diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-10-07 18:12:11 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-10-07 18:12:11 +0200 |
commit | d2296c22b1f210dbe9b5afdd4eb203f2d9716ab0 (patch) | |
tree | 007b6d06a3e9a3d8660f01e48d9bfeca5ecb86e9 | |
parent | ecf42a3686c853bf365424cd5bc168bfed9be29b (diff) | |
download | gnutls-d2296c22b1f210dbe9b5afdd4eb203f2d9716ab0.tar.gz |
Fixes to enable external signing callback to
operate with TLS 1.2.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | lib/gnutls_sig.c | 32 |
2 files changed, 32 insertions, 3 deletions
@@ -7,6 +7,9 @@ Version 2.12.12 (unreleased) ** gnulib: updated +** libgnutls: Fixes to enable external signing callback to +operate with TLS 1.2. + ** API and ABI modifications: No changes since last version. diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 9a925c3eba..9aab6894d1 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -228,12 +228,38 @@ sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo, /* External signing. */ if (!pkey) { + int ret; + if (!session->internals.sign_func) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - return (*session->internals.sign_func) - (session, session->internals.sign_func_userdata, - cert->cert_type, &cert->raw, hash_concat, signature); + if (!_gnutls_version_has_selectable_sighash (ver)) + return (*session->internals.sign_func) + (session, session->internals.sign_func_userdata, + cert->cert_type, &cert->raw, hash_concat, signature); + else + { + gnutls_datum_t digest; + + ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest); + if (ret < 0) + { + gnutls_assert (); + goto es_cleanup; + } + + ret = (*session->internals.sign_func) + (session, session->internals.sign_func_userdata, + cert->cert_type, &cert->raw, &digest, signature); +es_cleanup: + gnutls_free(digest.data); + + return ret; + } } } |