diff options
author | lv-426 <oxcafebaby@yahoo.com> | 2008-07-07 02:39:48 +0000 |
---|---|---|
committer | lv-426 <oxcafebaby@yahoo.com> | 2008-07-07 02:39:48 +0000 |
commit | 6d57794092b3a43cf74626e16cec2913c845c3a9 (patch) | |
tree | e3831206f47321091d34187e71441c9ffe2f4a1b /src/daemon/https | |
parent | b9f09651e6217396171d0ee25eb3f1a5087a3ad6 (diff) | |
download | libmicrohttpd-6d57794092b3a43cf74626e16cec2913c845c3a9.tar.gz libmicrohttpd-6d57794092b3a43cf74626e16cec2913c845c3a9.zip |
formating
Diffstat (limited to 'src/daemon/https')
-rw-r--r-- | src/daemon/https/openpgp/extras.c | 61 | ||||
-rw-r--r-- | src/daemon/https/openpgp/pgp.c | 169 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_record.c | 687 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_str.c | 125 | ||||
-rw-r--r-- | src/daemon/https/x509/privkey_pkcs8.c | 3484 |
5 files changed, 2273 insertions, 2253 deletions
diff --git a/src/daemon/https/openpgp/extras.c b/src/daemon/https/openpgp/extras.c index d3c755d4..42b564ed 100644 --- a/src/daemon/https/openpgp/extras.c +++ b/src/daemon/https/openpgp/extras.c | |||
@@ -41,12 +41,13 @@ | |||
41 | * Returns 0 on success. | 41 | * Returns 0 on success. |
42 | * | 42 | * |
43 | **/ | 43 | **/ |
44 | int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring) | 44 | int |
45 | gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring) | ||
45 | { | 46 | { |
46 | *keyring = gnutls_calloc(1, sizeof(gnutls_openpgp_keyring_int)); | 47 | *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int)); |
47 | 48 | ||
48 | if (*keyring) | 49 | if (*keyring) |
49 | return 0; /* success */ | 50 | return 0; /* success */ |
50 | return GNUTLS_E_MEMORY_ERROR; | 51 | return GNUTLS_E_MEMORY_ERROR; |
51 | } | 52 | } |
52 | 53 | ||
@@ -57,26 +58,27 @@ int gnutls_openpgp_keyring_init(gnutls_openpgp_keyring_t * keyring) | |||
57 | * This function will deinitialize a keyring structure. | 58 | * This function will deinitialize a keyring structure. |
58 | * | 59 | * |
59 | **/ | 60 | **/ |
60 | void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring) | 61 | void |
62 | gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) | ||
61 | { | 63 | { |
62 | if (!keyring) | 64 | if (!keyring) |
63 | return; | 65 | return; |
64 | 66 | ||
65 | if (keyring->db) | 67 | if (keyring->db) |
66 | { | 68 | { |
67 | cdk_keydb_free(keyring->db); | 69 | cdk_keydb_free (keyring->db); |
68 | keyring->db = NULL; | 70 | keyring->db = NULL; |
69 | } | 71 | } |
70 | 72 | ||
71 | /* In some cases the stream is also stored outside the keydb context | 73 | /* In some cases the stream is also stored outside the keydb context |
72 | and we need to close it here then. */ | 74 | and we need to close it here then. */ |
73 | if (keyring->db_stream) | 75 | if (keyring->db_stream) |
74 | { | 76 | { |
75 | cdk_stream_close(keyring->db_stream); | 77 | cdk_stream_close (keyring->db_stream); |
76 | keyring->db_stream = NULL; | 78 | keyring->db_stream = NULL; |
77 | } | 79 | } |
78 | 80 | ||
79 | gnutls_free(keyring); | 81 | gnutls_free (keyring); |
80 | } | 82 | } |
81 | 83 | ||
82 | /** | 84 | /** |
@@ -90,19 +92,20 @@ void gnutls_openpgp_keyring_deinit(gnutls_openpgp_keyring_t keyring) | |||
90 | * Returns 0 on success (if keyid exists) and a negative error code | 92 | * Returns 0 on success (if keyid exists) and a negative error code |
91 | * on failure. | 93 | * on failure. |
92 | **/ | 94 | **/ |
93 | int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring, | 95 | int |
94 | const unsigned char keyid[8], | 96 | gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, |
95 | unsigned int flags) | 97 | const unsigned char keyid[8], |
98 | unsigned int flags) | ||
96 | { | 99 | { |
97 | cdk_pkt_pubkey_t pk; | 100 | cdk_pkt_pubkey_t pk; |
98 | uint32_t id[2]; | 101 | uint32_t id[2]; |
99 | 102 | ||
100 | id[0] = _gnutls_read_uint32(keyid); | 103 | id[0] = _gnutls_read_uint32 (keyid); |
101 | id[1] = _gnutls_read_uint32(&keyid[4]); | 104 | id[1] = _gnutls_read_uint32 (&keyid[4]); |
102 | 105 | ||
103 | if (!cdk_keydb_get_pk(ring->db, id, &pk)) | 106 | if (!cdk_keydb_get_pk (ring->db, id, &pk)) |
104 | { | 107 | { |
105 | cdk_pk_release(pk); | 108 | cdk_pk_release (pk); |
106 | return 0; | 109 | return 0; |
107 | } | 110 | } |
108 | 111 | ||
@@ -123,42 +126,44 @@ int gnutls_openpgp_keyring_check_id(gnutls_openpgp_keyring_t ring, | |||
123 | * Returns 0 on success. | 126 | * Returns 0 on success. |
124 | * | 127 | * |
125 | **/ | 128 | **/ |
126 | int gnutls_openpgp_keyring_import(gnutls_openpgp_keyring_t keyring, | 129 | int |
127 | const gnutls_datum_t * data, | 130 | gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, |
128 | gnutls_openpgp_crt_fmt_t format) | 131 | const gnutls_datum_t * data, |
132 | gnutls_openpgp_crt_fmt_t format) | ||
129 | { | 133 | { |
130 | cdk_error_t err; | 134 | cdk_error_t err; |
131 | cdk_stream_t input; | 135 | cdk_stream_t input; |
132 | 136 | ||
133 | _gnutls_debug_log ("PGP: keyring import format '%s'\n", | 137 | _gnutls_debug_log ("PGP: keyring import format '%s'\n", |
134 | format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); | 138 | format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); |
135 | 139 | ||
136 | if (format == GNUTLS_OPENPGP_FMT_RAW) | 140 | if (format == GNUTLS_OPENPGP_FMT_RAW) |
137 | { | 141 | { |
138 | err | 142 | err |
139 | = cdk_keydb_new(&keyring->db, CDK_DBTYPE_DATA, data->data, data->size); | 143 | = |
144 | cdk_keydb_new (&keyring->db, CDK_DBTYPE_DATA, data->data, data->size); | ||
140 | if (err) | 145 | if (err) |
141 | gnutls_assert (); | 146 | gnutls_assert (); |
142 | return _gnutls_map_cdk_rc (err); | 147 | return _gnutls_map_cdk_rc (err); |
143 | } | 148 | } |
144 | 149 | ||
145 | /* Create a new stream from the given data, which means to | 150 | /* Create a new stream from the given data, which means to |
146 | allocate a new stream and to write the data in the stream. | 151 | allocate a new stream and to write the data in the stream. |
147 | Then push the armor filter to decode the data and to store | 152 | Then push the armor filter to decode the data and to store |
148 | it in the raw format. */ | 153 | it in the raw format. */ |
149 | err = cdk_stream_tmp_from_mem(data->data, data->size, &input); | 154 | err = cdk_stream_tmp_from_mem (data->data, data->size, &input); |
150 | if (!err) | 155 | if (!err) |
151 | err = cdk_stream_set_armor_flag(input, 0); | 156 | err = cdk_stream_set_armor_flag (input, 0); |
152 | if (!err) | 157 | if (!err) |
153 | err = cdk_keydb_new_from_stream(&keyring->db, 0, input); | 158 | err = cdk_keydb_new_from_stream (&keyring->db, 0, input); |
154 | if (err) | 159 | if (err) |
155 | { | 160 | { |
156 | cdk_stream_close(input); | 161 | cdk_stream_close (input); |
157 | gnutls_assert (); | 162 | gnutls_assert (); |
158 | } | 163 | } |
159 | else | 164 | else |
160 | /* The keydb function will not close the stream itself, so we need to | 165 | /* The keydb function will not close the stream itself, so we need to |
161 | store it separately to close it later. */ | 166 | store it separately to close it later. */ |
162 | keyring->db_stream = input; | 167 | keyring->db_stream = input; |
163 | 168 | ||
164 | return _gnutls_map_cdk_rc (err); | 169 | return _gnutls_map_cdk_rc (err); |
diff --git a/src/daemon/https/openpgp/pgp.c b/src/daemon/https/openpgp/pgp.c index fca307f5..d5e6ce09 100644 --- a/src/daemon/https/openpgp/pgp.c +++ b/src/daemon/https/openpgp/pgp.c | |||
@@ -39,12 +39,13 @@ | |||
39 | * Returns 0 on success. | 39 | * Returns 0 on success. |
40 | * | 40 | * |
41 | **/ | 41 | **/ |
42 | int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key) | 42 | int |
43 | gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key) | ||
43 | { | 44 | { |
44 | *key = gnutls_calloc(1, sizeof(gnutls_openpgp_crt_int)); | 45 | *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int)); |
45 | 46 | ||
46 | if (*key) | 47 | if (*key) |
47 | return 0; /* success */ | 48 | return 0; /* success */ |
48 | return GNUTLS_E_MEMORY_ERROR; | 49 | return GNUTLS_E_MEMORY_ERROR; |
49 | } | 50 | } |
50 | 51 | ||
@@ -54,18 +55,19 @@ int gnutls_openpgp_crt_init(gnutls_openpgp_crt_t * key) | |||
54 | * | 55 | * |
55 | * This function will deinitialize a key structure. | 56 | * This function will deinitialize a key structure. |
56 | **/ | 57 | **/ |
57 | void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key) | 58 | void |
59 | gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key) | ||
58 | { | 60 | { |
59 | if (!key) | 61 | if (!key) |
60 | return; | 62 | return; |
61 | 63 | ||
62 | if (key->knode) | 64 | if (key->knode) |
63 | { | 65 | { |
64 | cdk_kbnode_release(key->knode); | 66 | cdk_kbnode_release (key->knode); |
65 | key->knode = NULL; | 67 | key->knode = NULL; |
66 | } | 68 | } |
67 | 69 | ||
68 | gnutls_free(key); | 70 | gnutls_free (key); |
69 | } | 71 | } |
70 | 72 | ||
71 | /** | 73 | /** |
@@ -79,32 +81,33 @@ void gnutls_openpgp_crt_deinit(gnutls_openpgp_crt_t key) | |||
79 | * | 81 | * |
80 | * Returns 0 on success. | 82 | * Returns 0 on success. |
81 | **/ | 83 | **/ |
82 | int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key, | 84 | int |
83 | const gnutls_datum_t * data, | 85 | gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, |
84 | gnutls_openpgp_crt_fmt_t format) | 86 | const gnutls_datum_t * data, |
87 | gnutls_openpgp_crt_fmt_t format) | ||
85 | { | 88 | { |
86 | cdk_stream_t inp; | 89 | cdk_stream_t inp; |
87 | int rc; | 90 | int rc; |
88 | 91 | ||
89 | if (format == GNUTLS_OPENPGP_FMT_RAW) | 92 | if (format == GNUTLS_OPENPGP_FMT_RAW) |
90 | rc = cdk_kbnode_read_from_mem(&key->knode, data->data, data->size); | 93 | rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); |
91 | else | 94 | else |
92 | { | 95 | { |
93 | rc = cdk_stream_tmp_from_mem(data->data, data->size, &inp); | 96 | rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); |
94 | if (rc) | 97 | if (rc) |
95 | { | 98 | { |
96 | rc = _gnutls_map_cdk_rc(rc); | 99 | rc = _gnutls_map_cdk_rc (rc); |
97 | gnutls_assert (); | 100 | gnutls_assert (); |
98 | return rc; | 101 | return rc; |
99 | } | 102 | } |
100 | if (cdk_armor_filter_use(inp)) | 103 | if (cdk_armor_filter_use (inp)) |
101 | rc = cdk_stream_set_armor_flag(inp, 0); | 104 | rc = cdk_stream_set_armor_flag (inp, 0); |
102 | if (!rc) | 105 | if (!rc) |
103 | rc = cdk_keydb_get_keyblock(inp, &key->knode); | 106 | rc = cdk_keydb_get_keyblock (inp, &key->knode); |
104 | cdk_stream_close(inp); | 107 | cdk_stream_close (inp); |
105 | if (rc) | 108 | if (rc) |
106 | { | 109 | { |
107 | rc = _gnutls_map_cdk_rc(rc); | 110 | rc = _gnutls_map_cdk_rc (rc); |
108 | gnutls_assert (); | 111 | gnutls_assert (); |
109 | return rc; | 112 | return rc; |
110 | } | 113 | } |
@@ -127,50 +130,50 @@ int gnutls_openpgp_crt_import(gnutls_openpgp_crt_t key, | |||
127 | * Returns 0 on success. | 130 | * Returns 0 on success. |
128 | * | 131 | * |
129 | **/ | 132 | **/ |
130 | int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key, | 133 | int |
131 | gnutls_openpgp_crt_fmt_t format, | 134 | gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, |
132 | void *output_data, | 135 | gnutls_openpgp_crt_fmt_t format, |
133 | size_t * output_data_size) | 136 | void *output_data, size_t * output_data_size) |
134 | { | 137 | { |
135 | size_t input_data_size = *output_data_size; | 138 | size_t input_data_size = *output_data_size; |
136 | size_t calc_size; | 139 | size_t calc_size; |
137 | int rc; | 140 | int rc; |
138 | 141 | ||
139 | rc = cdk_kbnode_write_to_mem(key->knode, output_data, output_data_size); | 142 | rc = cdk_kbnode_write_to_mem (key->knode, output_data, output_data_size); |
140 | if (rc) | 143 | if (rc) |
141 | { | 144 | { |
142 | rc = _gnutls_map_cdk_rc(rc); | 145 | rc = _gnutls_map_cdk_rc (rc); |
143 | gnutls_assert (); | 146 | gnutls_assert (); |
144 | return rc; | 147 | return rc; |
145 | } | 148 | } |
146 | 149 | ||
147 | /* FIXME: The first call of this function is with output_data == NULL | 150 | /* FIXME: The first call of this function is with output_data == NULL |
148 | to figure out the size and the caller expects this error here. */ | 151 | to figure out the size and the caller expects this error here. */ |
149 | if (!output_data) | 152 | if (!output_data) |
150 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | 153 | return GNUTLS_E_SHORT_MEMORY_BUFFER; |
151 | 154 | ||
152 | if (format == GNUTLS_OPENPGP_FMT_BASE64) | 155 | if (format == GNUTLS_OPENPGP_FMT_BASE64) |
153 | { | 156 | { |
154 | unsigned char *in = cdk_calloc(1, *output_data_size); | 157 | unsigned char *in = cdk_calloc (1, *output_data_size); |
155 | memcpy(in, output_data, *output_data_size); | 158 | memcpy (in, output_data, *output_data_size); |
156 | 159 | ||
157 | /* Calculate the size of the encoded data and check if the provided | 160 | /* Calculate the size of the encoded data and check if the provided |
158 | buffer is large enough. */ | 161 | buffer is large enough. */ |
159 | rc = cdk_armor_encode_buffer(in, input_data_size, | 162 | rc = cdk_armor_encode_buffer (in, input_data_size, |
160 | NULL, 0, &calc_size, CDK_ARMOR_PUBKEY); | 163 | NULL, 0, &calc_size, CDK_ARMOR_PUBKEY); |
161 | if (rc || calc_size > input_data_size) | 164 | if (rc || calc_size > input_data_size) |
162 | { | 165 | { |
163 | cdk_free(in); | 166 | cdk_free (in); |
164 | *output_data_size = calc_size; | 167 | *output_data_size = calc_size; |
165 | rc = _gnutls_map_cdk_rc(CDK_Too_Short); | 168 | rc = _gnutls_map_cdk_rc (CDK_Too_Short); |
166 | gnutls_assert (); | 169 | gnutls_assert (); |
167 | return rc; | 170 | return rc; |
168 | } | 171 | } |
169 | 172 | ||
170 | rc = cdk_armor_encode_buffer(in, input_data_size, output_data, | 173 | rc = cdk_armor_encode_buffer (in, input_data_size, output_data, |
171 | input_data_size, &calc_size, | 174 | input_data_size, &calc_size, |
172 | CDK_ARMOR_PUBKEY); | 175 | CDK_ARMOR_PUBKEY); |
173 | cdk_free(in); | 176 | cdk_free (in); |
174 | *output_data_size = calc_size; | 177 | *output_data_size = calc_size; |
175 | } | 178 | } |
176 | 179 | ||
@@ -186,12 +189,12 @@ int gnutls_openpgp_crt_export(gnutls_openpgp_crt_t key, | |||
186 | * Returns the fingerprint of the OpenPGP key. Depends on the algorithm, | 189 | * Returns the fingerprint of the OpenPGP key. Depends on the algorithm, |
187 | * the fingerprint can be 16 or 20 bytes. | 190 | * the fingerprint can be 16 or 20 bytes. |
188 | **/ | 191 | **/ |
189 | int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key, | 192 | int |
190 | void *fpr, | 193 | gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, |
191 | size_t * fprlen) | 194 | void *fpr, size_t * fprlen) |
192 | { | 195 | { |
193 | cdk_packet_t pkt; | 196 | cdk_packet_t pkt; |
194 | cdk_pkt_pubkey_t pk= NULL; | 197 | cdk_pkt_pubkey_t pk = NULL; |
195 | 198 | ||
196 | if (!fpr || !fprlen) | 199 | if (!fpr || !fprlen) |
197 | { | 200 | { |
@@ -201,7 +204,7 @@ int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key, | |||
201 | 204 | ||
202 | *fprlen = 0; | 205 | *fprlen = 0; |
203 | 206 | ||
204 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 207 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
205 | if (!pkt) | 208 | if (!pkt) |
206 | return GNUTLS_E_OPENPGP_GETKEY_FAILED; | 209 | return GNUTLS_E_OPENPGP_GETKEY_FAILED; |
207 | 210 | ||
@@ -211,12 +214,13 @@ int gnutls_openpgp_crt_get_fingerprint(gnutls_openpgp_crt_t key, | |||
211 | /* FIXME: Check if the draft allows old PGP keys. */ | 214 | /* FIXME: Check if the draft allows old PGP keys. */ |
212 | if (is_RSA (pk->pubkey_algo) && pk->version < 4) | 215 | if (is_RSA (pk->pubkey_algo) && pk->version < 4) |
213 | *fprlen = 16; | 216 | *fprlen = 16; |
214 | cdk_pk_get_fingerprint(pk, fpr); | 217 | cdk_pk_get_fingerprint (pk, fpr); |
215 | 218 | ||
216 | return 0; | 219 | return 0; |
217 | } | 220 | } |
218 | 221 | ||
219 | int _gnutls_openpgp_count_key_names(gnutls_openpgp_crt_t key) | 222 | int |
223 | _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key) | ||
220 | { | 224 | { |
221 | cdk_kbnode_t p, ctx; | 225 | cdk_kbnode_t p, ctx; |
222 | cdk_packet_t pkt; | 226 | cdk_packet_t pkt; |
@@ -230,9 +234,9 @@ int _gnutls_openpgp_count_key_names(gnutls_openpgp_crt_t key) | |||
230 | 234 | ||
231 | ctx = NULL; | 235 | ctx = NULL; |
232 | nuids = 0; | 236 | nuids = 0; |
233 | while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) | 237 | while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) |
234 | { | 238 | { |
235 | pkt = cdk_kbnode_get_packet(p); | 239 | pkt = cdk_kbnode_get_packet (p); |
236 | if (pkt->pkttype == CDK_PKT_USER_ID) | 240 | if (pkt->pkttype == CDK_PKT_USER_ID) |
237 | nuids++; | 241 | nuids++; |
238 | } | 242 | } |
@@ -254,14 +258,13 @@ int _gnutls_openpgp_count_key_names(gnutls_openpgp_crt_t key) | |||
254 | * if the index of the ID does not exist. | 258 | * if the index of the ID does not exist. |
255 | * | 259 | * |
256 | **/ | 260 | **/ |
257 | int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key, | 261 | int |
258 | int idx, | 262 | gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, |
259 | char *buf, | 263 | int idx, char *buf, size_t * sizeof_buf) |
260 | size_t * sizeof_buf) | ||
261 | { | 264 | { |
262 | cdk_kbnode_t ctx= NULL, p; | 265 | cdk_kbnode_t ctx = NULL, p; |
263 | cdk_packet_t pkt= NULL; | 266 | cdk_packet_t pkt = NULL; |
264 | cdk_pkt_userid_t uid= NULL; | 267 | cdk_pkt_userid_t uid = NULL; |
265 | int pos = 0; | 268 | int pos = 0; |
266 | 269 | ||
267 | if (!key || !buf) | 270 | if (!key || !buf) |
@@ -270,17 +273,17 @@ int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key, | |||
270 | return GNUTLS_E_INVALID_REQUEST; | 273 | return GNUTLS_E_INVALID_REQUEST; |
271 | } | 274 | } |
272 | 275 | ||
273 | if (idx < 0 || idx > _gnutls_openpgp_count_key_names(key)) | 276 | if (idx < 0 || idx > _gnutls_openpgp_count_key_names (key)) |
274 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; | 277 | return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; |
275 | 278 | ||
276 | if (!idx) | 279 | if (!idx) |
277 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_USER_ID); | 280 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_USER_ID); |
278 | else | 281 | else |
279 | { | 282 | { |
280 | pos = 0; | 283 | pos = 0; |
281 | while ((p = cdk_kbnode_walk(key->knode, &ctx, 0))) | 284 | while ((p = cdk_kbnode_walk (key->knode, &ctx, 0))) |
282 | { | 285 | { |
283 | pkt = cdk_kbnode_get_packet(p); | 286 | pkt = cdk_kbnode_get_packet (p); |
284 | if (pkt->pkttype == CDK_PKT_USER_ID && ++pos == idx) | 287 | if (pkt->pkttype == CDK_PKT_USER_ID && ++pos == idx) |
285 | break; | 288 | break; |
286 | } | 289 | } |
@@ -300,8 +303,8 @@ int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key, | |||
300 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | 303 | return GNUTLS_E_SHORT_MEMORY_BUFFER; |
301 | } | 304 | } |
302 | 305 | ||
303 | memcpy(buf, uid->name, uid->len); | 306 | memcpy (buf, uid->name, uid->len); |
304 | buf[uid->len] = '\0'; /* make sure it's a string */ | 307 | buf[uid->len] = '\0'; /* make sure it's a string */ |
305 | *sizeof_buf = uid->len + 1; | 308 | *sizeof_buf = uid->len + 1; |
306 | 309 | ||
307 | if (uid->is_revoked) | 310 | if (uid->is_revoked) |
@@ -326,8 +329,9 @@ int gnutls_openpgp_crt_get_name(gnutls_openpgp_crt_t key, | |||
326 | * or a negative value on error. | 329 | * or a negative value on error. |
327 | * | 330 | * |
328 | **/ | 331 | **/ |
329 | gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t key, | 332 | gnutls_pk_algorithm_t |
330 | unsigned int *bits) | 333 | gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, |
334 | unsigned int *bits) | ||
331 | { | 335 | { |
332 | cdk_packet_t pkt; | 336 | cdk_packet_t pkt; |
333 | int algo; | 337 | int algo; |
@@ -336,11 +340,11 @@ gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t k | |||
336 | return GNUTLS_PK_UNKNOWN; | 340 | return GNUTLS_PK_UNKNOWN; |
337 | 341 | ||
338 | algo = 0; | 342 | algo = 0; |
339 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 343 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
340 | if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) | 344 | if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) |
341 | { | 345 | { |
342 | if (bits) | 346 | if (bits) |
343 | *bits = cdk_pk_get_nbits(pkt->pkt.public_key); | 347 | *bits = cdk_pk_get_nbits (pkt->pkt.public_key); |
344 | algo = pkt->pkt.public_key->pubkey_algo; | 348 | algo = pkt->pkt.public_key->pubkey_algo; |
345 | if (is_RSA (algo)) | 349 | if (is_RSA (algo)) |
346 | algo = GNUTLS_PK_RSA; | 350 | algo = GNUTLS_PK_RSA; |
@@ -357,7 +361,8 @@ gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm(gnutls_openpgp_crt_t k | |||
357 | * | 361 | * |
358 | * Extract the version of the OpenPGP key. | 362 | * Extract the version of the OpenPGP key. |
359 | **/ | 363 | **/ |
360 | int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key) | 364 | int |
365 | gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key) | ||
361 | { | 366 | { |
362 | cdk_packet_t pkt; | 367 | cdk_packet_t pkt; |
363 | int version; | 368 | int version; |
@@ -365,7 +370,7 @@ int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key) | |||
365 | if (!key) | 370 | if (!key) |
366 | return -1; | 371 | return -1; |
367 | 372 | ||
368 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 373 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
369 | if (pkt) | 374 | if (pkt) |
370 | version = pkt->pkt.public_key->version; | 375 | version = pkt->pkt.public_key->version; |
371 | else | 376 | else |
@@ -380,7 +385,8 @@ int gnutls_openpgp_crt_get_version(gnutls_openpgp_crt_t key) | |||
380 | * | 385 | * |
381 | * Returns the timestamp when the OpenPGP key was created. | 386 | * Returns the timestamp when the OpenPGP key was created. |
382 | **/ | 387 | **/ |
383 | time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key) | 388 | time_t |
389 | gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key) | ||
384 | { | 390 | { |
385 | cdk_packet_t pkt; | 391 | cdk_packet_t pkt; |
386 | time_t timestamp; | 392 | time_t timestamp; |
@@ -388,7 +394,7 @@ time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key) | |||
388 | if (!key) | 394 | if (!key) |
389 | return (time_t) - 1; | 395 | return (time_t) - 1; |
390 | 396 | ||
391 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 397 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
392 | if (pkt) | 398 | if (pkt) |
393 | timestamp = pkt->pkt.public_key->timestamp; | 399 | timestamp = pkt->pkt.public_key->timestamp; |
394 | else | 400 | else |
@@ -404,7 +410,8 @@ time_t gnutls_openpgp_crt_get_creation_time(gnutls_openpgp_crt_t key) | |||
404 | * Returns the time when the OpenPGP key expires. A value of '0' means | 410 | * Returns the time when the OpenPGP key expires. A value of '0' means |
405 | * that the key doesn't expire at all. | 411 | * that the key doesn't expire at all. |
406 | **/ | 412 | **/ |
407 | time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key) | 413 | time_t |
414 | gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key) | ||
408 | { | 415 | { |
409 | cdk_packet_t pkt; | 416 | cdk_packet_t pkt; |
410 | time_t expiredate; | 417 | time_t expiredate; |
@@ -412,7 +419,7 @@ time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key) | |||
412 | if (!key) | 419 | if (!key) |
413 | return (time_t) - 1; | 420 | return (time_t) - 1; |
414 | 421 | ||
415 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 422 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
416 | if (pkt) | 423 | if (pkt) |
417 | expiredate = pkt->pkt.public_key->expiredate; | 424 | expiredate = pkt->pkt.public_key->expiredate; |
418 | else | 425 | else |
@@ -428,8 +435,8 @@ time_t gnutls_openpgp_crt_get_expiration_time(gnutls_openpgp_crt_t key) | |||
428 | * | 435 | * |
429 | * Returns the 64-bit keyID of the OpenPGP key. | 436 | * Returns the 64-bit keyID of the OpenPGP key. |
430 | **/ | 437 | **/ |
431 | int gnutls_openpgp_crt_get_id(gnutls_openpgp_crt_t key, | 438 | int |
432 | unsigned char keyid[8]) | 439 | gnutls_openpgp_crt_get_id (gnutls_openpgp_crt_t key, unsigned char keyid[8]) |
433 | { | 440 | { |
434 | cdk_packet_t pkt; | 441 | cdk_packet_t pkt; |
435 | uint32_t kid[2]; | 442 | uint32_t kid[2]; |
@@ -440,11 +447,11 @@ int gnutls_openpgp_crt_get_id(gnutls_openpgp_crt_t key, | |||
440 | return GNUTLS_E_INVALID_REQUEST; | 447 | return GNUTLS_E_INVALID_REQUEST; |
441 | } | 448 | } |
442 | 449 | ||
443 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 450 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
444 | if (!pkt) | 451 | if (!pkt) |
445 | return GNUTLS_E_OPENPGP_GETKEY_FAILED; | 452 | return GNUTLS_E_OPENPGP_GETKEY_FAILED; |
446 | 453 | ||
447 | cdk_pk_get_keyid(pkt->pkt.public_key, kid); | 454 | cdk_pk_get_keyid (pkt->pkt.public_key, kid); |
448 | keyid[0] = kid[0] >> 24; | 455 | keyid[0] = kid[0] >> 24; |
449 | keyid[1] = kid[0] >> 16; | 456 | keyid[1] = kid[0] >> 16; |
450 | keyid[2] = kid[0] >> 8; | 457 | keyid[2] = kid[0] >> 8; |
@@ -469,8 +476,9 @@ int gnutls_openpgp_crt_get_id(gnutls_openpgp_crt_t key, | |||
469 | * Returns non zero on success, and zero on failure. | 476 | * Returns non zero on success, and zero on failure. |
470 | * | 477 | * |
471 | **/ | 478 | **/ |
472 | int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, | 479 | int |
473 | const char *hostname) | 480 | gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, |
481 | const char *hostname) | ||
474 | { | 482 | { |
475 | char dnsname[MAX_CN]; | 483 | char dnsname[MAX_CN]; |
476 | size_t dnsnamesize; | 484 | size_t dnsnamesize; |
@@ -481,9 +489,9 @@ int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, | |||
481 | for (i = 0; !(ret < 0); i++) | 489 | for (i = 0; !(ret < 0); i++) |
482 | { | 490 | { |
483 | dnsnamesize = sizeof (dnsname); | 491 | dnsnamesize = sizeof (dnsname); |
484 | ret = gnutls_openpgp_crt_get_name(key, i, dnsname, &dnsnamesize); | 492 | ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize); |
485 | /* FIXME: ret is not used */ | 493 | /* FIXME: ret is not used */ |
486 | if (_gnutls_hostname_compare(dnsname, hostname)) | 494 | if (_gnutls_hostname_compare (dnsname, hostname)) |
487 | return 1; | 495 | return 1; |
