diff options
-rw-r--r-- | lib/gnutls_dh_primes.c | 28 | ||||
-rw-r--r-- | lib/gnutls_pubkey.c | 11 | ||||
-rw-r--r-- | lib/tpm.c | 8 | ||||
-rw-r--r-- | lib/x509/common.c | 20 | ||||
-rw-r--r-- | lib/x509/crl.c | 11 | ||||
-rw-r--r-- | lib/x509/crq.c | 15 | ||||
-rw-r--r-- | lib/x509/pkcs12.c | 11 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 9 | ||||
-rw-r--r-- | lib/x509/privkey.c | 11 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 13 | ||||
-rw-r--r-- | lib/x509/x509.c | 13 | ||||
-rw-r--r-- | lib/x509_b64.c | 101 | ||||
-rw-r--r-- | lib/x509_b64.h | 4 |
13 files changed, 89 insertions, 166 deletions
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 70d73d2efd..caa9fe893a 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -229,11 +229,10 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; result = _gnutls_fbase64_decode ("DH PARAMETERS", pkcs3_params->data, - pkcs3_params->size, &out); + pkcs3_params->size, &_params); if (result <= 0) { @@ -243,11 +242,7 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, return result; } - _params.data = out; - _params.size = result; - need_free = 1; - } else { @@ -442,7 +437,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, else { /* PEM */ uint8_t *tmp; - uint8_t *out; + gnutls_datum_t out; int len; len = 0; @@ -477,27 +472,20 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, return result; } - if (result == 0) - { /* oooops */ - gnutls_assert (); - gnutls_free (out); - return GNUTLS_E_INTERNAL_ERROR; - } - - if ((unsigned) result > *params_data_size) + if ((unsigned) out.size > *params_data_size) { gnutls_assert (); - gnutls_free (out); - *params_data_size = result; + gnutls_free (out.data); + *params_data_size = out.size + 1; return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *params_data_size = result - 1; + *params_data_size = out.size; if (params_data) - memcpy (params_data, out, result); + memcpy (params_data, out.data, out.size); - gnutls_free (out); + gnutls_free (out.data); } diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index aaae7024f9..c8cc31905f 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -836,23 +836,16 @@ gnutls_pubkey_import (gnutls_pubkey_t key, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - /* Try the first header */ result = - _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out); + _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &_data); - if (result <= 0) + if (result < 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } - _data.data = out; - _data.size = result; - need_free = 1; } @@ -357,6 +357,9 @@ const TSS_UUID srk_uuid = TSS_UUID_SRK; * form. Furthermore the wrapped key can be protected with * the provided @password. * + * Note that bits in TPM is quantized value. Allowed values are 512, + * 1024, 2048, 4096, 8192 and 16384. + * * Allowed flags are %GNUTLS_TPM_SIG_PKCS1V15 and %GNUTLS_TPM_SIG_PKCS1V15_SHA1. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a @@ -408,7 +411,7 @@ gnutls_pubkey_t pub; default: return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } - + tssret = Tspi_Context_Create(&ctx); if (tssret != 0) { @@ -532,13 +535,12 @@ gnutls_pubkey_t pub; if (format == GNUTLS_X509_FMT_PEM) { - ret = _gnutls_fbase64_encode ("TSS KEY BLOB", tmpkey.data, tmpkey.size, &privkey->data); + ret = _gnutls_fbase64_encode ("TSS KEY BLOB", tmpkey.data, tmpkey.size, privkey); if (ret < 0) { gnutls_assert(); goto cleanup; } - privkey->size = ret; } else { diff --git a/lib/x509/common.c b/lib/x509/common.c index 2e4ff2e500..9409141c73 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -805,7 +805,7 @@ _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name, } else { /* PEM */ - uint8_t *out; + gnutls_datum_t out; gnutls_datum_t tmp; result = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0); @@ -825,31 +825,25 @@ _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name, return result; } - if (result == 0) - { /* oooops */ - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if ((size_t) result > *output_data_size) + if ((size_t) out.size > *output_data_size) { gnutls_assert (); - gnutls_free (out); - *output_data_size = (size_t)result; + gnutls_free (out.data); + *output_data_size = (size_t)out.size+1; return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *output_data_size = (size_t)result; + *output_data_size = (size_t)out.size; if (output_data) { - memcpy (output_data, out, (size_t)result); + memcpy (output_data, out.data, (size_t)out.size); /* do not include the null character into output size. */ *output_data_size = (size_t)result - 1; } - gnutls_free (out); + gnutls_free (out.data); } diff --git a/lib/x509/crl.c b/lib/x509/crl.c index cfd4b9305c..b0e1fd82e5 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -118,21 +118,14 @@ gnutls_x509_crl_import (gnutls_x509_crl_t crl, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; + result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &_data); - result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out); - - if (result <= 0) + if (result < 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 0a2e13de80..956229ba97 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -126,26 +126,19 @@ gnutls_x509_crq_import (gnutls_x509_crq_t crq, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - /* Try the first header */ - result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &out); + result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &_data); - if (result <= 0) /* Go for the second header */ + if (result < 0) /* Go for the second header */ result = - _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &_data); - if (result <= 0) + if (result < 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index b1240a531e..d66f91a9e0 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -207,22 +207,15 @@ gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size, - &out); + &_data); - if (result <= 0) + if (result < 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index ff6da727c8..16e4d3b28e 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -215,22 +215,15 @@ gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size, - &out); + &_data); if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 26e1332748..9d32025db0 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -451,11 +451,9 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - /* Try the first header */ result = - _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &_data); if (result >= 0) key->pk_algorithm = GNUTLS_PK_RSA; @@ -465,7 +463,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, /* try for the second header */ result = _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size, - &out); + &_data); if (result >= 0) key->pk_algorithm = GNUTLS_PK_DSA; @@ -475,7 +473,7 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, /* try for the second header */ result = _gnutls_fbase64_decode (PEM_KEY_ECC, data->data, data->size, - &out); + &_data); if (result >= 0) key->pk_algorithm = GNUTLS_PK_EC; } @@ -487,9 +485,6 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, goto failover; } - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 0d90f29756..95711ce865 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1215,24 +1215,20 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - /* Try the first header */ result = _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8, - data->data, data->size, &out); + data->data, data->size, &_data); if (result < 0) { /* Try the encrypted header */ result = - _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &_data); - if (result <= 0) + if (result < 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } @@ -1240,9 +1236,6 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, else if (flags == 0) flags |= GNUTLS_PKCS_PLAIN; - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509/x509.c b/lib/x509/x509.c index acb3cec68c..ab8bac0bce 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -178,31 +178,24 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert, */ if (format == GNUTLS_X509_FMT_PEM) { - uint8_t *out; - /* Try the first header */ result = - _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &_data); if (result <= 0) { /* try for the second header */ result = _gnutls_fbase64_decode (PEM_X509_CERT, data->data, - data->size, &out); + data->size, &_data); - if (result <= 0) + if (result < 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; gnutls_assert (); return result; } } - _data.data = out; - _data.size = result; - need_free = 1; } diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 2b72ae8962..8b43011ad0 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -34,7 +34,7 @@ what+=size; \ if (what > max_len) { \ gnutls_assert(); \ - gnutls_free( (*result)); *result = NULL; \ + gnutls_free( result->data); result->data = NULL; \ return GNUTLS_E_INTERNAL_ERROR; \ } \ } while(0) @@ -44,7 +44,7 @@ */ int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, - size_t data_size, uint8_t ** result) + size_t data_size, gnutls_datum_t * result) { int tmp; unsigned int i; @@ -74,8 +74,8 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, max = B64FSIZE (top_len+bottom_len, data_size); - (*result) = gnutls_calloc (1, max + 1); - if ((*result) == NULL) + result->data = gnutls_malloc (max + 1); + if (result->data == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -85,7 +85,7 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, INCR (bytes, top_len, max); pos = top_len; - memcpy (*result, top, top_len); + memcpy (result->data, top, top_len); for (i = 0; i < data_size; i += 48) { @@ -98,7 +98,7 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, size = strlen(tmpres); INCR (bytes, size+1, max); - ptr = &(*result)[pos]; + ptr = &result->data[pos]; memcpy(ptr, tmpres, size); ptr += size; @@ -109,8 +109,9 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, INCR (bytes, bottom_len, max); - memcpy (&(*result)[bytes - bottom_len], bottom, bottom_len); - (*result)[bytes] = 0; + memcpy (&result->data[bytes - bottom_len], bottom, bottom_len); + result->data[bytes] = 0; + result->size = bytes; return max + 1; } @@ -136,24 +137,24 @@ int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, char *result, size_t * result_size) { - uint8_t *ret; - int size; + gnutls_datum_t res; + int ret; - size = _gnutls_fbase64_encode (msg, data->data, data->size, &ret); - if (size < 0) - return size; + ret = _gnutls_fbase64_encode (msg, data->data, data->size, &res); + if (ret < 0) + return ret; - if (result == NULL || *result_size < (unsigned) size) + if (result == NULL || *result_size < (unsigned) res.size) { - gnutls_free (ret); - *result_size = size; + gnutls_free (res.data); + *result_size = res.size + 1; return GNUTLS_E_SHORT_MEMORY_BUFFER; } else { - memcpy (result, ret, size); - gnutls_free (ret); - *result_size = size - 1; + memcpy (result, res.data, res.size); + gnutls_free (res.data); + *result_size = res.size; } return 0; @@ -180,18 +181,15 @@ gnutls_pem_base64_encode_alloc (const char *msg, const gnutls_datum_t * data, gnutls_datum_t * result) { - uint8_t *ret; - int size; + int ret; if (result == NULL) - return GNUTLS_E_INVALID_REQUEST; + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - size = _gnutls_fbase64_encode (msg, data->data, data->size, &ret); - if (size < 0) - return size; + ret = _gnutls_fbase64_encode (msg, data->data, data->size, result); + if (ret < 0) + return gnutls_assert_val(ret); - result->data = ret; - result->size = size - 1; return 0; } @@ -248,7 +246,6 @@ _gnutls_base64_decode (const uint8_t * data, size_t data_size, if (result->data == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); - pos = 0; for (i = 0; i < pdata.size; i += 64) { @@ -267,11 +264,12 @@ _gnutls_base64_decode (const uint8_t * data, size_t data_size, ret = GNUTLS_E_PARSING_ERROR; goto cleanup; } - memcpy (&(result->data)[pos], tmpres, tmpres_size); + memcpy (&result->data[pos], tmpres, tmpres_size); pos += tmpres_size; } result->size = pos; + ret = pos; cleanup: @@ -288,12 +286,11 @@ cleanup: #define ENDSTR "-----" int _gnutls_fbase64_decode (const char *header, const uint8_t * data, - size_t data_size, uint8_t ** result) + size_t data_size, gnutls_datum_t* result) { int ret; static const char top[] = "-----BEGIN "; static const char bottom[] = "-----END "; - gnutls_datum_t res; uint8_t *rdata, *kdata; int rdata_size; char pem_header[128]; @@ -352,12 +349,11 @@ _gnutls_fbase64_decode (const char *header, const uint8_t * data, return GNUTLS_E_BASE64_DECODING_ERROR; } - if ((ret = _gnutls_base64_decode (rdata, rdata_size, &res)) < 0) + if ((ret = _gnutls_base64_decode (rdata, rdata_size, result)) < 0) { gnutls_assert (); return GNUTLS_E_BASE64_DECODING_ERROR; } - *result = res.data; return ret; } @@ -383,25 +379,25 @@ gnutls_pem_base64_decode (const char *header, const gnutls_datum_t * b64_data, unsigned char *result, size_t * result_size) { - uint8_t *ret; - int size; + gnutls_datum_t res; + int ret; - size = - _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret); - if (size < 0) - return size; + ret = + _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &res); + if (ret < 0) + return gnutls_assert_val(ret); - if (result == NULL || *result_size < (unsigned) size) + if (result == NULL || *result_size < (unsigned) res.size) { - gnutls_free (ret); - *result_size = size; + gnutls_free (res.data); + *result_size = res.size; return GNUTLS_E_SHORT_MEMORY_BUFFER; } else { - memcpy (result, ret, size); - gnutls_free (ret); - *result_size = size; + memcpy (result, res.data, res.size); + gnutls_free (res.data); + *result_size = res.size; } return 0; @@ -429,18 +425,15 @@ gnutls_pem_base64_decode_alloc (const char *header, const gnutls_datum_t * b64_data, gnutls_datum_t * result) { - uint8_t *ret; - int size; + int ret; if (result == NULL) - return GNUTLS_E_INVALID_REQUEST; + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - size = - _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret); - if (size < 0) - return size; + ret = + _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, result); + if (ret < 0) + return gnutls_assert_val(ret); - result->data = ret; - result->size = size; return 0; } diff --git a/lib/x509_b64.h b/lib/x509_b64.h index a30f8f487a..d110c57026 100644 --- a/lib/x509_b64.h +++ b/lib/x509_b64.h @@ -21,9 +21,9 @@ */ int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, - size_t data_size, uint8_t ** result); + size_t data_size, gnutls_datum_t* result); int _gnutls_fbase64_decode (const char *header, const uint8_t * data, - size_t data_size, uint8_t ** result); + size_t data_size, gnutls_datum_t* result); int _gnutls_base64_decode (const uint8_t * data, size_t data_size, |