[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-157-g4fcc347
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-157-g4fcc347 |
|
Date: |
Thu, 21 Jun 2012 20:21:00 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4fcc3470021eebb9faa5955963907d7ec112def7
The branch, master has been updated
via 4fcc3470021eebb9faa5955963907d7ec112def7 (commit)
via c051a0e55505ff69c1e7c07148d211a26c0f6d03 (commit)
via 0aaf3e813aaa010937297fa8b30856e7d04526d5 (commit)
from 8b7c0f7aa41c9c812cd63fc85b4cfb8feceb0b03 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4fcc3470021eebb9faa5955963907d7ec112def7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 21 22:20:44 2012 +0200
updated versions
commit c051a0e55505ff69c1e7c07148d211a26c0f6d03
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 21 22:09:16 2012 +0200
Added functions to directly load a private key.
They allow loading a data buffer into a gnutls_privkey_t without
going through cumbersome convertions.
commit 0aaf3e813aaa010937297fa8b30856e7d04526d5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Jun 21 21:24:16 2012 +0200
Added gnutls_load_file().
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +
doc/cha-cert-auth2.texi | 6 +-
lib/gnutls_privkey.c | 172 +++++++++++++++++++++++++++++++++++++++
lib/gnutls_ui.c | 36 ++++++++
lib/includes/gnutls/abstract.h | 14 +++
lib/includes/gnutls/gnutls.h.in | 2 +
lib/libgnutls.map | 4 +
lib/pkcs11.c | 2 +-
src/cli.c | 104 ++++--------------------
9 files changed, 254 insertions(+), 90 deletions(-)
diff --git a/NEWS b/NEWS
index ae082e3..d505f3c 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,10 @@ by Alexandre Bique.
** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
+gnutls_privkey_import_pkcs11_url: Added
+gnutls_privkey_import_openpgp_raw: Added
+gnutls_privkey_import_x509_raw: Added
+gnutls_load_file: Added
gnutls_pubkey_verify_hash2: Added
gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index 3a2e67c..efc44d7 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -585,8 +585,10 @@ an existing structure like @code{gnutls_x509_crt_t},
or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo}
sequence.
address@hidden
address@hidden,gnutls_pubkey_import_pkcs11,gnutls_pubkey_import_pkcs11_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import}
address@hidden,gnutls_pubkey_import_openpgp,gnutls_pubkey_import_pkcs11}
address@hidden,gnutls_pubkey_import_privkey,gnutls_pubkey_import}
+
address@hidden,gnutls_pubkey_import_openpgp_raw,gnutls_pubkey_import_pkcs11_url}
@showfuncdesc{gnutls_pubkey_export}
Additional functions are available that will return
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 3b44463..dbca22b 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -760,3 +760,175 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
}
+
+/**
+ * gnutls_privkey_import_x509_raw:
+ * @pkey: The private key
+ * @data: The private key data to be imported
+ * @format: The format of the private key
+ * @password: A password (optional)
+ *
+ * This function will import the given private key to the abstract
+ * #gnutls_privkey_t structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.1.0
+ **/
+int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char* password)
+{
+ gnutls_x509_privkey_t xpriv;
+ int ret;
+
+ ret = gnutls_x509_privkey_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ if (password == NULL)
+ {
+ ret = gnutls_x509_privkey_import(xpriv, data, format);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+ else
+ {
+ ret = gnutls_x509_privkey_import_pkcs8(xpriv, data, format, password, 0);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ }
+
+ ret = gnutls_privkey_import_x509(pkey, xpriv,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ gnutls_x509_privkey_deinit(xpriv);
+
+ return ret;
+}
+
+/**
+ * gnutls_privkey_import_openpgp_raw:
+ * @pkey: The private key
+ * @data: The private key data to be imported
+ * @format: The format of the private key
+ * @keyid: The key id to use (optional)
+ * @password: A password (optional)
+ *
+ * This function will import the given private key to the abstract
+ * #gnutls_privkey_t structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.1.0
+ **/
+int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const gnutls_openpgp_keyid_t keyid,
+ const char* password)
+{
+ gnutls_openpgp_privkey_t xpriv;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_init(&xpriv);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_openpgp_privkey_import(xpriv, data, format, password, 0);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ if(keyid)
+ {
+ ret = gnutls_openpgp_privkey_set_preferred_key_id(xpriv, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+ }
+
+ ret = gnutls_privkey_import_openpgp(pkey, xpriv,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ gnutls_openpgp_privkey_deinit(xpriv);
+
+ return ret;
+}
+
+/**
+ * gnutls_privkey_import_pkcs11_url:
+ * @key: A key of type #gnutls_pubkey_t
+ * @url: A PKCS 11 url
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will import a PKCS 11 certificate to a #gnutls_pubkey_t
+ * structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.1.0
+ **/
+int
+gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
+{
+ gnutls_pkcs11_privkey_t pkey;
+ int ret;
+
+ ret = gnutls_pkcs11_privkey_init (&pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_privkey_import_pkcs11 (key, pkey,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ gnutls_pkcs11_privkey_deinit (pkey);
+
+ return ret;
+}
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index ac822a5..7f51333 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -34,6 +34,7 @@
#include <gnutls_state.h>
#include <gnutls_datum.h>
#include <extras/randomart.h>
+#include <read-file.h>
/**
* gnutls_random_art:
@@ -735,3 +736,38 @@ gnutls_anon_set_params_function
(gnutls_anon_server_credentials_t res,
{
res->params_func = func;
}
+
+/**
+ * gnutls_load_file:
+ * @filename: the name of the file to load
+ * @data: Where the file will be stored
+ *
+ * This function will load a file into a datum.
