From: Nikos Mavrogiannopoulos Date: Mon, 1 Jun 2015 09:51:32 +0000 (+0200) Subject: Added gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data() X-Git-Tag: gnutls_3_4_2~65 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f027657d843aea99e2b0aed3ea7f732ccd928e4;p=thirdparty%2Fgnutls.git Added gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data() --- diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 0e77943d82..1f4f6b3348 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -173,16 +173,6 @@ int gnutls_openpgp_privkey_sign_hash(gnutls_openpgp_privkey_t key, gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED; -/* we support the gnutls_privkey_sign_data() instead. - */ -int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, - size_t * signature_size) - _GNUTLS_GCC_ATTR_DEPRECATED; - /* gnutls_pubkey_get_preferred_hash_algorithm() */ int gnutls_x509_crt_get_preferred_hash_algorithm(gnutls_x509_crt_t crt, diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index fbfdfb8bae..9a7b441c92 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -926,6 +926,13 @@ int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, int CA_list_length, unsigned int flags, unsigned int *verify); +int +gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt, + gnutls_sign_algorithm_t algo, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); + int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, const gnutls_x509_crl_t * crl_list, int crl_list_length); @@ -1115,6 +1122,14 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * k); + +int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, + size_t * signature_size); + /* Certificate request stuff. */ diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 853d5cc3d0..2c36402f80 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1677,8 +1677,6 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. - * - * Deprecated: Use gnutls_privkey_sign_data(). */ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 63895cf3d3..a3a4bf0f40 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3774,3 +3774,48 @@ gnutls_x509_crt_import_url(gnutls_x509_crt_t crt, cleanup: return ret; } + +/** + * gnutls_x509_crt_verify_data2: + * @crt: Holds the certificate to verify with + * @algo: The signature algorithm used + * @flags: Must be zero + * @data: holds the signed data + * @signature: contains the signature + * + * This function will verify the given signed data, using the + * parameters from the certificate. + * + * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED + * is returned, and zero or positive code on success. + * + * Since: 3.4.0 + **/ +int +gnutls_x509_crt_verify_data2(gnutls_x509_crt_t crt, + gnutls_sign_algorithm_t algo, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) +{ + int ret; + gnutls_pubkey_t pubkey; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = gnutls_pubkey_init(&pubkey); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = gnutls_pubkey_import_x509(pubkey, crt, 0); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = gnutls_pubkey_verify_data2(pubkey, algo, flags, data, signature); + gnutls_pubkey_deinit(pubkey); + + return ret; +}