[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-256-gdbcaf6c
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-256-gdbcaf6c |
|
Date: |
Mon, 28 Feb 2011 16:31:32 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=dbcaf6c456bf30a9a078177304ffd9ab73d63467
The branch, master has been updated
via dbcaf6c456bf30a9a078177304ffd9ab73d63467 (commit)
via d4e5ced875ea07d7542bbceba1ea3636849f9b83 (commit)
from b51795bdfe20e8e90ef4dbbc4f46d593adfbf05f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dbcaf6c456bf30a9a078177304ffd9ab73d63467
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 28 17:23:24 2011 +0100
updates on -ALL priorities.
commit d4e5ced875ea07d7542bbceba1ea3636849f9b83
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Feb 28 17:29:56 2011 +0100
Restrict the signature algorithms we advertize to SHA1 and SHA256.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 6 +++---
lib/ext_signature.c | 9 ++++++++-
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index f260a90..192799f 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -425,8 +425,8 @@ Individual algorithms:
@item Ciphers:
AES-128-CBC, AES-256-CBC, AES-128-GCM, CAMELLIA-128-CBC,
CAMELLIA-256-CBC, ARCFOUR-128, 3DES-CBC ARCFOUR-40. Catch all
-name is CIPHER-ALL which will add all the non-weak algorithms, i.e.
-all except ARCFOUR-40.
+name is CIPHER-ALL which will add all the algorithms from NORMAL
+priority.
@item Key exchange:
RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS,
@@ -435,7 +435,7 @@ key exchange methods do not have a catch all.
@item MAC:
MD5, SHA1, SHA256, AEAD (used with
-GCM ciphers only). Catch all is MAC-ALL.
+GCM ciphers only). All algorithms from NORMAL priority can be accessed with
MAC-ALL.
@item Compression algorithms:
COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL.
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index 3517829..a6a456d 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -73,7 +73,7 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t
session, opaque * data,
size_t max_data_size)
{
opaque *p = data, *len_p;
- int len, i, j;
+ int len, i, j, hash;
const sign_algorithm_st *aid;
if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) +
2)
@@ -89,6 +89,13 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t
session, opaque * data,
for (i = j = 0; j < session->internals.priorities.sign_algo.algorithms; i +=
2, j++)
{
+ /* In gnutls we keep a state of SHA1 and SHA256 and thus cannot
+ * use anything else.
+ */
+ hash =
_gnutls_sign_get_hash_algorithm(session->internals.priorities.sign_algo.priority[j]);
+ if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA256)
+ continue;
+
aid =
_gnutls_sign_to_tls_aid (session->internals.priorities.
sign_algo.priority[j]);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-256-gdbcaf6c,
Nikos Mavrogiannopoulos <=