Cedric BAIL
parent
edbdd6a1ad
commit
87eb14012b
|
|
@ -547,21 +547,25 @@
|
|||
noticable quality losses in the chase for speed. It will use
|
||||
IFAST for quality less than 60 when encoding
|
||||
|
||||
2011-12-02 Carsten Haitzler (The Rasterman)
|
||||
2011-12-02 Carsten Haitzler (The Rasterman)
|
||||
|
||||
1.1.0 release
|
||||
|
||||
|
||||
2011-12-02 Mike Blumenkrantz
|
||||
|
||||
* added eet_file_get to return the filename of an Eet_File
|
||||
* Eet_File filenames are now stringshared
|
||||
* added mempool allocators
|
||||
|
||||
2011-12-29 Carsten Haitzler (The Rasterman)
|
||||
2011-12-29 Carsten Haitzler (The Rasterman)
|
||||
|
||||
* increase eet_connection packet size to 1Mb - more reasonable.
|
||||
|
||||
2012-01-07 Boris Faure (billiob)
|
||||
2012-01-07 Boris Faure (billiob)
|
||||
|
||||
* make eet tool write to standard output if no output file given.
|
||||
|
||||
|
||||
2012-02-09 Cedric Bail
|
||||
|
||||
* add support for GNUTLS 3.x.
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ Additions:
|
|||
Improvements:
|
||||
|
||||
* most allocations moved to mempools
|
||||
* support GNUTLS 3.x
|
||||
|
||||
Eet 1.5.0
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
y##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
|
||||
##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
|
||||
##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
|
||||
m4_define([v_maj], [1])
|
||||
m4_define([v_min], [5])
|
||||
|
|
@ -110,39 +110,6 @@ else
|
|||
AC_DEFINE(EET_OLD_EET_FILE_FORMAT, 0, [support old eet file format])
|
||||
fi
|
||||
|
||||
# Gnutls support
|
||||
|
||||
AC_ARG_ENABLE([gnutls],
|
||||
[AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
|
||||
[want_gnutls=$enableval]
|
||||
)
|
||||
AC_MSG_CHECKING([whether to use Gnutls])
|
||||
AC_MSG_RESULT([${want_gnutls}])
|
||||
|
||||
# Specific GNUTLS improvement
|
||||
|
||||
new_gnutls_api="yes"
|
||||
AC_ARG_ENABLE(new-gnutls-api,
|
||||
[AC_HELP_STRING(
|
||||
[--disable-new-gnutls-api],
|
||||
[enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
|
||||
)],
|
||||
[new_gnutls_api=$enableval]
|
||||
)
|
||||
AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
|
||||
AC_MSG_RESULT([${new_gnutls_api}])
|
||||
|
||||
if test "x${new_gnutls_api}" = "xyes" ; then
|
||||
AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
|
||||
[ new_gnutls_api="yes" ],
|
||||
[ new_gnutls_api="no" ]
|
||||
)
|
||||
|
||||
if test "x${new_gnutls_api}" = "xyes"; then
|
||||
AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
|
||||
fi
|
||||
fi
|
||||
|
||||
# Openssl support
|
||||
|
||||
AC_ARG_ENABLE([openssl],
|
||||
|
|
@ -267,6 +234,15 @@ AC_SUBST(EET_LIBS)
|
|||
PKG_CHECK_MODULES(EINA, [eina >= 1.1.0])
|
||||
requirement_eet="eina >= 1.1.0 ${requirement_eet}"
|
||||
|
||||
# Gnutls support
|
||||
|
||||
AC_ARG_ENABLE([gnutls],
|
||||
[AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
|
||||
[want_gnutls=$enableval]
|
||||
)
|
||||
AC_MSG_CHECKING([whether to use Gnutls])
|
||||
AC_MSG_RESULT([${want_gnutls}])
|
||||
|
||||
# Gnutls library
|
||||
have_gnutls="no"
|
||||
if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
|
||||
|
|
