[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-332-gbdf5109
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-332-gbdf5109 |
|
Date: |
Wed, 23 Mar 2011 04:38:46 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=bdf510923f25dc54efa66ef0119d551ec45f3845
The branch, master has been updated
via bdf510923f25dc54efa66ef0119d551ec45f3845 (commit)
via 21d8944970500cefe67c9a322c301a051b72eaee (commit)
from fa7a018c397730dde19fc4fe2b621953e1c6a0fb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bdf510923f25dc54efa66ef0119d551ec45f3845
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 23 05:38:19 2011 +0100
Increased GNUTLS_MAX_ALGORITHM_NUM to 32. The gnutls_*_list() functions
generate the list of algorithm on the spot and no longer require a static
duplicate list of algorithms. This comes at a cost of not being thread safe
(which is not significant since those functions are only used for special
purposes).
commit 21d8944970500cefe67c9a322c301a051b72eaee
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Mar 21 18:38:10 2011 +0100
corrected parameter.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_algorithms.c | 169 ++++++++++++++++++---------------------
lib/gnutls_int.h | 4 +-
lib/gnutls_privkey.c | 2 +-
lib/includes/gnutls/gnutls.h.in | 2 +-
4 files changed, 82 insertions(+), 95 deletions(-)
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 797e209..fff8a12 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -149,16 +149,6 @@ static const gnutls_version_entry sup_versions[] = {
{0, 0, 0, 0, 0}
};
-/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_protocol_t supported_protocols[] = {
- GNUTLS_SSL3,
- GNUTLS_TLS1,
- GNUTLS_TLS1_1,
- GNUTLS_TLS1_2,
- GNUTLS_DTLS1_0,
- 0
-};
-
#define GNUTLS_VERSION_LOOP(b) \
const gnutls_version_entry *p; \
for(p = sup_versions; p->name != NULL; p++) { b ; }
@@ -224,29 +214,12 @@ static const gnutls_cipher_entry algorithms[] = {
{0, 0, 0, 0, 0, 0, 0}
};
-/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_cipher_algorithm_t supported_ciphers[] = {
- GNUTLS_CIPHER_AES_256_CBC,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_3DES_CBC,
- GNUTLS_CIPHER_DES_CBC,
- GNUTLS_CIPHER_ARCFOUR_128,
- GNUTLS_CIPHER_ARCFOUR_40,
- GNUTLS_CIPHER_RC2_40_CBC,
-#ifdef ENABLE_CAMELLIA
- GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
-#endif
- GNUTLS_CIPHER_NULL,
- 0
-};
-
-#define GNUTLS_LOOP(b) \
+#define GNUTLS_CIPHER_LOOP(b) \
const gnutls_cipher_entry *p; \
for(p = algorithms; p->name != NULL; p++) { b ; }
#define GNUTLS_ALG_LOOP(a) \
- GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
+ GNUTLS_CIPHER_LOOP( if(p->id == algorithm) { a; break;
} )
struct gnutls_hash_entry
@@ -272,18 +245,6 @@ static const gnutls_hash_entry hash_algorithms[] = {
{0, 0, 0, 0}
};
-/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_mac_algorithm_t supported_macs[] = {
- GNUTLS_MAC_SHA1,
- GNUTLS_MAC_MD5,
- GNUTLS_MAC_SHA256,
- GNUTLS_MAC_SHA384,
- GNUTLS_MAC_SHA512,
- GNUTLS_MAC_MD2,
- GNUTLS_MAC_RMD160,
- GNUTLS_MAC_NULL,
- 0
-};
#define GNUTLS_HASH_LOOP(b) \
const gnutls_hash_entry *p; \
@@ -339,27 +300,6 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[]
= {
{0, 0, 0, 0, 0}
};
-/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_kx_algorithm_t supported_kxs[] = {
-#ifdef ENABLE_ANON
- GNUTLS_KX_ANON_DH,
-#endif
- GNUTLS_KX_RSA,
- GNUTLS_KX_RSA_EXPORT,
- GNUTLS_KX_DHE_RSA,
- GNUTLS_KX_DHE_DSS,
-#ifdef ENABLE_SRP
- GNUTLS_KX_SRP_DSS,
- GNUTLS_KX_SRP_RSA,
- GNUTLS_KX_SRP,
-#endif
-#ifdef ENABLE_PSK
- GNUTLS_KX_PSK,
- GNUTLS_KX_DHE_PSK,
-#endif
- 0
-};
-
#define GNUTLS_KX_LOOP(b) \
const gnutls_kx_algo_entry *p; \
for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
@@ -918,12 +858,24 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
* example, MD2 is not supported as a cipher suite, but is supported
* for other purposes (e.g., X.509 signature verification or similar).
*
+ * This function is not thread safe.
+ *
* Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
* integers indicating the available MACs.
**/
const gnutls_mac_algorithm_t *
gnutls_mac_list (void)
{
+static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 };
+
+ if (supported_macs[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_HASH_LOOP ( supported_macs[i++]=p->id);
+ supported_macs[i++]=0;
+ }
+
return supported_macs;
}
@@ -1092,7 +1044,7 @@ gnutls_cipher_get_id (const char *name)
{
gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
- GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
+ GNUTLS_CIPHER_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
return ret;
}
@@ -1105,6 +1057,8 @@ gnutls_cipher_get_id (const char *name)
* example, DES is not supported as a cipher suite, but is supported
* for other purposes (e.g., PKCS#8 or similar).
*
+ * This function is not thread safe.
+ *
* Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
* integers indicating the available ciphers.
*
@@ -1112,6 +1066,16 @@ gnutls_cipher_get_id (const char *name)
const gnutls_cipher_algorithm_t *
gnutls_cipher_list (void)
{
+static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0};
+
+ if (supported_ciphers[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_CIPHER_LOOP (supported_ciphers[i++]=p->id);
+ supported_ciphers[i++]=0;
+ }
+
return supported_ciphers;
}
@@ -1196,12 +1160,24 @@ gnutls_kx_get_id (const char *name)
*
* Get a list of supported key exchange algorithms.
*
+ * This function is not thread safe.
+ *
* Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
* indicating the available key exchange algorithms.
**/
const gnutls_kx_algorithm_t *
gnutls_kx_list (void)
{
+static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = {0};
+
+ if (supported_kxs[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_KX_LOOP (supported_kxs[i++]=p->algorithm);
+ supported_kxs[i++]=0;
+ }
+
return supported_kxs;
}
@@ -1332,6 +1308,8 @@ gnutls_protocol_get_id (const char *name)
*
* Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
*
+ * This function is not threat safe.
+ *
* Returns: a zero-terminated list of #gnutls_protocol_t integers
* indicating the available protocols.
*
@@ -1339,6 +1317,16 @@ gnutls_protocol_get_id (const char *name)
const gnutls_protocol_t *
gnutls_protocol_list (void)
{
+static gnutls_protocol_t supported_protocols[MAX_ALGOS] = {0};
+
+ if (supported_protocols[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_VERSION_LOOP (supported_protocols[i++]=p->id);
+ supported_protocols[i++]=0;
+ }
+
return supported_protocols;
}
@@ -2011,22 +1999,6 @@ static const gnutls_sign_entry sign_algorithms[] = {
{0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
};
-/* Keep the contents of this struct the same as the previous one. */
-static const gnutls_sign_algorithm_t supported_sign[] = {
- GNUTLS_SIGN_RSA_SHA1,
- GNUTLS_SIGN_RSA_SHA224,
- GNUTLS_SIGN_RSA_SHA256,
- GNUTLS_SIGN_RSA_SHA384,
- GNUTLS_SIGN_RSA_SHA512,
- GNUTLS_SIGN_RSA_RMD160,
- GNUTLS_SIGN_DSA_SHA1,
- GNUTLS_SIGN_DSA_SHA224,
- GNUTLS_SIGN_DSA_SHA256,
- GNUTLS_SIGN_RSA_MD5,
- GNUTLS_SIGN_RSA_MD2,
- 0
-};
-
#define GNUTLS_SIGN_LOOP(b) \
do { \
const gnutls_sign_entry *p; \
@@ -2068,6 +2040,16 @@ gnutls_sign_get_name (gnutls_sign_algorithm_t sign)
const gnutls_sign_algorithm_t *
gnutls_sign_list (void)
{
+static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0};
+
+ if (supported_sign[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_SIGN_LOOP (supported_sign[i++]=p->id);
+ supported_sign[i++]=0;
+ }
+
return supported_sign;
}
@@ -2219,6 +2201,11 @@ static const gnutls_pk_entry pk_algorithms[] = {
{0, 0, 0}
};
+#define GNUTLS_PK_LOOP(b) \
+ { const gnutls_pk_entry *p; \
+ for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
+
+
/**
* gnutls_pk_algorithm_get_name:
* @algorithm: is a pk algorithm
@@ -2232,14 +2219,14 @@ const char *
gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
{
const char *ret = NULL;
- const gnutls_pk_entry *p;
- for (p = pk_algorithms; p->name != NULL; p++)
+ GNUTLS_PK_LOOP(
if (p->id == algorithm)
{
ret = p->name;
break;
}
+ );
return ret;
}
@@ -2249,6 +2236,8 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t
algorithm)
*
* Get a list of supported public key algorithms.
*
+ * This function is not thread safe.
+ *
* Returns: a zero-terminated list of #gnutls_pk_algorithm_t integers
* indicating the available ciphers.
*
@@ -2257,15 +2246,15 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t
algorithm)
const gnutls_pk_algorithm_t *
gnutls_pk_list (void)
{
- static const gnutls_pk_algorithm_t supported_pks[] = {
- GNUTLS_PK_RSA,
- GNUTLS_PK_DSA,
- /* GNUTLS_PK_DH is not returned because it is not
- * a real public key algorithm. I.e. cannot be used
- * as a public key algorithm of a certificate.
- */
- 0
- };
+static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0};
+
+ if (supported_pks[0] == 0)
+ {
+ int i = 0;
+
+ GNUTLS_PK_LOOP (if (p->id != GNUTLS_PK_UNKNOWN &&
supported_pks[i>0?(i-1):0]!=p->id) supported_pks[i++]=p->id);
+ supported_pks[i++]=0;
+ }
return supported_pks;
}
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 4884888..c44b9ca 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -208,9 +208,7 @@ typedef enum handshake_state_t
/* This is the maximum number of algorithms (ciphers or macs etc).
* keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h
*/
-#define MAX_ALGOS 16
-
-#define MAX_CIPHERSUITES 256
+#define MAX_ALGOS GNUTLS_MAX_ALGORITHM_NUM
typedef enum extensions_t
{
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 8c23048..0ee2911 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -423,7 +423,7 @@ gnutls_openpgp_keyid_t keyid;
/**
* gnutls_privkey_sign_data2:
* @signer: Holds the key
- * @digest: should be a digest algorithm
+ * @hash: should be a digest algorithm
* @flags: should be 0 for now
* @data: holds the data to be signed
* @signature: will contain the signature allocate with gnutls_malloc()
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index dfcf92a..aa49070 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -255,7 +255,7 @@ extern "C"
/* exported for other gnutls headers. This is the maximum number of
* algorithms (ciphers, kx or macs).
*/
-#define GNUTLS_MAX_ALGORITHM_NUM 16
+#define GNUTLS_MAX_ALGORITHM_NUM 32
/**
* gnutls_compression_method_t:
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-332-gbdf5109,
Nikos Mavrogiannopoulos <=