diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-08-29 15:17:42 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-09-04 10:47:16 +0200 |
commit | 7ef5f090715f7cb0200f9749061019a53f1bbed7 (patch) | |
tree | dfa36ca0b51382155cc8e9a92659f1365d4fb4c6 | |
parent | 9925d30b4c702449a9b5a68c31f6bbf3201f1f79 (diff) | |
download | gnutls-7ef5f090715f7cb0200f9749061019a53f1bbed7.tar.gz |
when importing a certificate, keep the DER data
Conflicts:
lib/x509/verify.c
-rw-r--r-- | lib/x509/common.c | 21 | ||||
-rw-r--r-- | lib/x509/common.h | 3 | ||||
-rw-r--r-- | lib/x509/crq.c | 2 | ||||
-rw-r--r-- | lib/x509/verify.c | 45 | ||||
-rw-r--r-- | lib/x509/x509.c | 33 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 1 |
6 files changed, 44 insertions, 61 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index 506d26909d..af7ce14f8b 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -1492,16 +1492,22 @@ _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name, * returns them into signed_data. */ int -_gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, +_gnutls_x509_get_signed_data(ASN1_TYPE src, const gnutls_datum *_der, + const char *src_name, gnutls_datum_t * signed_data) { - gnutls_datum_t der; int start, end, result; + gnutls_datum_t der; - result = _gnutls_x509_der_encode(src, "", &der, 0); - if (result < 0) { - gnutls_assert(); - return result; + if (_der == NULL) { + result = _gnutls_x509_der_encode(src, "", &der, 0); + if (result < 0) { + gnutls_assert(); + return result; + } + } else { + der.data = _der->data; + der.size = _der->size; } /* Get the signed data @@ -1526,7 +1532,8 @@ _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, result = 0; cleanup: - _gnutls_free_datum(&der); + if (_der == NULL) + _gnutls_free_datum(&der); return result; } diff --git a/lib/x509/common.h b/lib/x509/common.h index a1b2f680aa..20b0467950 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -148,7 +148,8 @@ int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der, int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name, ASN1_TYPE src, const char *src_name); -int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, +int _gnutls_x509_get_signed_data(ASN1_TYPE src, const gnutls_datum_t *der, + const char *src_name, gnutls_datum_t * signed_data); int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name, gnutls_datum_t * signature); diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 4e28fedd7c..efd587332e 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -2495,7 +2495,7 @@ int gnutls_x509_crq_verify(gnutls_x509_crq_t crq, unsigned int flags) gnutls_pk_params_init(¶ms); ret = - _gnutls_x509_get_signed_data(crq->crq, + _gnutls_x509_get_signed_data(crq->crq, NULL, "certificationRequestInfo", &data); if (ret < 0) { diff --git a/lib/x509/verify.c b/lib/x509/verify.c index a1d56a7a4f..ac666e5bee 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -42,37 +42,18 @@ int _gnutls_check_if_same_cert(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2) { - gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin = { - NULL, 0}; int result; result = _gnutls_is_same_dn(cert1, cert2); if (result == 0) return 0; - result = _gnutls_x509_der_encode(cert1->cert, "", &cert1bin, 0); - if (result < 0) { - result = 0; - gnutls_assert(); - goto cleanup; - } - - result = _gnutls_x509_der_encode(cert2->cert, "", &cert2bin, 0); - if (result < 0) { - result = 0; - gnutls_assert(); - goto cleanup; - } - - if ((cert1bin.size == cert2bin.size) && - (memcmp(cert1bin.data, cert2bin.data, cert1bin.size) == 0)) + if ((cert1->der.size == cert2->der.size) && + (memcmp(cert1->der.data, cert2->der.data, cert1->der.size) == 0)) result = 1; else result = 0; - cleanup: - _gnutls_free_datum(&cert1bin); - _gnutls_free_datum(&cert2bin); return result; } @@ -80,24 +61,14 @@ int _gnutls_check_if_same_cert2(gnutls_x509_crt_t cert1, gnutls_datum_t * cert2bin) { - gnutls_datum_t cert1bin = { NULL, 0 }; int result; - result = _gnutls_x509_der_encode(cert1->cert, "", &cert1bin, 0); - if (result < 0) { - result = 0; - gnutls_assert(); - goto cleanup; - } - - if ((cert1bin.size == cert2bin->size) && - (memcmp(cert1bin.data, cert2bin->data, cert1bin.size) == 0)) + if ((cert1->der.size == cert2bin->size) && + (memcmp(cert1->der.data, cert2bin->data, cert1->der.size) == 0)) result = 1; else result = 0; - cleanup: - _gnutls_free_datum(&cert1bin); return result; } @@ -125,7 +96,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, */ result = - _gnutls_x509_get_signed_data(issuer->cert, "tbsCertificate", + _gnutls_x509_get_signed_data(issuer->cert, &issuer->der, "tbsCertificate", &issuer_signed_data); if (result < 0) { gnutls_assert(); @@ -133,7 +104,7 @@ check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, } result = - _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate", + _gnutls_x509_get_signed_data(cert->cert, &cert->der, "tbsCertificate", &cert_signed_data); if (result < 0) { gnutls_assert(); @@ -466,7 +437,7 @@ _gnutls_verify_certificate2(gnutls_x509_crt_t cert, } result = - _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate", + _gnutls_x509_get_signed_data(cert->cert, &cert->der, "tbsCertificate", &cert_signed_data); if (result < 0) { gnutls_assert(); @@ -1123,7 +1094,7 @@ gnutls_x509_crl_verify(gnutls_x509_crl_t crl, } result = - _gnutls_x509_get_signed_data(crl->crl, "tbsCertList", + _gnutls_x509_get_signed_data(crl->crl, NULL, "tbsCertList", &crl_signed_data); if (result < 0) { gnutls_assert(); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2d642e04e8..0fbc2823f8 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -136,6 +136,7 @@ void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert) asn1_delete_structure(&cert->cert); gnutls_free(cert->raw_dn.data); gnutls_free(cert->raw_issuer_dn.data); + gnutls_free(cert->der.data); gnutls_free(cert); } @@ -160,16 +161,17 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; + int result = 0; if (cert == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - _data.data = data->data; - _data.size = data->size; + if (cert->der.data) { + gnutls_free(cert->der.data); + cert->der.data = NULL; + } /* If the Certificate is in PEM format then decode it */ @@ -177,22 +179,26 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, /* Try the first header */ result = _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, - data->size, &_data); + data->size, &cert->der); if (result <= 0) { /* try for the second header */ result = _gnutls_fbase64_decode(PEM_X509_CERT, data->data, data->size, - &_data); + &cert->der); if (result < 0) { gnutls_assert(); return result; } } - - need_free = 1; + } else { + result = _gnutls_set_datum(&cert->der, data->data, data->size); + if (result < 0) { + gnutls_assert(); + return result; + } } if (cert->expanded) { @@ -214,14 +220,14 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, } result = - asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL); + asn1_der_decoding(&cert->cert, cert->der.data, cert->der.size, NULL); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); goto cleanup; } - result = _gnutls_x509_get_raw_dn2(cert->cert, &_data, + result = _gnutls_x509_get_raw_dn2(cert->cert, &cert->der, "tbsCertificate.issuer.rdnSequence", &cert->raw_issuer_dn); if (result < 0) { @@ -229,7 +235,7 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, goto cleanup; } - result = _gnutls_x509_get_raw_dn2(cert->cert, &_data, + result = _gnutls_x509_get_raw_dn2(cert->cert, &cert->der, "tbsCertificate.subject.rdnSequence", &cert->raw_dn); if (result < 0) { @@ -242,14 +248,11 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert, /* Since we do not want to disable any extension */ cert->use_extensions = 1; - if (need_free) - _gnutls_free_datum(&_data); return 0; cleanup: - if (need_free) - _gnutls_free_datum(&_data); + _gnutls_free_datum(&cert->der); _gnutls_free_datum(&cert->raw_dn); _gnutls_free_datum(&cert->raw_issuer_dn); return result; diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 1648dcdb2a..e28c88b42d 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -56,6 +56,7 @@ typedef struct gnutls_x509_crt_int { gnutls_datum_t raw_dn; gnutls_datum_t raw_issuer_dn; + gnutls_datum_t der; struct pin_info_st pin; } gnutls_x509_crt_int; |