@ -287,6 +263,76 @@ if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
|
|||
fi
|
||||
fi
|
||||
|
||||
# Specific GNUTLS improvement
|
||||
|
||||
new_gnutls_api="yes"
|
||||
AC_ARG_ENABLE(new-gnutls-api,
|
||||
[AC_HELP_STRING(
|
||||
[--disable-new-gnutls-api],
|
||||
[enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
|
||||
)],
|
||||
[new_gnutls_api=$enableval]
|
||||
)
|
||||
AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
|
||||
AC_MSG_RESULT([${new_gnutls_api}])
|
||||
|
||||
if test "x${new_gnutls_api}" = "xyes" ; then
|
||||
tmp_CFLAGS="${CFLAGS}"
|
||||
tmp_LIBS="${LIBS}"
|
||||
CFLAGS="${GNUTLS_CFLAGS}"
|
||||
LIBS="${GNUTLS_LIBS}"
|
||||
AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
|
||||
[ new_gnutls_api="yes" ],
|
||||
[ new_gnutls_api="no" ]
|
||||
)
|
||||
CFLAGS="${tmp_CFLAGS}"
|
||||
LIBS="${tmp_LIBS}"
|
||||
|
||||
if test "x${new_gnutls_api}" = "xyes"; then
|
||||
AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
|
||||
fi
|
||||
fi
|
||||
|
||||
use_gnutls_privkey_sign_data="no"
|
||||
if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
|
||||
tmp_CFLAGS="${CFLAGS}"
|
||||
tmp_LIBS="${LIBS}"
|
||||
CFLAGS="${GNUTLS_CFLAGS}"
|
||||
LIBS="${GNUTLS_LIBS}"
|
||||
AC_CHECK_LIB(gnutls, gnutls_privkey_sign_data,
|
||||
[ use_gnutls_privkey_sign_data="yes" ],
|
||||
[ use_gnutls_privkey_sign_data="no" ]
|
||||
)
|
||||
CFLAGS="${tmp_CFLAGS}"
|
||||
LIBS="${tmp_LIBS}"
|
||||
|
||||
if test "x${use_gnutls_privkey_sign_data}" = "xyes"; then
|
||||
AC_DEFINE(EET_USE_NEW_PRIVKEY_SIGN_DATA, 1, [use gnutls_privkey_sign_data])
|
||||
fi
|
||||
fi
|
||||
AC_MSG_CHECKING([whether to use gnutls_privkey_sign_data])
|
||||
AC_MSG_RESULT([${use_gnutls_privkey_sign_data}])
|
||||
|
||||
use_gnutls_pubkey_verify_hash="no"
|
||||
if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
|
||||
tmp_CFLAGS="${CFLAGS}"
|
||||
tmp_LIBS="${LIBS}"
|
||||
CFLAGS="${GNUTLS_CFLAGS}"
|
||||
LIBS="${GNUTLS_LIBS}"
|
||||
AC_CHECK_LIB(gnutls, gnutls_pubkey_verify_hash,
|
||||
[ use_gnutls_pubkey_verify_hash="yes" ],
|
||||
[ use_gnutls_pubkey_verify_hash="no" ]
|
||||
)
|
||||
CFLAGS="${tmp_CFLAGS}"
|
||||
LIBS="${tmp_LIBS}"
|
||||
|
||||
if test "x${use_gnutls_pubkey_verify_hash}" = "xyes"; then
|
||||
AC_DEFINE(EET_USE_NEW_PUBKEY_VERIFY_HASH, 1, [use gnutls_pubkey_verify_hash])
|
||||
fi
|
||||
fi
|
||||
AC_MSG_CHECKING([whether to use gnutls_pubkey_verify_hash])
|
||||
AC_MSG_RESULT([${use_gnutls_pubkey_verify_hash}])
|
||||
|
||||
# Openssl library
|
||||
have_openssl="no"
|
||||
if test "x${want_openssl}" = "xyes" || test "x${want_openssl}" = "xauto" ; then
|
||||
|
|
|
|||
|
|
@ -56,6 +56,9 @@ void *alloca(size_t);
|
|||
|
||||
#ifdef HAVE_CIPHER
|
||||
# ifdef HAVE_GNUTLS
|
||||
# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
|
||||
# include <gnutls/abstract.h>
|
||||
# endif
|
||||
# include <gnutls/x509.h>
|
||||
# include <gcrypt.h>
|
||||
# else /* ifdef HAVE_GNUTLS */
|
||||
|
|
@ -497,6 +500,10 @@ eet_identity_sign(FILE *fp,
|
|||
gnutls_datum_t datum = { NULL, 0 };
|
||||
size_t sign_len = 0;
|
||||
size_t cert_len = 0;
|
||||
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
|
||||
gnutls_datum_t signum = { NULL, 0 };