+ * The returned data are allocated using gnutls_malloc().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ *
+ * Since 3.1.0
+ **/
+int gnutls_load_file(const char* filename, gnutls_datum_t * data)
+{
+size_t len;
+
+ data->data = (void*)read_binary_file(filename, &len);
+ if (data->data == NULL)
+ return GNUTLS_E_FILE_ERROR;
+
+ if (malloc != gnutls_malloc)
+ {
+ void* tmp = gnutls_malloc(len);
+
+ memcpy(tmp, data->data, len);
+ free(data->data);
+ data->data = tmp;
+ }
+
+ data->size = len;
+
+ return 0;
+}
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index ad66246..26a3d14 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -174,6 +174,20 @@ int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key,
unsigned int flags);
+
+int gnutls_privkey_import_openpgp_raw (gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const gnutls_openpgp_keyid_t keyid,
+ const char* password);
+
+int gnutls_privkey_import_x509_raw (gnutls_privkey_t pkey,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char* password);
+
+int gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url);
+
int
gnutls_privkey_import_ext (gnutls_privkey_t pkey,
gnutls_pk_algorithm_t pk,
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 3885e56..d0ff2d0 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1735,6 +1735,8 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t
session);
time_t expiration,
unsigned int flags);
+ /* Other help functions */
+int gnutls_load_file(const char* filename, gnutls_datum_t * data);
/* Gnutls error codes. The mapping to a TLS alert is also shown in
* comments.
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index eefae38..c32fc0c 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -798,6 +798,10 @@ GNUTLS_3_1_0 {
gnutls_x509_trust_list_add_trust_file;
gnutls_x509_trust_list_add_trust_mem;
gnutls_pkcs12_simple_parse;
+ gnutls_privkey_import_openpgp_raw;
+ gnutls_privkey_import_x509_raw;
+ gnutls_privkey_import_pkcs11_url;
+ gnutls_load_file;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index fa22cff..2a62f99 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2574,7 +2574,7 @@ gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t *
p_list,
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
- * Since: 3.1
+ * Since: 3.1.0
**/
int
gnutls_pkcs11_obj_list_import_url2 (gnutls_pkcs11_obj_t ** p_list,
diff --git a/src/cli.c b/src/cli.c
index 864a537..980c505 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -103,28 +103,6 @@ static int do_handshake (socket_st * socket);
static void init_global_tls_stuff (void);
static int cert_verify_ocsp (gnutls_session_t session);
-/* Helper functions to load a certificate and key
- * files into memory.
