diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-09-01 13:39:33 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-09-01 13:39:33 +0000 |
commit | 675d3421130896b07e60055eba2419fcce7ff4f1 (patch) | |
tree | 297bdaf5dc5502dce40a87de37f41c9dc5a6ea9b /lib | |
parent | 883f6614e01dd939f85219f9b13f64a19e4de1e9 (diff) | |
download | gnutls-675d3421130896b07e60055eba2419fcce7ff4f1.tar.gz |
More more fixes by Arne.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gnutls_errors.c | 23 | ||||
-rw-r--r-- | lib/gnutls_extensions.c | 7 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 2 | ||||
-rw-r--r-- | lib/gnutls_int.h | 2 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 98 | ||||
-rw-r--r-- | lib/x509_b64.c | 4 |
6 files changed, 51 insertions, 85 deletions
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 2529e1e646..e13931ed34 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -87,22 +87,22 @@ static gnutls_error_entry error_algorithms[] = { ERROR_ENTRY("Base64 decoding error.", GNUTLS_E_BASE64_DECODING_ERROR, 1 ), ERROR_ENTRY("Base64 encoding error.", GNUTLS_E_BASE64_ENCODING_ERROR, 1 ), ERROR_ENTRY("Parsing error in SRP password file.", GNUTLS_E_SRP_PWD_PARSING_ERROR, 1 ), - ERROR_ENTRY("The requested data, were not available.", GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0 ), + ERROR_ENTRY("The requested data were not available.", GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0 ), ERROR_ENTRY("Error in the pull function.", GNUTLS_E_PULL_ERROR, 1 ), ERROR_ENTRY("Error in the push function.", GNUTLS_E_PUSH_ERROR, 1 ), - ERROR_ENTRY("The upper limit in record packet sequence number has been reached. Wow!", GNUTLS_E_RECORD_LIMIT_REACHED, 1 ), + ERROR_ENTRY("The upper limit of record packet sequence numbers has been reached. Wow!", GNUTLS_E_RECORD_LIMIT_REACHED, 1 ), ERROR_ENTRY("Error in the certificate.", GNUTLS_E_CERTIFICATE_ERROR, 1 ), ERROR_ENTRY("Unknown Subject Alternative name in X.509 certificate.", GNUTLS_E_X509_UNKNOWN_SAN, 1 ), ERROR_ENTRY("Unsupported critical extension in X.509 certificate.", GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1 ), - ERROR_ENTRY("Key usage violation in certificate, has been detected.", GNUTLS_E_KEY_USAGE_VIOLATION, 1 ), + ERROR_ENTRY("Key usage violation in certificate has been detected.", GNUTLS_E_KEY_USAGE_VIOLATION, 1 ), ERROR_ENTRY("Function was interrupted.", GNUTLS_E_AGAIN, 0 ), ERROR_ENTRY("Function was interrupted.", GNUTLS_E_INTERRUPTED, 0 ), ERROR_ENTRY("Rehandshake was requested by the peer.", GNUTLS_E_REHANDSHAKE, 0 ), ERROR_ENTRY("TLS Application data were received, while expected handshake data.", GNUTLS_E_GOT_APPLICATION_DATA, 1 ), ERROR_ENTRY("Error in Database backend.", GNUTLS_E_DB_ERROR, 1 ), ERROR_ENTRY("The certificate type is not supported.", GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1 ), - ERROR_ENTRY("The memory buffer given, is too short to hold parameters.", GNUTLS_E_SHORT_MEMORY_BUFFER, 1 ), + ERROR_ENTRY("The given memory buffer is too short to hold parameters.", GNUTLS_E_SHORT_MEMORY_BUFFER, 1 ), ERROR_ENTRY("The request is invalid.", GNUTLS_E_INVALID_REQUEST, 1 ), ERROR_ENTRY("An illegal parameter has been received.", GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1 ), ERROR_ENTRY("Error while reading file.", GNUTLS_E_FILE_ERROR, 1 ), @@ -139,10 +139,10 @@ static gnutls_error_entry error_algorithms[] = { ERROR_ENTRY("The certificate has unsupported attributes.", GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), ERROR_ENTRY("The hash algorithm is unknown.", GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1), ERROR_ENTRY("The PKCS structure's content type is unknown.", GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1), - ERROR_ENTRY("The PKCS structure's Bag type is unknown.", GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1), - ERROR_ENTRY("The password given contains invalid characters.", GNUTLS_E_INVALID_PASSWORD, 1), + ERROR_ENTRY("The PKCS structure's bag type is unknown.", GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1), + ERROR_ENTRY("The given password contains invalid characters.", GNUTLS_E_INVALID_PASSWORD, 1), ERROR_ENTRY("The Message Authentication Code verification failed.", GNUTLS_E_MAC_VERIFY_FAILED, 1), - {0, 0, 0, 0} + {NULL, NULL, 0, 0} }; #define GNUTLS_ERROR_LOOP(b) \ @@ -165,7 +165,7 @@ static gnutls_error_entry error_algorithms[] = { * may be fatal for you (your program). * * This is only useful if you are dealing with errors from the - * record layer, or the handshake layer. + * record layer or the handshake layer. * **/ int gnutls_error_is_fatal(int error) @@ -181,7 +181,7 @@ int gnutls_error_is_fatal(int error) * @error: is an error returned by a gnutls function. Error is always a negative value. * * This function is like perror(). The only difference is that it accepts an - * error returned by a gnutls function. + * error