[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-31-gc90c2
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-31-gc90c268 |
|
Date: |
Sat, 19 Mar 2011 11:31:31 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c90c2683c764f03e77becda780a476ea5eaa0928
The branch, gnutls_2_12_x has been updated
via c90c2683c764f03e77becda780a476ea5eaa0928 (commit)
via 1f58661615d6b09f6406b0759f2491305c882443 (commit)
via 430d9ae89b63200c91ed9ea098f1f36f494224aa (commit)
via 6143dc135c25c921ef0fa2a6df92e9cb8ce27241 (commit)
via 54ff765c05e88103d39edf79dada728896a3184e (commit)
via ccdb0059b8a43e8e15b2380e8003e95236cabfa6 (commit)
via 7f859555f59b7c36f85afb0fdb74facbd47caeda (commit)
from d2e040aa02633387caddcad1cf7b1e6eb7c0e913 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c90c2683c764f03e77becda780a476ea5eaa0928
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:29:55 2011 +0100
typo
commit 1f58661615d6b09f6406b0759f2491305c882443
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:27:07 2011 +0100
make gnutls-cli more quiet.
commit 430d9ae89b63200c91ed9ea098f1f36f494224aa
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:25:32 2011 +0100
documented changes.
commit 6143dc135c25c921ef0fa2a6df92e9cb8ce27241
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:15:42 2011 +0100
Added test to verify connections with DSA keys of various sizes.
commit 54ff765c05e88103d39edf79dada728896a3184e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:07:51 2011 +0100
Return a special error code if DSA keys with over 1024 are being used with
TLS 1.x, x<2.
commit ccdb0059b8a43e8e15b2380e8003e95236cabfa6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:15:22 2011 +0100
warn on generation of DSA keys of over 1024 bits.
commit 7f859555f59b7c36f85afb0fdb74facbd47caeda
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Mar 19 12:04:54 2011 +0100
truncate hash size when asking to sign or verify DSA with a longer hash.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 ++-
configure.ac | 1 +
lib/gnutls_alert.c | 1 +
lib/gnutls_errors.c | 2 +
lib/gnutls_sig.c | 17 ++---
lib/includes/gnutls/gnutls.h.in | 1 +
lib/nettle/pk.c | 12 +++-
src/certtool.c | 8 ++-
tests/Makefile.am | 2 +-
tests/{pathlen => dsa}/Makefile.am | 6 +-
tests/dsa/cert.dsa.1024.pem | 20 ++++++
tests/dsa/cert.dsa.2048.pem | 29 ++++++++
tests/dsa/cert.dsa.3072.pem | 37 +++++++++++
tests/dsa/dsa.1024.pem | 12 ++++
tests/dsa/dsa.2048.pem | 20 ++++++
tests/dsa/dsa.3072.pem | 28 ++++++++
tests/dsa/testdsa | 127 ++++++++++++++++++++++++++++++++++++
tests/suite/Makefile.in | 3 +
18 files changed, 316 insertions(+), 19 deletions(-)
copy tests/{pathlen => dsa}/Makefile.am (85%)
create mode 100644 tests/dsa/cert.dsa.1024.pem
create mode 100644 tests/dsa/cert.dsa.2048.pem
create mode 100644 tests/dsa/cert.dsa.3072.pem
create mode 100644 tests/dsa/dsa.1024.pem
create mode 100644 tests/dsa/dsa.2048.pem
create mode 100644 tests/dsa/dsa.3072.pem
create mode 100755 tests/dsa/testdsa
diff --git a/NEWS b/NEWS
index 3a9b5de..1e8368a 100644
--- a/NEWS
+++ b/NEWS
@@ -5,13 +5,20 @@ See the end for copying conditions.
* Version 2.xx.y (unreleased)
+** certtool: Warns on generation of DSA keys of over 1024 bits, about
+the incompatibility with TLS other than 1.2.
+
+** libgnutls: Instead of failing with internal error, return
+GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA
+key with the negotiated protocol is encountered.
+
** libgnutls: Bug fixes in the RSA ciphersuite behavior with openpgp keys.
** libgnutls: Force state update when fork is detected in the nettle
rng.
** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred
-subkey instead of setting explitly one.
+subkey instead of setting explicitly one.
** libgnutls: Corrected default behavior in record version of Client Hellos.
diff --git a/configure.ac b/configure.ac
index 7ae0758..42e2b31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -282,6 +282,7 @@ AC_CONFIG_FILES([
src/cfg/platon/str/Makefile
tests/Makefile
tests/key-id/Makefile
+ tests/dsa/Makefile
tests/openpgp-certs/Makefile
tests/safe-renegotiation/Makefile
tests/pathlen/Makefile
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index 2f65d19..affdff2 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -209,6 +209,7 @@ gnutls_error_to_alert (int err, int *level)
case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
+ case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
ret = GNUTLS_A_HANDSHAKE_FAILURE;
_level = GNUTLS_AL_FATAL;
break;
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 1e297c0..137a590 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -92,6 +92,8 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
ERROR_ENTRY (N_("The peer did not send any certificate."),
GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+ ERROR_ENTRY (N_("The given DSA key is incompatible with the selected TLS
protocol."),
+ GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 2c195b9..3e72a68 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -65,16 +65,15 @@ int ret;
if (cert->subject_pk_algorithm == GNUTLS_PK_DSA)
{ /* override */
- if (!_gnutls_version_has_selectable_sighash (version))
- *hash_algo = GNUTLS_DIG_SHA1;
- else
- {
- *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
+ *hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
- ret = _gnutls_session_sign_algo_requested(session,
_gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
- if (ret < 0)
- return gnutls_assert_val(ret);
- }
+ /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
+ if (!_gnutls_version_has_selectable_sighash (version) && *hash_algo !=
GNUTLS_DIG_SHA1)
+ return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+
+ ret = _gnutls_session_sign_algo_requested(session,
_gnutls_x509_pk_to_sign (GNUTLS_PK_DSA, *hash_algo));
+ if (ret < 0)
+ return gnutls_assert_val(ret);
}
else
{
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index faa3390..ee5da9e 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1730,6 +1730,7 @@ extern "C"
#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
+#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
/* PKCS11 related */
#define GNUTLS_E_PKCS11_ERROR -300
