[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-27-ged47ba4
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-27-ged47ba4 |
|
Date: |
Tue, 13 Mar 2012 18:31:50 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ed47ba432db398246edceacd37374973fcf59495
The branch, master has been updated
via ed47ba432db398246edceacd37374973fcf59495 (commit)
via 70cdfb18838d8fea5b5d2deb027f1ddd02486726 (commit)
via d0935acf38469e447d843b64fb7f56eee0c47288 (commit)
via 23b6bc58488b4938692fba8b041cbab2fc10296c (commit)
via b324a304e0e6c48b300abc91bfb4862c31a39f25 (commit)
from cdcb458991053a9a972ddf2f9e2cd3fca3c96dd6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ed47ba432db398246edceacd37374973fcf59495
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 13 19:35:58 2012 +0100
updated included libtasn1
commit 70cdfb18838d8fea5b5d2deb027f1ddd02486726
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 13 18:59:52 2012 +0100
gnutls-cli honours the --x509fmtder.
commit d0935acf38469e447d843b64fb7f56eee0c47288
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 13 18:47:56 2012 +0100
only set the server name if we do not have an IP address.
commit 23b6bc58488b4938692fba8b041cbab2fc10296c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 13 18:45:35 2012 +0100
Do not use fixed versions
commit b324a304e0e6c48b300abc91bfb4862c31a39f25
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Mar 13 18:43:49 2012 +0100
Documentation updates
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +
README | 4 +-
doc/cha-cert-auth.texi | 9 +-
doc/cha-cert-auth2.texi | 30 ++--
lib/includes/gnutls/gnutls.h.in | 10 +-
lib/minitasn1/coding.c | 45 ++--
lib/minitasn1/decoding.c | 445 ++++++++++++++++++++++++---------------
lib/minitasn1/element.c | 55 +++---
lib/minitasn1/element.h | 5 +-
lib/minitasn1/errors.c | 3 +-
lib/minitasn1/gstr.c | 2 +-
lib/minitasn1/gstr.h | 2 +-
lib/minitasn1/int.h | 8 +-
lib/minitasn1/libtasn1.h | 10 +-
lib/minitasn1/parser_aux.c | 24 +-
lib/minitasn1/parser_aux.h | 3 +-
lib/minitasn1/structure.c | 6 +-
lib/minitasn1/structure.h | 2 +-
lib/minitasn1/version.c | 3 +-
src/cli.c | 11 +-
20 files changed, 390 insertions(+), 289 deletions(-)
diff --git a/NEWS b/NEWS
index bf9cc04..510e131 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ See the end for copying conditions.
* Version 3.0.16 (unreleased)
+** minitasn1: Upgraded to libtasn1 version 2.12.
+
** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2.
** p11tool: Small fixes in handling of the --private command
diff --git a/README b/README
index 3f1f422..a829b27 100644
--- a/README
+++ b/README
@@ -23,7 +23,7 @@ A typical command sequence for building the library is shown
below.
A complete list of options available for configure can be found
by running './configure --help'.
- cd gnutls-2.10.3
+ cd gnutls-<version>
./configure --prefix=/usr
make
sudo make install
@@ -40,7 +40,7 @@ p11-kit can be found at
<http://p11-glue.freedesktop.org/p11-kit.html>.
To configure libnettle for installation and use by GnuTLS, a typical
command sequence would be:
- cd nettle-2.2
+ cd nettle-<version>
./configure --prefix=/usr --disable-openssl --enable-shared
make
sudo make install
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 30fb7ca..cb79a7d 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -253,13 +253,12 @@ This purpose is served by the functions
@funcref{gnutls_x509_trust_list_add_name
@cindex verifying certificate paths
@tindex gnutls_certificate_verify_flags
-When operating in the context of a TLS session, the trusted certificate
+When operating in the context of a TLS session, if the trusted certificate
authority list has been set via the
@funcref{gnutls_certificate_set_x509_trust_file} and
@funcref{gnutls_certificate_set_x509_crl_file},
-thus it is not required to setup a trusted list as above.
-Convenience functions such as @funcref{gnutls_certificate_verify_peers2}
-are equivalent and will verify the peer's certificate chain
-in a TLS session.
+it is not required to setup a trusted list as above.
+The function @funcref{gnutls_certificate_verify_peers2}
+may then be used to verify the peer's certificate chain.
There is also the possibility to pass some input to the verification
functions in the form of flags. For
@funcref{gnutls_x509_trust_list_verify_crt} the
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index b9e13eb..6838bf5 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -129,24 +129,24 @@ reached. There are several reasons for revoking
certificates, but a
typical situation is when the private key associated with a
certificate has been compromised. Traditionally, Certificate
Revocation Lists (CRLs) have been used by application to implement
-revocation checking, however several disadvantages with CRLs have been
-identified, see for example @xcite{RIVESTCRL}.
+revocation checking, however, several problems with CRLs have been
+identified @xcite{RIVESTCRL}.
-The Online Certificate Status Protocol (@acronym{OCSP}) is a widely
-implemented protocol to perform certificate (revocation) status
-checking. @xcite{RFC2560}. An application that wish to verify the
+The Online Certificate Status Protocol, or @acronym{OCSP} @xcite{RFC2560},
+is a widely implemented protocol to perform certificate revocation status
+checking. An application that wish to verify the
identity of a peer will verify the certificate against a set of
trusted certificates and then check whether the certificate is listed
in a CRL and/or perform an OCSP check for the certificate.
Before performing the OCSP query, the application will need to figure
out the address of the OCSP server. The OCSP server address can be
-provided by the local user in manual configuration. The address can
-also be provided in the certificate that is being checked. There is
+provided by the local user in manual configuration or may be stored
+in the certificate that is being checked. The latter is due to
an extension field called the Authority Information Access (AIA) which
-has an access method called @code{id-ad-ocsp} that holds the location
-of the OCSP responder. There is a function for extracting this
-information from a certificate.
+may hold the location of the OCSP responder in
+the access method called @code{id-ad-ocsp}. The following function
+extracts this information from a certificate.
@showfuncA{gnutls_x509_crt_get_authority_info_access}
@@ -365,10 +365,12 @@ of their usage is also shown.
In this section we present the smart-card and hardware security module (HSM)
support
in @acronym{GnuTLS} using @acronym{PKCS} #11 @xcite{PKCS11}. Hardware security
modules and smart cards provide a way to store private keys and perform
-operations on them without exposing them. This allows decoupling cryptographic
-keys from the applications that use them providing an additional security
layer.
