| ↓ | write_secret_key | 44 | 79 | 121 | lib/opencdk/write-packet.c | 
| 
static cdk_error_t
write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
		  int is_subkey, int old_ctb)
{
  cdk_pkt_pubkey_t pk = NULL;
  size_t size = 6, npkey, nskey;
  int pkttype, s2k_mode;
  cdk_error_t rc;
  assert (out);
  assert (sk);
  if (!sk->pk)
    return CDK_Inv_Value;
  pk = sk->pk;
  if (pk->version < 2 || pk->version > 4)
    return CDK_Inv_Packet;
  if (DEBUG_PKT)
    _cdk_log_debug ("write_secret_key:\n");
  npkey = cdk_pk_get_npkey (pk->pubkey_algo);
  nskey = cdk_pk_get_nskey (pk->pubkey_algo);
  if (!npkey || !nskey)
    {
      gnutls_assert ();
      return CDK_Inv_Algo;
    }
  if (pk->version < 4)
    size += 2;
  /* If the key is unprotected, the 1 extra byte:
     1 octet  - cipher algorithm byte (0x00)
     the other bytes depend on the mode:
     a) simple checksum -  2 octets
     b) sha-1 checksum  - 20 octets */
  size = !sk->is_protected ? size + 1 : size + 1 + calc_s2ksize (sk);
  size += calc_mpisize (pk->mpi, npkey);
  if (sk->version == 3 || !sk->is_protected)
    {
      if (sk->version == 3)
	{
	  size += 2;		/* force simple checksum */
	  sk->protect.sha1chk = 0;
	}
      else
	size += sk->protect.sha1chk ? 20 : 2;
      size += calc_mpisize (sk->mpi, nskey);
    }
  else				/* We do not know anything about the encrypted mpi's so we
				   treat the data as opaque. */
    size += sk->enclen;
  pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
  rc = pkt_write_head (out, old_ctb, size, pkttype);
  if (!rc)
    rc = stream_putc (out, pk->version);
  if (!rc)
    rc = write_32 (out, pk->timestamp);
  if (!rc && pk->version < 4)
    {
      u16 ndays = 0;
      if (pk->expiredate)
	ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
      rc = write_16 (out, ndays);
    }
  if (!rc)
    rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
  if (!rc)
    rc = write_mpibuf (out, pk->mpi, npkey);
  if (!rc) 
    {
      if (sk->is_protected == 0)
        rc = stream_putc (out, 0x00);
      else
        {
          if (is_RSA (pk->pubkey_algo) && pk->version < 4)
   	    rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
          else if (sk->protect.s2k)
            {
              s2k_mode = sk->protect.s2k->mode;
              rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
              if (!rc)
                rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
              if (!rc)
                rc = stream_putc (out, sk->protect.s2k->mode);
              if (!rc)
                rc = stream_putc (out, sk->protect.s2k->hash_algo);
              if (!rc && (s2k_mode == 1 || s2k_mode == 3))
                {
                  rc = stream_write (out, sk->protect.s2k->salt, 8);
                  if (!rc && s2k_mode == 3)
                    rc = stream_putc (out, sk->protect.s2k->count);
                }
            }
          else
            return CDK_Inv_Value;
          if (!rc)
          rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
        }
    }
  if (!rc && sk->is_protected && pk->version == 4)
    {
      if (sk->encdata && sk->enclen)
	rc = stream_write (out, sk->encdata, sk->enclen);
    }
  else
    {
      if (!rc)
	rc = write_mpibuf (out, sk->mpi, nskey);
      if (!rc)
	{
	  if (!sk->csum)
	    sk->csum = _cdk_sk_get_csum (sk);
	  rc = write_16 (out, sk->csum);
	}
    }
  return rc;
}
 | 
| ↓ | print_extensions | 43 | 128 | 239 | lib/x509/output.c | 
| 
static void
print_extensions (gnutls_string * str, const char *prefix, int type,
		  cert_type_t cert)
{
  int i, err;
  for (i = 0;; i++)
    {
      char oid[MAX_OID_SIZE] = "";
      size_t sizeof_oid = sizeof (oid);
      int critical;
      size_t san_idx = 0;
      size_t proxy_idx = 0;
      size_t basic_idx = 0;
      size_t keyusage_idx = 0;
      size_t keypurpose_idx = 0;
      size_t ski_idx = 0;
      size_t aki_idx = 0;
      size_t crldist_idx = 0;
      if (type == TYPE_CRT)
	err = gnutls_x509_crt_get_extension_info (cert.crt, i,
						  oid, &sizeof_oid,
						  &critical);
      else if (type == TYPE_CRQ)
	err = gnutls_x509_crq_get_extension_info (cert.crq, i,
						  oid, &sizeof_oid,
						  &critical);
      else
	{
	  gnutls_assert ();
	  return;
	}
      if (err < 0)
	{
	  if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	    break;
	  addf (str, "error: get_extension_info: %s\n",
		gnutls_strerror (err));
	  continue;
	}
      if (i == 0)
	addf (str, _("%s\tExtensions:\n"), prefix);
      if (strcmp (oid, "2.5.29.19") == 0)
	{
	  if (basic_idx)
	    {
	      addf (str, "error: more than one basic constraint\n");
	      continue;
	    }
	  addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
	  print_basic (str, prefix, type, cert);
	  basic_idx++;
	}
      else if (strcmp (oid, "2.5.29.14") == 0)
	{
	  if (ski_idx)
	    {
	      addf (str, "error: more than one SKI extension\n");
	      continue;
	    }
	  addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
	  if (type == TYPE_CRT)
	    print_ski (str, cert.crt);
	  ski_idx++;
	}
      else if (strcmp (oid, "2.5.29.35") == 0)
	{
	  if (aki_idx)
	    {
	      addf (str, "error: more than one AKI extension\n");
	      continue;
	    }
	  addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
	  if (type == TYPE_CRT)
	    print_aki (str, TYPE_CRT, cert);
	  aki_idx++;
	}
      else if (strcmp (oid, "2.5.29.15") == 0)
	{
	  if (keyusage_idx)
	    {
	      addf (str, "error: more than one key usage extension\n");
	      continue;
	    }
	  addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
	  print_key_usage (str, prefix, type, cert);
	  keyusage_idx++;
	}
      else if (strcmp (oid, "2.5.29.37") == 0)
	{
	  if (keypurpose_idx)
	    {
	      addf (str, "error: more than one key purpose extension\n");
	      continue;
	    }
	  addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
#ifdef ENABLE_PKI
	  print_key_purpose (str, prefix, type, cert);
#endif
	  keypurpose_idx++;
	}
      else if (strcmp (oid, "2.5.29.17") == 0)
	{
	  if (san_idx)
	    {
	      addf (str, "error: more than one SKI extension\n");
	      continue;
	    }
	  addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
	  print_san (str, prefix, type, cert);
	  san_idx++;
	}
      else if (strcmp (oid, "2.5.29.31") == 0)
	{
	  if (crldist_idx)
	    {
	      addf (str, "error: more than one CRL distribution point\n");
	      continue;
	    }
	  addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
#ifdef ENABLE_PKI
	  if (type == TYPE_CRT)
	    print_crldist (str, cert.crt);
#endif
	  crldist_idx++;
	}
      else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0)
	{
	  if (proxy_idx)
	    {
	      addf (str, "error: more than one proxy extension\n");
	      continue;
	    }
	  addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
		critical ? _("critical") : _("not critical"));
	  if (type == TYPE_CRT)
	    print_proxy (str, cert.crt);
	  proxy_idx++;
	}
      else
	{
	  char *buffer;
	  size_t extlen = 0;
	  addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
		critical ? _("critical") : _("not critical"));
	  if (type == TYPE_CRT)
	    err =
	      gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
	  else if (type == TYPE_CRQ)
	    err =
	      gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
	  else
	    {
	      gnutls_assert ();
	      return;
	    }
	  if (err < 0)
	    {
	      addf (str, "error: get_extension_data: %s\n",
		    gnutls_strerror (err));
	      continue;
	    }
	  buffer = gnutls_malloc (extlen);
	  if (!buffer)
	    {
	      addf (str, "error: malloc: %s\n", gnutls_strerror (err));
	      continue;
	    }
	  if (type == TYPE_CRT)
	    err =
	      gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
						  &extlen);
	  else if (type == TYPE_CRQ)
	    err =
	      gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
						  &extlen);
	  if (err < 0)
	    {
	      gnutls_free (buffer);
	      addf (str, "error: get_extension_data2: %s\n",
		    gnutls_strerror (err));
	      continue;
	    }
	  addf (str, _("%s\t\t\tASCII: "), prefix);
	  asciiprint (str, buffer, extlen);
	  addf (str, "\n");
	  addf (str, _("%s\t\t\tHexdump: "), prefix);
	  hexprint (str, buffer, extlen);
	  adds (str, "\n");
	  gnutls_free (buffer);
	}
    }
}
 | 
| ↓ | keydb_parse_allsigs | 42 | 104 | 179 | lib/opencdk/keydb.c | 
| 
static cdk_error_t
keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
{
  cdk_kbnode_t node, kb;
  cdk_pkt_signature_t sig;
  cdk_pkt_pubkey_t pk;
  cdk_subpkt_t s = NULL;
  u32 expiredate = 0, curtime = (u32) time (NULL);
  u32 keyid[2];
  if (!knode)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (check && !hd)
    {
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  kb = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
  if (kb)
    return 0;
  /* Reset */
  for (node = knode; node; node = node->next)
    {
      if (node->pkt->pkttype == CDK_PKT_USER_ID)
	node->pkt->pkt.user_id->is_revoked = 0;
      else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
	       node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
	node->pkt->pkt.public_key->is_revoked = 0;
    }
  kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
  if (!kb)
    {
      gnutls_assert ();
      return CDK_Wrong_Format;
    }
  cdk_pk_get_keyid (kb->pkt->pkt.public_key, keyid);
  for (node = knode; node; node = node->next)
    {
      if (node->pkt->pkttype == CDK_PKT_SIGNATURE)
	{
	  sig = node->pkt->pkt.signature;
	  /* Revocation certificates for primary keys */
	  if (sig->sig_class == 0x20)
	    {
	      kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
	      if (kb)
		{
		  kb->pkt->pkt.public_key->is_revoked = 1;
		  if (check)
		    _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
		}
	      else
		{
		  gnutls_assert ();
		  return CDK_Error_No_Key;
		}
	    }
	  /* Revocation certificates for subkeys */
	  else if (sig->sig_class == 0x28)
	    {
	      kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
	      if (kb)
		{
		  kb->pkt->pkt.public_key->is_revoked = 1;
		  if (check)
		    _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
		}
	      else
		{
		  gnutls_assert ();
		  return CDK_Error_No_Key;
		}
	    }
	  /* Revocation certifcates for user ID's */
	  else if (sig->sig_class == 0x30)
	    {
	      if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
		continue;	/* revokes an earlier signature, no userID. */
	      kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
	      if (kb)
		{
		  kb->pkt->pkt.user_id->is_revoked = 1;
		  if (check)
		    _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
		}
	      else
		{
		  gnutls_assert ();
		  return CDK_Error_No_Key;
		}
	    }
	  /* Direct certificates for primary keys */
	  else if (sig->sig_class == 0x1F)
	    {
	      kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
	      if (kb)
		{
		  pk = kb->pkt->pkt.public_key;
		  pk->is_invalid = 0;
		  s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
				       CDK_SIGSUBPKT_KEY_EXPIRE);
		  if (s)
		    {
		      expiredate = _cdk_buftou32 (s->d);
		      pk->expiredate = pk->timestamp + expiredate;
		      pk->has_expired = pk->expiredate > curtime ? 0 : 1;
		    }
		  if (check)
		    _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
		}
	      else
		{
		  gnutls_assert ();
		  return CDK_Error_No_Key;
		}
	    }
	  /* Direct certificates for subkeys */
	  else if (sig->sig_class == 0x18)
	    {
	      kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
	      if (kb)
		{
		  pk = kb->pkt->pkt.public_key;
		  pk->is_invalid = 0;
		  s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
				       CDK_SIGSUBPKT_KEY_EXPIRE);
		  if (s)
		    {
		      expiredate = _cdk_buftou32 (s->d);
		      pk->expiredate = pk->timestamp + expiredate;
		      pk->has_expired = pk->expiredate > curtime ? 0 : 1;
		    }
		  if (check)
		    _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
		}
	      else
		{
		  gnutls_assert ();
		  return CDK_Error_No_Key;
		}
	    }
	}
    }
  node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
  if (node && node->pkt->pkt.public_key->version == 3)
    {
      /* v3 public keys have no additonal signatures for the key directly.
         we say the key is valid when we have at least a self signature. */
      pk = node->pkt->pkt.public_key;
      for (node = knode; node; node = node->next)
	{
	  if (is_selfsig (node, keyid))
	    {
	      pk->is_invalid = 0;
	      break;
	    }
	}
    }
  if (node && (node->pkt->pkt.public_key->is_revoked ||
	       node->pkt->pkt.public_key->has_expired))
    {
      /* If the primary key has been revoked, mark all subkeys as invalid
         because without a primary key they are not useable */
      for (node = knode; node; node = node->next)
	{
	  if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
	    node->pkt->pkt.public_key->is_invalid = 1;
	}
    }
  return 0;
}
 | 
| ↓ | parse_pkcs12 | 45 | 168 | 297 | lib/gnutls_x509.c | 
| 
static int
parse_pkcs12 (gnutls_certificate_credentials_t res,
	      gnutls_pkcs12_t p12,
	      const char *password,
	      gnutls_x509_privkey_t * key,
	      gnutls_x509_crt_t * cert, gnutls_x509_crl_t * crl)
{
  gnutls_pkcs12_bag_t bag = NULL;
  int idx = 0;
  int ret;
  size_t cert_id_size = 0;
  size_t key_id_size = 0;
  opaque cert_id[20];
  opaque key_id[20];
  int privkey_ok = 0;
  *cert = NULL;
  *key = NULL;
  *crl = NULL;  
  /* find the first private key */
  for (;;)
    {
      int elements_in_bag;
      int i;
      ret = gnutls_pkcs12_bag_init (&bag);
      if (ret < 0)
	{
	  bag = NULL;
	  gnutls_assert ();
	  goto done;
	}
      ret = gnutls_pkcs12_get_bag (p12, idx, bag);
      if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	break;
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
      ret = gnutls_pkcs12_bag_get_type (bag, 0);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
      if (ret == GNUTLS_BAG_ENCRYPTED)
	{
	  ret = gnutls_pkcs12_bag_decrypt (bag, password);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      goto done;
	    }
	}
      elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
      if (elements_in_bag < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
      for (i = 0; i < elements_in_bag; i++)
	{
	  int type;
	  gnutls_datum_t data;
	  type = gnutls_pkcs12_bag_get_type (bag, i);
	  if (type < 0)
	    {
	      gnutls_assert ();
	      goto done;
	    }
	  ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      goto done;
	    }
	  switch (type)
	    {
	    case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
	    case GNUTLS_BAG_PKCS8_KEY:
	      if (*key != NULL) /* too simple to continue */
	        {
                  gnutls_assert();
                  break;
	        }
	        
	      ret = gnutls_x509_privkey_init (key);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  goto done;
		}
	      ret = gnutls_x509_privkey_import_pkcs8
		(*key, &data, GNUTLS_X509_FMT_DER, password,
		 type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  gnutls_x509_privkey_deinit( *key);
		  goto done;
		}
              
              key_id_size = sizeof(key_id);
              ret = gnutls_x509_privkey_get_key_id( *key, 0, key_id, &key_id_size);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  gnutls_x509_privkey_deinit( *key);
		  goto done;
		}
              
              privkey_ok = 1; /* break */
	      break;
	    default:
	      break;
	    }
	}
      idx++;
      gnutls_pkcs12_bag_deinit (bag);
      
      if (privkey_ok != 0) /* private key was found */
        break;
    }
  if (privkey_ok == 0) /* no private key */
    {
      gnutls_assert();
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  /* now find the corresponding certificate 
   */
  idx = 0;
  bag = NULL;
  for (;;)
    {
      int elements_in_bag;
      int i;
      ret = gnutls_pkcs12_bag_init (&bag);
      if (ret < 0)
	{
	  bag = NULL;
	  gnutls_assert ();
	  goto done;
	}
      ret = gnutls_pkcs12_get_bag (p12, idx, bag);
      if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	break;
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
      ret = gnutls_pkcs12_bag_get_type (bag, 0);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
      if (ret == GNUTLS_BAG_ENCRYPTED)
	{
	  ret = gnutls_pkcs12_bag_decrypt (bag, password);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      goto done;
	    }
	}
      elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
      if (elements_in_bag < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
      for (i = 0; i < elements_in_bag; i++)
	{
	  int type;
	  gnutls_datum_t data;
	  type = gnutls_pkcs12_bag_get_type (bag, i);
	  if (type < 0)
	    {
	      gnutls_assert ();
	      goto done;
	    }
	  ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      goto done;
	    }
	  switch (type)
	    {
	    case GNUTLS_BAG_CERTIFICATE:
	      if (*cert != NULL) /* no need to set it again */
	        {
	          gnutls_assert();
	          break;
                }
	      ret = gnutls_x509_crt_init (cert);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  goto done;
		}
	      ret =
		gnutls_x509_crt_import (*cert, &data, GNUTLS_X509_FMT_DER);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  gnutls_x509_crt_deinit( *cert);
		  goto done;
		}
	      /* check if the key id match */
              cert_id_size = sizeof(cert_id);
              ret = gnutls_x509_crt_get_key_id( *cert, 0, cert_id, &cert_id_size);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  gnutls_x509_crt_deinit( *cert);
		  goto done;
		}
              
              if (memcmp( cert_id, key_id, cert_id_size) != 0)
                { /* they don't match - skip the certificate */
                  gnutls_x509_crt_deinit( *cert);
                  *cert = NULL;
                }
	      break;
	    case GNUTLS_BAG_CRL:
	      if (*crl != NULL)
	        {
	          gnutls_assert();
	          break;
                }
	      ret = gnutls_x509_crl_init (crl);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  goto done;
		}
	      ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  gnutls_x509_crl_deinit( *crl);
		  goto done;
		}
	      break;
	    case GNUTLS_BAG_ENCRYPTED:
	      /* XXX Bother to recurse one level down?  Unlikely to
	         use the same password anyway. */
	    case GNUTLS_BAG_EMPTY:
	    default:
	      break;
	    }
	}
      idx++;
      gnutls_pkcs12_bag_deinit (bag);
    }
  ret = 0;
done:
  if (bag)
    gnutls_pkcs12_bag_deinit (bag);
  return ret;
}
 | 
| ↓ | print_crl | 39 | 158 | 279 | lib/x509/output.c | 
| 
static void
print_crl (gnutls_string * str, gnutls_x509_crl_t crl, int notsigned)
{
  /* Version. */
  {
    int version = gnutls_x509_crl_get_version (crl);
    if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
      adds (str, _("\tVersion: 1 (default)\n"));
    else if (version < 0)
      addf (str, "error: get_version: %s\n", gnutls_strerror (version));
    else
      addf (str, _("\tVersion: %d\n"), version);
  }
  /* Issuer. */
  if (!notsigned)
    {
      char dn[1024];
      size_t dn_size = sizeof (dn);
      int err;
      err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
      if (err < 0)
	addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
      else
	addf (str, _("\tIssuer: %s\n"), dn);
    }
  /* Validity. */
  {
    time_t tim;
    adds (str, _("\tUpdate dates:\n"));
    tim = gnutls_x509_crl_get_this_update (crl);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (gmtime_r (&tim, &t) == NULL)
	addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
      else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
	addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
      else
	addf (str, _("\t\tIssued: %s\n"), s);
    }
    tim = gnutls_x509_crl_get_next_update (crl);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (tim == -1)
	addf (str, "\t\tNo next update time.\n");
      else if (gmtime_r (&tim, &t) == NULL)
	addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
      else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
	addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
      else
	addf (str, _("\t\tNext at: %s\n"), s);
    }
  }
  /* Extensions. */
  if (gnutls_x509_crl_get_version (crl) >= 2)
    {
      size_t i;
      int err = 0;
      for (i = 0;; i++)
	{
	  char oid[MAX_OID_SIZE] = "";
	  size_t sizeof_oid = sizeof (oid);
	  int critical;
	  int crl_nr = 0;
	  int aki_idx = 0;
	  err = gnutls_x509_crl_get_extension_info (crl, i,
						    oid, &sizeof_oid,
						    &critical);
	  if (err < 0)
	    {
	      if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
		break;
	      addf (str, "error: get_extension_info: %s\n",
		    gnutls_strerror (err));
	      continue;
	    }
	  if (i == 0)
	    adds (str, _("\tExtensions:\n"));
	  if (strcmp (oid, "2.5.29.20") == 0)
	    {
	      char nr[128];
	      size_t nr_size = sizeof (nr);
	      if (crl_nr)
		{
		  addf (str, "error: more than one CRL number\n");
		  continue;
		}
	      err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
	      addf (str, _("\t\tCRL Number (%s): "),
		    critical ? _("critical") : _("not critical"));
	      if (err < 0)
		addf (str, "error: get_number: %s\n", gnutls_strerror (err));
	      else
		{
		  hexprint (str, nr, nr_size);
		  addf (str, "\n");
		}
	      crl_nr++;
	    }
	  else if (strcmp (oid, "2.5.29.35") == 0)
	    {
	      cert_type_t ccert;
	      if (aki_idx)
		{
		  addf (str, "error: more than one AKI extension\n");
		  continue;
		}
	      addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
		    critical ? _("critical") : _("not critical"));
	      ccert.crl = crl;
	      print_aki (str, TYPE_CRL, ccert);
	      aki_idx++;
	    }
	  else
	    {
	      char *buffer;
	      size_t extlen = 0;
	      addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
		    critical ? _("critical") : _("not critical"));
	      err = gnutls_x509_crl_get_extension_data (crl, i,
							NULL, &extlen);
	      if (err < 0)
		{
		  addf (str, "error: get_extension_data: %s\n",
			gnutls_strerror (err));
		  continue;
		}
	      buffer = gnutls_malloc (extlen);
	      if (!buffer)
		{
		  addf (str, "error: malloc: %s\n", gnutls_strerror (err));
		  continue;
		}
	      err = gnutls_x509_crl_get_extension_data (crl, i,
							buffer, &extlen);
	      if (err < 0)
		{
		  gnutls_free (buffer);
		  addf (str, "error: get_extension_data2: %s\n",
			gnutls_strerror (err));
		  continue;
		}
	      adds (str, _("\t\t\tASCII: "));
	      asciiprint (str, buffer, extlen);
	      adds (str, "\n");
	      adds (str, _("\t\t\tHexdump: "));
	      hexprint (str, buffer, extlen);
	      adds (str, "\n");
	      gnutls_free (buffer);
	    }
	}
    }
  /* Revoked certificates. */
  {
    int num = gnutls_x509_crl_get_crt_count (crl);
    int j;
    if (num)
      addf (str, _("\tRevoked certificates (%d):\n"), num);
    else
      adds (str, _("\tNo revoked certificates.\n"));
    for (j = 0; j < num; j++)
      {
	char serial[128];
	size_t serial_size = sizeof (serial);
	int err;
	time_t tim;
	err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
					      &serial_size, &tim);
	if (err < 0)
	  addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
	else
	  {
	    char s[42];
	    size_t max = sizeof (s);
	    struct tm t;
	    adds (str, _("\t\tSerial Number (hex): "));
	    hexprint (str, serial, serial_size);
	    adds (str, "\n");
	    if (gmtime_r (&tim, &t) == NULL)
	      addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
	    else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
	      addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
	    else
	      addf (str, _("\t\tRevoked at: %s\n"), s);
	  }
      }
  }
  /* Signature. */
  if (!notsigned)
    {
      int err;
      size_t size = 0;
      char *buffer = NULL;
      err = gnutls_x509_crl_get_signature_algorithm (crl);
      if (err < 0)
	addf (str, "error: get_signature_algorithm: %s\n",
	      gnutls_strerror (err));
      else
	{
	  const char *name = gnutls_sign_algorithm_get_name (err);
	  if (name == NULL)
	    name = _("unknown");
	  addf (str, _("\tSignature Algorithm: %s\n"), name);
	}
      if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
	{
	  adds (str, _("warning: signed using a broken signature "
		       "algorithm that can be forged.\n"));
	}
      err = gnutls_x509_crl_get_signature (crl, buffer, &size);
      if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
	  return;
	}
      buffer = gnutls_malloc (size);
      if (!buffer)
	{
	  addf (str, "error: malloc: %s\n", gnutls_strerror (err));
	  return;
	}
      err = gnutls_x509_crl_get_signature (crl, buffer, &size);
      if (err < 0)
	{
	  gnutls_free (buffer);
	  addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
	  return;
	}
      adds (str, _("\tSignature:\n"));
      hexdump (str, buffer, size, "\t\t");
      gnutls_free (buffer);
    }
}
 | 
| ↓ | file_verify_clearsign | 37 | 94 | 147 | lib/opencdk/verify.c | 
| 
static cdk_error_t
file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
{
  cdk_stream_t inp = NULL, out = NULL, tmp = NULL;
  digest_hd_st md;
  char buf[512], chk[512];
  const char *s;
  int i, is_signed = 0, nbytes;
  int digest_algo = 0;
  int err;
  cdk_error_t rc;
  if (output)
    {
      rc = cdk_stream_create (output, &out);
      if (rc)
	return rc;
    }
  rc = cdk_stream_open (file, &inp);
  if (rc)
    {
      if (output)
	cdk_stream_close (out);
      return rc;
    }
  s = "-----BEGIN PGP SIGNED MESSAGE-----";
  while (!cdk_stream_eof (inp))
    {
      nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
      if (!nbytes || nbytes == -1)
	break;
      if (!strncmp (buf, s, strlen (s)))
	{
	  is_signed = 1;
	  break;
	}
    }
  if (cdk_stream_eof (inp) && !is_signed)
    {
      rc = CDK_Armor_Error;
      goto leave;
    }
  while (!cdk_stream_eof (inp))
    {
      nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
      if (!nbytes || nbytes == -1)
	break;
      if (nbytes == 1)		/* Empty line */
	break;
      else if (!strncmp (buf, "Hash: ", 6))
	{
	  for (i = 0; digest_table[i].name; i++)
	    {
	      if (!strcmp (buf + 6, digest_table[i].name))
		{
		  digest_algo = digest_table[i].algo;
		  break;
		}
	    }
	}
    }
  if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0)
    {
      rc = CDK_Inv_Algo;
      goto leave;
    }
  if (!digest_algo)
    digest_algo = GNUTLS_DIG_MD5;
  err = _gnutls_hash_init (&md, digest_algo);
  if (err < 0)
    {
      rc = map_gnutls_error (err);
      goto leave;
    }
  s = "-----BEGIN PGP SIGNATURE-----";
  while (!cdk_stream_eof (inp))
    {
      nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
      if (!nbytes || nbytes == -1)
	break;
      if (!strncmp (buf, s, strlen (s)))
	break;
      else
	{
	  cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1);
	  i = strncmp (chk, s, strlen (s));
	  if (strlen (buf) == 0 && i == 0)
	    continue;		/* skip last '\n' */
	  _cdk_trim_string (buf, i == 0 ? 0 : 1);
	  _gnutls_hash (&md, buf, strlen (buf));
	}
      if (!strncmp (buf, "- ", 2))	/* FIXME: handle it recursive. */
	memmove (buf, buf + 2, nbytes - 2);
      if (out)
	{
	  if (strstr (buf, "\r\n"))
	    buf[strlen (buf) - 2] = '\0';
	  cdk_stream_write (out, buf, strlen (buf));
	  _cdk_stream_puts (out, _cdk_armor_get_lineend ());
	}
    }
  /* We create a temporary stream object to store the
     signature data in there. */
  rc = cdk_stream_tmp_new (&tmp);
  if (rc)
    goto leave;
  s = "-----BEGIN PGP SIGNATURE-----\n";
  _cdk_stream_puts (tmp, s);
  while (!cdk_stream_eof (inp))
    {
      nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
      if (!nbytes || nbytes == -1)
	break;
      if (nbytes < (int) (DIM (buf) - 3))
	{
	  buf[nbytes - 1] = '\n';
	  buf[nbytes] = '\0';
	}
      cdk_stream_write (tmp, buf, nbytes);
    }
  /* FIXME: This code is not very elegant. */
  cdk_stream_tmp_set_mode (tmp, STREAMCTL_READ);
  cdk_stream_seek (tmp, 0);
  cdk_stream_set_armor_flag (tmp, 0);
  cdk_stream_read (tmp, NULL, 0);
  /* the digest handle will be closed there. */
  rc = _cdk_proc_packets (hd, tmp, NULL, NULL, NULL, &md);
leave:
  _gnutls_hash_deinit (&md, NULL);
  cdk_stream_close (out);
  cdk_stream_close (tmp);
  cdk_stream_close (inp);
  return rc;
}
 | 
| ↓ | _gnutls_recv_int | 36 | 106 | 260 | lib/gnutls_record.c | 
| 
ssize_t
_gnutls_recv_int (gnutls_session_t session, content_type_t type,
		  gnutls_handshake_description_t htype, opaque * data,
		  size_t sizeofdata)
{
  gnutls_datum_t tmp;
  int decrypted_length;
  opaque version[2];
  uint8_t *headers;
  content_type_t recv_type;
  uint16_t length;
  uint8_t *ciphertext;
  uint8_t *recv_data;
  int ret, ret2;
  uint16_t header_size;
  int empty_packet = 0;
  if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL))
    {
      return GNUTLS_E_INVALID_REQUEST;
    }
begin:
  if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE)
    {
      gnutls_assert ();
      return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
    }
  if (session->internals.read_eof != 0)
    {
      /* if we have already read an EOF
       */
      return 0;
    }
  else if (session_is_valid (session) != 0
	   || session->internals.may_not_read != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_SESSION;
    }
/* If we have enough data in the cache do not bother receiving
 * a new packet. (in order to flush the cache)
 */
  ret = check_buffers (session, type, data, sizeofdata);
  if (ret != 0)
    return ret;
/* default headers for TLS 1.0
 */
  header_size = RECORD_HEADER_SIZE;
  if ((ret =
       _gnutls_io_read_buffered (session, &headers, header_size,
				 -1)) != header_size)
    {
      if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
	return ret;
      session_invalidate (session);
      if (type == GNUTLS_ALERT)
	{
	  gnutls_assert ();
	  return 0;		/* we were expecting close notify */
	}
      session_unresumable (session);
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
  if ((ret =
       record_check_headers (session, headers, type, htype, &recv_type,
			     version, &length, &header_size)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
/* Here we check if the Type of the received packet is
 * ok. 
 */
  if ((ret = check_recv_type (recv_type)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
/* Here we check if the advertized version is the one we
 * negotiated in the handshake.
 */
  if ((ret = record_check_version (session, htype, version)) < 0)
    {
      gnutls_assert ();
      session_invalidate (session);
      return ret;
    }
  _gnutls_record_log
    ("REC[%p]: Expected Packet[%d] %s(%d) with length: %d\n", session,
     (int) _gnutls_uint64touint32 (&session->connection_state.
				   read_sequence_number),
     _gnutls_packet2str (type), type, sizeofdata);
  _gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n",
		      session,
		      (int)
		      _gnutls_uint64touint32 (&session->connection_state.
					      read_sequence_number),
		      _gnutls_packet2str (recv_type), recv_type, length);
  if (length > MAX_RECV_SIZE)
    {
      _gnutls_record_log
	("REC[%p]: FATAL ERROR: Received packet with length: %d\n",
	 session, length);
      session_unresumable (session);
      session_invalidate (session);
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
/* check if we have that data into buffer. 
 */
  if ((ret =
       _gnutls_io_read_buffered (session, &recv_data,
				 header_size + length,
				 recv_type)) != header_size + length)
    {
      if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
	return ret;
      session_unresumable (session);
      session_invalidate (session);
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
/* ok now we are sure that we can read all the data - so
 * move on !
 */
  _gnutls_io_clear_read_buffer (session);
  ciphertext = &recv_data[header_size];
  ret = get_temp_recv_buffer (session, &tmp);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
/* decrypt the data we got. 
 */
  ret =
    _gnutls_decrypt (session, ciphertext, length, tmp.data, tmp.size,
		     recv_type);
  if (ret < 0)
    {
      session_unresumable (session);
      session_invalidate (session);
      gnutls_assert ();
      return ret;
    }
  decrypted_length = ret;
/* Check if this is a CHANGE_CIPHER_SPEC
 */
  if (type == GNUTLS_CHANGE_CIPHER_SPEC &&
      recv_type == GNUTLS_CHANGE_CIPHER_SPEC)
    {
      _gnutls_record_log
	("REC[%p]: ChangeCipherSpec Packet was received\n", session);
      if ((size_t) ret != sizeofdata)
	{			/* sizeofdata should be 1 */
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	}
      memcpy (data, tmp.data, sizeofdata);
      return ret;
    }
  _gnutls_record_log
    ("REC[%p]: Decrypted Packet[%d] %s(%d) with length: %d\n", session,
     (int) _gnutls_uint64touint32 (&session->connection_state.
				   read_sequence_number),
     _gnutls_packet2str (recv_type), recv_type, decrypted_length);
/* increase sequence number 
 */
  if (_gnutls_uint64pp (&session->connection_state.read_sequence_number) != 0)
    {
      session_invalidate (session);
      gnutls_assert ();
      return GNUTLS_E_RECORD_LIMIT_REACHED;
    }
  ret =
    record_check_type (session, recv_type, type, htype, tmp.data,
		       decrypted_length);
  if (ret < 0)
    {
      if (ret == GNUTLS_E_INT_RET_0)
	return 0;
      gnutls_assert ();
      return ret;
    }
/* Get Application data from buffer 
 */
  if ((recv_type == type) &&
      (type == GNUTLS_APPLICATION_DATA ||
       type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION))
    {
      ret = _gnutls_record_buffer_get (type, session, data, sizeofdata);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      /* if the buffer just got empty 
       */
      if (_gnutls_record_buffer_get_size (type, session) == 0)
	{
	  if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
	    {
	      gnutls_assert ();
	      return ret2;
	    }
	}
    }
  else
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET;
      /* we didn't get what we wanted to 
       */
    }
/* (originally for) TLS 1.0 CBC protection. 
 * Actually this code is called if we just received
 * an empty packet. An empty TLS packet is usually
 * sent to protect some vulnerabilities in the CBC mode.
 * In that case we go to the beginning and start reading
 * the next packet.
 */
  if (ret == 0)
    {
      empty_packet++;
      goto begin;
    }
  return ret;
}
 | 
| ↓ | gnutls_priority_init | 33 | 86 | 160 | lib/gnutls_priority.c | 
| 
int
gnutls_priority_init (gnutls_priority_t * priority_cache,
		      const char *priorities,
		      const char **err_pos)
{
  char *broken_list[MAX_ELEMENTS];
  int broken_list_size, i, j;
  char *darg;
  int algo;
  rmadd_func *fn;
  *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st));
  if (*priority_cache == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  if (priorities == NULL)
    priorities = "NORMAL";
  darg = gnutls_strdup (priorities);
  if (darg == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  break_comma_list (darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':');
  /* This is our default set of protocol version, certificate types and
   * compression methods.
   */
  if (strcasecmp (broken_list[0], "NONE") != 0)
    {
      _set_priority (&(*priority_cache)->protocol, protocol_priority);
      _set_priority (&(*priority_cache)->compression, comp_priority);
      _set_priority (&(*priority_cache)->cert_type, cert_type_priority);
      i = 0;
    }
  else
    {
      i = 1;
    }
  for (; i < broken_list_size; i++)
    {
      if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
	{
	  _set_priority (&(*priority_cache)->cipher,
			 cipher_priority_performance);
	  _set_priority (&(*priority_cache)->kx, kx_priority_performance);
	  _set_priority (&(*priority_cache)->mac, mac_priority_performance);
	}
      else if (strcasecmp (broken_list[i], "NORMAL") == 0)
	{
	  _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
	  _set_priority (&(*priority_cache)->kx, kx_priority_secure);
	  _set_priority (&(*priority_cache)->mac, mac_priority_secure);
	}
      else if (strcasecmp (broken_list[i], "SECURE256") == 0
	       || strcasecmp (broken_list[i], "SECURE") == 0)
	{
	  _set_priority (&(*priority_cache)->cipher,
			 cipher_priority_secure256);
	  _set_priority (&(*priority_cache)->kx, kx_priority_secure);
	  _set_priority (&(*priority_cache)->mac, mac_priority_secure);
	}
      else if (strcasecmp (broken_list[i], "SECURE128") == 0)
	{
	  _set_priority (&(*priority_cache)->cipher,
			 cipher_priority_secure128);
	  _set_priority (&(*priority_cache)->kx, kx_priority_secure);
	  _set_priority (&(*priority_cache)->mac, mac_priority_secure);
	}
      else if (strcasecmp (broken_list[i], "EXPORT") == 0)
	{
	  _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
	  _set_priority (&(*priority_cache)->kx, kx_priority_export);
	  _set_priority (&(*priority_cache)->mac, mac_priority_secure);
	}			/* now check if the element is something like -ALGO */
      else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
	       || broken_list[i][0] == '-')
	{
	  if (broken_list[i][0] == '+')
	    fn = prio_add;
	  else
	    fn = prio_remove;
	  if ((algo =
	       gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
	    fn (&(*priority_cache)->mac, algo);
	  else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
		   GNUTLS_CIPHER_UNKNOWN)
	    fn (&(*priority_cache)->cipher, algo);
	  else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) !=
		   GNUTLS_KX_UNKNOWN)
	    fn (&(*priority_cache)->kx, algo);
	  else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
	    {
	      if ((algo =
		   gnutls_protocol_get_id (&broken_list[i][6])) !=
		  GNUTLS_VERSION_UNKNOWN)
		fn (&(*priority_cache)->protocol, algo);
	    }			/* now check if the element is something like -ALGO */
	  else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
	    {
	      if ((algo =
		   gnutls_compression_get_id (&broken_list[i][6])) !=
		  GNUTLS_COMP_UNKNOWN)
		fn (&(*priority_cache)->compression, algo);
	    }			/* now check if the element is something like -ALGO */
	  else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
	    {
	      if ((algo =
		   gnutls_certificate_type_get_id (&broken_list[i][7])) !=
		  GNUTLS_CRT_UNKNOWN)
		fn (&(*priority_cache)->cert_type, algo);
	    }			/* now check if the element is something like -ALGO */
	  else
	    goto error;
	}
      else if (broken_list[i][0] == '%')
	{
	  if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
	    (*priority_cache)->no_padding = 1;
	  else if (strcasecmp (&broken_list[i][1],
			       "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
	    (*priority_cache)->additional_verify_flags |=
	      GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
	  else if (strcasecmp (&broken_list[i][1],
			       "SSL3_RECORD_VERSION") == 0)
	    (*priority_cache)->ssl3_record_version = 1;
	  else if (strcasecmp (&broken_list[i][1],
			       "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
	    (*priority_cache)->additional_verify_flags |=
	      GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
	  else
	    goto error;
	}
      else
	goto error;
    }
  gnutls_free (darg);
  return 0;
error:
  if (err_pos != NULL && i < broken_list_size)
    {
      *err_pos = priorities;
      for (j = 0; j < i; j++)
	{
	  (*err_pos) += strlen (broken_list[j]) + 1;
	}
    }
  gnutls_free (darg);
  return GNUTLS_E_INVALID_REQUEST;
}
 | 
| ↓ | read_secret_key | 32 | 91 | 131 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
{
  size_t p1, p2, nread;
  int i, nskey;
  int rc;
  if (!inp || !sk || !sk->pk)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_secret_key: %d octets\n", pktlen);
  p1 = cdk_stream_tell (inp);
  rc = read_public_key (inp, pktlen, sk->pk);
  if (rc)
    return rc;
  sk->s2k_usage = cdk_stream_getc (inp);
  sk->protect.sha1chk = 0;
  if (sk->s2k_usage == 254 || sk->s2k_usage == 255)
    {
      sk->protect.sha1chk = (sk->s2k_usage == 254);
      sk->protect.algo = _pgp_cipher_to_gnutls (cdk_stream_getc (inp));
      sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k);
      if (!sk->protect.s2k)
	return CDK_Out_Of_Core;
      rc = read_s2k (inp, sk->protect.s2k);
      if (rc)
	return rc;
      /* refer to --export-secret-subkeys in gpg(1) */
      if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
	sk->protect.ivlen = 0;
      else
	{
	  sk->protect.ivlen =
	    _gnutls_cipher_get_block_size (sk->protect.algo);
	  if (!sk->protect.ivlen)
	    return CDK_Inv_Packet;
	  rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
	  if (rc)
	    return rc;
	  if (nread != sk->protect.ivlen)
	    return CDK_Inv_Packet;
	}
    }
  else
    sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage);
  if (sk->protect.algo == GNUTLS_CIPHER_NULL)
    {
      sk->csum = 0;
      nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
      if (!nskey)
	{
	  gnutls_assert ();
	  return CDK_Inv_Algo;
	}
      for (i = 0; i < nskey; i++)
	{
	  rc = read_mpi (inp, &sk->mpi[i], 1);
	  if (rc)
	    return rc;
	}
      sk->csum = read_16 (inp);
      sk->is_protected = 0;
    }
  else if (sk->pk->version < 4)
    {
      /* The length of each multiprecision integer is stored in plaintext. */
      nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
      if (!nskey)
	{
	  gnutls_assert ();
	  return CDK_Inv_Algo;
	}
      for (i = 0; i < nskey; i++)
	{
	  rc = read_mpi (inp, &sk->mpi[i], 1);
	  if (rc)
	    return rc;
	}
      sk->csum = read_16 (inp);
      sk->is_protected = 1;
    }
  else
    {
      /* We need to read the rest of the packet because we do not
         have any information how long the encrypted mpi's are */
      p2 = cdk_stream_tell (inp);
      p2 -= p1;
      sk->enclen = pktlen - p2;
      if (sk->enclen < 2)
	return CDK_Inv_Packet;	/* at least 16 bits for the checksum! */
      sk->encdata = cdk_calloc (1, sk->enclen + 1);
      if (!sk->encdata)
	return CDK_Out_Of_Core;
      if (stream_read (inp, sk->encdata, sk->enclen, &nread))
	return CDK_Inv_Packet;
      /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
      if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
	{
	  unsigned char gnumode;
	  if ((sk->enclen < strlen ("GNU") + 1) ||
	      (0 != memcmp ("GNU", sk->encdata, strlen ("GNU"))))
	    return CDK_Inv_Packet;
	  gnumode = sk->encdata[strlen ("GNU")];
	  /* we only handle gnu-dummy (mode 1).
	     mode 2 should refer to external smart cards.
	   */
	  if (gnumode != 1)
	    return CDK_Inv_Packet;
	  /* gnu-dummy should have no more data */
	  if (sk->enclen != strlen ("GNU") + 1)
	    return CDK_Inv_Packet;
	}
      nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
      if (!nskey)
	{
	  gnutls_assert ();
	  return CDK_Inv_Algo;
	}
      /* We mark each MPI entry with NULL to indicate a protected key. */
      for (i = 0; i < nskey; i++)
	sk->mpi[i] = NULL;
      sk->is_protected = 1;
    }
  sk->is_primary = 1;
  _cdk_copy_pk_to_sk (sk->pk, sk);
  return 0;
}
 | 
| ↓ | keydb_merge_selfsig | 30 | 86 | 117 | lib/opencdk/keydb.c | 
| 
static cdk_error_t
keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid)
{
  cdk_kbnode_t node, kbnode, unode;
  cdk_subpkt_t s = NULL;
  cdk_pkt_signature_t sig = NULL;
  cdk_pkt_userid_t uid = NULL;
  const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
  size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
  size_t key_expire = 0;
  if (!key)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  for (node = key; node; node = node->next)
    {
      if (!is_selfsig (node, keyid))
	continue;
      unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID);
      if (!unode)
	{
	  gnutls_assert ();
	  return CDK_Error_No_Key;
	}
      uid = unode->pkt->pkt.user_id;
      sig = node->pkt->pkt.signature;
      s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID);
      if (s)
	uid->is_primary = 1;
      s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES);
      if (s && s->size == 1 && s->d[0] & 0x01)
	uid->mdc_feature = 1;
      s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
      if (s && s->size == 4)
	key_expire = _cdk_buftou32 (s->d);
      s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
      if (s)
	{
	  symalg = s->d;
	  nsymalg = s->size;
	  n += s->size + 1;
	}
      s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
      if (s)
	{
	  hashalg = s->d;
	  nhashalg = s->size;
	  n += s->size + 1;
	}
      s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
      if (s)
	{
	  compalg = s->d;
	  ncompalg = s->size;
	  n += s->size + 1;
	}
      if (uid->prefs != NULL)
	cdk_free (uid->prefs);
      if (!n || !hashalg || !compalg || !symalg)
	uid->prefs = NULL;
      else
	{
	  uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
	  if (!uid->prefs)
	    {
	      gnutls_assert ();
	      return CDK_Out_Of_Core;
	    }
	  n = 0;
	  for (; nsymalg; nsymalg--, n++)
	    {
	      uid->prefs[n].type = CDK_PREFTYPE_SYM;
	      uid->prefs[n].value = *symalg++;
	    }
	  for (; nhashalg; nhashalg--, n++)
	    {
	      uid->prefs[n].type = CDK_PREFTYPE_HASH;
	      uid->prefs[n].value = *hashalg++;
	    }
	  for (; ncompalg; ncompalg--, n++)
	    {
	      uid->prefs[n].type = CDK_PREFTYPE_ZIP;
	      uid->prefs[n].value = *compalg++;
	    }
	  uid->prefs[n].type = CDK_PREFTYPE_NONE;	/* end of list marker */
	  uid->prefs[n].value = 0;
	  uid->prefs_size = n;
	}
    }
  /* Now we add the extracted information to the primary key. */
  kbnode = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
  if (kbnode)
    {
      cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
      if (uid && uid->prefs && n)
	{
	  if (pk->prefs != NULL)
	    cdk_free (pk->prefs);
	  pk->prefs = _cdk_copy_prefs (uid->prefs);
	  pk->prefs_size = n;
	}
      if (key_expire)
	{
	  pk->expiredate = pk->timestamp + key_expire;
	  pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1;
	}
      pk->is_invalid = 0;
    }
  return 0;
}
 | 
| ↓ | cdk_keydb_get_keyblock | 30 | 74 | 133 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode)
{
  cdk_packet_t pkt;
  cdk_kbnode_t knode, node;
  cdk_desig_revoker_t revkeys;
  cdk_error_t rc;
  u32 keyid[2], main_keyid[2];
  off_t old_off;
  int key_seen, got_key;
  if (!inp || !r_knode)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  /* Reset all values. */
  keyid[0] = keyid[1] = 0;
  main_keyid[0] = main_keyid[1] = 0;
  revkeys = NULL;
  knode = NULL;
  key_seen = got_key = 0;
  *r_knode = NULL;
  rc = CDK_EOF;
  while (!cdk_stream_eof (inp))
    {
      cdk_pkt_new (&pkt);
      old_off = cdk_stream_tell (inp);
      rc = cdk_pkt_read (inp, pkt);
      if (rc)
	{
	  cdk_pkt_release (pkt);
	  if (rc == CDK_EOF)
	    break;
	  else
	    {			/* Release all packets we reached so far. */
	      _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
	      cdk_kbnode_release (knode);
	      gnutls_assert ();
	      return rc;
	    }
	}
      if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
	  pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
	  pkt->pkttype == CDK_PKT_SECRET_KEY ||
	  pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
	{
	  if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
			   pkt->pkttype == CDK_PKT_SECRET_KEY))
	    {
	      /* The next key starts here so set the file pointer
	         and leave the loop. */
	      cdk_stream_seek (inp, old_off);
	      cdk_pkt_release (pkt);
	      break;
	    }
	  if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
	      pkt->pkttype == CDK_PKT_SECRET_KEY)
	    {
	      _cdk_pkt_get_keyid (pkt, main_keyid);
	      key_seen = 1;
	    }
	  else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
		   pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
	    {
	      if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
		{
		  pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
		  pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
		}
	      else
		{
		  pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
		  pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
		}
	    }
	  /* We save this for the signature */
	  _cdk_pkt_get_keyid (pkt, keyid);
	  got_key = 1;
	}
      else if (pkt->pkttype == CDK_PKT_USER_ID)
	;
      else if (pkt->pkttype == CDK_PKT_SIGNATURE)
	{
	  cdk_subpkt_t s;
	  pkt->pkt.signature->key[0] = keyid[0];
	  pkt->pkt.signature->key[1] = keyid[1];
	  if (pkt->pkt.signature->sig_class == 0x1F &&
	      pkt->pkt.signature->revkeys)
	    revkeys = pkt->pkt.signature->revkeys;
	  s =
	    cdk_subpkt_find (pkt->pkt.signature->hashed,
			     CDK_SIGSUBPKT_KEY_FLAGS);
	  if (s)
	    {
	      unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
	      add_key_usage (knode, pkt->pkt.signature->key, key_usage);
	    }
	}
      node = cdk_kbnode_new (pkt);
      if (!knode)
	knode = node;
      else
	_cdk_kbnode_add (knode, node);
    }
  if (got_key)
    {
      keydb_merge_selfsig (knode, main_keyid);
      rc = keydb_parse_allsigs (knode, NULL, 0);
      if (revkeys)
	{
	  node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
	  if (node)
	    node->pkt->pkt.public_key->revkeys = revkeys;
	}
    }
  else
    cdk_kbnode_release (knode);
  *r_knode = got_key ? knode : NULL;
  /* It is possible that we are in an EOF condition after we
     successfully read a keyblock. For example if the requested
     key is the last in the file. */
  if (rc == CDK_EOF && got_key)
    rc = 0;
  return rc;
}
 | 
| ↓ | _gnutls_parse_general_name | 30 | 100 | 185 | lib/x509/x509.c | 
| 
int
_gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
			    int seq, void *name, size_t * name_size,
			    unsigned int *ret_type, int othername_oid)
{
  unsigned int len;
  char nptr[ASN1_MAX_NAME_SIZE];
  int result;
  opaque choice_type[128];
  gnutls_x509_subject_alt_name_t type;
  seq++;			/* 0->1, 1->2 etc */
  if (src_name[0] != 0)
    snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
  else
    snprintf (nptr, sizeof (nptr), "?%u", seq);
  len = sizeof (choice_type);
  result = asn1_read_value (src, nptr, choice_type, &len);
  if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  type = _gnutls_x509_san_find_type (choice_type);
  if (type == (gnutls_x509_subject_alt_name_t) - 1)
    {
      gnutls_assert ();
      return GNUTLS_E_X509_UNKNOWN_SAN;
    }
  if (ret_type)
    *ret_type = type;
  if (type == GNUTLS_SAN_OTHERNAME)
    {
      if (othername_oid)
	_gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id");
      else
	_gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value");
      len = *name_size;
      result = asn1_read_value (src, nptr, name, &len);
      *name_size = len;
      if (result == ASN1_MEM_ERROR)
	return GNUTLS_E_SHORT_MEMORY_BUFFER;
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      if (othername_oid)
	{
	  if (len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0)
	    type = GNUTLS_SAN_OTHERNAME_XMPP;
	}
      else
	{
	  char oid[42];
	  if (src_name[0] != 0)
	    snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
		      src_name, seq);
	  else
	    snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
	  len = sizeof (oid);
	  result = asn1_read_value (src, nptr, oid, &len);
	  if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      return _gnutls_asn2err (result);
	    }
	  if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0)
	    {
	      ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
	      size_t orig_name_size = *name_size;
	      result = asn1_create_element
		(_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2);
	      if (result != ASN1_SUCCESS)
		{
		  gnutls_assert ();
		  return _gnutls_asn2err (result);
		}
	      result = asn1_der_decoding (&c2, name, *name_size, NULL);
	      if (result != ASN1_SUCCESS)
		{
		  gnutls_assert ();
		  asn1_delete_structure (&c2);
		  return _gnutls_asn2err (result);
		}
	      len = *name_size;
	      result = asn1_read_value (c2, "", name, &len);
	      if (result != ASN1_SUCCESS)
		{
		  gnutls_assert ();
		  asn1_delete_structure (&c2);
		  *name_size = len + 1;
		  return _gnutls_asn2err (result);
		}
	      asn1_delete_structure (&c2);
	      if (len + 1 > orig_name_size)
		{
		  gnutls_assert ();
		  *name_size = len + 1;
		  return GNUTLS_E_SHORT_MEMORY_BUFFER;
		}
	      *name_size = len;
	      /* null terminate it */
	      ((char *) name)[*name_size] = 0;
	    }
	}
    }
  else if (type == GNUTLS_SAN_DN)
    {
      _gnutls_str_cat (nptr, sizeof (nptr), ".directoryName");
      result = _gnutls_x509_parse_dn (src, nptr, name, name_size);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
    }
  else if (othername_oid)
    return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
  else
    {
      size_t orig_name_size = *name_size;
      _gnutls_str_cat (nptr, sizeof (nptr), ".");
      _gnutls_str_cat (nptr, sizeof (nptr), choice_type);
      len = *name_size;
      result = asn1_read_value (src, nptr, name, &len);
      *name_size = len;
      if (result == ASN1_MEM_ERROR)
	{
	  if (is_type_printable (type))
	    (*name_size)++;
	  return GNUTLS_E_SHORT_MEMORY_BUFFER;
	}
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      if (is_type_printable (type))
	{
	  if (len + 1 > orig_name_size)
	    {
	      gnutls_assert ();
	      (*name_size)++;
	      return GNUTLS_E_SHORT_MEMORY_BUFFER;
	    }
	  /* null terminate it */
	  ((char *) name)[*name_size] = 0;
	}
    }
  return type;
}
 | 
| ↓ | armor_decode | 28 | 72 | 121 | lib/opencdk/armor.c | 
| 
static cdk_error_t
armor_decode (void *data, FILE * in, FILE * out)
{
  armor_filter_t *afx = data;
  const char *s;
  char buf[127];
  byte raw[128], crcbuf[4];
  u32 crc2 = 0;
  ssize_t nread = 0;
  int i, pgp_data = 0;
  cdk_error_t rc = 0;
  if (!afx)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  _cdk_log_debug ("armor filter: decode\n");
  fseek (in, 0, SEEK_SET);
  /* Search the begin of the message */
  while (!feof (in) && !pgp_data)
    {
      s = fgets (buf, DIM (buf) - 1, in);
      if (!s)
	break;
      afx->idx = search_header (buf, armor_begin);
      if (afx->idx >= 0)
	pgp_data = 1;
    }
  if (feof (in) || !pgp_data)
    {
      gnutls_assert ();
      return CDK_Armor_Error;	/* no data found */
    }
  /* Parse header until the empty line is reached */
  while (!feof (in))
    {
      s = fgets (buf, DIM (buf) - 1, in);
      if (!s)
	return CDK_EOF;
      if (strlen (s) == strlen (LF))
	{
	  rc = 0;
	  break;		/* empty line */
	}
      /* From RFC2440: OpenPGP should consider improperly formatted Armor
         Headers to be corruption of the ASCII Armor. A colon and a single
         space separate the key and value. */
      if (!strstr (buf, ": "))
	{
	  gnutls_assert ();
	  return CDK_Armor_Error;
	}
      rc = CDK_General_Error;
      for (i = 0; (s = valid_headers[i]); i++)
	{
	  if (!strncmp (s, buf, strlen (s)))
	    rc = 0;
	}
      if (rc)
	{
	  /* From RFC2440: Unknown keys should be reported to the user,
	     but OpenPGP should continue to process the message. */
	  _cdk_log_info ("unknown header: `%s'\n", buf);
	  rc = 0;
	}
    }
  /* Read the data body */
  while (!feof (in))
    {
      s = fgets (buf, DIM (buf) - 1, in);
      if (!s)
	break;
      buf[strlen (buf) - strlen (LF)] = '\0';
      if (buf[0] == '=' && strlen (s) == 5)
	{			/* CRC */
	  memset (crcbuf, 0, sizeof (crcbuf));
	  base64_decode (crcbuf, buf + 1);
	  crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2];
	  break;		/* stop here */
	}
      else
	{
	  nread = base64_decode (raw, buf);
	  if (nread == -1 || nread == 0)
	    break;
	  afx->crc = update_crc (afx->crc, raw, nread);
	  fwrite (raw, 1, nread, out);
	}
    }
  /* Search the tail of the message */
  s = fgets (buf, DIM (buf) - 1, in);
  if (s)
    {
      buf[strlen (buf) - strlen (LF)] = '\0';
      rc = CDK_General_Error;
      afx->idx2 = search_header (buf, armor_end);
      if (afx->idx2 >= 0)
	rc = 0;
    }
  /* This catches error when no tail was found or the header is
     different then the tail line. */
  if (rc || afx->idx != afx->idx2)
    rc = CDK_Armor_Error;
  afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
  if (!afx->crc_okay && !rc)
    {
      _cdk_log_debug ("file crc=%08lX afx_crc=%08lX\n", crc2, afx->crc);
      rc = CDK_Armor_CRC_Error;
    }
  return rc;
}
 | 
| ↓ | literal_decode | 28 | 67 | 103 | lib/opencdk/literal.c | 
| 
static cdk_error_t
literal_decode (void *data, FILE * in, FILE * out)
{
  literal_filter_t *pfx = data;
  cdk_stream_t si, so;
  cdk_packet_t pkt;
  cdk_pkt_literal_t pt;
  byte buf[BUFSIZE];
  ssize_t nread;
  int bufsize;
  cdk_error_t rc;
  _cdk_log_debug ("literal filter: decode\n");
  if (!pfx || !in || !out)
    return CDK_Inv_Value;
  rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
  if (rc)
    return rc;
  cdk_pkt_new (&pkt);
  rc = cdk_pkt_read (si, pkt);
  if (rc || pkt->pkttype != CDK_PKT_LITERAL)
    {
      cdk_pkt_release (pkt);
      cdk_stream_close (si);
      return !rc ? CDK_Inv_Packet : rc;
    }
  rc = _cdk_stream_fpopen (out, STREAMCTL_WRITE, &so);
  if (rc)
    {
      cdk_pkt_release (pkt);
      cdk_stream_close (si);
      return rc;
    }
  pt = pkt->pkt.literal;
  pfx->mode = pt->mode;
  if (pfx->filename && pt->namelen > 0)
    {
      /* The name in the literal packet is more authorative. */
      cdk_free (pfx->filename);
      pfx->filename = dup_trim_filename (pt->name);
    }
  else if (!pfx->filename && pt->namelen > 0)
    pfx->filename = dup_trim_filename (pt->name);
  else if (!pt->namelen && !pfx->filename && pfx->orig_filename)
    {
      /* In this case, we need to derrive the output file name
         from the original name and cut off the OpenPGP extension.
         If this is not possible, we return an error. */
      if (!stristr (pfx->orig_filename, ".gpg") &&
	  !stristr (pfx->orig_filename, ".pgp") &&
	  !stristr (pfx->orig_filename, ".asc"))
	{
	  cdk_pkt_release (pkt);
	  cdk_stream_close (si);
	  cdk_stream_close (so);
	  _cdk_log_debug
	    ("literal filter: no file name and no PGP extension\n");
	  return CDK_Inv_Mode;
	}
      _cdk_log_debug ("literal filter: derrive file name from original\n");
      pfx->filename = dup_trim_filename (pfx->orig_filename);
      pfx->filename[strlen (pfx->filename) - 4] = '\0';
    }
  while (!feof (in))
    {
      _cdk_log_debug ("literal_decode: part on %d size %lu\n",
		      pfx->blkmode.on, pfx->blkmode.size);
      if (pfx->blkmode.on)
	bufsize = pfx->blkmode.size;
      else
	bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf);
      nread = cdk_stream_read (pt->buf, buf, bufsize);
      if (nread == EOF)
	{
	  rc = CDK_File_Error;
	  break;
	}
      if (pfx->md_initialized)
	_gnutls_hash (&pfx->md, buf, nread);
      cdk_stream_write (so, buf, nread);
      pt->len -= nread;
      if (pfx->blkmode.on)
	{
	  pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on);
	  if ((ssize_t) pfx->blkmode.size == EOF)
	    return CDK_Inv_Packet;
	}
      if (pt->len <= 0 && !pfx->blkmode.on)
	break;
    }
  cdk_stream_close (si);
  cdk_stream_close (so);
  cdk_pkt_release (pkt);
  return rc;
}
 | 
| ↓ | print_san | 32 | 90 | 174 | lib/x509/output.c | 
| 
static void
print_san (gnutls_string * str, const char *prefix, int type,
	   cert_type_t cert)
{
  unsigned int san_idx;
  char str_ip[64];
  char *p;
  for (san_idx = 0;; san_idx++)
    {
      char *buffer = NULL;
      size_t size = 0;
      int err;
      if (type == TYPE_CRT)
	err =
	  gnutls_x509_crt_get_subject_alt_name (cert.crt, san_idx, buffer,
						&size, NULL);
      else if (type == TYPE_CRQ)
	err =
	  gnutls_x509_crq_get_subject_alt_name (cert.crq, san_idx, buffer,
						&size, NULL, NULL);
      else
	return;
      if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	break;
      if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  addf (str, "error: get_subject_alt_name: %s\n",
		gnutls_strerror (err));
	  return;
	}
      buffer = gnutls_malloc (size);
      if (!buffer)
	{
	  addf (str, "error: malloc: %s\n", gnutls_strerror (err));
	  return;
	}
      if (type == TYPE_CRT)
	err =
	  gnutls_x509_crt_get_subject_alt_name (cert.crt, san_idx, buffer,
						&size, NULL);
      else if (type == TYPE_CRQ)
	err =
	  gnutls_x509_crq_get_subject_alt_name (cert.crq, san_idx, buffer,
						&size, NULL, NULL);
      if (err < 0)
	{
	  gnutls_free (buffer);
	  addf (str, "error: get_subject_alt_name2: %s\n",
		gnutls_strerror (err));
	  return;
	}
      if ((err == GNUTLS_SAN_DNSNAME
	   || err == GNUTLS_SAN_RFC822NAME
	   || err == GNUTLS_SAN_URI) &&
	  strlen (buffer) != size)
	{
	  adds (str, _("warning: SAN contains an embedded NUL, "
		       "replacing with '!'\n"));
	  while (strlen (buffer) < size)
	    buffer[strlen (buffer)] = '!';
	}
      switch (err)
	{
	case GNUTLS_SAN_DNSNAME:
	  addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer);
	  break;
	case GNUTLS_SAN_RFC822NAME:
	  addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size, buffer);
	  break;
	case GNUTLS_SAN_URI:
	  addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer);
	  break;
	case GNUTLS_SAN_IPADDRESS:
	  p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
	  if (p == NULL)
	    p = ERROR_STR;
	  addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
	  break;
	case GNUTLS_SAN_DN:
	  addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
		(int) size, buffer);
	  break;
	case GNUTLS_SAN_OTHERNAME:
	  {
	    char *oid = NULL;
	    size_t oidsize;
	    oidsize = 0;
	    if (type == TYPE_CRT)
	      err = gnutls_x509_crt_get_subject_alt_othername_oid
		(cert.crt, san_idx, oid, &oidsize);
	    else if (type == TYPE_CRQ)
	      err = gnutls_x509_crq_get_subject_alt_othername_oid
		(cert.crq, san_idx, oid, &oidsize);
	    if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
	      {
		gnutls_free (buffer);
		addf (str, "error: get_subject_alt_othername_oid: %s\n",
		      gnutls_strerror (err));
		return;
	      }
	    oid = gnutls_malloc (oidsize);
	    if (!oid)
	      {
		gnutls_free (buffer);
		addf (str, "error: malloc: %s\n", gnutls_strerror (err));
		return;
	      }
	    if (type == TYPE_CRT)
	      err = gnutls_x509_crt_get_subject_alt_othername_oid
		(cert.crt, san_idx, oid, &oidsize);
	    else if (type == TYPE_CRQ)
	      err = gnutls_x509_crq_get_subject_alt_othername_oid
		(cert.crq, san_idx, oid, &oidsize);
	    if (err < 0)
	      {
		gnutls_free (buffer);
		gnutls_free (oid);
		addf (str, "error: get_subject_alt_othername_oid2: %s\n",
		      gnutls_strerror (err));
		return;
	      }
	    if (err == GNUTLS_SAN_OTHERNAME_XMPP)
	      {
		if (strlen (buffer) != size)
		  {
		    adds (str, _("warning: SAN contains an embedded NUL, "
				 "replacing with '!'\n"));
		    while (strlen (buffer) < size)
		      buffer[strlen (buffer)] = '!';
		  }
		addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
		      (int) size, buffer);
	      }
	    else
	      {
		addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
		      (int) oidsize, oid);
		addf (str, _("%s\t\t\totherName DER: "), prefix);
		hexprint (str, buffer, size);
		addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
		asciiprint (str, buffer, size);
		addf (str, "\n");
	      }
	    gnutls_free (oid);
	  }
	  break;
	default:
	  addf (str, "error: unknown SAN\n");
	  break;
	}
      gnutls_free (buffer);
    }
}
 | 
| ↓ | _gnutls_set_keys | 27 | 106 | 283 | lib/gnutls_constate.c | 
| 
static int
_gnutls_set_keys (gnutls_session_t session, int hash_size, int IV_size,
		  int key_size, int export_flag)
{
  /* FIXME: This function is too long
   */
  opaque rnd[2 * GNUTLS_RANDOM_SIZE];
  opaque rrnd[2 * GNUTLS_RANDOM_SIZE];
  int pos, ret;
  int block_size;
  char buf[65];
  /* avoid using malloc */
  opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
		   2 * MAX_CIPHER_BLOCK_SIZE];
  if (session->cipher_specs.generated_keys != 0)
    {
      /* keys have already been generated.
       * reset generated_keys and exit normally.
       */
      session->cipher_specs.generated_keys = 0;
      return 0;
    }
  block_size = 2 * hash_size + 2 * key_size;
  if (export_flag == 0)
    block_size += 2 * IV_size;
  memcpy (rnd, session->security_parameters.server_random,
	  GNUTLS_RANDOM_SIZE);
  memcpy (&rnd[GNUTLS_RANDOM_SIZE],
	  session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
  memcpy (rrnd, session->security_parameters.client_random,
	  GNUTLS_RANDOM_SIZE);
  memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
	  session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
  if (session->security_parameters.version == GNUTLS_SSL3)
    {				/* SSL 3 */
      ret =
	_gnutls_ssl3_generate_random
	(session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
	 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
    }
  else
    {				/* TLS 1.0 */
      ret =
	_gnutls_PRF (session, session->security_parameters.master_secret,
		     GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
		     rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
    }
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
		    _gnutls_bin2hex (key_block, block_size, buf,
				     sizeof (buf)));
  _gnutls_free_datum (&session->cipher_specs.server_write_mac_secret);
  _gnutls_free_datum (&session->cipher_specs.client_write_mac_secret);
  _gnutls_free_datum (&session->cipher_specs.server_write_IV);
  _gnutls_free_datum (&session->cipher_specs.client_write_IV);
  _gnutls_free_datum (&session->cipher_specs.server_write_key);
  _gnutls_free_datum (&session->cipher_specs.client_write_key);
  pos = 0;
  if (hash_size > 0)
    {
      if (_gnutls_sset_datum
	  (&session->cipher_specs.client_write_mac_secret,
	   &key_block[pos], hash_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      pos += hash_size;
      if (_gnutls_sset_datum
	  (&session->cipher_specs.server_write_mac_secret,
	   &key_block[pos], hash_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      pos += hash_size;
    }
  if (key_size > 0)
    {
      opaque key1[EXPORT_FINAL_KEY_SIZE];
      opaque key2[EXPORT_FINAL_KEY_SIZE];
      opaque *client_write_key, *server_write_key;
      int client_write_key_size, server_write_key_size;
      if (export_flag == 0)
	{
	  client_write_key = &key_block[pos];
	  client_write_key_size = key_size;
	  pos += key_size;
	  server_write_key = &key_block[pos];
	  server_write_key_size = key_size;
	  pos += key_size;
	}
      else
	{			/* export */
	  client_write_key = key1;
	  server_write_key = key2;
	  /* generate the final keys */
	  if (session->security_parameters.version == GNUTLS_SSL3)
	    {			/* SSL 3 */
	      ret =
		_gnutls_ssl3_hash_md5 (&key_block[pos],
				       key_size, rrnd,
				       2 * GNUTLS_RANDOM_SIZE,
				       EXPORT_FINAL_KEY_SIZE,
				       client_write_key);
	    }
	  else
	    {			/* TLS 1.0 */
	      ret =
		_gnutls_PRF (session, &key_block[pos], key_size,
			     cliwrite, cliwrite_length,
			     rrnd,
			     2 * GNUTLS_RANDOM_SIZE,
			     EXPORT_FINAL_KEY_SIZE, client_write_key);
	    }
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  client_write_key_size = EXPORT_FINAL_KEY_SIZE;
	  pos += key_size;
	  if (session->security_parameters.version == GNUTLS_SSL3)
	    {			/* SSL 3 */
	      ret =
		_gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
				       rnd, 2 * GNUTLS_RANDOM_SIZE,
				       EXPORT_FINAL_KEY_SIZE,
				       server_write_key);
	    }
	  else
	    {			/* TLS 1.0 */
	      ret =
		_gnutls_PRF (session, &key_block[pos], key_size,
			     servwrite, servwrite_length,
			     rrnd, 2 * GNUTLS_RANDOM_SIZE,
			     EXPORT_FINAL_KEY_SIZE, server_write_key);
	    }
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  server_write_key_size = EXPORT_FINAL_KEY_SIZE;
	  pos += key_size;
	}
      if (_gnutls_sset_datum
	  (&session->cipher_specs.client_write_key,
	   client_write_key, client_write_key_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
			client_write_key_size,
			_gnutls_bin2hex (client_write_key,
					 client_write_key_size, buf,
					 sizeof (buf)));
      if (_gnutls_sset_datum
	  (&session->cipher_specs.server_write_key,
	   server_write_key, server_write_key_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
			server_write_key_size,
			_gnutls_bin2hex (server_write_key,
					 server_write_key_size, buf,
					 sizeof (buf)));
    }
  /* IV generation in export and non export ciphers.
