1 --- eet-1.7.10/src/lib/eet_cipher.c.orig 2013-07-29 16:22:39.000000000 +0200
2 +++ eet-1.7.10/src/lib/eet_cipher.c 2018-09-19 10:34:46.452526279 +0200
3 @@ -56,9 +56,7 @@ void *alloca(size_t);
7 -# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
8 -# include <gnutls/abstract.h>
10 +# include <gnutls/abstract.h>
11 # include <gnutls/x509.h>
13 # else /* ifdef HAVE_GNUTLS */
14 @@ -500,10 +498,8 @@ eet_identity_sign(FILE *fp,
15 gnutls_datum_t datum = { NULL, 0 };
18 -#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
19 gnutls_datum_t signum = { NULL, 0 };
20 gnutls_privkey_t privkey;
22 # else /* ifdef HAVE_GNUTLS */
24 unsigned int sign_len = 0;
25 @@ -535,7 +531,6 @@ eet_identity_sign(FILE *fp,
26 datum.size = st_buf.st_size;
28 /* Get the signature length */
29 -#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
30 if (gnutls_privkey_init(&privkey) < 0)
32 err = EET_ERROR_SIGNATURE_FAILED;
33 @@ -556,30 +551,6 @@ eet_identity_sign(FILE *fp,
36 sign_len = signum.size;
38 - if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
39 - &datum, sign, &sign_len) &&
42 - err = EET_ERROR_SIGNATURE_FAILED;
46 - /* Get the signature */
47 - sign = malloc(sign_len);
49 - gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
54 - err = EET_ERROR_OUT_OF_MEMORY;
56 - err = EET_ERROR_SIGNATURE_FAILED;
62 /* Get the certificate length */
63 if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
64 @@ -729,15 +700,11 @@ eet_identity_check(const void *data_ba
65 gnutls_x509_crt_t cert;
67 gnutls_datum_t signature;
68 -# if EET_USE_NEW_GNUTLS_API
69 -# if EET_USE_NEW_PUBKEY_VERIFY_HASH
70 gnutls_pubkey_t pubkey;
71 gnutls_digest_algorithm_t hash_algo;
76 -# endif /* if EET_USE_NEW_GNUTLS_API */
78 /* Create an understanding certificate structure for gnutls */
79 datum.data = (void *)cert_der;
80 @@ -749,7 +716,6 @@ eet_identity_check(const void *data_ba
81 signature.size = sign_len;
83 /* Verify the signature */
84 -# if EET_USE_NEW_GNUTLS_API
86 I am waiting for my patch being accepted in GnuTLS release.
87 But we now have a way to prevent double computation of SHA1.
88 @@ -767,7 +733,6 @@ eet_identity_check(const void *data_ba
89 datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
92 -# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
93 if (gnutls_pubkey_init(&pubkey) < 0)
96 @@ -779,10 +744,6 @@ eet_identity_check(const void *data_ba
98 if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
101 - if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
107 @@ -794,20 +755,6 @@ eet_identity_check(const void *data_ba
111 -# else /* if EET_USE_NEW_GNUTLS_API */
112 - datum.data = (void *)data_base;
113 - datum.size = data_length;
115 - if (!gnutls_x509_crt_verify_data(cert, 0, &datum, &signature))
124 -# endif /* if EET_USE_NEW_GNUTLS_API */
125 gnutls_x509_crt_deinit(cert);
127 # else /* ifdef HAVE_GNUTLS */
128 @@ -861,11 +808,9 @@ eet_identity_check(const void *data_ba
132 -# if EET_USE_NEW_GNUTLS_API
138 #else /* ifdef HAVE_SIGNATURE */
140 --- eet-1.7.10/src/lib/eet_cipher.c.org 2018-09-19 10:53:01.742816086 +0200
141 +++ eet-1.7.10/src/lib/eet_cipher.c 2018-09-19 10:54:10.794913636 +0200
142 @@ -739,10 +739,7 @@ eet_identity_check(const void *data_ba
143 if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
146 - if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
149 - if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
150 + if (gnutls_pubkey_verify_hash2(pubkey, GNUTLS_SIGN_RSA_SHA1, 0, &datum, &signature) < 0)