Bug Summary

File:src/lib/libkeynote/signature.c
Warning:line 535, column 22
Potential leak of memory pointed to by 'ptr'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name signature.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libkeynote/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I . -I /usr/src/lib/libkeynote -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libkeynote/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/lib/libkeynote/signature.c
1/* $OpenBSD: signature.c,v 1.30 2022/11/30 10:40:23 bluhm Exp $ */
2/*
3 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
4 *
5 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
6 * in April-May 1998
7 *
8 * Copyright (C) 1998, 1999 by Angelos D. Keromytis.
9 *
10 * Permission to use, copy, and modify this software with or without fee
11 * is hereby granted, provided that this entire notice is included in
12 * all copies of any software which is or includes a copy or
13 * modification of this software.
14 *
15 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
17 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
18 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
19 * PURPOSE.
20 */
21
22/*
23 * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk>
24 * 3 May 1999
25 */
26
27#include <sys/types.h>
28
29#include <limits.h>
30#include <regex.h>
31#include <stdlib.h>
32#include <stdio.h>
33#include <string.h>
34
35#include <openssl/dsa.h>
36#include <openssl/md5.h>
37#include <openssl/pem.h>
38#include <openssl/rsa.h>
39#include <openssl/sha.h>
40#include <openssl/x509.h>
41
42#include "keynote.h"
43#include "assertion.h"
44#include "signature.h"
45
46static const char hextab[] = {
47 '0', '1', '2', '3', '4', '5', '6', '7',
48 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
49};
50
51/*
52 * Actual conversion to hex.
53 */
54static void
55bin2hex(unsigned char *data, unsigned char *buffer, int len)
56{
57 int off = 0;
58
59 while(len > 0)
60 {
61 buffer[off++] = hextab[*data >> 4];
62 buffer[off++] = hextab[*data & 0xF];
63 data++;
64 len--;
65 }
66}
67
68/*
69 * Encode a binary string with hex encoding. Return 0 on success.
70 */
71int
72kn_encode_hex(unsigned char *buf, char **dest, int len)
73{
74 keynote_errno = 0;
75 if (dest == NULL((void *)0))
76 {
77 keynote_errno = ERROR_SYNTAX-2;
78 return -1;
79 }
80
81 *dest = calloc(2 * len + 1, sizeof(char));
82 if (*dest == NULL((void *)0))
83 {
84 keynote_errno = ERROR_MEMORY-1;
85 return -1;
86 }
87
88 bin2hex(buf, *dest, len);
89 return 0;
90}
91
92/*
93 * Decode a hex encoding. Return 0 on success. The second argument
94 * will be half as large as the first.
95 */
96int
97kn_decode_hex(char *hex, char **dest)
98{
99 int i, decodedlen;
100 char ptr[3];
101
102 keynote_errno = 0;
103 if (dest
14.1
'dest' is not equal to NULL
 == NULL((void *)0))
15
Taking false branch
104 {
105 keynote_errno = ERROR_SYNTAX-2;
106 return -1;
107 }
108
109 if (strlen(hex) % 2) /* Should be even */
16
Assuming the condition is false
17
Taking false branch
110 {
111 keynote_errno = ERROR_SYNTAX-2;
112 return -1;
113 }
114
115 decodedlen = strlen(hex) / 2;
116 *dest = calloc(decodedlen, sizeof(char));
18
Memory is allocated
117 if (*dest == NULL((void *)0))
19
Assuming the condition is false
20
Taking false branch
118 {
119 keynote_errno = ERROR_MEMORY-1;
120 return -1;
121 }
122
123 ptr[2] = '\0';
124 for (i = 0; i
20.1
'i' is < 'decodedlen'
 < decodedlen; i++)
21
Loop condition is true. Entering loop body
22
Assuming 'i' is >= 'decodedlen'
23
Loop condition is false. Execution continues on line 131
125 {
126 ptr[0] = hex[2 * i];
127 ptr[1] = hex[(2 * i) + 1];
128 (*dest)[i] = (unsigned char) strtoul(ptr, NULL((void *)0), 16);
129 }
130
131 return 0;
132}
133
134void
135keynote_free_key(void *key, int type)
136{
137 if (key == NULL((void *)0))
138 return;
139
140 /* DSA keys */
141 if (type == KEYNOTE_ALGORITHM_DSA1)
142 {
143 DSA_free(key);
144 return;
145 }
146
147 /* RSA keys */
148 if (type == KEYNOTE_ALGORITHM_RSA6)
149 {
150 RSA_free(key);
151 return;
152 }
153
154 /* X509 keys */
155 if (type == KEYNOTE_ALGORITHM_X5095)
156 {
157 RSA_free(key); /* RSA-specific */
158 return;
159 }
160
161 /* BINARY keys */
162 if (type == KEYNOTE_ALGORITHM_BINARY4)
163 {
164 free(((struct keynote_binary *) key)->bn_key);
165 free(key);
166 return;
167 }
168
169 /* Catch-all case */
170 if (type == KEYNOTE_ALGORITHM_NONE0)
171 free(key);
172}
173
174/*
175 * Map a signature to an algorithm. Return algorithm number (defined in
176 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
177 * Also return in the second, third and fourth arguments the digest
178 * algorithm, ASCII and internal encodings respectively.
