[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-169-g4101120
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-169-g4101120 |
|
Date: |
Sun, 30 May 2010 10:55:15 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4101120e7de909141f4e331483fb6c60615f9013
The branch, new has been updated
via 4101120e7de909141f4e331483fb6c60615f9013 (commit)
via 049cb204020a9aae1bab75a9e293157ecabbea83 (commit)
via 0b951846aa5b24dd60434b98841425e7caa9d8be (commit)
via 7039e12901ab5d2952388314f35efde8f37b0454 (commit)
via b67ef83144b6ba20b08433311c266845b5756cb8 (commit)
via e29c11004890fd3edb655cc16e3d360bcf002cc7 (commit)
via d617a107e134b2c7e1eaf13695c288c0f2f95ec1 (commit)
via a9581abbde91a732b5e16179192b72b6032ca874 (commit)
via 149e80403e6716f2ee278d4a0dde1cde2c1d47d1 (commit)
via 05740b517eebc466a2795ad69ccaafabd69c53a1 (commit)
via c6a6e2580fc639e0e3b3c0c4810b3245fe9d3b09 (commit)
via aa04d5f7efe2dc75d605ca2507001bca99f9fd9e (commit)
via 09aa8d6267661e8a1b3bbaeb53a91ef9504dacb4 (commit)
from 9bbf4c92bedf22e2e77aa8d8d4bd9c81f459abea (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4101120e7de909141f4e331483fb6c60615f9013
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:54:53 2010 +0200
Test the DSA with SHA256 as well.
commit 049cb204020a9aae1bab75a9e293157ecabbea83
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:53:54 2010 +0200
Print debugging information on error.
commit 0b951846aa5b24dd60434b98841425e7caa9d8be
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:45:08 2010 +0200
Nettle library can now parse the PGP integers. Except for SHA-224/384/512
nettle seems to be fully working now.
commit 7039e12901ab5d2952388314f35efde8f37b0454
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:44:24 2010 +0200
use --sec-param to generate privkey.
commit b67ef83144b6ba20b08433311c266845b5756cb8
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:44:00 2010 +0200
reduced log level to a sane one
commit e29c11004890fd3edb655cc16e3d360bcf002cc7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:43:40 2010 +0200
Corrected for new output of --print-certificate-info
commit d617a107e134b2c7e1eaf13695c288c0f2f95ec1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:35:07 2010 +0200
Print information on failure.
commit a9581abbde91a732b5e16179192b72b6032ca874
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:31:57 2010 +0200
Print exp1 and exp2 if they are available.
commit 149e80403e6716f2ee278d4a0dde1cde2c1d47d1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 12:12:26 2010 +0200
Only print output if something fails
commit 05740b517eebc466a2795ad69ccaafabd69c53a1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 11:27:44 2010 +0200
Some pakchois fixes.
commit c6a6e2580fc639e0e3b3c0c4810b3245fe9d3b09
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 30 11:27:15 2010 +0200
Fixup to compile with nettle
commit aa04d5f7efe2dc75d605ca2507001bca99f9fd9e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 17:37:42 2010 +0200
Do not bother with MODPATH. We don't use it.
commit 09aa8d6267661e8a1b3bbaeb53a91ef9504dacb4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 29 17:29:22 2010 +0200
Added again _gnutls_dump_mpi() to assist in debugging.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
lib/debug.c | 13 +++++++
lib/debug.h | 1 +
lib/gcrypt/pk.c | 28 +++++++++++----
lib/gnutls_global.c | 4 ++-
lib/gnutls_pk.c | 3 +-
lib/gnutls_sig.c | 4 +-
lib/libgnutls.map | 1 +
lib/m4/hooks.m4 | 3 --
lib/nettle/mpi.c | 47 +++++++++++++++++++++++--
lib/nettle/pk.c | 23 +++++-------
lib/opencdk/pubkey.c | 5 ++-
lib/opencdk/sig-check.c | 8 +++-
lib/opencdk/verify.c | 1 +
lib/openpgp/gnutls_openpgp.c | 38 ++++++++++++--------
lib/openpgp/pgp.c | 3 ++
lib/openpgp/privkey.c | 56 ++++++++++++++++--------------
lib/pakchois/pakchois.c | 10 ++++-
lib/pkcs11_privkey.c | 3 --
lib/x509/mpi.c | 1 +
lib/x509/privkey.c | 49 +++++++++++++++++++------
lib/x509/x509_int.h | 5 ++-
src/certtool.c | 26 +++++++++----
tests/openpgpself.c | 2 +-
tests/pathlen/ca-no-pathlen.pem | 1 +
tests/pathlen/no-ca-or-pathlen.pem | 1 +
tests/pkcs1-padding/pkcs1-pad | 31 +++++++---------
tests/pkcs12-decode/pkcs12 | 3 +-
tests/pkcs8-decode/pkcs8 | 3 +-
tests/sha2/Makefile.am | 7 ++--
tests/sha2/sha2 | 37 +++++++++++++++-----
tests/{pathlen/pathlen => sha2/sha2-dsa} | 49 ++++++++++++++++++-------
tests/userid/userid | 12 +++++--
33 files changed, 327 insertions(+), 152 deletions(-)
copy tests/{pathlen/pathlen => sha2/sha2-dsa} (54%)
diff --git a/NEWS b/NEWS
index cb53b7d..38810ef 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,7 @@
pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;man
gnutls_certificate_set_server_retrieve_function: DEPRECATED
