[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_22-14-g22c2
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_22-14-g22c2007 |
|
Date: |
Sun, 26 Aug 2012 21:26:05 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=22c20072bb6013acf15c93fe3350abaf3f3b5661
The branch, gnutls_3_0_x-2 has been updated
via 22c20072bb6013acf15c93fe3350abaf3f3b5661 (commit)
via 7aeda76c41bf48877ca6cff7581f6b7ed00b5b9a (commit)
via 15fda0463c62b9feeb9c4d4e7872a642a2528ca7 (commit)
via 6ce282dbc7a445edd98c6407d39fbd54b28f0502 (commit)
via 1b89604daff0653e47e9bf8937674928a29309ba (commit)
from 4fa2188f4c2ed817fb24fad40dbe22cb4296ee6f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 22c20072bb6013acf15c93fe3350abaf3f3b5661
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 26 23:25:54 2012 +0200
documented fix
commit 7aeda76c41bf48877ca6cff7581f6b7ed00b5b9a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 26 21:18:35 2012 +0200
fix DSA and ECDSA signing in smart cards.
commit 15fda0463c62b9feeb9c4d4e7872a642a2528ca7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 26 21:16:57 2012 +0200
null terminate the certificate being print
commit 6ce282dbc7a445edd98c6407d39fbd54b28f0502
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Aug 25 15:37:17 2012 +0200
Prevent the usage of strlen() on null values.
commit 1b89604daff0653e47e9bf8937674928a29309ba
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 17 15:15:08 2012 +0200
When selecting a session signature algorithm consider the enabled.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 ++++++++
lib/ext/signature.c | 3 ++
lib/pkcs11_privkey.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++
lib/x509/privkey_pkcs8.c | 12 +++++++++-
src/common.c | 3 +-
5 files changed, 72 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index dca41b2..17f023c 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,15 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2012 Free Software Foundation, Inc.
See the end for copying conditions.
+* Version 3.0.23 (unreleased)
+
+** libgnutls: Fixed DSA and ECDSA signature generation in
+smart cards.
+
+** API and ABI modifications:
+No changes since last version.
+
+
* Version 3.0.22 (released 2012-08-04)
** libgnutls: gnutls_certificate_set_x509_system_trust()
diff --git a/lib/ext/signature.c b/lib/ext/signature.c
index 1da555e..d52091a 100644
--- a/lib/ext/signature.c
+++ b/lib/ext/signature.c
@@ -274,6 +274,9 @@ _gnutls_session_get_sign_algo (gnutls_session_t session,
gnutls_pcert_st* cert)
if (_gnutls_pubkey_compatible_with_sig(cert->pubkey, ver,
priv->sign_algorithms[i]) < 0)
continue;
+ if (_gnutls_session_sign_algo_enabled(session,
priv->sign_algorithms[i]) < 0)
+ continue;
+
return priv->sign_algorithms[i];
}
}
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index ccec17e..ec70930 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -26,6 +26,7 @@
#include <gnutls_datum.h>
#include <pkcs11_int.h>
#include <gnutls_sig.h>
+#include <gnutls_pk.h>
#include <p11-kit/uri.h>
struct gnutls_pkcs11_privkey_st
@@ -141,6 +142,23 @@ gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t
pkey,
} \
} while (0);
+
+static int read_rs(bigint_t *r, bigint_t *s, uint8_t *data, size_t data_size)
+{
+unsigned int dhalf = data_size/2;
+
+ if (_gnutls_mpi_scan_nz (r, data, dhalf) != 0)
+ return gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
+
+ if (_gnutls_mpi_scan_nz (s, &data[dhalf], dhalf) != 0)
+ {
+ _gnutls_mpi_release(r);
+ return gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
+ }
+
+ return 0;
+}
+
/*-
* _gnutls_pkcs11_privkey_sign_hash:
* @key: Holds the key
@@ -205,6 +223,36 @@ _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t
key,
}
signature->size = siglen;
+
+ if (key->pk_algorithm == GNUTLS_PK_EC || key->pk_algorithm == GNUTLS_PK_DSA)
+ {
+ bigint_t r,s;
+
+ if (siglen % 2 != 0)
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto cleanup;
+ }
+
+ ret = read_rs(&r, &s, signature->data, signature->size);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ gnutls_free(signature->data);
+ ret = _gnutls_encode_ber_rs (signature, r, s);
+ _gnutls_mpi_release(&r);
+ _gnutls_mpi_release(&s);
+
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
ret = 0;
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 3af1045..2e3417f 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -1593,6 +1593,10 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
cipher_hd_st ch;
int ch_init = 0;
int key_size;
+ unsigned int pass_len = 0;
+
+ if (password)
+ pass_len = strlen(password);
data_size = 0;
result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
@@ -1641,7 +1645,7 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
case PBES2_AES_192:
case PBES2_AES_256:
- result = _gnutls_pbkdf2_sha1 (password, strlen (password),
+ result = _gnutls_pbkdf2_sha1 (password, pass_len,
kdf_params->salt, kdf_params->salt_size,
kdf_params->iter_count, key, key_size);
@@ -1896,8 +1900,12 @@ generate_key (schema_id schema,
struct pbe_enc_params *enc_params, gnutls_datum_t * key)
{
unsigned char rnd[2];
+ unsigned int pass_len = 0;
int ret;
+ if (password)
+ pass_len = strlen(password);
+
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
if (ret < 0)
{
@@ -1971,7 +1979,7 @@ generate_key (schema_id schema,
case PBES2_AES_192:
case PBES2_AES_256:
- ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
+ ret = _gnutls_pbkdf2_sha1 (password, pass_len,
kdf_params->salt, kdf_params->salt_size,
kdf_params->iter_count,
key->data, kdf_params->key_size);
diff --git a/src/common.c b/src/common.c
index 95de4b4..e5057b0 100644
--- a/src/common.c
+++ b/src/common.c
@@ -159,7 +159,7 @@ print_x509_info (gnutls_session_t session, int flag, int
print_cert)
&size);
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
- p = malloc (size);
+ p = malloc (size+1);
if (!p)
{
fprintf (stderr, "gnutls_malloc\n");
@@ -177,6 +177,7 @@ print_x509_info (gnutls_session_t session, int flag, int
print_cert)
return;
}
+ p[size] = 0;
fputs ("\n", stdout);
fputs (p, stdout);
fputs ("\n", stdout);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_3_0_x-2, updated. gnutls_3_0_22-14-g22c2007,
Nikos Mavrogiannopoulos <=