#ifdef ENABLE_OPENPGP
static int
_gnutls_proc_openpgp_server_crt (gnutls_session_t session,
- uint8_t * data, size_t data_size)
+ uint8_t * data, size_t data_size)
{
int size, ret, len;
uint8_t *p = data;
cert_auth_info_t info;
gnutls_certificate_credentials_t cred;
ssize_t dsize = data_size;
- int x, key_type;
+ int key_type;
gnutls_pcert_st *peer_certificate_list = NULL;
- int peer_certificate_list_size = 0;
gnutls_datum_t tmp, akey = { NULL, 0 };
uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
unsigned int subkey_id_set = 0;
}
/* read the actual key or fingerprint */
- if (key_type == PGP_KEY_FINGERPRINT
- || key_type == PGP_KEY_FINGERPRINT_SUBKEY)
+ if (key_type == PGP_KEY_FINGERPRINT ||
+ key_type == PGP_KEY_FINGERPRINT_SUBKEY)
{ /* the fingerprint */
DECR_LEN (dsize, 1);
return ret;
}
tmp = akey;
- peer_certificate_list_size++;
-
}
else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY)
{ /* the whole key */
}
DECR_LEN (dsize, len);
- peer_certificate_list_size++;
tmp.size = len;
tmp.data = p;
/* ok we now have the peer's key in tmp datum
*/
-
- if (peer_certificate_list_size == 0)
- {
- gnutls_assert ();
- return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
- }
-
peer_certificate_list =
gnutls_calloc (1,
- sizeof (gnutls_pcert_st) * (peer_certificate_list_size));
+ sizeof (gnutls_pcert_st));
if (peer_certificate_list == NULL)
{
gnutls_assert ();
ret =
_gnutls_copy_certificate_auth_info (info,
peer_certificate_list,
- peer_certificate_list_size,
+ 1,
subkey_id_set,
(subkey_id_set !=
0) ? subkey_id : NULL);
cleanup:
_gnutls_free_datum (&akey);
- CLEAR_CERTS;
+ gnutls_pcert_deinit(&peer_certificate_list[0]);
gnutls_free (peer_certificate_list);
return ret;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
gnutls_datum_t signature = { NULL, 0 };
- int total_data;
gnutls_sign_algorithm_t sign_algo;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
return 0;
}
- total_data = signature.size + 2;
-
- /* add hash and signature algorithms */
- if (_gnutls_version_has_selectable_sighash (ver))
- {
- total_data += 2;
- }
-
if (_gnutls_version_has_selectable_sighash (ver))
{
const sign_algorithm_st *aid;
gnutls_buffer_st * data)
{
gnutls_certificate_credentials_t cred;
- int size, ret;
+ int ret;
uint8_t tmp_data[CERTTYPE_SIZE];
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
- size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq
- */
-
- if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
- session->internals.ignore_rdn_sequence == 0)
- size += cred->x509_rdn_sequence.size;
-
- if (_gnutls_version_has_selectable_sighash (ver))
- /* Need two bytes to announce the number of supported hash
- functions (see below). */
- size += MAX_SIGN_ALGO_SIZE;
-
tmp_data[0] = CERTTYPE_SIZE - 1;
tmp_data[1] = RSA_SIGN;
tmp_data[2] = DSA_SIGN;
return ret;
}
- /* recalculate size */
- size -= MAX_SIGN_ALGO_SIZE + ret;
-
ret = _gnutls_buffer_append_data (data, p, ret);
if (ret < 0)
return gnutls_assert_val (ret);
DECR_LEN (data_size, n_Y);
data_Y = &data[i];
- i += n_Y;
_n_Y = n_Y;
_n_g = n_g;
ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
if (ret < 0)
{
- ret = gnutls_assert_val(ret);
+ gnutls_assert();
goto cleanup;
}
ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
if (ret < 0)
{
- ret = gnutls_assert_val(ret);
+ gnutls_assert();
goto cleanup;
}
ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
if (ret < 0)
{
- ret = gnutls_assert_val(ret);
+ gnutls_assert();
goto cleanup;
}
-
+
+ ret = data->length;
cleanup:
_gnutls_mpi_release (&Y);
- return data->length;
+ return ret;
}
cleanup:
gnutls_pcert_deinit (&peer_cert);
- return 0;
+ return ret;
}
static int
DECR_LEN (data_size, n_e);
data_e = &data[i];
- i += n_e;
_n_e = n_e;
_n_m = n_m;
* string(username):base64(v):base64(salt):int(index)
*/
static int
-pwd_put_values (SRP_PWD_ENTRY * entry, char *str)
+parse_tpasswd_values (SRP_PWD_ENTRY * entry, char *str)
{
char *p;
int len, ret;
* int(index):base64(n):int(g)
*/
static int
-pwd_put_values2 (SRP_PWD_ENTRY * entry, char *str)
+parse_tpasswd_conf_values (SRP_PWD_ENTRY * entry, char *str)
{
char *p;
int len;
}
if (strncmp (indexstr, line, MAX (i, len)) == 0)
{
- if ((idx = pwd_put_values2 (entry, line)) >= 0)
+ if ((idx = parse_tpasswd_conf_values (entry, line)) >= 0)
{
ret = 0;
goto cleanup;
char line[2 * 1024];
unsigned i, len;
int ret;
- int idx, last_idx;
+ int idx;
SRP_PWD_ENTRY *entry = NULL;
*_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY));
goto cleanup;
}
- last_idx = 1; /* a default value */
-
len = strlen (username);
while (fgets (line, sizeof (line), fd) != NULL)
{
if (strncmp (username, line, MAX (i, len)) == 0)
{
- if ((idx = pwd_put_values (entry, line)) >= 0)
+ if ((idx = parse_tpasswd_values (entry, line)) >= 0)
{
/* Keep the last index in memory, so we can retrieve fake parameters (g,n)
* when the user does not exist.
*/
- /* XXX: last_idx will not be read as both if block branches return. */
- last_idx = idx;
if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
{
goto found;
/* user was not found. Fake him. Actually read the g,n values from
* the last index found and randomize the entry.
*/
- if (pwd_read_conf (cred->password_conf_file, entry, last_idx) == 0)
+ if (pwd_read_conf (cred->password_conf_file, entry, 1) == 0)
{
ret = _randomize_pwd_entry (entry);
if (ret < 0)
goto found;
}
+ ret = GNUTLS_E_SRP_PWD_ERROR;
cleanup:
gnutls_assert ();
if (fd) fclose(fd);
_gnutls_srp_entry_free (entry);
- return GNUTLS_E_SRP_PWD_ERROR;
+ return ret;
found:
if (fd) fclose(fd);
{
algo_list *cl;
algo_list *last_cl = al;
+
+ if (al == NULL)
+ return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* look if there is any cipher with lowest priority. In that case do not add.
*/
if (epriv.num & GNUTLS_HB_PEER_ALLOWED_TO_SEND)
p = 1;
- else if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)
+ else /*if (epriv.num & GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND)*/
p = 2;
_gnutls_debug_log ("HB: sending parameter %u\n", (unsigned)p);
}
epriv.ptr = priv;
}
- else
- priv = epriv.ptr;
if (set != 0)
_gnutls_ext_set_session_data (session,
(&server_write->IV, &key_block[pos], IV_size) < 0)
return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
- pos += IV_size;
-
}
else if (IV_size > 0 && export_flag != 0)
{
/* Fragment length */
_gnutls_write_uint24 (i_datasize, &data[pos]);
- pos += 3;
+ /* pos += 3; */
}
_gnutls_handshake_log ("HSK[%p]: %s was queued [%ld bytes]\n",
{
data[pos++] = session->internals.dtls.cookie_len;
memcpy(&data[pos], &session->internals.dtls.cookie, session->internals.dtls.cookie_len);
- pos += session->internals.dtls.cookie_len;
+ /* pos += session->internals.dtls.cookie_len; */
}
/* Copy the ciphersuites.
