}
}
-/**
- * gnutls_sign_callback_set:
- * @session: is a gnutls session
- * @sign_func: function pointer to application's sign callback.
- * @userdata: void pointer that will be passed to sign callback.
- *
- * Set the callback function. The function must have this prototype:
- *
- * typedef int (*gnutls_sign_func) (gnutls_session_t session,
- * void *userdata,
- * gnutls_certificate_type_t cert_type,
- * const gnutls_datum_t * cert,
- * const gnutls_datum_t * hash,
- * gnutls_datum_t * signature);
- *
- * The @userdata parameter is passed to the @sign_func verbatim, and
- * can be used to store application-specific data needed in the
- * callback function. See also gnutls_sign_callback_get().
- *
- * Deprecated: Use the PKCS 11 or #gnutls_privkey_t interfacess like gnutls_privkey_import_ext() instead.
- **/
-void
-gnutls_sign_callback_set(gnutls_session_t session,
- gnutls_sign_func sign_func, void *userdata)
-{
- session->internals.sign_func = sign_func;
- session->internals.sign_func_userdata = userdata;
-}
-
-/**
- * gnutls_sign_callback_get:
- * @session: is a gnutls session
- * @userdata: if non-%NULL, will be set to abstract callback pointer.
- *
- * Retrieve the callback function, and its userdata pointer.
- *
- * Returns: The function pointer set by gnutls_sign_callback_set(), or
- * if not set, %NULL.
- *
- * Deprecated: Use the PKCS 11 interfaces instead.
- **/
-gnutls_sign_func
-gnutls_sign_callback_get(gnutls_session_t session, void **userdata)
-{
- if (userdata)
- *userdata = session->internals.sign_func_userdata;
- return session->internals.sign_func;
-}
-
#define TEST_TEXT "test text"
/* returns error if the certificate has different algorithm than
* the given key parameters.
*/
int errnum;
- /* Function used to perform public-key signing operation during
- handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
- gnutls_sign_callback_set(). */
- gnutls_sign_func sign_func;
- void *sign_func_userdata;
-
/* minimum bits to allow for SRP
* use gnutls_srp_set_prime_bits() to adjust it.
*/
if (cert != NULL) {
gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
- if (key_usage != 0)
+ if (key_usage != 0) {
if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) {
gnutls_assert();
_gnutls_audit_log(session,
"Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
}
-
- /* External signing. Deprecated. To be removed. */
- if (!pkey) {
- int ret;
-
- if (!session->internals.sign_func)
- return
- gnutls_assert_val
- (GNUTLS_E_INSUFFICIENT_CREDENTIALS);
-
- if (!_gnutls_version_has_selectable_sighash(ver))
- return (*session->internals.sign_func)
- (session,
- session->internals.sign_func_userdata,
- cert->type, &cert->cert, hash_concat,
- signature);
- else {
- gnutls_datum_t digest;
-
- ret =
- _gnutls_set_datum(&digest,
- hash_concat->data,
- hash_concat->size);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- ret =
- pk_prepare_hash
- (gnutls_pubkey_get_pk_algorithm
- (cert->pubkey, NULL), hash_algo,
- &digest);
- if (ret < 0) {
- gnutls_assert();
- goto es_cleanup;
- }
-
- ret = (*session->internals.sign_func)
- (session,
- session->internals.sign_func_userdata,
- cert->type, &cert->cert, &digest,
- signature);
- es_cleanup:
- gnutls_free(digest.data);
-
- return ret;
- }
}
}
const gnutls_datum_t * hash,
gnutls_datum_t * signature);
-void
-gnutls_sign_callback_set(gnutls_session_t session,
- gnutls_sign_func sign_func,
- void *userdata) _GNUTLS_GCC_ATTR_DEPRECATED;
-gnutls_sign_func
-gnutls_sign_callback_get(gnutls_session_t session,
- void **userdata) _GNUTLS_GCC_ATTR_DEPRECATED;
-
/* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash() instead.
*/