[gnutls-devel] GnuTLS | priority: reflect system wide config when constructing sigalgs (!1447)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Jun 11 16:27:31 CEST 2021




Daiki Ueno commented on a discussion on tests/system-override-sig-tls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1447#note_599339481

> +
> +#define PRIO "NORMAL:-VERS-ALL:+VERS-TLS1.3:-SIGN-ALL:" \
> +	"+SIGN-RSA-PSS-RSAE-SHA256:+SIGN-RSA-PSS-RSAE-SHA384"
> +/* rsa_pss_rsae_sha384 */
> +#define SIGALGS_EXP "\x00\x02\x08\x05"
> +
> +static int
> +ext_callback(void *ctx, unsigned tls_id,
> +	     const unsigned char *data, unsigned size)
> +{
> +	if (tls_id == 13) {	/* signature algorithms */
> +		if (size != sizeof(SIGALGS_EXP) - 1) {
> +			fail("invalid signature_algorithms length: %u != 4\n",
> +			     size);
> +		}
> +		if (memcmp(data, SIGALGS_EXP, sizeof(SIGALGS_EXP) - 1) != 0) {

Oops, indeed (and the test was actually failing due to that). I've modified the wrapper script to force "insecure-sig = rsa-pss-rsae-sha256".

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1447#note_599339481
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210611/c743541e/attachment.html>


More information about the Gnutls-devel mailing list