[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-156-g9bbf4c9
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-156-g9bbf4c9 |
|
Date: |
Sat, 29 May 2010 12:35:48 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=9bbf4c92bedf22e2e77aa8d8d4bd9c81f459abea
The branch, new has been updated
via 9bbf4c92bedf22e2e77aa8d8d4bd9c81f459abea (commit)
via 75f437f7e1e1858c8f403ad5aed5093e2a0a4626 (commit)
via 8741ed2344555624522b8beb096373722fbb723c (commit)
via bf6877dd02f07911244fd3972960131356a9d04b (commit)
via 1dff111e4515bfbe156e137cf80d2e1099fd0c7d (commit)
via 8b84c7b4a419153bba5e2d4f9a49ab37dc8ad266 (commit)
via 4093b22a265a83e4affef98944e68e47cc8b9905 (commit)
via 2c47529b4d58fefcf6dae6b50d3f4c01015b0d1f (commit)
via 83962eec436df92ab631664e4982bd370be8c8e7 (commit)
via 395e86e38b8c16eab8dc56a10da3947bb624b1f1 (commit)
from 91f87327912d28adab2b52fb0549a134b9a2d83d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9bbf4c92bedf22e2e77aa8d8d4bd9c81f459abea
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 14:16:15 2010 +0200
Added debugging
commit 75f437f7e1e1858c8f403ad5aed5093e2a0a4626
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 14:15:59 2010 +0200
Allow DSA with other than SHA1 algorithms in TLS.
commit 8741ed2344555624522b8beb096373722fbb723c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 14:15:12 2010 +0200
removed more stuff.
commit bf6877dd02f07911244fd3972960131356a9d04b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 13:25:45 2010 +0200
LocalKeyId and XmppAddr were incorporated.
commit 1dff111e4515bfbe156e137cf80d2e1099fd0c7d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 13:17:12 2010 +0200
No need for those OIDs any more.
commit 8b84c7b4a419153bba5e2d4f9a49ab37dc8ad266
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 13:16:54 2010 +0200
Corrected to support new EV_ values.
commit 4093b22a265a83e4affef98944e68e47cc8b9905
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 13:13:31 2010 +0200
avoid calling gcrypt directly.
commit 2c47529b4d58fefcf6dae6b50d3f4c01015b0d1f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 13:13:12 2010 +0200
exported gnutls_rnd().
commit 83962eec436df92ab631664e4982bd370be8c8e7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 13:00:34 2010 +0200
The recognition of DN elements is now self contained. It does not need
entries in pkix.asn.
commit 395e86e38b8c16eab8dc56a10da3947bb624b1f1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 12:43:24 2010 +0200
Added support for EV certificate attributes.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
lib/gnutls_sig.c | 5 +-
lib/includes/gnutls/crypto.h | 3 +
lib/libgnutls.map | 3 +-
lib/pkix.asn | 104 ---------------------------
lib/pkix_asn1_tab.c | 160 +-----------------------------------------
lib/random.c | 16 ++++-
lib/random.h | 3 +-
lib/x509/common.c | 102 +++++++++++++++++----------
lib/x509/common.h | 2 +
lib/x509/dn.c | 7 +--
src/crypt.c | 2 +-
src/psk.c | 2 +-
tests/crq_key_id.c | 2 -
tests/cve-2009-1416.c | 1 -
tests/dn2.c | 2 +-
tests/mini-eagain.c | 9 +--
tests/pkcs12_encode.c | 13 +++-
tests/pkcs12_s2k_pem.c | 1 -
19 files changed, 114 insertions(+), 324 deletions(-)
diff --git a/NEWS b/NEWS
index 11fb483..cb53b7d 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,7 @@
pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;man
gnutls_certificate_set_server_retrieve_function: DEPRECATED
gnutls_certificate_set_client_retrieve_function: DEPRECATED
gnutls_sign_callback_set: DEPRECATED
+gnutls_rnd: ADDED
gnutls_sec_param_to_pk_bits: ADDED
gnutls_pk_bits_to_sec_param: ADDED
gnutls_sec_param_get_name: ADDED
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index bcd131f..b0bc83c 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -203,13 +203,14 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
case GNUTLS_PK_DSA:
_gnutls_hash_deinit (&td_sha, concat);
- if (hash_algo != GNUTLS_DIG_SHA1)
+ if (hash_algo != GNUTLS_DIG_SHA1 && hash_algo != GNUTLS_DIG_SHA224 && \
+ hash_algo != hash_algo != GNUTLS_DIG_SHA256)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
dconcat.data = concat;
- dconcat.size = 20;
+ dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
break;
default:
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 64cf7a6..31352dd 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -112,6 +112,9 @@ typedef enum gnutls_rnd_level
GNUTLS_RND_KEY = 2
} gnutls_rnd_level_t;
+int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+
+
/**
* gnutls_pk_flag_t:
* @GNUTLS_PK_FLAG_NONE: No flag.
