diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-20 20:22:03 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-20 20:22:03 +0000 |
commit | a9695a236fae0048af2b3f9934251bbed88cc37e (patch) | |
tree | 805a15570fd3b99e014ccb08936d35839a275114 | |
parent | 8a56fad939f4cdebacc681bf3bc0df23568b4969 (diff) | |
download | gnutls-a9695a236fae0048af2b3f9934251bbed88cc37e.tar.gz |
several cleanups.
-rw-r--r-- | includes/gnutls/openpgp.h | 9 | ||||
-rw-r--r-- | lib/Makefile.am | 2 | ||||
-rw-r--r-- | lib/auth_cert.c | 83 | ||||
-rw-r--r-- | lib/auth_dhe.c | 4 | ||||
-rw-r--r-- | lib/auth_rsa.c | 6 | ||||
-rw-r--r-- | lib/auth_rsa_export.c | 12 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 33 | ||||
-rw-r--r-- | lib/gnutls_cert.h | 14 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 18 | ||||
-rw-r--r-- | lib/gnutls_x509.h | 4 | ||||
-rw-r--r-- | lib/x509/common.c | 3 | ||||
-rw-r--r-- | lib/x509/mpi.c | 4 | ||||
-rw-r--r-- | lib/x509/rfc2818_hostname.c | 72 | ||||
-rw-r--r-- | libextra/Makefile.am | 2 | ||||
-rw-r--r-- | libextra/auth_srp_rsa.c | 36 | ||||
-rw-r--r-- | libextra/gnutls_extra.c | 20 | ||||
-rw-r--r-- | libextra/gnutls_extra.h | 11 | ||||
-rw-r--r-- | libextra/gnutls_openpgp.c | 39 | ||||
-rw-r--r-- | libextra/openpgp/gnutls_openpgp.h | 7 | ||||
-rw-r--r-- | libextra/openpgp/openpgp.h | 4 | ||||
-rw-r--r-- | libextra/openpgp/privkey.c | 16 |
21 files changed, 159 insertions, 240 deletions
diff --git a/includes/gnutls/openpgp.h b/includes/gnutls/openpgp.h index 8778213bdd..c836a8f3f5 100644 --- a/includes/gnutls/openpgp.h +++ b/includes/gnutls/openpgp.h @@ -32,11 +32,8 @@ extern "C" { #include <gnutls/gnutls.h> -struct gnutls_openpgp_key_int; /* object to hold (parsed) openpgp keys */ -typedef struct gnutls_openpgp_key_int* gnutls_openpgp_key; - -struct gnutls_openpgp_privkey_int; /* object to hold (parsed) openpgp private keys */ -typedef struct gnutls_openpgp_privkey_int* gnutls_openpgp_privkey; +/* gnutls_openpgp_key should be defined in gnutls.h + */ typedef enum gnutls_openpgp_key_fmt { GNUTLS_OPENPGP_FMT_RAW, GNUTLS_OPENPGP_FMT_BASE64 } gnutls_openpgp_key_fmt; @@ -122,7 +119,7 @@ int gnutls_openpgp_key_verify_trustdb( /* certificate authentication stuff. */ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res, - gnutls_openpgp_key key, gnutls_openpgp_privkey pkey) + gnutls_openpgp_key key, gnutls_openpgp_privkey pkey); #ifdef __cplusplus } diff --git a/lib/Makefile.am b/lib/Makefile.am index e72c605a76..ef1f5e3a25 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -46,7 +46,7 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \ gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \ gnutls_rsa_export.c auth_rsa_export.c \ ext_server_name.c auth_dh_common.c \ - dh_compat.c rsa_compat.c strnstr.c + strnstr.c # Separate so we can create the documentation diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 20a95a31be..049c2e3e63 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -398,6 +398,8 @@ static int call_client_cert_callback(gnutls_session session, } +OPENPGP_KEY_DEINIT _E_gnutls_openpgp_key_deinit; +OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit; /* Calls the client get callback. */ static int call_get_cert_callback( gnutls_session session, @@ -468,8 +470,14 @@ cleanup: } } else { if (st.deinit_all_keys) { - gnutls_openpgp_key_deinit(st.cert.pgp); - gnutls_openpgp_privkey_deinit(st.key.pgp); + if (_E_gnutls_openpgp_key_deinit == NULL || + _E_gnutls_openpgp_privkey_deinit == NULL) { + gnutls_assert(); + return GNUTLS_E_INIT_LIBEXTRA; + } + + _E_gnutls_openpgp_key_deinit(st.cert.pgp); + _E_gnutls_openpgp_privkey_deinit(st.key.pgp); } } @@ -683,7 +691,7 @@ int _gnutls_gen_openpgp_certificate(gnutls_session session, opaque ** data) OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint = NULL; OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key = NULL; -extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; +extern OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert; int _gnutls_gen_openpgp_certificate_fpr(gnutls_session session, opaque ** data) @@ -788,7 +796,7 @@ int _gnutls_gen_cert_server_certificate(gnutls_session session, /* Process server certificate */ -#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_cert_deinit(&peer_certificate_list[x]) +#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x]) int _gnutls_proc_x509_server_certificate(gnutls_session