*** empty log message ***

diff --git a/README b/README
index d3d39a5f4821a0579dd21166b5cdffa89732d240..f21991be0795b878f428343b3df21ae4a7be8400 100644 (file)
--- a/README
+++ b/README
@@ -5,10 +5,7 @@ It is a TLS implementation for the GNU project.
 It is currently under heavy development. (and still not ready for 
 real world programs)
 
-* The library needs libgcrypt. Libgcrypt is part of gnupg (cvs.gnupg.org)
-
-* Run the buildconf script before doing anything. This will create
-the needed configure, makefiles etc. using Automake, Autoconf, and libtool.
+* The library needs libgcrypt. Libgcrypt is part of gnupg (ftp.gnupg.org)
 
 * Documentation:
  view the doc/ directory and the examples in the src/ directory.

diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index 15199e2acb97c5b496c8a3908dc11067698804ae..c36e24247f237a36c841e71769f7054007dc2bda 100644 (file)
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -491,7 +491,7 @@ int gen_rsa_client_kx(GNUTLS_KEY key, opaque ** data)
        key->key.data[1] = key->version.minor;
 
        if ((ret =
-            _gnutls_pkcs1_rsa_encrypt(&sdata, key->key, key->u, key->A)) < 0) {
+            _gnutls_pkcs1_rsa_encrypt(&sdata, key->key, key->u, key->A, 2)) < 0) {
                gnutls_assert();
                _gnutls_mpi_release(&pkey);
                _gnutls_mpi_release(&n);

diff --git a/lib/cert_verify.c b/lib/cert_verify.c
index 81b10a09cb9b1b7d30bf8bee0647696da82cef9e..ead27f35e07a04349173b69f46be4487218f4965 100644 (file)
--- a/lib/cert_verify.c
+++ b/lib/cert_verify.c
@@ -172,8 +172,6 @@ int compare_dn(gnutls_cert * cert, gnutls_cert * issuer_cert)
        opaque issuer_dn[MAX_DN_ELEM];
        opaque issuer_own_dn[MAX_DN_ELEM];
 
-fprintf(stderr, "XXX: %s - III: %s\n", cert->issuer_info.common_name, issuer_cert->issuer_info.common_name);
-fprintf(stderr, "XXX: %s - III: %s\n", cert->cert_info.common_name, issuer_cert->cert_info.common_name);
        /* get the issuer of 'cert'
         */
        if (asn1_create_structure(_gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate2") != ASN_OK) {

diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 7a16b3d6981c5f7e00c7a8239297ac3fa3999c78..7a62eddb58bd6a8e4881a90764ac7edfc65b1171 100644 (file)
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -385,6 +385,9 @@ int gnutls_set_x509_trust(X509PKI_CREDENTIALS res, char* CAFILE, char* CRLFILE)
 {
 int ret;
 
+/* FIXME: This function fails (DER parsing) if it is called
+ * after gnutls_set_x509_key(). why?
+ */
        if ( (ret=read_ca_file( res, CAFILE)) < 0)
                return ret;
 
@@ -729,7 +732,6 @@ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
        }
 
        len = sizeof( gCert->signature);
-
        result =
            asn1_read_value
                    (c2, "certificate2.signature",

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 04e4892f6dd91a6d7893f74f9e97da5a149ce084..5f0e8a8a14cddc214a21b041299e5715d6385ac8 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -30,9 +30,9 @@
 #define HARD_DEBUG
 #define BUFFERS_DEBUG
 #define RECORD_DEBUG
-#define HANDSHAKE_DEBUG
+#define HANDSHAKE_DEBUG*/
 #define DEBUG
-*/
+
 
 #define SOCKET int
 #define LIST ...

diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 76b06ce6a09d5a3b9b54705863d87ab4ce21ed65..94b61090deb37034a72b1bf2362192ff5f5ffbd7 100644 (file)
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -34,7 +34,7 @@
  */
 
 int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
-                     MPI pkey, MPI n)
+                     MPI pkey, MPI n, int btype)
 {
        int k, psize, i, ret;
        MPI m, res;
@@ -55,11 +55,11 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
        }
 
        /* EB = 00||BT||PS||00||D 
-        * (use block type 2)
+        * (use block type 'btype')
         */
 
        edata[0] = 0;
-       edata[1] = 2;
+       edata[1] = btype;
        psize = k - 3 - plaintext.size;
 
        ps = &edata[2];
@@ -121,6 +121,8 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext,
        esize = ciphertext.size;
 
        if (esize!=k) {
+#warning "REMOVE ME"
+fprintf(stderr, "ESIZE: %d/%d\n", esize, k);
                gnutls_assert();
                return GNUTLS_E_PK_DECRYPTION_FAILED;
        }

diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index d6e2d5d673b60fd2241635b3079cafcb0fc94ec2..dc11a5a7eabfb37115f87d842cd48ad83fe6e9ef 100644 (file)
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -7,7 +7,7 @@ typedef enum PKAlgorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA,    /* sign only */
 
 int _gnutls_pk_encrypt(int algo, MPI * resarr, MPI data, MPI ** pkey);
 int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
-                     MPI pkey, MPI n);
+                     MPI pkey, MPI n, int btype);
 int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext,
                      MPI pkey, MPI n, int btype);
 