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 001b9b2..5a57b14 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -276,6 +276,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
struct dsa_public_key pub;
struct dsa_private_key priv;
struct dsa_signature sig;
+ int hash_len;
dsa_public_key_init (&pub);
dsa_private_key_init (&priv);
@@ -285,7 +286,8 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
dsa_signature_init (&sig);
hash = _gnutls_dsa_q_to_hash (pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ hash_len = _gnutls_hash_get_algo_len (hash);
+ if (hash_len > vdata->size)
{
gnutls_assert ();
ret = GNUTLS_E_PK_SIGN_FAILED;
@@ -294,7 +296,7 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
ret =
_dsa_sign (&pub, &priv, NULL, rnd_func,
- vdata->size, vdata->data, &sig);
+ hash_len, vdata->data, &sig);
if (ret == 0)
{
gnutls_assert ();
@@ -425,6 +427,7 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
memcpy (&sig.s, tmp[1], sizeof (sig.s));
hash = _gnutls_dsa_q_to_hash (pub.q);
+
if (vdata->size != _gnutls_hash_get_algo_len (hash))
{
gnutls_assert ();
@@ -434,7 +437,10 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
if (ret == 0)
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
else
ret = 0;
diff --git a/src/certtool.c b/src/certtool.c
index b312fca..9da4318 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -251,14 +251,18 @@ generate_private_key_int (void)
bits = get_bits (key_type);
fprintf (stderr, "Generating a %d bit %s private key...\n",
- get_bits (key_type), gnutls_pk_algorithm_get_name (key_type));
+ bits, gnutls_pk_algorithm_get_name (key_type));
if (info.quick_random == 0)
fprintf (stderr,
"This might take several minutes depending on availability of
randomness"
" in /dev/random.\n");
- ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0);
+ if (bits > 1024 && key_type == GNUTLS_PK_DSA)
+ fprintf (stderr,
+ "Note that DSA keys with size over 1024 can only be used with TLS
1.2 or later.\n\n");
+
+ ret = gnutls_x509_privkey_generate (key, key_type,bits, 0);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_generate: %s", gnutls_strerror (ret));
diff --git a/tests/Makefile.am b/tests/Makefile.am
index cd6e4d1..22f70e2 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -21,7 +21,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SUBDIRS = . rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2 safe-renegotiation
+ userid pathlen key-id sha2 safe-renegotiation dsa
if ENABLE_OPENPGP
SUBDIRS += openpgp-certs
diff --git a/tests/pathlen/Makefile.am b/tests/dsa/Makefile.am
similarity index 85%
copy from tests/pathlen/Makefile.am
copy to tests/dsa/Makefile.am
