Re: TLS 1.2 with standard signature? Why hash->size == 36??

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS 1.2 with standard signature? Why hash->size == 36??

From:	Carolin Latze
Subject:	Re: TLS 1.2 with standard signature? Why hash->size == 36??
Date:	Wed, 11 Nov 2009 08:08:03 +0100
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Hi Simon,

that sounds good. I will check it in two weeks (I am out of office atthe moment, only reading my mails from time to time :-))


Thanks a lot!
Carolin

Simon Josefsson wrote:

Carolin,

I just re-ran the x509signself self-test with gnutls 2.9.x and the hash
size passed to the function is now 20 bytes.  I suppose GnuTLS adds the
right PKCS#1 ASN.1 OID internally.  It occurs to me that perhaps the
callback should receive the entire PKCS#1 blob, to avoid having the
callback reconstruct it, instead of just the hash value, but maybe this
is sufficient to make things work for you?  I'll release 2.9.9 in a few
minutes with some minor fixes, please test it.

/Simon

Carolin Latze <address@hidden> writes:

Hi Simon,

I tried to use TLS 1.2 with and without sign callback, and I still see a
signature of 36 bytes... Even if there is a leading SHA-1 OID, shouldn't
it be max 35 then? Maybe we should check, whether I check the right
variables:

In gnutls_sig.c, method _gnutls_tls_sign_hdata, there is a structure
called dconcat. dconcat.size holds the hash size, right? and
dconcat.data should hold the hash itself? dconcat.size has a value of 36
for me...

If I use the sign callback, I print the value of hash->size (=36) and
hash->data (cannot see the OID included in that value, so for me it
looks like it is really not SHA-1 only).

Maybe I check the wrong values?

BTW: I used the latest Snapshot, 2.9.8 to test it.

Sorry... :-/
Carolin

Simon Josefsson wrote:

Carolin Latze <address@hidden> writes:

Hi all,

according to RFC 5246, TLS 1.2 should use a standard signature, but if
I enable TLS 1.2 in GnuTLS and print out the hash size it says
36... that does not sound like a standard signature.. I would expect
something like 20 for SHA1. Am I wrong?

Hi!  With GnuTLS 2.9.7 I hope this should work better -- could you take
a look?  It should have more solid TLS 1.2 support.

Thanks,
Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Re: TLS 1.2 with standard signature? Why hash->size == 36??, Simon Josefsson, 2009/11/09
- Re: TLS 1.2 with standard signature? Why hash->size == 36??, Carolin Latze <=
- Re: TLS 1.2 with standard signature? Why hash->size == 36??, Carolin Latze, 2009/11/26
  - Re: TLS 1.2 with standard signature? Why hash->size == 36??, Simon Josefsson, 2009/11/26
    - Re: TLS 1.2 with standard signature? Why hash->size == 36??, Carolin Latze, 2009/11/26

Prev by Date: Unencrypted connection?
Next by Date: Re: TLS Renegotiation problem
Previous by thread: Re: TLS 1.2 with standard signature? Why hash->size == 36??
Next by thread: Re: TLS 1.2 with standard signature? Why hash->size == 36??
Index(es):
- Date
- Thread