try_libidn="$withval",
try_libidn=yes)
+with_old_nettle=no
+if ! $PKG_CONFIG --atleast-version=3.3 nettle; then
+ with_old_nettle=yes
+fi
+AM_CONDITIONAL(WITH_OLD_NETTLE, test "$with_old_nettle" != "no")
+
if test "$try_libidn" = yes;then
PKG_CHECK_MODULES(LIBIDN, libidn >= 0.5.6, [with_libidn=yes], [with_libidn=no])
if test "$with_libidn" != "no";then
tlsfeature-crt dtls-rehandshake-cert-3 resume-with-false-start \
set_x509_key_file_ocsp client-fastopen rng-sigint srp \
safe-renegotiation/srn0 safe-renegotiation/srn1 safe-renegotiation/srn2 \
- safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5
+ safe-renegotiation/srn3 safe-renegotiation/srn4 safe-renegotiation/srn5 \
+ rsa-illegal-import
if HAVE_SECCOMP_TESTS
ctests += dtls-with-seccomp tls-with-seccomp dtls-client-with-seccomp tls-client-with-seccomp
data/openssl-aes128.p8.txt data/openssl-aes256.p8 data/openssl-aes256.p8.txt \
data/cert.dsa.1024.pem data/cert.dsa.2048.pem data/cert.dsa.3072.pem \
data/dsa.1024.pem data/dsa.2048.pem data/dsa.3072.pem data/dsa-pubkey-1018.pem \
- data/bad-key.pem
+ data/bad-key.pem data/p8key-illegal.pem data/key-illegal.pem
-dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa
+dist_check_SCRIPTS = key-id pkcs8 pkcs8-decode dsa ecdsa illegal-rsa
TESTS = key-id pkcs8 pkcs8-decode ecdsa
+if !WITH_OLD_NETTLE
+TESTS += illegal-rsa
+endif
+
if !WINDOWS
TESTS += dsa
endif
--- /dev/null
+Public Key Info:
+ Public Key Algorithm: RSA
+ Key Security Level: Low (1024 bits)
+
+modulus:
+ 00:a9:4e:b1:2b:17:a2:9e:1d:f6:92:05:f4:17:2e:4c
+ 36:02:4a:ed:78:41:5c:6b:f8:db:5a:4d:92:d1:d7:f9
+ 71:1a:ec:b8:2f:91:9e:ba:47:9e:4e:29:ac:92:12:55
+ 06:73:17:eb:39:aa:0c:ee:96:f4:5a:30:3d:2f:9e:50
+ 83:28:f8:c3:81:12:e4:17:28:93:de:95:b9:25:92:6a
+ 4c:a8:88:2d:00:70:cf:aa:ea:95:03:bb:51:65:aa:7a
+ d7:3f:82:5f:52:1d:3a:bf:bd:7e:42:0d:b0:39:37:17
+ 3d:1c:92:e4:3d:7e:57:97:7c:00:d7:63:c0:62:6a:da
+ ba:
+
+public exponent:
+ 01:00:01:
+
+private exponent:
+ 04:c8:d0:80:e3:3e:19:31:c7:92:00:d1:11:06:a1:e8
+ b4:cf:e1:3e:10:ba:c7:e2:54:70:8c:d8:a5:4d:71:23
+ 1d:1b:ab:68:cc:b8:ab:92:f2:8a:4a:eb:31:85:8b:19
+ 8f:8f:11:7a:a3:af:91:de:7a:31:42:43:b8:60:c4:ed
+ a4:2a:86:ca:c3:9d:38:13:9e:86:07:ed:d1:52:63:a6
+ 9c:52:e7:23:e4:5e:b2:7a:2a:dc:16:d8:78:95:19:28
+ d3:d1:ca:67:91:5d:d6:78:2c:b4:f5:37:e4:6b:1e:91
+ 43:2a:f2:f6:87:0e:b4:73:95:ec:9d:a7:e6:79:94:c1
+
+
+prime1:
+ 00:cf:fd:cc:ba:f0:9b:7b:b4:c6:53:a1:04:0b:86:c7
+ 5d:ca:84:06:fb:62:62:5b:3d:cf:4f:d3:fd:77:95:9d
+ 90:ca:b3:39:8b:7a:00:36:76:9b:c1:e9:98:c7:2f:df
+ 62:d0:1e:da:e2:4b:1c:bb:26:a5:d6:de:e4:a7:a3:09
+ 04:
+
+prime2:
+ 00:d0:63:0e:5e:f5:7f:f1:09:d6:29:4d:bf:6f:2a:77
+ 1d:50:d0:3f:9e:d5:ab:f3:37:ec:18:4c:6f:1a:19:0c
+ 01:c2:68:8c:fb:bf:c9:36:0f:b5:01:41:d4:de:89:4b
+ 26:ea:01:49:d7:e1:3a:60:29:e6:4f:17:4f:45:5b:8d
+ e9:
+
+coefficient:
+ 12:67:c7:6f:f1:53:5c:46:de:2b:a8:5e:cb:99:0e:43
+ c6:b2:ec:bc:73:0a:f1:0c:7e:8a:80:ba:47:05:0a:a7
+ 2f:aa:2f:8e:41:0a:bb:8c:f8:da:4b:bd:ea:21:56:6d
+ 3d:0a:06:b5:78:fc:44:53:00:ef:8e:6d:f2:f6:b1:51
+
+
+exp1:
+ 00:ac:e7:b2:47:95:ef:f9:1e:d5:28:e1:f5:d4:4e:8b
+ c3:93:6b:b2:cc:8b:5f:bb:9d:e9:15:75:9c:7d:3c:39
+ e8:ce:2c:40:d2:81:09:54:25:1d:f4:69:93:24:c5:50
+ 25:c2:bf:b2:15:19:bd:31:b0:c3:46:c3:5d:e8:67:92
+ d4:
+
+exp2:
+ 1b:45:ab:7e:d0:00:63:8a:57:05:e6:cf:f3:fb:89:c5
+ 43:6b:4d:b8:3a:dc:9b:23:29:79:f0:9e:e5:ba:7b:70
+ cb:81:a5:59:d9:3a:bb:21:89:1d:d6:00:c6:f3:0e:eb
+ d3:da:41:50:c8:80:3c:4f:9f:7d:a0:5e:56:84:69:e9
+
+
+
+Public Key ID: 23:91:CE:75:3C:67:B5:29:2B:D9:F4:4E:3B:0A:40:4B:61:1D:2C:1A
+Public key's random art:
++--[ RSA 1024]----+
+| oo.. . |
+| Eo.oo . o |
+| oo+.+ = o |
+| o.= o B + |
+| + S o o o |
+| . o . o . |
+| . + |
+| . . . |
+| . |
++-----------------+
+
+
+** Private key parameters validation failed **
+
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQCpTrErF6KeHfaSBfQXLkw2AkrteEFca/jbWk2S0df5cRrsuC+R
+nrpHnk4prJISVQZzF+s5qgzulvRaMD0vnlCDKPjDgRLkFyiT3pW5JZJqTKiILQBw
+z6rqlQO7UWWqetc/gl9SHTq/vX5CDbA5Nxc9HJLkPX5Xl3wA12PAYmraugIDAQAB
+AoGABMjQgOM+GTHHkgDREQah6LTP4T4QusfiVHCM2KVNcSMdG6tozLirkvKKSusx
+hYsZj48ReqOvkd56MUJDuGDE7aQqhsrDnTgTnoYH7dFSY6acUucj5F6yeircFth4
+lRko09HKZ5Fd1ngstPU35GsekUMq8vaHDrRzleydp+Z5lMECQQDP/cy68Jt7tMZT
