_gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

2 files changed, 5 insertions, 1 deletions

diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index c4eb8f8418..8adb5e4941 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -233,6 +233,7 @@ int gnutls_x509_crt_get_signature_oid(gnutls_x509_crt_t cert, char *oid, size_t
  * gnutls_keyid_flags_t:
  * @GNUTLS_KEYID_USE_SHA1: Use SHA1 as the key ID algorithm (default).
  * @GNUTLS_KEYID_USE_SHA256: Use SHA256 as the key ID algorithm.
+ * @GNUTLS_KEYID_USE_SHA512: Use SHA512 as the key ID algorithm.
  * @GNUTLS_KEYID_USE_BEST_KNOWN: Use the best known algorithm to calculate key ID. Using that option will make your program behavior depend on the version of gnutls linked with. That option has a cap of 64-bytes key IDs.
  *
  * Enumeration of different flags for the key ID functions.
@@ -241,6 +242,7 @@ int gnutls_x509_crt_get_signature_oid(gnutls_x509_crt_t cert, char *oid, size_t
 typedef enum {
 	GNUTLS_KEYID_USE_SHA1 = 0,
 	GNUTLS_KEYID_USE_SHA256 = (1<<0),
+	GNUTLS_KEYID_USE_SHA512 = (1<<1),
 	GNUTLS_KEYID_USE_BEST_KNOWN = (1<<30)
 } gnutls_keyid_flags_t;
 int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt,
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index a383a47821..1e31a085d0 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2952,7 +2952,9 @@ _gnutls_get_key_id(gnutls_pk_params_st * params,
 	gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
 	unsigned int digest_len;
 
-	if ((flags & GNUTLS_KEYID_USE_SHA256) || (flags & GNUTLS_KEYID_USE_BEST_KNOWN))
+	if ((flags & GNUTLS_KEYID_USE_SHA512) || (flags & GNUTLS_KEYID_USE_BEST_KNOWN))
+		hash = GNUTLS_DIG_SHA512;
+	else if (flags & GNUTLS_KEYID_USE_SHA256)
 		hash = GNUTLS_DIG_SHA256;
 
 	digest_len =