help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS 1.2 with standard signature? Why hash->size == 36??

From: Vandra Ákos
Subject: Re: TLS 1.2 with standard signature? Why hash->size == 36??
Date: Thu, 08 Oct 2009 19:35:07 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4pre) Gecko/20090915 Thunderbird/3.0b4
Last time I checked, the signature algorithm is broken, still uses the TLSv1.1 implementation meaning SHA1 ++ MD5 concat. 

Regards,
  Vandra Ákos

On 2009. 10. 08. 11:16, Carolin Latze wrote:

Hi Simon,

I tried to use TLS 1.2 with and without sign callback, and I still see a
signature of 36 bytes... Even if there is a leading SHA-1 OID, shouldn't
it be max 35 then? Maybe we should check, whether I check the right
variables:

In gnutls_sig.c, method _gnutls_tls_sign_hdata, there is a structure
called dconcat. dconcat.size holds the hash size, right? and
dconcat.data should hold the hash itself? dconcat.size has a value of 36
for me...

If I use the sign callback, I print the value of hash->size (=36) and
hash->data (cannot see the OID included in that value, so for me it
looks like it is really not SHA-1 only).

Maybe I check the wrong values?

BTW: I used the latest Snapshot, 2.9.8 to test it.

Sorry... :-/
Carolin

Simon Josefsson wrote:

Carolin Latze<address@hidden>  writes:



Hi all,

according to RFC 5246, TLS 1.2 should use a standard signature, but if
I enable TLS 1.2 in GnuTLS and print out the hash size it says
36... that does not sound like a standard signature.. I would expect
something like 20 for SHA1. Am I wrong?


Hi!  With GnuTLS 2.9.7 I hope this should work better -- could you take
a look?  It should have more solid TLS 1.2 support.

Thanks,
Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]