diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-31 16:52:13 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-03 19:55:02 +0200 |
| commit | 24a416ea2014cf26cf0d0082a456184d33b49cc1 (patch) | |
| tree | bd3fce3bb3b47748ae5e18a14eed871fdd0c785b | |
| parent | 5eeabed81dbfe7a2e4089e612db5c61e60edeb91 (diff) | |
| download | gnutls-24a416ea2014cf26cf0d0082a456184d33b49cc1.tar.gz | |
Added gnutls_x509_crq_get_preferred_hash_algorithm().
| -rw-r--r-- | doc/examples/ex-crq.c | 6 | ||||
| -rw-r--r-- | lib/includes/gnutls/x509.h | 3 | ||||
| -rw-r--r-- | lib/libgnutls.map | 1 | ||||
| -rw-r--r-- | lib/x509/crq.c | 65 |
4 files changed, 72 insertions, 3 deletions
diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c index 9d40e90772..f36aece99a 100644 --- a/doc/examples/ex-crq.c +++ b/doc/examples/ex-crq.c @@ -22,6 +22,7 @@ main (void) gnutls_x509_privkey_t key; unsigned char buffer[10 * 1024]; size_t buffer_size = sizeof (buffer); + unsigned int bits; gnutls_global_init (); @@ -32,9 +33,10 @@ main (void) gnutls_x509_privkey_init (&key); - /* Generate a 1024 bit RSA private key. + /* Generate an RSA key of moderate security. */ - gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, 1024, 0); + bits = gnutls_sec_param_to_pk_bits( GNUTLS_PK_RSA, GNUTLS_SEC_PARAM_NORMAL); + gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, bits, 0); /* Add stuff to the distinguished name */ diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index b605870a0a..004177087a 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -741,6 +741,9 @@ extern "C" int gnutls_x509_crq_import (gnutls_x509_crq_t crq, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); + int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, + gnutls_digest_algorithm_t * hash); + int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf); int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx, diff --git a/lib/libgnutls.map b/lib/libgnutls.map index bd71a9125a..527c618912 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -679,6 +679,7 @@ GNUTLS_2_11 gnutls_sec_param_get_name; gnutls_pk_bits_to_sec_param; gnutls_rnd; + gnutls_x509_crq_get_preferred_hash_algorithm; } GNUTLS_2_10; GNUTLS_PRIVATE { diff --git a/lib/x509/crq.c b/lib/x509/crq.c index e18578f99b..604d0e48c1 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -999,6 +999,10 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, * This must be the last step in a certificate request generation * since all the previously set parameters are now signed. * + * Use gnutls_x509_crq_get_preferred_hash_algorithm() to obtain + * the digest algorithm to use with the specified public key + * algorithm. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. * %GNUTLS_E_ASN1_VALUE_NOT_FOUND is returned if you didn't set all * information in the certificate request (e.g., the version using @@ -1061,7 +1065,16 @@ fail: int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) { - return gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0); +gnutls_digest_algorithm_t dig; +int ret = gnutls_x509_crq_get_preferred_hash_algorithm (crq, &dig); + + if (ret < 0) + { + gnutls_assert(); + return ret; + } + + return gnutls_x509_crq_sign2 (crq, key, dig, 0); } /** @@ -2264,6 +2277,56 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, return 0; } +/** + * gnutls_x509_crq_get_preferred_hash_algorithm: + * @crq: Holds the certificate + * @hash: The result of the call with the hash algorithm used for signature + * + * This function will read the certifcate and return the appropriate digest + * algorithm to use for signing with this certificate. Some certificates (i.e. + * DSA might not be able to sign without the preferred algorithm). + * + * Returns: the 0 if the hash algorithm is found. A negative value is + * returned on error. + * + * Since: 2.11.0 + **/ +int +gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, + gnutls_digest_algorithm_t * hash) +{ + bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; + int params_size; + int ret, i; + + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + params_size = MAX_PUBLIC_PARAMS_SIZE; + ret = _gnutls_x509_crq_get_mpis (crq, params, ¶ms_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash, + NULL, gnutls_x509_crq_get_pk_algorithm (crq, NULL), + params, params_size); + + /* release allocated mpis */ + for (i = 0; i < params_size; i++) + { + _gnutls_mpi_release (¶ms[i]); + } + + return ret; +} + + static int rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk, unsigned char *output_data, size_t * output_data_size) |