number returned by a gnutls function. **/ void gnutls_perror(int error) { @@ -198,8 +198,9 @@ void gnutls_perror(int error) * gnutls_strerror - Returns a string with a description of an error * @error: is an error returned by a gnutls function. Error is always a negative value. * - * This function is similar to strerror(). The only difference is that it - * accepts an error (number) returned by a gnutls function. + * This function is similar to strerror(). Differences: it accepts an error + * number returned by a gnutls function; it might return NULL in the case of + * an unknown error number. **/ const char* gnutls_strerror(int error) { diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 95a3e60863..5d8bd6334b 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -86,8 +86,8 @@ const char *_gnutls_extension_get_name(uint16 type) * requested ones. Otherwise it's a fatal error. */ static int _gnutls_extension_list_check( gnutls_session session, uint16 type) { -int i; if (session->security_parameters.entity==GNUTLS_CLIENT) { + int i; for(i=0;i<session->internals.extensions_sent_size;i++) { if (type==session->internals.extensions_sent[i]) return 0; /* ok found */ @@ -177,13 +177,12 @@ int (*ext_func_send)( gnutls_session, opaque*, int); (*data) = gnutls_malloc(2); /* allocate size for size */ - pos+=2; - if ((*data)==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - + + pos+=2; next = MAX_EXT_TYPES; /* maximum supported extensions */ do { next--; diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 22c6ae5e94..66f8263d21 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -1503,8 +1503,8 @@ static int _gnutls_send_client_hello(gnutls_session session, int again) if (session_id_len > 0) { memcpy(&data[pos], SessionID, session_id_len); + pos += session_id_len; } - pos += session_id_len; /* Copy the ciphersuites. diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 10f2a034df..a46426f44b 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -60,7 +60,7 @@ typedef void * gnutls_transport_ptr; */ #define MAX_HASH_SIZE 20 -#define MAX_LOG_SIZE 1024 /* maximum number of log message */ +#define MAX_LOG_SIZE 1024 /* maximum size of log message */ #define MAX_SRP_USERNAME 128 #define MAX_SERVER_NAME_SIZE 128 diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 559c71ab48..fefbcedb99 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -34,22 +34,17 @@ * * Sets the priority on the ciphers supported by gnutls. * Priority is higher for ciphers specified before others. - * After specifying the ciphers you want, you should add 0. + * After specifying the ciphers you want, you must append a 0. * Note that the priority is set on the client. The server does * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ int gnutls_cipher_set_priority(gnutls_session session, const int *list) { - const int *_list = list; int num = 0, i; - while (*_list != 0) { - num++; - ++_list; - } - - num = GMIN(MAX_ALGOS, num); + while (list[num] != 0) num++; + if (num > MAX_ALGOS) num = MAX_ALGOS; session->internals.cipher_algorithm_priority.algorithms = num; for (i = 0; i < num; i++) { @@ -67,23 +62,17 @@ int gnutls_cipher_set_priority(gnutls_session session, const int *list) * * Sets the priority on the key exchange algorithms supported by gnutls. * Priority is higher for algorithms specified before others. - * After specifying the algorithms you want, you should add 0. + * After specifying the algorithms you want, you must append a 0. * Note that the priority is set on the client. The server does * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ int gnutls_kx_set_priority(gnutls_session session, const int *list) { - const int *_list = list; int num = 0, i; - while (*_list != 0) { - num++; - ++_list; - } - - - num = GMIN(MAX_ALGOS, num); + while (list[num] != 0) num++; + if (num > MAX_ALGOS) num = MAX_ALGOS; session->internals.kx_algorithm_priority.algorithms = num; for (i = 0; i < num; i++) { @@ -101,23 +90,17 @@ int gnutls_kx_set_priority(gnutls_session session, const int *list) * * Sets the priority on the mac algorithms supported by gnutls. * Priority is higher for algorithms specified before others. - * After specifying the algorithms you want, you should add 0. + * After specifying the algorithms you want, you must append a 0. * Note that the priority is set on the client. The server does * not use the algorithm's priority except for disabling * algorithms that were not specified. **/ int gnutls_mac_set_priority(gnutls_session session, const int *list) { - const int *_list = list; int num = 0, i; - while (*_list != 0) { - num++; - ++_list; - } - - - num = GMIN(MAX_ALGOS, num); + while (list[num] != 0) num++; + if (num > MAX_ALGOS) num = MAX_ALGOS; session->internals.mac_algorithm_priority.algorithms = num; for (i = 0; i < num; i++) { @@ -135,7 +118,7 @@ int gnutls_mac_set_priority(gnutls_session session, const int *list) * * Sets