encryption/decryption broken in trunk / pkcs15-crypt

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

encryption/decryption broken in trunk / pkcs15-crypt

Andreas Jellinghaus-2
regression tests show with egate / cryptoflex 32k:
all pass except crypt0002 and init0009.
those two check encryptopn and decryption.
all other tests check signing only.

so I guess encryption/decryption is broken in trunk?

please let me know if it works for you or not.

Good night.

Thanks, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: encryption/decryption broken in trunk / pkcs15-crypt

Nils Larsch
Andreas Jellinghaus wrote:
> regression tests show with egate / cryptoflex 32k:
> all pass except crypt0002 and init0009.
> those two check encryptopn and decryption.
> all other tests check signing only.
>
> so I guess encryption/decryption is broken in trunk?
>
> please let me know if it works for you or not.

please try the attached patch.

Cheers,
Nils

Index: src/tools/pkcs15-init.c
===================================================================
--- src/tools/pkcs15-init.c (Revision 2536)
+++ src/tools/pkcs15-init.c (Arbeitskopie)
@@ -2043,15 +2043,18 @@
 static void
 parse_x509_usage(const char *list, unsigned int *res)
 {
- static const char * x509_usage_names[] = {
- "digitalSignature",
- "nonRepudiation",
- "keyEncipherment",
- "dataEncipherment",
- "keyAgreement",
- "keyCertSign",
- "cRLSign",
- NULL
+ static struct {
+ const char* name;
+ unsigned int flag;
+ } x509_usage_names[] = {
+ { "digitalSignature", 0x0080 },
+ { "nonRepudiation",   0x0040 },
+ { "keyEncipherment",  0x0020 },
+ { "dataEncipherment", 0x0010 },
+ { "keyAgreement",     0x0008 },
+ { "keyCertSign",      0x0004 },
+ { "cRLSign",          0x0002 },
+ { NULL, 0 }
  };
  static struct {
  const char * name;
@@ -2072,8 +2075,8 @@
  len = strcspn(list, ",");
  if (len == 4 && !strncasecmp(list, "help", 4)) {
  printf("Valid X.509 usage names (case-insensitive):\n");
- for (n = 0; x509_usage_names[n]; n++)
- printf("  %s\n", x509_usage_names[n]);
+ for (n = 0; x509_usage_names[n].name; n++)
+ printf("  %s\n", x509_usage_names[n].name);
  printf("\nAliases:\n");
  for (n = 0; x509_usage_aliases[n].name; n++) {
  printf("  %-12s %s\n",
@@ -2084,9 +2087,9 @@
        "Abbreviated names are okay if unique (e.g. dataEnc)\n");
  exit(0);
  }
- for (n = 0; x509_usage_names[n]; n++) {
- if (!strncasecmp(x509_usage_names[n], list, len)) {
- *res |= (1 << n);
+ for (n = 0; x509_usage_names[n].name != NULL; n++) {
+ if (!strncasecmp(x509_usage_names[n].name, list, len)) {
+ *res |= x509_usage_names[n].flag;
  match++;
  }
  }

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: encryption/decryption broken in trunk / pkcs15-crypt

Andreas Jellinghaus-2
On Tuesday 06 September 2005 16:34, Nils Larsch wrote:
> please try the attached patch.

great, now all tests work fine!

thanks, can you commit it? should I?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: encryption/decryption broken in trunk / pkcs15-crypt

Nils Larsch
Andreas Jellinghaus wrote:
> On Tuesday 06 September 2005 16:34, Nils Larsch wrote:
>
>>please try the attached patch.
>
>
> great, now all tests work fine!
>
> thanks, can you commit it? should I?

done. btw: the reason for this 'bug' was that I changed the
key usage bits in src/pkcs15init/pkcs15-lib.c some time ago
to fix a bug with the key usage x509v3 extension, however I
forgot that pkcs15-init needs to be changed as well (but
fortunately we have these tests.

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel