From: Nikos Mavrogiannopoulos Date: Fri, 18 Apr 2014 09:25:47 +0000 (+0200) Subject: Made _gnutls_get_auth_info() safer to use. X-Git-Tag: gnutls_3_3_1~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76b092b1bdaf76126c7961be9454d0756dc372ff;p=thirdparty%2Fgnutls.git Made _gnutls_get_auth_info() safer to use. --- diff --git a/lib/auth/cert.c b/lib/auth/cert.c index c0f3ccf59d..e89d618e28 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -1041,7 +1041,7 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session, return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (data == NULL || data_size == 0) { gnutls_assert(); @@ -1179,7 +1179,7 @@ _gnutls_proc_openpgp_server_crt(gnutls_session_t session, return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (data == NULL || data_size == 0) { gnutls_assert(); @@ -1573,7 +1573,7 @@ _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, ssize_t dsize = data_size; uint8_t *pdata = data; gnutls_datum_t sig; - cert_auth_info_t info = _gnutls_get_auth_info(session); + cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); gnutls_pcert_st peer_cert; gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; const version_entry_st *ver = get_version(session); @@ -2207,7 +2207,7 @@ _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, int sigsize; gnutls_datum_t signature; int ret; - cert_auth_info_t info = _gnutls_get_auth_info(session); + cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); ssize_t data_size = _data_size; gnutls_pcert_st peer_cert; gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index 66e741c9e3..839c22419a 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -310,7 +310,11 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, /* copy the username to the auth info structures */ - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); + if (info == NULL) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } if (username.size > MAX_USERNAME_SIZE) { gnutls_assert(); @@ -372,7 +376,12 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, /* copy the username to the auth info structures */ - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); + if (info == NULL) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } + if (username.size > MAX_USERNAME_SIZE) { gnutls_assert(); diff --git a/lib/auth/psk.c b/lib/auth/psk.c index ce97c49db1..1124c94545 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -234,7 +234,11 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, /* copy the username to the auth info structures */ - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); + if (info == NULL) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } if (username.size > MAX_USERNAME_SIZE) { gnutls_assert(); @@ -340,7 +344,11 @@ _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data, /* copy the hint to the auth info structures */ - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); + if (info == NULL) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } if (hint.size > MAX_USERNAME_SIZE) { gnutls_assert(); diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index aaaeb95888..128e7b4b87 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -74,7 +74,7 @@ _gnutls_get_public_rsa_params(gnutls_session_t session, /* normal non export case */ - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL || info->ncerts == 0) { gnutls_assert(); diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index b151874f87..ae15a5a19a 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -293,7 +293,11 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, /* copy the username to the auth info structures */ - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); + if (info == NULL) { + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + } if (username.size > MAX_USERNAME_SIZE) { gnutls_assert(); diff --git a/lib/auth/srp.c b/lib/auth/srp.c index 418469dd73..df1c4525e2 100644 --- a/lib/auth/srp.c +++ b/lib/auth/srp.c @@ -144,7 +144,10 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session, return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); + if (info == NULL) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + username = info->username; _gnutls_str_cpy(username, MAX_USERNAME_SIZE, priv->username); diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c index 83799ee388..0903fb5a13 100644 --- a/lib/auth/srp_rsa.c +++ b/lib/auth/srp_rsa.c @@ -189,7 +189,7 @@ proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data, data_size = _data_size - ret; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); if (info == NULL || info->ncerts == 0) { gnutls_assert(); /* we need this in order to get peer's certificate */ diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 106739d41d..5f001ad296 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -252,24 +252,6 @@ const void *_gnutls_get_cred(gnutls_session_t session, return retval; } -/*- - * _gnutls_get_auth_info - Returns a pointer to authentication information. - * @session: is a #gnutls_session_t structure. - * - * This function must be called after a successful gnutls_handshake(). - * Returns a pointer to authentication information. That information - * is data obtained by the handshake protocol, the key exchange algorithm, - * and the TLS extensions messages. - * - * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t; - * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; - * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; - -*/ -void *_gnutls_get_auth_info(gnutls_session_t session) -{ - return session->key.auth_info; -} - /*- * _gnutls_free_auth_info - Frees the auth info structure * @session: is a #gnutls_session_t structure. @@ -293,7 +275,7 @@ void _gnutls_free_auth_info(gnutls_session_t session) case GNUTLS_CRD_ANON: { anon_auth_info_t info = - _gnutls_get_auth_info(session); + _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) break; @@ -305,7 +287,7 @@ void _gnutls_free_auth_info(gnutls_session_t session) case GNUTLS_CRD_PSK: { psk_auth_info_t info = - _gnutls_get_auth_info(session); + _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) break; @@ -318,7 +300,7 @@ void _gnutls_free_auth_info(gnutls_session_t session) { unsigned int i; cert_auth_info_t info = - _gnutls_get_auth_info(session); + _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) break; diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index 31c1b5efc4..d25c61b4ad 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -57,9 +57,30 @@ const void *_gnutls_get_cred(gnutls_session_t session, gnutls_credentials_type_t kx, int *err); const void *_gnutls_get_kx_cred(gnutls_session_t session, gnutls_kx_algorithm_t algo, int *err); -void *_gnutls_get_auth_info(gnutls_session_t session); int _gnutls_auth_info_set(gnutls_session_t session, gnutls_credentials_type_t type, int size, int allow_change); +/*- + * _gnutls_get_auth_info - Returns a pointer to authentication information. + * @session: is a #gnutls_session_t structure. + * + * This function must be called after a successful gnutls_handshake(). + * Returns a pointer to authentication information. That information + * is data obtained by the handshake protocol, the key exchange algorithm, + * and the TLS extensions messages. + * + * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t; + * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; + * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; + -*/ +inline static +void *_gnutls_get_auth_info(gnutls_session_t session, gnutls_credentials_type_t type) +{ + if (type == session->key.auth_info_type) + return session->key.auth_info; + else + return NULL; +} + #endif diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 40f54694f6..cabdf4e42d 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -579,7 +579,7 @@ _gnutls_openpgp_crt_verify_peers(gnutls_session_t session, CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INVALID_REQUEST; @@ -744,7 +744,7 @@ gnutls_certificate_verify_peers(gnutls_session_t session, CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { return GNUTLS_E_NO_CERTIFICATE_FOUND; } @@ -793,7 +793,7 @@ time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { return (time_t) - 1; } @@ -837,7 +837,7 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { return (time_t) - 1; } diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c index 5765e86050..f89ea078b5 100644 --- a/lib/gnutls_psk.c +++ b/lib/gnutls_psk.c @@ -316,7 +316,7 @@ const char *gnutls_psk_server_get_username(gnutls_session_t session) CHECK_AUTH(GNUTLS_CRD_PSK, NULL); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return NULL; @@ -344,7 +344,7 @@ const char *gnutls_psk_client_get_hint(gnutls_session_t session) CHECK_AUTH(GNUTLS_CRD_PSK, NULL); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return NULL; diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index 03aecc3b1b..7f4111d1a6 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -189,7 +189,7 @@ _gnutls_session_unpack(gnutls_session_t session, return ret; } - if (_gnutls_get_auth_info(session) != NULL) { + if (session->key.auth_info != NULL) { _gnutls_free_auth_info(session); } @@ -298,7 +298,7 @@ pack_certificate_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { unsigned int i; int cur_size, ret; - cert_auth_info_t info = _gnutls_get_auth_info(session); + cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); int size_offset; size_offset = ps->length; @@ -359,7 +359,7 @@ unpack_certificate_auth_info(gnutls_session_t session, return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -415,7 +415,7 @@ unpack_certificate_auth_info(gnutls_session_t session, static int pack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { - srp_server_auth_info_t info = _gnutls_get_auth_info(session); + srp_server_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); int len, ret; int size_offset; size_t cur_size; @@ -462,7 +462,7 @@ unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); if (info == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -497,7 +497,7 @@ static int pack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) { int cur_size, ret; - anon_auth_info_t info = _gnutls_get_auth_info(session); + anon_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); int size_offset; size_offset = ps->length; @@ -544,7 +544,7 @@ unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -594,7 +594,7 @@ pack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) int size_offset; size_t cur_size; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); @@ -637,7 +637,7 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) return ret; } - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 8a7f49d5e0..0423435093 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -696,7 +696,7 @@ const char *gnutls_srp_server_get_username(gnutls_session_t