[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-130-g3b70d49

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=3b70d49d37d5c9f2d25fab06891bfa5bdf34211f

The branch, master has been updated
       via  3b70d49d37d5c9f2d25fab06891bfa5bdf34211f (commit)
       via  333e3fac8a4e3fe018e0505e67cccf23d2d97747 (commit)
       via  0e8bafb0a55ab6e05df0d7c663c8a58f03c5f051 (commit)
       via  b33cbf5e4b8386f89f813a1b2886b9c32ae479ff (commit)
      from  b30fda48aef347e678d14d0caee2961dce0ceda7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3b70d49d37d5c9f2d25fab06891bfa5bdf34211f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Sep 24 20:47:42 2012 +0200

    updated copyright

commit 333e3fac8a4e3fe018e0505e67cccf23d2d97747
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Sep 24 20:44:48 2012 +0200

    openpgp doc update

commit 0e8bafb0a55ab6e05df0d7c663c8a58f03c5f051
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Sep 24 20:13:27 2012 +0200

    Added boilerplate.

commit b33cbf5e4b8386f89f813a1b2886b9c32ae479ff
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Sep 23 23:17:00 2012 +0200

    simplified calculations

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-cert-auth.texi     |   78 ++++++++++++++++++++++++++++++++++++++++----
 lib/opencdk/write-packet.c |    4 +-
 lib/openpgp/pgp.c          |    8 +---
 tests/suite/asn1random.pl  |   18 ++++++++++
 tests/suite/x509random.pl  |   17 +++++++++-
 5 files changed, 109 insertions(+), 16 deletions(-)

diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 144de2c..46195f9 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -50,8 +50,8 @@ of the Digital Signature Standard (DSS).
 @item address@hidden @tab
 The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
 curve Diffie-Hellman parameters which are sent to the peer. The 
-certificate must contain ECDSA parameters to use this key exchange 
-algorithm. 
+certificate must contain ECDSA parameters (i.e., EC and marked for signing) 
+to use this key exchange algorithm. 
 
 @end multitable
 @caption{Supported key exchange algorithms.}
@@ -192,7 +192,7 @@ handled using the @code{gnutls_x509_crt_t} type and the 
corresponding
 private keys with the @code{gnutls_x509_privkey_t} type.  All the
 available functions for @acronym{X.509} certificate handling have
 their prototypes in @file{gnutls/x509.h}. An example program to
-demonstrate the @acronym{X.509} parsing capabilities can be found at
+demonstrate the @acronym{X.509} parsing capabilities can be found in
 @ref{ex:x509-info}.
 
 @node Importing an X.509 certificate
@@ -370,13 +370,77 @@ only Kevin, for some reason. A reason could be that Bob 
is lazy
 enough, and signs other people's keys without being sure that they
 belong to the actual owner.
 
address@hidden Table,tab:openpgp-certificate
address@hidden @columnfractions .2 .7
+
address@hidden Field @tab Description
+
address@hidden version @tab
+The field that indicates the version of the OpenPGP structure.
+
address@hidden user ID @tab
+An RFC 2822 string that identifies the owner of the key. There may be
+multiple user identifiers in a key.
+
address@hidden public key @tab
+The main public key of the certificate.
+
address@hidden expiration @tab
+The expiration time of the main public key.
+
address@hidden public subkey @tab
+An additional public key of the certificate. There may be multiple subkeys
+in a certificate.
+
address@hidden public subkey expiration @tab
+The expiration time of the subkey.
+
address@hidden multitable
address@hidden certificate fields.}
address@hidden float
+
+
 @subsection @acronym{OpenPGP} certificate structure
 
