diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-08-30 17:48:17 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-08-30 17:48:17 +0200 |
commit | 472ff0313a14a66f7e546e08278cfc1912d24b18 (patch) | |
tree | 2048837123f77c3587bb162865fa94917e36c4fa | |
parent | ac86423bab8b724e91ba0d0d320c38d6857cfd9f (diff) | |
download | gnutls-472ff0313a14a66f7e546e08278cfc1912d24b18.tar.gz |
removed old and unused compatibility functions.
-rw-r--r-- | libextra/openssl_compat.c | 660 | ||||
-rw-r--r-- | libextra/openssl_compat.h | 37 |
2 files changed, 0 insertions, 697 deletions
diff --git a/libextra/openssl_compat.c b/libextra/openssl_compat.c index 83b8a1670c..4ce4bf0a6f 100644 --- a/libextra/openssl_compat.c +++ b/libextra/openssl_compat.c @@ -36,75 +36,6 @@ #include <openssl_compat.h> /*- - * gnutls_x509_extract_dn: - * @idn: should contain a DER encoded RDN sequence - * @rdn: a pointer to a structure to hold the name - * - * This function will return the name of the given RDN sequence. - * The name will be returned as a gnutls_x509_dn structure. - * Returns a negative error code in case of an error. - * - -*/ -int -gnutls_x509_extract_dn (const gnutls_datum_t * idn, gnutls_x509_dn * rdn) -{ - ASN1_TYPE dn = ASN1_TYPE_EMPTY; - int result; - size_t len; - - if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) - { - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) - { - /* couldn't decode DER */ - asn1_delete_structure (&dn); - return _gnutls_asn2err (result); - } - - memset (rdn, 0, sizeof (gnutls_x509_dn)); - - len = sizeof (rdn->country); - _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, - rdn->country, &len); - - len = sizeof (rdn->organization); - _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0, - 0, rdn->organization, &len); - - len = sizeof (rdn->organizational_unit_name); - _gnutls_x509_parse_dn_oid (dn, "", - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, - 0, rdn->organizational_unit_name, &len); - - len = sizeof (rdn->common_name); - _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0, - rdn->common_name, &len); - - len = sizeof (rdn->locality_name); - _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, - rdn->locality_name, &len); - - len = sizeof (rdn->state_or_province_name); - _gnutls_x509_parse_dn_oid (dn, "", - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0, - rdn->state_or_province_name, &len); - - len = sizeof (rdn->email); - _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0, - rdn->email, &len); - - asn1_delete_structure (&dn); - - return 0; -} - -/*- * gnutls_x509_extract_certificate_dn: * @cert: should contain an X.509 DER encoded certificate * @ret: a pointer to a structure to hold the peer's name @@ -239,594 +170,3 @@ gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert, } -/*- - * gnutls_x509_extract_certificate_subject_alt_name: - * @cert: should contain an X.509 DER encoded certificate - * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) - * @ret: is the place where the alternative name will be copied to - * @ret_size: holds the size of ret. - * - * This function will return the alternative names, contained in the - * given certificate. - * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if ret_size is not enough to hold the alternative - * name, or the type of alternative name if everything was ok. The type is - * one of the enumerated GNUTLS_X509_SUBJECT_ALT_NAME. - * - * If the certificate does not have an Alternative name with the specified - * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - -*/ -int -gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t * - cert, int seq, - char *ret, int *ret_size) -{ - gnutls_x509_crt_t xcert; - int result; - size_t size = *ret_size; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - result = - gnutls_x509_crt_get_subject_alt_name (xcert, seq, ret, &size, NULL); - *ret_size = size; - - gnutls_x509_crt_deinit (xcert); - - return result; -} - -/*- - * gnutls_x509_extract_certificate_ca_status: - * @cert: should contain an X.509 DER encoded certificate - * - * This function will return certificates CA status, by reading the - * basicConstraints X.509 extension. If the certificate is a CA a positive - * value will be returned, or zero if the certificate does not have - * CA flag set. - * - * A negative value may be returned in case of parsing error. - * If the certificate does not contain the basicConstraints extension - * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - -*/ -int -gnutls_x509_extract_certificate_ca_status (const gnutls_datum_t * cert) -{ - gnutls_x509_crt_t xcert; - int result; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - result = gnutls_x509_crt_get_ca_status (xcert, NULL); - - gnutls_x509_crt_deinit (xcert); - - return result; -} - -/*- - * gnutls_x509_extract_certificate_activation_time: - * @cert: should contain an X.509 DER encoded certificate - * - * This function will return the certificate's activation time in UNIX time - * (ie seconds since 00:00:00 UTC January 1, 1970). - * Returns a (time_t) -1 in case of an error. - -*/ -time_t -gnutls_x509_extract_certificate_activation_time (const gnutls_datum_t * cert) -{ - gnutls_x509_crt_t xcert; - time_t result; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - result = gnutls_x509_crt_get_activation_time (xcert); - - gnutls_x509_crt_deinit (xcert); - - return result; -} - -/*- - * gnutls_x509_extract_certificate_expiration_time: - * @cert: should contain an X.509 DER encoded certificate - * - * This function will return the certificate's expiration time in UNIX time - * (ie seconds since 00:00:00 UTC January 1, 1970). - * Returns a (time_t) -1 in case of an error. - -*/ -time_t -gnutls_x509_extract_certificate_expiration_time (const gnutls_datum_t * cert) -{ - gnutls_x509_crt_t xcert; - time_t result; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - result = gnutls_x509_crt_get_expiration_time (xcert); - - gnutls_x509_crt_deinit (xcert); - - return result; -} - -/*- - * gnutls_x509_extract_certificate_version: - * @cert: is an X.509 DER encoded certificate - * - * This function will return the X.509 certificate's version (1, 2, 3). This is obtained by the X509 Certificate - * Version field. Returns a negative value in case of an error. - -*/ -int -gnutls_x509_extract_certificate_version (const gnutls_datum_t * cert) -{ - gnutls_x509_crt_t xcert; - int result; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - result = gnutls_x509_crt_get_version (xcert); - - gnutls_x509_crt_deinit (xcert); - - return result; - -} - -/*- - * gnutls_x509_extract_certificate_serial: - * @cert: is an X.509 DER encoded certificate - * @result: The place where the serial number will be copied - * @result_size: Holds the size of the result field. - * - * This function will return the X.509 certificate's serial number. - * This is obtained by the X509 Certificate serialNumber - * field. Serial is not always a 32 or 64bit number. Some CAs use - * large serial numbers, thus it may be wise to handle it as something - * opaque. - * - * Returns a negative value in case of an error. - -*/ -int -gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert, - char *result, int *result_size) -{ - gnutls_x509_crt_t xcert; - size_t size = *result_size; - int ret; - - ret = gnutls_x509_crt_init (&xcert); - if (ret < 0) - return ret; - - ret = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_x509_crt_deinit (xcert); - return ret; - } - - ret = gnutls_x509_crt_get_serial (xcert, result, &size); - *result_size = size; - - gnutls_x509_crt_deinit (xcert); - - return ret; -} - - -/*- - * gnutls_x509_extract_certificate_pk_algorithm: - * @cert: is a DER encoded X.509 certificate - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an X.509 - * certificate. - * - * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public - * exponent. - * - * Returns a member of the gnutls_pk_algorithm_t enumeration on success, - * or a negative value on error. - -*/ -int -gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t * - cert, int *bits) -{ - gnutls_x509_crt_t xcert; - int result; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - result = gnutls_x509_crt_get_pk_algorithm (xcert, bits); - - gnutls_x509_crt_deinit (xcert); - - return result; -} - - -/*- - * gnutls_x509_extract_certificate_dn_string: - * @cert: should contain an X.509 DER encoded certificate - * @buf: a pointer to a structure to hold the peer's name - * @sizeof_buf: holds the size of 'buf' - * @issuer: if non zero, then extract the name of the issuer, instead of the holder - * - * This function will copy the name of the certificate holder in the - * provided buffer. The name will be in the form - * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. - * - * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and 0 on success. - -*/ -int -gnutls_x509_extract_certificate_dn_string (char *buf, - unsigned int sizeof_buf, - const gnutls_datum_t * cert, - int issuer) -{ - gnutls_x509_crt_t xcert; - int result; - size_t