179 */
180static int
181keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal)
182{
183 if (sig == NULL((void *)0))
184 return KEYNOTE_ALGORITHM_NONE0;
185
186 if (!strncasecmp(SIG_DSA_SHA1_HEX"sig-dsa-sha1-hex:", sig, SIG_DSA_SHA1_HEX_LENstrlen("sig-dsa-sha1-hex:")))
187 {
188 *hash = KEYNOTE_HASH_SHA11;
189 *enc = ENCODING_HEX1;
190 *internal = INTERNAL_ENC_ASN12;
191 return KEYNOTE_ALGORITHM_DSA1;
192 }
193
194 if (!strncasecmp(SIG_DSA_SHA1_BASE64"sig-dsa-sha1-base64:", sig, SIG_DSA_SHA1_BASE64_LENstrlen("sig-dsa-sha1-base64:")))
195 {
196 *hash = KEYNOTE_HASH_SHA11;
197 *enc = ENCODING_BASE642;
198 *internal = INTERNAL_ENC_ASN12;
199 return KEYNOTE_ALGORITHM_DSA1;
200 }
201
202 if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX"sig-rsa-md5-hex:", sig, SIG_RSA_MD5_PKCS1_HEX_LENstrlen("sig-rsa-md5-hex:")))
203 {
204 *hash = KEYNOTE_HASH_MD52;
205 *enc = ENCODING_HEX1;
206 *internal = INTERNAL_ENC_PKCS11;
207 return KEYNOTE_ALGORITHM_RSA6;
208 }
209
210 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX"sig-rsa-sha1-hex:", sig, SIG_RSA_SHA1_PKCS1_HEX_LENstrlen("sig-rsa-sha1-hex:")))
211 {
212 *hash = KEYNOTE_HASH_SHA11;
213 *enc = ENCODING_HEX1;
214 *internal = INTERNAL_ENC_PKCS11;
215 return KEYNOTE_ALGORITHM_RSA6;
216 }
217
218 if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64"sig-rsa-md5-base64:", sig,
219 SIG_RSA_MD5_PKCS1_BASE64_LENstrlen("sig-rsa-md5-base64:")))
220 {
221 *hash = KEYNOTE_HASH_MD52;
222 *enc = ENCODING_BASE642;
223 *internal = INTERNAL_ENC_PKCS11;
224 return KEYNOTE_ALGORITHM_RSA6;
225 }
226
227 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64"sig-rsa-sha1-base64:", sig,
228 SIG_RSA_SHA1_PKCS1_BASE64_LENstrlen("sig-rsa-sha1-base64:")))
229 {
230 *hash = KEYNOTE_HASH_SHA11;
231 *enc = ENCODING_BASE642;
232 *internal = INTERNAL_ENC_PKCS11;
233 return KEYNOTE_ALGORITHM_RSA6;
234 }
235
236 if (!strncasecmp(SIG_X509_SHA1_BASE64"sig-x509-sha1-base64:", sig, SIG_X509_SHA1_BASE64_LENstrlen("sig-x509-sha1-base64:")))
237 {
238 *hash = KEYNOTE_HASH_SHA11;
239 *enc = ENCODING_BASE642;
240 *internal = INTERNAL_ENC_ASN12;
241 return KEYNOTE_ALGORITHM_X5095;
242 }
243
244 if (!strncasecmp(SIG_X509_SHA1_HEX"sig-x509-sha1-hex:", sig, SIG_X509_SHA1_HEX_LENstrlen("sig-x509-sha1-hex:")))
245 {
246 *hash = KEYNOTE_HASH_SHA11;
247 *enc = ENCODING_HEX1;
248 *internal = INTERNAL_ENC_ASN12;
249 return KEYNOTE_ALGORITHM_X5095;
250 }
251
252 *hash = KEYNOTE_HASH_NONE0;
253 *enc = ENCODING_NONE0;
254 *internal = INTERNAL_ENC_NONE0;
255 return KEYNOTE_ALGORITHM_NONE0;
256}
257
258/*
259 * Map a key to an algorithm. Return algorithm number (defined in
260 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
261 * This latter is also a valid algorithm (for logical tags). Also return
262 * in the second and third arguments the ASCII and internal encodings.
263 */
264int
265keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding)
266{
267 if (!strncasecmp(DSA_HEX"dsa-hex:", key, DSA_HEX_LENstrlen("dsa-hex:")))
268 {
269 *internalencoding = INTERNAL_ENC_ASN12;
270 *encoding = ENCODING_HEX1;
271 return KEYNOTE_ALGORITHM_DSA1;
272 }
273
274 if (!strncasecmp(DSA_BASE64"dsa-base64:", key, DSA_BASE64_LENstrlen("dsa-base64:")))
275 {
276 *internalencoding = INTERNAL_ENC_ASN12;
277 *encoding = ENCODING_BASE642;
278 return KEYNOTE_ALGORITHM_DSA1;
279 }
280
281 if (!strncasecmp(RSA_PKCS1_HEX"rsa-hex:", key, RSA_PKCS1_HEX_LENstrlen("rsa-hex:")))
282 {
283 *internalencoding = INTERNAL_ENC_PKCS11;
284 *encoding = ENCODING_HEX1;
285 return KEYNOTE_ALGORITHM_RSA6;
286 }
287
288 if (!strncasecmp(RSA_PKCS1_BASE64"rsa-base64:", key, RSA_PKCS1_BASE64_LENstrlen("rsa-base64:")))
289 {
290 *internalencoding = INTERNAL_ENC_PKCS11;
291 *encoding = ENCODING_BASE642;
292 return KEYNOTE_ALGORITHM_RSA6;
293 }
294
295 if (!strncasecmp(X509_BASE64"x509-base64:", key, X509_BASE64_LENstrlen("x509-base64:")))
296 {
297 *internalencoding = INTERNAL_ENC_ASN12;
298 *encoding = ENCODING_BASE642;
299 return KEYNOTE_ALGORITHM_X5095;
300 }
301
302 if (!strncasecmp(X509_HEX"x509-hex:", key, X509_HEX_LENstrlen("x509-hex:")))
303 {
304 *internalencoding = INTERNAL_ENC_ASN12;
305 *encoding = ENCODING_HEX1;
306 return KEYNOTE_ALGORITHM_X5095;
307 }
308
309 if (!strncasecmp(BINARY_HEX"binary-hex:", key, BINARY_HEX_LENstrlen("binary-hex:")))
310 {
311 *internalencoding = INTERNAL_ENC_NONE0;
312 *encoding = ENCODING_HEX1;
313 return KEYNOTE_ALGORITHM_BINARY4;
314 }
315
316 if (!strncasecmp(BINARY_BASE64"binary-base64:", key, BINARY_BASE64_LENstrlen("binary-base64:")))
317 {
318 *internalencoding = INTERNAL_ENC_NONE0;
319 *encoding = ENCODING_BASE642;
320 return KEYNOTE_ALGORITHM_BINARY4;
321 }
322
323 *internalencoding = INTERNAL_ENC_NONE0;
324 *encoding = ENCODING_NONE0;
325 return KEYNOTE_ALGORITHM_NONE0;
326}
327
328/*
329 * Same as keynote_get_key_algorithm(), only verify that this is
330 * a private key (just look at the prefix).
