diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-12 11:26:18 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-12 11:26:18 +0000 |
| commit | 52b6b11e993085cdc8df669a5334f51b93761e57 (patch) | |
| tree | 213315c4f73fdcbf42f0c39548df697da7b76166 | |
| parent | 2c79db7ea7e591d198936867c42dad63677cb697 (diff) | |
| download | gnutls-52b6b11e993085cdc8df669a5334f51b93761e57.tar.gz | |
added gnutls_x509_certificate_get_fingerprint(). Untested yet.
| -rw-r--r-- | includes/gnutls/x509.h | 3 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 4 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 4 | ||||
| -rw-r--r-- | lib/gnutls_ui.c | 12 | ||||
| -rw-r--r-- | lib/x509/x509.c | 43 |
5 files changed, 62 insertions, 4 deletions
diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index 64bad19450..eb3239ed85 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -187,6 +187,9 @@ int gnutls_x509_certificate_check_revocation(gnutls_x509_certificate cert, gnutls_x509_crl * crl_list, int crl_list_length); +int gnutls_x509_certificate_get_fingerprint(gnutls_x509_certificate cert, + gnutls_digest_algorithm algo, char *buf, + int *sizeof_buf); #ifdef __cplusplus } diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 31d297b219..fc93ef2f68 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -390,4 +390,6 @@ void* gnutls_session_get_ptr(gnutls_session session); void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status status); -int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, char* result, size_t* result_size); +/* fingerprint */ +int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, + char* result, size_t* result_size); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index d082f0cb42..e8122fd73c 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -166,6 +166,7 @@ typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, } gnutls_kx_algorithm; typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } gnutls_mac_algorithm; +typedef gnutls_mac_algorithm gnutls_digest_algorithm; typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB, GNUTLS_COMP_LZO @@ -644,4 +645,7 @@ void _gnutls_free_auth_info( gnutls_session session); void _gnutls_set_adv_version( gnutls_session, gnutls_protocol_version); gnutls_protocol_version _gnutls_get_adv_version( gnutls_session); +int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, + char* result, size_t* result_size); + #endif /* GNUTLS_INT_H */ diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 58f971107d..4515a6971a 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -265,8 +265,6 @@ int gnutls_certificate_client_get_request_status(gnutls_session session) return info->certificate_requested; } - -typedef gnutls_mac_algorithm gnutls_digest_algorithm; /** * gnutls_fingerprint - This function calculates the fingerprint of the given data * @algo: is a digest algorithm @@ -278,6 +276,12 @@ typedef gnutls_mac_algorithm gnutls_digest_algorithm; * This function will calculate a fingerprint (actually a hash), of the * given data. The result is not printable data. You should convert it * to hex, or to something else printable. + * + * This is the usual way to calculate a fingerprint of an X.509 + * DER encoded certificate. Note however that the fingerprint + * of an OpenPGP is not just a hash and cannot be calculated with + * this function. + * * Returns a negative value in case of an error. * **/ @@ -286,7 +290,9 @@ int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, c GNUTLS_HASH_HANDLE td; int hash_len = _gnutls_hash_get_algo_len(algo); - if (hash_len < 0 || (size_t)hash_len > *result_size) { + if (hash_len < 0 || (size_t)hash_len > *result_size || + result==NULL) + { *result_size = hash_len; return GNUTLS_E_SHORT_MEMORY_BUFFER; } diff --git a/lib/x509/x509.c b/lib/x509/x509.c index abaab1ea49..7260a3ab84 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -30,6 +30,7 @@ #include <dn.h> #include <extensions.h> #include <libtasn1.h> +#include <gnutls_ui.h> /** * gnutls_x509_certificate_init - This function initializes a gnutls_crl structure @@ -996,3 +997,45 @@ int gnutls_x509_certificate_check_revocation(gnutls_x509_certificate cert, return 0; /* not revoked. */ } +/** + * gnutls_x509_certificate_get_fingerprint - This function returns the Certificate's fingerprint + * @cert: should contain a gnutls_x509_certificate structure + * @algo: is a digest algorithm + * @buf: a pointer to a structure to hold the fingerprint (may be null) + * @sizeof_buf: initialy holds the size of 'buf' + * + * This function will calculate and copy the certificate's fingerprint + * in the provided buffer. + * + * If the buffer is null then only the size will be filled. + * + * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and + * in that case the sizeof_buf will be updated with the required size. + * On success zero is returned. + * + **/ +int gnutls_x509_certificate_get_fingerprint(gnutls_x509_certificate cert, + gnutls_digest_algorithm algo, char *buf, + int *sizeof_buf) +{ +opaque cert_buf[MAX_X509_CERT_SIZE]; +int cert_buf_size = sizeof( cert_buf); +int result; +gnutls_datum tmp; + + if (sizeof_buf == 0 || cert == NULL) { + return GNUTLS_E_INVALID_REQUEST; + } + + result = asn1_der_coding( cert->cert, "cert2", + cert_buf, &cert_buf_size, NULL); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + tmp.data = cert_buf; + tmp.size = cert_buf_size; + return gnutls_fingerprint( algo, &tmp, buf, sizeof_buf); +} |