid, | |
262 | int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, | 246 | const void *buf, |
263 | const char *oid, | 247 | size_t sizeof_buf, |
264 | const void *buf, | 248 | unsigned int critical); |
265 | size_t sizeof_buf, | ||
266 | unsigned int critical); | ||
267 | 249 | ||
268 | /* X.509 Certificate writing. | 250 | /* X.509 Certificate writing. |
269 | */ | 251 | */ |
270 | int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, | 252 | int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, |
271 | const char *oid, | 253 | const char *oid, |
272 | unsigned int raw_flag, | 254 | unsigned int raw_flag, |
273 | const void *name, | 255 | const void *name, |
274 | unsigned int sizeof_name); | 256 | unsigned int sizeof_name); |
275 | int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, | 257 | int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, |
276 | const char *oid, | 258 | const char *oid, |
277 | unsigned int raw_flag, | 259 | unsigned int raw_flag, |
278 | const void *name, | 260 | const void *name, |
279 | unsigned int sizeof_name); | 261 | unsigned int sizeof_name); |
280 | int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, | 262 | int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, |
281 | unsigned int version); | 263 | unsigned int version); |
282 | int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, | 264 | int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, |
283 | gnutls_x509_privkey_t key); | 265 | gnutls_x509_privkey_t key); |
284 | int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, | 266 | int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); |
285 | unsigned int ca); | 267 | int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, |
286 | int gnutls_x509_crt_set_basic_constraints(gnutls_x509_crt_t crt, | 268 | unsigned int ca, |
287 | unsigned int ca, | 269 | int pathLenConstraint); |
288 | int pathLenConstraint); | 270 | int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, |
289 | int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, | 271 | gnutls_x509_subject_alt_name_t |
290 | gnutls_x509_subject_alt_name_t | 272 | type, |
291 | type, | 273 | const char *data_string); |
292 | const char *data_string); | 274 | int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, |
293 | int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, | 275 | gnutls_x509_crt_t issuer, |
294 | gnutls_x509_crt_t issuer, | 276 | gnutls_x509_privkey_t issuer_key); |
295 | gnutls_x509_privkey_t issuer_key); | 277 | int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, |
296 | int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, | 278 | gnutls_x509_crt_t issuer, |
297 | gnutls_x509_crt_t issuer, | 279 | gnutls_x509_privkey_t issuer_key, |
298 | gnutls_x509_privkey_t issuer_key, | 280 | enum MHD_GNUTLS_HashAlgorithm, |
299 | enum MHD_GNUTLS_HashAlgorithm, | 281 | unsigned int flags); |
300 | unsigned int flags); | 282 | int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, |
301 | int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, | 283 | time_t act_time); |
302 | time_t act_time); | 284 | int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, |
303 | int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, | 285 | time_t exp_time); |
304 | time_t exp_time); | 286 | int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, |
305 | int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, | 287 | const void *serial, size_t serial_size); |
306 | const void *serial, | 288 | |
307 | size_t serial_size); | 289 | int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, |
308 | 290 | const void *id, size_t id_size); | |
309 | int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, | 291 | |
310 | const void *id, | 292 | int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, |
311 | size_t id_size); | 293 | gnutls_x509_crt_t eecrt, |
312 | 294 | unsigned int raw_flag, | |
313 | int gnutls_x509_crt_set_proxy_dn(gnutls_x509_crt_t crt, | 295 | const void *name, |
314 | gnutls_x509_crt_t eecrt, | 296 | unsigned int sizeof_name); |
315 | unsigned int raw_flag, | 297 | int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, |
316 | const void *name, | 298 | int pathLenConstraint, |
317 | unsigned int sizeof_name); | 299 | const char *policyLanguage, |
318 | int gnutls_x509_crt_set_proxy(gnutls_x509_crt_t crt, | 300 | const char *policy, size_t sizeof_policy); |
319 | int pathLenConstraint, | 301 | |
320 | const char *policyLanguage, | 302 | typedef enum gnutls_certificate_print_formats |
321 | const char *policy, | ||
322 | size_t sizeof_policy); | ||
323 | |||
324 | typedef enum gnutls_certificate_print_formats | ||
325 | { | 303 | { |
326 | GNUTLS_X509_CRT_FULL, | 304 | GNUTLS_X509_CRT_FULL, |
327 | GNUTLS_X509_CRT_ONELINE, | 305 | GNUTLS_X509_CRT_ONELINE, |
328 | GNUTLS_X509_CRT_UNSIGNED_FULL | 306 | GNUTLS_X509_CRT_UNSIGNED_FULL |
329 | } gnutls_certificate_print_formats_t; | 307 | } gnutls_certificate_print_formats_t; |
330 | 308 | ||
331 | int gnutls_x509_crt_print(gnutls_x509_crt_t cert, | 309 | int gnutls_x509_crt_print (gnutls_x509_crt_t cert, |
332 | gnutls_certificate_print_formats_t format, | 310 | gnutls_certificate_print_formats_t format, |
333 | gnutls_datum_t *out); | 311 | gnutls_datum_t * out); |
334 | int gnutls_x509_crl_print(gnutls_x509_crl_t crl, | 312 | int gnutls_x509_crl_print (gnutls_x509_crl_t crl, |
335 | gnutls_certificate_print_formats_t format, | 313 | gnutls_certificate_print_formats_t format, |
336 | gnutls_datum_t *out); | 314 | gnutls_datum_t * out); |
337 | 315 | ||
338 | /* Access to internal Certificate fields. | 316 | /* Access to internal Certificate fields. |
339 | */ | 317 | */ |
340 | int gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, | 318 | int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, |
341 | gnutls_datum_t * start); | 319 | gnutls_datum_t * start); |
342 | int gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, | 320 | int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, |
343 | gnutls_datum_t * start); | 321 | gnutls_datum_t * start); |
344 | 322 | ||
345 | /* RDN handling. | 323 | /* RDN handling. |
346 | */ | 324 | */ |
347 | int gnutls_x509_rdn_get(const gnutls_datum_t * idn, | 325 | int gnutls_x509_rdn_get (const gnutls_datum_t * idn, |
348 | char *buf, | 326 | char *buf, size_t * sizeof_buf); |
349 | size_t * sizeof_buf); | 327 | int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, |
350 | int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, | 328 | int indx, void *buf, size_t * sizeof_buf); |
351 | int indx, | 329 | |
352 | void *buf, | 330 | int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, |
353 | size_t * sizeof_buf); | 331 | const char *oid, |
354 | 332 | int indx, | |
355 | int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, | 333 | unsigned int raw_flag, |
356 | const char *oid, | 334 | void *buf, size_t * sizeof_buf); |
357 | int indx, | 335 | |
358 | unsigned int raw_flag, | 336 | typedef void *gnutls_x509_dn_t; |
359 | void *buf, | 337 | |
360 | size_t * sizeof_buf); | 338 | typedef struct gnutls_x509_ava_st |
361 | |||
362 | typedef void *gnutls_x509_dn_t; | ||
363 | |||
364 | typedef struct gnutls_x509_ava_st | ||
365 | { | 339 | { |
366 | gnutls_datum_t oid; | 340 | gnutls_datum_t oid; |
367 | gnutls_datum_t value; | 341 | gnutls_datum_t value; |
368 | unsigned long value_tag; | 342 | unsigned long value_tag; |
369 | } gnutls_x509_ava_st; | 343 | } gnutls_x509_ava_st; |
370 | 344 | ||
371 | int gnutls_x509_crt_get_subject(gnutls_x509_crt_t cert, | 345 | int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, |
372 | gnutls_x509_dn_t *dn); | 346 | gnutls_x509_dn_t * dn); |
