summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2003-12-20 20:22:03 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2003-12-20 20:22:03 +0000
commita9695a236fae0048af2b3f9934251bbed88cc37e (patch)
tree805a15570fd3b99e014ccb08936d35839a275114
parent8a56fad939f4cdebacc681bf3bc0df23568b4969 (diff)
downloadgnutls-a9695a236fae0048af2b3f9934251bbed88cc37e.tar.gz
several cleanups.
Diffstat
-rw-r--r--includes/gnutls/openpgp.h9
-rw-r--r--lib/Makefile.am2
-rw-r--r--lib/auth_cert.c83
-rw-r--r--lib/auth_dhe.c4
-rw-r--r--lib/auth_rsa.c6
-rw-r--r--lib/auth_rsa_export.c12
-rw-r--r--lib/gnutls_cert.c33
-rw-r--r--lib/gnutls_cert.h14
-rw-r--r--lib/gnutls_x509.c18
-rw-r--r--lib/gnutls_x509.h4
-rw-r--r--lib/x509/common.c3
-rw-r--r--lib/x509/mpi.c4
-rw-r--r--lib/x509/rfc2818_hostname.c72
-rw-r--r--libextra/Makefile.am2
-rw-r--r--libextra/auth_srp_rsa.c36
-rw-r--r--libextra/gnutls_extra.c20
-rw-r--r--libextra/gnutls_extra.h11
-rw-r--r--libextra/gnutls_openpgp.c39
-rw-r--r--libextra/openpgp/gnutls_openpgp.h7
-rw-r--r--libextra/openpgp/openpgp.h4
-rw-r--r--libextra/openpgp/privkey.c16
21 files changed, 159 insertions, 240 deletions
diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h
index 8778213bdd..c836a8f3f5 100644
--- a/includes/gnutls/openpgp.h
+++ b/includes/gnutls/openpgp.h
@@ -32,11 +32,8 @@ extern "C" {
#include <gnutls/gnutls.h>
-struct gnutls_openpgp_key_int; /* object to hold (parsed) openpgp keys */
-typedef struct gnutls_openpgp_key_int* gnutls_openpgp_key;
-
-struct gnutls_openpgp_privkey_int; /* object to hold (parsed) openpgp private keys */
-typedef struct gnutls_openpgp_privkey_int* gnutls_openpgp_privkey;
+/* gnutls_openpgp_key should be defined in gnutls.h
+ */
typedef enum gnutls_openpgp_key_fmt { GNUTLS_OPENPGP_FMT_RAW,
GNUTLS_OPENPGP_FMT_BASE64 } gnutls_openpgp_key_fmt;
@@ -122,7 +119,7 @@ int gnutls_openpgp_key_verify_trustdb(
/* certificate authentication stuff.
*/
int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res,
- gnutls_openpgp_key key, gnutls_openpgp_privkey pkey)
+ gnutls_openpgp_key key, gnutls_openpgp_privkey pkey);
#ifdef __cplusplus
}
diff --git a/lib/Makefile.am b/lib/Makefile.am
index e72c605a76..ef1f5e3a25 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -46,7 +46,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \
gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \
gnutls_rsa_export.c auth_rsa_export.c \
ext_server_name.c auth_dh_common.c \
- dh_compat.c rsa_compat.c strnstr.c
+ strnstr.c
# Separate so we can create the documentation
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 20a95a31be..049c2e3e63 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -398,6 +398,8 @@ static int call_client_cert_callback(gnutls_session session,
}
+OPENPGP_KEY_DEINIT _E_gnutls_openpgp_key_deinit;
+OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit;
/* Calls the client get callback.
