efl/eet: bumped requirement for gnutls >= 2.11 thus remove legacy code.
SVN revision: 80287
This commit is contained in:
parent
c9da182a47
commit
511d8e8672
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
* Removed DirectFB support (both ecore_directfb, evas and ecore_evas).
|
* Removed DirectFB support (both ecore_directfb, evas and ecore_evas).
|
||||||
* Removed XRender, WinCE, X11-16 and X11-8 ecore_evas support.
|
* Removed XRender, WinCE, X11-16 and X11-8 ecore_evas support.
|
||||||
|
* Bumped gnutls version requirement to >= 2.11 (released in 2010).
|
||||||
|
|
||||||
2012-12-04 Gwanglim Lee
|
2012-12-04 Gwanglim Lee
|
||||||
|
|
||||||
|
|
|
@ -944,15 +944,10 @@ case "$build_crypto" in
|
||||||
requirements_pc_eet="gnutls >= 2.11 ${requirements_pc_eet}"
|
requirements_pc_eet="gnutls >= 2.11 ${requirements_pc_eet}"
|
||||||
requirements_pc_deps_eet="gnutls >= 2.11 ${requirements_pc_deps_eet}"
|
requirements_pc_deps_eet="gnutls >= 2.11 ${requirements_pc_deps_eet}"
|
||||||
|
|
||||||
# TODO: do we need this?
|
|
||||||
# libgcrypt
|
# libgcrypt
|
||||||
AC_PATH_GENERIC([libgcrypt], [], [:],
|
AC_PATH_GENERIC([libgcrypt], [], [:],
|
||||||
[AC_MSG_ERROR([libgcrypt required but not found])])
|
[AC_MSG_ERROR([libgcrypt required but not found])])
|
||||||
requirements_libs_eet="${LIBGCRYPT_LIBS} ${requirements_libs_eet}"
|
requirements_libs_eet="${LIBGCRYPT_LIBS} ${requirements_libs_eet}"
|
||||||
|
|
||||||
AC_DEFINE([EET_USE_NEW_GNUTLS_API], [1], [use gnutls_x509_crt_verify_hash])
|
|
||||||
AC_DEFINE([EET_USE_NEW_PRIVKEY_SIGN_DATA], [1], [use gnutls_privkey_sign_data])
|
|
||||||
AC_DEFINE([EET_USE_NEW_PUBKEY_VERIFY_HASH], [1], [use gnutls_pubkey_verify_hash])
|
|
||||||
;;
|
;;
|
||||||
|
|
||||||
openssl)
|
openssl)
|
||||||
|
|
|
@ -56,9 +56,7 @@ void *alloca(size_t);
|
||||||
|
|
||||||
#ifdef HAVE_CIPHER
|
#ifdef HAVE_CIPHER
|
||||||
# ifdef HAVE_GNUTLS
|
# ifdef HAVE_GNUTLS
|
||||||
# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
|
|
||||||
# include <gnutls/abstract.h>
|
# include <gnutls/abstract.h>
|
||||||
# endif
|
|
||||||
# include <gnutls/x509.h>
|
# include <gnutls/x509.h>
|
||||||
# include <gcrypt.h>
|
# include <gcrypt.h>
|
||||||
# else /* ifdef HAVE_GNUTLS */
|
# else /* ifdef HAVE_GNUTLS */
|
||||||
|
@ -500,10 +498,8 @@ eet_identity_sign(FILE *fp,
|
||||||
gnutls_datum_t datum = { NULL, 0 };
|
gnutls_datum_t datum = { NULL, 0 };
|
||||||
size_t sign_len = 0;
|
size_t sign_len = 0;
|
||||||
size_t cert_len = 0;
|
size_t cert_len = 0;
|
||||||
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
|
|
||||||
gnutls_datum_t signum = { NULL, 0 };
|
gnutls_datum_t signum = { NULL, 0 };
|
||||||
gnutls_privkey_t privkey;
|
gnutls_privkey_t privkey;
|
||||||
#endif
|
|
||||||
# else /* ifdef HAVE_GNUTLS */
|
# else /* ifdef HAVE_GNUTLS */
|
||||||
EVP_MD_CTX md_ctx;
|
EVP_MD_CTX md_ctx;
|
||||||
unsigned int sign_len = 0;
|
unsigned int sign_len = 0;
|
||||||
|
@ -535,7 +531,6 @@ eet_identity_sign(FILE *fp,
|
||||||
datum.size = st_buf.st_size;
|
datum.size = st_buf.st_size;
|
||||||
|
|
||||||
/* Get the signature length */
|
/* Get the signature length */
|
||||||
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
|
|
||||||
if (gnutls_privkey_init(&privkey) < 0)
|
if (gnutls_privkey_init(&privkey) < 0)
|
||||||
{
|
{
|
||||||
err = EET_ERROR_SIGNATURE_FAILED;
|
err = EET_ERROR_SIGNATURE_FAILED;
|
||||||
|
@ -556,30 +551,6 @@ eet_identity_sign(FILE *fp,
|
||||||
|
|
||||||
sign = signum.data;
|
sign = signum.data;
|
||||||
sign_len = signum.size;
|
sign_len = signum.size;
|
||||||
#else
|
|
||||||
if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
|
|
||||||
&datum, sign, &sign_len) &&
|
|
||||||
!sign_len)
|
|
||||||
{
|
|
||||||
err = EET_ERROR_SIGNATURE_FAILED;
|
|
||||||
goto on_error;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Get the signature */
|
|
||||||
sign = malloc(sign_len);
|
|
||||||
if (!sign ||
|
|
||||||
gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
|
|
||||||
&datum,
|
|
||||||
sign, &sign_len))
|
|
||||||
{
