Adapt to IMPLICIT changes in CMS module.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15714 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2005-07-23 10:42:01 +00:00
parent a8f3b3b5f0
commit b24968272f

View File

@@ -407,34 +407,25 @@ _krb5_pk_create_sign(krb5_context context,
goto out;
}
sd.certificates->data = NULL;
sd.certificates->length = 0;
i = sk_X509_num(id->cert);
sd.certificates->val = malloc(sizeof(sd.certificates->val[0]) * i);
if (sd.certificates->val == NULL) {
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
sd.certificates->len = i;
for (i = 0; i < sk_X509_num(id->cert); i++) {
void *data;
OPENSSL_ASN1_MALLOC_ENCODE(X509,
buf.data,
buf.length,
sd.certificates->val[i].data,
sd.certificates->val[i].length,
sk_X509_value(id->cert, i),
ret);
if (ret) {
krb5_clear_error_string(context);
goto out;
}
data = realloc(sd.certificates->data,
sd.certificates->length + buf.length);
if (data == NULL) {
free(buf.data);
krb5_clear_error_string(context);
ret = ENOMEM;
goto out;
}
memcpy(((char *)data) + sd.certificates->length,
buf.data, buf.length);
sd.certificates->length += buf.length;
sd.certificates->data = data;
free(buf.data);
}
ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length,
@@ -563,7 +554,7 @@ build_auth_pack(krb5_context context,
if (ret == 0 && dh) {
DomainParameters dp;
heim_integer dh_pub_key;
krb5_data buf;
krb5_data dhbuf;
size_t size;
ALLOC(a->clientPublicValue, 1);
@@ -615,25 +606,25 @@ build_auth_pack(krb5_context context,
if (ret)
return ret;
buf.length = length_heim_integer(&dh_pub_key);
buf.data = malloc(buf.length);
if (buf.data == NULL) {
dhbuf.length = length_heim_integer(&dh_pub_key);
dhbuf.data = malloc(dhbuf.length);
if (dhbuf.data == NULL) {
free_heim_integer(&dh_pub_key);
krb5_set_error_string(context, "malloc: out of memory");
return ret;
}
ret = der_put_heim_integer((char *)buf.data + buf.length - 1,
buf.length, &dh_pub_key, &size);
ret = der_put_heim_integer((char *)dhbuf.data + dhbuf.length - 1,
dhbuf.length, &dh_pub_key, &size);
free_heim_integer(&dh_pub_key);
if (ret) {
free(buf.data);
free(dhbuf.data);
return ret;
}
if (size != buf.length)
if (size != dhbuf.length)
krb5_abortx(context, "asn1 internal error");
a->clientPublicValue->subjectPublicKey.length = buf.length * 8;
a->clientPublicValue->subjectPublicKey.data = buf.data;
a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8;
a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
}
return ret;
@@ -894,7 +885,7 @@ _krb5_pk_mk_padata(krb5_context context,
if (provisioning_server) {
/* PacketCable requires the PROV-SRV-LOCATION authenticator */
const PROV_SRV_LOCATION prov_server = (char *)provisioning_server;
const PROV_SRV_LOCATION prov_server = rk_UNCONST(provisioning_server);
ASN1_MALLOC_ENCODE(PROV_SRV_LOCATION, buf.data, buf.length,
&prov_server, &size, ret);
@@ -1104,7 +1095,7 @@ pk_verify_chain_standard(krb5_context context,
}
static int
cert_to_X509(krb5_context context, CertificateSetReal *set,
cert_to_X509(krb5_context context, CertificateSet *set,
STACK_OF(X509_CRL) **certs)
{
krb5_error_code ret;
@@ -1112,6 +1103,9 @@ cert_to_X509(krb5_context context, CertificateSetReal *set,
*certs = sk_X509_new_null();
if (set == NULL)
return 0;
ret = 0;
for (i = 0; i < set->len; i++) {
unsigned char *p;
@@ -1134,45 +1128,6 @@ cert_to_X509(krb5_context context, CertificateSetReal *set,
return ret;
}
static krb5_error_code
any_to_CertificateSet(krb5_context context, heim_any *cert,
CertificateSetReal *set)
{
size_t size, len, length;
heim_any *val;
int ret;
char *p;
set->len = 0;
set->val = NULL;
len = 0;
p = cert->data;
length = cert->length;
while (len < cert->length) {
val = realloc(set->val, (set->len + 1) * sizeof(set->val[0]));
if (val == NULL) {
ret = ENOMEM;
goto out;
}
set->val = val;
ret = decode_heim_any(p, length, &set->val[set->len], &size);
if (ret)
goto out;
set->len++;
p += size;
len += size;
length -= size;
}
return 0;
out:
krb5_clear_error_string(context);
free_CertificateSetReal(set);
set->val = NULL;
return ret;
}
krb5_error_code KRB5_LIB_FUNCTION
_krb5_pk_verify_sign(krb5_context context,
const char *data,
@@ -1187,7 +1142,6 @@ _krb5_pk_verify_sign(krb5_context context,
const EVP_MD *evp_type;
EVP_PKEY *public_key;
krb5_error_code ret;
CertificateSetReal set;
EVP_MD_CTX md;
X509 *cert;
SignedData sd;
@@ -1227,15 +1181,14 @@ _krb5_pk_verify_sign(krb5_context context,
signer_info = &sd.signerInfos.val[0];
ret = any_to_CertificateSet(context, sd.certificates, &set);
if (ret) {
krb5_set_error_string(context,
"PKINIT: failed to decode CertificateSet");
goto out;
}
{
CertificateSet set;
set.val = sd.certificates->val;
set.len = sd.certificates->len;
ret = cert_to_X509(context, &set, &certificates);
free_CertificateSetReal(&set);
ret = cert_to_X509(context, &set, &certificates);
free_CertificateSet(&set);
}
if (ret) {
krb5_set_error_string(context,
"PKINIT: failed to decode Certificates");
@@ -1530,7 +1483,6 @@ pk_rd_pa_reply_enckey(krb5_context context,
/* win2k uses ContentInfo */
if (win2k_compat) {
ContentInfo ci;
size_t size;
ret = decode_ContentInfo(p, length, &ci, &size);
if (ret) {
@@ -2371,8 +2323,8 @@ _krb5_pk_load_openssl_id(krb5_context context,
FILE *f;
krb5_error_code (*load_pair)(krb5_context,
char *,
krb5_prompter_fct prompter,
void * prompter_data,
krb5_prompter_fct,
void *,
const char *,
struct krb5_pk_identity *) = NULL;