diff --git a/lib/hx509/cert.c b/lib/hx509/cert.c index 035b678f2..89eea47c1 100644 --- a/lib/hx509/cert.c +++ b/lib/hx509/cert.c @@ -138,7 +138,7 @@ hx509_context_init(hx509_context *context) /** * Selects if the hx509_revoke_verify() function is going to require - * the existans of a revokation method (OSCP, CRL) or not. Note that + * the existans of a revokation method (OCSP, CRL) or not. Note that * hx509_verify_path(), hx509_cms_verify_signed(), and other function * call hx509_revoke_verify(). * diff --git a/lib/hx509/file.c b/lib/hx509/file.c index b076b74f4..c8f0e9a64 100644 --- a/lib/hx509/file.c +++ b/lib/hx509/file.c @@ -35,13 +35,13 @@ RCSID("$ID$"); int -_hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) +_hx509_map_file_os(const char *fn, heim_octet_string *os) { size_t length; void *data; int ret; - ret = _hx509_map_file(fn, &data, &length, rsb); + ret = rk_undumpdata(fn, &data, &length); os->data = data; os->length = length; @@ -52,86 +52,13 @@ _hx509_map_file_os(const char *fn, heim_octet_string *os, struct stat *rsb) void _hx509_unmap_file_os(heim_octet_string *os) { - _hx509_unmap_file(os->data, os->length); -} - -int -_hx509_map_file(const char *fn, void **data, size_t *length, struct stat *rsb) -{ - struct stat sb; - size_t len; - ssize_t l; - int ret; - void *d; - int fd; - - *data = NULL; - *length = 0; - - fd = open(fn, O_RDONLY); - if (fd < 0) - return errno; - - if (fstat(fd, &sb) < 0) { - ret = errno; - close(fd); - return ret; - } - - len = sb.st_size; - - d = malloc(len); - if (d == NULL) { - close(fd); - return ENOMEM; - } - - l = read(fd, d, len); - close(fd); - if (l < 0 || l != len) { - free(d); - return EINVAL; - } - - if (rsb) - *rsb = sb; - *data = d; - *length = len; - return 0; -} - -void -_hx509_unmap_file(void *data, size_t len) -{ - free(data); + rk_xfree(os->data); } int _hx509_write_file(const char *fn, const void *data, size_t length) { - ssize_t sz; - const unsigned char *p = data; - int fd; - - fd = open(fn, O_WRONLY|O_TRUNC|O_CREAT, 0644); - if (fd < 0) - return errno; - - do { - sz = write(fd, p, length); - if (sz < 0) { - int saved_errno = errno; - close(fd); - return saved_errno; - } - if (sz == 0) - break; - length -= sz; - } while (length > 0); - - if (close(fd) == -1) - return errno; - + rk_dumpdata(fn, data, length); return 0; } diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index 8bfaf2998..6e52ec63d 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -207,7 +207,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) if (ret) errx(1, "PEM reader failed: %d", ret); } else { - ret = _hx509_map_file(argv[0], &p, &sz, NULL); + ret = rk_undumpdata(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); @@ -216,7 +216,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) } if (opt->signed_content_string) { - ret = _hx509_map_file_os(opt->signed_content_string, &signeddata, NULL); + ret = _hx509_map_file_os(opt->signed_content_string, &signeddata); if (ret) errx(1, "map_file: %s: %d", opt->signed_content_string, ret); sd = &signeddata; @@ -272,7 +272,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) if (opt->pem_flag) der_free_octet_string(&co); else - _hx509_unmap_file(p, sz); + rk_xfree(p); if (sd) _hx509_unmap_file_os(sd); @@ -335,7 +335,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) if (ret) hx509_err(context, 1, ret, "hx509_certs_find"); - ret = _hx509_map_file(argv[0], &p, &sz, NULL); + ret = rk_undumpdata(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); @@ -376,7 +376,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv) hx509_certs_free(&pool); hx509_cert_free(cert); hx509_certs_free(&store); - _hx509_unmap_file(p, sz); + rk_xfree(p); hx509_lock_free(lock); hx509_peer_info_free(peer); der_free_oid(&contentType); @@ -438,7 +438,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - ret = _hx509_map_file(argv[0], &p, &sz, NULL); + ret = rk_undumpdata(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); @@ -473,7 +473,7 @@ cms_unenvelope(struct cms_unenvelope_options *opt, int argc, char **argv) if (ret) hx509_err(context, 1, ret, "hx509_cms_unenvelope"); - _hx509_unmap_file(p, sz); + rk_xfree(p); hx509_lock_free(lock); hx509_certs_free(&certs); der_free_oid(&contentType); @@ -506,7 +506,7 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) hx509_lock_init(context, &lock); lock_strings(lock, &opt->pass_strings); - ret = _hx509_map_file(argv[0], &p, &sz, NULL); + ret = rk_undumpdata(argv[0], &p, &sz); if (ret) err(1, "map_file: %s: %d", argv[0], ret); @@ -541,7 +541,7 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv) hx509_cert_free(cert); hx509_certs_free(&certs); - _hx509_unmap_file(p, sz); + rk_xfree(p); der_free_oid(&contentType); if (opt->content_info_flag) { @@ -1075,7 +1075,7 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv) if (opt->ocsp_file_string == NULL) errx(1, "no ocsp file given"); - ret = _hx509_map_file(opt->ocsp_file_string, &os.data, &os.length, NULL); + ret = _hx509_map_file_os(opt->ocsp_file_string, &os); if (ret) err(1, "map_file: %s: %d", argv[0], ret); @@ -1090,7 +1090,7 @@ ocsp_verify(struct ocsp_verify_options *opt, int argc, char **argv) ret = hx509_certs_iter(context, certs, verify_o, &os); hx509_certs_free(&certs); - _hx509_unmap_file(os.data, os.length); + _hx509_unmap_file_os(&os); hx509_lock_free(lock); return ret; diff --git a/lib/hx509/ks_file.c b/lib/hx509/ks_file.c index 3fa48b6a6..6f1ab388b 100644 --- a/lib/hx509/ks_file.c +++ b/lib/hx509/ks_file.c @@ -401,7 +401,7 @@ file_init_common(hx509_context context, void *ptr; int i; - ret = _hx509_map_file(p, &ptr, &length, NULL); + ret = rk_undumpdata(p, &ptr, &length); if (ret) { hx509_clear_error_string(context); goto out; @@ -412,7 +412,7 @@ file_init_common(hx509_context context, if (ret == 0) break; } - _hx509_unmap_file(ptr, length); + rk_xfree(ptr); if (ret) goto out; } diff --git a/lib/hx509/ks_p12.c b/lib/hx509/ks_p12.c index 541b0e965..53590c768 100644 --- a/lib/hx509/ks_p12.c +++ b/lib/hx509/ks_p12.c @@ -362,14 +362,14 @@ p12_init(hx509_context context, goto out; } - ret = _hx509_map_file(residue, &buf, &len, NULL); + ret = rk_undumpdata(residue, &buf, &len); if (ret) { hx509_clear_error_string(context); goto out; } ret = decode_PKCS12_PFX(buf, len, &pfx, NULL); - _hx509_unmap_file(buf, len); + rk_xfree(buf); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to decode the PFX in %s", residue); diff --git a/lib/hx509/req.c b/lib/hx509/req.c index cb63e2643..1ffa0a53c 100644 --- a/lib/hx509/req.c +++ b/lib/hx509/req.c @@ -257,14 +257,14 @@ _hx509_request_parse(hx509_context context, /* XXX PEM request */ - ret = _hx509_map_file(path, &p, &len, NULL); + ret = rk_undumpdata(path, &p, &len); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to map file %s", path); return ret; } ret = decode_CertificationRequest(p, len, &r, &size); - _hx509_unmap_file(p, len); + rk_xfree(p); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to decode %s", path); return ret; diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c index 624ef5424..1094dd944 100644 --- a/lib/hx509/revoke.c +++ b/lib/hx509/revoke.c @@ -218,7 +218,7 @@ verify_ocsp(hx509_context context, ret = _hx509_cert_is_parent_cmp(s, p, 0); if (ret != 0) { ret = HX509_PARENT_NOT_CA; - hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is " + hx509_set_error_string(context, 0, ret, "Revoke OCSP signer is " "doesn't have CA as signer certificate"); goto out; } @@ -230,7 +230,7 @@ verify_ocsp(hx509_context context, &s->signatureValue); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "OSCP signer signature invalid"); + "OCSP signer signature invalid"); goto out; } @@ -247,7 +247,7 @@ verify_ocsp(hx509_context context, &ocsp->ocsp.signature); if (ret) { hx509_set_error_string(context, HX509_ERROR_APPEND, ret, - "OSCP signature invalid"); + "OCSP signature invalid"); goto out; } @@ -333,12 +333,16 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) void *data; int ret; - ret = _hx509_map_file(ocsp->path, &data, &length, &sb); + ret = rk_undumpdata(ocsp->path, &data, &length); if (ret) return ret; + ret = stat(ocsp->path, &sb); + if (ret) + return errno; + ret = parse_ocsp_basic(data, length, &basic); - _hx509_unmap_file(data, length); + rk_xfree(data); if (ret) { hx509_set_error_string(context, 0, ret, "Failed to parse OCSP response"); @@ -567,14 +571,18 @@ load_crl(const char *path, time_t *t, CRLCertificateList *crl) memset(crl, 0, sizeof(*crl)); - ret = _hx509_map_file(path, &data, &length, &sb); + ret = rk_undumpdata(path, &data, &length); if (ret) return ret; + ret = stat(path, &sb); + if (ret) + return errno; + *t = sb.st_mtime; ret = decode_CRLCertificateList(data, length, crl, &size); - _hx509_unmap_file(data, length); + rk_xfree(data); if (ret) return ret; diff --git a/lib/hx509/version-script.map b/lib/hx509/version-script.map index 9eda8c0c3..6953b817a 100644 --- a/lib/hx509/version-script.map +++ b/lib/hx509/version-script.map @@ -195,9 +195,7 @@ HEIMDAL_X509_1.1 { hx509_pem_read; hx509_xfree; _hx509_write_file; - _hx509_map_file; _hx509_map_file_os; - _hx509_unmap_file; _hx509_unmap_file_os; _hx509_certs_keys_free; _hx509_certs_keys_get;