From bd2d8e584d269e56512ada979cf4bfc7173743e8 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 28 Mar 2003 12:28:33 +0000 Subject: several cleanups. --- lib/gnutls.h.in.in | 3 +- lib/gnutls_alert.c | 11 +++-- lib/gnutls_alert.h | 3 +- lib/x509/common.c | 124 +++++++++++++++++++++++++++++++++++++++++++++++ lib/x509/common.h | 6 +++ lib/x509/privkey_pkcs8.c | 48 ------------------ lib/x509/x509.c | 76 ----------------------------- lib/x509/x509.h | 6 --- 8 files changed, 141 insertions(+), 136 deletions(-) diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 348ee1cdd7..329f7e22f1 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -94,7 +94,8 @@ typedef enum gnutls_alert_description { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_DECRYPT_ERROR, GNUTLS_A_EXPORT_RESTRICTION=60, GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, GNUTLS_A_NO_RENEGOTIATION=100, GNUTLS_A_UNSUPPORTED_EXTENSION=110, - GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112 + GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112, + GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121 } gnutls_alert_description; typedef enum gnutls_handshake_description { GNUTLS_HANDSHAKE_HELLO_REQUEST, diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 68ec163551..a4731efa3f 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -57,6 +57,8 @@ static const gnutls_alert_entry sup_alerts[] = { { GNUTLS_A_CERTIFICATE_UNOBTAINABLE, "Could not retrieve the specified certificate" }, { GNUTLS_A_UNSUPPORTED_EXTENSION, "An unsupported extension was sent" }, { GNUTLS_A_UNRECOGNIZED_NAME, "The server name sent was not recognized" }, + { GNUTLS_A_UNKNOWN_SRP_USERNAME, "The SRP username is not known" }, + { GNUTLS_A_MISSING_SRP_USERNAME, "The SRP username was not sent" }, {0, NULL} }; @@ -150,9 +152,7 @@ int _level = -1; _level = GNUTLS_AL_FATAL; break; case GNUTLS_E_EMPTY_SRP_USERNAME: - /* FIXME: needs to be changed - */ - ret = GNUTLS_A_ACCESS_DENIED; + ret = GNUTLS_A_MISSING_SRP_USERNAME; _level = GNUTLS_AL_FATAL; break; case GNUTLS_E_DECOMPRESSION_FAILED: @@ -181,13 +181,16 @@ int _level = -1; break; case GNUTLS_E_UNKNOWN_CIPHER_SUITE: case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM: - case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION: case GNUTLS_E_INSUFICIENT_CREDENTIALS: case GNUTLS_E_NO_CIPHER_SUITES: case GNUTLS_E_NO_COMPRESSION_ALGORITHMS: ret = GNUTLS_A_HANDSHAKE_FAILURE; _level = GNUTLS_AL_FATAL; break; + case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION: + ret = GNUTLS_A_UNSUPPORTED_EXTENSION; + _level = GNUTLS_AL_FATAL; + break; case GNUTLS_E_UNEXPECTED_PACKET: ret = GNUTLS_A_UNEXPECTED_MESSAGE; _level = GNUTLS_AL_FATAL; diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h index ba815c889a..e877c9ab57 100644 --- a/lib/gnutls_alert.h +++ b/lib/gnutls_alert.h @@ -14,7 +14,8 @@ typedef enum AlertDescription { GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, GNUTLS_A_NO_RENEGOTIATION=100, GNUTLS_A_UNSUPPORTED_EXTENSION=110, - GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112 + GNUTLS_A_CERTIFICATE_UNOBTAINABLE=111, GNUTLS_A_UNRECOGNIZED_NAME=112, + GNUTLS_A_UNKNOWN_SRP_USERNAME=120, GNUTLS_A_MISSING_SRP_USERNAME=121 } gnutls_alert_description; gnutls_alert_description gnutls_alert_get( gnutls_session session); diff --git a/lib/x509/common.c b/lib/x509/common.c index a7273f04e5..a2ce341cfb 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -27,6 +27,7 @@ #include #include #include +#include #include typedef struct _oid2string { @@ -487,3 +488,126 @@ gnutls_x509_subject_alt_name _gnutls_x509_san_find_type( char* str_type) { if (strcmp( str_type, "iPAddress")==0) return GNUTLS_SAN_IPADDRESS; return -1; } + +/* A generic export function. Will export the given ASN.1 encoded data + * to PEM or DER raw data. + */ +int _gnutls_x509_export_int( ASN1_TYPE asn1_data, + gnutls_x509_crt_fmt format, char* pem_header, + int tmp_buf_size, unsigned char* output_data, int* output_data_size) +{ + int result; + if (tmp_buf_size == 0) tmp_buf_size = 16*1024; + + if (format == GNUTLS_X509_FMT_DER) { + if (output_data == NULL) *output_data_size = 0; + + if ((result=asn1_der_coding( asn1_data, "", output_data, output_data_size, NULL)) != ASN1_SUCCESS) { + if (result == ASN1_MEM_ERROR) + return GNUTLS_E_SHORT_MEMORY_BUFFER; + + gnutls_assert(); + return _gnutls_asn2err(result); + } + + } else { /* PEM */ + opaque *tmp; + opaque *out; + int len = tmp_buf_size; + + tmp = gnutls_alloca( len); + if (tmp == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + if ((result=asn1_der_coding( asn1_data, "", tmp, &len, NULL)) != ASN1_SUCCESS) { + gnutls_assert(); + if (result == ASN1_MEM_ERROR) { + _gnutls_x509_log("Length required for der coding: %d\n", len); + *output_data_size = B64FSIZE(strlen(pem_header),len); + } + gnutls_afree(tmp); + return _gnutls_asn2err(result); + } + + result = _gnutls_fbase64_encode( pem_header, + tmp, len, &out); + + gnutls_afree(tmp); + + if (result < 0) { + gnutls_assert(); + return result; + } + + if (result == 0) { /* oooops */ + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + + if (result + 1 > *output_data_size) { + gnutls_assert(); + gnutls_free(out); + *output_data_size = result; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + *output_data_size = result; + + if (output_data) { + memcpy( output_data, out, result); + output_data[result] = 0; + } + gnutls_free( out); + + } + + return 0; +} + +/* DER Encodes the src ASN1_TYPE and stores it to + * dest in dest_name. Usefull to encode something and store it + * as OCTET. + */ +int _gnutls_x509_der_encode_and_copy( ASN1_TYPE src, const char* src_name, + ASN1_TYPE dest, const char* dest_name) +{ +int size, result; +opaque *data = NULL; + + size = 0; + result = asn1_der_coding( src, src_name, NULL, &size, NULL); + if (result != ASN1_MEM_ERROR) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + /* allocate data for the der + */ + data = gnutls_alloca( size); + if (data == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + result = asn1_der_coding( src, src_name, data, &size, NULL); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + gnutls_afree(data); + return _gnutls_asn2err(result); + } + + /* Write the key derivation algorithm + */ + result = asn1_write_value( dest, dest_name, data, size); + + gnutls_afree(data); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + return 0; +} diff --git a/lib/x509/common.h b/lib/x509/common.h index 0661c4d153..2d90b941a0 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -35,3 +35,9 @@ const char* _gnutls_x509_mac2oid( gnutls_mac_algorithm mac); time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when); gnutls_x509_subject_alt_name _gnutls_x509_san_find_type( char* str_type); + +int _gnutls_x509_der_encode_and_copy( ASN1_TYPE src, const char* src_name, + ASN1_TYPE dest, const char* dest_name); +int _gnutls_x509_export_int( ASN1_TYPE asn1_data, + gnutls_x509_crt_fmt format, char* pem_header, + int tmp_buf_size, unsigned char* output_data, int* output_data_size); diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 108f91ab57..b0b0c1a2e9 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -894,54 +894,6 @@ int key_size; } - -/* DER Encodes the src ASN1_TYPE and stores it to - * dest in dest_name. Usefull to encode something and store it - * as OCTET. - */ -int _gnutls_x509_der_encode_and_copy( ASN1_TYPE src, const char* src_name, - ASN1_TYPE