* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize.
Remove pop_count. Rename offset to length.
(dump_tag_info, _dump_tag_info): Rewrite.
(dump_tlv_ctx, _dump_tlv_ctx): Rewrite.
(tlv_new): Init origbuffer.
(_tlv_peek): Add arg ti.
(tlv_peek): New.
(tlv_peek_null): New.
(_tlv_push): Rewrite.
(_tlv_pop): Rewrite.
(tlv_next): New macro. Move old code to ...
(_tlv_next): this. Add arg lno. Pop remaining end tags.
(tlv_popped): Remove.
(tlv_expect_object): Handle ndef.
(tlv_expect_octet_string): Ditto.
(parse_bag_encrypted_data): Use nesting level to control the inner
loop.
(parse_shrouded_key_bag): Likewise.
(parse_bag_data): Handle surplus octet strings.
(p12_parse): Ditto.
* sm/minip12.c (decrypt_block): Strip the padding.
(tlv_expect_top_sequence): Remove. Replace callers by
tlv_expect_sequence.
* tests/cms/samplekeys/t6752-ov-user-ff.p12: New sample key.
* tests/cms/samplekeys/Description-p12: Add its description
--
This patch improves the BER parser by simplifying it. Now tlv_next
pops off and thus closes all containers regardless on whether they are
length bounded or ndef. tlv_set_pending is now always used to undo
the effect of a tlv_next in a loop condition which was terminated by a
nesting level change.
Instead of using the length as seen in the decrypted container we now
remove the padding and let the BER parser do its work. This might
have a negative effect on pkcs#12 objects which are not correctly
padded but we don't have any example of such broken objects.
GnuPG-bug-id: 6752
* sm/minip12.c (oid_hmacWithSHA1): New. Also for the SHA-2 algos.
(digest_algo_from_oid): New.
(set_key_iv_pbes2): Add arg digest_algo.
(crypt_block): Ditto.
(decrypt_block): Ditto.
(parse_bag_encrypted_data): Parse the optional prf part and get the
hmac algorithm.
(parse_shrouded_key_bag): Ditto.
(p12_build): Pass SHA1 for digest_algo.
* sm/t-minip12.c (run_one_test): Print failed values in verbose mode.
* tests/cms/samplekeys/nistp256-openssl-self-signed.p12: New.
* tests/cms/samplekeys/Description-p12: Add this one.
* tests/cms/Makefile.am (EXTRA_DIST): Ditto.
--
This supports the modern algorithms, i.e. using SHA256 for the KDF
which is the default in openssl unless the -legacy option is used.
GnuPG-bug-id: 6536
* configure.ac (TEST_LIBTSS): Fix the condition with SWTPM.
* tests/tpm2dtests/start_sw_tpm.sh: Use --daemon and --pid
to run SWTPM.
--
Cherry-picked from master commit of:
98dd6f7af6
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/minip12.c (need_octet_string_cramming): New.
(tlv_expect_object, tlv_expect_octet_string): Run the test before
cramming.
* sm/minip12.c (ENABLE_DER_STRUCT_DUMPING): New but undefined macro
for debug purposes.
(bag_decrypted_data_p, bag_data_p): Use macro to allow dumping.
--
This bug was exhibited by importing a gpgsm exported EC certificate.
We use an extra test instead of retrying to allow retruning an error
from malloc failure. And well, for easier reading of the code.
GnuPG-bug-id: 6536
* sm/minip12.c (struct bufferlist_s): New.
(struct tlv_ctx_s): Add bufferlist.
(tlv_register_buffer): New.
(tlv_release): Release bufferlist.
(tlv_expect_object): Handle octet string cramming.
(tlv_expect_octet_string): Ditto.
(cram_octet_string): Changed interface. We don't need the
input_consumed value anymore.
* sm/minip12.c (parse_shrouded_key_bag): Also parse the attribute set.
* sm/t-minip12.c (main): Add option --no-extra.
(cert_collect_cb, run_tests_from_file): Fix memory leak
* tests/cms/samplekeys/t5793-openssl.pfx: New from T5793.
* tests/cms/samplekeys/t5793-test.pfx: Ditto.
* tests/cms/samplekeys/Description-p12: Add them.
* tests/cms/Makefile.am (EXTRA_DIST): Add samplekeys.
--
This should finish the rewrite of the pkcsc#12 parser for now. More
fun is likely to come.
GnuPG-bug-id: 6536, 5793
* sm/minip12.c: Reworked most of the parser.
(p12_set_verbosity): Add arg debug and change all callers.
* sm/t-minip12.c: Major rewrite to run regression tests unattended.
* sm/Makefile.am (module_maint_tests): Move t-Minit to ...
(module_tests): here.
* tests/cms/samplekeys/Description-p12: New.
--
Note that cram_octet_string stuff has not yet been reworked. I need
to locate the sample files first.
GnuPG-bug-id: 6536
* tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
* tests/gpgme/all-tests.scm: Fix the name of the environment.
--
GnuPG-bug-id: 6313
Fixes-commit: c19ea75f10
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/fake-pinentry.c (parse_pinentry_user_data): New.
(main): Don't use PINENTRY_USER_DATA env var.
--
Since environment variable is unreliable, use the option only.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/fake-pinentry.c (main): Override PINENTRY_USER_DATA,
by the option.
--
In the Assuan implementation for Windows, spawn function doesn't call
the atfork callback. Thus, the environment variable is not updated by
gpg-agent when it spawns pinentry. Reliable way is the interaction
to override the option.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/defs.scm [*win32*]: Use --build-prefix option.
