File: | lib/x509/key_decode.c |
Location: | line 72, column 8 |
Description: | Although the value stored to 'result' is used in the enclosing expression, the value is never actually read from 'result' |
1 | /* |
2 | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | * |
4 | * Author: Nikos Mavrogiannopoulos |
5 | * |
6 | * This file is part of GnuTLS. |
7 | * |
8 | * The GnuTLS is free software; you can redistribute it and/or |
9 | * modify it under the terms of the GNU Lesser General Public License |
10 | * as published by the Free Software Foundation; either version 3 of |
11 | * the License, or (at your option) any later version. |
12 | * |
13 | * This library is distributed in the hope that it will be useful, but |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | * Lesser General Public License for more details. |
17 | * |
18 | * You should have received a copy of the GNU Lesser General Public License |
19 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
20 | * |
21 | */ |
22 | |
23 | #include <gnutls_int.h> |
24 | #include <gnutls_errors.h> |
25 | #include <gnutls_global.h> |
26 | #include <libtasn1.h> |
27 | #include <gnutls_datumgnutls_datum_t.h> |
28 | #include "common.h" |
29 | #include "x509_int.h" |
30 | #include <gnutls_num.h> |
31 | #include <gnutls_ecc.h> |
32 | |
33 | static int _gnutls_x509_read_rsa_pubkey (opaque * der, int dersize, |
34 | gnutls_pk_params_st* params); |
35 | static int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, |
36 | gnutls_pk_params_st * params); |
37 | static int _gnutls_x509_read_ecc_pubkey (opaque * der, int dersize, |
38 | gnutls_pk_params_st * params); |
39 | |
40 | static int |
41 | _gnutls_x509_read_dsa_params (opaque * der, int dersize, gnutls_pk_params_st * params); |
42 | |
43 | /* |
44 | * some x509 certificate parsing functions that relate to MPI parameter |
45 | * extraction. This reads the BIT STRING subjectPublicKey. |
46 | * Returns 2 parameters (m,e). It does not set params_nr. |
47 | */ |
48 | int |
49 | _gnutls_x509_read_rsa_pubkey (opaque * der, int dersize, gnutls_pk_params_st * params) |
50 | { |
51 | int result; |
52 | ASN1_TYPE spk = ASN1_TYPE_EMPTY((void*)0); |
53 | |
54 | if ((result = asn1_create_element |
55 | (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn), "GNUTLS.RSAPublicKey", &spk)) |
56 | != ASN1_SUCCESS0) |
57 | { |
58 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",58); } while(0);; |
59 | return _gnutls_asn2err (result); |
60 | } |
61 | |
62 | result = asn1_der_decoding (&spk, der, dersize, NULL((void*)0)); |
63 | |
64 | if (result != ASN1_SUCCESS0) |
65 | { |
66 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",66); } while(0);; |
67 | asn1_delete_structure (&spk); |
68 | return _gnutls_asn2err (result); |
69 | } |
70 | |
71 | |
72 | if ((result = _gnutls_x509_read_int (spk, "modulus", ¶ms->params[0])) < 0) |
Although the value stored to 'result' is used in the enclosing expression, the value is never actually read from 'result' | |
73 | { |
74 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",74); } while(0);; |
75 | asn1_delete_structure (&spk); |
76 | return GNUTLS_E_ASN1_GENERIC_ERROR-71; |
77 | } |
78 | |
79 | if ((result = _gnutls_x509_read_int (spk, "publicExponent", |
80 | ¶ms->params[1])) < 0) |
81 | { |
82 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",82); } while(0);; |
83 | _gnutls_mpi_release (¶ms->params[0]); |
84 | asn1_delete_structure (&spk); |
85 | return GNUTLS_E_ASN1_GENERIC_ERROR-71; |
86 | } |
87 | |
88 | asn1_delete_structure (&spk); |
89 | |
90 | return 0; |
91 | |
92 | } |
93 | |
94 | /* |
95 | * some x509 certificate parsing functions that relate to MPI parameter |
96 | * extraction. This reads the BIT STRING subjectPublicKey. |
97 | * Returns 2 parameters (m,e). It does not set params_nr. |
98 | */ |
99 | int |
100 | _gnutls_x509_read_ecc_pubkey (opaque * der, int dersize, gnutls_pk_params_st * params) |
101 | { |
102 | /* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET STRING), |
103 | * it is actually copied in raw there. Why do they use ASN.1 anyway? |
104 | */ |
105 | return _gnutls_ecc_ansi_x963_import (der, dersize, ¶ms->params[ECC_X6], |
106 | ¶ms->params[ECC_Y7]); |
107 | } |
108 | |
109 | |
110 | /* reads p,q and g |
111 | * from the certificate (subjectPublicKey BIT STRING). |
112 | * params[0-2]. It does NOT set params_nr. |
113 | */ |
114 | static int |
115 | _gnutls_x509_read_dsa_params (opaque * der, int dersize, gnutls_pk_params_st * params) |
116 | { |
117 | int result; |
118 | ASN1_TYPE spk = ASN1_TYPE_EMPTY((void*)0); |
119 | |
120 | if ((result = asn1_create_element |
121 | (_gnutls_get_pkix ()((ASN1_TYPE) _gnutls_pkix1_asn), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS0) |
122 | { |
123 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",123); } while(0);; |
124 | return _gnutls_asn2err (result); |
125 | } |
126 | |
127 | result = asn1_der_decoding (&spk, der, dersize, NULL((void*)0)); |
128 | |
129 | if (result != ASN1_SUCCESS0) |
130 | { |
131 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",131); } while(0);; |
132 | asn1_delete_structure (&spk); |
133 | return _gnutls_asn2err (result); |
134 | } |
135 | |
136 | /* FIXME: If the parameters are not included in the certificate |
137 | * then the issuer's parameters should be used. This is not |
138 | * done yet. |
139 | */ |
140 | |
141 | /* Read p */ |
142 | |
143 | if ((result = _gnutls_x509_read_int (spk, "p", ¶ms->params[0])) < 0) |
144 | { |
145 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",145); } while(0);; |
146 | asn1_delete_structure (&spk); |
147 | return GNUTLS_E_ASN1_GENERIC_ERROR-71; |
148 | } |
149 | |
150 | /* Read q */ |
151 | |
152 | if ((result = _gnutls_x509_read_int (spk, "q", ¶ms->params[1])) < 0) |
153 | { |
154 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",154); } while(0);; |
155 | asn1_delete_structure (&spk); |
156 | _gnutls_mpi_release (¶ms->params[0]); |
157 | return GNUTLS_E_ASN1_GENERIC_ERROR-71; |
158 | } |
159 | |
160 | /* Read g */ |
161 | |
162 | if ((result = _gnutls_x509_read_int (spk, "g", ¶ms->params[2])) < 0) |
163 | { |
164 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",164); } while(0);; |
165 | asn1_delete_structure (&spk); |
166 | _gnutls_mpi_release (¶ms->params[0]); |
167 | _gnutls_mpi_release (¶ms->params[1]); |
168 | return GNUTLS_E_ASN1_GENERIC_ERROR-71; |
169 | } |
170 | |
171 | asn1_delete_structure (&spk); |
172 | |
173 | return 0; |
174 | |
175 | } |
176 | |
177 | /* reads the curve from the certificate. |
178 | * params[0-4]. It does NOT set params_nr. |
179 | */ |
180 | int |
181 | _gnutls_x509_read_ecc_params (opaque * der, int dersize, gnutls_pk_params_st * params) |
182 | { |
183 | int ret; |
184 | ASN1_TYPE spk = ASN1_TYPE_EMPTY((void*)0); |
185 | char oid[MAX_OID_SIZE128]; |
186 | int oid_size; |
187 | |
188 | if ((ret = asn1_create_element |
189 | (_gnutls_get_gnutls_asn ()((ASN1_TYPE) _gnutls_gnutls_asn), "GNUTLS.ECParameters", &spk)) != ASN1_SUCCESS0) |
