[git] KSBA - branch, master, updated. debian/libksba-1.1.0-9-g4768923
by Werner Koch
cvs at cvs.gnupg.org
Mon Feb 28 16:09:14 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".
The branch, master has been updated
via 4768923e5800c2cb65dbcdeeae2d866b6de5d74a (commit)
from 6a7f295548a8ba5a2d9cc721e5d0d22ad043d0b0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4768923e5800c2cb65dbcdeeae2d866b6de5d74a
Author: Werner Koch <wk at gnupg.org>
Date: Mon Feb 28 15:45:04 2011 +0100
Complete X.509 creation stuff
diff --git a/NEWS b/NEWS
index 0431f8f..a47c37f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ Noteworthy changes in version 1.2.0
ksba_certreq_set_serial NEW.
ksba_certreq_set_issuer NEW.
ksba_certreq_set_validity NEW.
+ ksba_certreq_set_siginfo NEW.
Noteworthy changes in version 1.1.0 (2010-10-26)
diff --git a/src/ChangeLog b/src/ChangeLog
index 024577d..e2b1176 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,12 +1,22 @@
+2011-02-28 Werner Koch <wk at g10code.com>
+
+ * keyinfo.c (_ksba_algoinfo_from_sexp): New.
+ (oid_from_buffer): Add arg WITH_SIG.
+ * certreq.c (ksba_certreq_set_signing_key): Rename to ..
+ (ksba_certreq_set_siginfo): new. Use new parser function.
+ * libksba.def, libksba.vers, visibility.c, visibility.h: Change
+ accordingly.
+
2011-02-25 Werner Koch <wk at g10code.com>
* certreq.h (ksba_certreq_s): Add structure x509.
* certreq.c (ksba_certreq_release): Free new fields.
(ksba_certreq_set_serial, ksba_certreq_set_issuer)
- (ksba_certreq_set_validity): New.
+ (ksba_certreq_set_validity, ksba_certreq_set_signing_key): New.
(build_extensions): Add arg certmode and allow building of X.509
extensions.
(build_cri): Add code to build an X.509 certificate.
+
* libksba.def, libksba.vers: Add new functions.
* visibility.c, visibility.h: Ditto.
diff --git a/src/certreq.c b/src/certreq.c
index 06c8116..e91c5b2 100644
--- a/src/certreq.c
+++ b/src/certreq.c
@@ -68,6 +68,7 @@ ksba_certreq_release (ksba_certreq_t cr)
return;
xfree (cr->x509.serial.der);
xfree (cr->x509.issuer.der);
+ xfree (cr->x509.siginfo.der);
xfree (cr->subject.der);
xfree (cr->key.der);
xfree (cr->cri.der);
@@ -182,6 +183,32 @@ ksba_certreq_set_validity (ksba_certreq_t cr, int what,
}
+/* Store the signing key info. This is used to extract the signing
+ algorithm; the signing itself needs to be done by the caller as
+ response to a stop code. The expression SIGINFO is similar to a
+ sig-val one, however most parameters are not required. The
+ expected structure of this canonical encoded s-expression is:
+
+ (sig-val
+ (<algo>
+ (<param_name1> <value>)
+ ...
