summaryrefslogtreecommitdiff
path: root/lib/x509/privkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509/privkey.c')
-rw-r--r--lib/x509/privkey.c2043
1 files changed, 1094 insertions, 949 deletions
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 1b0409e448..dd29e89d4d 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -38,8 +38,8 @@
#include <dsa.h>
#include <verify.h>
-static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params);
-static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params);
+static int _encode_rsa (ASN1_TYPE * c2, mpi_t * params);
+static int _encode_dsa (ASN1_TYPE * c2, mpi_t * params);
/* remove this when libgcrypt can handle the PKCS #1 coefficients from
* rsa keys
@@ -55,17 +55,19 @@ static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params);
* Returns 0 on success.
*
**/
-int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key)
+int
+gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
{
- *key = gnutls_calloc(1, sizeof(gnutls_x509_privkey_int));
+ *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int));
- if (*key) {
- (*key)->key = ASN1_TYPE_EMPTY;
- (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
- return 0; /* success */
+ if (*key)
+ {
+ (*key)->key = ASN1_TYPE_EMPTY;
+ (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ return 0; /* success */
}
- return GNUTLS_E_MEMORY_ERROR;
+ return GNUTLS_E_MEMORY_ERROR;
}
/**
@@ -75,19 +77,21 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key)
* This function will deinitialize a private key structure.
*
**/
-void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key)
+void
+gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
{
- int i;
+ int i;
- if (!key)
- return;
+ if (!key)
+ return;
- for (i = 0; i < key->params_size; i++) {
- _gnutls_mpi_release(&key->params[i]);
+ for (i = 0; i < key->params_size; i++)
+ {
+ _gnutls_mpi_release (&key->params[i]);
}
- asn1_delete_structure(&key->key);
- gnutls_free(key);
+ asn1_delete_structure (&key->key);
+ gnutls_free (key);
}
/**
@@ -98,216 +102,234 @@ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key)
* This function will copy a private key from source to destination key.
*
**/
-int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
- gnutls_x509_privkey_t src)
+int
+gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src)
{
- int i, ret;
+ int i, ret;
- if (!src || !dst)
- return GNUTLS_E_INVALID_REQUEST;
+ if (!src || !dst)
+ return GNUTLS_E_INVALID_REQUEST;
- for (i = 0; i < src->params_size; i++) {
- dst->params[i] = _gnutls_mpi_copy(src->params[i]);
- if (dst->params[i] == NULL)
- return GNUTLS_E_MEMORY_ERROR;
+ for (i = 0; i < src->params_size; i++)
+ {
+ dst->params[i] = _gnutls_mpi_copy (src->params[i]);
+ if (dst->params[i] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
}
- dst->params_size = src->params_size;
- dst->pk_algorithm = src->pk_algorithm;
- dst->crippled = src->crippled;
+ dst->params_size = src->params_size;
+ dst->pk_algorithm = src->pk_algorithm;
+ dst->crippled = src->crippled;
- if (!src->crippled) {
- switch (dst->pk_algorithm) {
+ if (!src->crippled)
+ {
+ switch (dst->pk_algorithm)
+ {
case GNUTLS_PK_DSA:
- ret = _encode_dsa(&dst->key, dst->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ ret = _encode_dsa (&dst->key, dst->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- break;
+ break;
case GNUTLS_PK_RSA:
- ret = _encode_rsa(&dst->key, dst->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ ret = _encode_rsa (&dst->key, dst->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- break;
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
- return 0;
+ return 0;
}
/* Converts an RSA PKCS#1 key to
* an internal structure (gnutls_private_key)
*/
-ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(
- const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
+ASN1_TYPE
+_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
+ gnutls_x509_privkey_t pkey)
{
- int result;
- ASN1_TYPE pkey_asn;
+ int result;
+ ASN1_TYPE pkey_asn;
- if ((result =
- asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.RSAPrivateKey",
- &pkey_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return NULL;
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.RSAPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return NULL;
}
- if ((sizeof(pkey->params) / sizeof(mpi_t)) < RSA_PRIVATE_PARAMS) {
- gnutls_assert();
- /* internal error. Increase the mpi_ts in params */
- return NULL;
+ if ((sizeof (pkey->params) / sizeof (mpi_t)) < RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ /* internal error. Increase the mpi_ts in params */
+ return NULL;
}
- result =
- asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
+ result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(pkey_asn, "modulus",
- &pkey->params[0])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
+ &pkey->params[0])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result =
- _gnutls_x509_read_int(pkey_asn, "publicExponent",
- &pkey->params[1])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result =
+ _gnutls_x509_read_int (pkey_asn, "publicExponent",
+ &pkey->params[1])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result =
- _gnutls_x509_read_int(pkey_asn, "privateExponent",
- &pkey->params[2])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result =
+ _gnutls_x509_read_int (pkey_asn, "privateExponent",
+ &pkey->params[2])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(pkey_asn, "prime1",
- &pkey->params[3])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
+ &pkey->params[3])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(pkey_asn, "prime2",
- &pkey->params[4])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
+ &pkey->params[4])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
#ifdef CALC_COEFF
- /* Calculate the coefficient. This is because the gcrypt
- * library is uses the p,q in the reverse order.
