[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-126-g065ada1
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-126-g065ada1 |
Date: |
Tue, 08 Feb 2011 17:55:56 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=065ada1a9228c12132b15ab8da2244178d33430c
The branch, master has been updated
via 065ada1a9228c12132b15ab8da2244178d33430c (commit)
via ea683ee362fb13fa7515a2cd5f9c31c99c0366a4 (commit)
via 145db1e3a427a508afb0de08f3135a3f90dcf8eb (commit)
from cf962061e6584fbd0d4a11932477bae797b05a93 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 065ada1a9228c12132b15ab8da2244178d33430c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 8 18:55:51 2011 +0100
Combined same functions.
commit ea683ee362fb13fa7515a2cd5f9c31c99c0366a4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 8 18:53:54 2011 +0100
Several updates in signature algorithms parsing and sending to avoid
sending invalid signature algorithms.
commit 145db1e3a427a508afb0de08f3135a3f90dcf8eb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Feb 8 18:11:52 2011 +0100
Removed unused debugging code.
-----------------------------------------------------------------------
Summary of changes:
lib/auth_cert.c | 19 +++++++--
lib/auth_dhe.c | 36 +++++++++++-----
lib/ext_signature.c | 32 ++++++++++----
lib/gnutls_algorithms.c | 87 ++++++++-------------------------------
lib/gnutls_algorithms.h | 2 +-
lib/includes/gnutls/gnutls.h.in | 3 +-
6 files changed, 82 insertions(+), 97 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 760db40..033d3d7 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1532,7 +1532,7 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t
session, opaque ** data)
gnutls_cert *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length, size;
- gnutls_datum_t signature;
+ gnutls_datum_t signature = { NULL, 0 };
int total_data;
opaque *p;
gnutls_sign_algorithm_t sign_algo;
@@ -1584,11 +1584,17 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t
session, opaque ** data)
p = *data;
if (_gnutls_version_has_selectable_sighash (ver))
{
- sign_algorithm_st aid;
+ const sign_algorithm_st *aid;
/* error checking is not needed here since we have used those algorithms
*/
aid = _gnutls_sign_to_tls_aid (sign_algo);
- p[0] = aid.hash_algorithm;
- p[1] = aid.sign_algorithm;
+ if (aid == NULL)
+ {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
p += 2;
}
@@ -1601,6 +1607,11 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t
session, opaque ** data)
_gnutls_free_datum (&signature);
return total_data;
+
+cleanup:
+ _gnutls_free_datum (&signature);
+ gnutls_free(*data);
+ return ret;
}
int
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index 82a8df6..87de684 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -89,7 +89,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data)
gnutls_cert *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
- gnutls_datum_t signature, ddata;
+ gnutls_datum_t signature = { NULL, 0 }, ddata;
gnutls_certificate_credentials_t cred;
gnutls_dh_params_t dh_params;
gnutls_sign_algorithm_t sign_algo;
@@ -154,38 +154,44 @@ gen_dhe_server_kx (gnutls_session_t session, opaque **
data)
&sign_algo)) < 0)
{
gnutls_assert ();
- gnutls_free (*data);
- return ret;
+ goto cleanup;
}
}
else
{
gnutls_assert ();
- return data_size; /* do not put a signature - ILLEGAL! */
+ ret = data_size; /* do not put a signature - ILLEGAL! */
+ goto cleanup;
}
*data = gnutls_realloc_fast (*data, data_size + signature.size + 4);
if (*data == NULL)
{
- _gnutls_free_datum (&signature);
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
}
if (_gnutls_version_has_selectable_sighash (ver))
{
- sign_algorithm_st aid;
+ const sign_algorithm_st *aid;
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
{
- _gnutls_free_datum (&signature);
- gnutls_assert ();
- return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
}
aid = _gnutls_sign_to_tls_aid (sign_algo);
- (*data)[data_size++] = aid.hash_algorithm;
- (*data)[data_size++] = aid.sign_algorithm;
+ if (aid == NULL)
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ (*data)[data_size++] = aid->hash_algorithm;
+ (*data)[data_size++] = aid->sign_algorithm;
}
_gnutls_write_datum16 (&(*data)[data_size], signature);
@@ -194,6 +200,12 @@ gen_dhe_server_kx (gnutls_session_t session, opaque **
data)
_gnutls_free_datum (&signature);
return data_size;
+
+cleanup:
+ _gnutls_free_datum (&signature);
+ gnutls_free(*data);
+ return ret;
+
}
static int
diff --git a/lib/ext_signature.c b/lib/ext_signature.c
index 6eebd39..af6328b 100644
--- a/lib/ext_signature.c
+++ b/lib/ext_signature.c
@@ -72,31 +72,41 @@ int
_gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data,
size_t max_data_size)
{
- opaque *p = data;
+ opaque *p = data, *len_p;
int len, i, j;
- sign_algorithm_st aid;
+ const sign_algorithm_st *aid;
- len = session->internals.priorities.sign_algo.algorithms * 2;
- if (max_data_size < len + 2)
+ if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) +
2)
{
gnutls_assert ();
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- _gnutls_write_uint16 (len, p);
+ len = 0;
+ len_p = p;
+
p += 2;
- for (i = j = 0; i < len; i += 2, j++)
+ for (i = j = 0; i < session->internals.priorities.sign_algo.algorithms; i +=
2, j++)
{
aid =
_gnutls_sign_to_tls_aid (session->internals.priorities.
sign_algo.priority[j]);
- *p = aid.hash_algorithm;
+
+ if (aid == NULL)
+ continue;
+
+ _gnutls_debug_log ("EXT[SIGA]: sent signature algo (%d.%d) %s\n",
aid->hash_algorithm,
+ aid->sign_algorithm,
gnutls_sign_get_name(session->internals.priorities.sign_algo.priority[j]));
+ *p = aid->hash_algorithm;
p++;
- *p = aid.sign_algorithm;
+ *p = aid->sign_algorithm;
p++;
-
+ len+=2;
}
+
+ _gnutls_write_uint16 (len, len_p);
+
return len + 2;
}
@@ -127,6 +137,10 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t
session,
aid.sign_algorithm = data[i + 1];
sig = _gnutls_tls_aid_to_sign (&aid);
+
+ _gnutls_debug_log ("EXT[SIGA]: rcvd signature algo (%d.%d) %s\n",
aid.hash_algorithm,
+ aid.sign_algorithm, gnutls_sign_get_name(sig));
+
if (sig != GNUTLS_SIGN_UNKNOWN)
{
priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 639f9fa..1d7d973 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1720,39 +1720,11 @@ _gnutls_compare_algo (gnutls_session_t session, const
void *i_A1,
}
}
-#ifdef SORT_DEBUG
-static void
-_gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb,
- size_t size, int (*compar) (gnutls_session_t, const void *,
- const void *))
-{
- unsigned int i, j;
- int full = nmemb * size;
- char *base = _base;
- char tmp[MAX_ELEM_SIZE];
-
- for (i = 0; i < full; i += size)
- {
- for (j = 0; j < full; j += size)
- {
- if (compar (session, &base[i], &base[j]) < 0)
- {
- SWAP (&base[j], &base[i]);
- }
- }
- }
-
-}
-#endif
-
int
_gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
cipher_suite_st ** ciphers)
{
-#ifdef SORT_DEBUG
- unsigned int i;
-#endif
int count;
count = _gnutls_supported_ciphersuites (session, ciphers);
@@ -1761,23 +1733,10 @@ _gnutls_supported_ciphersuites_sorted (gnutls_session_t
session,
gnutls_assert ();
return count;
}
-#ifdef SORT_DEBUG
- _gnutls_debug_log ("Unsorted: \n");
- for (i = 0; i < count; i++)
- _gnutls_debug_log ("\t%d: %s\n", i,
- _gnutls_cipher_suite_get_name ((*ciphers)[i]));
-#endif
_gnutls_qsort (session, *ciphers, count,
sizeof (cipher_suite_st), _gnutls_compare_algo);
-#ifdef SORT_DEBUG
- _gnutls_debug_log ("Sorted: \n");
- for (i = 0; i < count; i++)