+operations on them without exposing them. This decouples cryptographic
+keys from the applications that use them and provide an additional
+security layer against cryptographic key extraction.
Since this can also be achieved in software components such as in Gnome
keyring,
-we will use the term security module to describe such an isolation interface.
+we will use the term security module to describe any cryptographic key
+separation subsystem.
@acronym{PKCS} #11 is plugin API allowing applications to access cryptographic
operations on a security module, as well as to objects residing on it. PKCS
@@ -520,7 +522,7 @@ session, as shown in @ref{ex:pkcs11-client}. In addition
the following functions can be used to load PKCS #11 key and
certificates by specifying a PKCS #11 URL instead of a filename.
address@hidden,gnutls_certificate_set_x509_key_file,gnutls_certificate_set_x509_simple_pkcs12_file}
address@hidden,gnutls_certificate_set_x509_key_file}
@include invoke-p11tool.texi
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 83deaee..d67a79d 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -431,11 +431,11 @@ extern "C"
* @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
* This is the case if the issue is not included in the trusted certificate
list.
* not found.
- * @GNUTLS_CERT_SIGNER_NOT_CA: The certiï¬cateâs signer was not a CA. This
- * may happen if this was a version 1 certiï¬cate, which is common with
- * some CAs, or a version 3 certiï¬cate without the basic constrains
extension.
- * @GNUTLS_CERT_INSECURE_ALGORITHM: The certiï¬cate was signed using an in-
- * secure algorithm such as MD2 or MD5. These algorithms have been broken and
+ * @GNUTLS_CERT_SIGNER_NOT_CA: The certificateâs signer was not a CA. This
+ * may happen if this was a version 1 certificate, which is common with
+ * some CAs, or a version 3 certificate without the basic constrains
extension.
+ * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an
insecure
+ * algorithm such as MD2 or MD5. These algorithms have been broken and
* should not be trusted.
* @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
* @GNUTLS_CERT_EXPIRED: The certificate has expired.
diff --git a/lib/minitasn1/coding.c b/lib/minitasn1/coding.c
index e23872f..a1896d5 100644
--- a/lib/minitasn1/coding.c
+++ b/lib/minitasn1/coding.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2002, 2004, 2006, 2008-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -69,7 +68,7 @@ _asn1_error_description_value_not_found (ASN1_TYPE node,
* The @ans buffer is pre-allocated and must have room for the output.
**/
void
-asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len)
+asn1_length_der (unsigned int len, unsigned char *ans, int *ans_len)
{
int k;
unsigned char temp[SIZEOF_UNSIGNED_LONG_INT];
@@ -183,14 +182,15 @@ _asn1_time_der (unsigned char *str, unsigned char *der,
int *der_len)
{
int len_len;
int max_len;
+ int str_len = _asn1_strlen (str);
max_len = *der_len;
- asn1_length_der (strlen (str), (max_len > 0) ? der : NULL, &len_len);
+ asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len);
- if ((len_len + (int) strlen (str)) <= max_len)
- memcpy (der + len_len, str, strlen (str));
- *der_len = len_len + strlen (str);
+ if ((len_len + str_len) <= max_len)
+ memcpy (der + len_len, str, str_len);
+ *der_len = len_len + str_len;
if ((*der_len) > max_len)
return ASN1_MEM_ERROR;
@@ -256,7 +256,7 @@ _asn1_objectid_der (unsigned char *str, unsigned char *der,
int *der_len)
char *temp, *n_end, *n_start;
unsigned char bit7;
unsigned long val, val1 = 0;
- int str_len = strlen(str);
+ int str_len = _asn1_strlen(str);
max_len = *der_len;
@@ -322,7 +322,8 @@ _asn1_objectid_der (unsigned char *str, unsigned char *der,
int *der_len)
}
-const char bit_mask[] = { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
+static const unsigned char bit_mask[] =
+ { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
/**
* asn1_bit_der:
@@ -452,7 +453,7 @@ _asn1_insert_tag_der (ASN1_TYPE node, unsigned char *der,
int *counter,
int tag_len, is_tag_implicit;
unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
unsigned long tag_implicit = 0;
- char tag_der[MAX_TAG_LEN];
+ unsigned char tag_der[MAX_TAG_LEN];
is_tag_implicit = 0;
@@ -479,16 +480,16 @@ _asn1_insert_tag_der (ASN1_TYPE node, unsigned char *der,
int *counter,
&tag_len);
else
_asn1_tag_der (class | ASN1_CLASS_STRUCTURED,
- strtoul (p->value, NULL, 10), tag_der,
- &tag_len);
+ _asn1_strtoul (p->value, NULL, 10),
+ tag_der, &tag_len);
*max_len -= tag_len;
if (*max_len >= 0)
memcpy (der + *counter, tag_der, tag_len);
*counter += tag_len;
- _asn1_ltostr (*counter, temp);
- _asn1_set_name (p, temp);
+ _asn1_ltostr (*counter, (char *) temp);
+ _asn1_set_name (p, (const char *) temp);
is_tag_implicit = 0;
}
@@ -502,7 +503,7 @@ _asn1_insert_tag_der (ASN1_TYPE node, unsigned char *der,
int *counter,
(type_field (node->type) == TYPE_SET_OF))
class |= ASN1_CLASS_STRUCTURED;
class_implicit = class;
- tag_implicit = strtoul (p->value, NULL, 10);
+ tag_implicit = _asn1_strtoul (p->value, NULL, 10);
is_tag_implicit = 1;
}
}
@@ -870,7 +871,7 @@ asn1_der_coding (ASN1_TYPE element, const char *name, void
*ider, int *len,
char *ErrorDescription)
{
ASN1_TYPE node, p, p2;
- char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
+ unsigned char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old;
asn1_retCode err;
unsigned char *der = ider;
@@ -1072,8 +1073,8 @@ asn1_der_coding (ASN1_TYPE element, const char *name,
void *ider, int *len,
case TYPE_SET:
if (move != UP)
{
- _asn1_ltostr (counter, temp);
- tlen = strlen (temp);
+ _asn1_ltostr (counter, (char *) temp);
+ tlen = _asn1_strlen (temp);
if (tlen > 0)
_asn1_set_value (p, temp, tlen + 1);
if (p->down == NULL)
@@ -1098,7 +1099,7 @@ asn1_der_coding (ASN1_TYPE element, const char *name,
void *ider, int *len,
}
else
{ /* move==UP */
- len2 = strtol (p->value, NULL, 10);
+ len2 = _asn1_strtol (p->value, NULL, 10);
_asn1_set_value (p, NULL, 0);
if ((type_field (p->type) == TYPE_SET) && (max_len >= 0))
_asn1_ordering_set (der + len2, max_len - len2, p);
@@ -1117,8 +1118,8 @@ asn1_der_coding (ASN1_TYPE element, const char *name,
void *ider, int *len,
case TYPE_SET_OF:
if (move != UP)
{
- _asn1_ltostr (counter, temp);
- tlen = strlen (temp);
+ _asn1_ltostr (counter, (char *) temp);
+ tlen = _asn1_strlen (temp);
if (tlen > 0)
_asn1_set_value (p, temp, tlen + 1);
@@ -1138,7 +1139,7 @@ asn1_der_coding (ASN1_TYPE element, const char *name,
void *ider, int *len,
}
if (move == UP)
{
- len2 = strtol (p->value, NULL, 10);
+ len2 = _asn1_strtol (p->value, NULL, 10);
_asn1_set_value (p, NULL, 0);
if ((type_field (p->type) == TYPE_SET_OF)
&& (max_len - len2 > 0))
diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c
index 2d28484..32888a3 100644
--- a/lib/minitasn1/decoding.c
+++ b/lib/minitasn1/decoding.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2002, 2004, 2006, 2008-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -57,10 +56,10 @@ _asn1_error_description_tag_error (ASN1_TYPE node, char
*ErrorDescription)
* Returns: Return the decoded length value, or -1 on indefinite
* length, or -2 when the value was too big.
