summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS2
-rw-r--r--configure.in6
-rw-r--r--lib/auth_anon.c21
-rw-r--r--lib/auth_cert.c61
-rw-r--r--lib/auth_cert.h15
-rw-r--r--lib/auth_dhe.c19
-rw-r--r--lib/auth_rsa.c5
-rw-r--r--lib/auth_rsa_export.c7
-rw-r--r--lib/defines.h5
-rw-r--r--lib/ext_cert_type.c9
-rw-r--r--lib/ext_cert_type.h4
-rw-r--r--lib/ext_max_record.c5
-rw-r--r--lib/ext_max_record.h4
-rw-r--r--lib/ext_server_name.c1
-rw-r--r--lib/ext_server_name.h4
-rw-r--r--lib/gnutls.h.in.in4
-rw-r--r--lib/gnutls_alert.c8
-rw-r--r--lib/gnutls_alert.h12
-rw-r--r--lib/gnutls_algorithms.c49
-rw-r--r--lib/gnutls_auth.c2
-rw-r--r--lib/gnutls_auth.h16
-rw-r--r--lib/gnutls_buffers.c26
-rw-r--r--lib/gnutls_buffers.h10
-rw-r--r--lib/gnutls_cert.c4
-rw-r--r--lib/gnutls_cipher.c11
-rw-r--r--lib/gnutls_cipher.h6
-rw-r--r--lib/gnutls_compress_int.c13
-rw-r--r--lib/gnutls_compress_int.h4
-rw-r--r--lib/gnutls_db.c7
-rw-r--r--lib/gnutls_dh_primes.c6
-rw-r--r--lib/gnutls_extensions.h4
-rw-r--r--lib/gnutls_global.c2
-rw-r--r--lib/gnutls_handshake.c11
-rw-r--r--lib/gnutls_hash_int.c4
-rw-r--r--lib/gnutls_hash_int.h4
-rw-r--r--lib/gnutls_int.h20
-rw-r--r--lib/gnutls_mem.c4
-rw-r--r--lib/gnutls_pk.c16
-rw-r--r--lib/gnutls_pk.h6
-rw-r--r--lib/gnutls_record.c4
-rw-r--r--lib/gnutls_rsa_export.c3
-rw-r--r--lib/gnutls_session_pack.c9
-rw-r--r--lib/gnutls_sig.c6
-rw-r--r--lib/gnutls_sig.h2
-rw-r--r--lib/gnutls_state.c2
-rw-r--r--lib/gnutls_ui.c2
-rw-r--r--lib/gnutls_ui.h2
-rw-r--r--lib/gnutls_x509.c15
-rw-r--r--lib/gnutls_x509.h2
-rw-r--r--lib/rfc2818_hostname.c4
-rw-r--r--lib/x509_b64.c17
-rw-r--r--lib/x509_b64.h6
-rw-r--r--lib/x509_sig_check.c4
-rw-r--r--libextra/auth_srp.c24
-rw-r--r--libextra/auth_srp.h4
-rw-r--r--libextra/auth_srp_passwd.c13
-rw-r--r--libextra/auth_srp_passwd.h4
-rw-r--r--libextra/auth_srp_sb64.c14
-rw-r--r--libextra/crypt.c1
-rw-r--r--libextra/crypt_srpsha1.c9
-rw-r--r--libextra/ext_srp.c10
-rw-r--r--libextra/ext_srp.h4
-rw-r--r--libextra/gnutls_openpgp.c3
63 files changed, 320 insertions, 261 deletions
diff --git a/NEWS b/NEWS
index 622b429fc4..13fe69ee71 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Version 0.5.10
- Updated documentation.
- Added server name extension. This allows clients to specify the
name of the server they connect to. Useful to HTTPS.
+- Several corrections in the code base, mostly in signed/unsigned,
+ checkings.
Version 0.5.9 (10/10/2002)
- Corrected some code which worked fine in gcc 3.2, but not with any
diff --git a/configure.in b/configure.in
index 3078ee1223..640df0f923 100644
--- a/configure.in
+++ b/configure.in
@@ -116,7 +116,7 @@ affect compiling.])
if test $ac_cv_c_compiler_gnu != no; then
if test x$opt_developer_mode = xyes; then
- CFLAGS="${CFLAGS} -Wall -Wpointer-arith -Wstrict-prototypes" # -Werror
+ CFLAGS="${CFLAGS} -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Wsign-compare -Winline -Wstrict-prototypes"
else
CFLAGS="${CFLAGS} -O2 -finline-functions"
fi
@@ -172,6 +172,10 @@ AC_CHECK_TYPES(ptrdiff_t,,, [
# include <sys/types.h>
])
+AC_CHECK_TYPES(uint,,, [
+# include <sys/types.h>
+])
+
AC_CHECK_TYPE(size_t,
DEFINE_SIZE_T="#include <sys/types.h>"
AC_SUBST( DEFINE_SIZE_T)
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 8875f2ff50..ab02231faa 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -38,8 +38,8 @@
int gen_anon_server_kx( gnutls_session, opaque**);
int gen_anon_client_kx( gnutls_session, opaque**);
-int proc_anon_server_kx( gnutls_session, opaque*, int);
-int proc_anon_client_kx( gnutls_session, opaque*, int);
+int proc_anon_server_kx( gnutls_session, opaque*, size_t);
+int proc_anon_client_kx( gnutls_session, opaque*, size_t);
const MOD_AUTH_STRUCT anon_auth_struct = {
"ANON",
@@ -194,13 +194,14 @@ int ret;
return n_X+2;
}
-int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) {
+int proc_anon_server_kx( gnutls_session session, opaque* data, size_t _data_size) {
uint16 n_Y, n_g, n_p;
size_t _n_Y, _n_g, _n_p;
uint8 *data_p;
uint8 *data_g;
uint8 *data_Y;
- int i, ret;
+ int i, ret, bits;
+ ssize_t data_size = _data_size;
i = 0;
DECR_LEN( data_size, 2);
@@ -255,7 +256,13 @@ int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) {
return ret;
}
- if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( session)) {
+ bits = _gnutls_dh_get_prime_bits( session);
+ if (bits < 0) {
+ gnutls_assert();
+ return bits;
+ }
+
+ if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < (size_t)bits) {
/* the prime used by the peer is not acceptable
*/
gnutls_assert();
@@ -280,12 +287,14 @@ int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) {
return 0;
}
-int proc_anon_client_kx( gnutls_session session, opaque* data, int data_size) {
+int proc_anon_client_kx( gnutls_session session, opaque* data, size_t _data_size)
+{
uint16 n_Y;
size_t _n_Y;
GNUTLS_MPI g, p;
int bits, ret;
const gnutls_anon_server_credentials cred;
+ ssize_t data_size = _data_size;
cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_ANON, NULL);
if (cred == NULL) {
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index eb9a9bb3d1..552abce866 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -46,6 +46,9 @@
#include <gnutls_extra.h>
#include "debug.h"
+static int _gnutls_server_find_cert_list_index(gnutls_session session,
+ gnutls_pk_algorithm requested_algo);
+
/* Copies data from a internal certificate struct (gnutls_cert) to
* exported certificate struct (CERTIFICATE_AUTH_INFO)
*/
@@ -165,14 +168,15 @@ inline
* given DN. If indx == -1 then no certificate was found.