190 | { |
191 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",191); } while(0);; |
192 | return _gnutls_asn2err (ret); |
193 | } |
194 | |
195 | ret = asn1_der_decoding (&spk, der, dersize, NULL((void*)0)); |
196 | |
197 | if (ret != ASN1_SUCCESS0) |
198 | { |
199 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",199); } while(0);; |
200 | ret = _gnutls_asn2err (ret); |
201 | goto cleanup; |
202 | } |
203 | |
204 | /* Read curve */ |
205 | /* read the curve */ |
206 | oid_size = sizeof(oid); |
207 | ret = asn1_read_value(spk, "namedCurve", oid, &oid_size); |
208 | if (ret != ASN1_SUCCESS0) |
209 | { |
210 | gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",210); } while(0);; |
211 | ret = _gnutls_asn2err (ret); |
212 | goto cleanup; |
213 | } |
214 | |
215 | params->flags = _gnutls_oid_to_ecc_curve(oid); |
216 | if (params->flags == GNUTLS_ECC_CURVE_INVALID) |
217 | { |
218 | _gnutls_debug_log("Curve %s is not supported\n", oid)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "Curve %s is not supported\n", oid); } while(0); |
219 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",219); } while(0);; |
220 | ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE-322; |
221 | goto cleanup; |
222 | } |
223 | |
224 | ret = _gnutls_ecc_curve_fill_params(params->flags, params); |
225 | if (ret < 0) |
226 | { |
227 | gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log ( 2, "ASSERT: %s:%d\n", "key_decode.c",227); } while(0);; |
228 | goto cleanup; |
229 | } |
230 | |
231 | ret = 0; |
232 | |
233 | cleanup: |
234 | |
235 | asn1_delete_structure (&spk); |
236 | |
237 | return ret; |
238 | |
239 | } |
240 | |
241 | int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t algo, opaque * der, int dersize, |
242 | gnutls_pk_params_st * params) |
243 | { |
244 | int ret; |
245 | |
246 | switch(algo) |
247 | { |
248 | case GNUTLS_PK_RSA: |
249 | ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params); |
250 | if (ret >= 0) params->params_nr = RSA_PUBLIC_PARAMS2; |
251 | break; |
252 | case GNUTLS_PK_DSA: |
253 | ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params); |
254 | if (ret >= 0) params->params_nr = DSA_PUBLIC_PARAMS4; |
255 | break; |
256 | case GNUTLS_PK_EC: |
257 | ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params); |
258 | if (ret >= 0) params->params_nr = ECC_PUBLIC_PARAMS8; |
259 | break; |
260 | default: |
261 | ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)gnutls_assert_val_int(-1250, "key_decode.c", 261); |
262 | break; |
263 | } |
264 | return ret; |
265 | } |
266 | |
267 | int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, opaque * der, int dersize, |
268 | gnutls_pk_params_st * params) |
269 | { |
270 | switch(algo) |
271 | { |
272 | case GNUTLS_PK_RSA: |
273 | return 0; |
274 | case GNUTLS_PK_DSA: |
275 | return _gnutls_x509_read_dsa_params(der, dersize, params); |
276 | case GNUTLS_PK_EC: |
277 | return _gnutls_x509_read_ecc_params(der, dersize, params); |
278 | default: |
279 | return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE)gnutls_assert_val_int(-1250, "key_decode.c", 279); |
280 | } |
281 | } |
282 | |
283 | /* reads DSA's Y |
284 | * from the certificate |
285 | * only sets params[3] |
286 | */ |
287 | int |
288 | _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, gnutls_pk_params_st * params) |
289 | { |
290 | /* do not set a number */ |
291 | params->params_nr = 0; |
292 | return _gnutls_x509_read_der_int (der, dersize, ¶ms->params[3]); |
293 | } |
294 |