[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-62-gc829824
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-62-gc829824 |
|
Date: |
Sun, 16 Jan 2011 00:55:06 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c82982437256db0a95f2daa28a3cfa0575f84fef
The branch, master has been updated
via c82982437256db0a95f2daa28a3cfa0575f84fef (commit)
via 352a55078575b900000ede2248726372f76868ac (commit)
from 8f84ab9807a41049a2cd993f03bef41119c0834c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c82982437256db0a95f2daa28a3cfa0575f84fef
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 16 01:54:21 2011 +0100
Reverted removal of gnutls_openpgp_privkey_sign_hash() to retain
compatibility with 2.10.x. That function is now deprecated instead.
commit 352a55078575b900000ede2248726372f76868ac
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Jan 16 01:46:20 2011 +0100
Added checks before importing keys and updated documentation.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 +++----
lib/gnutls_privkey.c | 49 +++++++++++++++++++++++++++++++++++++++++-
lib/includes/gnutls/compat.h | 10 ++++++-
lib/openpgp/privkey.c | 4 +-
4 files changed, 62 insertions(+), 10 deletions(-)
diff --git a/NEWS b/NEWS
index 773a4fc..ca94e43 100644
--- a/NEWS
+++ b/NEWS
@@ -53,11 +53,10 @@ gnutls_x509_crt_verify_hash: DEPRECATED (use:
gnutls_pubkey_verify_hash)
gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
gnutls_x509_crt_get_verify_algorithm: DEPRECATED (use:
gnutls_pubkey_get_verify_algorithm)
gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED (use:
gnutls_pubkey_get_preferred_hash_algorithm)
-gnutls_openpgp_privkey_sign_hash: REMOVED
-gnutls_openpgp_privkey_decrypt_data: REMOVED
-gnutls_pkcs11_privkey_sign_hash: REMOVED
-gnutls_pkcs11_privkey_decrypt_data: REMOVED
-gnutls_privkey_sign_hash: REMOVED
+gnutls_openpgp_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2)
+gnutls_pkcs11_privkey_sign_hash: REMOVED (was added in 2.11.0)
+gnutls_pkcs11_privkey_decrypt_data: REMOVED (was added in 2.11.0)
+gnutls_privkey_sign_hash: REMOVED (was added in 2.11.0)
* Version 2.11.6 (released 2010-12-06)
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 042b598..083ce11 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -282,6 +282,16 @@ gnutls_privkey_deinit (gnutls_privkey_t key)
gnutls_free (key);
}
+/* will fail if the private key contains an actual key.
+ */
+static int check_if_clean(gnutls_privkey_t key)
+{
+ if (key->type != 0)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ return 0;
+}
+
/**
* gnutls_privkey_import_pkcs11:
* @pkey: The private key
@@ -291,6 +301,9 @@ gnutls_privkey_deinit (gnutls_privkey_t key)
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
+ * The #gnutls_pkcs11_privkey_t object must not be deallocated
+ * during the lifetime of this structure.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
@@ -298,6 +311,15 @@ int
gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
gnutls_pkcs11_privkey_t key, unsigned int flags)
{
+int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
pkey->key.pkcs11 = key;
pkey->type = GNUTLS_PRIVKEY_PKCS11;
pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
@@ -315,6 +337,9 @@ gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
+ * The #gnutls_x509_privkey_t object must not be deallocated
+ * during the lifetime of this structure.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
@@ -322,6 +347,15 @@ int
gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
gnutls_x509_privkey_t key, unsigned int flags)
{
+int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
pkey->key.x509 = key;
pkey->type = GNUTLS_PRIVKEY_X509;
pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
@@ -340,6 +374,9 @@ gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
* This function will import the given private key to the abstract
* #gnutls_privkey_t structure.
*
+ * The #gnutls_openpgp_privkey_t object must not be deallocated
+ * during the lifetime of this structure.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
@@ -348,6 +385,15 @@ gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
gnutls_openpgp_privkey_t key,
unsigned int flags)
{
+int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
pkey->key.openpgp = key;
pkey->type = GNUTLS_PRIVKEY_OPENPGP;
pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
@@ -493,7 +539,7 @@ _gnutls_privkey_sign_hash (gnutls_privkey_t key,
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
- return _gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
+ return gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
hash, signature);
#endif
case GNUTLS_PRIVKEY_PKCS11:
@@ -554,3 +600,4 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
}
+
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 51d304c..f283f8f 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -222,10 +222,16 @@ gnutls_sign_callback_get (gnutls_session_t session, void
**userdata)
/* This is a very dangerous and error-prone function.
* Use gnutls_privkey_sign_hash2() instead.
*/
- int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
+ int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
- _GNUTLS_GCC_ATTR_DEPRECATED;
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
/* Deprecated because verify_* functions are moved to public
* keys. Check abstract.h for similar functionality.
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index b727635..2ebcb99 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -1226,7 +1226,7 @@ gnutls_openpgp_privkey_set_preferred_key_id
(gnutls_openpgp_privkey_t key,
}
/*-
- * _gnutls_openpgp_privkey_sign_hash:
+ * gnutls_openpgp_privkey_sign_hash:
* @key: Holds the key
* @hash: holds the data to be signed
* @signature: will contain newly allocated signature
@@ -1239,7 +1239,7 @@ gnutls_openpgp_privkey_set_preferred_key_id
(gnutls_openpgp_privkey_t key,
* negative error value.
-*/
int
-_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
{
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-62-gc829824,
Nikos Mavrogiannopoulos <=