diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-07-21 09:54:20 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-07-21 09:54:20 +0000 |
commit | 78dc026dccd0c0eef9d818c7ca505c8b9ff6d382 (patch) | |
tree | b3e6d014a313f519282a7dcc7b376d534a034bdc /lib | |
parent | 3a1ce6c21617db2162521b096c5db0d34eee96cd (diff) | |
download | gnutls-78dc026dccd0c0eef9d818c7ca505c8b9ff6d382.tar.gz |
*** empty log message ***
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth_rsa.c | 2 | ||||
-rw-r--r-- | lib/cert_verify.c | 2 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 4 | ||||
-rw-r--r-- | lib/gnutls_int.h | 4 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 8 | ||||
-rw-r--r-- | lib/gnutls_pk.h | 2 | ||||
-rw-r--r-- | lib/gnutls_sig_check.c | 58 |
7 files changed, 46 insertions, 34 deletions
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 15199e2acb..c36e24247f 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -491,7 +491,7 @@ int gen_rsa_client_kx(GNUTLS_KEY key, opaque ** data) key->key.data[1] = key->version.minor; if ((ret = - _gnutls_pkcs1_rsa_encrypt(&sdata, key->key, key->u, key->A)) < 0) { + _gnutls_pkcs1_rsa_encrypt(&sdata, key->key, key->u, key->A, 2)) < 0) { gnutls_assert(); _gnutls_mpi_release(&pkey); _gnutls_mpi_release(&n); diff --git a/lib/cert_verify.c b/lib/cert_verify.c index 81b10a09cb..ead27f35e0 100644 --- a/lib/cert_verify.c +++ b/lib/cert_verify.c @@ -172,8 +172,6 @@ int compare_dn(gnutls_cert * cert, gnutls_cert * issuer_cert) opaque issuer_dn[MAX_DN_ELEM]; opaque issuer_own_dn[MAX_DN_ELEM]; -fprintf(stderr, "XXX: %s - III: %s\n", cert->issuer_info.common_name, issuer_cert->issuer_info.common_name); -fprintf(stderr, "XXX: %s - III: %s\n", cert->cert_info.common_name, issuer_cert->cert_info.common_name); /* get the issuer of 'cert' */ if (asn1_create_structure(_gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate2") != ASN_OK) { diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 7a16b3d698..7a62eddb58 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -385,6 +385,9 @@ int gnutls_set_x509_trust(X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE) { int ret; +/* FIXME: This function fails (DER parsing) if it is called + * after gnutls_set_x509_key(). why? + */ if ( (ret=read_ca_file( res, CAFILE)) < 0) return ret; @@ -729,7 +732,6 @@ return GNUTLS_E_UNIMPLEMENTED_FEATURE; } len = sizeof( gCert->signature); - result = asn1_read_value (c2, "certificate2.signature", diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 04e4892f6d..5f0e8a8a14 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -30,9 +30,9 @@ #define HARD_DEBUG #define BUFFERS_DEBUG #define RECORD_DEBUG -#define HANDSHAKE_DEBUG +#define HANDSHAKE_DEBUG*/ #define DEBUG -*/ + #define SOCKET int #define LIST ... diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 76b06ce6a0..94b61090de 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -34,7 +34,7 @@ */ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, - MPI pkey, MPI n) + MPI pkey, MPI n, int btype) { int k, psize, i, ret; MPI m, res; @@ -55,11 +55,11 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, } /* EB = 00||BT||PS||00||D - * (use block type 2) + * (use block type 'btype') */ edata[0] = 0; - edata[1] = 2; + edata[1] = btype; psize = k - 3 - plaintext.size; ps = &edata[2]; @@ -121,6 +121,8 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext, esize = ciphertext.size; if (esize!