diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-03-19 14:36:46 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-03-19 14:36:46 +0000 |
commit | 95a7ce2cf821c2b8f31a57d6f5b094c1ff45426a (patch) | |
tree | 3d4ab410427a40940f1d55b87ceb6dfd9e6f617e | |
parent | c1a0a8967ed801bb5e44836cba79acfe4732dcfb (diff) | |
download | gnutls-95a7ce2cf821c2b8f31a57d6f5b094c1ff45426a.tar.gz |
Added the functions:
gnutls_x509_crq_get_attribute_by_oid() and
gnutls_x509_crq_set_attribute_by_oid().
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | lib/x509/crq.c | 122 |
3 files changed, 126 insertions, 5 deletions
@@ -20,6 +20,11 @@ See the end for copying conditions. GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. - Nettle self tests now build properly, reported by Pierre <pierre42d@9online.fr>. +- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. + Reported by Yoann Vandoorselaere <yoann@prelude-ids.org>. +- Added the functions: + gnutls_x509_crq_get_attribute_by_oid() and + gnutls_x509_crq_set_attribute_by_oid(). * Version 1.2.0 (2005-01-27) - Added the definitions and OIDs for the RIPEMD-160 hash algorithm. diff --git a/configure.in b/configure.in index 5f90a84ef0..0688afc780 100644 --- a/configure.in +++ b/configure.in @@ -32,8 +32,8 @@ AB_INIT # Interfaces changed/added/removed: CURRENT++ REVISION=0 # Interfaces added: AGE++ # Interfaces removed: AGE=0 -LT_CURRENT=13 -LT_REVISION=25 +LT_CURRENT=14 +LT_REVISION=26 LT_AGE=1 AC_SUBST(LT_CURRENT) AC_SUBST(LT_REVISION) diff --git a/lib/x509/crq.c b/lib/x509/crq.c index ec3232adfc..384d79a834 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -276,9 +276,8 @@ int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, * */ static int parse_attribute(ASN1_TYPE asn1_struct, - const char *attr_name, - const char *given_oid, int indx, - char *buf, size_t * sizeof_buf) + const char *attr_name, const char *given_oid, int indx, + char *buf, size_t * sizeof_buf) { int k1, result; char tmpbuffer1[64]; @@ -415,6 +414,79 @@ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, } /** + * gnutls_x509_crq_set_attribute_by_oid - This function will set an attribute in the request + * @crq: should contain a gnutls_x509_crq_t structure + * @oid: holds an Object Identified in null terminated string + * @buf: a pointer to a structure that holds the attribute data + * @sizeof_buf: holds the size of @buf + * + * This function will set the attribute in the certificate request specified + * by the given Object ID. The attribute must be be DER encoded. + * + * Returns 0 on success. + * + **/ +int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, + const char* oid, void* buf, size_t sizeof_buf) +{ + int result; + + if (crq == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + /* Add the attribute. + */ + result = + asn1_write_value(crq->crq, "certificationRequestInfo.attributes", + "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = + _gnutls_x509_encode_and_write_attribute(oid, + crq->crq, "certificationRequestInfo.attributes.?LAST", + buf, sizeof_buf, 1); + + if (result < 0) { + gnutls_assert(); + return result; + } + + return 0; +} + +/** + * gnutls_x509_crq_get_attribute_by_oid - This function will get an attribute of the request + * @crq: should contain a gnutls_x509_crq_t structure + * @oid: holds an Object Identified in null terminated string + * @indx: In case multiple same OIDs exist in the attribute list, this specifies + * which to send. Use zero to get the first one. + * @buf: a pointer to a structure to hold the attribute data (may be null) + * @sizeof_buf: initially holds the size of @buf + * + * This function will return the attribute in the certificate request specified + * by the given Object ID. The attribute will be DER encoded. + * + * Returns 0 on success. + * + **/ +int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, + const char* oid, int indx, void* buf, size_t* sizeof_buf) +{ + if (crq == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + return parse_attribute(crq->crq, "certificationRequestInfo.attributes", + oid, indx, buf, sizeof_buf); +} + +/** * gnutls_x509_crq_set_dn_by_oid - This function will set the Certificate request subject's distinguished name * @crq: should contain a gnutls_x509_crq_t structure * @oid: holds an Object Identifier in a null terminated string @@ -596,6 +668,50 @@ int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, } /** + * gnutls_x509_crq_set_attribute_by_oid - This function will set a challenge password + * @crq: should contain a gnutls_x509_crq_t structure + * @pass: holds a null terminated password + * + * This function will set a challenge password to be used when revoking the request. + * + * Returns 0 on success. + * + **/ +int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, + const char *pass) +{ + int result; + + if (crq == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + /* Add the attribute. + */ + result = + asn1_write_value(crq->crq, "certificationRequestInfo.attributes", + "NEW", 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = + _gnutls_x509_encode_and_write_attribute("1.2.840.113549.1.9.7", + crq->crq, + "certificationRequestInfo.attributes.?LAST", + pass, strlen(pass), 1); + + if (result < 0) { + gnutls_assert(); + return result; + } + + return 0; +} + +/** * gnutls_x509_crq_sign2 - This function will sign a Certificate request with a key * @crq: should contain a gnutls_x509_crq_t structure * @key: holds a private key |