diff options
| author | Werner Koch <[email protected]> | 2004-06-06 13:00:59 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2004-06-06 13:00:59 +0000 |
| commit | f289f433b6d7f0b5ac76e03853ce628f23e3cdc2 (patch) | |
| tree | 4170844bd2e7c143fab1bf498d9136a0fe021a1f /sm/certreqgen.c | |
| parent | * util.h (xtrycalloc_secure,xtrymalloc_secure): New. (diff) | |
| download | gnupg-f289f433b6d7f0b5ac76e03853ce628f23e3cdc2.tar.gz gnupg-f289f433b6d7f0b5ac76e03853ce628f23e3cdc2.zip | |
* configure.ac: Require libksba 0.9.7.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
Diffstat (limited to 'sm/certreqgen.c')
| -rw-r--r-- | sm/certreqgen.c | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/sm/certreqgen.c b/sm/certreqgen.c index b1adf2974..969ed14b0 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -129,6 +129,9 @@ struct reqgen_ctrl_s { }; +static const char oidstr_keyUsage[] = "2.5.29.15"; + + static int proc_parameters (ctrl_t ctrl, struct para_data_s *para, struct reqgen_ctrl_s *outctrl); @@ -179,10 +182,10 @@ get_parameter_algo (struct para_data_s *para, enum para_name key) return gcry_pk_map_name (r->u.value); } -/* parse the usage parameter. Returns 0 on success. Note that we +/* Parse the usage parameter. Returns 0 on success. Note that we only care about sign and encrypt and don't (yet) allow all the other X.509 usage to be specified; instead we will use a fixed - mapping to the X.509 usage flags */ + mapping to the X.509 usage flags. */ static int parse_parameter_usage (struct para_data_s *para, enum para_name key) { @@ -222,6 +225,9 @@ get_parameter_uint (struct para_data_s *para, enum para_name key) if (!r) return 0; + if (r->key == pKEYUSAGE) + return r->u.usage; + return (unsigned int)strtoul (r->u.value, NULL, 10); } @@ -516,6 +522,7 @@ create_request (ctrl_t ctrl, ksba_stop_reason_t stopreason; int rc = 0; const char *s; + unsigned int use; err = ksba_certreq_new (&cr); if (err) @@ -576,6 +583,35 @@ create_request (ctrl_t ctrl, rc = err; goto leave; } + + + use = get_parameter_uint (para, pKEYUSAGE); + if (use == GCRY_PK_USAGE_SIGN) + { + /* For signing only we encode the bits: + KSBA_KEYUSAGE_DIGITAL_SIGNATURE + KSBA_KEYUSAGE_NON_REPUDIATION */ + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, + "\x03\x02\x06\xC0", 4); + } + else if (use == GCRY_PK_USAGE_ENCR) + { + /* For encrypt only we encode the bits: + KSBA_KEYUSAGE_KEY_ENCIPHERMENT + KSBA_KEYUSAGE_DATA_ENCIPHERMENT */ + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, + "\x03\x02\x04\x30", 4); + } + else + err = 0; /* Both or none given: don't request one. */ + if (err) + { + log_error ("error setting the key usage: %s\n", + gpg_strerror (err)); + rc = err; + goto leave; + } + do { |