[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-52-g3c10e94
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-52-g3c10e94 |
|
Date: |
Mon, 31 Aug 2009 13:04:21 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3c10e94f134bbb8f653eac6b4464a734129ae9cd
The branch, master has been updated
via 3c10e94f134bbb8f653eac6b4464a734129ae9cd (commit)
via e0eda60777d2dca22601d12b0703026a914f08e7 (commit)
via bd77fdf5cc2cac89e1aab557db52669edfa5126d (commit)
via 56d2607e547ac4c4eba24fd8ccbd00ffd494d64d (commit)
via cfb62003ad5e4900d222261674fdd2c770f6db25 (commit)
from ee25df5febdac9258fefb5c35a66f047379803fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3c10e94f134bbb8f653eac6b4464a734129ae9cd
Author: Simon Josefsson <address@hidden>
Date: Mon Aug 31 15:02:48 2009 +0200
Add comment explaining where magic values come from.
commit e0eda60777d2dca22601d12b0703026a914f08e7
Author: Daiki Ueno <address@hidden>
Date: Mon Aug 31 14:48:12 2009 +0900
Fix parsing Certificate Request for TLS 1.2.
Fix the logic to skip supported_signature_algorithms in Certificate
Request.
Signed-off-by: Simon Josefsson <address@hidden>
commit bd77fdf5cc2cac89e1aab557db52669edfa5126d
Author: Daiki Ueno <address@hidden>
Date: Mon Aug 31 14:44:51 2009 +0900
Use SHA256 for PRF if TLS 1.2.
Use SHA256 for the basis of PRF, and for the hash over handshake messages.
Signed-off-by: Simon Josefsson <address@hidden>
commit 56d2607e547ac4c4eba24fd8ccbd00ffd494d64d
Author: Daiki Ueno <address@hidden>
Date: Mon Aug 31 14:40:38 2009 +0900
Respect TLS signature algorithm in server KX.
Verify signature of DH parameters in Server Key Exchange with the
embedded signature algorithm.
Signed-off-by: Simon Josefsson <address@hidden>
commit cfb62003ad5e4900d222261674fdd2c770f6db25
Author: Daiki Ueno <address@hidden>
Date: Mon Aug 31 14:34:01 2009 +0900
Add functions for TLS signature algorithm.
Add functions to convert TLS signature algorithm from/to constants
defined by GnuTLS.
Signed-off-by: Simon Josefsson <address@hidden>
-----------------------------------------------------------------------
Summary of changes:
lib/auth_cert.c | 7 ++--
lib/auth_dhe.c | 27 +++++++++++++++--
lib/auth_rsa_export.c | 3 +-
lib/auth_srp_rsa.c | 3 +-
lib/gnutls_algorithms.c | 73 +++++++++++++++++++++++++++++++++++++++-------
lib/gnutls_algorithms.h | 4 ++
lib/gnutls_handshake.c | 12 ++++++-
lib/gnutls_int.h | 6 ++++
lib/gnutls_pk.c | 4 +-
lib/gnutls_sig.c | 23 ++++++++++----
lib/gnutls_sig.h | 3 +-
lib/gnutls_state.c | 4 +-
12 files changed, 135 insertions(+), 34 deletions(-)
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 5b8c163..3afc0fe 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1353,10 +1353,9 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session,
opaque * data,
{
/* read supported hashes */
int hash_num;
- DECR_LEN (dsize, 1);
-
- hash_num = p[0] & 0xFF;
- p++;
+ DECR_LEN (dsize, 2);
+ hash_num = _gnutls_read_uint16 (p);
+ p += 2;
DECR_LEN (dsize, hash_num);
p += hash_num;
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index ec595ee..ea9cf3a 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -180,11 +180,14 @@ proc_dhe_server_kx (gnutls_session_t session, opaque *
data,
size_t _data_size)
{
int sigsize;
+ opaque *sigdata;
gnutls_datum_t vparams, signature;
int ret;
cert_auth_info_t info = _gnutls_get_auth_info (session);
ssize_t data_size = _data_size;
gnutls_cert peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
if (info == NULL || info->ncerts == 0)
{
@@ -205,11 +208,28 @@ proc_dhe_server_kx (gnutls_session_t session, opaque *
data,
vparams.size = ret;
vparams.data = data;
+ sigdata = &data[vparams.size];
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ sign_algorithm_st aid;
+
+ DECR_LEN(data_size, 1);
+ aid.hash_algorithm = *sigdata++;
+ DECR_LEN(data_size, 1);
+ aid.sign_algorithm = *sigdata++;
+ sign_algo = _gnutls_tls_aid_to_sign (aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+ }
DECR_LEN (data_size, 2);
- sigsize = _gnutls_read_uint16 (&data[vparams.size]);
+ sigsize = _gnutls_read_uint16 (sigdata);
+ sigdata += 2;
DECR_LEN (data_size, sigsize);
- signature.data = &data[vparams.size + 2];
+ signature.data = sigdata;
signature.size = sigsize;
if ((ret =
@@ -221,7 +241,8 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data,
return ret;
}
- ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature);
+ ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature,
+ sign_algo);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 606f85c..638395b 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -308,7 +308,8 @@ proc_rsa_export_server_kx (gnutls_session_t session,
return ret;
}
- ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature);
+ ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature,
+ GNUTLS_SIGN_UNKNOWN);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c
index 2f2ea96..1689ce2 100644
--- a/lib/auth_srp_rsa.c
+++ b/lib/auth_srp_rsa.c
@@ -191,7 +191,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque *
data,
return ret;
}
- ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature);
+ ret = _gnutls_verify_sig_params (session, &peer_cert, &vparams, &signature,
+ GNUTLS_SIGN_UNKNOWN);
_gnutls_gcert_deinit (&peer_cert);
if (ret < 0)
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 08054c4..abf05a3 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1787,29 +1787,34 @@ struct gnutls_sign_entry
gnutls_sign_algorithm_t id;
gnutls_pk_algorithm_t pk;
gnutls_mac_algorithm_t mac;
+ /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
+ for values to use in aid struct. */
+ sign_algorithm_st aid;
};
typedef struct gnutls_sign_entry gnutls_sign_entry;
+#define TLS_SIGN_AID_UNKNOWN {255, 255}
+
static const gnutls_sign_entry sign_algorithms[] = {
{"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA1},
+ GNUTLS_MAC_SHA1, {2, 1}},
{"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA256},
+ GNUTLS_MAC_SHA256, {4, 1}},
{"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA384},
+ GNUTLS_MAC_SHA384, {5, 1}},
{"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
- GNUTLS_MAC_SHA512},
+ GNUTLS_MAC_SHA512, {6, 1}},
{"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
- GNUTLS_MAC_RMD160},
+ GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN},
{"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
- GNUTLS_MAC_SHA1},
+ GNUTLS_MAC_SHA1, {2, 2}},
{"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
- GNUTLS_MAC_MD5},
+ GNUTLS_MAC_MD5, {1, 1}},
{"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
- GNUTLS_MAC_MD2},
- {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0},
- {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0},
- {0, 0, 0, 0, 0}
+ GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN},
+ {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
};
/* Keep the contents of this struct the same as the previous one. */
@@ -1958,6 +1963,52 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
return ret;
}
+gnutls_mac_algorithm_t
+_gnutls_sign_get_mac_algorithm (gnutls_sign_algorithm_t sign)
+{
+ gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
+
+ return ret;
+}
+
+gnutls_pk_algorithm_t
+_gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
+{
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = p->pk);
+
+ return ret;
+}
+
+gnutls_sign_algorithm_t
+_gnutls_tls_aid_to_sign (sign_algorithm_st aid)
+{
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+
+ GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid.hash_algorithm
+ && p->aid.sign_algorithm == aid.sign_algorithm)
+ {
+ ret = p->id;
+ break;
+ } );
+
+ return ret;
+}
+
+sign_algorithm_st
+_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign)
+{
+ sign_algorithm_st ret = TLS_SIGN_AID_UNKNOWN;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = p->aid);
+
+ return ret;
+}
+
+
/* pk algorithms;
*/
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 0e2f2b7..0a2faac 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -105,6 +105,10 @@ gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign
(gnutls_pk_algorithm_t pk,
gnutls_mac_algorithm_t mac);
const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
gnutls_mac_algorithm_t mac);
+gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (sign_algorithm_st aid);
+sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
+gnutls_mac_algorithm_t _gnutls_sign_get_mac_algorithm
(gnutls_sign_algorithm_t);
+gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
int _gnutls_mac_priority (gnutls_session_t session,
gnutls_mac_algorithm_t algorithm);
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 7c10fbb..83dc54e 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -236,7 +236,7 @@ _gnutls_finished (gnutls_session_t session, int type, void
*ret)
else
{
_gnutls_hash_deinit (&td_sha, concat);
- len = 20;
+ len = _gnutls_hash_get_algo_len (td_sha.algorithm);
}
if (type == GNUTLS_SERVER)
@@ -2170,6 +2170,8 @@ _gnutls_abort_handshake (gnutls_session_t session, int
ret)
inline static int
_gnutls_handshake_hash_init (gnutls_session_t session)
{
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ gnutls_digest_algorithm_t hash_algo = GNUTLS_MAC_SHA1;
if (session->internals.handshake_mac_handle_init == 0)
{
@@ -2183,9 +2185,15 @@ _gnutls_handshake_hash_init (gnutls_session_t session)
return ret;
}
+ /* The algorithm to compute hash over handshake messages must be
+ same as the one used as the basis for PRF. By now we use
+ SHA256. */
+ if (_gnutls_version_has_selectable_prf (ver))
+ hash_algo = GNUTLS_MAC_SHA256;
+
ret =
_gnutls_hash_init (&session->internals.handshake_mac_handle_sha,
- GNUTLS_MAC_SHA1);
+ hash_algo);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 9af17b0..100ad37 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -273,6 +273,12 @@ typedef struct
uint8_t suite[2];
} cipher_suite_st;
+typedef struct
+{
+ uint8_t hash_algorithm;
+ uint8_t sign_algorithm;
+} sign_algorithm_st;
+
/* This structure holds parameters got from TLS extension
* mechanism. (some extensions may hold parameters in auth_info_t
* structures also - see SRP).
