site: Move declaration/initialisation of `hash'

[secnet.git] / secnet.h

diff --git a/secnet.h b/secnet.h
index 0d5b8396d9abf95e63c6a8f56c6d12b5c88ae3b8..30a171d4da262160443b9029c1c137fe8f69e027 100644 (file)
--- a/secnet.h
+++ b/secnet.h
@@ -412,14 +412,14 @@ typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
 typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo,
                                  struct buffer_if *privkeydata,
                                  struct sigprivkey_if **sigpriv_r,
-                                 struct log_if *log);
-  /* privkeydata may contain data for any algorithm, not necessarily
-   * this one!  If it is not for this algorithm, return False and do
-   * not log anything (other than at M_DEBUG).  If it *is* for this
-   * algorithm but is wrong, log at M_ERROR.
-   * On entry privkeydata->base==start.  loadpriv may modify base and
-   * size, but not anything else.  So it may use unprepend and
-   * unappend. */
+                                 struct log_if *log, struct cloc loc);
+  /* Ideally, check whether privkeydata contains data for any algorithm.
+   * That avoids security problems if a key file is misidentified (which
+   * might happen if the file is simply renamed).
+   * If there is an error (including that the key data is not for this
+   * algorithm, return False and log an error at M_ERROR.
+   * On entry privkeydata->base==start.  loadpriv may modify
+   * privkeydata, including the contents. */
 
 struct sigscheme_info {
     const char *name;
@@ -433,6 +433,9 @@ extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */
 
 const struct sigscheme_info *sigscheme_lookup(const char *name);
 
+extern sigscheme_loadpriv rsa1_loadpriv;
+extern sigscheme_loadpub  rsa1_loadpub;
+
 /***** END of signature schemes *****/
 
 /***** CLOSURE TYPES and interface definitions *****/