diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | doc/tex/ex-pgp-keyserver.tex | 99 | ||||
| -rw-r--r-- | lib/auth_cert.c | 2 | ||||
| -rw-r--r-- | libextra/gnutls_extra.h | 3 | ||||
| -rw-r--r-- | libextra/gnutls_openpgp.c | 70 | ||||
| -rw-r--r-- | libextra/gnutls_openpgp.h | 1 |
6 files changed, 39 insertions, 140 deletions
@@ -5,10 +5,12 @@ Version 0.5.12 - Added the certificate authenticated SRP cipher suites. - gnutls_x509_extract_certificate_dn_string() was updated to return an RFC2253 conforming string. -- Added the functions: +- Added the SRP related functions: gnutls_srp_verifier() gnutls_srp_base64_encode() gnutls_srp_base64_decode() +- Added the function gnutls_openpgp_set_recv_key_function() + which can be used to set a callback, to get OpenPGP keys. Version 0.5.11 (5/11/2002) - Some fixes in 'gnutls-cli' client program to prevent some segmentation diff --git a/doc/tex/ex-pgp-keyserver.tex b/doc/tex/ex-pgp-keyserver.tex index abcaae8b66..4d55e36699 100644 --- a/doc/tex/ex-pgp-keyserver.tex +++ b/doc/tex/ex-pgp-keyserver.tex @@ -24,15 +24,9 @@ int recv_openpgp_key(const unsigned char *keyfpr, unsigned int keyfpr_length, gnutls_datum * key) { - CDK_STREAM buf = NULL; - struct hostent *hp; - struct sockaddr_in sock; - char *request = NULL; - char buffer[4096]; - int fd = -1; - int rc = -1, state = 0, nread = 0; - size_t nbytes = 0, n = 0; const unsigned char *keyid; + int rc; + CDK_KBNODE knode = NULL; /* The key fingerprint should be 20 bytes */ @@ -47,88 +41,17 @@ recv_openpgp_key(const unsigned char *keyfpr, unsigned int return -1; } - /* Connect to the key server - */ - hp = gethostbyname(hostname); - if (hp == NULL) - return -1; - - memset(&sock, 0, sizeof sock); - memcpy(&sock.sin_addr, hp->h_addr, hp->h_length); - sock.sin_family = hp->h_addrtype; - sock.sin_port = htons(port); - - fd = socket(AF_INET, SOCK_STREAM, 0); - if (fd == -1) - return -1; - - setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *) 1, 1); - if (connect(fd, (struct sockaddr *) &sock, sizeof sock) == -1) { - close(fd); - return -1; - } - - n = strlen(hostname) + 100; - request = cdk_calloc(1, n + 1); - if (!request) { - close(fd); - return -1; - } - snprintf(request, n, - "GET /pks/lookup?op=get&search=0x%08lX HTTP/1.0\r\n" - "Host: %s:%d\r\n\r\n", *((unsigned int *) keyid), host, port); - - if (write(fd, request, strlen(request)) == -1) { - cdk_free(request); - close(fd); - return -1; - } - cdk_free(request); - - buf = cdk_stream_tmp(); - if (!buf) { - rc = -1; - goto leave; - } - - while ((n = read(fd, buffer, sizeof buffer - 1)) > 0) { - buffer[n] = '\0'; - nbytes += n; - cdk_stream_write(buf, buffer, n); - if (strstr(buffer, "<pre>") || strstr(buffer, "</pre>")) - state++; - } - - if (state != 2) { - rc = -1; - goto leave; - } - - key->data = NULL; - key->size = 0; - - cdk_stream_set_armor_flag(buf, 0); - cdk_stream_seek(buf, 0); - while (!cdk_stream_eof(buf)) { - nread = cdk_stream_read(buf, buf, sizeof buf - 1); - if (nread == EOF) - break; - key->data = realloc(key->data, key->size + nread); - if (key->data == NULL) { - rc = -1; - goto leave; - } - - memcpy(&key->data[key->size], buf, nread); - key->size += nread; + rc = cdk_keyserver_recv_key( hostname, port, keyid, &knode ); + if( !rc ) { + unsigned char *buf = cdk_calloc( 1, 20001 ); + size_t len = 20000; + cdk_kbnode_write_to_mem( knode, buf, &len); + datum_append( key, buf, len ); + cdk_free( buf ); } + cdk_kbnode_release( knode ); + return map_cdk_rc( rc ); - rc = 0; - - leave: - cdk_stream_close(buf); - close(fd); - return rc; } diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 5c5774336f..6c3845d201 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -866,7 +866,7 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session, gnutls_assert(); return GNUTLS_E_INIT_LIBEXTRA; } - if ( (ret=_E_gnutls_openpgp_request_key( &akey, cred, p, 20)) < 0) { + if ( (ret=_E_gnutls_openpgp_request_key( session, &akey, cred, p, 20)) < 0) { gnutls_assert(); return ret; } diff --git a/libextra/gnutls_extra.h b/libextra/gnutls_extra.h index e1f6d67bdc..51676ed806 100644 --- a/libextra/gnutls_extra.h +++ b/libextra/gnutls_extra.h @@ -4,6 +4,7 @@ typedef int (*OPENPGP_VERIFY_KEY_FUNC)( const char *, const gnutls_datum *, const gnutls_datum*, int); typedef time_t (*OPENPGP_KEY_CREATION_TIME_FUNC)( const gnutls_datum*); typedef time_t (*OPENPGP_KEY_EXPIRATION_TIME_FUNC)( const gnutls_datum*); -typedef int (*OPENPGP_KEY_REQUEST)(gnutls_datum*, const gnutls_certificate_credentials, opaque*,int); +typedef