2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
26 #include <auth/cert.h>
27 #include <algorithms.h>
28 #include <gnutls_datum.h>
29 #include <gnutls_mpi.h>
30 #include <gnutls_global.h>
31 #include <gnutls_pk.h>
33 #include <gnutls_buffers.h>
34 #include <gnutls_sig.h>
35 #include <gnutls_kx.h>
37 #include <ext/signature.h>
38 #include <gnutls_state.h>
39 #include <x509/common.h>
40 #include <abstract_int.h>
43 sign_tls_hash (gnutls_session_t session
, gnutls_digest_algorithm_t hash_algo
,
44 gnutls_pcert_st
* cert
, gnutls_privkey_t pkey
,
45 const gnutls_datum_t
* hash_concat
,
46 gnutls_datum_t
* signature
);
49 encode_ber_digest_info (gnutls_digest_algorithm_t hash
,
50 const gnutls_datum_t
* digest
,
51 gnutls_datum_t
* output
);
53 /* While this is currently equal to the length of RSA/SHA512
54 * signature, it should also be sufficient for DSS signature and any
55 * other RSA signatures including one with the old MD5/SHA1-combined
58 #define MAX_SIG_SIZE 19 + MAX_HASH_SIZE
60 /* Generates a signature of all the random data and the parameters.
61 * Used in DHE_* ciphersuites.
64 _gnutls_handshake_sign_data (gnutls_session_t session
, gnutls_pcert_st
* cert
,
65 gnutls_privkey_t pkey
, gnutls_datum_t
* params
,
66 gnutls_datum_t
* signature
,
67 gnutls_sign_algorithm_t
* sign_algo
)
69 gnutls_datum_t dconcat
;
72 uint8_t concat
[MAX_SIG_SIZE
];
73 gnutls_protocol_t ver
= gnutls_protocol_get_version (session
);
74 gnutls_digest_algorithm_t hash_algo
;
77 _gnutls_session_get_sign_algo (session
, cert
);
78 if (*sign_algo
== GNUTLS_SIGN_UNKNOWN
)
81 return GNUTLS_E_UNKNOWN_PK_ALGORITHM
;
84 hash_algo
= _gnutls_sign_get_hash_algorithm (*sign_algo
);
86 _gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
87 session
, gnutls_sign_algorithm_get_name (*sign_algo
));
89 ret
= _gnutls_hash_init (&td_sha
, hash_algo
);
96 _gnutls_hash (&td_sha
, session
->security_parameters
.client_random
,
98 _gnutls_hash (&td_sha
, session
->security_parameters
.server_random
,
100 _gnutls_hash (&td_sha
, params
->data
, params
->size
);
102 switch (gnutls_pubkey_get_pk_algorithm(cert
->pubkey
, NULL
))
105 if (!_gnutls_version_has_selectable_sighash (ver
))
109 ret
= _gnutls_hash_init (&td_md5
, GNUTLS_MAC_MD5
);
116 _gnutls_hash (&td_md5
, session
->security_parameters
.client_random
,
118 _gnutls_hash (&td_md5
, session
->security_parameters
.server_random
,
120 _gnutls_hash (&td_md5
, params
->data
, params
->size
);
122 _gnutls_hash_deinit (&td_md5
, concat
);
123 _gnutls_hash_deinit (&td_sha
, &concat
[16]);
125 dconcat
.data
= concat
;
131 _gnutls_hash_deinit (&td_sha
, concat
);
133 dconcat
.data
= concat
;
134 dconcat
.size
= _gnutls_hash_get_algo_len (hash_algo
);
139 _gnutls_hash_deinit (&td_sha
, concat
);
141 if (!IS_SHA(hash_algo
))
144 return GNUTLS_E_INTERNAL_ERROR
;
146 dconcat
.data
= concat
;
147 dconcat
.size
= _gnutls_hash_get_algo_len (hash_algo
);
152 _gnutls_hash_deinit (&td_sha
, NULL
);
153 return GNUTLS_E_INTERNAL_ERROR
;
156 ret
= sign_tls_hash (session
, hash_algo
, cert
, pkey
, &dconcat
, signature
);
167 /* This will create a PKCS1 or DSA signature, using the given parameters, and the
168 * given data. The output will be allocated and be put in signature.
