privkey.c

Bug Summary

File:	lib/x509/privkey.c
Location:	line 205, column 8
Description:	Although the value stored to 'result' is used in the enclosing expression, the value is never actually read from 'result'

Annotated Source Code

1	/*
2	* Copyright (C) 2003-2005, 2007-2012 Free Software Foundation, Inc.
3	*
4	* Author: Nikos Mavrogiannopoulos
5	*
6	* This file is part of GnuTLS.
7	*
8	* The GnuTLS is free software; you can redistribute it and/or
9	* modify it under the terms of the GNU Lesser General Public License
10	* as published by the Free Software Foundation; either version 3 of
11	* the License, or (at your option) any later version.
12	*
13	* This library is distributed in the hope that it will be useful, but
14	* WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16	* Lesser General Public License for more details.
17	*
18	* You should have received a copy of the GNU Lesser General Public License
19	* along with this program. If not, see <http://www.gnu.org/licenses/>
20	*
21	*/
22
23	#include <gnutls_int.h>
24	#include <gnutls_datumgnutls_datum_t.h>
25	#include <gnutls_global.h>
26	#include <gnutls_errors.h>
27	#include <gnutls_rsa_export.h>
28	#include <gnutls_sig.h>
29	#include <common.h>
30	#include <gnutls_x509.h>
31	#include <x509_b64.h>
32	#include <x509_int.h>
33	#include <gnutls_pk.h>
34	#include <gnutls_mpi.h>
35	#include <gnutls_ecc.h>
36
37	/**
38	* gnutls_x509_privkey_init:
39	* @key: The structure to be initialized
40	*
41	* This function will initialize an private key structure.
42	*
43	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
44	* negative error value.
45	**/
46	int
47	gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
48	{
49	*key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int));
50
51	if (*key)
52	{
53	(key)->key = ASN1_TYPE_EMPTY((void)0);
54	(*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
55	return 0; /* success */
56	}
57
58	return GNUTLS_E_MEMORY_ERROR-25;
59	}
60
61	/**
62	* gnutls_x509_privkey_deinit:
63	* @key: The structure to be deinitialized
64	*
65	* This function will deinitialize a private key structure.
66	**/
67	void
68	gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
69	{
70	if (!key)
71	return;
72
73	gnutls_pk_params_release(&key->params);
74	asn1_delete_structure (&key->key);
75	gnutls_free (key);
76	}
77
78	/**
79	* gnutls_x509_privkey_cpy:
80	* @dst: The destination key, which should be initialized.
81	* @src: The source key
82	*
83	* This function will copy a private key from source to destination
84	* key. Destination has to be initialized.
85	*
86	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
87	* negative error value.
88	**/
89	int
90	gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src)
91	{
92	int i, ret;
93
94	if (!src \|\| !dst)
95	return GNUTLS_E_INVALID_REQUEST-50;
96
97	for (i = 0; i < src->params.params_nr; i++)
98	{
99	dst->params.params[i] = _gnutls_mpi_copy (src->params.params[i])_gnutls_mpi_ops.bigint_set(((void*)0),src->params.params[i ]);
100	if (dst->params.params[i] == NULL((void*)0))
101	return GNUTLS_E_MEMORY_ERROR-25;
102	}
103
104	dst->params.params_nr = src->params.params_nr;
105	dst->params.flags = src->params.flags;
106
107	dst->pk_algorithm = src->pk_algorithm;
108
109	ret = _gnutls_asn1_encode_privkey (dst->pk_algorithm, &dst->key, &dst->params);
110	if (ret < 0)
111	{
112	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",112); } while(0);;
113	return ret;
114	}
115
116	return 0;
117	}
118
119	/* Converts an RSA PKCS#1 key to
120	* an internal structure (gnutls_private_key)
121	*/
122	ASN1_TYPE
123	_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
124	gnutls_x509_privkey_t pkey)
125	{
126	int result;
127	ASN1_TYPE pkey_asn;
128
129	gnutls_pk_params_init(&pkey->params);
130
131	if ((result =
132	asn1_create_element (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn),
133	"GNUTLS.RSAPrivateKey",
134	&pkey_asn)) != ASN1_SUCCESS0)
135	{
136	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",136); } while(0);;
137	return NULL((void*)0);
138	}
139
140	result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL((void*)0));
141	if (result != ASN1_SUCCESS0)
142	{
143	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",143); } while(0);;
144	goto error;
145	}
146
147	if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
148	&pkey->params.params[0])) < 0)
149	{
150	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",150); } while(0);;
151	goto error;
152	}
153	pkey->params.params_nr++;
154
155	if ((result =
156	_gnutls_x509_read_int (pkey_asn, "publicExponent",
157	&pkey->params.params[1])) < 0)
158	{
159	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",159); } while(0);;
160	goto error;
161	}
162	pkey->params.params_nr++;
163
164	if ((result =
165	_gnutls_x509_read_int (pkey_asn, "privateExponent",
166	&pkey->params.params[2])) < 0)
167	{
168	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",168); } while(0);;
169	goto error;
170	}
171	pkey->params.params_nr++;
172
173	if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
174	&pkey->params.params[3])) < 0)
175	{
176	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",176); } while(0);;
177	goto error;
178	}
179	pkey->params.params_nr++;
180
181	if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
182	&pkey->params.params[4])) < 0)
183	{
184	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",184); } while(0);;
185	goto error;
186	}
187	pkey->params.params_nr++;
188
189	if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
190	&pkey->params.params[5])) < 0)
191	{
192	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",192); } while(0);;
193	goto error;
194	}
195	pkey->params.params_nr++;
196
197	if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
198	&pkey->params.params[6])) < 0)
199	{
200	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",200); } while(0);;
201	goto error;
202	}
203	pkey->params.params_nr++;
204
205	if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
	Although the value stored to 'result' is used in the enclosing expression, the value is never actually read from 'result'
206	&pkey->params.params[7])) < 0)
207	{
208	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",208); } while(0);;
209	goto error;
210	}
211	pkey->params.params_nr++;
212
213	result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params);