**/
-signed long
+int
asn1_get_length_der (const unsigned char *der, int der_len, int *len)
{
- unsigned long ans;
+ int ans;
int k, punt;
*len = 0;
@@ -101,6 +100,35 @@ asn1_get_length_der (const unsigned char *der, int
der_len, int *len)
}
}
+/*-
+ * asn1_get_length_der_checked:
+ * @der: DER data to decode.
+ * @der_len: Length of DER data to decode.
+ * @len: Output variable containing the length of the DER length field.
+ *
+ * Extract a length field from DER data.
+ *
+ * Returns: Return the decoded length value, or -1 on indefinite
+ * length, -2 when the value was too big or -3 when the value
+ * and the size of length exceed the @der_len.
+ -*/
+static int
+asn1_get_length_der_checked (const unsigned char *der, int der_len, int *len)
+{
+int ret, tot;
+
+ ret = asn1_get_length_der(der, der_len, len);
+ if (ret < 0)
+ return ret;
+
+ tot = ret + *len;
+
+ if (tot < 0 || tot > der_len)
+ return -3;
+
+ return ret;
+}
+
/**
* asn1_get_tag_der:
* @der: DER data to decode.
@@ -173,7 +201,7 @@ asn1_get_tag_der (const unsigned char *der, int der_len,
*
* Since: 2.0
**/
-signed long
+int
asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
{
int ret;
@@ -663,7 +691,7 @@ _asn1_get_octet_string (const unsigned char *der, ASN1_TYPE
node, int *len)
if (*(der - 1) & ASN1_CLASS_STRUCTURED)
{
tot_len = 0;
- indefinite = asn1_get_length_der (der, *len, &len3);
+ indefinite = asn1_get_length_der_checked (der, *len, &len3);
if (indefinite < -1)
return ASN1_DER_ERROR;
@@ -692,7 +720,7 @@ _asn1_get_octet_string (const unsigned char *der, ASN1_TYPE
node, int *len)
counter++;
- len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
+ len2 = asn1_get_length_der_checked (der + counter, *len - counter,
&len3);
if (len2 <= 0)
return ASN1_DER_ERROR;
@@ -721,11 +749,9 @@ _asn1_get_octet_string (const unsigned char *der,
ASN1_TYPE node, int *len)
}
else
{ /* NOT STRUCTURED */
- len2 = asn1_get_length_der (der, *len, &len3);
+ len2 = asn1_get_length_der_checked (der, *len, &len3);
if (len2 < 0)
return ASN1_DER_ERROR;
- if (len3 + len2 > *len)
- return ASN1_DER_ERROR;
if (node)
_asn1_set_value (node, der, len3 + len2);
counter = len3 + len2;
@@ -824,8 +850,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
if (node->type & CONST_OPTION)
{
- asn1_delete_structure (element);
- return ASN1_GENERIC_ERROR;
+ result = ASN1_GENERIC_ERROR;
+ goto cleanup;
}
counter = 0;
@@ -839,7 +865,7 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
if (p->type & CONST_SET)
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if (len2 == -1)
{
if (!der[counter] && !der[counter + 1])
@@ -858,8 +884,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
}
else if (counter > len2)
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
p2 = p2->down;
while (p2)
@@ -894,15 +920,15 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
}
if (p2 == NULL)
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if (counter == len2)
{
if (p->right)
@@ -942,8 +968,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
}
else if (ris == ASN1_ERROR_TYPE_ANY)
{
- asn1_delete_structure (element);
- return ASN1_ERROR_TYPE_ANY;
+ result = ASN1_ERROR_TYPE_ANY;
+ goto cleanup;
}
else
{
@@ -956,8 +982,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
{
if (!(p->type & CONST_OPTION))
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
else
@@ -967,7 +993,7 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if ((len2 != -1) && (counter > len2))
ris = ASN1_TAG_ERROR;
}
@@ -992,8 +1018,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
if (errorDescription != NULL)
_asn1_error_description_tag_error (p, errorDescription);
- asn1_delete_structure (element);
- return ASN1_TAG_ERROR;
+ result = ASN1_TAG_ERROR;
+ goto cleanup;
}
}
else
@@ -1007,8 +1033,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
case TYPE_NULL:
if (der[counter])
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
counter++;
move = RIGHT;
@@ -1016,8 +1042,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
case TYPE_BOOLEAN:
if (der[counter++] != 1)
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
if (der[counter++] == 0)
_asn1_set_value (p, "F", 1);
@@ -1028,11 +1054,13 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
case TYPE_INTEGER:
case TYPE_ENUMERATED:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
- if (len2 + len3 > len - counter)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
_asn1_set_value (p, der + counter, len3 + len2);
counter += len3 + len2;
move = RIGHT;
@@ -1042,10 +1070,7 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
_asn1_get_objectid_der (der + counter, len - counter, &len2,
temp, sizeof (temp));
if (result != ASN1_SUCCESS)
- {
- asn1_delete_structure (element);
- return result;
- }
+ goto cleanup;
tlen = strlen (temp);
if (tlen > 0)
@@ -1058,10 +1083,8 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
_asn1_get_time_der (der + counter, len - counter, &len2, temp,
sizeof (temp) - 1);
if (result != ASN1_SUCCESS)
- {
- asn1_delete_structure (element);
- return result;
- }
+ goto cleanup;
+
tlen = strlen (temp);
if (tlen > 0)
_asn1_set_value (p, temp, tlen + 1);
@@ -1070,30 +1093,35 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
break;
case TYPE_OCTET_STRING:
len3 = len - counter;
- ris = _asn1_get_octet_string (der + counter, p, &len3);
- if (ris != ASN1_SUCCESS)
- return ris;
+ result = _asn1_get_octet_string (der + counter, p, &len3);
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
+
counter += len3;
move = RIGHT;
break;
case TYPE_GENERALSTRING:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
- if (len3 + len2 > len - counter)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
_asn1_set_value (p, der + counter, len3 + len2);
counter += len3 + len2;
move = RIGHT;
break;
case TYPE_BIT_STRING:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
- if (len3 + len2 > len - counter)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
