x509: use libtasn1's strict DER decoding rules in network obtained structures

author Nikos Mavrogiannopoulos <nmav@gnutls.org>

Mon, 9 Mar 2015 21:19:33 +0000 (22:19 +0100)

committer Nikos Mavrogiannopoulos <nmav@gnutls.org>

Mon, 9 Mar 2015 21:19:33 +0000 (22:19 +0100)
author Nikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 9 Mar 2015 21:19:33 +0000 (22:19 +0100)
committer Nikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 9 Mar 2015 21:19:33 +0000 (22:19 +0100)
diff --git a/lib/x509/common.c b/lib/x509/common.c

index 55400bfc5773c524154f75cf6d09b7ae8e63d37a..321fa7d7f4ad9f9f358ac2719d3708335fbccdb9 100644 (file)
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -375,10 +375,10 @@ decode_complex_string(const struct oid_to_string *oentry, void *value,
         }
  
         if ((result =
-            asn1_der_decoding(&tmpasn, value, value_size,
+            _asn1_strict_der_decode(&tmpasn, value, value_size,
                                asn1_err)) != ASN1_SUCCESS) {
                 gnutls_assert();
-               _gnutls_debug_log("asn1_der_decoding: %s\n", asn1_err);
+               _gnutls_debug_log("_asn1_strict_der_decode: %s\n", asn1_err);
                 asn1_delete_structure(&tmpasn);
                 return _gnutls_asn2err(result);
         }
diff --git a/lib/x509/common.h b/lib/x509/common.h

index 388831bf3bc943f04bc3ce23bcd82106841544af..ceeb58b6b200916293a3a0e138fbc1a7a836af05 100644 (file)
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -244,4 +244,10 @@ gnutls_x509_crt_t *_gnutls_sort_clist(gnutls_x509_crt_t
  
  int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr);
  
+inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider,
+                      int len, char *errorDescription)
+{
+       return asn1_der_decoding2(element, ider, &len, ASN1_DECODE_FLAG_STRICT_DER, errorDescription);
+}
+
  #endif
diff --git a/lib/x509/crl.c b/lib/x509/crl.c

index d658e966e7d43052cd2d13e7a3875041e4cfc5ea..3b70d928194e15c067ce5200fabc85641780fee4 100644 (file)
--- a/lib/x509/crl.c
+++ b/lib/x509/crl.c
@@ -158,7 +158,7 @@ gnutls_x509_crl_import(gnutls_x509_crl_t crl,
         crl->expanded = 1;
  
         result =
-           asn1_der_decoding(&crl->crl, crl->der.data, crl->der.size, NULL);
+           _asn1_strict_der_decode(&crl->crl, crl->der.data, crl->der.size, NULL);
         if (result != ASN1_SUCCESS) {
                 result = _gnutls_asn2err(result);
                 gnutls_assert();
@@ -825,7 +825,7 @@ _get_authority_key_id(gnutls_x509_crl_t cert, ASN1_TYPE * c2,
                 return _gnutls_asn2err(ret);
         }
  
-       ret = asn1_der_decoding(c2, id.data, id.size, NULL);
+       ret = _asn1_strict_der_decode(c2, id.data, id.size, NULL);
         _gnutls_free_datum(&id);
  
         if (ret != ASN1_SUCCESS) {
diff --git a/lib/x509/crq.c b/lib/x509/crq.c

index 95d784215383d1c57a2ade52e25db56001d87151..a6be6a5d82b63caa11a2833cf91c3318b620f2b8 100644 (file)
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -144,7 +144,7 @@ gnutls_x509_crq_import(gnutls_x509_crq_t crq,
         }
  
         result =
-           asn1_der_decoding(&crq->crq, _data.data, _data.size, NULL);
+           _asn1_strict_der_decode(&crq->crq, _data.data, _data.size, NULL);
         if (result != ASN1_SUCCESS) {
                 result = _gnutls_asn2err(result);
                 gnutls_assert();
@@ -221,7 +221,7 @@ gnutls_x509_crq_get_private_key_usage_period(gnutls_x509_crq_t crq,
                 goto cleanup;
         }
  
-       result = asn1_der_decoding(&c2, buf, buf_size, NULL);
+       result = _asn1_strict_der_decode(&c2, buf, buf_size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -1424,7 +1424,7 @@ gnutls_x509_crq_get_extension_info(gnutls_x509_crq_t crq, int indx,
                 goto out;
         }
  
-       result = asn1_der_decoding(&c2, extensions, extensions_size, NULL);
+       result = _asn1_strict_der_decode(&c2, extensions, extensions_size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 asn1_delete_structure(&c2);
@@ -1589,7 +1589,7 @@ gnutls_x509_crq_get_extension_data2(gnutls_x509_crq_t crq,
                 goto cleanup;
         }
  
-       result = asn1_der_decoding(&c2, extensions, extensions_size, NULL);
+       result = _asn1_strict_der_decode(&c2, extensions, extensions_size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -1785,7 +1785,7 @@ get_subject_alt_name(gnutls_x509_crq_t crq,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL);
+       result = _asn1_strict_der_decode(&c2, dnsname.data, dnsname.size, NULL);
         gnutls_free(dnsname.data);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -2281,7 +2281,7 @@ gnutls_x509_crq_get_key_purpose_oid(gnutls_x509_crq_t crq,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, prev.data, prev.size, NULL);
+       result = _asn1_strict_der_decode(&c2, prev.data, prev.size, NULL);
         gnutls_free(prev.data);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -2388,7 +2388,7 @@ gnutls_x509_crq_set_key_purpose_oid(gnutls_x509_crq_t crq,
                 /* decode it.
                  */
                 result =
-                   asn1_der_decoding(&c2, prev.data, prev.size, NULL);
+                   _asn1_strict_der_decode(&c2, prev.data, prev.size, NULL);
                 gnutls_free(prev.data);
                 if (result != ASN1_SUCCESS) {
                         gnutls_assert();
diff --git a/lib/x509/dn.c b/lib/x509/dn.c

index 140071a1db351710064de2eb47e5b0b0f45bf7d3..7d71abcbe7b5db8a3721257ac6d099b19deac897 100644 (file)
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -788,7 +788,7 @@ int gnutls_x509_dn_import(gnutls_x509_dn_t dn, const gnutls_datum_t * data)
         int result;
         char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
  
-       result = asn1_der_decoding((ASN1_TYPE *) & dn,
+       result = _asn1_strict_der_decode((ASN1_TYPE *) & dn,
                                    data->data, data->size, err);
         if (result != ASN1_SUCCESS) {
                 /* couldn't decode DER */
@@ -852,7 +852,7 @@ gnutls_x509_rdn_get(const gnutls_datum_t * idn,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+       result = _asn1_strict_der_decode(&dn, idn->data, idn->size, NULL);
         if (result != ASN1_SUCCESS) {
                 /* couldn't decode DER */
                 gnutls_assert();
@@ -906,7 +906,7 @@ gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+       result = _asn1_strict_der_decode(&dn, idn->data, idn->size, NULL);
         if (result != ASN1_SUCCESS) {
                 /* couldn't decode DER */
                 gnutls_assert();
@@ -960,7 +960,7 @@ gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&dn, idn->data, idn->size, NULL);
+       result = _asn1_strict_der_decode(&dn, idn->data, idn->size, NULL);
         if (result != ASN1_SUCCESS) {
                 /* couldn't decode DER */
                 gnutls_assert();
diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c

index 05c015e8e2827b8cf602c863bd34756b906fa060..3f674d8a775dccbb52f4bf38aadc62b50b82ebdc 100644 (file)
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -565,7 +565,7 @@ _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
  
         if (extensions_size > 0) {
                 result =
-                   asn1_der_decoding(&c2, extensions, extensions_size,
+                   _asn1_strict_der_decode(&c2, extensions, extensions_size,
                                       NULL);
                 gnutls_free(extensions);
                 if (result != ASN1_SUCCESS) {
@@ -626,7 +626,7 @@ _gnutls_x509_ext_extract_number(uint8_t * number,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL);
+       result = _asn1_strict_der_decode(&ext, extnValue, extnValueLen, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 asn1_delete_structure(&ext);
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c

index e5b9dddf8ba13434e4836767d727c5ecd83af143..fe6cfc537d36e5f10061a203ad4f62dfb9e034da 100644 (file)
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -45,7 +45,7 @@ int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out)
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&spk, der, dersize, NULL);
+       result = _asn1_strict_der_decode(&spk, der, dersize, NULL);
  
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c

index aa4784d32ec5edbca8bd5f65c66e74d75163544e..937d38a93fb0edd473205bc6f9936d52ee358ea1 100644 (file)
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -186,7 +186,7 @@ gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t * data)
         }
  
         if (req->init) {
-               /* Any earlier asn1_der_decoding will modify the ASN.1
+               /* Any earlier _asn1_strict_der_decode will modify the ASN.1
                    structure, so we need to replace it with a fresh
                    structure. */
                 asn1_delete_structure(&req->req);
@@ -200,7 +200,7 @@ gnutls_ocsp_req_import(gnutls_ocsp_req_t req, const gnutls_datum_t * data)
         }
         req->init = 1;
  
-       ret = asn1_der_decoding(&req->req, data->data, data->size, NULL);
+       ret = _asn1_strict_der_decode(&req->req, data->data, data->size, NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
                 return _gnutls_asn2err(ret);
@@ -233,7 +233,7 @@ gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
         }
  
         if (resp->init != 0) {
-               /* Any earlier asn1_der_decoding will modify the ASN.1
+               /* Any earlier _asn1_strict_der_decode will modify the ASN.1
                    structure, so we need to replace it with a fresh
                    structure. */
                 asn1_delete_structure(&resp->resp);
@@ -261,7 +261,7 @@ gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
         }
  
         resp->init = 1;
-       ret = asn1_der_decoding(&resp->resp, data->data, data->size, NULL);
+       ret = _asn1_strict_der_decode(&resp->resp, data->data, data->size, NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
                 return _gnutls_asn2err(ret);
@@ -294,7 +294,7 @@ gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
                 }
  
                 ret =
-                   asn1_der_decoding(&resp->basicresp, resp->der.data, resp->der.size,
+                   _asn1_strict_der_decode(&resp->basicresp, resp->der.data, resp->der.size,
                                       NULL);
                 if (ret != ASN1_SUCCESS) {
                         gnutls_assert();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c

index 85c95192e5650d45fb7d308471836dac0b3e8057..e05d9773191c4afcf6f2e0998c718f1efc22ace7 100644 (file)
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -148,7 +148,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key,
         }
  
         result =
-           asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size,
+           _asn1_strict_der_decode(&pkey_asn, raw_key->data, raw_key->size,
                               NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -263,7 +263,7 @@ _gnutls_privkey_decode_ecc_key(ASN1_TYPE* pkey_asn, const gnutls_datum_t * raw_k
         }
  
         ret =
-           asn1_der_decoding(pkey_asn, raw_key->data, raw_key->size,
+           _asn1_strict_der_decode(pkey_asn, raw_key->data, raw_key->size,
                               NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -370,7 +370,7 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
         pkey->params.algo = GNUTLS_PK_DSA;
  
         result =
-           asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size,
+           _asn1_strict_der_decode(&dsa_asn, raw_key->data, raw_key->size,
                               NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c

index c18067fa7d671d20248492424a7db11ba8361ddf..0065ae1d6b03bea9cffef5c7d2d841f47e0c5234 100644 (file)
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -852,7 +852,7 @@ read_pkcs_schema_params(schema_id * schema, const char *password,
                 /* Decode the parameters.
                  */
                 result =
-                   asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
+                   _asn1_strict_der_decode(&pbes2_asn, data, data_size, NULL);
                 if (result != ASN1_SUCCESS) {
                         gnutls_assert();
                         result = _gnutls_asn2err(result);
@@ -911,7 +911,7 @@ read_pkcs_schema_params(schema_id * schema, const char *password,
                 /* Decode the parameters.
                  */
                 result =
-                   asn1_der_decoding(&pbes2_asn, data, data_size, NULL);
+                   _asn1_strict_der_decode(&pbes2_asn, data, data_size, NULL);
                 if (result != ASN1_SUCCESS) {
                         gnutls_assert();
                         result = _gnutls_asn2err(result);
@@ -1078,7 +1078,7 @@ int pkcs8_key_info(const gnutls_datum_t * raw_key,
         }
  
         result =
-           asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size,
+           _asn1_strict_der_decode(&pkcs8_asn, raw_key->data, raw_key->size,
                               NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -1168,7 +1168,7 @@ pkcs8_key_decode(const gnutls_datum_t * raw_key,
         }
  
         result =
-           asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size,
+           _asn1_strict_der_decode(&pkcs8_asn, raw_key->data, raw_key->size,
                               NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -1351,7 +1351,7 @@ decode_private_key_info(const gnutls_datum_t * der,
                 goto error;
         }
  
-       result = asn1_der_decoding(&pkcs8_asn, der->data, der->size, NULL);
+       result = _asn1_strict_der_decode(&pkcs8_asn, der->data, der->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 result = _gnutls_asn2err(result);
@@ -1576,7 +1576,7 @@ read_pbkdf2_params(ASN1_TYPE pbes2_asn,
         }
  
         result =
-           asn1_der_decoding(&pbkdf2_asn, &der->data[params_start],
+           _asn1_strict_der_decode(&pbkdf2_asn, &der->data[params_start],
                               params_len, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -1764,7 +1764,7 @@ read_pbe_enc_params(ASN1_TYPE pbes2_asn,
         }
  
         result =
-           asn1_der_decoding(&pbe_asn, &der->data[params_start],
+           _asn1_strict_der_decode(&pbe_asn, &der->data[params_start],
                               params_len, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
diff --git a/lib/x509/x509.c b/lib/x509/x509.c

index d0371b87132137ab33f570a6ab9589192bb8cddb..a8cd8a9a013ab678d5b0f297fdf475c137a75ebd 100644 (file)
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -295,7 +295,7 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert,
         }
  
         if (cert->expanded) {
-               /* Any earlier asn1_der_decoding will modify the ASN.1
+               /* Any earlier _asn1_strict_der_decode will modify the ASN.1
                    structure, so we need to replace it with a fresh
                    structure. */
                 result = crt_reinit(cert);
@@ -308,7 +308,7 @@ gnutls_x509_crt_import(gnutls_x509_crt_t cert,
         cert->expanded = 1;
  
         result =
-           asn1_der_decoding(&cert->cert, cert->der.data, cert->der.size, NULL);
+           _asn1_strict_der_decode(&cert->cert, cert->der.data, cert->der.size, NULL);
         if (result != ASN1_SUCCESS) {
                 result = _gnutls_asn2err(result);
                 gnutls_assert();
@@ -3667,7 +3667,7 @@ gnutls_x509_crt_get_authority_info_access(gnutls_x509_crt_t crt,
                 return _gnutls_asn2err(ret);
         }
  
-       ret = asn1_der_decoding(&c2, aia.data, aia.size, NULL);
+       ret = _asn1_strict_der_decode(&c2, aia.data, aia.size, NULL);
         /* asn1_print_structure (stdout, c2, "", ASN1_PRINT_ALL); */
         _gnutls_free_datum(&aia);
         if (ret != ASN1_SUCCESS) {
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c

index 058a2a4595a66a8b4b4a7edcd79496dfd4c74d2e..c1f0f2d8cb327d632b657f3b7bd6d333b7838c56 100644 (file)
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -236,7 +236,7 @@ int gnutls_x509_ext_import_subject_alt_names(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -382,7 +382,7 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -587,7 +587,7 @@ int gnutls_x509_ext_import_subject_key_id(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -875,7 +875,7 @@ int gnutls_x509_ext_import_authority_key_id(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(ret);
         }
  
-       ret = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       ret = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(ret);
@@ -1075,7 +1075,7 @@ int gnutls_x509_ext_import_key_usage(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 asn1_delete_structure(&c2);
@@ -1175,7 +1175,7 @@ int gnutls_x509_ext_import_private_key_usage_period(const gnutls_datum_t * ext,
                 goto cleanup;
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -1281,7 +1281,7 @@ int gnutls_x509_ext_import_basic_constraints(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 result = _gnutls_asn2err(result);
@@ -1423,7 +1423,7 @@ int gnutls_x509_ext_import_proxy(const gnutls_datum_t * ext, int *pathlen,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 result = _gnutls_asn2err(result);
@@ -1580,7 +1580,7 @@ static int decode_user_notice(const void *data, size_t size,
                 goto cleanup;
         }
  
-       ret = asn1_der_decoding(&c2, data, size, NULL);
+       ret = _asn1_strict_der_decode(&c2, data, size, NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = GNUTLS_E_PARSING_ERROR;
@@ -1796,7 +1796,7 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext,
                 goto cleanup;
         }
  
-       ret = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       ret = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(ret);
@@ -2296,7 +2296,7 @@ int gnutls_x509_ext_import_crl_dist_points(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
  
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
@@ -2709,7 +2709,7 @@ int gnutls_x509_ext_import_aia(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(ret);
         }
  
-       ret = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       ret = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (ret != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(ret);
@@ -2932,7 +2932,7 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext,
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, ext->data, ext->size, NULL);
+       result = _asn1_strict_der_decode(&c2, ext->data, ext->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
@@ -3068,7 +3068,7 @@ int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out)
                 return _gnutls_asn2err(result);
         }
  
-       result = asn1_der_decoding(&c2, der->data, der->size, NULL);
+       result = _asn1_strict_der_decode(&c2, der->data, der->size, NULL);
         if (result != ASN1_SUCCESS) {
                 gnutls_assert();
                 ret = _gnutls_asn2err(result);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Mon, 9 Mar 2015 21:19:33 +0000 (22:19 +0100)
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>
	Mon, 9 Mar 2015 21:19:33 +0000 (22:19 +0100)
lib/x509/common.c		patch \| blob \| blame \| history
lib/x509/common.h		patch \| blob \| blame \| history
lib/x509/crl.c		patch \| blob \| blame \| history
lib/x509/crq.c		patch \| blob \| blame \| history
lib/x509/dn.c		patch \| blob \| blame \| history
lib/x509/extensions.c		patch \| blob \| blame \| history
lib/x509/mpi.c		patch \| blob \| blame \| history
lib/x509/ocsp.c		patch \| blob \| blame \| history
lib/x509/privkey.c		patch \| blob \| blame \| history
lib/x509/privkey_pkcs8.c		patch \| blob \| blame \| history
lib/x509/x509.c		patch \| blob \| blame \| history
lib/x509/x509_ext.c		patch \| blob \| blame \| history