Merge branch 'tmp-datum-cleanup' into 'master'

Datum.c cleanup

See merge request gnutls/gnutls!1002

7 files changed, 69 insertions, 51 deletions

diff --git a/lib/auth/srp_kx.h b/lib/auth/srp_kx.h
index e4431ee28e..ebe1477e02 100644
--- a/lib/auth/srp_kx.h
+++ b/lib/auth/srp_kx.h
@@ -25,6 +25,8 @@
 
 #include <auth.h>
 
+#define MAX_FAKE_SALT_SEED_SIZE 64
+
 typedef struct gnutls_srp_client_credentials_st {
 	char *username;
 	char *password;
@@ -38,7 +40,9 @@ typedef struct gnutls_srp_server_credentials_st {
 	 * password files.
 	 */
 	gnutls_srp_server_credentials_function *pwd_callback;
-	gnutls_datum_t fake_salt_seed;
+	unsigned char fake_salt_seed[MAX_FAKE_SALT_SEED_SIZE];
+	unsigned int fake_salt_seed_size;
+
 	unsigned int fake_salt_length;
 } srp_server_cred_st;
 
diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c
index 6902be3d26..6cd3f7e524 100644
--- a/lib/auth/srp_passwd.c
+++ b/lib/auth/srp_passwd.c
@@ -418,8 +418,8 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry,
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
-	ret = _gnutls_mac_init(&ctx, me, sc->fake_salt_seed.data,
-			sc->fake_salt_seed.size);
+	ret = _gnutls_mac_init(&ctx, me, sc->fake_salt_seed,
+			       sc->fake_salt_seed_size);
 
 	if (ret < 0) {
 		gnutls_assert();
diff --git a/lib/datum.c b/lib/datum.c
index ff71068b99..bd0f216438 100644
--- a/lib/datum.c
+++ b/lib/datum.c
@@ -30,6 +30,7 @@
 #include <datum.h>
 #include "errors.h"
 
+/* On error, @dat is not changed. */
 int
 _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size)
 {
@@ -39,10 +40,11 @@ _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size)
 		return 0;
 	}
 
-	dat->data = gnutls_malloc(data_size);
-	if (dat->data == NULL)
+	unsigned char *m = gnutls_malloc(data_size);
+	if (!m)
 		return GNUTLS_E_MEMORY_ERROR;
 
+	dat->data = m;
 	dat->size = data_size;
 	memcpy(dat->data, data, data_size);
 
@@ -51,22 +53,22 @@ _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size)
 
 /* ensures that the data set are null-terminated
  * The function always returns an allocated string in @dat on success.
+ * On error, @dat is not changed.
  */
 int
 _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data, size_t data_size)
 {
-	if (data_size == 0 || data == NULL) {
-		dat->data = gnutls_calloc(1, 1);
-		dat->size = 0;
-		return 0;
-	}
+	if (data == NULL)
+		return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
 
-	dat->data = gnutls_malloc(data_size+1);
-	if (dat->data == NULL)
+	unsigned char *m = gnutls_malloc(data_size + 1);
+	if (!m)
 		return GNUTLS_E_MEMORY_ERROR;
 
+	dat->data = m;
 	dat->size = data_size;
-	memcpy(dat->data, data, data_size);
+	if (data_size)
+		memcpy(dat->data, data, data_size);
 	dat->data[data_size] = 0;
 
 	return 0;
diff --git a/lib/datum.h b/lib/datum.h
index cdab4b272d..fe847359b0 100644
--- a/lib/datum.h
+++ b/lib/datum.h
@@ -28,11 +28,13 @@
 /* This will copy the provided data in @dat. If the provided data are
  * NULL or zero-size @dat will be NULL as well.
  */
+warn_unused_result nonnull((1))
 int _gnutls_set_datum(gnutls_datum_t * dat, const void *data,
 		      size_t data_size);
 
 /* This will always return a non-NULL, and zero-terminated string in @dat.
  */
+warn_unused_result nonnull((1))
 int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data,
 			 size_t data_size);
 
@@ -40,17 +42,13 @@ int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data,
 inline static
 void _gnutls_free_datum(gnutls_datum_t * dat)
 {
-	if (dat == NULL)
-		return;
-
-	if (dat->data != NULL)
+	if (dat != NULL) {
 		gnutls_free(dat->data);
-
-	dat->data = NULL;
-	dat->size = 0;
+		dat->size = 0;
+	}
 }
 
-inline static
+inline static nonnull_all
 void _gnutls_free_temp_key_datum(gnutls_datum_t * dat)
 {
 	if (dat->data != NULL) {
@@ -58,11 +56,10 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat)
 		gnutls_free(dat->data);
 	}
 
-	dat->data = NULL;
 	dat->size = 0;
 }
 
-inline static
+inline static nonnull_all
 void _gnutls_free_key_datum(gnutls_datum_t * dat)
 {
 	if (dat->data != NULL) {
@@ -70,7 +67,6 @@ void _gnutls_free_key_datum(gnutls_datum_t * dat)
 		gnutls_free(dat->data);
 	}
 