_asn1_set_value (p, der + counter, len3 + len2);
counter += len3 + len2;
move = RIGHT;
@@ -1102,7 +1130,7 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
case TYPE_SET:
if (move == UP)
{
- len2 = strtol (p->value, NULL, 10);
+ len2 = _asn1_strtol (p->value, NULL, 10);
_asn1_set_value (p, NULL, 0);
if (len2 == -1)
{ /* indefinite length method */
@@ -1110,20 +1138,23 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
{
if ((der[counter]) || der[counter + 1])
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
else
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += 2;
}
else
{ /* definite length method */
if (len2 != counter)
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
move = RIGHT;
@@ -1131,9 +1162,12 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
else
{ /* move==DOWN || move==RIGHT */
len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len2);
if (len3 < -1)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += len2;
if (len3 > 0)
{
@@ -1170,11 +1204,15 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
case TYPE_SET_OF:
if (move == UP)
{
- len2 = strtol (p->value, NULL, 10);
+ len2 = _asn1_strtol (p->value, NULL, 10);
if (len2 == -1)
{ /* indefinite length method */
if ((counter + 2) > len)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
if ((der[counter]) || der[counter + 1])
{
_asn1_append_sequence_set (p);
@@ -1201,17 +1239,20 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
_asn1_set_value (p, NULL, 0);
if (len2 != counter)
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
}
else
{ /* move==DOWN || move==RIGHT */
len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len2);
if (len3 < -1)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += len2;
if (len3)
{
@@ -1242,16 +1283,24 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
if (asn1_get_tag_der
(der + counter, len - counter, &class, &len2,
&tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
if (counter + len2 > len)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
len4 =
- asn1_get_length_der (der + counter + len2,
+ asn1_get_length_der_checked (der + counter + len2,
len - counter - len2, &len3);
if (len4 < -1)
- return ASN1_DER_ERROR;
- if (len4 > len - counter + len2 + len3)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
if (len4 != -1)
{
len2 += len4;
@@ -1267,13 +1316,10 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
indefinite = 0;
len2 = len - counter;
- ris =
+ result =
_asn1_get_indefinite_length_string (der + counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- asn1_delete_structure (element);
- return ris;
- }
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
_asn1_set_value_octet (p, der + counter, len2);
counter += len2;
@@ -1288,9 +1334,9 @@ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
int len,
}
else
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
- }
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
}
}
move = RIGHT;
@@ -1326,11 +1372,15 @@ asn1_der_decoding (ASN1_TYPE * element, const void
*ider, int len,
if (counter != len)
{
- asn1_delete_structure (element);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
return ASN1_SUCCESS;
+
+cleanup:
+ asn1_delete_structure (element);
+ return result;
}
#define FOUND 1
@@ -1379,14 +1429,14 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (elementName == NULL)
{
- asn1_delete_structure (structure);
- return ASN1_ELEMENT_NOT_FOUND;
+ result = ASN1_ELEMENT_NOT_FOUND;
+ goto cleanup;
}
if (node->type & CONST_OPTION)
{
- asn1_delete_structure (structure);
- return ASN1_GENERIC_ERROR;
+ result = ASN1_GENERIC_ERROR;
+ goto cleanup;
}
if ((*structure)->name)
@@ -1396,8 +1446,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
strcpy (currentName, (*structure)->name);
else
{
- asn1_delete_structure (structure);
- return ASN1_MEM_ERROR;
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
}
if (!(strcmp (currentName, elementName)))
{
@@ -1436,7 +1486,7 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (p->type & CONST_SET)
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if (counter == len2)
{
p = p2;
@@ -1445,8 +1495,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
}
else if (counter > len2)
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
p2 = p2->down;
while (p2)
@@ -1481,15 +1531,15 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
}
if (p2 == NULL)
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if (counter == len2)
{
if (p->right)
@@ -1529,8 +1579,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
}
else if (ris == ASN1_ERROR_TYPE_ANY)
{
- asn1_delete_structure (structure);
- return ASN1_ERROR_TYPE_ANY;
+ result = ASN1_ERROR_TYPE_ANY;
+ goto cleanup;
}
else
{
@@ -1543,8 +1593,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
{
if (!(p->type & CONST_OPTION))
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
else
@@ -1554,7 +1604,7 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if (counter > len2)
ris = ASN1_TAG_ERROR;
}
@@ -1579,8 +1629,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (errorDescription != NULL)
_asn1_error_description_tag_error (p, errorDescription);
- asn1_delete_structure (structure);
- return ASN1_TAG_ERROR;
+ result = ASN1_TAG_ERROR;
+ goto cleanup;
}
}
else
@@ -1594,8 +1644,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
case TYPE_NULL:
if (der[counter])
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
if (p == nodeFound)
@@ -1607,8 +1657,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
case TYPE_BOOLEAN:
if (der[counter++] != 1)
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
if (state == FOUND)
@@ -1630,13 +1680,20 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
case TYPE_INTEGER:
case TYPE_ENUMERATED:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
if (state == FOUND)
{
if (len3 + len2 > len - counter)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
_asn1_set_value (p, der + counter, len3 + len2);
if (p == nodeFound)
