x509: never output our custom FIPS186-4 format

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

4 files changed, 26 insertions, 77 deletions

diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 3277ca2476..b1e22f58d9 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -336,7 +336,7 @@ _gnutls_x509_write_dsa_pubkey(gnutls_pk_params_st * params,
 /* Encodes the RSA parameters into an ASN.1 RSA private key structure.
  */
 static int
-_gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned compat)
+_gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params)
 {
 	int result, ret;
 	uint8_t null = '\0';
@@ -442,34 +442,11 @@ _gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned c
 		goto cleanup;
 	}
 
-	if (compat == 0 && (params->flags & GNUTLS_PK_FLAG_PROVABLE) && params->seed_size > 0) {
-		if ((result = asn1_write_value(*c2, "otherInfo",
-					       "seed", 1)) != ASN1_SUCCESS) {
-			gnutls_assert();
-			ret = _gnutls_asn2err(result);
-			goto cleanup;
-		}
-
-		if ((result = asn1_write_value(*c2, "otherInfo.seed.seed",
-					       params->seed, params->seed_size)) != ASN1_SUCCESS) {
-			gnutls_assert();
-			ret = _gnutls_asn2err(result);
-			goto cleanup;
-		}
-
-		if ((result = asn1_write_value(*c2, "otherInfo.seed.algorithm",
-					       gnutls_digest_get_oid(params->palgo), 1)) != ASN1_SUCCESS) {
-			gnutls_assert();
-			ret = _gnutls_asn2err(result);
-			goto cleanup;
-		}
-	} else {
-		if ((result = asn1_write_value(*c2, "otherInfo",
-					       NULL, 0)) != ASN1_SUCCESS) {
-			gnutls_assert();
-			ret = _gnutls_asn2err(result);
-			goto cleanup;
-		}
+	if ((result = asn1_write_value(*c2, "otherInfo",
+				       NULL, 0)) != ASN1_SUCCESS) {
+		gnutls_assert();
+		ret = _gnutls_asn2err(result);
+		goto cleanup;
 	}
 
 	if ((result =
@@ -583,7 +560,7 @@ cleanup:
 /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
  */
 static int
-_gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned compat)
+_gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params)
 {
 	int result, ret;
 	const uint8_t null = '\0';
@@ -643,23 +620,7 @@ _gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned c
 		goto cleanup;
 	}
 
-	if (params->seed_size > 0 && compat == 0) {
-		if ((result = asn1_write_value(*c2, "seed.seed",
-					       params->seed, params->seed_size)) != ASN1_SUCCESS) {
-			gnutls_assert();
-			ret = _gnutls_asn2err(result);
-			goto cleanup;
-		}
-
-		if ((result = asn1_write_value(*c2, "seed.algorithm",
-					       gnutls_digest_get_oid(params->palgo), 1)) != ASN1_SUCCESS) {
-			gnutls_assert();
-			ret = _gnutls_asn2err(result);
-			goto cleanup;
-		}
-	} else {
-		(void)asn1_write_value(*c2, "seed", NULL, 0);
-	}
+	(void)asn1_write_value(*c2, "seed", NULL, 0);
 
 	if ((result =
 	     asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) {
@@ -677,13 +638,13 @@ cleanup:
 }
 
 int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
-				gnutls_pk_params_st * params, unsigned compat)
+				gnutls_pk_params_st * params)
 {
 	switch (pk) {
 	case GNUTLS_PK_RSA:
-		return _gnutls_asn1_encode_rsa(c2, params, compat);
+		return _gnutls_asn1_encode_rsa(c2, params);
 	case GNUTLS_PK_DSA:
-		return _gnutls_asn1_encode_dsa(c2, params, compat);
+		return _gnutls_asn1_encode_dsa(c2, params);
 	case GNUTLS_PK_EC:
 		return _gnutls_asn1_encode_ecc(c2, params);
 	default:
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 72e4a109d7..8625ded182 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -112,7 +112,7 @@ gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst,
 
 	ret =
 	    _gnutls_asn1_encode_privkey(dst->pk_algorithm, &dst->key,
-					&dst->params, src->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
+					&dst->params);
 	if (ret < 0) {
 		gnutls_assert();
 		gnutls_pk_params_release(&dst->params);
@@ -975,7 +975,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key,
 