gnutls_certificate_set_client_retrieve_function: DEPRECATED
gnutls_sign_callback_set: DEPRECATED
+gnutls_x509_privkey_export_rsa_raw2: ADDED
gnutls_rnd: ADDED
gnutls_sec_param_to_pk_bits: ADDED
gnutls_pk_bits_to_sec_param: ADDED
diff --git a/lib/debug.c b/lib/debug.c
index 037b7fe..726a3d6 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -28,6 +28,19 @@
#include <stdio.h>
#include <stdlib.h>
#include "debug.h"
+#include <gnutls_mpi.h>
+
+void _gnutls_dump_mpi(const char* prefix, bigint_t a)
+{
+ char buf[400];
+ char buf_hex[2*sizeof(buf)];
+ size_t n = sizeof buf;
+
+ if (_gnutls_mpi_print(a, buf, &n))
+ strcpy(buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_debug_log( "MPI: length: %d\n\t%s%s\n", (int)n, prefix,
_gnutls_bin2hex(buf, n, buf_hex, sizeof(buf_hex), NULL));
+}
+
const char *
_gnutls_packet2str (content_type_t packet)
diff --git a/lib/debug.h b/lib/debug.h
index 341f87c..b027921 100644
--- a/lib/debug.h
+++ b/lib/debug.h
@@ -25,3 +25,4 @@
const char *_gnutls_packet2str (content_type_t packet);
const char *_gnutls_handshake2str (gnutls_handshake_description_t handshake);
+void _gnutls_dump_mpi(const char* prefix, bigint_t a);
diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c
index fcc5e2a..7fdb547 100644
--- a/lib/gcrypt/pk.c
+++ b/lib/gcrypt/pk.c
@@ -807,10 +807,9 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
if (algo != GNUTLS_PK_RSA)
return 0;
- if (params->params[5])
- _gnutls_mpi_release (¶ms->params[5]);
- params->params[5] =
- _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0]));
+ if (params->params[5]==NULL)
+ params->params[5] =
+ _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0]));
if (params->params[5] == NULL)
{
@@ -818,10 +817,25 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
return GNUTLS_E_MEMORY_ERROR;
}
+ ret = 1;
if (direction == GNUTLS_IMPORT)
- ret =
- gcry_mpi_invm (params->params[5], params->params[3], params->params[4]);
- else
+ {
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release(&pk_params.params[6]);
+ _gnutls_mpi_release(&pk_params.params[7]);
+ result = _gnutls_calc_rsa_exp(pk_params.params, RSA_PRIVATE_PARAMS);
+ if (result < 0)
+ {
+ gnutls_assert();
+ return result;
+ }
+
+ ret =
+ gcry_mpi_invm (params->params[5], params->params[3],
params->params[4]);
+
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
+ else if (direction == GNUTLS_EXPORT)
ret =
gcry_mpi_invm (params->params[5], params->params[4], params->params[3]);
if (ret == 0)
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 539debf..b1d406d 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -30,6 +30,9 @@
#include <random.h>
#ifndef HAVE_LIBNETTLE
#include <gcrypt.h>
+
+#define GNUTLS_MIN_LIBGCRYPT_VERSION "1.2.4"
+
#endif
#include <gnutls/pkcs11.h>
@@ -40,7 +43,6 @@
#include "gettext.h"
/* Minimum library versions we accept. */
-#define GNUTLS_MIN_LIBGCRYPT_VERSION "1.2.4"
#define GNUTLS_MIN_LIBTASN1_VERSION "0.3.4"
/* created by asn1c */
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 38d5058..cf7f59f 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -612,10 +612,9 @@ gnutls_pk_params_release (gnutls_pk_params_st * p)
int _gnutls_calc_rsa_exp(bigint_t* params, unsigned int params_size)
{
-int ret;
bigint_t tmp = _gnutls_mpi_alloc_like(params[0]);
- if (params_size < RSA_PRIVATE_PARAMS)
+ if (params_size < RSA_PRIVATE_PARAMS-2)
{
gnutls_assert();
return GNUTLS_E_INTERNAL_ERROR;
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index b0bc83c..4e5482d 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -203,8 +203,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session,
gnutls_cert * cert,
case GNUTLS_PK_DSA:
_gnutls_hash_deinit (&td_sha, concat);
- if (hash_algo != GNUTLS_DIG_SHA1 && hash_algo != GNUTLS_DIG_SHA224 && \
- hash_algo != hash_algo != GNUTLS_DIG_SHA256)
+ if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224)
&& \
+ (hash_algo != GNUTLS_DIG_SHA256))
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index f4c76f9..f55b18a 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -671,6 +671,7 @@ GNUTLS_2_11
gnutls_pkcs11_copy_x509_crt;
gnutls_pkcs11_copy_x509_privkey;
gnutls_pkcs11_delete_url;
+ gnutls_x509_privkey_export_rsa_raw2;
gnutls_sec_param_to_pk_bits;
gnutls_sec_param_get_name;
diff --git a/lib/m4/hooks.m4 b/lib/m4/hooks.m4
index 854cdcb..720a675 100644
--- a/lib/m4/hooks.m4
+++ b/lib/m4/hooks.m4
@@ -119,9 +119,6 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
AC_CHECK_LIB(dl, dlopen,,
[AC_MSG_ERROR([could not find dlopen])])
- module_path="${libdir}:${libdir}/pkcs11"
-
- CPPFLAGS="$CPPFLAGS -DPAKCHOIS_MODPATH=\\\"${module_path}\\\""
fi
AC_ARG_WITH(lzo,
diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c