331 */
332static int
333keynote_get_private_key_algorithm(char *key, int *encoding,
334 int *internalencoding)
335{
336 if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX"private-", key,
337 KEYNOTE_PRIVATE_KEY_PREFIX_LENstrlen("private-")))
338 {
339 *internalencoding = INTERNAL_ENC_NONE0;
340 *encoding = ENCODING_NONE0;
341 return KEYNOTE_ALGORITHM_NONE0;
342 }
343
344 return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LENstrlen("private-"),
345 encoding, internalencoding);
346}
347
348/*
349 * Decode a string to a key. Return 0 on success.
350 */
351int
352kn_decode_key(struct keynote_deckey *dc, char *key, int keytype)
353{
354 X509 *px509Cert;
355 EVP_PKEY *pPublicKey;
356 unsigned char *ptr = NULL((void *)0), *decoded = NULL((void *)0);
357 int encoding, internalencoding;
358 long len = 0;
359
360 keynote_errno = 0;
361 if (keytype
10.1
'keytype' is equal to KEYNOTE_PRIVATE_KEY
 == KEYNOTE_PRIVATE_KEY1)
11
Taking true branch
362 dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding,
363 &internalencoding);
364 else
365 dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding,
366 &internalencoding);
367 if (dc->dec_algorithm
11.1
Field 'dec_algorithm' is not equal to KEYNOTE_ALGORITHM_NONE
 == KEYNOTE_ALGORITHM_NONE0)
12
Taking false branch
368 {
369 if ((dc->dec_key = strdup(key)) == NULL((void *)0)) {
370 keynote_errno = ERROR_MEMORY-1;
371 return -1;
372 }
373
374 return 0;
375 }
376
377 key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed
378 * to have a ':' character, since this is a key */
379 key++;
380
381 /* Remove ASCII encoding */
382 switch (encoding)
13
Control jumps to 'case 1:' at line 387
383 {
384 case ENCODING_NONE0:
385 break;
386
387 case ENCODING_HEX1:
388 len = strlen(key) / 2;
389 if (kn_decode_hex(key, (char **) &decoded) != 0)
14
Calling 'kn_decode_hex'
24
Returned allocated memory via 2nd parameter
25
Taking false branch
390 return -1;
391 ptr = decoded;
392 break;
26
 Execution continues on line 430
393
394 case ENCODING_BASE642:
395 len = strlen(key);
396 if (len % 4) /* Base64 encoding must be a multiple of 4 */
397 {
398 keynote_errno = ERROR_SYNTAX-2;
399 return -1;
400 }
401
402 len = 3 * (len / 4);
403 decoded = calloc(len, sizeof(unsigned char));
404 ptr = decoded;
405 if (decoded == NULL((void *)0)) {
406 keynote_errno = ERROR_MEMORY-1;
407 return -1;
408 }
409
410 if ((len = kn_decode_base64(key, decoded, len)) == -1)
411 return -1;
412 break;
413
414 case ENCODING_NATIVE3:
415 decoded = strdup(key);
416 if (decoded == NULL((void *)0)) {
417 keynote_errno = ERROR_MEMORY-1;
418 return -1;
419 }
420 len = strlen(key);
421 ptr = decoded;
422 break;
423
424 default:
425 keynote_errno = ERROR_SYNTAX-2;
426 return -1;
427 }
428
429 /* DSA-HEX */
430 if ((dc->dec_algorithm
26.1
Field 'dec_algorithm' is not equal to KEYNOTE_ALGORITHM_DSA
 == KEYNOTE_ALGORITHM_DSA1) &&
431 (internalencoding == INTERNAL_ENC_ASN12))
432 {
433 if (keytype == KEYNOTE_PRIVATE_KEY1)
434 {
435 if ((dc->dec_key =
436 d2i_DSAPrivateKey(NULL((void *)0), (const unsigned char **) &decoded, len))
437 == NULL((void *)0))
438 {
439 free(ptr);
440 keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */
441 return -1;
442 }
443 }
444 else
445 {
446 if ((dc->dec_key =
447 d2i_DSAPublicKey(NULL((void *)0), (const unsigned char **) &decoded, len))
448 == NULL((void *)0))
449 {
450 free(ptr);
451 keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */
452 return -1;
453 }
454 }
455
456 free(ptr);
457
458 return 0;
459 }
460
461 /* RSA-PKCS1-HEX */
462 if ((dc->dec_algorithm
26.2
Field 'dec_algorithm' is not equal to KEYNOTE_ALGORITHM_RSA
 == KEYNOTE_ALGORITHM_RSA6) &&
463 (internalencoding == INTERNAL_ENC_PKCS11))
464 {
465 if (keytype == KEYNOTE_PRIVATE_KEY1)
466 {
467 if ((dc->dec_key =
468 d2i_RSAPrivateKey(NULL((void *)0), (const unsigned char **) &decoded, len))
469 == NULL((void *)0))
470 {
471 free(ptr);
472 keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */
473 return -1;
474 }
475 if (RSA_blinding_on(dc->dec_key, NULL((void *)0)) != 1) {
476 free(ptr);
477 RSA_free(dc->dec_key);
