diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-11 09:36:18 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-11 09:36:18 +0000 |
commit | da0b65d7c5fa858340a539e513a6f39792030be7 (patch) | |
tree | 6b49d438793194ae2c43d27059b27a153f456311 | |
parent | fe6db41f818b2fc2c79058649ccb1fb2c023e2be (diff) | |
download | gnutls-da0b65d7c5fa858340a539e513a6f39792030be7.tar.gz |
Added gnutls_pkcs7_set_certificate2() and gnutls_pkcs7_set_crl2() functions.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | includes/gnutls/x509.h | 8 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 4 | ||||
-rw-r--r-- | lib/gnutls_dh_primes.c | 15 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 14 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 113 | ||||
-rw-r--r-- | lib/x509_b64.c | 6 | ||||
-rw-r--r-- | src/cli-gaa.c | 4 |
9 files changed, 138 insertions, 30 deletions
@@ -1,6 +1,8 @@ Version 0.9.97 - The certtool utility can now generate PKCS #12 structures without specifying a certificate. +- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER + to properly set the required buffer size. Version 0.9.96 (09/11/2003) - Some changes to allow compilation with mingw32. diff --git a/configure.in b/configure.in index b82560430d..85487224d0 100644 --- a/configure.in +++ b/configure.in @@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name]) dnl Gnutls Version GNUTLS_MAJOR_VERSION=0 GNUTLS_MINOR_VERSION=9 -GNUTLS_MICRO_VERSION=96 +GNUTLS_MICRO_VERSION=97 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls]) diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index a87f2cfa59..f91faa59ca 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -179,14 +179,14 @@ int gnutls_pkcs7_export( gnutls_pkcs7 pkcs7, int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, int indx, unsigned char* certificate, size_t* certificate_size); -int gnutls_pkcs7_set_certificate(gnutls_pkcs7 pkcs7, - const gnutls_datum* crt); +int gnutls_pkcs7_set_certificate(gnutls_pkcs7 pkcs7, const gnutls_datum* crt); +int gnutls_pkcs7_set_certificate2(gnutls_pkcs7 pkcs7, gnutls_x509_crt crt); int gnutls_pkcs7_get_crl(gnutls_pkcs7 pkcs7, int indx, unsigned char* crl, size_t* crl_size); int gnutls_pkcs7_get_crl_count(gnutls_pkcs7 pkcs7); -int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, - const gnutls_datum* crt); +int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, const gnutls_datum* crt); +int gnutls_pkcs7_set_crl2(gnutls_pkcs7 pkcs7, gnutls_x509_crl crl); int gnutls_pkcs7_delete_crl(gnutls_pkcs7 pkcs7, int indx); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index f1c9a19a0f..3494d95b24 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -410,9 +410,9 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params, const gnutls_datum * pkcs3_params, gnutls_x509_crt_fmt format); int gnutls_dh_params_generate2(gnutls_dh_params params, int bits); int gnutls_dh_params_export_pkcs3( gnutls_dh_params params, - gnutls_x509_crt_fmt format, unsigned char* params_data, int* params_data_size); + gnutls_x509_crt_fmt format, unsigned char* params_data, size_t* params_data_size); int gnutls_dh_params_export_raw(gnutls_dh_params params, - gnutls_datum * prime, gnutls_datum * generator, int *bits); + gnutls_datum * prime, gnutls_datum * generator, unsigned int *bits); /* RSA params diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 7e7cc29f9b..e738398a67 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -373,10 +373,10 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params, **/ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params, gnutls_x509_crt_fmt format, unsigned char* params_data, - unsigned int* params_data_size) + size_t* params_data_size) { ASN1_TYPE c2; - int result; + int result, _params_data_size; size_t g_size, p_size; opaque * p_data, *g_data; opaque * all_data; @@ -440,18 +440,19 @@ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params, if (format == GNUTLS_X509_FMT_DER) { if (params_data == NULL) *params_data_size = 0; - if ((result=asn1_der_coding( c2, "", params_data, params_data_size, NULL)) != ASN1_SUCCESS) { + _params_data_size = *params_data_size; + result=asn1_der_coding( c2, "", params_data, &_params_data_size, NULL); + *params_data_size = _params_data_size; + asn1_delete_structure(&c2); + + if (result != ASN1_SUCCESS) { gnutls_assert(); - asn1_delete_structure(&c2); - if (result == ASN1_MEM_ERROR) return GNUTLS_E_SHORT_MEMORY_BUFFER; return _gnutls_asn2err(result); } - asn1_delete_structure(&c2); - } else { /* PEM */ opaque *tmp; opaque *out; diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 53c8136207..7d74f55400 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -62,11 +62,15 @@ time_t gnutls_certificate_expiration_time_peers(gnutls_session session); int gnutls_certificate_client_get_request_status( gnutls_session); int gnutls_certificate_verify_peers( gnutls_session); -int gnutls_pem_base64_encode( const char* header, const gnutls_datum *data, char* result, int* result_size); -int gnutls_pem_base64_decode( const char* header, const gnutls_datum *b64_data, char* result, int* result_size); - -int gnutls_pem_base64_encode_alloc( const char* header, const gnutls_datum *data, gnutls_datum * result); -int gnutls_pem_base64_decode_alloc( const char* header, const gnutls_datum *b64_data, gnutls_datum* result); +int gnutls_pem_base64_encode( const char* header, const gnutls_datum *data, + char* result, size_t* result_size); +int gnutls_pem_base64_decode( const char* header, const gnutls_datum *b64_data, + unsigned char* result, size_t* result_size); + +int gnutls_pem_base64_encode_alloc( const char* header, const gnutls_datum *data, + gnutls_datum * result); +int gnutls_pem_base64_decode_alloc( const char* header, const gnutls_datum *b64_data, + gnutls_datum* result); # endif /* LIBGNUTLS_VERSION */ diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 615657e18a..9eadfb22e0 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -188,6 +188,9 @@ int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data, { int result = 0, need_free = 0; gnutls_datum _data; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; _data.data = data->data; _data.size = data->size; @@ -254,7 +257,8 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, char counter[MAX_INT_DIGITS]; gnutls_datum tmp = {NULL, 0}; - if (certificate_size == NULL) return GNUTLS_E_INVALID_REQUEST; + if (certificate_size == NULL || pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; /* Step 1. decode the signed data. */ @@ -340,6 +344,9 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, count; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + /* Step 1. decode the signed data. */ result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL); @@ -385,6 +392,9 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) int gnutls_pkcs7_export( gnutls_pkcs7 pkcs7, gnutls_x509_crt_fmt format, unsigned char* output_data, size_t* output_data_size) { + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + return _gnutls_x509_export_int( pkcs7->pkcs7, format, PEM_PKCS7, *output_data_size, output_data, output_data_size); } @@ -474,6 +484,9 @@ int gnutls_pkcs7_set_certificate(gnutls_pkcs7 pkcs7, ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + /* Step 1. decode the signed data. */ result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL); @@ -538,6 +551,45 @@ int gnutls_pkcs7_set_certificate(gnutls_pkcs7 pkcs7, } /** + * gnutls_pkcs7_set_certificate2 - This function adds a parsed certificate in a PKCS7 certificate set + * @pkcs7_struct: should contain a gnutls_pkcs7 structure + * @crt: the certificate to be copied. + * + * This function will add a parsed certificate to the PKCS7 or RFC2630 certificate set. + * This is a wrapper function over gnutls_pkcs7_set_certificate() . + * + * Returns 0 on success. + * + **/ +int gnutls_pkcs7_set_certificate2(gnutls_pkcs7 pkcs7, + gnutls_x509_crt crt) +{ + int ret; + gnutls_datum data; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + ret = _gnutls_x509_der_encode( crt->cert, "", &data, 0); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = gnutls_pkcs7_set_certificate( pkcs7, &data); + + _gnutls_free_datum( &data); + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; +} + + +/** * gnutls_pkcs7_delete_certificate - This function deletes a certificate from a PKCS7 certificate set * @pkcs7_struct: should contain a gnutls_pkcs7 structure * @indx: the index of the certificate to delete @@ -553,9 +605,11 @@ int gnutls_pkcs7_delete_certificate(gnutls_pkcs7 pkcs7, int indx) char counter[MAX_INT_DIGITS]; char root2[64]; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + /* Step 1. Decode the signed data. */ - result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL); if (result < 0) { gnutls_assert(); @@ -621,7 +675,8 @@ int gnutls_pkcs7_get_crl(gnutls_pkcs7 pkcs7, gnutls_datum tmp = {NULL, 0}; int start, end; - if (crl_size == NULL) return GNUTLS_E_INVALID_REQUEST; + if (pkcs7==NULL || crl_size == NULL) + return GNUTLS_E_INVALID_REQUEST; /* Step 1. decode the signed data. */ @@ -686,6 +741,9 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7 pkcs7) ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, count; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + /* Step 1. decode the signed data. */ result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL); @@ -712,18 +770,21 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7 pkcs7) /** * gnutls_pkcs7_set_crl - This function adds a crl in a PKCS7 crl set * @pkcs7_struct: should contain a gnutls_pkcs7 structure - * @crt: the DER encoded crl to be added + * @crl: the DER encoded crl to be added * * This function will add a crl to the PKCS7 or RFC2630 crl set. * Returns 0 on success. * **/ int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, - const gnutls_datum* crt) + const gnutls_datum* crl) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + /* Step 1. decode the signed data. */ result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL); @@ -756,7 +817,7 @@ int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, goto cleanup; } - result = asn1_write_value(c2, "crls.?LAST", crt->data, crt->size); + result = asn1_write_value(c2, "crls.?LAST", crl->data, crl->size); if (result != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -781,6 +842,42 @@ int gnutls_pkcs7_set_crl(gnutls_pkcs7 pkcs7, } /** + * gnutls_pkcs7_set_crl2 - This function adds a parsed crl in a PKCS7 crl set + * @pkcs7_struct: should contain a gnutls_pkcs7 structure + * @crl: the DER encoded crl to be added + * + * This function will add a parsed crl to the PKCS7 or RFC2630 crl set. + * Returns 0 on success. + * + **/ +int gnutls_pkcs7_set_crl2(gnutls_pkcs7 pkcs7, + gnutls_x509_crl crl) +{ + int ret; + gnutls_datum data; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + ret = _gnutls_x509_der_encode( crl->crl, "", &data, 0); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = gnutls_pkcs7_set_crl( pkcs7, &data); + + _gnutls_free_datum( &data); + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; +} + +/** * gnutls_pkcs7_delete_crl - This function deletes a crl from a PKCS7 crl set * @pkcs7_struct: should contain a gnutls_pkcs7 structure * @indx: the index of the crl to delete @@ -796,9 +893,11 @@ int gnutls_pkcs7_delete_crl(gnutls_pkcs7 pkcs7, int indx) char counter[MAX_INT_DIGITS]; char root2[64]; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + /* Step 1. Decode the signed data. */ - result = _decode_pkcs7_signed_data( pkcs7->pkcs7, &c2, NULL); if (result < 0) { gnutls_assert(); diff --git a/lib/x509_b64.c b/lib/x509_b64.c index a846754118..fa76b07db4 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -281,7 +281,8 @@ int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size, * the terminating null. * **/ -int gnutls_pem_base64_encode( const char* msg, const gnutls_datum *data, char* result, int* result_size) { +int gnutls_pem_base64_encode( const char* msg, const gnutls_datum *data, char* result, + size_t* result_size) { opaque* ret; int size; @@ -488,7 +489,8 @@ int _gnutls_fbase64_decode( const char* header, const opaque * data, size_t data * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough, * or 0 on success. **/ -int gnutls_pem_base64_decode( const char* header, const gnutls_datum *b64_data, char* result, int* result_size) +int gnutls_pem_base64_decode( const char* header, const gnutls_datum *b64_data, + unsigned char* result, size_t* result_size) { opaque* ret; int size; diff --git a/src/cli-gaa.c b/src/cli-gaa.c index 963d27496d..6ace4e17d7 100644 --- a/src/cli-gaa.c +++ b/src/cli-gaa.c @@ -477,7 +477,7 @@ int gaa_getint(char *arg) { int tmp; char a; - if(sscanf(arg, "%d%c", &tmp, &a) < 1) + if(sscanf(arg, "%d%c", &tmp, &a) != 1) { printf("Option %s: '%s' isn't an integer\n", gaa_current_option, arg); GAAERROR(-1); @@ -503,7 +503,7 @@ float gaa_getfloat(char *arg) { float tmp; char a; - if(sscanf(arg, "%f%c", &tmp, &a) < 1) + if(sscanf(arg, "%f%c", &tmp, &a) != 1) { printf("Option %s: '%s' isn't a float number\n", gaa_current_option, arg); GAAERROR(-1); |