#include <gnutls_int.h>
#include "gnutls_auth_int.h"
#include "gnutls_errors.h"
#include <gnutls_cert.h>
#include <auth_cert.h>
#include "gnutls_dh.h"
#include "gnutls_num.h"
#include "libtasn1.h"
#include "gnutls_datum.h"
#include <gnutls_pk.h>
#include <gnutls_algorithms.h>
#include <gnutls_global.h>
#include <gnutls_record.h>
#include <gnutls_sig.h>
#include <gnutls_state.h>
#include <gnutls_x509.h>
#include "debug.h"
Go to the source code of this file.
#define CERTTYPE_SIZE 3 |
Definition at line 1019 of file auth_cert.c.
Referenced by MHD_gtls_gen_cert_server_cert_req().
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) |
Definition at line 785 of file auth_cert.c.
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) MHD_gtls_gcert_deinit(&peer_certificate_list[x]) |
Definition at line 785 of file auth_cert.c.
Referenced by MHD_gtls_proc_x509_server_certificate().
#define MAX_SIGN_ALGOS 2 |
Definition at line 801 of file auth_cert.c.
Referenced by MHD_gtls_proc_cert_cert_req().
enum CertificateSigType |
Definition at line 802 of file auth_cert.c.
static int _find_x509_cert | ( | const MHD_gtls_cert_credentials_t | cred, | |
opaque * | _data, | |||
size_t | _data_size, | |||
const enum MHD_GNUTLS_PublicKeyAlgorithm * | pk_algos, | |||
int | pk_algos_length, | |||
int * | indx | |||
) | [static] |
Definition at line 189 of file auth_cert.c.
References MHD_gtls_certificate_credentials_st::cert_list, MHD_gtls_certificate_credentials_st::cert_list_length, MHD_gnutls_datum_t::data, DECR_LENGTH_RET, MHD__gnutls_cert_get_issuer_dn(), MHD__gnutls_check_pk_algo_in_list(), MHD_gnutls_assert, MHD_gtls_read_uint16(), MHD_gtls_certificate_credentials_st::ncerts, MHD_gnutls_datum_t::size, and MHD_gnutls_cert::subject_pk_algorithm.
Referenced by _select_client_cert().
static int _select_client_cert | ( | MHD_gtls_session_t | session, | |
opaque * | _data, | |||
size_t | _data_size, | |||
enum MHD_GNUTLS_PublicKeyAlgorithm * | pk_algos, | |||
int | pk_algos_length | |||
) | [static] |
Definition at line 450 of file auth_cert.c.
References _find_x509_cert(), call_get_cert_callback(), MHD_gtls_certificate_credentials_st::cert_list, MHD_gtls_certificate_credentials_st::cert_list_length, MHD_gtls_security_param_st::cert_type, MHD_gtls_certificate_credentials_st::client_get_cert_callback, get_issuers(), get_issuers_num(), GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_E_MEMORY_ERROR, MHD_gtls_session_int::key, MHD_gnutls_assert, MHD_GNUTLS_CRD_CERTIFICATE, MHD_GNUTLS_CRT_X509, MHD_gnutls_free, MHD_gnutls_malloc, MHD_gtls_get_cred(), MHD_gtls_selected_certs_set(), MHD_gtls_certificate_credentials_st::pkey, and MHD_gtls_session_int::security_parameters.
Referenced by MHD_gtls_proc_cert_cert_req().
static MHD_gnutls_cert * alloc_and_load_x509_certs | ( | MHD_gnutls_x509_crt_t * | certs, | |
unsigned | ncerts | |||
) | [static] |
Definition at line 1141 of file auth_cert.c.
References MHD_gnutls_assert, MHD_gnutls_free, MHD_gnutls_malloc, MHD_gtls_gcert_deinit(), and MHD_gtls_x509_crt_to_gcert().
Referenced by call_get_cert_callback().
static MHD_gnutls_privkey * alloc_and_load_x509_key | ( | MHD_gnutls_x509_privkey_t | key | ) | [static] |
Definition at line 1182 of file auth_cert.c.
References MHD__gnutls_x509_privkey_to_gkey(), MHD_gnutls_assert, and MHD_gnutls_malloc.
Referenced by call_get_cert_callback().
static int call_get_cert_callback | ( | MHD_gtls_session_t | session, | |
MHD_gnutls_datum_t * | issuers_dn, | |||
int | issuers_dn_length, | |||
enum MHD_GNUTLS_PublicKeyAlgorithm * | pk_algos, | |||
int | pk_algos_length | |||
) | [static] |
Definition at line 352 of file auth_cert.c.