214	if (result < 0)
215	{
216	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",216); } while(0);;
217	goto error;
218	}
219
220	pkey->params.params_nr = RSA_PRIVATE_PARAMS8;
221
222	return pkey_asn;
223
224	error:
225	asn1_delete_structure (&pkey_asn);
226	gnutls_pk_params_release (&pkey->params);
227	return NULL((void*)0);
228
229	}
230
231	/* Converts an ECC key to
232	* an internal structure (gnutls_private_key)
233	*/
234	ASN1_TYPE
235	_gnutls_privkey_decode_ecc_key (const gnutls_datum_t * raw_key,
236	gnutls_x509_privkey_t pkey)
237	{
238	int ret;
239	ASN1_TYPE pkey_asn;
240	unsigned int version;
241	char oid[MAX_OID_SIZE128];
242	int oid_size;
243	gnutls_datumgnutls_datum_t out;
244
245	gnutls_pk_params_init(&pkey->params);
246
247	if ((ret =
248	asn1_create_element (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn),
249	"GNUTLS.ECPrivateKey",
250	&pkey_asn)) != ASN1_SUCCESS0)
251	{
252	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",252); } while(0);;
253	return NULL((void*)0);
254	}
255
256	ret = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL((void*)0));
257	if (ret != ASN1_SUCCESS0)
258	{
259	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",259); } while(0);;
260	goto error;
261	}
262
263	ret = _gnutls_x509_read_uint (pkey_asn, "Version", &version);
264	if (ret < 0)
265	{
266	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",266); } while(0);;
267	goto error;
268	}
269
270	if (version != 1)
271	{
272	_gnutls_debug_log("ECC private key version %u is not supported\n", version)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ECC private key version %u is not supported\n", version ); } while(0);
273	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",273); } while(0);;
274	goto error;
275	}
276
277	/* read the curve */
278	oid_size = sizeof(oid);
279	ret = asn1_read_value(pkey_asn, "parameters.namedCurve", oid, &oid_size);
280	if (ret != ASN1_SUCCESS0)
281	{
282	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",282); } while(0);;
283	goto error;
284	}
285
286	pkey->params.flags = _gnutls_oid_to_ecc_curve(oid);
287	if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID)
288	{
289	_gnutls_debug_log("Curve %s is not supported\n", oid)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "Curve %s is not supported\n", oid); } while(0);
290	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",290); } while(0);;
291	goto error;
292	}
293
294	ret = _gnutls_ecc_curve_fill_params(pkey->params.flags, &pkey->params);
295	if (ret < 0)
296	{
297	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",297); } while(0);;
298	goto error;
299	}
300
301	/* read the public key */
302	ret = _gnutls_x509_read_value(pkey_asn, "publicKey", &out, 2);
303	if (ret < 0)
304	{
305	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",305); } while(0);;
306	goto error;
307	}
308
309	ret = _gnutls_ecc_ansi_x963_import (out.data, out.size, &pkey->params.params[ECC_X6],
310	&pkey->params.params[ECC_Y7]);
311
312	_gnutls_free_datum(&out)_gnutls_free_datum_m(&out, gnutls_free);
313	if (ret < 0)
314	{
315	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",315); } while(0);;
316	goto error;
317	}
318	pkey->params.params_nr += 2;
319
320	/* read the private key */
321	ret = _gnutls_x509_read_int (pkey_asn, "privateKey", &pkey->params.params[ECC_K8]);
322	if (ret < 0)
323	{
324	gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",324); } while(0);;
325	goto error;
326	}
327	pkey->params.params_nr ++;
328
329	return pkey_asn;
330
331	error:
332	asn1_delete_structure (&pkey_asn);
333	gnutls_pk_params_release (&pkey->params);
334	return NULL((void*)0);
335
336	}
337
338
339	static ASN1_TYPE
340	decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
341	{
342	int result;
343	ASN1_TYPE dsa_asn;
344
345	if ((result =
346	asn1_create_element (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn),
347	"GNUTLS.DSAPrivateKey",
348	&dsa_asn)) != ASN1_SUCCESS0)
349	{
350	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",350); } while(0);;
351	return NULL((void*)0);
352	}
353
354	pkey->params.params_nr = 0;
355
356	result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL((void*)0));
357	if (result != ASN1_SUCCESS0)
358	{
359	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",359); } while(0);;
360	goto error;
361	}
362
363	if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params.params[0])) < 0)
364	{
365	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",365); } while(0);;
366	goto error;
367	}
368	pkey->params.params_nr++;
369
370	if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params.params[1])) < 0)
371	{
372	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",372); } while(0);;
373	goto error;
374	}
375	pkey->params.params_nr++;
376
377	if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params.params[2])) < 0)
378	{
379	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",379); } while(0);;
380	goto error;
381	}
382	pkey->params.params_nr++;
383
384	if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params.params[3])) < 0)
385	{
386	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",386); } while(0);;
387	goto error;
388	}
389	pkey->params.params_nr++;
390
391	if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
392	&pkey->params.params[4])) < 0)
393	{
394	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",394); } while(0);;
395	goto error;
396	}
397	pkey->params.params_nr++;
398
399	return dsa_asn;
400
401	error:
402	asn1_delete_structure (&dsa_asn);
403	gnutls_pk_params_release(&pkey->params);
404	return NULL((void*)0);
405
406	}
407
408
409	#define PEM_KEY_DSA"DSA PRIVATE KEY" "DSA PRIVATE KEY"
410	#define PEM_KEY_RSA"RSA PRIVATE KEY" "RSA PRIVATE KEY"
411	#define PEM_KEY_ECC"EC PRIVATE KEY" "EC PRIVATE KEY"
412
413	/**
414	* gnutls_x509_privkey_import:
415	* @key: The structure to store the parsed key
416	* @data: The DER or PEM encoded certificate.
417	* @format: One of DER or PEM
418	*
419	* This function will convert the given DER or PEM encoded key to the
420	* native #gnutls_x509_privkey_t format. The output will be stored in
421	* @key .
422	*
423	* If the key is PEM encoded it should have a header of "RSA PRIVATE
424	* KEY", or "DSA PRIVATE KEY".
425	*
426	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
427	* negative error value.
