From: Nikos Mavrogiannopoulos Date: Wed, 3 Dec 2014 08:37:55 +0000 (+0100) Subject: removed gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data() X-Git-Tag: gnutls_3_4_0~531 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43afcf183df43e2588ec28b1847fe98efb853b70;p=thirdparty%2Fgnutls.git removed gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data() --- diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 894e31b99c..cb79cee43f 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -236,21 +236,6 @@ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, size_t * signature_size) _GNUTLS_GCC_ATTR_DEPRECATED; - /* gnutls_pubkey_verify_data() */ -int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; - - - /* gnutls_pubkey_verify_hash() */ -int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; - /* gnutls_pubkey_get_verify_algorithm() */ int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt, const gnutls_datum_t * diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 4d07334677..513de83a73 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -2809,102 +2809,6 @@ gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, return ret; } -/** - * gnutls_x509_crt_verify_data: - * @crt: Holds the certificate - * @flags: should be 0 for now - * @data: holds the data to be signed - * @signature: contains the signature - * - * This function will verify the given signed data, using the - * parameters from the certificate. - * - * Deprecated. This function cannot be easily used securely. - * Use gnutls_pubkey_verify_data2() instead. - * - * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED - * is returned, and zero or positive code on success. - **/ -int -gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) -{ - int result; - - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - result = - _gnutls_x509_verify_data(GNUTLS_DIG_UNKNOWN, data, signature, - crt); - if (result < 0) { - gnutls_assert(); - return result; - } - - return result; -} - -/** - * gnutls_x509_crt_verify_hash: - * @crt: Holds the certificate - * @flags: should be 0 for now - * @hash: holds the hash digest to be verified - * @signature: contains the signature - * - * This function will verify the given signed digest, using the - * parameters from the certificate. - * - * Deprecated. This function cannot be easily used securely. - * Use gnutls_pubkey_verify_hash2() instead. - * - * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED - * is returned, and zero or positive code on success. - **/ -int -gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) -{ - gnutls_pk_params_st params; - gnutls_digest_algorithm_t algo; - int ret; - - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gnutls_x509_crt_get_verify_algorithm(crt, signature, &algo); - if (ret < 0) - return gnutls_assert_val(ret); - - /* Read the MPI parameters from the issuer's certificate. - */ - ret = _gnutls_x509_crt_get_mpis(crt, ¶ms); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - pubkey_verify_hashed_data(gnutls_x509_crt_get_pk_algorithm - (crt, NULL), hash_to_entry(algo), - hash, signature, ¶ms); - if (ret < 0) { - gnutls_assert(); - } - - /* release all allocated MPIs - */ - gnutls_pk_params_release(¶ms); - - return ret; -} - /** * gnutls_x509_crt_get_crl_dist_points: * @cert: should contain a #gnutls_x509_crt_t structure