diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-20 12:41:47 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-21 16:19:00 +0200 |
commit | 4448c8eb774eaa1d333b895915533ca1ba61ec86 (patch) | |
tree | 2afa4aada34257d8f9d71304fa1cafda7b0b9f85 /lib/includes | |
parent | 392f2c48efba8a4f00848a8a32342a6330889db5 (diff) | |
download | gnutls-4448c8eb774eaa1d333b895915533ca1ba61ec86.tar.gz |
gnutls_sign_is_secure2: introduced
This function exports the ability to check the validity of
a signature algorithm for signing certificates.
That also introduces the flag GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
which when specified will cause the function to return whether
the algorithm is secure for signing certificates.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/includes')
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 9bc89ca420..6c1012f175 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1010,7 +1010,14 @@ size_t size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__; -int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; +unsigned gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__; + +/* It is possible that a signature algorithm is ok to use for short-lived + * data (e.g., to sign a TLS session), but not for data that are long-lived + * like certificates. This flag is about checking the security of the algorithm + * for long-lived data. */ +#define GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS 1 +unsigned gnutls_sign_is_secure2(gnutls_sign_algorithm_t algorithm, unsigned int flags) __GNUTLS_CONST__; gnutls_digest_algorithm_t gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__; |