[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-233-g22bded7
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-233-g22bded7 |
|
Date: |
Fri, 18 Jun 2010 21:45:37 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=22bded73740de1f53b4053eb7d56b961a7535d3b
The branch, master has been updated
via 22bded73740de1f53b4053eb7d56b961a7535d3b (commit)
via 59e2ebfae8c973f62272ed22c6bf52aa28913910 (commit)
from 664098d0bf95dd1990fe2a9a16052634be64c3e8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 22bded73740de1f53b4053eb7d56b961a7535d3b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 18 23:39:02 2010 +0200
documented some of the changes
commit 59e2ebfae8c973f62272ed22c6bf52aa28913910
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jun 18 23:33:37 2010 +0200
Greatly simplified the internal hash/hmac and cipher functions.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 +++
lib/gnutls_cipher_int.c | 83 ++++++++++-------------------
lib/gnutls_cipher_int.h | 18 +++----
lib/gnutls_hash_int.c | 136 ++++++++++++++++++-----------------------------
lib/gnutls_hash_int.h | 22 ++++----
5 files changed, 108 insertions(+), 160 deletions(-)
diff --git a/NEWS b/NEWS
index 5213f18..3f64b40 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,15 @@ See the end for copying conditions.
* Version 2.11.0 (unreleased)
+** libgnutls: Added support for DSA signing/verifying with bit
+length over 1024.
+
+** libgnutls-extra: When in FIPS mode gnutls_global_init_extra()
+has to be called to register any required md5 handlers.
+
+** libgnutls: Internal buffering code was replaced by simpler
+code contributed by Jonathan Bastien-Filiatrault.
+
** libgnutls: Internal API for extensions augmented to allow
safe storing and loading of data on resumption. OPRFI extension
was removed.
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 81725bc..4a830b8 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -47,102 +47,77 @@ _gnutls_cipher_init (cipher_hd_st * handle,
gnutls_cipher_algorithm_t cipher,
cc = _gnutls_get_crypto_cipher (cipher);
if (cc != NULL)
{
- handle->registered = 1;
- handle->hd.rh.cc = cc;
- SR (cc->init (cipher, &handle->hd.rh.ctx), cc_cleanup);
- SR (cc->setkey (handle->hd.rh.ctx, key->data, key->size), cc_cleanup);
+ SR (cc->init (cipher, &handle->handle), cc_cleanup);
+ SR (cc->setkey (handle->handle, key->data, key->size), cc_cleanup);
+
+ handle->encrypt = cc->encrypt;
+ handle->decrypt = cc->decrypt;
+ handle->deinit = cc->deinit;
+
if (iv && iv->data && iv->size && cc->setiv)
- SR (cc->setiv (handle->hd.rh.ctx, iv->data, iv->size), cc_cleanup);
+ SR (cc->setiv (handle->handle, iv->data, iv->size), cc_cleanup);
return 0;
}
- handle->registered = 0;
-
/* otherwise use generic cipher interface
*/
- ret = _gnutls_cipher_ops.init (cipher, &handle->hd.gc);
+ ret = _gnutls_cipher_ops.init (cipher, &handle->handle);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- ret = _gnutls_cipher_ops.setkey (handle->hd.gc, key->data, key->size);
+ ret = _gnutls_cipher_ops.setkey (handle->handle, key->data, key->size);
if (ret < 0)
{
- _gnutls_cipher_ops.deinit (handle->hd.gc);
+ _gnutls_cipher_ops.deinit (handle->handle);
gnutls_assert ();
return ret;
}
+ handle->encrypt = _gnutls_cipher_ops.encrypt;
+ handle->decrypt = _gnutls_cipher_ops.decrypt;
+ handle->deinit = _gnutls_cipher_ops.deinit;
+
if (iv && iv->data != NULL && iv->size > 0)
- _gnutls_cipher_ops.setiv (handle->hd.gc, iv->data, iv->size);
+ _gnutls_cipher_ops.setiv (handle->handle, iv->data, iv->size);
return 0;
cc_cleanup:
- if (handle->hd.rh.cc)
- cc->deinit (handle->hd.rh.ctx);
+ if (handle->handle)
+ cc->deinit (handle->handle);
return ret;
}
-int
-_gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen)
+int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int
textlen)
{
- if (handle != NULL)
+ if (handle != NULL && handle->handle != NULL)
{
- if (handle->registered)
- {
- if (handle->hd.rh.ctx == NULL)
- return 0;
- return handle->hd.rh.cc->encrypt (handle->hd.rh.ctx, text, textlen,
- text, textlen);
- }
-
- if (handle->hd.gc == NULL)
- return 0;
- return _gnutls_cipher_ops.encrypt (handle->hd.gc, text, textlen, text,
- textlen);
