*** empty log message ***

8 files changed, 47 insertions, 38 deletions

diff --git a/README b/README
index d3d39a5f48..f21991be07 100644
--- a/README
+++ b/README
@@ -5,10 +5,7 @@ It is a TLS implementation for the GNU project.
 It is currently under heavy development. (and still not ready for 
 real world programs)
 
-* The library needs libgcrypt. Libgcrypt is part of gnupg (cvs.gnupg.org)
-
-* Run the buildconf script before doing anything. This will create
-the needed configure, makefiles etc. using Automake, Autoconf, and libtool.
+* The library needs libgcrypt. Libgcrypt is part of gnupg (ftp.gnupg.org)
 
 * Documentation:
  view the doc/ directory and the examples in the src/ directory.
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 15199e2acb..c36e24247f 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -491,7 +491,7 @@ int gen_rsa_client_kx(GNUTLS_KEY key, opaque ** data)
 	key->key.data[1] = key->version.minor;
 
 	if ((ret =
-	     _gnutls_pkcs1_rsa_encrypt(&sdata, key->key, key->u, key->A)) < 0) {
+	     _gnutls_pkcs1_rsa_encrypt(&sdata, key->key, key->u, key->A, 2)) < 0) {
 		gnutls_assert();
 		_gnutls_mpi_release(&pkey);
 		_gnutls_mpi_release(&n);
diff --git a/lib/cert_verify.c b/lib/cert_verify.c
index 81b10a09cb..ead27f35e0 100644
--- a/lib/cert_verify.c
+++ b/lib/cert_verify.c
@@ -172,8 +172,6 @@ int compare_dn(gnutls_cert * cert, gnutls_cert * issuer_cert)
 	opaque issuer_dn[MAX_DN_ELEM];
 	opaque issuer_own_dn[MAX_DN_ELEM];
 
-fprintf(stderr, "XXX: %s - III: %s\n", cert->issuer_info.common_name, issuer_cert->issuer_info.common_name);
-fprintf(stderr, "XXX: %s - III: %s\n", cert->cert_info.common_name, issuer_cert->cert_info.common_name);
 	/* get the issuer of 'cert'
 	 */
 	if (asn1_create_structure(_gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate2") != ASN_OK) {
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 7a16b3d698..7a62eddb58 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -385,6 +385,9 @@ int gnutls_set_x509_trust(X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE)
 {
 int ret;
 
+/* FIXME: This function fails (DER parsing) if it is called
+ * after gnutls_set_x509_key(). why?
+ */
 	if ( (ret=read_ca_file( res, CAFILE)) < 0)
 		return ret;
 
@@ -729,7 +732,6 @@ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
 	}
 
 	len = sizeof( gCert->signature);
-
 	result =
 	    asn1_read_value
 		    (c2, "certificate2.signature",
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 04e4892f6d..5f0e8a8a14 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -30,9 +30,9 @@
 #define HARD_DEBUG
 #define BUFFERS_DEBUG
 #define RECORD_DEBUG
-#define HANDSHAKE_DEBUG
+#define HANDSHAKE_DEBUG*/
 #define DEBUG
-*/
+
 
 #define SOCKET int
 #define LIST ...
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 76b06ce6a0..94b61090de 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -34,7 +34,7 @@
  */
 
 int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
-		      MPI pkey, MPI n)
+		      MPI pkey, MPI n, int btype)
 {
 	int k, psize, i, ret;
 	MPI m, res;
@@ -55,11 +55,11 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
 	}
 
 	/* EB = 00||BT||PS||00||D 
-	 * (use block type 2)
+	 * (use block type 'btype')
 	 */
 
 	edata[0] = 0;
-	edata[1] = 2;
+	edata[1] = btype;
 	psize = k - 3 - plaintext.size;
 
 	ps = &edata[2];
@@ -121,6 +121,8 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext,
 	esize = ciphertext.size;
 
 	if (esize!=k) {
+#warning "REMOVE ME"
+fprintf(stderr, "ESIZE: %d/%d\n", esize, k);
 		gnutls_assert();
 		return GNUTLS_E_PK_DECRYPTION_FAILED;
 	}
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index d6e2d5d673..dc11a5a7ea 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -7,7 +7,7 @@ typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,	/* sign only */
 
 int _gnutls_pk_encrypt(int algo, MPI * resarr, MPI data, MPI ** pkey);
 int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
-		      MPI pkey, MPI n);
+		      MPI pkey, MPI n, int btype);
 int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext,
 		      MPI pkey, MPI n, int btype);
 