- */
- pkey->params[5] =
- _gnutls_mpi_snew(_gnutls_mpi_get_nbits(pkey->params[0]));
+ /* Calculate the coefficient. This is because the gcrypt
+ * library is uses the p,q in the reverse order.
+ */
+ pkey->params[5] =
+ _gnutls_mpi_snew (_gnutls_mpi_get_nbits (pkey->params[0]));
- if (pkey->params[5] == NULL) {
- gnutls_assert();
- goto error;
+ if (pkey->params[5] == NULL)
+ {
+ gnutls_assert ();
+ goto error;
}
- _gnutls_mpi_invm(pkey->params[5], pkey->params[3], pkey->params[4]);
- /* p, q */
+ _gnutls_mpi_invm (pkey->params[5], pkey->params[3], pkey->params[4]);
+ /* p, q */
#else
- if ((result = _gnutls_x509_read_int(pkey_asn, "coefficient",
- &pkey->params[5])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
+ &pkey->params[5])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
#endif
- pkey->params_size = 6;
+ pkey->params_size = 6;
- return pkey_asn;
+ return pkey_asn;
- error:
- asn1_delete_structure(&pkey_asn);
- _gnutls_mpi_release(&pkey->params[0]);
- _gnutls_mpi_release(&pkey->params[1]);
- _gnutls_mpi_release(&pkey->params[2]);
- _gnutls_mpi_release(&pkey->params[3]);
- _gnutls_mpi_release(&pkey->params[4]);
- _gnutls_mpi_release(&pkey->params[5]);
- return NULL;
+error:
+ asn1_delete_structure (&pkey_asn);
+ _gnutls_mpi_release (&pkey->params[0]);
+ _gnutls_mpi_release (&pkey->params[1]);
+ _gnutls_mpi_release (&pkey->params[2]);
+ _gnutls_mpi_release (&pkey->params[3]);
+ _gnutls_mpi_release (&pkey->params[4]);
+ _gnutls_mpi_release (&pkey->params[5]);
+ return NULL;
}
-static ASN1_TYPE decode_dsa_key(const gnutls_datum_t * raw_key,
- gnutls_x509_privkey_t pkey)
+static ASN1_TYPE
+decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
{
- int result;
- ASN1_TYPE dsa_asn;
+ int result;
+ ASN1_TYPE dsa_asn;
- if ((result =
- asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.DSAPrivateKey",
- &dsa_asn)) != ASN1_SUCCESS) {
- gnutls_assert();
- return NULL;
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSAPrivateKey",
+ &dsa_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return NULL;
}
- if ((sizeof(pkey->params) / sizeof(mpi_t)) < DSA_PRIVATE_PARAMS) {
- gnutls_assert();
- /* internal error. Increase the mpi_ts in params */
- return NULL;
+ if ((sizeof (pkey->params) / sizeof (mpi_t)) < DSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ /* internal error. Increase the mpi_ts in params */
+ return NULL;
}
- result =
- asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- goto error;
+ result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(dsa_asn, "p",
- &pkey->params[0])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params[0])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(dsa_asn, "q",
- &pkey->params[1])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params[1])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(dsa_asn, "g",
- &pkey->params[2])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params[2])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(dsa_asn, "Y",
- &pkey->params[3])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params[3])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- if ((result = _gnutls_x509_read_int(dsa_asn, "priv",
- &pkey->params[4])) < 0) {
- gnutls_assert();
- goto error;
+ if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
+ &pkey->params[4])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- pkey->params_size = 5;
+ pkey->params_size = 5;
- return dsa_asn;
+ return dsa_asn;
- error:
- asn1_delete_structure(&dsa_asn);
- _gnutls_mpi_release(&pkey->params[0]);
- _gnutls_mpi_release(&pkey->params[1]);
- _gnutls_mpi_release(&pkey->params[2]);
- _gnutls_mpi_release(&pkey->params[3]);
- _gnutls_mpi_release(&pkey->params[4]);
- return NULL;
+error:
+ asn1_delete_structure (&dsa_asn);
+ _gnutls_mpi_release (&pkey->params[0]);
+ _gnutls_mpi_release (&pkey->params[1]);
+ _gnutls_mpi_release (&pkey->params[2]);
+ _gnutls_mpi_release (&pkey->params[3]);
+ _gnutls_mpi_release (&pkey->params[4]);
+ return NULL;
}
@@ -330,99 +352,113 @@ static ASN1_TYPE decode_dsa_key(const gnutls_datum_t * raw_key,
* Returns 0 on success.