index bf1cd07..19f43ab 100644
--- a/tests/pathlen/Makefile.am
+++ b/tests/dsa/Makefile.am
@@ -19,10 +19,10 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem
+EXTRA_DIST = cert.dsa.1024.pem cert.dsa.2048.pem cert.dsa.3072.pem
dsa.1024.pem dsa.2048.pem dsa.3072.pem
-dist_check_SCRIPTS = pathlen
+dist_check_SCRIPTS = testdsa
-TESTS = pathlen
+TESTS = testdsa
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
diff --git a/tests/dsa/cert.dsa.1024.pem b/tests/dsa/cert.dsa.1024.pem
new file mode 100644
index 0000000..ffde3b6
--- /dev/null
+++ b/tests/dsa/cert.dsa.1024.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAxGgAwIBAgIBBzAJBgcqhkjOOAQDMGIxCzAJBgNVBAYTAkdSMRIwEAYD
+VQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQI
+EwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExhdXBlcjAeFw0xMTAzMTkwOTM2NDVa
+Fw0xMzAyMTYwOTM2NDVaMGIxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGlu
+Yy4xFzAVBgNVBAsTDnNsZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTAT
+BgNVBAMTDENpbmR5IExhdXBlcjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCHc0on
+PSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXCNjmetDFkPSO2R3MkruD4
+MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6pLU4I1NWlekKUBAjQP2pl
+M3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0sPS7m+gJzXCJ6brM/y4i
+SyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9fztMLhhxLaMvygncP6DOI
+xpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWemWnGgcKSzkMStlGueW1ln
+FkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9IzhQDkxDAADgYQAAoGAD9H2
+GeDcrWnvl5vO9ENTwupJCNwxyi8ZyRLnSqkc7jL2muQ2rlwt9C9iH2/dxgXIkyj3
+fywCuhHFZ14iIKf1NXk6s4DY8ygIyUSEQYO9GtrW2Ce9XURzlhanRsN7iK9R7vSG
+UJNKs8ktFj+wA15oQrAKhzIgoMKx8vwmCKPedBOjWjBYMAwGA1UdEwEB/wQCMAAw
+GAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNVHQ8BAf8EBQMDB4AAMB0GA1Ud
+DgQWBBSnoCL+rwEPOv1vhYgslR+kUMSL+DAJBgcqhkjOOAQDAy8AMCwCFB3lEUnN
+aj8lo32cDbzEpW57/AQoAhRTSD7Wa9deWKRjLgfMlG8C3S9fkw==
+-----END CERTIFICATE-----
diff --git a/tests/dsa/cert.dsa.2048.pem b/tests/dsa/cert.dsa.2048.pem
new file mode 100644
index 0000000..2fa5a5f
--- /dev/null
+++ b/tests/dsa/cert.dsa.2048.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE/zCCBKSgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV
+BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5MzY1
+NloXDTEzMDIxNjA5MzY1NlowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g
+aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIDRzCCAjkGByqGSM44BAEwggIsAoIBAQCi
+UUKxOjIvSH80td9feC2nJ4/LHxHRMluH+VVyoNeUV9nNEPw/bXgyb4PurCeeV58U
+NZdgykYpGlQnEuCwysewpUrt+XCbQvfeBAGDCj53Hof+9eHNEpMuS0hC5dzfG8CI
+0aycUPP11Z9GteTPa2Z/c6R6ZviPAhowowNoIoXFcEeX1ga2BZ2nhwDWvNwuMbVB
+4tWXdvDWGc8gD4NZp0UcWu9Wf79VBVdQ/EuItW3qCbsepjSTmMIq3BdQ78GNZVBk
+7TWsDZ03RvWqUU7iSa4gnjEvvckxjaWvLHyR+XmU2QHl0iiG46YgBdOHWh28H71f
+bkOkk18cQhvnI0JeGe6pAiEAo3fbOghNRsds7ncGGUYdO7ZraQI4jaRO4hWUAQXv
+nu8CggEAXVxEUmcY5RbFFraJEnDB8UXZCpT3MTiH+hFMs3gS0uFLRBoB3VPtOWVv
+N2qryoiCJTdfcqe61NYBPsCuHid9Iq50uLW+3Jp/No66usJOAA0moEh2ZvTZD0ge
+uvb+BAKkeC0EuGIdfaPMY2FemZTS5GHD/JemxVC0TeB/1uxqS0dzp0ThCv1hBSQv
+8ZHA7RP7NUV2do5AZouVZCOsbObva2G3L7nDhZ4as5b0r6UFEtljTngLds47otFU
+uXXyS2/9CJQTMRRmqPlJb01QkIKvI/UUS7THcOEZopvcnkGgddEImauqxWmNkEf2
+UwuLug6VCJxDhxbinQgjjqdKbSiKqQOCAQYAAoIBAQCdXxaMhARPsbV2l4tC7hTW
+WFK7bPnWoQ8s8Lj+3qQMbPdoFQ1DFoqvzmHHvrkz4RUVcVvEj7sfOWCJc1Ns9uV9
+rNxLaPD4ws4k12UXc4rTWtTlhE0NNm7yE9bskcMnse2qrfAXUjOGupsSIpfGfD02
+VY61DK1W4fUSiszy1W4aDQFFXM8w2GJXr74ElOqZmfwZr7jZCl/9ngond82NgC8g
+r9Nd6wb1EFogAlFJPyOE9lCbTL2TSfD77Q7odWPvuJzux9sxBeGloT3AZoOPJVbw
+QoOwOztZlkxaQj5TC3DLiOSy/xLXc8KEkYcoKDnpx5O0Hu+y6zfpggEHrgkcCB9t
+o1owWDAMBgNVHRMBAf8EAjAAMBgGA1UdEQQRMA+BDW5vbmVAbm9uZS5vcmcwDwYD
+VR0PAQH/BAUDAweAADAdBgNVHQ4EFgQU0yaxv0sPrcQamskx4unRfhuHJl0wCwYJ
+YIZIAWUDBAMCA0gAMEUCIQCZDVfyCOZ/suQ//O05ym+CF8zeeopQzTk8BeRhVsGE
+MwIgHlxKUXTEtVjS9TVQXGAy7udUJM03YP1Bj7eAQXaHiP0=
+-----END CERTIFICATE-----
diff --git a/tests/dsa/cert.dsa.3072.pem b/tests/dsa/cert.dsa.3072.pem
new file mode 100644
index 0000000..d7f89e6
--- /dev/null
+++ b/tests/dsa/cert.dsa.3072.pem
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGfTCCBiOgAwIBAgIBBzALBglghkgBZQMEAwIwYjELMAkGA1UEBhMCR1IxEjAQ
+BgNVBAoTCUtva28gaW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNV
+BAgTBkF0dGlraTEVMBMGA1UEAxMMQ2luZHkgTGF1cGVyMB4XDTExMDMxOTA5Mzcx
+MVoXDTEzMDIxNjA5MzcxMVowYjELMAkGA1UEBhMCR1IxEjAQBgNVBAoTCUtva28g
+aW5jLjEXMBUGA1UECxMOc2xlZXBpbmcgZGVwdC4xDzANBgNVBAgTBkF0dGlraTEV
+MBMGA1UEAxMMQ2luZHkgTGF1cGVyMIIExjCCAzkGByqGSM44BAEwggMsAoIBgQCE
+H2+8EXX8Bs8D50phIndqugwyxZJusN3luAhf7Bkc5YCH8klfBan6zB5c+XC/CCWx
+QpsDE7rhbG/zOXO6Jk2Z9DKSisbheFRW0IpISPXqFrwwXLC1ZRiAfNR0nluLprnN
+6SCWIMV/PyHVHrPOMYMpV03PBkNURU8iwP3mTD06ilI0AQBkcflw709Ljj7V1ayz
+UAvYMTJ8wxsq7OqTKXUr14XaziP+Wbhk5kaj1jDuEbUNpHjdifYkD7IrO7Sxxd1t
+lrOJLJ4U9IFTzQ+CUzBrD5IqC5A4QZlhTfVupe3rxLxtGqu24W+p54AtJrLzOayR
+6invsnNYS7hHxISRZm948d+GcxqXHLhF1dEKKxQiKonW7wzVE/3pHu372czJ8P3V
+/BLCoaRFZKvt061gziluFJU4d8FpO4O3u0aUYqBf99LTImvv7VNaZ/EHHccSUb/S
+Ti/YLrit1848wP89ouDKdJyWWTJLAxuNfc3s4DPkv4xrbpBMMnPX57DkQiGNmhUC
+IQCSfYDnitbQRwMDhEKqqWMc5k364ppkUTGaaeA+o4DMCQKCAYBlbDF8CN9LIO2D
+fVAGBAZeYN4yJZuACJTXD56ZFgRMATXt6vhOIJDEWIo0+9Zl9wIlKOVDQnubzwI2
+li5xSvgmu9/qpksDU3Yd9OAw/Ni5qFelbU7aqfkczAsDPZkWleo1zNTKX2S64jmn
+jkY/Cxst1VCpmei7kcu1nllxUNCz5dAjHE5vkDNdfXzYU68MpBoEqmkO1jRIRIjk
+cNqMJd2te28pRcLS+uWXaUDYLayOEJNVCUmTo0FaxOvG3rRgQXUtw9BQJrRte6ig
+R3vdOT4WeqlhF0KJKZ46h3Mm6aiDgmQftRl7ml0gjrpOjmbDI/ettbGV3WBJ2ib+
+WDsGmkRjozpj7bwhffwpZEdSD7Wpeqemf8f4KQsacOwnYxqojScZ+g9y1P3TeCyd
+6+TFe7zE/a8a52129Dm85jmUWEkZ+L+3PwE0yccaaNCenK0Yjxv414OM4AMZZ/AN
+vBJK1rX3aFcwWaPvmuyU0j6gu6uhFwlvbw1U2mj8/fTOdO/vhxQDggGFAAKCAYAU
+qnAgGuLNJxfdcIBhP0flKntaaVZdC9BlMUjkU4na0knvxLlGvTFVbre6Pxzh28Er
+Qn0MXkL9Nim1aLoN0Qf2OKKtdPyUqsItKbxp11oJkKdfypFB7hTY31vfzwyJvMY5
+h8bVERDCBbAeIC8K22YhC8Z8beObBO2Cq6akxoOaFMK9CSB1tfD8R1kwWIdAU6XT
+Le6IYlIT+/eO2cgirdKqZAU+wfIYzGOc+ssZlPB8celicXUMWEcNJzyof1UBuJtQ
+nFOHp5jzt3k+L82OgcixJheizkRgIsEFo6whgEAgZgltelkaX34N0U1QOlmaBjk7
+Ra23tSg5IrcxOGojB9AEnLLWbfs+LYOmOugwRNTFTLXHIQaCyI08gs9hOytLrto0
+emzb1u64QmSkpIVl2cESmhqI54dwkFAPnBDSISBfhPw8ya9TPMxZXj60+MNfxN8k
+B4AjS6wwBk6dBkD/dAVVbWksfcvLoR2rVcp6ZLzqJw6NngQPL94++bJ1r2OxzQmj
+WjBYMAwGA1UdEwEB/wQCMAAwGAYDVR0RBBEwD4ENbm9uZUBub25lLm9yZzAPBgNV
+HQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQxegyJIDYgadVaqBrO81tT291/mzALBglg
+hkgBZQMEAwIDRwAwRAIgepYDoITa8WjRzLdTd0TXI+Q3ZXnU4jw41twfr6qrOgsC
+IGhtDkXsPybKVFTuRt1I3b84xbBeDFKj1H6n3UByZx5M
+-----END CERTIFICATE-----
diff --git a/tests/dsa/dsa.1024.pem b/tests/dsa/dsa.1024.pem
new file mode 100644
index 0000000..3e0c103
--- /dev/null
+++ b/tests/dsa/dsa.1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCHc0onPSpqqR3lE69+wLgJJ4LISkPPLwxbPnO1mSJNnjhvucXC
+NjmetDFkPSO2R3MkruD4MCLkKlvIEnIhH8pG32R7GNHLubIp/qcjRJ7NXtS5cG6p
+LU4I1NWlekKUBAjQP2plM3U81Ut3JM39qGYZTM8NPGH0uWTIFn8PpVEzUwIVAIW0
+sPS7m+gJzXCJ6brM/y4iSyzxAoGAZOMeOwOLp3iOcd5AjbXkdDIBSggMQeHbkD9f
+ztMLhhxLaMvygncP6DOIxpmC1LU+APB+DSqyIwhm2ag0Fuo7QYpF4nzZGeX7VWem
+WnGgcKSzkMStlGueW1lnFkrUcRk8H8IksuZtxiNSgDMvPsxRxLx9m1pulbNI9Izh
+QDkxDAACgYAP0fYZ4Nytae+Xm870Q1PC6kkI3DHKLxnJEudKqRzuMvaa5DauXC30
+L2Ifb93GBciTKPd/LAK6EcVnXiIgp/U1eTqzgNjzKAjJRIRBg70a2tbYJ71dRHOW
+FqdGw3uIr1Hu9IZQk0qzyS0WP7ADXmhCsAqHMiCgwrHy/CYIo950EwIUErkN0hjz
+Mf7Jz8+drwf9tboRi44=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/dsa/dsa.2048.pem b/tests/dsa/dsa.2048.pem
new file mode 100644
index 0000000..12d8e0e
--- /dev/null
+++ b/tests/dsa/dsa.2048.pem
@@ -0,0 +1,20 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIDVgIBAAKCAQEAolFCsToyL0h/NLXfX3gtpyePyx8R0TJbh/lVcqDXlFfZzRD8
+P214Mm+D7qwnnlefFDWXYMpGKRpUJxLgsMrHsKVK7flwm0L33gQBgwo+dx6H/vXh
+zRKTLktIQuXc3xvAiNGsnFDz9dWfRrXkz2tmf3Okemb4jwIaMKMDaCKFxXBHl9YG
+tgWdp4cA1rzcLjG1QeLVl3bw1hnPIA+DWadFHFrvVn+/VQVXUPxLiLVt6gm7HqY0
+k5jCKtwXUO/BjWVQZO01rA2dN0b1qlFO4kmuIJ4xL73JMY2lryx8kfl5lNkB5dIo
+huOmIAXTh1odvB+9X25DpJNfHEIb5yNCXhnuqQIhAKN32zoITUbHbO53BhlGHTu2
+a2kCOI2kTuIVlAEF757vAoIBAF1cRFJnGOUWxRa2iRJwwfFF2QqU9zE4h/oRTLN4