428	**/
429	int
430	gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
431	const gnutls_datum_t * data,
432	gnutls_x509_crt_fmt_t format)
433	{
434	int result = 0, need_free = 0;
435	gnutls_datum_t _data;
436
437	if (key == NULL((void*)0))
438	{
439	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",439); } while(0);;
440	return GNUTLS_E_INVALID_REQUEST-50;
441	}
442
443	_data.data = data->data;
444	_data.size = data->size;
445
446	key->pk_algorithm = GNUTLS_PK_UNKNOWN;
447
448	/* If the Certificate is in PEM format then decode it
449	*/
450	if (format == GNUTLS_X509_FMT_PEM)
451	{
452	opaque *out;
453
454	/* Try the first header */
455	result =
456	_gnutls_fbase64_decode (PEM_KEY_RSA"RSA PRIVATE KEY", data->data, data->size, &out);
457
458	if (result >= 0)
459	key->pk_algorithm = GNUTLS_PK_RSA;
460
461	if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR-207)
462	{
463	/* try for the second header */
464	result =
465	_gnutls_fbase64_decode (PEM_KEY_DSA"DSA PRIVATE KEY", data->data, data->size,
466	&out);
467
468	if (result >= 0)
469	key->pk_algorithm = GNUTLS_PK_DSA;
470
471	if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR-207)
472	{
473	/* try for the second header */
474	result =
475	_gnutls_fbase64_decode (PEM_KEY_ECC"EC PRIVATE KEY", data->data, data->size,
476	&out);
477	if (result >= 0)
478	key->pk_algorithm = GNUTLS_PK_EC;
479	}
480	}
481
482	if (result < 0)
483	{
484	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",484); } while(0);;
485	goto failover;
486	}
487
488	_data.data = out;
489	_data.size = result;
490
491	need_free = 1;
492	}
493
494	if (key->pk_algorithm == GNUTLS_PK_RSA)
495	{
496	key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
497	if (key->key == NULL((void*)0))
498	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",498); } while(0);;
499	}
500	else if (key->pk_algorithm == GNUTLS_PK_DSA)
501	{
502	key->key = decode_dsa_key (&_data, key);
503	if (key->key == NULL((void*)0))
504	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",504); } while(0);;
505	}
506	else if (key->pk_algorithm == GNUTLS_PK_EC)
507	{
508	key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
509	if (key->key == NULL((void*)0))
510	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",510); } while(0);;
511	}
512	else
513	{
514	/* Try decoding with both, and accept the one that
515	* succeeds.
516	*/
517	key->pk_algorithm = GNUTLS_PK_RSA;
518	key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
519
520	if (key->key == NULL((void*)0))
521	{
522	key->pk_algorithm = GNUTLS_PK_DSA;
523	key->key = decode_dsa_key (&_data, key);
524	if (key->key == NULL((void*)0))
525	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",525); } while(0);;
526	}
527	}
528
529	if (key->key == NULL((void*)0))
530	{
531	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",531); } while(0);;
532	result = GNUTLS_E_ASN1_DER_ERROR-69;
533	goto failover;
534	}
535
536	if (need_free)
537	_gnutls_free_datum (&_data)_gnutls_free_datum_m(&_data, gnutls_free);
538
539	/* The key has now been decoded.
540	*/
541
542	return 0;
543
544	failover:
545	/* Try PKCS #8 */
546	#ifdef ENABLE_PKI1
547	if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR-207)
548	{
549	_gnutls_debug_log ("Falling back to PKCS #8 key decoding\n")do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "Falling back to PKCS #8 key decoding\n"); } while(0);
550	result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
551	NULL((void*)0), GNUTLS_PKCS_PLAIN);
552	}
553	#endif
554
555	if (need_free)
556	_gnutls_free_datum (&_data)_gnutls_free_datum_m(&_data, gnutls_free);
557
558	return result;
559	}
560
561	/**
562	* gnutls_x509_privkey_import_rsa_raw:
563	* @key: The structure to store the parsed key
564	* @m: holds the modulus
565	* @e: holds the public exponent
566	* @d: holds the private exponent
567	* @p: holds the first prime (p)
568	* @q: holds the second prime (q)
569	* @u: holds the coefficient
570	*
571	* This function will convert the given RSA raw parameters to the
572	* native #gnutls_x509_privkey_t format. The output will be stored in
573	* @key.
574	*
575	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
576	* negative error value.
577	**/
578	int
579	gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
580	const gnutls_datum_t * m,
581	const gnutls_datum_t * e,
582	const gnutls_datum_t * d,
583	const gnutls_datum_t * p,
584	const gnutls_datum_t * q,
585	const gnutls_datum_t * u)
586	{
587	return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL((void*)0),
588	NULL((void*)0));
589	}
590
591	/**
592	* gnutls_x509_privkey_import_rsa_raw2:
593	* @key: The structure to store the parsed key
594	* @m: holds the modulus
595	* @e: holds the public exponent
596	* @d: holds the private exponent
597	* @p: holds the first prime (p)
598	* @q: holds the second prime (q)
599	* @u: holds the coefficient
600	* @e1: holds e1 = d mod (p-1)
601	* @e2: holds e2 = d mod (q-1)
602	*
603	* This function will convert the given RSA raw parameters to the
604	* native #gnutls_x509_privkey_t format. The output will be stored in
605	* @key.
606	*
607	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
608	* negative error value.
