[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-37-g8cd6a6c
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-37-g8cd6a6c |
|
Date: |
Sat, 18 Dec 2010 11:44:52 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8cd6a6c32aab34fe9a9bb7e3f0420752ff43e8e2
The branch, master has been updated
via 8cd6a6c32aab34fe9a9bb7e3f0420752ff43e8e2 (commit)
via 9bb34759a333be7eb20a8d73974bd663a00a9409 (commit)
via b5922d9730ecd4353a33b0211d4f52bea72e3ff4 (commit)
from 663a869147fb9264c3747a46da92b7878eeb4867 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8cd6a6c32aab34fe9a9bb7e3f0420752ff43e8e2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Dec 18 12:42:02 2010 +0100
Do not be strict on RSA hash algorithm selection for signatures.
commit 9bb34759a333be7eb20a8d73974bd663a00a9409
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Dec 18 12:37:51 2010 +0100
Removed unneeded definitions, and more careful deinitializations in
parse_der_cert_mem().
commit b5922d9730ecd4353a33b0211d4f52bea72e3ff4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Dec 18 12:26:09 2010 +0100
updated certificates to account for extra null byte added in negative
numbers.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_cert.h | 13 -----------
lib/gnutls_sig.c | 10 +-------
lib/gnutls_x509.c | 41 ++++++++++++++++++++---------------
tests/pathlen/ca-no-pathlen.pem | 9 ++++---
tests/pathlen/no-ca-or-pathlen.pem | 17 ++++++++-------
5 files changed, 39 insertions(+), 51 deletions(-)
diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h
index 57faf2f..a989b43 100644
--- a/lib/gnutls_cert.h
+++ b/lib/gnutls_cert.h
@@ -36,19 +36,6 @@
#define DSA_PUBLIC_PARAMS 4
#define RSA_PUBLIC_PARAMS 2
-/* For key Usage, test as:
- * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ...
- */
-#define KEY_DIGITAL_SIGNATURE 128
-#define KEY_NON_REPUDIATION 64
-#define KEY_KEY_ENCIPHERMENT 32
-#define KEY_DATA_ENCIPHERMENT 16
-#define KEY_KEY_AGREEMENT 8
-#define KEY_KEY_CERT_SIGN 4
-#define KEY_CRL_SIGN 2
-#define KEY_ENCIPHER_ONLY 1
-#define KEY_DECIPHER_ONLY 32768
-
typedef struct gnutls_cert
{
/* the size of params depends on the public
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 2bd6685..a23bd7f 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -286,7 +286,7 @@ _gnutls_tls_sign (gnutls_session_t session,
if (cert != NULL)
{
if (cert->key_usage != 0)
- if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
+ if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
@@ -327,7 +327,7 @@ _gnutls_verify_sig (gnutls_cert * cert,
/* If the certificate supports signing continue.
*/
if (cert->key_usage != 0)
- if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
+ if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
@@ -807,12 +807,6 @@ pk_hash_data (gnutls_pk_algorithm_t pk,
gnutls_digest_algorithm_t hash,
switch (pk)
{
case GNUTLS_PK_RSA:
- if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
- hash != GNUTLS_DIG_SHA256)
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
break;
case GNUTLS_PK_DSA:
if (params && hash != _gnutls_dsa_q_to_hash (params[1]))
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 0d705b8..36f304a 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -237,8 +237,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
tmp.data = (opaque *) input_cert;
@@ -249,8 +248,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
{
gnutls_assert ();
gnutls_x509_crt_deinit (crt);
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0);
@@ -259,19 +257,21 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
ret = certificate_credential_append_crt_list (res, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
return ret;
+
+cleanup:
+ gnutls_free (ccert);
+ return ret;
}
/* Reads a base64 encoded certificate list from memory and stores it to
@@ -285,7 +285,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
const char *ptr;
opaque *ptr2;
gnutls_datum_t tmp;
- int ret, count;
+ int ret, count, i;
gnutls_cert *certs = NULL;
/* move to the certificate
@@ -309,11 +309,11 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
{
siz2 = _gnutls_fbase64_decode (NULL, ptr, size, &ptr2);
-
if (siz2 < 0)
{
gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
+ ret = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto cleanup;
}
certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert));
@@ -321,7 +321,8 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
if (certs == NULL)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
}
tmp.data = ptr2;
@@ -331,8 +332,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (certs);
- return ret;
+ goto cleanup;
}
_gnutls_free_datum (&tmp); /* free ptr2 */
@@ -367,11 +367,16 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (certs);
- return ret;
+ goto cleanup;
}
return count;
+
+cleanup:
+ for (i=0;i<count;i++)
+ _gnutls_gcert_deinit(&certs[i]);
+ gnutls_free(certs);
+ return ret;
}
@@ -1080,7 +1085,7 @@ _gnutls_check_key_usage (const gnutls_cert * cert,
gnutls_kx_algorithm_t alg)
* type algorithm, and key's usage does not permit
* encipherment, then fail.
