diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-28 17:42:49 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-28 17:42:51 +0200 |
commit | 4cd6694c6d58843e0f6246ca85da3d32bd97ca14 (patch) | |
tree | 85c3d8d47dad19f551dafabfdfc4720cdf410387 | |
parent | 2c1c22d3bd1ee1677b18c7500a9610de47b7e0e3 (diff) | |
download | gnutls-4cd6694c6d58843e0f6246ca85da3d32bd97ca14.tar.gz |
certtool: combined all the seed decoding methods to a single one
That not only simplifies the code, but also allows decoding hex strings
which contain not hex chars (and that allows decoding hex of the form XX:XX:XX)
-rw-r--r-- | src/certtool-common.c | 43 | ||||
-rw-r--r-- | src/certtool-common.h | 4 | ||||
-rw-r--r-- | src/certtool.c | 40 |
3 files changed, 44 insertions, 43 deletions
diff --git a/src/certtool-common.c b/src/certtool-common.c index 97ec3523c3..7e18a7f09d 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -1298,28 +1298,17 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) if (info->seed_size > 0) { gnutls_keygen_data_st data; - gnutls_datum_t hexseed, seed; - hexseed.data = (void*)info->seed; - hexseed.size = info->seed_size; - - ret = gnutls_hex_decode2(&hexseed, &seed); - if (ret < 0) { - fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret)); - exit(1); - } - - if (seed.size < 32) { - fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)seed.size); + if (info->seed_size < 32) { + fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)info->seed_size); exit(1); } data.type = GNUTLS_KEYGEN_SEED; - data.data = seed.data; - data.size = seed.size; + data.data = (void*)info->seed; + data.size = info->seed_size; ret = gnutls_x509_privkey_generate2(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE, &data, 1); - gnutls_free(seed.data); } else { ret = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE); } @@ -1435,3 +1424,27 @@ int generate_prime(FILE * outfile, int how, common_info_st * info) return 0; } + +void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size) +{ + int ret; + size_t seed_size; + + seed->size = hex_size; + seed->data = malloc(hex_size); + + if (seed->data == NULL) { + fprintf(stderr, "memory error\n"); + exit(1); + } + + seed_size = hex_size; + ret = gnutls_hex2bin(hex, hex_size, seed->data, &seed_size); + if (ret < 0) { + fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret)); + exit(1); + } + seed->size = seed_size; + + return; +} diff --git a/src/certtool-common.h b/src/certtool-common.h index 9b4aad9e8f..0bc9c259fc 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -57,7 +57,7 @@ typedef struct common_info { /* for key generation */ unsigned provable; - const char *seed; + const unsigned char *seed; unsigned seed_size; const char *pin; @@ -134,4 +134,6 @@ extern unsigned long lbuffer_size; void fix_lbuffer(unsigned long); +void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size); + #endif diff --git a/src/certtool.c b/src/certtool.c index 4ac8a1a983..d59d0e5e6d 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -157,28 +157,18 @@ generate_private_key_int(common_info_st * cinfo) if (cinfo->seed_size > 0) { gnutls_keygen_data_st data; - gnutls_datum_t hexseed, seed; - - hexseed.data = (void*)cinfo->seed; - hexseed.size = cinfo->seed_size; - - ret = gnutls_hex_decode2(&hexseed, &seed); - if (ret < 0) { - fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret)); - exit(1); - } data.type = GNUTLS_KEYGEN_SEED; - data.data = seed.data; - data.size = seed.size; + data.data = (void*)cinfo->seed; + data.size = cinfo->seed_size; if (key_type == GNUTLS_PK_RSA) { - if ((bits == 3072 && seed.size != 32) || (bits == 2048 && seed.size != 28)) { - fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)seed.size); + if ((bits == 3072 && cinfo->seed_size != 32) || (bits == 2048 && cinfo->seed_size != 28)) { + fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)cinfo->seed_size); } } else if (key_type == GNUTLS_PK_DSA) { - if (seed.size != 65) { - fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)seed.size); + if (cinfo->seed_size != 65) { + fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)cinfo->seed_size); } } @@ -223,15 +213,8 @@ static void verify_provable_privkey(common_info_st * cinfo) pkey = load_private_key(1, cinfo); - if (HAVE_OPT(SEED)) { - char seed[256]; - size_t seed_size = sizeof(seed); - ret = gnutls_hex2bin(OPT_ARG(SEED), strlen(OPT_ARG(SEED)), seed, &seed_size); - if (ret < 0) { - fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret)); - exit(1); - } - ret = gnutls_privkey_verify_seed(pkey, 0, seed, seed_size); + if (cinfo->seed_size > 0) { + ret = gnutls_privkey_verify_seed(pkey, 0, cinfo->seed, cinfo->seed_size); } else { ret = gnutls_privkey_verify_seed(pkey, 0, NULL, 0); } @@ -1171,8 +1154,11 @@ static void cmd_parser(int argc, char **argv) cinfo.verbose = 1; if (HAVE_OPT(SEED)) { - cinfo.seed = OPT_ARG(SEED); - cinfo.seed_size = strlen(OPT_ARG(SEED)); + gnutls_datum_t seed; + decode_seed(&seed, OPT_ARG(SEED), strlen(OPT_ARG(SEED))); + + cinfo.seed = seed.data; + cinfo.seed_size = seed.size; } cinfo.batch = batch; |