diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-10-23 06:10:05 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-10-23 06:10:05 +0000 |
| commit | 1d5e93dbd69358fe7d66a3a6dd461d7fbb0738ee (patch) | |
| tree | a0bc641a672b681febb3fcff2aa36e709c4055ba | |
| parent | 31e6844ac63980cfa8bc4aea6416e28044d416e0 (diff) | |
| parent | a8f1bede3047ef30b10cb7232e62afd8d9f82ebe (diff) | |
| download | gnutls-1d5e93dbd69358fe7d66a3a6dd461d7fbb0738ee.tar.gz | |
Merge branch 'tmp_cleanup_and_fixes' into 'master'
Cleanup and fixes
Closes #453
See merge request gnutls/gnutls!779
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 20 | ||||
| -rw-r--r-- | lib/algorithms/protocols.c | 18 | ||||
| -rw-r--r-- | lib/auth.c | 2 | ||||
| -rw-r--r-- | lib/auth.h | 2 | ||||
| -rw-r--r-- | lib/auth/anon.c | 4 | ||||
| -rw-r--r-- | lib/auth/anon_ecdh.c | 4 | ||||
| -rw-r--r-- | lib/auth/cert.c | 34 | ||||
| -rw-r--r-- | lib/auth/cert.h | 2 | ||||
| -rw-r--r-- | lib/auth/dhe.c | 2 | ||||
| -rw-r--r-- | lib/auth/dhe_psk.c | 12 | ||||
| -rw-r--r-- | lib/auth/ecdhe.c | 2 | ||||
| -rw-r--r-- | lib/auth/psk.c | 4 | ||||
| -rw-r--r-- | lib/auth/rsa_psk.c | 2 | ||||
| -rw-r--r-- | lib/auth/srp_kx.c | 2 | ||||
| -rw-r--r-- | lib/cert-cred-x509.c | 14 | ||||
| -rw-r--r-- | lib/cert-cred.c | 12 | ||||
| -rw-r--r-- | lib/cert-session.c | 12 | ||||
| -rw-r--r-- | lib/ext/client_cert_type.c | 18 | ||||
| -rw-r--r-- | lib/ext/ext_master_secret.c | 8 | ||||
| -rw-r--r-- | lib/ext/pre_shared_key.c | 4 | ||||
| -rw-r--r-- | lib/ext/psk_ke_modes.c | 16 | ||||
| -rw-r--r-- | lib/ext/server_cert_type.c | 18 | ||||
| -rw-r--r-- | lib/ext/signature.c | 27 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 4 | ||||
| -rw-r--r-- | lib/priority.c | 188 | ||||
| -rw-r--r-- | lib/psk.c | 4 | ||||
| -rw-r--r-- | lib/session_pack.c | 8 | ||||
| -rw-r--r-- | lib/srp.c | 2 | ||||
| -rw-r--r-- | lib/state.c | 6 | ||||
| -rw-r--r-- | lib/state.h | 2 | ||||
| -rw-r--r-- | lib/tls13/certificate.c | 2 |
31 files changed, 227 insertions, 228 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 4e840bdd8b..b97bbc82db 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -1508,7 +1508,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (session->key.binders[0].prf->id != session->internals.priorities->cs.entry[j]->prf) continue; } else if (cred_type == GNUTLS_CRD_CERTIFICATE) { - ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); + ret = _gnutls_select_server_cert(session, peer_clist->entry[i]); if (ret < 0) { /* couldn't select cert with this ciphersuite */ gnutls_assert(); @@ -1553,7 +1553,7 @@ _gnutls_figure_common_ciphersuite(gnutls_session_t session, if (session->key.binders[0].prf->id != session->internals.priorities->cs.entry[j]->prf) break; } else if (cred_type == GNUTLS_CRD_CERTIFICATE) { - ret = _gnutls_server_select_cert(session, peer_clist->entry[i]); + ret = _gnutls_select_server_cert(session, peer_clist->entry[i]); if (ret < 0) { /* couldn't select cert with this ciphersuite */ gnutls_assert(); @@ -1670,7 +1670,7 @@ _gnutls_get_client_ciphersuites(gnutls_session_t session, } /** - * gnutls_priority_get_cipher_suite: + * gnutls_priority_get_cipher_suite_index: * @pcache: is a #gnutls_prioritity_t type. * @idx: is an index number. * @sidx: internal index of cipher suite to get information about. @@ -1700,13 +1700,13 @@ gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* find max_tls and max_dtls */ - for (j=0;j<pcache->protocol.algorithms;j++) { - if (pcache->protocol.priority[j] <= GNUTLS_TLS_VERSION_MAX && - pcache->protocol.priority[j] >= max_tls) { - max_tls = pcache->protocol.priority[j]; - } else if (pcache->protocol.priority[j] <= GNUTLS_DTLS_VERSION_MAX && - pcache->protocol.priority[j] >= max_dtls) { - max_dtls = pcache->protocol.priority[j]; + for (j=0;j<pcache->protocol.num_priorities;j++) { + if (pcache->protocol.priorities[j] <= GNUTLS_TLS_VERSION_MAX && + pcache->protocol.priorities[j] >= max_tls) { + max_tls = pcache->protocol.priorities[j]; + } else if (pcache->protocol.priorities[j] <= GNUTLS_DTLS_VERSION_MAX && + pcache->protocol.priorities[j] >= max_dtls) { + max_dtls = pcache->protocol.priorities[j]; } } diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 501cf350c3..9b500f4997 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -202,9 +202,9 @@ _gnutls_version_priority(gnutls_session_t session, { unsigned int i; - for (i = 0; i < session->internals.priorities->protocol.algorithms; + for (i = 0; i < session->internals.priorities->protocol.num_priorities; i++) { - if (session->internals.priorities->protocol.priority[i] == + if (session->internals.priorities->protocol.priorities[i] == version) return i; } @@ -220,9 +220,9 @@ const version_entry_st *_gnutls_version_lowest(gnutls_session_t session) const version_entry_st *v, *min_v = NULL; const version_entry_st *backup = NULL; - for (i=0;i < session->internals.priorities->protocol.algorithms;i++) { + for (i=0;i < session->internals.priorities->protocol.num_priorities;i++) { cur_prot = - session->internals.priorities->protocol.priority[i]; + session->internals.priorities->protocol.priorities[i]; v = version_to_entry(cur_prot); if (v != NULL && version_is_valid_for_session(session, v)) { @@ -251,10 +251,10 @@ const version_entry_st *_gnutls_version_max(gnutls_session_t session) gnutls_protocol_t cur_prot; const version_entry_st *p, *max = NULL; - for (i = 0; i < session->internals.priorities->protocol.algorithms; + for (i = 0; i < session->internals.priorities->protocol.num_priorities; i++) { cur_prot = - session->internals.priorities->protocol.priority[i]; + session->internals.priorities->protocol.priorities[i]; for (p = sup_versions; p->name != NULL; p++) { if(p->id == cur_prot) { @@ -308,9 +308,9 @@ int _gnutls_write_supported_versions(gnutls_session_t session, uint8_t *buffer, unsigned i; const version_entry_st *p; - for (i = 0; i < session->internals.priorities->protocol.algorithms; i++) { + for (i = 0; i < session->internals.priorities->protocol.num_priorities; i++) { cur_prot = - session->internals.priorities->protocol.priority[i]; + session->internals.priorities->protocol.priorities[i]; for (p = sup_versions; p->name != NULL; p++) { if(p->id == cur_prot) { @@ -324,7 +324,7 @@ int _gnutls_write_supported_versions(gnutls_session_t session, uint8_t *buffer, at_least_one_new = 1; if (buffer_size > 2) { - _gnutls_debug_log("Advertizing version %x.%x\n", (int)p->major, (int)p->minor); + _gnutls_debug_log("Advertizing version %d.