[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_7-38-g869caab
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_7-38-g869caab |
|
Date: |
Sun, 01 Nov 2009 15:34:44 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=869caab02c60af38d20e6db0c34a8e40d8e2050e
The branch, master has been updated
via 869caab02c60af38d20e6db0c34a8e40d8e2050e (commit)
from b51199993e0c33447dac4b4aa83ef9b67a806724 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 869caab02c60af38d20e6db0c34a8e40d8e2050e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Nov 1 17:33:19 2009 +0200
Avoid code duplication by using all the functions defined in
gnutls_algorithms
to map from TLS 1.2 signature algorithm numbers to gnutls signature
algorithms.
Added minimal documentation for SIGN-* in gnutls-cli priority strings.
Corrected bug in signature algorithm extension generation.
-----------------------------------------------------------------------
Summary of changes:
lib/auth_cert.c | 14 ++++--
lib/auth_dhe.c | 4 +-
lib/ext_signature.c | 120 +++++------------------------------------------
lib/ext_signature.h | 3 -
lib/gnutls_algorithms.c | 6 +-
lib/gnutls_algorithms.h | 2 +-
lib/gnutls_int.h | 2 +-
lib/gnutls_sig.c | 2 +-
8 files changed, 30 insertions(+), 123 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 15168c1..a375633 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -43,7 +43,6 @@
#include <gnutls_state.h>
#include <gnutls_pk.h>
#include <gnutls_x509.h>
-#include <ext_signature.h>
#include "debug.h"
#ifdef ENABLE_OPENPGP
@@ -1470,9 +1469,11 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t
session, opaque ** data)
p = *data;
if (_gnutls_version_has_selectable_sighash(ver))
{
+ sign_algorithm_st aid;
/* error checking is not needed here since we have used those algorithms
*/
- p[0] =
_gnutls_sign_algorithm_hash2num(_gnutls_sign_get_hash_algorithm(sign_algo));
- p[1] =
_gnutls_sign_algorithm_pk2num(_gnutls_sign_get_pk_algorithm(sign_algo));
+ aid = _gnutls_sign_to_tls_aid(sign_algo);
+ p[0] = aid.hash_algorithm;
+ p[1] = aid.sign_algorithm;
p+=2;
}
@@ -1509,8 +1510,13 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t
session,
if (_gnutls_version_has_selectable_sighash(ver))
{
+ sign_algorithm_st aid;
+
DECR_LEN (dsize, 2);
- sign_algo = _gnutls_sign_algorithm_num2sig (pdata[0], pdata[1]);
+ aid.hash_algorithm = pdata[0];
+ aid.sign_algorithm = pdata[1];
+
+ sign_algo = _gnutls_tls_aid_to_sign(&aid);
if (sign_algo == GNUTLS_PK_UNKNOWN)
{
gnutls_assert();
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 9ce38a6..7026026 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -237,11 +237,11 @@ proc_dhe_server_kx (gnutls_session_t session, opaque *
data,
aid.hash_algorithm = *sigdata++;
DECR_LEN(data_size, 1);
aid.sign_algorithm = *sigdata++;
- sign_algo = _gnutls_tls_aid_to_sign (aid);
+ sign_algo = _gnutls_tls_aid_to_sign (&aid);
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
{
gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
}
}
DECR_LEN (data_size, 2);
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index fec09df..cd12fc7 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -34,78 +34,6 @@
#include <gnutls_num.h>
#include <gnutls_algorithms.h>
-int _gnutls_sign_algorithm_pk2num (gnutls_pk_algorithm_t pk)
-{
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- return 1;
- case GNUTLS_PK_DSA:
- return 2;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-}
-
-int _gnutls_sign_algorithm_hash2num (gnutls_digest_algorithm_t hash)
-{
- switch (hash)
- {
- case GNUTLS_DIG_MD5:
- return 1;
- case GNUTLS_DIG_SHA1:
- return 2;
- case GNUTLS_DIG_SHA224:
- return 3;
- case GNUTLS_DIG_SHA256:
- return 4;
- case GNUTLS_DIG_SHA384:
- return 5;
- case GNUTLS_DIG_SHA512:
- return 6;
- default:
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-}
-
-gnutls_sign_algorithm_t
-_gnutls_sign_algorithm_num2sig (int hash, int sig)
-{
- if (sig == 1) /* rsa */
- {
- switch (hash)
- {
- case 2: /* sha1 */
- return GNUTLS_SIGN_RSA_SHA1;
- case 3:
- return GNUTLS_SIGN_RSA_SHA224;
- case 4:
- return GNUTLS_SIGN_RSA_SHA256;
- case 5:
- return GNUTLS_SIGN_RSA_SHA384;
- case 6:
- return GNUTLS_SIGN_RSA_SHA512;
- default:
- return GNUTLS_SIGN_UNKNOWN;
- }
- }
-
- if (sig == 2) /* DSA */
- {
- switch (hash)
- {
- case 2: /* sha1 */
- return GNUTLS_SIGN_DSA_SHA1;
- default:
- return GNUTLS_SIGN_UNKNOWN;
- }
- }
-
- return GNUTLS_SIGN_UNKNOWN;
-}
-
/* generates a SignatureAndHashAlgorithm structure with length as prefix
* by using the setup priorities.
