noticable quality losses in the chase for speed. It will use
IFAST for quality less than 60 when encoding
-2011-12-02 Carsten Haitzler (The Rasterman)
+2011-12-02 Carsten Haitzler (The Rasterman)
1.1.0 release
-
+
2011-12-02 Mike Blumenkrantz
* added eet_file_get to return the filename of an Eet_File
* Eet_File filenames are now stringshared
* added mempool allocators
-2011-12-29 Carsten Haitzler (The Rasterman)
+2011-12-29 Carsten Haitzler (The Rasterman)
* increase eet_connection packet size to 1Mb - more reasonable.
-2012-01-07 Boris Faure (billiob)
+2012-01-07 Boris Faure (billiob)
* make eet tool write to standard output if no output file given.
-
+
+2012-02-09 Cedric Bail
+
+ * add support for GNUTLS 3.x.
+
-y##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
+##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
m4_define([v_maj], [1])
m4_define([v_min], [5])
AC_DEFINE(EET_OLD_EET_FILE_FORMAT, 0, [support old eet file format])
fi
-# Gnutls support
-
-AC_ARG_ENABLE([gnutls],
- [AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
- [want_gnutls=$enableval]
-)
-AC_MSG_CHECKING([whether to use Gnutls])
-AC_MSG_RESULT([${want_gnutls}])
-
-# Specific GNUTLS improvement
-
-new_gnutls_api="yes"
-AC_ARG_ENABLE(new-gnutls-api,
- [AC_HELP_STRING(
- [--disable-new-gnutls-api],
- [enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
- )],
- [new_gnutls_api=$enableval]
-)
-AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
-AC_MSG_RESULT([${new_gnutls_api}])
-
-if test "x${new_gnutls_api}" = "xyes" ; then
- AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
- [ new_gnutls_api="yes" ],
- [ new_gnutls_api="no" ]
- )
-
- if test "x${new_gnutls_api}" = "xyes"; then
- AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
- fi
-fi
-
# Openssl support
AC_ARG_ENABLE([openssl],
PKG_CHECK_MODULES(EINA, [eina >= 1.1.0])
requirement_eet="eina >= 1.1.0 ${requirement_eet}"
+# Gnutls support
+
+AC_ARG_ENABLE([gnutls],
+ [AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
+ [want_gnutls=$enableval]
+)
+AC_MSG_CHECKING([whether to use Gnutls])
+AC_MSG_RESULT([${want_gnutls}])
+
# Gnutls library
have_gnutls="no"
if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
fi
fi
+# Specific GNUTLS improvement
+
+new_gnutls_api="yes"
+AC_ARG_ENABLE(new-gnutls-api,
+ [AC_HELP_STRING(
+ [--disable-new-gnutls-api],
+ [enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
+ )],
+ [new_gnutls_api=$enableval]
+)
+AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
+AC_MSG_RESULT([${new_gnutls_api}])
+
+if test "x${new_gnutls_api}" = "xyes" ; then
+ tmp_CFLAGS="${CFLAGS}"
+ tmp_LIBS="${LIBS}"
+ CFLAGS="${GNUTLS_CFLAGS}"
+ LIBS="${GNUTLS_LIBS}"
+ AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
+ [ new_gnutls_api="yes" ],
+ [ new_gnutls_api="no" ]
+ )
+ CFLAGS="${tmp_CFLAGS}"
+ LIBS="${tmp_LIBS}"
+
+ if test "x${new_gnutls_api}" = "xyes"; then
+ AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
+ fi
+fi
+
+use_gnutls_privkey_sign_data="no"
+if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
+ tmp_CFLAGS="${CFLAGS}"
+ tmp_LIBS="${LIBS}"
+ CFLAGS="${GNUTLS_CFLAGS}"
+ LIBS="${GNUTLS_LIBS}"
+ AC_CHECK_LIB(gnutls, gnutls_privkey_sign_data,
+ [ use_gnutls_privkey_sign_data="yes" ],
+ [ use_gnutls_privkey_sign_data="no" ]
+ )
+ CFLAGS="${tmp_CFLAGS}"
+ LIBS="${tmp_LIBS}"
+
+ if test "x${use_gnutls_privkey_sign_data}" = "xyes"; then
+ AC_DEFINE(EET_USE_NEW_PRIVKEY_SIGN_DATA, 1, [use gnutls_privkey_sign_data])
