[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-23-g61dba
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-23-g61dbafd |
|
Date: |
Wed, 16 Mar 2011 21:41:28 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=61dbafd583171fa278347bda49aa557e0b0fc8cd
The branch, gnutls_2_12_x has been updated
via 61dbafd583171fa278347bda49aa557e0b0fc8cd (commit)
via be8fdbe623d31504fd280dca002c3702ba2a36da (commit)
via b1fd9941fcaac338054948d2a07d45481f9308f6 (commit)
via e7472d2de6ac05363dd49594d1ca9b87a2c8ec6b (commit)
via a8265d9832e5d0bfb7d008cdd144637a376f06ba (commit)
via ca57ed4ddb4bcd503c1755c4f80e4a1803d2254a (commit)
via 58b87f252c11b1f1e01a88fa13e8ff6f4a3042a6 (commit)
via 418625f3abd4193cc89699c5b58d82045cc6c086 (commit)
via 3ac59a36a3b8a9e226e3af6b84096d3d3170b97a (commit)
via 60338e8676f85dc6f26427b053f9c549d3bc1431 (commit)
from a32853d3da525ceb4211e869b6dfa4e5a469e7c8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 61dbafd583171fa278347bda49aa557e0b0fc8cd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 22:38:18 2011 +0100
read correct algorithm when decrypting data and use correct number of
private parameters.
commit be8fdbe623d31504fd280dca002c3702ba2a36da
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 21:46:13 2011 +0100
Corrected nettle's RNG behavior on fork and added a test case.
commit b1fd9941fcaac338054948d2a07d45481f9308f6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 22:10:08 2011 +0100
documented gnutls_pubkey_import_openpgp change.
commit e7472d2de6ac05363dd49594d1ca9b87a2c8ec6b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 21:08:39 2011 +0100
enabled RSA and removed debugging.
commit a8265d9832e5d0bfb7d008cdd144637a376f06ba
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 20:47:20 2011 +0100
gnutls_pubkey_t and gnutls_privkey_t can import either an openpgp subkey or
a master key.
commit ca57ed4ddb4bcd503c1755c4f80e4a1803d2254a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:42:52 2011 +0100
split the pgp keys to elgamal and dsa.
commit 58b87f252c11b1f1e01a88fa13e8ff6f4a3042a6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:41:52 2011 +0100
introduced GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR
commit 418625f3abd4193cc89699c5b58d82045cc6c086
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:18:32 2011 +0100
On unknown public key algorithms return Unknown name.
commit 3ac59a36a3b8a9e226e3af6b84096d3d3170b97a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 19:08:18 2011 +0100
Read the public key algorithm from the selected subkey and not the master
key when importing to a gnutls_privkey.
commit 60338e8676f85dc6f26427b053f9c549d3bc1431
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Mar 16 18:37:45 2011 +0100
Documentation fixed. Added fresh keys to test.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +
guile/tests/openpgp-auth.scm | 4 +-
.../tests/{openpgp-pub.asc => openpgp-elg-pub.asc} | 0
.../tests/{openpgp-sec.asc => openpgp-elg-sec.asc} | 0
guile/tests/openpgp-keys.scm | 4 +-
guile/tests/openpgp-pub.asc | 45 ++--
guile/tests/openpgp-sec.asc | 61 ++--
lib/gnutls_algorithms.c | 1 +
lib/gnutls_errors.c | 2 +
lib/gnutls_privkey.c | 23 ++-
lib/gnutls_pubkey.c | 45 ++-
lib/includes/gnutls/abstract.h | 1 -
lib/includes/gnutls/gnutls.h.in | 1 +
lib/nettle/rnd.c | 11 +-
lib/openpgp/gnutls_openpgp.c | 17 +-
lib/openpgp/pgp.c | 5 +-
lib/openpgp/privkey.c | 19 +-
tests/Makefile.am | 2 +-
tests/openpgp-auth.c | 361 ++++++++++----------
tests/openpgpself.c | 100 ++++--
tests/rng-fork.c | 100 ++++++
21 files changed, 496 insertions(+), 311 deletions(-)
copy guile/tests/{openpgp-pub.asc => openpgp-elg-pub.asc} (100%)
copy guile/tests/{openpgp-sec.asc => openpgp-elg-sec.asc} (100%)
create mode 100644 tests/rng-fork.c
diff --git a/NEWS b/NEWS
index 6b50260..7736e21 100644
--- a/NEWS
+++ b/NEWS
@@ -5,12 +5,17 @@ See the end for copying conditions.
* Version 2.xx.y (unreleased)
+** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred
+subkey instead of setting explitly one.
+
** libgnutls: Corrected default behavior in record version of Client Hellos.
** libgnutls-openssl: modified to use modern gnutls' functions.
This introduces an ABI incompatibility with previous versions.
** API and ABI modifications:
+gnutls_pubkey_import_openpgp: MODIFIED
+
No changes since last version.
* Version 2.11.7 (released 2011-03-09)
diff --git a/guile/tests/openpgp-auth.scm b/guile/tests/openpgp-auth.scm
index fe3c0cf..3db9e42 100644
--- a/guile/tests/openpgp-auth.scm
+++ b/guile/tests/openpgp-auth.scm
@@ -31,9 +31,9 @@
;; TLS session settings.
(define %protos (list protocol/tls-1.0))
(define %certs (list certificate-type/openpgp))
-(define %ciphers (list cipher/null cipher/arcfour cipher/aes-128-cbc
+(define %ciphers (list cipher/arcfour cipher/aes-128-cbc
cipher/aes-256-cbc))
-(define %kx (list kx/rsa kx/rsa-export kx/dhe-rsa kx/dhe-dss))
+(define %kx (list kx/dhe-rsa kx/dhe-dss))
(define %macs (list mac/sha1 mac/rmd160 mac/md5))
;; Message sent by the client.
