gnutls-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-98-gece04d6

From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-98-gece04d6
Date: Wed, 25 May 2011 21:35:22 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ece04d625ec441abebd535fc8a96a6e80e9da754

The branch, master has been updated
       via  ece04d625ec441abebd535fc8a96a6e80e9da754 (commit)
       via  e93bf40128090de59917f45b460753c2cbdcd409 (commit)
       via  6b3e506317a0733d70160777c1bbdbbaa86ed7eb (commit)
       via  fa18b3573dcedddb1857a3e9ec72d0002ef3de20 (commit)
       via  0deeccea4f87796474d75c6ce0f617aa864c438c (commit)
       via  b8ee577afce90c3b2b5f039350f0e4b44d05e9c5 (commit)
       via  baaf2332ebce8176ec3d5fa54f1580fd5294a7fb (commit)
      from  c0aae931debb4b059647d5c90a7f903b804f74af (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ece04d625ec441abebd535fc8a96a6e80e9da754
Author: Giuseppe Scrivano <address@hidden>
Date:   Wed May 25 18:33:08 2011 +0200

    Fix example in the documentation.
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

commit e93bf40128090de59917f45b460753c2cbdcd409
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed May 25 23:31:30 2011 +0200

    updated documentation on PSK.
    
    Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>

commit 6b3e506317a0733d70160777c1bbdbbaa86ed7eb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed May 25 23:27:51 2011 +0200

    If Q=-P return the point at infinity.

commit fa18b3573dcedddb1857a3e9ec72d0002ef3de20
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed May 25 20:04:59 2011 +0200

    Added elliptic curves chain certificate.

commit 0deeccea4f87796474d75c6ce0f617aa864c438c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed May 25 00:20:26 2011 +0200

    do not try to write to a socket when no data.

commit b8ee577afce90c3b2b5f039350f0e4b44d05e9c5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue May 24 17:50:33 2011 +0200

    increased log level

commit baaf2332ebce8176ec3d5fa54f1580fd5294a7fb
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Tue May 24 17:42:22 2011 +0200

    _gnutls_handshake_hash_buffer_clear was replaced by  _gnutls_buffer_clear();

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-programs.texi                 |   12 +++++-----
 lib/gnutls_buffers.c                  |    6 +++++
 lib/gnutls_buffers.h                  |    3 --
 lib/gnutls_handshake.c                |    2 +-
 lib/nettle/ecc_projective_add_point.c |   33 ++++++++++++++++++++-------
 tests/chainverify.c                   |   39 +++++++++++++++++++++++++++++++++
 tests/openpgpself.c                   |    2 +-
 7 files changed, 77 insertions(+), 20 deletions(-)

diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi
index 8b9aea5..dfca748 100644
--- a/doc/cha-programs.texi
+++ b/doc/cha-programs.texi
@@ -404,7 +404,7 @@ To connect to a server using PSK authentication, you may 
use something
 like:
 
 @smallexample
-$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas --pskkey 
9e32cf7786321a828ef7668f09fb35db --priority NORMAL:+PSK:-RSA:-DHE-RSA -d 4711
+$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas --pskkey 
9e32cf7786321a828ef7668f09fb35db --priority NORMAL:+DHE-PSK:+PSK:-RSA:-DHE-RSA 
-d 4711
 @end smallexample
 
 @menu
@@ -422,10 +422,10 @@ should be as simple as connecting to the server:
 $ ./gnutls-cli -p 5556 localhost
 Resolving 'localhost'...
 Connecting to '127.0.0.1:5556'...
-- PSK client callback. PSK hint 'psk_identity_hint'
+- PSK client callback.
 Enter PSK identity: psk_identity
 Enter password: 
-- PSK authentication. PSK hint 'psk_identity_hint'
+- PSK authentication.
 - Version: TLS1.1
 - Key Exchange: PSK
 - Cipher: AES-128-CBC
@@ -446,10 +446,10 @@ password, you can also give the PSK username and key 
directly on the
 command line:
 
 @smallexample
-$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity --pskkey 
88f3824b3e5659f52d00e959bacab954b6540344 
+$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity --pskkey 
88f3824b3e5659f52d00e959bacab954b6540344  --priority NORMAL:+DHE-PSK:+PSK
 Resolving 'localhost'...
 Connecting to '127.0.0.1:5556'...
-- PSK authentication. PSK hint 'psk_identity_hint'
+- PSK authentication.
 - Version: TLS1.1
 - Key Exchange: PSK
 - Cipher: AES-128-CBC
@@ -760,7 +760,7 @@ password file (@pxref{Invoking psktool}).  In the example 
below, I
 type @code{password} at the prompt.
 
