static void pubkey_keyid(common_info_st * cinfo);
static void certificate_fpr(common_info_st * cinfo);
-static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt);
+static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt, common_info_st * cinfo);
FILE *outfile;
static const char *outfile_name = NULL; /* to delete on exit */
FILE *infile;
-static gnutls_digest_algorithm_t default_dig;
static unsigned int incert_format, outcert_format;
static unsigned int req_key_type = GNUTLS_PK_RSA;
gnutls_certificate_print_formats_t full_format = GNUTLS_CRT_PRINT_FULL;
flags |= GNUTLS_PRIVKEY_FLAG_PROVABLE;
}
- if (key_type == GNUTLS_PK_RSA_PSS && (default_dig || HAVE_OPT(SALT_SIZE))) {
+ if (key_type == GNUTLS_PK_RSA_PSS && (cinfo->hash || HAVE_OPT(SALT_SIZE))) {
unsigned salt_size;
- if (!default_dig) {
+ if (!cinfo->hash) {
fprintf(stderr, "You must provide the hash algorithm and optionally the salt size for RSA-PSS\n");
app_exit(1);
}
if (HAVE_OPT(SALT_SIZE)) {
salt_size = OPT_VALUE_SALT_SIZE;
} else {
- salt_size = gnutls_hash_get_len(default_dig);
+ salt_size = gnutls_hash_get_len(cinfo->hash);
}
- gnutls_x509_spki_set_rsa_pss_params(spki, default_dig, salt_size);
+ gnutls_x509_spki_set_rsa_pss_params(spki, cinfo->hash, salt_size);
kdata[kdata_size].type = GNUTLS_KEYGEN_SPKI;
kdata[kdata_size].data = (void*)spki;
return crl;
}
-static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey)
+static gnutls_digest_algorithm_t get_dig_for_pub(gnutls_pubkey_t pubkey, common_info_st * cinfo)
{
gnutls_digest_algorithm_t dig;
int result;
}
/* if algorithm allows alternatives */
- if (mand == 0 && default_dig != GNUTLS_DIG_UNKNOWN)
- dig = default_dig;
+ if (mand == 0 && cinfo->hash != GNUTLS_DIG_UNKNOWN)
+ dig = cinfo->hash;
return dig;
}
-static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt)
+static gnutls_digest_algorithm_t get_dig(gnutls_x509_crt_t crt, common_info_st * cinfo)
{
gnutls_digest_algorithm_t dig;
gnutls_pubkey_t pubkey;
}
}
- dig = get_dig_for_pub(pubkey);
+ dig = get_dig_for_pub(pubkey, cinfo);
gnutls_pubkey_deinit(pubkey);
flags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS;
result =
- gnutls_x509_crt_privkey_sign(crt, crt, key, get_dig(crt), flags);
+ gnutls_x509_crt_privkey_sign(crt, crt, key, get_dig(crt, cinfo), flags);
if (result < 0) {
fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result));
app_exit(1);
result =
gnutls_x509_crt_privkey_sign(crt, ca_crt, ca_key,
- get_dig(ca_crt), flags);
+ get_dig(ca_crt, cinfo), flags);
if (result < 0) {
fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result));
app_exit(1);
flags |= GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS;
result =
- gnutls_x509_crt_privkey_sign(crt, eecrt, eekey, get_dig(eecrt),
+ gnutls_x509_crt_privkey_sign(crt, eecrt, eekey, get_dig(eecrt, cinfo),
flags);
if (result < 0) {
fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result));
fprintf(stdlog, "\n");
result =
gnutls_x509_crl_privkey_sign(crl, ca_crt, ca_key,
- get_dig(ca_crt), 0);
+ get_dig(ca_crt, cinfo), 0);
if (result < 0) {
fprintf(stderr, "crl_privkey_sign: %s\n",
gnutls_strerror(result));
result =
gnutls_x509_crt_privkey_sign(crt, ca_crt, ca_key,
- get_dig(ca_crt), flags);
+ get_dig(ca_crt, cinfo), flags);
if (result < 0) {
fprintf(stderr, "crt_sign: %s\n", gnutls_strerror(result));
app_exit(1);
app_exit(1);
}
- default_dig = GNUTLS_DIG_UNKNOWN;
- if (HAVE_OPT(HASH)) {
- default_dig = hash_to_id(OPT_ARG(HASH));
- if (default_dig == GNUTLS_DIG_UNKNOWN) {
- fprintf(stderr, "invalid hash: %s\n", OPT_ARG(HASH));
- app_exit(1);
- }
- }
-
batch = 0;
if (HAVE_OPT(TEMPLATE)) {
batch = 1;
}
memset(&cinfo, 0, sizeof(cinfo));
+
+ cinfo.hash = GNUTLS_DIG_UNKNOWN;
+ if (HAVE_OPT(HASH)) {
+ cinfo.hash = hash_to_id(OPT_ARG(HASH));
+ if (cinfo.hash == GNUTLS_DIG_UNKNOWN) {
+ fprintf(stderr, "invalid hash: %s\n", OPT_ARG(HASH));
+ app_exit(1);
+ }
+ }
+
#ifdef ENABLE_PKCS11
if (HAVE_OPT(PROVIDER)) {
ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
ret =
gnutls_x509_crq_privkey_sign(crq, pkey,
- get_dig_for_pub(pubkey), 0);
+ get_dig_for_pub(pubkey, cinfo), 0);
if (ret < 0) {
fprintf(stderr, "sign: %s\n", gnutls_strerror(ret));
app_exit(1);
if (embed)
flags |= GNUTLS_PKCS7_EMBED_DATA;
- ret = gnutls_pkcs7_sign(pkcs7, *crts, key, &data, NULL, NULL, get_dig(*crts), flags);
+ ret = gnutls_pkcs7_sign(pkcs7, *crts, key, &data, NULL, NULL, get_dig(*crts, cinfo), flags);
if (ret < 0) {
fprintf(stderr, "Error signing: %s\n", gnutls_strerror(ret));
app_exit(1);
app_exit(1);
}
- if (default_dig == GNUTLS_DIG_SHA1 || default_dig == GNUTLS_DIG_UNKNOWN)
+ if (cinfo->hash == GNUTLS_DIG_SHA1 || cinfo->hash == GNUTLS_DIG_UNKNOWN)
flags = GNUTLS_KEYID_USE_SHA1; /* be backwards compatible */
- else if (default_dig == GNUTLS_DIG_SHA256)
+ else if (cinfo->hash == GNUTLS_DIG_SHA256)
flags = GNUTLS_KEYID_USE_SHA256;
else {
fprintf(stderr, "Cannot calculate key ID with the provided hash\n");
fpr_size = sizeof(fpr);
- if (default_dig == GNUTLS_DIG_UNKNOWN)
- default_dig = GNUTLS_DIG_SHA1;
+ if (cinfo->hash == GNUTLS_DIG_UNKNOWN)
+ cinfo->hash = GNUTLS_DIG_SHA1;
- ret = gnutls_x509_crt_get_fingerprint(crt, default_dig, fpr, &fpr_size);
+ ret = gnutls_x509_crt_get_fingerprint(crt, cinfo->hash, fpr, &fpr_size);
if (ret < 0) {
fprintf(stderr,
"get_key_id: %s\n",
projects / thirdparty / gnutls.git / commitdiff
