[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-311-ge322d6b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-311-ge322d6b |
|
Date: |
Wed, 16 Mar 2011 19:51:49 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e322d6be54c6014887b7c023d01247c4b5b2b6a3
The branch, master has been updated
via e322d6be54c6014887b7c023d01247c4b5b2b6a3 (commit)
via 6215a10b58562877a3988d7a1a4acbce74c761fd (commit)
via f09e64c7c976b60e771f36bc241d72bf2292a62b (commit)
via a73773886eaf45116a3109e8b740854aeead6d08 (commit)
via 33d86f4c75b6636755c39d351292bdb75e9847d9 (commit)
via bdb4e7ee24ebb85b9cc562ee73ef88b2ffc73d4a (commit)
via 18c7fb58df3a49abacd6b5d1268938bf53926172 (commit)
from c5f804fa369d493d9587a51b7a262ced7b378811 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e322d6be54c6014887b7c023d01247c4b5b2b6a3
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 20:50:27 2011 +0100
enabled RSA and removed debugging.
commit 6215a10b58562877a3988d7a1a4acbce74c761fd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 20:47:20 2011 +0100
gnutls_pubkey_t and gnutls_privkey_t can import either an openpgp subkey or
a master key.
commit f09e64c7c976b60e771f36bc241d72bf2292a62b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:42:52 2011 +0100
split the pgp keys to elgamal and dsa.
commit a73773886eaf45116a3109e8b740854aeead6d08
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:41:52 2011 +0100
introduced GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR
commit 33d86f4c75b6636755c39d351292bdb75e9847d9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:18:32 2011 +0100
On unknown public key algorithms return Unknown name.
commit bdb4e7ee24ebb85b9cc562ee73ef88b2ffc73d4a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:08:18 2011 +0100
Read the public key algorithm from the selected subkey and not the master
key when importing to a gnutls_privkey.
commit 18c7fb58df3a49abacd6b5d1268938bf53926172
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 18:37:45 2011 +0100
Documentation fixed. Added fresh keys to test.
-----------------------------------------------------------------------
Summary of changes:
guile/tests/openpgp-auth.scm | 2 +-
.../tests/{openpgp-pub.asc => openpgp-elg-pub.asc} | 0
.../tests/{openpgp-sec.asc => openpgp-elg-sec.asc} | 0
guile/tests/openpgp-keys.scm | 4 +-
guile/tests/openpgp-pub.asc | 45 ++--
guile/tests/openpgp-sec.asc | 61 ++--
lib/gnutls_algorithms.c | 1 +
lib/gnutls_errors.c | 2 +
lib/gnutls_privkey.c | 23 ++-
lib/gnutls_pubkey.c | 45 ++-
lib/includes/gnutls/abstract.h | 1 -
lib/includes/gnutls/gnutls.h.in | 1 +
lib/openpgp/gnutls_openpgp.c | 17 +-
lib/openpgp/pgp.c | 5 +-
lib/openpgp/privkey.c | 5 +-
tests/openpgp-auth.c | 361 ++++++++++----------
tests/openpgp-auth2.c | 33 +--
tests/openpgpself.c | 100 ++++--
18 files changed, 374 insertions(+), 332 deletions(-)
copy guile/tests/{openpgp-pub.asc => openpgp-elg-pub.asc} (100%)
copy guile/tests/{openpgp-sec.asc => openpgp-elg-sec.asc} (100%)
diff --git a/guile/tests/openpgp-auth.scm b/guile/tests/openpgp-auth.scm
index 91dc9f3..6148183 100644
--- a/guile/tests/openpgp-auth.scm
+++ b/guile/tests/openpgp-auth.scm
@@ -30,7 +30,7 @@
;; TLS session settings.
(define priorities
-
"NONE:+VERS-TLS-ALL:+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+DHE-DSS:+COMP-ALL")
+
"NONE:+VERS-TLS-ALL:+CTYPE-OPENPGP:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+DHE-RSA:+DHE-DSS:+COMP-ALL")
;; Message sent by the client.
