Commit 87eb1401 authored by Cedric BAIL's avatar Cedric BAIL

eet: add support for GnuTLS 3.x


SVN revision: 67785
parent edbdd6a1
......@@ -547,21 +547,25 @@
noticable quality losses in the chase for speed. It will use
IFAST for quality less than 60 when encoding
2011-12-02 Carsten Haitzler (The Rasterman)
2011-12-02 Carsten Haitzler (The Rasterman)
1.1.0 release
2011-12-02 Mike Blumenkrantz
* added eet_file_get to return the filename of an Eet_File
* Eet_File filenames are now stringshared
* added mempool allocators
2011-12-29 Carsten Haitzler (The Rasterman)
2011-12-29 Carsten Haitzler (The Rasterman)
* increase eet_connection packet size to 1Mb - more reasonable.
2012-01-07 Boris Faure (billiob)
2012-01-07 Boris Faure (billiob)
* make eet tool write to standard output if no output file given.
2012-02-09 Cedric Bail
* add support for GNUTLS 3.x.
......@@ -9,6 +9,7 @@ Additions:
Improvements:
* most allocations moved to mempools
* support GNUTLS 3.x
Eet 1.5.0
......
y##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
m4_define([v_maj], [1])
m4_define([v_min], [5])
......@@ -110,39 +110,6 @@ else
AC_DEFINE(EET_OLD_EET_FILE_FORMAT, 0, [support old eet file format])
fi
# Gnutls support
AC_ARG_ENABLE([gnutls],
[AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
[want_gnutls=$enableval]
)
AC_MSG_CHECKING([whether to use Gnutls])
AC_MSG_RESULT([${want_gnutls}])
# Specific GNUTLS improvement
new_gnutls_api="yes"
AC_ARG_ENABLE(new-gnutls-api,
[AC_HELP_STRING(
[--disable-new-gnutls-api],
[enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
)],
[new_gnutls_api=$enableval]
)
AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
AC_MSG_RESULT([${new_gnutls_api}])
if test "x${new_gnutls_api}" = "xyes" ; then
AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
[ new_gnutls_api="yes" ],
[ new_gnutls_api="no" ]
)
if test "x${new_gnutls_api}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
fi
fi
# Openssl support
AC_ARG_ENABLE([openssl],
......@@ -267,6 +234,15 @@ AC_SUBST(EET_LIBS)
PKG_CHECK_MODULES(EINA, [eina >= 1.1.0])
requirement_eet="eina >= 1.1.0 ${requirement_eet}"
# Gnutls support
AC_ARG_ENABLE([gnutls],
[AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
[want_gnutls=$enableval]
)
AC_MSG_CHECKING([whether to use Gnutls])
AC_MSG_RESULT([${want_gnutls}])
# Gnutls library
have_gnutls="no"
if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
......@@ -287,6 +263,76 @@ if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
fi
fi
# Specific GNUTLS improvement
new_gnutls_api="yes"
AC_ARG_ENABLE(new-gnutls-api,
[AC_HELP_STRING(
[--disable-new-gnutls-api],
[enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
)],
[new_gnutls_api=$enableval]
)
AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
AC_MSG_RESULT([${new_gnutls_api}])
if test "x${new_gnutls_api}" = "xyes" ; then
tmp_CFLAGS="${CFLAGS}"
tmp_LIBS="${LIBS}"
CFLAGS="${GNUTLS_CFLAGS}"
LIBS="${GNUTLS_LIBS}"
AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
[ new_gnutls_api="yes" ],
[ new_gnutls_api="no" ]
)
CFLAGS="${tmp_CFLAGS}"
LIBS="${tmp_LIBS}"
if test "x${new_gnutls_api}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
fi
fi
use_gnutls_privkey_sign_data="no"
if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
tmp_CFLAGS="${CFLAGS}"
tmp_LIBS="${LIBS}"
CFLAGS="${GNUTLS_CFLAGS}"
LIBS="${GNUTLS_LIBS}"
AC_CHECK_LIB(gnutls, gnutls_privkey_sign_data,
[ use_gnutls_privkey_sign_data="yes" ],
[ use_gnutls_privkey_sign_data="no" ]
)
CFLAGS="${tmp_CFLAGS}"
LIBS="${tmp_LIBS}"
if test "x${use_gnutls_privkey_sign_data}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_PRIVKEY_SIGN_DATA, 1, [use gnutls_privkey_sign_data])
fi
fi
AC_MSG_CHECKING([whether to use gnutls_privkey_sign_data])
AC_MSG_RESULT([${use_gnutls_privkey_sign_data}])
use_gnutls_pubkey_verify_hash="no"
if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
tmp_CFLAGS="${CFLAGS}"
tmp_LIBS="${LIBS}"
CFLAGS="${GNUTLS_CFLAGS}"
LIBS="${GNUTLS_LIBS}"
AC_CHECK_LIB(gnutls, gnutls_pubkey_verify_hash,
[ use_gnutls_pubkey_verify_hash="yes" ],
[ use_gnutls_pubkey_verify_hash="no" ]
)
CFLAGS="${tmp_CFLAGS}"
LIBS="${tmp_LIBS}"
if test "x${use_gnutls_pubkey_verify_hash}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_PUBKEY_VERIFY_HASH, 1, [use gnutls_pubkey_verify_hash])
fi
fi
AC_MSG_CHECKING([whether to use gnutls_pubkey_verify_hash])
AC_MSG_RESULT([${use_gnutls_pubkey_verify_hash}])
# Openssl library
have_openssl="no"
if test "x${want_openssl}" = "xyes" || test "x${want_openssl}" = "xauto" ; then
......
