[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-12-g0b1dd6e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-12-g0b1dd6e |
|
Date: |
Fri, 17 Aug 2012 21:42:17 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0b1dd6ea48f1acbb89955a48c46a25bab8e78d7e
The branch, master has been updated
via 0b1dd6ea48f1acbb89955a48c46a25bab8e78d7e (commit)
via b29a593db7a2cedb81916b1a1eea056f812a29c7 (commit)
via b726f19b9e821db6fdc0a3b335e7cc5b191de6a8 (commit)
via 8361e8735c5c27fae542a87c14886a788735d65e (commit)
via 5e4f7a5f22de308e886730cdcbdefa4a0845794d (commit)
via c1c28f186aeff23f012d4ff3471c7551522eeee6 (commit)
via 1ff18a774140d78a3fb1d708a6b37edb0971752a (commit)
via 5791f17c206e83baf6744151f53ad542c75de3be (commit)
from 0b2d193a6b703afa6d2bf8c1b499315ef843f408 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0b1dd6ea48f1acbb89955a48c46a25bab8e78d7e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 22:53:23 2012 +0200
remove debugging
commit b29a593db7a2cedb81916b1a1eea056f812a29c7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 22:51:26 2012 +0200
When signing use the private key's algorithm.
commit b726f19b9e821db6fdc0a3b335e7cc5b191de6a8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 22:48:50 2012 +0200
Use the preferred key ID when reading the pk_algorithm in openpgp keys.
gnutls_openpgp_*_get_pk_algorithm() returns the algorithm of the preferred
key ID if set.
commit 8361e8735c5c27fae542a87c14886a788735d65e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 20:17:23 2012 +0200
Added missing functions
commit 5e4f7a5f22de308e886730cdcbdefa4a0845794d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 20:16:35 2012 +0200
Added gnutls_sign_algorithm_get().
commit c1c28f186aeff23f012d4ff3471c7551522eeee6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 19:54:23 2012 +0200
removed unused variable
commit 1ff18a774140d78a3fb1d708a6b37edb0971752a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 20:09:46 2012 +0200
gnutls_sign_get_pk_algorithm and gnutls_sign_get_hash_algorithm were
exported.
commit 5791f17c206e83baf6744151f53ad542c75de3be
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 15:15:08 2012 +0200
When selecting a session signature algorithm consider the enabled.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 11 +++++++++++
doc/Makefile.am | 6 ++++++
lib/algorithms.h | 3 ---
lib/algorithms/sign.c | 26 ++++++++++++++++++++++++--
lib/auth/cert.h | 3 +++
lib/ext/signature.c | 22 +++++++++++++++++++++-
lib/ext/signature.h | 6 ++++++
lib/gnutls_cert.c | 16 ++++++++++++++++
lib/gnutls_int.h | 3 +++
lib/gnutls_pubkey.c | 8 ++++----
lib/gnutls_sig.c | 20 ++++++++++++--------
lib/gnutls_x509.c | 17 -----------------
lib/includes/gnutls/gnutls.h.in | 4 ++++
lib/libgnutls.map | 3 +++
lib/openpgp/gnutls_openpgp.c | 7 ++++++-
lib/openpgp/pgp.c | 26 +++++++++++++++++++-------
lib/openpgp/privkey.c | 26 +++++++++++++++++++-------
lib/x509/crq.c | 2 +-
lib/x509/verify.c | 4 ++--
tests/mini-handshake-timeout.c | 1 -
20 files changed, 160 insertions(+), 54 deletions(-)
diff --git a/NEWS b/NEWS
index db12120..1955e8f 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,17 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2012 Free Software Foundation, Inc.
See the end for copying conditions.
+* Version 3.1.1 (unreleased)
+
+** tpmtool: No longer asks for key password in registered keys.
