diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-15 16:29:23 +0000 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-15 16:29:23 +0000 |
commit | 9e58b6b67cebcc4fb0d1b7550d0663947fedf09f (patch) | |
tree | 177e0d14504a189ee336a8ae0a55dbc0a6b8cded | |
parent | 64771f333f223551d76243319af439db13e0b638 (diff) | |
parent | d6cb0fb1272292a52b5bc6b3a293fbf7ec043ca4 (diff) | |
download | gnutls-9e58b6b67cebcc4fb0d1b7550d0663947fedf09f.tar.gz |
Merge branch 'tmp-cert-status' into 'master'
tests: improve testsuite and ECC related minor fixes
See merge request gnutls/gnutls!799
-rw-r--r-- | lib/privkey_raw.c | 28 | ||||
-rw-r--r-- | lib/pubkey.c | 30 | ||||
-rw-r--r-- | lib/x509/key_decode.c | 14 | ||||
-rw-r--r-- | lib/x509/privkey.c | 33 | ||||
-rw-r--r-- | lib/x509/x509.c | 21 | ||||
-rw-r--r-- | tests/Makefile.am | 2 | ||||
-rw-r--r-- | tests/cert-status.c (renamed from tests/mini-cert-status.c) | 110 | ||||
-rw-r--r-- | tests/key-import-export.c | 5 | ||||
-rw-r--r-- | tests/pubkey-import-export.c | 5 |
9 files changed, 118 insertions, 130 deletions
diff --git a/lib/privkey_raw.c b/lib/privkey_raw.c index 6272964128..0f0187a2c7 100644 --- a/lib/privkey_raw.c +++ b/lib/privkey_raw.c @@ -191,8 +191,8 @@ int ret; * gnutls_privkey_export_ecc_raw: * @key: Holds the public key * @curve: will hold the curve - * @x: will hold the x coordinate - * @y: will hold the y coordinate + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * @k: will hold the private key * * This function will export the ECC private key's parameters found @@ -220,8 +220,8 @@ gnutls_privkey_export_ecc_raw(gnutls_privkey_t key, * gnutls_privkey_export_ecc_raw2: * @key: Holds the public key * @curve: will hold the curve - * @x: will hold the x coordinate - * @y: will hold the y coordinate + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * @k: will hold the private key * @flags: flags from %gnutls_abstract_export_flags_t * @@ -271,8 +271,8 @@ int ret; * @curve: will hold the curve * @digest: will hold the digest * @paramset: will hold the GOST parameter set ID - * @x: will hold the x coordinate - * @y: will hold the y coordinate + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * @k: will hold the private key * @flags: flags from %gnutls_abstract_export_flags_t * @@ -429,16 +429,16 @@ error: * gnutls_privkey_import_ecc_raw: * @key: The key * @curve: holds the curve - * @x: holds the x - * @y: holds the y - * @k: holds the k + * @x: holds the x-coordinate + * @y: holds the y-coordinate + * @k: holds the k (private key) * * This function will convert the given elliptic curve parameters to the * native #gnutls_privkey_t format. The output will be stored * in @key. * - * In EdDSA curves the @y parameter should be %NULL and the @x parameter must - * be the value in the native format for the curve. + * In EdDSA curves the @y parameter should be %NULL and the @x and @k parameters + * must be in the native format for the curve. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -484,9 +484,9 @@ error: * @curve: holds the curve * @digest: holds the digest * @paramset: holds the GOST parameter set ID - * @x: holds the x - * @y: holds the y - * @k: holds the k + * @x: holds the x-coordinate + * @y: holds the y-coordinate + * @k: holds the k (private key) * * This function will convert the given GOST private key's parameters to the * native #gnutls_privkey_t format. The output will be stored diff --git a/lib/pubkey.c b/lib/pubkey.c index 8959fe1c10..aad40beacc 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -821,8 +821,8 @@ gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, * gnutls_pubkey_export_ecc_raw: * @key: Holds the public key * @curve: will hold the curve (may be %NULL) - * @x: will hold x (may be %NULL) - * @y: will hold y (may be %NULL) + * @x: will hold x-coordinate (may be %NULL) + * @y: will hold y-coordinate (may be %NULL) * * This function will export the ECC public key's parameters found in * the given key. The new parameters will be allocated using @@ -849,8 +849,8 @@ gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, * gnutls_pubkey_export_ecc_raw2: * @key: Holds the public key * @curve: will hold the curve (may be %NULL) - * @x: will hold x (may be %NULL) - * @y: will hold y (may be %NULL) + * @x: will hold x-coordinate (may be %NULL) + * @y: will hold y-coordinate (may be %NULL) * @flags: flags from %gnutls_abstract_export_flags_t * * This function will export the ECC public key's parameters found in @@ -982,8 +982,8 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, * @curve: will hold the curve (may be %NULL) * @digest: will hold the curve (may be %NULL) * @paramset: will hold the parameters id (may be %NULL) - * @x: will hold x (may be %NULL) - * @y: will hold y (may be %NULL) + * @x: will hold the x-coordinate (may be %NULL) + * @y: will hold the y-coordinate (may be %NULL) * @flags: flags from %gnutls_abstract_export_flags_t * * This function will export the GOST public key's parameters found in @@ -1386,14 +1386,14 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, * gnutls_pubkey_import_ecc_raw: * @key: The structure to store the parsed key * @curve: holds the curve - * @x: holds the x - * @y: holds the y + * @x: holds the x-coordinate + * @y: holds the y-coordinate * * This function will convert the given elliptic curve parameters to a * #gnutls_pubkey_t. The output will be stored in @key. * - * In EdDSA curves the @y parameter will be %NULL and the other parameters - * will be in the native format for the curve. + * In EdDSA curves the @y parameter should be %NULL and the @x parameter must + * be the value in the native format for the curve. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -1417,6 +1417,12 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_pk_params_init(&key->params); if (curve_is_eddsa(curve)) { + unsigned size = gnutls_ecc_curve_get_size(curve); + if (x->size != size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + ret = _gnutls_set_datum(&key->params.raw_pub, x->data, x->size); if (ret < 0) { gnutls_assert(); @@ -1528,8 +1534,8 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, * @curve: holds the curve * @digest: holds the digest * @paramset: holds the parameters id - * @x: holds the x - * @y: holds the y + * @x: holds the x-coordinate + * @y: holds the y-coordinate * * This function will convert the given GOST public key's parameters to a * #gnutls_pubkey_t. The output will be stored in @key. @digest should be diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 02b381ec85..c20b841654 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -38,8 +38,9 @@ static int _gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize, gnutls_pk_params_st * params); static int _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize, gnutls_pk_params_st * params); -static int _gnutls_x509_read_eddsa_pubkey(uint8_t * der, int dersize, - gnutls_pk_params_st * params); +static int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve, + uint8_t * der, int dersize, + gnutls_pk_params_st * params); static int _gnutls_x509_read_gost_pubkey(uint8_t * der, int dersize, gnutls_pk_params_st * params); @@ -114,9 +115,14 @@ _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize, ¶ms->params[ECC_Y]); } -int _gnutls_x509_read_eddsa_pubkey(uint8_t * der, int dersize, +int _gnutls_x509_read_eddsa_pubkey(gnutls_ecc_curve_t curve, + uint8_t * der, int dersize, gnutls_pk_params_st * params) { + int size = gnutls_ecc_curve_get_size(curve); + if (dersize != size) + return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); + return _gnutls_set_datum(¶ms->raw_pub, der, dersize); } @@ -554,7 +560,7 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, } break; case GNUTLS_PK_EDDSA_ED25519: - ret = _gnutls_x509_read_eddsa_pubkey(der, dersize, params); + ret = _gnutls_x509_read_eddsa_pubkey(GNUTLS_ECC_CURVE_ED25519, der, dersize, params); break; case GNUTLS_PK_GOST_01: case GNUTLS_PK_GOST_12_256: diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index db1279e842..1c52ab3a0f 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1082,8 +1082,8 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, * gnutls_x509_privkey_import_ecc_raw: * @key: The data to store the parsed key * @curve: holds the curve - * @x: holds the x - * @y: holds the y + * @x: holds the x-coordinate + * @y: holds the y-coordinate * @k: holds the k * * This function will convert the given elliptic curve parameters to the @@ -1115,8 +1115,15 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, key->params.curve = curve; if (curve_is_eddsa(curve)) { + unsigned size; key->params.algo = GNUTLS_PK_EDDSA_ED25519; + size = gnutls_ecc_curve_get_size(curve); + if (x->size != size || k->size != size) { + ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + goto cleanup; + } + ret = _gnutls_set_datum(&key->params.raw_pub, x->data, x->size); if (ret < 0) { gnutls_assert(); @@ -1188,9 +1195,9 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, * @curve: holds the curve * @digest: will hold the digest * @paramset: will hold the GOST parameter set ID - * @x: holds the x - * @y: holds the y - * @k: holds the k + * @x: holds the x-coordinate + * @y: holds the y-coordinate + * @k: holds the k (private key) * * This function will convert the given GOST private key's parameters to the * native #gnutls_x509_privkey_t format. The output will be stored @@ -1525,8 +1532,8 @@ gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key) * gnutls_x509_privkey_export_ecc_raw: * @key: a key * @curve: will hold the curve - * @x: will hold the x coordinate - * @y: will hold the y coordinate + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * @k: will hold the private key * * This function will export the ECC private key's parameters found @@ -1542,10 +1549,10 @@ gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key) * Since: 3.0 **/ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, - gnutls_datum_t * y, - gnutls_datum_t * k) + gnutls_ecc_curve_t *curve, + gnutls_datum_t *x, + gnutls_datum_t *y, + gnutls_datum_t *k) { if (key == NULL) { gnutls_assert(); @@ -1561,8 +1568,8 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, * @curve: will hold the curve * @digest: will hold the digest * @paramset: will hold the GOST parameter set ID - * @x: will hold the x coordinate - * @y: will hold the y coordinate + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * @k: will hold the private key * * This function will export the GOST private key's parameters found diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 6fe6cd91c3..998062fd6d 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3480,21 +3480,24 @@ gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, * gnutls_x509_crt_get_pk_ecc_raw: * @crt: Holds the certificate * @curve: will hold the curve - * @x: will hold x - * @y: will hold y + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * * This function will export the ECC public key's parameters found in * the given certificate. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * In EdDSA curves the @y parameter will be %NULL and the other parameters + * will be in the native format for the curve. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.4.1 **/ int gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, gnutls_datum_t * y) + gnutls_ecc_curve_t *curve, + gnutls_datum_t *x, gnutls_datum_t *y) { int ret; gnutls_pubkey_t pubkey; @@ -3531,8 +3534,8 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, * @curve: will hold the curve * @digest: will hold the digest * @paramset: will hold the GOST parameter set ID - * @x: will hold x - * @y: will hold y + * @x: will hold the x-coordinate + * @y: will hold the y-coordinate * * This function will export the GOST public key's parameters found in * the given certificate. The new parameters will be allocated using @@ -3544,10 +3547,10 @@ gnutls_x509_crt_get_pk_ecc_raw(gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_get_pk_gost_raw(gnutls_x509_crt_t crt, - gnutls_ecc_curve_t * curve, - gnutls_digest_algorithm_t * digest, + gnutls_ecc_curve_t *curve, + gnutls_digest_algorithm_t *digest, gnutls_gost_paramset_t *paramset, - gnutls_datum_t * x, gnutls_datum_t * y) + gnutls_datum_t *x, gnutls_datum_t *y) { int ret; gnutls_pubkey_t pubkey; diff --git a/tests/Makefile.am b/tests/Makefile.am index 1ccba11028..7c11c90ec0 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -153,7 +153,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei sign-verify-ext4 