diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-30 16:53:14 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-31 14:50:22 +0200 |
commit | 2d8b8e1026abee7ee0767e5df44520a5e5a06891 (patch) | |
tree | 69e1cb4c055a87b23b83c3baafc582ed8807b3f4 | |
parent | 43c62273361f94cf1b63f41913ac15f24616e1ee (diff) | |
download | gnutls-2d8b8e1026abee7ee0767e5df44520a5e5a06891.tar.gz |
gnutls_x509_privkey_sign_data: wrap over gnutls_privkey_sign_data()
That will allow this function to operate with the new key types.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/x509/privkey.c | 114 |
1 files changed, 28 insertions, 86 deletions
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 48fb5c9e6c..aa6577bd9b 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1930,68 +1930,6 @@ gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, } -/*- - * _gnutls_x509_privkey_sign_hash2: - * @signer: Holds the signer's key - * @hash_algo: The hash algorithm used - * @hash_data: holds the data to be signed - * @signature: will contain newly allocated signature - * @flags: (0) for now - * - * This function will sign the given hashed data using a signature algorithm - * supported by the private key. Signature algorithms are always used - * together with a hash functions. Different hash functions may be - * used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256 - * for the DSA keys, depending on their bit size. - * - * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine - * the hash algorithm. - * - * The RSA algorithm is used in PKCS #1 v1.5 mode. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a - * negative error value. - -*/ -static int -_gnutls_x509_privkey_sign_hash2(gnutls_x509_privkey_t signer, - const mac_entry_st * me, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature) -{ - int ret; - gnutls_datum_t digest; - - digest.data = gnutls_malloc(hash_data->size); - if (digest.data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - digest.size = hash_data->size; - memcpy(digest.data, hash_data->data, digest.size); - - ret = pk_prepare_hash(signer->pk_algorithm, me, &digest); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = - _gnutls_pk_sign(signer->pk_algorithm, signature, &digest, - &signer->params, &signer->params.sign); - - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - ret = 0; - - cleanup: - _gnutls_free_datum(&digest); - return ret; -} - /** * gnutls_x509_privkey_sign_hash: * @key: a key @@ -2003,6 +1941,10 @@ _gnutls_x509_privkey_sign_hash2(gnutls_x509_privkey_t signer, * requires the data to be hashed and stored in special formats * (e.g. BER Digest-Info for RSA). * + * This API is provided only for backwards compatibility, and thus + * restricted to RSA, DSA and ECDSA key types. For other key types please + * use gnutls_privkey_sign_hash() and gnutls_privkey_sign_data(). + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -2020,6 +1962,13 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } + if (key->pk_algorithm != GNUTLS_PK_RSA && key->pk_algorithm != GNUTLS_PK_ECDSA && + key->pk_algorithm != GNUTLS_PK_DSA) { + /* too primitive API - use only with legacy types */ + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + result = _gnutls_pk_sign(key->pk_algorithm, signature, hash, &key->params, &key->params.sign); @@ -2064,48 +2013,41 @@ gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, const gnutls_datum_t * data, void *signature, size_t * signature_size) { - int result; - gnutls_datum_t sig = { NULL, 0 }; - gnutls_datum_t hash; - const mac_entry_st *me = hash_to_entry(digest); + gnutls_privkey_t privkey; + gnutls_datum_t sig = {NULL, 0}; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + ret = gnutls_privkey_init(&privkey); + if (ret < 0) + return gnutls_assert_val(ret); - result = - pk_hash_data(key->pk_algorithm, me, &key->params, data, &hash); - if (result < 0) { + ret = gnutls_privkey_import_x509(privkey, key, 0); + if (ret < 0) { gnutls_assert(); - return result; + goto cleanup; } - result = - _gnutls_x509_privkey_sign_hash2(key, me, flags, &hash, &sig); - - _gnutls_free_datum(&hash); - - if (result < 0) { + ret = gnutls_privkey_sign_data(privkey, digest, flags, data, &sig); + if (ret < 0) { gnutls_assert(); - return result; + goto cleanup; } if (*signature_size < sig.size) { *signature_size = sig.size; - _gnutls_free_datum(&sig); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } *signature_size = sig.size; memcpy(signature, sig.data, sig.size); +cleanup: _gnutls_free_datum(&sig); - - return 0; + gnutls_privkey_deinit(privkey); + return ret; } - /** * gnutls_x509_privkey_fix: * @key: a key |