*/
static int _find_x509_cert(const gnutls_certificate_credentials cred,
- opaque * _data, int _data_size,
+ opaque * _data, size_t _data_size,
gnutls_pk_algorithm * pk_algos, int pk_algos_length,
int *indx)
{
- int size;
+ uint size;
gnutls_datum odn;
opaque *data = _data;
- int data_size = _data_size, i, j;
+ ssize_t data_size = _data_size;
+ uint i, j;
int result;
*indx = -1;
@@ -221,9 +225,6 @@ static int _find_x509_cert(const gnutls_certificate_credentials cred,
break;
/* move to next record */
- if (data_size <= 0)
- break;
-
data += size;
} while (1);
@@ -238,7 +239,7 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred,
gnutls_pk_algorithm * pk_algos, int pk_algos_length,
int *indx)
{
- int i, j;
+ uint i, j;
*indx = -1;
@@ -274,16 +275,17 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred,
*/
static int _gnutls_find_acceptable_client_cert(gnutls_session session,
opaque * _data,
- int _data_size, int *ind,
+ size_t _data_size, int *ind,
gnutls_pk_algorithm * pk_algos,
int pk_algos_length)
{
int result, size;
int indx = -1;
- int i, j, try = 0, *ij_map = NULL;
+ uint i, j;
+ int try = 0, *ij_map = NULL;
const gnutls_certificate_credentials cred;
opaque *data = _data;
- int data_size = _data_size;
+ ssize_t data_size = _data_size;
cred =
_gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE,
@@ -334,9 +336,9 @@ static int _gnutls_find_acceptable_client_cert(gnutls_session session,
if (indx == -1 && session->internals.client_cert_callback != NULL && cred->ncerts > 0) { /* use a callback to get certificate */
gnutls_datum *my_certs = NULL;
gnutls_datum *issuers_dn = NULL;
- int issuers_dn_len = 0;
+ uint issuers_dn_len = 0;
opaque* dataptr = data;
- int dataptr_size = data_size;
+ ssize_t dataptr_size = data_size;
/* Count the number of the given issuers;
* This is used to allocate the issuers_dn without
@@ -661,13 +663,13 @@ int _gnutls_gen_cert_server_certificate(gnutls_session session, opaque ** data)
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_free_cert(peer_certificate_list[x])
int _gnutls_proc_x509_server_certificate(gnutls_session session, opaque * data,
- int data_size)
+ size_t data_size)
{
int size, len, ret;
opaque *p = data;
CERTIFICATE_AUTH_INFO info;
const gnutls_certificate_credentials cred;
- int dsize = data_size;
+ ssize_t dsize = data_size;
int i, j, x;
gnutls_cert *peer_certificate_list;
int peer_certificate_list_size = 0;
@@ -795,13 +797,13 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session, opaque * data,
#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_free_cert(peer_certificate_list[x])
int _gnutls_proc_openpgp_server_certificate(gnutls_session session,
- opaque * data, int data_size)
+ opaque * data, size_t data_size)
{
int size, ret, len;
opaque *p = data;
CERTIFICATE_AUTH_INFO info;
const gnutls_certificate_credentials cred;
- int dsize = data_size;
+ ssize_t dsize = data_size;
int i, x;
gnutls_cert *peer_certificate_list;
int peer_certificate_list_size = 0;
@@ -962,7 +964,7 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session,
}
int _gnutls_proc_cert_server_certificate(gnutls_session session, opaque * data,
- int data_size)
+ size_t data_size)
{
switch (session->security_parameters.cert_type) {
case GNUTLS_CRT_OPENPGP:
@@ -999,13 +1001,13 @@ int _gnutls_check_supported_sign_algo(CertificateSigType algo)
}
int _gnutls_proc_cert_cert_req(gnutls_session session, opaque * data,
- int data_size)
+ size_t data_size)
{
int size, ret;
opaque *p = data;
const gnutls_certificate_credentials cred;
CERTIFICATE_AUTH_INFO info;
- int dsize = data_size;
+ ssize_t dsize = data_size;
int i, j, ind;
gnutls_pk_algorithm pk_algos[MAX_SIGN_ALGOS];
int pk_algos_length;
@@ -1129,10 +1131,10 @@ int _gnutls_gen_cert_client_cert_vrfy(gnutls_session session, opaque ** data)
}
int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, opaque * data,
- int data_size)
+ size_t data_size)
{
int size, ret;
- int dsize = data_size;
+ ssize_t dsize = data_size;
opaque *pdata = data;
gnutls_datum sig;
CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(session);
@@ -1182,9 +1184,7 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, opaque * data,
}
if ((ret =
- _gnutls_verify_sig_hdata(session, &peer_cert, &sig,
- data_size + HANDSHAKE_HEADER_SIZE)) <
- 0) {
+ _gnutls_verify_sig_hdata(session, &peer_cert, &sig)) < 0) {
gnutls_assert();
_gnutls_free_cert(peer_cert);
return ret;
@@ -1339,8 +1339,6 @@ const gnutls_cert *_gnutls_server_find_cert(gnutls_session session,
return NULL;
i = _gnutls_server_find_cert_list_index(session,
- x509_cred->cert_list,
- x509_cred->ncerts,
requested_algo);
if (i < 0)
@@ -1355,12 +1353,11 @@ const gnutls_cert *_gnutls_server_find_cert(gnutls_session session,
* requested_algo holds the parameters required by the peer (RSA, DSA
* or -1 for any).
*/
-int _gnutls_server_find_cert_list_index(gnutls_session session,
- gnutls_cert ** cert_list,
- int cert_list_length,
+static int _gnutls_server_find_cert_list_index(gnutls_session session,
gnutls_pk_algorithm requested_algo)
{
- int i, index = -1, j;
+ uint i, j;
+ int index = -1;
const gnutls_certificate_credentials cred;
int my_certs_length;
int *ij_map = NULL;
@@ -1377,7 +1374,7 @@ int _gnutls_server_find_cert_list_index(gnutls_session session,
for (i = 0; i < cred->ncerts; i++) {
/* find one compatible certificate */
- if (requested_algo == -1 ||
+ if (requested_algo == (gnutls_pk_algorithm)-1 ||
requested_algo ==
cred->cert_list[i][0].subject_pk_algorithm) {
/* if cert type matches */
@@ -1406,7 +1403,7 @@ int _gnutls_server_find_cert_list_index(gnutls_session session,
j = 0;
for (i = 0; i < cred->ncerts; i++) {
/* Add compatible certificates */
- if (requested_algo == -1 ||
+ if (requested_algo == (gnutls_pk_algorithm)-1 ||
requested_algo ==
cred->cert_list[i][0].subject_pk_algorithm) {
diff --git a/lib/auth_cert.h b/lib/auth_cert.h
index adeb6a8c1c..347cb95c1d 100644
--- a/lib/auth_cert.h
+++ b/lib/auth_cert.h
@@ -16,11 +16,11 @@ typedef struct {
* (if more than one, one certificate certifies the one before)
* [1] certificate2, certificate22, ...
*/
- int * cert_list_length;
+ uint * cert_list_length;
/* contains the number of the certificates in a
* row (should be 1 for OpenPGP keys).
*/
- int ncerts; /* contains the number of columns in cert_list.
+ uint ncerts; /* contains the number of columns in cert_list.
* This is the same with the number of pkeys.
*/
@@ -41,7 +41,7 @@ typedef struct {
/* X509 specific stuff */
gnutls_cert * x509_ca_list;
- int x509_ncas; /* number of CAs in the ca_list
+ uint x509_ncas; /* number of CAs in the ca_list
*/
/* holds a sequence of the
@@ -67,7 +67,7 @@ typedef struct CERTIFICATE_AUTH_INFO_INT {
gnutls_datum* raw_certificate_list; /* holds the raw certificate of the
* peer.
