From: Nikos Mavrogiannopoulos Date: Sat, 18 Dec 2010 11:37:51 +0000 (+0100) Subject: Removed unneeded definitions, and more careful deinitializations in parse_der_cert_mem(). X-Git-Tag: gnutls_2_11_7~110 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9bb34759a333be7eb20a8d73974bd663a00a9409;p=thirdparty%2Fgnutls.git Removed unneeded definitions, and more careful deinitializations in parse_der_cert_mem(). --- diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index 57faf2f232..a989b4333e 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -36,19 +36,6 @@ #define DSA_PUBLIC_PARAMS 4 #define RSA_PUBLIC_PARAMS 2 -/* For key Usage, test as: - * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ... - */ -#define KEY_DIGITAL_SIGNATURE 128 -#define KEY_NON_REPUDIATION 64 -#define KEY_KEY_ENCIPHERMENT 32 -#define KEY_DATA_ENCIPHERMENT 16 -#define KEY_KEY_AGREEMENT 8 -#define KEY_KEY_CERT_SIGN 4 -#define KEY_CRL_SIGN 2 -#define KEY_ENCIPHER_ONLY 1 -#define KEY_DECIPHER_ONLY 32768 - typedef struct gnutls_cert { /* the size of params depends on the public diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 2bd6685e9e..cf1bab8e60 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -286,7 +286,7 @@ _gnutls_tls_sign (gnutls_session_t session, if (cert != NULL) { if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) + if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert (); return GNUTLS_E_KEY_USAGE_VIOLATION; @@ -327,7 +327,7 @@ _gnutls_verify_sig (gnutls_cert * cert, /* If the certificate supports signing continue. */ if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) + if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)) { gnutls_assert (); return GNUTLS_E_KEY_USAGE_VIOLATION; diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 0d705b821b..36f304a116 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -237,8 +237,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free (ccert); - return ret; + goto cleanup; } tmp.data = (opaque *) input_cert; @@ -249,8 +248,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, { gnutls_assert (); gnutls_x509_crt_deinit (crt); - gnutls_free (ccert); - return ret; + goto cleanup; } ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0); @@ -259,19 +257,21 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free (ccert); - return ret; + goto cleanup; } ret = certificate_credential_append_crt_list (res, ccert, 1); if (ret < 0) { gnutls_assert (); - gnutls_free (ccert); - return ret; + goto cleanup; } return ret; + +cleanup: + gnutls_free (ccert); + return ret; } /* Reads a base64 encoded certificate list from memory and stores it to @@ -285,7 +285,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, const char *ptr; opaque *ptr2; gnutls_datum_t tmp; - int ret, count; + int ret, count, i; gnutls_cert *certs = NULL; /* move to the certificate @@ -309,11 +309,11 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, { siz2 = _gnutls_fbase64_decode (NULL, ptr, size, &ptr2); - if (siz2 < 0) { gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; + ret = GNUTLS_E_BASE64_DECODING_ERROR; + goto cleanup; } certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert)); @@ -321,7 +321,8 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, if (certs == NULL) { gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } tmp.data = ptr2; @@ -331,8 +332,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free (certs); - return ret; + goto cleanup; } _gnutls_free_datum (&tmp); /* free ptr2 */ @@ -367,11 +367,16 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, if (ret < 0) { gnutls_assert (); - gnutls_free (certs); - return ret; + goto cleanup; } return count; + +cleanup: + for (i=0;i