373 | int gnutls_x509_crt_get_issuer(gnutls_x509_crt_t cert, | 347 | int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, |
374 | gnutls_x509_dn_t *dn); | 348 | gnutls_x509_dn_t * dn); |
375 | int gnutls_x509_dn_get_rdn_ava(gnutls_x509_dn_t dn, | 349 | int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, |
376 | int irdn, | 350 | int irdn, |
377 | int iava, | 351 | int iava, gnutls_x509_ava_st * avast); |
378 | gnutls_x509_ava_st *avast); | ||
379 | 352 | ||
380 | /* CRL handling functions. | 353 | /* CRL handling functions. |
381 | */ | 354 | */ |
382 | int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); | 355 | int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); |
383 | void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); | 356 | void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); |
384 | 357 | ||
385 | int gnutls_x509_crl_import(gnutls_x509_crl_t crl, | 358 | int gnutls_x509_crl_import (gnutls_x509_crl_t crl, |
386 | const gnutls_datum_t * data, | 359 | const gnutls_datum_t * data, |
387 | gnutls_x509_crt_fmt_t format); | 360 | gnutls_x509_crt_fmt_t format); |
388 | int gnutls_x509_crl_export(gnutls_x509_crl_t crl, | 361 | int gnutls_x509_crl_export (gnutls_x509_crl_t crl, |
389 | gnutls_x509_crt_fmt_t format, | 362 | gnutls_x509_crt_fmt_t format, |
390 | void *output_data, | 363 | void *output_data, size_t * output_data_size); |
391 | size_t * output_data_size); | 364 | |
392 | 365 | int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, | |
393 | int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, | 366 | char *buf, size_t * sizeof_buf); |
394 | char *buf, | 367 | int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, |
395 | size_t * sizeof_buf); | 368 | const char *oid, |
396 | int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, | 369 | int indx, |
397 | const char *oid, | 370 | unsigned int raw_flag, |
398 | int indx, | 371 | void *buf, size_t * sizeof_buf); |
399 | unsigned int raw_flag, | 372 | int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, |
400 | void *buf, | 373 | int indx, void *oid, size_t * sizeof_oid); |
401 | size_t * sizeof_buf); | 374 | |
402 | int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, | 375 | int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); |
403 | int indx, | 376 | int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, |
404 | void *oid, | 377 | char *sig, size_t * sizeof_sig); |
405 | size_t * sizeof_oid); | 378 | int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); |
406 | 379 | ||
407 | int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); | 380 | time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); |
408 | int gnutls_x509_crl_get_signature(gnutls_x509_crl_t crl, | 381 | time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl); |
409 | char *sig, | 382 | |
410 | size_t *sizeof_sig); | 383 | int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); |
411 | int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); | 384 | int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, |
412 | 385 | int indx, | |
413 | time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); | 386 | unsigned char *serial, |
414 | time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); | 387 | size_t * serial_size, time_t * t); |
415 | |||
416 | int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); | ||
417 | int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, | ||
418 | int indx, | ||
419 | unsigned char *serial, | ||
420 | size_t * serial_size, | ||
421 | time_t * t); | ||
422 | #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count | 388 | #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count |
423 | #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial | 389 | #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial |
424 | 390 | ||
425 | int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t crl, | 391 | int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, |
426 | gnutls_x509_crt_t issuer); | 392 | gnutls_x509_crt_t issuer); |
427 | 393 | ||
428 | /* CRL writing. | 394 | /* CRL writing. |
429 | */ | 395 | */ |
430 | int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, | 396 | int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, |
431 | unsigned int version); | 397 | unsigned int version); |
432 | int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, | 398 | int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, |
433 | gnutls_x509_crt_t issuer, | 399 | gnutls_x509_crt_t issuer, |
434 | gnutls_x509_privkey_t issuer_key); | 400 | gnutls_x509_privkey_t issuer_key); |
435 | int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, | 401 | int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, |
436 | gnutls_x509_crt_t issuer, | 402 | gnutls_x509_crt_t issuer, |
437 | gnutls_x509_privkey_t issuer_key, | 403 | gnutls_x509_privkey_t issuer_key, |
438 | enum MHD_GNUTLS_HashAlgorithm, | 404 | enum MHD_GNUTLS_HashAlgorithm, |
439 | unsigned int flags); | 405 | unsigned int flags); |
440 | int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, | 406 | int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, |
441 | time_t act_time); | 407 | time_t act_time); |
442 | int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, | 408 | int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, |
443 | time_t exp_time); | 409 | time_t exp_time); |
444 | int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, | 410 | int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, |
445 | const void *serial, | 411 | const void *serial, |
446 | size_t serial_size, | 412 | size_t serial_size, |
447 | time_t revocation_time); | 413 | time_t revocation_time); |
448 | int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, | 414 | int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, |
449 | gnutls_x509_crt_t crt, | 415 | gnutls_x509_crt_t crt, time_t revocation_time); |
450 | time_t revocation_time); | ||
451 | 416 | ||
452 | /* PKCS7 structures handling | 417 | /* PKCS7 structures handling |
453 | */ | 418 | */ |
454 | struct gnutls_pkcs7_int; | 419 | struct gnutls_pkcs7_int; |
455 | typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; | 420 | typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; |
456 | 421 | ||
457 | int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); | 422 | int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); |
458 | void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); | 423 | void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); |
459 | int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, | 424 | int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, |
460 | const gnutls_datum_t * data, | 425 | const gnutls_datum_t * data, |
461 | gnutls_x509_crt_fmt_t format); | 426 | gnutls_x509_crt_fmt_t format); |
462 | int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, | 427 | int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, |
463 | gnutls_x509_crt_fmt_t format, | 428 | gnutls_x509_crt_fmt_t format, |
464 | void *output_data, | 429 | void *output_data, size_t * output_data_size); |
465 | size_t * output_data_size); | 430 | |
466 | 431 | int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); | |
467 | int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7); | 432 | int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, |
468 | int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, | 433 | int indx, |
469 | int indx, | 434 | void *certificate, size_t * certificate_size); |
470 | void *certificate, | 435 | |
471 | size_t * certificate_size); | 436 | int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, |
472 | 437 | const gnutls_datum_t * crt); | |