- */
-static gnutls_datum_t
-load_file (const char *file)
-{
- gnutls_datum_t loaded_file = { NULL, 0 };
- size_t length;
-
- loaded_file.data = (void*)read_binary_file (file, &length);
- if (loaded_file.data)
- loaded_file.size = (unsigned int) length;
-
- return loaded_file;
-}
-
-static void
-unload_file (gnutls_datum_t* data)
-{
- free (data->data);
-}
-
#define MAX_CRT 6
static unsigned int x509_crt_size;
static gnutls_pcert_st x509_crt[MAX_CRT];
@@ -167,7 +145,6 @@ load_keys (void)
#ifdef ENABLE_PKCS11
gnutls_pkcs11_privkey_t pkcs11_key;
#endif
- gnutls_x509_privkey_t tmp_key;
unsigned char keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (x509_certfile != NULL && x509_keyfile != NULL)
@@ -197,8 +174,8 @@ load_keys (void)
#endif /* ENABLE_PKCS11 */
{
- data = load_file (x509_certfile);
- if (data.data == NULL)
+ ret = gnutls_load_file (x509_certfile, &data);
+ if (ret < 0)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
@@ -241,7 +218,7 @@ load_keys (void)
gnutls_x509_crt_deinit(crt_list[i]);
}
- unload_file (&data);
+ gnutls_free (data.data);
ret = gnutls_privkey_init(&x509_key);
if (ret < 0)
@@ -254,18 +231,8 @@ load_keys (void)
#ifdef ENABLE_PKCS11
if (strncmp (x509_keyfile, "pkcs11:", 7) == 0)
{
- gnutls_pkcs11_privkey_init (&pkcs11_key);
-
ret =
- gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0);
- if (ret < 0)
- {
- fprintf (stderr, "*** Error loading url: %s\n",
- gnutls_strerror (ret));
- exit (1);
- }
-
- ret = gnutls_privkey_import_pkcs11( x509_key, pkcs11_key,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ gnutls_privkey_import_pkcs11_url (x509_key, x509_keyfile);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
@@ -276,25 +243,14 @@ load_keys (void)
else
#endif /* ENABLE_PKCS11 */
{
- data = load_file (x509_keyfile);
- if (data.data == NULL)
- {
- fprintf (stderr, "*** Error loading key file.\n");
- exit (1);
- }
-
- gnutls_x509_privkey_init (&tmp_key);
-
- ret =
- gnutls_x509_privkey_import (tmp_key, &data, x509ctype);
+ ret = gnutls_load_file (x509_keyfile, &data);
if (ret < 0)
{
- fprintf (stderr, "*** Error loading key file: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
- ret = gnutls_privkey_import_x509( x509_key, tmp_key,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ ret = gnutls_privkey_import_x509_raw( x509_key, &data, x509ctype,
NULL);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
@@ -302,7 +258,7 @@ load_keys (void)
exit (1);
}
- unload_file (&data);
+ gnutls_free(data.data);
}
fprintf (stdout, "Processed %d client X.509 certificates...\n",
@@ -320,8 +276,8 @@ load_keys (void)
{
gnutls_openpgp_crt_t tmp_pgp_crt;
- data = load_file (pgp_certfile);
- if (data.data == NULL)
+ ret = gnutls_load_file (pgp_certfile, &data);
+ if (ret < 0)
{
fprintf (stderr, "*** Error loading PGP cert file.\n");
exit (1);
@@ -339,7 +295,7 @@ load_keys (void)
exit (1);
}
- unload_file (&data);
+ gnutls_free (data.data);
ret = gnutls_privkey_init(&pgp_key);
if (ret < 0)
@@ -373,43 +329,17 @@ load_keys (void)
else
#endif /* ENABLE_PKCS11 */
{
- gnutls_openpgp_privkey_t tmp_pgp_key;
-
- data = load_file (pgp_keyfile);
- if (data.data == NULL)
- {
- fprintf (stderr, "*** Error loading PGP key file.\n");
- exit (1);
- }
-
- gnutls_openpgp_privkey_init (&tmp_pgp_key);
-
- ret =
- gnutls_openpgp_privkey_import (tmp_pgp_key, &data,
- GNUTLS_OPENPGP_FMT_BASE64, NULL,
- 0);
+ ret = gnutls_load_file (pgp_keyfile, &data);
if (ret < 0)
{
- fprintf (stderr,
- "*** Error loading PGP key file: %s\n",
- gnutls_strerror (ret));
+ fprintf (stderr, "*** Error loading key file.\n");
exit (1);
}
if (HAVE_OPT(PGPSUBKEY))
- {
- ret =
- gnutls_openpgp_privkey_set_preferred_key_id (tmp_pgp_key,
keyid);
- if (ret < 0)
- {
- fprintf (stderr,
- "*** Error setting preferred sub key id (%s): %s\n",
- OPT_ARG(PGPSUBKEY), gnutls_strerror (ret));
- exit (1);
- }
- }
-
- ret = gnutls_privkey_import_openpgp( pgp_key, tmp_pgp_key,
GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data,
x509ctype, keyid, NULL);
+ else
+ ret = gnutls_privkey_import_openpgp_raw( pgp_key, &data,
x509ctype, NULL, NULL);
if (ret < 0)
{
fprintf (stderr, "*** Error loading url: %s\n",
@@ -417,7 +347,7 @@ load_keys (void)
exit (1);
}
- unload_file (&data);
+ gnutls_free(data.data);
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_18-157-g4fcc347,
Nikos Mavrogiannopoulos <=