diff --git a/guile/tests/openpgp-pub.asc b/guile/tests/openpgp-elg-pub.asc
similarity index 100%
copy from guile/tests/openpgp-pub.asc
copy to guile/tests/openpgp-elg-pub.asc
diff --git a/guile/tests/openpgp-sec.asc b/guile/tests/openpgp-elg-sec.asc
similarity index 100%
copy from guile/tests/openpgp-sec.asc
copy to guile/tests/openpgp-elg-sec.asc
diff --git a/guile/tests/openpgp-keys.scm b/guile/tests/openpgp-keys.scm
index 774fa64..6049984 100644
--- a/guile/tests/openpgp-keys.scm
+++ b/guile/tests/openpgp-keys.scm
@@ -30,10 +30,10 @@
(srfi srfi-11))
(define %certificate-file
- (search-path %load-path "openpgp-pub.asc"))
+ (search-path %load-path "openpgp-elg-pub.asc"))
(define %private-key-file
- (search-path %load-path "openpgp-sec.asc"))
+ (search-path %load-path "openpgp-elg-sec.asc"))
(define %key-id
;; Change me if you change the key files.
diff --git a/guile/tests/openpgp-pub.asc b/guile/tests/openpgp-pub.asc
index 6bdfabf..4aa5cf9 100644
--- a/guile/tests/openpgp-pub.asc
+++ b/guile/tests/openpgp-pub.asc
@@ -1,24 +1,27 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+Comment: Test key for GnuTLS
-mQGiBDxKxWwRBADnLna2Lu+po71ZQJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZS
-p68dN89G/FBaweDGmbN4lbS8s+U1Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7
-pbNQ/4IuHNhwKnURTotzprCcs7k85E27UWybtflbtmYYhgKgoURyNsBljwCgj1te
-eNhfeSzCBy+UdGRXJvtNk3MD/jV41onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/
-RLPKvL4U3WRBJVWGPjmpxidmLXesNmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17a
-CTcFatW+ifQGnr1+x2zkMkQd9dUv/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmU
-bIZeBADQYUN6lk3eMYgYwrJN4AjmAJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhO
-slPGI+2nO0L/eLzmOmpTHXWmTOhUBROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5
-lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ7Za86Juuj3PYALBSE5y/jbRJT3BlbkNESyB0
-ZXN0IGtleSAoT25seSBpbnRlbmRlZCBmb3IgdGVzdCBwdXJwb3NlcyEpIDxvcGVu
-Y2RrQGZvby1iYXIub3JnPohaBBMRAgAaBQI8SsVsBQsHCgMEAxUDAgMWAgECHgEC
-F4AACgkQvVcs3MzAfDWBwQCcDhKNjtREfG3LzmFQ2c2G4g2EWaUAn2aBZiyAxqrP
-HS0rwgTwgv6A09ukuQENBDxKxW8QBADiAVZSYGnQZ9JPTXHm04ZY4IvjvyRsGtzg
-jbac2NRZwe0zVzhBB5h1Wv23nxeXzwIucMeWDxLKaJbSfP0koRzTFt3h+8wephXF
-wx/sZW5GcHjIdfxQmx7Lmci1bC2HXFDiAYtbD6N4YG62QlolM4MPVf0h1kkBVhXU
-mh0J6VEPXwADBQQA0L2t5AQydYZ1yH0HMMNgmBRnuuG+tswQWjwfNmv9vqEuN4RW
-UTI4uK1BTlKiqWYdHfHba7XzP2kGFmEHVWyBMiQzCzCTLbfIzIIlZy164kryRpdQ
-5Tm2YepkddLgPNjTg43EqKxK/SE1Nv4+luydCuplFktXbgGzeo3KifKyV9CIRgQY
-EQIABgUCPErFbwAKCRC9VyzczMB8NXVmAJ9gHh+Z4LB8d+Z/Puyh4Z+UY9NzZwCf
-asaetBGab/v0SefRVNguBdQIYds=
-=GwWK
+mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx
+mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq
+2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0
+CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
+AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg
+Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+
+6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X
+W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW
+aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4
+CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA
+oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1
+ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6
+CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc
+J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo
+e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS
+fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA
+CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6
+3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i
+BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8
+lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l
+YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==
+=ydIq
-----END PGP PUBLIC KEY BLOCK-----
diff --git a/guile/tests/openpgp-sec.asc b/guile/tests/openpgp-sec.asc
index 58bafee..886ba34 100644
--- a/guile/tests/openpgp-sec.asc
+++ b/guile/tests/openpgp-sec.asc
@@ -1,32 +1,35 @@
-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+Comment: Test key for GnuTLS
-lQG7BDxKxWwRBADnLna2Lu+po71ZQJMpJBgFDALXAp1sogZu/DTIYDhifGQ+saZS
-p68dN89G/FBaweDGmbN4lbS8s+U1Qf/aR2bWFowriq/WqyJGbQbRgDTV2saY5pk7
-pbNQ/4IuHNhwKnURTotzprCcs7k85E27UWybtflbtmYYhgKgoURyNsBljwCgj1te
-eNhfeSzCBy+UdGRXJvtNk3MD/jV41onWYG6RGOn5pwQrljzyPz2PE3eic8Dwl02/
-RLPKvL4U3WRBJVWGPjmpxidmLXesNmYq5El5LDJi0/EumDKnVlMJ1nugrk3yX17a
-CTcFatW+ifQGnr1+x2zkMkQd9dUv/9BtOeX2HjaUe2mKd8tiq4HkpBIr+QUGcdmU
-bIZeBADQYUN6lk3eMYgYwrJN4AjmAJa2DbimhLhag40Rn8kwMRiJrVejuSf0SPhO
-slPGI+2nO0L/eLzmOmpTHXWmTOhUBROAjp9bEM4HXTQXuAEWSRixMdNUTIdlqOy5
-lx9hoJ/HPVCYBhBrWXfSEcsOHQTQ7Za86Juuj3PYALBSE5y/jQAAn2P+O9oRyd/b
-1jXd4F2H8SSzMMu3DM/9JiM6RFNBX2ZhY3RvcjoAAK9+8VCrUSp2tkcQT5PxLJzr
-ENoOP4NB/SYjOkRTQV9mYWN0b3I6AACvTy8J9Y0wrRLLV4I96AjHaNfLwQp9E/0m
-IzpEU0FfZmFjdG9yOgAAr2T4CrVVKLaOwyIga909v8jvsToXmxu0SU9wZW5DREsg
-dGVzdCBrZXkgKE9ubHkgaW50ZW5kZWQgZm9yIHRlc3QgcHVycG9zZXMhKSA8b3Bl
-bmNka0Bmb28tYmFyLm9yZz6IWgQTEQIAGgUCPErFbAULBwoDBAMVAwIDFgIBAh4B
-AheAAAoJEL1XLNzMwHw1gcEAmQGbWA2HMKJfa1qvFUwrpVK9zdHtAJ9HHAujC4X+
-0AnRZNUKFdC94Ct+r50BMgQ8SsVvEAQA4gFWUmBp0GfST01x5tOGWOCL478kbBrc
-4I22nNjUWcHtM1c4QQeYdVr9t58Xl88CLnDHlg8SymiW0nz9JKEc0xbd4fvMHqYV
-xcMf7GVuRnB4yHX8UJsey5nItWwth1xQ4gGLWw+jeGButkJaJTODD1X9IdZJAVYV
-1JodCelRD18AAwUEANC9reQEMnWGdch9BzDDYJgUZ7rhvrbMEFo8HzZr/b6hLjeE
-VlEyOLitQU5SoqlmHR3x22u18z9pBhZhB1VsgTIkMwswky23yMyCJWcteuJK8kaX
-UOU5tmHqZHXS4DzY04ONxKisSv0hNTb+PpbsnQrqZRZLV24Bs3qNyonyslfQAAD6
-AqTLHwdVk3VLPMjSKNONdwwYPDTowJ5cHw5Uc2vRRG0OJf0mIzpFTEdfZmFjdG9y
-OgAAqwRFtBcGdsy2AtBSxX4HPMvtBiODIhf9JiM6RUxHX2ZhY3RvcjoAAKsFn0GK
-Y7/TzpNP3IdTXmkQfUXC+YpP/SYjOkVMR19mYWN0b3I6AACrBV0wh13upAu9+4N1
-rXOuK6EkJ4T1//0mIzpFTEdfZmFjdG9yOgAAqwbJVCRiM/nb341fujR8AELlrBOb
-Lqv9JiM6RUxHX2ZhY3RvcjoAAKsGhKSsyEs0Yrs4YvI0CBiIZn1b2G9LiEYEGBEC
-AAYFAjxKxW8ACgkQvVcs3MzAfDV1ZgCeLovqxqOYaIfjREbT8e9+2jy1D20An268
-JJzFTBkCFFN0YlBK57y6qjf0
-=0tJj
+lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5
+sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS
+qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB
+AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U
+FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q
+rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd
+TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO
+HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+
+Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH
+Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz
+dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA
+AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2
+78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp
+GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM
+nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY
+GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S
+Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg
+quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro
+f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3
+VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH
+DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU
+03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa
+0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ
+KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR
+AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z
++GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD
+XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA
+pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz
+YpFL4VP5wQ==
+=zzoN
-----END PGP PRIVATE KEY BLOCK-----
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 823d12a..cdd7feb 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -2173,6 +2173,7 @@ typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
/* having duplicate entries is ok, as long as the one
* we want to return OID from is first */
+ {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
{"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
{"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates
use this OID for RSA */
{"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken
certificates set RSA with MD5 as an indicator of RSA */
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index c7661cd..1e297c0 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -211,6 +211,8 @@ static const gnutls_error_entry error_algorithms[] = {
GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
GNUTLS_E_OPENPGP_UID_REVOKED, 1),
+ ERROR_ENTRY (N_("The OpenPGP key has not a preferred key set."),
+ GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
ERROR_ENTRY (N_("Error loading the keyring."),
GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index c52be50..886eb99 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -375,7 +375,8 @@ int ret;
* #gnutls_privkey_t structure.
*
* The #gnutls_openpgp_privkey_t object must not be deallocated
- * during the lifetime of this structure.
+ * during the lifetime of this structure. The subkey set as
+ * preferred will be used, or the master key otherwise.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -385,7 +386,8 @@ gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key,
unsigned int flags)
{
-int ret;
+int ret, idx;
+gnutls_openpgp_keyid_t keyid;
ret = check_if_clean(pkey);
if (ret < 0)
@@ -396,7 +398,22 @@ int ret;
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
- pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
+ {
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ }
+ else
+ {
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm
(key, idx, NULL);
+ }
+
pkey->flags = flags;
return 0;
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index b4deb73..0e788b2 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -327,7 +327,8 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
* @flags: should be zero
*
* This function will import the given public key to the abstract
- * #gnutls_pubkey_t structure.
+ * #gnutls_pubkey_t structure. The subkey set as preferred will be
+ * imported or the master key otherwise.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -335,32 +336,50 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
int
gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
unsigned int flags)
{
- int ret;
+ int ret, idx;
uint32_t kid32[2];
+ uint32_t *k;
+ gnutls_openpgp_keyid_t keyid;
ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid);
- if (ret < 0)
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
{
- gnutls_assert ();
- return ret;
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm(crt, NULL);
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt,
&key->bits);
+
+ ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ k = NULL;
}
+ else
+ {
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
- KEYID_IMPORT (kid32, keyid);
+ KEYID_IMPORT (kid32, keyid);
+ k = kid32;
- key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits);
+ idx = gnutls_openpgp_crt_get_subkey_idx (crt, keyid);
- ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
- if (ret < 0)
- key->key_usage = 0;
+ ret = gnutls_openpgp_crt_get_subkey_usage (crt, idx, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (crt,
idx, NULL);
+ }
switch (key->pk_algorithm)
{
case GNUTLS_PK_RSA:
ret =
- _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ _gnutls_openpgp_crt_get_mpis (crt, k, key->params,
&key->params_size);
if (ret < 0)
{
@@ -370,7 +389,7 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
break;
case GNUTLS_PK_DSA:
ret =
- _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params,
+ _gnutls_openpgp_crt_get_mpis (crt, k, key->params,
&key->params_size);
if (ret < 0)
{
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 6791b82..8bc46c6 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -25,7 +25,6 @@ int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey,
gnutls_pkcs11_obj_t crt, unsigned int flags);
int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey,
gnutls_openpgp_crt_t crt,
- gnutls_openpgp_keyid_t keyid,
unsigned int flags);
int
gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 9f694b6..faa3390 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1729,6 +1729,7 @@ extern "C"
#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
+#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
/* PKCS11 related */
#define GNUTLS_E_PKCS11_ERROR -300
diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index 9ccb398..8af0add 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -250,7 +250,6 @@ do_device_source_urandom (int init)
if ((device_fd > 0)
&& (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
{
-
/* More than a minute since we last read the device */
uint8_t buf[DEVICE_READ_SIZE_MAX];
uint32_t done;
@@ -348,7 +347,7 @@ static int
do_device_source (int init)
{
static pid_t pid; /* detect fork() */
- int ret;
+ int ret, reseed = 0;
static int (*do_source) (int init) = NULL;
/* using static var here is ok since we are
* always called with mutexes down
@@ -380,9 +379,15 @@ do_device_source (int init)
{ /* fork() detected */
device_last_read = 0;
pid = getpid();
+ reseed = 1;
}
- return do_source (init);
+ ret = do_source (init);
+
+ if (reseed)
+ yarrow256_slow_reseed (&yctx);
+
+ return ret;
}
}
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 5d14668..ba7cd27 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -126,7 +126,9 @@ _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert,
* called more than once (in case multiple keys/certificates exist
* for the server).
