[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-75-g500eab9
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-75-g500eab9 |
|
Date: |
Sun, 22 May 2011 15:40:50 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=500eab9c58c0db9aebd2e74ffd71b1ba84a44ae6
The branch, master has been updated
via 500eab9c58c0db9aebd2e74ffd71b1ba84a44ae6 (commit)
via ec82610e5ff750ff3abd6444dfa13683ed094a61 (commit)
via 78209091d154ec9b0a991e4fb3ec5a3c2fc9d228 (commit)
via 1a7fc3195134dd582ba3b41a9ee01b5ce6dfce09 (commit)
via 89eba6411129420d7359bc62a54273d281347c84 (commit)
via 29e53b137026dd35238dbefa8e797090de00e9a9 (commit)
from 1e8a1fac52de4d7bfe9cd13de33f3bc051610c08 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 500eab9c58c0db9aebd2e74ffd71b1ba84a44ae6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 17:40:40 2011 +0200
leak fix and updates for new formats.
commit ec82610e5ff750ff3abd6444dfa13683ed094a61
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 17:39:59 2011 +0200
Added ECDHE-RSA tests.
commit 78209091d154ec9b0a991e4fb3ec5a3c2fc9d228
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 17:20:24 2011 +0200
always put leading zero to output keys
commit 1a7fc3195134dd582ba3b41a9ee01b5ce6dfce09
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 17:20:06 2011 +0200
print the bits together with the security level.
commit 89eba6411129420d7359bc62a54273d281347c84
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 17:11:43 2011 +0200
leaks fixes.
commit 29e53b137026dd35238dbefa8e797090de00e9a9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 17:09:43 2011 +0200
corrected file descriptor leak.
-----------------------------------------------------------------------
Summary of changes:
lib/algorithms/secparams.c | 5 +++-
lib/gnutls_pubkey.c | 16 +++++++-------
lib/pkcs11.c | 1 +
lib/x509/output.c | 4 +-
lib/x509/privkey.c | 10 +++++++-
lib/x509/privkey_pkcs8.c | 9 ++-----
tests/pathlen/ca-no-pathlen.pem | 2 +-
tests/pathlen/no-ca-or-pathlen.pem | 2 +-
tests/pkcs12_s2k_pem.c | 3 +-
tests/suite/testcompat-main | 38 +++++++++++++++++++++++++++++++----
10 files changed, 63 insertions(+), 27 deletions(-)
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c
index 09dd240..b9bb0e3 100644
--- a/lib/algorithms/secparams.c
+++ b/lib/algorithms/secparams.c
@@ -160,7 +160,10 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param)
gnutls_sec_param_t
gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
{
- gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_UNKNOWN;
+ gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK;
+
+ if (bits == 0)
+ return GNUTLS_SEC_PARAM_UNKNOWN;
if (algo == GNUTLS_PK_ECC)
{
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index c75f7f8..e3e8fad 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -578,14 +578,14 @@ gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- ret = _gnutls_mpi_dprint (key->params.params[0], m);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[0], m);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
- ret = _gnutls_mpi_dprint (key->params.params[1], e);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[1], e);
if (ret < 0)
{
gnutls_assert ();
@@ -630,7 +630,7 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
}
/* P */
- ret = _gnutls_mpi_dprint (key->params.params[0], p);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[0], p);
if (ret < 0)
{
gnutls_assert ();
@@ -638,7 +638,7 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
}
/* Q */
- ret = _gnutls_mpi_dprint (key->params.params[1], q);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[1], q);
if (ret < 0)
{
gnutls_assert ();
@@ -648,7 +648,7 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
/* G */
- ret = _gnutls_mpi_dprint (key->params.params[2], g);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[2], g);
if (ret < 0)
{
gnutls_assert ();
@@ -659,7 +659,7 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
/* Y */
- ret = _gnutls_mpi_dprint (key->params.params[3], y);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[3], y);
if (ret < 0)
{
gnutls_assert ();
@@ -706,7 +706,7 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key,
gnutls_ecc_curve_t *curve,
*curve = key->params.flags;
/* X */
- ret = _gnutls_mpi_dprint (key->params.params[5], x);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[5], x);
if (ret < 0)
{
gnutls_assert ();
@@ -714,7 +714,7 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key,
gnutls_ecc_curve_t *curve,
}
/* Y */
- ret = _gnutls_mpi_dprint (key->params.params[6], y);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[6], y);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 03f3fc9..d33ecb7 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -427,6 +427,7 @@ gnutls_pkcs11_init (unsigned int flags, const char
*configfile)
}
}
}
+ fclose(fp);
}
return 0;
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 3977596..8c889fd 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1163,9 +1163,9 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t
cert, int notsigned)
pk = err;
addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
- addf (str, _("\tCertificate Security Level: %s\n"),
+ addf (str, _("\tCertificate Security Level: %s (%d bits)\n"),
gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)));
+ (err, bits)), bits);
#ifdef ENABLE_PKI
err = gnutls_pubkey_init(&pubkey);
if (err < 0)
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 925a970..8cb98fe 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -135,7 +135,6 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_pk_params_init(&pkey->params);
-
if ((result =
asn1_create_element (_gnutls_get_gnutls_asn (),
"GNUTLS.RSAPrivateKey",
@@ -158,6 +157,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result =
_gnutls_x509_read_int (pkey_asn, "publicExponent",
@@ -166,6 +166,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result =
_gnutls_x509_read_int (pkey_asn, "privateExponent",
@@ -174,6 +175,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
&pkey->params.params[3])) < 0)
@@ -181,6 +183,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
&pkey->params.params[4])) < 0)
@@ -188,6 +191,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
&pkey->params.params[5])) < 0)
@@ -195,6 +199,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
&pkey->params.params[6])) < 0)
@@ -202,6 +207,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
+ pkey->params.params_nr++;
if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
&pkey->params.params[7])) < 0)
@@ -209,7 +215,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
* raw_key,
gnutls_assert ();
goto error;
}
-
+ pkey->params.params_nr++;
result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pkey->params);
if (result < 0)
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 5ef565d..04f17a0 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -971,10 +971,9 @@ _decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn,
gnutls_x509_privkey_t pkey)
goto error;
}
- return 0;
+ ret = 0;
error:
- gnutls_x509_privkey_deinit (pkey);
return ret;
}
@@ -1001,10 +1000,9 @@ _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn,
gnutls_x509_privkey_t pkey)
goto error;
}
- return 0;
+ ret = 0;
error:
- gnutls_x509_privkey_deinit (pkey);
return ret;
}
@@ -1072,10 +1070,9 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn,
gnutls_x509_privkey_t pkey)
pkey->params.params_nr = DSA_PRIVATE_PARAMS;
- return 0;
+ ret = 0;
error:
- gnutls_x509_privkey_deinit (pkey);
return ret;
}
diff --git a/tests/pathlen/ca-no-pathlen.pem b/tests/pathlen/ca-no-pathlen.pem
index 759f51e..9d39578 100644
--- a/tests/pathlen/ca-no-pathlen.pem
+++ b/tests/pathlen/ca-no-pathlen.pem
@@ -7,7 +7,7 @@ X.509 Certificate Information:
Not After: Sat Jan 27 10:00:06 UTC 2007
Subject: O=GnuTLS test certificate
Subject Public Key Algorithm: RSA
- Certificate Security Level: Weak
+ Certificate Security Level: Weak (512 bits)
Modulus (bits 512):
00:a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c
11:ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1
diff --git a/tests/pathlen/no-ca-or-pathlen.pem
b/tests/pathlen/no-ca-or-pathlen.pem
index 30488cd..8e9f682 100644
--- a/tests/pathlen/no-ca-or-pathlen.pem
+++ b/tests/pathlen/no-ca-or-pathlen.pem
@@ -7,7 +7,7 @@ X.509 Certificate Information:
Not After: Fri Aug 25 23:59:59 UTC 2000
Subject: O=VeriSign\, Inc.,OU=VeriSign Trust
Network,OU=www.verisign.com/repository/RPA Incorp. by
Ref.\,LIAB.LTD(c)98,OU=Persona Not Validated,OU=Digital ID Class 1 -
Netscape,CN=Simon Josefsson,address@hidden
Subject Public Key Algorithm: RSA
- Certificate Security Level: Weak
+ Certificate Security Level: Weak (1024 bits)
Modulus (bits 1024):
00:c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11
0b:c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7
diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c
index 8b5992c..a58906b 100644
--- a/tests/pkcs12_s2k_pem.c
+++ b/tests/pkcs12_s2k_pem.c
@@ -281,13 +281,14 @@ main (void)
ret = gnutls_x509_privkey_import_pkcs8 (key, &tmp,
GNUTLS_X509_FMT_PEM,
keys[i].password, 0);
+ gnutls_x509_privkey_deinit (key);
+
if (ret != keys[i].expected_result)
{
printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret));
return 1;
}
- gnutls_x509_privkey_deinit (key);
}
gnutls_global_deinit ();
diff --git a/tests/suite/testcompat-main b/tests/suite/testcompat-main
index 7a5809a..ee9a924 100755
--- a/tests/suite/testcompat-main
+++ b/tests/suite/testcompat-main
@@ -32,6 +32,11 @@ fi
. ../scripts/common.sh
echo "Compatibility checks using "`openssl version`
+openssl version|grep -e 1\.0 >/dev/null 2>&1
+SV=$?
