|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2000-2012 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* This file contains the RSA key exchange part of the certificate
|
|
Packit Service |
4684c1 |
* authentication.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include "auth.h"
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include "dh.h"
|
|
Packit Service |
4684c1 |
#include "num.h"
|
|
Packit Service |
4684c1 |
#include "datum.h"
|
|
Packit Service |
4684c1 |
#include <auth/cert.h>
|
|
Packit Service |
4684c1 |
#include <pk.h>
|
|
Packit Service |
4684c1 |
#include <algorithms.h>
|
|
Packit Service |
4684c1 |
#include <global.h>
|
|
Packit Service |
4684c1 |
#include "debug.h"
|
|
Packit Service |
4684c1 |
#include <tls-sig.h>
|
|
Packit Service |
4684c1 |
#include <x509.h>
|
|
Packit Service |
4684c1 |
#include <random.h>
|
|
Packit Service |
4684c1 |
#include <mpi.h>
|
|
Packit Service |
4684c1 |
#include <abstract_int.h>
|
|
Packit Service |
4684c1 |
#include <auth/rsa_common.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_gen_rsa_client_kx(gnutls_session_t, gnutls_buffer_st *);
|
|
Packit Service |
4684c1 |
static int proc_rsa_client_kx(gnutls_session_t, uint8_t *, size_t);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
const mod_auth_st rsa_auth_struct = {
|
|
Packit Service |
4684c1 |
"RSA",
|
|
Packit Service |
4684c1 |
_gnutls_gen_cert_server_crt,
|
|
Packit Service |
4684c1 |
_gnutls_gen_cert_client_crt,
|
|
Packit Service |
4684c1 |
NULL, /* gen server kx */
|
|
Packit Service |
4684c1 |
_gnutls_gen_rsa_client_kx,
|
|
Packit Service |
4684c1 |
_gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */
|
|
Packit Service |
4684c1 |
_gnutls_gen_cert_server_cert_req, /* server cert request */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_proc_crt,
|
|
Packit Service |
4684c1 |
_gnutls_proc_crt,
|
|
Packit Service |
4684c1 |
NULL, /* proc server kx */
|
|
Packit Service |
4684c1 |
proc_rsa_client_kx, /* proc client kx */
|
|
Packit Service |
4684c1 |
_gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */
|
|
Packit Service |
4684c1 |
_gnutls_proc_cert_cert_req /* proc server cert request */
|
|
Packit Service |
4684c1 |
};
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static
|
|
Packit Service |
4684c1 |
int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (key_usage != 0) {
|
|
Packit Service |
4684c1 |
if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) && !(key_usage & GNUTLS_KEY_KEY_AGREEMENT)) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
if (session->internals.allow_key_usage_violation == 0) {
|
|
Packit Service |
4684c1 |
_gnutls_audit_log(session,
|
|
Packit Service |
4684c1 |
"Peer's certificate does not allow encryption. Key usage violation detected.\n");
|
|
Packit Service |
4684c1 |
return GNUTLS_E_KEY_USAGE_VIOLATION;
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
_gnutls_audit_log(session,
|
|
Packit Service |
4684c1 |
"Peer's certificate does not allow encryption. Key usage violation detected (ignored).\n");
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* This function reads the RSA parameters from peer's certificate;
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* IMPORTANT:
|
|
Packit Service |
4684c1 |
* Currently this function gets only called on the client side
|
|
Packit Service |
4684c1 |
* during generation of the client kx msg. This function
|
|
Packit Service |
4684c1 |
* retrieves the RSA params from the peer's certificate. That is in
|
|
Packit Service |
4684c1 |
* this case the server's certificate. As of GNUTLS version 3.6.4 it is
|
|
Packit Service |
4684c1 |
* possible to negotiate different certificate types for client and
|
|
Packit Service |
4684c1 |
* server. Therefore the correct cert type needs to be retrieved to be
|
|
Packit Service |
4684c1 |
* used for the _gnutls_get_auth_info_pcert call. If this
|
|
Packit Service |
4684c1 |
* function is to be called on the server side in the future, extra
|
|
Packit Service |
4684c1 |
* checks need to be build in order to retrieve the correct
|
|
Packit Service |
4684c1 |
* certificate type.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_get_public_rsa_params(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_pk_params_st * params)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
cert_auth_info_t info;
|
|
Packit Service |
4684c1 |
unsigned key_usage;
|
|
Packit Service |
