[PATCH] pem: ensure we dont side-effect type_label
by James Prestwood
In pem_load_buffer, l_base64_decode could fail. If it does we were
still keeping type_label set. Instead use a temporary variable to
hold the label, and only set if l_base64_decode succeeds. Otherwise
free the temp label and return NULL.
---
ell/pem.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/ell/pem.c b/ell/pem.c
index 9da2071..c6481ef 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -198,13 +198,23 @@ static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
{
size_t base64_len;
const char *base64;
+ char *label;
+ uint8_t *ret;
- base64 = pem_next(buf, buf_len, type_label, &base64_len,
+ base64 = pem_next(buf, buf_len, &label, &base64_len,
NULL, false);
if (!base64)
return NULL;
- return l_base64_decode(base64, base64_len, len);
+ ret = l_base64_decode(base64, base64_len, len);
+ if (ret) {
+ *type_label = label;
+ return ret;
+ }
+
+ l_free(label);
+
+ return NULL;
}
LIB_EXPORT uint8_t *l_pem_load_buffer(const void *buf, size_t buf_len,
--
2.17.1
2 years, 10 months
[PATCH v10 1/4] pem: make endp setting smarter
by James Prestwood
Always doing eol + 1 could result in endp pointing past the bounds
of the PEM if the PEM does not have a final newline. Now we check
that we aren't going past the bounds of the buffer before setting
endp, and if we are just set endp to eol.
---
ell/pem.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/ell/pem.c b/ell/pem.c
index d8f57ed..9da2071 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -164,8 +164,12 @@ const char *pem_next(const void *buf, size_t buf_len, char **type_label,
if (base64_len)
*base64_len = buf_ptr - base64_data;
- if (endp)
- *endp = eol + 1;
+ if (endp) {
+ if (eol == buf + buf_len)
+ *endp = eol;
+ else
+ *endp = eol + 1;
+ }
return base64_data;
}
--
2.17.1
2 years, 10 months
[PATCH v8 1/4] pem: remove endp increment past eol
by James Prestwood
Doing this could result in endp pointing past the bounds of the PEM
if the PEM does not have a final newline. In terms of calculating
the PEM length based off endp, we do want to take the byte into
account, but potentially returning an invalid pointer on 'success'
is not a great way to do this. It is now left up to the caller to
bounds check and increment endp themselves for calculating the
length or finding the next PEM.
The existing PEM parsers will also handle this newline if endp is
used directly (without incrementing) when parsing the next PEM in
a list, so removing the + 1 has no effect on other code in pem.c.
---
ell/pem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ell/pem.c b/ell/pem.c
index d8f57ed..3fa91cd 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -165,7 +165,7 @@ const char *pem_next(const void *buf, size_t buf_len, char **type_label,
*base64_len = buf_ptr - base64_data;
if (endp)
- *endp = eol + 1;
+ *endp = eol;
return base64_data;
}
--
2.17.1
2 years, 10 months
[PATCH v9 1/4] pem: make endp setting smarter
by James Prestwood
Always doing eol + 1 could result in endp pointing past the bounds
of the PEM if the PEM does not have a final newline. Now we check
that we aren't going past the bounds of the buffer before setting
endp, and if we are just set endp to eol.
---
ell/pem.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/ell/pem.c b/ell/pem.c
index d8f57ed..9da2071 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -164,8 +164,12 @@ const char *pem_next(const void *buf, size_t buf_len, char **type_label,
if (base64_len)
*base64_len = buf_ptr - base64_data;
- if (endp)
- *endp = eol + 1;
+ if (endp) {
+ if (eol == buf + buf_len)
+ *endp = eol;
+ else
+ *endp = eol + 1;
+ }
return base64_data;
}
--
2.17.1
2 years, 10 months
[PATCH v7 1/2] settings: introduce extended groups concept
by James Prestwood
This patch introduces a new extended format for settings files. This new
format allows raw data to be provided under a given group rather than
key/value pairs. A group using an extended format will contain both the
extended type and group name in the format, for example:
[@[email protected]]
Where 'pem' is the type and 'certificate' is the name. The type of
format requires an extension specific parser implementation in settings
as the parser must know when to start/stop parsing data. This allows for
any textual characters to be present after the group is declared,
including special characters like [] (its completely up to the parser to
decide whats valid and what is not).
Three new l_settings APIs were added:
l_settings_has_embedded_group
l_settings_get_embedded_groups
l_settings_get_embedded_value
In this patch, the 'pem' extension type is also introduced, and for now
is the only extended type. The pem extended type expects a base64 encoded
PEM (or list of PEMs) after the group. The pem parser will stop after the
last PEM is found. Examples can be found in unit/test-settings.c
---
ell/ell.sym | 3 +
ell/settings.c | 258 ++++++++++++++++++++++++++++++++++++++++++++++++-
ell/settings.h | 7 ++
3 files changed, 265 insertions(+), 3 deletions(-)
diff --git a/ell/ell.sym b/ell/ell.sym
index e02f0fe..32d94f5 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -425,6 +425,9 @@ global:
l_settings_set_float;
l_settings_remove_group;
l_settings_remove_key;
+ l_settings_has_embedded_group;
+ l_settings_get_embedded_groups;
+ l_settings_get_embedded_value;
/* signal */
l_signal_create;
l_signal_remove;
diff --git a/ell/settings.c b/ell/settings.c
index 98f0cfd..c1b766e 100644
--- a/ell/settings.c
+++ b/ell/settings.c
@@ -48,12 +48,20 @@
#include "settings.h"
#include "private.h"
#include "missing.h"
+#include "pem-private.h"
struct setting_data {
char *key;
char *value;
};
+struct embedded_group_data {
+ char *name;
+ char type[32];
+ size_t len;
+ char data[0];
+};
+
struct group_data {
char *name;
struct l_queue *settings;
@@ -64,6 +72,7 @@ struct l_settings {
l_settings_destroy_cb_t debug_destroy;
void *debug_data;
struct l_queue *groups;
+ struct l_queue *embedded_groups;
};
static void setting_destroy(void *data)
