diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-12 20:08:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-12 20:08:07 +0100 |
commit | f379890f2e62b3134d3909849595044eaa4b4c3a (patch) | |
tree | b92c7966de29edf71118aa866a9d22bb764265e9 | |
parent | 92ce5034ada4aa57ab3cc4ff7ddce0eab3aaa2b0 (diff) | |
download | gnutls-f379890f2e62b3134d3909849595044eaa4b4c3a.tar.gz |
Only list algorithms if they are implemented.
-rw-r--r-- | lib/algorithms/ciphers.c | 5 | ||||
-rw-r--r-- | lib/algorithms/mac.c | 26 | ||||
-rw-r--r-- | lib/crypto-backend.h | 12 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.c | 15 | ||||
-rw-r--r-- | lib/gnutls_cipher_int.h | 1 | ||||
-rw-r--r-- | lib/gnutls_hash_int.c | 14 | ||||
-rw-r--r-- | lib/gnutls_hash_int.h | 1 | ||||
-rw-r--r-- | lib/nettle/cipher.c | 23 | ||||
-rw-r--r-- | lib/nettle/mac.c | 35 |
9 files changed, 120 insertions, 12 deletions
diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index b09608642c..788b27de0c 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -249,7 +249,10 @@ static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0}; { int i = 0; - GNUTLS_CIPHER_LOOP (supported_ciphers[i++]=p->id); + GNUTLS_CIPHER_LOOP ( + if (_gnutls_cipher_exists(p->id)) + supported_ciphers[i++]=p->id; + ); supported_ciphers[i++]=0; } diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 27b6ca425a..e60555aae9 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -31,20 +31,21 @@ struct gnutls_hash_entry const char *oid; gnutls_mac_algorithm_t id; size_t key_size; /* in case of mac */ + unsigned placeholder; /* if set, then not a real MAC */ }; typedef struct gnutls_hash_entry gnutls_hash_entry; static const gnutls_hash_entry hash_algorithms[] = { - {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20}, - {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16}, - {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32}, - {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48}, - {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64}, - {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28}, - {"AEAD", NULL, GNUTLS_MAC_AEAD, 0}, - {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */ - {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20}, - {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0}, + {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 0}, + {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 0}, + {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 0}, + {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 0}, + {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 0}, + {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 0}, + {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 1}, + {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0}, /* not used as MAC */ + {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 0}, + {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0}, {0, 0, 0, 0} }; @@ -157,7 +158,10 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 }; { int i = 0; - GNUTLS_HASH_LOOP ( supported_macs[i++]=p->id); + GNUTLS_HASH_LOOP ( + if (p->placeholder != 0 || _gnutls_hmac_exists(p->id)) + supported_macs[i++]=p->id; + ); supported_macs[i++]=0; } diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h index a49b48826c..677d4551bd 100644 --- a/lib/crypto-backend.h +++ b/lib/crypto-backend.h @@ -41,6 +41,10 @@ int (*auth) (void *ctx, const void *data, size_t datasize); void (*tag) (void *ctx, void *tag, size_t tagsize); void (*deinit) (void *ctx); + + /* Not needed for registered on run-time. Only included + * should define it. */ + int (*exists) (gnutls_cipher_algorithm_t); /* true/false */ } gnutls_crypto_cipher_st; typedef struct @@ -52,6 +56,10 @@ int (*output) (void *src_ctx, void *digest, size_t digestsize); void (*deinit) (void *ctx); int (*fast)(gnutls_mac_algorithm_t, const void *key, size_t keysize, const void *text, size_t textsize, void *digest); + + /* Not needed for registered on run-time. Only included + * should define it. */ + int (*exists) (gnutls_mac_algorithm_t); } gnutls_crypto_mac_st; typedef struct @@ -63,6 +71,10 @@ int (*output) (void *src_ctx, void *digest, size_t digestsize); void (*deinit) (void *ctx); int (*fast)(gnutls_digest_algorithm_t, const void *src, size_t srcsize, void *digest); + + /* Not needed for registered on run-time. Only included + * should define it. */ + int (*exists) (gnutls_digest_algorithm_t); } gnutls_crypto_digest_st; typedef struct gnutls_crypto_rnd diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 5814d5127c..1a5346b82b 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -34,6 +34,21 @@ goto cleanup; \ } +/* Returns true(non-zero) or false(0) if the + * provided cipher exists + */ +int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher) +{ + const gnutls_crypto_cipher_st *cc; + int ret; + + cc = _gnutls_get_crypto_cipher (cipher); + if (cc != NULL) return 1; + + ret = _gnutls_cipher_ops.exists(cipher); + return ret; +} + int _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher, const gnutls_datum_t * key, const gnutls_datum_t * iv, int enc) diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index 301bce8268..ce51588df8 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -100,6 +100,7 @@ _gnutls_cipher_deinit (cipher_hd_st * handle) } } +int _gnutls_cipher_exists(gnutls_cipher_algorithm_t cipher); inline static unsigned int _gnutls_cipher_tag_len( cipher_hd_st * handle) { return handle->tag_size; diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index b316ece0f8..be676b5b00 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -57,6 +57,7 @@ digest_length (int algo) } } + int _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm) { @@ -207,6 +208,19 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, } +/* Returns true(non-zero) or false(0) if the + * provided hash exists + */ +int _gnutls_hmac_exists(gnutls_mac_algorithm_t algo) +{ + const gnutls_crypto_mac_st *cc = NULL; + + cc = _gnutls_get_crypto_mac (algo); + if (cc != NULL) return 1; + + return _gnutls_mac_ops.exists (algo); +} + int _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, const void *key, int keylen) diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index 9780fffd5b..83dea8d4ba 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -58,6 +58,7 @@ typedef struct } digest_hd_st; /* basic functions */ +int _gnutls_hmac_exists(gnutls_mac_algorithm_t algorithm); int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm, const void *key, int keylen); int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm); diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 83da47379a..245af21087 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -101,6 +101,28 @@ static void _gcm_decrypt(void *_ctx, nettle_crypt_func f, return gcm_aes_decrypt(_ctx, length, dst, src); } +static int wrap_nettle_cipher_exists(gnutls_cipher_algorithm_t algo) +{ + switch (algo) + { + case GNUTLS_CIPHER_AES_128_GCM: + case GNUTLS_CIPHER_AES_256_GCM: + case GNUTLS_CIPHER_CAMELLIA_128_CBC: + case GNUTLS_CIPHER_CAMELLIA_256_CBC: + case GNUTLS_CIPHER_AES_128_CBC: + case GNUTLS_CIPHER_AES_192_CBC: + case GNUTLS_CIPHER_AES_256_CBC: + case GNUTLS_CIPHER_3DES_CBC: + case GNUTLS_CIPHER_DES_CBC: + case GNUTLS_CIPHER_ARCFOUR_128: + case GNUTLS_CIPHER_ARCFOUR_40: + case GNUTLS_CIPHER_RC2_40_CBC: + return 1; + default: + return 0; + } +} + static int wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx, int enc) { @@ -345,6 +367,7 @@ wrap_nettle_cipher_close (void *h) gnutls_crypto_cipher_st _gnutls_cipher_ops = { .init = wrap_nettle_cipher_init, + .exists = wrap_nettle_cipher_exists, .setiv = wrap_nettle_cipher_setiv, .setkey = wrap_nettle_cipher_setkey, .encrypt = wrap_nettle_cipher_encrypt, diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index 4a77895a27..d36c1d4dd3 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -160,6 +160,22 @@ static int wrap_nettle_hmac_fast(gnutls_mac_algorithm_t algo, return 0; } +static int wrap_nettle_hmac_exists(gnutls_mac_algorithm_t algo) +{ + switch (algo) + { + case GNUTLS_MAC_MD5: + case GNUTLS_MAC_SHA1: + case GNUTLS_MAC_SHA224: + case GNUTLS_MAC_SHA256: + case GNUTLS_MAC_SHA384: + case GNUTLS_MAC_SHA512: + return 1; + default: + return 0; + } +} + static int wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx) { @@ -279,6 +295,23 @@ wrap_nettle_hash_deinit (void *hd) gnutls_free (hd); } +static int wrap_nettle_hash_exists(gnutls_digest_algorithm_t algo) +{ + switch (algo) + { + case GNUTLS_DIG_MD5: + case GNUTLS_DIG_SHA1: + case GNUTLS_DIG_MD2: + case GNUTLS_DIG_SHA224: + case GNUTLS_DIG_SHA256: + case GNUTLS_DIG_SHA384: + case GNUTLS_DIG_SHA512: + return 1; + default: + return 0; + } +} + static int _ctx_init(gnutls_digest_algorithm_t algo, struct nettle_hash_ctx *ctx) { switch (algo) @@ -419,6 +452,7 @@ gnutls_crypto_mac_st _gnutls_mac_ops = { .output = wrap_nettle_hmac_output, .deinit = wrap_nettle_hmac_deinit, .fast = wrap_nettle_hmac_fast, + .exists = wrap_nettle_hmac_exists, }; gnutls_crypto_digest_st _gnutls_digest_ops = { @@ -429,4 +463,5 @@ gnutls_crypto_digest_st _gnutls_digest_ops = { .output = wrap_nettle_hash_output, .deinit = wrap_nettle_hash_deinit, .fast = wrap_nettle_hash_fast, + .exists = wrap_nettle_hash_exists, }; |