summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2002-04-03 19:56:25 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2002-04-03 19:56:25 +0000
commitd22847d7d50ff10d490616061f1b61ff09336ac1 (patch)
tree0f2325fbb3f04fe18868ddb0e16c6324993f7fa3
parente356a5780af03651c66c5d1872d9f001737b2828 (diff)
downloadgnutls-d22847d7d50ff10d490616061f1b61ff09336ac1.tar.gz
merged changes from gnutls_0_4_with_alloca.
Diffstat
-rw-r--r--NEWS4
-rw-r--r--configure.in2
-rw-r--r--lib/auth_cert.c115
-rw-r--r--lib/defines.h53
-rw-r--r--lib/gnutls_algorithms.c6
-rw-r--r--lib/gnutls_buffers.c36
-rw-r--r--lib/gnutls_handshake.c23
-rw-r--r--lib/gnutls_mem.h12
-rw-r--r--lib/gnutls_x509.c14
-rwxr-xr-xlib/x509_asn1.c36
-rw-r--r--lib/x509_der.c20
11 files changed, 176 insertions, 145 deletions
diff --git a/NEWS b/NEWS
index 563d779062..b321f37a29 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Version 0.4.1
+- Now uses alloca() for temporary variables
+- Optimized RSA signing
+
Version 0.4.0 (1/04/2002)
- Added support for RFC2630 (PKCS7) X.509 certificate sets
- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(),
diff --git a/configure.in b/configure.in
index b5c7c2acc1..2e1b9ffb1b 100644
--- a/configure.in
+++ b/configure.in
@@ -139,7 +139,7 @@ AC_CHECK_HEADERS(unistd.h pwd.h locale.h strings.h stdarg.h)
AC_CHECK_HEADERS(sys/stat.h sys/types.h sys/socket.h)
AC_CHECK_HEADERS(errno.h sys/time.h time.h)
AC_CHECK_FUNCS(bzero memset memmove bcopy,,)
-
+AC_FUNC_ALLOCA
AC_MSG_RESULT([***
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index acb5c1d167..2e1cab2fcb 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -289,7 +289,6 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state,
return GNUTLS_E_INSUFICIENT_CRED;
}
-
if (state->gnutls_internals.client_cert_callback != NULL) {
/* if try>=0 then the client wants automatic
* choose of certificate, otherwise (-1), he
@@ -332,9 +331,38 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state,
gnutls_datum *my_certs = NULL;
gnutls_datum *issuers_dn = NULL;
int count;
+ int issuers_dn_len = 0;
+ opaque* dataptr = data;
+ int dataptr_size = data_size;
+
+ /* Count the number of the given issuers;
+ * This is used to allocate the issuers_dn without
+ * using realloc().
+ */
+ do {
+ dataptr_size -= 2;
+ if (dataptr_size <= 0)
+ goto clear;
+ size = READuint16(data);
+
+ dataptr_size -= size;
+ if (dataptr_size < 0)
+ goto clear;
+
+ dataptr += 2;
+
+ issuers_dn_len++;
+
+ dataptr += size;
+
+ if (dataptr_size == 0)
+ break;
+
+ } while (1);
+
my_certs =
- gnutls_malloc(cred->ncerts * sizeof(gnutls_datum));
+ gnutls_alloca(cred->ncerts * sizeof(gnutls_datum));
if (my_certs == NULL)
goto clear;
@@ -344,48 +372,46 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state,
if (gnutls_cert_type_get(state) == GNUTLS_CRT_X509) {
data = _data;
data_size = _data_size;
- count = 0; /* holds the number of given CA's DN */
- do {
- data_size -= 2;
- if (data_size <= 0)
- goto clear;
- size = READuint16(data);
- data_size -= size;
- if (data_size < 0)
- goto clear;
+ issuers_dn = gnutls_alloca( issuers_dn_len * sizeof(gnutls_datum));
+ if (issuers_dn == NULL)
+ goto clear;
- data += 2;
+ for (i=0;i<issuers_dn_len;i++) {
+ /* The checks here for the buffer boundaries
+ * are not needed since the buffer has been
+ * parsed above.
