/** * gnutls_sign_is_secure: * @algorithm: is a sign algorithm * * Returns: Non-zero if the provided signature algorithm is considered to be secure. **/ int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) { gnutls_sign_algorithm_t sign = algorithm; gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN; /* avoid prefix */ GNUTLS_SIGN_ALG_LOOP(dig = p->mac); if (dig != GNUTLS_DIG_UNKNOWN) return _gnutls_digest_is_secure(hash_to_entry(dig)); return 0; }
/** * gnutls_store_commitment: * @db_name: A file specifying the stored keys (use NULL for the default) * @tdb: A storage structure or NULL to use the default * @host: The peer's name * @service: non-NULL if this key is specific to a service (e.g. http) * @hash_algo: The hash algorithm type * @hash: The raw hash * @expiration: The expiration time (use 0 to disable expiration) * @flags: should be 0. * * This function will store the provided hash commitment to * the list of stored public keys. The key with the given * hash will be considered valid until the provided expiration time. * * The @store variable if non-null specifies a custom backend for * the storage of entries. If it is NULL then the * default file backend will be used. * * Note that this function is not thread safe with the default backend. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.0 **/ int gnutls_store_commitment(const char *db_name, gnutls_tdb_t tdb, const char *host, const char *service, gnutls_digest_algorithm_t hash_algo, const gnutls_datum_t * hash, time_t expiration, unsigned int flags) { FILE *fd = NULL; int ret; char local_file[MAX_FILENAME]; const mac_entry_st *me = hash_to_entry(hash_algo); if (me == NULL || _gnutls_digest_is_secure(me) == 0) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); if (_gnutls_hash_get_algo_len(me) != hash->size) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if (db_name == NULL && tdb == NULL) { ret = _gnutls_find_config_path(local_file, sizeof(local_file)); if (ret < 0) return gnutls_assert_val(ret); _gnutls_debug_log("Configuration path: %s\n", local_file); mkdir(local_file, 0700); ret = find_config_file(local_file, sizeof(local_file)); if (ret < 0) return gnutls_assert_val(ret); db_name = local_file; } if (tdb == NULL) tdb = &default_tdb; _gnutls_debug_log("Configuration file: %s\n", db_name); tdb->cstore(db_name, host, service, expiration, (gnutls_digest_algorithm_t)me->id, hash); ret = 0; if (fd != NULL) fclose(fd); return ret; }