 @smallexample
-$ ./psktool -u psk_identity -p psks.txt -n psk_identity_hint
+$ ./psktool -u psk_identity -p psks.txt
 Enter password:
 Key stored to psks.txt
 $ cat psks.txt
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 3a7cca2..1ca46ee 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -554,6 +554,12 @@ _gnutls_io_write_flush (gnutls_session_t session)
         }
     }
 
+  if (tosend == 0)
+    {
+      gnutls_assert();
+      return 0;
+    }
+
   ret = _gnutls_writev (session, iovec, i);
   if (ret >= 0)
     {
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index bc432bd..8eb3ac4 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -52,9 +52,6 @@ int _gnutls_handshake_hash_buffer_put (gnutls_session_t 
session, opaque * data,
 int _gnutls_handshake_hash_buffer_get_ptr (gnutls_session_t session,
                                       opaque ** data_ptr, size_t * length);
 
-#define _gnutls_handshake_hash_buffer_clear(session) 
_gnutls_buffer_clear(&session->internals.handshake_hash_buffer)
-
-
 /* Does not free the buffer
  */
 static inline void
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index d42d415..babf71e 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -104,7 +104,7 @@ _gnutls_handshake_hash_buffers_clear (gnutls_session_t 
session)
   session->security_parameters.handshake_mac_handle_type = 0;
   session->internals.handshake_mac_handle_init = 0;
 
-  _gnutls_handshake_hash_buffer_clear (session);
+  _gnutls_buffer_clear(&session->internals.handshake_hash_buffer);
 }
 
 /* this will copy the required values for resuming to
diff --git a/lib/nettle/ecc_projective_add_point.c 
b/lib/nettle/ecc_projective_add_point.c
index daf77ba..35d12bc 100644
--- a/lib/nettle/ecc_projective_add_point.c
+++ b/lib/nettle/ecc_projective_add_point.c
@@ -26,13 +26,13 @@
    @param P        The point to add
    @param Q        The point to add
    @param R        [out] The destination of the double
+   @param a        Curve's a value
    @param modulus  The modulus of the field the ECC curve is in
-   @param mp       The "b" value from montgomery_setup()
    @return 0 on success
 */
 int
 ecc_projective_add_point (ecc_point * P, ecc_point * Q, ecc_point * R,
-                              mpz_t A, mpz_t modulus)
+                              mpz_t a, mpz_t modulus)
 {
   mpz_t t1, t2, x, y, z;
   int err;
@@ -47,17 +47,32 @@ ecc_projective_add_point (ecc_point * P, ecc_point * Q, 
ecc_point * R,
       return err;
     }
 
-  /* should we dbl instead? */
-  mpz_sub (t1, modulus, Q->y);
-
+  /* Check if P == Q and do doubling in that case 
+   * If Q == -P then P+Q=point at infinity
+   */
   if ((mpz_cmp (P->x, Q->x) == 0) &&
-      (Q->z != NULL && mpz_cmp (P->z, Q->z) == 0) &&
-      (mpz_cmp (P->y, Q->y) == 0 || mpz_cmp (P->y, t1) == 0))
+      (mpz_cmp (P->z, Q->z) == 0))
     {
-      mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
-      return ecc_projective_dbl_point (P, R, A, modulus);
+      /* x and z coordinates match. Check if P->y = Q->y, or P->y = -Q->y
+       */
+      if (mpz_cmp (P->y, Q->y) == 0)
+        {
+          mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
+          return ecc_projective_dbl_point (P, R, a, modulus);
+        }
+      
+      mpz_sub (t1, modulus, Q->y);
+      if (mpz_cmp (P->y, t1) == 0)
+        {
+          mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
+          mpz_set_ui(R->x, 1);
+          mpz_set_ui(R->y, 1);
+          mpz_set_ui(R->z, 0);
+          return 0;
+        }
     }
 
+
   mpz_set (x, P->x);
   mpz_set (y, P->y);
   mpz_set (z, P->z);
diff --git a/tests/chainverify.c b/tests/chainverify.c
index 8cd5244..65c4bcf 100644
--- a/tests/chainverify.c
+++ b/tests/chainverify.c
@@ -675,6 +675,43 @@ static const char *cacertrsamd5[] = {
   NULL
 };
 
+/* Test Certicom cert with ECC-SHA256 signature. */
+static const char *ecc_cert[] = {
+  /* chain[0] (ECC cert) */
+"-----BEGIN CERTIFICATE-----\n"
+"MIICbzCCAhSgAwIBAgIIZLkW6EZO5PQwCgYIKoZIzj0EAwIwgZsxFDASBgNVBAsT\n"
+"C1NBTVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMH\n"
+"VG9yb250bzEQMA4GA1UEBBMHT250YXJpbzE5MDcGA1UEAxMwdGxzLnNlY2cub3Jn\n"
+"IEVDQyBzZWNwMjU2cjEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJD\n"
+"QTAeFw0wOTA1MDcwMDAwMDBaFw0xNTA1MDEwMDAwMDBaMIGYMRQwEgYDVQQLEwtT\n"
+"QU1QTEUgT05MWTEXMBUGA1UEChMOQ2VydGljb20gQ29ycC4xEDAOBgNVBAcTB1Rv\n"
+"cm9udG8xEDAOBgNVBAgTB09udGFyaW8xNjA0BgNVBAMTLXRscy5zZWNnLm9yZyBF\n"
+"Q0Mgc2VjcDI1NnIxIFNlcnZlciBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0EwWTAT\n"
+"BgcqhkjOPQIBBggqhkjOPQMBBwNCAATf63kPhr3D6a2scrHWVr0oOXQMnBDT6Jv/\n"
+"ifqzt4/xTbXsZNEyD96nyh82sk0tM+FVfBlsIwGc7vqBfyq0mC/Io0MwQTAOBgNV\n"
+"HQ8BAf8EBAMCA4gwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwFwYDVR0RBBAwDoIM\n"
+"dGxzLnNlY2cub3JnMAoGCCqGSM49BAMCA0kAMEYCIQDfacZHsdsj6SXQ2hyJS4Do\n"
+"SMclqGLo2Sop7hfAeEJA+wIhAOMo7eLya44SIcuzrLBpg29g5ZzYOeuEzRcg9mch\n"
+"AB1w\n"
+"-----END CERTIFICATE-----\n",
+"-----BEGIN CERTIFICATE-----\n"
+"MIICTjCCAfagAwIBAgIICvq6Bj3Av6EwCQYHKoZIzj0EATCBmzEUMBIGA1UECxML\n"
+"U0FNUExFIE9OTFkxFzAVBgNVBAoTDkNlcnRpY29tIENvcnAuMRAwDgYDVQQHEwdU\n"
+"b3JvbnRvMRAwDgYDVQQEEwdPbnRhcmlvMTkwNwYDVQQDEzB0bHMuc2VjZy5vcmcg\n"
+"RUNDIHNlY3AyNTZyMSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxCzAJBgNVBAYTAkNB\n"
+"MB4XDTA2MDUwMTAwMDAwMFoXDTE1MDUwMTAwMDAwMFowgZsxFDASBgNVBAsTC1NB\n"
+"TVBMRSBPTkxZMRcwFQYDVQQKEw5DZXJ0aWNvbSBDb3JwLjEQMA4GA1UEBxMHVG9y\n"
+"b250bzEQMA4GA1UEBBMHT250YXJpbzE5MDcGA1UEAxMwdGxzLnNlY2cub3JnIEVD\n"
+"QyBzZWNwMjU2cjEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQswCQYDVQQGEwJDQTBZ\n"
+"MBMGByqGSM49AgEGCCqGSM49AwEHA0IABB2oofFVa6akTK6hpaJLs+6skdhn0sQp\n"
+"uJwVwG99T0VZY8v7q6NMIWrpYQFmOxQyVVNlxWWyr2cLYJTyqx/zuDejIzAhMA4G\n"
+"A1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAkGByqGSM49BAEDRwAwRAIg\n"
+"W2KAhfAKWFoh47A7muk8K10cGqOKRtb9lCgdOltj19oCIG+ZJQv5m+RnL4X2Ti0y\n"
+"ZJzOOuzBQVGiUFwZdn1dLv4X\n"
+"-----END CERTIFICATE-----\n",
+  NULL
+};
+
 static struct
 {
   const char *name;
@@ -744,6 +781,8 @@ static struct
     GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID },
   { "cacertrsamd5 short-cut ok", cacertrsamd5, &cacertrsamd5[1],
     0, 0 },
+  { "ecc cert ok", ecc_cert, &ecc_cert[1],
+    0, 0 },
   { NULL, NULL, NULL, 0, 0}
 };
 /* *INDENT-ON* */
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index 388385c..5d36c30 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -144,7 +144,7 @@ client (void)
 
   gnutls_global_set_log_function (tls_log_func);
   if (debug)
-    gnutls_global_set_log_level (5);
+    gnutls_global_set_log_level (9);
 
   gnutls_certificate_allocate_credentials (&xcred);
 


hooks/post-receive
-- 
GNU gnutls
reply via email to
[Prev in Thread] Current Thread [Next in Thread]