diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-08 18:53:54 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-08 18:53:54 +0100 |
| commit | ea683ee362fb13fa7515a2cd5f9c31c99c0366a4 (patch) | |
| tree | 79ce9dd4f602d0fb8745acbcf12c0b6f1c198df3 /lib/gnutls_algorithms.c | |
| parent | 145db1e3a427a508afb0de08f3135a3f90dcf8eb (diff) | |
| download | gnutls-ea683ee362fb13fa7515a2cd5f9c31c99c0366a4.tar.gz | |
Several updates in signature algorithms parsing and sending to avoid sending invalid signature algorithms.
Diffstat (limited to 'lib/gnutls_algorithms.c')
| -rw-r--r-- | lib/gnutls_algorithms.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 027bf5d99c..cf9a314390 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -1941,11 +1941,12 @@ struct gnutls_sign_entry gnutls_mac_algorithm_t mac; /* See RFC 5246 HashAlgorithm and SignatureAlgorithm for values to use in aid struct. */ - sign_algorithm_st aid; + const sign_algorithm_st aid; }; typedef struct gnutls_sign_entry gnutls_sign_entry; #define TLS_SIGN_AID_UNKNOWN {255, 255} +static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN; static const gnutls_sign_entry sign_algorithms[] = { {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, @@ -2147,21 +2148,31 @@ _gnutls_tls_aid_to_sign (const sign_algorithm_st * aid) { gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; + if (memcmp(aid, &unknown_tls_aid, sizeof(aid))==0) + return ret; + GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm && p->aid.sign_algorithm == aid->sign_algorithm) { - ret = p->id; break;} + ret = p->id; break; + } ); + return ret; } -sign_algorithm_st +/* Returns NULL if a valid AID is not found + */ +const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign) { - sign_algorithm_st ret = TLS_SIGN_AID_UNKNOWN; + const sign_algorithm_st * ret = NULL; + + GNUTLS_SIGN_ALG_LOOP (ret = &p->aid); - GNUTLS_SIGN_ALG_LOOP (ret = p->aid); + if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0) + return NULL; return ret; } |