diff options
| author | Daiki Ueno <dueno@redhat.com> | 2020-03-15 11:18:30 +0100 |
|---|---|---|
| committer | Daiki Ueno <dueno@redhat.com> | 2020-03-19 16:56:49 +0100 |
| commit | ab032b55834ed837f4093d9fe59190e74d52d250 (patch) | |
| tree | c493e38e469592256151a9ced3f7916b9ef637b0 | |
| parent | f523ca002e8ce823bca376e7fefe6169c1bdb636 (diff) | |
| download | gnutls-tmp-prf-get.tar.gz | |
state: add function to get the current hash algorithmtmp-prf-get
This is particularly useful when the application applies key
derivation function by itself with the same underlying hash algorithm
as the session.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | devel/libgnutls-latest-x86_64.abi | 1 | ||||
| -rw-r--r-- | devel/symbols.last | 1 | ||||
| -rw-r--r-- | doc/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/manpages/Makefile.am | 1 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 1 | ||||
| -rw-r--r-- | lib/libgnutls.map | 1 | ||||
| -rw-r--r-- | lib/state.c | 26 | ||||
| -rw-r--r-- | tests/prf.c | 6 | ||||
| -rw-r--r-- | tests/tls13/prf.c | 6 |
10 files changed, 46 insertions, 0 deletions
@@ -17,6 +17,7 @@ gnutls_hkdf_extract: Added gnutls_hkdf_expand: Added gnutls_pbkdf2: Added gnutls_session_set_keylog_function: Added +gnutls_prf_hash_get: Added * Version 3.6.12 (released 2020-02-01) diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi index 78d61778e4..76552ab037 100644 --- a/devel/libgnutls-latest-x86_64.abi +++ b/devel/libgnutls-latest-x86_64.abi @@ -48,6 +48,7 @@ <elf-symbol name='_gnutls_mpi_log' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> <elf-symbol name='_gnutls_pkcs11_token_get_url' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> <elf-symbol name='_gnutls_pkcs12_string_to_key' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> + <elf-symbol name='gnutls_prf_hash_get' version='GNUTLS_3_6_13' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> <elf-symbol name='_gnutls_prf_raw' version='GNUTLS_FIPS140_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> <elf-symbol name='_gnutls_record_overhead' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> <elf-symbol name='_gnutls_record_set_default_version' version='GNUTLS_PRIVATE_3_4' is-default-version='yes' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/> diff --git a/devel/symbols.last b/devel/symbols.last index 4654e4f708..70ef6b3f18 100644 --- a/devel/symbols.last +++ b/devel/symbols.last @@ -576,6 +576,7 @@ gnutls_pkcs_schema_get_name@GNUTLS_3_4 gnutls_pkcs_schema_get_oid@GNUTLS_3_4 gnutls_prf@GNUTLS_3_4 gnutls_prf_early@GNUTLS_3_6_8 +gnutls_prf_hash_get@GNUTLS_3_6_13 gnutls_prf_raw@GNUTLS_3_4 gnutls_prf_rfc5705@GNUTLS_3_4 gnutls_priority_certificate_type_list2@GNUTLS_3_6_4 diff --git a/doc/Makefile.am b/doc/Makefile.am index 0d24b33720..dd962d6a78 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1573,6 +1573,8 @@ FUNCS += functions/gnutls_prf FUNCS += functions/gnutls_prf.short FUNCS += functions/gnutls_prf_early FUNCS += functions/gnutls_prf_early.short +FUNCS += functions/gnutls_prf_hash_get +FUNCS += functions/gnutls_prf_hash_get.short FUNCS += functions/gnutls_prf_raw FUNCS += functions/gnutls_prf_raw.short FUNCS += functions/gnutls_prf_rfc5705 diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index ca0e279e1c..6d381d8bd0 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -588,6 +588,7 @@ APIMANS += gnutls_pk_list.3 APIMANS += gnutls_pk_to_sign.3 APIMANS += gnutls_prf.3 APIMANS += gnutls_prf_early.3 +APIMANS += gnutls_prf_hash_get.3 APIMANS += gnutls_prf_raw.3 APIMANS += gnutls_prf_rfc5705.3 APIMANS += gnutls_priority_certificate_type_list.3 diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 3592d3c071..b0832a9bdd 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -1275,6 +1275,7 @@ gnutls_group_t gnutls_group_get(gnutls_session_t session); gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session); gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session); gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session); +gnutls_digest_algorithm_t gnutls_prf_hash_get(const gnutls_session_t session); gnutls_certificate_type_t gnutls_certificate_type_get(gnutls_session_t session); gnutls_certificate_type_t diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 234d43e755..3cc321beb8 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1316,6 +1316,7 @@ GNUTLS_3_6_13 gnutls_hkdf_expand; gnutls_pbkdf2; gnutls_session_set_keylog_function; + gnutls_prf_hash_get; } GNUTLS_3_6_12; GNUTLS_FIPS140_3_4 { diff --git a/lib/state.c b/lib/state.c index 35ebb2a230..d4d5254228 100644 --- a/lib/state.c +++ b/lib/state.c @@ -230,6 +230,32 @@ gnutls_compression_get(gnutls_session_t session) return GNUTLS_COMP_NULL; } +/** + * gnutls_prf_hash_get: + * @session: is a #gnutls_session_t type. + * + * Get the currently used hash algorithm. In TLS 1.3, the hash + * algorithm is used for both the key derivation function and + * handshake message authentication code. In TLS 1.2, it matches the + * hash algorithm used for PRF. + * + * Returns: the currently used hash algorithm, a + * #gnutls_digest_algorithm_t value. + * + * Since: 3.6.13 + **/ +gnutls_digest_algorithm_t +gnutls_prf_hash_get(const gnutls_session_t session) +{ + if (session->security_parameters.prf == NULL) + return gnutls_assert_val(GNUTLS_DIG_UNKNOWN); + + if (session->security_parameters.prf->id >= GNUTLS_MAC_AEAD) + return gnutls_assert_val(GNUTLS_DIG_UNKNOWN); + + return (gnutls_digest_algorithm_t)session->security_parameters.prf->id; +} + void reset_binders(gnutls_session_t session) { _gnutls_free_temp_key_datum(&session->key.binders[0].psk); diff --git a/tests/prf.c b/tests/prf.c index c4c7a0dac2..aa4f36af6a 100644 --- a/tests/prf.c +++ b/tests/prf.c @@ -323,6 +323,12 @@ static void client(int fd) exit(1); } + ret = gnutls_prf_hash_get(session); + if (ret != GNUTLS_DIG_MD5_SHA1) { + fprintf(stderr, "negotiated unexpected hash: %s\n", gnutls_digest_get_name(ret)); + exit(1); + } + check_prfs(session); gnutls_bye(session, GNUTLS_SHUT_WR); diff --git a/tests/tls13/prf.c b/tests/tls13/prf.c index a8a529bcb8..c9c9f80b7b 100644 --- a/tests/tls13/prf.c +++ b/tests/tls13/prf.c @@ -234,6 +234,12 @@ static void client(int fd) exit(1); } + ret = gnutls_prf_hash_get(session); + if (ret != GNUTLS_DIG_SHA384) { + fprintf(stderr, "negotiated unexpected hash: %s\n", gnutls_digest_get_name(ret)); + exit(1); + } + check_prfs(session); gnutls_bye(session, GNUTLS_SHUT_WR); |