*/
@@ -113,7 +41,8 @@ int _gnutls_sign_algorithm_write_params(gnutls_session_t
session, opaque *data,
{
opaque* p = data;
int len, i ,j;
-int ret, hash, pk;
+int ret;
+sign_algorithm_st aid;
len = session->internals.priorities.sign_algo.algorithms * 2;
if (max_data_size < len + 2)
@@ -127,40 +56,10 @@ int ret, hash, pk;
for (i = j = 0; i < len; i += 2, j++)
{
- hash =
- _gnutls_sign_get_hash_algorithm (session->
- internals.priorities.
- sign_algo.priority[j]);
- if (hash == GNUTLS_DIG_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- pk =
- _gnutls_sign_get_pk_algorithm (session->internals.priorities.
- sign_algo.priority[j]);
- if (pk == GNUTLS_PK_UNKNOWN)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
- ret = _gnutls_sign_algorithm_hash2num (hash);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- *p = ret;
+ aid =
_gnutls_sign_to_tls_aid(session->internals.priorities.sign_algo.priority[j]);
+ *p = aid.hash_algorithm;
p++;
-
- ret = _gnutls_sign_algorithm_pk2num (pk);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- *p = ret;
+ *p = aid.sign_algorithm;
p++;
}
@@ -180,7 +79,12 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t
session, const opaque * data
for (i = 0; i < data_size; i += 2)
{
- sig = _gnutls_sign_algorithm_num2sig (data[i], data[i + 1]);
+ sign_algorithm_st aid;
+
+ aid.hash_algorithm = data[i];
+ aid.sign_algorithm = data[i+1];
+
+ sig = _gnutls_tls_aid_to_sign(&aid);
if (sig != GNUTLS_SIGN_UNKNOWN)
{
session->security_parameters.extensions.sign_algorithms[session->
@@ -260,7 +164,6 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t
session,
if (session->security_parameters.entity == GNUTLS_CLIENT
&& _gnutls_version_has_selectable_sighash (ver))
{
-
if (session->internals.priorities.sign_algo.algorithms > 0)
{
ret = _gnutls_sign_algorithm_write_params(session, data, data_size);
@@ -269,6 +172,7 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t
session,
gnutls_assert();
return ret;
}
+ return ret;
}
}
diff --git a/lib/ext_signature.h b/lib/ext_signature.h
index f3fb53f..3255960 100644
--- a/lib/ext_signature.h
+++ b/lib/ext_signature.h
@@ -33,8 +33,5 @@ int _gnutls_session_sign_algo_requested (gnutls_session_t
session,
gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t
session, gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t *hash);
int _gnutls_sign_algorithm_parse_data(gnutls_session_t session, const opaque*
data, size_t data_size);
int _gnutls_sign_algorithm_write_params(gnutls_session_t session, opaque
*data, size_t max_data_size);
-int _gnutls_sign_algorithm_pk2num (gnutls_pk_algorithm_t pk);
-int _gnutls_sign_algorithm_hash2num (gnutls_digest_algorithm_t hash);
-gnutls_sign_algorithm_t _gnutls_sign_algorithm_num2sig (int hash, int sig);
int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
gnutls_sign_algorithm_t sig);
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 873648e..8b04524 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -2021,12 +2021,12 @@ _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t
sign)
}
gnutls_sign_algorithm_t
-_gnutls_tls_aid_to_sign (sign_algorithm_st aid)
+_gnutls_tls_aid_to_sign (const sign_algorithm_st *aid)
{
gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
- GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid.hash_algorithm
- && p->aid.sign_algorithm == aid.sign_algorithm)
+ GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid->hash_algorithm
+ && p->aid.sign_algorithm == aid->sign_algorithm)
{
ret = p->id;
break;
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 8736dc8..a64e592 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -106,7 +106,7 @@ gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign
(gnutls_pk_algorithm_t pk,
gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
gnutls_mac_algorithm_t mac);
-gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (sign_algorithm_st aid);
+gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st* aid);
sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
gnutls_mac_algorithm_t _gnutls_sign_get_hash_algorithm
(gnutls_sign_algorithm_t);
gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5f07164..a097bea 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -282,7 +282,7 @@ typedef struct
typedef struct
{
uint8_t hash_algorithm;
- uint8_t sign_algorithm;
+ uint8_t sign_algorithm; /* pk algorithm actually */
} sign_algorithm_st;
/* This structure holds parameters got from TLS extension
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 115bf17..5e88241 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -643,7 +643,7 @@ static int _gnutls_handshake_sign_cert_vrfy12
(gnutls_session_t session,
}
}
- _gnutls_x509_log("sign hash data: picked %s with %s\n",
gnutls_sign_algorithm_get_name(sign_algo), gnutls_mac_get_name(hash_algo));
+ _gnutls_x509_log("sign handshake cert vrfy: picked %s with %s\n",
gnutls_sign_algorithm_get_name(sign_algo), gnutls_mac_get_name(hash_algo));
ret =
_gnutls_hash_copy (&td, handshake_td);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_7-38-g869caab,
Nikos Mavrogiannopoulos <=