From 2c5129f360384cc74aa94290c4edd1463d3e558f Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 7 Aug 2017 16:23:29 +0200 Subject: gnutls_pk_params_st: separate flags/qbits and curve Previously we were using the field flags to store the size of q in case of GNUTLS_PK_DH, some key generation flags in case of GNUTLS_PK_RSA, and the curve in case of elliptic curve key. Separate this into multiple fields to reduce confusion on the field. Signed-off-by: Nikos Mavrogiannopoulos --- lib/auth/dh_common.c | 4 ++-- lib/auth/ecdhe.c | 2 +- lib/crypto-backend.h | 4 +++- lib/crypto-selftests-pk.c | 4 ++-- lib/dh.c | 2 +- lib/nettle/pk.c | 50 +++++++++++++++++++++++------------------------ lib/pk.c | 8 +++++--- lib/pkcs11_write.c | 2 +- lib/privkey.c | 4 +++- lib/pubkey.c | 16 +++++++-------- lib/x509/key_decode.c | 2 +- lib/x509/key_encode.c | 12 ++++++------ lib/x509/mpi.c | 2 +- lib/x509/privkey.c | 10 +++++----- lib/x509/privkey_pkcs8.c | 4 ++-- lib/x509/prov-seed.c | 2 +- lib/x509/verify.c | 4 ++-- 17 files changed, 69 insertions(+), 63 deletions(-) diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index 1612f3427f..df57747183 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -244,7 +244,7 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, used_ffdhe = 1; _gnutls_session_group_set(session, session->internals.priorities->groups.entry[j]); - session->key.dh_params.flags = *session->internals.priorities->groups.entry[j]->q_bits; + session->key.dh_params.qbits = *session->internals.priorities->groups.entry[j]->q_bits; break; } } @@ -312,7 +312,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, gnutls_buffer_st * data) { int ret; - unsigned q_bits = session->key.dh_params.flags; + unsigned q_bits = session->key.dh_params.qbits; if (q_bits < 192 && q_bits != 0) { gnutls_assert(); diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index ae8c9f11fa..7baee665cf 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -99,7 +99,7 @@ static int calc_ecdh_key(gnutls_session_t session, pub.params[ECC_Y] = session->key.ecdh_y; pub.raw_pub.data = session->key.ecdhx.data; pub.raw_pub.size = session->key.ecdhx.size; - pub.flags = ecurve->id; + pub.curve = ecurve->id; ret = _gnutls_pk_derive(ecurve->pk, &tmp_dh_key, diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 0f8b93eab4..75f4326da4 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -189,7 +189,9 @@ typedef struct gnutls_x509_spki_st { typedef struct { bigint_t params[GNUTLS_MAX_PK_PARAMS]; unsigned int params_nr; /* the number of parameters */ - unsigned int flags; /* curve */ + unsigned int pkflags; /* gnutls_pk_flag_t */ + unsigned int qbits; /* GNUTLS_PK_DH */ + gnutls_ecc_curve_t curve; /* GNUTLS_PK_EC, GNUTLS_PK_ED25519 */ gnutls_datum_t raw_pub; /* used by x25519 */ gnutls_datum_t raw_priv; diff --git a/lib/crypto-selftests-pk.c b/lib/crypto-selftests-pk.c index e427bb7da5..22f0c868fa 100644 --- a/lib/crypto-selftests-pk.c +++ b/lib/crypto-selftests-pk.c @@ -608,8 +608,8 @@ static int test_ecdh(void) gnutls_pk_params_init(&priv); gnutls_pk_params_init(&pub); - priv.flags = GNUTLS_ECC_CURVE_SECP256R1; - pub.flags = GNUTLS_ECC_CURVE_SECP256R1; + priv.curve = GNUTLS_ECC_CURVE_SECP256R1; + pub.curve = GNUTLS_ECC_CURVE_SECP256R1; priv.algo = pub.algo = GNUTLS_PK_EC; diff --git a/lib/dh.c b/lib/dh.c index 6f5d5f7a5b..4686736946 100644 --- a/lib/dh.c +++ b/lib/dh.c @@ -56,7 +56,7 @@ int set_dh_pk_params(gnutls_session_t session, bigint_t g, bigint_t p, session->key.dh_params.params_nr = 3; /* include empty q */ session->key.dh_params.algo = GNUTLS_PK_DH; - session->key.dh_params.flags = q_bits; + session->key.dh_params.qbits = q_bits; return 0; } diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 68260e4071..cc258d5ca6 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -272,7 +272,7 @@ dh_cleanup: out->data = NULL; - curve = get_supported_nist_curve(priv->flags); + curve = get_supported_nist_curve(priv->curve); if (curve == NULL) return gnutls_assert_val @@ -289,7 +289,7 @@ dh_cleanup: return gnutls_assert_val(ret); } - out->size = gnutls_ecc_curve_get_size(priv->flags); + out->size = gnutls_ecc_curve_get_size(priv->curve); /*ecc_size(curve)*sizeof(mp_limb_t); */ out->data = gnutls_malloc(out->size); if (out->data == NULL) { @@ -311,7 +311,7 @@ dh_cleanup: } case GNUTLS_PK_ECDH_X25519: { - unsigned size = gnutls_ecc_curve_get_size(priv->flags); + unsigned size = gnutls_ecc_curve_get_size(priv->curve); /* The point is in pub, while the private part (scalar) in priv. */ @@ -572,7 +572,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, if (IS_EC(algo)) { /* check if the curve relates to the algorithm used */ - if (gnutls_ecc_curve_get_pk(pk_params->flags) != algo) + if (gnutls_ecc_curve_get_pk(pk_params->curve) != algo) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); } @@ -581,10 +581,10 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, { const gnutls_ecc_curve_entry_st *e; - if (pk_params->flags != GNUTLS_ECC_CURVE_ED25519) + if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); - e = _gnutls_ecc_curve_get_params(pk_params->flags); + e = _gnutls_ecc_curve_get_params(pk_params->curve); if (e == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -609,7 +609,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, { struct ecc_scalar priv; struct dsa_signature sig; - int curve_id = pk_params->flags; + int curve_id = pk_params->curve; const struct ecc_curve *curve; curve = get_supported_nist_curve(curve_id); @@ -851,7 +851,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, if (IS_EC(algo)) { /* check if the curve relates to the algorithm used */ - if (gnutls_ecc_curve_get_pk(pk_params->flags) != algo) + if (gnutls_ecc_curve_get_pk(pk_params->curve) != algo) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); } @@ -860,10 +860,10 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, { const gnutls_ecc_curve_entry_st *e; - if (pk_params->flags != GNUTLS_ECC_CURVE_ED25519) + if (pk_params->curve != GNUTLS_ECC_CURVE_ED25519) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); - e = _gnutls_ecc_curve_get_params(pk_params->flags); + e = _gnutls_ecc_curve_get_params(pk_params->curve); if (e == NULL) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); @@ -886,7 +886,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, { struct ecc_point pub; struct dsa_signature sig; - int curve_id = pk_params->flags; + int curve_id = pk_params->curve; const struct ecc_curve *curve; curve = get_supported_nist_curve(curve_id); @@ -1113,7 +1113,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, if (q_bits == 0) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); - if (_gnutls_fips_mode_enabled() != 0 || params->flags & GNUTLS_PK_FLAG_PROVABLE) { + if (_gnutls_fips_mode_enabled() != 0 || params->pkflags & GNUTLS_PK_FLAG_PROVABLE) { if (algo==GNUTLS_PK_DSA) index = 1; else @@ -1338,7 +1338,7 @@ int _gnutls_ecdh_generate_key(gnutls_ecc_curve_t curve, int ret; gnutls_pk_params_init(¶ms); - params.flags = curve; + params.curve = curve; params.algo = GNUTLS_PK_ECDSA; x->data = NULL; @@ -1395,7 +1395,7 @@ int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, gnutls_pk_params_init(&priv); pub.algo = GNUTLS_PK_ECDSA; - pub.flags = curve; + pub.curve = curve; if (_gnutls_mpi_init_scan_nz (&pub.params[ECC_Y], peer_y->data, @@ -1442,7 +1442,7 @@ int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve, priv.params_nr = 3; priv.algo = GNUTLS_PK_ECDSA; - priv.flags = curve; + priv.curve = curve; Z->data = NULL; @@ -1742,8 +1742,8 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, mpz_set_ui(pub.e, 65537); - if ((params->flags & GNUTLS_PK_FLAG_PROVABLE) || _gnutls_fips_mode_enabled() != 0) { - params->flags |= GNUTLS_PK_FLAG_PROVABLE; + if ((params->pkflags & GNUTLS_PK_FLAG_PROVABLE) || _gnutls_fips_mode_enabled() != 