aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki/commands
diff options
context:
space:
mode:
Diffstat (limited to 'src/pki/commands')
-rw-r--r--src/pki/commands/acert.c5
-rw-r--r--src/pki/commands/issue.c6
-rw-r--r--src/pki/commands/keyid.c7
-rw-r--r--src/pki/commands/req.c11
-rw-r--r--src/pki/commands/self.c6
-rw-r--r--src/pki/commands/signcrl.c5
6 files changed, 37 insertions, 3 deletions
diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c
index 185aa40b4..03d90a103 100644
--- a/src/pki/commands/acert.c
+++ b/src/pki/commands/acert.c
@@ -166,6 +166,11 @@ static int acert()
error = "issuer private key does not match issuer certificate";
goto end;
}
+ if (private->get_type(private) == KEY_BLISS)
+ {
+ /* currently only SHA-512 is supported */
+ digest = HASH_SHA512;
+ }
if (hex)
{
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index aaa2c2ff7..c1d4cf8f2 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -287,6 +287,7 @@ static int issue()
}
break;
}
+
if (!cacert)
{
error = "--cacert is required";
@@ -362,6 +363,11 @@ static int issue()
}
public->destroy(public);
+ if (private->get_type(private) == KEY_BLISS)
+ {
+ /* currently only SHA-512 is supported */
+ digest = HASH_SHA512;
+ }
if (hex)
{
serial = chunk_from_hex(chunk_create(hex, strlen(hex)), NULL);
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index c3ac0c288..3bc62e74d 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -52,6 +52,11 @@ static int keyid()
type = CRED_PRIVATE_KEY;
subtype = KEY_ECDSA;
}
+ else if (streq(arg, "bliss-priv"))
+ {
+ type = CRED_PRIVATE_KEY;
+ subtype = KEY_BLISS;
+ }
else if (streq(arg, "pub"))
{
type = CRED_PUBLIC_KEY;
@@ -164,7 +169,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t)
{ keyid, 'k', "keyid",
"calculate key identifiers of a key/certificate",
- {"[--in file] [--type rsa-priv|ecdsa-priv|pub|pkcs10|x509]"},
+ {"[--in file] [--type rsa-priv|ecdsa-priv|bliss-priv|pub|pkcs10|x509]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index 023683569..fbe47ecc8 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -57,6 +57,10 @@ static int req()
{
type = KEY_ECDSA;
}
+ else if (streq(arg, "bliss"))
+ {
+ type = KEY_BLISS;
+ }
else
{
error = "invalid input type";
@@ -98,6 +102,11 @@ static int req()
break;
}
+ if (type == KEY_BLISS)
+ {
+ /* currently only SHA-512 is supported */
+ digest = HASH_SHA512;
+ }
if (!dn)
{
error = "--dn is required";
@@ -185,7 +194,7 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
req, 'r', "req",
"create a PKCS#10 certificate request",
- {" [--in file] [--type rsa|ecdsa] --dn distinguished-name",
+ {" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name",
"[--san subjectAltName]+ [--password challengePassword]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
{
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 813efb40f..a67115d9b 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -92,7 +92,6 @@ static int self()
else if (streq(arg, "bliss"))
{
type = KEY_BLISS;
- digest = HASH_SHA512;
}
else
{
@@ -263,6 +262,11 @@ static int self()
break;
}
+ if (type == KEY_BLISS)
+ {
+ /* currently only SHA-512 is supported */
+ digest = HASH_SHA512;
+ }
if (!dn)
{
error = "--dn is required";
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index e5f49efe2..212e1a820 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -335,6 +335,11 @@ static int sign_crl()
error = "CA private key does not match CA certificate";
goto error;
}
+ if (private->get_type(private) == KEY_BLISS)
+ {
+ /* currently only SHA-512 is supported */
+ digest = HASH_SHA512;
+ }
if (basecrl)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-24 07:17:56 +0000