diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-06-12 11:32:58 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-08-31 08:08:38 +0200 |
| commit | bb31aa5a55416831fe2dc59135929af1c612878d (patch) | |
| tree | 9e2d520786e1c730875edb51332e9e259a971cc4 | |
| parent | acdc676350280390833b3256e1823d1218ffda9b (diff) | |
| download | gnutls-bb31aa5a55416831fe2dc59135929af1c612878d.tar.gz | |
build: avoid -Wenum-conversion warnings with GCC 10
Signed-off-by: Daiki Ueno <ueno@gnu.org>
| -rw-r--r-- | lib/algorithms.h | 13 | ||||
| -rw-r--r-- | lib/algorithms/sign.c | 2 | ||||
| -rw-r--r-- | lib/crypto-api.c | 4 | ||||
| -rw-r--r-- | lib/hash_int.c | 2 | ||||
| -rw-r--r-- | lib/nettle/pk.c | 8 | ||||
| -rw-r--r-- | lib/tls-sig.c | 4 | ||||
| -rw-r--r-- | lib/tls13-sig.c | 4 | ||||
| -rw-r--r-- | lib/tls13/finished.c | 2 | ||||
| -rw-r--r-- | lib/x509/pkcs12.c | 4 | ||||
| -rw-r--r-- | lib/x509/pkcs7.c | 2 | ||||
| -rw-r--r-- | src/certtool.c | 6 | ||||
| -rw-r--r-- | tests/slow/hash-large.c | 2 |
12 files changed, 33 insertions, 20 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index 9cdb3abf7a..7a051b6365 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -174,11 +174,24 @@ inline static int _gnutls_mac_get_key_size(const mac_entry_st * e) return e->key_size; } +inline static gnutls_digest_algorithm_t +_gnutls_mac_to_dig(gnutls_mac_algorithm_t mac) +{ + if (unlikely(mac >= GNUTLS_MAC_AEAD)) + return GNUTLS_DIG_UNKNOWN; + + return (gnutls_digest_algorithm_t)mac; +} + +#define MAC_TO_DIG(mac) _gnutls_mac_to_dig(mac) + /* Functions for digests. */ #define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid #define _gnutls_digest_get_name _gnutls_mac_get_name #define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len +#define DIG_TO_MAC(dig) (gnutls_mac_algorithm_t)(dig) + /* Security against pre-image attacks */ inline static int _gnutls_digest_is_secure(const mac_entry_st * e) { diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 0d8d1a89c9..2728a54478 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -797,7 +797,7 @@ _gnutls_sign_get_hash_strength(gnutls_sign_algorithm_t sign) if (unlikely(se == NULL)) return 0; - me = mac_to_entry(se->hash); + me = hash_to_entry(se->hash); if (unlikely(me == NULL)) return 0; diff --git a/lib/crypto-api.c b/lib/crypto-api.c index caf8d713a3..00ecdd31b2 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -563,7 +563,7 @@ int gnutls_hash_init(gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm) { - if (is_mac_algo_forbidden(algorithm)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); *dig = gnutls_malloc(sizeof(digest_hd_st)); @@ -659,7 +659,7 @@ int gnutls_hash_fast(gnutls_digest_algorithm_t algorithm, const void *ptext, size_t ptext_len, void *digest) { - if (is_mac_algo_forbidden(algorithm)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algorithm))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); return _gnutls_hash_fast(algorithm, ptext, ptext_len, digest); diff --git a/lib/hash_int.c b/lib/hash_int.c index d326960e80..90ae6cf140 100644 --- a/lib/hash_int.c +++ b/lib/hash_int.c @@ -80,7 +80,7 @@ int _gnutls_digest_exists(gnutls_digest_algorithm_t algo) { const gnutls_crypto_digest_st *cc = NULL; - if (is_mac_algo_forbidden(algo)) + if (is_mac_algo_forbidden(DIG_TO_MAC(algo))) return gnutls_assert_val(GNUTLS_E_UNWANTED_ALGORITHM); cc = _gnutls_get_crypto_digest(algo); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index ccf403b007..57a8560ede 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -917,7 +917,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, /* This call will return a valid MAC entry and * getters will check that is not null anyway. */ - me = mac_to_entry(_gnutls_gost_digest(pk_params->algo)); + me = hash_to_entry(_gnutls_gost_digest(pk_params->algo)); if (_gnutls_mac_get_algo_len(me) != vdata->size) { gnutls_assert(); _gnutls_debug_log @@ -987,7 +987,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _gnutls_ecdsa_compute_k(k, curve_id, pk_params->params[ECC_K], - sign_params->dsa_dig, + DIG_TO_MAC(sign_params->dsa_dig), vdata->data, vdata->size); if (ret < 0) @@ -1056,7 +1056,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, ret = _gnutls_dsa_compute_k(k, pub.q, TOMPZ(priv), - sign_params->dsa_dig, + DIG_TO_MAC(sign_params->dsa_dig), vdata->data, vdata->size); if (ret < 0) @@ -1312,7 +1312,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, /* This call will return a valid