diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-17 09:32:48 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-17 09:32:48 +0000 |
commit | 62714aadd833116d2a5f6a2ac2f79431f5391097 (patch) | |
tree | 2229ff286bac2a7843af2fe8ee7a3624d1a6a30a | |
parent | fbe0740cd80dce87adedcab4da13634f86a5ce12 (diff) | |
download | gnutls-62714aadd833116d2a5f6a2ac2f79431f5391097.tar.gz |
Several minor fixes in code and function documentation.
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | lib/auth_cert.c | 7 | ||||
-rw-r--r-- | lib/defines.h | 6 | ||||
-rw-r--r-- | lib/ext_server_name.c | 19 | ||||
-rw-r--r-- | lib/gnutls.h.in.in | 21 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 8 | ||||
-rw-r--r-- | lib/gnutls_record.c | 2 | ||||
-rw-r--r-- | lib/gnutls_session.c | 12 | ||||
-rw-r--r-- | lib/gnutls_state.c | 2 | ||||
-rw-r--r-- | lib/gnutls_str.c | 2 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 5 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 2 | ||||
-rw-r--r-- | lib/x509/crl.c | 8 | ||||
-rw-r--r-- | lib/x509/crq.c | 14 | ||||
-rw-r--r-- | lib/x509/dn.c | 17 | ||||
-rw-r--r-- | lib/x509/extensions.c | 2 | ||||
-rw-r--r-- | lib/x509/pkcs12.h | 1 | ||||
-rw-r--r-- | lib/x509/pkcs12_bag.c | 6 | ||||
-rw-r--r-- | lib/x509/pkcs12_encr.c | 5 | ||||
-rw-r--r-- | lib/x509/pkcs5.c | 6 | ||||
-rw-r--r-- | lib/x509/privkey.c | 4 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 12 | ||||
-rw-r--r-- | lib/x509/verify.c | 2 | ||||
-rw-r--r-- | lib/x509/x509.c | 44 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 11 | ||||
-rw-r--r-- | lib/x509_b64.c | 4 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 10 | ||||
-rw-r--r-- | src/certtool.c | 2 | ||||
-rw-r--r-- | src/common.c | 13 | ||||
-rw-r--r-- | src/serv.c | 4 |
30 files changed, 135 insertions, 118 deletions
diff --git a/configure.in b/configure.in index 4b37455d0b..f3f6d02d6a 100644 --- a/configure.in +++ b/configure.in @@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name]) dnl Gnutls Version GNUTLS_MAJOR_VERSION=0 GNUTLS_MINOR_VERSION=9 -GNUTLS_MICRO_VERSION=98 +GNUTLS_MICRO_VERSION=99 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls]) diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 40e20f57d0..1508ec38b7 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -52,8 +52,8 @@ static int _gnutls_server_find_cert_list_index(gnutls_session session, * exported certificate struct (CERTIFICATE_AUTH_INFO) */ static -int _gnutls_copy_certificate_auth_info(CERTIFICATE_AUTH_INFO info, gnutls_certificate_type type, - gnutls_cert * cert, int ncerts) +int _gnutls_copy_certificate_auth_info(CERTIFICATE_AUTH_INFO info, + gnutls_cert * cert, int ncerts) { /* Copy peer's information to AUTH_INFO */ @@ -738,7 +738,7 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session, if ((ret = - _gnutls_copy_certificate_auth_info(info, gnutls_certificate_type_get(session), + _gnutls_copy_certificate_auth_info(info, peer_certificate_list, peer_certificate_list_size)) < 0) { gnutls_assert(); @@ -901,7 +901,6 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session, if ((ret = _gnutls_copy_certificate_auth_info(info, - gnutls_certificate_type_get(session), peer_certificate_list, peer_certificate_list_size)) < 0) { gnutls_assert(); diff --git a/lib/defines.h b/lib/defines.h index a13b524a30..d5079c22e9 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -102,6 +102,12 @@ typedef struct { unsigned char i[8]; } uint64; +#ifndef HAVE_ISASCII +# ifndef isascii +# define isascii(x) (x<128?1:0) +# endif +#endif + #if SIZEOF_UNSIGNED_LONG == 4 typedef unsigned long int uint32; typedef signed long int sint32; diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index 6e31932ccf..8afce70fcf 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -199,21 +199,22 @@ int _gnutls_server_name_send_params(gnutls_session session, opaque * data, * a client has sent. The name indication may be any of the enumeration * gnutls_server_name_type. * - * If 'type' is GNUTLS_NAME_DNS, then this function is to be used by servers + * If @type is GNUTLS_NAME_DNS, then this function is to be used by servers * that support virtual hosting, and the data will be null terminated. * The client may give the server the dnsname they connected to. * - * If data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER - * is returned, and data_length will hold the required size. + * If @data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER + * is returned, and @data_length will hold the required size. * - * 'index' is used to retrieve more than one server names (if sent by the client). + * @index is used to retrieve more than one server names (if sent by the client). * The first server name has an index of 0, the second 1 and so on. If no name with the given * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. * **/ int gnutls_server_name_get(gnutls_session session, void *data, - int *data_length, - int * type, int indx) + size_t *data_length, + gnutls_server_name_type * type, + unsigned int indx) { char *_data = data; @@ -256,22 +257,22 @@ int gnutls_server_name_get(gnutls_session session, void *data, /** * gnutls_server_name_set - Used to set a name indicator to be sent as an extension * @session: is a &gnutls_session structure. + * @type: specifies the indicator type * @name: is a string that contains the server name. * @name_length: holds the length of name - * @type: specifies the indicator type * * This function is to be used by clients that want to inform * ( via a TLS extension mechanism) the server of the name they * connected to. This should be used by clients that connect * to servers that do virtual hosting. * - * The value of 'name' depends on the 'ind' type. In case of GNUTLS_NAME_DNS, + * The value of @name depends on the @ind type. In case of GNUTLS_NAME_DNS, * a null terminated string is expected. * **/ int gnutls_server_name_set(gnutls_session session, gnutls_server_name_type type, - const void *name, int name_length) + const void *name, size_t name_length) { int server_names; diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index aecd2286d7..3185df2f64 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -249,12 +249,13 @@ size_t gnutls_record_check_pending(gnutls_session session); typedef enum gnutls_server_name_type { GNUTLS_NAME_DNS=1 } gnutls_server_name_type; -int gnutls_get_server_name(gnutls_session session, void* data, int* data_length, - int *type, int indx); +int gnutls_server_name_set(gnutls_session session, + gnutls_server_name_type type, + const void *name, size_t name_length); -int gnutls_set_server_name(gnutls_session session, - gnutls_server_name_type type, - const void *name, int name_length); +int gnutls_server_name_get(gnutls_session session, + void *data, size_t *data_length, + gnutls_server_name_type * type, int unsigned indx); /* functions to set priority of cipher suites */ @@ -282,11 +283,11 @@ const char *gnutls_protocol_get_name(gnutls_protocol_version version); /* get/set session */ -int gnutls_session_set_data( gnutls_session session, const void* session_data, int session_data_size); -int gnutls_session_get_data( gnutls_session session, void* session_data, int *session_data_size); +int gnutls_session_set_data( gnutls_session session, const void* session_data, size_t session_data_size); +int gnutls_session_get_data( gnutls_session session, void* session_data, size_t *session_data_size); /* returns the session ID */ #define GNUTLS_MAX_SESSION_ID 32 -int gnutls_session_get_id( gnutls_session session, void* session_id, int *session_id_size); +int gnutls_session_get_id( gnutls_session session, void* session_id, size_t *session_id_size); /* checks if this session is a resumed one */ @@ -441,7 +442,7 @@ int gnutls_rsa_params_generate2(gnutls_rsa_params params, int bits); int gnutls_rsa_params_export_raw(gnutls_rsa_params params, gnutls_datum * m, gnutls_datum *e, gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, - gnutls_datum* u, int *bits); + gnutls_datum* u, unsigned int *bits); /* Session stuff */ @@ -473,5 +474,5 @@ void gnutls_openpgp_send_key(gnutls_session session, gnutls_openpgp_key_status s * Actually this function returns the hash of the given data. */ int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, - unsigned char* result, int* result_size); + void* result, size_t* result_size); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index f794a90bf1..b239d07faa 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -200,7 +200,7 @@ int _gnutls_cert_supported_kx(const gnutls_cert* cert, gnutls_kx_algorithm ** al * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE * * This function specifies if we (in case of a server) are going - * to send a certificate request message to the client. If 'req' + * to send a certificate request message to the client. If @req * is GNUTLS_CERT_REQUIRE then the server will return an error if * the peer does not provide a certificate. If you do not * call this function then the client will not be asked to @@ -223,11 +223,11 @@ void gnutls_certificate_server_set_request(gnutls_session session, * The callback's function prototype is: * int (*callback)(gnutls_session, const gnutls_datum *client_cert, int ncerts, const gnutls_datum* req_ca_dn, int nreqs); * - * 'client_cert' contains 'ncerts' gnutls_datum structures which hold + * @client_cert contains @ncerts gnutls_datum structures which hold * the raw certificates (DER for X.509 or binary for OpenPGP), of the * client. * - * 'req_ca_cert', is only used in X.509 certificates. + * @req_ca_cert, is only used in X.509 certificates. * Contains a list with the CA names that the server considers trusted. * Normally we should send a certificate that is signed * by one of these CAs. These names are DER encoded. To get a more @@ -264,7 +264,7 @@ void gnutls_certificate_client_set_select_function(gnutls_session