171 _gnutls_soft_sign (gnutls_pk_algorithm_t algo
, gnutls_pk_params_st
* params
,
172 const gnutls_datum_t
* data
,
173 gnutls_datum_t
* signature
)
181 if ((ret
= _gnutls_pkcs1_rsa_encrypt (signature
, data
, params
, 1)) < 0)
189 ret
= _gnutls_pk_sign( algo
, signature
, data
, params
);
201 /* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
202 * Cert is the certificate of the corresponding private key. It is only checked if
203 * it supports signing.
206 sign_tls_hash (gnutls_session_t session
, gnutls_digest_algorithm_t hash_algo
,
207 gnutls_pcert_st
* cert
, gnutls_privkey_t pkey
,
208 const gnutls_datum_t
* hash_concat
,
209 gnutls_datum_t
* signature
)
211 gnutls_protocol_t ver
= gnutls_protocol_get_version (session
);
212 unsigned int key_usage
= 0;
213 /* If our certificate supports signing
218 gnutls_pubkey_get_key_usage(cert
->pubkey
, &key_usage
);
221 if (!(key_usage
& GNUTLS_KEY_DIGITAL_SIGNATURE
))
224 return GNUTLS_E_KEY_USAGE_VIOLATION
;
227 /* External signing. Deprecated. To be removed. */
232 if (!session
->internals
.sign_func
)
233 return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS
);
235 if (!_gnutls_version_has_selectable_sighash (ver
))
236 return (*session
->internals
.sign_func
)
237 (session
, session
->internals
.sign_func_userdata
,
238 cert
->type
, &cert
->cert
, hash_concat
, signature
);
241 gnutls_datum_t digest
;
243 ret
= _gnutls_set_datum(&digest
, hash_concat
->data
, hash_concat
->size
);
245 return gnutls_assert_val(ret
);
247 ret
= pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey
, NULL
), hash_algo
, &digest
);
254 ret
= (*session
->internals
.sign_func
)
255 (session
, session
->internals
.sign_func_userdata
,
256 cert
->type
, &cert
->cert
, &digest
, signature
);
258 gnutls_free(digest
.data
);
265 if (!_gnutls_version_has_selectable_sighash (ver
))
266 return _gnutls_privkey_sign_hash (pkey
, hash_concat
, signature
);
268 return gnutls_privkey_sign_hash (pkey
, hash_algo
, 0, hash_concat
, signature
);
272 verify_tls_hash (gnutls_protocol_t ver
, gnutls_pcert_st
* cert
,
273 const gnutls_datum_t
* hash_concat
,
274 gnutls_datum_t
* signature
, size_t sha1pos
,
275 gnutls_pk_algorithm_t pk_algo
)
278 gnutls_datum_t vdata
;
279 unsigned int key_usage
= 0, flags
;
284 return GNUTLS_E_CERTIFICATE_ERROR
;
287 gnutls_pubkey_get_key_usage(cert
->pubkey
, &key_usage
);
289 /* If the certificate supports signing continue.
292 if (!(key_usage
& GNUTLS_KEY_DIGITAL_SIGNATURE
))
295 return GNUTLS_E_KEY_USAGE_VIOLATION
;
298 if (pk_algo
== GNUTLS_PK_UNKNOWN
)
299 pk_algo
= gnutls_pubkey_get_pk_algorithm(cert
->pubkey
, NULL
);
304 vdata
.data
= hash_concat
->data
;
305 vdata
.size
= hash_concat
->size
;
307 /* verify signature */
308 if (!_gnutls_version_has_selectable_sighash (ver
))
309 flags
= GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA
;
318 vdata
.data
= &hash_concat
->data
[sha1pos
];
319 vdata
.size
= hash_concat
->size
- sha1pos
;
326 return GNUTLS_E_INTERNAL_ERROR
;
329 ret
= gnutls_pubkey_verify_hash(cert
->pubkey
, flags
, &vdata
,
333 return gnutls_assert_val(ret
);
340 /* Generates a signature of all the random data and the parameters.
341 * Used in DHE_* ciphersuites.
344 _gnutls_handshake_verify_data (gnutls_session_t session
, gnutls_pcert_st
* cert
,
345 const gnutls_datum_t
* params
,
346 gnutls_datum_t
* signature
,
347 gnutls_sign_algorithm_t algo
)
349 gnutls_datum_t dconcat
;
353 uint8_t concat
[MAX_SIG_SIZE
];
354 gnutls_protocol_t ver
= gnutls_protocol_get_version (session
);
355 gnutls_digest_algorithm_t hash_algo
;
357 if (_gnutls_version_has_selectable_sighash (ver
))
359 _gnutls_handshake_log ("HSK[%p]: verify handshake data: using %s\n",
360 session
, gnutls_sign_algorithm_get_name (algo
));
362 ret
= _gnutls_pubkey_compatible_with_sig(cert
->pubkey
, ver
, algo
);
364 return gnutls_assert_val(ret
);
366 ret
= _gnutls_session_sign_algo_enabled (session
, algo
);
368 return gnutls_assert_val(ret
);
370 hash_algo
= _gnutls_sign_get_hash_algorithm (algo
);
374 ret
= _gnutls_hash_init (&td_md5
, GNUTLS_MAC_MD5
);
381 _gnutls_hash (&td_md5
, session
->security_parameters
.client_random
,
383 _gnutls_hash (&td_md5
, session
->security_parameters
.server_random
,
385 _gnutls_hash (&td_md5
, params
->data
, params
->size
);
387 hash_algo
= GNUTLS_DIG_SHA1
;
390 ret
= _gnutls_hash_init (&td_sha
, hash_algo
);
394 if (!_gnutls_version_has_selectable_sighash (ver
))
395 _gnutls_hash_deinit (&td_md5
, NULL
);
399 _gnutls_hash (&td_sha
, session
->security_parameters
.client_random
,
401 _gnutls_hash (&td_sha
, session
->security_parameters
.server_random
,
403 _gnutls_hash (&td_sha
, params
->data
, params
->size
);
405 if (!_gnutls_version_has_selectable_sighash (ver
))
407 _gnutls_hash_deinit (&td_md5
, concat
);
408 _gnutls_hash_deinit (&td_sha
, &concat
[16]);
409 dconcat
.data
= concat
;
414 _gnutls_hash_deinit (&td_sha
, concat
);
416 dconcat
.data
= concat
;
417 dconcat
.size
= _gnutls_hash_get_algo_len (hash_algo
);
420 ret
= verify_tls_hash (ver
, cert
, &dconcat
, signature
,
422 _gnutls_hash_get_algo_len (hash_algo
),
423 _gnutls_sign_get_pk_algorithm (algo
));
434 /* Client certificate verify calculations
437 /* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2
440 _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session
,
441 gnutls_pcert_st
* cert
,
442 gnutls_datum_t
* signature
,
443 gnutls_sign_algorithm_t sign_algo
)
446 uint8_t concat
[MAX_HASH_SIZE
];
447 gnutls_datum_t dconcat
;
448 gnutls_digest_algorithm_t hash_algo
;
449 gnutls_protocol_t ver
= gnutls_protocol_get_version (session
);
450 gnutls_pk_algorithm_t pk
= gnutls_pubkey_get_pk_algorithm(cert
->pubkey
, NULL
);
452 ret
= _gnutls_session_sign_algo_enabled(session
, sign_algo
);
454 return gnutls_assert_val(ret
);
456 hash_algo
= _gnutls_sign_get_hash_algorithm(sign_algo
);
458 ret
= _gnutls_hash_fast(hash_algo
, session
->internals
.handshake_hash_buffer
.data
,
459 session
->internals
.handshake_hash_buffer_prev_len
,
462 return gnutls_assert_val(ret
);
464 dconcat
.data
= concat
;
465 dconcat
.size
= _gnutls_hash_get_algo_len (hash_algo
);
468 verify_tls_hash (ver
, cert
, &dconcat
, signature
, 0, pk
);
479 /* Verifies a TLS signature (like the one in the client certificate
483 _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session
,
484 gnutls_pcert_st
*cert
,
485 gnutls_datum_t
* signature
,
486 gnutls_sign_algorithm_t sign_algo
)
489 uint8_t concat
[MAX_SIG_SIZE
];
492 gnutls_datum_t dconcat
;
493 gnutls_protocol_t ver
= gnutls_protocol_get_version (session
);
495 _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
496 session
, gnutls_sign_algorithm_get_name (sign_algo
));
499 if (_gnutls_version_has_selectable_sighash(ver
))
500 return _gnutls_handshake_verify_cert_vrfy12 (session
, cert
, signature
,
504 _gnutls_hash_init (&td_md5
, GNUTLS_DIG_MD5
);
512 _gnutls_hash_init (&td_sha
, GNUTLS_DIG_SHA1
);
516 _gnutls_hash_deinit (&td_md5
, NULL
);
517 return GNUTLS_E_HASH_FAILED
;
520 _gnutls_hash(&td_sha
, session
->internals
.handshake_hash_buffer
.data
, session
->internals
.handshake_hash_buffer_prev_len
);
521 _gnutls_hash(&td_md5
, session
->internals
.handshake_hash_buffer
.data
, session
->internals
.handshake_hash_buffer_prev_len
);
523 if (ver
== GNUTLS_SSL3
)
525 ret
= _gnutls_generate_master (session
, 1);
528 _gnutls_hash_deinit (&td_md5
, NULL
);
529 _gnutls_hash_deinit (&td_sha
, NULL
);
530 return gnutls_assert_val(ret
);
533 ret
= _gnutls_mac_deinit_ssl3_handshake (&td_md5
, concat
,
535 security_parameters
.master_secret
,
539 _gnutls_hash_deinit (&td_sha
, NULL
);
540 return gnutls_assert_val(ret
);
543 ret
= _gnutls_mac_deinit_ssl3_handshake (&td_sha
, &concat
[16],
545 security_parameters
.master_secret
,
549 return gnutls_assert_val(ret
);
554 _gnutls_hash_deinit (&td_md5
, concat
);
555 _gnutls_hash_deinit (&td_sha
, &concat
[16]);
558 dconcat
.data
= concat
;
559 dconcat
.size
= 20 + 16; /* md5+ sha */
562 verify_tls_hash (ver
, cert
, &dconcat
, signature
, 16,
563 gnutls_pubkey_get_pk_algorithm(cert
->pubkey
, NULL
));
574 /* the same as _gnutls_handshake_sign_cert_vrfy except that it is made for TLS 1.2
577 _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session
,
578 gnutls_pcert_st
* cert
, gnutls_privkey_t pkey
,
579 gnutls_datum_t
* signature
)
581 gnutls_datum_t dconcat
;
583 uint8_t concat
[MAX_SIG_SIZE
];
584 gnutls_sign_algorithm_t sign_algo
;
585 gnutls_digest_algorithm_t hash_algo
;
588 _gnutls_session_get_sign_algo (session
, cert
);
589 if (sign_algo
== GNUTLS_SIGN_UNKNOWN
)
592 return GNUTLS_E_UNKNOWN_PK_ALGORITHM
;
595 hash_algo
= _gnutls_sign_get_hash_algorithm (sign_algo
);
597 _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
598 gnutls_sign_algorithm_get_name (sign_algo
),
599 gnutls_mac_get_name (hash_algo
));
601 ret
= _gnutls_hash_fast (hash_algo
, session
->internals
.handshake_hash_buffer
.data
,
602 session
->internals
.handshake_hash_buffer
.length
,
605 return gnutls_assert_val(ret
);
607 dconcat
.data
= concat
;
608 dconcat
.size
= _gnutls_hash_get_algo_len (hash_algo
);
610 ret
= sign_tls_hash (session
, hash_algo
, cert
, pkey
, &dconcat
, signature
);
621 /* Generates a signature of all the previous sent packets in the
622 * handshake procedure.
623 * 20040227: now it works for SSL 3.0 as well
624 * 20091031: works for TLS 1.2 too!
626 * For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
627 * For TLS1.2 returns the signature algorithm used on success, or a negative error code;
630 _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session
,
631 gnutls_pcert_st
* cert
, gnutls_privkey_t pkey
,
632 gnutls_datum_t
* signature
)
634 gnutls_datum_t dconcat
;
636 uint8_t concat
[MAX_SIG_SIZE
];
639 gnutls_protocol_t ver
= gnutls_protocol_get_version (session
);
640 gnutls_pk_algorithm_t pk
= gnutls_pubkey_get_pk_algorithm(cert
->pubkey
, NULL
);
642 if (_gnutls_version_has_selectable_sighash(ver
))
643 return _gnutls_handshake_sign_cert_vrfy12 (session
, cert
, pkey
,
647 _gnutls_hash_init (&td_sha
, GNUTLS_DIG_SHA1
);
654 _gnutls_hash(&td_sha
, session
->internals
.handshake_hash_buffer
.data
, session
->internals
.handshake_hash_buffer
.length
);
656 if (ver
== GNUTLS_SSL3
)
658 ret
= _gnutls_generate_master (session
, 1);
662 _gnutls_hash_deinit (&td_sha
, NULL
);
666 ret
= _gnutls_mac_deinit_ssl3_handshake (&td_sha
, &concat
[16],
668 security_parameters
.master_secret
,
671 return gnutls_assert_val(ret
);
674 _gnutls_hash_deinit (&td_sha
, &concat
[16]);
676 /* ensure 1024 bit DSA keys are used */
677 ret
= _gnutls_pubkey_compatible_with_sig(cert
->pubkey
, ver
, GNUTLS_SIGN_UNKNOWN
);
679 return gnutls_assert_val(ret
);
685 _gnutls_hash_init (&td_md5
, GNUTLS_DIG_MD5
);
687 return gnutls_assert_val(ret
);
689 _gnutls_hash(&td_md5
, session
->internals
.handshake_hash_buffer
.data
, session
->internals
.handshake_hash_buffer
.length
);
691 if (ver
== GNUTLS_SSL3
)
693 ret
= _gnutls_mac_deinit_ssl3_handshake (&td_md5
, concat
,
695 security_parameters
.master_secret
,
698 return gnutls_assert_val(ret
);
701 _gnutls_hash_deinit (&td_md5
, concat
);
703 dconcat
.data
= concat
;
709 dconcat
.data
= &concat
[16];
714 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR
);
716 ret
= sign_tls_hash (session
, GNUTLS_DIG_NULL
, cert
, pkey
, &dconcat
, signature
);
726 pk_hash_data (gnutls_pk_algorithm_t pk
, gnutls_digest_algorithm_t hash
,
727 gnutls_pk_params_st
* params
,
728 const gnutls_datum_t
* data
, gnutls_datum_t
* digest
)
732 digest
->size
= _gnutls_hash_get_algo_len (hash
);
733 digest
->data
= gnutls_malloc (digest
->size
);
734 if (digest
->data
== NULL
)
737 return GNUTLS_E_MEMORY_ERROR
;
740 ret
= _gnutls_hash_fast (hash
, data
->data
, data
->size
, digest
->data
);
750 gnutls_free (digest
->data
);
756 * This function will do RSA PKCS #1 1.5 encoding
757 * on the given digest. The given digest must be allocated
758 * and will be freed if replacement is required.
761 pk_prepare_hash (gnutls_pk_algorithm_t pk
,
762 gnutls_digest_algorithm_t hash
, gnutls_datum_t
* digest
)
765 gnutls_datum_t old_digest
= { digest
->data
, digest
->size
};
770 /* Encode the digest as a DigestInfo
772 if ((ret
= encode_ber_digest_info (hash
, &old_digest
, digest
)) != 0)
778 _gnutls_free_datum (&old_digest
);
785 return GNUTLS_E_UNIMPLEMENTED_FEATURE
;
791 /* Reads the digest information.
