diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-05-25 12:45:51 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-05-25 12:45:51 +0200 |
commit | 2cb743de088fecfc3d94507e6db92e35f3880ada (patch) | |
tree | e78a0a995a4a2a627d76d7d9fec9d72f7477d63c | |
parent | f03756387e6bd3f1e99b2799e1931544725d4221 (diff) | |
download | gnutls-2cb743de088fecfc3d94507e6db92e35f3880ada.tar.gz |
corrected bug with _gnutls_dsa_q_to_hash() usage introduced previously
-rw-r--r-- | lib/abstract_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_pubkey.c | 21 | ||||
-rw-r--r-- | lib/nettle/pk.c | 14 |
3 files changed, 18 insertions, 19 deletions
diff --git a/lib/abstract_int.h b/lib/abstract_int.h index 229a49885a..0ea7f4c327 100644 --- a/lib/abstract_int.h +++ b/lib/abstract_int.h @@ -108,6 +108,6 @@ int pubkey_verify_data (gnutls_pk_algorithm_t pk, const mac_entry_st* _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, - const gnutls_pk_params_st* params); + const gnutls_pk_params_st* params, unsigned int* hash_len); #endif diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index a153a7a167..91f599ee0d 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -1776,8 +1776,7 @@ const mac_entry_st* me; if (pubkey->pk_algorithm == GNUTLS_PK_DSA) { - me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params); - hash_size = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */ if (!_gnutls_version_has_selectable_sighash (ver)) @@ -1798,8 +1797,7 @@ const mac_entry_st* me; { if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN) { - me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params); - hash_size = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign)); sig_hash_size = _gnutls_hash_get_algo_len(me); @@ -1907,10 +1905,8 @@ dsa_verify_hashed_data (gnutls_pk_algorithm_t pk, unsigned int hash_len; if (algo == NULL) - algo = _gnutls_dsa_q_to_hash (pk, params); + algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len); - hash_len = _gnutls_hash_get_algo_len(algo); - /* SHA1 or better allowed */ if (!hash->data || hash->size < hash_len) { @@ -1941,7 +1937,7 @@ dsa_verify_data (gnutls_pk_algorithm_t pk, digest_hd_st hd; if (algo == NULL) - algo = _gnutls_dsa_q_to_hash (pk, params); + algo = _gnutls_dsa_q_to_hash (pk, params, NULL); ret = _gnutls_hash_init (&hd, algo); if (ret < 0) @@ -2041,7 +2037,8 @@ pubkey_verify_data (gnutls_pk_algorithm_t pk, } const mac_entry_st* -_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params) +_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params, + unsigned int* hash_len) { int bits = 0; int ret; @@ -2053,26 +2050,32 @@ _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* pa if (bits <= 160) { + if (hash_len) *hash_len = 20; ret = GNUTLS_DIG_SHA1; } else if (bits <= 192) { + if (hash_len) *hash_len = 24; ret = GNUTLS_DIG_SHA256; } else if (bits <= 224) { + if (hash_len) *hash_len = 28; ret = GNUTLS_DIG_SHA256; } else if (bits <= 256) { + if (hash_len) *hash_len = 32; ret = GNUTLS_DIG_SHA256; } else if (bits <= 384) { + if (hash_len) *hash_len = 48; ret = GNUTLS_DIG_SHA384; } else { + if (hash_len) *hash_len = 64; ret = GNUTLS_DIG_SHA512; } diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index c63ba1fdca..1d9707e406 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -347,8 +347,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, dsa_signature_init (&sig); - me = _gnutls_dsa_q_to_hash (algo, pk_params); - hash_len = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) { @@ -384,8 +383,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, dsa_signature_init (&sig); - me = _gnutls_dsa_q_to_hash (algo, pk_params); - hash_len = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) { @@ -500,8 +498,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, memcpy (&sig.r, tmp[0], sizeof (sig.r)); memcpy (&sig.s, tmp[1], sizeof (sig.s)); - me = _gnutls_dsa_q_to_hash (algo, pk_params); - hash_len = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) hash_len = vdata->size; @@ -534,8 +531,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, memcpy (&sig.r, tmp[0], sizeof (sig.r)); memcpy (&sig.s, tmp[1], sizeof (sig.s)); - me = _gnutls_dsa_q_to_hash (algo, pk_params); - hash_len = _gnutls_hash_get_algo_len(me); + me = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len); if (hash_len > vdata->size) hash_len = vdata->size; @@ -1100,7 +1096,7 @@ static int wrap_nettle_hash_algorithm (gnutls_pk_algorithm_t pk, case GNUTLS_PK_DSA: case GNUTLS_PK_EC: - me = _gnutls_dsa_q_to_hash (pk, issuer_params); + me = _gnutls_dsa_q_to_hash (pk, issuer_params, NULL); if (hash_algo) *hash_algo = me->id; |