478 keynote_errno = ERROR_MEMORY-1;
479 return -1;
480 }
481 }
482 else
483 {
484 if ((dc->dec_key =
485 d2i_RSAPublicKey(NULL((void *)0), (const unsigned char **) &decoded, len))
486 == NULL((void *)0))
487 {
488 free(ptr);
489 keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */
490 return -1;
491 }
492 }
493
494 free(ptr);
495
496 return 0;
497 }
498
499 /* X509 Cert */
500 if ((dc->dec_algorithm
26.3
Field 'dec_algorithm' is not equal to KEYNOTE_ALGORITHM_X509
 == KEYNOTE_ALGORITHM_X5095) &&
501 (internalencoding == INTERNAL_ENC_ASN12) &&
502 (keytype == KEYNOTE_PUBLIC_KEY0))
503 {
504 if((px509Cert =
505 d2i_X509(NULL((void *)0), (const unsigned char **)&decoded, len)) == NULL((void *)0))
506 {
507 free(ptr);
508 keynote_errno = ERROR_SYNTAX-2;
509 return -1;
510 }
511
512 if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL((void *)0)) {
513 free(ptr);
514 X509_free(px509Cert);
515 keynote_errno = ERROR_SYNTAX-2;
516 return -1;
517 }
518
519 /* RSA-specific */
520 dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey);
521 RSA_up_ref(dc->dec_key);
522
523 free(ptr);
524 X509_free(px509Cert);
525 return 0;
526 }
527
528 /* BINARY keys */
529 if ((dc->dec_algorithm
26.4
Field 'dec_algorithm' is equal to KEYNOTE_ALGORITHM_BINARY
 == KEYNOTE_ALGORITHM_BINARY4) &&
27
Taking true branch
530 (internalencoding
26.5
'internalencoding' is equal to INTERNAL_ENC_NONE
 == INTERNAL_ENC_NONE0))
531 {
532 dc->dec_key = calloc(1, sizeof(struct keynote_binary));
533 if (dc->dec_key == NULL((void *)0))
28
Assuming field 'dec_key' is equal to NULL
29
Taking true branch
534 {
535 keynote_errno = ERROR_MEMORY-1;
30
Potential leak of memory pointed to by 'ptr'
536 return -1;
537 }
538
539 ((struct keynote_binary *) dc->dec_key)->bn_key = decoded;
540 ((struct keynote_binary *) dc->dec_key)->bn_len = len;
541 return RESULT_TRUE1;
542 }
543
544 /* Add support for more algorithms here */
545
546 free(ptr);
547
548 /* This shouldn't ever be reached really */
549 keynote_errno = ERROR_SYNTAX-2;
550 return -1;
551}
552
553/*
554 * Compare two keys for equality. Return RESULT_TRUE if equal,
555 * RESULT_FALSE otherwise.
556 */
557int
558kn_keycompare(void *key1, void *key2, int algorithm)
559{
560 DSA *p1, *p2;
561 RSA *p3, *p4;
562 struct keynote_binary *bn1, *bn2;
563
564 if (key1 == NULL((void *)0) || key2 == NULL((void *)0))
565 return RESULT_FALSE0;
566
567 switch (algorithm)
568 {
569 case KEYNOTE_ALGORITHM_NONE0:
570 if (!strcmp(key1, key2))
571 return RESULT_TRUE1;
572 else
573 return RESULT_FALSE0;
574
575 case KEYNOTE_ALGORITHM_DSA1:
576 p1 = (DSA *) key1;
577 p2 = (DSA *) key2;
578 if (!BN_cmp(DSA_get0_p(p1), DSA_get0_p(p2)) &&
579 !BN_cmp(DSA_get0_q(p1), DSA_get0_q(p2)) &&
580 !BN_cmp(DSA_get0_g(p1), DSA_get0_g(p2)) &&
581 !BN_cmp(DSA_get0_pub_key(p1), DSA_get0_pub_key(p2)))
582 return RESULT_TRUE1;
583 else
584 return RESULT_FALSE0;
585
586 case KEYNOTE_ALGORITHM_X5095:
587 p3 = (RSA *) key1;
588 p4 = (RSA *) key2;
589 if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) &&
590 !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4)))
591 return RESULT_TRUE1;
592 else
593 return RESULT_FALSE0;
594
595 case KEYNOTE_ALGORITHM_RSA6:
596 p3 = (RSA *) key1;
597 p4 = (RSA *) key2;
598 if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) &&
599 !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4)))
600 return RESULT_TRUE1;
601 else
602 return RESULT_FALSE0;
603
604 case KEYNOTE_ALGORITHM_ELGAMAL2:
605 /* Not supported yet */
606 return RESULT_FALSE0;
607
608 case KEYNOTE_ALGORITHM_PGP3:
609 /* Not supported yet */
610 return RESULT_FALSE0;
611
612 case KEYNOTE_ALGORITHM_BINARY4:
613 bn1 = (struct keynote_binary *) key1;
614 bn2 = (struct keynote_binary *) key2;
615 if ((bn1->bn_len == bn2->bn_len) &&
616 !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len))
617 return RESULT_TRUE1;
618 else
619 return RESULT_FALSE0;
620
621 default:
622 return RESULT_FALSE0;
623 }
624}
625
626/*
627 * Verify the signature on an assertion; return SIGRESULT_TRUE is
628 * success, SIGRESULT_FALSE otherwise.
629 */
630int
631keynote_sigverify_assertion(struct assertion *as)
632{
633 int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE0, hashlen = 0;
634 unsigned char *sig, *decoded = NULL((void *)0), *ptr;
635 unsigned char res2[20];
636 SHA_CTX shscontext;
637 MD5_CTX md5context;
638 int len = 0;
639 DSA *dsa;
640 RSA *rsa;
641 if (as->as_signature == NULL((void *)0) ||
642 as->as_startofsignature == NULL((void *)0) ||
643 as->as_allbutsignature == NULL((void *)0) ||
644 as->as_allbutsignature - as->as_startofsignature <= 0)
645 return SIGRESULT_FALSE1;
646
647 alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc,
648 &intenc);
649 if (alg == KEYNOTE_ALGORITHM_NONE0)
650 return SIGRESULT_FALSE1;
651
652 /* Check for matching algorithms */
653 if ((alg != as->as_signeralgorithm) &&
654 !((alg == KEYNOTE_ALGORITHM_RSA6) &&
655 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X5095)) &&
656 !((alg == KEYNOTE_ALGORITHM_X5095) &&
657 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA6)))
658 return SIGRESULT_FALSE1;
659
660 sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We
661 * are guaranteed to have a ':'
662 * character, since this is a valid
663 * signature */
664 sig++;
665
666 switch (hashtype)
667 {
668 case KEYNOTE_HASH_SHA11:
669 hashlen = 20;
670 memset(res2, 0, hashlen);
671 SHA1_Init(&shscontext);
672 SHA1_Update(&shscontext, as->as_startofsignature,
673 as->as_allbutsignature - as->as_startofsignature);
674 SHA1_Update(&shscontext, as->as_signature,
675 (char *) sig - as->as_signature);
676 SHA1_Final(res2, &shscontext);
677 break;
678
679 case KEYNOTE_HASH_MD52:
680 hashlen = 16;
681 memset(res2, 0, hashlen);
682 MD5_Init(&md5context);
683 MD5_Update(&md5context, as->as_startofsignature,
684 as->as_allbutsignature - as->as_startofsignature);
685 MD5_Update(&md5context, as->as_signature,
686 (char *) sig - as->as_signature);
687 MD5_Final(res2, &md5context);
688 break;
689
690 case KEYNOTE_HASH_NONE0:
691 break;
692 }
693
694 /* Remove ASCII encoding */
695 switch (enc)
696 {
697 case ENCODING_NONE0:
698 ptr = NULL((void *)0);
699 break;
700
701 case ENCODING_HEX1:
702 len = strlen(sig) / 2;
703 if (kn_decode_hex(sig, (char **) &decoded) != 0)
704 return -1;
705 ptr = decoded;
706 break;
707
708 case ENCODING_BASE642:
709 len = strlen(sig);
710 if (len % 4) /* Base64 encoding must be a multiple of 4 */
711 {
712 keynote_errno = ERROR_SYNTAX-2;
713 return -1;
714 }
715
716 len = 3 * (len / 4);
717 decoded = calloc(len, sizeof(unsigned char));
718 ptr = decoded;
719 if (decoded == NULL((void *)0)) {
720 keynote_errno = ERROR_MEMORY-1;
721 return -1;
722 }
723
724 len = kn_decode_base64(sig, decoded, len);
725 if ((len == -1) || (len == 0) || (len == 1))
726 return -1;
727 break;
728
729 case ENCODING_NATIVE3:
730
731 if ((decoded = strdup(sig)) == NULL((void *)0)) {
732 keynote_errno = ERROR_MEMORY-1;
733 return -1;
734 }
735 len = strlen(sig);
736 ptr = decoded;
737 break;
738
739 default:
740 keynote_errno = ERROR_SYNTAX-2;
741 return -1;
742 }
743
744 /* DSA */
745 if ((alg == KEYNOTE_ALGORITHM_DSA1) && (intenc == INTERNAL_ENC_ASN12))
746 {
747 dsa = (DSA *) as->as_authorizer;
748 if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) {
749 free(ptr);
750 return SIGRESULT_TRUE2;
751 }
752 }
753 else /* RSA */
754 if ((alg == KEYNOTE_ALGORITHM_RSA6) && (intenc == INTERNAL_ENC_PKCS11))
755 {
756 rsa = (RSA *) as->as_authorizer;
757 if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING1, res2, hashlen,
758 decoded, len, rsa) == 1) {
759 free(ptr);
760 return SIGRESULT_TRUE2;
761 }
762 }
763 else
764 if ((alg == KEYNOTE_ALGORITHM_X5095) && (intenc == INTERNAL_ENC_ASN12))
765 {
766 /* RSA-specific */
767 rsa = (RSA *) as->as_authorizer;
768 if (RSA_verify(NID_shaWithRSAEncryption42, res2, hashlen, decoded,
769 len, rsa) == 1) {
770 free(ptr);
771 return SIGRESULT_TRUE2;
772 }
773 }
774
775 /* Handle more algorithms here */
776
777 free(ptr);
778
779 return SIGRESULT_FALSE1;
780}
781
782/*
783 * Sign an assertion.