References alloc_and_load_x509_certs(), alloc_and_load_x509_key(), MHD_gnutls_retr_st::cert, MHD_gtls_certificate_credentials_st::client_get_cert_callback, MHD_gnutls_retr_st::deinit_all, MHD_gtls_security_param_st::entity, GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_E_INTERNAL_ERROR, GNUTLS_E_INVALID_REQUEST, GNUTLS_SERVER, MHD_gnutls_retr_st::key, MHD_gtls_session_int::key, MHD_gnutls_assert, MHD_gnutls_certificate_type_get(), MHD_GNUTLS_CRD_CERTIFICATE, MHD_GNUTLS_CRT_X509, MHD_gnutls_free, MHD_gnutls_x509_crt_deinit(), MHD_gnutls_x509_privkey_deinit(), MHD_gtls_get_cred(), MHD_gtls_selected_certs_set(), MHD_gnutls_retr_st::ncerts, MHD_gtls_session_int::security_parameters, MHD_gtls_certificate_credentials_st::server_get_cert_callback, MHD_gnutls_retr_st::type, MHD_gnutls_retr_st::key::x509, and MHD_gnutls_retr_st::cert::x509.
Referenced by _select_client_cert(), and MHD_gtls_server_select_cert().
static int get_issuers | ( | MHD_gtls_session_t | session, | |
MHD_gnutls_datum_t * | issuers_dn, | |||
int | issuers_len, | |||
opaque * | data, | |||
size_t | data_size | |||
) | [static] |
Definition at line 311 of file auth_cert.c.
References MHD_gnutls_datum_t::data, MHD_gnutls_certificate_type_get(), MHD_GNUTLS_CRT_X509, MHD_gtls_read_uint16(), and MHD_gnutls_datum_t::size.
Referenced by _select_client_cert().
static int get_issuers_num | ( | MHD_gtls_session_t | session, | |
opaque * | data, | |||
ssize_t | data_size | |||
) | [static] |
Definition at line 262 of file auth_cert.c.
References DECR_LENGTH_COM, GNUTLS_E_UNEXPECTED_PACKET_LENGTH, and MHD_gtls_read_uint16().
Referenced by _select_client_cert().
static int MHD__gnutls_cert_get_issuer_dn | ( | MHD_gnutls_cert * | cert, | |
MHD_gnutls_datum_t * | odn | |||
) | [static] |
Definition at line 137 of file auth_cert.c.
References ASN1_SUCCESS, MHD_gnutls_datum_t::data, MHD__asn1_create_element(), MHD__asn1_delete_structure(), MHD__asn1_der_decoding(), MHD__asn1_der_decoding_startEnd(), MHD__gnutls_get_pkix, MHD_gnutls_assert, MHD_gtls_asn2err(), MHD_gnutls_cert::raw, and MHD_gnutls_datum_t::size.
Referenced by _find_x509_cert().
static int MHD__gnutls_check_pk_algo_in_list | ( | const enum MHD_GNUTLS_PublicKeyAlgorithm * | pk_algos, | |
int | pk_algos_length, | |||
enum MHD_GNUTLS_PublicKeyAlgorithm | algo_to_check | |||
) | [inline, static] |
Definition at line 116 of file auth_cert.c.
Referenced by _find_x509_cert().
static int MHD__gnutls_check_supported_sign_algo | ( | CertificateSigType | algo | ) | [inline, static] |
Definition at line 811 of file auth_cert.c.
References MHD_GNUTLS_PK_RSA, and RSA_SIGN.
Referenced by MHD_gtls_proc_cert_cert_req().
static int MHD__gnutls_copy_certificate_auth_info | ( | cert_auth_info_t | info, | |
MHD_gnutls_cert * | cert, | |||
int | ncerts | |||
) | [static] |
Definition at line 58 of file auth_cert.c.
References MHD_gnutls_datum_t::data, GNUTLS_E_MEMORY_ERROR, MHD__gnutls_free_datum, MHD__gnutls_set_datum, MHD_gnutls_assert, MHD_gnutls_calloc, MHD_gnutls_free, MHD_gtls_cert_auth_info_st::ncerts, MHD_gnutls_cert::raw, MHD_gtls_cert_auth_info_st::raw_certificate_list, and MHD_gnutls_datum_t::size.
Referenced by MHD_gtls_proc_x509_server_certificate().
void MHD_gtls_free_rsa_info | ( | rsa_info_st * | rsa | ) |
Definition at line 1325 of file auth_cert.c.
References MHD_gtls_rsa_info_st::exponent, MHD__gnutls_free_datum, and MHD_gtls_rsa_info_st::modulus.
Referenced by MHD_gtls_free_auth_info().
int MHD_gtls_gen_cert_client_cert_vrfy | ( | MHD_gtls_session_t | session, | |
opaque ** | data | |||
) |
Definition at line 918 of file auth_cert.c.
