diff options
-rw-r--r-- | lib/ext/status_request.c | 4 | ||||
-rw-r--r-- | lib/nettle/pk.c | 29 | ||||
-rw-r--r-- | lib/privkey_raw.c | 2 | ||||
-rw-r--r-- | lib/x509/privkey.c | 14 | ||||
-rw-r--r-- | tests/key-import-export.c | 25 |
5 files changed, 66 insertions, 8 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index c9eb7d29f0..1e892863cc 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -487,6 +487,10 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session) } if (resp.data && resp.size > 0) { + for (unsigned int i = 0; i < info->nocsp; i++) + gnutls_free(info->raw_ocsp_list[i].data); + gnutls_free(info->raw_ocsp_list); + info->raw_ocsp_list = gnutls_malloc(sizeof(gnutls_datum_t)); if (info->raw_ocsp_list == NULL) { ret = GNUTLS_E_MEMORY_ERROR; diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index e6fff8d886..3475084f0f 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -3333,6 +3333,27 @@ static int calc_rsa_priv(gnutls_pk_params_st * params) return 0; } +static int calc_dsa_pub(gnutls_pk_params_st * params) +{ + int ret; + + params->params[DSA_Y] = NULL; + + ret = _gnutls_mpi_init(¶ms->params[DSA_Y]); + if (ret < 0) + return gnutls_assert_val(ret); + + /* y = g^x mod p */ + ret = _gnutls_mpi_powm(params->params[DSA_Y], params->params[DSA_G], + params->params[DSA_X], params->params[DSA_P]); + if (ret < 0) { + zrelease_mpi_key(¶ms->params[DSA_Y]); + return gnutls_assert_val(ret); + } + + return 0; +} + static int wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, gnutls_direction_t direction, @@ -3428,7 +3449,13 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, params->spki.salt_size, pub_size, GNUTLS_E_PK_INVALID_PUBKEY_PARAMS); } - + } else if (algo == GNUTLS_PK_DSA) { + if (params->params[DSA_Y] == NULL) { + ret = calc_dsa_pub(params); + if (ret < 0) + return gnutls_assert_val(ret); + params->params_nr++; + } } #if ENABLE_GOST else if (algo == GNUTLS_PK_GOST_01 || diff --git a/lib/privkey_raw.c b/lib/privkey_raw.c index 27327fc6d1..ba6d86d40c 100644 --- a/lib/privkey_raw.c +++ b/lib/privkey_raw.c @@ -381,7 +381,7 @@ error: * @p: holds the p * @q: holds the q * @g: holds the g - * @y: holds the y + * @y: holds the y (optional) * @x: holds the x * * This function will convert the given DSA raw parameters to the diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index bb86e02ac8..1b3be77b89 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -977,7 +977,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, * @p: holds the p * @q: holds the q * @g: holds the g - * @y: holds the y + * @y: holds the y (optional) * @x: holds the x * * This function will convert the given DSA raw parameters to the @@ -1026,11 +1026,13 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, goto cleanup; } - siz = y->size; - if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data, siz)) { - gnutls_assert(); - ret = GNUTLS_E_MPI_SCAN_FAILED; - goto cleanup; + if (y) { + siz = y->size; + if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data, siz)) { + gnutls_assert(); + ret = GNUTLS_E_MPI_SCAN_FAILED; + goto cleanup; + } } siz = x->size; diff --git a/tests/key-import-export.c b/tests/key-import-export.c index fc6c25e6a7..18de0fdc12 100644 --- a/tests/key-import-export.c +++ b/tests/key-import-export.c @@ -351,6 +351,31 @@ int check_privkey_import_export(void) gnutls_free(x.data); gnutls_privkey_deinit(key); + /* Optional y argument */ + ret = gnutls_privkey_init(&key); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_import_dsa_raw(key, &_dsa_p, &_dsa_q, &_dsa_g, NULL, &_dsa_x); + if (ret < 0) + fail("error\n"); + + ret = gnutls_privkey_export_dsa_raw2(key, &p, &q, &g, &y, &x, 0); + if (ret < 0) + fail("error: %s\n", gnutls_strerror(ret)); + + CMP("p", &p, dsa_p); + CMP("q", &q, dsa_q); + CMP("g", &g, dsa_g); + CMP("y", &y, dsa_y); + CMP("x", &x, dsa_x); + gnutls_free(p.data); + gnutls_free(q.data); + gnutls_free(g.data); + gnutls_free(y.data); + gnutls_free(x.data); + gnutls_privkey_deinit(key); + /* RSA */ /* Optional arguments */ |