summaryrefslogtreecommitdiff
path: root/lib/algorithms.h
diff options
context:
space:
mode:
Diffstat (limited to 'lib/algorithms.h')
-rw-r--r--lib/algorithms.h22
1 files changed, 11 insertions, 11 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h
index 30508e4e02..f9cb6ff1d9 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -153,22 +153,13 @@ inline static int _gnutls_mac_get_key_size(const mac_entry_st * e)
#define _gnutls_digest_get_name _gnutls_mac_get_name
#define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len
-/* Check generic-purpose security */
+/* Security against pre-image attacks */
inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
{
if (unlikely(e == NULL))
return 0;
else
- return (e->slevel==_SECURE || e->slevel == _INSECURE_FOR_CERTS)?1:0;
-}
-
-/* Check certificate use security */
-inline static int _gnutls_digest_is_secure_for_certs(const mac_entry_st * e)
-{
- if (unlikely(e == NULL))
- return 0;
- else
- return (e->slevel==_SECURE)?1:0;
+ return (e->preimage_insecure==0);
}
/* Functions for cipher suites. */
@@ -308,6 +299,12 @@ enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t
/* Functions for sign algorithms. */
+typedef enum hash_security_level_t {
+ _SECURE,
+ _INSECURE_FOR_CERTS,
+ _INSECURE
+} hash_security_level_t;
+
struct gnutls_sign_entry_st {
const char *name;
const char *oid;
@@ -317,6 +314,7 @@ struct gnutls_sign_entry_st {
/* See RFC 5246 HashAlgorithm and SignatureAlgorithm
for values to use in aid struct. */
const sign_algorithm_st aid;
+ hash_security_level_t slevel; /* contains values of hash_security_level_t */
};
typedef struct gnutls_sign_entry_st gnutls_sign_entry_st;
@@ -324,6 +322,8 @@ const gnutls_sign_entry_st *_gnutls_sign_to_entry(gnutls_sign_algorithm_t sign);
const gnutls_sign_entry_st *_gnutls_pk_to_sign_entry(gnutls_pk_algorithm_t, gnutls_digest_algorithm_t);
const gnutls_sign_entry_st *_gnutls_oid_to_sign_entry(const char *oid);
+bool _gnutls_sign_is_secure2(const gnutls_sign_entry_st *se, unsigned int flags);
+
gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk(gnutls_sign_algorithm_t
sign);
const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t,
View Lorry Controller Status