609	**/
610	int
611	gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
612	const gnutls_datum_t * m,
613	const gnutls_datum_t * e,
614	const gnutls_datum_t * d,
615	const gnutls_datum_t * p,
616	const gnutls_datum_t * q,
617	const gnutls_datum_t * u,
618	const gnutls_datum_t * e1,
619	const gnutls_datum_t * e2)
620	{
621	int ret;
622	size_t siz = 0;
623
624	if (key == NULL((void*)0))
625	{
626	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",626); } while(0);;
627	return GNUTLS_E_INVALID_REQUEST-50;
628	}
629
630	gnutls_pk_params_init(&key->params);
631
632	siz = m->size;
633	if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz))
634	{
635	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",635); } while(0);;
636	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
637	goto cleanup;
638	}
639	key->params.params_nr++;
640
641	siz = e->size;
642	if (_gnutls_mpi_scan_nz (&key->params.params[1], e->data, siz))
643	{
644	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",644); } while(0);;
645	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
646	goto cleanup;
647	}
648	key->params.params_nr++;
649
650	siz = d->size;
651	if (_gnutls_mpi_scan_nz (&key->params.params[2], d->data, siz))
652	{
653	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",653); } while(0);;
654	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
655	goto cleanup;
656	}
657	key->params.params_nr++;
658
659	siz = p->size;
660	if (_gnutls_mpi_scan_nz (&key->params.params[3], p->data, siz))
661	{
662	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",662); } while(0);;
663	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
664	goto cleanup;
665	}
666	key->params.params_nr++;
667
668	siz = q->size;
669	if (_gnutls_mpi_scan_nz (&key->params.params[4], q->data, siz))
670	{
671	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",671); } while(0);;
672	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
673	goto cleanup;
674	}
675	key->params.params_nr++;
676
677	siz = u->size;
678	if (_gnutls_mpi_scan_nz (&key->params.params[5], u->data, siz))
679	{
680	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",680); } while(0);;
681	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
682	goto cleanup;
683	}
684	key->params.params_nr++;
685
686	if (e1 && e2)
687	{
688	siz = e1->size;
689	if (_gnutls_mpi_scan_nz (&key->params.params[6], e1->data, siz))
690	{
691	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",691); } while(0);;
692	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
693	goto cleanup;
694	}
695	key->params.params_nr++;
696
697	siz = e2->size;
698	if (_gnutls_mpi_scan_nz (&key->params.params[7], e2->data, siz))
699	{
700	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",700); } while(0);;
701	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
702	goto cleanup;
703	}
704	key->params.params_nr++;
705	}
706
707	ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &key->params);
708	if (ret < 0)
709	{
710	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",710); } while(0);;
711	goto cleanup;
712	}
713
714	ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_RSA, &key->key, &key->params);
715	if (ret < 0)
716	{
717	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",717); } while(0);;
718	goto cleanup;
719	}
720
721	key->params.params_nr = RSA_PRIVATE_PARAMS8;
722	key->pk_algorithm = GNUTLS_PK_RSA;
723
724	return 0;
725
726	cleanup:
727	gnutls_pk_params_release(&key->params);
728	return ret;
729
730	}
731
732	/**
733	* gnutls_x509_privkey_import_dsa_raw:
734	* @key: The structure to store the parsed key
735	* @p: holds the p
736	* @q: holds the q
737	* @g: holds the g
738	* @y: holds the y
739	* @x: holds the x
740	*
741	* This function will convert the given DSA raw parameters to the
742	* native #gnutls_x509_privkey_t format. The output will be stored
743	* in @key.
744	*
745	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
746	* negative error value.
747	**/
748	int
749	gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
750	const gnutls_datum_t * p,
751	const gnutls_datum_t * q,
752	const gnutls_datum_t * g,
753	const gnutls_datum_t * y,
754	const gnutls_datum_t * x)
755	{
756	int ret;
757	size_t siz = 0;
758
759	if (key == NULL((void*)0))
760	{
761	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",761); } while(0);;
762	return GNUTLS_E_INVALID_REQUEST-50;
763	}
764
765	siz = p->size;
766	if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz))
767	{
768	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",768); } while(0);;
769	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
770	goto cleanup;
771	}
772
773	siz = q->size;
774	if (_gnutls_mpi_scan_nz (&key->params.params[1], q->data, siz))
775	{
776	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",776); } while(0);;
777	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
778	goto cleanup;
779	}
780
781	siz = g->size;
782	if (_gnutls_mpi_scan_nz (&key->params.params[2], g->data, siz))
783	{
784	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",784); } while(0);;
785	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
786	goto cleanup;
787	}
788
789	siz = y->size;
790	if (_gnutls_mpi_scan_nz (&key->params.params[3], y->data, siz))
791	{
792	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",792); } while(0);;
793	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
794	goto cleanup;
795	}
796
797	siz = x->size;
798	if (_gnutls_mpi_scan_nz (&key->params.params[4], x->data, siz))
799	{
800	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",800); } while(0);;
801	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
802	goto cleanup;
803	}
804
805	ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &key->key, &key->params);
806	if (ret < 0)
807	{
808	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",808); } while(0);;
809	goto cleanup;
810	}
811
812	key->params.params_nr = DSA_PRIVATE_PARAMS5;
813	key->pk_algorithm = GNUTLS_PK_DSA;
814
815	return 0;
816
817	cleanup:
818	gnutls_pk_params_release(&key->params);
819	return ret;
820
821	}
822
823	/**
824	* gnutls_x509_privkey_import_ecc_raw:
825	* @key: The structure to store the parsed key
826	* @curve: holds the curve
827	* @x: holds the x
828	* @y: holds the y
829	* @k: holds the k
830	*
831	* This function will convert the given elliptic curve parameters to the
832	* native #gnutls_x509_privkey_t format. The output will be stored
833	* in @key.
834	*
835	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
836	* negative error value.
837	*
838	* Since: 3.0.0
839	**/
840	int
841	gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t key,
842	gnutls_ecc_curve_t curve,
843	const gnutls_datum_t * x,
844	const gnutls_datum_t * y,
845	const gnutls_datum_t * k)
846	{
847	int ret;
848
849	if (key == NULL((void*)0))
850	{
851	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",851); } while(0);;
852	return GNUTLS_E_INVALID_REQUEST-50;
853	}
854
855	key->params.flags = curve;
856
857	ret = _gnutls_ecc_curve_fill_params(curve, &key->params);
858	if (ret < 0)
859	return gnutls_assert_val(ret)gnutls_assert_val_int(ret, "privkey.c", 859);
860
861	if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X6], x->data, x->size))
862	{
863	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",863); } while(0);;
864	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
865	goto cleanup;
866	}
867	key->params.params_nr++;
868
869	if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y7], y->data, y->size))
870	{
871	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",871); } while(0);;
872	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
873	goto cleanup;
874	}
875	key->params.params_nr++;
876
877	if (_gnutls_mpi_scan_nz (&key->params.params[ECC_K8], k->data, k->size))
878	{
879	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",879); } while(0);;
880	ret = GNUTLS_E_MPI_SCAN_FAILED-23;
881	goto cleanup;
882	}
883	key->params.params_nr++;
884
885	key->pk_algorithm = GNUTLS_PK_EC;
886
887	return 0;
888
889	cleanup:
890	gnutls_pk_params_release(&key->params);
891	return ret;
892
893	}
894
895
896	/**
897	* gnutls_x509_privkey_get_pk_algorithm:
898	* @key: should contain a #gnutls_x509_privkey_t structure
899	*
900	* This function will return the public key algorithm of a private
901	* key.
