diff options
-rw-r--r-- | doc/tex/ex-pgp-keyserver.tex | 2 | ||||
-rw-r--r-- | lib/Makefile.am | 2 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 16 | ||||
-rw-r--r-- | lib/strfile.h | 8 | ||||
-rw-r--r-- | libextra/gnutls_openpgp.c | 169 | ||||
-rw-r--r-- | libextra/openpgp/openpgp.h | 2 | ||||
-rw-r--r-- | src/serv.c | 2 |
7 files changed, 72 insertions, 129 deletions
diff --git a/doc/tex/ex-pgp-keyserver.tex b/doc/tex/ex-pgp-keyserver.tex index d77da44528..fe64022075 100644 --- a/doc/tex/ex-pgp-keyserver.tex +++ b/doc/tex/ex-pgp-keyserver.tex @@ -26,7 +26,7 @@ recv_openpgp_key(gnutls_session session, const unsigned char *keyfpr, unsigned int keyfpr_length, gnutls_datum * key) { int rc; - CDK_KBNODE knode = NULL; + cdk_kbnode_t knode = NULL; /* The key fingerprint should be 20 bytes * in v4 keys. diff --git a/lib/Makefile.am b/lib/Makefile.am index 1e31ad4034..7924cfcdea 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -23,7 +23,7 @@ EXTRA_DIST = debug.h gnutls_compress.h defines.h gnutls.asn pkix.asn \ libgnutls-config.in libgnutls.m4 gnutls.h.in.in gnutls_errors_int.h \ gnutls-api.tex gnutls_datum.h auth_cert.h gnutls_mpi.h \ gnutls_pk.h gnutls_record.h gnutls_cert.h \ - gnutls_constate.h gnutls_global.h \ + gnutls_constate.h gnutls_global.h strfile.h \ gnutls_sig.h gnutls_mem.h gnutls_ui.h \ io_debug.h ext_max_record.h gnutls_session_pack.h \ gnutls_alert.h gnutls_str.h gnutls_state.h gnutls_x509.h \ diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index af0e47b436..3481c63091 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -619,13 +619,9 @@ static int read_key_mem(gnutls_certificate_credentials res, const char *key, int # include <sys/mman.h> #endif -typedef struct { - opaque * data; - size_t size; - int mmaped; -} strfile; +#include <strfile.h> -inline static void _strfile_free( strfile *x) +void _gnutls_strfile_free( strfile *x) { #ifdef HAVE_MMAP if (x->mmaped) { @@ -725,7 +721,7 @@ static int read_cert_file(gnutls_certificate_credentials res, const char *certfi } ret = read_cert_mem( res, x.data, x.size, type); - _strfile_free(&x); + _gnutls_strfile_free(&x); return ret; @@ -749,7 +745,7 @@ static int read_key_file(gnutls_certificate_credentials res, const char *keyfile } ret = read_key_mem( res, x.data, x.size, type); - _strfile_free(&x); + _gnutls_strfile_free(&x); return ret; } @@ -1256,7 +1252,7 @@ int gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials res, ret = parse_pem_ca_mem( &res->x509_ca_list, &res->x509_ncas, x.data, x.size); - _strfile_free(&x); + _gnutls_strfile_free(&x); if (ret < 0) { gnutls_assert(); @@ -1509,7 +1505,7 @@ int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials res, ret = parse_pem_crl_mem( &res->x509_crl_list, &res->x509_ncrls, x.data, x.size); - _strfile_free(&x); + _gnutls_strfile_free(&x); if (ret < 0) { gnutls_assert(); diff --git a/lib/strfile.h b/lib/strfile.h new file mode 100644 index 0000000000..56ed41fed1 --- /dev/null +++ b/lib/strfile.h @@ -0,0 +1,8 @@ +typedef struct { + opaque * data; + size_t size; + int mmaped; +} strfile; + +void _gnutls_strfile_free( strfile *x); +strfile _gnutls_file_to_str( const char * file); diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index 602cbf44d3..7fbfc4f2d9 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -29,6 +29,7 @@ #ifdef HAVE_LIBOPENCDK #include <gnutls/compat8.h> +#include <strfile.h> #include <gnutls_str.h> #include <stdio.h> #include <gcrypt.h> @@ -240,34 +241,6 @@ search_packet( const gnutls_datum *buf, int pkttype ) return pkt; } - -static int -stream_to_datum( cdk_stream_t inp, gnutls_datum *raw ) -{ - uint8 buf[4096]; - int rc = 0, nread, nbytes = 0; - - if( !buf || !raw ) { - gnutls_assert( ); - return GNUTLS_E_INVALID_REQUEST; - } - - cdk_stream_seek( inp, 0 ); - while( !cdk_stream_eof( inp ) ) { - nread = cdk_stream_read( inp, buf, sizeof buf-1 ); - if( nread == EOF ) - break; - datum_append( raw, buf, nread ); - nbytes += nread; - } - cdk_stream_seek( inp, 0 ); - if( !nbytes ) - rc = GNUTLS_E_INTERNAL_ERROR; - - return rc; -} - - static int openpgp_pk_to_gnutls_cert( gnutls_cert *cert, cdk_pkt_pubkey_t pk ) { @@ -510,6 +483,16 @@ leave: } +/** + * gnutls_certificate_set_openpgp_key_mem - Used to set OpenPGP keys + * @res: the destination context to save the data. + * @cert: the datum that contains the public key. + * @key: the datum that contains the secret key. + * + * This funtion is used to load OpenPGP keys into the GnuTLS credential structure. + * It doesn't matter whether the keys are armored or but, but the files + * should only contain one key which should not be encrypted. + **/ int gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, gnutls_datum *cert, @@ -527,10 +510,12 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, } rc = cdk_kbnode_read_from_mem( &knode, cert->data, cert->size ); - if( (rc = _gnutls_map_cdk_rc( rc )) ) +fprintf(stderr,"ERR: %s\n", cdk_strerror( rc)); + if( (rc = _gnutls_map_cdk_rc( rc )) ) { + gnutls_assert(); goto leave; + } - /* fixme: too much duplicated code from (set_openpgp_key_file) */ res->cert_list = gnutls_realloc_fast(res->cert_list, (1+res->ncerts)*sizeof(gnutls_cert*)); if (res->cert_list == NULL) { @@ -554,8 +539,10 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, i = 1; while( (p = cdk_kbnode_walk( knode, &ctx, 0 )) ) { pkt = cdk_kbnode_get_packet( p ); - if( i > MAX_PUBLIC_PARAMS_SIZE ) + if( i > MAX_PUBLIC_PARAMS_SIZE ) { + gnutls_assert(); break; + } if( pkt->pkttype == CDK_PKT_PUBLIC_KEY ) { int n = res->ncerts; cdk_pkt_pubkey_t pk = pkt->pkt.public_key; @@ -584,6 +571,10 @@ gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, return rc; } rc = _gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], &raw ); + if (rc) { + gnutls_assert(); + } + _gnutls_free_datum(&raw); leave: @@ -596,17 +587,17 @@ leave: /** * gnutls_certificate_set_openpgp_key_file - Used to set OpenPGP keys * @res: the destination context to save the data. - * @CERTFILE: the file that contains the public key. - * @KEYFILE: the file that contains the secret key. + * @certfile: the file that contains the public key. + * @keyfile: the file that contains the secret key. * - * This funtion is used to load OpenPGP keys into the GnuTLS structure. + * This funtion is used to load OpenPGP keys into the GnuTLS credentials structure. * It doesn't matter whether the keys are armored or but, but the files * should only contain one key which should not be encrypted. **/ int gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res, - char* CERTFILE, - char* KEYFILE ) + char* certfile, + char* keyfile ) { struct stat statbuf; cdk_stream_t inp = NULL; @@ -615,100 +606,48 @@ gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res, gnutls_datum raw; int i = 0, n; int rc = 0; - - if( !res || !KEYFILE || !CERTFILE ) { + gnutls_datum key, cert; + strfile xcert, xkey; + + if( !res || !keyfile || !certfile ) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - if( stat( CERTFILE, &statbuf ) || stat( KEYFILE, &statbuf ) ) { + if( stat( certfile, &statbuf ) || stat( keyfile, &statbuf ) ) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; } - rc = cdk_stream_open( CERTFILE, &inp ); - if( rc ) { - gnutls_assert(); - return _gnutls_map_cdk_rc( rc ); - } - - if( cdk_armor_filter_use( inp ) ) - cdk_stream_set_armor_flag( inp, 0 ); - - n = (1 + res->ncerts) * sizeof (gnutls_cert*); - res->cert_list = gnutls_realloc_fast( res->cert_list, n ); - if( !res->cert_list ) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - n = (1 + res->ncerts) * sizeof (int); - res->cert_list_length = gnutls_realloc_fast( res->cert_list_length, n ); - if( !res->cert_list_length ) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + xcert = _gnutls_file_to_str( certfile); + if (xcert.data == NULL) { + gnutls_assert(); + return GNUTLS_E_FILE_ERROR; } - res->cert_list[res->ncerts] = gnutls_calloc( 1, sizeof(gnutls_cert) ); - if( !res->cert_list[res->ncerts] ) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + xkey = _gnutls_file_to_str( keyfile); + if (xkey.data == NULL) { + gnutls_assert(); + _gnutls_strfile_free(&xcert); + return GNUTLS_E_FILE_ERROR; } - while( !rc ) { - i = 1; - rc = cdk_keydb_get_keyblock( inp, &knode ); - while( knode && (p = cdk_kbnode_walk( knode, &ctx, 0 )) ) { - if( i > MAX_PUBLIC_PARAMS_SIZE ) - break; - pkt = cdk_kbnode_get_packet( p ); - if( pkt->pkttype == CDK_PKT_PUBLIC_KEY ) { - int n = res->ncerts; - cdk_pkt_pubkey_t pk = pkt->pkt.public_key; - res->cert_list_length[n] = 1; - stream_to_datum( inp, &res->cert_list[n][0].raw ); - openpgp_pk_to_gnutls_cert( &res->cert_list[n][0], pk ); - i++; - } - } - } - if( rc == CDK_EOF && i > 1 ) - rc = 0; - cdk_stream_close( inp ); - if( rc ) { - cdk_kbnode_release( knode ); - - gnutls_assert(); - rc = _gnutls_map_cdk_rc( rc ); - goto leave; - } - cdk_kbnode_release( knode ); - - rc = cdk_stream_open( KEYFILE, &inp ); - if( rc ) { - gnutls_assert(); - return _gnutls_map_cdk_rc( rc ); - } - if( cdk_armor_filter_use( inp ) ) - cdk_stream_set_armor_flag( inp, 0 ); + key.data = xkey.data; + key.size = xkey.size; + + cert.data = xcert.data; + cert.size = xcert.size; - memset( &raw, 0, sizeof raw ); - stream_to_datum( inp, &raw ); - cdk_stream_close( inp ); + rc = gnutls_certificate_set_openpgp_key_mem( res, + &cert, &key); - n = (res->ncerts + 1) * sizeof (gnutls_privkey); - res->pkey = gnutls_realloc_fast( res->pkey, n ); - if( !res->pkey ) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - res->ncerts++; - /* ncerts has been incremented before */ - rc = _gnutls_openpgp_key2gnutls_key( &res->pkey[res->ncerts-1], &raw ); + _gnutls_strfile_free(&xcert); + _gnutls_strfile_free(&xkey); - leave: - return rc; + if (rc < 0) { + gnutls_assert(); + return rc; + } } diff --git a/libextra/openpgp/openpgp.h b/libextra/openpgp/openpgp.h index 2899919eb5..0986f99a96 100644 --- a/libextra/openpgp/openpgp.h +++ b/libextra/openpgp/openpgp.h @@ -34,7 +34,7 @@ gnutls_openpgp_key_get_name( gnutls_openpgp_key key, char *buf, size_t *sizeof_buf); int gnutls_openpgp_key_get_fingerprint( gnutls_openpgp_key key, unsigned char *fpr, size_t *fprlen); -int gnutls_openpgp_key_get_pk_algorithm( gnutls_openpgp_key key, int *r_bits); +int gnutls_openpgp_key_get_pk_algorithm( gnutls_openpgp_key key, unsigned int *bits); int gnutls_openpgp_key_get_version( gnutls_openpgp_key key); time_t gnutls_openpgp_key_get_creation_time( gnutls_openpgp_key key); time_t gnutls_openpgp_key_get_expiration_time( gnutls_openpgp_key key); diff --git a/src/serv.c b/src/serv.c index 1e901a8044..510dfd185a 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1126,7 +1126,7 @@ recv_openpgp_key(gnutls_session session, const unsigned char *keyfpr, static const char hostname[] = "hkp://wwwkeys.pgp.net"; static const int port = 11371; int rc; - CDK_KBNODE knode = NULL; + cdk_kbnode_t knode = NULL; unsigned int i; fprintf(stderr, "must recv: "); |