diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-28 17:29:56 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-28 17:29:56 +0100 |
commit | cd50caff722fe17454770446bd5aaef59f3d50d7 (patch) | |
tree | 7318962692f3ad8aad40fef5e58106fecac0bc54 | |
parent | 3b717f9be88799d139dce2c7800f8d49cdf086d9 (diff) | |
download | gnutls-cd50caff722fe17454770446bd5aaef59f3d50d7.tar.gz |
Restrict the signature algorithms we advertize to SHA1 and SHA256.
-rw-r--r-- | lib/ext_signature.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 4b5f4e27bd..5e62f5c599 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -73,7 +73,7 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data, size_t max_data_size) { opaque *p = data, *len_p; - int len, i, j; + int len, i, j, hash; const sign_algorithm_st *aid; if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) + 2) @@ -89,6 +89,13 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data, for (i = j = 0; j < session->internals.priorities.sign_algo.algorithms; i += 2, j++) { + /* In gnutls we keep a state of SHA1 and SHA256 and thus cannot + * use anything else. + */ + hash = _gnutls_sign_get_hash_algorithm(session->internals.priorities.sign_algo.priority[j]); + if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA256) + continue; + aid = _gnutls_sign_to_tls_aid (session->internals.priorities. sign_algo.priority[j]); |