[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-119-g6aca5dd
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-119-g6aca5dd |
|
Date: |
Sat, 22 Sep 2012 07:56:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=6aca5dd7b7adb29d94114cbc0d575cb83a181ddd
The branch, master has been updated
via 6aca5dd7b7adb29d94114cbc0d575cb83a181ddd (commit)
via f06c535863b315535961ac9aa52a9d51cd50766a (commit)
from 9952a5deea2104bec53a8e62a25bf4870d031e56 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6aca5dd7b7adb29d94114cbc0d575cb83a181ddd
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 22 01:45:33 2012 +0200
several cleanups
commit f06c535863b315535961ac9aa52a9d51cd50766a
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Sep 22 00:59:40 2012 +0200
corrected bug in gnutls_x509_privkey_sign_data
-----------------------------------------------------------------------
Summary of changes:
lib/auth/cert.c | 51 +++++-----------------------------
lib/auth/dh_common.c | 12 ++++----
lib/auth/rsa.c | 2 +-
lib/auth/rsa_export.c | 1 -
lib/auth/srp_passwd.c | 19 +++++-------
lib/crypto-backend.c | 3 ++
lib/ext/heartbeat.c | 2 +-
lib/ext/safe_renegotiation.c | 2 -
lib/gnutls_constate.c | 2 -
lib/gnutls_handshake.c | 9 +-----
lib/gnutls_pubkey.c | 2 +-
lib/gnutls_session_pack.c | 61 +++++++++++++++++++----------------------
lib/gnutls_str.c | 8 ++++-
lib/gnutls_x509.c | 3 +-
lib/nettle/pk.c | 2 +-
lib/opencdk/armor.c | 5 +--
lib/opencdk/keydb.c | 4 +-
lib/opencdk/literal.c | 1 -
lib/opencdk/stream.c | 2 +-
lib/opencdk/write-packet.c | 42 +++++++++++++++-------------
lib/pkcs11.c | 2 -
lib/x509/ocsp_output.c | 9 +++++-
lib/x509/pkcs12.c | 2 +-
lib/x509/privkey.c | 2 +-
24 files changed, 102 insertions(+), 146 deletions(-)
diff --git a/lib/auth/cert.c b/lib/auth/cert.c
index f8f55be..0e9e0d9 100644
--- a/lib/auth/cert.c
+++ b/lib/auth/cert.c
@@ -1209,16 +1209,15 @@ cleanup:
#ifdef ENABLE_OPENPGP
static int
_gnutls_proc_openpgp_server_crt (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+ uint8_t * data, size_t data_size)
{
int size, ret, len;
uint8_t *p = data;
cert_auth_info_t info;
gnutls_certificate_credentials_t cred;
ssize_t dsize = data_size;
- int x, key_type;
+ int key_type;
gnutls_pcert_st *peer_certificate_list = NULL;
- int peer_certificate_list_size = 0;
gnutls_datum_t tmp, akey = { NULL, 0 };
uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
unsigned int subkey_id_set = 0;
@@ -1285,8 +1284,8 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session,
}
/* read the actual key or fingerprint */
- if (key_type == PGP_KEY_FINGERPRINT
- || key_type == PGP_KEY_FINGERPRINT_SUBKEY)
+ if (key_type == PGP_KEY_FINGERPRINT ||
+ key_type == PGP_KEY_FINGERPRINT_SUBKEY)
{ /* the fingerprint */
DECR_LEN (dsize, 1);
@@ -1311,8 +1310,6 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session,
return ret;
}
tmp = akey;
- peer_certificate_list_size++;
-
}
else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY)
{ /* the whole key */
@@ -1330,7 +1327,6 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session,
}
DECR_LEN (dsize, len);
- peer_certificate_list_size++;
tmp.size = len;
tmp.data = p;
@@ -1344,16 +1340,9 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t
session,
/* ok we now have the peer's key in tmp datum
*/
-
- if (peer_certificate_list_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
peer_certificate_list =
gnutls_calloc (1,
- sizeof (gnutls_pcert_st) * (peer_certificate_list_size));
+ sizeof (gnutls_pcert_st));
if (peer_certificate_list == NULL)
{
gnutls_assert ();
@@ -1376,7 +1365,7 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session,
ret =
_gnutls_copy_certificate_auth_info (info,
peer_certificate_list,
- peer_certificate_list_size,
+ 1,
subkey_id_set,
(subkey_id_set !=
0) ? subkey_id : NULL);
@@ -1399,7 +1388,7 @@ _gnutls_proc_openpgp_server_crt (gnutls_session_t session,
cleanup:
_gnutls_free_datum (&akey);
- CLEAR_CERTS;
+ gnutls_pcert_deinit(&peer_certificate_list[0]);
gnutls_free (peer_certificate_list);
return ret;
@@ -1586,7 +1575,6 @@ _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t
session,
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
gnutls_datum_t signature = { NULL, 0 };
- int total_data;
gnutls_sign_algorithm_t sign_algo;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
@@ -1616,14 +1604,6 @@ _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t
session,
return 0;
}
- total_data = signature.size + 2;
-