+if test $SV != 0;then
+ echo "OpenSSL 1.0.0 is required for ECDH and DTLS tests"
+fi
DSA_CERT=$srcdir/../dsa/cert.dsa.1024.pem
DSA_KEY=$srcdir/../dsa/dsa.1024.pem
@@ -76,6 +81,7 @@ $CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL
kill $PID
wait
+#-cipher
RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA
launch_bare_server $$ s_server -quiet -www -accept $PORT -keyform pem
-certform pem -tls1 -dhparam params.dh -key $RSA_KEY -cert $RSA_CERT -dkey
$DSA_KEY -dcert $DSA_CERT -Verify 1 -CAfile $CA_CERT &
PID=$!
wait_server $PID
@@ -90,6 +96,15 @@ echo "Checking TLS 1.0 with DHE-RSA..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-RSA"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
fail "Failed"
+if test $SV = 0;then
+
+# Test TLS 1.0 with DHE-RSA ciphersuite
+echo "Checking TLS 1.0 with ECDHE-RSA..."
+$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
+ fail "Failed"
+
+fi
+
# Test TLS 1.0 with DHE-DSS ciphersuite
echo "Checking TLS 1.0 with DHE-DSS..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+DHE-DSS"
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
@@ -102,11 +117,7 @@ launch_bare_server $$ s_server -quiet -accept $PORT
-keyform pem -certform pem -
PID=$!
wait_server $PID
-openssl version|grep -e 1\.0 >/dev/null 2>&1
-if test $? != 0;then
- echo "OpenSSL 1.0.0 is required for DTLS tests"
- exit 77
-fi
+if test $SV = 0;then
# Test DTLS 1.0 with RSA ciphersuite
echo "Checking DTLS 1.0 with RSA..."
@@ -137,9 +148,13 @@ echo "Checking DTLS 1.0 with DHE-DSS..."
$CLI $DEBUG -p $PORT 127.0.0.1 --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-DTLS1.0:+DHE-DSS" --udp
--insecure --x509certfile $CLI_CERT --x509keyfile $CLI_KEY </dev/null
>/dev/null || \
fail "Failed"
+fi
+
kill $PID
wait
+
+
echo "Client mode tests were successfully completed"
echo ""
echo "#####################"
@@ -213,6 +228,18 @@ $CLI s_client -host localhost -tls1 -port $PORT -cert
$CLI_CERT -key $CLI_KEY -
kill $PID
wait
+if test $SV = 0;then
+
+echo "Check TLS 1.0 with ECDHE-RSA ciphersuite"
+launch_server $$ --priority
"NONE:+CIPHER-ALL:+SIGN-ALL:+COMP-NULL:+MAC-ALL:+VERS-TLS1.0:+ECDHE-RSA:+CURVE-ALL"
--x509certfile $SERV_CERT --x509keyfile $SERV_KEY --x509cafile $CA_CERT
--dhparams params.dh & PID=$!
+wait_server $PID
+
+#-cipher ECDHE-RSA-AES128-SHA
+$CLI s_client -host localhost -tls1 -port $PORT -cert $CLI_CERT -key $CLI_KEY
-CAfile $CA_CERT </dev/null 2>&1 | grep "\:error\:" && \
+ fail "Failed"
+
+kill $PID
+wait
# DTLS
echo "Check DTLS 1.0 with RSA ciphersuite"
@@ -245,6 +272,7 @@ $CLI s_client -host localhost -port $PORT -dtls1 -cert
$CLI_CERT -key $CLI_KEY
kill $PID
wait
+fi
exit 0
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-75-g500eab9,
Nikos Mavrogiannopoulos <=