diff --git a/lib/gnutls_sig_check.c b/lib/gnutls_sig_check.c
index e5afd94dd8a10457955849bf27cd71e2f33da85d..53bdb0de9325f2df22fbfd98e6139396c7ace022 100644 (file)
--- a/lib/gnutls_sig_check.c
+++ b/lib/gnutls_sig_check.c
@@ -30,6 +30,7 @@
 #include <gnutls_privkey.h>
 #include <gnutls_global.h>
 #include <gnutls_pk.h>
+#include <debug.h>
 
 static gnutls_datum* _gnutls_get_tbs( gnutls_cert* cert) {
 node_asn *c2;
@@ -51,11 +52,8 @@ int result, len;
        
        len = sizeof(str)-1;
        result =
-           asn1_read_value( c2, "certificate.tbsCertificate", str, &len);
+           asn1_create_der( c2, "certificate.tbsCertificate", str, &len);
        if (result != ASN_OK) {
-#ifdef DEBUG
-               fprintf(stderr, "ASN.1 failure number %d\n", result);
-#endif
                gnutls_assert();
                asn1_delete_structure(c2);
                return NULL;
@@ -68,24 +66,20 @@ int result, len;
                gnutls_assert();
                return NULL;
        }
-       
-       ret->data = gnutls_malloc( len);
-       if (ret->data==NULL) {
+
+       if (gnutls_set_datum( ret, str, len) < 0) {
                gnutls_assert();
                gnutls_free(ret);
                return NULL;
        }
        
-       memcpy( ret->data, str, len);
-       ret->size = len;
-
        return ret;
 }
 
 
 /* we use DER here -- FIXME: use BER
  */
-static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int digest_size) {
+static int _gnutls_get_ber_digest_info( const gnutls_datum *info, MACAlgorithm *hash, opaque* digest, int *digest_size) {
 node_asn* dinfo;
 int result;
 opaque str[1024];
@@ -95,7 +89,7 @@ int len;
                gnutls_assert();
                return GNUTLS_E_ASN1_ERROR;
        }
-       
+
        result = asn1_get_der( dinfo, info->data, info->size);
        if (result != ASN_OK) {
                gnutls_assert();
@@ -122,14 +116,15 @@ int len;
        }
 
        if (*hash==-1) {
-fprintf(stderr, "OID: %s\n", str);
+#ifdef DEBUG
+               fprintf(stderr, "HASH OID: %s\n", str);
+#endif
                gnutls_assert();
                return GNUTLS_E_UNIMPLEMENTED_FEATURE;
        }
        
-       len = digest_size;
        result =
-           asn1_read_value( dinfo, "digest_info.digest", digest, &len);
+           asn1_read_value( dinfo, "digest_info.digest", digest, digest_size);
        if (result != ASN_OK) {
                gnutls_assert();
                asn1_delete_structure(dinfo);
@@ -147,7 +142,7 @@ fprintf(stderr, "OID: %s\n", str);
  * e is public key
  */
 int
-_gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI m, MPI e)
+_gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI e, MPI m)
 {
        MACAlgorithm hash;
        int ret;
@@ -164,22 +159,34 @@ _gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI m
        
        /* decrypted is a BER encoded data of type DigestInfo
         */
-       
-       if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, sizeof(digest))) != 0) {
+
+       digest_size = sizeof(digest);   
+       if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, &digest_size )) != 0) {
                gnutls_assert();
                return ret;
        }
 
-       gnutls_free_datum( &decrypted);
+#ifdef DEBUG
+fprintf(stderr, "digest_size: %s\n", _gnutls_bin2hex(digest,digest_size));
+#endif
 
-       digest_size = gnutls_hash_get_algo_len(hash);
+       gnutls_free_datum( &decrypted);
 
-       hd = gnutls_hash_init(hash);
-       gnutls_hash(hd, text->data, text->size);
-       gnutls_hash_deinit(hd, md);
+       if (digest_size != gnutls_hash_get_algo_len(hash)) {
+               gnutls_assert();
+               return GNUTLS_E_ASN1_PARSING_ERROR;
+       }
 
-       if (memcmp( md, digest, digest_size)!=0) 
+       hd = gnutls_hash_init( hash);
+       gnutls_hash( hd, text->data, text->size);
+       gnutls_hash_deinit( hd, md);
+#ifdef DEBUG
+       fprintf(stderr, "cmd: %s\n", _gnutls_bin2hex(md, 16));
+#endif
+       if (memcmp( md, digest, digest_size)!=0) {
+               gnutls_assert();
                return GNUTLS_E_PK_SIGNATURE_FAILED;
+       }
 
        return 0;               
 }
@@ -206,7 +213,10 @@ gnutls_datum* tbs;
                gnutls_free_datum(tbs);
                return GNUTLS_CERT_TRUSTED;
        }
+#ifdef DEBUG
 fprintf(stderr, "PK: %d\n", issuer->subject_pk_algorithm);     
+#endif
+
        gnutls_assert();
        return GNUTLS_CERT_INVALID;
 }