certtool: combined all the seed decoding methods to a single one

That not only simplifies the code, but also allows decoding hex strings
which contain not hex chars (and that allows decoding hex of the form XX:XX:XX)

3 files changed, 44 insertions, 43 deletions

diff --git a/src/certtool-common.c b/src/certtool-common.c
index 97ec3523c3..7e18a7f09d 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -1298,28 +1298,17 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 
 			if (info->seed_size > 0) {
 				gnutls_keygen_data_st data;
-				gnutls_datum_t hexseed, seed;
 
-				hexseed.data = (void*)info->seed;
-				hexseed.size = info->seed_size;
-
-				ret = gnutls_hex_decode2(&hexseed, &seed);
-				if (ret < 0) {
-					fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret));
-					exit(1);
-				}
-
-				if (seed.size < 32) {
-					fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)seed.size);
+				if (info->seed_size < 32) {
+					fprintf(stderr, "For DH parameter generation a 32-byte seed value or larger is expected (have: %d); use -d 2 for more information.\n", (int)info->seed_size);
 					exit(1);
 				}
 
 				data.type = GNUTLS_KEYGEN_SEED;
-				data.data = seed.data;
-				data.size = seed.size;
+				data.data = (void*)info->seed;
+				data.size = info->seed_size;
 
 				ret = gnutls_x509_privkey_generate2(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE, &data, 1);
-				gnutls_free(seed.data);
 			} else {
 				ret = gnutls_x509_privkey_generate(pkey, GNUTLS_PK_DSA, bits, GNUTLS_PRIVKEY_FLAG_PROVABLE);
 			}
@@ -1435,3 +1424,27 @@ int generate_prime(FILE * outfile, int how, common_info_st * info)
 
 	return 0;
 }
+
+void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size)
+{
+	int ret;
+	size_t seed_size;
+
+	seed->size = hex_size;
+	seed->data = malloc(hex_size);
+
+	if (seed->data == NULL) {
+		fprintf(stderr, "memory error\n");
+		exit(1);
+	}
+
+	seed_size = hex_size;
+	ret = gnutls_hex2bin(hex, hex_size, seed->data, &seed_size);
+	if (ret < 0) {
+		fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret));
+		exit(1);
+	}
+	seed->size = seed_size;
+
+	return;
+}
diff --git a/src/certtool-common.h b/src/certtool-common.h
index 9b4aad9e8f..0bc9c259fc 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -57,7 +57,7 @@ typedef struct common_info {
 	/* for key generation */
 	unsigned provable;
 
-	const char *seed;
+	const unsigned char *seed;
 	unsigned seed_size;
 
 	const char *pin;
@@ -134,4 +134,6 @@ extern unsigned long lbuffer_size;
 
 void fix_lbuffer(unsigned long);
 
+void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size);
+
 #endif
diff --git a/src/certtool.c b/src/certtool.c
index 4ac8a1a983..d59d0e5e6d 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -157,28 +157,18 @@ generate_private_key_int(common_info_st * cinfo)
 
 	if (cinfo->seed_size > 0) {
 		gnutls_keygen_data_st data;
-		gnutls_datum_t hexseed, seed;
-
-		hexseed.data = (void*)cinfo->seed;
-		hexseed.size = cinfo->seed_size;
-
-		ret = gnutls_hex_decode2(&hexseed, &seed);
-		if (ret < 0) {
-			fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret));
-			exit(1);
-		}
 
 		data.type = GNUTLS_KEYGEN_SEED;
-		data.data = seed.data;
-		data.size = seed.size;
+		data.data = (void*)cinfo->seed;
+		data.size = cinfo->seed_size;
 
 		if (key_type == GNUTLS_PK_RSA) {
-			if ((bits == 3072 && seed.size != 32) || (bits == 2048 && seed.size != 28)) {
-				fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)seed.size);
+			if ((bits == 3072 && cinfo->seed_size != 32) || (bits == 2048 && cinfo->seed_size != 28)) {
+				fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)cinfo->seed_size);
 			}
 		} else if (key_type == GNUTLS_PK_DSA) {
-			if (seed.size != 65) {
-				fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)seed.size);
+			if (cinfo->seed_size != 65) {
+				fprintf(stderr, "The seed size (%d) doesn't match the size of the request security level; use -d 2 for more information.\n", (int)cinfo->seed_size);
 			}
 		}
 
@@ -223,15 +213,8 @@ static void verify_provable_privkey(common_info_st * cinfo)
 
 	pkey = load_private_key(1, cinfo);
 
-	if (HAVE_OPT(SEED)) {
-		char seed[256];
-		size_t seed_size = sizeof(seed);
-		ret = gnutls_hex2bin(OPT_ARG(SEED), strlen(OPT_ARG(SEED)), seed, &seed_size);
-		if (ret < 0) {
-			fprintf(stderr, "Could not hex decode data: %s\n", gnutls_strerror(ret));
-			exit(1);
-		}
-		ret = gnutls_privkey_verify_seed(pkey, 0, seed, seed_size);
+	if (cinfo->seed_size > 0) {
+		ret = gnutls_privkey_verify_seed(pkey, 0, cinfo->seed, cinfo->seed_size);
 	} else {
 		ret = gnutls_privkey_verify_seed(pkey, 0, NULL, 0);
 	}
@@ -1171,8 +1154,11 @@ static void cmd_parser(int argc, char **argv)
 		cinfo.verbose = 1;
 
 	if (HAVE_OPT(SEED)) {
-		cinfo.seed = OPT_ARG(SEED);
-		cinfo.seed_size = strlen(OPT_ARG(SEED));
+		gnutls_datum_t seed;
+		decode_seed(&seed, OPT_ARG(SEED), strlen(OPT_ARG(SEED)));
+
+		cinfo.seed = seed.data;
+		cinfo.seed_size = seed.size;
 	}
 
 	cinfo.batch = batch;