Fixes to enable external signing callback to

operate with TLS 1.2.
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-10-07 18:12:11 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-10-07 18:12:11 +0200
commit: d2296c22b1f210dbe9b5afdd4eb203f2d9716ab0 (patch)
tree: 007b6d06a3e9a3d8660f01e48d9bfeca5ecb86e9
parent: ecf42a3686c853bf365424cd5bc168bfed9be29b (diff)
download: gnutls-d2296c22b1f210dbe9b5afdd4eb203f2d9716ab0.tar.gz
2 files changed, 32 insertions, 3 deletions
diff --git a/NEWS b/NEWS
index 9bbbe404d4..32d41b9841 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ Version 2.12.12 (unreleased)
 
 ** gnulib: updated
 
+** libgnutls: Fixes to enable external signing callback to
+operate with TLS 1.2. 
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 9a925c3eba..9aab6894d1 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -228,12 +228,38 @@ sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
       /* External signing. */
       if (!pkey)
         {
+          int ret;
+
           if (!session->internals.sign_func)
             return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 
-          return (*session->internals.sign_func)
-            (session, session->internals.sign_func_userdata,
-             cert->cert_type, &cert->raw, hash_concat, signature);
+          if (!_gnutls_version_has_selectable_sighash (ver))
+            return (*session->internals.sign_func)
+              (session, session->internals.sign_func_userdata,
+               cert->cert_type, &cert->raw, hash_concat, signature);
+          else
+            {
+              gnutls_datum_t digest;
+
+              ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
+              if (ret < 0)
+                return gnutls_assert_val(ret);
+              
+              ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest);
+              if (ret < 0)
+                {
+                  gnutls_assert ();
+                  goto es_cleanup;
+                }
+
+              ret = (*session->internals.sign_func)
+                (session, session->internals.sign_func_userdata,
+                 cert->cert_type, &cert->raw, &digest, signature);
+es_cleanup:
+              gnutls_free(digest.data);
+              
+              return ret;
+            }
         }
     }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-10-07 18:12:11 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-10-07 18:12:11 +0200
commit	d2296c22b1f210dbe9b5afdd4eb203f2d9716ab0 (patch)
tree	007b6d06a3e9a3d8660f01e48d9bfeca5ecb86e9
parent	ecf42a3686c853bf365424cd5bc168bfed9be29b (diff)
download	gnutls-d2296c22b1f210dbe9b5afdd4eb203f2d9716ab0.tar.gz