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index ff9fbf1..ccd98a4 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -500,8 +500,8 @@ _gnutls_dsa_verify (const gnutls_datum_t * vdata,
pk_params.params[i] = params[i];
pk_params.params_nr = params_len;
- if (vdata->size != 20)
- { /* sha-1 only */
+ if (vdata->size > 20)
+ { /* SHA1 or better only */
gnutls_assert ();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index bcc4412..81e8336 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -298,7 +298,8 @@ _gnutls_tls_sign (gnutls_session_t session,
static int
_gnutls_verify_sig (gnutls_cert * cert,
const gnutls_datum_t * hash_concat,
- gnutls_datum_t * signature, size_t sha1pos)
+ gnutls_datum_t * signature, size_t sha1pos,
+ gnutls_pk_algorithm_t pk_algo)
{
int ret;
gnutls_datum_t vdata;
@@ -321,7 +322,9 @@ _gnutls_verify_sig (gnutls_cert * cert,
return GNUTLS_E_KEY_USAGE_VIOLATION;
}
- switch (cert->subject_pk_algorithm)
+ if (pk_algo == GNUTLS_PK_UNKNOWN)
+ pk_algo = cert->subject_pk_algorithm;
+ switch (pk_algo)
{
case GNUTLS_PK_RSA:
@@ -340,7 +343,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
case GNUTLS_PK_DSA:
vdata.data = &hash_concat->data[sha1pos];
- vdata.size = 20; /* sha1 */
+ vdata.size = hash_concat->size - sha1pos;
/* verify signature */
if ((ret = _gnutls_dsa_verify (&vdata, signature, cert->params,
@@ -419,7 +422,7 @@ _gnutls_verify_sig_hdata (gnutls_session_t session,
gnutls_cert * cert,
dconcat.data = concat;
dconcat.size = 20 + 16; /* md5+ sha */
- ret = _gnutls_verify_sig (cert, &dconcat, signature, 16);
+ ret = _gnutls_verify_sig (cert, &dconcat, signature, 16,
GNUTLS_SIGN_UNKNOWN);
if (ret < 0)
{
gnutls_assert ();
@@ -436,7 +439,8 @@ _gnutls_verify_sig_hdata (gnutls_session_t session,
gnutls_cert * cert,
int
_gnutls_verify_sig_params (gnutls_session_t session, gnutls_cert * cert,
const gnutls_datum_t * params,
- gnutls_datum_t * signature)
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo)
{
gnutls_datum_t dconcat;
int ret;
@@ -444,6 +448,7 @@ _gnutls_verify_sig_params (gnutls_session_t session,
gnutls_cert * cert,
digest_hd_st td_sha;
opaque concat[36];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ gnutls_mac_algorithm_t mac_algo = GNUTLS_MAC_SHA1;
if (!_gnutls_version_has_selectable_prf (ver))
{
@@ -461,7 +466,9 @@ _gnutls_verify_sig_params (gnutls_session_t session,
gnutls_cert * cert,
_gnutls_hash (&td_md5, params->data, params->size);
}
- ret = _gnutls_hash_init (&td_sha, GNUTLS_MAC_SHA1);
+ if (algo != GNUTLS_SIGN_UNKNOWN)
+ mac_algo = _gnutls_sign_get_mac_algorithm (algo);
+ ret = _gnutls_hash_init (&td_sha, mac_algo);
if (ret < 0)
{
gnutls_assert ();
@@ -502,7 +509,9 @@ _gnutls_verify_sig_params (gnutls_session_t session,
gnutls_cert * cert,
dconcat.data = concat;
- ret = _gnutls_verify_sig (cert, &dconcat, signature, dconcat.size - 20);
+ ret = _gnutls_verify_sig (cert, &dconcat, signature,
+ dconcat.size - _gnutls_hash_get_algo_len (mac_algo),
+ _gnutls_sign_get_pk_algorithm (algo));
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index f16114c..81890c4 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -42,7 +42,8 @@ int _gnutls_verify_sig_hdata (gnutls_session_t session,
int _gnutls_verify_sig_params (gnutls_session_t session,
gnutls_cert * cert,
const gnutls_datum_t * params,
- gnutls_datum_t * signature);
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo);
int _gnutls_sign (gnutls_pk_algorithm_t algo,
bigint_t * params, int params_size,
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index e1bfc66..fede2a0 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -785,7 +785,7 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
digest_hd_st td2;
int i, times, how, blocksize, A_size;
- opaque final[20], Atmp[MAX_SEED_SIZE];
+ opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
int output_bytes, result;
if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
@@ -906,7 +906,7 @@ _gnutls_PRF (gnutls_session_t session,
if (_gnutls_version_has_selectable_prf(ver))
{
result =
- _gnutls_P_hash (GNUTLS_MAC_SHA1, secret, secret_size,
+ _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size,
s_seed, s_seed_size, total_bytes, ret);
if (result < 0)
{
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_3-52-g3c10e94,
Simon Josefsson <=