Bug Summary

File:lib/x509/key_decode.c
Location:line 79, column 8
Description:Although the value stored to 'result' is used in the enclosing expression, the value is never actually read from 'result'

Annotated Source Code

1/*
2 * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23#include <gnutls_int.h>
24#include <gnutls_errors.h>
25#include <gnutls_global.h>
26#include <libtasn1.h>
27#include <gnutls_datumgnutls_datum_t.h>
28#include "common.h"
29#include "x509_int.h"
30#include <gnutls_num.h>
31#include <gnutls_ecc.h>
32
33static int _gnutls_x509_read_rsa_pubkey (opaque * der, int dersize,
34 gnutls_pk_params_st* params);
35static int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize,
36 gnutls_pk_params_st * params);
37static int _gnutls_x509_read_ecc_pubkey (opaque * der, int dersize,
38 gnutls_pk_params_st * params);
39
40static int
41_gnutls_x509_read_dsa_params (opaque * der, int dersize, gnutls_pk_params_st * params);
42
43/*
44 * some x509 certificate parsing functions that relate to MPI parameter
45 * extraction. This reads the BIT STRING subjectPublicKey.
46 * Returns 2 parameters (m,e). It does not set params_nr.
47 */
48int
49_gnutls_x509_read_rsa_pubkey (opaque * der, int dersize, gnutls_pk_params_st * params)
50{
51 int result;
52 ASN1_TYPE spk = ASN1_TYPE_EMPTY((void*)0);
53
54 if ((result = asn1_create_element
55 (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn), "GNUTLS.RSAPublicKey", &spk))
56 != ASN1_SUCCESS0)
57 {
58 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",58); } while(0);
;
59 return _gnutls_asn2err (result);
60 }
61
62 result = asn1_der_decoding (&spk, der, dersize, NULL((void*)0));
63
64 if (result != ASN1_SUCCESS0)
65 {
66 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",66); } while(0);
;
67 asn1_delete_structure (&spk);
68 return _gnutls_asn2err (result);
69 }
70
71
72 if ((result = _gnutls_x509_read_int (spk, "modulus", &params->params[0])) < 0)
73 {
74 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",74); } while(0);
;
75 asn1_delete_structure (&spk);
76 return GNUTLS_E_ASN1_GENERIC_ERROR-71;
77 }
78
79 if ((result = _gnutls_x509_read_int (spk, "publicExponent",
Although the value stored to 'result' is used in the enclosing expression, the value is never actually read from 'result'
80 &params->params[1])) < 0)
81 {
82 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",82); } while(0);
;
83 _gnutls_mpi_release (&params->params[0]);
84 asn1_delete_structure (&spk);
85 return GNUTLS_E_ASN1_GENERIC_ERROR-71;
86 }
87
88 asn1_delete_structure (&spk);
89
90 return 0;
91
92}
93
94/*
95 * some x509 certificate parsing functions that relate to MPI parameter
96 * extraction. This reads the BIT STRING subjectPublicKey.
97 * Returns 2 parameters (m,e). It does not set params_nr.
98 */
99int
100_gnutls_x509_read_ecc_pubkey (opaque * der, int dersize, gnutls_pk_params_st * params)
101{
102/* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET STRING),
103 * it is actually copied in raw there. Why do they use ASN.1 anyway?
104 */
105 return _gnutls_ecc_ansi_x963_import (der, dersize, &params->params[ECC_X6],
106 &params->params[ECC_Y7]);
107}
108
109
110/* reads p,q and g
111 * from the certificate (subjectPublicKey BIT STRING).
112 * params[0-2]. It does NOT set params_nr.
113 */
114static int
115_gnutls_x509_read_dsa_params (opaque * der, int dersize, gnutls_pk_params_st * params)
116{
117 int result;
118 ASN1_TYPE spk = ASN1_TYPE_EMPTY((void*)0);
119
120 if ((result = asn1_create_element
121 (_gnutls_get_pkix ()((ASN1_TYPE) _gnutls_pkix1_asn), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS0)
122 {
123 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",123); } while(0);
;
124 return _gnutls_asn2err (result);
125 }
126
127 result = asn1_der_decoding (&spk, der, dersize, NULL((void*)0));
128
129 if (result != ASN1_SUCCESS0)
130 {
131 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",131); } while(0);
;
132 asn1_delete_structure (&spk);
133 return _gnutls_asn2err (result);
134 }
135
136 /* FIXME: If the parameters are not included in the certificate
137 * then the issuer's parameters should be used. This is not
138 * done yet.
139 */
140
141 /* Read p */
142
143 if ((result = _gnutls_x509_read_int (spk, "p", &params->params[0])) < 0)
144 {
145 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",145); } while(0);
