summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGustavo Sverzut Barbieri <barbieri@gmail.com>2012-12-05 23:44:45 +0000
committerGustavo Sverzut Barbieri <barbieri@gmail.com>2012-12-05 23:44:45 +0000
commit511d8e86728be555a4a57e470c4f6c90b5bb8bca (patch)
tree8290c00d15f9c7d6384c913bfdcaa5f44e7a5621
parentc9da182a47173608095a67ce6ad4cb85a5d12005 (diff)
efl/eet: bumped requirement for gnutls >= 2.11 thus remove legacy code.
SVN revision: 80287
-rw-r--r--ChangeLog1
-rw-r--r--configure.ac5
-rw-r--r--src/lib/eet/eet_cipher.c57
3 files changed, 2 insertions, 61 deletions
diff --git a/ChangeLog b/ChangeLog
index 6da5eb6bd3..4fc7c22e6c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
2 2
3 * Removed DirectFB support (both ecore_directfb, evas and ecore_evas). 3 * Removed DirectFB support (both ecore_directfb, evas and ecore_evas).
4 * Removed XRender, WinCE, X11-16 and X11-8 ecore_evas support. 4 * Removed XRender, WinCE, X11-16 and X11-8 ecore_evas support.
5 * Bumped gnutls version requirement to >= 2.11 (released in 2010).
5 6
62012-12-04 Gwanglim Lee 72012-12-04 Gwanglim Lee
7 8
diff --git a/configure.ac b/configure.ac
index 49cf5c0313..28034f27b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -944,15 +944,10 @@ case "$build_crypto" in
944 requirements_pc_eet="gnutls >= 2.11 ${requirements_pc_eet}" 944 requirements_pc_eet="gnutls >= 2.11 ${requirements_pc_eet}"
945 requirements_pc_deps_eet="gnutls >= 2.11 ${requirements_pc_deps_eet}" 945 requirements_pc_deps_eet="gnutls >= 2.11 ${requirements_pc_deps_eet}"
946 946
947 # TODO: do we need this?
948 # libgcrypt 947 # libgcrypt
949 AC_PATH_GENERIC([libgcrypt], [], [:], 948 AC_PATH_GENERIC([libgcrypt], [], [:],
950 [AC_MSG_ERROR([libgcrypt required but not found])]) 949 [AC_MSG_ERROR([libgcrypt required but not found])])
951 requirements_libs_eet="${LIBGCRYPT_LIBS} ${requirements_libs_eet}" 950 requirements_libs_eet="${LIBGCRYPT_LIBS} ${requirements_libs_eet}"
952
953 AC_DEFINE([EET_USE_NEW_GNUTLS_API], [1], [use gnutls_x509_crt_verify_hash])
954 AC_DEFINE([EET_USE_NEW_PRIVKEY_SIGN_DATA], [1], [use gnutls_privkey_sign_data])
955 AC_DEFINE([EET_USE_NEW_PUBKEY_VERIFY_HASH], [1], [use gnutls_pubkey_verify_hash])
956 ;; 951 ;;
957 952
958 openssl) 953 openssl)
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index 5bd9f25d0b..ff475c639e 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -56,9 +56,7 @@ void *alloca(size_t);
56 56
57#ifdef HAVE_CIPHER 57#ifdef HAVE_CIPHER
58# ifdef HAVE_GNUTLS 58# ifdef HAVE_GNUTLS
59# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA 59# include <gnutls/abstract.h>
60# include <gnutls/abstract.h>
61# endif
62# include <gnutls/x509.h> 60# include <gnutls/x509.h>
63# include <gcrypt.h> 61# include <gcrypt.h>
64# else /* ifdef HAVE_GNUTLS */ 62# else /* ifdef HAVE_GNUTLS */
@@ -500,10 +498,8 @@ eet_identity_sign(FILE *fp,
500 gnutls_datum_t datum = { NULL, 0 }; 498 gnutls_datum_t datum = { NULL, 0 };
501 size_t sign_len = 0; 499 size_t sign_len = 0;
502 size_t cert_len = 0; 500 size_t cert_len = 0;
503#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
504 gnutls_datum_t signum = { NULL, 0 }; 501 gnutls_datum_t signum = { NULL, 0 };
505 gnutls_privkey_t privkey; 502 gnutls_privkey_t privkey;
506#endif
507# else /* ifdef HAVE_GNUTLS */ 503# else /* ifdef HAVE_GNUTLS */
508 EVP_MD_CTX md_ctx; 504 EVP_MD_CTX md_ctx;
509 unsigned int sign_len = 0; 505 unsigned int sign_len = 0;
@@ -535,7 +531,6 @@ eet_identity_sign(FILE *fp,
535 datum.size = st_buf.st_size; 531 datum.size = st_buf.st_size;
536 532
537 /* Get the signature length */ 533 /* Get the signature length */
538#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
539 if (gnutls_privkey_init(&privkey) < 0) 534 if (gnutls_privkey_init(&privkey) < 0)
540 { 535 {
541 err = EET_ERROR_SIGNATURE_FAILED; 536 err = EET_ERROR_SIGNATURE_FAILED;
@@ -556,30 +551,6 @@ eet_identity_sign(FILE *fp,
556 551
557 sign = signum.data; 552 sign = signum.data;