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 1baa463..f4c76f9 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -675,6 +675,7 @@ GNUTLS_2_11
gnutls_sec_param_to_pk_bits;
gnutls_sec_param_get_name;
gnutls_pk_bits_to_sec_param;
+ gnutls_rnd;
} GNUTLS_2_10;
GNUTLS_PRIVATE {
@@ -703,7 +704,7 @@ GNUTLS_PRIVATE {
_gnutls_hash;
# Internal symbols needed by psktool:
- _gnutls_rnd;
+
# Internal symbols needed by gnutls-cli-debug:
_gnutls_rsa_pms_set_version;
_gnutls_record_set_default_version;
diff --git a/lib/pkix.asn b/lib/pkix.asn
index e105aae..e805fb7 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -169,74 +169,8 @@ id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2)
ds(5) 4}
-- Maybe this is inefficient and memory consuming. Should we replace with
-- a table that maps OIDs to structures?
-id-at-initials AttributeType ::= { id-at 43 }
-X520initials ::= DirectoryString
-
-id-at-generationQualifier AttributeType ::= { id-at 44 }
-X520generationQualifier ::= DirectoryString
-
-id-at-surname AttributeType ::= { id-at 4 }
-X520surName ::= DirectoryString
-
-id-at-givenName AttributeType ::= { id-at 42 }
-X520givenName ::= DirectoryString
-
-id-at-name AttributeType ::= { id-at 41 }
-X520name ::= DirectoryString
-
-id-at-commonName AttributeType ::= {id-at 3}
-X520CommonName ::= DirectoryString
-
-id-at-localityName AttributeType ::= {id-at 7}
-X520LocalityName ::= DirectoryString
-
-id-at-stateOrProvinceName AttributeType ::= {id-at 8}
-X520StateOrProvinceName ::= DirectoryString
-
-id-at-organizationName AttributeType ::= {id-at 10}
-X520OrganizationName ::= DirectoryString
-
-id-at-organizationalUnitName AttributeType ::= {id-at 11}
-X520OrganizationalUnitName ::= DirectoryString
-
-id-at-title AttributeType ::= {id-at 12}
-X520Title ::= DirectoryString
-
-id-at-description AttributeType ::= {id-at 13}
-X520Description ::= DirectoryString
-
-id-at-dnQualifier AttributeType ::= {id-at 46}
-X520dnQualifier ::= PrintableString
-
-id-at-countryName AttributeType ::= {id-at 6}
-X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes
-
-id-at-serialNumber AttributeType ::= {id-at 5}
-X520serialNumber ::= PrintableString
-
-id-at-telephoneNumber AttributeType ::= {id-at 20}
-X520telephoneNumber ::= PrintableString
-
-id-at-facsimileTelephoneNumber AttributeType ::= {id-at 23}
-X520facsimileTelephoneNumber ::= PrintableString
-
-id-at-pseudonym AttributeType ::= {id-at 65}
-X520pseudonym ::= DirectoryString
-
-id-at-name AttributeType ::= {id-at 41}
-X520name ::= DirectoryString
-
-id-at-streetAddress AttributeType ::= {id-at 9}
-X520streetAddress ::= DirectoryString
-
-id-at-postalAddress AttributeType ::= {id-at 16}
-X520postalAddress ::= PostalAddress
-
PostalAddress ::= SEQUENCE OF DirectoryString
-id-at-postalCode AttributeType ::= {id-at 17}
-X520postalCode ::= DirectoryString
-
-- Legacy attributes
emailAddress AttributeType ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 9 1 }
@@ -479,13 +413,8 @@ pkcs-9-challengePassword ::= CHOICE {
printableString PrintableString,
utf8String UTF8String }
-pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 9 21}
-
pkcs-9-localKeyId ::= OCTET STRING
-pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) 9 20}
-pkcs-9-friendlyName ::= BMPString (SIZE (1..255))
-
-- PKCS #8 stuff
-- Private-key information syntax