+ return handle->encrypt(handle->handle, text, textlen, text, textlen);
}
return 0;
}
-int
-_gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
+int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
int ciphertextlen)
{
- if (handle != NULL)
+ if (handle != NULL && handle->handle != NULL)
{
- if (handle->registered)
- {
- if (handle->hd.rh.ctx == NULL)
- return 0;
- return handle->hd.rh.cc->decrypt (handle->hd.rh.ctx, ciphertext,
- ciphertextlen, ciphertext,
- ciphertextlen);
- }
-
- if (handle->hd.gc == NULL)
- return 0;
- return _gnutls_cipher_ops.decrypt (handle->hd.gc, ciphertext,
- ciphertextlen, ciphertext,
- ciphertextlen);
+ return handle->decrypt(handle->handle, ciphertext, ciphertextlen,
+ ciphertext, ciphertextlen);
}
return 0;
}
-void
-_gnutls_cipher_deinit (cipher_hd_st * handle)
+void _gnutls_cipher_deinit (cipher_hd_st * handle)
{
- if (handle != NULL)
+ if (handle != NULL && handle->handle != NULL)
{
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
- return;
- }
- _gnutls_cipher_ops.deinit (handle->hd.gc);
+ handle->deinit(handle->handle);
+ handle->handle = NULL;
}
}
diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h
index fe8efa8..81950f1 100644
--- a/lib/gnutls_cipher_int.h
+++ b/lib/gnutls_cipher_int.h
@@ -31,20 +31,16 @@
extern int crypto_cipher_prio;
extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
-typedef struct
-{
- const gnutls_crypto_single_cipher_st *cc;
- void *ctx;
-} reg_hd;
+typedef int (*cipher_encrypt_func)(void* hd, const void* plaintext, size_t,
void* ciphertext, size_t);
+typedef int (*cipher_decrypt_func)(void* hd, const void* ciphertext, size_t,
void* plaintext, size_t);
+typedef void (*cipher_deinit_func)(void* hd);
typedef struct
{
- int registered; /* true or false(0) */
- union
- {
- void *gc; /* when not registered */
- reg_hd rh; /* when registered */
- } hd;
+ void* handle;
+ cipher_encrypt_func encrypt;
+ cipher_decrypt_func decrypt;
+ cipher_deinit_func deinit;
} cipher_hd_st;
int _gnutls_cipher_init (cipher_hd_st *, gnutls_cipher_algorithm_t cipher,
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index a2cd0e4..17affd5 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -71,26 +71,33 @@ _gnutls_hash_init (digest_hd_st * dig,
gnutls_digest_algorithm_t algorithm)
cc = _gnutls_get_crypto_digest (algorithm);
if (cc != NULL)
{
- dig->registered = 1;
- dig->hd.rh.cc = cc;
- if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ if (cc->init (algorithm, &dig->handle) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
dig->active = 1;
+
+ dig->hash = cc->hash;
+ dig->copy = cc->copy;
+ dig->output = cc->output;
+ dig->deinit = cc->deinit;
+
return 0;
}
- dig->registered = 0;
-
- result = _gnutls_digest_ops.init (algorithm, &dig->hd.gc);
+ result = _gnutls_digest_ops.init (algorithm, &dig->handle);
if (result < 0)
{
gnutls_assert ();
return result;
}
+ dig->hash = _gnutls_digest_ops.hash;
+ dig->copy = _gnutls_digest_ops.copy;
+ dig->output = _gnutls_digest_ops.output;
+ dig->deinit = _gnutls_digest_ops.deinit;
+
dig->active = 1;
return 0;
}
@@ -108,11 +115,7 @@ _gnutls_hash (digest_hd_st * handle, const void *text,
size_t textlen)
{
if (textlen > 0)
{
- if (handle->registered)
- {
- return handle->hd.rh.cc->hash (handle->hd.rh.ctx, text, textlen);
- }
- return _gnutls_digest_ops.hash (handle->hd.gc, text, textlen);
+ handle->hash(handle->handle, text, textlen);
}
return 0;
}
@@ -120,27 +123,17 @@ _gnutls_hash (digest_hd_st * handle, const void *text,
size_t textlen)
int
_gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
{
- int result;
memset (dst, 0, sizeof (*dst));
dst->algorithm = src->algorithm;
- dst->registered = src->registered;
dst->active = 1;
- if (src->registered)
- {
- dst->hd.rh.cc = src->hd.rh.cc;
- return src->hd.rh.cc->copy (&dst->hd.rh.ctx, src->hd.rh.ctx);
- }
-
- result = _gnutls_digest_ops.copy (&dst->hd.gc, src->hd.gc);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ dst->hash = src->hash;
+ dst->copy = src->copy;
+ dst->output = src->output;
+ dst->deinit = src->deinit;
- return 0;
+ return src->copy(&dst->handle, src->handle);
}
/* when the current output is needed without calling deinit