size; - - result = gnutls_x509_crt_init (&xcert); - if (result < 0) - return result; - - result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_x509_crt_deinit (xcert); - return result; - } - - size = sizeof_buf; - if (!issuer) - result = gnutls_x509_crt_get_dn (xcert, buf, &size); - else - result = gnutls_x509_crt_get_issuer_dn (xcert, buf, &size); - - gnutls_x509_crt_deinit (xcert); - - return result; -} - -/*- - * gnutls_x509_verify_certificate: - * @cert_list: is the certificate list to be verified - * @cert_list_length: holds the number of certificate in cert_list - * @CA_list: is the CA list which will be used in verification - * @CA_list_length: holds the number of CA certificate in CA_list - * @CRL_list: not used - * @CRL_list_length: not used - * - * This function will try to verify the given certificate list and - * return its status (TRUSTED, EXPIRED etc.). The return value - * (status) should be one or more of the gnutls_certificate_status_t - * enumerated elements bitwise or'd. Note that expiration and - * activation dates are not checked by this function, you should - * check them using the appropriate functions. - * - * This function understands the basicConstraints (2.5.29.19) PKIX - * extension. This means that only a certificate authority can sign - * a certificate. - * - * However you must also check the peer's name in order to check if - * the verified certificate belongs to the actual peer. - * - * The return value (status) should be one or more of the - * gnutls_certificate_status_t enumerated elements bitwise or'd. - * - * GNUTLS_CERT_INVALID: the peer's certificate is not valid. - * - * GNUTLS_CERT_REVOKED: the certificate has been revoked. - * - * A negative error code is returned in case of an error. - * GNUTLS_E_NO_CERTIFICATE_FOUND is returned to indicate that - * no certificate was sent by the peer. - -*/ -int -gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, - int cert_list_length, - const gnutls_datum_t * CA_list, - int CA_list_length, - const gnutls_datum_t * CRL_list, - int CRL_list_length) -{ - unsigned int verify; - gnutls_x509_crt_t *peer_certificate_list = NULL; - gnutls_x509_crt_t *ca_certificate_list = NULL; - gnutls_x509_crl_t *crl_list = NULL; - int peer_certificate_list_size = 0, i, x, ret; - int ca_certificate_list_size = 0, crl_list_size = 0; - - if (cert_list == NULL || cert_list_length == 0) - return GNUTLS_E_NO_CERTIFICATE_FOUND; - - /* generate a list of gnutls_certs based on the auth info - * raw certs. - */ - peer_certificate_list_size = cert_list_length; - peer_certificate_list = - gnutls_calloc (peer_certificate_list_size, sizeof (gnutls_x509_crt_t)); - if (peer_certificate_list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - ca_certificate_list_size = CA_list_length; - ca_certificate_list = - gnutls_calloc (ca_certificate_list_size, sizeof (gnutls_x509_crt_t)); - if (ca_certificate_list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - /* allocate memory for CRL - */ - crl_list_size = CRL_list_length; - crl_list = gnutls_calloc (crl_list_size, sizeof (gnutls_x509_crl_t)); - if (crl_list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - /* convert certA_list to gnutls_cert* list - */ - for (i = 0; i < peer_certificate_list_size; i++) - { - ret = gnutls_x509_crt_init (&peer_certificate_list[i]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = - gnutls_x509_crt_import (peer_certificate_list[i], - &cert_list[i], GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } - - /* convert CA_list to gnutls_x509_cert* list - */ - for (i = 0; i < ca_certificate_list_size; i++) - { - ret = gnutls_x509_crt_init (&ca_certificate_list[i]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = - gnutls_x509_crt_import (ca_certificate_list[i], - &CA_list[i], GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } - -#ifdef ENABLE_PKI - /* convert CRL_list to gnutls_x509_crl* list - */ - for (i = 0; i < crl_list_size; i++) - { - ret = gnutls_x509_crl_init (&crl_list[i]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = - gnutls_x509_crl_import (crl_list[i], - &CRL_list[i], GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } -#endif - - /* Verify certificate - */ - ret = - gnutls_x509_crt_list_verify (peer_certificate_list, - peer_certificate_list_size, - ca_certificate_list, - ca_certificate_list_size, crl_list, - crl_list_size, 0, &verify); - - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = verify; - -cleanup: - - if (peer_certificate_list != NULL) - for (x = 