784 */
785static char *
786keynote_sign_assertion(struct assertion *as, char *sigalg, void *key,
787 int keyalg, int verifyflag)
788{
789 int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc;
790 unsigned char *sig = NULL((void *)0), *finalbuf = NULL((void *)0);
791 unsigned char res2[LARGEST_HASH_SIZE20], *sbuf = NULL((void *)0);
792 BIO *biokey = NULL((void *)0);
793 DSA *dsa = NULL((void *)0);
794 RSA *rsa = NULL((void *)0);
795 SHA_CTX shscontext;
796 MD5_CTX md5context;
797 int len;
798
799 if (as->as_signature_string_s == NULL((void *)0) ||
800 as->as_startofsignature == NULL((void *)0) ||
801 as->as_allbutsignature == NULL((void *)0) ||
802 as->as_allbutsignature - as->as_startofsignature <= 0 ||
803 as->as_authorizer == NULL((void *)0) ||
804 key == NULL((void *)0) ||
805 as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE0)
806 {
807 keynote_errno = ERROR_SYNTAX-2;
808 return NULL((void *)0);
809 }
810
811 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
812 &internalenc);
813 if (((alg != as->as_signeralgorithm) &&
814 !((alg == KEYNOTE_ALGORITHM_RSA6) &&
815 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X5095)) &&
816 !((alg == KEYNOTE_ALGORITHM_X5095) &&
817 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA6))) ||
818 ((alg != keyalg) &&
819 !((alg == KEYNOTE_ALGORITHM_RSA6) &&
820 (keyalg == KEYNOTE_ALGORITHM_X5095)) &&
821 !((alg == KEYNOTE_ALGORITHM_X5095) &&
822 (keyalg == KEYNOTE_ALGORITHM_RSA6))))
823 {
824 keynote_errno = ERROR_SYNTAX-2;
825 return NULL((void *)0);
826 }
827
828 sig = strchr(sigalg, ':');
829 if (sig == NULL((void *)0))
830 {
831 keynote_errno = ERROR_SYNTAX-2;
832 return NULL((void *)0);
833 }
834
835 sig++;
836
837 switch (hashtype)
838 {
839 case KEYNOTE_HASH_SHA11:
840 hashlen = 20;
841 memset(res2, 0, hashlen);
842 SHA1_Init(&shscontext);
843 SHA1_Update(&shscontext, as->as_startofsignature,
844 as->as_allbutsignature - as->as_startofsignature);
845 SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg);
846 SHA1_Final(res2, &shscontext);
847 break;
848
849 case KEYNOTE_HASH_MD52:
850 hashlen = 16;
851 memset(res2, 0, hashlen);
852 MD5_Init(&md5context);
853 MD5_Update(&md5context, as->as_startofsignature,
854 as->as_allbutsignature - as->as_startofsignature);
855 MD5_Update(&md5context, sigalg, (char *) sig - sigalg);
856 MD5_Final(res2, &md5context);
857 break;
858
859 case KEYNOTE_HASH_NONE0:
860 break;
861 }
862
863 if ((alg == KEYNOTE_ALGORITHM_DSA1) &&
864 (hashtype == KEYNOTE_HASH_SHA11) &&
865 (internalenc == INTERNAL_ENC_ASN12) &&
866 ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642)))
867 {
868 dsa = (DSA *) key;
869 sbuf = calloc(DSA_size(dsa), sizeof(unsigned char));
870 if (sbuf == NULL((void *)0))
871 {
872 keynote_errno = ERROR_MEMORY-1;
873 return NULL((void *)0);
874 }
875
876 if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0)
877 {
878 free(sbuf);
879 keynote_errno = ERROR_SYNTAX-2;
880 return NULL((void *)0);
881 }
882 }
883 else
884 if ((alg == KEYNOTE_ALGORITHM_RSA6) &&
885 ((hashtype == KEYNOTE_HASH_SHA11) ||
886 (hashtype == KEYNOTE_HASH_MD52)) &&
887 (internalenc == INTERNAL_ENC_PKCS11) &&
888 ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642)))
889 {
890 rsa = (RSA *) key;
891 sbuf = calloc(RSA_size(rsa), sizeof(unsigned char));
892 if (sbuf == NULL((void *)0))
893 {
894 keynote_errno = ERROR_MEMORY-1;
895 return NULL((void *)0);
896 }
897
898 if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING1, res2, hashlen,
899 sbuf, &slen, rsa) <= 0)
900 {
901 free(sbuf);
902 keynote_errno = ERROR_SYNTAX-2;
903 return NULL((void *)0);
904 }
905 }
906 else
907 if ((alg == KEYNOTE_ALGORITHM_X5095) &&
908 (hashtype == KEYNOTE_HASH_SHA11) &&
909 (internalenc == INTERNAL_ENC_ASN12))
910 {
911 if ((biokey = BIO_new(BIO_s_mem())) == NULL((void *)0))
912 {
913 keynote_errno = ERROR_SYNTAX-2;
914 return NULL((void *)0);
915 }
916
917 if (BIO_write(biokey, key, strlen(key) + 1) <= 0)
918 {
919 BIO_free(biokey);
920 keynote_errno = ERROR_SYNTAX-2;
921 return NULL((void *)0);
922 }
923
924 /* RSA-specific */
925 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL((void *)0), NULL((void *)0), NULL((void *)0));
926 if (rsa == NULL((void *)0))
927 {
928 BIO_free(biokey);
929 keynote_errno = ERROR_SYNTAX-2;
930 return NULL((void *)0);
931 }
932
933 sbuf = calloc(RSA_size(rsa), sizeof(char));
934 if (sbuf == NULL((void *)0))
935 {
936 BIO_free(biokey);
937 RSA_free(rsa);
938 keynote_errno = ERROR_MEMORY-1;
939 return NULL((void *)0);
940 }
941
942 if (RSA_sign(NID_shaWithRSAEncryption42, res2, hashlen, sbuf, &slen,
943 rsa) <= 0)
944 {
945 BIO_free(biokey);
