]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Corrections in openpgp private key usage.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 16 May 2010 09:44:27 +0000 (11:44 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Thu, 3 Jun 2010 17:41:30 +0000 (19:41 +0200)
lib/auth_cert.h
lib/gnutls_x509.c
lib/openpgp/gnutls_openpgp.c

index a0a82e721347249d3062dfc8e7f579571cf2c049..dc902fe7dd29a0beac6996f38afbd267804c8639 100644 (file)
@@ -167,4 +167,7 @@ int _gnutls_get_auth_info_gcert (gnutls_cert * gcert,
                                 cert_auth_info_t info,
                                 int flags /* OR of ConvFlags */ );
 
+int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr);
+int certificate_credentials_append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey);
+
 #endif
index 58cc86ecf267ada2349469a314e7da139b021be4..24593d10a4e7d1f66d65bd8a54c01571e3300b20 100644 (file)
@@ -46,8 +46,6 @@
 #include "x509/x509_int.h"
 #include "read-file.h"
 
-static int append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr);
-static int append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey);
 
 /*
  * some x509 certificate parsing functions.
@@ -272,7 +270,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res,
       return ret;
     }
   
-  ret = append_crt_list(res, ccert, 1);
+  ret = certificate_credential_append_crt_list(res, ccert, 1);
   if (ret < 0)
     {
       gnutls_assert();
@@ -372,7 +370,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res,
     }
   while (ptr != NULL);
 
-  ret = append_crt_list(res, certs, count);
+  ret = certificate_credential_append_crt_list(res, certs, count);
   if (ret < 0)
     {
       gnutls_assert();
@@ -485,7 +483,7 @@ read_key_mem (gnutls_certificate_credentials_t res,
          return ret;
        }
 
-      ret = append_pkey(res, privkey);
+      ret = certificate_credentials_append_pkey(res, privkey);
       if (ret < 0)
        {
          gnutls_assert ();
@@ -543,7 +541,7 @@ static int read_key_url (gnutls_certificate_credentials_t res, const char* url)
       goto cleanup;
     }
     
-  ret = append_pkey(res, pkey);
+  ret = certificate_credentials_append_pkey(res, pkey);
   if (ret < 0)
     {
       gnutls_assert();
@@ -604,7 +602,7 @@ gnutls_cert * ccert;
       return ret;
     }
   
-  ret = append_crt_list(res, ccert, 1);
+  ret = certificate_credential_append_crt_list(res, ccert, 1);
   if (ret < 0)
     {
       gnutls_assert();
@@ -734,7 +732,7 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
   return 0;
 }
 
-static int append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr)
+int certificate_credential_append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *crt, int nr)
 {
   res->cert_list = gnutls_realloc_fast (res->cert_list,
                                        (1 +
@@ -762,7 +760,7 @@ static int append_crt_list( gnutls_certificate_credentials_t res, gnutls_cert *c
 
 }
 
-static int append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey)
+int certificate_credentials_append_pkey( gnutls_certificate_credentials_t res, gnutls_privkey_t pkey)
 {
   res->pkey = gnutls_realloc_fast (res->pkey,
                                        (1 + res->ncerts) *
@@ -824,7 +822,7 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
       return ret;
     }
   
-  ret = append_pkey(res, pkey);
+  ret = certificate_credentials_append_pkey(res, pkey);
   if (ret < 0)
     {
       gnutls_assert ();
@@ -849,7 +847,7 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
        }
     }
     
-  ret = append_crt_list(res, pcerts, cert_list_size);
+  ret = certificate_credential_append_crt_list(res, pcerts, cert_list_size);
   if (ret < 0) 
     {
       gnutls_assert();
index 0d798f1aba674fe9bff3a8e2c800bf2620063940..abf6407c1af5220fd053718cab0e36d36b5d92ec 100644 (file)
@@ -137,66 +137,51 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
                                    gnutls_openpgp_privkey_t pkey)
 {
   int ret;
-
+  gnutls_privkey_t privkey;
+  gnutls_cert *ccert;
   /* this should be first */
 
-  res->pkey = gnutls_realloc_fast (res->pkey,
-                                  (res->ncerts + 1) *
-                                  sizeof (gnutls_privkey_t));
-  if (res->pkey == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  ret = gnutls_privkey_init(&res->pkey[res->ncerts]);
+  ret = gnutls_privkey_init(&privkey);
   if (ret < 0) 
     {
       gnutls_assert();
       return ret;
     }
 
-  ret = gnutls_privkey_import_openpgp (res->pkey[res->ncerts], pkey, 0);
+  ret = gnutls_privkey_import_openpgp (privkey, pkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
   if (ret < 0)
     {
-      gnutls_privkey_deinit(res->pkey[res->ncerts]);
+      gnutls_privkey_deinit(privkey);
       gnutls_assert ();
       return ret;
     }
 
-  res->cert_list = gnutls_realloc_fast (res->cert_list,
-                                       (1 +
-                                        res->ncerts) *
-                                       sizeof (gnutls_cert *));
-  if (res->cert_list == NULL)
-    {
-      gnutls_assert ();
-      /* memory leak here? */
-      return GNUTLS_E_MEMORY_ERROR;
-    }
 
-  res->cert_list_length = gnutls_realloc_fast (res->cert_list_length,
-                                              (1 +
-                                               res->ncerts) * sizeof (int));
-  if (res->cert_list_length == NULL)
+  ccert = gnutls_calloc (1, sizeof (gnutls_cert));
+  if (ccert == NULL)
     {
       gnutls_assert ();
+      gnutls_privkey_deinit(privkey);
       return GNUTLS_E_MEMORY_ERROR;
     }
 
-  res->cert_list[res->ncerts] = gnutls_calloc (1, sizeof (gnutls_cert));
-  if (res->cert_list[res->ncerts] == NULL)
+  ret = _gnutls_openpgp_crt_to_gcert (ccert, crt);
+  if (ret < 0)
     {
       gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
+      gnutls_free(ccert);
+      gnutls_privkey_deinit(privkey);
+      return ret;
     }
 
-  res->cert_list_length[res->ncerts] = 1;
+  ret = certificate_credentials_append_pkey(res, privkey);
+  if (ret >=0) ret = certificate_credential_append_crt_list(res, ccert, 1);
 
-  ret = _gnutls_openpgp_crt_to_gcert (res->cert_list[res->ncerts], crt);
   if (ret < 0)
     {
-      gnutls_assert ();
+      gnutls_assert();
+      gnutls_free(ccert);
+      gnutls_privkey_deinit(privkey);
       return ret;
     }
 
@@ -440,7 +425,6 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
 
   ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
 
-  gnutls_openpgp_privkey_deinit (pkey);
   gnutls_openpgp_crt_deinit (crt);
 
   return ret;
@@ -869,8 +853,8 @@ gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
                                  gnutls_datum_t * signature)
 {
   int result, i;
-  bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
-  int params_size = MAX_PUBLIC_PARAMS_SIZE;
+  bigint_t params[MAX_PRIV_PARAMS_SIZE];
+  int params_size = MAX_PRIV_PARAMS_SIZE;
   int pk_algorithm;
   gnutls_openpgp_keyid_t keyid;