@@ -86,12 +95,21 @@ static void group_destroy(void *data)
l_free(group);
}
+static void embedded_group_destroy(void *data)
+{
+ struct embedded_group_data *group = data;
+
+ l_free(group->name);
+ l_free(group);
+}
+
LIB_EXPORT struct l_settings *l_settings_new(void)
{
struct l_settings *settings;
settings = l_new(struct l_settings, 1);
settings->groups = l_queue_new();
+ settings->embedded_groups = l_queue_new();
return settings;
}
@@ -105,6 +123,7 @@ LIB_EXPORT void l_settings_free(struct l_settings *settings)
settings->debug_destroy(settings->debug_data);
l_queue_destroy(settings->groups, group_destroy);
+ l_queue_destroy(settings->embedded_groups, embedded_group_destroy);
l_free(settings);
}
@@ -222,6 +241,140 @@ static char *escape_value(const char *value)
return ret;
}
+static ssize_t parse_pem(const char *data, size_t len)
+{
+ const char *ptr;
+ const char *end;
+ size_t count = 0;
+
+ ptr = data;
+ end = data + len;
+
+ while (ptr && ptr < end) {
+ const char *pem_start = ptr;
+
+ if (!pem_next(ptr, len, NULL, NULL, &ptr, true)) {
+ if (ptr)
+ return -EINVAL;
+
+ break;
+ }
+
+ len -= ptr - pem_start;
+ count += ptr - pem_start;
+ }
+
+ return count;
+}
+
+struct group_extension {
+ char *name;
+ ssize_t (*parse)(const char *data, size_t len);
+};
+
+static const struct group_extension pem_extension = {
+ .name = "pem",
+ .parse = parse_pem,
+};
+
+static const struct group_extension *extensions[] = {
+ &pem_extension,
+ NULL
+};
+
+static const struct group_extension *find_group_extension(const char *type,
+ size_t len)
+{
+ unsigned int i;
+
+ for (i = 0; extensions[i]; i++) {
+ if (!strncmp(type, extensions[i]->name, len))
+ return extensions[i];
+ }
+
+ return NULL;
+}
+
+static ssize_t parse_embedded_group(struct l_settings *setting,
+ const char *data,
+ size_t line_len, size_t len,
+ size_t line)
+{
+ struct embedded_group_data *group;
+ const struct group_extension *ext;
+ const char *ptr;
+ const char *type;
+ size_t type_len;
+ const char *name;
+ size_t name_len;
+ ssize_t bytes;
+
+ /* Must be at least [@[email protected]] */
+ if (line_len < 6)
+ goto invalid_group;
+
+ /* caller checked data[1] == '@', next char is type */
+ type = data + 2;
+
+ ptr = memchr(type, '@', line_len - 2);
+
+ type_len = ptr - type;
+
+ if (!ptr || type_len > 31 || type_len < 1)
+ goto invalid_group;
+
+ if (ptr + 1 > data + line_len)
+ goto invalid_group;
+
+ name = ptr + 1;
+
+ /* subtract [@@ + type */
+ ptr = memchr(name, ']', line_len - 3 - type_len);
+
+ name_len = ptr - name;
+
+ if (!ptr || name_len < 1)
+ goto invalid_group;
+
+ ext = find_group_extension(type, type_len);
+ if (!ext)
+ goto invalid_group;
+
+ if (ptr + 2 > data + len) {
+ l_util_debug(setting->debug_handler, setting->debug_data,
+ "Embedded group had no payload");
+ return -EINVAL;
+ }
+
+ bytes = ext->parse(ptr + 2, len - line_len);
+ if (bytes < 0) {
+ l_util_debug(setting->debug_handler, setting->debug_data,
+ "Failed to parse embedded group data");
+ return -EINVAL;
+ }
+
+ group = l_malloc(sizeof(struct embedded_group_data) + bytes + 1);
+
+ group->name = l_strndup(name, name_len);
+
+ memcpy(group->type, type, type_len);
+ group->type[type_len] = '\0';
+
+ group->len = bytes;
+ memcpy(group->data, ptr + 2, bytes);
+ group->data[bytes] = '\0';
+
+ l_queue_push_tail(setting->embedded_groups, group);
+
+ return bytes;
+
+invalid_group:
+ l_util_debug(setting->debug_handler, setting->debug_data,
+ "Invalid embedded group at line %zd", line);
+
+ return -EINVAL;
+}
+
static bool parse_group(struct l_settings *settings, const char *data,
size_t len, size_t line)
{
@@ -404,7 +557,21 @@ LIB_EXPORT bool l_settings_load_from_data(struct l_settings *settings,
line_len = eol - data - pos;
- if (data[pos] == '[') {
+ if (line_len > 1 && data[pos] == '[' && data[pos + 1] == '@') {
+ ssize_t ret;
+
+ ret = parse_embedded_group(settings, data + pos,
+ line_len, len - pos,
+ line);
+ if (ret < 0)
+ return false;
+
+ /*
+ * This is the offset for the actual raw data, the
+ * group line will be offset below
+ */
+ pos += ret;
+ } else if (data[pos] == '[') {
r = parse_group(settings, data + pos, line_len, line);
if (r)
has_group = true;
@@ -437,11 +604,12 @@ LIB_EXPORT char *l_settings_to_data(const struct l_settings *settings,
group_entry = l_queue_get_entries(settings->groups);
while (group_entry) {
struct group_data *group = group_entry->data;
- const struct l_queue_entry *setting_entry =
- l_queue_get_entries(group->settings);
+ const struct l_queue_entry *setting_entry;
l_string_append_printf(buf, "[%s]\n", group->name);
+ setting_entry = l_queue_get_entries(group->settings);
+
while (setting_entry) {
struct setting_data *setting = setting_entry->data;
@@ -456,6 +624,21 @@ LIB_EXPORT char *l_settings_to_data(const struct l_settings *settings,
group_entry = group_entry->next;
}
+ group_entry = l_queue_get_entries(settings->embedded_groups);
+
+ while (group_entry) {
+ struct embedded_group_data *group = group_entry->data;
+
+ l_string_append_printf(buf, "\n[@%[email protected]%s]\n%s",
+ group->type,
+ group->name,
+ group->data);
+ if (group_entry->next)
+ l_string_append_c(buf, '\n');
+
+ group_entry = group_entry->next;
+ }
+
ret = l_string_unwrap(buf);
if (len)
@@ -1176,3 +1359,72 @@ LIB_EXPORT bool l_settings_remove_key(struct l_settings *settings,
return true;
}
+
+static void gather_embedded_groups(void *data, void *user_data)
+{
+ struct embedded_group_data *group_data = data;
+ struct gather_data *gather = user_data;
+
+ gather->v[gather->cur++] = l_strdup(group_data->name);
+}
+
+LIB_EXPORT char **l_settings_get_embedded_groups(struct l_settings *settings)
+{
+ char **ret;
+ struct gather_data gather;
+
+ if (unlikely(!settings))
+ return NULL;
+
+ ret = l_new(char *, l_queue_length(settings->groups) + 1);
+ gather.v = ret;
+ gather.cur = 0;
+
+ l_queue_foreach(settings->embedded_groups, gather_embedded_groups,
+ &gather);
+
+ return ret;
+}
+
+static bool embedded_group_match(const void *a, const void *b)
+{
+ const struct embedded_group_data *group = a;
+ const char *name = b;
+
+ return !strcmp(group->name, name);
+}
+
+LIB_EXPORT bool l_settings_has_embedded_group(struct l_settings *settings,
+ const char *group)
+{
+ struct embedded_group_data *group_data;
+
+ if (unlikely(!settings))
+ return false;
+
+ group_data = l_queue_find(settings->embedded_groups,
+ embedded_group_match, group);
+
+ return group_data != NULL;
+}
+
+LIB_EXPORT const char *l_settings_get_embedded_value(
+ struct l_settings *settings,
+ const char *group_name,
+ const char **out_type)
+{
+ struct embedded_group_data *group;
+
+ if (unlikely(!settings))
+ return false;
+
+ group = l_queue_find(settings->embedded_groups,
+ embedded_group_match, group_name);
+ if (!group)
+ return NULL;
+
+ if (out_type)
+ *out_type = group->type;
+
+ return group->data;
+}
diff --git a/ell/settings.h b/ell/settings.h
index 0da9f55..e4203af 100644
--- a/ell/settings.h
+++ b/ell/settings.h
@@ -123,6 +123,13 @@ bool l_settings_remove_key(struct l_settings *settings, const char *group_name,
const char *key);
bool l_settings_remove_group(struct l_settings *settings,
const char *group_name);
+
+char **l_settings_get_embedded_groups(struct l_settings *settings);
+bool l_settings_has_embedded_group(struct l_settings *settings,
+ const char *group);
+const char *l_settings_get_embedded_value(struct l_settings *settings,
+ const char *group_name,
+ const char **out_type);
#ifdef __cplusplus
}
#endif
--
2.17.1
2 years, 10 months
[PATCH v6 1/2] settings: introduce extended groups concept
by James Prestwood
This patch introduces a new extended format for settings files. This new
format allows raw data to be provided under a given group rather than
key/value pairs. A group using an extended format will contain both the
extended type and group name in the format, for example:
[@[email protected]]
Where 'pem' is the type and 'certificate' is the name. The type of
format requires an extension specific parser implementation in settings
as the parser must know when to start/stop parsing data. This allows for
any textual characters to be present after the group is declared,
including special characters like [] (its completely up to the parser to
decide whats valid and what is not).
Three new l_settings APIs were added:
l_settings_has_embedded_group
l_settings_get_embedded_groups
l_settings_get_embedded_value
In this patch, the 'pem' extension type is also introduced, and for now
is the only extended type. The pem extended type expects a base64 encoded
PEM (or list of PEMs) after the group. The pem parser will stop after the
last PEM is found. Examples can be found in unit/test-settings.c
---
ell/ell.sym | 3 +
ell/settings.c | 252 ++++++++++++++++++++++++++++++++++++++++++++++++-
ell/settings.h | 7 ++
3 files changed, 259 insertions(+), 3 deletions(-)
-v6:
* cleaned up parse_embedded_group:
- Used memchr rather than a manual loop.
- Added some bounds checking
- Keep track of type/name and their lengths to avoid double memcpy
or allocation.
- Store embedded_group_data in its own queue
- Removed strv_append
* One byproduct of storing the embedded data separately is that the
settings order will NOT be maintained when reading/writing to disk.
When writing to disk embedded groups will come last regardless of
the order they were found originally.
* I did not split up parse_embedded_groups into separate functions.
See what you think; I can always do this but I dont think the parsing
code now is *that* bad. String parsing in C is hard to make look
pretty.
diff --git a/ell/ell.sym b/ell/ell.sym
index e02f0fe..32d94f5 100644
--- a/ell/ell.sym
+++ b/ell/ell.sym
@@ -425,6 +425,9 @@ global:
l_settings_set_float;
l_settings_remove_group;
l_settings_remove_key;
+ l_settings_has_embedded_group;
+ l_settings_get_embedded_groups;
+ l_settings_get_embedded_value;
/* signal */
l_signal_create;
l_signal_remove;
diff --git a/ell/settings.c b/ell/settings.c
index 98f0cfd..a722d30 100644
--- a/ell/settings.c
+++ b/ell/settings.c
@@ -48,12 +48,20 @@
#include "settings.h"
#include "private.h"
#include "missing.h"
+#include "pem-private.h"
struct setting_data {
char *key;
char *value;
};
+struct embedded_group_data {
+ char *name;
+ char type[32];
+ size_t len;
+ char data[0];
+};
+
struct group_data {
char *name;
struct l_queue *settings;
@@ -64,6 +72,7 @@ struct l_settings {
l_settings_destroy_cb_t debug_destroy;
void *debug_data;
struct l_queue *groups;
+ struct l_queue *embedded_groups;
};
static void setting_destroy(void *data)
@@ -86,12 +95,21 @@ static void group_destroy(void *data)
l_free(group);
}
+static void embedded_group_destroy(void *data)
+{
+ struct embedded_group_data *group = data;
+
+ l_free(group->name);
+ l_free(group);
+}
+
LIB_EXPORT struct l_settings *l_settings_new(void)
{
struct l_settings *settings;
settings = l_new(struct l_settings, 1);
settings->groups = l_queue_new();
+ settings->embedded_groups = l_queue_new();
return settings;
}
@@ -105,6 +123,7 @@ LIB_EXPORT void l_settings_free(struct l_settings *settings)
settings->debug_destroy(settings->debug_data);
l_queue_destroy(settings->groups, group_destroy);
+ l_queue_destroy(settings->embedded_groups, embedded_group_destroy);
l_free(settings);
}
@@ -222,6 +241,134 @@ static char *escape_value(const char *value)
return ret;
}
+static ssize_t parse_pem(const char *data, size_t len)
+{
+ const char *ptr;
+ const char *end;
+ size_t count = 0;
+
+ ptr = data;
+ end = data + len;
+
+ while (ptr && ptr < end) {
+ const char *pem_start = ptr;
+
+ if (!pem_next(ptr, len, NULL, NULL, &ptr, true)) {
+ if (ptr)
+ return -EINVAL;
+
+ break;
+ }
+
+ len -= ptr - pem_start;
+ count += ptr - pem_start;
+ }
+
+ return count;
+}
+
+struct group_extension {
+ char *name;
+ ssize_t (*parse)(const char *data, size_t len);
+};
+
+static struct group_extension pem_extension = {
+ .name = "pem",
+ .parse = parse_pem,
+};
+
+struct group_extension *extensions[] = {
+ &pem_extension,
+ NULL
+};
+
+static struct group_extension *find_group_extension(const char *type,
+ size_t len)
+{
+ unsigned int i;
+
+ for (i = 0; extensions[i]; i++) {
+ if (!strncmp(type, extensions[i]->name, len))
+ return extensions[i];
+ }
+
+ return NULL;
+}
+
+static ssize_t parse_embedded_group(struct l_settings *setting,
+ const char *data,
+ size_t line_len, size_t len,
+ size_t line)
+{
+ struct embedded_group_data *group;
+ struct group_extension *ext;
+ const char *ptr;
+ const char *type;
+ size_t type_len;
+ const char *name;
+ size_t name_len;
+ ssize_t bytes;
+
+ /* Must be at least [@[email protected]] */
+ if (line_len < 6)
+ goto invalid_group;
+
+ /* caller checked data[1] == '@', next char is type */
+ type = data + 2;
+
+ ptr = memchr(type, '@', line_len - 2);
+
+ if (!ptr || ptr - type > 31 || ptr - type < 1)
+ goto invalid_group;;
+
+ type_len = ptr - type;
+
+ if (ptr + 1 > data + line_len)
+ goto invalid_group;
+
+ name = ptr + 1;
+
+ /* subtract [@@ + type */
+ ptr = memchr(name, ']', line_len - 3 - type_len);
+
+ if (!ptr || ptr - name < 1)
+ goto invalid_group;
+
+ name_len = ptr - name;
+
+ ext = find_group_extension(type, type_len);
+ if (!ext)
+ goto invalid_group;
+
+ if (ptr + 2 > data + len)
+ goto invalid_group;
+
+ bytes = ext->parse(ptr + 2, len - line_len);
+ if (bytes < 0)
+ goto invalid_group;
+
+ group = l_malloc(sizeof(struct embedded_group_data) + bytes + 1);
+
+ group->name = l_strndup(name, name_len);
+
+ memcpy(group->type, type, type_len);
+ group->type[type_len] = '\0';
+
+ group->len = bytes;
+ memcpy(group->data, ptr + 2, bytes);
+ group->data[bytes] = '\0';
+
+ l_queue_push_tail(setting->embedded_groups, group);
+
+ return bytes;
+
+invalid_group:
+ l_util_debug(setting->debug_handler, setting->debug_data,
+ "Invalid embedded group at line %zd", line);
+
+ return -EINVAL;
+}
+
static bool parse_group(struct l_settings *settings, const char *data,
size_t len, size_t line)
{
@@ -404,7 +551,21 @@ LIB_EXPORT bool l_settings_load_from_data(struct l_settings *settings,
line_len = eol - data - pos;
- if (data[pos] == '[') {
+ if (line_len > 1 && data[pos] == '[' && data[pos + 1] == '@') {
+ ssize_t ret;
+
+ ret = parse_embedded_group(settings, data + pos,
+ line_len, len - pos,
+ line);
+ if (ret < 0)
+ return false;
+
+ /*
+ * This is the offset for the actual raw data, the
+ * group line will be offset below
+ */
+ pos += ret;
+ } else if (data[pos] == '[') {
r = parse_group(settings, data + pos, line_len, line);
if (r)
has_group = true;
@@ -437,11 +598,12 @@ LIB_EXPORT char *l_settings_to_data(const struct l_settings *settings,
group_entry = l_queue_get_entries(settings->groups);
while (group_entry) {
struct group_data *group = group_entry->data;
- const struct l_queue_entry *setting_entry =
- l_queue_get_entries(group->settings);
+ const struct l_queue_entry *setting_entry;
l_string_append_printf(buf, "[%s]\n", group->name);
+ setting_entry = l_queue_get_entries(group->settings);
+
while (setting_entry) {
struct setting_data *setting = setting_entry->data;
@@ -456,6 +618,23 @@ LIB_EXPORT char *l_settings_to_data(const struct l_settings *settings,
group_entry = group_entry->next;
}
+ group_entry = l_queue_get_entries(settings->embedded_groups);
+ if (group_entry)
+ l_string_append_c(buf, '\n');
+
+ while (group_entry) {
+ struct embedded_group_data *group = group_entry->data;
+
+ l_string_append_printf(buf, "[@%[email protected]%s]\n%s",
+ group->type,
+ group->name,
+ group->data);
+ if (group_entry->next)
+ l_string_append_c(buf, '\n');
+
+ group_entry = group_entry->next;
+ }
+
ret = l_string_unwrap(buf);
if (len)
@@ -1176,3 +1355,70 @@ LIB_EXPORT bool l_settings_remove_key(struct l_settings *settings,
return true;
}
+
+static void gather_embedded_groups(void *data, void *user_data)
+{
+ struct embedded_group_data *group_data = data;
+ struct gather_data *gather = user_data;
+
+ gather->v[gather->cur++] = l_strdup(group_data->name);
+}
+
+LIB_EXPORT char **l_settings_get_embedded_groups(struct l_settings *settings)
+{
+ char **ret;
+ struct gather_data gather;
+
+ if (unlikely(!settings))
+ return NULL;
+
+ ret = l_new(char *, l_queue_length(settings->groups) + 1);
+ gather.v = ret;
+ gather.cur = 0;
+
+ l_queue_foreach(settings->embedded_groups, gather_embedded_groups, &gather);
+
+ return ret;
+}
+
+static bool embedded_group_match(const void *a, const void *b)
+{
+ const struct embedded_group_data *group = a;
+ const char *name = b;
+
+ return !strcmp(group->name, name);
+}
+
+LIB_EXPORT bool l_settings_has_embedded_group(struct l_settings *settings,
+ const char *group)
+{
+ struct embedded_group_data *group_data;
+
+ if (unlikely(!settings))
+ return false;
+
+ group_data = l_queue_find(settings->embedded_groups,
+ embedded_group_match, group);
+
+ return group_data != NULL;
+}
+
+LIB_EXPORT const char *l_settings_get_embedded_value(struct l_settings *settings,
+ const char *group_name,
+ const char **out_type)
+{
+ struct embedded_group_data *group;
+
+ if (unlikely(!settings))
+ return false;
+
+ group = l_queue_find(settings->embedded_groups,
+ embedded_group_match, group_name);
+ if (!group)
+ return NULL;
+
+ if (out_type)
+ *out_type = group->type;
+
+ return group->data;
+}
diff --git a/ell/settings.h b/ell/settings.h
index 0da9f55..e4203af 100644
--- a/ell/settings.h
+++ b/ell/settings.h
@@ -123,6 +123,13 @@ bool l_settings_remove_key(struct l_settings *settings, const char *group_name,
const char *key);
bool l_settings_remove_group(struct l_settings *settings,
const char *group_name);
+
+char **l_settings_get_embedded_groups(struct l_settings *settings);
+bool l_settings_has_embedded_group(struct l_settings *settings,
+ const char *group);
+const char *l_settings_get_embedded_value(struct l_settings *settings,
+ const char *group_name,
+ const char **out_type);
#ifdef __cplusplus
}
#endif
--
2.17.1
2 years, 10 months
[PATCH v5 1/3] pem: refactor to expose pem iterator privately
by James Prestwood
This refactors pem.c to expose a new internal API, pem_next. This
API will allow iteration/parsing of PEM(s). Other APIs in pem.c were
updated to use pem_next.
pem_next behaves similar to pem_load_buffer, except it does not do
any base64 decoding. Instead it just returns the start of the base64
data and the caller must decode it. This allows simple PEM iteration
loops. Strictly for pem.c usage we decode the base64 string in the
loop, but settings.c will need this for parsing PEMs from settings
files and returning the PEM as a full string, including the start/end
tags.
---
ell/pem-private.h | 32 +++++++++++++++++++
ell/pem.c | 78 ++++++++++++++++++++++++++++++-----------------
2 files changed, 82 insertions(+), 28 deletions(-)
create mode 100644 ell/pem-private.h
-v5:
* Fixed incorrect commit description (return start of base64 data)
* Removed len out parameter in pem_next, endp can be used instead
* Fixed base64_len off by one error.
* Fixed misleading comment, and removed unused error handling code
diff --git a/ell/pem-private.h b/ell/pem-private.h
new file mode 100644
index 0000000..1cf7ee5
--- /dev/null
+++ b/ell/pem-private.h
@@ -0,0 +1,32 @@
+/*
+ *
+ * Embedded Linux library
+ *
+ * Copyright (C) 2019 Intel Corporation. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#define _GNU_SOURCE
+#include <sys/types.h>
+
+const char *pem_next(const void *buf, size_t buf_len, char **type_label,
+ size_t *base64_len,
+ const char **endp, bool strict);
diff --git a/ell/pem.c b/ell/pem.c
index c2bf7ba..d8f57ed 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -45,6 +45,7 @@
#include "cipher.h"
#include "cert-private.h"
#include "missing.h"
+#include "pem-private.h"
#define PEM_START_BOUNDARY "-----BEGIN "
#define PEM_END_BOUNDARY "-----END "
@@ -126,15 +127,15 @@ static bool is_end_boundary(const void *buf, size_t buf_len,
return true;
}
-static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
- char **type_label, size_t *len,
- const uint8_t **endp)
+const char *pem_next(const void *buf, size_t buf_len, char **type_label,
+ size_t *base64_len,
+ const char **endp, bool strict)
{
const char *buf_ptr = buf;
const char *base64_data = NULL, *eol;
const char *label = NULL;
- uint8_t *data;
size_t label_len = 0;
+ const char *start = NULL;
/*
* The base64 parser uses the RFC7468 laxbase64text grammar but we
@@ -148,26 +149,25 @@ static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
break;
if (!base64_data) {
- label = is_start_boundary(buf, eol - buf_ptr,
+ label = is_start_boundary(buf_ptr, eol - buf_ptr,
&label_len);
-
- if (label)
+ if (label) {
+ start = label - strlen("-----BEGIN ");
base64_data = eol;
- } else if (is_end_boundary(buf_ptr, eol - buf_ptr, label,
- label_len)) {
- data = l_base64_decode(
- (const char *) base64_data,
- buf_ptr - base64_data, len);
- if (!data)
- return NULL;
+ } else if (strict)
+ break;
+ } else if (start && is_end_boundary(buf_ptr, eol - buf_ptr,
+ label, label_len)) {
+ if (type_label)
+ *type_label = l_strndup(label, label_len);
- *type_label = l_strndup((const char *) label,
- label_len);
+ if (base64_len)
+ *base64_len = buf_ptr - base64_data;
if (endp)
- *endp = (uint8_t *)eol + 1;
+ *endp = eol + 1;
- return data;
+ return base64_data;
}
if (eol == buf_ptr + buf_len)
@@ -189,10 +189,24 @@ static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
return NULL;
}
+static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
+ char **type_label, size_t *len)
+{
+ size_t base64_len;
+ const char *base64;
+
+ base64 = pem_next(buf, buf_len, type_label, &base64_len,
+ NULL, false);
+ if (!base64)
+ return NULL;
+
+ return l_base64_decode(base64, base64_len, len);
+}
+
LIB_EXPORT uint8_t *l_pem_load_buffer(const void *buf, size_t buf_len,
char **type_label, size_t *out_len)
{
- return pem_load_buffer(buf, buf_len, type_label, out_len, NULL);
+ return pem_load_buffer(buf, buf_len, type_label, out_len);
}
struct pem_file_info {
@@ -242,7 +256,7 @@ LIB_EXPORT uint8_t *l_pem_load_file(const char *filename,
return NULL;
result = pem_load_buffer(file.data, file.st.st_size,
- type_label, len, NULL);
+ type_label, len);
pem_file_close(&file);
return result;
}
@@ -288,7 +302,7 @@ LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
LIB_EXPORT struct l_queue *l_pem_load_certificate_list_from_data(
const void *buf, size_t len)
{
- const uint8_t *ptr, *end;
+ const char *ptr, *end;
struct l_queue *list = NULL;
ptr = buf;
@@ -297,20 +311,28 @@ LIB_EXPORT struct l_queue *l_pem_load_certificate_list_from_data(
while (ptr && ptr < end) {
uint8_t *der;
size_t der_len;
- char *label;
+ char *label = NULL;
struct l_cert *cert;
+ const char *base64;
+ size_t base64_len;
- der = pem_load_buffer(ptr, end - ptr, &label, &der_len, &ptr);
+ base64 = pem_next(ptr, len, &label, &base64_len, &ptr, false);
+ if (!base64) {
+ if (!ptr)
+ break;
+
+ /* if ptr was not reset to NULL; parse error */
+ goto error;
+ }
+
+ der = l_base64_decode(base64, base64_len, &der_len);
if (!der || strcmp(label, "CERTIFICATE")) {
if (der)
l_free(label);
l_free(der);
- if (!ptr) /* EOF */
- break;
- else
- goto error;
+ goto error;
}
l_free(label);
@@ -470,7 +492,7 @@ LIB_EXPORT struct l_key *l_pem_load_private_key_from_data(const void *buf,
if (encrypted)
*encrypted = false;
- content = pem_load_buffer(buf, buf_len, &label, &len, NULL);
+ content = pem_load_buffer(buf, buf_len, &label, &len);
if (!content)
return NULL;
--
2.17.1
2 years, 10 months
[PATCH v4 1/3] pem: refactor to expose pem iterator privately
by James Prestwood
This refactors pem.c to expose a new internal API, pem_next. This
API will allow iteration/parsing of PEM(s). Other APIs in pem.c were
updated to use pem_next.