(define %message
diff --git a/guile/tests/openpgp-pub.asc b/guile/tests/openpgp-elg-pub.asc
similarity index 100%
copy from guile/tests/openpgp-pub.asc
copy to guile/tests/openpgp-elg-pub.asc
diff --git a/guile/tests/openpgp-sec.asc b/guile/tests/openpgp-elg-sec.asc
similarity index 100%
copy from guile/tests/openpgp-sec.asc
copy to guile/tests/openpgp-elg-sec.asc
diff --git a/guile/tests/openpgp-keys.scm b/guile/tests/openpgp-keys.scm
index 774fa64..6049984 100644
--- a/guile/tests/openpgp-keys.scm
+++ b/guile/tests/openpgp-keys.scm
@@ -30,10 +30,10 @@
(srfi srfi-11))
(define %certificate-file
- (search-path %load-path "openpgp-pub.asc"))
+ (search-path %load-path "openpgp-elg-pub.asc"))
(define %private-key-file
- (search-path %load-path "openpgp-sec.asc"))
+ (search-path %load-path "openpgp-elg-sec.asc"))
(define %key-id
;; Change me if you change the key files.
diff --git a/guile/tests/openpgp-pub.asc b/guile/tests/openpgp-pub.asc
index 6bdfabf..4aa5cf9 100644
--- a/guile/tests/openpgp-pub.asc
+++ b/guile/tests/openpgp-pub.asc
@@ -1,24 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+Comment: Test key for GnuTLS
-mQGiBDxKxWwRBADnLna2Lu+po71ZQJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZS
-p68dN89G/FBaweDGmbN4lbS8s+U1Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7
-pbNQ/4IuHNhwKnURTotzprCcs7k85E27UWybtflbtmYYhgKgoURyNsBljwCgj1te
-eNhfeSzCBy+UdGRXJvtNk3MD/jV41onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/
-RLPKvL4U3WRBJVWGPjmpxidmLXesNmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17a
-CTcFatW+ifQGnr1+x2zkMkQd9dUv/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmU
-bIZeBADQYUN6lk3eMYgYwrJN4AjmAJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhO
-slPGI+2nO0L/eLzmOmpTHXWmTOhUBROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5
-lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ7Za86Juuj3PYALBSE5y/jbRJT3BlbkNESyB0
-ZXN0IGtleSAoT25seSBpbnRlbmRlZCBmb3IgdGVzdCBwdXJwb3NlcyEpIDxvcGVu
-Y2RrQGZvby1iYXIub3JnPohaBBMRAgAaBQI8SsVsBQsHCgMEAxUDAgMWAgECHgEC
-F4AACgkQvVcs3MzAfDWBwQCcDhKNjtREfG3LzmFQ2c2G4g2EWaUAn2aBZiyAxqrP
-HS0rwgTwgv6A09ukuQENBDxKxW8QBADiAVZSYGnQZ9JPTXHm04ZY4IvjvyRsGtzg
-jbac2NRZwe0zVzhBB5h1Wv23nxeXzwIucMeWDxLKaJbSfP0koRzTFt3h+8wephXF
-wx/sZW5GcHjIdfxQmx7Lmci1bC2HXFDiAYtbD6N4YG62QlolM4MPVf0h1kkBVhXU
-mh0J6VEPXwADBQQA0L2t5AQydYZ1yH0HMMNgmBRnuuG+tswQWjwfNmv9vqEuN4RW
-UTI4uK1BTlKiqWYdHfHba7XzP2kGFmEHVWyBMiQzCzCTLbfIzIIlZy164kryRpdQ
-5Tm2YepkddLgPNjTg43EqKxK/SE1Nv4+luydCuplFktXbgGzeo3KifKyV9CIRgQY
-EQIABgUCPErFbwAKCRC9VyzczMB8NXVmAJ9gHh+Z4LB8d+Z/Puyh4Z+UY9NzZwCf
-asaetBGab/v0SefRVNguBdQIYds=
-=GwWK
+mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx
+mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq
+2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0
+CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
+AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg
+Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+
+6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X
+W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW
+aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4
+CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA
+oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1
+ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6
+CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc
+J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo
+e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS
+fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA
+CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6
+3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i
+BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8
+lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l
+YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==
+=ydIq
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/guile/tests/openpgp-sec.asc b/guile/tests/openpgp-sec.asc
index 58bafee..886ba34 100644
--- a/guile/tests/openpgp-sec.asc
+++ b/guile/tests/openpgp-sec.asc
@@ -1,32 +1,35 @@
-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+Comment: Test key for GnuTLS
-lQG7BDxKxWwRBADnLna2Lu+po71ZQJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZS
-p68dN89G/FBaweDGmbN4lbS8s+U1Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7
-pbNQ/4IuHNhwKnURTotzprCcs7k85E27UWybtflbtmYYhgKgoURyNsBljwCgj1te
-eNhfeSzCBy+UdGRXJvtNk3MD/jV41onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/
-RLPKvL4U3WRBJVWGPjmpxidmLXesNmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17a
-CTcFatW+ifQGnr1+x2zkMkQd9dUv/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmU
-bIZeBADQYUN6lk3eMYgYwrJN4AjmAJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhO
-slPGI+2nO0L/eLzmOmpTHXWmTOhUBROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5
-lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ7Za86Juuj3PYALBSE5y/jQAAn2P+O9oRyd/b
-1jXd4F2H8SSzMMu3DM/9JiM6RFNBX2ZhY3RvcjoAAK9+8VCrUSp2tkcQT5PxLJzr
-ENoOP4NB/SYjOkRTQV9mYWN0b3I6AACvTy8J9Y0wrRLLV4I96AjHaNfLwQp9E/0m
-IzpEU0FfZmFjdG9yOgAAr2T4CrVVKLaOwyIga909v8jvsToXmxu0SU9wZW5DREsg
-dGVzdCBrZXkgKE9ubHkgaW50ZW5kZWQgZm9yIHRlc3QgcHVycG9zZXMhKSA8b3Bl
-bmNka0Bmb28tYmFyLm9yZz6IWgQTEQIAGgUCPErFbAULBwoDBAMVAwIDFgIBAh4B
-AheAAAoJEL1XLNzMwHw1gcEAmQGbWA2HMKJfa1qvFUwrpVK9zdHtAJ9HHAujC4X+
-0AnRZNUKFdC94Ct+r50BMgQ8SsVvEAQA4gFWUmBp0GfST01x5tOGWOCL478kbBrc
-4I22nNjUWcHtM1c4QQeYdVr9t58Xl88CLnDHlg8SymiW0nz9JKEc0xbd4fvMHqYV
-xcMf7GVuRnB4yHX8UJsey5nItWwth1xQ4gGLWw+jeGButkJaJTODD1X9IdZJAVYV
-1JodCelRD18AAwUEANC9reQEMnWGdch9BzDDYJgUZ7rhvrbMEFo8HzZr/b6hLjeE
-VlEyOLitQU5SoqlmHR3x22u18z9pBhZhB1VsgTIkMwswky23yMyCJWcteuJK8kaX
-UOU5tmHqZHXS4DzY04ONxKisSv0hNTb+PpbsnQrqZRZLV24Bs3qNyonyslfQAAD6
-AqTLHwdVk3VLPMjSKNONdwwYPDTowJ5cHw5Uc2vRRG0OJf0mIzpFTEdfZmFjdG9y
-OgAAqwRFtBcGdsy2AtBSxX4HPMvtBiODIhf9JiM6RUxHX2ZhY3RvcjoAAKsFn0GK
-Y7/TzpNP3IdTXmkQfUXC+YpP/SYjOkVMR19mYWN0b3I6AACrBV0wh13upAu9+4N1
-rXOuK6EkJ4T1//0mIzpFTEdfZmFjdG9yOgAAqwbJVCRiM/nb341fujR8AELlrBOb
-Lqv9JiM6RUxHX2ZhY3RvcjoAAKsGhKSsyEs0Yrs4YvI0CBiIZn1b2G9LiEYEGBEC
-AAYFAjxKxW8ACgkQvVcs3MzAfDV1ZgCeLovqxqOYaIfjREbT8e9+2jy1D20An268
-JJzFTBkCFFN0YlBK57y6qjf0
-=0tJj
+lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5
+sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS
+qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB
+AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U
+FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q
+rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd
+TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO
+HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+
+Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH
+Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz
+dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2
+78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp
+GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM
+nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY
+GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S
+Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg
+quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro
+f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3
+VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH
+DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU
+03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa
+0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ
+KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR
+AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z
++GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD
+XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA
+pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz
+YpFL4VP5wQ==
+=zzoN
-----END PGP PRIVATE KEY BLOCK-----
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 79a7167..797e209 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -2208,6 +2208,7 @@ typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
/* having duplicate entries is ok, as long as the one
* we want to return OID from is first */
+ {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
{"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
{"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates
use this OID for RSA */
{"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken
certificates set RSA with MD5 as an indicator of RSA */
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index d9548e3..fada304 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -216,6 +216,8 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
GNUTLS_E_OPENPGP_UID_REVOKED, 1),
+ ERROR_ENTRY (N_("The OpenPGP key has not a preferred key set."),
+ GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
ERROR_ENTRY (N_("Error loading the keyring."),
GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 0ee2d94..8c23048 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -375,7 +375,8 @@ int ret;
* #gnutls_privkey_t structure.
*
* The #gnutls_openpgp_privkey_t object must not be deallocated
- * during the lifetime of this structure.