*/
- int ncerts; /* holds the size of the list above */
+ unsigned int ncerts; /* holds the size of the list above */
} *CERTIFICATE_AUTH_INFO;
typedef struct CERTIFICATE_AUTH_INFO_INT CERTIFICATE_AUTH_INFO_INT;
@@ -77,13 +77,12 @@ int _gnutls_gen_cert_server_certificate(gnutls_session, opaque **);
int _gnutls_gen_cert_client_certificate(gnutls_session, opaque **);
int _gnutls_gen_cert_client_cert_vrfy(gnutls_session, opaque **);
int _gnutls_gen_cert_server_cert_req(gnutls_session, opaque **);
-int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, int);
-int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, int);
-int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, int);
+int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, size_t);
+int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, size_t);
+int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, size_t);
int _gnutls_find_apr_cert( gnutls_session session, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_private_key** apr_pkey);
int _gnutls_find_dn( gnutls_datum* odn, gnutls_cert* cert);
const gnutls_cert* _gnutls_server_find_cert( struct gnutls_session_int*, gnutls_pk_algorithm);
-int _gnutls_server_find_cert_list_index( struct gnutls_session_int*, gnutls_cert ** cert_list, int cert_list_length, gnutls_pk_algorithm);
#define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c
index d169469c7f..f8fc0cf510 100644
--- a/lib/auth_dhe.c
+++ b/lib/auth_dhe.c
@@ -38,8 +38,8 @@
static int gen_dhe_server_kx(gnutls_session, opaque **);
static int gen_dhe_client_kx(gnutls_session, opaque **);
-static int proc_dhe_server_kx(gnutls_session, opaque *, int);
-static int proc_dhe_client_kx(gnutls_session, opaque *, int);
+static int proc_dhe_server_kx(gnutls_session, opaque *, size_t);
+static int proc_dhe_client_kx(gnutls_session, opaque *, size_t);
const MOD_AUTH_STRUCT dhe_rsa_auth_struct = {
"DHE_RSA",
@@ -286,7 +286,7 @@ static int gen_dhe_client_kx(gnutls_session session, opaque ** data)
OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert = NULL;
static int proc_dhe_server_kx(gnutls_session session, opaque * data,
- int data_size)
+ size_t _data_size)
{
uint16 n_Y, n_g, n_p;
size_t _n_Y, _n_g, _n_p;
@@ -295,8 +295,9 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data,
uint8 *data_Y;
int i, sigsize;
gnutls_datum vparams, signature;
- int ret;
+ int ret, bits;
CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session);
+ ssize_t data_size = _data_size;
gnutls_cert peer_cert;
if (info == NULL || info->ncerts==0) {
@@ -364,7 +365,12 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data,
return ret;
}
- if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( session)) {
+ bits = _gnutls_dh_get_prime_bits( session);
+ if (bits < 0) {
+ gnutls_assert();
+ return bits;
+ }
+ if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < (size_t)bits) {
/* the prime used by the peer is not acceptable
*/
gnutls_assert();
@@ -433,12 +439,13 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data,
}
static int proc_dhe_client_kx(gnutls_session session, opaque * data,
- int data_size)
+ size_t _data_size)
{
uint16 n_Y;
size_t _n_Y;
GNUTLS_MPI g, p;
int bits, ret;
+ ssize_t data_size = _data_size;
const gnutls_certificate_credentials cred;
cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL);
diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c
index bd1a7fda00..86f3c8006d 100644
--- a/lib/auth_rsa.c
+++ b/lib/auth_rsa.c
@@ -42,7 +42,7 @@
#include <gnutls_extra.h>
int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **);
-int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, int);
+int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, size_t);
const MOD_AUTH_STRUCT rsa_auth_struct = {
"RSA",
@@ -211,13 +211,14 @@ const gnutls_certificate_credentials cred;
return GNUTLS_E_MEMORY_ERROR; \
}
-int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, int data_size)
+int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, size_t _data_size)
{
gnutls_sdatum plaintext;
gnutls_datum ciphertext;
int ret, dsize;
GNUTLS_MPI *params;
int params_len;
+ ssize_t data_size = _data_size;
if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) {
/* SSL 3.0 */
diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c
index 52bda95ae2..64c551ba96 100644
--- a/lib/auth_rsa_export.c
+++ b/lib/auth_rsa_export.c
@@ -44,9 +44,9 @@
#include <gnutls_state.h>
int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **);
-int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, int);
+int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, size_t);
static int gen_rsa_export_server_kx(gnutls_session, opaque **);
-static int proc_rsa_export_server_kx(gnutls_session, opaque *, int);
+static int proc_rsa_export_server_kx(gnutls_session, opaque *, size_t);
const MOD_AUTH_STRUCT rsa_export_auth_struct = {
"RSA EXPORT",
@@ -239,7 +239,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session);
}
static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
- int data_size)
+ size_t _data_size)
{
uint16 n_m, n_e;
size_t _n_m, _n_e;
@@ -248,6 +248,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data,
int i, sigsize;
gnutls_datum vparams, signature;
int ret;
+ ssize_t data_size = _data_size;
CERTIFICATE_AUTH_INFO info;
gnutls_cert peer_cert;
diff --git a/lib/defines.h b/lib/defines.h
index bd418f1fdd..de24ba48a1 100644
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -93,6 +93,11 @@ typedef long ptrdiff_t;
# define USE_MCRYPT
#endif
+#ifndef HAVE_UINT
+typedef unsigned int uint;
+typedef signed int sint;
+#endif
+
#if SIZEOF_UNSIGNED_LONG == 8
# define HAVE_UINT64
/* only used native uint64 in 64 bit machines */
diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c
index b86615d4c7..26a2252f1e 100644
--- a/lib/ext_cert_type.c
+++ b/lib/ext_cert_type.c
@@ -39,10 +39,11 @@
*
*/
-int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, int data_size)
+int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, size_t _data_size)
{
int new_type = -1, ret, i;
-
+ ssize_t data_size = _data_size;
+
if (session->security_parameters.entity == GNUTLS_CLIENT) {
if (data_size > 0) {
if ( data_size != 1) {
@@ -108,8 +109,8 @@ int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, i
/* returns data_size or a negative number on failure
* data is allocated localy
*/
-int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, int data_size) {
- uint16 len, i;
+int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, size_t data_size) {
+ uint len, i;
/* this function sends the client extension data (dnsname) */
if (session->security_parameters.entity == GNUTLS_CLIENT) {
diff --git a/lib/ext_cert_type.h b/lib/ext_cert_type.h
index d6b0fc4d25..f7520cdab2 100644
--- a/lib/ext_cert_type.h
+++ b/lib/ext_cert_type.h
@@ -3,5 +3,5 @@
*/
int _gnutls_num2cert_type( int num);
int _gnutls_cert_type2num( int record_size);
-int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, int data_size);
-int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, int);
+int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, size_t data_size);
+int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, size_t);
diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c
index 9338fcb585..a340a6ff12 100644
--- a/lib/ext_max_record.c
+++ b/lib/ext_max_record.c
@@ -37,8 +37,9 @@
*
*/
-int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, int data_size) {
+int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, size_t _data_size) {
ssize_t new_size;
+ ssize_t data_size = _data_size;
if (session->security_parameters.entity == GNUTLS_SERVER) {
if (data_size > 0) {
@@ -83,7 +84,7 @@ int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data,
/* returns data_size or a negative number on failure
* data is allocated localy
*/
-int _gnutls_max_record_send_params( gnutls_session session, opaque* data, int data_size) {
+int _gnutls_max_record_send_params( gnutls_session session, opaque* data, size_t data_size) {
uint16 len;
/* this function sends the client extension data (dnsname) */
if (session->security_parameters.entity == GNUTLS_CLIENT) {
diff --git a/lib/ext_max_record.h b/lib/ext_max_record.h
index 77392a50f6..f804915ab3 100644
--- a/lib/ext_max_record.h
+++ b/lib/ext_max_record.h
@@ -3,5 +3,5 @@
*/
int _gnutls_mre_num2record( int num);
int _gnutls_mre_record2num( uint16 record_size);
-int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, int data_size);
-int _gnutls_max_record_send_params( gnutls_session session, opaque* data, int);
+int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, size_t data_size);
+int _gnutls_max_record_send_params( gnutls_session session, opaque* data, size_t);
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c
index 7beb5434fe..1bafbb1374 100644
--- a/lib/ext_server_name.c
+++ b/lib/ext_server_name.c
@@ -254,7 +254,6 @@ int gnutls_set_server_name(gnutls_session session,
gnutls_server_name_type type,
const void *name, int name_length)
{
- const char *dnsname;
int server_names;
if (session->security_parameters.entity == GNUTLS_SERVER)
diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h
index 61ba1f3606..6d9c476000 100644
--- a/lib/ext_server_name.h
+++ b/lib/ext_server_name.h
@@ -1,5 +1,5 @@
-int _gnutls_server_name_recv_params( gnutls_session session, const opaque* data, int data_size);
-int _gnutls_server_name_send_params( gnutls_session session, opaque* data, int);
+int _gnutls_server_name_recv_params( gnutls_session session, const opaque* data, size_t data_size);
+int _gnutls_server_name_send_params( gnutls_session session, opaque* data, size_t);
int gnutls_get_server_name(gnutls_session session, void* data, int* data_length,
int *type, int index);
diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in
index 99a133130f..eded9cb695 100644
--- a/lib/gnutls.h.in.in
+++ b/lib/gnutls.h.in.in
@@ -121,7 +121,7 @@ typedef struct gnutls_rsa_params_int* gnutls_rsa_params;
typedef struct {
unsigned char * data;
- int size;
+ unsigned int size;
} gnutls_datum;
/* internal functions */
@@ -137,7 +137,7 @@ int gnutls_rehandshake( gnutls_session session);
gnutls_alert_description gnutls_alert_get( gnutls_session session);
int gnutls_alert_send( gnutls_session, gnutls_alert_level, gnutls_alert_description);
int gnutls_alert_send_appropriate( gnutls_session session, int err);
-const char* gnutls_alert_get_name( int alert);
+const char* gnutls_alert_get_name( gnutls_alert_description alert);
/* get information on the current session */
gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session);
diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c
index deb93f20e4..10e6eafa6b 100644
--- a/lib/gnutls_alert.c
+++ b/lib/gnutls_alert.c
@@ -26,7 +26,7 @@
#include <debug.h>
typedef struct {
- AlertDescription alert;
+ gnutls_alert_description alert;
const char *desc;
} gnutls_alert_entry;
@@ -72,7 +72,7 @@ static const gnutls_alert_entry sup_alerts[] = {
* See. gnutls_alert_get().