pem_next behaves similar to pem_load_buffer, except it does not do
any base64 decoding. Instead it just returns the start of the PEM as
a string, and the length as an out parameter. This allows simple
PEM iteration loops. Strictly for pem.c usage we decode the base64
string in the loop, but settings.c will need this for parsing PEMs
from settings files and returning the PEM as a full string, including
the start/end tags.
endp was removed from pem_load_buffer as it was no longer being used.
---
ell/pem-private.h | 32 ++++++++++++++++++++
ell/pem.c | 77 ++++++++++++++++++++++++++++++++---------------
2 files changed, 85 insertions(+), 24 deletions(-)
create mode 100644 ell/pem-private.h
-v4:
* Added 'stict' argument to pem_next.
diff --git a/ell/pem-private.h b/ell/pem-private.h
new file mode 100644
index 0000000..bb0127f
--- /dev/null
+++ b/ell/pem-private.h
@@ -0,0 +1,32 @@
+/*
+ *
+ * Embedded Linux library
+ *
+ * Copyright (C) 2019 Intel Corporation. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ *
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#define _GNU_SOURCE
+#include <sys/types.h>
+
+const char *pem_next(const void *buf, size_t buf_len, char **type_label,
+ size_t *len, size_t *base64_len,
+ const char **endp, bool strict);
diff --git a/ell/pem.c b/ell/pem.c
index c2bf7ba..79e4d07 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -45,6 +45,7 @@
#include "cipher.h"
#include "cert-private.h"
#include "missing.h"
+#include "pem-private.h"
#define PEM_START_BOUNDARY "-----BEGIN "
#define PEM_END_BOUNDARY "-----END "
@@ -126,15 +127,15 @@ static bool is_end_boundary(const void *buf, size_t buf_len,
return true;
}
-static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
- char **type_label, size_t *len,
- const uint8_t **endp)
+const char *pem_next(const void *buf, size_t buf_len, char **type_label,
+ size_t *len, size_t *base64_len,
+ const char **endp, bool strict)
{
const char *buf_ptr = buf;
const char *base64_data = NULL, *eol;
const char *label = NULL;
- uint8_t *data;
size_t label_len = 0;
+ const char *start = NULL;
/*
* The base64 parser uses the RFC7468 laxbase64text grammar but we
@@ -148,26 +149,28 @@ static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
break;
if (!base64_data) {
- label = is_start_boundary(buf, eol - buf_ptr,
+ label = is_start_boundary(buf_ptr, eol - buf_ptr,
&label_len);
-
- if (label)
+ if (label) {
+ start = label - strlen("-----BEGIN ");
base64_data = eol;
- } else if (is_end_boundary(buf_ptr, eol - buf_ptr, label,
- label_len)) {
- data = l_base64_decode(
- (const char *) base64_data,
- buf_ptr - base64_data, len);
- if (!data)
- return NULL;
+ } else if (strict)
+ break;
+ } else if (start && is_end_boundary(buf_ptr, eol - buf_ptr,
+ label, label_len)) {
+ if (len)
+ *len = eol - start + 1;
- *type_label = l_strndup((const char *) label,
- label_len);
+ if (type_label)
+ *type_label = l_strndup(label, label_len);
+
+ if (base64_len)
+ *base64_len = buf_ptr - base64_data - 1;
if (endp)
- *endp = (uint8_t *)eol + 1;
+ *endp = eol + 1;
- return data;
+ return base64_data;
}
if (eol == buf_ptr + buf_len)
@@ -189,10 +192,24 @@ static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
return NULL;
}
+static uint8_t *pem_load_buffer(const void *buf, size_t buf_len,
+ char **type_label, size_t *len)
+{
+ size_t base64_len;
+ const char *base64;
+
+ base64 = pem_next(buf, buf_len, type_label, NULL, &base64_len,
+ NULL, false);
+ if (!base64)
+ return NULL;
+
+ return l_base64_decode(base64, base64_len, len);
+}
+
LIB_EXPORT uint8_t *l_pem_load_buffer(const void *buf, size_t buf_len,
char **type_label, size_t *out_len)
{
- return pem_load_buffer(buf, buf_len, type_label, out_len, NULL);
+ return pem_load_buffer(buf, buf_len, type_label, out_len);
}
struct pem_file_info {
@@ -242,7 +259,7 @@ LIB_EXPORT uint8_t *l_pem_load_file(const char *filename,
return NULL;
result = pem_load_buffer(file.data, file.st.st_size,
- type_label, len, NULL);
+ type_label, len);
pem_file_close(&file);
return result;
}
@@ -288,7 +305,7 @@ LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
LIB_EXPORT struct l_queue *l_pem_load_certificate_list_from_data(
const void *buf, size_t len)
{
- const uint8_t *ptr, *end;
+ const char *ptr, *end;
struct l_queue *list = NULL;
ptr = buf;
@@ -297,10 +314,22 @@ LIB_EXPORT struct l_queue *l_pem_load_certificate_list_from_data(
while (ptr && ptr < end) {
uint8_t *der;
size_t der_len;
- char *label;
+ char *label = NULL;
struct l_cert *cert;
+ size_t out_len = 0;
+ const char *base64;
+ size_t base64_len;
+
+ base64 = pem_next(ptr, len, &label, &out_len, &base64_len,
+ &ptr, false);
+ /* if ptr is set but we got NULL, this was a parse error */
+ if (!base64 && ptr)
+ goto error;
+
+ if (!base64)
+ break;
- der = pem_load_buffer(ptr, end - ptr, &label, &der_len, &ptr);
+ der = l_base64_decode(base64, base64_len, &der_len);
if (!der || strcmp(label, "CERTIFICATE")) {
if (der)
@@ -470,7 +499,7 @@ LIB_EXPORT struct l_key *l_pem_load_private_key_from_data(const void *buf,
if (encrypted)
*encrypted = false;
- content = pem_load_buffer(buf, buf_len, &label, &len, NULL);
+ content = pem_load_buffer(buf, buf_len, &label, &len);
if (!content)
return NULL;
--
2.17.1
2 years, 10 months
[PATCH v2 1/3] tls: change APIs to use l_cert/l_certchain/l_key
by James Prestwood
l_tls_set_auth_data/l_tls_set_cacert both expected file paths to be
passed in, and the certs/keys would be loaded internally. This prevents
the caller from loading certs any way but from files. This makes
loading certs/keys from data impossible if using TLS. For example,
a certificate may be embedded inside a file which has additional data.