902	*
903	* Returns: a member of the #gnutls_pk_algorithm_t enumeration on
904	* success, or a negative error code on error.
905	**/
906	int
907	gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
908	{
909	if (key == NULL((void*)0))
910	{
911	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",911); } while(0);;
912	return GNUTLS_E_INVALID_REQUEST-50;
913	}
914
915	return key->pk_algorithm;
916	}
917
918	/**
919	* gnutls_x509_privkey_export:
920	* @key: Holds the key
921	* @format: the format of output params. One of PEM or DER.
922	* @output_data: will contain a private key PEM or DER encoded
923	* @output_data_size: holds the size of output_data (and will be
924	* replaced by the actual size of parameters)
925	*
926	* This function will export the private key to a PKCS1 structure for
927	* RSA keys, or an integer sequence for DSA keys. The DSA keys are in
928	* the same format with the parameters used by openssl.
929	*
930	* If the buffer provided is not long enough to hold the output, then
931	* *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER
932	* will be returned.
933	*
934	* If the structure is PEM encoded, it will have a header
935	* of "BEGIN RSA PRIVATE KEY".
936	*
937	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
938	* negative error value.
939	**/
940	int
941	gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
942	gnutls_x509_crt_fmt_t format, void *output_data,
943	size_t * output_data_size)
944	{
945	const char *msg;
946
947	if (key == NULL((void*)0))
948	{
949	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",949); } while(0);;
950	return GNUTLS_E_INVALID_REQUEST-50;
951	}
952
953	if (key->pk_algorithm == GNUTLS_PK_RSA)
954	msg = PEM_KEY_RSA"RSA PRIVATE KEY";
955	else if (key->pk_algorithm == GNUTLS_PK_DSA)
956	msg = PEM_KEY_DSA"DSA PRIVATE KEY";
957	else if (key->pk_algorithm == GNUTLS_PK_EC)
958	msg = PEM_KEY_ECC"EC PRIVATE KEY";
959	else
960	msg = "UNKNOWN";
961
962	return _gnutls_x509_export_int (key->key, format, msg,
963	output_data, output_data_size);
964	}
965
966	/**
967	* gnutls_x509_privkey_sec_param:
968	* @key: a key structure
969	*
970	* This function will return the security parameter appropriate with
971	* this private key.
972	*
973	* Returns: On success, a valid security parameter is returned otherwise
974	* %GNUTLS_SEC_PARAM_UNKNOWN is returned.
975	*
976	* Since: 2.12.0
977	**/
978	gnutls_sec_param_t
979	gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
980	{
981	int bits;
982
983	bits = pubkey_to_bits(key->pk_algorithm, &key->params);
984	if (bits <= 0)
985	return GNUTLS_SEC_PARAM_UNKNOWN;
986
987	return gnutls_pk_bits_to_sec_param(key->pk_algorithm, bits);
988	}
989
990	/**
991	* gnutls_x509_privkey_export_ecc_raw:
992	* @key: a structure that holds the rsa parameters
993	* @curve: will hold the curve
994	* @x: will hold the x coordinate
995	* @y: will hold the y coordinate
996	* @k: will hold the private key
997	*
998	* This function will export the ECC private key's parameters found
999	* in the given structure. The new parameters will be allocated using
1000	* gnutls_malloc() and will be stored in the appropriate datum.
1001	*
1002	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1003	* negative error value.
1004	*
1005	* Since: 3.0.0
1006	**/
1007	int gnutls_x509_privkey_export_ecc_raw (gnutls_x509_privkey_t key,
1008	gnutls_ecc_curve_t *curve,
1009	gnutls_datum_t * x, gnutls_datum_t * y,
1010	gnutls_datum_t* k)
1011	{
1012	int ret;
1013
1014	if (key == NULL((void*)0))
1015	{
1016	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1016); } while(0);;
1017	return GNUTLS_E_INVALID_REQUEST-50;
1018	}
1019
1020	*curve = key->params.flags;
1021
1022	/* X */
1023	ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X6], x);
1024	if (ret < 0)
1025	{
1026	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1026); } while(0);;
1027	return ret;
1028	}
1029
1030	/* Y */
1031	ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y7], y);
1032	if (ret < 0)
1033	{
1034	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1034); } while(0);;
1035	_gnutls_free_datum (x)_gnutls_free_datum_m(x, gnutls_free);
1036	return ret;
1037	}
1038
1039
1040	/* K */
1041	ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_K8], k);
1042	if (ret < 0)
1043	{
1044	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1044); } while(0);;
1045	_gnutls_free_datum (x)_gnutls_free_datum_m(x, gnutls_free);
1046	_gnutls_free_datum (y)_gnutls_free_datum_m(y, gnutls_free);
1047	return ret;
1048	}
1049
1050	return 0;
1051
1052	}
1053
1054	/**
1055	* gnutls_x509_privkey_export_rsa_raw:
1056	* @key: a structure that holds the rsa parameters
1057	* @m: will hold the modulus
1058	* @e: will hold the public exponent
1059	* @d: will hold the private exponent
1060	* @p: will hold the first prime (p)
1061	* @q: will hold the second prime (q)
1062	* @u: will hold the coefficient
1063	*
1064	* This function will export the RSA private key's parameters found
1065	* in the given structure. The new parameters will be allocated using
1066	* gnutls_malloc() and will be stored in the appropriate datum.
1067	*
1068	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1069	* negative error value.