*
**/
-const char* gnutls_alert_get_name( int alert) {
+const char* gnutls_alert_get_name( gnutls_alert_level alert) {
const char* ret = NULL;
GNUTLS_ALERT_ID_LOOP( ret = p->desc);
@@ -93,7 +93,7 @@ const char* ret = NULL;
* Returns 0 on success.
*
**/
-int gnutls_alert_send( gnutls_session session, GNUTLS_AlertLevel level, GNUTLS_AlertDescription desc)
+int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc)
{
uint8 data[2];
int ret;
@@ -238,7 +238,7 @@ int level;
* The peer may send alerts if he thinks some things were not
* right. Check gnutls.h for the available alert descriptions.
**/
-GNUTLS_AlertDescription gnutls_alert_get( gnutls_session session) {
+gnutls_alert_description gnutls_alert_get( gnutls_session session) {
return session->internals.last_alert;
}
diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h
index ad9b747467..e0599cc31d 100644
--- a/lib/gnutls_alert.h
+++ b/lib/gnutls_alert.h
@@ -1,6 +1,5 @@
-typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL
-} AlertLevel;
-#define GNUTLS_AlertLevel AlertLevel
+typedef enum gnutls_alert_level { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL
+} gnutls_alert_level;
typedef enum AlertDescription {
GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10,
@@ -15,8 +14,7 @@ typedef enum AlertDescription {
GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY,
GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90,
GNUTLS_A_NO_RENEGOTIATION=100
-} AlertDescription;
-#define GNUTLS_AlertDescription AlertDescription
+} gnutls_alert_description;
-AlertDescription gnutls_alert_get( gnutls_session session);
-int gnutls_alert_send( gnutls_session session, AlertLevel level, AlertDescription desc);
+gnutls_alert_description gnutls_alert_get( gnutls_session session);
+int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc);
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 64f7f988e3..da131c584c 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -77,10 +77,10 @@ static const gnutls_version_entry sup_versions[] = {
struct gnutls_cipher_entry {
const char *name;
gnutls_cipher_algorithm id;
- size_t blocksize;
- size_t keysize;
+ uint16 blocksize;
+ uint16 keysize;
CipherType block;
- size_t iv;
+ uint16 iv;
int export_flag; /* 0 non export */
};
typedef struct gnutls_cipher_entry gnutls_cipher_entry;
@@ -399,7 +399,7 @@ int _gnutls_mac_get_digest_size(gnutls_mac_algorithm algorithm)
inline int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm algorithm)
{ /* actually returns the priority */
- int i;
+ unsigned int i;
for (i = 0;
i < session->internals.mac_algorithm_priority.algorithms;
i++) {
@@ -431,7 +431,7 @@ const char *gnutls_mac_get_name( gnutls_mac_algorithm algorithm)
int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm)
{
- size_t ret = -1;
+ ssize_t ret = -1;
GNUTLS_HASH_ALG_LOOP(ret = p->id);
if (ret >= 0)
ret = 0;
@@ -445,7 +445,7 @@ inline
int _gnutls_compression_priority(gnutls_session session,
gnutls_compression_method algorithm)
{ /* actually returns the priority */
- int i;
+ unsigned int i;
for (i = 0;
i <
session->internals.compression_method_priority.algorithms;
@@ -527,7 +527,7 @@ gnutls_compression_method _gnutls_compression_get_id(int num)
int _gnutls_compression_is_ok(gnutls_compression_method algorithm)
{
- size_t ret = -1;
+ ssize_t ret = -1;
GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id);
if (ret >= 0)
ret = 0;
@@ -552,7 +552,7 @@ inline
int
_gnutls_cipher_priority(gnutls_session session, gnutls_cipher_algorithm algorithm)
{
- int i;
+ unsigned int i;
for (i = 0;
i <
session->internals.
@@ -626,7 +626,7 @@ const char *gnutls_cipher_get_name( gnutls_cipher_algorithm algorithm)
int _gnutls_cipher_is_ok(gnutls_cipher_algorithm algorithm)
{
- size_t ret = -1;
+ ssize_t ret = -1;
GNUTLS_ALG_LOOP(ret = p->id);
if (ret >= 0)
ret = 0;
@@ -647,7 +647,7 @@ MOD_AUTH_STRUCT *_gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm)
inline int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algorithm)
{
- int i;
+ unsigned int i;
for (i = 0;
i < session->internals.kx_algorithm_priority.algorithms;
i++) {
@@ -677,7 +677,7 @@ const char *gnutls_kx_get_name( gnutls_kx_algorithm algorithm)
int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm)
{
- size_t ret = -1;
+ ssize_t ret = -1;
GNUTLS_KX_ALG_LOOP(ret = p->algorithm);
if (ret >= 0)
ret = 0;
@@ -690,7 +690,7 @@ int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm)
int _gnutls_version_priority(gnutls_session session,
gnutls_protocol_version version)
{ /* actually returns the priority */
- int i;
+ unsigned int i;
if (session->internals.protocol_priority.priority==NULL) {
gnutls_assert();
@@ -711,7 +711,7 @@ int _gnutls_version_priority(gnutls_session session,
gnutls_protocol_version _gnutls_version_lowest(gnutls_session session)
{ /* returns the lowest version supported */
- int i, min = 0xff;
+ unsigned int i, min = 0xff;
if (session->internals.protocol_priority.priority==NULL) {
return GNUTLS_VERSION_UNKNOWN;
@@ -728,7 +728,7 @@ gnutls_protocol_version _gnutls_version_lowest(gnutls_session session)
gnutls_protocol_version _gnutls_version_max(gnutls_session session)
{ /* returns the maximum version supported */
- int i, max=0x00;
+ unsigned int i, max=0x00;
if (session->internals.protocol_priority.priority==NULL) {
return GNUTLS_VERSION_UNKNOWN;
@@ -926,9 +926,9 @@ inline
uint8 *base = _base;
uint8 tmp[MAX_ELEM_SIZE];
uint8 ptmp[MAX_ELEM_SIZE];
- int pivot;
- int i, j;
- int full;
+ unsigned int pivot;
+ unsigned int i, j;
+ unsigned int full;
i = pivot = 0;
j = full = (nmemb - 1) * size;
@@ -961,9 +961,9 @@ static void
_gnutls_qsort(gnutls_session session, void *_base, size_t nmemb, size_t size,
int (*compar) (gnutls_session, const void *, const void *))
{
- int pivot;
+ unsigned int pivot;
char *base = _base;
- int snmemb = nmemb;
+ size_t snmemb = nmemb;
#ifdef DEBUG
if (size > MAX_ELEM_SIZE) {
@@ -1031,7 +1031,7 @@ _gnutls_bsort(gnutls_session session, void *_base, size_t nmemb,
size_t size, int (*compar) (gnutls_session, const void *,
const void *))
{
- int i, j;
+ unsigned int i, j;
int full = nmemb * size;
char *base = _base;
char tmp[MAX_ELEM_SIZE];
@@ -1053,7 +1053,7 @@ _gnutls_supported_ciphersuites_sorted(gnutls_session session,
{
#ifdef SORT_DEBUG
- int i;
+ unsigned int i;
#endif
int count;
@@ -1088,8 +1088,8 @@ _gnutls_supported_ciphersuites(gnutls_session session,
GNUTLS_CipherSuite ** _ciphers)
{
- int i, ret_count, j;
- int count = CIPHER_SUITES_COUNT;
+ unsigned int i, ret_count, j;
+ unsigned int count = CIPHER_SUITES_COUNT;
GNUTLS_CipherSuite *tmp_ciphers;
GNUTLS_CipherSuite* ciphers;
gnutls_protocol_version version;
@@ -1192,7 +1192,8 @@ _gnutls_supported_ciphersuites(gnutls_session session,
int
_gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp)
{
- int i, tmp, j=0;
+ unsigned int i, j=0;
+ int tmp;
*comp = gnutls_malloc( sizeof(uint8) * SUPPORTED_COMPRESSION_METHODS);
if (*comp == NULL)
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index d3e3a036de..058afd9001 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -209,7 +209,7 @@ void _gnutls_free_auth_info( gnutls_session session) {
break;
case GNUTLS_CRD_CERTIFICATE: {
- int i;
+ unsigned int i;
CERTIFICATE_AUTH_INFO info =
_gnutls_get_auth_info(session);
diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h
index 21d3acb6ea..bde3fbc008 100644
--- a/lib/gnutls_auth.h
+++ b/lib/gnutls_auth.h
@@ -12,14 +12,14 @@ typedef struct MOD_AUTH_STRUCT_INT {
int (*gnutls_generate_client_cert_vrfy) ( gnutls_session, opaque**);