|
|
||||||
if (!sign)
|
|
||||||
err = EET_ERROR_OUT_OF_MEMORY;
|
|
||||||
else
|
|
||||||
err = EET_ERROR_SIGNATURE_FAILED;
|
|
||||||
|
|
||||||
goto on_error;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Get the certificate length */
|
/* Get the certificate length */
|
||||||
if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
|
if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
|
||||||
|
@ -725,15 +696,11 @@ eet_identity_check(const void *data_base,
|
||||||
gnutls_x509_crt_t cert;
|
gnutls_x509_crt_t cert;
|
||||||
gnutls_datum_t datum;
|
gnutls_datum_t datum;
|
||||||
gnutls_datum_t signature;
|
gnutls_datum_t signature;
|
||||||
# if EET_USE_NEW_GNUTLS_API
|
|
||||||
# if EET_USE_NEW_PUBKEY_VERIFY_HASH
|
|
||||||
gnutls_pubkey_t pubkey;
|
gnutls_pubkey_t pubkey;
|
||||||
gnutls_digest_algorithm_t hash_algo;
|
gnutls_digest_algorithm_t hash_algo;
|
||||||
# endif
|
|
||||||
unsigned char *hash;
|
unsigned char *hash;
|
||||||
gcry_md_hd_t md;
|
gcry_md_hd_t md;
|
||||||
int err;
|
int err;
|
||||||
# endif /* if EET_USE_NEW_GNUTLS_API */
|
|
||||||
|
|
||||||
/* Create an understanding certificate structure for gnutls */
|
/* Create an understanding certificate structure for gnutls */
|
||||||
datum.data = (void *)cert_der;
|
datum.data = (void *)cert_der;
|
||||||
|
@ -745,7 +712,6 @@ eet_identity_check(const void *data_base,
|
||||||
signature.size = sign_len;
|
signature.size = sign_len;
|
||||||
|
|
||||||
/* Verify the signature */
|
/* Verify the signature */
|
||||||
# if EET_USE_NEW_GNUTLS_API
|
|
||||||
/*
|
/*
|
||||||
I am waiting for my patch being accepted in GnuTLS release.
|
I am waiting for my patch being accepted in GnuTLS release.
|
||||||
But we now have a way to prevent double computation of SHA1.
|
But we now have a way to prevent double computation of SHA1.
|
||||||
|
@ -763,7 +729,6 @@ eet_identity_check(const void *data_base,
|
||||||
datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
|
datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
|
||||||
datum.data = hash;
|
datum.data = hash;
|
||||||
|
|
||||||
# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
|
|
||||||
if (gnutls_pubkey_init(&pubkey) < 0)
|
if (gnutls_pubkey_init(&pubkey) < 0)
|
||||||
goto on_error;
|
goto on_error;
|
||||||
|
|
||||||
|
@ -775,10 +740,6 @@ eet_identity_check(const void *data_base,
|
||||||
|
|
||||||
if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
|
if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
|
||||||
goto on_error;
|
goto on_error;
|
||||||
# else
|
|
||||||
if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
|
|
||||||
goto on_error;
|
|
||||||
# endif
|
|
||||||
|
|
||||||
if (sha1)
|
if (sha1)
|
||||||
{
|
{
|
||||||
|
@ -790,20 +751,6 @@ eet_identity_check(const void *data_base,
|
||||||
}
|
}
|
||||||
|
|
||||||
gcry_md_close(md);
|
gcry_md_close(md);
|
||||||
# else /* if EET_USE_NEW_GNUTLS_API */
|
|
||||||
datum.data = (void *)data_base;
|
|
||||||
datum.size = data_length;
|
|
||||||
|
|
||||||
if (!gnutls_x509_crt_verify_data(cert, 0, &datum, &signature))
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
if (sha1)
|
|
||||||
{
|
|
||||||
*sha1 = NULL;
|
|
||||||
*sha1_length = -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# endif /* if EET_USE_NEW_GNUTLS_API */
|
|
||||||
gnutls_x509_crt_deinit(cert);
|
gnutls_x509_crt_deinit(cert);
|
||||||
|
|
||||||
# else /* ifdef HAVE_GNUTLS */
|
# else /* ifdef HAVE_GNUTLS */
|
||||||
|
@ -857,12 +804,10 @@ eet_identity_check(const void *data_base,
|
||||||
|
|
||||||
return cert_der;
|
return cert_der;
|
||||||
# ifdef HAVE_GNUTLS
|
# ifdef HAVE_GNUTLS
|
||||||
# if EET_USE_NEW_GNUTLS_API
|
|
||||||
on_error:
|
on_error:
|
||||||
gcry_md_close(md);
|
gcry_md_close(md);
|
||||||
return NULL;
|
return NULL;
|
||||||
# endif
|
# endif
|
||||||
# endif
|
|
||||||
#else /* ifdef HAVE_SIGNATURE */
|
#else /* ifdef HAVE_SIGNATURE */
|
||||||
data_base = NULL;
|
data_base = NULL;
|
||||||
data_length = 0;
|
data_length = 0;
|
||||||
|
|
Loading…
Reference in New Issue