[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-49-g272149d
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-49-g272149d |
|
Date: |
Sun, 11 Dec 2011 09:34:47 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=272149db43bd82cbcde5ba366295e9810e5b7701
The branch, master has been updated
via 272149db43bd82cbcde5ba366295e9810e5b7701 (commit)
via 1b813beb75f93f7a43d649e9085f03c4762a62a0 (commit)
via ba1524da92c8569dd1dbe909dc9365ae9b4c8396 (commit)
from 5ade634c5acfacb1db8a56907ba1c5a45c930ed3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 272149db43bd82cbcde5ba366295e9810e5b7701
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Dec 11 10:36:55 2011 +0100
Added gnutls_priority_get_cipher_suite().
This allows listing the ciphersuites enabled in a priority structure.
The certtool -l option was overloaded so if combined with --priority
it will only list the ciphersuites that are enabled by the given
priority string.
commit 1b813beb75f93f7a43d649e9085f03c4762a62a0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Dec 11 10:32:46 2011 +0100
removed unused variables.
commit ba1524da92c8569dd1dbe909dc9365ae9b4c8396
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Dec 10 23:46:00 2011 +0100
Added 192-bit curve in normal priorities.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 +++++-
lib/algorithms/ciphersuites.c | 58 ++++++++++++++++++++++++++++++++++++++-
lib/gnutls_priority.c | 1 +
lib/includes/gnutls/gnutls.h.in | 3 +-
lib/libgnutls.map | 1 +
lib/nettle/ecc_mulmod.c | 3 +-
src/cli-gaa.c | 4 +-
src/cli.gaa | 2 +-
src/common.c | 32 +++++++++++++++++++---
src/common.h | 2 +-
src/serv-gaa.c | 2 +-
src/serv.gaa | 2 +-
12 files changed, 104 insertions(+), 15 deletions(-)
diff --git a/NEWS b/NEWS
index d2d4bf3..ee968ca 100644
--- a/NEWS
+++ b/NEWS
@@ -4,8 +4,15 @@ See the end for copying conditions.
* Version 3.0.9 (unreleased)
+** certtool: -l option was overloaded so if combined with --priority
+it will only list the ciphersuites that are enabled by the given
+priority string.
+
** libgnutls: Added the SECP192R1 curve.
+** libgnutls: Added gnutls_priority_get_cipher_suite() to
+allow listing the ciphersuites enabled in a priority structure.
+
** libgnutls: Optimizations in the elliptic curve code (timing
attacks resistant code is only used in ECDSA private key operations).
@@ -13,7 +20,7 @@ attacks resistant code is only used in ECDSA private key
operations).
now added again in the distribution.
** API and ABI modifications:
-No changes since last version.
+gnutls_priority_get_cipher_suite: Added
* Version 3.0.8 (released 2011-11-12)
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 6fc29df..bdffef7 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -737,7 +737,7 @@ const gnutls_cipher_suite_entry * ce;
**/
const char *
gnutls_cipher_suite_info (size_t idx,
- char *cs_id,
+ unsigned char *cs_id,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
gnutls_mac_algorithm_t * mac,
@@ -821,3 +821,59 @@ _gnutls_supported_ciphersuites (gnutls_session_t session,
return ret_count;
}
+/**
+ * gnutls_priority_get_cipher_suite:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @idx: is an index number
+ * @name: Will point to the ciphersuite name
+ * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
+ *
+ * Provides ciphersuite information. The index provided is an internal
+ * index kept at the priorities structure. It might be that a valid index
+ * does not correspond to a ciphersuite and in that case
%GNUTLS_E_UNKNOWN_CIPHER_SUITE
+ * will be returned. Once the last available index is crossed then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error
value otherwise.
+ **/
+int
+gnutls_priority_get_cipher_suite (gnutls_priority_t pcache, int idx, const
char** name, unsigned char cs_id[2])
+{
+int mac_idx, cipher_idx, kx_idx;
+int total = pcache->mac.algorithms * pcache->cipher.algorithms *
pcache->kx.algorithms;
+const gnutls_cipher_suite_entry * ce;
+
+ if (idx >= total)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ mac_idx = idx % pcache->mac.algorithms;
+
+ idx /= pcache->mac.algorithms;
+ cipher_idx = idx % pcache->cipher.algorithms;
+
+ idx /= pcache->cipher.algorithms;
+ kx_idx = idx % pcache->kx.algorithms;
+
+ ce = cipher_suite_get(pcache->kx.priority[kx_idx],
pcache->cipher.priority[cipher_idx],
+ pcache->mac.priority[mac_idx]);
+
+ if (ce == NULL)
+ {
+ *name = NULL;
+ memset(cs_id, 0, 2);
+ }
+ else
+ {
+ *name = ce->name;
+ memcpy(cs_id, ce->id.suite, 2);
+ }
+
+ if (*name == NULL)
+ {
+ *name = "(no corresponding ciphersuite)";
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ return 0;
+}
+
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 7d071ec..7fa1eb2 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -214,6 +214,7 @@ gnutls_certificate_type_set_priority (gnutls_session_t
session,
}
static const int supported_ecc_normal[] = {
+ GNUTLS_ECC_CURVE_SECP192R1,
GNUTLS_ECC_CURVE_SECP224R1,
GNUTLS_ECC_CURVE_SECP256R1,
GNUTLS_ECC_CURVE_SECP384R1,
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index ed74484..5b5fa58 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -803,7 +803,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
const gnutls_pk_algorithm_t *gnutls_pk_list (void);
const gnutls_sign_algorithm_t *gnutls_sign_list (void);
const char *gnutls_cipher_suite_info (size_t idx,
- char *cs_id,
+ unsigned char *cs_id,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
gnutls_mac_algorithm_t * mac,
@@ -909,6 +909,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
int gnutls_priority_init (gnutls_priority_t * priority_cache,
const char *priorities, const char **err_pos);
void gnutls_priority_deinit (gnutls_priority_t priority_cache);
+ int gnutls_priority_get_cipher_suite (gnutls_priority_t pcache, int idx,
const char** name, unsigned char cs_id[2]);
int gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 807c94e..0abb800 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -725,6 +725,7 @@ GNUTLS_3_0_0 {
gnutls_srp_4096_group_generator;
gnutls_srp_4096_group_prime;
gnutls_x509_privkey_verify_params;
+ gnutls_priority_get_cipher_suite;
} GNUTLS_2_12;
GNUTLS_PRIVATE {
diff --git a/lib/nettle/ecc_mulmod.c b/lib/nettle/ecc_mulmod.c
index 2c1d46e..0040ef2 100644
--- a/lib/nettle/ecc_mulmod.c
+++ b/lib/nettle/ecc_mulmod.c
@@ -43,7 +43,7 @@ ecc_mulmod (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a,
mpz_t modulus,
{
ecc_point *tG, *M[8];
int i, j, err, bitidx;
- int first, bitbuf, bitcpy, bitcnt, mode;
+ int first, bitbuf, bitcpy, mode;
if (k == NULL || G == NULL || R == NULL || modulus == NULL)
return -1;
@@ -92,7 +92,6 @@ ecc_mulmod (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a,
mpz_t modulus,
/* setup sliding window */
mode = 0;
- bitcnt = 1;
bitidx = mpz_size (k) * GMP_NUMB_BITS - 1;
bitcpy = bitbuf = 0;
first = 1;
diff --git a/src/cli-gaa.c b/src/cli-gaa.c
index 8959237..dd84b9a 100644
--- a/src/cli-gaa.c
+++ b/src/cli-gaa.c
@@ -160,7 +160,7 @@ void gaa_help(void)
__gaa_helpsingle(0, "benchmark-ciphers", "", "Benchmark individual
ciphers.");
__gaa_helpsingle(0, "benchmark-soft-ciphers", "", "Benchmark individual
software ciphers.");
__gaa_helpsingle(0, "benchmark-tls", "", "Benchmark ciphers and key
exchange methods in TLS.");
- __gaa_helpsingle('l', "list", "", "Print a list of the supported
algorithms and modes.");
+ __gaa_helpsingle('l', "list", "", "Print a list of the supported
algorithms and modes. If a priority string is given then only the ciphersuites
enabled by the priority are shown.");
__gaa_helpsingle('h', "help", "", "prints this help");
__gaa_helpsingle('v', "version", "", "prints the program's version
number");
@@ -793,7 +793,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_list:
OK = 0;
#line 106 "cli.gaa"
-{ print_list(gaaval->verbose); exit(0); ;};
+{ print_list(gaaval->priorities, gaaval->verbose); exit(0); ;};
return GAA_OK;
break;
diff --git a/src/cli.gaa b/src/cli.gaa
index b06d336..c29fbb8 100644
--- a/src/cli.gaa
+++ b/src/cli.gaa
@@ -103,7 +103,7 @@ option ( benchmark-ciphers) { benchmark_cipher(1, $debug);
exit(0) } "Benchmark
option ( benchmark-soft-ciphers) { benchmark_cipher(0, $debug); exit(0) }
"Benchmark individual software ciphers."
