#define DSA_PUBLIC_PARAMS 4
#define RSA_PUBLIC_PARAMS 2
-/* For key Usage, test as:
- * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ...
- */
-#define KEY_DIGITAL_SIGNATURE 128
-#define KEY_NON_REPUDIATION 64
-#define KEY_KEY_ENCIPHERMENT 32
-#define KEY_DATA_ENCIPHERMENT 16
-#define KEY_KEY_AGREEMENT 8
-#define KEY_KEY_CERT_SIGN 4
-#define KEY_CRL_SIGN 2
-#define KEY_ENCIPHER_ONLY 1
-#define KEY_DECIPHER_ONLY 32768
-
typedef struct gnutls_cert
{
/* the size of params depends on the public
if (cert != NULL)
{
if (cert->key_usage != 0)
- if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
+ if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
/* If the certificate supports signing continue.
*/
if (cert->key_usage != 0)
- if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
+ if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
tmp.data = (opaque *) input_cert;
{
gnutls_assert ();
gnutls_x509_crt_deinit (crt);
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0);
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
ret = certificate_credential_append_crt_list (res, ccert, 1);
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (ccert);
- return ret;
+ goto cleanup;
}
return ret;
+
+cleanup:
+ gnutls_free (ccert);
+ return ret;
}
/* Reads a base64 encoded certificate list from memory and stores it to
const char *ptr;
opaque *ptr2;
gnutls_datum_t tmp;
- int ret, count;
+ int ret, count, i;
gnutls_cert *certs = NULL;
/* move to the certificate
{
siz2 = _gnutls_fbase64_decode (NULL, ptr, size, &ptr2);
-
if (siz2 < 0)
{
gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
+ ret = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto cleanup;
}
certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert));
if (certs == NULL)
{
gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
}
tmp.data = ptr2;
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (certs);
- return ret;
+ goto cleanup;
}
_gnutls_free_datum (&tmp); /* free ptr2 */
if (ret < 0)
{
gnutls_assert ();
- gnutls_free (certs);
- return ret;
+ goto cleanup;
}
return count;
+
+cleanup:
+ for (i=0;i<count;i++)
+ _gnutls_gcert_deinit(&certs[i]);
+ gnutls_free(certs);
+ return ret;
}
* type algorithm, and key's usage does not permit
* encipherment, then fail.
*/
- if (!(key_usage & KEY_KEY_ENCIPHERMENT))
+ if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;
{
/* The same as above, but for sign only keys
*/
- if (!(key_usage & KEY_DIGITAL_SIGNATURE))
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
{
gnutls_assert ();
return GNUTLS_E_KEY_USAGE_VIOLATION;