0) { + params->pkflags |= GNUTLS_PK_FLAG_PROVABLE; if (params->palgo != 0 && params->palgo != GNUTLS_DIG_SHA384) { ret = GNUTLS_E_INVALID_REQUEST; goto rsa_fail; @@ -1809,7 +1809,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, { unsigned size = gnutls_ecc_curve_get_size(level); - if (params->flags & GNUTLS_PK_FLAG_PROVABLE) + if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (level != GNUTLS_ECC_CURVE_ED25519) @@ -1818,7 +1818,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, if (size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - params->flags = level; + params->curve = level; params->raw_priv.data = gnutls_malloc(size); if (params->raw_priv.data == NULL) @@ -1843,7 +1843,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, break; } case GNUTLS_PK_ECDSA: - if (params->flags & GNUTLS_PK_FLAG_PROVABLE) + if (params->pkflags & GNUTLS_PK_FLAG_PROVABLE) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); { @@ -1873,7 +1873,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, goto ecc_fail; } - params->flags = level; + params->curve = level; params->params_nr = ECC_PRIVATE_PARAMS; ecc_point_get(&pub, TOMPZ(params->params[ECC_X]), @@ -1898,7 +1898,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, if (size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - params->flags = level; + params->curve = level; params->raw_priv.data = gnutls_malloc(size); if (params->raw_priv.data == NULL) @@ -2093,7 +2093,7 @@ wrap_nettle_pk_verify_priv_params(gnutls_pk_algorithm_t algo, gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); - curve = get_supported_nist_curve(params->flags); + curve = get_supported_nist_curve(params->curve); if (curve == NULL) return gnutls_assert_val @@ -2201,7 +2201,7 @@ wrap_nettle_pk_verify_pub_params(gnutls_pk_algorithm_t algo, gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); - curve = get_supported_nist_curve(params->flags); + curve = get_supported_nist_curve(params->curve); if (curve == NULL) return gnutls_assert_val @@ -2331,7 +2331,7 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, return gnutls_assert_val(GNUTLS_E_PK_INVALID_PRIVKEY); } } else if (algo == GNUTLS_PK_EDDSA_ED25519) { - if (params->flags != GNUTLS_ECC_CURVE_ED25519) + if (params->curve != GNUTLS_ECC_CURVE_ED25519) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); if (params->raw_priv.data == NULL) diff --git a/lib/pk.c b/lib/pk.c index edf3892cdd..e736242fd8 100644 --- a/lib/pk.c +++ b/lib/pk.c @@ -304,7 +304,9 @@ int _gnutls_pk_params_copy(gnutls_pk_params_st * dst, return GNUTLS_E_INVALID_REQUEST; } - dst->flags = src->flags; + dst->pkflags = src->pkflags; + dst->curve = src->curve; + dst->qbits = src->qbits; dst->algo = src->algo; for (i = 0; i < src->params_nr; i++) { @@ -830,9 +832,9 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, } if (curve) - *curve = params->flags; + *curve = params->curve; - if (curve_is_eddsa(params->flags)) { + if (curve_is_eddsa(params->curve)) { if (x) { ret = _gnutls_set_datum(x, params->raw_pub.data, params->raw_pub.size); if (ret < 0) { diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index c58d6e7617..4386f727e1 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -887,7 +887,7 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, case GNUTLS_PK_EC: { ret = - _gnutls_x509_write_ecc_params(key->params.flags, + _gnutls_x509_write_ecc_params(key->params.curve, &p); if (ret < 0) { gnutls_assert(); diff --git a/lib/privkey.c b/lib/privkey.c index b67f8e18ce..8f45a9ce84 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -153,7 +153,9 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk, int ret; pub->algo = priv->algo; - pub->flags = priv->flags; + pub->pkflags = priv->pkflags; + pub->curve = priv->curve; + pub->qbits = priv->qbits; memcpy(&pub->spki, &priv->spki, sizeof(gnutls_x509_spki_st)); switch (pk) { diff --git a/lib/pubkey.c b/lib/pubkey.c index e461195d4e..07fc8670e1 