[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-324-gad2061d
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-324-gad2061d |
|
Date: |
Sat, 19 Mar 2011 11:21:50 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ad2061deafdd7db78fd405f9d143b0a7c579da7b
The branch, master has been updated
via ad2061deafdd7db78fd405f9d143b0a7c579da7b (commit)
via 337eed5fe4bcbc642f1c4fdb26283c3e167d949d (commit)
via 294f4e9fc882f5ef541a4e7fc169b23f9db50646 (commit)
via 0825640cc8580981db4f0be999b4f79c07f89168 (commit)
from c81ea586b765639860ae9d075661d7541a642e7c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ad2061deafdd7db78fd405f9d143b0a7c579da7b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:15:42 2011 +0100
Added test to verify connections with DSA keys of various sizes.
commit 337eed5fe4bcbc642f1c4fdb26283c3e167d949d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:15:22 2011 +0100
warn on generation of DSA keys of over 1024 bits.
commit 294f4e9fc882f5ef541a4e7fc169b23f9db50646
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:07:51 2011 +0100
Return a special error code if DSA keys with over 1024 are being used with
TLS 1.x, x<2.
commit 0825640cc8580981db4f0be999b4f79c07f89168
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:04:54 2011 +0100
truncate hash size when asking to sign or verify DSA with a longer hash.
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 1 +
lib/gnutls_alert.c | 1 +
lib/gnutls_errors.c | 2 +
lib/gnutls_sig.c | 17 ++---
lib/includes/gnutls/gnutls.h.in | 1 +
lib/nettle/pk.c | 12 +++-
src/certtool.c | 8 ++-
tests/Makefile.am | 2 +-
tests/{pathlen => dsa}/Makefile.am | 6 +-
tests/dsa/cert.dsa.1024.pem | 20 ++++++
tests/dsa/cert.dsa.2048.pem | 29 ++++++++
tests/dsa/cert.dsa.3072.pem | 37 +++++++++++
tests/dsa/dsa.1024.pem | 12 ++++
tests/dsa/dsa.2048.pem | 20 ++++++
tests/dsa/dsa.3072.pem | 28 ++++++++
tests/dsa/testdsa | 127 ++++++++++++++++++++++++++++++++++++
tests/suite/Makefile.in | 3 +
17 files changed, 308 insertions(+), 18 deletions(-)
copy tests/{pathlen => dsa}/Makefile.am (85%)
create mode 100644 tests/dsa/cert.dsa.1024.pem
create mode 100644 tests/dsa/cert.dsa.2048.pem
create mode 100644 tests/dsa/cert.dsa.3072.pem
create mode 100644 tests/dsa/dsa.1024.pem
create mode 100644 tests/dsa/dsa.2048.pem
create mode 100644 tests/dsa/dsa.3072.pem
create mode 100755 tests/dsa/testdsa
diff --git a/configure.ac b/configure.ac
index c02e16d..cfea317 100644
--- a/configure.ac
+++ b/configure.ac
@@ -282,6 +282,7 @@ AC_CONFIG_FILES([
src/cfg/platon/str/Makefile
tests/Makefile
tests/key-id/Makefile
+ tests/dsa/Makefile
tests/openpgp-certs/Makefile
tests/safe-renegotiation/Makefile
tests/pathlen/Makefile
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index b173057..0663669 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -206,6 +206,7 @@ gnutls_error_to_alert (int err, int *level)
