Package: efl / 1.8.6-2.5

gnutls3.4.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Description: Fix build with gnutls 3.4
 gnutls_pubkey_get_verify_algorithm and gnutls_pubkey_verify_hash no longer
 exist in gnutls 3.4. See 
 http://www.gnutls.org/manual/html_node/Upgrading-from-previous-versions.html
 
 The results of the call to gnutls_pubkey_get_verify_algorithm are discarded, 
 the code only checks if it succeeds or not. I guess it was intended as some 
 sort of sanity check. I replaced it with a call to 
 gnutls_x509_crt_get_signature_algorithm
 
 I replaced the call to gnutls_pubkey_verify_hash with a call to
 gnutls_pubkey_verify_hash2 filling in the new "algo" parameter with the result
 of gnutls_x509_crt_get_signature_algorithm
 
 The code now compiles and I don't think it's any more broken than it was
 before but I have concerns about the code in general. It seems to have an
 implicit assuption that the certificate signature algorithm will be sha1.
Author: Peter Michael Green <plugwash@raspbian.org>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- efl-1.8.6.orig/src/lib/eet/eet_cipher.c
+++ efl-1.8.6/src/lib/eet/eet_cipher.c
@@ -681,7 +681,6 @@ eet_identity_check(const void   *data_ba
    gnutls_datum_t datum;
    gnutls_datum_t signature;
    gnutls_pubkey_t pubkey;
-   gnutls_digest_algorithm_t hash_algo;
    unsigned char *hash;
    gcry_md_hd_t md;
    int err;
@@ -718,11 +717,12 @@ eet_identity_check(const void   *data_ba
 
    if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
      goto on_error;
-
-   if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
+   
+   int algo = gnutls_x509_crt_get_signature_algorithm(cert);
+   if (algo < 0)
      goto on_error;
 
-   if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
+   if (gnutls_pubkey_verify_hash2(pubkey,algo, 0, &datum, &signature) < 0)
      goto on_error;
 
    if (sha1)