[Pkg-gnutls-commits] r1227 - in /packages/gnutls26/trunk/debian: changelog patches/23_deinit_privkey.diff patches/series
ametzler at users.alioth.debian.org
ametzler at users.alioth.debian.org
Sun Aug 28 06:54:33 UTC 2011
Author: ametzler
Date: Sun Aug 28 06:54:32 2011
New Revision: 1227
URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1227
Log:
[23_deinit_privkey.diff] gnutls_certificate_set_x509_key() and
gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
release of the private key during the lifetime of the certificate
structure. Closes: #638595
Added:
packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff
Modified:
packages/gnutls26/trunk/debian/changelog
packages/gnutls26/trunk/debian/patches/series
Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=1227&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Sun Aug 28 06:54:32 2011
@@ -5,6 +5,10 @@
libgnutls26-dbg and libgnutls28-dbg are not co-installable. Add Conflicts.
* [24_XmppAddr-UTF8String.diff] Correct parsing of XMPP subject
alternative names. Closes: #638586
+ * [23_deinit_privkey.diff] gnutls_certificate_set_x509_key() and
+ gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
+ release of the private key during the lifetime of the certificate
+ structure. Closes: #638595
-- Andreas Metzler <ametzler at debian.org> Mon, 22 Aug 2011 19:33:34 +0200
Added: packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff?rev=1227&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff (added)
+++ packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff Sun Aug 28 06:54:32 2011
@@ -1,0 +1,208 @@
+From c4a8f333fc118ac454906e6ef056789b4069e4d2 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Sat, 27 Aug 2011 20:20:43 +0200
+Subject: [PATCH] gnutls_certificate_set_x509_key() and
+ gnutls_certificate_set_openpgp_key() operate as in gnutls
+ 2.10.x and do not require to hold the structures.
+Bug-Debian: http://bugs.debian.org/638595
+
+--- gnutls26-2.12.7.orig/lib/gnutls_privkey.c
++++ gnutls26-2.12.7/lib/gnutls_privkey.c
+@@ -266,7 +266,7 @@ gnutls_privkey_init (gnutls_privkey_t *
+ void
+ gnutls_privkey_deinit (gnutls_privkey_t key)
+ {
+- if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
++ if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+ switch (key->type)
+ {
+ #ifdef ENABLE_OPENPGP
+@@ -322,6 +322,9 @@ int ret;
+ return ret;
+ }
+
++ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
++ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
+ pkey->key.pkcs11 = key;
+ pkey->type = GNUTLS_PRIVKEY_PKCS11;
+ pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
+@@ -358,7 +361,22 @@ int ret;
+ return ret;
+ }
+
+- pkey->key.x509 = key;
++ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
++ {
++ ret = gnutls_x509_privkey_init(&pkey->key.x509);
++ if (ret < 0)
++ return gnutls_assert_val(ret);
++
++ ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
++ if (ret < 0)
++ {
++ gnutls_x509_privkey_deinit(pkey->key.x509);
++ return gnutls_assert_val(ret);
++ }
++ }
++ else
++ pkey->key.x509 = key;
++
+ pkey->type = GNUTLS_PRIVKEY_X509;
+ pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
+ pkey->flags = flags;
+@@ -398,7 +416,22 @@ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]
+ return ret;
+ }
+
+- pkey->key.openpgp = key;
++ if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
++ {
++ ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
++ if (ret < 0)
++ return gnutls_assert_val(ret);
++
++ ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
++ if (ret < 0)
++ {
++ gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
++ return gnutls_assert_val(ret);
++ }
++ }
++ else
++ pkey->key.openpgp = key;
++
+ pkey->type = GNUTLS_PRIVKEY_OPENPGP;
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+--- gnutls26-2.12.7.orig/lib/gnutls_x509.c
++++ gnutls26-2.12.7/lib/gnutls_x509.c
+@@ -894,7 +894,7 @@ gnutls_certificate_set_x509_key (gnutls_
+ return ret;
+ }
+
+- ret = gnutls_privkey_import_x509 (pkey, key, 0);