session, opaque * data, size_t data_size) { @@ -882,7 +890,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session, tmp.data = p; if ((ret = - _gnutls_x509_cert2gnutls_cert(&peer_certificate_list + _gnutls_x509_raw_cert_to_gcert(&peer_certificate_list [j], &tmp, CERT_ONLY_EXTENSIONS)) < 0) { @@ -919,7 +927,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session, } -#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_cert_deinit(&peer_certificate_list[x]) +#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x]) int _gnutls_proc_openpgp_server_certificate(gnutls_session session, opaque * data, size_t data_size) @@ -1044,14 +1052,14 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session, memset(peer_certificate_list, 0, sizeof(gnutls_cert) * peer_certificate_list_size); - if (_E_gnutls_openpgp_cert2gnutls_cert == NULL) { + if (_E_gnutls_openpgp_raw_key_to_gcert == NULL) { gnutls_assert(); ret = GNUTLS_E_INIT_LIBEXTRA; goto cleanup; } if ((ret = - _E_gnutls_openpgp_cert2gnutls_cert(&peer_certificate_list[0], + _E_gnutls_openpgp_raw_key_to_gcert(&peer_certificate_list[0], &tmp)) < 0) { gnutls_assert(); goto cleanup; @@ -1274,29 +1282,9 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, sig.data = pdata; sig.size = size; - switch (session->security_parameters.cert_type) { - case GNUTLS_CRT_X509: - ret = - _gnutls_x509_cert2gnutls_cert(&peer_cert, - &info-> - raw_certificate_list[0], - CERT_NO_COPY); - break; - case GNUTLS_CRT_OPENPGP: - if (_E_gnutls_openpgp_cert2gnutls_cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INIT_LIBEXTRA; - } - ret = - _E_gnutls_openpgp_cert2gnutls_cert(&peer_cert, - &info-> - raw_certificate_list - [0]); - break; - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } + ret = _gnutls_raw_cert_to_gcert( &peer_cert, + session->security_parameters.cert_type, + &info->raw_certificate_list[0], CERT_NO_COPY); if (ret < 0) { gnutls_assert(); @@ -1306,10 +1294,10 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, if ((ret = _gnutls_verify_sig_hdata(session, &peer_cert, &sig)) < 0) { gnutls_assert(); - _gnutls_cert_deinit(&peer_cert); + _gnutls_gcert_deinit(&peer_cert); return ret; } - _gnutls_cert_deinit(&peer_cert); + _gnutls_gcert_deinit(&peer_cert); return 0; } @@ -1426,7 +1414,7 @@ static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs, } for (i = 0; i < ncerts; i++) { - ret = _gnutls_x509_crt2gnutls_cert(&local_certs[i], + ret = _gnutls_x509_crt_to_gcert(&local_certs[i], certs[i], 0); if (ret < 0) break; @@ -1435,7 +1423,7 @@ static gnutls_cert *alloc_and_load_x509_certs(gnutls_x509_crt * certs, if (ret < 0) { gnutls_assert(); for (j = 0; j < i; j++) { - _gnutls_cert_deinit(&local_certs[j]); + _gnutls_gcert_deinit(&local_certs[j]); } gnutls_free(local_certs); return NULL; @@ -1459,7 +1447,7 @@ static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey key) } ret = - _gnutls_x509_privkey2gnutls_key(local_key, key); + _gnutls_x509_privkey_to_gkey(local_key, key); if (ret < 0) { gnutls_assert(); return NULL; @@ -1469,7 +1457,8 @@ static gnutls_privkey *alloc_and_load_x509_key(gnutls_x509_privkey key) } - +OPENPGP_KEY_TO_GCERT _E_gnutls_openpgp_key_to_gcert; +OPENPGP_PRIVKEY_TO_GKEY _E_gnutls_openpgp_privkey_to_gkey; /* converts the given pgp certificate to gnutls_cert* and allocates * space for them. @@ -1486,7 +1475,12 @@ static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key cert) return NULL; } - ret = _gnutls_openpgp_key2gnutls_cert(&local_certs[i], cert); + if (_E_gnutls_openpgp_key_to_gcert==NULL) { + gnutls_assert(); + return NULL; + } + + ret = _E_gnutls_openpgp_key_to_gcert(&local_certs[i], cert); if (ret < 0) { gnutls_assert(); return NULL; @@ -1495,7 +1489,7 @@ static gnutls_cert *alloc_and_load_pgp_certs(gnutls_openpgp_key cert) if (ret < 0) { gnutls_assert(); for (j = 0; j < i; j++) { - _gnutls_cert_deinit(&local_certs[j]); + _gnutls_gcert_deinit(&local_certs[j]); } gnutls_free(local_certs); return NULL; @@ -1518,8 +1512,13 @@ static gnutls_privkey *alloc_and_load_pgp_key(const gnutls_openpgp_privkey key) return NULL; } + if (_E_gnutls_openpgp_privkey_to_gkey==NULL) { + gnutls_assert(); + return NULL; + } + ret = - _gnutls_openpgp_privkey2gnutls_key(local_key, key); + _E_gnutls_openpgp_privkey_to_gkey(local_key, key); if (ret < 0) { gnutls_assert(); return NULL; @@ -1537,13 +1536,13 @@ void _gnutls_selected_certs_deinit(gnutls_session