- /* add hash and signature algorithms */
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- total_data += 2;
- }
-
if (_gnutls_version_has_selectable_sighash (ver))
{
const sign_algorithm_st *aid;
@@ -1740,7 +1720,7 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session,
gnutls_buffer_st * data)
{
gnutls_certificate_credentials_t cred;
- int size, ret;
+ int ret;
uint8_t tmp_data[CERTTYPE_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
@@ -1757,18 +1737,6 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session,
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for
size of rdn_seq
- */
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
- session->internals.ignore_rdn_sequence == 0)
- size += cred->x509_rdn_sequence.size;
-
- if (_gnutls_version_has_selectable_sighash (ver))
- /* Need two bytes to announce the number of supported hash
- functions (see below). */
- size += MAX_SIGN_ALGO_SIZE;
-
tmp_data[0] = CERTTYPE_SIZE - 1;
tmp_data[1] = RSA_SIGN;
tmp_data[2] = DSA_SIGN;
@@ -1790,9 +1758,6 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t
session,
return ret;
}
- /* recalculate size */
- size -= MAX_SIGN_ALGO_SIZE + ret;
-
ret = _gnutls_buffer_append_data (data, p, ret);
if (ret < 0)
return gnutls_assert_val (ret);
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index 56faee4..dda96fa 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -228,7 +228,6 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session,
DECR_LEN (data_size, n_Y);
data_Y = &data[i];
- i += n_Y;
_n_Y = n_Y;
_n_g = n_g;
@@ -297,26 +296,27 @@ _gnutls_dh_common_print_server_kx (gnutls_session_t
session,
ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
if (ret < 0)
{
- ret = gnutls_assert_val(ret);
+ gnutls_assert();
goto cleanup;
}
ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
if (ret < 0)
{
- ret = gnutls_assert_val(ret);
+ gnutls_assert();
goto cleanup;
}
ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
if (ret < 0)
{
- ret = gnutls_assert_val(ret);
+ gnutls_assert();
goto cleanup;
}
-
+
+ ret = data->length;
cleanup:
_gnutls_mpi_release (&Y);
- return data->length;
+ return ret;
}
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index f728503..0be2653 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -130,7 +130,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session,
cleanup:
gnutls_pcert_deinit (&peer_cert);
- return 0;
+ return ret;
}
static int
diff --git a/lib/auth/rsa_export.c b/lib/auth/rsa_export.c
index df78dea..d547e39 100644
--- a/lib/auth/rsa_export.c
+++ b/lib/auth/rsa_export.c
@@ -409,7 +409,6 @@ proc_rsa_export_server_kx (gnutls_session_t session,
DECR_LEN (data_size, n_e);
data_e = &data[i];
- i += n_e;
_n_e = n_e;
_n_m = n_m;
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index c00a6bb..18a96ab 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -45,7 +45,7 @@ static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry);
* string(username):base64(v):base64(salt):int(index)
*/
static int
-pwd_put_values (SRP_PWD_ENTRY * entry, char *str)
+parse_tpasswd_values (SRP_PWD_ENTRY * entry, char *str)
{
char *p;
int len, ret;
@@ -135,7 +135,7 @@ pwd_put_values (SRP_PWD_ENTRY * entry, char *str)
* int(index):base64(n):int(g)
*/
static int
-pwd_put_values2 (SRP_PWD_ENTRY * entry, char *str)
+parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str)
{
char *p;
int len;
@@ -228,7 +228,7 @@ pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY *
entry, int idx)
}
if (strncmp (indexstr, line, MAX (i, len)) == 0)
{
- if ((idx = pwd_put_values2 (entry, line)) >= 0)
+ if ((idx = parse_tpasswd_conf_values (entry, line)) >= 0)
{
ret = 0;
goto cleanup;
@@ -257,7 +257,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char
*username,
char line[2 * 1024];
unsigned i, len;
int ret;
- int idx, last_idx;
+ int idx;
SRP_PWD_ENTRY *entry = NULL;
*_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY));
@@ -334,8 +334,6 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char
*username,
goto cleanup;
}
- last_idx = 1; /* a default value */
-
len = strlen (username);
while (fgets (line, sizeof (line), fd) != NULL)
{
@@ -348,13 +346,11 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char
*username,
if (strncmp (username, line, MAX (i, len)) == 0)
{
- if ((idx = pwd_put_values (entry, line)) >= 0)
+ if ((idx = parse_tpasswd_values (entry, line)) >= 0)
{
/* Keep the last index in memory, so we can retrieve fake
parameters (g,n)
* when the user does not exist.
