[gnutls-dev] [PATCH] Load DH Params from File
Mr Allwyn Fernandes
gtefjknerfd at stobor.net
Fri Oct 12 09:16:59 CEST 2007
Hi,
(Apologies if anyone gets this multiple times: I've tried sending it several
times, and keep getting bounce messages... I don't see it in any of the
archives so I _suspect_ it hasn't gotten through to anyone, but I'm not
sure.)
I recently added GnuTLS support to an app, and noticed a slight inconsistancy
in the api; one can load certificates, keys and CRLs directly from a file,
but there is no corresponding function which takes a filename and loads the
DH params from the file. I'm using Debian Testing, which has gnutls13-1.7.19,
but I noted that the current online documentation doesn't list a new method
to do this either.
I have created a trivial patch which implements an api
function "gnutls_dh_params_import_pkcs3_file" from a combination
of "gnutls_dh_params_import_pkcs3" and "gnutls_certificate_set_x509_crl_file"
I have generated the patch against Debian's gnutls13-1.7.19 source, but
appears to apply reasonably to the 2.0.1 source... Otherwise, for easy
cut-n-paste, the new method is listed below, along with the corresponding
header entry.
If there are any comments or questions, please feel free to let me know.
Cheers,
Allwyn.
In lib/gnutls_dh_primes.c, under gnutls_dh_params_import_pkcs3:
/**
* gnutls_dh_params_import_pkcs3_file - This function will import DH params
* from a file containing a pkcs3 structure
* @params: A structure where the parameters will be copied to
* @pkcs3_file: should contain a PKCS3 DHParams structure PEM or DER encoded
* @format: the format of params. PEM or DER.
*
* This function will extract the DHParams found in a file containing a PKCS3
* formatted structure. This is the format generated by "openssl dhparam"
tool.
*
* If the structure is PEM encoded, it should have a header
* of "BEGIN DH PARAMETERS".
*
* In case of failure a negative value will be returned, and
* 0 on success.
*
**/
int
gnutls_dh_params_import_pkcs3_file (gnutls_dh_params_t params,
const char * pkcs3_file,
gnutls_x509_crt_fmt_t format)
{
int ret;
size_t size;
char *data = read_binary_file (pkcs3_file, &size);
if (data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
ret = gnutls_dh_params_import_pkcs3 (params, data, format);
free (data);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
return ret;
}
In includes/gnutls/gnutls.h.in, under gnutls_dh_params_import_pkcs3:
int gnutls_dh_params_import_pkcs3_file (gnutls_dh_params_t params,
const char * pkcs3_file,
gnutls_x509_crt_fmt_t format);
And something like this for the NEWS file.
** API and ABI modifications:
New API to load Diffie-Hellman parameters from file:
gnutls_dh_params_import_pkcs3_file
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls13-1.7.19-dhfile.diff.gz
Type: application/x-gzip
Size: 1173 bytes
Desc: not available
Url : /pipermail/attachments/20071012/dff623e7/attachment.bin
More information about the Gnutls-dev
mailing list