summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common/pem.c38
-rw-r--r--common/pem.h7
-rw-r--r--common/tests/test-pem.c21
-rw-r--r--tools/extract-openssl.c29
-rw-r--r--tools/extract-pem.c32
5 files changed, 71 insertions, 56 deletions
diff --git a/common/pem.c b/common/pem.c
index b0625ef..7fe0076 100644
--- a/common/pem.c
+++ b/common/pem.c
@@ -242,35 +242,31 @@ p11_pem_parse (const char *data,
return nfound;
}
-char *
+bool
p11_pem_write (const unsigned char *contents,
size_t length,
const char *type,
- size_t *pem_len)
+ p11_buffer *buf)
{
- p11_buffer buffer;
size_t estimate;
size_t prefix;
char *target;
int len;
- return_val_if_fail (contents || !length, NULL);
- return_val_if_fail (type, NULL);
- return_val_if_fail (pem_len, NULL);
+ return_val_if_fail (contents || !length, false);
+ return_val_if_fail (type, false);
+ return_val_if_fail (buf, false);
/* Estimate from base64 data. Algorithm from Glib reference */
estimate = length * 4 / 3 + 7;
estimate += estimate / 64 + 1;
- if (!p11_buffer_init_null (&buffer, estimate + 128))
- return_val_if_reached (NULL);
+ p11_buffer_add (buf, ARMOR_PREF_BEGIN, ARMOR_PREF_BEGIN_L);
+ p11_buffer_add (buf, type, -1);
+ p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L);
- p11_buffer_add (&buffer, ARMOR_PREF_BEGIN, ARMOR_PREF_BEGIN_L);
- p11_buffer_add (&buffer, type, -1);
- p11_buffer_add (&buffer, ARMOR_SUFF, ARMOR_SUFF_L);
-
- prefix = buffer.len;
- target = p11_buffer_append (&buffer, estimate);
+ prefix = buf->len;
+ target = p11_buffer_append (buf, estimate);
return_val_if_fail (target != NULL, NULL);
/*
@@ -282,13 +278,13 @@ p11_pem_write (const unsigned char *contents,
assert (len > 0);
assert (len <= estimate);
- buffer.len = prefix + len;
+ buf->len = prefix + len;
- p11_buffer_add (&buffer, "\n", 1);
- p11_buffer_add (&buffer, ARMOR_PREF_END, ARMOR_PREF_END_L);
- p11_buffer_add (&buffer, type, -1);
- p11_buffer_add (&buffer, ARMOR_SUFF, ARMOR_SUFF_L);
- p11_buffer_add (&buffer, "\n", 1);
+ p11_buffer_add (buf, "\n", 1);
+ p11_buffer_add (buf, ARMOR_PREF_END, ARMOR_PREF_END_L);
+ p11_buffer_add (buf, type, -1);
+ p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L);
+ p11_buffer_add (buf, "\n", 1);
- return p11_buffer_steal (&buffer, pem_len);
+ return p11_buffer_ok (buf);
}
diff --git a/common/pem.h b/common/pem.h
index d84f418..7e4ce63 100644
--- a/common/pem.h
+++ b/common/pem.h
@@ -35,6 +35,9 @@
#ifndef P11_PEM_H_
#define P11_PEM_H_
+#include "buffer.h"
+#include "compat.h"
+
#include <sys/types.h>
typedef void (*p11_pem_sink) (const char *type,
@@ -47,9 +50,9 @@ unsigned int p11_pem_parse (const char *input,
p11_pem_sink sink,
void *user_data);
-char * p11_pem_write (const unsigned char *contents,
+bool p11_pem_write (const unsigned char *contents,
size_t length,
const char *type,
- size_t *pem_len);
+ p11_buffer *buf);
#endif /* P11_PEM_H_ */
diff --git a/common/tests/test-pem.c b/common/tests/test-pem.c
index 7dd7fb2..0c7d60a 100644
--- a/common/tests/test-pem.c
+++ b/common/tests/test-pem.c
@@ -306,24 +306,27 @@ static void
test_pem_write (void)
{
WriteFixture *fixture;
- size_t length;
- char *output;
+ p11_buffer buf;
unsigned int count;
int i;
for (i = 0; write_fixtures[i].input != NULL; i++) {
fixture = write_fixtures + i;
- output = p11_pem_write ((unsigned char *)fixture->input,
- fixture->length,
- fixture->type, &length);
- assert_str_eq (fixture->output, output);
- assert_num_eq (strlen (fixture->output), length);
+ if (!p11_buffer_init_null (&buf, 0))
+ assert_not_reached ();
+
+ if (!p11_pem_write ((unsigned char *)fixture->input,
+ fixture->length,
+ fixture->type, &buf))
+ assert_not_reached ();
+ assert_str_eq (fixture->output, buf.data);
+ assert_num_eq (strlen (fixture->output), buf.len);
- count = p11_pem_parse (output, length, on_parse_written, fixture);
+ count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture);
assert_num_eq (1, count);
- free (output);
+ p11_buffer_uninit (&buf);
}
}
diff --git a/tools/extract-openssl.c b/tools/extract-openssl.c
index 2b8005a..91a9965 100644
--- a/tools/extract-openssl.c
+++ b/tools/extract-openssl.c
@@ -313,33 +313,34 @@ p11_extract_openssl_bundle (P11KitIter *iter,
p11_extract_info *ex)
{
p11_save_file *file;
+ p11_buffer output;
p11_buffer buf;
char *comment;
bool ret = true;
- size_t length;
bool first;
CK_RV rv;
- char *pem;
file = p11_save_open_file (ex->destination, ex->flags);
if (!file)
return false;
first = true;
+ p11_buffer_init (&output, 0);
while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
p11_buffer_init (&buf, 1024);
+ if (!p11_buffer_reset (&output, 2048))
