lib: remove undefined behaviour when handling GOST paramset

Initial version of GOST patchset used param < 0 to represent unknown
value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was
introduced. Fix several leftovers comparing params to 0 directly.

Closes #505.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/lib/pk.c b/lib/pk.c
index b4db8033e06b170555ddf3c823c16779bf6689b4..b395f1741a1472da0762804ca602b4c27554bdbb 100644 (file)
--- a/lib/pk.c
+++ b/lib/pk.c
@@ -459,6 +459,17 @@ gnutls_pk_algorithm_t _gnutls_digest_gost(gnutls_digest_algorithm_t digest)
        return GNUTLS_PK_UNKNOWN;
 }
 
+gnutls_gost_paramset_t _gnutls_gost_paramset_default(gnutls_pk_algorithm_t pk)
+{
+       if (pk == GNUTLS_PK_GOST_01)
+               return GNUTLS_GOST_PARAMSET_CP_A;
+       else if (pk == GNUTLS_PK_GOST_12_256 ||
+                pk == GNUTLS_PK_GOST_12_512)
+               return GNUTLS_GOST_PARAMSET_TC26_Z;
+       else
+               return gnutls_assert_val(GNUTLS_GOST_PARAMSET_UNKNOWN);
+}
+
 /* some generic pk functions */
 
 int _gnutls_pk_params_copy(gnutls_pk_params_st * dst,

diff --git a/lib/pk.h b/lib/pk.h
index 1203c9ed1be5a74fa04bb39be3e49c9e542ee89e..c365eece20ea6f1c7e7595a5205bc47477d71c86 100644 (file)
--- a/lib/pk.h
+++ b/lib/pk.h
@@ -79,6 +79,7 @@ _gnutls_decode_gost_rs(const gnutls_datum_t * sig_value, bigint_t * r,
 
 gnutls_digest_algorithm_t _gnutls_gost_digest(gnutls_pk_algorithm_t pk);
 gnutls_pk_algorithm_t _gnutls_digest_gost(gnutls_digest_algorithm_t digest);
+gnutls_gost_paramset_t _gnutls_gost_paramset_default(gnutls_pk_algorithm_t pk);
 
 int
 encode_ber_digest_info(const mac_entry_st * e,

diff --git a/lib/pubkey.c b/lib/pubkey.c
index 7c9b6da5f8d0efde7cf2998b6f6339f14d8652a5..1eae075937dba6c118abb3aa4182542b8b895c49 100644 (file)
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -1560,12 +1560,8 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key,
        if (pk_algo == GNUTLS_PK_UNKNOWN)
                return GNUTLS_E_ILLEGAL_PARAMETER;
 
-       if (paramset < 0) {
-               if (pk_algo == GNUTLS_PK_GOST_01)
-                       paramset = GNUTLS_GOST_PARAMSET_CP_A;
-               else
-                       paramset = GNUTLS_GOST_PARAMSET_TC26_Z;
-       }
+       if (paramset == GNUTLS_GOST_PARAMSET_UNKNOWN)
+               paramset = _gnutls_gost_paramset_default(pk_algo);
 
        gnutls_pk_params_release(&key->params);
        gnutls_pk_params_init(&key->params);

diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index b1df8aaab3a54b43024ec4a2d52d40f292f0750d..9d67f1b3d582abb63b59e85b39217b94217539d4 100644 (file)
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -503,7 +503,7 @@ _gnutls_x509_read_gost_params(uint8_t * der, int dersize,
        if (ret != ASN1_ELEMENT_NOT_FOUND)
                param = gnutls_oid_to_gost_paramset(oid);
 
-       if (param < 0) {
+       if (param == GNUTLS_GOST_PARAMSET_UNKNOWN) {
                gnutls_assert();
                ret = param;
                goto cleanup;

diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index eea0b28b140f0f298bc333156080552b8f423495..96465cf7637a613b8fc07469b68bc7f0c61b0d0e 100644 (file)
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1207,17 +1207,14 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key,
                return GNUTLS_E_INVALID_REQUEST;
        }
 
-       if (paramset < 0) {
-               if (digest == GNUTLS_DIG_GOSTR_94)
-                       paramset = GNUTLS_GOST_PARAMSET_CP_A;
-               else
-                       paramset = GNUTLS_GOST_PARAMSET_TC26_Z;
-       }
-
        key->params.curve = curve;
-       key->params.gost_params = paramset;
        key->params.algo = _gnutls_digest_gost(digest);
 
+       if (paramset == GNUTLS_GOST_PARAMSET_UNKNOWN)
+               paramset = _gnutls_gost_paramset_default(key->params.algo);
+
+       key->params.gost_params = paramset;
+
        if (_gnutls_mpi_init_scan_nz
            (&key->params.params[GOST_X], x->data, x->size)) {
                gnutls_assert();