   */
  if (IV_size > 0 && export_flag == 0)
    {
      if (_gnutls_sset_datum
	  (&session->cipher_specs.client_write_IV, &key_block[pos],
	   IV_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      pos += IV_size;
      if (_gnutls_sset_datum
	  (&session->cipher_specs.server_write_IV, &key_block[pos],
	   IV_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      pos += IV_size;
    }
  else if (IV_size > 0 && export_flag != 0)
    {
      opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
      if (session->security_parameters.version == GNUTLS_SSL3)
	{			/* SSL 3 */
	  ret = _gnutls_ssl3_hash_md5 ("", 0,
				       rrnd, GNUTLS_RANDOM_SIZE * 2,
				       IV_size, iv_block);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
				       GNUTLS_RANDOM_SIZE * 2,
				       IV_size, &iv_block[IV_size]);
	}
      else
	{			/* TLS 1.0 */
	  ret = _gnutls_PRF (session, "", 0,
			     ivblock, ivblock_length, rrnd,
			     2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
	}
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      if (_gnutls_sset_datum
	  (&session->cipher_specs.client_write_IV, iv_block, IV_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      if (_gnutls_sset_datum
	  (&session->cipher_specs.server_write_IV,
	   &iv_block[IV_size], IV_size) < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
    }
  session->cipher_specs.generated_keys = 1;
  return 0;
}
 | 
| ↓ | cdk_pkt_read | 37 | 105 | 162 | lib/opencdk/read-packet.c | 
| 
cdk_error_t
cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
{
  int ctb, is_newctb;
  int pkttype;
  size_t pktlen = 0, pktsize = 0, is_partial = 0;
  cdk_error_t rc;
  if (!inp || !pkt)
    return CDK_Inv_Value;
  ctb = cdk_stream_getc (inp);
  if (cdk_stream_eof (inp) || ctb == EOF)
    return CDK_EOF;
  else if (!ctb)
    return CDK_Inv_Packet;
  pktsize++;
  if (!(ctb & 0x80))
    {
      _cdk_log_info ("cdk_pkt_read: no openpgp data found. "
		     "(ctb=%02X; fpos=%02X)\n", ctb, cdk_stream_tell (inp));
      return CDK_Inv_Packet;
    }
  if (ctb & 0x40)		/* RFC2440 packet format. */
    {
      pkttype = ctb & 0x3f;
      is_newctb = 1;
    }
  else				/* the old RFC1991 packet format. */
    {
      pkttype = ctb & 0x3f;
      pkttype >>= 2;
      is_newctb = 0;
    }
  if (pkttype > 63)
    {
      _cdk_log_info ("cdk_pkt_read: unknown type %d\n", pkttype);
      return CDK_Inv_Packet;
    }
  if (is_newctb)
    read_new_length (inp, &pktlen, &pktsize, &is_partial);
  else
    read_old_length (inp, ctb, &pktlen, &pktsize);
  pkt->pkttype = pkttype;
  pkt->pktlen = pktlen;
  pkt->pktsize = pktsize + pktlen;
  pkt->old_ctb = is_newctb ? 0 : 1;
  rc = 0;
  switch (pkt->pkttype)
    {
    case CDK_PKT_ATTRIBUTE:
      pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
				     + pkt->pktlen + 16 + 1);
      if (!pkt->pkt.user_id)
	return CDK_Out_Of_Core;
      pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
      rc = read_attribute (inp, pktlen, pkt->pkt.user_id);
      pkt->pkttype = CDK_PKT_ATTRIBUTE;
      break;
    case CDK_PKT_USER_ID:
      pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
				     + pkt->pktlen + 1);
      if (!pkt->pkt.user_id)
	return CDK_Out_Of_Core;
      pkt->pkt.user_id->name = (char*)pkt->pkt.user_id + sizeof(*pkt->pkt.user_id);
      rc = read_user_id (inp, pktlen, pkt->pkt.user_id);
      break;
    case CDK_PKT_PUBLIC_KEY:
      pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
      if (!pkt->pkt.public_key)
	return CDK_Out_Of_Core;
      rc = read_public_key (inp, pktlen, pkt->pkt.public_key);
      break;
    case CDK_PKT_PUBLIC_SUBKEY:
      pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
      if (!pkt->pkt.public_key)
	return CDK_Out_Of_Core;
      rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key);
      break;
    case CDK_PKT_SECRET_KEY:
      pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
      if (!pkt->pkt.secret_key)
	return CDK_Out_Of_Core;
      pkt->pkt.secret_key->pk = cdk_calloc (1,
					    sizeof *pkt->pkt.secret_key->pk);
      if (!pkt->pkt.secret_key->pk)
	return CDK_Out_Of_Core;
      rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key);
      break;
    case CDK_PKT_SECRET_SUBKEY:
      pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
      if (!pkt->pkt.secret_key)
	return CDK_Out_Of_Core;
      pkt->pkt.secret_key->pk = cdk_calloc (1,
					    sizeof *pkt->pkt.secret_key->pk);
      if (!pkt->pkt.secret_key->pk)
	return CDK_Out_Of_Core;
      rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key);
      break;
    case CDK_PKT_LITERAL:
      pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
      if (!pkt->pkt.literal)
	return CDK_Out_Of_Core;
      rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial);
      break;
    case CDK_PKT_ONEPASS_SIG:
      pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
      if (!pkt->pkt.onepass_sig)
	return CDK_Out_Of_Core;
      rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig);
      break;
    case CDK_PKT_SIGNATURE:
      pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
      if (!pkt->pkt.signature)
	return CDK_Out_Of_Core;
      rc = read_signature (inp, pktlen, pkt->pkt.signature);
      break;
    case CDK_PKT_PUBKEY_ENC:
      pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
      if (!pkt->pkt.pubkey_enc)
	return CDK_Out_Of_Core;
      rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc);
      break;
    case CDK_PKT_COMPRESSED:
      pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed);
      if (!pkt->pkt.compressed)
	return CDK_Out_Of_Core;
      rc = read_compressed (inp, pktlen, pkt->pkt.compressed);
      break;
    case CDK_PKT_MDC:
      pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
      if (!pkt->pkt.mdc)
	return CDK_Out_Of_Core;
      rc = read_mdc (inp, pkt->pkt.mdc);
      break;
    default:
      /* Skip all packets we don't understand */
      skip_packet (inp, pktlen);
      break;
    }
  return rc;
}
 | 
| ↓ | _gnutls_io_read_buffered | 26 | 63 | 174 | lib/gnutls_buffers.c | 
| 
ssize_t
_gnutls_io_read_buffered (gnutls_session_t session, opaque ** iptr,
			  size_t sizeOfPtr, content_type_t recv_type)
{
  ssize_t ret = 0, ret2 = 0;
  size_t min;
  int buf_pos;
  opaque *buf;
  int recvlowat;
  int recvdata;
  *iptr = session->internals.record_recv_buffer.data;
  if (sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0)
    {
      gnutls_assert ();		/* internal error */
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* If an external pull function is used, then do not leave
   * any data into the kernel buffer.
   */
  if (session->internals._gnutls_pull_func != NULL)
    {
      recvlowat = 0;
    }
  else
    {
      /* leave peeked data to the kernel space only if application data
       * is received and we don't have any peeked 
       * data in gnutls session.
       */
      if (recv_type != GNUTLS_APPLICATION_DATA
	  && session->internals.have_peeked_data == 0)
	recvlowat = 0;
      else
	recvlowat = RCVLOWAT;
    }
  /* calculate the actual size, ie. get the minimum of the
   * buffered data and the requested data.
   */
  min = MIN (session->internals.record_recv_buffer.length, sizeOfPtr);
  if (min > 0)
    {
      /* if we have enough buffered data
       * then just return them.
       */
      if (min == sizeOfPtr)
	{
	  return min;
	}
    }
  /* min is over zero. recvdata is the data we must
   * receive in order to return the requested data.
   */
  recvdata = sizeOfPtr - min;
  /* Check if the previously read data plus the new data to
   * receive are longer than the maximum receive buffer size.
   */
  if ((session->internals.record_recv_buffer.length + recvdata) >
      MAX_RECV_SIZE)
    {
      gnutls_assert ();		/* internal error */
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* Allocate the data required to store the new packet.
   */
  ret = _gnutls_buffer_resize( &session->internals.record_recv_buffer, 
      recvdata + session->internals.record_recv_buffer.length); 
  if (ret < 0)
    {
      gnutls_assert();
      return ret;
    }
  buf_pos = session->internals.record_recv_buffer.length;
  buf = session->internals.record_recv_buffer.data;
  *iptr = buf;
  /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer.
   */
  if (recvdata - recvlowat > 0)
    {
      ret = _gnutls_read (session, &buf[buf_pos], recvdata - recvlowat, 0);
      /* return immediately if we got an interrupt or eagain
       * error.
       */
      if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
	{
	  return ret;
	}
    }
  /* copy fresh data to our buffer.
   */
  if (ret > 0)
    {
      _gnutls_read_log
	("RB: Have %d bytes into buffer. Adding %d bytes.\n",
	 session->internals.record_recv_buffer.length, ret);
      _gnutls_read_log ("RB: Requested %d bytes\n", sizeOfPtr);
      session->internals.record_recv_buffer.length += ret;
    }
  buf_pos = session->internals.record_recv_buffer.length;
  /* This is hack in order for select to work. Just leave recvlowat data,
   * into the kernel buffer (using a read with MSG_PEEK), thus making
   * select think, that the socket is ready for reading.
   * MSG_PEEK is only used with berkeley style sockets.
   */
  if (ret == (recvdata - recvlowat) && recvlowat > 0)
    {
      ret2 = _gnutls_read (session, &buf[buf_pos], recvlowat, MSG_PEEK);
      if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0)
	{
	  return ret2;
	}
      if (ret2 > 0)
	{
	  _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", ret2);
	  _gnutls_read_log
	    ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
	     session->internals.record_recv_buffer.length, ret2, sizeOfPtr);
	  session->internals.have_peeked_data = 1;
	  session->internals.record_recv_buffer.length += ret2;
	}
    }
  if (ret < 0 || ret2 < 0)
    {
      gnutls_assert ();
      /* that's because they are initialized to 0 */
      return MIN (ret, ret2);
    }
  ret += ret2;
  if (ret > 0 && ret < recvlowat)
    {
      gnutls_assert ();
      return GNUTLS_E_AGAIN;
    }
  if (ret == 0)
    {				/* EOF */
      gnutls_assert ();
      return 0;
    }
  ret = session->internals.record_recv_buffer.length;
  if ((ret > 0) && ((size_t) ret < sizeOfPtr))
    {
      /* Short Read */
      gnutls_assert ();
      return GNUTLS_E_AGAIN;
    }
  else
    {
      return ret;
    }
}
 | 
| ↓ | parse_sig_subpackets | 26 | 48 | 69 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
parse_sig_subpackets (cdk_pkt_signature_t sig)
{
  cdk_subpkt_t node;
  /* Setup the standard packet entries, so we can use V4
     signatures similar to V3. */
  for (node = sig->unhashed; node; node = node->next)
    {
      if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8)
	{
	  sig->keyid[0] = _cdk_buftou32 (node->d);
	  sig->keyid[1] = _cdk_buftou32 (node->d + 4);
	}
      else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
	{
	  /* Sometimes this packet might be placed in the unhashed area */
	  sig->flags.exportable = 0;
	}
    }
  for (node = sig->hashed; node; node = node->next)
    {
      if (node->type == CDK_SIGSUBPKT_SIG_CREATED && node->size >= 4)
	sig->timestamp = _cdk_buftou32 (node->d);
      else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4)
	{
	  sig->expiredate = _cdk_buftou32 (node->d);
	  if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL))
	    sig->flags.expired = 1;
	}
      else if (node->type == CDK_SIGSUBPKT_POLICY)
	sig->flags.policy_url = 1;
      else if (node->type == CDK_SIGSUBPKT_NOTATION)
	sig->flags.notation = 1;
      else if (node->type == CDK_SIGSUBPKT_REVOCABLE && node->d[0] == 0)
	sig->flags.revocable = 0;
      else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
	sig->flags.exportable = 0;
    }
  if (sig->sig_class == 0x1F)
    {
      cdk_desig_revoker_t r, rnode;
      for (node = sig->hashed; node; node = node->next)
	{
	  if (node->type == CDK_SIGSUBPKT_REV_KEY)
	    {
	      if (node->size < 22)
		continue;
	      rnode = cdk_calloc (1, sizeof *rnode);
	      if (!rnode)
		return CDK_Out_Of_Core;
	      rnode->r_class = node->d[0];
	      rnode->algid = node->d[1];
	      memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN);
	      if (!sig->revkeys)
		sig->revkeys = rnode;
	      else
		{
		  for (r = sig->revkeys; r->next; r = r->next)
		    ;
		  r->next = rnode;
		}
	    }
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_x509_parse_dn | 26 | 124 | 238 | lib/x509/dn.c | 
| 
int
_gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
		       const char *asn1_rdn_name, char *buf,
		       size_t * sizeof_buf)
{
  gnutls_string out_str;
  int k2, k1, result;
  char tmpbuffer1[ASN1_MAX_NAME_SIZE];
  char tmpbuffer2[ASN1_MAX_NAME_SIZE];
  char tmpbuffer3[ASN1_MAX_NAME_SIZE];
  opaque value[MAX_STRING_LEN], *value2 = NULL;
  char *escaped = NULL;
  const char *ldap_desc;
  char oid[MAX_OID_SIZE];
  int len, printable;
  char *string = NULL;
  size_t sizeof_string, sizeof_escaped;
  if (sizeof_buf == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (*sizeof_buf > 0 && buf)
    buf[0] = 0;
  else
    *sizeof_buf = 0;
  _gnutls_string_init (&out_str, gnutls_malloc, gnutls_realloc, gnutls_free);
  k1 = 0;
  do
    {
      k1++;
      /* create a string like "tbsCertList.issuer.rdnSequence.?1"
       */
      if (asn1_rdn_name[0] != 0)
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
		  k1);
      else
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
      len = sizeof (value) - 1;
      result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
      if (result == ASN1_ELEMENT_NOT_FOUND)
	{
	  break;
	}
      if (result != ASN1_VALUE_NOT_FOUND)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      k2 = 0;
      do
	{			/* Move to the attibute type and values
				 */
	  k2++;
	  if (tmpbuffer1[0] != 0)
	    snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
		      k2);
	  else
	    snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
	  /* Try to read the RelativeDistinguishedName attributes.
	   */
	  len = sizeof (value) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    break;
	  if (result != ASN1_VALUE_NOT_FOUND)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  /* Read the OID 
	   */
	  _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
	  _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
	  len = sizeof (oid) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    break;
	  else if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  /* Read the Value 
	   */
	  _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
	  _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
	  len = 0;
	  result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len);
	  value2 = gnutls_malloc (len);
	  if (value2 == NULL)
	    {
	      gnutls_assert ();
	      result = GNUTLS_E_MEMORY_ERROR;
	      goto cleanup;
	    }
	  result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len);
	  if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
#define STR_APPEND(y) if ((result=_gnutls_string_append_str( &out_str, y)) < 0) { \
	gnutls_assert(); \
	goto cleanup; \
}
	  /*   The encodings of adjoining RelativeDistinguishedNames are separated
	   *   by a comma character (',' ASCII 44).
	   */
	  /*   Where there is a multi-valued RDN, the outputs from adjoining
	   *   AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
	   *   character.
	   */
	  if (k1 != 1)
	    {			/* the first time do not append a comma */
	      if (k2 != 1)
		{		/* adjoining multi-value RDN */
		  STR_APPEND ("+");
		}
	      else
		{
		  STR_APPEND (",");
		}
	    }
	  ldap_desc = oid2ldap_string (oid);
	  printable = _gnutls_x509_oid_data_printable (oid);
	  /* leading #, hex encoded value and terminating NULL */
	  sizeof_escaped = 2 * len + 2;
	  escaped = gnutls_malloc (sizeof_escaped);
	  if (escaped == NULL)
	    {
	      gnutls_assert ();
	      result = GNUTLS_E_MEMORY_ERROR;
	      goto cleanup;
	    }
	  sizeof_string = 2 * len + 2;	/* in case it is not printable */
	  string = gnutls_malloc (sizeof_string);
	  if (string == NULL)
	    {
	      gnutls_assert ();
	      result = GNUTLS_E_MEMORY_ERROR;
	      goto cleanup;
	    }
	  STR_APPEND (ldap_desc);
	  STR_APPEND ("=");
	  result = 0;
	  if (printable)
	    result =
	      _gnutls_x509_oid_data2string (oid,
					    value2, len,
					    string, &sizeof_string);
	  if (!printable || result < 0)
	    result =
	      _gnutls_x509_data2hex (value2, len, string, &sizeof_string);
	  if (result < 0)
	    {
	      gnutls_assert ();
	      _gnutls_x509_log
		("Found OID: '%s' with value '%s'\n",
		 oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped));
	      goto cleanup;
	    }
	  STR_APPEND (str_escape (string, escaped, sizeof_escaped));
	  gnutls_free (string);
	  string = NULL;
	  gnutls_free (escaped);
	  escaped = NULL;
	  gnutls_free (value2);
	  value2 = NULL;
	}
      while (1);
    }
  while (1);
  if (out_str.length >= (unsigned int) *sizeof_buf)
    {
      gnutls_assert ();
      *sizeof_buf = out_str.length + 1;
      result = GNUTLS_E_SHORT_MEMORY_BUFFER;
      goto cleanup;
    }
  if (buf)
    {
      _gnutls_string_get_data( &out_str, buf, sizeof_buf);
      buf[*sizeof_buf] = 0;
    }
  else
    *sizeof_buf = out_str.length;
  result = 0;
cleanup:
  gnutls_free (value2);
  gnutls_free (string);
  gnutls_free (escaped);
  _gnutls_string_clear (&out_str);
  return result;
}
 | 
| ↓ | _gnutls_x509_oid_data2string | 25 | 72 | 145 | lib/x509/common.c | 
| 
int
_gnutls_x509_oid_data2string (const char *oid, void *value,
			      int value_size, char *res, size_t * res_size)
{
  char str[MAX_STRING_LEN], tmpname[128];
  const char *ANAME = NULL;
  int CHOICE = -1, len = -1, result;
  ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
  char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
  if (value == NULL || value_size <= 0 || res_size == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (_gnutls_x509_oid_data_printable (oid) == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  ANAME = asn1_find_structure_from_oid (_gnutls_get_pkix (), oid);
  CHOICE = _gnutls_x509_oid_data_choice (oid);
  if (ANAME == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  _gnutls_str_cpy (str, sizeof (str), "PKIX1.");
  _gnutls_str_cat (str, sizeof (str), ANAME);
  if ((result =
       asn1_create_element (_gnutls_get_pkix (), str,
			    &tmpasn)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  if ((result =
       asn1_der_decoding (&tmpasn, value, value_size,
			  asn1_err)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      _gnutls_x509_log ("asn1_der_decoding: %s:%s\n", str, asn1_err);
      asn1_delete_structure (&tmpasn);
      return _gnutls_asn2err (result);
    }
  /* If this is a choice then we read the choice. Otherwise it
   * is the value;
   */
  len = sizeof (str) - 1;
  if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
    {				/* CHOICE */
      gnutls_assert ();
      asn1_delete_structure (&tmpasn);
      return _gnutls_asn2err (result);
    }
  if (CHOICE == 0)
    {
      str[len] = 0;
      /* Refuse to deal with strings containing NULs. */
      if (strlen (str) != len)
	return GNUTLS_E_ASN1_DER_ERROR;
      if (res)
	_gnutls_str_cpy (res, *res_size, str);
      *res_size = len;
      asn1_delete_structure (&tmpasn);
    }
  else
    {				/* CHOICE */
      int non_printable = 0, teletex = 0;
      str[len] = 0;
      /* Note that we do not support strings other than
       * UTF-8 (thus ASCII as well).
       */
      if (strcmp (str, "printableString") != 0 &&
	  strcmp (str, "ia5String") != 0 && strcmp (str, "utf8String") != 0)
	{
	  non_printable = 1;
	}
      if (strcmp (str, "teletexString") == 0)
	teletex = 1;
      _gnutls_str_cpy (tmpname, sizeof (tmpname), str);
      len = sizeof (str) - 1;
      if ((result =
	   asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS)
	{
	  asn1_delete_structure (&tmpasn);
	  return _gnutls_asn2err (result);
	}
      asn1_delete_structure (&tmpasn);
      if (teletex != 0)
	{
	  int ascii = 0, i;
	  /* HACK: if the teletex string contains only ascii
	   * characters then treat it as printable.
	   */
	  for (i = 0; i < len; i++)
	    if (!isascii (str[i]))
	      ascii = 1;
	  if (ascii == 0)
	    non_printable = 0;
	}
      if (non_printable == 0)
	{
	  str[len] = 0;
	  /* Refuse to deal with strings containing NULs. */
	  if (strlen (str) != len)
	    return GNUTLS_E_ASN1_DER_ERROR;
	  if (res)
	    _gnutls_str_cpy (res, *res_size, str);
	  *res_size = len;
	}
      else
	{
	  result = _gnutls_x509_data2hex (str, len, res, res_size);
	  if (result < 0)
	    {
	      gnutls_assert ();
	      return result;
	    }
	}
    }
  return 0;
}
 | 
| ↓ | print_cert | 25 | 119 | 227 | lib/x509/output.c | 
| 
static void
print_cert (gnutls_string * str, gnutls_x509_crt_t cert, int notsigned)
{
  /* Version. */
  {
    int version = gnutls_x509_crt_get_version (cert);
    if (version < 0)
      addf (str, "error: get_version: %s\n", gnutls_strerror (version));
    else
      addf (str, _("\tVersion: %d\n"), version);
  }
  /* Serial. */
  {
    char serial[128];
    size_t serial_size = sizeof (serial);
    int err;
    err = gnutls_x509_crt_get_serial (cert, serial, &serial_size);
    if (err < 0)
      addf (str, "error: get_serial: %s\n", gnutls_strerror (err));
    else
      {
	adds (str, _("\tSerial Number (hex): "));
	hexprint (str, serial, serial_size);
	adds (str, "\n");
      }
  }
  /* Issuer. */
  if (!notsigned)
    {
      char dn[1024];
      size_t dn_size = sizeof (dn);
      int err;
      err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
      if (err < 0)
	addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
      else
	addf (str, _("\tIssuer: %s\n"), dn);
    }
  /* Validity. */
  {
    time_t tim;
    adds (str, _("\tValidity:\n"));
    tim = gnutls_x509_crt_get_activation_time (cert);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (gmtime_r (&tim, &t) == NULL)
	addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
      else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
	addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
      else
	addf (str, _("\t\tNot Before: %s\n"), s);
    }
    tim = gnutls_x509_crt_get_expiration_time (cert);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (gmtime_r (&tim, &t) == NULL)
	addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
      else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
	addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
      else
	addf (str, _("\t\tNot After: %s\n"), s);
    }
  }
  /* Subject. */
  {
    char dn[1024];
    size_t dn_size = sizeof (dn);
    int err;
    err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
    if (err < 0)
      addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
    else
      addf (str, _("\tSubject: %s\n"), dn);
  }
  /* SubjectPublicKeyInfo. */
  {
    int err;
    unsigned int bits;
    err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
    if (err < 0)
      addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
    else
      {
	const char *name = gnutls_pk_algorithm_get_name (err);
	if (name == NULL)
	  name = _("unknown");
	addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
#ifdef ENABLE_PKI
	switch (err)
	  {
	  case GNUTLS_PK_RSA:
	    {
	      gnutls_datum_t m, e;
	      err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e);
	      if (err < 0)
		addf (str, "error: get_pk_rsa_raw: %s\n",
		      gnutls_strerror (err));
	      else
		{
		  addf (str, _("\t\tModulus (bits %d):\n"), bits);
		  hexdump (str, m.data, m.size, "\t\t\t");
		  addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
		  hexdump (str, e.data, e.size, "\t\t\t");
		  gnutls_free (m.data);
		  gnutls_free (e.data);
		}
	    }
	    break;
	  case GNUTLS_PK_DSA:
	    {
	      gnutls_datum_t p, q, g, y;
	      err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
	      if (err < 0)
		addf (str, "error: get_pk_dsa_raw: %s\n",
		      gnutls_strerror (err));
	      else
		{
		  addf (str, _("\t\tPublic key (bits %d):\n"), bits);
		  hexdump (str, y.data, y.size, "\t\t\t");
		  adds (str, _("\t\tP:\n"));
		  hexdump (str, p.data, p.size, "\t\t\t");
		  adds (str, _("\t\tQ:\n"));
		  hexdump (str, q.data, q.size, "\t\t\t");
		  adds (str, _("\t\tG:\n"));
		  hexdump (str, g.data, g.size, "\t\t\t");
		  gnutls_free (p.data);
		  gnutls_free (q.data);
		  gnutls_free (g.data);
		  gnutls_free (y.data);
		}
	    }
	    break;
	  default:
	    break;
	  }
#endif
      }
  }
  /* Extensions. */
  if (gnutls_x509_crt_get_version (cert) >= 3)
    {
      cert_type_t ccert;
      ccert.crt = cert;
      print_extensions (str, "", TYPE_CRT, ccert);
    }
  /* Signature. */
  if (!notsigned)
    {
      int err;
      size_t size = 0;
      char *buffer = NULL;
      err = gnutls_x509_crt_get_signature_algorithm (cert);
      if (err < 0)
	addf (str, "error: get_signature_algorithm: %s\n",
	      gnutls_strerror (err));
      else
	{
	  const char *name = gnutls_sign_algorithm_get_name (err);
	  if (name == NULL)
	    name = _("unknown");
	  addf (str, _("\tSignature Algorithm: %s\n"), name);
	}
      if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
	{
	  adds (str, _("warning: signed using a broken signature "
		       "algorithm that can be forged.\n"));
	}
      err = gnutls_x509_crt_get_signature (cert, buffer, &size);
      if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
	  return;
	}
      buffer = gnutls_malloc (size);
      if (!buffer)
	{
	  addf (str, "error: malloc: %s\n", gnutls_strerror (err));
	  return;
	}
      err = gnutls_x509_crt_get_signature (cert, buffer, &size);
      if (err < 0)
	{
	  gnutls_free (buffer);
	  addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
	  return;
	}
      adds (str, _("\tSignature:\n"));
      hexdump (str, buffer, size, "\t\t");
      gnutls_free (buffer);
    }
}
 | 
| ↓ | cdk_keydb_search | 28 | 55 | 103 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
		  cdk_kbnode_t * ret_key)
{
  cdk_stream_t kr;
  cdk_kbnode_t knode;
  cdk_error_t rc = 0;
  off_t pos = 0, off = 0;
  int key_found = 0, cache_hit = 0;
  if (!hd || !ret_key || !st)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  *ret_key = NULL;
  kr = NULL;
  rc = _cdk_keydb_open (hd, &kr);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  if (!st->no_cache)
    {
      /* It is possible the index is not up-to-date and thus we do
         not find the requesed key. In this case, we reset cache hit
         and continue our normal search procedure. */
      rc = keydb_pos_from_cache (hd, st, &cache_hit, &off);
      if (rc)
	cache_hit = 0;
    }
  knode = NULL;
  while (!key_found && !rc)
    {
      if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
	cdk_stream_seek (kr, off);
      else if (st->type == CDK_DBSEARCH_NEXT)
	cdk_stream_seek (kr, st->off);
      pos = cdk_stream_tell (kr);
      rc = cdk_keydb_get_keyblock (kr, &knode);
      if (rc)
	{
	  if (rc == CDK_EOF)
	    break;
	  else
	    {
	      gnutls_assert ();
	      return rc;
	    }
	}
      switch (st->type)
	{
	case CDK_DBSEARCH_SHORT_KEYID:
	case CDK_DBSEARCH_KEYID:
	  key_found = find_by_keyid (knode, st);
	  break;
	case CDK_DBSEARCH_FPR:
	  key_found = find_by_fpr (knode, st);
	  break;
	case CDK_DBSEARCH_EXACT:
	case CDK_DBSEARCH_SUBSTR:
	  key_found = find_by_pattern (knode, st);
	  break;
	case CDK_DBSEARCH_NEXT:
	  st->off = cdk_stream_tell (kr);
	  key_found = knode ? 1 : 0;
	  break;
	}
      if (key_found)
	{
	  if (!keydb_cache_find (st))
	    keydb_cache_add (st, pos);
	  break;
	}
      cdk_kbnode_release (knode);
      knode = NULL;
    }
  if (key_found && rc == CDK_EOF)
    rc = 0;
  else if (rc == CDK_EOF && !key_found)
    {
      gnutls_assert ();
      rc = CDK_Error_No_Key;
    }
  *ret_key = key_found ? knode : NULL;
  return rc;
}
 | 
| ↓ | _gnutls_verify_certificate2 | 23 | 54 | 116 | lib/x509/verify.c | 
| 
static int
_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
			     const gnutls_x509_crt_t * trusted_cas,
			     int tcas_size, unsigned int flags,
			     unsigned int *output)
{
  gnutls_datum_t cert_signed_data = { NULL, 0 };
  gnutls_datum_t cert_signature = { NULL, 0 };
  gnutls_x509_crt_t issuer;
  int ret, issuer_version, result;
  if (output)
    *output = 0;
  if (tcas_size >= 1)
    issuer = find_issuer (cert, trusted_cas, tcas_size);
  else
    {
      gnutls_assert ();
      if (output)
	*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
      return 0;
    }
  /* issuer is not in trusted certificate
   * authorities.
   */
  if (issuer == NULL)
    {
      if (output)
	*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
      gnutls_assert ();
      return 0;
    }
  issuer_version = gnutls_x509_crt_get_version (issuer);
  if (issuer_version < 0)
    {
      gnutls_assert ();
      return issuer_version;
    }
  if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
      !((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT) && issuer_version == 1))
    {
      if (check_if_ca (cert, issuer, flags) == 0)
	{
	  gnutls_assert ();
	  if (output)
	    *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
	  return 0;
	}
    }
  result =
    _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
				  &cert_signed_data);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  result =
    _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret =
    _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
				   issuer);
  if (ret < 0)
    {
      gnutls_assert ();
    }
  else if (ret == 0)
    {
      gnutls_assert ();
      /* error. ignore it */
      if (output)
	*output |= GNUTLS_CERT_INVALID;
      ret = 0;
    }
  /* If the certificate is not self signed check if the algorithms
   * used are secure. If the certificate is self signed it doesn't
   * really matter.
   */
  if (is_issuer (cert, cert) == 0)
    {
      int sigalg;
      sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
      if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
	   !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
	  ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
	   !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
	{
	  if (output)
	    *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
	  ret = 0;
	}
    }
  result = ret;
cleanup:
  _gnutls_free_datum (&cert_signed_data);
  _gnutls_free_datum (&cert_signature);
  return result;
}
 | 
| ↓ | _gnutls_pkcs12_string_to_key | 23 | 101 | 145 | lib/x509/pkcs12_encr.c | 
| 
int
_gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
			      unsigned int salt_size, unsigned int iter,
			      const char *pw, unsigned int req_keylen,
			      opaque * keybuf)
{
  int rc;
  unsigned int i, j;
  digest_hd_st md;
  bigint_t num_b1 = NULL, num_ij = NULL;
  bigint_t mpi512 = NULL;
  unsigned int pwlen;
  opaque hash[20], buf_b[64], buf_i[128], *p;
  size_t cur_keylen;
  size_t n, m;
  const opaque buf_512[] =	/* 2^64 */
  { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  };
  cur_keylen = 0;
  if (pw == NULL)
    pwlen = 0;
  else
    pwlen = strlen (pw);
  if (pwlen > 63 / 2)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if ((rc = _pkcs12_check_pass (pw, pwlen)) < 0)
    {
      gnutls_assert ();
      return rc;
    }
  rc = _gnutls_mpi_scan (&mpi512, buf_512, sizeof (buf_512));
  if (rc < 0)
    {
      gnutls_assert ();
      return rc;
    }
  /* Store salt and password in BUF_I */
  p = buf_i;
  for (i = 0; i < 64; i++)
    *p++ = salt[i % salt_size];
  if (pw)
    {
      for (i = j = 0; i < 64; i += 2)
	{
	  *p++ = 0;
	  *p++ = pw[j];
	  if (++j > pwlen)	/* Note, that we include the trailing zero */
	    j = 0;
	}
    }
  else
    memset (p, 0, 64);
  for (;;)
    {
      rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
      if (rc < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      for (i = 0; i < 64; i++)
	{
	  unsigned char lid = id & 0xFF;
	  _gnutls_hash (&md, &lid, 1);
	}
      _gnutls_hash (&md, buf_i, pw ? 128 : 64);
      _gnutls_hash_deinit (&md, hash);
      for (i = 1; i < iter; i++)
	{
	  rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
	  if (rc < 0)
	    {
	      gnutls_assert ();
	      goto cleanup;
	    }
	  _gnutls_hash (&md, hash, 20);
	  _gnutls_hash_deinit (&md, hash);
	}
      for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
	keybuf[cur_keylen++] = hash[i];
      if (cur_keylen == req_keylen)
	{
	  rc = 0;		/* ready */
	  goto cleanup;
	}
      /* need more bytes. */
      for (i = 0; i < 64; i++)
	buf_b[i] = hash[i % 20];
      n = 64;
      rc = _gnutls_mpi_scan (&num_b1, buf_b, n);
      if (rc < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      _gnutls_mpi_add_ui (num_b1, num_b1, 1);
      for (i = 0; i < 128; i += 64)
	{
	  n = 64;
	  rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
	  if (rc < 0)
	    {
	      gnutls_assert ();
	      goto cleanup;
	    }
	  _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
	  n = 64;
#ifndef PKCS12_BROKEN_KEYGEN
	  m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
#else
	  m = n;
#endif
	  memset (buf_i + i, 0, n - m);
	  rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
	  if (rc < 0)
	    {
	      gnutls_assert ();
	      goto cleanup;
	    }
	  _gnutls_mpi_release (&num_ij);
	}
    }
cleanup:
  _gnutls_mpi_release (&num_ij);
  _gnutls_mpi_release (&num_b1);
  _gnutls_mpi_release (&mpi512);
  return rc;
}
 | 
| ↓ | _gnutls_ciphertext2compressed | 23 | 73 | 171 | lib/gnutls_cipher.c | 
| 
int
_gnutls_ciphertext2compressed (gnutls_session_t session,
			       opaque * compress_data,
			       int compress_size,
			       gnutls_datum_t ciphertext, uint8_t type)
{
  uint8_t MAC[MAX_HASH_SIZE];
  uint16_t c_length;
  uint8_t pad;
  int length;
  digest_hd_st td;
  uint16_t blocksize;
  int ret, i, pad_failed = 0;
  uint8_t major, minor;
  gnutls_protocol_t ver;
  int hash_size =
    _gnutls_hash_get_algo_len (session->security_parameters.
			       read_mac_algorithm);
  ver = gnutls_protocol_get_version (session);
  minor = _gnutls_version_get_minor (ver);
  major = _gnutls_version_get_major (ver);
  blocksize =
    _gnutls_cipher_get_block_size (session->security_parameters.
				   read_bulk_cipher_algorithm);
  /* initialize MAC 
   */
  ret = mac_init (&td, session->security_parameters.read_mac_algorithm,
		  session->connection_state.read_mac_secret.data,
		  session->connection_state.read_mac_secret.size, ver);
  if (ret < 0
      && session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  /* actual decryption (inplace)
   */
  switch (_gnutls_cipher_is_block
	  (session->security_parameters.read_bulk_cipher_algorithm))
    {
    case CIPHER_STREAM:
      if ((ret =
	   _gnutls_cipher_decrypt (&session->connection_state.
				   read_cipher_state, ciphertext.data,
				   ciphertext.size)) < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      length = ciphertext.size - hash_size;
      break;
    case CIPHER_BLOCK:
      if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0))
	{
	  gnutls_assert ();
	  return GNUTLS_E_DECRYPTION_FAILED;
	}
      if ((ret =
	   _gnutls_cipher_decrypt (&session->connection_state.
				   read_cipher_state, ciphertext.data,
				   ciphertext.size)) < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      /* ignore the IV in TLS 1.1.
       */
      if (session->security_parameters.version >= GNUTLS_TLS1_1)
	{
	  ciphertext.size -= blocksize;
	  ciphertext.data += blocksize;
	  if (ciphertext.size == 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_DECRYPTION_FAILED;
	    }
	}
      pad = ciphertext.data[ciphertext.size - 1] + 1;	/* pad */
      if ((int) pad > (int) ciphertext.size - hash_size)
	{
	  gnutls_assert ();
	  _gnutls_record_log
	    ("REC[%p]: Short record length %d > %d - %d (under attack?)\n",
	     session, pad, ciphertext.size, hash_size);
	  /* We do not fail here. We check below for the
	   * the pad_failed. If zero means success.
	   */
	  pad_failed = GNUTLS_E_DECRYPTION_FAILED;
	}
      length = ciphertext.size - hash_size - pad;
      /* Check the pading bytes (TLS 1.x)
       */
      if (ver >= GNUTLS_TLS1 && pad_failed == 0)
	for (i = 2; i < pad; i++)
	  {
	    if (ciphertext.data[ciphertext.size - i] !=
		ciphertext.data[ciphertext.size - 1])
	      pad_failed = GNUTLS_E_DECRYPTION_FAILED;
	  }
      break;
    default:
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  if (length < 0)
    length = 0;
  c_length = _gnutls_conv_uint16 ((uint16_t) length);
  /* Pass the type, version, length and compressed through
   * MAC.
   */
  if (session->security_parameters.read_mac_algorithm != GNUTLS_MAC_NULL)
    {
      _gnutls_hmac (&td,
		    UINT64DATA (session->connection_state.
				read_sequence_number), 8);
      _gnutls_hmac (&td, &type, 1);
      if (ver >= GNUTLS_TLS1)
	{			/* TLS 1.x */
	  _gnutls_hmac (&td, &major, 1);
	  _gnutls_hmac (&td, &minor, 1);
	}
      _gnutls_hmac (&td, &c_length, 2);
      if (length > 0)
	_gnutls_hmac (&td, ciphertext.data, length);
      mac_deinit (&td, MAC, ver);
    }
  /* This one was introduced to avoid a timing attack against the TLS
   * 1.0 protocol.
   */
  if (pad_failed != 0)
    return pad_failed;
  /* HMAC was not the same. 
   */
  if (memcmp (MAC, &ciphertext.data[length], hash_size) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_DECRYPTION_FAILED;
    }
  /* copy the decrypted stuff to compress_data.
   */
  if (compress_size < length)
    {
      gnutls_assert ();
      return GNUTLS_E_DECOMPRESSION_FAILED;
    }
  memcpy (compress_data, ciphertext.data, length);
  return length;
}
 | 
| ↓ | _pkcs12_decode_safe_contents | 22 | 93 | 189 | lib/x509/pkcs12.c | 
| 
int
_pkcs12_decode_safe_contents (const gnutls_datum_t * content,
			      gnutls_pkcs12_bag_t bag)
{
  char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  int len, result;
  int bag_type;
  gnutls_datum_t attr_val;
  int count = 0, i, attributes, j;
  size_t size;
  /* Step 1. Extract the SEQUENCE.
   */
  if ((result = asn1_create_element
       (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
	&c2)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  result = asn1_der_decoding (&c2, content->data, content->size, NULL);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  /* Count the number of bags
   */
  result = asn1_number_of_elements (c2, "", &count);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  bag->bag_elements = MIN (MAX_BAG_ELEMENTS, count);
  for (i = 0; i < bag->bag_elements; i++)
    {
      snprintf (root, sizeof (root), "?%u.bagId", i + 1);
      len = sizeof (oid);
      result = asn1_read_value (c2, root, oid, &len);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      /* Read the Bag type
       */
      bag_type = oid2bag (oid);
      if (bag_type < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      /* Read the Bag Value
       */
      snprintf (root, sizeof (root), "?%u.bagValue", i + 1);
      result = _gnutls_x509_read_value (c2, root, &bag->element[i].data, 0);
      if (result < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL)
	{
	  gnutls_datum_t tmp = bag->element[i].data;
	  result =
	    _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data);
	  if (result < 0)
	    {
	      gnutls_assert ();
	      goto cleanup;
	    }
	  _gnutls_free_datum (&tmp);
	}
      /* read the bag attributes
       */
      snprintf (root, sizeof (root), "?%u.bagAttributes", i + 1);
      result = asn1_number_of_elements (c2, root, &attributes);
      if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      if (attributes < 0)
	attributes = 1;
      if (result != ASN1_ELEMENT_NOT_FOUND)
	for (j = 0; j < attributes; j++)
	  {
	    snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
		      j + 1);
	    result =
	      _gnutls_x509_decode_and_read_attribute (c2, root, oid,
						      sizeof (oid), &attr_val,
						      1, 0);
	    if (result < 0)
	      {
		gnutls_assert ();
		continue;	/* continue in case we find some known attributes */
	      }
	    if (strcmp (oid, KEY_ID_OID) == 0)
	      {
		size = attr_val.size;
		result =
		  _gnutls_x509_decode_octet_string (NULL, attr_val.data, size,
						    attr_val.data, &size);
		attr_val.size = size;
		if (result < 0)
		  {
		    _gnutls_free_datum (&attr_val);
		    gnutls_assert ();
		    _gnutls_x509_log
		      ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
		    continue;
		  }
		bag->element[i].local_key_id = attr_val;
	      }
	    else if (strcmp (oid, FRIENDLY_NAME_OID) == 0)
	      {
		size = attr_val.size;
		result =
		  _gnutls_x509_decode_octet_string ("BMPString",
						    attr_val.data, size,
						    attr_val.data, &size);
		attr_val.size = size;
		if (result < 0)
		  {
		    _gnutls_free_datum (&attr_val);
		    gnutls_assert ();
		    _gnutls_x509_log
		      ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
		    continue;
		  }
		bag->element[i].friendly_name =
		  ucs2_to_ascii (attr_val.data, attr_val.size);
	      }
	    else
	      {
		_gnutls_free_datum (&attr_val);
		_gnutls_x509_log
		  ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
	      }
	  }
      bag->element[i].type = bag_type;
    }
  asn1_delete_structure (&c2);
  return 0;
cleanup:
  if (c2)
    asn1_delete_structure (&c2);
  return result;
}
 | 
| ↓ | _gnutls_proc_openpgp_server_certificate | 22 | 91 | 192 | lib/auth_cert.c | 
| 
static int
_gnutls_proc_openpgp_server_certificate (gnutls_session_t session,
					 opaque * data, size_t data_size)
{
  int size, ret, len;
  opaque *p = data;
  cert_auth_info_t info;
  gnutls_certificate_credentials_t cred;
  ssize_t dsize = data_size;
  int x, key_type;
  gnutls_cert *peer_certificate_list = NULL;
  int peer_certificate_list_size = 0;
  gnutls_datum_t tmp, akey = { NULL, 0 };
  gnutls_openpgp_keyid_t subkey_id;
  unsigned int subkey_id_set = 0;
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if ((ret =
       _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
			      sizeof (cert_auth_info_st), 1)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  info = _gnutls_get_auth_info (session);
  if (data == NULL || data_size == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_NO_CERTIFICATE_FOUND;
    }
  DECR_LEN (dsize, 3);
  size = _gnutls_read_uint24 (p);
  p += 3;
  if (size == 0)
    {
      gnutls_assert ();
      /* no certificate was sent */
      return GNUTLS_E_NO_CERTIFICATE_FOUND;
    }
  /* Read PGPKeyDescriptor */
  DECR_LEN (dsize, 1);
  key_type = *p;
  p++;
  /* Try to read the keyid if present */
  if (key_type == PGP_KEY_FINGERPRINT_SUBKEY || key_type == PGP_KEY_SUBKEY)
    {
      /* check size */
      if (*p != sizeof (subkey_id))
	{
	  gnutls_assert ();
	  return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
	}
      DECR_LEN (dsize, 1);
      p++;
      DECR_LEN (dsize, sizeof (subkey_id));
      memcpy (subkey_id, p, sizeof (subkey_id));
      p += sizeof (subkey_id);
      subkey_id_set = 1;
    }
  /* read the actual key or fingerprint */
  if (key_type == PGP_KEY_FINGERPRINT
      || key_type == PGP_KEY_FINGERPRINT_SUBKEY)
    {				/* the fingerprint */
      DECR_LEN (dsize, 1);
      len = (uint8_t) * p;
      p++;
      if (len != 20)
	{
	  gnutls_assert ();
	  return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
	}
      DECR_LEN (dsize, 20);
      /* request the actual key from our database, or
       * a key server or anything.
       */
      if ((ret =
	   _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      tmp = akey;
      peer_certificate_list_size++;
    }
  else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY)
    {				/* the whole key */
      /* Read the actual certificate */
      DECR_LEN (dsize, 3);
      len = _gnutls_read_uint24 (p);
      p += 3;
      if (len == 0)
	{
	  gnutls_assert ();
	  /* no certificate was sent */
	  return GNUTLS_E_NO_CERTIFICATE_FOUND;
	}
      DECR_LEN (dsize, len);
      peer_certificate_list_size++;
      tmp.size = len;
      tmp.data = p;
    }
  else
    {
      gnutls_assert ();
      return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
    }
  /* ok we now have the peer's key in tmp datum
   */
  if (peer_certificate_list_size == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
  peer_certificate_list =
    gnutls_malloc (sizeof (gnutls_cert) * (peer_certificate_list_size));
  if (peer_certificate_list == NULL)
    {
      gnutls_assert ();
      ret = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
	  peer_certificate_list_size);
  if ((ret =
       _gnutls_openpgp_raw_crt_to_gcert (&peer_certificate_list[0],
					 &tmp,
					 subkey_id_set ? subkey_id : NULL)) <
      0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  if ((ret =
       _gnutls_copy_certificate_auth_info (info,
					   peer_certificate_list,
					   peer_certificate_list_size)) < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  if ((ret =
       _gnutls_check_key_usage (&peer_certificate_list[0],
				gnutls_kx_get (session))) < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret = 0;
cleanup:
  _gnutls_free_datum (&akey);
  CLEAR_CERTS;
  gnutls_free (peer_certificate_list);
  return ret;
}
 | 
| ↓ | _gnutls_send_client_hello | 22 | 90 | 201 | lib/gnutls_handshake.c | 
| 
static int
_gnutls_send_client_hello (gnutls_session_t session, int again)
{
  opaque *data = NULL;
  int extdatalen;
  int pos = 0;
  int datalen = 0, ret = 0;
  opaque rnd[GNUTLS_RANDOM_SIZE];
  gnutls_protocol_t hver;
  opaque extdata[MAX_EXT_DATA_LENGTH];
  int rehandshake = 0;
  opaque *SessionID =
    session->internals.resumed_security_parameters.session_id;
  uint8_t session_id_len =
    session->internals.resumed_security_parameters.session_id_size;
  if (session->security_parameters.session_id_size)
    rehandshake = 1;
  if (SessionID == NULL)
    session_id_len = 0;
  else if (session_id_len == 0)
    SessionID = NULL;
  if (again == 0)
    {
      datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE;
      /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE) 
       */
      data = gnutls_malloc (datalen);
      if (data == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      /* if we are resuming a session then we set the
       * version number to the previously established.
       */
      if (SessionID == NULL)
        {
          if (rehandshake) /* already negotiated version thus version_max == negotiated version */
            hver = session->security_parameters.version;
          else
            hver = _gnutls_version_max (session);
        }
      else
	{			/* we are resuming a session */
	  hver = session->internals.resumed_security_parameters.version;
	}
      if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0)
	{
	  gnutls_assert ();
	  gnutls_free (data);
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      data[pos++] = _gnutls_version_get_major (hver);
      data[pos++] = _gnutls_version_get_minor (hver);
      /* Set the version we advertized as maximum 
       * (RSA uses it).
       */
      _gnutls_set_adv_version (session, hver);
      if (session->internals.priorities.ssl3_record_version) 
        {
          /* Honor the SSL3_RECORD_VERSION option
           */
          _gnutls_set_current_version (session, GNUTLS_SSL3);
        }
      else
        {
          /* Some old implementations do not interoperate if we send a
           * different version in the record layer.
           * It seems they prefer to read the record's version
           * as the one we actually requested.
           * The proper behaviour is to use the one in the client hello 
           * handshake packet and ignore the one in the packet's record 
           * header.
           */
          _gnutls_set_current_version (session, hver);
        }
      /* In order to know when this session was initiated.
       */
      session->security_parameters.timestamp = time (NULL);
      /* Generate random data 
       */
      _gnutls_tls_create_random (rnd);
      _gnutls_set_client_random (session, rnd);
      memcpy (&data[pos], rnd, GNUTLS_RANDOM_SIZE);
      pos += GNUTLS_RANDOM_SIZE;
      /* Copy the Session ID 
       */
      data[pos++] = session_id_len;
      if (session_id_len > 0)
	{
	  memcpy (&data[pos], SessionID, session_id_len);
	  pos += session_id_len;
	}
      /* Copy the ciphersuites.
       */
      extdatalen =
	_gnutls_copy_ciphersuites (session, extdata, sizeof (extdata));
      if (extdatalen > 0)
	{
	  datalen += extdatalen;
	  data = gnutls_realloc_fast (data, datalen);
	  if (data == NULL)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	  memcpy (&data[pos], extdata, extdatalen);
	  pos += extdatalen;
	}
      else
	{
	  if (extdatalen == 0)
	    extdatalen = GNUTLS_E_INTERNAL_ERROR;
	  gnutls_free (data);
	  gnutls_assert ();
	  return extdatalen;
	}
      /* Copy the compression methods.
       */
      extdatalen =
	_gnutls_copy_comp_methods (session, extdata, sizeof (extdata));
      if (extdatalen > 0)
	{
	  datalen += extdatalen;
	  data = gnutls_realloc_fast (data, datalen);
	  if (data == NULL)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	  memcpy (&data[pos], extdata, extdatalen);
	  pos += extdatalen;
	}
      else
	{
	  if (extdatalen == 0)
	    extdatalen = GNUTLS_E_INTERNAL_ERROR;
	  gnutls_free (data);
	  gnutls_assert ();
	  return extdatalen;
	}
      /* Generate and copy TLS extensions.
       */
      if (hver >= GNUTLS_TLS1)
	{
	  extdatalen =
	    _gnutls_gen_extensions (session, extdata, sizeof (extdata));
	  if (extdatalen > 0)
	    {
	      datalen += extdatalen;
	      data = gnutls_realloc_fast (data, datalen);
	      if (data == NULL)
		{
		  gnutls_assert ();
		  return GNUTLS_E_MEMORY_ERROR;
		}
	      memcpy (&data[pos], extdata, extdatalen);
	    }
	  else if (extdatalen < 0)
	    {
	      gnutls_assert ();
	      gnutls_free (data);
	      return extdatalen;
	    }
	}
    }
  ret =
    _gnutls_send_handshake (session, data, datalen,
			    GNUTLS_HANDSHAKE_CLIENT_HELLO);
  gnutls_free (data);
  return ret;
}
 | 
| ↓ | _gnutls_recv_handshake | 30 | 57 | 120 | lib/gnutls_handshake.c | 
| 
int
_gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data,
			int *datalen, gnutls_handshake_description_t type,
			Optional optional)
{
  int ret;
  uint32_t length32 = 0;
  opaque *dataptr = NULL;
  gnutls_handshake_description_t recv_type;
  ret = _gnutls_recv_handshake_header (session, type, &recv_type);
  if (ret < 0)
    {
      if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
	  && optional == OPTIONAL_PACKET)
	{
	  if (datalen != NULL)
	    *datalen = 0;
	  if (data != NULL)
	    *data = NULL;
	  return 0;		/* ok just ignore the packet */
	}
      return ret;
    }
  session->internals.last_handshake_in = recv_type;
  length32 = ret;
  if (length32 > 0)
    dataptr = gnutls_malloc (length32);
  else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
  if (dataptr == NULL && length32 > 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  if (datalen != NULL)
    *datalen = length32;
  if (length32 > 0)
    {
      ret =
	_gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
				       type, dataptr, length32);
      if (ret <= 0)
	{
	  gnutls_assert ();
	  gnutls_free (dataptr);
	  return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret;
	}
    }
  if (data != NULL && length32 > 0)
    *data = dataptr;
  ret = _gnutls_handshake_hash_add_recvd (session, recv_type,
					  session->internals.
					  handshake_header_buffer.header,
					  session->internals.
					  handshake_header_buffer.header_size,
					  dataptr, length32);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_handshake_header_buffer_clear (session);
      return ret;
    }
  /* If we fail before this then we will reuse the handshake header
   * have have received above. if we get here the we clear the handshake
   * header we received.
   */
  _gnutls_handshake_header_buffer_clear (session);
  switch (recv_type)
    {
    case GNUTLS_HANDSHAKE_CLIENT_HELLO:
    case GNUTLS_HANDSHAKE_SERVER_HELLO:
      ret = _gnutls_recv_hello (session, dataptr, length32);
      /* dataptr is freed because the caller does not
       * need it */
      gnutls_free (dataptr);
      if (data != NULL)
	*data = NULL;
      break;
    case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
      if (length32 == 0)
	ret = 0;
      else
	ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
      break;
    case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
    case GNUTLS_HANDSHAKE_FINISHED:
    case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
    case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
    case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
    case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
    case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
      ret = length32;
      break;
    default:
      gnutls_assert ();
      gnutls_free (dataptr);
      if (data != NULL)
	*data = NULL;
      ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
    }
  return ret;
}
 | 
| ↓ | _gnutls_write_connection_state_init | 22 | 59 | 179 | lib/gnutls_constate.c | 
| 
int
_gnutls_write_connection_state_init (gnutls_session_t session)
{
  int mac_size;
  int rc;
  _gnutls_uint64zero (session->connection_state.write_sequence_number);
/* Update internals from CipherSuite selected.
 * If we are resuming just copy the connection session
 */
  if (session->internals.resumed == RESUME_FALSE)
    {
      rc = _gnutls_set_write_cipher (session,
				     _gnutls_cipher_suite_get_cipher_algo
				     (&session->security_parameters.
				      current_cipher_suite));
      if (rc < 0)
	return rc;
      rc = _gnutls_set_write_mac (session,
				  _gnutls_cipher_suite_get_mac_algo
				  (&session->security_parameters.
				   current_cipher_suite));
      if (rc < 0)
	return rc;
      rc = _gnutls_set_kx (session,
			   _gnutls_cipher_suite_get_kx_algo
			   (&session->security_parameters.
			    current_cipher_suite));
      if (rc < 0)
	return rc;
      rc = _gnutls_set_write_compression (session,
					  session->internals.
					  compression_method);
      if (rc < 0)
	return rc;
    }
  else
    {				/* RESUME_TRUE */
      _gnutls_cpy_write_security_parameters (&session->security_parameters,
					     &session->internals.
					     resumed_security_parameters);
    }
  rc = _gnutls_set_write_keys (session);
  if (rc < 0)
    return rc;
  _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
			 _gnutls_cipher_suite_get_name
			 (&session->security_parameters.
			  current_cipher_suite));
  if (_gnutls_compression_is_ok
      (session->security_parameters.write_compression_algorithm) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
    }
  if (_gnutls_mac_is_ok
      (session->security_parameters.write_mac_algorithm) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  /* Free all the previous keys/ sessions etc.
   */
  if (session->connection_state.write_mac_secret.data != NULL)
    _gnutls_free_datum (&session->connection_state.write_mac_secret);
  _gnutls_cipher_deinit (&session->connection_state.write_cipher_state);
  if (session->connection_state.write_compression_state != NULL)
    _gnutls_comp_deinit (session->connection_state.write_compression_state,
			 0);
  mac_size =
    _gnutls_hash_get_algo_len (session->security_parameters.
			       write_mac_algorithm);
  _gnutls_handshake_log
    ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
  switch (session->security_parameters.entity)
    {
    case GNUTLS_SERVER:
      /* initialize cipher session
       */
      rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
				session->security_parameters.
				write_bulk_cipher_algorithm,
				&session->cipher_specs.server_write_key,
				&session->cipher_specs.server_write_IV);
      if (rc < 0
	  && session->security_parameters.write_bulk_cipher_algorithm !=
	  GNUTLS_CIPHER_NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      /* copy mac secrets from cipherspecs, to connection
       * session.
       */
      if (mac_size > 0)
	{
	  if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
				  session->cipher_specs.
				  server_write_mac_secret.data,
				  session->cipher_specs.
				  server_write_mac_secret.size) < 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	}
      break;
    case GNUTLS_CLIENT:
      rc = _gnutls_cipher_init (&session->connection_state.write_cipher_state,
				session->security_parameters.
				write_bulk_cipher_algorithm,
				&session->cipher_specs.client_write_key,
				&session->cipher_specs.client_write_IV);
      if (rc < 0
	  && session->security_parameters.write_bulk_cipher_algorithm !=
	  GNUTLS_CIPHER_NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      /* copy mac secret to connection session
       */
      if (mac_size > 0)
	{
	  if (_gnutls_sset_datum (&session->connection_state.write_mac_secret,
				  session->cipher_specs.
				  client_write_mac_secret.data,
				  session->cipher_specs.
				  client_write_mac_secret.size) < 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	}
      break;
    default:
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  session->connection_state.write_compression_state =
    _gnutls_comp_init (session->security_parameters.
		       write_compression_algorithm, 0);
  if (session->connection_state.write_compression_state == GNUTLS_COMP_FAILED)
    {
      gnutls_assert ();
      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
    }
  return 0;
}
 | 
| ↓ | _gnutls_read_connection_state_init | 22 | 59 | 176 | lib/gnutls_constate.c | 
| 
int
_gnutls_read_connection_state_init (gnutls_session_t session)
{
  int mac_size;
  int rc;
  _gnutls_uint64zero (session->connection_state.read_sequence_number);
/* Update internals from CipherSuite selected.
 * If we are resuming just copy the connection session
 */
  if (session->internals.resumed == RESUME_FALSE)
    {
      rc = _gnutls_set_read_cipher (session,
				    _gnutls_cipher_suite_get_cipher_algo
				    (&session->security_parameters.
				     current_cipher_suite));
      if (rc < 0)
	return rc;
      rc = _gnutls_set_read_mac (session,
				 _gnutls_cipher_suite_get_mac_algo
				 (&session->security_parameters.
				  current_cipher_suite));
      if (rc < 0)
	return rc;
      rc = _gnutls_set_kx (session,
			   _gnutls_cipher_suite_get_kx_algo
			   (&session->security_parameters.
			    current_cipher_suite));
      if (rc < 0)
	return rc;
      rc = _gnutls_set_read_compression (session,
					 session->internals.
					 compression_method);
      if (rc < 0)
	return rc;
    }
  else
    {				/* RESUME_TRUE */
      _gnutls_cpy_read_security_parameters (&session->security_parameters,
					    &session->internals.
					    resumed_security_parameters);
    }
  rc = _gnutls_set_read_keys (session);
  if (rc < 0)
    return rc;
  _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
			 session,
			 _gnutls_cipher_suite_get_name
			 (&session->security_parameters.
			  current_cipher_suite));
  if (_gnutls_compression_is_ok
      (session->security_parameters.read_compression_algorithm) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
    }
  if (_gnutls_mac_is_ok
      (session->security_parameters.read_mac_algorithm) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  /* Free all the previous keys/ sessions etc.
   */
  if (session->connection_state.read_mac_secret.data != NULL)
    _gnutls_free_datum (&session->connection_state.read_mac_secret);
  _gnutls_cipher_deinit (&session->connection_state.read_cipher_state);
  if (session->connection_state.read_compression_state != NULL)
    _gnutls_comp_deinit (session->connection_state.read_compression_state, 1);
  mac_size =
    _gnutls_hash_get_algo_len (session->security_parameters.
			       read_mac_algorithm);
  _gnutls_handshake_log
    ("HSK[%p]: Initializing internal [read] cipher sessions\n", session);
  switch (session->security_parameters.entity)
    {
    case GNUTLS_SERVER:
      /* initialize cipher session
       */
      rc = _gnutls_cipher_init (&session->connection_state.read_cipher_state,
				session->
				security_parameters.read_bulk_cipher_algorithm,
				&session->cipher_specs.client_write_key,
				&session->cipher_specs.client_write_IV);
      if (rc < 0
	  && session->security_parameters.read_bulk_cipher_algorithm !=
	  GNUTLS_CIPHER_NULL)
	{
	  gnutls_assert ();
	  return rc;
	}
      /* copy mac secrets from cipherspecs, to connection
       * session.
       */
      if (mac_size > 0)
	{
	  if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
				  session->cipher_specs.
				  client_write_mac_secret.data,
				  session->cipher_specs.
				  client_write_mac_secret.size) < 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	}
      break;
    case GNUTLS_CLIENT:
      rc = _gnutls_cipher_init (&session->connection_state.read_cipher_state,
				session->
				security_parameters.read_bulk_cipher_algorithm,
				&session->cipher_specs.server_write_key,
				&session->cipher_specs.server_write_IV);
      if (rc < 0
	  && session->security_parameters.read_bulk_cipher_algorithm !=
	  GNUTLS_CIPHER_NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      /* copy mac secret to connection session
       */
      if (mac_size > 0)
	{
	  if (_gnutls_sset_datum (&session->connection_state.read_mac_secret,
				  session->cipher_specs.
				  server_write_mac_secret.data,
				  session->cipher_specs.
				  server_write_mac_secret.size) < 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	}
      break;
    default:			/* this check is useless */
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  session->connection_state.read_compression_state =
    _gnutls_comp_init (session->security_parameters.
		       read_compression_algorithm, 1);
  if (session->connection_state.read_compression_state == GNUTLS_COMP_FAILED)
    {
      gnutls_assert ();
      return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
    }
  return 0;
}
 | 
| ↓ | _cdk_pk_check_sig | 21 | 69 | 112 | lib/opencdk/sig-check.c | 
| 
cdk_error_t
_cdk_pk_check_sig (cdk_keydb_hd_t keydb,
		   cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
		   char **ret_uid)
{
  digest_hd_st md;
  int err;
  cdk_pubkey_t pk;
  cdk_pkt_signature_t sig;
  cdk_kbnode_t node;
  cdk_error_t rc = 0;
  int is_expired;
  if (!knode || !snode)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (is_selfsig)
    *is_selfsig = 0;
  if (knode->pkt->pkttype != CDK_PKT_PUBLIC_KEY ||
      snode->pkt->pkttype != CDK_PKT_SIGNATURE)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  pk = knode->pkt->pkt.public_key;
  sig = snode->pkt->pkt.signature;
  err = _gnutls_hash_init (&md, sig->digest_algo);
  if (err < 0)
    {
      gnutls_assert ();
      return map_gnutls_error (err);
    }
  is_expired = 0;
  if (sig->sig_class == 0x20)
    {				/* key revocation */
      cdk_kbnode_hash (knode, &md, 0, 0, 0);
      rc = _cdk_sig_check (pk, sig, &md, &is_expired);
    }
  else if (sig->sig_class == 0x28)
    {				/* subkey revocation */
      node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
      if (!node)
	{			/* no subkey for subkey revocation packet */
	  gnutls_assert ();
	  rc = CDK_Error_No_Key;
	  goto fail;
	}
      cdk_kbnode_hash (knode, &md, 0, 0, 0);
      cdk_kbnode_hash (node, &md, 0, 0, 0);
      rc = _cdk_sig_check (pk, sig, &md, &is_expired);
    }
  else if (sig->sig_class == 0x18 || sig->sig_class == 0x19)
    {				/* primary/secondary key binding */
      node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
      if (!node)
	{			/* no subkey for subkey binding packet */
	  gnutls_assert ();
	  rc = CDK_Error_No_Key;
	  goto fail;
	}
      cdk_kbnode_hash (knode, &md, 0, 0, 0);
      cdk_kbnode_hash (node, &md, 0, 0, 0);
      rc = _cdk_sig_check (pk, sig, &md, &is_expired);
    }
  else if (sig->sig_class == 0x1F)
    {				/* direct key signature */
      cdk_kbnode_hash (knode, &md, 0, 0, 0);
      rc = _cdk_sig_check (pk, sig, &md, &is_expired);
    }
  else
    {				/* all other classes */
      cdk_pkt_userid_t uid;
      node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_USER_ID);
      if (!node)
	{			/* no user ID for key signature packet */
	  gnutls_assert ();
	  rc = CDK_Error_No_Key;
	  goto fail;
	}
      uid = node->pkt->pkt.user_id;
      if (ret_uid)
	{
	  *ret_uid = uid->name;
	}
      cdk_kbnode_hash (knode, &md, 0, 0, 0);
      cdk_kbnode_hash (node, &md, sig->version == 4, 0, 0);
      if (pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1])
	{
	  rc = _cdk_sig_check (pk, sig, &md, &is_expired);
	  if (is_selfsig)
	    *is_selfsig = 1;
	}
      else if (keydb != NULL)
	{
	  cdk_pubkey_t sig_pk;
	  rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk);
	  if (!rc)
	    rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired);
	  cdk_pk_release (sig_pk);
	}
    }
fail:
  _gnutls_hash_deinit (&md, NULL);
  return rc;
}
 | 
| ↓ | call_get_cert_callback | 21 | 64 | 136 | lib/auth_cert.c | 
| 
static int
call_get_cert_callback (gnutls_session_t session,
			gnutls_datum_t * issuers_dn,
			int issuers_dn_length,
			gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
  unsigned i;
  gnutls_cert *local_certs = NULL;
  gnutls_privkey *local_key = NULL;
  gnutls_retr_st st;
  int ret = GNUTLS_E_INTERNAL_ERROR;
  gnutls_certificate_type_t type = gnutls_certificate_type_get (session);
  gnutls_certificate_credentials_t cred;
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  memset (&st, 0, sizeof (st));
  if (session->security_parameters.entity == GNUTLS_SERVER)
    {
      if (cred->server_get_cert_callback == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      ret = cred->server_get_cert_callback (session, &st);
    }
  else
    {				/* CLIENT */
      if (cred->client_get_cert_callback == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      ret =
	cred->client_get_cert_callback (session,
					issuers_dn, issuers_dn_length,
					pk_algos, pk_algos_length, &st);
    }
  if (ret < 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  if (st.ncerts == 0)
    return 0;			/* no certificate was selected */
  if (type != st.type)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INVALID_REQUEST;
      goto cleanup;
    }
  if (type == GNUTLS_CRT_X509)
    {
      local_certs = alloc_and_load_x509_certs (st.cert.x509, st.ncerts);
      if (local_certs != NULL && st.key.x509 != NULL)
	{
	  local_key = alloc_and_load_x509_key (st.key.x509);
	  if (local_key == NULL)
	    {
	      gnutls_assert ();
	      ret = GNUTLS_E_INTERNAL_ERROR;
	      goto cleanup;
	    }
	}
    }
  else
    {				/* PGP */
      if (st.ncerts > 1)
	{
	  gnutls_assert ();
	  ret = GNUTLS_E_INVALID_REQUEST;
	  goto cleanup;
	}
#ifdef ENABLE_OPENPGP
      {
	local_certs = alloc_and_load_pgp_certs (st.cert.pgp);
	if (local_certs != NULL && st.key.pgp != NULL)
	  {
	    local_key = alloc_and_load_pgp_key (st.key.pgp);
	    if (local_key == NULL)
	      {
		gnutls_assert ();
		ret = GNUTLS_E_INTERNAL_ERROR;
		goto cleanup;
	      }
	  }
      }
#endif
    }
  _gnutls_selected_certs_set (session, local_certs,
			      (local_certs != NULL) ? st.ncerts : 0,
			      local_key, 1);
  ret = 0;
cleanup:
  if (st.type == GNUTLS_CRT_X509)
    {
      if (st.deinit_all)
	{
	  for (i = 0; i < st.ncerts; i++)
	    {
	      gnutls_x509_crt_deinit (st.cert.x509[i]);
	    }
	  gnutls_free (st.cert.x509);
	  gnutls_x509_privkey_deinit (st.key.x509);
	}
    }
  else
    {
#ifdef ENABLE_OPENPGP
      if (st.deinit_all)
	{
	  gnutls_openpgp_crt_deinit (st.cert.pgp);
	  gnutls_openpgp_privkey_deinit (st.key.pgp);
	}
#endif
    }
  return ret;
}
 | 
| ↓ | _gnutls_x509_verify_certificate | 21 | 56 | 139 | lib/x509/verify.c | 
| 
static unsigned int
_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
				 int clist_size,
				 const gnutls_x509_crt_t * trusted_cas,
				 int tcas_size,
				 const gnutls_x509_crl_t * CRLs,
				 int crls_size, unsigned int flags)
{
  int i = 0, ret;
  unsigned int status = 0, output;
  if (clist_size > 1)
    {
      /* Check if the last certificate in the path is self signed.
       * In that case ignore it (a certificate is trusted only if it
       * leads to a trusted party by us, not the server's).
       *
       * This prevents from verifying self signed certificates against
       * themselves. This (although not bad) caused verification
       * failures on some root self signed certificates that use the
       * MD2 algorithm.
       */
      if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
				    certificate_list[clist_size - 1]) > 0)
	{
	  clist_size--;
	}
    }
  /* We want to shorten the chain by removing the cert that matches
   * one of the certs we trust and all the certs after that i.e. if
   * cert chain is A signed-by B signed-by C signed-by D (signed-by
   * self-signed E but already removed above), and we trust B, remove
   * B, C and D.  We must leave the first cert on chain. */
  if (clist_size > 1 && !(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
    {
      for (i = 1; i < clist_size; i++)
	{
	  int j;
	  for (j = 0; j < tcas_size; j++)
	    {
	      if (check_if_same_cert (certificate_list[i],
				      trusted_cas[j]) == 0)
		{
		  clist_size = i;
		  break;
		}
	    }
	  /* clist_size may have been changed which gets out of loop */
	}
    }
  /* Verify the last certificate in the certificate path
   * against the trusted CA certificate list.
   *
   * If no CAs are present returns CERT_INVALID. Thus works
   * in self signed etc certificates.
   */
  ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
				     trusted_cas, tcas_size, flags, &output);
  if (ret == 0)
    {
      /* if the last certificate in the certificate
       * list is invalid, then the certificate is not
       * trusted.
       */
      gnutls_assert ();
      status |= output;
      status |= GNUTLS_CERT_INVALID;
      return status;
    }
  /* Check for revoked certificates in the chain
   */
#ifdef ENABLE_PKI
  for (i = 0; i < clist_size; i++)
    {
      ret = gnutls_x509_crt_check_revocation (certificate_list[i],
					      CRLs, crls_size);
      if (ret == 1)
	{			/* revoked */
	  status |= GNUTLS_CERT_REVOKED;
	  status |= GNUTLS_CERT_INVALID;
	  return status;
	}
    }
#endif
  /* Check activation/expiration times
   */
  if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
    {
      time_t t, now = time (0);
      for (i = 0; i < clist_size; i++)
	{
	  t = gnutls_x509_crt_get_activation_time (certificate_list[i]);
	  if (t == (time_t) -1 || now < t)
	    {
	      status |= GNUTLS_CERT_NOT_ACTIVATED;
	      status |= GNUTLS_CERT_INVALID;
	      return status;
	    }
	  t = gnutls_x509_crt_get_expiration_time (certificate_list[i]);
	  if (t == (time_t) -1 || now > t)
	    {
	      status |= GNUTLS_CERT_EXPIRED;
	      status |= GNUTLS_CERT_INVALID;
	      return status;
	    }
	}
    }
  /* Verify the certificate path (chain)
   */
  for (i = clist_size - 1; i > 0; i--)
    {
      if (i - 1 < 0)
	break;
      /* note that here we disable this V1 CA flag. So that no version 1
       * certificates can exist in a supplied chain.
       */
      if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
	flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
      if ((ret =
	   _gnutls_verify_certificate2 (certificate_list[i - 1],
					&certificate_list[i], 1, flags,
					NULL)) == 0)
	{
	  status |= GNUTLS_CERT_INVALID;
	  return status;
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_asn1_encode_rsa | 21 | 141 | 237 | lib/x509/privkey.c | 
| 
static int
_gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params)
{
  int result, i;
  size_t size[8], total;
  opaque *m_data, *pube_data, *prie_data;
  opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data;
  opaque *all_data = NULL, *p;
  bigint_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL;
  opaque null = '\0';
  gnutls_pk_params_st pk_params;
  /* Read all the sizes */
  total = 0;
  for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
    {
      _gnutls_mpi_print_lz (params[i], NULL, &size[i]);
      total += size[i];
    }
  result = _gnutls_pk_params_copy (&pk_params, params, RSA_PRIVATE_PARAMS);
  if (result < 0)
    {
      gnutls_assert ();
      return result;
    }
  result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  q1 = _gnutls_mpi_alloc_like (pk_params.params[4]);
  if (q1 == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  p1 = _gnutls_mpi_alloc_like (pk_params.params[3]);
  if (p1 == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  /* inverse of q mod p */
  _gnutls_mpi_print_lz (pk_params.params[5], NULL, &size[5]);
  total += size[5];
  _gnutls_mpi_sub_ui (p1, pk_params.params[3], 1);
  _gnutls_mpi_sub_ui (q1, pk_params.params[4], 1);
  exp1 = _gnutls_mpi_mod (pk_params.params[2], p1);
  if (exp1 == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  exp2 = _gnutls_mpi_mod (pk_params.params[2], q1);
  if (exp2 == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  /* calculate exp's size */
  _gnutls_mpi_print_lz (exp1, NULL, &size[6]);
  total += size[6];
  _gnutls_mpi_print_lz (exp2, NULL, &size[7]);
  total += size[7];
  /* Encoding phase.
   * allocate data enough to hold everything
   */
  all_data = gnutls_secure_malloc (total);
  if (all_data == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  p = all_data;
  m_data = p;
  p += size[0];
  pube_data = p;
  p += size[1];
  prie_data = p;
  p += size[2];
  p1_data = p;
  p += size[3];
  p2_data = p;
  p += size[4];
  u_data = p;
  p += size[5];
  exp1_data = p;
  p += size[6];
  exp2_data = p;
  _gnutls_mpi_print_lz (pk_params.params[0], m_data, &size[0]);
  _gnutls_mpi_print_lz (pk_params.params[1], pube_data, &size[1]);
  _gnutls_mpi_print_lz (pk_params.params[2], prie_data, &size[2]);
  _gnutls_mpi_print_lz (pk_params.params[3], p1_data, &size[3]);
  _gnutls_mpi_print_lz (pk_params.params[4], p2_data, &size[4]);
  _gnutls_mpi_print_lz (pk_params.params[5], u_data, &size[5]);
  _gnutls_mpi_print_lz (exp1, exp1_data, &size[6]);
  _gnutls_mpi_print_lz (exp2, exp2_data, &size[7]);
  /* Ok. Now we have the data. Create the asn1 structures
   */
  /* first make sure that no previously allocated data are leaked */
  if (*c2 != ASN1_TYPE_EMPTY)
    {
      asn1_delete_structure (c2);
      *c2 = ASN1_TYPE_EMPTY;
    }
  if ((result = asn1_create_element
       (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2))
      != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  /* Write PRIME 
   */
  if ((result = asn1_write_value (*c2, "modulus",
				  m_data, size[0])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "publicExponent",
				  pube_data, size[1])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "privateExponent",
				  prie_data, size[2])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "prime1",
				  p1_data, size[3])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "prime2",
				  p2_data, size[4])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "exponent1",
				  exp1_data, size[6])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "exponent2",
				  exp2_data, size[7])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "coefficient",
				  u_data, size[5])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  _gnutls_mpi_release (&exp1);
  _gnutls_mpi_release (&exp2);
  _gnutls_mpi_release (&q1);
  _gnutls_mpi_release (&p1);
  gnutls_pk_params_release (&pk_params);
  gnutls_free (all_data);
  if ((result = asn1_write_value (*c2, "otherPrimeInfos",
				  NULL, 0)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  return 0;
cleanup:
  _gnutls_mpi_release (&exp1);
  _gnutls_mpi_release (&exp2);
  _gnutls_mpi_release (&q1);
  _gnutls_mpi_release (&p1);
  gnutls_pk_params_release (&pk_params);
  asn1_delete_structure (c2);
  gnutls_free (all_data);
  return result;
}
 | 
| ↓ | print_crq | 21 | 108 | 205 | lib/x509/output.c | 
| 
static void
print_crq (gnutls_string * str, gnutls_x509_crq_t cert)
{
  /* Version. */
  {
    int version = gnutls_x509_crq_get_version (cert);
    if (version < 0)
      addf (str, "error: get_version: %s\n", gnutls_strerror (version));
    else
      addf (str, _("\tVersion: %d\n"), version);
  }
  /* Subject */
  {
    char dn[1024];
    size_t dn_size = sizeof (dn);
    int err;
    err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
    if (err < 0)
      addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
    else
      addf (str, _("\tSubject: %s\n"), dn);
  }
  /* SubjectPublicKeyInfo. */
  {
    int err;
    unsigned int bits;
    err = gnutls_x509_crq_get_pk_algorithm (cert, &bits);
    if (err < 0)
      addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
    else
      {
	const char *name = gnutls_pk_algorithm_get_name (err);
	if (name == NULL)
	  name = _("unknown");
	addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
	switch (err)
	  {
	  case GNUTLS_PK_RSA:
	    {
	      gnutls_datum_t m, e;
	      err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e);
	      if (err < 0)
		addf (str, "error: get_pk_rsa_raw: %s\n",
		      gnutls_strerror (err));
	      else
		{
		  addf (str, _("\t\tModulus (bits %d):\n"), bits);
		  hexdump (str, m.data, m.size, "\t\t\t");
		  adds (str, _("\t\tExponent:\n"));
		  hexdump (str, e.data, e.size, "\t\t\t");
		  gnutls_free (m.data);
		  gnutls_free (e.data);
		}
	    }
	    break;
#if 0				/* not implemented yet */
	  case GNUTLS_PK_DSA:
	    {
	      gnutls_datum_t p, q, g, y;
	      err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y);
	      if (err < 0)
		addf (str, "error: get_pk_dsa_raw: %s\n",
		      gnutls_strerror (err));
	      else
		{
		  addf (str, _("\t\tPublic key (bits %d):\n"), bits);
		  hexdump (str, y.data, y.size, "\t\t\t");
		  addf (str, _("\t\tP:\n"));
		  hexdump (str, p.data, p.size, "\t\t\t");
		  addf (str, _("\t\tQ:\n"));
		  hexdump (str, q.data, q.size, "\t\t\t");
		  addf (str, _("\t\tG:\n"));
		  hexdump (str, g.data, g.size, "\t\t\t");
		  gnutls_free (p.data);
		  gnutls_free (q.data);
		  gnutls_free (g.data);
		  gnutls_free (y.data);
		}
	    }
	    break;
#endif
	  default:
	    break;
	  }
      }
  }
  /* parse attributes */
  {
    size_t i;
    int err = 0;
    for (i = 0;; i++)
      {
	char oid[MAX_OID_SIZE] = "";
	size_t sizeof_oid = sizeof (oid);
	int extensions = 0;
	int challenge = 0;
	err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
	if (err < 0)
	  {
	    if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	      break;
	    addf (str, "error: get_extension_info: %s\n",
		  gnutls_strerror (err));
	    continue;
	  }
	if (i == 0)
	  adds (str, _("\tAttributes:\n"));
	if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
	  {
	    cert_type_t ccert;
	    if (extensions)
	      {
		addf (str, "error: more than one extensionsRequest\n");
		continue;
	      }
	    ccert.crq = cert;
	    print_extensions (str, "\t", TYPE_CRQ, ccert);
	    extensions++;
	  }
	else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
	  {
	    char pass[1024];
	    size_t pass_size = sizeof (pass);
	    if (challenge)
	      {
		addf (str,
		      "error: more than one Challenge password attribute\n");
		continue;
	      }
	    err =
	      gnutls_x509_crq_get_challenge_password (cert, pass, &pass_size);
	    if (err < 0)
	      addf (str, "error: get_challenge_password: %s\n",
		    gnutls_strerror (err));
	    else
	      addf (str, _("\t\tChallenge password: %s\n"), pass);
	    challenge++;
	  }
	else
	  {
	    char *buffer;
	    size_t extlen = 0;
	    addf (str, _("\t\tUnknown attribute %s:\n"), oid);
	    err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
	    if (err < 0)
	      {
		addf (str, "error: get_attribute_data: %s\n",
		      gnutls_strerror (err));
		continue;
	      }
	    buffer = gnutls_malloc (extlen);
	    if (!buffer)
	      {
		addf (str, "error: malloc: %s\n", gnutls_strerror (err));
		continue;
	      }
	    err = gnutls_x509_crq_get_attribute_data (cert, i,
						      buffer, &extlen);
	    if (err < 0)
	      {
		gnutls_free (buffer);
		addf (str, "error: get_attribute_data2: %s\n",
		      gnutls_strerror (err));
		continue;
	      }
	    adds (str, _("\t\t\tASCII: "));
	    asciiprint (str, buffer, extlen);
	    adds (str, "\n");
	    adds (str, _("\t\t\tHexdump: "));
	    hexprint (str, buffer, extlen);
	    adds (str, "\n");
	    gnutls_free (buffer);
	  }
      }
  }
}
 | 
| ↓ | _gnutls_x509_parse_dn_oid | 20 | 82 | 166 | lib/x509/dn.c | 
| 
int
_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
			   const char *asn1_rdn_name,
			   const char *given_oid, int indx,
			   unsigned int raw_flag,
			   void *buf, size_t * sizeof_buf)
{
  int k2, k1, result;
  char tmpbuffer1[ASN1_MAX_NAME_SIZE];
  char tmpbuffer2[ASN1_MAX_NAME_SIZE];
  char tmpbuffer3[ASN1_MAX_NAME_SIZE];
  opaque value[256];
  char oid[MAX_OID_SIZE];
  int len, printable;
  int i = 0;
  char *cbuf = buf;
  if (cbuf == NULL)
    *sizeof_buf = 0;
  else
    cbuf[0] = 0;
  k1 = 0;
  do
    {
      k1++;
      /* create a string like "tbsCertList.issuer.rdnSequence.?1"
       */
      if (asn1_rdn_name[0] != 0)
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
		  k1);
      else
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
      len = sizeof (value) - 1;
      result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
      if (result == ASN1_ELEMENT_NOT_FOUND)
	{
	  gnutls_assert ();
	  break;
	}
      if (result != ASN1_VALUE_NOT_FOUND)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      k2 = 0;
      do
	{			/* Move to the attibute type and values
				 */
	  k2++;
	  if (tmpbuffer1[0] != 0)
	    snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
		      k2);
	  else
	    snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
	  /* Try to read the RelativeDistinguishedName attributes.
	   */
	  len = sizeof (value) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    {
	      break;
	    }
	  if (result != ASN1_VALUE_NOT_FOUND)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  /* Read the OID 
	   */
	  _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
	  _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
	  len = sizeof (oid) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    break;
	  else if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  if (strcmp (oid, given_oid) == 0 && indx == i++)
	    {			/* Found the OID */
	      /* Read the Value 
	       */
	      _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
	      _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
	      len = *sizeof_buf;
	      result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len);
	      if (result != ASN1_SUCCESS)
		{
		  gnutls_assert ();
		  if (result == ASN1_MEM_ERROR)
		    *sizeof_buf = len;
		  result = _gnutls_asn2err (result);
		  goto cleanup;
		}
	      if (raw_flag != 0)
		{
		  if ((unsigned) len > *sizeof_buf)
		    {
		      *sizeof_buf = len;
		      result = GNUTLS_E_SHORT_MEMORY_BUFFER;
		      goto cleanup;
		    }
		  *sizeof_buf = len;
		  return 0;
		}
	      else
		{		/* parse data. raw_flag == 0 */
		  printable = _gnutls_x509_oid_data_printable (oid);
		  if (printable == 1)
		    result =
		      _gnutls_x509_oid_data2string (oid, buf, len,
						    cbuf, sizeof_buf);
		  else
		    result =
		      _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
		  if (result < 0)
		    {
		      gnutls_assert ();
		      goto cleanup;
		    }
		  return 0;
		}		/* raw_flag == 0 */
	    }
	}
      while (1);
    }
  while (1);
  gnutls_assert ();
  result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
cleanup:
  return result;
}
 | 
| ↓ | _gnutls_srp_pwd_read_entry | 20 | 69 | 147 | lib/auth_srp_passwd.c | 
| 
int
_gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
			    SRP_PWD_ENTRY ** _entry)
{
  gnutls_srp_server_credentials_t cred;
  FILE *fd;
  char line[2 * 1024];
  unsigned i, len;
  int ret;
  int idx, last_idx;
  SRP_PWD_ENTRY *entry;
  *_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY));
  if (*_entry == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  entry = *_entry;
  cred = (gnutls_srp_server_credentials_t)
    _gnutls_get_cred (state->key, GNUTLS_CRD_SRP, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      _gnutls_srp_entry_free (entry);
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  /* if the callback which sends the parameters is
   * set, use it.
   */
  if (cred->pwd_callback != NULL)
    {
      ret = cred->pwd_callback (state, username, &entry->salt,
				&entry->v, &entry->g, &entry->n);
      if (ret == 1)
	{			/* the user does not exist */
	  if (entry->g.size != 0 && entry->n.size != 0)
	    {
	      ret = _randomize_pwd_entry (entry);
	      if (ret < 0)
		{
		  gnutls_assert ();
		  _gnutls_srp_entry_free (entry);
		  return ret;
		}
	      return 0;
	    }
	  else
	    {
	      gnutls_assert ();
	      ret = -1;		/* error in the callback */
	    }
	}
      if (ret < 0)
	{
	  gnutls_assert ();
	  _gnutls_srp_entry_free (entry);
	  return GNUTLS_E_SRP_PWD_ERROR;
	}
      return 0;
    }
  /* The callback was not set. Proceed.
   */
  if (cred->password_file == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_SRP_PWD_ERROR;
    }
  /* Open the selected password file.
   */
  fd = fopen (cred->password_file, "r");
  if (fd == NULL)
    {
      gnutls_assert ();
      _gnutls_srp_entry_free (entry);
      return GNUTLS_E_SRP_PWD_ERROR;
    }
  last_idx = 1;			/* a default value */
  len = strlen (username);
  while (fgets (line, sizeof (line), fd) != NULL)
    {
      /* move to first ':' */
      i = 0;
      while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
	{
	  i++;
	}
      if (strncmp (username, line, MAX (i, len)) == 0)
	{
	  if ((idx = pwd_put_values (entry, line)) >= 0)
	    {
	      /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
	       * when the user does not exist.
	       */
	      last_idx = idx;
	      if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
		{
		  return 0;
		}
	      else
		{
		  gnutls_assert ();
		  _gnutls_srp_entry_free (entry);
		  return GNUTLS_E_SRP_PWD_ERROR;
		}
	    }
	  else
	    {
	      gnutls_assert ();
	      _gnutls_srp_entry_free (entry);
	      return GNUTLS_E_SRP_PWD_ERROR;
	    }
	}
    }
  /* user was not found. Fake him. Actually read the g,n values from
   * the last index found and randomize the entry.
   */
  if (pwd_read_conf (cred->password_conf_file, entry, last_idx) == 0)
    {
      ret = _randomize_pwd_entry (entry);
      if (ret < 0)
	{
	  gnutls_assert ();
	  _gnutls_srp_entry_free (entry);
	  return ret;
	}
      return 0;
    }
  gnutls_assert ();
  _gnutls_srp_entry_free (entry);
  return GNUTLS_E_SRP_PWD_ERROR;
}
 | 
| ↓ | read_signature | 20 | 68 | 89 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
{
  size_t nbytes;
  size_t i, size, nsig;
  cdk_error_t rc;
  if (!inp || !sig)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_signature: %d octets\n", pktlen);
  if (pktlen < 16)
    return CDK_Inv_Packet;
  sig->version = cdk_stream_getc (inp);
  if (sig->version < 2 || sig->version > 4)
    return CDK_Inv_Packet_Ver;
  sig->flags.exportable = 1;
  sig->flags.revocable = 1;
  if (sig->version < 4)
    {
      if (cdk_stream_getc (inp) != 5)
	return CDK_Inv_Packet;
      sig->sig_class = cdk_stream_getc (inp);
      sig->timestamp = read_32 (inp);
      sig->keyid[0] = read_32 (inp);
      sig->keyid[1] = read_32 (inp);
      sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
      sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
      sig->digest_start[0] = cdk_stream_getc (inp);
      sig->digest_start[1] = cdk_stream_getc (inp);
      nsig = cdk_pk_get_nsig (sig->pubkey_algo);
      if (!nsig)
	return CDK_Inv_Algo;
      for (i = 0; i < nsig; i++)
	{
	  rc = read_mpi (inp, &sig->mpi[i], 0);
	  if (rc)
	    return rc;
	}
    }
  else
    {
      sig->sig_class = cdk_stream_getc (inp);
      sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
      sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
      sig->hashed_size = read_16 (inp);
      size = sig->hashed_size;
      sig->hashed = NULL;
      while (size > 0)
	{
	  rc = read_subpkt (inp, &sig->hashed, &nbytes);
	  if (rc)
	    return rc;
	  size -= nbytes;
	}
      sig->unhashed_size = read_16 (inp);
      size = sig->unhashed_size;
      sig->unhashed = NULL;
      while (size > 0)
	{
	  rc = read_subpkt (inp, &sig->unhashed, &nbytes);
	  if (rc)
	    return rc;
	  size -= nbytes;
	}
      rc = parse_sig_subpackets (sig);
      if (rc)
	return rc;
      sig->digest_start[0] = cdk_stream_getc (inp);
      sig->digest_start[1] = cdk_stream_getc (inp);
      nsig = cdk_pk_get_nsig (sig->pubkey_algo);
      if (!nsig)
	return CDK_Inv_Algo;
      for (i = 0; i < nsig; i++)
	{
	  rc = read_mpi (inp, &sig->mpi[i], 0);
	  if (rc)
	    return rc;
	}
    }
  return 0;
}
 | 
| ↓ | decode_pkcs8_key | 20 | 52 | 126 | lib/x509/privkey_pkcs8.c | 
| 
static int
decode_pkcs8_key (const gnutls_datum_t * raw_key,
		  const char *password, gnutls_x509_privkey_t pkey)
{
  int result, len;
  char enc_oid[64];
  gnutls_datum_t tmp;
  ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY;
  int params_start, params_end, params_len;
  struct pbkdf2_params kdf_params;
  struct pbe_enc_params enc_params;
  schema_id schema;
  if ((result =
       asn1_create_element (_gnutls_get_pkix (),
			    "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
			    &pkcs8_asn)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Check the encryption schema OID
   */
  len = sizeof (enc_oid);
  result =
    asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
		     enc_oid, &len);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      goto error;
    }
  if ((result = check_schema (enc_oid)) < 0)
    {
      gnutls_assert ();
      goto error;
    }
  schema = result;
  /* Get the DER encoding of the parameters.
   */
  result =
    asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
				raw_key->size,
				"encryptionAlgorithm.parameters",
				¶ms_start, ¶ms_end);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  params_len = params_end - params_start + 1;
  result =
    read_pkcs_schema_params (schema, password,
			     &raw_key->data[params_start],
			     params_len, &kdf_params, &enc_params);
  if (result < 0)
    {
      gnutls_assert();
      goto error;
    }
  /* Parameters have been decoded. Now
   * decrypt the EncryptedData.
   */
  result =
    decrypt_data (schema, pkcs8_asn, "encryptedData", password,
		  &kdf_params, &enc_params, &tmp);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  asn1_delete_structure (&pkcs8_asn);
  result = decode_private_key_info (&tmp, pkey);
  _gnutls_free_datum (&tmp);
  if (result < 0)
    {
      /* We've gotten this far. In the real world it's almost certain
       * that we're dealing with a good file, but wrong password.
       * Sadly like 90% of random data is somehow valid DER for the
       * a first small number of bytes, so no easy way to guarantee. */
      if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
	  result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
	  result == GNUTLS_E_ASN1_DER_ERROR ||
	  result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
	  result == GNUTLS_E_ASN1_GENERIC_ERROR ||
	  result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
	  result == GNUTLS_E_ASN1_TAG_ERROR ||
	  result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
	  result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
	  result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
	  result == GNUTLS_E_ASN1_DER_OVERFLOW)
	{
	  result = GNUTLS_E_DECRYPTION_FAILED;
	}
      gnutls_assert ();
      goto error;
    }
  return 0;
error:
  asn1_delete_structure (&pbes2_asn);
  asn1_delete_structure (&pkcs8_asn);
  return result;
}
 | 
| ↓ | write_signature | 20 | 49 | 63 | lib/opencdk/write-packet.c | 
| 
static cdk_error_t
write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb)
{
  byte *buf;
  size_t nbytes, size, nsig;
  cdk_error_t rc;
  assert (out);
  assert (sig);
  if (!KEY_CAN_SIGN (sig->pubkey_algo))
    return CDK_Inv_Algo;
  if (sig->version < 2 || sig->version > 4)
    return CDK_Inv_Packet;
  if (DEBUG_PKT)
    _cdk_log_debug ("write_signature:\n");
  nsig = cdk_pk_get_nsig (sig->pubkey_algo);
  if (!nsig)
    return CDK_Inv_Algo;
  if (sig->version < 4)
    return write_v3_sig (out, sig, nsig);
  size = 10 + calc_subpktsize (sig->hashed)
    + calc_subpktsize (sig->unhashed) + calc_mpisize (sig->mpi, nsig);
  rc = pkt_write_head (out, 0, size, CDK_PKT_SIGNATURE);
  if (!rc)
    rc = stream_putc (out, 4);
  if (!rc)
    rc = stream_putc (out, sig->sig_class);
  if (!rc)
    rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
  if (!rc)
    rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
  if (!rc)
    rc = write_16 (out, sig->hashed_size);
  if (!rc)
    {
      buf = _cdk_subpkt_get_array (sig->hashed, 0, &nbytes);
      if (!buf)
	return CDK_Out_Of_Core;
      rc = stream_write (out, buf, nbytes);
      cdk_free (buf);
    }
  if (!rc)
    rc = write_16 (out, sig->unhashed_size);
  if (!rc)
    {
      buf = _cdk_subpkt_get_array (sig->unhashed, 0, &nbytes);
      if (!buf)
	return CDK_Out_Of_Core;
      rc = stream_write (out, buf, nbytes);
      cdk_free (buf);
    }
  if (!rc)
    rc = stream_putc (out, sig->digest_start[0]);
  if (!rc)
    rc = stream_putc (out, sig->digest_start[1]);
  if (!rc)
    rc = write_mpibuf (out, sig->mpi, nsig);
  return rc;
}
 | 
| ↓ | _wrap_gcry_pk_sign | 21 | 80 | 159 | lib/pk-libgcrypt.c | 
| 
static int
_wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
		    const gnutls_datum_t * vdata,
		    const gnutls_pk_params_st * pk_params)
{
  gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL;
  gcry_sexp_t list = NULL;
  int rc = -1, ret;
  bigint_t hash;
  bigint_t res[2] = { NULL, NULL };
  if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  /* make a sexp from pkey */
  switch (algo)
    {
    case GNUTLS_PK_DSA:
      if (pk_params->params_nr >= 5)
	rc = gcry_sexp_build (&s_key, NULL,
			      "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
			      pk_params->params[0], pk_params->params[1],
			      pk_params->params[2], pk_params->params[3],
			      pk_params->params[4]);
      else
	{
	  gnutls_assert ();
	}
      break;
    case GNUTLS_PK_RSA:
      if (pk_params->params_nr >= 6)
	rc = gcry_sexp_build (&s_key, NULL,
			      "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
			      pk_params->params[0], pk_params->params[1],
			      pk_params->params[2], pk_params->params[3],
			      pk_params->params[4], pk_params->params[5]);
      else
	{
	  gnutls_assert ();
	}
      break;
    default:
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  /* put the data into a simple list */
  if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  /* pass it to libgcrypt */
  rc = gcry_pk_sign (&s_sig, s_hash, s_key);
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_PK_SIGN_FAILED;
      goto cleanup;
    }
  ret = GNUTLS_E_INTERNAL_ERROR;
  switch (algo)
    {
    case GNUTLS_PK_DSA:
      {
	list = gcry_sexp_find_token (s_sig, "r", 0);
	if (list == NULL)
	  {
	    gnutls_assert ();
	    ret = GNUTLS_E_INTERNAL_ERROR;
	    goto cleanup;
	  }
	res[0] = gcry_sexp_nth_mpi (list, 1, 0);
	gcry_sexp_release (list);
	list = gcry_sexp_find_token (s_sig, "s", 0);
	if (list == NULL)
	  {
	    gnutls_assert ();
	    ret = GNUTLS_E_INTERNAL_ERROR;
	    goto cleanup;
	  }
	res[1] = gcry_sexp_nth_mpi (list, 1, 0);
	gcry_sexp_release (list);
	ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
	if (ret < 0)
	  {
	    gnutls_assert ();
	    goto cleanup;
	  }
      }
      break;
    case GNUTLS_PK_RSA:
      {
	list = gcry_sexp_find_token (s_sig, "s", 0);
	if (list == NULL)
	  {
	    gnutls_assert ();
	    ret = GNUTLS_E_INTERNAL_ERROR;
	    goto cleanup;
	  }
	res[0] = gcry_sexp_nth_mpi (list, 1, 0);
	gcry_sexp_release (list);
	ret = _gnutls_mpi_dprint (res[0], signature);
	if (ret < 0)
	  {
	    gnutls_assert ();
	    goto cleanup;
	  }
      }
      break;
    default:
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  ret = 0;
cleanup:
  _gnutls_mpi_release (&hash);
  if (res[0])
    _gnutls_mpi_release (&res[0]);
  if (res[1])
    _gnutls_mpi_release (&res[1]);
  if (s_sig)
    gcry_sexp_release (s_sig);
  if (s_hash)
    gcry_sexp_release (s_hash);
  if (s_key)
    gcry_sexp_release (s_key);
  return ret;
}
 | 
| ↓ | _gnutls_pkcs1_rsa_encrypt | 20 | 93 | 157 | lib/gnutls_pk.c | 
| 
int
_gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
			   const gnutls_datum_t * plaintext,
			   bigint_t * params, unsigned params_len,
			   unsigned btype)
{
  unsigned int i, pad;
  int ret;
  opaque *edata, *ps;
  size_t k, psize;
  size_t mod_bits;
  gnutls_pk_params_st pk_params;
  gnutls_datum to_encrypt, encrypted;
  for (i = 0; i < params_len; i++)
    pk_params.params[i] = params[i];
  pk_params.params_nr = params_len;
  mod_bits = _gnutls_mpi_get_nbits (params[0]);
  k = mod_bits / 8;
  if (mod_bits % 8 != 0)
    k++;
  if (plaintext->size > k - 11)
    {
      gnutls_assert ();
      return GNUTLS_E_PK_ENCRYPTION_FAILED;
    }
  edata = gnutls_malloc (k);
  if (edata == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  /* EB = 00||BT||PS||00||D 
   * (use block type 'btype')
   */
  edata[0] = 0;
  edata[1] = btype;
  psize = k - 3 - plaintext->size;
  ps = &edata[2];
  switch (btype)
    {
    case 2:
      /* using public key */
      if (params_len < RSA_PUBLIC_PARAMS)
	{
	  gnutls_assert ();
	  gnutls_free (edata);
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      ret = _gnutls_rnd (GNUTLS_RND_RANDOM, ps, psize);
      if (ret < 0)
	{
	  gnutls_assert ();
	  gnutls_free (edata);
	  return ret;
	}
      for (i = 0; i < psize; i++)
	while (ps[i] == 0)
	  {
	    ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1);
	    if (ret < 0)
	      {
		gnutls_assert ();
		gnutls_free (edata);
		return ret;
	      }
	  }
      break;
    case 1:
      /* using private key */
      if (params_len < RSA_PRIVATE_PARAMS)
	{
	  gnutls_assert ();
	  gnutls_free (edata);
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      for (i = 0; i < psize; i++)
	ps[i] = 0xff;
      break;
    default:
      gnutls_assert ();
      gnutls_free (edata);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  ps[psize] = 0;
  memcpy (&ps[psize + 1], plaintext->data, plaintext->size);
  to_encrypt.data = edata;
  to_encrypt.size = k;
  if (btype == 2)		/* encrypt */
    ret =
      _gnutls_pk_encrypt (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params);
  else				/* sign */
    ret =
      _gnutls_pk_sign (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params);
  gnutls_free (edata);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  psize = encrypted.size;
  if (psize < k)
    {
      /* padding psize */
      pad = k - psize;
      psize = k;
    }
  else if (psize == k)
    {
      /* pad = 0; 
       * no need to do anything else
       */
      ciphertext->data = encrypted.data;
      ciphertext->size = encrypted.size;
      return 0;
    }
  else
    {				/* psize > k !!! */
      /* This is an impossible situation */
      gnutls_assert ();
      _gnutls_free_datum (&encrypted);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  ciphertext->data = gnutls_malloc (psize);
  if (ciphertext->data == NULL)
    {
      gnutls_assert ();
      _gnutls_free_datum (&encrypted);
      return GNUTLS_E_MEMORY_ERROR;
    }
  memcpy (&ciphertext->data[pad], encrypted.data, encrypted.size);
  for (i = 0; i < pad; i++)
    ciphertext->data[i] = 0;
  ciphertext->size = k;
  _gnutls_free_datum (&encrypted);
  return 0;
}
 | 
| ↓ | _gnutls_io_write_buffered | 20 | 73 | 156 | lib/gnutls_buffers.c | 
| 
ssize_t
_gnutls_io_write_buffered (gnutls_session_t session,
			   const void *iptr, size_t n)
{
  size_t left;
  unsigned j, x, sum = 0;
  ssize_t retval, i;
  const opaque *ptr;
  gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
  /* to know where the procedure was interrupted.
   */
  session->internals.direction = 1;
  ptr = iptr;
  /* In case the previous write was interrupted, check if the
   * iptr != NULL and we have data in the buffer.
   * If this is true then return an error.
   */
  if (session->internals.record_send_buffer.length > 0 && iptr != NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* If data in the buffer exist
   */
  if (iptr == NULL)
    {
      gnutls_datum bdata;
      /* checking is handled above */
      _gnutls_buffer_get_datum (&session->internals.record_send_buffer, &bdata, session->internals.record_send_buffer.length);
      ptr = bdata.data;
      n = bdata.size;
      _gnutls_write_log
	("WRITE: Restoring old write. (%d bytes to send)\n", n);
    }
  _gnutls_write_log ("WRITE: Will write %d bytes to %p.\n", n, fd);
  i = 0;
  left = n;
  while (left > 0)
    {
      session->internals.errnum = 0;
      if (session->internals._gnutls_push_func == NULL)
	{
	  i = send (GNUTLS_POINTER_TO_INT (fd), &ptr[n - left], left, 0);
#if HAVE_WINSOCK2_H
	  if (i < 0)
	    {
	      int tmperr = WSAGetLastError ();
	      switch (tmperr)
		{
		case WSAEWOULDBLOCK:
		  session->internals.errnum = EAGAIN;
		  break;
		case WSAEINTR:
		  session->internals.errnum = EINTR;
		  break;
		default:
		  session->internals.errnum = EIO;
		  break;
		}
	      WSASetLastError (tmperr);
	    }
#endif
	}
      else
	i = session->internals._gnutls_push_func (fd, &ptr[n - left], left);
      if (i == -1)
	{
	  int err = session->internals.errnum ? session->internals.errnum
	    : errno;
	  if (err == EAGAIN || err == EINTR)
	    {
	      session->internals.record_send_buffer_prev_size += n - left;
	      retval =
		_gnutls_buffer_append (&session->internals.record_send_buffer,
				       &ptr[n - left], left);
	      if (retval < 0)
		{
		  gnutls_assert ();
		  return retval;
		}
	      _gnutls_write_log
		("WRITE: Interrupted. Stored %d bytes to buffer. Already sent %d bytes.\n",
		 left, n - left);
	      if (err == EAGAIN)
		return GNUTLS_E_AGAIN;
	      return GNUTLS_E_INTERRUPTED;
	    }
	  else
	    {
	      gnutls_assert ();
	      return GNUTLS_E_PUSH_ERROR;
	    }
	}
      left -= i;
      if (_gnutls_log_level >= 7)
	{
	  char line[128];
	  char tmp[16];
	  _gnutls_write_log
	    ("WRITE: wrote %d bytes to %p. Left %d bytes. Total %d bytes.\n",
	     i, fd, left, n);
	  for (x = 0; x < (unsigned) ((i) / 16) + 1; x++)
	    {
	      line[0] = 0;
	      if (sum > n - left)
		break;
	      sprintf (tmp, "%.4x - ", x);
	      _gnutls_str_cat (line, sizeof (line), tmp);
	      for (j = 0; j < 16; j++)
		{
		  if (sum < n - left)
		    {
		      sprintf (tmp, "%.2x ",
			       ((const unsigned char *) ptr)[sum++]);
		      _gnutls_str_cat (line, sizeof (line), tmp);
		    }
		  else
		    break;
		}
	      _gnutls_write_log ("%s\n", line);
	    }
	}
    }
  retval = n + session->internals.record_send_buffer_prev_size;
  session->internals.record_send_buffer.length = 0;
  session->internals.record_send_buffer_prev_size = 0;
  return retval;
}
 | 
| ↓ | _gnutls_send_int | 19 | 62 | 142 | lib/gnutls_record.c | 
| 
ssize_t
_gnutls_send_int (gnutls_session_t session, content_type_t type,
		  gnutls_handshake_description_t htype, const void *_data,
		  size_t sizeofdata)
{
  uint8_t *cipher;
  int cipher_size;
  int retval, ret;
  int data2send_size;
  uint8_t headers[5];
  const uint8_t *data = _data;
  /* Do not allow null pointer if the send buffer is empty.
   * If the previous send was interrupted then a null pointer is
   * ok, and means to resume.
   */
  if (session->internals.record_send_buffer.length == 0 &&
      (sizeofdata == 0 && _data == NULL))
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (type != GNUTLS_ALERT)	/* alert messages are sent anyway */
    if (session_is_valid (session) || session->internals.may_not_write != 0)
      {
	gnutls_assert ();
	return GNUTLS_E_INVALID_SESSION;
      }
  headers[0] = type;
  /* Use the default record version, if it is
   * set.
   */
  copy_record_version (session, htype, &headers[1]);
  _gnutls_record_log
    ("REC[%p]: Sending Packet[%d] %s(%d) with length: %d\n", session,
     (int) _gnutls_uint64touint32 (&session->connection_state.
				   write_sequence_number),
     _gnutls_packet2str (type), type, sizeofdata);
  if (sizeofdata > MAX_RECORD_SEND_SIZE)
    data2send_size = MAX_RECORD_SEND_SIZE;
  else
    data2send_size = sizeofdata;
  /* Only encrypt if we don't have data to send 
   * from the previous run. - probably interrupted.
   */
  if (session->internals.record_send_buffer.length > 0)
    {
      ret = _gnutls_io_write_flush (session);
      if (ret > 0)
	cipher_size = ret;
      else
	cipher_size = 0;
      cipher = NULL;
      retval = session->internals.record_send_buffer_user_size;
    }
  else
    {
      /* now proceed to packet encryption
       */
      cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
      cipher = gnutls_malloc (cipher_size);
      if (cipher == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      cipher_size =
	_gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
			 data2send_size, cipher, cipher_size, type,
			 (session->internals.priorities.no_padding ==
			  0) ? 1 : 0);
      if (cipher_size <= 0)
	{
	  gnutls_assert ();
	  if (cipher_size == 0)
	    cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
	  gnutls_free (cipher);
	  return cipher_size;	/* error */
	}
      retval = data2send_size;
      session->internals.record_send_buffer_user_size = data2send_size;
      /* increase sequence number
       */
      if (_gnutls_uint64pp
	  (&session->connection_state.write_sequence_number) != 0)
	{
	  session_invalidate (session);
	  gnutls_assert ();
	  gnutls_free (cipher);
	  return GNUTLS_E_RECORD_LIMIT_REACHED;
	}
      ret = _gnutls_io_write_buffered (session, cipher, cipher_size);
      gnutls_free (cipher);
    }
  if (ret != cipher_size)
    {
      if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
	{
	  /* If we have sent any data then just return
	   * the error value. Do not invalidate the session.
	   */
	  gnutls_assert ();
	  return ret;
	}
      if (ret > 0)
	{
	  gnutls_assert ();
	  ret = GNUTLS_E_INTERNAL_ERROR;
	}
      session_unresumable (session);
      session->internals.may_not_write = 1;
      gnutls_assert ();
      return ret;
    }
  session->internals.record_send_buffer_user_size = 0;
  _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) with length: %d\n",
		      session,
		      (int)
		      _gnutls_uint64touint32
		      (&session->connection_state.write_sequence_number),
		      _gnutls_packet2str (type), type, cipher_size);
  return retval;
}
 | 
| ↓ | _gnutls_verify_crl2 | 19 | 49 | 100 | lib/x509/verify.c | 
| 
static int
_gnutls_verify_crl2 (gnutls_x509_crl_t crl,
		     const gnutls_x509_crt_t * trusted_cas,
		     int tcas_size, unsigned int flags, unsigned int *output)
{
/* CRL is ignored for now */
  gnutls_datum_t crl_signed_data = { NULL, 0 };
  gnutls_datum_t crl_signature = { NULL, 0 };
  gnutls_x509_crt_t issuer;
  int ret, result;
  if (output)
    *output = 0;
  if (tcas_size >= 1)
    issuer = find_crl_issuer (crl, trusted_cas, tcas_size);
  else
    {
      gnutls_assert ();
      if (output)
	*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
      return 0;
    }
  /* issuer is not in trusted certificate
   * authorities.
   */
  if (issuer == NULL)
    {
      gnutls_assert ();
      if (output)
	*output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
      return 0;
    }
  if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
    {
      if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
	{
	  gnutls_assert ();
	  if (output)
	    *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
	  return 0;
	}
    }
  result =
    _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret =
    _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature, issuer);
  if (ret < 0)
    {
      gnutls_assert ();
    }
  else if (ret == 0)
    {
      gnutls_assert ();
      /* error. ignore it */
      if (output)
	*output |= GNUTLS_CERT_INVALID;
      ret = 0;
    }
  {
    int sigalg;
    sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
    if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
	 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
	((sigalg == GNUTLS_SIGN_RSA_MD5) &&
	 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
      {
	if (output)
	  *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
	ret = 0;
      }
  }
  result = ret;
cleanup:
  _gnutls_free_datum (&crl_signed_data);
  _gnutls_free_datum (&crl_signature);
  return result;
}
 | 
| ↓ | cdk_pk_check_sigs | 19 | 48 | 87 | lib/opencdk/sig-check.c | 
| 
cdk_error_t
cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
{
  cdk_pkt_signature_t sig;
  cdk_kbnode_t node;
  cdk_error_t rc;
  u32 keyid;
  int key_status, is_selfsig = 0;
  struct verify_uid *uid_list = NULL;
  char *uid_name;
  if (!key || !r_status)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  *r_status = 0;
  node = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
  if (!node)
    {
      gnutls_assert ();
      return CDK_Error_No_Key;
    }
  key_status = 0;
  /* Continue with the signature check but adjust the
     key status flags accordingly. */
  if (node->pkt->pkt.public_key->is_revoked)
    key_status |= CDK_KEY_REVOKED;
  if (node->pkt->pkt.public_key->has_expired)
    key_status |= CDK_KEY_EXPIRED;
  rc = 0;
  keyid = cdk_pk_get_keyid (node->pkt->pkt.public_key, NULL);
  for (node = key; node; node = node->next)
    {
      if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
	continue;
      sig = node->pkt->pkt.signature;
      rc = _cdk_pk_check_sig (keydb, key, node, &is_selfsig, &uid_name);
      if (rc && rc != CDK_Error_No_Key)
	{
	  /* It might be possible that a single signature has been
	     corrupted, thus we do not consider it a problem when
	     one ore more signatures are bad. But at least the self
	     signature has to be valid. */
	  if (is_selfsig)
	    {
	      key_status |= CDK_KEY_INVALID;
	      break;
	    }
	}
      _cdk_log_debug ("signature %s: signer %08lX keyid %08lX\n",
		      rc == CDK_Bad_Sig ? "BAD" : "good", sig->keyid[1],
		      keyid);
      if (IS_UID_SIG (sig) && uid_name != NULL)
	{
	  /* add every uid in the uid list. Only consider valid:
	   * - verification was ok
	   * - not a selfsig 
	   */
	  rc =
	    uid_list_add_sig (&uid_list, uid_name,
			      (rc == CDK_Success && is_selfsig == 0) ? 1 : 0);
	  if (rc != CDK_Success)
	    {
	      gnutls_assert ();
	      goto exit;
	    }
	}
    }
  if (uid_list_all_signed (uid_list) == 0)
    key_status |= CDK_KEY_NOSIGNER;
  *r_status = key_status;
  if (rc == CDK_Error_No_Key)
    rc = 0;
exit:
  uid_list_free (uid_list);
  return rc;
}
 | 
| ↓ | _gnutls_recv_client_certificate | 19 | 31 | 92 | lib/gnutls_kx.c | 
| 
int
_gnutls_recv_client_certificate (gnutls_session_t session)
{
  int datasize;
  opaque *data;
  int ret = 0;
  int optional;
  if (session->internals.auth_struct->gnutls_process_client_certificate !=
      NULL)
    {
      /* if we have not requested a certificate then just return
       */
      if (session->internals.send_cert_req == 0)
	{
	  return 0;
	}
      if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
	optional = MANDATORY_PACKET;
      else
	optional = OPTIONAL_PACKET;
      ret =
	_gnutls_recv_handshake (session, &data,
				&datasize,
				GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
      if (ret < 0)
	{
	  /* Handle the case of old SSL3 clients who send
	   * a warning alert instead of an empty certificate to indicate
	   * no certificate.
	   */
	  if (optional == OPTIONAL_PACKET &&
	      ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
	      gnutls_protocol_get_version (session) == GNUTLS_SSL3 &&
	      gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
	    {
	      /* SSL3 does not send an empty certificate,
	       * but this alert. So we just ignore it.
	       */
	      gnutls_assert ();
	      return 0;
	    }
	  /* certificate was required 
	   */
	  if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
	       || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
	      && optional == MANDATORY_PACKET)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_NO_CERTIFICATE_FOUND;
	    }
	  return ret;
	}
      if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET)
	{
	  /* Client has not sent the certificate message.
	   * well I'm not sure we should accept this
	   * behaviour.
	   */
	  gnutls_assert ();
	  return 0;
	}
      ret =
	session->internals.auth_struct->
	gnutls_process_client_certificate (session, data, datasize);
      gnutls_free (data);
      if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND)
	{
	  gnutls_assert ();
	  return ret;
	}
      /* ok we should expect a certificate verify message now 
       */
      if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
	ret = 0;
      else
	session->key->certificate_requested = 1;
    }
  return ret;
}
 | 
| ↓ | _gnutls_handshake_io_send_int | 18 | 63 | 131 | lib/gnutls_buffers.c | 
| 
ssize_t
_gnutls_handshake_io_send_int (gnutls_session_t session,
			       content_type_t type,
			       gnutls_handshake_description_t htype,
			       const void *iptr, size_t n)
{
  size_t left;
  ssize_t ret = 0;
  const opaque *ptr;
  ssize_t retval = 0;
  ptr = iptr;
  if (session->internals.handshake_send_buffer.length > 0 && ptr == NULL
      && n == 0)
    {
      gnutls_datum bdata;
      /* resuming previously interrupted write
       */
      gnutls_assert ();
      /* checking is handled above */
      _gnutls_buffer_get_datum (&session->internals.handshake_send_buffer, &bdata, session->internals.handshake_send_buffer.length);
      ptr = bdata.data;
      n = bdata.size;
      type = session->internals.handshake_send_buffer_type;
      htype = session->internals.handshake_send_buffer_htype;
    }
  else if (session->internals.handshake_send_buffer.length > 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
#ifdef WRITE_DEBUG
  else
    {
      size_t sum = 0, x, j;
      _gnutls_write_log ("HWRITE: will write %d bytes to %d.\n", n,
			 gnutls_transport_get_ptr (session));
      for (x = 0; x < ((n) / 16) + 1; x++)
	{
	  if (sum > n)
	    break;
	  _gnutls_write_log ("%.4x - ", x);
	  for (j = 0; j < 16; j++)
	    {
	      if (sum < n)
		{
		  _gnutls_write_log ("%.2x ", ((unsigned char *) ptr)[sum++]);
		}
	      else
		break;
	    }
	  _gnutls_write_log ("\n");
	}
      _gnutls_write_log ("\n");
    }
#endif
  if (n == 0)
    {				/* if we have no data to send */
      gnutls_assert ();
      return 0;
    }
  else if (ptr == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  left = n;
  while (left > 0)
    {
      ret = _gnutls_send_int (session, type, htype, &ptr[n - left], left);
      if (ret <= 0)
	{
	  if (ret == 0)
	    {
	      gnutls_assert ();
	      ret = GNUTLS_E_INTERNAL_ERROR;
	    }
	  if (left > 0
	      && (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN))
	    {
	      gnutls_assert ();
	      retval =
		_gnutls_buffer_append (&session->internals.
				       handshake_send_buffer, &ptr[n - left],
				       left);
	      if (retval < 0)
		{
		  gnutls_assert ();
		  return retval;
		}
	      session->internals.handshake_send_buffer_prev_size += n - left;
	      session->internals.handshake_send_buffer_type = type;
	      session->internals.handshake_send_buffer_htype = htype;
	    }
	  else
	    {
	      session->internals.handshake_send_buffer_prev_size = 0;
	      session->internals.handshake_send_buffer.length = 0;
	    }
	  gnutls_assert ();
	  return ret;
	}
      left -= ret;
    }
  retval = n + session->internals.handshake_send_buffer_prev_size;
  session->internals.handshake_send_buffer.length = 0;
  session->internals.handshake_send_buffer_prev_size = 0;
  return retval;
}
 | 
| ↓ | keydb_find_byusage | 18 | 22 | 42 | lib/opencdk/keydb.c | 
| 
static cdk_kbnode_t
keydb_find_byusage (cdk_kbnode_t root, int req_usage, int is_pk)
{
  cdk_kbnode_t node, key;
  int req_type;
  long timestamp;
  req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
  if (!req_usage)
    return kbnode_find_valid (root, req_type);
  node = cdk_kbnode_find (root, req_type);
  if (node && !keydb_check_key (node->pkt))
    return NULL;
  key = NULL;
  timestamp = 0;
  /* We iteratre over the all nodes and search for keys or
     subkeys which match the usage and which are not invalid.
     A timestamp is used to figure out the newest valid key. */
  for (node = root; node; node = node->next)
    {
      if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
		    node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
	  && keydb_check_key (node->pkt)
	  && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
	{
	  if (node->pkt->pkt.public_key->timestamp > timestamp)
	    key = node;
	}
      if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
		     node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
	  && keydb_check_key (node->pkt)
	  && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
	{
	  if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
	    key = node;
	}
    }
  return key;
}
 | 
| ↓ | _gnutls_decompress | 18 | 68 | 137 | lib/gnutls_compress.c | 
| 
int
_gnutls_decompress (comp_hd_t handle, opaque * compressed,
		    size_t compressed_size, opaque ** plain,
		    size_t max_record_size)
{
  int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
  if (compressed_size > max_record_size + EXTRA_COMP_SIZE)
    {
      gnutls_assert ();
      return GNUTLS_E_DECOMPRESSION_FAILED;
    }
  /* NULL compression is not handled here
   */
  if (handle == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  switch (handle->algo)
    {
#ifdef USE_LZO
    case GNUTLS_COMP_LZO:
      {
	lzo_uint out_size;
	lzo_uint new_size;
	int err;
	if (_gnutls_lzo1x_decompress_safe == NULL)
	  return GNUTLS_E_DECOMPRESSION_FAILED;
	*plain = NULL;
	out_size = compressed_size + compressed_size;
	plain_size = 0;
	do
	  {
	    out_size += 512;
	    *plain = gnutls_realloc_fast (*plain, out_size);
	    if (*plain == NULL)
	      {
		gnutls_assert ();
		return GNUTLS_E_MEMORY_ERROR;
	      }
	    new_size = out_size;
	    err =
	      _gnutls_lzo1x_decompress_safe (compressed,
					     compressed_size, *plain,
					     &new_size, NULL);
	  }
	while ((err == LZO_E_OUTPUT_OVERRUN && out_size < max_record_size));
	if (err != LZO_E_OK)
	  {
	    gnutls_assert ();
	    gnutls_free (*plain);
	    *plain = NULL;
	    return GNUTLS_E_DECOMPRESSION_FAILED;
	  }
	plain_size = new_size;
	break;
      }
#endif
#ifdef HAVE_LIBZ
    case GNUTLS_COMP_DEFLATE:
      {
	uLongf out_size;
	z_stream *zhandle;
	int cur_pos;
	int err;
	*plain = NULL;
	out_size = compressed_size + compressed_size;
	plain_size = 0;
	zhandle = handle->handle;
	zhandle->next_in = (Bytef *) compressed;
	zhandle->avail_in = compressed_size;
	cur_pos = 0;
	do
	  {
	    out_size += 512;
	    *plain = gnutls_realloc_fast (*plain, out_size);
	    if (*plain == NULL)
	      {
		gnutls_assert ();
		return GNUTLS_E_MEMORY_ERROR;
	      }
	    zhandle->next_out = (Bytef *) (*plain + cur_pos);
	    zhandle->avail_out = out_size - cur_pos;
	    err = inflate (zhandle, Z_SYNC_FLUSH);
	    cur_pos = out_size - zhandle->avail_out;
	  }
	while ((err == Z_BUF_ERROR && zhandle->avail_out == 0
		&& out_size < max_record_size)
	       || (err == Z_OK && zhandle->avail_in != 0));
	if (err != Z_OK)
	  {
	    gnutls_assert ();
	    gnutls_free (*plain);
	    *plain = NULL;
	    return GNUTLS_E_DECOMPRESSION_FAILED;
	  }
	plain_size = out_size - zhandle->avail_out;
	break;
      }
#endif
    default:
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }				/* switch */
  if ((size_t) plain_size > max_record_size)
    {
      gnutls_assert ();
      gnutls_free (*plain);
      *plain = NULL;
      return GNUTLS_E_DECOMPRESSION_FAILED;
    }
  return plain_size;
}
 | 
| ↓ | print_oneline | 17 | 72 | 137 | lib/x509/output.c | 
| 
static void
print_oneline (gnutls_string * str, gnutls_x509_crt_t cert)
{
  /* Subject. */
  {
    char dn[1024];
    size_t dn_size = sizeof (dn);
    int err;
    err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
    if (err < 0)
      addf (str, "unknown subject (%s), ", gnutls_strerror (err));
    else
      addf (str, "subject `%s', ", dn);
  }
  /* Issuer. */
  {
    char dn[1024];
    size_t dn_size = sizeof (dn);
    int err;
    err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
    if (err < 0)
      addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
    else
      addf (str, "issuer `%s', ", dn);
  }
  /* Key algorithm and size. */
  {
    int bits;
    const char *name = gnutls_pk_algorithm_get_name
      (gnutls_x509_crt_get_pk_algorithm (cert, &bits));
    if (name == NULL)
      name = "Unknown";
    addf (str, "%s key %d bits, ", name, bits);
  }
  /* Signature Algorithm. */
  {
    int err;
    err = gnutls_x509_crt_get_signature_algorithm (cert);
    if (err < 0)
      addf (str, "unknown signature algorithm (%s), ",
	    gnutls_strerror (err));
    else
      {
	const char *name = gnutls_sign_algorithm_get_name (err);
	if (name == NULL)
	  name = _("unknown");
	if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
	  addf (str, _("signed using %s (broken!), "), name);
	else
	  addf (str, _("signed using %s, "), name);
      }
  }
  /* Validity. */
  {
    time_t tim;
    tim = gnutls_x509_crt_get_activation_time (cert);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (gmtime_r (&tim, &t) == NULL)
	addf (str, "unknown activation (%ld), ", (unsigned long) tim);
      else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
	addf (str, "failed activation (%ld), ", (unsigned long) tim);
      else
	addf (str, "activated `%s', ", s);
    }
    tim = gnutls_x509_crt_get_expiration_time (cert);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (gmtime_r (&tim, &t) == NULL)
	addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
      else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
	addf (str, "failed expiry (%ld), ", (unsigned long) tim);
      else
	addf (str, "expires `%s', ", s);
    }
  }
  {
    int pathlen;
    char *policyLanguage;
    int err;
    err = gnutls_x509_crt_get_proxy (cert, NULL,
				     &pathlen, &policyLanguage, NULL, NULL);
    if (err == 0)
      {
	addf (str, "proxy certificate (policy=");
	if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
	  addf (str, "id-ppl-inheritALL");
	else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
	  addf (str, "id-ppl-independent");
	else
	  addf (str, "%s", policyLanguage);
	if (pathlen >= 0)
	  addf (str, ", pathlen=%d), ", pathlen);
	else
	  addf (str, "), ");
	gnutls_free (policyLanguage);
      }
  }
  {
    char buffer[20];
    size_t size = sizeof (buffer);
    int err;
    err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
					   buffer, &size);
    if (err < 0)
      {
	addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
      }
    else
      {
	addf (str, "SHA-1 fingerprint `");
	hexprint (str, buffer, size);
	adds (str, "'");
      }
  }
}
 | 
| ↓ | gnutls_x509_crt_list_import | 17 | 64 | 125 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
			     unsigned int *cert_max,
			     const gnutls_datum_t * data,
			     gnutls_x509_crt_fmt_t format, unsigned int flags)
{
  int size;
  const char *ptr;
  gnutls_datum_t tmp;
  int ret, nocopy = 0;
  unsigned int count = 0, j;
  if (format == GNUTLS_X509_FMT_DER)
    {
      if (*cert_max < 1)
	{
	  *cert_max = 1;
	  return GNUTLS_E_SHORT_MEMORY_BUFFER;
	}
      count = 1;		/* import only the first one */
      ret = gnutls_x509_crt_init (&certs[0]);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto error;
	}
      ret = gnutls_x509_crt_import (certs[0], data, format);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto error;
	}
      *cert_max = 1;
      return 1;
    }
  /* move to the certificate
   */
  ptr = memmem (data->data, data->size,
		PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
  if (ptr == NULL)
    ptr = memmem (data->data, data->size,
		  PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
  if (ptr == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  size = data->size - (ptr - (char *) data->data);
  count = 0;
  do
    {
      if (count >= *cert_max)
	{
	  if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
	    break;
	  else
	    nocopy = 1;
	}
      if (!nocopy)
	{
	  ret = gnutls_x509_crt_init (&certs[count]);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      goto error;
	    }
	  tmp.data = (void *) ptr;
	  tmp.size = data->size - (ptr - (char *) data->data);
	  ret =
	    gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      goto error;
	    }
	}
      /* now we move ptr after the pem header 
       */
      ptr++;
      /* find the next certificate (if any)
       */
      size = data->size - (ptr - (char *) data->data);
      if (size > 0)
	{
	  char *ptr2;
	  ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
	  if (ptr2 == NULL)
	    ptr2 = memmem (ptr, size, PEM_CERT_SEP2,
			   sizeof (PEM_CERT_SEP2) - 1);
	  ptr = ptr2;
	}
      else
	ptr = NULL;
      count++;
    }
  while (ptr != NULL);
  *cert_max = count;
  if (nocopy == 0)
    return count;
  else
    return GNUTLS_E_SHORT_MEMORY_BUFFER;
error:
  for (j = 0; j < count; j++)
    gnutls_x509_crt_deinit (certs[j]);
  return ret;
}
 | 
| ↓ | base64_decode | 17 | 34 | 59 | lib/opencdk/armor.c | 
| 
static int
base64_decode (byte * out, const char *in)
{
  size_t len;
  byte digit1, digit2, digit3, digit4;
  if (!out || !in)
    {
      gnutls_assert ();
      return -1;
    }
  len = 0;
  do
    {
      digit1 = in[0];
      if (digit1 > 127 || b64val (digit1) == BAD)
	{
	  gnutls_assert ();
	  return -1;
	}
      digit2 = in[1];
      if (digit2 > 127 || b64val (digit2) == BAD)
	{
	  gnutls_assert ();
	  return -1;
	}
      digit3 = in[2];
      if (digit3 > 127 || ((digit3 != '=') && (b64val (digit3) == BAD)))
	{
	  gnutls_assert ();
	  return -1;
	}
      digit4 = in[3];
      if (digit4 > 127 || ((digit4 != '=') && (b64val (digit4) == BAD)))
	{
	  gnutls_assert ();
	  return -1;
	}
      in += 4;
      /* digits are already sanity-checked */
      *out++ = (b64val (digit1) << 2) | (b64val (digit2) >> 4);
      len++;
      if (digit3 != '=')
	{
	  *out++ = ((b64val (digit2) << 4) & 0xf0) | (b64val (digit3) >> 2);
	  len++;
	  if (digit4 != '=')
	    {
	      *out++ = ((b64val (digit3) << 6) & 0xc0) | b64val (digit4);
	      len++;
	    }
	}
    }
  while (*in && digit4 != '=');
  return len;
}
 | 
| ↓ | _gnutls_read | 17 | 57 | 124 | lib/gnutls_buffers.c | 
| 
static ssize_t
_gnutls_read (gnutls_session_t session, void *iptr,
	      size_t sizeOfPtr, int flags)
{
  size_t left;
  ssize_t i = 0;
  char *ptr = iptr;
  unsigned j, x, sum = 0;
  gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
  session->internals.direction = 0;
  left = sizeOfPtr;
  while (left > 0)
    {
      session->internals.errnum = 0;
      if (session->internals._gnutls_pull_func == NULL)
	{
	  i = recv (GNUTLS_POINTER_TO_INT (fd), &ptr[sizeOfPtr - left],
		    left, flags);
#if HAVE_WINSOCK2_H
	  if (i < 0)
	    {
	      int tmperr = WSAGetLastError ();
	      switch (tmperr)
		{
		case WSAEWOULDBLOCK:
		  session->internals.errnum = EAGAIN;
		  break;
		case WSAEINTR:
		  session->internals.errnum = EINTR;
		  break;
		default:
		  session->internals.errnum = EIO;
		  break;
		}
	      WSASetLastError (tmperr);
	    }
#endif
	}
      else
	i = session->internals._gnutls_pull_func (fd,
						  &ptr[sizeOfPtr -
						       left], left);
      if (i < 0)
	{
	  int err = session->internals.errnum ? session->internals.errnum
	    : errno;
	  _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
			    i, fd, errno, session->internals.errnum);
	  if (err == EAGAIN || err == EINTR)
	    {
	      if (sizeOfPtr - left > 0)
		{
		  _gnutls_read_log ("READ: returning %d bytes from %p\n",
				    sizeOfPtr - left, fd);
		  goto finish;
		}
	      gnutls_assert ();
	      if (err == EAGAIN)
		return GNUTLS_E_AGAIN;
	      return GNUTLS_E_INTERRUPTED;
	    }
	  else
	    {
	      gnutls_assert ();
	      return GNUTLS_E_PULL_ERROR;
	    }
	}
      else
	{
	  _gnutls_read_log ("READ: Got %d bytes from %p\n", i, fd);
	  if (i == 0)
	    break;		/* EOF */
	}
      left -= i;
    }
finish:
  if (_gnutls_log_level >= 7)
    {
      char line[128];
      char tmp[16];
      _gnutls_read_log ("READ: read %d bytes from %p\n",
			(sizeOfPtr - left), fd);
      for (x = 0; x < ((sizeOfPtr - left) / 16) + 1; x++)
	{
	  line[0] = 0;
	  sprintf (tmp, "%.4x - ", x);
	  _gnutls_str_cat (line, sizeof (line), tmp);
	  for (j = 0; j < 16; j++)
	    {
	      if (sum < (sizeOfPtr - left))
		{
		  sprintf (tmp, "%.2x ", ((unsigned char *) ptr)[sum++]);
		  _gnutls_str_cat (line, sizeof (line), tmp);
		}
	    }
	  _gnutls_read_log ("%s\n", line);
	}
    }
  return (sizeOfPtr - left);
}
 | 
| ↓ | _gnutls_pkcs1_rsa_decrypt | 17 | 56 | 112 | lib/gnutls_pk.c | 
| 
int
_gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
			   const gnutls_datum_t * ciphertext,
			   bigint_t * params, unsigned params_len,
			   unsigned btype)
{
  unsigned int k, i;
  int ret;
  size_t esize, mod_bits;
  gnutls_pk_params_st pk_params;
  for (i = 0; i < params_len; i++)
    pk_params.params[i] = params[i];
  pk_params.params_nr = params_len;
  mod_bits = _gnutls_mpi_get_nbits (params[0]);
  k = mod_bits / 8;
  if (mod_bits % 8 != 0)
    k++;
  esize = ciphertext->size;
  if (esize != k)
    {
      gnutls_assert ();
      return GNUTLS_E_PK_DECRYPTION_FAILED;
    }
  /* we can use btype to see if the private key is
   * available.
   */
  if (btype == 2)
    {
      ret =
	_gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
    }
  else
    {
      ret =
	_gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
    }
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* EB = 00||BT||PS||00||D
   * (use block type 'btype')
   *
   * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to
   * avoid attacks similar to the one described by Bleichenbacher in:
   * "Chosen Ciphertext Attacks against Protocols Based on RSA
   * Encryption Standard PKCS #1".
   */
  if (plaintext->data[0] != 0 || plaintext->data[1] != btype)
    {
      gnutls_assert ();
      return GNUTLS_E_DECRYPTION_FAILED;
    }
  ret = GNUTLS_E_DECRYPTION_FAILED;
  switch (btype)
    {
    case 2:
      for (i = 2; i < plaintext->size; i++)
	{
	  if (plaintext->data[i] == 0)
	    {
	      ret = 0;
	      break;
	    }
	}
      break;
    case 1:
      for (i = 2; i < plaintext->size; i++)
	{
	  if (plaintext->data[i] == 0 && i > 2)
	    {
	      ret = 0;
	      break;
	    }
	  if (plaintext->data[i] != 0xff)
	    {
	      _gnutls_handshake_log ("PKCS #1 padding error");
	      _gnutls_free_datum (plaintext);
	      /* PKCS #1 padding error.  Don't use
	         GNUTLS_E_PKCS1_WRONG_PAD here.  */
	      break;
	    }
	}
      break;
    default:
      gnutls_assert ();
      _gnutls_free_datum (plaintext);
      break;
    }
  i++;
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (plaintext);
      return GNUTLS_E_DECRYPTION_FAILED;
    }
  memmove (plaintext->data, &plaintext->data[i], esize - i);
  plaintext->size = esize - i;
  return 0;
}
 | 
| ↓ | unpack_certificate_auth_info | 16 | 89 | 157 | lib/gnutls_session_pack.c | 
| 
static int
unpack_certificate_auth_info (gnutls_session_t session,
			      const gnutls_datum_t * packed_session)
{
  int pos = 0, size, ret;
  unsigned int i = 0, j;
  size_t pack_size;
  cert_auth_info_t info;
  if (packed_session->data[0] != GNUTLS_CRD_CERTIFICATE)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  pack_size = _gnutls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
  pos += PACK_HEADER_SIZE + 4;
  if (pack_size == 0)
    return 0;			/* nothing to be done */
  /* a simple check for integrity */
  if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* client and server have the same auth_info here
   */
  ret =
    _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
			   sizeof (cert_auth_info_st), 1);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  info = _gnutls_get_auth_info (session);
  if (info == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  info->dh.secret_bits = _gnutls_read_uint16 (&packed_session->data[pos]);
  pos += 2;
  size = _gnutls_read_uint32 (&packed_session->data[pos]);
  pos += 4;
  ret = _gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
  if (ret < 0)
    {
      gnutls_assert ();
      goto error;
    }
  pos += size;
  size = _gnutls_read_uint32 (&packed_session->data[pos]);
  pos += 4;
  ret =
    _gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], size);
  if (ret < 0)
    {
      gnutls_assert ();
      goto error;
    }
  pos += size;
  size = _gnutls_read_uint32 (&packed_session->data[pos]);
  pos += 4;
  ret =
    _gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
		       size);
  if (ret < 0)
    {
      gnutls_assert ();
      goto error;
    }
  pos += size;
  size = _gnutls_read_uint32 (&packed_session->data[pos]);
  pos += 4;
  ret =
    _gnutls_set_datum (&info->rsa_export.modulus,
		       &packed_session->data[pos], size);
  if (ret < 0)
    {
      gnutls_assert ();
      goto error;
    }
  pos += size;
  size = _gnutls_read_uint32 (&packed_session->data[pos]);
  pos += 4;
  ret =
    _gnutls_set_datum (&info->rsa_export.exponent,
		       &packed_session->data[pos], size);
  if (ret < 0)
    {
      gnutls_assert ();
      goto error;
    }
  pos += size;
  info->ncerts = _gnutls_read_uint32 (&packed_session->data[pos]);
  pos += 4;
  if (info->ncerts > 0)
    {
      info->raw_certificate_list =
	gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
      if (info->raw_certificate_list == NULL)
	{
	  gnutls_assert ();
	  ret = GNUTLS_E_MEMORY_ERROR;
	  goto error;
	}
    }
  for (i = 0; i < info->ncerts; i++)
    {
      size = _gnutls_read_uint32 (&packed_session->data[pos]);
      pos += sizeof (uint32_t);
      ret =
	_gnutls_set_datum (&info->raw_certificate_list[i],
			   &packed_session->data[pos], size);
      pos += size;
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto error;
	}
    }
  return 0;
error:
  _gnutls_free_datum (&info->dh.prime);
  _gnutls_free_datum (&info->dh.generator);
  _gnutls_free_datum (&info->dh.public_key);
  _gnutls_free_datum (&info->rsa_export.modulus);
  _gnutls_free_datum (&info->rsa_export.exponent);
  for (j = 0; j < i; j++)
    _gnutls_free_datum (&info->raw_certificate_list[j]);
  gnutls_free (info->raw_certificate_list);
  return ret;
}
 | 
| ↓ | gnutls_dh_params_export_pkcs3 | 16 | 81 | 157 | lib/gnutls_dh_primes.c | 
| 
int
gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
			       gnutls_x509_crt_fmt_t format,
			       unsigned char *params_data,
			       size_t * params_data_size)
{
  ASN1_TYPE c2;
  int result, _params_data_size;
  size_t g_size, p_size;
  opaque *p_data, *g_data;
  opaque *all_data;
  _gnutls_mpi_print_lz (params->params[1], NULL, &g_size);
  _gnutls_mpi_print_lz (params->params[0], NULL, &p_size);
  all_data = gnutls_malloc (g_size + p_size);
  if (all_data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  p_data = &all_data[0];
  g_data = &all_data[p_size];
  _gnutls_mpi_print_lz (params->params[0], p_data, &p_size);
  _gnutls_mpi_print_lz (params->params[1], g_data, &g_size);
  /* Ok. Now we have the data. Create the asn1 structures
   */
  if ((result = asn1_create_element
       (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
      != ASN1_SUCCESS)
    {
      gnutls_assert ();
      gnutls_free (all_data);
      return _gnutls_asn2err (result);
    }
  /* Write PRIME 
   */
  if ((result = asn1_write_value (c2, "prime",
				  p_data, p_size)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      gnutls_free (all_data);
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  /* Write the GENERATOR
   */
  if ((result = asn1_write_value (c2, "base",
				  g_data, g_size)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      gnutls_free (all_data);
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  gnutls_free (all_data);
  if ((result = asn1_write_value (c2, "privateValueLength",
				  NULL, 0)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  if (format == GNUTLS_X509_FMT_DER)
    {
      if (params_data == NULL)
	*params_data_size = 0;
      _params_data_size = *params_data_size;
      result =
	asn1_der_coding (c2, "", params_data, &_params_data_size, NULL);
      *params_data_size = _params_data_size;
      asn1_delete_structure (&c2);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  if (result == ASN1_MEM_ERROR)
	    return GNUTLS_E_SHORT_MEMORY_BUFFER;
	  return _gnutls_asn2err (result);
	}
    }
  else
    {				/* PEM */
      opaque *tmp;
      opaque *out;
      int len;
      len = 0;
      asn1_der_coding (c2, "", NULL, &len, NULL);
      tmp = gnutls_malloc (len);
      if (tmp == NULL)
	{
	  gnutls_assert ();
	  asn1_delete_structure (&c2);
	  return GNUTLS_E_MEMORY_ERROR;
	}
      if ((result =
	   asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  gnutls_free (tmp);
	  asn1_delete_structure (&c2);
	  return _gnutls_asn2err (result);
	}
      asn1_delete_structure (&c2);
      result = _gnutls_fbase64_encode ("DH PARAMETERS", tmp, len, &out);
      gnutls_free (tmp);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
      if (result == 0)
	{			/* oooops */
	  gnutls_assert ();
	  gnutls_free (out);
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      if ((unsigned) result > *params_data_size)
	{
	  gnutls_assert ();
	  gnutls_free (out);
	  *params_data_size = result;
	  return GNUTLS_E_SHORT_MEMORY_BUFFER;
	}
      *params_data_size = result - 1;
      if (params_data)
	memcpy (params_data, out, result);
      gnutls_free (out);
    }
  return 0;
}
 | 
| ↓ | _gnutls_recv_handshake_header | 16 | 48 | 132 | lib/gnutls_handshake.c | 
| 
static int
_gnutls_recv_handshake_header (gnutls_session_t session,
			       gnutls_handshake_description_t type,
			       gnutls_handshake_description_t * recv_type)
{
  int ret;
  uint32_t length32 = 0;
  uint8_t *dataptr = NULL;	/* for realloc */
  size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
  /* if we have data into the buffer then return them, do not read the next packet.
   * In order to return we need a full TLS handshake header, or in case of a version 2
   * packet, then we return the first byte.
   */
  if (session->internals.handshake_header_buffer.header_size ==
      handshake_header_size || (session->internals.v2_hello != 0
				&& type == GNUTLS_HANDSHAKE_CLIENT_HELLO
				&& session->internals.
				handshake_header_buffer.packet_length > 0))
    {
      *recv_type = session->internals.handshake_header_buffer.recv_type;
      if (*recv_type != type)
	{
	  gnutls_assert ();
	  _gnutls_handshake_log
	    ("HSK[%p]: Handshake type mismatch (under attack?)\n", session);
	  return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
	}
      return session->internals.handshake_header_buffer.packet_length;
    }
  /* Note: SSL2_HEADERS == 1 */
  dataptr = session->internals.handshake_header_buffer.header;
  /* If we haven't already read the handshake headers.
   */
  if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS)
    {
      ret =
	_gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
				       type, dataptr, SSL2_HEADERS);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      /* The case ret==0 is caught here.
       */
      if (ret != SSL2_HEADERS)
	{
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	}
      session->internals.handshake_header_buffer.header_size = SSL2_HEADERS;
    }
  if (session->internals.v2_hello == 0
      || type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
    {
      ret =
	_gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
				       type,
				       &dataptr
				       [session->internals.
					handshake_header_buffer.header_size],
				       HANDSHAKE_HEADER_SIZE -
				       session->internals.
				       handshake_header_buffer.header_size);
      if (ret <= 0)
	{
	  gnutls_assert ();
	  return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	}
      if ((size_t) ret !=
	  HANDSHAKE_HEADER_SIZE -
	  session->internals.handshake_header_buffer.header_size)
	{
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	}
      *recv_type = dataptr[0];
      /* we do not use DECR_LEN because we know
       * that the packet has enough data.
       */
      length32 = _gnutls_read_uint24 (&dataptr[1]);
      handshake_header_size = HANDSHAKE_HEADER_SIZE;
      _gnutls_handshake_log ("HSK[%p]: %s was received [%ld bytes]\n",
			     session, _gnutls_handshake2str (dataptr[0]),
			     (long int) (length32 + HANDSHAKE_HEADER_SIZE));
    }
  else
    {				/* v2 hello */
      length32 = session->internals.v2_hello - SSL2_HEADERS;	/* we've read the first byte */
      handshake_header_size = SSL2_HEADERS;	/* we've already read one byte */
      *recv_type = dataptr[0];
      _gnutls_handshake_log ("HSK[%p]: %s(v2) was received [%ld bytes]\n",
			     session, _gnutls_handshake2str (*recv_type),
			     (long int) (length32 + handshake_header_size));
      if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
	{			/* it should be one or nothing */
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
	}
    }
  /* put the packet into the buffer */
  session->internals.handshake_header_buffer.header_size =
    handshake_header_size;
  session->internals.handshake_header_buffer.packet_length = length32;
  session->internals.handshake_header_buffer.recv_type = *recv_type;
  if (*recv_type != type)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
    }
  return length32;
}
 | 
| ↓ | _gnutls_supported_ciphersuites | 16 | 47 | 96 | lib/gnutls_algorithms.c | 
| 
int
_gnutls_supported_ciphersuites (gnutls_session_t session,
				cipher_suite_st ** _ciphers)
{
  unsigned int i, ret_count, j;
  unsigned int count = CIPHER_SUITES_COUNT;
  cipher_suite_st *tmp_ciphers;
  cipher_suite_st *ciphers;
  gnutls_protocol_t version;
  if (count == 0)
    {
      return 0;
    }
  tmp_ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
  if (tmp_ciphers == NULL)
    return GNUTLS_E_MEMORY_ERROR;
  ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
  if (ciphers == NULL)
    {
      gnutls_free (tmp_ciphers);
      return GNUTLS_E_MEMORY_ERROR;
    }
  version = gnutls_protocol_get_version (session);
  for (i = 0; i < count; i++)
    {
      memcpy (&tmp_ciphers[i], &cs_algorithms[i].id,
	      sizeof (cipher_suite_st));
    }
  for (i = j = 0; i < count; i++)
    {
      /* remove private cipher suites, if requested.
       */
      if (tmp_ciphers[i].suite[0] == 0xFF &&
	  session->internals.enable_private == 0)
	continue;
      /* remove cipher suites which do not support the
       * protocol version used.
       */
      if (_gnutls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
	continue;
      if (_gnutls_kx_priority
	  (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0)
	continue;
      if (_gnutls_mac_priority
	  (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0)
	continue;
      if (_gnutls_cipher_priority
	  (session,
	   _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0)
	continue;
      memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
      j++;
    }
  ret_count = j;
#if 0				/* expensive */
  if (ret_count > 0 && ret_count != count)
    {
      ciphers =
	gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st));
    }
  else
    {
      if (ret_count != count)
	{
	  gnutls_free (ciphers);
	  ciphers = NULL;
	}
    }
#endif
  gnutls_free (tmp_ciphers);
  /* This function can no longer return 0 cipher suites.
   * It returns an error code instead.
   */
  if (ret_count == 0)
    {
      gnutls_assert ();
      gnutls_free (ciphers);
      return GNUTLS_E_NO_CIPHER_SUITES;
    }
  *_ciphers = ciphers;
  return ret_count;
}
 | 
| ↓ | gnutls_certificate_set_x509_simple_pkcs12_mem | 16 | 46 | 84 | lib/gnutls_x509.c | 
| 
int
  gnutls_certificate_set_x509_simple_pkcs12_mem
  (gnutls_certificate_credentials_t res, const gnutls_datum *p12blob,
   gnutls_x509_crt_fmt_t type, const char *password)
{
  gnutls_pkcs12_t p12;
  gnutls_x509_privkey_t key = NULL;
  gnutls_x509_crt_t cert = NULL;
  gnutls_x509_crl_t crl = NULL;
  int ret;
  ret = gnutls_pkcs12_init (&p12);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  ret = gnutls_pkcs12_import (p12, p12blob, type, 0);
  if (ret < 0)
    {
      gnutls_assert ();
      gnutls_pkcs12_deinit (p12);
      return ret;
    }
  if (password)
    {
      ret = gnutls_pkcs12_verify_mac (p12, password);
      if (ret < 0)
	{
	  gnutls_assert ();
	  gnutls_pkcs12_deinit (p12);
	  return ret;
	}
    }
  ret = parse_pkcs12 (res, p12, password, &key, &cert, &crl);
  gnutls_pkcs12_deinit (p12);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  if (key && cert)
    {
      ret = gnutls_certificate_set_x509_key (res, &cert, 1, key);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
    }
  if (crl)
    {
      ret = gnutls_certificate_set_x509_crl (res, &crl, 1);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto done;
	}
    }
  /* check if the key and certificate found match */
  if (key && (ret = _gnutls_check_key_cert_match (res)) < 0)
    {
      gnutls_assert ();
      goto done;
    }
  ret = 0;
done:
  if (cert)
    gnutls_x509_crt_deinit (cert);
  if (key)
    gnutls_x509_privkey_deinit (key);
  if (crl)
    gnutls_x509_crl_deinit (crl);
  return ret;
}
 | 
| ↓ | print_key_purpose | 16 | 45 | 72 | lib/x509/output.c | 
| 
static void
print_key_purpose (gnutls_string * str, const char *prefix, int type,
		   cert_type_t cert)
{
  int indx;
  char *buffer = NULL;
  size_t size;
  int err;
  for (indx = 0;; indx++)
    {
      size = 0;
      if (type == TYPE_CRT)
	err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
						   &size, NULL);
      else if (type == TYPE_CRQ)
	err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
						   &size, NULL);
      else
	return;
      if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	return;
      if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  addf (str, "error: get_key_purpose_oid: %s\n",
		gnutls_strerror (err));
	  return;
	}
      buffer = gnutls_malloc (size);
      if (!buffer)
	{
	  addf (str, "error: malloc: %s\n", gnutls_strerror (err));
	  return;
	}
      if (type == TYPE_CRT)
	err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
						   &size, NULL);
      else
	err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
						   &size, NULL);
      if (err < 0)
	{
	  gnutls_free (buffer);
	  addf (str, "error: get_key_purpose_oid2: %s\n",
		gnutls_strerror (err));
	  return;
	}
      if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
	addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
      else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
	addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
      else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0)
	addf (str, _("%s\t\t\tCode signing.\n"), prefix);
      else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
	addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
      else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0)
	addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
      else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
	addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
      else if (strcmp (buffer, GNUTLS_KP_ANY) == 0)
	addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
      else
	addf (str, "%s\t\t\t%s\n", prefix, buffer);
      gnutls_free (buffer);
    }
}
 | 
| ↓ | cdk_kbnode_write_to_mem | 16 | 35 | 61 | lib/opencdk/kbnode.c | 
| 
cdk_error_t
cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
{
  cdk_kbnode_t n;
  cdk_stream_t s;
  cdk_error_t rc;
  size_t len;
  if (!node || !r_nbytes)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  rc = cdk_stream_tmp_new (&s);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  for (n = node; n; n = n->next)
    {
      /* Skip all packets which cannot occur in a key composition. */
      if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
	  n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
	  n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
	  n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
	  n->pkt->pkttype != CDK_PKT_SIGNATURE &&
	  n->pkt->pkttype != CDK_PKT_USER_ID &&
	  n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
	continue;
      rc = cdk_pkt_write (s, n->pkt);
      if (rc)
	{
	  cdk_stream_close (s);
	  gnutls_assert ();
	  return rc;
	}
    }
  cdk_stream_seek (s, 0);
  len = cdk_stream_get_length (s);
  if (!buf)
    {
      *r_nbytes = len;		/* Only return the length of the buffer */
      cdk_stream_close (s);
      return 0;
    }
  if (*r_nbytes < len)
    {
      *r_nbytes = len;
      rc = CDK_Too_Short;
    }
  if (!rc)
    *r_nbytes = cdk_stream_read (s, buf, len);
  else
    gnutls_assert ();
  cdk_stream_close (s);
  return rc;
}
 | 
| ↓ | write_public_key | 16 | 35 | 46 | lib/opencdk/write-packet.c | 
| 
static cdk_error_t
write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk,
		  int is_subkey, int old_ctb)
{
  int pkttype, ndays = 0;
  size_t npkey = 0, size = 6;
  cdk_error_t rc;
  assert (out);
  assert (pk);
  if (pk->version < 2 || pk->version > 4)
    return CDK_Inv_Packet;
  if (DEBUG_PKT)
    _cdk_log_debug ("write_public_key: subkey=%d\n", is_subkey);
  pkttype = is_subkey ? CDK_PKT_PUBLIC_SUBKEY : CDK_PKT_PUBLIC_KEY;
  npkey = cdk_pk_get_npkey (pk->pubkey_algo);
  if (!npkey)
    return CDK_Inv_Algo;
  if (pk->version < 4)
    size += 2;			/* expire date */
  if (is_subkey)
    old_ctb = 0;
  size += calc_mpisize (pk->mpi, npkey);
  if (old_ctb)
    rc = pkt_write_head2 (out, size, pkttype);
  else
    rc = pkt_write_head (out, old_ctb, size, pkttype);
  if (!rc)
    rc = stream_putc (out, pk->version);
  if (!rc)
    rc = write_32 (out, pk->timestamp);
  if (!rc && pk->version < 4)
    {
      if (pk->expiredate)
	ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
      rc = write_16 (out, ndays);
    }
  if (!rc)
    rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
  if (!rc)
    rc = write_mpibuf (out, pk->mpi, npkey);
  return rc;
}
 | 
| ↓ | cdk_keydb_search_start | 25 | 77 | 136 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type,
			void *desc)
{
  u32 *keyid;
  char *p, tmp[3];
  int i;
  cdk_error_t rc;
  if (!db)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (type != CDK_DBSEARCH_NEXT && !desc)
    {
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  *st = cdk_calloc (1, sizeof (cdk_keydb_search_s));
  if (!(*st))
    {
      gnutls_assert ();
      return CDK_Out_Of_Core;
    }
  rc = idx_init (db, *st);
  if (rc != CDK_Success)
    {
      free (*st);
      gnutls_assert ();
      return rc;
    }
  (*st)->type = type;
  switch (type)
    {
    case CDK_DBSEARCH_EXACT:
    case CDK_DBSEARCH_SUBSTR:
      cdk_free ((*st)->u.pattern);
      (*st)->u.pattern = cdk_strdup (desc);
      if (!(*st)->u.pattern)
	{
	  cdk_free (*st);
	  gnutls_assert ();
	  return CDK_Out_Of_Core;
	}
      break;
    case CDK_DBSEARCH_SHORT_KEYID:
      keyid = desc;
      (*st)->u.keyid[1] = keyid[0];
      break;
    case CDK_DBSEARCH_KEYID:
      keyid = desc;
      (*st)->u.keyid[0] = keyid[0];
      (*st)->u.keyid[1] = keyid[1];
      break;
    case CDK_DBSEARCH_FPR:
      memcpy ((*st)->u.fpr, desc, KEY_FPR_LEN);
      break;
    case CDK_DBSEARCH_NEXT:
      break;
    case CDK_DBSEARCH_AUTO:
      /* Override the type with the actual db search type. */
      (*st)->type = classify_data (desc, strlen (desc));
      switch ((*st)->type)
	{
	case CDK_DBSEARCH_SUBSTR:
	case CDK_DBSEARCH_EXACT:
	  cdk_free ((*st)->u.pattern);
	  p = (*st)->u.pattern = cdk_strdup (desc);
	  if (!p)
	    {
	      cdk_free (*st);
	      gnutls_assert ();
	      return CDK_Out_Of_Core;
	    }
	  break;
	case CDK_DBSEARCH_SHORT_KEYID:
	case CDK_DBSEARCH_KEYID:
	  p = desc;
	  if (!strncmp (p, "0x", 2))
	    p += 2;
	  if (strlen (p) == 8)
	    {
	      (*st)->u.keyid[0] = 0;
	      (*st)->u.keyid[1] = strtoul (p, NULL, 16);
	    }
	  else if (strlen (p) == 16)
	    {
	      (*st)->u.keyid[0] = strtoul (p, NULL, 16);
	      (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
	    }
	  else
	    {			/* Invalid key ID object. */
	      cdk_free (*st);
	      gnutls_assert ();
	      return CDK_Inv_Mode;
	    }
	  break;
	case CDK_DBSEARCH_FPR:
	  p = desc;
	  if (strlen (p) != 2 * KEY_FPR_LEN)
	    {
	      cdk_free (*st);
	      gnutls_assert ();
	      return CDK_Inv_Mode;
	    }
	  for (i = 0; i < KEY_FPR_LEN; i++)
	    {
	      tmp[0] = p[2 * i];
	      tmp[1] = p[2 * i + 1];
	      tmp[2] = 0x00;
	      (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
	    }
	  break;
	}
      break;
    default:
      cdk_free (*st);
      _cdk_log_debug ("cdk_keydb_search_start: invalid mode = %d\n", type);
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  return 0;
}
 | 
| ↓ | record_check_type | 19 | 41 | 134 | lib/gnutls_record.c | 
| 
static int
record_check_type (gnutls_session_t session,
		   content_type_t recv_type, content_type_t type,
		   gnutls_handshake_description_t htype, opaque * data,
		   int data_size)
{
  int ret;
  if ((recv_type == type)
      && (type == GNUTLS_APPLICATION_DATA ||
	  type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION))
    {
      _gnutls_record_buffer_put (type, session, (void *) data, data_size);
    }
  else
    {
      switch (recv_type)
	{
	case GNUTLS_ALERT:
	  _gnutls_record_log
	    ("REC[%p]: Alert[%d|%d] - %s - was received\n", session,
	     data[0], data[1], gnutls_alert_get_name ((int) data[1]));
	  session->internals.last_alert = data[1];
	  /* if close notify is received and
	   * the alert is not fatal
	   */
	  if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
	    {
	      /* If we have been expecting for an alert do 
	       */
	      session->internals.read_eof = 1;
	      return GNUTLS_E_INT_RET_0;	/* EOF */
	    }
	  else
	    {
	      /* if the alert is FATAL or WARNING
	       * return the apropriate message
	       */
	      gnutls_assert ();
	      ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
	      if (data[0] == GNUTLS_AL_FATAL)
		{
		  session_unresumable (session);
		  session_invalidate (session);
		  ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
		}
	      return ret;
	    }
	  break;
	case GNUTLS_CHANGE_CIPHER_SPEC:
	  /* this packet is now handled in the recv_int()
	   * function
	   */
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_PACKET;
	case GNUTLS_APPLICATION_DATA:
	  /* even if data is unexpected put it into the buffer */
	  if ((ret =
	       _gnutls_record_buffer_put (recv_type, session,
					  (void *) data, data_size)) < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  /* the got_application data is only returned
	   * if expecting client hello (for rehandshake
	   * reasons). Otherwise it is an unexpected packet
	   */
	  if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
				       && type == GNUTLS_HANDSHAKE))
	    return GNUTLS_E_GOT_APPLICATION_DATA;
	  else
	    {
	      gnutls_assert ();
	      return GNUTLS_E_UNEXPECTED_PACKET;
	    }
	  break;
	case GNUTLS_HANDSHAKE:
	  /* This is legal if HELLO_REQUEST is received - and we are a client.
	   * If we are a server, a client may initiate a renegotiation at any time.
	   */
	  if (session->security_parameters.entity == GNUTLS_SERVER)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_REHANDSHAKE;
	    }
	  /* If we are already in a handshake then a Hello
	   * Request is illegal. But here we don't really care
	   * since this message will never make it up here.
	   */
	  /* So we accept it */
	  return _gnutls_recv_hello_request (session, data, data_size);
	  break;
	case GNUTLS_INNER_APPLICATION:
	  /* even if data is unexpected put it into the buffer */
	  if ((ret = _gnutls_record_buffer_put (recv_type, session,
						(void *) data,
						data_size)) < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_PACKET;
	  break;
	default:
	  _gnutls_record_log
	    ("REC[%p]: Received Unknown packet %d expecting %d\n",
	     session, recv_type, type);
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
    }
  return 0;
}
 | 
| ↓ | _wrap_gcry_pk_verify | 17 | 60 | 116 | lib/pk-libgcrypt.c | 
| 
static int
_wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
		      const gnutls_datum_t * vdata,
		      const gnutls_datum_t * signature,
		      const gnutls_pk_params_st * pk_params)
{
  gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
  int rc = -1, ret;
  bigint_t hash;
  bigint_t tmp[2] = { NULL, NULL };
  if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  /* make a sexp from pkey */
  switch (algo)
    {
    case GNUTLS_PK_DSA:
      if (pk_params->params_nr >= 4)
	rc = gcry_sexp_build (&s_pkey, NULL,
			      "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
			      pk_params->params[0], pk_params->params[1],
			      pk_params->params[2], pk_params->params[3]);
      break;
    case GNUTLS_PK_RSA:
      if (pk_params->params_nr >= 2)
	rc = gcry_sexp_build (&s_pkey, NULL,
			      "(public-key(rsa(n%m)(e%m)))",
			      pk_params->params[0], pk_params->params[1]);
      break;
    default:
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  /* put the data into a simple list */
  if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  switch (algo)
    {
    case GNUTLS_PK_DSA:
      ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      rc = gcry_sexp_build (&s_sig, NULL,
			    "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]);
      _gnutls_mpi_release (&tmp[0]);
      _gnutls_mpi_release (&tmp[1]);
      break;
    case GNUTLS_PK_RSA:
      ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
      if (ret < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]);
      _gnutls_mpi_release (&tmp[0]);
      break;
    default:
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
      goto cleanup;
    }
  ret = 0;
cleanup:
  _gnutls_mpi_release (&hash);
  if (s_sig)
    gcry_sexp_release (s_sig);
  if (s_hash)
    gcry_sexp_release (s_hash);
  if (s_pkey)
    gcry_sexp_release (s_pkey);
  return ret;
}
 | 
| ↓ | encode_to_private_key_info | 15 | 71 | 149 | lib/x509/privkey_pkcs8.c | 
| 
static int
encode_to_private_key_info (gnutls_x509_privkey_t pkey,
			    gnutls_datum_t * der, ASN1_TYPE * pkey_info)
{
  int result, len;
  opaque null = 0;
  const char *oid;
  gnutls_datum algo_params = { NULL, 0 };
  gnutls_datum algo_privkey = { NULL, 0 };
  if (pkey->pk_algorithm != GNUTLS_PK_RSA
      && pkey->pk_algorithm != GNUTLS_PK_DSA)
    {
      gnutls_assert ();
      return GNUTLS_E_UNIMPLEMENTED_FEATURE;
    }
  if (pkey->pk_algorithm == GNUTLS_PK_RSA)
    {
      oid = PK_PKIX1_RSA_OID;
      /* parameters are null 
       */
    }
  else
    {
      oid = PK_DSA_OID;
      result =
	_gnutls_x509_write_dsa_params (pkey->params, pkey->params_size,
				       &algo_params);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
    }
  if ((result =
       asn1_create_element (_gnutls_get_pkix (),
			    "PKIX1.pkcs-8-PrivateKeyInfo",
			    pkey_info)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Write the version.
   */
  result = asn1_write_value (*pkey_info, "version", &null, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* write the privateKeyAlgorithm
   * fields. (OID+NULL data)
   */
  result =
    asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  result =
    asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
		      algo_params.data, algo_params.size);
  _gnutls_free_datum (&algo_params);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Write the raw private key
   */
  result = _encode_privkey (pkey, &algo_privkey);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  result =
    asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
		      algo_privkey.size);
  _gnutls_free_datum (&algo_privkey);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Append an empty Attributes field.
   */
  result = asn1_write_value (*pkey_info, "attributes", NULL, 0);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* DER Encode the generated private key info.
   */
  len = 0;
  result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL);
  if (result != ASN1_MEM_ERROR)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* allocate data for the der
   */
  der->size = len;
  der->data = gnutls_malloc (len);
  if (der->data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  return 0;
error:
  asn1_delete_structure (pkey_info);
  _gnutls_free_datum (&algo_params);
  _gnutls_free_datum (&algo_privkey);
  return result;
}
 | 
| ↓ | parse_attribute | 15 | 63 | 133 | lib/x509/crq.c | 
| 
static int
parse_attribute (ASN1_TYPE asn1_struct,
		 const char *attr_name, const char *given_oid, int indx,
		 int raw, char *buf, size_t * sizeof_buf)
{
  int k1, result;
  char tmpbuffer1[ASN1_MAX_NAME_SIZE];
  char tmpbuffer3[ASN1_MAX_NAME_SIZE];
  char value[200];
  char oid[MAX_OID_SIZE];
  int len, printable;
  if (*sizeof_buf == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  buf[0] = 0;
  k1 = 0;
  do
    {
      k1++;
      /* create a string like "attribute.?1"
       */
      if (attr_name[0] != 0)
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
      else
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
      len = sizeof (value) - 1;
      result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
      if (result == ASN1_ELEMENT_NOT_FOUND)
	{
	  gnutls_assert ();
	  break;
	}
      if (result != ASN1_VALUE_NOT_FOUND)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      /* Move to the attibute type and values
       */
      /* Read the OID 
       */
      _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
      _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
      len = sizeof (oid) - 1;
      result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
      if (result == ASN1_ELEMENT_NOT_FOUND)
	break;
      else if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      if (strcmp (oid, given_oid) == 0)
	{			/* Found the OID */
	  /* Read the Value 
	   */
	  snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
		    tmpbuffer1, indx + 1);
	  len = sizeof (value) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len);
	  if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  if (raw == 0)
	    {
	      printable = _gnutls_x509_oid_data_printable (oid);
	      if (printable == 1)
		{
		  if ((result =
		       _gnutls_x509_oid_data2string
		       (oid, value, len, buf, sizeof_buf)) < 0)
		    {
		      gnutls_assert ();
		      goto cleanup;
		    }
		  return 0;
		}
	      else
		{
		  gnutls_assert ();
		  return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
		}
	    }
	  else
	    {			/* raw!=0 */
	      if (*sizeof_buf > (size_t) len && buf != NULL)
		{
		  *sizeof_buf = len;
		  memcpy (buf, value, len);
		  return 0;
		}
	      else
		{
		  *sizeof_buf = len;
		  gnutls_assert ();
		  return GNUTLS_E_SHORT_MEMORY_BUFFER;
		}
	    }
	}
    }
  while (1);
  gnutls_assert ();
  result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
cleanup:
  return result;
}
 | 
| ↓ | _pkcs12_encode_safe_contents | 15 | 51 | 121 | lib/x509/pkcs12.c | 
| 
int
_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
			      int *enc)
{
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  int result;
  int i;
  const char *oid;
  if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc)
    {
      *enc = 1;
      return 0;			/* ENCRYPTED BAG, do nothing. */
    }
  else if (enc)
    *enc = 0;
  /* Step 1. Create the SEQUENCE.
   */
  if ((result = asn1_create_element
       (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
	&c2)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  for (i = 0; i < bag->bag_elements; i++)
    {
      oid = bag_to_oid (bag->element[i].type);
      if (oid == NULL)
	{
	  gnutls_assert ();
	  continue;
	}
      result = asn1_write_value (c2, "", "NEW", 1);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      /* Copy the bag type.
       */
      result = asn1_write_value (c2, "?LAST.bagId", oid, 1);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      /* Set empty attributes
       */
      result = write_attributes (bag, i, c2, "?LAST.bagAttributes");
      if (result < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      /* Copy the Bag Value
       */
      if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
	  bag->element[i].type == GNUTLS_BAG_CRL)
	{
	  gnutls_datum_t tmp;
	  /* in that case encode it to a CertBag or
	   * a CrlBag.
	   */
	  result =
	    _pkcs12_encode_crt_bag (bag->element[i].type,
				    &bag->element[i].data, &tmp);
	  if (result < 0)
	    {
	      gnutls_assert ();
	      goto cleanup;
	    }
	  result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0);
	  _gnutls_free_datum (&tmp);
	}
      else
	{
	  result = _gnutls_x509_write_value (c2, "?LAST.bagValue",
					     &bag->element[i].data, 0);
	}
      if (result < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
    }
  /* Encode the data and copy them into the datum
   */
  *contents = c2;
  return 0;
cleanup:
  if (c2)
    asn1_delete_structure (&c2);
  return result;
}
 | 
| ↓ | _cdk_keydb_get_sk_byusage | 15 | 50 | 86 | lib/opencdk/keydb.c | 
| 
cdk_error_t
_cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
			   cdk_seckey_t * ret_sk, int usage)
{
  cdk_kbnode_t knode = NULL;
  cdk_kbnode_t node, sk_node, pk_node;
  cdk_pkt_seckey_t sk;
  cdk_error_t rc;
  const char *s;
  int pkttype;
  cdk_keydb_search_t st;
  if (!ret_sk || !usage)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (!hd)
    {
      gnutls_assert ();
      return CDK_Error_No_Keyring;
    }
  *ret_sk = NULL;
  rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  rc = cdk_keydb_search (st, hd, &knode);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  cdk_keydb_search_release (st);
  sk_node = keydb_find_byusage (knode, usage, 0);
  if (!sk_node)
    {
      cdk_kbnode_release (knode);
      gnutls_assert ();
      return CDK_Unusable_Key;
    }
  /* We clone the node with the secret key to avoid that the
     packet will be released. */
  _cdk_kbnode_clone (sk_node);
  sk = sk_node->pkt->pkt.secret_key;
  for (node = knode; node; node = node->next)
    {
      if (node->pkt->pkttype == CDK_PKT_USER_ID)
	{
	  s = node->pkt->pkt.user_id->name;
	  if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
	    {
	      _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
	      break;
	    }
	}
    }
  /* To find the self signature, we need the primary public key because
     the selected secret key might be different from the primary key. */
  pk_node = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
  if (!pk_node)
    {
      cdk_kbnode_release (knode);
      gnutls_assert ();
      return CDK_Unusable_Key;
    }
  node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
  if (sk->pk->uid && node)
    _cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
  /* We only release the outer packet. */
  _cdk_pkt_detach_free (sk_node->pkt, &pkttype, (void *) &sk);
  cdk_kbnode_release (knode);
  *ret_sk = sk;
  return rc;
}
 | 
| ↓ | gnutls_x509_privkey_import | 15 | 49 | 103 | lib/x509/privkey.c | 
| 
int
gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
			    const gnutls_datum_t * data,
			    gnutls_x509_crt_fmt_t format)
{
  int result = 0, need_free = 0;
  gnutls_datum_t _data;
  if (key == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  _data.data = data->data;
  _data.size = data->size;
  key->pk_algorithm = GNUTLS_PK_UNKNOWN;
  /* If the Certificate is in PEM format then decode it
   */
  if (format == GNUTLS_X509_FMT_PEM)
    {
      opaque *out;
      /* Try the first header */
      result =
	_gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
      key->pk_algorithm = GNUTLS_PK_RSA;
      if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
	{
	  /* try for the second header */
	  result =
	    _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
				    &out);
	  key->pk_algorithm = GNUTLS_PK_DSA;
	  if (result <= 0)
	    {
	      if (result == 0)
		result = GNUTLS_E_INTERNAL_ERROR;
	      gnutls_assert ();
	      return result;
	    }
	}
      _data.data = out;
      _data.size = result;
      need_free = 1;
    }
  if (key->pk_algorithm == GNUTLS_PK_RSA)
    {
      key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
      if (key->key == NULL)
	gnutls_assert ();
    }
  else if (key->pk_algorithm == GNUTLS_PK_DSA)
    {
      key->key = decode_dsa_key (&_data, key);
      if (key->key == NULL)
	gnutls_assert ();
    }
  else
    {
      /* Try decoding with both, and accept the one that
       * succeeds.
       */
      key->pk_algorithm = GNUTLS_PK_RSA;
      key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
      if (key->key == NULL)
	{
	  key->pk_algorithm = GNUTLS_PK_DSA;
	  key->key = decode_dsa_key (&_data, key);
	  if (key->key == NULL)
	    gnutls_assert ();
	}
    }
  if (key->key == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_ASN1_DER_ERROR;
      goto cleanup;
    }
  if (need_free)
    _gnutls_free_datum (&_data);
  /* The key has now been decoded.
   */
  return 0;
cleanup:
  key->pk_algorithm = GNUTLS_PK_UNKNOWN;
  if (need_free)
    _gnutls_free_datum (&_data);
  return result;
}
 | 
| ↓ | generate_key | 15 | 46 | 117 | lib/x509/privkey_pkcs8.c | 
| 
static int
generate_key (schema_id schema,
	      const char *password,
	      struct pbkdf2_params *kdf_params,
	      struct pbe_enc_params *enc_params, gnutls_datum_t * key)
{
  opaque rnd[2];
  int ret;
  /* We should use the flags here to use different
   * encryption algorithms etc. 
   */
  if (schema == PKCS12_ARCFOUR_SHA1)
    enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
  else if (schema == PKCS12_3DES_SHA1)
    enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
  else if (schema == PKCS12_RC2_40_SHA1)
    enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
  ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* generate salt */
  if (schema == PBES2)
    kdf_params->salt_size =
      MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
  else
    kdf_params->salt_size = 8;
  ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
		     kdf_params->salt_size);
  if (ret < 0)
    {
      gnutls_assert ();
      return GNUTLS_E_RANDOM_FAILED;
    }
  kdf_params->iter_count = 256 + rnd[0];
  key->size = kdf_params->key_size =
    gnutls_cipher_get_key_size (enc_params->cipher);
  enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher);
  key->data = gnutls_secure_malloc (key->size);
  if (key->data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  /* now generate the key. 
   */
  if (schema == PBES2)
    {
      ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
				 kdf_params->salt, kdf_params->salt_size,
				 kdf_params->iter_count,
				 key->data, kdf_params->key_size);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      if (enc_params->iv_size)
	{
	  ret = _gnutls_rnd (GNUTLS_RND_NONCE,
			     enc_params->iv, enc_params->iv_size);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	}
    }
  else
    {				/* PKCS12 schemas */
      ret =
	_gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
				      kdf_params->salt_size,
				      kdf_params->iter_count, password,
				      kdf_params->key_size, key->data);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      /* Now generate the IV
       */
      if (enc_params->iv_size)
	{
	  ret =
	    _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
					  kdf_params->salt_size,
					  kdf_params->iter_count, password,
					  enc_params->iv_size,
					  enc_params->iv);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_psk_pwd_find_entry | 15 | 46 | 99 | lib/auth_psk_passwd.c | 
| 
int
_gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
			    gnutls_datum_t * psk)
{
  gnutls_psk_server_credentials_t cred;
  FILE *fd;
  char line[2 * 1024];
  unsigned i, len;
  int ret;
  cred = (gnutls_psk_server_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  /* if the callback which sends the parameters is
   * set, use it.
   */
  if (cred->pwd_callback != NULL)
    {
      ret = cred->pwd_callback (session, username, psk);
      if (ret == 1)
	{			/* the user does not exist */
	  ret = _randomize_psk (psk);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  return 0;
	}
      if (ret < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_SRP_PWD_ERROR;
	}
      return 0;
    }
  /* The callback was not set. Proceed.
   */
  if (cred->password_file == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_SRP_PWD_ERROR;
    }
  /* Open the selected password file.
   */
  fd = fopen (cred->password_file, "r");
  if (fd == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_SRP_PWD_ERROR;
    }
  len = strlen (username);
  while (fgets (line, sizeof (line), fd) != NULL)
    {
      /* move to first ':' */
      i = 0;
      while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
	{
	  i++;
	}
      if (strncmp (username, line, MAX (i, len)) == 0)
	{
	  ret = pwd_put_values (psk, line);
	  fclose (fd);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_SRP_PWD_ERROR;
	    }
	  return 0;
	}
    }
  fclose (fd);
  /* user was not found. Fake him. 
   * the last index found and randomize the entry.
   */
  ret = _randomize_psk (psk);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  return 0;
}
 | 
| ↓ | _cdk_keydb_get_pk_byusage | 15 | 45 | 73 | lib/opencdk/keydb.c | 
| 
cdk_error_t
_cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
			   cdk_pubkey_t * ret_pk, int usage)
{
  cdk_kbnode_t knode, node, pk_node;
  cdk_pkt_pubkey_t pk;
  const char *s;
  cdk_error_t rc;
  cdk_keydb_search_t st;
  if (!ret_pk || !usage)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (!hd)
    {
      gnutls_assert ();
      return CDK_Error_No_Keyring;
    }
  *ret_pk = NULL;
  rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
  if (!rc)
    rc = cdk_keydb_search (st, hd, &knode);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  cdk_keydb_search_release (st);
  node = keydb_find_byusage (knode, usage, 1);
  if (!node)
    {
      cdk_kbnode_release (knode);
      gnutls_assert ();
      return CDK_Unusable_Key;
    }
  pk = NULL;
  _cdk_copy_pubkey (&pk, node->pkt->pkt.public_key);
  for (node = knode; node; node = node->next)
    {
      if (node->pkt->pkttype == CDK_PKT_USER_ID)
	{
	  s = node->pkt->pkt.user_id->name;
	  if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
	    {
	      _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
	      break;
	    }
	}
    }
  /* Same as in the sk code, the selected key can be a sub key 
     and thus we need the primary key to find the self sig. */
  pk_node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
  if (!pk_node)
    {
      cdk_kbnode_release (knode);
      gnutls_assert ();
      return CDK_Unusable_Key;
    }
  node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
  if (pk->uid && node)
    _cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
  cdk_kbnode_release (knode);
  *ret_pk = pk;
  return rc;
}
 | 
| ↓ | check_if_ca | 15 | 41 | 95 | lib/x509/verify.c | 
| 
static int
check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
	     unsigned int flags)
{
  gnutls_datum_t cert_signed_data = { NULL, 0 };
  gnutls_datum_t issuer_signed_data = { NULL, 0 };
  gnutls_datum_t cert_signature = { NULL, 0 };
  gnutls_datum_t issuer_signature = { NULL, 0 };
  int result;
  /* Check if the issuer is the same with the
   * certificate. This is added in order for trusted
   * certificates to be able to verify themselves.
   */
  result =
    _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
				  &issuer_signed_data);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  result =
    _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
				  &cert_signed_data);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  result =
    _gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  result =
    _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  /* If the subject certificate is the same as the issuer
   * return true.
   */
  if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
    if (cert_signed_data.size == issuer_signed_data.size)
      {
	if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
		     cert_signed_data.size) == 0) &&
	    (cert_signature.size == issuer_signature.size) &&
	    (memcmp (cert_signature.data, issuer_signature.data,
		     cert_signature.size) == 0))
	  {
	    result = 1;
	    goto cleanup;
	  }
      }
  result = gnutls_x509_crt_get_ca_status (issuer, NULL);
  if (result == 1)
    {
      result = 1;
      goto cleanup;
    }
  /* Handle V1 CAs that do not have a basicConstraint, but accept
     these certs only if the appropriate flags are set. */
  else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
	   ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
	    ((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT) &&
	     (gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))
    {
      gnutls_assert ();
      result = 1;
      goto cleanup;
    }
  else
    gnutls_assert ();
  result = 0;
cleanup:
  _gnutls_free_datum (&cert_signed_data);
  _gnutls_free_datum (&issuer_signed_data);
  _gnutls_free_datum (&cert_signature);
  _gnutls_free_datum (&issuer_signature);
  return result;
}
 | 
| ↓ | stream_filter_write | 15 | 34 | 54 | lib/opencdk/stream.c | 
| 
static cdk_error_t
stream_filter_write (cdk_stream_t s)
{
  struct stream_filter_s *f;
  cdk_error_t rc = 0;
  assert (s);
  if (s->flags.filtrated)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  for (f = s->filters; f; f = f->next)
    {
      if (!f->flags.enabled)
	continue;
      /* if there is no next filter, create the final output file */
      _cdk_log_debug ("filter [write]: last filter=%d fname=%s\n",
		      f->next ? 1 : 0, s->fname);
      if (!f->next && s->fname)
	f->tmp = fopen (s->fname, "w+b");
      else
	f->tmp = _cdk_tmpfile ();
      if (!f->tmp)
	{
	  rc = CDK_File_Error;
	  break;
	}
      /* If there is no next filter, flush the cache. We also do this
         when the next filter is the armor filter because this filter
         is special and before it starts, all data should be written. */
      if ((!f->next || f->next->type == fARMOR) && s->cache.size)
	{
	  rc = stream_cache_flush (s, f->tmp);
	  if (rc)
	    break;
	}
      rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
      _cdk_log_debug ("filter [write]: type=%d rc=%d\n", f->type, rc);
      if (!rc)
	rc = stream_fp_replace (s, &f->tmp);
      if (!rc)
	rc = cdk_stream_seek (s, 0);
      if (rc)
	{
	  _cdk_log_debug ("filter [close]: fd=%d\n", fileno (f->tmp));
	  fclose (f->tmp);
	  break;
	}
    }
  return rc;
}
 | 
| ↓ | cdk_stream_read | 15 | 31 | 54 | lib/opencdk/stream.c | 
| 
int
cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen)
{
  int nread;
  int rc;
  if (!s)
    {
      gnutls_assert ();
      return EOF;
    }
  if (s->cbs_hd)
    {
      if (s->cbs.read)
	return s->cbs.read (s->cbs_hd, buf, buflen);
      return 0;
    }
  if (s->flags.write && !s->flags.temp)
    {
      s->error = CDK_Inv_Mode;
      gnutls_assert ();
      return EOF;		/* This is a write stream */
    }
  if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated)
    {
      rc = stream_filter_read (s);
      if (rc)
	{
	  s->error = rc;
	  if (feof (s->fp))
	    s->flags.eof = 1;
	  gnutls_assert ();
	  return EOF;
	}
      s->flags.filtrated = 1;
    }
  if (!buf && !buflen)
    return 0;
  nread = fread (buf, 1, buflen, s->fp);
  if (!nread)
    nread = EOF;
  if (feof (s->fp))
    {
      s->error = 0;
      s->flags.eof = 1;
    }
  return nread;
}
 | 
| ↓ | read_pkcs_schema_params | 17 | 60 | 137 | lib/x509/privkey_pkcs8.c | 
| 
static int
read_pkcs_schema_params (schema_id schema, const char *password,
			 const opaque * data, int data_size,
			 struct pbkdf2_params *kdf_params,
			 struct pbe_enc_params *enc_params)
{
  ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
  int result;
  gnutls_datum_t tmp;
  switch (schema)
    {
    case PBES2:
      /* Now check the key derivation and the encryption
       * functions.
       */
      if ((result =
	   asn1_create_element (_gnutls_get_pkix (),
				"PKIX1.pkcs-5-PBES2-params",
				&pbes2_asn)) != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      /* Decode the parameters.
       */
      result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      tmp.data = (opaque *) data;
      tmp.size = data_size;
      result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
      if (result < 0)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
      if (result < 0)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      asn1_delete_structure (&pbes2_asn);
      return 0;
      break;
    case PKCS12_3DES_SHA1:
    case PKCS12_ARCFOUR_SHA1:
    case PKCS12_RC2_40_SHA1:
      if ((schema) == PKCS12_3DES_SHA1)
	{
	  enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
	  enc_params->iv_size = 8;
	}
      else if ((schema) == PKCS12_ARCFOUR_SHA1)
	{
	  enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
	  enc_params->iv_size = 0;
	}
      else if ((schema) == PKCS12_RC2_40_SHA1)
	{
	  enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
	  enc_params->iv_size = 8;
	}
      if ((result =
	   asn1_create_element (_gnutls_get_pkix (),
				"PKIX1.pkcs-12-PbeParams",
				&pbes2_asn)) != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      /* Decode the parameters.
       */
      result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
      if (result < 0)
	{
	  gnutls_assert ();
	  goto error;
	}
      if (enc_params->iv_size)
	{
	  result =
	    _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
					  kdf_params->salt_size,
					  kdf_params->iter_count, password,
					  enc_params->iv_size,
					  enc_params->iv);
	  if (result < 0)
	    {
	      gnutls_assert ();
	      goto error;
	    }
	}
      asn1_delete_structure (&pbes2_asn);
      return 0;
      break;
    }				/* switch */
  return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
error:
  asn1_delete_structure (&pbes2_asn);
  return result;
}
 | 
| ↓ | _gnutls_proc_x509_server_certificate | 14 | 65 | 140 | lib/auth_cert.c | 
| 
static int
_gnutls_proc_x509_server_certificate (gnutls_session_t session,
				      opaque * data, size_t data_size)
{
  int size, len, ret;
  opaque *p = data;
  cert_auth_info_t info;
  gnutls_certificate_credentials_t cred;
  ssize_t dsize = data_size;
  int i;
  gnutls_cert *peer_certificate_list;
  size_t peer_certificate_list_size = 0, j, x;
  gnutls_datum_t tmp;
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if ((ret =
       _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
			      sizeof (cert_auth_info_st), 1)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  info = _gnutls_get_auth_info (session);
  if (data == NULL || data_size == 0)
    {
      gnutls_assert ();
      /* no certificate was sent */
      return GNUTLS_E_NO_CERTIFICATE_FOUND;
    }
  DECR_LEN (dsize, 3);
  size = _gnutls_read_uint24 (p);
  p += 3;
  /* some implementations send 0B 00 00 06 00 00 03 00 00 00
   * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
   */
  if (size == 0 || size == 3)
    {
      gnutls_assert ();
      /* no certificate was sent */
      return GNUTLS_E_NO_CERTIFICATE_FOUND;
    }
  i = dsize;
  while (i > 0)
    {
      DECR_LEN (dsize, 3);
      len = _gnutls_read_uint24 (p);
      p += 3;
      DECR_LEN (dsize, len);
      peer_certificate_list_size++;
      p += len;
      i -= len + 3;
    }
  if (peer_certificate_list_size == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_NO_CERTIFICATE_FOUND;
    }
  /* Ok we now allocate the memory to hold the
   * certificate list 
   */
  peer_certificate_list =
    gnutls_malloc (sizeof (gnutls_cert) * (peer_certificate_list_size));
  if (peer_certificate_list == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
	  peer_certificate_list_size);
  p = data + 3;
  /* Now we start parsing the list (again).
   * We don't use DECR_LEN since the list has
   * been parsed before.
   */
  for (j = 0; j < peer_certificate_list_size; j++)
    {
      len = _gnutls_read_uint24 (p);
      p += 3;
      tmp.size = len;
      tmp.data = p;
      if ((ret =
	   _gnutls_x509_raw_cert_to_gcert (&peer_certificate_list
					   [j], &tmp,
					   CERT_ONLY_EXTENSIONS)) < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
      p += len;
    }
  if ((ret =
       _gnutls_copy_certificate_auth_info (info,
					   peer_certificate_list,
					   peer_certificate_list_size)) < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  if ((ret =
       _gnutls_check_key_usage (&peer_certificate_list[0],
				gnutls_kx_get (session))) < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret = 0;
cleanup:
  CLEAR_CERTS;
  gnutls_free (peer_certificate_list);
  return ret;
}
 | 
| ↓ | get_extension | 14 | 60 | 123 | lib/x509/extensions.c | 
| 
static int
get_extension (ASN1_TYPE asn, const char *root,
	       const char *extension_id, int indx,
	       gnutls_datum_t * ret, unsigned int *_critical)
{
  int k, result, len;
  char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
  char str[1024];
  char str_critical[10];
  int critical = 0;
  char extnID[128];
  gnutls_datum_t value;
  int indx_counter = 0;
  ret->data = NULL;
  ret->size = 0;
  k = 0;
  do
    {
      k++;
      snprintf (name, sizeof (name), "%s.?%u", root, k);
      len = sizeof (str) - 1;
      result = asn1_read_value (asn, name, str, &len);
      /* move to next
       */
      if (result == ASN1_ELEMENT_NOT_FOUND)
	{
	  break;
	}
      do
	{
	  _gnutls_str_cpy (name2, sizeof (name2), name);
	  _gnutls_str_cat (name2, sizeof (name2), ".extnID");
	  len = sizeof (extnID) - 1;
	  result = asn1_read_value (asn, name2, extnID, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    {
	      gnutls_assert ();
	      break;
	    }
	  else if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      return _gnutls_asn2err (result);
	    }
	  /* Handle Extension 
	   */
	  if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
	    {
	      /* extension was found 
	       */
	      /* read the critical status.
	       */
	      _gnutls_str_cpy (name2, sizeof (name2), name);
	      _gnutls_str_cat (name2, sizeof (name2), ".critical");
	      len = sizeof (str_critical);
	      result = asn1_read_value (asn, name2, str_critical, &len);
	      if (result == ASN1_ELEMENT_NOT_FOUND)
		{
		  gnutls_assert ();
		  break;
		}
	      else if (result != ASN1_SUCCESS)
		{
		  gnutls_assert ();
		  return _gnutls_asn2err (result);
		}
	      if (str_critical[0] == 'T')
		critical = 1;
	      else
		critical = 0;
	      /* read the value.
	       */
	      _gnutls_str_cpy (name2, sizeof (name2), name);
	      _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
	      result = _gnutls_x509_read_value (asn, name2, &value, 0);
	      if (result < 0)
		{
		  gnutls_assert ();
		  return result;
		}
	      ret->data = value.data;
	      ret->size = value.size;
	      if (_critical)
		*_critical = critical;
	      return 0;
	    }
	}
      while (0);
    }
  while (1);
  if (result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  else
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
}
 | 
| ↓ | _gnutls_gen_srp_client_kx | 14 | 59 | 119 | lib/auth_srp.c | 
| 
int
_gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data)
{
  size_t n_a;
  int ret;
  uint8_t *data_a;
  char *username, *password;
  char buf[64];
  gnutls_srp_client_credentials_t cred;
  cred = (gnutls_srp_client_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if (session->internals.srp_username == NULL)
    {
      username = cred->username;
      password = cred->password;
    }
  else
    {
      username = session->internals.srp_username;
      password = session->internals.srp_password;
    }
  if (username == NULL || password == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  /* calc A = g^a % N 
   */
  if (G == NULL || N == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  A = _gnutls_calc_srp_A (&_a, G, N);
  if (A == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  /* Rest of SRP calculations 
   */
  /* calculate u */
  session->key->u = _gnutls_calc_srp_u (A, B, N);
  if (session->key->u == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  _gnutls_dump_mpi ("SRP U: ", session->key->u);
  /* S = (B - g^x) ^ (a + u * x) % N */
  S = _gnutls_calc_srp_S2 (B, G, session->key->x, _a, session->key->u, N);
  if (S == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  _gnutls_dump_mpi ("SRP B: ", B);
  _gnutls_mpi_release (&_b);
  _gnutls_mpi_release (&V);
  _gnutls_mpi_release (&session->key->u);
  _gnutls_mpi_release (&B);
  ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
  _gnutls_mpi_release (&S);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  if (_gnutls_mpi_print (A, NULL, &n_a) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_PRINT_FAILED;
    }
  (*data) = gnutls_malloc (n_a + 2);
  if ((*data) == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  /* copy A */
  data_a = (*data);
  if (_gnutls_mpi_print (A, &data_a[2], &n_a) != 0)
    {
      gnutls_free (*data);
      return GNUTLS_E_MPI_PRINT_FAILED;
    }
  _gnutls_hard_log ("INT: SRP A[%d]: %s\n", n_a,
		    _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf)));
  _gnutls_mpi_release (&A);
  _gnutls_write_uint16 (n_a, data_a);
  return n_a + 2;
}
 | 
| ↓ | _gnutls_server_select_suite | 14 | 57 | 123 | lib/gnutls_handshake.c | 
| 
int
_gnutls_server_select_suite (gnutls_session_t session, opaque * data,
			     int datalen)
{
  int x, i, j;
  cipher_suite_st *ciphers, cs;
  int retval, err;
  gnutls_pk_algorithm_t pk_algo;	/* will hold the pk algorithms
					 * supported by the peer.
					 */
  pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
  x = _gnutls_supported_ciphersuites (session, &ciphers);
  if (x < 0)
    {				/* the case x==0 is handled within the function. */
      gnutls_assert ();
      return x;
    }
  /* Here we remove any ciphersuite that does not conform
   * the certificate requested, or to the
   * authentication requested (e.g. SRP).
   */
  x = _gnutls_remove_unwanted_ciphersuites (session, &ciphers, x, pk_algo);
  if (x <= 0)
    {
      gnutls_assert ();
      gnutls_free (ciphers);
      if (x < 0)
	return x;
      else
	return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
    }
  /* Data length should be zero mod 2 since
   * every ciphersuite is 2 bytes. (this check is needed
   * see below).
   */
  if (datalen % 2 != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
#ifdef HANDSHAKE_DEBUG
  _gnutls_handshake_log ("HSK[%p]: Requested cipher suites: \n", session);
  for (j = 0; j < datalen; j += 2)
    {
      memcpy (&cs.suite, &data[j], 2);
      _gnutls_handshake_log ("\t%s\n", _gnutls_cipher_suite_get_name (&cs));
    }
  _gnutls_handshake_log ("HSK[%p]: Supported cipher suites: \n", session);
  for (j = 0; j < x; j++)
    _gnutls_handshake_log ("\t%s\n",
			   _gnutls_cipher_suite_get_name (&ciphers[j]));
#endif
  memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
  retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
  for (j = 0; j < datalen; j += 2)
    {
      for (i = 0; i < x; i++)
	{
	  if (memcmp (ciphers[i].suite, &data[j], 2) == 0)
	    {
	      memcpy (&cs.suite, &data[j], 2);
	      _gnutls_handshake_log
		("HSK[%p]: Selected cipher suite: %s\n", session,
		 _gnutls_cipher_suite_get_name (&cs));
	      memcpy (session->security_parameters.current_cipher_suite.suite,
		      ciphers[i].suite, 2);
	      retval = 0;
	      goto finish;
	    }
	}
    }
finish:
  gnutls_free (ciphers);
  if (retval != 0)
    {
      gnutls_assert ();
      return retval;
    }
  /* check if the credentials (username, public key etc.) are ok
   */
  if (_gnutls_get_kx_cred
      (session,
       _gnutls_cipher_suite_get_kx_algo (&session->security_parameters.
					 current_cipher_suite), &err) == NULL
      && err != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  /* set the mod_auth_st to the appropriate struct
   * according to the KX algorithm. This is needed since all the
   * handshake functions are read from there;
   */
  session->internals.auth_struct =
    _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
			    (&session->security_parameters.
			     current_cipher_suite));
  if (session->internals.auth_struct == NULL)
    {
      _gnutls_handshake_log
	("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
	 session);
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  return 0;
}
 | 
| ↓ | _gnutls_compressed2ciphertext | 14 | 55 | 125 | lib/gnutls_cipher.c | 
| 
int
_gnutls_compressed2ciphertext (gnutls_session_t session,
			       opaque * cipher_data, int cipher_size,
			       gnutls_datum_t compressed,
			       content_type_t _type, int random_pad)
{
  uint8_t MAC[MAX_HASH_SIZE];
  uint16_t c_length;
  uint8_t pad;
  int length, ret;
  digest_hd_st td;
  uint8_t type = _type;
  uint8_t major, minor;
  int hash_size =
    _gnutls_hash_get_algo_len (session->security_parameters.
			       write_mac_algorithm);
  gnutls_protocol_t ver;
  int blocksize =
    _gnutls_cipher_get_block_size (session->security_parameters.
				   write_bulk_cipher_algorithm);
  cipher_type_t block_algo =
    _gnutls_cipher_is_block (session->security_parameters.
			     write_bulk_cipher_algorithm);
  opaque *data_ptr;
  ver = gnutls_protocol_get_version (session);
  minor = _gnutls_version_get_minor (ver);
  major = _gnutls_version_get_major (ver);
  /* Initialize MAC */
  ret = mac_init (&td, session->security_parameters.write_mac_algorithm,
		  session->connection_state.write_mac_secret.data,
		  session->connection_state.write_mac_secret.size, ver);
  if (ret < 0
      && session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
    {
      gnutls_assert ();
      return ret;
    }
  c_length = _gnutls_conv_uint16 (compressed.size);
  if (session->security_parameters.write_mac_algorithm != GNUTLS_MAC_NULL)
    {				/* actually when the algorithm in not the NULL one */
      _gnutls_hmac (&td,
		    UINT64DATA (session->connection_state.
				write_sequence_number), 8);
      _gnutls_hmac (&td, &type, 1);
      if (ver >= GNUTLS_TLS1)
	{			/* TLS 1.0 or higher */
	  _gnutls_hmac (&td, &major, 1);
	  _gnutls_hmac (&td, &minor, 1);
	}
      _gnutls_hmac (&td, &c_length, 2);
      _gnutls_hmac (&td, compressed.data, compressed.size);
      mac_deinit (&td, MAC, ver);
    }
  /* Calculate the encrypted length (padding etc.)
   */
  length =
    calc_enc_length (session, compressed.size, hash_size, &pad,
		     random_pad, block_algo, blocksize);
  if (length < 0)
    {
      gnutls_assert ();
      return length;
    }
  /* copy the encrypted data to cipher_data.
   */
  if (cipher_size < length)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  data_ptr = cipher_data;
  if (block_algo == CIPHER_BLOCK &&
      session->security_parameters.version >= GNUTLS_TLS1_1)
    {
      /* copy the random IV.
       */
      ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      data_ptr += blocksize;
    }
  memcpy (data_ptr, compressed.data, compressed.size);
  data_ptr += compressed.size;
  if (hash_size > 0)
    {
      memcpy (data_ptr, MAC, hash_size);
      data_ptr += hash_size;
    }
  if (block_algo == CIPHER_BLOCK && pad > 0)
    {
      memset (data_ptr, pad - 1, pad);
    }
  /* Actual encryption (inplace).
   */
  ret =
    _gnutls_cipher_encrypt (&session->connection_state.write_cipher_state,
			    cipher_data, length);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  return length;
}
 | 
| ↓ | print_oneline | 14 | 51 | 93 | lib/openpgp/output.c | 
| 
static void
print_oneline (gnutls_string * str, gnutls_openpgp_crt_t cert)
{
  int err, i;
  /* Names. */
  i = 0;
  do
    {
      size_t dn_size;
      char dn[1024];
      dn_size = sizeof (dn);
      err = gnutls_openpgp_crt_get_name (cert, i++, dn, &dn_size);
      if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
	  err != GNUTLS_E_OPENPGP_UID_REVOKED)
	{
	  addf (str, "cannot get_name %d (%s), ", err, gnutls_strerror (err));
	  break;
	}
      if (err >= 0)
	addf (str, _("name[%d]: %s, "), i - 1, dn);
      else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
	addf (str, _("revoked name[%d]: %s, "), i - 1, dn);
    }
  while (err >= 0);
  {
    char fpr[128];
    size_t fpr_size = sizeof (fpr);
    int err;
    err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
    if (err < 0)
      addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
    else
      {
	adds (str, _("fingerprint: "));
	hexprint (str, fpr, fpr_size);
	addf (str, ", ");
      }
  }
  {
    time_t tim;
    tim = gnutls_openpgp_crt_get_creation_time (cert);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (gmtime_r (&tim, &t) == NULL)
	addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
      else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
	addf (str, "error: strftime (%ld), ", (unsigned long) tim);
      else
	addf (str, _("created: %s, "), s);
    }
    tim = gnutls_openpgp_crt_get_expiration_time (cert);
    {
      char s[42];
      size_t max = sizeof (s);
      struct tm t;
      if (tim == 0)
	adds (str, _("never expires, "));
      else
	{
	  if (gmtime_r (&tim, &t) == NULL)
	    addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
	  else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
	    addf (str, "error: strftime (%ld), ", (unsigned long) tim);
	  else
	    addf (str, _("expires: %s, "), s);
	}
    }
  }
  {
    unsigned int bits = 0;
    gnutls_pk_algorithm_t algo =
      gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
    const char *algostr = gnutls_pk_algorithm_get_name (algo);
    if (algostr)
      addf (str, _("key algorithm %s (%d bits)"), algostr, bits);
    else
      addf (str, _("unknown key algorithm (%d)"), algo);
  }
}
 | 
| ↓ | gnutls_x509_crt_get_crl_dist_points | 14 | 49 | 100 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
				     unsigned int seq, void *ret,
				     size_t * ret_size,
				     unsigned int *reason_flags,
				     unsigned int *critical)
{
  int result;
  gnutls_datum_t dist_points = { NULL, 0 };
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  char name[ASN1_MAX_NAME_SIZE];
  int len;
  gnutls_x509_subject_alt_name_t type;
  uint8_t reasons[2];
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (*ret_size > 0 && ret)
    memset (ret, 0, *ret_size);
  else
    *ret_size = 0;
  if (reason_flags)
    *reason_flags = 0;
  result =
    _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
				    critical);
  if (result < 0)
    {
      return result;
    }
  if (dist_points.size == 0 || dist_points.data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      _gnutls_free_datum (&dist_points);
      return _gnutls_asn2err (result);
    }
  result = asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL);
  _gnutls_free_datum (&dist_points);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  /* Return the different names from the first CRLDistr. point.
   * The whole thing is a mess.
   */
  _gnutls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName");
  result = _gnutls_parse_general_name (c2, name, seq, ret, ret_size, NULL, 0);
  if (result < 0)
    {
      asn1_delete_structure (&c2);
      return result;
    }
  type = result;
  /* Read the CRL reasons.
   */
  if (reason_flags)
    {
      _gnutls_str_cpy (name, sizeof (name), "?1.reasons");
      reasons[0] = reasons[1] = 0;
      len = sizeof (reasons);
      result = asn1_read_value (c2, name, reasons, &len);
      if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  asn1_delete_structure (&c2);
	  return _gnutls_asn2err (result);
	}
      *reason_flags = reasons[0] | (reasons[1] << 8);
    }
  return type;
}
 | 
| ↓ | _gnutls_remove_unwanted_ciphersuites | 14 | 48 | 126 | lib/gnutls_handshake.c | 
| 
int
_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
				      cipher_suite_st ** cipherSuites,
				      int numCipherSuites,
				      gnutls_pk_algorithm_t requested_pk_algo)
{
  int ret = 0;
  cipher_suite_st *newSuite, cs;
  int newSuiteSize = 0, i;
  gnutls_certificate_credentials_t cert_cred;
  gnutls_kx_algorithm_t kx;
  int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
  gnutls_kx_algorithm_t *alg = NULL;
  int alg_size = 0;
  /* if we should use a specific certificate, 
   * we should remove all algorithms that are not supported
   * by that certificate and are on the same authentication
   * method (CERTIFICATE).
   */
  cert_cred =
    (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
							 GNUTLS_CRD_CERTIFICATE,
							 NULL);
  /* If there are certificate credentials, find an appropriate certificate
   * or disable them;
   */
  if (session->security_parameters.entity == GNUTLS_SERVER
      && cert_cred != NULL)
    {
      ret = _gnutls_server_select_cert (session, requested_pk_algo);
      if (ret < 0)
	{
	  gnutls_assert ();
	  _gnutls_x509_log ("Could not find an appropriate certificate: %s\n",
			    gnutls_strerror (ret));
	  cert_cred = NULL;
	}
    }
  /* get all the key exchange algorithms that are 
   * supported by the X509 certificate parameters.
   */
  if ((ret =
       _gnutls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  newSuite = gnutls_malloc (numCipherSuites * sizeof (cipher_suite_st));
  if (newSuite == NULL)
    {
      gnutls_assert ();
      gnutls_free (alg);
      return GNUTLS_E_MEMORY_ERROR;
    }
  /* now removes ciphersuites based on the KX algorithm
   */
  for (i = 0; i < numCipherSuites; i++)
    {
      int delete = 0;
      /* finds the key exchange algorithm in
       * the ciphersuite
       */
      kx = _gnutls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]);
      /* if it is defined but had no credentials 
       */
      if (_gnutls_get_kx_cred (session, kx, NULL) == NULL)
	{
	  delete = 1;
	}
      else
	{
	  delete = 0;
	  if (server)
	    delete = check_server_params (session, kx, alg, alg_size);
	}
      /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
         (see cred_mappings in gnutls_algorithms.c), but it also
         requires a SRP credential.  Don't use SRP kx unless we have a
         SRP credential too.  */
      if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
	{
	  if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL))
	    delete = 1;
	}
      memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
      if (delete == 0)
	{
	  _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n",
				 session,
				 _gnutls_cipher_suite_get_name (&cs));
	  memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2);
	  newSuiteSize++;
	}
      else
	{
	  _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",
				 session,
				 _gnutls_cipher_suite_get_name (&cs));
	}
    }
  gnutls_free (alg);
  gnutls_free (*cipherSuites);
  *cipherSuites = newSuite;
  ret = newSuiteSize;
  return ret;
}
 | 
| ↓ | gnutls_openpgp_keyring_import | 14 | 43 | 84 | lib/openpgp/extras.c | 
| 
int
gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
			       const gnutls_datum_t * data,
			       gnutls_openpgp_crt_fmt_t format)
{
  cdk_error_t err;
  cdk_stream_t input = NULL;
  size_t raw_len = 0;
  opaque *raw_data = NULL;
  if (data->data == NULL || data->size == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_OPENPGP_GETKEY_FAILED;
    }
  _gnutls_debug_log ("PGP: keyring import format '%s'\n",
		     format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
  /* Create a new stream from the given data, decode it, and import
   * the raw database. This to avoid using opencdk streams which are
   * not thread safe.
   */
  if (format == GNUTLS_OPENPGP_FMT_BASE64)
    {
      size_t written = 0;
      err = cdk_stream_tmp_from_mem (data->data, data->size, &input);
      if (!err)
	err = cdk_stream_set_armor_flag (input, 0);
      if (err)
	{
	  gnutls_assert ();
	  err = _gnutls_map_cdk_rc (err);
	  goto error;
	}
      raw_len = cdk_stream_get_length (input);
      if (raw_len == 0)
	{
	  gnutls_assert ();
	  err = GNUTLS_E_BASE64_DECODING_ERROR;
	  goto error;
	}
      raw_data = gnutls_malloc (raw_len);
      if (raw_data == NULL)
	{
	  gnutls_assert ();
	  err = GNUTLS_E_MEMORY_ERROR;
	  goto error;
	}
      do
	{
	  err =
	    cdk_stream_read (input, raw_data + written, raw_len - written);
	  if (err > 0)
	    written += err;
	}
      while (written < raw_len && err != EOF && err > 0);
      raw_len = written;
    }
  else
    {				/* RAW */
      raw_len = data->size;
      raw_data = data->data;
    }
  err = cdk_keydb_new (&keyring->db, CDK_DBTYPE_DATA, raw_data, raw_len);
  if (err)
    gnutls_assert ();
  return _gnutls_map_cdk_rc (err);
error:
  gnutls_free (raw_data);
  cdk_stream_close (input);
  return err;
}
 | 
|  | _gnutls_x509_ext_extract_proxyCertInfo | 14 | 41 | 77 | lib/x509/extensions.c | 
|  | 
| ↓ | cdk_stream_close | 14 | 39 | 68 | lib/opencdk/stream.c | 
| 
cdk_error_t
cdk_stream_close (cdk_stream_t s)
{
  struct stream_filter_s *f, *f2;
  cdk_error_t rc;
  if (!s)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  _cdk_log_debug ("close stream ref=%d `%s'\n",
		  s->fp_ref, s->fname ? s->fname : "[temp]");
  /* In the user callback mode, we call the release cb if possible
     and just free the stream. */
  if (s->cbs_hd)
    {
      if (s->cbs.release)
	rc = s->cbs.release (s->cbs_hd);
      else
	rc = 0;
      cdk_free (s);
      gnutls_assert ();
      return rc;
    }
  rc = 0;
  if (!s->flags.filtrated && !s->error)
    rc = cdk_stream_flush (s);
  if (!s->fp_ref && (s->fname || s->flags.temp))
    {
      int err;
      _cdk_log_debug ("close stream fd=%d\n", fileno (s->fp));
      err = fclose (s->fp);
      s->fp = NULL;
      if (err)
	rc = CDK_File_Error;
    }
  /* Iterate over the filter list and use the cleanup flag to
     free the allocated internal structures. */
  f = s->filters;
  while (f)
    {
      f2 = f->next;
      if (f->fnct)
	f->fnct (f->opaque, STREAMCTL_FREE, NULL, NULL);
      cdk_free (f);
      f = f2;
    }
  if (s->fname)
    {
      cdk_free (s->fname);
      s->fname = NULL;
    }
  cdk_free (s->cache.buf);
  s->cache.alloced = 0;
  cdk_free (s);
  gnutls_assert ();
  return rc;
}
 | 
| ↓ | check_server_params | 14 | 38 | 108 | lib/gnutls_handshake.c | 
| 
inline static int
check_server_params (gnutls_session_t session,
		     gnutls_kx_algorithm_t kx,
		     gnutls_kx_algorithm_t * alg, int alg_size)
{
  int cred_type;
  gnutls_dh_params_t dh_params = NULL;
  gnutls_rsa_params_t rsa_params = NULL;
  int j;
  cred_type = _gnutls_map_kx_get_cred (kx, 1);
  /* Read the Diffie-Hellman parameters, if any.
   */
  if (cred_type == GNUTLS_CRD_CERTIFICATE)
    {
      int delete;
      gnutls_certificate_credentials_t x509_cred =
	(gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
							     cred_type, NULL);
      if (x509_cred != NULL)
	{
	  dh_params =
	    _gnutls_get_dh_params (x509_cred->dh_params,
				   x509_cred->params_func, session);
	  rsa_params =
	    _gnutls_certificate_get_rsa_params (x509_cred->rsa_params,
						x509_cred->params_func,
						session);
	}
      /* Check also if the certificate supports the
       * KX method.
       */
      delete = 1;
      for (j = 0; j < alg_size; j++)
	{
	  if (alg[j] == kx)
	    {
	      delete = 0;
	      break;
	    }
	}
      if (delete == 1)
	return 1;
#ifdef ENABLE_ANON
    }
  else if (cred_type == GNUTLS_CRD_ANON)
    {
      gnutls_anon_server_credentials_t anon_cred =
	(gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key,
							     cred_type, NULL);
      if (anon_cred != NULL)
	{
	  dh_params =
	    _gnutls_get_dh_params (anon_cred->dh_params,
				   anon_cred->params_func, session);
	}
#endif
#ifdef ENABLE_PSK
    }
  else if (cred_type == GNUTLS_CRD_PSK)
    {
      gnutls_psk_server_credentials_t psk_cred =
	(gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key,
							    cred_type, NULL);
      if (psk_cred != NULL)
	{
	  dh_params =
	    _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func,
				   session);
	}
#endif
    }
  else
    return 0;			/* no need for params */
  /* If the key exchange method needs RSA or DH params,
   * but they are not set then remove it.
   */
  if (_gnutls_kx_needs_rsa_params (kx) != 0)
    {
      /* needs rsa params. */
      if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL)
	{
	  gnutls_assert ();
	  return 1;
	}
    }
  if (_gnutls_kx_needs_dh_params (kx) != 0)
    {
      /* needs DH params. */
      if (_gnutls_dh_params_to_mpi (dh_params) == NULL)
	{
	  gnutls_assert ();
	  return 1;
	}
    }
  return 0;
}
 | 
| ↓ | cdk_listkey_start | 14 | 35 | 52 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
		   const char *patt, cdk_strlist_t fpatt)
{
  cdk_listkey_t ctx;
  cdk_stream_t inp;
  cdk_error_t rc;
  if (!r_ctx || !db)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if ((patt && fpatt) || (!patt && !fpatt))
    {
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  rc = _cdk_keydb_open (db, &inp);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  ctx = cdk_calloc (1, sizeof *ctx);
  if (!ctx)
    {
      gnutls_assert ();
      return CDK_Out_Of_Core;
    }
  ctx->db = db;
  ctx->inp = inp;
  if (patt)
    {
      ctx->u.patt = cdk_strdup (patt);
      if (!ctx->u.patt)
	{
	  gnutls_assert ();
	  return CDK_Out_Of_Core;
	}
    }
  else if (fpatt)
    {
      cdk_strlist_t l;
      for (l = fpatt; l; l = l->next)
	cdk_strlist_add (&ctx->u.fpatt, l->d);
    }
  ctx->type = patt ? 1 : 0;
  ctx->init = 1;
  *r_ctx = ctx;
  return 0;
}
 | 
| ↓ | cdk_file_verify | 14 | 32 | 51 | lib/opencdk/verify.c | 
| 
cdk_error_t
cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file,
		 const char *output)
{
  struct stat stbuf;
  cdk_stream_t inp, data;
  char buf[4096];
  int n;
  cdk_error_t rc;
  if (!hd || !file)
    return CDK_Inv_Value;
  if (output && !hd->opt.overwrite && !stat (output, &stbuf))
    return CDK_Inv_Mode;
  rc = cdk_stream_open (file, &inp);
  if (rc)
    return rc;
  if (cdk_armor_filter_use (inp))
    {
      n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1);
      if (!n || n == -1)
	return CDK_EOF;
      buf[n] = '\0';
      if (strstr (buf, "BEGIN PGP SIGNED MESSAGE"))
	{
	  cdk_stream_close (inp);
	  return file_verify_clearsign (hd, file, output);
	}
      cdk_stream_set_armor_flag (inp, 0);
    }
  if (data_file)
    {
      rc = cdk_stream_open (data_file, &data);
      if (rc)
	{
	  cdk_stream_close (inp);
	  return rc;
	}
    }
  else
    data = NULL;
  rc = _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL);
  if (data != NULL)
    cdk_stream_close (data);
  cdk_stream_close (inp);
  return rc;
}
 | 
| ↓ | cdk_kbnode_write_to_mem_alloc | 14 | 29 | 52 | lib/opencdk/kbnode.c | 
| 
cdk_error_t
cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
			       byte ** r_buf, size_t * r_buflen)
{
  cdk_kbnode_t n;
  cdk_stream_t s;
  cdk_error_t rc;
  size_t len;
  if (!node || !r_buf || !r_buflen)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  *r_buf = NULL;
  *r_buflen = 0;
  rc = cdk_stream_tmp_new (&s);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  for (n = node; n; n = n->next)
    {
      /* Skip all packets which cannot occur in a key composition. */
      if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
	  n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
	  n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
	  n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
	  n->pkt->pkttype != CDK_PKT_SIGNATURE &&
	  n->pkt->pkttype != CDK_PKT_USER_ID &&
	  n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
	continue;
      rc = cdk_pkt_write (s, n->pkt);
      if (rc)
	{
	  cdk_stream_close (s);
	  gnutls_assert ();
	  return rc;
	}
    }
  cdk_stream_seek (s, 0);
  len = cdk_stream_get_length (s);
  *r_buf = cdk_calloc (1, len);
  *r_buflen = cdk_stream_read (s, *r_buf, len);
  cdk_stream_close (s);
  return 0;
}
 | 
| ↓ | _cdk_sig_check | 14 | 23 | 38 | lib/opencdk/sig-check.c | 
| 
cdk_error_t
_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
		digest_hd_st * digest, int *r_expired)
{
  cdk_error_t rc;
  byte md[MAX_DIGEST_LEN];
  time_t cur_time = (u32) time (NULL);
  if (!pk || !sig || !digest)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (sig->flags.checked)
    return sig->flags.valid ? 0 : CDK_Bad_Sig;
  if (!KEY_CAN_SIGN (pk->pubkey_algo))
    return CDK_Inv_Algo;
  if (pk->timestamp > sig->timestamp || pk->timestamp > cur_time)
    return CDK_Time_Conflict;
  if (r_expired && pk->expiredate
      && (pk->expiredate + pk->timestamp) > cur_time)
    *r_expired = 1;
  _cdk_hash_sig_data (sig, digest);
  _gnutls_hash_output (digest, md);
  if (md[0] != sig->digest_start[0] || md[1] != sig->digest_start[1])
    {
      gnutls_assert ();
      return CDK_Chksum_Error;
    }
  rc = cdk_pk_verify (pk, sig, md);
  cache_sig_result (sig, rc);
  return rc;
}
 | 
| ↓ | cdk_pkt_alloc | 22 | 46 | 78 | lib/opencdk/new-packet.c | 
| 
cdk_error_t
cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype)
{
  cdk_packet_t pkt;
  int rc;
  if (!r_pkt)
    return CDK_Inv_Value;
  rc = cdk_pkt_new (&pkt);
  if (rc)
    return rc;
  switch (pkttype)
    {
    case CDK_PKT_USER_ID:
      pkt->pkt.user_id = cdk_calloc (1, sizeof pkt->pkt.user_id);
      if (!pkt->pkt.user_id)
	return CDK_Out_Of_Core;
      pkt->pkt.user_id->name = NULL;
      break;
    case CDK_PKT_PUBLIC_KEY:
    case CDK_PKT_PUBLIC_SUBKEY:
      pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
      if (!pkt->pkt.public_key)
	return CDK_Out_Of_Core;
      break;
    case CDK_PKT_SECRET_KEY:
    case CDK_PKT_SECRET_SUBKEY:
      pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
      pkt->pkt.secret_key->pk =
	cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk);
      if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
	return CDK_Out_Of_Core;
      break;
    case CDK_PKT_SIGNATURE:
      pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
      if (!pkt->pkt.signature)
	return CDK_Out_Of_Core;
      break;
    case CDK_PKT_PUBKEY_ENC:
      pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
      if (!pkt->pkt.pubkey_enc)
	return CDK_Out_Of_Core;
      break;
    case CDK_PKT_MDC:
      pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
      if (!pkt->pkt.mdc)
	return CDK_Out_Of_Core;
      break;
    case CDK_PKT_ONEPASS_SIG:
      pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
      if (!pkt->pkt.onepass_sig)
	return CDK_Out_Of_Core;
      break;
    case CDK_PKT_LITERAL:
      /* FIXME: We would need the size of the file name to allocate extra
         bytes, otherwise the result would be useless. */
      pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
      if (!pkt->pkt.literal)
	return CDK_Out_Of_Core;
      pkt->pkt.literal->name = NULL;
      break;
    default:
      return CDK_Not_Implemented;
    }
  pkt->pkttype = pkttype;
  *r_pkt = pkt;
  return 0;
}
 | 
| ↓ | print_crldist | 17 | 45 | 84 | lib/x509/output.c | 
| 
static void
print_crldist (gnutls_string * str, gnutls_x509_crt_t cert)
{
  char *buffer = NULL;
  size_t size;
  char str_ip[64];
  char *p;
  int err;
  int indx;
  for (indx = 0;; indx++)
    {
      size = 0;
      err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
						 NULL, NULL);
      if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
	return;
      if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  addf (str, "error: get_crl_dist_points: %s\n",
		gnutls_strerror (err));
	  return;
	}
      buffer = gnutls_malloc (size);
      if (!buffer)
	{
	  addf (str, "error: malloc: %s\n", gnutls_strerror (err));
	  return;
	}
      err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
						 NULL, NULL);
      if (err < 0)
	{
	  gnutls_free (buffer);
	  addf (str, "error: get_crl_dist_points2: %s\n",
		gnutls_strerror (err));
	  return;
	}
      if ((err == GNUTLS_SAN_DNSNAME
	   || err == GNUTLS_SAN_RFC822NAME
	   || err == GNUTLS_SAN_URI) &&
	  strlen (buffer) != size)
	{
	  adds (str, _("warning: distributionPoint contains an embedded NUL, "
		       "replacing with '!'\n"));
	  while (strlen (buffer) < size)
	    buffer[strlen (buffer)] = '!';
	}
      switch (err)
	{
	case GNUTLS_SAN_DNSNAME:
	  addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
	  break;
	case GNUTLS_SAN_RFC822NAME:
	  addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
	  break;
	case GNUTLS_SAN_URI:
	  addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
	  break;
	case GNUTLS_SAN_IPADDRESS:
	  p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
	  if (p == NULL)
	    p = ERROR_STR;
	  addf (str, "\t\t\tIPAddress: %s\n", p);
	  break;
	case GNUTLS_SAN_DN:
	  addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
	  break;
	default:
	  addf (str, "error: unknown SAN\n");
	  break;
	}
      gnutls_free (buffer);
    }
}
 | 
| ↓ | find_by_pattern | 14 | 24 | 39 | lib/opencdk/keydb.c | 
| 
static int
find_by_pattern (cdk_kbnode_t knode, cdk_keydb_search_t ks)
{
  cdk_kbnode_t node;
  size_t uidlen;
  char *name;
  for (node = knode; node; node = node->next)
    {
      if (node->pkt->pkttype != CDK_PKT_USER_ID)
	continue;
      if (node->pkt->pkt.user_id->attrib_img != NULL)
	continue;		/* Skip attribute packets. */
      uidlen = node->pkt->pkt.user_id->len;
      name = node->pkt->pkt.user_id->name;
      switch (ks->type)
	{
	case CDK_DBSEARCH_EXACT:
	  if (name &&
	      (strlen (ks->u.pattern) == uidlen &&
	       !strncmp (ks->u.pattern, name, uidlen)))
	    return 1;
	  break;
	case CDK_DBSEARCH_SUBSTR:
	  if (uidlen > 65536)
	    break;
	  if (name && strlen (ks->u.pattern) > uidlen)
	    break;
	  if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
	    return 1;
	  break;
	default:		/* Invalid mode */
	  return 0;
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_proc_srp_server_kx | 13 | 77 | 154 | lib/auth_srp.c | 
| 
int
_gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data,
			    size_t _data_size)
{
  uint8_t n_s;
  uint16_t n_g, n_n, n_b;
  size_t _n_s, _n_g, _n_n, _n_b;
  const uint8_t *data_n;
  const uint8_t *data_g;
  const uint8_t *data_s;
  const uint8_t *data_b;
  int i, ret;
  opaque hd[SRP_MAX_HASH_SIZE];
  char *username, *password;
  ssize_t data_size = _data_size;
  gnutls_srp_client_credentials_t cred;
  cred = (gnutls_srp_client_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if (session->internals.srp_username == NULL)
    {
      username = cred->username;
      password = cred->password;
    }
  else
    {
      username = session->internals.srp_username;
      password = session->internals.srp_password;
    }
  if (username == NULL || password == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  i = 0;
  /* Read N 
   */
  DECR_LEN (data_size, 2);
  n_n = _gnutls_read_uint16 (&data[i]);
  i += 2;
  DECR_LEN (data_size, n_n);
  data_n = &data[i];
  i += n_n;
  /* Read G 
   */
  DECR_LEN (data_size, 2);
  n_g = _gnutls_read_uint16 (&data[i]);
  i += 2;
  DECR_LEN (data_size, n_g);
  data_g = &data[i];
  i += n_g;
  /* Read salt 
   */
  DECR_LEN (data_size, 1);
  n_s = data[i];
  i += 1;
  DECR_LEN (data_size, n_s);
  data_s = &data[i];
  i += n_s;
  /* Read B 
   */
  DECR_LEN (data_size, 2);
  n_b = _gnutls_read_uint16 (&data[i]);
  i += 2;
  DECR_LEN (data_size, n_b);
  data_b = &data[i];
  i += n_b;
  _n_s = n_s;
  _n_g = n_g;
  _n_n = n_n;
  _n_b = n_b;
  if (_gnutls_mpi_scan_nz (&N, data_n, _n_n) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  if (_gnutls_mpi_scan_nz (&G, data_g, _n_g) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  if (_gnutls_mpi_scan_nz (&B, data_b, _n_b) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  /* Check if the g and n are from the SRP
   * draft. Otherwise check if N is a prime and G
   * a generator.
   */
  if ((ret = check_g_n (data_g, _n_g, data_n, _n_n)) < 0)
    {
      _gnutls_x509_log ("Checking the SRP group parameters.\n");
      if ((ret = group_check_g_n (session, G, N)) < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
    }
  /* Checks if b % n == 0
   */
  if ((ret = check_b_mod_n (B, N)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* generate x = SHA(s | SHA(U | ":" | p))
   * (or the equivalent using bcrypt)
   */
  if ((ret =
       _gnutls_calc_srp_x (username, password, (opaque *) data_s, n_s,
			   &_n_g, hd)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  if (_gnutls_mpi_scan_nz (&session->key->x, hd, _n_g) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  return i;			/* return the processed data
				 * needed in auth_srp_rsa.
				 */
}
 | 
| ↓ | decrypt_data | 13 | 64 | 127 | lib/x509/privkey_pkcs8.c | 
| 
static int
decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
	      const char *root, const char *password,
	      const struct pbkdf2_params *kdf_params,
	      const struct pbe_enc_params *enc_params,
	      gnutls_datum_t * decrypted_data)
{
  int result;
  int data_size;
  opaque *data = NULL, *key = NULL;
  gnutls_datum_t dkey, d_iv;
  cipher_hd_st ch;
  int ch_init = 0;
  int key_size;
  data_size = 0;
  result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
  if (result != ASN1_MEM_ERROR)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  data = gnutls_malloc (data_size);
  if (data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  result = asn1_read_value (pkcs8_asn, root, data, &data_size);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  if (kdf_params->key_size == 0)
    {
      key_size = gnutls_cipher_get_key_size (enc_params->cipher);
    }
  else
    key_size = kdf_params->key_size;
  key = gnutls_malloc (key_size);
  if (key == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto error;
    }
  /* generate the key
   */
  if (schema == PBES2)
    {
      result = _gnutls_pbkdf2_sha1 (password, strlen (password),
				    kdf_params->salt, kdf_params->salt_size,
				    kdf_params->iter_count, key, key_size);
      if (result < 0)
	{
	  gnutls_assert ();
	  goto error;
	}
    }
  else
    {
      result =
	_gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
				      kdf_params->salt_size,
				      kdf_params->iter_count, password,
				      key_size, key);
      if (result < 0)
	{
	  gnutls_assert ();
	  goto error;
	}
    }
  /* do the decryption.
   */
  dkey.data = key;
  dkey.size = key_size;
  d_iv.data = (opaque *) enc_params->iv;
  d_iv.size = enc_params->iv_size;
  result = _gnutls_cipher_init (&ch, enc_params->cipher, &dkey, &d_iv);
  gnutls_free (key);
  key = NULL;
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  ch_init = 1;
  result = _gnutls_cipher_decrypt (&ch, data, data_size);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  decrypted_data->data = data;
  if (_gnutls_cipher_get_block_size (enc_params->cipher) != 1)
    decrypted_data->size = data_size - data[data_size - 1];
  else
    decrypted_data->size = data_size;
  _gnutls_cipher_deinit (&ch);
  return 0;
error:
  gnutls_free (data);
  gnutls_free (key);
  if (ch_init != 0)
    _gnutls_cipher_deinit (&ch);
  return result;
}
 | 
| ↓ | _gnutls_x509_get_dn_oid | 13 | 61 | 120 | lib/x509/dn.c | 
| 
int
_gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
			 const char *asn1_rdn_name,
			 int indx, void *_oid, size_t * sizeof_oid)
{
  int k2, k1, result;
  char tmpbuffer1[ASN1_MAX_NAME_SIZE];
  char tmpbuffer2[ASN1_MAX_NAME_SIZE];
  char tmpbuffer3[ASN1_MAX_NAME_SIZE];
  char value[256];
  char oid[MAX_OID_SIZE];
  int len;
  int i = 0;
  k1 = 0;
  do
    {
      k1++;
      /* create a string like "tbsCertList.issuer.rdnSequence.?1"
       */
      if (asn1_rdn_name[0] != 0)
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
		  k1);
      else
	snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
      len = sizeof (value) - 1;
      result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
      if (result == ASN1_ELEMENT_NOT_FOUND)
	{
	  gnutls_assert ();
	  break;
	}
      if (result != ASN1_VALUE_NOT_FOUND)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      k2 = 0;
      do
	{			/* Move to the attibute type and values
				 */
	  k2++;
	  if (tmpbuffer1[0] != 0)
	    snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
		      k2);
	  else
	    snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
	  /* Try to read the RelativeDistinguishedName attributes.
	   */
	  len = sizeof (value) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    {
	      break;
	    }
	  if (result != ASN1_VALUE_NOT_FOUND)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  /* Read the OID 
	   */
	  _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
	  _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
	  len = sizeof (oid) - 1;
	  result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
	  if (result == ASN1_ELEMENT_NOT_FOUND)
	    break;
	  else if (result != ASN1_SUCCESS)
	    {
	      gnutls_assert ();
	      result = _gnutls_asn2err (result);
	      goto cleanup;
	    }
	  if (indx == i++)
	    {			/* Found the OID */
	      len = strlen (oid) + 1;
	      if (*sizeof_oid < (unsigned) len)
		{
		  *sizeof_oid = len;
		  gnutls_assert ();
		  return GNUTLS_E_SHORT_MEMORY_BUFFER;
		}
	      memcpy (_oid, oid, len);
	      *sizeof_oid = len - 1;
	      return 0;
	    }
	}
      while (1);
    }
  while (1);
  gnutls_assert ();
  result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
cleanup:
  return result;
}
 | 
| ↓ | gnutls_pkcs12_set_bag | 13 | 54 | 121 | lib/x509/pkcs12.c | 
| 
int
gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
{
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
  int result;
  int enc = 0, dum = 1;
  char null;
  if (pkcs12 == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* Step 1. Check if the pkcs12 structure is empty. In that
   * case generate an empty PFX.
   */
  result = asn1_read_value (pkcs12->pkcs12, "authSafe.content", &null, &dum);
  if (result == ASN1_VALUE_NOT_FOUND)
    {
      result = create_empty_pfx (pkcs12->pkcs12);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
    }
  /* Step 2. decode the authenticatedSafe.
   */
  result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
  if (result < 0)
    {
      gnutls_assert ();
      return result;
    }
  /* Step 3. Encode the bag elements into a SafeContents 
   * structure.
   */
  result = _pkcs12_encode_safe_contents (bag, &safe_cont, &enc);
  if (result < 0)
    {
      gnutls_assert ();
      return result;
    }
  /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
   * structure.
   */
  result = asn1_write_value (c2, "", "NEW", 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if (enc)
    result = asn1_write_value (c2, "?LAST.contentType", ENC_DATA_OID, 1);
  else
    result = asn1_write_value (c2, "?LAST.contentType", DATA_OID, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if (enc)
    {
      /* Encrypted packets are written directly.
       */
      result =
	asn1_write_value (c2, "?LAST.content",
			  bag->element[0].data.data,
			  bag->element[0].data.size);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
    }
  else
    {
      result =
	_gnutls_x509_der_encode_and_copy (safe_cont, "", c2,
					  "?LAST.content", 1);
      if (result < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
    }
  asn1_delete_structure (&safe_cont);
  /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
   * structure.
   */
  result =
    _gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12,
				      "authSafe.content", 1);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  asn1_delete_structure (&c2);
  return 0;
cleanup:
  asn1_delete_structure (&c2);
  asn1_delete_structure (&safe_cont);
  return result;
}
 | 
| ↓ | _wrap_gcry_pk_encrypt | 13 | 52 | 96 | lib/pk-libgcrypt.c | 
| 
static int
_wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
		       gnutls_datum_t * ciphertext,
		       const gnutls_datum_t * plaintext,
		       const gnutls_pk_params_st * pk_params)
{
  gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL;
  int rc = -1;
  int ret;
  bigint_t data, res;
  gcry_sexp_t list;
  if (_gnutls_mpi_scan_nz (&data, plaintext->data, plaintext->size) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  /* make a sexp from pkey */
  switch (algo)
    {
    case GNUTLS_PK_RSA:
      if (pk_params->params_nr >= 2)
	rc = gcry_sexp_build (&s_pkey, NULL,
			      "(public-key(rsa(n%m)(e%m)))",
			      pk_params->params[0], pk_params->params[1]);
      break;
    default:
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  /* put the data into a simple list */
  if (gcry_sexp_build (&s_data, NULL, "%m", data))
    {
      gnutls_assert ();
      ret = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  /* pass it to libgcrypt */
  rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_PK_ENCRYPTION_FAILED;
      goto cleanup;
    }
  list = gcry_sexp_find_token (s_ciph, "a", 0);
  if (list == NULL)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  res = gcry_sexp_nth_mpi (list, 1, 0);
  gcry_sexp_release (list);
  if (res == NULL)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint_size (res, ciphertext, plaintext->size);
  _gnutls_mpi_release (&res);
  if (ret < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret = 0;
cleanup:
  _gnutls_mpi_release (&data);
  if (s_ciph)
    gcry_sexp_release (s_ciph);
  if (s_data)
    gcry_sexp_release (s_data);
  if (s_pkey)
    gcry_sexp_release (s_pkey);
  return ret;
}
 | 
| ↓ | _gnutls_x509_cert_verify_peers | 13 | 47 | 97 | lib/gnutls_x509.c | 
| 
int
_gnutls_x509_cert_verify_peers (gnutls_session_t session,
				unsigned int *status)
{
  cert_auth_info_t info;
  gnutls_certificate_credentials_t cred;
  gnutls_x509_crt_t *peer_certificate_list;
  int peer_certificate_list_size, i, x, ret;
  CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
  info = _gnutls_get_auth_info (session);
  if (info == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if (info->raw_certificate_list == NULL || info->ncerts == 0)
    return GNUTLS_E_NO_CERTIFICATE_FOUND;
  if (info->ncerts > cred->verify_depth && cred->verify_depth > 0)
    {
      gnutls_assert ();
      return GNUTLS_E_CONSTRAINT_ERROR;
    }
  /* generate a list of gnutls_certs based on the auth info
   * raw certs.
   */
  peer_certificate_list_size = info->ncerts;
  peer_certificate_list =
    gnutls_calloc (peer_certificate_list_size, sizeof (gnutls_x509_crt_t));
  if (peer_certificate_list == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  for (i = 0; i < peer_certificate_list_size; i++)
    {
      ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
      if (ret < 0)
	{
	  gnutls_assert ();
	  CLEAR_CERTS;
	  return ret;
	}
      ret =
	gnutls_x509_crt_import (peer_certificate_list[i],
				&info->raw_certificate_list[i],
				GNUTLS_X509_FMT_DER);
      if (ret < 0)
	{
	  gnutls_assert ();
	  CLEAR_CERTS;
	  return ret;
	}
      ret = check_bits (peer_certificate_list[i], cred->verify_bits);
      if (ret < 0)
	{
	  gnutls_assert ();
	  CLEAR_CERTS;
	  return ret;
	}
    }
  /* Verify certificate 
   */
  ret = gnutls_x509_crt_list_verify (peer_certificate_list,
				     peer_certificate_list_size,
				     cred->x509_ca_list, cred->x509_ncas,
				     cred->x509_crl_list, cred->x509_ncrls,
				     cred->verify_flags | session->internals.priorities.additional_verify_flags,
				     status);
  CLEAR_CERTS;
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  return 0;
}
 | 
| ↓ | read_attribute | 13 | 46 | 67 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr)
{
  const byte *p;
  byte *buf;
  size_t len, nread;
  cdk_error_t rc;
  if (!inp || !attr || !pktlen)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_attribute: %d octets\n", pktlen);
  strcpy (attr->name, "[attribute]");
  attr->len = strlen (attr->name);
  buf = cdk_calloc (1, pktlen);
  if (!buf)
    return CDK_Out_Of_Core;
  rc = stream_read (inp, buf, pktlen, &nread);
  if (rc)
    {
      cdk_free (buf);
      return CDK_Inv_Packet;
    }
  p = buf;
  len = *p++;
  pktlen--;
  if (len == 255)
    {
      len = _cdk_buftou32 (p);
      p += 4;
      pktlen -= 4;
    }
  else if (len >= 192)
    {
      if (pktlen < 2)
	{
	  cdk_free (buf);
	  return CDK_Inv_Packet;
	}
      len = ((len - 192) << 8) + *p + 192;
      p++;
      pktlen--;
    }
  if (*p != 1)			/* Currently only 1, meaning an image, is defined. */
    {
      cdk_free (buf);
      return CDK_Inv_Packet;
    }
  p++;
  len--;
  if (pktlen - (len + 1) > 0)
    return CDK_Inv_Packet;
  attr->attrib_img = cdk_calloc (1, len);
  if (!attr->attrib_img)
    {
      cdk_free (buf);
      return CDK_Out_Of_Core;
    }
  attr->attrib_len = len;
  memcpy (attr->attrib_img, p, len);
  cdk_free (buf);
  return rc;
}
 | 
| ↓ | gnutls_x509_crq_get_key_purpose_oid | 13 | 45 | 90 | lib/x509/crq.c | 
| 
int
gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t cert,
				     int indx, void *oid, size_t * sizeof_oid,
				     unsigned int *critical)
{
  char tmpstr[ASN1_MAX_NAME_SIZE];
  int result, len;
  gnutls_datum_t prev_data;
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  opaque tmp[MAX_CRQ_EXTENSIONS_SIZE];
  size_t tmp_size;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (oid)
    memset (oid, 0, *sizeof_oid);
  else
    *sizeof_oid = 0;
  tmp_size = sizeof (tmp);
  result = gnutls_x509_crq_get_extension_by_oid (cert, "2.5.29.37", 0,
						 tmp, &tmp_size, critical);
  if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
    {
      gnutls_assert ();
      return result;
    }
  if (result < 0)
    {
      prev_data.data = NULL;
      prev_data.size = 0;
    }
  else
    {
      prev_data.data = tmp;
      prev_data.size = tmp_size;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  if (prev_data.size > 0)
    {
      result = asn1_der_decoding (&c2, prev_data.data, prev_data.size, NULL);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  asn1_delete_structure (&c2);
	  return _gnutls_asn2err (result);
	}
    }
  indx++;
  /* create a string like "?1"
   */
  snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
  len = *sizeof_oid;
  result = asn1_read_value (c2, tmpstr, oid, &len);
  *sizeof_oid = len;
  asn1_delete_structure (&c2);
  if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  if (result != ASN1_SUCCESS)
    {
      if (result != ASN1_MEM_ERROR)
	gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  return 0;
}
 | 
| ↓ | cdk_keydb_import | 13 | 44 | 78 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode)
{
  cdk_kbnode_t node, chk;
  cdk_packet_t pkt;
  cdk_stream_t out;
  cdk_error_t rc;
  u32 keyid[2];
  if (!hd || !knode)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  pkt = find_key_packet (knode, NULL);
  if (!pkt)
    {
      gnutls_assert ();
      return CDK_Inv_Packet;
    }
  _cdk_pkt_get_keyid (pkt, keyid);
  chk = NULL;
  cdk_keydb_get_bykeyid (hd, keyid, &chk);
  if (chk)
    {				/* FIXME: search for new signatures */
      cdk_kbnode_release (chk);
      return 0;
    }
  /* We append data to the stream so we need to close
     the stream here to re-open it later. */
  if (hd->fp)
    {
      cdk_stream_close (hd->fp);
      hd->fp = NULL;
    }
  rc = _cdk_stream_append (hd->name, &out);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  for (node = knode; node; node = node->next)
    {
      if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
	continue;		/* No uniformed syntax for this packet */
      if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
	  !node->pkt->pkt.signature->flags.exportable)
	{
	  _cdk_log_debug ("key db import: skip local signature\n");
	  continue;
	}
      if (!is_key_node (node))
	{
	  _cdk_log_debug ("key db import: skip invalid node of type %d\n",
			  node->pkt->pkttype);
	  continue;
	}
      rc = cdk_pkt_write (out, node->pkt);
      if (rc)
	{
	  cdk_stream_close (out);
	  gnutls_assert ();
	  return rc;
	}
    }
  cdk_stream_close (out);
  hd->stats.new_keys++;
  return 0;
}
 | 
| ↓ | read_subpkt | 13 | 42 | 56 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_subpkt (cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
{
  byte c, c1;
  size_t size, nread, n;
  cdk_subpkt_t node;
  cdk_error_t rc;
  if (!inp || !r_nbytes)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_subpkt:\n");
  n = 0;
  *r_nbytes = 0;
  c = cdk_stream_getc (inp);
  n++;
  if (c == 255)
    {
      size = read_32 (inp);
      n += 4;
    }
  else if (c >= 192 && c < 255)
    {
      c1 = cdk_stream_getc (inp);
      n++;
      if (c1 == 0)
	return 0;
      size = ((c - 192) << 8) + c1 + 192;
    }
  else if (c < 192)
    size = c;
  else
    return CDK_Inv_Packet;
  node = cdk_subpkt_new (size);
  if (!node)
    return CDK_Out_Of_Core;
  node->size = size;
  node->type = cdk_stream_getc (inp);
  if (DEBUG_PKT)
    _cdk_log_debug (" %d octets %d type\n", node->size, node->type);
  n++;
  node->size--;
  rc = stream_read (inp, node->d, node->size, &nread);
  n += nread;
  if (rc)
    return rc;
  *r_nbytes = n;
  if (!*r_ctx)
    *r_ctx = node;
  else
    cdk_subpkt_add (*r_ctx, node);
  return rc;
}
 | 
| ↓ | cdk_keydb_export | 13 | 42 | 69 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
{
  cdk_kbnode_t knode, node;
  cdk_strlist_t r;
  cdk_error_t rc;
  int old_ctb;
  cdk_keydb_search_t st;
  for (r = remusr; r; r = r->next)
    {
      rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d);
      if (rc)
	{
	  gnutls_assert ();
	  return rc;
	}
      rc = cdk_keydb_search (st, hd, &knode);
      cdk_keydb_search_release (st);
      if (rc)
	{
	  gnutls_assert ();
	  return rc;
	}
      node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
      if (!node)
	{
	  gnutls_assert ();
	  return CDK_Error_No_Key;
	}
      /* If the key is a version 3 key, use the old packet
         format for the output. */
      if (node->pkt->pkt.public_key->version == 3)
	old_ctb = 1;
      else
	old_ctb = 0;
      for (node = knode; node; node = node->next)
	{
	  /* No specified format; skip them */
	  if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
	    continue;
	  /* We never export local signed signatures */
	  if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
	      !node->pkt->pkt.signature->flags.exportable)
	    continue;
	  /* Filter out invalid signatures */
	  if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
	      (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
	    continue;
	  /* Adjust the ctb flag if needed. */
	  node->pkt->old_ctb = old_ctb;
	  rc = cdk_pkt_write (out, node->pkt);
	  if (rc)
	    {
	      cdk_kbnode_release (knode);
	      gnutls_assert ();
	      return rc;
	    }
	}
      cdk_kbnode_release (knode);
      knode = NULL;
    }
  return 0;
}
 | 
| ↓ | _gnutls_x509_crt_to_gcert | 13 | 39 | 84 | lib/gnutls_cert.c | 
| 
int
_gnutls_x509_crt_to_gcert (gnutls_cert * gcert,
			   gnutls_x509_crt_t cert, unsigned int flags)
{
  int ret = 0;
  memset (gcert, 0, sizeof (gnutls_cert));
  gcert->cert_type = GNUTLS_CRT_X509;
  if (!(flags & CERT_NO_COPY))
    {
#define SMALL_DER 512
      opaque *der;
      size_t der_size = SMALL_DER;
      /* initially allocate a bogus size, just in case the certificate
       * fits in it. That way we minimize the DER encodings performed.
       */
      der = gnutls_malloc (SMALL_DER);
      if (der == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      ret =
	gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, &der_size);
      if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  gnutls_assert ();
	  gnutls_free (der);
	  return ret;
	}
      if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
	{
	  der = gnutls_realloc (der, der_size);
	  if (der == NULL)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_MEMORY_ERROR;
	    }
	  ret =
	    gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der,
				    &der_size);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      gnutls_free (der);
	      return ret;
	    }
	}
      gcert->raw.data = der;
      gcert->raw.size = der_size;
    }
  else
    /* now we have 0 or a bitwise or of things to decode */
    flags ^= CERT_NO_COPY;
  if (flags & CERT_ONLY_EXTENSIONS || flags == 0)
    {
      gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL);
      gcert->version = gnutls_x509_crt_get_version (cert);
    }
  gcert->subject_pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL);
  if (flags & CERT_ONLY_PUBKEY || flags == 0)
    {
      gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
      ret =
	_gnutls_x509_crt_get_mpis (cert, gcert->params, &gcert->params_size);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_srp_send_params | 13 | 32 | 71 | lib/ext_srp.c | 
| 
int
_gnutls_srp_send_params (gnutls_session_t session, opaque * data,
			 size_t data_size)
{
  unsigned len;
  if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
      _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
      _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
    {
      /* algorithm was not allowed in this session
       */
      return 0;
    }
  /* this function sends the client extension data (username) */
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    {
      gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
	_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
      if (cred == NULL)
	return 0;
      if (cred->username != NULL)
	{			/* send username */
	  len = MIN (strlen (cred->username), 255);
	  if (data_size < len + 1)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_SHORT_MEMORY_BUFFER;
	    }
	  data[0] = (uint8_t) len;
	  memcpy (&data[1], cred->username, len);
	  return len + 1;
	}
      else if (cred->get_function != NULL)
	{
	  /* Try the callback
	   */
	  char *username = NULL, *password = NULL;
	  if (cred->get_function (session, &username, &password) < 0
	      || username == NULL || password == NULL)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_ILLEGAL_SRP_USERNAME;
	    }
	  len = MIN (strlen (username), 255);
	  if (data_size < len + 1)
	    {
	      gnutls_free (username);
	      gnutls_free (password);
	      gnutls_assert ();
	      return GNUTLS_E_SHORT_MEMORY_BUFFER;
	    }
	  session->internals.srp_username = username;
	  session->internals.srp_password = password;
	  data[0] = (uint8_t) len;
	  memcpy (&data[1], username, len);
	  return len + 1;
	}
    }
  return 0;
}
 | 
| ↓ | read_literal | 13 | 31 | 42 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_literal (cdk_stream_t inp, size_t pktlen,
	      cdk_pkt_literal_t * ret_pt, int is_partial)
{
  cdk_pkt_literal_t pt = *ret_pt;
  size_t nread;
  cdk_error_t rc;
  if (!inp || !pt)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_literal: %d octets\n", pktlen);
  pt->mode = cdk_stream_getc (inp);
  if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
    return CDK_Inv_Packet;
  if (cdk_stream_eof (inp))
    return CDK_Inv_Packet;
  pt->namelen = cdk_stream_getc (inp);
  if (pt->namelen > 0)
    {
      *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2);
      if (!pt)
	return CDK_Out_Of_Core;
      pt->name = (char*)pt + sizeof(*pt);
      rc = stream_read (inp, pt->name, pt->namelen, &nread);
      if (rc)
	return rc;
      if ((int) nread != pt->namelen)
	return CDK_Inv_Packet;
      pt->name[pt->namelen] = '\0';
    }
  pt->timestamp = read_32 (inp);
  pktlen = pktlen - 6 - pt->namelen;
  if (is_partial)
    _cdk_stream_set_blockmode (inp, pktlen);
  pt->buf = inp;
  pt->len = pktlen;
  return 0;
}
 | 
| ↓ | write_v3_sig | 13 | 29 | 35 | lib/opencdk/write-packet.c | 
| 
static cdk_error_t
write_v3_sig (cdk_stream_t out, cdk_pkt_signature_t sig, int nsig)
{
  size_t size;
  cdk_error_t rc;
  size = 19 + calc_mpisize (sig->mpi, nsig);
  if (is_RSA (sig->pubkey_algo))
    rc = pkt_write_head2 (out, size, CDK_PKT_SIGNATURE);
  else
    rc = pkt_write_head (out, 1, size, CDK_PKT_SIGNATURE);
  if (!rc)
    rc = stream_putc (out, sig->version);
  if (!rc)
    rc = stream_putc (out, 5);
  if (!rc)
    rc = stream_putc (out, sig->sig_class);
  if (!rc)
    rc = write_32 (out, sig->timestamp);
  if (!rc)
    rc = write_32 (out, sig->keyid[0]);
  if (!rc)
    rc = write_32 (out, sig->keyid[1]);
  if (!rc)
    rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
  if (!rc)
    rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
  if (!rc)
    rc = stream_putc (out, sig->digest_start[0]);
  if (!rc)
    rc = stream_putc (out, sig->digest_start[1]);
  if (!rc)
    rc = write_mpibuf (out, sig->mpi, nsig);
  return rc;
}
 | 
| ↓ | print_key_usage | 13 | 28 | 39 | lib/x509/output.c | 
| 
static void
print_key_usage (gnutls_string * str, const char *prefix, int type,
		 cert_type_t cert)
{
  unsigned int key_usage;
  int err;
  if (type == TYPE_CRT)
    err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL);
  else if (type == TYPE_CRQ)
    err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL);
  else
    return;
  if (err < 0)
    {
      addf (str, "error: get_key_usage: %s\n", gnutls_strerror (err));
      return;
    }
  if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
    addf (str, _("%s\t\t\tDigital signature.\n"), prefix);
  if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
    addf (str, _("%s\t\t\tNon repudiation.\n"), prefix);
  if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
    addf (str, _("%s\t\t\tKey encipherment.\n"), prefix);
  if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
    addf (str, _("%s\t\t\tData encipherment.\n"), prefix);
  if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
    addf (str, _("%s\t\t\tKey agreement.\n"), prefix);
  if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
    addf (str, _("%s\t\t\tCertificate signing.\n"), prefix);
  if (key_usage & GNUTLS_KEY_CRL_SIGN)
    addf (str, _("%s\t\t\tCRL signing.\n"), prefix);
  if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
    addf (str, _("%s\t\t\tKey encipher only.\n"), prefix);
  if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
    addf (str, _("%s\t\t\tKey decipher only.\n"), prefix);
}
 | 
| ↓ | keydb_idx_search | 13 | 21 | 40 | lib/opencdk/keydb.c | 
| 
static cdk_error_t
keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
		  off_t * r_off)
{
  key_idx_t idx;
  if (!inp || !r_off)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if ((keyid && fpr) || (!keyid && !fpr))
    {
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  /* We need an initialize the offset var with a value
     because it might be possible the returned offset will
     be 0 and then we cannot differ between the begin and an EOF. */
  *r_off = 0xFFFFFFFF;
  cdk_stream_seek (inp, 0);
  while (keydb_idx_parse (inp, &idx) != CDK_EOF)
    {
      if (keyid && KEYID_CMP (keyid, idx->keyid))
	{
	  *r_off = idx->offset;
	  break;
	}
      else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN))
	{
	  *r_off = idx->offset;
	  break;
	}
      cdk_free (idx);
      idx = NULL;
    }
  cdk_free (idx);
  return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
}
 | 
| ↓ | _gnutls_handshake_client | 23 | 49 | 115 | lib/gnutls_handshake.c | 
| 
int
_gnutls_handshake_client (gnutls_session_t session)
{
  int ret = 0;
#ifdef HANDSHAKE_DEBUG
  char buf[64];
  if (session->internals.resumed_security_parameters.session_id_size > 0)
    _gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session,
			   _gnutls_bin2hex (session->internals.
					    resumed_security_parameters.
					    session_id,
					    session->internals.
					    resumed_security_parameters.
					    session_id_size, buf,
					    sizeof (buf)));
#endif
  switch (STATE)
    {
    case STATE0:
    case STATE1:
      ret = _gnutls_send_hello (session, AGAIN (STATE1));
      STATE = STATE1;
      IMED_RET ("send hello", ret);
    case STATE2:
      /* receive the server hello */
      ret =
	_gnutls_recv_handshake (session, NULL, NULL,
				GNUTLS_HANDSHAKE_SERVER_HELLO,
				MANDATORY_PACKET);
      STATE = STATE2;
      IMED_RET ("recv hello", ret);
    case STATE70:
      if (session->security_parameters.extensions.do_recv_supplemental)
	{
	  ret = _gnutls_recv_supplemental (session);
	  STATE = STATE70;
	  IMED_RET ("recv supplemental", ret);
	}
    case STATE3:
      /* RECV CERTIFICATE */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_recv_server_certificate (session);
      STATE = STATE3;
      IMED_RET ("recv server certificate", ret);
    case STATE4:
      /* receive the server key exchange */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_recv_server_kx_message (session);
      STATE = STATE4;
      IMED_RET ("recv server kx message", ret);
    case STATE5:
      /* receive the server certificate request - if any 
       */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_recv_server_certificate_request (session);
      STATE = STATE5;
      IMED_RET ("recv server certificate request message", ret);
    case STATE6:
      /* receive the server hello done */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret =
	  _gnutls_recv_handshake (session, NULL, NULL,
				  GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
				  MANDATORY_PACKET);
      STATE = STATE6;
      IMED_RET ("recv server hello done", ret);
    case STATE71:
      if (session->security_parameters.extensions.do_send_supplemental)
	{
	  ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
	  STATE = STATE71;
	  IMED_RET ("send supplemental", ret);
	}
    case STATE7:
      /* send our certificate - if any and if requested
       */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_send_client_certificate (session, AGAIN (STATE7));
      STATE = STATE7;
      IMED_RET ("send client certificate", ret);
    case STATE8:
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8));
      STATE = STATE8;
      IMED_RET ("send client kx", ret);
    case STATE9:
      /* send client certificate verify */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret =
	  _gnutls_send_client_certificate_verify (session, AGAIN (STATE9));
      STATE = STATE9;
      IMED_RET ("send client certificate verify", ret);
      STATE = STATE0;
    default:
      break;
    }
  return 0;
}
 | 
| ↓ | cdk_handle_control | 18 | 43 | 78 | lib/opencdk/main.c | 
| 
int
cdk_handle_control (cdk_ctx_t hd, int action, int cmd, ...)
{
  va_list arg_ptr;
  int set = action == CDK_CTLF_SET, val = 0;
  if (!hd)
    return -1;
  if (action != CDK_CTLF_SET && action != CDK_CTLF_GET)
    return -1;
  va_start (arg_ptr, cmd);
  switch (cmd)
    {
    case CDK_CTL_ARMOR:
      if (set)
	hd->opt.armor = va_arg (arg_ptr, int);
      else
	val = hd->opt.armor;
      break;
    case CDK_CTL_DIGEST:
      if (set)
	handle_set_digest (hd, va_arg (arg_ptr, int));
      else
	val = hd->digest_algo;
      break;
    case CDK_CTL_OVERWRITE:
      if (set)
	hd->opt.overwrite = va_arg (arg_ptr, int);
      else
	val = hd->opt.overwrite;
      break;
    case CDK_CTL_COMPRESS:
      if (set)
	{
	  int algo = va_arg (arg_ptr, int);
	  int level = va_arg (arg_ptr, int);
	  handle_set_compress (hd, algo, level);
	}
      else
	val = hd->compress.algo;
      break;
    case CDK_CTL_S2K:
      if (set)
	{
	  int mode = va_arg (arg_ptr, int);
	  int digest = va_arg (arg_ptr, int);
	  handle_set_s2k (hd, mode, digest);
	}
      else
	val = hd->_s2k.mode;
      break;
    case CDK_CTL_FORCE_DIGEST:
      if (set)
	hd->opt.force_digest = va_arg (arg_ptr, int);
      else
	val = hd->opt.force_digest;
      break;
    case CDK_CTL_BLOCKMODE_ON:
      if (set)
	hd->opt.blockmode = va_arg (arg_ptr, int);
      else
	val = hd->opt.blockmode;
      break;
    default:
      val = -1;
      break;
    }
  va_end (arg_ptr);
  return val;
}
 | 
| ↓ | _gnutls_pkcs7_encrypt_data | 15 | 64 | 153 | lib/x509/privkey_pkcs8.c | 
| 
int
_gnutls_pkcs7_encrypt_data (schema_id schema,
			    const gnutls_datum_t * data,
			    const char *password, gnutls_datum_t * enc)
{
  int result;
  gnutls_datum_t key = { NULL, 0 };
  gnutls_datum_t tmp = { NULL, 0 };
  ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
  struct pbkdf2_params kdf_params;
  struct pbe_enc_params enc_params;
  if ((result =
       asn1_create_element (_gnutls_get_pkix (),
			    "PKIX1.pkcs-7-EncryptedData",
			    &pkcs7_asn)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Write the encryption schema OID
   */
  switch (schema)
    {
    case PBES2:
      result =
	asn1_write_value (pkcs7_asn,
			  "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
			  PBES2_OID, 1);
      break;
    case PKCS12_3DES_SHA1:
      result =
	asn1_write_value (pkcs7_asn,
			  "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
			  PKCS12_PBE_3DES_SHA1_OID, 1);
      break;
    case PKCS12_ARCFOUR_SHA1:
      result =
	asn1_write_value (pkcs7_asn,
			  "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
			  PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
      break;
    case PKCS12_RC2_40_SHA1:
      result =
	asn1_write_value (pkcs7_asn,
			  "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
			  PKCS12_PBE_RC2_40_SHA1_OID, 1);
      break;
    }
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Generate a symmetric key.
   */
  result = generate_key (schema, password, &kdf_params, &enc_params, &key);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  result = write_schema_params (schema, pkcs7_asn,
				"encryptedContentInfo.contentEncryptionAlgorithm.parameters",
				&kdf_params, &enc_params);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  /* Parameters have been encoded. Now
   * encrypt the Data.
   */
  result = encrypt_data (data, &enc_params, &key, &tmp);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  /* write the encrypted data.
   */
  result =
    asn1_write_value (pkcs7_asn,
		      "encryptedContentInfo.encryptedContent", tmp.data,
		      tmp.size);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  _gnutls_free_datum (&tmp);
  _gnutls_free_datum (&key);
  /* Now write the rest of the pkcs-7 stuff.
   */
  result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
  result =
    asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
		      DATA_OID, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* Now encode and copy the DER stuff.
   */
  result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0);
  asn1_delete_structure (&pkcs7_asn);
  if (result < 0)
    {
      gnutls_assert ();
      goto error;
    }
error:
  _gnutls_free_datum (&key);
  _gnutls_free_datum (&tmp);
  asn1_delete_structure (&pkcs7_asn);
  return result;
}
 | 
| ↓ | _gnutls_read_client_hello | 12 | 72 | 144 | lib/gnutls_handshake.c | 
| 
static int
_gnutls_read_client_hello (gnutls_session_t session, opaque * data,
			   int datalen)
{
  uint8_t session_id_len;
  int pos = 0, ret;
  uint16_t suite_size, comp_size;
  gnutls_protocol_t adv_version;
  int neg_version;
  int len = datalen;
  opaque rnd[GNUTLS_RANDOM_SIZE], *suite_ptr, *comp_ptr;
  if (session->internals.v2_hello != 0)
    {				/* version 2.0 */
      return _gnutls_read_client_hello_v2 (session, data, datalen);
    }
  DECR_LEN (len, 2);
  _gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session,
			 data[pos], data[pos + 1]);
  adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
  set_adv_version (session, data[pos], data[pos + 1]);
  pos += 2;
  neg_version = _gnutls_negotiate_version (session, adv_version);
  if (neg_version < 0)
    {
      gnutls_assert ();
      return neg_version;
    }
  /* Read client random value.
   */
  DECR_LEN (len, GNUTLS_RANDOM_SIZE);
  _gnutls_set_client_random (session, &data[pos]);
  pos += GNUTLS_RANDOM_SIZE;
  _gnutls_tls_create_random (rnd);
  _gnutls_set_server_random (session, rnd);
  session->security_parameters.timestamp = time (NULL);
  DECR_LEN (len, 1);
  session_id_len = data[pos++];
  /* RESUME SESSION 
   */
  if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
  DECR_LEN (len, session_id_len);
  ret = _gnutls_server_restore_session (session, &data[pos], session_id_len);
  pos += session_id_len;
  if (ret == 0)
    {				/* resumed! */
      resume_copy_required_values (session);
      session->internals.resumed = RESUME_TRUE;
      return _gnutls_user_hello_func (session, adv_version);
    }
  else
    {
      _gnutls_generate_session_id (session->security_parameters.session_id,
				   &session->security_parameters.
				   session_id_size);
      session->internals.resumed = RESUME_FALSE;
    }
  /* Remember ciphersuites for later
   */
  DECR_LEN (len, 2);
  suite_size = _gnutls_read_uint16 (&data[pos]);
  pos += 2;
  DECR_LEN (len, suite_size);
  suite_ptr = &data[pos];
  pos += suite_size;
  /* Point to the compression methods
   */
  DECR_LEN (len, 1);
  comp_size = data[pos++];	/* z is the number of compression methods */
  DECR_LEN (len, comp_size);
  comp_ptr = &data[pos];
  pos += comp_size;
  /* Parse the extensions (if any)
   */
  if (neg_version >= GNUTLS_TLS1)
    {
      ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION,
				      &data[pos], len);
      /* len is the rest of the parsed length */
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
    }
  ret = _gnutls_user_hello_func (session, adv_version);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  if (neg_version >= GNUTLS_TLS1)
    {
      ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS,
				      &data[pos], len);
      /* len is the rest of the parsed length */
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
    }
  /* select an appropriate cipher suite
   */
  ret = _gnutls_server_select_suite (session, suite_ptr, suite_size);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* select appropriate compression method */
  ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  return 0;
}
 | 
| ↓ | _get_sk_rsa_raw | 12 | 66 | 109 | lib/openpgp/privkey.c | 
| 
static int
_get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
		 gnutls_datum_t * m, gnutls_datum_t * e,
		 gnutls_datum_t * d, gnutls_datum_t * p,
		 gnutls_datum_t * q, gnutls_datum_t * u)
{
  int pk_algorithm, ret, i;
  cdk_packet_t pkt;
  uint32_t kid32[2];
  bigint_t params[MAX_PRIV_PARAMS_SIZE];
  int params_size = MAX_PRIV_PARAMS_SIZE;
  if (pkey == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  KEYID_IMPORT (kid32, keyid);
  pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
  if (pkt == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_OPENPGP_GETKEY_FAILED;
    }
  pk_algorithm =
    _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
  if (pk_algorithm != GNUTLS_PK_RSA)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, params, ¶ms_size);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  ret = _gnutls_mpi_dprint (params[0], m);
  if (ret < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint (params[1], e);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (m);
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint (params[2], d);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (m);
      _gnutls_free_datum (e);
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint (params[3], p);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (m);
      _gnutls_free_datum (e);
      _gnutls_free_datum (d);
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint (params[4], q);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (m);
      _gnutls_free_datum (e);
      _gnutls_free_datum (d);
      _gnutls_free_datum (p);
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint (params[5], u);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (q);
      _gnutls_free_datum (m);
      _gnutls_free_datum (e);
      _gnutls_free_datum (d);
      _gnutls_free_datum (p);
      goto cleanup;
    }
  ret = 0;
cleanup:
  for (i = 0; i < params_size; i++)
    {
      _gnutls_mpi_release (¶ms[i]);
    }
  return ret;
}
 | 
| ↓ | _gnutls_x509_encode_and_write_attribute | 12 | 63 | 127 | lib/x509/dn.c | 
| 
int
_gnutls_x509_encode_and_write_attribute (const char *given_oid,
					 ASN1_TYPE asn1_struct,
					 const char *where,
					 const void *_data,
					 int sizeof_data, int multi)
{
  const char *val_name;
  const opaque *data = _data;
  char tmp[128];
  ASN1_TYPE c2;
  int result;
  /* Find how to encode the data.
   */
  val_name = asn1_find_structure_from_oid (_gnutls_get_pkix (), given_oid);
  if (val_name == NULL)
    {
      gnutls_assert ();
      _gnutls_x509_log ("Cannot find OID: %s\n", given_oid);
      return GNUTLS_E_X509_UNSUPPORTED_OID;
    }
  _gnutls_str_cpy (tmp, sizeof (tmp), "PKIX1.");
  _gnutls_str_cat (tmp, sizeof (tmp), val_name);
  result = asn1_create_element (_gnutls_get_pkix (), tmp, &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  tmp[0] = 0;
  if ((result = _gnutls_x509_oid_data_choice (given_oid)) > 0)
    {
      const char *string_type;
      int i;
      string_type = "printableString";
      /* Check if the data is plain ascii, and use
       * the UTF8 string type if not.
       */
      for (i = 0; i < sizeof_data; i++)
	{
	  if (!isascii (data[i]))
	    {
	      string_type = "utf8String";
	      break;
	    }
	}
      /* if the type is a CHOICE then write the
       * type we'll use.
       */
      result = asn1_write_value (c2, "", string_type, 1);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      _gnutls_str_cpy (tmp, sizeof (tmp), string_type);
    }
  result = asn1_write_value (c2, tmp, data, sizeof_data);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* write the data (value)
   */
  _gnutls_str_cpy (tmp, sizeof (tmp), where);
  _gnutls_str_cat (tmp, sizeof (tmp), ".value");
  if (multi != 0)
    {				/* if not writing an AttributeTypeAndValue, but an Attribute */
      _gnutls_str_cat (tmp, sizeof (tmp), "s");	/* values */
      result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto error;
	}
      _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
    }
  result = _gnutls_x509_der_encode_and_copy (c2, "", asn1_struct, tmp, 0);
  if (result < 0)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  /* write the type
   */
  _gnutls_str_cpy (tmp, sizeof (tmp), where);
  _gnutls_str_cat (tmp, sizeof (tmp), ".type");
  result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto error;
    }
  result = 0;
error:
  asn1_delete_structure (&c2);
  return result;
}
 | 
| ↓ | _gnutls_x509_encode_and_copy_PKI_params | 12 | 57 | 113 | lib/x509/common.c | 
| 
int
_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
					 const char *dst_name,
					 gnutls_pk_algorithm_t
					 pk_algorithm, bigint_t * params,
					 int params_size)
{
  const char *pk;
  gnutls_datum_t der = { NULL, 0 };
  int result;
  char name[128];
  pk = _gnutls_x509_pk_to_oid (pk_algorithm);
  if (pk == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
    }
  /* write the OID
   */
  _gnutls_str_cpy (name, sizeof (name), dst_name);
  _gnutls_str_cat (name, sizeof (name), ".algorithm.algorithm");
  result = asn1_write_value (dst, name, pk, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  if (pk_algorithm == GNUTLS_PK_RSA)
    {
      /* disable parameters, which are not used in RSA.
       */
      _gnutls_str_cpy (name, sizeof (name), dst_name);
      _gnutls_str_cat (name, sizeof (name), ".algorithm.parameters");
      result = asn1_write_value (dst, name, NULL, 0);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      result = _gnutls_x509_write_rsa_params (params, params_size, &der);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
      /* Write the DER parameters. (in bits)
       */
      _gnutls_str_cpy (name, sizeof (name), dst_name);
      _gnutls_str_cat (name, sizeof (name), ".subjectPublicKey");
      result = asn1_write_value (dst, name, der.data, der.size * 8);
      _gnutls_free_datum (&der);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
    }
  else if (pk_algorithm == GNUTLS_PK_DSA)
    {
      result = _gnutls_x509_write_dsa_params (params, params_size, &der);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
      /* Write the DER parameters.
       */
      _gnutls_str_cpy (name, sizeof (name), dst_name);
      _gnutls_str_cat (name, sizeof (name), ".algorithm.parameters");
      result = asn1_write_value (dst, name, der.data, der.size);
      _gnutls_free_datum (&der);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
      _gnutls_str_cpy (name, sizeof (name), dst_name);
      _gnutls_str_cat (name, sizeof (name), ".subjectPublicKey");
      result = asn1_write_value (dst, name, der.data, der.size * 8);
      _gnutls_free_datum (&der);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
    }
  else
    return GNUTLS_E_UNIMPLEMENTED_FEATURE;
  return 0;
}
 | 
| ↓ | gnutls_pkcs12_generate_mac | 12 | 56 | 122 | lib/x509/pkcs12.c | 
| 
int
gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
{
  opaque salt[8], key[20];
  int result;
  const int iter = 1;
  digest_hd_st td1;
  gnutls_datum_t tmp = { NULL, 0 };
  opaque sha_mac[20];
  if (pkcs12 == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* Generate the salt.
   */
  result = _gnutls_rnd (GNUTLS_RND_NONCE, salt, sizeof (salt));
  if (result < 0)
    {
      gnutls_assert ();
      return result;
    }
  /* Write the salt into the structure.
   */
  result =
    asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt));
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  /* write the iterations
   */
  if (iter > 1)
    {
      result =
	_gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
				   iter);
      if (result < 0)
	{
	  gnutls_assert ();
	  goto cleanup;
	}
    }
  /* Generate the key.
   */
  result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt),
					 iter, pass, sizeof (key), key);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  /* Get the data to be MACed
   */
  result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  /* MAC the data
   */
  result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  _gnutls_hmac (&td1, tmp.data, tmp.size);
  _gnutls_free_datum (&tmp);
  _gnutls_hmac_deinit (&td1, sha_mac);
  result =
    asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac,
		      sizeof (sha_mac));
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  result =
    asn1_write_value (pkcs12->pkcs12,
		      "macData.mac.digestAlgorithm.parameters", NULL, 0);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  result =
    asn1_write_value (pkcs12->pkcs12,
		      "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
		      1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  return 0;
cleanup:
  _gnutls_free_datum (&tmp);
  return result;
}
 | 
| ↓ | gnutls_x509_crq_set_key_purpose_oid | 12 | 49 | 107 | lib/x509/crq.c | 
| 
int
gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t cert,
				     const void *oid, unsigned int critical)
{
  int result;
  gnutls_datum_t prev_data, der_data;
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  opaque tmp[MAX_CRQ_EXTENSIONS_SIZE];
  size_t tmp_size;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /* Check if the extension already exists.
   */
  tmp_size = sizeof (tmp);
  result = gnutls_x509_crq_get_extension_by_oid (cert, "2.5.29.37", 0,
						 tmp, &tmp_size, NULL);
  if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
    {
      gnutls_assert ();
      return result;
    }
  if (result < 0)
    {
      prev_data.data = NULL;
      prev_data.size = 0;
    }
  else
    {
      prev_data.data = tmp;
      prev_data.size = tmp_size;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  if (prev_data.size > 0)
    {
      /* decode it.
       */
      result = asn1_der_decoding (&c2, prev_data.data, prev_data.size, NULL);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  asn1_delete_structure (&c2);
	  return _gnutls_asn2err (result);
	}
    }
  /* generate the extension.
   */
  /* 1. create a new element.
   */
  result = asn1_write_value (c2, "", "NEW", 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  /* 2. Add the OID.
   */
  result = asn1_write_value (c2, "?LAST", oid, 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
  asn1_delete_structure (&c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  result = _gnutls_x509_crq_set_extension (cert, "2.5.29.37",
					   &der_data, critical);
  _gnutls_free_datum (&der_data);
  if (result < 0)
    {
      gnutls_assert ();
      return result;
    }
  return 0;
}
 | 
| ↓ | write_attributes | 12 | 47 | 105 | lib/x509/pkcs12.c | 
| 
static int
write_attributes (gnutls_pkcs12_bag_t bag, int elem,
		  ASN1_TYPE c2, const char *where)
{
  int result;
  char root[128];
  /* If the bag attributes are empty, then write
   * nothing to the attribute field.
   */
  if (bag->element[elem].friendly_name == NULL &&
      bag->element[elem].local_key_id.data == NULL)
    {
      /* no attributes
       */
      result = asn1_write_value (c2, where, NULL, 0);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      return 0;
    }
  if (bag->element[elem].local_key_id.data != NULL)
    {
      /* Add a new Attribute
       */
      result = asn1_write_value (c2, where, "NEW", 1);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      _gnutls_str_cpy (root, sizeof (root), where);
      _gnutls_str_cat (root, sizeof (root), ".?LAST");
      result =
	_gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
						 bag->element[elem].
						 local_key_id.data,
						 bag->element[elem].
						 local_key_id.size, 1);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
    }
  if (bag->element[elem].friendly_name != NULL)
    {
      opaque *name;
      int size, i;
      const char *p;
      /* Add a new Attribute
       */
      result = asn1_write_value (c2, where, "NEW", 1);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  return _gnutls_asn2err (result);
	}
      /* convert name to BMPString
       */
      size = strlen (bag->element[elem].friendly_name) * 2;
      name = gnutls_malloc (size);
      if (name == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      p = bag->element[elem].friendly_name;
      for (i = 0; i < size; i += 2)
	{
	  name[i] = 0;
	  name[i + 1] = *p;
	  p++;
	}
      _gnutls_str_cpy (root, sizeof (root), where);
      _gnutls_str_cat (root, sizeof (root), ".?LAST");
      result =
	_gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
						 root, name, size, 1);
      gnutls_free (name);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
    }
  return 0;
}
 | 
| ↓ | gnutls_x509_crt_check_revocation | 12 | 45 | 94 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
				  const gnutls_x509_crl_t * crl_list,
				  int crl_list_length)
{
  opaque serial[64];
  opaque cert_serial[64];
  size_t serial_size, cert_serial_size;
  int ncerts, ret, i, j;
  gnutls_datum_t dn1, dn2;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  for (j = 0; j < crl_list_length; j++)
    {				/* do for all the crls */
      /* Step 1. check if issuer's DN match
       */
      ret = _gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
      _gnutls_free_datum (&dn1);
      _gnutls_free_datum (&dn2);
      if (ret == 0)
	{
	  /* issuers do not match so don't even
	   * bother checking.
	   */
	  continue;
	}
      /* Step 2. Read the certificate's serial number
       */
      cert_serial_size = sizeof (cert_serial);
      ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      /* Step 3. cycle through the CRL serials and compare with
       *   certificate serial we have.
       */
      ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]);
      if (ncerts < 0)
	{
	  gnutls_assert ();
	  return ncerts;
	}
      for (i = 0; i < ncerts; i++)
	{
	  serial_size = sizeof (serial);
	  ret =
	    gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial,
					    &serial_size, NULL);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  if (serial_size == cert_serial_size)
	    {
	      if (memcmp (serial, cert_serial, serial_size) == 0)
		{
		  /* serials match */
		  return 1;	/* revoked! */
		}
	    }
	}
    }
  return 0;			/* not revoked. */
}
 | 
| ↓ | _wrap_gcry_pk_decrypt | 12 | 45 | 89 | lib/pk-libgcrypt.c | 
| 
static int
_wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
		       gnutls_datum_t * plaintext,
		       const gnutls_datum_t * ciphertext,
		       const gnutls_pk_params_st * pk_params)
{
  gcry_sexp_t s_plain = NULL, s_data = NULL, s_pkey = NULL;
  int rc = -1;
  int ret;
  bigint_t data, res;
  if (_gnutls_mpi_scan_nz (&data, ciphertext->data, ciphertext->size) != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_MPI_SCAN_FAILED;
    }
  /* make a sexp from pkey */
  switch (algo)
    {
    case GNUTLS_PK_RSA:
      if (pk_params->params_nr >= 6)
	rc = gcry_sexp_build (&s_pkey, NULL,
			      "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
			      pk_params->params[0], pk_params->params[1],
			      pk_params->params[2], pk_params->params[3],
			      pk_params->params[4], pk_params->params[5]);
      break;
    default:
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  /* put the data into a simple list */
  if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data))
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  /* pass it to libgcrypt */
  rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
  if (rc != 0)
    {
      gnutls_assert ();
      ret = GNUTLS_E_PK_DECRYPTION_FAILED;
      goto cleanup;
    }
  res = gcry_sexp_nth_mpi (s_plain, 0, 0);
  if (res == NULL)
    {
      gnutls_assert ();
      ret = GNUTLS_E_INTERNAL_ERROR;
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint_size (res, plaintext, ciphertext->size);
  _gnutls_mpi_release (&res);
  if (ret < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  ret = 0;
cleanup:
  _gnutls_mpi_release (&data);
  if (s_plain)
    gcry_sexp_release (s_plain);
  if (s_data)
    gcry_sexp_release (s_data);
  if (s_pkey)
    gcry_sexp_release (s_pkey);
  return ret;
}
 | 
| ↓ | _cdk_subpkt_get_array | 12 | 44 | 62 | lib/opencdk/new-packet.c | 
| 
byte *
_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes)
{
  cdk_subpkt_t list;
  byte *buf;
  size_t n, nbytes;
  if (!s)
    {
      if (r_nbytes)
	*r_nbytes = 0;
      return NULL;
    }
  for (n = 0, list = s; list; list = list->next)
    {
      n++;			/* type */
      n += list->size;
      if (list->size < 192)
	n++;
      else if (list->size < 8384)
	n += 2;
      else
	n += 5;
    }
  buf = cdk_calloc (1, n + 1);
  if (!buf)
    return NULL;
  n = 0;
  for (list = s; list; list = list->next)
    {
      nbytes = 1 + list->size;	/* type */
      if (nbytes < 192)
	buf[n++] = nbytes;
      else if (nbytes < 8384)
	{
	  buf[n++] = nbytes / 256 + 192;
	  buf[n++] = nbytes % 256;
	}
      else
	{
	  buf[n++] = 0xFF;
	  buf[n++] = nbytes >> 24;
	  buf[n++] = nbytes >> 16;
	  buf[n++] = nbytes >> 8;
	  buf[n++] = nbytes;
	}
      buf[n++] = list->type;
      memcpy (buf + n, list->d, list->size);
      n += list->size;
    }
  if (count)
    {
      cdk_free (buf);
      buf = NULL;
    }
  if (r_nbytes)
    *r_nbytes = n;
  return buf;
}
 | 
| ↓ | armor_encode | 12 | 44 | 66 | lib/opencdk/armor.c | 
| 
static cdk_error_t
armor_encode (void *data, FILE * in, FILE * out)
{
  armor_filter_t *afx = data;
  struct stat statbuf;
  char crcbuf[5], buf[128], raw[49];
  byte crcbuf2[3];
  size_t nread = 0;
  const char *lf;
  if (!afx)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (afx->idx < 0 || afx->idx > (int) DIM (armor_begin) ||
      afx->idx2 < 0 || afx->idx2 > (int) DIM (armor_end))
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  _cdk_log_debug ("armor filter: encode\n");
  memset (crcbuf, 0, sizeof (crcbuf));
  lf = afx->le ? afx->le : LF;
  fprintf (out, "-----%s-----%s", armor_begin[afx->idx], lf);
  fprintf (out, "Version: OpenPrivacy " PACKAGE_VERSION "%s", lf);
  if (afx->hdrlines)
    fwrite (afx->hdrlines, 1, strlen (afx->hdrlines), out);
  fprintf (out, "%s", lf);
  if (fstat (fileno (in), &statbuf))
    {
      gnutls_assert ();
      return CDK_General_Error;
    }
  while (!feof (in))
    {
      nread = fread (raw, 1, DIM (raw) - 1, in);
      if (!nread)
	break;
      if (ferror (in))
	{
	  gnutls_assert ();
	  return CDK_File_Error;
	}
      afx->crc = update_crc (afx->crc, (byte *) raw, nread);
      base64_encode (buf, (byte *) raw, nread, DIM (buf) - 1);
      fprintf (out, "%s%s", buf, lf);
    }
  crcbuf2[0] = afx->crc >> 16;
  crcbuf2[1] = afx->crc >> 8;
  crcbuf2[2] = afx->crc;
  crcbuf[0] = b64chars[crcbuf2[0] >> 2];
  crcbuf[1] = b64chars[((crcbuf2[0] << 4) & 0x30) | (crcbuf2[1] >> 4)];
  crcbuf[2] = b64chars[((crcbuf2[1] << 2) & 0x3c) | (crcbuf2[2] >> 6)];
  crcbuf[3] = b64chars[crcbuf2[2] & 0x3f];
  fprintf (out, "=%s%s", crcbuf, lf);
  fprintf (out, "-----%s-----%s", armor_end[afx->idx2], lf);
  return 0;
}
 | 
| ↓ | _select_client_cert | 12 | 43 | 106 | lib/auth_cert.c | 
| 
static int
_select_client_cert (gnutls_session_t session,
		     opaque * _data, size_t _data_size,
		     gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
{
  int result;
  int indx = -1;
  gnutls_certificate_credentials_t cred;
  opaque *data = _data;
  ssize_t data_size = _data_size;
  int issuers_dn_length;
  gnutls_datum_t *issuers_dn = NULL;
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if (cred->client_get_cert_callback != NULL)
    {
      /* use a callback to get certificate 
       */
      if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
	issuers_dn_length = 0;
      else
	{
	  issuers_dn_length = get_issuers_num (session, data, data_size);
	  if (issuers_dn_length < 0)
	    {
	      gnutls_assert ();
	      return issuers_dn_length;
	    }
	  if (issuers_dn_length > 0)
	    {
	      issuers_dn =
		gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length);
	      if (issuers_dn == NULL)
		{
		  gnutls_assert ();
		  return GNUTLS_E_MEMORY_ERROR;
		}
	      result =
		get_issuers (session, issuers_dn, issuers_dn_length,
			     data, data_size);
	      if (result < 0)
		{
		  gnutls_assert ();
		  goto cleanup;
		}
	    }
	}
      result =
	call_get_cert_callback (session, issuers_dn, issuers_dn_length,
				pk_algos, pk_algos_length);
      goto cleanup;
    }
  else
    {
      /* If we have no callbacks, try to guess.
       */
      result = 0;
      if (session->security_parameters.cert_type == GNUTLS_CRT_X509)
	result =
	  _find_x509_cert (cred, _data, _data_size,
			   pk_algos, pk_algos_length, &indx);
#ifdef ENABLE_OPENPGP
      if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP)
	result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
#endif
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
      if (indx >= 0)
	{
	  _gnutls_selected_certs_set (session,
				      &cred->cert_list[indx][0],
				      cred->cert_list_length[indx],
				      &cred->pkey[indx], 0);
	}
      else
	{
	  _gnutls_selected_certs_set (session, NULL, 0, NULL, 0);
	}
      result = 0;
    }
cleanup:
  gnutls_free (issuers_dn);
  return result;
}
 | 
| ↓ | cdk_stream_mmap_part | 12 | 42 | 67 | lib/opencdk/stream.c | 
| 
cdk_error_t
cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
		      byte ** ret_buf, size_t * ret_buflen)
{
  cdk_error_t rc;
  off_t oldpos;
  unsigned int n;
  if (!ret_buf || !ret_buflen)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  *ret_buf = NULL;
  *ret_buflen = 0;
  if (!s)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  /* Memory mapping is not supported on custom I/O objects. */
  if (s->cbs_hd)
    {
      _cdk_log_debug ("cdk_stream_mmap_part: not supported on callbacks\n");
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  oldpos = cdk_stream_tell (s);
  rc = cdk_stream_flush (s);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  rc = cdk_stream_seek (s, off);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  if (!len)
    len = cdk_stream_get_length (s);
  if (!len)
    {
      _cdk_log_debug ("cdk_stream_mmap_part: invalid file size %lu\n", len);
      gnutls_assert ();
      return s->error;
    }
  if (len > MAX_MAP_SIZE)
    {
      gnutls_assert ();
      return CDK_Too_Short;
    }
  *ret_buf = cdk_calloc (1, len + 1);
  *ret_buflen = len;
  n = cdk_stream_read (s, *ret_buf, len);
  if (n != len)
    *ret_buflen = n;
  rc = cdk_stream_seek (s, oldpos);
  if (rc)
    gnutls_assert ();
  return rc;
}
 | 
| ↓ | _gnutls_cert_type_recv_params | 12 | 37 | 92 | lib/ext_cert_type.c | 
| 
int
_gnutls_cert_type_recv_params (gnutls_session_t session,
			       const opaque * data, size_t _data_size)
{
  int new_type = -1, ret, i;
  ssize_t data_size = _data_size;
  if (session->security_parameters.entity == GNUTLS_CLIENT)
    {
      if (data_size > 0)
	{
	  if (data_size != 1)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	    }
	  new_type = _gnutls_num2cert_type (data[0]);
	  if (new_type < 0)
	    {
	      gnutls_assert ();
	      return new_type;
	    }
	  /* Check if we support this cert_type */
	  if ((ret =
	       _gnutls_session_cert_type_supported (session, new_type)) < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  _gnutls_session_cert_type_set (session, new_type);
	}
    }
  else
    {				/* SERVER SIDE - we must check if the sent cert type is the right one 
				 */
      if (data_size > 1)
	{
	  uint8_t len;
	  len = data[0];
	  DECR_LEN (data_size, len);
	  for (i = 0; i < len; i++)
	    {
	      new_type = _gnutls_num2cert_type (data[i + 1]);
	      if (new_type < 0)
		continue;
	      /* Check if we support this cert_type */
	      if ((ret =
		   _gnutls_session_cert_type_supported (session,
							new_type)) < 0)
		{
		  gnutls_assert ();
		  continue;
		}
	      else
		break;
	      /* new_type is ok */
	    }
	  if (new_type < 0)
	    {
	      gnutls_assert ();
	      return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
	    }
	  if ((ret =
	       _gnutls_session_cert_type_supported (session, new_type)) < 0)
	    {
	      gnutls_assert ();
	      /* The peer has requested unsupported certificate
	       * types. Instead of failing, procceed normally.
	       * (the ciphersuite selection would fail, or a
	       * non certificate ciphersuite will be selected).
	       */
	      return 0;
	    }
	  _gnutls_session_cert_type_set (session, new_type);
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_gen_psk_client_kx | 12 | 37 | 69 | lib/auth_psk.c | 
| 
int
_gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** data)
{
  int ret;
  gnutls_psk_client_credentials_t cred;
  cred = (gnutls_psk_client_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if (cred->username.data == NULL && cred->key.data == NULL &&
      cred->get_function != NULL)
    {
      char *username;
      gnutls_datum_t key;
      ret = cred->get_function (session, &username, &key);
      if (ret)
	{
	  gnutls_assert ();
	  return ret;
	}
      ret = _gnutls_set_datum (&cred->username, username, strlen (username));
      gnutls_free (username);
      if (ret < 0)
	{
	  gnutls_assert ();
	  _gnutls_free_datum (&key);
	  return ret;
	}
      ret = _gnutls_set_datum (&cred->key, key.data, key.size);
      _gnutls_free_datum (&key);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
    }
  else if (cred->username.data == NULL || cred->key.data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  ret = _gnutls_set_psk_session_key (session, NULL);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  (*data) = gnutls_malloc (2 + cred->username.size);
  if ((*data) == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  _gnutls_write_datum16 (*data, cred->username);
  return (cred->username.size + 2);
}
 | 
| ↓ | stream_filter_read | 12 | 36 | 64 | lib/opencdk/stream.c | 
| 
static cdk_error_t
stream_filter_read (cdk_stream_t s)
{
  struct stream_filter_s *f;
  cdk_error_t rc = 0;
  assert (s);
  if (s->flags.filtrated)
    return 0;
  for (f = s->filters; f; f = f->next)
    {
      if (!f->flags.enabled)
	continue;
      if (f->flags.error)
	{
	  _cdk_log_debug ("filter %s [read]: has the error flag; skipped\n",
			  s->fname ? s->fname : "[temp]");
	  continue;
	}
      f->tmp = _cdk_tmpfile ();
      if (!f->tmp)
	{
	  rc = CDK_File_Error;
	  break;
	}
      rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
      _cdk_log_debug ("filter %s [read]: type=%d rc=%d\n",
		      s->fname ? s->fname : "[temp]", f->type, rc);
      if (rc)
	{
	  f->flags.error = 1;
	  break;
	}
      f->flags.error = 0;
      /* If the filter is read-only, do not replace the FP because
         the contents were not altered in any way. */
      if (!f->flags.rdonly)
	{
	  rc = stream_fp_replace (s, &f->tmp);
	  if (rc)
	    break;
	}
      else
	{
	  fclose (f->tmp);
	  f->tmp = NULL;
	}
      rc = cdk_stream_seek (s, 0);
      if (rc)
	break;
      /* Disable the filter after it was successfully used. The idea
         is the following: let's say the armor filter was pushed and
         later more filters were added. The second time the filter code
         will be executed, only the new filter should be started but
         not the old because we already used it. */
      f->flags.enabled = 0;
    }
  return rc;
}
 | 
| ↓ | gnutls_x509_crt_get_authority_key_id | 12 | 36 | 73 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret,
				      size_t * ret_size,
				      unsigned int *critical)
{
  int result, len;
  gnutls_datum_t id;
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (ret)
    memset (ret, 0, *ret_size);
  else
    *ret_size = 0;
  if ((result =
       _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
				       critical)) < 0)
    {
      return result;
    }
  if (id.size == 0 || id.data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      _gnutls_free_datum (&id);
      return _gnutls_asn2err (result);
    }
  result = asn1_der_decoding (&c2, id.data, id.size, NULL);
  _gnutls_free_datum (&id);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  len = *ret_size;
  result = asn1_read_value (c2, "keyIdentifier", ret, &len);
  *ret_size = len;
  asn1_delete_structure (&c2);
  if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  if (result != ASN1_SUCCESS)
    {
      if (result != ASN1_MEM_ERROR)
	gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  return 0;
}
 | 
| ↓ | gnutls_x509_crt_get_subject_key_id | 12 | 36 | 72 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret,
				    size_t * ret_size, unsigned int *critical)
{
  int result, len;
  gnutls_datum_t id;
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (ret)
    memset (ret, 0, *ret_size);
  else
    *ret_size = 0;
  if ((result =
       _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
				       critical)) < 0)
    {
      return result;
    }
  if (id.size == 0 || id.data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      _gnutls_free_datum (&id);
      return _gnutls_asn2err (result);
    }
  result = asn1_der_decoding (&c2, id.data, id.size, NULL);
  _gnutls_free_datum (&id);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  len = *ret_size;
  result = asn1_read_value (c2, "", ret, &len);
  *ret_size = len;
  asn1_delete_structure (&c2);
  if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  if (result != ASN1_SUCCESS)
    {
      if (result != ASN1_MEM_ERROR)
	gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  return 0;
}
 | 
| ↓ | _gnutls_get_public_rsa_params | 12 | 36 | 78 | lib/auth_rsa.c | 
| 
static int
_gnutls_get_public_rsa_params (gnutls_session_t session,
			       bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
			       int *params_len)
{
  int ret;
  cert_auth_info_t info;
  gnutls_cert peer_cert;
  int i;
  /* normal non export case */
  info = _gnutls_get_auth_info (session);
  if (info == NULL || info->ncerts == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  ret =
    _gnutls_get_auth_info_gcert (&peer_cert,
				 session->security_parameters.cert_type,
				 info, CERT_ONLY_PUBKEY | CERT_NO_COPY);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* EXPORT case: */
  if (_gnutls_cipher_suite_get_kx_algo
      (&session->security_parameters.current_cipher_suite) ==
      GNUTLS_KX_RSA_EXPORT
      && _gnutls_mpi_get_nbits (peer_cert.params[0]) > 512)
    {
      _gnutls_gcert_deinit (&peer_cert);
      if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      if (*params_len < 2)
	{
	  gnutls_assert ();
	  return GNUTLS_E_INTERNAL_ERROR;
	}
      *params_len = 2;
      for (i = 0; i < *params_len; i++)
	{
	  params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
	}
      return 0;
    }
  /* end of export case */
  if (*params_len < peer_cert.params_size)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  *params_len = peer_cert.params_size;
  for (i = 0; i < *params_len; i++)
    {
      params[i] = _gnutls_mpi_copy (peer_cert.params[i]);
    }
  _gnutls_gcert_deinit (&peer_cert);
  return 0;
}
 | 
| ↓ | cdk_listkey_next | 12 | 35 | 55 | lib/opencdk/keydb.c | 
| 
cdk_error_t
cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
{
  if (!ctx || !ret_key)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  if (!ctx->init)
    {
      gnutls_assert ();
      return CDK_Inv_Mode;
    }
  if (ctx->type && ctx->u.patt[0] == '*')
    return cdk_keydb_get_keyblock (ctx->inp, ret_key);
  else if (ctx->type)
    {
      cdk_kbnode_t node;
      struct cdk_keydb_search_s ks;
      cdk_error_t rc;
      for (;;)
	{
	  rc = cdk_keydb_get_keyblock (ctx->inp, &node);
	  if (rc)
	    {
	      gnutls_assert ();
	      return rc;
	    }
	  memset (&ks, 0, sizeof (ks));
	  ks.type = CDK_DBSEARCH_SUBSTR;
	  ks.u.pattern = ctx->u.patt;
	  if (find_by_pattern (node, &ks))
	    {
	      *ret_key = node;
	      return 0;
	    }
	  cdk_kbnode_release (node);
	  node = NULL;
	}
    }
  else
    {
      if (!ctx->t)
	ctx->t = ctx->u.fpatt;
      else if (ctx->t->next)
	ctx->t = ctx->t->next;
      else
	return CDK_EOF;
      return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key);
    }
  gnutls_assert ();
  return CDK_General_Error;
}
 | 
| ↓ | gnutls_openpgp_crt_verify_ring | 12 | 33 | 58 | lib/openpgp/pgpverify.c | 
| 
int
gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
				gnutls_openpgp_keyring_t keyring,
				unsigned int flags, unsigned int *verify)
{
  gnutls_openpgp_keyid_t id;
  cdk_error_t rc;
  int status;
  if (!key || !keyring)
    {
      gnutls_assert ();
      return GNUTLS_E_NO_CERTIFICATE_FOUND;
    }
  *verify = 0;
  rc = cdk_pk_check_sigs (key->knode, keyring->db, &status);
  if (rc == CDK_Error_No_Key)
    {
      rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
      gnutls_assert ();
      return rc;
    }
  else if (rc != CDK_Success)
    {
      _gnutls_x509_log ("cdk_pk_check_sigs: error %d\n", rc);
      rc = _gnutls_map_cdk_rc (rc);
      gnutls_assert ();
      return rc;
    }
  _gnutls_x509_log ("status: %x\n", status);
  if (status & CDK_KEY_INVALID)
    *verify |= GNUTLS_CERT_INVALID;
  if (status & CDK_KEY_REVOKED)
    *verify |= GNUTLS_CERT_REVOKED;
  if (status & CDK_KEY_NOSIGNER)
    *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
  /* Check if the key is included in the ring. */
  if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
    {
      rc = gnutls_openpgp_crt_get_key_id (key, id);
      if (rc < 0)
	{
	  gnutls_assert ();
	  return rc;
	}
      rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
      /* If it exists in the keyring don't treat it as unknown. */
      if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
	*verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND;
    }
  return 0;
}
 | 
| ↓ | write_literal | 12 | 31 | 47 | lib/opencdk/write-packet.c | 
| 
static cdk_error_t
write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
{
  byte buf[BUFSIZE];
  size_t size;
  cdk_error_t rc;
  assert (out);
  assert (pt);
  /* We consider a packet without a body as an invalid packet.
     At least one octet must be present. */
  if (!pt->len)
    return CDK_Inv_Packet;
  if (DEBUG_PKT)
    _cdk_log_debug ("write_literal:\n");
  size = 6 + pt->namelen + pt->len;
  rc = pkt_write_head (out, old_ctb, size, CDK_PKT_LITERAL);
  if (rc)
    return rc;
  rc = stream_putc (out, pt->mode);
  if (rc)
    return rc;
  rc = stream_putc (out, pt->namelen);
  if (rc)
    return rc;
  if (pt->namelen > 0)
    rc = stream_write (out, pt->name, pt->namelen);
  if (!rc)
    rc = write_32 (out, pt->timestamp);
  if (rc)
    return rc;
  while (!cdk_stream_eof (pt->buf) && !rc)
    {
      rc = stream_read (pt->buf, buf, DIM (buf), &size);
      if (!rc)
	rc = stream_write (out, buf, size);
    }
  wipemem (buf, sizeof (buf));
  return rc;
}
 | 
| ↓ | read_pubkey_enc | 12 | 25 | 33 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
{
  size_t i, nenc;
  if (!inp || !pke)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_pubkey_enc: %d octets\n", pktlen);
  if (pktlen < 12)
    return CDK_Inv_Packet;
  pke->version = cdk_stream_getc (inp);
  if (pke->version < 2 || pke->version > 3)
    return CDK_Inv_Packet;
  pke->keyid[0] = read_32 (inp);
  pke->keyid[1] = read_32 (inp);
  if (!pke->keyid[0] && !pke->keyid[1])
    pke->throw_keyid = 1;	/* RFC2440 "speculative" keyID */
  pke->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
  nenc = cdk_pk_get_nenc (pke->pubkey_algo);
  if (!nenc)
    return CDK_Inv_Algo;
  for (i = 0; i < nenc; i++)
    {
      cdk_error_t rc = read_mpi (inp, &pke->mpi[i], 0);
      if (rc)
	return rc;
    }
  return 0;
}
 | 
| ↓ | _gnutls_handshake_server | 22 | 46 | 100 | lib/gnutls_handshake.c | 
| 
int
_gnutls_handshake_server (gnutls_session_t session)
{
  int ret = 0;
  switch (STATE)
    {
    case STATE0:
    case STATE1:
      ret =
	_gnutls_recv_handshake (session, NULL, NULL,
				GNUTLS_HANDSHAKE_CLIENT_HELLO,
				MANDATORY_PACKET);
      STATE = STATE1;
      IMED_RET ("recv hello", ret);
    case STATE2:
      ret = _gnutls_send_hello (session, AGAIN (STATE2));
      STATE = STATE2;
      IMED_RET ("send hello", ret);
    case STATE70:
      if (session->security_parameters.extensions.do_send_supplemental)
	{
	  ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
	  STATE = STATE70;
	  IMED_RET ("send supplemental data", ret);
	}
      /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
    case STATE3:
      /* NOTE: these should not be send if we are resuming */
      if (session->internals.resumed == RESUME_FALSE)
	ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
      STATE = STATE3;
      IMED_RET ("send server certificate", ret);
    case STATE4:
      /* send server key exchange (A) */
      if (session->internals.resumed == RESUME_FALSE)
	ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4));
      STATE = STATE4;
      IMED_RET ("send server kx", ret);
    case STATE5:
      /* Send certificate request - if requested to */
      if (session->internals.resumed == RESUME_FALSE)
	ret =
	  _gnutls_send_server_certificate_request (session, AGAIN (STATE5));
      STATE = STATE5;
      IMED_RET ("send server cert request", ret);
    case STATE6:
      /* send the server hello done */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret =
	  _gnutls_send_empty_handshake (session,
					GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
					AGAIN (STATE6));
      STATE = STATE6;
      IMED_RET ("send server hello done", ret);
    case STATE71:
      if (session->security_parameters.extensions.do_recv_supplemental)
	{
	  ret = _gnutls_recv_supplemental (session);
	  STATE = STATE71;
	  IMED_RET ("recv client supplemental", ret);
	}
      /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
    case STATE7:
      /* receive the client certificate message */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_recv_client_certificate (session);
      STATE = STATE7;
      IMED_RET ("recv client certificate", ret);
    case STATE8:
      /* receive the client key exchange message */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_recv_client_kx_message (session);
      STATE = STATE8;
      IMED_RET ("recv client kx", ret);
    case STATE9:
      /* receive the client certificate verify message */
      if (session->internals.resumed == RESUME_FALSE)	/* if we are not resuming */
	ret = _gnutls_recv_client_certificate_verify_message (session);
      STATE = STATE9;
      IMED_RET ("recv client certificate verify", ret);
      STATE = STATE0;		/* finished thus clear session */
    default:
      break;
    }
  return 0;
}
 | 
| ↓ | classify_data | 13 | 23 | 41 | lib/opencdk/keydb.c | 
| 
static int
classify_data (const byte * buf, size_t len)
{
  int type;
  unsigned int i;
  if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X'))
    {				/* Skip hex prefix. */
      buf += 2;
      len -= 2;
    }
  /* The length of the data does not match either a keyid or a fingerprint. */
  if (len != 8 && len != 16 && len != 40)
    return CDK_DBSEARCH_SUBSTR;
  for (i = 0; i < len; i++)
    {
      if (!isxdigit (buf[i]))
	return CDK_DBSEARCH_SUBSTR;
    }
  if (i != len)
    return CDK_DBSEARCH_SUBSTR;
  switch (len)
    {
    case 8:
      type = CDK_DBSEARCH_SHORT_KEYID;
      break;
    case 16:
      type = CDK_DBSEARCH_KEYID;
      break;
    case 40:
      type = CDK_DBSEARCH_FPR;
      break;
    default:
      type = CDK_DBSEARCH_SUBSTR;
      break;
    }
  return type;
}
 | 
| ↓ | _gnutls_read_client_hello_v2 | 11 | 74 | 166 | lib/gnutls_v2_compat.c | 
| 
int
_gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
			      int datalen)
{
  uint16_t session_id_len = 0;
  int pos = 0;
  int ret = 0;
  uint16_t sizeOfSuites;
  gnutls_protocol_t adv_version;
  opaque rnd[GNUTLS_RANDOM_SIZE];
  int len = datalen;
  int err;
  uint16_t challenge;
  opaque session_id[TLS_MAX_SESSION_ID_SIZE];
  /* we only want to get here once - only in client hello */
  session->internals.v2_hello = 0;
  DECR_LEN (len, 2);
  _gnutls_handshake_log
    ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
     data[pos], data[pos + 1]);
  set_adv_version (session, data[pos], data[pos + 1]);
  adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
  ret = _gnutls_negotiate_version (session, adv_version);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  pos += 2;
  /* Read uint16_t cipher_spec_length */
  DECR_LEN (len, 2);
  sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
  pos += 2;
  /* read session id length */
  DECR_LEN (len, 2);
  session_id_len = _gnutls_read_uint16 (&data[pos]);
  pos += 2;
  if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
  /* read challenge length */
  DECR_LEN (len, 2);
  challenge = _gnutls_read_uint16 (&data[pos]);
  pos += 2;
  if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE)
    {
      gnutls_assert ();
      return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
    }
  /* call the user hello callback
   */
  ret = _gnutls_user_hello_func (session, adv_version);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* find an appropriate cipher suite */
  DECR_LEN (len, sizeOfSuites);
  ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
  pos += sizeOfSuites;
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* check if the credentials (username, public key etc.) are ok
   */
  if (_gnutls_get_kx_cred
      (session,
       _gnutls_cipher_suite_get_kx_algo (&session->security_parameters.
					 current_cipher_suite), &err) == NULL
      && err != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  /* set the mod_auth_st to the appropriate struct
   * according to the KX algorithm. This is needed since all the
   * handshake functions are read from there;
   */
  session->internals.auth_struct =
    _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
			    (&session->security_parameters.
			     current_cipher_suite));
  if (session->internals.auth_struct == NULL)
    {
      _gnutls_handshake_log
	("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
	 session);
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  /* read random new values -skip session id for now */
  DECR_LEN (len, session_id_len);	/* skip session id for now */
  memcpy (session_id, &data[pos], session_id_len);
  pos += session_id_len;
  DECR_LEN (len, challenge);
  memset (rnd, 0, GNUTLS_RANDOM_SIZE);
  memcpy (&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos], challenge);
  _gnutls_set_client_random (session, rnd);
  /* generate server random value */
  _gnutls_tls_create_random (rnd);
  _gnutls_set_server_random (session, rnd);
  session->security_parameters.timestamp = time (NULL);
  /* RESUME SESSION */
  DECR_LEN (len, session_id_len);
  ret = _gnutls_server_restore_session (session, session_id, session_id_len);
  if (ret == 0)
    {				/* resumed! */
      /* get the new random values */
      memcpy (session->internals.resumed_security_parameters.server_random,
	      session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
      memcpy (session->internals.resumed_security_parameters.client_random,
	      session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
      session->internals.resumed = RESUME_TRUE;
      return 0;
    }
  else
    {
      _gnutls_generate_session_id (session->security_parameters.session_id,
				   &session->security_parameters.
				   session_id_size);
      session->internals.resumed = RESUME_FALSE;
    }
  session->internals.compression_method = GNUTLS_COMP_NULL;
  return 0;
}
 | 
| ↓ | _gnutls_asn1_encode_dsa | 11 | 67 | 119 | lib/x509/privkey.c | 
| 
int
_gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params)
{
  int result, i;
  size_t size[DSA_PRIVATE_PARAMS], total;
  opaque *p_data, *q_data, *g_data, *x_data, *y_data;
  opaque *all_data = NULL, *p;
  opaque null = '\0';
  /* Read all the sizes */
  total = 0;
  for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
    {
      _gnutls_mpi_print_lz (params[i], NULL, &size[i]);
      total += size[i];
    }
  /* Encoding phase.
   * allocate data enough to hold everything
   */
  all_data = gnutls_secure_malloc (total);
  if (all_data == NULL)
    {
      gnutls_assert ();
      result = GNUTLS_E_MEMORY_ERROR;
      goto cleanup;
    }
  p = all_data;
  p_data = p;
  p += size[0];
  q_data = p;
  p += size[1];
  g_data = p;
  p += size[2];
  y_data = p;
  p += size[3];
  x_data = p;
  _gnutls_mpi_print_lz (params[0], p_data, &size[0]);
  _gnutls_mpi_print_lz (params[1], q_data, &size[1]);
  _gnutls_mpi_print_lz (params[2], g_data, &size[2]);
  _gnutls_mpi_print_lz (params[3], y_data, &size[3]);
  _gnutls_mpi_print_lz (params[4], x_data, &size[4]);
  /* Ok. Now we have the data. Create the asn1 structures
   */
  /* first make sure that no previously allocated data are leaked */
  if (*c2 != ASN1_TYPE_EMPTY)
    {
      asn1_delete_structure (c2);
      *c2 = ASN1_TYPE_EMPTY;
    }
  if ((result = asn1_create_element
       (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2))
      != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  /* Write PRIME 
   */
  if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  if ((result = asn1_write_value (*c2, "priv",
				  x_data, size[4])) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  gnutls_free (all_data);
  if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  return 0;
cleanup:
  asn1_delete_structure (c2);
  gnutls_free (all_data);
  return result;
}
 | 
| ↓ | gen_rsa_export_server_kx | 11 | 62 | 121 | lib/auth_rsa_export.c | 
| 
static int
gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data)
{
  gnutls_rsa_params_t rsa_params;
  const bigint_t *rsa_mpis;
  size_t n_e, n_m;
  uint8_t *data_e, *data_m;
  int ret = 0, data_size;
  gnutls_cert *apr_cert_list;
  gnutls_privkey *apr_pkey;
  int apr_cert_list_length;
  gnutls_datum_t signature, ddata;
  cert_auth_info_t info;
  gnutls_certificate_credentials_t cred;
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  /* find the appropriate certificate */
  if ((ret =
       _gnutls_get_selected_cert (session, &apr_cert_list,
				  &apr_cert_list_length, &apr_pkey)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* abort sending this message if we have a certificate
   * of 512 bits or less.
   */
  if (apr_pkey && _gnutls_mpi_get_nbits (apr_pkey->params[0]) <= 512)
    {
      gnutls_assert ();
      return GNUTLS_E_INT_RET_0;
    }
  rsa_params =
    _gnutls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
					session);
  rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params);
  if (rsa_mpis == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
    }
  if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
				    sizeof (cert_auth_info_st), 0)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  info = _gnutls_get_auth_info (session);
  _gnutls_rsa_export_set_pubkey (session, rsa_mpis[1], rsa_mpis[0]);
  _gnutls_mpi_print (rsa_mpis[0], NULL, &n_m);
  _gnutls_mpi_print (rsa_mpis[1], NULL, &n_e);
  (*data) = gnutls_malloc (n_e + n_m + 4);
  if (*data == NULL)
    {
      return GNUTLS_E_MEMORY_ERROR;
    }
  data_m = &(*data)[0];
  _gnutls_mpi_print (rsa_mpis[0], &data_m[2], &n_m);
  _gnutls_write_uint16 (n_m, data_m);
  data_e = &data_m[2 + n_m];
  _gnutls_mpi_print (rsa_mpis[1], &data_e[2], &n_e);
  _gnutls_write_uint16 (n_e, data_e);
  data_size = n_m + n_e + 4;
  /* Generate the signature. */
  ddata.data = *data;
  ddata.size = data_size;
  if (apr_cert_list_length > 0)
    {
      if ((ret =
	   _gnutls_tls_sign_params (session, &apr_cert_list[0],
				    apr_pkey, &ddata, &signature)) < 0)
	{
	  gnutls_assert ();
	  gnutls_free (*data);
	  *data = NULL;
	  return ret;
	}
    }
  else
    {
      gnutls_assert ();
      return data_size;		/* do not put a signature - ILLEGAL! */
    }
  *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
  if (*data == NULL)
    {
      _gnutls_free_datum (&signature);
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  _gnutls_write_datum16 (&((*data)[data_size]), signature);
  data_size += signature.size + 2;
  _gnutls_free_datum (&signature);
  return data_size;
}
 | 
| ↓ | _dsa_generate_params | 11 | 60 | 107 | lib/pk-libgcrypt.c | 
| 
static int
_dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
{
  int ret;
  gcry_sexp_t parms, key, list;
  /* FIXME: Remove me once we depend on 1.3.1 */
  if (bits > 1024 && gcry_check_version ("1.3.1") == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (bits < 512)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
  if (ret != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  /* generate the DSA key 
   */
  ret = gcry_pk_genkey (&key, parms);
  gcry_sexp_release (parms);
  if (ret != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  list = gcry_sexp_find_token (key, "p", 0);
  if (list == NULL)
    {
      gnutls_assert ();
      gcry_sexp_release (key);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
  gcry_sexp_release (list);
  list = gcry_sexp_find_token (key, "q", 0);
  if (list == NULL)
    {
      gnutls_assert ();
      gcry_sexp_release (key);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
  gcry_sexp_release (list);
  list = gcry_sexp_find_token (key, "g", 0);
  if (list == NULL)
    {
      gnutls_assert ();
      gcry_sexp_release (key);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
  gcry_sexp_release (list);
  list = gcry_sexp_find_token (key, "y", 0);
  if (list == NULL)
    {
      gnutls_assert ();
      gcry_sexp_release (key);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
  gcry_sexp_release (list);
  list = gcry_sexp_find_token (key, "x", 0);
  if (list == NULL)
    {
      gnutls_assert ();
      gcry_sexp_release (key);
      return GNUTLS_E_INTERNAL_ERROR;
    }
  resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
  gcry_sexp_release (list);
  gcry_sexp_release (key);
  _gnutls_dump_mpi ("p: ", resarr[0]);
  _gnutls_dump_mpi ("q: ", resarr[1]);
  _gnutls_dump_mpi ("g: ", resarr[2]);
  _gnutls_dump_mpi ("y: ", resarr[3]);
  _gnutls_dump_mpi ("x: ", resarr[4]);
  *resarr_len = 5;
  return 0;
}
 | 
| ↓ | _get_sk_dsa_raw | 11 | 57 | 102 | lib/openpgp/privkey.c | 
| 
static int
_get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
		 gnutls_datum_t * p, gnutls_datum_t * q,
		 gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x)
{
  int pk_algorithm, ret, i;
  cdk_packet_t pkt;
  uint32_t kid32[2];
  bigint_t params[MAX_PRIV_PARAMS_SIZE];
  int params_size = MAX_PRIV_PARAMS_SIZE;
  if (pkey == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  KEYID_IMPORT (kid32, keyid);
  pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
  if (pkt == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_OPENPGP_GETKEY_FAILED;
    }
  pk_algorithm =
    _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
  if (pk_algorithm != GNUTLS_PK_DSA)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, params, ¶ms_size);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* P */
  ret = _gnutls_mpi_dprint (params[0], p);
  if (ret < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  /* Q */
  ret = _gnutls_mpi_dprint (params[1], q);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (p);
      goto cleanup;
    }
  /* G */
  ret = _gnutls_mpi_dprint (params[2], g);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (p);
      _gnutls_free_datum (q);
      goto cleanup;
    }
  /* Y */
  ret = _gnutls_mpi_dprint (params[3], y);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (p);
      _gnutls_free_datum (g);
      _gnutls_free_datum (q);
      goto cleanup;
    }
  ret = _gnutls_mpi_dprint (params[4], x);
  if (ret < 0)
    {
      gnutls_assert ();
      _gnutls_free_datum (y);
      _gnutls_free_datum (p);
      _gnutls_free_datum (g);
      _gnutls_free_datum (q);
      goto cleanup;
    }
  ret = 0;
cleanup:
  for (i = 0; i < params_size; i++)
    {
      _gnutls_mpi_release (¶ms[i]);
    }
  return ret;
}
 | 
| ↓ | _gnutls_proc_cert_cert_req | 11 | 53 | 104 | lib/auth_cert.c | 
| 
int
_gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data,
			    size_t data_size)
{
  int size, ret;
  opaque *p;
  gnutls_certificate_credentials_t cred;
  cert_auth_info_t info;
  ssize_t dsize;
  int i, j;
  gnutls_pk_algorithm_t pk_algos[MAX_SIGN_ALGOS];
  int pk_algos_length;
  gnutls_protocol_t ver = gnutls_protocol_get_version (session);
  cred = (gnutls_certificate_credentials_t)
    _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
  if (cred == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
    }
  if ((ret =
       _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
			      sizeof (cert_auth_info_st), 0)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  info = _gnutls_get_auth_info (session);
  p = data;
  dsize = data_size;
  DECR_LEN (dsize, 1);
  size = p[0];
  p++;
  /* check if the sign algorithm is supported.
   */
  pk_algos_length = j = 0;
  for (i = 0; i < size; i++, p++)
    {
      DECR_LEN (dsize, 1);
      if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0)
	{
	  if (j < MAX_SIGN_ALGOS)
	    {
	      pk_algos[j++] = ret;
	      pk_algos_length++;
	    }
	}
    }
  if (pk_algos_length == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
    }
  if (ver == GNUTLS_TLS1_2)
    {
      /* read supported hashes */
      int hash_num;
      DECR_LEN (dsize, 1);
      hash_num = p[0] & 0xFF;
      p++;
      DECR_LEN (dsize, hash_num);
      p += hash_num;
    }
  /* read the certificate authorities */
  DECR_LEN (dsize, 2);
  size = _gnutls_read_uint16 (p);
  p += 2;
  if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP
      && size != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
    }
  DECR_LEN (dsize, size);
  /* now we ask the user to tell which one
   * he wants to use.
   */
  if ((ret =
       _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0)
    {
      gnutls_assert ();
      return ret;
    }
  /* We should reply with a certificate message, 
   * even if we have no certificate to send.
   */
  session->key->certificate_requested = 1;
  return 0;
}
 | 
| ↓ | _gnutls_pbkdf2_sha1 | 11 | 52 | 144 | lib/x509/pbkdf2-sha1.c | 
| 
int
_gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
		     const char *S, size_t Slen,
		     unsigned int c, char *DK, size_t dkLen)
{
  unsigned int hLen = 20;
  char U[20];
  char T[20];
  unsigned int u;
  unsigned int l;
  unsigned int r;
  unsigned int i;
  unsigned int k;
  int rc;
  char *tmp;
  size_t tmplen = Slen + 4;
  if (c == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (dkLen == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /*
   *
   *  Steps:
   *
   *     1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
   *        stop.
   */
  if (dkLen > 4294967295U)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  /*
   *     2. Let l be the number of hLen-octet blocks in the derived key,
   *        rounding up, and let r be the number of octets in the last
   *        block:
   *
   *                  l = CEIL (dkLen / hLen) ,
   *                  r = dkLen - (l - 1) * hLen .
   *
   *        Here, CEIL (x) is the "ceiling" function, i.e. the smallest
   *        integer greater than, or equal to, x.
   */
  l = ((dkLen - 1) / hLen) + 1;
  r = dkLen - (l - 1) * hLen;
  /*
   *     3. For each block of the derived key apply the function F defined
   *        below to the password P, the salt S, the iteration count c, and
   *        the block index to compute the block:
   *
   *                  T_1 = F (P, S, c, 1) ,
   *                  T_2 = F (P, S, c, 2) ,
   *                  ...
   *                  T_l = F (P, S, c, l) ,
   *
   *        where the function F is defined as the exclusive-or sum of the
   *        first c iterates of the underlying pseudorandom function PRF
   *        applied to the password P and the concatenation of the salt S
   *        and the block index i:
   *
   *                  F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
   *
   *        where
   *
   *                  U_1 = PRF (P, S || INT (i)) ,
   *                  U_2 = PRF (P, U_1) ,
   *                  ...
   *                  U_c = PRF (P, U_{c-1}) .
   *
   *        Here, INT (i) is a four-octet encoding of the integer i, most
   *        significant octet first.
   *
   *     4. Concatenate the blocks and extract the first dkLen octets to
   *        produce a derived key DK:
   *
   *                  DK = T_1 || T_2 ||  ...  || T_l<0..r-1>
   *
   *     5. Output the derived key DK.
   *
   *  Note. The construction of the function F follows a "belt-and-
   *  suspenders" approach. The iterates U_i are computed recursively to
   *  remove a degree of parallelism from an opponent; they are exclusive-
   *  ored together to reduce concerns about the recursion degenerating
   *  into a small set of values.
   *
   */
  tmp = gnutls_malloc (tmplen);
  if (tmp == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  memcpy (tmp, S, Slen);
  for (i = 1; i <= l; i++)
    {
      memset (T, 0, hLen);
      for (u = 1; u <= c; u++)
	{
	  if (u == 1)
	    {
	      tmp[Slen + 0] = (i & 0xff000000) >> 24;
	      tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
	      tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
	      tmp[Slen + 3] = (i & 0x000000ff) >> 0;
	      rc =
		_gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
	    }
	  else
	    rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
	  if (rc < 0)
	    {
	      gnutls_free (tmp);
	      return rc;
	    }
	  for (k = 0; k < hLen; k++)
	    T[k] ^= U[k];
	}
      memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
    }
  gnutls_free (tmp);
  return 0;
}
 | 
| ↓ | _gnutls_fbase64_decode | 11 | 52 | 95 | lib/x509_b64.c | 
| 
int
_gnutls_fbase64_decode (const char *header, const opaque * data,
			size_t data_size, uint8_t ** result)
{
  int ret;
  static const char top[] = "-----BEGIN ";
  static const char bottom[] = "\n-----END ";
  uint8_t *rdata;
  int rdata_size;
  uint8_t *kdata;
  int kdata_size;
  char pem_header[128];
  _gnutls_str_cpy (pem_header, sizeof (pem_header), top);
  if (header != NULL)
    _gnutls_str_cat (pem_header, sizeof (pem_header), header);
  rdata = memmem (data, data_size, pem_header, strlen (pem_header));
  if (rdata == NULL)
    {
      gnutls_assert ();
      _gnutls_debug_log ("Could not find '%s'\n", pem_header);
      return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR;
    }
  data_size -= (unsigned long int) rdata - (unsigned long int) data;
  if (data_size < 4 + strlen (bottom))
    {
      gnutls_assert ();
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  kdata = memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1);
  /* allow CR as well.
   */
  if (kdata == NULL)
    kdata = memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1);
  if (kdata == NULL)
    {
      gnutls_assert ();
      _gnutls_x509_log ("Could not find '%s'\n", ENDSTR);
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  data_size -= strlen (ENDSTR);
  data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
  rdata = kdata + strlen (ENDSTR);
  /* position is now after the ---BEGIN--- headers */
  kdata = memmem (rdata, data_size, bottom, strlen (bottom));
  if (kdata == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  /* position of kdata is before the ----END--- footer 
   */
  rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
  if (rdata_size < 4)
    {
      gnutls_assert ();
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  kdata_size = cpydata (rdata, rdata_size, &kdata);
  if (kdata_size < 0)
    {
      gnutls_assert ();
      return kdata_size;
    }
  if (kdata_size < 4)
    {
      gnutls_assert ();
      gnutls_free (kdata);
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  if ((ret = _gnutls_base64_decode (kdata, kdata_size, result)) < 0)
    {
      gnutls_free (kdata);
      gnutls_assert ();
      return GNUTLS_E_BASE64_DECODING_ERROR;
    }
  gnutls_free (kdata);
  return ret;
}
 | 
| ↓ | _gnutls_send_server_hello | 11 | 49 | 112 | lib/gnutls_handshake.c | 
| 
static int
_gnutls_send_server_hello (gnutls_session_t session, int again)
{
  opaque *data = NULL;
  opaque extdata[MAX_EXT_DATA_LENGTH];
  int extdatalen;
  int pos = 0;
  int datalen, ret = 0;
  uint8_t comp;
  opaque *SessionID = session->security_parameters.session_id;
  uint8_t session_id_len = session->security_parameters.session_id_size;
  opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
  if (SessionID == NULL)
    session_id_len = 0;
  datalen = 0;
#ifdef ENABLE_SRP
  if (IS_SRP_KX
      (_gnutls_cipher_suite_get_kx_algo
       (&session->security_parameters.current_cipher_suite)))
    {
      /* While resuming we cannot check the username extension since it is
       * not available at this point. It will be copied on connection
       * state activation.
       */
      if (session->internals.resumed == RESUME_FALSE &&
	  session->security_parameters.extensions.srp_username[0] == 0)
	{
	  /* The peer didn't send a valid SRP extension with the
	   * SRP username. The draft requires that we send a fatal
	   * alert and abort.
	   */
	  gnutls_assert ();
	  ret = gnutls_alert_send (session, GNUTLS_AL_FATAL,
				   GNUTLS_A_UNKNOWN_PSK_IDENTITY);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  return GNUTLS_E_ILLEGAL_SRP_USERNAME;
	}
    }
#endif
  if (again == 0)
    {
      datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
      extdatalen =
	_gnutls_gen_extensions (session, extdata, sizeof (extdata));
      if (extdatalen < 0)
	{
	  gnutls_assert ();
	  return extdatalen;
	}
      data = gnutls_malloc (datalen + extdatalen);
      if (data == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      data[pos++] =
	_gnutls_version_get_major (session->security_parameters.version);
      data[pos++] =
	_gnutls_version_get_minor (session->security_parameters.version);
      memcpy (&data[pos],
	      session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
      pos += GNUTLS_RANDOM_SIZE;
      data[pos++] = session_id_len;
      if (session_id_len > 0)
	{
	  memcpy (&data[pos], SessionID, session_id_len);
	}
      pos += session_id_len;
      _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
			     _gnutls_bin2hex (SessionID, session_id_len,
					      buf, sizeof (buf)));
      memcpy (&data[pos],
	      session->security_parameters.current_cipher_suite.suite, 2);
      pos += 2;
      comp =
	(uint8_t) _gnutls_compression_get_num (session->
					       internals.compression_method);
      data[pos++] = comp;
      if (extdatalen > 0)
	{
	  datalen += extdatalen;
	  memcpy (&data[pos], extdata, extdatalen);
	}
    }
  ret =
    _gnutls_send_handshake (session, data, datalen,
			    GNUTLS_HANDSHAKE_SERVER_HELLO);
  gnutls_free (data);
  return ret;
}
 | 
| ↓ | _gnutls_proc_rsa_client_kx | 11 | 44 | 109 | lib/auth_rsa.c | 
| 
int
_gnutls_proc_rsa_client_kx (gnutls_session_t session, opaque * data,
			    size_t _data_size)
{
  gnutls_datum_t plaintext;
  gnutls_datum_t ciphertext;
  int ret, dsize;
  bigint_t *params;
  int params_len;
  int randomize_key = 0;
  ssize_t data_size = _data_size;
  if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
    {
      /* SSL 3.0 
       */
      ciphertext.data = data;
      ciphertext.size = data_size;
    }
  else
    {
      /* TLS 1.0
       */
      DECR_LEN (data_size, 2);
      ciphertext.data = &data[2];
      dsize = _gnutls_read_uint16 (data);
      if (dsize != data_size)
	{
	  gnutls_assert ();
	  return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
	}
      ciphertext.size = dsize;
    }
  ret = _gnutls_get_private_rsa_params (session, ¶ms, ¶ms_len);
  if (ret < 0)
    {
      gnutls_assert ();
      return ret;
    }
  ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2);	/* btype==2 */
  if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
    {
      /* In case decryption fails then don't inform
       * the peer. Just use a random key. (in order to avoid
       * attack against pkcs-1 formating).
       */
      gnutls_assert ();
      _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n");
      randomize_key = 1;
    }
  else
    {
      /* If the secret was properly formatted, then
       * check the version number.
       */
      if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
	  || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
	{
	  /* No error is returned here, if the version number check
	   * fails. We proceed normally.
	   * That is to defend against the attack described in the paper
	   * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
	   * Ondej Pokorny and Tomas Rosa.
	   */
	  gnutls_assert ();
	  _gnutls_x509_log
	    ("auth_rsa: Possible PKCS #1 version check format attack\n");
	}
    }
  if (randomize_key != 0)
    {
      session->key->key.size = GNUTLS_MASTER_SIZE;
      session->key->key.data = gnutls_malloc (session->key->key.size);
      if (session->key->key.data == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      /* we do not need strong random numbers here.
       */
      ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
			 session->key->key.size);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
    }
  else
    {
      session->key->key.data = plaintext.data;
      session->key->key.size = plaintext.size;
    }
  /* This is here to avoid the version check attack
   * discussed above.
   */
  session->key->key.data[0] = _gnutls_get_adv_version_major (session);
  session->key->key.data[1] = _gnutls_get_adv_version_minor (session);
  return 0;
}
 | 
| ↓ | gnutls_pkcs7_get_crt_raw | 11 | 42 | 89 | lib/x509/pkcs7.c | 
| 
int
gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
			  int indx, void *certificate,
			  size_t * certificate_size)
{
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  int result, len;
  char root2[ASN1_MAX_NAME_SIZE];
  char oid[MAX_OID_SIZE];
  gnutls_datum_t tmp = { NULL, 0 };
  if (certificate_size == NULL || pkcs7 == NULL)
    return GNUTLS_E_INVALID_REQUEST;
  /* Step 1. decode the signed data.
   */
  result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
  if (result < 0)
    {
      gnutls_assert ();
      return result;
    }
  /* Step 2. Parse the CertificateSet 
   */
  snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
  len = sizeof (oid) - 1;
  result = asn1_read_value (c2, root2, oid, &len);
  if (result == ASN1_VALUE_NOT_FOUND)
    {
      result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
      goto cleanup;
    }
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  /* if 'Certificate' is the choice found: 
   */
  if (strcmp (oid, "certificate") == 0)
    {
      int start, end;
      result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
					   root2, &start, &end);
      if (result != ASN1_SUCCESS)
	{
	  gnutls_assert ();
	  result = _gnutls_asn2err (result);
	  goto cleanup;
	}
      end = end - start + 1;
      if ((unsigned) end > *certificate_size)
	{
	  *certificate_size = end;
	  result = GNUTLS_E_SHORT_MEMORY_BUFFER;
	  goto cleanup;
	}
      if (certificate)
	memcpy (certificate, &tmp.data[start], end);
      *certificate_size = end;
      result = 0;
    }
  else
    {
      result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
    }
cleanup:
  _gnutls_free_datum (&tmp);
  if (c2)
    asn1_delete_structure (&c2);
  return result;
}
 | 
| ↓ | gnutls_x509_crt_import | 11 | 39 | 87 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_import (gnutls_x509_crt_t cert,
			const gnutls_datum_t * data,
			gnutls_x509_crt_fmt_t format)
{
  int result = 0, need_free = 0;
  gnutls_datum_t _data;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  _data.data = data->data;
  _data.size = data->size;
  /* If the Certificate is in PEM format then decode it
   */
  if (format == GNUTLS_X509_FMT_PEM)
    {
      opaque *out;
      /* Try the first header */
      result =
	_gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out);
      if (result <= 0)
	{
	  /* try for the second header */
	  result =
	    _gnutls_fbase64_decode (PEM_X509_CERT, data->data,
				    data->size, &out);
	  if (result <= 0)
	    {
	      if (result == 0)
		result = GNUTLS_E_INTERNAL_ERROR;
	      gnutls_assert ();
	      return result;
	    }
	}
      _data.data = out;
      _data.size = result;
      need_free = 1;
    }
  if (cert->cert)
    {
      /* Any earlier asn1_der_decoding will modify the ASN.1
	 structure, so we need to replace it with a fresh
	 structure. */
      asn1_delete_structure (&cert->cert);
      result = asn1_create_element (_gnutls_get_pkix (),
				    "PKIX1.Certificate", &cert->cert);
      if (result != ASN1_SUCCESS)
	{
	  result = _gnutls_asn2err (result);
	  gnutls_assert ();
	  goto cleanup;
	}
    }
  result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
  if (result != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (result);
      gnutls_assert ();
      goto cleanup;
    }
  /* Since we do not want to disable any extension
   */
  cert->use_extensions = 1;
  if (need_free)
    _gnutls_free_datum (&_data);
  return 0;
cleanup:
  if (need_free)
    _gnutls_free_datum (&_data);
  return result;
}
 | 
| ↓ | _gnutls_handshake_io_recv_int | 11 | 38 | 81 | lib/gnutls_buffers.c | 
| 
ssize_t
_gnutls_handshake_io_recv_int (gnutls_session_t session,
			       content_type_t type,
			       gnutls_handshake_description_t htype,
			       void *iptr, size_t sizeOfPtr)
{
  size_t left;
  ssize_t i;
  opaque *ptr;
  size_t dsize;
  ptr = iptr;
  left = sizeOfPtr;
  if (sizeOfPtr == 0 || iptr == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (session->internals.handshake_recv_buffer.length > 0)
    {
      size_t tmp;
      
      /* if we have already received some data */
      if (sizeOfPtr <= session->internals.handshake_recv_buffer.length)
	{
	  /* if requested less data then return it.
	   */
	  gnutls_assert ();
	  
	  tmp = sizeOfPtr;
	  _gnutls_string_get_data( &session->internals.handshake_recv_buffer, iptr, &tmp);
	  return tmp;
	}
      gnutls_assert ();
      tmp = sizeOfPtr; 
      _gnutls_string_get_data( &session->internals.handshake_recv_buffer, iptr, &tmp);
      left -= tmp;
      htype = session->internals.handshake_recv_buffer_htype;
      type = session->internals.handshake_recv_buffer_type;
    }
  while (left > 0)
    {
      dsize = sizeOfPtr - left;
      i = _gnutls_recv_int (session, type, htype, &ptr[dsize], left);
      if (i < 0)
	{
	  if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN))
	    {
	      gnutls_assert ();
	      _gnutls_buffer_append (&session->internals.handshake_recv_buffer, iptr,
		      dsize);
	      session->internals.handshake_recv_buffer_htype = htype;
	      session->internals.handshake_recv_buffer_type = type;
	    }
	  gnutls_assert ();
	  return i;
	}
      else
	{
	  if (i == 0)
	    break;		/* EOF */
	}
      left -= i;
    }
  session->internals.handshake_recv_buffer.length = 0;
  return sizeOfPtr - left;
}
 | 
| ↓ | gnutls_x509_crt_get_key_purpose_oid | 11 | 38 | 78 | lib/x509/x509.c | 
| 
int
gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
				     int indx, void *oid, size_t * sizeof_oid,
				     unsigned int *critical)
{
  char tmpstr[ASN1_MAX_NAME_SIZE];
  int result, len;
  gnutls_datum_t id;
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (oid)
    memset (oid, 0, *sizeof_oid);
  else
    *sizeof_oid = 0;
  if ((result =
       _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
				       critical)) < 0)
    {
      return result;
    }
  if (id.size == 0 || id.data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      _gnutls_free_datum (&id);
      return _gnutls_asn2err (result);
    }
  result = asn1_der_decoding (&c2, id.data, id.size, NULL);
  _gnutls_free_datum (&id);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  indx++;
  /* create a string like "?1"
   */
  snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
  len = *sizeof_oid;
  result = asn1_read_value (c2, tmpstr, oid, &len);
  *sizeof_oid = len;
  asn1_delete_structure (&c2);
  if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  return 0;
}
 | 
| ↓ | decode_ber_digest_info | 11 | 37 | 72 | lib/x509/verify.c | 
| 
static int
decode_ber_digest_info (const gnutls_datum_t * info,
			gnutls_mac_algorithm_t * hash,
			opaque * digest, int *digest_size)
{
  ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
  int result;
  char str[1024];
  int len;
  if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
				     "GNUTLS.DigestInfo",
				     &dinfo)) != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  result = asn1_der_decoding (&dinfo, info->data, info->size, NULL);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&dinfo);
      return _gnutls_asn2err (result);
    }
  len = sizeof (str) - 1;
  result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&dinfo);
      return _gnutls_asn2err (result);
    }
  *hash = _gnutls_x509_oid2mac_algorithm (str);
  if (*hash == GNUTLS_MAC_UNKNOWN)
    {
      _gnutls_x509_log ("verify.c: HASH OID: %s\n", str);
      gnutls_assert ();
      asn1_delete_structure (&dinfo);
      return GNUTLS_E_UNKNOWN_ALGORITHM;
    }
  len = sizeof (str) - 1;
  result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
  /* To avoid permitting garbage in the parameters field, either the
     parameters field is not present, or it contains 0x05 0x00. */
  if (!(result == ASN1_ELEMENT_NOT_FOUND ||
	(result == ASN1_SUCCESS && len == 2 &&
	 str[0] == 0x05 && str[1] == 0x00)))
    {
      gnutls_assert ();
      asn1_delete_structure (&dinfo);
      return GNUTLS_E_ASN1_GENERIC_ERROR;
    }
  result = asn1_read_value (dinfo, "digest", digest, digest_size);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&dinfo);
      return _gnutls_asn2err (result);
    }
  asn1_delete_structure (&dinfo);
  return 0;
}
 | 
| ↓ | gnutls_pkcs7_set_crt_raw | 11 | 37 | 82 | lib/x509/pkcs7.c | 
| 
int
gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
{
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  int result;
  if (pkcs7 == NULL)
    return GNUTLS_E_INVALID_REQUEST;
  /* Step 1. decode the signed data.
   */
  result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
  if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
    {
      gnutls_assert ();
      return result;
    }
  /* If the signed data are uninitialized
   * then create them.
   */
  if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
    {
      /* The pkcs7 structure is new, so create the
       * signedData.
       */
      result = create_empty_signed_data (pkcs7->pkcs7, &c2);
      if (result < 0)
	{
	  gnutls_assert ();
	  return result;
	}
    }
  /* Step 2. Append the new certificate.
   */
  result = asn1_write_value (c2, "certificates", "NEW", 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  result = asn1_write_value (c2, "certificates.?LAST", "certificate", 1);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  result =
    asn1_write_value (c2, "certificates.?LAST.certificate", crt->data,
		      crt->size);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      result = _gnutls_asn2err (result);
      goto cleanup;
    }
  /* Step 3. Replace the old content with the new
   */
  result =
    _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  asn1_delete_structure (&c2);
  return 0;
cleanup:
  if (c2)
    asn1_delete_structure (&c2);
  return result;
}
 | 
| ↓ | _cdk_keydb_check_userid | 11 | 37 | 57 | lib/opencdk/keydb.c | 
| 
cdk_error_t
_cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
{
  cdk_kbnode_t knode = NULL, unode = NULL;
  cdk_error_t rc;
  int check;
  cdk_keydb_search_t st;
  if (!hd)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  rc = cdk_keydb_search (st, hd, &knode);
  cdk_keydb_search_release (st);
  if (rc)
    {
      gnutls_assert ();
      return rc;
    }
  rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
  if (!rc)
    {
      rc = cdk_keydb_search (st, hd, &unode);
      cdk_keydb_search_release (st);
    }
  if (rc)
    {
      cdk_kbnode_release (knode);
      gnutls_assert ();
      return rc;
    }
  check = 0;
  cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
  if (unode && find_by_keyid (unode, st))
    check++;
  cdk_keydb_search_release (st);
  cdk_kbnode_release (unode);
  cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
  if (knode && find_by_pattern (knode, st))
    check++;
  cdk_keydb_search_release (st);
  cdk_kbnode_release (knode);
  return check == 2 ? 0 : CDK_Inv_Value;
}
 | 
| ↓ | gnutls_x509_privkey_import_pkcs8 | 11 | 36 | 84 | lib/x509/privkey_pkcs8.c | 
| 
int
gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
				  const gnutls_datum_t * data,
				  gnutls_x509_crt_fmt_t format,
				  const char *password, unsigned int flags)
{
  int result = 0, need_free = 0;
  gnutls_datum_t _data;
  if (key == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  _data.data = data->data;
  _data.size = data->size;
  key->pk_algorithm = GNUTLS_PK_UNKNOWN;
  /* If the Certificate is in PEM format then decode it
   */
  if (format == GNUTLS_X509_FMT_PEM)
    {
      opaque *out;
      /* Try the first header 
       */
      result =
	_gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
				data->data, data->size, &out);
      if (result < 0)
	{			/* Try the encrypted header 
				 */
	  result =
	    _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out);
	  if (result <= 0)
	    {
	      if (result == 0)
		result = GNUTLS_E_INTERNAL_ERROR;
	      gnutls_assert ();
	      return result;
	    }
	}
      else if (flags == 0)
	flags |= GNUTLS_PKCS_PLAIN;
      _data.data = out;
      _data.size = result;
      need_free = 1;
    }
  if (flags & GNUTLS_PKCS_PLAIN)
    {
      result = decode_private_key_info (&_data, key);
    }
  else
    {				/* encrypted. */
      result = decode_pkcs8_key (&_data, password, key);
    }
  if (result < 0)
    {
      gnutls_assert ();
      goto cleanup;
    }
  if (need_free)
    _gnutls_free_datum (&_data);
  /* The key has now been decoded.
   */
  return 0;
cleanup:
  key->pk_algorithm = GNUTLS_PK_UNKNOWN;
  if (need_free)
    _gnutls_free_datum (&_data);
  return result;
}
 | 
| ↓ | gnutls_x509_crl_get_authority_key_id | 11 | 35 | 72 | lib/x509/crl.c | 
| 
int
gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
				      size_t * ret_size,
				      unsigned int *critical)
{
  int result, len;
  gnutls_datum_t id;
  ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
  if (crl == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (ret)
    memset (ret, 0, *ret_size);
  else
    *ret_size = 0;
  if ((result =
       _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &id,
				       critical)) < 0)
    {
      return result;
    }
  if (id.size == 0 || id.data == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  result = asn1_create_element
    (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      _gnutls_free_datum (&id);
      return _gnutls_asn2err (result);
    }
  result = asn1_der_decoding (&c2, id.data, id.size, NULL);
  _gnutls_free_datum (&id);
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      asn1_delete_structure (&c2);
      return _gnutls_asn2err (result);
    }
  len = *ret_size;
  result = asn1_read_value (c2, "keyIdentifier", ret, &len);
  *ret_size = len;
  asn1_delete_structure (&c2);
  if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
    {
      return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
    }
  if (result != ASN1_SUCCESS)
    {
      gnutls_assert ();
      return _gnutls_asn2err (result);
    }
  return 0;
}
 | 
| ↓ | _gnutls_read_pgp_mpi | 11 | 34 | 84 | lib/openpgp/pgp.c | 
| 
int
_gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
		      bigint_t * m)
{
  size_t buf_size = 512;
  opaque *buf = gnutls_malloc (buf_size);
  int err;
  unsigned int max_pub_params = 0;
  if (priv != 0)
    max_pub_params = cdk_pk_get_npkey (pkt->pkt.secret_key->pk->pubkey_algo);
  if (buf == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_MEMORY_ERROR;
    }
  /* FIXME: Note that opencdk doesn't like the buf to be NULL.
   */
  if (priv == 0)
    err =
      cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
		      NULL);
  else
    {
      if (idx < max_pub_params)
	err =
	  cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
			  &buf_size, NULL);
      else
	{
	  err =
	    cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf,
			    buf_size, &buf_size, NULL);
	}
    }
  if (err == CDK_Too_Short)
    {
      buf = gnutls_realloc_fast (buf, buf_size);
      if (buf == NULL)
	{
	  gnutls_assert ();
	  return GNUTLS_E_MEMORY_ERROR;
	}
      if (priv == 0)
	err =
	  cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
			  NULL);
      else
	{
	  if (idx < max_pub_params)
	    err =
	      cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
			      &buf_size, NULL);
	  else
	    {
	      err =
		cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params,
				buf, buf_size, &buf_size, NULL);
	    }
	}
    }
  if (err != CDK_Success)
    {
      gnutls_assert ();
      gnutls_free (buf);
      return _gnutls_map_cdk_rc (err);
    }
  err = _gnutls_mpi_scan (m, buf, buf_size);
  gnutls_free (buf);
  if (err < 0)
    {
      gnutls_assert ();
      return err;
    }
  return 0;
}
 | 
| ↓ | gnutls_openpgp_crt_import | 11 | 33 | 60 | lib/openpgp/pgp.c | 
| 
int
gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
			   const gnutls_datum_t * data,
			   gnutls_openpgp_crt_fmt_t format)
{
  cdk_stream_t inp;
  cdk_packet_t pkt;
  int rc;
  if (data->data == NULL || data->size == 0)
    {
      gnutls_assert ();
      return GNUTLS_E_OPENPGP_GETKEY_FAILED;
    }
  if (format == GNUTLS_OPENPGP_FMT_RAW)
    {
      rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
      if (rc)
	{
	  rc = _gnutls_map_cdk_rc (rc);
	  gnutls_assert ();
	  return rc;
	}
    }
  else
    {
      rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
      if (rc)
	{
	  rc = _gnutls_map_cdk_rc (rc);
	  gnutls_assert ();
	  return rc;
	}
      if (cdk_armor_filter_use (inp))
	rc = cdk_stream_set_armor_flag (inp, 0);
      if (!rc)
	rc = cdk_keydb_get_keyblock (inp, &key->knode);
      cdk_stream_close (inp);
      if (rc)
	{
	  if (rc == CDK_Inv_Packet)
	    rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
	  else
	    rc = _gnutls_map_cdk_rc (rc);
	  gnutls_assert ();
	  return rc;
	}
    }
  /* Test if the import was successful. */
  pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
  if (pkt == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_OPENPGP_GETKEY_FAILED;
    }
  return 0;
}
 | 
| ↓ | cdk_pk_check_self_sig | 11 | 33 | 50 | lib/opencdk/sig-check.c | 
| 
cdk_error_t
cdk_pk_check_self_sig (cdk_kbnode_t key, int *r_status)
{
  cdk_pkt_signature_t sig;
  cdk_kbnode_t node;
  cdk_error_t rc;
  u32 keyid[2], sigid[2];
  int is_selfsig, sig_ok;
  if (!key || !r_status)
    return CDK_Inv_Value;
  node = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
  if (!node)
    return CDK_Error_No_Key;
  /* FIXME: we should set expire/revoke here also but callers
     expect CDK_KEY_VALID=0 if the key is okay. */
  cdk_pk_get_keyid (key->pkt->pkt.public_key, keyid);
  sig_ok = 0;
  for (node = key; node; node = node->next)
    {
      if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
	continue;
      sig = node->pkt->pkt.signature;
      if (!IS_UID_SIG (sig))
	continue;
      cdk_sig_get_keyid (sig, sigid);
      if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
	continue;
      /* FIXME: Now we check all self signatures. */
      rc = _cdk_pk_check_sig (NULL, key, node, &is_selfsig, NULL);
      if (rc)
	{
	  *r_status = CDK_KEY_INVALID;
	  return rc;
	}
      else			/* For each valid self sig we increase this counter. */
	sig_ok++;
    }
  /* A key without a self signature is not valid. */
  if (!sig_ok)
    {
      *r_status = CDK_KEY_INVALID;
      return CDK_General_Error;
    }
  /* No flags indicate a valid key. */
  *r_status = CDK_KEY_VALID;
  return 0;
}
 | 
| ↓ | gnutls_openpgp_crt_get_auth_subkey | 11 | 32 | 62 | lib/openpgp/pgp.c | 
| 
int
gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
				    gnutls_openpgp_keyid_t keyid,
				    unsigned int flag)
{
  int ret, subkeys, i;
  unsigned int usage;
  unsigned int keyid_init = 0;
  subkeys = gnutls_openpgp_crt_get_subkey_count (crt);
  if (subkeys <= 0)
    {
      gnutls_assert ();
      return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
    }
  /* Try to find a subkey with the authentication flag set.
   * if none exists use the last one found
   */
  for (i = 0; i < subkeys; i++)
    {
      ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i);
      if (ret != 0)		/* it is revoked. ignore it */
	continue;
      if (keyid_init == 0)
	{			/* keep the first valid subkey */
	  ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  keyid_init = 1;
	}
      ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage);
      if (ret < 0)
	{
	  gnutls_assert ();
	  return ret;
	}
      if (usage & GNUTLS_KEY_KEY_AGREEMENT)
	{
	  ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
	  if (ret < 0)
	    {
	      gnutls_assert ();
	      return ret;
	    }
	  return 0;
	}
    }
  if (flag && keyid_init)
    return 0;
  else
    return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
 | 
| ↓ | gnutls_openpgp_crt_get_name | 11 | 30 | 53 | lib/openpgp/pgp.c | 
| 
int
gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
			     int idx, char *buf, size_t * sizeof_buf)
{
  cdk_kbnode_t ctx = NULL, p;
  cdk_packet_t pkt = NULL;
  cdk_pkt_userid_t uid = NULL;
  int pos = 0;
  if (!key || !buf)
    {
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }
  if (idx < 0 || idx >= _gnutls_openpgp_count_key_names (key))
    return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
  pos = 0;
  while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
    {
      pkt = cdk_kbnode_get_packet (p);
      if (pkt->pkttype == CDK_PKT_USER_ID)
	{
	  if (pos == idx)
	    break;
	  pos++;
	}
    }
  if (!pkt)
    {
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }
  uid = pkt->pkt.user_id;
  if (uid->len >= *sizeof_buf)
    {
      gnutls_assert ();
      *sizeof_buf = uid->len + 1;
      return GNUTLS_E_SHORT_MEMORY_BUFFER;
    }
  memcpy (buf, uid->name, uid->len);
  buf[uid->len] = '\0';		/* make sure it's a string */
  *sizeof_buf = uid->len + 1;
  if (uid->is_revoked)
    return GNUTLS_E_OPENPGP_UID_REVOKED;
  return 0;
}
 | 
| ↓ | read_public_key | 11 | 30 | 46 | lib/opencdk/read-packet.c | 
| 
static cdk_error_t
read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
{
  size_t i, ndays, npkey;
  if (!inp || !pk)
    return CDK_Inv_Value;
  if (DEBUG_PKT)
    _cdk_log_debug ("read_public_key: %d octets\n", pktlen);
  pk->is_invalid = 1;		/* default to detect missing self signatures */
  pk->is_revoked = 0;
  pk->has_expired = 0;
  pk->version = cdk_stream_getc (inp);
  if (pk->version < 2 || pk->version > 4)
    return CDK_Inv_Packet_Ver;
  pk->timestamp = read_32 (inp);
  if (pk->version < 4)
    {
      ndays = read_16 (inp);
      if (ndays)
	pk->expiredate = pk->timestamp + ndays * 86400L;
    }
  pk->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
  npkey = cdk_pk_get_npkey (pk->pubkey_algo);
  if (!npkey)
    {
      gnutls_assert ();
      _cdk_log_debug ("invalid public key algorithm %d\n", pk->pubkey_algo);
      return CDK_Inv_Algo;
    }
  for (i = 0; i < npkey; i++)
    {
      cdk_error_t rc = read_mpi (inp, &pk->mpi[i], 0);
      if (rc)
	return rc;
    }
  /* This value is just for the first run and will be
     replaced with the actual key flags from the self signature. */
  pk->pubkey_usage = 0;
  return 0;
}
 | 
| ↓ | keydb_pos_from_cache | 11 | 28 | 55 | lib/opencdk/keydb.c | 
| 
static cdk_error_t
keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
		      int *r_cache_hit, off_t * r_off)
{
  key_table_t c;
  if (!hd || !r_cache_hit || !r_off)
    {
      gnutls_assert ();
      return CDK_Inv_Value;
    }
  /* Reset the values. */
  *r_cache_hit = 0;
  *r_off = 0;
  c = keydb_cache_find (ks);
  if (c != NULL)
    {
      _cdk_log_debug ("cache: found entry in cache.\n");
      *r_cache_hit = 1;
      *r_off = c->offset;
      return 0;
    }
  /* No index cache available so we just return here. */
  if (!ks->idx)
    return 0;
  if (ks->idx)
    {
      if (ks->type == CDK_DBSEARCH_KEYID)
	{
	  if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
	    {
	      gnutls_assert ();
	      return CDK_Error_No_Key;
	    }
	  _cdk_log_debug ("cache: found keyid entry in idx table.\n");
	  *r_cache_hit = 1;
	}
      else if (ks->type == CDK_DBSEARCH_FPR)
	{
	  if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
	    {
	      gnutls_assert ();
	      return CDK_Error_No_Key;
	    }
	  _cdk_log_debug ("cache: found fpr entry in idx table.\n");
	  *r_cache_hit = 1;
	}
    }
  return 0;
}
 | 
| ↓ | decode | 11 | 27 | 37 | lib/auth_srp_sb64.c | 
| 
inline static int
decode (uint8_t * result, const uint8_t * data)
{
  uint8_t a1, a2;
  int ret = 3;
  memset (result, 0, 3);
  a1 = TOASCII (data[3]);
  a2 = TOASCII (data[2]);
  if (a1 != 0xff)
    result[2] = a1 & 0xff;
  else
    return -1;
  if (a2 != 0xff)
    result[2] |= ((a2 & 0x03) << 6) & 0xff;
  a1 = a2;
  a2 = TOASCII (data[1]);
  if (a1 != 0xff)
    result[1] = ((a1 & 0x3c) >> 2);
  if (a2 != 0xff)
    result[1] |= ((a2 & 0x0f) << 4);
  else if (a1 == 0xff || result[1] == 0)
    ret--;
  a1 = a2;
  a2 = TOASCII (data[0]);
  if (a1 != 0xff)
    result[0] = (((a1 & 0x30) >> 4) & 0xff);
  if (a2 != 0xff)
    result[0] |= ((a2 << 2) & 0xff);
  else if (a1 == 0xff || result[0] == 0)
    ret--;
  return ret;
}
 | 
| ↓ | _gnutls_session_cert_type_supported | 11 | 24 | 48 | lib/gnutls_state.c | 
| 
int
_gnutls_session_cert_type_supported (gnutls_session_t session,
				     gnutls_certificate_type_t cert_type)
{
  unsigned i;
  unsigned cert_found = 0;
  gnutls_certificate_credentials_t cred;
  if (session->security_parameters.entity == GNUTLS_SERVER)
    {
      cred = (gnutls_certificate_credentials_t)
	_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
      if (cred == NULL)
	return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
      if (cred->server_get_cert_callback == NULL)
	{
	  for (i = 0; i < cred->ncerts; i++)
	    {
	      if (cred->cert_list[i][0].cert_type == cert_type)
		{
		  cert_found = 1;
		  break;
		}
	    }
	  if (cert_found == 0)
	    /* no certificate is of that type.