uint8_t session_id_len = session->security_parameters.session_id_size;
char buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
- datalen = 0;
-
_gnutls_buffer_init(&extdata);
if (again == 0)
if (extdata.length > 0)
{
- datalen += extdata.length;
memcpy (&data[pos], extdata.data, extdata.length);
}
}
session->internals.dtls.cookie_len = cookie_len;
memcpy (session->internals.dtls.cookie, &data[pos], cookie_len);
- pos += cookie_len;
-
if (len != 0)
{
gnutls_assert ();
{
if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN)
{
- hash_algo = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
+ _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size);
sig_hash_size = _gnutls_hash_get_algo_len(gnutls_sign_get_hash_algorithm(sign));
if (sig_hash_size < hash_size)
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
#endif
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
#endif
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
#endif
if (ret < 0)
{
gnutls_assert ();
- return ret;
+ goto fail;
}
break;
default:
if (ret < 0)
{
gnutls_assert ();
- _gnutls_buffer_clear (&sb);
- return ret;
+ goto fail;
}
ret = _gnutls_ext_pack (session, &sb);
if (ret < 0)
{
gnutls_assert ();
- _gnutls_buffer_clear (&sb);
- return ret;
+ goto fail;
}
- ret = _gnutls_buffer_to_datum (&sb, packed_session);
+ return _gnutls_buffer_to_datum (&sb, packed_session);
+fail:
+ _gnutls_buffer_clear (&sb);
return ret;
}
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP_NUM (ps, info->dh.secret_bits);
int len, ret;
int size_offset;
size_t cur_size;
+ const char* username = NULL;
if (info && info->username)
- len = strlen (info->username) + 1; /* include the terminating null */
+ {
+ username = info->username;
+ len = strlen (info->username) + 1; /* include the terminating null */
+ }
else
len = 0;
BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
- BUFFER_APPEND_PFX4 (ps, info->username, len);
+ BUFFER_APPEND_PFX4 (ps, username, len);
/* write the real size */
_gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
return GNUTLS_E_INTERNAL_ERROR;
}
-
ret =
_gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
sizeof (srp_server_auth_info_st), 1);
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP (ps, info->username, username_size);
+ if (username_size == 0)
+ info->username[0] = 0;
ret = 0;
size_offset = ps->length;
BUFFER_APPEND_NUM (ps, 0);
cur_size = ps->length;
-
+
if (info)
{
BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
BUFFER_APPEND_PFX4 (ps, info->dh.prime.data, info->dh.prime.size);
BUFFER_APPEND_PFX4 (ps, info->dh.generator.data,
- info->dh.generator.size);
+ info->dh.generator.size);
BUFFER_APPEND_PFX4 (ps, info->dh.public_key.data,
- info->dh.public_key.size);
+ info->dh.public_key.size);
}
/* write the real size */
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP_NUM (ps, info->dh.secret_bits);
size_t cur_size;
info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
- if (info && info->username)
+ if (info->username)
username_len = strlen (info->username) + 1; /* include the terminating null */
else
username_len = 0;
- if (info && info->hint)
+ if (info->hint)
hint_len = strlen (info->hint) + 1; /* include the terminating null */
else
hint_len = 0;
info = _gnutls_get_auth_info (session);
if (info == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
BUFFER_POP_NUM (ps, username_size);
if (username_size > sizeof (info->username))
return;
}
-/* converts the buffer to a datum if possible. After this call the buffer
- * is at an usable state and might not be used or deinitialized */
+/* converts the buffer to a datum if possible. After this call
+ * (failed or not) the buffer should be considered deinitialized.
