diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-10-12 23:23:11 +0300 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2007-10-12 23:23:11 +0300 |
commit | 7f8c8ee533c924acd839072d0c921c7676acf7a1 (patch) | |
tree | 8e0317b5986192d1087a14864e4c5a26459667c5 | |
parent | 230c4e8d2085e0bd91d3312f1850def7f1b810f4 (diff) | |
download | gnutls-7f8c8ee533c924acd839072d0c921c7676acf7a1.tar.gz |
Added support for DSA2 (key sizes for more than 1024 bits on DSA) via libgcrypt 1.3.0.
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | lib/gnutls_algorithms.c | 2 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 4 | ||||
-rw-r--r-- | lib/x509/dsa.c | 2 | ||||
-rw-r--r-- | lib/x509/sign.c | 1 | ||||
-rw-r--r-- | src/certtool-gaa.c | 2 | ||||
-rw-r--r-- | src/certtool.c | 7 | ||||
-rw-r--r-- | src/certtool.gaa | 2 |
8 files changed, 9 insertions, 13 deletions
diff --git a/configure.in b/configure.in index 86804b8499..c676a98d3a 100644 --- a/configure.in +++ b/configure.in @@ -44,7 +44,7 @@ ac_full=1 SOVERSION=`expr ${LT_CURRENT} - ${LT_AGE}` AC_SUBST(SOVERSION) -GNUTLS_GCRYPT_VERSION=1:1.2.2 +GNUTLS_GCRYPT_VERSION=1:1.3.0 GNUTLS_LIBTASN1_VERSION=0.3.4 AC_DEFINE_UNQUOTED(GNUTLS_GCRYPT_VERSION, "$GNUTLS_GCRYPT_VERSION", [version of gcrypt]) AC_DEFINE_UNQUOTED(GNUTLS_LIBTASN1_VERSION, "$GNUTLS_LIBTASN1_VERSION", [version of libtasn1]) diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index e483ae16db..6bca42be67 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -202,8 +202,8 @@ struct gnutls_hash_entry { const char *name; const char *oid; - size_t key_size; /* in case of mac */ gnutls_mac_algorithm_t id; + size_t key_size; /* in case of mac */ }; typedef struct gnutls_hash_entry gnutls_hash_entry; diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 528255b90d..04e42ca958 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -440,8 +440,8 @@ _gnutls_dsa_sign (gnutls_datum_t * signature, size_t k; k = hash->size; - if (k != 20) - { /* SHA only */ + if (k < 20) + { /* SHA1 or better only */ gnutls_assert (); return GNUTLS_E_PK_SIGN_FAILED; } diff --git a/lib/x509/dsa.c b/lib/x509/dsa.c index 46559746e1..5d46c26cac 100644 --- a/lib/x509/dsa.c +++ b/lib/x509/dsa.c @@ -39,7 +39,7 @@ _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) int ret; gcry_sexp_t parms, key, list; - if (bits < 512 || bits > 1024) + if (bits < 512) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/x509/sign.c b/lib/x509/sign.c index c1c230f7ff..80e7e8e232 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -60,6 +60,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, if (algo == NULL) { gnutls_assert (); + _gnutls_x509_log("Hash algorithm: %d\n", hash); return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c index 2f2266e577..3c9e75bbdf 100644 --- a/src/certtool-gaa.c +++ b/src/certtool-gaa.c @@ -1065,7 +1065,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval) { #line 114 "certtool.gaa" -{ gaaval->bits = 1024; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; +{ gaaval->bits = 2048; gaaval->pkcs8 = 0; gaaval->privkey = NULL; gaaval->ca=NULL; gaaval->ca_privkey = NULL; gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL; gaaval->outfile = NULL; gaaval->cert = NULL; gaaval->incert_format = 0; gaaval->outcert_format = 0; gaaval->action=-1; gaaval->pass = NULL; gaaval->export = 0; gaaval->template = NULL; gaaval->hash=NULL; gaaval->fix_key = 0; gaaval->quick_random=0; ;}; diff --git a/src/certtool.c b/src/certtool.c index 0ecfca88e2..16553899c3 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -122,12 +122,7 @@ generate_private_key_int (void) int ret, key_type; if (info.dsa) - { - key_type = GNUTLS_PK_DSA; - - if (info.bits > 1024) - error (EXIT_FAILURE, 0, "--dsa is incompatible with --bits > 1024"); - } + key_type = GNUTLS_PK_DSA; else key_type = GNUTLS_PK_RSA; diff --git a/src/certtool.gaa b/src/certtool.gaa index 828b3253f3..a854e1072a 100644 --- a/src/certtool.gaa +++ b/src/certtool.gaa @@ -111,7 +111,7 @@ option (h, help) { gaa_help(); exit(0); } "shows this help text" option (v, version) { certtool_version(); exit(0); } "shows the program's version" -init { $bits = 1024; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; +init { $bits = 2048; $pkcs8 = 0; $privkey = NULL; $ca=NULL; $ca_privkey = NULL; $debug=1; $request = NULL; $infile = NULL; $outfile = NULL; $cert = NULL; $incert_format = 0; $outcert_format = 0; $action=-1; $pass = NULL; $export = 0; $template = NULL; $hash=NULL; $fix_key = 0; $quick_random=0; } |