session) for (i = 0; i < session->internals.selected_cert_list_length; i++) { - _gnutls_cert_deinit(&session->internals. + _gnutls_gcert_deinit(&session->internals. selected_cert_list[i]); } session->internals.selected_cert_list = NULL; session->internals.selected_cert_list_length = 0; - _gnutls_privkey_deinit(session->internals.selected_key); + _gnutls_gkey_deinit(session->internals.selected_key); } return; diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 885a8a9aca..9b8be03b8e 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -206,7 +206,7 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data, signature.size = sigsize; if ((ret = - _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type, + _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type, &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) { gnutls_assert(); return ret; @@ -217,7 +217,7 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data, &peer_cert, &vparams, &signature); - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 8be77e7e9e..e5927e6925 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -80,7 +80,7 @@ int i; } ret = - _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type, + _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type, &info->raw_certificate_list[0], CERT_ONLY_PUBKEY|CERT_NO_COPY); if (ret < 0) { @@ -94,7 +94,7 @@ int i; == GNUTLS_KX_RSA_EXPORT && _gnutls_mpi_get_nbits(peer_cert.params[0]) > 512) { - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) { @@ -125,7 +125,7 @@ int i; for (i=0;i<*params_len;i++) { params[i] = _gnutls_mpi_copy(peer_cert.params[i]); } - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); return 0; } diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 902e970061..bd168d0a9a 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -189,7 +189,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); } if ((ret = - _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type, + _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type, &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) { gnutls_assert(); return 0; @@ -197,17 +197,17 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA) { gnutls_assert(); - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); return 0; } if ( _gnutls_mpi_get_nbits( peer_cert.params[0]) <= 512) { - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); return 1; } - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); return 0; } @@ -285,7 +285,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, signature.size = sigsize; if ((ret = - _gnutls_cert2gnutls_cert( &peer_cert, session->security_parameters.cert_type, + _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type, &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) { gnutls_assert(); return ret; @@ -296,7 +296,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, &peer_cert, &vparams, &signature); - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); if (ret < 0) { gnutls_assert(); } diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 22784f2d62..16162b1be0 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -59,7 +59,7 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials sc) for (i = 0; i < sc->ncerts; i++) { for (j = 0; j < sc->cert_list_length[i]; j++) { - _gnutls_cert_deinit( &sc->cert_list[i][j]); + _gnutls_gcert_deinit( &sc->cert_list[i][j]); } gnutls_free( sc->cert_list[i]); } @@ -71,7 +71,7 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials sc) sc->cert_list = NULL; for (i = 0; i < sc->ncerts; i++) { - _gnutls_privkey_deinit( &sc->pkey[i]); + _gnutls_gkey_deinit( &sc->pkey[i]); } gnutls_free( sc->pkey); @@ -568,24 +568,23 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session session) } } -/* in auth_dhe.c */ -OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; -OPENPGP_KEY2GNUTLS_KEY _E_gnutls_openpgp_key2gnutls_key; +OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert; +OPENPGP_RAW_PRIVKEY_TO_GKEY _E_gnutls_openpgp_raw_privkey_to_gkey; -int _gnutls_cert2gnutls_cert(gnutls_cert * gcert, gnutls_certificate_type type, +int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type, const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */) { switch( type) { case GNUTLS_CRT_X509: - return _gnutls_x509_cert2gnutls_cert( gcert, + return _gnutls_x509_raw_cert_to_gcert( gcert, raw_cert, flags); case GNUTLS_CRT_OPENPGP: - if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) { + if (_E_gnutls_openpgp_raw_key_to_gcert==NULL) { gnutls_assert(); return GNUTLS_E_INIT_LIBEXTRA; } return - _E_gnutls_openpgp_cert2gnutls_cert( gcert, + _E_gnutls_openpgp_raw_key_to_gcert( gcert, raw_cert); default: gnutls_assert(); @@ -593,20 +592,20 @@ int _gnutls_cert2gnutls_cert(gnutls_cert * gcert, gnutls_certificate_type type, } } -int _gnutls_key2gnutls_key(gnutls_privkey * key, gnutls_certificate_type type, +int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type, const gnutls_datum *raw_key, int key_enc /* DER or PEM */) { switch( type) { case GNUTLS_CRT_X509: - return _gnutls_x509_key2gnutls_key( key, + return _gnutls_x509_raw_privkey_to_gkey( key, raw_key, key_enc); case GNUTLS_CRT_OPENPGP: - if (_E_gnutls_openpgp_key2gnutls_key==NULL) { + if (_E_gnutls_openpgp_raw_privkey_to_gkey==NULL) { gnutls_assert(); return GNUTLS_E_INIT_LIBEXTRA; } return - _E_gnutls_openpgp_key2gnutls_key( key, raw_key, key_enc); + _E_gnutls_openpgp_raw_privkey_to_gkey( key, raw_key); default: gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; @@ -623,7 +622,7 @@ int _gnutls_key2gnutls_key(gnutls_privkey * key, gnutls_certificate_type type, * extensions found in the certificate are unsupported and critical. * The critical extensions will be catched by the verification functions. */ -int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCert, +int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, const gnutls_datum *derCert, int flags /* OR of ConvFlags */) { int ret; @@ -642,7 +641,7 @@ int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCe return ret; } - ret = _gnutls_x509_crt2gnutls_cert( gcert, cert, flags); + ret = _gnutls_x509_crt_to_gcert( gcert, cert, flags); gnutls_x509_crt_deinit( cert); return ret; @@ -650,7 +649,7 @@ int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCe /* Like above but it accepts a parsed certificate instead. */ -int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert, +int _gnutls_x509_crt_to_gcert(gnutls_cert * gcert, gnutls_x509_crt cert, unsigned int flags) { int ret = 0; @@ -707,7 +706,7 @@ int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert, } -void _gnutls_cert_deinit(gnutls_cert *cert) +void _gnutls_gcert_deinit(gnutls_cert *cert) { int i; diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index ccd8548dca..96218ff479 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -81,20 +81,22 @@ typedef enum ConvFlags { CERT_ONLY_EXTENSIONS=16 } ConvFlags; -int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCert, +int _gnutls_x509_raw_cert_to_gcert(gnutls_cert * gcert, const gnutls_datum *derCert, int flags); -int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert, +int _gnutls_x509_crt_to_gcert(gnutls_cert * gcert, gnutls_x509_crt cert, unsigned int flags); + int _gnutls_cert_get_dn(gnutls_cert * cert, gnutls_datum * odn); -void _gnutls_privkey_deinit(gnutls_privkey *key); -void _gnutls_cert_deinit(gnutls_cert *cert); +void _gnutls_gkey_deinit(gnutls_privkey *key); +void _gnutls_gcert_deinit(gnutls_cert *cert); int _gnutls_selected_cert_supported_kx(struct gnutls_session_int* session, gnutls_kx_algorithm ** alg, int *alg_size); -int _gnutls_cert2gnutls_cert(gnutls_cert * gcert, gnutls_certificate_type type, + +int _gnutls_raw_cert_to_gcert(gnutls_cert * gcert, gnutls_certificate_type type, const gnutls_datum *raw_cert, int flags /* OR of ConvFlags */); -int _gnutls_key2gnutls_key(gnutls_privkey * key, gnutls_certificate_type type, +int _gnutls_raw_privkey_to_gkey(gnutls_privkey * key, gnutls_certificate_type type, const gnutls_datum *raw_key, int key_enc /* DER or PEM */); #endif diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index ac96dc8840..e6f0093d16 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -220,7 +220,7 @@ static int parse_crt_mem( gnutls_cert** cert_list, uint* ncerts, return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_x509_crt2gnutls_cert( + ret = _gnutls_x509_crt_to_gcert( &cert_list[0][i-1], cert, 0); if ( ret < 0) { gnutls_assert(); @@ -357,7 +357,7 @@ static int parse_pkcs7_cert_mem( gnutls_cert** cert_list, uint* ncerts, const tmp2.data = pcert; tmp2.size = pcert_size; - ret = _gnutls_x509_cert2gnutls_cert( + ret = _gnutls_x509_raw_cert_to_gcert( &cert_list[0][i - 1], &tmp2, 0); if ( ret < 0) { @@ -441,7 +441,7 @@ static int parse_pem_cert_mem( gnutls_cert** cert_list, uint* ncerts, tmp.data = ptr2; tmp.size = siz2; - ret = _gnutls_x509_cert2gnutls_cert( + ret = _gnutls_x509_raw_cert_to_gcert( &cert_list[0][i - 1], &tmp, 0); if ( ret < 0) { gnutls_assert(); @@ -519,7 +519,7 @@ int read_cert_mem(gnutls_certificate_credentials res, const void *cert, int cert } -int _gnutls_x509_privkey2gnutls_key( gnutls_privkey* dest, gnutls_x509_privkey src) +int _gnutls_x509_privkey_to_gkey( gnutls_privkey* dest, gnutls_x509_privkey src) { int i, ret; @@ -547,7 +547,7 @@ int i, ret; return ret; } -void _gnutls_privkey_deinit(gnutls_privkey *key) +void _gnutls_gkey_deinit(gnutls_privkey *key) { int i; if (key == NULL) return; @@ -557,7 +557,7 @@ int i; } } -int _gnutls_x509_key2gnutls_key( gnutls_privkey* privkey, const gnutls_datum* raw_key, +int _gnutls_x509_raw_privkey_to_gkey( gnutls_privkey* privkey, const gnutls_datum* raw_key, gnutls_x509_crt_fmt type) { gnutls_x509_privkey tmpkey; @@ -576,7 +576,7 @@ int ret; return ret; } - ret = _gnutls_x509_privkey2gnutls_key( privkey, tmpkey); + ret = _gnutls_x509_privkey_to_gkey( privkey, tmpkey); if (ret < 0) { gnutls_assert(); gnutls_x509_privkey_deinit( tmpkey); @@ -609,7 +609,7 @@ static int read_key_mem(gnutls_certificate_credentials res, const void *key, int tmp.data = (opaque*)key; tmp.size = key_size; - ret = _gnutls_x509_key2gnutls_key( &res->pkey[res->ncerts], &tmp, type); + ret = _gnutls_x509_raw_privkey_to_gkey( &res->pkey[res->ncerts], &tmp, type); if (ret < 0) { gnutls_assert(); return ret; @@ -839,7 +839,7 @@ int gnutls_certificate_set_x509_key(gnutls_certificate_credentials res, return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_x509_privkey2gnutls_key( &res->pkey[res->ncerts], key); + ret = _gnutls_x509_privkey_to_gkey( &res->pkey[res->ncerts], key); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h index be5ea36a81..5a832b275f 100644 --- a/lib/gnutls_x509.h +++ b/lib/gnutls_x509.h @@ -16,6 +16,6 @@ int _gnutls_check_key_usage( const gnutls_cert* cert, gnutls_kx_algorithm alg); int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params); int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params); -int _gnutls_x509_key2gnutls_key( gnutls_privkey* privkey, const gnutls_datum* raw_key, +int _gnutls_x509_raw_privkey_to_gkey( gnutls_privkey* privkey, const gnutls_datum* raw_key, gnutls_x509_crt_fmt type); -int _gnutls_x509_privkey2gnutls_key( gnutls_privkey* privkey, gnutls_x509_privkey); +int _gnutls_x509_privkey_to_gkey( gnutls_privkey* privkey, gnutls_x509_privkey); diff --git a/lib/x509/common.c b/lib/x509/common.c index 5868ff6dd5..4e95651b85 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1077,7 +1077,8 @@ char name[128]; return algo; } - /* Now read the parameters' bits */ + /* Now read the parameters' bits + */ _gnutls_str_cpy( name, sizeof(name), src_name); _gnutls_str_cat( name, sizeof(name), ".subjectPublicKey"); diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index c575732846..575e66574c 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -141,7 +141,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params) /* reads DSA's Y * from the certificate - * params[3] + * only sets params[3] */ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params) { @@ -163,7 +163,7 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params) return _gnutls_asn2err(result); } - /* Read p */ + /* Read Y */ if ( (result=_gnutls_x509_read_int( spk, "", ¶ms[3])) < 0) { gnutls_assert(); diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c index 7c19c228db..249ec82622 100644 --- a/lib/x509/rfc2818_hostname.c +++ b/lib/x509/rfc2818_hostname.c @@ -28,78 +28,6 @@ #include <gnutls/compat8.h> #include <rfc2818.h> -/*- - * gnutls_x509_check_certificates_hostname - This function compares the given hostname with the hostname in the certificate - * @cert: should contain a DER encoded certificate - * @hostname: A null terminated string that contains a DNS name - * - * This function will check if the given certificate's subject matches - * the given hostname. This is a basic implementation of the matching - * described in RFC2818 (HTTPS), which takes into account wildcards. - * - * Returns non zero on success, and zero on failure. - * - -*/ -int gnutls_x509_check_certificates_hostname(const gnutls_datum * cert, - const char *hostname) -{ - char dnsname[MAX_CN]; - int dnsnamesize; - int found_dnsname = 0; - int ret = 0; - gnutls_x509_dn dn; - int i = 0; - - /* try matching against: - * 1) a DNS name as an alternative name (subjectAltName) extension - * in the certificate - * 2) the common name (CN) in the certificate - * - * either of these may be of the form: *.domain.tld - * - * only try (2) if there is no subjectAltName extension of - * type dNSName - */ - - /* Check through all included subjectAltName extensions, comparing - * against all those of type dNSName. - */ - for (i = 0; !