diff options
author | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2008-05-03 18:19:29 +0300 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@crystal.(none)> | 2008-05-03 18:19:29 +0300 |
commit | a78cafc509ad4a03c7153114b88007ba249465cc (patch) | |
tree | 921e0788295dd928a17e63394e1af69ef3060609 | |
parent | 51421f56770daf6e210cbf00bf7c3d4cfc4b3f6f (diff) | |
download | gnutls-a78cafc509ad4a03c7153114b88007ba249465cc.tar.gz |
updates in certificate verification.
-rw-r--r-- | lib/gnutls_mpi.c | 43 | ||||
-rw-r--r-- | lib/gnutls_mpi.h | 1 | ||||
-rw-r--r-- | lib/gnutls_pk.c | 3 | ||||
-rw-r--r-- | lib/pk-libgcrypt.c | 5 | ||||
-rw-r--r-- | lib/x509/crl.c | 3 |
5 files changed, 48 insertions, 7 deletions
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index c5fab22fe6..f07616c667 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -197,6 +197,49 @@ _gnutls_mpi_dprint (const mpi_t a, gnutls_datum_t * dest) return 0; } +/* This function will copy the mpi data into a datum, + * but will set minimum size to 'size'. That means that + * the output value is left padded with zeros. + */ +int +_gnutls_mpi_dprint_size (const mpi_t a, gnutls_datum_t * dest, size_t size) +{ + int ret; + opaque *buf = NULL; + size_t bytes = 0; + unsigned int i; + + if (dest == NULL || a == NULL) + return GNUTLS_E_INVALID_REQUEST; + + _gnutls_mpi_print (a, NULL, &bytes); + if (bytes != 0) + buf = gnutls_malloc (MAX(size, bytes)); + if (buf == NULL) + return GNUTLS_E_MEMORY_ERROR; + + dest->size = MAX(size, bytes); + + if (bytes <= size) { + size_t diff = size - bytes; + for (i=0;i<diff;i++) + buf[i] = 0; + ret = _gnutls_mpi_print(a, &buf[diff], &bytes); + } else { + ret = _gnutls_mpi_print(a, buf, &bytes); + } + + if (ret < 0) + { + gnutls_free (buf); + return ret; + } + + dest->data = buf; + dest->size = MAX(size, bytes); + return 0; +} + /* this function reads an integer * from asn1 structs. Combines the read and mpi_scan * steps. diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 7dbf4df098..ef3c3abe11 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -68,6 +68,7 @@ int _gnutls_mpi_scan_nz (mpi_t * ret_mpi, const void * buffer, size_t nbytes); int _gnutls_mpi_dprint_lz ( const mpi_t a, gnutls_datum_t * dest); int _gnutls_mpi_dprint ( const mpi_t a, gnutls_datum_t * dest); +int _gnutls_mpi_dprint_size (const mpi_t a, gnutls_datum_t * dest, size_t size); #define _gnutls_mpi_generate_group( gg, bits) gnutls_mpi_ops.bigint_generate_group( gg, bits) diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 7823551a2b..ead75f18d8 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -234,12 +234,10 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, */ if (btype == 2) { -// pk_params.flags = GNUTLS_PK_FLAG_PKCS1_TYPE2; ret = _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); } else { -// pk_params.flags = GNUTLS_PK_FLAG_PKCS1_TYPE1; ret = _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); } @@ -257,7 +255,6 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, * "Chosen Ciphertext Attacks against Protocols Based on RSA * Encryption Standard PKCS #1". */ - if (plaintext->data[0] != 0 || plaintext->data[1] != btype) { gnutls_assert (); diff --git a/lib/pk-libgcrypt.c b/lib/pk-libgcrypt.c index 834160ff09..7345f9ee06 100644 --- a/lib/pk-libgcrypt.c +++ b/lib/pk-libgcrypt.c @@ -43,7 +43,6 @@ /* this is based on code from old versions of libgcrypt (centuries ago) */ - int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ , gnutls_pk_params_st *); @@ -123,7 +122,7 @@ _wrap_gcry_pk_encrypt(gnutls_pk_algorithm_t algo, goto cleanup; } - ret = _gnutls_mpi_dprint(ciphertext, res); + ret = _gnutls_mpi_dprint_size(res, ciphertext, plaintext->size); _gnutls_mpi_release(&res); if (ret < 0) { @@ -213,7 +212,7 @@ _wrap_gcry_pk_decrypt(gnutls_pk_algorithm_t algo, goto cleanup; } - ret = _gnutls_mpi_dprint(plaintext, res); + ret = _gnutls_mpi_dprint_size(res, plaintext, ciphertext->size); _gnutls_mpi_release(&res); if (ret < 0) { diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 5f130c1ec0..9bfc284508 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -326,7 +326,8 @@ gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, char *sig, size_t *sizeof_sig) { int result; - int bits, len; + int bits; + unsigned int len; if (crl == NULL) { |