......@@ -56,6 +56,9 @@ void *alloca(size_t);
#ifdef HAVE_CIPHER
# ifdef HAVE_GNUTLS
# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
# include <gnutls/abstract.h>
# endif
# include <gnutls/x509.h>
# include <gcrypt.h>
# else /* ifdef HAVE_GNUTLS */
......@@ -497,6 +500,10 @@ eet_identity_sign(FILE *fp,
gnutls_datum_t datum = { NULL, 0 };
size_t sign_len = 0;
size_t cert_len = 0;
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
gnutls_datum_t signum = { NULL, 0 };
gnutls_privkey_t privkey;
#endif
# else /* ifdef HAVE_GNUTLS */
EVP_MD_CTX md_ctx;
unsigned int sign_len = 0;
......@@ -528,6 +535,28 @@ eet_identity_sign(FILE *fp,
datum.size = st_buf.st_size;
/* Get the signature length */
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
if (gnutls_privkey_init(&privkey) < 0)
{
err = EET_ERROR_SIGNATURE_FAILED;
goto on_error;
}
if (gnutls_privkey_import_x509(privkey, key->private_key, 0) < 0)
{
err = EET_ERROR_SIGNATURE_FAILED;
goto on_error;
}
if (gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &datum, &signum) < 0)
{
err = EET_ERROR_SIGNATURE_FAILED;
goto on_error;
}
sign = signum.data;
sign_len = signum.size;
#else
if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
&datum, sign, &sign_len) &&
!sign_len)
......@@ -550,6 +579,7 @@ eet_identity_sign(FILE *fp,
goto on_error;
}
#endif
/* Get the certificate length */
if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
......@@ -696,6 +726,10 @@ eet_identity_check(const void *data_base,
gnutls_datum_t datum;
gnutls_datum_t signature;
# if EET_USE_NEW_GNUTLS_API
# if EET_USE_NEW_PUBKEY_VERIFY_HASH
gnutls_pubkey_t pubkey;
gnutls_digest_algorithm_t hash_algo;
# endif
unsigned char *hash;
gcry_md_hd_t md;
int err;
......@@ -724,28 +758,32 @@ eet_identity_check(const void *data_base,
hash = gcry_md_read(md, GCRY_MD_SHA1);
if (!hash)
{
gcry_md_close(md);
return NULL;
}
goto on_error;
datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
datum.data = hash;
# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
if (gnutls_pubkey_init(&pubkey) < 0)
goto on_error;
if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
goto on_error;
if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
goto on_error;
if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
goto on_error;
# else
if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
{
gcry_md_close(md);
return NULL;
}
goto on_error;
# endif
if (sha1)
{
*sha1 = malloc(datum.size);
if (!*sha1)
{
gcry_md_close(md);
return NULL;
}
if (!*sha1) goto on_error;
memcpy(*sha1, hash, datum.size);
*sha1_length = datum.size;
......@@ -818,6 +856,11 @@ eet_identity_check(const void *data_base,
*raw_signature_length = sign_len;
return cert_der;
# ifdef HAVE_GNUTLS
on_error:
gcry_md_close(md);
return NULL;
# endif
#else /* ifdef HAVE_SIGNATURE */
data_base = NULL;
data_length = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment