gnutls_privkey_t pkey);
int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
- gnutls_kx_algorithm_t ** alg,
+ gnutls_kx_algorithm_t * alg,
int *alg_size);
#endif
*/
int
_gnutls_selected_cert_supported_kx (gnutls_session_t session,
- gnutls_kx_algorithm_t ** alg,
+ gnutls_kx_algorithm_t * alg,
int *alg_size)
{
gnutls_kx_algorithm_t kx;
gnutls_pk_algorithm_t pk, cert_pk;
- gnutls_kx_algorithm_t kxlist[MAX_ALGOS];
gnutls_pcert_st *cert;
int i;
if (session->internals.selected_cert_list_length == 0)
{
*alg_size = 0;
- *alg = NULL;
return 0;
}
/* then check key usage */
if (_gnutls_check_key_usage (cert, kx) == 0)
{
- kxlist[i] = kx;
+ alg[i] = kx;
i++;
+
+ if (i > *alg_size)
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
}
}
}
return GNUTLS_E_INVALID_REQUEST;
}
- *alg = gnutls_calloc (i, sizeof (gnutls_kx_algorithm_t));
- if (*alg == NULL)
- return GNUTLS_E_MEMORY_ERROR;
-
*alg_size = i;
- memcpy (*alg, kxlist, i * sizeof (gnutls_kx_algorithm_t));
-
return 0;
}
gnutls_certificate_credentials_t cert_cred;
gnutls_kx_algorithm_t kx;
int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
- gnutls_kx_algorithm_t *alg = NULL;
- int alg_size = 0;
+ gnutls_kx_algorithm_t alg[MAX_ALGOS];
+ int alg_size = MAX_ALGOS;
/* if we should use a specific certificate,
* we should remove all algorithms that are not supported
* supported by the X509 certificate parameters.
*/
if ((ret =
- _gnutls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0)
+ _gnutls_selected_cert_supported_kx (session, alg, &alg_size)) < 0)
{
gnutls_assert ();
return ret;
if (newSuite == NULL)
{
gnutls_assert ();
- gnutls_free (alg);
return GNUTLS_E_MEMORY_ERROR;
}
}
}
- gnutls_free (alg);
gnutls_free (*cipherSuites);
*cipherSuites = newSuite;