[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_3-6-gded835
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_3-6-gded8352 |
Date: |
Sun, 05 Dec 2010 20:12:16 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ded835266f01adedb705a26d10513e288ae73012
The branch, gnutls_2_10_x has been updated
via ded835266f01adedb705a26d10513e288ae73012 (commit)
from c34a21d1b9389d3e4cd4c1c607bc65d106770309 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ded835266f01adedb705a26d10513e288ae73012
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Dec 5 16:33:01 2010 +0100
Use ASN1_NULL when writing parameters for RSA signatures. This makes us
comply with RFC3279. Reported by Michael Rommel.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +++
lib/gnutls_sig.c | 3 ++-
lib/x509/common.c | 2 +-
lib/x509/common.h | 3 +++
lib/x509/mpi.c | 5 ++++-
lib/x509/sign.c | 2 +-
6 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index d19e0a1..cae51e9 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,9 @@ See the end for copying conditions.
** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
+** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
+This makes us comply with RFC3279. Reported by Michael Rommel.
+
** libgnutls: Reverted default behavior for verification and
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
V1 trusted CAs are allowed, unless the new flag is specified.
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 10ca29b..e5f319a 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -40,6 +40,7 @@
#include <libtasn1.h>
#include <ext_signature.h>
#include <gnutls_state.h>
+#include <x509/common.h>
static int
_gnutls_tls_sign (gnutls_session_t session,
@@ -90,7 +91,7 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo,
/* Use NULL parameters. */
if ((result = asn1_write_value (di, "digestAlgorithm.parameters",
- "\x05\x00", 2)) != ASN1_SUCCESS)
+ ASN1_NULL, ASN1_NULL_SIZE)) != ASN1_SUCCESS)
{
gnutls_assert ();
asn1_delete_structure (&di);
diff --git a/lib/x509/common.c b/lib/x509/common.c
index ce29bff..9d1392e 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1178,7 +1178,7 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
*/
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".algorithm.parameters");
- result = asn1_write_value (dst, name, NULL, 0);
+ result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 53a94ef..8556406 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -59,6 +59,9 @@
#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
+#define ASN1_NULL "\x05\x00"
+#define ASN1_NULL_SIZE 2
+
int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
int _gnutls_x509_decode_octet_string (const char *string_type,
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 76747f2..c55b7a6 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -452,7 +452,10 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char
*dst_name,
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".parameters");
- result = asn1_write_value (dst, name, NULL, 0);
+ if (pk_algorithm == GNUTLS_PK_RSA)
+ result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
+ else
+ result = asn1_write_value (dst, name, NULL, 0);
if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
{
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index b2fd7c2..3734f8e 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -83,7 +83,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash,
Regardless of what is correct, this appears to be what most
implementations do. */
result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
- "\x05\x00", 2);
+ ASN1_NULL, ASN1_NULL_SIZE);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_3-6-gded8352,
Nikos Mavrogiannopoulos <=