@@ -624,33 +553,6 @@ pkcs-7-EncryptedContent ::= OCTET STRING
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
--- LDAP stuff
-
-id-at-ldap-DC AttributeType ::= { 0 9 2342 19200300 100 1 25 }
-ldap-DC ::= IA5String
-
-id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 }
-ldap-UID ::= DirectoryString
-
--- rfc3039
-
-id-pda-dateOfBirth AttributeType ::= { id-pkix 9 1 }
-DateOfBirth ::= GeneralizedTime
-
-id-pda-placeOfBirth AttributeType ::= { id-pkix 9 2 }
-PlaceOfBirth ::= DirectoryString
-
-id-pda-gender AttributeType ::= { id-pkix 9 3 }
-Gender ::= PrintableString (SIZE(1))
-
-id-pda-countryOfCitizenship AttributeType ::= { id-pkix 9 4 }
-CountryOfCitizenship ::= PrintableString (SIZE (2))
- -- ISO 3166 Country Code
-
-id-pda-countryOfResidence AttributeType ::= { id-pkix 9 5 }
-CountryOfResidence ::= PrintableString (SIZE (2))
- -- ISO 3166 Country Code
-
-- rfc3820
ProxyCertInfo ::= SEQUENCE {
@@ -661,10 +563,4 @@ ProxyPolicy ::= SEQUENCE {
policyLanguage OBJECT IDENTIFIER,
policy OCTET STRING OPTIONAL }
--- rfc3920 section 5.1.1
-
-id-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix 8 5 }
-
-XmppAddr ::= UTF8String
-
END
diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c
index e1296d0..d5d5cc4 100644
--- a/lib/pkix_asn1_tab.c
+++ b/lib/pkix_asn1_tab.c
@@ -123,97 +123,8 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "joint-iso-ccitt", 1073741825, "2"},
{ "ds", 1073741825, "5"},
{ NULL, 1, "4"},
- { "id-at-initials", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "43"},
- { "X520initials", 1073741826, "DirectoryString"},
- { "id-at-generationQualifier", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "44"},
- { "X520generationQualifier", 1073741826, "DirectoryString"},
- { "id-at-surname", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "4"},
- { "X520surName", 1073741826, "DirectoryString"},
- { "id-at-givenName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "42"},
- { "X520givenName", 1073741826, "DirectoryString"},
- { "id-at-name", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "41"},
- { "X520name", 1073741826, "DirectoryString"},
- { "id-at-commonName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "3"},
- { "X520CommonName", 1073741826, "DirectoryString"},
- { "id-at-localityName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "7"},
- { "X520LocalityName", 1073741826, "DirectoryString"},
- { "id-at-stateOrProvinceName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "8"},
- { "X520StateOrProvinceName", 1073741826, "DirectoryString"},
- { "id-at-organizationName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "10"},
- { "X520OrganizationName", 1073741826, "DirectoryString"},
- { "id-at-organizationalUnitName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "11"},
- { "X520OrganizationalUnitName", 1073741826, "DirectoryString"},
- { "id-at-title", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "12"},
- { "X520Title", 1073741826, "DirectoryString"},
- { "id-at-description", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "13"},
- { "X520Description", 1073741826, "DirectoryString"},
- { "id-at-dnQualifier", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "46"},
- { "X520dnQualifier", 1073741826, "PrintableString"},
- { "id-at-countryName", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "6"},
- { "X520countryName", 1612709890, "PrintableString"},
- { NULL, 1048586, "2"},
- { "id-at-serialNumber", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "5"},
- { "X520serialNumber", 1073741826, "PrintableString"},
- { "id-at-telephoneNumber", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "20"},
- { "X520telephoneNumber", 1073741826, "PrintableString"},
- { "id-at-facsimileTelephoneNumber", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "23"},
- { "X520facsimileTelephoneNumber", 1073741826, "PrintableString"},
- { "id-at-pseudonym", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "65"},
- { "X520pseudonym", 1073741826, "DirectoryString"},
- { "id-at-name", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "41"},
- { "X520name", 1073741826, "DirectoryString"},
- { "id-at-streetAddress", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "9"},
- { "X520streetAddress", 1073741826, "DirectoryString"},
- { "id-at-postalAddress", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "16"},
- { "X520postalAddress", 1073741826, "PostalAddress"},
{ "PostalAddress", 1610612747, NULL },
{ NULL, 2, "DirectoryString"},
- { "id-at-postalCode", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-at"},
- { NULL, 1, "17"},
- { "X520postalCode", 1073741826, "DirectoryString"},
{ "emailAddress", 1880096780, "AttributeType"},
{ "iso", 1073741825, "1"},
{ "member-body", 1073741825, "2"},
@@ -392,25 +303,7 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "pkcs-9-challengePassword", 1610612754, NULL },
{ "printableString", 1073741826, "PrintableString"},
{ "utf8String", 2, "UTF8String"},
- { "pkcs-9-at-localKeyId", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "21"},
{ "pkcs-9-localKeyId", 1073741831, NULL },
- { "pkcs-9-at-friendlyName", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "20"},
- { "pkcs-9-friendlyName", 1612709890, "BMPString"},
- { "255", 524298, "1"},
{ "pkcs-8-PrivateKeyInfo", 1610612741, NULL },
{ "version", 1073741826, "pkcs-8-Version"},
{ "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
@@ -504,63 +397,12 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
{ "pkcs-7-UnprotectedAttributes", 1612709903, NULL },
{ "MAX", 1074266122, "1"},
{ NULL, 2, "Attribute"},
- { "id-at-ldap-DC", 1880096780, "AttributeType"},
- { NULL, 1073741825, "0"},
- { NULL, 1073741825, "9"},
- { NULL, 1073741825, "2342"},
- { NULL, 1073741825, "19200300"},
- { NULL, 1073741825, "100"},
- { NULL, 1073741825, "1"},
- { NULL, 1, "25"},
- { "ldap-DC", 1073741826, "IA5String"},
- { "id-at-ldap-UID", 1880096780, "AttributeType"},
- { NULL, 1073741825, "0"},
- { NULL, 1073741825, "9"},
- { NULL, 1073741825, "2342"},
- { NULL, 1073741825, "19200300"},
- { NULL, 1073741825, "100"},
- { NULL, 1073741825, "1"},
- { NULL, 1, "1"},
- { "ldap-UID", 1073741826, "DirectoryString"},
- { "id-pda-dateOfBirth", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-pkix"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "1"},
- { "DateOfBirth", 1082130449, NULL },
- { "id-pda-placeOfBirth", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-pkix"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "2"},
- { "PlaceOfBirth", 1073741826, "DirectoryString"},
- { "id-pda-gender", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-pkix"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "3"},