session, * The callback's function form is: * int (*callback)(gnutls_session, gnutls_datum *server_cert, int ncerts); * - * 'server_cert' contains 'ncerts' gnutls_datum structures which hold + * @server_cert contains @ncerts gnutls_datum structures which hold * the raw certificate (DER encoded in X.509) of the server. * * This function specifies what we, in case of a server, are going diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 918068ea7a..652ce62e9d 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -150,7 +150,7 @@ void gnutls_transport_get_ptr2(gnutls_session session, * * Terminates the current TLS/SSL connection. The connection should * have been initiated using gnutls_handshake(). - * 'how' should be one of GNUTLS_SHUT_RDWR, GNUTLS_SHUT_WR. + * @how should be one of GNUTLS_SHUT_RDWR, GNUTLS_SHUT_WR. * * In case of GNUTLS_SHUT_RDWR then the TLS connection gets terminated and * further receives and sends will be disallowed. If the return diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c index 6596942ea7..e897afba5e 100644 --- a/lib/gnutls_session.c +++ b/lib/gnutls_session.c @@ -38,7 +38,9 @@ * * Resuming sessions is really useful and speedups connections after a succesful one. **/ -int gnutls_session_get_data( gnutls_session session, opaque* session_data, int *session_data_size) { +int gnutls_session_get_data( gnutls_session session, + void* session_data, size_t *session_data_size) +{ gnutls_datum psession; int ret; @@ -81,7 +83,9 @@ int gnutls_session_get_data( gnutls_session session, opaque* session_data, int * * Session id is some data set by the server, that identify the current session. * In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes. **/ -int gnutls_session_get_id( gnutls_session session, void* session_id, int *session_id_size) { +int gnutls_session_get_id( gnutls_session session, + void* session_id, size_t *session_id_size) +{ *session_id_size = session->security_parameters.session_id_size; @@ -111,8 +115,8 @@ int gnutls_session_get_id( gnutls_session session, void* session_id, int *sessio * Returns a negative value on error. * **/ -int gnutls_session_set_data( gnutls_session session, const opaque* session_data, - int session_data_size) +int gnutls_session_set_data( gnutls_session session, const void* session_data, + size_t session_data_size) { int ret; gnutls_datum psession = { (opaque*)session_data, session_data_size }; diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 9fecb24454..773d899370 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -530,7 +530,7 @@ void gnutls_record_set_cbc_protection(gnutls_session session, int prot) * * This function will enable or disable the use of private * cipher suites (the ones that start with 0xFF). By default - * or if 'allow' is 0 then these cipher suites will not be + * or if @allow is 0 then these cipher suites will not be * advertized nor used. * * Unless this function is called with the option to allow (1), then diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index f284405141..9a3918cb7a 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -189,7 +189,7 @@ char *_gnutls_bin2hex(const void *_old, size_t oldlen, char *buffer, size_t buffer_size) { unsigned int i, j; - opaque *old = _old; + const opaque *old = _old; if ((oldlen * 2) + 1 > buffer_size) return NULL; diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 9f84f19992..dc5207efe2 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -231,7 +231,8 @@ const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session) * Returns NULL in case of an error, or if no certificate was sent. * **/ -const gnutls_datum *gnutls_certificate_get_peers(gnutls_session session, int *list_size) +const gnutls_datum *gnutls_certificate_get_peers(gnutls_session session, + unsigned int *list_size) { CERTIFICATE_AUTH_INFO info; @@ -288,7 +289,7 @@ int gnutls_certificate_client_get_request_status(gnutls_session session) * **/ int gnutls_fingerprint(gnutls_digest_algorithm algo, const gnutls_datum* data, - unsigned char* result, size_t* result_size) + void* result, size_t* result_size) { GNUTLS_HASH_HANDLE td; int hash_len = _gnutls_hash_get_algo_len(algo); diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index 7d74f55400..ef050f9aba 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -53,7 +53,7 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, /* get data from the session */ -const gnutls_datum* gnutls_certificate_get_peers( gnutls_session, int* list_size); +const gnutls_datum* gnutls_certificate_get_peers( gnutls_session, unsigned int* list_size); const gnutls_datum *gnutls_certificate_get_ours( gnutls_session session); time_t gnutls_certificate_activation_time_peers(gnutls_session session); diff --git a/lib/x509/crl.c b/lib/x509/crl.c index a6d8df8ac1..d4e05b6cd2 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -157,7 +157,8 