[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-102-g8f17
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-102-g8f177e5 |
|
Date: |
Fri, 18 Feb 2011 10:57:38 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8f177e5e8fc4ea89d3611be2a70832147dba5e82
The branch, gnutls_2_12_x has been updated
via 8f177e5e8fc4ea89d3611be2a70832147dba5e82 (commit)
from 2d3c1568f4440d5b83c47b05bfbf0064643aa50b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8f177e5e8fc4ea89d3611be2a70832147dba5e82
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Feb 18 11:57:29 2011 +0100
DSA keys in TLS 1.x, x<2 and SSL 3.0 use SHA-1 as hash. That is we reverted
to previous gnutls behavior. That violates DSS but all implementations handle
it like that.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_sig.c | 20 +++++++++++++-------
1 files changed, 13 insertions(+), 7 deletions(-)
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 63a209c..5b07e47 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -56,7 +56,8 @@ sign_tls_hash (gnutls_session_t session,
gnutls_digest_algorithm_t hash_algo,
#define MAX_SIG_SIZE 19 + MAX_HASH_SIZE
static int
-get_hash_algo(gnutls_session_t session, gnutls_cert* cert,
+get_hash_algo(gnutls_session_t session, int version,
+ gnutls_cert* cert,
gnutls_sign_algorithm_t sign_algo,
gnutls_digest_algorithm_t *hash_algo)
{
@@ -64,11 +65,16 @@ int ret;
if (cert->subject_pk_algorithm == GNUTLS_PK_DSA)
{ /* override */
- *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
+ if (!_gnutls_version_has_selectable_sighash (version))
+ *hash_algo = GNUTLS_DIG_SHA1;
+ else
+ {
+ *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
- ret = _gnutls_session_sign_algo_requested(session,
_gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
- if (ret < 0)
- return gnutls_assert_val(ret);
+ ret = _gnutls_session_sign_algo_requested(session,
_gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+ }
}
else
{
@@ -105,7 +111,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
- ret = get_hash_algo(session, cert, *sign_algo, &hash_algo);
+ ret = get_hash_algo(session, ver, cert, *sign_algo, &hash_algo);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -384,7 +390,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_cert * cert,
_gnutls_hash (&td_md5, params->data, params->size);
}
- ret = get_hash_algo(session, cert, algo, &hash_algo);
+ ret = get_hash_algo(session, ver, cert, algo, &hash_algo);
if (ret < 0)
return gnutls_assert_val(ret);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-102-g8f177e5,
Nikos Mavrogiannopoulos <=