+ */
+ data_size -= 2;
- issuers_dn =
- gnutls_realloc_fast(issuers_dn,
- (count +
- 1) *
- sizeof
- (gnutls_datum));
- if (issuers_dn == NULL)
- goto clear;
+ size = READuint16(data);
- issuers_dn->data = data;
- issuers_dn->size = size;
+ data += 2;
- count++; /* otherwise we have failed */
+ issuers_dn[count].data = data;
+ issuers_dn[count].size = size;
data += size;
- if (data_size == 0)
- break;
+ }
- } while (1);
} else { /* Other certificate types */
- count = 0;
+ issuers_dn_len = 0;
issuers_dn = NULL;
}
/* maps j -> i */
- ij_map = gnutls_malloc(sizeof(int) * cred->ncerts);
+ ij_map = gnutls_alloca(sizeof(int) * cred->ncerts);
+ if (ij_map==NULL) {
+ gnutls_assert();
+ goto clear;
+ }
/* put our certificate's issuer and dn into cdn, idn
+ * Note that the certificates we provide to the callback
+ * are not all the certificates we have. Only the certificates
+ * that are requested by the server (CA matches - and sign
+ * algorithm matches), are provided.
*/
for (j = i = 0; i < cred->ncerts; i++) {
if ((cred->cert_list[i][0].cert_type ==
@@ -403,12 +429,13 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state,
my_certs[j++] = cred->cert_list[i][0].raw;
}
}
+
indx =
state->gnutls_internals.client_cert_callback(state,
my_certs,
j,
issuers_dn,
- count);
+ issuers_dn_len);
/* the indx returned by the user is relative
* to the certificates we provided him.
@@ -418,9 +445,9 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state,
indx = ij_map[indx];
clear:
- gnutls_free(my_certs);
- gnutls_free(issuers_dn);
- gnutls_free(ij_map);
+ gnutls_afree(my_certs);
+ gnutls_afree(ij_map);
+ gnutls_afree(issuers_dn);
}
*ind = indx;
@@ -691,13 +718,15 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data,
*/
peer_certificate_list =
- gnutls_calloc(1, sizeof(gnutls_cert) *
+ gnutls_alloca( sizeof(gnutls_cert) *
(peer_certificate_list_size));
if (peer_certificate_list == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
+ memset( peer_certificate_list, 0, sizeof(gnutls_cert)*
+ peer_certificate_list_size);
p = data + 3;
@@ -718,7 +747,7 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data,
[j], tmp)) < 0) {
gnutls_assert();
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return ret;
}
@@ -733,7 +762,7 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data,
< 0) {
gnutls_assert();
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return ret;
}
@@ -743,12 +772,12 @@ int _gnutls_proc_x509_server_certificate(GNUTLS_STATE state, opaque * data,
< 0) {
gnutls_assert();
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return ret;
}
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return 0;
}
@@ -862,12 +891,14 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state,
}
peer_certificate_list =
- gnutls_calloc(1, sizeof(gnutls_cert) *
+ gnutls_alloca( sizeof(gnutls_cert) *
(peer_certificate_list_size));
if (peer_certificate_list == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
+ memset( peer_certificate_list, 0, sizeof(gnutls_cert)*
+ peer_certificate_list_size);
if ((ret =
@@ -876,7 +907,7 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state,
gnutls_assert();
gnutls_free_datum( &akey);
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return ret;
}
gnutls_free_datum( &akey);
@@ -888,7 +919,7 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state,
< 0) {
gnutls_assert();
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return ret;
}
@@ -898,12 +929,12 @@ int _gnutls_proc_openpgp_server_certificate(GNUTLS_STATE state,
< 0) {
gnutls_assert();
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return ret;
}
CLEAR_CERTS;
- gnutls_free(peer_certificate_list);
+ gnutls_afree(peer_certificate_list);
return 0;
}
diff --git a/lib/defines.h b/lib/defines.h
index 6d71591ee7..2287fc11ea 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2000 Nikos Mavroyanopoulos
+ * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
@@ -21,6 +21,21 @@
#ifndef DEFINES_H
# define DEFINES_H
+#ifndef __GNUC__
+# if HAVE_ALLOCA_H
+# include <alloca.h>
+# else
+# ifdef _AIX
+#pragma alloca
+# else
+# ifndef alloca /* predefined by HP cc +Olibcalls */
+char *alloca();
+# endif
+# endif
+# endif
+#endif
+
+
#include <config.h>
#ifdef STDC_HEADERS
@@ -31,12 +46,12 @@
#endif
#ifdef NO_TIME_T
- typedef unsigned int time_t;
+typedef unsigned int time_t;
#endif
#ifdef NO_SIZE_T
- typedef unsigned int size_t;
- typedef int ssize_t;
+typedef unsigned int size_t;
+typedef int ssize_t;
#endif
#ifdef HAVE_STRINGS_H
@@ -74,38 +89,40 @@
#if SIZEOF_UNSIGNED_LONG_INT == 8
# define HAVE_UINT64
/* only used native uint64 in 64 bit machines */
- typedef unsigned long int uint64;
+typedef unsigned long int uint64;
#else
/* some systems had problems with long long int, thus,
* it is not used.
