Added gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data()

diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 0e77943d82d482e4fab54a2f3d57739adc649bbc..1f4f6b3348d6e907de7454d1a5d2d5306334aab3 100644 (file)
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -173,16 +173,6 @@ int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key,
                                     gnutls_datum_t * signature)
     _GNUTLS_GCC_ATTR_DEPRECATED;
 
-/* we support the gnutls_privkey_sign_data() instead.
- */
-int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
-                                 gnutls_digest_algorithm_t digest,
-                                 unsigned int flags,
-                                 const gnutls_datum_t * data,
-                                 void *signature,
-                                 size_t * signature_size)
-    _GNUTLS_GCC_ATTR_DEPRECATED;
-
        /* gnutls_pubkey_get_preferred_hash_algorithm() */
 int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t
                                                 crt,

diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index fbfdfb8baec6edc0d3569d47f8b10f71a2eaf5fd..9a7b441c92365f26df450fdb8850a87bddc0368c 100644 (file)
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -926,6 +926,13 @@ int gnutls_x509_crl_verify(gnutls_x509_crl_t crl,
                           int CA_list_length, unsigned int flags,
                           unsigned int *verify);
 
+int
+gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt,
+                          gnutls_sign_algorithm_t algo,
+                          unsigned int flags,
+                          const gnutls_datum_t * data,
+                          const gnutls_datum_t * signature);
+
 int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
                                     const gnutls_x509_crl_t *
                                     crl_list, int crl_list_length);
@@ -1115,6 +1122,14 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key,
                                       gnutls_datum_t * x,
                                       gnutls_datum_t * y,
                                       gnutls_datum_t * k);
+
+int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,
+                                 gnutls_digest_algorithm_t digest,
+                                 unsigned int flags,
+                                 const gnutls_datum_t * data,
+                                 void *signature,
+                                 size_t * signature_size);
+
 /* Certificate request stuff.
  */
 

diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 853d5cc3d059f746b8e059a1a44836317ce5b064..2c36402f80517218eb87739fdb32e627f613b4b0 100644 (file)
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1677,8 +1677,6 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key,
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
- *
- * Deprecated: Use gnutls_privkey_sign_data().
  */
 int
 gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key,

diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 63895cf3d38861eecfd235e799514d00385cfaea..a3a4bf0f40129a6e3f83e4ee00986310ce9f0dd6 100644 (file)
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3774,3 +3774,48 @@ gnutls_x509_crt_import_url(gnutls_x509_crt_t crt,
  cleanup:
        return ret;
 }
+
+/**
+ * gnutls_x509_crt_verify_data2:
+ * @crt: Holds the certificate to verify with
+ * @algo: The signature algorithm used
+ * @flags: Must be zero
+ * @data: holds the signed data
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed data, using the
+ * parameters from the certificate.
+ *
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED 
+ * is returned, and zero or positive code on success.
+ *
+ * Since: 3.4.0
+ **/
+int
+gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt,
+                          gnutls_sign_algorithm_t algo,
+                          unsigned int flags,
+                          const gnutls_datum_t * data,
+                          const gnutls_datum_t * signature)
+{
+       int ret;
+       gnutls_pubkey_t pubkey;
+
+       if (crt == NULL) {
+               gnutls_assert();
+               return GNUTLS_E_INVALID_REQUEST;
+       }
+
+       ret = gnutls_pubkey_init(&pubkey);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
+
+       ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
+       if (ret < 0)
+               return gnutls_assert_val(ret);
+
+       ret = gnutls_pubkey_verify_data2(pubkey, algo, flags, data, signature);
+       gnutls_pubkey_deinit(pubkey);
+
+       return ret;
+}