-In @acronym{GnuTLS} the @acronym{OpenPGP} key structures
address@hidden are handled using the @code{gnutls_openpgp_crt_t} type
-and the corresponding private keys with the
+In @acronym{GnuTLS} the @acronym{OpenPGP} certificate structures
address@hidden are handled using the @code{gnutls_openpgp_crt_t} type.
+A typical certificate contains the user ID, which is an RFC 2822
+mail and name address, a public key, possibly a number of additional
+public keys (called subkeys), and a number of signatures. The various
+fields are shown in @ref{tab:openpgp-certificate}.
+
+The additional subkeys may provide key for various different purposes,
+e.g. one key to encrypt mail, and another to sign a TLS key exchange.
+Each subkey is identified by a unique key ID.
+The keys that are to be used in a TLS key exchange that requires
+signatures are called authentication keys in the OpenPGP jargon.
+The mapping of TLS key exchange methods to public keys is shown in
address@hidden:openpgp-key-exchange}.
+
address@hidden Table,tab:openpgp-key-exchange
address@hidden @columnfractions .2 .7
+
address@hidden Key exchange @tab Public key requirements
+
address@hidden RSA @tab
+An RSA public key that allows encryption.
+
address@hidden address@hidden @tab
+An RSA public key that is marked for authentication.
+
address@hidden address@hidden @tab
+An RSA public key that is marked for authentication.
+
address@hidden address@hidden @tab
+A DSA public key that is marked for authentication.
+
address@hidden multitable
address@hidden types of (sub)keys required for the various TLS key exchange 
methods.}
address@hidden float
+
+The corresponding private keys are stored in the
 @code{gnutls_openpgp_privkey_t} type. All the prototypes for the key
-handling functions can be found at @file{gnutls/openpgp.h}.
+handling functions can be found in @file{gnutls/openpgp.h}.
 
 @subsection Verifying an @acronym{OpenPGP} certificate
 
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 7a53e84..521728f 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -159,9 +159,9 @@ pkt_encode_len (cdk_stream_t out, size_t pktlen)
   else if (pktlen < 8384)
     {
       pktlen -= 192;
-      rc = stream_putc (out, (pktlen / 256) + 192);
+      rc = stream_putc (out, (pktlen >> 8) + 192);
       if (!rc)
-        rc = stream_putc (out, (pktlen % 256));
+        rc = stream_putc (out, (pktlen & 0xff));
     }
   else
     {
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index fb77087..dc6cadc 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -1586,14 +1586,10 @@ gnutls_openpgp_crt_set_preferred_key_id 
(gnutls_openpgp_crt_t key,
  * gnutls_openpgp_crt_get_auth_subkey:
  * @crt: the structure that contains the OpenPGP public key.
  * @keyid: the struct to save the keyid.
- * @flag: Non (0) indicates that a valid subkey is always returned.
+ * @flag: Non-zero indicates that a valid subkey is always returned.
  *
  * Returns the 64-bit keyID of the first valid OpenPGP subkey marked
- * for authentication.  If flag is non (0) and no authentication
- * subkey exists, then a valid subkey will be returned even if it is
- * not marked for authentication.
- * Returns the 64-bit keyID of the first valid OpenPGP subkey marked
- * for authentication.  If flag is non (0) and no authentication
+ * for authentication.  If flag is non-zero and no authentication
  * subkey exists, then a valid subkey will be returned even if it is
  * not marked for authentication.
  *
diff --git a/tests/suite/asn1random.pl b/tests/suite/asn1random.pl
index e967f68..79e70a6 100755
--- a/tests/suite/asn1random.pl
+++ b/tests/suite/asn1random.pl
@@ -1,5 +1,23 @@
 #!/usr/bin/perl -w
 #
+# Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+# Written by David Howells (address@hidden)
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#
 # Generate random but valid ASN.1 data.
 #
 # Format:
diff --git a/tests/suite/x509random.pl b/tests/suite/x509random.pl
index 5144e29..1c6ce04 100755
--- a/tests/suite/x509random.pl
+++ b/tests/suite/x509random.pl
@@ -1,6 +1,21 @@
 #!/usr/bin/perl -w
 #
-# Author David Howells <address@hidden>
+# Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+# Written by David Howells (address@hidden)
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 #
 # Generate validly formatted X.509 certificates filled with mostly random data,
 # including for the RSA key and signature fields (so it is extremely improbable


hooks/post-receive
-- 
GNU gnutls