*
- * With this function the subkeys of the certificate are not used.
+ * Note that this function requires that the preferred key ids have
+ * been set and be used. See gnutls_openpgp_crt_set_preferred_key_id().
+ * Otherwise the master key will be used.
*
* Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
* otherwise an error code is returned.
@@ -139,6 +141,7 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
int ret;
gnutls_privkey_t privkey;
gnutls_cert *ccert;
+
/* this should be first */
ret = gnutls_privkey_init (&privkey);
@@ -147,7 +150,7 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
gnutls_assert ();
return ret;
}
-
+
ret =
gnutls_privkey_import_openpgp (privkey, pkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
@@ -277,7 +280,7 @@ leave:
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS credential
- * structure. The files should contain non encrypted keys.
+ * structure. The datum should contain at least one valid non encrypted subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -300,8 +303,7 @@ gnutls_certificate_set_openpgp_key_mem
(gnutls_certificate_credentials_t res,
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
- * credentials structure. The files should only contain one key which
- * is not encrypted.
+ * credentials structure. The file should contain at least one valid non
encrypted subkey.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
@@ -346,8 +348,7 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS
- * credentials structure. The files should only contain one key which
- * is not encrypted.
+ * credentials structure. The datum should contain at least one valid non
encrypted subkey.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
@@ -444,7 +445,7 @@ gnutls_certificate_set_openpgp_key_mem2
(gnutls_certificate_credentials_t res,
* @format: the format of the keys
*
* This funtion is used to load OpenPGP keys into the GnuTLS credential
- * structure. The files should contain non encrypted keys.
+ * structure. The file should contain at least one valid non encrypted subkey.
*
* The special keyword "auto" is also accepted as @subkey_id. In that
* case the gnutls_openpgp_crt_get_auth_subkey() will be used to
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index 9d25adc..229b69d 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -1559,7 +1559,10 @@ int
gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
gnutls_openpgp_keyid_t keyid)
{
- if (!key || !keyid || !key->preferred_set)
+ if (!key->preferred_set)
+ return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
+ if (!key || !keyid)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index be56305..4b26a8c 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -759,6 +759,7 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t
pkey,
goto error;
}
}
+
/* fixup will generate exp1 and exp2 that are not
* available here.
*/
@@ -1176,7 +1177,10 @@ int
gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
gnutls_openpgp_keyid_t keyid)
{
- if (!key || !keyid || !key->preferred_set)
+ if (!key->preferred_set)
+ return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
+ if (!key || !keyid)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
@@ -1321,8 +1325,8 @@ _gnutls_openpgp_privkey_decrypt_data
(gnutls_openpgp_privkey_t key,
gnutls_datum_t * plaintext)
{
int result, i;
- bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
- int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+ int params_size = MAX_PRIV_PARAMS_SIZE;
int pk_algorithm;
gnutls_openpgp_keyid_t keyid;
@@ -1340,11 +1344,18 @@ _gnutls_openpgp_privkey_decrypt_data
(gnutls_openpgp_privkey_t key,
KEYID_IMPORT (kid, keyid);
result = _gnutls_openpgp_privkey_get_mpis (key, kid,
params, ¶ms_size);
+
+ i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+
+ pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i,
NULL);
}
else
{
+ pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+
result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
params, ¶ms_size);
+
}
if (result < 0)
@@ -1353,8 +1364,6 @@ _gnutls_openpgp_privkey_decrypt_data
(gnutls_openpgp_privkey_t key,
return result;
}
- pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
-
if (pk_algorithm != GNUTLS_PK_RSA)
{
gnutls_assert ();
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b8adcfd..cd6e4d1 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -60,7 +60,7 @@ ctests = simple gc set_pkcs12_cred certder certuniqueid mpi
\
crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416 \
crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain \
nul-in-x509-names x509_altname pkcs12_encode mini-x509 \
- mini-x509-rehandshake #gendh
+ mini-x509-rehandshake rng-fork #gendh
if ENABLE_OPENSSL
ctests += openssl
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
index 2622f77..37c967c 100644
--- a/tests/openpgp-auth.c
+++ b/tests/openpgp-auth.c
@@ -43,12 +43,7 @@ static const char message[] = "Hello, brave GNU world!";
/* The OpenPGP key pair for use and the key ID in those keys. */
static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
-static const char *key_id = NULL
- /* FIXME: The values below don't work as expected. */
- /* "auto" */
- /* "bd572cdcccc07c35" */ ;
-
-static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem";
+static const char *key_id = NULL;
static void
log_message (int level, const char *message)
@@ -60,205 +55,201 @@ log_message (int level, const char *message)
void
doit ()
{
- int err;
+ int err, i;
int sockets[2];
const char *srcdir;
- char *pub_key_path, *priv_key_path, *rsa_params_path;
+ char *pub_key_path, *priv_key_path;
pid_t child;
gnutls_global_init ();
srcdir = getenv ("srcdir") ? getenv ("srcdir") : ".";
- if (debug)
- {
- gnutls_global_set_log_level (10);
- gnutls_global_set_log_function (log_message);
- }
-
- err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
- if (err != 0)
- fail ("socketpair %s\n", strerror (errno));
-
- pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
- strcpy (pub_key_path, srcdir);
- strcat (pub_key_path, "/");
- strcat (pub_key_path, pub_key_file);
-
- priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
- strcpy (priv_key_path, srcdir);
- strcat (priv_key_path, "/");
- strcat (priv_key_path, priv_key_file);
-
- rsa_params_path = alloca (strlen (srcdir) + strlen (rsa_params_file) + 2);
- strcpy (rsa_params_path, srcdir);
- strcat (rsa_params_path, "/");
- strcat (rsa_params_path, rsa_params_file);
-
- child = fork ();
- if (child == -1)
- fail ("fork %s\n", strerror (errno));
-
- if (child == 0)
+ for (i = 0; i < 3; i++)
{
- /* Child process (client). */
- gnutls_session_t session;
- gnutls_certificate_credentials_t cred;
- ssize_t sent;
-
- if (debug)
- printf ("client process %i\n", getpid ());
-
- err = gnutls_init (&session, GNUTLS_CLIENT);
- if (err != 0)
- fail ("client session %d\n", err);
-
- gnutls_priority_set_direct (session,
"NORMAL:+CTYPE-OPENPGP:-CTYPE-X.509", NULL);
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[0]);
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("client credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("client openpgp keys %d\n", err);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("client credential_set %d\n", err);
-
- gnutls_dh_set_prime_bits (session, 1024);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("client handshake %s (%d) \n", gnutls_strerror(err), err);
- else if (debug)
- printf ("client handshake successful\n");
-
- sent = gnutls_record_send (session, message, sizeof (message));
- if (sent != sizeof (message))
- fail ("client sent %li vs. %li\n",
- (long) sent, (long) sizeof (message));
-
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
- if (err != 0)
- fail ("client bye %d\n", err);
+ if (i == 0)
+ key_id = NULL; /* try using the master key */
+ else if (i == 1)
+ key_id = "auto"; /* test auto */
+ else if (i == 2)
+ key_id = "f30fd423c143e7ba";
if (debug)
- printf ("client done\n");
- }
- else
- {
- /* Parent process (server). */
- gnutls_session_t session;
- gnutls_dh_params_t dh_params;
- gnutls_rsa_params_t rsa_params;
- gnutls_certificate_credentials_t cred;
- char greetings[sizeof (message) * 2];
- ssize_t received;
- pid_t done;
- int status;
- size_t rsa_size;
- gnutls_datum_t rsa_data;
- const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
-
- if (debug)
- printf ("server process %i (child %i)\n", getpid (), child);
-
- err = gnutls_init (&session, GNUTLS_SERVER);
- if (err != 0)
- fail ("server session %d\n", err);
-
- gnutls_priority_set_direct (session,
"NORMAL:+CTYPE-OPENPGP:-CTYPE-X.509", NULL);
- gnutls_transport_set_ptr (session,
- (gnutls_transport_ptr_t) (intptr_t)
- sockets[1]);
-
- err = gnutls_certificate_allocate_credentials (&cred);
- if (err != 0)
- fail ("server credentials %d\n", err);
-
- err =
- gnutls_certificate_set_openpgp_key_file2 (cred,
- pub_key_path, priv_key_path,
- key_id,
- GNUTLS_OPENPGP_FMT_BASE64);
- if (err != 0)
- fail ("server openpgp keys %d\n", err);
-
- err = gnutls_dh_params_init (&dh_params);
- if (err)
- fail ("server DH params init %d\n", err);
-
- err =
- gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server DH params generate %d\n", err);
-