tls-neg-ext4-key resume-lifetime memset0 memset1 \ mini-dtls-srtp rsa-encrypt-decrypt mini-loss-time gnutls-strcodes \ mini-record mini-dtls-record handshake-timeout mini-record-range \ - mini-cert-status fips-mode-pthread rsa-psk global-init sec-params sign-verify-data \ + cert-status fips-mode-pthread rsa-psk global-init sec-params sign-verify-data \ fips-test fips-override-test mini-global-load name-constraints x509-extensions \ long-session-id mini-x509-callbacks-intr mini-dtls-lowmtu set_x509_key_file-late \ crlverify mini-dtls-discard init_fds mini-record-failure \ diff --git a/tests/mini-cert-status.c b/tests/cert-status.c index eaf80f4dcd..83606ee920 100644 --- a/tests/mini-cert-status.c +++ b/tests/cert-status.c @@ -45,9 +45,11 @@ int main() #include <unistd.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> +#include <assert.h> #include <signal.h> #include "utils.h" +#include "cert-common.h" /* This program tests whether the GNUTLS_CERT_* flags * work as expected. @@ -63,60 +65,14 @@ static void client_log_func(int level, const char *str) fprintf(stderr, "client|<%d>| %s", level, str); } -static unsigned char server_cert_pem[] = - "-----BEGIN CERTIFICATE-----\n" - "MIICVjCCAcGgAwIBAgIERiYdMTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n" - "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTIxWhcNMDgwNDE3MTMyOTIxWjA3MRsw\n" - "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n" - "Lm9yZzCBnDALBgkqhkiG9w0BAQEDgYwAMIGIAoGA17pcr6MM8C6pJ1aqU46o63+B\n" - "dUxrmL5K6rce+EvDasTaDQC46kwTHzYWk95y78akXrJutsoKiFV1kJbtple8DDt2\n" - "DZcevensf9Op7PuFZKBroEjOd35znDET/z3IrqVgbtm2jFqab7a+n2q9p/CgMyf1\n" - "tx2S5Zacc1LWn9bIjrECAwEAAaOBkzCBkDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQT\n" - "MBGCD3Rlc3QuZ251dGxzLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8B\n" - "Af8EBQMDB6AAMB0GA1UdDgQWBBTrx0Vu5fglyoyNgw106YbU3VW0dTAfBgNVHSME\n" - "GDAWgBTpPBz7rZJu5gakViyi4cBTJ8jylTALBgkqhkiG9w0BAQUDgYEAaFEPTt+7\n" - "bzvBuOf7+QmeQcn29kT6Bsyh1RHJXf8KTk5QRfwp6ogbp94JQWcNQ/S7YDFHglD1\n" - "AwUNBRXwd3riUsMnsxgeSDxYBfJYbDLeohNBsqaPDJb7XailWbMQKfAbFQ8cnOxg\n" - "rOKLUQRWJ0K3HyXRMhbqjdLIaQiCvQLuizo=\n" "-----END CERTIFICATE-----\n"; - -const gnutls_datum_t server_cert = { server_cert_pem, - sizeof(server_cert_pem) -}; - -static unsigned char server_key_pem[] = - "-----BEGIN RSA PRIVATE KEY-----\n" - "MIICXAIBAAKBgQDXulyvowzwLqknVqpTjqjrf4F1TGuYvkrqtx74S8NqxNoNALjq\n" - "TBMfNhaT3nLvxqResm62ygqIVXWQlu2mV7wMO3YNlx696ex/06ns+4VkoGugSM53\n" - "fnOcMRP/PciupWBu2baMWppvtr6far2n8KAzJ/W3HZLllpxzUtaf1siOsQIDAQAB\n" - "AoGAYAFyKkAYC/PYF8e7+X+tsVCHXppp8AoP8TEZuUqOZz/AArVlle/ROrypg5kl\n" - "8YunrvUdzH9R/KZ7saNZlAPLjZyFG9beL/am6Ai7q7Ma5HMqjGU8kTEGwD7K+lbG\n" - "iomokKMOl+kkbY/2sI5Czmbm+/PqLXOjtVc5RAsdbgvtmvkCQQDdV5QuU8jap8Hs\n" - "Eodv/tLJ2z4+SKCV2k/7FXSKWe0vlrq0cl2qZfoTUYRnKRBcWxc9o92DxK44wgPi\n" - "oMQS+O7fAkEA+YG+K9e60sj1K4NYbMPAbYILbZxORDecvP8lcphvwkOVUqbmxOGh\n" - "XRmTZUuhBrJhJKKf6u7gf3KWlPl6ShKEbwJASC118cF6nurTjuLf7YKARDjNTEws\n" - "qZEeQbdWYINAmCMj0RH2P0mvybrsXSOD5UoDAyO7aWuqkHGcCLv6FGG+qwJAOVqq\n" - "tXdUucl6GjOKKw5geIvRRrQMhb/m5scb+5iw8A4LEEHPgGiBaF5NtJZLALgWfo5n\n" - "hmC8+G8F0F78znQtPwJBANexu+Tg5KfOnzSILJMo3oXiXhf5PqXIDmbN0BKyCKAQ\n" - "LfkcEcUbVfmDaHpvzwY9VEaoMOKVLitETXdNSxVpvWM=\n" - "-----END RSA PRIVATE KEY-----\n"; - -const gnutls_datum_t server_key = { server_key_pem, - sizeof(server_key_pem) -}; - - -/* A very basic TLS client, with anonymous authentication. - */ - #define MAX_BUF 1024 -static void client(int fd) +static void client(int fd, const char *prio) { int ret; const char *p; gnutls_certificate_credentials_t x509_cred; gnutls_session_t session; - /* Need to enable anonymous KX specifically. */ global_init(); @@ -127,22 +83,16 @@ static void client(int fd) gnutls_certificate_allocate_credentials(&x509_cred); - /* Initialize TLS session - */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ ret = gnutls_priority_set_direct(session, - "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", - &p); + prio, &p); if (ret < 0) { fail("error in setting priority: %s\n", p); exit(1); } - /* put the anonymous credentials to the current session - */ gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred); gnutls_transport_set_int(session, fd); @@ -180,10 +130,7 @@ static void client(int fd) } -/* These are global */ -pid_t child; - -static void server(int fd, unsigned status, int expected) +static void server(int fd, const char *prio, unsigned status, int expected) { int ret; char buffer[MAX_BUF + 1]; @@ -197,12 +144,8 @@ static void server(int fd, unsigned status, int expected) gnutls_init(&session, GNUTLS_SERVER); - /* avoid calling all the priority functions, since the defaults - * are adequate. - */ - gnutls_priority_set_direct(session, - "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", - NULL); + assert(gnutls_priority_set_direct(session, + prio, NULL)>=0); if (debug) { gnutls_global_set_log_function(server_log_func); @@ -227,7 +170,7 @@ static void server(int fd, unsigned status, int expected) if (ret == expected) { if (debug) success - ("server: Handshake finished as expected\n"); + ("server: Handshake finished as expected (%d)\n", ret); goto finish; } else { fail("expected %d, handshake returned %d\n", expected, @@ -253,10 +196,14 @@ static void server(int fd, unsigned status, int expected) success("server: finished\n"); } -static void start(unsigned status, int expected) +static void start(const char *prio, unsigned status, int expected) { int fd[2]; int ret; + pid_t child; + int pstatus = 0; + + success("testing: %s (%d,%d)\n", prio, status, expected); ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { @@ -274,33 +221,42 @@ static void start(unsigned status, int expected) if (child) { /* parent */ close(fd[1]); - server(fd[0], status, expected); - waitpid(-1, NULL, 0); - //kill(child, SIGTERM); + server(fd[0], prio, status, expected); + waitpid(-1, &pstatus, 0); + check_wait_status_for_sig(pstatus); } else { close(fd[0]); - client(fd[1]); + client(fd[1], prio); exit(0); } } static void ch_handler(int sig) { - int status = 0; - - waitpid(-1, &status, 0); - check_wait_status_for_sig(status); return; } + void doit(void) { signal(SIGCHLD, ch_handler); signal(SIGPIPE, SIG_IGN); - start(GNUTLS_CERT_IGNORE, 0); - start(GNUTLS_CERT_REQUEST, 0); - start(GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); + start("NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", GNUTLS_CERT_IGNORE, 0); + start("NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", GNUTLS_CERT_REQUEST, 0); + start("NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-NULL:+RSA", GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_CERT_IGNORE, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_CERT_REQUEST, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.2", GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); + + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_CERT_IGNORE, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_CERT_REQUEST, 0); + start("NORMAL:-VERS-ALL:+VERS-TLS1.3", GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); + + start("NORMAL", GNUTLS_CERT_IGNORE, 0); + start("NORMAL", GNUTLS_CERT_REQUEST, 0); + start("NORMAL", GNUTLS_CERT_REQUIRE, GNUTLS_E_NO_CERTIFICATE_FOUND); } #endif /* _WIN32 */ diff --git a/tests/key-import-export.c b/tests/key-import-export.c index 8fdea07f95..47b8804c32 100644 --- a/tests/key-import-export.c +++ b/tests/key-import-export.c @@ -431,6 +431,11 @@ int check_privkey_import_export(void) if (ret < 0) fail("error\n"); + /* test whether an invalid size would fail */ + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL, &_rsa_m); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + ret = gnutls_privkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL, &_ed25519_k); if (ret < 0) fail("error\n"); diff --git a/tests/pubkey-import-export.c b/tests/pubkey-import-export.c index 0f32537b94..46bfb729d9 100644 --- a/tests/pubkey-import-export.c +++ b/tests/pubkey-import-export.c @@ -276,6 +276,11 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + /* test whether an invalid size would fail */ + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_rsa_m, NULL); + if (ret != GNUTLS_E_INVALID_REQUEST) + fail("error\n"); + ret = gnutls_pubkey_import_ecc_raw(key, GNUTLS_ECC_CURVE_ED25519, &_ed25519_x, NULL); if (ret < 0) fail("error\n"); |