Changed memory management and attribute handling in PKCS#9 wrapper.
authorTobias Brunner <tobias@strongswan.org>
Fri, 11 May 2012 15:28:03 +0000 (17:28 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 11 Jun 2012 15:09:20 +0000 (17:09 +0200)
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/crypto/pkcs9.c
src/libstrongswan/crypto/pkcs9.h

index b8ee8ce..749e881 100644 (file)
@@ -355,7 +355,8 @@ end:
                {
                        chunk_t messageDigest;
 
-                       messageDigest = this->attributes->get_messageDigest(this->attributes);
+                       messageDigest = this->attributes->get_attribute(this->attributes,
+                                                                                                       OID_PKCS9_MESSAGE_DIGEST);
                        if (messageDigest.ptr == NULL)
                        {
                                DBG1(DBG_LIB, "messageDigest attribute not found");
@@ -374,7 +375,6 @@ end:
                                {
                                        DBG1(DBG_LIB, "hash algorithm %N not supported",
                                                 hash_algorithm_names, algorithm);
-                                       free(messageDigest.ptr);
                                        return FALSE;
                                }
                                hasher->allocate_hash(hasher, this->data, &hash);
@@ -382,7 +382,6 @@ end:
                                DBG3(DBG_LIB, "hash: %B", &hash);
 
                                valid = chunk_equals(messageDigest, hash);
-                               free(messageDigest.ptr);
                                free(hash.ptr);
                                if (valid)
                                {
@@ -841,7 +840,9 @@ METHOD(pkcs7_t, build_signedData, bool,
        {
                if (this->data.ptr != NULL)
                {
+                       chunk_t messageDigest, signingTime, attributes;
                        hasher_t *hasher;
+                       time_t now;
 
                        hasher = lib->crypto->create_hasher(lib->crypto, alg);
                        if (hasher == NULL)
@@ -850,26 +851,23 @@ METHOD(pkcs7_t, build_signedData, bool,
                                         hash_algorithm_names, alg);
                                return FALSE;
                        }
-
-                       /* take the current time as signingTime */
-                       time_t now = time(NULL);
-                       chunk_t signingTime = asn1_from_time(&now, ASN1_UTCTIME);
-
-                       chunk_t messageDigest, attributes;
-
                        hasher->allocate_hash(hasher, this->data, &messageDigest);
                        hasher->destroy(hasher);
                        this->attributes->set_attribute(this->attributes,
-                                                                       OID_PKCS9_CONTENT_TYPE,
-                                                                       asn1_build_known_oid(OID_PKCS7_DATA));
-                       this->attributes->set_messageDigest(this->attributes,
+                                                                       OID_PKCS9_MESSAGE_DIGEST,
                                                                        messageDigest);
-                       this->attributes->set_attribute(this->attributes,
+                       free(messageDigest.ptr);
+
+                       /* take the current time as signingTime */
+                       now = time(NULL);
+                       signingTime = asn1_from_time(&now, ASN1_UTCTIME);
+                       this->attributes->set_attribute_raw(this->attributes,
                                                                        OID_PKCS9_SIGNING_TIME, signingTime);
-                       attributes = this->attributes->get_encoding(this->attributes);
+                       this->attributes->set_attribute_raw(this->attributes,
+                                                                       OID_PKCS9_CONTENT_TYPE,
+                                                                       asn1_build_known_oid(OID_PKCS7_DATA));
 
-                       free(messageDigest.ptr);
-                       free(signingTime.ptr);
+                       attributes = this->attributes->get_encoding(this->attributes);
 
                        private_key->sign(private_key, scheme, attributes, &encryptedDigest);
                        authenticatedAttributes = chunk_clone(attributes);
index 63a6152..d24ab1b 100644 (file)
@@ -1,5 +1,6 @@
 /*
- * Copyright (C)2008 Andreas Steffen
+ * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -74,58 +75,6 @@ struct attribute_t {
 };
 
 /**
- * PKCS#9 attribute type OIDs
- */
-static chunk_t ASN1_contentType_oid = chunk_from_chars(
-       0x06, 0x09,
-                 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
-);
-static chunk_t ASN1_messageDigest_oid = chunk_from_chars(
-       0x06, 0x09,
-                 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
-);
-static chunk_t ASN1_signingTime_oid = chunk_from_chars(
-       0x06, 0x09,
-                 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x05
-);
-static chunk_t ASN1_messageType_oid = chunk_from_chars(
-       0x06, 0x0A,
-                 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02
-);
-static chunk_t ASN1_senderNonce_oid = chunk_from_chars(
-       0x06, 0x0A,
-                 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05
-);
-static chunk_t ASN1_transId_oid = chunk_from_chars(
-       0x06, 0x0A,
-                 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x07
-);
-
-/**
- * return the ASN.1 encoded OID of a PKCS#9 attribute
- */
-static chunk_t asn1_attributeIdentifier(int oid)
-{
-       switch (oid)
-       {
-               case OID_PKCS9_CONTENT_TYPE:
-                       return ASN1_contentType_oid;
-               case OID_PKCS9_MESSAGE_DIGEST:
-                       return ASN1_messageDigest_oid;
-               case OID_PKCS9_SIGNING_TIME:
-                       return ASN1_signingTime_oid;
-               case OID_PKI_MESSAGE_TYPE:
-                       return ASN1_messageType_oid;
-               case OID_PKI_SENDER_NONCE:
-                       return ASN1_senderNonce_oid;
-               case OID_PKI_TRANS_ID:
-                       return ASN1_transId_oid;;
-               default:
-                       return chunk_empty;
-       }
-}
-
-/**
  * return the ASN.1 encoding of a PKCS#9 attribute
  */
 static asn1_t asn1_attributeType(int oid)
@@ -188,8 +137,8 @@ static attribute_t *attribute_create(int oid, chunk_t value)
                .destroy = attribute_destroy,
                .oid = oid,
                .value = chunk_clone(value),
-               .encoding = asn1_wrap(ASN1_SEQUENCE, "cm",
-                                                       asn1_attributeIdentifier(oid),
+               .encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
+                                                       asn1_build_known_oid(oid),
                                                        asn1_simple_object(ASN1_SET, value)),
        );
 
