[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-74-g643ebdf
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-74-g643ebdf |
|
Date: |
Sat, 08 Oct 2011 11:40:07 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=643ebdf12b415fc3edd3b7bc12654bc92d3aed24
The branch, master has been updated
via 643ebdf12b415fc3edd3b7bc12654bc92d3aed24 (commit)
via 690ba815c6dc733c5b7d25038ba5eab88607c38e (commit)
via 8c6c8b114cd7a5886aa21304ab0fc2ac8de29f8c (commit)
via 1618e176162d9c60b0a6209d4a2f18d043ed30b4 (commit)
via 09a46913ed28e7e1c066adabe0167b09299ac446 (commit)
from 0d6015e52a737e6f2469b368228ff22ea51c7b51 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 643ebdf12b415fc3edd3b7bc12654bc92d3aed24
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 12:47:07 2011 +0200
avoid usage of C99 constructs.
commit 690ba815c6dc733c5b7d25038ba5eab88607c38e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 12:43:42 2011 +0200
is_padlock_nano moved to padlock-common.s to allow easier upgrade
to Andy's newer code.
commit 8c6c8b114cd7a5886aa21304ab0fc2ac8de29f8c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 12:43:10 2011 +0200
Added more elaborate test of hash functions.
commit 1618e176162d9c60b0a6209d4a2f18d043ed30b4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 05:13:51 2011 +0200
HASH2MAC macro is no more.
commit 09a46913ed28e7e1c066adabe0167b09299ac446
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Oct 8 05:09:02 2011 +0200
Key ID calculation is now consistent on all structures. It
is a SHA1 hash of the subjectPublicKeyInfo structures.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +
lib/accelerated/x86/Makefile.am | 5 +-
lib/accelerated/x86/asm/padlock-common.s | 40 ++++++++++
lib/accelerated/x86/asm/padlock-x86-64.s | 18 -----
lib/accelerated/x86/asm/padlock-x86.s | 17 ----
lib/gnutls_int.h | 2 -
lib/gnutls_ui.c | 2 +-
lib/x509/common.c | 38 +++++++++
lib/x509/common.h | 2 +
lib/x509/crq.c | 106 ++------------------------
lib/x509/mpi.c | 2 +-
lib/x509/output.c | 4 +-
lib/x509/x509.c | 121 ++++++------------------------
src/certtool.c | 2 +-
src/cli.c | 2 +-
tests/cipher-test.c | 101 ++++++++++++++++++++++---
16 files changed, 212 insertions(+), 253 deletions(-)
create mode 100644 lib/accelerated/x86/asm/padlock-common.s
diff --git a/NEWS b/NEWS
index e7eb6a4..4c324d3 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ SHA256 and elliptic curves.
the software version of the ciphers instead of hw accelerated
(where available)
+** libgnutls: Public key ID calculation is consistent among
+all structures. It uses a SHA-1 hash of the subjectPublicKeyInfo.