case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
+ case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
ret = GNUTLS_A_HANDSHAKE_FAILURE;
_level = GNUTLS_AL_FATAL;
break;
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index fada304..3ba8a1a 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -94,6 +94,8 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
ERROR_ENTRY (N_("The peer did not send any certificate."),
GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+ ERROR_ENTRY (N_("The given DSA key is incompatible with the selected TLS
protocol."),
+ GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index fdfd595..ef44cca 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -65,16 +65,15 @@ int ret;
if (cert->subject_pk_algorithm == GNUTLS_PK_DSA)
{ /* override */
- if (!_gnutls_version_has_selectable_sighash (version))
- *hash_algo = GNUTLS_DIG_SHA1;
- else
- {
- *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
+ *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
- ret = _gnutls_session_sign_algo_requested(session,
_gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
+ /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
+ if (!_gnutls_version_has_selectable_sighash (version) && *hash_algo !=
GNUTLS_DIG_SHA1)
+ return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+
+ ret = _gnutls_session_sign_algo_requested(session,
_gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
}
else
{
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 13b3e4f..cc64d62 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1715,6 +1715,7 @@ extern "C"
#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
#define GNUTLS_E_BAD_COOKIE -214
#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
+#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
/* PKCS11 related */
#define GNUTLS_E_PKCS11_ERROR -300
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 6d37078..80b8d5b 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -276,6 +276,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
struct dsa_public_key pub;
struct dsa_private_key priv;
struct dsa_signature sig;
+ int hash_len;
dsa_public_key_init (&pub);
dsa_private_key_init (&priv);
@@ -285,7 +286,8 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
dsa_signature_init (&sig);
hash = _gnutls_dsa_q_to_hash (pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ hash_len = _gnutls_hash_get_algo_len (hash);
+ if (hash_len > vdata->size)
{
gnutls_assert ();
_gnutls_debug_log("Asked to sign %d bytes with hash %s\n",
vdata->size, gnutls_mac_get_name(hash));
@@ -295,7 +297,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
ret =
_dsa_sign (&pub, &priv, NULL, rnd_func,
- vdata->size, vdata->data, &sig);
+ hash_len, vdata->data, &sig);
if (ret == 0)
{
