[gnutls-dev] [PATCH] Load DH Params from File

Mr Allwyn Fernandes gtefjknerfd at stobor.net
Fri Oct 12 09:16:59 CEST 2007


(Apologies if anyone gets this multiple times: I've tried sending it several 
times, and keep getting bounce messages... I don't see it in any of the 
archives so I _suspect_ it hasn't gotten through to anyone, but I'm not 

I recently added GnuTLS support to an app, and noticed a slight inconsistancy 
in the api; one can load certificates, keys and CRLs directly from a file, 
but there is no corresponding function which takes a filename and loads the 
DH params from the file. I'm using Debian Testing, which has gnutls13-1.7.19, 
but I noted that the current online documentation doesn't list a new method 
to do this either.

I have created a trivial patch which implements an api 
function "gnutls_dh_params_import_pkcs3_file" from a combination 
of "gnutls_dh_params_import_pkcs3" and "gnutls_certificate_set_x509_crl_file"

I have generated the patch against Debian's gnutls13-1.7.19 source, but 
appears to apply reasonably to the 2.0.1 source... Otherwise, for easy 
cut-n-paste, the new method is listed below, along with the corresponding 
header entry.

If there are any comments or questions, please feel free to let me know.



In lib/gnutls_dh_primes.c, under gnutls_dh_params_import_pkcs3:

  * gnutls_dh_params_import_pkcs3_file - This function will import DH params 
  * from a file containing a pkcs3 structure
  * @params: A structure where the parameters will be copied to
  * @pkcs3_file: should contain a PKCS3 DHParams structure PEM or DER encoded
  * @format: the format of params. PEM or DER.
  * This function will extract the DHParams found in a file containing a PKCS3 
  * formatted structure. This is the format generated by "openssl dhparam" 
  * If the structure is PEM encoded, it should have a header
  * In case of failure a negative value will be returned, and
  * 0 on success.
gnutls_dh_params_import_pkcs3_file (gnutls_dh_params_t params,
			            const char * pkcs3_file,
			            gnutls_x509_crt_fmt_t format)
  int ret;
  size_t size;
  char *data = read_binary_file (pkcs3_file, &size);

  if (data == NULL)
      gnutls_assert ();
      return GNUTLS_E_FILE_ERROR;
  ret = gnutls_dh_params_import_pkcs3 (params, data, format);

  free (data);

  if (ret < 0)
      gnutls_assert ();
      return ret;

  return ret;

In includes/gnutls/gnutls.h.in, under gnutls_dh_params_import_pkcs3:

  int gnutls_dh_params_import_pkcs3_file (gnutls_dh_params_t params,
				          const char * pkcs3_file,
				          gnutls_x509_crt_fmt_t format);

And something like this for the NEWS file.
** API and ABI modifications:

New API to load Diffie-Hellman parameters from file:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls13-1.7.19-dhfile.diff.gz
Type: application/x-gzip
Size: 1173 bytes
Desc: not available
URL: </pipermail/attachments/20071012/dff623e7/attachment.bin>

More information about the Gnutls-devel mailing list