From 2c4f5ed657976d868c33f0ddf430477ee2bf0191 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 8 Jul 2013 16:56:40 +0200 Subject: trust: Explicitly specify which formats parser should parse --- trust/parser.c | 69 +++++++++++++++++++++++++++++------------------ trust/parser.h | 18 +++++++++++-- trust/tests/test-module.c | 2 ++ trust/tests/test-parser.c | 10 +++++++ trust/token.c | 2 ++ 5 files changed, 73 insertions(+), 28 deletions(-) (limited to 'trust') diff --git a/trust/parser.c b/trust/parser.c index 0d250fc..3d5bae7 100644 --- a/trust/parser.c +++ b/trust/parser.c @@ -59,6 +59,7 @@ #include #include #include +#include #include #include #include @@ -70,6 +71,7 @@ struct _p11_parser { p11_persist *persist; char *basename; p11_array *parsed; + p11_array *formats; int flags; }; @@ -166,10 +168,10 @@ certificate_attrs (p11_parser *parser, return p11_attrs_build (NULL, &klass, &modifiable, &certificate_type, &value, id, NULL); } -static int -parse_der_x509_certificate (p11_parser *parser, - const unsigned char *data, - size_t length) +int +p11_parser_format_x509 (p11_parser *parser, + const unsigned char *data, + size_t length) { char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; CK_BYTE idv[ID_LENGTH]; @@ -583,7 +585,7 @@ on_pem_block (const char *type, int ret; if (strcmp (type, "CERTIFICATE") == 0) { - ret = parse_der_x509_certificate (parser, contents, length); + ret = p11_parser_format_x509 (parser, contents, length); } else if (strcmp (type, "TRUSTED CERTIFICATE") == 0) { ret = parse_openssl_trusted_certificate (parser, contents, length); @@ -597,10 +599,10 @@ on_pem_block (const char *type, p11_message ("Couldn't parse PEM block of type %s", type); } -static int -parse_pem_certificates (p11_parser *parser, - const unsigned char *data, - size_t length) +int +p11_parser_format_pem (p11_parser *parser, + const unsigned char *data, + size_t length) { int num; @@ -612,10 +614,10 @@ parse_pem_certificates (p11_parser *parser, return P11_PARSE_SUCCESS; } -static int -parse_p11_kit_persist (p11_parser *parser, - const unsigned char *data, - size_t length) +int +p11_parser_format_persist (p11_parser *parser, + const unsigned char *data, + size_t length) { CK_BBOOL modifiablev = CK_TRUE; CK_ATTRIBUTE *attrs; @@ -648,13 +650,6 @@ parse_p11_kit_persist (p11_parser *parser, return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE; } -static parser_func all_parsers[] = { - parse_p11_kit_persist, - parse_pem_certificates, - parse_der_x509_certificate, - NULL, -}; - p11_parser * p11_parser_new (p11_asn1_cache *asn1_cache) { @@ -693,6 +688,31 @@ p11_parser_parsed (p11_parser *parser) return parser->parsed; } +void +p11_parser_formats (p11_parser *parser, + ...) +{ + p11_array *formats; + parser_func func; + va_list va; + + formats = p11_array_new (NULL); + return_if_fail (formats != NULL); + + va_start (va, parser); + for (;;) { + func = va_arg (va, parser_func); + if (func == NULL) + break; + if (!p11_array_push (formats, func)) + return_if_reached (); + } + va_end (va); + + p11_array_free (parser->formats); + parser->formats = formats; +} + int p11_parse_memory (p11_parser *parser, const char *filename, @@ -706,18 +726,15 @@ p11_parse_memory (p11_parser *parser, return_val_if_fail (parser != NULL, P11_PARSE_FAILURE); return_val_if_fail (filename != NULL, P11_PARSE_FAILURE); + return_val_if_fail (parser->formats != NULL, P11_PARSE_FAILURE); p11_array_clear (parser->parsed); base = p11_path_base (filename); parser->basename = base; parser->flags = flags; - for (i = 0; all_parsers[i] != NULL; i++) { - ret = (all_parsers[i]) (parser, data, length); - - if (ret != P11_PARSE_UNRECOGNIZED) - break; - } + for (i = 0; ret == P11_PARSE_UNRECOGNIZED && i < parser->formats->num; i++) + ret = ((parser_func)parser->formats->elem[i]) (parser, data, length); p11_asn1_cache_flush (parser->asn1_cache); diff --git a/trust/parser.h b/trust/parser.h index f956fb9..59cc378 100644 --- a/trust/parser.h +++ b/trust/parser.h @@ -34,9 +34,8 @@ #include "asn1.h" #include "array.h" +#include "compat.h" #include "dict.h" -#include "index.h" -#include "pkcs11.h" #ifndef P11_PARSER_H_ #define P11_PARSER_H_ @@ -71,4 +70,19 @@ int p11_parse_file (p11_parser *parser, p11_array * p11_parser_parsed (p11_parser *parser); +void p11_parser_formats (p11_parser *parser, + ...) GNUC_NULL_TERMINATED; + +int p11_parser_format_persist (p11_parser *parser, + const unsigned char *data, + size_t length); + +int p11_parser_format_pem (p11_parser *parser, + const unsigned char *data, + size_t length); + +int p11_parser_format_x509 (p11_parser *parser, + const unsigned char *data, + size_t length); + #endif /* P11_PARSER_H_ */ diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c index f1813a3..33cdd48 100644 --- a/trust/tests/test-module.c +++ b/trust/tests/test-module.c @@ -160,6 +160,7 @@ setup_writable (void *unused) test.cache = p11_asn1_cache_new (); test.parser = p11_parser_new (test.cache); + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); } static void @@ -1108,6 +1109,7 @@ test_create_and_write (void) /* The expected file name */ path = p11_path_build (test.directory, "yay.p11-kit", NULL); + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); ret = p11_parse_file (test.parser, path, 0); assert_num_eq (ret, P11_PARSE_SUCCESS); free (path); diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c index c8cac03..09ec71c 100644 --- a/trust/tests/test-parser.c +++ b/trust/tests/test-parser.c @@ -117,6 +117,7 @@ test_parse_der_certificate (void) { CKA_INVALID }, }; + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -144,6 +145,7 @@ test_parse_pem_certificate (void) { CKA_INVALID }, }; + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -170,6 +172,7 @@ test_parse_p11_kit_persist (void) { CKA_INVALID }, }; + p11_parser_formats (test.parser, p11_parser_format_persist, NULL); ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -222,6 +225,7 @@ test_parse_openssl_trusted (void) int ret; int i; + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3-trusted.pem", P11_PARSE_FLAG_ANCHOR); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -305,6 +309,7 @@ test_parse_openssl_distrusted (void) * OpenSSL style is to litter the blacklist in with the anchors, * so we parse this as an anchor, but expect it to be blacklisted */ + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem", P11_PARSE_FLAG_ANCHOR); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -344,6 +349,7 @@ test_parse_anchor (void) CK_ATTRIBUTE *cert; int ret; + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_ANCHOR); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -373,6 +379,7 @@ test_parse_thawte (void) { CKA_INVALID }, }; + p11_parser_formats (test.parser, p11_parser_format_pem, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/thawte.pem", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_SUCCESS, ret); @@ -393,6 +400,7 @@ test_parse_invalid_file (void) p11_message_quiet (); + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); ret = p11_parse_file (test.parser, "/nonexistant", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_FAILURE, ret); @@ -407,6 +415,7 @@ test_parse_unrecognized (void) p11_message_quiet (); + p11_parser_formats (test.parser, p11_parser_format_x509, NULL); ret = p11_parse_file (test.parser, SRCDIR "/files/unrecognized-file.txt", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_UNRECOGNIZED, ret); @@ -423,6 +432,7 @@ test_parse_no_asn1_cache (void) parser = p11_parser_new (NULL); assert_ptr_not_null (parser); + p11_parser_formats (parser, p11_parser_format_x509, NULL); ret = p11_parse_file (parser, SRCDIR "/files/cacert3.der", P11_PARSE_FLAG_NONE); assert_num_eq (P11_PARSE_SUCCESS, ret); diff --git a/trust/token.c b/trust/token.c index e9bcf44..77ff739 100644 --- a/trust/token.c +++ b/trust/token.c @@ -637,6 +637,8 @@ p11_token_new (CK_SLOT_ID slot, token->parser = p11_parser_new (p11_builder_get_cache (token->builder)); return_val_if_fail (token->parser != NULL, NULL); + p11_parser_formats (token->parser, p11_parser_format_pem, + p11_parser_format_x509, p11_parser_format_persist, NULL); token->loaded = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free); return_val_if_fail (token->loaded != NULL, NULL); -- cgit v1.1