@@ -152,16 +145,9 @@ _gnutls_hash_output (digest_hd_st * handle, void *digest)
maclen = _gnutls_hash_get_algo_len (handle->algorithm);
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- if (digest != NULL)
- handle->hd.rh.cc->output (handle->hd.rh.ctx, digest, maclen);
- return;
- }
-
if (digest != NULL)
{
- _gnutls_digest_ops.output (handle->hd.gc, digest, maclen);
+ handle->output (handle->handle, digest, maclen);
}
}
@@ -178,13 +164,7 @@ _gnutls_hash_deinit (digest_hd_st * handle, void *digest)
handle->active = 0;
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
- return;
- }
-
- _gnutls_digest_ops.deinit (handle->hd.gc);
+ handle->deinit (handle->handle);
}
int
@@ -264,36 +244,41 @@ _gnutls_hmac_init (digest_hd_st * dig,
gnutls_mac_algorithm_t algorithm,
cc = _gnutls_get_crypto_mac (algorithm);
if (cc != NULL)
{
- dig->registered = 1;
+ if (cc->init (algorithm, &dig->handle) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
- dig->hd.rh.cc = cc;
- if (cc->init (algorithm, &dig->hd.rh.ctx) < 0)
- {
- gnutls_assert ();
- return GNUTLS_E_HASH_FAILED;
- }
+ if (cc->setkey (dig->handle, key, keylen) < 0)
+ {
+ gnutls_assert ();
+ cc->deinit (dig->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
- if (cc->setkey (dig->hd.rh.ctx, key, keylen) < 0)
- {
- gnutls_assert ();
- cc->deinit (dig->hd.rh.ctx);
- return GNUTLS_E_HASH_FAILED;
- }
+ dig->hash = cc->hash;
+ dig->copy = cc->copy;
+ dig->output = cc->output;
+ dig->deinit = cc->deinit;
dig->active = 1;
return 0;
}
- dig->registered = 0;
-
- result = _gnutls_mac_ops.init (algorithm, &dig->hd.gc);
+ result = _gnutls_mac_ops.init (algorithm, &dig->handle);
if (result < 0)
{
gnutls_assert ();
return result;
}
- _gnutls_mac_ops.setkey (dig->hd.gc, key, keylen);
+ _gnutls_mac_ops.setkey (dig->handle, key, keylen);
+
+ dig->hash = _gnutls_mac_ops.hash;
+ dig->copy = _gnutls_mac_ops.copy;
+ dig->output = _gnutls_mac_ops.output;
+ dig->deinit = _gnutls_mac_ops.deinit;
dig->active = 1;
return 0;
@@ -304,11 +289,7 @@ _gnutls_hmac (digest_hd_st * handle, const void *text,
size_t textlen)
{
if (textlen > 0)
{
- if (handle->registered)
- {
- return handle->hd.rh.cc->hash (handle->hd.rh.ctx, text, textlen);
- }
- return _gnutls_mac_ops.hash (handle->hd.gc, text, textlen);
+ return handle->hash(handle->handle, text, textlen);
}
return 0;
}
@@ -320,16 +301,9 @@ _gnutls_hmac_output (digest_hd_st * handle, void *digest)
maclen = _gnutls_hmac_get_algo_len (handle->algorithm);
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- if (digest != NULL)
- handle->hd.rh.cc->output (handle->hd.rh.ctx, digest, maclen);
- return;
- }
-
if (digest != NULL)
{
- _gnutls_mac_ops.output (handle->hd.gc, digest, maclen);
+ handle->output (handle->handle, digest, maclen);
}
}
@@ -345,13 +319,7 @@ _gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
_gnutls_hmac_output (handle, digest);
handle->active = 0;
- if (handle->registered && handle->hd.rh.ctx != NULL)
- {
- handle->hd.rh.cc->deinit (handle->hd.rh.ctx);
- return;
- }
-
- _gnutls_mac_ops.deinit (handle->hd.gc);
+ handle->deinit (handle->handle);
}
inline static int
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index 4466ae0..ef4e949 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -38,24 +38,24 @@ extern gnutls_crypto_mac_st _gnutls_mac_ops;
extern int crypto_digest_prio;
extern gnutls_crypto_digest_st _gnutls_digest_ops;
-typedef struct
-{
- const gnutls_crypto_mac_st *cc;
- void *ctx;
-} digest_reg_hd;
+typedef int (*hash_func)(void* handle, const void* text, size_t size);
+typedef int (*copy_func)(void **dst_ctx, void *src_ctx);
+typedef int (*output_func)(void *src_ctx, void *digest, size_t digestsize);
+typedef void (*deinit_func)(void* handle);
typedef struct
{
- int registered; /* true or false(0) */
- union
- {
- void *gc; /* when not registered */
- digest_reg_hd rh; /* when registered */
- } hd;
gnutls_mac_algorithm_t algorithm;
const void *key;
int keysize;
int active;
+
+ hash_func hash;
+ copy_func copy;
+ output_func output;
+ deinit_func deinit;
+
+ void * handle;
} digest_hd_st;
/* basic functions */
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-233-g22bded7,
Nikos Mavrogiannopoulos <=