index abf0023..82191ff 100644
--- a/lib/nettle/mpi.c
+++ b/lib/nettle/mpi.c
@@ -34,6 +34,8 @@
#include <nettle/bignum.h>
#include <random.h>
+#define TOMPZ(x) (*((mpz_t*)(x)))
+
static int
wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t * nbytes,
gnutls_bigint_format_t format)
@@ -43,8 +45,13 @@ wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t
* nbytes,
if (format == GNUTLS_MPI_FORMAT_USG) {
size = nettle_mpz_sizeinbase_256_u(*p);
- } else {
+ } else if (format == GNUTLS_MPI_FORMAT_STD) {
size = nettle_mpz_sizeinbase_256_s(*p);
+ } else if (format == GNUTLS_MPI_FORMAT_PGP) {
+ size = nettle_mpz_sizeinbase_256_u(*p) + 2;
+ } else {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
}
if (buffer==NULL || size > *nbytes) {
@@ -52,7 +59,15 @@ wrap_nettle_mpi_print(const bigint_t a, void *buffer, size_t
* nbytes,
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- nettle_mpz_get_str_256(size, buffer, *p);
+ if (format == GNUTLS_MPI_FORMAT_PGP) {
+ opaque *buf = buffer;
+ unsigned int nbits = _gnutls_mpi_get_nbits(a);
+ buf[0] = (nbits >> 8) & 0xff;
+ buf[1] = (nbits) & 0xff;
+ nettle_mpz_get_str_256(size-2, buf+2, *p);
+ } else {
+ nettle_mpz_get_str_256(size, buffer, *p);
+ }
*nbytes=size;
return 0;
@@ -84,12 +99,36 @@ wrap_nettle_mpi_scan(const void *buffer, size_t nbytes,
}
if (format == GNUTLS_MPI_FORMAT_USG) {
- nettle_mpz_set_str_256_u(*((mpz_t*)r), nbytes, buffer);
+ nettle_mpz_set_str_256_u(TOMPZ(r), nbytes, buffer);
+ } else if (format == GNUTLS_MPI_FORMAT_STD) {
+ nettle_mpz_set_str_256_s(TOMPZ(r), nbytes, buffer);
+ } else if (format == GNUTLS_MPI_FORMAT_PGP) {
+ const opaque *buf = buffer;
+ size_t size;
+
+ if (nbytes < 3) {
+ gnutls_assert();
+ goto fail;
+ }
+
+ size = (buf[0] << 8) | buf[1];
+ size = (size+7) / 8;
+
+ if (size > nbytes-2) {
+ gnutls_assert();
+ goto fail;
+ }
+ nettle_mpz_set_str_256_u(TOMPZ(r), size, buf+2);
} else {
- nettle_mpz_set_str_256_s(*((mpz_t*)r), nbytes, buffer);
+ gnutls_assert();
+ goto fail;
}
return r;
+fail:
+ _gnutls_mpi_release(&r);
+ return NULL;
+
}
static int wrap_nettle_mpi_cmp(const bigint_t u, const bigint_t v)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 44b6569..1c4f1ed 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -509,6 +509,7 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
gnutls_direction_t direction,
gnutls_pk_params_st * params)
{
+int result;
if (direction == GNUTLS_IMPORT) {
/* do not trust the generated values. Some old private keys
@@ -516,22 +517,18 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
* old but it seemed some of the shipped example private
* keys were as old.
*/
- mpz_t q_1;
-
mpz_invert(TOMPZ(params->params[5]), TOMPZ(params->params[4]),
TOMPZ(params->params[3]));
- mpz_init(q_1);
-
- /* a = d % p-1 */
- mpz_sub_ui(q_1, TOMPZ(params->params[3])/*p*/, 1);
- mpz_fdiv_r(TOMPZ(params->params[6]),
TOMPZ(params->params[2])/*d*/, q_1);
-
- /* b = d % q-1 */
- mpz_sub_ui(q_1, TOMPZ(params->params[4])/*p*/, 1);
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release(¶ms->params[6]);
+ _gnutls_mpi_release(¶ms->params[7]);
- mpz_fdiv_r(TOMPZ(params->params[7]),
TOMPZ(params->params[2])/*d*/, q_1);
-
- mpz_clear(q_1);
+ result = _gnutls_calc_rsa_exp(params->params, RSA_PRIVATE_PARAMS-2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
+ }
+ params->params_nr = RSA_PRIVATE_PARAMS;
}
return 0;
diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c
index 12d9408..99779e4 100644
--- a/lib/opencdk/pubkey.c
+++ b/lib/opencdk/pubkey.c
@@ -437,7 +437,10 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
dlen = _gnutls_hash_get_algo_len (md_algo);
err = _gnutls_hash_init (&hd, md_algo);
if (err < 0)
- return map_gnutls_error (err);
+ {
+ gnutls_assert();
+ return map_gnutls_error (err);
+ }
_cdk_hash_pubkey (pk, &hd, 1);
_gnutls_hash_deinit (&hd, fpr);
if (dlen == 16)
diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c
index 5c7a0d5..dd250f6 100644
--- a/lib/opencdk/sig-check.c
+++ b/lib/opencdk/sig-check.c
@@ -33,7 +33,6 @@
#include "main.h"
#include "packet.h"
-
/* Hash all multi precision integers of the key PK with the given
message digest context MD. */
static int
@@ -52,8 +51,13 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
{
nbytes = MAX_MPI_BYTES;
err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes);
+
if (err < 0)
- return map_gnutls_error (err);
+ {
+ gnutls_assert();
+ return map_gnutls_error (err);
+ }
+
if (!usefpr || pk->version == 4)
_gnutls_hash (md, buf, nbytes);
else /* without the prefix. */
diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c
index ab1638d..7826114 100644
--- a/lib/opencdk/verify.c
+++ b/lib/opencdk/verify.c