+ * during the lifetime of this structure. The subkey set as
+ * preferred will be used, or the master key otherwise.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -385,7 +386,8 @@ gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key,
unsigned int flags)
{
-int ret;
+int ret, idx;
+gnutls_openpgp_keyid_t keyid;
ret = check_if_clean(pkey);
if (ret < 0)
@@ -396,7 +398,22 @@ int ret;
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
+ {
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ }
+ else
+ {
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm
(key, idx, NULL);
+ }
+
pkey->flags = flags;
return 0;
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index b4deb73..0e788b2 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -327,7 +327,8 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
* @flags: should be zero
*
* This function will import the given public key to the abstract
- * #gnutls_pubkey_t structure.
+ * #gnutls_pubkey_t structure. The subkey set as preferred will be
+ * imported or the master key otherwise.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -335,32 +336,50 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
int
gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
unsigned int flags)
{
- int ret;
+ int ret, idx;
uint32_t kid32[2];
+ uint32_t *k;
+ gnutls_openpgp_keyid_t keyid;
ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid);
- if (ret < 0)
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
{
- gnutls_assert ();
- return ret;
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm(crt, NULL);
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt,
&key->bits);
+
+ ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ k = NULL;
}
+ else
+ {
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- KEYID_IMPORT (kid32, keyid);
+ KEYID_IMPORT (kid32, keyid);
+ k = kid32;
- key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits);
+ idx = gnutls_openpgp_crt_get_subkey_idx (crt, keyid);
- ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
+ ret = gnutls_openpgp_crt_get_subkey_usage (crt, idx, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (crt,
idx, NULL);
+ }
switch (key->pk_algorithm)
{
case GNUTLS_PK_RSA:
ret =
- _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ _gnutls_openpgp_crt_get_mpis (crt, k, key->params,
&key->params_size);
if (ret < 0)
{
@@ -370,7 +389,7 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
break;
case GNUTLS_PK_DSA:
ret =
- _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ _gnutls_openpgp_crt_get_mpis (crt, k, key->params,
&key->params_size);
if (ret < 0)
{
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 6791b82..8bc46c6 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -25,7 +25,6 @@ int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey,
gnutls_pkcs11_obj_t crt, unsigned int flags);
int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey,
gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
unsigned int flags);
int
gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 5933f4d..13b3e4f 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1714,6 +1714,7 @@ extern "C"
#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
#define GNUTLS_E_BAD_COOKIE -214
+#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
/* PKCS11 related */
#define GNUTLS_E_PKCS11_ERROR -300
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 5d14668..ba7cd27 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -126,7 +126,9 @@ _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert,
* called more than once (in case multiple keys/certificates exist
* for the server).
*
- * With this function the subkeys of the certificate are not used.
+ * Note that this function requires that the preferred key ids have
+ * been set and be used. See gnutls_openpgp_crt_set_preferred_key_id().
+ * Otherwise the master key will be used.
*
* Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
* otherwise an error code is returned.
@@ -139,6 +141,7 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
int ret;
gnutls_privkey_t privkey;
gnutls_cert *ccert;
+
/* this should be first */
ret = gnutls_privkey_init (&privkey);
@@ -147,7 +150,7 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
gnutls_assert ();
return ret;
}
-
+
ret =
gnutls_privkey_import_openpgp (privkey, pkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
@@ -277,7 +280,7 @@ leave:
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS credential
- * structure. The files should contain non encrypted keys.
+ * structure. The datum should contain at least one valid non encrypted subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -300,8 +303,7 @@ gnutls_certificate_set_openpgp_key_mem
(gnutls_certificate_credentials_t res,
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
- * credentials structure. The files should only contain one key which
- * is not encrypted.
+ * credentials structure. The file should contain at least one valid non
encrypted subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -346,8 +348,7 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
- * credentials structure. The files should only contain one key which
- * is not encrypted.
+ * credentials structure. The datum should contain at least one valid non
encrypted subkey.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
@@ -444,7 +445,7 @@ gnutls_certificate_set_openpgp_key_mem2
(gnutls_certificate_credentials_t res,
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS credential
- * structure. The files should contain non encrypted keys.
