#include <gnutls/x509.h>
#include <uv.h>
-#include <assert.h>
#include <errno.h>
#include <stdlib.h>
static ssize_t kres_gnutls_pull(gnutls_transport_ptr_t h, void *buf, size_t len)
{
struct tls_common_ctx *t = (struct tls_common_ctx *)h;
- assert(t != NULL);
+ if (!kr_assume(t)) {
+ errno = EFAULT;
+ return -1;
+ }
ssize_t avail = t->nread - t->consumed;
DEBUG_MSG("[%s] pull wanted: %zu available: %zu\n",
static void on_write_complete(uv_write_t *req, int status)
{
- assert(req->data != NULL);
+ if (!kr_assume(req->data))
+ return;
struct async_write_ctx *async_ctx = (struct async_write_ctx *)req->data;
struct tls_common_ctx *t = async_ctx->t;
- assert(t->write_queue_size);
- t->write_queue_size -= 1;
+ if (kr_assume(t->write_queue_size))
+ t->write_queue_size -= 1;
free(req->data);
}
static ssize_t kres_gnutls_vec_push(gnutls_transport_ptr_t h, const giovec_t * iov, int iovcnt)
{
struct tls_common_ctx *t = (struct tls_common_ctx *)h;
-
- if (t == NULL) {
+ if (!kr_assume(t)) {
errno = EFAULT;
return -1;
}
return 0;
}
- assert(t->session);
+ if (!kr_assume(t->session)) {
+ errno = EFAULT;
+ return -1;
+ }
uv_stream_t *handle = (uv_stream_t *)session_get_handle(t->session);
- assert(handle && handle->type == UV_TCP);
+ if (!kr_assume(handle && handle->type == UV_TCP)) {
+ errno = EFAULT;
+ return -1;
+ }
/*
* This is a little bit complicated. There are two different writes:
struct tls_ctx *tls_new(struct worker_ctx *worker)
{
- assert(worker != NULL);
- assert(worker->engine != NULL);
+ if (!kr_assume(worker && worker->engine))
+ return NULL;
struct network *net = &worker->engine->net;
if (!net->tls_credentials) {
void tls_close(struct tls_common_ctx *ctx)
{
- if (ctx == NULL || ctx->tls_session == NULL) {
+ if (ctx == NULL || ctx->tls_session == NULL || !kr_assume(ctx->session))
return;
- }
-
- assert(ctx->session);
if (ctx->handshake_state == TLS_HS_DONE) {
const struct sockaddr *peer = session_get_peer(ctx->session);
struct session *s = handle->data;
struct tls_common_ctx *tls_ctx = session_tls_get_common_ctx(s);
- assert (tls_ctx);
- assert (session_flags(s)->outgoing == tls_ctx->client_side);
+ if (!kr_assume(tls_ctx && session_flags(s)->outgoing == tls_ctx->client_side))
+ return kr_error(EINVAL);
const uint16_t pkt_size = htons(pkt->size);
const char *logstring = tls_ctx->client_side ? client_logstring : server_logstring;
return kr_error(ENOSYS);
}
- assert(tls_p->session == s);
+ if (!kr_assume(tls_p->session == s))
+ return kr_error(EINVAL);
const bool ok = tls_p->recv_buf == buf && nread <= sizeof(tls_p->recv_buf);
- if (!ok) {
- assert(false);
- /* don't risk overflowing the buffer if we have a mistake somewhere */
+ if (!kr_assume(ok)) /* don't risk overflowing the buffer if we have a mistake somewhere */
return kr_error(EINVAL);
- }
const char *logstring = tls_p->client_side ? client_logstring : server_logstring;
* \return error code */
static int get_oob_key_pin(gnutls_x509_crt_t crt, char *outchar, ssize_t outchar_len, bool raw)
{
- if (raw && outchar_len < TLS_SHA256_RAW_LEN) {
- assert(false);
+ if (!kr_assume(!raw || outchar_len >= TLS_SHA256_RAW_LEN)) {
return kr_error(ENOSPC);
/* With !raw we have check inside kr_base64_encode. */
}
if (err >= 0 && err < outchar_len) {
err = GNUTLS_E_SUCCESS;
outchar[err] = '\0'; /* kr_base64_encode() doesn't do it */
- } else if (err >= 0) {
- assert(false);
+ } else if (!kr_assume(err < 0)) {
err = kr_error(ENOSPC); /* base64 fits but '\0' doesn't */
outchar[outchar_len - 1] = '\0';
}
void tls_client_param_unref(tls_client_param_t *entry)
{
- if (!entry) return;
- assert(entry->refs); /* Well, we'd only leak memory. */
+ if (!entry || !kr_assume(entry->refs)) return;
--(entry->refs);
if (entry->refs) return;
}
static int param_free(void **param, void *null)
{
- assert(param && *param);
+ if (!kr_assume(param && *param))
+ return -1;
tls_client_param_unref(*param);
return 0;
}
tls_client_param_t * tls_client_param_new()
{
tls_client_param_t *e = calloc(1, sizeof(*e));
- if (!e) {
- assert(!ENOMEM);
+ if (!kr_assume(e))
return NULL;
- }
/* Note: those array_t don't need further initialization. */
e->refs = 1;
int ret = gnutls_certificate_allocate_credentials(&e->credentials);
*len = sizeof(addr->ip6.sin6_port) + sizeof(addr->ip6.sin6_addr);
return true;
default:
- assert(!EINVAL);
+ (void)!kr_assume(!EINVAL);
return false;
}
}
tls_client_param_t ** tls_client_param_getptr(tls_client_params_t **params,
const struct sockaddr *addr, bool do_insert)
{
- assert(params && addr);
+ if (!kr_assume(params && addr))
+ return NULL;
/* We accept NULL for empty map; ensure the map exists if needed. */
if (!*params) {
if (!do_insert) return NULL;
*params = trie_create(NULL);
- if (!*params) {
- assert(!ENOMEM);
+ if (!kr_assume(*params))
return NULL;
- }
}
/* Construct the key. */
const union inaddr *ia = (const union inaddr *)addr;
const gnutls_datum_t *cert_list,
tls_client_param_t *params)
{
- assert(params->pins.len > 0);
+ if (!kr_assume(params->pins.len > 0))
+ return GNUTLS_E_CERTIFICATE_ERROR;
#if TLS_CAN_USE_PINS
for (int i = 0; i < cert_list_size; i++) {
gnutls_x509_crt_t cert;
#else /* TLS_CAN_USE_PINS */
kr_log_error("[tls_client] internal inconsistency: TLS_CAN_USE_PINS\n");
- assert(false);
+ (void)!kr_assume(false);
return GNUTLS_E_CERTIFICATE_ERROR;
#endif
}
*/
static int client_verify_certchain(gnutls_session_t tls_session, const char *hostname)
{
- if (!hostname) {
+ if (!kr_assume(hostname)) {
kr_log_error("[tls_client] internal config inconsistency: no hostname set\n");
- assert(false);
return GNUTLS_E_CERTIFICATE_ERROR;
}
static int client_verify_certificate(gnutls_session_t tls_session)
{
struct tls_client_ctx *ctx = gnutls_session_get_ptr(tls_session);
- assert(ctx->params != NULL);
+ if (!kr_assume(ctx->params))
+ return GNUTLS_E_CERTIFICATE_ERROR;
if (ctx->params->insecure) {
return GNUTLS_E_SUCCESS;
int tls_pull_timeout_func(gnutls_transport_ptr_t h, unsigned int ms)
{
struct tls_common_ctx *t = (struct tls_common_ctx *)h;
- assert(t != NULL);
- ssize_t avail = t->nread - t->consumed;
+ if (!kr_assume(t)) {
+ errno = EFAULT;
+ return -1;
+ }
+ ssize_t avail = t->nread - t->consumed;
DEBUG_MSG("[%s] timeout check: available: %zu\n",
t->client_side ? "tls_client" : "tls", avail);
if (avail <= 0) {
struct session *session,
tls_handshake_cb handshake_cb)
{
- if (session == NULL || client_ctx == NULL) {
+ if (session == NULL || client_ctx == NULL)
return kr_error(EINVAL);
- }
- assert(session_flags(session)->outgoing && session_get_handle(session)->type == UV_TCP);
+ if (!kr_assume(session_flags(session)->outgoing && session_get_handle(session)->type == UV_TCP))
+ return kr_error(EINVAL);
struct tls_common_ctx *ctx = &client_ctx->c;
projects / thirdparty / knot-resolver.git / commitdiff