 	ret =
 	    _gnutls_asn1_encode_privkey(GNUTLS_PK_RSA, &key->key,
-					&key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
+					&key->params);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
@@ -1070,7 +1070,7 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
 
 	ret =
 	    _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &key->key,
-					&key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
+					&key->params);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
@@ -1221,15 +1221,9 @@ gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key,
 static const char *set_msg(gnutls_x509_privkey_t key)
 {
 	if (key->pk_algorithm == GNUTLS_PK_RSA) {
-		if (key->params.seed_size > 0 && !(key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT))
-			return PEM_KEY_RSA_PROVABLE;
-		else
-			return PEM_KEY_RSA;
+		return PEM_KEY_RSA;
 	} else if (key->pk_algorithm == GNUTLS_PK_DSA) {
-		if (key->params.seed_size > 0 && !(key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT))
-			return PEM_KEY_DSA_PROVABLE;
-		else
-			return PEM_KEY_DSA;
+		return PEM_KEY_DSA;
 	} else if (key->pk_algorithm == GNUTLS_PK_EC)
 		return PEM_KEY_ECC;
 	else
@@ -1273,11 +1267,9 @@ gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
 
 	msg = set_msg(key);
 
-	if (key->flags & GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT) {
-		ret = gnutls_x509_privkey_fix(key);
-		if (ret < 0)
-			return gnutls_assert_val(ret);
-	}
+	ret = gnutls_x509_privkey_fix(key);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
 
 	return _gnutls_x509_export_int(key->key, format, msg,
 				       output_data, output_data_size);
@@ -1318,11 +1310,9 @@ gnutls_x509_privkey_export2(gnutls_x509_privkey_t key,
 
 	msg = set_msg(key);
 
-	if (key->flags & GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT) {
-		ret = gnutls_x509_privkey_fix(key);
-		if (ret < 0)
-			return gnutls_assert_val(ret);
-	}
+	ret = gnutls_x509_privkey_fix(key);
+	if (ret < 0)
+		return gnutls_assert_val(ret);
 
 	return _gnutls_x509_export_int2(key->key, format, msg, out);
 }
@@ -1576,7 +1566,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key,
 		goto cleanup;
 	}
 
-	ret = _gnutls_asn1_encode_privkey(algo, &key->key, &key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
+	ret = _gnutls_asn1_encode_privkey(algo, &key->key, &key->params);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
@@ -2080,7 +2070,7 @@ int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key)
 
 	ret =
 	    _gnutls_asn1_encode_privkey(key->pk_algorithm, &key->key,
-					&key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
+					&key->params);
 	if (ret < 0) {
 		gnutls_assert();
 		return ret;
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 2872e54268..fcaf493b54 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -189,7 +189,6 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey,
 		goto error;
 	}
 
-
 	/* Write the raw private key
 	 */
 	result = _encode_privkey(pkey, &algo_privkey);
@@ -211,7 +210,6 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey,
 
 	if ((pkey->params.flags & GNUTLS_PK_FLAG_PROVABLE) && pkey->params.seed_size > 0) {
 		gnutls_datum_t seed_info;
-
 		result = _x509_encode_provable_seed(pkey, &seed_info);
 		if (result < 0) {
 			gnutls_assert();
@@ -1050,7 +1048,7 @@ _decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
 
 	ret =
 	    _gnutls_asn1_encode_privkey(GNUTLS_PK_DSA, &pkey->key,
-					&pkey->params, pkey->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT);
+					&pkey->params);
 	if (ret < 0) {
 		gnutls_assert();
 		goto error;
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 043c722bd9..f1e938bae7 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -250,7 +250,7 @@ _gnutls_x509_read_ecc_params(uint8_t * der, int dersize,
 			     unsigned int *curve);
 
 int _gnutls_asn1_encode_privkey(gnutls_pk_algorithm_t pk, ASN1_TYPE * c2,
-				gnutls_pk_params_st * params, unsigned compat);
+				gnutls_pk_params_st * params);
 
 /* extensions.c */
 int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,