gnutls-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-89-gfc2b813


From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-89-gfc2b813
Date: Mon, 23 May 2011 20:43:13 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=fc2b813d1a6034e45906ed014c6a1babe8555bd5

The branch, master has been updated
       via  fc2b813d1a6034e45906ed014c6a1babe8555bd5 (commit)
       via  69a52e9050c2d18f024b94f058b8d1a0f340e9a1 (commit)
       via  19e53ecaea095e0d4e6b3531a0e4a6d2f28e35fb (commit)
      from  76193fc1e552eac3096af9b61770cf35c8fa1b23 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fc2b813d1a6034e45906ed014c6a1babe8555bd5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon May 23 22:42:35 2011 +0200

    Several updates to allow generation and signing of an ECC certificate.

commit 69a52e9050c2d18f024b94f058b8d1a0f340e9a1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon May 23 22:17:17 2011 +0200

    updated certtool info.

commit 19e53ecaea095e0d4e6b3531a0e4a6d2f28e35fb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon May 23 12:54:16 2011 +0200

    corrected bug in ciphersuite name searching.

-----------------------------------------------------------------------

Summary of changes:
 doc/manpages/certtool.1       |    7 ++++++-
 lib/algorithms/ciphersuites.c |   14 +++++++-------
 lib/gnutls_pk.c               |   29 -----------------------------
 lib/gnutls_pk.h               |    2 --
 lib/gnutls_privkey.c          |   23 +++++++++++++++++++++++
 lib/gnutls_sig.c              |   27 ++++-----------------------
 lib/x509/verify.c             |    3 ++-
 7 files changed, 42 insertions(+), 63 deletions(-)

diff --git a/doc/manpages/certtool.1 b/doc/manpages/certtool.1
index 895e309..7c46057 100644
--- a/doc/manpages/certtool.1
+++ b/doc/manpages/certtool.1
@@ -1,4 +1,4 @@
-.TH certtool 1 "May 23rd 2005"
+.TH certtool 1 "May 23rd 2011"
 .SH NAME
 certtool \- Manipulate certificates and keys.
 .SH SYNOPSIS
@@ -68,6 +68,11 @@ The cipher to use when doing pkcs encryption. Valid options 
are
 3des,aes-128,aes-192,aes-256,rc2-40
 .IP "\-\-dsa"
 Generate a DSA key.
+.IP "\-\-ecc"
+Generate an ECC (ECDSA) key.
+.IP "\-\-sec\-param [low|normal|high|ultra]"
+Specify a security parameter for the generate key. It is recommended
+to use this option instead of \-\-bits.
 .IP "\-\-bits BITS"
 Specify the number of bits for key generation.
 .IP "\-\-export\-ciphers"
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 2f775bc..09b115d 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -662,14 +662,14 @@ gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t 
kx_algorithm,
 {
   const char *ret = NULL;
 
-  /* avoid prefix */
   GNUTLS_CIPHER_SUITE_LOOP (
-    if (kx_algorithm == p->kx_algorithm &&
-        cipher_algorithm == p->block_algorithm && mac_algorithm == 
p->mac_algorithm)
-      {
-        ret = p->name + sizeof ("GNUTLS_") - 1);
-        break;
-      }
+      if (kx_algorithm == p->kx_algorithm &&
+          cipher_algorithm == p->block_algorithm && mac_algorithm == 
p->mac_algorithm)
+        {
+          ret = p->name + sizeof ("GNUTLS_") - 1;
+          break;
+        }
+  );
 
   return ret;
 }
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index e7cd6f9..38632f9 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -397,35 +397,6 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, 
bigint_t r, bigint_t s)
 }
 
 
-/* Do DSA signature calculation. params is p, q, g, y, x in that order.
- */
-int
-_gnutls_dsa_sign (gnutls_datum_t * signature,
-                  const gnutls_datum_t * hash, 
-                  gnutls_pk_params_st * params)
-{
-  int ret;
-  size_t k;
-
-  k = hash->size;
-  if (k < 20)
-    { /* SHA1 or better only */
-      gnutls_assert ();
-      return GNUTLS_E_PK_SIGN_FAILED;
-    }
-
-  ret = _gnutls_pk_sign (GNUTLS_PK_DSA, signature, hash, params);
-  /* rs[0], rs[1] now hold r,s */
-
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}
-
 /* decodes the Dss-Sig-Value structure
  */
 int
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index 8b6359e..452a052 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -52,8 +52,6 @@ int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
                                const gnutls_datum_t * plaintext,
                                gnutls_pk_params_st * params,
                                unsigned btype);
-int _gnutls_dsa_sign (gnutls_datum_t * signature,
-                      const gnutls_datum_t * plaintext, gnutls_pk_params_st*);
 int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
                                const gnutls_datum_t * ciphertext,
                                gnutls_pk_params_st* params,
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index b71e04a..f1737c0 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -144,6 +144,29 @@ privkey_to_pubkey (gnutls_pk_algorithm_t pk,
         }
 
       break;
+    case GNUTLS_PK_ECC:
+      pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
+      pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
+      pub->params[2] = _gnutls_mpi_copy (priv->params[2]);
+      pub->params[3] = _gnutls_mpi_copy (priv->params[3]);
+      pub->params[4] = _gnutls_mpi_copy (priv->params[4]);
+      pub->params[5] = _gnutls_mpi_copy (priv->params[5]);
+      pub->params[6] = _gnutls_mpi_copy (priv->params[6]);
+
+      pub->params_nr = ECC_PUBLIC_PARAMS;
+      pub->flags = priv->flags;
+
+      if (pub->params[0] == NULL || pub->params[1] == NULL ||
+          pub->params[2] == NULL || pub->params[3] == NULL ||
+          pub->params[4] == NULL || pub->params[5] == NULL ||
+          pub->params[6] == NULL)
+        {
+          gnutls_assert ();
+          ret = GNUTLS_E_MEMORY_ERROR;
+          goto cleanup;
+        }
+
+      break;
     default:
       gnutls_assert ();
       return GNUTLS_E_INVALID_REQUEST;
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 6e7cb10..4331165 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -183,18 +183,14 @@ _gnutls_soft_sign (gnutls_pk_algorithm_t algo, 
gnutls_pk_params_st * params,
         }
 
       break;
-    case GNUTLS_PK_DSA:
-      /* sign */
-      if ((ret = _gnutls_dsa_sign (signature, data, params)) < 0)
+    default:
+      ret = _gnutls_pk_sign( algo, signature, data, params);
+      if (ret < 0)
         {
           gnutls_assert ();
           return ret;
         }
       break;
-    default:
-      gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-      break;
     }
 
   return 0;
@@ -752,22 +748,6 @@ pk_hash_data (gnutls_pk_algorithm_t pk, 
gnutls_digest_algorithm_t hash,
 {
   int ret;
 
-  switch (pk)
-    {
-    case GNUTLS_PK_RSA:
-      break;
-    case GNUTLS_PK_DSA:
-      if (params && hash != _gnutls_dsa_q_to_hash (pk, params))
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      break;
-    default:
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
   digest->size = _gnutls_hash_get_algo_len (hash);
   digest->data = gnutls_malloc (digest->size);
   if (digest->data == NULL)
@@ -903,6 +883,7 @@ pk_prepare_hash (gnutls_pk_algorithm_t pk,
       _gnutls_free_datum (&old_digest);
       break;
     case GNUTLS_PK_DSA:
+    case GNUTLS_PK_ECC:
       break;
     default:
       gnutls_assert ();
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index d2653c5..76fe41a 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -960,9 +960,10 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * 
hash,
   switch (pk)
     {
     case GNUTLS_PK_DSA:
+    case GNUTLS_PK_ECC:
 
       if (hash)
-        *hash = _gnutls_dsa_q_to_hash (GNUTLS_PK_DSA, issuer_params);
+        *hash = _gnutls_dsa_q_to_hash (pk, issuer_params);
 
       ret = 0;
       break;


hooks/post-receive
-- 
GNU gnutls



reply via email to

[Prev in Thread] Current Thread [Next in Thread]