clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name signature.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libkeynote/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I . -I /usr/src/lib/libkeynote -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libkeynote/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/lib/libkeynote/signature.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | #include <sys/types.h> |
28 | |
29 | #include <limits.h> |
30 | #include <regex.h> |
31 | #include <stdlib.h> |
32 | #include <stdio.h> |
33 | #include <string.h> |
34 | |
35 | #include <openssl/dsa.h> |
36 | #include <openssl/md5.h> |
37 | #include <openssl/pem.h> |
38 | #include <openssl/rsa.h> |
39 | #include <openssl/sha.h> |
40 | #include <openssl/x509.h> |
41 | |
42 | #include "keynote.h" |
43 | #include "assertion.h" |
44 | #include "signature.h" |
45 | |
46 | static const char hextab[] = { |
47 | '0', '1', '2', '3', '4', '5', '6', '7', |
48 | '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' |
49 | }; |
50 | |
51 | |
52 | |
53 | |
54 | static void |
55 | bin2hex(unsigned char *data, unsigned char *buffer, int len) |
56 | { |
57 | int off = 0; |
58 | |
59 | while(len > 0) |
60 | { |
61 | buffer[off++] = hextab[*data >> 4]; |
62 | buffer[off++] = hextab[*data & 0xF]; |
63 | data++; |
64 | len--; |
65 | } |
66 | } |
67 | |
68 | |
69 | |
70 | |
71 | int |
72 | kn_encode_hex(unsigned char *buf, char **dest, int len) |
73 | { |
74 | keynote_errno = 0; |
75 | if (dest == NULL) |
76 | { |
77 | keynote_errno = ERROR_SYNTAX; |
78 | return -1; |
79 | } |
80 | |
81 | *dest = calloc(2 * len + 1, sizeof(char)); |
82 | if (*dest == NULL) |
83 | { |
84 | keynote_errno = ERROR_MEMORY; |
85 | return -1; |
86 | } |
87 | |
88 | bin2hex(buf, *dest, len); |
89 | return 0; |
90 | } |
91 | |
92 | |
93 | |
94 | |
95 | |
96 | int |
97 | kn_decode_hex(char *hex, char **dest) |
98 | { |
99 | int i, decodedlen; |
100 | char ptr[3]; |
101 | |
102 | keynote_errno = 0; |
103 | if (dest == NULL) |
| |
104 | { |
105 | keynote_errno = ERROR_SYNTAX; |
106 | return -1; |
107 | } |
108 | |
109 | if (strlen(hex) % 2) |
| 16 | | Assuming the condition is false | |
|
| |
110 | { |
111 | keynote_errno = ERROR_SYNTAX; |
112 | return -1; |
113 | } |
114 | |
115 | decodedlen = strlen(hex) / 2; |
116 | *dest = calloc(decodedlen, sizeof(char)); |
| |
117 | if (*dest == NULL) |
| 19 | | Assuming the condition is false | |
|
| |
118 | { |
119 | keynote_errno = ERROR_MEMORY; |
120 | return -1; |
121 | } |
122 | |
123 | ptr[2] = '\0'; |
124 | for (i = 0; i < decodedlen; i++) |
| 21 | | Loop condition is true. Entering loop body | |
|
| 22 | | Assuming 'i' is >= 'decodedlen' | |
|
| 23 | | Loop condition is false. Execution continues on line 131 | |
|
125 | { |
126 | ptr[0] = hex[2 * i]; |
127 | ptr[1] = hex[(2 * i) + 1]; |
128 | (*dest)[i] = (unsigned char) strtoul(ptr, NULL, 16); |
129 | } |
130 | |
131 | return 0; |
132 | } |
133 | |
134 | void |
135 | keynote_free_key(void *key, int type) |
136 | { |
137 | if (key == NULL) |
138 | return; |
139 | |
140 | |
141 | if (type == KEYNOTE_ALGORITHM_DSA) |
142 | { |
143 | DSA_free(key); |
144 | return; |
145 | } |
146 | |
147 | |
148 | if (type == KEYNOTE_ALGORITHM_RSA) |
149 | { |
150 | RSA_free(key); |
151 | return; |
152 | } |
153 | |
154 | |
155 | if (type == KEYNOTE_ALGORITHM_X509) |
156 | { |
157 | RSA_free(key); |
158 | return; |
159 | } |
160 | |
161 | |
162 | if (type == KEYNOTE_ALGORITHM_BINARY) |
163 | { |
164 | free(((struct keynote_binary *) key)->bn_key); |
165 | free(key); |
166 | return; |
167 | } |
168 | |
169 | |
170 | if (type == KEYNOTE_ALGORITHM_NONE) |
171 | free(key); |
172 | } |
173 | |
174 | |
175 | |
176 | |
177 | |
178 | |
179 | |
180 | static int |
181 | keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal) |
182 | { |
183 | if (sig == NULL) |
184 | return KEYNOTE_ALGORITHM_NONE; |
185 | |
186 | if (!strncasecmp(SIG_DSA_SHA1_HEX, sig, SIG_DSA_SHA1_HEX_LEN)) |
187 | { |
188 | *hash = KEYNOTE_HASH_SHA1; |
189 | *enc = ENCODING_HEX; |
190 | *internal = INTERNAL_ENC_ASN1; |
191 | return KEYNOTE_ALGORITHM_DSA; |
192 | } |
193 | |
194 | if (!strncasecmp(SIG_DSA_SHA1_BASE64, sig, SIG_DSA_SHA1_BASE64_LEN)) |