+ (<param_namen> <value>)))
+
+*/
+gpg_error_t
+ksba_certreq_set_siginfo (ksba_certreq_t cr, ksba_const_sexp_t siginfo)
+{
+ if (!cr || !siginfo)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ xfree (cr->x509.siginfo.der);
+ cr->x509.siginfo.der = NULL;
+
+ return _ksba_algoinfo_from_sexp (siginfo, &cr->x509.siginfo.der,
+ &cr->x509.siginfo.derlen);
+}
+
+
�
/* Store the subject's name. Does perform some syntactic checks on
the name. The first added subject is the real one, all subsequent
@@ -674,43 +701,15 @@ build_cri (ksba_certreq_t cr)
if (err)
goto leave;
- /* Store the signature algorithm identifier. That is easy
- because we must take it from the public key. */
- {
- char *dummy_oid = NULL;
- size_t algoinfolen;
- struct tag_info ti;
- const unsigned char *der;
- size_t derlen, seqlen;
-
- der = cr->key.der;
- derlen = cr->key.derlen;
-
- err = _ksba_ber_parse_tl (&der, &derlen, &ti);
- if (err)
- goto leave;
- if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE
- && ti.is_constructed) || ti.ndef)
- {
- err = gpg_error (GPG_ERR_INV_CERT_OBJ);
- goto leave;
- }
- seqlen = ti.length;
- if (seqlen > derlen)
- {
- err = gpg_error (GPG_ERR_BAD_BER);
- goto leave;
- }
+ /* Store the signature algorithm identifier. */
+ if (!cr->x509.siginfo.der)
+ err = gpg_error (GPG_ERR_MISSING_VALUE);
+ else
+ err = ksba_writer_write (writer,
+ cr->x509.siginfo.der, cr->x509.siginfo.derlen);
+ if (err)
+ goto leave;
- err = _ksba_parse_algorithm_identifier (der, derlen,
- &algoinfolen, &dummy_oid);
- xfree (dummy_oid);
- if (err)
- goto leave;
- err = ksba_writer_write (writer, der, algoinfolen);
- if (err)
- goto leave;
- }
/* Store the issuer DN. If no issuer DN has been set we use the
subject DN. */
@@ -727,33 +726,73 @@ build_cri (ksba_certreq_t cr)
/* Store the Validity. */
{
unsigned char templ[36];
+ unsigned char *tp;
- templ[0] = 0x30;
- templ[1] = 0x22;
+ tp = templ;
+ *tp++ = 0x30;
+ *tp++ = 0x22;
- templ[2] = 0x18;
- templ[3] = 0x0F;
+ *tp++ = TYPE_GENERALIZED_TIME;
+ *tp++ = 15;
if (cr->x509.not_before[0])
{
- memcpy (templ+4, cr->x509.not_before, 8);
- memcpy (templ+12, cr->x509.not_before+9, 6);
+ if (_ksba_cmp_time (cr->x509.not_before, "20500101T000000") >= 0)
+ {
+ memcpy (tp, cr->x509.not_before, 8);
+ tp += 8;
+ memcpy (tp, cr->x509.not_before+9, 6);
+ tp += 6;
+ }
+ else
+ {
+ tp[-2] = TYPE_UTC_TIME;
+ tp[-1] = 13;
+ memcpy (tp, cr->x509.not_before, 6);
+ tp += 6;
+ memcpy (tp, cr->x509.not_before+9, 6);
+ tp += 6;
+ }
}
else
- memcpy (templ+4, "20110101000000", 14);
- templ[18] = 'Z';
+ {
+ tp[-2] = TYPE_UTC_TIME;
+ tp[-1] = 13;
+ memcpy (tp, "110101000000", 12);
+ tp += 12;
+ }
+ *tp++ = 'Z';
- templ[19] = 0x18;
- templ[20] = 0x0F;
+ *tp++ = TYPE_GENERALIZED_TIME;
+ *tp++ = 15;
if (cr->x509.not_after[0])
{
- memcpy (templ+21, cr->x509.not_before, 8);
- memcpy (templ+29, cr->x509.not_before+9, 6);
+ if (_ksba_cmp_time (cr->x509.not_after, "20500101T000000") >= 0)
+ {
+ memcpy (tp, cr->x509.not_after, 8);
+ tp += 8;
+ memcpy (tp, cr->x509.not_after+9, 6);
+ tp += 6;
}
+ else
+ {
+ tp[-2] = TYPE_UTC_TIME;
+ tp[-1] = 13;
+ memcpy (tp, cr->x509.not_after+2, 6);
+ tp += 6;
+ memcpy (tp, cr->x509.not_after+9, 6);
+ tp += 6;
+ }
+ }
else
- memcpy (templ+21,"20630405170000", 14);
- templ[35] = 'Z';
+ {
+ memcpy (tp,"20630405170000", 14);
+ tp += 14;
+ }
+ *tp++ = 'Z';