@@ -1652,9 +1709,7 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
_asn1_get_objectid_der (der + counter, len - counter,
&len2, temp, sizeof (temp));
if (result != ASN1_SUCCESS)
- {
- return result;
- }
+ goto cleanup;
tlen = strlen (temp);
@@ -1667,9 +1722,12 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
else
{
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
len2 += len3;
}
@@ -1683,10 +1741,7 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
_asn1_get_time_der (der + counter, len - counter, &len2,
temp, sizeof (temp) - 1);
if (result != ASN1_SUCCESS)
- {
- asn1_delete_structure (structure);
- return result;
- }
+ goto cleanup;
tlen = strlen (temp);
if (tlen > 0)
@@ -1698,9 +1753,12 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
else
{
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
len2 += len3;
}
@@ -1711,27 +1769,35 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
len3 = len - counter;
if (state == FOUND)
{
- ris = _asn1_get_octet_string (der + counter, p, &len3);
+ result = _asn1_get_octet_string (der + counter, p, &len3);
if (p == nodeFound)
state = EXIT;
}
else
- ris = _asn1_get_octet_string (der + counter, NULL, &len3);
+ result = _asn1_get_octet_string (der + counter, NULL, &len3);
+
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
- if (ris != ASN1_SUCCESS)
- return ris;
counter += len3;
move = RIGHT;
break;
case TYPE_GENERALSTRING:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
if (state == FOUND)
{
if (len3 + len2 > len - counter)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
_asn1_set_value (p, der + counter, len3 + len2);
if (p == nodeFound)
@@ -1742,13 +1808,19 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
break;
case TYPE_BIT_STRING:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
if (state == FOUND)
{
if (len3 + len2 > len - counter)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
_asn1_set_value (p, der + counter, len3 + len2);
if (p == nodeFound)
@@ -1761,14 +1833,14 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
case TYPE_SET:
if (move == UP)
{
- len2 = strtol (p->value, NULL, 10);
+ len2 = _asn1_strtol (p->value, NULL, 10);
_asn1_set_value (p, NULL, 0);
if (len2 == -1)
{ /* indefinite length method */
if ((der[counter]) || der[counter + 1])
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
counter += 2;
}
@@ -1776,8 +1848,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
{ /* definite length method */
if (len2 != counter)
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
if (p == nodeFound)
@@ -1789,20 +1861,26 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (state == OTHER_BRANCH)
{
len3 =
- asn1_get_length_der (der + counter, len - counter,
+ asn1_get_length_der_checked (der + counter, len -
counter,
&len2);
if (len3 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += len2 + len3;
move = RIGHT;
}
else
{ /* state==SAME_BRANCH or state==FOUND */
len3 =
- asn1_get_length_der (der + counter, len - counter,
+ asn1_get_length_der_checked (der + counter, len -
counter,
&len2);
if (len3 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += len2;
if (len3 > 0)
{
@@ -1841,7 +1919,7 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
case TYPE_SET_OF:
if (move == UP)
{
- len2 = strtol (p->value, NULL, 10);
+ len2 = _asn1_strtol (p->value, NULL, 10);
if (len2 > counter)
{
_asn1_append_sequence_set (p);
@@ -1854,8 +1932,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
_asn1_set_value (p, NULL, 0);
if (len2 != counter)
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
if (p == nodeFound)
@@ -1866,20 +1944,26 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (state == OTHER_BRANCH)
{
len3 =
- asn1_get_length_der (der + counter, len - counter,
+ asn1_get_length_der_checked (der + counter, len -
counter,
&len2);
if (len3 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += len2 + len3;
move = RIGHT;
}
else
{ /* state==FOUND or state==SAME_BRANCH */
len3 =
- asn1_get_length_der (der + counter, len - counter,
+ asn1_get_length_der_checked (der + counter, len -
counter,
&len2);
if (len3 < 0)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
counter += len2;
if (len3)
{
@@ -1905,15 +1989,25 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (asn1_get_tag_der
(der + counter, len - counter, &class, &len2,
&tag) != ASN1_SUCCESS)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
+
if (counter + len2 > len)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
len4 =
- asn1_get_length_der (der + counter + len2,
+ asn1_get_length_der_checked (der + counter + len2,
len - counter - len2, &len3);
if (len4 < -1)
- return ASN1_DER_ERROR;
+ {
+ result = ASN1_DER_ERROR;
+ goto cleanup;
+ }
if (len4 != -1)
{
@@ -1936,13 +2030,10 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
indefinite = 0;
len2 = len - counter;
- ris =
+ result =
_asn1_get_indefinite_length_string (der + counter, &len2);
- if (ris != ASN1_SUCCESS)
- {
- asn1_delete_structure (structure);
- return ris;
- }
+ if (result != ASN1_SUCCESS)
+ goto cleanup;
if (state == FOUND)
{
@@ -1964,8 +2055,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
}
else
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
}
}
@@ -1998,8 +2089,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
}
else
{
- asn1_delete_structure (structure);
- return ASN1_MEM_ERROR;
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
}
if (!(strcmp (currentName, elementName)))
{
@@ -2041,8 +2132,8 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
strcat (currentName, p->name);
else
{
- asn1_delete_structure (structure);
- return ASN1_MEM_ERROR;
+ result = ASN1_MEM_ERROR;
+ goto cleanup;
}
if (!(strcmp (currentName, elementName)))
@@ -2096,11 +2187,15 @@ asn1_der_decoding_element (ASN1_TYPE * structure, const
char *elementName,
if (counter > len)
{
- asn1_delete_structure (structure);
- return ASN1_DER_ERROR;
+ result = ASN1_DER_ERROR;
+ goto cleanup;
}
return ASN1_SUCCESS;
+
+cleanup:
+ asn1_delete_structure (structure);
+ return result;
}
/**
@@ -2171,7 +2266,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
if (p->type & CONST_SET)
{
p2 = _asn1_find_up (p);
- len2 = strtol (p2->value, NULL, 10);
+ len2 = _asn1_strtol (p2->value, NULL, 10);
if (len2 == -1)
{
if (!der[counter] && !der[counter + 1])
@@ -2274,7 +2369,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
case TYPE_INTEGER:
case TYPE_ENUMERATED:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
return ASN1_DER_ERROR;
counter += len3 + len2;
@@ -2282,7 +2377,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
break;
case TYPE_OBJECT_ID:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
return ASN1_DER_ERROR;
counter += len2 + len3;
@@ -2290,7 +2385,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
break;
case TYPE_TIME:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
return ASN1_DER_ERROR;
counter += len2 + len3;
@@ -2306,7 +2401,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
break;
case TYPE_GENERALSTRING:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
return ASN1_DER_ERROR;
counter += len3 + len2;
@@ -2314,7 +2409,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
break;
case TYPE_BIT_STRING:
len2 =
- asn1_get_length_der (der + counter, len - counter, &len3);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len3);
if (len2 < 0)
return ASN1_DER_ERROR;
counter += len3 + len2;
@@ -2325,7 +2420,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
if (move != UP)
{
len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len2);
if (len3 < -1)
return ASN1_DER_ERROR;
counter += len2;
@@ -2346,7 +2441,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
if (move != UP)
{
len3 =
- asn1_get_length_der (der + counter, len - counter, &len2);
+ asn1_get_length_der_checked (der + counter, len - counter,
&len2);
if (len3 < -1)
return ASN1_DER_ERROR;
counter += len2;
@@ -2377,7 +2472,7 @@ asn1_der_decoding_startEnd (ASN1_TYPE element, const void
*ider, int len,
return ASN1_DER_ERROR;
len4 =
- asn1_get_length_der (der + counter + len2,
+ asn1_get_length_der_checked (der + counter + len2,
len - counter - len2, &len3);
if (len4 < -1)
return ASN1_DER_ERROR;
@@ -2562,7 +2657,7 @@ asn1_expand_any_defined_by (ASN1_TYPE definitions,
ASN1_TYPE * element)
asn1_read_value (definitions, name, value, &len);
if ((result == ASN1_SUCCESS)
- && (!strcmp (p3->value, value)))
+ && (!_asn1_strcmp (p3->value, value)))
{
p2 = p2->right; /* pointer to the structure to
use for expansion */
@@ -2743,7 +2838,7 @@ asn1_expand_octet_string (ASN1_TYPE definitions,
ASN1_TYPE * element,
result = asn1_read_value (definitions, name, value, &len);
if ((result == ASN1_SUCCESS)
- && (!strcmp (objectNode->value, value)))
+ && (!_asn1_strcmp (objectNode->value, value)))
{
p2 = p2->right; /* pointer to the structure to
diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c
index c466989..ead899c 100644
--- a/lib/minitasn1/element.c
+++ b/lib/minitasn1/element.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2000-2004, 2006, 2008-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2000-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -76,7 +75,7 @@ _asn1_hierarchical_name (ASN1_TYPE node, char *name, int
name_size)
/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */
/******************************************************************/
asn1_retCode
-_asn1_convert_integer (const char *value, unsigned char *value_out,
+_asn1_convert_integer (const unsigned char *value, unsigned char *value_out,
int value_out_size, int *len)
{
char negative;
@@ -84,7 +83,7 @@ _asn1_convert_integer (const char *value, unsigned char
*value_out,
long valtmp;
int k, k2;
- valtmp = strtol (value, NULL, 10);
+ valtmp = _asn1_strtol (value, NULL, 10);
for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
{
@@ -305,7 +304,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
switch (type_field (node->type))
{
case TYPE_BOOLEAN:
- if (!strcmp (value, "TRUE"))
+ if (!_asn1_strcmp (value, "TRUE"))
{
if (node->type & CONST_DEFAULT)
{
@@ -320,7 +319,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
else
_asn1_set_value (node, "T", 1);
}
- else if (!strcmp (value, "FALSE"))
+ else if (!_asn1_strcmp (value, "FALSE"))
{
if (node->type & CONST_DEFAULT)
{
@@ -361,7 +360,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
{
if (type_field (p->type) == TYPE_CONSTANT)
{
- if ((p->name) && (!strcmp (p->name, value)))
+ if ((p->name) && (!_asn1_strcmp (p->name, value)))
{
value_temp =
(unsigned char *)
@@ -444,7 +443,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
{
if (type_field (p2->type) == TYPE_CONSTANT)
{
- if ((p2->name) && (!strcmp (p2->name, p->value)))
+ if ((p2->name) && (!_asn1_strcmp (p2->name, p->value)))
{
default_temp =
(unsigned char *)
@@ -487,7 +486,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
_asn1_free (value_temp);
break;
case TYPE_OBJECT_ID:
- for (i = 0; i < strlen (value); i++)
+ for (i = 0; i < _asn1_strlen (value); i++)
if ((!isdigit (value[i])) && (value[i] != '.') && (value[i] != '+'))
return ASN1_VALUE_NOT_VALID;
if (node->type & CONST_DEFAULT)
@@ -495,23 +494,23 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
p = node->down;
while (type_field (p->type) != TYPE_DEFAULT)
p = p->right;
- if (!strcmp (value, p->value))
+ if (!_asn1_strcmp (value, p->value))
{
_asn1_set_value (node, NULL, 0);
break;
}
}
- _asn1_set_value (node, value, strlen (value) + 1);
+ _asn1_set_value (node, value, _asn1_strlen (value) + 1);
break;
case TYPE_TIME:
if (node->type & CONST_UTC)
{
- if (strlen (value) < 11)
+ if (_asn1_strlen (value) < 11)
return ASN1_VALUE_NOT_VALID;
for (k = 0; k < 10; k++)
if (!isdigit (value[k]))
return ASN1_VALUE_NOT_VALID;
- switch (strlen (value))
+ switch (_asn1_strlen (value))
{
case 11:
if (value[10] != 'Z')
@@ -541,27 +540,27 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
default:
return ASN1_VALUE_NOT_FOUND;
}