session) CHECK_AUTH(GNUTLS_CRD_SRP, NULL); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); if (info == NULL) return NULL; return info->username; diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index b9cbc3af86..1429a0dabc 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -507,7 +507,7 @@ int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public) case GNUTLS_CRD_ANON: { anon_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -517,7 +517,7 @@ int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public) case GNUTLS_CRD_PSK: { psk_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -528,7 +528,7 @@ int _gnutls_dh_set_peer_public(gnutls_session_t session, bigint_t public) { cert_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -558,7 +558,7 @@ int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits) case GNUTLS_CRD_ANON: { anon_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; info->dh.secret_bits = bits; @@ -567,7 +567,7 @@ int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits) case GNUTLS_CRD_PSK: { psk_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; info->dh.secret_bits = bits; @@ -577,7 +577,7 @@ int _gnutls_dh_set_secret_bits(gnutls_session_t session, unsigned bits) { cert_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -605,7 +605,7 @@ _gnutls_dh_set_group(gnutls_session_t session, bigint_t gen, case GNUTLS_CRD_ANON: { anon_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -615,7 +615,7 @@ _gnutls_dh_set_group(gnutls_session_t session, bigint_t gen, case GNUTLS_CRD_PSK: { psk_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -626,7 +626,7 @@ _gnutls_dh_set_group(gnutls_session_t session, bigint_t gen, { cert_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 811927ae0f..3c22d1467f 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -138,19 +138,19 @@ gnutls_dh_get_group(gnutls_session_t session, switch (gnutls_auth_get_type(session)) { case GNUTLS_CRD_ANON: - anon_info = _gnutls_get_auth_info(session); + anon_info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (anon_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &anon_info->dh; break; case GNUTLS_CRD_PSK: - psk_info = _gnutls_get_auth_info(session); + psk_info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (psk_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &psk_info->dh; break; case GNUTLS_CRD_CERTIFICATE: - cert_info = _gnutls_get_auth_info(session); + cert_info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (cert_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &cert_info->dh; @@ -202,7 +202,7 @@ gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key) switch (gnutls_auth_get_type(session)) { case GNUTLS_CRD_ANON: { - anon_info = _gnutls_get_auth_info(session); + anon_info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (anon_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &anon_info->dh; @@ -210,7 +210,7 @@ gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key) } case GNUTLS_CRD_PSK: { - psk_info = _gnutls_get_auth_info(session); + psk_info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (psk_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &psk_info->dh; @@ -219,7 +219,7 @@ gnutls_dh_get_pubkey(gnutls_session_t session, gnutls_datum_t * raw_key) case GNUTLS_CRD_CERTIFICATE: { - cert_info = _gnutls_get_auth_info(session); + cert_info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (cert_info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &cert_info->dh; @@ -252,7 +252,7 @@ int gnutls_dh_get_secret_bits(gnutls_session_t session) { anon_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; return info->dh.secret_bits; @@ -261,7 +261,7 @@ int gnutls_dh_get_secret_bits(gnutls_session_t session) { psk_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; return info->dh.secret_bits; @@ -270,7 +270,7 @@ int gnutls_dh_get_secret_bits(gnutls_session_t session) { cert_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -323,7 +323,7 @@ int gnutls_dh_get_prime_bits(gnutls_session_t session) { anon_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &info->dh; @@ -333,7 +333,7 @@ int gnutls_dh_get_prime_bits(gnutls_session_t session) { psk_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; dh = &info->dh; @@ -343,7 +343,7 @@ int gnutls_dh_get_prime_bits(gnutls_session_t session) { cert_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -378,7 +378,7 @@ int gnutls_dh_get_peers_public_bits(gnutls_session_t session) { anon_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_ANON); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -389,7 +389,7 @@ int gnutls_dh_get_peers_public_bits(gnutls_session_t session) { psk_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -400,7 +400,7 @@ int gnutls_dh_get_peers_public_bits(gnutls_session_t session) { cert_auth_info_t info; - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INTERNAL_ERROR; @@ -495,7 +495,7 @@ const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return NULL; @@ -524,7 +524,7 @@ int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session, CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index e45a91e35a..ef126ba4ac 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -200,7 +200,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); - info = _gnutls_get_auth_info(session); + info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST;