From: Nikos Mavrogiannopoulos Date: Tue, 25 Jul 2017 08:16:40 +0000 (+0200) Subject: gnutls_pk_params_st: renamed sign field to spki X-Git-Tag: gnutls_3_6_0~219 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=99d5d8ae0eda8bbcfe118b1df987aea8ef142cf4;p=thirdparty%2Fgnutls.git gnutls_pk_params_st: renamed sign field to spki The name "sign" was ambiguous with regard to its intented use, as it could refer to digital signature parameters which was not exactly the case. That field contains parameters present in the subject public key info (SPKI), which could be used in a digital signature, but not necessarily. Signed-off-by: Nikos Mavrogiannopoulos --- diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index 9a7c527a0f..347d6a7806 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -194,7 +194,8 @@ typedef struct { unsigned int seed_size; uint8_t seed[MAX_PVP_SEED_SIZE]; gnutls_digest_algorithm_t palgo; - gnutls_x509_spki_st sign; + /* public key information */ + gnutls_x509_spki_st spki; gnutls_pk_algorithm_t algo; } gnutls_pk_params_st; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index e69ccb09c9..130deefd2e 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -1475,7 +1475,7 @@ char* gen_data = NULL; ddata.data = (void*)gen_data; ddata.size = hash_len; } else if (algo == GNUTLS_PK_RSA_PSS) { - switch (params->sign.rsa_pss_dig) { + switch (params->spki.rsa_pss_dig) { case GNUTLS_DIG_SHA256: ddata.data = (void*)const_data_sha256; ddata.size = sizeof(const_data_sha256); @@ -1534,13 +1534,13 @@ char* gen_data = NULL; case GNUTLS_PK_EDDSA_ED25519: case GNUTLS_PK_DSA: case GNUTLS_PK_RSA_PSS: - ret = _gnutls_pk_sign(algo, &sig, &ddata, params, ¶ms->sign); + ret = _gnutls_pk_sign(algo, &sig, &ddata, params, ¶ms->spki); if (ret < 0) { ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); goto cleanup; } - ret = _gnutls_pk_verify(algo, &ddata, &sig, params, ¶ms->sign); + ret = _gnutls_pk_verify(algo, &ddata, &sig, params, ¶ms->spki); if (ret < 0) { ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR); gnutls_assert(); diff --git a/lib/pk.c b/lib/pk.c index 350d2f1a6c..edf3892cdd 100644 --- a/lib/pk.c +++ b/lib/pk.c @@ -332,7 +332,7 @@ int _gnutls_pk_params_copy(gnutls_pk_params_st * dst, } dst->palgo = src->palgo; - memcpy(&dst->sign, &src->sign, sizeof(gnutls_x509_spki_st)); + memcpy(&dst->spki, &src->spki, sizeof(gnutls_x509_spki_st)); return 0; diff --git a/lib/privkey.c b/lib/privkey.c index 8786501b11..9a113ecb38 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -153,7 +153,7 @@ privkey_to_pubkey(gnutls_pk_algorithm_t pk, pub->algo = priv->algo; pub->flags = priv->flags; - memcpy(&pub->sign, &priv->sign, sizeof(gnutls_x509_spki_st)); + memcpy(&pub->spki, &priv->spki, sizeof(gnutls_x509_spki_st)); switch (pk) { case GNUTLS_PK_RSA_PSS: diff --git a/lib/pubkey.c b/lib/pubkey.c index f2d26319c1..46f85d42d7 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1525,7 +1525,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - memcpy(¶ms, &pubkey->params.sign, sizeof(gnutls_x509_spki_st)); + memcpy(¶ms, &pubkey->params.spki, sizeof(gnutls_x509_spki_st)); se = _gnutls_sign_to_entry(algo); if (se == NULL) @@ -1617,7 +1617,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } - memcpy(¶ms, &key->params.sign, sizeof(gnutls_x509_spki_st)); + memcpy(¶ms, &key->params.spki, sizeof(gnutls_x509_spki_st)); if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) { if (!GNUTLS_PK_IS_RSA(key->pk_algorithm)) diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 7e9d05a887..6c90c648f9 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -433,7 +433,7 @@ int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_EDDSA_ED25519: return 0; case GNUTLS_PK_RSA_PSS: - return _gnutls_x509_read_rsa_pss_params(der, dersize, ¶ms->sign); + return _gnutls_x509_read_rsa_pss_params(der, dersize, ¶ms->spki); case