diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | lib/gcrypt/pk.c | 28 | ||||
| -rw-r--r-- | lib/gnutls_pk.c | 3 | ||||
| -rw-r--r-- | lib/gnutls_sig.c | 4 | ||||
| -rw-r--r-- | lib/nettle/mpi.c | 47 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 23 | ||||
| -rw-r--r-- | lib/opencdk/pubkey.c | 5 | ||||
| -rw-r--r-- | lib/opencdk/sig-check.c | 8 | ||||
| -rw-r--r-- | lib/opencdk/verify.c | 1 | ||||
| -rw-r--r-- | lib/openpgp/gnutls_openpgp.c | 38 | ||||
| -rw-r--r-- | lib/openpgp/pgp.c | 3 | ||||
| -rw-r--r-- | lib/openpgp/privkey.c | 56 | ||||
| -rw-r--r-- | lib/pkcs11_privkey.c | 3 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 47 | ||||
| -rw-r--r-- | lib/x509/x509_int.h | 5 |
15 files changed, 184 insertions, 88 deletions
@@ -43,6 +43,7 @@ pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;man gnutls_certificate_set_server_retrieve_function: DEPRECATED gnutls_certificate_set_client_retrieve_function: DEPRECATED gnutls_sign_callback_set: DEPRECATED +gnutls_x509_privkey_export_rsa_raw2: ADDED gnutls_rnd: ADDED gnutls_sec_param_to_pk_bits: ADDED gnutls_pk_bits_to_sec_param: ADDED diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c index b17390364a..f8af1ec4ea 100644 --- a/lib/gcrypt/pk.c +++ b/lib/gcrypt/pk.c @@ -807,10 +807,9 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, if (algo != GNUTLS_PK_RSA) return 0; - if (params->params[5]) - _gnutls_mpi_release (¶ms->params[5]); - params->params[5] = - _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0])); + if (params->params[5]==NULL) + params->params[5] = + _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0])); if (params->params[5] == NULL) { @@ -818,10 +817,25 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, return GNUTLS_E_MEMORY_ERROR; } + ret = 1; if (direction == GNUTLS_IMPORT) - ret = - gcry_mpi_invm (params->params[5], params->params[3], params->params[4]); - else + { + /* calculate exp1 [6] and exp2 [7] */ + _gnutls_mpi_release(&pk_params.params[6]); + _gnutls_mpi_release(&pk_params.params[7]); + result = _gnutls_calc_rsa_exp(pk_params.params, RSA_PRIVATE_PARAMS); + if (result < 0) + { + gnutls_assert(); + return result; + } + + ret = + gcry_mpi_invm (params->params[5], params->params[3], params->params[4]); + + params->params_nr = RSA_PRIVATE_PARAMS; + } + else if (direction == GNUTLS_EXPORT) ret = gcry_mpi_invm (params->params[5], params->params[4], params->params[3]); if (ret == 0) diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 982186550c..b262eb0f95 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -612,10 +612,9 @@ gnutls_pk_params_release (gnutls_pk_params_st * p) int _gnutls_calc_rsa_exp(bigint_t* params, unsigned int params_size) { -int ret; bigint_t tmp = _gnutls_mpi_alloc_like(params[0]); - if (params_size < RSA_PRIVATE_PARAMS) + if (params_size < RSA_PRIVATE_PARAMS-2) { gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index a3bbe8ee06..a2628244ae 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -203,8 +203,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, case GNUTLS_PK_DSA: _gnutls_hash_deinit (&td_sha, concat); - if (hash_algo != GNUTLS_DIG_SHA1 && hash_algo != GNUTLS_DIG_SHA224 && \ - hash_algo != hash_algo != GNUTLS_DIG_SHA256) + if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224) && \ + (hash_algo != GNUTLS_DIG_SHA256)) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c index abf0023dca..ef91ffdfa5 100644 --- a/lib/nettle/mpi.c +++ b/lib/nettle/mpi.c @@ -34,6 +34,8 @@ #include <nettle/bignum.h> #include <random.h> +#define TOMPZ(x) (*((mpz_t*)(x))) + static int wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes, gnutls_bigint_format_t format) @@ -43,8 +45,13 @@ wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes, if (format == GNUTLS_MPI_FORMAT_USG) { size = nettle_mpz_sizeinbase_256_u(*p); - } else { + } else if (format == GNUTLS_MPI_FORMAT_STD) { size = nettle_mpz_sizeinbase_256_s(*p); + } else if (format == GNUTLS_MPI_FORMAT_PGP) { + size = nettle_mpz_sizeinbase_256_u(*p) + 2; + } else { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; } if (buffer==NULL || size > *nbytes) { @@ -52,7 +59,15 @@ wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes, return GNUTLS_E_SHORT_MEMORY_BUFFER; } - nettle_mpz_get_str_256(size, buffer, *p); + if (format == GNUTLS_MPI_FORMAT_PGP) { + opaque *buf = buffer; + unsigned int nbits = _gnutls_mpi_get_nbits(a); + buf[0] = (nbits >> 8) & 0xff; + buf[1] = (nbits) & 0xff; + nettle_mpz_get_str_256(size-2, buf+2, *p); + } else { + nettle_mpz_get_str_256(size, buffer, *p); + } *nbytes=size; return 0; @@ -84,12 +99,36 @@ wrap_nettle_mpi_scan(const void *buffer, size_t nbytes, } if (format == GNUTLS_MPI_FORMAT_USG) { - nettle_mpz_set_str_256_u(*((mpz_t*)r), nbytes, buffer); + nettle_mpz_set_str_256_u(TOMPZ(r), nbytes, buffer); + } else if (format == GNUTLS_MPI_FORMAT_STD) { + nettle_mpz_set_str_256_s(TOMPZ(r), nbytes, buffer); + } else if (format == GNUTLS_MPI_FORMAT_PGP) { + const opaque *buf = buffer; + size_t size; + + if (nbytes < 3) { + gnutls_assert(); + goto fail; + } + + size = (buf[0] << 8) | buf[1]; + size = (size+7) / 8; + + if (size > nbytes-2) { + gnutls_assert(); + goto fail; + } + nettle_mpz_set_str_256_u(TOMPZ(r), size, buf+2); } else { - nettle_mpz_set_str_256_s(*((mpz_t*)r), nbytes, buffer); + gnutls_assert(); + goto fail; } return r; +fail: + _gnutls_mpi_release(&r); + return NULL; + } static int wrap_nettle_mpi_cmp(const bigint_t u, const bigint_t v) diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index cc173cc378..b264afd491 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -509,6 +509,7 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, gnutls_direction_t direction, gnutls_pk_params_st * params) { +int result; if (direction == GNUTLS_IMPORT) { /* do not trust the generated values. Some old private keys @@ -516,22 +517,18 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, * old but it seemed some of the shipped example private * keys were as old. */ - mpz_t q_1; - mpz_invert(TOMPZ(params->params[5]), TOMPZ(params->params[4]), TOMPZ(params->params[3])); - mpz_init(q_1); - - /* a = d % p-1 */ - mpz_sub_ui(q_1, TOMPZ(params->params[3])/*p*/, 1); - mpz_fdiv_r(TOMPZ(params->params[6]), TOMPZ(params->params[2])/*d*/, q_1); - - /* b = d % q-1 */ - mpz_sub_ui(q_1, TOMPZ(params->params[4])/*p*/, 1); + /* calculate exp1 [6] and exp2 [7] */ + _gnutls_mpi_release(¶ms->params[6]); + _gnutls_mpi_release(¶ms->params[7]); - mpz_fdiv_r(TOMPZ(params->params[7]), TOMPZ(params->params[2])/*d*/, q_1); - - mpz_clear(q_1); + result = _gnutls_calc_rsa_exp(params->params, RSA_PRIVATE_PARAMS-2); + if (result < 0) { + gnutls_assert(); + return result; + } + params->params_nr = RSA_PRIVATE_PARAMS; } return 0; diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index 12d940834f..99779e4855 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -437,7 +437,10 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr) dlen = _gnutls_hash_get_algo_len (md_algo); err = _gnutls_hash_init (&hd, md_algo); if (err < 0) - return map_gnutls_error (err); + { + gnutls_assert(); + return map_gnutls_error (err); + } _cdk_hash_pubkey (pk, &hd, 1); _gnutls_hash_deinit (&hd, fpr); if (dlen == 16) diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index 5c7a0d5550..003ae5ac29 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -33,7 +33,6 @@ #include "main.h" #include "packet.h" - /* Hash all multi precision integers of the key PK with the given message digest context MD. */ static int @@ -52,8 +51,13 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr) { nbytes = MAX_MPI_BYTES; err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes); + if (err < 0) - return map_gnutls_error (err); + { + gnutls_assert(); + return map_gnutls_error (err); + } + if (!usefpr || pk->version == 4) _gnutls_hash (md, buf, nbytes); else /* without the prefix. */ diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c index ab1638d5e1..7826114ef2 100644 --- a/lib/opencdk/verify.c +++ b/lib/opencdk/verify.c @@ -245,6 +245,7 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) err = _gnutls_hash_init (&md, digest_algo); if (err < 0) { + gnutls_assert(); rc = map_gnutls_error (err); goto leave; } diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index abf6407c1a..7c1dc01f3f 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -365,6 +365,7 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, gnutls_openpgp_privkey_t pkey; gnutls_openpgp_crt_t crt; int ret; + gnutls_openpgp_keyid_t keyid; ret = gnutls_openpgp_privkey_init (&pkey); if (ret < 0) @@ -400,27 +401,28 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, if (subkey_id != NULL) { - gnutls_openpgp_keyid_t keyid; - if (strcasecmp (subkey_id, "auto") == 0) - ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); + ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); else - ret = get_keyid (keyid, subkey_id); + ret = get_keyid (keyid, subkey_id); + + if (ret < 0) + gnutls_assert(); if (ret >= 0) - { - ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); - if (ret >= 0) - ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); - } + { + ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); + if (ret >= 0) + ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); + } if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - gnutls_openpgp_crt_deinit (crt); - return ret; - } + { + gnutls_assert (); + gnutls_openpgp_privkey_deinit (pkey); + gnutls_openpgp_crt_deinit (crt); + return ret; + } } ret = gnutls_certificate_set_openpgp_key (res, crt, pkey); @@ -868,13 +870,18 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, if (result == 0) { uint32_t kid[2]; + int idx; KEYID_IMPORT (kid, keyid); + + idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid); + pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL); result = _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size); } else { + pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); result = _gnutls_openpgp_privkey_get_mpis (key, NULL, params, ¶ms_size); } @@ -885,7 +892,6 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, return result; } - pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); result = _gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature); diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 34832431a8..2dede0e083 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -773,6 +773,8 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], int i = 0; uint32_t local_keyid[2]; + _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]); + ctx = NULL; while ((p = cdk_kbnode_walk (knode, &ctx, 0))) { @@ -786,6 +788,7 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], else cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); + _gnutls_hard_log("Found keyid: %x.%x\n", local_keyid[0], local_keyid[1]); if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) { return i; diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 4bec39baa6..71c17c494a 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -688,9 +688,12 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, bigint_t * params, int *params_size) { int result, i; - int pk_algorithm, local_params; + int pk_algorithm; + gnutls_pk_params_st pk_params; cdk_packet_t pkt; + memset(&pk_params, 0, sizeof(pk_params)); + if (keyid == NULL) pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY); else @@ -708,27 +711,21 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, switch (pk_algorithm) { case GNUTLS_PK_RSA: - local_params = RSA_PRIVATE_PARAMS-2; + /* openpgp does not hold all parameters as in PKCS #1 + */ + pk_params.params_nr = RSA_PRIVATE_PARAMS-2; break; case GNUTLS_PK_DSA: - local_params = DSA_PRIVATE_PARAMS; + pk_params.params_nr = DSA_PRIVATE_PARAMS; break; default: gnutls_assert (); return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } - if (*params_size < local_params) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - *params_size = local_params; - - for (i = 0; i < local_params; i++) + for (i = 0; i < pk_params.params_nr; i++) { - result = _gnutls_read_pgp_mpi (pkt, 1, i, ¶ms[i]); + result = _gnutls_read_pgp_mpi (pkt, 1, i, &pk_params.params[i]); if (result < 0) { gnutls_assert (); @@ -736,18 +733,25 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, } } - if (pk_algorithm==GNUTLS_PK_RSA) - { - /* on RSA we need to calculate exp1 and exp2 */ - result = _gnutls_calc_rsa_exp(params, RSA_PRIVATE_PARAMS); - if (result < 0) - { - gnutls_assert(); - i = *params_size; - goto error; - } - *params_size = RSA_PRIVATE_PARAMS; - } + /* fixup will generate exp1 and exp2 that are not + * available here. + */ + result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, &pk_params); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + if (*params_size < pk_params.params_nr) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + *params_size = pk_params.params_nr; + for(i=0;i<pk_params.params_nr;i++) + params[i] = pk_params.params[i]; return 0; @@ -755,7 +759,7 @@ error: { int j; for (j = 0; j < i; j++) - _gnutls_mpi_release (¶ms[j]); + _gnutls_mpi_release (&pk_params.params[j]); } return result; diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index e039d437bc..d2d453c826 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -39,9 +39,6 @@ struct gnutls_pkcs11_privkey_st { struct pkcs11_url_info info; }; -static int find_privkey_url(pakchois_session_t * pks, - struct token_info *info, void *input); - /** * gnutls_pkcs11_privkey_init: * @key: The structure to be initialized diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 6ef1ad248c..99ce0b9c89 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -515,6 +515,9 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, { int i = 0, ret; size_t siz = 0; + gnutls_pk_params_st pk_params; + + memset(&pk_params, 0, sizeof(pk_params)); if (key == NULL) { @@ -522,6 +525,8 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } + key->params_size = 0; + siz = m->size; if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz)) { @@ -529,6 +534,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; siz = e->size; if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz)) @@ -537,6 +543,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; siz = d->size; if (_gnutls_mpi_scan_nz (&key->params[2], d->data, siz)) @@ -545,6 +552,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; siz = p->size; if (_gnutls_mpi_scan_nz (&key->params[3], p->data, siz)) @@ -553,6 +561,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; siz = q->size; if (_gnutls_mpi_scan_nz (&key->params[4], q->data, siz)) @@ -561,6 +570,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; siz = u->size; if (_gnutls_mpi_scan_nz (&key->params[5], u->data, siz)) @@ -569,6 +579,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; if (e1 && e2) { @@ -579,6 +590,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; siz = e2->size; if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz)) @@ -587,20 +599,29 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, FREE_RSA_PRIVATE_PARAMS; return GNUTLS_E_MPI_SCAN_FAILED; } + key->params_size++; } - else + + for(i=0;i<key->params_size;i++) { - /* calculate exp1 and exp2 */ - ret = _gnutls_calc_rsa_exp(key->params, key->params_size); - if (ret < 0) - { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return ret; - } + pk_params.params[i] = key->params[i]; } - + pk_params.params_nr = key->params_size; + + ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pk_params); + if (ret < 0) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return ret; + } + + for(i=0;i<pk_params.params_nr;i++) + { + key->params[i] = pk_params.params[i]; + } + key->params_size = pk_params.params_nr; if (!key->crippled) { @@ -864,6 +885,8 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, int ret; gnutls_pk_params_st pk_params; + memset (&pk_params, 0, sizeof (pk_params)); + if (key == NULL) { gnutls_assert (); @@ -1062,11 +1085,13 @@ gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, static int _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) { - int result, i; + int result; opaque null = '\0'; gnutls_pk_params_st pk_params; gnutls_datum_t m, e, d, p, q, u, exp1, exp2; + memset (&pk_params, 0, sizeof (pk_params)); + memset(&m, 0, sizeof(m)); memset(&p, 0, sizeof(e)); memset(&q, 0, sizeof(d)); diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index f4f17adb5f..b29b732546 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -103,7 +103,10 @@ typedef struct gnutls_x509_privkey_int * [4] is prime2 (q) * [5] is coefficient (u == inverse of p mod q) * note that other packages used inverse of q mod p, - * so we need to perform conversions (for libgcrypt only) + * so we need to perform conversions on import/export + * using fixup. + * The following two are also not always available thus fixup + * will generate them. * [6] e1 == d mod (p-1) * [7] e2 == d mod (q-1) * DSA: [0] is p |