+ * structure. The file should contain at least one valid non encrypted subkey.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index ffee4c9..75be8ad 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -1559,7 +1559,10 @@ int
gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
gnutls_openpgp_keyid_t keyid)
{
- if (!key || !keyid || !key->preferred_set)
+ if (!key->preferred_set)
+ return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
+ if (!key || !keyid)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 07bb988..0ed4f0d 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -1176,7 +1176,10 @@ int
gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
gnutls_openpgp_keyid_t keyid)
{
- if (!key || !keyid || !key->preferred_set)
+ if (!key->preferred_set)
+ return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
+ if (!key || !keyid)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
index eed99c1..37c967c 100644
--- a/tests/openpgp-auth.c
+++ b/tests/openpgp-auth.c
@@ -43,12 +43,7 @@ static const char message[] = "Hello, brave GNU world!";
/* The OpenPGP key pair for use and the key ID in those keys. */
static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
-static const char *key_id = NULL
- /* FIXME: The values below don't work as expected. */
- /* "auto" */
- /* "bd572cdcccc07c35" */ ;
-
-static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem";
+static const char *key_id = NULL;
static void
log_message (int level, const char *message)
@@ -60,205 +55,201 @@ log_message (int level, const char *message)
void
doit ()
{
- int err;
+ int err, i;
int sockets[2];
const char *srcdir;
- char *pub_key_path, *priv_key_path, *rsa_params_path;
+ char *pub_key_path, *priv_key_path;
pid_t child;
gnutls_global_init ();
srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
- if (debug)
- {
- gnutls_global_set_log_level (10);
- gnutls_global_set_log_function (log_message);
- }
-
- err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
- if (err != 0)
- fail ("socketpair %s\n", strerror (errno));
-
- pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
- strcpy (pub_key_path, srcdir);
- strcat (pub_key_path, "/");
- strcat (pub_key_path, pub_key_file);
-
- priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
- strcpy (priv_key_path, srcdir);
- strcat (priv_key_path, "/");
- strcat (priv_key_path, priv_key_file);
-
- rsa_params_path = alloca (strlen (srcdir) + strlen (rsa_params_file) + 2);
- strcpy (rsa_params_path, srcdir);
- strcat (rsa_params_path, "/");
- strcat (rsa_params_path, rsa_params_file);
-
- child = fork ();
- if (child == -1)
- fail ("fork %s\n", strerror (errno));
-
- if (child == 0)
+ for (i = 0; i < 3; i++)
{
- /* Child process (client). */
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- ssize_t sent;
-
- if (debug)
- printf ("client process %i\n", getpid ());
-
- err = gnutls_init (&session, GNUTLS_CLIENT);
- if (err != 0)
- fail ("client session %d\n", err);
-
- gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP",
NULL);
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[0]);
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("client credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("client openpgp keys %d\n", err);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("client credential_set %d\n", err);
-
- gnutls_dh_set_prime_bits (session, 1024);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
- else if (debug)
- printf ("client handshake successful\n");
-
- sent = gnutls_record_send (session, message, sizeof (message));
- if (sent != sizeof (message))
- fail ("client sent %li vs. %li\n",
- (long) sent, (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("client bye %d\n", err);
+ if (i == 0)
+ key_id = NULL; /* try using the master key */
+ else if (i == 1)
+ key_id = "auto"; /* test auto */
+ else if (i == 2)
+ key_id = "f30fd423c143e7ba";
if (debug)
- printf ("client done\n");
- }
- else
- {
- /* Parent process (server). */
- gnutls_session_t session;
- gnutls_dh_params_t dh_params;
- gnutls_rsa_params_t rsa_params;
- gnutls_certificate_credentials_t cred;
- char greetings[sizeof (message) * 2];
- ssize_t received;
- pid_t done;
- int status;
- size_t rsa_size;
- gnutls_datum_t rsa_data;
- const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
-
- if (debug)
- printf ("server process %i (child %i)\n", getpid (), child);
-
- err = gnutls_init (&session, GNUTLS_SERVER);
- if (err != 0)
- fail ("server session %d\n", err);
-
- gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP",
NULL);
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[1]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("server credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("server openpgp keys %d\n", err);
-
