TLS 1.2 with standard signature? Why hash->size == 36??

Simon Josefsson simon at
Thu Nov 26 14:42:02 CET 2009

That is great!

Did you have to re-add the PKCS#1 ASN.1 OID before signing the data
manually?  Or was that not necessary?  I'm wondering whether current API
to only give the callback the hash value is OK, or whether it should
also include the ASN.1 OID in the data passed to the callback.  One
problem with the current callback API is that there is no signalling of
which hash function was used -- before in TLS this was not necessary
since only MD5/SHA1 was used, and the default is still SHA-1, but it
will be possible to sign using SHA-256 or similar too.  The callback
needs to be able to figure out that somehow.


Carolin Latze <carolin.latze at> writes:

> Hi Simon,
> yup, it is perfectly working now (I tested with 2.9.10)! Thanks a lot
> for fixing that!!!
> Cheers
> Carolin
> Simon Josefsson wrote:
>> Carolin,
>> I just re-ran the x509signself self-test with gnutls 2.9.x and the hash
>> size passed to the function is now 20 bytes.  I suppose GnuTLS adds the
>> right PKCS#1 ASN.1 OID internally.  It occurs to me that perhaps the
>> callback should receive the entire PKCS#1 blob, to avoid having the
>> callback reconstruct it, instead of just the hash value, but maybe this
>> is sufficient to make things work for you?  I'll release 2.9.9 in a few
>> minutes with some minor fixes, please test it.
>> /Simon
>> Carolin Latze <carolin.latze at> writes:
>>> Hi Simon,
>>> I tried to use TLS 1.2 with and without sign callback, and I still see a
>>> signature of 36 bytes... Even if there is a leading SHA-1 OID, shouldn't
>>> it be max 35 then? Maybe we should check, whether I check the right
>>> variables:
>>> In gnutls_sig.c, method _gnutls_tls_sign_hdata, there is a structure
>>> called dconcat. dconcat.size holds the hash size, right? and
>>> should hold the hash itself? dconcat.size has a value of 36
>>> for me...
>>> If I use the sign callback, I print the value of hash->size (=36) and
>>> hash->data (cannot see the OID included in that value, so for me it
>>> looks like it is really not SHA-1 only).
>>> Maybe I check the wrong values?
>>> BTW: I used the latest Snapshot, 2.9.8 to test it.
>>> Sorry... :-/
>>> Carolin
>>> Simon Josefsson wrote:
>>>> Carolin Latze <carolin.latze at> writes:
>>>>> Hi all,
>>>>> according to RFC 5246, TLS 1.2 should use a standard signature, but if
>>>>> I enable TLS 1.2 in GnuTLS and print out the hash size it says
>>>>> 36... that does not sound like a standard signature.. I would expect
>>>>> something like 20 for SHA1. Am I wrong?
>>>> Hi!  With GnuTLS 2.9.7 I hope this should work better -- could you take
>>>> a look?  It should have more solid TLS 1.2 support.
>>>> Thanks,
>>>> Simon

More information about the Gnutls-help mailing list