+
+** API and ABI modifications:
+gnutls_sign_algorithm_get: Added
+gnutls_sign_get_hash_algorithm: Added
+gnutls_sign_get_pk_algorithm: Added
+GNUTLS_PK_RSA_HASH_ONLY: Added
+
+
* Version 3.1.0 (released 2012-08-15)
** libgnutls: Added direct support for TPM as a cryptographic module
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 7f1fde9..d224c5a 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -802,6 +802,8 @@ FUNCS += functions/gnutls_compression_get
FUNCS += functions/gnutls_compression_get.short
FUNCS += functions/gnutls_certificate_type_get
FUNCS += functions/gnutls_certificate_type_get.short
+FUNCS += functions/gnutls_sign_algorithm_get
+FUNCS += functions/gnutls_sign_algorithm_get.short
FUNCS += functions/gnutls_sign_algorithm_get_requested
FUNCS += functions/gnutls_sign_algorithm_get_requested.short
FUNCS += functions/gnutls_cipher_get_key_size
@@ -822,6 +824,10 @@ FUNCS += functions/gnutls_pk_get_name
FUNCS += functions/gnutls_pk_get_name.short
FUNCS += functions/gnutls_sign_get_name
FUNCS += functions/gnutls_sign_get_name.short
+FUNCS += functions/gnutls_sign_get_hash_algorithm
+FUNCS += functions/gnutls_sign_get_hash_algorithm.short
+FUNCS += functions/gnutls_sign_get_pk_algorithm
+FUNCS += functions/gnutls_sign_get_pk_algorithm.short
FUNCS += functions/gnutls_pk_to_sign
FUNCS += functions/gnutls_pk_to_sign.short
FUNCS += functions/gnutls_mac_get_id
diff --git a/lib/algorithms.h b/lib/algorithms.h
index 748629c..a11a2a2 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -117,9 +117,6 @@ const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
aid);
const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t
sign);
-gnutls_digest_algorithm_t
-_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
-gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
int _gnutls_mac_priority (gnutls_session_t session,
gnutls_mac_algorithm_t algorithm);
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c
index b422c4c..316392f 100644
--- a/lib/algorithms/sign.c
+++ b/lib/algorithms/sign.c
@@ -218,8 +218,19 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
return ret;
}
+/**
+ * gnutls_sign_get_hash_algorithm:
+ * @sign: is a signature algorithm
+ *
+ * This function returns the digest algorithm corresponding to
+ * the given signature algorithms.
+ *
+ * Since: 3.1.1
+ *
+ * Returns: return a #gnutls_digest_algorithm_t value, or %GNUTLS_DIG_UNKNOWN
on error.
+ **/
gnutls_digest_algorithm_t
-_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
{
gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
@@ -228,8 +239,19 @@ _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t
sign)
return ret;
}
+/**
+ * gnutls_sign_get_pk_algorithm:
+ * @sign: is a signature algorithm
+ *
+ * This function returns the public key algorithm corresponding to
+ * the given signature algorithms.
+ *
+ * Since: 3.1.1
+ *
+ * Returns: return a #gnutls_pk_algorithm_t value, or %GNUTLS_PK_UNKNOWN on
error.
+ **/
gnutls_pk_algorithm_t
-_gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
+gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
{
gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
diff --git a/lib/auth/cert.h b/lib/auth/cert.h
index a5a80c0..a11caba 100644
--- a/lib/auth/cert.h
+++ b/lib/auth/cert.h
@@ -162,4 +162,7 @@ int _gnutls_selected_cert_supported_kx (struct
gnutls_session_int *session,
gnutls_kx_algorithm_t * alg,
int *alg_size);
+int
+_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res);
+
#endif
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 47724da..59e3750 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -270,11 +270,14 @@ _gnutls_session_get_sign_algo (gnutls_session_t session,
gnutls_pcert_st* cert)
for (i = 0; i < priv->sign_algorithms_size; i++)
{
- if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) ==
cert_algo)
+ if (gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == cert_algo)
{
if (_gnutls_pubkey_compatible_with_sig(cert->pubkey, ver,
priv->sign_algorithms[i]) < 0)
continue;
+ if (_gnutls_session_sign_algo_enabled(session,
priv->sign_algorithms[i]) < 0)
+ continue;
+
return priv->sign_algorithms[i];
}
}
@@ -434,3 +437,20 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t
session,
else
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
+
+/**
+ * gnutls_sign_algorithm_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the signature algorithm that is (or will be) used in this
+ * session to sign data.
+ *
+ * Returns: The sign algorithm or %GNUTLS_SIGN_UNKNOWN.
+ *
+ * Since: 3.1.1
+ **/
+int
+gnutls_sign_algorithm_get (gnutls_session_t session)
+{
+ return session->security_parameters.sign_algo;
+}
diff --git a/lib/ext/signature.h b/lib/ext/signature.h
index c9acbfc..40a5421 100644
--- a/lib/ext/signature.h
+++ b/lib/ext/signature.h
@@ -37,4 +37,10 @@ int _gnutls_sign_algorithm_write_params (gnutls_session_t
session,
uint8_t * data, size_t max_data_size);
int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
gnutls_sign_algorithm_t sig);
+
+static inline void
+gnutls_sign_algorithm_set (gnutls_session_t session, gnutls_sign_algorithm_t
sign)
+{
+ session->security_parameters.sign_algo = sign;
+}
#endif
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 9be2f03..61585af 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -825,4 +825,20 @@ gnutls_sign_callback_get (gnutls_session_t session, void
**userdata)
return session->internals.sign_func;
}
+/* returns error if the certificate has different algorithm than
+ * the given key parameters.