-	dat->data = NULL;
 	dat->size = 0;
 }
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 0e0942511d..bb49885978 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -57,27 +57,43 @@ typedef int ssize_t;
 
 #define ENABLE_ALIGN16
 
+#ifdef __clang_major
+# define _GNUTLS_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#endif
+
+/* clang also defines __GNUC__. It promotes a GCC version of 4.2.1. */
 #ifdef __GNUC__
-#ifndef _GNUTLS_GCC_VERSION
-#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+# define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
 #endif
+
 #if _GNUTLS_GCC_VERSION >= 30100
-#define likely(x)      __builtin_expect((x), 1)
-#define unlikely(x)    __builtin_expect((x), 0)
+# define likely(x)      __builtin_expect((x), 1)
+# define unlikely(x)    __builtin_expect((x), 0)
+#else
+# define likely
+# define unlikely
 #endif
-#if _GNUTLS_GCC_VERSION >= 70100
-#define FALLTHROUGH      __attribute__ ((fallthrough))
+
+#if _GNUTLS_GCC_VERSION >= 30300
+# define nonnull_all __attribute__ ((nonnull))
+# define nonnull(a) __attribute__ ((nonnull a))
+#else
+# define G_GNUC_WGET_NONNULL_ALL
+# define G_GNUC_WGET_NONNULL(a)
 #endif
+
+#if _GNUTLS_GCC_VERSION >= 30400
+# define warn_unused_result  __attribute__((warn_unused_result))
+#else
+# define warn_unused_result
 #endif
 
-#ifndef FALLTHROUGH
+#if _GNUTLS_GCC_VERSION >= 70100
+# define FALLTHROUGH      __attribute__ ((fallthrough))
+#else
 # define FALLTHROUGH
 #endif
 
-#ifndef likely
-#define likely
-#define unlikely
-#endif
 
 /* some systems had problems with long long int, thus,
  * it is not used.
diff --git a/lib/session.c b/lib/session.c
index 10b19abb4e..68d1cebe5c 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -305,7 +305,11 @@ gnutls_session_set_data(gnutls_session_t session,
 
 	if (session->internals.resumption_data.data != NULL)
 		gnutls_free(session->internals.resumption_data.data);
-	_gnutls_set_datum(&session->internals.resumption_data, session_data, session_data_size);
+	ret = _gnutls_set_datum(&session->internals.resumption_data, session_data, session_data_size);
+	if (ret < 0) {
+		gnutls_assert();
+		return ret;
+	}
 
 	return 0;
 }
diff --git a/lib/srp.c b/lib/srp.c
index 79116902ad..78bcbfd811 100644
--- a/lib/srp.c
+++ b/lib/srp.c
@@ -501,7 +501,6 @@ void gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc)
 {
 	gnutls_free(sc->password_file);
 	gnutls_free(sc->password_conf_file);
-	_gnutls_free_datum(&sc->fake_salt_seed);
 
 	gnutls_free(sc);
 }
@@ -537,17 +536,9 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
 	if (*sc == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
-	(*sc)->fake_salt_seed.size = DEFAULT_FAKE_SALT_SEED_SIZE;
-	(*sc)->fake_salt_seed.data = gnutls_malloc(
-					DEFAULT_FAKE_SALT_SEED_SIZE);
-	if ((*sc)->fake_salt_seed.data == NULL) {
-		ret = GNUTLS_E_MEMORY_ERROR;
-		gnutls_assert();
-		goto cleanup;
-	}
-
-	ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed.data,
-				DEFAULT_FAKE_SALT_SEED_SIZE);
+	(*sc)->fake_salt_seed_size = DEFAULT_FAKE_SALT_SEED_SIZE;
+	ret = gnutls_rnd(GNUTLS_RND_RANDOM, (*sc)->fake_salt_seed,
+			 DEFAULT_FAKE_SALT_SEED_SIZE);
 
 	if (ret < 0) {
 		gnutls_assert();
@@ -558,7 +549,6 @@ gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
 	return 0;
 
 cleanup:
-	_gnutls_free_datum(&(*sc)->fake_salt_seed);
 	gnutls_free(*sc);
 	return ret;
 }
@@ -841,8 +831,14 @@ gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t cred,
 				     const gnutls_datum_t * seed,
 				     unsigned int salt_length)
 {
-	_gnutls_free_datum(&cred->fake_salt_seed);
-	_gnutls_set_datum(&cred->fake_salt_seed, seed->data, seed->size);
+	unsigned seed_size = seed->size;
+	const unsigned char *seed_data = seed->data;
+
+	if (seed_size > sizeof(cred->fake_salt_seed))
+		seed_size = sizeof(cred->fake_salt_seed);
+
+	memcpy(cred->fake_salt_seed, seed_data, seed_size);
+	cred->fake_salt_seed_size = seed_size;
 
 	/* Cap the salt length at the output size of the MAC algorithm
 	 * we are using to generate the fake salts.