TLS 1.2 with standard signature? Why hash->size == 36??

Carolin Latze carolin.latze at unifr.ch
Thu Nov 26 15:21:21 CET 2009


Hi Simon,

I didn't go that yet (I do not really have time to go on developing my
projekt at the moment :-( ), but for me, the hash excluding the OID
should be fine. I am not sure that is the case for every possible
application using the callback. Maybe it is better to pass the OID
too... It is easy to cut it of if it is not needed for further processing.

Carolin

Simon Josefsson wrote:
> That is great!
>
> Did you have to re-add the PKCS#1 ASN.1 OID before signing the data
> manually?  Or was that not necessary?  I'm wondering whether current API
> to only give the callback the hash value is OK, or whether it should
> also include the ASN.1 OID in the data passed to the callback.  One
> problem with the current callback API is that there is no signalling of
> which hash function was used -- before in TLS this was not necessary
> since only MD5/SHA1 was used, and the default is still SHA-1, but it
> will be possible to sign using SHA-256 or similar too.  The callback
> needs to be able to figure out that somehow.
>
> /Simon
>
> Carolin Latze <carolin.latze at unifr.ch> writes:
>
>   
>> Hi Simon,
>>
>> yup, it is perfectly working now (I tested with 2.9.10)! Thanks a lot
>> for fixing that!!!
>>
>> Cheers
>> Carolin
>>
>> Simon Josefsson wrote:
>>     
>>> Carolin,
>>>
>>> I just re-ran the x509signself self-test with gnutls 2.9.x and the hash
>>> size passed to the function is now 20 bytes.  I suppose GnuTLS adds the
>>> right PKCS#1 ASN.1 OID internally.  It occurs to me that perhaps the
>>> callback should receive the entire PKCS#1 blob, to avoid having the
>>> callback reconstruct it, instead of just the hash value, but maybe this
>>> is sufficient to make things work for you?  I'll release 2.9.9 in a few
>>> minutes with some minor fixes, please test it.
>>>
>>> /Simon
>>>
>>> Carolin Latze <carolin.latze at unifr.ch> writes:
>>>
>>>   
>>>       
>>>> Hi Simon,
>>>>
>>>> I tried to use TLS 1.2 with and without sign callback, and I still see a
>>>> signature of 36 bytes... Even if there is a leading SHA-1 OID, shouldn't
>>>> it be max 35 then? Maybe we should check, whether I check the right
>>>> variables:
>>>>
>>>> In gnutls_sig.c, method _gnutls_tls_sign_hdata, there is a structure
>>>> called dconcat. dconcat.size holds the hash size, right? and
>>>> dconcat.data should hold the hash itself? dconcat.size has a value of 36
>>>> for me...
>>>>
>>>> If I use the sign callback, I print the value of hash->size (=36) and
>>>> hash->data (cannot see the OID included in that value, so for me it
>>>> looks like it is really not SHA-1 only).
>>>>
>>>> Maybe I check the wrong values?
>>>>
>>>> BTW: I used the latest Snapshot, 2.9.8 to test it.
>>>>
>>>> Sorry... :-/
>>>> Carolin
>>>>
>>>> Simon Josefsson wrote:
>>>>     
>>>>         
>>>>> Carolin Latze <carolin.latze at unifr.ch> writes:
>>>>>
>>>>>   
>>>>>       
>>>>>           
>>>>>> Hi all,
>>>>>>
>>>>>> according to RFC 5246, TLS 1.2 should use a standard signature, but if
>>>>>> I enable TLS 1.2 in GnuTLS and print out the hash size it says
>>>>>> 36... that does not sound like a standard signature.. I would expect
>>>>>> something like 20 for SHA1. Am I wrong?
>>>>>>     
>>>>>>         
>>>>>>             
>>>>> Hi!  With GnuTLS 2.9.7 I hope this should work better -- could you take
>>>>> a look?  It should have more solid TLS 1.2 support.
>>>>>
>>>>> Thanks,
>>>>> Simon
>>>>>   
>>>>>       
>>>>>           






More information about the Gnutls-help mailing list