The macro gnutls_check_version_numeric, used in
b974ed3c, wasn't added until GnuTLS 3.5.0
(and was in fact based on the gtls_ver macro from openconnect)
Signed-off-by: Daniel Lenski <dlenski@gmail.com>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

In preparation for potentially implementing a version using ibmtss.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

If R or S have the top bit set, we need to prepend a zero byte to prevent
them from being interpreted as negative.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Various caveats, including the complete lack of authentication, lack
of EC and policy support, hard-coded use of PKCS#1 padding, etc.

But hey, it works for my test case.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

This doesn't do anything useful at all yet. It would be nice if the two
available OpenSSL engines were actually compatible.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Intel guidelines now recommend that this is omitted.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

This patch just play with space and tabs, so
	git diff -w
does not report anything.
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Current code mixes "defined()" and "defined ()"
Use Linux kernel choice so I can reuse kernel checkpatch.
sed -i 's/defined (/defined(/g'
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

We can move the algo calculation into a verify_signed_data() function. This
would have been a cleaner way to do it in the first place anyway.
Reported-by: Mike Miller <mtmiller@ieee.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Unfortunately, gnutls_pubkey_verify_data() is deprecated. Which is a pain;
the 'threat model' that led to that deprecation doesn't apply here, and it
just means we have to jump through hoops to find the 'intended' algorithm
instead of letting it be inferred from the signature.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Slightly reduce the #ifdef hell in gnutls.c
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>