195 | { |
196 | *hash = KEYNOTE_HASH_SHA1; |
197 | *enc = ENCODING_BASE64; |
198 | *internal = INTERNAL_ENC_ASN1; |
199 | return KEYNOTE_ALGORITHM_DSA; |
200 | } |
201 | |
202 | if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX, sig, SIG_RSA_MD5_PKCS1_HEX_LEN)) |
203 | { |
204 | *hash = KEYNOTE_HASH_MD5; |
205 | *enc = ENCODING_HEX; |
206 | *internal = INTERNAL_ENC_PKCS1; |
207 | return KEYNOTE_ALGORITHM_RSA; |
208 | } |
209 | |
210 | if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX, sig, SIG_RSA_SHA1_PKCS1_HEX_LEN)) |
211 | { |
212 | *hash = KEYNOTE_HASH_SHA1; |
213 | *enc = ENCODING_HEX; |
214 | *internal = INTERNAL_ENC_PKCS1; |
215 | return KEYNOTE_ALGORITHM_RSA; |
216 | } |
217 | |
218 | if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64, sig, |
219 | SIG_RSA_MD5_PKCS1_BASE64_LEN)) |
220 | { |
221 | *hash = KEYNOTE_HASH_MD5; |
222 | *enc = ENCODING_BASE64; |
223 | *internal = INTERNAL_ENC_PKCS1; |
224 | return KEYNOTE_ALGORITHM_RSA; |
225 | } |
226 | |
227 | if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64, sig, |
228 | SIG_RSA_SHA1_PKCS1_BASE64_LEN)) |
229 | { |
230 | *hash = KEYNOTE_HASH_SHA1; |
231 | *enc = ENCODING_BASE64; |
232 | *internal = INTERNAL_ENC_PKCS1; |
233 | return KEYNOTE_ALGORITHM_RSA; |
234 | } |
235 | |
236 | if (!strncasecmp(SIG_X509_SHA1_BASE64, sig, SIG_X509_SHA1_BASE64_LEN)) |
237 | { |
238 | *hash = KEYNOTE_HASH_SHA1; |
239 | *enc = ENCODING_BASE64; |
240 | *internal = INTERNAL_ENC_ASN1; |
241 | return KEYNOTE_ALGORITHM_X509; |
242 | } |
243 | |
244 | if (!strncasecmp(SIG_X509_SHA1_HEX, sig, SIG_X509_SHA1_HEX_LEN)) |
245 | { |
246 | *hash = KEYNOTE_HASH_SHA1; |
247 | *enc = ENCODING_HEX; |
248 | *internal = INTERNAL_ENC_ASN1; |
249 | return KEYNOTE_ALGORITHM_X509; |
250 | } |
251 | |
252 | *hash = KEYNOTE_HASH_NONE; |
253 | *enc = ENCODING_NONE; |
254 | *internal = INTERNAL_ENC_NONE; |
255 | return KEYNOTE_ALGORITHM_NONE; |
256 | } |
257 | |
258 | |
259 | |
260 | |
261 | |
262 | |
263 | |
264 | int |
265 | keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding) |
266 | { |
267 | if (!strncasecmp(DSA_HEX, key, DSA_HEX_LEN)) |
268 | { |
269 | *internalencoding = INTERNAL_ENC_ASN1; |
270 | *encoding = ENCODING_HEX; |
271 | return KEYNOTE_ALGORITHM_DSA; |
272 | } |
273 | |
274 | if (!strncasecmp(DSA_BASE64, key, DSA_BASE64_LEN)) |
275 | { |
276 | *internalencoding = INTERNAL_ENC_ASN1; |
277 | *encoding = ENCODING_BASE64; |
278 | return KEYNOTE_ALGORITHM_DSA; |
279 | } |
280 | |
281 | if (!strncasecmp(RSA_PKCS1_HEX, key, RSA_PKCS1_HEX_LEN)) |
282 | { |
283 | *internalencoding = INTERNAL_ENC_PKCS1; |
284 | *encoding = ENCODING_HEX; |
285 | return KEYNOTE_ALGORITHM_RSA; |
286 | } |
287 | |
288 | if (!strncasecmp(RSA_PKCS1_BASE64, key, RSA_PKCS1_BASE64_LEN)) |
289 | { |
290 | *internalencoding = INTERNAL_ENC_PKCS1; |
291 | *encoding = ENCODING_BASE64; |
292 | return KEYNOTE_ALGORITHM_RSA; |
293 | } |
294 | |
295 | if (!strncasecmp(X509_BASE64, key, X509_BASE64_LEN)) |
296 | { |
297 | *internalencoding = INTERNAL_ENC_ASN1; |
298 | *encoding = ENCODING_BASE64; |
299 | return KEYNOTE_ALGORITHM_X509; |
300 | } |
301 | |
302 | if (!strncasecmp(X509_HEX, key, X509_HEX_LEN)) |
303 | { |
304 | *internalencoding = INTERNAL_ENC_ASN1; |
305 | *encoding = ENCODING_HEX; |
306 | return KEYNOTE_ALGORITHM_X509; |
307 | } |
308 | |
309 | if (!strncasecmp(BINARY_HEX, key, BINARY_HEX_LEN)) |
310 | { |
311 | *internalencoding = INTERNAL_ENC_NONE; |
312 | *encoding = ENCODING_HEX; |
313 | return KEYNOTE_ALGORITHM_BINARY; |
314 | } |
315 | |
316 | if (!strncasecmp(BINARY_BASE64, key, BINARY_BASE64_LEN)) |
317 | { |
318 | *internalencoding = INTERNAL_ENC_NONE; |
319 | *encoding = ENCODING_BASE64; |
320 | return KEYNOTE_ALGORITHM_BINARY; |
321 | } |
322 | |
323 | *internalencoding = INTERNAL_ENC_NONE; |
324 | *encoding = ENCODING_NONE; |
325 | return KEYNOTE_ALGORITHM_NONE; |
326 | } |
327 | |
328 | |
329 | |
330 | |
331 | |
332 | static int |
333 | keynote_get_private_key_algorithm(char *key, int *encoding, |
334 | int *internalencoding) |
335 | { |
336 | if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX, key, |
337 | KEYNOTE_PRIVATE_KEY_PREFIX_LEN)) |
338 | { |
339 | *internalencoding = INTERNAL_ENC_NONE; |