	     */
	    return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
	}
    }
  if (session->internals.priorities.cert_type.algorithms == 0
      && cert_type == DEFAULT_CERT_TYPE)
    return 0;
  for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
    {
      if (session->internals.priorities.cert_type.priority[i] == cert_type)
	{
	  return 0;		/* ok */
	}
    }
  return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
}
 | 
| ↓ | compress_get_algo | 11 | 20 | 31 | lib/opencdk/armor.c | 
| 
static int
compress_get_algo (cdk_stream_t inp, int *r_zipalgo)
{
  byte plain[512];
  char buf[128];
  int nread, pkttype;
  *r_zipalgo = 0;
  cdk_stream_seek (inp, 0);
  while (!cdk_stream_eof (inp))
    {
      nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
      if (!nread || nread == -1)
	break;
      if (nread == 1 && !cdk_stream_eof (inp)
	  && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0)
	{
	  base64_decode (plain, buf);
	  if (!(*plain & 0x80))
	    break;
	  pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
	  if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
	    {
	      _cdk_log_debug ("armor compressed (algo=%d)\n", *(plain + 1));
	      *r_zipalgo = *(plain + 1);
	    }
	  break;
	}
    }
  return 0;
}
 | 
| ↓ | _gnutls_hostname_compare | 11 | 17 | 39 | lib/gnutls_str.c | 
| 
int
_gnutls_hostname_compare (const char *certname,
			  size_t certnamesize,
			  const char *hostname)
{
  /* find the first different character */
  for (; *certname && *hostname && toupper (*certname) == toupper (*hostname);
       certname++, hostname++, certnamesize--)
    ;
  /* the strings are the same */
  if (certnamesize == 0 && *hostname == '\0')
    return 1;
  if (*certname == '*')
    {
      /* a wildcard certificate */
      certname++;
      certnamesize--;
      while (1)
	{
	  /* Use a recursive call to allow multiple wildcards */
	  if (_gnutls_hostname_compare (certname, certnamesize, hostname))
	    return 1;
	  /* wildcards are only allowed to match a single domain
	     component or component fragment */
	  if (*hostname == '\0' || *hostname == '.')
	    break;
	  hostname++;
	}
      return 0;
    }
  return 0;
}
 | 
| ↓ | _gnutls_openpgp_find_key | 11 | 14 | 37 | lib/openpgp/pgp.c | 
| 
cdk_packet_t
_gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
			  unsigned int priv)
{
  cdk_kbnode_t p, ctx;
  cdk_packet_t pkt;
  uint32_t local_keyid[2];
  ctx = NULL;
  while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
    {
      pkt = cdk_kbnode_get_packet (p);
      if ((priv == 0
	   && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
	       || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0
							   && (pkt->pkttype ==
							       CDK_PKT_SECRET_SUBKEY
							       || pkt->pkttype
							       ==
							       CDK_PKT_SECRET_KEY)))
	{
	  if (priv == 0)
	    cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
	  else
	    cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
	  if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
	    {
	      return pkt;
	    }
	}
    }
  gnutls_assert ();
  return NULL;
}
 | 
| ↓ | str_escape | 11 | 12 | 25 | lib/x509/dn.c | 
| 
static char *
str_escape (char *str, char *buffer, unsigned int buffer_size)
{
  int str_length, j, i;
  if (str == NULL || buffer == NULL)
    return NULL;
  str_length = MIN (strlen (str), buffer_size - 1);
  for (i = j = 0; i < str_length; i++)
    {
      if (str[i] == ',' || str[i] == '+' || str[i] == '"'
	  || str[i] == '\\' || str[i] == '<' || str[i] == '>'
	  || str[i] == ';')
	buffer[j++] = '\\';
      buffer[j++] = str[i];
    }
  /* null terminate the string */
  buffer[j] = 0;
  return buffer;
}
 | 
| ↓ | cdk_kbnode_find_next | 11 | 12 | 21 | lib/opencdk/kbnode.c | 
| 
cdk_kbnode_t
cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype)
{
  for (node = node->next; node; node = node->next)
    {
      if (!pkttype)
	return node;
      else if (pkttype == CDK_PKT_USER_ID &&
	       (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
		node->pkt->pkttype == CDK_PKT_SECRET_KEY))
	return NULL;
      else if (pkttype == CDK_PKT_SIGNATURE &&
	       (node->pkt->pkttype == CDK_PKT_USER_ID ||
		node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
		node->pkt->pkttype == CDK_PKT_SECRET_KEY))
	return NULL;
      else if (node->pkt->pkttype == pkttype)
	return node;
    }
  return NULL;
}
 | 
|  | _gnutls_session_unpack | 13 | 33 | 75 | lib/gnutls_session_pack.c | 
|  | _gnutls_x509_get_pk_algorithm | 11 | 57 | 112 | lib/x509/common.c | 
|  | _gnutls_compress | 11 | 51 | 105 | lib/gnutls_compress.c | 
|  | gnutls_x509_privkey_generate | 11 | 40 | 75 | lib/x509/privkey.c | 
|  | _gnutls_gen_srp_server_kx | 10 | 58 | 124 | lib/auth_srp.c | 
|  | _gnutls_openpgp_crt_to_gcert | 10 | 54 | 116 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_x509_ext_gen_crl_dist_points | 10 | 50 | 104 | lib/x509/extensions.c | 
|  | _get_pk_dsa_raw | 10 | 49 | 90 | lib/openpgp/pgp.c | 
|  | gnutls_x509_privkey_export_rsa_raw | 10 | 48 | 93 | lib/x509/privkey.c | 
|  | _decode_pkcs7_signed_data | 10 | 47 | 94 | lib/x509/pkcs7.c | 
|  | group_check_g_n | 10 | 46 | 103 | lib/auth_srp.c | 
|  | gnutls_x509_crq_get_extension_info | 10 | 46 | 85 | lib/x509/crq.c | 
|  | _gnutls_gen_rsa_client_kx | 10 | 45 | 90 | lib/auth_rsa.c | 
|  | _gnutls_privkey_decode_pkcs1_rsa_key | 10 | 45 | 95 | lib/x509/privkey.c | 
|  | gnutls_x509_privkey_import_rsa_raw | 10 | 44 | 83 | lib/x509/privkey.c | 
|  | _gnutls_server_name_recv_params | 10 | 44 | 95 | lib/ext_server_name.c | 
|  | gnutls_dh_params_import_pkcs3 | 10 | 44 | 93 | lib/gnutls_dh_primes.c | 
|  | cdk_pk_verify | 10 | 42 | 66 | lib/opencdk/pubkey.c | 
|  | gnutls_certificate_set_openpgp_key_mem2 | 10 | 41 | 75 | lib/openpgp/gnutls_openpgp.c | 
|  | gnutls_pkcs12_bag_encrypt | 10 | 40 | 84 | lib/x509/pkcs12_bag.c | 
|  | _gnutls_mpi_randomize | 10 | 40 | 75 | lib/gnutls_mpi.c | 
|  | print_cert | 10 | 38 | 69 | lib/openpgp/output.c | 
|  | gnutls_global_init | 10 | 38 | 83 | lib/gnutls_global.c | 
|  | _gnutls_x509_export_int_named | 10 | 37 | 85 | lib/x509/common.c | 
|  | _gnutls_copy_certificate_auth_info | 10 | 37 | 69 | lib/auth_cert.c | 
|  | gnutls_openpgp_privkey_import | 10 | 35 | 69 | lib/openpgp/privkey.c | 
|  | _pkcs1_rsa_verify_sig | 10 | 35 | 74 | lib/x509/verify.c | 
|  | gnutls_openpgp_get_key | 10 | 35 | 63 | lib/openpgp/gnutls_openpgp.c | 
|  | _find_x509_cert | 10 | 34 | 68 | lib/auth_cert.c | 
|  | gnutls_pkcs7_set_crl_raw | 10 | 32 | 72 | lib/x509/pkcs7.c | 
|  | _cdk_hash_pubkey | 10 | 31 | 43 | lib/opencdk/sig-check.c | 
|  | cdk_keydb_idx_rebuild | 10 | 29 | 47 | lib/opencdk/keydb.c | 
|  | cdk_stream_write | 10 | 29 | 55 | lib/opencdk/stream.c | 
|  | _gnutls_cipher_init | 10 | 27 | 52 | lib/gnutls_cipher_int.c | 
|  | uid_list_add_sig | 10 | 26 | 50 | lib/opencdk/sig-check.c | 
|  | write_pubkey_enc | 10 | 25 | 34 | lib/opencdk/write-packet.c | 
|  | write_onepass_sig | 10 | 23 | 31 | lib/opencdk/write-packet.c | 
|  | _gnutls_send_client_certificate | 10 | 23 | 66 | lib/gnutls_kx.c | 
|  | write_head_old | 10 | 23 | 34 | lib/opencdk/write-packet.c | 
|  | cdk_kbnode_move | 10 | 22 | 28 | lib/opencdk/kbnode.c | 
|  | cdk_pk_get_keyid | 10 | 20 | 36 | lib/opencdk/pubkey.c | 
|  | _cdk_keydb_open | 10 | 19 | 41 | lib/opencdk/keydb.c | 
|  | _gnutls_check_key_usage | 10 | 18 | 52 | lib/gnutls_x509.c | 
|  | _gnutls_fbase64_encode | 9 | 64 | 102 | lib/x509_b64.c | 
|  | _rsa_generate_params | 9 | 62 | 105 | lib/pk-libgcrypt.c | 
|  | cdk_armor_encode_buffer | 9 | 60 | 87 | lib/opencdk/armor.c | 
|  | unpack_psk_auth_info | 9 | 58 | 103 | lib/gnutls_session_pack.c | 
|  | gnutls_psk_netconf_derive_key | 9 | 51 | 90 | lib/gnutls_psk_netconf.c | 
|  | gen_dhe_server_kx | 9 | 50 | 96 | lib/auth_dhe.c | 
|  | unpack_anon_auth_info | 9 | 49 | 90 | lib/gnutls_session_pack.c | 
|  | gnutls_pkcs12_verify_mac | 9 | 48 | 101 | lib/x509/pkcs12.c | 
|  | read_pbkdf2_params | 9 | 47 | 109 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_x509_der_encode | 9 | 46 | 82 | lib/x509/common.c | 
|  | _gnutls_gen_extensions | 9 | 45 | 84 | lib/gnutls_extensions.c | 
|  | write_pbkdf2_params | 9 | 45 | 105 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_read_server_hello | 9 | 45 | 101 | lib/gnutls_handshake.c | 
|  | keydb_idx_build | 9 | 44 | 71 | lib/opencdk/keydb.c | 
|  | parse_pem_cert_mem | 9 | 44 | 91 | lib/gnutls_x509.c | 
|  | parse_pem_ca_mem | 9 | 43 | 93 | lib/gnutls_x509.c | 
|  | gnutls_x509_crt_get_pk_dsa_raw | 9 | 43 | 81 | lib/x509/x509.c | 
|  | _decode_pkcs12_auth_safe | 9 | 41 | 81 | lib/x509/pkcs12.c | 
|  | gnutls_x509_crt_set_key_purpose_oid | 9 | 40 | 91 | lib/x509/x509_write.c | 
|  | gnutls_x509_privkey_import_dsa_raw | 9 | 39 | 74 | lib/x509/privkey.c | 
|  | get_extension_oid | 9 | 39 | 83 | lib/x509/extensions.c | 
|  | _gnutls_sbase64_decode | 9 | 38 | 59 | lib/auth_srp_sb64.c | 
|  | _pkcs12_encode_crt_bag | 9 | 37 | 79 | lib/x509/pkcs12_bag.c | 
|  | decode_private_key_info | 9 | 36 | 76 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_P_hash | 9 | 36 | 76 | lib/gnutls_state.c | 
|  | _gnutls_x509_crq_set_extension | 9 | 36 | 76 | lib/x509/extensions.c | 
|  | _gnutls_x509_write_value | 9 | 36 | 73 | lib/x509/common.c | 
|  | write_schema_params | 9 | 35 | 83 | lib/x509/privkey_pkcs8.c | 
|  | set_extension | 9 | 34 | 81 | lib/x509/extensions.c | 
|  | wrap_gcry_generate_group | 9 | 34 | 70 | lib/mpi-libgcrypt.c | 
|  | gnutls_x509_crt_set_crq_extensions | 9 | 34 | 61 | lib/x509/x509_write.c | 
|  | add_extension | 9 | 33 | 62 | lib/x509/extensions.c | 
|  | get_subject_alt_name | 9 | 33 | 70 | lib/x509/x509.c | 
|  | gnutls_x509_crq_get_key_id | 9 | 32 | 70 | lib/x509/crq.c | 
|  | gnutls_x509_crt_get_key_id | 9 | 32 | 70 | lib/x509/x509.c | 
|  | cdk_file_dearmor | 9 | 31 | 48 | lib/opencdk/armor.c | 
|  | gnutls_x509_privkey_export_pkcs8 | 9 | 31 | 72 | lib/x509/privkey_pkcs8.c | 
|  | gnutls_x509_privkey_get_key_id | 9 | 31 | 66 | lib/x509/privkey.c | 
|  | _gnutls_send_handshake | 9 | 30 | 68 | lib/gnutls_handshake.c | 
|  | do_encode_md | 9 | 30 | 42 | lib/opencdk/seskey.c | 
|  | _gnutls_openpgp_export | 9 | 30 | 63 | lib/openpgp/pgp.c | 
|  | _gnutls_openpgp_verify_key | 9 | 29 | 61 | lib/openpgp/compat.c | 
|  | _gnutls_gen_cert_server_cert_req | 9 | 29 | 69 | lib/auth_cert.c | 
|  | gnutls_certificate_set_openpgp_key_file2 | 9 | 28 | 56 | lib/openpgp/gnutls_openpgp.c | 
|  | gnutls_psk_set_client_credentials | 9 | 27 | 56 | lib/gnutls_psk.c | 
|  | gnutls_openpgp_keyring_get_crt | 9 | 27 | 47 | lib/openpgp/extras.c | 
|  | cdk_keydb_check_sk | 9 | 27 | 46 | lib/opencdk/keydb.c | 
|  | gnutls_x509_crt_check_hostname | 9 | 25 | 75 | lib/x509/rfc2818_hostname.c | 
|  | base64_encode | 9 | 23 | 35 | lib/opencdk/armor.c | 
|  | _gnutls_cert_type_send_params | 9 | 23 | 66 | lib/ext_cert_type.c | 
|  | _gnutls_partition | 9 | 23 | 45 | lib/gnutls_algorithms.c | 
|  | cdk_stream_flush | 9 | 22 | 38 | lib/opencdk/stream.c | 
|  | _gnutls_server_select_cert | 9 | 22 | 62 | lib/auth_cert.c | 
|  | _cdk_pkt_read_len | 9 | 21 | 31 | lib/opencdk/read-packet.c | 
|  | _gnutls_io_clear_peeked_data | 9 | 20 | 39 | lib/gnutls_buffers.c | 
|  | _gnutls_openpgp_request_key | 9 | 18 | 44 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_recv_client_certificate_verify_message | 9 | 17 | 44 | lib/gnutls_kx.c | 
|  | _gnutls_openpgp_find_subkey_idx | 9 | 16 | 33 | lib/openpgp/pgp.c | 
|  | cdk_pk_to_fingerprint | 9 | 16 | 31 | lib/opencdk/pubkey.c | 
|  | _gnutls_store_session | 9 | 16 | 38 | lib/gnutls_db.c | 
|  | check_g_n | 9 | 11 | 31 | lib/auth_srp.c | 
|  | _gnutls_dh_set_group | 11 | 36 | 71 | lib/gnutls_state.c | 
|  | print_key_info | 10 | 44 | 86 | lib/openpgp/output.c | 
|  | get_mpis | 10 | 42 | 108 | lib/x509/mpi.c | 
|  | gnutls_x509_privkey_cpy | 10 | 26 | 47 | lib/x509/privkey.c | 
|  | _gnutls_verify_sig | 10 | 25 | 66 | lib/gnutls_sig.c | 
|  | find_by_keyid | 10 | 16 | 34 | lib/opencdk/keydb.c | 
|  | _encode_privkey | 9 | 39 | 78 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_tls_sign_hdata | 9 | 36 | 75 | lib/gnutls_sig.c | 
|  | _gnutls_x509_verify_algorithm | 9 | 34 | 66 | lib/x509/verify.c | 
|  | _gnutls_openpgp_privkey_get_mpis | 9 | 34 | 66 | lib/openpgp/privkey.c | 
|  | _gnutls_openpgp_crt_get_mpis | 9 | 34 | 64 | lib/openpgp/pgp.c | 
|  | gnutls_x509_privkey_export | 9 | 24 | 51 | lib/x509/privkey.c | 
|  | ip_to_string | 9 | 16 | 40 | lib/x509/output.c | 
|  | _gnutls_proc_dh_common_server_kx | 8 | 56 | 92 | lib/auth_dh_common.c | 
|  | pwd_put_values | 8 | 50 | 86 | lib/auth_srp_passwd.c | 
|  | _gnutls_pkcs7_decrypt_data | 8 | 48 | 102 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_gen_dh_common_client_kx | 8 | 46 | 88 | lib/auth_dh_common.c | 
|  | encrypt_data | 8 | 41 | 71 | lib/x509/privkey_pkcs8.c | 
|  | encode_ber_digest_info | 8 | 40 | 77 | lib/x509/sign.c | 
|  | _cdk_trim_string | 8 | 4 | 11 | lib/opencdk/misc.c | 
|  | _gnutls_gen_openpgp_certificate_fpr | 8 | 38 | 74 | lib/auth_cert.c | 
|  | literal_encode | 8 | 38 | 51 | lib/opencdk/literal.c | 
|  | _gnutls_PRF | 8 | 36 | 79 | lib/gnutls_state.c | 
|  | _get_pk_rsa_raw | 8 | 36 | 64 | lib/openpgp/pgp.c | 
|  | gnutls_pkcs12_get_bag | 8 | 35 | 75 | lib/x509/pkcs12.c | 
|  | _decode_pkcs8_dsa_key | 8 | 34 | 68 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_x509_read_value | 8 | 34 | 63 | lib/x509/common.c | 
|  | rsadsa_crq_get_key_id | 8 | 34 | 64 | lib/x509/crq.c | 
|  | rsadsa_get_key_id | 8 | 34 | 64 | lib/x509/x509.c | 
|  | cdk_keydb_get_pk | 8 | 34 | 54 | lib/opencdk/keydb.c | 
|  | decode_dsa_key | 8 | 33 | 66 | lib/x509/privkey.c | 
|  | _pkcs12_decode_crt_bag | 8 | 33 | 71 | lib/x509/pkcs12_bag.c | 
|  | set_attribute | 8 | 32 | 77 | lib/x509/crq.c | 
|  | gnutls_certificate_set_x509_key | 8 | 31 | 70 | lib/gnutls_x509.c | 
|  | _gnutls_x509_write_sig_params | 8 | 31 | 68 | lib/x509/mpi.c | 
|  | gnutls_pkcs12_import | 8 | 31 | 60 | lib/x509/pkcs12.c | 
|  | gnutls_x509_crq_set_subject_alt_name | 8 | 31 | 74 | lib/x509/crq.c | 
|  | _gnutls_x509_ext_gen_proxyCertInfo | 8 | 31 | 64 | lib/x509/extensions.c | 
|  | _gnutls_x509_set_dn_oid | 8 | 30 | 75 | lib/x509/dn.c | 
|  | gnutls_pkcs7_get_crl_raw | 8 | 30 | 61 | lib/x509/pkcs7.c | 
|  | _gnutls_x509_ext_gen_basicConstraints | 8 | 30 | 58 | lib/x509/extensions.c | 
|  | _gnutls_client_set_ciphersuite | 8 | 30 | 77 | lib/gnutls_handshake.c | 
|  | _gnutls_x509_read_uint | 8 | 29 | 49 | lib/x509/mpi.c | 
|  | _gnutls_decrypt | 8 | 29 | 69 | lib/gnutls_cipher.c | 
|  | gnutls_x509_crq_import | 8 | 29 | 59 | lib/x509/crq.c | 
|  | gnutls_x509_crl_import | 8 | 29 | 58 | lib/x509/crl.c | 
|  | _randomize_pwd_entry | 8 | 28 | 52 | lib/auth_srp_passwd.c | 
|  | gnutls_pkcs7_import | 8 | 28 | 55 | lib/x509/pkcs7.c | 
|  | gnutls_x509_crt_set_subject_alt_name | 8 | 27 | 65 | lib/x509/x509_write.c | 
|  | _gnutls_x509_ext_extract_basicConstraints | 8 | 26 | 52 | lib/x509/extensions.c | 
|  | cdk_file_armor | 8 | 26 | 40 | lib/opencdk/armor.c | 
|  | _gnutls_mpi_dprint_size | 8 | 26 | 41 | lib/gnutls_mpi.c | 
|  | print_key_times | 8 | 26 | 49 | lib/openpgp/output.c | 
|  | read_mpi | 8 | 25 | 40 | lib/opencdk/read-packet.c | 
|  | _gnutls_string_append_data | 8 | 24 | 47 | lib/gnutls_str.c | 
|  | _gnutls_x509_ext_gen_subject_alt_name | 8 | 23 | 53 | lib/x509/extensions.c | 
|  | _cdk_digest_encode_pkcs1 | 8 | 22 | 37 | lib/opencdk/seskey.c | 
|  | _gnutls_max_record_recv_params | 8 | 21 | 58 | lib/ext_max_record.c | 
|  | print_key_usage | 8 | 19 | 31 | lib/openpgp/output.c | 
|  | write_user_id | 8 | 19 | 34 | lib/opencdk/write-packet.c | 
|  | pwd_read_conf | 8 | 19 | 39 | lib/auth_srp_passwd.c | 
|  | _gnutls_string_resize | 8 | 19 | 37 | lib/gnutls_str.c | 
|  | mktime_utc | 8 | 18 | 27 | lib/x509/common.c | 
|  | gnutls_pkcs12_bag_set_data | 8 | 18 | 50 | lib/x509/pkcs12_bag.c | 
|  | cdk_stream_kick_off | 8 | 17 | 29 | lib/opencdk/stream.c | 
|  | read_s2k | 8 | 16 | 29 | lib/opencdk/read-packet.c | 
|  | cdk_s2k_new | 8 | 16 | 25 | lib/opencdk/seskey.c | 
|  | key_usage_to_cdk_usage | 8 | 16 | 22 | lib/opencdk/keydb.c | 
|  | _cdk_pubkey_compare | 8 | 15 | 22 | lib/opencdk/new-packet.c | 
|  | hexdump | 8 | 15 | 23 | lib/x509/output.c | 
|  | hexdump | 8 | 15 | 23 | lib/openpgp/output.c | 
|  | find_by_fpr | 8 | 13 | 25 | lib/opencdk/keydb.c | 
|  | keydb_check_key | 8 | 13 | 25 | lib/opencdk/keydb.c | 
|  | check_buffers | 8 | 12 | 32 | lib/gnutls_record.c | 
|  | keydb_cache_find | 12 | 18 | 36 | lib/opencdk/keydb.c | 
|  | encode_to_pkcs8_key | 11 | 47 | 109 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_comp_init | 11 | 40 | 85 | lib/gnutls_compress.c | 
|  | _gnutls_free_auth_info | 11 | 39 | 74 | lib/gnutls_auth.c | 
|  | _gnutls_session_pack | 11 | 31 | 71 | lib/gnutls_session_pack.c | 
|  | gnutls_bye | 11 | 29 | 60 | lib/gnutls_record.c | 
|  | _gnutls_recv_handshake_final | 10 | 27 | 54 | lib/gnutls_handshake.c | 
|  | gnutls_dh_get_group | 9 | 32 | 52 | lib/gnutls_ui.c | 
|  | _gnutls_dh_set_peer_public | 9 | 29 | 56 | lib/gnutls_state.c | 
|  | _gnutls_send_handshake_final | 9 | 25 | 57 | lib/gnutls_handshake.c | 
|  | calc_enc_length | 8 | 23 | 56 | lib/gnutls_cipher.c | 
|  | _cdk_check_args | 7 | 8 | 13 | lib/opencdk/misc.c | 
|  | proc_rsa_export_server_kx | 7 | 51 | 91 | lib/auth_rsa_export.c | 
|  | gnutls_x509_dn_get_rdn_ava | 7 | 46 | 80 | lib/x509/x509.c | 
|  | _gnutls_verify_sig_params | 7 | 39 | 79 | lib/gnutls_sig.c | 
|  | _gnutls_parse_extensions | 7 | 38 | 69 | lib/gnutls_extensions.c | 
|  | generate_normal_master | 7 | 38 | 120 | lib/gnutls_kx.c | 
|  | read_pbe_enc_params | 7 | 37 | 79 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_gen_openpgp_certificate | 7 | 36 | 72 | lib/auth_cert.c | 
|  | _gnutls_calc_srp_S2 | 7 | 36 | 55 | lib/gnutls_srp.c | 
|  | parse_pem_crl_mem | 7 | 36 | 80 | lib/gnutls_x509.c | 
|  | gnutls_x509_privkey_export_dsa_raw | 7 | 35 | 68 | lib/x509/privkey.c | 
|  | _gnutls_set_psk_session_key | 7 | 35 | 78 | lib/auth_psk.c | 
|  | _gnutls_proc_srp_client_kx | 7 | 35 | 69 | lib/auth_srp.c | 
|  | pwd_put_values2 | 7 | 35 | 60 | lib/auth_srp_passwd.c | 
|  | _gnutls_server_name_send_params | 7 | 35 | 85 | lib/ext_server_name.c | 
|  | gnutls_x509_crq_get_extension_data | 7 | 32 | 59 | lib/x509/crq.c | 
|  | gnutls_x509_crq_get_key_rsa_raw | 7 | 30 | 53 | lib/x509/crq.c | 
|  | _gnutls_x509_write_dsa_params | 7 | 30 | 59 | lib/x509/mpi.c | 
|  | gnutls_x509_crt_get_pk_rsa_raw | 7 | 30 | 53 | lib/x509/x509.c | 
|  | _gnutls_sbase64_encode | 7 | 30 | 52 | lib/auth_srp_sb64.c | 
|  | get_subject_alt_name | 7 | 29 | 64 | lib/x509/crq.c | 
|  | _gnutls_recv_finished | 7 | 28 | 66 | lib/gnutls_handshake.c | 
|  | _gnutls_selected_cert_supported_kx | 7 | 28 | 51 | lib/gnutls_cert.c | 
|  | cdk_stream_new | 7 | 28 | 44 | lib/opencdk/stream.c | 
|  | gnutls_certificate_set_openpgp_key | 7 | 28 | 66 | lib/openpgp/gnutls_openpgp.c | 
|  | gnutls_x509_crl_get_extension_info | 7 | 27 | 52 | lib/x509/crl.c | 
|  | _gnutls_x509_write_int | 7 | 27 | 51 | lib/gnutls_mpi.c | 
|  | print_aki | 7 | 27 | 52 | lib/x509/output.c | 
|  | gnutls_x509_crt_get_extension_info | 7 | 27 | 52 | lib/x509/x509.c | 
|  | gnutls_credentials_set | 7 | 26 | 58 | lib/gnutls_auth.c | 
|  | _algo_register | 7 | 25 | 49 | lib/crypto.c | 
|  | alloc_and_load_x509_certs | 7 | 24 | 37 | lib/auth_cert.c | 
|  | gnutls_x509_crq_sign2 | 7 | 24 | 63 | lib/x509/crq.c | 
|  | _gnutls_openpgp_crt_verify_peers | 7 | 23 | 53 | lib/gnutls_cert.c | 
|  | _cdk_copy_seckey | 7 | 22 | 33 | lib/opencdk/new-packet.c | 
|  | _gnutls_send_client_certificate_verify | 7 | 22 | 49 | lib/gnutls_kx.c | 
|  | keydb_idx_parse | 7 | 22 | 34 | lib/opencdk/keydb.c | 
|  | decode | 7 | 22 | 31 | lib/x509_b64.c | 
|  | gnutls_calc_dh_secret | 7 | 21 | 41 | lib/gnutls_dh.c | 
|  | _cdk_hash_userid | 7 | 21 | 27 | lib/opencdk/sig-check.c | 
|  | _gnutls_send_finished | 7 | 20 | 50 | lib/gnutls_handshake.c | 
|  | gnutls_srp_set_server_credentials_file | 7 | 20 | 43 | lib/gnutls_srp.c | 
|  | _gnutls_auth_info_set | 7 | 20 | 59 | lib/gnutls_auth.c | 
|  | _gnutls_recv_server_kx_message | 7 | 20 | 50 | lib/gnutls_kx.c | 
|  | get_issuers_num | 7 | 20 | 45 | lib/auth_cert.c | 
|  | gnutls_handshake | 7 | 20 | 47 | lib/gnutls_handshake.c | 
|  | gnutls_x509_crt_get_extension_by_oid | 7 | 20 | 46 | lib/x509/x509.c | 
|  | gnutls_x509_crl_get_number | 7 | 19 | 44 | lib/x509/crl.c | 
|  | idx_init | 7 | 19 | 43 | lib/opencdk/keydb.c | 
|  | _cdk_copy_pubkey | 7 | 19 | 24 | lib/opencdk/new-packet.c | 
|  | _gnutls_supported_compression_methods | 7 | 19 | 38 | lib/gnutls_compress.c | 
|  | gnutls_x509_crt_get_basic_constraints | 7 | 19 | 45 | lib/x509/x509.c | 
|  | cdk_pk_get_fingerprint | 7 | 18 | 25 | lib/opencdk/pubkey.c | 
|  | mpi_to_buffer | 7 | 18 | 33 | lib/opencdk/pubkey.c | 
|  | read_user_id | 7 | 16 | 23 | lib/opencdk/read-packet.c | 
|  | sig_to_datum | 7 | 15 | 26 | lib/opencdk/pubkey.c | 
|  | _gnutls_x509_san_find_type | 7 | 13 | 17 | lib/x509/common.c | 
|  | gnutls_cipher_suite_info | 7 | 13 | 24 | lib/gnutls_algorithms.c | 
|  | gnutls_certificate_set_x509_key_mem | 7 | 12 | 27 | lib/gnutls_x509.c | 
|  | keydb_find_bykeyid | 7 | 12 | 17 | lib/opencdk/keydb.c | 
|  | handle_set_compress | 7 | 10 | 18 | lib/opencdk/main.c | 
|  | _gnutls_tls_sign | 7 | 10 | 34 | lib/gnutls_sig.c | 
|  | write_new_general_name | 9 | 33 | 65 | lib/x509/extensions.c | 
|  | cdk_kbnode_hash | 9 | 20 | 47 | lib/opencdk/kbnode.c | 
|  | encode | 8 | 45 | 84 | lib/auth_srp_sb64.c | 
|  | _gnutls_tls_sign_params | 7 | 43 | 88 | lib/gnutls_sig.c | 
|  | gnutls_x509_privkey_fix | 7 | 19 | 38 | lib/x509/privkey.c | 
|  | _gnutls_remove_session | 6 | 9 | 22 | lib/gnutls_db.c | 
|  | add_key_usage | 6 | 9 | 21 | lib/opencdk/keydb.c | 
|  | handle_set_s2k | 6 | 8 | 13 | lib/opencdk/main.c | 
|  | is_selfsig | 6 | 7 | 14 | lib/opencdk/keydb.c | 
|  | gnutls_session_is_resumed | 6 | 6 | 22 | lib/gnutls_state.c | 
|  | unpack_security_parameters | 6 | 57 | 129 | lib/gnutls_session_pack.c | 
|  | gnutls_deinit | 6 | 49 | 78 | lib/gnutls_state.c | 
|  | _cdk_hash_sig_data | 6 | 41 | 59 | lib/opencdk/sig-check.c | 
|  | pack_certificate_auth_info | 6 | 40 | 74 | lib/gnutls_session_pack.c | 
|  | _gnutls_calc_srp_B | 6 | 37 | 68 | lib/gnutls_srp.c | 
|  | _gnutls_dh_common_print_server_kx | 6 | 36 | 63 | lib/auth_dh_common.c | 
|  | _gnutls_copy_ciphersuites | 6 | 33 | 64 | lib/gnutls_handshake.c | 
|  | proc_srp_cert_server_kx | 6 | 33 | 62 | lib/auth_srp_rsa.c | 
|  | gen_srp_cert_server_kx | 6 | 32 | 61 | lib/auth_srp_rsa.c | 
|  | _gnutls_calc_srp_u | 6 | 32 | 55 | lib/gnutls_srp.c | 
|  | _gnutls_x509_crl_get_raw_issuer_dn | 6 | 31 | 67 | lib/x509/crl.c | 
|  | _gnutls_proc_dh_common_client_kx | 6 | 31 | 67 | lib/auth_dh_common.c | 
|  | _gnutls_verify_sig_hdata | 6 | 31 | 63 | lib/gnutls_sig.c | 
|  | _gnutls_gen_supplemental | 6 | 30 | 55 | lib/gnutls_supplemental.c | 
|  | create_empty_signed_data | 6 | 30 | 75 | lib/x509/pkcs7.c | 
|  | _gnutls_x509_pkix_sign | 6 | 29 | 76 | lib/x509/sign.c | 
|  | proc_dhe_server_kx | 6 | 29 | 57 | lib/auth_dhe.c | 
|  | _gnutls_finished | 6 | 28 | 57 | lib/gnutls_handshake.c | 
|  | gnutls_openpgp_privkey_sign_hash | 6 | 27 | 53 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_x509_read_dsa_params | 6 | 27 | 62 | lib/x509/mpi.c | 
|  | _gnutls_x509_decode_octet_string | 6 | 27 | 52 | lib/x509/common.c | 
|  | gen_psk_client_kx | 6 | 27 | 52 | lib/auth_dhe_psk.c | 
|  | _gnutls_x509_write_rsa_params | 6 | 27 | 54 | lib/x509/mpi.c | 
|  | _gnutls_openpgp_privkey_to_gkey | 6 | 26 | 65 | lib/openpgp/gnutls_openpgp.c | 
|  | cdk_stream_create | 6 | 26 | 40 | lib/opencdk/stream.c | 
|  | _cdk_stream_open_mode | 6 | 25 | 40 | lib/opencdk/stream.c | 
|  | _gnutls_check_key_cert_match | 6 | 25 | 58 | lib/gnutls_x509.c | 
|  | cdk_keydb_get_sk | 6 | 25 | 44 | lib/opencdk/keydb.c | 
|  | gnutls_pkcs7_delete_crl | 6 | 24 | 51 | lib/x509/pkcs7.c | 
|  | gnutls_pkcs7_delete_crt | 6 | 24 | 51 | lib/x509/pkcs7.c | 
|  | _gnutls_x509_get_time | 6 | 24 | 48 | lib/x509/common.c | 
|  | pwd_put_values | 6 | 23 | 46 | lib/auth_psk_passwd.c | 
|  | gnutls_x509_crl_set_number | 6 | 23 | 50 | lib/x509/crl_write.c | 
|  | gnutls_x509_crl_set_authority_key_id | 6 | 23 | 50 | lib/x509/crl_write.c | 
|  | gnutls_x509_crl_get_signature | 6 | 23 | 45 | lib/x509/crl.c | 
|  | print_proxy | 6 | 23 | 36 | lib/x509/output.c | 
|  | gnutls_x509_crt_set_authority_key_id | 6 | 23 | 50 | lib/x509/x509_write.c | 
|  | gnutls_x509_crt_set_subject_key_id | 6 | 23 | 50 | lib/x509/x509_write.c | 
|  | _gnutls_encrypt | 6 | 22 | 52 | lib/gnutls_cipher.c | 
|  | unpack_srp_auth_info | 6 | 22 | 49 | lib/gnutls_session_pack.c | 
|  | gnutls_x509_crt_get_signature | 6 | 22 | 44 | lib/x509/x509.c | 
|  | alloc_and_load_pgp_certs | 6 | 22 | 40 | lib/auth_cert.c | 
|  | _gnutls_get_private_rsa_params | 6 | 22 | 58 | lib/auth_rsa.c | 
|  | gnutls_openpgp_count_key_names | 6 | 21 | 33 | lib/openpgp/gnutls_openpgp.c | 
|  | hash_encode | 6 | 21 | 39 | lib/opencdk/hash.c | 
|  | gnutls_x509_crl_set_crt_serial | 6 | 21 | 53 | lib/x509/crl_write.c | 
|  | _gnutls_send_server_kx_message | 6 | 21 | 44 | lib/gnutls_kx.c | 
|  | cdk_stream_set_literal_flag | 6 | 21 | 33 | lib/opencdk/stream.c | 
|  | gnutls_certificate_set_x509_trust | 6 | 21 | 42 | lib/gnutls_x509.c | 
|  | _gnutls_send_server_certificate_request | 6 | 20 | 41 | lib/gnutls_kx.c | 
|  | gnutls_openpgp_keyring_get_crt_count | 6 | 20 | 36 | lib/openpgp/extras.c | 
|  | _gnutls_rsa_export_set_pubkey | 6 | 19 | 34 | lib/gnutls_state.c | 
|  | cdk_stream_new_from_cbs | 6 | 19 | 34 | lib/opencdk/stream.c | 
|  | _gnutls_server_find_pk_algos_in_ciphersuites | 6 | 18 | 32 | lib/gnutls_handshake.c | 
|  | _gnutls_peers_cert_less_512 | 6 | 18 | 40 | lib/auth_rsa_export.c | 
|  | gnutls_x509_crt_get_key_usage | 6 | 18 | 42 | lib/x509/x509.c | 
|  | _cdk_subpkt_copy | 6 | 17 | 26 | lib/opencdk/new-packet.c | 
|  | gnutls_certificate_set_openpgp_keyring_mem | 6 | 17 | 35 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_pk_params_copy | 6 | 17 | 27 | lib/gnutls_pk.c | 
|  | gnutls_openpgp_privkey_get_subkey_pk_algorithm | 6 | 17 | 32 | lib/openpgp/privkey.c | 
|  | _gnutls_ext_init | 6 | 17 | 51 | lib/gnutls_extensions.c | 
|  | _gnutls_get_cred | 6 | 17 | 30 | lib/gnutls_auth.c | 
|  | _gnutls_mpi_dprint | 6 | 17 | 27 | lib/gnutls_mpi.c | 
|  | _gnutls_mpi_dprint_lz | 6 | 17 | 28 | lib/gnutls_mpi.c | 
|  | _gnutls_max_record_send_params | 6 | 17 | 50 | lib/ext_max_record.c | 
|  | wrap_gcry_pk_fixup | 6 | 16 | 37 | lib/pk-libgcrypt.c | 
|  | read_onepass_sig | 6 | 16 | 22 | lib/opencdk/read-packet.c | 
|  | _generate_params | 6 | 16 | 29 | lib/gnutls_pk.c | 
|  | gnutls_dh_params_export_raw | 6 | 16 | 34 | lib/gnutls_dh_primes.c | 
|  | gnutls_openpgp_privkey_get_fingerprint | 6 | 16 | 32 | lib/openpgp/privkey.c | 
|  | gnutls_x509_crt_get_proxy | 6 | 16 | 44 | lib/x509/x509.c | 
|  | pkt_encode_len | 6 | 16 | 31 | lib/opencdk/write-packet.c | 
|  | _cdk_memistr | 6 | 16 | 23 | lib/opencdk/misc.c | 
|  | cdk_stream_seek | 6 | 16 | 32 | lib/opencdk/stream.c | 
|  | gnutls_openpgp_crt_get_subkey_fingerprint | 6 | 15 | 30 | lib/openpgp/pgp.c | 
|  | gnutls_openpgp_privkey_get_subkey_fingerprint | 6 | 15 | 31 | lib/openpgp/privkey.c | 
|  | print_basic | 6 | 15 | 30 | lib/x509/output.c | 
|  | cdk_kbnode_read_from_mem | 6 | 15 | 23 | lib/opencdk/kbnode.c | 
|  | gnutls_openpgp_crt_get_fingerprint | 6 | 15 | 29 | lib/openpgp/pgp.c | 
|  | break_comma_list | 6 | 14 | 30 | lib/gnutls_priority.c | 
|  | gnutls_fingerprint | 6 | 14 | 31 | lib/gnutls_ui.c | 
|  | _gnutls_recv_server_certificate_request | 6 | 14 | 32 | lib/gnutls_kx.c | 
|  | _find_openpgp_cert | 6 | 14 | 32 | lib/auth_cert.c | 
|  | _gnutls_handshake_common | 6 | 14 | 40 | lib/gnutls_handshake.c | 
|  | text_decode | 6 | 13 | 22 | lib/opencdk/literal.c | 
|  | cdk_stream_peek | 6 | 13 | 19 | lib/opencdk/stream.c | 
|  | _gnutls_handshake_hash_add_recvd | 6 | 13 | 42 | lib/gnutls_handshake.c | 
|  | write_mpi | 6 | 13 | 19 | lib/opencdk/write-packet.c | 
|  | _gnutls_get_pgp_key_usage | 6 | 12 | 18 | lib/openpgp/pgp.c | 
|  | cdk_pk_fingerprint_get_keyid | 6 | 12 | 23 | lib/opencdk/pubkey.c | 
|  | _gnutls_certificate_get_rsa_params | 6 | 12 | 29 | lib/gnutls_cert.c | 
|  | _gnutls_get_dh_params | 6 | 12 | 28 | lib/gnutls_dh.c | 
|  | cdk_keydb_get_bypattern | 6 | 12 | 23 | lib/opencdk/keydb.c | 
|  | cdk_key_desig_revoker_walk | 6 | 11 | 26 | lib/opencdk/new-packet.c | 
|  | read_compressed | 6 | 11 | 23 | lib/opencdk/read-packet.c | 
|  | read_mdc | 6 | 11 | 18 | lib/opencdk/read-packet.c | 
|  | _cdk_stream_gets | 6 | 11 | 21 | lib/opencdk/stream.c | 
|  | gnutls_x509_crt_set_proxy_dn | 6 | 10 | 29 | lib/x509/x509_write.c | 
|  | gnutls_dh_get_peers_public_bits | 7 | 22 | 47 | lib/gnutls_ui.c | 
|  | gnutls_dh_get_prime_bits | 7 | 22 | 45 | lib/gnutls_ui.c | 
|  | gnutls_dh_get_pubkey | 7 | 22 | 43 | lib/gnutls_ui.c | 
|  | _gnutls_dh_set_secret_bits | 7 | 21 | 41 | lib/gnutls_state.c | 
|  | gnutls_dh_get_secret_bits | 7 | 17 | 38 | lib/gnutls_ui.c | 
|  | gnutls_certificate_activation_time_peers | 6 | 11 | 35 | lib/gnutls_cert.c | 
|  | gnutls_certificate_expiration_time_peers | 6 | 11 | 35 | lib/gnutls_cert.c | 
|  | gnutls_certificate_verify_peers2 | 6 | 10 | 29 | lib/gnutls_cert.c | 
|  | _gnutls_cipher_encrypt | 5 | 9 | 20 | lib/gnutls_cipher_int.c | 
|  | update_crc | 5 | 9 | 13 | lib/opencdk/armor.c | 
|  | oid2bag | 5 | 9 | 14 | lib/x509/pkcs12.c | 
|  | cdk_kbnode_walk | 5 | 9 | 21 | lib/opencdk/kbnode.c | 
|  | _gnutls_cipher_decrypt | 5 | 9 | 23 | lib/gnutls_cipher_int.c | 
|  | cdk_keydb_search_release | 5 | 8 | 15 | lib/opencdk/keydb.c | 
|  | _gnutls_ext_func_recv | 5 | 8 | 12 | lib/gnutls_extensions.c | 
|  | _gnutls_srp_entry_free | 5 | 8 | 17 | lib/auth_srp_passwd.c | 
|  | _gnutls_hmac_output | 5 | 8 | 19 | lib/gnutls_hash_int.c | 
|  | _gnutls_hash_output | 5 | 8 | 19 | lib/gnutls_hash_int.c | 
|  | gnutls_x509_crt_set_subject_alternative_name | 5 | 7 | 23 | lib/x509/x509_write.c | 
|  | cdk_kbnode_find_prev | 5 | 7 | 13 | lib/opencdk/kbnode.c | 
|  | gnutls_db_check_entry | 5 | 6 | 18 | lib/gnutls_db.c | 
|  | proc_psk_client_kx | 5 | 35 | 70 | lib/auth_dhe_psk.c | 
|  | _gnutls_parse_supplemental | 5 | 32 | 58 | lib/gnutls_supplemental.c | 
|  | _gnutls_x509_time2gtime | 5 | 29 | 60 | lib/x509/common.c | 
|  | _gnutls_proc_psk_server_kx | 5 | 28 | 59 | lib/auth_psk.c | 
|  | _gnutls_proc_psk_client_kx | 5 | 28 | 60 | lib/auth_psk.c | 
|  | _gnutls_x509_crt_get_raw_dn2 | 5 | 28 | 58 | lib/x509/x509.c | 
|  | _gnutls_x509_get_signature | 5 | 28 | 57 | lib/x509/common.c | 
|  | _gnutls_mac_deinit_ssl3_handshake | 5 | 27 | 46 | lib/gnutls_hash_int.c | 
|  | gnutls_x509_crq_set_key_rsa_raw | 5 | 26 | 53 | lib/x509/crq.c | 
|  | add_new_crt_to_rdn_seq | 5 | 26 | 55 | lib/gnutls_x509.c | 
|  | _gnutls_gen_x509_crt | 5 | 26 | 54 | lib/auth_cert.c | 
|  | _gnutls_x509_crt_cpy | 5 | 25 | 45 | lib/x509/x509.c | 
|  | create_empty_pfx | 5 | 25 | 56 | lib/x509/pkcs12.c | 
|  | _gnutls_x509_crl_cpy | 5 | 25 | 45 | lib/x509/crl.c | 
|  | _gnutls_proc_cert_client_cert_vrfy | 5 | 25 | 47 | lib/auth_cert.c | 
|  | gen_anon_server_kx | 5 | 24 | 47 | lib/auth_anon.c | 
|  | _gnutls_hmac_init | 5 | 24 | 48 | lib/gnutls_hash_int.c | 
|  | gen_psk_server_kx | 5 | 24 | 47 | lib/auth_dhe_psk.c | 
|  | gnutls_x509_crt_set_crl_dist_points2 | 5 | 23 | 57 | lib/x509/x509_write.c | 
|  | _gnutls_x509_write_dsa_public_key | 5 | 23 | 46 | lib/x509/mpi.c | 
|  | add_attribute | 5 | 23 | 47 | lib/x509/crq.c | 
|  | _gnutls_decode_ber_rs | 5 | 23 | 45 | lib/gnutls_pk.c | 
|  | _gnutls_x509_read_int | 5 | 23 | 41 | lib/gnutls_mpi.c | 
|  | _cdk_tmpfile | 5 | 23 | 33 | lib/opencdk/misc.c | 
|  | write_pbe_enc_params | 5 | 23 | 60 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_gen_cert_client_cert_vrfy | 5 | 23 | 51 | lib/auth_cert.c | 
|  | _gnutls_server_select_comp_method | 5 | 22 | 48 | lib/gnutls_handshake.c | 
|  | oprfi_recv_client | 5 | 22 | 42 | lib/ext_oprfi.c | 
|  | gnutls_srp_verifier | 5 | 22 | 43 | lib/gnutls_srp.c | 
|  | _gnutls_handshake_select_v2_suite | 5 | 22 | 41 | lib/gnutls_v2_compat.c | 
|  | overwrite_extension | 5 | 22 | 40 | lib/x509/extensions.c | 
|  | gnutls_x509_crt_get_fingerprint | 5 | 22 | 42 | lib/x509/x509.c | 
|  | oprfi_send_server | 5 | 22 | 50 | lib/ext_oprfi.c | 
|  | _gnutls_ssl3_generate_random | 5 | 21 | 43 | lib/gnutls_hash_int.c | 
|  | _gnutls_x509_read_rsa_params | 5 | 21 | 45 | lib/x509/mpi.c | 
|  | _gnutls_encode_ber_rs | 5 | 21 | 43 | lib/gnutls_pk.c | 
|  | _gnutls_openpgp_raw_crt_to_gcert | 5 | 20 | 39 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_x509_raw_privkey_to_gkey | 5 | 20 | 43 | lib/gnutls_x509.c | 
|  | _gnutls_srp_gx | 5 | 20 | 40 | lib/gnutls_srp.c | 
|  | gnutls_pkcs12_bag_decrypt | 5 | 19 | 44 | lib/x509/pkcs12_bag.c | 
|  | gnutls_x509_crl_get_crt_serial | 5 | 19 | 40 | lib/x509/crl.c | 
|  | _cdk_copy_prefs | 5 | 19 | 23 | lib/opencdk/new-packet.c | 
|  | _gnutls_x509_data2hex | 5 | 19 | 37 | lib/x509/common.c | 
|  | _gnutls_client_set_comp_method | 5 | 19 | 38 | lib/gnutls_handshake.c | 
|  | _gnutls_send_server_certificate | 5 | 18 | 40 | lib/gnutls_kx.c | 
|  | gnutls_session_get_data | 5 | 18 | 36 | lib/gnutls_session.c | 
|  | read_cert_mem | 5 | 18 | 47 | lib/gnutls_x509.c | 
|  | _gnutls_send_client_kx_message | 5 | 18 | 38 | lib/gnutls_kx.c | 
|  | _gnutls_server_register_current_session | 5 | 18 | 36 | lib/gnutls_db.c | 
|  | gnutls_x509_crq_get_basic_constraints | 5 | 18 | 38 | lib/x509/crq.c | 
|  | gnutls_certificate_set_x509_crl | 5 | 18 | 38 | lib/gnutls_x509.c | 
|  | gnutls_x509_rdn_get | 5 | 18 | 40 | lib/x509/dn.c | 
|  | gnutls_x509_crt_cpy_crl_dist_points | 5 | 17 | 39 | lib/x509/x509_write.c | 
|  | cdk_stream_get_length | 5 | 17 | 33 | lib/opencdk/stream.c | 
|  | gnutls_rsa_export_get_pubkey | 5 | 17 | 36 | lib/gnutls_ui.c | 
|  | gnutls_x509_crq_get_extension_by_oid | 5 | 17 | 37 | lib/x509/crq.c | 
|  | dsa_verify_sig | 5 | 16 | 35 | lib/x509/verify.c | 
|  | check_if_same_cert | 5 | 16 | 31 | lib/x509/verify.c | 
|  | hash_mpibuf | 5 | 16 | 25 | lib/opencdk/sig-check.c | 
|  | gnutls_x509_crl_set_crt | 5 | 16 | 33 | lib/x509/crl_write.c | 
|  | gnutls_certificate_set_x509_trust_file | 5 | 16 | 33 | lib/gnutls_x509.c | 
|  | pack_srp_auth_info | 5 | 15 | 33 | lib/gnutls_session_pack.c | 
|  | _cdk_copy_userid | 5 | 15 | 23 | lib/opencdk/new-packet.c | 
|  | cdk_kbnode_commit | 5 | 15 | 24 | lib/opencdk/kbnode.c | 
|  | gnutls_server_name_get | 5 | 15 | 44 | lib/ext_server_name.c | 
|  | read_new_length | 5 | 14 | 27 | lib/opencdk/read-packet.c | 
|  | _gnutls_uint64pp | 5 | 14 | 24 | lib/gnutls_num.c | 
|  | _cdk_filter_literal | 5 | 14 | 22 | lib/opencdk/literal.c | 
|  | get_temp_recv_buffer | 5 | 13 | 38 | lib/gnutls_record.c | 
|  | _cdk_filter_armor | 5 | 13 | 22 | lib/opencdk/armor.c | 
|  | _get_public_subkey | 5 | 13 | 24 | lib/openpgp/pgp.c | 
|  | gnutls_x509_crt_set_crq | 5 | 13 | 30 | lib/x509/x509_write.c | 
|  | cpydata | 5 | 12 | 18 | lib/x509_b64.c | 
|  | cdk_kbnode_remove | 5 | 12 | 21 | lib/opencdk/kbnode.c | 
|  | search_header | 5 | 11 | 18 | lib/opencdk/armor.c | 
|  | gnutls_srp_set_client_credentials | 5 | 11 | 24 | lib/gnutls_srp.c | 
|  | cdk_keydb_free | 5 | 11 | 23 | lib/opencdk/keydb.c | 
|  | text_encode | 5 | 11 | 21 | lib/opencdk/literal.c | 
|  | _gnutls_version_max | 5 | 11 | 21 | lib/gnutls_algorithms.c | 
|  | _gnutls_version_lowest | 5 | 11 | 21 | lib/gnutls_algorithms.c | 
|  | gnutls_x509_crt_sign2 | 5 | 10 | 27 | lib/x509/x509_write.c | 
|  | record_check_version | 5 | 10 | 34 | lib/gnutls_record.c | 
|  | cdk_handle_free | 5 | 10 | 19 | lib/opencdk/main.c | 
|  | _cdk_filter_text | 5 | 10 | 18 | lib/opencdk/literal.c | 
|  | cdk_keydb_get_byfpr | 5 | 10 | 20 | lib/opencdk/keydb.c | 
|  | _gnutls_handshake_buffer_put | 5 | 10 | 27 | lib/gnutls_buffers.c | 
|  | cdk_keydb_get_bykeyid | 5 | 10 | 19 | lib/opencdk/keydb.c | 
|  | check_schema | 5 | 10 | 20 | lib/x509/privkey_pkcs8.c | 
|  | cdk_pkt_write | 16 | 31 | 54 | lib/opencdk/write-packet.c | 
|  | _cdk_pkt_get_fingerprint | 7 | 6 | 21 | lib/opencdk/pubkey.c | 
|  | _gnutls_record_buffer_put | 6 | 18 | 43 | lib/gnutls_buffers.c | 
|  | _gnutls_record_buffer_get | 6 | 15 | 40 | lib/gnutls_buffers.c | 
|  | _gnutls_x509_sign | 5 | 15 | 36 | lib/x509/sign.c | 
|  | _gnutls_sign | 5 | 13 | 35 | lib/gnutls_sig.c | 
|  | verify_sig | 5 | 12 | 38 | lib/x509/verify.c | 
|  | wrap_gcry_pk_generate_params | 5 | 12 | 32 | lib/pk-libgcrypt.c | 
|  | _cdk_stream_get_opaque | 4 | 9 | 15 | lib/opencdk/stream.c | 
|  | cdk_subpkt_find_next | 4 | 9 | 15 | lib/opencdk/new-packet.c | 
|  | _gnutls_extension_list_check | 4 | 9 | 18 | lib/gnutls_extensions.c | 
|  | cdk_subpkt_find_nth | 4 | 9 | 15 | lib/opencdk/new-packet.c | 
|  | gnutls_certificate_get_ours | 4 | 9 | 20 | lib/gnutls_ui.c | 
|  | uid_list_all_signed | 4 | 9 | 19 | lib/opencdk/sig-check.c | 
|  | _gnutls_comp_deinit | 4 | 9 | 27 | lib/gnutls_compress.c | 
|  | prio_add | 4 | 9 | 19 | lib/gnutls_priority.c | 
|  | gnutls_pk_algorithm_get_name | 4 | 9 | 15 | lib/gnutls_algorithms.c | 
|  | kbnode_find_valid | 4 | 9 | 15 | lib/opencdk/keydb.c | 
|  | _gnutls_x509_oid2mac_algorithm | 4 | 8 | 14 | lib/gnutls_algorithms.c | 
|  | wrap_gcry_mpi_print | 4 | 8 | 17 | lib/mpi-libgcrypt.c | 
|  | gnutls_credentials_clear | 4 | 8 | 16 | lib/gnutls_auth.c | 
|  | find_key_packet | 4 | 8 | 14 | lib/opencdk/keydb.c | 
|  | _gnutls_x509_pk_to_sign | 4 | 8 | 14 | lib/gnutls_algorithms.c | 
|  | write_head_new | 4 | 8 | 14 | lib/opencdk/write-packet.c | 
|  | cdk_pk_get_npkey | 4 | 8 | 15 | lib/opencdk/pubkey.c | 
|  | wrap_gcry_mac_output | 4 | 8 | 18 | lib/mac-libgcrypt.c | 
|  | cdk_strlist_next | 4 | 8 | 12 | lib/opencdk/misc.c | 
|  | _get_algo | 4 | 7 | 19 | lib/crypto.c | 
|  | _gnutls_retrieve_session | 4 | 7 | 19 | lib/gnutls_db.c | 
|  | cdk_handle_get_keydb | 4 | 7 | 11 | lib/opencdk/main.c | 
|  | gnutls_dh_params_cpy | 4 | 7 | 14 | lib/gnutls_dh_primes.c | 
|  | _gnutls_map_kx_get_cred | 4 | 7 | 17 | lib/gnutls_algorithms.c | 
|  | cdk_subpkt_get_data | 4 | 6 | 10 | lib/opencdk/new-packet.c | 
|  | cdk_sig_get_keyid | 4 | 6 | 12 | lib/opencdk/pubkey.c | 
|  | _cdk_stream_get_fname | 4 | 6 | 9 | lib/opencdk/stream.c | 
|  | read_secret_subkey | 4 | 6 | 12 | lib/opencdk/read-packet.c | 
|  | gnutls_certificate_type_get_id | 4 | 6 | 12 | lib/gnutls_algorithms.c | 
|  | cdk_sk_get_mpi | 4 | 5 | 12 | lib/opencdk/pubkey.c | 
|  | cdk_pk_get_mpi | 4 | 5 | 12 | lib/opencdk/pubkey.c | 
|  | gnutls_openpgp_crt_get_preferred_key_id | 4 | 5 | 14 | lib/openpgp/pgp.c | 
|  | _gnutls_cipher_deinit | 4 | 5 | 13 | lib/gnutls_cipher_int.c | 
|  | gnutls_openpgp_privkey_get_preferred_key_id | 4 | 5 | 14 | lib/openpgp/privkey.c | 
|  | gnutls_cipher_suite_get_name | 4 | 4 | 15 | lib/gnutls_algorithms.c | 
|  | pack_psk_auth_info | 4 | 36 | 69 | lib/gnutls_session_pack.c | 
|  | gnutls_init | 4 | 36 | 88 | lib/gnutls_state.c | 
|  | is_type_printable | 4 | 3 | 9 | lib/x509/x509.c | 
|  | gnutls_x509_crq_set_dn_by_oid | 4 | 3 | 14 | lib/x509/crq.c | 
|  | gnutls_x509_crt_set_dn_by_oid | 4 | 3 | 13 | lib/x509/x509_write.c | 
|  | _gnutls_dh_params_to_mpi | 4 | 3 | 11 | lib/gnutls_dh_primes.c | 
|  | _gnutls_abort_handshake | 4 | 3 | 11 | lib/gnutls_handshake.c | 
|  | _gnutls_db_func_is_ok | 4 | 3 | 10 | lib/gnutls_db.c | 
|  | gnutls_x509_crt_set_issuer_dn_by_oid | 4 | 3 | 15 | lib/x509/x509_write.c | 
|  | pack_anon_auth_info | 4 | 24 | 47 | lib/gnutls_session_pack.c | 
|  | _gnutls_x509_ext_extract_keyUsage | 4 | 22 | 42 | lib/x509/extensions.c | 
|  | _gnutls_mac_deinit_ssl3 | 4 | 22 | 37 | lib/gnutls_hash_int.c | 
|  | _gnutls_ssl3_finished | 4 | 22 | 47 | lib/gnutls_handshake.c | 
|  | _gnutls_cert_get_issuer_dn | 4 | 21 | 42 | lib/auth_cert.c | 
|  | pkcs1_rsa_sign | 4 | 21 | 43 | lib/x509/sign.c | 
|  | _gnutls_x509_ext_gen_keyUsage | 4 | 20 | 37 | lib/x509/extensions.c | 
|  | gnutls_certificate_free_keys | 4 | 20 | 31 | lib/gnutls_cert.c | 
|  | print_crq_other | 4 | 20 | 35 | lib/x509/output.c | 
|  | print_ski | 4 | 20 | 35 | lib/x509/output.c | 
|  | _gnutls_copy_comp_methods | 4 | 20 | 37 | lib/gnutls_handshake.c | 
|  | parse_der_crl_mem | 4 | 20 | 43 | lib/gnutls_x509.c | 
|  | parse_der_ca_mem | 4 | 20 | 43 | lib/gnutls_x509.c | 
|  | _gnutls_x509_decode_and_read_attribute | 4 | 19 | 44 | lib/x509/dn.c | 
|  | _gnutls_base64_decode | 4 | 19 | 28 | lib/x509_b64.c | 
|  | oprfi_recv_server | 4 | 19 | 36 | lib/ext_oprfi.c | 
|  | _gnutls_hex2bin | 4 | 19 | 34 | lib/gnutls_str.c | 
|  | gnutls_x509_crt_print | 4 | 19 | 42 | lib/x509/output.c | 
|  | _gnutls_x509_ext_gen_auth_key_id | 4 | 19 | 39 | lib/x509/extensions.c | 
|  | _gnutls_x509_ext_extract_number | 4 | 18 | 42 | lib/x509/extensions.c | 
|  | _gnutls_x509_set_time | 4 | 18 | 34 | lib/x509/common.c | 
|  | _gnutls_x509_privkey_to_gkey | 4 | 18 | 32 | lib/gnutls_x509.c | 
|  | _gnutls_dsa_sign | 4 | 18 | 32 | lib/gnutls_pk.c | 
|  | cdk_keydb_new_from_mem | 4 | 18 | 28 | lib/opencdk/keydb.c | 
|  | _gnutls_server_restore_session | 4 | 18 | 37 | lib/gnutls_db.c | 
|  | _gnutls_calc_srp_S1 | 4 | 18 | 31 | lib/gnutls_srp.c | 
|  | _gnutls_supported_ciphersuites_sorted | 4 | 18 | 35 | lib/gnutls_algorithms.c | 
|  | _gnutls_x509_get_signed_data | 4 | 18 | 40 | lib/x509/common.c | 
|  | _gnutls_x509_ext_gen_number | 4 | 17 | 36 | lib/x509/extensions.c | 
|  | _gnutls_hash_init | 4 | 17 | 34 | lib/gnutls_hash_int.c | 
|  | _gnutls_mac_init_ssl3 | 4 | 17 | 32 | lib/gnutls_hash_int.c | 
|  | _gnutls_gen_psk_server_kx | 4 | 17 | 36 | lib/auth_psk.c | 
|  | gnutls_x509_crq_get_key_usage | 4 | 17 | 36 | lib/x509/crq.c | 
|  | gnutls_x509_privkey_sign_data | 4 | 17 | 37 | lib/x509/privkey.c | 
|  | _gnutls_base64_encode | 4 | 17 | 28 | lib/x509_b64.c | 
|  | _gnutls_x509_ext_gen_key_id | 4 | 17 | 36 | lib/x509/extensions.c | 
|  | gnutls_x509_crt_set_proxy | 4 | 16 | 42 | lib/x509/x509_write.c | 
|  | gnutls_x509_crt_set_key_usage | 4 | 16 | 35 | lib/x509/x509_write.c | 
|  | gnutls_x509_crt_set_basic_constraints | 4 | 16 | 37 | lib/x509/x509_write.c | 
|  | cdk_keydb_new_from_file | 4 | 16 | 24 | lib/opencdk/keydb.c | 
|  | _gnutls_x509_read_der_int | 4 | 16 | 38 | lib/x509/mpi.c | 
|  | gnutls_x509_crq_get_attribute_info | 4 | 16 | 32 | lib/x509/crq.c | 
|  | _gnutls_openpgp_fingerprint | 4 | 16 | 31 | lib/openpgp/compat.c | 
|  | gnutls_x509_crl_get_extension_data | 4 | 15 | 30 | lib/x509/crl.c | 
|  | _gnutls_x509_verify_signature | 4 | 15 | 38 | lib/x509/verify.c | 
|  | read_key_mem | 4 | 15 | 37 | lib/gnutls_x509.c | 
|  | _gnutls_dsa_verify | 4 | 15 | 30 | lib/gnutls_pk.c | 
|  | get_issuers | 4 | 15 | 38 | lib/auth_cert.c | 
|  | _gnutls_rsa_verify | 4 | 15 | 36 | lib/gnutls_pk.c | 
|  | gnutls_x509_crq_set_key_usage | 4 | 15 | 33 | lib/x509/crq.c | 
|  | gnutls_x509_crq_set_basic_constraints | 4 | 15 | 35 | lib/x509/crq.c | 
|  | gnutls_x509_crt_get_extension_data | 4 | 15 | 30 | lib/x509/x509.c | 
|  | cdk_stream_set_hash_flag | 4 | 15 | 26 | lib/opencdk/stream.c | 
|  | gnutls_x509_crq_get_attribute_data | 4 | 15 | 30 | lib/x509/crq.c | 
|  | gnutls_x509_rdn_get_oid | 4 | 15 | 35 | lib/x509/dn.c | 
|  | gnutls_x509_rdn_get_by_oid | 4 | 15 | 38 | lib/x509/dn.c | 
|  | gnutls_prf | 4 | 15 | 35 | lib/gnutls_state.c | 
|  | gnutls_pkcs7_set_crl | 4 | 14 | 28 | lib/x509/pkcs7.c | 
|  | gnutls_pkcs7_get_crl_count | 4 | 14 | 33 | lib/x509/pkcs7.c | 
|  | _gnutls_recv_server_certificate | 4 | 14 | 35 | lib/gnutls_kx.c | 
|  | gnutls_pkcs7_set_crt | 4 | 14 | 28 | lib/x509/pkcs7.c | 
|  | gnutls_openpgp_crt_check_hostname | 4 | 14 | 29 | lib/openpgp/pgp.c | 
|  | gnutls_certificate_set_openpgp_keyring_file | 4 | 14 | 31 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_handshake_hash_pending | 4 | 14 | 31 | lib/gnutls_handshake.c | 
|  | gnutls_pkcs7_get_crt_count | 4 | 14 | 33 | lib/x509/pkcs7.c | 
|  | checksum_mpi | 4 | 14 | 17 | lib/opencdk/pubkey.c | 
|  | gnutls_server_name_set | 4 | 14 | 32 | lib/ext_server_name.c | 
|  | _gnutls_selected_certs_deinit | 4 | 14 | 25 | lib/auth_cert.c | 
|  | gnutls_certificate_set_x509_crl_file | 4 | 14 | 32 | lib/gnutls_x509.c | 
|  | gnutls_x509_crq_set_challenge_password | 4 | 13 | 37 | lib/x509/crq.c | 
|  | cdk_stream_filter_disable | 4 | 13 | 23 | lib/opencdk/stream.c | 
|  | gnutls_openpgp_crt_get_subkey_count | 4 | 13 | 24 | lib/openpgp/pgp.c | 
|  | record_check_headers | 4 | 13 | 55 | lib/gnutls_record.c | 
|  | gnutls_pem_base64_decode | 4 | 13 | 28 | lib/x509_b64.c | 
|  | cdk_armor_filter_use | 4 | 13 | 20 | lib/opencdk/armor.c | 
|  | gnutls_srp_base64_decode | 4 | 13 | 26 | lib/auth_srp_sb64.c | 
|  | gnutls_openpgp_privkey_get_subkey_count | 4 | 13 | 24 | lib/openpgp/privkey.c | 
|  | gnutls_srp_base64_encode | 4 | 13 | 26 | lib/auth_srp_sb64.c | 
|  | gnutls_pem_base64_encode | 4 | 13 | 26 | lib/x509_b64.c | 
|  | _gnutls_openpgp_count_key_names | 4 | 13 | 24 | lib/openpgp/pgp.c | 
|  | _gnutls_string_get_datum | 4 | 13 | 28 | lib/gnutls_str.c | 
|  | alloc_and_load_pgp_key | 4 | 13 | 25 | lib/auth_cert.c | 
|  | alloc_and_load_x509_key | 4 | 13 | 25 | lib/auth_cert.c | 
|  | find_selfsig_node | 4 | 13 | 21 | lib/opencdk/keydb.c | 
|  | _gnutls_qsort | 4 | 13 | 27 | lib/gnutls_algorithms.c | 
|  | cdk_kbnode_insert | 4 | 13 | 25 | lib/opencdk/kbnode.c | 
|  | gnutls_openpgp_crt_get_subkey_id | 4 | 12 | 24 | lib/openpgp/pgp.c | 
|  | read_old_length | 4 | 12 | 26 | lib/opencdk/read-packet.c | 
|  | gnutls_openpgp_crt_get_subkey_pk_algorithm | 4 | 12 | 26 | lib/openpgp/pgp.c | 
|  | gnutls_x509_crq_get_version | 4 | 12 | 26 | lib/x509/crq.c | 
|  | gnutls_x509_crq_set_version | 4 | 12 | 25 | lib/x509/crq.c | 
|  | gnutls_openpgp_privkey_get_subkey_id | 4 | 12 | 24 | lib/openpgp/privkey.c | 
|  | gnutls_x509_crt_get_version | 4 | 12 | 26 | lib/x509/x509.c | 
|  | gnutls_x509_crl_set_version | 4 | 12 | 24 | lib/x509/crl_write.c | 
|  | gnutls_openpgp_crt_get_key_id | 4 | 12 | 23 | lib/openpgp/pgp.c | 
|  | _cdk_copy_signature | 4 | 12 | 20 | lib/opencdk/new-packet.c | 
|  | gnutls_pkcs12_bag_set_key_id | 4 | 12 | 30 | lib/x509/pkcs12_bag.c | 
|  | _gnutls_recv_client_kx_message | 4 | 12 | 32 | lib/gnutls_kx.c | 
|  | gnutls_openpgp_crt_get_pk_algorithm | 4 | 12 | 24 | lib/openpgp/pgp.c | 
|  | _gnutls_srp_recv_params | 4 | 12 | 27 | lib/ext_srp.c | 
|  | gnutls_openpgp_privkey_get_key_id | 4 | 12 | 23 | lib/openpgp/privkey.c | 
|  | _gnutls_recv_hello_request | 4 | 12 | 25 | lib/gnutls_handshake.c | 
|  | gnutls_openpgp_privkey_get_pk_algorithm | 4 | 12 | 24 | lib/openpgp/privkey.c | 
|  | gnutls_session_set_data | 4 | 12 | 24 | lib/gnutls_session.c | 
|  | gnutls_x509_crt_set_version | 4 | 12 | 24 | lib/x509/x509_write.c | 
|  | _gnutls_bsort | 4 | 12 | 22 | lib/gnutls_algorithms.c | 
|  | _gnutls_client_check_if_resuming | 4 | 12 | 39 | lib/gnutls_handshake.c | 
|  | read_crl_mem | 4 | 12 | 33 | lib/gnutls_x509.c | 
|  | cdk_stream_enable_cache | 4 | 12 | 23 | lib/opencdk/stream.c | 
|  | gnutls_calc_dh_key | 4 | 11 | 19 | lib/gnutls_dh.c | 
|  | _cdk_filter_hash | 4 | 11 | 20 | lib/opencdk/hash.c | 
|  | _set_priority | 4 | 11 | 19 | lib/gnutls_priority.c | 
|  | gnutls_pkcs12_bag_set_friendly_name | 4 | 11 | 26 | lib/x509/pkcs12_bag.c | 
|  | gnutls_cipher_set_priority | 4 | 11 | 18 | lib/gnutls_priority.c | 
|  | prio_remove | 4 | 11 | 22 | lib/gnutls_priority.c | 
|  | gnutls_strerror | 4 | 11 | 21 | lib/gnutls_errors.c | 
|  | _gnutls_user_hello_func | 4 | 11 | 26 | lib/gnutls_handshake.c | 
|  | write_mdc | 4 | 11 | 19 | lib/opencdk/write-packet.c | 
|  | gnutls_error_is_fatal | 4 | 11 | 22 | lib/gnutls_errors.c | 
|  | _gnutls_handshake_hash_init | 4 | 11 | 30 | lib/gnutls_handshake.c | 
|  | _gnutls_recv_hello | 4 | 11 | 27 | lib/gnutls_handshake.c | 
|  | gnutls_psk_set_server_credentials_file | 4 | 11 | 27 | lib/gnutls_psk.c | 
|  | cdk_pk_get_nskey | 4 | 11 | 20 | lib/opencdk/pubkey.c | 
|  | _gnutls_get_selected_cert | 4 | 11 | 38 | lib/auth_cert.c | 
|  | gnutls_x509_crl_sign2 | 4 | 10 | 27 | lib/x509/crl_write.c | 
|  | gnutls_certificate_set_x509_key_file | 4 | 10 | 26 | lib/gnutls_x509.c | 
|  | gnutls_openpgp_crt_get_subkey_revoked_status | 4 | 10 | 20 | lib/openpgp/pgp.c | 
|  | _gnutls_set_datum_m | 4 | 10 | 20 | lib/gnutls_datum.c | 
|  | check_bits | 4 | 10 | 21 | lib/gnutls_x509.c | 
|  | gnutls_openpgp_crt_get_revoked_status | 4 | 10 | 19 | lib/openpgp/pgp.c | 
|  | gnutls_openpgp_privkey_get_subkey_revoked_status | 4 | 10 | 20 | lib/openpgp/privkey.c | 
|  | _get_secret_subkey | 4 | 10 | 18 | lib/openpgp/privkey.c | 
|  | gnutls_openpgp_privkey_get_revoked_status | 4 | 10 | 19 | lib/openpgp/privkey.c | 
|  | gnutls_session_get_data2 | 4 | 10 | 23 | lib/gnutls_session.c | 
|  | _gnutls_version_priority | 4 | 10 | 18 | lib/gnutls_algorithms.c | 
|  | is_armored | 11 | 8 | 25 | lib/opencdk/armor.c | 
|  | wrap_gcry_mac_init | 9 | 22 | 40 | lib/mac-libgcrypt.c | 
|  | _cdk_pkt_write2 | 8 | 17 | 33 | lib/opencdk/write-packet.c | 
|  | _cdk_pkt_get_keyid | 7 | 12 | 31 | lib/opencdk/pubkey.c | 
|  | _cdk_pkt_detach_free | 6 | 9 | 28 | lib/opencdk/new-packet.c | 
|  | encode | 5 | 21 | 43 | lib/x509_b64.c | 
|  | calc_s2ksize | 5 | 12 | 23 | lib/opencdk/write-packet.c | 
|  | _gnutls_gen_cert_client_certificate | 4 | 6 | 20 | lib/auth_cert.c | 
|  | _gnutls_get_auth_info_gcert | 4 | 5 | 25 | lib/gnutls_cert.c | 
|  | gnutls_error_to_alert | 35 | 49 | 99 | lib/gnutls_alert.c | 
