From: Nikos Mavrogiannopoulos Date: Mon, 2 May 2016 11:12:00 +0000 (+0200) Subject: _gnutls_x509_crt_cpy: optimized and simplified X-Git-Tag: gnutls_3_5_0~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=01db1537f116b7fd24fa57a51fc2ca571cd0e7ca;p=thirdparty%2Fgnutls.git _gnutls_x509_crt_cpy: optimized and simplified --- diff --git a/lib/x509.c b/lib/x509.c index f2b5aee0e7..219e065c80 100644 --- a/lib/x509.c +++ b/lib/x509.c @@ -1554,7 +1554,7 @@ gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res, goto cleanup; } - ret = _gnutls_x509_crt_cpy(new_list[i], ca_list[i]); + ret = _gnutls_x509_crt_cpy(new_list[i], ca_list[i], CRT_CPY_FAST); if (ret < 0) { gnutls_assert(); goto cleanup; diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 21f4b42a34..7883337157 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -447,7 +447,7 @@ gnutls_x509_trust_list_iter_get_ca(gnutls_x509_trust_list_t list, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_x509_crt_cpy(*crt, list->node[(*iter)->node_index].trusted_cas[(*iter)->ca_index]); + ret = _gnutls_x509_crt_cpy(*crt, list->node[(*iter)->node_index].trusted_cas[(*iter)->ca_index], 0); if (ret < 0) { gnutls_x509_crt_deinit(*crt); return gnutls_assert_val(ret); @@ -528,7 +528,7 @@ int ret; return NULL; } - ret = _gnutls_x509_crt_cpy(dst, src); + ret = _gnutls_x509_crt_cpy(dst, src, 0); if (ret < 0) { gnutls_x509_crt_deinit(dst); gnutls_assert(); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 22206ffc8d..c160f74efc 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -157,53 +157,43 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) * _gnutls_x509_crt_cpy - This function copies a gnutls_x509_crt_t type * @dest: The data where to copy * @src: The data to be copied + * @flags: zero or CRT_CPY_FAST * - * This function will copy an X.509 certificate structure. + * This function will copy an X.509 certificate structure. Unless + * %CRT_CPY_FAST is specified this function does encode and decode + * the given source to allow copying modified structure. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. -*/ -int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src) +int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src, unsigned flags) { int ret; - size_t der_size = 0; - uint8_t *der; gnutls_datum_t tmp; - ret = - gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, - &der_size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - return ret; - } + /* if no DER data are present don't consider the fast flag */ + if (src->der.size == 0) + flags &= ~CRT_CPY_FAST; - der = gnutls_malloc(der_size); - if (der == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, der, - &der_size); - if (ret < 0) { - gnutls_assert(); - gnutls_free(der); - return ret; + if (!(flags & CRT_CPY_FAST)) { + ret = + gnutls_x509_crt_export2(src, GNUTLS_X509_FMT_DER, &tmp); + if (ret < 0) + return gnutls_assert_val(ret); + } else { + tmp.data = src->der.data; + tmp.size = src->der.size; } - tmp.data = der; - tmp.size = der_size; ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER); - gnutls_free(der); - - if (ret < 0) { - gnutls_assert(); - return ret; + if (!(flags & CRT_CPY_FAST)) { + gnutls_free(tmp.data); } + if (ret < 0) + return gnutls_assert_val(ret); + return 0; } diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 782365d8c4..27c0c0f356 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -126,7 +126,8 @@ typedef struct gnutls_x509_privkey_int { struct pin_info_st pin; } gnutls_x509_privkey_int; -int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src); +#define CRT_CPY_FAST 1 +int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src, unsigned flags); int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, const gnutls_datum_t * dn2);