*
**/
-int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
- const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format)
+int
+gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
{
- int result = 0, need_free = 0;
- gnutls_datum_t _data;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- _data.data = data->data;
- _data.size = data->size;
-
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
-
- /* If the Certificate is in PEM format then decode it
- */
- if (format == GNUTLS_X509_FMT_PEM) {
- opaque *out;
-
- /* Try the first header */
- result =
- _gnutls_fbase64_decode(PEM_KEY_RSA, data->data, data->size,
- &out);
- key->pk_algorithm = GNUTLS_PK_RSA;
-
- if (result <= 0) {
- /* try for the second header */
- result =
- _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size,
- &out);
- key->pk_algorithm = GNUTLS_PK_DSA;
-
- if (result <= 0) {
- if (result == 0)
- result = GNUTLS_E_INTERNAL_ERROR;
- gnutls_assert();
- return result;
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result <= 0)
+ {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
+ &out);
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
}
}
- _data.data = out;
- _data.size = result;
+ _data.data = out;
+ _data.size = result;
- need_free = 1;
+ need_free = 1;
}
- if (key->pk_algorithm == GNUTLS_PK_RSA) {
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
- if (key->key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ {
+ key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
+ if (key->key == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto cleanup;
}
- } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
- key->key = decode_dsa_key(&_data, key);
- if (key->key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
+ }
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ {
+ key->key = decode_dsa_key (&_data, key);
+ if (key->key == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto cleanup;
}
- } else {
- /* Try decoding with both, and accept the one that
- * succeeds.
- */
- key->pk_algorithm = GNUTLS_PK_DSA;
- key->key = decode_dsa_key(&_data, key);
-
- if (key->key == NULL) {
- key->pk_algorithm = GNUTLS_PK_RSA;
- key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key);
- if (key->key == NULL) {
- gnutls_assert();
- result = GNUTLS_E_ASN1_DER_ERROR;
- goto cleanup;
+ }
+ else
+ {
+ /* Try decoding with both, and accept the one that
+ * succeeds.
+ */
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->key = decode_dsa_key (&_data, key);
+
+ if (key->key == NULL)
+ {
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
+ if (key->key == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto cleanup;
}
}
}
- if (need_free)
- _gnutls_free_datum(&_data);
+ if (need_free)
+ _gnutls_free_datum (&_data);
- /* The key has now been decoded.
- */
+ /* The key has now been decoded.
+ */
- return 0;
+ return 0;
- cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- if (need_free)
- _gnutls_free_datum(&_data);
- return result;
+cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
}
#define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \
@@ -444,86 +480,100 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
* to the native gnutls_x509_privkey_t format. The output will be stored in @key.
*
**/
-int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
- const gnutls_datum_t * m, const gnutls_datum_t * e, const gnutls_datum_t * d,
- const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * u)
+int
+gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
{
- int i = 0, ret;
- size_t siz = 0;
+ int i = 0, ret;
+ size_t siz = 0;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- siz = m->size;
- if (_gnutls_mpi_scan_nz(&key->params[0], m->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], m->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- siz = e->size;
- if (_gnutls_mpi_scan_nz(&key->params[1], e->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], e->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- siz = d->size;
- if (_gnutls_mpi_scan_nz(&key->params[2], d->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
+ siz = d->size;
+ if (_gnutls_mpi_scan_nz (&key->params[2], d->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- siz = p->size;
- if (_gnutls_mpi_scan_nz(&key->params[3], p->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz (&key->params[3], p->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- siz = q->size;
- if (_gnutls_mpi_scan_nz(&key->params[4], q->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz (&key->params[4], q->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
#ifdef CALC_COEFF
- key->params[5] =
- _gnutls_mpi_snew(_gnutls_mpi_get_nbits(key->params[0]));
+ key->params[5] = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0]));
- if (key->params[5] == NULL) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MEMORY_ERROR;
+ if (key->params[5] == NULL)
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_invm(key->params[5], key->params[3], key->params[4]);
+ _gnutls_mpi_invm (key->params[5], key->params[3], key->params[4]);
#else
- siz = u->size;
- if (_gnutls_mpi_scan_nz(&key->params[5], u->data, &siz)) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
+ siz = u->size;
+ if (_gnutls_mpi_scan_nz (&key->params[5], u->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
#endif
- if (!key->crippled) {
- ret = _encode_rsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return ret;
+ if (!key->crippled)
+ {
+ ret = _encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
}
}
- key->params_size = RSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_RSA;
+ key->params_size = RSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
- return 0;
+ return 0;
}
@@ -540,66 +590,78 @@ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
* to the native gnutls_x509_privkey_t format. The output will be stored in @key.