the priority on the compression algorithms supported by gnutls. * Priority is higher for algorithms specified before others. - * After specifying the algorithms you want, you should add 0. + * After specifying the algorithms you want, you must append a 0. * Note that the priority is set on the client. The server does * not use the algorithm's priority except for disabling * algorithms that were not specified. @@ -148,15 +131,10 @@ int gnutls_mac_set_priority(gnutls_session session, const int *list) int gnutls_compression_set_priority(gnutls_session session, const int *list) { - const int *_list = list; int num = 0, i; - while (*_list != 0) { - num++; - ++_list; - } - - num = GMIN(MAX_ALGOS, num); + while (list[num] != 0) num++; + if (num > MAX_ALGOS) num = MAX_ALGOS; session->internals.compression_method_priority.algorithms = num; for (i = 0; i < num; i++) { @@ -178,16 +156,10 @@ int gnutls_compression_set_priority(gnutls_session session, **/ int gnutls_protocol_set_priority(gnutls_session session, const int *list) { - const int *_list = list; int num = 0, i; - while (*_list != 0) { - num++; - ++_list; - } - - - num = GMIN(MAX_ALGOS, num); + while (list[num] != 0) num++; + if (num > MAX_ALGOS) num = MAX_ALGOS; session->internals.protocol_priority.algorithms = num; for (i = 0; i < num; i++) { @@ -195,12 +167,10 @@ int gnutls_protocol_set_priority(gnutls_session session, const int *list) } /* set the current version to the first in the chain. - * This will be overriden later. + * This will be overridden later. */ if (num > 0) - _gnutls_set_current_version(session, - session->internals. - protocol_priority.priority[0]); + _gnutls_set_current_version(session, list[0]); return 0; } @@ -212,7 +182,7 @@ int gnutls_protocol_set_priority(gnutls_session session, const int *list) * * Sets the priority on the certificate types supported by gnutls. * Priority is higher for types specified before others. - * After specifying the types you want, you should add 0. + * After specifying the types you want, you must append a 0. * Note that the certificate type priority is set on the client. * The server does not use the cert type priority except for disabling * types that were not specified. @@ -221,16 +191,11 @@ int gnutls_certificate_type_set_priority(gnutls_session session, const int *list) { #ifdef HAVE_LIBOPENCDK - const int *_list = list; - int num = 0, i; - - while (*_list != 0) { - num++; - ++_list; - } + int num = 0, i; - num = GMIN(MAX_ALGOS, num); + while (list[num] != 0) num++; + if (num > MAX_ALGOS) num = MAX_ALGOS; session->internals.cert_type_priority.algorithms = num; for (i = 0; i < num; i++) { @@ -240,10 +205,11 @@ int gnutls_certificate_type_set_priority(gnutls_session session, return 0; -#endif +#else return GNUTLS_E_UNIMPLEMENTED_FEATURE; +#endif } /** @@ -267,16 +233,16 @@ int gnutls_certificate_type_set_priority(gnutls_session session, **/ int gnutls_set_default_priority(gnutls_session session) { - static const int protocol_priority[4] = + static const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; - static const int kx_priority[8] = + static const int kx_priority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, 0 }; - static const int cipher_priority[8] = { + static const int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, 0 }; - static const int comp_priority[4] = { GNUTLS_COMP_NULL, 0 }; - static const int mac_priority[4] = + static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 }; + static const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; gnutls_cipher_set_priority(session, cipher_priority); @@ -305,20 +271,20 @@ int gnutls_set_default_priority(gnutls_session session) **/ int gnutls_set_default_export_priority(gnutls_session session) { - static const int protocol_priority[4] = { + static const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3, 0 }; - static const int kx_priority[8] = { + static const int kx_priority[] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_RSA_EXPORT, 0 }; - static const int cipher_priority[8] = { + static const int cipher_priority[] = { GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_ARCFOUR_40, 0 }; - static const int comp_priority[4] = { GNUTLS_COMP_NULL, 0 }; - static const int mac_priority[4] = + static const int comp_priority[] = { GNUTLS_COMP_NULL, 0 }; + static const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; gnutls_cipher_set_priority(session, cipher_priority); diff --git a/lib/x509_b64.c b/lib/x509_b64.c index ebe317bca2..5881bf0bdb 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -358,8 +358,8 @@ int _gnutls_fbase64_decode( const opaque* header, const opaque * data, size_t da uint8 ** result) { int ret; - const char top[] = "-----BEGIN "; - const char bottom[] = "\n-----END "; + static const char top[] = "-----BEGIN "; + static const char bottom[] = "\n-----END "; uint8 *rdata; int rdata_size; uint8 *kdata; |