|
||||
gnutls_privkey_t privkey;
|
||||
#endif
|
||||
# else /* ifdef HAVE_GNUTLS */
|
||||
EVP_MD_CTX md_ctx;
|
||||
unsigned int sign_len = 0;
|
||||
|
|
@ -528,6 +535,28 @@ eet_identity_sign(FILE *fp,
|
|||
datum.size = st_buf.st_size;
|
||||
|
||||
/* Get the signature length */
|
||||
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
|
||||
if (gnutls_privkey_init(&privkey) < 0)
|
||||
{
|
||||
err = EET_ERROR_SIGNATURE_FAILED;
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
if (gnutls_privkey_import_x509(privkey, key->private_key, 0) < 0)
|
||||
{
|
||||
err = EET_ERROR_SIGNATURE_FAILED;
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
if (gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &datum, &signum) < 0)
|
||||
{
|
||||
err = EET_ERROR_SIGNATURE_FAILED;
|
||||
goto on_error;
|
||||
}
|
||||
|
||||
sign = signum.data;
|
||||
sign_len = signum.size;
|
||||
#else
|
||||
if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
|
||||
&datum, sign, &sign_len) &&
|
||||
!sign_len)
|
||||
|
|
@ -550,6 +579,7 @@ eet_identity_sign(FILE *fp,
|
|||
|
||||
goto on_error;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Get the certificate length */
|
||||
if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
|
||||
|
|
@ -696,6 +726,10 @@ eet_identity_check(const void *data_base,
|
|||
gnutls_datum_t datum;
|
||||
gnutls_datum_t signature;
|
||||
# if EET_USE_NEW_GNUTLS_API
|
||||
# if EET_USE_NEW_PUBKEY_VERIFY_HASH
|
||||
gnutls_pubkey_t pubkey;
|
||||
gnutls_digest_algorithm_t hash_algo;
|
||||
# endif
|
||||
unsigned char *hash;
|
||||
gcry_md_hd_t md;
|
||||
int err;
|
||||
|
|
@ -724,28 +758,32 @@ eet_identity_check(const void *data_base,
|
|||
|
||||
hash = gcry_md_read(md, GCRY_MD_SHA1);
|
||||
if (!hash)
|
||||
{
|
||||
gcry_md_close(md);
|
||||
return NULL;
|
||||
}
|
||||
goto on_error;
|
||||
|
||||
datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
|
||||
datum.data = hash;
|
||||
|
||||
# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
|
||||
if (gnutls_pubkey_init(&pubkey) < 0)
|
||||
goto on_error;
|
||||
|
||||
if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
|
||||
goto on_error;
|
||||
|
||||
if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
|
||||
goto on_error;
|
||||
|
||||
if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
|
||||
goto on_error;
|
||||
# else
|
||||
if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
|
||||
{
|
||||
gcry_md_close(md);
|
||||
return NULL;
|
||||
}
|
||||
goto on_error;
|
||||
# endif
|
||||
|
||||
if (sha1)
|
||||
{
|
||||
*sha1 = malloc(datum.size);
|
||||
if (!*sha1)
|
||||
{
|
||||
gcry_md_close(md);
|
||||
return NULL;
|
||||
}
|
||||
if (!*sha1) goto on_error;
|
||||
|
||||
memcpy(*sha1, hash, datum.size);
|
||||
*sha1_length = datum.size;
|
||||
|
|
@ -818,6 +856,11 @@ eet_identity_check(const void *data_base,
|
|||
*raw_signature_length = sign_len;
|
||||
|
||||
return cert_der;
|
||||
# ifdef HAVE_GNUTLS
|
||||
on_error:
|
||||
gcry_md_close(md);
|
||||
return NULL;
|
||||
# endif
|
||||
#else /* ifdef HAVE_SIGNATURE */
|
||||
data_base = NULL;
|
||||
data_length = 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue