[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnutls-dev] [PATCH] Load DH Params from File

From: Mr Allwyn Fernandes
Subject: [gnutls-dev] [PATCH] Load DH Params from File
Date: Fri, 12 Oct 2007 17:16:59 +1000
User-agent: KMail/1.9.7


(Apologies if anyone gets this multiple times: I've tried sending it several 
times, and keep getting bounce messages... I don't see it in any of the 
archives so I _suspect_ it hasn't gotten through to anyone, but I'm not 

I recently added GnuTLS support to an app, and noticed a slight inconsistancy 
in the api; one can load certificates, keys and CRLs directly from a file, 
but there is no corresponding function which takes a filename and loads the 
DH params from the file. I'm using Debian Testing, which has gnutls13-1.7.19, 
but I noted that the current online documentation doesn't list a new method 
to do this either.

I have created a trivial patch which implements an api 
function "gnutls_dh_params_import_pkcs3_file" from a combination 
of "gnutls_dh_params_import_pkcs3" and "gnutls_certificate_set_x509_crl_file"

I have generated the patch against Debian's gnutls13-1.7.19 source, but 
appears to apply reasonably to the 2.0.1 source... Otherwise, for easy 
cut-n-paste, the new method is listed below, along with the corresponding 
header entry.

If there are any comments or questions, please feel free to let me know.



In lib/gnutls_dh_primes.c, under gnutls_dh_params_import_pkcs3:

  * gnutls_dh_params_import_pkcs3_file - This function will import DH params 
  * from a file containing a pkcs3 structure
  * @params: A structure where the parameters will be copied to
  * @pkcs3_file: should contain a PKCS3 DHParams structure PEM or DER encoded
  * @format: the format of params. PEM or DER.
  * This function will extract the DHParams found in a file containing a PKCS3 
  * formatted structure. This is the format generated by "openssl dhparam" 
  * If the structure is PEM encoded, it should have a header
  * In case of failure a negative value will be returned, and
  * 0 on success.
gnutls_dh_params_import_pkcs3_file (gnutls_dh_params_t params,
                                    const char * pkcs3_file,
                                    gnutls_x509_crt_fmt_t format)
  int ret;
  size_t size;
  char *data = read_binary_file (pkcs3_file, &size);

  if (data == NULL)
      gnutls_assert ();
      return GNUTLS_E_FILE_ERROR;
  ret = gnutls_dh_params_import_pkcs3 (params, data, format);

  free (data);

  if (ret < 0)
      gnutls_assert ();
      return ret;

  return ret;

In includes/gnutls/, under gnutls_dh_params_import_pkcs3:

  int gnutls_dh_params_import_pkcs3_file (gnutls_dh_params_t params,
                                          const char * pkcs3_file,
                                          gnutls_x509_crt_fmt_t format);

And something like this for the NEWS file.
** API and ABI modifications:

New API to load Diffie-Hellman parameters from file:

Attachment: gnutls13-1.7.19-dhfile.diff.gz
Description: GNU Zip compressed data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]