+ */
+int
+_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
+{
+ int pk =
gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts-1].cert_list[0].pubkey,
NULL);
+ int pk2 = gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL);
+ if (pk2 != pk)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ return 0;
+}
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index edb160a..8da6978 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -499,6 +499,9 @@ typedef struct
gnutls_ecc_curve_t ecc_curve; /* holds the first supported ECC curve
requested by client */
gnutls_protocol_t version; /* moved here */
+ /* Holds the signature algorithm used in this session - If any */
+ gnutls_sign_algorithm_t sign_algo;
+
/* FIXME: The following are not saved in the session storage
* for session resumption.
*/
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 4f86920..b894677 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -1402,7 +1402,7 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
return GNUTLS_E_INVALID_REQUEST;
}
- ret = pubkey_verify_data( pubkey->pk_algorithm,
_gnutls_sign_get_hash_algorithm(algo),
+ ret = pubkey_verify_data( pubkey->pk_algorithm,
gnutls_sign_get_hash_algorithm(algo),
data, signature, &pubkey->params);
if (ret < 0)
{
@@ -1479,7 +1479,7 @@ gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
return _gnutls_pk_verify (GNUTLS_PK_RSA, hash, signature, &key->params);
else
{
- return pubkey_verify_hashed_data (key->pk_algorithm,
_gnutls_sign_get_hash_algorithm(algo),
+ return pubkey_verify_hashed_data (key->pk_algorithm,
gnutls_sign_get_hash_algorithm(algo),
hash, signature, &key->params);
}
}
@@ -1564,7 +1564,7 @@ unsigned int hash_algo;
}
else if (sign != GNUTLS_SIGN_UNKNOWN)
{
- if (_gnutls_hash_get_algo_len(_gnutls_sign_get_hash_algorithm(sign))
< hash_size)
+ if (_gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign))
< hash_size)
return GNUTLS_E_UNWANTED_ALGORITHM;
}
@@ -1575,7 +1575,7 @@ unsigned int hash_algo;
{
hash_algo = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm,
&pubkey->params, &hash_size);
- if (_gnutls_hash_get_algo_len(_gnutls_sign_get_hash_algorithm(sign))
< hash_size)
+ if (_gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign))
< hash_size)
return GNUTLS_E_UNWANTED_ALGORITHM;
}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index c576655..6b5386a 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -76,8 +76,10 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_pcert_st* cert,
gnutls_assert ();
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
+
+ gnutls_sign_algorithm_set(session, *sign_algo);
- hash_algo = _gnutls_sign_get_hash_algorithm (*sign_algo);
+ hash_algo = gnutls_sign_get_hash_algorithm (*sign_algo);
_gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
session, gnutls_sign_algorithm_get_name (*sign_algo));
@@ -95,7 +97,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_pcert_st* cert,
GNUTLS_RANDOM_SIZE);
_gnutls_hash (&td_sha, params->data, params->size);
- switch (gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL))
+ switch (gnutls_privkey_get_pk_algorithm(pkey, NULL))
{
case GNUTLS_PK_RSA:
if (!_gnutls_version_has_selectable_sighash (ver))
@@ -326,7 +328,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_pcert_st* cert,
if (ret < 0)
return gnutls_assert_val(ret);
- hash_algo = _gnutls_sign_get_hash_algorithm (sign_algo);
+ hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
}
else
{
@@ -380,7 +382,7 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_pcert_st* cert,
dconcat.size -
_gnutls_hash_get_algo_len (hash_algo),
sign_algo,
- _gnutls_sign_get_pk_algorithm (sign_algo));
+ gnutls_sign_get_pk_algorithm (sign_algo));
if (ret < 0)
{
gnutls_assert ();
@@ -413,7 +415,7 @@ _gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t
session,
if (ret < 0)
return gnutls_assert_val(ret);
- hash_algo = _gnutls_sign_get_hash_algorithm(sign_algo);
+ hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
ret = _gnutls_hash_fast(hash_algo,
session->internals.handshake_hash_buffer.data,
session->internals.handshake_hash_buffer_prev_len,
@@ -552,8 +554,10 @@ _gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t
session,
gnutls_assert ();
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
+
+ gnutls_sign_algorithm_set(session, sign_algo);
- hash_algo = _gnutls_sign_get_hash_algorithm (sign_algo);
+ hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
_gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
gnutls_sign_algorithm_get_name (sign_algo),
@@ -598,11 +602,11 @@ _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
digest_hd_st td_md5;
digest_hd_st td_sha;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
- gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey,
NULL);
+ gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
if (_gnutls_version_has_selectable_sighash(ver))
return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey,
- signature);
+ signature);
ret =
_gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index a443cd1..b9719de 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -193,23 +193,6 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session,
* Read certificates and private keys, from files, memory etc.
*/
-/* returns error if the certificate has different algorithm than
- * the given key parameters.
- */
-static int
-_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
-{
- int pk =
gnutls_pubkey_get_pk_algorithm(res->certs[res->ncerts-1].cert_list[0].pubkey,
NULL);
-
- if (gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL) !=
- pk)
- {
- gnutls_assert ();
- return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
- }
-
- return 0;
-}
/* Returns the name of the certificate of a null name
*/
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 0156fc4..ec67403 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -783,6 +783,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
gnutls_compression_get (gnutls_session_t session);
gnutls_certificate_type_t
gnutls_certificate_type_get (gnutls_session_t session);
+
+ int gnutls_sign_algorithm_get (gnutls_session_t session);
int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
size_t indx,
@@ -801,6 +803,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
type);
const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
+ gnutls_digest_algorithm_t gnutls_sign_get_hash_algorithm
(gnutls_sign_algorithm_t);
+ gnutls_pk_algorithm_t gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
gnutls_sign_algorithm_t gnutls_pk_to_sign (gnutls_pk_algorithm_t pk,
gnutls_digest_algorithm_t d);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 3199bc6..50a6872 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -826,6 +826,9 @@ GNUTLS_3_1_0 {
gnutls_certificate_set_pin_function;
gnutls_x509_crt_set_pin_function;
gnutls_handshake_set_timeout;
+ gnutls_sign_get_pk_algorithm;
+ gnutls_sign_get_hash_algorithm;
+ gnutls_sign_algorithm_get;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 7065bf2..ceb53c4 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -157,7 +157,12 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
res->ncerts++;
- /* FIXME: Check if the keys match. */
+ ret = _gnutls_check_key_cert_match (res);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
return 0;
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 7ace55d..fb77087 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -367,7 +367,8 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t
key,
unsigned int *bits)
{
cdk_packet_t pkt;
- int algo;
+ int algo = 0, ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (!key)
{
@@ -375,13 +376,24 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t
key,
return GNUTLS_PK_UNKNOWN;
}
- algo = 0;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
- if (pkt)
+ ret = gnutls_openpgp_crt_get_preferred_key_id (key, keyid);
+ if (ret == 0)
{
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+ int idx;
+
+ idx = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
+ algo =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm (key, idx, NULL);
+ }
+ else
+ {
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ {
+ if (bits)
+ *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
+ algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+ }
}
return algo;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 8870ef6..bd04b21 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -253,7 +253,8 @@ gnutls_openpgp_privkey_get_pk_algorithm
(gnutls_openpgp_privkey_t key,
unsigned int *bits)
{
cdk_packet_t pkt;
- int algo;
+ int algo = 0, ret;
+ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (!key)
{
@@ -261,13 +262,24 @@ gnutls_openpgp_privkey_get_pk_algorithm
(gnutls_openpgp_privkey_t key,
return GNUTLS_PK_UNKNOWN;
}
- algo = 0;
- pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
- if (pkt)
+ ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+ if (ret == 0)
{
- if (bits)
- *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
- algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
+ int idx;
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+ algo =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
+ }
+ else
+ {
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt)
+ {
+ if (bits)
+ *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
+ algo = _gnutls_openpgp_get_algo
(pkt->pkt.secret_key->pk->pubkey_algo);
+ }
}
return algo;
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index 956229b..c4dec27 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2512,7 +2512,7 @@ int ret;
goto cleanup;
}
- algo = _gnutls_sign_get_hash_algorithm(ret);
+ algo = gnutls_sign_get_hash_algorithm(ret);
ret = _gnutls_x509_get_signature (crq->crq, "signature", &signature);
if (ret < 0)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 497f4dd..7f39fd8 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -477,7 +477,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
goto cleanup;
}
- hash_algo = _gnutls_sign_get_hash_algorithm(result);
+ hash_algo = gnutls_sign_get_hash_algorithm(result);
result =
_gnutls_x509_verify_data (hash_algo, &cert_signed_data, &cert_signature,
@@ -1034,7 +1034,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
goto cleanup;
}
- hash_algo = _gnutls_sign_get_hash_algorithm(result);
+ hash_algo = gnutls_sign_get_hash_algorithm(result);
result =
_gnutls_x509_verify_data (hash_algo, &crl_signed_data, &crl_signature,
diff --git a/tests/mini-handshake-timeout.c b/tests/mini-handshake-timeout.c
index 30d899f..d6a1501 100644
--- a/tests/mini-handshake-timeout.c
+++ b/tests/mini-handshake-timeout.c
@@ -68,7 +68,6 @@ client_log_func (int level, const char *str)
*/
static int counter;
-static int packet_to_lose;
gnutls_session_t session;
static void
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-12-g0b1dd6e,
Nikos Mavrogiannopoulos <=