- gnutls_certificate_set_dh_params (cred, dh_params);
-
- rsa_data.data =
- (unsigned char *) read_binary_file (rsa_params_path, &rsa_size);
- if (rsa_data.data == NULL)
- fail ("server rsa params error\n");
- rsa_data.size = rsa_size;
-
- err = gnutls_rsa_params_init (&rsa_params);
- if (err)
- fail ("server RSA params init %d\n", err);
-
- err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
- GNUTLS_X509_FMT_PEM);
- if (err)
- fail ("server RSA params import %d\n", err);
-
- gnutls_certificate_set_rsa_export_params (cred, rsa_params);
-
- err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
- if (err != 0)
- fail ("server credential_set %d\n", err);
-
- gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
-
- err = gnutls_handshake (session);
- if (err != 0)
- fail ("server handshake %s (%d) \n", gnutls_strerror(err), err);
-
- received = gnutls_record_recv (session, greetings, sizeof (greetings));
- if (received != sizeof (message)
- || memcmp (greetings, message, sizeof (message)))
- fail ("server received %li vs. %li\n",
- (long) received, (long) sizeof (message));
+ {
+ gnutls_global_set_log_level (10);
+ gnutls_global_set_log_function (log_message);
+ }
- err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
if (err != 0)
- fail ("server bye %s (%d) \n", gnutls_strerror(err), err);
+ fail ("socketpair %s\n", strerror (errno));
- if (debug)
- printf ("server done\n");
+ pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
+ strcpy (pub_key_path, srcdir);
+ strcat (pub_key_path, "/");
+ strcat (pub_key_path, pub_key_file);
- done = wait (&status);
- if (done < 0)
- fail ("wait %s\n", strerror (errno));
+ priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
+ strcpy (priv_key_path, srcdir);
+ strcat (priv_key_path, "/");
+ strcat (priv_key_path, priv_key_file);
- if (done != child)
- fail ("who's that?! %d\n", done);
+ child = fork ();
+ if (child == -1)
+ fail ("fork %s\n", strerror (errno));
- if (WIFEXITED (status))
+ if (child == 0)
{
- if (WEXITSTATUS (status) != 0)
- fail ("child exited with status %d\n", WEXITSTATUS (status));
+ /* Child process (client). */
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ ssize_t sent;
+
+ if (debug)
+ printf ("client process %i\n", getpid ());
+
+ err = gnutls_init (&session, GNUTLS_CLIENT);
+ if (err != 0)
+ fail ("client session %d\n", err);
+
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[0]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("client credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path,
+ priv_key_path, key_id,
+
GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("client openpgp keys %s\n", gnutls_strerror (err));
+
+ err =
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("client credential_set %d\n", err);
+
+ gnutls_dh_set_prime_bits (session, 1024);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("client handshake %s (%d) \n", gnutls_strerror (err), err);
+ else if (debug)
+ printf ("client handshake successful\n");
+
+ sent = gnutls_record_send (session, message, sizeof (message));
+ if (sent != sizeof (message))
+ fail ("client sent %li vs. %li\n",
+ (long) sent, (long) sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("client bye %d\n", err);
+
+ if (debug)
+ printf ("client done\n");
}
- else if (WIFSIGNALED (status))
- fail ("child stopped by signal %d\n", WTERMSIG (status));
else
- fail ("child failed: %d\n", status);
+ {
+ /* Parent process (server). */
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_certificate_credentials_t cred;
+ char greetings[sizeof (message) * 2];
+ ssize_t received;
+ pid_t done;
+ int status;
+ const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) };
+
+ if (debug)
+ printf ("server process %i (child %i)\n", getpid (), child);
+
+ err = gnutls_init (&session, GNUTLS_SERVER);
+ if (err != 0)
+ fail ("server session %d\n", err);
+
+ gnutls_priority_set_direct (session,
+
"NONE:+VERS-TLS1.0:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+DHE-DSS:+DHE-RSA:+CTYPE-OPENPGP",
+ NULL);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t) (intptr_t)
+ sockets[1]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("server credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_path,
+ priv_key_path, key_id,
+
GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("server openpgp keys %s\n", gnutls_strerror (err));
+
+ err = gnutls_dh_params_init (&dh_params);
+ if (err)
+ fail ("server DH params init %d\n", err);
+
+ err =
+ gnutls_dh_params_import_pkcs3 (dh_params, &p3,
+ GNUTLS_X509_FMT_PEM);
+ if (err)
+ fail ("server DH params generate %d\n", err);
+
