[Pkg-gnutls-commits] r1227 - in /packages/gnutls26/trunk/debian: changelog patches/23_deinit_privkey.diff patches/series

ametzler at users.alioth.debian.org ametzler at users.alioth.debian.org
Sun Aug 28 06:54:33 UTC 2011 

Author: ametzler
Date: Sun Aug 28 06:54:32 2011
New Revision: 1227

URL: http://svn.debian.org/wsvn/pkg-gnutls/?sc=1&rev=1227
Log:
[23_deinit_privkey.diff] gnutls_certificate_set_x509_key() and
gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
release of the private key during the lifetime of the certificate
structure. Closes: #638595

Added:
    packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff
Modified:
    packages/gnutls26/trunk/debian/changelog
    packages/gnutls26/trunk/debian/patches/series

Modified: packages/gnutls26/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/changelog?rev=1227&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/changelog (original)
+++ packages/gnutls26/trunk/debian/changelog Sun Aug 28 06:54:32 2011
@@ -5,6 +5,10 @@
     libgnutls26-dbg and libgnutls28-dbg are not co-installable. Add Conflicts.
   * [24_XmppAddr-UTF8String.diff] Correct parsing of XMPP subject
     alternative names. Closes: #638586
+  * [23_deinit_privkey.diff] gnutls_certificate_set_x509_key() and
+    gnutls_certificate_set_openpgp_key() operate as in 2.10.x and allow the
+    release of the private key during the lifetime of the certificate
+    structure. Closes: #638595
 