|  | gnutls_openpgp_crt_get_subkey_expiration_time | 3 | 9 | 18 | lib/openpgp/pgp.c | 
|  | gnutls_x509_crt_get_pk_algorithm | 3 | 9 | 25 | lib/x509/x509.c | 
|  | gnutls_openpgp_crt_get_subkey_creation_time | 3 | 9 | 18 | lib/openpgp/pgp.c | 
|  | gnutls_x509_crt_set_serial | 3 | 9 | 24 | lib/x509/x509_write.c | 
|  | gnutls_x509_crq_set_key | 3 | 9 | 25 | lib/x509/crq.c | 
|  | gnutls_x509_privkey_deinit | 3 | 9 | 16 | lib/x509/privkey.c | 
|  | cdk_subpkt_add | 3 | 9 | 12 | lib/opencdk/new-packet.c | 
|  | gnutls_openpgp_crt_get_key_usage | 3 | 9 | 20 | lib/openpgp/pgp.c | 
|  | write_compressed | 3 | 9 | 17 | lib/opencdk/write-packet.c | 
|  | gnutls_openpgp_privkey_get_subkey_expiration_time | 3 | 9 | 18 | lib/openpgp/privkey.c | 
|  | cdk_subpkt_type_count | 3 | 9 | 15 | lib/opencdk/new-packet.c | 
|  | gnutls_openpgp_privkey_get_subkey_creation_time | 3 | 9 | 18 | lib/openpgp/privkey.c | 
|  | gnutls_pkcs12_bag_get_key_id | 3 | 9 | 21 | lib/x509/pkcs12_bag.c | 
|  | gnutls_x509_crq_init | 3 | 9 | 20 | lib/x509/crq.c | 
|  | gnutls_x509_crl_init | 3 | 9 | 20 | lib/x509/crl.c | 
|  | keydb_idx_mkname | 3 | 9 | 14 | lib/opencdk/keydb.c | 
|  | gnutls_openpgp_crt_get_expiration_time | 3 | 9 | 17 | lib/openpgp/pgp.c | 
|  | gnutls_x509_crl_get_crt_count | 3 | 9 | 24 | lib/x509/crl.c | 
|  | gnutls_openpgp_crt_get_creation_time | 3 | 9 | 17 | lib/openpgp/pgp.c | 
|  | gnutls_openpgp_crt_get_version | 3 | 9 | 17 | lib/openpgp/pgp.c | 
|  | gnutls_strerror_name | 3 | 9 | 17 | lib/gnutls_errors.c | 
|  | _pkcs12_check_pass | 3 | 9 | 15 | lib/x509/pkcs12_encr.c | 
|  | _gnutls_bin2hex | 3 | 9 | 16 | lib/gnutls_str.c | 
|  | _gnutls_negotiate_version | 3 | 9 | 30 | lib/gnutls_handshake.c | 
|  | gnutls_x509_crt_verify_hash | 3 | 9 | 22 | lib/x509/x509.c | 
|  | gnutls_x509_crt_verify_data | 3 | 9 | 22 | lib/x509/x509.c | 
|  | proc_psk_server_kx | 3 | 9 | 25 | lib/auth_dhe_psk.c | 
|  | gnutls_x509_crt_set_key | 3 | 9 | 25 | lib/x509/x509_write.c | 
|  | _gnutls_x509_pk_to_oid | 3 | 9 | 15 | lib/gnutls_algorithms.c | 
|  | _gnutls_x509_oid2pk_algorithm | 3 | 9 | 15 | lib/gnutls_algorithms.c | 
|  | _gnutls_x509_oid2sign_algorithm | 3 | 9 | 17 | lib/gnutls_algorithms.c | 
|  | gnutls_x509_privkey_verify_data | 3 | 9 | 23 | lib/x509/privkey.c | 
|  | gnutls_x509_privkey_sign_hash | 3 | 9 | 23 | lib/x509/privkey.c | 
|  | gnutls_pkcs7_init | 3 | 9 | 20 | lib/x509/pkcs7.c | 
|  | proc_anon_server_kx | 3 | 9 | 25 | lib/auth_anon.c | 
|  | gnutls_pkcs12_init | 3 | 9 | 20 | lib/x509/pkcs12.c | 
|  | oid2cipher | 3 | 9 | 21 | lib/x509/privkey_pkcs8.c | 
|  | write_mpibuf | 3 | 9 | 14 | lib/opencdk/write-packet.c | 
|  | gnutls_openpgp_crt_get_subkey_usage | 3 | 9 | 21 | lib/openpgp/pgp.c | 
|  | _gnutls_set_write_mac | 3 | 8 | 23 | lib/gnutls_constate.c | 
|  | _gnutls_set_read_mac | 3 | 8 | 23 | lib/gnutls_constate.c | 
|  | _gnutls_set_kx | 3 | 8 | 23 | lib/gnutls_constate.c | 
|  | _gnutls_gcert_deinit | 3 | 8 | 15 | lib/gnutls_cert.c | 
|  | _gnutls_handshake_hash_add_sent | 3 | 8 | 23 | lib/gnutls_handshake.c | 
|  | gnutls_x509_crl_get_extension_oid | 3 | 8 | 21 | lib/x509/crl.c | 
|  | _gnutls_set_write_cipher | 3 | 8 | 25 | lib/gnutls_constate.c | 
|  | _gnutls_set_read_cipher | 3 | 8 | 25 | lib/gnutls_constate.c | 
|  | cdk_subpkt_new | 3 | 8 | 14 | lib/opencdk/new-packet.c | 
|  | filter_search | 3 | 8 | 15 | lib/opencdk/stream.c | 
|  | gnutls_pkcs12_bag_get_friendly_name | 3 | 8 | 20 | lib/x509/pkcs12_bag.c | 
|  | cdk_pkt_new | 3 | 8 | 13 | lib/opencdk/new-packet.c | 
|  | gnutls_crypto_digest_register2 | 3 | 8 | 19 | lib/crypto.c | 
|  | gnutls_crypto_mac_register2 | 3 | 8 | 19 | lib/crypto.c | 
|  | gnutls_crypto_cipher_register2 | 3 | 8 | 19 | lib/crypto.c | 
|  | _cdk_sk_get_csum | 3 | 8 | 11 | lib/opencdk/pubkey.c | 
|  | gnutls_crypto_pk_register2 | 3 | 8 | 19 | lib/crypto.c | 
|  | gnutls_psk_client_get_hint | 3 | 8 | 16 | lib/gnutls_psk.c | 
|  | gnutls_crypto_bigint_register2 | 3 | 8 | 19 | lib/crypto.c | 
|  | get_keyid | 3 | 8 | 20 | lib/openpgp/gnutls_openpgp.c | 
|  | gnutls_psk_server_get_username | 3 | 8 | 16 | lib/gnutls_psk.c | 
|  | _gnutls_openpgp_get_algo | 3 | 8 | 17 | lib/openpgp/privkey.c | 
|  | find_issuer | 3 | 8 | 18 | lib/x509/verify.c | 
|  | gnutls_rsa_params_export_raw | 3 | 8 | 21 | lib/gnutls_rsa_export.c | 
|  | gnutls_crypto_rnd_register2 | 3 | 8 | 19 | lib/crypto.c | 
|  | cache_sig_result | 3 | 8 | 16 | lib/opencdk/sig-check.c | 
|  | mac_init | 3 | 8 | 23 | lib/gnutls_cipher.c | 
|  | gnutls_x509_crt_get_extension_oid | 3 | 8 | 21 | lib/x509/x509.c | 
|  | gnutls_pkcs12_bag_get_data | 3 | 8 | 18 | lib/x509/pkcs12_bag.c | 
|  | gnutls_session_get_id | 3 | 8 | 24 | lib/gnutls_session.c | 
|  | _gnutls_mpi_scan_nz | 3 | 8 | 19 | lib/gnutls_mpi.c | 
|  | gnutls_x509_crq_get_pk_algorithm | 3 | 8 | 22 | lib/x509/crq.c | 
|  | find_crl_issuer | 3 | 8 | 18 | lib/x509/verify.c | 
|  | _gnutls_kx_priority | 3 | 7 | 12 | lib/gnutls_algorithms.c | 
|  | skip_packet | 3 | 7 | 14 | lib/opencdk/read-packet.c | 
|  | _gnutls_x509_oid_data_printable | 3 | 7 | 15 | lib/x509/common.c | 
|  | gnutls_alert_get_name | 3 | 7 | 11 | lib/gnutls_alert.c | 
|  | asciiprint | 3 | 7 | 11 | lib/x509/output.c | 
|  | get_supp_func_recv | 3 | 7 | 11 | lib/gnutls_supplemental.c | 
|  | _gnutls_cipher_priority | 3 | 7 | 12 | lib/gnutls_algorithms.c | 
|  | gnutls_realloc_fast | 3 | 7 | 16 | lib/gnutls_mem.c | 
|  | cdk_kbnode_release | 3 | 7 | 14 | lib/opencdk/kbnode.c | 
|  | hexprint | 3 | 7 | 13 | lib/x509/output.c | 
|  | gnutls_supplemental_get_name | 3 | 7 | 11 | lib/gnutls_supplemental.c | 
|  | _gnutls_extension_get_name | 3 | 7 | 11 | lib/gnutls_extensions.c | 
|  | _gnutls_mac_priority | 3 | 7 | 12 | lib/gnutls_algorithms.c | 
|  | hexprint | 3 | 7 | 13 | lib/openpgp/output.c | 
|  | send_debug | 3 | 7 | 14 | lib/io_debug.h | 
|  | gnutls_secure_calloc | 3 | 7 | 10 | lib/gnutls_mem.c | 
|  | _gnutls_gkey_deinit | 3 | 7 | 12 | lib/gnutls_x509.c | 
|  | _gnutls_calloc | 3 | 7 | 10 | lib/gnutls_mem.c | 
|  | recv_debug | 3 | 7 | 14 | lib/io_debug.h | 
|  | _gnutls_str_cat | 3 | 7 | 19 | lib/gnutls_str.c | 
|  | dup_trim_filename | 3 | 7 | 12 | lib/opencdk/literal.c | 
|  | copy_record_version | 3 | 7 | 20 | lib/gnutls_record.c | 
|  | pkt_write_head2 | 3 | 7 | 12 | lib/opencdk/write-packet.c | 
|  | _gnutls_x509_oid2ldap_string | 3 | 7 | 15 | lib/x509/common.c | 
|  | print_key_revoked | 3 | 7 | 15 | lib/openpgp/output.c | 
|  | _gnutls_check_pk_algo_in_list | 3 | 7 | 15 | lib/auth_cert.c | 
|  | _gnutls_x509_oid_data_choice | 3 | 7 | 15 | lib/x509/common.c | 
|  | gnutls_openpgp_crt_verify_self | 3 | 7 | 15 | lib/openpgp/pgpverify.c | 
|  | gnutls_x509_dn_oid_known | 3 | 7 | 15 | lib/x509/common.c | 
|  | _gnutls_x509_compare_raw_dn | 3 | 7 | 17 | lib/x509/dn.c | 
|  | _gnutls_version_is_supported | 3 | 7 | 15 | lib/gnutls_algorithms.c | 
|  | gnutls_certificate_set_x509_trust_mem | 3 | 7 | 19 | lib/gnutls_x509.c | 
|  | gnutls_openpgp_keyring_deinit | 3 | 6 | 14 | lib/openpgp/extras.c | 
|  | gnutls_openpgp_privkey_deinit | 3 | 6 | 14 | lib/openpgp/privkey.c | 
|  | gnutls_openpgp_crt_deinit | 3 | 6 | 14 | lib/openpgp/pgp.c | 
|  | cdk_sk_get_keyid | 3 | 6 | 14 | lib/opencdk/pubkey.c | 
|  | _gnutls_str_cpy | 3 | 6 | 18 | lib/gnutls_str.c | 
|  | wrap_gcry_mpi_mul_ui | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_sub_ui | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_add_ui | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | cdk_listkey_close | 3 | 6 | 12 | lib/opencdk/keydb.c | 
|  | wrap_gcry_mpi_div | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_mul | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_sub | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | cdk_kbnode_find | 3 | 6 | 10 | lib/opencdk/kbnode.c | 
|  | wrap_gcry_mpi_add | 3 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_mulm | 3 | 6 | 14 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_subm | 3 | 6 | 14 | lib/mpi-libgcrypt.c | 
|  | gnutls_certificate_type_get_name | 3 | 6 | 12 | lib/gnutls_algorithms.c | 
|  | wrap_gcry_mpi_addm | 3 | 6 | 14 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_mpi_powm | 3 | 6 | 14 | lib/mpi-libgcrypt.c | 
|  | _gnutls_handshake_buffer_get_ptr | 3 | 6 | 14 | lib/gnutls_buffers.c | 
|  | _gnutls_string_clear | 3 | 6 | 11 | lib/gnutls_str.c | 
|  | gnutls_pkcs12_bag_get_type | 3 | 6 | 13 | lib/x509/pkcs12_bag.c | 
|  | gnutls_x509_crq_deinit | 3 | 5 | 11 | lib/x509/crq.c | 
|  | gnutls_x509_crl_deinit | 3 | 5 | 11 | lib/x509/crl.c | 
|  | handle_set_digest | 3 | 5 | 9 | lib/opencdk/main.c | 
|  | _format_conv | 3 | 5 | 10 | lib/mpi-libgcrypt.c | 
|  | _gnutls_rnd_init | 3 | 5 | 14 | lib/random.c | 
|  | _gnutls_hmac_deinit | 3 | 5 | 13 | lib/gnutls_hash_int.c | 
|  | _gnutls_hmac | 3 | 5 | 13 | lib/gnutls_hash_int.c | 
|  | cdk_handle_set_keydb | 3 | 5 | 10 | lib/opencdk/main.c | 
|  | cdk_pk_get_nenc | 3 | 5 | 10 | lib/opencdk/pubkey.c | 
|  | cdk_pk_get_nsig | 3 | 5 | 10 | lib/opencdk/pubkey.c | 
|  | gnutls_pk_get_id | 3 | 5 | 10 | lib/gnutls_algorithms.c | 
|  | deinit_internal_params | 3 | 5 | 11 | lib/gnutls_state.c | 
|  | gnutls_pkcs7_deinit | 3 | 5 | 11 | lib/x509/pkcs7.c | 
|  | _gnutls_extension_list_add | 3 | 5 | 19 | lib/gnutls_extensions.c | 
|  | gnutls_pkcs12_deinit | 3 | 5 | 11 | lib/x509/pkcs12.c | 
|  | _gnutls_hash_deinit | 3 | 5 | 13 | lib/gnutls_hash_int.c | 
|  | gnutls_x509_crt_deinit | 3 | 5 | 11 | lib/x509/x509.c | 
|  | _gnutls_session_is_psk | 3 | 5 | 13 | lib/gnutls_state.c | 
|  | _gnutls_hash | 3 | 5 | 13 | lib/gnutls_hash_int.c | 
|  | gnutls_x509_crt_list_verify | 3 | 4 | 21 | lib/x509/verify.c | 
|  | _gnutls_mem_cpy | 3 | 4 | 17 | lib/gnutls_str.c | 
|  | _gnutls_version_get | 3 | 4 | 9 | lib/gnutls_algorithms.c | 
|  | _cdk_passphrase_get | 3 | 3 | 7 | lib/opencdk/main.c | 
|  | gnutls_check_version | 3 | 3 | 8 | lib/gnutls_global.c | 
|  | read_public_subkey | 3 | 3 | 7 | lib/opencdk/read-packet.c | 
|  | cdk_pk_get_nbits | 3 | 3 | 7 | lib/opencdk/pubkey.c | 
|  | _gnutls_x509_sign_tbs | 3 | 20 | 38 | lib/x509/sign.c | 
|  | cdk_stream_tmp_set_mode | 3 | 2 | 6 | lib/opencdk/stream.c | 
|  | _gnutls_calc_srp_sha | 3 | 18 | 35 | lib/gnutls_srp.c | 
|  | proc_dhe_client_kx | 3 | 18 | 35 | lib/auth_dhe.c | 
|  | proc_anon_client_kx | 3 | 18 | 35 | lib/auth_anon.c | 
|  | parse_der_cert_mem | 3 | 17 | 31 | lib/gnutls_x509.c | 
|  | cdk_handle_new | 3 | 17 | 32 | lib/opencdk/main.c | 
|  | _gnutls_compare_algo | 3 | 17 | 37 | lib/gnutls_algorithms.c | 
|  | read_pkcs12_kdf_params | 3 | 17 | 38 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_ssl3_hash_md5 | 3 | 16 | 33 | lib/gnutls_hash_int.c | 
|  | ssl3_md5 | 3 | 16 | 30 | lib/gnutls_hash_int.c | 
|  | ssl3_sha | 3 | 16 | 28 | lib/gnutls_hash_int.c | 
|  | cdk_stream_tmp_from_mem | 3 | 16 | 26 | lib/opencdk/stream.c | 
|  | dsa_sign | 3 | 16 | 32 | lib/x509/sign.c | 
|  | _gnutls_x509_write_attribute | 3 | 15 | 35 | lib/x509/dn.c | 
|  | filter_add | 3 | 15 | 23 | lib/opencdk/stream.c | 
|  | _gnutls_calc_srp_A | 3 | 15 | 26 | lib/gnutls_srp.c | 
|  | _cdk_free_signature | 3 | 15 | 24 | lib/opencdk/new-packet.c | 
|  | _decode_pkcs8_rsa_key | 3 | 14 | 27 | lib/x509/privkey_pkcs8.c | 
|  | _gnutls_x509_raw_cert_to_gcert | 3 | 14 | 28 | lib/gnutls_cert.c | 
|  | gnutls_dh_params_import_raw | 3 | 14 | 31 | lib/gnutls_dh_primes.c | 
|  | _parse_safe_contents | 3 | 14 | 32 | lib/x509/pkcs12.c | 
|  | _gnutls_recv_supplemental | 3 | 14 | 29 | lib/gnutls_handshake.c | 
|  | is_issuer | 3 | 14 | 30 | lib/x509/verify.c | 
|  | _gnutls_openpgp_get_raw_key_expiration_time | 3 | 14 | 27 | lib/openpgp/compat.c | 
|  | _gnutls_openpgp_get_raw_key_creation_time | 3 | 14 | 27 | lib/openpgp/compat.c | 
|  | write_pkcs12_kdf_params | 3 | 14 | 37 | lib/x509/privkey_pkcs8.c | 
|  | is_crl_issuer | 3 | 14 | 30 | lib/x509/verify.c | 
|  | keydb_cache_add | 3 | 13 | 22 | lib/opencdk/keydb.c | 
|  | _gnutls_x509_generalTime2gtime | 3 | 13 | 30 | lib/x509/common.c | 
|  | _gnutls_x509_utcTime2gtime | 3 | 13 | 25 | lib/x509/common.c | 
|  | gnutls_x509_crt_set_extension_by_oid | 3 | 13 | 30 | lib/x509/x509_write.c | 
|  | _cdk_stream_append | 3 | 13 | 25 | lib/opencdk/stream.c | 
|  | parse_crt_mem | 3 | 13 | 30 | lib/gnutls_x509.c | 
|  | _gnutls_send_supplemental | 3 | 13 | 29 | lib/gnutls_handshake.c | 
|  | _gnutls_hmac_fast | 3 | 13 | 25 | lib/gnutls_hash_int.c | 
|  | _gnutls_hash_fast | 3 | 13 | 25 | lib/gnutls_hash_int.c | 
|  | _gnutls_hash_copy | 3 | 13 | 25 | lib/gnutls_hash_int.c | 
|  | check_b_mod_n | 3 | 12 | 26 | lib/auth_srp.c | 
|  | gnutls_priority_set_direct | 3 | 12 | 26 | lib/gnutls_priority.c | 
|  | gnutls_x509_crt_get_signature_algorithm | 3 | 12 | 31 | lib/x509/x509.c | 
|  | _gnutls_x509_get_raw_crt_expiration_time | 3 | 12 | 23 | lib/gnutls_cert.c | 
|  | _cdk_copy_pk_to_sk | 3 | 12 | 18 | lib/opencdk/new-packet.c | 
|  | gnutls_pkcs12_bag_set_crl | 3 | 12 | 26 | lib/x509/pkcs12_bag.c | 
|  | _gnutls_x509_get_raw_crt_activation_time | 3 | 12 | 23 | lib/gnutls_cert.c | 
|  | gnutls_pkcs12_bag_set_crt | 3 | 12 | 25 | lib/x509/pkcs12_bag.c | 
|  | check_armor | 3 | 12 | 21 | lib/opencdk/armor.c | 
|  | gnutls_x509_crl_get_signature_algorithm | 3 | 12 | 32 | lib/x509/crl.c | 
|  | gnutls_openpgp_crt_set_preferred_key_id | 3 | 12 | 26 | lib/openpgp/pgp.c | 
|  | cdk_stream_set_compress_flag | 3 | 12 | 21 | lib/opencdk/stream.c | 
|  | gnutls_alert_send | 3 | 12 | 22 | lib/gnutls_alert.c | 
|  | gnutls_openpgp_privkey_set_preferred_key_id | 3 | 12 | 27 | lib/openpgp/privkey.c | 
|  | print_fingerprint | 3 | 12 | 22 | lib/x509/output.c | 
|  | _gnutls_x509_der_encode_and_copy | 3 | 12 | 30 | lib/x509/common.c | 
|  | check_a_mod_n | 3 | 12 | 25 | lib/auth_srp.c | 
|  | cdk_stream_getc | 3 | 11 | 20 | lib/opencdk/stream.c | 
|  | _randomize_psk | 3 | 11 | 23 | lib/auth_psk_passwd.c | 
|  | cdk_strlist_add | 3 | 11 | 17 | lib/opencdk/misc.c | 
|  | gnutls_x509_crt_get_serial | 3 | 11 | 25 | lib/x509/x509.c | 
|  | gnutls_x509_crt_init | 3 | 11 | 25 | lib/x509/x509.c | 
|  | gnutls_srp_base64_decode_alloc | 3 | 11 | 24 | lib/auth_srp_sb64.c | 
|  | gnutls_srp_base64_encode_alloc | 3 | 11 | 24 | lib/auth_srp_sb64.c | 
|  | _gnutls_string_append_printf | 3 | 11 | 20 | lib/gnutls_str.c | 
|  | stream_cache_flush | 3 | 11 | 22 | lib/opencdk/stream.c | 
|  | cdk_stream_set_text_flag | 3 | 11 | 20 | lib/opencdk/stream.c | 
|  | cdk_stream_set_armor_flag | 3 | 11 | 20 | lib/opencdk/stream.c | 
|  | gnutls_global_set_mem_functions | 3 | 11 | 31 | lib/gnutls_global.c | 
|  | _gnutls_handshake_io_write_flush | 3 | 10 | 21 | lib/gnutls_buffers.c | 
|  | gnutls_pem_base64_decode_alloc | 3 | 10 | 20 | lib/x509_b64.c | 
|  | gnutls_openpgp_privkey_get_subkey_idx | 3 | 10 | 23 | lib/openpgp/privkey.c | 
|  | gnutls_x509_crl_get_version | 3 | 10 | 23 | lib/x509/crl.c | 
|  | gnutls_pem_base64_encode_alloc | 3 | 10 | 19 | lib/x509_b64.c | 
|  | ucs2_to_ascii | 3 | 10 | 17 | lib/x509/pkcs12.c | 
|  | cdk_handle_set_keyring | 3 | 10 | 17 | lib/opencdk/main.c | 
|  | gnutls_rehandshake | 3 | 10 | 23 | lib/gnutls_handshake.c | 
|  | gnutls_record_set_max_size | 3 | 10 | 22 | lib/gnutls_record.c | 
|  | print_key_id | 3 | 10 | 20 | lib/openpgp/output.c | 
|  | cdk_stream_putc | 3 | 10 | 17 | lib/opencdk/stream.c | 
|  | gnutls_openpgp_crt_get_subkey_idx | 3 | 10 | 23 | lib/openpgp/pgp.c | 
|  | cdk_pkt_free | 14 | 22 | 46 | lib/opencdk/new-packet.c | 
|  | wrap_gcry_cipher_init | 11 | 23 | 68 | lib/cipher-libgcrypt.c | 
|  | wrap_gcry_hash_init | 10 | 24 | 43 | lib/mac-libgcrypt.c | 
|  | _gnutls_map_cdk_rc | 9 | 9 | 25 | lib/openpgp/gnutls_openpgp.c | 
|  | _pgp_hash_algo_to_gnutls | 9 | 10 | 26 | lib/opencdk/misc.c | 
|  | _gnutls_hash_algo_to_pgp | 9 | 10 | 26 | lib/opencdk/misc.c | 
|  | is_key_node | 8 | 3 | 20 | lib/opencdk/keydb.c | 
|  | _gnutls_get_digest_oid | 8 | 16 | 31 | lib/opencdk/seskey.c | 
|  | set_opaque | 7 | 13 | 28 | lib/opencdk/stream.c | 
|  | _gnutls_packet2str | 6 | 6 | 20 | lib/debug.c | 
|  | check_recv_type | 6 | 3 | 17 | lib/gnutls_record.c | 
|  | _cdk_pk_algo_usage | 6 | 13 | 28 | lib/opencdk/pubkey.c | 
|  | cdk_keydb_new | 5 | 7 | 23 | lib/opencdk/keydb.c | 
|  | bag_to_oid | 5 | 5 | 16 | lib/x509/pkcs12.c | 
|  | _gnutls_mre_record2num | 5 | 5 | 18 | lib/ext_max_record.c | 
|  | _gnutls_mre_num2record | 5 | 5 | 17 | lib/ext_max_record.c | 
|  | gnutls_pk_get_name | 4 | 8 | 23 | lib/gnutls_algorithms.c | 
|  | intmode_to_char | 4 | 5 | 17 | lib/opencdk/literal.c | 
|  | stream_id_to_filter | 4 | 4 | 17 | lib/opencdk/stream.c | 
|  | _gnutls_record_buffer_get_size | 4 | 4 | 18 | lib/gnutls_buffers.c | 
|  | _gnutls_gen_cert_server_certificate | 3 | 4 | 16 | lib/auth_cert.c | 
|  | _gnutls_proc_cert_server_certificate | 3 | 4 | 18 | lib/auth_cert.c | 
|  | get_padsize | 3 | 3 | 13 | lib/gnutls_hash_int.c | 
|  | _gnutls_cert_type2num | 3 | 3 | 14 | lib/ext_cert_type.c | 
|  | _gnutls_num2cert_type | 3 | 3 | 13 | lib/ext_cert_type.c | 
|  | _cdk_map_gnutls_error | 3 | 3 | 13 | lib/opencdk/misc.c | 
|  | _gnutls_check_supported_sign_algo | 3 | 3 | 13 | lib/auth_cert.c | 
|  | gnutls_openpgp_keyring_check_id | 2 | 9 | 20 | lib/openpgp/extras.c | 
|  | _gnutls_cal_PRF_A | 2 | 9 | 20 | lib/gnutls_state.c | 
|  | read_key_file | 2 | 9 | 19 | lib/gnutls_x509.c | 
|  | _pkcs12_bag_free_data | 2 | 9 | 15 | lib/x509/pkcs12_bag.c | 
|  | read_cert_file | 2 | 9 | 20 | lib/gnutls_x509.c | 
|  | _gnutls_m_compressed2plaintext | 2 | 9 | 22 | lib/gnutls_compress.c | 
|  | _gnutls_m_plaintext2compressed | 2 | 9 | 22 | lib/gnutls_compress.c | 
|  | mpi_buf2bits | 2 | 9 | 18 | lib/gnutls_ui.c | 
|  | _gnutls_tls_create_random | 2 | 9 | 24 | lib/gnutls_handshake.c | 
|  | gnutls_dh_params_generate2 | 2 | 9 | 18 | lib/gnutls_dh_primes.c | 
|  | print_key_fingerprint | 2 | 9 | 17 | lib/openpgp/output.c | 
|  | gnutls_x509_dn_import | 2 | 8 | 18 | lib/x509/dn.c | 
|  | gnutls_certificate_free_cas | 2 | 8 | 16 | lib/gnutls_cert.c | 
|  | _cdk_pkt_write_fp | 2 | 8 | 13 | lib/opencdk/write-packet.c | 
|  | _gnutls_x509_write_uint32 | 2 | 8 | 18 | lib/x509/mpi.c | 
|  | filter_add2 | 2 | 8 | 14 | lib/opencdk/stream.c | 
|  | _gnutls_log | 2 | 8 | 15 | lib/gnutls_errors.c | 
|  | _cdk_buftou32 | 2 | 8 | 13 | lib/opencdk/misc.c | 
|  | gnutls_global_deinit | 2 | 8 | 14 | lib/gnutls_global.c | 
|  | _cdk_s2k_copy | 2 | 8 | 14 | lib/opencdk/seskey.c | 
|  | gnutls_certificate_free_crls | 2 | 8 | 15 | lib/gnutls_x509.c | 
|  | _deregister | 2 | 8 | 16 | lib/crypto.c | 
|  | gnutls_openpgp_privkey_export_rsa_raw | 2 | 7 | 18 | lib/openpgp/privkey.c | 
|  | gnutls_x509_dn_init | 2 | 7 | 18 | lib/x509/dn.c | 
|  | calc_mpisize | 2 | 7 | 10 | lib/opencdk/write-packet.c | 
|  | _cdk_free_userid | 2 | 7 | 12 | lib/opencdk/new-packet.c | 
|  | gnutls_rsa_params_init | 2 | 7 | 16 | lib/gnutls_rsa_export.c | 
|  | read_16 | 2 | 7 | 13 | lib/opencdk/read-packet.c | 
|  | gnutls_certificate_verify_peers | 2 | 7 | 16 | lib/gnutls_cert.c | 
|  | gnutls_x509_crq_set_attribute_by_oid | 2 | 7 | 18 | lib/x509/crq.c | 
|  | gnutls_certificate_get_peers | 2 | 7 | 15 | lib/gnutls_ui.c | 
|  | read_32 | 2 | 7 | 13 | lib/opencdk/read-packet.c | 
|  | stream_read | 2 | 7 | 13 | lib/opencdk/write-packet.c | 
|  | gnutls_hex_encode | 2 | 7 | 17 | lib/gnutls_psk.c | 
|  | _gnutls_generate_session_id | 2 | 7 | 16 | lib/gnutls_handshake.c | 
|  | _gnutls_x509_sign_to_oid | 2 | 7 | 14 | lib/gnutls_algorithms.c | 
|  | gnutls_openpgp_crt_get_subkey_pk_dsa_raw | 2 | 7 | 20 | lib/openpgp/pgp.c | 
|  | gnutls_openpgp_crt_get_subkey_pk_rsa_raw | 2 | 7 | 18 | lib/openpgp/pgp.c | 
|  | gnutls_openpgp_crt_get_pk_dsa_raw | 2 | 7 | 17 | lib/openpgp/pgp.c | 
|  | gnutls_openpgp_crt_get_pk_rsa_raw | 2 | 7 | 16 | lib/openpgp/pgp.c | 
|  | _gnutls_cipher_suite_is_ok | 2 | 7 | 14 | lib/gnutls_algorithms.c | 
|  | _gnutls_dump_mpi | 2 | 7 | 13 | lib/debug.c | 
|  | gnutls_openpgp_privkey_export_subkey_dsa_raw | 2 | 7 | 21 | lib/openpgp/privkey.c | 
|  | gnutls_openpgp_privkey_export_subkey_rsa_raw | 2 | 7 | 22 | lib/openpgp/privkey.c | 
|  | gnutls_openpgp_privkey_export_dsa_raw | 2 | 7 | 18 | lib/openpgp/privkey.c | 
|  | gnutls_x509_crt_verify | 2 | 6 | 20 | lib/x509/verify.c | 
|  | _gnutls_kx_is_ok | 2 | 6 | 11 | lib/gnutls_algorithms.c | 
|  | _gnutls_datum_append_m | 2 | 6 | 15 | lib/gnutls_datum.c | 
|  | _gnutls_cipher_is_ok | 2 | 6 | 11 | lib/gnutls_algorithms.c | 
|  | _gnutls_strdup | 2 | 6 | 11 | lib/gnutls_mem.c | 
|  | _gnutls_send_empty_handshake | 2 | 6 | 14 | lib/gnutls_handshake.c | 
|  | disable_optional_stuff | 2 | 6 | 16 | lib/x509/x509_write.c | 
|  | _gnutls_io_write_flush | 2 | 6 | 14 | lib/gnutls_buffers.c | 
|  | _gnutls_mac_is_ok | 2 | 6 | 11 | lib/gnutls_algorithms.c | 
|  | cdk_strlist_free | 2 | 6 | 11 | lib/opencdk/misc.c | 
|  | free_pubkey_enc | 2 | 6 | 12 | lib/opencdk/new-packet.c | 
|  | gnutls_srp_server_get_username | 2 | 6 | 12 | lib/gnutls_srp.c | 
|  | keydb_cache_free | 2 | 6 | 13 | lib/opencdk/keydb.c | 
|  | _cdk_u32tobuf | 2 | 6 | 10 | lib/opencdk/misc.c | 
|  | wrap_gcry_mpi_scan | 2 | 6 | 13 | lib/mpi-libgcrypt.c | 
|  | gnutls_x509_privkey_init | 2 | 6 | 14 | lib/x509/privkey.c | 
|  | uid_list_free | 2 | 6 | 13 | lib/opencdk/sig-check.c | 
|  | cdk_kbnode_new | 2 | 6 | 11 | lib/opencdk/kbnode.c | 
|  | _gnutls_file_exists | 2 | 6 | 12 | lib/gnutls_helper.c | 
|  | gnutls_alert_send_appropriate | 2 | 6 | 14 | lib/gnutls_alert.c | 
|  | gnutls_certificate_allocate_credentials | 2 | 6 | 14 | lib/gnutls_cert.c | 
|  | _gnutls_compression_is_ok | 2 | 6 | 11 | lib/gnutls_compress.c | 
|  | wrap_gcry_cipher_encrypt | 2 | 6 | 13 | lib/cipher-libgcrypt.c | 
|  | wrap_gcry_cipher_decrypt | 2 | 6 | 13 | lib/cipher-libgcrypt.c | 
|  | gnutls_x509_crl_verify | 2 | 6 | 18 | lib/x509/verify.c | 
|  | _cdk_kbnode_add | 2 | 6 | 9 | lib/opencdk/kbnode.c | 
|  | _gnutls_x509_privkey_verify_signature | 2 | 5 | 16 | lib/x509/verify.c | 
|  | _gnutls_set_write_compression | 2 | 5 | 17 | lib/gnutls_constate.c | 
|  | _gnutls_set_read_compression | 2 | 5 | 17 | lib/gnutls_constate.c | 
|  | _gnutls_xor | 2 | 5 | 9 | lib/gnutls_state.c | 
|  | cdk_subpkt_init | 2 | 5 | 10 | lib/opencdk/new-packet.c | 
|  | gnutls_pk_params_release | 2 | 5 | 9 | lib/gnutls_pk.c | 
|  | cdk_subpkt_free | 2 | 5 | 12 | lib/opencdk/new-packet.c | 
|  | _gnutls_send_change_cipher_spec | 2 | 5 | 14 | lib/gnutls_record.c | 
|  | _gnutls_connection_state_init | 2 | 5 | 16 | lib/gnutls_constate.c | 
|  | gnutls_priority_set | 2 | 5 | 14 | lib/gnutls_priority.c | 
|  | oid2ldap_string | 2 | 5 | 12 | lib/x509/dn.c | 
|  | gnutls_hex_decode | 2 | 5 | 14 | lib/gnutls_psk.c | 
|  | gnutls_rsa_export_get_modulus_bits | 2 | 5 | 11 | lib/gnutls_ui.c | 
|  | stream_write | 2 | 5 | 10 | lib/opencdk/write-packet.c | 
|  | gnutls_psk_set_server_credentials_hint | 2 | 5 | 13 | lib/gnutls_psk.c | 
|  | _gnutls_send_hello | 2 | 5 | 17 | lib/gnutls_handshake.c | 
|  | gnutls_protocol_set_priority | 2 | 5 | 15 | lib/gnutls_priority.c | 
|  | _gnutls_mpi_scan_pgp | 2 | 5 | 13 | lib/gnutls_mpi.c | 
|  | _cdk_result_verify_new | 2 | 5 | 10 | lib/opencdk/verify.c | 
|  | _cdk_result_verify_free | 2 | 5 | 9 | lib/opencdk/verify.c | 
|  | gnutls_dh_params_deinit | 2 | 5 | 12 | lib/gnutls_dh_primes.c | 
|  | _gnutls_mpi_scan | 2 | 5 | 13 | lib/gnutls_mpi.c | 
|  | wrap_gcry_mpi_mod | 2 | 5 | 12 | lib/mpi-libgcrypt.c | 
|  | gnutls_x509_dn_export | 2 | 5 | 17 | lib/x509/dn.c | 
|  | _gnutls_session_is_export | 2 | 5 | 14 | lib/gnutls_state.c | 
|  | _gnutls_map_kx_get_kx | 2 | 5 | 15 | lib/gnutls_algorithms.c | 
|  | _gnutls_handshake_buffer_peek | 2 | 5 | 14 | lib/gnutls_buffers.c | 
|  | gnutls_dh_params_init | 2 | 5 | 14 | lib/gnutls_dh_primes.c | 
|  | pack_security_parameters | 2 | 48 | 102 | lib/gnutls_session_pack.c | 
|  | gnutls_kx_get_id | 2 | 4 | 9 | lib/gnutls_algorithms.c | 
|  | gnutls_cipher_get_id | 2 | 4 | 9 | lib/gnutls_algorithms.c | 
|  | gnutls_pkcs12_bag_deinit | 2 | 4 | 10 | lib/x509/pkcs12_bag.c | 
|  | gnutls_x509_crt_set_expiration_time | 2 | 4 | 11 | lib/x509/x509_write.c | 
|  | gnutls_x509_crt_set_activation_time | 2 | 4 | 13 | lib/x509/x509_write.c | 
|  | stream_get_mode | 2 | 4 | 9 | lib/opencdk/stream.c | 
|  | gnutls_mac_get_id | 2 | 4 | 9 | lib/gnutls_algorithms.c | 
|  | gnutls_x509_crq_get_attribute_by_oid | 2 | 4 | 14 | lib/x509/crq.c | 
|  | gnutls_x509_privkey_get_pk_algorithm | 2 | 4 | 11 | lib/x509/privkey.c | 
|  | gnutls_psk_allocate_client_credentials | 2 | 4 | 10 | lib/gnutls_psk.c | 
|  | gnutls_x509_crt_get_expiration_time | 2 | 4 | 12 | lib/x509/x509.c | 
|  | gnutls_x509_crl_export | 2 | 4 | 14 | lib/x509/crl.c | 
|  | stream_putc | 2 | 4 | 8 | lib/opencdk/write-packet.c | 
|  | gnutls_x509_crt_get_activation_time | 2 | 4 | 12 | lib/x509/x509.c | 
|  | gnutls_pkcs12_bag_init | 2 | 4 | 11 | lib/x509/pkcs12_bag.c | 
|  | gnutls_srp_allocate_server_credentials | 2 | 4 | 10 | lib/gnutls_srp.c | 
|  | gnutls_openpgp_keyring_init | 2 | 4 | 9 | lib/openpgp/extras.c | 
|  | gnutls_x509_crt_get_dn_oid | 2 | 4 | 14 | lib/x509/x509.c | 
|  | gnutls_openpgp_privkey_init | 2 | 4 | 9 | lib/openpgp/privkey.c | 
|  | wrap_gcry_rnd | 2 | 4 | 10 | lib/rnd-libgcrypt.c | 
|  | gnutls_openpgp_crt_init | 2 | 4 | 9 | lib/openpgp/pgp.c | 
|  | gnutls_x509_crq_get_challenge_password | 2 | 4 | 13 | lib/x509/crq.c | 
|  | gnutls_x509_crl_get_next_update | 2 | 4 | 11 | lib/x509/crl.c | 
|  | gnutls_x509_crt_get_dn_by_oid | 2 | 4 | 15 | lib/x509/x509.c | 
|  | gnutls_srp_allocate_client_credentials | 2 | 4 | 10 | lib/gnutls_srp.c | 
|  | gnutls_x509_crl_get_this_update | 2 | 4 | 11 | lib/x509/crl.c | 
|  | gnutls_x509_crt_get_dn | 2 | 4 | 14 | lib/x509/x509.c | 
|  | gnutls_x509_crt_get_issuer_dn_oid | 2 | 4 | 14 | lib/x509/x509.c | 
|  | gnutls_x509_crt_get_issuer_dn_by_oid | 2 | 4 | 16 | lib/x509/x509.c | 
|  | cdk_handle_set_passphrase_cb | 2 | 4 | 10 | lib/opencdk/main.c | 
|  | gnutls_crypto_single_digest_register2 | 2 | 4 | 13 | lib/crypto.c | 
|  | gnutls_pkcs12_export | 2 | 4 | 14 | lib/x509/pkcs12.c | 
|  | gnutls_x509_crt_get_issuer_dn | 2 | 4 | 14 | lib/x509/x509.c | 
|  | gnutls_x509_crq_get_dn_oid | 2 | 4 | 14 | lib/x509/crq.c | 
|  | cdk_pkt_release | 2 | 4 | 8 | lib/opencdk/new-packet.c | 
|  | gnutls_x509_crl_get_dn_oid | 2 | 4 | 14 | lib/x509/crl.c | 
|  | gnutls_crypto_single_mac_register2 | 2 | 4 | 13 | lib/crypto.c | 
|  | gnutls_x509_crt_get_verify_algorithm | 2 | 4 | 14 | lib/x509/x509.c | 
|  | cdk_kbnode_find_packet | 2 | 4 | 8 | lib/opencdk/kbnode.c | 
|  | gnutls_x509_crq_get_dn_by_oid | 2 | 4 | 15 | lib/x509/crq.c | 
|  | gnutls_x509_crl_get_issuer_dn_by_oid | 2 | 4 | 16 | lib/x509/crl.c | 
|  | gnutls_x509_crt_export | 2 | 4 | 14 | lib/x509/x509.c | 
|  | gnutls_x509_crq_get_dn | 2 | 4 | 13 | lib/x509/crq.c | 
|  | gnutls_sign_get_name | 2 | 4 | 9 | lib/gnutls_algorithms.c | 
|  | get_dn | 2 | 4 | 8 | lib/x509/x509.c | 
|  | gnutls_sign_get_id | 2 | 4 | 10 | lib/gnutls_algorithms.c | 
|  | gnutls_x509_crl_get_issuer_dn | 2 | 4 | 14 | lib/x509/crl.c | 
|  | gnutls_x509_crl_set_next_update | 2 | 4 | 10 | lib/x509/crl_write.c | 
|  | gnutls_psk_allocate_server_credentials | 2 | 4 | 10 | lib/gnutls_psk.c | 
|  | gnutls_crypto_single_cipher_register2 | 2 | 4 | 13 | lib/crypto.c | 
|  | gnutls_x509_crl_set_this_update | 2 | 4 | 11 | lib/x509/crl_write.c | 
|  | gnutls_compression_get_id | 2 | 4 | 12 | lib/gnutls_compress.c | 
|  | gnutls_certificate_set_x509_crl_mem | 2 | 4 | 12 | lib/gnutls_x509.c | 
|  | gnutls_pkcs12_bag_get_count | 2 | 4 | 11 | lib/x509/pkcs12_bag.c | 
|  | print_other | 2 | 4 | 10 | lib/x509/output.c | 
|  | _gnutls_mpi_release | 2 | 4 | 9 | lib/gnutls_mpi.c | 
|  | gnutls_x509_crq_export | 2 | 4 | 14 | lib/x509/crq.c | 
|  | gnutls_protocol_get_id | 2 | 4 | 9 | lib/gnutls_algorithms.c | 
|  | _gnutls_free_datum_m | 2 | 4 | 9 | lib/gnutls_datum.c | 
|  | gnutls_sign_callback_get | 2 | 3 | 7 | lib/gnutls_cert.c | 
|  | free_literal | 2 | 3 | 9 | lib/opencdk/new-packet.c | 
|  | cdk_stream_verify | 2 | 3 | 9 | lib/opencdk/verify.c | 
|  | _gnutls_rnd | 2 | 3 | 9 | lib/random.c | 
|  | _gnutls_write_datum8 | 2 | 3 | 7 | lib/gnutls_datum.c | 
|  | is_read_comp_null | 2 | 3 | 9 | lib/gnutls_cipher.c | 
|  | _gnutls_write_datum32 | 2 | 3 | 7 | lib/gnutls_datum.c | 
|  | _gnutls_rnd_deinit | 2 | 3 | 10 | lib/random.c | 
|  | _gnutls_generate_master | 2 | 3 | 7 | lib/gnutls_kx.c | 
|  | is_write_comp_null | 2 | 3 | 9 | lib/gnutls_cipher.c | 
|  | _gnutls_write_datum24 | 2 | 3 | 7 | lib/gnutls_datum.c | 
|  | gnutls_pkcs7_export | 2 | 3 | 11 | lib/x509/pkcs7.c | 
|  | stream_read | 2 | 3 | 6 | lib/opencdk/read-packet.c | 
|  | _gnutls_rsa_params_to_mpi | 2 | 3 | 10 | lib/gnutls_rsa_export.c | 
|  | cdk_pk_from_secret_key | 2 | 3 | 7 | lib/opencdk/pubkey.c | 
|  | cdk_kbnode_get_packet | 2 | 3 | 7 | lib/opencdk/kbnode.c | 
|  | _cdk_stream_set_compress_algo | 2 | 3 | 7 | lib/opencdk/stream.c | 
|  | cdk_stream_is_compressed | 2 | 3 | 7 | lib/opencdk/stream.c | 
|  | _gnutls_write_datum16 | 2 | 3 | 7 | lib/gnutls_datum.c | 
|  | _gnutls_pk_fixup | 2 | 3 | 6 | lib/gnutls_pk.h | 
|  | disable_optional_stuff | 2 | 3 | 11 | lib/x509/crl_write.c | 
|  | session_is_valid | 2 | 3 | 8 | lib/gnutls_record.c | 
|  | pkt_write_head | 2 | 3 | 7 | lib/opencdk/write-packet.c | 
|  | _gnutls_get_kx_cred | 2 | 3 | 9 | lib/gnutls_auth.c | 
|  | mac_deinit | 2 | 3 | 12 | lib/gnutls_cipher.c | 
|  | _gnutls_oprfi_send_params | 2 | 3 | 9 | lib/ext_oprfi.c | 
|  | gnutls_auth_get_type | 2 | 3 | 13 | lib/gnutls_auth.c | 
|  | _gnutls_oprfi_recv_params | 2 | 3 | 9 | lib/ext_oprfi.c | 
|  | cdk_kbnode_delete | 2 | 2 | 6 | lib/opencdk/kbnode.c | 
|  | _cdk_stream_get_errno | 2 | 2 | 5 | lib/opencdk/stream.c | 
|  | _cdk_kbnode_clone | 2 | 2 | 8 | lib/opencdk/kbnode.c | 
|  | _cdk_stream_get_fp | 2 | 2 | 5 | lib/opencdk/stream.c | 
|  | cdk_stream_eof | 2 | 2 | 5 | lib/opencdk/stream.c | 
|  | _cdk_free_mpibuf | 2 | 2 | 8 | lib/opencdk/new-packet.c | 
|  | _cdk_stream_get_blockmode | 2 | 2 | 5 | lib/opencdk/stream.c | 
|  | cdk_stream_tell | 2 | 2 | 5 | lib/opencdk/stream.c | 
|  | gnutls_ext_register | 2 | 13 | 27 | lib/gnutls_extensions.c | 
|  | _cdk_stream_fpopen | 2 | 13 | 22 | lib/opencdk/stream.c | 
|  | cdk_keydb_new_from_stream | 2 | 12 | 24 | lib/opencdk/keydb.c | 
|  | cdk_sk_release | 2 | 12 | 18 | lib/opencdk/new-packet.c | 
|  | _gnutls_x509_gtime2utcTime | 2 | 11 | 28 | lib/x509/common.c | 
|  | gnutls_certificate_set_x509_simple_pkcs12_file | 2 | 11 | 22 | lib/gnutls_x509.c | 
|  | oprfi_send_client | 2 | 11 | 20 | lib/ext_oprfi.c | 
|  | stream_fp_replace | 2 | 10 | 19 | lib/opencdk/stream.c | 
|  | overwrite_attribute | 2 | 10 | 22 | lib/x509/crq.c | 
|  | gnutls_openpgp_crt_print | 2 | 10 | 24 | lib/openpgp/output.c | 
|  | cdk_pk_release | 2 | 10 | 16 | lib/opencdk/new-packet.c | 
|  | print_keyid | 2 | 10 | 18 | lib/x509/output.c | 
|  | _gnutls_asn2err | 15 | 15 | 37 | lib/gnutls_errors.c | 
|  | _gnutls_handshake2str | 12 | 23 | 44 | lib/debug.c | 
|  | digest_length | 10 | 9 | 26 | lib/gnutls_hash_int.c | 
|  | _gnutls_cipher_to_pgp | 10 | 11 | 29 | lib/opencdk/misc.c | 
|  | _pgp_cipher_to_gnutls | 10 | 11 | 29 | lib/opencdk/misc.c | 
|  | resume_copy_required_values | 1 | 9 | 39 | lib/gnutls_handshake.c | 
|  | _gnutls_read_uint24 | 1 | 8 | 16 | lib/gnutls_num.c | 
|  | gnutls_x509_crl_print | 1 | 8 | 20 | lib/x509/output.c | 
|  | _gnutls_string_init | 1 | 6 | 14 | lib/gnutls_str.c | 
|  | write_32 | 1 | 6 | 11 | lib/opencdk/write-packet.c | 
|  | _gnutls_print_state | 1 | 6 | 16 | lib/debug.c | 
|  | gnutls_certificate_free_credentials | 1 | 6 | 16 | lib/gnutls_cert.c | 
|  | _gnutls_write_uint24 | 1 | 6 | 14 | lib/gnutls_num.c | 
|  | _gnutls_uint32touint24 | 1 | 5 | 11 | lib/gnutls_num.c | 
|  | _gnutls_uint24touint32 | 1 | 5 | 10 | lib/gnutls_num.c | 
|  | _gnutls_string_get_data | 1 | 5 | 13 | lib/gnutls_str.c | 
|  | _gnutls_selected_certs_set | 1 | 5 | 13 | lib/auth_cert.c | 
|  | write_16 | 1 | 4 | 9 | lib/opencdk/write-packet.c | 
|  | _gnutls_handshake_hash_buffers_clear | 1 | 4 | 8 | lib/gnutls_handshake.c | 
|  | _gnutls_free_dh_info | 1 | 4 | 8 | lib/auth_dh_common.c | 
|  | _gnutls_cpy_write_security_parameters | 1 | 4 | 10 | lib/gnutls_constate.c | 
|  | _gnutls_cpy_read_security_parameters | 1 | 4 | 10 | lib/gnutls_constate.c | 
|  | wrap_gcry_rnd_init | 1 | 4 | 10 | lib/rnd-libgcrypt.c | 
|  | _gnutls_db_remove_session | 1 | 4 | 11 | lib/gnutls_db.c | 
|  | _gnutls_uint64touint32 | 1 | 4 | 12 | lib/gnutls_num.c | 
|  | _cdk_stream_set_blockmode | 1 | 4 | 9 | lib/opencdk/stream.c | 
|  | cdk_stream_mmap | 1 | 4 | 10 | lib/opencdk/stream.c | 
|  | _gnutls_read_uint16 | 1 | 4 | 10 | lib/gnutls_num.c | 
|  | _gnutls_read_uint32 | 1 | 4 | 11 | lib/gnutls_num.c | 
|  | gnutls_prf_raw | 1 | 3 | 16 | lib/gnutls_state.c | 
|  | gnutls_kx_get_name | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | _gnutls_kx_auth_struct | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | gnutls_cipher_get_name | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_get_export_flag | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_get_iv_size | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | gnutls_cipher_get_key_size | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_is_block | 1 | 3 | 9 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_get_block_size | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | _gnutls_x509_mac_to_oid | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | gnutls_mac_get_key_size | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | gnutls_mac_get_name | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | gnutls_srp_free_server_credentials | 1 | 3 | 8 | lib/gnutls_srp.c | 
|  | gnutls_psk_free_client_credentials | 1 | 3 | 7 | lib/gnutls_psk.c | 
|  | gnutls_srp_free_client_credentials | 1 | 3 | 7 | lib/gnutls_srp.c | 
|  | _gnutls_x509_crq_get_mpis | 1 | 3 | 14 | lib/x509/mpi.c | 
|  | _gnutls_ext_deinit | 1 | 3 | 7 | lib/gnutls_extensions.c | 
|  | _gnutls_x509_crt_get_mpis | 1 | 3 | 14 | lib/x509/mpi.c | 
|  | calc_subpktsize | 1 | 3 | 9 | lib/opencdk/write-packet.c | 
|  | _gnutls_compression_get_id | 1 | 3 | 10 | lib/gnutls_compress.c | 
|  | get_comp_level | 1 | 3 | 8 | lib/gnutls_compress.c | 
|  | get_mem_level | 1 | 3 | 8 | lib/gnutls_compress.c | 
|  | get_wbits | 1 | 3 | 8 | lib/gnutls_compress.c | 
|  | _gnutls_compression_get_num | 1 | 3 | 10 | lib/gnutls_compress.c | 
|  | gnutls_sign_algorithm_get_name | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | _gnutls_crypto_deregister | 1 | 3 | 7 | lib/crypto.c | 
|  | gnutls_compression_get_name | 1 | 3 | 10 | lib/gnutls_compress.c | 
|  | _gnutls_cipher_suite_get_name | 1 | 3 | 10 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_suite_get_mac_algo | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_suite_get_kx_algo | 1 | 3 | 9 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_suite_get_version | 1 | 3 | 7 | lib/gnutls_algorithms.c | 
|  | _gnutls_cipher_suite_get_cipher_algo | 1 | 3 | 7 | lib/gnutls_algorithms.c | 
|  | _gnutls_version_get_major | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | _gnutls_handshake_buffer_clear | 1 | 3 | 10 | lib/gnutls_buffers.c | 
|  | _gnutls_version_get_minor | 1 | 3 | 8 | lib/gnutls_algorithms.c | 
|  | stream_flush | 1 | 3 | 10 | lib/opencdk/stream.c | 
|  | _gnutls_handshake_buffer_empty | 1 | 3 | 10 | lib/gnutls_buffers.c | 
|  | gnutls_protocol_get_name | 1 | 3 | 9 | lib/gnutls_algorithms.c | 
|  | _gnutls_kx_needs_dh_params | 1 | 3 | 7 | lib/gnutls_algorithms.c | 
|  | _gnutls_kx_needs_rsa_params | 1 | 3 | 7 | lib/gnutls_algorithms.c | 
|  | gnutls_anon_allocate_client_credentials | 1 | 2 | 11 | lib/gnutls_anon_cred.c | 
|  | gnutls_sign_callback_set | 1 | 2 | 7 | lib/gnutls_cert.c | 
|  | wrap_gcry_md_write | 1 | 2 | 6 | lib/mac-libgcrypt.c | 
|  | _gnutls_record_set_default_version | 1 | 2 | 7 | lib/gnutls_state.c | 
|  | gnutls_certificate_set_verify_limits | 1 | 2 | 8 | lib/gnutls_ui.c | 
|  | gnutls_anon_allocate_server_credentials | 1 | 2 | 9 | lib/gnutls_anon_cred.c | 
|  | gnutls_oprfi_enable_server | 1 | 2 | 7 | lib/ext_oprfi.c | 
|  | gnutls_oprfi_enable_client | 1 | 2 | 7 | lib/ext_oprfi.c | 
|  | gnutls_certificate_type_set_priority | 1 | 2 | 13 | lib/gnutls_priority.c | 
|  | gnutls_pk_list | 1 | 2 | 11 | lib/gnutls_algorithms.c | 
|  | _gnutls_free_rsa_info | 1 | 2 | 6 | lib/auth_cert.c | 
|  | _gnutls_conv_uint16 | 1 | 2 | 9 | lib/gnutls_num.c | 
|  | _gnutls_kx_encipher_type | 1 | 2 | 7 | lib/gnutls_algorithms.c | 
|  | _gnutls_map_pk_get_pk | 1 | 2 | 7 | lib/gnutls_algorithms.c | 
|  | gnutls_transport_get_ptr2 | 1 | 2 | 9 | lib/gnutls_record.c | 
|  | _gnutls_conv_uint32 | 1 | 2 | 9 | lib/gnutls_num.c | 
|  | gnutls_psk_free_server_credentials | 1 | 2 | 6 | lib/gnutls_psk.c | 
|  | _gnutls_write_uint16 | 1 | 2 | 9 | lib/gnutls_num.c | 
|  | gnutls_certificate_get_x509_crls | 1 | 2 | 8 | lib/gnutls_cert.c | 
|  | gnutls_x509_crt_get_ca_status | 1 | 2 | 7 | lib/x509/x509.c | 
|  | gnutls_transport_set_ptr2 | 1 | 2 | 8 | lib/gnutls_record.c | 
|  | _gnutls_write_uint32 | 1 | 2 | 9 | lib/gnutls_num.c | 
|  | _gnutls_rsa_pms_set_version | 1 | 2 | 7 | lib/gnutls_state.c | 
|  | gnutls_certificate_get_x509_cas | 1 | 2 | 8 | lib/gnutls_cert.c | 
|  | gnutls_transport_set_ptr | 1 | 2 | 7 | lib/gnutls_record.c | 
|  | wrap_gcry_cipher_setiv | 1 | 2 | 6 | lib/cipher-libgcrypt.c | 
|  | wrap_gcry_cipher_setkey | 1 | 2 | 6 | lib/cipher-libgcrypt.c | 
|  | _gnutls_handshake_internal_state_clear | 1 | 14 | 28 | lib/gnutls_state.c | 
|  | _gnutls_set_write_keys | 1 | 12 | 20 | lib/gnutls_constate.c | 
|  | _gnutls_set_read_keys | 1 | 12 | 20 | lib/gnutls_constate.c | 
|  | gnutls_x509_crq_print | 1 | 10 | 24 | lib/x509/output.c | 
|  | gnutls_kx_list | 1 | 1 | 5 | lib/gnutls_algorithms.c | 
|  | gnutls_record_disable_padding | 1 | 1 | 5 | lib/gnutls_record.c | 
|  | _gnutls_hash_get_algo_len | 1 | 1 | 5 | lib/gnutls_hash_int.c | 
|  | wrap_gcry_mpi_cmp_ui | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | wrap_gcry_md_close | 1 | 1 | 5 | lib/mac-libgcrypt.c | 
|  | gnutls_transport_set_errno | 1 | 1 | 5 | lib/gnutls_buffers.c | 
|  | _cdk_proc_packets | 1 | 1 | 7 | lib/opencdk/dummy.c | 
|  | gnutls_x509_crt_set_crl_dist_points | 1 | 1 | 10 | lib/x509/x509_write.c | 
|  | gnutls_cipher_list | 1 | 1 | 5 | lib/gnutls_algorithms.c | 
|  | wrap_gcry_mpi_cmp | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_db_set_store_function | 1 | 1 | 6 | lib/gnutls_db.c | 
|  | gnutls_certificate_type_get | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | wrap_gcry_md_copy | 1 | 1 | 5 | lib/mac-libgcrypt.c | 
|  | gnutls_global_set_log_level | 1 | 1 | 5 | lib/gnutls_global.c | 
|  | wrap_gcry_mpi_new | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_set_default_export_priority | 1 | 1 | 5 | lib/gnutls_priority.c | 
|  | _gnutls_x509_export_int | 1 | 1 | 11 | lib/x509/common.c | 
|  | gnutls_transport_set_lowat | 1 | 1 | 5 | lib/gnutls_record.c | 
|  | gnutls_set_default_priority | 1 | 1 | 5 | lib/gnutls_priority.c | 
|  | gnutls_x509_crt_sign | 1 | 1 | 6 | lib/x509/x509_write.c | 
|  | gnutls_srp_set_prime_bits | 1 | 1 | 5 | lib/gnutls_srp.c | 
|  | gnutls_handshake_set_private_extensions | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | wrap_gcry_md_setkey | 1 | 1 | 5 | lib/mac-libgcrypt.c | 
|  | gnutls_mac_list | 1 | 1 | 5 | lib/gnutls_algorithms.c | 
|  | gnutls_cipher_get | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_openpgp_set_recv_key_function | 1 | 1 | 6 | lib/openpgp/gnutls_openpgp.c | 
|  | gnutls_anon_set_params_function | 1 | 1 | 6 | lib/gnutls_ui.c | 
|  | _gnutls_openpgp_send_fingerprint | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_db_set_remove_function | 1 | 1 | 6 | lib/gnutls_db.c | 
|  | gnutls_certificate_send_x509_rdn_sequence | 1 | 1 | 6 | lib/gnutls_state.c | 
|  | gnutls_psk_set_params_function | 1 | 1 | 6 | lib/gnutls_ui.c | 
|  | gnutls_priority_deinit | 1 | 1 | 5 | lib/gnutls_priority.c | 
|  | gnutls_global_set_log_function | 1 | 1 | 5 | lib/gnutls_global.c | 
|  | gnutls_certificate_set_rsa_export_params | 1 | 1 | 6 | lib/gnutls_ui.c | 
|  | gnutls_openpgp_send_cert | 1 | 1 | 6 | lib/gnutls_state.c | 
|  | cdk_stream_open | 1 | 1 | 5 | lib/opencdk/stream.c | 
|  | gnutls_rsa_params_import_raw | 1 | 1 | 11 | lib/gnutls_rsa_export.c | 
|  | gnutls_certificate_set_verify_flags | 1 | 1 | 6 | lib/gnutls_ui.c | 
|  | gnutls_srp_set_client_credentials_function | 1 | 1 | 8 | lib/gnutls_srp.c | 
|  | gnutls_certificate_set_params_function | 1 | 1 | 6 | lib/gnutls_ui.c | 
|  | _gnutls_set_current_version | 1 | 1 | 6 | lib/gnutls_record.c | 
|  | gnutls_certificate_set_dh_params | 1 | 1 | 6 | lib/gnutls_ui.c | 
|  | gnutls_pk_params_init | 1 | 1 | 5 | lib/gnutls_pk.c | 
|  | gnutls_srp_set_server_credentials_function | 1 | 1 | 8 | lib/gnutls_srp.c | 
|  | gnutls_dh_set_prime_bits | 1 | 1 | 5 | lib/gnutls_ui.c | 
|  | _gnutls_dsa_generate_params | 1 | 1 | 6 | lib/gnutls_pk.c | 
|  | _gnutls_session_cert_type_set | 1 | 1 | 6 | lib/gnutls_state.c | 
|  | cdk_subpkt_find | 1 | 1 | 5 | lib/opencdk/new-packet.c | 
|  | _gnutls_rsa_generate_params | 1 | 1 | 6 | lib/gnutls_pk.c | 
|  | gnutls_protocol_get_version | 1 | 1 | 5 | lib/gnutls_record.c | 
|  | gnutls_certificate_client_get_request_status | 1 | 1 | 5 | lib/gnutls_ui.c | 
|  | gnutls_db_set_retrieve_function | 1 | 1 | 6 | lib/gnutls_db.c | 
|  | _gnutls_x509_crl_set_extension | 1 | 1 | 9 | lib/x509/extensions.c | 
|  | _gnutls_x509_crt_set_extension | 1 | 1 | 9 | lib/x509/extensions.c | 
|  | _cdk_armor_get_lineend | 1 | 1 | 5 | lib/opencdk/armor.c | 
|  | gnutls_x509_crt_set_ca_status | 1 | 1 | 5 | lib/x509/x509_write.c | 
|  | gnutls_psk_set_server_params_function | 1 | 1 | 6 | lib/gnutls_psk.c | 
|  | _gnutls_null_log | 1 | 1 | 5 | lib/gnutls_errors.c | 
|  | _gnutls_dh_get_allowed_prime_bits | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_psk_set_server_dh_params | 1 | 1 | 6 | lib/gnutls_psk.c | 
|  | gnutls_anon_free_server_credentials | 1 | 1 | 6 | lib/gnutls_anon_cred.c | 
|  | _gnutls_io_clear_read_buffer | 1 | 1 | 5 | lib/gnutls_buffers.c | 
|  | gnutls_certificate_server_set_retrieve_function | 1 | 1 | 6 | lib/gnutls_cert.c | 
|  | gnutls_certificate_client_set_retrieve_function | 1 | 1 | 6 | lib/gnutls_cert.c | 
|  | gnutls_x509_crt_check_issuer | 1 | 1 | 6 | lib/x509/verify.c | 
|  | _gnutls_is_secure_mem_null | 1 | 1 | 5 | lib/gnutls_mem.c | 
|  | gnutls_db_remove_session | 1 | 1 | 7 | lib/gnutls_db.c | 
|  | gnutls_certificate_server_set_request | 1 | 1 | 6 | lib/gnutls_cert.c | 
|  | _gnutls_session_is_resumable | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | cdk_handle_verify_get_result | 1 | 1 | 5 | lib/opencdk/main.c | 
|  | _gnutls_calc_srp_x | 1 | 1 | 8 | lib/gnutls_srp.c | 
|  | gnutls_hex2bin | 1 | 1 | 6 | lib/gnutls_str.c | 
|  | gnutls_transport_set_push_function | 1 | 1 | 6 | lib/gnutls_global.c | 
|  | gnutls_certificate_set_openpgp_key_file | 1 | 1 | 9 | lib/openpgp/gnutls_openpgp.c | 
|  | gnutls_perror | 1 | 1 | 5 | lib/gnutls_errors.c | 
|  | gnutls_handshake_get_last_out | 1 | 1 | 5 | lib/gnutls_handshake.c | 
|  | gnutls_alert_get | 1 | 1 | 5 | lib/gnutls_alert.c | 
|  | _gnutls_get_crypto_digest | 1 | 1 | 5 | lib/crypto.c | 
|  | gnutls_handshake_get_last_in | 1 | 1 | 5 | lib/gnutls_handshake.c | 
|  | _gnutls_get_adv_version | 1 | 1 | 6 | lib/gnutls_handshake.c | 
|  | _gnutls_set_adv_version | 1 | 1 | 6 | lib/gnutls_handshake.c | 
|  | gnutls_handshake_set_max_packet_length | 1 | 1 | 5 | lib/gnutls_handshake.c | 
|  | gnutls_psk_set_client_credentials_function | 1 | 1 | 8 | lib/gnutls_psk.c | 
|  | wrap_gcry_prime_check | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_transport_set_pull_function | 1 | 1 | 6 | lib/gnutls_global.c | 
|  | _gnutls_x509_crl_get_extension_oid | 1 | 1 | 7 | lib/x509/extensions.c | 
|  | gnutls_certificate_set_openpgp_key_mem | 1 | 1 | 9 | lib/openpgp/gnutls_openpgp.c | 
|  | _gnutls_get_auth_info | 1 | 1 | 5 | lib/gnutls_auth.c | 
|  | _gnutls_x509_crt_get_extension_oid | 1 | 1 | 7 | lib/x509/extensions.c | 
|  | session_unresumable | 1 | 1 | 5 | lib/gnutls_record.c | 
|  | session_invalidate | 1 | 1 | 5 | lib/gnutls_record.c | 
|  | gnutls_psk_set_server_credentials_function | 1 | 1 | 8 | lib/gnutls_psk.c | 
|  | cdk_stream_tmp_new | 1 | 1 | 5 | lib/opencdk/stream.c | 
|  | _gnutls_get_crypto_mac | 1 | 1 | 5 | lib/crypto.c | 
|  | _cdk_keydb_is_secret | 1 | 1 | 5 | lib/opencdk/keydb.c | 
|  | cdk_s2k_free | 1 | 1 | 5 | lib/opencdk/seskey.c | 
|  | _cdk_tmpfile | 1 | 1 | 5 | lib/opencdk/misc.c | 
|  | gnutls_openpgp_crt_export | 1 | 1 | 8 | lib/openpgp/pgp.c | 
|  | gnutls_auth_client_get_type | 1 | 1 | 8 | lib/gnutls_auth.c | 
|  | _gnutls_string_append_str | 1 | 1 | 5 | lib/gnutls_str.c | 
|  | _gnutls_hmac_get_algo_len | 1 | 1 | 5 | lib/gnutls_hash_int.c | 
|  | gnutls_record_check_pending | 1 | 1 | 5 | lib/gnutls_buffers.c | 
|  | _gnutls_x509_read_dsa_pubkey | 1 | 1 | 5 | lib/x509/mpi.c | 
|  | gnutls_auth_server_get_type | 1 | 1 | 8 | lib/gnutls_auth.c | 
|  | gnutls_rsa_params_export_pkcs1 | 1 | 1 | 9 | lib/gnutls_rsa_export.c | 
|  | gnutls_certificate_free_ca_names | 1 | 1 | 5 | lib/gnutls_cert.c | 
|  | gnutls_x509_crt_get_issuer | 1 | 1 | 5 | lib/x509/x509.c | 
|  | gnutls_x509_crt_get_subject | 1 | 1 | 5 | lib/x509/x509.c | 
|  | gnutls_x509_crt_get_raw_dn | 1 | 1 | 5 | lib/x509/x509.c | 
|  | gnutls_x509_crt_get_raw_issuer_dn | 1 | 1 | 6 | lib/x509/x509.c | 
|  | _gnutls_get_crypto_cipher | 1 | 1 | 5 | lib/crypto.c | 
|  | gnutls_sign_list | 1 | 1 | 5 | lib/gnutls_algorithms.c | 
|  | _gnutls_x509_crl_get_extension | 1 | 1 | 8 | lib/x509/extensions.c | 
|  | gnutls_openpgp_privkey_export | 1 | 1 | 10 | lib/openpgp/privkey.c | 
|  | gnutls_compression_list | 1 | 1 | 5 | lib/gnutls_compress.c | 
|  | gnutls_x509_crq_get_subject_alt_othername_oid | 1 | 1 | 7 | lib/x509/crq.c | 
|  | gnutls_x509_crq_get_subject_alt_name | 1 | 1 | 10 | lib/x509/crq.c | 
|  | gnutls_certificate_type_list | 1 | 1 | 5 | lib/gnutls_algorithms.c | 
|  | _gnutls_x509_crt_get_extension | 1 | 1 | 8 | lib/x509/extensions.c | 
|  | gnutls_rsa_params_import_pkcs1 | 1 | 1 | 7 | lib/gnutls_rsa_export.c | 
|  | gnutls_certificate_get_openpgp_keyring | 1 | 1 | 6 | lib/gnutls_cert.c | 
|  | _cdk_stream_puts | 1 | 1 | 5 | lib/opencdk/stream.c | 
|  | gnutls_transport_get_ptr | 1 | 1 | 5 | lib/gnutls_record.c | 
|  | gnutls_compression_set_priority | 1 | 1 | 5 | lib/gnutls_priority.c | 
|  | wrap_gcry_cipher_close | 1 | 1 | 5 | lib/cipher-libgcrypt.c | 
|  | gnutls_rsa_params_generate2 | 1 | 1 | 5 | lib/gnutls_rsa_export.c | 
|  | gnutls_x509_crl_sign | 1 | 1 | 6 | lib/x509/crl_write.c | 
|  | gnutls_session_enable_compatibility_mode | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_compression_get | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_db_set_cache_expiration | 1 | 1 | 5 | lib/gnutls_db.c | 
|  | gnutls_handshake_set_post_client_hello_function | 1 | 1 | 6 | lib/gnutls_state.c | 
|  | _gnutls_set_client_random | 1 | 1 | 6 | lib/gnutls_handshake.c | 
|  | gnutls_anon_set_server_params_function | 1 | 1 | 6 | lib/gnutls_anon_cred.c | 
|  | gnutls_x509_crt_get_subject_alt_othername_oid | 1 | 1 | 7 | lib/x509/x509.c | 
|  | gnutls_record_get_direction | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_session_set_ptr | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_rsa_params_cpy | 1 | 1 | 5 | lib/gnutls_rsa_export.c | 
|  | gnutls_mac_set_priority | 1 | 1 | 5 | lib/gnutls_priority.c | 
|  | gnutls_x509_crt_get_subject_alt_name2 | 1 | 1 | 10 | lib/x509/x509.c | 
|  | gnutls_session_get_ptr | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | _gnutls_set_server_random | 1 | 1 | 6 | lib/gnutls_handshake.c | 
|  | gnutls_x509_crt_get_subject_alt_name | 1 | 1 | 8 | lib/x509/x509.c | 
|  | wrap_gcry_mpi_release | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_db_get_ptr | 1 | 1 | 5 | lib/gnutls_db.c | 
|  | gnutls_record_get_max_size | 1 | 1 | 8 | lib/gnutls_record.c | 
|  | gnutls_mac_get | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_transport_set_global_errno | 1 | 1 | 5 | lib/gnutls_buffers.c | 
|  | gnutls_record_recv | 1 | 1 | 6 | lib/gnutls_record.c | 
|  | gnutls_anon_set_server_dh_params | 1 | 1 | 6 | lib/gnutls_anon_cred.c | 
|  | gnutls_session_set_finished_function | 1 | 1 | 6 | lib/gnutls_state.c | 
|  | gnutls_record_send | 1 | 1 | 7 | lib/gnutls_record.c | 
|  | wrap_gcry_mpi_get_nbits | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_protocol_list | 1 | 1 | 5 | lib/gnutls_algorithms.c | 
|  | gnutls_session_get_master_secret | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_x509_crq_sign | 1 | 1 | 5 | lib/x509/crq.c | 
|  | gnutls_session_get_server_random | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_rsa_params_deinit | 1 | 1 | 5 | lib/gnutls_rsa_export.c | 
|  | _gnutls_handshake_buffer_get_size | 1 | 1 | 6 | lib/gnutls_buffers.c | 
|  | gnutls_session_get_client_random | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | wrap_gcry_mpi_set_ui | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_kx_set_priority | 1 | 1 | 5 | lib/gnutls_priority.c | 
|  | gnutls_db_set_ptr | 1 | 1 | 5 | lib/gnutls_db.c | 
|  | gnutls_kx_get | 1 | 1 | 5 | lib/gnutls_state.c | 
|  | gnutls_x509_crl_check_issuer | 1 | 1 | 6 | lib/x509/verify.c | 
|  | gnutls_x509_dn_deinit | 1 | 1 | 5 | lib/x509/dn.c | 
|  | wrap_gcry_mpi_set | 1 | 1 | 5 | lib/mpi-libgcrypt.c | 
|  | gnutls_anon_free_client_credentials | 1 | 0 | 4 | lib/gnutls_anon_cred.c | 
|  | gnutls_free | 1 | 0 | 4 | lib/gnutls_mem.c |