792 * we use DER here, although we should use BER. It works fine
796 decode_ber_digest_info (const gnutls_datum_t
* info
,
797 gnutls_mac_algorithm_t
* hash
,
798 uint8_t * digest
, unsigned int *digest_size
)
800 ASN1_TYPE dinfo
= ASN1_TYPE_EMPTY
;
805 if ((result
= asn1_create_element (_gnutls_get_gnutls_asn (),
807 &dinfo
)) != ASN1_SUCCESS
)
810 return _gnutls_asn2err (result
);
813 result
= asn1_der_decoding (&dinfo
, info
->data
, info
->size
, NULL
);
814 if (result
!= ASN1_SUCCESS
)
817 asn1_delete_structure (&dinfo
);
818 return _gnutls_asn2err (result
);
821 len
= sizeof (str
) - 1;
822 result
= asn1_read_value (dinfo
, "digestAlgorithm.algorithm", str
, &len
);
823 if (result
!= ASN1_SUCCESS
)
826 asn1_delete_structure (&dinfo
);
827 return _gnutls_asn2err (result
);
830 *hash
= _gnutls_x509_oid2mac_algorithm (str
);
832 if (*hash
== GNUTLS_MAC_UNKNOWN
)
835 _gnutls_debug_log ("verify.c: HASH OID: %s\n", str
);
838 asn1_delete_structure (&dinfo
);
839 return GNUTLS_E_UNKNOWN_ALGORITHM
;
842 len
= sizeof (str
) - 1;
843 result
= asn1_read_value (dinfo
, "digestAlgorithm.parameters", str
, &len
);
844 /* To avoid permitting garbage in the parameters field, either the
845 parameters field is not present, or it contains 0x05 0x00. */
846 if (!(result
== ASN1_ELEMENT_NOT_FOUND
||
847 (result
== ASN1_SUCCESS
&& len
== ASN1_NULL_SIZE
&&
848 memcmp (str
, ASN1_NULL
, ASN1_NULL_SIZE
) == 0)))
851 asn1_delete_structure (&dinfo
);
852 return GNUTLS_E_ASN1_GENERIC_ERROR
;
856 result
= asn1_read_value (dinfo
, "digest", digest
, &len
);
858 if (result
!= ASN1_SUCCESS
)
862 asn1_delete_structure (&dinfo
);
863 return _gnutls_asn2err (result
);
867 asn1_delete_structure (&dinfo
);
872 /* Writes the digest information and the digest in a DER encoded
873 * structure. The digest info is allocated and stored into the info structure.
876 encode_ber_digest_info (gnutls_digest_algorithm_t hash
,
877 const gnutls_datum_t
* digest
,
878 gnutls_datum_t
* output
)
880 ASN1_TYPE dinfo
= ASN1_TYPE_EMPTY
;
886 algo
= _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t
) hash
);
890 _gnutls_debug_log ("Hash algorithm: %d has no OID\n", hash
);
891 return GNUTLS_E_UNKNOWN_PK_ALGORITHM
;
894 if ((result
= asn1_create_element (_gnutls_get_gnutls_asn (),
896 &dinfo
)) != ASN1_SUCCESS
)
899 return _gnutls_asn2err (result
);
902 result
= asn1_write_value (dinfo
, "digestAlgorithm.algorithm", algo
, 1);
903 if (result
!= ASN1_SUCCESS
)
906 asn1_delete_structure (&dinfo
);
907 return _gnutls_asn2err (result
);
910 /* Write an ASN.1 NULL in the parameters field. This matches RFC
911 3279 and RFC 4055, although is arguable incorrect from a historic
912 perspective (see those documents for more information).
913 Regardless of what is correct, this appears to be what most
914 implementations do. */
915 result
= asn1_write_value (dinfo
, "digestAlgorithm.parameters",
916 ASN1_NULL
, ASN1_NULL_SIZE
);
917 if (result
!= ASN1_SUCCESS
)
920 asn1_delete_structure (&dinfo
);
921 return _gnutls_asn2err (result
);
924 result
= asn1_write_value (dinfo
, "digest", digest
->data
, digest
->size
);
925 if (result
!= ASN1_SUCCESS
)
928 asn1_delete_structure (&dinfo
);
929 return _gnutls_asn2err (result
);
933 asn1_der_coding (dinfo
, "", NULL
, &tmp_output_size
, NULL
);
935 tmp_output
= gnutls_malloc (tmp_output_size
);
936 if (output
->data
== NULL
)
939 asn1_delete_structure (&dinfo
);
940 return GNUTLS_E_MEMORY_ERROR
;
943 result
= asn1_der_coding (dinfo
, "", tmp_output
, &tmp_output_size
, NULL
);
944 if (result
!= ASN1_SUCCESS
)
947 asn1_delete_structure (&dinfo
);
948 return _gnutls_asn2err (result
);
951 asn1_delete_structure (&dinfo
);
953 output
->size
= tmp_output_size
;
954 output
->data
= tmp_output
;