diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 09:13:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 11:08:51 +0200 |
commit | b010143e5e85664f999819f913021980f39fe474 (patch) | |
tree | b6429f46d0f4cae7aada41e45c44e50be746b21c | |
parent | 68fc06c0a963fe1cd3e907dec1e2571c457f953a (diff) | |
download | gnutls-b010143e5e85664f999819f913021980f39fe474.tar.gz |
certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata type
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | src/certtool.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/src/certtool.c b/src/certtool.c index 3cddc3dd6f..ffd51e76cd 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -137,6 +137,7 @@ generate_private_key_int(common_info_st * cinfo) unsigned flags = 0; gnutls_keygen_data_st kdata[8]; unsigned kdata_size = 0; + gnutls_x509_spki_t spki; key_type = req_key_type; @@ -190,9 +191,14 @@ generate_private_key_int(common_info_st * cinfo) } } + ret = gnutls_x509_spki_init(&spki); + if (ret < 0) { + fprintf(stderr, "error in SPKI initialization: %s\n", gnutls_strerror(ret)); + app_exit(1); + } + if (HAVE_OPT(SALT_SIZE)) { - kdata[kdata_size].type = GNUTLS_KEYGEN_RSA_PSS_SALT_SIZE; - kdata[kdata_size++].size = OPT_VALUE_SALT_SIZE; + gnutls_x509_spki_set_salt_size(spki, OPT_VALUE_SALT_SIZE); } if (cinfo->seed_size > 0) { @@ -214,11 +220,18 @@ generate_private_key_int(common_info_st * cinfo) } if (default_dig) { - kdata[kdata_size].type = GNUTLS_KEYGEN_RSA_PSS_DIGEST; - kdata[kdata_size++].size = default_dig; + gnutls_x509_spki_set_digest_algorithm(spki, default_dig); } + if (default_dig || HAVE_OPT(SALT_SIZE)) { + gnutls_x509_spki_set_pk_algorithm(spki, key_type); + + kdata[kdata_size].type = GNUTLS_KEYGEN_SPKI; + kdata[kdata_size].data = (void*)spki; + kdata[kdata_size++].size = sizeof(spki); + } + if (provable) flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE; @@ -229,6 +242,8 @@ generate_private_key_int(common_info_st * cinfo) app_exit(1); } + gnutls_x509_spki_deinit(spki); + ret = gnutls_x509_privkey_verify_params(key); if (ret < 0) { fprintf(stderr, "privkey_verify_params: %s\n", |