=k) { +#warning "REMOVE ME" +fprintf(stderr, "ESIZE: %d/%d\n", esize, k); gnutls_assert(); return GNUTLS_E_PK_DECRYPTION_FAILED; } diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h index d6e2d5d673..dc11a5a7ea 100644 --- a/lib/gnutls_pk.h +++ b/lib/gnutls_pk.h @@ -7,7 +7,7 @@ typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, /* sign only */ int _gnutls_pk_encrypt(int algo, MPI * resarr, MPI data, MPI ** pkey); int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, - MPI pkey, MPI n); + MPI pkey, MPI n, int btype); int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext, MPI pkey, MPI n, int btype); diff --git a/lib/gnutls_sig_check.c b/lib/gnutls_sig_check.c index e5afd94dd8..53bdb0de93 100644 --- a/lib/gnutls_sig_check.c +++ b/lib/gnutls_sig_check.c @@ -30,6 +30,7 @@ #include <gnutls_privkey.h> #include <gnutls_global.h> #include <gnutls_pk.h> +#include <debug.h> static gnutls_datum* _gnutls_get_tbs( gnutls_cert* cert) { node_asn *c2; @@ -51,11 +52,8 @@ int result, len; len = sizeof(str)-1; result = - asn1_read_value( c2, "certificate.tbsCertificate", str, &len); + asn1_create_der( c2, "certificate.tbsCertificate", str, &len); if (result != ASN_OK) { -#ifdef DEBUG - fprintf(stderr, "ASN.1 failure number %d\n", result); -#endif gnutls_assert(); asn1_delete_structure(c2); return NULL; @@ -68,24 +66,20 @@ int result, len; gnutls_assert(); return NULL; } - - ret->data = gnutls_malloc( len); - if (ret->data==NULL) { + + if (gnutls_set_datum( ret, str, len) < 0) { gnutls_assert(); gnutls_free(ret); return NULL; } - memcpy( ret->data, str, len); - ret->size = len; - return ret; } /* we use DER here -- FIXME: use BER */ -static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int digest_size) { +static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int *digest_size) { node_asn* dinfo; int result; opaque str[1024]; @@ -95,7 +89,7 @@ int len; gnutls_assert(); return GNUTLS_E_ASN1_ERROR; } - + result = asn1_get_der( dinfo, info->data, info->size); if (result != ASN_OK) { gnutls_assert(); @@ -122,14 +116,15 @@ int len; } if (*hash==-1) { -fprintf(stderr, "OID: %s\n", str); +#ifdef DEBUG + fprintf(stderr, "HASH OID: %s\n", str); +#endif gnutls_assert(); return GNUTLS_E_UNIMPLEMENTED_FEATURE; } - len = digest_size; result = - asn1_read_value( dinfo, "digest_info.digest", digest, &len); + asn1_read_value( dinfo, "digest_info.digest", digest, digest_size); if (result != ASN_OK) { gnutls_assert(); asn1_delete_structure(dinfo); @@ -147,7 +142,7 @@ fprintf(stderr, "OID: %s\n", str); * e is public key */ int -_gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI m, MPI e) +_gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI e, MPI m) { MACAlgorithm hash; int ret; @@ -164,22 +159,34 @@ _gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI m /* decrypted is a BER encoded data of type DigestInfo */ - - if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, sizeof(digest))) != 0) { + + digest_size = sizeof(digest); + if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, &digest_size )) != 0) { gnutls_assert(); return ret; } - gnutls_free_datum( &decrypted); +#ifdef DEBUG +fprintf(stderr, "digest_size: %s\n", _gnutls_bin2hex(digest,digest_size)); +#endif - digest_size = gnutls_hash_get_algo_len(hash); + gnutls_free_datum( &decrypted); - hd = gnutls_hash_init(hash); - gnutls_hash(hd, text->data, text->size); - gnutls_hash_deinit(hd, md); + if (digest_size != gnutls_hash_get_algo_len(hash)) { + gnutls_assert(); + return GNUTLS_E_ASN1_PARSING_ERROR; + } - if (memcmp( md, digest, digest_size)!=0) + hd = gnutls_hash_init( hash); + gnutls_hash( hd, text->data, text->size); + gnutls_hash_deinit( hd, md); +#ifdef DEBUG + fprintf(stderr, "cmd: %s\n", _gnutls_bin2hex(md, 16)); +#endif + if (memcmp( md, digest, digest_size)!=0) { + gnutls_assert(); return GNUTLS_E_PK_SIGNATURE_FAILED; + } return 0; } @@ -206,7 +213,10 @@ gnutls_datum* tbs; gnutls_free_datum(tbs); return GNUTLS_CERT_TRUSTED; } +#ifdef DEBUG fprintf(stderr, "PK: %d\n", issuer->subject_pk_algorithm); +#endif + gnutls_assert(); return GNUTLS_CERT_INVALID; } |