946 RSA_free(rsa);
947 free(sbuf);
948 keynote_errno = ERROR_SIGN_FAILURE-4;
949 return NULL((void *)0);
950 }
951
952 BIO_free(biokey);
953 RSA_free(rsa);
954 }
955 else /* Other algorithms here */
956 {
957 keynote_errno = ERROR_SYNTAX-2;
958 return NULL((void *)0);
959 }
960
961 /* ASCII encoding */
962 switch (encoding)
963 {
964 case ENCODING_HEX1:
965 i = kn_encode_hex(sbuf, (char **) &finalbuf, slen);
966 free(sbuf);
967 if (i != 0)
968 return NULL((void *)0);
969 break;
970
971 case ENCODING_BASE642:
972 finalbuf = calloc(2 * slen, sizeof(unsigned char));
973 if (finalbuf == NULL((void *)0))
974 {
975 keynote_errno = ERROR_MEMORY-1;
976 free(sbuf);
977 return NULL((void *)0);
978 }
979
980 slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen);
981 free(sbuf);
982 if (slen == -1) {
983 free(finalbuf);
984 return NULL((void *)0);
985 }
986 break;
987
988 default:
989 free(sbuf);
990 keynote_errno = ERROR_SYNTAX-2;
991 return NULL((void *)0);
992 }
993
994 /* Replace as->as_signature */
995 len = strlen(sigalg) + strlen(finalbuf) + 1;
996 as->as_signature = calloc(len, sizeof(char));
997 if (as->as_signature == NULL((void *)0))
998 {
999 free(finalbuf);
1000 keynote_errno = ERROR_MEMORY-1;
1001 return NULL((void *)0);
1002 }
1003
1004 /* Concatenate algorithm name and signature value */
1005 snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf);
1006 free(finalbuf);
1007 finalbuf = as->as_signature;
1008
1009 /* Verify the newly-created signature if requested */
1010 if (verifyflag)
1011 {
1012 /* Do the signature verification */
1013 if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE2)
1014 {
1015 as->as_signature = NULL((void *)0);
1016 free(finalbuf);
1017 if (keynote_errno == 0)
1018 keynote_errno = ERROR_SYNTAX-2;
1019 return NULL((void *)0);
1020 }
1021
1022 as->as_signature = NULL((void *)0);
1023 }
1024 else
1025 as->as_signature = NULL((void *)0);
1026
1027 /* Everything ok */
1028 return (char *) finalbuf;
1029}
1030
1031/*
1032 * Verify the signature on an assertion.
1033 */
1034int
1035kn_verify_assertion(char *buf, int len)
1036{
1037 struct assertion *as;
1038 int res;
1039
1040 keynote_errno = 0;
1041 as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER0x0004);
1042 if (as == NULL((void *)0))
1043 return -1;
1044
1045 res = keynote_sigverify_assertion(as);
1046 keynote_free_assertion(as);
1047 return res;
1048}
1049
1050/*
1051 * Produce the signature for an assertion.
1052 */
1053char *
1054kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag)
1055{
1056 int i, alg, hashtype, encoding, internalenc;
1057 struct keynote_deckey dc;
1058 struct assertion *as;
1059 char *s, *sig;
1060
1061 keynote_errno = 0;
1062 s = NULL((void *)0);
1063
1064 if (sigalg == NULL((void *)0) || buf == NULL((void *)0) || key == NULL((void *)0))
1
Assuming 'sigalg' is not equal to NULL
2
Assuming 'buf' is not equal to NULL
3
Assuming 'key' is not equal to NULL
1065 {
1066 keynote_errno = ERROR_NOTFOUND-3;
1067 return NULL((void *)0);
1068 }
1069
1070 if (sigalg[0] == '\0' || sigalg[strlen(sigalg) - 1] != ':')
4
Assuming the condition is false
5
Assuming the condition is false
6
Taking false branch
1071 {
1072 keynote_errno = ERROR_SYNTAX-2;
1073 return NULL((void *)0);
1074 }
1075
1076 /* We're using a different format for X509 private keys, so... */
1077 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
1078 &internalenc);
1079 if (alg
6.1
'alg' is not equal to KEYNOTE_ALGORITHM_X509
 != KEYNOTE_ALGORITHM_X5095)
7
Taking true branch
1080 {
1081 /* Parse the private key */
1082 s = keynote_get_private_key(key);
1083 if (s == NULL((void *)0))
8
Assuming 's' is not equal to NULL
9
Taking false branch
1084 return NULL((void *)0);
1085
1086 /* Decode private key */
1087 i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY1);
10
Calling 'kn_decode_key'
1088 if (i == -1)
1089 {
1090 free(s);
1091 return NULL((void *)0);
1092 }
1093 }
1094 else /* X509 private key */
1095 {
1096 dc.dec_key = key;
1097 dc.dec_algorithm = alg;
1098 }
1099
1100 as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN0x0002);
1101 if (as == NULL((void *)0))
1102 {
1103 if (alg != KEYNOTE_ALGORITHM_X5095)
1104 {
1105 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1106 free(s);
1107 }
1108 return NULL((void *)0);
1109 }
1110
1111 sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm,
1112 vflag);
1113 if (alg != KEYNOTE_ALGORITHM_X5095)
1114 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1115 keynote_free_assertion(as);
1116 if (s != NULL((void *)0))
1117 free(s);
1118 return sig;
1119}
1120
1121/*
1122 * ASCII-encode a key.
