[SCM] GNU gnutls branch, master, updated. gnutls_2_9

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-12-g4b48a9e

From:	Daiki Ueno
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-12-g4b48a9e
Date:	Tue, 29 Sep 2009 23:13:14 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4b48a9e8e28bbd468b48ed5cb95ba0cce7508be6

The branch, master has been updated
       via  4b48a9e8e28bbd468b48ed5cb95ba0cce7508be6 (commit)
      from  b595d1625e13a1836df6504ee1bafe1ef067726f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4b48a9e8e28bbd468b48ed5cb95ba0cce7508be6
Author: Daiki Ueno <address@hidden>
Date:   Wed Sep 30 07:11:30 2009 +0900

    Calculate DER-encoded DigestInfo on-the-fly rather than hard code it.

-----------------------------------------------------------------------

Summary of changes:
 lib/gnutls_sig.c |  133 ++++++++++++++++++++++++++++++++++++++++--------------
 1 files changed, 99 insertions(+), 34 deletions(-)

diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 81e8336..c4c6900 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -36,6 +36,7 @@
 #include <gnutls_buffers.h>
 #include <gnutls_sig.h>
 #include <gnutls_kx.h>
+#include <libtasn1.h>
 
 static int
 _gnutls_tls_sign (gnutls_session_t session,
@@ -43,6 +44,78 @@ _gnutls_tls_sign (gnutls_session_t session,
                  const gnutls_datum_t * hash_concat,
                  gnutls_datum_t * signature);
 
+/* While this is currently equal to the length of RSA/SHA512
+ * signature, it should also be sufficient for DSS signature and any
+ * other RSA signatures including one with the old MD5/SHA1-combined
+ * format.
+ */
+#define MAX_SIG_SIZE 19 + MAX_HASH_SIZE
+
+/* Create a DER-encoded value as a opaque signature when RSA is used.
+ * See RFC 5246 DigitallySigned for the actual format.
+ */
+static int
+_gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo,
+                       const gnutls_datum_t * hash,
+                       gnutls_datum_t * signature)
+{
+  ASN1_TYPE di;
+  const char *oid;
+  int result, signature_size;
+
+  oid = _gnutls_x509_mac_to_oid (algo);
+  if (!oid)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
+    }
+
+  if ((result = asn1_create_element
+       (_gnutls_get_gnutls_asn (), "GNUTLS.DigestInfo", &di)) != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      return _gnutls_asn2err (result);
+    }
+
+  if ((result = asn1_write_value (di, "digestAlgorithm.algorithm",
+                                 oid, strlen (oid))) != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&di);
+      return _gnutls_asn2err (result);
+    }
+
+  /* Use NULL parameters. */
+  if ((result = asn1_write_value (di, "digestAlgorithm.parameters",
+                                 "\x05\x00", 2)) != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&di);
+      return _gnutls_asn2err (result);
+    }
+
+  if ((result = asn1_write_value (di, "digest",
+                                 hash->data, hash->size)) != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&di);
+      return _gnutls_asn2err (result);
+    }
+
+  signature_size = signature->size;
+  result = asn1_der_coding (di, "", signature->data, &signature_size, NULL);
+  asn1_delete_structure (&di);
+
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      return _gnutls_asn2err (result);
+    }
+
+  signature->size = signature_size;
+
+  return 0;
+}
 
 /* Generates a signature of all the previous sent packets in the 
  * handshake procedure. (20040227: now it works for SSL 3.0 as well)
@@ -135,10 +208,11 @@ _gnutls_tls_sign_params (gnutls_session_t session, 
gnutls_cert * cert,
   gnutls_datum_t dconcat;
   int ret;
   digest_hd_st td_sha;
-  opaque concat[36];
+  opaque concat[MAX_SIG_SIZE];
   gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+  gnutls_mac_algorithm_t mac_algo = GNUTLS_MAC_SHA1;
 
-  ret = _gnutls_hash_init (&td_sha, GNUTLS_MAC_SHA1);
+  ret = _gnutls_hash_init (&td_sha, mac_algo);
   if (ret < 0)
     {
       gnutls_assert ();
@@ -174,26 +248,22 @@ _gnutls_tls_sign_params (gnutls_session_t session, 
gnutls_cert * cert,
          _gnutls_hash_deinit (&td_md5, concat);
          _gnutls_hash_deinit (&td_sha, &concat[16]);
 
+         dconcat.data = concat;
          dconcat.size = 36;
        }
       else
        {
-#if 1
-         /* Use NULL parameters. */
-         memcpy (concat,
-                 
"\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
-                 15);
-         _gnutls_hash_deinit (&td_sha, &concat[15]);
-         dconcat.size = 35;
-#else
-         /* No parameters field. */
-         memcpy (concat,
-                 "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13);
-         _gnutls_hash_deinit (&td_sha, &concat[13]);
-         dconcat.size = 33;
-#endif
+         gnutls_datum_t hash;
+
+         _gnutls_hash_deinit (&td_sha, concat);
+
+         hash.data = concat;
+         hash.size = _gnutls_hash_get_algo_len (mac_algo);
+         dconcat.data = concat;
+         dconcat.size = sizeof concat;
+
+         _gnutls_rsa_encode_sig (mac_algo, &hash, &dconcat);
        }
-      dconcat.data = concat;
       break;
     case GNUTLS_PK_DSA:
       _gnutls_hash_deinit (&td_sha, concat);
@@ -446,7 +516,7 @@ _gnutls_verify_sig_params (gnutls_session_t session, 
gnutls_cert * cert,
   int ret;
   digest_hd_st td_md5;
   digest_hd_st td_sha;
-  opaque concat[36];
+  opaque concat[MAX_SIG_SIZE];
   gnutls_protocol_t ver = gnutls_protocol_get_version (session);
   gnutls_mac_algorithm_t mac_algo = GNUTLS_MAC_SHA1;
 
@@ -487,27 +557,22 @@ _gnutls_verify_sig_params (gnutls_session_t session, 
gnutls_cert * cert,
     {
       _gnutls_hash_deinit (&td_md5, concat);
       _gnutls_hash_deinit (&td_sha, &concat[16]);
+      dconcat.data = concat;
       dconcat.size = 36;
     }
   else
     {
-#if 1
-      /* Use NULL parameters. */
-      memcpy (concat,
-             "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14",
-             15);
-      _gnutls_hash_deinit (&td_sha, &concat[15]);
-      dconcat.size = 35;
-#else
-      /* No parameters field. */
-      memcpy (concat,
-             "\x30\x1f\x30\x07\x06\x05\x2b\x0e\x03\x02\x1a\x04\x14", 13);
-      _gnutls_hash_deinit (&td_sha, &concat[13]);
-      dconcat.size = 33;
-#endif
-    }
+      gnutls_datum_t hash;
 
-  dconcat.data = concat;
+      _gnutls_hash_deinit (&td_sha, concat);
+
+      hash.data = concat;
+      hash.size = _gnutls_hash_get_algo_len (mac_algo);
+      dconcat.data = concat;
+      dconcat.size = sizeof concat;
+
+      _gnutls_rsa_encode_sig (mac_algo, &hash, &dconcat);
+    }
 
   ret = _gnutls_verify_sig (cert, &dconcat, signature,
                            dconcat.size - _gnutls_hash_get_algo_len (mac_algo),


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-12-g4b48a9e, Daiki Ueno <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-11-gb595d16
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-13-ge0b1124
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-11-gb595d16
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_9_6-13-ge0b1124
Index(es):
- Date
- Thread