[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-5-gc8672d
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-5-gc8672dc |
Date: |
Sat, 07 May 2011 16:48:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c8672dc009d27ff10eb4f43522a352fcf658d14d
The branch, gnutls_2_12_x has been updated
via c8672dc009d27ff10eb4f43522a352fcf658d14d (commit)
from 9d4ed0c28ae4cb451bae1d3f63e77cf3ebb2d971 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c8672dc009d27ff10eb4f43522a352fcf658d14d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 7 18:44:21 2011 +0200
Added gnutls_x509_crq_verify().
-----------------------------------------------------------------------
Summary of changes:
NEWS | 10 ++++++-
lib/includes/gnutls/x509.h | 2 +
lib/libgnutls.map | 35 +++++++++++++++++++++++
lib/x509/crq.c | 67 ++++++++++++++++++++++++++++++++++++++++++++
lib/x509/x509_write.c | 4 ++
tests/crq_key_id.c | 8 ++++-
6 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index cdaa4be..c42bd5e 100644
--- a/NEWS
+++ b/NEWS
@@ -11,8 +11,16 @@ via URLs.
** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read
the public key algorithm of the key.
+** libgnutls: Added gnutls_x509_crq_verify() to allow
+verification of the self signature in a certificate request.
+This allows verifying whether the owner of the private key
+is the generator of the request.
+
+** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies
+the self signature of the request.
+
** API and ABI modifications:
-No changes since last version.
+gnutls_x509_crq_verify: ADDED
* Version 2.12.4 (released 2011-05-06)
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 8e47c4b..bc7846b 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -707,6 +707,8 @@ extern "C"
gnutls_certificate_print_formats_t format,
gnutls_datum_t * out);
+ int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags);
+
int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 2fc197a..3306314 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -690,8 +690,43 @@ GNUTLS_2_12
gnutls_pubkey_import_privkey;
gnutls_pubkey_verify_data;
gnutls_certificate_get_issuer;
+ gnutls_x509_crq_verify;
} GNUTLS_2_10;
+GNUTLS_3_0_0 {
+ global:
+ gnutls_x509_trust_list_verify_crt;
+ gnutls_x509_trust_list_add_crls;
+ gnutls_x509_trust_list_add_cas;
+ gnutls_x509_trust_list_init;
+ gnutls_x509_trust_list_deinit;
+ gnutls_x509_crl_list_import;
+ gnutls_x509_crl_list_import2;
+ gnutls_x509_crt_list_import2;
+ gnutls_cipher_tag;
+ gnutls_cipher_add_auth;
+ gnutls_dtls_set_timeouts;
+ gnutls_transport_set_pull_timeout_function;
+ gnutls_dtls_get_mtu;
+ gnutls_dtls_set_mtu;
+ gnutls_record_recv_seq;
+ gnutls_key_generate;
+ gnutls_dtls_cookie_verify;
+ gnutls_dtls_cookie_send;
+ gnutls_dtls_prestate_set;
+ gnutls_dtls_get_data_mtu;
+ gnutls_cipher_set_iv;
+ gnutls_pcert_deinit;
+ gnutls_pcert_import_x509;
+ gnutls_pcert_import_x509_raw;
+ gnutls_pcert_import_openpgp;
+ gnutls_pcert_import_openpgp_raw;
+ gnutls_pubkey_get_openpgp_key_id;
+ gnutls_certificate_set_retrieve_function2;
+ gnutls_x509_trust_list_get_issuer;
+} GNUTLS_2_12;
+>>>>>>> 91e62ff... Added gnutls_x509_crq_verify().
+
GNUTLS_PRIVATE {
global:
# Internal symbols needed by libgnutls-extra:
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 02dc2c4..ed0f844 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2521,5 +2521,72 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
gnutls_privkey_t key,
}
+/**
+ * gnutls_x509_crq_verify:
+ * @crq: is the crq to be verified
+ * @flags: Flags that may be used to change the verification algorithm. Use OR
of the gnutls_certificate_verify_flags enumerations.
+ *
+ * This function will verify self signature in the certificate
+ * request and return its status.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned,
%GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * if verification failed, otherwise a negative error value.
+ **/
+int
+gnutls_x509_crq_verify (gnutls_x509_crq_t crq,
+ unsigned int flags)
+{
+gnutls_datum data = { NULL, 0 };
+gnutls_datum signature = { NULL, 0 };
+bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+int ret, params_size = 0, i;
+
+ ret =
+ _gnutls_x509_get_signed_data (crq->crq, "certificationRequestInfo", &data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_x509_get_signature (crq->crq, "signature", &signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret =
+ _gnutls_x509_crq_get_mpis(crq, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = pubkey_verify_sig(&data, NULL, &signature,
+ gnutls_x509_crq_get_pk_algorithm (crq, NULL),
+ params, params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_free_datum (&data);
+ _gnutls_free_datum (&signature);
+
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+
+ return ret;
+}
#endif /* ENABLE_PKI */
+
diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c
index a0b830e..55117a4 100644
--- a/lib/x509/x509_write.c
+++ b/lib/x509/x509_write.c
@@ -268,6 +268,10 @@ gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt,
gnutls_x509_crq_t crq)
return GNUTLS_E_INVALID_REQUEST;
}
+ result = gnutls_x509_crq_verify(crq, 0);
+ if (result < 0)
+ return gnutls_assert_val(result);
+
result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
crq->crq, "certificationRequestInfo.subject");
if (result != ASN1_SUCCESS)
diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c
index fff9f8f..74d5dc6 100644
--- a/tests/crq_key_id.c
+++ b/tests/crq_key_id.c
@@ -137,11 +137,17 @@ doit (void)
}
ret = gnutls_x509_crq_privkey_sign (crq, abs_pkey, GNUTLS_DIG_SHA1, 0);
- if (ret)
+ if (ret < 0)
{
fail ("gnutls_x509_crq_sign: %d\n", ret);
}
+ ret = gnutls_x509_crq_verify (crq, 0);
+ if (ret < 0)
+ {
+ fail ("gnutls_x509_crq_verify: %d\n", ret);
+ }
+
crq_key_id_len = 0;
ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len);
if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-5-gc8672dc,
Nikos Mavrogiannopoulos <=