int (*gnutls_generate_server_certificate_request) ( gnutls_session, opaque**);
- int (*gnutls_process_server_certificate)( gnutls_session, opaque*, int);
- int (*gnutls_process_client_certificate)( gnutls_session, opaque*, int);
- int (*gnutls_process_server_kx)( gnutls_session, opaque*, int);
- int (*gnutls_process_server_kx2)( gnutls_session, opaque*, int);
- int (*gnutls_process_client_kx0)( gnutls_session, opaque*, int);
- int (*gnutls_process_client_kx)( gnutls_session, opaque*, int);
- int (*gnutls_process_client_cert_vrfy) ( gnutls_session, opaque*, int);
- int (*gnutls_process_server_certificate_request) ( gnutls_session, opaque*, int);
+ int (*gnutls_process_server_certificate)( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_client_certificate)( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_server_kx)( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_server_kx2)( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_client_kx0)( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_client_kx)( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_client_cert_vrfy) ( gnutls_session, opaque*, size_t);
+ int (*gnutls_process_server_certificate_request) ( gnutls_session, opaque*, size_t);
} MOD_AUTH_STRUCT;
#endif
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 63c8a40ba9..910dcf3ed3 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -72,7 +72,7 @@ static int RET( int err) {
/* Buffers received packets of type APPLICATION DATA and
* HANDSHAKE DATA.
*/
-int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, int length)
+int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, size_t length)
{
if (length==0) return 0;
switch( type) {
@@ -136,9 +136,9 @@ size_t gnutls_record_check_pending(gnutls_session session) {
return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, session);
}
-int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, int length)
+int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, size_t length)
{
- if (length < 0 || data==NULL) {
+ if (length==0 || data==NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_PARAMETERS;
}
@@ -323,7 +323,8 @@ void _gnutls_io_clear_read_buffer( gnutls_session session) {
ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t sizeOfPtr, ContentType recv_type)
{
ssize_t ret=0, ret2=0;
- int min, buf_pos;
+ size_t min;
+ int buf_pos;
char *buf;
int recvlowat = RCVLOWAT;
int recvdata, alloc_size;
@@ -331,7 +332,8 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t
*iptr = session->internals.record_recv_buffer.data;
if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0
- || (session->internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) {
+ || (session->internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE)
+ {
gnutls_assert(); /* internal error */
return GNUTLS_E_INVALID_PARAMETERS;
}
@@ -441,7 +443,7 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t
ret = session->internals.record_recv_buffer.size;
- if ((ret > 0) && (ret < sizeOfPtr)) {
+ if ((ret > 0) && ((size_t)ret < sizeOfPtr)) {
/* Short Read */
gnutls_assert();
return GNUTLS_E_AGAIN;
@@ -456,12 +458,12 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t
* the data left to sent, in order to send them later.
*/
-#define MEMSUB(x,y) (x-y)
+#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
inline
-static int _gnutls_buffer_insert( gnutls_datum * buffer, const opaque* _data, int data_size) {
+static int _gnutls_buffer_insert( gnutls_datum * buffer, const opaque* _data, size_t data_size) {
- if ( ( MEMSUB(_data, buffer->data) >= 0) && (MEMSUB(_data, buffer->data) < buffer->size) ) {
+ if ( ( MEMSUB(_data, buffer->data) >= 0) && (MEMSUB(_data, buffer->data) < (ssize_t)buffer->size) ) {
/* the given _data is part of the buffer.
*/
if (data_size > buffer->size) {
@@ -883,7 +885,7 @@ ssize_t _gnutls_handshake_io_recv_int( gnutls_session session, ContentType type,
* for finished messages to use them. Used in HMAC calculation
* and finished messages.
*/
-int _gnutls_handshake_buffer_put( gnutls_session session, char *data, int length)
+int _gnutls_handshake_buffer_put( gnutls_session session, char *data, size_t length)
{
if (length==0) return 0;
@@ -915,7 +917,7 @@ int _gnutls_handshake_buffer_get_size( gnutls_session session)
/* this function does not touch the buffer
* and returns data from it (peek mode!)
*/
-int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int length)
+int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, size_t length)
{
if (length > session->internals.handshake_hash_buffer.size) {
length = session->internals.handshake_hash_buffer.size;
@@ -930,7 +932,7 @@ int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int lengt
/* this function does not touch the buffer
* and returns data from it (peek mode!)
*/
-int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, int *length)
+int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, size_t *length)
{
if (length!=NULL)
*length = session->internals.handshake_hash_buffer.size;
diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h
index 8481e9f659..dbbd10c326 100644
--- a/lib/gnutls_buffers.h
+++ b/lib/gnutls_buffers.h
@@ -18,9 +18,9 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, int length);
+int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, size_t length);
int _gnutls_record_buffer_get_size(ContentType type, gnutls_session session);
-int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, int length);
+int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, size_t length);
ssize_t _gnutls_io_read_buffered( gnutls_session, opaque **iptr, size_t n, ContentType);
void _gnutls_io_clear_read_buffer( gnutls_session);
int _gnutls_io_clear_peeked_data( gnutls_session session);
@@ -30,11 +30,11 @@ ssize_t _gnutls_io_write_buffered2( gnutls_session, const void *iptr, size_t n,
const void* iptr2, size_t n2);
int _gnutls_handshake_buffer_get_size( gnutls_session session);
-int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int length);
-int _gnutls_handshake_buffer_put( gnutls_session session, char *data, int length);
+int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, size_t length);
+int _gnutls_handshake_buffer_put( gnutls_session session, char *data, size_t length);
int _gnutls_handshake_buffer_clear( gnutls_session session);
int _gnutls_handshake_buffer_empty( gnutls_session session);
-int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, int *length);
+int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, size_t *length);
#define _gnutls_handshake_io_buffer_clear( session) \
gnutls_free( session->internals.handshake_send_buffer.data); \
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 3666d1562b..b2ed6aff0f 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -108,7 +108,7 @@ void _gnutls_free_cert(gnutls_cert cert)
**/
void gnutls_certificate_free_credentials(gnutls_certificate_credentials sc)
{
- int i, j;
+ uint i, j;
for (i = 0; i < sc->ncerts; i++) {
for (j = 0; j < sc->cert_list_length[i]; j++) {
@@ -329,7 +329,7 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session session)
{
CERTIFICATE_AUTH_INFO info;
const gnutls_certificate_credentials cred;
- gnutls_certificate_status verify;
+ int verify;
int peer_certificate_list_size;
CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c
index c07477b1d7..4a338756bd 100644
--- a/lib/gnutls_cipher.c
+++ b/lib/gnutls_cipher.c
@@ -60,9 +60,9 @@ is_read_comp_null( gnutls_session session) {
*
* If random pad != 0 then the random pad data will be appended.
