diff options
| -rw-r--r-- | configure.ac | 1 | ||||
| -rwxr-xr-x | devel/import-ecc-from-nettle.sh | 8 | ||||
| -rw-r--r-- | lib/includes/gnutls/abstract.h | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/compat.h | 6 | ||||
| -rw-r--r-- | lib/includes/gnutls/crypto.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/dtls.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutlsxx.h | 6 | ||||
| -rw-r--r-- | lib/includes/gnutls/ocsp.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/openpgp.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/pkcs11.h | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/pkcs12.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/pkcs7.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/self-test.h | 6 | ||||
| -rw-r--r-- | lib/includes/gnutls/socket.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/system-keys.h | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/tpm.h | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/urls.h | 7 | ||||
| -rw-r--r-- | lib/includes/gnutls/x509-ext.h | 3 | ||||
| -rw-r--r-- | lib/includes/gnutls/x509.h | 3 | ||||
| -rw-r--r-- | src/certtool.c | 3 | ||||
| -rw-r--r-- | src/common.c | 9 |
22 files changed, 68 insertions, 40 deletions
diff --git a/configure.ac b/configure.ac index a46d85d070..feef89dd76 100644 --- a/configure.ac +++ b/configure.ac @@ -1175,7 +1175,6 @@ AC_SUBST(LIBGNUTLS_CFLAGS) AM_CONDITIONAL(NEEDS_LIBRT, test "$gnutls_needs_librt" = "yes") -AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.]) AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.]) AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename]) diff --git a/devel/import-ecc-from-nettle.sh b/devel/import-ecc-from-nettle.sh index da121786dd..2ce6285d39 100755 --- a/devel/import-ecc-from-nettle.sh +++ b/devel/import-ecc-from-nettle.sh @@ -202,7 +202,13 @@ for f in $IMPORTS; do ;; */ecc-random.c ) sed \ - -e 's/"nettle-internal\.h"/"nettle-alloca.h"/' \ + -e '/^#include "nettle-internal\.h"/ { i\ +#include "nettle-alloca.h"\ +\ +void gnutls_ecc_scalar_random(struct ecc_scalar *, void *, nettle_random_func *); +; d +}' \ + -e 's/ecc_scalar_random/gnutls_ecc_scalar_random/' \ -e 's/^ & (mpn_sub_n/ \& (int)(mpn_sub_n/' \ $dst > $dst-t && mv $dst-t $dst ;; diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 386ae3e49f..23444d9b59 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -21,8 +21,8 @@ * */ -#ifndef __GNUTLS_ABSTRACT_H -#define __GNUTLS_ABSTRACT_H +#ifndef GNUTLS_ABSTRACT_H +#define GNUTLS_ABSTRACT_H #include <gnutls/gnutls.h> #include <gnutls/x509.h> @@ -774,4 +774,5 @@ gnutls_pubkey_print(gnutls_pubkey_t pubkey, } #endif /* *INDENT-ON* */ -#endif + +#endif /* GNUTLS_ABSTRACT_H */ diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index b2ebcb4075..2779ca9f3a 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -22,8 +22,8 @@ /* Typedefs for more compatibility with older GnuTLS. */ -#ifndef _GNUTLS_COMPAT_H -#define _GNUTLS_COMPAT_H +#ifndef GNUTLS_COMPAT_H +#define GNUTLS_COMPAT_H /* *INDENT-OFF* */ #ifdef __cplusplus @@ -243,4 +243,4 @@ int gnutls_priority_compression_list(gnutls_priority_t pcache, #endif /* *INDENT-ON* */ -#endif /* _GNUTLS_COMPAT_H */ +#endif /* GNUTLS_COMPAT_H */ diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index c878d7dfac..fe046a4239 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -297,4 +297,5 @@ int gnutls_decode_gost_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t } #endif /* *INDENT-ON* */ -#endif + +#endif /* GNUTLS_CRYPTO_H */ diff --git a/lib/includes/gnutls/dtls.h b/lib/includes/gnutls/dtls.h index 7e7133e6ae..972ec0a34c 100644 --- a/lib/includes/gnutls/dtls.h +++ b/lib/includes/gnutls/dtls.h @@ -89,4 +89,5 @@ unsigned int gnutls_record_get_discarded(gnutls_session_t session); } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_DTLS_H */ + +#endif /* GNUTLS_DTLS_H */ diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index d02854b40a..c45dd542c7 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -33,9 +33,8 @@ * The low level cipher functionality is in gnutls/crypto.h. */ - -#ifndef GNUTLS_H -#define GNUTLS_H +#ifndef GNUTLS_GNUTLS_H +#define GNUTLS_GNUTLS_H /* Get ssize_t. */ #include <sys/types.h> @@ -3495,4 +3494,4 @@ void gnutls_fips140_set_mode(gnutls_fips_mode_t mode, unsigned flags); #include <gnutls/compat.h> -#endif /* GNUTLS_H */ +#endif /* GNUTLS_GNUTLS_H */ diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h index 6140550789..eeefb798a3 100644 --- a/lib/includes/gnutls/gnutlsxx.h +++ b/lib/includes/gnutls/gnutlsxx.h @@ -20,8 +20,8 @@ * */ -#ifndef GNUTLSXX_H -#define GNUTLSXX_H +#ifndef GNUTLS_GNUTLSXX_H +#define GNUTLS_GNUTLSXX_H #include <exception> #include <vector> @@ -428,4 +428,4 @@ namespace gnutls { } /* namespace */ -#endif /* GNUTLSXX_H */ +#endif /* GNUTLS_GNUTLSXX_H */ diff --git a/lib/includes/gnutls/ocsp.h b/lib/includes/gnutls/ocsp.h index ca085b5880..87806cfd70 100644 --- a/lib/includes/gnutls/ocsp.h +++ b/lib/includes/gnutls/ocsp.h @@ -285,4 +285,5 @@ gnutls_ocsp_resp_list_import2(gnutls_ocsp_resp_t **ocsps, } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_OCSP_H */ + +#endif /* GNUTLS_OCSP_H */ diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h index 01d01fdada..632ffb1dc0 100644 --- a/lib/includes/gnutls/openpgp.h +++ b/lib/includes/gnutls/openpgp.h @@ -377,4 +377,5 @@ int gnutls_certificate_set_openpgp_keyring_file } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_OPENPGP_H */ + +#endif /* GNUTLS_OPENPGP_H */ diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 0c3d22be94..351ddd1cd8 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -21,8 +21,8 @@ * */ -#ifndef __GNUTLS_PKCS11_H -#define __GNUTLS_PKCS11_H +#ifndef GNUTLS_PKCS11_H +#define GNUTLS_PKCS11_H #include <stdarg.h> #include <gnutls/gnutls.h> @@ -510,4 +510,5 @@ gnutls_pkcs11_copy_attached_extension(const char *token_url, } #endif /* *INDENT-ON* */ -#endif + +#endif /* GNUTLS_PKCS11_H */ diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h index 66308c9d88..e613fe12f5 100644 --- a/lib/includes/gnutls/pkcs12.h +++ b/lib/includes/gnutls/pkcs12.h @@ -145,4 +145,5 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_PKCS12_H */ + +#endif /* GNUTLS_PKCS12_H */ diff --git a/lib/includes/gnutls/pkcs7.h b/lib/includes/gnutls/pkcs7.h index 58ea4aaf81..528427b484 100644 --- a/lib/includes/gnutls/pkcs7.h +++ b/lib/includes/gnutls/pkcs7.h @@ -153,4 +153,5 @@ int gnutls_pkcs7_print_signature_info(gnutls_pkcs7_signature_info_st * info, } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_PKCS7_H */ + +#endif /* GNUTLS_PKCS7_H */ diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h index 8771749bf0..aacbe94ca6 100644 --- a/lib/includes/gnutls/self-test.h +++ b/lib/includes/gnutls/self-test.h @@ -20,8 +20,8 @@ * */ -#ifndef __GNUTLS_SELF_H -#define __GNUTLS_SELF_H +#ifndef GNUTLS_SELF_TEST_H +#define GNUTLS_SELF_TEST_H #include <gnutls/gnutls.h> @@ -35,4 +35,4 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac); int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest); int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk); -#endif +#endif /* GNUTLS_SELF_TEST_H */ diff --git a/lib/includes/gnutls/socket.h b/lib/includes/gnutls/socket.h index 03c5cef7b7..64eb19f896 100644 --- a/lib/includes/gnutls/socket.h +++ b/lib/includes/gnutls/socket.h @@ -48,4 +48,5 @@ void gnutls_transport_set_fastopen(gnutls_session_t session, } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_SOCKET_H */ + +#endif /* GNUTLS_SOCKET_H */ diff --git a/lib/includes/gnutls/system-keys.h b/lib/includes/gnutls/system-keys.h index 68b8a20b4a..a0aa056dfa 100644 --- a/lib/includes/gnutls/system-keys.h +++ b/lib/includes/gnutls/system-keys.h @@ -20,8 +20,8 @@ * */ -#ifndef __GNUTLS_SYSTEM_KEYS_H -#define __GNUTLS_SYSTEM_KEYS_H +#ifndef GNUTLS_SYSTEM_KEYS_H +#define GNUTLS_SYSTEM_KEYS_H #include <gnutls/gnutls.h> #include <gnutls/x509.h> @@ -60,4 +60,5 @@ int gnutls_system_key_add_x509(gnutls_x509_crt_t crt, gnutls_x509_privkey_t priv } #endif /* *INDENT-ON* */ -#endif + +#endif /* GNUTLS_SYSTEM_KEYS_H */ diff --git a/lib/includes/gnutls/tpm.h b/lib/includes/gnutls/tpm.h index 82503c648e..b5da3e994f 100644 --- a/lib/includes/gnutls/tpm.h +++ b/lib/includes/gnutls/tpm.h @@ -20,8 +20,8 @@ * */ -#ifndef __GNUTLS_TPM_H -#define __GNUTLS_TPM_H +#ifndef GNUTLS_TPM_H +#define GNUTLS_TPM_H #include <gnutls/gnutls.h> #include <gnutls/x509.h> @@ -76,4 +76,5 @@ int gnutls_tpm_privkey_delete(const char *url, const char *srk_password); } #endif /* *INDENT-ON* */ -#endif + +#endif /* GNUTLS_TPM_H */ diff --git a/lib/includes/gnutls/urls.h b/lib/includes/gnutls/urls.h index 6f67c251b4..f4fd5a7915 100644 --- a/lib/includes/gnutls/urls.h +++ b/lib/includes/gnutls/urls.h @@ -20,8 +20,8 @@ * */ -#ifndef __GNUTLS_URLS_H -#define __GNUTLS_URLS_H +#ifndef GNUTLS_URLS_H +#define GNUTLS_URLS_H #include <gnutls/gnutls.h> #include <gnutls/x509.h> @@ -74,4 +74,5 @@ int gnutls_register_custom_url(const gnutls_custom_url_st *st); } #endif /* *INDENT-ON* */ -#endif + +#endif /* GNUTLS_URLS_H */ diff --git a/lib/includes/gnutls/x509-ext.h b/lib/includes/gnutls/x509-ext.h index 170d02a48b..b288c31a19 100644 --- a/lib/includes/gnutls/x509-ext.h +++ b/lib/includes/gnutls/x509-ext.h @@ -204,4 +204,5 @@ int gnutls_x509_tlsfeatures_add(gnutls_x509_tlsfeatures_t f, unsigned int featur } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_X509_H */ + +#endif /* GNUTLS_X509_EXT_H */ diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index bcb687ce27..444c9f0494 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -1731,4 +1731,5 @@ gnutls_x509_ext_print(gnutls_x509_ext_st *exts, unsigned int exts_size, } #endif /* *INDENT-ON* */ -#endif /* GNUTLS_X509_H */ + +#endif /* GNUTLS_X509_H */ diff --git a/src/certtool.c b/src/certtool.c index 6bdfe376b1..6c1f04656b 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -3027,7 +3027,8 @@ void generate_pkcs12(common_info_st * cinfo) app_exit(1); } - result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); + if (!(flags & GNUTLS_PKCS_PLAIN) || cinfo->empty_password) + result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); if (result < 0) { fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); diff --git a/src/common.c b/src/common.c index 2dc54d09bf..9b0d385ca3 100644 --- a/src/common.c +++ b/src/common.c @@ -1141,6 +1141,15 @@ pin_callback(void *user, int attempt, const char *token_url, getenv_copy(password, sizeof(password), "GNUTLS_PIN"); } + if (password[0] == 0 && info != NULL && info->password != NULL && info->ask_pass == 0) { + if (strlen(info->password) < sizeof(password)) { + strcpy(password, info->password); + } else { + memcpy(password, info->password, sizeof(password) - 1); + password[sizeof(password) - 1] = '\0'; + } + } + if (password[0] == 0 && (info == NULL || info->batch == 0 || info->ask_pass != 0)) { if (token_label && token_label[0] != 0) { fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url); |