[SCM] GNU gnutls branch, new, updated. gnutls_2_9

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-146-g91f8732

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-146-g91f8732
Date:	Sat, 29 May 2010 10:23:23 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=91f87327912d28adab2b52fb0549a134b9a2d83d

The branch, new has been updated
       via  91f87327912d28adab2b52fb0549a134b9a2d83d (commit)
       via  c5136509c44551fccba18b364d223a1db9335db5 (commit)
       via  9cba32c04f9f9ceb38c497dd8e8bd984d940597a (commit)
       via  f97116848a9d68f085f4921d5d39008064b7efa7 (commit)
      from  ca6a4d2da3bb615fa3c0b8d42509009d14869895 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 91f87327912d28adab2b52fb0549a134b9a2d83d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 29 12:22:56 2010 +0200

    Fixed nettle detection and AES.

commit c5136509c44551fccba18b364d223a1db9335db5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 29 12:22:52 2010 +0200

    documentation updates

commit 9cba32c04f9f9ceb38c497dd8e8bd984d940597a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 29 12:22:26 2010 +0200

    Generate dh-params also used --sec-param.

commit f97116848a9d68f085f4921d5d39008064b7efa7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sat May 29 11:37:29 2010 +0200

    Document that the generator is the generator of the subgroup and not the 
group.

-----------------------------------------------------------------------

Summary of changes:
 lib/gnutls_dh_primes.c |    6 ++----
 lib/m4/hooks.m4        |    2 +-
 lib/nettle/cipher.c    |    2 +-
 lib/nettle/mpi.c       |    3 ++-
 src/certtool-common.h  |    7 +++++++
 src/certtool.c         |   41 +++++++++++++++++++++++++----------------
 src/prime.c            |    8 +++-----
 7 files changed, 41 insertions(+), 28 deletions(-)

diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 5bc53bf..194de23 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -50,9 +50,6 @@ _gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes)
 }
 
 
-/* Replaces the prime in the static DH parameters, with a randomly
- * generated one.
- */
 /**
  * gnutls_dh_params_import_raw:
  * @dh_params: Is a structure that will hold the prime numbers
@@ -178,7 +175,8 @@ gnutls_dh_params_cpy (gnutls_dh_params_t dst, 
gnutls_dh_params_t src)
  * gnutls_malloc() and will be stored in the appropriate datum.
  * This function is normally slow.
  *
- * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
+ * Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits() to
+ * get bits for %GNUTLS_PK_DSA.
  * Also note that the DH parameters are only useful to servers.
  * Since clients use the parameters sent by the server, it's of
  * no use to call this in client side.
diff --git a/lib/m4/hooks.m4 b/lib/m4/hooks.m4
index ddac5f8..854cdcb 100644
--- a/lib/m4/hooks.m4
+++ b/lib/m4/hooks.m4
@@ -45,7 +45,7 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
       nettle=no)
     if test "$nettle" = "yes"; then
     AC_LIB_HAVE_LINKFLAGS([nettle],, [#include <nettle/aes.h>],
-                          [aes_set_key (0, 0, 0)])
+                          [aes_set_encrypt_key (0, 0, 0)])
     if test "$ac_cv_libnettle" != yes; then
       nettle=yes
       AC_MSG_WARN([[
diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c
index d1338f2..75a3999 100644
--- a/lib/nettle/cipher.c
+++ b/lib/nettle/cipher.c
@@ -171,7 +171,7 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, 
size_t keysize)
     case GNUTLS_CIPHER_AES_128_CBC:
     case GNUTLS_CIPHER_AES_192_CBC:
     case GNUTLS_CIPHER_AES_256_CBC:
-               aes_bidi_setkey(&ctx->ctx_ptr, keysize, key);
+               aes_bidi_setkey(ctx->ctx_ptr, keysize, key);
                break;
     case GNUTLS_CIPHER_3DES_CBC:
                /* why do we have to deal with parity address@hidden(*$# */
diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
index 2bac5b7..abf0023 100644
--- a/lib/nettle/mpi.c
+++ b/lib/nettle/mpi.c
@@ -338,6 +338,7 @@ static int wrap_nettle_prime_check(bigint_t pp)
 /* generate a prime of the form p=2qw+1
  * The algorithm is simple but probably it has to be modified to gcrypt's
  * since it is really really slow. Nature did not want 2qw+1 to be prime.
+ * The generator will be the generator of a subgroup of order q-1.
  */
 inline static int gen_group (mpz_t *prime, mpz_t* generator, unsigned int 
nbits)
 {
@@ -442,7 +443,7 @@ inline static int gen_group (mpz_t *prime, mpz_t* 
generator, unsigned int nbits)
        
