summaryrefslogtreecommitdiff
path: root/lib/x509
diff options
context:
space:
mode:
authorDaiki Ueno <dueno@redhat.com>2019-07-29 14:01:11 +0200
committerDaiki Ueno <dueno@redhat.com>2019-08-08 13:14:46 +0200
commit8eb3a29336ea11f6b417ce7e25d53513509bdd87 (patch)
treee2b29005194ac51d83b540c716088fe32358a6ee /lib/x509
parent3dd0df9e1a499c7b31bf7b4a315e797d2195c1ba (diff)
downloadgnutls-8eb3a29336ea11f6b417ce7e25d53513509bdd87.tar.gz
pk: implement deterministic ECDSA/DSA
This exposes the deterministic ECDSA/DSA functionality through the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag. Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'lib/x509')
-rw-r--r--lib/x509/crq.c2
-rw-r--r--lib/x509/pkcs7.c2
-rw-r--r--lib/x509/sign.c2
3 files changed, 6 insertions, 0 deletions
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index c8899f81a5..4ca67535dd 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2642,6 +2642,8 @@ gnutls_x509_crq_privkey_sign(gnutls_x509_crq_t crq, gnutls_privkey_t key,
if (se == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+ FIX_SIGN_PARAMS(params, flags, dig);
+
result = privkey_sign_and_hash_data(key, se,
&tbs, &signature, &params);
gnutls_free(tbs.data);
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 21fff7b07a..98669e8879 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -2532,6 +2532,8 @@ int gnutls_pkcs7_sign(gnutls_pkcs7_t pkcs7,
goto cleanup;
}
+ FIX_SIGN_PARAMS(params, flags, dig);
+
ret = privkey_sign_and_hash_data(signer_key, se,
&sigdata, &signature, &params);
if (ret < 0) {
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 8f7a96f218..461524f5bf 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -175,6 +175,8 @@ _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
return result;
}
+ FIX_SIGN_PARAMS(params, flags, dig);
+
if (_gnutls_pk_is_not_prehashed(params.pk)) {
result = privkey_sign_raw_data(issuer_key, se, &tbs, &signature, &params);
} else {