[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-13-ge0b1124
|
From: |
Daiki Ueno |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-13-ge0b1124 |
|
Date: |
Wed, 30 Sep 2009 01:39:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e0b1124f72e3d5210000b3f677b401d8b2654ea4
The branch, master has been updated
via e0b1124f72e3d5210000b3f677b401d8b2654ea4 (commit)
from 4b48a9e8e28bbd468b48ed5cb95ba0cce7508be6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e0b1124f72e3d5210000b3f677b401d8b2654ea4
Author: Daiki Ueno <address@hidden>
Date: Wed Sep 30 10:30:13 2009 +0900
Fix server-side TLS 1.2 support.
-----------------------------------------------------------------------
Summary of changes:
lib/auth_cert.c | 6 +++---
lib/auth_dhe.c | 23 +++++++++++++++++++++--
lib/auth_rsa_export.c | 4 +++-
lib/auth_srp_rsa.c | 4 +++-
lib/gnutls_sig.c | 16 +++++++++++++++-
lib/gnutls_sig.h | 3 ++-
6 files changed, 47 insertions(+), 9 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 3afc0fe..d35f359 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1525,7 +1525,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session, opaque ** data)
if (_gnutls_version_has_selectable_sighash(ver))
/* Need at least one byte to announce the number of supported hash
functions (see below). */
- size += 1;
+ size += 2;
(*data) = gnutls_malloc (size);
pdata = (*data);
@@ -1545,8 +1545,8 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session, opaque ** data)
if (_gnutls_version_has_selectable_sighash(ver))
{
/* Supported hashes (nothing for now -- FIXME). */
- *pdata = 0;
- pdata++;
+ _gnutls_write_uint16 (0, pdata);
+ pdata += 2;
}
if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index e582b1e..f36afa0 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -91,6 +91,8 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data)
gnutls_datum_t signature, ddata;
gnutls_certificate_credentials_t cred;
gnutls_dh_params_t dh_params;
+ gnutls_sign_algorithm_t sign_algo;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
@@ -147,7 +149,8 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data)
{
if ((ret =
_gnutls_tls_sign_params (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature)) < 0)
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
{
gnutls_assert ();
gnutls_free (*data);
@@ -160,7 +163,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data)
return data_size; /* do not put a signature - ILLEGAL! */
}
- *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
+ *data = gnutls_realloc_fast (*data, data_size + signature.size + 4);
if (*data == NULL)
{
_gnutls_free_datum (&signature);
@@ -168,6 +171,22 @@ gen_dhe_server_kx (gnutls_session_t session, opaque **
data)
return GNUTLS_E_MEMORY_ERROR;
}
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ sign_algorithm_st aid;
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ _gnutls_free_datum (&signature);
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ aid = _gnutls_sign_to_tls_aid (sign_algo);
+ (*data)[data_size++] = aid.hash_algorithm;
+ (*data)[data_size++] = aid.sign_algorithm;
+ }
+
_gnutls_write_datum16 (&(*data)[data_size], signature);
data_size += signature.size + 2;
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 638395b..14a9fba 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -77,6 +77,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque **
data)
int apr_cert_list_length;
gnutls_datum_t signature, ddata;
gnutls_certificate_credentials_t cred;
+ gnutls_sign_algorithm_t sign_algo;
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
@@ -154,7 +155,8 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque
** data)
{
if ((ret =
_gnutls_tls_sign_params (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature)) < 0)
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
{
gnutls_assert ();
gnutls_free (*data);
diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c
index 1689ce2..051e1c1 100644
--- a/lib/auth_srp_rsa.c
+++ b/lib/auth_srp_rsa.c
@@ -87,6 +87,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque **
data)
gnutls_cert *apr_cert_list;
gnutls_privkey *apr_pkey;
int apr_cert_list_length;
+ gnutls_sign_algorithm_t sign_algo;
ret = _gnutls_gen_srp_server_kx (session, data);
@@ -116,7 +117,8 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque **
data)
if ((ret =
_gnutls_tls_sign_params (session, &apr_cert_list[0],
- apr_pkey, &ddata, &signature)) < 0)
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
{
gnutls_assert ();
gnutls_free (*data);
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index c4c6900..b4c6884 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -203,7 +203,8 @@ _gnutls_tls_sign_hdata (gnutls_session_t session,
int
_gnutls_tls_sign_params (gnutls_session_t session, gnutls_cert * cert,
gnutls_privkey * pkey, gnutls_datum_t * params,
- gnutls_datum_t * signature)
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * sign_algo)
{
gnutls_datum_t dconcat;
int ret;
@@ -211,6 +212,19 @@ _gnutls_tls_sign_params (gnutls_session_t session,
gnutls_cert * cert,
opaque concat[MAX_SIG_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
gnutls_mac_algorithm_t mac_algo = GNUTLS_MAC_SHA1;
+ gnutls_sign_algorithm_t _sign_algo = GNUTLS_SIGN_UNKNOWN;
+
+ if (_gnutls_version_has_selectable_prf (ver))
+ {
+ _sign_algo = _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm,
+ mac_algo);
+ if (_sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+ }
+ *sign_algo = _sign_algo;
ret = _gnutls_hash_init (&td_sha, mac_algo);
if (ret < 0)
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index 81890c4..c338869 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -34,7 +34,8 @@ int _gnutls_tls_sign_params (gnutls_session_t session,
gnutls_cert * cert,
gnutls_privkey * pkey,
gnutls_datum_t * params,
- gnutls_datum_t * signature);
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * algo);
int _gnutls_verify_sig_hdata (gnutls_session_t session,
gnutls_cert * cert, gnutls_datum_t * signature);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-13-ge0b1124,
Daiki Ueno <=