References MHD_gnutls_datum_t::data, GNUTLS_E_MEMORY_ERROR, MHD__gnutls_free_datum, MHD_gnutls_assert, MHD_gnutls_malloc, MHD_gtls_get_selected_cert(), MHD_gtls_tls_sign_hdata(), MHD_gtls_write_uint16(), and MHD_gnutls_datum_t::size.
int MHD_gtls_gen_cert_client_certificate | ( | MHD_gtls_session_t | session, | |
opaque ** | data | |||
) |
Definition at line 610 of file auth_cert.c.
References MHD_gtls_security_param_st::cert_type, GNUTLS_E_INTERNAL_ERROR, MHD_gnutls_assert, MHD_GNUTLS_CRT_X509, MHD_gtls_gen_x509_crt(), and MHD_gtls_session_int::security_parameters.
int MHD_gtls_gen_cert_server_cert_req | ( | MHD_gtls_session_t | session, | |
opaque ** | data | |||
) |
Definition at line 1021 of file auth_cert.c.
References MHD_gtls_security_param_st::cert_type, CERTTYPE_SIZE, DSA_SIGN, GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_E_MEMORY_ERROR, MHD_gtls_internals_st::ignore_rdn_sequence, MHD_gtls_session_int::internals, MHD_gtls_session_int::key, MHD__gnutls_protocol_get_version(), MHD_gnutls_assert, MHD_GNUTLS_CRD_CERTIFICATE, MHD_GNUTLS_CRT_X509, MHD_gnutls_malloc, MHD_GNUTLS_PROTOCOL_TLS1_2, MHD_gtls_get_cred(), MHD_gtls_write_datum16(), MHD_gtls_write_uint16(), RSA_SIGN, MHD_gtls_session_int::security_parameters, MHD_gnutls_datum_t::size, and MHD_gtls_certificate_credentials_st::x509_rdn_sequence.
int MHD_gtls_gen_cert_server_certificate | ( | MHD_gtls_session_t | session, | |
opaque ** | data | |||
) |
Definition at line 625 of file auth_cert.c.
References MHD_gtls_security_param_st::cert_type, GNUTLS_E_INTERNAL_ERROR, MHD_gnutls_assert, MHD_GNUTLS_CRT_X509, MHD_gtls_gen_x509_crt(), and MHD_gtls_session_int::security_parameters.
static int MHD_gtls_gen_x509_crt | ( | MHD_gtls_session_t | session, | |
opaque ** | data | |||
) | [static] |
Definition at line 555 of file auth_cert.c.
References GNUTLS_E_MEMORY_ERROR, MHD_gnutls_assert, MHD_gnutls_malloc, MHD_gtls_get_selected_cert(), MHD_gtls_write_datum24(), MHD_gtls_write_uint24(), MHD_gnutls_cert::raw, and MHD_gnutls_datum_t::size.
Referenced by MHD_gtls_gen_cert_client_certificate(), and MHD_gtls_gen_cert_server_certificate().
int MHD_gtls_get_selected_cert | ( | MHD_gtls_session_t | session, | |
MHD_gnutls_cert ** | apr_cert_list, | |||
int * | apr_cert_list_length, | |||
MHD_gnutls_privkey ** | apr_pkey | |||
) |
Definition at line 1099 of file auth_cert.c.
References MHD_gtls_security_param_st::entity, GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_SERVER, MHD_gtls_session_int::internals, MHD_gnutls_assert, MHD_gtls_session_int::security_parameters, MHD_gtls_internals_st::selected_cert_list, MHD_gtls_internals_st::selected_cert_list_length, and MHD_gtls_internals_st::selected_key.
Referenced by gen_dhe_server_kx(), gen_rsa_export_server_kx(), MHD_gtls_gen_cert_client_cert_vrfy(), and MHD_gtls_gen_x509_crt().
int MHD_gtls_proc_cert_cert_req | ( | MHD_gtls_session_t | session, | |
opaque * | data, | |||
size_t | data_size | |||
) |
Definition at line 823 of file auth_cert.c.
References _select_client_cert(), MHD_gtls_key::certificate_requested, DECR_LEN, GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_E_UNKNOWN_PK_ALGORITHM, MHD_gtls_session_int::key, MAX_SIGN_ALGOS, MHD__gnutls_check_supported_sign_algo(), MHD__gnutls_protocol_get_version(), MHD_gnutls_assert, MHD_GNUTLS_CRD_CERTIFICATE, MHD_GNUTLS_PROTOCOL_TLS1_2, MHD_gtls_auth_info_set(), MHD_gtls_get_cred(), and MHD_gtls_read_uint16().
int MHD_gtls_proc_cert_client_cert_vrfy | ( | MHD_gtls_session_t | session, | |
opaque * | data, | |||
size_t | data_size | |||
) |
Definition at line 971 of file auth_cert.c.