*/
static int call_get_cert_callback( gnutls_session session,
@@ -468,8 +470,14 @@ cleanup:
}
} else {
if (st.deinit_all_keys) {
- gnutls_openpgp_key_deinit(st.cert.pgp);
- gnutls_openpgp_privkey_deinit(st.key.pgp);
+ if (_E_gnutls_openpgp_key_deinit == NULL ||
+ _E_gnutls_openpgp_privkey_deinit == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INIT_LIBEXTRA;
+ }
+
+ _E_gnutls_openpgp_key_deinit(st.cert.pgp);
+ _E_gnutls_openpgp_privkey_deinit(st.key.pgp);
}
}
@@ -683,7 +691,7 @@ int _gnutls_gen_openpgp_certificate(gnutls_session session, opaque ** data)
OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint = NULL;
OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key = NULL;
-extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert;
+extern OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert;
int _gnutls_gen_openpgp_certificate_fpr(gnutls_session session,
opaque ** data)
@@ -788,7 +796,7 @@ int _gnutls_gen_cert_server_certificate(gnutls_session session,
/* Process server certificate
*/
-#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_cert_deinit(&peer_certificate_list[x])
+#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x])
int _gnutls_proc_x509_server_certificate(gnutls_session session,
opaque * data, size_t data_size)
{
@@ -882,7 +890,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session,
tmp.data = p;
if ((ret =
- _gnutls_x509_cert2gnutls_cert(&peer_certificate_list
+ _gnutls_x509_raw_cert_to_gcert(&peer_certificate_list
[j], &tmp,
CERT_ONLY_EXTENSIONS)) <
0) {
@@ -919,7 +927,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session,
}
-#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_cert_deinit(&peer_certificate_list[x])
+#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x])
int _gnutls_proc_openpgp_server_certificate(gnutls_session session,
opaque * data,
size_t data_size)
@@ -1044,14 +1052,14 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session,
memset(peer_certificate_list, 0, sizeof(gnutls_cert) *
peer_certificate_list_size);
- if (_E_gnutls_openpgp_cert2gnutls_cert == NULL) {
+ if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) {
gnutls_assert();
ret = GNUTLS_E_INIT_LIBEXTRA;
goto cleanup;
}
if ((ret =
- _E_gnutls_openpgp_cert2gnutls_cert(&peer_certificate_list[0],
+ _E_gnutls_openpgp_raw_key_to_gcert(&peer_certificate_list[0],
&tmp)) < 0) {
gnutls_assert();
goto cleanup;
@@ -1274,29 +1282,9 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session,
sig.data = pdata;
sig.size = size;
- switch (session->security_parameters.cert_type) {
- case GNUTLS_CRT_X509:
- ret =
- _gnutls_x509_cert2gnutls_cert(&peer_cert,
- &info->
- raw_certificate_list[0],
- CERT_NO_COPY);
- break;
- case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_cert2gnutls_cert == NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- ret =
- _E_gnutls_openpgp_cert2gnutls_cert(&peer_cert,
- &info->
- raw_certificate_list
- [0]);
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ ret = _gnutls_raw_cert_to_gcert( &peer_cert,
+ session->security_parameters.cert_type,
+ &info->raw_certificate_list[0], CERT_NO_COPY);
if (ret < 0) {
gnutls_assert();
@@ -1306,10 +1294,10 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session,
if ((ret =
_gnutls_verify_sig_hdata(session, &peer_cert, &sig)) < 0) {
gnutls_assert();
- _gnutls_cert_deinit(&peer_cert);
+ _gnutls_gcert_deinit(&peer_cert);
return ret;
}
- _gnutls_cert_deinit(&peer_cert);
+ _gnutls_gcert_deinit(&peer_cert);
return 0;
}
@@ -1426,7 +1414,7 @@ static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs,
}
for (i = 0; i < ncerts; i++) {
- ret = _gnutls_x509_crt2gnutls_cert(&local_certs[i],
+ ret = _gnutls_x509_crt_to_gcert(&local_certs[i],
certs[i], 0);
if (ret < 0)
break;
@@ -1435,7 +1423,7 @@ static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs,
if (ret < 0) {
gnutls_assert();
for (j = 0; j < i; j++) {
- _gnutls_cert_deinit(&local_certs[j]);
+ _gnutls_gcert_deinit(&local_certs[j]);
}
gnutls_free(local_certs);
return NULL;
@@ -1459,7 +1447,7 @@ static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey key)
}
ret =
- _gnutls_x509_privkey2gnutls_key(local_key, key);
+ _gnutls_x509_privkey_to_gkey(local_key, key);
if (ret < 0) {
gnutls_assert();
return NULL;
@@ -1469,7 +1457,8 @@ static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey key)
}
-
+OPENPGP_KEY_TO_GCERT _E_gnutls_openpgp_key_to_gcert;
+OPENPGP_PRIVKEY_TO_GKEY _E_gnutls_openpgp_privkey_to_gkey;
/* converts the given pgp certificate to gnutls_cert* and allocates
* space for them.
@@ -1486,7 +1475,12 @@ static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key cert)
return NULL;
}
- ret = _gnutls_openpgp_key2gnutls_cert(&local_certs[i], cert);
+ if (_E_gnutls_openpgp_key_to_gcert==NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
+ ret = _E_gnutls_openpgp_key_to_gcert(&local_certs[i], cert);
if (ret < 0) {
gnutls_assert();
return NULL;
@@ -1495,7 +1489,7 @@ static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key cert)
if (ret < 0) {
gnutls_assert();
for (j = 0; j < i; j++) {
- _gnutls_cert_deinit(&local_certs[j]);
+ _gnutls_gcert_deinit(&local_certs[j]);
}
gnutls_free(local_certs);
return NULL;
@@ -1518,8 +1512,13 @@ static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey key)
return NULL;
}
+ if (_E_gnutls_openpgp_privkey_to_gkey==NULL) {
+ gnutls_assert();
+ return NULL;
+ }
+
ret =
- _gnutls_openpgp_privkey2gnutls_key(local_key, key);
+ _E_gnutls_openpgp_privkey_to_gkey(local_key, key);
if (ret < 0) {
gnutls_assert();
return NULL;
@@ -1537,13 +1536,13 @@ void _gnutls_selected_certs_deinit(gnutls_session session)
for (i = 0;
i < session->internals.selected_cert_list_length;
i++) {
- _gnutls_cert_deinit(&session->internals.