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, * @sizeof_buf: initialy holds the size of 'buf' * * This function will copy the name of the CRL issuer in the provided buffer. The name - * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. + * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * * If buf is null then only the size will be filled. * @@ -189,11 +190,12 @@ int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl crl, char *buf, * @sizeof_buf: initialy holds the size of 'buf' * * This function will extract the part of the name of the CRL issuer specified - * by the given OID. The output will be encoded as described in RFC2253. + * by the given OID. The output will be encoded as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * If raw flag is zero, this function will only return known OIDs as text. Other OIDs - * will be DER encoded, as described in RFC2253 -- in hex format with a '#' prefix. + * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. * You can check about known OIDs using gnutls_x509_dn_oid_known(). * * If buf is null then only the size will be filled. diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 081bab1482..1f71c4547f 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -164,9 +164,10 @@ int gnutls_x509_crq_import(gnutls_x509_crq crq, const gnutls_datum * data, * @sizeof_buf: initialy holds the size of 'buf' * * This function will copy the name of the Certificate request subject in the provided buffer. The name - * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. + * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * - * If buf is null then only the size will be filled. + * If @buf is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_buf will be updated with the required size. @@ -195,14 +196,15 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq crq, char *buf, * @sizeof_buf: initialy holds the size of 'buf' * * This function will extract the part of the name of the Certificate request subject, specified - * by the given OID. The output will be encoded as described in RFC2253. + * by the given OID. The output will be encoded as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * If raw flag is zero, this function will only return known OIDs as text. Other OIDs - * will be DER encoded, as described in RFC2253 -- in hex format with a '#' prefix. + * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. * You can check about known OIDs using gnutls_x509_dn_oid_known(). * - * If buf is null then only the size will be filled. + * If @buf is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_buf will be updated with the required size. @@ -422,7 +424,7 @@ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq crq, * @sizeof_data: holds the size of 'data' * * This function will set the part of the name of the Certificate request subject, specified - * by the given OID. + * by the given OID. The input string should be ASCII or UTF-8 encoded. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * With this function you can only set the known OIDs. You can test diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 5b7fe24edf..857374a57e 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -33,13 +33,6 @@ * Name (you need a parser just to read a name in the X.509 protoocols!!!) */ -#ifndef HAVE_ISASCII -# ifndef isascii -# define isascii(x) (x<128?1:0) -# endif -#endif - - /* Converts the given OID to an ldap acceptable string or * a dotted OID. */ @@ -477,7 +470,7 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, } if (raw_flag != 0) { - if (len > *sizeof_buf) { + if ((uint)len > *sizeof_buf) { *sizeof_buf = len; return GNUTLS_E_SHORT_MEMORY_BUFFER; @@ -665,7 +658,7 @@ int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, len = strlen( oid) + 1; - if ( *sizeof_oid < len) { + if ( *sizeof_oid < (uint)len) { *sizeof_oid = len; gnutls_assert(); return GNUTLS_E_SHORT_MEMORY_BUFFER; @@ -983,7 +976,7 @@ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, * gnutls_x509_rdn_get - This function parses an RDN sequence and returns a string * @idn: should contain a DER encoded RDN sequence * @buf: a pointer to a structure to hold the peer's name - * @sizeof_buf: holds the size of 'buf' + * @sizeof_buf: holds the size of @buf * * This function will return the name of the given RDN sequence. * The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described @@ -1037,7 +1030,7 @@ int gnutls_x509_rdn_get(const gnutls_datum * idn, * @indx: In case multiple same OIDs exist in the RDN indicates which to send. Use 0 for the first one. * @raw_flag: If non zero then the raw DER data are returned. * @buf: a pointer to a structure to hold the peer's name - * @sizeof_buf: holds the size of 'buf' + * @sizeof_buf: holds the size of @buf * * This function will return the name of the given Object identifier, * of the RDN sequence. @@ -1087,7 +1080,7 @@ int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char *oid, * @idn: should contain a DER encoded RDN sequence * @indx: Indicates which OID to return. Use 0 for the first one. * @oid: a pointer to a structure to hold the peer's name OID - * @sizeof_oid: holds the size of 'oid' + * @sizeof_oid: holds the size of @oid * * This function will return the specified Object identifier, * of the RDN sequence. diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 63205b3c5b..fa52d929cf 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -262,7 +262,7 @@ int _gnutls_x509_crt_get_extension_oid( gnutls_x509_crt cert, if ( indx == indx_counter++) { len = strlen( extnID) + 1; - if ( *sizeof_oid < len) { + if ( *sizeof_oid < (uint)len) { *sizeof_oid = len; gnutls_assert(); return GNUTLS_E_SHORT_MEMORY_BUFFER; diff --git a/lib/x509/pkcs12.h b/lib/x509/pkcs12.h index 6ea6320272..a0d86411bb 100644 --- a/lib/x509/pkcs12.h +++ b/lib/x509/pkcs12.h @@ -76,7 +76,6 @@ int _gnutls_pkcs7_encrypt_data(schema_id schema, const gnutls_datum * data, const char *password, gnutls_datum * enc); int _pkcs12_decode_safe_contents( const gnutls_datum* content, gnutls_pkcs12_bag bag); -int _pkcs12_check_pass( const char* pass, size_t plen); int _pkcs12_encode_safe_contents( gnutls_pkcs12_bag bag, ASN1_TYPE* content, int *enc); diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index e0338cba2c..6b9ab32ba1 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -549,9 +549,9 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag bag, int indx, /** * gnutls_pkcs12_bag_decrypt - This function will decrypt an encrypted bag * @bag: The bag - * @pass: The password used for encryption + * @pass: The password used for encryption. This can only be ASCII. * - * This function will return 0 on success. + * This function will decrypt the given encrypted bag and return 0 on success. * **/ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag bag, const char* pass) @@ -598,7 +598,7 @@ gnutls_datum dec; /** * gnutls_pkcs12_bag_encrypt - This function will encrypt a bag * @bag: The bag - * @pass: The password used for encryption + * @pass: The password used for encryption. This can only be ASCII. * @flags: should be one of gnutls_pkcs_encrypt_flags elements bitwise or'd * * This function will encrypt the given bag and return 0 on success. diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c index 64eb3b9558..c1501e62db 100644 --- a/lib/x509/pkcs12_encr.c +++ b/lib/x509/pkcs12_encr.c @@ -29,18 +29,17 @@ #include <gcrypt.h> #include <gnutls_errors.h> -#include <ctype.h> /* Returns 0 if the password is ok, or a negative error * code instead. */ -int _pkcs12_check_pass( const char* pass, size_t plen) +static int _pkcs12_check_pass( const char* pass, size_t plen) { const unsigned char* p = pass; unsigned int i; for (i=0;i<plen;i++) { - if ( p[i] < 128) continue; + if ( isascii(p[i])) continue; return GNUTLS_E_INVALID_PASSWORD; } diff --git a/lib/x509/pkcs5.c b/lib/x509/pkcs5.c index dfcdada7bc..8da6502a41 100644 --- a/lib/x509/pkcs5.c +++ b/lib/x509/pkcs5.c @@ -43,7 +43,7 @@ * denotes the length in octets of the * pseudorandom function output) * - * Input: P password, an octet string + * Input: P password, an octet string (ASCII or UTF-8) * S salt, an octet string * c iteration count, a positive integer * dkLen intended length in octets of the derived @@ -84,10 +84,6 @@ _gnutls_pkcs5_pbkdf2 (int PRF, if (dkLen == 0) return PKCS5_INVALID_DERIVED_KEY_LENGTH; - if ((rc=_pkcs12_check_pass( P, Plen)) < 0) { - return rc; - } - /* * * Steps: diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 1bd5586135..00c4452538 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -256,7 +256,7 @@ static ASN1_TYPE decode_dsa_key( const gnutls_datum* raw_key, * @format: One of DER or PEM * * This function will convert the given DER or PEM encoded key - * to the native gnutls_x509_privkey format. The output will be stored in 'key'. + * to the native gnutls_x509_privkey format. The output will be stored in @key . * * If the key is PEM encoded it should have a header of "RSA PRIVATE KEY", or * "DSA PRIVATE KEY". @@ -368,7 +368,7 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * dat * @u: holds the coefficient * * This function will convert the given RSA raw parameters - * to the native gnutls_x509_privkey format. The output will be stored in 'key'. + * to the native gnutls_x509_privkey format. The output will be stored in @key. * **/ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key, diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index cb4e1dcec0..433436fa3b 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -374,7 +374,7 @@ int encode_to_pkcs8_key( schema_id schema, const gnutls_datum * der_key, * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format * @key: Holds the key * @format: the format of output params. One of PEM or DER. - * @password: the password that will be used to encrypt the key + * @password: the password that will be used to encrypt