- _asn1_set_value (node, value, strlen (value) + 1);
+ _asn1_set_value (node, value, _asn1_strlen (value) + 1);
}
else
{ /* GENERALIZED TIME */
if (value)
- _asn1_set_value (node, value, strlen (value) + 1);
+ _asn1_set_value (node, value, _asn1_strlen (value) + 1);
}
break;
case TYPE_OCTET_STRING:
if (len == 0)
- len = strlen (value);
+ len = _asn1_strlen (value);
_asn1_set_value_octet (node, value, len);
break;
case TYPE_GENERALSTRING:
if (len == 0)
- len = strlen (value);
+ len = _asn1_strlen (value);
_asn1_set_value_octet (node, value, len);
break;
case TYPE_BIT_STRING:
if (len == 0)
- len = strlen (value);
+ len = _asn1_strlen (value);
asn1_length_der ((len >> 3) + 2, NULL, &len2);
temp = (unsigned char *) _asn1_malloc ((len >> 3) + 2 + len2);
if (temp == NULL)
@@ -575,7 +574,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
p = node->down;
while (p)
{
- if (!strcmp (p->name, value))
+ if (!_asn1_strcmp (p->name, value))
{
p2 = node->down;
while (p2)
@@ -600,7 +599,7 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
break;
case TYPE_SEQUENCE_OF:
case TYPE_SET_OF:
- if (strcmp (value, "NEW"))
+ if (_asn1_strcmp (value, "NEW"))
return ASN1_VALUE_NOT_VALID;
_asn1_append_sequence_set (node);
break;
@@ -622,21 +621,21 @@ asn1_write_value (ASN1_TYPE node_root, const char *name,
}
#define PUT_STR_VALUE( ptr, ptr_size, data) \
- *len = strlen(data) + 1; \
+ *len = _asn1_strlen(data) + 1; \
if (ptr_size < *len) { \
return ASN1_MEM_ERROR; \
} else { \
/* this strcpy is checked */ \
- strcpy(ptr, data); \
+ _asn1_strcpy(ptr, data); \
}
#define ADD_STR_VALUE( ptr, ptr_size, data) \
- *len = (int) strlen(data) + 1; \
- if (ptr_size < (int) strlen(ptr)+(*len)) { \
+ *len = (int) _asn1_strlen(data) + 1; \
+ if (ptr_size < (int) _asn1_strlen(ptr)+(*len)) { \
return ASN1_MEM_ERROR; \
} else { \
/* this strcat is checked */ \
- strcat(ptr, data); \
+ _asn1_strcat(ptr, data); \
}
/**
@@ -768,7 +767,7 @@ asn1_read_value (ASN1_TYPE root, const char *name, void
*ivalue, int *len)
{
if (type_field (p2->type) == TYPE_CONSTANT)
{
- if ((p2->name) && (!strcmp (p2->name, p->value)))
+ if ((p2->name) && (!_asn1_strcmp (p2->name, p->value)))
{
if (_asn1_convert_integer
(p2->value, value, value_size,
@@ -807,7 +806,7 @@ asn1_read_value (ASN1_TYPE root, const char *name, void
*ivalue, int *len)
}
p = p->right;
}
- *len = strlen (value) + 1;
+ *len = _asn1_strlen (value) + 1;
}
else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
{
@@ -909,7 +908,7 @@ asn1_read_tag (ASN1_TYPE root, const char *name, int
*tagValue,
if (pTag)
{
- *tagValue = strtoul (pTag->value, NULL, 10);
+ *tagValue = _asn1_strtoul (pTag->value, NULL, 10);
if (pTag->type & CONST_APPLICATION)
*classValue = ASN1_CLASS_APPLICATION;
diff --git a/lib/minitasn1/element.h b/lib/minitasn1/element.h
index 86e2499..9cad46e 100644
--- a/lib/minitasn1/element.h
+++ b/lib/minitasn1/element.h
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2000-2004, 2006, 2008-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2000-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -26,7 +25,7 @@
asn1_retCode _asn1_append_sequence_set (ASN1_TYPE node);
-asn1_retCode _asn1_convert_integer (const char *value,
+asn1_retCode _asn1_convert_integer (const unsigned char *value,
unsigned char *value_out,
int value_out_size, int *len);
diff --git a/lib/minitasn1/errors.c b/lib/minitasn1/errors.c
index abd94cb..7878c50 100644
--- a/lib/minitasn1/errors.c
+++ b/lib/minitasn1/errors.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2002, 2005-2006, 2008-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
diff --git a/lib/minitasn1/gstr.c b/lib/minitasn1/gstr.c
index 8ac4957..9590b45 100644
--- a/lib/minitasn1/gstr.c
+++ b/lib/minitasn1/gstr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2006-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
diff --git a/lib/minitasn1/gstr.h b/lib/minitasn1/gstr.h
index 8018d15..baaa6a0 100644
--- a/lib/minitasn1/gstr.h
+++ b/lib/minitasn1/gstr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2006-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
diff --git a/lib/minitasn1/int.h b/lib/minitasn1/int.h
index fd479a8..fcaf0d8 100644
--- a/lib/minitasn1/int.h
+++ b/lib/minitasn1/int.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2004-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -62,6 +62,12 @@ struct node_asn_struct
#define _asn1_calloc calloc
#define _asn1_realloc realloc
#define _asn1_strdup strdup
+#define _asn1_strlen(s) strlen((const char *) s)
+#define _asn1_strtol(n,e,b) strtol((const char *) n, e, b)
+#define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b)
+#define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b)
+#define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b)
+#define _asn1_strcat(a,b) strcat((char *)a, (const char *)b)
#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log
message */
diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h
index fef8f6f..ac9fafe 100644
--- a/lib/minitasn1/libtasn1.h
+++ b/lib/minitasn1/libtasn1.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2004-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -44,7 +44,7 @@ extern "C"
{
#endif
-#define ASN1_VERSION "2.10"
+#define ASN1_VERSION "2.12"
typedef int asn1_retCode; /* type returned by libtasn1 functions */
@@ -261,14 +261,14 @@ extern "C"
int *ret_len, unsigned char *str,
int str_size, int *bit_len);
- extern ASN1_API signed long
+ extern ASN1_API int
asn1_get_length_der (const unsigned char *der, int der_len, int *len);
- extern ASN1_API signed long
+ extern ASN1_API int
asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len);
extern ASN1_API void
- asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len);
+ asn1_length_der (unsigned int len, unsigned char *ans, int *ans_len);
/* Other utility functions. */
diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c
index 6b388f8..ce55253 100644
--- a/lib/minitasn1/parser_aux.c
+++ b/lib/minitasn1/parser_aux.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2000-2001, 2004, 2006-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2000-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -719,7 +718,7 @@ _asn1_expand_object_id (ASN1_TYPE node)
{
_asn1_str_cpy (name2, sizeof (name2), name_root);
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p2->value);
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
p3 = asn1_find_node (node, name2);
if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) ||
!(p3->type & CONST_ASSIGN))
@@ -734,7 +733,7 @@ _asn1_expand_object_id (ASN1_TYPE node)
{
p5 = _asn1_add_node_only (TYPE_CONSTANT);
_asn1_set_name (p5, p4->name);
- tlen = strlen (p4->value);
+ tlen = _asn1_strlen (p4->value);
if (tlen > 0)
_asn1_set_value (p5, p4->value, tlen + 1);
if (p2 == p)
@@ -805,7 +804,7 @@ _asn1_expand_object_id (ASN1_TYPE node)
{
_asn1_str_cpy (name2, sizeof (name2), name_root);
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p2->value);
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
p3 = asn1_find_node (node, name2);
if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) ||
!(p3->type & CONST_ASSIGN))
@@ -818,7 +817,8 @@ _asn1_expand_object_id (ASN1_TYPE node)
{
if (name2[0])
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p4->value);
+ _asn1_str_cat (name2, sizeof (name2),
+ (char *) p4->value);
}
p4 = p4->right;
}
@@ -960,11 +960,11 @@ _asn1_check_identifier (ASN1_TYPE node)
{
_asn1_str_cpy (name2, sizeof (name2), node->name);
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p->value);
+ _asn1_str_cat (name2, sizeof (name2), (char *) p->value);
p2 = asn1_find_node (node, name2);
if (p2 == NULL)
{
- strcpy (_asn1_identifierMissing, p->value);
+ _asn1_strcpy (_asn1_identifierMissing, p->value);
return ASN1_IDENTIFIER_NOT_FOUND;
}
}
@@ -976,8 +976,8 @@ _asn1_check_identifier (ASN1_TYPE node)
{
_asn1_str_cpy (name2, sizeof (name2), node->name);
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p2->value);
- strcpy (_asn1_identifierMissing, p2->value);
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ _asn1_strcpy (_asn1_identifierMissing, p2->value);
p2 = asn1_find_node (node, name2);
if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) ||
!(p2->type & CONST_ASSIGN))
@@ -996,8 +996,8 @@ _asn1_check_identifier (ASN1_TYPE node)
{
_asn1_str_cpy (name2, sizeof (name2), node->name);
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p2->value);
- strcpy (_asn1_identifierMissing, p2->value);
+ _asn1_str_cat (name2, sizeof (name2), (char *) p2->value);
+ _asn1_strcpy (_asn1_identifierMissing, p2->value);
p2 = asn1_find_node (node, name2);
if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) ||
!(p2->type & CONST_ASSIGN))
diff --git a/lib/minitasn1/parser_aux.h b/lib/minitasn1/parser_aux.h
index 6e9a59b..374f599 100644
--- a/lib/minitasn1/parser_aux.h
+++ b/lib/minitasn1/parser_aux.h
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2000-2001, 2004, 2006-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2000-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
diff --git a/lib/minitasn1/structure.c b/lib/minitasn1/structure.c
index 4f7e72d..41cebe4 100644
--- a/lib/minitasn1/structure.c
+++ b/lib/minitasn1/structure.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2004, 2006-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
@@ -482,7 +482,7 @@ _asn1_type_choice_config (ASN1_TYPE node)
if (type_field (p3->type) == TYPE_TAG)
{
p4 = _asn1_add_node_only (p3->type);
- tlen = strlen (p3->value);
+ tlen = _asn1_strlen (p3->value);
if (tlen > 0)
_asn1_set_value (p4, p3->value, tlen + 1);
_asn1_set_right (p4, p2->down);
@@ -558,7 +558,7 @@ _asn1_expand_identifier (ASN1_TYPE * node, ASN1_TYPE root)
{
_asn1_str_cpy (name2, sizeof (name2), root->name);
_asn1_str_cat (name2, sizeof (name2), ".");
- _asn1_str_cat (name2, sizeof (name2), p->value);
+ _asn1_str_cat (name2, sizeof (name2), (char *) p->value);
p2 = _asn1_copy_structure2 (root, name2);
if (p2 == NULL)
{
diff --git a/lib/minitasn1/structure.h b/lib/minitasn1/structure.h
index 1b915cf..0a84e26 100644
--- a/lib/minitasn1/structure.h
+++ b/lib/minitasn1/structure.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2004, 2006-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2002-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
diff --git a/lib/minitasn1/version.c b/lib/minitasn1/version.c
index caf3f90..fb17223 100644
--- a/lib/minitasn1/version.c
+++ b/lib/minitasn1/version.c
@@ -1,6 +1,5 @@
/*
- * Copyright (C) 2000-2001, 2004, 2006-2012 Free Software Foundation,
- * Inc.
+ * Copyright (C) 2000-2012 Free Software Foundation, Inc.
*
* This file is part of LIBTASN1.
*
diff --git a/src/cli.c b/src/cli.c
index ccd59d0..3f13a46 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -36,6 +36,7 @@
#include <stdint.h>
#include <fcntl.h>
#include <netdb.h>
+#include <ctype.h>
#include <gnutls/gnutls.h>
#include <gnutls/abstract.h>
@@ -209,7 +210,7 @@ load_keys (void)
crt_num = MAX_CRT;
ret =
gnutls_x509_crt_list_import (crt_list, &crt_num, &data,
- GNUTLS_X509_FMT_PEM,
+ x509ctype,
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
if (ret < 0)
{
@@ -288,7 +289,7 @@ load_keys (void)
gnutls_x509_privkey_init (&tmp_key);
ret =
- gnutls_x509_privkey_import (tmp_key, &data, GNUTLS_X509_FMT_PEM);
+ gnutls_x509_privkey_import (tmp_key, &data, x509ctype);
if (ret < 0)
{
fprintf (stderr, "*** Error loading key file: %s\n",
@@ -674,9 +675,9 @@ init_tls_session (const char *hostname)
*/
if (disable_extensions == 0)
{
- gnutls_handshake_set_private_extensions (session, 1);
- gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
- strlen (hostname));
+ if (!isdigit(hostname[0]) && strchr(hostname, ':') == 0)
+ gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname,
+ strlen (hostname));
}
gnutls_dh_set_prime_bits (session, 512);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_15-27-ged47ba4,
Nikos Mavrogiannopoulos <=