*
**/
-int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
- const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * g,
- const gnutls_datum_t * y, const gnutls_datum_t * x)
+int
+gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x)
{
- int i = 0, ret;
- size_t siz = 0;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- siz = p->size;
- if (_gnutls_mpi_scan_nz(&key->params[0], p->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = q->size;
- if (_gnutls_mpi_scan_nz(&key->params[1], q->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = g->size;
- if (_gnutls_mpi_scan_nz(&key->params[2], g->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = y->size;
- if (_gnutls_mpi_scan_nz(&key->params[3], y->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- siz = x->size;
- if (_gnutls_mpi_scan_nz(&key->params[4], x->data, &siz)) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- if (!key->crippled) {
- ret = _encode_dsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- FREE_DSA_PRIVATE_PARAMS;
- return ret;
+ int i = 0, ret;
+ size_t siz = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], p->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], q->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz (&key->params[2], g->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz (&key->params[3], y->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = x->size;
+ if (_gnutls_mpi_scan_nz (&key->params[4], x->data, &siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (!key->crippled)
+ {
+ ret = _encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return ret;
}
}
- key->params_size = DSA_PRIVATE_PARAMS;
- key->pk_algorithm = GNUTLS_PK_DSA;
+ key->params_size = DSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
- return 0;
+ return 0;
}
@@ -615,14 +677,16 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
* or a negative value on error.
*
**/
-int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key)
+int
+gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
{
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- return key->pk_algorithm;
+ return key->pk_algorithm;
}
@@ -649,49 +713,57 @@ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key)
* returned, and 0 on success.
*
**/
-int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size)
+int
+gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
{
- char *msg;
- int ret;
-
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (key->pk_algorithm == GNUTLS_PK_RSA)
- msg = PEM_KEY_RSA;
- else if (key->pk_algorithm == GNUTLS_PK_DSA)
- msg = PEM_KEY_DSA;
- else
- msg = NULL;
-
- if (key->crippled) { /* encode the parameters on the fly.
+ char *msg;
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ msg = PEM_KEY_RSA;
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ msg = PEM_KEY_DSA;
+ else
+ msg = NULL;
+
+ if (key->crippled)
+ { /* encode the parameters on the fly.
*/
- switch (key->pk_algorithm) {
+ switch (key->pk_algorithm)
+ {
case GNUTLS_PK_DSA:
- ret = _encode_dsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ ret = _encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- break;
+ break;
case GNUTLS_PK_RSA:
- ret = _encode_rsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ ret = _encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- break;
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
}
- return _gnutls_x509_export_int(key->key, format, msg,
- *output_data_size, output_data, output_data_size);
+ return _gnutls_x509_export_int (key->key, format, msg,
+ *output_data_size, output_data,
+ output_data_size);
}
@@ -710,93 +782,103 @@ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
* gnutls_malloc() and will be stored in the appropriate datum.
*
**/
-int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
- gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u)
+int
+gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
{
- int ret;
- mpi_t coeff = NULL;
+ int ret;
+ mpi_t coeff = NULL;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
-
- m->data=e->data=d->data=p->data=q->data=u->data=NULL;
- m->size=e->size=d->size=p->size=q->size=u->size=0;
- ret = _gnutls_mpi_dprint(m, key->params[0]);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ m->data = e->data = d->data = p->data = q->data = u->data = NULL;
+ m->size = e->size = d->size = p->size = q->size = u->size = 0;
+
+ ret = _gnutls_mpi_dprint (m, key->params[0]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- /* E */
- ret = _gnutls_mpi_dprint(e, key->params[1]);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ /* E */
+ ret = _gnutls_mpi_dprint (e, key->params[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- /* D */
- ret = _gnutls_mpi_dprint(d, key->params[2]);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ /* D */
+ ret = _gnutls_mpi_dprint (d, key->params[2]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- /* P */
- ret = _gnutls_mpi_dprint(p, key->params[3]);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ /* P */
+ ret = _gnutls_mpi_dprint (p, key->params[3]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- /* Q */
- ret = _gnutls_mpi_dprint(q, key->params[4]);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ /* Q */
+ ret = _gnutls_mpi_dprint (q, key->params[4]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
#ifdef CALC_COEFF
- coeff =
- _gnutls_mpi_snew(_gnutls_mpi_get_nbits(key->params[0]));
+ coeff = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0]));
- if (coeff == NULL) {
- gnutls_assert();
- ret = GNUTLS_E_MEMORY_ERROR;
- goto error;
+ if (coeff == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
}
- _gnutls_mpi_invm(coeff, key->params[4], key->params[3]);
- ret = _gnutls_mpi_dprint(u, coeff);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ _gnutls_mpi_invm (coeff, key->params[4], key->params[3]);
+ ret = _gnutls_mpi_dprint (u, coeff);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
- _gnutls_mpi_release( &coeff);
+ _gnutls_mpi_release (&coeff);
#else
- /* U */
- ret = _gnutls_mpi_dprint(u, key->params[5]);
- if (ret < 0) {
- gnutls_assert();
- goto error;
+ /* U */
+ ret = _gnutls_mpi_dprint (u, key->params[5]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
}
#endif
- return 0;
+ return 0;
error:
- _gnutls_free_datum(m);
- _gnutls_free_datum(d);
- _gnutls_free_datum(e);
- _gnutls_free_datum(p);
- _gnutls_free_datum(q);
- _gnutls_mpi_release( &coeff);
-
- return ret;
+ _gnutls_free_datum (m);
+ _gnutls_free_datum (d);
+ _gnutls_free_datum (e);
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ _gnutls_mpi_release (&coeff);
+
+ return ret;
}
/**
@@ -813,391 +895,422 @@ error:
* gnutls_malloc() and will be stored in the appropriate datum.