GNUTLS_PK_DSA: return _gnutls_x509_read_dsa_params(der, dersize, params); case GNUTLS_PK_EC: @@ -451,14 +451,14 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_RSA_PSS: { unsigned bits = pubkey_to_bits(algo, params); - const mac_entry_st *me = hash_to_entry(params->sign.rsa_pss_dig); + const mac_entry_st *me = hash_to_entry(params->spki.rsa_pss_dig); size_t hash_size; if (unlikely(me == NULL)) return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); hash_size = _gnutls_hash_get_algo_len(me); - if (hash_size + params->sign.salt_size + 2 > (bits + 7) / 8) + if (hash_size + params->spki.salt_size + 2 > (bits + 7) / 8) return gnutls_assert_val(GNUTLS_E_CERTIFICATE_ERROR); return 0; } diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index c1072cf08f..1c07ae3f21 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -173,7 +173,7 @@ _gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo, der->size = ASN1_NULL_SIZE; return 0; case GNUTLS_PK_RSA_PSS: - return _gnutls_x509_write_rsa_pss_params(¶ms->sign, der); + return _gnutls_x509_write_rsa_pss_params(¶ms->spki, der); case GNUTLS_PK_ECDSA: return _gnutls_x509_write_ecc_params(params->flags, der); case GNUTLS_PK_EDDSA_ED25519: diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 23bc50a152..9c62b551eb 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1259,7 +1259,7 @@ gnutls_x509_privkey_get_pk_algorithm3(gnutls_x509_privkey_t key, } if (spki) { - memcpy(spki, &key->params.sign, sizeof (gnutls_x509_spki_st)); + memcpy(spki, &key->params.spki, sizeof (gnutls_x509_spki_st)); } if (bits) { @@ -1627,13 +1627,13 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, if (algo == GNUTLS_PK_RSA_PSS) { const mac_entry_st *me; - key->params.sign.pk = GNUTLS_PK_RSA_PSS; + key->params.spki.pk = GNUTLS_PK_RSA_PSS; if (key->params.palgo != GNUTLS_DIG_UNKNOWN) - key->params.sign.rsa_pss_dig = key->params.palgo; + key->params.spki.rsa_pss_dig = key->params.palgo; else - key->params.sign.rsa_pss_dig = GNUTLS_DIG_SHA256; + key->params.spki.rsa_pss_dig = GNUTLS_DIG_SHA256; - me = hash_to_entry(key->params.sign.rsa_pss_dig); + me = hash_to_entry(key->params.spki.rsa_pss_dig); if (unlikely(me == NULL)) { gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; @@ -1641,9 +1641,9 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, } if (flags & GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE) - key->params.sign.salt_size = 0; + key->params.spki.salt_size = 0; else { - key->params.sign.salt_size = + key->params.spki.salt_size = _gnutls_find_rsa_pss_salt_size(bits, me, 0); } } @@ -2006,7 +2006,7 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, result = _gnutls_pk_sign(key->pk_algorithm, signature, hash, - &key->params, &key->params.sign); + &key->params, &key->params.spki); if (result < 0) { gnutls_assert(); @@ -2160,7 +2160,7 @@ int _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, gnutls_x509_spki_st *params) { - memcpy(params, &key->params.sign, sizeof(gnutls_x509_spki_st)); + memcpy(params, &key->params.spki, sizeof(gnutls_x509_spki_st)); params->pk = key->pk_algorithm; return 0; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 23b27ec8c3..2349c4e768 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -980,7 +980,7 @@ _decode_pkcs8_rsa_pss_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey) goto error; } - memcpy(&pkey->params.sign, ¶ms, sizeof(gnutls_x509_spki_st)); + memcpy(&pkey->params.spki, ¶ms, sizeof(gnutls_x509_spki_st)); ret = 0; diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 0b8760254a..1875dfb425 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -1366,7 +1366,7 @@ _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, goto cleanup; } } else { - memcpy(&sign_params, ¶ms.sign, + memcpy(&sign_params, ¶ms.spki, sizeof(gnutls_x509_spki_st)); sign_params.pk = se->pk;