From b1f619343d39cf5266ab91b9de4b4c6ee50c3d41 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 3 Aug 2018 22:26:47 +0200
Subject: Corrected the importing of ECDSA public keys

This seems to be a regression since EdDSA support. The call to
_gnutls_x509_get_pk_algorithm() in public key import was unnecessary
and in fact it was overriding the available curve with a curve associated
with the OID. As the ECDSA OID doesn't include the curve, that had the
result of deleting the already read curve.

Resolves #538

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
---
 tests/cert-tests/data/cert-ecc256-full.pem | 68 ++++++++++++++++++++++++++++++
 tests/cert-tests/data/pubkey-ecc256.pem    | 23 ++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 tests/cert-tests/data/cert-ecc256-full.pem
 create mode 100644 tests/cert-tests/data/pubkey-ecc256.pem

(limited to 'tests/cert-tests/data')

diff --git a/tests/cert-tests/data/cert-ecc256-full.pem b/tests/cert-tests/data/cert-ecc256-full.pem
new file mode 100644
index 0000000000..ab16d166d6
--- /dev/null
+++ b/tests/cert-tests/data/cert-ecc256-full.pem
@@ -0,0 +1,68 @@
+X.509 Certificate Information:
+	Version: 3
+	Serial Number (hex): 07
+	Issuer: CN=GnuTLS certificate authority,ST=Leuven,OU=GnuTLS certificate authority,O=GnuTLS,C=BE
+	Validity:
+		Not Before: Sat Sep 01 09:22:36 UTC 2012
+		Not After: Sat Oct 05 09:22:36 UTC 2019
+	Subject: EMAIL=none@none.org,pseudonym=jackal,title=Dr.,UID=clauper,CN=Cindy Lauper,ST=Attiki,OU=sleeping dept.,O=Koko inc.,C=GR
+	Subject Public Key Algorithm: EC/ECDSA
+	Algorithm Security Level: High (256 bits)
+		Curve:	SECP256R1
+		X:
+			3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30
+			5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33
+		Y:
+			3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa
+			6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1
+	Extensions:
+		Basic Constraints (critical):
+			Certificate Authority (CA): FALSE
+		Subject Alternative Name (not critical):
+			DNSname: www.none.org
+			DNSname: www.morethanone.org
+			DNSname: localhost
+			IPAddress: 192.168.1.1
+		Key Purpose (not critical):
+			TLS WWW Server.
+		Key Usage (critical):
+			Digital signature.
+		Subject Key Identifier (not critical):
+			acfa4767c61b41791257f7ac05c150e28ed00e5b
+		Authority Key Identifier (not critical):
+			f0b481fe9812bfb528b9644003cbcc1f664e2803
+	Signature Algorithm: ECDSA-SHA256
+	Signature:
+		30:45:02:20:28:2a:e0:24:c8:9e:44:50:d4:36:85:a0
+		8f:30:9a:ed:8a:3f:ce:38:e4:d5:91:5c:aa:2e:6a:0d
+		96:25:21:73:02:21:00:c7:82:b1:6a:86:49:35:57:c1
+		05:27:38:6c:0f:57:4f:3f:f6:3a:7a:60:01:9b:ad:52
+		88:4d:35:bf:ed:99:11
+Other Information:
+	Fingerprint:
+		sha1:8c6802792736a5ce00e75b2095626aa13ca0c0c0
+		sha256:222ddff7f65043153f439d4e2b74b87f9e366d96a1506b5ad3e8e0f1bb95da9e
+	Public Key ID:
+		sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b
+		sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433
+	Public Key PIN:
+		pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM=
+
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAoagAwIBAgIBBzAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
+A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
+aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
+ZSBhdXRob3JpdHkwIhgPMjAxMjA5MDEwOTIyMzZaGA8yMDE5MTAwNTA5MjIzNlow
+gbgxCzAJBgNVBAYTAkdSMRIwEAYDVQQKEwlLb2tvIGluYy4xFzAVBgNVBAsTDnNs
+ZWVwaW5nIGRlcHQuMQ8wDQYDVQQIEwZBdHRpa2kxFTATBgNVBAMTDENpbmR5IExh
+dXBlcjEXMBUGCgmSJomT8ixkAQETB2NsYXVwZXIxDDAKBgNVBAwTA0RyLjEPMA0G
+A1UEQRMGamFja2FsMRwwGgYJKoZIhvcNAQkBFg1ub25lQG5vbmUub3JnMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL2RcVRnJx
+ksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwaOBtjCBszAMBgNV
+HRMBAf8EAjAAMD0GA1UdEQQ2MDSCDHd3dy5ub25lLm9yZ4ITd3d3Lm1vcmV0aGFu
+b25lLm9yZ4IJbG9jYWxob3N0hwTAqAEBMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8G
+A1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKz6R2fGG0F5Elf3rAXBUOKO0A5bMB8G
+A1UdIwQYMBaAFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqGSM49BAMCA0gAMEUC
+ICgq4CTInkRQ1DaFoI8wmu2KP8445NWRXKouag2WJSFzAiEAx4KxaoZJNVfBBSc4
+bA9XTz/2OnpgAZutUohNNb/tmRE=
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pubkey-ecc256.pem b/tests/cert-tests/data/pubkey-ecc256.pem
new file mode 100644
index 0000000000..6e0020d479
--- /dev/null
+++ b/tests/cert-tests/data/pubkey-ecc256.pem
@@ -0,0 +1,23 @@
+Public Key Information:
+	Public Key Algorithm: EC/ECDSA
+	Algorithm Security Level: High (256 bits)
+		Curve:	SECP256R1
+		X:
+			3c:15:6f:1d:48:3e:64:59:13:2c:6d:04:1a:38:0d:30
+			5c:e4:3f:55:cb:d9:17:15:46:72:71:92:c1:f8:c6:33
+		Y:
+			3d:04:2e:c8:c1:0f:c0:50:04:7b:9f:c9:48:b5:40:fa
+			6f:93:82:59:61:5e:72:57:cb:83:06:bd:cc:82:94:c1
+
+Public Key ID:
+	sha1:acfa4767c61b41791257f7ac05c150e28ed00e5b
+	sha256:5978dd1d2d23e992075dc359d5dd14f7ef79748af97f2b7809c9ebfd6016c433
+Public Key PIN:
+	pin-sha256:WXjdHS0j6ZIHXcNZ1d0U9+95dIr5fyt4Ccnr/WAWxDM=
+
+
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPBVvHUg+ZFkTLG0EGjgNMFzkP1XL
+2RcVRnJxksH4xjM9BC7IwQ/AUAR7n8lItUD6b5OCWWFeclfLgwa9zIKUwQ==
+-----END PUBLIC KEY-----
+
-- 
cgit v1.2.1