]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added gnutls_sign_algorithm_get_client()
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 4 Apr 2013 17:14:44 +0000 (19:14 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 4 Apr 2013 17:14:44 +0000 (19:14 +0200)
lib/ext/signature.c
lib/ext/signature.h
lib/gnutls_int.h
lib/gnutls_session_pack.c
lib/gnutls_sig.c
lib/includes/gnutls/gnutls.h.in
lib/libgnutls.map

index a51b38ea04e3d282f07c11833bcc5a3f31a4a44d..3710867dee45b7da6098affce484d12c165e7081 100644 (file)
@@ -443,7 +443,7 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session,
  * @session: is a #gnutls_session_t structure.
  *
  * Returns the signature algorithm that is (or will be) used in this 
- * session to sign data.
+ * session by the server to sign data.
  *
  * Returns: The sign algorithm or %GNUTLS_SIGN_UNKNOWN.
  *
@@ -452,5 +452,22 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session,
 int
 gnutls_sign_algorithm_get (gnutls_session_t session)
 {
-  return session->security_parameters.sign_algo;
+  return session->security_parameters.server_sign_algo;
+}
+
+/**
+ * gnutls_sign_algorithm_get_client:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the signature algorithm that is (or will be) used in this 
+ * session by the client to sign data.
+ *
+ * Returns: The sign algorithm or %GNUTLS_SIGN_UNKNOWN.
+ *
+ * Since: 3.1.11
+ **/
+int
+gnutls_sign_algorithm_get_client (gnutls_session_t session)
+{
+  return session->security_parameters.client_sign_algo;
 }
index 3a23d5e65752a24a0798b7dbc6ad9fc6cc5b389a..55e9540cc2627d19a569146e587e78932224dc79 100644 (file)
@@ -39,8 +39,14 @@ int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
                                        gnutls_sign_algorithm_t sig);
 
 static inline void   
-gnutls_sign_algorithm_set (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+gnutls_sign_algorithm_set_server (gnutls_session_t session, gnutls_sign_algorithm_t sign)
 {
-  session->security_parameters.sign_algo = sign;
+  session->security_parameters.server_sign_algo = sign;
+}
+
+static inline void   
+gnutls_sign_algorithm_set_client (gnutls_session_t session, gnutls_sign_algorithm_t sign)
+{
+  session->security_parameters.client_sign_algo = sign;
 }
 #endif
index a05e939c0a445a5349a364276b50dd28e5912905..41efec903064009be5996cd0ed9ce78ac534cb49 100644 (file)
@@ -531,7 +531,8 @@ typedef struct
   gnutls_protocol_t version;    /* moved here */
 
   /* Holds the signature algorithm used in this session - If any */
-  gnutls_sign_algorithm_t sign_algo;
+  gnutls_sign_algorithm_t server_sign_algo;
+  gnutls_sign_algorithm_t client_sign_algo;
 
   /* FIXME: The following are not saved in the session storage
    * for session resumption.
index 035e0f86fe9e2a80b1a492f357cd65e3172d20e1..c2cb25dc6e7d762a87e31919fe76d557e89e7ee1 100644 (file)
@@ -799,6 +799,9 @@ pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
   BUFFER_APPEND (ps, &session->security_parameters.new_record_padding, 1);
   BUFFER_APPEND_NUM (ps, session->security_parameters.ecc_curve);
 
+  BUFFER_APPEND_NUM (ps, session->security_parameters.server_sign_algo);
+  BUFFER_APPEND_NUM (ps, session->security_parameters.client_sign_algo);
+
   _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
 
   return 0;
@@ -860,6 +863,10 @@ unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
 
   BUFFER_POP_NUM (ps,
                   session->internals.resumed_security_parameters.ecc_curve);
+  BUFFER_POP_NUM (ps,
+                  session->internals.resumed_security_parameters.server_sign_algo);
+  BUFFER_POP_NUM (ps,
+                  session->internals.resumed_security_parameters.client_sign_algo);
 
   if (session->internals.resumed_security_parameters.max_record_recv_size == 0 ||
       session->internals.resumed_security_parameters.max_record_send_size == 0)
index dd9d80d9cef2a68c7e83cacefa7a123b9ea8bbdc..7d1f575723c287fe8de456ed4b32b58e26f1c2d4 100644 (file)
@@ -76,8 +76,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
       gnutls_assert ();
       return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
     }
-    
-  gnutls_sign_algorithm_set(session, *sign_algo);
+
+  gnutls_sign_algorithm_set_server(session, *sign_algo);
 
   hash_algo = gnutls_sign_get_hash_algorithm (*sign_algo);
 
@@ -288,6 +288,8 @@ verify_tls_hash (gnutls_session_t session,
       return GNUTLS_E_INTERNAL_ERROR;
     }
 
+  gnutls_sign_algorithm_set_server(session, sign_algo);
+
   ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags, 
                                    &vdata, signature);
 
@@ -413,6 +415,8 @@ _gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
   ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
   if (ret < 0)
     return gnutls_assert_val(ret);
+
+  gnutls_sign_algorithm_set_client(session, sign_algo);
   
   hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
   
@@ -530,7 +534,6 @@ _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
     }
 
   return ret;
-
 }
 
 /* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2
@@ -554,7 +557,7 @@ _gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
       return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
     }
   
-  gnutls_sign_algorithm_set(session, sign_algo);
+  gnutls_sign_algorithm_set_client(session, sign_algo);
 
   hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
 
index a4a73cdee3fae18ab7a3daf79618c3b99d956072..779556cd2d09fe853ce5f74cab8dafe02aa3213b 100644 (file)
@@ -812,6 +812,7 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
     gnutls_certificate_type_get (gnutls_session_t session);
     
   int gnutls_sign_algorithm_get (gnutls_session_t session);
+  int gnutls_sign_algorithm_get_client (gnutls_session_t session);
 
   int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
                                            size_t indx,
index aaa926e69a34b086f535f660ad80fe1076ff57a9..8573d2b2e7c8c507bd868e7b9dd2896b7991daee 100644 (file)
@@ -905,6 +905,7 @@ GNUTLS_3_1_0 {
        gnutls_privkey_status;
        gnutls_cipher_get_iv_size;
        gnutls_hmac_set_nonce;
+       gnutls_sign_algorithm_get_client;
 } GNUTLS_3_0_0;
 
 GNUTLS_PRIVATE {