*/
- /* XXX: last_idx will not be read as both if block branches
return. */
- last_idx = idx;
if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
{
goto found;
@@ -378,7 +374,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char
*username,
/* user was not found. Fake him. Actually read the g,n values from
* the last index found and randomize the entry.
*/
- if (pwd_read_conf (cred->password_conf_file, entry, last_idx) == 0)
+ if (pwd_read_conf (cred->password_conf_file, entry, 1) == 0)
{
ret = _randomize_pwd_entry (entry);
if (ret < 0)
@@ -390,11 +386,12 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char
*username,
goto found;
}
+ ret = GNUTLS_E_SRP_PWD_ERROR;
cleanup:
gnutls_assert ();
if (fd) fclose(fd);
_gnutls_srp_entry_free (entry);
- return GNUTLS_E_SRP_PWD_ERROR;
+ return ret;
found:
if (fd) fclose(fd);
diff --git a/lib/crypto-backend.c b/lib/crypto-backend.c
index 6d08155..93fb799 100644
--- a/lib/crypto-backend.c
+++ b/lib/crypto-backend.c
@@ -52,6 +52,9 @@ _algo_register (algo_list * al, int algorithm, int priority,
const void *s)
{
algo_list *cl;
algo_list *last_cl = al;
+
+ if (al == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* look if there is any cipher with lowest priority. In that case do not add.
*/
diff --git a/lib/ext/heartbeat.c b/lib/ext/heartbeat.c
index d71e694..8e1c5ce 100644
--- a/lib/ext/heartbeat.c
+++ b/lib/ext/heartbeat.c
@@ -471,7 +471,7 @@ _gnutls_heartbeat_send_params (gnutls_session_t session,
if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
p = 1;
- else if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)
+ else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)*/
p = 2;
_gnutls_debug_log ("HB: sending parameter %u\n", (unsigned)p);
diff --git a/lib/ext/safe_renegotiation.c b/lib/ext/safe_renegotiation.c
index 1d6b67c..98629ef 100644
--- a/lib/ext/safe_renegotiation.c
+++ b/lib/ext/safe_renegotiation.c
@@ -271,8 +271,6 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session)
}
epriv.ptr = priv;
}
- else
- priv = epriv.ptr;
if (set != 0)
_gnutls_ext_set_session_data (session,
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index c4aa4bc..9426752 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -248,8 +248,6 @@ _gnutls_set_keys (gnutls_session_t session,
record_parameters_st * params,
(&server_write->IV, &key_block[pos], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
- pos += IV_size;
-
}
else if (IV_size > 0 && export_flag != 0)
{
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 1eb5d6b..10c6ecb 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1122,7 +1122,7 @@ _gnutls_send_handshake (gnutls_session_t session,
mbuffer_st * bufel,
/* Fragment length */
_gnutls_write_uint24 (i_datasize, &data[pos]);
- pos += 3;
+ /* pos += 3; */
}
_gnutls_handshake_log ("HSK[%p]: %s was queued [%ld bytes]\n",
@@ -1885,7 +1885,7 @@ _gnutls_send_client_hello (gnutls_session_t session, int
again)
{
data[pos++] = session->internals.dtls.cookie_len;
memcpy(&data[pos], &session->internals.dtls.cookie,
session->internals.dtls.cookie_len);
- pos += session->internals.dtls.cookie_len;
+ /* pos += session->internals.dtls.cookie_len; */
}
/* Copy the ciphersuites.
