diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-05-09 19:48:24 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-05-09 19:48:24 +0200 |
commit | 80d17ae5e9e55f5abad0633325b6b494f896438a (patch) | |
tree | 9c44b7bc533c2eeeeeba7d89a7bd6da3dfe6ca71 /lib/x509 | |
parent | ace8a662ff90679c575658e787f48577e2fd5940 (diff) | |
download | gnutls-80d17ae5e9e55f5abad0633325b6b494f896438a.tar.gz |
Added gnutls_pubkey_verify_hash2() and gnutls_pk_to_sign().
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/verify.c | 33 | ||||
-rw-r--r-- | lib/x509/x509.c | 33 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 4 |
3 files changed, 27 insertions, 43 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 4a133d451e..23bdcf72c5 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -788,39 +788,6 @@ _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo, return ret; } -int -_gnutls_x509_verify_hashed_data (const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_x509_crt_t issuer) -{ - gnutls_pk_params_st issuer_params; - int ret; - - /* Read the MPI parameters from the issuer's certificate. - */ - ret = - _gnutls_x509_crt_get_mpis (issuer, &issuer_params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = - pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (issuer, NULL), - hash, signature, &issuer_params); - if (ret < 0) - { - gnutls_assert (); - } - - /* release all allocated MPIs - */ - gnutls_pk_params_release(&issuer_params); - - return ret; -} - /** * gnutls_x509_crt_list_verify: * @cert_list: is the certificate list to be verified diff --git a/lib/x509/x509.c b/lib/x509/x509.c index d0de3cb97f..643f316f99 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -2693,7 +2693,7 @@ gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags, * This function will verify the given signed digest, using the * parameters from the certificate. * - * Deprecated. Please use gnutls_pubkey_verify_data(). + * Deprecated. Please use gnutls_pubkey_verify_data2() or gnutls_pubkey_verify_hash2(). * * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED * is returned, and zero or positive code on success. @@ -2703,7 +2703,9 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, const gnutls_datum_t * hash, const gnutls_datum_t * signature) { - int result; + gnutls_pk_params_st params; + gnutls_digest_algorithm_t algo; + int ret; if (crt == NULL) { @@ -2711,14 +2713,33 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_verify_hashed_data (hash, signature, crt); - if (result < 0) + ret = gnutls_x509_crt_get_verify_algorithm (crt, signature, &algo); + if (ret < 0) + return gnutls_assert_val(ret); + + /* Read the MPI parameters from the issuer's certificate. + */ + ret = + _gnutls_x509_crt_get_mpis (crt, ¶ms); + if (ret < 0) { gnutls_assert (); - return result; + return ret; } - return result; + ret = + pubkey_verify_hashed_data (gnutls_x509_crt_get_pk_algorithm (crt, NULL), algo, + hash, signature, ¶ms); + if (ret < 0) + { + gnutls_assert (); + } + + /* release all allocated MPIs + */ + gnutls_pk_params_release(¶ms); + + return ret; } /** diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 19c2c1238b..3cc18e4bb0 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -151,10 +151,6 @@ int _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo, const gnutls_datum_t * signature, gnutls_x509_crt_t issuer); -int _gnutls_x509_verify_hashed_data (const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_x509_crt_t issuer); - /* privkey.h */ ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, |