References CERT_NO_COPY, MHD_gtls_security_param_st::cert_type, MHD_gnutls_datum_t::data, DECR_LEN, GNUTLS_E_INTERNAL_ERROR, MHD_gnutls_assert, MHD_gtls_gcert_deinit(), MHD_gtls_get_auth_info(), MHD_gtls_raw_cert_to_gcert(), MHD_gtls_read_uint16(), MHD_gtls_verify_sig_hdata(), MHD_gtls_cert_auth_info_st::ncerts, MHD_gtls_cert_auth_info_st::raw_certificate_list, MHD_gtls_session_int::security_parameters, sig, and MHD_gnutls_datum_t::size.
int MHD_gtls_proc_cert_server_certificate | ( | MHD_gtls_session_t | session, | |
opaque * | data, | |||
size_t | data_size | |||
) |
Definition at line 788 of file auth_cert.c.
References MHD_gtls_security_param_st::cert_type, GNUTLS_E_INTERNAL_ERROR, MHD_gnutls_assert, MHD_GNUTLS_CRT_X509, MHD_gtls_proc_x509_server_certificate(), and MHD_gtls_session_int::security_parameters.
static int MHD_gtls_proc_x509_server_certificate | ( | MHD_gtls_session_t | session, | |
opaque * | data, | |||
size_t | data_size | |||
) | [static] |
Definition at line 643 of file auth_cert.c.
References CERT_ONLY_EXTENSIONS, CLEAR_CERTS, MHD_gnutls_datum_t::data, DECR_LEN, GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_E_MEMORY_ERROR, GNUTLS_E_NO_CERTIFICATE_FOUND, MHD_gtls_session_int::key, MHD__gnutls_check_key_usage(), MHD__gnutls_copy_certificate_auth_info(), MHD_gnutls_assert, MHD_GNUTLS_CRD_CERTIFICATE, MHD_gnutls_free, MHD_gnutls_kx_get(), MHD_gnutls_malloc, MHD_gtls_auth_info_set(), MHD_gtls_get_auth_info(), MHD_gtls_get_cred(), MHD_gtls_read_uint24(), MHD_gtls_x509_raw_cert_to_gcert(), and MHD_gnutls_datum_t::size.
Referenced by MHD_gtls_proc_cert_server_certificate().
void MHD_gtls_selected_certs_deinit | ( | MHD_gtls_session_t | session | ) |
Definition at line 1208 of file auth_cert.c.
References MHD_gtls_session_int::internals, MHD_gnutls_free, MHD_gtls_gcert_deinit(), MHD_gtls_gkey_deinit(), MHD_gtls_internals_st::selected_cert_list, MHD_gtls_internals_st::selected_cert_list_length, MHD_gtls_internals_st::selected_key, and MHD_gtls_internals_st::selected_need_free.
Referenced by MHD__gnutls_deinit(), and MHD_gtls_selected_certs_set().
void MHD_gtls_selected_certs_set | ( | MHD_gtls_session_t | session, | |
MHD_gnutls_cert * | certs, | |||
int | ncerts, | |||
MHD_gnutls_privkey * | key, | |||
int | need_free | |||
) |
Definition at line 1234 of file auth_cert.c.
References MHD_gtls_session_int::internals, MHD_gtls_selected_certs_deinit(), MHD_gtls_internals_st::selected_cert_list, MHD_gtls_internals_st::selected_cert_list_length, MHD_gtls_internals_st::selected_key, and MHD_gtls_internals_st::selected_need_free.
Referenced by _select_client_cert(), call_get_cert_callback(), and MHD_gtls_server_select_cert().
int MHD_gtls_server_select_cert | ( | MHD_gtls_session_t | session, | |
enum MHD_GNUTLS_PublicKeyAlgorithm | requested_algo | |||
) |
Definition at line 1259 of file auth_cert.c.
References call_get_cert_callback(), MHD_gtls_certificate_credentials_st::cert_list, MHD_gtls_certificate_credentials_st::cert_list_length, MHD_gnutls_cert::cert_type, MHD_gtls_security_param_st::cert_type, GNUTLS_E_INSUFFICIENT_CREDENTIALS, GNUTLS_PK_ANY, MHD_gtls_session_int::key, MHD_gnutls_assert, MHD_GNUTLS_CRD_CERTIFICATE, MHD_gtls_get_cred(), MHD_gtls_selected_certs_set(), MHD_gtls_certificate_credentials_st::ncerts, MHD_gtls_certificate_credentials_st::pkey, MHD_gtls_session_int::security_parameters, MHD_gtls_certificate_credentials_st::server_get_cert_callback, and MHD_gnutls_cert::subject_pk_algorithm.
Referenced by MHD_gtls_remove_unwanted_ciphersuites().