diff options
Diffstat (limited to 'src/daemon/https/x509/sign.c')
-rw-r--r-- | src/daemon/https/x509/sign.c | 94 |
1 files changed, 3 insertions, 91 deletions
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c index 8b89b038..eb3da891 100644 --- a/src/daemon/https/x509/sign.c +++ b/src/daemon/https/x509/sign.c | |||
@@ -103,7 +103,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | |||
103 | } | 103 | } |
104 | 104 | ||
105 | info->size = 0; | 105 | info->size = 0; |
106 | MHD__asn1_der_coding (dinfo, "", NULL, &info->size, NULL); | 106 | MHD__asn1_der_coding (dinfo, "", NULL, (int*) &info->size, NULL); |
107 | 107 | ||
108 | info->data = MHD_gnutls_malloc (info->size); | 108 | info->data = MHD_gnutls_malloc (info->size); |
109 | if (info->data == NULL) | 109 | if (info->data == NULL) |
@@ -113,7 +113,7 @@ encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | |||
113 | return GNUTLS_E_MEMORY_ERROR; | 113 | return GNUTLS_E_MEMORY_ERROR; |
114 | } | 114 | } |
115 | 115 | ||
116 | result = MHD__asn1_der_coding (dinfo, "", info->data, &info->size, NULL); | 116 | result = MHD__asn1_der_coding (dinfo, "", info->data, (int*) &info->size, NULL); |
117 | if (result != ASN1_SUCCESS) | 117 | if (result != ASN1_SUCCESS) |
118 | { | 118 | { |
119 | MHD_gnutls_assert (); | 119 | MHD_gnutls_assert (); |
@@ -185,7 +185,7 @@ pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, | |||
185 | * 'signature' will hold the signature! | 185 | * 'signature' will hold the signature! |
186 | * 'hash' is only used in PKCS1 RSA signing. | 186 | * 'hash' is only used in PKCS1 RSA signing. |
187 | */ | 187 | */ |
188 | int | 188 | static int |
189 | MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, | 189 | MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, |
190 | enum MHD_GNUTLS_HashAlgorithm hash, | 190 | enum MHD_GNUTLS_HashAlgorithm hash, |
191 | MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature) | 191 | MHD_gnutls_x509_privkey_t signer, MHD_gnutls_datum_t * signature) |
@@ -255,93 +255,5 @@ MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, | |||
255 | return result; | 255 | return result; |
256 | } | 256 | } |
257 | 257 | ||
258 | /*- | ||
259 | * MHD__gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key | ||
260 | * @src: should contain an ASN1_TYPE | ||
261 | * @issuer: is the certificate of the certificate issuer | ||
262 | * @issuer_key: holds the issuer's private key | ||
263 | * | ||
264 | * This function will sign a CRL or a certificate with the issuer's private key, and | ||
265 | * will copy the issuer's information into the CRL or certificate. | ||
266 | * | ||
267 | * Returns 0 on success. | ||
268 | * | ||
269 | -*/ | ||
270 | int | ||
271 | MHD__gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, | ||
272 | enum MHD_GNUTLS_HashAlgorithm dig, | ||
273 | MHD_gnutls_x509_crt_t issuer, | ||
274 | MHD_gnutls_x509_privkey_t issuer_key) | ||
275 | { | ||
276 | int result; | ||
277 | MHD_gnutls_datum_t signature; | ||
278 | char name[128]; | ||
279 | |||
280 | /* Step 1. Copy the issuer's name into the certificate. | ||
281 | */ | ||
282 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
283 | MHD_gtls_str_cat (name, sizeof (name), ".issuer"); | ||
284 | |||
285 | result = MHD__asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject"); | ||
286 | if (result != ASN1_SUCCESS) | ||
287 | { | ||
288 | MHD_gnutls_assert (); | ||
289 | return MHD_gtls_asn2err (result); | ||
290 | } | ||
291 | |||
292 | /* Step 1.5. Write the signature stuff in the tbsCertificate. | ||
293 | */ | ||
294 | MHD_gtls_str_cpy (name, sizeof (name), src_name); | ||
295 | MHD_gtls_str_cat (name, sizeof (name), ".signature"); | ||
296 | |||
297 | result = MHD__gnutls_x509_write_sig_params (src, name, | ||
298 | issuer_key->pk_algorithm, dig, | ||
299 | issuer_key->params, | ||
300 | issuer_key->params_size); | ||
301 | if (result < 0) | ||
302 | { | ||
303 | MHD_gnutls_assert (); | ||
304 | return result; | ||
305 | } | ||
306 | |||
307 | /* Step 2. Sign the certificate. | ||
308 | */ | ||
309 | result = MHD__gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature); | ||
310 | |||
311 | if (result < 0) | ||
312 | { | ||
313 | MHD_gnutls_assert (); | ||
314 | return result; | ||
315 | } | ||
316 | |||
317 | /* write the signature (bits) | ||
318 | */ | ||
319 | result = | ||
320 | MHD__asn1_write_value (src, "signature", signature.data, signature.size * 8); | ||
321 | |||
322 | MHD__gnutls_free_datum (&signature); | ||
323 | |||
324 | if (result != ASN1_SUCCESS) | ||
325 | { | ||
326 | MHD_gnutls_assert (); | ||
327 | return MHD_gtls_asn2err (result); | ||
328 | } | ||
329 | |||
330 | /* Step 3. Move up and write the AlgorithmIdentifier, which is also | ||
331 | * the same. | ||
332 | */ | ||
333 | |||
334 | result = MHD__gnutls_x509_write_sig_params (src, "signatureAlgorithm", | ||
335 | issuer_key->pk_algorithm, dig, | ||
336 | issuer_key->params, | ||
337 | issuer_key->params_size); | ||
338 | if (result < 0) | ||
339 | { | ||
340 | MHD_gnutls_assert (); | ||
341 | return result; | ||
342 | } | ||
343 | |||
344 | return 0; | ||
345 | } | ||
346 | 258 | ||
347 | #endif | 259 | #endif |