+ _gnutls_gcert_deinit(&session->internals.
selected_cert_list[i]);
}
session->internals.selected_cert_list = NULL;
session->internals.selected_cert_list_length = 0;
- _gnutls_privkey_deinit(session->internals.selected_key);
+ _gnutls_gkey_deinit(session->internals.selected_key);
}
return;
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 885a8a9aca..9b8be03b8e 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -206,7 +206,7 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data,
signature.size = sigsize;
if ((ret =
- _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type,
+ _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
&info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
gnutls_assert();
return ret;
@@ -217,7 +217,7 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data,
&peer_cert,
&vparams, &signature);
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
if (ret < 0) {
gnutls_assert();
return ret;
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 8be77e7e9e..e5927e6925 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -80,7 +80,7 @@ int i;
}
ret =
- _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type,
+ _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
&info->raw_certificate_list[0], CERT_ONLY_PUBKEY|CERT_NO_COPY);
if (ret < 0) {
@@ -94,7 +94,7 @@ int i;
== GNUTLS_KX_RSA_EXPORT &&
_gnutls_mpi_get_nbits(peer_cert.params[0]) > 512) {
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
if (session->key->rsa[0] == NULL ||
session->key->rsa[1] == NULL) {
@@ -125,7 +125,7 @@ int i;
for (i=0;i<*params_len;i++) {
params[i] = _gnutls_mpi_copy(peer_cert.params[i]);
}
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
return 0;
}
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 902e970061..bd168d0a9a 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -189,7 +189,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session);
}
if ((ret =
- _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type,
+ _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
&info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
gnutls_assert();
return 0;
@@ -197,17 +197,17 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session);
if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) {
gnutls_assert();
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
return 0;
}
if ( _gnutls_mpi_get_nbits( peer_cert.params[0])
<= 512) {
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
return 1;
}
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
return 0;
}
@@ -285,7 +285,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
signature.size = sigsize;
if ((ret =
- _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type,
+ _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
&info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
gnutls_assert();
return ret;
@@ -296,7 +296,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
&peer_cert,
&vparams, &signature);
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
if (ret < 0) {
gnutls_assert();
}
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 22784f2d62..16162b1be0 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -59,7 +59,7 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials sc)
for (i = 0; i < sc->ncerts; i++) {
for (j = 0; j < sc->cert_list_length[i]; j++) {
- _gnutls_cert_deinit( &sc->cert_list[i][j]);
+ _gnutls_gcert_deinit( &sc->cert_list[i][j]);
}
gnutls_free( sc->cert_list[i]);
}
@@ -71,7 +71,7 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials sc)
sc->cert_list = NULL;
for (i = 0; i < sc->ncerts; i++) {
- _gnutls_privkey_deinit( &sc->pkey[i]);
+ _gnutls_gkey_deinit( &sc->pkey[i]);
}
gnutls_free( sc->pkey);
@@ -568,24 +568,23 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session session)
}
}
-/* in auth_dhe.c */
-OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert;
-OPENPGP_KEY2GNUTLS_KEY _E_gnutls_openpgp_key2gnutls_key;
+OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert;
+OPENPGP_RAW_PRIVKEY_TO_GKEY _E_gnutls_openpgp_raw_privkey_to_gkey;
-int _gnutls_cert2gnutls_cert(gnutls_cert * gcert, gnutls_certificate_type type,
+int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type,
const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */)
{
switch( type) {
case GNUTLS_CRT_X509:
- return _gnutls_x509_cert2gnutls_cert( gcert,
+ return _gnutls_x509_raw_cert_to_gcert( gcert,
raw_cert, flags);
case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) {
+ if (_E_gnutls_openpgp_raw_key_to_gcert==NULL) {
gnutls_assert();
return GNUTLS_E_INIT_LIBEXTRA;
}
return
- _E_gnutls_openpgp_cert2gnutls_cert( gcert,
+ _E_gnutls_openpgp_raw_key_to_gcert( gcert,
raw_cert);
default:
gnutls_assert();
@@ -593,20 +592,20 @@ int _gnutls_cert2gnutls_cert(gnutls_cert * gcert, gnutls_certificate_type type,
}
}
-int _gnutls_key2gnutls_key(gnutls_privkey * key, gnutls_certificate_type type,
+int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type,
const gnutls_datum *raw_key, int key_enc /* DER or PEM */)
{
switch( type) {
case GNUTLS_CRT_X509:
- return _gnutls_x509_key2gnutls_key( key,
+ return _gnutls_x509_raw_privkey_to_gkey( key,
raw_key, key_enc);
case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_key2gnutls_key==NULL) {
+ if (_E_gnutls_openpgp_raw_privkey_to_gkey==NULL) {
gnutls_assert();
return GNUTLS_E_INIT_LIBEXTRA;
}
return
- _E_gnutls_openpgp_key2gnutls_key( key, raw_key, key_enc);
+ _E_gnutls_openpgp_raw_privkey_to_gkey( key, raw_key);
default:
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
@@ -623,7 +622,7 @@ int _gnutls_key2gnutls_key(gnutls_privkey * key, gnutls_certificate_type type,
* extensions found in the certificate are unsupported and critical.
* The critical extensions will be catched by the verification functions.