488 | } | 496 | } |
489 | 497 | ||
@@ -503,8 +511,9 @@ int gnutls_openpgp_crt_check_hostname(gnutls_openpgp_crt_t key, | |||
503 | * A negative value may be returned in case of parsing error. | 511 | * A negative value may be returned in case of parsing error. |
504 | * | 512 | * |
505 | */ | 513 | */ |
506 | int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key, | 514 | int |
507 | unsigned int *key_usage) | 515 | gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, |
516 | unsigned int *key_usage) | ||
508 | { | 517 | { |
509 | cdk_packet_t pkt; | 518 | cdk_packet_t pkt; |
510 | int algo = 0; | 519 | int algo = 0; |
@@ -514,14 +523,14 @@ int gnutls_openpgp_crt_get_key_usage(gnutls_openpgp_crt_t key, | |||
514 | 523 | ||
515 | *key_usage = 0; | 524 | *key_usage = 0; |
516 | 525 | ||
517 | pkt = cdk_kbnode_find_packet(key->knode, CDK_PKT_PUBLIC_KEY); | 526 | pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY); |
518 | if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) | 527 | if (pkt && pkt->pkttype == CDK_PKT_PUBLIC_KEY) |
519 | { | 528 | { |
520 | algo = pkt->pkt.public_key->pubkey_algo; | 529 | algo = pkt->pkt.public_key->pubkey_algo; |
521 | 530 | ||
522 | /* FIXME: We need to take a look at the key flags because | 531 | /* FIXME: We need to take a look at the key flags because |
523 | RSA-E and RSA-S are obsolete. Only RSA is used | 532 | RSA-E and RSA-S are obsolete. Only RSA is used |
524 | and the flags are used to set the capabilities. */ | 533 | and the flags are used to set the capabilities. */ |
525 | if (is_DSA (algo) || algo == GCRY_PK_RSA_S) | 534 | if (is_DSA (algo) || algo == GCRY_PK_RSA_S) |
526 | *key_usage |= KEY_DIGITAL_SIGNATURE; | 535 | *key_usage |= KEY_DIGITAL_SIGNATURE; |
527 | else if (algo == GCRY_PK_RSA_E) | 536 | else if (algo == GCRY_PK_RSA_E) |
diff --git a/src/daemon/https/tls/gnutls_record.c b/src/daemon/https/tls/gnutls_record.c index 92692fc2..2ec08942 100644 --- a/src/daemon/https/tls/gnutls_record.c +++ b/src/daemon/https/tls/gnutls_record.c | |||
@@ -50,13 +50,15 @@ | |||
50 | * | 50 | * |
51 | * Returns: the version of the currently used protocol. | 51 | * Returns: the version of the currently used protocol. |
52 | **/ | 52 | **/ |
53 | gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session) | 53 | gnutls_protocol_t |
54 | gnutls_protocol_get_version (gnutls_session_t session) | ||
54 | { | 55 | { |
55 | return session->security_parameters.version; | 56 | return session->security_parameters.version; |
56 | } | 57 | } |
57 | 58 | ||
58 | void _gnutls_set_current_version(gnutls_session_t session, | 59 | void |
59 | gnutls_protocol_t version) | 60 | _gnutls_set_current_version (gnutls_session_t session, |
61 | gnutls_protocol_t version) | ||
60 | { | 62 | { |
61 | session->security_parameters.version = version; | 63 | session->security_parameters.version = version; |
62 | } | 64 | } |
@@ -73,8 +75,8 @@ void _gnutls_set_current_version(gnutls_session_t session, | |||
73 | * berkeley style sockets. Otherwise it must be called and set lowat | 75 | * berkeley style sockets. Otherwise it must be called and set lowat |
74 | * to zero. | 76 | * to zero. |
75 | **/ | 77 | **/ |
76 | void gnutls_transport_set_lowat(gnutls_session_t session, | 78 | void |
77 | int num) | 79 | gnutls_transport_set_lowat (gnutls_session_t session, int num) |
78 | { | 80 | { |
79 | session->internals.lowat = num; | 81 | session->internals.lowat = num; |
80 | } | 82 | } |
@@ -91,7 +93,8 @@ void gnutls_transport_set_lowat(gnutls_session_t session, | |||
91 | * Normally only servers that require maximum compatibility with everything | 93 | * Normally only servers that require maximum compatibility with everything |
92 | * out there, need to call this function. | 94 | * out there, need to call this function. |
93 | **/ | 95 | **/ |
94 | void gnutls_record_disable_padding(gnutls_session_t session) | 96 | void |
97 | gnutls_record_disable_padding (gnutls_session_t session) | ||
95 | { | 98 | { |
96 | session->internals.priorities.no_padding = 1; | 99 | session->internals.priorities.no_padding = 1; |
97 | } | 100 | } |
@@ -105,8 +108,9 @@ void gnutls_record_disable_padding(gnutls_session_t session) | |||
105 | * PUSH and PULL). In berkeley style sockets this function will set | 108 | * PUSH and PULL). In berkeley style sockets this function will set |
106 | * the connection handle. | 109 | * the connection handle. |
107 | **/ | 110 | **/ |
108 | void gnutls_transport_set_ptr(gnutls_session_t session, | 111 | void |
109 | gnutls_transport_ptr_t ptr) | 112 | gnutls_transport_set_ptr (gnutls_session_t session, |
113 | gnutls_transport_ptr_t ptr) | ||
110 | { | 114 | { |
111 | session->internals.transport_recv_ptr = ptr; | 115 | session->internals.transport_recv_ptr = ptr; |
112 | session->internals.transport_send_ptr = ptr; | 116 | session->internals.transport_send_ptr = ptr; |
@@ -123,9 +127,10 @@ void gnutls_transport_set_ptr(gnutls_session_t session, | |||
123 | * the connection handle. With this function you can use two | 127 | * the connection handle. With this function you can use two |
124 | * different pointers for receiving and sending. | 128 | * different pointers for receiving and sending. |
125 | **/ | 129 | **/ |
126 | void gnutls_transport_set_ptr2(gnutls_session_t session, | 130 | void |
127 | gnutls_transport_ptr_t recv_ptr, | 131 | gnutls_transport_set_ptr2 (gnutls_session_t session, |
128 | gnutls_transport_ptr_t send_ptr) | 132 | gnutls_transport_ptr_t recv_ptr, |
133 | gnutls_transport_ptr_t send_ptr) | ||
129 | { | 134 | { |
130 | session->internals.transport_send_ptr = send_ptr; | 135 | session->internals.transport_send_ptr = send_ptr; |
131 | session->internals.transport_recv_ptr = recv_ptr; | 136 | session->internals.transport_recv_ptr = recv_ptr; |
@@ -141,7 +146,8 @@ void gnutls_transport_set_ptr2(gnutls_session_t session, | |||
141 | * | 146 | * |
142 | * Returns: first argument of the transport function. | 147 | * Returns: first argument of the transport function. |
143 | **/ | 148 | **/ |
144 | gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session) | 149 | gnutls_transport_ptr_t |
150 | gnutls_transport_get_ptr (gnutls_session_t session) | ||
145 | { | 151 | { |
146 | return session->internals.transport_recv_ptr; | 152 | return session->internals.transport_recv_ptr; |
147 | } | 153 | } |
@@ -156,9 +162,10 @@ gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session) | |||
156 | * and PULL). These should have been set using | 162 | * and PULL). These should have been set using |
157 | * gnutls_transport_set_ptr2(). | 163 | * gnutls_transport_set_ptr2(). |
158 | **/ | 164 | **/ |
159 | void gnutls_transport_get_ptr2(gnutls_session_t session, | 165 | void |
160 | gnutls_transport_ptr_t * recv_ptr, | 166 | gnutls_transport_get_ptr2 (gnutls_session_t session, |
161 | gnutls_transport_ptr_t * send_ptr) | 167 | gnutls_transport_ptr_t * recv_ptr, |
168 | gnutls_transport_ptr_t * send_ptr) | ||
162 | { | 169 | { |
163 | 170 | ||
164 | *recv_ptr = session->internals.transport_recv_ptr; | 171 | *recv_ptr = session->internals.transport_recv_ptr; |
@@ -198,58 +205,59 @@ void gnutls_transport_get_ptr2(gnutls_session_t session, | |||
198 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see | 205 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see |
199 | * function documentation for entire semantics. | 206 | * function documentation for entire semantics. |
200 | **/ | 207 | **/ |
201 | int gnutls_bye(gnutls_session_t session, | 208 | int |
202 | gnutls_close_request_t how) | 209 | gnutls_bye (gnutls_session_t session, gnutls_close_request_t how) |
203 | { | 210 | { |
204 | int ret = 0; | 211 | int ret = 0; |
205 | 212 | ||
206 | switch (STATE) | 213 | switch (STATE) |
207 | { | 214 | { |
208 | case STATE0: | 215 | case STATE0: |
209 | case STATE60: | 216 | case STATE60: |
210 | ret = _gnutls_io_write_flush(session); | 217 | ret = _gnutls_io_write_flush (session); |
211 | STATE = STATE60; | 218 | STATE = STATE60; |
212 | if (ret < 0) | 219 | if (ret < 0) |
213 | { | 220 | { |
214 | gnutls_assert (); | 221 | gnutls_assert (); |
215 | return ret; | 222 | return ret; |
216 | } | 223 | } |
217 | 224 | ||
218 | case STATE61: | 225 | case STATE61: |
219 | ret = gnutls_alert_send(session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); | 226 | ret = |
220 | STATE = STATE61; | 227 | gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); |
221 | if (ret < 0) | 228 | STATE = STATE61; |
222 | { | 229 | if (ret < 0) |
223 | gnutls_assert (); | 230 | { |
224 | return ret; | 231 | gnutls_assert (); |
225 | } | 232 | return ret; |
233 | } | ||
226 | 234 | ||
227 | case STATE62: | 235 | case STATE62: |
228 | STATE = STATE62; | 236 | STATE = STATE62; |
229 | if (how == GNUTLS_SHUT_RDWR) | 237 | if (how == GNUTLS_SHUT_RDWR) |
230 | { | 238 | { |
231 | do | 239 | do |
232 | { | 240 | { |
233 | _gnutls_io_clear_peeked_data(session); | 241 | _gnutls_io_clear_peeked_data (session); |
234 | ret = _gnutls_recv_int(session, GNUTLS_ALERT, -1, NULL, 0); | 242 | ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0); |
235 | } while (ret == GNUTLS_E_GOT_APPLICATION_DATA); | 243 | } |
236 | 244 | while (ret == GNUTLS_E_GOT_APPLICATION_DATA); | |
237 | if (ret >= 0) | 245 | |
238 | session->internals.may_not_read = 1; | 246 | if (ret >= 0) |
239 | 247 | session->internals.may_not_read = 1; | |
240 | if (ret < 0) | ||
241 | { | ||
242 | gnutls_assert (); | ||
243 | return ret; | ||
244 | } | ||
245 | } | ||
246 | STATE = STATE62; | ||
247 | 248 | ||
248 | break; | 249 | if (ret < 0) |
249 | default: | 250 | { |
250 | gnutls_assert () | 251 | gnutls_assert (); |
251 | ; | 252 | return ret; |
252 | return GNUTLS_E_INTERNAL_ERROR; | 253 | } |
254 | } | ||
255 | STATE = STATE62; | ||
256 | |||
257 | break; | ||
258 | default: | ||
259 | gnutls_assert (); | ||
260 | return GNUTLS_E_INTERNAL_ERROR; | ||
253 | } | 261 | } |
254 | 262 | ||
255 | STATE = STATE0; | 263 | STATE = STATE0; |
@@ -258,19 +266,22 @@ int gnutls_bye(gnutls_session_t session, | |||
258 | return 0; | 266 | return 0; |
259 | } | 267 | } |
260 | 268 | ||
261 | inline static void session_invalidate(gnutls_session_t session) | 269 | inline static void |
270 | session_invalidate (gnutls_session_t session) | ||
262 | { | 271 | { |
263 | session->internals.valid_connection = VALID_FALSE; | 272 | session->internals.valid_connection = VALID_FALSE; |
264 | } | 273 | } |
265 | 274 | ||
266 | inline static void session_unresumable(gnutls_session_t session) | 275 | inline static void |
276 | session_unresumable (gnutls_session_t session) | ||
267 | { | 277 | { |
268 | session->internals.resumable = RESUME_FALSE; | 278 | session->internals.resumable = RESUME_FALSE; |
269 | } | 279 | } |
270 | 280 | ||
271 | /* returns 0 if session is valid | 281 | /* returns 0 if session is valid |
272 | */ | 282 | */ |
273 | inline static int session_is_valid(gnutls_session_t session) | 283 | inline static int |
284 | session_is_valid (gnutls_session_t session) | ||
274 | { | 285 | { |
275 | if (session->internals.valid_connection == VALID_FALSE) | 286 | if (session->internals.valid_connection == VALID_FALSE) |
276 | return GNUTLS_E_INVALID_SESSION; | 287 | return GNUTLS_E_INVALID_SESSION; |
@@ -281,19 +292,19 @@ inline static int session_is_valid(gnutls_session_t session) | |||
281 | /* Copies the record version into the headers. The | 292 | /* Copies the record version into the headers. The |
282 | * version must have 2 bytes at least. | 293 | * version must have 2 bytes at least. |
283 | */ | 294 | */ |
284 | inline static void copy_record_version(gnutls_session_t session, | 295 | inline static void |
285 | gnutls_handshake_description_t htype, | 296 | copy_record_version (gnutls_session_t session, |
286 | opaque version[2]) | 297 | gnutls_handshake_description_t htype, opaque version[2]) |
287 | { | 298 | { |
288 | gnutls_protocol_t lver; | 299 | gnutls_protocol_t lver; |
289 | 300 | ||
290 | if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO | 301 | if (htype != GNUTLS_HANDSHAKE_CLIENT_HELLO |
291 | || session->internals.default_record_version[0] == 0) | 302 | || session->internals.default_record_version[0] == 0) |
292 | { | 303 | { |
293 | lver = gnutls_protocol_get_version(session); | 304 | lver = gnutls_protocol_get_version (session); |
294 | 305 | ||
295 | version[0] = _gnutls_version_get_major(lver); | 306 | version[0] = _gnutls_version_get_major (lver); |
296 | version[1] = _gnutls_version_get_minor(lver); | 307 | version[1] = _gnutls_version_get_minor (lver); |
297 | } | 308 | } |
298 | else | 309 | else |
299 | { | 310 | { |
@@ -316,11 +327,11 @@ inline static void copy_record_version(gnutls_session_t session, | |||
316 | * and only if the previous send was interrupted for some reason. | 327 | * and only if the previous send was interrupted for some reason. |
317 | * | 328 | * |
318 | */ | 329 | */ |
319 | ssize_t _gnutls_send_int(gnutls_session_t session, | 330 | ssize_t |
320 | content_type_t type, | 331 | _gnutls_send_int (gnutls_session_t session, |
321 | gnutls_handshake_description_t htype, | 332 | content_type_t type, |
322 | const void *_data, | 333 | gnutls_handshake_description_t htype, |
323 | size_t sizeofdata) | 334 | const void *_data, size_t sizeofdata) |
324 | { | 335 | { |
325 | uint8_t *cipher; | 336 | uint8_t *cipher; |
326 | int cipher_size; | 337 | int cipher_size; |
@@ -334,14 +345,14 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
334 | * ok, and means to resume. | 345 | * ok, and means to resume. |
335 | */ | 346 | */ |
336 | if (session->internals.record_send_buffer.length == 0 && (sizeofdata == 0 | 347 | if (session->internals.record_send_buffer.length == 0 && (sizeofdata == 0 |
337 | && _data == NULL)) | 348 | && _data == NULL)) |
338 | { | 349 | { |
339 | gnutls_assert (); | 350 | gnutls_assert (); |
340 | return GNUTLS_E_INVALID_REQUEST; | 351 | return GNUTLS_E_INVALID_REQUEST; |
341 | } | 352 | } |
342 | 353 | ||
343 | if (type != GNUTLS_ALERT) /* alert messages are sent anyway */ | 354 | if (type != GNUTLS_ALERT) /* alert messages are sent anyway */ |
344 | if (session_is_valid(session) || session->internals.may_not_write != 0) | 355 | if (session_is_valid (session) || session->internals.may_not_write != 0) |
345 | { | 356 | { |
346 | gnutls_assert (); | 357 | gnutls_assert (); |
347 | return GNUTLS_E_INVALID_SESSION; | 358 | return GNUTLS_E_INVALID_SESSION; |
@@ -352,13 +363,13 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
352 | /* Use the default record version, if it is | 363 | /* Use the default record version, if it is |
353 | * set. | 364 | * set. |
354 | */ | 365 | */ |
355 | copy_record_version(session, htype, &headers[1]); | 366 | copy_record_version (session, htype, &headers[1]); |
356 | 367 | ||
357 | _gnutls_record_log | 368 | _gnutls_record_log |
358 | ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, | 369 | ("REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", session, |
359 | (int) _gnutls_uint64touint32 (&session->connection_state. | 370 | (int) _gnutls_uint64touint32 (&session->connection_state. |
360 | write_sequence_number), | 371 | write_sequence_number), |
361 | _gnutls_packet2str (type), type, sizeofdata); | 372 | _gnutls_packet2str (type), type, sizeofdata); |
362 | 373 | ||
363 | if (sizeofdata > MAX_RECORD_SEND_SIZE) | 374 | if (sizeofdata > MAX_RECORD_SEND_SIZE) |
364 | data2send_size = MAX_RECORD_SEND_SIZE; | 375 | data2send_size = MAX_RECORD_SEND_SIZE; |
@@ -370,7 +381,7 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
370 | */ | 381 | */ |
371 | if (session->internals.record_send_buffer.length > 0) | 382 | if (session->internals.record_send_buffer.length > 0) |
372 | { | 383 | { |
373 | ret = _gnutls_io_write_flush(session); | 384 | ret = _gnutls_io_write_flush (session); |
374 | if (ret > 0) | 385 | if (ret > 0) |
375 | cipher_size = ret; | 386 | cipher_size = ret; |
376 | else | 387 | else |
@@ -384,7 +395,8 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
384 | { | 395 | { |
385 | /* now proceed to packet encryption | 396 | /* now proceed to packet encryption |
386 | */ | 397 | */ |
387 | cipher_size = data2send_size + MAX_RECORD_OVERHEAD;cipher = gnutls_malloc (cipher_size); | 398 | cipher_size = data2send_size + MAX_RECORD_OVERHEAD; |
399 | cipher = gnutls_malloc (cipher_size); | ||
388 | if (cipher == NULL) | 400 | if (cipher == NULL) |
389 | { | 401 | { |
390 | gnutls_assert (); | 402 | gnutls_assert (); |
@@ -392,17 +404,17 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
392 | } | 404 | } |
393 | 405 | ||
394 | cipher_size = | 406 | cipher_size = |
395 | _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data, | 407 | _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data, |
396 | data2send_size, cipher, cipher_size, type, | 408 | data2send_size, cipher, cipher_size, type, |
397 | (session->internals.priorities.no_padding == | 409 | (session->internals.priorities.no_padding == |
398 | 0) ? 1 : 0); | 410 | 0) ? 1 : 0); |
399 | if (cipher_size <= 0) | 411 | if (cipher_size <= 0) |
400 | { | 412 | { |
401 | gnutls_assert (); | 413 | gnutls_assert (); |
402 | if (cipher_size == 0) | 414 | if (cipher_size == 0) |
403 | cipher_size = GNUTLS_E_ENCRYPTION_FAILED; | 415 | cipher_size = GNUTLS_E_ENCRYPTION_FAILED; |
404 | gnutls_free (cipher); | 416 | gnutls_free (cipher); |
405 | return cipher_size; /* error */ | 417 | return cipher_size; /* error */ |
406 | } | 418 | } |
407 | 419 | ||
408 | retval = data2send_size; | 420 | retval = data2send_size; |
@@ -434,7 +446,7 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
434 | return ret; | 446 | return ret; |
435 | } | 447 | } |
436 | 448 | ||
437 | if (ret> 0) | 449 | if (ret > 0) |
438 | { | 450 | { |
439 | gnutls_assert (); | 451 | gnutls_assert (); |
440 | ret = GNUTLS_E_INTERNAL_ERROR; | 452 | ret = GNUTLS_E_INTERNAL_ERROR; |
@@ -448,11 +460,11 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
448 | session->internals.record_send_buffer_user_size = 0; | 460 | session->internals.record_send_buffer_user_size = 0; |
449 | 461 | ||
450 | _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", | 462 | _gnutls_record_log ("REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", |
451 | session, | 463 | session, |
452 | (int) _gnutls_uint64touint32 (&session-> | 464 | (int) _gnutls_uint64touint32 (&session-> |
453 | connection_state. | 465 | connection_state. |
454 | write_sequence_number), | 466 | write_sequence_number), |
455 | _gnutls_packet2str (type), type, cipher_size); | 467 | _gnutls_packet2str (type), type, cipher_size); |
456 | 468 | ||
457 | return retval; | 469 | return retval; |
458 | } | 470 | } |
@@ -460,37 +472,37 @@ ssize_t _gnutls_send_int(gnutls_session_t session, | |||
460 | /* This function is to be called if the handshake was successfully | 472 | /* This function is to be called if the handshake was successfully |
461 | * completed. This sends a Change Cipher Spec packet to the peer. | 473 | * completed. This sends a Change Cipher Spec packet to the peer. |
462 | */ | 474 | */ |
463 | ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, | 475 | ssize_t |
464 | int again) | 476 | _gnutls_send_change_cipher_spec (gnutls_session_t session, int again) |
465 | { | 477 | { |
466 | static const opaque data[1] = | 478 | static const opaque data[1] = { |
467 | { | 479 | GNUTLS_TYPE_CHANGE_CIPHER_SPEC |
468 | GNUTLS_TYPE_CHANGE_CIPHER_SPEC }; | 480 | }; |
469 | 481 | ||
470 | _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); | 482 | _gnutls_handshake_log ("REC[%x]: Sent ChangeCipherSpec\n", session); |
471 | 483 | ||
472 | if (again == 0) | 484 | if (again == 0) |
473 | return _gnutls_send_int(session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); | 485 | return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); |
474 | else | 486 | else |
475 | { | 487 | { |
476 | return _gnutls_io_write_flush(session); | 488 | return _gnutls_io_write_flush (session); |
477 | } | 489 | } |
478 | } | 490 | } |
479 | 491 | ||
480 | inline static int check_recv_type(content_type_t recv_type) | 492 | inline static int |
493 | check_recv_type (content_type_t recv_type) | ||
481 | { | 494 | { |
482 | switch (recv_type) | 495 | switch (recv_type) |
483 | { | 496 | { |
484 | case GNUTLS_CHANGE_CIPHER_SPEC: | 497 | case GNUTLS_CHANGE_CIPHER_SPEC: |
485 | case GNUTLS_ALERT: | 498 | case GNUTLS_ALERT: |
486 | case GNUTLS_HANDSHAKE: | 499 | case GNUTLS_HANDSHAKE: |
487 | case GNUTLS_APPLICATION_DATA: | 500 | case GNUTLS_APPLICATION_DATA: |
488 | case GNUTLS_INNER_APPLICATION: | 501 | case GNUTLS_INNER_APPLICATION: |
489 | return 0; | 502 | return 0; |
490 | default: | 503 | default: |
491 | gnutls_assert () | 504 | gnutls_assert (); |
492 | ; | 505 | return GNUTLS_A_UNEXPECTED_MESSAGE; |
493 | return GNUTLS_A_UNEXPECTED_MESSAGE; | ||
494 | } | 506 | } |
495 | 507 | ||
496 | } | 508 | } |
@@ -498,18 +510,17 @@ inline static int check_recv_type(content_type_t recv_type) | |||
498 | /* Checks if there are pending data in the record buffers. If there are | 510 | /* Checks if there are pending data in the record buffers. If there are |
499 | * then it copies the data. | 511 | * then it copies the data. |
500 | */ | 512 | */ |
501 | static int check_buffers(gnutls_session_t session, | 513 | static int |
502 | content_type_t type, | 514 | check_buffers (gnutls_session_t session, |
503 | opaque * data, | 515 | content_type_t type, opaque * data, int sizeofdata) |
504 | int sizeofdata) | ||
505 | { | 516 | { |
506 | if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type | 517 | if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || type |
507 | == GNUTLS_INNER_APPLICATION) && _gnutls_record_buffer_get_size(type, | 518 | == GNUTLS_INNER_APPLICATION) && _gnutls_record_buffer_get_size (type, |
508 | session) | 519 | session) |
509 | > 0) | 520 | > 0) |
510 | { | 521 | { |
511 | int ret, ret2; | 522 | int ret, ret2; |
512 | ret = _gnutls_record_buffer_get(type, session, data, sizeofdata); | 523 | ret = _gnutls_record_buffer_get (type, session, data, sizeofdata); |
513 | if (ret < 0) | 524 | if (ret < 0) |
514 | { | 525 | { |
515 | gnutls_assert (); | 526 | gnutls_assert (); |
@@ -517,9 +528,9 @@ static int check_buffers(gnutls_session_t session, | |||
517 | } | 528 | } |
518 | 529 | ||
519 | /* if the buffer just got empty */ | 530 | /* if the buffer just got empty */ |
520 | if (_gnutls_record_buffer_get_size(type, session) == 0) | 531 | if (_gnutls_record_buffer_get_size (type, session) == 0) |
521 | { | 532 | { |
522 | if ((ret2 = _gnutls_io_clear_peeked_data(session)) < 0) | 533 | if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0) |
523 | { | 534 | { |
524 | gnutls_assert (); | 535 | gnutls_assert (); |
525 | return ret2; | 536 | return ret2; |
@@ -535,14 +546,14 @@ static int check_buffers(gnutls_session_t session, | |||
535 | /* Checks the record headers and returns the length, version and | 546 | /* Checks the record headers and returns the length, version and |
536 | * content type. | 547 | * content type. |
537 | */ | 548 | */ |
538 | static int record_check_headers(gnutls_session_t session, | 549 | static int |
539 | uint8_t headers[RECORD_HEADER_SIZE], | 550 | record_check_headers (gnutls_session_t session, |
540 | content_type_t type, | 551 | uint8_t headers[RECORD_HEADER_SIZE], |
541 | gnutls_handshake_description_t htype, | 552 | content_type_t type, |
542 | /*output */content_type_t * recv_type, | 553 | gnutls_handshake_description_t htype, |
543 | opaque version[2], | 554 | /*output */ content_type_t * recv_type, |
544 | uint16_t * length, | 555 | opaque version[2], |
545 | uint16_t * header_size) | 556 | uint16_t * length, uint16_t * header_size) |
546 | { | 557 | { |
547 | 558 | ||
548 | /* Read the first two bytes to determine if this is a | 559 | /* Read the first two bytes to determine if this is a |
@@ -556,15 +567,15 @@ static int record_check_headers(gnutls_session_t session, | |||
556 | /* if msb set and expecting handshake message | 567 | /* if msb set and expecting handshake message |
557 | * it should be SSL 2 hello | 568 | * it should be SSL 2 hello |
558 | */ | 569 | */ |
559 | version[0] = 3; /* assume SSL 3.0 */ | 570 | version[0] = 3; /* assume SSL 3.0 */ |
560 | version[1] = 0; | 571 | version[1] = 0; |
561 | 572 | ||
562 | *length = (((headers[0] & 0x7f) << 8)) | headers[1]; | 573 | *length = (((headers[0] & 0x7f) << 8)) | headers[1]; |
563 | 574 | ||
564 | /* SSL 2.0 headers */ | 575 | /* SSL 2.0 headers */ |
565 | *header_size = 2; | 576 | *header_size = 2; |
566 | *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello | 577 | *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello |
567 | */ | 578 | */ |
568 | 579 | ||
569 | /* in order to assist the handshake protocol. | 580 | /* in order to assist the handshake protocol. |
570 | * V2 compatibility is a mess. | 581 | * V2 compatibility is a mess. |
@@ -572,7 +583,7 @@ static int record_check_headers(gnutls_session_t session, | |||
572 | session->internals.v2_hello = *length; | 583 | session->internals.v2_hello = *length; |
573 | 584 | ||
574 | _gnutls_record_log ("REC[%x]: V2 packet received. Length: %d\n", | 585 | _gnutls_record_log ("REC[%x]: V2 packet received. Length: %d\n", |
575 | session, *length); | 586 | session, *length); |
576 | 587 | ||
577 | } | 588 | } |
578 | else | 589 | else |
@@ -584,7 +595,7 @@ static int record_check_headers(gnutls_session_t session, | |||
584 | 595 | ||
585 | /* No DECR_LEN, since headers has enough size. | 596 | /* No DECR_LEN, since headers has enough size. |
586 | */ | 597 | */ |
587 | *length = _gnutls_read_uint16(&headers[3]); | 598 | *length = _gnutls_read_uint16 (&headers[3]); |
588 | } | 599 | } |
589 | 600 | ||
590 | return 0; | 601 | return 0; |
@@ -593,9 +604,9 @@ static int record_check_headers(gnutls_session_t session, | |||
593 | /* Here we check if the advertized version is the one we | 604 | /* Here we check if the advertized version is the one we |
594 | * negotiated in the handshake. | 605 | * negotiated in the handshake. |
595 | */ | 606 | */ |
596 | inline static int record_check_version(gnutls_session_t session, | 607 | inline static int |