@@ -1976,8 +1976,6 @@ _gnutls_send_server_hello (gnutls_session_t session, int
again)
uint8_t session_id_len = session->security_parameters.session_id_size;
char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
- datalen = 0;
-
_gnutls_buffer_init(&extdata);
if (again == 0)
@@ -2031,7 +2029,6 @@ _gnutls_send_server_hello (gnutls_session_t session, int
again)
if (extdata.length > 0)
{
- datalen += extdata.length;
memcpy (&data[pos], extdata.data, extdata.length);
}
}
@@ -2145,8 +2142,6 @@ _gnutls_recv_hello_verify_request (gnutls_session_t
session,
session->internals.dtls.cookie_len = cookie_len;
memcpy (session->internals.dtls.cookie, &data[pos], cookie_len);
- pos += cookie_len;
-
if (len != 0)
{
gnutls_assert ();
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 58c4139..c145562 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -1580,7 +1580,7 @@ unsigned int sig_hash_size;
{
if (_gnutls_version_has_selectable_sighash (ver) && sign !=
GNUTLS_SIGN_UNKNOWN)
{
- hash_algo = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm,
&pubkey->params, &hash_size);
+ _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params,
&hash_size);
sig_hash_size =
_gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign));
if (sig_hash_size < hash_size)
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index 9982622..16bdc23 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -103,7 +103,7 @@ _gnutls_session_pack (gnutls_session_t session,
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
#endif
@@ -113,7 +113,7 @@ _gnutls_session_pack (gnutls_session_t session,
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
#endif
@@ -123,7 +123,7 @@ _gnutls_session_pack (gnutls_session_t session,
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
#endif
@@ -132,7 +132,7 @@ _gnutls_session_pack (gnutls_session_t session,
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
default:
@@ -147,20 +147,20 @@ _gnutls_session_pack (gnutls_session_t session,
if (ret < 0)
{
gnutls_assert ();
- _gnutls_buffer_clear (&sb);
- return ret;
+ goto fail;
}
ret = _gnutls_ext_pack (session, &sb);
if (ret < 0)
{
gnutls_assert ();
- _gnutls_buffer_clear (&sb);
- return ret;
+ goto fail;
}
- ret = _gnutls_buffer_to_datum (&sb, packed_session);
+ return _gnutls_buffer_to_datum (&sb, packed_session);
+fail:
+ _gnutls_buffer_clear (&sb);
return ret;
}
@@ -363,10 +363,7 @@ unpack_certificate_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP_NUM (ps, info->dh.secret_bits);
@@ -433,9 +430,13 @@ pack_srp_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
int len, ret;
int size_offset;
size_t cur_size;
+ const char* username = NULL;
if (info && info->username)
- len = strlen (info->username) + 1; /* include the terminating null */
+ {
+ username = info->username;
+ len = strlen (info->username) + 1; /* include the terminating null */
+ }
else
len = 0;
@@ -443,7 +444,7 @@ pack_srp_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
- BUFFER_APPEND_PFX4 (ps, info->username, len);
+ BUFFER_APPEND_PFX4 (ps, username, len);
/* write the real size */
_gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
@@ -466,7 +467,6 @@ unpack_srp_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
return GNUTLS_E_INTERNAL_ERROR;
}
-
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
sizeof (srp_server_auth_info_st), 1);
@@ -478,12 +478,11 @@ unpack_srp_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP (ps, info->username, username_size);
+ if (username_size == 0)
+ info->username[0] = 0;
ret = 0;
@@ -518,15 +517,15 @@ pack_anon_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
size_offset = ps->length;
BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
-
+
if (info)
{
BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
BUFFER_APPEND_PFX4 (ps, info->dh.generator.data,
- info->dh.generator.size);
+ info->dh.generator.size);
BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
- info->dh.public_key.size);
+ info->dh.public_key.size);
}
/* write the real size */
@@ -561,10 +560,7 @@ unpack_anon_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP_NUM (ps, info->dh.secret_bits);
@@ -614,13 +610,15 @@ pack_psk_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
size_t cur_size;
info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (info && info->username)
+ if (info->username)
username_len = strlen (info->username) + 1; /* include the terminating
null */
else
username_len = 0;
- if (info && info->hint)
+ if (info->hint)
hint_len = strlen (info->hint) + 1; /* include the terminating null */
else
hint_len = 0;
@@ -661,10 +659,7 @@ unpack_psk_auth_info (gnutls_session_t session,
gnutls_buffer_st * ps)
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP_NUM (ps, username_size);
if (username_size > sizeof (info->username))
diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c
index 5c40b9c..34a8a19 100644
--- a/lib/gnutls_str.c
+++ b/lib/gnutls_str.c
@@ -254,8 +254,9 @@ _gnutls_buffer_pop_datum (gnutls_buffer_st * str,
gnutls_datum_t * data,
return;
}
-/* converts the buffer to a datum if possible. After this call the buffer
- * is at an usable state and might not be used or deinitialized */
+/* converts the buffer to a datum if possible. After this call
+ * (failed or not) the buffer should be considered deinitialized.
