From 3bd2a33c7ba41287fb6578059a555f70146b17de Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 10 Oct 2017 09:59:17 +0200 Subject: _gnutls_copy_certificate_auth_info: simplified and avoid multiple allocations Signed-off-by: Nikos Mavrogiannopoulos --- lib/auth/cert.c | 44 ++++++++++++++------------------------------ lib/auth/cert.h | 2 +- lib/tls13/certificate.c | 4 ++-- 3 files changed, 17 insertions(+), 33 deletions(-) diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 6d618a3532..2d02465089 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -69,14 +69,12 @@ _gnutls_selected_certs_set(gnutls_session_t session, typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64 } CertificateSigType; -/* Copies data from a internal certificate struct (gnutls_pcert_st) to - * exported certificate struct (cert_auth_info_t) +/* Moves data from a internal certificate struct (gnutls_pcert_st) to + * another internal certificate struct (cert_auth_info_t), and deinitializes + * the former. */ -int _gnutls_copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts) +int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts) { - /* Copy peer's information to auth_info_t - */ - int ret; size_t i, j; if (info->raw_certificate_list != NULL) { @@ -98,32 +96,18 @@ int _gnutls_copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * return GNUTLS_E_MEMORY_ERROR; } + info->cert_type = certs[0].type; + info->ncerts = ncerts; + for (i = 0; i < ncerts; i++) { - if (certs[i].cert.size > 0) { - ret = - _gnutls_set_datum(&info->raw_certificate_list[i], - certs[i].cert.data, - certs[i].cert.size); - if (ret < 0) { - gnutls_assert(); - goto clear; - } - } + info->raw_certificate_list[i].data = certs[i].cert.data; + info->raw_certificate_list[i].size = certs[i].cert.size; + certs[i].cert.data = NULL; + gnutls_pcert_deinit(&certs[i]); } - info->ncerts = ncerts; - info->cert_type = certs[0].type; + gnutls_free(certs); return 0; - - clear: - - for (j = 0; j < i; j++) - _gnutls_free_datum(&info->raw_certificate_list[j]); - - gnutls_free(info->raw_certificate_list); - info->raw_certificate_list = NULL; - - return ret; } /* returns 0 if the algo_to-check exists in the pk_algos list, @@ -837,7 +821,7 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session, } ret = - _gnutls_copy_certificate_auth_info(info, + _gnutls_pcert_to_auth_info(info, peer_certificate_list, peer_certificate_list_size); if (ret < 0) { @@ -845,7 +829,7 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session, goto cleanup; } - ret = 0; + return 0; cleanup: CLEAR_CERTS; diff --git a/lib/auth/cert.h b/lib/auth/cert.h index be999c946c..5d78148793 100644 --- a/lib/auth/cert.h +++ b/lib/auth/cert.h @@ -128,7 +128,7 @@ _gnutls_select_client_cert(gnutls_session_t session, const uint8_t * _data, size_t _data_size, gnutls_pk_algorithm_t * pk_algos, int pk_algos_length); -int _gnutls_copy_certificate_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts); +int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts); int _gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_entry_st *cs); diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index 147100be88..8099cd74b8 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -322,7 +322,7 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size) } ret = - _gnutls_copy_certificate_auth_info(info, + _gnutls_pcert_to_auth_info(info, peer_certificate_list, peer_certificate_list_size); if (ret < 0) { @@ -330,7 +330,7 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size) goto cleanup; } - ret = 0; + return 0; cleanup: for(x=0;x