597 | gnutls_handshake_description_t htype, | 608 | record_check_version (gnutls_session_t session, |
598 | opaque version[2]) | 609 | gnutls_handshake_description_t htype, opaque version[2]) |
599 | { | 610 | { |
600 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) | 611 | if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) |
601 | { | 612 | { |
@@ -605,14 +616,14 @@ inline static int record_check_version(gnutls_session_t session, | |||
605 | { | 616 | { |
606 | gnutls_assert (); | 617 | gnutls_assert (); |
607 | _gnutls_record_log | 618 | _gnutls_record_log |
608 | ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session, | 619 | ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", session, |
609 | htype, version[0], version[1]); | 620 | htype, version[0], version[1]); |
610 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | 621 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; |
611 | } | 622 | } |
612 | } | 623 | } |
613 | else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO | 624 | else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO |
614 | && gnutls_protocol_get_version(session) | 625 | && gnutls_protocol_get_version (session) |
615 | != _gnutls_version_get(version[0], version[1])) | 626 | != _gnutls_version_get (version[0], version[1])) |
616 | { | 627 | { |
617 | /* Reject record packets that have a different version than the | 628 | /* Reject record packets that have a different version than the |
618 | * one negotiated. Note that this version is not protected by any | 629 | * one negotiated. Note that this version is not protected by any |
@@ -620,7 +631,7 @@ inline static int record_check_version(gnutls_session_t session, | |||
620 | */ | 631 | */ |
621 | gnutls_assert (); | 632 | gnutls_assert (); |
622 | _gnutls_record_log ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", | 633 | _gnutls_record_log ("REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", |
623 | session, htype, version[0], version[1]); | 634 | session, htype, version[0], version[1]); |
624 | 635 | ||
625 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; | 636 | return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; |
626 | } | 637 | } |
@@ -631,135 +642,135 @@ inline static int record_check_version(gnutls_session_t session, | |||
631 | /* This function will check if the received record type is | 642 | /* This function will check if the received record type is |
632 | * the one we actually expect. | 643 | * the one we actually expect. |
633 | */ | 644 | */ |
634 | static int record_check_type(gnutls_session_t session, | 645 | static int |
635 | content_type_t recv_type, | 646 | record_check_type (gnutls_session_t session, |
636 | content_type_t type, | 647 | content_type_t recv_type, |
637 | gnutls_handshake_description_t htype, | 648 | content_type_t type, |
638 | opaque * data, | 649 | gnutls_handshake_description_t htype, |
639 | int data_size) | 650 | opaque * data, int data_size) |
640 | { | 651 | { |
641 | 652 | ||
642 | int ret; | 653 | int ret; |
643 | 654 | ||
644 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type | 655 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type |
645 | == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION)) | 656 | == GNUTLS_HANDSHAKE |
657 | || type == GNUTLS_INNER_APPLICATION)) | ||
646 | { | 658 | { |
647 | _gnutls_record_buffer_put(type, session, (void *) data, data_size); | 659 | _gnutls_record_buffer_put (type, session, (void *) data, data_size); |
648 | } | 660 | } |
649 | else | 661 | else |
650 | { | 662 | { |
651 | switch (recv_type) | 663 | switch (recv_type) |
652 | { | 664 | { |
653 | case GNUTLS_ALERT: | 665 | case GNUTLS_ALERT: |
654 | 666 | ||
655 | _gnutls_record_log | 667 | _gnutls_record_log |
656 | ("REC[%x]: Alert[%d|%d] - %s - was received\n", session, | 668 | ("REC[%x]: Alert[%d|%d] - %s - was received\n", session, |
657 | data[0], data[1], gnutls_alert_get_name ((int) data[1])); | 669 | data[0], data[1], gnutls_alert_get_name ((int) data[1])); |
658 | 670 | ||
659 | session->internals.last_alert = data[1]; | 671 | session->internals.last_alert = data[1]; |
660 | session->internals.last_alert_level = data[0]; | 672 | session->internals.last_alert_level = data[0]; |
661 | 673 | ||
662 | /* if close notify is received and | 674 | /* if close notify is received and |
663 | * the alert is not fatal | 675 | * the alert is not fatal |
664 | */ | 676 | */ |
665 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) | 677 | if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) |
666 | { | 678 | { |
667 | /* If we have been expecting for an alert do | 679 | /* If we have been expecting for an alert do |
668 | */ | 680 | */ |
669 | session->internals.read_eof = 1; | 681 | session->internals.read_eof = 1; |
670 | return GNUTLS_E_INT_RET_0; /* EOF */ | 682 | return GNUTLS_E_INT_RET_0; /* EOF */ |
671 | } | 683 | } |
672 | else | 684 | else |
673 | { | 685 | { |
674 | 686 | ||
675 | /* if the alert is FATAL or WARNING | 687 | /* if the alert is FATAL or WARNING |
676 | * return the apropriate message | 688 | * return the apropriate message |
677 | */ | 689 | */ |
678 | gnutls_assert (); | 690 | gnutls_assert (); |
679 | ret = GNUTLS_E_WARNING_ALERT_RECEIVED; | 691 | ret = GNUTLS_E_WARNING_ALERT_RECEIVED; |
680 | if (data[0] == GNUTLS_AL_FATAL) | 692 | if (data[0] == GNUTLS_AL_FATAL) |
681 | { | 693 | { |
682 | session_unresumable(session); | 694 | session_unresumable (session); |
683 | session_invalidate(session); | 695 | session_invalidate (session); |
684 | ret = GNUTLS_E_FATAL_ALERT_RECEIVED; | 696 | ret = GNUTLS_E_FATAL_ALERT_RECEIVED; |
685 | } | 697 | } |
686 | 698 | ||
687 | return ret; | 699 | return ret; |
688 | } | 700 | } |
689 | break; | 701 | break; |
690 | 702 | ||
691 | case GNUTLS_CHANGE_CIPHER_SPEC: | 703 | case GNUTLS_CHANGE_CIPHER_SPEC: |
692 | /* this packet is now handled in the recv_int() | 704 | /* this packet is now handled in the recv_int() |
693 | * function | 705 | * function |
694 | */ | 706 | */ |
695 | gnutls_assert () | 707 | gnutls_assert (); |
696 | ; | 708 | |
697 | 709 | return GNUTLS_E_UNEXPECTED_PACKET; | |
698 | return GNUTLS_E_UNEXPECTED_PACKET; | 710 | |
699 | 711 | case GNUTLS_APPLICATION_DATA: | |
700 | case GNUTLS_APPLICATION_DATA: | 712 | /* even if data is unexpected put it into the buffer */ |
701 | /* even if data is unexpected put it into the buffer */ | 713 | if ((ret = |
702 | if ((ret = _gnutls_record_buffer_put(recv_type, session, (void *) data, | 714 | _gnutls_record_buffer_put (recv_type, session, (void *) data, |
703 | data_size)) < 0) | 715 | data_size)) < 0) |
704 | { | 716 | { |
705 | gnutls_assert (); | 717 | gnutls_assert (); |
706 | return ret; | 718 | return ret; |
707 | } | 719 | } |
708 | 720 | ||
709 | /* the got_application data is only returned | 721 | /* the got_application data is only returned |
710 | * if expecting client hello (for rehandshake | 722 | * if expecting client hello (for rehandshake |
711 | * reasons). Otherwise it is an unexpected packet | 723 | * reasons). Otherwise it is an unexpected packet |
712 | */ | 724 | */ |
713 | if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO | 725 | if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO |
714 | && type == GNUTLS_HANDSHAKE)) | 726 | && type == GNUTLS_HANDSHAKE)) |
715 | return GNUTLS_E_GOT_APPLICATION_DATA; | 727 | return GNUTLS_E_GOT_APPLICATION_DATA; |
716 | else | 728 | else |
717 | { | 729 | { |
718 | gnutls_assert (); | 730 | gnutls_assert (); |
719 | return GNUTLS_E_UNEXPECTED_PACKET; | 731 | return GNUTLS_E_UNEXPECTED_PACKET; |
720 | } | 732 | } |
721 | 733 | ||
722 | break; | 734 | break; |
723 | case GNUTLS_HANDSHAKE: | 735 | case GNUTLS_HANDSHAKE: |
724 | /* This is legal if HELLO_REQUEST is received - and we are a client. | 736 | /* This is legal if HELLO_REQUEST is received - and we are a client. |
725 | * If we are a server, a client may initiate a renegotiation at any time. | 737 | * If we are a server, a client may initiate a renegotiation at any time. |
726 | */ | 738 | */ |
727 | if (session->security_parameters.entity == GNUTLS_SERVER) | 739 | if (session->security_parameters.entity == GNUTLS_SERVER) |
728 | { | 740 | { |
729 | gnutls_assert (); | 741 | gnutls_assert (); |
730 | return GNUTLS_E_REHANDSHAKE; | 742 | return GNUTLS_E_REHANDSHAKE; |
731 | } | 743 | } |
732 | 744 | ||
733 | /* If we are already in a handshake then a Hello | 745 | /* If we are already in a handshake then a Hello |
734 | * Request is illegal. But here we don't really care | 746 | * Request is illegal. But here we don't really care |
735 | * since this message will never make it up here. | 747 | * since this message will never make it up here. |
736 | */ | 748 | */ |
737 | 749 | ||
738 | /* So we accept it */ | 750 | /* So we accept it */ |
739 | return _gnutls_recv_hello_request(session, data, data_size); | 751 | return _gnutls_recv_hello_request (session, data, data_size); |
740 | 752 | ||
741 | break; | 753 | break; |
742 | case GNUTLS_INNER_APPLICATION: | 754 | case GNUTLS_INNER_APPLICATION: |
743 | /* even if data is unexpected put it into the buffer */ | 755 | /* even if data is unexpected put it into the buffer */ |
744 | if ((ret = _gnutls_record_buffer_put(recv_type, session, (void *) data, | 756 | if ((ret = |
745 | data_size)) < 0) | 757 | _gnutls_record_buffer_put (recv_type, session, (void *) data, |
746 | { | 758 | data_size)) < 0) |
747 | gnutls_assert (); | 759 | { |
748 | return ret; | 760 | gnutls_assert (); |
749 | } | 761 | return ret; |
750 | gnutls_assert () | 762 | } |
751 | ; | 763 | gnutls_assert (); |
752 | return GNUTLS_E_UNEXPECTED_PACKET; | 764 | return GNUTLS_E_UNEXPECTED_PACKET; |
753 | break; | 765 | break; |
754 | default: | 766 | default: |
755 | 767 | ||
756 | _gnutls_record_log | 768 | _gnutls_record_log |
757 | ("REC[%x]: Received Unknown packet %d expecting %d\n", | 769 | ("REC[%x]: Received Unknown packet %d expecting %d\n", |
758 | session, recv_type, type); | 770 | session, recv_type, type); |
759 | 771 | ||
760 | gnutls_assert () | 772 | gnutls_assert (); |
761 | ; | 773 | return GNUTLS_E_INTERNAL_ERROR; |
762 | return GNUTLS_E_INTERNAL_ERROR; | ||
763 | } | 774 | } |
764 | } | 775 | } |
765 | 776 | ||
@@ -771,12 +782,12 @@ static int record_check_type(gnutls_session_t session, | |||
771 | * recv buffer. If the buffer was not initialized before it will | 782 | * recv buffer. If the buffer was not initialized before it will |
772 | * also initialize it. | 783 | * also initialize it. |
773 | */ | 784 | */ |
774 | inline static int get_temp_recv_buffer(gnutls_session_t session, | 785 | inline static int |
775 | gnutls_datum_t * tmp) | 786 | get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) |
776 | { | 787 | { |
777 | size_t max_record_size; | 788 | size_t max_record_size; |
778 | 789 | ||
779 | if (gnutls_compression_get(session) != GNUTLS_COMP_NULL) | 790 | if (gnutls_compression_get (session) != GNUTLS_COMP_NULL) |
780 | max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE; | 791 | max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE; |
781 | else | 792 | else |
782 | max_record_size = MAX_RECORD_RECV_SIZE; | 793 | max_record_size = MAX_RECORD_RECV_SIZE; |
@@ -793,7 +804,8 @@ inline static int get_temp_recv_buffer(gnutls_session_t session, | |||
793 | /* Initialize the internal buffer. | 804 | /* Initialize the internal buffer. |
794 | */ | 805 | */ |
795 | session->internals.recv_buffer.data | 806 | session->internals.recv_buffer.data |
796 | = gnutls_realloc(session->internals.recv_buffer.data, max_record_size); | 807 | = |
808 | gnutls_realloc (session->internals.recv_buffer.data, max_record_size); | ||
797 | 809 | ||
798 | if (session->internals.recv_buffer.data == NULL) | 810 | if (session->internals.recv_buffer.data == NULL) |
799 | { | 811 | { |
@@ -803,7 +815,7 @@ inline static int get_temp_recv_buffer(gnutls_session_t session, | |||
803 | 815 | ||
804 | session->internals.recv_buffer.size = max_record_size; | 816 | session->internals.recv_buffer.size = max_record_size; |
805 | } | 817 | } |
806 | 818 | ||
807 | tmp->data = session->internals.recv_buffer.data; | 819 | tmp->data = session->internals.recv_buffer.data; |
808 | tmp->size = session->internals.recv_buffer.size; | 820 | tmp->size = session->internals.recv_buffer.size; |
809 | 821 | ||
@@ -819,11 +831,11 @@ inline static int get_temp_recv_buffer(gnutls_session_t session, | |||
819 | * | 831 | * |
820 | * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos. | 832 | * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos. |
821 | */ | 833 | */ |
822 | ssize_t _gnutls_recv_int(gnutls_session_t session, | 834 | ssize_t |
823 | content_type_t type, | 835 | _gnutls_recv_int (gnutls_session_t session, |
824 | gnutls_handshake_description_t htype, | 836 | content_type_t type, |
825 | opaque * data, | 837 | gnutls_handshake_description_t htype, |
826 | size_t sizeofdata) | 838 | opaque * data, size_t sizeofdata) |
827 | { | 839 | { |
828 | gnutls_datum_t tmp; | 840 | gnutls_datum_t tmp; |
829 | int decrypted_length; | 841 | int decrypted_length; |
@@ -842,7 +854,7 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
842 | return GNUTLS_E_INVALID_REQUEST; | 854 | return GNUTLS_E_INVALID_REQUEST; |
843 | } | 855 | } |
844 | 856 | ||
845 | begin: | 857 | begin: |
846 | 858 | ||
847 | if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) | 859 | if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) |
848 | { | 860 | { |
@@ -856,8 +868,8 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
856 | */ | 868 | */ |
857 | return 0; | 869 | return 0; |
858 | } | 870 | } |
859 | else if (session_is_valid(session) != 0 || session->internals.may_not_read | 871 | else if (session_is_valid (session) != 0 || session->internals.may_not_read |
860 | != 0) | 872 | != 0) |
861 | { | 873 | { |
862 | gnutls_assert (); | 874 | gnutls_assert (); |
863 | return GNUTLS_E_INVALID_SESSION; | 875 | return GNUTLS_E_INVALID_SESSION; |
@@ -866,7 +878,7 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
866 | /* If we have enough data in the cache do not bother receiving | 878 | /* If we have enough data in the cache do not bother receiving |
867 | * a new packet. (in order to flush the cache) | 879 | * a new packet. (in order to flush the cache) |
868 | */ | 880 | */ |
869 | ret = check_buffers(session, type, data, sizeofdata); | 881 | ret = check_buffers (session, type, data, sizeofdata); |
870 | if (ret != 0) | 882 | if (ret != 0) |
871 | return ret; | 883 | return ret; |
872 | 884 | ||
@@ -874,25 +886,25 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
874 | */ | 886 | */ |
875 | header_size = RECORD_HEADER_SIZE; | 887 | header_size = RECORD_HEADER_SIZE; |
876 | 888 | ||
877 | if ((ret = _gnutls_io_read_buffered(session, &headers, header_size, -1)) | 889 | if ((ret = _gnutls_io_read_buffered (session, &headers, header_size, -1)) |
878 | != header_size) | 890 | != header_size) |
879 | { | 891 | { |
880 | if (ret < 0 && gnutls_error_is_fatal(ret) == 0) | 892 | if (ret < 0 && gnutls_error_is_fatal (ret) == 0) |
881 | return ret; | 893 | return ret; |
882 | 894 | ||
883 | session_invalidate(session); | 895 | session_invalidate (session); |
884 | if (type == GNUTLS_ALERT) | 896 | if (type == GNUTLS_ALERT) |
885 | { | 897 | { |
886 | gnutls_assert (); | 898 | gnutls_assert (); |
887 | return 0; /* we were expecting close notify */ | 899 | return 0; /* we were expecting close notify */ |
888 | } | 900 | } |
889 | session_unresumable(session); | 901 | session_unresumable (session); |
890 | gnutls_assert (); | 902 | gnutls_assert (); |
891 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 903 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
892 | } | 904 | } |
893 | 905 | ||
894 | if ((ret = record_check_headers(session, headers, type, htype, &recv_type, | 906 | if ((ret = record_check_headers (session, headers, type, htype, &recv_type, |
895 | version, &length, &header_size)) < 0) | 907 | version, &length, &header_size)) < 0) |
896 | { | 908 | { |
897 | gnutls_assert (); | 909 | gnutls_assert (); |
898 | return ret; | 910 | return ret; |
@@ -901,7 +913,7 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
901 | /* Here we check if the Type of the received packet is | 913 | /* Here we check if the Type of the received packet is |
902 | * ok. | 914 | * ok. |
903 | */ | 915 | */ |
904 | if ((ret = check_recv_type(recv_type)) < 0) | 916 | if ((ret = check_recv_type (recv_type)) < 0) |
905 | { | 917 | { |
906 | gnutls_assert (); | 918 | gnutls_assert (); |
907 | return ret; | 919 | return ret; |
@@ -910,47 +922,47 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
910 | /* Here we check if the advertized version is the one we | 922 | /* Here we check if the advertized version is the one we |
911 | * negotiated in the handshake. | 923 | * negotiated in the handshake. |
912 | */ | 924 | */ |
913 | if ((ret = record_check_version(session, htype, version)) < 0) | 925 | if ((ret = record_check_version (session, htype, version)) < 0) |
914 | { | 926 | { |
915 | gnutls_assert (); | 927 | gnutls_assert (); |
916 | session_invalidate(session); | 928 | session_invalidate (session); |
917 | return ret; | 929 | return ret; |
918 | } | 930 | } |
919 | 931 | ||
920 | _gnutls_record_log | 932 | _gnutls_record_log |
921 | ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, | 933 | ("REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", session, |
922 | (int) _gnutls_uint64touint32 (&session->connection_state. | 934 | (int) _gnutls_uint64touint32 (&session->connection_state. |
923 | read_sequence_number), | 935 | read_sequence_number), |
924 | _gnutls_packet2str (type), type, sizeofdata); | 936 | _gnutls_packet2str (type), type, sizeofdata); |
925 | _gnutls_record_log | 937 | _gnutls_record_log |
926 | ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, | 938 | ("REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", session, |
927 | (int) _gnutls_uint64touint32 (&session->connection_state. | 939 | (int) _gnutls_uint64touint32 (&session->connection_state. |
928 | read_sequence_number), | 940 | read_sequence_number), |
929 | _gnutls_packet2str (recv_type), recv_type, length); | 941 | _gnutls_packet2str (recv_type), recv_type, length); |
930 | 942 | ||
931 | if (length > MAX_RECV_SIZE) | 943 | if (length > MAX_RECV_SIZE) |
932 | { | 944 | { |
933 | _gnutls_record_log | 945 | _gnutls_record_log |
934 | ("REC[%x]: FATAL ERROR: Received packet with length: %d\n", | 946 | ("REC[%x]: FATAL ERROR: Received packet with length: %d\n", |
935 | session, length); | 947 | session, length); |
936 | 948 | ||
937 | session_unresumable(session); | 949 | session_unresumable (session); |
938 | session_invalidate(session); | 950 | session_invalidate (session); |
939 | gnutls_assert (); | 951 | gnutls_assert (); |
940 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 952 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
941 | } | 953 | } |
942 | 954 | ||
943 | /* check if we have that data into buffer. | 955 | /* check if we have that data into buffer. |
944 | */ | 956 | */ |
945 | if ((ret = _gnutls_io_read_buffered(session, &recv_data, | 957 | if ((ret = _gnutls_io_read_buffered (session, &recv_data, |
946 | header_size + length, recv_type)) | 958 | header_size + length, recv_type)) |
947 | != header_size + length) | 959 | != header_size + length) |
948 | { | 960 | { |
949 | if (ret < 0 && gnutls_error_is_fatal(ret) == 0) | 961 | if (ret < 0 && gnutls_error_is_fatal (ret) == 0) |
950 | return ret; | 962 | return ret; |
951 | 963 | ||
952 | session_unresumable(session); | 964 | session_unresumable (session); |
953 | session_invalidate(session); | 965 | session_invalidate (session); |
954 | gnutls_assert (); | 966 | gnutls_assert (); |
955 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 967 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
956 | } | 968 | } |
@@ -958,10 +970,10 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
958 | /* ok now we are sure that we can read all the data - so | 970 | /* ok now we are sure that we can read all the data - so |
959 | * move on ! | 971 | * move on ! |
960 | */ | 972 | */ |
961 | _gnutls_io_clear_read_buffer(session); | 973 | _gnutls_io_clear_read_buffer (session); |
962 | ciphertext = &recv_data[header_size]; | 974 | ciphertext = &recv_data[header_size]; |
963 | 975 | ||
964 | ret = get_temp_recv_buffer(session, &tmp); | 976 | ret = get_temp_recv_buffer (session, &tmp); |
965 | if (ret < 0) | 977 | if (ret < 0) |
966 | { | 978 | { |
967 | gnutls_assert (); | 979 | gnutls_assert (); |
@@ -969,12 +981,12 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
969 | } | 981 | } |
970 | 982 | ||
971 | /* decrypt the data we got. */ | 983 | /* decrypt the data we got. */ |
972 | ret = _gnutls_decrypt(session, ciphertext, length, tmp.data, tmp.size, | 984 | ret = _gnutls_decrypt (session, ciphertext, length, tmp.data, tmp.size, |
973 | recv_type); | 985 | recv_type); |
974 | if (ret < 0) | 986 | if (ret < 0) |
975 | { | 987 | { |
976 | session_unresumable(session); | 988 | session_unresumable (session); |
977 | session_invalidate(session); | 989 | session_invalidate (session); |
978 | gnutls_assert (); | 990 | gnutls_assert (); |
979 | return ret; | 991 | return ret; |
980 | } | 992 | } |
@@ -987,36 +999,36 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
987 | { | 999 | { |
988 | 1000 | ||
989 | _gnutls_record_log | 1001 | _gnutls_record_log |
990 | ("REC[%x]: ChangeCipherSpec Packet was received\n", session); | 1002 | ("REC[%x]: ChangeCipherSpec Packet was received\n", session); |
991 | 1003 | ||
992 | if ((size_t) ret != sizeofdata) | 1004 | if ((size_t) ret != sizeofdata) |
993 | { /* sizeofdata should be 1 */ | 1005 | { /* sizeofdata should be 1 */ |
994 | gnutls_assert (); | 1006 | gnutls_assert (); |
995 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; | 1007 | return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; |
996 | } | 1008 | } |
997 | memcpy(data, tmp.data, sizeofdata); | 1009 | memcpy (data, tmp.data, sizeofdata); |
998 | 1010 | ||
999 | return ret; | 1011 | return ret; |
1000 | } | 1012 | } |
1001 | 1013 | ||
1002 | _gnutls_record_log | 1014 | _gnutls_record_log |
1003 | ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, | 1015 | ("REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", session, |
1004 | (int) _gnutls_uint64touint32 (&session->connection_state. | 1016 | (int) _gnutls_uint64touint32 (&session->connection_state. |
1005 | read_sequence_number), | 1017 | read_sequence_number), |
1006 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); | 1018 | _gnutls_packet2str (recv_type), recv_type, decrypted_length); |
1007 | 1019 | ||
1008 | /* increase sequence number | 1020 | /* increase sequence number |
1009 | */ | 1021 | */ |
1010 | if (_gnutls_uint64pp(&session->connection_state.read_sequence_number) != 0) | 1022 | if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0) |
1011 | { | 1023 | { |
1012 | session_invalidate(session); | 1024 | session_invalidate (session); |
1013 | gnutls_assert (); | 1025 | gnutls_assert (); |
1014 | return GNUTLS_E_RECORD_LIMIT_REACHED; | 1026 | return GNUTLS_E_RECORD_LIMIT_REACHED; |
1015 | } | 1027 | } |
1016 | 1028 | ||
1017 | /* check type - this will also invalidate sessions if a fatal alert has been received */ | 1029 | /* check type - this will also invalidate sessions if a fatal alert has been received */ |
1018 | ret = record_check_type(session, recv_type, type, htype, tmp.data, | 1030 | ret = record_check_type (session, recv_type, type, htype, tmp.data, |
1019 | decrypted_length); | 1031 | decrypted_length); |
1020 | if (ret < 0) | 1032 | if (ret < 0) |
1021 | { | 1033 | { |
1022 | if (ret == GNUTLS_E_INT_RET_0) | 1034 | if (ret == GNUTLS_E_INT_RET_0) |
@@ -1028,10 +1040,11 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
1028 | /* Get Application data from buffer | 1040 | /* Get Application data from buffer |
1029 | */ | 1041 | */ |
1030 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type | 1042 | if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || type |
1031 | == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION)) | 1043 | == GNUTLS_HANDSHAKE |
1044 | || type == GNUTLS_INNER_APPLICATION)) | ||
1032 | { | 1045 | { |
1033 | 1046 | ||
1034 | ret = _gnutls_record_buffer_get(type, session, data, sizeofdata); | 1047 | ret = _gnutls_record_buffer_get (type, session, data, sizeofdata); |
1035 | if (ret < 0) | 1048 | if (ret < 0) |
1036 | { | 1049 | { |
1037 | gnutls_assert (); | 1050 | gnutls_assert (); |
@@ -1040,9 +1053,9 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
1040 | 1053 | ||
1041 | /* if the buffer just got empty | 1054 | /* if the buffer just got empty |
1042 | */ | 1055 | */ |
1043 | if (_gnutls_record_buffer_get_size(type, session) == 0) | 1056 | if (_gnutls_record_buffer_get_size (type, session) == 0) |
1044 | { | 1057 | { |
1045 | if ((ret2 = _gnutls_io_clear_peeked_data(session)) < 0) | 1058 | if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0) |
1046 | { | 1059 | { |
1047 | gnutls_assert (); | 1060 | gnutls_assert (); |
1048 | return ret2; | 1061 | return ret2; |
@@ -1101,12 +1114,12 @@ ssize_t _gnutls_recv_int(gnutls_session_t session, | |||
1101 | * number of bytes this function can send in a single call depends on | 1114 | * number of bytes this function can send in a single call depends on |
1102 | * the negotiated maximum record size. | 1115 | * the negotiated maximum record size. |
1103 | **/ | 1116 | **/ |
1104 | ssize_t gnutls_record_send(gnutls_session_t session, | 1117 | ssize_t |
1105 | const void *data, | 1118 | gnutls_record_send (gnutls_session_t session, |
1106 | size_t sizeofdata) | 1119 | const void *data, size_t sizeofdata) |
1107 | { | 1120 | { |
1108 | return _gnutls_send_int(session, GNUTLS_APPLICATION_DATA, -1, data, | 1121 | return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1, data, |
1109 | sizeofdata); | 1122 | sizeofdata); |
1110 | } | 1123 | } |
1111 | 1124 | ||
1112 | /** | 1125 | /** |
@@ -1139,12 +1152,11 @@ ssize_t gnutls_record_send(gnutls_session_t session, | |||
1139 | * error code is returned in case of an error. The number of bytes | 1152 | * error code is returned in case of an error. The number of bytes |
1140 | * received might be less than @sizeofdata. | 1153 | * received might be less than @sizeofdata. |
1141 | **/ | 1154 | **/ |
1142 | ssize_t gnutls_record_recv(gnutls_session_t session, | 1155 | ssize_t |
1143 | void *data, | 1156 | gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata) |
1144 | size_t sizeofdata) | ||
1145 | { | 1157 | { |
1146 | return _gnutls_recv_int(session, GNUTLS_APPLICATION_DATA, -1, data, | 1158 | return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, |
1147 | sizeofdata); | 1159 | sizeofdata); |
1148 | } | 1160 | } |
1149 | 1161 | ||
1150 | /** | 1162 | /** |
@@ -1155,7 +1167,8 @@ ssize_t gnutls_record_recv(gnutls_session_t session, | |||
1155 | * connection. The maximum record size is negotiated by the client | 1167 | * connection. The maximum record size is negotiated by the client |
1156 | * after the first handshake message. | 1168 | * after the first handshake message. |
1157 | **/ | 1169 | **/ |
1158 | size_t gnutls_record_get_max_size(gnutls_session_t session) | 1170 | size_t |
1171 | gnutls_record_get_max_size (gnutls_session_t session) | ||
1159 | { | 1172 | { |
1160 | /* Recv will hold the negotiated max record size | 1173 | /* Recv will hold the negotiated max record size |
1161 | * always. | 1174 | * always. |
@@ -1180,15 +1193,15 @@ size_t gnutls_record_get_max_size(gnutls_session_t session) | |||
1180 | * This function uses a TLS extension called 'max record size'. Not | 1193 | * This function uses a TLS extension called 'max record size'. Not |
1181 | * all TLS implementations use or even understand this extension. | 1194 | * all TLS implementations use or even understand this extension. |
1182 | **/ | 1195 | **/ |
1183 | ssize_t gnutls_record_set_max_size(gnutls_session_t session, | 1196 | ssize_t |
1184 | size_t size) | 1197 | gnutls_record_set_max_size (gnutls_session_t session, size_t size) |
1185 | { | 1198 | { |
1186 | ssize_t new_size; | 1199 | ssize_t new_size; |
1187 | 1200 | ||
1188 | if (session->security_parameters.entity == GNUTLS_SERVER) | 1201 | if (session->security_parameters.entity == GNUTLS_SERVER) |
1189 | return GNUTLS_E_INVALID_REQUEST; | 1202 | return GNUTLS_E_INVALID_REQUEST; |
1190 | 1203 | ||
1191 | new_size = _gnutls_mre_record2num(size); | 1204 | new_size = _gnutls_mre_record2num (size); |
1192 | 1205 | ||
1193 | if (new_size < 0) | 1206 | if (new_size < 0) |
1194 | { | 1207 | { |
diff --git a/src/daemon/https/tls/gnutls_str.c b/src/daemon/https/tls/gnutls_str.c index 0ccf8445..34657c03 100644 --- a/src/daemon/https/tls/gnutls_str.c +++ b/src/daemon/https/tls/gnutls_str.c | |||
@@ -33,70 +33,68 @@ | |||
33 | * | 33 | * |
34 | * They should be used only with null terminated strings. | 34 | * They should be used only with null terminated strings. |
35 | */ | 35 | */ |
36 | void _gnutls_str_cat(char *dest, | 36 | void |
37 | size_t dest_tot_size, | 37 | _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src) |
38 | const char *src) | ||
39 | { | 38 | { |
40 | size_t str_size = strlen(src); | 39 | size_t str_size = strlen (src); |
41 | size_t dest_size = strlen(dest); | 40 | size_t dest_size = strlen (dest); |
42 | 41 | ||
43 | if (dest_tot_size - dest_size > str_size) | 42 | if (dest_tot_size - dest_size > str_size) |
44 | { | 43 | { |
45 | strcat(dest, src); | 44 | strcat (dest, src); |
46 | } | 45 | } |
47 | else | 46 | else |
48 | { | 47 | { |
49 | if (dest_tot_size - dest_size > 0) | 48 | if (dest_tot_size - dest_size > 0) |
50 | { | 49 | { |
51 | strncat(dest, src, (dest_tot_size - dest_size) - 1); | 50 | strncat (dest, src, (dest_tot_size - dest_size) - 1); |
52 | dest[dest_tot_size - 1] = 0; | 51 | dest[dest_tot_size - 1] = 0; |
53 | } | 52 | } |
54 | } | 53 | } |
55 | } | 54 | } |
56 | 55 | ||
57 | void _gnutls_str_cpy(char *dest, | 56 | void |
58 | size_t dest_tot_size, | 57 | _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src) |
59 | const char *src) | ||
60 | { | 58 | { |
61 | size_t str_size = strlen(src); | 59 | size_t str_size = strlen (src); |
62 | 60 | ||
63 | if (dest_tot_size > str_size) | 61 | if (dest_tot_size > str_size) |
64 | { | 62 | { |
65 | strcpy(dest, src); | 63 | strcpy (dest, src); |
66 | } | 64 | } |
67 | else | 65 | else |
68 | { | 66 | { |
69 | if (dest_tot_size > 0) | 67 | if (dest_tot_size > 0) |
70 | { | 68 | { |
71 | strncpy(dest, src, (dest_tot_size) - 1); | 69 | strncpy (dest, src, (dest_tot_size) - 1); |
72 | dest[dest_tot_size - 1] = 0; | 70 | dest[dest_tot_size - 1] = 0; |
73 | } | 71 | } |
74 | } | 72 | } |
75 | } | 73 | } |
76 | 74 | ||
77 | void _gnutls_mem_cpy(char *dest, | 75 | void |
78 | size_t dest_tot_size, | 76 | _gnutls_mem_cpy (char *dest, |
79 | const char *src, | 77 | size_t dest_tot_size, const char *src, size_t src_size) |
80 | size_t src_size) | ||
81 | { | 78 | { |
82 | 79 | ||
83 | if (dest_tot_size >= src_size) | 80 | if (dest_tot_size >= src_size) |
84 | { | 81 | { |
85 | memcpy(dest, src, src_size); | 82 | memcpy (dest, src, src_size); |
86 | } | 83 | } |
87 | else | 84 | else |
88 | { | 85 | { |
89 | if (dest_tot_size > 0) | 86 | if (dest_tot_size > 0) |
90 | { | 87 | { |
91 | memcpy(dest, src, dest_tot_size); | 88 | memcpy (dest, src, dest_tot_size); |
92 | } | 89 | } |
93 | } | 90 | } |
94 | } | 91 | } |
95 | 92 | ||
96 | void _gnutls_string_init(gnutls_string * str, | 93 | void |
97 | gnutls_alloc_function alloc_func, | 94 | _gnutls_string_init (gnutls_string * str, |
98 | gnutls_realloc_function realloc_func, | 95 | gnutls_alloc_function alloc_func, |
99 | gnutls_free_function free_func) | 96 | gnutls_realloc_function realloc_func, |
97 | gnutls_free_function free_func) | ||
100 | { | 98 | { |
101 | str->data = NULL; | 99 | str->data = NULL; |
102 | str->max_length = 0; | 100 | str->max_length = 0; |
@@ -107,11 +105,12 @@ void _gnutls_string_init(gnutls_string * str, | |||
107 | str->realloc_func = realloc_func; | 105 | str->realloc_func = realloc_func; |
108 | } | 106 | } |
109 | 107 | ||
110 | void _gnutls_string_clear(gnutls_string * str) | 108 | void |
109 | _gnutls_string_clear (gnutls_string * str) | ||
111 | { | 110 | { |
112 | if (str == NULL || str->data == NULL) | 111 | if (str == NULL || str->data == NULL) |
113 | return; | 112 | return; |
114 | str->free_func(str->data); | 113 | str->free_func (str->data); |
115 | 114 | ||
116 | str->data = NULL; | 115 | str->data = NULL; |
117 | str->max_length = 0; | 116 | str->max_length = 0; |
@@ -120,7 +119,8 @@ void _gnutls_string_clear(gnutls_string * str) | |||
120 | 119 | ||
121 | /* This one does not copy the string. | 120 | /* This one does not copy the string. |
122 | */ | 121 | */ |
123 | gnutls_datum_t _gnutls_string2datum(gnutls_string * str) | 122 | gnutls_datum_t |
123 | _gnutls_string2datum (gnutls_string * str) | ||
124 | { | 124 | { |
125 | gnutls_datum_t ret; | 125 | gnutls_datum_t ret; |
126 | 126 | ||
@@ -132,14 +132,14 @@ gnutls_datum_t _gnutls_string2datum(gnutls_string * str) | |||
132 | 132 | ||
133 | #define MIN_CHUNK 256 | 133 | #define MIN_CHUNK 256 |
134 | 134 | ||
135 | int _gnutls_string_copy_str(gnutls_string * dest, | 135 | int |
136 | const char *src) | 136 | _gnutls_string_copy_str (gnutls_string * dest, const char *src) |
137 | { | 137 | { |
138 | size_t src_len = strlen(src); | 138 | size_t src_len = strlen (src); |
139 | size_t max; | 139 | size_t max; |
140 | if (dest->max_length >= src_len) | 140 | if (dest->max_length >= src_len) |
141 | { | 141 | { |
142 | memcpy(dest->data, src, src_len); | 142 | memcpy (dest->data, src, src_len); |
143 | dest->length = src_len; | 143 | dest->length = src_len; |
144 | 144 | ||
145 | return src_len; | 145 | return src_len; |
@@ -147,7 +147,7 @@ int _gnutls_string_copy_str(gnutls_string * dest, | |||
147 | else | 147 | else |
148 | { | 148 | { |
149 | max = (src_len > MIN_CHUNK) ? src_len : MIN_CHUNK; | 149 | max = (src_len > MIN_CHUNK) ? src_len : MIN_CHUNK; |
150 | dest->data = dest->realloc_func(dest->data, max); | 150 | dest->data = dest->realloc_func (dest->data, max); |
151 | if (dest->data == NULL) | 151 | if (dest->data == NULL) |
152 | { | 152 | { |
153 | gnutls_assert (); | 153 | gnutls_assert (); |
@@ -155,32 +155,32 @@ int _gnutls_string_copy_str(gnutls_string * dest, | |||
155 | } | 155 | } |
156 | dest->max_length = MAX (MIN_CHUNK, src_len); | 156 | dest->max_length = MAX (MIN_CHUNK, src_len); |
157 | 157 | ||
158 | memcpy(dest->data, src, src_len); | 158 | memcpy (dest->data, src, src_len); |
159 | dest->length = src_len; | 159 | dest->length = src_len; |
160 | 160 | ||
161 | return src_len; | 161 | return src_len; |
162 | } | 162 | } |
163 | } | 163 | } |
164 | 164 | ||
165 | int _gnutls_string_append_str(gnutls_string * dest, | 165 | int |
166 | const char *src) | 166 | _gnutls_string_append_str (gnutls_string * dest, const char *src) |
167 | { | 167 | { |
168 | size_t src_len = strlen(src); | 168 | size_t src_len = strlen (src); |
169 | size_t tot_len = src_len + dest->length; | 169 | size_t tot_len = src_len + dest->length; |
170 | 170 | ||
171 | if (dest->max_length >= tot_len) | 171 | if (dest->max_length >= tot_len) |
172 | { | 172 | { |
173 | memcpy(&dest->data[dest->length], src, src_len); | 173 | memcpy (&dest->data[dest->length], src, src_len); |
174 | dest->length = tot_len; | 174 | dest->length = tot_len; |
175 | 175 | ||
176 | return tot_len; | 176 | return tot_len; |
177 | } | 177 | } |
178 | else | 178 | else |
179 | { | 179 | { |
180 | size_t new_len= | 180 | size_t new_len = |
181 | MAX (src_len, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); | 181 | MAX (src_len, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); |
182 | 182 | ||
183 | dest->data = dest->realloc_func(dest->data, new_len); | 183 | dest->data = dest->realloc_func (dest->data, new_len); |
184 | if (dest->data == NULL) | 184 | if (dest->data == NULL) |
185 | { | 185 | { |
186 | gnutls_assert (); | 186 | gnutls_assert (); |
@@ -188,32 +188,32 @@ int _gnutls_string_append_str(gnutls_string * dest, | |||
188 | } | 188 | } |
189 | dest->max_length = new_len; | 189 | dest->max_length = new_len; |
190 | 190 | ||
191 | memcpy(&dest->data[dest->length], src, src_len); | 191 | memcpy (&dest->data[dest->length], src, src_len); |
192 | dest->length = tot_len; | 192 | dest->length = tot_len; |
193 | 193 | ||
194 | return tot_len; | 194 | return tot_len; |
195 | } | 195 | } |
196 | } | 196 | } |
197 | 197 | ||
198 | int _gnutls_string_append_data(gnutls_string * dest, | 198 | int |
199 | const void *data, | 199 | _gnutls_string_append_data (gnutls_string * dest, |
200 | size_t data_size) | 200 | const void *data, size_t data_size) |
201 | { | 201 | { |
202 | size_t tot_len = data_size + dest->length; | 202 | size_t tot_len = data_size + dest->length; |
203 | 203 | ||
204 | if (dest->max_length >= tot_len) | 204 | if (dest->max_length >= tot_len) |
205 | { | 205 | { |
206 | memcpy(&dest->data[dest->length], data, data_size); | 206 | memcpy (&dest->data[dest->length], data, data_size); |
207 | dest->length = tot_len; | 207 | dest->length = tot_len; |
208 | 208 | ||
209 | return tot_len; | 209 | return tot_len; |
210 | } | 210 | } |
211 | else | 211 | else |
212 | { | 212 | { |
213 | size_t new_len= | 213 | size_t new_len = |
214 | MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); | 214 | MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); |
215 | 215 | ||
216 | dest->data = dest->realloc_func(dest->data, new_len); | 216 | dest->data = dest->realloc_func (dest->data, new_len); |
217 | if (dest->data == NULL) | 217 | if (dest->data == NULL) |
218 | { | 218 | { |
219 | gnutls_assert (); | 219 | gnutls_assert (); |
@@ -221,31 +221,30 @@ int _gnutls_string_append_data(gnutls_string * dest, | |||
221 | } | 221 | } |
222 | dest->max_length = new_len; | 222 | dest->max_length = new_len; |
223 | 223 | ||
224 | memcpy(&dest->data[dest->length], data, data_size); | 224 | memcpy (&dest->data[dest->length], data, data_size); |
225 | dest->length = tot_len; | 225 | dest->length = tot_len; |
226 | 226 | ||
227 | return tot_len; | 227 | return tot_len; |
228 | } | 228 | } |
229 | } | 229 | } |
230 | 230 | ||
231 | int _gnutls_string_append_printf(gnutls_string * dest, | 231 | int |
232 | const char *fmt, | 232 | _gnutls_string_append_printf (gnutls_string * dest, const char *fmt, ...) |
233 | ...) | ||
234 | { | 233 | { |
235 | va_list args; | 234 | va_list args; |
236 | int len; | 235 | int len; |
237 | char *str; | 236 | char *str; |
238 | 237 | ||
239 | va_start(args, fmt); | 238 | va_start (args, fmt); |
240 | len = vasprintf(&str, fmt, args); | 239 | len = vasprintf (&str, fmt, args); |
241 | va_end(args); | 240 | va_end (args); |
242 | 241 | ||
243 | if (len < 0 || !str) | 242 | if (len < 0 || !str) |
244 | return -1; | 243 | return -1; |
245 | 244 | ||
246 | len = _gnutls_string_append_str(dest, str); | 245 | len = _gnutls_string_append_str (dest, str); |
247 | 246 | ||
248 | free(str); | 247 | free (str); |
249 | 248 | ||
250 | return len; | 249 | return len; |
251 | } | 250 | } |
@@ -255,17 +254,16 @@ int _gnutls_string_append_printf(gnutls_string * dest, | |||
255 | * If the buffer does not have enough space to hold the string, a | 254 | * If the buffer does not have enough space to hold the string, a |
256 | * truncated hex string is returned (always null terminated). | 255 | * truncated hex string is returned (always null terminated). |
257 | */ | 256 | */ |
258 | char * _gnutls_bin2hex(const void *_old, | 257 | char * |
259 | size_t oldlen, | 258 | _gnutls_bin2hex (const void *_old, |
260 | char *buffer, | 259 | size_t oldlen, char *buffer, size_t buffer_size) |
261 | size_t buffer_size) | ||
262 | { | 260 | { |
263 | unsigned int i, j; | 261 | unsigned int i, j; |
264 | const opaque *old = _old; | 262 | const opaque *old = _old; |
265 | 263 | ||
266 | for (i = j = 0; i < oldlen && j + 2 < buffer_size; j += 2) | 264 | for (i = j = 0; i < oldlen && j + 2 < buffer_size; j += 2) |
267 | { | 265 | { |
268 | sprintf(&buffer[j], "%.2x", old[i]); | 266 | sprintf (&buffer[j], "%.2x", old[i]); |
269 | i++; | 267 | i++; |
270 | } | 268 | } |
271 | buffer[j] = '\0'; | 269 | buffer[j] = '\0'; |
@@ -275,10 +273,9 @@ char * _gnutls_bin2hex(const void *_old, | |||
275 | 273 | ||
276 | /* just a hex2bin function. | 274 | /* just a hex2bin function. |
277 | */ | 275 | */ |
278 | int _gnutls_hex2bin(const opaque * hex_data, | 276 | int |
279 | int hex_size, | 277 | _gnutls_hex2bin (const opaque * hex_data, |
280 | opaque * bin_data, | 278 | int hex_size, opaque * bin_data, size_t * bin_size) |
281 | size_t * bin_size) | ||
282 | { | 279 | { |
283 | int i, j; | 280 | int i, j; |
284 | opaque hex2_data[3]; | 281 | opaque hex2_data[3]; |
@@ -299,7 +296,7 @@ int _gnutls_hex2bin(const opaque * hex_data, | |||
299 | hex2_data[0] = hex_data[i]; | 296 | hex2_data[0] = hex_data[i]; |
300 | hex2_data[1] = hex_data[i + 1]; | 297 | hex2_data[1] = hex_data[i + 1]; |
301 | hex2_data[2] = 0; | 298 | hex2_data[2] = 0; |
302 | val = strtoul((char *) hex2_data, NULL, 16); | 299 | val = strtoul ((char *) hex2_data, NULL, 16); |
303 | if (val == ULONG_MAX) | 300 | if (val == ULONG_MAX) |
304 | { | 301 | { |
305 | gnutls_assert (); | 302 | gnutls_assert (); |
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c index 2f1921bb..0812fa3c 100644 --- a/src/daemon/https/x509/privkey_pkcs8.c +++ b/src/daemon/https/x509/privkey_pkcs8.c | |||
@@ -54,49 +54,49 @@ | |||
54 | #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" | 54 | #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" |
55 | 55 | ||
56 | struct pbkdf2_params | 56 | struct pbkdf2_params |
57 | { | 57 | { |
58 | opaque salt[32]; | 58 | opaque salt[32]; |
59 | int salt_size; | 59 | int salt_size; |
60 | unsigned int iter_count; | 60 | unsigned int iter_count; |
61 | unsigned int key_size; | 61 | unsigned int key_size; |
62 | }; | 62 | }; |
63 | 63 | ||
64 | struct pbe_enc_params | 64 | struct pbe_enc_params |
65 | { | 65 | { |
66 | gnutls_cipher_algorithm_t cipher; | 66 | gnutls_cipher_algorithm_t cipher; |
67 | opaque iv[8]; | 67 | opaque iv[8]; |
68 | int iv_size; | 68 | int iv_size; |
69 | }; | 69 | }; |
70 | 70 | ||
71 | static int generate_key (schema_id schema, const char *password, | 71 | static int generate_key (schema_id schema, const char *password, |
72 | struct pbkdf2_params *kdf_params, | 72 | struct pbkdf2_params *kdf_params, |
73 | struct pbe_enc_params *enc_params, | 73 | struct pbe_enc_params *enc_params, |
74 | gnutls_datum_t * key); | 74 | gnutls_datum_t * key); |
75 | static int read_pbkdf2_params (ASN1_TYPE pbes2_asn, | 75 | static int read_pbkdf2_params (ASN1_TYPE pbes2_asn, |
76 | const gnutls_datum_t * der, | 76 | const gnutls_datum_t * der, |
77 | struct pbkdf2_params *params); | 77 | struct pbkdf2_params *params); |
78 | static int read_pbe_enc_params (ASN1_TYPE pbes2_asn, | 78 | static int read_pbe_enc_params (ASN1_TYPE pbes2_asn, |
79 | const gnutls_datum_t * der, | 79 | const gnutls_datum_t * der, |
80 | struct pbe_enc_params *params); | 80 | struct pbe_enc_params *params); |
81 | static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root, | 81 | static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root, |
82 | const char *password, | 82 | const char *password, |
83 | const struct pbkdf2_params *kdf_params, | 83 | const struct pbkdf2_params *kdf_params, |
84 | const struct pbe_enc_params *enc_params, | 84 | const struct pbe_enc_params *enc_params, |
85 | gnutls_datum_t * decrypted_data); | 85 | gnutls_datum_t * decrypted_data); |
86 | static int decode_private_key_info (const gnutls_datum_t * der, | 86 | static int decode_private_key_info (const gnutls_datum_t * der, |
87 | gnutls_x509_privkey_t pkey); | 87 | gnutls_x509_privkey_t pkey); |
88 | static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, | 88 | static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, |
89 | const char *where, | 89 | const char *where, |
90 | const struct pbkdf2_params *kdf_params, | 90 | const struct pbkdf2_params *kdf_params, |
91 | const struct pbe_enc_params *enc_params); | 91 | const struct pbe_enc_params *enc_params); |
92 | static int encrypt_data (const gnutls_datum_t * plain, | 92 | static int encrypt_data (const gnutls_datum_t * plain, |
93 | const struct pbe_enc_params *enc_params, | 93 | const struct pbe_enc_params *enc_params, |
94 | gnutls_datum_t * key, gnutls_datum_t * encrypted); | 94 | gnutls_datum_t * key, gnutls_datum_t * encrypted); |
95 | 95 | ||
96 | static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, | 96 | static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, |
97 | struct pbkdf2_params *params); | 97 | struct pbkdf2_params *params); |
98 | static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, | 98 | static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, |
99 | const struct pbkdf2_params *params); | 99 | const struct pbkdf2_params *params); |
100 | 100 | ||
101 | #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY" | 101 | #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY" |
102 | #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY" | 102 | #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY" |
@@ -106,24 +106,24 @@ static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, | |||
106 | */ | 106 | */ |
107 | inline static int | 107 | inline static int |
108 | check_schema (const char *oid) | 108 | check_schema (const char *oid) |
109 | { | 109 | { |
110 | 110 | ||
111 | if (strcmp (oid, PBES2_OID) == 0) | 111 | if (strcmp (oid, PBES2_OID) == 0) |
112 | return PBES2; | 112 | return PBES2; |
113 | 113 | ||
114 | if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0) | 114 | if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0) |
115 | return PKCS12_3DES_SHA1; | 115 | return PKCS12_3DES_SHA1; |
116 | 116 | ||
117 | if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0) | 117 | if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0) |
118 | return PKCS12_ARCFOUR_SHA1; | 118 | return PKCS12_ARCFOUR_SHA1; |
119 | 119 | ||
120 | if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0) | 120 | if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0) |
121 | return PKCS12_RC2_40_SHA1; | 121 | return PKCS12_RC2_40_SHA1; |
122 | 122 | ||
123 | _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid); | 123 | _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid); |
124 | 124 | ||
125 | return GNUTLS_E_UNKNOWN_CIPHER_TYPE; | 125 | return GNUTLS_E_UNKNOWN_CIPHER_TYPE; |
126 | } | 126 | } |
127 | 127 | ||
128 | /* Encodes a private key to the raw format PKCS #8 needs. | 128 | /* Encodes a private key to the raw format PKCS #8 needs. |
129 | * For RSA it is a PKCS #1 DER private key and for DSA it is | 129 | * For RSA it is a PKCS #1 DER private key and for DSA it is |
@@ -131,324 +131,320 @@ check_schema (const char *oid) | |||
131 | */ | 131 | */ |
132 | inline static int | 132 | inline static int |
133 | _encode_privkey (gnutls_x509_privkey pkey, gnutls_datum * raw) | 133 | _encode_privkey (gnutls_x509_privkey pkey, gnutls_datum * raw) |
134 | { | 134 | { |
135 | size_t size = 0; | 135 | size_t size = 0; |
136 | opaque *data = NULL; | 136 | opaque *data = NULL; |
137 | int ret; | 137 | int ret; |
138 | ASN1_TYPE spk = ASN1_TYPE_EMPTY; | 138 | ASN1_TYPE spk = ASN1_TYPE_EMPTY; |
139 | 139 | ||
140 | switch (pkey->pk_algorithm) | 140 | switch (pkey->pk_algorithm) |
141 | { | 141 | { |
142 | case GNUTLS_PK_RSA: | 142 | case GNUTLS_PK_RSA: |
143 | ret = | 143 | ret = |
144 | gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); | 144 | gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); |
145 | if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) | 145 | if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) |
146 | { | 146 | { |
147 | gnutls_assert (); | 147 | gnutls_assert (); |
148 | goto error; | 148 | goto error; |
149 | } | 149 | } |
150 | 150 | ||
151 | data = gnutls_malloc (size); | 151 | data = gnutls_malloc (size); |
152 | if (data == NULL) | 152 | if (data == NULL) |
153 | { | 153 | { |
154 | gnutls_assert (); | 154 | gnutls_assert (); |
155 | ret = GNUTLS_E_MEMORY_ERROR; | 155 | ret = GNUTLS_E_MEMORY_ERROR; |
156 | goto error; | 156 | goto error; |
157 | } | 157 | } |
158 | 158 | ||
159 | ret = | 159 | ret = |
160 | gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size); | 160 | gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size); |
161 | if (ret < 0) | 161 | if (ret < 0) |
162 | { | 162 | { |
163 | gnutls_assert (); | 163 | gnutls_assert (); |
164 | goto error; | 164 | goto error; |
165 | } | 165 | } |
166 | 166 | ||
167 | raw->data = data; | 167 | raw->data = data; |
168 | raw->size = size; | 168 | raw->size = size; |
169 | break; | 169 | break; |
170 | default: | 170 | default: |
171 | gnutls_assert (); | 171 | gnutls_assert (); |
172 | return GNUTLS_E_INVALID_REQUEST; | 172 | return GNUTLS_E_INVALID_REQUEST; |
173 | } | 173 | } |
174 | 174 | ||
175 | return 0; | 175 | return 0; |
176 | 176 | ||
177 | error: | 177 | error: |
178 | gnutls_free (data); | 178 | gnutls_free (data); |
179 | asn1_delete_structure (&spk); | 179 | asn1_delete_structure (&spk); |
180 | return ret; | 180 | return ret; |
181 | 181 | ||
182 | } | 182 | } |
183 | 183 | ||
184 | /* | 184 | /* |
185 | * Encodes a PKCS #1 private key to a PKCS #8 private key | 185 | * Encodes a PKCS #1 private key to a PKCS #8 private key |
186 | * info. The output will be allocated and stored into der. Also | 186 | * info. The output will be allocated and stored into der. Also |
187 | * the ASN1_TYPE of private key info will be returned. | 187 | * the ASN1_TYPE of private key info will be returned. |
188 | */ | 188 | */ |
189 | static int | 189 | static int |
190 | encode_to_private_key_info (gnutls_x509_privkey_t pkey, | 190 | encode_to_private_key_info (gnutls_x509_privkey_t pkey, |
191 | gnutls_datum_t * der, ASN1_TYPE * pkey_info) | 191 | gnutls_datum_t * der, ASN1_TYPE * pkey_info) |
192 | { | 192 | { |
193 | int result, len; | 193 | int result, len; |
194 | opaque null = 0; | 194 | opaque null = 0; |
195 | const char *oid; | 195 | const char *oid; |
196 | gnutls_datum algo_params = | 196 | gnutls_datum algo_params = { NULL, 0 }; |
197 | { NULL, 0}; | 197 | gnutls_datum algo_privkey = { NULL, 0 }; |
198 | gnutls_datum algo_privkey = | 198 | |
199 | { NULL, 0}; | 199 | if (pkey->pk_algorithm == GNUTLS_PK_RSA) |
200 | 200 | { | |
201 | if (pkey->pk_algorithm == GNUTLS_PK_RSA) | 201 | oid = PK_PKIX1_RSA_OID; |
202 | { | 202 | /* parameters are null |
203 | oid = PK_PKIX1_RSA_OID; | 203 | */ |
204 | /* parameters are null | 204 | } |
205 | */ | 205 | else |
206 | } | 206 | { |
207 | else | 207 | oid = PK_DSA_OID; |
208 | { | 208 | result = |
209 | oid = PK_DSA_OID; | ||
210 | result = | ||
211 | _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size, | 209 | _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size, |
212 | &algo_params); | 210 | &algo_params); |
213 | if (result < 0) | 211 | if (result < 0) |
214 | { | 212 | { |
215 | gnutls_assert (); | 213 | gnutls_assert (); |
216 | return result; | 214 | return result; |
217 | } | 215 | } |
218 | } | 216 | } |
219 | 217 | ||
220 | if ((result = | 218 | if ((result = |
221 | asn1_create_element (_gnutls_get_pkix (), | 219 | asn1_create_element (_gnutls_get_pkix (), |
222 | "PKIX1.pkcs-8-PrivateKeyInfo", | 220 | "PKIX1.pkcs-8-PrivateKeyInfo", |
223 | pkey_info)) != ASN1_SUCCESS) | 221 | pkey_info)) != ASN1_SUCCESS) |
224 | { | 222 | { |
225 | gnutls_assert (); | 223 | gnutls_assert (); |
226 | result = _gnutls_asn2err (result); | 224 | result = _gnutls_asn2err (result); |
227 | goto error; | 225 | goto error; |
228 | } | 226 | } |
229 | 227 | ||
230 | /* Write the version. | 228 | /* Write the version. |
231 | */ | 229 | */ |
232 | result = asn1_write_value (*pkey_info, "version", &null, 1); | 230 | result = asn1_write_value (*pkey_info, "version", &null, 1); |
233 | if (result != ASN1_SUCCESS) | 231 | if (result != ASN1_SUCCESS) |
234 | { | 232 | { |
235 | gnutls_assert (); | 233 | gnutls_assert (); |
236 | result = _gnutls_asn2err (result); | 234 | result = _gnutls_asn2err (result); |
237 | goto error; | 235 | goto error; |
238 | } | 236 | } |
239 | 237 | ||
240 | /* write the privateKeyAlgorithm | 238 | /* write the privateKeyAlgorithm |
241 | * fields. (OID+NULL data) | 239 | * fields. (OID+NULL data) |
242 | */ | 240 | */ |
243 | result = | 241 | result = |
244 | asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1); | 242 | asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1); |
245 | if (result != ASN1_SUCCESS) | 243 | if (result != ASN1_SUCCESS) |
246 | { | 244 | { |
247 | gnutls_assert (); | 245 | gnutls_assert (); |
248 | result = _gnutls_asn2err (result); | 246 | result = _gnutls_asn2err (result); |
249 | goto error; | 247 | goto error; |
250 | } | 248 | } |
251 | 249 | ||
252 | result = | 250 | result = |
253 | asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters", | 251 | asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters", |
254 | algo_params.data, algo_params.size); | 252 | algo_params.data, algo_params.size); |
255 | _gnutls_free_datum (&algo_params); | 253 | _gnutls_free_datum (&algo_params); |
256 | if (result != ASN1_SUCCESS) | 254 | if (result != ASN1_SUCCESS) |
257 | { | 255 | { |
258 | gnutls_assert (); | 256 | gnutls_assert (); |
259 | result = _gnutls_asn2err (result); | 257 | result = _gnutls_asn2err (result); |
260 | goto error; | 258 | goto error; |
261 | } | 259 | } |
262 | 260 | ||
263 | /* Write the raw private key | 261 | /* Write the raw private key |
264 | */ | 262 | */ |
265 | result = _encode_privkey (pkey, &algo_privkey); | 263 | result = _encode_privkey (pkey, &algo_privkey); |
266 | if (result < 0) | 264 | if (result < 0) |
267 | { | 265 | { |
268 | gnutls_assert (); | 266 | gnutls_assert (); |
269 | goto error; | 267 | goto error; |
270 | } | 268 | } |
271 | 269 | ||
272 | result = | 270 | result = |
273 | asn1_write_value (*pkey_info, "privateKey", algo_privkey.data, | 271 | asn1_write_value (*pkey_info, "privateKey", algo_privkey.data, |
274 | algo_privkey.size); | 272 | algo_privkey.size); |
275 | _gnutls_free_datum (&algo_privkey); | 273 | _gnutls_free_datum (&algo_privkey); |
276 | 274 | ||
277 | if (result != ASN1_SUCCESS) | 275 | if (result != ASN1_SUCCESS) |
278 | { | 276 | { |
279 | gnutls_assert (); | 277 | gnutls_assert (); |
280 | result = _gnutls_asn2err (result); | 278 | result = _gnutls_asn2err (result); |
281 | goto error; | 279 | goto error; |
282 | } | 280 | } |
283 | 281 | ||
284 | /* Append an empty Attributes field. | 282 | /* Append an empty Attributes field. |
285 | */ | 283 | */ |
286 | result = asn1_write_value (*pkey_info, "attributes", NULL, 0); | 284 | result = asn1_write_value (*pkey_info, "attributes", NULL, 0); |
287 | if (result != ASN1_SUCCESS) | 285 | if (result != ASN1_SUCCESS) |
288 | { | 286 | { |
289 | gnutls_assert (); | 287 | gnutls_assert (); |
290 | result = _gnutls_asn2err (result); | 288 | result = _gnutls_asn2err (result); |
291 | goto error; | 289 | goto error; |
292 | } | 290 | } |
293 | 291 | ||
294 | /* DER Encode the generated private key info. | 292 | /* DER Encode the generated private key info. |
295 | */ | 293 | */ |
296 | len = 0; | 294 | len = 0; |
297 | result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL); | 295 | result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL); |
298 | if (result != ASN1_MEM_ERROR) | 296 | if (result != ASN1_MEM_ERROR) |
299 | { | 297 | { |
300 | gnutls_assert (); | 298 | gnutls_assert (); |
301 | result = _gnutls_asn2err (result); | 299 | result = _gnutls_asn2err (result); |
302 | goto error; | 300 | goto error; |
303 | } | 301 | } |
304 | 302 | ||
305 | /* allocate data for the der | 303 | /* allocate data for the der |
306 | */ | 304 | */ |
307 | der->size = len; | 305 | der->size = len; |
308 | der->data = gnutls_malloc (len); | 306 | der->data = gnutls_malloc (len); |
309 | if (der->data == NULL) | 307 | if (der->data == NULL) |
310 | { | 308 | { |
311 | gnutls_assert (); | 309 | gnutls_assert (); |
312 | return GNUTLS_E_MEMORY_ERROR; | 310 | return GNUTLS_E_MEMORY_ERROR; |
313 | } | 311 | } |
314 | 312 | ||
315 | result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL); | 313 | result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL); |
316 | if (result != ASN1_SUCCESS) | 314 | if (result != ASN1_SUCCESS) |
317 | { | 315 | { |
318 | gnutls_assert (); | 316 | gnutls_assert (); |
319 | result = _gnutls_asn2err (result); | 317 | result = _gnutls_asn2err (result); |
320 | goto error; | 318 | goto error; |
321 | } | 319 | } |
322 | 320 | ||
323 | return 0; | 321 | return 0; |
324 | 322 | ||
325 | error: | 323 | error: |
326 | asn1_delete_structure (pkey_info); | 324 | asn1_delete_structure (pkey_info); |
327 | _gnutls_free_datum (&algo_params); | 325 | _gnutls_free_datum (&algo_params); |
328 | _gnutls_free_datum (&algo_privkey); | 326 | _gnutls_free_datum (&algo_privkey); |
329 | return result; | 327 | return result; |
330 | 328 | ||
331 | } | 329 | } |
332 | 330 | ||
333 | /* Converts a PKCS #8 private key info to | 331 | /* Converts a PKCS #8 private key info to |
334 | * a PKCS #8 EncryptedPrivateKeyInfo. | 332 | * a PKCS #8 EncryptedPrivateKeyInfo. |
335 | */ | 333 | */ |
336 | static int | 334 | static int |
337 | encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, | 335 | encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, |
338 | const char *password, ASN1_TYPE * out) | 336 | const char *password, ASN1_TYPE * out) |
339 | { | 337 | { |
340 | int result; | 338 | int result; |
341 | gnutls_datum_t key = | 339 | gnutls_datum_t key = { NULL, 0 }; |
342 | { NULL, 0}; | 340 | gnutls_datum_t tmp = { NULL, 0 }; |
343 | gnutls_datum_t tmp = | 341 | ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; |
344 | { NULL, 0}; | 342 | struct pbkdf2_params kdf_params; |
345 | ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; | 343 | struct pbe_enc_params enc_params; |
346 | struct pbkdf2_params kdf_params; | 344 | |
347 | struct pbe_enc_params enc_params; | 345 | if ((result = |
348 | 346 | asn1_create_element (_gnutls_get_pkix (), | |
349 | if ((result = | 347 | "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", |
350 | asn1_create_element (_gnutls_get_pkix (), | 348 | &pkcs8_asn)) != ASN1_SUCCESS) |
351 | "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", | 349 | { |
352 | &pkcs8_asn)) != ASN1_SUCCESS) | 350 | gnutls_assert (); |
353 | { | 351 | result = _gnutls_asn2err (result); |
354 | gnutls_assert (); | 352 | goto error; |
355 | result = _gnutls_asn2err (result); | 353 | } |
356 | goto error; | 354 | |
357 | } | 355 | /* Write the encryption schema OID |
358 | 356 | */ | |
359 | /* Write the encryption schema OID | 357 | switch (schema) |
360 | */ | 358 | { |
361 | switch (schema) | 359 | case PBES2: |
362 | { | 360 | result = |
363 | case PBES2: | ||
364 | result = | ||
365 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", | 361 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", |
366 | PBES2_OID, 1); | 362 | PBES2_OID, 1); |
367 | break; | 363 | break; |
368 | case PKCS12_3DES_SHA1: | 364 | case PKCS12_3DES_SHA1: |
369 | result = | 365 | result = |
370 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", | 366 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", |
371 | PKCS12_PBE_3DES_SHA1_OID, 1); | 367 | PKCS12_PBE_3DES_SHA1_OID, 1); |
372 | break; | 368 | break; |
373 | case PKCS12_ARCFOUR_SHA1: | 369 | case PKCS12_ARCFOUR_SHA1: |
374 | result = | 370 | result = |
375 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", | 371 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", |
376 | PKCS12_PBE_ARCFOUR_SHA1_OID, 1); | 372 | PKCS12_PBE_ARCFOUR_SHA1_OID, 1); |
377 | break; | 373 | break; |
378 | case PKCS12_RC2_40_SHA1: | 374 | case PKCS12_RC2_40_SHA1: |
379 | result = | 375 | result = |
380 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", | 376 | asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", |
381 | PKCS12_PBE_RC2_40_SHA1_OID, 1); | 377 | PKCS12_PBE_RC2_40_SHA1_OID, 1); |
382 | break; | 378 | break; |
383 | 379 | ||
384 | } | 380 | } |
385 | 381 | ||
386 | if (result != ASN1_SUCCESS) | 382 | if (result != ASN1_SUCCESS) |
387 | { | 383 | { |
388 | gnutls_assert (); | 384 | gnutls_assert (); |
389 | result = _gnutls_asn2err (result); | 385 | result = _gnutls_asn2err (result); |
390 | goto error; | 386 | goto error; |
391 | } | 387 | } |
392 | 388 | ||
393 | /* Generate a symmetric key. | 389 | /* Generate a symmetric key. |
394 | */ | 390 | */ |
395 | 391 | ||
396 | result = generate_key (schema, password, &kdf_params, &enc_params, &key); | 392 | result = generate_key (schema, password, &kdf_params, &enc_params, &key); |
397 | if (result < 0) | 393 | if (result < 0) |
398 | { | 394 | { |
399 | gnutls_assert (); | 395 | gnutls_assert (); |
400 | goto error; | 396 | goto error; |
401 | } | 397 | } |
402 | 398 | ||
403 | result = | 399 | result = |
404 | write_schema_params (schema, pkcs8_asn, | 400 | write_schema_params (schema, pkcs8_asn, |
405 | "encryptionAlgorithm.parameters", &kdf_params, | 401 | "encryptionAlgorithm.parameters", &kdf_params, |
406 | &enc_params); | 402 | &enc_params); |
407 | if (result < 0) | 403 | if (result < 0) |
408 | { | 404 | { |
409 | gnutls_assert (); | 405 | gnutls_assert (); |
410 | goto error; | 406 | goto error; |
411 | } | 407 | } |
412 | 408 | ||
413 | /* Parameters have been encoded. Now | 409 | /* Parameters have been encoded. Now |
414 | * encrypt the Data. | 410 | * encrypt the Data. |
415 | */ | 411 | */ |
416 | result = encrypt_data (der_key, &enc_params, &key, &tmp); | 412 | result = encrypt_data (der_key, &enc_params, &key, &tmp); |
417 | if (result < 0) | 413 | if (result < 0) |
418 | { | 414 | { |
419 | gnutls_assert (); | 415 | gnutls_assert (); |
420 | goto error; | 416 | goto error; |
421 | } | 417 | } |
422 | 418 | ||
423 | /* write the encrypted data. | 419 | /* write the encrypted data. |
424 | */ | 420 | */ |
425 | result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size); | 421 | result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size); |
426 | if (result != ASN1_SUCCESS) | 422 | if (result != ASN1_SUCCESS) |
427 | { | 423 | { |
428 | gnutls_assert (); | 424 | gnutls_assert (); |
429 | result = _gnutls_asn2err (result); | 425 | result = _gnutls_asn2err (result); |
430 | goto error; | 426 | goto error; |
431 | } | 427 | } |
432 | 428 | ||
433 | _gnutls_free_datum (&tmp); | 429 | _gnutls_free_datum (&tmp); |
434 | _gnutls_free_datum (&key); | 430 | _gnutls_free_datum (&key); |
435 | 431 | ||
436 | *out = pkcs8_asn; | 432 | *out = pkcs8_asn; |
437 | 433 | ||
438 | return 0; | 434 | return 0; |
439 | 435 | ||
440 | error: | 436 | error: |
441 | _gnutls_free_datum (&key); | 437 | _gnutls_free_datum (&key); |
442 | _gnutls_free_datum (&tmp); | 438 | _gnutls_free_datum (&tmp); |
443 | asn1_delete_structure (&pkcs8_asn); | 439 | asn1_delete_structure (&pkcs8_asn); |
444 | return result; | 440 | return result; |
445 | } | 441 | } |
446 | 442 | ||
447 | /** | 443 | /** |
448 | * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format | 444 | * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format |
449 | * @key: Holds the key | 445 | * @key: Holds the key |
450 | * @format: the format of output params. One of PEM or DER. | 446 | * @format: the format of output params. One of PEM or DER. |
451 | * @password: the password that will be used to encrypt the key. | 447 | * @password: the password that will be used to encrypt the key. |
452 | * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t | 448 | * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t |
453 | * @output_data: will contain a private key PEM or DER encoded | 449 | * @output_data: will contain a private key PEM or DER encoded |
454 | * @output_data_size: holds the size of output_data (and will be | 450 | * @output_data_size: holds the size of output_data (and will be |
@@ -456,7 +452,7 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, | |||
456 | * | 452 | * |
457 | * This function will export the private key to a PKCS8 structure. | 453 | * This function will export the private key to a PKCS8 structure. |
458 | * Both RSA and DSA keys can be exported. For DSA keys we use | 454 | * Both RSA and DSA keys can be exported. For DSA keys we use |
459 | * PKCS #11 definitions. If the flags do not specify the encryption | 455 | * PKCS #11 definitions. If the flags do not specify the encryption |
460 | * cipher, then the default 3DES (PBES2) will be used. | 456 | * cipher, then the default 3DES (PBES2) will be used. |
461 | * | 457 | * |
462 | * The @password can be either ASCII or UTF-8 in the default PBES2 | 458 | * The @password can be either ASCII or UTF-8 in the default PBES2 |
@@ -476,215 +472,215 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, | |||
476 | **/ | 472 | **/ |
477 | int | 473 | int |
478 | gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, | 474 | gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, |
479 | gnutls_x509_crt_fmt_t format, | 475 | gnutls_x509_crt_fmt_t format, |
480 | const char *password, | 476 | const char *password, |
481 | unsigned int flags, | 477 | unsigned int flags, |
482 | void *output_data, | 478 | void *output_data, |
483 | size_t * output_data_size) | 479 | size_t * output_data_size) |
484 | { | 480 | { |
485 | ASN1_TYPE pkcs8_asn, pkey_info; | 481 | ASN1_TYPE pkcs8_asn, pkey_info; |
486 | int ret; | 482 | int ret; |
487 | gnutls_datum_t tmp; | 483 | gnutls_datum_t tmp; |
488 | schema_id schema; | 484 | schema_id schema; |
489 | 485 | ||
490 | if (key == NULL) | 486 | if (key == NULL) |
491 | { | 487 | { |
492 | gnutls_assert (); | 488 | gnutls_assert (); |
493 | return GNUTLS_E_INVALID_REQUEST; | 489 | return GNUTLS_E_INVALID_REQUEST; |
494 | } | 490 | } |
495 | 491 | ||
496 | /* Get the private key info | 492 | /* Get the private key info |
497 | * tmp holds the DER encoding. | 493 | * tmp holds the DER encoding. |
498 | */ | 494 | */ |
499 | ret = encode_to_private_key_info (key, &tmp, &pkey_info); | 495 | ret = encode_to_private_key_info (key, &tmp, &pkey_info); |
500 | if (ret < 0) | 496 | if (ret < 0) |
501 | { | 497 | { |
502 | gnutls_assert (); | 498 | gnutls_assert (); |
503 | return ret; | 499 | return ret; |
504 | } | 500 | } |
505 | 501 | ||
506 | if (flags & GNUTLS_PKCS_USE_PKCS12_3DES) | 502 | if (flags & GNUTLS_PKCS_USE_PKCS12_3DES) |
507 | schema = PKCS12_3DES_SHA1; | 503 | schema = PKCS12_3DES_SHA1; |
508 | else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) | 504 | else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) |
509 | schema = PKCS12_ARCFOUR_SHA1; | 505 | schema = PKCS12_ARCFOUR_SHA1; |
510 | else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) | 506 | else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) |
511 | schema = PKCS12_RC2_40_SHA1; | 507 | schema = PKCS12_RC2_40_SHA1; |
512 | else | 508 | else |
513 | schema = PBES2; | 509 | schema = PBES2; |
514 | 510 | ||
515 | if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) | 511 | if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) |
516 | { | 512 | { |
517 | _gnutls_free_datum (&tmp); | 513 | _gnutls_free_datum (&tmp); |
518 | 514 | ||
519 | ret = | 515 | ret = |
520 | _gnutls_x509_export_int (pkey_info, format, | 516 | _gnutls_x509_export_int (pkey_info, format, |
521 | PEM_UNENCRYPTED_PKCS8, | 517 | PEM_UNENCRYPTED_PKCS8, |
522 | output_data, output_data_size); | 518 | output_data, output_data_size); |
523 | 519 | ||
524 | asn1_delete_structure (&pkey_info); | 520 | asn1_delete_structure (&pkey_info); |
525 | } | 521 | } |
526 | else | 522 | else |
527 | { | 523 | { |
528 | asn1_delete_structure (&pkey_info); /* we don't need it */ | 524 | asn1_delete_structure (&pkey_info); /* we don't need it */ |
529 | 525 | ||
530 | ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); | 526 | ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); |
531 | _gnutls_free_datum (&tmp); | 527 | _gnutls_free_datum (&tmp); |
532 | 528 | ||
533 | if (ret < 0) | 529 | if (ret < 0) |
534 | { | 530 | { |
535 | gnutls_assert (); | 531 | gnutls_assert (); |
536 | return ret; | 532 | return ret; |
537 | } | 533 | } |
538 | 534 | ||
539 | ret = | 535 | ret = |
540 | _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8, | 536 | _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8, |
541 | output_data, output_data_size); | 537 | output_data, output_data_size); |
542 | 538 | ||
543 | asn1_delete_structure (&pkcs8_asn); | 539 | asn1_delete_structure (&pkcs8_asn); |
544 | } | 540 | } |
545 | 541 | ||
546 | return ret; | 542 | return ret; |
547 | } | 543 | } |
548 | 544 | ||
549 | /* Read the parameters cipher, IV, salt etc using the given | 545 | /* Read the parameters cipher, IV, salt etc using the given |
550 | * schema ID. | 546 | * schema ID. |
551 | */ | 547 | */ |
552 | static int | 548 | static int |
553 | read_pkcs_schema_params (schema_id schema, const char *password, | 549 | read_pkcs_schema_params (schema_id schema, const char *password, |
554 | const opaque * data, int data_size, | 550 | const opaque * data, int data_size, |
555 | struct pbkdf2_params *kdf_params, | 551 | struct pbkdf2_params *kdf_params, |
556 | struct pbe_enc_params *enc_params) | 552 | struct pbe_enc_params *enc_params) |
557 | { | 553 | { |
558 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; | 554 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; |
559 | int result; | 555 | int result; |
560 | gnutls_datum_t tmp; | 556 | gnutls_datum_t tmp; |
561 | 557 | ||
562 | switch (schema) | 558 | switch (schema) |
563 | { | 559 | { |
564 | 560 | ||
565 | case PBES2: | 561 | case PBES2: |
566 | 562 | ||
567 | /* Now check the key derivation and the encryption | 563 | /* Now check the key derivation and the encryption |
568 | * functions. | 564 | * functions. |
569 | */ | 565 | */ |
570 | if ((result = | 566 | if ((result = |
571 | asn1_create_element (_gnutls_get_pkix (), | 567 | asn1_create_element (_gnutls_get_pkix (), |
572 | "PKIX1.pkcs-5-PBES2-params", | 568 | "PKIX1.pkcs-5-PBES2-params", |
573 | &pbes2_asn)) != ASN1_SUCCESS) | 569 | &pbes2_asn)) != ASN1_SUCCESS) |
574 | { | 570 | { |
575 | gnutls_assert (); | 571 | gnutls_assert (); |
576 | result = _gnutls_asn2err (result); | 572 | result = _gnutls_asn2err (result); |
577 | goto error; | 573 | goto error; |
578 | } | 574 | } |
579 | 575 | ||
580 | /* Decode the parameters. | 576 | /* Decode the parameters. |
581 | */ | 577 | */ |
582 | result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); | 578 | result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); |
583 | if (result != ASN1_SUCCESS) | 579 | if (result != ASN1_SUCCESS) |
584 | { | 580 | { |
585 | gnutls_assert (); | 581 | gnutls_assert (); |
586 | result = _gnutls_asn2err (result); | 582 | result = _gnutls_asn2err (result); |
587 | goto error; | 583 | goto error; |
588 | } | 584 | } |
589 | 585 | ||
590 | tmp.data = (opaque *) data; | 586 | tmp.data = (opaque *) data; |
591 | tmp.size = data_size; | 587 | tmp.size = data_size; |
592 | 588 | ||
593 | result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params); | 589 | result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params); |
594 | if (result < 0) | 590 | if (result < 0) |
595 | { | 591 | { |
596 | gnutls_assert (); | 592 | gnutls_assert (); |
597 | result = _gnutls_asn2err (result); | 593 | result = _gnutls_asn2err (result); |
598 | goto error; | 594 | goto error; |
599 | } | 595 | } |
600 | 596 | ||
601 | result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params); | 597 | result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params); |
602 | if (result < 0) | 598 | if (result < 0) |
603 | { | 599 | { |
604 | gnutls_assert (); | 600 | gnutls_assert (); |
605 | result = _gnutls_asn2err (result); | 601 | result = _gnutls_asn2err (result); |
606 | goto error; | 602 | goto error; |
607 | } | 603 | } |
608 | 604 | ||
609 | asn1_delete_structure (&pbes2_asn); | 605 | asn1_delete_structure (&pbes2_asn); |
610 | return 0; | 606 | return 0; |
611 | break; | 607 | break; |
612 | 608 | ||
613 | case PKCS12_3DES_SHA1: | 609 | case PKCS12_3DES_SHA1: |
614 | case PKCS12_ARCFOUR_SHA1: | 610 | case PKCS12_ARCFOUR_SHA1: |
615 | case PKCS12_RC2_40_SHA1: | 611 | case PKCS12_RC2_40_SHA1: |
616 | 612 | ||
617 | if ((schema) == PKCS12_3DES_SHA1) | 613 | if ((schema) == PKCS12_3DES_SHA1) |
618 | { | 614 | { |
619 | enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; | 615 | enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; |
620 | enc_params->iv_size = 8; | 616 | enc_params->iv_size = 8; |
621 | } | 617 | } |
622 | else if ((schema) == PKCS12_ARCFOUR_SHA1) | 618 | else if ((schema) == PKCS12_ARCFOUR_SHA1) |
623 | { | 619 | { |
624 | enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; | 620 | enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; |
625 | enc_params->iv_size = 0; | 621 | enc_params->iv_size = 0; |
626 | } | 622 | } |
627 | else if ((schema) == PKCS12_RC2_40_SHA1) | 623 | else if ((schema) == PKCS12_RC2_40_SHA1) |
628 | { | 624 | { |
629 | enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; | 625 | enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; |
630 | enc_params->iv_size = 8; | 626 | enc_params->iv_size = 8; |
631 | } | 627 | } |
632 | 628 | ||
633 | if ((result = | 629 | if ((result = |
634 | asn1_create_element (_gnutls_get_pkix (), | 630 | asn1_create_element (_gnutls_get_pkix (), |
635 | "PKIX1.pkcs-12-PbeParams", | 631 | "PKIX1.pkcs-12-PbeParams", |
636 | &pbes2_asn)) != ASN1_SUCCESS) | 632 | &pbes2_asn)) != ASN1_SUCCESS) |
637 | { | 633 | { |
638 | gnutls_assert (); | 634 | gnutls_assert (); |
639 | result = _gnutls_asn2err (result); | 635 | result = _gnutls_asn2err (result); |
640 | goto error; | 636 | goto error; |
641 | } | 637 | } |
642 | 638 | ||
643 | /* Decode the parameters. | 639 | /* Decode the parameters. |
644 | */ | 640 | */ |
645 | result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); | 641 | result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); |
646 | if (result != ASN1_SUCCESS) | 642 | if (result != ASN1_SUCCESS) |
647 | { | 643 | { |
648 | gnutls_assert (); | 644 | gnutls_assert (); |
649 | result = _gnutls_asn2err (result); | 645 | result = _gnutls_asn2err (result); |
650 | goto error; | 646 | goto error; |
651 | } | 647 | } |
652 | 648 | ||
653 | result = read_pkcs12_kdf_params (pbes2_asn, kdf_params); | 649 | result = read_pkcs12_kdf_params (pbes2_asn, kdf_params); |
654 | if (result < 0) | 650 | if (result < 0) |
655 | { | 651 | { |
656 | gnutls_assert (); | 652 | gnutls_assert (); |
657 | goto error; | 653 | goto error; |
658 | } | 654 | } |
659 | 655 | ||
660 | if (enc_params->iv_size) | 656 | if (enc_params->iv_size) |
661 | { | 657 | { |
662 | result = | 658 | result = |
663 | _pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, | 659 | _pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, |
664 | kdf_params->salt_size, | 660 | kdf_params->salt_size, |
665 | kdf_params->iter_count, password, | 661 | kdf_params->iter_count, password, |
666 | enc_params->iv_size, enc_params->iv); | 662 | enc_params->iv_size, enc_params->iv); |
667 | if (result < 0) | 663 | if (result < 0) |
668 | { | 664 | { |
669 | gnutls_assert (); | 665 | gnutls_assert (); |
670 | goto error; | 666 | goto error; |
671 | } | 667 | } |
672 | 668 | ||
673 | } | 669 | } |
674 | 670 | ||
675 | asn1_delete_structure (&pbes2_asn); | 671 | asn1_delete_structure (&pbes2_asn); |
676 | 672 | ||
677 | return 0; | 673 | return 0; |
678 | break; | 674 | break; |
679 | 675 | ||
680 | } /* switch */ | 676 | } /* switch */ |
681 | 677 | ||
682 | return GNUTLS_E_UNKNOWN_CIPHER_TYPE; | 678 | return GNUTLS_E_UNKNOWN_CIPHER_TYPE; |
683 | 679 | ||
684 | error: | 680 | error: |
685 | asn1_delete_structure (&pbes2_asn); | 681 | asn1_delete_structure (&pbes2_asn); |
686 | return result; | 682 | return result; |
687 | } | 683 | } |
688 | 684 | ||
689 | /* Converts a PKCS #8 key to | 685 | /* Converts a PKCS #8 key to |
690 | * an internal structure (gnutls_private_key) | 686 | * an internal structure (gnutls_private_key) |
@@ -692,157 +688,157 @@ read_pkcs_schema_params (schema_id schema, const char *password, | |||
692 | */ | 688 | */ |
693 | static int | 689 | static int |
694 | decode_pkcs8_key (const gnutls_datum_t * raw_key, | 690 | decode_pkcs8_key (const gnutls_datum_t * raw_key, |
695 | const char *password, gnutls_x509_privkey_t pkey) | 691 | const char *password, gnutls_x509_privkey_t pkey) |
696 | { | 692 | { |
697 | int result, len; | 693 | int result, len; |
698 | char enc_oid[64]; | 694 | char enc_oid[64]; |
699 | gnutls_datum_t tmp; | 695 | gnutls_datum_t tmp; |
700 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY; | 696 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY; |
701 | int params_start, params_end, params_len; | 697 | int params_start, params_end, params_len; |
702 | struct pbkdf2_params kdf_params; | 698 | struct pbkdf2_params kdf_params; |
703 | struct pbe_enc_params enc_params; | 699 | struct pbe_enc_params enc_params; |
704 | schema_id schema; | 700 | schema_id schema; |
705 | 701 | ||
706 | if ((result = | 702 | if ((result = |
707 | asn1_create_element (_gnutls_get_pkix (), | 703 | asn1_create_element (_gnutls_get_pkix (), |
708 | "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", | 704 | "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", |
709 | &pkcs8_asn)) != ASN1_SUCCESS) | 705 | &pkcs8_asn)) != ASN1_SUCCESS) |
710 | { | 706 | { |
711 | gnutls_assert (); | 707 | gnutls_assert (); |
712 | result = _gnutls_asn2err (result); | 708 | result = _gnutls_asn2err (result); |
713 | goto error; | 709 | goto error; |
714 | } | 710 | } |
715 | 711 | ||
716 | result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL); | 712 | result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL); |
717 | if (result != ASN1_SUCCESS) | 713 | if (result != ASN1_SUCCESS) |
718 | { | 714 | { |
719 | gnutls_assert (); | 715 | gnutls_assert (); |
720 | result = _gnutls_asn2err (result); | 716 | result = _gnutls_asn2err (result); |
721 | goto error; | 717 | goto error; |
722 | } | 718 | } |
723 | 719 | ||
724 | /* Check the encryption schema OID | 720 | /* Check the encryption schema OID |
725 | */ | 721 | */ |
726 | len = sizeof (enc_oid); | 722 | len = sizeof (enc_oid); |
727 | result = | 723 | result = |
728 | asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm", | 724 | asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm", |
729 | enc_oid, &len); | 725 | enc_oid, &len); |
730 | if (result != ASN1_SUCCESS) | 726 | if (result != ASN1_SUCCESS) |
731 | { | 727 | { |
732 | gnutls_assert (); | 728 | gnutls_assert (); |
733 | goto error; | 729 | goto error; |
734 | } | 730 | } |
735 | 731 | ||
736 | if ((result = check_schema (enc_oid)) < 0) | 732 | if ((result = check_schema (enc_oid)) < 0) |
737 | { | 733 | { |
738 | gnutls_assert (); | 734 | gnutls_assert (); |
739 | goto error; | 735 | goto error; |
740 | } | 736 | } |
741 | 737 | ||
742 | schema = result; | 738 | schema = result; |
743 | 739 | ||
744 | /* Get the DER encoding of the parameters. | 740 | /* Get the DER encoding of the parameters. |
745 | */ | 741 | */ |
746 | result = | 742 | result = |
747 | asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data, | 743 | asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data, |
748 | raw_key->size, | 744 | raw_key->size, |
749 | "encryptionAlgorithm.parameters", | 745 | "encryptionAlgorithm.parameters", |
750 | ¶ms_start, ¶ms_end); | 746 | ¶ms_start, ¶ms_end); |
751 | if (result != ASN1_SUCCESS) | 747 | if (result != ASN1_SUCCESS) |
752 | { | 748 | { |
753 | gnutls_assert (); | 749 | gnutls_assert (); |
754 | result = _gnutls_asn2err (result); | 750 | result = _gnutls_asn2err (result); |
755 | goto error; | 751 | goto error; |
756 | } | 752 | } |
757 | params_len = params_end - params_start + 1; | 753 | params_len = params_end - params_start + 1; |
758 | 754 | ||
759 | result = | 755 | result = |
760 | read_pkcs_schema_params (schema, password, | 756 | read_pkcs_schema_params (schema, password, |
761 | &raw_key->data[params_start], | 757 | &raw_key->data[params_start], |
762 | params_len, &kdf_params, &enc_params); | 758 | params_len, &kdf_params, &enc_params); |
763 | 759 | ||
764 | /* Parameters have been decoded. Now | 760 | /* Parameters have been decoded. Now |
765 | * decrypt the EncryptedData. | 761 | * decrypt the EncryptedData. |
766 | */ | 762 | */ |
767 | result = | 763 | result = |
768 | decrypt_data (schema, pkcs8_asn, "encryptedData", password, | 764 | decrypt_data (schema, pkcs8_asn, "encryptedData", password, |
769 | &kdf_params, &enc_params, &tmp); | 765 | &kdf_params, &enc_params, &tmp); |
770 | if (result < 0) | 766 | if (result < 0) |
771 | { | 767 | { |
772 | gnutls_assert (); | 768 | gnutls_assert (); |
773 | goto error; | 769 | goto error; |
774 | } | 770 | } |
775 | 771 | ||
776 | asn1_delete_structure (&pkcs8_asn); | 772 | asn1_delete_structure (&pkcs8_asn); |
777 | 773 | ||
778 | result = decode_private_key_info (&tmp, pkey); | 774 | result = decode_private_key_info (&tmp, pkey); |
779 | _gnutls_free_datum (&tmp); | 775 | _gnutls_free_datum (&tmp); |
780 | 776 | ||
781 | if (result < 0) | 777 | if (result < 0) |
782 | { | 778 | { |
783 | /* We've gotten this far. In the real world it's almost certain | 779 | /* We've gotten this far. In the real world it's almost certain |
784 | * that we're dealing with a good file, but wrong password. | 780 | * that we're dealing with a good file, but wrong password. |
785 | * Sadly like 90% of random data is somehow valid DER for the | 781 | * Sadly like 90% of random data is somehow valid DER for the |
786 | * a first small number of bytes, so no easy way to guarantee. */ | 782 | * a first small number of bytes, so no easy way to guarantee. */ |
787 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || | 783 | if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || |
788 | result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND || | 784 | result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND || |
789 | result == GNUTLS_E_ASN1_DER_ERROR || | 785 | result == GNUTLS_E_ASN1_DER_ERROR || |
790 | result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || | 786 | result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || |
791 | result == GNUTLS_E_ASN1_GENERIC_ERROR || | 787 | result == GNUTLS_E_ASN1_GENERIC_ERROR || |
792 | result == GNUTLS_E_ASN1_VALUE_NOT_VALID || | 788 | result == GNUTLS_E_ASN1_VALUE_NOT_VALID || |
793 | result == GNUTLS_E_ASN1_TAG_ERROR || | 789 | result == GNUTLS_E_ASN1_TAG_ERROR || |
794 | result == GNUTLS_E_ASN1_TAG_IMPLICIT || | 790 | result == GNUTLS_E_ASN1_TAG_IMPLICIT || |
795 | result == GNUTLS_E_ASN1_TYPE_ANY_ERROR || | 791 | result == GNUTLS_E_ASN1_TYPE_ANY_ERROR || |
796 | result == GNUTLS_E_ASN1_SYNTAX_ERROR || | 792 | result == GNUTLS_E_ASN1_SYNTAX_ERROR || |
797 | result == GNUTLS_E_ASN1_DER_OVERFLOW) | 793 | result == GNUTLS_E_ASN1_DER_OVERFLOW) |
798 | { | 794 | { |
799 | result = GNUTLS_E_DECRYPTION_FAILED; | 795 | result = GNUTLS_E_DECRYPTION_FAILED; |
800 | } | 796 | } |
801 | 797 | ||
802 | gnutls_assert (); | 798 | gnutls_assert (); |
803 | goto error; | 799 | goto error; |
804 | } | 800 | } |
805 | 801 | ||
806 | return 0; | 802 | return 0; |
807 | 803 | ||
808 | error: | 804 | error: |
809 | asn1_delete_structure (&pbes2_asn); | 805 | asn1_delete_structure (&pbes2_asn); |
810 | asn1_delete_structure (&pkcs8_asn); | 806 | asn1_delete_structure (&pkcs8_asn); |
811 | return result; | 807 | return result; |
812 | } | 808 | } |
813 | 809 | ||
814 | /* Decodes an RSA privateKey from a PKCS8 structure. | 810 | /* Decodes an RSA privateKey from a PKCS8 structure. |
815 | */ | 811 | */ |
816 | static int | 812 | static int |
817 | _decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey) | 813 | _decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey) |
818 | { | 814 | { |
819 | int ret; | 815 | int ret; |
820 | gnutls_datum tmp; | 816 | gnutls_datum tmp; |
821 | 817 | ||
822 | ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0); | 818 | ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0); |
823 | if (ret < 0) | 819 | if (ret < 0) |
824 | { | 820 | { |
825 | gnutls_assert (); | 821 | gnutls_assert (); |
826 | goto error; | 822 | goto error; |
827 | } | 823 | } |
828 | 824 | ||
829 | pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey); | 825 | pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey); |
830 | _gnutls_free_datum (&tmp); | 826 | _gnutls_free_datum (&tmp); |
831 | if (pkey->key == NULL) | 827 | if (pkey->key == NULL) |
832 | { | 828 | { |
833 | gnutls_assert (); | 829 | gnutls_assert (); |
834 | goto error; | 830 | goto error; |
835 | } | 831 | } |
836 | 832 | ||
837 | return 0; | 833 | return 0; |
838 | 834 | ||
839 | error: | 835 | error: |
840 | gnutls_x509_privkey_deinit (pkey); | 836 | gnutls_x509_privkey_deinit (pkey); |
841 | return ret; | 837 | return ret; |
842 | } | 838 | } |
843 | 839 | ||
840 | /* TODO rm if unsed - we will probable support only RSA certificates */ | ||
844 | /* Decodes an DSA privateKey and params from a PKCS8 structure. | 841 | /* Decodes an DSA privateKey and params from a PKCS8 structure. |
845 | */ | ||
846 | static int | 842 | static int |
847 | _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey) | 843 | _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey) |
848 | { | 844 | { |
@@ -882,7 +878,7 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey) | |||
882 | goto error; | 878 | goto error; |
883 | } | 879 | } |
884 | 880 | ||
885 | /* the public key can be generated as g^x mod p */ | 881 | the public key can be generated as g^x mod p |
886 | pkey->params[3] = _gnutls_mpi_alloc_like (pkey->params[0]); | 882 | pkey->params[3] = _gnutls_mpi_alloc_like (pkey->params[0]); |
887 | if (pkey->params[3] == NULL) | 883 | if (pkey->params[3] == NULL) |
888 | { | 884 | { |
@@ -911,77 +907,78 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey pkey) | |||
911 | gnutls_x509_privkey_deinit (pkey); | 907 | gnutls_x509_privkey_deinit (pkey); |
912 | return ret; | 908 | return ret; |
913 | } | 909 | } |
910 | */ | ||
914 | 911 | ||
915 | static int | 912 | static int |
916 | decode_private_key_info (const gnutls_datum_t * der, | 913 | decode_private_key_info (const gnutls_datum_t * der, |
917 | gnutls_x509_privkey_t pkey) | 914 | gnutls_x509_privkey_t pkey) |
918 | { | 915 | { |
919 | int result, len; | 916 | int result, len; |
920 | opaque oid[64]; | 917 | opaque oid[64]; |
921 | ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; | 918 | ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; |
922 | 919 | ||
923 | if ((result = | 920 | if ((result = |
924 | asn1_create_element (_gnutls_get_pkix (), | 921 | asn1_create_element (_gnutls_get_pkix (), |
925 | "PKIX1.pkcs-8-PrivateKeyInfo", | 922 | "PKIX1.pkcs-8-PrivateKeyInfo", |
926 | &pkcs8_asn)) != ASN1_SUCCESS) | 923 | &pkcs8_asn)) != ASN1_SUCCESS) |
927 | { | 924 | { |
928 | gnutls_assert (); | 925 | gnutls_assert (); |
929 | result = _gnutls_asn2err (result); | 926 | result = _gnutls_asn2err (result); |
930 | goto error; | 927 | goto error; |
931 | } | 928 | } |
932 | 929 | ||
933 | result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL); | 930 | result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL); |
934 | if (result != ASN1_SUCCESS) | 931 | if (result != ASN1_SUCCESS) |
935 | { | 932 | { |
936 | gnutls_assert (); | 933 | gnutls_assert (); |
937 | result = _gnutls_asn2err (result); | 934 | result = _gnutls_asn2err (result); |
938 | goto error; | 935 | goto error; |
939 | } | 936 | } |
940 | 937 | ||
941 | /* Check the private key algorithm OID | 938 | /* Check the private key algorithm OID |
942 | */ | 939 | */ |
943 | len = sizeof (oid); | 940 | len = sizeof (oid); |
944 | result = | 941 | result = |
945 | asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len); | 942 | asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len); |
946 | if (result != ASN1_SUCCESS) | 943 | if (result != ASN1_SUCCESS) |
947 | { | 944 | { |
948 | gnutls_assert (); | 945 | gnutls_assert (); |
949 | result = _gnutls_asn2err (result); | 946 | result = _gnutls_asn2err (result); |
950 | goto error; | 947 | goto error; |
951 | } | 948 | } |
952 | 949 | ||
953 | /* we only support RSA and DSA private keys. | 950 | /* we only support RSA and DSA private keys. |
954 | */ | 951 | */ |
955 | if (strcmp (oid, PK_PKIX1_RSA_OID) == 0) | 952 | if (strcmp (oid, PK_PKIX1_RSA_OID) == 0) |
956 | pkey->pk_algorithm = GNUTLS_PK_RSA; | 953 | pkey->pk_algorithm = GNUTLS_PK_RSA; |
957 | else | 954 | else |
958 | { | 955 | { |
959 | gnutls_assert (); | 956 | gnutls_assert (); |
960 | _gnutls_x509_log | 957 | _gnutls_x509_log |
961 | ("PKCS #8 private key OID '%s' is unsupported.\n", oid); | 958 | ("PKCS #8 private key OID '%s' is unsupported.\n", oid); |
962 | result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; | 959 | result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; |
963 | goto error; | 960 | goto error; |
964 | } | 961 | } |
965 | 962 | ||
966 | /* Get the DER encoding of the actual private key. | 963 | /* Get the DER encoding of the actual private key. |
967 | */ | 964 | */ |
968 | 965 | ||
969 | if (pkey->pk_algorithm == GNUTLS_PK_RSA) | 966 | if (pkey->pk_algorithm == GNUTLS_PK_RSA) |
970 | result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey); | 967 | result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey); |
971 | if (result < 0) | 968 | if (result < 0) |
972 | { | 969 | { |
973 | gnutls_assert (); | 970 | gnutls_assert (); |
974 | return result; | 971 | return result; |
975 | } | 972 | } |
976 | 973 | ||
977 | result = 0; | 974 | result = 0; |
978 | 975 | ||
979 | error: | 976 | error: |
980 | asn1_delete_structure (&pkcs8_asn); | 977 | asn1_delete_structure (&pkcs8_asn); |
981 | 978 | ||
982 | return result; | 979 | return result; |
983 | 980 | ||
984 | } | 981 | } |
985 | 982 | ||
986 | /** | 983 | /** |
987 | * gnutls_x509_privkey_import_pkcs8 - This function will import a DER or PEM PKCS8 encoded key | 984 | * gnutls_x509_privkey_import_pkcs8 - This function will import a DER or PEM PKCS8 encoded key |
@@ -1008,1212 +1005,1211 @@ decode_private_key_info (const gnutls_datum_t * der, | |||
1008 | **/ | 1005 | **/ |
1009 | int | 1006 | int |
1010 | gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, | 1007 | gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, |
1011 | const gnutls_datum_t * data, | 1008 | const gnutls_datum_t * data, |
1012 | gnutls_x509_crt_fmt_t format, | 1009 | gnutls_x509_crt_fmt_t format, |
1013 | const char *password, unsigned int flags) | 1010 | const char *password, unsigned int flags) |
1014 | { | 1011 | { |
1015 | int result = 0, need_free = 0; | 1012 | int result = 0, need_free = 0; |
1016 | gnutls_datum_t _data; | 1013 | gnutls_datum_t _data; |
1017 | 1014 | ||
1018 | if (key == NULL) | 1015 | if (key == NULL) |
1019 | { | 1016 | { |
1020 | gnutls_assert (); | 1017 | gnutls_assert (); |
1021 | return GNUTLS_E_INVALID_REQUEST; | 1018 | return GNUTLS_E_INVALID_REQUEST; |
1022 | } | 1019 | } |
1023 | 1020 | ||
1024 | _data.data = data->data; | 1021 | _data.data = data->data; |
1025 | _data.size = data->size; | 1022 | _data.size = data->size; |
1026 | 1023 | ||
1027 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; | 1024 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; |
1028 | 1025 | ||
1029 | /* If the Certificate is in PEM format then decode it | 1026 | /* If the Certificate is in PEM format then decode it |
1030 | */ | 1027 | */ |
1031 | if (format == GNUTLS_X509_FMT_PEM) | 1028 | if (format == GNUTLS_X509_FMT_PEM) |
1032 | { | 1029 | { |
1033 | opaque *out; | 1030 | opaque *out; |
1034 | 1031 | ||
1035 | /* Try the first header | 1032 | /* Try the first header |
1036 | */ | 1033 | */ |
1037 | result = | 1034 | result = |
1038 | _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8, | 1035 | _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8, |
1039 | data->data, data->size, &out); | 1036 | data->data, data->size, &out); |
1040 | 1037 | ||
1041 | if (result < 0) | 1038 | if (result < 0) |
1042 | { /* Try the encrypted header | 1039 | { /* Try the encrypted header |
1043 | */ | 1040 | */ |
1044 | result = | 1041 | result = |
1045 | _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out); | 1042 | _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out); |
1046 | 1043 | ||
1047 | if (result <= 0) | 1044 | if (result <= 0) |
1048 | { | 1045 | { |
1049 | if (result == 0) | 1046 | if (result == 0) |
1050 | result = GNUTLS_E_INTERNAL_ERROR; | 1047 | result = GNUTLS_E_INTERNAL_ERROR; |
1051 | gnutls_assert (); | 1048 | gnutls_assert (); |
1052 | return result; | 1049 | return result; |
1053 | } | 1050 | } |
1054 | } | 1051 | } |
1055 | else if (flags == 0) | 1052 | else if (flags == 0) |
1056 | flags |= GNUTLS_PKCS_PLAIN; | 1053 | flags |= GNUTLS_PKCS_PLAIN; |
1057 | 1054 | ||
1058 | _data.data = out; | 1055 | _data.data = out; |
1059 | _data.size = result; | 1056 | _data.size = result; |
1060 | 1057 | ||
1061 | need_free = 1; | 1058 | need_free = 1; |
1062 | } | 1059 | } |
1063 | 1060 | ||
1064 | if (flags & GNUTLS_PKCS_PLAIN) | 1061 | if (flags & GNUTLS_PKCS_PLAIN) |
1065 | { | 1062 | { |
1066 | result = decode_private_key_info (&_data, key); | 1063 | result = decode_private_key_info (&_data, key); |
1067 | } | 1064 | } |
1068 | else | 1065 | else |
1069 | { /* encrypted. */ | 1066 | { /* encrypted. */ |
1070 | result = decode_pkcs8_key (&_data, password, key); | 1067 | result = decode_pkcs8_key (&_data, password, key); |
1071 | } | 1068 | } |
1072 | 1069 | ||
1073 | if (result < 0) | 1070 | if (result < 0) |
1074 | { | 1071 | { |
1075 | gnutls_assert (); | 1072 | gnutls_assert (); |
1076 | goto cleanup; | 1073 | goto cleanup; |
1077 | } | 1074 | } |
1078 | 1075 | ||
1079 | if (need_free) | 1076 | if (need_free) |
1080 | _gnutls_free_datum (&_data); | 1077 | _gnutls_free_datum (&_data); |
1081 | 1078 | ||
1082 | /* The key has now been decoded. | 1079 | /* The key has now been decoded. |
1083 | */ | 1080 | */ |
1084 | 1081 | ||
1085 | return 0; | 1082 | return 0; |
1086 | 1083 | ||
1087 | cleanup: | 1084 | cleanup: |
1088 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; | 1085 | key->pk_algorithm = GNUTLS_PK_UNKNOWN; |
1089 | if (need_free) | 1086 | if (need_free) |
1090 | _gnutls_free_datum (&_data); | 1087 | _gnutls_free_datum (&_data); |
1091 | return result; | 1088 | return result; |
1092 | } | 1089 | } |
1093 | 1090 | ||
1094 | /* Reads the PBKDF2 parameters. | 1091 | /* Reads the PBKDF2 parameters. |
1095 | */ | 1092 | */ |
1096 | static int | 1093 | static int |
1097 | read_pbkdf2_params (ASN1_TYPE pbes2_asn, | 1094 | read_pbkdf2_params (ASN1_TYPE pbes2_asn, |
1098 | const gnutls_datum_t * der, struct pbkdf2_params *params) | 1095 | const gnutls_datum_t * der, struct pbkdf2_params *params) |
1099 | { | 1096 | { |
1100 | int params_start, params_end; | 1097 | int params_start, params_end; |
1101 | int params_len, len, result; | 1098 | int params_len, len, result; |
1102 | ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; | 1099 | ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; |
1103 | char oid[64]; | 1100 | char oid[64]; |
1104 | 1101 | ||
1105 | memset (params, 0, sizeof (params)); | 1102 | memset (params, 0, sizeof (params)); |
1106 | 1103 | ||
1107 | /* Check the key derivation algorithm | 1104 | /* Check the key derivation algorithm |
1108 | */ | 1105 | */ |
1109 | len = sizeof (oid); | 1106 | len = sizeof (oid); |
1110 | result = | 1107 | result = |
1111 | asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len); | 1108 | asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len); |
1112 | if (result != ASN1_SUCCESS) | 1109 | if (result != ASN1_SUCCESS) |
1113 | { | 1110 | { |
1114 | gnutls_assert (); | 1111 | gnutls_assert (); |
1115 | return _gnutls_asn2err (result); | 1112 | return _gnutls_asn2err (result); |
1116 | } | 1113 | } |
1117 | _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid); | 1114 | _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid); |
1118 | 1115 | ||
1119 | if (strcmp (oid, PBKDF2_OID) != 0) | 1116 | if (strcmp (oid, PBKDF2_OID) != 0) |
1120 | { | 1117 | { |
1121 | gnutls_assert (); | 1118 | gnutls_assert (); |
1122 | _gnutls_x509_log | 1119 | _gnutls_x509_log |
1123 | ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); | 1120 | ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); |
1124 | return _gnutls_asn2err (result); | 1121 | return _gnutls_asn2err (result); |
1125 | } | 1122 | } |
1126 | 1123 | ||
1127 | result = | 1124 | result = |
1128 | asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, | 1125 | asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, |
1129 | "keyDerivationFunc.parameters", | 1126 | "keyDerivationFunc.parameters", |
1130 | ¶ms_start, ¶ms_end); | 1127 | ¶ms_start, ¶ms_end); |
1131 | if (result != ASN1_SUCCESS) | 1128 | if (result != ASN1_SUCCESS) |
1132 | { | 1129 | { |
1133 | gnutls_assert (); | 1130 | gnutls_assert (); |
1134 | return _gnutls_asn2err (result); | 1131 | return _gnutls_asn2err (result); |
1135 | } | 1132 | } |
1136 | params_len = params_end - params_start + 1; | 1133 | params_len = params_end - params_start + 1; |
1137 | 1134 | ||
1138 | /* Now check the key derivation and the encryption | 1135 | /* Now check the key derivation and the encryption |
1139 | * functions. | 1136 | * functions. |
1140 | */ | 1137 | */ |
1141 | if ((result = | 1138 | if ((result = |
1142 | asn1_create_element (_gnutls_get_pkix (), | 1139 | asn1_create_element (_gnutls_get_pkix (), |
1143 | "PKIX1.pkcs-5-PBKDF2-params", | 1140 | "PKIX1.pkcs-5-PBKDF2-params", |
1144 | &pbkdf2_asn)) != ASN1_SUCCESS) | 1141 | &pbkdf2_asn)) != ASN1_SUCCESS) |
1145 | { | 1142 | { |
1146 | gnutls_assert (); | 1143 | gnutls_assert (); |
1147 | return _gnutls_asn2err (result); | 1144 | return _gnutls_asn2err (result); |
1148 | } | 1145 | } |
1149 | 1146 | ||
1150 | result = | 1147 | result = |
1151 | asn1_der_decoding (&pbkdf2_asn, &der->data[params_start], | 1148 | asn1_der_decoding (&pbkdf2_asn, &der->data[params_start], |
1152 | params_len, NULL); | 1149 | params_len, NULL); |
1153 | if (result != ASN1_SUCCESS) | 1150 | if (result != ASN1_SUCCESS) |
1154 | { | 1151 | { |
1155 | gnutls_assert (); | 1152 | gnutls_assert (); |
1156 | result = _gnutls_asn2err (result); | 1153 | result = _gnutls_asn2err (result); |
1157 | goto error; | 1154 | goto error; |
1158 | } | 1155 | } |
1159 | 1156 | ||
1160 | /* read the salt */ | 1157 | /* read the salt */ |
1161 | params->salt_size = sizeof (params->salt); | 1158 | params->salt_size = sizeof (params->salt); |
1162 | result = | 1159 | result = |
1163 | asn1_read_value (pbkdf2_asn, "salt.specified", params->salt, | 1160 | asn1_read_value (pbkdf2_asn, "salt.specified", params->salt, |
1164 | ¶ms->salt_size); | 1161 | ¶ms->salt_size); |
1165 | if (result != ASN1_SUCCESS) | 1162 | if (result != ASN1_SUCCESS) |
1166 | { | 1163 | { |
1167 | gnutls_assert (); | 1164 | gnutls_assert (); |
1168 | result = _gnutls_asn2err (result); | 1165 | result = _gnutls_asn2err (result); |
1169 | goto error; | 1166 | goto error; |
1170 | } | 1167 | } |
1171 | _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size); | 1168 | _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size); |
1172 | 1169 | ||
1173 | /* read the iteration count | 1170 | /* read the iteration count |
1174 | */ | 1171 | */ |
1175 | result = | 1172 | result = |
1176 | _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount", | 1173 | _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount", |
1177 | ¶ms->iter_count); | 1174 | ¶ms->iter_count); |
1178 | if (result != ASN1_SUCCESS) | 1175 | if (result != ASN1_SUCCESS) |
1179 | { | 1176 | { |
1180 | gnutls_assert (); | 1177 | gnutls_assert (); |
1181 | goto error; | 1178 | goto error; |
1182 | } | 1179 | } |
1183 | _gnutls_hard_log ("iterationCount: %d\n", params->iter_count); | 1180 | _gnutls_hard_log ("iterationCount: %d\n", params->iter_count); |
1184 | 1181 | ||
1185 | /* read the keylength, if it is set. | 1182 | /* read the keylength, if it is set. |
1186 | */ | 1183 | */ |
1187 | result = | 1184 | result = |
1188 | _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", ¶ms->key_size); | 1185 | _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", ¶ms->key_size); |
1189 | if (result < 0) | 1186 | if (result < 0) |
1190 | { | 1187 | { |
1191 | params->key_size = 0; | 1188 | params->key_size = 0; |
1192 | } | 1189 | } |
1193 | _gnutls_hard_log ("keyLength: %d\n", params->key_size); | 1190 | _gnutls_hard_log ("keyLength: %d\n", params->key_size); |
1194 | 1191 | ||
1195 | /* We don't read the PRF. We only use the default. | 1192 | /* We don't read the PRF. We only use the default. |
1196 | */ | 1193 | */ |
1197 | 1194 | ||
1198 | return 0; | 1195 | return 0; |
1199 | 1196 | ||
1200 | error: | 1197 | error: |
1201 | asn1_delete_structure (&pbkdf2_asn); | 1198 | asn1_delete_structure (&pbkdf2_asn); |
1202 | return result; | 1199 | return result; |
1203 | 1200 | ||
1204 | } | 1201 | } |
1205 | 1202 | ||
1206 | /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA). | 1203 | /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA). |
1207 | */ | 1204 | */ |
1208 | static int | 1205 | static int |
1209 | read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params) | 1206 | read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params) |
1210 | { | 1207 | { |
1211 | int result; | 1208 | int result; |
1212 | 1209 | ||
1213 | memset (params, 0, sizeof (params)); | 1210 | memset (params, 0, sizeof (params)); |
1214 | 1211 | ||
1215 | /* read the salt */ | 1212 | /* read the salt */ |
1216 | params->salt_size = sizeof (params->salt); | 1213 | params->salt_size = sizeof (params->salt); |
1217 | result = | 1214 | result = |
1218 | asn1_read_value (pbes2_asn, "salt", params->salt, ¶ms->salt_size); | 1215 | asn1_read_value (pbes2_asn, "salt", params->salt, ¶ms->salt_size); |
1219 | if (result != ASN1_SUCCESS) | 1216 | if (result != ASN1_SUCCESS) |
1220 | { | 1217 | { |
1221 | gnutls_assert (); | 1218 | gnutls_assert (); |
1222 | result = _gnutls_asn2err (result); | 1219 | result = _gnutls_asn2err (result); |
1223 | goto error; | 1220 | goto error; |
1224 | } | 1221 | } |
1225 | _gnutls_hard_log ("salt.size: %d\n", params->salt_size); | 1222 | _gnutls_hard_log ("salt.size: %d\n", params->salt_size); |
1226 | 1223 | ||
1227 | /* read the iteration count | 1224 | /* read the iteration count |
1228 | */ | 1225 | */ |
1229 | result = | 1226 | result = |
1230 | _gnutls_x509_read_uint (pbes2_asn, "iterations", ¶ms->iter_count); | 1227 | _gnutls_x509_read_uint (pbes2_asn, "iterations", ¶ms->iter_count); |
1231 | if (result != ASN1_SUCCESS) | 1228 | if (result != ASN1_SUCCESS) |
1232 | { | 1229 | { |
1233 | gnutls_assert (); | 1230 | gnutls_assert (); |
1234 | goto error; | 1231 | goto error; |
1235 | } | 1232 | } |
1236 | _gnutls_hard_log ("iterationCount: %d\n", params->iter_count); | 1233 | _gnutls_hard_log ("iterationCount: %d\n", params->iter_count); |
1237 | 1234 | ||
1238 | params->key_size = 0; | 1235 | params->key_size = 0; |
1239 | 1236 | ||
1240 | return 0; | 1237 | return 0; |
1241 | 1238 | ||
1242 | error: | 1239 | error: |
1243 | return result; | 1240 | return result; |
1244 | 1241 | ||
1245 | } | 1242 | } |
1246 | 1243 | ||
1247 | /* Writes the PBE parameters for PKCS-12 schemas. | 1244 | /* Writes the PBE parameters for PKCS-12 schemas. |
1248 | */ | 1245 | */ |
1249 | static int | 1246 | static int |
1250 | write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, | 1247 | write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, |
1251 | const struct pbkdf2_params *kdf_params) | 1248 | const struct pbkdf2_params *kdf_params) |
1252 | { | 1249 | { |
1253 | int result; | 1250 | int result; |
1254 | 1251 | ||
1255 | /* write the salt | 1252 | /* write the salt |
1256 | */ | 1253 | */ |
1257 | result = | 1254 | result = |
1258 | asn1_write_value (pbes2_asn, "salt", | 1255 | asn1_write_value (pbes2_asn, "salt", |
1259 | kdf_params->salt, kdf_params->salt_size); | 1256 | kdf_params->salt, kdf_params->salt_size); |
1260 | if (result != ASN1_SUCCESS) | 1257 | if (result != ASN1_SUCCESS) |
1261 | { | 1258 | { |
1262 | gnutls_assert (); | 1259 | gnutls_assert (); |
1263 | result = _gnutls_asn2err (result); | 1260 | result = _gnutls_asn2err (result); |
1264 | goto error; | 1261 | goto error; |
1265 | } | 1262 | } |