option ( benchmark-tls) { benchmark_tls($debug); exit(0) } "Benchmark ciphers
and key exchange methods in TLS."
-option (l, list) { print_list($verbose); exit(0); } "Print a list of the
supported algorithms and modes."
+option (l, list) { print_list($priorities, $verbose); exit(0); } "Print a list
of the supported algorithms and modes. If a priority string is given then only
the ciphersuites enabled by the priority are shown."
option (h, help) { gaa_help(); exit(0); } "prints this help"
option (v, version) { cli_version(); exit(0); } "prints the program's version
number"
diff --git a/src/common.c b/src/common.c
index 95c4050..0cfc0aa 100644
--- a/src/common.c
+++ b/src/common.c
@@ -570,16 +570,41 @@ print_cert_info (gnutls_session_t session, const char
*hostname, int insecure)
}
void
-print_list (int verbose)
+print_list (const char* priorities, int verbose)
{
- {
size_t i;
+ int ret;
const char *name;
- char id[2];
+ const char *err;
+ unsigned char id[2];
gnutls_kx_algorithm_t kx;
gnutls_cipher_algorithm_t cipher;
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
+ gnutls_priority_t pcache;
+
+ if (priorities != NULL)
+ {
+ printf ("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init(&pcache, priorities, &err);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ for (i=0;;i++)
+ {
+ ret = gnutls_priority_get_cipher_suite(pcache, i, &name, id);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
+
+ printf ("%-50s\t0x%02x, 0x%02x\n", name, id[0], id[1]);
+ }
+
+ return;
+ }
printf ("Cipher suites:\n");
for (i = 0; (name = gnutls_cipher_suite_info
@@ -594,7 +619,6 @@ print_list (int verbose)
gnutls_kx_get_name (kx),
gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
}
- }
{
const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
diff --git a/src/common.h b/src/common.h
index 5d0757b..8658846 100644
--- a/src/common.h
+++ b/src/common.h
@@ -33,7 +33,7 @@ extern const char str_unknown[];
int print_info (gnutls_session_t state, const char *hostname, int insecure);
void print_cert_info (gnutls_session_t state, const char *hostname,
int insecure);
-void print_list (int verbose);
+void print_list (const char* priorities, int verbose);
const char *raw_to_string (const unsigned char *raw, size_t raw_size);
int service_to_port (const char *service);
diff --git a/src/serv-gaa.c b/src/serv-gaa.c
index 2d1baaa..d903c8e 100644
--- a/src/serv-gaa.c
+++ b/src/serv-gaa.c
@@ -807,7 +807,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
case GAAOPTID_list:
OK = 0;
#line 103 "serv.gaa"
-{ print_list(0); exit(0); ;};
+{ print_list(gaaval->priorities, 0); exit(0); ;};
return GAA_OK;
break;
diff --git a/src/serv.gaa b/src/serv.gaa
index c4427ae..97ba2ce 100644
--- a/src/serv.gaa
+++ b/src/serv.gaa
@@ -100,7 +100,7 @@ option (srppasswdconf) STR "FILE" { $srp_passwd_conf = $1 }
"SRP password conf f
#char *priorities;
option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities
string."
-option (l, list) { print_list(0); exit(0); } "Print a list of the supported
algorithms and modes."
+option (l, list) { print_list($priorities, 0); exit(0); } "Print a list of the
supported algorithms and modes."
option (h, help) { gaa_help(); exit(0); } "prints this help"
option (v, version) { serv_version(); exit(0); } "prints the program's version
number"
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-49-g272149d,
Nikos Mavrogiannopoulos <=