From 511d8e86728be555a4a57e470c4f6c90b5bb8bca Mon Sep 17 00:00:00 2001
From: Gustavo Sverzut Barbieri <barbieri@gmail.com>
Date: Wed, 5 Dec 2012 23:44:45 +0000
Subject: [PATCH] efl/eet: bumped requirement for gnutls >= 2.11 thus remove
 legacy code.

SVN revision: 80287
---
 ChangeLog                |  1 +
 configure.ac             |  5 ----
 src/lib/eet/eet_cipher.c | 57 +---------------------------------------
 3 files changed, 2 insertions(+), 61 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6da5eb6bd3..4fc7c22e6c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 
 	* Removed DirectFB support (both ecore_directfb, evas and ecore_evas).
 	* Removed XRender, WinCE, X11-16 and X11-8 ecore_evas support.
+	* Bumped gnutls version requirement to >= 2.11 (released in 2010).
 
 2012-12-04  Gwanglim Lee
 
diff --git a/configure.ac b/configure.ac
index 49cf5c0313..28034f27b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -944,15 +944,10 @@ case "$build_crypto" in
       requirements_pc_eet="gnutls >= 2.11 ${requirements_pc_eet}"
       requirements_pc_deps_eet="gnutls >= 2.11 ${requirements_pc_deps_eet}"
 
-      # TODO: do we need this?
       # libgcrypt
       AC_PATH_GENERIC([libgcrypt], [], [:],
          [AC_MSG_ERROR([libgcrypt required but not found])])
       requirements_libs_eet="${LIBGCRYPT_LIBS} ${requirements_libs_eet}"
-
-      AC_DEFINE([EET_USE_NEW_GNUTLS_API], [1], [use gnutls_x509_crt_verify_hash])
-      AC_DEFINE([EET_USE_NEW_PRIVKEY_SIGN_DATA], [1], [use gnutls_privkey_sign_data])
-      AC_DEFINE([EET_USE_NEW_PUBKEY_VERIFY_HASH], [1], [use gnutls_pubkey_verify_hash])
       ;;
 
    openssl)
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index 5bd9f25d0b..ff475c639e 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -56,9 +56,7 @@ void *alloca(size_t);
 
 #ifdef HAVE_CIPHER
 # ifdef HAVE_GNUTLS
-#  if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
-#   include <gnutls/abstract.h>
-#  endif
+#  include <gnutls/abstract.h>
 #  include <gnutls/x509.h>
 #  include <gcrypt.h>
 # else /* ifdef HAVE_GNUTLS */
@@ -500,10 +498,8 @@ eet_identity_sign(FILE    *fp,
    gnutls_datum_t datum = { NULL, 0 };
    size_t sign_len = 0;
    size_t cert_len = 0;
-#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
    gnutls_datum_t signum = { NULL, 0 };
    gnutls_privkey_t privkey;
-#endif
 # else /* ifdef HAVE_GNUTLS */
    EVP_MD_CTX md_ctx;
    unsigned int sign_len = 0;
@@ -535,7 +531,6 @@ eet_identity_sign(FILE    *fp,
    datum.size = st_buf.st_size;
 
    /* Get the signature length */
-#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
    if (gnutls_privkey_init(&privkey) < 0)
      {
         err = EET_ERROR_SIGNATURE_FAILED;
@@ -556,30 +551,6 @@ eet_identity_sign(FILE    *fp,
 
    sign = signum.data;
    sign_len = signum.size;
-#else
-   if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
-                                     &datum, sign, &sign_len) &&
-       !sign_len)
-     {
-        err = EET_ERROR_SIGNATURE_FAILED;
-        goto on_error;
-     }
-
-   /* Get the signature */
-   sign = malloc(sign_len);
-   if (!sign ||
-       gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
-                                     &datum,
-                                     sign, &sign_len))
-     {
-        if (!sign)
-          err = EET_ERROR_OUT_OF_MEMORY;
-        else
-          err = EET_ERROR_SIGNATURE_FAILED;
-
-        goto on_error;
-     }
-#endif
 
    /* Get the certificate length */
    if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
@@ -725,15 +696,11 @@ eet_identity_check(const void   *data_base,
    gnutls_x509_crt_t cert;
    gnutls_datum_t datum;
    gnutls_datum_t signature;
-#  if EET_USE_NEW_GNUTLS_API
-#  if EET_USE_NEW_PUBKEY_VERIFY_HASH
    gnutls_pubkey_t pubkey;
    gnutls_digest_algorithm_t hash_algo;
-#  endif
    unsigned char *hash;
    gcry_md_hd_t md;
    int err;
-#  endif /* if EET_USE_NEW_GNUTLS_API */
 
    /* Create an understanding certificate structure for gnutls */
    datum.data = (void *)cert_der;
@@ -745,7 +712,6 @@ eet_identity_check(const void   *data_base,
    signature.size = sign_len;
 
    /* Verify the signature */
-#  if EET_USE_NEW_GNUTLS_API
    /*
       I am waiting for my patch being accepted in GnuTLS release.
       But we now have a way to prevent double computation of SHA1.
@@ -763,7 +729,6 @@ eet_identity_check(const void   *data_base,
    datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
    datum.data = hash;
 
-#  ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
    if (gnutls_pubkey_init(&pubkey) < 0)
      goto on_error;
 
@@ -775,10 +740,6 @@ eet_identity_check(const void   *data_base,
 
    if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
      goto on_error;
-#  else
-   if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
-     goto on_error;
-#  endif
 
    if (sha1)
      {
@@ -790,20 +751,6 @@ eet_identity_check(const void   *data_base,
      }
 
    gcry_md_close(md);
-#  else /* if EET_USE_NEW_GNUTLS_API */
-   datum.data = (void *)data_base;
-   datum.size = data_length;
-
-   if (!gnutls_x509_crt_verify_data(cert, 0, &datum, &signature))
-     return NULL;
-
-   if (sha1)
-     {
-        *sha1 = NULL;
-        *sha1_length = -1;
-     }
-
-#  endif /* if EET_USE_NEW_GNUTLS_API */
    gnutls_x509_crt_deinit(cert);
 
 # else /* ifdef HAVE_GNUTLS */
@@ -857,11 +804,9 @@ eet_identity_check(const void   *data_base,
 
    return cert_der;
 # ifdef HAVE_GNUTLS
-#  if EET_USE_NEW_GNUTLS_API
  on_error:
    gcry_md_close(md);
    return NULL;
-#  endif
 # endif
 #else /* ifdef HAVE_SIGNATURE */
    data_base = NULL;