1266 | _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size); | 1263 | _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size); |
1267 | 1264 | ||
1268 | /* write the iteration count | 1265 | /* write the iteration count |
1269 | */ | 1266 | */ |
1270 | result = | 1267 | result = |
1271 | _gnutls_x509_write_uint32 (pbes2_asn, "iterations", | 1268 | _gnutls_x509_write_uint32 (pbes2_asn, "iterations", |
1272 | kdf_params->iter_count); | 1269 | kdf_params->iter_count); |
1273 | if (result < 0) | 1270 | if (result < 0) |
1274 | { | 1271 | { |
1275 | gnutls_assert (); | 1272 | gnutls_assert (); |
1276 | goto error; | 1273 | goto error; |
1277 | } | 1274 | } |
1278 | _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count); | 1275 | _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count); |
1279 | 1276 | ||
1280 | return 0; | 1277 | return 0; |
1281 | 1278 | ||
1282 | error: | 1279 | error: |
1283 | return result; | 1280 | return result; |
1284 | 1281 | ||
1285 | } | 1282 | } |
1286 | 1283 | ||
1287 | /* Converts an OID to a gnutls cipher type. | 1284 | /* Converts an OID to a gnutls cipher type. |
1288 | */ | 1285 | */ |
1289 | inline static int | 1286 | inline static int |
1290 | oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) | 1287 | oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) |
1291 | { | 1288 | { |
1292 | 1289 | ||
1293 | *algo = 0; | 1290 | *algo = 0; |
1294 | 1291 | ||
1295 | if (strcmp (oid, DES_EDE3_CBC_OID) == 0) | 1292 | if (strcmp (oid, DES_EDE3_CBC_OID) == 0) |
1296 | { | 1293 | { |
1297 | *algo = GNUTLS_CIPHER_3DES_CBC; | 1294 | *algo = GNUTLS_CIPHER_3DES_CBC; |
1298 | return 0; | 1295 | return 0; |
1299 | } | 1296 | } |
1300 | 1297 | ||
1301 | if (strcmp (oid, DES_CBC_OID) == 0) | 1298 | if (strcmp (oid, DES_CBC_OID) == 0) |
1302 | { | 1299 | { |
1303 | *algo = GNUTLS_CIPHER_DES_CBC; | 1300 | *algo = GNUTLS_CIPHER_DES_CBC; |
1304 | return 0; | 1301 | return 0; |
1305 | } | 1302 | } |
1306 | 1303 | ||
1307 | _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid); | 1304 | _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid); |
1308 | return GNUTLS_E_UNKNOWN_CIPHER_TYPE; | 1305 | return GNUTLS_E_UNKNOWN_CIPHER_TYPE; |
1309 | } | 1306 | } |
1310 | 1307 | ||
1311 | static int | 1308 | static int |
1312 | read_pbe_enc_params (ASN1_TYPE pbes2_asn, | 1309 | read_pbe_enc_params (ASN1_TYPE pbes2_asn, |
1313 | const gnutls_datum_t * der, | 1310 | const gnutls_datum_t * der, |
1314 | struct pbe_enc_params *params) | 1311 | struct pbe_enc_params *params) |
1315 | { | 1312 | { |
1316 | int params_start, params_end; | 1313 | int params_start, params_end; |
1317 | int params_len, len, result; | 1314 | int params_len, len, result; |
1318 | ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; | 1315 | ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; |
1319 | char oid[64]; | 1316 | char oid[64]; |
1320 | 1317 | ||
1321 | memset (params, 0, sizeof (params)); | 1318 | memset (params, 0, sizeof (params)); |
1322 | 1319 | ||
1323 | /* Check the encryption algorithm | 1320 | /* Check the encryption algorithm |
1324 | */ | 1321 | */ |
1325 | len = sizeof (oid); | 1322 | len = sizeof (oid); |
1326 | result = | 1323 | result = |
1327 | asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len); | 1324 | asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len); |
1328 | if (result != ASN1_SUCCESS) | 1325 | if (result != ASN1_SUCCESS) |
1329 | { | 1326 | { |
1330 | gnutls_assert (); | 1327 | gnutls_assert (); |
1331 | goto error; | 1328 | goto error; |
1332 | } | 1329 | } |
1333 | _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid); | 1330 | _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid); |
1334 | 1331 | ||
1335 | if ((result = oid2cipher (oid, ¶ms->cipher)) < 0) | 1332 | if ((result = oid2cipher (oid, ¶ms->cipher)) < 0) |
1336 | { | 1333 | { |
1337 | gnutls_assert (); | 1334 | gnutls_assert (); |
1338 | goto error; | 1335 | goto error; |
1339 | } | 1336 | } |
1340 | 1337 | ||
1341 | result = | 1338 | result = |
1342 | asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, | 1339 | asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, |
1343 | "encryptionScheme.parameters", | 1340 | "encryptionScheme.parameters", |
1344 | ¶ms_start, ¶ms_end); | 1341 | ¶ms_start, ¶ms_end); |
1345 | if (result != ASN1_SUCCESS) | 1342 | if (result != ASN1_SUCCESS) |
1346 | { | 1343 | { |
1347 | gnutls_assert (); | 1344 | gnutls_assert (); |
1348 | return _gnutls_asn2err (result); | 1345 | return _gnutls_asn2err (result); |
1349 | } | 1346 | } |
1350 | params_len = params_end - params_start + 1; | 1347 | params_len = params_end - params_start + 1; |
1351 | 1348 | ||
1352 | /* Now check the encryption parameters. | 1349 | /* Now check the encryption parameters. |
1353 | */ | 1350 | */ |
1354 | if ((result = | 1351 | if ((result = |
1355 | asn1_create_element (_gnutls_get_pkix (), | 1352 | asn1_create_element (_gnutls_get_pkix (), |
1356 | "PKIX1.pkcs-5-des-EDE3-CBC-params", | 1353 | "PKIX1.pkcs-5-des-EDE3-CBC-params", |
1357 | &pbe_asn)) != ASN1_SUCCESS) | 1354 | &pbe_asn)) != ASN1_SUCCESS) |
1358 | { | 1355 | { |
1359 | gnutls_assert (); | 1356 | gnutls_assert (); |
1360 | return _gnutls_asn2err (result); | 1357 | return _gnutls_asn2err (result); |
1361 | } | 1358 | } |
1362 | 1359 | ||
1363 | result = | 1360 | result = |
1364 | asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL); | 1361 | asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL); |
1365 | if (result != ASN1_SUCCESS) | 1362 | if (result != ASN1_SUCCESS) |
1366 | { | 1363 | { |
1367 | gnutls_assert (); | 1364 | gnutls_assert (); |
1368 | result = _gnutls_asn2err (result); | 1365 | result = _gnutls_asn2err (result); |
1369 | goto error; | 1366 | goto error; |
1370 | } | 1367 | } |
1371 | 1368 | ||
1372 | /* read the IV */ | 1369 | /* read the IV */ |
1373 | params->iv_size = sizeof (params->iv); | 1370 | params->iv_size = sizeof (params->iv); |
1374 | result = asn1_read_value (pbe_asn, "", params->iv, ¶ms->iv_size); | 1371 | result = asn1_read_value (pbe_asn, "", params->iv, ¶ms->iv_size); |
1375 | if (result != ASN1_SUCCESS) | 1372 | if (result != ASN1_SUCCESS) |
1376 | { | 1373 | { |
1377 | gnutls_assert (); | 1374 | gnutls_assert (); |
1378 | result = _gnutls_asn2err (result); | 1375 | result = _gnutls_asn2err (result); |
1379 | goto error; | 1376 | goto error; |
1380 | } | 1377 | } |
1381 | _gnutls_hard_log ("IV.size: %d\n", params->iv_size); | 1378 | _gnutls_hard_log ("IV.size: %d\n", params->iv_size); |
1382 | 1379 | ||
1383 | return 0; | 1380 | return 0; |
1384 | 1381 | ||
1385 | error: | 1382 | error: |
1386 | asn1_delete_structure (&pbe_asn); | 1383 | asn1_delete_structure (&pbe_asn); |
1387 | return result; | 1384 | return result; |
1388 | 1385 | ||
1389 | } | 1386 | } |
1390 | 1387 | ||
1391 | static int | 1388 | static int |
1392 | decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, | 1389 | decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, |
1393 | const char *root, const char *password, | 1390 | const char *root, const char *password, |
1394 | const struct pbkdf2_params *kdf_params, | 1391 | const struct pbkdf2_params *kdf_params, |
1395 | const struct pbe_enc_params *enc_params, | 1392 | const struct pbe_enc_params *enc_params, |
1396 | gnutls_datum_t * decrypted_data) | 1393 | gnutls_datum_t * decrypted_data) |
1397 | { | 1394 | { |
1398 | int result; | 1395 | int result; |
1399 | int data_size; | 1396 | int data_size; |
1400 | opaque *data = NULL, *key = NULL; | 1397 | opaque *data = NULL, *key = NULL; |
1401 | gnutls_datum_t dkey, d_iv; | 1398 | gnutls_datum_t dkey, d_iv; |
1402 | cipher_hd_t ch = NULL; | 1399 | cipher_hd_t ch = NULL; |
1403 | int key_size; | 1400 | int key_size; |
1404 | 1401 | ||
1405 | data_size = 0; | 1402 | data_size = 0; |
1406 | result = asn1_read_value (pkcs8_asn, root, NULL, &data_size); | 1403 | result = asn1_read_value (pkcs8_asn, root, NULL, &data_size); |
1407 | if (result != ASN1_MEM_ERROR) | 1404 | if (result != ASN1_MEM_ERROR) |
1408 | { | 1405 | { |
1409 | gnutls_assert (); | 1406 | gnutls_assert (); |
1410 | return _gnutls_asn2err (result); | 1407 | return _gnutls_asn2err (result); |
1411 | } | 1408 | } |
1412 | 1409 | ||
1413 | data = gnutls_malloc (data_size); | 1410 | data = gnutls_malloc (data_size); |
1414 | if (data == NULL) | 1411 | if (data == NULL) |
1415 | { | 1412 | { |
1416 | gnutls_assert (); | 1413 | gnutls_assert (); |
1417 | return GNUTLS_E_MEMORY_ERROR; | 1414 | return GNUTLS_E_MEMORY_ERROR; |
1418 | } | 1415 | } |
1419 | 1416 | ||
1420 | result = asn1_read_value (pkcs8_asn, root, data, &data_size); | 1417 | result = asn1_read_value (pkcs8_asn, root, data, &data_size); |
1421 | if (result != ASN1_SUCCESS) | 1418 | if (result != ASN1_SUCCESS) |
1422 | { | 1419 | { |
1423 | gnutls_assert (); | 1420 | gnutls_assert (); |
1424 | result = _gnutls_asn2err (result); | 1421 | result = _gnutls_asn2err (result); |
1425 | goto error; | 1422 | goto error; |
1426 | } | 1423 | } |
1427 | 1424 | ||
1428 | if (kdf_params->key_size == 0) | 1425 | if (kdf_params->key_size == 0) |
1429 | { | 1426 | { |
1430 | key_size = gnutls_cipher_get_key_size (enc_params->cipher); | 1427 | key_size = gnutls_cipher_get_key_size (enc_params->cipher); |
1431 | } | 1428 | } |
1432 | else | 1429 | else |
1433 | key_size = kdf_params->key_size; | 1430 | key_size = kdf_params->key_size; |
1434 | 1431 | ||
1435 | key = gnutls_alloca (key_size); | 1432 | key = gnutls_alloca (key_size); |
1436 | if (key == NULL) | 1433 | if (key == NULL) |
1437 | { | 1434 | { |
1438 | gnutls_assert (); | 1435 | gnutls_assert (); |
1439 | result = GNUTLS_E_MEMORY_ERROR; | 1436 | result = GNUTLS_E_MEMORY_ERROR; |
1440 | goto error; | 1437 | goto error; |
1441 | } | 1438 | } |
1442 | 1439 | ||
1443 | /* generate the key | 1440 | /* generate the key |
1444 | */ | 1441 | */ |
1445 | if (schema == PBES2) | 1442 | if (schema == PBES2) |
1446 | { | 1443 | { |
1447 | result = gc_pbkdf2_sha1 (password, strlen (password), | 1444 | result = gc_pbkdf2_sha1 (password, strlen (password), |
1448 | kdf_params->salt, kdf_params->salt_size, | 1445 | kdf_params->salt, kdf_params->salt_size, |
1449 | kdf_params->iter_count, key, key_size); | 1446 | kdf_params->iter_count, key, key_size); |
1450 | 1447 | ||
1451 | if (result != GC_OK) | 1448 | if (result != GC_OK) |
1452 | { | 1449 | { |
1453 | gnutls_assert (); | 1450 | gnutls_assert (); |
1454 | result = GNUTLS_E_DECRYPTION_FAILED; | 1451 | result = GNUTLS_E_DECRYPTION_FAILED; |
1455 | goto error; | 1452 | goto error; |
1456 | } | 1453 | } |
1457 | } | 1454 | } |
1458 | else | 1455 | else |
1459 | { | 1456 | { |
1460 | result = | 1457 | result = |
1461 | _pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, | 1458 | _pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, |
1462 | kdf_params->salt_size, | 1459 | kdf_params->salt_size, |
1463 | kdf_params->iter_count, password, | 1460 | kdf_params->iter_count, password, |
1464 | key_size, key); | 1461 | key_size, key); |
1465 | 1462 | ||
1466 | if (result < 0) | 1463 | if (result < 0) |
1467 | { | 1464 | { |
1468 | gnutls_assert (); | 1465 | gnutls_assert (); |
1469 | goto error; | 1466 | goto error; |
1470 | } | 1467 | } |
1471 | } | 1468 | } |
1472 | 1469 | ||
1473 | /* do the decryption. | 1470 | /* do the decryption. |
1474 | */ | 1471 | */ |
1475 | dkey.data = key; | 1472 | dkey.data = key; |
1476 | dkey.size = key_size; | 1473 | dkey.size = key_size; |
1477 | 1474 | ||
1478 | d_iv.data = (opaque *) enc_params->iv; | 1475 | d_iv.data = (opaque *) enc_params->iv; |
1479 | d_iv.size = enc_params->iv_size; | 1476 | d_iv.size = enc_params->iv_size; |
1480 | ch = _gnutls_cipher_init (enc_params->cipher, &dkey, &d_iv); | 1477 | ch = _gnutls_cipher_init (enc_params->cipher, &dkey, &d_iv); |
1481 | 1478 | ||
1482 | gnutls_afree (key); | 1479 | gnutls_afree (key); |
1483 | key = NULL; | 1480 | key = NULL; |
1484 | 1481 | ||
1485 | if (ch == NULL) | 1482 | if (ch == NULL) |
1486 | { | 1483 | { |
1487 | gnutls_assert (); | 1484 | gnutls_assert (); |
1488 | result = GNUTLS_E_DECRYPTION_FAILED; | 1485 | result = GNUTLS_E_DECRYPTION_FAILED; |
1489 | goto error; | 1486 | goto error; |
1490 | } | 1487 | } |
1491 | 1488 | ||
1492 | result = _gnutls_cipher_decrypt (ch, data, data_size); | 1489 | result = _gnutls_cipher_decrypt (ch, data, data_size); |
1493 | if (result < 0) | 1490 | if (result < 0) |
1494 | { | 1491 | { |
1495 | gnutls_assert (); | 1492 | gnutls_assert (); |
1496 | goto error; | 1493 | goto error; |
1497 | } | 1494 | } |
1498 | 1495 | ||
1499 | decrypted_data->data = data; | 1496 | decrypted_data->data = data; |
1500 | 1497 | ||
1501 | if (_gnutls_cipher_get_block_size (enc_params->cipher) != 1) | 1498 | if (_gnutls_cipher_get_block_size (enc_params->cipher) != 1) |
1502 | decrypted_data->size = data_size - data[data_size - 1]; | 1499 | decrypted_data->size = data_size - data[data_size - 1]; |
1503 | else | 1500 | else |
1504 | decrypted_data->size = data_size; | 1501 | decrypted_data->size = data_size; |
1505 | 1502 | ||
1506 | _gnutls_cipher_deinit (ch); | 1503 | _gnutls_cipher_deinit (ch); |
1507 | 1504 | ||
1508 | return 0; | 1505 | return 0; |
1509 | 1506 | ||
1510 | error: | 1507 | error: |
1511 | gnutls_free (data); | 1508 | gnutls_free (data); |
1512 | gnutls_afree (key); | 1509 | gnutls_afree (key); |
1513 | if (ch != NULL) | 1510 | if (ch != NULL) |
1514 | _gnutls_cipher_deinit (ch); | 1511 | _gnutls_cipher_deinit (ch); |
1515 | return result; | 1512 | return result; |
1516 | } | 1513 | } |
1517 | 1514 | ||
1518 | /* Writes the PBKDF2 parameters. | 1515 | /* Writes the PBKDF2 parameters. |
1519 | */ | 1516 | */ |
1520 | static int | 1517 | static int |
1521 | write_pbkdf2_params (ASN1_TYPE pbes2_asn, | 1518 | write_pbkdf2_params (ASN1_TYPE pbes2_asn, |
1522 | const struct pbkdf2_params *kdf_params) | 1519 | const struct pbkdf2_params *kdf_params) |
1523 | { | 1520 | { |
1524 | int result; | 1521 | int result; |
1525 | ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; | 1522 | ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; |
1526 | opaque tmp[64]; | 1523 | opaque tmp[64]; |
1527 | 1524 | ||
1528 | /* Write the key derivation algorithm | 1525 | /* Write the key derivation algorithm |
1529 | */ | 1526 | */ |
1530 | result = | 1527 | result = |
1531 | asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm", | 1528 | asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm", |
1532 | PBKDF2_OID, 1); | 1529 | PBKDF2_OID, 1); |
1533 | if (result != ASN1_SUCCESS) | 1530 | if (result != ASN1_SUCCESS) |
1534 | { | 1531 | { |
1535 | gnutls_assert (); | 1532 | gnutls_assert (); |
1536 | return _gnutls_asn2err (result); | 1533 | return _gnutls_asn2err (result); |
1537 | } | 1534 | } |
1538 | 1535 | ||
1539 | /* Now write the key derivation and the encryption | 1536 | /* Now write the key derivation and the encryption |
1540 | * functions. | 1537 | * functions. |
1541 | */ | 1538 | */ |
1542 | if ((result = | 1539 | if ((result = |
1543 | asn1_create_element (_gnutls_get_pkix (), | 1540 | asn1_create_element (_gnutls_get_pkix (), |
1544 | "PKIX1.pkcs-5-PBKDF2-params", | 1541 | "PKIX1.pkcs-5-PBKDF2-params", |
1545 | &pbkdf2_asn)) != ASN1_SUCCESS) | 1542 | &pbkdf2_asn)) != ASN1_SUCCESS) |
1546 | { | 1543 | { |
1547 | gnutls_assert (); | 1544 | gnutls_assert (); |
1548 | return _gnutls_asn2err (result); | 1545 | return _gnutls_asn2err (result); |
1549 | } | 1546 | } |
1550 | 1547 | ||
1551 | result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1); | 1548 | result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1); |
1552 | if (result != ASN1_SUCCESS) | 1549 | if (result != ASN1_SUCCESS) |
1553 | { | 1550 | { |
1554 | gnutls_assert (); | 1551 | gnutls_assert (); |
1555 | result = _gnutls_asn2err (result); | 1552 | result = _gnutls_asn2err (result); |
1556 | goto error; | 1553 | goto error; |
1557 | } | 1554 | } |
1558 | 1555 | ||
1559 | /* write the salt | 1556 | /* write the salt |
1560 | */ | 1557 | */ |
1561 | result = | 1558 | result = |
1562 | asn1_write_value (pbkdf2_asn, "salt.specified", | 1559 | asn1_write_value (pbkdf2_asn, "salt.specified", |
1563 | kdf_params->salt, kdf_params->salt_size); | 1560 | kdf_params->salt, kdf_params->salt_size); |
1564 | if (result != ASN1_SUCCESS) | 1561 | if (result != ASN1_SUCCESS) |
1565 | { | 1562 | { |
1566 | gnutls_assert (); | 1563 | gnutls_assert (); |
1567 | result = _gnutls_asn2err (result); | 1564 | result = _gnutls_asn2err (result); |
1568 | goto error; | 1565 | goto error; |
1569 | } | 1566 | } |
1570 | _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size); | 1567 | _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size); |
1571 | 1568 | ||
1572 | /* write the iteration count | 1569 | /* write the iteration count |
1573 | */ | 1570 | */ |
1574 | _gnutls_write_uint32 (kdf_params->iter_count, tmp); | 1571 | _gnutls_write_uint32 (kdf_params->iter_count, tmp); |
1575 | 1572 | ||
1576 | result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4); | 1573 | result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4); |
1577 | if (result != ASN1_SUCCESS) | 1574 | if (result != ASN1_SUCCESS) |
1578 | { | 1575 | { |
1579 | gnutls_assert (); | 1576 | gnutls_assert (); |
1580 | result = _gnutls_asn2err (result); | 1577 | result = _gnutls_asn2err (result); |
1581 | goto error; | 1578 | goto error; |
1582 | } | 1579 | } |
1583 | _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count); | 1580 | _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count); |
1584 | 1581 | ||
1585 | /* write the keylength, if it is set. | 1582 | /* write the keylength, if it is set. |
1586 | */ | 1583 | */ |
1587 | result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0); | 1584 | result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0); |
1588 | if (result != ASN1_SUCCESS) | 1585 | if (result != ASN1_SUCCESS) |
1589 | { | 1586 | { |
1590 | gnutls_assert (); | 1587 | gnutls_assert (); |
1591 | result = _gnutls_asn2err (result); | 1588 | result = _gnutls_asn2err (result); |
1592 | goto error; | 1589 | goto error; |
1593 | } | 1590 | } |
1594 | 1591 | ||
1595 | /* We write an emptry prf. | 1592 | /* We write an emptry prf. |
1596 | */ | 1593 | */ |
1597 | result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0); | 1594 | result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0); |
1598 | if (result != ASN1_SUCCESS) | 1595 | if (result != ASN1_SUCCESS) |
1599 | { | 1596 | { |
1600 | gnutls_assert (); | 1597 | gnutls_assert (); |
1601 | result = _gnutls_asn2err (result); | 1598 | result = _gnutls_asn2err (result); |
1602 | goto error; | 1599 | goto error; |
1603 | } | 1600 | } |
1604 | 1601 | ||
1605 | /* now encode them an put the DER output | 1602 | /* now encode them an put the DER output |
1606 | * in the keyDerivationFunc.parameters | 1603 | * in the keyDerivationFunc.parameters |
1607 | */ | 1604 | */ |
1608 | result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "", | 1605 | result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "", |
1609 | pbes2_asn, | 1606 | pbes2_asn, |
1610 | "keyDerivationFunc.parameters", | 1607 | "keyDerivationFunc.parameters", |
1611 | 0); | 1608 | 0); |
1612 | if (result < 0) | 1609 | if (result < 0) |
1613 | { | 1610 | { |
1614 | gnutls_assert (); | 1611 | gnutls_assert (); |
1615 | goto error; | 1612 | goto error; |
1616 | } | 1613 | } |
1617 | 1614 | ||
1618 | return 0; | 1615 | return 0; |
1619 | 1616 | ||
1620 | error: | 1617 | error: |
1621 | asn1_delete_structure (&pbkdf2_asn); | 1618 | asn1_delete_structure (&pbkdf2_asn); |
1622 | return result; | 1619 | return result; |
1623 | 1620 | ||
1624 | } | 1621 | } |
1625 | 1622 | ||
1626 | static int | 1623 | static int |
1627 | write_pbe_enc_params (ASN1_TYPE pbes2_asn, | 1624 | write_pbe_enc_params (ASN1_TYPE pbes2_asn, |
1628 | const struct pbe_enc_params *params) | 1625 | const struct pbe_enc_params *params) |
1629 | { | 1626 | { |
1630 | int result; | 1627 | int result; |
1631 | ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; | 1628 | ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; |
1632 | 1629 | ||
1633 | /* Write the encryption algorithm | 1630 | /* Write the encryption algorithm |
1634 | */ | 1631 | */ |
1635 | result = | 1632 | result = |
1636 | asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", | 1633 | asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", |
1637 | DES_EDE3_CBC_OID, 1); | 1634 | DES_EDE3_CBC_OID, 1); |
1638 | if (result != ASN1_SUCCESS) | 1635 | if (result != ASN1_SUCCESS) |
1639 | { | 1636 | { |
1640 | gnutls_assert (); | 1637 | gnutls_assert (); |
1641 | goto error; | 1638 | goto error; |
1642 | } | 1639 | } |
1643 | _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", DES_EDE3_CBC_OID); | 1640 | _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", DES_EDE3_CBC_OID); |
1644 | 1641 | ||
1645 | /* Now check the encryption parameters. | 1642 | /* Now check the encryption parameters. |
1646 | */ | 1643 | */ |
1647 | if ((result = | 1644 | if ((result = |
1648 | asn1_create_element (_gnutls_get_pkix (), | 1645 | asn1_create_element (_gnutls_get_pkix (), |
1649 | "PKIX1.pkcs-5-des-EDE3-CBC-params", | 1646 | "PKIX1.pkcs-5-des-EDE3-CBC-params", |
1650 | &pbe_asn)) != ASN1_SUCCESS) | 1647 | &pbe_asn)) != ASN1_SUCCESS) |
1651 | { | 1648 | { |
1652 | gnutls_assert (); | 1649 | gnutls_assert (); |
1653 | return _gnutls_asn2err (result); | 1650 | return _gnutls_asn2err (result); |
1654 | } | 1651 | } |
1655 | 1652 | ||
1656 | /* read the salt */ | 1653 | /* read the salt */ |
1657 | result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size); | 1654 | result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size); |
1658 | if (result != ASN1_SUCCESS) | 1655 | if (result != ASN1_SUCCESS) |
1659 | { | 1656 | { |
1660 | gnutls_assert (); | 1657 | gnutls_assert (); |
1661 | result = _gnutls_asn2err (result); | 1658 | result = _gnutls_asn2err (result); |
1662 | goto error; | 1659 | goto error; |
1663 | } | 1660 | } |
1664 | _gnutls_hard_log ("IV.size: %d\n", params->iv_size); | 1661 | _gnutls_hard_log ("IV.size: %d\n", params->iv_size); |
1665 | 1662 | ||
1666 | /* now encode them an put the DER output | 1663 | /* now encode them an put the DER output |
1667 | * in the encryptionScheme.parameters | 1664 | * in the encryptionScheme.parameters |
1668 | */ | 1665 | */ |
1669 | result = _gnutls_x509_der_encode_and_copy (pbe_asn, "", | 1666 | result = _gnutls_x509_der_encode_and_copy (pbe_asn, "", |
1670 | pbes2_asn, | 1667 | pbes2_asn, |
1671 | "encryptionScheme.parameters", | 1668 | "encryptionScheme.parameters", |
1672 | 0); | 1669 | 0); |
1673 | if (result < 0) | 1670 | if (result < 0) |
1674 | { | 1671 | { |
1675 | gnutls_assert (); | 1672 | gnutls_assert (); |
1676 | goto error; | 1673 | goto error; |
1677 | } | 1674 | } |
1678 | 1675 | ||
1679 | return 0; | 1676 | return 0; |
1680 | 1677 | ||
1681 | error: | 1678 | error: |
1682 | asn1_delete_structure (&pbe_asn); | 1679 | asn1_delete_structure (&pbe_asn); |
1683 | return result; | 1680 | return result; |
1684 | 1681 | ||
1685 | } | 1682 | } |
1686 | 1683 | ||
1687 | /* Generates a key and also stores the key parameters. | 1684 | /* Generates a key and also stores the key parameters. |
1688 | */ | 1685 | */ |
1689 | static int | 1686 | static int |
1690 | generate_key (schema_id schema, | 1687 | generate_key (schema_id schema, |
1691 | const char *password, | 1688 | const char *password, |
1692 | struct pbkdf2_params *kdf_params, | 1689 | struct pbkdf2_params *kdf_params, |
1693 | struct pbe_enc_params *enc_params, gnutls_datum_t * key) | 1690 | struct pbe_enc_params *enc_params, gnutls_datum_t * key) |
1694 | { | 1691 | { |
1695 | opaque rnd[2]; | 1692 | opaque rnd[2]; |
1696 | int ret; | 1693 | int ret; |
1697 | 1694 | ||
1698 | /* We should use the flags here to use different | 1695 | /* We should use the flags here to use different |
1699 | * encryption algorithms etc. | 1696 | * encryption algorithms etc. |
1700 | */ | 1697 | */ |
1701 | 1698 | ||
1702 | if (schema == PKCS12_ARCFOUR_SHA1) | 1699 | if (schema == PKCS12_ARCFOUR_SHA1) |
1703 | enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; | 1700 | enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; |
1704 | else if (schema == PKCS12_3DES_SHA1) | 1701 | else if (schema == PKCS12_3DES_SHA1) |
1705 | enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; | 1702 | enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; |
1706 | else if (schema == PKCS12_RC2_40_SHA1) | 1703 | else if (schema == PKCS12_RC2_40_SHA1) |
1707 | enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; | 1704 | enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; |
1708 | 1705 | ||
1709 | if (gc_pseudo_random (rnd, 2) != GC_OK) | 1706 | if (gc_pseudo_random (rnd, 2) != GC_OK) |
1710 | { | 1707 | { |
1711 | gnutls_assert (); | 1708 | gnutls_assert (); |
1712 | return GNUTLS_E_RANDOM_FAILED; | 1709 | return GNUTLS_E_RANDOM_FAILED; |
1713 | } | 1710 | } |
1714 | 1711 | ||
1715 | /* generate salt */ | 1712 | /* generate salt */ |
1716 | 1713 | ||
1717 | if (schema == PBES2) | 1714 | if (schema == PBES2) |
1718 | { | 1715 | { |
1719 | kdf_params->salt_size = MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10))); | 1716 | kdf_params->salt_size = |
1720 | } | 1717 | MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10))); |
1721 | else | 1718 | } |
1719 | else | ||
1722 | kdf_params->salt_size = 8; | 1720 | kdf_params->salt_size = 8; |
1723 | 1721 | ||
1724 | if (gc_pseudo_random (kdf_params->salt, kdf_params->salt_size) != GC_OK) | 1722 | if (gc_pseudo_random (kdf_params->salt, kdf_params->salt_size) != GC_OK) |
1725 | { | 1723 | { |
1726 | gnutls_assert (); | 1724 | gnutls_assert (); |
1727 | return GNUTLS_E_RANDOM_FAILED; | 1725 | return GNUTLS_E_RANDOM_FAILED; |
1728 | } | 1726 | } |
1729 | 1727 | ||
1730 | kdf_params->iter_count = 256 + rnd[0]; | 1728 | kdf_params->iter_count = 256 + rnd[0]; |
1731 | key->size = kdf_params->key_size = | 1729 | key->size = kdf_params->key_size = |
1732 | gnutls_cipher_get_key_size (enc_params->cipher); | 1730 | gnutls_cipher_get_key_size (enc_params->cipher); |
1733 | 1731 | ||