the key. * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags * @output_data: will contain a private key PEM or DER encoded * @output_data_size: holds the size of output_data (and will be replaced by the actual size of parameters) @@ -384,6 +384,9 @@ int encode_to_pkcs8_key( schema_id schema, const gnutls_datum * der_key, * specify the encryption cipher, then the default 3DES (PBES2) will * be used. * + * The @password can be either ASCII or UTF-8 in the default PBES2 + * encryption schemas, or ASCII for the PKCS12 schemas. + * * If the buffer provided is not long enough to hold the output, then * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. * @@ -805,14 +808,17 @@ int decode_private_key_info(const gnutls_datum * der, * @key: The structure to store the parsed key * @data: The DER or PEM encoded key. * @format: One of DER or PEM - * @password: the password to decrypt the key (if it is encrypted) + * @password: the password to decrypt the key (if it is encrypted). * @flags: use 0. * * This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key - * to the native gnutls_x509_privkey format. The output will be stored in 'key'. + * to the native gnutls_x509_privkey format. The output will be stored in @key. * Currently only RSA keys can be imported, and flags can only be used to indicate * an unencrypted key. * + * The @password can be either ASCII or UTF-8 in the default PBES2 + * encryption schemas, or ASCII for the PKCS12 schemas. + * * If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY", * or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded. * diff --git a/lib/x509/verify.c b/lib/x509/verify.c index eb77b7eb47..d10821227b 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -546,7 +546,7 @@ int ret, issuer_params_size, i; * You must also check the peer's name in order to check if the verified * certificate belongs to the actual peer. * - * The certificate verification output will be put in 'verify' and will be + * The certificate verification output will be put in @verify and will be * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. * For a more detailed verification status use gnutls_x509_crt_verify() per list * element. diff --git a/lib/x509/x509.c b/lib/x509/x509.c index a5970da1b7..baa023a7ed 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -138,7 +138,7 @@ void gnutls_x509_crt_deinit(gnutls_x509_crt cert) * @format: One of DER or PEM * * This function will convert the given DER or PEM encoded Certificate - * to the native gnutls_x509_crt format. The output will be stored in 'cert'. + * to the native gnutls_x509_crt format. The output will be stored in @cert. * * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or * "CERTIFICATE". @@ -216,9 +216,10 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, * @sizeof_buf: initialy holds the size of 'buf' * * This function will copy the name of the Certificate issuer in the provided buffer. The name - * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. + * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * - * If buf is null then only the size will be filled. + * If @buf is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_buf will be updated with the required size. @@ -244,17 +245,18 @@ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt cert, char *buf, * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. * @raw_flag: If non zero returns the raw DER data of the DN part. * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * * This function will extract the part of the name of the Certificate issuer specified - * by the given OID. The output will be encoded as described in RFC2253. + * by the given OID. The output will be encoded as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * If raw flag is zero, this function will only return known OIDs as text. Other OIDs - * will be DER encoded, as described in RFC2253 -- in hex format with a '#' prefix. + * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. * You can check about known OIDs using gnutls_x509_dn_oid_known(). * - * If buf is null then only the size will be filled. + * If @buf is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_buf will be updated with the required size. @@ -278,12 +280,12 @@ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid, * @cert: should contain a gnutls_x509_crt structure * @indx: This specifies which OID to return. Use zero to get the first one. * @oid: a pointer to a buffer to hold the OID (may be null) - * @sizeof_oid: initialy holds the size of 'oid' + * @sizeof_oid: initialy holds the size of @oid * * This function will extract the OIDs of the name of the Certificate issuer specified * by the given index. * - * If oid is null then only the size will be filled. + * If @oid is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_oid will be updated with the required size. @@ -306,12 +308,13 @@ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt cert, * gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name * @cert: should contain a gnutls_x509_crt structure * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * * This function will copy the name of the Certificate in the provided buffer. The name - * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. + * will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * - * If buf is null then only the size will be filled. + * If @buf is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_buf will be updated with the required size. @@ -337,17 +340,18 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt cert, char *buf, * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. * @raw_flag: If non zero returns the raw DER data of the DN part. * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * * This function will extract the part of the name of the Certificate subject, specified - * by the given OID. + * by the given OID. The output + * string will be ASCII or UTF-8 encoded, depending on the certificate data. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * If raw flag is zero, this function will only return known OIDs as text. Other OIDs - * will be DER encoded, as described in RFC2253 -- in hex format with a '#' prefix. + * will be DER encoded, as described in RFC2253 -- in hex format with a '\#' prefix. * You can check about known OIDs using gnutls_x509_dn_oid_known(). * - * If buf is null then only the size will be filled. + * If @buf is null then only the size will be filled. * * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long enough, and * in that case the sizeof_buf will be updated with the required size. @@ -371,7 +375,7 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt cert, const char* oid, * @cert: should contain a gnutls_x509_crt structure * @indx: This specifies which OID to return. Use zero to get the first one. * @oid: a pointer to a buffer to hold the OID (may be null) - * @sizeof_oid: initialy holds the size of 'oid' + * @sizeof_oid: initialy holds the size of @oid * * This function will extract the OIDs of the name of the Certificate subject specified * by the given index. @@ -805,7 +809,7 @@ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert, unsigned int *key_usage, * @oid: holds an Object Identified in null terminated string * @indx: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one. * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * @critical: will be non zero if the extension is marked as critical * * This function will return the extension specified by the OID in the certificate. @@ -861,7 +865,7 @@ int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt cert, const char* oid, * @cert: should contain a gnutls_x509_crt structure * @indx: Specifies which extension OID to send. Use zero to get the first one. * @oid: a pointer to a structure to hold the OID (may be null) - * @sizeof_oid: initialy holds the size of 'oid' + * @sizeof_oid: initialy holds the size of @oid * * This function will return the requested extension OID in the certificate. * The extension OID will be stored as a string in the provided buffer. @@ -987,7 +991,7 @@ int _gnutls_x509_crt_get_raw_dn( gnutls_x509_crt cert, * @cert: should contain a gnutls_x509_crt structure * @algo: is a digest algorithm * @buf: a pointer to a structure to hold the fingerprint (may be null) - * @sizeof_buf: initialy holds the size of 'buf' + * @sizeof_buf: initialy holds the size of @buf * * This function will calculate and copy the certificate's fingerprint * in the provided buffer. diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 33008ca330..db1fff8b2a 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -48,10 +48,10 @@ static void disable_optional_stuff( gnutls_x509_crt cert); * @oid: holds an Object Identifier in a null terminated string * @raw_flag: must be 0, or 1 if the data are DER encoded * @name: a pointer to the name - * @sizeof_name: holds the size of 'name' + * @sizeof_name: holds the size of @name * * This function will set the part of the name of the Certificate subject, specified - * by the given OID. + * by the given OID. The input string should be ASCII or UTF-8 encoded. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * With this function you can only set the known OIDs. You can test @@ -79,10 +79,10 @@ int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt crt, const char* oid, * @oid: holds an Object Identifier in a null terminated string * @raw_flag: must be 0, or 1 if the data are DER encoded * @name: a pointer to the name - * @sizeof_name: holds the size of 'name' + * @sizeof_name: holds the size of @name * * This function will set the part of the name of the Certificate issuer, specified - * by the given OID. + * by the given OID. The input string should be ASCII or UTF-8 encoded. * * Some helper macros with popular OIDs can be found in gnutls/x509.h * With this function you can only set the known OIDs. You can test @@ -90,6 +90,9 @@ int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt crt, const char* oid, * not known (by gnutls) you should properly DER encode your data, and * call this function with raw_flag set. * + * Normally you do not need to call this function, since the signing + * operation will copy the signer's name as the issuer of the certificate. + * * Returns 0 on success. * **/ diff --git a/lib/x509_b64.c b/lib/x509_b64.c index 63a823f93e..c5ff04cd6f 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -290,7 +290,7 @@ int size; if (size < 0) return size; - if (result==NULL || *result_size < size) { + if (result==NULL || *result_size < (uint)size) { gnutls_free(ret); *result_size = size; return GNUTLS_E_SHORT_MEMORY_BUFFER; @@ -499,7 +499,7 @@ int size; if (size < 0) return size; - if (result==NULL || *result_size < size) { + if (result==NULL || *result_size < (uint)size) { gnutls_free(ret); *result_size = size; return GNUTLS_E_SHORT_MEMORY_BUFFER; diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index fc3066c556..0082e128ce 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -507,8 +507,8 @@ int i; * The callback's function form is: * int (*callback)(gnutls_session, const char** pfiles, const char** pconffiles, int npfiles); * - * 'pfiles' contains 'npfiles' char* structures which hold - * the password file name. 'pconffiles' contain the corresponding + * @pfiles contains @npfiles char* structures which hold + * the password file name. @pconffiles contain the corresponding * conf files. * * This function specifies what we, in case of a server, are going @@ -541,8 +541,8 @@ void gnutls_srp_server_set_select_function(gnutls_session session, * gnutls_datum* salt, gnutls_datum *verifier, gnutls_datum* g, * gnutls_datum* n); * - * 'username' contains the actual username. - * The 'salt', 'verifier', 'generator' and 'prime' must be filled + * @username contains the actual username. + * The @salt, @verifier, @generator and @prime must be filled * in using the gnutls_malloc(). * * In case the callback returned a negative number then gnutls will @@ -598,7 +598,7 @@ const char *gnutls_srp_server_get_username(gnutls_session session) * * This function will create an SRP verifier, as specified in RFC2945. * The prime and generator may be generated using the gnutls_dh_params_generate() - * function. The verifier will be allocated with 'malloc' and will be stored in 'res' in binary format. + * function. The verifier will be allocated with @malloc and will be stored in @res using binary format. * **/ int gnutls_srp_verifier( char* username, char* password, const gnutls_datum *salt, diff --git a/src/certtool.c b/src/certtool.c index 91c8edbb5d..b8681bac3d 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -789,7 +789,7 @@ void certificate_info( void) indx = 0; } - fprintf( outfile, "\n\t%s: ", oid); + fprintf( outfile, "\t%s: ", oid); size = sizeof(buffer); ret = gnutls_x509_crt_get_extension_by_oid( crt, oid, indx, buffer, &size, &critical); diff --git a/src/common.c b/src/common.c index c192dd47d2..ca2f16c9c4 100644 --- a/src/common.c +++ b/src/common.c @@ -44,7 +44,7 @@ void print_x509_info(gnutls_session session, const char* hostname) char dn[256]; size_t dn_size; size_t digest_size = sizeof(digest); - int i, j; + unsigned int i, j; size_t serial_size = sizeof(serial); char printable[256]; char *print; @@ -54,7 +54,7 @@ void print_x509_info(gnutls_session session, const char* hostname) cert_list = gnutls_certificate_get_peers(session, &cert_list_size); - if (cert_list_size <= 0) { + if (cert_list_size == 0) { fprintf(stderr, "No certificates found!\n"); return; } @@ -62,7 +62,7 @@ void print_x509_info(gnutls_session session, const char* hostname) printf(" - Got a certificate list of %d certificates.\n\n", cert_list_size); - for (j = 0; j < cert_list_size; j++) { + for (j = 0; j < (uint)cert_list_size; j++) { gnutls_x509_crt_init(&crt); ret = @@ -204,7 +204,8 @@ void print_openpgp_info(gnutls_session session, const char* hostname) char digest[20]; size_t digest_size = sizeof(digest); - int i, ret; + unsigned int i; + int ret; char printable[120]; char *print; char name[256]; @@ -397,8 +398,8 @@ int print_info(gnutls_session session, const char* hostname) case GNUTLS_CRD_CERTIFICATE: { char dns[256]; - int dns_size = sizeof(dns); - int type; + size_t dns_size = sizeof(dns); + gnutls_server_name_type type; /* This fails in client side */ if (gnutls_server_name_get diff --git a/src/serv.c b/src/serv.c index 6b9c0c57f0..e8871e94d6 100644 --- a/src/serv.c +++ b/src/serv.c @@ -350,8 +350,8 @@ char *peer_print_info(gnutls_session session, int *ret_length, */ { char dns[256]; - int dns_size = sizeof(dns); - int type; + size_t dns_size = sizeof(dns); + gnutls_server_name_type type; if (gnutls_server_name_get(session, dns, &dns_size, &type, 0) == 0) { sprintf(tmp2, "\n<p>Server Name: %s</p>\n", dns); |