diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-25 13:28:44 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-03 11:57:52 +0200 |
| commit | 97e50498870b009bf7259fb05130aa17f1ade6f0 (patch) | |
| tree | b5056e4527b4190d0d55856e1d094ae3a7d800ab | |
| parent | 5d9d26fa3b977fdca74730c56fbcd5bc55839171 (diff) | |
| download | gnutls-97e50498870b009bf7259fb05130aa17f1ade6f0.tar.gz | |
gnutls_x509_privkey_int: eliminated duplicate pk_algorithm field
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/abstract_int.h | 2 | ||||
| -rw-r--r-- | lib/privkey.c | 2 | ||||
| -rw-r--r-- | lib/pubkey.c | 15 | ||||
| -rw-r--r-- | lib/x509/common.c | 2 | ||||
| -rw-r--r-- | lib/x509/key_decode.c | 2 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 74 | ||||
| -rw-r--r-- | lib/x509/privkey_pkcs8.c | 16 | ||||
| -rw-r--r-- | lib/x509/x509_int.h | 1 |
8 files changed, 54 insertions, 60 deletions
diff --git a/lib/abstract_int.h b/lib/abstract_int.h index d265f23ba1..c3e13d7b9f 100644 --- a/lib/abstract_int.h +++ b/lib/abstract_int.h @@ -92,7 +92,7 @@ privkey_sign_raw_data(gnutls_privkey_t key, gnutls_datum_t * signature, gnutls_x509_spki_st * params); -unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params); +unsigned pubkey_to_bits(gnutls_pk_params_st * params); int _gnutls_pubkey_compatible_with_sig(gnutls_session_t, gnutls_pubkey_t pubkey, const version_entry_st * ver, diff --git a/lib/privkey.c b/lib/privkey.c index f2ed3313d8..cd85010346 100644 --- a/lib/privkey.c +++ b/lib/privkey.c @@ -130,7 +130,7 @@ int gnutls_privkey_get_pk_algorithm(gnutls_privkey_t key, unsigned int *bits) #endif case GNUTLS_PRIVKEY_X509: if (bits) { - *bits = pubkey_to_bits(key->key.x509->pk_algorithm, &key->key.x509->params); + *bits = pubkey_to_bits(&key->key.x509->params); } return gnutls_x509_privkey_get_pk_algorithm(key->key.x509); diff --git a/lib/pubkey.c b/lib/pubkey.c index 7e81b89cfe..1dc48c8a76 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -39,9 +39,9 @@ #include <ecc.h> -unsigned pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params) +unsigned pubkey_to_bits(gnutls_pk_params_st * params) { - switch (pk) { + switch (params->algo) { case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: return _gnutls_mpi_get_nbits(params->params[RSA_MODULUS]); @@ -1009,10 +1009,10 @@ gnutls_pubkey_import(gnutls_pubkey_t key, /* this has already been called by get_asn_mpis() thus it cannot * fail. */ - key->pk_algorithm = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL); + key->pk_algorithm = key->params.algo = _gnutls_x509_get_pk_algorithm(spk, "", &curve, NULL); key->params.flags = curve; - key->bits = pubkey_to_bits(key->pk_algorithm, &key->params); + key->bits = pubkey_to_bits(&key->params); result = 0; @@ -1266,8 +1266,9 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, } key->params.params_nr = RSA_PUBLIC_PARAMS; + key->params.algo = GNUTLS_PK_RSA; key->pk_algorithm = GNUTLS_PK_RSA; - key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params); + key->bits = pubkey_to_bits(&key->params); return 0; } @@ -1475,8 +1476,8 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, } key->params.params_nr = DSA_PUBLIC_PARAMS; - key->pk_algorithm = GNUTLS_PK_DSA; - key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params); + key->pk_algorithm = key->params.algo = GNUTLS_PK_DSA; + key->bits = pubkey_to_bits(&key->params); return 0; diff --git a/lib/x509/common.c b/lib/x509/common.c index 1b35f7cd73..5efb3676de 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1183,7 +1183,7 @@ _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name, if (result < 0) return gnutls_assert_val(result); - bits[0] = pubkey_to_bits(algo, ¶ms); + bits[0] = pubkey_to_bits(¶ms); gnutls_pk_params_release(¶ms); } diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 6c90c648f9..97f240e783 