@@ -245,6 +245,7 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file,
const char *output)
err = _gnutls_hash_init (&md, digest_algo);
if (err < 0)
{
+ gnutls_assert();
rc = map_gnutls_error (err);
goto leave;
}
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index c092257..a68c614 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -365,6 +365,7 @@ gnutls_certificate_set_openpgp_key_mem2
(gnutls_certificate_credentials_t res,
gnutls_openpgp_privkey_t pkey;
gnutls_openpgp_crt_t crt;
int ret;
+ gnutls_openpgp_keyid_t keyid;
ret = gnutls_openpgp_privkey_init (&pkey);
if (ret < 0)
@@ -400,27 +401,28 @@ gnutls_certificate_set_openpgp_key_mem2
(gnutls_certificate_credentials_t res,
if (subkey_id != NULL)
{
- gnutls_openpgp_keyid_t keyid;
-
if (strcasecmp (subkey_id, "auto") == 0)
- ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
+ ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
else
- ret = get_keyid (keyid, subkey_id);
+ ret = get_keyid (keyid, subkey_id);
+
+ if (ret < 0)
+ gnutls_assert();
if (ret >= 0)
- {
- ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
- if (ret >= 0)
- ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
- }
+ {
+ ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
+ if (ret >= 0)
+ ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
+ }
if (ret < 0)
- {
- gnutls_assert ();
- gnutls_openpgp_privkey_deinit (pkey);
- gnutls_openpgp_crt_deinit (crt);
- return ret;
- }
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ gnutls_openpgp_crt_deinit (crt);
+ return ret;
+ }
}
ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
@@ -868,13 +870,18 @@ gnutls_openpgp_privkey_sign_hash
(gnutls_openpgp_privkey_t key,
if (result == 0)
{
uint32_t kid[2];
+ int idx;
KEYID_IMPORT (kid, keyid);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx(key, keyid);
+ pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx,
NULL);
result = _gnutls_openpgp_privkey_get_mpis (key, kid,
params, ¶ms_size);
}
else
{
+ pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
params, ¶ms_size);
}
@@ -885,7 +892,6 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t
key,
return result;
}
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
result = _gnutls_soft_sign (pk_algorithm, params, params_size, hash,
signature);
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 3483243..2dede0e 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -773,6 +773,8 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode,
uint32_t keyid[2],
int i = 0;
uint32_t local_keyid[2];
+ _gnutls_hard_log("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
+
ctx = NULL;
while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
{
@@ -786,6 +788,7 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode,
uint32_t keyid[2],
else
cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
+ _gnutls_hard_log("Found keyid: %x.%x\n", local_keyid[0],
local_keyid[1]);
if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
{
return i;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 4bec39b..65c0aea 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -688,8 +688,11 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t
pkey,
bigint_t * params, int *params_size)
{
int result, i;
- int pk_algorithm, local_params;
+ int pk_algorithm;
+ gnutls_pk_params_st pk_params;
cdk_packet_t pkt;
+
+ memset(&pk_params, 0, sizeof(pk_params));
if (keyid == NULL)
pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY);
@@ -708,27 +711,21 @@ _gnutls_openpgp_privkey_get_mpis
(gnutls_openpgp_privkey_t pkey,
switch (pk_algorithm)
{
case GNUTLS_PK_RSA:
- local_params = RSA_PRIVATE_PARAMS-2;
+ /* openpgp does not hold all parameters as in PKCS #1
+ */
+ pk_params.params_nr = RSA_PRIVATE_PARAMS-2;
break;
case GNUTLS_PK_DSA:
- local_params = DSA_PRIVATE_PARAMS;
+ pk_params.params_nr = DSA_PRIVATE_PARAMS;
break;
default:
gnutls_assert ();
return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
- if (*params_size < local_params)
+ for (i = 0; i < pk_params.params_nr; i++)
{
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- *params_size = local_params;
-
- for (i = 0; i < local_params; i++)
- {
- result = _gnutls_read_pgp_mpi (pkt, 1, i, ¶ms[i]);
+ result = _gnutls_read_pgp_mpi (pkt, 1, i, &pk_params.params[i]);
if (result < 0)
{
gnutls_assert ();
@@ -736,18 +733,25 @@ _gnutls_openpgp_privkey_get_mpis
(gnutls_openpgp_privkey_t pkey,
}
}
- if (pk_algorithm==GNUTLS_PK_RSA)
- {
- /* on RSA we need to calculate exp1 and exp2 */
- result = _gnutls_calc_rsa_exp(params, RSA_PRIVATE_PARAMS);
- if (result < 0)
- {
- gnutls_assert();
- i = *params_size;
- goto error;
- }
- *params_size = RSA_PRIVATE_PARAMS;
- }
+ /* fixup will generate exp1 and exp2 that are not
+ * available here.