%d\n", (int)p->major, (int)p->minor); buffer[0] = p->major; buffer[1] = p->minor; written_bytes += 2; diff --git a/lib/auth.c b/lib/auth.c index 4bdedda38b..91a67c9afa 100644 --- a/lib/auth.c +++ b/lib/auth.c @@ -380,7 +380,7 @@ void _gnutls_free_auth_info(gnutls_session_t session) * info structure to a different type. */ int -_gnutls_auth_info_set(gnutls_session_t session, +_gnutls_auth_info_init(gnutls_session_t session, gnutls_credentials_type_t type, int size, int allow_change) { diff --git a/lib/auth.h b/lib/auth.h index a61acd09ee..2520efe2ef 100644 --- a/lib/auth.h +++ b/lib/auth.h @@ -57,7 +57,7 @@ const void *_gnutls_get_cred(gnutls_session_t session, gnutls_credentials_type_t type); const void *_gnutls_get_kx_cred(gnutls_session_t session, gnutls_kx_algorithm_t algo); -int _gnutls_auth_info_set(gnutls_session_t session, +int _gnutls_auth_info_init(gnutls_session_t session, gnutls_credentials_type_t type, int size, int allow_change); diff --git a/lib/auth/anon.c b/lib/auth/anon.c index 0cfa0efde8..1edfb54400 100644 --- a/lib/auth/anon.c +++ b/lib/auth/anon.c @@ -74,7 +74,7 @@ gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, + _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -113,7 +113,7 @@ proc_anon_server_kx(gnutls_session_t session, uint8_t * data, /* set auth_info */ if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, + _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c index 7b9a7f65bf..e5265425c1 100644 --- a/lib/auth/anon_ecdh.c +++ b/lib/auth/anon_ecdh.c @@ -74,7 +74,7 @@ gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, + _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -120,7 +120,7 @@ proc_anon_ecdh_server_kx(gnutls_session_t session, uint8_t * data, /* set auth_info */ if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, + _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 61a55f0745..574514649c 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -60,7 +60,7 @@ selected_certs_set(gnutls_session_t session, typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64 } CertificateSigType; -/* Moves data from a internal certificate struct (gnutls_pcert_st) to +/* Moves data from a internal certificate struct (gnutls_pcert_st) to * another internal certificate struct (cert_auth_info_t), and deinitializes * the former. */ @@ -118,7 +118,7 @@ check_pk_algo_in_list(const gnutls_pk_algorithm_t * return -1; } -/* Returns the issuer's Distinguished name in odn, of the certificate +/* Returns the issuer's Distinguished name in odn, of the certificate * specified in cert. */ static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn) @@ -165,7 +165,7 @@ static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn) /* Locates the most appropriate x509 certificate using the * given DN. If indx == -1 then no certificate was found. * - * That is to guess which certificate to use, based on the + * That is to guess which certificate to use, based on the * CAs and sign algorithms supported by the peer server. */ static int @@ -269,7 +269,7 @@ get_issuers_num(gnutls_session_t session, const uint8_t * data, ssize_t data_siz if (data_size > 0) do { - /* This works like DECR_LEN() + /* This works like DECR_LEN() */ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; DECR_LENGTH_COM(data_size, 2, goto error); @@ -507,7 +507,7 @@ _gnutls_select_client_cert(gnutls_session_t session, cred->certs[indx].ocsp_data, cred->certs[indx].ocsp_data_length, cred->certs[indx].pkey, 0, - NULL, 0); + NULL, NULL); } else { selected_certs_set(session, NULL, 0, NULL, 0, NULL, 0, NULL, NULL); @@ -532,7 +532,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) int apr_cert_list_length; unsigned init_pos = data->length; - /* find the appropriate certificate + /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert(session, &apr_cert_list, @@ -553,7 +553,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) * instead of: * 0B 00 00 00 // empty certificate handshake * - * ( the above is the whole handshake message, not + * ( the above is the whole handshake message, not * the one produced here ) */ @@ -629,7 +629,7 @@ int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey) */ #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) gnutls_pcert_deinit(&peer_certificate_list[x]) static int -_gnutls_proc_x509_server_crt(gnutls_session_t session, +_gnutls_proc_x509_crt(gnutls_session_t session, uint8_t * data, size_t data_size) { int size, len, ret; @@ -650,7 +650,7 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session, } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, sizeof(cert_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -701,7 +701,7 @@ _gnutls_proc_x509_server_crt(gnutls_session_t session, } /* Ok we now allocate the memory to hold the - * certificate list + * certificate list */ peer_certificate_list = @@ -790,7 +790,7 @@ int _gnutls_proc_crt(gnutls_session_t session, uint8_t * data, size_t data_size) switch (cert_type) { case GNUTLS_CRT_X509: - ret = _gnutls_proc_x509_server_crt(session, data, data_size); + ret = _gnutls_proc_x509_crt(session, data, data_size); break; default: gnutls_assert(); @@ -842,7 +842,7 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, sizeof(cert_auth_info_st), 0)) < 0) { gnutls_assert(); return ret; @@ -895,7 +895,7 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, DECR_LEN_FINAL(dsize, size); - /* We should reply with a certificate message, + /* We should reply with a certificate message, * even if we have no certificate to send. */ session->internals.hsk_flags |= HSK_CRT_ASKED; @@ -1123,7 +1123,7 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, return data->length - init_pos; } -/* This function will return the appropriate certificate to use. +/* This function will return the appropriate certificate to use. * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey. * The return value is a negative error code on error. * @@ -1148,7 +1148,7 @@ _gnutls_get_selected_cert(gnutls_session_t session, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - } else { /* CLIENT SIDE + } else { /* CLIENT SIDE */ /* _gnutls_select_client_cert() must have been called before. */ @@ -1244,7 +1244,7 @@ static void get_server_name(gnutls_session_t session, uint8_t * name, * can be selected returns an error. * * IMPORTANT - * Currently this function is only called from _gnutls_server_select_cert, + * Currently this function is only called from _gnutls_select_server_cert, * i.e. it is only called at the server. We therefore retrieve the * negotiated server certificate type within this function. * If, in the future, this routine is called at the client then we @@ -1315,7 +1315,7 @@ int cert_select_sign_algorithm(gnutls_session_t session, * */ int -_gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_entry_st *cs) +_gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_entry_st *cs) { unsigned i, j; int idx, ret; diff --git a/lib/auth/cert.h b/lib/auth/cert.h index 16dec78fd8..fe3210f922 100644 --- a/lib/auth/cert.h +++ b/lib/auth/cert.h @@ -141,7 +141,7 @@ _gnutls_select_client_cert(gnutls_session_t session, int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, size_t ncerts); int -_gnutls_server_select_cert(gnutls_session_t session, const gnutls_cipher_suite_entry_st *cs); +_gnutls_select_server_cert(gnutls_session_t session, const gnutls_cipher_suite_entry_st *cs); void _gnutls_selected_certs_deinit(gnutls_session_t session); int _gnutls_get_auth_info_pcert(gnutls_pcert_st * gcert, diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c index cf6c9e53ce..9b5ea196ff 100644 --- a/lib/auth/dhe.c +++ b/lib/auth/dhe.c @@ -96,7 +96,7 @@ gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, sizeof(cert_auth_info_st), 1)) < 0) { gnutls_assert(); diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index cb0c203a91..cb78359ccb 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -199,7 +199,7 @@ gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -237,7 +237,7 @@ gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) gnutls_datum_t hint = {NULL, 0}; if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -290,7 +290,7 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -356,7 +356,7 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -439,7 +439,7 @@ proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data, /* set auth_info */ if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -479,7 +479,7 @@ proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data, /* set auth_info */ if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 8b55704b28..ef9d822714 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -491,7 +491,7 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, sizeof(cert_auth_info_st), 1)) < 0) { gnutls_assert(); diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 6968bb8057..3733de1e62 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -204,7 +204,7 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; @@ -315,7 +315,7 @@ _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data, } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index 5a29f91837..644f2e8b29 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -281,7 +281,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - ret = _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1); if (ret < 0) { gnutls_assert(); diff --git a/lib/auth/srp_kx.c b/lib/auth/srp_kx.c index ef0c0e68a9..890a5dedc3 100644 --- a/lib/auth/srp_kx.c +++ b/lib/auth/srp_kx.c @@ -137,7 +137,7 @@ _gnutls_gen_srp_server_kx(gnutls_session_t session, priv = epriv; if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_SRP, + _gnutls_auth_info_init(session, GNUTLS_CRD_SRP, sizeof(srp_server_auth_info_st), 1)) < 0) { gnutls_assert(); diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c index f342a420b5..42a6bd5ba8 100644 --- a/lib/cert-cred-x509.c +++ b/lib/cert-cred-x509.c @@ -56,7 +56,7 @@ */ static int -certificate_credential_append_crt_list(gnutls_certificate_credentials_t res, +certificate_credential_append_keypair(gnutls_certificate_credentials_t res, gnutls_privkey_t key, gnutls_str_array_t names, gnutls_pcert_st * crt, int nr); @@ -186,7 +186,7 @@ parse_der_cert_mem(gnutls_certificate_credentials_t res, goto cleanup; } - ret = certificate_credential_append_crt_list(res, key, names, ccert, 1); + ret = certificate_credential_append_keypair(res, key, names, ccert, 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -302,7 +302,7 @@ parse_pem_cert_mem(gnutls_certificate_credentials_t res, } ret = - certificate_credential_append_crt_list(res, key, names, pcerts, + certificate_credential_append_keypair(res, key, names, pcerts, ncerts); if (ret < 0) { gnutls_assert(); @@ -543,7 +543,7 @@ read_cert_url(gnutls_certificate_credentials_t res, gnutls_privkey_t key, const t.data = NULL; } - ret = certificate_credential_append_crt_list(res, key, names, ccert, count); + ret = certificate_credential_append_keypair(res, key, names, ccert, count); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -737,7 +737,7 @@ gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t res, } static int -certificate_credential_append_crt_list(gnutls_certificate_credentials_t res, +certificate_credential_append_keypair(gnutls_certificate_credentials_t res, gnutls_privkey_t key, gnutls_str_array_t names, gnutls_pcert_st * crt, int nr) @@ -871,7 +871,7 @@ gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res, } ret = - certificate_credential_append_crt_list(res, pkey, names, pcerts, + certificate_credential_append_keypair(res, pkey, names, pcerts, cert_list_size); if (ret < 0) { gnutls_assert(); @@ -1091,7 +1091,7 @@ gnutls_certificate_set_key(gnutls_certificate_credentials_t res, memcpy(new_pcert_list, pcert_list, sizeof(gnutls_pcert_st) * pcert_list_size); ret = - certificate_credential_append_crt_list(res, key, str_names, + certificate_credential_append_keypair(res, key, str_names, new_pcert_list, pcert_list_size); if (ret < 0) { diff --git a/lib/cert-cred.c b/lib/cert-cred.c index 2150e903f2..2d7009b2e5 100644 --- a/lib/cert-cred.c +++ b/lib/cert-cred.c @@ -106,7 +106,7 @@ void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc) * * As with gnutls_x509_trust_list_get_issuer() this function requires * the %GNUTLS_TL_GET_COPY flag in order to operate with PKCS#11 trust - * lists in a thread-safe way. + * lists in a thread-safe way. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. @@ -171,7 +171,7 @@ gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc, * credentials. Clients may call this to save some memory since in * client side the CA names are not used. Servers might want to use * this function if a large list of trusted CAs is present and - * sending the names of it would just consume bandwidth without providing + * sending the names of it would just consume bandwidth without providing * information to client. * * CA names are used by servers to advertise the CAs they support to @@ -196,6 +196,10 @@ void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc) void gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) { + // Check for valid pointer and otherwise do nothing + if (sc == NULL) + return; + gnutls_x509_trust_list_deinit(sc->tlist, 1); gnutls_certificate_free_keys(sc); memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp)); @@ -585,7 +589,7 @@ static int call_legacy_cert_cb2(gnutls_session_t session, **/ void gnutls_certificate_set_retrieve_function2 (gnutls_certificate_credentials_t cred, - gnutls_certificate_retrieve_function2 * func) + gnutls_certificate_retrieve_function2 * func) { cred->legacy_cert_cb2 = func; if (!func) @@ -641,7 +645,7 @@ void gnutls_certificate_set_retrieve_function2 **/ void gnutls_certificate_set_retrieve_function3 (gnutls_certificate_credentials_t cred, - gnutls_certificate_retrieve_function3 *func) + gnutls_certificate_retrieve_function3 *func) { cred->get_cert_callback3 = func; } diff --git a/lib/cert-session.c b/lib/cert-session.c index 580a871964..2726512f5d 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -61,7 +61,7 @@ const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t session) { gnutls_certificate_credentials_t cred; - CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); + CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, NULL); cred = (gnutls_certificate_credentials_t) _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); @@ -103,7 +103,7 @@ const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t { cert_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, NULL); + CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, NULL); info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) @@ -455,7 +455,7 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, /* No OCSP check so far */ session->internals.ocsp_check_ok = 0; - CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { @@ -708,7 +708,7 @@ gnutls_certificate_verify_peers(gnutls_session_t session, { cert_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { @@ -808,7 +808,7 @@ time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) { cert_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { @@ -844,7 +844,7 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) { cert_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); + CHECK_AUTH_TYPE(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL) { diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c index 8bce721ace..5449eae678 100644 --- a/lib/ext/client_cert_type.c +++ b/lib/ext/client_cert_type.c @@ -199,7 +199,7 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, int ret; uint8_t cert_type; // Holds an IANA cert type ID uint8_t i = 0, num_cert_types = 0; - priority_st* cert_priors; + priority_st* cert_priorities; gnutls_datum_t tmp_cert_types; // For type conversion uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types const version_entry_st* vers = get_version(session); @@ -212,7 +212,7 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, if (!IS_SERVER(session)) { // Client mode // For brevity - cert_priors = + cert_priorities = &session->internals.priorities->client_ctype; /* Retrieve client certificate type priorities if any. If no @@ -220,15 +220,15 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, * initialization values apply. This default is currently set to * x.509 in which case we don't enable this extension. */ - if (cert_priors->algorithms > 0) { // Priorities are explicitly set + if (cert_priorities->num_priorities > 0) { // Priorities are explicitly set /* If the certificate priority is explicitly set to only * X.509 (default) then, according to spec we don't send * this extension. We check this here to avoid further work in * this routine. We also check it below after pruning supported * types. */ - if (cert_priors->algorithms == 1 && - cert_priors->priority[0] == DEFAULT_CERT_TYPE) { + if (cert_priorities->num_priorities == 1 && + cert_priorities->priorities[0] == DEFAULT_CERT_TYPE) { _gnutls_handshake_log ("EXT[%p]: Client certificate type was set to default cert type (%s). " "We therefore do not send this extension.\n", @@ -243,9 +243,9 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, * i.e. have credentials for. Therefore we check this here and * prune our original list. */ - for (i = 0; i < cert_priors->algorithms; i++) { + for (i = 0; i < cert_priorities->num_priorities; i++) { if (_gnutls_session_cert_type_supported - (session, cert_priors->priority[i], + (session, cert_priorities->priorities[i], true, GNUTLS_CTYPE_CLIENT) == 0) { /* Check whether we are allowed to store another cert type * in our buffer. In other words, prevent a possible buffer @@ -255,7 +255,7 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); // Convert to IANA representation - cert_type = _gnutls_cert_type2IANA(cert_priors->priority[i]); + cert_type = _gnutls_cert_type2IANA(cert_priorities->priorities[i]); // Add this cert type to our list with supported types cert_types[num_cert_types] = cert_type; num_cert_types++; @@ -263,7 +263,7 @@ static int _gnutls_client_cert_type_send_params(gnutls_session_t session, _gnutls_handshake_log ("EXT[%p]: Client certificate type %s (%d) was queued.\n", session, - gnutls_certificate_type_get_name(cert_priors->priority[i]), + gnutls_certificate_type_get_name(cert_priorities->priorities[i]), cert_type); } } diff --git a/lib/ext/ext_master_secret.c b/lib/ext/ext_master_secret.c index 311c096273..bafdd7ebd0 100644 --- a/lib/ext/ext_master_secret.c +++ b/lib/ext/ext_master_secret.c @@ -53,14 +53,14 @@ const hello_ext_entry_st ext_mod_ext_master_secret = { #ifdef ENABLE_SSL3 static inline unsigned have_only_ssl3_enabled(gnutls_session_t session) { - if (session->internals.priorities->protocol.algorithms == 1 && - session->internals.priorities->protocol.priority[0] == GNUTLS_SSL3) + if (session->internals.priorities->protocol.num_priorities == 1 && + session->internals.priorities->protocol.priorities[0] == GNUTLS_SSL3) return 1; return 0; } #endif -/* +/* * In case of a server: if an EXT_MASTER_SECRET extension type is received then it * sets a flag into the session security parameters. * @@ -129,7 +129,7 @@ _gnutls_ext_master_secret_send_params(gnutls_session_t session, return 0; #else if (session->security_parameters.entity == GNUTLS_CLIENT || - session->security_parameters.ext_master_secret != 0) + session->security_parameters.ext_master_secret != 0) return GNUTLS_E_INT_RET_0; return 0; #endif diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c index c6bb20c688..7e61d45cb7 100644 --- a/lib/ext/pre_shared_key.c +++ b/lib/ext/pre_shared_key.c @@ -310,7 +310,7 @@ client_send_params(gnutls_session_t session, user_key.size = tkey.size; } - ret = _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1); + ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -600,7 +600,7 @@ static int server_recv_params(gnutls_session_t session, if (!resuming) { assert(psk.identity.size < sizeof(info->username)); - ret = _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1); + ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1); if (ret < 0) { gnutls_assert(); goto fail; diff --git a/lib/ext/psk_ke_modes.c b/lib/ext/psk_ke_modes.c index a2fa7377e7..60d8503301 100644 --- a/lib/ext/psk_ke_modes.c +++ b/lib/ext/psk_ke_modes.c @@ -59,14 +59,14 @@ psk_ke_modes_send_params(gnutls_session_t session, * prioritization when negotiating PSK or DHE-PSK. Receiving servers would * very likely respect our prioritization if they parse the message serially. */ pos = 0; - for (i=0;i<session->internals.priorities->_kx.algorithms;i++) { - if (session->internals.priorities->_kx.priority[i] == GNUTLS_KX_PSK && !have_psk) { + for (i=0;i<session->internals.priorities->_kx.num_priorities;i++) { + if (session->internals.priorities->_kx.priorities[i] == GNUTLS_KX_PSK && !have_psk) { assert(pos <= 1); data[pos++] = PSK_KE; session->internals.hsk_flags |= HSK_PSK_KE_MODE_PSK; have_psk = 1; - } else if ((session->internals.priorities->_kx.priority[i] == GNUTLS_KX_DHE_PSK || - session->internals.priorities->_kx.priority[i] == GNUTLS_KX_ECDHE_PSK) && !have_dhpsk) { + } else if ((session->internals.priorities->_kx.priorities[i] == GNUTLS_KX_DHE_PSK || + session->internals.priorities->_kx.priorities[i] == GNUTLS_KX_ECDHE_PSK) && !have_dhpsk) { assert(pos <= 1); data[pos++] = PSK_DHE_KE; session->internals.hsk_flags |= HSK_PSK_KE_MODE_DHE_PSK; @@ -139,11 +139,11 @@ psk_ke_modes_recv_params(gnutls_session_t session, DECR_LEN(len, 1); ke_modes_len = *(data++); - for (i=0;i<session->internals.priorities->_kx.algorithms;i++) { - if (session->internals.priorities->_kx.priority[i] == GNUTLS_KX_PSK && psk_pos == MAX_POS) { + for (i=0;i<session->internals.priorities->_kx.num_priorities;i++) { + if (session->internals.priorities->_kx.priorities[i] == GNUTLS_KX_PSK && psk_pos == MAX_POS) { psk_pos = i; - } else if ((session->internals.priorities->_kx.priority[i] == GNUTLS_KX_DHE_PSK || - session->internals.priorities->_kx.priority[i] == GNUTLS_KX_ECDHE_PSK) && + } else if ((session->internals.priorities->_kx.priorities[i] == GNUTLS_KX_DHE_PSK || + session->internals.priorities->_kx.priorities[i] == GNUTLS_KX_ECDHE_PSK) && dhpsk_pos == MAX_POS) { dhpsk_pos = i; } diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c index b1086c7f10..a00a0376c9 100644 --- a/lib/ext/server_cert_type.c +++ b/lib/ext/server_cert_type.c @@ -195,7 +195,7 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, int ret; uint8_t cert_type; // Holds an IANA cert type ID uint8_t i = 0, num_cert_types = 0; - priority_st* cert_priors; + priority_st* cert_priorities; gnutls_datum_t tmp_cert_types; // For type conversion uint8_t cert_types[GNUTLS_CRT_MAX]; // The list with supported cert types @@ -207,7 +207,7 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, if (!IS_SERVER(session)) { // Client mode // For brevity - cert_priors = + cert_priorities = &session->internals.priorities->server_ctype; /* Retrieve server certificate type priorities if any. If no @@ -215,15 +215,15 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, * initialization values apply. This default is currently set to * X.509 in which case we don't enable this extension. */ - if (cert_priors->algorithms > 0) { // Priorities are explicitly set + if (cert_priorities->num_priorities > 0) { // Priorities are explicitly set /* If the certificate priority is explicitly set to only * X.509 (default) then, according to spec we don't send * this extension. We check this here to avoid further work in * this routine. We also check it below after pruning supported * types. */ - if (cert_priors->algorithms == 1 && - cert_priors->priority[0] == DEFAULT_CERT_TYPE) { + if (cert_priorities->num_priorities == 1 && + cert_priorities->priorities[0] == DEFAULT_CERT_TYPE) { _gnutls_handshake_log ("EXT[%p]: Server certificate type was set to default cert type (%s). " "We therefore do not send this extension.\n", @@ -243,9 +243,9 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, * added in the ..type_supported() routine without modifying the * structure of the code here. */ - for (i = 0; i < cert_priors->algorithms; i++) { + for (i = 0; i < cert_priorities->num_priorities; i++) { if (_gnutls_session_cert_type_supported - (session, cert_priors->priority[i], + (session, cert_priorities->priorities[i], false, GNUTLS_CTYPE_SERVER) == 0) { /* Check whether we are allowed to store another cert type * in our buffer. In other words, prevent a possible buffer @@ -255,7 +255,7 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); // Convert to IANA representation - cert_type = _gnutls_cert_type2IANA(cert_priors->priority[i]); + cert_type = _gnutls_cert_type2IANA(cert_priorities->priorities[i]); // Add this cert type to our list with supported types cert_types[num_cert_types] = cert_type; num_cert_types++; @@ -263,7 +263,7 @@ static int _gnutls_server_cert_type_send_params(gnutls_session_t session, _gnutls_handshake_log ("EXT[%p]: Server certificate type %s (%d) was queued.\n", session, - gnutls_certificate_type_get_name(cert_priors->priority[i]), + gnutls_certificate_type_get_name(cert_priorities->priorities[i]), cert_type); } } diff --git a/lib/ext/signature.c b/lib/ext/signature.c index a0e6e20b89..5992efe986 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -21,7 +21,7 @@ * */ -/* This file contains the code the Certificate Type TLS extension. +/* This file contains the code for the Signature Algorithms TLS extension. * This extension is currently gnutls specific. */ @@ -41,8 +41,7 @@ static int _gnutls_signature_algorithm_recv_params(gnutls_session_t size_t data_size); static int _gnutls_signature_algorithm_send_params(gnutls_session_t session, - gnutls_buffer_st * - extdata); + gnutls_buffer_st * extdata); static void signature_algorithms_deinit_data(gnutls_ext_priv_data_t priv); static int signature_algorithms_pack(gnutls_ext_priv_data_t epriv, gnutls_buffer_st * ps); @@ -161,12 +160,10 @@ _gnutls_sign_algorithm_parse_data(gnutls_session_t session, gnutls_sign_get_name(sig)); if (sig != GNUTLS_SIGN_UNKNOWN) { - if (priv->sign_algorithms_size == - MAX_ALGOS) + if (priv->sign_algorithms_size == MAX_ALGOS) break; priv->sign_algorithms[priv-> - sign_algorithms_size++] = - sig; + sign_algorithms_size++] = sig; } } @@ -204,7 +201,7 @@ _gnutls_signature_algorithm_recv_params(gnutls_session_t session, */ /* return GNUTLS_E_UNEXPECTED_PACKET; */ } else { - /* SERVER SIDE - we must check if the sent cert type is the right one + /* SERVER SIDE */ if (data_size >= 2) { uint16_t len; @@ -263,7 +260,7 @@ _gnutls_signature_algorithm_send_params(gnutls_session_t session, } /* Returns a requested by the peer signature algorithm that - * matches the given certificate's public key algorithm. + * matches the given certificate's public key algorithm. * * When the @client_cert flag is not set, then this function will * also check whether the signature algorithm is allowed to be @@ -370,16 +367,14 @@ _gnutls_session_sign_algo_enabled(gnutls_session_t session, } } - for (i = 0; i < session->internals.priorities->sigalg.size; - i++) { - if (session->internals.priorities->sigalg.entry[i]->id == - sig) { + for (i = 0; i < session->internals.priorities->sigalg.size; i++) { + if (session->internals.priorities->sigalg.entry[i]->id == sig) { return 0; /* ok */ } } disallowed: - _gnutls_handshake_log("signature algorithm %s is not enabled\n", gnutls_sign_algorithm_get_name(sig)); + _gnutls_handshake_log("Signature algorithm %s is not enabled\n", gnutls_sign_algorithm_get_name(sig)); return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } @@ -493,7 +488,7 @@ gnutls_sign_algorithm_get_requested(gnutls_session_t session, * gnutls_sign_algorithm_get: * @session: is a #gnutls_session_t type. * - * Returns the signature algorithm that is (or will be) used in this + * Returns the signature algorithm that is (or will be) used in this * session by the server to sign data. This function should be * used only with TLS 1.2 or later. * @@ -510,7 +505,7 @@ int gnutls_sign_algorithm_get(gnutls_session_t session) * gnutls_sign_algorithm_get_client: * @session: is a #gnutls_session_t type. * - * Returns the signature algorithm that is (or will be) used in this + * Returns the signature algorithm that is (or will be) used in this * session by the client to sign data. This function should be * used only with TLS 1.2 or later. * diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 3a830e214f..f32eba181d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -892,8 +892,8 @@ struct record_parameters_st { }; typedef struct { - unsigned int priority[MAX_ALGOS]; - unsigned int algorithms; + unsigned int priorities[MAX_ALGOS]; + unsigned int num_priorities; } priority_st; typedef enum { diff --git a/lib/priority.c b/lib/priority.c index fb9aba76c8..17049d5327 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -60,10 +60,10 @@ inline static void _set_priority(priority_st * st, const int *list) num++; if (num > MAX_ALGOS) num = MAX_ALGOS; - st->algorithms = num; + st->num_priorities = num; for (i = 0; i < num; i++) { - st->priority[i] = list[i]; + st->priorities[i] = list[i]; } return; @@ -73,7 +73,7 @@ inline static void _add_priority(priority_st * st, const int *list) { int num, i, j, init; - init = i = st->algorithms; + init = i = st->num_priorities; for (num = 0; list[num] != 0; ++num) { if (i + 1 > MAX_ALGOS) { @@ -81,14 +81,14 @@ inline static void _add_priority(priority_st * st, const int *list) } for (j = 0; j < init; j++) { - if (st->priority[j] == (unsigned) list[num]) { + if (st->priorities[j] == (unsigned) list[num]) { break; } } if (j == init) { - st->priority[i++] = list[num]; - st->algorithms++; + st->priorities[i++] = list[num]; + st->num_priorities++; } } @@ -529,18 +529,18 @@ static void prio_remove(priority_st * priority_list, unsigned int algo) { unsigned int i; - for (i = 0; i < priority_list->algorithms; i++) { - if (priority_list->priority[i] == algo) { - priority_list->algorithms--; - if ((priority_list->algorithms - i) > 0) - memmove(&priority_list->priority[i], - &priority_list->priority[i + 1], - (priority_list->algorithms - + for (i = 0; i < priority_list->num_priorities; i++) { + if (priority_list->priorities[i] == algo) { + priority_list->num_priorities--; + if ((priority_list->num_priorities - i) > 0) + memmove(&priority_list->priorities[i], + &priority_list->priorities[i + 1], + (priority_list->num_priorities - i) * sizeof(priority_list-> - priority[0])); - priority_list->priority[priority_list-> - algorithms] = 0; + priorities[0])); + priority_list->priorities[priority_list-> + num_priorities] = 0; break; } } @@ -550,18 +550,18 @@ static void prio_remove(priority_st * priority_list, unsigned int algo) static void prio_add(priority_st * priority_list, unsigned int algo) { - unsigned int i, l = priority_list->algorithms; + unsigned int i, l = priority_list->num_priorities; if (l >= MAX_ALGOS) return; /* can't add it anyway */ for (i = 0; i < l; ++i) { - if (algo == priority_list->priority[i]) + if (algo == priority_list->priorities[i]) return; /* if it exists */ } - priority_list->priority[l] = algo; - priority_list->algorithms++; + priority_list->priorities[l] = algo; + priority_list->num_priorities++; return; } @@ -594,11 +594,11 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) /* set the current version to the first in the chain. * This will be overridden later. */ - if (session->internals.priorities->protocol.algorithms > 0 && + if (session->internals.priorities->protocol.num_priorities > 0 && !session->internals.handshake_in_progress) { if (_gnutls_set_current_version(session, session->internals.priorities-> - protocol.priority[0]) < 0) { + protocol.priorities[0]) < 0) { return gnutls_assert_val(GNUTLS_E_UNSUPPORTED_VERSION_PACKET); } } @@ -608,7 +608,7 @@ gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) session->internals.flags |= GNUTLS_NO_TICKETS; } - if (session->internals.priorities->protocol.algorithms == 0 || + if (session->internals.priorities->protocol.num_priorities == 0 || session->internals.priorities->cs.size == 0) return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); @@ -1174,8 +1174,8 @@ static void add_ec(gnutls_priority_t priority_cache) const gnutls_group_entry_st *ge; unsigned i; - for (i = 0; i < priority_cache->_supported_ecc.algorithms; i++) { - ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priority[i]); + for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { + ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priorities[i]); if (ge != NULL && priority_cache->groups.size < sizeof(priority_cache->groups.entry)/sizeof(priority_cache->groups.entry[0])) { /* do not add groups which do not correspond to enabled ciphersuites */ if (!ge->curve) @@ -1190,8 +1190,8 @@ static void add_dh(gnutls_priority_t priority_cache) const gnutls_group_entry_st *ge; unsigned i; - for (i = 0; i < priority_cache->_supported_ecc.algorithms; i++) { - ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priority[i]); + for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { + ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priorities[i]); if (ge != NULL && priority_cache->groups.size < sizeof(priority_cache->groups.entry)/sizeof(priority_cache->groups.entry[0])) { /* do not add groups which do not correspond to enabled ciphersuites */ if (!ge->prime) @@ -1204,9 +1204,9 @@ static void add_dh(gnutls_priority_t priority_cache) #define REMOVE_TLS13_IN_LOOP(vers, i) \ if (vers->tls13_sem) { \ - for (j=i+1;j<priority_cache->protocol.algorithms;j++) \ - priority_cache->protocol.priority[j-1] = priority_cache->protocol.priority[j]; \ - priority_cache->protocol.algorithms--; \ + for (j=i+1;j<priority_cache->protocol.num_priorities;j++) \ + priority_cache->protocol.priorities[j-1] = priority_cache->protocol.priorities[j]; \ + priority_cache->protocol.num_priorities--; \ i--; \ continue; \ } @@ -1234,26 +1234,26 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) priority_cache->groups.size = 0; priority_cache->groups.have_ffdhe = 0; - for (j=0;j<priority_cache->_cipher.algorithms;j++) { - if (priority_cache->_cipher.priority[j] == GNUTLS_CIPHER_NULL) { + for (j=0;j<priority_cache->_cipher.num_priorities;j++) { + if (priority_cache->_cipher.priorities[j] == GNUTLS_CIPHER_NULL) { have_null = 1; break; } } - for (i = 0; i < priority_cache->_kx.algorithms; i++) { - if (IS_SRP_KX(priority_cache->_kx.priority[i])) { + for (i = 0; i < priority_cache->_kx.num_priorities; i++) { + if (IS_SRP_KX(priority_cache->_kx.priorities[i])) { have_srp = 1; - } else if (_gnutls_kx_is_psk(priority_cache->_kx.priority[i])) { - if (priority_cache->_kx.priority[i] == GNUTLS_KX_RSA_PSK) + } else if (_gnutls_kx_is_psk(priority_cache->_kx.priorities[i])) { + if (priority_cache->_kx.priorities[i] == GNUTLS_KX_RSA_PSK) have_rsa_psk = 1; else have_psk = 1; } } - for (i = 0; i < priority_cache->protocol.algorithms; i++) { - vers = version_to_entry(priority_cache->protocol.priority[i]); + for (i = 0; i < priority_cache->protocol.num_priorities; i++) { + vers = version_to_entry(priority_cache->protocol.priorities[i]); if (!vers) continue; @@ -1295,15 +1295,15 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) * the protocol doesn't require any. */ if (tlsmin && tlsmin->tls13_sem && !have_psk) { if (!dtlsmin || (dtlsmin && dtlsmin->tls13_sem)) - priority_cache->_kx.algorithms = 0; + priority_cache->_kx.num_priorities = 0; } /* Add TLS 1.3 ciphersuites (no KX) */ - for (j=0;j<priority_cache->_cipher.algorithms;j++) { - for (z=0;z<priority_cache->_mac.algorithms;z++) { + for (j=0;j<priority_cache->_cipher.num_priorities;j++) { + for (z=0;z<priority_cache->_mac.num_priorities;z++) { ce = cipher_suite_get( - 0, priority_cache->_cipher.priority[j], - priority_cache->_mac.priority[z]); + 0, priority_cache->_cipher.priorities[j], + priority_cache->_mac.priorities[z]); if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) { priority_cache->cs.entry[priority_cache->cs.size++] = ce; @@ -1311,13 +1311,13 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } } - for (i = 0; i < priority_cache->_kx.algorithms; i++) { - for (j=0;j<priority_cache->_cipher.algorithms;j++) { - for (z=0;z<priority_cache->_mac.algorithms;z++) { + for (i = 0; i < priority_cache->_kx.num_priorities; i++) { + for (j=0;j<priority_cache->_cipher.num_priorities;j++) { + for (z=0;z<priority_cache->_mac.num_priorities;z++) { ce = cipher_suite_get( - priority_cache->_kx.priority[i], - priority_cache->_cipher.priority[j], - priority_cache->_mac.priority[z]); + priority_cache->_kx.priorities[i], + priority_cache->_cipher.priorities[j], + priority_cache->_mac.priorities[z]); if (ce != NULL && priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) { priority_cache->cs.entry[priority_cache->cs.size++] = ce; @@ -1336,9 +1336,9 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (have_tls13 && (!have_ec || !have_dh)) { /* scan groups to determine have_ec and have_dh */ - for (i=0; i < priority_cache->_supported_ecc.algorithms; i++) { + for (i=0; i < priority_cache->_supported_ecc.num_priorities; i++) { const gnutls_group_entry_st *ge; - ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priority[i]); + ge = _gnutls_id_to_group(priority_cache->_supported_ecc.priorities[i]); if (ge) { if (ge->curve && !have_ec) { add_ec(priority_cache); @@ -1355,8 +1355,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } - for (i = 0; i < priority_cache->_sign_algo.algorithms; i++) { - se = _gnutls_sign_to_entry(priority_cache->_sign_algo.priority[i]); + for (i = 0; i < priority_cache->_sign_algo.num_priorities; i++) { + se = _gnutls_sign_to_entry(priority_cache->_sign_algo.priorities[i]); if (se != NULL && priority_cache->sigalg.size < sizeof(priority_cache->sigalg.entry)/sizeof(priority_cache->sigalg.entry[0])) { /* if the signature algorithm semantics are not compatible with * the protocol's, then skip. */ @@ -1367,31 +1367,31 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } _gnutls_debug_log("added %d protocols, %d ciphersuites, %d sig algos and %d groups into priority list\n", - priority_cache->protocol.algorithms, + priority_cache->protocol.num_priorities, priority_cache->cs.size, priority_cache->sigalg.size, priority_cache->groups.size); if (priority_cache->sigalg.size == 0) { /* no signature algorithms; eliminate TLS 1.2 or DTLS 1.2 and later */ priority_st newp; - newp.algorithms = 0; + newp.num_priorities = 0; /* we need to eliminate TLS 1.2 or DTLS 1.2 and later protocols */ - for (i = 0; i < priority_cache->protocol.algorithms; i++) { - if (priority_cache->protocol.priority[i] < GNUTLS_TLS1_2) { - newp.priority[newp.algorithms++] = priority_cache->protocol.priority[i]; - } else if (priority_cache->protocol.priority[i] >= GNUTLS_DTLS_VERSION_MIN && - priority_cache->protocol.priority[i] < GNUTLS_DTLS1_2) { - newp.priority[newp.algorithms++] = priority_cache->protocol.priority[i]; + for (i = 0; i < priority_cache->protocol.num_priorities; i++) { + if (priority_cache->protocol.priorities[i] < GNUTLS_TLS1_2) { + newp.priorities[newp.num_priorities++] = priority_cache->protocol.priorities[i]; + } else if (priority_cache->protocol.priorities[i] >= GNUTLS_DTLS_VERSION_MIN && + priority_cache->protocol.priorities[i] < GNUTLS_DTLS1_2) { + newp.priorities[newp.num_priorities++] = priority_cache->protocol.priorities[i]; } } memcpy(&priority_cache->protocol, &newp, sizeof(newp)); } - if (unlikely(priority_cache->protocol.algorithms == 0)) + if (unlikely(priority_cache->protocol.num_priorities == 0)) return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); #ifndef ENABLE_SSL3 - else if (unlikely(priority_cache->protocol.algorithms == 1 && priority_cache->protocol.priority[0] == GNUTLS_SSL3)) + else if (unlikely(priority_cache->protocol.num_priorities == 1 && priority_cache->protocol.priorities[0] == GNUTLS_SSL3)) return gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); #endif @@ -1400,8 +1400,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) /* when TLS 1.3 is available we must have groups set */ if (unlikely(!have_psk && tlsmax && tlsmax->id >= GNUTLS_TLS1_3 && priority_cache->groups.size == 0)) { - for (i = 0; i < priority_cache->protocol.algorithms; i++) { - vers = version_to_entry(priority_cache->protocol.priority[i]); + for (i = 0; i < priority_cache->protocol.num_priorities; i++) { + vers = version_to_entry(priority_cache->protocol.priorities[i]); if (!vers) continue; @@ -2083,18 +2083,18 @@ gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, { unsigned i; - if (pcache->_supported_ecc.algorithms == 0) + if (pcache->_supported_ecc.num_priorities == 0) return 0; - *list = pcache->_supported_ecc.priority; + *list = pcache->_supported_ecc.priorities; /* to ensure we don't confuse the caller, we do not include * any FFDHE groups. This may return an incomplete list. */ - for (i=0;i<pcache->_supported_ecc.algorithms;i++) - if (pcache->_supported_ecc.priority[i] > GNUTLS_ECC_CURVE_MAX) + for (i=0;i<pcache->_supported_ecc.num_priorities;i++) + if (pcache->_supported_ecc.priorities[i] > GNUTLS_ECC_CURVE_MAX) return i; - return pcache->_supported_ecc.algorithms; + return pcache->_supported_ecc.num_priorities; } /** @@ -2113,11 +2113,11 @@ int gnutls_priority_group_list(gnutls_priority_t pcache, const unsigned int **list) { - if (pcache->_supported_ecc.algorithms == 0) + if (pcache->_supported_ecc.num_priorities == 0) return 0; - *list = pcache->_supported_ecc.priority; - return pcache->_supported_ecc.algorithms; + *list = pcache->_supported_ecc.priorities; + return pcache->_supported_ecc.num_priorities; } /** @@ -2135,11 +2135,11 @@ int gnutls_priority_kx_list(gnutls_priority_t pcache, const unsigned int **list) { - if (pcache->_kx.algorithms == 0) + if (pcache->_kx.num_priorities == 0) return 0; - *list = pcache->_kx.priority; - return pcache->_kx.algorithms; + *list = pcache->_kx.priorities; + return pcache->_kx.num_priorities; } /** @@ -2157,11 +2157,11 @@ int gnutls_priority_cipher_list(gnutls_priority_t pcache, const unsigned int **list) { - if (pcache->_cipher.algorithms == 0) + if (pcache->_cipher.num_priorities == 0) return 0; - *list = pcache->_cipher.priority; - return pcache->_cipher.algorithms; + *list = pcache->_cipher.priorities; + return pcache->_cipher.num_priorities; } /** @@ -2179,11 +2179,11 @@ int gnutls_priority_mac_list(gnutls_priority_t pcache, const unsigned int **list) { - if (pcache->_mac.algorithms == 0) + if (pcache->_mac.num_priorities == 0) return 0; - *list = pcache->_mac.priority; - return pcache->_mac.algorithms; + *list = pcache->_mac.priorities; + return pcache->_mac.num_priorities; } /** @@ -2222,11 +2222,11 @@ int gnutls_priority_protocol_list(gnutls_priority_t pcache, const unsigned int **list) { - if (pcache->protocol.algorithms == 0) + if (pcache->protocol.num_priorities == 0) return 0; - *list = pcache->protocol.priority; - return pcache->protocol.algorithms; + *list = pcache->protocol.priorities; + return pcache->protocol.num_priorities; } /** @@ -2244,11 +2244,11 @@ int gnutls_priority_sign_list(gnutls_priority_t pcache, const unsigned int **list) { - if (pcache->_sign_algo.algorithms == 0) + if (pcache->_sign_algo.num_priorities == 0) return 0; - *list = pcache->_sign_algo.priority; - return pcache->_sign_algo.algorithms; + *list = pcache->_sign_algo.priorities; + return pcache->_sign_algo.num_priorities; } /** @@ -2298,15 +2298,15 @@ gnutls_priority_certificate_type_list2(gnutls_priority_t pcache, { switch (target) { case GNUTLS_CTYPE_CLIENT: - if(pcache->client_ctype.algorithms > 0) { - *list = pcache->client_ctype.priority; - return pcache->client_ctype.algorithms; + if(pcache->client_ctype.num_priorities > 0) { + *list = pcache->client_ctype.priorities; + return pcache->client_ctype.num_priorities; } break; case GNUTLS_CTYPE_SERVER: - if(pcache->server_ctype.algorithms > 0) { - *list = pcache->server_ctype.priority; - return pcache->server_ctype.algorithms; + if(pcache->server_ctype.num_priorities > 0) { + *list = pcache->server_ctype.priorities; + return pcache->server_ctype.num_priorities; } break; default: @@ -327,7 +327,7 @@ const char *gnutls_psk_server_get_username(gnutls_session_t session) { psk_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_PSK, NULL); + CHECK_AUTH_TYPE(GNUTLS_CRD_PSK, NULL); info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) @@ -358,7 +358,7 @@ const char *gnutls_psk_client_get_hint(gnutls_session_t session) { psk_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_PSK, NULL); + CHECK_AUTH_TYPE(GNUTLS_CRD_PSK, NULL); info = _gnutls_get_auth_info(session, GNUTLS_CRD_PSK); if (info == NULL) diff --git a/lib/session_pack.c b/lib/session_pack.c index c5801fb32e..8d8abd9f3a 100644 --- a/lib/session_pack.c +++ b/lib/session_pack.c @@ -494,7 +494,7 @@ unpack_certificate_auth_info(gnutls_session_t session, /* client and server have the same auth_info here */ ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, sizeof(cert_auth_info_st), 1); if (ret < 0) { gnutls_assert(); @@ -622,7 +622,7 @@ unpack_srp_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) } ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_SRP, + _gnutls_auth_info_init(session, GNUTLS_CRD_SRP, sizeof(srp_server_auth_info_st), 1); if (ret < 0) { gnutls_assert(); @@ -704,7 +704,7 @@ unpack_anon_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) /* client and server have the same auth_info here */ ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_ANON, + _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, sizeof(anon_auth_info_st), 1); if (ret < 0) { gnutls_assert(); @@ -797,7 +797,7 @@ unpack_psk_auth_info(gnutls_session_t session, gnutls_buffer_st * ps) unsigned pack_size; ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_PSK, + _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, sizeof(psk_auth_info_st), 1); if (ret < 0) { gnutls_assert(); @@ -708,7 +708,7 @@ const char *gnutls_srp_server_get_username(gnutls_session_t session) { srp_server_auth_info_t info; - CHECK_AUTH(GNUTLS_CRD_SRP, NULL); + CHECK_AUTH_TYPE(GNUTLS_CRD_SRP, NULL); info = _gnutls_get_auth_info(session, GNUTLS_CRD_SRP); if (info == NULL) diff --git a/lib/state.c b/lib/state.c index 86edd3c4c4..303a3ad2f8 100644 --- a/lib/state.c +++ b/lib/state.c @@ -327,15 +327,15 @@ _gnutls_session_cert_type_supported(gnutls_session_t session, } // No explicit priorities set, and default ctype is asked - if (ctype_priorities->algorithms == 0 + if (ctype_priorities->num_priorities == 0 && cert_type == DEFAULT_CERT_TYPE) return 0; // ok /* Now lets find out whether our cert type is in our priority * list, i.e. set of allowed cert types. */ - for (i = 0; i < ctype_priorities->algorithms; i++) { - if (ctype_priorities->priority[i] == cert_type) + for (i = 0; i < ctype_priorities->num_priorities; i++) { + if (ctype_priorities->priorities[i] == cert_type) return 0; /* ok */ } diff --git a/lib/state.h b/lib/state.h index a93e5d49ce..e4fb85c461 100644 --- a/lib/state.h +++ b/lib/state.h @@ -71,7 +71,7 @@ _gnutls_hello_set_default_version(gnutls_session_t session, #include <auth.h> -#define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \ +#define CHECK_AUTH_TYPE(auth, ret) if (gnutls_auth_get_type(session) != auth) { \ gnutls_assert(); \ return ret; \ } diff --git a/lib/tls13/certificate.c b/lib/tls13/certificate.c index b9a54df355..bf8dbda2f7 100644 --- a/lib/tls13/certificate.c +++ b/lib/tls13/certificate.c @@ -375,7 +375,7 @@ parse_cert_list(gnutls_session_t session, uint8_t * data, size_t data_size) } if ((ret = - _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE, + _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, sizeof(cert_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; |