Commit b2962e7e authored by David Woodhouse's avatar David Woodhouse

Move TPM code out into gnutls_tpm.c

Slightly reduce the #ifdef hell in gnutls.c
Signed-off-by: default avatarDavid Woodhouse <>
parent aaf71be1
......@@ -18,7 +18,7 @@ openconnect_CFLAGS = $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPRO
library_srcs = ssl.c http.c auth.c library.c compat.c
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c
lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c gnutls_tpm.c
lib_srcs_openssl = openssl.c
library_srcs += $(lib_srcs_gnutls)
This diff is collapsed.
......@@ -27,6 +27,9 @@
#include <gnutls/gnutls.h>
#include <gnutls/pkcs12.h>
#include <gnutls/abstract.h>
#include "openconnect-internal.h"
/* If we're using a version of GnuTLS from before this was
......@@ -42,4 +45,35 @@ int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password,
int gtls2_tpm_sign_cb(gnutls_session_t sess, void *_vpninfo,
gnutls_certificate_type_t cert_type,
const gnutls_datum_t *cert, const gnutls_datum_t *data,
gnutls_datum_t *sig);
int gtls2_tpm_sign_dummy_data(struct openconnect_info *vpninfo,
const gnutls_datum_t *data,
gnutls_datum_t *sig);
/* In GnuTLS 2.12 this can't be a real private key; we have to use the sign_callback
instead. But we want to set the 'pkey' variable to *something* non-NULL in order
to indicate that we aren't just using an x509 key. */
#define OPENCONNECT_TPM_PKEY ((void *)1UL)
static inline int sign_dummy_data(struct openconnect_info *vpninfo,
gnutls_privkey_t pkey,
const gnutls_datum_t *data,
gnutls_datum_t *sig)
return gtls2_tpm_sign_dummy_data(vpninfo, data, sig);
return gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, data, sig);
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig);
#endif /* __OPENCONNECT_GNUTLS_H__ */
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment