/** * gnutls_x509_crq_sign2 - This function will sign a Certificate request with a key * @crq: should contain a gnutls_x509_crq_t structure * @key: holds a private key * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. * @flags: must be 0 * * This function will sign the certificate request with a private key. * This must be the same key as the one used in gnutls_x509_crt_set_key() since a * certificate request is self signed. * * This must be the last step in a certificate request generation since all * the previously set parameters are now signed. * * Returns 0 on success. * **/ int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_datum_t signature; if (crq == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } /* Step 1. Self sign the request. */ result = _gnutls_x509_sign_tbs (crq->crq, "certificationRequestInfo", dig, key, &signature); if (result < 0) { gnutls_assert (); return result; } /* Step 2. write the signature (bits) */ result = asn1_write_value (crq->crq, "signature", signature.data, signature.size * 8); _gnutls_free_datum (&signature); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } /* Step 3. Write the signatureAlgorithm field. */ result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm", key->pk_algorithm, dig, key->params, key->params_size); if (result < 0) { gnutls_assert (); return result; } return 0; }
/*- * _gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key * @src: should contain an ASN1_TYPE * @issuer: is the certificate of the certificate issuer * @issuer_key: holds the issuer's private key * * This function will sign a CRL or a certificate with the issuer's private key, and * will copy the issuer's information into the CRL or certificate. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. -*/ int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, gnutls_digest_algorithm_t dig, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) { int result; gnutls_datum_t signature; char name[128]; /* Step 1. Copy the issuer's name into the certificate. */ _gnutls_str_cpy (name, sizeof (name), src_name); _gnutls_str_cat (name, sizeof (name), ".issuer"); result = asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject"); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } /* Step 1.5. Write the signature stuff in the tbsCertificate. */ _gnutls_str_cpy (name, sizeof (name), src_name); _gnutls_str_cat (name, sizeof (name), ".signature"); result = _gnutls_x509_write_sig_params (src, name, issuer_key->pk_algorithm, dig, issuer_key->params, issuer_key->params_size); if (result < 0) { gnutls_assert (); return result; } /* Step 2. Sign the certificate. */ result = _gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature); if (result < 0) { gnutls_assert (); return result; } /* write the signature (bits) */ result = asn1_write_value (src, "signature", signature.data, signature.size * 8); _gnutls_free_datum (&signature); if (result != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } /* Step 3. Move up and write the AlgorithmIdentifier, which is also * the same. */ result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", issuer_key->pk_algorithm, dig, issuer_key->params, issuer_key->params_size); if (result < 0) { gnutls_assert (); return result; } return 0; }