diff options
author | Stef Walter <stefw@gnome.org> | 2013-03-15 16:24:27 +0100 |
---|---|---|
committer | Stef Walter <stefw@gnome.org> | 2013-03-15 18:00:10 +0100 |
commit | 29af2c1eeca2fb0257e1172753b129d638472f0f (patch) | |
tree | 0d9f46ad34c3055a2cb5e555509e183e8a7d0294 /common | |
parent | 2d75eb32793a569dc3de359bb623713c80393d24 (diff) |
trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default
This is what's recommended by the spec, and allows stapled extensions
to hang off a predictable CKA_ID.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
Diffstat (limited to 'common')
-rw-r--r-- | common/x509.c | 22 | ||||
-rw-r--r-- | common/x509.h | 5 |
2 files changed, 27 insertions, 0 deletions
diff --git a/common/x509.c b/common/x509.c index f86d2b3..ae1c810 100644 --- a/common/x509.c +++ b/common/x509.c @@ -36,6 +36,7 @@ #include "asn1.h" #define P11_DEBUG_FLAG P11_DEBUG_TRUST +#include "checksum.h" #include "debug.h" #include "oid.h" #include "utf8.h" @@ -104,6 +105,27 @@ p11_x509_find_extension (node_asn *cert, } bool +p11_x509_calc_keyid (node_asn *cert, + const unsigned char *der, + size_t der_len, + unsigned char *keyid) +{ + int start, end; + int ret; + + return_val_if_fail (cert != NULL, NULL); + return_val_if_fail (der != NULL, NULL); + return_val_if_fail (keyid != NULL, NULL); + + ret = asn1_der_decoding_startEnd (cert, der, der_len, "tbsCertificate.subjectPublicKeyInfo", &start, &end); + return_val_if_fail (ret == ASN1_SUCCESS, false); + return_val_if_fail (end >= start, false); + + p11_checksum_sha1 (keyid, (der + start), (end - start) + 1, NULL); + return true; +} + +bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, const unsigned char *ext_der, size_t ext_len, diff --git a/common/x509.h b/common/x509.h index cbfc574..af91c28 100644 --- a/common/x509.h +++ b/common/x509.h @@ -46,6 +46,11 @@ unsigned char * p11_x509_find_extension (node_asn *cert, size_t der_len, size_t *ext_len); +bool p11_x509_calc_keyid (node_asn *cert, + const unsigned char *der, + size_t der_len, + unsigned char *keyid); + bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs, const unsigned char *ext_der, size_t ext_len, |