*/
-int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCert,
+int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, const gnutls_datum *derCert,
int flags /* OR of ConvFlags */)
{
int ret;
@@ -642,7 +641,7 @@ int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCe
return ret;
}
- ret = _gnutls_x509_crt2gnutls_cert( gcert, cert, flags);
+ ret = _gnutls_x509_crt_to_gcert( gcert, cert, flags);
gnutls_x509_crt_deinit( cert);
return ret;
@@ -650,7 +649,7 @@ int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCe
/* Like above but it accepts a parsed certificate instead.
*/
-int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert,
+int _gnutls_x509_crt_to_gcert(gnutls_cert * gcert, gnutls_x509_crt cert,
unsigned int flags)
{
int ret = 0;
@@ -707,7 +706,7 @@ int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert,
}
-void _gnutls_cert_deinit(gnutls_cert *cert)
+void _gnutls_gcert_deinit(gnutls_cert *cert)
{
int i;
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index ccd8548dca..96218ff479 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -81,20 +81,22 @@ typedef enum ConvFlags {
CERT_ONLY_EXTENSIONS=16
} ConvFlags;
-int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCert,
+int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, const gnutls_datum *derCert,
int flags);
-int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert,
+int _gnutls_x509_crt_to_gcert(gnutls_cert * gcert, gnutls_x509_crt cert,
unsigned int flags);
+
int _gnutls_cert_get_dn(gnutls_cert * cert, gnutls_datum * odn);
-void _gnutls_privkey_deinit(gnutls_privkey *key);
-void _gnutls_cert_deinit(gnutls_cert *cert);
+void _gnutls_gkey_deinit(gnutls_privkey *key);
+void _gnutls_gcert_deinit(gnutls_cert *cert);
int _gnutls_selected_cert_supported_kx(struct gnutls_session_int* session,
gnutls_kx_algorithm ** alg, int *alg_size);
-int _gnutls_cert2gnutls_cert(gnutls_cert * gcert, gnutls_certificate_type type,
+
+int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type,
const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */);
-int _gnutls_key2gnutls_key(gnutls_privkey * key, gnutls_certificate_type type,
+int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type,
const gnutls_datum *raw_key, int key_enc /* DER or PEM */);
#endif
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index ac96dc8840..e6f0093d16 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -220,7 +220,7 @@ static int parse_crt_mem( gnutls_cert** cert_list, uint* ncerts,
return GNUTLS_E_MEMORY_ERROR;
}
- ret = _gnutls_x509_crt2gnutls_cert(
+ ret = _gnutls_x509_crt_to_gcert(
&cert_list[0][i-1], cert, 0);
if ( ret < 0) {
gnutls_assert();
@@ -357,7 +357,7 @@ static int parse_pkcs7_cert_mem( gnutls_cert** cert_list, uint* ncerts, const
tmp2.data = pcert;
tmp2.size = pcert_size;
- ret = _gnutls_x509_cert2gnutls_cert(
+ ret = _gnutls_x509_raw_cert_to_gcert(
&cert_list[0][i - 1], &tmp2, 0);
if ( ret < 0) {
@@ -441,7 +441,7 @@ static int parse_pem_cert_mem( gnutls_cert** cert_list, uint* ncerts,
tmp.data = ptr2;
tmp.size = siz2;
- ret = _gnutls_x509_cert2gnutls_cert(
+ ret = _gnutls_x509_raw_cert_to_gcert(
&cert_list[0][i - 1], &tmp, 0);
if ( ret < 0) {
gnutls_assert();
@@ -519,7 +519,7 @@ int read_cert_mem(gnutls_certificate_credentials res, const void *cert, int cert
}
-int _gnutls_x509_privkey2gnutls_key( gnutls_privkey* dest, gnutls_x509_privkey src)
+int _gnutls_x509_privkey_to_gkey( gnutls_privkey* dest, gnutls_x509_privkey src)
{
int i, ret;
@@ -547,7 +547,7 @@ int i, ret;
return ret;
}
-void _gnutls_privkey_deinit(gnutls_privkey *key)
+void _gnutls_gkey_deinit(gnutls_privkey *key)
{
int i;
if (key == NULL) return;
@@ -557,7 +557,7 @@ int i;
}
}
-int _gnutls_x509_key2gnutls_key( gnutls_privkey* privkey, const gnutls_datum* raw_key,
+int _gnutls_x509_raw_privkey_to_gkey( gnutls_privkey* privkey, const gnutls_datum* raw_key,
gnutls_x509_crt_fmt type)
{
gnutls_x509_privkey tmpkey;
@@ -576,7 +576,7 @@ int ret;
return ret;
}
- ret = _gnutls_x509_privkey2gnutls_key( privkey, tmpkey);
+ ret = _gnutls_x509_privkey_to_gkey( privkey, tmpkey);
if (ret < 0) {
gnutls_assert();
gnutls_x509_privkey_deinit( tmpkey);
@@ -609,7 +609,7 @@ static int read_key_mem(gnutls_certificate_credentials res, const void *key, int