gnutls_assert ();
@@ -426,6 +428,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
memcpy (&sig.s, tmp[1], sizeof (sig.s));
hash = _gnutls_dsa_q_to_hash (pub.q);
+
if (vdata->size != _gnutls_hash_get_algo_len (hash))
{
gnutls_assert ();
@@ -435,7 +438,10 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
if (ret == 0)
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
else
ret = 0;
diff --git a/src/certtool.c b/src/certtool.c
index 5167323..b456bf6 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -252,14 +252,18 @@ generate_private_key_int (void)
bits = get_bits (key_type);
fprintf (stderr, "Generating a %d bit %s private key...\n",
- get_bits (key_type), gnutls_pk_algorithm_get_name (key_type));
+ bits, gnutls_pk_algorithm_get_name (key_type));
if (info.quick_random == 0)
fprintf (stderr,
"This might take several minutes depending on availability of
randomness"
" in /dev/random.\n");
- ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0);
+ if (bits > 1024 && key_type == GNUTLS_PK_DSA)
+ fprintf (stderr,
+ "Note that DSA keys with size over 1024 can only be used with TLS
1.2 or later.\n\n");
+
+ ret = gnutls_x509_privkey_generate (key, key_type,bits, 0);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 54447e7..ae6a186 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -21,7 +21,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SUBDIRS = . rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2 safe-renegotiation
+ userid pathlen key-id sha2 safe-renegotiation dsa
if ENABLE_OPENPGP
SUBDIRS += openpgp-certs
diff --git a/tests/pathlen/Makefile.am b/tests/dsa/Makefile.am
similarity index 85%
copy from tests/pathlen/Makefile.am
copy to tests/dsa/Makefile.am
index bf1cd07..19f43ab 100644
--- a/tests/pathlen/Makefile.am
+++ b/tests/dsa/Makefile.am
@@ -19,10 +19,10 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem
+EXTRA_DIST = cert.dsa.1024.pem cert.dsa.2048.pem cert.dsa.3072.pem
dsa.1024.pem dsa.2048.pem dsa.3072.pem
-dist_check_SCRIPTS = pathlen
+dist_check_SCRIPTS = testdsa
-TESTS = pathlen
+TESTS = testdsa
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
diff --git a/tests/dsa/cert.dsa.1024.pem b/tests/dsa/cert.dsa.1024.pem
new file mode 100644
index 0000000..ffde3b6
--- /dev/null
+++ b/tests/dsa/cert.dsa.1024.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAxGgAwIBAgIBBzAJBgcqhkjOOAQDMGIxCzAJBgNVBAYTAkdSMRIwEAYD
+VQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQI
+EwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExhdXBlcjAeFw0xMTAzMTkwOTM2NDVa
+Fw0xMzAyMTYwOTM2NDVaMGIxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGlu
+Yy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCHc0on
+PSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXCNjmetDFkPSO2R3MkruD4
+MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6pLU4I1NWlekKUBAjQP2pl
+M3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0sPS7m+gJzXCJ6brM/y4i
+SyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9fztMLhhxLaMvygncP6DOI
+xpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWemWnGgcKSzkMStlGueW1ln
+FkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9IzhQDkxDAADgYQAAoGAD9H2
+GeDcrWnvl5vO9ENTwupJCNwxyi8ZyRLnSqkc7jL2muQ2rlwt9C9iH2/dxgXIkyj3
+fywCuhHFZ14iIKf1NXk6s4DY8ygIyUSEQYO9GtrW2Ce9XURzlhanRsN7iK9R7vSG
+UJNKs8ktFj+wA15oQrAKhzIgoMKx8vwmCKPedBOjWjBYMAwGA1UdEwEB/wQCMAAw
+GAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNVHQ8BAf8EBQMDB4AAMB0GA1Ud
+DgQWBBSnoCL+rwEPOv1vhYgslR+kUMSL+DAJBgcqhkjOOAQDAy8AMCwCFB3lEUnN
+aj8lo32cDbzEpW57/AQoAhRTSD7Wa9deWKRjLgfMlG8C3S9fkw==
+-----END CERTIFICATE-----
diff --git a/tests/dsa/cert.dsa.2048.pem b/tests/dsa/cert.dsa.2048.pem
new file mode 100644
index 0000000..2fa5a5f
--- /dev/null
+++ b/tests/dsa/cert.dsa.2048.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE/zCCBKSgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV
+BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5MzY1
+NloXDTEzMDIxNjA5MzY1NlowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g
+aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIDRzCCAjkGByqGSM44BAEwggIsAoIBAQCi
+UUKxOjIvSH80td9feC2nJ4/LHxHRMluH+VVyoNeUV9nNEPw/bXgyb4PurCeeV58U
+NZdgykYpGlQnEuCwysewpUrt+XCbQvfeBAGDCj53Hof+9eHNEpMuS0hC5dzfG8CI
+0aycUPP11Z9GteTPa2Z/c6R6ZviPAhowowNoIoXFcEeX1ga2BZ2nhwDWvNwuMbVB
+4tWXdvDWGc8gD4NZp0UcWu9Wf79VBVdQ/EuItW3qCbsepjSTmMIq3BdQ78GNZVBk
+7TWsDZ03RvWqUU7iSa4gnjEvvckxjaWvLHyR+XmU2QHl0iiG46YgBdOHWh28H71f
+bkOkk18cQhvnI0JeGe6pAiEAo3fbOghNRsds7ncGGUYdO7ZraQI4jaRO4hWUAQXv
+nu8CggEAXVxEUmcY5RbFFraJEnDB8UXZCpT3MTiH+hFMs3gS0uFLRBoB3VPtOWVv
+N2qryoiCJTdfcqe61NYBPsCuHid9Iq50uLW+3Jp/No66usJOAA0moEh2ZvTZD0ge
+uvb+BAKkeC0EuGIdfaPMY2FemZTS5GHD/JemxVC0TeB/1uxqS0dzp0ThCv1hBSQv
+8ZHA7RP7NUV2do5AZouVZCOsbObva2G3L7nDhZ4as5b0r6UFEtljTngLds47otFU
+uXXyS2/9CJQTMRRmqPlJb01QkIKvI/UUS7THcOEZopvcnkGgddEImauqxWmNkEf2
+UwuLug6VCJxDhxbinQgjjqdKbSiKqQOCAQYAAoIBAQCdXxaMhARPsbV2l4tC7hTW
+WFK7bPnWoQ8s8Lj+3qQMbPdoFQ1DFoqvzmHHvrkz4RUVcVvEj7sfOWCJc1Ns9uV9
+rNxLaPD4ws4k12UXc4rTWtTlhE0NNm7yE9bskcMnse2qrfAXUjOGupsSIpfGfD02
+VY61DK1W4fUSiszy1W4aDQFFXM8w2GJXr74ElOqZmfwZr7jZCl/9ngond82NgC8g
+r9Nd6wb1EFogAlFJPyOE9lCbTL2TSfD77Q7odWPvuJzux9sxBeGloT3AZoOPJVbw
+QoOwOztZlkxaQj5TC3DLiOSy/xLXc8KEkYcoKDnpx5O0Hu+y6zfpggEHrgkcCB9t
+o1owWDAMBgNVHRMBAf8EAjAAMBgGA1UdEQQRMA+BDW5vbmVAbm9uZS5vcmcwDwYD
+VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU0yaxv0sPrcQamskx4unRfhuHJl0wCwYJ
+YIZIAWUDBAMCA0gAMEUCIQCZDVfyCOZ/suQ//O05ym+CF8zeeopQzTk8BeRhVsGE
+MwIgHlxKUXTEtVjS9TVQXGAy7udUJM03YP1Bj7eAQXaHiP0=
+-----END CERTIFICATE-----
diff --git a/tests/dsa/cert.dsa.3072.pem b/tests/dsa/cert.dsa.3072.pem
new file mode 100644
index 0000000..d7f89e6
--- /dev/null
+++ b/tests/dsa/cert.dsa.3072.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBiOgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV
+BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5Mzcx
+MVoXDTEzMDIxNjA5MzcxMVowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g
+aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIExjCCAzkGByqGSM44BAEwggMsAoIBgQCE
+H2+8EXX8Bs8D50phIndqugwyxZJusN3luAhf7Bkc5YCH8klfBan6zB5c+XC/CCWx
+QpsDE7rhbG/zOXO6Jk2Z9DKSisbheFRW0IpISPXqFrwwXLC1ZRiAfNR0nluLprnN
+6SCWIMV/PyHVHrPOMYMpV03PBkNURU8iwP3mTD06ilI0AQBkcflw709Ljj7V1ayz
+UAvYMTJ8wxsq7OqTKXUr14XaziP+Wbhk5kaj1jDuEbUNpHjdifYkD7IrO7Sxxd1t
+lrOJLJ4U9IFTzQ+CUzBrD5IqC5A4QZlhTfVupe3rxLxtGqu24W+p54AtJrLzOayR
+6invsnNYS7hHxISRZm948d+GcxqXHLhF1dEKKxQiKonW7wzVE/3pHu372czJ8P3V
+/BLCoaRFZKvt061gziluFJU4d8FpO4O3u0aUYqBf99LTImvv7VNaZ/EHHccSUb/S
+Ti/YLrit1848wP89ouDKdJyWWTJLAxuNfc3s4DPkv4xrbpBMMnPX57DkQiGNmhUC
+IQCSfYDnitbQRwMDhEKqqWMc5k364ppkUTGaaeA+o4DMCQKCAYBlbDF8CN9LIO2D
+fVAGBAZeYN4yJZuACJTXD56ZFgRMATXt6vhOIJDEWIo0+9Zl9wIlKOVDQnubzwI2
+li5xSvgmu9/qpksDU3Yd9OAw/Ni5qFelbU7aqfkczAsDPZkWleo1zNTKX2S64jmn
+jkY/Cxst1VCpmei7kcu1nllxUNCz5dAjHE5vkDNdfXzYU68MpBoEqmkO1jRIRIjk
+cNqMJd2te28pRcLS+uWXaUDYLayOEJNVCUmTo0FaxOvG3rRgQXUtw9BQJrRte6ig
+R3vdOT4WeqlhF0KJKZ46h3Mm6aiDgmQftRl7ml0gjrpOjmbDI/ettbGV3WBJ2ib+
+WDsGmkRjozpj7bwhffwpZEdSD7Wpeqemf8f4KQsacOwnYxqojScZ+g9y1P3TeCyd
+6+TFe7zE/a8a52129Dm85jmUWEkZ+L+3PwE0yccaaNCenK0Yjxv414OM4AMZZ/AN
+vBJK1rX3aFcwWaPvmuyU0j6gu6uhFwlvbw1U2mj8/fTOdO/vhxQDggGFAAKCAYAU
+qnAgGuLNJxfdcIBhP0flKntaaVZdC9BlMUjkU4na0knvxLlGvTFVbre6Pxzh28Er
+Qn0MXkL9Nim1aLoN0Qf2OKKtdPyUqsItKbxp11oJkKdfypFB7hTY31vfzwyJvMY5
+h8bVERDCBbAeIC8K22YhC8Z8beObBO2Cq6akxoOaFMK9CSB1tfD8R1kwWIdAU6XT
+Le6IYlIT+/eO2cgirdKqZAU+wfIYzGOc+ssZlPB8celicXUMWEcNJzyof1UBuJtQ
+nFOHp5jzt3k+L82OgcixJheizkRgIsEFo6whgEAgZgltelkaX34N0U1QOlmaBjk7
+Ra23tSg5IrcxOGojB9AEnLLWbfs+LYOmOugwRNTFTLXHIQaCyI08gs9hOytLrto0
+emzb1u64QmSkpIVl2cESmhqI54dwkFAPnBDSISBfhPw8ya9TPMxZXj60+MNfxN8k
+B4AjS6wwBk6dBkD/dAVVbWksfcvLoR2rVcp6ZLzqJw6NngQPL94++bJ1r2OxzQmj
+WjBYMAwGA1UdEwEB/wQCMAAwGAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNV
+HQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQxegyJIDYgadVaqBrO81tT291/mzALBglg
+hkgBZQMEAwIDRwAwRAIgepYDoITa8WjRzLdTd0TXI+Q3ZXnU4jw41twfr6qrOgsC
+IGhtDkXsPybKVFTuRt1I3b84xbBeDFKj1H6n3UByZx5M
+-----END CERTIFICATE-----
diff --git a/tests/dsa/dsa.1024.pem b/tests/dsa/dsa.1024.pem
new file mode 100644
index 0000000..3e0c103
--- /dev/null
+++ b/tests/dsa/dsa.1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCHc0onPSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXC
+NjmetDFkPSO2R3MkruD4MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6p
+LU4I1NWlekKUBAjQP2plM3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0
+sPS7m+gJzXCJ6brM/y4iSyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9f
+ztMLhhxLaMvygncP6DOIxpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWem
+WnGgcKSzkMStlGueW1lnFkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9Izh
+QDkxDAACgYAP0fYZ4Nytae+Xm870Q1PC6kkI3DHKLxnJEudKqRzuMvaa5DauXC30
+L2Ifb93GBciTKPd/LAK6EcVnXiIgp/U1eTqzgNjzKAjJRIRBg70a2tbYJ71dRHOW
+FqdGw3uIr1Hu9IZQk0qzyS0WP7ADXmhCsAqHMiCgwrHy/CYIo950EwIUErkN0hjz
+Mf7Jz8+drwf9tboRi44=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/dsa/dsa.2048.pem b/tests/dsa/dsa.2048.pem
new file mode 100644
index 0000000..12d8e0e
--- /dev/null
+++ b/tests/dsa/dsa.2048.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEAolFCsToyL0h/NLXfX3gtpyePyx8R0TJbh/lVcqDXlFfZzRD8
+P214Mm+D7qwnnlefFDWXYMpGKRpUJxLgsMrHsKVK7flwm0L33gQBgwo+dx6H/vXh
+zRKTLktIQuXc3xvAiNGsnFDz9dWfRrXkz2tmf3Okemb4jwIaMKMDaCKFxXBHl9YG
+tgWdp4cA1rzcLjG1QeLVl3bw1hnPIA+DWadFHFrvVn+/VQVXUPxLiLVt6gm7HqY0
+k5jCKtwXUO/BjWVQZO01rA2dN0b1qlFO4kmuIJ4xL73JMY2lryx8kfl5lNkB5dIo
+huOmIAXTh1odvB+9X25DpJNfHEIb5yNCXhnuqQIhAKN32zoITUbHbO53BhlGHTu2
+a2kCOI2kTuIVlAEF757vAoIBAF1cRFJnGOUWxRa2iRJwwfFF2QqU9zE4h/oRTLN4
+EtLhS0QaAd1T7Tllbzdqq8qIgiU3X3KnutTWAT7Arh4nfSKudLi1vtyafzaOurrC
+TgANJqBIdmb02Q9IHrr2/gQCpHgtBLhiHX2jzGNhXpmU0uRhw/yXpsVQtE3gf9bs
+aktHc6dE4Qr9YQUkL/GRwO0T+zVFdnaOQGaLlWQjrGzm72thty+5w4WeGrOW9K+l
+BRLZY054C3bOO6LRVLl18ktv/QiUEzEUZqj5SW9NUJCCryP1FEu0x3DhGaKb3J5B
+oHXRCJmrqsVpjZBH9lMLi7oOlQicQ4cW4p0II46nSm0oiqkCggEBAJ1fFoyEBE+x
+tXaXi0LuFNZYUrts+dahDyzwuP7epAxs92gVDUMWiq/OYce+uTPhFRVxW8SPux85
+YIlzU2z25X2s3Eto8PjCziTXZRdzitNa1OWETQ02bvIT1uyRwyex7aqt8BdSM4a6
+mxIil8Z8PTZVjrUMrVbh9RKKzPLVbhoNAUVczzDYYlevvgSU6pmZ/BmvuNkKX/2e
+Cid3zY2ALyCv013rBvUQWiACUUk/I4T2UJtMvZNJ8PvtDuh1Y++4nO7H2zEF4aWh
+PcBmg48lVvBCg7A7O1mWTFpCPlMLcMuI5LL/EtdzwoSRhygoOenHk7Qe77LrN+mC
+AQeuCRwIH20CIAXRwOQ8I5w/YrXm/RqrMIKyQVBT7qNtaSs10TDDFMp6
+-----END DSA PRIVATE KEY-----
diff --git a/tests/dsa/dsa.3072.pem b/tests/dsa/dsa.3072.pem
new file mode 100644
index 0000000..103e4c1
--- /dev/null
+++ b/tests/dsa/dsa.3072.pem
@@ -0,0 +1,28 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIE1QIBAAKCAYEAhB9vvBF1/AbPA+dKYSJ3aroMMsWSbrDd5bgIX+wZHOWAh/JJ
+XwWp+sweXPlwvwglsUKbAxO64Wxv8zlzuiZNmfQykorG4XhUVtCKSEj16ha8MFyw
+tWUYgHzUdJ5bi6a5zekgliDFfz8h1R6zzjGDKVdNzwZDVEVPIsD95kw9OopSNAEA
+ZHH5cO9PS44+1dWss1AL2DEyfMMbKuzqkyl1K9eF2s4j/lm4ZOZGo9Yw7hG1DaR4
+3Yn2JA+yKzu0scXdbZaziSyeFPSBU80PglMwaw+SKguQOEGZYU31bqXt68S8bRqr
+tuFvqeeALSay8zmskeop77JzWEu4R8SEkWZvePHfhnMalxy4RdXRCisUIiqJ1u8M
+1RP96R7t+9nMyfD91fwSwqGkRWSr7dOtYM4pbhSVOHfBaTuDt7tGlGKgX/fS0yJr
+7+1TWmfxBx3HElG/0k4v2C64rdfOPMD/PaLgynScllkySwMbjX3N7OAz5L+Ma26Q
+TDJz1+ew5EIhjZoVAiEAkn2A54rW0EcDA4RCqqljHOZN+uKaZFExmmngPqOAzAkC
+ggGAZWwxfAjfSyDtg31QBgQGXmDeMiWbgAiU1w+emRYETAE17er4TiCQxFiKNPvW
+ZfcCJSjlQ0J7m88CNpYucUr4Jrvf6qZLA1N2HfTgMPzYuahXpW1O2qn5HMwLAz2Z
+FpXqNczUyl9kuuI5p45GPwsbLdVQqZnou5HLtZ5ZcVDQs+XQIxxOb5AzXX182FOv
+DKQaBKppDtY0SESI5HDajCXdrXtvKUXC0vrll2lA2C2sjhCTVQlJk6NBWsTrxt60
+YEF1LcPQUCa0bXuooEd73Tk+FnqpYRdCiSmeOodzJumog4JkH7UZe5pdII66To5m
+wyP3rbWxld1gSdom/lg7BppEY6M6Y+28IX38KWRHUg+1qXqnpn/H+CkLGnDsJ2Ma
+qI0nGfoPctT903gsnevkxXu8xP2vGudtdvQ5vOY5lFhJGfi/tz8BNMnHGmjQnpyt
+GI8b+NeDjOADGWfwDbwSSta192hXMFmj75rslNI+oLuroRcJb28NVNpo/P30znTv
+74cUAoIBgBSqcCAa4s0nF91wgGE/R+Uqe1ppVl0L0GUxSORTidrSSe/EuUa9MVVu
+t7o/HOHbwStCfQxeQv02KbVoug3RB/Y4oq10/JSqwi0pvGnXWgmQp1/KkUHuFNjf
+W9/PDIm8xjmHxtUREMIFsB4gLwrbZiELxnxt45sE7YKrpqTGg5oUwr0JIHW18PxH
+WTBYh0BTpdMt7ohiUhP7947ZyCKt0qpkBT7B8hjMY5z6yxmU8Hxx6WJxdQxYRw0n
+PKh/VQG4m1CcU4enmPO3eT4vzY6ByLEmF6LORGAiwQWjrCGAQCBmCW16WRpffg3R
+TVA6WZoGOTtFrbe1KDkitzE4aiMH0AScstZt+z4tg6Y66DBE1MVMtcchBoLIjTyC
+z2E7K0uu2jR6bNvW7rhCZKSkhWXZwRKaGojnh3CQUA+cENIhIF+E/DzJr1M8zFle
+PrT4w1/E3yQHgCNLrDAGTp0GQP90BVVtaSx9y8uhHatVynpkvOonDo2eBA8v3j75
+snWvY7HNCQIgZCJrP4CDBTRT9pNL4+Gc/wfiKVEF55YcG09uT77u30M=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa
new file mode 100755
index 0000000..239c4e2
--- /dev/null
+++ b/tests/dsa/testdsa
@@ -0,0 +1,127 @@
+#!/bin/bash
+
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+SERV="${SERV:-../../src/gnutls-serv} -q"
+CLI="${CLI:-../../src/gnutls-cli}"
+PORT="${PORT:-5559}"
+unset RETCODE
+
+fail() {
+ echo "Failure: $1" >&2
+ exit 1
+}
+
+echo "Checking various DSA key sizes"
+
+# DSA 1024 + TLS 1.0
+
+echo "Checking DSA-1024 with TLS 1.0"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+
+kill %1
+wait
+
+# DSA 1024 + TLS 1.2
+
+echo "Checking DSA-1024 with TLS 1.2"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile
$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+
+kill %1
+wait
+
+# DSA 2048 + TLS 1.0
+
+echo "Checking DSA-2048 with TLS 1.0"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null && \
+ fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should
have failed!"
+
+kill %1
+wait
+
+# DSA 2048 + TLS 1.2
+
+echo "Checking DSA-2048 with TLS 1.2"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile
$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+
+kill %1
+wait
+
+# DSA 3072 + TLS 1.0
+
+echo "Checking DSA-3072 with TLS 1.0"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null && \
+ fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should
have failed!"
+
+kill %1
+wait
+
+# DSA 3072 + TLS 1.2
+
+echo "Checking DSA-3072 with TLS 1.2"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile
$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+
+kill %1
+wait
+
+exit 0
+
diff --git a/tests/suite/Makefile.in b/tests/suite/Makefile.in
index 6d60990..4946ec5 100644
--- a/tests/suite/Makefile.in
+++ b/tests/suite/Makefile.in
@@ -669,6 +669,9 @@ LTLIBTASN1 = @LTLIBTASN1@
LT_AGE = @LT_AGE@
LT_CURRENT = @LT_CURRENT@
LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
LZO_LIBS = @LZO_LIBS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-324-gad2061d,
Nikos Mavrogiannopoulos <=