*/
- typedef struct { unsigned char i[8]; } uint64;
+typedef struct {
+ unsigned char i[8];
+} uint64;
#endif
#if SIZEOF_UNSIGNED_LONG_INT == 4
- typedef unsigned long int uint32;
- typedef signed long int sint32;
+typedef unsigned long int uint32;
+typedef signed long int sint32;
#elif SIZEOF_UNSIGNED_INT == 4
- typedef unsigned int uint32;
- typedef signed int sint32;
+typedef unsigned int uint32;
+typedef signed int sint32;
#else
# error "Cannot find a 32 bit integer in your system, sorry."
#endif
#if SIZEOF_UNSIGNED_INT == 2
- typedef unsigned int uint16;
- typedef signed int sint16;
+typedef unsigned int uint16;
+typedef signed int sint16;
#elif SIZEOF_UNSIGNED_SHORT_INT == 2
- typedef unsigned short int uint16;
- typedef signed short int sint16;
-#else
+typedef unsigned short int uint16;
+typedef signed short int sint16;
+#else
# error "Cannot find a 16 bit integer in your system, sorry."
#endif
#if SIZEOF_UNSIGNED_CHAR == 1
- typedef unsigned char uint8;
- typedef signed char int8;
+typedef unsigned char uint8;
+typedef signed char int8;
#else
# error "Cannot find an 8 bit char in your system, sorry."
#endif
@@ -118,4 +135,4 @@
# endif
#endif
-#endif /* defines_h */
+#endif /* defines_h */
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index b0cdaed87f..b408c2d13b 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1044,14 +1044,14 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state,
version = gnutls_protocol_get_version( state);
- tmp_ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite));
+ tmp_ciphers = gnutls_alloca(count * sizeof(GNUTLS_CipherSuite));
if ( tmp_ciphers==NULL)
return GNUTLS_E_MEMORY_ERROR;
ciphers = gnutls_malloc(count * sizeof(GNUTLS_CipherSuite));
if ( ciphers==NULL) {
- gnutls_free( tmp_ciphers);
+ gnutls_afree( tmp_ciphers);
return GNUTLS_E_MEMORY_ERROR;
}
@@ -1105,7 +1105,7 @@ _gnutls_supported_ciphersuites(GNUTLS_STATE state,
}
*_ciphers = ciphers;
- gnutls_free(tmp_ciphers);
+ gnutls_afree(tmp_ciphers);
return ret_count;
}
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 0c88d57a6d..72cb9d7a64 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -273,40 +273,26 @@ static ssize_t _gnutls_read( GNUTLS_STATE state, void *iptr, size_t sizeOfPtr, i
* Clears the peeked data (read with MSG_PEEK).