- { "Gender", 1612709890, "PrintableString"},
- { NULL, 1048586, "1"},
- { "id-pda-countryOfCitizenship", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-pkix"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "4"},
- { "CountryOfCitizenship", 1612709890, "PrintableString"},
- { NULL, 1048586, "2"},
- { "id-pda-countryOfResidence", 1880096780, "AttributeType"},
- { NULL, 1073741825, "id-pkix"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "5"},
- { "CountryOfResidence", 1612709890, "PrintableString"},
- { NULL, 1048586, "2"},
{ "ProxyCertInfo", 1610612741, NULL },
{ "pCPathLenConstraint", 1611153411, NULL },
{ "0", 10, "MAX"},
{ "proxyPolicy", 2, "ProxyPolicy"},
- { "ProxyPolicy", 1610612741, NULL },
+ { "ProxyPolicy", 536870917, NULL },
{ "policyLanguage", 1073741836, NULL },
{ "policy", 16391, NULL },
- { "id-on-xmppAddr", 1879048204, NULL },
- { NULL, 1073741825, "id-pkix"},
- { NULL, 1073741825, "8"},
- { NULL, 1, "5"},
- { "XmppAddr", 2, "UTF8String"},
{ NULL, 0, NULL }
};
diff --git a/lib/random.c b/lib/random.c
index 8721459..9acbe1f 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -57,8 +57,20 @@ _gnutls_rnd_deinit (void)
return;
}
-int
-_gnutls_rnd (int level, void *data, size_t len)
+/**
+ * gnutls_rnd:
+ * @level: a security level
+ * @data: place to store random bytes
+ * @len: The requested size
+ *
+ * This function will generate random data and store it
+ * to output buffer.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ **/
+
+int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
{
if (len > 0)
{
diff --git a/lib/random.h b/lib/random.h
index 7a3a361..8859f8a 100644
--- a/lib/random.h
+++ b/lib/random.h
@@ -30,7 +30,8 @@
extern int crypto_rnd_prio;
extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
-int _gnutls_rnd (int level, void *data, size_t len);
+int _gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+#define _gnutls_rnd gnutls_rnd
void _gnutls_rnd_deinit (void);
int _gnutls_rnd_init (void);
diff --git a/lib/x509/common.c b/lib/x509/common.c
index b3bea0e..e0b137e 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -42,6 +42,7 @@ struct oid2string
const char *ldap_desc;
int choice; /* of type DirectoryString */
int printable;
+ const char* asn_desc; /* description in the pkix file */
};
/* This list contains all the OIDs that may be
@@ -50,43 +51,56 @@ struct oid2string
static const struct oid2string _oid2str[] = {
/* PKIX
*/
- {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1},
- {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1},
- {"1.3.6.1.5.5.7.9.3", "gender", 0, 1},
- {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1},
- {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1},
-
- {"2.5.4.6", "C", 0, 1},
- {"2.5.4.9", "STREET", 1, 1},
- {"2.5.4.12", "T", 1, 1},
- {"2.5.4.10", "O", 1, 1},
- {"2.5.4.11", "OU", 1, 1},
- {"2.5.4.3", "CN", 1, 1},
- {"2.5.4.7", "L", 1, 1},
- {"2.5.4.8", "ST", 1, 1},
-
- {"2.5.4.5", "serialNumber", 0, 1},
- {"2.5.4.20", "telephoneNumber", 0, 1},
- {"2.5.4.4", "surName", 1, 1},
- {"2.5.4.43", "initials", 1, 1},
- {"2.5.4.44", "generationQualifier", 1, 1},
- {"2.5.4.42", "givenName", 1, 1},
- {"2.5.4.65", "pseudonym", 1, 1},
- {"2.5.4.46", "dnQualifier", 0, 1},
- {"2.5.4.17", "postalCode", 1, 1},
- {"2.5.4.41", "Name", 1, 1},
-
- {"0.9.2342.19200300.100.1.25", "DC", 0, 1},