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -450,7 +450,7 @@ int _gnutls_x509_check_pubkey_params(gnutls_pk_algorithm_t algo, { switch (algo) { case GNUTLS_PK_RSA_PSS: { - unsigned bits = pubkey_to_bits(algo, params); + unsigned bits = pubkey_to_bits(params); const mac_entry_st *me = hash_to_entry(params->spki.rsa_pss_dig); size_t hash_size; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 79c4736b37..27bef75034 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -53,7 +53,6 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) if (*key) { (*key)->key = ASN1_TYPE_EMPTY; - (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; return 0; /* success */ } @@ -105,8 +104,6 @@ gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, if (!src || !dst) return GNUTLS_E_INVALID_REQUEST; - dst->pk_algorithm = src->pk_algorithm; - ret = _gnutls_pk_params_copy(&dst->params, &src->params); if (ret < 0) { return gnutls_assert_val(ret); @@ -475,11 +472,11 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) #define MAX_PEM_HEADER_SIZE 25 -#define IF_CHECK_FOR(pemstr, algo, cptr, bptr, size, key) \ +#define IF_CHECK_FOR(pemstr, _algo, cptr, bptr, size, key) \ if (left > sizeof(pemstr) && memcmp(cptr, pemstr, sizeof(pemstr)-1) == 0) { \ result = _gnutls_fbase64_decode(pemstr, bptr, size, &_data); \ if (result >= 0) \ - key->pk_algorithm = algo; \ + key->params.algo = _algo; \ } /** @@ -515,7 +512,7 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, _data.data = data->data; _data.size = data->size; - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->params.algo = GNUTLS_PK_UNKNOWN; /* If the Certificate is in PEM format then decode it */ @@ -552,14 +549,14 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, else IF_CHECK_FOR(PEM_KEY_RSA_PROVABLE, GNUTLS_PK_RSA, ptr, begin_ptr, left, key) else IF_CHECK_FOR(PEM_KEY_DSA_PROVABLE, GNUTLS_PK_DSA, ptr, begin_ptr, left, key) - if (key->pk_algorithm == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) { + if (key->params.algo == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) { if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) { result = _gnutls_fbase64_decode(PEM_KEY_PKCS8, begin_ptr, left, &_data); if (result >= 0) { /* signal for PKCS #8 keys */ - key->pk_algorithm = -1; + key->params.algo = -1; } } } @@ -580,7 +577,7 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, } key->expanded = 1; - if (key->pk_algorithm == (gnutls_pk_algorithm_t)-1) { + if (key->params.algo == (gnutls_pk_algorithm_t)-1) { result = gnutls_x509_privkey_import_pkcs8(key, data, format, NULL, @@ -589,16 +586,16 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, gnutls_assert(); key->key = NULL; } - } else if (key->pk_algorithm == GNUTLS_PK_RSA) { + } else if (key->params.algo == GNUTLS_PK_RSA) { key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key); if (key->key == NULL) gnutls_assert(); - } else if (key->pk_algorithm == GNUTLS_PK_DSA) { + } else if (key->params.algo == GNUTLS_PK_DSA) { key->key = decode_dsa_key(&_data, key); if (key->key == NULL) gnutls_assert(); - } else if (key->pk_algorithm == GNUTLS_PK_EC) { + } else if (key->params.algo == GNUTLS_PK_EC) { result = _gnutls_privkey_decode_ecc_key(&key->key, &_data, key, 0); if (result < 0) { gnutls_assert(); @@ -608,15 +605,15 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, /* Try decoding each of the keys, and accept the one that * succeeds. */ - key->pk_algorithm = GNUTLS_PK_RSA; + key->params.algo = GNUTLS_PK_RSA; key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key); if (key->key == NULL) { - key->pk_algorithm = GNUTLS_PK_DSA; + key->params.algo = GNUTLS_PK_DSA; key->key = decode_dsa_key(&_data, key); if (key->key == NULL) { - key->pk_algorithm = GNUTLS_PK_EC; + key->params.algo = GNUTLS_PK_EC; result = _gnutls_privkey_decode_ecc_key(&key->key, &_data, key, 0); if (result < 0) { @@ -641,7 +638,7 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, } result = - _gnutls_pk_fixup(key->pk_algorithm, GNUTLS_IMPORT, &key->params); + _gnutls_pk_fixup(key->params.algo, GNUTLS_IMPORT, &key->params); if (result < 0) { gnutls_assert(); } @@ -982,6 +979,9 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, goto cleanup; } + key->params.params_nr = RSA_PRIVATE_PARAMS; + key->params.algo = GNUTLS_PK_RSA; + ret = _gnutls_asn1_encode_privkey(&key->key, &key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); @@ -990,10 +990,6 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, goto cleanup; } - key->params.params_nr = RSA_PRIVATE_PARAMS; - key->pk_algorithm = GNUTLS_PK_RSA; - key->params.algo = key->pk_algorithm; - return 0; cleanup: @@ -1149,8 +1145,6 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, goto cleanup; } - key->pk_algorithm = key->params.algo; - return 0; } @@ -1178,7 +1172,7 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - key->params.algo = key->pk_algorithm = GNUTLS_PK_EC; + key->params.algo = GNUTLS_PK_EC; ret = _gnutls_pk_fixup(GNUTLS_PK_EC, GNUTLS_IMPORT, &key->params); @@ -1214,7 +1208,7 @@ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key) return GNUTLS_E_INVALID_REQUEST; } - return key->pk_algorithm; + return key->params.algo; } /** @@ -1240,13 +1234,13 @@ gnutls_x509_privkey_get_pk_algorithm2(gnutls_x509_privkey_t key, } if (bits) { - ret = pubkey_to_bits(key->pk_algorithm, &key->params); + ret = pubkey_to_bits(&key->params); if (ret < 0) ret = 0; *bits = ret; } - return key->pk_algorithm; + return key->params.algo; } /** @@ -1299,17 +1293,17 @@ gnutls_x509_privkey_set_spki(gnutls_x509_privkey_t key, const gnutls_x509_spki_t static const char *set_msg(gnutls_x509_privkey_t key) { - if (GNUTLS_PK_IS_RSA(key->pk_algorithm)) { + if (GNUTLS_PK_IS_RSA(key->params.algo)) { if (key->params.seed_size > 0 && !(key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT)) return PEM_KEY_RSA_PROVABLE; else return PEM_KEY_RSA; - } else if (key->pk_algorithm == GNUTLS_PK_DSA) { + } else if (key->params.algo == GNUTLS_PK_DSA) { if (key->params.seed_size > 0 && !(key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT)) return PEM_KEY_DSA_PROVABLE; else return PEM_KEY_DSA; - } else if (key->pk_algorithm == GNUTLS_PK_EC) + } else if (key->params.algo == GNUTLS_PK_EC) return PEM_KEY_ECC; else return "UNKNOWN"; @@ -1422,11 +1416,11 @@ gnutls_sec_param_t gnutls_x509_privkey_sec_param(gnutls_x509_privkey_t key) { int bits; - bits = pubkey_to_bits(key->pk_algorithm, &key->params); + bits = pubkey_to_bits(&key->params); if (bits <= 0) return GNUTLS_SEC_PARAM_UNKNOWN; - return gnutls_pk_bits_to_sec_param(key->pk_algorithm, bits); + return gnutls_pk_bits_to_sec_param(key->params.algo, bits); } /** @@ -1696,7 +1690,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, return 0; cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->params.algo = GNUTLS_PK_UNKNOWN; gnutls_pk_params_clear(&key->params); gnutls_pk_params_release(&key->params); @@ -1884,7 +1878,7 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg return GNUTLS_E_INVALID_REQUEST; } - if (key->pk_algorithm != GNUTLS_PK_RSA && key->pk_algorithm != GNUTLS_PK_DSA) + if (key->params.algo != GNUTLS_PK_RSA && key->params.algo != GNUTLS_PK_DSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits); @@ -1907,14 +1901,14 @@ int gnutls_x509_privkey_verify_seed(gnutls_x509_privkey_t key, gnutls_digest_alg data.data = (void*)seed; data.size = seed_size; - ret = gnutls_x509_privkey_generate2(okey, key->pk_algorithm, bits, + ret = gnutls_x509_privkey_generate2(okey, key->params.algo, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE, &data, 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - if (key->pk_algorithm == GNUTLS_PK_RSA) + if (key->params.algo == GNUTLS_PK_RSA) ret = cmp_rsa_key(key, okey); else ret = cmp_dsa_key(key, okey); @@ -1938,7 +1932,7 @@ int gnutls_x509_privkey_verify_params(gnutls_x509_privkey_t key) { int ret; - ret = _gnutls_pk_verify_priv_params(key->pk_algorithm, &key->params); + ret = _gnutls_pk_verify_priv_params(key->params.algo, &key->params); if (ret < 0) { gnutls_assert(); return ret; @@ -2023,15 +2017,15 @@ gnutls_x509_privkey_sign_hash(gnutls_x509_privkey_t key, return GNUTLS_E_INVALID_REQUEST; } - if (key->pk_algorithm != GNUTLS_PK_RSA && key->pk_algorithm != GNUTLS_PK_ECDSA && - key->pk_algorithm != GNUTLS_PK_DSA) { + if (key->params.algo != GNUTLS_PK_RSA && key->params.algo != GNUTLS_PK_ECDSA && + key->params.algo != GNUTLS_PK_DSA) { /* too primitive API - use only with legacy types */ gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } result = - _gnutls_pk_sign(key->pk_algorithm, signature, hash, + _gnutls_pk_sign(key->params.algo, signature, hash, &key->params, &key->params.spki); if (result < 0) { @@ -2187,7 +2181,7 @@ _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, gnutls_x509_spki_st *params) { memcpy(params, &key->params.spki, sizeof(gnutls_x509_spki_st)); - params->pk = key->pk_algorithm; + params->pk = key->params.algo; return 0; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index c7a7caf69f..43c1ebe4e2 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -65,7 +65,7 @@ _encode_privkey(gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) int ret; ASN1_TYPE spk = ASN1_TYPE_EMPTY; - switch (pkey->pk_algorithm) { + switch (pkey->params.algo) { case GNUTLS_PK_EDDSA_ED25519: /* we encode as octet string (which is going to be stored inside * another octet string). No comments. */ @@ -143,7 +143,7 @@ encode_to_private_key_info(gnutls_x509_privkey_t pkey, gnutls_datum_t algo_params = { NULL, 0 }; gnutls_datum_t algo_privkey = { NULL, 0 }; - oid = gnutls_pk_get_oid(pkey->pk_algorithm); + oid = gnutls_pk_get_oid(pkey->params.algo); if (oid == NULL) { gnutls_assert(); return GNUTLS_E_UNIMPLEMENTED_FEATURE; @@ -1197,8 +1197,8 @@ decode_private_key_info(const gnutls_datum_t * der, /* we only support RSA and DSA private keys. */ - pkey->pk_algorithm = gnutls_oid_to_pk(oid); - if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN) { + pkey->params.algo = gnutls_oid_to_pk(oid); + if (pkey->params.algo == GNUTLS_PK_UNKNOWN) { gnutls_assert(); _gnutls_debug_log ("PKCS #8 private key OID '%s' is unsupported.\n", @@ -1210,7 +1210,7 @@ decode_private_key_info(const gnutls_datum_t * der, /* Get the DER encoding of the actual private key. */ - switch(pkey->pk_algorithm) { + switch(pkey->params.algo) { case GNUTLS_PK_RSA: result = _decode_pkcs8_rsa_key(pkcs8_asn, pkey); break; @@ -1290,7 +1290,7 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, _data.data = data->data; _data.size = data->size; - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->params.algo = GNUTLS_PK_UNKNOWN; /* If the Certificate is in PEM format then decode it */ @@ -1344,7 +1344,7 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, /* This part is necessary to get the public key on certain algorithms. * In the import above we only get the private key. */ result = - _gnutls_pk_fixup(key->pk_algorithm, GNUTLS_IMPORT, &key->params); + _gnutls_pk_fixup(key->params.algo, GNUTLS_IMPORT, &key->params); if (result < 0) { gnutls_assert(); goto cleanup; @@ -1358,7 +1358,7 @@ gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, return 0; cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->params.algo = GNUTLS_PK_UNKNOWN; if (need_free) _gnutls_free_datum(&_data); return result; diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 6e4983148e..c80a79fd11 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -135,7 +135,6 @@ typedef struct gnutls_x509_privkey_int { */ gnutls_pk_params_st params; - gnutls_pk_algorithm_t pk_algorithm; unsigned expanded; unsigned flags; |