*
**/
-int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g,
- gnutls_datum_t * y, gnutls_datum_t * x)
+int
+gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
{
- int ret;
+ int ret;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- /* P */
- ret = _gnutls_mpi_dprint(p, key->params[0]);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ /* P */
+ ret = _gnutls_mpi_dprint (p, key->params[0]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- /* Q */
- ret = _gnutls_mpi_dprint(q, key->params[1]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- return ret;
+ /* Q */
+ ret = _gnutls_mpi_dprint (q, key->params[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ return ret;
}
- /* G */
- ret = _gnutls_mpi_dprint(g, key->params[2]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(q);
- return ret;
+ /* G */
+ ret = _gnutls_mpi_dprint (g, key->params[2]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ return ret;
}
- /* Y */
- ret = _gnutls_mpi_dprint(y, key->params[3]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(p);
- _gnutls_free_datum(g);
- _gnutls_free_datum(q);
- return ret;
+ /* Y */
+ ret = _gnutls_mpi_dprint (y, key->params[3]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ return ret;
}
- /* X */
- ret = _gnutls_mpi_dprint(x, key->params[4]);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_free_datum(y);
- _gnutls_free_datum(p);
- _gnutls_free_datum(g);
- _gnutls_free_datum(q);
- return ret;
+ /* X */
+ ret = _gnutls_mpi_dprint (x, key->params[4]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (y);
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ return ret;
}
- return 0;
+ return 0;
}
/* Encodes the RSA parameters into an ASN.1 RSA private key structure.
*/
-static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params)
+static int
+_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
{
- int result, i;
- size_t size[8], total;
- opaque *m_data, *pube_data, *prie_data;
- opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data;
- opaque *all_data = NULL, *p;
- mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL, u=NULL;
- opaque null = '\0';
-
- /* Read all the sizes */
- total = 0;
- for (i = 0; i < 5; i++) {
- _gnutls_mpi_print_lz(NULL, &size[i], params[i]);
- total += size[i];
- }
-
- /* Now generate exp1 and exp2
- */
- exp1 = _gnutls_mpi_salloc_like(params[0]); /* like modulus */
- if (exp1 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- exp2 = _gnutls_mpi_salloc_like(params[0]);
- if (exp2 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- q1 = _gnutls_mpi_salloc_like(params[4]);
- if (q1 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p1 = _gnutls_mpi_salloc_like(params[3]);
- if (p1 == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- u = _gnutls_mpi_salloc_like(params[3]);
- if (u == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- _gnutls_mpi_invm(u, params[4], params[3]);
- /* inverse of q mod p */
- _gnutls_mpi_print_lz(NULL, &size[5], u);
- total += size[5];
-
- _gnutls_mpi_sub_ui(p1, params[3], 1);
- _gnutls_mpi_sub_ui(q1, params[4], 1);
-
- _gnutls_mpi_mod(exp1, params[2], p1);
- _gnutls_mpi_mod(exp2, params[2], q1);
-
-
- /* calculate exp's size */
- _gnutls_mpi_print_lz(NULL, &size[6], exp1);
- total += size[6];
-
- _gnutls_mpi_print_lz(NULL, &size[7], exp2);
- total += size[7];
-
- /* Encoding phase.
- * allocate data enough to hold everything
- */
- all_data = gnutls_secure_malloc(total);
- if (all_data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p = all_data;
- m_data = p;
- p += size[0];
- pube_data = p;
- p += size[1];
- prie_data = p;
- p += size[2];
- p1_data = p;
- p += size[3];
- p2_data = p;
- p += size[4];
- u_data = p;
- p += size[5];
- exp1_data = p;
- p += size[6];
- exp2_data = p;
-
- _gnutls_mpi_print_lz(m_data, &size[0], params[0]);
- _gnutls_mpi_print_lz(pube_data, &size[1], params[1]);
- _gnutls_mpi_print_lz(prie_data, &size[2], params[2]);
- _gnutls_mpi_print_lz(p1_data, &size[3], params[3]);
- _gnutls_mpi_print_lz(p2_data, &size[4], params[4]);
- _gnutls_mpi_print_lz(u_data, &size[5], u);
- _gnutls_mpi_print_lz(exp1_data, &size[6], exp1);
- _gnutls_mpi_print_lz(exp2_data, &size[7], exp2);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2))
- != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value(*c2, "modulus",
- m_data, size[0])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "publicExponent",
- pube_data, size[1])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "privateExponent",
- prie_data, size[2])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "prime1",
- p1_data, size[3])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "prime2",
- p2_data, size[4])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "exponent1",
- exp1_data, size[6])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "exponent2",
- exp2_data, size[7])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "coefficient",
- u_data, size[5])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- _gnutls_mpi_release(&exp1);
- _gnutls_mpi_release(&exp2);
- _gnutls_mpi_release(&q1);
- _gnutls_mpi_release(&p1);
- _gnutls_mpi_release(&u);
- gnutls_free(all_data);
-
- if ((result = asn1_write_value(*c2, "otherPrimeInfos",
- NULL, 0)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "version",
- &null, 1)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- return 0;
+ int result, i;
+ size_t size[8], total;
+ opaque *m_data, *pube_data, *prie_data;
+ opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data;
+ opaque *all_data = NULL, *p;
+ mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL, u = NULL;
+ opaque null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < 5; i++)
+ {
+ _gnutls_mpi_print_lz (NULL, &size[i], params[i]);
+ total += size[i];
+ }
+
+ /* Now generate exp1 and exp2
+ */
+ exp1 = _gnutls_mpi_salloc_like (params[0]); /* like modulus */
+ if (exp1 == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ exp2 = _gnutls_mpi_salloc_like (params[0]);
+ if (exp2 == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ q1 = _gnutls_mpi_salloc_like (params[4]);
+ if (q1 == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p1 = _gnutls_mpi_salloc_like (params[3]);
+ if (p1 == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ u = _gnutls_mpi_salloc_like (params[3]);
+ if (u == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_mpi_invm (u, params[4], params[3]);
+ /* inverse of q mod p */
+ _gnutls_mpi_print_lz (NULL, &size[5], u);
+ total += size[5];
+
+ _gnutls_mpi_sub_ui (p1, params[3], 1);
+ _gnutls_mpi_sub_ui (q1, params[4], 1);
+
+ _gnutls_mpi_mod (exp1, params[2], p1);
+ _gnutls_mpi_mod (exp2, params[2], q1);
+
+
+ /* calculate exp's size */
+ _gnutls_mpi_print_lz (NULL, &size[6], exp1);
+ total += size[6];
+
+ _gnutls_mpi_print_lz (NULL, &size[7], exp2);
+ total += size[7];
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_secure_malloc (total);
+ if (all_data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ m_data = p;
+ p += size[0];
+ pube_data = p;
+ p += size[1];
+ prie_data = p;
+ p += size[2];
+ p1_data = p;
+ p += size[3];
+ p2_data = p;
+ p += size[4];
+ u_data = p;
+ p += size[5];
+ exp1_data = p;
+ p += size[6];
+ exp2_data = p;
+
+ _gnutls_mpi_print_lz (m_data, &size[0], params[0]);
+ _gnutls_mpi_print_lz (pube_data, &size[1], params[1]);
+ _gnutls_mpi_print_lz (prie_data, &size[2], params[2]);
+ _gnutls_mpi_print_lz (p1_data, &size[3], params[3]);
+ _gnutls_mpi_print_lz (p2_data, &size[4], params[4]);
+ _gnutls_mpi_print_lz (u_data, &size[5], u);
+ _gnutls_mpi_print_lz (exp1_data, &size[6], exp1);
+ _gnutls_mpi_print_lz (exp2_data, &size[7], exp2);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value (*c2, "modulus",
+ m_data, size[0])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "publicExponent",
+ pube_data, size[1])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "privateExponent",
+ prie_data, size[2])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "prime1",
+ p1_data, size[3])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "prime2",
+ p2_data, size[4])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "exponent1",
+ exp1_data, size[6])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "exponent2",
+ exp2_data, size[7])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "coefficient",
+ u_data, size[5])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ _gnutls_mpi_release (&exp1);
+ _gnutls_mpi_release (&exp2);
+ _gnutls_mpi_release (&q1);
+ _gnutls_mpi_release (&p1);
+ _gnutls_mpi_release (&u);
+ gnutls_free (all_data);
+
+ if ((result = asn1_write_value (*c2, "otherPrimeInfos",
+ NULL, 0)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ _gnutls_mpi_release (&u);
+ _gnutls_mpi_release (&exp1);
+ _gnutls_mpi_release (&exp2);
+ _gnutls_mpi_release (&q1);
+ _gnutls_mpi_release (&p1);
+ asn1_delete_structure (c2);
+ gnutls_free (all_data);
- cleanup:
- _gnutls_mpi_release(&u);
- _gnutls_mpi_release(&exp1);
- _gnutls_mpi_release(&exp2);
- _gnutls_mpi_release(&q1);
- _gnutls_mpi_release(&p1);
- asn1_delete_structure(c2);
- gnutls_free(all_data);
-
- return result;
+ return result;
}
/* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
*/
-static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params)
+static int
+_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
{
- int result, i;
- size_t size[DSA_PRIVATE_PARAMS], total;
- opaque *p_data, *q_data, *g_data, *x_data, *y_data;
- opaque *all_data = NULL, *p;
- opaque null = '\0';
-
- /* Read all the sizes */
- total = 0;
- for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
- _gnutls_mpi_print_lz(NULL, &size[i], params[i]);
- total += size[i];
- }
-
- /* Encoding phase.
- * allocate data enough to hold everything
- */
- all_data = gnutls_secure_malloc(total);
- if (all_data == NULL) {
- gnutls_assert();
- result = GNUTLS_E_MEMORY_ERROR;
- goto cleanup;
- }
-
- p = all_data;
- p_data = p;
- p += size[0];
- q_data = p;
- p += size[1];
- g_data = p;
- p += size[2];
- y_data = p;
- p += size[3];
- x_data = p;
-
- _gnutls_mpi_print_lz(p_data, &size[0], params[0]);
- _gnutls_mpi_print_lz(q_data, &size[1], params[1]);
- _gnutls_mpi_print_lz(g_data, &size[2], params[2]);
- _gnutls_mpi_print_lz(y_data, &size[3], params[3]);
- _gnutls_mpi_print_lz(x_data, &size[4], params[4]);
-
- /* Ok. Now we have the data. Create the asn1 structures
- */
-
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2))
- != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- /* Write PRIME
- */
- if ((result = asn1_write_value(*c2, "p",
- p_data, size[0])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "q",
- q_data, size[1])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "g",
- g_data, size[2])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "Y",
- y_data, size[3])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- if ((result = asn1_write_value(*c2, "priv",
- x_data, size[4])) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- gnutls_free(all_data);
-
- if ((result = asn1_write_value(*c2, "version",
- &null, 1)) != ASN1_SUCCESS) {
- gnutls_assert();
- result = _gnutls_asn2err(result);
- goto cleanup;
- }
-
- return 0;
-
- cleanup:
- asn1_delete_structure(c2);
- gnutls_free(all_data);
-
- return result;
+ int result, i;
+ size_t size[DSA_PRIVATE_PARAMS], total;
+ opaque *p_data, *q_data, *g_data, *x_data, *y_data;
+ opaque *all_data = NULL, *p;
+ opaque null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
+ {
+ _gnutls_mpi_print_lz (NULL, &size[i], params[i]);
+ total += size[i];
+ }
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_secure_malloc (total);
+ if (all_data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ p_data = p;
+ p += size[0];
+ q_data = p;
+ p += size[1];
+ g_data = p;
+ p += size[2];
+ y_data = p;
+ p += size[3];
+ x_data = p;
+
+ _gnutls_mpi_print_lz (p_data, &size[0], params[0]);
+ _gnutls_mpi_print_lz (q_data, &size[1], params[1]);
+ _gnutls_mpi_print_lz (g_data, &size[2], params[2]);
+ _gnutls_mpi_print_lz (y_data, &size[3], params[3]);
+ _gnutls_mpi_print_lz (x_data, &size[4], params[4]);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "priv",
+ x_data, size[4])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ gnutls_free (all_data);
+
+ if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ asn1_delete_structure (c2);
+ gnutls_free (all_data);
+
+ return result;
}
@@ -1214,69 +1327,79 @@ static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params)
* Returns 0 on success or a negative value on error.
*
**/
-int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
- gnutls_pk_algorithm_t algo, unsigned int bits, unsigned int flags)
+int
+gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo, unsigned int bits,
+ unsigned int flags)
{
- int ret, params_len;
- int i;
+ int ret, params_len;
+ int i;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- switch (algo) {
+ switch (algo)
+ {
case GNUTLS_PK_DSA:
- ret = _gnutls_dsa_generate_params(key->params, &params_len, bits);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ ret = _gnutls_dsa_generate_params (key->params, &params_len, bits);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- if (!key->crippled) {
- ret = _encode_dsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
+ if (!key->crippled)
+ {
+ ret = _encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
}
- key->params_size = params_len;
- key->pk_algorithm = GNUTLS_PK_DSA;
+ key->params_size = params_len;
+ key->pk_algorithm = GNUTLS_PK_DSA;
- break;
+ break;
case GNUTLS_PK_RSA:
- ret = _gnutls_rsa_generate_params(key->params, &params_len, bits);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ ret = _gnutls_rsa_generate_params (key->params, &params_len, bits);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- if (!key->crippled) {
- ret = _encode_rsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
+ if (!key->crippled)
+ {
+ ret = _encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
}
- key->params_size = params_len;
- key->pk_algorithm = GNUTLS_PK_RSA;
+ key->params_size = params_len;
+ key->pk_algorithm = GNUTLS_PK_RSA;
- break;
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- return 0;
+ return 0;
- cleanup:
- key->pk_algorithm = GNUTLS_PK_UNKNOWN;
- key->params_size = 0;
- for (i = 0; i < params_len; i++)
- _gnutls_mpi_release(&key->params[i]);
+cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ key->params_size = 0;
+ for (i = 0; i < params_len; i++)
+ _gnutls_mpi_release (&key->params[i]);
- return ret;
+ return ret;
}
/**
@@ -1300,63 +1423,72 @@ int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
* returned, and 0 on success.