+ assert (tp - templ <= 36);
+ templ[1] = tp - templ - 2; /* Fixup the sequence length. */
- err = ksba_writer_write (writer, templ, 36);
+ err = ksba_writer_write (writer, templ, tp - templ);
if (err)
goto leave;
}
diff --git a/src/certreq.h b/src/certreq.h
index 2aa0c49..1aafec6 100644
--- a/src/certreq.h
+++ b/src/certreq.h
@@ -73,6 +73,10 @@ struct ksba_certreq_s
} issuer;
ksba_isotime_t not_before;
ksba_isotime_t not_after;
+ struct {
+ unsigned char *der;
+ size_t derlen;
+ } siginfo;
} x509;
struct {
diff --git a/src/keyinfo.c b/src/keyinfo.c
index a2e7e28..6af095f 100644
--- a/src/keyinfo.c
+++ b/src/keyinfo.c
@@ -839,10 +839,11 @@ _ksba_keyinfo_to_sexp (const unsigned char *der, size_t derlen,
�
/* Match the algorithm string given in BUF which is of length BUFLEN
with the known algorithms from our table and returns the table
- entries for the DER encoded OID. */
+ entries for the DER encoded OID. If WITH_SIG is true, the table of
+ signature algorithms is consulted first. */
static const unsigned char *
oid_from_buffer (const unsigned char *buf, int buflen, int *oidlen,
- pkalgo_t *r_pkalgo)
+ pkalgo_t *r_pkalgo, int with_sig)
{
int i;
@@ -855,7 +856,29 @@ oid_from_buffer (const unsigned char *buf, int buflen, int *oidlen,
buflen -= 4;
}
- /* Scan the table. */
+ if (with_sig)
+ {
+ /* Scan the signature table first. */
+ for (i=0; sig_algo_table[i].oid; i++)
+ {
+ if (!sig_algo_table[i].supported)
+ continue;
+ if (buflen == strlen (sig_algo_table[i].oidstring)
+ && !memcmp (buf, sig_algo_table[i].oidstring, buflen))
+ break;
+ if (buflen == strlen (sig_algo_table[i].algo_string)
+ && !memcmp (buf, sig_algo_table[i].algo_string, buflen))
+ break;
+ }
+ if (sig_algo_table[i].oid)
+ {
+ *r_pkalgo = sig_algo_table[i].pkalgo;
+ *oidlen = sig_algo_table[i].oidlen;
+ return sig_algo_table[i].oid;
+ }
+ }
+
+ /* Scan the standard table. */
for (i=0; pk_algo_table[i].oid; i++)
{
if (!pk_algo_table[i].supported)
@@ -934,7 +957,7 @@ _ksba_keyinfo_from_sexp (ksba_const_sexp_t sexp,
if (!n || *s != ':')
return gpg_error (GPG_ERR_INV_SEXP); /* we don't allow empty lengths */
s++;
- oid = oid_from_buffer (s, n, &oidlen, &pkalgo);
+ oid = oid_from_buffer (s, n, &oidlen, &pkalgo, 0);
if (!oid)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
s += n;
@@ -1248,6 +1271,294 @@ _ksba_keyinfo_from_sexp (ksba_const_sexp_t sexp,
}
+/* Take a sig-val s-expression and convert it into a DER encoded
+ algorithmInfo. Unfortunately this function clones a lot of code
+ from _ksba_keyinfo_from_sexp. */
+gpg_error_t
+_ksba_algoinfo_from_sexp (ksba_const_sexp_t sexp,
+ unsigned char **r_der, size_t *r_derlen)
+{
+ gpg_error_t err;
+ const unsigned char *s;
+ char *endp;
+ unsigned long n;
+ const unsigned char *oid;
+ int oidlen;
+ unsigned char *curve_oid = NULL;
+ size_t curve_oidlen;
+ pkalgo_t pkalgo;
+ int i;
+ struct {
+ const char *name;
+ int namelen;
+ const unsigned char *value;
+ int valuelen;
+ } parm[10];
+ int parmidx;
+ int idxtbl[10];
+ int idxtbllen;
+ const char *parmdesc, *algoparmdesc;
+ ksba_writer_t writer = NULL;
+ void *algoparmseq_value = NULL;
+ size_t algoparmseq_len;
+
+ if (!sexp)
+ return gpg_error (GPG_ERR_INV_VALUE);
+
+ s = sexp;
+ if (*s != '(')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+
+ n = strtoul (s, &endp, 10);
+ s = endp;
+ if (!n || *s != ':')
+ return gpg_error (GPG_ERR_INV_SEXP); /* We don't allow empty lengths. */
+ s++;
+ if (n == 7 && !memcmp (s, "sig-val", 7))
+ s += 7;
+ else if (n == 10 && !memcmp (s, "public-key", 10))
+ s += 10;
+ else
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+
+ if (*s != '(')
+ return gpg_error (digitp (s)? GPG_ERR_UNKNOWN_SEXP : GPG_ERR_INV_SEXP);
+ s++;
+
+ /* Break out the algorithm ID */
+ n = strtoul (s, &endp, 10);
+ s = endp;
+ if (!n || *s != ':')
+ return gpg_error (GPG_ERR_INV_SEXP); /* We don't allow empty lengths. */
+ s++;
+ oid = oid_from_buffer (s, n, &oidlen, &pkalgo, 1);
+ if (!oid)
+ return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ s += n;
+
+ /* Collect all the values */
+ for (parmidx = 0; *s != ')' ; parmidx++)
+ {
+ if (parmidx >= DIM(parm))
+ return gpg_error (GPG_ERR_GENERAL);
+ if (*s != '(')
+ return gpg_error (digitp(s)? GPG_ERR_UNKNOWN_SEXP:GPG_ERR_INV_SEXP);
+ s++;
+ n = strtoul (s, &endp, 10);
+ s = endp;
+ if (!n || *s != ':')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ parm[parmidx].name = s;
+ parm[parmidx].namelen = n;
+ s += n;
+ if (!digitp(s))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* ... or invalid S-Exp. */
+
+ n = strtoul (s, &endp, 10);
+ s = endp;
+ if (!n || *s != ':')
+ return gpg_error (GPG_ERR_INV_SEXP);
+ s++;
+ parm[parmidx].value = s;
+ parm[parmidx].valuelen = n;
+ s += n;
+ if ( *s != ')')
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* ... or invalid S-Exp. */
+ s++;
+ }
+ s++;
+ /* We need another closing parenthesis. */
+ if ( *s != ')' )
+ return gpg_error (GPG_ERR_INV_SEXP);
+
+ /* Describe the parameters in the order we want them and construct
+ IDXTBL to access them. For DSA wie also set algoparmdesc so
+ that we can later build the parameters for the
+ algorithmIdentifier. */
+ algoparmdesc = NULL;
+ switch (pkalgo)
+ {
+ case PKALGO_RSA: parmdesc = ""; break;
+ case PKALGO_DSA: parmdesc = "" ; algoparmdesc = "pqg"; break;
+ case PKALGO_ECC: parmdesc = "C"; break;
+ default: return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);
+ }
+
+ idxtbllen = 0;
+ for (s = parmdesc; *s; s++)
+ {
+ for (i=0; i < parmidx; i++)
+ {
+ assert (idxtbllen < DIM (idxtbl));
+ switch (*s)
+ {
+ case 'C': /* Magic value for "curve". */
+ if (parm[i].namelen == 5 && !memcmp (parm[i].name, "curve", 5))
+ {
+ idxtbl[idxtbllen++] = i;
+ i = parmidx; /* Break inner loop. */
+ }
+ break;
+ default:
+ if (parm[i].namelen == 1 && parm[i].name[0] == *s)
+ {
+ idxtbl[idxtbllen++] = i;
+ i = parmidx; /* Break inner loop. */
+ }
+ break;
+ }
+ }
+ }
+ if (idxtbllen != strlen (parmdesc))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+
+ if (pkalgo == PKALGO_ECC)
+ {
+ curve_oid = get_ecc_curve_oid (parm[idxtbl[0]].value,
+ parm[idxtbl[0]].valuelen,
+ &curve_oidlen);
+ if (!curve_oid)
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+ }
+
+
+ /* Create write object. */
+ err = ksba_writer_new (&writer);
+ if (err)
+ goto leave;
+ err = ksba_writer_set_mem (writer, 1024);
+ if (err)
+ goto leave;
+
+ /* Create the sequence of the algorithm identifier. */
+
+ /* If the algorithmIdentifier requires a sequence with parameters,
+ build them now. We can reuse the IDXTBL for that. */
+ if (algoparmdesc)
+ {
+ idxtbllen = 0;
+ for (s = algoparmdesc; *s; s++)
+ {
+ for (i=0; i < parmidx; i++)
+ {
+ assert (idxtbllen < DIM (idxtbl));