- _gnutls_debug_log ("\t%d: %s\n", i,
- _gnutls_cipher_suite_get_name ((*ciphers)[i]));
-#endif
-
return count;
}
@@ -1982,11 +1941,12 @@ struct gnutls_sign_entry
gnutls_mac_algorithm_t mac;
/* See RFC 5246 HashAlgorithm and SignatureAlgorithm
for values to use in aid struct. */
- sign_algorithm_st aid;
+ const sign_algorithm_st aid;
};
typedef struct gnutls_sign_entry gnutls_sign_entry;
#define TLS_SIGN_AID_UNKNOWN {255, 255}
+static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
static const gnutls_sign_entry sign_algorithms[] = {
{"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
@@ -2040,7 +2000,7 @@ static const gnutls_sign_algorithm_t supported_sign[] = {
GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
/**
- * gnutls_sign_algorithm_get_name:
+ * gnutls_sign_get_name:
* @sign: is a sign algorithm
*
* Convert a #gnutls_sign_algorithm_t value to a string.
@@ -2049,7 +2009,7 @@ static const gnutls_sign_algorithm_t supported_sign[] = {
* algorithm, or %NULL.
**/
const char *
-gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_name (gnutls_sign_algorithm_t sign)
{
const char *ret = NULL;
@@ -2094,27 +2054,6 @@ gnutls_sign_get_id (const char *name)
}
-/**
- * gnutls_sign_get_name:
- * @algorithm: is a public key signature algorithm
- *
- * Convert a #gnutls_sign_algorithm_t value to a string.
- *
- * Returns: a pointer to a string that contains the name of the
- * specified public key signature algorithm, or %NULL.
- *
- * Since: 2.6.0
- **/
-const char *
-gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
-{
- const char *ret = "SIGN_UNKNOWN";
-
- GNUTLS_SIGN_LOOP (if (p->id == algorithm) ret = p->name);
-
- return ret;
-}
-
gnutls_sign_algorithm_t
_gnutls_x509_oid2sign_algorithm (const char *oid)
{
@@ -2188,21 +2127,31 @@ _gnutls_tls_aid_to_sign (const sign_algorithm_st * aid)
{
gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+ if (memcmp(aid, &unknown_tls_aid, sizeof(aid))==0)
+ return ret;
+
GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm
&& p->aid.sign_algorithm == aid->sign_algorithm)
{
- ret = p->id; break;}
+ ret = p->id; break;
+ }
);
+
return ret;
}
-sign_algorithm_st
+/* Returns NULL if a valid AID is not found
+ */
+const sign_algorithm_st*
_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign)
{
- sign_algorithm_st ret = TLS_SIGN_AID_UNKNOWN;
+ const sign_algorithm_st * ret = NULL;
- GNUTLS_SIGN_ALG_LOOP (ret = p->aid);
+ GNUTLS_SIGN_ALG_LOOP (ret = &p->aid);
+
+ if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0)
+ return NULL;
return ret;
}
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 50504f3..4e6b540 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -114,7 +114,7 @@ const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
gnutls_mac_algorithm_t mac);
gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
aid);
-sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
+const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t
sign);
gnutls_mac_algorithm_t
_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index aa203d1..385d238 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -601,8 +601,6 @@ extern "C"
GNUTLS_SIGN_DSA_SHA256 = 11
} gnutls_sign_algorithm_t;
- const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign);
-
/**
* gnutls_sec_param_t:
* @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
@@ -724,6 +722,7 @@ extern "C"
type);
const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
+#define gnutls_sign_algorithm_get_name gnutls_sign_get_name
gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name);
gnutls_compression_method_t gnutls_compression_get_id (const char *name);
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-126-g065ada1,
Nikos Mavrogiannopoulos <=