+ */
+ result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, &pk_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if (*params_size < pk_params.params_nr)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ *params_size = pk_params.params_nr;
+ for(i=0;i<pk_params.params_nr;i++)
+ params[i] = pk_params.params[i];
return 0;
@@ -755,7 +759,7 @@ error:
{
int j;
for (j = 0; j < i; j++)
- _gnutls_mpi_release (¶ms[j]);
+ _gnutls_mpi_release (&pk_params.params[j]);
}
return result;
diff --git a/lib/pakchois/pakchois.c b/lib/pakchois/pakchois.c
index 946f714..17a45d7 100644
--- a/lib/pakchois/pakchois.c
+++ b/lib/pakchois/pakchois.c
@@ -85,7 +85,7 @@ struct slot {
#define DIR_DELIMITER '/'
-char* pkcs11ize(const char* name)
+static char* pkcs11ize(const char* name)
{
int len;
char* oname;
@@ -150,7 +150,13 @@ static const char *suffix_prefixes[][2] = {
static void *find_pkcs11_module(const char *name, CK_C_GetFunctionList *gfl)
{
- char module_path[] = PAKCHOIS_MODPATH;
+
+ char module_path[] =
+#ifdef PAKCHOIS_MODPATH
+ PAKCHOIS_MODPATH;
+#else
+ "";
+#endif
char *next = module_path;
void *h;
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 1c3e0d0..d657bac 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -39,9 +39,6 @@ struct gnutls_pkcs11_privkey_st {
struct pkcs11_url_info info;
};
-static int find_privkey_url(pakchois_session_t * pks,
- struct token_info *info, void *input);
-
/**
* gnutls_pkcs11_privkey_init:
* @key: The structure to be initialized
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 62f581f..0190480 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -436,6 +436,7 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char
*dst_name,
if (pk == NULL)
{
gnutls_assert ();
+ _gnutls_debug_log("Cannot find OID for sign algorithm pk: %d dig: %d\n",
(int)pk_algorithm, (int)dig);
return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 419c0be..a9b460d 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -515,6 +515,9 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
{
int i = 0, ret;
size_t siz = 0;
+ gnutls_pk_params_st pk_params;
+
+ memset(&pk_params, 0, sizeof(pk_params));
if (key == NULL)
{
@@ -522,6 +525,8 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
return GNUTLS_E_INVALID_REQUEST;
}
+ key->params_size = 0;
+
siz = m->size;
if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz))
{
@@ -529,6 +534,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
siz = e->size;
if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz))
@@ -537,6 +543,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
siz = d->size;
if (_gnutls_mpi_scan_nz (&key->params[2], d->data, siz))
@@ -545,6 +552,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
siz = p->size;
if (_gnutls_mpi_scan_nz (&key->params[3], p->data, siz))
@@ -553,6 +561,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
siz = q->size;
if (_gnutls_mpi_scan_nz (&key->params[4], q->data, siz))
@@ -561,6 +570,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
siz = u->size;
if (_gnutls_mpi_scan_nz (&key->params[5], u->data, siz))
@@ -569,6 +579,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
if (e1 && e2)
{
@@ -579,6 +590,7 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t
key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
siz = e2->size;
if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz))
@@ -587,20 +599,29 @@ gnutls_x509_privkey_import_rsa_raw2
(gnutls_x509_privkey_t key,
FREE_RSA_PRIVATE_PARAMS;
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ key->params_size++;
}
- else
+
+ for(i=0;i<key->params_size;i++)
{
- /* calculate exp1 and exp2 */
- ret = _gnutls_calc_rsa_exp(key->params, key->params_size);
- if (ret < 0)
- {
- gnutls_assert();
- FREE_RSA_PRIVATE_PARAMS;
- return ret;
- }
+ pk_params.params[i] = key->params[i];
}
-
-
+
+ pk_params.params_nr = key->params_size;
+
+ ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pk_params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
+ }
+
+ for(i=0;i<pk_params.params_nr;i++)
+ {
+ key->params[i] = pk_params.params[i];
+ }
+ key->params_size = pk_params.params_nr;
if (!key->crippled)
{
@@ -864,6 +885,8 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t
key,
int ret;
gnutls_pk_params_st pk_params;
+ memset (&pk_params, 0, sizeof (pk_params));
+
if (key == NULL)
{
gnutls_assert ();
@@ -1062,11 +1085,13 @@ gnutls_x509_privkey_export_dsa_raw
(gnutls_x509_privkey_t key,
static int
_gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params)
{
- int result, i;
+ int result;
opaque null = '\0';
gnutls_pk_params_st pk_params;
gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
+ memset (&pk_params, 0, sizeof (pk_params));
+
memset(&m, 0, sizeof(m));
memset(&p, 0, sizeof(e));
memset(&q, 0, sizeof(d));
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 00960a3..c287b55 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -103,7 +103,10 @@ typedef struct gnutls_x509_privkey_int
* [4] is prime2 (q)
* [5] is coefficient (u == inverse of p mod q)
* note that other packages used inverse of q mod p,
- * so we need to perform conversions (for libgcrypt only)
+ * so we need to perform conversions on import/export
+ * using fixup.
+ * The following two are also not always available thus fixup
+ * will generate them.
* [6] e1 == d mod (p-1)
* [7] e2 == d mod (q-1)
* DSA: [0] is p
diff --git a/src/certtool.c b/src/certtool.c
index 6574015..1957089 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -146,7 +146,8 @@ print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y,
gnutls_datum_t * p,
static void
print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
- gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u)
+ gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * exp1, gnutls_datum_t *exp2)
{
fprintf (outfile, "modulus:");
print_hex_datum (m);
@@ -162,6 +163,13 @@ print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e,
gnutls_datum_t * d,
print_hex_datum (q);
fprintf (outfile, "coefficient:");
print_hex_datum (u);
+ if (exp1 && exp2)
+ {
+ fprintf (outfile, "exp1:");
+ print_hex_datum (exp1);
+ fprintf (outfile, "exp2:");
+ print_hex_datum (exp2);
+ }
}
}
@@ -232,7 +240,7 @@ generate_private_key_int (void)
bits = get_bits(key_type);
- fprintf (stderr, "Generating a %d bit %s private key...\n", info.bits,
+ fprintf (stderr, "Generating a %d bit %s private key...\n",
get_bits(key_type),
gnutls_pk_algorithm_get_name (key_type));
if (info.quick_random == 0)
@@ -240,7 +248,7 @@ generate_private_key_int (void)
"This might take several minutes depending on availability of
randomness"
" in /dev/random.\n");
- ret = gnutls_x509_privkey_generate (key, key_type, info.bits, 0);
+ ret = gnutls_x509_privkey_generate (key, key_type, get_bits(key_type), 0);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
@@ -1293,7 +1301,7 @@ pgp_privkey_info (void)
fprintf (stderr, "Error in key RSA data export: %s\n",
gnutls_strerror (ret));
else
- print_rsa_pkey (&m, &e, &d, &p, &q, &u);
+ print_rsa_pkey (&m, &e, &d, &p, &q, &u, NULL, NULL);
}
else if (ret == GNUTLS_PK_DSA)
@@ -1605,21 +1613,23 @@ privkey_info (void)
*/
if (ret == GNUTLS_PK_RSA)
{
- gnutls_datum_t m, e, d, p, q, u;
+ gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
- ret = gnutls_x509_privkey_export_rsa_raw (key, &m, &e, &d, &p, &q, &u);
+ ret = gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u,
&exp1, &exp2);
if (ret < 0)
fprintf (stderr, "Error in key RSA data export: %s\n",
gnutls_strerror (ret));
else
{
- print_rsa_pkey (&m, &e, &d, &p, &q, &u);
+ print_rsa_pkey (&m, &e, &d, &p, &q, &u, &exp1, &exp2);
gnutls_free (m.data);
gnutls_free (e.data);
gnutls_free (d.data);
gnutls_free (p.data);
gnutls_free (q.data);
gnutls_free (u.data);
+ gnutls_free (exp1.data);
+ gnutls_free (exp2.data);
}
}
else if (ret == GNUTLS_PK_DSA)
@@ -3169,7 +3179,7 @@ void pubkey_info (void)
gnutls_strerror (ret));
else
{
- print_rsa_pkey (&m, &e, NULL, NULL, NULL, NULL);
+ print_rsa_pkey (&m, &e, NULL, NULL, NULL, NULL, NULL, NULL);
gnutls_free (m.data);
gnutls_free (e.data);
}
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index 1b39366..2e9e543 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -395,7 +395,7 @@ server (void)
gnutls_global_set_log_function (tls_log_func);
if (debug)
- gnutls_global_set_log_level (4711);
+ gnutls_global_set_log_level (2);
gnutls_certificate_allocate_credentials (&pgp_cred);
diff --git a/tests/pathlen/ca-no-pathlen.pem b/tests/pathlen/ca-no-pathlen.pem
index 2243f2f..848f5e9 100644
--- a/tests/pathlen/ca-no-pathlen.pem
+++ b/tests/pathlen/ca-no-pathlen.pem
@@ -7,6 +7,7 @@ X.509 Certificate Information:
Not After: Sat Jan 27 10:00:06 UTC 2007
Subject: O=GnuTLS test certificate
Subject Public Key Algorithm: RSA
+ Certificate Security Level: Weak
Modulus (bits 512):
a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c:11
ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1:de
diff --git a/tests/pathlen/no-ca-or-pathlen.pem
b/tests/pathlen/no-ca-or-pathlen.pem
index 4db9694..08c9306 100644
--- a/tests/pathlen/no-ca-or-pathlen.pem
+++ b/tests/pathlen/no-ca-or-pathlen.pem
@@ -7,6 +7,7 @@ X.509 Certificate Information:
Not After: Fri Aug 25 23:59:59 UTC 2000
Subject: O=VeriSign\, Inc.,OU=VeriSign Trust
Network,OU=www.verisign.com/repository/RPA Incorp. by
Ref.\,LIAB.LTD(c)98,OU=Persona Not Validated,OU=Digital ID Class 1 -
Netscape,CN=Simon Josefsson,address@hidden
Subject Public Key Algorithm: RSA
+ Certificate Security Level: Low
Modulus (bits 1024):
c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11:0b
c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7:7b
diff --git a/tests/pkcs1-padding/pkcs1-pad b/tests/pkcs1-padding/pkcs1-pad
index 63b7e68..d9bff4e 100755
--- a/tests/pkcs1-padding/pkcs1-pad
+++ b/tests/pkcs1-padding/pkcs1-pad
@@ -35,48 +35,46 @@ fi
EXPECT1=3102
-datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-ok.pem | tee out1
-datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-broken.pem | tee out2
+datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-ok.pem | tee out1 >/dev/null 2>&1
+datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-broken.pem | tee out2 >/dev/null 2>&1
out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "`
out2oks=`grep 'Verified.' out2 | wc -l | tr -d " "`
out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "`
-rm -f out1 out2
-
-echo out1 oks $out1oks fails $out1fails out2 oks $out2oks fails $out2fails
-
if test "$out1oks$out2oks$out1fails$out2fails" != "$EXPECT1"; then
+ echo out1 oks $out1oks fails $out1fails out2 oks $out2oks fails $out2fails
echo expected $EXPECT1
echo "PKCS1-PAD1 FAIL"
exit 1
fi
+rm -f out1 out2
+
echo "PKCS1-PAD1 OK"
# Test 2, Bleichenbacher's Crypto 06 rump session
EXPECT2=2002
-datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-ok2.pem | tee out1
-datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-broken2.pem | tee out2
+datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-ok2.pem | tee out1 >/dev/null 2>&1
+datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-broken2.pem | tee out2 >/dev/null 2>&1
out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "`
out2oks=`grep 'Verified.' out2 | wc -l | tr -d " "`
out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
out2fails=`grep 'Not verified.' out2 | wc -l | tr -d " "`
-rm -f out1 out2
-
-echo out1 oks $out1oks fails $out1fails out2 oks $out2oks fails $out2fails
-
if test "$out1oks$out2oks$out1fails$out2fails" != "$EXPECT2"; then
+ echo out1 oks $out1oks fails $out1fails out2 oks $out2oks fails $out2fails
echo expected $EXPECT2
echo "PKCS1-PAD2 FAIL"
exit 1
fi
+rm -f out1 out2
+
echo "PKCS1-PAD2 OK"
# Test 3, forged Starfield certificate,
@@ -85,21 +83,20 @@ echo "PKCS1-PAD2 OK"
EXPECT3=12
-datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-broken3.pem | tee out1
+datefudge "2006-09-23" $CERTTOOL --verify-chain --infile
$srcdir/pkcs1-pad-broken3.pem | tee out1 >/dev/null 2>&1
out1oks=`grep 'Verified.' out1 | wc -l | tr -d " "`
out1fails=`grep 'Not verified.' out1 | wc -l | tr -d " "`
-rm -f out1
-
-echo out1 oks $out1oks fails $out1fails
-
if test "$out1oks$out1fails" != "$EXPECT3"; then
+ echo out1 oks $out1oks fails $out1fails
echo expected $EXPECT3
echo "PKCS1-PAD3 FAIL"
exit 1
fi
+rm -f out1
+
echo "PKCS1-PAD3 OK"
# We're done.
diff --git a/tests/pkcs12-decode/pkcs12 b/tests/pkcs12-decode/pkcs12
index 8f5ab60..340290b 100755
--- a/tests/pkcs12-decode/pkcs12
+++ b/tests/pkcs12-decode/pkcs12
@@ -30,9 +30,10 @@ for p12 in 'client.p12 foobar' noclient.p12 unclient.p12
pkcs12_2certs.p12; do
file=$1
passwd=$2
$CERTTOOL --p12-info --inder --password "$passwd" \
- --infile $srcdir/$file | tee out
+ --infile $srcdir/$file > out 2>&1
rc=$?
if test $rc != 0; then
+ cat out
echo "NEON PKCS12 FATAL $p12"
ret=1
else
diff --git a/tests/pkcs8-decode/pkcs8 b/tests/pkcs8-decode/pkcs8
index 442de2f..61e8f47 100755
--- a/tests/pkcs8-decode/pkcs8
+++ b/tests/pkcs8-decode/pkcs8
@@ -29,9 +29,10 @@ for p8 in 'encpkcs8.pem foobar' unencpkcs8.pem
'enc2pkcs8.pem baz'; do
file=$1
passwd=$2
$CERTTOOL --key-info --pkcs8 --password "$passwd" \
- --infile $srcdir/$file | tee out
+ --infile $srcdir/$file | tee out >/dev/null 2>&1
rc=$?
