[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-316-g630b886
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-316-g630b886 |
|
Date: |
Wed, 16 Mar 2011 21:39:20 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=630b886cdc92e49f7e785887e9872cd7c5438303
The branch, master has been updated
via 630b886cdc92e49f7e785887e9872cd7c5438303 (commit)
via 555fce334bcc9f44b078341f1c04172e8d6a9e41 (commit)
via 939cd1000091cc2c3383990929604c2e903295bc (commit)
via 709e345f0780600f057f002e4ffdfb9e59dd11fe (commit)
via 5d5719b3e3aa328af245dc79ed7fc8dacb088bca (commit)
from e322d6be54c6014887b7c023d01247c4b5b2b6a3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 630b886cdc92e49f7e785887e9872cd7c5438303
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 22:39:12 2011 +0100
Added check for RSA ciphersuite in openpgp keys.
commit 555fce334bcc9f44b078341f1c04172e8d6a9e41
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 22:38:18 2011 +0100
read correct algorithm when decrypting data and use correct number of
private parameters.
commit 939cd1000091cc2c3383990929604c2e903295bc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 22:14:33 2011 +0100
added missing ret.
commit 709e345f0780600f057f002e4ffdfb9e59dd11fe
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 21:57:02 2011 +0100
Set type when sending empty openpgp key.
commit 5d5719b3e3aa328af245dc79ed7fc8dacb088bca
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 21:46:13 2011 +0100
Corrected nettle's RNG behavior on fork and added a test case.
-----------------------------------------------------------------------
Summary of changes:
lib/auth_cert.c | 2 +
lib/nettle/rnd.c | 11 ++++-
lib/openpgp/privkey.c | 14 +++++--
libextra/gnutls_extra.c | 2 +
tests/Makefile.am | 2 +-
tests/openpgp-auth.c | 19 ++++++---
tests/rng-fork.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++
7 files changed, 135 insertions(+), 15 deletions(-)
create mode 100644 tests/rng-fork.c
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 9f644b1..c08213b 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -870,6 +870,8 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session,
gnutls_buffer_st * da
}
else /* empty - no certificate */
{
+ type = PGP_KEY;
+
ret = _gnutls_buffer_append_data( data, &type, 1);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index 9ccb398..8af0add 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -250,7 +250,6 @@ do_device_source_urandom (int init)
if ((device_fd > 0)
&& (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
{
-
/* More than a minute since we last read the device */
uint8_t buf[DEVICE_READ_SIZE_MAX];
uint32_t done;
@@ -348,7 +347,7 @@ static int
do_device_source (int init)
{
static pid_t pid; /* detect fork() */
- int ret;
+ int ret, reseed = 0;
static int (*do_source) (int init) = NULL;
/* using static var here is ok since we are
* always called with mutexes down
@@ -380,9 +379,15 @@ do_device_source (int init)
{ /* fork() detected */
device_last_read = 0;
pid = getpid();
+ reseed = 1;
}
- return do_source (init);
+ ret = do_source (init);
+
+ if (reseed)
+ yarrow256_slow_reseed (&yctx);
+
+ return ret;
}
}
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 0ed4f0d..3b831a2 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -759,6 +759,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t
pkey,
goto error;
}
}
+
/* fixup will generate exp1 and exp2 that are not
* available here.