int (*OPENPGP_KEY_REQUEST)(gnutls_session, gnutls_datum*, + const gnutls_certificate_credentials, opaque*,int); typedef int (*OPENPGP_FINGERPRINT)(const gnutls_datum*, unsigned char*, size_t*); typedef int (*OPENPGP_CERT2GNUTLS_CERT)(gnutls_cert*, gnutls_datum); diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index 9ac0ac9385..91e2015237 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002 Timo Schulz <twoaday@freakmail.de> + * Copyright (C) 2002 Timo Schulz <twoaday@freakmail.de> * * This file is part of GNUTLS. * @@ -300,12 +300,12 @@ openpgp_pk_to_gnutls_cert( gnutls_cert *cert, cdkPKT_public_key *pk ) cert->cert_type = GNUTLS_CRT_OPENPGP; if( is_DSA(pk->pubkey_algo) || pk->pubkey_algo == GCRY_PK_RSA_S ) - cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE; + cert->keyUsage = KEY_DIGITAL_SIGNATURE; else if( pk->pubkey_algo == GCRY_PK_RSA_E ) - cert->keyUsage = GNUTLS_X509KEY_ENCIPHER_ONLY; + cert->keyUsage = KEY_ENCIPHER_ONLY; else if( pk->pubkey_algo == GCRY_PK_RSA ) - cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE - | GNUTLS_X509KEY_ENCIPHER_ONLY; + cert->keyUsage = KEY_DIGITAL_SIGNATURE + | KEY_ENCIPHER_ONLY; cert->params_size = cdk_pk_get_npkey( pk->pubkey_algo ); for( i = 0; i < cert->params_size; i++ ) { @@ -1377,36 +1377,6 @@ gnutls_certificate_set_openpgp_keyring_mem( gnutls_certificate_credentials c, return rc; } - -/*- - * gnutls_openpgp_recv_key - Receives a key from a HKP keyserver. - * @host - the hostname of the keyserver. - * @port - the service port (if not set use 11371). - * @keyid - The 32-bit keyID (rightmost bits keyid[1]) - * @key - Context to store the raw (dearmored) key. - * - * Try to connect to a public keyserver to get the specified key. - -*/ -int -gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid, - gnutls_datum *key) -{ - int rc; - CDK_KBNODE knode = NULL; - - rc = cdk_keyserver_recv_key( host, port, &keyid, &knode ); - if( !rc ) { - unsigned char *buf = cdk_calloc( 1, 20001 ); - size_t len = 20000; - cdk_kbnode_write_to_mem( knode, buf, &len); - datum_append( key, buf, len ); - cdk_free( buf ); - } - cdk_kbnode_release( knode ); - return map_cdk_rc( rc ); -} - - /*- * _gnutls_openpgp_request_key - Receives a key from a database, key server etc * @ret - a pointer to gnutls_datum structure. @@ -1419,12 +1389,11 @@ gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid, * -*/ int -_gnutls_openpgp_request_key( gnutls_datum* ret, +_gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret, const gnutls_certificate_credentials cred, opaque* key_fpr, int key_fpr_size) { - uint32 keyid; int rc = 0; if( !ret || !cred || !key_fpr ) { @@ -1436,18 +1405,21 @@ _gnutls_openpgp_request_key( gnutls_datum* ret, return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */ rc = gnutls_openpgp_get_key( ret, &cred->keyring, KEY_ATTR_FPR, key_fpr ); - if( rc >= 0 ) + if( rc >= 0 ) /* key was found */ return rc; + else rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - keyid = buftou32( key_fpr + (key_fpr_size - 4) ); - - /* fixme: we should use the internal callback. */ - rc = gnutls_openpgp_recv_key( cred->pgp_key_server, - cred->pgp_key_server_port, - keyid, ret ); - - if( rc == GNUTLS_E_INVALID_REQUEST ) - return GNUTLS_E_OPENPGP_GETKEY_FAILED; + /* If the callback function was set, then try this one. + */ + if (session->internals.openpgp_recv_key_func != NULL) { + rc = session->internals.openpgp_recv_key_func( session, + key_fpr, key_fpr_size, ret); + + if (rc < 0) { + gnutls_assert(); + return GNUTLS_E_OPENPGP_GETKEY_FAILED; + } + } return rc; } @@ -1645,7 +1617,7 @@ xml_add_key( gnutls_string *xmlkey, int ext, cdkPKT_public_key *pk, int sub ) return rc; if( pk->expiredate > 0 ) { - sprintf( tmp, "%lu", pk->expiredate ); + sprintf( tmp, "%lu", (unsigned long)pk->expiredate ); rc = xml_add_tag( xmlkey, "EXPIREDATE", tmp ); if( rc ) return rc; @@ -2035,7 +2007,7 @@ gnutls_certificate_set_openpgp_keyring_mem( gnutls_certificate_credentials c, } int -_gnutls_openpgp_request_key( gnutls_datum* ret, +_gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret, const gnutls_certificate_credentials cred, opaque* key_fpr, int key_fpr_size ) diff --git a/libextra/gnutls_openpgp.h b/libextra/gnutls_openpgp.h index 2128136ec5..4260cb9411 100644 --- a/libextra/gnutls_openpgp.h +++ b/libextra/gnutls_openpgp.h @@ -97,6 +97,7 @@ int _gnutls_openpgp_cert2gnutls_cert( int _gnutls_openpgp_request_key( + gnutls_session, gnutls_datum* ret, const gnutls_certificate_credentials cred, opaque* key_fpr, |