0; x < peer_certificate_list_size; x++) - { - if (peer_certificate_list[x] != NULL) - gnutls_x509_crt_deinit (peer_certificate_list[x]); - } - - if (ca_certificate_list != NULL) - for (x = 0; x < ca_certificate_list_size; x++) - { - if (ca_certificate_list[x] != NULL) - gnutls_x509_crt_deinit (ca_certificate_list[x]); - } -#ifdef ENABLE_PKI - if (crl_list != NULL) - for (x = 0; x < crl_list_size; x++) - { - if (crl_list[x] != NULL) - gnutls_x509_crl_deinit (crl_list[x]); - } - - gnutls_free (crl_list); -#endif - - gnutls_free (ca_certificate_list); - gnutls_free (peer_certificate_list); - - return ret; -} - -/*- - * gnutls_x509_extract_key_pk_algorithm: - * @cert: is a DER encoded private key - * - * This function will return the public key algorithm of a DER encoded private - * key. - * - * Returns a member of the gnutls_pk_algorithm_t enumeration on success, - * or GNUTLS_E_UNKNOWN_PK_ALGORITHM on error. - -*/ -int -gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key) -{ - gnutls_x509_privkey_t pkey; - int ret, pk; - - ret = gnutls_x509_privkey_init (&pkey); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = gnutls_x509_privkey_import (pkey, key, GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - pk = gnutls_x509_privkey_get_pk_algorithm (pkey); - - gnutls_x509_privkey_deinit (pkey); - return pk; -} - -#ifdef ENABLE_PKI - -/*- - * gnutls_x509_pkcs7_extract_certificate: - * @pkcs7_struct: should contain a PKCS7 DER formatted structure - * @indx: contains the index of the certificate to extract - * @certificate: the contents of the certificate will be copied there - * @certificate_size: should hold the size of the certificate - * - * This function will return a certificate of the PKCS7 or RFC2630 - * certificate set. Returns 0 on success. If the provided buffer is - * not long enough, then GNUTLS_E_SHORT_MEMORY_BUFFER is returned. - * - * After the last certificate has been read - * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - -*/ -int -gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t * - pkcs7_struct, int indx, - char *certificate, - int *certificate_size) -{ - gnutls_pkcs7_t pkcs7; - int result; - size_t size = *certificate_size; - - result = gnutls_pkcs7_init (&pkcs7); - if (result < 0) - return result; - - result = gnutls_pkcs7_import (pkcs7, pkcs7_struct, GNUTLS_X509_FMT_DER); - if (result < 0) - { - gnutls_pkcs7_deinit (pkcs7); - return result; - } - - result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, certificate, &size); - *certificate_size = size; - - gnutls_pkcs7_deinit (pkcs7); - - return result; -} - -#endif diff --git a/libextra/openssl_compat.h b/libextra/openssl_compat.h index 52484f2b19..d467ee067e 100644 --- a/libextra/openssl_compat.h +++ b/libextra/openssl_compat.h @@ -29,46 +29,9 @@ /* Extra definitions */ #include <gnutls/openssl.h> -int gnutls_x509_extract_dn (const gnutls_datum_t *, gnutls_x509_dn *); -int gnutls_x509_extract_dn_string (const gnutls_datum_t * idn, - char *buf, unsigned int sizeof_buf); int gnutls_x509_extract_certificate_dn (const gnutls_datum_t *, gnutls_x509_dn *); -int gnutls_x509_extract_certificate_dn_string (char *buf, - unsigned int sizeof_buf, - const gnutls_datum_t * cert, - int issuer); int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t *, gnutls_x509_dn *); -int gnutls_x509_extract_certificate_version (const gnutls_datum_t *); -int gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert, - char *result, int *result_size); -time_t gnutls_x509_extract_certificate_activation_time (const gnutls_datum_t - *); -time_t gnutls_x509_extract_certificate_expiration_time (const gnutls_datum_t - *); -int gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t - *, int seq, char *, - int *); -int gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t * - pkcs7_struct, int indx, - char *certificate, - int *certificate_size); -int gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t * - cert, int *bits); -int gnutls_x509_extract_certificate_ca_status (const gnutls_datum_t * cert); -int gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key); - -int gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, - int cert_list_length, - const gnutls_datum_t * CA_list, - int CA_list_length, - const gnutls_datum_t * CRL_list, - int CRL_list_length); - -#define gnutls_x509_fingerprint gnutls_fingerprint -#define gnutls_x509_certificate_format gnutls_x509_crt_fmt_t - -#define gnutls_certificate_set_rsa_params gnutls_certificate_set_rsa_export_params #endif |