diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-02 07:50:59 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-02 07:50:59 +0000 |
commit | 705f86f2177fb479726d3541bf319b8c02b10e4f (patch) | |
tree | 5df0812bce06a260e21a4347a7a6f6c1505d28a9 | |
parent | 668d09aaea92e4b323bd4fa40287fe57d0e412b1 (diff) | |
download | gnutls-705f86f2177fb479726d3541bf319b8c02b10e4f.tar.gz |
Some changes to preserve binary compatibility.
-rw-r--r-- | lib/gnutls.h.in.in | 8 | ||||
-rw-r--r-- | lib/gnutls_int.h | 8 | ||||
-rw-r--r-- | lib/x509/pkcs12_bag.c | 17 | ||||
-rw-r--r-- | lib/x509/privkey.h | 13 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 14 |
5 files changed, 36 insertions, 24 deletions
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 932196ccb9..81b39d8415 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -111,18 +111,18 @@ typedef enum gnutls_handshake_description { GNUTLS_HANDSHAKE_HELLO_REQUEST, */ #define GNUTLS_CERT_NOT_TRUSTED GNUTLS_CERT_INVALID typedef enum gnutls_certificate_status { - GNUTLS_CERT_INVALID=1, /* will be set if the certificate + GNUTLS_CERT_INVALID=2, /* will be set if the certificate * was not verified. */ - GNUTLS_CERT_REVOKED=2, /* in X.509 this will be set only if CRLs are checked + GNUTLS_CERT_REVOKED=32, /* in X.509 this will be set only if CRLs are checked */ /* Those are extra information about the verification * process. Will be set only if the certificate was * not verified. */ - GNUTLS_CERT_SIGNER_NOT_FOUND=4, - GNUTLS_CERT_SIGNER_NOT_CA=8 + GNUTLS_CERT_SIGNER_NOT_FOUND=64, + GNUTLS_CERT_SIGNER_NOT_CA=128 } gnutls_certificate_status; typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index d9d1274b2d..7581280fe9 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -107,18 +107,18 @@ typedef struct { opaque pint[3]; } uint24; typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType; typedef enum gnutls_certificate_status { - GNUTLS_CERT_INVALID=1, /* will be set if the certificate + GNUTLS_CERT_INVALID=2, /* will be set if the certificate * was not verified. */ - GNUTLS_CERT_REVOKED=2, /* in X.509 this will be set only if CRLs are checked + GNUTLS_CERT_REVOKED=32, /* in X.509 this will be set only if CRLs are checked */ /* Those are extra information about the verification * process. Will be set only if the certificate was * not verified. */ - GNUTLS_CERT_SIGNER_NOT_FOUND=4, - GNUTLS_CERT_SIGNER_NOT_CA=8 + GNUTLS_CERT_SIGNER_NOT_FOUND=64, + GNUTLS_CERT_SIGNER_NOT_CA=128 } gnutls_certificate_status; typedef enum gnutls_certificate_request { GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } gnutls_certificate_request; diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 63463c841b..affe903b02 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -31,7 +31,7 @@ #include <gnutls_errors.h> #include <common.h> #include <pkcs12.h> - +#include <privkey.h> /** * gnutls_pkcs12_bag_init - This function initializes a gnutls_pkcs12_bag structure @@ -542,7 +542,7 @@ gnutls_datum dec; * gnutls_pkcs12_bag_encrypt - This function will encrypt a bag * @bag: The bag * @pass: The password used for encryption - * @flags: should be zero for now + * @flags: should be one of gnutls_pkcs_encrypt_flags elements bitwise or'd * * This function will encrypt the given bag and return 0 on success. * @@ -553,6 +553,7 @@ int ret; ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; gnutls_datum der = {NULL, 0}; gnutls_datum enc = {NULL, 0}; +schema_id id; if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { gnutls_assert(); @@ -579,9 +580,19 @@ gnutls_datum enc = {NULL, 0}; return ret; } + if (flags & GNUTLS_PKCS_PLAIN) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) id = PKCS12_ARCFOUR_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) id = PKCS12_RC2_40_SHA1; + else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) id = PBES2; + else id = PKCS12_3DES_SHA1; + /* Now encrypt them. */ - ret = _gnutls_pkcs7_encrypt_data( PKCS12_3DES_SHA1, &der, pass, &enc); + ret = _gnutls_pkcs7_encrypt_data( id, &der, pass, &enc); _gnutls_free_datum( &der); diff --git a/lib/x509/privkey.h b/lib/x509/privkey.h index 91f80e09b2..56dfd26190 100644 --- a/lib/x509/privkey.h +++ b/lib/x509/privkey.h @@ -1,11 +1,12 @@ -typedef enum gnutls_privkey_pkcs8_flags { - GNUTLS_PKCS8_PLAIN=1, /* if set the private key will not +typedef enum gnutls_pkcs_encrypt_flags { + GNUTLS_PKCS_PLAIN=1, /* if set the private key will not * be encrypted. */ - GNUTLS_PKCS8_USE_PKCS12_3DES, - GNUTLS_PKCS8_USE_PKCS12_ARCFOUR, - GNUTLS_PKCS8_USE_PKCS12_RC2_40 -} gnutls_privkey_pkcs8_flags; + GNUTLS_PKCS_USE_PKCS12_3DES=2, + GNUTLS_PKCS_USE_PKCS12_ARCFOUR=4, + GNUTLS_PKCS_USE_PKCS12_RC2_40=8, + GNUTLS_PKCS_USE_PBES2_3DES=16 +} gnutls_pkcs_encrypt_flags; int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data, gnutls_x509_crt_fmt format); diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index d4e1c5ca76..b6a835dfa1 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -374,7 +374,7 @@ int encode_to_pkcs8_key( schema_id schema, const gnutls_datum * der_key, * @key: Holds the key * @format: the format of output params. One of PEM or DER. * @password: the password that will be used to encrypt the key - * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags + * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will be replaced by the actual size of parameters) * @@ -415,17 +415,17 @@ int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey key, return ret; } - if (flags & GNUTLS_PKCS8_USE_PKCS12_3DES) + if (flags & GNUTLS_PKCS_USE_PKCS12_3DES) schema = PKCS12_3DES_SHA1; - else if (flags & GNUTLS_PKCS8_USE_PKCS12_ARCFOUR) + else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) schema = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS8_USE_PKCS12_RC2_40) + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) schema = PKCS12_RC2_40_SHA1; else schema = PBES2; - if ((flags & GNUTLS_PKCS8_PLAIN) || password == NULL) + if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) { _gnutls_free_datum(&tmp); @@ -800,7 +800,7 @@ int decode_private_key_info(const gnutls_datum * der, * @data: The DER or PEM encoded key. * @format: One of DER or PEM * @password: the password to decrypt the key (if it is encrypted) - * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags + * @flags: use 0. * * This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key * to the native gnutls_x509_privkey format. The output will be stored in 'key'. @@ -859,7 +859,7 @@ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, need_free = 1; } - if (flags & GNUTLS_PKCS8_PLAIN || password == NULL) { + if (flags & GNUTLS_PKCS_PLAIN || password == NULL) { result = decode_private_key_info(&_data, key, &key->key); } else { /* encrypted. */ result = decode_pkcs8_key(&_data, password, key, &key->key); |