diff --git a/lib/gnutls_sig_check.c b/lib/gnutls_sig_check.c
index e5afd94dd8..53bdb0de93 100644
--- a/lib/gnutls_sig_check.c
+++ b/lib/gnutls_sig_check.c
@@ -30,6 +30,7 @@
 #include <gnutls_privkey.h>
 #include <gnutls_global.h>
 #include <gnutls_pk.h>
+#include <debug.h>
 
 static gnutls_datum* _gnutls_get_tbs( gnutls_cert* cert) {
 node_asn *c2;
@@ -51,11 +52,8 @@ int result, len;
 	
 	len = sizeof(str)-1;
 	result =
-	    asn1_read_value( c2, "certificate.tbsCertificate", str, &len);
+	    asn1_create_der( c2, "certificate.tbsCertificate", str, &len);
 	if (result != ASN_OK) {
-#ifdef DEBUG
-		fprintf(stderr, "ASN.1 failure number %d\n", result);
-#endif
 		gnutls_assert();
 		asn1_delete_structure(c2);
 		return NULL;
@@ -68,24 +66,20 @@ int result, len;
 		gnutls_assert();
 		return NULL;
 	}
-	
-	ret->data = gnutls_malloc( len);
-	if (ret->data==NULL) {
+
+	if (gnutls_set_datum( ret, str, len) < 0) {
 		gnutls_assert();
 		gnutls_free(ret);
 		return NULL;
 	}
 	
-	memcpy( ret->data, str, len);
-	ret->size = len;
-
 	return ret;
 }
 
 
 /* we use DER here -- FIXME: use BER
  */
-static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int digest_size) {
+static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int *digest_size) {
 node_asn* dinfo;
 int result;
 opaque str[1024];
@@ -95,7 +89,7 @@ int len;
 		gnutls_assert();
 		return GNUTLS_E_ASN1_ERROR;
 	}
-	
+
 	result = asn1_get_der( dinfo, info->data, info->size);
 	if (result != ASN_OK) {
 		gnutls_assert();
@@ -122,14 +116,15 @@ int len;
 	}
 
 	if (*hash==-1) {
-fprintf(stderr, "OID: %s\n", str);
+#ifdef DEBUG
+		fprintf(stderr, "HASH OID: %s\n", str);
+#endif
 		gnutls_assert();
 		return GNUTLS_E_UNIMPLEMENTED_FEATURE;
 	}
 	
-	len = digest_size;
 	result =
-	    asn1_read_value( dinfo, "digest_info.digest", digest, &len);
+	    asn1_read_value( dinfo, "digest_info.digest", digest, digest_size);
 	if (result != ASN_OK) {
 		gnutls_assert();
 		asn1_delete_structure(dinfo);
@@ -147,7 +142,7 @@ fprintf(stderr, "OID: %s\n", str);
  * e is public key
  */
 int
-_gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI m, MPI e)
+_gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI e, MPI m)
 {
 	MACAlgorithm hash;
 	int ret;
@@ -164,22 +159,34 @@ _gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI m
 	
 	/* decrypted is a BER encoded data of type DigestInfo
 	 */
-	
-	if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, sizeof(digest))) != 0) {
+
+	digest_size = sizeof(digest);	
+	if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, &digest_size )) != 0) {
 		gnutls_assert();
 		return ret;
 	}
 
-	gnutls_free_datum( &decrypted);
+#ifdef DEBUG
+fprintf(stderr, "digest_size: %s\n", _gnutls_bin2hex(digest,digest_size));
+#endif
 
-	digest_size = gnutls_hash_get_algo_len(hash);
+	gnutls_free_datum( &decrypted);
 
-	hd = gnutls_hash_init(hash);
-	gnutls_hash(hd, text->data, text->size);
-	gnutls_hash_deinit(hd, md);
+	if (digest_size != gnutls_hash_get_algo_len(hash)) {
+		gnutls_assert();
+		return GNUTLS_E_ASN1_PARSING_ERROR;
+	}
 
-	if (memcmp( md, digest, digest_size)!=0) 
+	hd = gnutls_hash_init( hash);
+	gnutls_hash( hd, text->data, text->size);
+	gnutls_hash_deinit( hd, md);
+#ifdef DEBUG
+	fprintf(stderr, "cmd: %s\n", _gnutls_bin2hex(md, 16));
+#endif
+	if (memcmp( md, digest, digest_size)!=0) {
+		gnutls_assert();
 		return GNUTLS_E_PK_SIGNATURE_FAILED;
+	}
 
 	return 0;		
 }
@@ -206,7 +213,10 @@ gnutls_datum* tbs;
 		gnutls_free_datum(tbs);
 		return GNUTLS_CERT_TRUSTED;
 	}
+#ifdef DEBUG
 fprintf(stderr, "PK: %d\n", issuer->subject_pk_algorithm);	
+#endif
+
 	gnutls_assert();
 	return GNUTLS_CERT_INVALID;
 }