*/
-int _gnutls_encrypt(gnutls_session session, const char* headers, int headers_size,
+int _gnutls_encrypt(gnutls_session session, const char* headers, size_t headers_size,
const char *data, size_t data_size,
- opaque * ciphertext, int ciphertext_size, ContentType type, int random_pad)
+ opaque * ciphertext, size_t ciphertext_size, ContentType type, int random_pad)
{
const gnutls_datum plain = { (opaque*) data, data_size };
gnutls_datum comp;
@@ -104,7 +104,7 @@ int _gnutls_encrypt(gnutls_session session, const char* headers, int headers_siz
int _gnutls_decrypt(gnutls_session session, char *ciphertext,
- size_t ciphertext_size, uint8 * data, int data_size,
+ size_t ciphertext_size, uint8 * data, size_t data_size,
ContentType type)
{
gnutls_datum gtxt;
@@ -180,7 +180,7 @@ static void mac_deinit( GNUTLS_MAC_HANDLE td, opaque* res, int ver) {
inline
static int calc_enc_length( gnutls_session session, int data_size, int hash_size, uint8* pad, int random_pad,
- CipherType block_algo, int blocksize)
+ CipherType block_algo, uint16 blocksize)
{
uint8 rand;
int length;
@@ -335,7 +335,8 @@ int _gnutls_ciphertext2compressed(gnutls_session session,
uint64 seq_num;
uint16 length;
GNUTLS_MAC_HANDLE td;
- int blocksize, ret, i;
+ uint16 blocksize;
+ int ret, i;
uint8 major, minor;
gnutls_protocol_version ver;
int hash_size = _gnutls_mac_get_digest_size(session->security_parameters.read_mac_algorithm);
diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h
index c090d4e6aa..003f3160ab 100644
--- a/lib/gnutls_cipher.h
+++ b/lib/gnutls_cipher.h
@@ -18,11 +18,11 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
-int _gnutls_encrypt( gnutls_session session, const char* headers, int headers_size, const char* data, size_t data_size,
- uint8* ciphertext, int ciphertext_size, ContentType type, int random_pad);
+int _gnutls_encrypt( gnutls_session session, const char* headers, size_t headers_size, const char* data, size_t data_size,
+ opaque* ciphertext, size_t ciphertext_size, ContentType type, int random_pad);
int _gnutls_decrypt(gnutls_session session, char *ciphertext,
- size_t ciphertext_size, uint8 * data, int data_size,
+ size_t ciphertext_size, uint8 * data, size_t data_size,
ContentType type);
int _gnutls_compressed2ciphertext(gnutls_session session, opaque* cipher_data, int cipher_size, gnutls_datum compressed,
ContentType _type, int random_pad);
diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c
index daa3d639d2..82d46d53f7 100644
--- a/lib/gnutls_compress_int.c
+++ b/lib/gnutls_compress_int.c
@@ -103,6 +103,7 @@ int err;
break;
default:
+ break;
}
#endif
return ret;
@@ -124,6 +125,7 @@ int err;
break;
#endif
default:
+ break;
}
gnutls_free( handle->handle);
gnutls_free( handle);
@@ -136,7 +138,8 @@ int err;
/* These functions are memory consuming
*/
-int _gnutls_compress( GNUTLS_COMP_HANDLE handle, const char* plain, int plain_size, char** compressed, int max_comp_size)
+int _gnutls_compress( GNUTLS_COMP_HANDLE handle, const char* plain, size_t plain_size,
+ char** compressed, size_t max_comp_size)
{
int compressed_size=GNUTLS_E_COMPRESSION_FAILED;
int err;
@@ -215,7 +218,7 @@ int err;
_gnutls_log("Compression ratio: %f\n", (float)((float)compressed_size / (float)plain_size));
#endif
- if (compressed_size > max_comp_size) {
+ if ((size_t)compressed_size > max_comp_size) {
gnutls_free(*compressed);
return GNUTLS_E_COMPRESSION_FAILED;
}
@@ -225,8 +228,8 @@ int err;
-int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, int compressed_size,
- char** plain, int max_record_size)
+int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, size_t compressed_size,
+ char** plain, size_t max_record_size)
{
int plain_size=GNUTLS_E_DECOMPRESSION_FAILED, err;
int cur_pos;
@@ -324,7 +327,7 @@ int cur_pos;
return GNUTLS_E_INTERNAL_ERROR;
} /* switch */
- if (plain_size > max_record_size) {
+ if ((size_t)plain_size > max_record_size) {
gnutls_assert();
gnutls_free( *plain);
return GNUTLS_E_DECOMPRESSION_FAILED;
diff --git a/lib/gnutls_compress_int.h b/lib/gnutls_compress_int.h
index a5ac2e302a..010e53553d 100644
--- a/lib/gnutls_compress_int.h
+++ b/lib/gnutls_compress_int.h
@@ -35,7 +35,7 @@ typedef struct GNUTLS_COMP_HANDLE_STRUCT {
GNUTLS_COMP_HANDLE _gnutls_comp_init( gnutls_compression_method, int d);
void _gnutls_comp_deinit(GNUTLS_COMP_HANDLE handle, int d);
-int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, int compressed_size, char** plain, int max_record_size);
-int _gnutls_compress( GNUTLS_COMP_HANDLE, const char* plain, int plain_size, char** compressed, int max_comp_size);
+int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, size_t compressed_size, char** plain, size_t max_record_size);
+int _gnutls_compress( GNUTLS_COMP_HANDLE, const char* plain, size_t plain_size, char** compressed, size_t max_comp_size);
#endif
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index 3b7290da27..549acb0bc6 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -165,11 +165,12 @@ int ret = 0;
}
/* allocate space for data */
- content.size = _gnutls_session_size( session);
- if (content.size < 0) {
+ ret = _gnutls_session_size( session);
+ if (ret < 0) {
gnutls_assert();
- return content.size;
+ return ret;
}
+ content.size = ret;
content.data = gnutls_malloc( content.size);
if (content.data==NULL) {
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index c9a84b5a69..2dea0cd3c8 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -258,8 +258,8 @@ _gnutls_dh_params _gnutls_dh_default_params[] = {
, 0}
};
-const
-static _gnutls_dh_params _gnutls_dh_copy_params[] = {
+static const
+ _gnutls_dh_params _gnutls_dh_copy_params[] = {
{768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)}
, {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024}
, 0}
@@ -289,7 +289,7 @@ static _gnutls_dh_params _gnutls_dh_copy_params[] = {
* number of bits. Ie a number of bits that we have a prime in the
* dh_primes structure.
*/
-static int supported_bits[] = { 768, 1024, 2048, 3072, 4096, 0 };
+static const int supported_bits[] = { 768, 1024, 2048, 3072, 4096, 0 };
static int normalize_bits(int bits)
{
if (bits >= 4096)
diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h
index 16ab105a20..8a1d564009 100644
--- a/lib/gnutls_extensions.h
+++ b/lib/gnutls_extensions.h
@@ -29,6 +29,6 @@ int _gnutls_gen_extensions( gnutls_session session, opaque** data);
typedef struct {
const char *name;
uint16 type;
- int (*gnutls_ext_func_recv)( gnutls_session, const opaque*, int); /* recv data */
- int (*gnutls_ext_func_send)( gnutls_session, opaque*, int); /* send data */
+ int (*gnutls_ext_func_recv)( gnutls_session, const opaque*, size_t); /* recv data */
+ int (*gnutls_ext_func_send)( gnutls_session, opaque*, size_t); /* send data */
} gnutls_extension_entry;
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index f45dccd5f8..e1aa31cb3b 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -64,7 +64,7 @@ void gnutls_global_set_log_function( GNUTLS_LOG_FUNC log_func) {
/* default logging function */
static void dlog( const char* str) {
#ifdef DEBUG
- fprintf( stderr, "%s", str);
+ fputs( str, stderr);
#endif
}
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index b5d9fac045..c0f2fb03ea 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -365,7 +365,8 @@ int _gnutls_read_client_hello(gnutls_session session, opaque * data,
*/
inline static int
_gnutls_handshake_hash_pending( gnutls_session session) {
-int siz, ret;
+size_t siz;
+int ret;
char * data;
if (session->internals.handshake_mac_handle_sha==NULL ||
@@ -788,7 +789,7 @@ static int _gnutls_recv_handshake_header(gnutls_session session,
int ret;
uint32 length32 = 0;
uint8 *dataptr = NULL; /* for realloc */
- int handshake_header_size = HANDSHAKE_HEADER_SIZE;
+ size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
/* if we have data into the buffer then return them, do not read the next packet.
