[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e6
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e68 |
Date: |
Fri, 11 Feb 2011 23:22:07 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5f89e68da46fb55f1e27ea2996407d20223f97cc
The branch, gnutls_2_10_x has been updated
via 5f89e68da46fb55f1e27ea2996407d20223f97cc (commit)
from 54fa9be2f0e9f7044b21aa21d21532759586c92f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5f89e68da46fb55f1e27ea2996407d20223f97cc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Feb 12 00:21:45 2011 +0100
Corrected signature generation and verification
in the Certificate Verify message when in TLS 1.2. Reported
by Todd A. Ouska.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
lib/gnutls_sig.c | 41 ++++++++++++++++++++++++++++++++++++-----
2 files changed, 40 insertions(+), 5 deletions(-)
diff --git a/NEWS b/NEWS
index 5d99fc8..6ac8bb8 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,10 @@ See the end for copying conditions.
* Version 2.10.5 (unreleased)
+** libgnutls: Corrected signature generation and verification
+in the Certificate Verify message when in TLS 1.2. Reported
+by Todd A. Ouska.
+
** API and ABI modifications:
No changes since last version.
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index e5f319a..2f0eea7 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -198,7 +198,12 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
dconcat.data = concat;
dconcat.size = sizeof concat;
- _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
}
break;
case GNUTLS_PK_DSA:
@@ -453,7 +458,12 @@ _gnutls_handshake_verify_data (gnutls_session_t session,
gnutls_cert * cert,
dconcat.data = concat;
dconcat.size = sizeof concat;
- _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
}
ret = _gnutls_verify_sig (cert, &dconcat, signature,
@@ -485,6 +495,7 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t
session,
opaque concat[MAX_SIG_SIZE];
digest_hd_st td;
gnutls_datum_t dconcat;
+ gnutls_datum_t hash;
gnutls_sign_algorithm_t _sign_algo;
gnutls_digest_algorithm_t hash_algo;
digest_hd_st *handshake_td;
@@ -516,8 +527,18 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t
session,
_gnutls_hash_deinit (&td, concat);
+ hash.data = concat;
+ hash.size = _gnutls_hash_get_algo_len (hash_algo);
+
dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ dconcat.size = sizeof concat;
+
+ ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
ret =
_gnutls_verify_sig (cert, &dconcat, signature, 0,
@@ -627,7 +648,7 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t
session,
gnutls_cert * cert, gnutls_privkey * pkey,
gnutls_datum_t * signature)
{
- gnutls_datum_t dconcat;
+ gnutls_datum_t dconcat, hash;
int ret;
opaque concat[MAX_SIG_SIZE];
digest_hd_st td;
@@ -682,8 +703,18 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t
session,
_gnutls_hash_deinit (&td, concat);
+ hash.data = concat;
+ hash.size = _gnutls_hash_get_algo_len (hash_algo);
+
dconcat.data = concat;
- dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ dconcat.size = sizeof concat;
+
+ ret = _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
ret = _gnutls_tls_sign (session, cert, pkey, &dconcat, signature);
if (ret < 0)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_4-7-g5f89e68,
Nikos Mavrogiannopoulos <=