--
On the semihosted environment, output of simple gpgconf
--list-components includes drive name (like Z:), which results failure
of command invocation. This is a workaround.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/migrations/from-classic.scm (assert-migrated): Handle the case
on Windows.
--
Forward port from 2.2 branch of:
754175a46d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpgscm/ffi.c (do_get_temp_path): Remove the last backslash.
--
Forward port from 2.2 branch of:
9a75460652
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/gpgscm/tests.scm (open-log-file): Keep the log file in objdir.
--
Forward port from 2.2 branch of:
1c88104a3f
Before the change, it is at ephemeral temp directory which is removed.
This is not useful at all. Possibly, it was done before the introduce
of ephemeral temp directory for each test and not changed.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/issue2941.scm: Use 233.
--
Forward port from 2.2 branch of:
43722438a8
On Windows machine (emulated by Wine), 23 may be valid value for
handle.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests/openpgp/decrypt-sym.scm: New.
* tests/openpgp/samplemsgs/enc-sym-cfb-1.asc: New.
* tests/openpgp/samplemsgs/enc-sym-cfb-2.asc: New.
* tests/openpgp/samplemsgs/enc-sym-ocb-1.asc: New.
* tests/openpgp/samplemsgs/enc-sym-ocb-2.asc: New.
--
It's time to have some OCB tests in our suite so that we don't forget
to run the tests from our RNP interop tests. Also adds new tests for
CFB messages.
* common/homedir.c (unix_rootdir): Add ".enable" statement to
gpgconf.ctl
* tests/gpgconf.ctl.in: Use this statement.
* tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable.
(TESTS_ENVIRONMENT): Ditto.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--
Without that it was required to delete the gpgconf.ctl to run manual
tests.
What a hack.
* g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument
want_valid. Skip invalid user IDs if valid is wanted.
(keyedit_quick_revuid): Ask find_userid() for any matching user ID.
(keyedit_quick_set_primary): Use find_userid() to find the user ID to
mark as primary.
* tests/openpgp/quick-key-manipulation.scm: Change second call of the
quick-set-primary-uid test to specify the user ID by its hash.
--
This makes it possible to specify the user ID to mark as primary via its
UID hash when calling --quick-set-primary-uid.
GnuPG-bug-id: 6126
* g10/keyedit.c (find_userid_by_namehash, find_userid): New.
(keyedit_quick_revuid): Use find_userid() instead of iterating over the
nodes of the keyblock.
* tests/openpgp/quick-key-manipulation.scm: Add test for revoking a
user ID specified by its hash.
--
This makes it possible to specify the user ID to revoke as UID hash when
calling --quick-revoke-uid.
GnuPG-bug-id: 5936
* tests/gpgscm/init.scm (*exit-status*): New.
(exit): Set *exit-status*.
* tests/gpgscm/tests.scm (mkdtemp-autoremove): Check
exit-status and only remove the directory if not zero.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Makefile.am (all-local): New to setup symlinks.
(distclean-local): New.
* tests/Makefile.am: Remove the gpgconf related targets. Just keep
gpgconf.ctl.in in EXTRA_DIST
* tests/cms/Makefile.am (GNUPG_BUILD_ROOT):
* tests/gpgme/Makefile.am (GPGSCM_PATH):
* tests/openpgp/Makefile.am (GNUPG_BUILD_ROOT):
* tests/pkits/Makefile.am (GNUPG_BUILD_ROOT):
* tests/tpm2dtests/defs.scm (tools): Revert to the former values.
* tests/openpgp/defs.scm (tools): Ditto.
--
This
Fixes-commit: 399ebf6d87
Fixes-commit: 84fcd8e6eb
because we ran into problems with the idea of first doing a
test-install for the checks. "make distcheck" turned out to
be too problematic. Symlinks are a better way of doing this.
Also fixes
GnuPG-bug-id: 5634
* tests/openpgp/defs.scm: We expect that stuff is now installed.
(tools): Fix the names.
(intsalled?, bin-prefix): Remove.
(tool-hardcoded): Simplify.
(gpg-conf'): Simplify.
(GNUPG_BUILDDIR): Do not anymore set this envvar.
* tests/tpm2dtests/defs.scm: Ditto.
--
This simplifies things a bit.
* tests/gpgconf.ctl.in: New.
* tests/Makefile.am (EXTRA_DIST): Add new file.
(TESTINST_DIRS): New.
(clean-local): New.
(clean-local-testinst): New.
(check-recursive): New hook.
(bin/gpgconf.ctl): Run a test install.
* tests/cms/Makefile.am (TESTS_ENVIRONMENT): Set new envvar
GNUPG_BUILD_ROOT.
* tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
* tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
--
Right now this helps only with the global configuraion dir which is
now not set and thus the build host'ss own /etc/gnupg does not anymore
affect the build.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
in decrypt mode.
* tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
--
We allow GCM in de-vs mode for decryption although this has not been
evaluation. It is decryption and thus no serious harm may happen.
* tests/cms/samplemsgs/: Add sample messages.
* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error.
* sm/decrypt.c (decrypt_gcm_filter): New.
(gpgsm_decrypt): Use this filter if requested. Check authtag.
--
Note that the sample message pwri-sample.gcm.p7m is broken: The
authtag is duplicated to the authEncryptedContentInfo. I used a
temporary code during testing hack to that test message out.
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option. Parse common.conf.
* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".
* tests/openpgp/defs.scm (create-gpghome): Create common.conf.
* doc/examples/common.conf: New.
--
Note that --use-keybox still works but prints a warning. We will
eventually remove this option becuase it was marked as an experimental
feature anyway.
It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line. Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