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -57,7 +57,7 @@ unsigned pubkey_to_bits(const gnutls_pk_params_st * params) return _gnutls_mpi_get_nbits(params->params[DSA_P]); case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: - return gnutls_ecc_curve_get_size(params->flags) * 8; + return gnutls_ecc_curve_get_size(params->curve) * 8; default: return 0; } @@ -867,7 +867,7 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key, } if (curve) - *curve = key->params.flags; + *curve = key->params.curve; if (key->params.algo == GNUTLS_PK_EDDSA_ED25519) { if (x) { @@ -941,7 +941,7 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, goto cleanup; } - ret = _gnutls_x509_write_ecc_params(key->params.flags, parameters); + ret = _gnutls_x509_write_ecc_params(key->params.curve, parameters); if (ret < 0) { _gnutls_free_datum(ecpoint); gnutls_assert(); @@ -1031,7 +1031,7 @@ gnutls_pubkey_import(gnutls_pubkey_t key, */ key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL); - key->params.flags = curve; + key->params.curve = curve; key->bits = pubkey_to_bits(&key->params); result = 0; @@ -1332,13 +1332,13 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, } key->params.algo = GNUTLS_PK_EDDSA_ED25519; - key->params.flags = curve; + key->params.curve = curve; return 0; } /* ECDSA */ - key->params.flags = curve; + key->params.curve = curve; if (_gnutls_mpi_init_scan_nz (&key->params.params[ECC_X], x->data, x->size)) { @@ -1398,7 +1398,7 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, ret = _gnutls_x509_read_ecc_params(parameters->data, - parameters->size, &key->params.flags); + parameters->size, &key->params.curve); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2039,7 +2039,7 @@ const mac_entry_st *_gnutls_dsa_q_to_hash(const gnutls_pk_params_st * if (params->algo == GNUTLS_PK_DSA) bits = _gnutls_mpi_get_nbits(params->params[1]); else if (params->algo == GNUTLS_PK_EC) - bits = gnutls_ecc_curve_get_size(params->flags) * 8; + bits = gnutls_ecc_curve_get_size(params->curve) * 8; if (bits <= 160) { if (hash_len) diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 08d352c6f8..c5dfb5b3b2 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -446,7 +446,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: return _gnutls_x509_read_dsa_params(der, dersize, params); case GNUTLS_PK_EC: - return _gnutls_x509_read_ecc_params(der, dersize, ¶ms->flags); + return _gnutls_x509_read_ecc_params(der, dersize, ¶ms->curve); default: return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); } diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index d9d2cc8984..0f12975d18 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -118,7 +118,7 @@ _gnutls_x509_write_ecc_pubkey(gnutls_pk_params_st * params, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); result = - _gnutls_ecc_ansi_x962_export(params->flags, + _gnutls_ecc_ansi_x962_export(params->curve, params->params[ECC_X], params->params[ECC_Y], /*&out */ der); @@ -146,7 +146,7 @@ _gnutls_x509_write_eddsa_pubkey(gnutls_pk_params_st * params, if (params->raw_pub.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (params->flags != GNUTLS_ECC_CURVE_ED25519) + if (params->curve != GNUTLS_ECC_CURVE_ED25519) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); @@ -174,7 +174,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_params_st * params, case GNUTLS_PK_RSA_PSS: return _gnutls_x509_write_rsa_pss_params(¶ms->spki, der); case GNUTLS_PK_ECDSA: - return _gnutls_x509_write_ecc_params(params->flags, der); + return _gnutls_x509_write_ecc_params(params->curve, der); case GNUTLS_PK_EDDSA_ED25519: der->data = NULL; der->size = 0; @@ -631,7 +631,7 @@ _gnutls_asn1_encode_ecc(ASN1_TYPE * c2, gnutls_pk_params_st * params) gnutls_datum_t pubkey = { NULL, 0 }; const char *oid; - oid = gnutls_ecc_curve_get_oid(params->flags); + oid = gnutls_ecc_curve_get_oid(params->curve); if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); @@ -656,7 +656,7 @@ _gnutls_asn1_encode_ecc(ASN1_TYPE * c2, gnutls_pk_params_st * params) goto cleanup; } - if (curve_is_eddsa(params->flags)) { + if (curve_is_eddsa(params->curve)) { if (params->raw_pub.size == 0 || params->raw_priv.