+ fi
+fi
+AC_MSG_CHECKING([whether to use gnutls_privkey_sign_data])
+AC_MSG_RESULT([${use_gnutls_privkey_sign_data}])
+
+use_gnutls_pubkey_verify_hash="no"
+if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
+ tmp_CFLAGS="${CFLAGS}"
+ tmp_LIBS="${LIBS}"
+ CFLAGS="${GNUTLS_CFLAGS}"
+ LIBS="${GNUTLS_LIBS}"
+ AC_CHECK_LIB(gnutls, gnutls_pubkey_verify_hash,
+ [ use_gnutls_pubkey_verify_hash="yes" ],
+ [ use_gnutls_pubkey_verify_hash="no" ]
+ )
+ CFLAGS="${tmp_CFLAGS}"
+ LIBS="${tmp_LIBS}"
+
+ if test "x${use_gnutls_pubkey_verify_hash}" = "xyes"; then
+ AC_DEFINE(EET_USE_NEW_PUBKEY_VERIFY_HASH, 1, [use gnutls_pubkey_verify_hash])
+ fi
+fi
+AC_MSG_CHECKING([whether to use gnutls_pubkey_verify_hash])
+AC_MSG_RESULT([${use_gnutls_pubkey_verify_hash}])
+
# Openssl library
have_openssl="no"
if test "x${want_openssl}" = "xyes" || test "x${want_openssl}" = "xauto" ; then
#ifdef HAVE_CIPHER
# ifdef HAVE_GNUTLS
+# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
+# include <gnutls/abstract.h>
+# endif
# include <gnutls/x509.h>
# include <gcrypt.h>
# else /* ifdef HAVE_GNUTLS */
gnutls_datum_t datum = { NULL, 0 };
size_t sign_len = 0;
size_t cert_len = 0;
+#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
+ gnutls_datum_t signum = { NULL, 0 };
+ gnutls_privkey_t privkey;
+#endif
# else /* ifdef HAVE_GNUTLS */
EVP_MD_CTX md_ctx;
unsigned int sign_len = 0;
datum.size = st_buf.st_size;
/* Get the signature length */
+#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
+ if (gnutls_privkey_init(&privkey) < 0)
+ {
+ err = EET_ERROR_SIGNATURE_FAILED;
+ goto on_error;
+ }
+
+ if (gnutls_privkey_import_x509(privkey, key->private_key, 0) < 0)
+ {
+ err = EET_ERROR_SIGNATURE_FAILED;
+ goto on_error;
+ }
+
+ if (gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &datum, &signum) < 0)
+ {
+ err = EET_ERROR_SIGNATURE_FAILED;
+ goto on_error;
+ }
+
+ sign = signum.data;
+ sign_len = signum.size;
+#else
if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
&datum, sign, &sign_len) &&
!sign_len)
goto on_error;
}
+#endif
/* Get the certificate length */
if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
gnutls_datum_t datum;
gnutls_datum_t signature;
# if EET_USE_NEW_GNUTLS_API
+# if EET_USE_NEW_PUBKEY_VERIFY_HASH
+ gnutls_pubkey_t pubkey;
+ gnutls_digest_algorithm_t hash_algo;
+# endif
unsigned char *hash;
gcry_md_hd_t md;
int err;
hash = gcry_md_read(md, GCRY_MD_SHA1);
if (!hash)
- {
- gcry_md_close(md);
- return NULL;
- }
+ goto on_error;
datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
datum.data = hash;
+# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
+ if (gnutls_pubkey_init(&pubkey) < 0)
+ goto on_error;
+
+ if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
+ goto on_error;
+
+ if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
+ goto on_error;
+
+ if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
+ goto on_error;
+# else
if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
- {
- gcry_md_close(md);
- return NULL;
- }
+ goto on_error;
+# endif
if (sha1)
{
*sha1 = malloc(datum.size);
- if (!*sha1)
- {
- gcry_md_close(md);
- return NULL;
- }
+ if (!*sha1) goto on_error;
memcpy(*sha1, hash, datum.size);
*sha1_length = datum.size;
*raw_signature_length = sign_len;
return cert_der;
+# ifdef HAVE_GNUTLS
+ on_error:
+ gcry_md_close(md);
+ return NULL;
+# endif
#else /* ifdef HAVE_SIGNATURE */
data_base = NULL;
data_length = 0;
projects / framework / uifw / eet.git / commitdiff