(ret < 0); i++) { - - dnsnamesize = MAX_CN; - ret = - gnutls_x509_extract_certificate_subject_alt_name(cert, i, - dnsname, - &dnsnamesize); - - if (ret == GNUTLS_SAN_DNSNAME) { - found_dnsname = 1; - if (_gnutls_hostname_compare(dnsname, hostname)) { - return 1; - } - } - - } - - if (!found_dnsname) { - /* not got the necessary extension, use CN instead - */ - if (gnutls_x509_extract_certificate_dn(cert, &dn) != 0) { - /* got an error, can't find a name - */ - return 0; - } - - if (_gnutls_hostname_compare(dn.common_name, hostname)) { - return 1; - } - } - - /* not found a matching name - */ - return 0; -} - /* compare hostname against certificate, taking account of wildcards * return 1 on success or 0 on error */ diff --git a/libextra/Makefile.am b/libextra/Makefile.am index 41c5f9df92..0db520f996 100644 --- a/libextra/Makefile.am +++ b/libextra/Makefile.am @@ -43,7 +43,7 @@ libgnutls_extra_la_DEPENDENCIES = $(LZO_OBJECTS) libgnutls_extra_la_SOURCES = $(COBJECTS_EXTRA) libgnutls_extra_la_LIBADD = $(LZO_OBJECTS) \ - openpgp/openpgp.lo openpgp/xml.lo privkey.lo \ + openpgp/openpgp.lo openpgp/xml.lo openpgp/privkey.lo \ openpgp/extras.lo openpgp/verify.lo openpgp/compat.lo \ ../lib/libgnutls.la diff --git a/libextra/auth_srp_rsa.c b/libextra/auth_srp_rsa.c index 725d7f5bc9..bd5a26df86 100644 --- a/libextra/auth_srp_rsa.c +++ b/libextra/auth_srp_rsa.c @@ -132,8 +132,6 @@ int apr_cert_list_length; } -extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; - static int proc_srp_cert_server_kx(gnutls_session session, opaque * data, size_t _data_size) { ssize_t ret; @@ -170,32 +168,12 @@ opaque* p; signature.data = &p[2]; signature.size = sigsize; - switch( session->security_parameters.cert_type) { - case GNUTLS_CRT_X509: - if ((ret = - _gnutls_x509_cert2gnutls_cert( &peer_cert, - &info->raw_certificate_list[0], CERT_NO_COPY)) < 0) { - gnutls_assert(); - return ret; - } - break; - - case GNUTLS_CRT_OPENPGP: - if (_E_gnutls_openpgp_cert2gnutls_cert==NULL) { - gnutls_assert(); - return GNUTLS_E_INIT_LIBEXTRA; - } - if ((ret = - _E_gnutls_openpgp_cert2gnutls_cert( &peer_cert, - &info->raw_certificate_list[0])) < 0) { - gnutls_assert(); - return ret; - } - break; - - default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + ret = _gnutls_raw_cert_to_gcert( &peer_cert, session->security_parameters.cert_type, + &info->raw_certificate_list[0], CERT_NO_COPY); + + if (ret < 0) { + gnutls_assert(); + return ret; } ret = @@ -203,7 +181,7 @@ opaque* p; &peer_cert, &vparams, &signature); - _gnutls_cert_deinit( &peer_cert); + _gnutls_gcert_deinit( &peer_cert); if (ret < 0) { gnutls_assert(); return ret; diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c index 8044b5d7b0..b4a8c78576 100644 --- a/libextra/gnutls_extra.c +++ b/libextra/gnutls_extra.c @@ -152,11 +152,17 @@ int i; extern OPENPGP_KEY_CREATION_TIME_FUNC _E_gnutls_openpgp_extract_key_creation_time; extern OPENPGP_KEY_EXPIRATION_TIME_FUNC _E_gnutls_openpgp_extract_key_expiration_time; extern OPENPGP_VERIFY_KEY_FUNC _E_gnutls_openpgp_verify_key; -extern OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert; -extern OPENPGP_KEY2GNUTLS_KEY _E_gnutls_openpgp_key2gnutls_key; extern OPENPGP_FINGERPRINT _E_gnutls_openpgp_fingerprint; extern OPENPGP_KEY_REQUEST _E_gnutls_openpgp_request_key; +extern OPENPGP_RAW_KEY_TO_GCERT _E_gnutls_openpgp_raw_key_to_gcert; +extern OPENPGP_RAW_PRIVKEY_TO_GKEY _E_gnutls_openpgp_raw_privkey_to_gkey; + +extern OPENPGP_KEY_TO_GCERT _E_gnutls_openpgp_key_to_gcert; +extern OPENPGP_PRIVKEY_TO_GKEY _E_gnutls_openpgp_privkey_to_gkey; +extern OPENPGP_KEY_DEINIT _E_gnutls_openpgp_key_deinit; +extern OPENPGP_PRIVKEY_DEINIT _E_gnutls_openpgp_privkey_deinit; + static void _gnutls_add_openpgp_functions(void) { #ifdef HAVE_LIBOPENCDK _E_gnutls_openpgp_verify_key = gnutls_openpgp_verify_key; @@ -164,8 +170,14 @@ static void _gnutls_add_openpgp_functions(void) { _E_gnutls_openpgp_extract_key_creation_time = gnutls_openpgp_extract_key_creation_time; _E_gnutls_openpgp_fingerprint = gnutls_openpgp_fingerprint; _E_gnutls_openpgp_request_key = _gnutls_openpgp_request_key; - _E_gnutls_openpgp_cert2gnutls_cert = _gnutls_openpgp_cert2gnutls_cert; - _E_gnutls_openpgp_key2gnutls_key = _gnutls_openpgp_key2gnutls_key; + + _E_gnutls_openpgp_raw_key_to_gcert = _gnutls_openpgp_raw_key_to_gcert; + _E_gnutls_openpgp_raw_privkey_to_gkey = _gnutls_openpgp_raw_privkey_to_gkey; + + _E_gnutls_openpgp_key_to_gcert = _gnutls_openpgp_key_to_gcert; + _E_gnutls_openpgp_privkey_to_gkey = _gnutls_openpgp_privkey_to_gkey; + _E_gnutls_openpgp_key_deinit = gnutls_openpgp_key_deinit; + _E_gnutls_openpgp_privkey_deinit = gnutls_openpgp_privkey_deinit; #endif } diff --git a/libextra/gnutls_extra.h b/libextra/gnutls_extra.h index 7c6eb11cab..40aef209d2 100644 --- a/libextra/gnutls_extra.h +++ b/libextra/gnutls_extra.h @@ -7,5 +7,12 @@ typedef time_t (*OPENPGP_KEY_EXPIRATION_TIME_FUNC)( const gnutls_datum*); typedef int (*OPENPGP_KEY_REQUEST)(gnutls_session, gnutls_datum*, const gnutls_certificate_credentials, opaque*,int); typedef int (*OPENPGP_FINGERPRINT)(const gnutls_datum*, unsigned char*, size_t*); -typedef int (*OPENPGP_CERT2GNUTLS_CERT)(gnutls_cert*, const gnutls_datum*); -typedef int (*OPENPGP_KEY2GNUTLS_KEY)(gnutls_privkey*, const gnutls_datum*, gnutls_openpgp_key_fmt); + +typedef int (*OPENPGP_RAW_KEY_TO_GCERT)(gnutls_cert*, const gnutls_datum*); +typedef int (*OPENPGP_RAW_PRIVKEY_TO_GKEY)(gnutls_privkey*, const gnutls_datum*); + +typedef int (*OPENPGP_KEY_TO_GCERT)(gnutls_cert*, gnutls_openpgp_key); +typedef int (*OPENPGP_PRIVKEY_TO_GKEY)(gnutls_privkey*, gnutls_openpgp_privkey); + +typedef void (*OPENPGP_KEY_DEINIT)(gnutls_openpgp_key); +typedef void (*OPENPGP_PRIVKEY_DEINIT)(gnutls_openpgp_privkey); diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index be48591884..a4cba3e0db 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -24,7 +24,6 @@ #include "gnutls_cert.h" #include "gnutls_datum.h" #include "gnutls_global.h" -//#include "auth_cert.h" #include <openpgp/gnutls_openpgp.h> #ifdef HAVE_LIBOPENCDK @@ -283,17 +282,18 @@ openpgp_pk_to_gnutls_cert( gnutls_cert *cert, cdk_pkt_pubkey_t pk ) } /*- - * _gnutls_openpgp_key2gnutls_key - Converts an OpenPGP secret key to GnuTLS + * _gnutls_openpgp_raw_privkey_to_gkey - Converts an OpenPGP secret key to GnuTLS * @pkey: the GnuTLS private key context to store the key. * @raw_key: the raw data which contains the whole key packets. * * The RFC2440 (OpenPGP Message Format) data is converted into the * GnuTLS specific data which is need to perform secret key operations. + * + * This function can read both BASE64 and RAW keys. -*/ int -_gnutls_openpgp_key2gnutls_key( gnutls_privkey *pkey, - const gnutls_datum *raw_key, - gnutls_openpgp_key_fmt format) +_gnutls_openpgp_raw_privkey_to_gkey( gnutls_privkey *pkey, + const gnutls_datum *raw_key) { cdk_kbnode_t snode; CDK_PACKET *pkt; @@ -313,15 +313,6 @@ _gnutls_openpgp_key2gnutls_key( gnutls_privkey *pkey, if( !out ) return GNUTLS_E_CERTIFICATE_ERROR; - if (format == GNUTLS_OPENPGP_FMT_BASE64) { - rc = cdk_stream_set_armor_flag( out, 0); - if (rc) { - rc = _gnutls_map_cdk_rc( rc); - gnutls_assert(); - return rc; - } - } - cdk_stream_write( out, raw_key->data, raw_key->size ); cdk_stream_seek( out, 0 ); @@ -376,7 +367,7 @@ leave: /*- - * _gnutls_openpgp_cert2gnutls_cert - Converts raw OpenPGP data to GnuTLS certs + * _gnutls_openpgp_raw_key_to_gcert - Converts raw OpenPGP data to GnuTLS certs * @cert: the certificate to store the data. * @raw: the buffer which contains the whole OpenPGP key packets. * @@ -384,7 +375,7 @@ leave: * specific certificate. -*/ int -_gnutls_openpgp_cert2gnutls_cert( gnutls_cert *cert, const gnutls_datum *raw ) +_gnutls_openpgp_raw_key_to_gcert( gnutls_cert *cert, const gnutls_datum *raw ) { cdk_kbnode_t knode = NULL; CDK_PACKET *pkt = NULL; @@ -538,7 +529,6 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, int i = 0; int rc = 0; cdk_stream_t inp = NULL; - gnutls_openpgp_key_fmt format; if ( !res || !key || !cert ) { gnutls_assert( ); @@ -552,10 +542,7 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, } if( cdk_armor_filter_use( inp ) ) { - format = GNUTLS_OPENPGP_FMT_BASE64; cdk_stream_set_armor_flag( inp, 0 ); - } else { - format = GNUTLS_OPENPGP_FMT_RAW; } res->cert_list = gnutls_realloc_fast(res->cert_list, @@ -641,7 +628,7 