+ if (parm[i].namelen == 1 && parm[i].name[0] == *s)
+ {
+ idxtbl[idxtbllen++] = i;
+ break;
+ }
+ }
+ }
+ if (idxtbllen != strlen (algoparmdesc))
+ return gpg_error (GPG_ERR_UNKNOWN_SEXP);
+
+ err = ksba_writer_set_mem (writer, 1024);
+ if (err)
+ goto leave;
+
+ /* Calculate the size of the sequence. */
+ for (n=0, i=0; i < idxtbllen; i++ )
+ {
+ n += _ksba_ber_count_tl (TYPE_INTEGER, CLASS_UNIVERSAL, 0,
+ parm[idxtbl[i]].valuelen);
+ n += parm[idxtbl[i]].valuelen;
+ }
+
+ /* Write the sequence tag followed by the integers. */
+ err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n);
+ if (err)
+ goto leave;
+ for (i=0; i < idxtbllen; i++)
+ {
+ err = _ksba_ber_write_tl (writer, TYPE_INTEGER, CLASS_UNIVERSAL, 0,
+ parm[idxtbl[i]].valuelen);
+ if (!err)
+ err = ksba_writer_write (writer, parm[idxtbl[i]].value,
+ parm[idxtbl[i]].valuelen);
+ if (err)
+ goto leave;
+ }
+
+ /* Get the encoded sequence. */
+ algoparmseq_value = ksba_writer_snatch_mem (writer, &algoparmseq_len);
+ if (!algoparmseq_value)
+ {
+ err = gpg_error (GPG_ERR_ENOMEM);
+ goto leave;
+ }
+ }
+ else
+ algoparmseq_len = 0;
+
+ /* Reinitialize the buffer to create the sequence. */
+ err = ksba_writer_set_mem (writer, 1024);
+ if (err)
+ goto leave;
+
+ /* Calulate lengths. */
+ n = _ksba_ber_count_tl (TYPE_OBJECT_ID, CLASS_UNIVERSAL, 0, oidlen);
+ n += oidlen;
+ if (algoparmseq_len)
+ {
+ n += algoparmseq_len;
+ }
+ else if (pkalgo == PKALGO_ECC)
+ {
+ n += _ksba_ber_count_tl (TYPE_OBJECT_ID, CLASS_UNIVERSAL,
+ 0, curve_oidlen);
+ n += curve_oidlen;
+ }
+ else if (pkalgo == PKALGO_RSA)
+ {
+ n += _ksba_ber_count_tl (TYPE_NULL, CLASS_UNIVERSAL, 0, 0);
+ }
+
+ /* Write the sequence. */
+ err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n);
+ if (err)
+ goto leave;
+
+ /* Write the object id. */
+ err = _ksba_ber_write_tl (writer, TYPE_OBJECT_ID, CLASS_UNIVERSAL, 0, oidlen);
+ if (!err)
+ err = ksba_writer_write (writer, oid, oidlen);
+ if (err)
+ goto leave;
+
+ /* Write the parameters. */
+ if (algoparmseq_len)
+ {
+ err = ksba_writer_write (writer, algoparmseq_value, algoparmseq_len);
+ }
+ else if (pkalgo == PKALGO_ECC)
+ {
+ /* We only support the namedCuve choice for ECC parameters. */
+ err = _ksba_ber_write_tl (writer, TYPE_OBJECT_ID, CLASS_UNIVERSAL,
+ 0, curve_oidlen);
+ if (!err)
+ err = ksba_writer_write (writer, curve_oid, curve_oidlen);
+ }
+ else if (pkalgo == PKALGO_RSA)
+ {
+ err = _ksba_ber_write_tl (writer, TYPE_NULL, CLASS_UNIVERSAL, 0, 0);
+ }
+ if (err)
+ goto leave;
+
+ /* Get the result. */
+ *r_der = ksba_writer_snatch_mem (writer, r_derlen);
+ if (!*r_der)
+ err = gpg_error (GPG_ERR_ENOMEM);
+
+ leave:
+ ksba_writer_release (writer);
+ xfree (curve_oid);
+ return err;
+}
+
+
/* Mode 0: work as described under _ksba_sigval_to_sexp
mode 1: work as described under _ksba_encval_to_sexp */
diff --git a/src/keyinfo.h b/src/keyinfo.h
index 8fcbbeb..60189d1 100644
--- a/src/keyinfo.h
+++ b/src/keyinfo.h
@@ -42,6 +42,9 @@ gpg_error_t _ksba_keyinfo_from_sexp (ksba_const_sexp_t sexp,
unsigned char **r_der, size_t *r_derlen)
_KSBA_VISIBILITY_DEFAULT;
+gpg_error_t _ksba_algoinfo_from_sexp (ksba_const_sexp_t sexp,
+ unsigned char **r_der, size_t *r_derlen);
+
gpg_error_t _ksba_sigval_to_sexp (const unsigned char *der, size_t derlen,
ksba_sexp_t *r_string);
gpg_error_t _ksba_encval_to_sexp (const unsigned char *der, size_t derlen,