+ */
int
_gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
{
{
data->data = NULL;
data->size = 0;
+ _gnutls_buffer_clear (str);
return 0;
}
if (data->data == NULL)
{
gnutls_assert ();
+ _gnutls_buffer_clear (str);
return GNUTLS_E_MEMORY_ERROR;
}
memcpy (data->data, str->data, str->length);
{
data->data = str->data;
data->size = str->length;
+ _gnutls_buffer_init(str);
}
return 0;
ret =
gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
0);
- if (xcrt_list == NULL)
+ if (ret < 0)
{
gnutls_assert ();
- ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
_ecc_params_to_pubkey(pub, &ecc_pub);
_ecc_params_to_privkey(priv, &ecc_priv);
+ sz = ECC_BUF_SIZE;
if (ecc_projective_check_point(&ecc_pub.pubkey, pub->params[ECC_B], pub->params[ECC_PRIME]) != 0)
{
goto ecc_cleanup;
}
- sz = ECC_BUF_SIZE;
out->data = gnutls_malloc(sz);
if (out->data == NULL)
{
return 0;
}
- pos = 0;
memset (outbuf, 0, outlen);
- memcpy (outbuf + pos, "-----", 5);
- pos += 5;
+ memcpy (outbuf, "-----", 5);
+ pos = 5;
memcpy (outbuf + pos, head, strlen (head));
pos += strlen (head);
memcpy (outbuf + pos, "-----", 5);
return CDK_Unusable_Key;
}
node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
- if (sk->pk->uid && node)
+ if (sk && sk->pk && sk->pk->uid && node)
_cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
/* We only release the outer packet. */
return CDK_Unusable_Key;
}
node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
- if (pk->uid && node)
+ if (pk && pk->uid && node)
_cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
cdk_kbnode_release (knode);
pt->buf = si;
pkt->old_ctb = 1;
pkt->pkttype = CDK_PKT_LITERAL;
- pkt->pkt.literal = pt;
rc = _cdk_pkt_write_fp (out, pkt);
cdk_pkt_release (pkt);
return EOF;
}
- if (!buf && !count)
+ if (!buf || !count)
return stream_flush (s);
if (s->cache.on)
{
cdk_error_t rc;
- assert (out);
+ if (!out)
+ return CDK_Inv_Value;
- rc = 0;
if (!pktlen)
{
/* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
{
cdk_error_t rc;
- assert (out);
+ if (!out)
+ return CDK_Inv_Value;
if (type < 0 || type > 63)
return CDK_Inv_Packet;
cdk_error_t rc;
int ctb;
- assert (out);
+ if (!out)
+ return CDK_Inv_Value;
if (type < 0 || type > 16)
return CDK_Inv_Packet;
size_t size;
int rc, nenc;
- assert (out);
- assert (pke);
+ if (!out || !pke)
+ return CDK_Inv_Value;
if (pke->version < 2 || pke->version > 3)
return CDK_Inv_Packet;
{
cdk_error_t rc;
- assert (mdc);
- assert (out);
+ if (!out || !mdc)
+ return CDK_Inv_Value;
if (DEBUG_PKT)
_gnutls_write_log ("write_mdc:\n");
size_t nbytes, size, nsig;
cdk_error_t rc;
- assert (out);
- assert (sig);
+ if (!out || !sig)
+ return CDK_Inv_Value;
if (!KEY_CAN_SIGN (sig->pubkey_algo))
return CDK_Inv_Algo;
size_t npkey = 0, size = 6;
cdk_error_t rc;
- assert (out);
- assert (pk);
+ if (!out || !pk)
+ return CDK_Inv_Value;
if (pk->version < 2 || pk->version > 4)
return CDK_Inv_Packet;
int pkttype, s2k_mode;
cdk_error_t rc;
- assert (out);
- assert (sk);
+ if (!out || !sk)
+ return CDK_Inv_Value;
if (!sk->pk)
return CDK_Inv_Value;
{
cdk_error_t rc;
- assert (out);
- assert (cd);
+ if (!out || !cd)
+ return CDK_Inv_Value;
if (DEBUG_PKT)
_gnutls_write_log ("packet: write_compressed\n");
size_t size;
cdk_error_t rc;
- assert (out);
- assert (pt);
+ if (!out || !pt)
+ return CDK_Inv_Value;
/* We consider a packet without a body as an invalid packet.
At least one octet must be present. */
{
cdk_error_t rc;
- assert (out);
- assert (sig);
+ if (!out || !sig)
+ return CDK_Inv_Value;
if (sig->version != 3)
return CDK_Inv_Packet;
{
struct token_info tinfo;
- ret = GNUTLS_E_PKCS11_ERROR;
-
if (pkcs11_get_token_info (module, providers[x].slots[z],
&tinfo.tinfo) != CKR_OK)
{
{
ret = gnutls_x509_crt_export (certs[i], GNUTLS_X509_FMT_PEM,
out.data, &s);
- out.size = s;
- addf (str, "%.*s", out.size, out.data);
+ if (ret < 0)
+ addf (str, "error: crt_export: %s\n", gnutls_strerror (ret));
+ else
+ {
+ out.size = s;
+ addf (str, "%.*s", out.size, out.data);
+ }
gnutls_free (out.data);
}
}
gnutls_x509_crt_deinit(_extra_certs[i]);
gnutls_free(_extra_certs);
}
- if (_chain_len && chain != NULL)
+ if (_chain_len && _chain != NULL)
{
for (i = 0; i < _chain_len; i++)
gnutls_x509_crt_deinit(_chain[i]);