+
** libgnutls: gnutls_privkey_t allows setting external callback
to perform signing or decryption. Can be set using
gnutls_privkey_import_ext()
diff --git a/lib/accelerated/x86/Makefile.am b/lib/accelerated/x86/Makefile.am
index 591df1d..ee55d1f 100644
--- a/lib/accelerated/x86/Makefile.am
+++ b/lib/accelerated/x86/Makefile.am
@@ -38,9 +38,8 @@ libx86_la_SOURCES = sha-padlock.c hmac-padlock.c aes-x86.c
aes-padlock.c aes-gcm
if ASM_X86_64
AM_CFLAGS += -DASM_X86_64 -DASM_X86
-libx86_la_SOURCES += asm/appro-aes-x86-64.s asm/appro-aes-gcm-x86-64.s
aes-gcm-x86.c asm/padlock-x86-64.s asm/cpuid-x86-64.s
+libx86_la_SOURCES += asm/appro-aes-x86-64.s asm/appro-aes-gcm-x86-64.s
aes-gcm-x86.c asm/padlock-x86-64.s asm/cpuid-x86-64.s asm/padlock-common.s
else
AM_CFLAGS += -DASM_X86_32 -DASM_X86
-libx86_la_SOURCES += asm/appro-aes-x86.s asm/padlock-x86.s asm/cpuid-x86.s
+libx86_la_SOURCES += asm/appro-aes-x86.s asm/padlock-x86.s asm/cpuid-x86.s
asm/padlock-common.s
endif
-
diff --git a/lib/accelerated/x86/asm/padlock-common.s
b/lib/accelerated/x86/asm/padlock-common.s
new file mode 100644
index 0000000..0af112f
--- /dev/null
+++ b/lib/accelerated/x86/asm/padlock-common.s
@@ -0,0 +1,40 @@
+#
+# Copyright (C) 2011 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+.file "padlock-common.s"
+.text
+.globl is_padlock_nano
+.type is_padlock_nano,@function
+.align 16
+is_padlock_nano:
+ xorl %eax,%eax
+ cpuid
+ movl $1,%eax
+ cpuid
+ or $0x000f,%eax
+ cmp $0x06ff,%eax
+ jne .Lno_nano
+ mov $1,%eax
+ ret
+.Lno_nano:
+ xorl %eax,%eax
+ ret
+.size is_padlock_nano,.-is_padlock_nano
diff --git a/lib/accelerated/x86/asm/padlock-x86-64.s
b/lib/accelerated/x86/asm/padlock-x86-64.s
index 31542ac..e18f7a5 100644
--- a/lib/accelerated/x86/asm/padlock-x86-64.s
+++ b/lib/accelerated/x86/asm/padlock-x86-64.s
@@ -36,24 +36,6 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.text
-.globl is_padlock_nano
-.type is_padlock_nano,@function
-.align 16
-is_padlock_nano:
- xorl %eax,%eax
- cpuid
- movl $1,%eax
- cpuid
- or $0x000f,%eax
- cmp $0x06ff,%eax
- jne .Lno_nano
- mov $1,%eax
- ret
-.Lno_nano:
- xorl %eax,%eax
- ret
-.size is_padlock_nano,.-is_padlock_nano
-
.globl padlock_capability
.type padlock_capability,@function
.align 16
diff --git a/lib/accelerated/x86/asm/padlock-x86.s
b/lib/accelerated/x86/asm/padlock-x86.s
index 297f13a..a0aed2c 100644
--- a/lib/accelerated/x86/asm/padlock-x86.s
+++ b/lib/accelerated/x86/asm/padlock-x86.s
@@ -37,23 +37,6 @@
.file "padlock-x86.s"
.text
-.globl is_padlock_nano
-.type is_padlock_nano,@function
-.align 16
-is_padlock_nano:
- xorl %eax,%eax
- cpuid
- movl $1,%eax
- cpuid
- or $0x000f,%eax
- cmp $0x06ff,%eax
- jne .Lno_nano
- mov $1,%eax
- ret
-.Lno_nano:
- xorl %eax,%eax
- ret
-.size is_padlock_nano,.-is_padlock_nano
.globl padlock_capability
.type padlock_capability,@function
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8e15f4c..f36b285 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -188,8 +188,6 @@ typedef enum transport_t
#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert();
return RET;} } while (0)
#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert();
COM;} } while (0)
-#define HASH2MAC(x) ((gnutls_mac_algorithm_t)x)
-
#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index 79b17d5..248c8a0 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -557,7 +557,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo,
size_t * result_size)
{
int ret;
- int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
+ int hash_len = _gnutls_hash_get_algo_len (algo);
if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
{
diff --git a/lib/x509/common.c b/lib/x509/common.c
index ea94079..6bb4746 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -1169,6 +1169,7 @@ _asnstr_append_name (char *name, size_t name_size, const
char *part1,
}
+
/* Encodes and copies the private key parameters into a
* subjectPublicKeyInfo structure.
*
@@ -1245,6 +1246,43 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
return 0;
}
+/* Encodes and public key parameters into a
+ * subjectPublicKeyInfo structure and stores it in der.
