summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/gnutls_algorithms.c3
-rw-r--r--lib/gnutls_dh_primes.c8
-rw-r--r--lib/gnutls_mpi.c49
-rw-r--r--lib/gnutls_mpi.h4
-rw-r--r--lib/gnutls_pk.c43
-rw-r--r--lib/x509/mpi.c19
-rw-r--r--lib/x509/privkey.c18
-rw-r--r--lib/x509/x509.h3
8 files changed, 72 insertions, 75 deletions
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 0b31d7f620..3ac937f382 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1274,7 +1274,8 @@ _gnutls_supported_ciphersuites(gnutls_session session,
#define MIN_PRIVATE_COMP_ALGO 0xEF
-/* returns the TLS numbers of the compression methods we support */
+/* returns the TLS numbers of the compression methods we support
+ */
#define SUPPORTED_COMPRESSION_METHODS session->internals.compression_method_priority.algorithms
int
_gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index a966e33378..33584d8956 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -239,8 +239,6 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
ASN1_TYPE c2;
int result, need_free = 0;
gnutls_datum _params;
- int len;
- opaque str[MAX_PARAMETER_SIZE];
if (format == GNUTLS_X509_FMT_PEM) {
opaque *out;
@@ -288,8 +286,7 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
/* Read PRIME
*/
- len = sizeof(str) - 1;
- result = _gnutls_x509_read_int( c2, "prime", str, len, &params->_prime);
+ result = _gnutls_x509_read_int( c2, "prime", &params->_prime);
if ( result < 0) {
asn1_delete_structure(&c2);
gnutls_assert();
@@ -298,8 +295,7 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
/* read the generator
*/
- len = sizeof(str) - 1;
- result = _gnutls_x509_read_int( c2, "base", str, len, &params->_generator);
+ result = _gnutls_x509_read_int( c2, "base", &params->_generator);
if ( result < 0) {
asn1_delete_structure(&c2);
_gnutls_mpi_release( &params->_prime);
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index 64d885ce24..58271fdcdf 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -85,48 +85,81 @@ int _gnutls_mpi_print_lz( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ) {
* steps.
*/
int _gnutls_x509_read_int( ASN1_TYPE node, const char* value,
- char* tmpstr, int tmpstr_size, GNUTLS_MPI* ret_mpi)
+ GNUTLS_MPI* ret_mpi)
{
int len, result;
size_t s_len;
+opaque* tmpstr = NULL;
+int tmpstr_size;
- len = tmpstr_size;
- result = asn1_read_value( node, value, tmpstr, &len);
+ tmpstr_size = 0;
+ result = asn1_read_value( node, value, NULL, &tmpstr_size);
+ if (result != ASN1_MEM_ERROR) {
+ gnutls_assert();
+ return _gnutls_asn2err(result);
+ }
+
+ tmpstr = gnutls_alloca( tmpstr_size);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value( node, value, tmpstr, &tmpstr_size);
if (result != ASN1_SUCCESS) {
gnutls_assert();
+ gnutls_afree( tmpstr);
return _gnutls_asn2err(result);
}
s_len = len;
if (_gnutls_mpi_scan( ret_mpi, tmpstr, &s_len) != 0) {
gnutls_assert();
+ gnutls_afree( tmpstr);
return GNUTLS_E_MPI_SCAN_FAILED;
}
+ gnutls_afree( tmpstr);
+
return 0;
}
/* Writes the specified integer into the specified node.
*/
-int _gnutls_x509_write_int( ASN1_TYPE node, const char* value, GNUTLS_MPI mpi)
+int _gnutls_x509_write_int( ASN1_TYPE node, const char* value, GNUTLS_MPI mpi, int lz)
{
-opaque tmpstr[MAX_PARAMETER_SIZE];
+opaque *tmpstr;
size_t s_len;
int result;
- s_len = sizeof(tmpstr);
- if (_gnutls_mpi_print( tmpstr, &s_len, mpi) != 0) {
+ s_len = 0;
+ if (lz) result = _gnutls_mpi_print_lz( NULL, &s_len, mpi);
+ else result = _gnutls_mpi_print( NULL, &s_len, mpi);
+
+ tmpstr = gnutls_alloca( s_len);
+ if (tmpstr == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (lz) result = _gnutls_mpi_print_lz( tmpstr, &s_len, mpi);
+ else result = _gnutls_mpi_print( tmpstr, &s_len, mpi);
+
+ if (result != 0) {
gnutls_assert();
+ gnutls_afree( tmpstr);
return GNUTLS_E_MPI_PRINT_FAILED;
}
result = asn1_write_value( node, value, tmpstr, s_len);
+
+ gnutls_afree( tmpstr);
+
if (result != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
-
return 0;
}
diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h
index 4e0ab1ebf1..9a3c62bbf6 100644
--- a/lib/gnutls_mpi.h
+++ b/lib/gnutls_mpi.h
@@ -36,7 +36,7 @@ int _gnutls_mpi_print( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a );
int _gnutls_mpi_print_lz( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a );
int _gnutls_x509_read_int( ASN1_TYPE node, const char* value,
- char* tmpstr, int tmpstr_size, GNUTLS_MPI* ret_mpi);
-int _gnutls_x509_write_int( ASN1_TYPE node, const char* value, GNUTLS_MPI mpi);
+ GNUTLS_MPI* ret_mpi);
+int _gnutls_x509_write_int( ASN1_TYPE node, const char* value, GNUTLS_MPI mpi, int lz);
#endif
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 42df07dd4f..850a1d1adc 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -336,10 +336,7 @@ int _gnutls_rsa_verify( const gnutls_datum* vdata, const gnutls_datum *ciphertex
*/
static int encode_ber_rs( gnutls_datum* sig_value, GNUTLS_MPI r, GNUTLS_MPI s) {
ASN1_TYPE sig;
-int result;
-opaque str[MAX_PARAMETER_SIZE];
-size_t len = sizeof(str);
-size_t tot_len = 0;
+int result, tot_len;
if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue",
&sig))!=ASN1_SUCCESS) {
@@ -347,46 +344,36 @@ size_t tot_len = 0;
return _gnutls_asn2err(result);
}
- if ( _gnutls_mpi_print_lz( str, &len, r) < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return GNUTLS_E_MPI_PRINT_FAILED;
- }
- tot_len += len;
-
- result = asn1_write_value( sig, "r", str, len);
-
- if (result != ASN1_SUCCESS) {
+ result = _gnutls_x509_write_int( sig, "r", r, 1);
+ if ( result < 0) {
gnutls_assert();
asn1_delete_structure(&sig);
- return _gnutls_asn2err(result);
+ return result;
}
- len = sizeof(str) - 1;
- if ( _gnutls_mpi_print_lz( str, &len, s) < 0) {
+ result = _gnutls_x509_write_int( sig, "s", s, 1);
+ if (result < 0) {
gnutls_assert();
asn1_delete_structure(&sig);
- return GNUTLS_E_MPI_PRINT_FAILED;
+ return result;
}
- tot_len += len;
-
- result = asn1_write_value( sig, "s", str, len);
- if (result != ASN1_SUCCESS) {
+ tot_len = 0;
+ result = asn1_der_coding( sig, "", NULL, &tot_len, NULL);
+ if (result != ASN1_MEM_ERROR) {
gnutls_assert();
asn1_delete_structure(&sig);
return _gnutls_asn2err(result);
}
- sig_value->size = tot_len + 100;
+ sig_value->size = tot_len;
sig_value->data = gnutls_malloc( sig_value->size);
if (sig_value->data==NULL) {
gnutls_assert();
asn1_delete_structure(&sig);
+ return GNUTLS_E_MEMORY_ERROR;
}
- if (sig_value->data == NULL) sig_value->size = 0;
-
result = asn1_der_coding( sig, "", sig_value->data, &sig_value->size, NULL);
if (result != ASN1_SUCCESS) {
gnutls_assert();
@@ -448,8 +435,6 @@ int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *hash,
static int decode_ber_rs( const gnutls_datum* sig_value, GNUTLS_MPI* r, GNUTLS_MPI* s) {
ASN1_TYPE sig;
int result;
-opaque str[MAX_PARAMETER_SIZE];
-
if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue", &sig))!=ASN1_SUCCESS) {
gnutls_assert();
@@ -464,7 +449,7 @@ opaque str[MAX_PARAMETER_SIZE];
}
result =
- _gnutls_x509_read_int( sig, "r", str, sizeof(str)-1, r);
+ _gnutls_x509_read_int( sig, "r", r);
if (result < 0) {
gnutls_assert();
asn1_delete_structure(&sig);
@@ -472,7 +457,7 @@ opaque str[MAX_PARAMETER_SIZE];
}
result =
- _gnutls_x509_read_int( sig, "s", str, sizeof(str)-1, s);
+ _gnutls_x509_read_int( sig, "s", s);
if (result < 0) {
gnutls_assert();
_gnutls_mpi_release( s);
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 3793712956..5315a78e83 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -35,7 +35,6 @@
*/
int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
{
- opaque str[MAX_PARAMETER_SIZE];
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
@@ -56,14 +55,14 @@ int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
if ( (result=_gnutls_x509_read_int( spk, "modulus",
- str, sizeof(str)-1, &params[0])) < 0) {
+ &params[0])) < 0) {
gnutls_assert();
asn1_delete_structure(&spk);
return GNUTLS_E_ASN1_GENERIC_ERROR;
}
if ( (result=_gnutls_x509_read_int( spk, "publicExponent",
- str, sizeof(str)-1, &params[1])) < 0) {
+ &params[1])) < 0) {
gnutls_assert();
_gnutls_mpi_release(&params[0]);
asn1_delete_structure(&spk);
@@ -83,7 +82,6 @@ int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
*/
int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
{
- opaque str[MAX_PARAMETER_SIZE];
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
@@ -109,7 +107,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
/* Read p */
- if ( (result=_gnutls_x509_read_int( spk, "p", str, sizeof(str)-1, &params[0])) < 0) {
+ if ( (result=_gnutls_x509_read_int( spk, "p", &params[0])) < 0) {
gnutls_assert();
asn1_delete_structure(&spk);
return GNUTLS_E_ASN1_GENERIC_ERROR;
@@ -117,7 +115,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
/* Read q */
- if ( (result=_gnutls_x509_read_int( spk, "q", str, sizeof(str)-1, &params[1])) < 0) {
+ if ( (result=_gnutls_x509_read_int( spk, "q", &params[1])) < 0) {
gnutls_assert();
asn1_delete_structure(&spk);
_gnutls_mpi_release(&params[0]);
@@ -126,7 +124,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
/* Read g */
- if ( (result=_gnutls_x509_read_int( spk, "g", str, sizeof(str)-1, &params[2])) < 0) {
+ if ( (result=_gnutls_x509_read_int( spk, "g", &params[2])) < 0) {
gnutls_assert();
asn1_delete_structure(&spk);
_gnutls_mpi_release(&params[0]);
@@ -146,7 +144,6 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params)
*/
int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params)
{
- opaque str[MAX_PARAMETER_SIZE];
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
@@ -167,7 +164,7 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params)
/* Read p */
- if ( (result=_gnutls_x509_read_int( spk, "", str, sizeof(str)-1, &params[3])) < 0) {
+ if ( (result=_gnutls_x509_read_int( spk, "", &params[3])) < 0) {
gnutls_assert();
asn1_delete_structure(&spk);
return _gnutls_asn2err(result);
@@ -299,13 +296,13 @@ int _gnutls_x509_write_rsa_params( GNUTLS_MPI * params, int params_size,
return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_x509_write_int( spk, "modulus", params[0]);
+ result = _gnutls_x509_write_int( spk, "modulus", params[0], 0);
if (result < 0) {
gnutls_assert();
return result;
}
- result = _gnutls_x509_write_int( spk, "publicExponent", params[1]);
+ result = _gnutls_x509_write_int( spk, "publicExponent", params[1], 0);
if (result < 0) {
gnutls_assert();
return result;
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index fd5d54a3d4..57e62c9f9c 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -81,7 +81,6 @@ ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum *raw_key,
gnutls_x509_privkey pkey)
{
int result;
- opaque str[MAX_PARAMETER_SIZE];
ASN1_TYPE pkey_asn;
if ((result =
@@ -105,37 +104,32 @@ ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum *raw_key,
}
if ((result = _gnutls_x509_read_int(pkey_asn, "modulus",
- str, sizeof(str) - 1,
&pkey->params[0])) < 0) {
gnutls_assert();
goto error;
}
if ((result =
- _gnutls_x509_read_int(pkey_asn, "publicExponent", str,
- sizeof(str) - 1,
+ _gnutls_x509_read_int(pkey_asn, "publicExponent",
&pkey->params[1])) < 0) {
gnutls_assert();
goto error;
}
if ((result =
- _gnutls_x509_read_int(pkey_asn, "privateExponent", str,
- sizeof(str) - 1,
+ _gnutls_x509_read_int(pkey_asn, "privateExponent",
&pkey->params[2])) < 0) {
gnutls_assert();
goto error;
}
if ((result = _gnutls_x509_read_int(pkey_asn, "prime1",
- str, sizeof(str) - 1,
&pkey->params[3])) < 0) {
gnutls_assert();
goto error;
}
if ((result = _gnutls_x509_read_int(pkey_asn, "prime2",
- str, sizeof(str) - 1,
&pkey->params[4])) < 0) {
gnutls_assert();
goto error;
@@ -157,7 +151,7 @@ ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( const gnutls_datum *raw_key,
/* p, q */
#else
if ( (result=_gnutls_x509_read_int( pkey_asn, "coefficient",
- str, sizeof(str)-1, &pkey->params[5])) < 0) {
+ &pkey->params[5])) < 0) {
gnutls_assert();
goto error;
}
@@ -182,7 +176,6 @@ static ASN1_TYPE decode_dsa_key( const gnutls_datum* raw_key,
gnutls_x509_privkey pkey)
{
int result;
- opaque str[MAX_PARAMETER_SIZE];
ASN1_TYPE dsa_asn;
if ((result =
@@ -206,35 +199,30 @@ static ASN1_TYPE decode_dsa_key( const gnutls_datum* raw_key,
}
if ((result = _gnutls_x509_read_int(dsa_asn, "p",
- str, sizeof(str) - 1,
&pkey->params[0])) < 0) {
gnutls_assert();
goto error;
}
if ((result = _gnutls_x509_read_int(dsa_asn, "q",
- str, sizeof(str) - 1,
&pkey->params[1])) < 0) {
gnutls_assert();
goto error;
}
if ((result = _gnutls_x509_read_int(dsa_asn, "g",
- str, sizeof(str) - 1,
&pkey->params[2])) < 0) {
gnutls_assert();
goto error;
}
if ((result = _gnutls_x509_read_int(dsa_asn, "Y",
- str, sizeof(str) - 1,
&pkey->params[3])) < 0) {
gnutls_assert();
goto error;
}
if ((result = _gnutls_x509_read_int(dsa_asn, "priv",
- str, sizeof(str) - 1,
&pkey->params[4])) < 0) {
gnutls_assert();
goto error;
diff --git a/lib/x509/x509.h b/lib/x509/x509.h
index 6f061c5577..b8767a478b 100644
--- a/lib/x509/x509.h
+++ b/lib/x509/x509.h
@@ -20,9 +20,6 @@ typedef struct gnutls_x509_crt_int {
gnutls_pk_algorithm signature_algorithm;
} gnutls_x509_crt_int;
-/* Raw encoded parameter.
- */
-#define MAX_PARAMETER_SIZE 2400
#define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */
View Lorry Controller Status