X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=secnet.h;h=30a171d4da262160443b9029c1c137fe8f69e027;hb=ababc84b5d767f7b333a0487d9873f4817ed5cb8;hp=7c650a9459f54e9ef2d0684fc1a4cad6911b6509;hpb=20c35278822db437d832e47166c5936a93e891fd;p=secnet.git

diff --git a/secnet.h b/secnet.h
index 7c650a9..30a171d 100644
--- a/secnet.h
+++ b/secnet.h
@@ -404,7 +404,7 @@ struct sigscheme_info;
 typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
 				 struct buffer_if *pubkeydata,
 				 struct sigpubkey_if **sigpub_r,
-				 struct log_if *log);
+				 struct log_if *log, struct cloc loc);
   /* pubkeydata is (supposedly) for this algorithm.
    * loadpub should log an error if it fails.
    * pubkeydata may be modified (but not freed) */
@@ -412,14 +412,14 @@ typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo,
 typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo,
 				  struct buffer_if *privkeydata,
 				  struct sigprivkey_if **sigpriv_r,
-				  struct log_if *log);
-  /* privkeydata may contain data for any algorithm, not necessarily
-   * this one!  If it is not for this algorithm, return False and do
-   * not log anything (other than at M_DEBUG).  If it *is* for this
-   * algorithm but is wrong, log at M_ERROR.
-   * On entry privkeydata->base==start.  loadpriv may modify base and
-   * size, but not anything else.  So it may use unprepend and
-   * unappend. */
+				  struct log_if *log, struct cloc loc);
+  /* Ideally, check whether privkeydata contains data for any algorithm.
+   * That avoids security problems if a key file is misidentified (which
+   * might happen if the file is simply renamed).
+   * If there is an error (including that the key data is not for this
+   * algorithm, return False and log an error at M_ERROR.
+   * On entry privkeydata->base==start.  loadpriv may modify
+   * privkeydata, including the contents. */
 
 struct sigscheme_info {
     const char *name;
@@ -433,6 +433,9 @@ extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */
 
 const struct sigscheme_info *sigscheme_lookup(const char *name);
 
+extern sigscheme_loadpriv rsa1_loadpriv;
+extern sigscheme_loadpub  rsa1_loadpub;
+
 /***** END of signature schemes *****/
 
 /***** CLOSURE TYPES and interface definitions *****/