* In order to return we need a full TLS handshake header, or in case of a version 2
@@ -855,7 +856,7 @@ static int _gnutls_recv_handshake_header(gnutls_session session,
0) ? ret :
GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
}
- if (ret !=
+ if ((size_t)ret !=
HANDSHAKE_HEADER_SIZE -
session->internals.handshake_header_buffer.
header_size) {
@@ -2004,6 +2005,7 @@ int gnutls_handshake_client(gnutls_session session)
STATE = STATE0;
default:
+ break;
}
@@ -2058,6 +2060,7 @@ static int _gnutls_send_handshake_final(gnutls_session session, int init)
STATE = STATE0;
default:
+ break;
}
return 0;
@@ -2112,6 +2115,7 @@ static int _gnutls_recv_handshake_final(gnutls_session session, int init)
}
STATE = STATE0;
default:
+ break;
}
@@ -2227,6 +2231,7 @@ int gnutls_handshake_server(gnutls_session session)
STATE = STATE0; /* finished thus clear session */
default:
+ break;
}
return 0;
diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c
index 9adec856f8..446ef71669 100644
--- a/lib/gnutls_hash_int.c
+++ b/lib/gnutls_hash_int.c
@@ -100,7 +100,7 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm)
}
-int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, int textlen)
+int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen)
{
if (textlen > 0)
#ifdef USE_MHASH
@@ -251,7 +251,7 @@ int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm)
}
-int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void *text, int textlen)
+int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void *text, size_t textlen)
{
#ifdef USE_MHASH
diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h
index df526ab0aa..fa59828ee5 100644
--- a/lib/gnutls_hash_int.h
+++ b/lib/gnutls_hash_int.h
@@ -47,7 +47,7 @@ typedef GNUTLS_MAC_HANDLE GNUTLS_HASH_HANDLE;
GNUTLS_MAC_HANDLE _gnutls_hmac_init( gnutls_mac_algorithm algorithm, const void* key, int keylen);
int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm);
-int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void* text, int textlen);
+int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void* text, size_t textlen);
void _gnutls_hmac_deinit( GNUTLS_MAC_HANDLE handle, void* digest);
GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3( gnutls_mac_algorithm algorithm, void* key, int keylen);
@@ -55,7 +55,7 @@ void _gnutls_mac_deinit_ssl3( GNUTLS_MAC_HANDLE handle, void* digest);
GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm);
int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm);
-int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, int textlen);
+int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, size_t textlen);
void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void* digest);
int _gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes, opaque* ret);
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5e39d81c75..2d126cd888 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -86,8 +86,8 @@ typedef int gnutls_transport_ptr;
/* the maximum size of encrypted packets */
#define DEFAULT_MAX_RECORD_SIZE 16384
#define RECORD_HEADER_SIZE 5
-#define MAX_RECORD_SEND_SIZE session->security_parameters.max_record_send_size
-#define MAX_RECORD_RECV_SIZE session->security_parameters.max_record_recv_size
+#define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
+#define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size
#define MAX_PAD_SIZE 255
#define EXTRA_COMP_SIZE 2048
#define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE
@@ -136,7 +136,7 @@ typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_S
typedef struct {
opaque * data;
- int size;
+ unsigned int size;
} gnutls_datum;
typedef gnutls_datum gnutls_sdatum;
@@ -388,8 +388,8 @@ typedef struct {
typedef struct {
- int priority[MAX_ALGOS];
- int algorithms;
+ unsigned int priority[MAX_ALGOS];
+ unsigned int algorithms;
} GNUTLS_Priority;
typedef int certificate_client_select_func(struct gnutls_session_int*, const gnutls_datum *, int, const gnutls_datum *, int);
@@ -399,9 +399,9 @@ typedef int srp_server_select_func(struct gnutls_session_int*, char**, char**, i
typedef struct {
opaque header[HANDSHAKE_HEADER_SIZE];
/* this holds the number of bytes in the handshake_header[] */
- int header_size;
+ size_t header_size;
/* this holds the length of the handshake packet */
- int packet_length;
+ size_t packet_length;
HandshakeType recv_type;
} HANDSHAKE_HEADER_BUFFER;
@@ -512,9 +512,9 @@ typedef struct {
* use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
* to access it.
*/
- int dh_prime_bits;
-
- int max_handshake_data_buffer_size;
+ uint16 dh_prime_bits;
+
+ size_t max_handshake_data_buffer_size;
/* PUSH & PULL functions.
*/
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 340e82f19e..9b02527331 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -39,7 +39,7 @@ int (*_gnutls_is_secure_memory)(const void*) = _gnutls_is_secure_mem_null;
void *_gnutls_calloc(size_t nmemb, size_t size)
{
void *ret;
- ret = gnutls_malloc(size);
+ ret = gnutls_malloc(size*nmemb);
if (ret == NULL)
return ret;
@@ -51,7 +51,7 @@ void *_gnutls_calloc(size_t nmemb, size_t size)
svoid *gnutls_secure_calloc(size_t nmemb, size_t size)
{
svoid *ret;
- ret = gnutls_secure_malloc(size);
+ ret = gnutls_secure_malloc(size*nmemb);
if (ret == NULL)
return ret;
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 53af12d312..73ce3f9fef 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -43,10 +43,11 @@ static int _gnutls_pk_decrypt(int algo, GNUTLS_MPI * resarr, GNUTLS_MPI data, GN
*/
int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
gnutls_datum plaintext, GNUTLS_MPI* params,
- int params_len,
- int btype)
+ uint params_len,
+ uint btype)
{
- int i, ret, pad;
+ unsigned int i, pad;
+ int ret;
GNUTLS_MPI m, res;
opaque *edata, *ps;
size_t k, psize;
@@ -167,10 +168,11 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
* Can decrypt block type 1 and type 2 packets.
*/
int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext,
- gnutls_datum ciphertext, GNUTLS_MPI* params, int params_len,
- int btype)
+ gnutls_datum ciphertext, GNUTLS_MPI* params, uint params_len,
+ uint btype)
{
- int k, i, ret;
+ uint k, i;
+ int ret;
GNUTLS_MPI c, res;
opaque *edata;
size_t esize, mod_bits;
@@ -375,7 +377,7 @@ size_t tot_len = 0;
/* Do DSA signature calculation. params is p, q, g, y, x in that order.