        /* c = r^((p-1)/q), r == random
         * c = r^(2w)
-        * if c!=1 c is the generator for the group of the prime
+        * if c!=1 c is the generator for the subgroup of order q-1
         * 
         * (here we reuse q as r)
         */
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 79d2300..f937f95 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -61,3 +61,10 @@ gnutls_x509_privkey_t load_ca_private_key (void);
 gnutls_x509_crt_t load_ca_cert (void);
 gnutls_x509_crt_t load_cert (int mand);
 gnutls_pubkey_t load_pubkey (int mand);
+
+/* returns the bits specified in cmd */
+int get_bits(gnutls_pk_algorithm_t);
+
+/* prime.c */
+int generate_prime (int how);
+
diff --git a/src/certtool.c b/src/certtool.c
index 92c4a28..6574015 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -52,7 +52,6 @@
 #include "certtool-common.h"
 
 static void print_crl_info (gnutls_x509_crl_t crl, FILE * out);
-int generate_prime (int bits, int how);
 void pkcs7_info (void);
 void crq_info (void);
 void smime_to_pkcs7 (void);
@@ -192,12 +191,33 @@ static gnutls_sec_param_t str_to_sec_param(const char* 
str)
 
 }
 
+int get_bits(gnutls_pk_algorithm_t key_type)
+{
+int bits;
+
+  if (info.bits != 0) 
+    {
+      fprintf(stderr, "** Note: Please use the --sec-param instead of 
--bits\n");
+      bits = info.bits;
+    }
+  else
+    {
+      if (info.sec_param)
+        {
+          bits = gnutls_sec_param_to_pk_bits(key_type, 
str_to_sec_param(info.sec_param));
+        }
+      else bits = gnutls_sec_param_to_pk_bits(key_type, 
GNUTLS_SEC_PARAM_NORMAL);
+    }
+  
+  return bits;
+}
+
 
 static gnutls_x509_privkey_t
 generate_private_key_int (void)
 {
   gnutls_x509_privkey_t key;
-  int ret, key_type;
+  int ret, key_type, bits;
 
   if (info.dsa)
     {
@@ -210,18 +230,7 @@ generate_private_key_int (void)
   if (ret < 0)
     error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
 
-  if (info.bits != 0) 
-    {
-      fprintf(stderr, "** Note: Please use the --sec-param instead of 
--bits\n");
-    }
-  else
-    {
-      if (info.sec_param)
-        {
-          info.bits = gnutls_sec_param_to_pk_bits(key_type, 
str_to_sec_param(info.sec_param));
-        }
-      else info.bits = gnutls_sec_param_to_pk_bits(key_type, 
GNUTLS_SEC_PARAM_NORMAL);
-    }
+  bits = get_bits(key_type);
 
   fprintf (stderr, "Generating a %d bit %s private key...\n", info.bits,
           gnutls_pk_algorithm_get_name (key_type));
@@ -1027,10 +1036,10 @@ gaa_parser (int argc, char **argv)
       pkcs12_info ();
       break;
     case ACTION_GENERATE_DH:
-      generate_prime (info.bits, 1);
+      generate_prime (1);
       break;
     case ACTION_GET_DH:
-      generate_prime (info.bits, 0);
+      generate_prime (0);
       break;
     case ACTION_CRL_INFO:
       crl_info ();
diff --git a/src/prime.c b/src/prime.c
index 03356eb..2d2107d 100644
--- a/src/prime.c
+++ b/src/prime.c
@@ -28,6 +28,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <gnutls/gnutls.h>
+#include <certtool-common.h>
 
 /* Generates Diffie-Hellman parameters (a prime and a generator
  * of the group). Exports them in PKCS #3 format. Used by certtool.
@@ -35,22 +36,19 @@
 
 extern FILE *outfile;
 extern FILE *infile;
-extern unsigned char buffer[];
-extern const int buffer_size;
 
 static int cparams = 0;
 
-int generate_prime (int bits, int how);
-
 /* If how is zero then the included parameters are used.
  */
 int
-generate_prime (int bits, int how)
+generate_prime (int how)
 {
   unsigned int i;
   int ret;
   gnutls_dh_params_t dh_params;
   gnutls_datum_t p, g;
+  int bits = get_bits(GNUTLS_PK_DSA);
 
   gnutls_dh_params_init (&dh_params);
 


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-146-g91f8732, Nikos Mavrogiannopoulos <=
Prev by Date: [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-156-g9bbf4c9
Next by Date: [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-169-g4101120
Previous by thread: [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-156-g9bbf4c9
Next by thread: [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-169-g4101120
Index(es):
- Date
- Thread