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, } cdk_stream_close( inp ); - rc = _gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], &raw, format); + rc = _gnutls_openpgp_raw_privkey_to_gkey( &res->pkey[res->ncerts-1], &raw); if (rc) { gnutls_assert(); } @@ -1023,7 +1010,7 @@ void gnutls_openpgp_set_recv_key_function( gnutls_session session, /* Copies a gnutls_openpgp_privkey to a gnutls_privkey structure. */ -int _gnutls_openpgp_privkey2gnutls_key( gnutls_privkey* dest, gnutls_openpgp_privkey src) +int _gnutls_openpgp_privkey_to_gkey( gnutls_privkey* dest, gnutls_openpgp_privkey src) { int i, ret; @@ -1052,7 +1039,7 @@ cleanup: /* Converts a parsed gnutls_openpgp_key to a gnutls_cert structure. */ -int _gnutls_openpgp_key2gnutls_cert(gnutls_cert * gcert, gnutls_openpgp_key cert) +int _gnutls_openpgp_key_to_gcert(gnutls_cert * gcert, gnutls_openpgp_key cert) { int ret = 0; opaque* der; @@ -1085,7 +1072,7 @@ int _gnutls_openpgp_key2gnutls_cert(gnutls_cert * gcert, gnutls_openpgp_key cert raw.data = der; raw.size = der_size; - ret = _gnutls_openpgp_cert2gnutls_cert( gcert, &raw); + ret = _gnutls_openpgp_raw_key_to_gcert( gcert, &raw); gnutls_free(der); @@ -1120,7 +1107,7 @@ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res, return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_openpgp_privkey2gnutls_key( &res->pkey[res->ncerts], pkey); + ret = _gnutls_openpgp_privkey_to_gkey( &res->pkey[res->ncerts], pkey); if (ret < 0) { gnutls_assert(); return ret; @@ -1143,7 +1130,7 @@ int gnutls_certificate_set_openpgp_key(gnutls_certificate_credentials res, res->cert_list[res->ncerts] = NULL; /* for realloc */ res->cert_list_length[res->ncerts] = 1; - ret = _gnutls_openpgp_key2gnutls_cert( res->cert_list[res->ncerts], key); + ret = _gnutls_openpgp_key_to_gcert( res->cert_list[res->ncerts], key); if ( ret < 0) { gnutls_assert(); return ret; diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h index e8e4a76355..f62c721c70 100644 --- a/libextra/openpgp/gnutls_openpgp.h +++ b/libextra/openpgp/gnutls_openpgp.h @@ -68,14 +68,13 @@ int gnutls_openpgp_recv_key( gnutls_datum *key ); /* internal */ -int _gnutls_openpgp_cert2gnutls_cert( +int _gnutls_openpgp_raw_key_to_gcert( gnutls_cert *cert, const gnutls_datum *raw ); int -_gnutls_openpgp_key2gnutls_key( gnutls_privkey *pkey, - const gnutls_datum *raw_key, - gnutls_openpgp_key_fmt format); +_gnutls_openpgp_raw_privkey_to_gkey( gnutls_privkey *pkey, + const gnutls_datum *raw_key); int _gnutls_openpgp_request_key( diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index e6a2fbc06b..bb76a7401f 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -77,8 +77,8 @@ int gnutls_openpgp_key_verify_trustdb( gnutls_openpgp_key key, int gnutls_openpgp_key_verify_self( gnutls_openpgp_key key, unsigned int flags, unsigned int *verify); -int _gnutls_openpgp_key2gnutls_cert(gnutls_cert * gcert, gnutls_openpgp_key cert); -int _gnutls_openpgp_privkey2gnutls_key( gnutls_privkey* dest, gnutls_openpgp_privkey src); +int _gnutls_openpgp_key_to_gcert(gnutls_cert * gcert, gnutls_openpgp_key cert); +int _gnutls_openpgp_privkey_to_gkey( gnutls_privkey* dest, gnutls_openpgp_privkey src); void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey key); diff --git a/libextra/openpgp/privkey.c b/libextra/openpgp/privkey.c index 41bcf2f725..51a315fa82 100644 --- a/libextra/openpgp/privkey.c +++ b/libextra/openpgp/privkey.c @@ -30,6 +30,7 @@ #include <gnutls_errors.h> #include <opencdk.h> #include <openpgp.h> +#include <gnutls_openpgp.h> #include <x509/rfc2818.h> #include <gnutls_cert.h> @@ -63,7 +64,7 @@ void gnutls_openpgp_privkey_deinit(gnutls_openpgp_privkey key) { if (!key) return; - _gnutls_privkey_deinit( &key->pkey); + _gnutls_gkey_deinit( &key->pkey); gnutls_free(key); } @@ -87,7 +88,7 @@ int gnutls_openpgp_privkey_import(gnutls_openpgp_privkey key, { int rc; - rc = _gnutls_openpgp_key2gnutls_key( &key->pkey, data, format); + rc = _gnutls_openpgp_raw_privkey_to_gkey( &key->pkey, data); if( rc) { gnutls_assert(); return rc; @@ -115,7 +116,16 @@ int rc; int gnutls_openpgp_privkey_get_pk_algorithm( gnutls_openpgp_privkey key, unsigned int *bits) { - return key->pkey.pk_algorithm; + int pk = key->pkey.pk_algorithm; + + if (bits) { + *bits = 0; + if (pk == GNUTLS_PK_RSA) + *bits = _gnutls_mpi_get_nbits( key->pkey.params[0]); + if (pk == GNUTLS_PK_DSA) + *bits = _gnutls_mpi_get_nbits( key->pkey.params[3]); + } + return pk; } |