diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-07-09 14:22:34 +0300 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-10 12:45:36 +0200 |
| commit | 2473836074c4803030aecc609233c915e954a179 (patch) | |
| tree | 75f78c4ee10142fbbdbc0c8d1bff88e49ae278ac | |
| parent | 025abe3d3693ebdbd55d8a0c8953eaebe8c4b87e (diff) | |
| download | gnutls-2473836074c4803030aecc609233c915e954a179.tar.gz | |
lib/x509: use new function to deduce default GOST paramset
Use new _gnutls_gost_paramset_default() function to deduce default GOST
paramset, instead of hardcoding if/else in several places.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
| -rw-r--r-- | lib/x509/key_decode.c | 15 | ||||
| -rw-r--r-- | lib/x509/key_encode.c | 9 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 8 | ||||
| -rw-r--r-- | lib/x509/privkey_pkcs8.c | 2 | ||||
| -rw-r--r-- | lib/x509/x509_int.h | 3 |
5 files changed, 13 insertions, 24 deletions
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 9d67f1b3d5..02b381ec85 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -28,6 +28,7 @@ #include <datum.h> #include "common.h" #include "x509_int.h" +#include "pk.h" #include <num.h> #include <ecc.h> @@ -435,14 +436,15 @@ _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize, */ int _gnutls_x509_read_gost_params(uint8_t * der, int dersize, - gnutls_pk_params_st * params) + gnutls_pk_params_st * params, + gnutls_pk_algorithm_t algo) { int ret; ASN1_TYPE spk = ASN1_TYPE_EMPTY; char oid[MAX_OID_SIZE]; int oid_size; gnutls_ecc_curve_t curve; - int param; + gnutls_gost_paramset_t param; if ((ret = asn1_create_element(_gnutls_get_gnutls_asn(), "GNUTLS.GOSTParameters", @@ -486,11 +488,6 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize, } /* For now ignore the OID: we use pk OID instead */ - if (!strcmp(oid, HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS)) - param = GNUTLS_GOST_PARAMSET_CP_A; - else - param = GNUTLS_GOST_PARAMSET_TC26_Z; - oid_size = sizeof(oid); ret = asn1_read_value(spk, "encryptionParamSet", oid, &oid_size); if (ret != ASN1_SUCCESS && @@ -502,6 +499,8 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize, if (ret != ASN1_ELEMENT_NOT_FOUND) param = gnutls_oid_to_gost_paramset(oid); + else + param = _gnutls_gost_paramset_default(algo); if (param == GNUTLS_GOST_PARAMSET_UNKNOWN) { gnutls_assert(); @@ -592,7 +591,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: case GNUTLS_PK_GOST_12_512: - return _gnutls_x509_read_gost_params(der, dersize, params); + return _gnutls_x509_read_gost_params(der, dersize, params, algo); default: return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); } diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 6cd42f2c0f..bbcbab2e16 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -581,13 +581,8 @@ _gnutls_x509_write_gost_params(gnutls_pk_params_st * params, goto cleanup; } - if (params->algo == GNUTLS_PK_GOST_01) { - if (params->gost_params == GNUTLS_GOST_PARAMSET_CP_A) - oid = NULL; - } else { - if (params->gost_params == GNUTLS_GOST_PARAMSET_TC26_Z) - oid = NULL; - } + if (params->gost_params == _gnutls_gost_paramset_default(params->algo)) + oid = NULL; if ((result = asn1_write_value(spk, "encryptionParamSet", oid, diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 96465cf763..0f098c14e0 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1775,14 +1775,8 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, } if (IS_GOSTEC(algo)) { - unsigned params; int size; - if (algo == GNUTLS_PK_GOST_01) - params = GNUTLS_GOST_PARAMSET_CP_A; - else - params = GNUTLS_GOST_PARAMSET_TC26_Z; - if (GNUTLS_BITS_ARE_CURVE(bits)) bits = GNUTLS_BITS_TO_CURVE(bits); else @@ -1797,7 +1791,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } - key->params.gost_params = params; + key->params.gost_params = _gnutls_gost_paramset_default(algo); } if (flags & GNUTLS_PRIVKEY_FLAG_PROVABLE) { diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 263dafc265..cc15d0093b 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1230,7 +1230,7 @@ _decode_pkcs8_gost_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, ret = GNUTLS_E_PARSING_ERROR; goto error; } else { - ret = _gnutls_x509_read_gost_params(oid, len, &pkey->params); + ret = _gnutls_x509_read_gost_params(oid, len, &pkey->params, algo); if (ret < 0) { gnutls_assert(); goto error; diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index a38ed8a3fc..80e4be1614 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -264,7 +264,8 @@ _gnutls_x509_read_ecc_params(uint8_t * der, int dersize, int _gnutls_x509_read_gost_params(uint8_t * der, int dersize, - gnutls_pk_params_st * params); + gnutls_pk_params_st * params, + gnutls_pk_algorithm_t algo); int _gnutls_asn1_encode_privkey(ASN1_TYPE * c2, gnutls_pk_params_st * params); |