*/
int _gnutls_io_clear_peeked_data( GNUTLS_STATE state) {
-char peekdata1[10];
-char *peekdata2 = NULL;
-char * peek;
+char *peekdata = NULL;
int ret, sum;
if (state->gnutls_internals.have_peeked_data==0 || RCVLOWAT==0)
return 0;
- if (RCVLOWAT > sizeof(peekdata1)) {
- peekdata2 = gnutls_malloc( RCVLOWAT);
- if (peekdata2==NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- peek = peekdata2;
+ peekdata = gnutls_alloca( RCVLOWAT);
+ if (peekdata==NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- } else {
- peek = peekdata1;
- }
-
/* this was already read by using MSG_PEEK - so it shouldn't fail */
sum = 0;
do { /* we need this to finish now */
- ret = _gnutls_read( state, peek, RCVLOWAT-sum, 0);
+ ret = _gnutls_read( state, peekdata, RCVLOWAT-sum, 0);
if (ret > 0) sum+=ret;
} while( ret==GNUTLS_E_INTERRUPTED || ret==GNUTLS_E_AGAIN || sum < RCVLOWAT);
- /* This check is here to see if peekdata2 is malloced or
- * not. This is not clean I know.
- */
- if (peek==peekdata2) {
- gnutls_free(peekdata2);
- }
+ gnutls_afree(peekdata);
if (ret < 0) {
gnutls_assert();
@@ -634,7 +620,7 @@ ssize_t _gnutls_io_write_buffered2( GNUTLS_STATE state, const void *iptr, size_t
opaque* sptr;
ssize_t ret;
- sptr = gnutls_malloc( n+n2);
+ sptr = gnutls_alloca( n+n2);
if (sptr==NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
@@ -644,8 +630,8 @@ ssize_t _gnutls_io_write_buffered2( GNUTLS_STATE state, const void *iptr, size_t
memcpy( &sptr[n], iptr2, n2);
ret = _gnutls_io_write_buffered( state, sptr, n+n2);
- gnutls_free( sptr);
-
+ gnutls_afree( sptr);
+
return ret;
}
}
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 809f3d877c..9a2a54c06b 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -727,7 +727,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data,
/* first run */
datasize = i_datasize + HANDSHAKE_HEADER_SIZE;
- data = gnutls_malloc(datasize);
+ data = gnutls_alloca(datasize);
if (data == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
@@ -749,7 +749,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data,
if ( type != GNUTLS_HELLO_REQUEST)
if ( (ret= _gnutls_handshake_hash_add_sent( state, type, data, datasize)) < 0) {
gnutls_assert();
- gnutls_free(data);
+ gnutls_afree(data);
return ret;
}
@@ -757,7 +757,7 @@ int _gnutls_send_handshake(GNUTLS_STATE state, void *i_data,
_gnutls_handshake_io_send_int(state, GNUTLS_HANDSHAKE, type,
data, datasize);
- gnutls_free(data);
+ gnutls_afree(data);
return ret;
}
@@ -1429,9 +1429,11 @@ static int _gnutls_send_client_hello(GNUTLS_STATE state, int again)
data = NULL;
datalen = 0;
if (again == 0) {
+
datalen = 2 + (session_id_len + 1) + TLS_RANDOM_SIZE;
/* 2 for version, (4 for unix time + 28 for random bytes==TLS_RANDOM_SIZE)
*/
+
data = gnutls_malloc(datalen + 16); /* 16 is added to avoid realloc
* if no much data are added.
*/
@@ -1596,9 +1598,12 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again)
if (again == 0) {
datalen = 2 + session_id_len + 1 + TLS_RANDOM_SIZE + 3;
- data = gnutls_malloc(datalen);
+ extdatalen = _gnutls_gen_extensions(state, &extdata);
+
+ data = gnutls_alloca(datalen + extdatalen);
if (data == NULL) {
gnutls_assert();
+ gnutls_free(extdata);
return GNUTLS_E_MEMORY_ERROR;
}
@@ -1635,15 +1640,8 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again)
data[pos++] = comp;
- extdatalen = _gnutls_gen_extensions(state, &extdata);
if (extdatalen > 0) {
datalen += extdatalen;
- data = gnutls_realloc_fast(data, datalen);
- if (data == NULL) {
- gnutls_free(extdata);
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
memcpy(&data[pos], extdata, extdatalen);
gnutls_free(extdata);
@@ -1653,8 +1651,7 @@ static int _gnutls_send_server_hello(GNUTLS_STATE state, int again)
ret =
_gnutls_send_handshake(state, data, datalen,
GNUTLS_SERVER_HELLO);
- gnutls_free(data);
-
+ gnutls_afree(data);
return ret;
}
diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h
index f0eff9c580..9de14a0e94 100644
--- a/lib/gnutls_mem.h
+++ b/lib/gnutls_mem.h
@@ -7,6 +7,18 @@
typedef void svoid; /* for functions that allocate using gnutls_secure_free */
+/* Use gnutls_afree() when calling alloca, or
+ * memory leaks may occur in systems which do not
+ * support alloca.
+ */
+#ifdef HAVE_ALLOCA
+# define gnutls_alloca alloca
+# define gnutls_afree(x)
+#else
+# define gnutls_alloca gnutls_malloc
+# define gnutls_afree gnutls_free
+#endif /* HAVE_ALLOCA */
+
#ifdef USE_LIBCALLOC
# define gnutls_malloc malloc
# define gnutls_realloc realloc
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index acebba1c40..b823df4150 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -985,11 +985,6 @@ static int parse_der_cert_mem( gnutls_cert** cert_list, int* ncerts,
return GNUTLS_E_MEMORY_ERROR;
}
- /* set defaults to zero
- */
- memset( &cert_list[0][i - 1], 0,
- sizeof(gnutls_cert));
-
tmp.data = (opaque*) input_cert;
tmp.size = input_cert_size;
@@ -1062,10 +1057,6 @@ static int parse_pkcs7_cert_mem( gnutls_cert** cert_list, int* ncerts,
return GNUTLS_E_MEMORY_ERROR;
}
- /* set defaults to zero
- */
- memset( &cert_list[0][i - 1], 0, sizeof(gnutls_cert));
-
tmp2.data = pcert;
tmp2.size = pcert_size;
@@ -1138,10 +1129,6 @@ static int parse_pem_cert_mem( gnutls_cert** cert_list, int* ncerts,
gnutls_free(b64);
return GNUTLS_E_MEMORY_ERROR;
}
- /* set defaults to zero
- */
- memset( &cert_list[0][i - 1], 0,
- sizeof(gnutls_cert));
tmp.data = b64;
tmp.size = siz2;
@@ -2067,7 +2054,6 @@ int _gnutls_verify_x509_mem( const char *ca, int ca_size)
gnutls_free(b64);
return GNUTLS_E_MEMORY_ERROR;
}
- memset(&x509_ca_list[i - 1], 0, sizeof(gnutls_cert));
tmp.data = b64;
tmp.size = siz2;
diff --git a/lib/x509_asn1.c b/lib/x509_asn1.c
index 30ccd7df52..ed2ca636e7 100755
--- a/lib/x509_asn1.c
+++ b/lib/x509_asn1.c
@@ -123,10 +123,8 @@ _asn1_set_name(node_asn *node,char *name)
if(strlen(name))
{
- node->name=(char *) gnutls_malloc(strlen(name)+1);
+ node->name=(char *) gnutls_strdup( name);
if (node->name==NULL) return NULL;
- /* this strcpy is checked */
- strcpy(node->name, name);
}
else node->name=NULL;
return node;
@@ -1114,7 +1112,7 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
case TYPE_INTEGER: case TYPE_ENUMERATED:
if(len==0){
if(isdigit(value[0])){
- value_temp=(unsigned char *)gnutls_malloc(4);
+ value_temp=(unsigned char *)gnutls_alloca(4);
if (value_temp==NULL) return ASN_MEM_ERROR;
_asn1_convert_integer(value,value_temp,4, &len);
@@ -1125,7 +1123,7 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
while(p){
if(type_field(p->type)==TYPE_CONSTANT){
if((p->name) && (!strcmp(p->name,value))){
- value_temp=(unsigned char *)gnutls_malloc(4);
+ value_temp=(unsigned char *)gnutls_alloca(4);
if (value_temp==NULL) return ASN_MEM_ERROR;
_asn1_convert_integer(p->value,value_temp,4, &len);
@@ -1138,7 +1136,7 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
}
}
else{
- value_temp=(unsigned char *)gnutls_malloc(len);
+ value_temp=(unsigned char *)gnutls_alloca(len);
if (value_temp==NULL) return ASN_MEM_ERROR;
memcpy(value_temp,value,len);
}