340 | *encoding = ENCODING_NONE; |
341 | return KEYNOTE_ALGORITHM_NONE; |
342 | } |
343 | |
344 | return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LEN, |
345 | encoding, internalencoding); |
346 | } |
347 | |
348 | |
349 | |
350 | |
351 | int |
352 | kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) |
353 | { |
354 | X509 *px509Cert; |
355 | EVP_PKEY *pPublicKey; |
356 | unsigned char *ptr = NULL, *decoded = NULL; |
357 | int encoding, internalencoding; |
358 | long len = 0; |
359 | |
360 | keynote_errno = 0; |
361 | if (keytype == KEYNOTE_PRIVATE_KEY) |
| |
362 | dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding, |
363 | &internalencoding); |
364 | else |
365 | dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding, |
366 | &internalencoding); |
367 | if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE) |
| |
368 | { |
369 | if ((dc->dec_key = strdup(key)) == NULL) { |
370 | keynote_errno = ERROR_MEMORY; |
371 | return -1; |
372 | } |
373 | |
374 | return 0; |
375 | } |
376 | |
377 | key = strchr(key, ':'); |
378 | |
379 | key++; |
380 | |
381 | |
382 | switch (encoding) |
| 13 | | Control jumps to 'case 1:' at line 387 | |
|
383 | { |
384 | case ENCODING_NONE: |
385 | break; |
386 | |
387 | case ENCODING_HEX: |
388 | len = strlen(key) / 2; |
389 | if (kn_decode_hex(key, (char **) &decoded) != 0) |
| 14 | | Calling 'kn_decode_hex' | |
|
| 24 | | Returned allocated memory via 2nd parameter | |
|
| |
390 | return -1; |
391 | ptr = decoded; |
392 | break; |
| 26 | | Execution continues on line 430 | |
|
393 | |
394 | case ENCODING_BASE64: |
395 | len = strlen(key); |
396 | if (len % 4) |
397 | { |
398 | keynote_errno = ERROR_SYNTAX; |
399 | return -1; |
400 | } |
401 | |
402 | len = 3 * (len / 4); |
403 | decoded = calloc(len, sizeof(unsigned char)); |
404 | ptr = decoded; |
405 | if (decoded == NULL) { |
406 | keynote_errno = ERROR_MEMORY; |
407 | return -1; |
408 | } |
409 | |
410 | if ((len = kn_decode_base64(key, decoded, len)) == -1) |
411 | return -1; |
412 | break; |
413 | |
414 | case ENCODING_NATIVE: |
415 | decoded = strdup(key); |
416 | if (decoded == NULL) { |
417 | keynote_errno = ERROR_MEMORY; |
418 | return -1; |
419 | } |
420 | len = strlen(key); |
421 | ptr = decoded; |
422 | break; |
423 | |
424 | default: |
425 | keynote_errno = ERROR_SYNTAX; |
426 | return -1; |
427 | } |
428 | |
429 | |
430 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && |
431 | (internalencoding == INTERNAL_ENC_ASN1)) |
432 | { |
433 | if (keytype == KEYNOTE_PRIVATE_KEY) |
434 | { |
435 | if ((dc->dec_key = |
436 | d2i_DSAPrivateKey(NULL, (const unsigned char **) &decoded, len)) |
437 | == NULL) |
438 | { |
439 | free(ptr); |
440 | keynote_errno = ERROR_SYNTAX; |
441 | return -1; |
442 | } |
443 | } |
444 | else |
445 | { |
446 | if ((dc->dec_key = |
447 | d2i_DSAPublicKey(NULL, (const unsigned char **) &decoded, len)) |
448 | == NULL) |
449 | { |
450 | free(ptr); |
451 | keynote_errno = ERROR_SYNTAX; |
452 | return -1; |
453 | } |
454 | } |
455 | |
456 | free(ptr); |
457 | |
458 | return 0; |
459 | } |
460 | |
461 | |
462 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && |
463 | (internalencoding == INTERNAL_ENC_PKCS1)) |
464 | { |
465 | if (keytype == KEYNOTE_PRIVATE_KEY) |
466 | { |
467 | if ((dc->dec_key = |
468 | d2i_RSAPrivateKey(NULL, (const unsigned char **) &decoded, len)) |
469 | == NULL) |
470 | { |
471 | free(ptr); |
472 | keynote_errno = ERROR_SYNTAX; |
473 | return -1; |
474 | } |
475 | if (RSA_blinding_on(dc->dec_key, NULL) != 1) { |
476 | free(ptr); |
477 | RSA_free(dc->dec_key); |
478 | keynote_errno = ERROR_MEMORY; |
479 | return -1; |
480 | } |
481 | } |
482 | else |
483 | { |
484 | if ((dc->dec_key = |
485 | d2i_RSAPublicKey(NULL, (const unsigned char **) &decoded, len)) |
486 | == NULL) |
487 | { |
488 | free(ptr); |
489 | keynote_errno = ERROR_SYNTAX; |
490 | return -1; |
491 | } |
492 | } |
493 | |
494 | free(ptr); |
495 | |
496 | return 0; |
497 | } |
498 | |
499 | |
500 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) && |
501 | (internalencoding == INTERNAL_ENC_ASN1) && |
502 | (keytype == KEYNOTE_PUBLIC_KEY)) |
503 | { |
504 | if((px509Cert = |
505 | d2i_X509(NULL, (const unsigned char **)&decoded, len)) == NULL) |