+ */
+int
+_gnutls_x509_encode_PKI_params (gnutls_datum_t *der,
+ gnutls_pk_algorithm_t
+ pk_algorithm, gnutls_pk_params_st * params)
+{
+ int ret;
+ ASN1_TYPE tmp;
+
+ ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Certificate", &tmp);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ ret = _gnutls_x509_encode_and_copy_PKI_params (tmp,
+ "tbsCertificate.subjectPublicKeyInfo",
+ pk_algorithm, params);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_der_encode(tmp, "tbsCertificate.subjectPublicKeyInfo",
der, 0);
+
+cleanup:
+ asn1_delete_structure (&tmp);
+
+ return ret;
+}
+
/* Reads and returns the PK algorithm of the given certificate-like
* ASN.1 structure. src_name should be something like
"tbsCertificate.subjectPublicKeyInfo".
*/
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 0456f27..d6cafda 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -132,6 +132,8 @@ int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
const char *dst_name,
gnutls_pk_algorithm_t
pk_algorithm, gnutls_pk_params_st
* params);
+int _gnutls_x509_encode_PKI_params(gnutls_datum_t* der,
+ gnutls_pk_algorithm_t, gnutls_pk_params_st*
params);
int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
ASN1_TYPE src, const char *src_name);
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index ba7a7c6..fa4c25b 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -2264,55 +2264,6 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t
crq,
return 0;
}
-static int
-rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
- unsigned char *output_data, size_t * output_data_size)
-{
- gnutls_pk_params_st params;
- int result = 0;
- gnutls_datum_t der = { NULL, 0 };
- digest_hd_st hd;
-
- gnutls_pk_params_init(¶ms);
-
- result = _gnutls_x509_crq_get_mpis (crq, ¶ms);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result = _gnutls_x509_write_pubkey( pk, ¶ms, &der);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- _gnutls_hash (&hd, der.data, der.size);
-
- _gnutls_hash_deinit (&hd, output_data);
- *output_data_size = 20;
-
- result = 0;
-
-cleanup:
-
- _gnutls_free_datum (&der);
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(¶ms);
- return result;
-}
-
/**
* gnutls_x509_crq_get_key_id:
* @crq: a certificate of type #gnutls_x509_crq_t
@@ -2340,8 +2291,8 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
unsigned char *output_data,
size_t * output_data_size)
{
- int pk, result = 0, len;
- gnutls_datum_t pubkey;
+ int pk, ret = 0;
+ gnutls_pk_params_st params;
if (crq == NULL)
{
@@ -2349,12 +2300,6 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
return GNUTLS_E_INVALID_REQUEST;
}
- if (*output_data_size < 20)
- {
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
pk = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
if (pk < 0)
{
@@ -2362,51 +2307,18 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq,
unsigned int flags,
return pk;
}
- if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
- {
- /* This is for compatibility with what GnuTLS has printed for
- RSA/DSA before the code below was added. The code below is
- applicable to all types, and it would probably be a better
- idea to use it for RSA/DSA too, but doing so would break
- backwards compatibility. */
- return rsadsa_crq_get_key_id (crq, pk, output_data, output_data_size);
- }
-
- pubkey.size = 0;
- result =
- asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL,
- &len, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- pubkey.data = gnutls_malloc (len);
- if (pubkey.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result =
- asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo",
- pubkey.data, &len, NULL);
- if (result != ASN1_SUCCESS)
+ ret = _gnutls_x509_crq_get_mpis (crq, ¶ms);
+ if (ret < 0)
{
gnutls_assert ();
- gnutls_free (pubkey.data);
- return _gnutls_asn2err (result);
+ return ret;
}
+
+ ret = _gnutls_get_key_id(pk, ¶ms, output_data, output_data_size);
- pubkey.size = len;
-
- result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
- output_data, output_data_size);
-
- gnutls_free (pubkey.data);
+ gnutls_pk_params_release(¶ms);
- return result;