;
146 asn1_delete_structure (&spk);
147 return GNUTLS_E_ASN1_GENERIC_ERROR-71;
148 }
149
150 /* Read q */
151
152 if ((result = _gnutls_x509_read_int (spk, "q", &params->params[1])) < 0)
153 {
154 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",154); } while(0);
;
155 asn1_delete_structure (&spk);
156 _gnutls_mpi_release (&params->params[0]);
157 return GNUTLS_E_ASN1_GENERIC_ERROR-71;
158 }
159
160 /* Read g */
161
162 if ((result = _gnutls_x509_read_int (spk, "g", &params->params[2])) < 0)
163 {
164 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",164); } while(0);
;
165 asn1_delete_structure (&spk);
166 _gnutls_mpi_release (&params->params[0]);
167 _gnutls_mpi_release (&params->params[1]);
168 return GNUTLS_E_ASN1_GENERIC_ERROR-71;
169 }
170
171 asn1_delete_structure (&spk);
172
173 return 0;
174
175}
176
177/* reads the curve from the certificate.
178 * params[0-4]. It does NOT set params_nr.
179 */
180int
181_gnutls_x509_read_ecc_params (opaque * der, int dersize, gnutls_pk_params_st * params)
182{
183 int ret;
184 ASN1_TYPE spk = ASN1_TYPE_EMPTY((void*)0);
185 char oid[MAX_OID_SIZE128];
186 int oid_size;
187
188 if ((ret = asn1_create_element
189 (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn), "GNUTLS.ECParameters", &spk)) != ASN1_SUCCESS0)
190 {
191 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",191); } while(0);
;
192 return _gnutls_asn2err (ret);
193 }
194
195 ret = asn1_der_decoding (&spk, der, dersize, NULL((void*)0));
196
197 if (ret != ASN1_SUCCESS0)
198 {
199 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",199); } while(0);
;
200 ret = _gnutls_asn2err (ret);
201 goto cleanup;
202 }
203
204 /* Read curve */
205 /* read the curve */
206 oid_size = sizeof(oid);
207 ret = asn1_read_value(spk, "namedCurve", oid, &oid_size);
208 if (ret != ASN1_SUCCESS0)
209 {
210 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",210); } while(0);
;
211 ret = _gnutls_asn2err (ret);
212 goto cleanup;
213 }
214
215 params->flags = _gnutls_oid_to_ecc_curve(oid);
216 if (params->flags == GNUTLS_ECC_CURVE_INVALID)
217 {
218 _gnutls_debug_log("Curve %s is not supported\n", oid)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "Curve %s is not supported\n", oid); } while(0)
;
219 gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",219); } while(0);
;
220 ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE-322;
221 goto cleanup;
222 }
223
224 ret = _gnutls_ecc_curve_fill_params(params->flags, params);
225 if (ret < 0)
226 {
227 gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "key_decode.c",227); } while(0);
;
228 goto cleanup;
229 }
230
231 ret = 0;
232
233cleanup:
234
235 asn1_delete_structure (&spk);
236
237 return ret;
238
239}
240
241int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t algo, opaque * der, int dersize,
242 gnutls_pk_params_st * params)
243{
244int ret;
245
246 switch(algo)
247 {
248 case GNUTLS_PK_RSA:
249 ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params);
250 if (ret >= 0) params->params_nr = RSA_PUBLIC_PARAMS2;
251 break;
252 case GNUTLS_PK_DSA:
253 ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params);
254 if (ret >= 0) params->params_nr = DSA_PUBLIC_PARAMS4;
255 break;
256 case GNUTLS_PK_EC:
257 ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params);
258 if (ret >= 0) params->params_nr = ECC_PUBLIC_PARAMS8;
259 break;
260 default:
261 ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)gnutls_assert_val_int(-1250, "key_decode.c", 261);
262 break;
263 }
264 return ret;
265}
266
267int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, opaque * der, int dersize,
268 gnutls_pk_params_st * params)
269{
270 switch(algo)
271 {
272 case GNUTLS_PK_RSA:
273 return 0;
274 case GNUTLS_PK_DSA:
275 return _gnutls_x509_read_dsa_params(der, dersize, params);
276 case GNUTLS_PK_EC:
277 return _gnutls_x509_read_ecc_params(der, dersize, params);
278 default:
279 return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)gnutls_assert_val_int(-1250, "key_decode.c", 279);
280 }
281}
282
283/* reads DSA's Y
284 * from the certificate
285 * only sets params[3]
286 */
287int
288_gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, gnutls_pk_params_st * params)
289{
290 /* do not set a number */
291 params->params_nr = 0;
292 return _gnutls_x509_read_der_int (der, dersize, &params->params[3]);
293}
294