diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-26 14:59:33 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-26 14:59:33 +0000 |
commit | 84ddcfc4681779a395ac4bf71190a00b89fad076 (patch) | |
tree | 6f20ebbfb152754ff51992bdcdb285d80212b91d /lib/x509/sign.c | |
parent | 95f9e0fd4a4acc9a7552e4efc0dc04627936305a (diff) | |
download | gnutls-84ddcfc4681779a395ac4bf71190a00b89fad076.tar.gz |
corrected signing and verifying with DSA keys.
Diffstat (limited to 'lib/x509/sign.c')
-rw-r--r-- | lib/x509/sign.c | 57 |
1 files changed, 10 insertions, 47 deletions
diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 340a599174..b32c21569b 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -279,7 +279,6 @@ int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char* src_name, { int result; gnutls_datum signature; -const char* pk; char name[128]; /* Step 1. Copy the issuer's name into the certificate. @@ -296,39 +295,16 @@ char name[128]; /* Step 1.5. Write the signature stuff in the tbsCertificate. */ - /* write the RSA OID - */ - pk = _gnutls_x509_sign2oid( issuer_key->pk_algorithm, GNUTLS_MAC_SHA); - if (pk == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - _gnutls_str_cpy( name, sizeof(name), src_name); - _gnutls_str_cat( name, sizeof(name), ".signature.algorithm"); + _gnutls_str_cat( name, sizeof(name), ".signature"); - result = asn1_write_value( src, name, pk, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - -#warning CHECKME - /* disable parameters, which are not used in RSA. - */ - _gnutls_str_cpy( name, sizeof(name), src_name); - _gnutls_str_cat( name, sizeof(name), ".signature.parameters"); - - result = asn1_write_value( src, name, NULL, 0); - if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { - /* Here we ignore the element not found error, since this - * may have been disabled before. - */ + result = _gnutls_x509_write_sig_params( src, name, + issuer_key->pk_algorithm, issuer_key->params, issuer_key->params_size); + if (result < 0) { gnutls_assert(); - return _gnutls_asn2err(result); + return result; } - /* Step 2. Sign the certificate. */ result = _gnutls_x509_sign_tbs( src, src_name, GNUTLS_MAC_SHA, @@ -350,28 +326,15 @@ char name[128]; return _gnutls_asn2err(result); } - /* Step 2. Move up and write the AlgorithmIdentifier, which is also + /* Step 3. Move up and write the AlgorithmIdentifier, which is also * the same. */ - /* write the RSA or DSA OID - */ - result = asn1_write_value( src, "signatureAlgorithm.algorithm", pk, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - -#warning CHECKME - /* disable parameters, which are not used in RSA. - */ - result = asn1_write_value( src, "signatureAlgorithm.parameters", NULL, 0); - if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { - /* Here we ignore the element not found error, since this - * may have been disabled before. - */ + result = _gnutls_x509_write_sig_params( src, "signatureAlgorithm", + issuer_key->pk_algorithm, issuer_key->params, issuer_key->params_size); + if (result < 0) { gnutls_assert(); - return _gnutls_asn2err(result); + return result; } return 0; |