diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-27 23:40:55 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-27 23:40:55 +0000 |
| commit | 883c576dcfd2b6c0a964e943a05c14b34557e1e1 (patch) | |
| tree | 9da89e31a4963f6d3b475710ac2f241a8061531d | |
| parent | d49539ed0fcced225c590b9c8f940ef5ee08297f (diff) | |
| download | gnutls-883c576dcfd2b6c0a964e943a05c14b34557e1e1.tar.gz | |
Added support for MD2 signature verification in X.509 certificates.
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 4 | ||||
| -rw-r--r-- | lib/gnutls_algorithms.c | 1 | ||||
| -rw-r--r-- | lib/gnutls_hash_int.c | 27 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 2 | ||||
| -rw-r--r-- | lib/x509/verify.c | 6 |
6 files changed, 36 insertions, 5 deletions
@@ -6,6 +6,7 @@ Version 0.9.0 the gnutls_global_set_log_function(). - gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use gnutls_malloc() to allocate the output parameters. +- Added support for MD2 algorithm in certificate signature verification. - The RSA and DH parameter generation interface was changed. Added ability to import and export from and to PKCS3 structures. This was needed to read parameters generated using the openssl dhparam tool. diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index b32a9bbcae..28a453bcea 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -63,11 +63,11 @@ typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, typedef enum gnutls_credentials_type { GNUTLS_CRD_CERTIFICATE=1, GNUTLS_CRD_ANON, GNUTLS_CRD_SRP } gnutls_credentials_type; -typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } gnutls_mac_algorithm; +typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_MD2 } gnutls_mac_algorithm; /* The enumerations here should have the same value with gnutls_mac_algorithm. */ -typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA } gnutls_digest_algorithm; +typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, GNUTLS_DIG_SHA, GNUTLS_DIG_MD2 } gnutls_digest_algorithm; /* exported for other gnutls headers. This is the maximum number * of algorithms (ciphers, kx or macs). diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index ba37edb195..ff09838888 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -162,6 +162,7 @@ typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { {"SHA", GNUTLS_MAC_SHA, 20}, {"MD5", GNUTLS_MAC_MD5, 16}, + {"MD2", GNUTLS_MAC_MD2, 16}, {"NULL", GNUTLS_MAC_NULL, 0}, {0, 0, 0} }; diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 829414748b..ebbb06b830 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -55,6 +55,17 @@ GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm) } break; + case GNUTLS_MAC_MD2: + ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT)); + if (ret == NULL) + return GNUTLS_HASH_FAILED; + ret->handle = gcry_md_open(GCRY_MD_MD2, 0); + if (!ret->handle) { + gnutls_free(ret); + ret = GNUTLS_HASH_FAILED; + } + break; + default: ret = GNUTLS_HASH_FAILED; } @@ -76,6 +87,9 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm) case GNUTLS_MAC_MD5: ret = gcry_md_get_algo_dlen(GCRY_MD_MD5); break; + case GNUTLS_MAC_MD2: + ret = gcry_md_get_algo_dlen(GCRY_MD_MD2); + break; default: ret = 0; } @@ -163,6 +177,16 @@ GNUTLS_MAC_HANDLE _gnutls_hmac_init(gnutls_mac_algorithm algorithm, if (!ret->handle) ret = GNUTLS_MAC_FAILED; break; + case GNUTLS_MAC_MD2: + ret = gnutls_malloc(sizeof(GNUTLS_MAC_HANDLE_INT)); + if (ret == NULL) + return GNUTLS_MAC_FAILED; + + ret->handle = gcry_md_open(GCRY_MD_MD2, GCRY_MD_FLAG_HMAC); + + if (!ret->handle) + ret = GNUTLS_MAC_FAILED; + break; default: ret = GNUTLS_MAC_FAILED; } @@ -195,6 +219,9 @@ int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm) case GNUTLS_MAC_MD5: ret = gcry_md_get_algo_dlen(GCRY_MD_MD5); break; + case GNUTLS_MAC_MD2: + ret = gcry_md_get_algo_dlen(GCRY_MD_MD2); + break; default: ret = 0; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 9999498fa5..4fd336172f 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -165,7 +165,7 @@ typedef enum gnutls_kx_algorithm { GNUTLS_KX_RSA=1, GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS } gnutls_kx_algorithm; -typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA } gnutls_mac_algorithm; +typedef enum gnutls_mac_algorithm { GNUTLS_MAC_NULL=1, GNUTLS_MAC_MD5, GNUTLS_MAC_SHA, GNUTLS_MAC_MD2 } gnutls_mac_algorithm; typedef gnutls_mac_algorithm gnutls_digest_algorithm; typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB, diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 79f6b18b84..562bf0ac17 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -352,6 +352,7 @@ unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt * certificate_list, #define OID_SHA1 "1.3.14.3.2.26" #define OID_MD5 "1.2.840.113549.2.5" +#define OID_MD2 "1.2.840.113549.2.2" /* Reads the digest information. * we use DER here, although we should use BER. It works fine @@ -391,9 +392,10 @@ int len; if ( strcmp(str, OID_MD5)==0) { /* MD5 */ *hash = GNUTLS_MAC_MD5; - } else - if ( strcmp(str, OID_SHA1)==0) { /* SHA1 ID */ + } else if ( strcmp(str, OID_SHA1)==0) { /* SHA1 ID */ *hash = GNUTLS_MAC_SHA; + } else if ( strcmp(str, OID_MD2)==0) { /* MD2 */ + *hash = GNUTLS_MAC_MD2; } if (*hash==(gnutls_mac_algorithm)-1) { |