1070	**/
1071	int
1072	gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
1073	gnutls_datum_t * m, gnutls_datum_t * e,
1074	gnutls_datum_t * d, gnutls_datum_t * p,
1075	gnutls_datum_t * q, gnutls_datum_t * u)
1076	{
1077
1078	return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL((void*)0),
1079	NULL((void*)0));
1080	}
1081
1082	/**
1083	* gnutls_x509_privkey_export_rsa_raw2:
1084	* @key: a structure that holds the rsa parameters
1085	* @m: will hold the modulus
1086	* @e: will hold the public exponent
1087	* @d: will hold the private exponent
1088	* @p: will hold the first prime (p)
1089	* @q: will hold the second prime (q)
1090	* @u: will hold the coefficient
1091	* @e1: will hold e1 = d mod (p-1)
1092	* @e2: will hold e2 = d mod (q-1)
1093	*
1094	* This function will export the RSA private key's parameters found
1095	* in the given structure. The new parameters will be allocated using
1096	* gnutls_malloc() and will be stored in the appropriate datum.
1097	*
1098	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1099	* negative error value.
1100	*
1101	* Since: 2.12.0
1102	**/
1103	int
1104	gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
1105	gnutls_datum_t * m, gnutls_datum_t * e,
1106	gnutls_datum_t * d, gnutls_datum_t * p,
1107	gnutls_datum_t * q, gnutls_datum_t * u,
1108	gnutls_datum_t * e1, gnutls_datum_t * e2)
1109	{
1110	int ret;
1111	gnutls_pk_params_st pk_params;
1112
1113	gnutls_pk_params_init(&pk_params);
1114
1115	if (key == NULL((void*)0))
1116	{
1117	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1117); } while(0);;
1118	return GNUTLS_E_INVALID_REQUEST-50;
1119	}
1120
1121	m->data = e->data = d->data = p->data = q->data = u->data = NULL((void*)0);
1122	m->size = e->size = d->size = p->size = q->size = u->size = 0;
1123
1124	ret = _gnutls_pk_params_copy (&pk_params, &key->params);
1125	if (ret < 0)
1126	{
1127	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1127); } while(0);;
1128	return ret;
1129	}
1130
1131	ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
1132	if (ret < 0)
1133	{
1134	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1134); } while(0);;
1135	goto error;
1136	}
1137
1138	ret = _gnutls_mpi_dprint_lz (pk_params.params[0], m);
1139	if (ret < 0)
1140	{
1141	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1141); } while(0);;
1142	goto error;
1143	}
1144
1145	/* E */
1146	ret = _gnutls_mpi_dprint_lz (pk_params.params[1], e);
1147	if (ret < 0)
1148	{
1149	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1149); } while(0);;
1150	goto error;
1151	}
1152
1153	/* D */
1154	ret = _gnutls_mpi_dprint_lz (pk_params.params[2], d);
1155	if (ret < 0)
1156	{
1157	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1157); } while(0);;
1158	goto error;
1159	}
1160
1161	/* P */
1162	ret = _gnutls_mpi_dprint_lz (pk_params.params[3], p);
1163	if (ret < 0)
1164	{
1165	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1165); } while(0);;
1166	goto error;
1167	}
1168
1169	/* Q */
1170	ret = _gnutls_mpi_dprint_lz (pk_params.params[4], q);
1171	if (ret < 0)
1172	{
1173	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1173); } while(0);;
1174	goto error;
1175	}
1176
1177	/* U */
1178	ret = _gnutls_mpi_dprint_lz (key->params.params[5], u);
1179	if (ret < 0)
1180	{
1181	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1181); } while(0);;
1182	goto error;
1183	}
1184
1185	/* E1 */
1186	if (e1)
1187	{
1188	ret = _gnutls_mpi_dprint_lz (key->params.params[6], e1);
1189	if (ret < 0)
1190	{
1191	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1191); } while(0);;
1192	goto error;
1193	}
1194	}
1195
1196	/* E2 */
1197	if (e2)
1198	{
1199	ret = _gnutls_mpi_dprint_lz (key->params.params[7], e2);
1200	if (ret < 0)
1201	{
1202	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1202); } while(0);;
1203	goto error;
1204	}
1205	}
1206
1207	gnutls_pk_params_release (&pk_params);
1208
1209	return 0;
1210
1211	error:
1212	_gnutls_free_datum (m)_gnutls_free_datum_m(m, gnutls_free);
1213	_gnutls_free_datum (d)_gnutls_free_datum_m(d, gnutls_free);
1214	_gnutls_free_datum (e)_gnutls_free_datum_m(e, gnutls_free);
1215	_gnutls_free_datum (p)_gnutls_free_datum_m(p, gnutls_free);
1216	_gnutls_free_datum (q)_gnutls_free_datum_m(q, gnutls_free);
1217	gnutls_pk_params_release (&pk_params);
1218
1219	return ret;
1220	}
1221
1222	/**
1223	* gnutls_x509_privkey_export_dsa_raw:
1224	* @key: a structure that holds the DSA parameters
1225	* @p: will hold the p
1226	* @q: will hold the q
1227	* @g: will hold the g
1228	* @y: will hold the y
1229	* @x: will hold the x
1230	*
1231	* This function will export the DSA private key's parameters found
1232	* in the given structure. The new parameters will be allocated using
1233	* gnutls_malloc() and will be stored in the appropriate datum.
1234	*
1235	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1236	* negative error value.
