The "bag" was not deallocated when the key is successfully loaded.
Parse all bag elements rather than clearing the bag after the first
iteration (this restores previous behavior).
Change-Id: Ib52da6586f7435d18fa5b0660e7771436544b634
Fixes: v2.5.0rc0-613-gf63b68f707 ("Further cleanups.")
Reviewed-on: https://code.wireshark.org/review/26481
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
The first is deprecated, as per https://spdx.org/licenses/.
Change-Id: I8e21e1d32d09b8b94b93a2dc9fbdde5ffeba6bed
Reviewed-on: https://code.wireshark.org/review/25661
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Id73e641499e75bc1afc1dea29682418156f461fe
Reviewed-on: https://code.wireshark.org/review/24751
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
If a variable is initialized in a loop body or an if clause or a switch
clause, declare it inside the loop body/clause, and de-initialize it
before leaving the loop body/clause.
De-initialize the gnutls_pkcs12_t before leaving rsa_load_pkcs12(), so
as not to leak it.
Always leave the per-bag loop by "goto done", even if we're not within
an inner loop, to make it clearer what we're doing.
We initialize the bag structure at the beginning of that loop body;
de-initialize it at the end.
If we leave the loop without a private key, and we don't have an error
message, the error is "we didn't find a PKCS8 key"; report that.
Change-Id: I87cf296876c8f1879f69d01ce67ca2829b4f8d16
Reviewed-on: https://code.wireshark.org/review/22958
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Pacify checkAPIs.pl
Change-Id: I637a6cd678b99d05cd1b26fd3cba6ad4dd19e8d2
Reviewed-on: https://code.wireshark.org/review/22957
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Ensure that rsa_load_pem_key() and rsa_load_pkcs12() always return an
error message string if they fail, so that
1) they don't return NULL without supplying an error string;
2) they don't supply an error string if they succeed.
If either of them fails, report the error; if there's no error string,
report an unknown error (that shouldn't happen, but the wsutil/rsa.c
code needs more cleanup before I'll believe it can't happen).
While we're at it, clean up some of those error strings, return NULL
rather than 0 as the failure case from rsa_load_pkcs12() as we do in
rsa_load_pem_key() (they mean the same thing, but NULL makes it a bit
clearer), and de-initialize the private key structure in
rsa_load_pem_key() if we fail (so that we don't leak memory).
Change-Id: Id9dd331800d87b017a500a6f579df446057f555b
Reviewed-on: https://code.wireshark.org/review/22941
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Loading PEM and PKCS#11 keys was being done in static functions
in packet-ssl-utils.c. These were moved to wsutil, with prototypes
in a new <wsutil/rsa.h> header. This adds gnutls as optional
dependency to wsutil.
The RSA decryption helper was also moved and is now provided in
<wsutil/wsgcrypt.h>.
This allows more dissectors to access this functionality.
Change-Id: I6cfbbf5203f2881c82bad721747834ccd76e2033
Reviewed-on: https://code.wireshark.org/review/21941
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>