dest, const char* dest_name) -{ -int size, result; -opaque *data = NULL; - - size = 0; - result = asn1_der_coding( src, src_name, NULL, &size, NULL); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - /* allocate data for the der - */ - data = gnutls_alloca( size); - if (data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - result = asn1_der_coding( src, src_name, data, &size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_afree(data); - return _gnutls_asn2err(result); - } - - /* Write the key derivation algorithm - */ - result = asn1_write_value( dest, dest_name, data, size); - - gnutls_afree(data); - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - return 0; -} - - /* Writes the PBKDF2 parameters. */ static int write_pbkdf2_params( ASN1_TYPE pbes2_asn, const struct pbkdf2_params *kdf_params) diff --git a/lib/x509/x509.c b/lib/x509/x509.c index ad72a05d1c..75f0bdd86d 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1091,79 +1091,3 @@ int gnutls_x509_crt_export( gnutls_x509_crt cert, } -/* A generic export function. Will export the given ASN.1 encoded data - * to PEM or DER raw data. - */ -int _gnutls_x509_export_int( ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt format, char* pem_header, - int tmp_buf_size, unsigned char* output_data, int* output_data_size) -{ - int result; - if (tmp_buf_size == 0) tmp_buf_size = 16*1024; - - if (format == GNUTLS_X509_FMT_DER) { - if (output_data == NULL) *output_data_size = 0; - - if ((result=asn1_der_coding( asn1_data, "", output_data, output_data_size, NULL)) != ASN1_SUCCESS) { - if (result == ASN1_MEM_ERROR) - return GNUTLS_E_SHORT_MEMORY_BUFFER; - - gnutls_assert(); - return _gnutls_asn2err(result); - } - - } else { /* PEM */ - opaque *tmp; - opaque *out; - int len = tmp_buf_size; - - tmp = gnutls_alloca( len); - if (tmp == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - if ((result=asn1_der_coding( asn1_data, "", tmp, &len, NULL)) != ASN1_SUCCESS) { - gnutls_assert(); - if (result == ASN1_MEM_ERROR) { - _gnutls_x509_log("Length required for der coding: %d\n", len); - *output_data_size = B64FSIZE(strlen(pem_header),len); - } - gnutls_afree(tmp); - return _gnutls_asn2err(result); - } - - result = _gnutls_fbase64_encode( pem_header, - tmp, len, &out); - - gnutls_afree(tmp); - - if (result < 0) { - gnutls_assert(); - return result; - } - - if (result == 0) { /* oooops */ - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (result + 1 > *output_data_size) { - gnutls_assert(); - gnutls_free(out); - *output_data_size = result; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - *output_data_size = result; - - if (output_data) { - memcpy( output_data, out, result); - output_data[result] = 0; - } - gnutls_free( out); - - } - - return 0; -} diff --git a/lib/x509/x509.h b/lib/x509/x509.h index 149767f885..6f061c5577 100644 --- a/lib/x509/x509.h +++ b/lib/x509/x509.h @@ -64,9 +64,6 @@ typedef struct gnutls_x509_privkey_int { ASN1_TYPE key; } gnutls_x509_privkey_int; -int _gnutls_x509_der_encode_and_copy( ASN1_TYPE src, const char* src_name, - ASN1_TYPE dest, const char* dest_name); - typedef struct gnutls_x509_crt_int *gnutls_x509_crt; typedef struct gnutls_x509_crl_int *gnutls_x509_crl; typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey; @@ -140,8 +137,5 @@ int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey key, int gnutls_x509_privkey_export( gnutls_x509_privkey key, gnutls_x509_crt_fmt format, unsigned char* output_data, int* output_data_size); -int _gnutls_x509_export_int( ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt format, char* pem_header, - int tmp_buf_size, unsigned char* output_data, int* output_data_size); #endif -- cgit v1.2.1