*
**/
-int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
+int
+gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
{
- int result;
- GNUTLS_HASH_HANDLE hd;
- gnutls_datum_t der = { NULL, 0 };
-
- if (key == NULL || key->crippled) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*output_data_size < 20) {
- gnutls_assert();
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (key->pk_algorithm == GNUTLS_PK_RSA) {
- result =
- _gnutls_x509_write_rsa_params(key->params, key->params_size,
- &der);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
+ int result;
+ GNUTLS_HASH_HANDLE hd;
+ gnutls_datum_t der = { NULL, 0 };
+
+ if (key == NULL || key->crippled)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*output_data_size < 20)
+ {
+ gnutls_assert ();
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ {
+ result =
+ _gnutls_x509_write_rsa_params (key->params, key->params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
- } else if (key->pk_algorithm == GNUTLS_PK_DSA) {
- result =
- _gnutls_x509_write_dsa_public_key(key->params,
- key->params_size, &der);
- if (result < 0) {
- gnutls_assert();
- goto cleanup;
+ }
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ {
+ result =
+ _gnutls_x509_write_dsa_public_key (key->params,
+ key->params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
}
- } else
- return GNUTLS_E_INTERNAL_ERROR;
+ }
+ else
+ return GNUTLS_E_INTERNAL_ERROR;
- hd = _gnutls_hash_init(GNUTLS_MAC_SHA1);
- if (hd == GNUTLS_HASH_FAILED) {
- gnutls_assert();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
+ hd = _gnutls_hash_init (GNUTLS_MAC_SHA1);
+ if (hd == GNUTLS_HASH_FAILED)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
}
- _gnutls_hash(hd, der.data, der.size);
+ _gnutls_hash (hd, der.data, der.size);
- _gnutls_hash_deinit(hd, output_data);
- *output_data_size = 20;
+ _gnutls_hash_deinit (hd, output_data);
+ *output_data_size = 20;
- result = 0;
+ result = 0;
- cleanup:
+cleanup:
- _gnutls_free_datum(&der);
- return result;
+ _gnutls_free_datum (&der);
+ return result;
}
#ifdef ENABLE_PKI
@@ -1384,38 +1516,42 @@ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key,
* 0 on success.
*
**/
-int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
- gnutls_digest_algorithm_t digest,
- unsigned int flags,
- const gnutls_datum_t * data,
- void *signature, size_t * signature_size)
+int
+gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature, size_t * signature_size)
{
- int result;
- gnutls_datum_t sig = { NULL, 0 };
+ int result;
+ gnutls_datum_t sig = { NULL, 0 };
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_x509_sign(data, digest, key, &sig);
- if (result < 0) {
- gnutls_assert();
- return result;
+ result = _gnutls_x509_sign (data, digest, key, &sig);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
}
- if (*signature_size < sig.size) {
- *signature_size = sig.size;
- _gnutls_free_datum(&sig);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ if (*signature_size < sig.size)
+ {
+ *signature_size = sig.size;
+ _gnutls_free_datum (&sig);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- *signature_size = sig.size;
- memcpy(signature, sig.data, sig.size);
+ *signature_size = sig.size;
+ memcpy (signature, sig.data, sig.size);
- _gnutls_free_datum(&sig);
+ _gnutls_free_datum (&sig);
- return 0;
+ return 0;
}
/**
@@ -1432,25 +1568,28 @@ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
* 1 on success.
*
**/
-int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+int
+gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
{
- int result;
+ int result;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_x509_privkey_verify_signature(data, signature, key);
- if (result < 0) {
- gnutls_assert();
- return 0;
+ result = _gnutls_x509_privkey_verify_signature (data, signature, key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return 0;
}
- return result;
+ return result;
}
/**
@@ -1464,37 +1603,43 @@ int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key,
* returned, and 0 on success.
*
**/
-int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key)
+int
+gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
{
- int ret;
+ int ret;
- if (key == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- if (!key->crippled) asn1_delete_structure(&key->key);
- switch (key->pk_algorithm) {
- case GNUTLS_PK_DSA:
- ret = _encode_dsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- case GNUTLS_PK_RSA:
- ret = _encode_rsa(&key->key, key->params);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ if (!key->crippled)
+ asn1_delete_structure (&key->key);
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_DSA:
+ ret = _encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
- return 0;
+ return 0;
}
#endif
View Lorry Controller Status