[git] GnuPG - branch, master, updated. gnupg-2.1.9-80-g8b6c83d
by Werner Koch
cvs at cvs.gnupg.org
Wed Oct 28 19:01:54 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8 (commit)
from e095a3fcf2ccc6cc4e258111dc395558069a1164 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 28 18:57:53 2015 +0100
sm: Allow combination of usage flags --gen-key.
* sm/certreqgen.c (create_request): Re-implement building of the
key-usage extension.
--
GnuPG-bug-id: 2029
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 0774591..2c6550c 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -917,38 +917,53 @@ create_request (ctrl_t ctrl,
/* Set key usage flags. */
use = get_parameter_uint (para, pKEYUSAGE);
- if (use == GCRY_PK_USAGE_SIGN)
+ if (use)
{
- /* For signing only we encode the bits:
- KSBA_KEYUSAGE_DIGITAL_SIGNATURE
- KSBA_KEYUSAGE_NON_REPUDIATION */
- err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
- "\x03\x02\x06\xC0", 4);
- }
- else if (use == GCRY_PK_USAGE_ENCR)
- {
- /* For encrypt only we encode the bits:
- KSBA_KEYUSAGE_KEY_ENCIPHERMENT
- KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
- err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
- "\x03\x02\x04\x30", 4);
- }
- else if (use == GCRY_PK_USAGE_CERT)
- {
- /* For certify only we encode the bits:
- KSBA_KEYUSAGE_KEY_CERT_SIGN
- KSBA_KEYUSAGE_CRL_SIGN */
- err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
- "\x03\x02\x01\x06", 4);
- }
- else
- err = 0; /* Both or none given: don't request one. */
- if (err)
- {
- log_error ("error setting the key usage: %s\n",
- gpg_strerror (err));
- rc = err;
- goto leave;
+ unsigned int mask, pos;
+ unsigned char der[4];
+
+ der[0] = 0x03;
+ der[1] = 0x02;
+ der[2] = 0;
+ der[3] = 0;
+ if ((use & GCRY_PK_USAGE_SIGN))
+ {
+ /* For signing only we encode the bits:
+ KSBA_KEYUSAGE_DIGITAL_SIGNATURE
+ KSBA_KEYUSAGE_NON_REPUDIATION = 0b11 -> 0b11000000 */
+ der[3] |= 0xc0;
+ }
+ if ((use & GCRY_PK_USAGE_ENCR))
+ {
+ /* For encrypt only we encode the bits:
+ KSBA_KEYUSAGE_KEY_ENCIPHERMENT
+ KSBA_KEYUSAGE_DATA_ENCIPHERMENT = 0b1100 -> 0b00110000 */
+ der[3] |= 0x30;
+ }
+ if ((use & GCRY_PK_USAGE_CERT))
+ {
+ /* For certify only we encode the bits:
+ KSBA_KEYUSAGE_KEY_CERT_SIGN
+ KSBA_KEYUSAGE_CRL_SIGN = 0b1100000 -> 0b00000110 */
+ der[3] |= 0x06;
+ }
+
+ /* Count number of unused bits. */
+ for (mask=1, pos=0; pos < 8 * sizeof mask; pos++, mask <<= 1)
+ {
+ if ((der[3] & mask))
+ break;
+ der[2]++;
+ }
+
+ err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, der, 4);
+ if (err)
+ {
+ log_error ("error setting the key usage: %s\n",
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
}
-----------------------------------------------------------------------
Summary of changes:
sm/certreqgen.c | 77 ++++++++++++++++++++++++++++++++++-----------------------
1 file changed, 46 insertions(+), 31 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list