tmp.data = (opaque*)key;
tmp.size = key_size;
- ret = _gnutls_x509_key2gnutls_key( &res->pkey[res->ncerts], &tmp, type);
+ ret = _gnutls_x509_raw_privkey_to_gkey( &res->pkey[res->ncerts], &tmp, type);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -839,7 +839,7 @@ int gnutls_certificate_set_x509_key(gnutls_certificate_credentials res,
return GNUTLS_E_MEMORY_ERROR;
}
- ret = _gnutls_x509_privkey2gnutls_key( &res->pkey[res->ncerts], key);
+ ret = _gnutls_x509_privkey_to_gkey( &res->pkey[res->ncerts], key);
if (ret < 0) {
gnutls_assert();
return ret;
diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h
index be5ea36a81..5a832b275f 100644
--- a/lib/gnutls_x509.h
+++ b/lib/gnutls_x509.h
@@ -16,6 +16,6 @@ int _gnutls_check_key_usage( const gnutls_cert* cert, gnutls_kx_algorithm alg);
int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params);
int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params);
-int _gnutls_x509_key2gnutls_key( gnutls_privkey* privkey, const gnutls_datum* raw_key,
+int _gnutls_x509_raw_privkey_to_gkey( gnutls_privkey* privkey, const gnutls_datum* raw_key,
gnutls_x509_crt_fmt type);
-int _gnutls_x509_privkey2gnutls_key( gnutls_privkey* privkey, gnutls_x509_privkey);
+int _gnutls_x509_privkey_to_gkey( gnutls_privkey* privkey, gnutls_x509_privkey);
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 5868ff6dd5..4e95651b85 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1077,7 +1077,8 @@ char name[128];
return algo;
}
- /* Now read the parameters' bits */
+ /* Now read the parameters' bits
+ */
_gnutls_str_cpy( name, sizeof(name), src_name);
_gnutls_str_cat( name, sizeof(name), ".subjectPublicKey");
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index c575732846..575e66574c 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -141,7 +141,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
/* reads DSA's Y
* from the certificate
- * params[3]
+ * only sets params[3]
*/
int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params)
{
@@ -163,7 +163,7 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params)
return _gnutls_asn2err(result);
}
- /* Read p */
+ /* Read Y */
if ( (result=_gnutls_x509_read_int( spk, "", &params[3])) < 0) {
gnutls_assert();
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index 7c19c228db..249ec82622 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -28,78 +28,6 @@
#include <gnutls/compat8.h>
#include <rfc2818.h>
-/*-
- * gnutls_x509_check_certificates_hostname - This function compares the given hostname with the hostname in the certificate
- * @cert: should contain a DER encoded certificate
- * @hostname: A null terminated string that contains a DNS name
- *
- * This function will check if the given certificate's subject matches
- * the given hostname. This is a basic implementation of the matching
- * described in RFC2818 (HTTPS), which takes into account wildcards.
- *
- * Returns non zero on success, and zero on failure.
- *
- -*/
-int gnutls_x509_check_certificates_hostname(const gnutls_datum * cert,
- const char *hostname)
-{
- char dnsname[MAX_CN];
- int dnsnamesize;
- int found_dnsname = 0;
- int ret = 0;
- gnutls_x509_dn dn;
- int i = 0;
-
- /* try matching against:
- * 1) a DNS name as an alternative name (subjectAltName) extension
- * in the certificate
- * 2) the common name (CN) in the certificate
- *
- * either of these may be of the form: *.domain.tld
- *
- * only try (2) if there is no subjectAltName extension of
- * type dNSName
- */
-
- /* Check through all included subjectAltName extensions, comparing
- * against all those of type dNSName.
- */
- for (i = 0; !(ret < 0); i++) {
-
- dnsnamesize = MAX_CN;
- ret =
- gnutls_x509_extract_certificate_subject_alt_name(cert, i,
- dnsname,
- &dnsnamesize);
-
- if (ret == GNUTLS_SAN_DNSNAME) {
- found_dnsname = 1;
- if (_gnutls_hostname_compare(dnsname, hostname)) {
- return 1;
- }
- }
-
- }
-
- if (!found_dnsname) {
- /* not got the necessary extension, use CN instead
- */
- if (gnutls_x509_extract_certificate_dn(cert, &dn) != 0) {
- /* got an error, can't find a name
- */
- return 0;
- }
-
- if (_gnutls_hostname_compare(dn.common_name, hostname)) {
- return 1;
- }
- }
-
- /* not found a matching name
- */
- return 0;
-}
-
/* compare hostname against certificate, taking account of wildcards
* return 1 on success or 0 on error
*/
diff --git a/libextra/Makefile.am b/libextra/Makefile.am
index 41c5f9df92..0db520f996 100644
--- a/libextra/Makefile.am
+++ b/libextra/Makefile.am
@@ -43,7 +43,7 @@ libgnutls_extra_la_DEPENDENCIES = $(LZO_OBJECTS)
libgnutls_extra_la_SOURCES = $(COBJECTS_EXTRA)
libgnutls_extra_la_LIBADD = $(LZO_OBJECTS) \
- openpgp/openpgp.lo openpgp/xml.lo privkey.lo \
+ openpgp/openpgp.lo openpgp/xml.lo openpgp/privkey.lo \
openpgp/extras.lo openpgp/verify.lo openpgp/compat.lo \
../lib/libgnutls.la
diff --git a/libextra/auth_srp_rsa.c b/libextra/auth_srp_rsa.c
index 725d7f5bc9..bd5a26df86 100644
--- a/libextra/auth_srp_rsa.c
+++ b/libextra/auth_srp_rsa.c
@@ -132,8 +132,6 @@ int apr_cert_list_length;
}
-extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert;
-
static int proc_srp_cert_server_kx(gnutls_session session, opaque * data, size_t _data_size)
{
ssize_t ret;
@@ -170,32 +168,12 @@ opaque* p;
signature.data = &p[2];
signature.size = sigsize;
- switch( session->security_parameters.cert_type) {
- case GNUTLS_CRT_X509:
- if ((ret =
- _gnutls_x509_cert2gnutls_cert( &peer_cert,
- &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) {
- gnutls_assert();
- return ret;
- }
- break;
-
- case GNUTLS_CRT_OPENPGP:
- if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) {
- gnutls_assert();
- return GNUTLS_E_INIT_LIBEXTRA;
- }
- if ((ret =
- _E_gnutls_openpgp_cert2gnutls_cert( &peer_cert,
- &info->raw_certificate_list[0])) < 0) {
- gnutls_assert();
- return ret;
- }
- break;
-
- default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ ret = _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type,
+ &info->raw_certificate_list[0], CERT_NO_COPY);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
}
ret =
@@ -203,7 +181,7 @@ opaque* p;
&peer_cert,
&vparams, &signature);
- _gnutls_cert_deinit( &peer_cert);
+ _gnutls_gcert_deinit( &peer_cert);
if (ret < 0) {
gnutls_assert();
return ret;
diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c
index 8044b5d7b0..b4a8c78576 100644
--- a/libextra/gnutls_extra.c
+++ b/libextra/gnutls_extra.c
@@ -152,11 +152,17 @@ int i;
extern OPENPGP_KEY_CREATION_TIME_FUNC _E_gnutls_openpgp_extract_key_creation_time;
extern OPENPGP_KEY_EXPIRATION_TIME_FUNC _E_gnutls_openpgp_extract_key_expiration_time;
extern OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key;
-extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert;
-extern OPENPGP_KEY2GNUTLS_KEY _E_gnutls_openpgp_key2gnutls_key;
extern OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint;
extern OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key;
+extern OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert;
+extern OPENPGP_RAW_PRIVKEY_TO_GKEY _E_gnutls_openpgp_raw_privkey_to_gkey;
+
+extern OPENPGP_KEY_TO_GCERT _E_gnutls_openpgp_key_to_gcert;
+extern OPENPGP_PRIVKEY_TO_GKEY _E_gnutls_openpgp_privkey_to_gkey;
+extern OPENPGP_KEY_DEINIT _E_gnutls_openpgp_key_deinit;
+extern OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit;
+
static void _gnutls_add_openpgp_functions(void) {
#ifdef HAVE_LIBOPENCDK
_E_gnutls_openpgp_verify_key = gnutls_openpgp_verify_key;
@@ -164,8 +170,14 @@ static void _gnutls_add_openpgp_functions(void) {
_E_gnutls_openpgp_extract_key_creation_time = gnutls_openpgp_extract_key_creation_time;
_E_gnutls_openpgp_fingerprint = gnutls_openpgp_fingerprint;
_E_gnutls_openpgp_request_key = _gnutls_openpgp_request_key;
- _E_gnutls_openpgp_cert2gnutls_cert = _gnutls_openpgp_cert2gnutls_cert;
- _E_gnutls_openpgp_key2gnutls_key = _gnutls_openpgp_key2gnutls_key;
+
+ _E_gnutls_openpgp_raw_key_to_gcert = _gnutls_openpgp_raw_key_to_gcert;
+ _E_gnutls_openpgp_raw_privkey_to_gkey = _gnutls_openpgp_raw_privkey_to_gkey;
+
+ _E_gnutls_openpgp_key_to_gcert = _gnutls_openpgp_key_to_gcert;
+ _E_gnutls_openpgp_privkey_to_gkey = _gnutls_openpgp_privkey_to_gkey;
+ _E_gnutls_openpgp_key_deinit = gnutls_openpgp_key_deinit;
+ _E_gnutls_openpgp_privkey_deinit = gnutls_openpgp_privkey_deinit;
#endif
}
diff --git a/libextra/gnutls_extra.h b/libextra/gnutls_extra.h
index 7c6eb11cab..40aef209d2 100644
--- a/libextra/gnutls_extra.h
+++ b/libextra/gnutls_extra.h
@@ -7,5 +7,12 @@ typedef time_t (*OPENPGP_KEY_EXPIRATION_TIME_FUNC)( const gnutls_datum*);
typedef int (*OPENPGP_KEY_REQUEST)(gnutls_session, gnutls_datum*,
const gnutls_certificate_credentials, opaque*,int);
typedef int (*OPENPGP_FINGERPRINT)(const gnutls_datum*, unsigned char*, size_t*);
-typedef int (*OPENPGP_CERT2GNUTLS_CERT)(gnutls_cert*, const gnutls_datum*);
-typedef int (*OPENPGP_KEY2GNUTLS_KEY)(gnutls_privkey*, const gnutls_datum*, gnutls_openpgp_key_fmt);
+
+typedef int (*OPENPGP_RAW_KEY_TO_GCERT)(gnutls_cert*, const gnutls_datum*);
+typedef int (*OPENPGP_RAW_PRIVKEY_TO_GKEY)(gnutls_privkey*, const gnutls_datum*);
+
+typedef int (*OPENPGP_KEY_TO_GCERT)(gnutls_cert*, gnutls_openpgp_key);
+typedef int (*OPENPGP_PRIVKEY_TO_GKEY)(gnutls_privkey*, gnutls_openpgp_privkey);
+
+typedef void (*OPENPGP_KEY_DEINIT)(gnutls_openpgp_key);
+typedef void (*OPENPGP_PRIVKEY_DEINIT)(gnutls_openpgp_privkey);
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index be48591884..a4cba3e0db 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -24,7 +24,6 @@
#include "gnutls_cert.h"
#include "gnutls_datum.h"
#include "gnutls_global.h"
-//#include "auth_cert.h"
#include <openpgp/gnutls_openpgp.h>
#ifdef HAVE_LIBOPENCDK
@@ -283,17 +282,18 @@ openpgp_pk_to_gnutls_cert( gnutls_cert *cert, cdk_pkt_pubkey_t pk )
}
/*-
- * _gnutls_openpgp_key2gnutls_key - Converts an OpenPGP secret key to GnuTLS
+ * _gnutls_openpgp_raw_privkey_to_gkey - Converts an OpenPGP secret key to GnuTLS
* @pkey: the GnuTLS private key context to store the key.
* @raw_key: the raw data which contains the whole key packets.
*
* The RFC2440 (OpenPGP Message Format) data is converted into the
* GnuTLS specific data which is need to perform secret key operations.
+ *
+ * This function can read both BASE64 and RAW keys.
-*/
int
-_gnutls_openpgp_key2gnutls_key( gnutls_privkey *pkey,
- const gnutls_datum *raw_key,
- gnutls_openpgp_key_fmt format)
+_gnutls_openpgp_raw_privkey_to_gkey( gnutls_privkey *pkey,
+ const gnutls_datum *raw_key)
{
cdk_kbnode_t snode;
CDK_PACKET *pkt;
@@ -313,15 +313,6 @@ _gnutls_openpgp_key2gnutls_key( gnutls_privkey *pkey,
if( !out )
return GNUTLS_E_CERTIFICATE_ERROR;
- if (format == GNUTLS_OPENPGP_FMT_BASE64) {
- rc = cdk_stream_set_armor_flag( out, 0);
- if (rc) {
- rc = _gnutls_map_cdk_rc( rc);
- gnutls_assert();
- return rc;
- }
- }
-
cdk_stream_write( out, raw_key->data, raw_key->size );
cdk_stream_seek( out, 0 );
@@ -376,7 +367,7 @@ leave:
/*-
- * _gnutls_openpgp_cert2gnutls_cert - Converts raw OpenPGP data to GnuTLS certs
+ * _gnutls_openpgp_raw_key_to_gcert - Converts raw OpenPGP data to GnuTLS certs
* @cert: the certificate to store the data.
* @raw: the buffer which contains the whole OpenPGP key packets.
*
@@ -384,7 +375,7 @@ leave:
* specific certificate.
-*/
int
-_gnutls_openpgp_cert2gnutls_cert( gnutls_cert *cert, const gnutls_datum *raw )
+_gnutls_openpgp_raw_key_to_gcert( gnutls_cert *cert, const gnutls_datum *raw )
{
cdk_kbnode_t knode = NULL;
CDK_PACKET *pkt = NULL;
@@ -538,7 +529,6 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res,
int i = 0;
int rc = 0;
cdk_stream_t inp = NULL;
- gnutls_openpgp_key_fmt format;
if ( !res || !key || !cert ) {
gnutls_assert( );
@@ -552,10 +542,7 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res,
}
if( cdk_armor_filter_use( inp ) ) {
- format = GNUTLS_OPENPGP_FMT_BASE64;
cdk_stream_set_armor_flag( inp, 0 );
- } else {
- format = GNUTLS_OPENPGP_FMT_RAW;
}
res->cert_list = gnutls_realloc_fast(res->cert_list,
@@ -641,7 +628,7 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res,
}
cdk_stream_close( inp );
- rc = _gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], &raw, format);
+ rc = _gnutls_openpgp_raw_privkey_to_gkey( &res->pkey[res->ncerts-1], &raw);
if (rc) {
gnutls_assert();
}
@@ -1023,7 +1010,7 @@ void gnutls_openpgp_set_recv_key_function( gnutls_session session,
/* Copies a gnutls_openpgp_privkey to a gnutls_privkey structure.
*/
-int _gnutls_openpgp_privkey2gnutls_key( gnutls_privkey* dest, gnutls_openpgp_privkey src)
+int _gnutls_openpgp_privkey_to_gkey( gnutls_privkey* dest, gnutls_openpgp_privkey src)
{
int i, ret;
@@ -1052,7 +1039,7 @@ cleanup:
/* Converts a parsed gnutls_openpgp_key to a gnutls_cert structure.
*/
-int _gnutls_openpgp_key2gnutls_cert(gnutls_cert * gcert, gnutls_openpgp_key cert)
+int _gnutls_openpgp_key_to_gcert(gnutls_cert * gcert, gnutls_openpgp_key cert)
{
int ret = 0;
opaque* der;
@@ -1085,7 +1072,7 @@ int _gnutls_openpgp_key2gnutls_cert(gnutls_cert * gcert, gnutls_openpgp_key cert
raw.data = der;
raw.size = der_size;
- ret = _gnutls_openpgp_cert2gnutls_cert( gcert, &raw);
+ ret = _gnutls_openpgp_raw_key_to_gcert( gcert, &raw);
gnutls_free(der);
@@ -1120,7 +1107,7 @@ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res,
return GNUTLS_E_MEMORY_ERROR;
}
- ret = _gnutls_openpgp_privkey2gnutls_key( &res->pkey[res->ncerts], pkey);
+ ret = _gnutls_openpgp_privkey_to_gkey( &res->pkey[res->ncerts], pkey);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -1143,7 +1130,7 @@ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res,
res->cert_list[res->ncerts] = NULL; /* for realloc */
res->cert_list_length[res->ncerts] = 1;
- ret = _gnutls_openpgp_key2gnutls_cert( res->cert_list[res->ncerts], key);
+ ret = _gnutls_openpgp_key_to_gcert( res->cert_list[res->ncerts], key);
if ( ret < 0) {
gnutls_assert();
return ret;
diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h
index e8e4a76355..f62c721c70 100644
--- a/libextra/openpgp/gnutls_openpgp.h
+++ b/libextra/openpgp/gnutls_openpgp.h
@@ -68,14 +68,13 @@ int gnutls_openpgp_recv_key(
gnutls_datum *key );
/* internal */
-int _gnutls_openpgp_cert2gnutls_cert(
+int _gnutls_openpgp_raw_key_to_gcert(
gnutls_cert *cert,
const gnutls_datum *raw );
int
-_gnutls_openpgp_key2gnutls_key( gnutls_privkey *pkey,
- const gnutls_datum *raw_key,
- gnutls_openpgp_key_fmt format);
+_gnutls_openpgp_raw_privkey_to_gkey( gnutls_privkey *pkey,
+ const gnutls_datum *raw_key);
int
_gnutls_openpgp_request_key(
diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h
index e6a2fbc06b..bb76a7401f 100644
--- a/libextra/openpgp/openpgp.h
+++ b/libextra/openpgp/openpgp.h
@@ -77,8 +77,8 @@ int gnutls_openpgp_key_verify_trustdb( gnutls_openpgp_key key,
int gnutls_openpgp_key_verify_self( gnutls_openpgp_key key,
unsigned int flags, unsigned int *verify);
-int _gnutls_openpgp_key2gnutls_cert(gnutls_cert * gcert, gnutls_openpgp_key cert);
-int _gnutls_openpgp_privkey2gnutls_key( gnutls_privkey* dest, gnutls_openpgp_privkey src);
+int _gnutls_openpgp_key_to_gcert(gnutls_cert * gcert, gnutls_openpgp_key cert);
+int _gnutls_openpgp_privkey_to_gkey( gnutls_privkey* dest, gnutls_openpgp_privkey src);
void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey key);
diff --git a/libextra/openpgp/privkey.c b/libextra/openpgp/privkey.c
index 41bcf2f725..51a315fa82 100644
--- a/libextra/openpgp/privkey.c
+++ b/libextra/openpgp/privkey.c
@@ -30,6 +30,7 @@
#include <gnutls_errors.h>
#include <opencdk.h>
#include <openpgp.h>
+#include <gnutls_openpgp.h>
#include <x509/rfc2818.h>
#include <gnutls_cert.h>
@@ -63,7 +64,7 @@ void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey key)
{
if (!key) return;
- _gnutls_privkey_deinit( &key->pkey);
+ _gnutls_gkey_deinit( &key->pkey);
gnutls_free(key);
}
@@ -87,7 +88,7 @@ int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey key,
{
int rc;
- rc = _gnutls_openpgp_key2gnutls_key( &key->pkey, data, format);
+ rc = _gnutls_openpgp_raw_privkey_to_gkey( &key->pkey, data);
if( rc) {
gnutls_assert();
return rc;
@@ -115,7 +116,16 @@ int rc;
int
gnutls_openpgp_privkey_get_pk_algorithm( gnutls_openpgp_privkey key, unsigned int *bits)
{
- return key->pkey.pk_algorithm;
+ int pk = key->pkey.pk_algorithm;
+
+ if (bits) {
+ *bits = 0;
+ if (pk == GNUTLS_PK_RSA)
+ *bits = _gnutls_mpi_get_nbits( key->pkey.params[0]);
+ if (pk == GNUTLS_PK_DSA)
+ *bits = _gnutls_mpi_get_nbits( key->pkey.params[3]);
+ }
+ return pk;
}
View Lorry Controller Status