if test $rc != 0; then
+ cat out
echo "PKCS8 FATAL $p8"
ret=1
else
diff --git a/tests/sha2/Makefile.am b/tests/sha2/Makefile.am
index 983f554..7cf9bde 100644
--- a/tests/sha2/Makefile.am
+++ b/tests/sha2/Makefile.am
@@ -19,10 +19,11 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = key-ca.pem key-subca.pem key-subsubca.pem key-user.pem
+EXTRA_DIST = key-ca.pem key-subca.pem key-subsubca.pem key-user.pem
key-dsa.pem \
+ key-ca-dsa.pem
-dist_check_SCRIPTS = sha2
+dist_check_SCRIPTS = sha2 sha2-dsa
-TESTS = sha2
+TESTS = sha2 sha2-dsa
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
diff --git a/tests/sha2/sha2 b/tests/sha2/sha2
index 8c4b96d..80b4bc1 100755
--- a/tests/sha2/sha2
+++ b/tests/sha2/sha2
@@ -20,7 +20,7 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-set -e
+#set -e
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
@@ -28,40 +28,59 @@ CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
echo ca > template
echo cn = "SHA 512 CA" >> template
-$CERTTOOL --generate-self-signed --template template \
+$CERTTOOL -d 2 --generate-self-signed --template template \
--load-privkey $srcdir/key-ca.pem \
--outfile new-ca.pem \
- --hash sha512 >/dev/null 2>&1
+ --hash sha512 >out 2>&1
+
+if [ $? != 0 ];then
+ cat out
+ exit 1
+fi
echo ca > template
echo cn = "SHA 384 sub-CA" >> template
-$CERTTOOL --generate-certificate --template template \
+$CERTTOOL -d 2 --generate-certificate --template template \
--load-ca-privkey $srcdir/key-ca.pem \
--load-ca-certificate new-ca.pem \
--load-privkey $srcdir/key-subca.pem \
--outfile new-subca.pem \
- --hash sha384 >/dev/null 2>&1
+ --hash sha384 >out 2>&1
+
+if [ $? != 0 ];then
+ cat out
+ exit 1
+fi
echo ca > template
echo cn = "SHA 256 sub-sub-CA" >> template
-$CERTTOOL --generate-certificate --template template \
+$CERTTOOL -d 2 --generate-certificate --template template \
--load-ca-privkey $srcdir/key-subca.pem \
--load-ca-certificate new-subca.pem \
--load-privkey $srcdir/key-subsubca.pem \
--outfile new-subsubca.pem \
- --hash sha256 >/dev/null 2>&1
+ --hash sha256 >out 2>&1
+
+if [ $? != 0 ];then
+ cat out
+ exit 1
+fi
echo ca > template
echo cn = "End-user" >> template
-$CERTTOOL --generate-certificate --template template \
+$CERTTOOL -d 2 --generate-certificate --template template \
--load-ca-privkey $srcdir/key-subsubca.pem \
--load-ca-certificate new-subsubca.pem \
--load-privkey $srcdir/key-user.pem \
- --outfile new-user.pem >/dev/null 2>&1
+ --outfile new-user.pem >out 2>&1
+if [ $? != 0 ];then
+ cat out
+ exit 1
+fi
num=`cat new-user.pem new-subsubca.pem new-subca.pem new-ca.pem | $CERTTOOL
--verify-chain | tee verify | grep -c Verified`
#cat verify
diff --git a/tests/pathlen/pathlen b/tests/sha2/sha2-dsa
similarity index 54%
copy from tests/pathlen/pathlen
copy to tests/sha2/sha2-dsa
index 210fbc3..dcf20d8 100755
--- a/tests/pathlen/pathlen
+++ b/tests/sha2/sha2-dsa
@@ -20,25 +20,46 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-set -e
+#set -e
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
-$CERTTOOL --certificate-info --infile $srcdir/ca-no-pathlen.pem \
- --outfile new-ca-no-pathlen.pem
-$CERTTOOL --certificate-info --infile $srcdir/no-ca-or-pathlen.pem \
- --outfile new-no-ca-or-pathlen.pem
+echo ca > template
+echo cn = "SHA 256 CA" >> template
-diff $srcdir/ca-no-pathlen.pem new-ca-no-pathlen.pem
-rc1=$?
-diff $srcdir/no-ca-or-pathlen.pem new-no-ca-or-pathlen.pem
-rc2=$?
+$CERTTOOL -d 2 --generate-self-signed --template template \
+ --load-privkey $srcdir/key-ca-dsa.pem \
+ --outfile new-ca-dsa.pem \
+ --hash sha256 >out 2>&1
-rm -f new-ca-no-pathlen.pem new-no-ca-or-pathlen.pem
+if [ $? != 0 ];then
+ cat out
+ exit 1
+fi
+
+echo ca > template
+echo cn = "End-user" >> template
+
+$CERTTOOL -d 2 --generate-certificate --template template \
+ --load-ca-privkey $srcdir/key-ca-dsa.pem \
+ --load-ca-certificate new-ca-dsa.pem \
+ --load-privkey $srcdir/key-dsa.pem \
+ --outfile new-user.pem >out 2>&1
+
+if [ $? != 0 ];then
+ cat out
+ exit 1
+fi
+
+cat new-user.pem new-ca-dsa.pem > out
+$CERTTOOL --verify-chain <out > verify
-# We're done.
-if test "$rc1" != "0"; then
- exit $rc1
+if [ $? != 0 ];then
+ cat verify
+ exit 1
fi
-exit $rc2
+
+rm -f verify new-user.pem new-ca-dsa.pem template
+
+exit 0
diff --git a/tests/userid/userid b/tests/userid/userid
index ca41267..52c906f 100755
--- a/tests/userid/userid
+++ b/tests/userid/userid
@@ -20,9 +20,15 @@
# along with GnuTLS; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-set -e
-
srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
-exec $CERTTOOL --certificate-info --infile $srcdir/userid.pem
+$CERTTOOL --certificate-info --infile $srcdir/userid.pem >out 2>&1
+RET=$?
+if [ $RET != 0 ];then
+ echo "Error in userid:"
+ cat out
+ exit 1
+fi
+
+exit 0
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-169-g4101120,
Nikos Mavrogiannopoulos <=