- err = gnutls_dh_params_init (&dh_params);
- if (err)
- fail ("server DH params init %d\n", err);
-
- err =
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server DH params generate %d\n", err);
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- rsa_data.data =
- (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
- if (rsa_data.data == NULL)
- fail ("server rsa params error\n");
- rsa_data.size = rsa_size;
-
- err = gnutls_rsa_params_init (&rsa_params);
- if (err)
- fail ("server RSA params init %d\n", err);
-
- err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
- GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server RSA params import %d\n", err);
-
- gnutls_certificate_set_rsa_export_params (cred, rsa_params);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("server credential_set %d\n", err);
-
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
-
- received = gnutls_record_recv (session, greetings, sizeof (greetings));
- if (received != sizeof (message)
- || memcmp (greetings, message, sizeof (message)))
- fail ("server received %li vs. %li\n",
- (long) received, (long) sizeof (message));
+ {
+ gnutls_global_set_log_level (10);
+ gnutls_global_set_log_function (log_message);
+ }
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
if (err != 0)
- fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
+ fail ("socketpair %s\n", strerror (errno));
- if (debug)
- printf ("server done\n");
+ pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
+ strcpy (pub_key_path, srcdir);
+ strcat (pub_key_path, "/");
+ strcat (pub_key_path, pub_key_file);
- done = wait (&status);
- if (done < 0)
- fail ("wait %s\n", strerror (errno));
+ priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
+ strcpy (priv_key_path, srcdir);
+ strcat (priv_key_path, "/");
+ strcat (priv_key_path, priv_key_file);
- if (done != child)
- fail ("who's that?! %d\n", done);
+ child = fork ();
+ if (child == -1)
+ fail ("fork %s\n", strerror (errno));
- if (WIFEXITED (status))
+ if (child == 0)
{
- if (WEXITSTATUS (status) != 0)
- fail ("child exited with status %d\n", WEXITSTATUS (status));
+ /* Child process (client). */
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ ssize_t sent;
+
+ if (debug)
+ printf ("client process %i\n", getpid ());
+
+ err = gnutls_init (&session, GNUTLS_CLIENT);
+ if (err != 0)
+ fail ("client session %d\n", err);
+
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[0]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("client credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path,
+ priv_key_path, key_id,
+
GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("client openpgp keys %s\n", gnutls_strerror (err));
+
+ err =
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("client credential_set %d\n", err);
+
+ gnutls_dh_set_prime_bits (session, 1024);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("client handshake %s (%d) \n", gnutls_strerror (err), err);
+ else if (debug)
+ printf ("client handshake successful\n");
+
+ sent = gnutls_record_send (session, message, sizeof (message));
+ if (sent != sizeof (message))
+ fail ("client sent %li vs. %li\n",
+ (long) sent, (long) sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("client bye %d\n", err);
+
+ if (debug)
+ printf ("client done\n");
}
- else if (WIFSIGNALED (status))
- fail ("child stopped by signal %d\n", WTERMSIG (status));
else
- fail ("child failed: %d\n", status);
+ {
+ /* Parent process (server). */
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_certificate_credentials_t cred;
+ char greetings[sizeof (message) * 2];
+ ssize_t received;
+ pid_t done;
+ int status;
+ const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
+
+ if (debug)
+ printf ("server process %i (child %i)\n", getpid (), child);
+
+ err = gnutls_init (&session, GNUTLS_SERVER);
+ if (err != 0)
+ fail ("server session %d\n", err);
+
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[1]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("server credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path,
+ priv_key_path, key_id,
+
GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("server openpgp keys %s\n", gnutls_strerror (err));
+
+ err = gnutls_dh_params_init (&dh_params);
+ if (err)
+ fail ("server DH params init %d\n", err);
+
+ err =
+ gnutls_dh_params_import_pkcs3 (dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
+ if (err)
+ fail ("server DH params generate %d\n", err);
+
+ gnutls_certificate_set_dh_params (cred, dh_params);
+
+ err =
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("server credential_set %d\n", err);
+
+ gnutls_certificate_server_set_request (session,
+ GNUTLS_CERT_REQUIRE);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("server handshake %s (%d) \n", gnutls_strerror (err), err);