- {"0.9.2342.19200300.100.1.1", "UID", 1, 1},
+ {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1, "PKIX1.GeneralizedTime"},
+ {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1, "PKIX1.DirectoryString"},
+ {"1.3.6.1.5.5.7.9.3", "gender", 0, 1, "PKIX1.PrintableString"},
+ {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1, "PKIX1.PrintableString"},
+ {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1, "PKIX1.PrintableString"},
+
+ {"2.5.4.6", "C", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.9", "STREET", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.12", "T", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.10", "O", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.11", "OU", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.3", "CN", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.7", "L", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.8", "ST", 1, 1, "PKIX1.DirectoryString"},
+
+ {"2.5.4.5", "serialNumber", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.20", "telephoneNumber", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.4", "surName", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.43", "initials", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.44", "generationQualifier", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.42", "givenName", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.65", "pseudonym", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.46", "dnQualifier", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.17", "postalCode", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.41", "Name", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.15", "businessCategory", 1, 1, "PKIX1.DirectoryString"},
+
+ {"0.9.2342.19200300.100.1.25", "DC", 0, 1, "PKIX1.IA5String"},
+ {"0.9.2342.19200300.100.1.1", "UID", 1, 1, "PKIX1.DirectoryString"},
+
+ /* Extended validation
+ */
+ {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName", 1,
1, "PKIX1.DirectoryString"},
+ {"1.3.6.1.4.1.311.60.2.1.2",
"jurisdictionOfIncorporationStateOrProvinceName", 1, 1,
"PKIX1.DirectoryString"},
+ {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName", 0, 1,
"PKIX1.PrintableString"},
/* PKCS #9
*/
- {"1.2.840.113549.1.9.1", "EMAIL", 0, 1},
- {"1.2.840.113549.1.9.7", NULL, 1, 1},
+ {"1.2.840.113549.1.9.1", "EMAIL", 0, 1, "PKIX1.IA5String"},
+ {"1.2.840.113549.1.9.7", NULL, 1, 1, "PKIX1.pkcs-9-challengePassword"},
/* friendly name */
- {"1.2.840.113549.1.9.20", NULL, 0, 1},
- {NULL, NULL, 0, 0}
+ {"1.2.840.113549.1.9.20", NULL, 0, 1, "PKIX1.BMPString"},
+ /* local key id */
+ {"1.2.840.113549.1.9.21", NULL, 0, 1, "PKIX1.pkcs-9-localKeyId"},
+
+ /* rfc3920 section 5.1.1 */
+ {"1.3.6.1.5.5.7.8.5", "XmppAddr", 0, 1, "PKIX1.UTF8String"},
+
+ {NULL, NULL, 0, 0, ""}
};
/* Returns 1 if the data defined by the OID are printable.
@@ -172,6 +186,23 @@ _gnutls_x509_oid2ldap_string (const char *oid)
return NULL;
}
+const char *
+_gnutls_x509_oid2asn_string (const char *oid)
+{
+ int i = 0;
+
+ do
+ {
+ if (strcmp (_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].asn_desc;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return NULL;
+}
+
+
/* This function will convert an attribute value, specified by the OID,
* to a string. The result will be a null terminated string.