+ return ret;
}
/**
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index f8d0ee5..e4a2a6c 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -197,7 +197,7 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char
*dst_name,
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".algorithm");
- pk = _gnutls_x509_sign_to_oid (pk_algorithm, HASH2MAC (dig));
+ pk = _gnutls_x509_sign_to_oid (pk_algorithm, dig);
if (pk == NULL)
{
gnutls_assert ();
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 78ac29d..6bf02ce 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -1421,8 +1421,8 @@ static void
print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
int err;
- char buffer[20];
- size_t size = 20;
+ char buffer[32];
+ size_t size = sizeof(buffer);
err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size);
if (err < 0)
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 463fbd2..f186a6f 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -2186,76 +2186,36 @@ _gnutls_get_key_id (gnutls_pk_algorithm_t pk,
gnutls_pk_params_st * params,
unsigned char *output_data,
size_t * output_data_size)
{
- int result = 0;
+ int ret = 0;
gnutls_datum_t der = { NULL, 0 };
- digest_hd_st hd;
+ const gnutls_digest_algorithm_t hash = GNUTLS_DIG_SHA1;
+ int digest_len = _gnutls_hash_get_algo_len(hash);
- if (output_data == NULL || *output_data_size < 20)
+ if (output_data == NULL || *output_data_size < digest_len)
{
gnutls_assert ();
- *output_data_size = 20;
+ *output_data_size = digest_len;
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
- result = _gnutls_x509_write_pubkey(pk, params, &der);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
+ ret = _gnutls_x509_encode_PKI_params(&der, pk, params);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
- result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
- if (result < 0)
+ ret = _gnutls_hash_fast(hash, der.data, der.size, output_data);
+ if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
+ *output_data_size = digest_len;
- _gnutls_hash (&hd, der.data, der.size);
-
- _gnutls_hash_deinit (&hd, output_data);
- *output_data_size = 20;
-
- result = 0;
+ ret = 0;
cleanup:
_gnutls_free_datum (&der);
- return result;
-}
-
-
-static int
-rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
- unsigned char *output_data, size_t * output_data_size)
-{
- gnutls_pk_params_st params;
- int result = 0;
-
- result = _gnutls_x509_crt_get_mpis (crt, ¶ms);
- if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
-
- result =
- _gnutls_get_key_id (pk, ¶ms, output_data,
- output_data_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
- result = 0;
-
-cleanup:
-
- /* release all allocated MPIs
- */
- gnutls_pk_params_release(¶ms);
- return result;
+ return ret;
}
/**
@@ -2283,8 +2243,8 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
unsigned char *output_data,
size_t * output_data_size)
{
- int pk, result = 0, len;
- gnutls_datum_t pubkey;
+ int pk, ret = 0;
+ gnutls_pk_params_st params;
if (crt == NULL)
{
@@ -2292,13 +2252,6 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
return GNUTLS_E_INVALID_REQUEST;
}
- if (*output_data_size < 20)
- {
- gnutls_assert ();
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
if (pk < 0)
{
@@ -2306,48 +2259,18 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
unsigned int flags,
return pk;
}
- if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
- {
- /* This is for compatibility with what GnuTLS has printed for
- RSA/DSA before the code below was added. The code below is
- applicable to all types, and it would probably be a better
- idea to use it for RSA/DSA too, but doing so would break
- backwards compatibility. */
- return rsadsa_get_key_id (crt, pk, output_data, output_data_size);
- }
-
- len = 0;
- result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- NULL, &len, NULL);
- if (result != ASN1_MEM_ERROR)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- pubkey.data = gnutls_malloc (len);
- if (pubkey.data == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
- pubkey.data, &len, NULL);
- if (result != ASN1_SUCCESS)
