[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e6

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e68
Date:	Fri, 11 Feb 2011 23:22:07 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5f89e68da46fb55f1e27ea2996407d20223f97cc

The branch, gnutls_2_10_x has been updated
       via  5f89e68da46fb55f1e27ea2996407d20223f97cc (commit)
      from  54fa9be2f0e9f7044b21aa21d21532759586c92f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5f89e68da46fb55f1e27ea2996407d20223f97cc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat Feb 12 00:21:45 2011 +0100

    Corrected signature generation and verification
    in the Certificate Verify message when in TLS 1.2. Reported
    by Todd A. Ouska.

-----------------------------------------------------------------------

Summary of changes:
 NEWS             |    4 ++++
 lib/gnutls_sig.c |   41 ++++++++++++++++++++++++++++++++++++-----
 2 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index 5d99fc8..6ac8bb8 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ See the end for copying conditions.
 
 * Version 2.10.5 (unreleased)
 
+** libgnutls: Corrected signature generation and verification
+in the Certificate Verify message when in TLS 1.2. Reported
+by Todd A. Ouska.
+
 ** API and ABI modifications:
 No changes since last version.
 
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index e5f319a..2f0eea7 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -198,7 +198,12 @@ _gnutls_handshake_sign_data (gnutls_session_t session, 
gnutls_cert * cert,
          dconcat.data = concat;
          dconcat.size = sizeof concat;
 
-         _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+         ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+         if (ret < 0)
+           {
+             gnutls_assert();
+             return ret;
+            }
        }
       break;
     case GNUTLS_PK_DSA:
@@ -453,7 +458,12 @@ _gnutls_handshake_verify_data (gnutls_session_t session, 
gnutls_cert * cert,
       dconcat.data = concat;
       dconcat.size = sizeof concat;
 
-      _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+      ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+      if (ret < 0)
+        {
+          gnutls_assert();
+          return ret;
+        }
     }
 
   ret = _gnutls_verify_sig (cert, &dconcat, signature,
@@ -485,6 +495,7 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t 
session,
   opaque concat[MAX_SIG_SIZE];
   digest_hd_st td;
   gnutls_datum_t dconcat;
+  gnutls_datum_t hash;
   gnutls_sign_algorithm_t _sign_algo;
   gnutls_digest_algorithm_t hash_algo;
   digest_hd_st *handshake_td;
@@ -516,8 +527,18 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t 
session,
 
   _gnutls_hash_deinit (&td, concat);
 
+  hash.data = concat;
+  hash.size = _gnutls_hash_get_algo_len (hash_algo);
+
   dconcat.data = concat;
-  dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+  dconcat.size = sizeof concat;
+
+  ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+  if (ret < 0)
+    {
+      gnutls_assert();
+      return ret;
+    }
 
   ret =
     _gnutls_verify_sig (cert, &dconcat, signature, 0,
@@ -627,7 +648,7 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t 
session,
                                    gnutls_cert * cert, gnutls_privkey * pkey,
                                    gnutls_datum_t * signature)
 {
-  gnutls_datum_t dconcat;
+  gnutls_datum_t dconcat, hash;
   int ret;
   opaque concat[MAX_SIG_SIZE];
   digest_hd_st td;
@@ -682,8 +703,18 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t 
session,
 
   _gnutls_hash_deinit (&td, concat);
 
+  hash.data = concat;
+  hash.size = _gnutls_hash_get_algo_len (hash_algo);
+
   dconcat.data = concat;
-  dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+  dconcat.size = sizeof concat;
+
+  ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+  if (ret < 0)
+    {
+      gnutls_assert();
+      return ret;
+    }
 
   ret = _gnutls_tls_sign (session, cert, pkey, &dconcat, signature);
   if (ret < 0)


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e68, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-97-gcada3a9
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-152-g23d535f
Previous by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-97-gcada3a9
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-152-g23d535f
Index(es):
- Date
- Thread