*
@@ -200,7 +231,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value,
return GNUTLS_E_INTERNAL_ERROR;
}
- ANAME = asn1_find_structure_from_oid (_gnutls_get_pkix (), oid);
+ ANAME = _gnutls_x509_oid2asn_string(oid);
CHOICE = _gnutls_x509_oid_data_choice (oid);
if (ANAME == NULL)
@@ -209,11 +240,8 @@ _gnutls_x509_oid_data2string (const char *oid, void *value,
return GNUTLS_E_INTERNAL_ERROR;
}
- _gnutls_str_cpy (str, sizeof (str), "PKIX1.");
- _gnutls_str_cat (str, sizeof (str), ANAME);
-
if ((result =
- asn1_create_element (_gnutls_get_pkix (), str,
+ asn1_create_element (_gnutls_get_pkix (), ANAME,
&tmpasn)) != ASN1_SUCCESS)
{
gnutls_assert ();
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 6dd62ec..6ec2aeb 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -74,6 +74,8 @@ int _gnutls_x509_oid_data2string (const char *OID, void
*value,
int _gnutls_x509_data2hex (const opaque * data, size_t data_size,
opaque * out, size_t * sizeof_out);
+const char * _gnutls_x509_oid2asn_string (const char *oid);
+
const char *_gnutls_x509_oid2ldap_string (const char *OID);
int _gnutls_x509_oid_data_choice (const char *OID);
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index c97d481..d9e1592 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -655,7 +655,7 @@ _gnutls_x509_encode_and_write_attribute (const char
*given_oid,
/* Find how to encode the data.
*/
- val_name = asn1_find_structure_from_oid (_gnutls_get_pkix (), given_oid);
+ val_name = _gnutls_x509_oid2asn_string(given_oid);
if (val_name == NULL)
{
gnutls_assert ();
@@ -663,10 +663,7 @@ _gnutls_x509_encode_and_write_attribute (const char
*given_oid,
return GNUTLS_E_X509_UNSUPPORTED_OID;
}
- _gnutls_str_cpy (tmp, sizeof (tmp), "PKIX1.");
- _gnutls_str_cat (tmp, sizeof (tmp), val_name);
-
- result = asn1_create_element (_gnutls_get_pkix (), tmp, &c2);
+ result = asn1_create_element (_gnutls_get_pkix (), val_name, &c2);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
diff --git a/src/crypt.c b/src/crypt.c
index 0f5c5f7..1553b43 100644
--- a/src/crypt.c
+++ b/src/crypt.c
@@ -477,7 +477,7 @@ _srp_crypt (const char *username, const char *passwd, int
salt_size,
/* generate the salt
*/
- if (_gnutls_rnd (GNUTLS_RND_NONCE, salt, salt_size) < 0)
+ if (gnutls_rnd (GNUTLS_RND_NONCE, salt, salt_size) < 0)
{
fprintf (stderr, "Could not create nonce\n");
return NULL;
diff --git a/src/psk.c b/src/psk.c
index b963eb4..7e82979 100644
--- a/src/psk.c
+++ b/src/psk.c
@@ -152,7 +152,7 @@ main (int argc, char **argv)
printf ("Generating a random key for user '%s'\n", info.username);
- ret = _gnutls_rnd (GNUTLS_RND_RANDOM, (char *) key, info.key_size);
+ ret = gnutls_rnd (GNUTLS_RND_RANDOM, (char *) key, info.key_size);
if (ret < 0)
{
fprintf (stderr, "Not enough randomness\n");
diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c
index dc6b579..dd2be8a 100644
--- a/tests/crq_key_id.c
+++ b/tests/crq_key_id.c
@@ -59,8 +59,6 @@ doit (void)
if (ret < 0)
fail ("gnutls_global_init: %d\n", ret);
- gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
-
gnutls_global_set_log_function (tls_log_func);
if (debug)
gnutls_global_set_log_level (4711);
diff --git a/tests/cve-2009-1416.c b/tests/cve-2009-1416.c
index a89db59..1e91116 100644
--- a/tests/cve-2009-1416.c
+++ b/tests/cve-2009-1416.c
@@ -53,7 +53,6 @@ main (void)
int ret;
gnutls_global_init ();
- gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
diff --git a/tests/dn2.c b/tests/dn2.c
index 1872794..42627d3 100644
--- a/tests/dn2.c
+++ b/tests/dn2.c
@@ -64,7 +64,7 @@ static char pem[] =
"/do1TDFI0vSl5+M=\n" "-----END CERTIFICATE-----\n";
static const char *info =
- "subject
`1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.1=#14084d75656e6368656e,2.5.4.15=#131256312e302c20436c6175736520352e286229,serialNumber=HRB