506 | { |
507 | free(ptr); |
508 | keynote_errno = ERROR_SYNTAX; |
509 | return -1; |
510 | } |
511 | |
512 | if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL) { |
513 | free(ptr); |
514 | X509_free(px509Cert); |
515 | keynote_errno = ERROR_SYNTAX; |
516 | return -1; |
517 | } |
518 | |
519 | |
520 | dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey); |
521 | RSA_up_ref(dc->dec_key); |
522 | |
523 | free(ptr); |
524 | X509_free(px509Cert); |
525 | return 0; |
526 | } |
527 | |
528 | |
529 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && |
| |
530 | (internalencoding == INTERNAL_ENC_NONE)) |
531 | { |
532 | dc->dec_key = calloc(1, sizeof(struct keynote_binary)); |
533 | if (dc->dec_key == NULL) |
| 28 | | Assuming field 'dec_key' is equal to NULL | |
|
| |
534 | { |
535 | keynote_errno = ERROR_MEMORY; |
| 30 | | Potential leak of memory pointed to by 'ptr' |
|
536 | return -1; |
537 | } |
538 | |
539 | ((struct keynote_binary *) dc->dec_key)->bn_key = decoded; |
540 | ((struct keynote_binary *) dc->dec_key)->bn_len = len; |
541 | return RESULT_TRUE; |
542 | } |
543 | |
544 | |
545 | |
546 | free(ptr); |
547 | |
548 | |
549 | keynote_errno = ERROR_SYNTAX; |
550 | return -1; |
551 | } |
552 | |
553 | |
554 | |
555 | |
556 | |
557 | int |
558 | kn_keycompare(void *key1, void *key2, int algorithm) |
559 | { |
560 | DSA *p1, *p2; |
561 | RSA *p3, *p4; |
562 | struct keynote_binary *bn1, *bn2; |
563 | |
564 | if (key1 == NULL || key2 == NULL) |
565 | return RESULT_FALSE; |
566 | |
567 | switch (algorithm) |
568 | { |
569 | case KEYNOTE_ALGORITHM_NONE: |
570 | if (!strcmp(key1, key2)) |
571 | return RESULT_TRUE; |
572 | else |
573 | return RESULT_FALSE; |
574 | |
575 | case KEYNOTE_ALGORITHM_DSA: |
576 | p1 = (DSA *) key1; |
577 | p2 = (DSA *) key2; |
578 | if (!BN_cmp(DSA_get0_p(p1), DSA_get0_p(p2)) && |
579 | !BN_cmp(DSA_get0_q(p1), DSA_get0_q(p2)) && |
580 | !BN_cmp(DSA_get0_g(p1), DSA_get0_g(p2)) && |
581 | !BN_cmp(DSA_get0_pub_key(p1), DSA_get0_pub_key(p2))) |
582 | return RESULT_TRUE; |
583 | else |
584 | return RESULT_FALSE; |
585 | |
586 | case KEYNOTE_ALGORITHM_X509: |
587 | p3 = (RSA *) key1; |
588 | p4 = (RSA *) key2; |
589 | if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && |
590 | !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) |
591 | return RESULT_TRUE; |
592 | else |
593 | return RESULT_FALSE; |
594 | |
595 | case KEYNOTE_ALGORITHM_RSA: |
596 | p3 = (RSA *) key1; |
597 | p4 = (RSA *) key2; |
598 | if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && |
599 | !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) |
600 | return RESULT_TRUE; |
601 | else |
602 | return RESULT_FALSE; |
603 | |
604 | case KEYNOTE_ALGORITHM_ELGAMAL: |
605 | |
606 | return RESULT_FALSE; |
607 | |
608 | case KEYNOTE_ALGORITHM_PGP: |
609 | |
610 | return RESULT_FALSE; |
611 | |
612 | case KEYNOTE_ALGORITHM_BINARY: |
613 | bn1 = (struct keynote_binary *) key1; |
614 | bn2 = (struct keynote_binary *) key2; |
615 | if ((bn1->bn_len == bn2->bn_len) && |
616 | !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len)) |
617 | return RESULT_TRUE; |
618 | else |
619 | return RESULT_FALSE; |
620 | |
621 | default: |
622 | return RESULT_FALSE; |
623 | } |
624 | } |
625 | |
626 | |
627 | |
628 | |
629 | |
630 | int |
631 | keynote_sigverify_assertion(struct assertion *as) |
632 | { |
633 | int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0; |
634 | unsigned char *sig, *decoded = NULL, *ptr; |
635 | unsigned char res2[20]; |
636 | SHA_CTX shscontext; |
637 | MD5_CTX md5context; |
638 | int len = 0; |
639 | DSA *dsa; |
640 | RSA *rsa; |
641 | if (as->as_signature == NULL || |
642 | as->as_startofsignature == NULL || |
643 | as->as_allbutsignature == NULL || |
644 | as->as_allbutsignature - as->as_startofsignature <= 0) |
645 | return SIGRESULT_FALSE; |
646 | |
647 | alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc, |
648 | &intenc); |
649 | if (alg == KEYNOTE_ALGORITHM_NONE) |
650 | return SIGRESULT_FALSE; |
651 | |
652 | |
653 | if ((alg != as->as_signeralgorithm) && |
654 | !((alg == KEYNOTE_ALGORITHM_RSA) && |
655 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && |
656 | !((alg == KEYNOTE_ALGORITHM_X509) && |
