diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-23 04:11:12 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2019-05-23 04:11:12 +0000 |
| commit | 3aba82a424777e245c198617a0c37cc394b29a51 (patch) | |
| tree | 50a8407d0afe3669fb0ebbe212872e07bacf7b3a | |
| parent | 825d455c2b232bb5444393a6411878d659d249ff (diff) | |
| parent | 1d3452d69670e28edfcaa232847036f600bbe1e8 (diff) | |
| download | gnutls-3aba82a424777e245c198617a0c37cc394b29a51.tar.gz | |
Merge branch 'tmp-remove-unused-flag' into 'master'
pubkey: remove deprecated OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA
Closes #754
See merge request gnutls/gnutls!1004
| -rw-r--r-- | lib/pubkey.c | 6 | ||||
| -rw-r--r-- | tests/sign-verify-data-newapi.c | 13 | ||||
| -rw-r--r-- | tests/sign-verify-newapi.c | 17 |
3 files changed, 23 insertions, 13 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c index f1a0302fca..2dfe5d56ec 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1678,8 +1678,6 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, } -#define OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA 1 - /* Updates the gnutls_x509_spki_st parameters based on the signature * information, and reports any incompatibilities between the existing * parameters (if any) with the signature algorithm */ @@ -1758,7 +1756,7 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, return GNUTLS_E_INVALID_REQUEST; } - if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) + if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); memcpy(¶ms, &pubkey->params.spki, sizeof(gnutls_x509_spki_st)); @@ -1830,7 +1828,7 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, memcpy(¶ms, &key->params.spki, sizeof(gnutls_x509_spki_st)); - if (flags & OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA || flags & GNUTLS_VERIFY_USE_TLS1_RSA) { + if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) { if (!GNUTLS_PK_IS_RSA(key->params.algo)) return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); params.pk = GNUTLS_PK_RSA; diff --git a/tests/sign-verify-data-newapi.c b/tests/sign-verify-data-newapi.c index 5bc3f3088b..eca18974ee 100644 --- a/tests/sign-verify-data-newapi.c +++ b/tests/sign-verify-data-newapi.c @@ -15,9 +15,9 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * */ #ifdef HAVE_CONFIG_H @@ -126,6 +126,13 @@ void doit(void) if (ret < 0) testfail("gnutls_x509_pubkey_verify_data2\n"); + /* Test functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN flag (see issue #754) */ + ret = + gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_DISABLE_CA_SIGN, &raw_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_data2\n"); + /* should fail */ ret = gnutls_pubkey_verify_data2(pubkey, tests[i].sigalgo, 0, diff --git a/tests/sign-verify-newapi.c b/tests/sign-verify-newapi.c index 47ac3d983d..aa284006aa 100644 --- a/tests/sign-verify-newapi.c +++ b/tests/sign-verify-newapi.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2004-2012 Free Software Foundation, Inc. - * Copyright (C) 2017 Red Hat, Inc. + * Copyright (C) 2017-2019 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos, Simon Josefsson * @@ -16,13 +16,11 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with GnuTLS; if not, write to the Free Software Foundation, - * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * */ -/* Parts copied from GnuTLS example programs. */ - #ifdef HAVE_CONFIG_H #include <config.h> #endif @@ -172,6 +170,13 @@ void doit(void) if (ret < 0) testfail("gnutls_x509_pubkey_verify_hash2\n"); + /* Test functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN (see issue #754) */ + ret = + gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_DISABLE_CA_SIGN, hash_data, + &signature); + if (ret < 0) + testfail("gnutls_x509_pubkey_verify_hash2 with GNUTLS_VERIFY_DISABLE_CA_SIGN\n"); + ret = gnutls_pubkey_verify_hash2(pubkey, tests[i].sigalgo, GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1, hash_data, &signature2); |