diff --git a/src/ksba.h b/src/ksba.h
index 3959622..7cf1e75 100644
--- a/src/ksba.h
+++ b/src/ksba.h
@@ -430,6 +430,8 @@ gpg_error_t ksba_certreq_set_serial (ksba_certreq_t cr, ksba_const_sexp_t sn);
gpg_error_t ksba_certreq_set_issuer (ksba_certreq_t cr, const char *name);
gpg_error_t ksba_certreq_set_validity (ksba_certreq_t cr, int what,
const ksba_isotime_t timebuf);
+gpg_error_t ksba_certreq_set_siginfo (ksba_certreq_t cr,
+ ksba_const_sexp_t siginfo);
diff --git a/src/libksba.def b/src/libksba.def
index e216ee6..19cffec 100644
--- a/src/libksba.def
+++ b/src/libksba.def
@@ -179,6 +179,7 @@ EXPORTS
ksba_reader_set_release_notify @146
ksba_writer_set_release_notify @147
- ksba_certreq_set_serial @148
- ksba_certreq_set_issuer @149
- ksba_certreq_set_validity @150
+ ksba_certreq_set_serial @148
+ ksba_certreq_set_issuer @149
+ ksba_certreq_set_validity @150
+ ksba_certreq_set_siginfo @151
diff --git a/src/libksba.vers b/src/libksba.vers
index fd7e4f4..e9b72de 100644
--- a/src/libksba.vers
+++ b/src/libksba.vers
@@ -47,6 +47,7 @@ KSBA_0.9 {
ksba_certreq_set_serial;
ksba_certreq_set_issuer;
ksba_certreq_set_validity;
+ ksba_certreq_set_siginfo;
ksba_cms_add_cert; ksba_cms_add_digest_algo; ksba_cms_add_recipient;
ksba_cms_add_signer; ksba_cms_build; ksba_cms_get_cert;
diff --git a/src/visibility.c b/src/visibility.c
index 9010df5..e0c9701 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -912,6 +912,13 @@ ksba_certreq_set_validity (ksba_certreq_t cr, int what,
}
+gpg_error_t
+ksba_certreq_set_siginfo (ksba_certreq_t cr, ksba_const_sexp_t siginfo)
+{
+ return _ksba_certreq_set_siginfo (cr, siginfo);
+}
+
+
/*-- reader.c --*/
gpg_error_t
ksba_reader_new (ksba_reader_t *r_r)
diff --git a/src/visibility.h b/src/visibility.h
index c2b78ca..9c42df2 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -65,6 +65,7 @@
#define ksba_certreq_set_serial _ksba_certreq_set_serial
#define ksba_certreq_set_issuer _ksba_certreq_set_issuer
#define ksba_certreq_set_validity _ksba_certreq_set_validity
+#define ksba_certreq_set_siginfo _ksba_certreq_set_siginfo
#define ksba_certreq_add_subject _ksba_certreq_add_subject
#define ksba_certreq_build _ksba_certreq_build
#define ksba_certreq_new _ksba_certreq_new
@@ -258,6 +259,7 @@ int ksba_asn_delete_structure (void *dummy);
#undef ksba_certreq_set_serial
#undef ksba_certreq_set_issuer
#undef ksba_certreq_set_validity
+#undef ksba_certreq_set_siginfo
#undef ksba_certreq_add_subject
#undef ksba_certreq_build
#undef ksba_certreq_new
@@ -420,6 +422,7 @@ MARK_VISIBLE (ksba_cert_get_user_data)
MARK_VISIBLE (ksba_certreq_set_serial)
MARK_VISIBLE (ksba_certreq_set_issuer)
MARK_VISIBLE (ksba_certreq_set_validity)
+MARK_VISIBLE (ksba_certreq_set_siginfo)
MARK_VISIBLE (ksba_certreq_add_subject)
MARK_VISIBLE (ksba_certreq_build)
MARK_VISIBLE (ksba_certreq_new)
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
src/ChangeLog | 12 ++-
src/certreq.c | 141 +++++++++++++++---------
src/certreq.h | 4 +
src/keyinfo.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
src/keyinfo.h | 3 +
src/ksba.h | 2 +
src/libksba.def | 7 +-
src/libksba.vers | 1 +
src/visibility.c | 7 ++
src/visibility.h | 3 +
11 files changed, 441 insertions(+), 59 deletions(-)
hooks/post-receive
--
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org
More information about the Gnupg-commits
mailing list