657 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) |
658 | return SIGRESULT_FALSE; |
659 | |
660 | sig = strchr(as->as_signature, ':'); |
661 | |
662 | |
663 | |
664 | sig++; |
665 | |
666 | switch (hashtype) |
667 | { |
668 | case KEYNOTE_HASH_SHA1: |
669 | hashlen = 20; |
670 | memset(res2, 0, hashlen); |
671 | SHA1_Init(&shscontext); |
672 | SHA1_Update(&shscontext, as->as_startofsignature, |
673 | as->as_allbutsignature - as->as_startofsignature); |
674 | SHA1_Update(&shscontext, as->as_signature, |
675 | (char *) sig - as->as_signature); |
676 | SHA1_Final(res2, &shscontext); |
677 | break; |
678 | |
679 | case KEYNOTE_HASH_MD5: |
680 | hashlen = 16; |
681 | memset(res2, 0, hashlen); |
682 | MD5_Init(&md5context); |
683 | MD5_Update(&md5context, as->as_startofsignature, |
684 | as->as_allbutsignature - as->as_startofsignature); |
685 | MD5_Update(&md5context, as->as_signature, |
686 | (char *) sig - as->as_signature); |
687 | MD5_Final(res2, &md5context); |
688 | break; |
689 | |
690 | case KEYNOTE_HASH_NONE: |
691 | break; |
692 | } |
693 | |
694 | |
695 | switch (enc) |
696 | { |
697 | case ENCODING_NONE: |
698 | ptr = NULL; |
699 | break; |
700 | |
701 | case ENCODING_HEX: |
702 | len = strlen(sig) / 2; |
703 | if (kn_decode_hex(sig, (char **) &decoded) != 0) |
704 | return -1; |
705 | ptr = decoded; |
706 | break; |
707 | |
708 | case ENCODING_BASE64: |
709 | len = strlen(sig); |
710 | if (len % 4) |
711 | { |
712 | keynote_errno = ERROR_SYNTAX; |
713 | return -1; |
714 | } |
715 | |
716 | len = 3 * (len / 4); |
717 | decoded = calloc(len, sizeof(unsigned char)); |
718 | ptr = decoded; |
719 | if (decoded == NULL) { |
720 | keynote_errno = ERROR_MEMORY; |
721 | return -1; |
722 | } |
723 | |
724 | len = kn_decode_base64(sig, decoded, len); |
725 | if ((len == -1) || (len == 0) || (len == 1)) |
726 | return -1; |
727 | break; |
728 | |
729 | case ENCODING_NATIVE: |
730 | |
731 | if ((decoded = strdup(sig)) == NULL) { |
732 | keynote_errno = ERROR_MEMORY; |
733 | return -1; |
734 | } |
735 | len = strlen(sig); |
736 | ptr = decoded; |
737 | break; |
738 | |
739 | default: |
740 | keynote_errno = ERROR_SYNTAX; |
741 | return -1; |
742 | } |
743 | |
744 | |
745 | if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1)) |
746 | { |
747 | dsa = (DSA *) as->as_authorizer; |
748 | if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) { |
749 | free(ptr); |
750 | return SIGRESULT_TRUE; |
751 | } |
752 | } |
753 | else |
754 | if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1)) |
755 | { |
756 | rsa = (RSA *) as->as_authorizer; |
757 | if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, |
758 | decoded, len, rsa) == 1) { |
759 | free(ptr); |
760 | return SIGRESULT_TRUE; |
761 | } |
762 | } |
763 | else |
764 | if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1)) |
765 | { |
766 | |
767 | rsa = (RSA *) as->as_authorizer; |
768 | if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded, |
769 | len, rsa) == 1) { |
770 | free(ptr); |
771 | return SIGRESULT_TRUE; |
772 | } |
773 | } |
774 | |
775 | |
776 | |
777 | free(ptr); |
778 | |
779 | return SIGRESULT_FALSE; |
780 | } |
781 | |
782 | |
783 | |
784 | |
785 | static char * |
786 | keynote_sign_assertion(struct assertion *as, char *sigalg, void *key, |
787 | int keyalg, int verifyflag) |
788 | { |
789 | int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc; |
790 | unsigned char *sig = NULL, *finalbuf = NULL; |
791 | unsigned char res2[LARGEST_HASH_SIZE], *sbuf = NULL; |
792 | BIO *biokey = NULL; |
793 | DSA *dsa = NULL; |
794 | RSA *rsa = NULL; |
795 | SHA_CTX shscontext; |
796 | MD5_CTX md5context; |
797 | int len; |
798 | |
799 | if (as->as_signature_string_s == NULL || |
800 | as->as_startofsignature == NULL || |
801 | as->as_allbutsignature == NULL || |
802 | as->as_allbutsignature - as->as_startofsignature <= 0 || |
803 | as->as_authorizer == NULL || |
804 | key == NULL || |
805 | as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE) |
806 | { |
807 | keynote_errno = ERROR_SYNTAX; |
808 | return NULL; |
809 | } |
810 | |
811 | alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, |
812 | &internalenc); |
813 | if (((alg != as->as_signeralgorithm) && |
814 | !((alg == KEYNOTE_ALGORITHM_RSA) && |
815 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && |
816 | !((alg == KEYNOTE_ALGORITHM_X509) && |
817 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) || |
818 | ((alg != keyalg) && |
819 | !((alg == KEYNOTE_ALGORITHM_RSA) && |
820 | (keyalg == KEYNOTE_ALGORITHM_X509)) && |
821 | !((alg == KEYNOTE_ALGORITHM_X509) && |
822 | (keyalg == KEYNOTE_ALGORITHM_RSA)))) |
823 | { |
824 | keynote_errno = ERROR_SYNTAX; |
825 | return NULL; |
826 | } |
827 | |
828 | sig = strchr(sigalg, ':'); |
829 | if (sig == NULL) |
830 | { |
831 | keynote_errno = ERROR_SYNTAX; |
832 | return NULL; |
833 | } |
834 | |
835 | sig++; |
836 | |
837 | switch (hashtype) |
838 | { |
839 | case KEYNOTE_HASH_SHA1: |
840 | hashlen = 20; |
841 | memset(res2, 0, hashlen); |
842 | SHA1_Init(&shscontext); |
843 | SHA1_Update(&shscontext, as->as_startofsignature, |
844 | as->as_allbutsignature - as->as_startofsignature); |
845 | SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg); |
846 | SHA1_Final(res2, &shscontext); |
847 | break; |
848 | |
849 | case KEYNOTE_HASH_MD5: |
850 | hashlen = 16; |
851 | memset(res2, 0, hashlen); |
852 | MD5_Init(&md5context); |
853 | MD5_Update(&md5context, as->as_startofsignature, |
854 | as->as_allbutsignature - as->as_startofsignature); |
855 | MD5_Update(&md5context, sigalg, (char *) sig - sigalg); |
856 | MD5_Final(res2, &md5context); |
857 | break; |
858 | |
859 | case KEYNOTE_HASH_NONE: |
860 | break; |
861 | } |
862 | |
863 | if ((alg == KEYNOTE_ALGORITHM_DSA) && |
864 | (hashtype == KEYNOTE_HASH_SHA1) && |
865 | (internalenc == INTERNAL_ENC_ASN1) && |
866 | ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) |
867 | { |
868 | dsa = (DSA *) key; |
869 | sbuf = calloc(DSA_size(dsa), sizeof(unsigned char)); |
870 | if (sbuf == NULL) |
871 | { |
872 | keynote_errno = ERROR_MEMORY; |
873 | return NULL; |
874 | } |
875 | |
876 | if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0) |
877 | { |
878 | free(sbuf); |
879 | keynote_errno = ERROR_SYNTAX; |
880 | return NULL; |
881 | } |
882 | } |
883 | else |
884 | if ((alg == KEYNOTE_ALGORITHM_RSA) && |
885 | ((hashtype == KEYNOTE_HASH_SHA1) || |
886 | (hashtype == KEYNOTE_HASH_MD5)) && |
887 | (internalenc == INTERNAL_ENC_PKCS1) && |
888 | ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) |
889 | { |
890 | rsa = (RSA *) key; |
891 | sbuf = calloc(RSA_size(rsa), sizeof(unsigned char)); |
892 | if (sbuf == NULL) |
893 | { |
894 | keynote_errno = ERROR_MEMORY; |
895 | return NULL; |
896 | } |
897 | |
898 | if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, |
899 | sbuf, &slen, rsa) <= 0) |
900 | { |
901 | free(sbuf); |
902 | keynote_errno = ERROR_SYNTAX; |
903 | return NULL; |
904 | } |
905 | } |
906 | else |
907 | if ((alg == KEYNOTE_ALGORITHM_X509) && |
908 | (hashtype == KEYNOTE_HASH_SHA1) && |
909 | (internalenc == INTERNAL_ENC_ASN1)) |
910 | { |
911 | if ((biokey = BIO_new(BIO_s_mem())) == NULL) |
912 | { |
913 | keynote_errno = ERROR_SYNTAX; |
914 | return NULL; |
915 | } |
916 | |
917 | if (BIO_write(biokey, key, strlen(key) + 1) <= 0) |
918 | { |
919 | BIO_free(biokey); |
920 | keynote_errno = ERROR_SYNTAX; |
921 | return NULL; |
922 | } |
923 | |
924 | |
925 | rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL); |
926 | if (rsa == NULL) |
927 | { |
928 | BIO_free(biokey); |
929 | keynote_errno = ERROR_SYNTAX; |
930 | return NULL; |
931 | } |
932 | |
933 | sbuf = calloc(RSA_size(rsa), sizeof(char)); |
934 | if (sbuf == NULL) |
935 | { |
936 | BIO_free(biokey); |
937 | RSA_free(rsa); |
938 | keynote_errno = ERROR_MEMORY; |
939 | return NULL; |
940 | } |
941 | |
942 | if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen, |
943 | rsa) <= 0) |
944 | { |
945 | BIO_free(biokey); |
946 | RSA_free(rsa); |
947 | free(sbuf); |
948 | keynote_errno = ERROR_SIGN_FAILURE; |
949 | return NULL; |
950 | } |
951 | |
952 | BIO_free(biokey); |
953 | RSA_free(rsa); |
954 | } |
955 | else |
956 | { |
957 | keynote_errno = ERROR_SYNTAX; |
958 | return NULL; |
959 | } |
960 | |
961 | |
962 | switch (encoding) |
963 | { |
964 | case ENCODING_HEX: |
965 | i = kn_encode_hex(sbuf, (char **) &finalbuf, slen); |
966 | free(sbuf); |
967 | if (i != 0) |
968 | return NULL; |
969 | break; |
970 | |
971 | case ENCODING_BASE64: |
972 | finalbuf = calloc(2 * slen, sizeof(unsigned char)); |
973 | if (finalbuf == NULL) |
974 | { |
975 | keynote_errno = ERROR_MEMORY; |
976 | free(sbuf); |
977 | return NULL; |
978 | } |
979 | |
980 | slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen); |
981 | free(sbuf); |
982 | if (slen == -1) { |
983 | free(finalbuf); |
984 | return NULL; |
985 | } |
986 | break; |
987 | |
988 | default: |
989 | free(sbuf); |
990 | keynote_errno = ERROR_SYNTAX; |
991 | return NULL; |
992 | } |
993 | |
994 | |
995 | len = strlen(sigalg) + strlen(finalbuf) + 1; |
996 | as->as_signature = calloc(len, sizeof(char)); |
997 | if (as->as_signature == NULL) |
998 | { |
999 | free(finalbuf); |
1000 | keynote_errno = ERROR_MEMORY; |
1001 | return NULL; |
1002 | } |
1003 | |
1004 | |
1005 | snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf); |
1006 | free(finalbuf); |
1007 | finalbuf = as->as_signature; |
1008 | |
1009 | |
1010 | if (verifyflag) |
1011 | { |
1012 | |
1013 | if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE) |
1014 | { |
1015 | as->as_signature = NULL; |
1016 | free(finalbuf); |
1017 | if (keynote_errno == 0) |
1018 | keynote_errno = ERROR_SYNTAX; |
1019 | return NULL; |
1020 | } |
1021 | |
1022 | as->as_signature = NULL; |
1023 | } |
1024 | else |
1025 | as->as_signature = NULL; |
1026 | |
1027 | |
1028 | return (char *) finalbuf; |
1029 | } |
1030 | |
1031 | |
1032 | |
1033 | |
1034 | int |
1035 | kn_verify_assertion(char *buf, int len) |
1036 | { |
1037 | struct assertion *as; |
1038 | int res; |
1039 | |
1040 | keynote_errno = 0; |
1041 | as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER); |
1042 | if (as == NULL) |
1043 | return -1; |
1044 | |
1045 | res = keynote_sigverify_assertion(as); |
1046 | keynote_free_assertion(as); |
1047 | return res; |
1048 | } |
1049 | |
1050 | |
1051 | |
1052 | |
1053 | char * |
1054 | kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag) |
1055 | { |
1056 | int i, alg, hashtype, encoding, internalenc; |
1057 | struct keynote_deckey dc; |
1058 | struct assertion *as; |
1059 | char *s, *sig; |
1060 | |
1061 | keynote_errno = 0; |
1062 | s = NULL; |
1063 | |
1064 | if (sigalg == NULL || buf == NULL || key == NULL) |
| 1 | Assuming 'sigalg' is not equal to NULL | |
|
| 2 | | Assuming 'buf' is not equal to NULL | |
|
| 3 | | Assuming 'key' is not equal to NULL | |
|
1065 | { |
1066 | keynote_errno = ERROR_NOTFOUND; |
1067 | return NULL; |
1068 | } |
1069 | |
1070 | if (sigalg[0] == '\0' || sigalg[strlen(sigalg) - 1] != ':') |
| 4 | | Assuming the condition is false | |
|
| 5 | | Assuming the condition is false | |
|
| |
1071 | { |
1072 | keynote_errno = ERROR_SYNTAX; |
1073 | return NULL; |
1074 | } |
1075 | |
1076 | |
1077 | alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, |
1078 | &internalenc); |
1079 | if (alg != KEYNOTE_ALGORITHM_X509) |
| |
1080 | { |
1081 | |
1082 | s = keynote_get_private_key(key); |
1083 | if (s == NULL) |
| 8 | | Assuming 's' is not equal to NULL | |
|
| |
1084 | return NULL; |
1085 | |
1086 | |
1087 | i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY); |
| 10 | | Calling 'kn_decode_key' | |
|
1088 | if (i == -1) |
1089 | { |
1090 | free(s); |
1091 | return NULL; |
1092 | } |
1093 | } |
1094 | else |
1095 | { |
1096 | dc.dec_key = key; |
1097 | dc.dec_algorithm = alg; |
1098 | } |
1099 | |
1100 | as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN); |
1101 | if (as == NULL) |
1102 | { |
1103 | if (alg != KEYNOTE_ALGORITHM_X509) |
1104 | { |
1105 | keynote_free_key(dc.dec_key, dc.dec_algorithm); |
1106 | free(s); |
1107 | } |
1108 | return NULL; |
1109 | } |
1110 | |
1111 | sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm, |
1112 | vflag); |
1113 | if (alg != KEYNOTE_ALGORITHM_X509) |
1114 | keynote_free_key(dc.dec_key, dc.dec_algorithm); |
1115 | keynote_free_assertion(as); |
1116 | if (s != NULL) |
1117 | free(s); |
1118 | return sig; |
1119 | } |
1120 | |
1121 | |
1122 | |
1123 | |
1124 | char * |
1125 | kn_encode_key(struct keynote_deckey *dc, int iencoding, |
1126 | int encoding, int keytype) |
1127 | { |
1128 | char *foo, *ptr; |
1129 | DSA *dsa; |
1130 | RSA *rsa; |
1131 | int i; |
1132 | struct keynote_binary *bn; |
1133 | char *s; |
1134 | |
1135 | keynote_errno = 0; |
1136 | if (dc == NULL || dc->dec_key == NULL) |
1137 | { |
1138 | keynote_errno = ERROR_NOTFOUND; |
1139 | return NULL; |
1140 | } |
1141 | |
1142 | |
1143 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && |
1144 | (iencoding == INTERNAL_ENC_ASN1) && |
1145 | ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) |
1146 | { |
1147 | dsa = (DSA *) dc->dec_key; |
1148 | if (keytype == KEYNOTE_PUBLIC_KEY) |
1149 | i = i2d_DSAPublicKey(dsa, NULL); |
1150 | else |
1151 | i = i2d_DSAPrivateKey(dsa, NULL); |
1152 | |
1153 | if (i <= 0) |
1154 | { |
1155 | keynote_errno = ERROR_SYNTAX; |
1156 | return NULL; |
1157 | } |
1158 | |
1159 | ptr = foo = calloc(i, sizeof(char)); |
1160 | if (foo == NULL) |
1161 | { |
1162 | keynote_errno = ERROR_MEMORY; |
1163 | return NULL; |
1164 | } |
1165 | |
1166 | if (keytype == KEYNOTE_PUBLIC_KEY) |
1167 | i2d_DSAPublicKey(dsa, (unsigned char **) &foo); |
1168 | else |
1169 | i2d_DSAPrivateKey(dsa, (unsigned char **) &foo); |
1170 | |
1171 | if (encoding == ENCODING_HEX) |
1172 | { |
1173 | if (kn_encode_hex(ptr, &s, i) != 0) |
1174 | { |
1175 | free(ptr); |
1176 | return NULL; |
1177 | } |
1178 | |
1179 | free(ptr); |
1180 | return s; |
1181 | } |
1182 | else |
1183 | if (encoding == ENCODING_BASE64) |
1184 | { |
1185 | s = calloc(2 * i, sizeof(char)); |
1186 | if (s == NULL) |
1187 | { |
1188 | free(ptr); |
1189 | keynote_errno = ERROR_MEMORY; |
1190 | return NULL; |
1191 | } |
1192 | |
1193 | if (kn_encode_base64(ptr, i, s, 2 * i) == -1) |
1194 | { |
1195 | free(s); |
1196 | free(ptr); |
1197 | return NULL; |
1198 | } |
1199 | |
1200 | free(ptr); |
1201 | return s; |
1202 | } |
1203 | } |
1204 | |
1205 | |
1206 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && |
1207 | (iencoding == INTERNAL_ENC_PKCS1) && |
1208 | ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) |
1209 | { |
1210 | rsa = (RSA *) dc->dec_key; |
1211 | if (keytype == KEYNOTE_PUBLIC_KEY) |
1212 | i = i2d_RSAPublicKey(rsa, NULL); |
1213 | else |
1214 | i = i2d_RSAPrivateKey(rsa, NULL); |
1215 | |
1216 | if (i <= 0) |
1217 | { |
1218 | keynote_errno = ERROR_SYNTAX; |
1219 | return NULL; |
1220 | } |
1221 | |
1222 | ptr = foo = calloc(i, sizeof(char)); |
1223 | if (foo == NULL) |
1224 | { |
1225 | keynote_errno = ERROR_MEMORY; |
1226 | return NULL; |
1227 | } |
1228 | |
1229 | if (keytype == KEYNOTE_PUBLIC_KEY) |
1230 | i2d_RSAPublicKey(rsa, (unsigned char **) &foo); |
1231 | else |
1232 | i2d_RSAPrivateKey(rsa, (unsigned char **) &foo); |
1233 | |
1234 | if (encoding == ENCODING_HEX) |
1235 | { |
1236 | if (kn_encode_hex(ptr, &s, i) != 0) |
1237 | { |
1238 | free(ptr); |
1239 | return NULL; |
1240 | } |
1241 | |
1242 | free(ptr); |
1243 | return s; |
1244 | } |
1245 | else |
1246 | if (encoding == ENCODING_BASE64) |
1247 | { |
1248 | s = calloc(2 * i, sizeof(char)); |
1249 | if (s == NULL) |
1250 | { |
1251 | free(ptr); |
1252 | keynote_errno = ERROR_MEMORY; |
1253 | return NULL; |
1254 | } |
1255 | |
1256 | if (kn_encode_base64(ptr, i, s, 2 * i) == -1) |
1257 | { |
1258 | free(s); |
1259 | free(ptr); |
1260 | return NULL; |
1261 | } |
1262 | |
1263 | free(ptr); |
1264 | return s; |
1265 | } |
1266 | } |
1267 | |
1268 | |
1269 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && |
1270 | (iencoding == INTERNAL_ENC_NONE) && |
1271 | ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) |
1272 | { |
1273 | bn = (struct keynote_binary *) dc->dec_key; |
1274 | |
1275 | if (encoding == ENCODING_HEX) |
1276 | { |
1277 | if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0) |
1278 | return NULL; |
1279 | |
1280 | return s; |
1281 | } |
1282 | else |
1283 | if (encoding == ENCODING_BASE64) |
1284 | { |
1285 | s = calloc(2 * bn->bn_len, sizeof(char)); |
1286 | if (s == NULL) |
1287 | { |
1288 | keynote_errno = ERROR_MEMORY; |
1289 | return NULL; |
1290 | } |
1291 | |
1292 | if (kn_encode_base64(bn->bn_key, bn->bn_len, s, |
1293 | 2 * bn->bn_len) == -1) |
1294 | { |
1295 | free(s); |
1296 | return NULL; |
1297 | } |
1298 | |
1299 | return s; |
1300 | } |
1301 | } |
1302 | |
1303 | keynote_errno = ERROR_NOTFOUND; |
1304 | return NULL; |
1305 | } |