*/
@@ -1324,8 +1325,8 @@ _gnutls_openpgp_privkey_decrypt_data
(gnutls_openpgp_privkey_t key,
gnutls_datum_t * plaintext)
{
int result, i;
- bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+ int params_size = MAX_PRIV_PARAMS_SIZE;
int pk_algorithm;
gnutls_openpgp_keyid_t keyid;
@@ -1343,11 +1344,18 @@ _gnutls_openpgp_privkey_decrypt_data
(gnutls_openpgp_privkey_t key,
KEYID_IMPORT (kid, keyid);
result = _gnutls_openpgp_privkey_get_mpis (key, kid,
params, ¶ms_size);
+
+ i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+
+ pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i,
NULL);
}
else
{
+ pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+
result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
params, ¶ms_size);
+
}
if (result < 0)
@@ -1356,8 +1364,6 @@ _gnutls_openpgp_privkey_decrypt_data
(gnutls_openpgp_privkey_t key,
return result;
}
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
-
if (pk_algorithm != GNUTLS_PK_RSA)
{
gnutls_assert ();
diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c
index 1283763..302b092 100644
--- a/libextra/gnutls_extra.c
+++ b/libextra/gnutls_extra.c
@@ -152,6 +152,8 @@ gnutls_global_init_extra (void)
gcry_check_version (NULL);
if (gcry_fips_mode_active ())
{
+ int ret;
+
ret = gnutls_register_md5_handler ();
if (ret)
fprintf (stderr, "gnutls_register_md5_handler: %s\n",
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 09c4052..54447e7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -60,7 +60,7 @@ ctests = simple gc set_pkcs12_cred certder certuniqueid mpi
\
crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \
crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \
nul-in-x509-names x509_altname pkcs12_encode mini-x509 \
- mini-x509-rehandshake #gendh
+ mini-x509-rehandshake rng-fork #gendh
if ENABLE_OPENSSL
ctests += openssl
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
index 37c967c..1ffb3d4 100644
--- a/tests/openpgp-auth.c
+++ b/tests/openpgp-auth.c
@@ -65,19 +65,19 @@ doit ()
srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
- for (i = 0; i < 3; i++)
+ for (i = 0; i < 4; i++)
{
- if (i == 0)
+ if (i <= 1)
key_id = NULL; /* try using the master key */
- else if (i == 1)
- key_id = "auto"; /* test auto */
else if (i == 2)
+ key_id = "auto"; /* test auto */
+ else if (i == 3)
key_id = "f30fd423c143e7ba";
if (debug)
{
- gnutls_global_set_log_level (10);
+ gnutls_global_set_log_level (5);
gnutls_global_set_log_function (log_message);
}
@@ -113,7 +113,12 @@ doit ()
if (err != 0)
fail ("client session %d\n", err);
- gnutls_priority_set_direct (session,
+ if (i==0) /* we use the primary key which is RSA. Test the RSA
ciphersuite */
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+RSA:+CTYPE-OPENPGP",
+ NULL);
+ else
+ gnutls_priority_set_direct (session,
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_ptr (session,
@@ -177,7 +182,7 @@ doit ()
fail ("server session %d\n", err);
gnutls_priority_set_direct (session,
-
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+RSA:+CTYPE-OPENPGP",
NULL);
gnutls_transport_set_ptr (session,
(gnutls_transport_ptr_t) (intptr_t)
diff --git a/tests/rng-fork.c b/tests/rng-fork.c
new file mode 100644
index 0000000..1e4b5e5
--- /dev/null
+++ b/tests/rng-fork.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include "utils.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include "../lib/random.h"
+
+static void dump(const char* name, unsigned char* buf, int buf_size)
+{
+int i;
+ printf("%s: ", name);
+ for(i=0;i<buf_size;i++)
+ printf("%.2x:", buf[i]);
+ printf("\n");
+}
+
+
+
+void
+doit (void)
+{
+ unsigned char buf1[32];
+ unsigned char buf2[32];
+ pid_t pid;
+ int ret;
+ FILE* fp;
+
+
+ gnutls_global_init ();
+
+ pid = fork();
+ if (pid == 0)
+ {
+ fp = fopen("/tmp/rng-test", "w");
+ if (fp == NULL)
+ fail("cannot open file");
+
+ _gnutls_rnd (GNUTLS_RND_RANDOM, buf1, sizeof (buf1));
+ if (debug) dump("buf1", buf1, sizeof(buf1));
+
+ fwrite(buf1, 1, sizeof(buf1), fp);
+ fclose(fp);
+ }
+ else
+ {
+ /* daddy */
+ _gnutls_rnd (GNUTLS_RND_RANDOM, buf2, sizeof (buf2));
+ if (debug) dump("buf2", buf2, sizeof(buf2));
+ waitpid(pid, NULL, 0);
+
+ fp = fopen("/tmp/rng-test", "r");
+ if (fp == NULL)
+ fail("cannot open file");
+
+ ret = fread(buf1, 1, sizeof(buf1), fp);
+
+ if (ret != sizeof(buf1))
+ {
+ fail("error testing the random generator.");
+ return;
+ }
+
+ if (memcmp(buf1, buf2, sizeof(buf1))==0)
+ {
+ fail("error in the random generator. Produces same valus after
fork()");
+ return;
+ }
+
+ success("success");
+ }
+}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-316-g630b886,
Nikos Mavrogiannopoulos <=