  -- Andreas Metzler <ametzler at debian.org>  Mon, 22 Aug 2011 19:33:34 +0200
 

Added: packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff?rev=1227&op=file
==============================================================================
--- packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff (added)
+++ packages/gnutls26/trunk/debian/patches/23_deinit_privkey.diff Sun Aug 28 06:54:32 2011
@@ -1,0 +1,208 @@
+From c4a8f333fc118ac454906e6ef056789b4069e4d2 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at gnutls.org>
+Date: Sat, 27 Aug 2011 20:20:43 +0200
+Subject: [PATCH] gnutls_certificate_set_x509_key() and
+ gnutls_certificate_set_openpgp_key() operate as in gnutls
+ 2.10.x and do not require to hold the structures.
+Bug-Debian: http://bugs.debian.org/638595
+
+--- gnutls26-2.12.7.orig/lib/gnutls_privkey.c
++++ gnutls26-2.12.7/lib/gnutls_privkey.c
+@@ -266,7 +266,7 @@ gnutls_privkey_init (gnutls_privkey_t *
+ void
+ gnutls_privkey_deinit (gnutls_privkey_t key)
+ {
+-  if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
++  if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE || key->flags & GNUTLS_PRIVKEY_IMPORT_COPY)
+     switch (key->type)
+       {
+ #ifdef ENABLE_OPENPGP
+@@ -322,6 +322,9 @@ int ret;
+       return ret;
+     }
+ 
++  if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
++    return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
++
+   pkey->key.pkcs11 = key;
+   pkey->type = GNUTLS_PRIVKEY_PKCS11;
+   pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
+@@ -358,7 +361,22 @@ int ret;
+       return ret;
+     }
+ 
+-  pkey->key.x509 = key;
++  if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
++    {
++      ret = gnutls_x509_privkey_init(&pkey->key.x509);
++      if (ret < 0)
++        return gnutls_assert_val(ret);
++      
++      ret = gnutls_x509_privkey_cpy(pkey->key.x509, key);
++      if (ret < 0)
++        {
++          gnutls_x509_privkey_deinit(pkey->key.x509);
++          return gnutls_assert_val(ret);
++        }
++    }
++  else
++    pkey->key.x509 = key;
++
+   pkey->type = GNUTLS_PRIVKEY_X509;
+   pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
+   pkey->flags = flags;
+@@ -398,7 +416,22 @@ uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]
+       return ret;
+     }
+ 
+-  pkey->key.openpgp = key;
++  if (flags & GNUTLS_PRIVKEY_IMPORT_COPY)
++    {
++      ret = gnutls_openpgp_privkey_init(&pkey->key.openpgp);
++      if (ret < 0)
++        return gnutls_assert_val(ret);
++      
++      ret = _gnutls_openpgp_privkey_cpy(pkey->key.openpgp, key);
++      if (ret < 0)
++        {
++          gnutls_openpgp_privkey_deinit(pkey->key.openpgp);
++          return gnutls_assert_val(ret);
++        }
++    }
++  else
++    pkey->key.openpgp = key;
++
+   pkey->type = GNUTLS_PRIVKEY_OPENPGP;
+   
+   ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+--- gnutls26-2.12.7.orig/lib/gnutls_x509.c
++++ gnutls26-2.12.7/lib/gnutls_x509.c
+@@ -894,7 +894,7 @@ gnutls_certificate_set_x509_key (gnutls_
+       return ret;
+     }
+ 
+-  ret = gnutls_privkey_import_x509 (pkey, key, 0);
++  ret = gnutls_privkey_import_x509 (pkey, key, GNUTLS_PRIVKEY_IMPORT_COPY);
+   if (ret < 0)
+     {
+       gnutls_assert ();
+--- gnutls26-2.12.7.orig/lib/x509/x509.c
++++ gnutls26-2.12.7/lib/x509/x509.c
+@@ -84,7 +84,7 @@ int
+ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
+ {
+   int ret;
+-  size_t der_size;
++  size_t der_size = 0;
+   opaque *der;
+   gnutls_datum_t tmp;
+ 
+@@ -123,7 +123,6 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t
+     }
+ 
+   return 0;
+-
+ }
+ 
+ /**
+--- gnutls26-2.12.7.orig/lib/includes/gnutls/abstract.h
++++ gnutls26-2.12.7/lib/includes/gnutls/abstract.h
+@@ -101,7 +101,8 @@ gnutls_privkey_get_preferred_hash_algori
+ gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
+ 
+ 
+-#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1
++#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE (1<<0)
++#define GNUTLS_PRIVKEY_IMPORT_COPY (1<<1)
+ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
+                                   gnutls_pkcs11_privkey_t key,
+                                   unsigned int flags);
+--- gnutls26-2.12.7.orig/lib/openpgp/privkey.c
++++ gnutls26-2.12.7/lib/openpgp/privkey.c
+@@ -75,6 +75,55 @@ gnutls_openpgp_privkey_deinit (gnutls_op
+   gnutls_free (key);
+ }
+ 
++/*-
++ * _gnutls_openpgp_privkey_cpy - This function copies a gnutls_openpgp_privkey_t structure
++ * @dest: The structure where to copy
++ * @src: The structure to be copied
++ *
++ * This function will copy an X.509 certificate structure.
++ *
++ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
++ *   negative error value.
++ -*/
++int
++_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src)
++{
++  int ret;
++  size_t der_size=0;
++  opaque *der;
++  gnutls_datum_t tmp;
++
++  ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, NULL, &der_size);
++  if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
++    return gnutls_assert_val(ret);
++
++  der = gnutls_malloc (der_size);
++  if (der == NULL)
++    return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
++
++  ret = gnutls_openpgp_privkey_export (src, GNUTLS_OPENPGP_FMT_RAW, NULL, 0, der, &der_size);
++  if (ret < 0)
++    {
++      gnutls_assert ();
++      gnutls_free (der);
++      return ret;
++    }
++
++  tmp.data = der;
++  tmp.size = der_size;
++  ret = gnutls_openpgp_privkey_import (dest, &tmp, GNUTLS_OPENPGP_FMT_RAW, NULL, 0);
++
++  gnutls_free (der);
++
++  if (ret < 0)
++    return gnutls_assert_val(ret);
++
++  memcpy(dest->preferred_keyid, src->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
++  dest->preferred_set = src->preferred_set;
++
++  return 0;
++}
++
+ /**
+  * gnutls_openpgp_privkey_sec_param:
+  * @key: a key structure
+--- gnutls26-2.12.7.orig/lib/openpgp/gnutls_openpgp.c
++++ gnutls26-2.12.7/lib/openpgp/gnutls_openpgp.c
+@@ -152,7 +152,7 @@ gnutls_certificate_set_openpgp_key (gnut
+   
+   ret =
+     gnutls_privkey_import_openpgp (privkey, pkey,
+-                                   GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
++                                   GNUTLS_PRIVKEY_IMPORT_COPY);
+   if (ret < 0)
+     {
+       gnutls_privkey_deinit (privkey);
+@@ -431,6 +431,7 @@ gnutls_certificate_set_openpgp_key_mem2
+   ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
+ 
+   gnutls_openpgp_crt_deinit (crt);
++  gnutls_openpgp_privkey_deinit (pkey);
+ 
+   return ret;
+ }
+--- gnutls26-2.12.7.orig/lib/openpgp/gnutls_openpgp.h
++++ gnutls26-2.12.7/lib/openpgp/gnutls_openpgp.h
+@@ -34,6 +34,9 @@ _gnutls_openpgp_raw_privkey_to_gkey (gnu
+                                      const gnutls_datum_t * raw_key);
+ 
+ int
++_gnutls_openpgp_privkey_cpy (gnutls_openpgp_privkey_t dest, gnutls_openpgp_privkey_t src);
++
++int
+ _gnutls_openpgp_request_key (gnutls_session_t,
+                              gnutls_datum_t * ret,
+                              const gnutls_certificate_credentials_t cred,

Modified: packages/gnutls26/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/series?rev=1227&op=diff
==============================================================================
--- packages/gnutls26/trunk/debian/patches/series (original)
+++ packages/gnutls26/trunk/debian/patches/series Sun Aug 28 06:54:32 2011
@@ -5,4 +5,5 @@
 20_gcrypt15compat.diff
 21_gnutls-cli.man.diff
 22_export_gnutls_openpgp_privkey_sign_hash.diff
+23_deinit_privkey.diff
 24_XmppAddr-UTF8String.diff

More information about the Pkg-gnutls-commits mailing list