From 6c2b6449337c80b60ad9655f6d3afb8bda6c158a Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:09 +0200 Subject: [PATCH 01/19] Make sure s_sig is initialized in _wrap_gcry_pk_verify()'s cleanup: section. --- lib/pk-libgcrypt.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/lib/pk-libgcrypt.c b/lib/pk-libgcrypt.c index a7bcd8e..8b2f352 100644 --- a/lib/pk-libgcrypt.c +++ b/lib/pk-libgcrypt.c @@ -423,6 +423,8 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, bigint_t hash; bigint_t tmp[2] = { NULL, NULL }; + s_sig = 0; + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) { gnutls_assert (); -- 1.6.3.2 From 6223c2c38a79dd2f6abd6685e21d64b1eaf7f043 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 02/19] Make sure buf_release is initialzed when jumping to _gnutls_mpi_randomize()'s cleanup:. Only relevant if gnutls_assrt() is a nop. --- lib/gnutls_mpi.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index ad93ce6..15dd1e4 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -60,6 +60,7 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits, if (buf == NULL) { gnutls_assert(); + buf_release = 0; goto cleanup; } buf_release = 1; -- 1.6.3.2 From 562627dfe0027cb20abd29b7ae525e860760a08f Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 03/19] In case of (!s), we better leave s->error alone. --- lib/opencdk/stream.c | 4 ---- 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index 6abc4dc..e2103cd 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -932,7 +932,6 @@ cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert(); return EOF; } @@ -989,7 +988,6 @@ cdk_stream_getc (cdk_stream_t s) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert(); return EOF; } @@ -1022,7 +1020,6 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert(); return EOF; } @@ -1081,7 +1078,6 @@ cdk_stream_putc (cdk_stream_t s, int c) if (!s) { - s->error = CDK_Inv_Value; gnutls_assert(); return EOF; } -- 1.6.3.2 From 11272fc7c99dff17b84bb7458b4e99739717bbfc Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 04/19] Fix a NULL pointer dereference in _gnutls_handshake_buffer_get_ptr() --- lib/gnutls_buffers.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 2058a27..21a4d0d 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -1234,7 +1234,8 @@ _gnutls_handshake_buffer_get_ptr (gnutls_session_t session, if (length != NULL) *length = session->internals.handshake_hash_buffer.length; - _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", *length); + _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", + session->internals.handshake_hash_buffer.length); if (data_ptr != NULL) *data_ptr = session->internals.handshake_hash_buffer.data; -- 1.6.3.2 From 239cc19886f01180361430b80804563c53cf21ee Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 05/19] Add a missing return code check in write_secret_key(). --- lib/opencdk/write-packet.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 24e47b0..1f9fb81 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -589,7 +589,8 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, } else return CDK_Inv_Value; - rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); + if (!rc) + rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); } if (!rc && sk->is_protected && pk->version == 4) { -- 1.6.3.2 From 43aef8ab37b06ade6a8ee1a0a212affd01e48599 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 06/19] Fix a NULL pointer dereference in _gnutls_tls_sign(). XXX: Not sure if this is the right fix. --- lib/gnutls_sig.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 5edf8ff..d29a326 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -279,7 +279,7 @@ _gnutls_tls_sign (gnutls_session_t session, } /* External signing. */ - if (!pkey || pkey->params_size == 0) + if (cert && (!pkey || pkey->params_size == 0)) { if (!session->internals.sign_func) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; -- 1.6.3.2 From f6fb2cb626390929cc34580e851bbcc63efefb03 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 07/19] Add a return code check in decode_pkcs8_key(). XXX: Everything but 0 is an error, right? --- lib/x509/privkey_pkcs8.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index aa777d2..8a9a8bb 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -795,6 +795,11 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, params_len, &kdf_params, &enc_params); + if (result) + { + goto error; + } + /* Parameters have been decoded. Now * decrypt the EncryptedData. */ -- 1.6.3.2 From fc666f00d53ed636ff541b44b52884b44eed1d10 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 08/19] Add a return code check in gnutls_openpgp_privkey_import(), copy and pasted from below, assuming it works the same. --- lib/openpgp/privkey.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index c7cb371..e13cf61 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -104,7 +104,15 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, } if (format == GNUTLS_OPENPGP_FMT_RAW) - rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + { + rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + if (rc != 0) + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } + } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); -- 1.6.3.2 From 2391ff0c977af42c16abc9a4558f8d6efc321c46 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 09/19] Add a return code check in gnutls_openpgp_crt_import(), copy and pasted from below, assuming it works the same. --- lib/openpgp/pgp.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index 09ae104..d033505 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -100,7 +100,15 @@ gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, } if (format == GNUTLS_OPENPGP_FMT_RAW) - rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + { + rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); + if (rc) + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } + } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); -- 1.6.3.2 From d1788cb43dd09c7e3dace78884ee524c4dd3d31d Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:13 +0200 Subject: [PATCH 10/19] Add a missing return code check in _gnutls_x509_write_int() --- lib/gnutls_mpi.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 15dd1e4..4dc4da1 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -343,6 +343,12 @@ _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi, else result = _gnutls_mpi_print (mpi, NULL, &s_len); + if (result != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_PRINT_FAILED; + } + tmpstr = gnutls_malloc (s_len); if (tmpstr == NULL) { -- 1.6.3.2 From 02946aa3d28bb79a62ca5fdbcc1c45a59cb072bf Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 11/19] Add another return code check in write_secret_key(). Leaving the indentation alone to keep the changes clearly visible. --- lib/opencdk/write-packet.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 1f9fb81..01277b2 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -564,6 +564,8 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo)); if (!rc) rc = write_mpibuf (out, pk->mpi, npkey); + if (!rc) + { if (sk->is_protected == 0) rc = stream_putc (out, 0x00); else @@ -592,6 +594,7 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, if (!rc) rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); } + } if (!rc && sk->is_protected && pk->version == 4) { if (sk->encdata && sk->enclen) -- 1.6.3.2 From f38a9a1b1394ae7a0ed2ca7ed8a07d658eda7777 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 12/19] I don't see why stream_putc()'s return code should be ignored here. --- lib/opencdk/write-packet.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 01277b2..e2c5687 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -571,7 +571,7 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, else { if (is_RSA (pk->pubkey_algo) && pk->version < 4) - stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); + rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); else if (sk->protect.s2k) { s2k_mode = sk->protect.s2k->mode; -- 1.6.3.2 From b9955d10e1f82fda39a64ec50e9b2f0aac8953ce Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 13/19] Add a return code check in gnutls_openpgp_export(), copy and pasted from above, assuming it works the same. --- lib/openpgp/pgp.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index d033505..f5fe636 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -198,6 +198,12 @@ _gnutls_openpgp_export (cdk_kbnode_t node, CDK_ARMOR_PUBKEY); gnutls_free (in); *output_data_size = calc_size; + if (rc) + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } return 0; -- 1.6.3.2 From 9bcd55537350a867efaf30e5c617f364461f4703 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 14/19] Let main() log and exit if deriving the key failed. --- src/psk.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/psk.c b/src/psk.c index 7ce6b1b..24b973d 100644 --- a/src/psk.c +++ b/src/psk.c @@ -135,6 +135,11 @@ main (int argc, char **argv) ret = gnutls_psk_netconf_derive_key (passwd, info.username, info.netconf_hint, &dkey); + if (ret < 0) + { + fprintf (stderr, "Deriving the key failed\n"); + exit (1); + } } else { -- 1.6.3.2 From af26e2fecccfa406663b8eef762868b2ccf63d11 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 15/19] Remove write-only variable tot_len in _gnutls_encode_ber_rs(). --- lib/gnutls_pk.c | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index c6a27a5..d73f330 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -361,7 +361,7 @@ int _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) { ASN1_TYPE sig; - int result, tot_len; + int result; if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), @@ -388,8 +388,6 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) return result; } - tot_len = 0; - result = _gnutls_x509_der_encode (sig, "", sig_value, 0); asn1_delete_structure (&sig); -- 1.6.3.2 From f2a29938c8ee0005967da5a32f3848c65a9d988c Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:11 +0200 Subject: [PATCH 16/19] Remove write-only variable i in _gnutls_proc_openpgp_server_certificate(). --- lib/auth_cert.