+ ret = _gnutls_x509_crt_get_mpis (crt, ¶ms);
+ if (ret < 0)
{
gnutls_assert ();
- gnutls_free (pubkey.data);
- return _gnutls_asn2err (result);
+ return ret;
}
+
+ ret = _gnutls_get_key_id(pk, ¶ms, output_data, output_data_size);
- pubkey.size = len;
- result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
- output_data, output_data_size);
-
- gnutls_free (pubkey.data);
+ gnutls_pk_params_release(¶ms);
- return result;
+ return ret;
}
diff --git a/src/certtool.c b/src/certtool.c
index 5362871..824165a 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -2348,7 +2348,7 @@ generate_pkcs12 (common_info_st * cinfo)
const char *name;
unsigned int flags, i;
gnutls_datum_t key_id;
- unsigned char _key_id[20];
+ unsigned char _key_id[32];
int indx;
size_t ncrts;
diff --git a/src/cli.c b/src/cli.c
index ae665c2..f8737ed 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -173,7 +173,7 @@ load_keys (void)
gnutls_pkcs11_privkey_t pkcs11_key;
#endif
gnutls_x509_privkey_t tmp_key;
- uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
+ unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (x509_certfile != NULL && x509_keyfile != NULL)
{
diff --git a/tests/cipher-test.c b/tests/cipher-test.c
index 8c989f2..dfb7ae7 100644
--- a/tests/cipher-test.c
+++ b/tests/cipher-test.c
@@ -360,8 +360,23 @@ struct hash_vectors_st
.output =
(uint8_t *)
"\x8f\x82\x03\x94\xf9\x53\x35\x18\x20\x45\xda\x24\xf3\x4d\xe5\x2b\xf8\xbc\x34\x32",
- .output_size = 20,}
- ,
+ .output_size = 20,
+ },
+ {
+ .name = "SHA1",
+ .algorithm = GNUTLS_MAC_SHA1,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *)
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .plaintext_size = sizeof
+
("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,
+ .output =
+ (uint8_t *)
+
"\xbe\xae\xd1\x6d\x65\x8e\xc7\x92\x9e\xdf\xd6\x2b\xfa\xfe\xac\x29\x9f\x0d\x74\x4d",
+ .output_size = 20,
+ },
{
.name = "SHA256",
.algorithm = GNUTLS_MAC_SHA256,
@@ -378,6 +393,21 @@ struct hash_vectors_st
.output_size = 32,
},
{
+ .name = "SHA256",
+ .algorithm = GNUTLS_MAC_SHA256,
+ .key = NULL,
+ .plaintext =
+ (uint8_t *)
+
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ .plaintext_size = sizeof
+
("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq")
+ - 1,
+ .output =
+ (uint8_t *)
+
"\x50\xea\x82\x5d\x96\x84\xf4\x22\x9c\xa2\x9f\x1f\xec\x51\x15\x93\xe2\x81\xe4\x6a\x14\x0d\x81\xe0\x00\x5f\x8f\x68\x86\x69\xa0\x6c",
+ .output_size = 32,
+ },
+ {
.name = "SHA512",
.algorithm = GNUTLS_MAC_SHA512,
.key = NULL,
@@ -462,13 +492,34 @@ test_hash (void)
/* import key */
if (hash_vectors[i].key != NULL)
{
+ gnutls_hmac_hd_t hd;
+ ret = gnutls_hmac_init( &hd, hash_vectors[i].algorithm,
hash_vectors[i].key, hash_vectors[i].key_size);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hmac(hd, hash_vectors[i].plaintext,
hash_vectors[i].plaintext_size-1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hmac(hd,
&hash_vectors[i].plaintext[hash_vectors[i].plaintext_size-1], 1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ gnutls_hmac_output(hd, data);
+ gnutls_hmac_deinit(hd, NULL);
- ret = gnutls_hmac_fast (hash_vectors[i].algorithm,
- hash_vectors[i].key,
- hash_vectors[i].key_size,
- hash_vectors[i].plaintext,
- hash_vectors[i].plaintext_size,
- data);
data_size =
gnutls_hmac_get_len (hash_vectors[i].algorithm);
if (ret < 0)
@@ -480,10 +531,38 @@ test_hash (void)
}
else
{
- ret = gnutls_hash_fast (hash_vectors[i].algorithm,
+ gnutls_hash_hd_t hd;
+ ret = gnutls_hash_init( &hd, hash_vectors[i].algorithm);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hash (hd,
hash_vectors[i].plaintext,
- hash_vectors[i].plaintext_size,
- data);
+ 1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ ret = gnutls_hash (hd,
+ &hash_vectors[i].plaintext[1],
+ hash_vectors[i].plaintext_size-1);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error: %s:%d\n", __func__,
+ __LINE__);
+ return 1;
+ }
+
+ gnutls_hash_output(hd, data);
+ gnutls_hash_deinit(hd, NULL);
+
data_size =
gnutls_hash_get_len (hash_vectors[i].algorithm);
if (ret < 0)
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_3-74-g643ebdf,
Nikos Mavrogiannopoulos <=