+oQQLhsddyoQG+2JiWz3PT9P9d5WdkMqzOYt6ADZ2m8HpmMcv32LQHtriSxy7JqXW
+3uSnowkEAkEA0GMOXvV/8QnWKU2/byp3HVDQP57Vq/M37BhMbxoZDAHCaIz7v8k2
+D7UBQdTeiUsm6gFJ1+E6YCnmTxdPRVuN6QJBALLLOQAGL5Jy/v4K7yA9dwpgOYiK
+9rMYPhUFSXWdI+cz/Zt9vzFcF3V0RYhaRfgYLqg7retTqFoVSgBg0OxuUSMCQBtF
+q37QAGOKVwXmz/P7icVDa024OtybIyl58J7luntwy4GlWdk6uyGJHdYAxvMO69Pa
+QVDIgDxPn32gXlaEaekCQQCVhXc3zc+VX3nM4iCpXhlET2N75ULzsR+r6CdvtwSB
+vXMBcuCE1aJHZDxqRx8XFZDZl+Ij/jrBMmtI15ebDuzH
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICojAcBgoqhkiG9w0BDAEDMA4ECDxZ1/EW+8XWAgIUYASCAoBR6R3Z341vSRvs
+/LMErKcKkAQ3THTZBpmYgR2mrJUjJBivzOuRTCRpgtjuQ4ht2Q7KV943mJXsqAFI
+Jly5fuVQ5YmRGLW+LE5sv+AGwmsii/PvGfGa9al56tHLDSeXV2VH4fly45bQ7ipr
+PZBiEgBToF/jqDFWleH2GTCnSLpc4B2cKkMO2c5RYrCCGNRK/jr1xVUDVzeiXZwE
+dbdDaV2UG/Oeo7F48UmvuWgS9YSFSUJ4fKG1KLlAQMKtAQKX+B4oL6Jbeb1jwSCX
+Q1H9hHXHTXbPGaIncPugotZNArwwrhesTszFE4NFMbg3QNKL1fabJJFIcOYIktwL
+7HG3pSiU2rqUZgS59OMJgL4jJm1lipo8ruNIl/YCpZTombOAV2Wbvq/I0SbRRXbX
+12lco8bQO1dgSkhhe58Vrs+ChaNajtNi8SjLS+Pi1tYYAVQjcQdxCGh4q8aZUhDv
+5yRp/TUOMaZqkY6YzRAlERb9jzVeh97EsOURzLu8pQgVjcNDOUAZF67KSqlSGMh7
+PdqknM/j8KaWmVMAUn4+PuWohkyjd1/1QhCnEtFZ1lbIfWrKXV76U7zyy0OTvFKw
+qemHUbryOJu0dQHziWmdtJpS7abSuhoMnrByZD+jDfQoSX7BzmdmCQGinltITYY1
+3iChqWC7jY02CiKZqTcdwkImvmDtDYOBr0uQSgBa4eh7nYmmcpdY4I6V5qAdo30w
+oXNEMqM53Syx36Fp70/Vmy0KmK8+2T4UgxGVJEgTDsEhiwJtTXxdzgxc5npbTePa
+abhFyIXIpqoUYZ9GPU8UjNEuF//wPY6klBp6VP0ixO6RqQKzbwr85EXbzoceBrLo
+eng1/Czj
+-----END ENCRYPTED PRIVATE KEY-----
--- /dev/null
+#!/bin/sh
+
+# Copyright (C) 2016 Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+GREP="${GREP:-grep}"
+
+TMPFILE=tmp-key.$$.p8
+
+if ! test -z "${VALGRIND}"; then
+ VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1"
+fi
+
+${VALGRIND} "${CERTTOOL}" -k --password 1234 --infile "${srcdir}/data/p8key-illegal.pem" 2>/dev/null
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+ echo "Error in importing illegal PKCS#8 key"
+ exit ${rc}
+fi
+
+#check invalid RSA pem key. The key has even prime factor.
+${VALGRIND} "${CERTTOOL}" -k --infile "${srcdir}/data/key-illegal.pem" 2>/dev/null
+rc=$?
+# We're done.