4684c1 |
gnutls_pcert_st peer_cert;
|
|
Packit Service |
4684c1 |
gnutls_certificate_type_t cert_type;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
assert(!IS_SERVER(session));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* normal non export case */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (info == NULL || info->ncerts == 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INTERNAL_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
// Get the negotiated server certificate type
|
|
Packit Service |
4684c1 |
cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_get_auth_info_pcert(&peer_cert, cert_type, info);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pubkey_get_key_usage(peer_cert.pubkey, &key_usage);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = check_key_usage_for_enc(session, key_usage);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup2;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pk_params_init(params);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_pubkey_get_mpis(peer_cert.pubkey, params);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
|
|
Packit Service |
4684c1 |
goto cleanup2;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pcert_deinit(&peer_cert);
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup2:
|
|
Packit Service |
4684c1 |
gnutls_pcert_deinit(&peer_cert);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
static int
|
|
Packit Service |
4684c1 |
proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
|
|
Packit Service |
4684c1 |
size_t _data_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
|
|
Packit Service |
4684c1 |
gnutls_datum_t ciphertext;
|
|
Packit Service |
4684c1 |
int ret, dsize;
|
|
Packit Service |
4684c1 |
ssize_t data_size = _data_size;
|
|
Packit Service |
4684c1 |
volatile uint8_t ver_maj, ver_min;
|
|
Packit Service |
4684c1 |
volatile uint8_t check_ver_min;
|
|
Packit Service |
4684c1 |
volatile uint32_t ok;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
if (get_num_version(session) == GNUTLS_SSL3) {
|
|
Packit Service |
4684c1 |
/* SSL 3.0
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
ciphertext.data = data;
|
|
Packit Service |
4684c1 |
ciphertext.size = data_size;
|
|
Packit Service |
4684c1 |
} else
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
/* TLS 1.0+
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
DECR_LEN(data_size, 2);
|
|
Packit Service |
4684c1 |
ciphertext.data = &data[2];
|
|
Packit Service |
4684c1 |
dsize = _gnutls_read_uint16(data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (dsize != data_size) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
ciphertext.size = dsize;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ver_maj = _gnutls_get_adv_version_major(session);
|
|
Packit Service |
4684c1 |
ver_min = _gnutls_get_adv_version_minor(session);
|
|
Packit Service |
4684c1 |
check_ver_min = (session->internals.allow_wrong_pms == 0);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
|
|
Packit Service |
4684c1 |
if (session->key.key.data == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
session->key.key.size = GNUTLS_MASTER_SIZE;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Fallback value when decryption fails. Needs to be unpredictable. */
|
|
Packit Service |
4684c1 |
ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data,
|
|
Packit Service |
4684c1 |
GNUTLS_MASTER_SIZE);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_free(session->key.key.data);
|
|
Packit Service |
4684c1 |
session->key.key.size = 0;
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
gnutls_privkey_decrypt_data2(session->internals.selected_key,
|
|
Packit Service |
4684c1 |
0, &ciphertext, session->key.key.data,
|
|
Packit Service |
4684c1 |
session->key.key.size);
|
|
Packit Service |
4684c1 |
/* After this point, any conditional on failure that cause differences
|
|
Packit Service |
4684c1 |
* in execution may create a timing or cache access pattern side
|
|
Packit Service |
4684c1 |
* channel that can be used as an oracle, so treat very carefully */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Error handling logic:
|
|
Packit Service |
4684c1 |
* In case decryption fails then don't inform the peer. Just use the
|
|
Packit Service |
4684c1 |
* random key previously generated. (in order to avoid attack against
|
|
Packit Service |
4684c1 |
* pkcs-1 formatting).
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* If we get version mismatches no error is returned either. We
|
|
Packit Service |
4684c1 |
* proceed normally. This is to defend against the attack described
|
|
Packit Service |
4684c1 |
* in the paper "Attacking RSA-based sessions in SSL/TLS" by
|
|
Packit Service |
4684c1 |
* Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* ok is 0 in case of error and 1 in case of success. */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* if ret < 0 */
|
|
Packit Service |
4684c1 |
ok = CONSTCHECK_EQUAL(ret, 0);
|
|
Packit Service |
4684c1 |
/* session->key.key.data[0] must equal ver_maj */
|
|
Packit Service |
4684c1 |
ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj);
|
|
Packit Service |
4684c1 |
/* if check_ver_min then session->key.key.data[1] must equal ver_min */
|
|
Packit Service |
4684c1 |
ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
|
|
Packit Service |
4684c1 |
CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ok) {
|
|
Packit Service |
4684c1 |
/* call logging function unconditionally so all branches are
|
|
Packit Service |
4684c1 |
* indistinguishable for timing and cache access when debug
|
|
Packit Service |
4684c1 |
* logging is disabled */
|
|
Packit Service |
4684c1 |
_gnutls_no_log("%s", attack_error);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
_gnutls_debug_log("%s", attack_error);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* This is here to avoid the version check attack
|
|
Packit Service |
4684c1 |
* discussed above.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
session->key.key.data[0] = ver_maj;
|
|
Packit Service |
4684c1 |
session->key.key.data[1] = ver_min;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* return RSA(random) using the peers public key
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_gen_rsa_client_kx(gnutls_session_t session,
|
|
Packit Service |
4684c1 |
gnutls_buffer_st * data)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
cert_auth_info_t auth = session->key.auth_info;
|
|
Packit Service |
4684c1 |
gnutls_datum_t sdata; /* data to send */
|
|
Packit Service |
4684c1 |
gnutls_pk_params_st params;
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (auth == NULL) {
|
|
Packit Service |
4684c1 |
/* this shouldn't have happened. The proc_certificate
|
|
Packit Service |
4684c1 |
* function should have detected that.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
session->key.key.size = GNUTLS_MASTER_SIZE;
|
|
Packit Service |
4684c1 |
session->key.key.data = gnutls_malloc(session->key.key.size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (session->key.key.data == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = gnutls_rnd(GNUTLS_RND_RANDOM, session->key.key.data,
|
|
Packit Service |
4684c1 |
session->key.key.size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (session->internals.rsa_pms_version[0] == 0) {
|
|
Packit Service |
4684c1 |
session->key.key.data[0] =
|
|
Packit Service |
4684c1 |
_gnutls_get_adv_version_major(session);
|
|
Packit Service |
4684c1 |
session->key.key.data[1] =
|
|
Packit Service |
4684c1 |
_gnutls_get_adv_version_minor(session);
|
|
Packit Service |
4684c1 |
} else { /* use the version provided */
|
|
Packit Service |
4684c1 |
session->key.key.data[0] =
|
|
Packit Service |
4684c1 |
session->internals.rsa_pms_version[0];
|
|
Packit Service |
4684c1 |
session->key.key.data[1] =
|
|
Packit Service |
4684c1 |
session->internals.rsa_pms_version[1];
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* move RSA parameters to key (session).
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
if ((ret = _gnutls_get_public_rsa_params(session, ¶ms)) < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
|
|
Packit Service |
4684c1 |
¶ms);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pk_params_release(¶ms);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#ifdef ENABLE_SSL3
|
|
Packit Service |
4684c1 |
if (get_num_version(session) == GNUTLS_SSL3) {
|
|
Packit Service |
4684c1 |
/* SSL 3.0 */
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_data(data, sdata.data,
|
|
Packit Service |
4684c1 |
sdata.size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&sdata);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
} else
|
|
Packit Service |
4684c1 |
#endif
|
|
Packit Service |
4684c1 |
{ /* TLS 1.x */
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_buffer_append_data_prefix(data, 16, sdata.data,
|
|
Packit Service |
4684c1 |
sdata.size);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&sdata);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|