From b24968272fdf23a22775f784aeeb987a89da9236 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Sat, 23 Jul 2005 10:42:01 +0000 Subject: [PATCH] Adapt to IMPLICIT changes in CMS module. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15714 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/pkinit.c | 116 ++++++++++++++-------------------------------- 1 file changed, 34 insertions(+), 82 deletions(-) diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 233c2eb27..7f9841c51 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -407,34 +407,25 @@ _krb5_pk_create_sign(krb5_context context, goto out; } - sd.certificates->data = NULL; - sd.certificates->length = 0; + i = sk_X509_num(id->cert); + sd.certificates->val = malloc(sizeof(sd.certificates->val[0]) * i); + if (sd.certificates->val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + sd.certificates->len = i; for (i = 0; i < sk_X509_num(id->cert); i++) { - void *data; - OPENSSL_ASN1_MALLOC_ENCODE(X509, - buf.data, - buf.length, + sd.certificates->val[i].data, + sd.certificates->val[i].length, sk_X509_value(id->cert, i), ret); if (ret) { krb5_clear_error_string(context); goto out; } - data = realloc(sd.certificates->data, - sd.certificates->length + buf.length); - if (data == NULL) { - free(buf.data); - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - memcpy(((char *)data) + sd.certificates->length, - buf.data, buf.length); - sd.certificates->length += buf.length; - sd.certificates->data = data; - free(buf.data); } ASN1_MALLOC_ENCODE(SignedData, sd_data->data, sd_data->length, @@ -563,7 +554,7 @@ build_auth_pack(krb5_context context, if (ret == 0 && dh) { DomainParameters dp; heim_integer dh_pub_key; - krb5_data buf; + krb5_data dhbuf; size_t size; ALLOC(a->clientPublicValue, 1); @@ -615,25 +606,25 @@ build_auth_pack(krb5_context context, if (ret) return ret; - buf.length = length_heim_integer(&dh_pub_key); - buf.data = malloc(buf.length); - if (buf.data == NULL) { + dhbuf.length = length_heim_integer(&dh_pub_key); + dhbuf.data = malloc(dhbuf.length); + if (dhbuf.data == NULL) { free_heim_integer(&dh_pub_key); krb5_set_error_string(context, "malloc: out of memory"); return ret; } - ret = der_put_heim_integer((char *)buf.data + buf.length - 1, - buf.length, &dh_pub_key, &size); + ret = der_put_heim_integer((char *)dhbuf.data + dhbuf.length - 1, + dhbuf.length, &dh_pub_key, &size); free_heim_integer(&dh_pub_key); if (ret) { - free(buf.data); + free(dhbuf.data); return ret; } - if (size != buf.length) + if (size != dhbuf.length) krb5_abortx(context, "asn1 internal error"); - a->clientPublicValue->subjectPublicKey.length = buf.length * 8; - a->clientPublicValue->subjectPublicKey.data = buf.data; + a->clientPublicValue->subjectPublicKey.length = dhbuf.length * 8; + a->clientPublicValue->subjectPublicKey.data = dhbuf.data; } return ret; @@ -894,7 +885,7 @@ _krb5_pk_mk_padata(krb5_context context, if (provisioning_server) { /* PacketCable requires the PROV-SRV-LOCATION authenticator */ - const PROV_SRV_LOCATION prov_server = (char *)provisioning_server; + const PROV_SRV_LOCATION prov_server = rk_UNCONST(provisioning_server); ASN1_MALLOC_ENCODE(PROV_SRV_LOCATION, buf.data, buf.length, &prov_server, &size, ret); @@ -1104,7 +1095,7 @@ pk_verify_chain_standard(krb5_context context, } static int -cert_to_X509(krb5_context context, CertificateSetReal *set, +cert_to_X509(krb5_context context, CertificateSet *set, STACK_OF(X509_CRL) **certs) { krb5_error_code ret; @@ -1112,6 +1103,9 @@ cert_to_X509(krb5_context context, CertificateSetReal *set, *certs = sk_X509_new_null(); + if (set == NULL) + return 0; + ret = 0; for (i = 0; i < set->len; i++) { unsigned char *p; @@ -1134,45 +1128,6 @@ cert_to_X509(krb5_context context, CertificateSetReal *set, return ret; } -static krb5_error_code -any_to_CertificateSet(krb5_context context, heim_any *cert, - CertificateSetReal *set) -{ - size_t size, len, length; - heim_any *val; - int ret; - char *p; - - set->len = 0; - set->val = NULL; - - len = 0; - p = cert->data; - length = cert->length; - while (len < cert->length) { - val = realloc(set->val, (set->len + 1) * sizeof(set->val[0])); - if (val == NULL) { - ret = ENOMEM; - goto out; - } - set->val = val; - ret = decode_heim_any(p, length, &set->val[set->len], &size); - if (ret) - goto out; - set->len++; - - p += size; - len += size; - length -= size; - } - return 0; - out: - krb5_clear_error_string(context); - free_CertificateSetReal(set); - set->val = NULL; - return ret; -} - krb5_error_code KRB5_LIB_FUNCTION _krb5_pk_verify_sign(krb5_context context, const char *data, @@ -1187,7 +1142,6 @@ _krb5_pk_verify_sign(krb5_context context, const EVP_MD *evp_type; EVP_PKEY *public_key; krb5_error_code ret; - CertificateSetReal set; EVP_MD_CTX md; X509 *cert; SignedData sd; @@ -1227,15 +1181,14 @@ _krb5_pk_verify_sign(krb5_context context, signer_info = &sd.signerInfos.val[0]; - ret = any_to_CertificateSet(context, sd.certificates, &set); - if (ret) { - krb5_set_error_string(context, - "PKINIT: failed to decode CertificateSet"); - goto out; - } + { + CertificateSet set; + set.val = sd.certificates->val; + set.len = sd.certificates->len; - ret = cert_to_X509(context, &set, &certificates); - free_CertificateSetReal(&set); + ret = cert_to_X509(context, &set, &certificates); + free_CertificateSet(&set); + } if (ret) { krb5_set_error_string(context, "PKINIT: failed to decode Certificates"); @@ -1530,7 +1483,6 @@ pk_rd_pa_reply_enckey(krb5_context context, /* win2k uses ContentInfo */ if (win2k_compat) { ContentInfo ci; - size_t size; ret = decode_ContentInfo(p, length, &ci, &size); if (ret) { @@ -2371,8 +2323,8 @@ _krb5_pk_load_openssl_id(krb5_context context, FILE *f; krb5_error_code (*load_pair)(krb5_context, char *, - krb5_prompter_fct prompter, - void * prompter_data, + krb5_prompter_fct, + void *, const char *, struct krb5_pk_identity *) = NULL;