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/lib/auth_cert.c b/lib/auth_cert.c index a1000f1..b51ba16 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -1063,7 +1063,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, cert_auth_info_t info; gnutls_certificate_credentials_t cred; ssize_t dsize = data_size; - int i, x, key_type; + int x, key_type; gnutls_cert *peer_certificate_list = NULL; int peer_certificate_list_size = 0; gnutls_datum_t tmp, akey = { NULL, 0 }; @@ -1104,7 +1104,6 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, /* no certificate was sent */ return GNUTLS_E_NO_CERTIFICATE_FOUND; } - i = dsize; /* Read PGPKeyDescriptor */ DECR_LEN (dsize, 1); -- 1.6.3.2 From 591ad465ac4507241bb9ca25fd321150b60192fd Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 17/19] Remove write-only variable siz in _verify_x509_mem(). --- src/certtool.c | 4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff --git a/src/certtool.c b/src/certtool.c index 3bca02d..88a36cb 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1804,7 +1804,7 @@ static void print_verification_res (gnutls_x509_crt_t crt, static int _verify_x509_mem (const void *cert, int cert_size) { - int siz, i; + int i; const char *ptr; int ret; char name[256]; @@ -1822,7 +1822,6 @@ _verify_x509_mem (const void *cert, int cert_size) /* Decode the CRL list */ - siz = cert_size; ptr = cert; i = 1; @@ -1866,7 +1865,6 @@ _verify_x509_mem (const void *cert, int cert_size) /* Decode the certificate chain. */ - siz = cert_size; ptr = cert; i = 1; -- 1.6.3.2 From 0f293cb2a274a857a34b443e3530d6ffc586af09 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:12 +0200 Subject: [PATCH 18/19] Remove write-only variable in main(). --- doc/examples/ex-serv-anon.c | 3 +-- doc/examples/ex-serv-export.c | 3 +-- doc/examples/ex-serv-pgp.c | 3 +-- doc/examples/ex-serv-psk.c | 3 +-- doc/examples/ex-serv-srp.c | 3 +-- doc/examples/ex-serv1.c | 3 +-- 6 files changed, 6 insertions(+), 12 deletions(-) diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index 3ccb013..5287c22 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -69,7 +69,7 @@ generate_dh_params (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -134,7 +134,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c index 0cf11f3..5bc8bdc 100644 --- a/doc/examples/ex-serv-export.c +++ b/doc/examples/ex-serv-export.c @@ -124,7 +124,7 @@ generate_rsa_params (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -212,7 +212,6 @@ main (void) /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index 201068d..fd35594 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -75,7 +75,7 @@ initialize_tls_session (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -148,7 +148,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index 0e93569..9eb68cd 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -96,7 +96,7 @@ pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -179,7 +179,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index 67a68df..cfefa7a 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -64,7 +64,7 @@ initialize_tls_session (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -138,7 +138,6 @@ main (void) /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index 9eee252..6a2a20c 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -85,7 +85,7 @@ generate_dh_params (void) int main (void) { - int err, listen_sd, i; + int err, listen_sd; int sd, ret; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; @@ -165,7 +165,6 @@ main (void) /* see the Getting peer's information example */ /* print_info(session); */ - i = 0; for (;;) { memset (buffer, 0, MAX_BUF + 1); -- 1.6.3.2 From d434ce6186a79cd2f5f42de38395e772119eb4d4 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Fri, 26 Jun 2009 21:26:10 +0200 Subject: [PATCH 19/19] Remove a write-only variable in _decode_pkcs12_auth_safe(). --- lib/x509/pkcs12.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 82ee063..1a12847 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -50,7 +50,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, char oid[128]; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; gnutls_datum_t auth_safe = { NULL, 0 }; - int tmp_size, len, result; + int len, result; len = sizeof (oid) - 1; result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len); @@ -70,7 +70,6 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, /* Step 1. Read the content data */ - tmp_size = 0; result = _gnutls_x509_read_value (pkcs12, "authSafe.content", &auth_safe, 1); if (result < 0) -- 1.6.3.2