@@ -1148,7 +1146,7 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
else negative=0;
if(negative && (type_field(node->type)==TYPE_ENUMERATED))
- {gnutls_free(value_temp);return ASN_VALUE_NOT_VALID;}
+ {gnutls_afree(value_temp);return ASN_VALUE_NOT_VALID;}
for(k=0;k<len-1;k++)
if(negative && (value_temp[k]!=0xFF)) break;
@@ -1158,19 +1156,19 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
(!negative && (value_temp[k]&0x80))) k--;
_asn1_length_der(len-k,NULL,&len2);
- temp=(unsigned char *)gnutls_malloc(len-k+len2);
+ temp=(unsigned char *)gnutls_alloca(len-k+len2);
if (temp==NULL) return ASN_MEM_ERROR;
_asn1_octet_der(value_temp+k,len-k,temp,&len2);
_asn1_set_value(node,temp,len2);
- gnutls_free(temp);
+ gnutls_afree(temp);
if(node->type&CONST_DEFAULT){
p=node->down;
while(type_field(p->type)!=TYPE_DEFAULT) p=p->right;
if(isdigit(p->value[0])){
- default_temp=(unsigned char *)gnutls_malloc(4);
+ default_temp=(unsigned char *)gnutls_alloca(4);
if (default_temp==NULL) return ASN_MEM_ERROR;
_asn1_convert_integer(p->value,default_temp,4,&len2);
@@ -1181,7 +1179,7 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
while(p2){
if(type_field(p2->type)==TYPE_CONSTANT){
if((p2->name) && (!strcmp(p2->name,p->value))){
- default_temp=(unsigned char *)gnutls_malloc(4);
+ default_temp=(unsigned char *)gnutls_alloca(4);
if (default_temp==NULL) return ASN_MEM_ERROR;
_asn1_convert_integer(p2->value,default_temp,4,&len2);
@@ -1200,9 +1198,9 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
}
if(k2==len2) _asn1_set_value(node,NULL,0);
}
- gnutls_free(default_temp);
+ gnutls_afree(default_temp);
}
- gnutls_free(value_temp);
+ gnutls_afree(value_temp);
break;
case TYPE_OBJECT_ID:
for(k=0;k<strlen(value);k++)
@@ -1246,21 +1244,21 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
break;
case TYPE_OCTET_STRING:
_asn1_length_der(len,NULL,&len2);
- temp=(unsigned char *)gnutls_malloc(len+len2);
+ temp=(unsigned char *)gnutls_alloca(len+len2);
if (temp==NULL) return ASN_MEM_ERROR;
_asn1_octet_der(value,len,temp,&len2);
_asn1_set_value(node,temp,len2);
- gnutls_free(temp);
+ gnutls_afree(temp);
break;
case TYPE_BIT_STRING:
_asn1_length_der((len>>3)+2,NULL,&len2);
- temp=(unsigned char *)gnutls_malloc((len>>3)+2+len2);
+ temp=(unsigned char *)gnutls_alloca((len>>3)+2+len2);
if (temp==NULL) return ASN_MEM_ERROR;
_asn1_bit_der(value,len,temp,&len2);
_asn1_set_value(node,temp,len2);
- gnutls_free(temp);
+ gnutls_afree(temp);
break;
case TYPE_CHOICE:
p=node->down;
@@ -1279,12 +1277,12 @@ asn1_write_value(node_asn *node_root,char *name,unsigned char *value,int len)
break;
case TYPE_ANY:
_asn1_length_der(len,NULL,&len2);
- temp=(unsigned char *)gnutls_malloc(len+len2);
+ temp=(unsigned char *)gnutls_alloca(len+len2);
if (temp==NULL) return ASN_MEM_ERROR;
_asn1_octet_der(value,len,temp,&len2);
_asn1_set_value(node,temp,len2);
- gnutls_free(temp);
+ gnutls_afree(temp);
break;
case TYPE_SEQUENCE_OF: case TYPE_SET_OF:
if(strcmp(value,"NEW")) return ASN_VALUE_NOT_VALID;
diff --git a/lib/x509_der.c b/lib/x509_der.c
index e1fbb4e0d5..26c8570522 100644
--- a/lib/x509_der.c
+++ b/lib/x509_der.c
@@ -672,7 +672,7 @@ _asn1_ordering_set(unsigned char *der,node_asn *node)
first=last=NULL;
while(p){
- p_vet=(struct vet *)gnutls_malloc( sizeof(struct vet));
+ p_vet=(struct vet *)gnutls_alloca( sizeof(struct vet));
if (p_vet==NULL) return;
p_vet->next=NULL;
@@ -702,13 +702,13 @@ _asn1_ordering_set(unsigned char *der,node_asn *node)
while(p2_vet){
if(p_vet->value>p2_vet->value){
/* change position */
- temp=(unsigned char *)gnutls_malloc( p_vet->end-counter);
+ temp=(unsigned char *)gnutls_alloca( p_vet->end-counter);
if (temp==NULL) return;
memcpy(temp,der+counter,p_vet->end-counter);
memmove(der+counter,der+p_vet->end,p2_vet->end-p_vet->end);
memcpy(der+p_vet->end,temp,p_vet->end-counter);
- gnutls_free(temp);
+ gnutls_afree(temp);
tag=p_vet->value;
p_vet->value=p2_vet->value;
@@ -724,7 +724,7 @@ _asn1_ordering_set(unsigned char *der,node_asn *node)
if(p_vet!=first) p_vet->prev->next=NULL;
else first=NULL;
- gnutls_free(p_vet);
+ gnutls_afree(p_vet);
p_vet=first;
}
}
@@ -756,7 +756,7 @@ _asn1_ordering_set_of(unsigned char *der,node_asn *node)
first=last=NULL;
while(p){
- p_vet=(struct vet *)gnutls_malloc(sizeof(struct vet));
+ p_vet=(struct vet *)gnutls_alloca(sizeof(struct vet));
if (p_vet==NULL) return;
p_vet->next=NULL;
@@ -796,13 +796,13 @@ _asn1_ordering_set_of(unsigned char *der,node_asn *node)
if(change==1){
/* change position */
- temp=(unsigned char *)gnutls_malloc(p_vet->end-counter);
+ temp=(unsigned char *)gnutls_alloca(p_vet->end-counter);
if (temp==NULL) return;
memcpy(temp,der+counter,p_vet->end-counter);
memmove(der+counter,der+p_vet->end,p2_vet->end-p_vet->end);
memcpy(der+p_vet->end,temp,p_vet->end-counter);
- gnutls_free(temp);
+ gnutls_afree(temp);
p_vet->end=counter+(p2_vet->end-p_vet->end);
}
@@ -814,7 +814,7 @@ _asn1_ordering_set_of(unsigned char *der,node_asn *node)
if(p_vet!=first) p_vet->prev->next=NULL;
else first=NULL;
- gnutls_free(p_vet);
+ gnutls_afree(p_vet);
p_vet=first;
}
}
@@ -1177,12 +1177,12 @@ asn1_get_der(node_asn *root,unsigned char *der,int len)
tag=_asn1_get_tag_der(der+counter,&class,&len2);
len2+=_asn1_get_length_der(der+counter+len2,&len3);
_asn1_length_der(len2+len3,NULL,&len4);
- temp2=(unsigned char *)gnutls_malloc(len2+len3+len4);
+ temp2=(unsigned char *)gnutls_alloca(len2+len3+len4);
if (temp2==NULL) return ASN_MEM_ERROR;
_asn1_octet_der(der+counter,len2+len3,temp2,&len4);
_asn1_set_value(p,temp2,len4);
- gnutls_free(temp2);
+ gnutls_afree(temp2);
counter+=len2+len3;
move=RIGHT;
break;
View Lorry Controller Status