abstract, x509: refactor raw DSA key import logic

This switches to using DSA_{P,Q,G,X,Y} instead of magic number, and
adds check for required parameters.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/lib/pubkey.c b/lib/pubkey.c
index 42d2f724f8744aeb38ef3534cf6bcf04e94d27ac..2315070fbc5d451de2e69aef4a76850989c30c70 100644 (file)
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -1894,42 +1894,42 @@ int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *p,
                                 const gnutls_datum_t *g,
                                 const gnutls_datum_t *y)
 {
-       if (key == NULL) {
-               gnutls_assert();
-               return GNUTLS_E_INVALID_REQUEST;
+       int ret;
+
+       if (unlikely(key == NULL || p == NULL || q == NULL || g == NULL ||
+                    y == NULL)) {
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
        }
 
        gnutls_pk_params_release(&key->params);
        gnutls_pk_params_init(&key->params);
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[0], p->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_P], p->data,
                                     p->size)) {
                gnutls_assert();
-               return GNUTLS_E_MPI_SCAN_FAILED;
+               ret = GNUTLS_E_MPI_SCAN_FAILED;
+               goto cleanup;
        }
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[1], q->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_Q], q->data,
                                     q->size)) {
                gnutls_assert();
-               _gnutls_mpi_release(&key->params.params[0]);
-               return GNUTLS_E_MPI_SCAN_FAILED;
+               ret = GNUTLS_E_MPI_SCAN_FAILED;
+               goto cleanup;
        }
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[2], g->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_G], g->data,
                                     g->size)) {
                gnutls_assert();
-               _gnutls_mpi_release(&key->params.params[1]);
-               _gnutls_mpi_release(&key->params.params[0]);
-               return GNUTLS_E_MPI_SCAN_FAILED;
+               ret = GNUTLS_E_MPI_SCAN_FAILED;
+               goto cleanup;
        }
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_Y], y->data,
                                     y->size)) {
                gnutls_assert();
-               _gnutls_mpi_release(&key->params.params[2]);
-               _gnutls_mpi_release(&key->params.params[1]);
-               _gnutls_mpi_release(&key->params.params[0]);
-               return GNUTLS_E_MPI_SCAN_FAILED;
+               ret = GNUTLS_E_MPI_SCAN_FAILED;
+               goto cleanup;
        }
 
        key->params.params_nr = DSA_PUBLIC_PARAMS;
@@ -1937,6 +1937,12 @@ int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *p,
        key->bits = pubkey_to_bits(&key->params);
 
        return 0;
+
+cleanup:
+       gnutls_pk_params_clear(&key->params);
+       gnutls_pk_params_release(&key->params);
+
+       return ret;
 }
 
 /* Updates the gnutls_x509_spki_st parameters based on the signature

diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index b575a776c76d07423723f8620c83c8fd7096f550..5fb10fa203b8dbc3f9db6c8aca82d8cc2a8fdcc1 100644 (file)
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1004,28 +1004,28 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
 {
        int ret;
 
-       if (key == NULL) {
-               gnutls_assert();
-               return GNUTLS_E_INVALID_REQUEST;
+       if (unlikely(key == NULL || p == NULL || q == NULL || g == NULL ||
+                    x == NULL)) {
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
        }
 
        gnutls_pk_params_init(&key->params);
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[0], p->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_P], p->data,
                                     p->size)) {
                gnutls_assert();
                ret = GNUTLS_E_MPI_SCAN_FAILED;
                goto cleanup;
        }
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[1], q->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_Q], q->data,
                                     q->size)) {
                gnutls_assert();
                ret = GNUTLS_E_MPI_SCAN_FAILED;
                goto cleanup;
        }
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[2], g->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_G], g->data,
                                     g->size)) {
                gnutls_assert();
                ret = GNUTLS_E_MPI_SCAN_FAILED;
@@ -1033,15 +1033,15 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key,
        }
 
        if (y) {
-               if (_gnutls_mpi_init_scan_nz(&key->params.params[3], y->data,
-                                            y->size)) {
+               if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_Y],
+                                            y->data, y->size)) {
                        gnutls_assert();
                        ret = GNUTLS_E_MPI_SCAN_FAILED;
                        goto cleanup;
                }
        }
 
-       if (_gnutls_mpi_init_scan_nz(&key->params.params[4], x->data,
+       if (_gnutls_mpi_init_scan_nz(&key->params.params[DSA_X], x->data,
                                     x->size)) {
                gnutls_assert();
                ret = GNUTLS_E_MPI_SCAN_FAILED;