+if test "${rc}" != "1"; then
+ echo "Error in importing illegal RSA key"
+ exit ${rc}
+fi
+
+rm -f $TMPFILE
+
+exit 0
--- /dev/null
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <utils.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+#include <nettle/version.h>
+
+/* Checks whether the output of the import functions is the expected one,
+ * on illegal key input */
+
+static unsigned char rsa_key_pem[] =
+ "-----BEGIN RSA PRIVATE KEY-----\n"
+ "MIICXQIBAAKBgQCpTrErF6KeHfaSBfQXLkw2AkrteEFca/jbWk2S0df5cRrsuC+R\n"
+ "nrpHnk4prJISVQZzF+s5qgzulvRaMD0vnlCDKPjDgRLkFyiT3pW5JZJqTKiILQBw\n"
+ "z6rqlQO7UWWqetc/gl9SHTq/vX5CDbA5Nxc9HJLkPX5Xl3wA12PAYmraugIDAQAB\n"
+ "AoGABMjQgOM+GTHHkgDREQah6LTP4T4QusfiVHCM2KVNcSMdG6tozLirkvKKSusx\n"
+ "hYsZj48ReqOvkd56MUJDuGDE7aQqhsrDnTgTnoYH7dFSY6acUucj5F6yeircFth4\n"
+ "lRko09HKZ5Fd1ngstPU35GsekUMq8vaHDrRzleydp+Z5lMECQQDP/cy68Jt7tMZT\n"
+ "oQQLhsddyoQG+2JiWz3PT9P9d5WdkMqzOYt6ADZ2m8HpmMcv32LQHtriSxy7JqXW\n"
+ "3uSnowkEAkEA0GMOXvV/8QnWKU2/byp3HVDQP57Vq/M37BhMbxoZDAHCaIz7v8k2\n"
+ "D7UBQdTeiUsm6gFJ1+E6YCnmTxdPRVuN6QJBALLLOQAGL5Jy/v4K7yA9dwpgOYiK\n"
+ "9rMYPhUFSXWdI+cz/Zt9vzFcF3V0RYhaRfgYLqg7retTqFoVSgBg0OxuUSMCQBtF\n"
+ "q37QAGOKVwXmz/P7icVDa024OtybIyl58J7luntwy4GlWdk6uyGJHdYAxvMO69Pa\n"
+ "QVDIgDxPn32gXlaEaekCQQCVhXc3zc+VX3nM4iCpXhlET2N75ULzsR+r6CdvtwSB\n"
+ "vXMBcuCE1aJHZDxqRx8XFZDZl+Ij/jrBMmtI15ebDuzH\n"
+ "-----END RSA PRIVATE KEY-----\n";
+
+const gnutls_datum_t rsa_key = { rsa_key_pem,
+ sizeof(rsa_key_pem)-1
+};
+
+static unsigned char p8_rsa_pem[] =
+ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
+ "MIICojAcBgoqhkiG9w0BDAEDMA4ECDxZ1/EW+8XWAgIUYASCAoBR6R3Z341vSRvs\n"
+ "/LMErKcKkAQ3THTZBpmYgR2mrJUjJBivzOuRTCRpgtjuQ4ht2Q7KV943mJXsqAFI\n"
+ "Jly5fuVQ5YmRGLW+LE5sv+AGwmsii/PvGfGa9al56tHLDSeXV2VH4fly45bQ7ipr\n"
+ "PZBiEgBToF/jqDFWleH2GTCnSLpc4B2cKkMO2c5RYrCCGNRK/jr1xVUDVzeiXZwE\n"
+ "dbdDaV2UG/Oeo7F48UmvuWgS9YSFSUJ4fKG1KLlAQMKtAQKX+B4oL6Jbeb1jwSCX\n"
+ "Q1H9hHXHTXbPGaIncPugotZNArwwrhesTszFE4NFMbg3QNKL1fabJJFIcOYIktwL\n"
+ "7HG3pSiU2rqUZgS59OMJgL4jJm1lipo8ruNIl/YCpZTombOAV2Wbvq/I0SbRRXbX\n"
+ "12lco8bQO1dgSkhhe58Vrs+ChaNajtNi8SjLS+Pi1tYYAVQjcQdxCGh4q8aZUhDv\n"
+ "5yRp/TUOMaZqkY6YzRAlERb9jzVeh97EsOURzLu8pQgVjcNDOUAZF67KSqlSGMh7\n"
+ "PdqknM/j8KaWmVMAUn4+PuWohkyjd1/1QhCnEtFZ1lbIfWrKXV76U7zyy0OTvFKw\n"