1237	**/
1238	int
1239	gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
1240	gnutls_datum_t * p, gnutls_datum_t * q,
1241	gnutls_datum_t * g, gnutls_datum_t * y,
1242	gnutls_datum_t * x)
1243	{
1244	int ret;
1245
1246	if (key == NULL((void*)0))
1247	{
1248	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1248); } while(0);;
1249	return GNUTLS_E_INVALID_REQUEST-50;
1250	}
1251
1252	/* P */
1253	ret = _gnutls_mpi_dprint_lz (key->params.params[0], p);
1254	if (ret < 0)
1255	{
1256	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1256); } while(0);;
1257	return ret;
1258	}
1259
1260	/* Q */
1261	ret = _gnutls_mpi_dprint_lz (key->params.params[1], q);
1262	if (ret < 0)
1263	{
1264	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1264); } while(0);;
1265	_gnutls_free_datum (p)_gnutls_free_datum_m(p, gnutls_free);
1266	return ret;
1267	}
1268
1269
1270	/* G */
1271	ret = _gnutls_mpi_dprint_lz (key->params.params[2], g);
1272	if (ret < 0)
1273	{
1274	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1274); } while(0);;
1275	_gnutls_free_datum (p)_gnutls_free_datum_m(p, gnutls_free);
1276	_gnutls_free_datum (q)_gnutls_free_datum_m(q, gnutls_free);
1277	return ret;
1278	}
1279
1280
1281	/* Y */
1282	ret = _gnutls_mpi_dprint_lz (key->params.params[3], y);
1283	if (ret < 0)
1284	{
1285	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1285); } while(0);;
1286	_gnutls_free_datum (p)_gnutls_free_datum_m(p, gnutls_free);
1287	_gnutls_free_datum (g)_gnutls_free_datum_m(g, gnutls_free);
1288	_gnutls_free_datum (q)_gnutls_free_datum_m(q, gnutls_free);
1289	return ret;
1290	}
1291
1292	/* X */
1293	ret = _gnutls_mpi_dprint_lz (key->params.params[4], x);
1294	if (ret < 0)
1295	{
1296	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1296); } while(0);;
1297	_gnutls_free_datum (y)_gnutls_free_datum_m(y, gnutls_free);
1298	_gnutls_free_datum (p)_gnutls_free_datum_m(p, gnutls_free);
1299	_gnutls_free_datum (g)_gnutls_free_datum_m(g, gnutls_free);
1300	_gnutls_free_datum (q)_gnutls_free_datum_m(q, gnutls_free);
1301	return ret;
1302	}
1303
1304	return 0;
1305	}
1306
1307	/**
1308	* gnutls_x509_privkey_generate:
1309	* @key: should contain a #gnutls_x509_privkey_t structure
1310	* @algo: is one of the algorithms in #gnutls_pk_algorithm_t.
1311	* @bits: the size of the modulus
1312	* @flags: unused for now. Must be 0.
1313	*
1314	* This function will generate a random private key. Note that this
1315	* function must be called on an empty private key.
1316	*
1317	* Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits().
1318	*
1319	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1320	* negative error value.
1321	**/
1322	int
1323	gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
1324	gnutls_pk_algorithm_t algo, unsigned int bits,
1325	unsigned int flags)
1326	{
1327	int ret;
1328
1329	if (key == NULL((void*)0))
1330	{
1331	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1331); } while(0);;
1332	return GNUTLS_E_INVALID_REQUEST-50;
1333	}
1334
1335	gnutls_pk_params_init(&key->params);
1336
1337	if (algo == GNUTLS_PK_EC)
1338	bits = _gnutls_ecc_bits_to_curve(bits);
1339
1340	ret = _gnutls_pk_generate (algo, bits, &key->params)_gnutls_pk_ops.generate( algo, bits, &key->params);
1341	if (ret < 0)
1342	{
1343	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1343); } while(0);;
1344	return ret;
1345	}
1346
1347	ret = _gnutls_asn1_encode_privkey (algo, &key->key, &key->params);
1348	if (ret < 0)
1349	{
1350	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1350); } while(0);;
1351	goto cleanup;
1352	}
1353	key->pk_algorithm = algo;
1354
1355	return 0;
1356
1357	cleanup:
1358	key->pk_algorithm = GNUTLS_PK_UNKNOWN;
1359	gnutls_pk_params_release(&key->params);
1360
1361	return ret;
1362	}
1363
1364	/**
1365	* gnutls_x509_privkey_verify_params:
1366	* @key: should contain a #gnutls_x509_privkey_t structure
1367	*
1368	* This function will verify the private key parameters.
1369	*
1370	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1371	* negative error value.
1372	**/
1373	int
1374	gnutls_x509_privkey_verify_params (gnutls_x509_privkey_t key)
1375	{
1376	int ret;
1377
1378	ret = _gnutls_pk_verify_params (key->pk_algorithm, &key->params)_gnutls_pk_ops.verify_params( key->pk_algorithm, &key-> params);
1379	if (ret < 0)
1380	{
1381	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1381); } while(0);;
1382	return ret;
1383	}
1384
1385	return 0;
1386	}
1387
1388	/**
1389	* gnutls_x509_privkey_get_key_id:
1390	* @key: Holds the key
1391	* @flags: should be 0 for now
1392	* @output_data: will contain the key ID
1393	* @output_data_size: holds the size of output_data (and will be
1394	* replaced by the actual size of parameters)
1395	*
1396	* This function will return a unique ID the depends on the public key
1397	* parameters. This ID can be used in checking whether a certificate
1398	* corresponds to the given key.
1399	*
1400	* If the buffer provided is not long enough to hold the output, then
1401	* *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
1402	* be returned. The output will normally be a SHA-1 hash output,
1403	* which is 20 bytes.
1404	*
1405	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1406	* negative error value.
1407	**/
1408	int
1409	gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
1410	unsigned int flags,
1411	unsigned char *output_data,
1412	size_t * output_data_size)
1413	{
1414	int ret;
1415
1416	if (key == NULL((void*)0))
1417	{
1418	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1418); } while(0);;
1419	return GNUTLS_E_INVALID_REQUEST-50;
1420	}
1421
1422	ret = _gnutls_get_key_id(key->pk_algorithm, &key->params, output_data, output_data_size);
1423	if (ret < 0)
1424	{
1425	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1425); } while(0);;
1426	}
1427
1428	return ret;
1429	}
1430
1431
1432	#ifdef ENABLE_PKI1
1433	/*-
1434	* _gnutls_x509_privkey_sign_hash2:
1435	* @signer: Holds the signer's key
1436	* @hash_algo: The hash algorithm used
1437	* @hash_data: holds the data to be signed
1438	* @signature: will contain newly allocated signature
1439	* @flags: (0) for now
1440	*
1441	* This function will sign the given hashed data using a signature algorithm
1442	* supported by the private key. Signature algorithms are always used
1443	* together with a hash functions. Different hash functions may be
1444	* used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256
1445	* for the DSA keys, depending on their bit size.