558 sign_len = signum.size; 553 sign_len = signum.size;
559#else
560 if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
561 &datum, sign, &sign_len) &&
562 !sign_len)
563 {
564 err = EET_ERROR_SIGNATURE_FAILED;
565 goto on_error;
566 }
567
568 /* Get the signature */
569 sign = malloc(sign_len);
570 if (!sign ||
571 gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
572 &datum,
573 sign, &sign_len))
574 {
575 if (!sign)
576 err = EET_ERROR_OUT_OF_MEMORY;
577 else
578 err = EET_ERROR_SIGNATURE_FAILED;
579
580 goto on_error;
581 }
582#endif
583 554
584 /* Get the certificate length */ 555 /* Get the certificate length */
585 if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert, 556 if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
@@ -725,15 +696,11 @@ eet_identity_check(const void *data_base,
725 gnutls_x509_crt_t cert; 696 gnutls_x509_crt_t cert;
726 gnutls_datum_t datum; 697 gnutls_datum_t datum;
727 gnutls_datum_t signature; 698 gnutls_datum_t signature;
728# if EET_USE_NEW_GNUTLS_API
729# if EET_USE_NEW_PUBKEY_VERIFY_HASH
730 gnutls_pubkey_t pubkey; 699 gnutls_pubkey_t pubkey;
731 gnutls_digest_algorithm_t hash_algo; 700 gnutls_digest_algorithm_t hash_algo;
732# endif
733 unsigned char *hash; 701 unsigned char *hash;
734 gcry_md_hd_t md; 702 gcry_md_hd_t md;
735 int err; 703 int err;
736# endif /* if EET_USE_NEW_GNUTLS_API */
737 704
738 /* Create an understanding certificate structure for gnutls */ 705 /* Create an understanding certificate structure for gnutls */
739 datum.data = (void *)cert_der; 706 datum.data = (void *)cert_der;
@@ -745,7 +712,6 @@ eet_identity_check(const void *data_base,
745 signature.size = sign_len; 712 signature.size = sign_len;
746 713
747 /* Verify the signature */ 714 /* Verify the signature */
748# if EET_USE_NEW_GNUTLS_API
749 /* 715 /*
750 I am waiting for my patch being accepted in GnuTLS release. 716 I am waiting for my patch being accepted in GnuTLS release.
751 But we now have a way to prevent double computation of SHA1. 717 But we now have a way to prevent double computation of SHA1.
@@ -763,7 +729,6 @@ eet_identity_check(const void *data_base,
763 datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1); 729 datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
764 datum.data = hash; 730 datum.data = hash;
765 731
766# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
767 if (gnutls_pubkey_init(&pubkey) < 0) 732 if (gnutls_pubkey_init(&pubkey) < 0)
768 goto on_error; 733 goto on_error;
769 734
@@ -775,10 +740,6 @@ eet_identity_check(const void *data_base,
775 740
776 if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0) 741 if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
777 goto on_error; 742 goto on_error;
778# else
779 if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
780 goto on_error;
781# endif
782 743
783 if (sha1) 744 if (sha1)
784 { 745 {
@@ -790,20 +751,6 @@ eet_identity_check(const void *data_base,
790 } 751 }
791 752
792 gcry_md_close(md); 753 gcry_md_close(md);
793# else /* if EET_USE_NEW_GNUTLS_API */
794 datum.data = (void *)data_base;
795 datum.size = data_length;
796
797 if (!gnutls_x509_crt_verify_data(cert, 0, &datum, &signature))
798 return NULL;
799
800 if (sha1)
801 {
802 *sha1 = NULL;
803 *sha1_length = -1;
804 }
805
806# endif /* if EET_USE_NEW_GNUTLS_API */
807 gnutls_x509_crt_deinit(cert); 754 gnutls_x509_crt_deinit(cert);
808 755
809# else /* ifdef HAVE_GNUTLS */ 756# else /* ifdef HAVE_GNUTLS */
@@ -857,11 +804,9 @@ eet_identity_check(const void *data_base,
857 804
858 return cert_der; 805 return cert_der;
859# ifdef HAVE_GNUTLS 806# ifdef HAVE_GNUTLS
860# if EET_USE_NEW_GNUTLS_API
861 on_error: 807 on_error:
862 gcry_md_close(md); 808 gcry_md_close(md);
863 return NULL; 809 return NULL;
864# endif
865# endif 810# endif
866#else /* ifdef HAVE_SIGNATURE */ 811#else /* ifdef HAVE_SIGNATURE */
867 data_base = NULL; 812 data_base = NULL;