473 | int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, | 438 | int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); |
474 | const gnutls_datum_t * crt); | 439 | int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); |
475 | int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, | 440 | |
476 | gnutls_x509_crt_t crt); | 441 | int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, |
477 | int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, | 442 | int indx, void *crl, size_t * crl_size); |
478 | int indx); | 443 | int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); |
479 | 444 | ||
480 | int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, | 445 | int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, |
481 | int indx, | 446 | const gnutls_datum_t * crt); |
482 | void *crl, | 447 | int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); |
483 | size_t * crl_size); | 448 | int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); |
484 | int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7); | ||
485 | |||
486 | int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, | ||
487 | const gnutls_datum_t * crt); | ||
488 | int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, | ||
489 | gnutls_x509_crl_t crl); | ||
490 | int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, | ||
491 | int indx); | ||
492 | 449 | ||
493 | /* X.509 Certificate verification functions. | 450 | /* X.509 Certificate verification functions. |
494 | */ | 451 | */ |
495 | typedef enum gnutls_certificate_verify_flags | 452 | typedef enum gnutls_certificate_verify_flags |
496 | { | 453 | { |
497 | /* If set a signer does not have to be a certificate authority. This | 454 | /* If set a signer does not have to be a certificate authority. This |
498 | * flag should normaly be disabled, unless you know what this means. | 455 | * flag should normaly be disabled, unless you know what this means. |
@@ -527,58 +484,53 @@ typedef enum gnutls_certificate_verify_flags | |||
527 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 | 484 | GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32 |
528 | } gnutls_certificate_verify_flags; | 485 | } gnutls_certificate_verify_flags; |
529 | 486 | ||
530 | int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, | 487 | int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, |
531 | gnutls_x509_crt_t issuer); | 488 | gnutls_x509_crt_t issuer); |
532 | 489 | ||
533 | int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, | 490 | int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, |
534 | int cert_list_length, | 491 | int cert_list_length, |
535 | const gnutls_x509_crt_t * CA_list, | 492 | const gnutls_x509_crt_t * CA_list, |
536 | int CA_list_length, | 493 | int CA_list_length, |
537 | const gnutls_x509_crl_t * CRL_list, | 494 | const gnutls_x509_crl_t * CRL_list, |
538 | int CRL_list_length, | 495 | int CRL_list_length, |
539 | unsigned int flags, | 496 | unsigned int flags, unsigned int *verify); |
540 | unsigned int *verify); | 497 | |
541 | 498 | int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, | |
542 | int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, | 499 | const gnutls_x509_crt_t * CA_list, |
543 | const gnutls_x509_crt_t * CA_list, | 500 | int CA_list_length, |
544 | int CA_list_length, | 501 | unsigned int flags, unsigned int *verify); |
545 | unsigned int flags, | 502 | int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, |
546 | unsigned int *verify); | 503 | const gnutls_x509_crt_t * CA_list, |
547 | int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, | 504 | int CA_list_length, |
548 | const gnutls_x509_crt_t * CA_list, | 505 | unsigned int flags, unsigned int *verify); |
549 | int CA_list_length, | 506 | |
550 | unsigned int flags, | 507 | int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, |
551 | unsigned int *verify); | 508 | const gnutls_x509_crl_t * |
552 | 509 | crl_list, int crl_list_length); | |
553 | int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, | 510 | |
554 | const gnutls_x509_crl_t * | 511 | int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, |
555 | crl_list, | 512 | enum MHD_GNUTLS_HashAlgorithm algo, |
556 | int crl_list_length); | 513 | void *buf, size_t * sizeof_buf); |
557 | 514 | ||
558 | int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, | 515 | int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, |
559 | enum MHD_GNUTLS_HashAlgorithm algo, | 516 | int indx, |
560 | void *buf, | 517 | void *oid, |
561 | size_t * sizeof_buf); | 518 | size_t * sizeof_oid, |
562 | 519 | unsigned int *critical); | |
563 | int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, | 520 | int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, |
564 | int indx, | 521 | const void *oid, |
565 | void *oid, | 522 | unsigned int critical); |
566 | size_t * sizeof_oid, | ||
567 | unsigned int *critical); | ||
568 | int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, | ||
569 | const void *oid, | ||
570 | unsigned int critical); | ||
571 | 523 | ||
572 | /* Private key handling. | 524 | /* Private key handling. |
573 | */ | 525 | */ |
574 | 526 | ||
575 | /* Flags for the gnutls_x509_privkey_export_pkcs8() function. | 527 | /* Flags for the gnutls_x509_privkey_export_pkcs8() function. |
576 | */ | 528 | */ |
577 | typedef enum gnutls_pkcs_encrypt_flags_t | 529 | typedef enum gnutls_pkcs_encrypt_flags_t |
578 | { | 530 | { |
579 | GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not | 531 | GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not |
580 | * be encrypted. | 532 | * be encrypted. |
581 | */ | 533 | */ |
582 | GNUTLS_PKCS_USE_PKCS12_3DES = 2, | 534 | GNUTLS_PKCS_USE_PKCS12_3DES = 2, |
583 | GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, | 535 | GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, |
584 | GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, | 536 | GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, |
@@ -590,154 +542,143 @@ typedef enum gnutls_pkcs_encrypt_flags_t | |||
590 | #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR | 542 | #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR |
591 | #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 | 543 | #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 |
592 | 544 | ||
593 | int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); | 545 | int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); |
594 | void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); | 546 | void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); |
595 | int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, | 547 | int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, |
596 | gnutls_x509_privkey_t src); | 548 | gnutls_x509_privkey_t src); |
597 | int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, | 549 | int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, |
598 | const gnutls_datum_t * data, | 550 | const gnutls_datum_t * data, |
599 | gnutls_x509_crt_fmt_t format); | 551 | gnutls_x509_crt_fmt_t format); |
600 | int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, | 552 | int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, |
601 | const gnutls_datum_t * data, | 553 | const gnutls_datum_t * data, |
602 | gnutls_x509_crt_fmt_t format, | 554 | gnutls_x509_crt_fmt_t format, |
603 | const char *pass, | 555 | const char *pass, unsigned int flags); |
604 | unsigned int flags); | 556 | int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, |
605 | int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, | 557 | const gnutls_datum_t * m, |
606 | const gnutls_datum_t * m, | 558 | const gnutls_datum_t * e, |
607 | const gnutls_datum_t * e, | 559 | const gnutls_datum_t * d, |
608 | const gnutls_datum_t * d, | 560 | const gnutls_datum_t * p, |
609 | const gnutls_datum_t * p, | 561 | const gnutls_datum_t * q, |
610 | const gnutls_datum_t * q, | 562 | const gnutls_datum_t * u); |
611 | const gnutls_datum_t * u); | 563 | int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); |
612 | int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); | 564 | |
613 | 565 | int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, | |
614 | int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, | 566 | gnutls_datum_t * p, |
615 | gnutls_datum_t * p, | 567 | gnutls_datum_t * q, |
616 | gnutls_datum_t * q, | 568 | gnutls_datum_t * g, |
617 | gnutls_datum_t * g, | 569 | gnutls_datum_t * y, |
618 | gnutls_datum_t * y, | 570 | gnutls_datum_t * x); |
619 | gnutls_datum_t * x); | 571 | int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, |
620 | int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, | 572 | const gnutls_datum_t * p, |
621 | const gnutls_datum_t * p, | 573 | const gnutls_datum_t * q, |
622 | const gnutls_datum_t * q, | 574 | const gnutls_datum_t * g, |
623 | const gnutls_datum_t * g, | 575 | const gnutls_datum_t * y, |
624 | const gnutls_datum_t * y, | 576 | const gnutls_datum_t * x); |
625 | const gnutls_datum_t * x); | 577 | |
626 | 578 | int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); | |
627 | int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); | 579 | int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, |
628 | int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, | 580 | unsigned int flags, |
629 | unsigned int flags, | 581 | unsigned char *output_data, |
630 | unsigned char *output_data, | 582 | size_t * output_data_size); |
631 | size_t * output_data_size); | 583 | |
632 | 584 | int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, | |
633 | int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, | 585 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
634 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 586 | unsigned int bits, unsigned int flags); |
635 | unsigned int bits, | 587 | |
636 | unsigned int flags); | 588 | int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, |
637 | 589 | gnutls_x509_crt_fmt_t format, | |
638 | int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, | 590 | void *output_data, |
639 | gnutls_x509_crt_fmt_t format, | 591 | size_t * output_data_size); |
640 | void *output_data, | 592 | int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, |
641 | size_t * output_data_size); | 593 | gnutls_x509_crt_fmt_t format, |
642 | int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, | 594 | const char *password, |
643 | gnutls_x509_crt_fmt_t format, | 595 | unsigned int flags, |
644 | const char *password, | 596 | void *output_data, |
645 | unsigned int flags, | 597 | size_t * output_data_size); |
646 | void *output_data, | 598 | int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, |
647 | size_t * output_data_size); | 599 | gnutls_datum_t * m, |
648 | int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, | 600 | gnutls_datum_t * e, |
649 | gnutls_datum_t * m, | 601 | gnutls_datum_t * d, |
650 | gnutls_datum_t * e, | 602 | gnutls_datum_t * p, |
651 | gnutls_datum_t * d, | 603 | gnutls_datum_t * q, |
652 | gnutls_datum_t * p, | 604 | gnutls_datum_t * u); |
653 | gnutls_datum_t * q, | ||
654 | gnutls_datum_t * u); | ||
655 | 605 | ||
656 | /* Signing stuff. | 606 | /* Signing stuff. |
657 | */ | 607 | */ |
658 | int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, | 608 | int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, |
659 | enum MHD_GNUTLS_HashAlgorithm digest, | 609 | enum MHD_GNUTLS_HashAlgorithm digest, |
660 | unsigned int flags, | 610 | unsigned int flags, |
661 | const gnutls_datum_t * data, | 611 | const gnutls_datum_t * data, |
662 | void *signature, | 612 | void *signature, |
663 | size_t * signature_size); | 613 | size_t * signature_size); |
664 | int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, | 614 | int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, |
665 | unsigned int flags, | 615 | unsigned int flags, |
666 | const gnutls_datum_t * data, | 616 | const gnutls_datum_t * data, |
667 | const gnutls_datum_t * signature); | 617 | const gnutls_datum_t * signature); |
668 | int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, | 618 | int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, |
669 | unsigned int flags, | 619 | unsigned int flags, |
670 | const gnutls_datum_t * data, | 620 | const gnutls_datum_t * data, |
671 | const gnutls_datum_t * signature); | 621 | const gnutls_datum_t * signature); |
672 | 622 | ||
673 | int gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, | 623 | int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, |
674 | const gnutls_datum_t * hash, | 624 | const gnutls_datum_t * hash, |
675 | gnutls_datum_t * signature); | 625 | gnutls_datum_t * signature); |
676 | 626 | ||
677 | /* Certificate request stuff. | 627 | /* Certificate request stuff. |
678 | */ | 628 | */ |
679 | struct gnutls_x509_crq_int; | 629 | struct gnutls_x509_crq_int; |
680 | typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; | 630 | typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; |
681 | 631 | ||
682 | int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); | 632 | int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); |
683 | void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); | 633 | void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); |
684 | int gnutls_x509_crq_import(gnutls_x509_crq_t crq, | 634 | int gnutls_x509_crq_import (gnutls_x509_crq_t crq, |
685 | const gnutls_datum_t * data, | 635 | const gnutls_datum_t * data, |
686 | gnutls_x509_crt_fmt_t format); | 636 | gnutls_x509_crt_fmt_t format); |
687 | int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, | 637 | int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, |
688 | unsigned int *bits); | 638 | unsigned int *bits); |
689 | int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, | 639 | int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, |
690 | char *buf, | 640 | char *buf, size_t * sizeof_buf); |
691 | size_t * sizeof_buf); | 641 | int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, |
692 | int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, | 642 | int indx, void *oid, size_t * sizeof_oid); |
693 | int indx, | 643 | int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, |
694 | void *oid, | 644 | const char *oid, |
695 | size_t * sizeof_oid); | 645 | int indx, |
696 | int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, | 646 | unsigned int raw_flag, |
697 | const char *oid, | 647 | void *buf, size_t * sizeof_buf); |
698 | int indx, | 648 | int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, |
699 | unsigned int raw_flag, | 649 | const char *oid, |
700 | void *buf, | 650 | unsigned int raw_flag, |
701 | size_t * sizeof_buf); | 651 | const void *name, |
702 | int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, | 652 | unsigned int sizeof_name); |
703 | const char *oid, | 653 | int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, |
704 | unsigned int raw_flag, | 654 | unsigned int version); |
705 | const void *name, | 655 | int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, |
706 | unsigned int sizeof_name); | 656 | gnutls_x509_privkey_t key); |
707 | int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, | 657 | int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, |
708 | unsigned int version); | 658 | gnutls_x509_privkey_t key, |
709 | int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, | 659 | enum MHD_GNUTLS_HashAlgorithm, |
710 | gnutls_x509_privkey_t key); | 660 | unsigned int flags); |
711 | int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, | 661 | int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); |
712 | gnutls_x509_privkey_t key, | 662 | |
713 | enum MHD_GNUTLS_HashAlgorithm, | 663 | int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, |
714 | unsigned int flags); | 664 | const char *pass); |
715 | int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, | 665 | int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, |
716 | gnutls_x509_privkey_t key); | 666 | char *pass, |
717 | 667 | size_t * sizeof_pass); | |
718 | int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, | 668 | |
719 | const char *pass); | 669 | int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, |
720 | int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, | 670 | const char *oid, |
721 | char *pass, | 671 | void *buf, size_t sizeof_buf); |
722 | size_t * sizeof_pass); | 672 | int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, |
723 | 673 | const char *oid, | |
724 | int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, | 674 | int indx, |
725 | const char *oid, | 675 | void *buf, size_t * sizeof_buf); |
726 | void *buf, | 676 | |
727 | size_t sizeof_buf); | 677 | int gnutls_x509_crq_export (gnutls_x509_crq_t crq, |
728 | int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, | 678 | gnutls_x509_crt_fmt_t format, |
729 | const char *oid, | 679 | void *output_data, size_t * output_data_size); |
730 | int indx, | 680 | |
731 | void *buf, | 681 | int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); |
732 | size_t * sizeof_buf); | ||
733 | |||
734 | int gnutls_x509_crq_export(gnutls_x509_crq_t crq, | ||
735 | gnutls_x509_crt_fmt_t format, | ||
736 | void *output_data, | ||
737 | size_t * output_data_size); | ||
738 | |||
739 | int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, | ||
740 | gnutls_x509_crq_t crq); | ||
741 | 682 | ||
742 | #ifdef __cplusplus | 683 | #ifdef __cplusplus |
743 | } | 684 | } |
@@ -752,17 +693,17 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, | |||
752 | #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" | 693 | #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3" |
753 | 694 | ||
754 | typedef struct gnutls_x509_crl_int | 695 | typedef struct gnutls_x509_crl_int |
755 | { | 696 | { |
756 | ASN1_TYPE crl; | 697 | ASN1_TYPE crl; |
757 | } gnutls_x509_crl_int; | 698 | } gnutls_x509_crl_int; |
758 | 699 | ||
759 | typedef struct gnutls_x509_crt_int | 700 | typedef struct gnutls_x509_crt_int |
760 | { | 701 | { |
761 | ASN1_TYPE cert; | 702 | ASN1_TYPE cert; |
762 | int use_extensions; | 703 | int use_extensions; |
763 | } gnutls_x509_crt_int; | 704 | } gnutls_x509_crt_int; |
764 | 705 | ||
765 | #define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ | 706 | #define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ |
766 | 707 | ||
767 | /* parameters should not be larger than this limit */ | 708 | /* parameters should not be larger than this limit */ |
768 | #define DSA_PRIVATE_PARAMS 5 | 709 | #define DSA_PRIVATE_PARAMS 5 |
@@ -779,140 +720,130 @@ typedef struct gnutls_x509_crt_int | |||
779 | #endif | 720 | #endif |
780 | 721 | ||
781 | typedef struct MHD_gtls_x509_privkey_int | 722 | typedef struct MHD_gtls_x509_privkey_int |
782 | { | 723 | { |
783 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public | 724 | mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public |
784 | * key algorithm | 725 | * key algorithm |
785 | */ | 726 | */ |
786 | /* | 727 | /* |
787 | * RSA: [0] is modulus | 728 | * RSA: [0] is modulus |
788 | * [1] is public exponent | 729 | * [1] is public exponent |
789 | * [2] is private exponent | 730 | * [2] is private exponent |
790 | * [3] is prime1 (p) | 731 | * [3] is prime1 (p) |
791 | * [4] is prime2 (q) | 732 | * [4] is prime2 (q) |
792 | * [5] is coefficient (u == inverse of p mod q) | 733 | * [5] is coefficient (u == inverse of p mod q) |
793 | * note that other packages used inverse of q mod p, | 734 | * note that other packages used inverse of q mod p, |
794 | * so we need to perform conversions. | 735 | * so we need to perform conversions. |
795 | * DSA: [0] is p | 736 | * DSA: [0] is p |
796 | * [1] is q | 737 | * [1] is q |
797 | * [2] is g | 738 | * [2] is g |
798 | * [3] is y (public key) | 739 | * [3] is y (public key) |
799 | * [4] is x (private key) | 740 | * [4] is x (private key) |
800 | */ | 741 | */ |
801 | int params_size; /* holds the number of params */ | 742 | int params_size; /* holds the number of params */ |
802 | 743 | ||
803 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; | 744 | enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm; |
804 | 745 | ||
805 | int crippled; /* The crippled keys will not use the ASN1_TYPE key. | 746 | int crippled; /* The crippled keys will not use the ASN1_TYPE key. |
806 | * The encoding will only be performed at the export | 747 | * The encoding will only be performed at the export |
807 | * phase, to optimize copying etc. Cannot be used with | 748 | * phase, to optimize copying etc. Cannot be used with |
808 | * the exported API (used internally only). | 749 | * the exported API (used internally only). |
809 | */ | 750 | */ |
810 | ASN1_TYPE key; | 751 | ASN1_TYPE key; |
811 | } gnutls_x509_privkey_int; | 752 | } gnutls_x509_privkey_int; |
812 | 753 | ||
813 | int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, | 754 | int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, |
814 | const char *oid, | 755 | const char *oid, |
815 | int indx, | 756 | int indx, |
816 | unsigned int raw_flag, | 757 | unsigned int raw_flag, |
817 | void *buf, | 758 | void *buf, size_t * sizeof_buf); |
818 | size_t * sizeof_buf); | 759 | int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, |
819 | int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, | 760 | unsigned int seq, |
820 | unsigned int seq, | 761 | void *ret, |
821 | void *ret, | 762 | size_t * ret_size, |
822 | size_t * ret_size, | 763 | unsigned int *critical); |
823 | unsigned int *critical); | 764 | int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, |
824 | int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, | 765 | const char *oid, |
825 | const char *oid, | ||
826 | int indx, | ||
827 | unsigned int raw_flag, | ||
828 | void *buf, | ||
829 | size_t * sizeof_buf); | ||
830 | int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, | ||
831 | unsigned int *critical); | ||
832 | int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, | ||
833 | unsigned int *bits); | ||
834 | |||
835 | int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, | ||
836 | gnutls_x509_crt_t src); | ||
837 | |||
838 | int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, | ||
839 | void *result, | ||
840 | size_t * result_size); | ||
841 | |||
842 | int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, | ||
843 | const gnutls_datum_t * dn2); | ||
844 | |||
845 | int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, | ||
846 | const gnutls_x509_crl_t * crl_list, | ||
847 | int crl_list_length); | ||
848 | |||
849 | int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, | ||
850 | gnutls_x509_crl_t src); | ||
851 | int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, | ||
852 | gnutls_datum_t * dn); | ||
853 | int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); | ||
854 | int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, | ||
855 | int indx, | 766 | int indx, |
856 | unsigned char *serial, | 767 | unsigned int raw_flag, |
857 | size_t * serial_size, | 768 | void *buf, size_t * sizeof_buf); |
858 | time_t * t); | 769 | int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, |
859 | 770 | unsigned int *critical); | |
860 | void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); | 771 | int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, |
861 | int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); | 772 | unsigned int *bits); |
862 | int gnutls_x509_crl_import(gnutls_x509_crl_t crl, | 773 | |
863 | const gnutls_datum_t * data, | 774 | int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src); |
864 | gnutls_x509_crt_fmt_t format); | 775 | |
865 | int gnutls_x509_crl_export(gnutls_x509_crl_t crl, | 776 | int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, |
866 | gnutls_x509_crt_fmt_t format, | 777 | void *result, size_t * result_size); |
867 | void *output_data, | 778 | |
868 | size_t * output_data_size); | 779 | int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, |
869 | 780 | const gnutls_datum_t * dn2); | |
870 | int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); | 781 | |
871 | void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); | 782 | int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, |
872 | int gnutls_x509_crt_import(gnutls_x509_crt_t cert, | 783 | const gnutls_x509_crl_t * crl_list, |
873 | const gnutls_datum_t * data, | 784 | int crl_list_length); |
874 | gnutls_x509_crt_fmt_t format); | 785 | |
875 | int gnutls_x509_crt_export(gnutls_x509_crt_t cert, | 786 | int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src); |
876 | gnutls_x509_crt_fmt_t format, | 787 | int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, |
877 | void *output_data, | 788 | gnutls_datum_t * dn); |
878 | size_t * output_data_size); | 789 | int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); |
879 | 790 | int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, | |
880 | int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, | 791 | int indx, |
881 | unsigned int *key_usage, | 792 | unsigned char *serial, |
882 | unsigned int *critical); | 793 | size_t * serial_size, time_t * t); |
883 | int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); | 794 | |
884 | int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); | 795 | void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); |
885 | 796 | int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); | |
886 | int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); | 797 | int gnutls_x509_crl_import (gnutls_x509_crl_t crl, |
887 | void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); | 798 | const gnutls_datum_t * data, |
888 | 799 | gnutls_x509_crt_fmt_t format); | |
889 | int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, | 800 | int gnutls_x509_crl_export (gnutls_x509_crl_t crl, |
890 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | 801 | gnutls_x509_crt_fmt_t format, |
891 | unsigned int bits, | 802 | void *output_data, size_t * output_data_size); |
892 | unsigned int flags); | 803 | |
893 | 804 | int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); | |
894 | int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, | 805 | void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); |
895 | const gnutls_datum_t * data, | 806 | int gnutls_x509_crt_import (gnutls_x509_crt_t cert, |
896 | gnutls_x509_crt_fmt_t format); | 807 | const gnutls_datum_t * data, |
897 | int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); | 808 | gnutls_x509_crt_fmt_t format); |
898 | int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, | 809 | int gnutls_x509_crt_export (gnutls_x509_crt_t cert, |
899 | const gnutls_datum_t * m, | 810 | gnutls_x509_crt_fmt_t format, |
900 | const gnutls_datum_t * e, | 811 | void *output_data, size_t * output_data_size); |
901 | const gnutls_datum_t * d, | 812 | |
902 | const gnutls_datum_t * p, | 813 | int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, |
903 | const gnutls_datum_t * q, | 814 | unsigned int *key_usage, |
904 | const gnutls_datum_t * u); | 815 | unsigned int *critical); |
905 | int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, | 816 | int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); |
906 | gnutls_datum_t * m, | 817 | int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); |
907 | gnutls_datum_t * e, | 818 | |
908 | gnutls_datum_t * d, | 819 | int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); |
909 | gnutls_datum_t * p, | 820 | void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); |
910 | gnutls_datum_t * q, | 821 | |
911 | gnutls_datum_t * u); | 822 | int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, |
912 | int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, | 823 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, |
913 | gnutls_x509_crt_fmt_t format, | 824 | unsigned int bits, unsigned int flags); |
914 | void *output_data, | 825 | |
915 | size_t * output_data_size); | 826 | int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, |
827 | const gnutls_datum_t * data, | ||
828 | gnutls_x509_crt_fmt_t format); | ||
829 | int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); | ||
830 | int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, | ||
831 | const gnutls_datum_t * m, | ||
832 | const gnutls_datum_t * e, | ||
833 | const gnutls_datum_t * d, | ||
834 | const gnutls_datum_t * p, | ||
835 | const gnutls_datum_t * q, | ||
836 | const gnutls_datum_t * u); | ||
837 | int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, | ||
838 | gnutls_datum_t * m, | ||
839 | gnutls_datum_t * e, | ||
840 | gnutls_datum_t * d, | ||
841 | gnutls_datum_t * p, | ||
842 | gnutls_datum_t * q, | ||
843 | gnutls_datum_t * u); | ||
844 | int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, | ||
845 | gnutls_x509_crt_fmt_t format, | ||
846 | void *output_data, size_t * output_data_size); | ||
916 | 847 | ||
917 | #define GNUTLS_CRL_REASON_UNUSED 128 | 848 | #define GNUTLS_CRL_REASON_UNUSED 128 |
918 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 | 849 | #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 |
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c index 5e58cffb..e890843d 100644 --- a/src/daemon/https/x509/x509_privkey.c +++ b/src/daemon/https/x509/x509_privkey.c | |||
@@ -446,7 +446,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, | |||
446 | * | 446 | * |
447 | * This function will convert the given RSA raw parameters | 447 | * This function will convert the given RSA raw parameters |
448 | * to the native gnutls_x509_privkey_t format. The output will be stored in @key. | 448 | * to the native gnutls_x509_privkey_t format. The output will be stored in @key. |
449 | * | 449 | * |
450 | **/ | 450 | **/ |
451 | int | 451 | int |
452 | gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, | 452 | gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, |
@@ -646,7 +646,7 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, | |||
646 | * This function will export the RSA private key's parameters found in the given | 646 | * This function will export the RSA private key's parameters found in the given |
647 | * structure. The new parameters will be allocated using | 647 | * structure. The new parameters will be allocated using |
648 | * gnutls_malloc() and will be stored in the appropriate datum. | 648 | * gnutls_malloc() and will be stored in the appropriate datum. |
649 | * | 649 | * |
650 | **/ | 650 | **/ |
651 | int | 651 | int |
652 | gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, | 652 | gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, |
@@ -760,7 +760,7 @@ error:_gnutls_free_datum (m); | |||
760 | * This function will export the DSA private key's parameters found in the given | 760 | * This function will export the DSA private key's parameters found in the given |
761 | * structure. The new parameters will be allocated using | 761 | * structure. The new parameters will be allocated using |