+ */
int
_gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
{
@@ -264,6 +265,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str,
gnutls_datum_t * data)
{
data->data = NULL;
data->size = 0;
+ _gnutls_buffer_clear (str);
return 0;
}
@@ -273,6 +275,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str,
gnutls_datum_t * data)
if (data->data == NULL)
{
gnutls_assert ();
+ _gnutls_buffer_clear (str);
return GNUTLS_E_MEMORY_ERROR;
}
memcpy (data->data, str->data, str->length);
@@ -283,6 +286,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str,
gnutls_datum_t * data)
{
data->data = str->data;
data->size = str->length;
+ _gnutls_buffer_init(str);
}
return 0;
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index ac9426d..3806a76 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -621,10 +621,9 @@ read_cas_url (gnutls_certificate_credentials_t res, const
char *url)
ret =
gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
0);
- if (xcrt_list == NULL)
+ if (ret < 0)
{
gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 8769278..30129bb 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -150,6 +150,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t
algo, gnutls_datum_t * o
_ecc_params_to_pubkey(pub, &ecc_pub);
_ecc_params_to_privkey(priv, &ecc_priv);
+ sz = ECC_BUF_SIZE;
if (ecc_projective_check_point(&ecc_pub.pubkey, pub->params[ECC_B],
pub->params[ECC_PRIME]) != 0)
{
@@ -157,7 +158,6 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t
algo, gnutls_datum_t * o
goto ecc_cleanup;
}
- sz = ECC_BUF_SIZE;
out->data = gnutls_malloc(sz);
if (out->data == NULL)
{
diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c
index fbfab15..1d2a645 100644
--- a/lib/opencdk/armor.c
+++ b/lib/opencdk/armor.c
@@ -526,10 +526,9 @@ cdk_armor_encode_buffer (const byte * inbuf, size_t inlen,
return 0;
}
- pos = 0;
memset (outbuf, 0, outlen);
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
+ memcpy (outbuf, "-----", 5);
+ pos = 5;
memcpy (outbuf + pos, head, strlen (head));
pos += strlen (head);
memcpy (outbuf + pos, "-----", 5);
diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c
index b74feda..646904d 100644
--- a/lib/opencdk/keydb.c
+++ b/lib/opencdk/keydb.c
@@ -1198,7 +1198,7 @@ _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char
*name,
return CDK_Unusable_Key;
}
node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
- if (sk->pk->uid && node)
+ if (sk && sk->pk && sk->pk->uid && node)
_cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
/* We only release the outer packet. */
@@ -1275,7 +1275,7 @@ _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char
*name,
return CDK_Unusable_Key;
}
node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
- if (pk->uid && node)
+ if (pk && pk->uid && node)
_cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
cdk_kbnode_release (knode);
diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c
index eb16188..7b0ec0d 100644
--- a/lib/opencdk/literal.c
+++ b/lib/opencdk/literal.c
@@ -215,7 +215,6 @@ literal_encode (void *data, FILE * in, FILE * out)
pt->buf = si;
pkt->old_ctb = 1;
pkt->pkttype = CDK_PKT_LITERAL;
- pkt->pkt.literal = pt;
rc = _cdk_pkt_write_fp (out, pkt);
cdk_pkt_release (pkt);
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index 7c62095..bfc96ab 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -1042,7 +1042,7 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t
count)
return EOF;
}
- if (!buf && !count)
+ if (!buf || !count)
return stream_flush (s);
if (s->cache.on)
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 0937c77..77b9db1 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -146,9 +146,9 @@ pkt_encode_len (cdk_stream_t out, size_t pktlen)
{
cdk_error_t rc;
- assert (out);
+ if (!out)
+ return CDK_Inv_Value;
- rc = 0;
if (!pktlen)
{
/* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
@@ -179,7 +179,8 @@ write_head_new (cdk_stream_t out, size_t size, int type)
{
cdk_error_t rc;
- assert (out);
+ if (!out)
+ return CDK_Inv_Value;
if (type < 0 || type > 63)
return CDK_Inv_Packet;
@@ -196,7 +197,8 @@ write_head_old (cdk_stream_t out, size_t size, int type)
cdk_error_t rc;
int ctb;
- assert (out);
+ if (!out)
+ return CDK_Inv_Value;
if (type < 0 || type > 16)
return CDK_Inv_Packet;
@@ -257,8 +259,8 @@ write_pubkey_enc (cdk_stream_t out, cdk_pkt_pubkey_enc_t
pke, int old_ctb)
size_t size;
int rc, nenc;
- assert (out);
- assert (pke);
+ if (!out || !pke)
+ return CDK_Inv_Value;
if (pke->version < 2 || pke->version > 3)
return CDK_Inv_Packet;
@@ -292,8 +294,8 @@ write_mdc (cdk_stream_t out, cdk_pkt_mdc_t mdc)
{
cdk_error_t rc;
- assert (mdc);
- assert (out);
+ if (!out || !mdc)
+ return CDK_Inv_Value;
if (DEBUG_PKT)
_gnutls_write_log ("write_mdc:\n");
@@ -363,8 +365,8 @@ write_signature (cdk_stream_t out, cdk_pkt_signature_t sig,
int old_ctb)
size_t nbytes, size, nsig;
cdk_error_t rc;
- assert (out);
- assert (sig);
+ if (!out || !sig)
+ return CDK_Inv_Value;
if (!KEY_CAN_SIGN (sig->pubkey_algo))
return CDK_Inv_Algo;
@@ -429,8 +431,8 @@ write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk,
size_t npkey = 0, size = 6;
cdk_error_t rc;
- assert (out);
- assert (pk);
+ if (!out || !pk)
+ return CDK_Inv_Value;
if (pk->version < 2 || pk->version > 4)
return CDK_Inv_Packet;
@@ -506,8 +508,8 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
int pkttype, s2k_mode;
cdk_error_t rc;
- assert (out);
- assert (sk);
+ if (!out || !sk)
+ return CDK_Inv_Value;
if (!sk->pk)
return CDK_Inv_Value;
@@ -626,8 +628,8 @@ write_compressed (cdk_stream_t out, cdk_pkt_compressed_t cd)
{
cdk_error_t rc;
- assert (out);
- assert (cd);
+ if (!out || !cd)
+ return CDK_Inv_Value;
if (DEBUG_PKT)
_gnutls_write_log ("packet: write_compressed\n");
@@ -647,8 +649,8 @@ write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int
old_ctb)
size_t size;
cdk_error_t rc;
- assert (out);
- assert (pt);
+ if (!out || !pt)
+ return CDK_Inv_Value;
/* We consider a packet without a body as an invalid packet.
At least one octet must be present. */
@@ -694,8 +696,8 @@ write_onepass_sig (cdk_stream_t out, cdk_pkt_onepass_sig_t
sig)
{
cdk_error_t rc;
- assert (out);
- assert (sig);
+ if (!out || !sig)
+ return CDK_Inv_Value;
if (sig->version != 3)
return CDK_Inv_Packet;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 35be7df..48dcd03 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -997,8 +997,6 @@ _pkcs11_traverse_tokens (find_func_t find_func, void *input,
{
struct token_info tinfo;
- ret = GNUTLS_E_PKCS11_ERROR;
-
if (pkcs11_get_token_info (module, providers[x].slots[z],
&tinfo.tinfo) != CKR_OK)
{
diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c
index cca931d..6b60872 100644
--- a/lib/x509/ocsp_output.c
+++ b/lib/x509/ocsp_output.c
@@ -571,8 +571,13 @@ print_resp (gnutls_buffer_st * str, gnutls_ocsp_resp_t
resp,
{
ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM,
out.data, &s);
- out.size = s;
- addf (str, "%.*s", out.size, out.data);
+ if (ret < 0)
+ addf (str, "error: crt_export: %s\n", gnutls_strerror
(ret));
+ else
+ {
+ out.size = s;
+ addf (str, "%.*s", out.size, out.data);
+ }
gnutls_free (out.data);
}
}
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index ebbf954..d06fea4 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1788,7 +1788,7 @@ done:
gnutls_x509_crt_deinit(_extra_certs[i]);
gnutls_free(_extra_certs);
}
- if (_chain_len && chain != NULL)
+ if (_chain_len && _chain != NULL)
{
for (i = 0; i < _chain_len; i++)
gnutls_x509_crt_deinit(_chain[i]);
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index a88e332..b903972 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -1686,7 +1686,7 @@ gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
}
result =
- _gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, signature);
+ _gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, &sig);
_gnutls_free_datum(&hash);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-119-g6aca5dd,
Nikos Mavrogiannopoulos <=