To handle both file/data cases its now up to the caller to load the
cert/key as an l_cert/l_certchain/l_key/l_queue and pass that structure
in directly.
The structure being passed in will now be owned by l_tls, and will be
freed on l_tls_free.
---
ell/tls.c | 42 +++++++++++-------------------------------
ell/tls.h | 27 +++++++++++++++------------
2 files changed, 26 insertions(+), 43 deletions(-)
-v2:
* Updated API comments
* Removed debug prints
diff --git a/ell/tls.c b/ell/tls.c
index d0e2a66..37434c6 100644
--- a/ell/tls.c
+++ b/ell/tls.c
@@ -2591,7 +2591,7 @@ LIB_EXPORT void l_tls_free(struct l_tls *tls)
}
l_tls_set_cacert(tls, NULL);
- l_tls_set_auth_data(tls, NULL, NULL, NULL);
+ l_tls_set_auth_data(tls, NULL, NULL);
l_tls_set_domain_mask(tls, NULL);
tls_reset_handshake(tls);
@@ -2806,40 +2806,31 @@ LIB_EXPORT void l_tls_close(struct l_tls *tls)
TLS_DISCONNECT(TLS_ALERT_CLOSE_NOTIFY, 0, "Closing session");
}
-LIB_EXPORT bool l_tls_set_cacert(struct l_tls *tls, const char *ca_cert_path)
+LIB_EXPORT bool l_tls_set_cacert(struct l_tls *tls, struct l_queue *ca_certs)
{
- TLS_DEBUG("ca-cert-path=%s", ca_cert_path);
-
if (tls->ca_certs) {
l_queue_destroy(tls->ca_certs,
(l_queue_destroy_func_t) l_cert_free);
tls->ca_certs = NULL;
}
- if (ca_cert_path) {
+ if (ca_certs) {
if (!l_key_is_supported(L_KEY_FEATURE_RESTRICT)) {
TLS_DEBUG("keyctl restrict support missing, "
"check kernel configuration");
return false;
}
- tls->ca_certs = l_pem_load_certificate_list(ca_cert_path);
- if (!tls->ca_certs) {
- TLS_DEBUG("Error loading %s", ca_cert_path);
- return false;
- }
+ tls->ca_certs = ca_certs;
}
return true;
}
-LIB_EXPORT bool l_tls_set_auth_data(struct l_tls *tls, const char *cert_path,
- const char *priv_key_path,
- const char *priv_key_passphrase)
+LIB_EXPORT bool l_tls_set_auth_data(struct l_tls *tls,
+ struct l_certchain *certchain,
+ struct l_key *priv_key)
{
- TLS_DEBUG("cert-path=%s priv-key-path=%s priv-key-passphrase=%p",
- cert_path, priv_key_path, priv_key_passphrase);
-
if (tls->cert) {
l_certchain_free(tls->cert);
tls->cert = NULL;
@@ -2851,24 +2842,13 @@ LIB_EXPORT bool l_tls_set_auth_data(struct l_tls *tls, const char *cert_path,
tls->priv_key_size = 0;
}
- if (cert_path) {
- tls->cert = l_pem_load_certificate_chain(cert_path);
- if (!tls->cert) {
- TLS_DEBUG("Error loading %s", cert_path);
- return false;
- }
- }
+ if (certchain)
+ tls->cert = certchain;
- if (priv_key_path) {
+ if (priv_key) {
bool is_public = true;
- tls->priv_key = l_pem_load_private_key(priv_key_path,
- priv_key_passphrase,
- NULL);
- if (!tls->priv_key) {
- TLS_DEBUG("Error loading %s", priv_key_path);
- return false;
- }
+ tls->priv_key = priv_key;
if (!l_key_get_info(tls->priv_key, L_KEY_RSA_PKCS1_V1_5,
L_CHECKSUM_NONE, &tls->priv_key_size,
diff --git a/ell/tls.h b/ell/tls.h
index a361c37..0ca6def 100644
--- a/ell/tls.h
+++ b/ell/tls.h
@@ -33,6 +33,9 @@ enum l_tls_version {
};
struct l_tls;
+struct l_key;
+struct l_certchain;
+struct l_queue;
enum l_tls_alert_desc {
TLS_ALERT_CLOSE_NOTIFY = 0,
@@ -96,22 +99,22 @@ void l_tls_write(struct l_tls *tls, const uint8_t *data, size_t len);
void l_tls_handle_rx(struct l_tls *tls, const uint8_t *data, size_t len);
/* If peer is to be authenticated, supply the CA certificates */
-bool l_tls_set_cacert(struct l_tls *tls, const char *ca_cert_path);
+bool l_tls_set_cacert(struct l_tls *tls, struct l_queue *ca_certs);
/*
- * If we are to be authenticated, supply our certificate, private key and
- * private key passphrase if needed (or NULL). On the client this is optional,
- * but if supplied, negotiation will fail if the certificate type doesn't
- * match or one of the files can't be loaded.