+ gnutls_certificate_set_dh_params (cred, dh_params);
+
+ err =
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("server credential_set %d\n", err);
+
+ gnutls_certificate_server_set_request (session,
+ GNUTLS_CERT_REQUIRE);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("server handshake %s (%d) \n", gnutls_strerror (err), err);
+
+ received =
+ gnutls_record_recv (session, greetings, sizeof (greetings));
+ if (received != sizeof (message)
+ || memcmp (greetings, message, sizeof (message)))
+ fail ("server received %li vs. %li\n", (long) received,
+ (long) sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("server bye %s (%d) \n", gnutls_strerror (err), err);
+
+ if (debug)
+ printf ("server done\n");
+
+ done = wait (&status);
+ if (done < 0)
+ fail ("wait %s\n", strerror (errno));
+
+ if (done != child)
+ fail ("who's that?! %d\n", done);
+
+ if (WIFEXITED (status))
+ {
+ if (WEXITSTATUS (status) != 0)
+ fail ("child exited with status %d\n", WEXITSTATUS (status));
+ }
+ else if (WIFSIGNALED (status))
+ fail ("child stopped by signal %d\n", WTERMSIG (status));
+ else
+ fail ("child failed: %d\n", status);
+ }
+
}
}
diff --git a/tests/openpgpself.c b/tests/openpgpself.c
index bbaf61d..8d2a48f 100644
--- a/tests/openpgpself.c
+++ b/tests/openpgpself.c
@@ -60,46 +60,72 @@ tls_log_func (int level, const char *str)
#define MSG "Hello TLS"
static unsigned char cert_txt[] =
- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
- "Version: GnuPG v1.0.6 (GNU/Linux)\n"
- "Comment: For info see http://www.gnupg.org\n";
- "\n"
- "mQGiBDxnlY0RBACAsWUhi/goBvpvTBgL8fFPwBAuD04VYFEtC7+4pBp6kFsHjUR7\n"
- "TTUkBsOk2PvMHrDdv0+C4x2CH8YGP1e+O0f2yLWk8Uu+kkF12yiqbbvDEiCdeJT6\n"
- "c3vIstY8vJ9Jso5g/LB8Xggq88R7jXFS3hH+WC5v/6P6SARfzXl457cVewCgvxSf\n"
- "Gsm9mFospJ0B3RGyg5MB0d8D/RQQryJCGdR2nLe4VfctPL2QBD/1XhtubqEbetaV\n"
- "PxssqrJdA+eplBRT7UHokSBahM8gmSmNuSrLDujPfEtaMg6YIkB+Kq0VeJLE0cXT\n"
- "ZIH29KJlI/qk1xG4K7D6B0cKaHC/L4BIoKcQLJzfTIPw3frS4jVeNaQZNHSVqZ8/\n"
- "VmOMA/9rkNtccQ4RVd9WTFoHKvT4vfiISEOIzKGmcBY9Hymq7MCci3mNe4CDImkv\n"
- "ZgnjDlJAM91CX1ODthPLBqvyhnMhhxDnaDl4Nh42uPMSr9JEW2IwoIbFne10ihGT\n"
- "O4lBS1C28UfSGEMm/8JBMtxAjbYy3BYzUtCMA+bGBG6Voe5i5LQlRHIuIFdobyAo\n"
- "Tm8gY29tbWVudHMpIDx3aG9Ad2hvaXMub3JnPohdBBMRAgAdBQI8Z5WNBQkDwmcA\n"
- "BQsHCgMEAxUDAgMWAgECF4AACgkQNRRc6qfZPD+WWACfeJnLyfbpTDB7mDh3aATb\n"
- "+0PXz28AoKRdApBVM6Bty+vWyXH6HfF6ZTj+\n"
- "=m8dH\n" "-----END PGP PUBLIC KEY BLOCK-----\n";
+"-----BEGIN PGP PUBLIC KEY BLOCK-----\n"
+"Version: GnuPG v1.4.10 (GNU/Linux)\n"
+"Comment: Test key for GnuTLS\n"
+"\n"
+"mI0ETYD2OQEEAMHmDBtJii82NbWuYcvEWCYnwa7GTcz2PYikYCcq/t5nkyb5Bfmx\n"
+"mh2hpto7Lr5d1L/shvab1gXCcrWEAREgNNk9LiowtLuTHBdeOFlJ1u1P1rvdFVKq\n"
+"2a6ft77Q5VltUDKPgTqz4NWH2KUlLfTvwJDnq2DxYsbwVpBDURuUocXhABEBAAG0\n"
+"CVRlc3QgdXNlcoi4BBMBAgAiBQJNgPY5AhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe\n"
+"AQIXgAAKCRAMTrFUBnAKMOVDA/9GEw7AokwJSGvHREriXcvMMKp6c6SYqa0TVsTg\n"
+"Gh3ENu/KTfGJIM5p+zR6xy+5u5DfP5qLrRdCnoczncR5w9fn3RsP8ju/Ga5z23Q+\n"
+"6XxRKRkXjE/E0ZFulbuaBom/nhrOmmfqKe7Mor9Y4QwzL2wL3sf6jWLglwdFYS/X\n"
+"W3wqjLkBogRNgPY5EQQApafdUhCAHj8LLXYCqOXRSPZbKzvB55NwWrdvnod0seUW\n"
+"aiTSWBlKnSvIomdcII/E3bjdngK4fTJ+Xr5pEJuzBnW3w787r6jBJSq2Lp0T9SP4\n"
+"CBzd0gXcOQkILvX1VzxAsYVULJA0mhAR3IHFcywjX6ENKuvs7ApniBNoXqi6d3cA\n"
+"oIAzYKrjyZ+guM4IUlRRrB8abx5vBACJPV+d15GYgzt1d8zLvOl/mzs85Twj2SB1\n"
+"ZqzK6H/6QxQkEZpP/UVFpXaUGUly3nGEqg1yw4cgqW4SSxgLFz6B23Si+cTsssE6\n"
+"CYziN1UI6NjxkoG/npMm0wRp7Z+KylEolAdbFBAAprORkt58CrGgpYe8O/35+PWc\n"
+"J9rjhwxxkQP/VCpbZLugkL4XHWGWFGG35S6k9F3xPPTPoX9Zoud+0bOeoOK5RQHo\n"
+"e99sVNN4hxxPTM/rJXfTTZUoB6o84yulTSxb6C9ueHotDV0eB9QX1ov/ltmwy3XS\n"
+"fXEyWtI0CDBuZgEww26Up0pzg4XTBYMkmXrxx3J9ihcCIYyAHoE13EWI5wQYAQIA\n"
+"CQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkRAgAGBQJNgPY5AAoJEPMP1CPBQ+e6\n"
+"3fQAnR7HWLnQTbxCIhlBTZiuJv2HC6cbAJwJ6VsSU6ADCkMuGT3LLNo+UnckK+4i\n"
+"BACcivWsW40ddtEQ0wno1uP65TmKq3aJrdODXTAnqkmNQKL7X7Fz+nmEWiS+LBH8\n"
+"lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZApto5cjem/EnO7op2QwkCCa6oUp0l\n"
+"YA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfszYpFL4VP5wQ==\n"
+"=ydIq\n"
+"-----END PGP PUBLIC KEY BLOCK-----\n";
+
const gnutls_datum_t cert = { cert_txt, sizeof (cert_txt) };
static unsigned char key_txt[] =
- "-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
- "Version: GnuPG v1.0.6 (GNU/Linux)\n"
- "Comment: For info see http://www.gnupg.org\n";
- "\n"
- "lQG7BDxnlY0RBACAsWUhi/goBvpvTBgL8fFPwBAuD04VYFEtC7+4pBp6kFsHjUR7\n"
- "TTUkBsOk2PvMHrDdv0+C4x2CH8YGP1e+O0f2yLWk8Uu+kkF12yiqbbvDEiCdeJT6\n"
- "c3vIstY8vJ9Jso5g/LB8Xggq88R7jXFS3hH+WC5v/6P6SARfzXl457cVewCgvxSf\n"
- "Gsm9mFospJ0B3RGyg5MB0d8D/RQQryJCGdR2nLe4VfctPL2QBD/1XhtubqEbetaV\n"
- "PxssqrJdA+eplBRT7UHokSBahM8gmSmNuSrLDujPfEtaMg6YIkB+Kq0VeJLE0cXT\n"
- "ZIH29KJlI/qk1xG4K7D6B0cKaHC/L4BIoKcQLJzfTIPw3frS4jVeNaQZNHSVqZ8/\n"
- "VmOMA/9rkNtccQ4RVd9WTFoHKvT4vfiISEOIzKGmcBY9Hymq7MCci3mNe4CDImkv\n"
- "ZgnjDlJAM91CX1ODthPLBqvyhnMhhxDnaDl4Nh42uPMSr9JEW2IwoIbFne10ihGT\n"
- "O4lBS1C28UfSGEMm/8JBMtxAjbYy3BYzUtCMA+bGBG6Voe5i5AAAnjMCLPrxGdgE\n"
- "I0xXdwCQ4Sh2diNECAj9JiM6RFNBX2ZhY3RvcjoAAK9cun7/j4AUMmdvIy5UMJph\n"
- "A6eq6atP/SYjOkRTQV9mYWN0b3I6AACvVjUuomodmmyCggPHWdeVSzpX3ODEHf0m\n"
- "IzpEU0FfZmFjdG9yOgAAr2Iv9H2aSH+vJKGYW/BO4ehQwwFck7u0JURyLiBXaG8g\n"
- "KE5vIGNvbW1lbnRzKSA8d2hvQHdob2lzLm9yZz6IXQQTEQIAHQUCPGeVjQUJA8Jn\n"
- "AAULBwoDBAMVAwIDFgIBAheAAAoJEDUUXOqn2Tw/llgAnjBPQdWxIqBCQGlcI2K/\n"
- "gLkZR1ARAJ9kaAeJYERc0bV/vlm0ot7UDdr+bQ==\n"
- "=4M0W\n" "-----END PGP PRIVATE KEY BLOCK-----\n";
+"-----BEGIN PGP PRIVATE KEY BLOCK-----\n"
+"Version: GnuPG v1.4.10 (GNU/Linux)\n"
+"Comment: Test key for GnuTLS\n"
+"\n"
+"lQHYBE2A9jkBBADB5gwbSYovNjW1rmHLxFgmJ8Guxk3M9j2IpGAnKv7eZ5Mm+QX5\n"
+"sZodoabaOy6+XdS/7Ib2m9YFwnK1hAERIDTZPS4qMLS7kxwXXjhZSdbtT9a73RVS\n"
+"qtmun7e+0OVZbVAyj4E6s+DVh9ilJS3078CQ56tg8WLG8FaQQ1EblKHF4QARAQAB\n"
+"AAP9HJePsXZmqg+UW/Ya9bE+TmIObXdQgajN6hhTFXOBocokKNsPxoIp97Sepg+U\n"
+"FP5BIQv/2t2f8bl6sMmGXsAhCqVzRxGuA+9USx8OfTHSdgIKT5T2VFSGJaU4df3Q\n"
+"rstUY3dcvl6VKpDDZic1T7u2ANzaWM2u+pwooKC4cc/k9AECAMNDvrKF3FC7R9sd\n"
+"TagVrrfde0RZuwhbGW9ghslkY893EelXQL/lbBI20crPdrsdDpMe370KO2bQLqwO\n"
+"HGAxIYUCAP41iC7KReYvysLZ34tM55ZFE7BPsMcXUeu6hkYOMDZYvE+x4KV6Umo+\n"
+"Civd4qD9dESR3WOcI9MwALUdNTxQU60B/21MrWjajY1m1vv7l2slJon5eSrH6BkH\n"
+"Aj173uZca8HbgqSF1xOQW8ZGa6KInN3wHe+vPOXAgzlku/4XHgEYVVGeq7QJVGVz\n"
+"dCB1c2VyiLgEEwECACIFAk2A9jkCGy8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA\n"
+"AAoJEAxOsVQGcAow5UMD/0YTDsCiTAlIa8dESuJdy8wwqnpzpJiprRNWxOAaHcQ2\n"
+"78pN8Ykgzmn7NHrHL7m7kN8/moutF0KehzOdxHnD1+fdGw/yO78ZrnPbdD7pfFEp\n"
+"GReMT8TRkW6Vu5oGib+eGs6aZ+op7syiv1jhDDMvbAvex/qNYuCXB0VhL9dbfCqM\n"
+"nQG7BE2A9jkRBAClp91SEIAePwstdgKo5dFI9lsrO8Hnk3Bat2+eh3Sx5RZqJNJY\n"
+"GUqdK8iiZ1wgj8TduN2eArh9Mn5evmkQm7MGdbfDvzuvqMElKrYunRP1I/gIHN3S\n"
+"Bdw5CQgu9fVXPECxhVQskDSaEBHcgcVzLCNfoQ0q6+zsCmeIE2heqLp3dwCggDNg\n"
+"quPJn6C4zghSVFGsHxpvHm8EAIk9X53XkZiDO3V3zMu86X+bOzzlPCPZIHVmrMro\n"
+"f/pDFCQRmk/9RUWldpQZSXLecYSqDXLDhyCpbhJLGAsXPoHbdKL5xOyywToJjOI3\n"
+"VQjo2PGSgb+ekybTBGntn4rKUSiUB1sUEACms5GS3nwKsaClh7w7/fn49Zwn2uOH\n"
+"DHGRA/9UKltku6CQvhcdYZYUYbflLqT0XfE89M+hf1mi537Rs56g4rlFAeh732xU\n"
+"03iHHE9Mz+sld9NNlSgHqjzjK6VNLFvoL254ei0NXR4H1BfWi/+W2bDLddJ9cTJa\n"
+"0jQIMG5mATDDbpSnSnODhdMFgySZevHHcn2KFwIhjIAegTXcRQAAn2PK9kOqhjOJ\n"
+"KU5iaagnF176FwhdCO2I5wQYAQIACQUCTYD2OQIbIgBSCRAMTrFUBnAKMEcgBBkR\n"
+"AgAGBQJNgPY5AAoJEPMP1CPBQ+e63fQAniK5kU+dwIbkD+OHJHkC73V6v4D8AJ0Z\n"
+"+GBYj4nhKEX21QXfj55F3Zpg1e4iBACcivWsW40ddtEQ0wno1uP65TmKq3aJrdOD\n"
+"XTAnqkmNQKL7X7Fz+nmEWiS+LBH8lRvAaeRPX2LV+DCJDbAPrYd7LkOHyuM0I+ZA\n"
+"pto5cjem/EnO7op2QwkCCa6oUp0lYA6i6aGF2KGx7WQwi2URIMPhihpOvAbkjfsz\n"
+"YpFL4VP5wQ==\n"
+"=zzoN\n"
+"-----END PGP PRIVATE KEY BLOCK-----\n";
const gnutls_datum_t key = { key_txt, sizeof (key_txt) };
diff --git a/tests/rng-fork.c b/tests/rng-fork.c
new file mode 100644
index 0000000..1e4b5e5
--- /dev/null
+++ b/tests/rng-fork.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include "utils.h"
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include "../lib/random.h"
+
+static void dump(const char* name, unsigned char* buf, int buf_size)
+{
+int i;
+ printf("%s: ", name);
+ for(i=0;i<buf_size;i++)
+ printf("%.2x:", buf[i]);
+ printf("\n");
+}
+
+
+
+void
+doit (void)
+{
+ unsigned char buf1[32];
+ unsigned char buf2[32];
+ pid_t pid;
+ int ret;
+ FILE* fp;
+
+
+ gnutls_global_init ();
+
+ pid = fork();
+ if (pid == 0)
+ {
+ fp = fopen("/tmp/rng-test", "w");
+ if (fp == NULL)
+ fail("cannot open file");
+
+ _gnutls_rnd (GNUTLS_RND_RANDOM, buf1, sizeof (buf1));
+ if (debug) dump("buf1", buf1, sizeof(buf1));
+
+ fwrite(buf1, 1, sizeof(buf1), fp);
+ fclose(fp);
+ }
+ else
+ {
+ /* daddy */
+ _gnutls_rnd (GNUTLS_RND_RANDOM, buf2, sizeof (buf2));
+ if (debug) dump("buf2", buf2, sizeof(buf2));
+ waitpid(pid, NULL, 0);
+
+ fp = fopen("/tmp/rng-test", "r");
+ if (fp == NULL)
+ fail("cannot open file");
+
+ ret = fread(buf1, 1, sizeof(buf1), fp);
+
+ if (ret != sizeof(buf1))
+ {
+ fail("error testing the random generator.");
+ return;
+ }
+
+ if (memcmp(buf1, buf2, sizeof(buf1))==0)
+ {
+ fail("error in the random generator. Produces same valus after
fork()");
+ return;
+ }
+
+ success("success");
+ }
+}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_7-23-g61dbafd,
Nikos Mavrogiannopoulos <=