1734 | enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher); | 1732 | enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher); |
1735 | 1733 | ||
1736 | key->data = gnutls_secure_malloc (key->size); | 1734 | key->data = gnutls_secure_malloc (key->size); |
1737 | if (key->data == NULL) | 1735 | if (key->data == NULL) |
1738 | { | 1736 | { |
1739 | gnutls_assert (); | 1737 | gnutls_assert (); |
1740 | return GNUTLS_E_MEMORY_ERROR; | 1738 | return GNUTLS_E_MEMORY_ERROR; |
1741 | } | 1739 | } |
1742 | 1740 | ||
1743 | /* now generate the key. | 1741 | /* now generate the key. |
1744 | */ | 1742 | */ |
1745 | 1743 | ||
1746 | if (schema == PBES2) | 1744 | if (schema == PBES2) |
1747 | { | 1745 | { |
1748 | 1746 | ||
1749 | ret = gc_pbkdf2_sha1 (password, strlen (password), | 1747 | ret = gc_pbkdf2_sha1 (password, strlen (password), |
1750 | kdf_params->salt, kdf_params->salt_size, | 1748 | kdf_params->salt, kdf_params->salt_size, |
1751 | kdf_params->iter_count, | 1749 | kdf_params->iter_count, |
1752 | key->data, kdf_params->key_size); | 1750 | key->data, kdf_params->key_size); |
1753 | if (ret != GC_OK) | 1751 | if (ret != GC_OK) |
1754 | { | 1752 | { |
1755 | gnutls_assert (); | 1753 | gnutls_assert (); |
1756 | return GNUTLS_E_ENCRYPTION_FAILED; | 1754 | return GNUTLS_E_ENCRYPTION_FAILED; |
1757 | } | 1755 | } |
1758 | 1756 | ||
1759 | if (enc_params->iv_size && | 1757 | if (enc_params->iv_size && |
1760 | gc_nonce (enc_params->iv, enc_params->iv_size) != GC_OK) | 1758 | gc_nonce (enc_params->iv, enc_params->iv_size) != GC_OK) |
1761 | { | 1759 | { |
1762 | gnutls_assert (); | 1760 | gnutls_assert (); |
1763 | return GNUTLS_E_RANDOM_FAILED; | 1761 | return GNUTLS_E_RANDOM_FAILED; |
1764 | } | 1762 | } |
1765 | } | 1763 | } |
1766 | else | 1764 | else |
1767 | { /* PKCS12 schemas */ | 1765 | { /* PKCS12 schemas */ |
1768 | ret = | 1766 | ret = |
1769 | _pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, | 1767 | _pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, |
1770 | kdf_params->salt_size, | 1768 | kdf_params->salt_size, |
1771 | kdf_params->iter_count, password, | 1769 | kdf_params->iter_count, password, |
1772 | kdf_params->key_size, key->data); | 1770 | kdf_params->key_size, key->data); |
1773 | if (ret < 0) | 1771 | if (ret < 0) |
1774 | { | 1772 | { |
1775 | gnutls_assert (); | 1773 | gnutls_assert (); |
1776 | return ret; | 1774 | return ret; |
1777 | } | 1775 | } |
1778 | 1776 | ||
1779 | /* Now generate the IV | 1777 | /* Now generate the IV |
1780 | */ | 1778 | */ |
1781 | if (enc_params->iv_size) | 1779 | if (enc_params->iv_size) |
1782 | { | 1780 | { |
1783 | ret = | 1781 | ret = |
1784 | _pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, | 1782 | _pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, |
1785 | kdf_params->salt_size, | 1783 | kdf_params->salt_size, |
1786 | kdf_params->iter_count, password, | 1784 | kdf_params->iter_count, password, |
1787 | enc_params->iv_size, enc_params->iv); | 1785 | enc_params->iv_size, enc_params->iv); |
1788 | if (ret < 0) | 1786 | if (ret < 0) |
1789 | { | 1787 | { |
1790 | gnutls_assert (); | 1788 | gnutls_assert (); |
1791 | return ret; | 1789 | return ret; |
1792 | } | 1790 | } |
1793 | } | 1791 | } |
1794 | } | 1792 | } |
1795 | 1793 | ||
1796 | return 0; | 1794 | return 0; |
1797 | } | 1795 | } |
1798 | 1796 | ||
1799 | /* Encodes the parameters to be written in the encryptionAlgorithm.parameters | 1797 | /* Encodes the parameters to be written in the encryptionAlgorithm.parameters |
1800 | * part. | 1798 | * part. |
1801 | */ | 1799 | */ |
1802 | static int | 1800 | static int |
1803 | write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, | 1801 | write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, |
1804 | const char *where, | 1802 | const char *where, |
1805 | const struct pbkdf2_params *kdf_params, | 1803 | const struct pbkdf2_params *kdf_params, |
1806 | const struct pbe_enc_params *enc_params) | 1804 | const struct pbe_enc_params *enc_params) |
1807 | { | 1805 | { |
1808 | int result; | 1806 | int result; |
1809 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; | 1807 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; |
1810 | 1808 | ||
1811 | if (schema == PBES2) | 1809 | if (schema == PBES2) |
1812 | { | 1810 | { |
1813 | if ((result = | 1811 | if ((result = |
1814 | asn1_create_element (_gnutls_get_pkix (), | 1812 | asn1_create_element (_gnutls_get_pkix (), |
1815 | "PKIX1.pkcs-5-PBES2-params", | 1813 | "PKIX1.pkcs-5-PBES2-params", |
1816 | &pbes2_asn)) != ASN1_SUCCESS) | 1814 | &pbes2_asn)) != ASN1_SUCCESS) |
1817 | { | 1815 | { |
1818 | gnutls_assert (); | 1816 | gnutls_assert (); |
1819 | return _gnutls_asn2err (result); | 1817 | return _gnutls_asn2err (result); |
1820 | } | 1818 | } |
1821 | 1819 | ||
1822 | result = write_pbkdf2_params (pbes2_asn, kdf_params); | 1820 | result = write_pbkdf2_params (pbes2_asn, kdf_params); |
1823 | if (result < 0) | 1821 | if (result < 0) |
1824 | { | 1822 | { |
1825 | gnutls_assert (); | 1823 | gnutls_assert (); |
1826 | goto error; | 1824 | goto error; |
1827 | } | 1825 | } |
1828 | 1826 | ||
1829 | result = write_pbe_enc_params (pbes2_asn, enc_params); | 1827 | result = write_pbe_enc_params (pbes2_asn, enc_params); |
1830 | if (result < 0) | 1828 | if (result < 0) |
1831 | { | 1829 | { |
1832 | gnutls_assert (); | 1830 | gnutls_assert (); |
1833 | goto error; | 1831 | goto error; |
1834 | } | 1832 | } |
1835 | 1833 | ||
1836 | result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", | 1834 | result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", |
1837 | pkcs8_asn, where, 0); | 1835 | pkcs8_asn, where, 0); |
1838 | if (result < 0) | 1836 | if (result < 0) |
1839 | { | 1837 | { |
1840 | gnutls_assert (); | 1838 | gnutls_assert (); |
1841 | goto error; | 1839 | goto error; |
1842 | } | 1840 | } |
1843 | 1841 | ||
1844 | asn1_delete_structure (&pbes2_asn); | 1842 | asn1_delete_structure (&pbes2_asn); |
1845 | } | 1843 | } |
1846 | else | 1844 | else |
1847 | { /* PKCS12 schemas */ | 1845 | { /* PKCS12 schemas */ |
1848 | 1846 | ||
1849 | if ((result = | 1847 | if ((result = |
1850 | asn1_create_element (_gnutls_get_pkix (), | 1848 | asn1_create_element (_gnutls_get_pkix (), |
1851 | "PKIX1.pkcs-12-PbeParams", | 1849 | "PKIX1.pkcs-12-PbeParams", |
1852 | &pbes2_asn)) != ASN1_SUCCESS) | 1850 | &pbes2_asn)) != ASN1_SUCCESS) |
1853 | { | 1851 | { |
1854 | gnutls_assert (); | 1852 | gnutls_assert (); |
1855 | result = _gnutls_asn2err (result); | 1853 | result = _gnutls_asn2err (result); |
1856 | goto error; | 1854 | goto error; |
1857 | } | 1855 | } |
1858 | 1856 | ||
1859 | result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); | 1857 | result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); |
1860 | if (result < 0) | 1858 | if (result < 0) |
1861 | { | 1859 | { |
1862 | gnutls_assert (); | 1860 | gnutls_assert (); |
1863 | goto error; | 1861 | goto error; |
1864 | } | 1862 | } |
1865 | 1863 | ||
1866 | result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", | 1864 | result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", |
1867 | pkcs8_asn, where, 0); | 1865 | pkcs8_asn, where, 0); |
1868 | if (result < 0) | 1866 | if (result < 0) |
1869 | { | 1867 | { |
1870 | gnutls_assert (); | 1868 | gnutls_assert (); |
1871 | goto error; | 1869 | goto error; |
1872 | } | 1870 | } |
1873 | 1871 | ||
1874 | asn1_delete_structure (&pbes2_asn); | 1872 | asn1_delete_structure (&pbes2_asn); |
1875 | 1873 | ||
1876 | } | 1874 | } |
1877 | 1875 | ||
1878 | return 0; | 1876 | return 0; |
1879 | 1877 | ||
1880 | error: | 1878 | error: |
1881 | asn1_delete_structure (&pbes2_asn); | 1879 | asn1_delete_structure (&pbes2_asn); |
1882 | return result; | 1880 | return result; |
1883 | 1881 | ||
1884 | } | 1882 | } |
1885 | 1883 | ||
1886 | static int | 1884 | static int |
1887 | encrypt_data (const gnutls_datum_t * plain, | 1885 | encrypt_data (const gnutls_datum_t * plain, |
1888 | const struct pbe_enc_params *enc_params, | 1886 | const struct pbe_enc_params *enc_params, |
1889 | gnutls_datum_t * key, gnutls_datum_t * encrypted) | 1887 | gnutls_datum_t * key, gnutls_datum_t * encrypted) |
1890 | { | 1888 | { |
1891 | int result; | 1889 | int result; |
1892 | int data_size; | 1890 | int data_size; |
1893 | opaque *data = NULL; | 1891 | opaque *data = NULL; |
1894 | gnutls_datum_t d_iv; | 1892 | gnutls_datum_t d_iv; |
1895 | cipher_hd_t ch = NULL; | 1893 | cipher_hd_t ch = NULL; |
1896 | opaque pad, pad_size; | 1894 | opaque pad, pad_size; |
1897 | 1895 | ||
1898 | pad_size = _gnutls_cipher_get_block_size (enc_params->cipher); | 1896 | pad_size = _gnutls_cipher_get_block_size (enc_params->cipher); |
1899 | 1897 | ||
1900 | if (pad_size == 1) /* stream */ | 1898 | if (pad_size == 1) /* stream */ |
1901 | pad_size = 0; | 1899 | pad_size = 0; |
1902 | 1900 | ||
1903 | data = gnutls_malloc (plain->size + pad_size); | 1901 | data = gnutls_malloc (plain->size + pad_size); |
1904 | if (data == NULL) | 1902 | if (data == NULL) |
1905 | { | 1903 | { |
1906 | gnutls_assert (); | 1904 | gnutls_assert (); |
1907 | return GNUTLS_E_MEMORY_ERROR; | 1905 | return GNUTLS_E_MEMORY_ERROR; |
1908 | } | 1906 | } |
1909 | 1907 | ||
1910 | memcpy (data, plain->data, plain->size); | 1908 | memcpy (data, plain->data, plain->size); |
1911 | 1909 | ||
1912 | if (pad_size> 0) | 1910 | if (pad_size > 0) |
1913 | { | 1911 | { |
1914 | pad = pad_size - (plain->size % pad_size); | 1912 | pad = pad_size - (plain->size % pad_size); |
1915 | if (pad == 0) | 1913 | if (pad == 0) |
1916 | pad = pad_size; | 1914 | pad = pad_size; |
1917 | memset (&data[plain->size], pad, pad); | 1915 | memset (&data[plain->size], pad, pad); |
1918 | } | 1916 | } |
1919 | else | 1917 | else |
1920 | pad = 0; | 1918 | pad = 0; |
1921 | 1919 | ||
1922 | data_size = plain->size + pad; | 1920 | data_size = plain->size + pad; |
1923 | 1921 | ||
1924 | d_iv.data = (opaque *) enc_params->iv; | 1922 | d_iv.data = (opaque *) enc_params->iv; |
1925 | d_iv.size = enc_params->iv_size; | 1923 | d_iv.size = enc_params->iv_size; |
1926 | ch = _gnutls_cipher_init (enc_params->cipher, key, &d_iv); | 1924 | ch = _gnutls_cipher_init (enc_params->cipher, key, &d_iv); |
1927 | 1925 | ||
1928 | if (ch == GNUTLS_CIPHER_FAILED) | 1926 | if (ch == GNUTLS_CIPHER_FAILED) |
1929 | { | 1927 | { |
1930 | gnutls_assert (); | 1928 | gnutls_assert (); |
1931 | result = GNUTLS_E_ENCRYPTION_FAILED; | 1929 | result = GNUTLS_E_ENCRYPTION_FAILED; |
1932 | goto error; | 1930 | goto error; |
1933 | } | 1931 | } |
1934 | 1932 | ||
1935 | result = _gnutls_cipher_encrypt (ch, data, data_size); | 1933 | result = _gnutls_cipher_encrypt (ch, data, data_size); |
1936 | if (result < 0) | 1934 | if (result < 0) |
1937 | { | 1935 | { |
1938 | gnutls_assert (); | 1936 | gnutls_assert (); |
1939 | goto error; | 1937 | goto error; |
1940 | } | 1938 | } |
1941 | 1939 | ||
1942 | encrypted->data = data; | 1940 | encrypted->data = data; |
1943 | encrypted->size = data_size; | 1941 | encrypted->size = data_size; |
1944 | 1942 | ||
1945 | _gnutls_cipher_deinit (ch); | 1943 | _gnutls_cipher_deinit (ch); |
1946 | 1944 | ||
1947 | return 0; | 1945 | return 0; |
1948 | 1946 | ||
1949 | error: | 1947 | error: |
1950 | gnutls_free (data); | 1948 | gnutls_free (data); |
1951 | if (ch != NULL) | 1949 | if (ch != NULL) |
1952 | _gnutls_cipher_deinit (ch); | 1950 | _gnutls_cipher_deinit (ch); |
1953 | return result; | 1951 | return result; |
1954 | } | 1952 | } |
1955 | 1953 | ||
1956 | /* Decrypts a PKCS #7 encryptedData. The output is allocated | 1954 | /* Decrypts a PKCS #7 encryptedData. The output is allocated |
1957 | * and stored in dec. | 1955 | * and stored in dec. |
1958 | */ | 1956 | */ |
1959 | int | 1957 | int |
1960 | _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, | 1958 | _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, |
1961 | const char *password, gnutls_datum_t * dec) | 1959 | const char *password, gnutls_datum_t * dec) |
1962 | { | 1960 | { |
1963 | int result, len; | 1961 | int result, len; |
1964 | char enc_oid[64]; | 1962 | char enc_oid[64]; |
1965 | gnutls_datum_t tmp; | 1963 | gnutls_datum_t tmp; |
1966 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY; | 1964 | ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY; |
1967 | int params_start, params_end, params_len; | 1965 | int params_start, params_end, params_len; |
1968 | struct pbkdf2_params kdf_params; | 1966 | struct pbkdf2_params kdf_params; |
1969 | struct pbe_enc_params enc_params; | 1967 | struct pbe_enc_params enc_params; |
1970 | schema_id schema; | 1968 | schema_id schema; |
1971 | 1969 | ||
1972 | if ((result = | 1970 | if ((result = |
1973 | asn1_create_element (_gnutls_get_pkix (), | 1971 | asn1_create_element (_gnutls_get_pkix (), |
1974 | "PKIX1.pkcs-7-EncryptedData", | 1972 | "PKIX1.pkcs-7-EncryptedData", |
1975 | &pkcs7_asn)) != ASN1_SUCCESS) | 1973 | &pkcs7_asn)) != ASN1_SUCCESS) |
1976 | { | 1974 | { |
1977 | gnutls_assert (); | 1975 | gnutls_assert (); |
1978 | result = _gnutls_asn2err (result); | 1976 | result = _gnutls_asn2err (result); |
1979 | goto error; | 1977 | goto error; |
1980 | } | 1978 | } |
1981 | 1979 | ||
1982 | result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL); | 1980 | result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL); |
1983 | if (result != ASN1_SUCCESS) | 1981 | if (result != ASN1_SUCCESS) |
1984 | { | 1982 | { |
1985 | gnutls_assert (); | 1983 | gnutls_assert (); |
1986 | result = _gnutls_asn2err (result); | 1984 | result = _gnutls_asn2err (result); |
1987 | goto error; | 1985 | goto error; |
1988 | } | 1986 | } |
1989 | 1987 | ||
1990 | /* Check the encryption schema OID | 1988 | /* Check the encryption schema OID |
1991 | */ | 1989 | */ |
1992 | len = sizeof (enc_oid); | 1990 | len = sizeof (enc_oid); |
1993 | result = | 1991 | result = |
1994 | asn1_read_value (pkcs7_asn, | 1992 | asn1_read_value (pkcs7_asn, |
1995 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", | 1993 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", |
1996 | enc_oid, &len); | 1994 | enc_oid, &len); |
1997 | if (result != ASN1_SUCCESS) | 1995 | if (result != ASN1_SUCCESS) |
1998 | { | 1996 | { |
1999 | gnutls_assert (); | 1997 | gnutls_assert (); |
2000 | result = _gnutls_asn2err (result); | 1998 | result = _gnutls_asn2err (result); |
2001 | goto error; | 1999 | goto error; |
2002 | } | 2000 | } |
2003 | 2001 | ||
2004 | if ((result = check_schema (enc_oid)) < 0) | 2002 | if ((result = check_schema (enc_oid)) < 0) |
2005 | { | 2003 | { |
2006 | gnutls_assert (); | 2004 | gnutls_assert (); |
2007 | goto error; | 2005 | goto error; |
2008 | } | 2006 | } |
2009 | schema = result; | 2007 | schema = result; |
2010 | 2008 | ||
2011 | /* Get the DER encoding of the parameters. | 2009 | /* Get the DER encoding of the parameters. |
2012 | */ | 2010 | */ |
2013 | result = | 2011 | result = |
2014 | asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size, | 2012 | asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size, |
2015 | "encryptedContentInfo.contentEncryptionAlgorithm.parameters", | 2013 | "encryptedContentInfo.contentEncryptionAlgorithm.parameters", |
2016 | ¶ms_start, ¶ms_end); | 2014 | ¶ms_start, ¶ms_end); |
2017 | if (result != ASN1_SUCCESS) | 2015 | if (result != ASN1_SUCCESS) |
2018 | { | 2016 | { |
2019 | gnutls_assert (); | 2017 | gnutls_assert (); |
2020 | result = _gnutls_asn2err (result); | 2018 | result = _gnutls_asn2err (result); |
2021 | goto error; | 2019 | goto error; |
2022 | } | 2020 | } |
2023 | params_len = params_end - params_start + 1; | 2021 | params_len = params_end - params_start + 1; |
2024 | 2022 | ||
2025 | result = | 2023 | result = |
2026 | read_pkcs_schema_params (schema, password, | 2024 | read_pkcs_schema_params (schema, password, |
2027 | &data->data[params_start], | 2025 | &data->data[params_start], |
2028 | params_len, &kdf_params, &enc_params); | 2026 | params_len, &kdf_params, &enc_params); |
2029 | if (result < ASN1_SUCCESS) | 2027 | if (result < ASN1_SUCCESS) |
2030 | { | 2028 | { |
2031 | gnutls_assert (); | 2029 | gnutls_assert (); |
2032 | result = _gnutls_asn2err (result); | 2030 | result = _gnutls_asn2err (result); |
2033 | goto error; | 2031 | goto error; |
2034 | } | 2032 | } |
2035 | 2033 | ||
2036 | /* Parameters have been decoded. Now | 2034 | /* Parameters have been decoded. Now |
2037 | * decrypt the EncryptedData. | 2035 | * decrypt the EncryptedData. |
2038 | */ | 2036 | */ |
2039 | 2037 | ||
2040 | result = | 2038 | result = |
2041 | decrypt_data (schema, pkcs7_asn, | 2039 | decrypt_data (schema, pkcs7_asn, |
2042 | "encryptedContentInfo.encryptedContent", password, | 2040 | "encryptedContentInfo.encryptedContent", password, |
2043 | &kdf_params, &enc_params, &tmp); | 2041 | &kdf_params, &enc_params, &tmp); |
2044 | if (result < 0) | 2042 | if (result < 0) |
2045 | { | 2043 | { |
2046 | gnutls_assert (); | 2044 | gnutls_assert (); |
2047 | goto error; | 2045 | goto error; |
2048 | } | 2046 | } |
2049 | 2047 | ||
2050 | asn1_delete_structure (&pkcs7_asn); | 2048 | asn1_delete_structure (&pkcs7_asn); |
2051 | 2049 | ||
2052 | *dec = tmp; | 2050 | *dec = tmp; |
2053 | 2051 | ||
2054 | return 0; | 2052 | return 0; |
2055 | 2053 | ||
2056 | error: | 2054 | error: |
2057 | asn1_delete_structure (&pbes2_asn); | 2055 | asn1_delete_structure (&pbes2_asn); |
2058 | asn1_delete_structure (&pkcs7_asn); | 2056 | asn1_delete_structure (&pkcs7_asn); |
2059 | return result; | 2057 | return result; |
2060 | } | 2058 | } |
2061 | 2059 | ||
2062 | /* Encrypts to a PKCS #7 encryptedData. The output is allocated | 2060 | /* Encrypts to a PKCS #7 encryptedData. The output is allocated |
2063 | * and stored in enc. | 2061 | * and stored in enc. |
2064 | */ | 2062 | */ |
2065 | int | 2063 | int |
2066 | _gnutls_pkcs7_encrypt_data (schema_id schema, | 2064 | _gnutls_pkcs7_encrypt_data (schema_id schema, |
2067 | const gnutls_datum_t * data, | 2065 | const gnutls_datum_t * data, |
2068 | const char *password, gnutls_datum_t * enc) | 2066 | const char *password, gnutls_datum_t * enc) |
2069 | { | 2067 | { |
2070 | int result; | 2068 | int result; |
2071 | gnutls_datum_t key = | 2069 | gnutls_datum_t key = { NULL, 0 }; |
2072 | { NULL, 0}; | 2070 | gnutls_datum_t tmp = { NULL, 0 }; |
2073 | gnutls_datum_t tmp = | 2071 | ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY; |
2074 | { NULL, 0}; | 2072 | struct pbkdf2_params kdf_params; |
2075 | ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY; | 2073 | struct pbe_enc_params enc_params; |
2076 | struct pbkdf2_params kdf_params; | 2074 | |
2077 | struct pbe_enc_params enc_params; | 2075 | if ((result = |
2078 | 2076 | asn1_create_element (_gnutls_get_pkix (), | |
2079 | if ((result = | 2077 | "PKIX1.pkcs-7-EncryptedData", |
2080 | asn1_create_element (_gnutls_get_pkix (), | 2078 | &pkcs7_asn)) != ASN1_SUCCESS) |
2081 | "PKIX1.pkcs-7-EncryptedData", | 2079 | { |
2082 | &pkcs7_asn)) != ASN1_SUCCESS) | 2080 | gnutls_assert (); |
2083 | { | 2081 | result = _gnutls_asn2err (result); |
2084 | gnutls_assert (); | 2082 | goto error; |
2085 | result = _gnutls_asn2err (result); | 2083 | } |
2086 | goto error; | 2084 | |
2087 | } | 2085 | /* Write the encryption schema OID |
2088 | 2086 | */ | |
2089 | /* Write the encryption schema OID | 2087 | switch (schema) |
2090 | */ | 2088 | { |
2091 | switch (schema) | 2089 | case PBES2: |
2092 | { | 2090 | result = |
2093 | case PBES2: | ||
2094 | result = | ||
2095 | asn1_write_value (pkcs7_asn, | 2091 | asn1_write_value (pkcs7_asn, |
2096 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", | 2092 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", |
2097 | PBES2_OID, 1); | 2093 | PBES2_OID, 1); |
2098 | break; | 2094 | break; |
2099 | case PKCS12_3DES_SHA1: | 2095 | case PKCS12_3DES_SHA1: |
2100 | result = | 2096 | result = |
2101 | asn1_write_value (pkcs7_asn, | 2097 | asn1_write_value (pkcs7_asn, |
2102 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", | 2098 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", |
2103 | PKCS12_PBE_3DES_SHA1_OID, 1); | 2099 | PKCS12_PBE_3DES_SHA1_OID, 1); |
2104 | break; | 2100 | break; |
2105 | case PKCS12_ARCFOUR_SHA1: | 2101 | case PKCS12_ARCFOUR_SHA1: |
2106 | result = | 2102 | result = |
2107 | asn1_write_value (pkcs7_asn, | 2103 | asn1_write_value (pkcs7_asn, |
2108 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", | 2104 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", |
2109 | PKCS12_PBE_ARCFOUR_SHA1_OID, 1); | 2105 | PKCS12_PBE_ARCFOUR_SHA1_OID, 1); |
2110 | break; | 2106 | break; |
2111 | case PKCS12_RC2_40_SHA1: | 2107 | case PKCS12_RC2_40_SHA1: |
2112 | result = | 2108 | result = |
2113 | asn1_write_value (pkcs7_asn, | 2109 | asn1_write_value (pkcs7_asn, |
2114 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", | 2110 | "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", |
2115 | PKCS12_PBE_RC2_40_SHA1_OID, 1); | 2111 | PKCS12_PBE_RC2_40_SHA1_OID, 1); |
2116 | break; | 2112 | break; |
2117 | 2113 | ||
2118 | } | 2114 | } |
2119 | 2115 | ||
2120 | if (result != ASN1_SUCCESS) | 2116 | if (result != ASN1_SUCCESS) |
2121 | { | 2117 | { |
2122 | gnutls_assert (); | 2118 | gnutls_assert (); |
2123 | result = _gnutls_asn2err (result); | 2119 | result = _gnutls_asn2err (result); |
2124 | goto error; | 2120 | goto error; |
2125 | } | 2121 | } |
2126 | 2122 | ||
2127 | /* Generate a symmetric key. | 2123 | /* Generate a symmetric key. |
2128 | */ | 2124 | */ |
2129 | 2125 | ||
2130 | result = generate_key (schema, password, &kdf_params, &enc_params, &key); | 2126 | result = generate_key (schema, password, &kdf_params, &enc_params, &key); |
2131 | if (result < 0) | 2127 | if (result < 0) |
2132 | { | 2128 | { |
2133 | gnutls_assert (); | 2129 | gnutls_assert (); |
2134 | goto error; | 2130 | goto error; |
2135 | } | 2131 | } |
2136 | 2132 | ||
2137 | result = write_schema_params (schema, pkcs7_asn, | 2133 | result = write_schema_params (schema, pkcs7_asn, |
2138 | "encryptedContentInfo.contentEncryptionAlgorithm.parameters", | 2134 | "encryptedContentInfo.contentEncryptionAlgorithm.parameters", |
2139 | &kdf_params, &enc_params); | 2135 | &kdf_params, &enc_params); |
2140 | if (result < 0) | 2136 | if (result < 0) |
2141 | { | 2137 | { |
2142 | gnutls_assert (); | 2138 | gnutls_assert (); |
2143 | goto error; | 2139 | goto error; |
2144 | } | 2140 | } |
2145 | 2141 | ||
2146 | /* Parameters have been encoded. Now | 2142 | /* Parameters have been encoded. Now |
2147 | * encrypt the Data. | 2143 | * encrypt the Data. |
2148 | */ | 2144 | */ |
2149 | result = encrypt_data (data, &enc_params, &key, &tmp); | 2145 | result = encrypt_data (data, &enc_params, &key, &tmp); |
2150 | if (result < 0) | 2146 | if (result < 0) |
2151 | { | 2147 | { |
2152 | gnutls_assert (); | 2148 | gnutls_assert (); |
2153 | goto error; | 2149 | goto error; |
2154 | } | 2150 | } |
2155 | 2151 | ||
2156 | /* write the encrypted data. | 2152 | /* write the encrypted data. |
2157 | */ | 2153 | */ |
2158 | result = | 2154 | result = |
2159 | asn1_write_value (pkcs7_asn, | 2155 | asn1_write_value (pkcs7_asn, |
2160 | "encryptedContentInfo.encryptedContent", tmp.data, | 2156 | "encryptedContentInfo.encryptedContent", tmp.data, |
2161 | tmp.size); | 2157 | tmp.size); |
2162 | if (result != ASN1_SUCCESS) | 2158 | if (result != ASN1_SUCCESS) |
2163 | { | 2159 | { |
2164 | gnutls_assert (); | 2160 | gnutls_assert (); |
2165 | result = _gnutls_asn2err (result); | 2161 | result = _gnutls_asn2err (result); |
2166 | goto error; | 2162 | goto error; |
2167 | } | 2163 | } |
2168 | 2164 | ||
2169 | _gnutls_free_datum (&tmp); | 2165 | _gnutls_free_datum (&tmp); |
2170 | _gnutls_free_datum (&key); | 2166 | _gnutls_free_datum (&key); |
2171 | 2167 | ||
2172 | /* Now write the rest of the pkcs-7 stuff. | 2168 | /* Now write the rest of the pkcs-7 stuff. |
2173 | */ | 2169 | */ |
2174 | 2170 | ||
2175 | result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0); | 2171 | result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0); |
2176 | if (result < 0) | 2172 | if (result < 0) |
2177 | { | 2173 | { |
2178 | gnutls_assert (); | 2174 | gnutls_assert (); |
2179 | goto error; | 2175 | goto error; |
2180 | } | 2176 | } |
2181 | 2177 | ||
2182 | result = | 2178 | result = |
2183 | asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType", | 2179 | asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType", |
2184 | DATA_OID, 1); | 2180 | DATA_OID, 1); |
2185 | if (result != ASN1_SUCCESS) | 2181 | if (result != ASN1_SUCCESS) |
2186 | { | 2182 | { |
2187 | gnutls_assert (); | 2183 | gnutls_assert (); |
2188 | result = _gnutls_asn2err (result); | 2184 | result = _gnutls_asn2err (result); |
2189 | goto error; | 2185 | goto error; |
2190 | } | 2186 | } |
2191 | 2187 | ||
2192 | result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0); | 2188 | result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0); |
2193 | if (result != ASN1_SUCCESS) | 2189 | if (result != ASN1_SUCCESS) |
2194 | { | 2190 | { |
2195 | gnutls_assert (); | 2191 | gnutls_assert (); |
2196 | result = _gnutls_asn2err (result); | 2192 | result = _gnutls_asn2err (result); |
2197 | goto error; | 2193 | goto error; |
2198 | } | 2194 | } |
2199 | 2195 | ||
2200 | /* Now encode and copy the DER stuff. | 2196 | /* Now encode and copy the DER stuff. |
2201 | */ | 2197 | */ |
2202 | result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0); | 2198 | result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0); |
2203 | 2199 | ||
2204 | asn1_delete_structure (&pkcs7_asn); | 2200 | asn1_delete_structure (&pkcs7_asn); |
2205 | 2201 | ||
2206 | if (result < 0) | 2202 | if (result < 0) |
2207 | { | 2203 | { |
2208 | gnutls_assert (); | 2204 | gnutls_assert (); |
2209 | goto error; | 2205 | goto error; |
2210 | } | 2206 | } |
2211 | 2207 | ||
2212 | error: | 2208 | error: |
2213 | _gnutls_free_datum (&key); | 2209 | _gnutls_free_datum (&key); |
2214 | _gnutls_free_datum (&tmp); | 2210 | _gnutls_free_datum (&tmp); |
2215 | asn1_delete_structure (&pkcs7_asn); | 2211 | asn1_delete_structure (&pkcs7_asn); |
2216 | return result; | 2212 | return result; |
2217 | } | 2213 | } |
2218 | 2214 | ||
2219 | #endif | 2215 | #endif |