+ return_val_if_reached (false);
if (prepare_pem_contents (ex, &buf)) {
- pem = p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &length);
- return_val_if_fail (pem != NULL, false);
+ if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output))
+ return_val_if_reached (false);
comment = p11_extract_info_comment (ex, first);
first = false;
ret = p11_save_write (file, comment, -1) &&
- p11_save_write (file, pem, length);
+ p11_save_write (file, output.data, output.len);
- free (pem);
free (comment);
}
@@ -349,6 +350,8 @@ p11_extract_openssl_bundle (P11KitIter *iter,
break;
}
+ p11_buffer_uninit (&output);
+
if (rv != CKR_OK && rv != CKR_CANCEL) {
p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
ret = false;
@@ -584,11 +587,10 @@ p11_extract_openssl_directory (P11KitIter *iter,
const char *filename;
p11_save_file *file;
p11_save_dir *dir;
+ p11_buffer output;
p11_buffer buf;
bool ret = true;
char *name;
- size_t length;
- char *pem;
CK_RV rv;
#ifdef OS_UNIX
@@ -600,14 +602,17 @@ p11_extract_openssl_directory (P11KitIter *iter,
return false;
p11_buffer_init (&buf, 0);
+ p11_buffer_init (&output, 0);
while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
if (!p11_buffer_reset (&buf, 1024))
return_val_if_reached (false);
+ if (!p11_buffer_reset (&output, 2048))
+ return_val_if_reached (false);
if (prepare_pem_contents (ex, &buf)) {
- pem = p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &length);
- return_val_if_fail (pem != NULL, false);
+ if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output))
+ return_val_if_reached (false);
name = p11_extract_info_filename (ex);
return_val_if_fail (name != NULL, false);
@@ -645,12 +650,11 @@ p11_extract_openssl_directory (P11KitIter *iter,
#endif /* OS_UNIX */
if (ret)
- ret = p11_save_write_and_finish (file, pem, length);
+ ret = p11_save_write_and_finish (file, output.data, output.len);
else
p11_save_finish_file (file, false);
free (name);
- free (pem);
}
if (!ret)
@@ -658,6 +662,7 @@ p11_extract_openssl_directory (P11KitIter *iter,
}
p11_buffer_uninit (&buf);
+ p11_buffer_uninit (&output);
if (rv != CKR_OK && rv != CKR_CANCEL) {
p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
diff --git a/tools/extract-pem.c b/tools/extract-pem.c
index a1a0865..0bae3cb 100644
--- a/tools/extract-pem.c
+++ b/tools/extract-pem.c
@@ -50,34 +50,38 @@ p11_extract_pem_bundle (P11KitIter *iter,
p11_extract_info *ex)
{
char *comment;
+ p11_buffer buf;
p11_save_file *file;
bool ret = true;
bool first = true;
- size_t length;
CK_RV rv;
- char *pem;
file = p11_save_open_file (ex->destination, ex->flags);
if (!file)
return false;
+ p11_buffer_init (&buf, 0);
while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- pem = p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &length);
- return_val_if_fail (pem != NULL, false);
+ if (!p11_buffer_reset (&buf, 2048))
+ return_val_if_reached (false);
+
+ if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
+ return_val_if_reached (false);
comment = p11_extract_info_comment (ex, first);
first = false;
ret = p11_save_write (file, comment, -1) &&
- p11_save_write (file, pem, length);
+ p11_save_write (file, buf.data, buf.len);
free (comment);
- free (pem);
if (!ret)
break;
}
+ p11_buffer_uninit (&buf);
+
if (rv != CKR_OK && rv != CKR_CANCEL) {
p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
ret = false;
@@ -98,19 +102,22 @@ p11_extract_pem_directory (P11KitIter *iter,
{
p11_save_file *file;
p11_save_dir *dir;
+ p11_buffer buf;
bool ret = true;
char *filename;
- size_t length;
- char *pem;
CK_RV rv;
dir = p11_save_open_directory (ex->destination, ex->flags);
if (dir == NULL)
return false;
+ p11_buffer_init (&buf, 0);
while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- pem = p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &length);
- return_val_if_fail (pem != NULL, false);
+ if (!p11_buffer_reset (&buf, 2048))
+ return_val_if_reached (false);
+
+ if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
+ return_val_if_reached (false);
filename = p11_extract_info_filename (ex);
return_val_if_fail (filename != NULL, false);
@@ -118,13 +125,14 @@ p11_extract_pem_directory (P11KitIter *iter,
file = p11_save_open_file_in (dir, filename, ".pem", NULL);
free (filename);
- ret = p11_save_write_and_finish (file, pem, length);
- free (pem);
+ ret = p11_save_write_and_finish (file, buf.data, buf.len);
if (!ret)
break;
}
+ p11_buffer_uninit (&buf);
+
if (rv != CKR_OK && rv != CKR_CANCEL) {
p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
ret = false;
generated by cgit v1.1 at 2024-10-20 12:31:31 +0000