1123 */
1124char *
1125kn_encode_key(struct keynote_deckey *dc, int iencoding,
1126 int encoding, int keytype)
1127{
1128 char *foo, *ptr;
1129 DSA *dsa;
1130 RSA *rsa;
1131 int i;
1132 struct keynote_binary *bn;
1133 char *s;
1134
1135 keynote_errno = 0;
1136 if (dc == NULL((void *)0) || dc->dec_key == NULL((void *)0))
1137 {
1138 keynote_errno = ERROR_NOTFOUND-3;
1139 return NULL((void *)0);
1140 }
1141
1142 /* DSA keys */
1143 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA1) &&
1144 (iencoding == INTERNAL_ENC_ASN12) &&
1145 ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642)))
1146 {
1147 dsa = (DSA *) dc->dec_key;
1148 if (keytype == KEYNOTE_PUBLIC_KEY0)
1149 i = i2d_DSAPublicKey(dsa, NULL((void *)0));
1150 else
1151 i = i2d_DSAPrivateKey(dsa, NULL((void *)0));
1152
1153 if (i <= 0)
1154 {
1155 keynote_errno = ERROR_SYNTAX-2;
1156 return NULL((void *)0);
1157 }
1158
1159 ptr = foo = calloc(i, sizeof(char));
1160 if (foo == NULL((void *)0))
1161 {
1162 keynote_errno = ERROR_MEMORY-1;
1163 return NULL((void *)0);
1164 }
1165
1166 if (keytype == KEYNOTE_PUBLIC_KEY0)
1167 i2d_DSAPublicKey(dsa, (unsigned char **) &foo);
1168 else
1169 i2d_DSAPrivateKey(dsa, (unsigned char **) &foo);
1170
1171 if (encoding == ENCODING_HEX1)
1172 {
1173 if (kn_encode_hex(ptr, &s, i) != 0)
1174 {
1175 free(ptr);
1176 return NULL((void *)0);
1177 }
1178
1179 free(ptr);
1180 return s;
1181 }
1182 else
1183 if (encoding == ENCODING_BASE642)
1184 {
1185 s = calloc(2 * i, sizeof(char));
1186 if (s == NULL((void *)0))
1187 {
1188 free(ptr);
1189 keynote_errno = ERROR_MEMORY-1;
1190 return NULL((void *)0);
1191 }
1192
1193 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1194 {
1195 free(s);
1196 free(ptr);
1197 return NULL((void *)0);
1198 }
1199
1200 free(ptr);
1201 return s;
1202 }
1203 }
1204
1205 /* RSA keys */
1206 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA6) &&
1207 (iencoding == INTERNAL_ENC_PKCS11) &&
1208 ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642)))
1209 {
1210 rsa = (RSA *) dc->dec_key;
1211 if (keytype == KEYNOTE_PUBLIC_KEY0)
1212 i = i2d_RSAPublicKey(rsa, NULL((void *)0));
1213 else
1214 i = i2d_RSAPrivateKey(rsa, NULL((void *)0));
1215
1216 if (i <= 0)
1217 {
1218 keynote_errno = ERROR_SYNTAX-2;
1219 return NULL((void *)0);
1220 }
1221
1222 ptr = foo = calloc(i, sizeof(char));
1223 if (foo == NULL((void *)0))
1224 {
1225 keynote_errno = ERROR_MEMORY-1;
1226 return NULL((void *)0);
1227 }
1228
1229 if (keytype == KEYNOTE_PUBLIC_KEY0)
1230 i2d_RSAPublicKey(rsa, (unsigned char **) &foo);
1231 else
1232 i2d_RSAPrivateKey(rsa, (unsigned char **) &foo);
1233
1234 if (encoding == ENCODING_HEX1)
1235 {
1236 if (kn_encode_hex(ptr, &s, i) != 0)
1237 {
1238 free(ptr);
1239 return NULL((void *)0);
1240 }
1241
1242 free(ptr);
1243 return s;
1244 }
1245 else
1246 if (encoding == ENCODING_BASE642)
1247 {
1248 s = calloc(2 * i, sizeof(char));
1249 if (s == NULL((void *)0))
1250 {
1251 free(ptr);
1252 keynote_errno = ERROR_MEMORY-1;
1253 return NULL((void *)0);
1254 }
1255
1256 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1257 {
1258 free(s);
1259 free(ptr);
1260 return NULL((void *)0);
1261 }
1262
1263 free(ptr);
1264 return s;
1265 }
1266 }
1267
1268 /* BINARY keys */
1269 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY4) &&
1270 (iencoding == INTERNAL_ENC_NONE0) &&
1271 ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642)))
1272 {
1273 bn = (struct keynote_binary *) dc->dec_key;
1274
1275 if (encoding == ENCODING_HEX1)
1276 {
1277 if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0)
1278 return NULL((void *)0);
1279
1280 return s;
1281 }
1282 else
1283 if (encoding == ENCODING_BASE642)
1284 {
1285 s = calloc(2 * bn->bn_len, sizeof(char));
1286 if (s == NULL((void *)0))
1287 {
1288 keynote_errno = ERROR_MEMORY-1;
1289 return NULL((void *)0);
1290 }
1291
1292 if (kn_encode_base64(bn->bn_key, bn->bn_len, s,
1293 2 * bn->bn_len) == -1)
1294 {
1295 free(s);
1296 return NULL((void *)0);
1297 }
1298
1299 return s;
1300 }
1301 }
1302
1303 keynote_errno = ERROR_NOTFOUND-3;
1304 return NULL((void *)0);
1305}