1446	*
1447	* Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
1448	* the hash algorithm.
1449	*
1450	* The RSA algorithm is used in PKCS #1 v1.5 mode.
1451	*
1452	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1453	* negative error value.
1454	-*/
1455	static int
1456	_gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
1457	gnutls_digest_algorithm_t hash_algo,
1458	unsigned int flags,
1459	const gnutls_datum_t * hash_data,
1460	gnutls_datum_t * signature)
1461	{
1462	int ret;
1463	gnutls_datum_t digest;
1464
1465	digest.data = gnutls_malloc (hash_data->size);
1466	if (digest.data == NULL((void*)0))
1467	{
1468	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1468); } while(0);;
1469	return GNUTLS_E_MEMORY_ERROR-25;
1470	}
1471	digest.size = hash_data->size;
1472	memcpy (digest.data, hash_data->data, digest.size);
1473
1474	ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
1475	if (ret < 0)
1476	{
1477	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1477); } while(0);;
1478	goto cleanup;
1479	}
1480
1481	ret = _gnutls_soft_sign (signer->pk_algorithm, &signer->params,
1482	&digest, signature);
1483
1484	if (ret < 0)
1485	{
1486	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1486); } while(0);;
1487	goto cleanup;
1488	}
1489
1490	ret = 0;
1491
1492	cleanup:
1493	_gnutls_free_datum (&digest)_gnutls_free_datum_m(&digest, gnutls_free);
1494	return ret;
1495	}
1496
1497	/**
1498	* gnutls_x509_privkey_sign_hash:
1499	* @key: Holds the key
1500	* @hash: holds the data to be signed
1501	* @signature: will contain newly allocated signature
1502	*
1503	* This function will sign the given hash using the private key. Do not
1504	* use this function directly unless you know what it is. Typical signing
1505	* requires the data to be hashed and stored in special formats
1506	* (e.g. BER Digest-Info for RSA).
1507	*
1508	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1509	* negative error value.
1510	*
1511	* Deprecated in: 2.12.0
1512	*/
1513	int
1514	gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
1515	const gnutls_datum_t * hash,
1516	gnutls_datum_t * signature)
1517	{
1518	int result;
1519
1520	if (key == NULL((void*)0))
1521	{
1522	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1522); } while(0);;
1523	return GNUTLS_E_INVALID_REQUEST-50;
1524	}
1525
1526	result = _gnutls_soft_sign (key->pk_algorithm, &key->params,
1527	hash, signature);
1528	if (result < 0)
1529	{
1530	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1530); } while(0);;
1531	return result;
1532	}
1533
1534	return 0;
1535	}
1536
1537	/**
1538	* gnutls_x509_privkey_sign_data:
1539	* @key: Holds the key
1540	* @digest: should be MD5 or SHA1
1541	* @flags: should be 0 for now
1542	* @data: holds the data to be signed
1543	* @signature: will contain the signature
1544	* @signature_size: holds the size of signature (and will be replaced
1545	* by the new size)
1546	*
1547	* This function will sign the given data using a signature algorithm
1548	* supported by the private key. Signature algorithms are always used
1549	* together with a hash functions. Different hash functions may be
1550	* used for the RSA algorithm, but only SHA-1 for the DSA keys.
1551	*
1552	* If the buffer provided is not long enough to hold the output, then
1553	* *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
1554	* be returned.
1555	*
1556	* Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
1557	* the hash algorithm.
1558	*
1559	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1560	* negative error value.
1561	*
1562	* Deprecated: Use gnutls_privkey_sign_data().
1563	*/
1564	int
1565	gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
1566	gnutls_digest_algorithm_t digest,
1567	unsigned int flags,
1568	const gnutls_datum_t * data,
1569	void signature, size_t signature_size)
1570	{
1571	int result;
1572	gnutls_datum_t sig = { NULL((void*)0), 0 };
1573	gnutls_datum_t hash;
1574
1575	if (key == NULL((void*)0))
1576	{
1577	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1577); } while(0);;
1578	return GNUTLS_E_INVALID_REQUEST-50;
1579	}
1580
1581	result =
1582	pk_hash_data (key->pk_algorithm, digest, &key->params, data, &hash);
1583	if (result < 0)
1584	{
1585	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1585); } while(0);;
1586	return result;
1587	}
1588
1589	result =
1590	_gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, signature);
1591
1592	_gnutls_free_datum(&hash)_gnutls_free_datum_m(&hash, gnutls_free);
1593
1594	if (result < 0)
1595	{
1596	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1596); } while(0);;
1597	return result;
1598	}
1599
1600	if (*signature_size < sig.size)
1601	{
1602	*signature_size = sig.size;
1603	_gnutls_free_datum (&sig)_gnutls_free_datum_m(&sig, gnutls_free);
1604	return GNUTLS_E_SHORT_MEMORY_BUFFER-51;
1605	}
1606
1607	*signature_size = sig.size;
1608	memcpy (signature, sig.data, sig.size);
1609
1610	_gnutls_free_datum (&sig)_gnutls_free_datum_m(&sig, gnutls_free);
1611
1612	return 0;
1613	}
1614
1615
1616	/**
1617	* gnutls_x509_privkey_fix:
1618	* @key: Holds the key
1619	*
1620	* This function will recalculate the secondary parameters in a key.
1621	* In RSA keys, this can be the coefficient and exponent1,2.
1622	*
1623	* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1624	* negative error value.
1625	**/
1626	int
1627	gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
1628	{
1629	int ret;
1630
1631	if (key == NULL((void*)0))
1632	{
1633	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1633); } while(0);;
1634	return GNUTLS_E_INVALID_REQUEST-50;
1635	}
1636
1637	asn1_delete_structure (&key->key);
1638
1639	ret = _gnutls_asn1_encode_privkey (key->pk_algorithm, &key->key, &key->params);
1640	if (ret < 0)
1641	{
1642	gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "privkey.c",1642); } while(0);;
1643	return ret;
1644	}
1645
1646	return 0;
1647	}
1648
1649	#endif