From: Nikos Mavrogiannopoulos Date: Wed, 3 Dec 2014 08:35:26 +0000 (+0100) Subject: gnutls_sign_callback_set() and gnutls_sign_callback_get() were removed X-Git-Tag: gnutls_3_4_0~532 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aee64a282effdd0410b5d813299cbbf58658bc63;p=thirdparty%2Fgnutls.git gnutls_sign_callback_set() and gnutls_sign_callback_get() were removed --- diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 5a8bce0198..949a0d5d6b 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -862,55 +862,6 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) } } -/** - * gnutls_sign_callback_set: - * @session: is a gnutls session - * @sign_func: function pointer to application's sign callback. - * @userdata: void pointer that will be passed to sign callback. - * - * Set the callback function. The function must have this prototype: - * - * typedef int (*gnutls_sign_func) (gnutls_session_t session, - * void *userdata, - * gnutls_certificate_type_t cert_type, - * const gnutls_datum_t * cert, - * const gnutls_datum_t * hash, - * gnutls_datum_t * signature); - * - * The @userdata parameter is passed to the @sign_func verbatim, and - * can be used to store application-specific data needed in the - * callback function. See also gnutls_sign_callback_get(). - * - * Deprecated: Use the PKCS 11 or #gnutls_privkey_t interfacess like gnutls_privkey_import_ext() instead. - **/ -void -gnutls_sign_callback_set(gnutls_session_t session, - gnutls_sign_func sign_func, void *userdata) -{ - session->internals.sign_func = sign_func; - session->internals.sign_func_userdata = userdata; -} - -/** - * gnutls_sign_callback_get: - * @session: is a gnutls session - * @userdata: if non-%NULL, will be set to abstract callback pointer. - * - * Retrieve the callback function, and its userdata pointer. - * - * Returns: The function pointer set by gnutls_sign_callback_set(), or - * if not set, %NULL. - * - * Deprecated: Use the PKCS 11 interfaces instead. - **/ -gnutls_sign_func -gnutls_sign_callback_get(gnutls_session_t session, void **userdata) -{ - if (userdata) - *userdata = session->internals.sign_func_userdata; - return session->internals.sign_func; -} - #define TEST_TEXT "test text" /* returns error if the certificate has different algorithm than * the given key parameters. diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index b9af6fd90b..5b15bde864 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -945,12 +945,6 @@ typedef struct { */ int errnum; - /* Function used to perform public-key signing operation during - handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also - gnutls_sign_callback_set(). */ - gnutls_sign_func sign_func; - void *sign_func_userdata; - /* minimum bits to allow for SRP * use gnutls_srp_set_prime_bits() to adjust it. */ diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index f222623285..4764e14ab4 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -175,58 +175,12 @@ sign_tls_hash(gnutls_session_t session, const mac_entry_st * hash_algo, if (cert != NULL) { gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage); - if (key_usage != 0) + if (key_usage != 0) { if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert(); _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n"); } - - /* External signing. Deprecated. To be removed. */ - if (!pkey) { - int ret; - - if (!session->internals.sign_func) - return - gnutls_assert_val - (GNUTLS_E_INSUFFICIENT_CREDENTIALS); - - if (!_gnutls_version_has_selectable_sighash(ver)) - return (*session->internals.sign_func) - (session, - session->internals.sign_func_userdata, - cert->type, &cert->cert, hash_concat, - signature); - else { - gnutls_datum_t digest; - - ret = - _gnutls_set_datum(&digest, - hash_concat->data, - hash_concat->size); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = - pk_prepare_hash - (gnutls_pubkey_get_pk_algorithm - (cert->pubkey, NULL), hash_algo, - &digest); - if (ret < 0) { - gnutls_assert(); - goto es_cleanup; - } - - ret = (*session->internals.sign_func) - (session, - session->internals.sign_func_userdata, - cert->type, &cert->cert, &digest, - signature); - es_cleanup: - gnutls_free(digest.data); - - return ret; - } } } diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 7aca578b9b..894e31b99c 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -213,14 +213,6 @@ typedef int (*gnutls_sign_func) (gnutls_session_t session, const gnutls_datum_t * hash, gnutls_datum_t * signature); -void -gnutls_sign_callback_set(gnutls_session_t session, - gnutls_sign_func sign_func, - void *userdata) _GNUTLS_GCC_ATTR_DEPRECATED; -gnutls_sign_func -gnutls_sign_callback_get(gnutls_session_t session, - void **userdata) _GNUTLS_GCC_ATTR_DEPRECATED; - /* This is a very dangerous and error-prone function. * Use gnutls_privkey_sign_hash() instead. */