++ ret = gnutls_privkey_import_x509 (pkey, key, GNUTLS_PRIVKEY_IMPORT_COPY);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+--- gnutls26-2.12.7.orig/lib/x509/x509.c
++++ gnutls26-2.12.7/lib/x509/x509.c
+@@ -84,7 +84,7 @@ int
+ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
+ {
+ int ret;
+- size_t der_size;
++ size_t der_size = 0;
+ opaque *der;
+ gnutls_datum_t tmp;
+
+@@ -123,7 +123,6 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t
+ }
+
+ return 0;
+-
+ }
+
+ /**
+--- gnutls26-2.12.7.orig/lib/includes/gnutls/abstract.h
++++ gnutls26-2.12.7/lib/includes/gnutls/abstract.h
+@@ -101,7 +101,8 @@ gnutls_privkey_get_preferred_hash_algori
+ gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
+
+
+-#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1
++#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
++#define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
+ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags);
+--- gnutls26-2.12.7.orig/lib/openpgp/privkey.c
++++ gnutls26-2.12.7/lib/openpgp/privkey.c
+@@ -75,6 +75,55 @@ gnutls_openpgp_privkey_deinit (gnutls_op
+ gnutls_free (key);
+ }
+
++/*-
++ * _gnutls_openpgp_privkey_cpy - This function copies a gnutls_openpgp_privkey_t structure
++ * @dest: The structure where to copy
++ * @src: The structure to be copied
++ *
++ * This function will copy an X.509 certificate structure.
++ *
++ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
++ * negative error value.
++ -*/
++int
++_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src)
++{
++ int ret;
++ size_t der_size=0;
++ opaque *der;
++ gnutls_datum_t tmp;
++
++ ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, NULL, &der_size);
++ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
++ return gnutls_assert_val(ret);
++
++ der = gnutls_malloc (der_size);
++ if (der == NULL)
++ return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++
++ ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, der, &der_size);
++ if (ret < 0)
++ {
++ gnutls_assert ();
++ gnutls_free (der);
++ return ret;
++ }
++
++ tmp.data = der;
++ tmp.size = der_size;
++ ret = gnutls_openpgp_privkey_import (dest, &tmp, GNUTLS_OPENPGP_FMT_RAW, NULL, 0);
++
++ gnutls_free (der);
++
++ if (ret < 0)
++ return gnutls_assert_val(ret);
++
++ memcpy(dest->preferred_keyid, src->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
++ dest->preferred_set = src->preferred_set;
++
++ return 0;
++}
++
+ /**
+ * gnutls_openpgp_privkey_sec_param:
+ * @key: a key structure
+--- gnutls26-2.12.7.orig/lib/openpgp/gnutls_openpgp.c
++++ gnutls26-2.12.7/lib/openpgp/gnutls_openpgp.c
+@@ -152,7 +152,7 @@ gnutls_certificate_set_openpgp_key (gnut
+
+ ret =
+ gnutls_privkey_import_openpgp (privkey, pkey,
+- GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
++ GNUTLS_PRIVKEY_IMPORT_COPY);
+ if (ret < 0)
+ {
+ gnutls_privkey_deinit (privkey);
+@@ -431,6 +431,7 @@ gnutls_certificate_set_openpgp_key_mem2
+ ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
+
+ gnutls_openpgp_crt_deinit (crt);
++ gnutls_openpgp_privkey_deinit (pkey);
+
+ return ret;
+ }
+--- gnutls26-2.12.7.orig/lib/openpgp/gnutls_openpgp.h
++++ gnutls26-2.12.7/lib/openpgp/gnutls_openpgp.h
+@@ -34,6 +34,9 @@ _gnutls_openpgp_raw_privkey_to_gkey (gnu
+ const gnutls_datum_t * raw_key);
+
+ int
++_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src);
++
++int
+ _gnutls_openpgp_request_key (gnutls_session_t,
+ gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
Modified: packages/gnutls26/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/series?rev=1227&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/patches/series (original)
+++ packages/gnutls26/trunk/debian/patches/series Sun Aug 28 06:54:32 2011
@@ -5,4 +5,5 @@
20_gcrypt15compat.diff
21_gnutls-cli.man.diff
22_export_gnutls_openpgp_privkey_sign_hash.diff
+23_deinit_privkey.diff
24_XmppAddr-UTF8String.diff
More information about the Pkg-gnutls-commits
mailing list