+EtLhS0QaAd1T7Tllbzdqq8qIgiU3X3KnutTWAT7Arh4nfSKudLi1vtyafzaOurrC
+TgANJqBIdmb02Q9IHrr2/gQCpHgtBLhiHX2jzGNhXpmU0uRhw/yXpsVQtE3gf9bs
+aktHc6dE4Qr9YQUkL/GRwO0T+zVFdnaOQGaLlWQjrGzm72thty+5w4WeGrOW9K+l
+BRLZY054C3bOO6LRVLl18ktv/QiUEzEUZqj5SW9NUJCCryP1FEu0x3DhGaKb3J5B
+oHXRCJmrqsVpjZBH9lMLi7oOlQicQ4cW4p0II46nSm0oiqkCggEBAJ1fFoyEBE+x
+tXaXi0LuFNZYUrts+dahDyzwuP7epAxs92gVDUMWiq/OYce+uTPhFRVxW8SPux85
+YIlzU2z25X2s3Eto8PjCziTXZRdzitNa1OWETQ02bvIT1uyRwyex7aqt8BdSM4a6
+mxIil8Z8PTZVjrUMrVbh9RKKzPLVbhoNAUVczzDYYlevvgSU6pmZ/BmvuNkKX/2e
+Cid3zY2ALyCv013rBvUQWiACUUk/I4T2UJtMvZNJ8PvtDuh1Y++4nO7H2zEF4aWh
+PcBmg48lVvBCg7A7O1mWTFpCPlMLcMuI5LL/EtdzwoSRhygoOenHk7Qe77LrN+mC
+AQeuCRwIH20CIAXRwOQ8I5w/YrXm/RqrMIKyQVBT7qNtaSs10TDDFMp6
+-----END DSA PRIVATE KEY-----
diff --git a/tests/dsa/dsa.3072.pem b/tests/dsa/dsa.3072.pem
new file mode 100644
index 0000000..103e4c1
--- /dev/null
+++ b/tests/dsa/dsa.3072.pem
@@ -0,0 +1,28 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIE1QIBAAKCAYEAhB9vvBF1/AbPA+dKYSJ3aroMMsWSbrDd5bgIX+wZHOWAh/JJ
+XwWp+sweXPlwvwglsUKbAxO64Wxv8zlzuiZNmfQykorG4XhUVtCKSEj16ha8MFyw
+tWUYgHzUdJ5bi6a5zekgliDFfz8h1R6zzjGDKVdNzwZDVEVPIsD95kw9OopSNAEA
+ZHH5cO9PS44+1dWss1AL2DEyfMMbKuzqkyl1K9eF2s4j/lm4ZOZGo9Yw7hG1DaR4
+3Yn2JA+yKzu0scXdbZaziSyeFPSBU80PglMwaw+SKguQOEGZYU31bqXt68S8bRqr
+tuFvqeeALSay8zmskeop77JzWEu4R8SEkWZvePHfhnMalxy4RdXRCisUIiqJ1u8M
+1RP96R7t+9nMyfD91fwSwqGkRWSr7dOtYM4pbhSVOHfBaTuDt7tGlGKgX/fS0yJr
+7+1TWmfxBx3HElG/0k4v2C64rdfOPMD/PaLgynScllkySwMbjX3N7OAz5L+Ma26Q
+TDJz1+ew5EIhjZoVAiEAkn2A54rW0EcDA4RCqqljHOZN+uKaZFExmmngPqOAzAkC
+ggGAZWwxfAjfSyDtg31QBgQGXmDeMiWbgAiU1w+emRYETAE17er4TiCQxFiKNPvW
+ZfcCJSjlQ0J7m88CNpYucUr4Jrvf6qZLA1N2HfTgMPzYuahXpW1O2qn5HMwLAz2Z
+FpXqNczUyl9kuuI5p45GPwsbLdVQqZnou5HLtZ5ZcVDQs+XQIxxOb5AzXX182FOv
+DKQaBKppDtY0SESI5HDajCXdrXtvKUXC0vrll2lA2C2sjhCTVQlJk6NBWsTrxt60
+YEF1LcPQUCa0bXuooEd73Tk+FnqpYRdCiSmeOodzJumog4JkH7UZe5pdII66To5m
+wyP3rbWxld1gSdom/lg7BppEY6M6Y+28IX38KWRHUg+1qXqnpn/H+CkLGnDsJ2Ma
+qI0nGfoPctT903gsnevkxXu8xP2vGudtdvQ5vOY5lFhJGfi/tz8BNMnHGmjQnpyt
+GI8b+NeDjOADGWfwDbwSSta192hXMFmj75rslNI+oLuroRcJb28NVNpo/P30znTv
+74cUAoIBgBSqcCAa4s0nF91wgGE/R+Uqe1ppVl0L0GUxSORTidrSSe/EuUa9MVVu
+t7o/HOHbwStCfQxeQv02KbVoug3RB/Y4oq10/JSqwi0pvGnXWgmQp1/KkUHuFNjf
+W9/PDIm8xjmHxtUREMIFsB4gLwrbZiELxnxt45sE7YKrpqTGg5oUwr0JIHW18PxH
+WTBYh0BTpdMt7ohiUhP7947ZyCKt0qpkBT7B8hjMY5z6yxmU8Hxx6WJxdQxYRw0n
+PKh/VQG4m1CcU4enmPO3eT4vzY6ByLEmF6LORGAiwQWjrCGAQCBmCW16WRpffg3R
+TVA6WZoGOTtFrbe1KDkitzE4aiMH0AScstZt+z4tg6Y66DBE1MVMtcchBoLIjTyC
+z2E7K0uu2jR6bNvW7rhCZKSkhWXZwRKaGojnh3CQUA+cENIhIF+E/DzJr1M8zFle
+PrT4w1/E3yQHgCNLrDAGTp0GQP90BVVtaSx9y8uhHatVynpkvOonDo2eBA8v3j75
+snWvY7HNCQIgZCJrP4CDBTRT9pNL4+Gc/wfiKVEF55YcG09uT77u30M=
+-----END DSA PRIVATE KEY-----
diff --git a/tests/dsa/testdsa b/tests/dsa/testdsa
new file mode 100755
index 0000000..94ad95e
--- /dev/null
+++ b/tests/dsa/testdsa
@@ -0,0 +1,127 @@
+#!/bin/bash
+
+# Copyright (C) 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+SERV="${SERV:-../../src/gnutls-serv} -q"
+CLI="${CLI:-../../src/gnutls-cli}"
+PORT="${PORT:-5559}"
+unset RETCODE
+
+fail() {
+ echo "Failure: $1" >&2
+ exit 1
+}
+
+echo "Checking various DSA key sizes"
+
+# DSA 1024 + TLS 1.0
+
+echo "Checking DSA-1024 with TLS 1.0"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 1024 key and TLS 1.0!"
+
+kill %1
+wait
+
+# DSA 1024 + TLS 1.2
+
+echo "Checking DSA-1024 with TLS 1.2"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile
$srcdir/cert.dsa.1024.pem --x509keyfile $srcdir/dsa.1024.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 1024 key and TLS 1.2!"
+
+kill %1
+wait
+
+# DSA 2048 + TLS 1.0
+
+echo "Checking DSA-2048 with TLS 1.0"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
+ fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should
have failed!"
+
+kill %1
+wait
+
+# DSA 2048 + TLS 1.2
+
+echo "Checking DSA-2048 with TLS 1.2"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile
$srcdir/cert.dsa.2048.pem --x509keyfile $srcdir/dsa.2048.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 2048 key and TLS 1.2!"
+
+kill %1
+wait
+
+# DSA 3072 + TLS 1.0
+
+echo "Checking DSA-3072 with TLS 1.0"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" --x509certfile
$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null 2>&1 && \
+ fail "Succeeded connection to a server with DSA 2048 key and TLS 1.0. Should
have failed!"
+
+kill %1
+wait
+
+# DSA 3072 + TLS 1.2
+
+echo "Checking DSA-3072 with TLS 1.2"
+
+$SERV -p $PORT --priority "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2" --x509certfile
$srcdir/cert.dsa.3072.pem --x509keyfile $srcdir/dsa.3072.pem >/dev/null 2>&1 &
+
+# give the server a chance to initialize
+sleep 2
+
+$CLI -p $PORT 127.0.0.1 --insecure </dev/null >/dev/null || \
+ fail "Failed connection to a server with DSA 3072 key and TLS 1.2!"
+
+kill %1
+wait
+
+exit 0
+
diff --git a/tests/suite/Makefile.in b/tests/suite/Makefile.in
index de4a0e3..758460a 100644
--- a/tests/suite/Makefile.in
+++ b/tests/suite/Makefile.in
@@ -657,6 +657,9 @@ LTLIBTASN1 = @LTLIBTASN1@
LT_AGE = @LT_AGE@
LT_CURRENT = @LT_CURRENT@
LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
LZO_LIBS = @LZO_LIBS@
MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-31-gc90c268,
Nikos Mavrogiannopoulos <=