@@ -263,43 +212,30 @@ METHOD(pkcs9_t, get_attribute, chunk_t,
                }
        }
        enumerator->destroy(enumerator);
+       if (value.ptr &&
+               !asn1_parse_simple_object(&value, asn1_attributeType(oid), 0,
+                                                                 oid_names[oid].name))
+       {
+               return chunk_empty;
+       }
        return value;
 }
 
-METHOD(pkcs9_t, set_attribute, void,
+METHOD(pkcs9_t, set_attribute_raw, void,
        private_pkcs9_t *this, int oid, chunk_t value)
 {
        attribute_t *attribute = attribute_create(oid, value);
 
-       this->attributes->insert_last(this->attributes, (void*)attribute);
-}
-
-METHOD(pkcs9_t, get_messageDigest, chunk_t,
-       private_pkcs9_t *this)
-{
-       const int oid = OID_PKCS9_MESSAGE_DIGEST;
-       chunk_t value = get_attribute(this, oid);
-
-       if (value.ptr == NULL)
-       {
-               return chunk_empty;
-       }
-       if (!asn1_parse_simple_object(&value, asn1_attributeType(oid), 0,
-                                                                 oid_names[oid].name))
-       {
-               return chunk_empty;
-       }
-       return chunk_clone(value);
+       this->attributes->insert_last(this->attributes, attribute);
+       chunk_free(&value);
 }
 
-METHOD(pkcs9_t, set_messageDigest, void,
-       private_pkcs9_t *this, chunk_t value)
+METHOD(pkcs9_t, set_attribute, void,
+       private_pkcs9_t *this, int oid, chunk_t value)
 {
-       const int oid = OID_PKCS9_MESSAGE_DIGEST;
-       chunk_t messageDigest = asn1_simple_object(asn1_attributeType(oid), value);
+       chunk_t attr = asn1_simple_object(asn1_attributeType(oid), value);
 
-       set_attribute(this, oid, messageDigest);
-       free(messageDigest.ptr);
+       set_attribute_raw(this, oid, attr);
 }
 
 METHOD(pkcs9_t, destroy, void,
@@ -323,8 +259,7 @@ static private_pkcs9_t *pkcs9_create_empty(void)
                        .get_encoding = _get_encoding,
                        .get_attribute = _get_attribute,
                        .set_attribute = _set_attribute,
-                       .get_messageDigest = _get_messageDigest,
-                       .set_messageDigest = _set_messageDigest,
+                       .set_attribute_raw = _set_attribute_raw,
                        .destroy = _destroy,
                },
                .attributes = linked_list_create(),
index 5b85692..c442d44 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2012 Tobias Brunner
  * Copyright (C) 2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil, Switzerland
  *
@@ -46,7 +47,7 @@ struct pkcs9_t {
         * Gets a PKCS#9 attribute
         *
         * @param oid                   OID of the attribute
-        * @return                              ASN.1 encoded value of the attribute
+        * @return                              value of the attribute (internal data)
         */
        chunk_t (*get_attribute) (pkcs9_t *this, int oid);
 
@@ -54,23 +55,17 @@ struct pkcs9_t {
         * Adds a PKCS#9 attribute
         *
         * @param oid                   OID of the attribute
-        * @param value                 ASN.1 encoded value of the attribute
+        * @param value                 value of the attribute (gets cloned)
         */
        void (*set_attribute) (pkcs9_t *this, int oid, chunk_t value);
 
        /**
-        * Gets a PKCS#9 messageDigest attribute
+        * Adds a ASN.1 encoded PKCS#9 attribute
         *
-        * @return                              messageDigest
-        */
-       chunk_t (*get_messageDigest) (pkcs9_t *this);
-
-       /**
-        * Add a PKCS#9 messageDigest attribute
-        *
-        * @param value                 messageDigest
+        * @param oid                   OID of the attribute
+        * @param value                 ASN.1 encoded value of the attribute (gets adopted)
         */
-       void (*set_messageDigest) (pkcs9_t *this, chunk_t value);
+       void (*set_attribute_raw) (pkcs9_t *this, int oid, chunk_t value);
 
        /**
         * Destroys the PKCS#9 attribute list.