mirror of git://git.gnupg.org/gnupg.git
7661d2fbc6
* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize. Remove pop_count. Rename offset to length. (dump_tag_info, _dump_tag_info): Rewrite. (dump_tlv_ctx, _dump_tlv_ctx): Rewrite. (tlv_new): Init origbuffer. (_tlv_peek): Add arg ti. (tlv_peek): New. (tlv_peek_null): New. (_tlv_push): Rewrite. (_tlv_pop): Rewrite. (tlv_next): New macro. Move old code to ... (_tlv_next): this. Add arg lno. Pop remaining end tags. (tlv_popped): Remove. (tlv_expect_object): Handle ndef. (tlv_expect_octet_string): Ditto. (parse_bag_encrypted_data): Use nesting level to control the inner loop. (parse_shrouded_key_bag): Likewise. (parse_bag_data): Handle surplus octet strings. (p12_parse): Ditto. * sm/minip12.c (decrypt_block): Strip the padding. (tlv_expect_top_sequence): Remove. Replace callers by tlv_expect_sequence. * tests/cms/samplekeys/t6752-ov-user-ff.p12: New sample key. * tests/cms/samplekeys/Description-p12: Add its description -- This patch improves the BER parser by simplifying it. Now tlv_next pops off and thus closes all containers regardless on whether they are length bounded or ndef. tlv_set_pending is now always used to undo the effect of a tlv_next in a loop condition which was terminated by a nesting level change. Instead of using the length as seen in the decrypted container we now remove the padding and let the BER parser do its work. This might have a negative effect on pkcs#12 objects which are not correctly padded but we don't have any example of such broken objects. GnuPG-bug-id: 6752 |
||
|---|---|---|
| .. | ||
| 8D6D17B4B94BBE8304926C016D2C5C7805EB6705.key | ||
| 68A638998DFABAC510EA645CE34F9686B2EDF7EA.key | ||
| 32100C27173EF6E9C4E9A25D3D69F86D37A4F939.key | ||
| Description-p12 | ||
| README | ||
| cert-with-117-akas.pem | ||
| cert_g10code_enconly_1.pem | ||
| cert_g10code_pete1.pem | ||
| cert_g10code_test1.pem | ||
| cert_g10code_test_ca.pem | ||
| cert_g10code_theo1.pem | ||
| cryptlib-key.p12 | ||
| edward.tester@demo.gnupg.com.p12 | ||
| gte.pem | ||
| nistp256-openssl-self-signed.p12 | ||
| opensc-test.p12 | ||
| ossl-rentec-user.pem | ||
| ov-server.p12 | ||
| ov-user.p12 | ||
| steed-self-signing-nonthority.pem | ||
| t5793-openssl.pfx | ||
| t5793-test.pfx | ||
| t6752-ov-user-ff.p12 | ||
| webdeca.der | ||
| webderoot.der | ||
README
This is a collection of keys we use with the regression tests.
For the *.p12 files see Description-p12
ossl-rentec-user.pem An OpenSSL generated user certificate using a
bunch of attributes and DC RDNs.
webderoot.der trust.web.de Root CA certificate [2004-02-17]
webdeca.der trust.web.de CA certificate [2004-02-17]
gte.pem GTE CyberTrust Global Root
cert-with-117-akas.pem A certificate with 117 subjectAltNames.
steed-self-signing-nonthority.pem
The STEED Self-Signing Nonthority.
68A638998DFABAC510EA645CE34F9686B2EDF7EA.key
The private Key of The STEED Self-Signing Nonthority.