144261,C=DE,postalCode=80807,ST=Bavaria,L=Muenchen,STREET=Frankfurter Ring
129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign
Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign
Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using
RSA-SHA1, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59
UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'";
+ "subject
`jurisdictionOfIncorporationCountryName=DE,jurisdictionOfIncorporationLocalityName=Muenchen,businessCategory=V1.0\\,
Clause 5.(b),serialNumber=HRB
144261,C=DE,postalCode=80807,ST=Bavaria,L=Muenchen,STREET=Frankfurter Ring
129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign
Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign
Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using
RSA-SHA1, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59
UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'";
void
doit (void)
diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c
index d957574..0b2cdf6 100644
--- a/tests/mini-eagain.c
+++ b/tests/mini-eagain.c
@@ -29,8 +29,7 @@
#include <string.h>
#include <errno.h>
#include <gnutls/gnutls.h>
-
-#include <gcrypt.h>
+#include <gnutls/crypto.h>
#include "utils.h"
@@ -54,7 +53,7 @@ client_pull (gnutls_transport_ptr_t tr, void *data, size_t
len)
{
// success ("client_pull len %d has %d\n", len, to_client_len);
unsigned char rnd;
- gcry_create_nonce (&rnd, 1);
+ gnutls_rnd(GNUTLS_RND_NONCE, &rnd, 1);
if (handshake == 0 && rnd % 2 == 0)
{
@@ -104,7 +103,7 @@ server_pull (gnutls_transport_ptr_t tr, void *data, size_t
len)
//success ("server_pull len %d has %d\n", len, to_server_len);
unsigned char rnd;
- gcry_create_nonce (&rnd, 1);
+ gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
if (handshake == 0 && rnd % 2 == 0)
{
gnutls_transport_set_global_errno (EAGAIN);
@@ -133,7 +132,7 @@ server_push (gnutls_transport_ptr_t tr, const void *data,
size_t len)
size_t newlen = to_client_len + len;
//success ("server_push len %d has %d\n", len, to_client_len);
- gcry_create_nonce (&rnd, 1);
+ gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
if (handshake == 0 && rnd % 2 == 0)
{
gnutls_transport_set_global_errno (EAGAIN);
diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c
index 38db70d..42ff96d 100644
--- a/tests/pkcs12_encode.c
+++ b/tests/pkcs12_encode.c
@@ -65,6 +65,12 @@ static char ca_pem[] =
"PfqUpIhz5Bbm7J4=\n" "-----END CERTIFICATE-----\n";
const gnutls_datum_t ca_dat = { ca_pem, sizeof (ca_pem) };
+static void
+tls_log_func (int level, const char *str)
+{
+ fprintf (stderr, "|<%d>| %s", level, str);
+}
+
void
doit (void)
{
@@ -83,6 +89,11 @@ doit (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_global_init %d", ret);
+ gnutls_global_init ();
+ gnutls_global_set_log_function (tls_log_func);
+ if (debug)
+ gnutls_global_set_log_level (4711);
+
/* Read certs. */
ret = gnutls_x509_crt_init (&client);
if (ret < 0)
@@ -140,7 +151,7 @@ doit (void)
i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES
: GNUTLS_PKCS_USE_PKCS12_RC2_40);
if (ret < 0)
- error (EXIT_FAILURE, 0, "bag_encrypt: %d", ret);
+ error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret,
i==0?"3DES":"RC2-40");
ret = gnutls_pkcs12_set_bag (pkcs12, bag);
if (ret < 0)
diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c
index 07abe6c..165dbbd 100644
--- a/tests/pkcs12_s2k_pem.c
+++ b/tests/pkcs12_s2k_pem.c
@@ -266,7 +266,6 @@ main (void)
int ret;
gnutls_global_init ();
- gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
for (i = 0; i < sizeof (keys) / sizeof (keys[0]); i++)
{
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-156-g9bbf4c9,
Nikos Mavrogiannopoulos <=