/* This is the same as the _gnutls_x509_sign, but this one will decode * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER * of the TBS and sign it on the fly. */ int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, gnutls_digest_algorithm_t hash, gnutls_x509_privkey_t signer, gnutls_datum_t * signature) { int result; opaque *buf; int buf_size; gnutls_datum_t tbs; buf_size = 0; asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL); buf = gnutls_malloc (buf_size); if (buf == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } result = asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert (); gnutls_free (buf); return _gnutls_asn2err (result); } tbs.data = buf; tbs.size = buf_size; result = _gnutls_x509_sign (&tbs, hash, signer, signature); gnutls_free (buf); return result; }
/** * gnutls_x509_privkey_sign_data - This function will sign the given data using the private key params * @key: Holds the key * @digest: should be MD5 or SHA1 * @flags: should be 0 for now * @data: holds the data to be signed * @signature: will contain the signature * @signature_size: holds the size of signature (and will be replaced * by the new size) * * This function will sign the given data using a signature algorithm * supported by the private key. Signature algorithms are always used * together with a hash functions. Different hash functions may be * used for the RSA algorithm, but only SHA-1 for the DSA keys. * * If the buffer provided is not long enough to hold the output, then * *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will * be returned. * * In case of failure a negative value will be returned, and * 0 on success. * **/ int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, gnutls_digest_algorithm_t digest, unsigned int flags, const gnutls_datum_t * data, void *signature, size_t * signature_size) { int result; gnutls_datum_t sig = { NULL, 0 }; if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } result = _gnutls_x509_sign (data, digest, key, &sig); if (result < 0) { gnutls_assert (); return result; } if (*signature_size < sig.size) { *signature_size = sig.size; _gnutls_free_datum (&sig); return GNUTLS_E_SHORT_MEMORY_BUFFER; } *signature_size = sig.size; memcpy (signature, sig.data, sig.size); _gnutls_free_datum (&sig); return 0; }