+ "qemHUbryOJu0dQHziWmdtJpS7abSuhoMnrByZD+jDfQoSX7BzmdmCQGinltITYY1\n"
+ "3iChqWC7jY02CiKZqTcdwkImvmDtDYOBr0uQSgBa4eh7nYmmcpdY4I6V5qAdo30w\n"
+ "oXNEMqM53Syx36Fp70/Vmy0KmK8+2T4UgxGVJEgTDsEhiwJtTXxdzgxc5npbTePa\n"
+ "abhFyIXIpqoUYZ9GPU8UjNEuF//wPY6klBp6VP0ixO6RqQKzbwr85EXbzoceBrLo\n"
+ "eng1/Czj\n"
+ "-----END ENCRYPTED PRIVATE KEY-----\n";
+
+const gnutls_datum_t p8_rsa_key = { p8_rsa_pem,
+ sizeof(p8_rsa_pem)-1
+};
+
+static
+int check_x509_privkey(void)
+{
+ gnutls_x509_privkey_t key;
+ int ret;
+
+ global_init();
+
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0)
+ fail("error: %s\n", gnutls_strerror(ret));
+
+ ret = gnutls_x509_privkey_import(key, &rsa_key, GNUTLS_X509_FMT_PEM);
+ if (ret != GNUTLS_E_ILLEGAL_PARAMETER)
+ fail("error: %s\n", gnutls_strerror(ret));
+
+ gnutls_x509_privkey_deinit(key);
+
+ return 0;
+}
+
+static
+int check_pkcs8_privkey1(void)
+{
+ gnutls_x509_privkey_t key;
+ int ret;
+
+ global_init();
+
+ ret = gnutls_x509_privkey_init(&key);
+ if (ret < 0)
+ fail("error: %s\n", gnutls_strerror(ret));
+
+ ret = gnutls_x509_privkey_import_pkcs8(key, &p8_rsa_key, GNUTLS_X509_FMT_PEM, "1234", 0);
+ if (ret != GNUTLS_E_ILLEGAL_PARAMETER)
+ fail("error: %s\n", gnutls_strerror(ret));
+
+ gnutls_x509_privkey_deinit(key);
+
+ return 0;
+}
+
+static
+int check_pkcs8_privkey2(void)
+{
+ gnutls_privkey_t key;
+ int ret;
+
+ global_init();
+
+ ret = gnutls_privkey_init(&key);
+ if (ret < 0)
+ fail("error: %s\n", gnutls_strerror(ret));
+
+ ret = gnutls_privkey_import_x509_raw(key, &p8_rsa_key, GNUTLS_X509_FMT_PEM, "1234", 0);
+ if (ret != GNUTLS_E_ILLEGAL_PARAMETER)
+ fail("error: %s\n", gnutls_strerror(ret));
+
+ gnutls_privkey_deinit(key);
+
+ return 0;
+}
+
+void doit(void)
+{
+#if NETTLE_VERSION_MAJOR < 3 || (NETTLE_VERSION_MAJOR == 3 && NETTLE_VERSION_MINOR <= 2)
+ /* These checks are enforced only on new versions of nettle */
+ exit(77);
+#else
+ if (check_x509_privkey() != 0) {
+ fail("error in privkey check\n");
+ exit(1);
+ }
+
+ if (check_pkcs8_privkey1() != 0) {
+ fail("error in pkcs8 privkey check 1\n");
+ exit(1);
+ }
+
+ if (check_pkcs8_privkey2() != 0) {
+ fail("error in pkcs8 privkey check 2\n");
+ exit(1);
+ }
+#endif
+}
projects / thirdparty / gnutls.git / commitdiff
