[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-115-gb544992
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-115-gb544992 |
|
Date: |
Sat, 27 Aug 2011 18:53:12 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b544992357edd9e4128e065d710a82e9e4e4af24
The branch, master has been updated
via b544992357edd9e4128e065d710a82e9e4e4af24 (commit)
via f9e11d4543219c4b1698a0eca5fa1d68ee44232e (commit)
via 851e3d472ec0b5305a9cceceb98e34edf2d3f257 (commit)
via 5000ce37f9a21d9f51db5b964d4c965c10ede6eb (commit)
via e5fdc955e8bcc1b3925c2e6569b28a53b6eea435 (commit)
from 407c53056f717a3ef385d6e5fed6cb9cb7efacf4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
NEWS | 17 +++++++++++
lib/accelerated/intel/aes-gcm-x86.c | 4 --
lib/accelerated/intel/aes-x86.c | 4 --
lib/accelerated/intel/aes-x86.h | 1 -
lib/gnutls_privkey.c | 54 +++++++++++++++++++++++++++++++----
lib/gnutls_x509.c | 2 +-
lib/includes/gnutls/abstract.h | 3 +-
lib/openpgp/gnutls_openpgp.c | 3 +-
lib/openpgp/gnutls_openpgp.h | 3 ++
lib/openpgp/privkey.c | 49 +++++++++++++++++++++++++++++++
lib/x509/x509.c | 5 +--
11 files changed, 124 insertions(+), 21 deletions(-)
diff --git a/NEWS b/NEWS
index ac988de..2e934cc 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,23 @@ GnuTLS NEWS -- History of user-visible changes.
-*- outline -*-
Copyright (C) 2000-2011 Free Software Foundation, Inc.
See the end for copying conditions.
+* Version 3.0.2 (unreleased)
+
+** libgnutls: Corrected parsing of XMPP subject
+alternative names.
+
+** libgnutls: Allow for out-of-order ChangeCipherSpec
+message in DTLS.
+
+** libgnutls: gnutls_certificate_set_x509_key() and
+gnutls_certificate_set_openpgp_key() operate as in 2.10.x
+and allow the release of the private key during the
+lifetime of the certificate structure.
+
+** API and ABI modifications:
+GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag
+
+
* Version 3.0.1 (released 2011-08-20)
** libgnutls: gnutls_certificate_set_x509_key_file() and
diff --git a/lib/accelerated/intel/aes-gcm-x86.c
b/lib/accelerated/intel/aes-gcm-x86.c
index 260977b..cd18dc9 100644
--- a/lib/accelerated/intel/aes-gcm-x86.c
+++ b/lib/accelerated/intel/aes-gcm-x86.c
@@ -77,8 +77,6 @@ aes_gcm_deinit (void *_ctx)
static int
aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
{
- struct aes_gcm_ctx *ctx;
-
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_GCM &&
algorithm != GNUTLS_CIPHER_AES_256_GCM)
@@ -91,8 +89,6 @@ aes_gcm_cipher_init (gnutls_cipher_algorithm_t algorithm,
void **_ctx)
return GNUTLS_E_MEMORY_ERROR;
}
- ctx = *_ctx;
-
return 0;
}
diff --git a/lib/accelerated/intel/aes-x86.c b/lib/accelerated/intel/aes-x86.c
index 68a5e1a..7a5ed64 100644
--- a/lib/accelerated/intel/aes-x86.c
+++ b/lib/accelerated/intel/aes-x86.c
@@ -46,8 +46,6 @@ struct aes_ctx
static int
aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
{
- struct aes_ctx *ctx;
-
/* we use key size to distinguish */
if (algorithm != GNUTLS_CIPHER_AES_128_CBC
&& algorithm != GNUTLS_CIPHER_AES_192_CBC
@@ -61,8 +59,6 @@ aes_cipher_init (gnutls_cipher_algorithm_t algorithm, void
**_ctx)
return GNUTLS_E_MEMORY_ERROR;
}
- ctx = *_ctx;
-
return 0;
}
diff --git a/lib/accelerated/intel/aes-x86.h b/lib/accelerated/intel/aes-x86.h
index a4cac1d..2cbf07b 100644
--- a/lib/accelerated/intel/aes-x86.h
+++ b/lib/accelerated/intel/aes-x86.h
@@ -10,7 +10,6 @@ void register_x86_crypto (void);
typedef struct
{
uint32_t rd_key[4 * (AES_MAXNR + 1)+AES_KEY_ALIGN_SIZE];
- int rounds; /* unused... */
} AES_KEY;
void aesni_ecb_encrypt (const unsigned char *in, unsigned char *out,
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 128f205..b8a3ee0 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -279,7 +279,7 @@ gnutls_privkey_deinit (gnutls_privkey_t key)
{
if (key == NULL) return;
- if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
+ if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags &
GNUTLS_PRIVKEY_IMPORT_COPY)
switch (key->type)
{
#ifdef ENABLE_OPENPGP
@@ -315,7 +315,7 @@ static int check_if_clean(gnutls_privkey_t key)
* gnutls_privkey_import_pkcs11:
* @pkey: The private key
* @key: The private key to be imported
- * @flags: should be zero or %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ * @flags: Flags for the import
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
@@ -323,6 +323,9 @@ static int check_if_clean(gnutls_privkey_t key)
* The #gnutls_pkcs11_privkey_t object must not be deallocated
* during the lifetime of this structure.
