From 2456298da02579ca87b836d6552779c8803cfce2 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Fri, 31 Aug 2018 07:40:52 +0200 Subject: [PATCH] libnm/crypto: adjust signature of crypto functions - avoid "const gsize" as type for function arguments. - consistently use "guint8 *" type for binary data, instead of "char *", which indicates a NUL terminated C string. --- libnm-core/nm-crypto-gnutls.c | 24 +++++++++++----------- libnm-core/nm-crypto-impl.h | 38 +++++++++++++++++------------------ libnm-core/nm-crypto-nss.c | 22 ++++++++++---------- libnm-core/nm-crypto.c | 38 +++++++++++++++++------------------ libnm-core/nm-crypto.h | 12 +++++------ 5 files changed, 67 insertions(+), 67 deletions(-) diff --git a/libnm-core/nm-crypto-gnutls.c b/libnm-core/nm-crypto-gnutls.c index dea578fd29..be4ba572ed 100644 --- a/libnm-core/nm-crypto-gnutls.c +++ b/libnm-core/nm-crypto-gnutls.c @@ -55,15 +55,15 @@ _nm_crypto_init (GError **error) return TRUE; } -char * +guint8 * _nmtst_crypto_decrypt (const char *cipher, int key_type, const guint8 *data, gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, + const guint8 *iv, + gsize iv_len, + const guint8 *key, + gsize key_len, gsize *out_len, GError **error) { @@ -167,16 +167,16 @@ out: } } gnutls_cipher_deinit (ctx); - return output; + return (guint8 *) output; } -char * +guint8 * _nmtst_crypto_encrypt (const char *cipher, const guint8 *data, gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, + const guint8 *iv, + gsize iv_len, + const guint8 *key, gsize key_len, gsize *out_len, GError **error) @@ -264,11 +264,11 @@ out: } } gnutls_cipher_deinit (ctx); - return output; + return (guint8 *) output; } gboolean -_nm_crypto_verify_x509 (const unsigned char *data, +_nm_crypto_verify_x509 (const guint8 *data, gsize len, GError **error) { diff --git a/libnm-core/nm-crypto-impl.h b/libnm-core/nm-crypto-impl.h index 49c5c7a328..65db9a28d3 100644 --- a/libnm-core/nm-crypto-impl.h +++ b/libnm-core/nm-crypto-impl.h @@ -51,25 +51,25 @@ gboolean _nm_crypto_verify_pkcs8 (const guint8 *data, /*****************************************************************************/ -char *_nmtst_crypto_encrypt (const char *cipher, - const guint8 *data, - gsize data_len, - const char *iv, - gsize iv_len, - const char *key, - gsize key_len, - gsize *out_len, - GError **error); +guint8 *_nmtst_crypto_encrypt (const char *cipher, + const guint8 *data, + gsize data_len, + const guint8 *iv, + gsize iv_len, + const guint8 *key, + gsize key_len, + gsize *out_len, + GError **error); -char *_nmtst_crypto_decrypt (const char *cipher, - int key_type, - const guint8 *data, - gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, - gsize *out_len, - GError **error); +guint8 *_nmtst_crypto_decrypt (const char *cipher, + int key_type, + const guint8 *data, + gsize data_len, + const guint8 *iv, + gsize iv_len, + const guint8 *key, + gsize key_len, + gsize *out_len, + GError **error); #endif /* __NM_CRYPTO_IMPL_H__ */ diff --git a/libnm-core/nm-crypto-nss.c b/libnm-core/nm-crypto-nss.c index 6ddc442862..a0c3eb1d39 100644 --- a/libnm-core/nm-crypto-nss.c +++ b/libnm-core/nm-crypto-nss.c @@ -71,15 +71,15 @@ _nm_crypto_init (GError **error) return TRUE; } -char * +guint8 * _nmtst_crypto_decrypt (const char *cipher, int key_type, const guint8 *data, gsize data_len, - const char *iv, - const gsize iv_len, - const char *key, - const gsize key_len, + const guint8 *iv, + gsize iv_len, + const guint8 *key, + gsize key_len, gsize *out_len, GError **error) { @@ -239,16 +239,16 @@ out: output = NULL; } } - return output; + return (guint8 *) output; } -char * +guint8 * _nmtst_crypto_encrypt (const char *cipher, const guint8 *data, gsize data_len, - const char *iv, + const guint8 *iv, gsize iv_len, - const char *key, + const guint8 *key, gsize key_len, gsize *out_len, GError **error) @@ -367,11 +367,11 @@ out: g_free (output); output = NULL; } - return (char *) output; + return (guint8 *) output; } gboolean -_nm_crypto_verify_x509 (const unsigned char *data, +_nm_crypto_verify_x509 (const guint8 *data, gsize len, GError **error) { diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c index 684867593d..5fc5fc8b91 100644 --- a/libnm-core/nm-crypto.c +++ b/libnm-core/nm-crypto.c @@ -418,16 +418,16 @@ _nmtst_convert_iv (const char *src, return g_steal_pointer (&c); } -char * +guint8 * nm_crypto_make_des_aes_key (const char *cipher, - const char *salt, - const gsize salt_len, + const guint8 *salt, + gsize salt_len, const char *password, gsize *out_len, GError **error) { - char *key; - guint32 digest_len; + guint8 *key; + gsize digest_len; g_return_val_if_fail (cipher != NULL, NULL); g_return_val_if_fail (salt != NULL, NULL); @@ -460,11 +460,11 @@ nm_crypto_make_des_aes_key (const char *cipher, key = g_malloc0 (digest_len + 1); - nm_crypto_md5_hash ((guint8 *) salt, + nm_crypto_md5_hash (salt, 8, (guint8 *) password, strlen (password), - (guint8 *) key, + key, digest_len); *out_len = digest_len; @@ -505,21 +505,21 @@ _nmtst_decrypt_key (const char *cipher, } /* Convert the password and IV into a DES or AES key */ - key.str = nm_crypto_make_des_aes_key (cipher, bin_iv.str, bin_iv.len, password, &key.len, error); - if (!key.str || !key.len) + key.bin = nm_crypto_make_des_aes_key (cipher, bin_iv.bin, bin_iv.len, password, &key.len, error); + if (!key.bin || !key.len) return FALSE; - parsed->str = _nmtst_crypto_decrypt (cipher, + parsed->bin = _nmtst_crypto_decrypt (cipher, key_type, data, data_len, - bin_iv.str, + bin_iv.bin, bin_iv.len, - key.str, + key.bin, key.len, &parsed->len, error); - if (!parsed->str || parsed->len == 0) { + if (!parsed->bin || parsed->len == 0) { nm_secret_ptr_clear (parsed); return FALSE; } @@ -910,7 +910,7 @@ nmtst_crypto_rsa_key_encrypt (const guint8 *data, char **out_password, GError **error) { - char salt[8]; + guint8 salt[8]; nm_auto_clear_secret_ptr NMSecretPtr key = { 0 }; nm_auto_clear_secret_ptr NMSecretPtr enc = { 0 }; gs_unref_ptrarray GPtrArray *pem = NULL; @@ -939,12 +939,12 @@ nmtst_crypto_rsa_key_encrypt (const guint8 *data, if (!nm_crypto_randomize (salt, sizeof (salt), error)) return NULL; - key.str = nm_crypto_make_des_aes_key (CIPHER_DES_EDE3_CBC, &salt[0], sizeof (salt), in_password, &key.len, NULL); - if (!key.str) + key.bin = nm_crypto_make_des_aes_key (CIPHER_DES_EDE3_CBC, salt, sizeof (salt), in_password, &key.len, NULL); + if (!key.bin) g_return_val_if_reached (NULL); - enc.str = _nmtst_crypto_encrypt (CIPHER_DES_EDE3_CBC, data, len, salt, sizeof (salt), key.str, key.len, &enc.len, error); - if (!enc.str) + enc.bin = _nmtst_crypto_encrypt (CIPHER_DES_EDE3_CBC, data, len, salt, sizeof (salt), key.bin, key.len, &enc.len, error); + if (!enc.bin) return NULL; /* What follows is not the most efficient way to construct the pem @@ -964,7 +964,7 @@ nmtst_crypto_rsa_key_encrypt (const guint8 *data, g_ptr_array_add (pem, g_strdup ("\n\n")); /* Convert the encrypted key to a base64 string */ - enc_base64 = g_base64_encode ((const guchar *) enc.str, enc.len); + enc_base64 = g_base64_encode ((const guchar *) enc.bin, enc.len); enc_base64_len = strlen (enc_base64); for (p = enc_base64; (p - enc_base64) < (ptrdiff_t) enc_base64_len; p += 64) { g_ptr_array_add (pem, g_strndup (p, 64)); diff --git a/libnm-core/nm-crypto.h b/libnm-core/nm-crypto.h index 8294bdbe1b..70019211b3 100644 --- a/libnm-core/nm-crypto.h +++ b/libnm-core/nm-crypto.h @@ -81,12 +81,12 @@ void nm_crypto_md5_hash (const guint8 *salt, guint8 *buffer, gsize buflen); -char *nm_crypto_make_des_aes_key (const char *cipher, - const char *salt, - const gsize salt_len, - const char *password, - gsize *out_len, - GError **error); +guint8 *nm_crypto_make_des_aes_key (const char *cipher, + const guint8 *salt, + gsize salt_len, + const char *password, + gsize *out_len, + GError **error); gboolean nm_crypto_randomize (void *buffer, gsize buffer_len, GError **error);