MAC entry and * getters will check that is not null anyway. */ - me = mac_to_entry(_gnutls_gost_digest(pk_params->algo)); + me = hash_to_entry(_gnutls_gost_digest(pk_params->algo)); if (_gnutls_mac_get_algo_len(me) != vdata->size) return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 779e02c18f..7d2b04323e 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -160,7 +160,7 @@ _gnutls_handshake_sign_data10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &dconcat, signature); if (ret < 0) { gnutls_assert(); @@ -788,7 +788,7 @@ _gnutls_handshake_sign_crt_vrfy10(gnutls_session_t session, dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len(me); - ret = gnutls_privkey_sign_hash(pkey, me->id, GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, + ret = gnutls_privkey_sign_hash(pkey, MAC_TO_DIG(me->id), GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA, &dconcat, signature); if (ret < 0) { gnutls_assert(); diff --git a/lib/tls13-sig.c b/lib/tls13-sig.c index e15d8305e2..b14390e353 100644 --- a/lib/tls13-sig.c +++ b/lib/tls13-sig.c @@ -104,7 +104,7 @@ _gnutls13_handshake_verify_data(gnutls_session_t session, goto cleanup; } - ret = gnutls_hash_fast(session->security_parameters.prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len, prefix); @@ -186,7 +186,7 @@ _gnutls13_handshake_sign_data(gnutls_session_t session, goto cleanup; } - ret = gnutls_hash_fast(session->security_parameters.prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(session->security_parameters.prf->id), session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length, tmp); diff --git a/lib/tls13/finished.c b/lib/tls13/finished.c index 35ab87f9af..68eab993ea 100644 --- a/lib/tls13/finished.c +++ b/lib/tls13/finished.c @@ -45,7 +45,7 @@ int _gnutls13_compute_finished(const mac_entry_st *prf, if (ret < 0) return gnutls_assert_val(ret); - ret = gnutls_hash_fast(prf->id, + ret = gnutls_hash_fast(MAC_TO_DIG(prf->id), handshake_hash_buffer->data, handshake_hash_buffer->length, ts_hash); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index cdb284026a..2dc0823905 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1098,7 +1098,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) return _gnutls_asn2err(result); } - algo = gnutls_oid_to_digest(oid); + algo = DIG_TO_MAC(gnutls_oid_to_digest(oid)); if (algo == GNUTLS_MAC_UNKNOWN) { unknown_mac: gnutls_assert(); @@ -1970,7 +1970,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, *oid = (char*)tmp.data; } - algo = gnutls_oid_to_digest((char*)tmp.data); + algo = DIG_TO_MAC(gnutls_oid_to_digest((char*)tmp.data)); if (algo == GNUTLS_MAC_UNKNOWN || mac_to_entry(algo) == NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 98669e8879..0ff55ba04b 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -2277,7 +2277,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, /* If we add any attribute we should add them all */ /* Add hash */ digest_size = _gnutls_hash_get_algo_len(me); - ret = gnutls_hash_fast(me->id, data->data, data->size, digest); + ret = gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, data->size, digest); if (ret < 0) { gnutls_assert(); return ret; diff --git a/src/certtool.c b/src/certtool.c index 0e24ac8281..6bdfe376b1 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1426,9 +1426,9 @@ static void cmd_parser(int argc, char **argv) if (HAVE_OPT(VERIFY_PROFILE)) { if (strcasecmp(OPT_ARG(VERIFY_PROFILE), "none")) { - cinfo.verification_profile = GNUTLS_PROFILE_UNKNOWN; + cinfo.verification_profile = (gnutls_sec_param_t)GNUTLS_PROFILE_UNKNOWN; } else { - cinfo.verification_profile = gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE)); + cinfo.verification_profile = (gnutls_sec_param_t)gnutls_certificate_verification_profile_get_id(OPT_ARG(VERIFY_PROFILE)); } } else if (!HAVE_OPT(VERIFY_ALLOW_BROKEN)) { if (HAVE_OPT(VERIFY_CHAIN) || HAVE_OPT(VERIFY)) { @@ -2956,7 +2956,7 @@ void generate_pkcs12(common_info_st * cinfo) } if (cinfo->hash != GNUTLS_DIG_UNKNOWN) - mac = cinfo->hash; + mac = (gnutls_mac_algorithm_t)cinfo->hash; else mac = GNUTLS_MAC_SHA1; diff --git a/tests/slow/hash-large.c b/tests/slow/hash-large.c index 33dc1df0da..71312ef369 100644 --- a/tests/slow/hash-large.c +++ b/tests/slow/hash-large.c @@ -139,7 +139,7 @@ void doit(void) /* SHA1 */ err = - gnutls_hash_fast(GNUTLS_MAC_SHA1, buf, size, + gnutls_hash_fast(GNUTLS_DIG_SHA1, buf, size, digest); if (err < 0) fail("gnutls_hash_fast(SHA1) failed: %d\n", err); |