*/
- if (!(key_usage & KEY_KEY_ENCIPHERMENT))
+ if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
@@ -1091,7 +1096,7 @@ _gnutls_check_key_usage (const gnutls_cert * cert,
gnutls_kx_algorithm_t alg)
{
/* The same as above, but for sign only keys
*/
- if (!(key_usage & KEY_DIGITAL_SIGNATURE))
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
diff --git a/tests/pathlen/ca-no-pathlen.pem b/tests/pathlen/ca-no-pathlen.pem
index 848f5e9..759f51e 100644
--- a/tests/pathlen/ca-no-pathlen.pem
+++ b/tests/pathlen/ca-no-pathlen.pem
@@ -9,10 +9,11 @@ X.509 Certificate Information:
Subject Public Key Algorithm: RSA
Certificate Security Level: Weak
Modulus (bits 512):
- a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c:11
- ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1:de
- 21:41:db:a3:d2:6c:f9:66:87:69:7c:50:07:81:66:41
- 28:c9:99:e2:eb:cc:57:53:9d:0c:b1:94:6f:ef:eb:17
+ 00:a1:63:53:6b:54:95:ac:3c:a4:4b:4b:6a:ba:c0:9c
+ 11:ad:28:dd:03:a8:c0:f4:17:bf:18:cd:9f:b3:5a:d1
+ de:21:41:db:a3:d2:6c:f9:66:87:69:7c:50:07:81:66
+ 41:28:c9:99:e2:eb:cc:57:53:9d:0c:b1:94:6f:ef:eb
+ 17
Exponent (bits 24):
01:00:01
Extensions:
diff --git a/tests/pathlen/no-ca-or-pathlen.pem
b/tests/pathlen/no-ca-or-pathlen.pem
index 478a3e1..30488cd 100644
--- a/tests/pathlen/no-ca-or-pathlen.pem
+++ b/tests/pathlen/no-ca-or-pathlen.pem
@@ -9,14 +9,15 @@ X.509 Certificate Information:
Subject Public Key Algorithm: RSA
Certificate Security Level: Weak
Modulus (bits 1024):
- c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11:0b
- c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7:7b
- b0:be:f9:10:07:e9:7c:a6:c6:5a:51:33:24:97:7b:a3
- e1:08:b4:52:b6:06:10:7d:65:df:6e:52:bd:81:3f:39
- ad:b3:ad:17:13:88:22:e7:43:8c:39:b7:c2:c4:ba:4a
- 8b:54:15:49:55:a4:4d:cc:00:56:7b:c8:63:4e:37:de
- fb:79:0f:45:dc:e9:5c:cd:70:f0:64:42:35:84:db:e6
- 59:a4:cb:4b:fe:0f:47:28:0c:35:11:a9:40:fc:ba:a5
+ 00:c9:0c:ce:8a:fe:71:46:9b:ca:1d:e5:90:12:a5:11
+ 0b:c6:2d:c4:33:c6:19:e8:60:59:4e:3f:64:3d:e4:f7
+ 7b:b0:be:f9:10:07:e9:7c:a6:c6:5a:51:33:24:97:7b
+ a3:e1:08:b4:52:b6:06:10:7d:65:df:6e:52:bd:81:3f
+ 39:ad:b3:ad:17:13:88:22:e7:43:8c:39:b7:c2:c4:ba
+ 4a:8b:54:15:49:55:a4:4d:cc:00:56:7b:c8:63:4e:37
+ de:fb:79:0f:45:dc:e9:5c:cd:70:f0:64:42:35:84:db
+ e6:59:a4:cb:4b:fe:0f:47:28:0c:35:11:a9:40:fc:ba
+ a5
Exponent (bits 24):
01:00:01
Extensions:
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-37-g8cd6a6c,
Nikos Mavrogiannopoulos <=