762 | * gnutls_malloc() and will be stored in the appropriate datum. | 762 | * gnutls_malloc() and will be stored in the appropriate datum. |
763 | * | 763 | * |
764 | **/ | 764 | **/ |
765 | int | 765 | int |
766 | gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, | 766 | gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, |
@@ -960,7 +960,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) | |||
960 | goto cleanup; | 960 | goto cleanup; |
961 | } | 961 | } |
962 | 962 | ||
963 | /* Write PRIME | 963 | /* Write PRIME |
964 | */ | 964 | */ |
965 | if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) | 965 | if ((result = asn1_write_value (*c2, "modulus", m_data, size[0])) |
966 | != ASN1_SUCCESS) | 966 | != ASN1_SUCCESS) |
@@ -1120,7 +1120,7 @@ _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) | |||
1120 | goto cleanup; | 1120 | goto cleanup; |
1121 | } | 1121 | } |
1122 | 1122 | ||
1123 | /* Write PRIME | 1123 | /* Write PRIME |
1124 | */ | 1124 | */ |
1125 | if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) | 1125 | if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) |
1126 | { | 1126 | { |
@@ -1183,7 +1183,7 @@ cleanup:asn1_delete_structure (c2); | |||
1183 | * @flags: unused for now. Must be 0. | 1183 | * @flags: unused for now. Must be 0. |
1184 | * | 1184 | * |
1185 | * This function will generate a random private key. Note that | 1185 | * This function will generate a random private key. Note that |
1186 | * this function must be called on an empty private key. | 1186 | * this function must be called on an empty private key. |
1187 | * | 1187 | * |
1188 | * Returns 0 on success or a negative value on error. | 1188 | * Returns 0 on success or a negative value on error. |
1189 | * | 1189 | * |
@@ -1409,7 +1409,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, | |||
1409 | } | 1409 | } |
1410 | 1410 | ||
1411 | result = mhd_gtls_sign (key->pk_algorithm, key->params, | 1411 | result = mhd_gtls_sign (key->pk_algorithm, key->params, |
1412 | key->params_size, hash, signature); | 1412 | key->params_size, hash, signature); |
1413 | if (result < 0) | 1413 | if (result < 0) |
1414 | { | 1414 | { |
1415 | gnutls_assert (); | 1415 | gnutls_assert (); |
diff --git a/src/daemon/https/x509/x509_verify.c b/src/daemon/https/x509/x509_verify.c index 646bdf10..e9d784ce 100644 --- a/src/daemon/https/x509/x509_verify.c +++ b/src/daemon/https/x509/x509_verify.c | |||
@@ -201,7 +201,7 @@ find_issuer (gnutls_x509_crt_t cert, | |||
201 | { | 201 | { |
202 | int i; | 202 | int i; |
203 | 203 | ||
204 | /* this is serial search. | 204 | /* this is serial search. |
205 | */ | 205 | */ |
206 | 206 | ||
207 | for (i = 0; i < tcas_size; i++) | 207 | for (i = 0; i < tcas_size; i++) |
@@ -214,11 +214,11 @@ find_issuer (gnutls_x509_crt_t cert, | |||
214 | return NULL; | 214 | return NULL; |
215 | } | 215 | } |
216 | 216 | ||
217 | /* | 217 | /* |
218 | * Verifies the given certificate again a certificate list of | 218 | * Verifies the given certificate again a certificate list of |
219 | * trusted CAs. | 219 | * trusted CAs. |
220 | * | 220 | * |
221 | * Returns only 0 or 1. If 1 it means that the certificate | 221 | * Returns only 0 or 1. If 1 it means that the certificate |
222 | * was successfuly verified. | 222 | * was successfuly verified. |
223 | * | 223 | * |
224 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. | 224 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. |
@@ -435,7 +435,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, | |||
435 | clist_size--; | 435 | clist_size--; |
436 | } | 436 | } |
437 | 437 | ||
438 | /* Verify the certificate path (chain) | 438 | /* Verify the certificate path (chain) |
439 | */ | 439 | */ |
440 | for (i = clist_size - 1; i > 0; i--) | 440 | for (i = clist_size - 1; i > 0; i--) |
441 | { | 441 | { |
@@ -465,7 +465,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, | |||
465 | */ | 465 | */ |
466 | static int | 466 | static int |
467 | decode_ber_digest_info (const gnutls_datum_t * info, | 467 | decode_ber_digest_info (const gnutls_datum_t * info, |
468 | enum MHD_GNUTLS_HashAlgorithm * hash, | 468 | enum MHD_GNUTLS_HashAlgorithm *hash, |
469 | opaque * digest, int *digest_size) | 469 | opaque * digest, int *digest_size) |
470 | { | 470 | { |
471 | ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; | 471 | ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; |
@@ -664,7 +664,7 @@ verify_sig (const gnutls_datum_t * tbs, | |||
664 | 664 | ||
665 | /* verifies if the certificate is properly signed. | 665 | /* verifies if the certificate is properly signed. |
666 | * returns 0 on failure and 1 on success. | 666 | * returns 0 on failure and 1 on success. |
667 | * | 667 | * |
668 | * 'tbs' is the signed data | 668 | * 'tbs' is the signed data |
669 | * 'signature' is the signature! | 669 | * 'signature' is the signature! |
670 | */ | 670 | */ |
@@ -707,7 +707,7 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, | |||
707 | 707 | ||
708 | /* verifies if the certificate is properly signed. | 708 | /* verifies if the certificate is properly signed. |
709 | * returns 0 on failure and 1 on success. | 709 | * returns 0 on failure and 1 on success. |
710 | * | 710 | * |
711 | * 'tbs' is the signed data | 711 | * 'tbs' is the signed data |
712 | * 'signature' is the signature! | 712 | * 'signature' is the signature! |
713 | */ | 713 | */ |
@@ -743,12 +743,12 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, | |||
743 | * Note that expiration and activation dates are not checked | 743 | * Note that expiration and activation dates are not checked |
744 | * by this function, you should check them using the appropriate functions. | 744 | * by this function, you should check them using the appropriate functions. |
745 | * | 745 | * |
746 | * If no flags are specified (0), this function will use the | 746 | * If no flags are specified (0), this function will use the |
747 | * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate | 747 | * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate |
748 | * authority is allowed to sign a certificate. | 748 | * authority is allowed to sign a certificate. |
749 | * | 749 | * |
750 | * You must also check the peer's name in order to check if the verified | 750 | * You must also check the peer's name in order to check if the verified |
751 | * certificate belongs to the actual peer. | 751 | * certificate belongs to the actual peer. |
752 | * | 752 | * |
753 | * The certificate verification output will be put in @verify and will be | 753 | * The certificate verification output will be put in @verify and will be |
754 | * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. | 754 | * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. |
@@ -774,7 +774,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, | |||
774 | if (cert_list == NULL || cert_list_length == 0) | 774 | if (cert_list == NULL || cert_list_length == 0) |
775 | return GNUTLS_E_NO_CERTIFICATE_FOUND; | 775 | return GNUTLS_E_NO_CERTIFICATE_FOUND; |
776 | 776 | ||
777 | /* Verify certificate | 777 | /* Verify certificate |
778 | */ | 778 | */ |
779 | *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, | 779 | *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, |
780 | CA_list, CA_list_length, | 780 | CA_list, CA_list_length, |
@@ -792,7 +792,7 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, | |||
792 | * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. | 792 | * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. |
793 | * @verify: will hold the certificate verification output. | 793 | * @verify: will hold the certificate verification output. |
794 | * | 794 | * |