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = @@ -679,7 +679,7 @@ _gnutls_asn1_encode_ecc(ASN1_TYPE * c2, gnutls_pk_params_st * params) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = - _gnutls_ecc_ansi_x962_export(params->flags, + _gnutls_ecc_ansi_x962_export(params->curve, params->params[ECC_X], params->params[ECC_Y], &pubkey); if (ret < 0) diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 8b5558214f..5bf01de347 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -126,7 +126,7 @@ _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root, } pk_algorithm = result; - params->flags = curve; + params->curve = curve; params->algo = pk_algorithm; /* Read the algorithm's parameters diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index dc02738cf9..684c584c23 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -290,16 +290,16 @@ _gnutls_privkey_decode_ecc_key(ASN1_TYPE* pkey_asn, const gnutls_datum_t * raw_k goto error; } - pkey->params.flags = gnutls_oid_to_ecc_curve(oid); + pkey->params.curve = gnutls_oid_to_ecc_curve(oid); - if (pkey->params.flags == GNUTLS_ECC_CURVE_INVALID) { + if (pkey->params.curve == GNUTLS_ECC_CURVE_INVALID) { _gnutls_debug_log("Curve %s is not supported\n", oid); gnutls_assert(); ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE; goto error; } } else { - pkey->params.flags = curve; + pkey->params.curve = curve; } @@ -1111,7 +1111,7 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, gnutls_pk_params_init(&key->params); - key->params.flags = curve; + key->params.curve = curve; if (curve_is_eddsa(curve)) { key->params.algo = GNUTLS_PK_EDDSA_ED25519; @@ -1649,7 +1649,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, } if (flags & GNUTLS_PRIVKEY_FLAG_PROVABLE) { - key->params.flags |= GNUTLS_PK_FLAG_PROVABLE; + key->params.pkflags |= GNUTLS_PK_FLAG_PROVABLE; } key->params.algo = algo; diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 4cad7bfcdc..b35a04aefd 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -219,7 +219,7 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, goto error; } - if ((pkey->params.flags & GNUTLS_PK_FLAG_PROVABLE) && pkey->params.seed_size > 0) { + if ((pkey->params.pkflags & GNUTLS_PK_FLAG_PROVABLE) && pkey->params.seed_size > 0) { gnutls_datum_t seed_info; result = _x509_encode_provable_seed(pkey, &seed_info); @@ -1092,7 +1092,7 @@ _decode_pkcs8_eddsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, const c pkey->params.algo = GNUTLS_PK_EDDSA_ED25519; pkey->params.raw_priv.data = tmp.data; pkey->params.raw_priv.size = tmp.size; - pkey->params.flags = curve; + pkey->params.curve = curve; tmp.data = NULL; return 0; diff --git a/lib/x509/prov-seed.c b/lib/x509/prov-seed.c index b0f40c5802..da35efd4f2 100644 --- a/lib/x509/prov-seed.c +++ b/lib/x509/prov-seed.c @@ -124,7 +124,7 @@ int _x509_decode_provable_seed(gnutls_x509_privkey_t pkey, const gnutls_datum_t } pkey->params.palgo = gnutls_oid_to_digest(oid); - pkey->params.flags |= GNUTLS_PK_FLAG_PROVABLE; + pkey->params.pkflags |= GNUTLS_PK_FLAG_PROVABLE; ret = 0; diff --git a/lib/x509/verify.c b/lib/x509/verify.c index d50d655b67..66e49d60d8 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -511,7 +511,7 @@ static unsigned is_level_acceptable( return gnutls_assert_val(0); } - curve = params.flags; + curve = params.curve; gnutls_pk_params_release(¶ms); if (curve != GNUTLS_ECC_CURVE_SECP256R1 && @@ -539,7 +539,7 @@ static unsigned is_level_acceptable( return gnutls_assert_val(0); } - issuer_curve = params.flags; + issuer_curve = params.curve; gnutls_pk_params_release(¶ms); if (issuer_curve != GNUTLS_ECC_CURVE_SECP256R1 && -- cgit v1.2.1