*
+ * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ * and %GNUTLS_PRIVKEY_IMPORT_COPY.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
@@ -341,6 +344,9 @@ int ret;
return ret;
}
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
@@ -355,7 +361,7 @@ int ret;
* gnutls_privkey_import_x509:
* @pkey: The private key
* @key: The private key to be imported
- * @flags: should be zero or %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ * @flags: Flags for the import
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
@@ -363,6 +369,9 @@ int ret;
* The #gnutls_x509_privkey_t object must not be deallocated
* during the lifetime of this structure.
*
+ * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ * and %GNUTLS_PRIVKEY_IMPORT_COPY.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
@@ -381,7 +390,22 @@ int ret;
return ret;
}
- pkey->key.x509 = key;
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ {
+ ret = gnutls_x509_privkey_init(&pkey->key.x509);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
+ if (ret < 0)
+ {
+ gnutls_x509_privkey_deinit(pkey->key.x509);
+ return gnutls_assert_val(ret);
+ }
+ }
+ else
+ pkey->key.x509 = key;
+
pkey->type = GNUTLS_PRIVKEY_X509;
pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
pkey->flags = flags;
@@ -394,7 +418,7 @@ int ret;
* gnutls_privkey_import_openpgp:
* @pkey: The private key
* @key: The private key to be imported
- * @flags: should be zero or %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ * @flags: Flags for the import
*
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
@@ -403,6 +427,9 @@ int ret;
* during the lifetime of this structure. The subkey set as
* preferred will be used, or the master key otherwise.
*
+ * @flags might be zero or one of %GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ * and %GNUTLS_PRIVKEY_IMPORT_COPY.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
@@ -423,7 +450,22 @@ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
return ret;
}
- pkey->key.openpgp = key;
+ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ {
+ ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
+ if (ret < 0)
+ {
+ gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
+ return gnutls_assert_val(ret);
+ }
+ }
+ else
+ pkey->key.openpgp = key;
+
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 96d280d..a2b8838 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1041,7 +1041,7 @@ gnutls_certificate_set_x509_key
(gnutls_certificate_credentials_t res,
return ret;
}
- ret = gnutls_privkey_import_x509 (pkey, key, 0);
+ ret = gnutls_privkey_import_x509 (pkey, key, GNUTLS_PRIVKEY_IMPORT_COPY);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index a01b037..429b06f 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -133,7 +133,8 @@ int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
-#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1
+#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
+#define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key,
unsigned int flags);
diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
index 2d2afd5..5bb97fa 100644
--- a/lib/openpgp/gnutls_openpgp.c
+++ b/lib/openpgp/gnutls_openpgp.c
@@ -107,7 +107,7 @@ gnutls_certificate_set_openpgp_key
(gnutls_certificate_credentials_t res,
ret =
gnutls_privkey_import_openpgp (privkey, pkey,
- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ GNUTLS_PRIVKEY_IMPORT_COPY);
if (ret < 0)
{
gnutls_assert ();
@@ -403,6 +403,7 @@ gnutls_certificate_set_openpgp_key_mem2
(gnutls_certificate_credentials_t res,
ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
gnutls_openpgp_crt_deinit (crt);
+ gnutls_openpgp_privkey_deinit (pkey);
return ret;
}
diff --git a/lib/openpgp/gnutls_openpgp.h b/lib/openpgp/gnutls_openpgp.h
index 70ba02a..b5616b8 100644
--- a/lib/openpgp/gnutls_openpgp.h
+++ b/lib/openpgp/gnutls_openpgp.h
@@ -26,6 +26,9 @@ int gnutls_openpgp_get_key (gnutls_datum_t * key,
/* internal */
int
+_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest,
gnutls_openpgp_privkey_t src);
+
+int
_gnutls_openpgp_request_key (gnutls_session_t,
gnutls_datum_t * ret,
const gnutls_certificate_credentials_t cred,
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 54b5d75..0ee0532 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -72,6 +72,55 @@ gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
gnutls_free (key);
}
+/*-
+ * _gnutls_openpgp_privkey_cpy - This function copies a
gnutls_openpgp_privkey_t structure
+ * @dest: The structure where to copy
+ * @src: The structure to be copied
+ *
+ * This function will copy an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest,
gnutls_openpgp_privkey_t src)
+{
+ int ret;
+ size_t raw_size=0;
+ opaque *der;
+ gnutls_datum_t tmp;
+
+ ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0,
NULL, &raw_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ return gnutls_assert_val(ret);
+
+ der = gnutls_malloc (raw_size);
+ if (der == NULL)
+ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
+
+ ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0,
der, &raw_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = raw_size;
+ ret = gnutls_openpgp_privkey_import (dest, &tmp, GNUTLS_OPENPGP_FMT_RAW,
NULL, 0);
+
+ gnutls_free (der);
+
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ memcpy(dest->preferred_keyid, src->preferred_keyid,
GNUTLS_OPENPGP_KEYID_SIZE);
+ dest->preferred_set = src->preferred_set;
+
+ return 0;
+}
+
/**
* gnutls_openpgp_privkey_sec_param:
* @key: a key structure
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index e752e97..5011c58 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -83,7 +83,7 @@ int
_gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
{
int ret;
- size_t der_size;
+ size_t der_size=0;
opaque *der;
gnutls_datum_t tmp;
@@ -122,7 +122,6 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest,
gnutls_x509_crt_t src)
}
return 0;
-
}
/**
@@ -991,7 +990,7 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char
*src_name,
size_t orig_name_size = *name_size;
result = asn1_create_element
- (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2);
+ (_gnutls_get_pkix (), "PKIX1.UTF8String", &c2);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-115-gb544992,
Nikos Mavrogiannopoulos <=