- * TODO: accept a callback to be used for passphrase query.
+ * If we are to be authenticated, supply our certificate and private key. On the
+ * client this is optional.
* TODO: allow NULL private key if certificate file contains the key.
- * TODO: it may also be useful for the caller to be able to supply
- * one certificate of each type so they can be used depending on which
- * is compatible with the negotiated parameters.
+ * TODO: it may also be useful for the caller to be able to supply one
+ * certificate of each type so they can be used depending on which is compatible
+ * with the negotiated parameters.
+ *
+ * Note: Providing certchain and priv_key will move memory ownership into the
+ * tls object. These objects should not be freed by the caller.
*/
-bool l_tls_set_auth_data(struct l_tls *tls, const char *cert_path,
- const char *priv_key_path,
- const char *priv_key_passphrase);
+bool l_tls_set_auth_data(struct l_tls *tls,
+ struct l_certchain *certchain,
+ struct l_key *priv_key);
void l_tls_set_version_range(struct l_tls *tls,
enum l_tls_version min_version,
--
2.17.1
2 years, 10 months
[PATCH v3 1/6] pem: remove index argument
by James Prestwood
This argument seems to always be hard coded to zero.
---
ell/pem.c | 41 ++++++++++++++++++-----------------------
ell/pem.h | 5 ++---
2 files changed, 20 insertions(+), 26 deletions(-)
diff --git a/ell/pem.c b/ell/pem.c
index 352d461..721a05b 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -124,7 +124,7 @@ static bool is_end_boundary(const uint8_t *buf, size_t buf_len,
return true;
}
-static uint8_t *pem_load_buffer(const uint8_t *buf, size_t buf_len, int index,
+static uint8_t *pem_load_buffer(const uint8_t *buf, size_t buf_len,
char **type_label, size_t *len,
const uint8_t **endp)
{
@@ -149,24 +149,19 @@ static uint8_t *pem_load_buffer(const uint8_t *buf, size_t buf_len, int index,
if (label)
base64_data = eol;
} else if (is_end_boundary(buf, eol - buf, label, label_len)) {
- if (index == 0) {
- data = l_base64_decode(
- (const char *) base64_data,
- buf - base64_data, len);
- if (!data)
- return NULL;
-
- *type_label = l_strndup((const char *) label,
- label_len);
+ data = l_base64_decode(
+ (const char *) base64_data,
+ buf - base64_data, len);
+ if (!data)
+ return NULL;
- if (endp)
- *endp = eol + 1;
+ *type_label = l_strndup((const char *) label,
+ label_len);
- return data;
- }
+ if (endp)
+ *endp = eol + 1;
- base64_data = NULL;
- index--;
+ return data;
}
if (eol == buf + buf_len)
@@ -189,10 +184,10 @@ static uint8_t *pem_load_buffer(const uint8_t *buf, size_t buf_len, int index,
}
LIB_EXPORT uint8_t *l_pem_load_buffer(const uint8_t *buf, size_t buf_len,
- int index, char **type_label,
+ char **type_label,
size_t *out_len)
{
- return pem_load_buffer(buf, buf_len, index, type_label, out_len, NULL);
+ return pem_load_buffer(buf, buf_len, type_label, out_len, NULL);
}
struct pem_file_info {
@@ -232,7 +227,7 @@ static void pem_file_close(struct pem_file_info *info)
close(info->fd);
}
-LIB_EXPORT uint8_t *l_pem_load_file(const char *filename, int index,
+LIB_EXPORT uint8_t *l_pem_load_file(const char *filename,
char **type_label, size_t *len)
{
struct pem_file_info file;
@@ -241,7 +236,7 @@ LIB_EXPORT uint8_t *l_pem_load_file(const char *filename, int index,
if (pem_file_open(&file, filename) < 0)
return NULL;
- result = pem_load_buffer(file.data, file.st.st_size, index,
+ result = pem_load_buffer(file.data, file.st.st_size,
type_label, len, NULL);
pem_file_close(&file);
return result;
@@ -300,7 +295,7 @@ LIB_EXPORT struct l_queue *l_pem_load_certificate_list_from_data(
char *label;
struct l_cert *cert;
- der = pem_load_buffer(ptr, end - ptr, 0, &label, &der_len, &ptr);
+ der = pem_load_buffer(ptr, end - ptr, &label, &der_len, &ptr);
if (!der || strcmp(label, "CERTIFICATE")) {
if (der)
@@ -470,7 +465,7 @@ LIB_EXPORT struct l_key *l_pem_load_private_key_from_data(const void *buf,
if (encrypted)
*encrypted = false;
- content = pem_load_buffer(buf, buf_len, 0, &label, &len, NULL);
+ content = pem_load_buffer(buf, buf_len, &label, &len, NULL);
if (!content)
return NULL;
@@ -505,7 +500,7 @@ LIB_EXPORT struct l_key *l_pem_load_private_key(const char *filename,
if (encrypted)
*encrypted = false;
- content = l_pem_load_file(filename, 0, &label, &len);
+ content = l_pem_load_file(filename, &label, &len);
if (!content)
return NULL;
diff --git a/ell/pem.h b/ell/pem.h
index 41583e2..da5e273 100644
--- a/ell/pem.h
+++ b/ell/pem.h
@@ -33,9 +33,8 @@ struct l_cert;
struct l_certchain;
uint8_t *l_pem_load_buffer(const uint8_t *buf, size_t buf_len,
- int index, char **type_label, size_t *out_len);
-uint8_t *l_pem_load_file(const char *filename, int index,
- char **type_label, size_t *len);
+ char **type_label, size_t *out_len);
+uint8_t *l_pem_load_file(const char *filename, char **type_label, size_t *len);
struct l_certchain *l_pem_load_certificate_chain(const char *filename);
struct l_certchain *l_pem_load_certificate_chain_from_data(const void *buf,
--
2.17.1
2 years, 10 months