Revert "Use base64 encode/decode routines from nettle instead of gnutls"

This reverts commit 252bc346e2379475f8547d4a458743bed067448d.

tcp.c

@@ -3,7 +3,7 @@
    Protocol services - TCP layer
    Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
    Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
-   Copyright 2012-2019 Henrik Andersson <hean01@cendio.se> for Cendio AB
+   Copyright 2012-2017 Henrik Andersson <hean01@cendio.se> for Cendio AB
    Copyright 2017 Alexander Zakharov <uglym8@gmail.com>
 
    This program is free software: you can redistribute it and/or modify
@@ -35,7 +35,6 @@
 
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
-#include <nettle/base64.h>
 
 #include "rdesktop.h"
 #include "ssl.h"
@@ -117,10 +116,10 @@ cert_tdb_store(const char* db_name, const char* host, const char* service,
 {
 	UNUSED(service);
 	FILE *out;
+	gnutls_datum_t b64;
 	char filename[4096];
-	char b64[BASE64_ENCODE_RAW_LENGTH(4096)];
 
-	base64_encode_raw(b64, pubkey->size, pubkey->data);
+	CHECK(gnutls_base64_encode2(pubkey, &b64));
 
 	/* store pubkey */
 	cert_store_cache_filename(db_name, host, filename, sizeof(filename));
@@ -128,9 +127,11 @@ cert_tdb_store(const char* db_name, const char* host, const char* service,
 
 	out = fopen(filename, "w+");
 	fprintf(out, "%ld\n", expiration);
-	fprintf(out, "%s\n", b64);
+	fprintf(out, "%s\n", (char *)b64.data);
 	fclose(out);
 
+	gnutls_free(b64.data);
+
 	return GNUTLS_E_SUCCESS;
 }
 
@@ -141,16 +142,13 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
 	UNUSED(service);
 
 	FILE *in;
-	gnutls_datum_t store_pubkey;
+	gnutls_datum_t tmp, store_pubkey;
 	char buf[4096];
-	uint8 dst[4096];
 	char filename[4096];
-	struct base64_decode_ctx ctx;
-	size_t dst_size;
 
 	cert_store_cache_filename(db_name, host, filename, sizeof(filename));
 
-	logger(Core, Debug, "%s(), verify public key for %s",__func__, host);
+	logger(Core, Debug, "%s(), verify pubkey for %s",__func__, host);
 
 	in = fopen(filename, "r");
 	if (in == NULL)
@@ -160,7 +158,6 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
 		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 	}
 
-	/* get expiration line */
 	if (fgets(buf, sizeof(buf), in) == NULL)
 	{
 		logger(Core, Error, "%s(), invalid content of public key cache '%s'", __func__, filename);
@@ -168,7 +165,7 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
 		return GNUTLS_E_NO_CERTIFICATE_FOUND;
 	}
 
-	/* get base64 line */
+	/* base64 decode stored key and compare */
 	if (fgets(buf, sizeof(buf), in) == NULL)
 	{
 		logger(Core, Error, "%s(), invalid content of public key cache '%s'", __func__, filename);
@@ -178,31 +175,24 @@ cert_tdb_verify(const char* db_name, const char* host, const char* service,
 
 	fclose(in);
 
-	/* base64 decode stored key and compare */
-	base64_decode_init(&ctx);
-	dst_size = sizeof(dst);
-	if (base64_decode_update(&ctx, &dst_size, dst, strlen(buf), buf) == 0)
-	{
-		logger(Core, Error, "%s(), failed to base64 decode public key from cache", __func__);
-		unlink(filename);
-		return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
-	}
-	base64_decode_final(&ctx);
-	store_pubkey.size = dst_size;
-	store_pubkey.data = dst;
+	tmp.data = (unsigned char*)buf;
+	tmp.size = strlen(buf);
+	CHECK(gnutls_base64_decode2(&tmp, &store_pubkey));
 
-	/* verify public key against cached key */
 	if (pubkey->size != store_pubkey.size)
 	{
+		gnutls_free(store_pubkey.data);
 		return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
 	}
 
 	if (memcmp(pubkey->data, store_pubkey.data, pubkey->size) != 0)
 	{
+		gnutls_free(store_pubkey.data);
 		return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
 	}
 
 	/* Found mathcing public key in cache */
+	gnutls_free(store_pubkey.data);
 	return GNUTLS_E_SUCCESS;
 }