size_t * signature_size)
_GNUTLS_GCC_ATTR_DEPRECATED;
- /* gnutls_pubkey_verify_data() */
-int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
-
- /* gnutls_pubkey_verify_hash() */
-int gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
-
/* gnutls_pubkey_get_verify_algorithm() */
int gnutls_x509_crt_get_verify_algorithm(gnutls_x509_crt_t crt,
const gnutls_datum_t *
return ret;
}
-/**
- * gnutls_x509_crt_verify_data:
- * @crt: Holds the certificate
- * @flags: should be 0 for now
- * @data: holds the data to be signed
- * @signature: contains the signature
- *
- * This function will verify the given signed data, using the
- * parameters from the certificate.
- *
- * Deprecated. This function cannot be easily used securely.
- * Use gnutls_pubkey_verify_data2() instead.
- *
- * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
- * is returned, and zero or positive code on success.
- **/
-int
-gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
-{
- int result;
-
- if (crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result =
- _gnutls_x509_verify_data(GNUTLS_DIG_UNKNOWN, data, signature,
- crt);
- if (result < 0) {
- gnutls_assert();
- return result;
- }
-
- return result;
-}
-
-/**
- * gnutls_x509_crt_verify_hash:
- * @crt: Holds the certificate
- * @flags: should be 0 for now
- * @hash: holds the hash digest to be verified
- * @signature: contains the signature
- *
- * This function will verify the given signed digest, using the
- * parameters from the certificate.
- *
- * Deprecated. This function cannot be easily used securely.
- * Use gnutls_pubkey_verify_hash2() instead.
- *
- * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
- * is returned, and zero or positive code on success.
- **/
-int
-gnutls_x509_crt_verify_hash(gnutls_x509_crt_t crt, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
-{
- gnutls_pk_params_st params;
- gnutls_digest_algorithm_t algo;
- int ret;
-
- if (crt == NULL) {
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- ret = gnutls_x509_crt_get_verify_algorithm(crt, signature, &algo);
- if (ret < 0)
- return gnutls_assert_val(ret);
-
- /* Read the MPI parameters from the issuer's certificate.
- */
- ret = _gnutls_x509_crt_get_mpis(crt, ¶ms);
- if (ret < 0) {
- gnutls_assert();
- return ret;
- }
-
- ret =
- pubkey_verify_hashed_data(gnutls_x509_crt_get_pk_algorithm
- (crt, NULL), hash_to_entry(algo),
- hash, signature, ¶ms);
- if (ret < 0) {
- gnutls_assert();
- }
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(¶ms);
-
- return ret;
-}
-
/**
* gnutls_x509_crt_get_crl_dist_points:
* @cert: should contain a #gnutls_x509_crt_t structure