+
+ received =
+ gnutls_record_recv (session, greetings, sizeof (greetings));
+ if (received != sizeof (message)
+ || memcmp (greetings, message, sizeof (message)))
+ fail ("server received %li vs. %li\n", (long) received,
+ (long) sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("server bye %s (%d) \n", gnutls_strerror (err), err);
+
+ if (debug)
+ printf ("server done\n");
+
+ done = wait (&status);
+ if (done < 0)
+ fail ("wait %s\n", strerror (errno));
+
+ if (done != child)
+ fail ("who's that?! %d\n", done);
+
+ if (WIFEXITED (status))
+ {
+ if (WEXITSTATUS (status) != 0)
+ fail ("child exited with status %d\n", WEXITSTATUS (status));
+ }
+ else if (WIFSIGNALED (status))
+ fail ("child stopped by signal %d\n", WTERMSIG (status));
+ else
+ fail ("child failed: %d\n", status);
+ }
+
}
}
diff --git a/tests/openpgp-auth2.c b/tests/openpgp-auth2.c
index 95c1712..b18c932 100644
--- a/tests/openpgp-auth2.c
+++ b/tests/openpgp-auth2.c
@@ -53,8 +53,6 @@ static const char *key_id = NULL
/* "auto" */
/* "bd572cdcccc07c35" */ ;
-static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem";
-
static void
log_message (int level, const char *message)
{
@@ -68,7 +66,7 @@ doit ()
int err;
int sockets[2];
const char *srcdir;
- char *pub_key_path, *priv_key_path, *rsa_params_path;
+ char *pub_key_path, *priv_key_path;
pid_t child;
gnutls_global_init ();
@@ -95,11 +93,6 @@ doit ()
strcat (priv_key_path, "/");
strcat (priv_key_path, priv_key_file);
- rsa_params_path = alloca (strlen (srcdir) + strlen (rsa_params_file) + 2);
- strcpy (rsa_params_path, srcdir);
- strcat (rsa_params_path, "/");
- strcat (rsa_params_path, rsa_params_file);
-
child = fork ();
if (child == -1)
fail ("fork %s\n", strerror (errno));
@@ -118,7 +111,7 @@ doit ()
if (err != 0)
fail ("client session %d\n", err);
- gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP",
NULL);
+ gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr_t) (intptr_t)
sockets[0]);
@@ -164,14 +157,11 @@ doit ()
/* Parent process (server). */
gnutls_session_t session;
gnutls_dh_params_t dh_params;
- gnutls_rsa_params_t rsa_params;
gnutls_certificate_credentials_t cred;
char greetings[sizeof (message) * 2];
ssize_t received;
pid_t done;
int status;
- size_t rsa_size;
- gnutls_datum_t rsa_data;
const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
if (debug)
@@ -181,7 +171,7 @@ doit ()
if (err != 0)
fail ("server session %d\n", err);
- gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+CTYPE-OPENPGP",
NULL);
+ gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.2:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr_t) (intptr_t)
sockets[1]);
@@ -209,23 +199,6 @@ doit ()
gnutls_certificate_set_dh_params (cred, dh_params);
- rsa_data.data =
- (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
- if (rsa_data.data == NULL)
- fail ("server rsa params error\n");
- rsa_data.size = rsa_size;
-
- err = gnutls_rsa_params_init (&rsa_params);
- if (err)
- fail ("server RSA params init %d\n", err);
-
- err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
- GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server RSA params import %d\n", err);
-
- gnutls_certificate_set_rsa_export_params (cred, rsa_params);
-
err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
if (err != 0)
fail ("server credential_set %d\n", err);
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index bbaf61d..8d2a48f 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -60,46 +60,72 @@ tls_log_func (int level, const char *str)
#define MSG "Hello TLS"
static unsigned char cert_txt[] =
- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
- "Version: GnuPG v1.0.6 (GNU/Linux)\n"
- "Comment: For info see http://www.gnupg.org\n";
- "\n"
- "mQGiBDxnlY0RBACAsWUhi/goBvpvTBgL8fFPwBAuD04VYFEtC7+4pBp6kFsHjUR7\n"
- "TTUkBsOk2PvMHrDdv0+C4x2CH8YGP1e+O0f2yLWk8Uu+kkF12yiqbbvDEiCdeJT6\n"
- "c3vIstY8vJ9Jso5g/LB8Xggq88R7jXFS3hH+WC5v/6P6SARfzXl457cVewCgvxSf\n"
- "Gsm9mFospJ0B3RGyg5MB0d8D/RQQryJCGdR2nLe4VfctPL2QBD/1XhtubqEbetaV\n"
- "PxssqrJdA+eplBRT7UHokSBahM8gmSmNuSrLDujPfEtaMg6YIkB+Kq0VeJLE0cXT\n"
- "ZIH29KJlI/qk1xG4K7D6B0cKaHC/L4BIoKcQLJzfTIPw3frS4jVeNaQZNHSVqZ8/\n"
- "VmOMA/9rkNtccQ4RVd9WTFoHKvT4vfiISEOIzKGmcBY9Hymq7MCci3mNe4CDImkv\n"
- "ZgnjDlJAM91CX1ODthPLBqvyhnMhhxDnaDl4Nh42uPMSr9JEW2IwoIbFne10ihGT\n"
- "O4lBS1C28UfSGEMm/8JBMtxAjbYy3BYzUtCMA+bGBG6Voe5i5LQlRHIuIFdobyAo\n"
- "Tm8gY29tbWVudHMpIDx3aG9Ad2hvaXMub3JnPohdBBMRAgAdBQI8Z5WNBQkDwmcA\n"
- "BQsHCgMEAxUDAgMWAgECF4AACgkQNRRc6qfZPD+WWACfeJnLyfbpTDB7mDh3aATb\n"
- "+0PXz28AoKRdApBVM6Bty+vWyXH6HfF6ZTj+\n"
- "=m8dH\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+"-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+"Version: GnuPG v1.4.10 (GNU/Linux)\n"
+"Comment: Test key for GnuTLS\n"
+"\n"
+"mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx\n"
+"mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq\n"
+"2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0\n"
+"CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe\n"
+"AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg\n"
+"Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+\n"
+"6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X\n"
+"W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW\n"
+"aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4\n"
+"CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA\n"
+"oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1\n"
+"ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6\n"
+"CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc\n"
+"J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo\n"
+"e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS\n"
+"fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA\n"
+"CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6\n"
+"3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i\n"
+"BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8\n"
+"lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l\n"
+"YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==\n"
+"=ydIq\n"
+"-----END PGP PUBLIC KEY BLOCK-----\n";
+
const gnutls_datum_t cert = { cert_txt, sizeof (cert_txt) };
static unsigned char key_txt[] =
- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
- "Version: GnuPG v1.0.6 (GNU/Linux)\n"
- "Comment: For info see http://www.gnupg.org\n";
- "\n"
- "lQG7BDxnlY0RBACAsWUhi/goBvpvTBgL8fFPwBAuD04VYFEtC7+4pBp6kFsHjUR7\n"
- "TTUkBsOk2PvMHrDdv0+C4x2CH8YGP1e+O0f2yLWk8Uu+kkF12yiqbbvDEiCdeJT6\n"
- "c3vIstY8vJ9Jso5g/LB8Xggq88R7jXFS3hH+WC5v/6P6SARfzXl457cVewCgvxSf\n"
- "Gsm9mFospJ0B3RGyg5MB0d8D/RQQryJCGdR2nLe4VfctPL2QBD/1XhtubqEbetaV\n"
- "PxssqrJdA+eplBRT7UHokSBahM8gmSmNuSrLDujPfEtaMg6YIkB+Kq0VeJLE0cXT\n"
- "ZIH29KJlI/qk1xG4K7D6B0cKaHC/L4BIoKcQLJzfTIPw3frS4jVeNaQZNHSVqZ8/\n"
- "VmOMA/9rkNtccQ4RVd9WTFoHKvT4vfiISEOIzKGmcBY9Hymq7MCci3mNe4CDImkv\n"
- "ZgnjDlJAM91CX1ODthPLBqvyhnMhhxDnaDl4Nh42uPMSr9JEW2IwoIbFne10ihGT\n"
- "O4lBS1C28UfSGEMm/8JBMtxAjbYy3BYzUtCMA+bGBG6Voe5i5AAAnjMCLPrxGdgE\n"
- "I0xXdwCQ4Sh2diNECAj9JiM6RFNBX2ZhY3RvcjoAAK9cun7/j4AUMmdvIy5UMJph\n"
- "A6eq6atP/SYjOkRTQV9mYWN0b3I6AACvVjUuomodmmyCggPHWdeVSzpX3ODEHf0m\n"
- "IzpEU0FfZmFjdG9yOgAAr2Iv9H2aSH+vJKGYW/BO4ehQwwFck7u0JURyLiBXaG8g\n"
- "KE5vIGNvbW1lbnRzKSA8d2hvQHdob2lzLm9yZz6IXQQTEQIAHQUCPGeVjQUJA8Jn\n"
- "AAULBwoDBAMVAwIDFgIBAheAAAoJEDUUXOqn2Tw/llgAnjBPQdWxIqBCQGlcI2K/\n"
- "gLkZR1ARAJ9kaAeJYERc0bV/vlm0ot7UDdr+bQ==\n"
- "=4M0W\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+"-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+"Version: GnuPG v1.4.10 (GNU/Linux)\n"
+"Comment: Test key for GnuTLS\n"
+"\n"
+"lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5\n"
+"sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS\n"
+"qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB\n"
+"AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U\n"
+"FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q\n"
+"rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd\n"
+"TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO\n"
+"HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+\n"
+"Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH\n"
+"Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz\n"
+"dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA\n"
+"AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2\n"
+"78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp\n"
+"GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM\n"
+"nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY\n"
+"GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S\n"
+"Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg\n"
+"quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro\n"
+"f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3\n"
+"VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH\n"
+"DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU\n"
+"03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa\n"
+"0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ\n"
+"KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR\n"
+"AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z\n"
+"+GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD\n"
+"XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA\n"
+"pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz\n"
+"YpFL4VP5wQ==\n"
+"=zzoN\n"
+"-----END PGP PRIVATE KEY BLOCK-----\n";
const gnutls_datum_t key = { key_txt, sizeof (key_txt) };
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-311-ge322d6b,
Nikos Mavrogiannopoulos <=