795 | * This function will try to verify the given certificate and return its status. | 795 | * This function will try to verify the given certificate and return its status. |
796 | * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. | 796 | * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. |
797 | * | 797 | * |
798 | * Returns 0 on success and a negative value in case of an error. | 798 | * Returns 0 on success and a negative value in case of an error. |
@@ -805,7 +805,7 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert, | |||
805 | unsigned int flags, unsigned int *verify) | 805 | unsigned int flags, unsigned int *verify) |
806 | { | 806 | { |
807 | int ret; | 807 | int ret; |
808 | /* Verify certificate | 808 | /* Verify certificate |
809 | */ | 809 | */ |
810 | ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, | 810 | ret = _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, |
811 | verify); | 811 | verify); |
@@ -861,7 +861,7 @@ gnutls_x509_crl_verify (gnutls_x509_crl_t crl, | |||
861 | unsigned int *verify) | 861 | unsigned int *verify) |
862 | { | 862 | { |
863 | int ret; | 863 | int ret; |
864 | /* Verify crl | 864 | /* Verify crl |
865 | */ | 865 | */ |
866 | ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); | 866 | ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); |
867 | if (ret < 0) | 867 | if (ret < 0) |
@@ -912,7 +912,7 @@ find_crl_issuer (gnutls_x509_crl_t crl, | |||
912 | { | 912 | { |
913 | int i; | 913 | int i; |
914 | 914 | ||
915 | /* this is serial search. | 915 | /* this is serial search. |
916 | */ | 916 | */ |
917 | 917 | ||
918 | for (i = 0; i < tcas_size; i++) | 918 | for (i = 0; i < tcas_size; i++) |
@@ -925,14 +925,14 @@ find_crl_issuer (gnutls_x509_crl_t crl, | |||
925 | return NULL; | 925 | return NULL; |
926 | } | 926 | } |
927 | 927 | ||
928 | /* | 928 | /* |
929 | * Returns only 0 or 1. If 1 it means that the CRL | 929 | * Returns only 0 or 1. If 1 it means that the CRL |
930 | * was successfuly verified. | 930 | * was successfuly verified. |
931 | * | 931 | * |
932 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. | 932 | * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. |
933 | * | 933 | * |
934 | * Output will hold information about the verification | 934 | * Output will hold information about the verification |
935 | * procedure. | 935 | * procedure. |
936 | */ | 936 | */ |
937 | static int | 937 | static int |
938 | _gnutls_verify_crl2 (gnutls_x509_crl_t crl, | 938 | _gnutls_verify_crl2 (gnutls_x509_crl_t crl, |
diff --git a/src/daemon/https/x509/x509_write.c b/src/daemon/https/x509/x509_write.c index 944b863c..342e117d 100644 --- a/src/daemon/https/x509/x509_write.c +++ b/src/daemon/https/x509/x509_write.c | |||
@@ -118,7 +118,7 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, | |||
118 | } | 118 | } |
119 | 119 | ||
120 | /** | 120 | /** |
121 | * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name | 121 | * gnutls_x509_crt_set_proxy_dn - Set Proxy Certificate subject's distinguished name |
122 | * @crt: a gnutls_x509_crt_t structure with the new proxy cert | 122 | * @crt: a gnutls_x509_crt_t structure with the new proxy cert |
123 | * @eecrt: the end entity certificate that will be issuing the proxy | 123 | * @eecrt: the end entity certificate that will be issuing the proxy |
124 | * @raw_flag: must be 0, or 1 if the CN is DER encoded | 124 | * @raw_flag: must be 0, or 1 if the CN is DER encoded |
@@ -407,7 +407,7 @@ gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca) | |||
407 | * @crt: should contain a gnutls_x509_crt_t structure | 407 | * @crt: should contain a gnutls_x509_crt_t structure |
408 | * @usage: an ORed sequence of the GNUTLS_KEY_* elements. | 408 | * @usage: an ORed sequence of the GNUTLS_KEY_* elements. |
409 | * | 409 | * |
410 | * This function will set the keyUsage certificate extension. | 410 | * This function will set the keyUsage certificate extension. |
411 | * | 411 | * |
412 | * Returns 0 on success. | 412 | * Returns 0 on success. |
413 | * | 413 | * |
@@ -454,7 +454,7 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) | |||
454 | * @type: is one of the gnutls_x509_subject_alt_name_t enumerations | 454 | * @type: is one of the gnutls_x509_subject_alt_name_t enumerations |
455 | * @data_string: The data to be set | 455 | * @data_string: The data to be set |
456 | * | 456 | * |
457 | * This function will set the subject alternative name certificate extension. | 457 | * This function will set the subject alternative name certificate extension. |
458 | * | 458 | * |
459 | * Returns 0 on success. | 459 | * Returns 0 on success. |
460 | * | 460 | * |
@@ -520,7 +520,7 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, | |||
520 | * and negative values indicate that the pathLenConstraints field should | 520 | * and negative values indicate that the pathLenConstraints field should |
521 | * not be present. | 521 | * not be present. |
522 | * @policyLanguage: OID describing the language of @policy. | 522 | * @policyLanguage: OID describing the language of @policy. |
523 | * @policy: opaque byte array with policy language, can be %NULL | 523 | * @policy: opaque byte array with policy language, can be %NULL |
524 | * @sizeof_policy: size of @policy. | 524 | * @sizeof_policy: size of @policy. |
525 | * | 525 | * |
526 | * This function will set the proxyCertInfo extension. | 526 | * This function will set the proxyCertInfo extension. |
@@ -688,10 +688,10 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time) | |||
688 | * @serial: The serial number | 688 | * @serial: The serial number |
689 | * @serial_size: Holds the size of the serial field. | 689 | * @serial_size: Holds the size of the serial field. |
690 | * | 690 | * |
691 | * This function will set the X.509 certificate's serial number. | 691 | * This function will set the X.509 certificate's serial number. |
692 | * Serial is not always a 32 or 64bit number. Some CAs use | 692 | * Serial is not always a 32 or 64bit number. Some CAs use |
693 | * large serial numbers, thus it may be wise to handle it as something | 693 | * large serial numbers, thus it may be wise to handle it as something |
694 | * opaque. | 694 | * opaque. |
695 | * | 695 | * |
696 | * Returns 0 on success, or a negative value in case of an error. | 696 | * Returns 0 on success, or a negative value in case of an error. |
697 | * | 697 | * |
@@ -748,7 +748,7 @@ disable_optional_stuff (gnutls_x509_crt_t cert) | |||
748 | * @data_string: The data to be set | 748 | * @data_string: The data to be set |
749 | * @reason_flags: revocation reasons | 749 | * @reason_flags: revocation reasons |
750 | * | 750 | * |
751 | * This function will set the CRL distribution points certificate extension. | 751 | * This function will set the CRL distribution points certificate extension. |
752 | * | 752 | * |
753 | * Returns 0 on success. | 753 | * Returns 0 on success. |
754 | * | 754 | * |
@@ -814,7 +814,7 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, | |||
814 | * @dst: should contain a gnutls_x509_crt_t structure | 814 | * @dst: should contain a gnutls_x509_crt_t structure |
815 | * @src: the certificate where the dist points will be copied from | 815 | * @src: the certificate where the dist points will be copied from |
816 | * | 816 | * |
817 | * This function will copy the CRL distribution points certificate | 817 | * This function will copy the CRL distribution points certificate |
818 | * extension, from the source to the destination certificate. | 818 | * extension, from the source to the destination certificate. |
819 | * This may be useful to copy from a CA certificate to issued ones. | 819 | * This may be useful to copy from a CA certificate to issued ones. |
820 | * | 820 | * |