Fixes to enable external signing callback to

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)
diff --git a/NEWS b/NEWS

index 9bbbe404d41cb958da65a1bd3e13858a71f00a49..32d41b984118aa382f6ad7bee93bac1ead78c953 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ Version 2.12.12 (unreleased)
  
  ** gnulib: updated
  
+** libgnutls: Fixes to enable external signing callback to
+operate with TLS 1.2. 
+
  ** API and ABI modifications:
  No changes since last version.
  
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c

index 9a925c3eba4086890260d26b415215fac5a20ee0..9aab6894d18d759dcf28d245c0b5e6078202adad 100644 (file)
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -228,12 +228,38 @@ sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
        /* External signing. */
        if (!pkey)
          {
+          int ret;
+
            if (!session->internals.sign_func)
              return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
  
-          return (*session->internals.sign_func)
-            (session, session->internals.sign_func_userdata,
-             cert->cert_type, &cert->raw, hash_concat, signature);
+          if (!_gnutls_version_has_selectable_sighash (ver))
+            return (*session->internals.sign_func)
+              (session, session->internals.sign_func_userdata,
+               cert->cert_type, &cert->raw, hash_concat, signature);
+          else
+            {
+              gnutls_datum_t digest;
+
+              ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
+              if (ret < 0)
+                return gnutls_assert_val(ret);
+              
+              ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest);
+              if (ret < 0)
+                {
+                  gnutls_assert ();
+                  goto es_cleanup;
+                }
+
+              ret = (*session->internals.sign_func)
+                (session, session->internals.sign_func_userdata,
+                 cert->cert_type, &cert->raw, &digest, signature);
+es_cleanup:
+              gnutls_free(digest.data);
+              
+              return ret;
+            }
          }
      }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Fri, 7 Oct 2011 16:12:11 +0000 (18:12 +0200)
NEWS		patch \| blob \| blame \| history
lib/gnutls_sig.c		patch \| blob \| blame \| history