gnutls-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-332-g1973b3e


From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-332-g1973b3e
Date: Mon, 26 Jul 2010 15:22:11 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1973b3ed46b587319ba1c1580d85887006dd2e55

The branch, master has been updated
       via  1973b3ed46b587319ba1c1580d85887006dd2e55 (commit)
       via  9534c6538c49c16730cb15f43c1a3871998e03c1 (commit)
       via  2b28684c6c9ecf9760685016931f28de583b8fa2 (commit)
       via  3b310942aefb4665d0029a084445553e4b9d3403 (commit)
      from  a0c6e34c983423d41c80652402fc2cd17ef27a5c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1973b3ed46b587319ba1c1580d85887006dd2e55
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 26 17:21:46 2010 +0200

    Modified the example to work in TLS 1.2.

commit 9534c6538c49c16730cb15f43c1a3871998e03c1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 26 17:13:56 2010 +0200

    Added RSA_NULL_SHA1 and SHA256 ciphersuites.

commit 2b28684c6c9ecf9760685016931f28de583b8fa2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 26 17:12:19 2010 +0200

    When signature algorithms extension is not received allow SHA1 and SHA256.

commit 3b310942aefb4665d0029a084445553e4b9d3403
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Jul 26 16:40:31 2010 +0200

    NULL MAC renamed to MAC-NULL

-----------------------------------------------------------------------

Summary of changes:
 NEWS                    |    2 ++
 lib/ext_signature.c     |   17 +++++++++++++----
 lib/gnutls_algorithms.c |   17 ++++++++++++++---
 lib/gnutls_priority.c   |    4 ++--
 4 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index 772a588..d689850 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ See the end for copying conditions.
 
 * Version 2.11.1 (unreleased)
 
+** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites.
+
 ** libgnutls: Updated documentation and gnutls_pk_params_t mappings
 to ECRYPT II recommendations. Mappings were moved to a single location
 and DSA keys are handled differently (since DSA2 allows for 1024,2048
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index 9d52303..abc2da9 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -272,22 +272,31 @@ _gnutls_session_sign_algo_requested (gnutls_session_t 
session,
                                     gnutls_sign_algorithm_t sig)
 {
   unsigned i;
-  int ret;
+  int ret, hash;
   gnutls_protocol_t ver = gnutls_protocol_get_version (session);
   sig_ext_st * priv;
   extension_priv_data_t epriv;
 
+  if (!_gnutls_version_has_selectable_sighash (ver))
+    {
+      return 0;
+    }
+
   ret = _gnutls_ext_get_session_data(session, 
GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
     &epriv);
   if (ret < 0)
     {
       gnutls_assert();
-      return ret;
+      /* extension not received allow SHA1 and SHA256 */
+      hash = _gnutls_sign_get_hash_algorithm(sig);
+      if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256)
+        return 0;
+      else
+        return ret;
     }
   priv = epriv.ptr;
 
-  if (!_gnutls_version_has_selectable_sighash (ver)
-      || priv->sign_algorithms_size == 0)
+  if (priv->sign_algorithms_size == 0)
     /* none set, allow all */
     {
       return 0;
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 2c50690..2acf1aa 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -261,7 +261,7 @@ static const gnutls_hash_entry hash_algorithms[] = {
   {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
   {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0},    /* not used as MAC */
   {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
-  {"NULL", NULL, GNUTLS_MAC_NULL, 0},
+  {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
   {0, 0, 0, 0}
 };
 
@@ -383,7 +383,8 @@ typedef struct
  * for test purposes.
  */
 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
-
+#define GNUTLS_RSA_NULL_SHA1 { 0x00, 0x02 }
+#define GNUTLS_RSA_NULL_SHA256 { 0x00, 0x3B }
 
 /* ANONymous cipher suites.
  */
@@ -692,17 +693,27 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
                             GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
                             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
                             GNUTLS_VERSION_MAX),
-  /* RSA */
+  /* RSA-NULL */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
                             GNUTLS_CIPHER_NULL,
                             GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
                             GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA1,
+                            GNUTLS_CIPHER_NULL,
+                            GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+                            GNUTLS_VERSION_MAX),
+  GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA256,
+                            GNUTLS_CIPHER_NULL,
+                            GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+                            GNUTLS_VERSION_MAX),
 
+  /* RSA-EXPORT */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
                             GNUTLS_CIPHER_ARCFOUR_40,
                             GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
                             GNUTLS_SSL3, GNUTLS_TLS1_0),
 
+  /* RSA */
   GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
                             GNUTLS_CIPHER_ARCFOUR_128,
                             GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index d28c456..5f1045b 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -474,7 +474,7 @@ gnutls_priority_set (gnutls_session_t session, 
gnutls_priority_t priority)
  * separated list of the cipher priorities to enable.
  *
  * Unless the first keyword is "NONE" the defaults (in preference
- * order) are for TLS protocols TLS1.1, TLS1.0, SSL3.0; for
+ * order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0, SSL3.0; for
  * compression NULL; for certificate types X.509, OpenPGP.
  *
  * For key exchange algorithms when in NORMAL or SECURE levels the
@@ -554,7 +554,7 @@ gnutls_priority_set (gnutls_session_t session, 
gnutls_priority_t priority)
  * "EXPORT:!VERS-TLS1.0:+COMP-DEFLATE" means that export ciphers are
  * enabled, TLS 1.0 is disabled, and libz compression enabled.
  *
- * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL", "NORMAL",
+ * "NONE:+VERS-TLS1.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1", 
"NORMAL",
  * "%COMPAT".
  *
  * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,


hooks/post-receive
-- 
GNU gnutls



reply via email to

[Prev in Thread] Current Thread [Next in Thread]