* bug#50507: New function in Emacs GnuTLS implementation @ 2021-09-10 10:39 Nikolaos Chatzikonstantinou 2021-09-10 12:39 ` Eli Zaretskii 2022-12-30 20:45 ` Mattias Engdegård 0 siblings, 2 replies; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2021-09-10 10:39 UTC (permalink / raw) To: 50507 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello bug-gnu-emacs, I am looking at the src/gnutls.c:gnutls-boot function for the purpose of modifying it to use the function gnutls_certificate_set_x509_key_file2 instead of gnutls_certificate_set_x509_key_file. (Note the missing `2') The reason for this addition would be to protect the key with a password. Note that the pass parameter may be NULL. Moreover, the Emacs functionality could do with more than just file access; users could provide their certificates and keys that lie in memory instead of a file. This may be useful. I am sending this e-mail to gauge interest in this as a proposal. It makes sense to me but I am not very experienced. How does one submit a patch for Emacs? Is it via the mailing lists by attaching a diff hunk? Thank you for your attention. Regards, Nikolaos Chatzikonstantinou -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHHHUCYKNdWl5h845DtNR6zceZEgFAmE7NYYACgkQDtNR6zce ZEgSjg//SDJzOtoYZBeGZ5FbXeR52Tt11+ztXlwFpgk+aIW5PNu+XzWMci7kp0BL vxYkXKaKINHC8FM393r2wFxWbBf+Jss1tqtATl56s3VWwowXU4X7II+qI5hkjJok jC6lRhxkPkhCNijDXBXxMTwGEoKo6/qiRzFCb46C5lGkYahsvNMZQGagadGV3tde JFKhBHIR6W6JGGqkKgXZ4CL1627elzUBooLA0QfY8jzM8JOErCRo5tgD/A6omE/K Uot9EMAOIAOID2XQQ8fPATSUxAqrlV9HvLW0fo+xE4jCraEhmhHNyFyWAnb3uCB9 LD9OOmN6xC9QeN6B0DVbv1VVYhCn78APEEXuglUv57LSkCGJteUh7zphwbKwwdbk 81ifniPlwnzjGIiq5B6dCYRQD2wCdVOczF7Nu8Zjoo9DQxUC/TiY3r5HnlSSUZVv Msqfd/kdCVv19+JhZe5CKcTTPjXgdeJLR442Q/WD101KPtvdIkoZjBzoSnbd7tcC qfj3X88xnVPJWmPViFNHVSD0EhCha6jCdLz0NF9ttacaoxrg5ocyg2itBLKTy7V9 excqFwCkxjfDMIOmMTES/a2TZ3bisJRc6XrGPgYYy7eAaXmLaynrxpqO7vOCGYiW kYtBR8dgPLU3UYivn0KKgbyDeZdSNNZ008/mmIwPHIEh6FOvFLk= =kjif -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2021-09-10 10:39 bug#50507: New function in Emacs GnuTLS implementation Nikolaos Chatzikonstantinou @ 2021-09-10 12:39 ` Eli Zaretskii 2021-09-11 15:28 ` Nikolaos Chatzikonstantinou 2022-12-30 20:45 ` Mattias Engdegård 1 sibling, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2021-09-10 12:39 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507 > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Fri, 10 Sep 2021 19:39:52 +0900 > > I am looking at the src/gnutls.c:gnutls-boot function for the purpose of > modifying it to use the function gnutls_certificate_set_x509_key_file2 > instead of gnutls_certificate_set_x509_key_file. (Note the missing `2') > > The reason for this addition would be to protect the key with a > password. Note that the pass parameter may be NULL. Do you intend to make the change unconditionally, or do you intend to make it an optional feature? And what is the minimal GnuTLS version which provided this function? > I am sending this e-mail to gauge interest in this as a proposal. It > makes sense to me but I am not very experienced. How does one submit > a patch for Emacs? Is it via the mailing lists by attaching a diff > hunk? Yes, you provide a patch as an attachment, preferably in the "git format-patch" format. See the file CONTRIBUTE in the Emacs Git repository for more details. Thanks. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2021-09-10 12:39 ` Eli Zaretskii @ 2021-09-11 15:28 ` Nikolaos Chatzikonstantinou 2021-09-11 15:34 ` Eli Zaretskii 2022-08-25 15:07 ` Lars Ingebrigtsen 0 siblings, 2 replies; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2021-09-11 15:28 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > From: Eli Zaretskii <eliz@gnu.org> > Date: Fri, 10 Sep 2021 15:39:35 +0300 > > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > > Date: Fri, 10 Sep 2021 19:39:52 +0900 > > > > I am looking at the src/gnutls.c:gnutls-boot function for the > > purpose of modifying it to use the function > > gnutls_certificate_set_x509_key_file2 > > instead of gnutls_certificate_set_x509_key_file. (Note the missing > > `2') > > > > The reason for this addition would be to protect the key with a > > password. Note that the pass parameter may be NULL. > > Do you intend to make the change unconditionally, or do you intend to > make it an optional feature? > > And what is the minimal GnuTLS version which provided this function? I intend to introduce new functions without changing any of the others. The following functions were added at 2013-04-08: gnutls_certificate_set_x509_key_file2 gnutls_certificate_set_x509_key_mem2 Versions after 3.2 and 3.1.11 include them. Although it appears straightforward to introduce them, my plan is to spend some time acclimating myself with GnuTLS and the Emacs implementation to ensure that I did it right, and then I'll submit a patch. Does it sound good? Regards, Nikolaos Chatzikonstantinou -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHHHUCYKNdWl5h845DtNR6zceZEgFAmE8yqkACgkQDtNR6zce ZEjF9hAAyoLaoIbMEmzaJ/TrzTyucic4L78LTYyoMMAB7UgNgWFwhRZ+6POUc2N2 UiIjuz5JBGtpUIBgQS/DOyzZppZxGyJMa+VeIu1rEypk6NYw4XVVgXgOg2kEpM5R WBgdFmafsyUmNWwr9xEs8QtfaXE0qVlQA4TIXNJSI7iZsgK6B/WZbez1TBbiOign Wydgzvvb9NcRRvMUV5BHxFMfTt7dDWiN2jpCx7mYizcjWnSiAwB/75H82YAGCIa+ vHKwGGX3Fl+k6bkd9dNeaNXX//seKecgOzipodu2KeahgY3AXSxL+t9jPIwRU0gp dfm/h6qc9189WZ1hvigFpEgvU44Uc2yUUyDFQ+Gp7dLAaLo1KHsD9jVnG7WFtMBw Owcz7CwD4nYHGBwqucijrtAjurclvus7Yuqh1aayMkYySjJCN0IoQOMmbpVYUbaZ lP83wooZ4C624x0hSMIQNtAoDSB5en05ny71DkPTTozDvkED5vxfZkoARaSnQFiO NeirllWwz07ZQck1PvoJXgOUvytUEf5OS4pJNvLX11/qGUzfwBWA1ZWO3mHAPHAx K3iMUxWtRF0VnpvS6X1dXj0MYIhhJ/aEpYh/IL4uPyQrfrWoMUEmDgw3LNPB01Er tqGpeSiWbQ/YSE6AERoYf+gsuaHnsOMWwxyznwvkWWfn12I4/34= =qL1/ -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2021-09-11 15:28 ` Nikolaos Chatzikonstantinou @ 2021-09-11 15:34 ` Eli Zaretskii 2021-09-11 15:52 ` Eli Zaretskii 2022-08-25 15:07 ` Lars Ingebrigtsen 1 sibling, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2021-09-11 15:34 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507 > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Sun, 12 Sep 2021 00:28:33 +0900 > Cc: 50507@debbugs.gnu.org > > > > The reason for this addition would be to protect the key with a > > > password. Note that the pass parameter may be NULL. > > > > Do you intend to make the change unconditionally, or do you intend to > > make it an optional feature? > > > > And what is the minimal GnuTLS version which provided this function? > > I intend to introduce new functions without changing any of the others. > The following functions were added at 2013-04-08: > > gnutls_certificate_set_x509_key_file2 > gnutls_certificate_set_x509_key_mem2 > > Versions after 3.2 and 3.1.11 include them. Although it appears > straightforward to introduce them, my plan is to spend some time > acclimating myself with GnuTLS and the Emacs implementation to ensure > that I did it right, and then I'll submit a patch. Does it sound good? Yes, SGTM. Thank you very much for working on this. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2021-09-11 15:34 ` Eli Zaretskii @ 2021-09-11 15:52 ` Eli Zaretskii 0 siblings, 0 replies; 47+ messages in thread From: Eli Zaretskii @ 2021-09-11 15:52 UTC (permalink / raw) To: nchatz314; +Cc: 50507 > Date: Sat, 11 Sep 2021 18:34:31 +0300 > From: Eli Zaretskii <eliz@gnu.org> > Cc: 50507@debbugs.gnu.org > > > Versions after 3.2 and 3.1.11 include them. Although it appears > > straightforward to introduce them, my plan is to spend some time > > acclimating myself with GnuTLS and the Emacs implementation to ensure > > that I did it right, and then I'll submit a patch. Does it sound good? > > Yes, SGTM. Thank you very much for working on this. And, of course, don't hesitate to ask questions if something in the existing implementation is unclear. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2021-09-11 15:28 ` Nikolaos Chatzikonstantinou 2021-09-11 15:34 ` Eli Zaretskii @ 2022-08-25 15:07 ` Lars Ingebrigtsen 2022-09-14 15:51 ` Nikolaos Chatzikonstantinou 1 sibling, 1 reply; 47+ messages in thread From: Lars Ingebrigtsen @ 2022-08-25 15:07 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Eli Zaretskii Nikolaos Chatzikonstantinou <nchatz314@gmail.com> writes: > Versions after 3.2 and 3.1.11 include them. Although it appears > straightforward to introduce them, my plan is to spend some time > acclimating myself with GnuTLS and the Emacs implementation to ensure > that I did it right, and then I'll submit a patch. Does it sound good? Sounds good to me. This was almost a year ago -- did you get any further with this? ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-08-25 15:07 ` Lars Ingebrigtsen @ 2022-09-14 15:51 ` Nikolaos Chatzikonstantinou 2022-09-15 7:09 ` Lars Ingebrigtsen 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-14 15:51 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 50507, Eli Zaretskii On Thu, Aug 25, 2022 at 11:07 AM Lars Ingebrigtsen <larsi@gnus.org> wrote: > > Nikolaos Chatzikonstantinou <nchatz314@gmail.com> writes: > > > Versions after 3.2 and 3.1.11 include them. Although it appears > > straightforward to introduce them, my plan is to spend some time > > acclimating myself with GnuTLS and the Emacs implementation to ensure > > that I did it right, and then I'll submit a patch. Does it sound good? > > Sounds good to me. > > This was almost a year ago -- did you get any further with this? Thanks for reminding me of this. I spent my time learning some cryptography and doing other things, unrelated to Emacs. I feel better equipped now to tackle this issue, but it will take some time, I expect a month or less. Luckily I have a lot of free time right now. My goal is to increase the completion of the Emacs wrapper of GnuTLS. Originally I cared only to add enough to implement encryption-at-rest for the circe IRC client. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-14 15:51 ` Nikolaos Chatzikonstantinou @ 2022-09-15 7:09 ` Lars Ingebrigtsen 2022-09-26 9:56 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Lars Ingebrigtsen @ 2022-09-15 7:09 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Eli Zaretskii Nikolaos Chatzikonstantinou <nchatz314@gmail.com> writes: > I spent my time learning some cryptography and doing other > things, unrelated to Emacs. I feel better equipped now to tackle > this issue, but it will take some time, I expect a month or > less. Luckily I have a lot of free time right now. > > My goal is to increase the completion of the Emacs wrapper of > GnuTLS. Originally I cared only to add enough to implement > encryption-at-rest for the circe IRC client. Great; looking forward to it. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-15 7:09 ` Lars Ingebrigtsen @ 2022-09-26 9:56 ` Nikolaos Chatzikonstantinou 2022-09-26 11:03 ` Lars Ingebrigtsen 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-26 9:56 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 50507, Eli Zaretskii On Thu, Sep 15, 2022 at 3:09 AM Lars Ingebrigtsen <larsi@gnus.org> wrote: > > Nikolaos Chatzikonstantinou <nchatz314@gmail.com> writes: > > > > My goal is to increase the completion of the Emacs wrapper of > > GnuTLS. Originally I cared only to add enough to implement > > encryption-at-rest for the circe IRC client. > > Great; looking forward to it. I have a small update. I looked into src/gnutls.c to see which functions are implemented. In total, there's 19 functions defined with DEFUN, gnutls-hash-digest gnutls-format-certificate gnutls-peer-status-warning-describe gnutls-peer-status gnutls-deinit gnutls-hash-mac gnutls-errorp gnutls-error-fatalp gnutls-error-string gnutls-macs gnutls-digests gnutls-ciphers gnutls-available-p gnutls-boot gnutls-bye gnutls-asynchronous-parameters gnutls-get-initstage gnutls-symmetric-encrypt gnutls-symmetric-decrypt However, I suspect that this API is not used by most packages. Instead, these functions are called from Emacs' make-network-process and friends in src/process.c. If I just dump new gnutls functions in src/gnutls.c, they might not be accessible for use, or I might duplicate functionality. Before I make sensible changes to src/gnutls.c, I would need to understand better how the functions are used in src/process.c. However, that file is lacking function comments. Therefore, since I'll be studying it anyhow, I suggest that my first patch will be C documentation for those functions in src/process.c. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-26 9:56 ` Nikolaos Chatzikonstantinou @ 2022-09-26 11:03 ` Lars Ingebrigtsen 2022-09-26 15:43 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Lars Ingebrigtsen @ 2022-09-26 11:03 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Eli Zaretskii Nikolaos Chatzikonstantinou <nchatz314@gmail.com> writes: > However, I suspect that this API is not used by most > packages. Instead, these functions are called from Emacs' > make-network-process and friends in src/process.c. If I just dump new > gnutls functions in src/gnutls.c, they might not be accessible for > use, or I might duplicate functionality. I'm not sure I understand what you mean here. The point was to use gnutls_certificate_set_x509_key_file2 instead of gnutls_certificate_set_x509_key_file in gnutls.c -- so that should be an internal change in gnutls.c that nothing else should need to know about. > Before I make sensible changes to src/gnutls.c, I would need to > understand better how the functions are used in > src/process.c. However, that file is lacking function > comments. Therefore, since I'll be studying it anyhow, I suggest that > my first patch will be C documentation for those functions in > src/process.c. process.c has an abundance of comments already, but if there's further comments that would be helpful, that's welcome, of course. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-26 11:03 ` Lars Ingebrigtsen @ 2022-09-26 15:43 ` Nikolaos Chatzikonstantinou 2022-09-26 17:19 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-26 15:43 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 50507, Eli Zaretskii [-- Attachment #1: Type: text/plain, Size: 1190 bytes --] On Mon, Sep 26, 2022 at 7:03 AM Lars Ingebrigtsen <larsi@gnus.org> wrote: > > Nikolaos Chatzikonstantinou <nchatz314@gmail.com> writes: > > > However, I suspect that this API is not used by most > > packages. Instead, these functions are called from Emacs' > > make-network-process and friends in src/process.c. If I just dump new > > gnutls functions in src/gnutls.c, they might not be accessible for > > use, or I might duplicate functionality. > > I'm not sure I understand what you mean here. The point was to use > gnutls_certificate_set_x509_key_file2 instead of > gnutls_certificate_set_x509_key_file in gnutls.c -- so that should be an > internal change in gnutls.c that nothing else should need to know about. Ah yes, thanks for setting me straight. I should start with that. Actually, this is not too complicated, and I just prepared this patch save for one thing: how should the ORed values be passed in the last parameter? In C, it is an 'unsigned int' of ORed values of type 'gnutls_pkcs_encrypt_flags_t', whose enumeration constants are detailed here, <https://gnutls.org/reference/gnutls-x509.html#gnutls-pkcs-encrypt-flags-t> See the patch attached (do not merge yet?). [-- Attachment #2: 0001-fix-gnutls-add-possibility-of-password-for-key-file.patch.sig --] [-- Type: application/pgp-signature, Size: 6679 bytes --] [-- Attachment #3: 0001-fix-gnutls-add-possibility-of-password-for-key-file.patch --] [-- Type: text/x-patch, Size: 5783 bytes --] From 94eec43843d5d0225a29d3574f8738719f9e4239 Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Date: Mon, 26 Sep 2022 11:08:18 -0400 Subject: [PATCH] fix(gnutls): add possibility of password for key-file The GnuTLS function gnutls_certificate_set_x509_key_file is replaced by its second version gnutls_certificate_set_x509_key_file2 and the definitions of gnutls-boot and gnutls-boot-parameters are modified to include the :pass and :flags keys, which are additional parameters in the second version. Signed-off-by: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> --- lisp/net/gnutls.el | 7 +++++++ src/gnutls.c | 19 +++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 6e3845aec1..9aab18b8fb 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -265,6 +265,7 @@ gnutls-boot-parameters &key type hostname priority-string trustfiles crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error + pass flags &allow-other-keys) "Return a keyword list of parameters suitable for passing to `gnutls-boot'. @@ -281,6 +282,10 @@ gnutls-boot-parameters VERIFY-HOSTNAME-ERROR is a backwards compatibility option for putting `:hostname' in VERIFY-ERROR. +PASS is a string, the password of the key. + +FLAGS is an ORed sequence of gnutls_pkcs_encrypt_flags_t values. + When VERIFY-ERROR is t or a list containing `:trustfiles', an error will be raised when the peer certificate verification fails as per GnuTLS' gnutls_certificate_verify_peers2. Otherwise, only @@ -358,6 +363,8 @@ gnutls-boot-parameters :keylist ,keylist :verify-flags ,verify-flags :verify-error ,verify-error + :pass ,pass + :flags ,flags :callbacks nil))) (defun gnutls--get-files (files) diff --git a/src/gnutls.c b/src/gnutls.c index a0de0238c4..c45771c58d 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -121,6 +121,9 @@ DEF_DLL_FN (int, gnutls_certificate_set_x509_crl_file, DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2, + (gnutls_certificate_credentials_t, const char *, const char *, + gnutls_x509_crt_fmt_t, const char *, unsigned int)); # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust, (gnutls_certificate_credentials_t)); @@ -314,6 +317,7 @@ init_gnutls_functions (void) LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags); LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file); + LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2); # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust); # endif @@ -455,6 +459,7 @@ init_gnutls_functions (void) # define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags # define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file # define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file +# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2 # define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust # define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file # define gnutls_certificate_type_get fn_gnutls_certificate_type_get @@ -1813,6 +1818,10 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, :complete-negotiation, if non-nil, will make negotiation complete before returning even on non-blocking sockets. +:pass, the password of the private key. + +:flags, an ORed sequence of gnutls_pkcs_encrypt_flags_t. + The debug level will be set for this process AND globally for GnuTLS. So if you set it higher or lower at any point, it affects global debugging. @@ -1848,6 +1857,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Lisp_Object trustfiles; Lisp_Object crlfiles; Lisp_Object keylist; + Lisp_Object pass; + Lisp_Object flags; /* Lisp_Object callbacks; */ Lisp_Object loglevel; Lisp_Object hostname; @@ -1877,6 +1888,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, crlfiles = plist_get (proplist, QCcrlfiles); loglevel = plist_get (proplist, QCloglevel); prime_bits = plist_get (proplist, QCmin_prime_bits); + pass = plist_get (proplist, QCpass); + flags = plist_get (proplist, QCflags); if (!STRINGP (hostname)) { @@ -2038,8 +2051,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, keyfile = ansi_encode_filename (keyfile); certfile = ansi_encode_filename (certfile); # endif - ret = gnutls_certificate_set_x509_key_file - (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, SSDATA (pass), XUFIXNUM (flags)); if (ret < GNUTLS_E_SUCCESS) return gnutls_make_error (ret); @@ -2860,6 +2873,8 @@ syms_of_gnutls (void) DEFSYM (QCmin_prime_bits, ":min-prime-bits"); DEFSYM (QCloglevel, ":loglevel"); DEFSYM (QCcomplete_negotiation, ":complete-negotiation"); + DEFSYM (QCpass, ":pass"); + DEFSYM (QCflags, ":flags"); DEFSYM (QCverify_flags, ":verify-flags"); DEFSYM (QCverify_error, ":verify-error"); -- 2.37.3 ^ permalink raw reply related [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-26 15:43 ` Nikolaos Chatzikonstantinou @ 2022-09-26 17:19 ` Robert Pluim 2022-09-26 21:39 ` Nikolaos Chatzikonstantinou 2022-09-28 12:15 ` Nikolaos Chatzikonstantinou 0 siblings, 2 replies; 47+ messages in thread From: Robert Pluim @ 2022-09-26 17:19 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii >>>>> On Mon, 26 Sep 2022 11:43:41 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: Nikolaos> Date: Mon, 26 Sep 2022 11:08:18 -0400 Nikolaos> Subject: [PATCH] fix(gnutls): add possibility of password for key-file Nikolaos> The GnuTLS function Nikolaos> gnutls_certificate_set_x509_key_file Nikolaos> is replaced by its second version Nikolaos> gnutls_certificate_set_x509_key_file2 Nikolaos> and the definitions of gnutls-boot and gnutls-boot-parameters are Nikolaos> modified to include the :pass and :flags keys, which are additional Nikolaos> parameters in the second version. Nikolaos> Signed-off-by: Nikolaos Chatzikonstantinou Nikolaos> <nchatz314@gmail.com> We donʼt use Signed-off-by, and the commit message has some rules which are described in CONTRIBUTE (start at "** Commit messages" and read up to and including "** Committing your changes") Nikolaos> +PASS is a string, the password of the key. Nikolaos> + Nikolaos> +FLAGS is an ORed sequence of gnutls_pkcs_encrypt_flags_t values. Nikolaos> + Youʼre at the lisp level here. Perhaps you could define a mapping from the C-level enum to lisp defconsts or similar? Or you could define it as taking a list of flags, and then the C-code can take care of ORing them. Nikolaos> + pass = plist_get (proplist, QCpass); Nikolaos> + flags = plist_get (proplist, QCflags); pass and flags will both be 'nil' here if theyʼre not specified, so that.... Nikolaos> if (!STRINGP (hostname)) Nikolaos> { Nikolaos> @@ -2038,8 +2051,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Nikolaos> keyfile = ansi_encode_filename (keyfile); Nikolaos> certfile = ansi_encode_filename (certfile); Nikolaos> # endif Nikolaos> - ret = gnutls_certificate_set_x509_key_file Nikolaos> - (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); Nikolaos> + ret = gnutls_certificate_set_x509_key_file2 Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, SSDATA (pass), XUFIXNUM (flags)); ...this is likely to fail in that case. Or maybe not, I havenʼt tested it, but XUFIXNUM(nil) in a build with asserts enabled will trigger an assert and exit, I think. In any case, if youʼre going to replace _file with _file2, you should describe the new constraints on the arguments. e.g. Maybe having pass as nil is OK, but then you need to say that, or maybe you need to fall back to _file if :pass is not specified. Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-26 17:19 ` Robert Pluim @ 2022-09-26 21:39 ` Nikolaos Chatzikonstantinou 2022-09-27 6:29 ` Eli Zaretskii 2022-09-28 12:15 ` Nikolaos Chatzikonstantinou 1 sibling, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-26 21:39 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii On Mon, Sep 26, 2022 at 1:19 PM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Mon, 26 Sep 2022 11:43:41 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > Nikolaos> Date: Mon, 26 Sep 2022 11:08:18 -0400 > Nikolaos> Subject: [PATCH] fix(gnutls): add possibility of password for key-file > > Nikolaos> The GnuTLS function > > Nikolaos> gnutls_certificate_set_x509_key_file > > Nikolaos> is replaced by its second version > > Nikolaos> gnutls_certificate_set_x509_key_file2 > > Nikolaos> and the definitions of gnutls-boot and gnutls-boot-parameters are > Nikolaos> modified to include the :pass and :flags keys, which are additional > Nikolaos> parameters in the second version. > > Nikolaos> +PASS is a string, the password of the key. > Nikolaos> + > Nikolaos> +FLAGS is an ORed sequence of gnutls_pkcs_encrypt_flags_t values. > Nikolaos> + > > Youʼre at the lisp level here. Perhaps you could define a mapping from > the C-level enum to lisp defconsts or similar? Or you could define it > as taking a list of flags, and then the C-code can take care of ORing > them. Does Emacs code have a way to signal this C-to-lisp enum-to-defconst map? Otherwise I will go with the keywords option. > Nikolaos> + pass = plist_get (proplist, QCpass); > Nikolaos> + flags = plist_get (proplist, QCflags); > > pass and flags will both be 'nil' here if theyʼre not specified, so > that.... > > <removed> > > ...this is likely to fail in that case. Or maybe not, I havenʼt tested > it, but XUFIXNUM(nil) in a build with asserts enabled will trigger an > assert and exit, I think. Thanks, I will look into this. > In any case, if youʼre going to replace _file with _file2, you should > describe the new constraints on the arguments. e.g. Maybe having pass > as nil is OK, but then you need to say that, or maybe you need to fall > back to _file if :pass is not specified. Okay, will do. The first version of the function exists since 0.4.0 but the second appeared "recently" in 3.2.0 (released on June 2013). Should I put some preprocessor #if checks? How would the docstring be affected? Instead of duplicating the string (can't put #if inside its body, it's already in a macro), perhaps I should write that the feature is "only supported with GnuTLS 3.2.0 and above") ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-26 21:39 ` Nikolaos Chatzikonstantinou @ 2022-09-27 6:29 ` Eli Zaretskii 0 siblings, 0 replies; 47+ messages in thread From: Eli Zaretskii @ 2022-09-27 6:29 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, rpluim, larsi > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Mon, 26 Sep 2022 17:39:09 -0400 > Cc: Lars Ingebrigtsen <larsi@gnus.org>, 50507@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org> > > > In any case, if youʼre going to replace _file with _file2, you should > > describe the new constraints on the arguments. e.g. Maybe having pass > > as nil is OK, but then you need to say that, or maybe you need to fall > > back to _file if :pass is not specified. > > Okay, will do. The first version of the function exists since 0.4.0 > but the second appeared "recently" in 3.2.0 (released on June > 2013). Should I put some preprocessor #if checks? Yes, we already have those in gnutls.c. Example: # if GNUTLS_VERSION_NUMBER >= 0x030014 # define HAVE_GNUTLS_X509_SYSTEM_TRUST # endif > How would the docstring be affected? Instead of duplicating the > string (can't put #if inside its body, it's already in a macro), > perhaps I should write that the feature is "only supported with > GnuTLS 3.2.0 and above") You don't have to mention the GnuTLS version explicitly, you can say something more vague, like "supported by recent enough GnuTLS". ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-26 17:19 ` Robert Pluim 2022-09-26 21:39 ` Nikolaos Chatzikonstantinou @ 2022-09-28 12:15 ` Nikolaos Chatzikonstantinou 2022-09-28 13:11 ` Robert Pluim 1 sibling, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-28 12:15 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii [-- Attachment #1: Type: text/plain, Size: 1141 bytes --] On Mon, Sep 26, 2022 at 1:19 PM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Mon, 26 Sep 2022 11:43:41 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > Nikolaos> Date: Mon, 26 Sep 2022 11:08:18 -0400 > Nikolaos> Subject: [PATCH] fix(gnutls): add possibility of password for key-file > > Nikolaos> The GnuTLS function > > Nikolaos> gnutls_certificate_set_x509_key_file > > Nikolaos> is replaced by its second version > > Nikolaos> gnutls_certificate_set_x509_key_file2 > > Nikolaos> and the definitions of gnutls-boot and gnutls-boot-parameters are > Nikolaos> modified to include the :pass and :flags keys, which are additional > Nikolaos> parameters in the second version. > > Nikolaos> Signed-off-by: Nikolaos Chatzikonstantinou > Nikolaos> <nchatz314@gmail.com> > > We donʼt use Signed-off-by, and the commit message has some rules > which are described in CONTRIBUTE (start at "** Commit messages" and > read up to and including "** Committing your changes") Okay, I'm submitting this patch with corrections included, see attachment. [-- Attachment #2: 0001-add-pass-and-flags-to-gnutls-boot-for-keylist.patch.sig --] [-- Type: application/pgp-signature, Size: 11551 bytes --] ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-28 12:15 ` Nikolaos Chatzikonstantinou @ 2022-09-28 13:11 ` Robert Pluim 2022-09-29 3:09 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-09-28 13:11 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii >>>>> On Wed, 28 Sep 2022 08:15:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: Nikolaos> Okay, I'm submitting this patch with corrections included, see attachment. I see a .sig attachment, but no patch (we donʼt currently require signing of commits at all, but I guess thereʼs nothing stopping people from doing it). Regards Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-28 13:11 ` Robert Pluim @ 2022-09-29 3:09 ` Nikolaos Chatzikonstantinou 2022-09-29 8:17 ` Eli Zaretskii 2022-09-29 9:02 ` Robert Pluim 0 siblings, 2 replies; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-29 3:09 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii [-- Attachment #1: Type: text/plain, Size: 608 bytes --] On Wed, Sep 28, 2022 at 9:11 AM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Wed, 28 Sep 2022 08:15:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > > Nikolaos> Okay, I'm submitting this patch with corrections included, see attachment. > > I see a .sig attachment, but no patch (we donʼt currently require > signing of commits at all, but I guess thereʼs nothing stopping people > from doing it). My bad, here it is. I also added "Copyright-paperwork-exempt: yes" (or will this require paperwork?) and gave the helper function static linkage in src/gnutls.c. [-- Attachment #2: 0001-add-pass-and-flags-to-gnutls-boot-for-keylist.patch --] [-- Type: text/x-patch, Size: 10708 bytes --] From b11707c423773f6234746991222acd80ab3f708c Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Date: Mon, 26 Sep 2022 11:08:18 -0400 Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist * lisp/net/gnutls.el (gnutls-boot-parameters): add the keys :pass and :flags, and update the documentation. * src/gnutls.c (gnutls-boot): add the keys :pass and :flags, and update the documentation. (syms_of_gnutls): add the symbols :pass, :flags, and the symbols that correspond to the enumeration constants of the GnuTLS enum `gnutls_pkcs_encrypt_flags_t`. ; (key_file2_aux): private helper function that translates a list of ; symbols to its corresponding `unsigned int` value of the GnuTLS C ; enum `gnutls_pkcs_encrypt_flags_t`. Copyright-paperwork-exempt: yes --- lisp/net/gnutls.el | 7 +++ src/gnutls.c | 104 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 111 insertions(+) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 6e3845aec1..9aab18b8fb 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -265,6 +265,7 @@ gnutls-boot-parameters &key type hostname priority-string trustfiles crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error + pass flags &allow-other-keys) "Return a keyword list of parameters suitable for passing to `gnutls-boot'. @@ -281,6 +282,10 @@ gnutls-boot-parameters VERIFY-HOSTNAME-ERROR is a backwards compatibility option for putting `:hostname' in VERIFY-ERROR. +PASS is a string, the password of the key. + +FLAGS is an ORed sequence of gnutls_pkcs_encrypt_flags_t values. + When VERIFY-ERROR is t or a list containing `:trustfiles', an error will be raised when the peer certificate verification fails as per GnuTLS' gnutls_certificate_verify_peers2. Otherwise, only @@ -358,6 +363,8 @@ gnutls-boot-parameters :keylist ,keylist :verify-flags ,verify-flags :verify-error ,verify-error + :pass ,pass + :flags ,flags :callbacks nil))) (defun gnutls--get-files (files) diff --git a/src/gnutls.c b/src/gnutls.c index a0de0238c4..2a6069e542 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -34,6 +34,7 @@ # endif # if GNUTLS_VERSION_NUMBER >= 0x030200 +# define HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 # define HAVE_GNUTLS_CIPHER_GET_IV_SIZE # endif @@ -121,6 +122,9 @@ DEF_DLL_FN (int, gnutls_certificate_set_x509_crl_file, DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2, + (gnutls_certificate_credentials_t, const char *, const char *, + gnutls_x509_crt_fmt_t, const char *, unsigned int)); # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust, (gnutls_certificate_credentials_t)); @@ -314,6 +318,7 @@ init_gnutls_functions (void) LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags); LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file); + LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2); # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust); # endif @@ -455,6 +460,7 @@ init_gnutls_functions (void) # define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags # define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file # define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file +# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2 # define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust # define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file # define gnutls_certificate_type_get fn_gnutls_certificate_type_get @@ -1774,6 +1780,57 @@ gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist) return gnutls_make_error (ret); } +/* Helper function for gnutls-boot. + + The key :flags receives a lisp of symbols, each of which + corresponds to a GnuTLS C flag, the ORed result is to be passed to + the function gnutls_certificate_set_x509_key_file2() as its last + argument. +*/ +static unsigned int +key_file2_aux (Lisp_Object flags) +{ + unsigned int rv = 0; + Lisp_Object tail; + for (tail = flags; CONSP (tail); tail = XCDR (tail)) + { + Lisp_Object flag = XCAR(tail); + if (EQ(flag, Qgnutls_pkcs_plain)) + rv |= GNUTLS_PKCS_PLAIN; + else if(EQ(flag, Qgnutls_pkcs_pkcs12_3des)) + rv |= GNUTLS_PKCS_PKCS12_3DES; + else if(EQ(flag, Qgnutls_pkcs_pkcs12_arcfour)) + rv |= GNUTLS_PKCS_PKCS12_ARCFOUR; + else if(EQ(flag, Qgnutls_pkcs_pkcs12_rc2_40)) + rv |= GNUTLS_PKCS_PKCS12_RC2_40; + else if(EQ(flag, Qgnutls_pkcs_pbes2_3des)) + rv |= GNUTLS_PKCS_PBES2_3DES; + else if(EQ(flag, Qgnutls_pkcs_pbes2_aes_128)) + rv |= GNUTLS_PKCS_PBES2_AES_128; + else if(EQ(flag, Qgnutls_pkcs_pbes2_aes_192)) + rv |= GNUTLS_PKCS_PBES2_AES_192; + else if(EQ(flag, Qgnutls_pkcs_pbes2_aes_256)) + rv |= GNUTLS_PKCS_PBES2_AES_256; + else if(EQ(flag, Qgnutls_pkcs_null_password)) + rv |= GNUTLS_PKCS_NULL_PASSWORD; + else if(EQ(flag, Qgnutls_pkcs_pbes2_des)) + rv |= GNUTLS_PKCS_PBES2_DES; + else if(EQ(flag, Qgnutls_pkcs_pbes1_des_md5)) + rv |= GNUTLS_PKCS_PBES1_DES_MD5; + else if(EQ(flag, Qgnutls_pkcs_pbes2_gost_tc26z)) + rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; + else if(EQ(flag, Qgnutls_pkcs_pbes2_gost_cpa)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPA; + else if(EQ(flag, Qgnutls_pkcs_pbes2_gost_cpb)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPB; + else if(EQ(flag, Qgnutls_pkcs_pbes2_gost_cpc)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPC; + else if(EQ(flag, Qgnutls_pkcs_pbes2_gost_cpd)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPD; + } + return rv; +} + DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST. Currently only client mode is supported. Return a success/failure @@ -1813,6 +1870,19 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, :complete-negotiation, if non-nil, will make negotiation complete before returning even on non-blocking sockets. +:pass, the password of the private key as per GnuTLS' +gnutls_certificate_set_x509_key_file2. + +:flags, a list of symbols relating to :pass, each specifying a flag: +GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_PKCS12_3DES, +GNUTLS_PKCS_PKCS12_ARCFOUR, GNUTLS_PKCS_PKCS12_RC2_40, +GNUTLS_PKCS_PBES2_3DES, GNUTLS_PKCS_PBES2_AES_128, +GNUTLS_PKCS_PBES2_AES_192, GNUTLS_PKCS_PBES2_AES_256, +GNUTLS_PKCS_NULL_PASSWORD, GNUTLS_PKCS_PBES2_DES, +GNUTLS_PKCS_PBES2_DES_MD5, GNUTLS_PKCS_PBES2_GOST_TC26Z, +GNUTLS_PKCS_PBES2_GOST_CPA, GNUTLS_PKCS_PBES2_GOST_CPB, +GNUTLS_PKCS_PBES2_GOST_CPC, GNUTLS_PKCS_PBES2_GOST_CPD. + The debug level will be set for this process AND globally for GnuTLS. So if you set it higher or lower at any point, it affects global debugging. @@ -1825,6 +1895,9 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, functions are used. This function allocates resources which can only be deallocated by calling `gnutls-deinit' or by calling it again. +The :pass and :flags keys are ignored with old versions of GnuTLS, and +:flags is ignored if :pass is not specified. + The callbacks alist can have a `verify' key, associated with a verification function (UNUSED). @@ -1848,6 +1921,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Lisp_Object trustfiles; Lisp_Object crlfiles; Lisp_Object keylist; + Lisp_Object pass; + Lisp_Object flags; /* Lisp_Object callbacks; */ Lisp_Object loglevel; Lisp_Object hostname; @@ -1877,6 +1952,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, crlfiles = plist_get (proplist, QCcrlfiles); loglevel = plist_get (proplist, QCloglevel); prime_bits = plist_get (proplist, QCmin_prime_bits); + pass = plist_get (proplist, QCpass); + flags = plist_get (proplist, QCflags); if (!STRINGP (hostname)) { @@ -2038,8 +2115,17 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, keyfile = ansi_encode_filename (keyfile); certfile = ansi_encode_filename (certfile); # endif +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + if (STRINGP (pass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, SSDATA (pass), key_file2_aux (flags)); + else + ret = gnutls_certificate_set_x509_key_file + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# else ret = gnutls_certificate_set_x509_key_file (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# endif if (ret < GNUTLS_E_SUCCESS) return gnutls_make_error (ret); @@ -2860,8 +2946,26 @@ syms_of_gnutls (void) DEFSYM (QCmin_prime_bits, ":min-prime-bits"); DEFSYM (QCloglevel, ":loglevel"); DEFSYM (QCcomplete_negotiation, ":complete-negotiation"); + DEFSYM (QCpass, ":pass"); + DEFSYM (QCflags, ":flags"); DEFSYM (QCverify_flags, ":verify-flags"); DEFSYM (QCverify_error, ":verify-error"); + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); + DEFSYM (Qgnutls_pkcs_pkcs12_3des, "GNUTLS_PKCS_PKCS12_3DES"); + DEFSYM (Qgnutls_pkcs_pkcs12_arcfour, "GNUTLS_PKCS_PKCS12_ARCFOUR"); + DEFSYM (Qgnutls_pkcs_pkcs12_rc2_40, "GNUTLS_PKCS_PKCS12_RC2_40"); + DEFSYM (Qgnutls_pkcs_pbes2_3des, "GNUTLS_PKCS_PBES2_3DES"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_128, "GNUTLS_PKCS_PBES2_AES_128"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_192, "GNUTLS_PKCS_PBES2_AES_192"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_256, "GNUTLS_PKCS_PBES2_AES_256"); + DEFSYM (Qgnutls_pkcs_null_password, "GNUTLS_PKCS_NULL_PASSWORD"); + DEFSYM (Qgnutls_pkcs_pbes2_des, "GNUTLS_PKCS_PBES2_DES"); + DEFSYM (Qgnutls_pkcs_pbes1_des_md5, "GNUTLS_PKCS_PBES1_DES_MD5"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_tc26z, "GNUTLS_PKCS_PBES2_GOST_TC26Z"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpa, "GNUTLS_PKCS_PBES2_GOST_CPA"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpb, "GNUTLS_PKCS_PBES2_GOST_CPB"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpc, "GNUTLS_PKCS_PBES2_GOST_CPC"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); DEFSYM (QCcipher_id, ":cipher-id"); DEFSYM (QCcipher_aead_capable, ":cipher-aead-capable"); -- 2.37.3 ^ permalink raw reply related [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 3:09 ` Nikolaos Chatzikonstantinou @ 2022-09-29 8:17 ` Eli Zaretskii 2022-09-29 12:35 ` Nikolaos Chatzikonstantinou 2022-09-29 9:02 ` Robert Pluim 1 sibling, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2022-09-29 8:17 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, rpluim, larsi > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Wed, 28 Sep 2022 23:09:46 -0400 > Cc: 50507@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>, Eli Zaretskii <eliz@gnu.org> > > I also added "Copyright-paperwork-exempt: yes" (or will this require > paperwork?) The patch is large enough to require it, yes. Would you like me to send you the legal form to start the paperwork? Thanks. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 8:17 ` Eli Zaretskii @ 2022-09-29 12:35 ` Nikolaos Chatzikonstantinou 2022-09-29 13:08 ` Eli Zaretskii 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-29 12:35 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, rpluim, larsi On Thu, Sep 29, 2022 at 4:17 AM Eli Zaretskii <eliz@gnu.org> wrote: > > > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > > Date: Wed, 28 Sep 2022 23:09:46 -0400 > > Cc: 50507@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>, Eli Zaretskii <eliz@gnu.org> > > > > I also added "Copyright-paperwork-exempt: yes" (or will this require > > paperwork?) > > The patch is large enough to require it, yes. > > Would you like me to send you the legal form to start the paperwork? > > Thanks. Yes, please send me the legal form. Regards, Nikolaos Chatzikonstantinou ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 12:35 ` Nikolaos Chatzikonstantinou @ 2022-09-29 13:08 ` Eli Zaretskii 0 siblings, 0 replies; 47+ messages in thread From: Eli Zaretskii @ 2022-09-29 13:08 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, rpluim, larsi > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Thu, 29 Sep 2022 08:35:40 -0400 > Cc: rpluim@gmail.com, 50507@debbugs.gnu.org, larsi@gnus.org > > On Thu, Sep 29, 2022 at 4:17 AM Eli Zaretskii <eliz@gnu.org> wrote: > > > > > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > > > Date: Wed, 28 Sep 2022 23:09:46 -0400 > > > Cc: 50507@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>, Eli Zaretskii <eliz@gnu.org> > > > > > > I also added "Copyright-paperwork-exempt: yes" (or will this require > > > paperwork?) > > > > The patch is large enough to require it, yes. > > > > Would you like me to send you the legal form to start the paperwork? > > > > Thanks. > > Yes, please send me the legal form. Form sent off-list. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 3:09 ` Nikolaos Chatzikonstantinou 2022-09-29 8:17 ` Eli Zaretskii @ 2022-09-29 9:02 ` Robert Pluim 2022-09-29 13:44 ` Nikolaos Chatzikonstantinou 1 sibling, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-09-29 9:02 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii >>>>> On Wed, 28 Sep 2022 23:09:46 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: Nikolaos> On Wed, Sep 28, 2022 at 9:11 AM Robert Pluim <rpluim@gmail.com> wrote: >> >> >>>>> On Wed, 28 Sep 2022 08:15:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: >> >> Nikolaos> Okay, I'm submitting this patch with corrections included, see attachment. >> >> I see a .sig attachment, but no patch (we donʼt currently require >> signing of commits at all, but I guess thereʼs nothing stopping people >> from doing it). Nikolaos> My bad, here it is. I also added "Copyright-paperwork-exempt: yes" (or Nikolaos> will this require paperwork?) and gave the helper function static Nikolaos> linkage in src/gnutls.c. Eli answered that. A few nits below Nikolaos> From b11707c423773f6234746991222acd80ab3f708c Mon Sep 17 00:00:00 2001 Nikolaos> From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Nikolaos> Date: Mon, 26 Sep 2022 11:08:18 -0400 Nikolaos> Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist Nikolaos> * lisp/net/gnutls.el (gnutls-boot-parameters): add the keys :pass and Nikolaos> :flags, and update the documentation. Nikolaos> * src/gnutls.c (gnutls-boot): add the keys :pass and :flags, and Nikolaos> update the documentation. Nikolaos> (syms_of_gnutls): add the symbols :pass, :flags, and the symbols that Nikolaos> correspond to the enumeration constants of the GnuTLS enum Nikolaos> `gnutls_pkcs_encrypt_flags_t`. Nikolaos> ; (key_file2_aux): private helper function that translates a list of Nikolaos> ; symbols to its corresponding `unsigned int` value of the GnuTLS C Nikolaos> ; enum `gnutls_pkcs_encrypt_flags_t`. Each description of a change is a sentence, and should start with a capital letter. The lines starting with ';' should not start with ';' Nikolaos> +PASS is a string, the password of the key. Nikolaos> + Nikolaos> +FLAGS is an ORed sequence of gnutls_pkcs_encrypt_flags_t values. Nikolaos> + This is now a list of symbols, so the docstring needs adjusting. Nikolaos> +/* Helper function for gnutls-boot. Nikolaos> + Nikolaos> + The key :flags receives a lisp of symbols, each of which s/lisp/list/ Nikolaos> + corresponds to a GnuTLS C flag, the ORed result is to be passed to Nikolaos> + the function gnutls_certificate_set_x509_key_file2() as its last Nikolaos> + argument. Nikolaos> +*/ Nikolaos> +static unsigned int Nikolaos> +key_file2_aux (Lisp_Object flags) Nikolaos> +{ Nikolaos> + unsigned int rv = 0; Nikolaos> + Lisp_Object tail; Nikolaos> + for (tail = flags; CONSP (tail); tail = XCDR (tail)) We have some convenience macros in lisp.h for traversing lists, one of which is FOR_EACH_TAIL. The reason to prefer it is that it will detect circular lists, which is good practice since this list will come from the user level, so it could be anything :-) Also, the function is only relevant if HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 is defined, so you could wrap it in a #ifdef Nikolaos> +The :pass and :flags keys are ignored with old versions of GnuTLS, and Nikolaos> +:flags is ignored if :pass is not specified. Nikolaos> + Maybe mention that not specifying :flags or passing :flags nil means passing '0' to the GnuTLS function? Nikolaos> +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 Nikolaos> + if (STRINGP (pass)) Nikolaos> + ret = gnutls_certificate_set_x509_key_file2 Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, SSDATA (pass), key_file2_aux (flags)); I think you should re-wrap this line. Nikolaos> + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pkcs12_3des, "GNUTLS_PKCS_PKCS12_3DES"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pkcs12_arcfour, "GNUTLS_PKCS_PKCS12_ARCFOUR"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pkcs12_rc2_40, "GNUTLS_PKCS_PKCS12_RC2_40"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_3des, "GNUTLS_PKCS_PBES2_3DES"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_aes_128, "GNUTLS_PKCS_PBES2_AES_128"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_aes_192, "GNUTLS_PKCS_PBES2_AES_192"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_aes_256, "GNUTLS_PKCS_PBES2_AES_256"); Nikolaos> + DEFSYM (Qgnutls_pkcs_null_password, "GNUTLS_PKCS_NULL_PASSWORD"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_des, "GNUTLS_PKCS_PBES2_DES"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes1_des_md5, "GNUTLS_PKCS_PBES1_DES_MD5"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_tc26z, "GNUTLS_PKCS_PBES2_GOST_TC26Z"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpa, "GNUTLS_PKCS_PBES2_GOST_CPA"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpb, "GNUTLS_PKCS_PBES2_GOST_CPB"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpc, "GNUTLS_PKCS_PBES2_GOST_CPC"); Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); All this is kind of awkward, but apart from doing DEFVAR_LISP Iʼm not aware of how to define a lisp level symbol with a value (it would allow you to simplify `key_file2_aux', since you could just extract the values directly from the symbols). Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 9:02 ` Robert Pluim @ 2022-09-29 13:44 ` Nikolaos Chatzikonstantinou 2022-09-29 14:08 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-29 13:44 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii On Thu, Sep 29, 2022 at 5:02 AM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Wed, 28 Sep 2022 23:09:46 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > Nikolaos> From b11707c423773f6234746991222acd80ab3f708c Mon Sep 17 00:00:00 2001 > Nikolaos> From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Nikolaos> Date: Mon, 26 Sep 2022 11:08:18 -0400 > Nikolaos> Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist > > Nikolaos> + corresponds to a GnuTLS C flag, the ORed result is to be passed to > Nikolaos> + the function gnutls_certificate_set_x509_key_file2() as its last > Nikolaos> + argument. > Nikolaos> +*/ > Nikolaos> +static unsigned int > Nikolaos> +key_file2_aux (Lisp_Object flags) > Nikolaos> +{ > Nikolaos> + unsigned int rv = 0; > Nikolaos> + Lisp_Object tail; > Nikolaos> + for (tail = flags; CONSP (tail); tail = XCDR (tail)) > > We have some convenience macros in lisp.h for traversing lists, one of > which is FOR_EACH_TAIL. The reason to prefer it is that it will detect > circular lists, which is good practice since this list will come from > the user level, so it could be anything :-) Good point. I opted for FOR_EACH_TAIL_SAFE, which seems even better for this case. As documented in ChangeLog.3, it's the right one when the operation is idempotent, which an OR of flags is. (repeated flags do not alter the result.) > Nikolaos> +The :pass and :flags keys are ignored with old versions of GnuTLS, and > Nikolaos> +:flags is ignored if :pass is not specified. > Nikolaos> + > > Maybe mention that not specifying :flags or passing :flags nil means > passing '0' to the GnuTLS function? Yes, and on that note, I discovered two things. One, the value 0 is special; it has meaning but it is not an enumeration constant. I documented this appropriately. Two, the password may be NULL instead of a string. How can I differentiate between `:pass nil` and not specifying `:pass`? I would like to do this because in the former case I'm calling ...key_file2() and in the latter I'm calling the original ...key_file(). > Nikolaos> + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); <removed a few more such lines> > Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); > > All this is kind of awkward, but apart from doing DEFVAR_LISP Iʼm not > aware of how to define a lisp level symbol with a value (it would > allow you to simplify `key_file2_aux', since you could just extract > the values directly from the symbols). I am now comparing against intern("GNUTLS_PKCS_PLAIN") and so on. I will hold off the submission of the final patch until I figure out the :pass issue that I mentioned above. Regards, Nikolaos Chatzikonstantinou ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 13:44 ` Nikolaos Chatzikonstantinou @ 2022-09-29 14:08 ` Robert Pluim 2022-09-30 10:04 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-09-29 14:08 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii >>>>> On Thu, 29 Sep 2022 09:44:09 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: >> >> We have some convenience macros in lisp.h for traversing lists, one of >> which is FOR_EACH_TAIL. The reason to prefer it is that it will detect >> circular lists, which is good practice since this list will come from >> the user level, so it could be anything :-) Nikolaos> Good point. I opted for FOR_EACH_TAIL_SAFE, which seems even better Nikolaos> for this case. As documented in ChangeLog.3, it's the right one when Nikolaos> the operation is idempotent, which an OR of flags is. (repeated flags Nikolaos> do not alter the result.) OK Nikolaos> +The :pass and :flags keys are ignored with old versions of GnuTLS, and Nikolaos> +:flags is ignored if :pass is not specified. Nikolaos> + >> >> Maybe mention that not specifying :flags or passing :flags nil means >> passing '0' to the GnuTLS function? Nikolaos> Yes, and on that note, I discovered two things. One, the value 0 is Nikolaos> special; it has meaning but it is not an enumeration constant. I Nikolaos> documented this appropriately. Two, the password may be NULL instead Nikolaos> of a string. OK. I guess youʼre mapping ':pass nil' to that? Nikolaos> How can I differentiate between `:pass nil` and not specifying Nikolaos> `:pass`? I would like to do this because in the former case I'm Nikolaos> calling ...key_file2() and in the latter I'm calling the original Nikolaos> ...key_file(). Youʼd do `plist-member' to check if thereʼs a `:pass' in the plist at all, and then `plist-get' to extract the value. Nikolaos> + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); Nikolaos> <removed a few more such lines> Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); >> >> All this is kind of awkward, but apart from doing DEFVAR_LISP Iʼm not >> aware of how to define a lisp level symbol with a value (it would >> allow you to simplify `key_file2_aux', since you could just extract >> the values directly from the symbols). Nikolaos> I am now comparing against intern("GNUTLS_PKCS_PLAIN") and so on. I guess thatʼs another option, but itʼs not the preferred solution. Anyway, letʼs not let the perfect be the enemy of the good. Thanks Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-29 14:08 ` Robert Pluim @ 2022-09-30 10:04 ` Nikolaos Chatzikonstantinou 2022-09-30 10:47 ` Eli Zaretskii 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-30 10:04 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Lars Ingebrigtsen, Eli Zaretskii [-- Attachment #1: Type: text/plain, Size: 1877 bytes --] On Thu, Sep 29, 2022 at 10:08 AM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Thu, 29 Sep 2022 09:44:09 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > Nikolaos> +The :pass and :flags keys are ignored with old versions of GnuTLS, and > Nikolaos> +:flags is ignored if :pass is not specified. > Nikolaos> + > >> > >> Maybe mention that not specifying :flags or passing :flags nil means > >> passing '0' to the GnuTLS function? > > Nikolaos> Yes, and on that note, I discovered two things. One, the value 0 is > Nikolaos> special; it has meaning but it is not an enumeration constant. I > Nikolaos> documented this appropriately. Two, the password may be NULL instead > Nikolaos> of a string. > > OK. I guess youʼre mapping ':pass nil' to that? Yes. > Nikolaos> + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); > Nikolaos> <removed a few more such lines> > Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); > >> > >> All this is kind of awkward, but apart from doing DEFVAR_LISP Iʼm not > >> aware of how to define a lisp level symbol with a value (it would > >> allow you to simplify `key_file2_aux', since you could just extract > >> the values directly from the symbols). > > Nikolaos> I am now comparing against intern("GNUTLS_PKCS_PLAIN") and so on. > > I guess thatʼs another option, but itʼs not the preferred > solution. Anyway, letʼs not let the perfect be the enemy of the good. I went with intern. There were some additional #if checks to avoid dynamically loading the symbol on library Windows if it is not available. I used plist_member() to differentiate between `:pass nil` and not specifying `:pass`, and I documented this in the docstrings. Regards, Nikolaos Chatzikonstantinou [-- Attachment #2: 0001-add-pass-and-flags-to-gnutls-boot-for-keylist.patch --] [-- Type: text/x-patch, Size: 10435 bytes --] From 3100c17f8455a3894ca27c9872548daa1a1fb905 Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Date: Mon, 26 Sep 2022 11:08:18 -0400 Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist * lisp/net/gnutls.el (gnutls-boot-parameters): Add the keys :pass and :flags, and update the documentation. * src/gnutls.c (gnutls-boot): Add the keys :pass and :flags, and update the documentation. (syms_of_gnutls): Add the symbols :pass, :flags, and the symbols that correspond to the enumeration constants of the GnuTLS enum `gnutls_pkcs_encrypt_flags_t`. (key_file2_aux): Private helper function that translates a list of symbols to its corresponding `unsigned int` value of the GnuTLS C enum `gnutls_pkcs_encrypt_flags_t`. --- lisp/net/gnutls.el | 10 +++++ src/gnutls.c | 105 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 6e3845aec1..eef6559a95 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -265,6 +265,7 @@ gnutls-boot-parameters &key type hostname priority-string trustfiles crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error + pass flags &allow-other-keys) "Return a keyword list of parameters suitable for passing to `gnutls-boot'. @@ -281,6 +282,13 @@ gnutls-boot-parameters VERIFY-HOSTNAME-ERROR is a backwards compatibility option for putting `:hostname' in VERIFY-ERROR. +PASS is a string, the password of the key. It may also be nil, +for a NULL password. + +FLAGS is a list of symbols corresponding to the equivalent ORed +bitflag of the gnutls_pkcs_encrypt_flags_t enum of GnuTLS. The +empty list corresponds to the bitflag with value 0. + When VERIFY-ERROR is t or a list containing `:trustfiles', an error will be raised when the peer certificate verification fails as per GnuTLS' gnutls_certificate_verify_peers2. Otherwise, only @@ -358,6 +366,8 @@ gnutls-boot-parameters :keylist ,keylist :verify-flags ,verify-flags :verify-error ,verify-error + :pass ,pass + :flags ,flags :callbacks nil))) (defun gnutls--get-files (files) diff --git a/src/gnutls.c b/src/gnutls.c index a0de0238c4..ccfbb58881 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -34,6 +34,7 @@ # endif # if GNUTLS_VERSION_NUMBER >= 0x030200 +# define HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 # define HAVE_GNUTLS_CIPHER_GET_IV_SIZE # endif @@ -121,6 +122,11 @@ DEF_DLL_FN (int, gnutls_certificate_set_x509_crl_file, DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2, + (gnutls_certificate_credentials_t, const char *, const char *, + gnutls_x509_crt_fmt_t, const char *, unsigned int)); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust, (gnutls_certificate_credentials_t)); @@ -314,6 +320,9 @@ init_gnutls_functions (void) LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags); LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust); # endif @@ -455,6 +464,9 @@ init_gnutls_functions (void) # define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags # define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file # define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2 +# endif # define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust # define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file # define gnutls_certificate_type_get fn_gnutls_certificate_type_get @@ -1774,6 +1786,61 @@ gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist) return gnutls_make_error (ret); } +#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + +/* Helper function for gnutls-boot. + + The key :flags receives a list of symbols, each of which + corresponds to a GnuTLS C flag, the ORed result is to be passed to + the function gnutls_certificate_set_x509_key_file2() as its last + argument. +*/ +static unsigned int +key_file2_aux (Lisp_Object flags) +{ + unsigned int rv = 0; + Lisp_Object tail = flags; + FOR_EACH_TAIL_SAFE (tail) + { + Lisp_Object flag = XCAR (tail); + if (EQ (flag, intern ("GNUTLS_PKCS_PLAIN"))) + rv |= GNUTLS_PKCS_PLAIN; + else if(EQ (flag, intern ("GNUTLS_PKCS_PKCS12_3DES"))) + rv |= GNUTLS_PKCS_PKCS12_3DES; + else if(EQ (flag, intern ("GNUTLS_PKCS_PKCS12_ARCFOUR"))) + rv |= GNUTLS_PKCS_PKCS12_ARCFOUR; + else if(EQ (flag, intern ("GNUTLS_PKCS_PKCS12_RC2_40"))) + rv |= GNUTLS_PKCS_PKCS12_RC2_40; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_3DES"))) + rv |= GNUTLS_PKCS_PBES2_3DES; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_AES_128"))) + rv |= GNUTLS_PKCS_PBES2_AES_128; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_AES_192"))) + rv |= GNUTLS_PKCS_PBES2_AES_192; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_AES_256"))) + rv |= GNUTLS_PKCS_PBES2_AES_256; + else if(EQ (flag, intern ("GNUTLS_PKCS_NULL_PASSWORD"))) + rv |= GNUTLS_PKCS_NULL_PASSWORD; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_DES"))) + rv |= GNUTLS_PKCS_PBES2_DES; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES1_DES_MD5"))) + rv |= GNUTLS_PKCS_PBES1_DES_MD5; + else if(EQ (flag, intern ("gnutls_pkcs_pbes2_gost_TC26Z"))) + rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_GOST_CPA"))) + rv |= GNUTLS_PKCS_PBES2_GOST_CPA; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_GOST_CPB"))) + rv |= GNUTLS_PKCS_PBES2_GOST_CPB; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_GOST_CPC"))) + rv |= GNUTLS_PKCS_PBES2_GOST_CPC; + else if(EQ (flag, intern ("GNUTLS_PKCS_PBES2_GOST_CPD"))) + rv |= GNUTLS_PKCS_PBES2_GOST_CPD; + } + return rv; +} + +#endif /* HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 */ + DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST. Currently only client mode is supported. Return a success/failure @@ -1813,6 +1880,21 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, :complete-negotiation, if non-nil, will make negotiation complete before returning even on non-blocking sockets. +:pass, the password of the private key as per GnuTLS' +gnutls_certificate_set_x509_key_file2. Specify as nil to have a NULL +password. + +:flags, a list of symbols relating to :pass, each specifying a flag: +GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_PKCS12_3DES, +GNUTLS_PKCS_PKCS12_ARCFOUR, GNUTLS_PKCS_PKCS12_RC2_40, +GNUTLS_PKCS_PBES2_3DES, GNUTLS_PKCS_PBES2_AES_128, +GNUTLS_PKCS_PBES2_AES_192, GNUTLS_PKCS_PBES2_AES_256, +GNUTLS_PKCS_NULL_PASSWORD, GNUTLS_PKCS_PBES2_DES, +GNUTLS_PKCS_PBES2_DES_MD5, GNUTLS_PKCS_PBES2_GOST_TC26Z, +GNUTLS_PKCS_PBES2_GOST_CPA, GNUTLS_PKCS_PBES2_GOST_CPB, +GNUTLS_PKCS_PBES2_GOST_CPC, GNUTLS_PKCS_PBES2_GOST_CPD. If not +specified, or if nil, the bitflag with value 0 is used. + The debug level will be set for this process AND globally for GnuTLS. So if you set it higher or lower at any point, it affects global debugging. @@ -1825,6 +1907,9 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, functions are used. This function allocates resources which can only be deallocated by calling `gnutls-deinit' or by calling it again. +The :pass and :flags keys are ignored with old versions of GnuTLS, and +:flags is ignored if :pass is not specified. + The callbacks alist can have a `verify' key, associated with a verification function (UNUSED). @@ -1848,6 +1933,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Lisp_Object trustfiles; Lisp_Object crlfiles; Lisp_Object keylist; + Lisp_Object pass; + Lisp_Object flags; /* Lisp_Object callbacks; */ Lisp_Object loglevel; Lisp_Object hostname; @@ -1877,6 +1964,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, crlfiles = plist_get (proplist, QCcrlfiles); loglevel = plist_get (proplist, QCloglevel); prime_bits = plist_get (proplist, QCmin_prime_bits); + pass = plist_get (proplist, QCpass); + flags = plist_get (proplist, QCflags); if (!STRINGP (hostname)) { @@ -2038,8 +2127,22 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, keyfile = ansi_encode_filename (keyfile); certfile = ansi_encode_filename (certfile); # endif +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + if (STRINGP (pass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, + SSDATA (pass), key_file2_aux (flags)); + else if (NILP (pass) && plist_member (proplist, QCpass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, + NULL, key_file2_aux (flags)); + else + ret = gnutls_certificate_set_x509_key_file + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# else ret = gnutls_certificate_set_x509_key_file (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# endif if (ret < GNUTLS_E_SUCCESS) return gnutls_make_error (ret); @@ -2860,6 +2963,8 @@ syms_of_gnutls (void) DEFSYM (QCmin_prime_bits, ":min-prime-bits"); DEFSYM (QCloglevel, ":loglevel"); DEFSYM (QCcomplete_negotiation, ":complete-negotiation"); + DEFSYM (QCpass, ":pass"); + DEFSYM (QCflags, ":flags"); DEFSYM (QCverify_flags, ":verify-flags"); DEFSYM (QCverify_error, ":verify-error"); -- 2.37.3 ^ permalink raw reply related [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 10:04 ` Nikolaos Chatzikonstantinou @ 2022-09-30 10:47 ` Eli Zaretskii 2022-09-30 13:01 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2022-09-30 10:47 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, rpluim, larsi > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Fri, 30 Sep 2022 06:04:30 -0400 > Cc: 50507@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>, Eli Zaretskii <eliz@gnu.org> > > > On Thu, Sep 29, 2022 at 10:08 AM Robert Pluim <rpluim@gmail.com> wrote: > > > > >>>>> On Thu, 29 Sep 2022 09:44:09 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > Nikolaos> +The :pass and :flags keys are ignored with old versions of GnuTLS, and > > Nikolaos> +:flags is ignored if :pass is not specified. > > Nikolaos> + > > >> > > >> Maybe mention that not specifying :flags or passing :flags nil means > > >> passing '0' to the GnuTLS function? > > > > Nikolaos> Yes, and on that note, I discovered two things. One, the value 0 is > > Nikolaos> special; it has meaning but it is not an enumeration constant. I > > Nikolaos> documented this appropriately. Two, the password may be NULL instead > > Nikolaos> of a string. > > > > OK. I guess youʼre mapping ':pass nil' to that? > > Yes. > > > Nikolaos> + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); > > Nikolaos> <removed a few more such lines> > > Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); > > >> > > >> All this is kind of awkward, but apart from doing DEFVAR_LISP Iʼm not > > >> aware of how to define a lisp level symbol with a value (it would > > >> allow you to simplify `key_file2_aux', since you could just extract > > >> the values directly from the symbols). > > > > Nikolaos> I am now comparing against intern("GNUTLS_PKCS_PLAIN") and so on. > > > > I guess thatʼs another option, but itʼs not the preferred > > solution. Anyway, letʼs not let the perfect be the enemy of the good. > > I went with intern. Why not use DEFSYM and then compare against the static symbols? That is more efficient, since the intern call is avoided at run time. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 10:47 ` Eli Zaretskii @ 2022-09-30 13:01 ` Nikolaos Chatzikonstantinou 2022-09-30 13:37 ` Eli Zaretskii 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-30 13:01 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, rpluim, larsi On Fri, Sep 30, 2022 at 6:47 AM Eli Zaretskii <eliz@gnu.org> wrote: > > > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > > Date: Fri, 30 Sep 2022 06:04:30 -0400 > > Cc: 50507@debbugs.gnu.org, Lars Ingebrigtsen <larsi@gnus.org>, Eli Zaretskii <eliz@gnu.org> > > > > > > On Thu, Sep 29, 2022 at 10:08 AM Robert Pluim <rpluim@gmail.com> wrote: > > > > > > >>>>> On Thu, 29 Sep 2022 09:44:09 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > > Nikolaos> +The :pass and :flags keys are ignored with old versions of GnuTLS, and > > > Nikolaos> +:flags is ignored if :pass is not specified. > > > Nikolaos> + > > > >> > > > >> Maybe mention that not specifying :flags or passing :flags nil means > > > >> passing '0' to the GnuTLS function? > > > > > > Nikolaos> Yes, and on that note, I discovered two things. One, the value 0 is > > > Nikolaos> special; it has meaning but it is not an enumeration constant. I > > > Nikolaos> documented this appropriately. Two, the password may be NULL instead > > > Nikolaos> of a string. > > > > > > OK. I guess youʼre mapping ':pass nil' to that? > > > > Yes. > > > > > Nikolaos> + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); > > > Nikolaos> <removed a few more such lines> > > > Nikolaos> + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); > > > >> > > > >> All this is kind of awkward, but apart from doing DEFVAR_LISP Iʼm not > > > >> aware of how to define a lisp level symbol with a value (it would > > > >> allow you to simplify `key_file2_aux', since you could just extract > > > >> the values directly from the symbols). > > > > > > Nikolaos> I am now comparing against intern("GNUTLS_PKCS_PLAIN") and so on. > > > > > > I guess thatʼs another option, but itʼs not the preferred > > > solution. Anyway, letʼs not let the perfect be the enemy of the good. > > > > I went with intern. > > Why not use DEFSYM and then compare against the static symbols? That > is more efficient, since the intern call is avoided at run time. I did not understand the differences between DEFSYM() and intern(). Can DEFSYM() be used outside of syms_of_gnutls()? In particular can I (and, should I?) call it inside the key_file2_aux() function? ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 13:01 ` Nikolaos Chatzikonstantinou @ 2022-09-30 13:37 ` Eli Zaretskii 2022-09-30 13:49 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2022-09-30 13:37 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, rpluim, larsi > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Fri, 30 Sep 2022 09:01:06 -0400 > Cc: rpluim@gmail.com, 50507@debbugs.gnu.org, larsi@gnus.org > > On Fri, Sep 30, 2022 at 6:47 AM Eli Zaretskii <eliz@gnu.org> wrote: > > > > > I went with intern. > > > > Why not use DEFSYM and then compare against the static symbols? That > > is more efficient, since the intern call is avoided at run time. > > I did not understand the differences between DEFSYM() and > intern(). Can DEFSYM() be used outside of syms_of_gnutls()? Why do you need to use DEFSYM outside of syms_of_gnutls? ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 13:37 ` Eli Zaretskii @ 2022-09-30 13:49 ` Nikolaos Chatzikonstantinou 2022-09-30 14:32 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-30 13:49 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, rpluim, larsi [-- Attachment #1: Type: text/plain, Size: 787 bytes --] On Fri, Sep 30, 2022 at 9:37 AM Eli Zaretskii <eliz@gnu.org> wrote: > > > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > > Date: Fri, 30 Sep 2022 09:01:06 -0400 > > Cc: rpluim@gmail.com, 50507@debbugs.gnu.org, larsi@gnus.org > > > > On Fri, Sep 30, 2022 at 6:47 AM Eli Zaretskii <eliz@gnu.org> wrote: > > > > > > > I went with intern. > > > > > > Why not use DEFSYM and then compare against the static symbols? That > > > is more efficient, since the intern call is avoided at run time. > > > > I did not understand the differences between DEFSYM() and > > intern(). Can DEFSYM() be used outside of syms_of_gnutls()? > > Why do you need to use DEFSYM outside of syms_of_gnutls? Nevermind, I had general confusion on how the internals work. Here is the update, using DEFSYM. [-- Attachment #2: 0001-add-pass-and-flags-to-gnutls-boot-for-keylist.patch --] [-- Type: text/x-patch, Size: 11459 bytes --] From 48eeb16b7206fedbf2d0cb92c6fd7ace6cb2deda Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Date: Mon, 26 Sep 2022 11:08:18 -0400 Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist * lisp/net/gnutls.el (gnutls-boot-parameters): Add the keys :pass and :flags, and update the documentation. * src/gnutls.c (gnutls-boot): Add the keys :pass and :flags, and update the documentation. (syms_of_gnutls): Add the symbols :pass, :flags, and the symbols that correspond to the enumeration constants of the GnuTLS enum `gnutls_pkcs_encrypt_flags_t`. (key_file2_aux): Private helper function that translates a list of symbols to its corresponding `unsigned int` value of the GnuTLS C enum `gnutls_pkcs_encrypt_flags_t`. --- lisp/net/gnutls.el | 10 ++++ src/gnutls.c | 121 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 6e3845aec1..eef6559a95 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -265,6 +265,7 @@ gnutls-boot-parameters &key type hostname priority-string trustfiles crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error + pass flags &allow-other-keys) "Return a keyword list of parameters suitable for passing to `gnutls-boot'. @@ -281,6 +282,13 @@ gnutls-boot-parameters VERIFY-HOSTNAME-ERROR is a backwards compatibility option for putting `:hostname' in VERIFY-ERROR. +PASS is a string, the password of the key. It may also be nil, +for a NULL password. + +FLAGS is a list of symbols corresponding to the equivalent ORed +bitflag of the gnutls_pkcs_encrypt_flags_t enum of GnuTLS. The +empty list corresponds to the bitflag with value 0. + When VERIFY-ERROR is t or a list containing `:trustfiles', an error will be raised when the peer certificate verification fails as per GnuTLS' gnutls_certificate_verify_peers2. Otherwise, only @@ -358,6 +366,8 @@ gnutls-boot-parameters :keylist ,keylist :verify-flags ,verify-flags :verify-error ,verify-error + :pass ,pass + :flags ,flags :callbacks nil))) (defun gnutls--get-files (files) diff --git a/src/gnutls.c b/src/gnutls.c index a0de0238c4..bc9b195cdd 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -34,6 +34,7 @@ # endif # if GNUTLS_VERSION_NUMBER >= 0x030200 +# define HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 # define HAVE_GNUTLS_CIPHER_GET_IV_SIZE # endif @@ -121,6 +122,11 @@ DEF_DLL_FN (int, gnutls_certificate_set_x509_crl_file, DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2, + (gnutls_certificate_credentials_t, const char *, const char *, + gnutls_x509_crt_fmt_t, const char *, unsigned int)); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust, (gnutls_certificate_credentials_t)); @@ -314,6 +320,9 @@ init_gnutls_functions (void) LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags); LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust); # endif @@ -455,6 +464,9 @@ init_gnutls_functions (void) # define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags # define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file # define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2 +# endif # define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust # define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file # define gnutls_certificate_type_get fn_gnutls_certificate_type_get @@ -1774,6 +1786,61 @@ gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist) return gnutls_make_error (ret); } +#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + +/* Helper function for gnutls-boot. + + The key :flags receives a list of symbols, each of which + corresponds to a GnuTLS C flag, the ORed result is to be passed to + the function gnutls_certificate_set_x509_key_file2() as its last + argument. +*/ +static unsigned int +key_file2_aux (Lisp_Object flags) +{ + unsigned int rv = 0; + Lisp_Object tail = flags; + FOR_EACH_TAIL_SAFE (tail) + { + Lisp_Object flag = XCAR (tail); + if (EQ (flag, Qgnutls_pkcs_plain)) + rv |= GNUTLS_PKCS_PLAIN; + else if(EQ (flag, Qgnutls_pkcs_pkcs12_3des)) + rv |= GNUTLS_PKCS_PKCS12_3DES; + else if(EQ (flag, Qgnutls_pkcs_pkcs12_arcfour)) + rv |= GNUTLS_PKCS_PKCS12_ARCFOUR; + else if(EQ (flag, Qgnutls_pkcs_pkcs12_rc2_40)) + rv |= GNUTLS_PKCS_PKCS12_RC2_40; + else if(EQ (flag, Qgnutls_pkcs_pbes2_3des)) + rv |= GNUTLS_PKCS_PBES2_3DES; + else if(EQ (flag, Qgnutls_pkcs_pbes2_aes_128)) + rv |= GNUTLS_PKCS_PBES2_AES_128; + else if(EQ (flag, Qgnutls_pkcs_pbes2_aes_192)) + rv |= GNUTLS_PKCS_PBES2_AES_192; + else if(EQ (flag, Qgnutls_pkcs_pbes2_aes_256)) + rv |= GNUTLS_PKCS_PBES2_AES_256; + else if(EQ (flag, Qgnutls_pkcs_null_password)) + rv |= GNUTLS_PKCS_NULL_PASSWORD; + else if(EQ (flag, Qgnutls_pkcs_pbes2_des)) + rv |= GNUTLS_PKCS_PBES2_DES; + else if(EQ (flag, Qgnutls_pkcs_pbes1_des_md5)) + rv |= GNUTLS_PKCS_PBES1_DES_MD5; + else if(EQ (flag, Qgnutls_pkcs_pbes2_gost_tc26z)) + rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; + else if(EQ (flag, Qgnutls_pkcs_pbes2_gost_cpa)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPA; + else if(EQ (flag, Qgnutls_pkcs_pbes2_gost_cpb)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPB; + else if(EQ (flag, Qgnutls_pkcs_pbes2_gost_cpc)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPC; + else if(EQ (flag, Qgnutls_pkcs_pbes2_gost_cpd)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPD; + } + return rv; +} + +#endif /* HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 */ + DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST. Currently only client mode is supported. Return a success/failure @@ -1813,6 +1880,21 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, :complete-negotiation, if non-nil, will make negotiation complete before returning even on non-blocking sockets. +:pass, the password of the private key as per GnuTLS' +gnutls_certificate_set_x509_key_file2. Specify as nil to have a NULL +password. + +:flags, a list of symbols relating to :pass, each specifying a flag: +GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_PKCS12_3DES, +GNUTLS_PKCS_PKCS12_ARCFOUR, GNUTLS_PKCS_PKCS12_RC2_40, +GNUTLS_PKCS_PBES2_3DES, GNUTLS_PKCS_PBES2_AES_128, +GNUTLS_PKCS_PBES2_AES_192, GNUTLS_PKCS_PBES2_AES_256, +GNUTLS_PKCS_NULL_PASSWORD, GNUTLS_PKCS_PBES2_DES, +GNUTLS_PKCS_PBES2_DES_MD5, GNUTLS_PKCS_PBES2_GOST_TC26Z, +GNUTLS_PKCS_PBES2_GOST_CPA, GNUTLS_PKCS_PBES2_GOST_CPB, +GNUTLS_PKCS_PBES2_GOST_CPC, GNUTLS_PKCS_PBES2_GOST_CPD. If not +specified, or if nil, the bitflag with value 0 is used. + The debug level will be set for this process AND globally for GnuTLS. So if you set it higher or lower at any point, it affects global debugging. @@ -1825,6 +1907,9 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, functions are used. This function allocates resources which can only be deallocated by calling `gnutls-deinit' or by calling it again. +The :pass and :flags keys are ignored with old versions of GnuTLS, and +:flags is ignored if :pass is not specified. + The callbacks alist can have a `verify' key, associated with a verification function (UNUSED). @@ -1848,6 +1933,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Lisp_Object trustfiles; Lisp_Object crlfiles; Lisp_Object keylist; + Lisp_Object pass; + Lisp_Object flags; /* Lisp_Object callbacks; */ Lisp_Object loglevel; Lisp_Object hostname; @@ -1877,6 +1964,8 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, crlfiles = plist_get (proplist, QCcrlfiles); loglevel = plist_get (proplist, QCloglevel); prime_bits = plist_get (proplist, QCmin_prime_bits); + pass = plist_get (proplist, QCpass); + flags = plist_get (proplist, QCflags); if (!STRINGP (hostname)) { @@ -2038,8 +2127,22 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, keyfile = ansi_encode_filename (keyfile); certfile = ansi_encode_filename (certfile); # endif +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + if (STRINGP (pass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, + SSDATA (pass), key_file2_aux (flags)); + else if (NILP (pass) && plist_member (proplist, QCpass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, + NULL, key_file2_aux (flags)); + else + ret = gnutls_certificate_set_x509_key_file + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# else ret = gnutls_certificate_set_x509_key_file (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# endif if (ret < GNUTLS_E_SUCCESS) return gnutls_make_error (ret); @@ -2860,8 +2963,26 @@ syms_of_gnutls (void) DEFSYM (QCmin_prime_bits, ":min-prime-bits"); DEFSYM (QCloglevel, ":loglevel"); DEFSYM (QCcomplete_negotiation, ":complete-negotiation"); + DEFSYM (QCpass, ":pass"); + DEFSYM (QCflags, ":flags"); DEFSYM (QCverify_flags, ":verify-flags"); DEFSYM (QCverify_error, ":verify-error"); + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); + DEFSYM (Qgnutls_pkcs_pkcs12_3des, "GNUTLS_PKCS_PKCS12_3DES"); + DEFSYM (Qgnutls_pkcs_pkcs12_arcfour, "GNUTLS_PKCS_PKCS12_ARCFOUR"); + DEFSYM (Qgnutls_pkcs_pkcs12_rc2_40, "GNUTLS_PKCS_PKCS12_RC2_40"); + DEFSYM (Qgnutls_pkcs_pbes2_3des, "GNUTLS_PKCS_PBES2_3DES"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_128, "GNUTLS_PKCS_PBES2_AES_128"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_192, "GNUTLS_PKCS_PBES2_AES_192"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_256, "GNUTLS_PKCS_PBES2_AES_256"); + DEFSYM (Qgnutls_pkcs_null_password, "GNUTLS_PKCS_NULL_PASSWORD"); + DEFSYM (Qgnutls_pkcs_pbes2_des, "GNUTLS_PKCS_PBES2_DES"); + DEFSYM (Qgnutls_pkcs_pbes1_des_md5, "GNUTLS_PKCS_PBES1_DES_MD5"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_tc26z, "GNUTLS_PKCS_PBES2_GOST_TC26Z"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpa, "GNUTLS_PKCS_PBES2_GOST_CPA"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpb, "GNUTLS_PKCS_PBES2_GOST_CPB"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpc, "GNUTLS_PKCS_PBES2_GOST_CPC"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); DEFSYM (QCcipher_id, ":cipher-id"); DEFSYM (QCcipher_aead_capable, ":cipher-aead-capable"); -- 2.37.3 ^ permalink raw reply related [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 13:49 ` Nikolaos Chatzikonstantinou @ 2022-09-30 14:32 ` Robert Pluim 2022-09-30 16:22 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-09-30 14:32 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Eli Zaretskii, larsi >>>>> On Fri, 30 Sep 2022 09:49:30 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: Nikolaos> +static unsigned int Nikolaos> +key_file2_aux (Lisp_Object flags) Nikolaos> +{ Nikolaos> + unsigned int rv = 0; Nikolaos> + Lisp_Object tail = flags; Nikolaos> + FOR_EACH_TAIL_SAFE (tail) Nikolaos> + { Nikolaos> + Lisp_Object flag = XCAR (tail); Nikolaos> + if (EQ (flag, Qgnutls_pkcs_plain)) Nikolaos> + rv |= GNUTLS_PKCS_PLAIN; Nikolaos> + else if(EQ (flag, Qgnutls_pkcs_pkcs12_3des)) Space after 'if' here and in the rest of the function Nikolaos> +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 Nikolaos> + if (STRINGP (pass)) Nikolaos> + ret = gnutls_certificate_set_x509_key_file2 Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, Nikolaos> + SSDATA (pass), key_file2_aux (flags)); Nikolaos> + else if (NILP (pass) && plist_member (proplist, QCpass)) Nikolaos> + ret = gnutls_certificate_set_x509_key_file2 Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, Nikolaos> + NULL, key_file2_aux (flags)); Nikolaos> + else Nikolaos> + ret = gnutls_certificate_set_x509_key_file Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); Nikolaos> +# else Nikolaos> ret = gnutls_certificate_set_x509_key_file Nikolaos> (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); Nikolaos> +# endif 2 minor points: - If you use an intermediate variable for the C version of pass, you can set it correctly based on `plist_member' etc, and only have one call to _file2 (as it is itʼs kind of difficult to quickly see the difference between the two calls) - I think you can then rework the #else/#endif here to avoid repetition of the call to the _file variant Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 14:32 ` Robert Pluim @ 2022-09-30 16:22 ` Nikolaos Chatzikonstantinou 2022-10-03 7:40 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-09-30 16:22 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Eli Zaretskii, larsi [-- Attachment #1: Type: text/plain, Size: 2668 bytes --] On Fri, Sep 30, 2022 at 10:32 AM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Fri, 30 Sep 2022 09:49:30 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > Nikolaos> +static unsigned int > Nikolaos> +key_file2_aux (Lisp_Object flags) > Nikolaos> +{ > Nikolaos> + unsigned int rv = 0; > Nikolaos> + Lisp_Object tail = flags; > Nikolaos> + FOR_EACH_TAIL_SAFE (tail) > Nikolaos> + { > Nikolaos> + Lisp_Object flag = XCAR (tail); > Nikolaos> + if (EQ (flag, Qgnutls_pkcs_plain)) > Nikolaos> + rv |= GNUTLS_PKCS_PLAIN; > Nikolaos> + else if(EQ (flag, Qgnutls_pkcs_pkcs12_3des)) > > Space after 'if' here and in the rest of the function > > Nikolaos> +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 > Nikolaos> + if (STRINGP (pass)) > Nikolaos> + ret = gnutls_certificate_set_x509_key_file2 > Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, > Nikolaos> + SSDATA (pass), key_file2_aux (flags)); > Nikolaos> + else if (NILP (pass) && plist_member (proplist, QCpass)) > Nikolaos> + ret = gnutls_certificate_set_x509_key_file2 > Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, > Nikolaos> + NULL, key_file2_aux (flags)); > Nikolaos> + else > Nikolaos> + ret = gnutls_certificate_set_x509_key_file > Nikolaos> + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); > Nikolaos> +# else > Nikolaos> ret = gnutls_certificate_set_x509_key_file > Nikolaos> (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); > Nikolaos> +# endif > > 2 minor points: > > - If you use an intermediate variable for > the C version of pass, you can set it correctly based on `plist_member' > etc, and only have one call to _file2 (as it is itʼs kind of > difficult to quickly see the difference between the two calls) > - I think you can then rework the #else/#endif here to avoid repetition of > the call to the _file variant Thanks, I worked those out too, save for the last point you made. Do you mean this sort of thing: #if COND if (something) foo(); else bar(); #else bar(); #endif To be rewritten as #if COND if (something) foo(); else #endif bar(); Because in this case, I don't trust that kind of code to survive the test of time. Someone may come along and break it by modifying the bar() line, and it might be a sneaky bug. It's not easy to tell. [-- Attachment #2: 0001-add-pass-and-flags-to-gnutls-boot-for-keylist.patch --] [-- Type: text/x-patch, Size: 11594 bytes --] From 79682db52a825c52403cc671c5d84a0c6460cdf5 Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Date: Mon, 26 Sep 2022 11:08:18 -0400 Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist * lisp/net/gnutls.el (gnutls-boot-parameters): Add the keys :pass and :flags, and update the documentation. * src/gnutls.c (gnutls-boot): Add the keys :pass and :flags, and update the documentation. (syms_of_gnutls): Add the symbols :pass, :flags, and the symbols that correspond to the enumeration constants of the GnuTLS enum `gnutls_pkcs_encrypt_flags_t`. (key_file2_aux): Private helper function that translates a list of symbols to its corresponding `unsigned int` value of the GnuTLS C enum `gnutls_pkcs_encrypt_flags_t`. --- lisp/net/gnutls.el | 10 ++++ src/gnutls.c | 123 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 6e3845aec1..eef6559a95 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -265,6 +265,7 @@ gnutls-boot-parameters &key type hostname priority-string trustfiles crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error + pass flags &allow-other-keys) "Return a keyword list of parameters suitable for passing to `gnutls-boot'. @@ -281,6 +282,13 @@ gnutls-boot-parameters VERIFY-HOSTNAME-ERROR is a backwards compatibility option for putting `:hostname' in VERIFY-ERROR. +PASS is a string, the password of the key. It may also be nil, +for a NULL password. + +FLAGS is a list of symbols corresponding to the equivalent ORed +bitflag of the gnutls_pkcs_encrypt_flags_t enum of GnuTLS. The +empty list corresponds to the bitflag with value 0. + When VERIFY-ERROR is t or a list containing `:trustfiles', an error will be raised when the peer certificate verification fails as per GnuTLS' gnutls_certificate_verify_peers2. Otherwise, only @@ -358,6 +366,8 @@ gnutls-boot-parameters :keylist ,keylist :verify-flags ,verify-flags :verify-error ,verify-error + :pass ,pass + :flags ,flags :callbacks nil))) (defun gnutls--get-files (files) diff --git a/src/gnutls.c b/src/gnutls.c index a0de0238c4..661a42b826 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -34,6 +34,7 @@ # endif # if GNUTLS_VERSION_NUMBER >= 0x030200 +# define HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 # define HAVE_GNUTLS_CIPHER_GET_IV_SIZE # endif @@ -121,6 +122,11 @@ DEF_DLL_FN (int, gnutls_certificate_set_x509_crl_file, DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2, + (gnutls_certificate_credentials_t, const char *, const char *, + gnutls_x509_crt_fmt_t, const char *, unsigned int)); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust, (gnutls_certificate_credentials_t)); @@ -314,6 +320,9 @@ init_gnutls_functions (void) LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags); LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust); # endif @@ -455,6 +464,9 @@ init_gnutls_functions (void) # define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags # define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file # define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2 +# endif # define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust # define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file # define gnutls_certificate_type_get fn_gnutls_certificate_type_get @@ -1774,6 +1786,61 @@ gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist) return gnutls_make_error (ret); } +#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + +/* Helper function for gnutls-boot. + + The key :flags receives a list of symbols, each of which + corresponds to a GnuTLS C flag, the ORed result is to be passed to + the function gnutls_certificate_set_x509_key_file2() as its last + argument. +*/ +static unsigned int +key_file2_aux (Lisp_Object flags) +{ + unsigned int rv = 0; + Lisp_Object tail = flags; + FOR_EACH_TAIL_SAFE (tail) + { + Lisp_Object flag = XCAR (tail); + if (EQ (flag, Qgnutls_pkcs_plain)) + rv |= GNUTLS_PKCS_PLAIN; + else if (EQ (flag, Qgnutls_pkcs_pkcs12_3des)) + rv |= GNUTLS_PKCS_PKCS12_3DES; + else if (EQ (flag, Qgnutls_pkcs_pkcs12_arcfour)) + rv |= GNUTLS_PKCS_PKCS12_ARCFOUR; + else if (EQ (flag, Qgnutls_pkcs_pkcs12_rc2_40)) + rv |= GNUTLS_PKCS_PKCS12_RC2_40; + else if (EQ (flag, Qgnutls_pkcs_pbes2_3des)) + rv |= GNUTLS_PKCS_PBES2_3DES; + else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_128)) + rv |= GNUTLS_PKCS_PBES2_AES_128; + else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_192)) + rv |= GNUTLS_PKCS_PBES2_AES_192; + else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_256)) + rv |= GNUTLS_PKCS_PBES2_AES_256; + else if (EQ (flag, Qgnutls_pkcs_null_password)) + rv |= GNUTLS_PKCS_NULL_PASSWORD; + else if (EQ (flag, Qgnutls_pkcs_pbes2_des)) + rv |= GNUTLS_PKCS_PBES2_DES; + else if (EQ (flag, Qgnutls_pkcs_pbes1_des_md5)) + rv |= GNUTLS_PKCS_PBES1_DES_MD5; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_tc26z)) + rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpa)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPA; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpb)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPB; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpc)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPC; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpd)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPD; + } + return rv; +} + +#endif /* HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 */ + DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST. Currently only client mode is supported. Return a success/failure @@ -1813,6 +1880,21 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, :complete-negotiation, if non-nil, will make negotiation complete before returning even on non-blocking sockets. +:pass, the password of the private key as per GnuTLS' +gnutls_certificate_set_x509_key_file2. Specify as nil to have a NULL +password. + +:flags, a list of symbols relating to :pass, each specifying a flag: +GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_PKCS12_3DES, +GNUTLS_PKCS_PKCS12_ARCFOUR, GNUTLS_PKCS_PKCS12_RC2_40, +GNUTLS_PKCS_PBES2_3DES, GNUTLS_PKCS_PBES2_AES_128, +GNUTLS_PKCS_PBES2_AES_192, GNUTLS_PKCS_PBES2_AES_256, +GNUTLS_PKCS_NULL_PASSWORD, GNUTLS_PKCS_PBES2_DES, +GNUTLS_PKCS_PBES2_DES_MD5, GNUTLS_PKCS_PBES2_GOST_TC26Z, +GNUTLS_PKCS_PBES2_GOST_CPA, GNUTLS_PKCS_PBES2_GOST_CPB, +GNUTLS_PKCS_PBES2_GOST_CPC, GNUTLS_PKCS_PBES2_GOST_CPD. If not +specified, or if nil, the bitflag with value 0 is used. + The debug level will be set for this process AND globally for GnuTLS. So if you set it higher or lower at any point, it affects global debugging. @@ -1825,6 +1907,9 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, functions are used. This function allocates resources which can only be deallocated by calling `gnutls-deinit' or by calling it again. +The :pass and :flags keys are ignored with old versions of GnuTLS, and +:flags is ignored if :pass is not specified. + The callbacks alist can have a `verify' key, associated with a verification function (UNUSED). @@ -1842,12 +1927,15 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Lisp_Object global_init; char const *priority_string_ptr = "NORMAL"; /* default priority string. */ char *c_hostname; + const char *c_pass; /* Placeholders for the property list elements. */ Lisp_Object priority_string; Lisp_Object trustfiles; Lisp_Object crlfiles; Lisp_Object keylist; + Lisp_Object pass; + Lisp_Object flags; /* Lisp_Object callbacks; */ Lisp_Object loglevel; Lisp_Object hostname; @@ -1877,6 +1965,13 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, crlfiles = plist_get (proplist, QCcrlfiles); loglevel = plist_get (proplist, QCloglevel); prime_bits = plist_get (proplist, QCmin_prime_bits); + pass = plist_get (proplist, QCpass); + flags = plist_get (proplist, QCflags); + + if (STRINGP (pass)) + c_pass = SSDATA (pass); + else + c_pass = NULL; if (!STRINGP (hostname)) { @@ -2038,8 +2133,18 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, keyfile = ansi_encode_filename (keyfile); certfile = ansi_encode_filename (certfile); # endif +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + if (plist_member (proplist, QCpass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, + c_pass, key_file2_aux (flags)); + else + ret = gnutls_certificate_set_x509_key_file + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# else ret = gnutls_certificate_set_x509_key_file (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); +# endif if (ret < GNUTLS_E_SUCCESS) return gnutls_make_error (ret); @@ -2860,8 +2965,26 @@ syms_of_gnutls (void) DEFSYM (QCmin_prime_bits, ":min-prime-bits"); DEFSYM (QCloglevel, ":loglevel"); DEFSYM (QCcomplete_negotiation, ":complete-negotiation"); + DEFSYM (QCpass, ":pass"); + DEFSYM (QCflags, ":flags"); DEFSYM (QCverify_flags, ":verify-flags"); DEFSYM (QCverify_error, ":verify-error"); + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); + DEFSYM (Qgnutls_pkcs_pkcs12_3des, "GNUTLS_PKCS_PKCS12_3DES"); + DEFSYM (Qgnutls_pkcs_pkcs12_arcfour, "GNUTLS_PKCS_PKCS12_ARCFOUR"); + DEFSYM (Qgnutls_pkcs_pkcs12_rc2_40, "GNUTLS_PKCS_PKCS12_RC2_40"); + DEFSYM (Qgnutls_pkcs_pbes2_3des, "GNUTLS_PKCS_PBES2_3DES"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_128, "GNUTLS_PKCS_PBES2_AES_128"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_192, "GNUTLS_PKCS_PBES2_AES_192"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_256, "GNUTLS_PKCS_PBES2_AES_256"); + DEFSYM (Qgnutls_pkcs_null_password, "GNUTLS_PKCS_NULL_PASSWORD"); + DEFSYM (Qgnutls_pkcs_pbes2_des, "GNUTLS_PKCS_PBES2_DES"); + DEFSYM (Qgnutls_pkcs_pbes1_des_md5, "GNUTLS_PKCS_PBES1_DES_MD5"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_tc26z, "GNUTLS_PKCS_PBES2_GOST_TC26Z"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpa, "GNUTLS_PKCS_PBES2_GOST_CPA"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpb, "GNUTLS_PKCS_PBES2_GOST_CPB"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpc, "GNUTLS_PKCS_PBES2_GOST_CPC"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); DEFSYM (QCcipher_id, ":cipher-id"); DEFSYM (QCcipher_aead_capable, ":cipher-aead-capable"); -- 2.37.3 ^ permalink raw reply related [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-09-30 16:22 ` Nikolaos Chatzikonstantinou @ 2022-10-03 7:40 ` Robert Pluim 2022-10-03 13:00 ` Nikolaos Chatzikonstantinou 0 siblings, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-10-03 7:40 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Eli Zaretskii, larsi >>>>> On Fri, 30 Sep 2022 12:22:16 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: Nikolaos> #if COND Nikolaos> if (something) Nikolaos> foo(); Nikolaos> else Nikolaos> bar(); Nikolaos> #else Nikolaos> bar(); Nikolaos> #endif Nikolaos> To be rewritten as Nikolaos> #if COND Nikolaos> if (something) Nikolaos> foo(); Nikolaos> else Nikolaos> #endif Nikolaos> bar(); Nikolaos> Because in this case, I don't trust that kind of code to survive the Nikolaos> test of time. Someone may come along and break it by modifying the Nikolaos> bar() line, and it might be a sneaky bug. It's not easy to tell. In the first version thereʼs the risk that one of the calls to 'bar' will be changed and the other missed. In the second version thereʼs only one 'bar' to change. If someone changes the 'bar' code so it doesnʼt compile under COND, thatʼs immediately obvious. Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-10-03 7:40 ` Robert Pluim @ 2022-10-03 13:00 ` Nikolaos Chatzikonstantinou 2022-10-03 13:19 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-10-03 13:00 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Eli Zaretskii, larsi [-- Attachment #1: Type: text/plain, Size: 1184 bytes --] On Mon, Oct 3, 2022 at 3:40 AM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Fri, 30 Sep 2022 12:22:16 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > Nikolaos> #if COND > Nikolaos> if (something) > Nikolaos> foo(); > Nikolaos> else > Nikolaos> bar(); > Nikolaos> #else > Nikolaos> bar(); > Nikolaos> #endif > > Nikolaos> To be rewritten as > > Nikolaos> #if COND > Nikolaos> if (something) > Nikolaos> foo(); > Nikolaos> else > Nikolaos> #endif > Nikolaos> bar(); > > Nikolaos> Because in this case, I don't trust that kind of code to survive the > Nikolaos> test of time. Someone may come along and break it by modifying the > Nikolaos> bar() line, and it might be a sneaky bug. It's not easy to tell. > > In the first version thereʼs the risk that one of the calls to 'bar' > will be changed and the other missed. > > In the second version thereʼs only one 'bar' to change. If someone > changes the 'bar' code so it doesnʼt compile under COND, thatʼs > immediately obvious. Okay then, I have the fixed patch here. [-- Attachment #2: 0001-add-pass-and-flags-to-gnutls-boot-for-keylist.patch --] [-- Type: text/x-patch, Size: 11418 bytes --] From e868861425615ace9bc5efa8cf0a51cfa2130d21 Mon Sep 17 00:00:00 2001 From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> Date: Mon, 26 Sep 2022 11:08:18 -0400 Subject: [PATCH] add :pass and :flags to gnutls-boot for :keylist * lisp/net/gnutls.el (gnutls-boot-parameters): Add the keys :pass and :flags, and update the documentation. * src/gnutls.c (gnutls-boot): Add the keys :pass and :flags, and update the documentation. (syms_of_gnutls): Add the symbols :pass, :flags, and the symbols that correspond to the enumeration constants of the GnuTLS enum `gnutls_pkcs_encrypt_flags_t`. (key_file2_aux): Private helper function that translates a list of symbols to its corresponding `unsigned int` value of the GnuTLS C enum `gnutls_pkcs_encrypt_flags_t`. --- lisp/net/gnutls.el | 10 ++++ src/gnutls.c | 120 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 130 insertions(+) diff --git a/lisp/net/gnutls.el b/lisp/net/gnutls.el index 6e3845aec1..eef6559a95 100644 --- a/lisp/net/gnutls.el +++ b/lisp/net/gnutls.el @@ -265,6 +265,7 @@ gnutls-boot-parameters &key type hostname priority-string trustfiles crlfiles keylist min-prime-bits verify-flags verify-error verify-hostname-error + pass flags &allow-other-keys) "Return a keyword list of parameters suitable for passing to `gnutls-boot'. @@ -281,6 +282,13 @@ gnutls-boot-parameters VERIFY-HOSTNAME-ERROR is a backwards compatibility option for putting `:hostname' in VERIFY-ERROR. +PASS is a string, the password of the key. It may also be nil, +for a NULL password. + +FLAGS is a list of symbols corresponding to the equivalent ORed +bitflag of the gnutls_pkcs_encrypt_flags_t enum of GnuTLS. The +empty list corresponds to the bitflag with value 0. + When VERIFY-ERROR is t or a list containing `:trustfiles', an error will be raised when the peer certificate verification fails as per GnuTLS' gnutls_certificate_verify_peers2. Otherwise, only @@ -358,6 +366,8 @@ gnutls-boot-parameters :keylist ,keylist :verify-flags ,verify-flags :verify-error ,verify-error + :pass ,pass + :flags ,flags :callbacks nil))) (defun gnutls--get-files (files) diff --git a/src/gnutls.c b/src/gnutls.c index a0de0238c4..1522dac1b8 100644 --- a/src/gnutls.c +++ b/src/gnutls.c @@ -34,6 +34,7 @@ # endif # if GNUTLS_VERSION_NUMBER >= 0x030200 +# define HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 # define HAVE_GNUTLS_CIPHER_GET_IV_SIZE # endif @@ -121,6 +122,11 @@ DEF_DLL_FN (int, gnutls_certificate_set_x509_crl_file, DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file, (gnutls_certificate_credentials_t, const char *, const char *, gnutls_x509_crt_fmt_t)); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +DEF_DLL_FN (int, gnutls_certificate_set_x509_key_file2, + (gnutls_certificate_credentials_t, const char *, const char *, + gnutls_x509_crt_fmt_t, const char *, unsigned int)); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST DEF_DLL_FN (int, gnutls_certificate_set_x509_system_trust, (gnutls_certificate_credentials_t)); @@ -314,6 +320,9 @@ init_gnutls_functions (void) LOAD_DLL_FN (library, gnutls_certificate_set_verify_flags); LOAD_DLL_FN (library, gnutls_certificate_set_x509_crl_file); LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file); +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + LOAD_DLL_FN (library, gnutls_certificate_set_x509_key_file2); +# endif # ifdef HAVE_GNUTLS_X509_SYSTEM_TRUST LOAD_DLL_FN (library, gnutls_certificate_set_x509_system_trust); # endif @@ -455,6 +464,9 @@ init_gnutls_functions (void) # define gnutls_certificate_set_verify_flags fn_gnutls_certificate_set_verify_flags # define gnutls_certificate_set_x509_crl_file fn_gnutls_certificate_set_x509_crl_file # define gnutls_certificate_set_x509_key_file fn_gnutls_certificate_set_x509_key_file +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 +# define gnutls_certificate_set_x509_key_file2 fn_gnutls_certificate_set_x509_key_file2 +# endif # define gnutls_certificate_set_x509_system_trust fn_gnutls_certificate_set_x509_system_trust # define gnutls_certificate_set_x509_trust_file fn_gnutls_certificate_set_x509_trust_file # define gnutls_certificate_type_get fn_gnutls_certificate_type_get @@ -1774,6 +1786,61 @@ gnutls_verify_boot (Lisp_Object proc, Lisp_Object proplist) return gnutls_make_error (ret); } +#ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + +/* Helper function for gnutls-boot. + + The key :flags receives a list of symbols, each of which + corresponds to a GnuTLS C flag, the ORed result is to be passed to + the function gnutls_certificate_set_x509_key_file2() as its last + argument. +*/ +static unsigned int +key_file2_aux (Lisp_Object flags) +{ + unsigned int rv = 0; + Lisp_Object tail = flags; + FOR_EACH_TAIL_SAFE (tail) + { + Lisp_Object flag = XCAR (tail); + if (EQ (flag, Qgnutls_pkcs_plain)) + rv |= GNUTLS_PKCS_PLAIN; + else if (EQ (flag, Qgnutls_pkcs_pkcs12_3des)) + rv |= GNUTLS_PKCS_PKCS12_3DES; + else if (EQ (flag, Qgnutls_pkcs_pkcs12_arcfour)) + rv |= GNUTLS_PKCS_PKCS12_ARCFOUR; + else if (EQ (flag, Qgnutls_pkcs_pkcs12_rc2_40)) + rv |= GNUTLS_PKCS_PKCS12_RC2_40; + else if (EQ (flag, Qgnutls_pkcs_pbes2_3des)) + rv |= GNUTLS_PKCS_PBES2_3DES; + else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_128)) + rv |= GNUTLS_PKCS_PBES2_AES_128; + else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_192)) + rv |= GNUTLS_PKCS_PBES2_AES_192; + else if (EQ (flag, Qgnutls_pkcs_pbes2_aes_256)) + rv |= GNUTLS_PKCS_PBES2_AES_256; + else if (EQ (flag, Qgnutls_pkcs_null_password)) + rv |= GNUTLS_PKCS_NULL_PASSWORD; + else if (EQ (flag, Qgnutls_pkcs_pbes2_des)) + rv |= GNUTLS_PKCS_PBES2_DES; + else if (EQ (flag, Qgnutls_pkcs_pbes1_des_md5)) + rv |= GNUTLS_PKCS_PBES1_DES_MD5; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_tc26z)) + rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpa)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPA; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpb)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPB; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpc)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPC; + else if (EQ (flag, Qgnutls_pkcs_pbes2_gost_cpd)) + rv |= GNUTLS_PKCS_PBES2_GOST_CPD; + } + return rv; +} + +#endif /* HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 */ + DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, doc: /* Initialize GnuTLS client for process PROC with TYPE+PROPLIST. Currently only client mode is supported. Return a success/failure @@ -1813,6 +1880,21 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, :complete-negotiation, if non-nil, will make negotiation complete before returning even on non-blocking sockets. +:pass, the password of the private key as per GnuTLS' +gnutls_certificate_set_x509_key_file2. Specify as nil to have a NULL +password. + +:flags, a list of symbols relating to :pass, each specifying a flag: +GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_PKCS12_3DES, +GNUTLS_PKCS_PKCS12_ARCFOUR, GNUTLS_PKCS_PKCS12_RC2_40, +GNUTLS_PKCS_PBES2_3DES, GNUTLS_PKCS_PBES2_AES_128, +GNUTLS_PKCS_PBES2_AES_192, GNUTLS_PKCS_PBES2_AES_256, +GNUTLS_PKCS_NULL_PASSWORD, GNUTLS_PKCS_PBES2_DES, +GNUTLS_PKCS_PBES2_DES_MD5, GNUTLS_PKCS_PBES2_GOST_TC26Z, +GNUTLS_PKCS_PBES2_GOST_CPA, GNUTLS_PKCS_PBES2_GOST_CPB, +GNUTLS_PKCS_PBES2_GOST_CPC, GNUTLS_PKCS_PBES2_GOST_CPD. If not +specified, or if nil, the bitflag with value 0 is used. + The debug level will be set for this process AND globally for GnuTLS. So if you set it higher or lower at any point, it affects global debugging. @@ -1825,6 +1907,9 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, functions are used. This function allocates resources which can only be deallocated by calling `gnutls-deinit' or by calling it again. +The :pass and :flags keys are ignored with old versions of GnuTLS, and +:flags is ignored if :pass is not specified. + The callbacks alist can have a `verify' key, associated with a verification function (UNUSED). @@ -1842,12 +1927,15 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, Lisp_Object global_init; char const *priority_string_ptr = "NORMAL"; /* default priority string. */ char *c_hostname; + const char *c_pass; /* Placeholders for the property list elements. */ Lisp_Object priority_string; Lisp_Object trustfiles; Lisp_Object crlfiles; Lisp_Object keylist; + Lisp_Object pass; + Lisp_Object flags; /* Lisp_Object callbacks; */ Lisp_Object loglevel; Lisp_Object hostname; @@ -1877,6 +1965,13 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, crlfiles = plist_get (proplist, QCcrlfiles); loglevel = plist_get (proplist, QCloglevel); prime_bits = plist_get (proplist, QCmin_prime_bits); + pass = plist_get (proplist, QCpass); + flags = plist_get (proplist, QCflags); + + if (STRINGP (pass)) + c_pass = SSDATA (pass); + else + c_pass = NULL; if (!STRINGP (hostname)) { @@ -2037,6 +2132,13 @@ DEFUN ("gnutls-boot", Fgnutls_boot, Sgnutls_boot, 3, 3, 0, # ifdef WINDOWSNT keyfile = ansi_encode_filename (keyfile); certfile = ansi_encode_filename (certfile); +# endif +# ifdef HAVE_GNUTLS_CERTIFICATE_SET_X509_KEY_FILE2 + if (plist_member (proplist, QCpass)) + ret = gnutls_certificate_set_x509_key_file2 + (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format, + c_pass, key_file2_aux (flags)); + else # endif ret = gnutls_certificate_set_x509_key_file (x509_cred, SSDATA (certfile), SSDATA (keyfile), file_format); @@ -2860,8 +2962,26 @@ syms_of_gnutls (void) DEFSYM (QCmin_prime_bits, ":min-prime-bits"); DEFSYM (QCloglevel, ":loglevel"); DEFSYM (QCcomplete_negotiation, ":complete-negotiation"); + DEFSYM (QCpass, ":pass"); + DEFSYM (QCflags, ":flags"); DEFSYM (QCverify_flags, ":verify-flags"); DEFSYM (QCverify_error, ":verify-error"); + DEFSYM (Qgnutls_pkcs_plain, "GNUTLS_PKCS_PLAIN"); + DEFSYM (Qgnutls_pkcs_pkcs12_3des, "GNUTLS_PKCS_PKCS12_3DES"); + DEFSYM (Qgnutls_pkcs_pkcs12_arcfour, "GNUTLS_PKCS_PKCS12_ARCFOUR"); + DEFSYM (Qgnutls_pkcs_pkcs12_rc2_40, "GNUTLS_PKCS_PKCS12_RC2_40"); + DEFSYM (Qgnutls_pkcs_pbes2_3des, "GNUTLS_PKCS_PBES2_3DES"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_128, "GNUTLS_PKCS_PBES2_AES_128"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_192, "GNUTLS_PKCS_PBES2_AES_192"); + DEFSYM (Qgnutls_pkcs_pbes2_aes_256, "GNUTLS_PKCS_PBES2_AES_256"); + DEFSYM (Qgnutls_pkcs_null_password, "GNUTLS_PKCS_NULL_PASSWORD"); + DEFSYM (Qgnutls_pkcs_pbes2_des, "GNUTLS_PKCS_PBES2_DES"); + DEFSYM (Qgnutls_pkcs_pbes1_des_md5, "GNUTLS_PKCS_PBES1_DES_MD5"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_tc26z, "GNUTLS_PKCS_PBES2_GOST_TC26Z"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpa, "GNUTLS_PKCS_PBES2_GOST_CPA"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpb, "GNUTLS_PKCS_PBES2_GOST_CPB"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpc, "GNUTLS_PKCS_PBES2_GOST_CPC"); + DEFSYM (Qgnutls_pkcs_pbes2_gost_cpd, "GNUTLS_PKCS_PBES2_GOST_CPD"); DEFSYM (QCcipher_id, ":cipher-id"); DEFSYM (QCcipher_aead_capable, ":cipher-aead-capable"); -- 2.37.3 ^ permalink raw reply related [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-10-03 13:00 ` Nikolaos Chatzikonstantinou @ 2022-10-03 13:19 ` Robert Pluim 2022-10-05 14:20 ` Nikolaos Chatzikonstantinou 2022-12-23 15:46 ` Nikolaos Chatzikonstantinou 0 siblings, 2 replies; 47+ messages in thread From: Robert Pluim @ 2022-10-03 13:19 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Eli Zaretskii, larsi >>>>> On Mon, 3 Oct 2022 09:00:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: Nikolaos> Okay then, I have the fixed patch here. Thanks, no further comment from me, I guess weʼre waiting on the paperwork now. Regards Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-10-03 13:19 ` Robert Pluim @ 2022-10-05 14:20 ` Nikolaos Chatzikonstantinou 2022-12-23 15:46 ` Nikolaos Chatzikonstantinou 1 sibling, 0 replies; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-10-05 14:20 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Eli Zaretskii, larsi On Mon, Oct 3, 2022 at 9:19 AM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Mon, 3 Oct 2022 09:00:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > Nikolaos> Okay then, I have the fixed patch here. > > Thanks, no further comment from me, I guess weʼre waiting on the > paperwork now. Alas I hit a snag with the paperwork, so it will have to wait a few months... ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-10-03 13:19 ` Robert Pluim 2022-10-05 14:20 ` Nikolaos Chatzikonstantinou @ 2022-12-23 15:46 ` Nikolaos Chatzikonstantinou 2022-12-29 9:01 ` Eli Zaretskii 1 sibling, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-12-23 15:46 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, Eli Zaretskii, larsi On Mon, Oct 3, 2022 at 4:19 PM Robert Pluim <rpluim@gmail.com> wrote: > > >>>>> On Mon, 3 Oct 2022 09:00:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > Nikolaos> Okay then, I have the fixed patch here. > > Thanks, no further comment from me, I guess weʼre waiting on the > paperwork now. The assignment was signed and accepted and now you can proceed with the patch. Regards, Nikolaos Chatzikonstantinou ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-23 15:46 ` Nikolaos Chatzikonstantinou @ 2022-12-29 9:01 ` Eli Zaretskii 2022-12-29 17:03 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2022-12-29 9:01 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, rpluim, larsi > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Fri, 23 Dec 2022 17:46:15 +0200 > Cc: 50507@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>, larsi@gnus.org > > On Mon, Oct 3, 2022 at 4:19 PM Robert Pluim <rpluim@gmail.com> wrote: > > > > >>>>> On Mon, 3 Oct 2022 09:00:26 -0400, Nikolaos Chatzikonstantinou <nchatz314@gmail.com> said: > > > > Nikolaos> Okay then, I have the fixed patch here. > > > > Thanks, no further comment from me, I guess weʼre waiting on the > > paperwork now. > > The assignment was signed and accepted and now you can proceed with the patch. Robert, are you going to take care of this, or should I do it? Thanks. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-29 9:01 ` Eli Zaretskii @ 2022-12-29 17:03 ` Robert Pluim 2022-12-29 17:18 ` Eli Zaretskii 0 siblings, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-12-29 17:03 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, Nikolaos Chatzikonstantinou, Lars Magne Ingebrigtsen [-- Attachment #1: Type: text/plain, Size: 880 bytes --] On Thu, Dec 29, 2022, 10:00 Eli Zaretskii <eliz@gnu.org> wrote: > > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > > Date: Fri, 23 Dec 2022 17:46:15 +0200 > > Cc: 50507@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>, larsi@gnus.org > > > > On Mon, Oct 3, 2022 at 4:19 PM Robert Pluim <rpluim@gmail.com> wrote: > > > > > > >>>>> On Mon, 3 Oct 2022 09:00:26 -0400, Nikolaos Chatzikonstantinou < > nchatz314@gmail.com> said: > > > > > > Nikolaos> Okay then, I have the fixed patch here. > > > > > > Thanks, no further comment from me, I guess weʼre waiting on the > > > paperwork now. > > > > The assignment was signed and accepted and now you can proceed with the > patch. > > Robert, are you going to take care of this, or should I do it? > > Thanks. > Hi Eli, I can get to it tomorrow. For master I presume? Thanks Robert > [-- Attachment #2: Type: text/html, Size: 2073 bytes --] ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-29 17:03 ` Robert Pluim @ 2022-12-29 17:18 ` Eli Zaretskii 2022-12-30 16:41 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2022-12-29 17:18 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, nchatz314, larsi > From: Robert Pluim <rpluim@gmail.com> > Date: Thu, 29 Dec 2022 18:03:25 +0100 > Cc: Nikolaos Chatzikonstantinou <nchatz314@gmail.com>, 50507@debbugs.gnu.org, > Lars Magne Ingebrigtsen <larsi@gnus.org> > > I can get to it tomorrow. Sure, there's no rush. > For master I presume? Yes, thanks. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-29 17:18 ` Eli Zaretskii @ 2022-12-30 16:41 ` Robert Pluim 2022-12-31 7:33 ` Eli Zaretskii 0 siblings, 1 reply; 47+ messages in thread From: Robert Pluim @ 2022-12-30 16:41 UTC (permalink / raw) To: nchatz314; +Cc: 50507, Eli Zaretskii, larsi tags 50507 fixed close 50507 30.1 quit Done (with a very minor change to the commit message: I added the bug number). I tested with and without GnuTLS builds on GNU/Linux. The MS-Windows changes looked sane, but I didnʼt test those. Thanks for this. Closing. Committed as e9983b1b635 ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-30 16:41 ` Robert Pluim @ 2022-12-31 7:33 ` Eli Zaretskii 2023-01-02 10:24 ` Robert Pluim 0 siblings, 1 reply; 47+ messages in thread From: Eli Zaretskii @ 2022-12-31 7:33 UTC (permalink / raw) To: Robert Pluim; +Cc: 50507, nchatz314, larsi > From: Robert Pluim <rpluim@gmail.com> > Cc: 50507@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org> , larsi@gnus.org > Date: Fri, 30 Dec 2022 17:41:58 +0100 > > Done (with a very minor change to the commit message: I added the bug > number). > > I tested with and without GnuTLS builds on GNU/Linux. The MS-Windows > changes looked sane, but I didnʼt test those. Thanks, the basic HTTPS connectivity seems to work on MS-Windows after the change. Are there any special tests of the new functionality I should try? There aren't any tests for this in the test suite, AFAICT. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-31 7:33 ` Eli Zaretskii @ 2023-01-02 10:24 ` Robert Pluim 0 siblings, 0 replies; 47+ messages in thread From: Robert Pluim @ 2023-01-02 10:24 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, nchatz314, larsi >>>>> On Sat, 31 Dec 2022 09:33:20 +0200, Eli Zaretskii <eliz@gnu.org> said: >> From: Robert Pluim <rpluim@gmail.com> >> Cc: 50507@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org> , larsi@gnus.org >> Date: Fri, 30 Dec 2022 17:41:58 +0100 >> >> Done (with a very minor change to the commit message: I added the bug >> number). >> >> I tested with and without GnuTLS builds on GNU/Linux. The MS-Windows >> changes looked sane, but I didnʼt test those. Eli> Thanks, the basic HTTPS connectivity seems to work on MS-Windows after Eli> the change. Are there any special tests of the new functionality I Eli> should try? There aren't any tests for this in the test suite, Eli> AFAICT. There are no tests for TLS connections with client side certificates at all, let alone password protected ones. They must work, nobody has ever complained about them 😺 Robert -- ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2021-09-10 10:39 bug#50507: New function in Emacs GnuTLS implementation Nikolaos Chatzikonstantinou 2021-09-10 12:39 ` Eli Zaretskii @ 2022-12-30 20:45 ` Mattias Engdegård 2022-12-30 22:59 ` Nikolaos Chatzikonstantinou 2022-12-31 7:25 ` Eli Zaretskii 1 sibling, 2 replies; 47+ messages in thread From: Mattias Engdegård @ 2022-12-30 20:45 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, Robert Pluim, Eli Zaretskii After e9983b1b63, the build of master fails on emba.gnu.org which perhaps uses a slightly older gnutls. Errors below. CC gnutls.o gnutls.c: In function 'key_file2_aux': gnutls.c:1829:8: error: 'GNUTLS_PKCS_PBES2_GOST_TC26Z' undeclared (first use in this function) rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ gnutls.c:1829:8: note: each undeclared identifier is reported only once for each function it appears in gnutls.c:1831:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPA' undeclared (first use in this function) rv |= GNUTLS_PKCS_PBES2_GOST_CPA; ^~~~~~~~~~~~~~~~~~~~~~~~~~ gnutls.c:1833:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPB' undeclared (first use in this function) rv |= GNUTLS_PKCS_PBES2_GOST_CPB; ^~~~~~~~~~~~~~~~~~~~~~~~~~ gnutls.c:1835:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPC' undeclared (first use in this function) rv |= GNUTLS_PKCS_PBES2_GOST_CPC; ^~~~~~~~~~~~~~~~~~~~~~~~~~ gnutls.c:1837:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPD' undeclared (first use in this function) rv |= GNUTLS_PKCS_PBES2_GOST_CPD; ^~~~~~~~~~~~~~~~~~~~~~~~~~ ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-30 20:45 ` Mattias Engdegård @ 2022-12-30 22:59 ` Nikolaos Chatzikonstantinou 2022-12-31 7:28 ` Eli Zaretskii 2022-12-31 7:25 ` Eli Zaretskii 1 sibling, 1 reply; 47+ messages in thread From: Nikolaos Chatzikonstantinou @ 2022-12-30 22:59 UTC (permalink / raw) To: Mattias Engdegård; +Cc: 50507, Robert Pluim, Eli Zaretskii > On 30 Dec 2022, at 10:45 PM, Mattias Engdegård <mattias.engdegard@gmail.com> wrote: > > After e9983b1b63, the build of master fails on emba.gnu.org which perhaps uses a slightly older gnutls. Errors below. > > CC gnutls.o > gnutls.c: In function 'key_file2_aux': > gnutls.c:1829:8: error: 'GNUTLS_PKCS_PBES2_GOST_TC26Z' undeclared (first use in this function) > rv |= GNUTLS_PKCS_PBES2_GOST_TC26Z; > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ > gnutls.c:1829:8: note: each undeclared identifier is reported only once for each function it appears in > gnutls.c:1831:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPA' undeclared (first use in this function) > rv |= GNUTLS_PKCS_PBES2_GOST_CPA; > ^~~~~~~~~~~~~~~~~~~~~~~~~~ > gnutls.c:1833:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPB' undeclared (first use in this function) > rv |= GNUTLS_PKCS_PBES2_GOST_CPB; > ^~~~~~~~~~~~~~~~~~~~~~~~~~ > gnutls.c:1835:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPC' undeclared (first use in this function) > rv |= GNUTLS_PKCS_PBES2_GOST_CPC; > ^~~~~~~~~~~~~~~~~~~~~~~~~~ > gnutls.c:1837:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPD' undeclared (first use in this function) > rv |= GNUTLS_PKCS_PBES2_GOST_CPD; > ^~~~~~~~~~~~~~~~~~~~~~~~~~ > I can work on this tomorrow and fix it. I think it needs preprocessor guards on the version. Regards, Nikolaos Chatzikonstantinou ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-30 22:59 ` Nikolaos Chatzikonstantinou @ 2022-12-31 7:28 ` Eli Zaretskii 0 siblings, 0 replies; 47+ messages in thread From: Eli Zaretskii @ 2022-12-31 7:28 UTC (permalink / raw) To: Nikolaos Chatzikonstantinou; +Cc: 50507, mattias.engdegard, rpluim > From: Nikolaos Chatzikonstantinou <nchatz314@gmail.com> > Date: Sat, 31 Dec 2022 00:59:09 +0200 > Cc: 50507@debbugs.gnu.org, Robert Pluim <rpluim@gmail.com>, > Eli Zaretskii <eliz@gnu.org> > > > gnutls.c:1837:8: error: 'GNUTLS_PKCS_PBES2_GOST_CPD' undeclared (first use in this function) > > rv |= GNUTLS_PKCS_PBES2_GOST_CPD; > > ^~~~~~~~~~~~~~~~~~~~~~~~~~ > > > > I can work on this tomorrow and fix it. I think it needs preprocessor guards on the version. Since GnuTLS's documentation doesn't bother specifying when these constants were introduced (some in 3.5.x, some in 3.6.x), I preferred to condition the use of each constant by its being defined, instead of conditioning on versions. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-30 20:45 ` Mattias Engdegård 2022-12-30 22:59 ` Nikolaos Chatzikonstantinou @ 2022-12-31 7:25 ` Eli Zaretskii 2022-12-31 8:58 ` Colin Baxter 2022-12-31 9:44 ` Mattias Engdegård 1 sibling, 2 replies; 47+ messages in thread From: Eli Zaretskii @ 2022-12-31 7:25 UTC (permalink / raw) To: Mattias Engdegård; +Cc: 50507, nchatz314, rpluim > From: Mattias Engdegård <mattias.engdegard@gmail.com> > Date: Fri, 30 Dec 2022 21:45:10 +0100 > Cc: 50507@debbugs.gnu.org, > Robert Pluim <rpluim@gmail.com>, > Eli Zaretskii <eliz@gnu.org> > > After e9983b1b63, the build of master fails on emba.gnu.org which perhaps uses a slightly older gnutls. Errors below. Thanks, should be fixed now. ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-31 7:25 ` Eli Zaretskii @ 2022-12-31 8:58 ` Colin Baxter 2022-12-31 9:44 ` Mattias Engdegård 1 sibling, 0 replies; 47+ messages in thread From: Colin Baxter @ 2022-12-31 8:58 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, Mattias Engdegård, nchatz314, rpluim >>>>> Eli Zaretskii <eliz@gnu.org> writes: >> From: Mattias Engdegård <mattias.engdegard@gmail.com> Date: Fri, >> 30 Dec 2022 21:45:10 +0100 Cc: 50507@debbugs.gnu.org, Robert >> Pluim <rpluim@gmail.com>, Eli Zaretskii <eliz@gnu.org> >> >> After e9983b1b63, the build of master fails on emba.gnu.org which >> perhaps uses a slightly older gnutls. Errors below. > Thanks, should be fixed now. It is. Thank you. Best wishes, ^ permalink raw reply [flat|nested] 47+ messages in thread
* bug#50507: New function in Emacs GnuTLS implementation 2022-12-31 7:25 ` Eli Zaretskii 2022-12-31 8:58 ` Colin Baxter @ 2022-12-31 9:44 ` Mattias Engdegård 1 sibling, 0 replies; 47+ messages in thread From: Mattias Engdegård @ 2022-12-31 9:44 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 50507, nchatz314, rpluim 31 dec. 2022 kl. 08.25 skrev Eli Zaretskii <eliz@gnu.org>: > Thanks, should be fixed now. Good -- emba.gnu.org seems happy. ^ permalink raw reply [flat|nested] 47+ messages in thread
end of thread, other threads:[~2023-01-02 10:24 UTC | newest] Thread overview: 47+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-09-10 10:39 bug#50507: New function in Emacs GnuTLS implementation Nikolaos Chatzikonstantinou 2021-09-10 12:39 ` Eli Zaretskii 2021-09-11 15:28 ` Nikolaos Chatzikonstantinou 2021-09-11 15:34 ` Eli Zaretskii 2021-09-11 15:52 ` Eli Zaretskii 2022-08-25 15:07 ` Lars Ingebrigtsen 2022-09-14 15:51 ` Nikolaos Chatzikonstantinou 2022-09-15 7:09 ` Lars Ingebrigtsen 2022-09-26 9:56 ` Nikolaos Chatzikonstantinou 2022-09-26 11:03 ` Lars Ingebrigtsen 2022-09-26 15:43 ` Nikolaos Chatzikonstantinou 2022-09-26 17:19 ` Robert Pluim 2022-09-26 21:39 ` Nikolaos Chatzikonstantinou 2022-09-27 6:29 ` Eli Zaretskii 2022-09-28 12:15 ` Nikolaos Chatzikonstantinou 2022-09-28 13:11 ` Robert Pluim 2022-09-29 3:09 ` Nikolaos Chatzikonstantinou 2022-09-29 8:17 ` Eli Zaretskii 2022-09-29 12:35 ` Nikolaos Chatzikonstantinou 2022-09-29 13:08 ` Eli Zaretskii 2022-09-29 9:02 ` Robert Pluim 2022-09-29 13:44 ` Nikolaos Chatzikonstantinou 2022-09-29 14:08 ` Robert Pluim 2022-09-30 10:04 ` Nikolaos Chatzikonstantinou 2022-09-30 10:47 ` Eli Zaretskii 2022-09-30 13:01 ` Nikolaos Chatzikonstantinou 2022-09-30 13:37 ` Eli Zaretskii 2022-09-30 13:49 ` Nikolaos Chatzikonstantinou 2022-09-30 14:32 ` Robert Pluim 2022-09-30 16:22 ` Nikolaos Chatzikonstantinou 2022-10-03 7:40 ` Robert Pluim 2022-10-03 13:00 ` Nikolaos Chatzikonstantinou 2022-10-03 13:19 ` Robert Pluim 2022-10-05 14:20 ` Nikolaos Chatzikonstantinou 2022-12-23 15:46 ` Nikolaos Chatzikonstantinou 2022-12-29 9:01 ` Eli Zaretskii 2022-12-29 17:03 ` Robert Pluim 2022-12-29 17:18 ` Eli Zaretskii 2022-12-30 16:41 ` Robert Pluim 2022-12-31 7:33 ` Eli Zaretskii 2023-01-02 10:24 ` Robert Pluim 2022-12-30 20:45 ` Mattias Engdegård 2022-12-30 22:59 ` Nikolaos Chatzikonstantinou 2022-12-31 7:28 ` Eli Zaretskii 2022-12-31 7:25 ` Eli Zaretskii 2022-12-31 8:58 ` Colin Baxter 2022-12-31 9:44 ` Mattias Engdegård
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.