From 82468dc162a0f379197e063aaec52afc19801c9c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 20 Dec 2018 17:49:21 +0100 Subject: gnutls_pubkey_import_ecc_raw: set the public key bits This sets the number of key bits once an ECC key is imported. Resolves #640 Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 3 +++ lib/pubkey.c | 2 ++ tests/pubkey-import-export.c | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/NEWS b/NEWS index ea0752831c..739ab21651 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,9 @@ See the end for copying conditions. * Version 3.6.6 (unreleased) +** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits + on the public key (#640). + ** libgnutls: Added support for raw public-key authentication as defined in RFC7250. Raw public-keys can be negotiated by enabling the corresponding certificate types via the priority strings. The raw public-key mechanism must be explicitly diff --git a/lib/pubkey.c b/lib/pubkey.c index aad40beacc..5c8bb9837b 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -1431,6 +1431,7 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, key->params.algo = GNUTLS_PK_EDDSA_ED25519; key->params.curve = curve; + key->bits = pubkey_to_bits(&key->params); return 0; } @@ -1454,6 +1455,7 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, } key->params.params_nr++; key->params.algo = GNUTLS_PK_ECDSA; + key->bits = pubkey_to_bits(&key->params); return 0; diff --git a/tests/pubkey-import-export.c b/tests/pubkey-import-export.c index 46bfb729d9..b11ce560d6 100644 --- a/tests/pubkey-import-export.c +++ b/tests/pubkey-import-export.c @@ -168,6 +168,7 @@ int check_pubkey_import_export(void) gnutls_datum_t p, q, g, y, x; gnutls_datum_t m, e; gnutls_ecc_curve_t curve; + unsigned bits; int ret; global_init(); @@ -180,6 +181,11 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + ret = gnutls_pubkey_export_dsa_raw2(key, &p, &q, &g, &y, 0); if (ret < 0) fail("error: %s\n", gnutls_strerror(ret)); @@ -216,6 +222,11 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + ret = gnutls_pubkey_export_rsa_raw2(key, &m, &e, 0); if (ret < 0) fail("error\n"); @@ -244,6 +255,11 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + ret = gnutls_pubkey_export_ecc_raw2(key, &curve, &x, &y, 0); if (ret < 0) fail("error\n"); @@ -285,6 +301,11 @@ int check_pubkey_import_export(void) if (ret < 0) fail("error\n"); + bits = 0; + ret = gnutls_pubkey_get_pk_algorithm(key, &bits); + if (ret <= 0 || bits == 0) + fail("error: %s [%u]\n", gnutls_strerror(ret), bits); + ret = gnutls_pubkey_verify_params(key); if (ret != 0) fail("error: %s\n", gnutls_strerror(ret)); -- cgit v1.2.1