diff options
Diffstat (limited to 'lib/gnutls_pubkey.c')
-rw-r--r-- | lib/gnutls_pubkey.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index a153a7a167..91f599ee0d 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -1776,8 +1776,7 @@ const mac_entry_st* me; if (pubkey->pk_algorithm == GNUTLS_PK_DSA) { - me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params); - hash_size = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */ if (!_gnutls_version_has_selectable_sighash (ver)) @@ -1798,8 +1797,7 @@ const mac_entry_st* me; { if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN) { - me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params); - hash_size = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign)); sig_hash_size = _gnutls_hash_get_algo_len(me); @@ -1907,10 +1905,8 @@ dsa_verify_hashed_data (gnutls_pk_algorithm_t pk, unsigned int hash_len; if (algo == NULL) - algo = _gnutls_dsa_q_to_hash (pk, params); + algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len); - hash_len = _gnutls_hash_get_algo_len(algo); - /* SHA1 or better allowed */ if (!hash->data || hash->size < hash_len) { @@ -1941,7 +1937,7 @@ dsa_verify_data (gnutls_pk_algorithm_t pk, digest_hd_st hd; if (algo == NULL) - algo = _gnutls_dsa_q_to_hash (pk, params); + algo = _gnutls_dsa_q_to_hash (pk, params, NULL); ret = _gnutls_hash_init (&hd, algo); if (ret < 0) @@ -2041,7 +2037,8 @@ pubkey_verify_data (gnutls_pk_algorithm_t pk, } const mac_entry_st* -_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params) +_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params, + unsigned int* hash_len) { int bits = 0; int ret; @@ -2053,26 +2050,32 @@ _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* pa if (bits <= 160) { + if (hash_len) *hash_len = 20; ret = GNUTLS_DIG_SHA1; } else if (bits <= 192) { + if (hash_len) *hash_len = 24; ret = GNUTLS_DIG_SHA256; } else if (bits <= 224) { + if (hash_len) *hash_len = 28; ret = GNUTLS_DIG_SHA256; } else if (bits <= 256) { + if (hash_len) *hash_len = 32; ret = GNUTLS_DIG_SHA256; } else if (bits <= 384) { + if (hash_len) *hash_len = 48; ret = GNUTLS_DIG_SHA384; } else { + if (hash_len) *hash_len = 64; ret = GNUTLS_DIG_SHA512; } |