diff options
| -rw-r--r-- | lib/includes/gnutls/x509.h | 29 | ||||
| -rw-r--r-- | lib/libgnutls.map | 10 | ||||
| -rw-r--r-- | lib/x509/crq.c | 76 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 46 | ||||
| -rw-r--r-- | lib/x509/x509.c | 76 | ||||
| -rw-r--r-- | lib/x509/x509_write.c | 8 | ||||
| -rw-r--r-- | src/certtool-common.c | 17 | ||||
| -rw-r--r-- | src/certtool.c | 2 |
8 files changed, 130 insertions, 134 deletions
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index b67e7c0271..fd8c68cdc9 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -429,12 +429,11 @@ void gnutls_x509_spki_set_salt_size(gnutls_x509_spki_t spki, int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, unsigned int *bits); -int gnutls_x509_crt_set_pk_algorithm(gnutls_x509_crt_t crt, - gnutls_x509_spki_t spki, - unsigned int flags); -int gnutls_x509_crt_get_pk_algorithm2(gnutls_x509_crt_t cert, - gnutls_x509_spki_t spki, - unsigned int *bits); +int gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt, const gnutls_x509_spki_t spki, + unsigned int flags); +int gnutls_x509_crt_get_spki(gnutls_x509_crt_t cert, gnutls_x509_spki_t spki, + unsigned int flags); + int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, gnutls_datum_t * m, gnutls_datum_t * e); int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, @@ -1187,9 +1186,10 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key, unsigned int *bits); -int gnutls_x509_privkey_get_pk_algorithm3(gnutls_x509_privkey_t key, - gnutls_x509_spki_t spki, - unsigned int *bits); +int gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t key, + gnutls_x509_spki_t spki, + unsigned int flags); + int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, unsigned int flags, unsigned char *output_data, @@ -1414,12 +1414,11 @@ int gnutls_x509_crq_get_attribute_info(gnutls_x509_crq_t crq, size_t * sizeof_oid); int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, unsigned int *bits); -int gnutls_x509_crq_get_pk_algorithm2(gnutls_x509_crq_t crq, - gnutls_x509_spki_t spki, - unsigned int *bits); -int gnutls_x509_crq_set_pk_algorithm(gnutls_x509_crq_t crq, - gnutls_x509_spki_t spki, - unsigned int flags); +int gnutls_x509_crq_get_spki(gnutls_x509_crq_t crq, gnutls_x509_spki_t spki, + unsigned int flags); + +int gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq, const gnutls_x509_spki_t spki, + unsigned int flags); int gnutls_x509_crq_get_signature_oid(gnutls_x509_crq_t crq, char *oid, size_t *oid_size); int gnutls_x509_crq_get_pk_oid(gnutls_x509_crq_t crq, char *oid, size_t *oid_size); diff --git a/lib/libgnutls.map b/lib/libgnutls.map index aed995e2be..f594e1189a 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1156,11 +1156,11 @@ GNUTLS_3_4 gnutls_x509_spki_set_digest_algorithm; gnutls_x509_spki_get_salt_size; gnutls_x509_spki_set_salt_size; - gnutls_x509_crt_get_pk_algorithm2; - gnutls_x509_crt_set_pk_algorithm; - gnutls_x509_crq_get_pk_algorithm2; - gnutls_x509_crq_set_pk_algorithm; - gnutls_x509_privkey_get_pk_algorithm3; + gnutls_x509_crt_get_spki; + gnutls_x509_crt_set_spki; + gnutls_x509_crq_get_spki; + gnutls_x509_crq_set_spki; + gnutls_x509_privkey_get_spki; gnutls_sign_supports_pk_algorithm; gnutls_privkey_sign_hash2; gnutls_privkey_sign_data2; diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 8fa172ac14..1bbab4e3ea 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -1280,65 +1280,61 @@ gnutls_x509_crq_export2(gnutls_x509_crq_t crq, int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, unsigned int *bits) { - return gnutls_x509_crq_get_pk_algorithm2(crq, NULL, bits); + int result; + + if (crq == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + result = _gnutls_x509_get_pk_algorithm + (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, bits); + if (result < 0) { + gnutls_assert(); + return result; + } + + return result; } /** - * gnutls_x509_crq_get_pk_algorithm2: + * gnutls_x509_crq_get_spki; * @crq: should contain a #gnutls_x509_crq_t type * @spki: a SubjectPublicKeyInfo structure of type #gnutls_x509_spki_t - * @bits: if bits is non-%NULL it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of a PKCS#10 - * certificate request. - * - * If @spki is non null, it should have enough size to hold the - * parameters. + * @flags: must be zero * - * If @bits is non-%NULL, it should have enough size to hold the - * parameters size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public exponent. + * This function will return the public key information of a PKCS#10 + * certificate request. The provided @spki must be initialized. * - * Returns: a member of the #gnutls_pk_algorithm_t enumeration on - * success, or a negative error code on error. + * Returns: Zero on success, or a negative error code on error. **/ int -gnutls_x509_crq_get_pk_algorithm2(gnutls_x509_crq_t crq, - gnutls_x509_spki_t spki, - unsigned int *bits) +gnutls_x509_crq_get_spki(gnutls_x509_crq_t crq, + gnutls_x509_spki_t spki, + unsigned int flags) { int result; + gnutls_x509_spki_st params; if (crq == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_get_pk_algorithm - (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, bits); + memset(¶ms, 0, sizeof(params)); + + spki->pk = gnutls_x509_crq_get_pk_algorithm(crq, NULL); + + result = _gnutls_x509_crq_read_spki_params(crq, ¶ms); if (result < 0) { gnutls_assert(); return result; } - if (spki) { - gnutls_x509_spki_st params; + spki->rsa_pss_dig = params.rsa_pss_dig; + spki->salt_size = params.salt_size; - spki->pk = result; - - result = _gnutls_x509_crq_read_spki_params(crq, ¶ms); - if (result < 0) { - gnutls_assert(); - return result; - } - - spki->rsa_pss_dig = params.rsa_pss_dig; - spki->salt_size = params.salt_size; - - return spki->pk; - } - - return result; + return 0; } /** @@ -3198,7 +3194,7 @@ gnutls_x509_crq_set_extension_by_oid(gnutls_x509_crq_t crq, } /** - * gnutls_x509_crq_set_pk_algorithm: + * gnutls_x509_crq_set_spki: * @crq: a certificate request of type #gnutls_x509_crq_t * @spki: a SubjectPublicKeyInfo structure of type #gnutls_x509_spki_t * @flags: must be zero @@ -3217,9 +3213,9 @@ gnutls_x509_crq_set_extension_by_oid(gnutls_x509_crq_t crq, * Since: 3.6.0 **/ int -gnutls_x509_crq_set_pk_algorithm(gnutls_x509_crq_t crq, - gnutls_x509_spki_t spki, - unsigned int flags) +gnutls_x509_crq_set_spki(gnutls_x509_crq_t crq, + const gnutls_x509_spki_t spki, + unsigned int flags) { int result; gnutls_pk_algorithm_t crq_pk; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9c62b551eb..0ae924338a 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1231,45 +1231,45 @@ int gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key, unsigned int *bits) { - return gnutls_x509_privkey_get_pk_algorithm3(key, NULL, bits); + int ret; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (bits) { + ret = pubkey_to_bits(key->pk_algorithm, &key->params); + if (ret < 0) + ret = 0; + *bits = ret; + } + + return key->pk_algorithm; } /** - * gnutls_x509_privkey_get_pk_algorithm3: + * gnutls_x509_privkey_get_spki: * @key: should contain a #gnutls_x509_privkey_t type * @spki: a SubjectPublicKeyInfo structure of type #gnutls_x509_spki_t - * @bits: The number of bits in the public key algorithm + * @flags: must be zero * - * This function will return the public key algorithm of a private - * key. + * This function will return the public key information of a private + * key. The provided @spki must be initialized. * - * Returns: a member of the #gnutls_pk_algorithm_t enumeration on - * success, or a negative error code on error. + * Returns: Zero on success, or a negative error code on error. **/ int -gnutls_x509_privkey_get_pk_algorithm3(gnutls_x509_privkey_t key, - gnutls_x509_spki_t spki, - unsigned int *bits) +gnutls_x509_privkey_get_spki(gnutls_x509_privkey_t key, gnutls_x509_spki_t spki, unsigned int flags) { - int ret; - if (key == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - if (spki) { - memcpy(spki, &key->params.spki, sizeof (gnutls_x509_spki_st)); - } - - if (bits) { - ret = pubkey_to_bits(key->pk_algorithm, &key->params); - if (ret < 0) - ret = 0; - *bits = ret; - } + memcpy(spki, &key->params.spki, sizeof (gnutls_x509_spki_st)); - return key->pk_algorithm; + return 0; } static const char *set_msg(gnutls_x509_privkey_t key) diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 073e7fcdbb..a80e29ebe7 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1548,37 +1548,6 @@ int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, unsigned int *bits) { - return gnutls_x509_crt_get_pk_algorithm2(cert, NULL, bits); -} - -/** - * gnutls_x509_crt_get_pk_algorithm2: - * @cert: a certificate of type #gnutls_x509_crt_t - * @spki: a SubjectPublicKeyInfo structure of type #gnutls_x509_spki_t - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an X.509 - * certificate. - * - * If @spki is non null, it should have enough size to hold the - * parameters. - * - * If @bits is non null, it should have enough size to hold the - * parameters size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public exponent. - * - * Unknown/unsupported algorithms are mapped to %GNUTLS_PK_UNKNOWN. - * - * Returns: a member of the #gnutls_pk_algorithm_t enumeration on - * success, or a negative error code on error. - * - * Since: 3.6.0 - **/ -int -gnutls_x509_crt_get_pk_algorithm2(gnutls_x509_crt_t cert, - gnutls_x509_spki_t spki, - unsigned int *bits) -{ int result; if (cert == NULL) { @@ -1600,24 +1569,45 @@ gnutls_x509_crt_get_pk_algorithm2(gnutls_x509_crt_t cert, return result; } - if (spki) { - gnutls_x509_spki_st params; + return result; +} + +/** + * gnutls_x509_crt_get_spki: + * @cert: a certificate of type #gnutls_x509_crt_t + * @spki: a SubjectPublicKeyInfo structure of type #gnutls_x509_spki_t + * @flags: must be zero + * + * This function will return the public key information of an X.509 + * certificate. The provided @spki must be initialized. + * + * Since: 3.6.0 + **/ +int +gnutls_x509_crt_get_spki(gnutls_x509_crt_t cert, gnutls_x509_spki_t spki, unsigned int flags) +{ + int result; + gnutls_x509_spki_st params; - spki->pk = result; + if (cert == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_crt_read_spki_params(cert, ¶ms); - if (result < 0) { - gnutls_assert(); - return result; - } + spki->pk = gnutls_x509_crt_get_pk_algorithm(cert, NULL); - spki->rsa_pss_dig = params.rsa_pss_dig; - spki->salt_size = params.salt_size; + memset(¶ms, 0, sizeof(params)); - return spki->pk; + result = _gnutls_x509_crt_read_spki_params(cert, ¶ms); + if (result < 0) { + gnutls_assert(); + return result; } - return result; + spki->rsa_pss_dig = params.rsa_pss_dig; + spki->salt_size = params.salt_size; + + return 0; } /* returns the type and the name on success. diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index cd72204b7b..e228d98f23 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1991,7 +1991,7 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, } /** - * gnutls_x509_crt_set_pk_algorithm: + * gnutls_x509_crt_set_spki: * @crt: a certificate of type #gnutls_x509_crt_t * @spki: a SubjectPublicKeyInfo structure of type #gnutls_x509_spki_t * @flags: must be zero @@ -2010,9 +2010,9 @@ gnutls_x509_crt_set_policy(gnutls_x509_crt_t crt, * Since: 3.6.0 **/ int -gnutls_x509_crt_set_pk_algorithm(gnutls_x509_crt_t crt, - gnutls_x509_spki_t spki, - unsigned int flags) +gnutls_x509_crt_set_spki(gnutls_x509_crt_t crt, + const gnutls_x509_spki_t spki, + unsigned int flags) { int result; gnutls_pk_algorithm_t crt_pk; diff --git a/src/certtool-common.c b/src/certtool-common.c index 6ab2238429..8691fcfe88 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -1128,15 +1128,23 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo, ret = gnutls_x509_spki_init(&spki); if (ret < 0) { fprintf(stderr, "spki_init: %s\n", gnutls_strerror(ret)); + return; } - ret = gnutls_x509_privkey_get_pk_algorithm3(key, spki, &bits); + fprintf(outfile, "\tPublic Key Algorithm: "); - key_type = ret; + key_type = gnutls_x509_privkey_get_pk_algorithm2(key, &bits); cprint = gnutls_pk_algorithm_get_name(key_type); fprintf(outfile, "%s\n", cprint ? cprint : "Unknown"); - if (spki && key_type == GNUTLS_PK_RSA_PSS) { + + if (key_type == GNUTLS_PK_RSA_PSS) { + ret = gnutls_x509_privkey_get_spki(key, spki, 0); + if (ret < 0) { + fprintf(stderr, "spki_get: %s\n", gnutls_strerror(ret)); + goto spki_skip; + } + ret = gnutls_x509_spki_get_digest_algorithm(spki); if (ret < 0) { fprintf(stderr, "spki_get_digest_algorithm: %s\n", @@ -1145,6 +1153,7 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo, fprintf(outfile, "\t\tHash Algorithm: %s\n", gnutls_digest_get_name(ret)); } + ret = gnutls_x509_spki_get_salt_size(spki); if (ret < 0) { fprintf(stderr, "spki_get_salt_size: %s\n", @@ -1152,6 +1161,8 @@ static void privkey_info_int(FILE *outfile, common_info_st * cinfo, } else fprintf(outfile, "\t\tSalt Length: %d\n", ret); } + + spki_skip: gnutls_x509_spki_deinit(spki); fprintf(outfile, "\tKey Security Level: %s (%u bits)\n\n", gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param diff --git a/src/certtool.c b/src/certtool.c index d6220c6a60..c92095a497 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -699,7 +699,7 @@ generate_certificate(gnutls_privkey_t * ret_key, gnutls_x509_spki_set_pk_algorithm(spki, GNUTLS_PK_RSA_PSS); gnutls_x509_spki_set_digest_algorithm(spki, get_dig(crt)); - result = gnutls_x509_crt_set_pk_algorithm(crt, spki, 0); + result = gnutls_x509_crt_set_spki(crt, spki, 0); gnutls_x509_spki_deinit(spki); if (result < 0) { fprintf(stderr, "error setting signing algorithm: %s\n", |