*/
int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *hash,
- GNUTLS_MPI * params, int params_len)
+ GNUTLS_MPI * params, uint params_len)
{
GNUTLS_MPI rs[2], mdata;
int ret;
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index 814800971f..30483992ad 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -2,11 +2,11 @@
# define GNUTLS_PK_H
int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
- MPI * params, int params_len, int btype);
+ MPI * params, uint params_len, uint btype);
int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *plaintext,
- MPI *params, int params_len);
+ MPI *params, uint params_len);
int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext,
- MPI * params, int params_len, int btype);
+ MPI * params, uint params_len, uint btype);
int _gnutls_rsa_verify( const gnutls_datum* vdata, const gnutls_datum *ciphertext,
MPI* params, int params_len, int btype);
int _gnutls_dsa_verify( const gnutls_datum* vdata, const gnutls_datum *sig_value,
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index e337cccca1..87c3ce1622 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -224,7 +224,7 @@ static int _gnutls_session_is_valid( gnutls_session session) {
static
ssize_t _gnutls_create_empty_record( gnutls_session session, ContentType type,
- opaque* erecord, int erecord_size)
+ opaque* erecord, unsigned int erecord_size)
{
int cipher_size;
int retval;
@@ -804,7 +804,7 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType
_gnutls_record_log( "REC: ChangeCipherSpec Packet was received\n");
- if (tmplen!=sizeofdata) { /* sizeofdata should be 1 */
+ if ((size_t)tmplen!=sizeofdata) { /* sizeofdata should be 1 */
gnutls_assert();
gnutls_afree(tmpdata);
return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index 48336c1eba..0676181b99 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -325,7 +325,8 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e,
GNUTLS_MPI rsa_params[RSA_PRIVATE_PARAMS];
size_t siz;
- int i, ret;
+ uint i;
+ int ret;
if (check_bits(bits) < 0) {
gnutls_assert();
diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c
index e59a4a3f21..1c1ade4c20 100644
--- a/lib/gnutls_session_pack.c
+++ b/lib/gnutls_session_pack.c
@@ -178,7 +178,7 @@ int _gnutls_session_unpack(gnutls_session session,
{
uint32 pack_size;
int ret;
- uint32 timestamp = time(0);
+ time_t timestamp = time(0);
SecurityParameters sp;
if (packed_session==NULL || packed_session->size == 0) {
@@ -325,7 +325,7 @@ int _gnutls_session_unpack(gnutls_session session,
int _gnutls_pack_certificate_auth_info( CERTIFICATE_AUTH_INFO info,
gnutls_datum * packed_session)
{
- uint32 pos, i;
+ unsigned int pos, i;
int info_size;
packed_session->size = _gnutls_pack_certificate_auth_info_size( info);
@@ -359,7 +359,7 @@ int _gnutls_pack_certificate_auth_info( CERTIFICATE_AUTH_INFO info,
static int _gnutls_pack_certificate_auth_info_size( CERTIFICATE_AUTH_INFO info)
{
uint32 pack_size = sizeof(CERTIFICATE_AUTH_INFO_INT);
- int i;
+ unsigned int i;
if (info == NULL)
return sizeof(uint32) + PACK_HEADER_SIZE;
@@ -375,7 +375,8 @@ static int _gnutls_pack_certificate_auth_info_size( CERTIFICATE_AUTH_INFO info)
int _gnutls_unpack_certificate_auth_info(CERTIFICATE_AUTH_INFO info,
const gnutls_datum * packed_session)
{
-int ret, i, pos, j;
+unsigned int i,j, pos;
+int ret;
uint32 size;
memcpy(info,
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 3e0d4d1f9e..0f0213c659 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -258,10 +258,10 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *hash_co
/* Verifies a TLS signature (like the one in the client certificate
- * verify message). ubuffer_size is a buffer to remove from the hash buffer
- * in order to avoid hashing the last message.
+ * verify message).
*/
-int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size) {
+int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature)
+{
int ret;
opaque concat[36];
GNUTLS_MAC_HANDLE td_md5;
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index 8e2d568b77..7026c4a778 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -6,7 +6,7 @@ gnutls_certificate_status gnutls_x509_verify_signature(gnutls_cert* cert, gnutls
int _gnutls_pkcs1_rsa_generate_sig( gnutls_cert* cert, gnutls_private_key *pkey, const gnutls_datum* hash_concat, gnutls_datum *signature);
int _gnutls_generate_sig_from_hdata( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature);
int _gnutls_generate_sig_params( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum* params, gnutls_datum *signature);
-int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size);
+int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature);
int _gnutls_verify_sig_params( gnutls_session session, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum* signature);
#endif
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index e26780baec..80bc7bfa0c 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -102,7 +102,7 @@ gnutls_compression_method gnutls_compression_get( gnutls_session session) {
}
int _gnutls_session_cert_type_supported( gnutls_session session, gnutls_certificate_type cert_type) {
-int i;
+uint i;
if (session->internals.cert_type_priority.algorithms==0 && cert_type ==
DEFAULT_CERT_TYPE) return 0;
diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c
index c5471375ce..b3437c5347 100644
--- a/lib/gnutls_ui.c
+++ b/lib/gnutls_ui.c
@@ -280,7 +280,7 @@ int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* dat
GNUTLS_HASH_HANDLE td;
int hash_len = _gnutls_hash_get_algo_len(algo);
- if (hash_len > *result_size || hash_len < 0) {
+ if (hash_len < 0 || (size_t)hash_len > *result_size) {
*result_size = hash_len;
return GNUTLS_E_INVALID_REQUEST;
}
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index fdeac41dc6..b305f677a5 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -84,7 +84,7 @@ int gnutls_x509_certificate_to_xml(const gnutls_datum * cert, gnutls_datum* res,
int gnutls_x509_extract_dn( const gnutls_datum*, gnutls_x509_dn*);
int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*);
-int gnutls_x509_extract_certificate_dn_string(char *buf, int sizeof_buf,
+int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf,
const gnutls_datum * cert, int issuer);
int gnutls_x509_extract_certificate_issuer_dn( const gnutls_datum*, gnutls_x509_dn *);
int gnutls_x509_extract_certificate_version( const gnutls_datum*);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 14e1091226..34dab84c1e 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -72,7 +72,7 @@ static oid2string OID2STR[] = {
{"1 2 840 113549 1 1 5", "sha1WithRSAEncryption", 0, 0},
{"1 2 840 10040 4 3", "id-dsa-with-sha1", 0, 0},
{"1 2 840 10040 4 1", "id-dsa", 0, 0},
- {NULL}
+ {NULL, NULL, 0, 0}
};
/* Returns 1 if the data defined by the OID are printable.
@@ -605,7 +605,7 @@ int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert,
char ext_data[256];
int len;
char num[MAX_INT_DIGITS];
- GNUTLS_X509_SUBJECT_ALT_NAME type;
+ gnutls_x509_subject_alt_name type;
memset(ret, 0, *ret_size);
@@ -662,7 +662,7 @@ int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert,
type = _find_type( ext_data);
- if (type == -1) {
+ if (type == (gnutls_x509_subject_alt_name)-1) {
gnutls_assert();
return GNUTLS_E_X509_UNKNOWN_SAN;
}
@@ -826,7 +826,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session)
{
CERTIFICATE_AUTH_INFO info;
const gnutls_certificate_credentials cred;
- gnutls_certificate_status verify;
+ int verify;
gnutls_cert *peer_certificate_list;
int peer_certificate_list_size, i, x, ret;
@@ -934,7 +934,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session)
**/
int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length)
{
- gnutls_certificate_status verify;
+ int verify;
gnutls_cert *peer_certificate_list;
gnutls_cert *ca_certificate_list;
int peer_certificate_list_size, i, x, ret, ca_certificate_list_size;
@@ -1690,7 +1690,8 @@ int gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials res, con
static int generate_rdn_seq( gnutls_certificate_credentials res) {
gnutls_datum tmp;
-int ret, size, i;
+int ret;
+uint size, i;
opaque *pdata;
/* Generate the RDN sequence
@@ -2841,7 +2842,7 @@ time_t _gnutls_x509_generalTime2gtime(char *ttime)
* Returns GNUTLS_E_INVALID_REQUEST if the provided buffer is not long enough.
*
**/
-int gnutls_x509_extract_certificate_dn_string(char *buf, int sizeof_buf,
+int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf,
const gnutls_datum * cert, int issuer)
{
gnutls_x509_dn dn;
diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h
index d846aa6adc..ccf2afb276 100644
--- a/lib/gnutls_x509.h
+++ b/lib/gnutls_x509.h
@@ -34,3 +34,5 @@ int _gnutls_x509_oid_data2string( const char* OID, void* value,
const char* _gnutls_x509_oid2string( const char* OID);
int _gnutls_x509_oid_data_printable( const char* OID);
+int gnutls_x509_extract_certificate_subject_alt_name( const gnutls_datum*, int seq, char*, int*);
+int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*);
diff --git a/lib/rfc2818_hostname.c b/lib/rfc2818_hostname.c
index a3e11a14b2..ad3acd27dc 100644
--- a/lib/rfc2818_hostname.c
+++ b/lib/rfc2818_hostname.c
@@ -33,7 +33,7 @@ static int hostname_compare(const char *certname, const char *hostname);
* the given hostname. This is a basic implementation of the matching described
* in RFC2818 (HTTPS).
*
- * Returns 1 on success, and 0 on failure.
+ * Returns non zero on success, and zero on failure.
*
**/
int gnutls_x509_check_certificates_hostname(const gnutls_datum * cert,
@@ -43,7 +43,7 @@ int gnutls_x509_check_certificates_hostname(const gnutls_datum * cert,
char dnsname[GNUTLS_X509_CN_SIZE];
int dnsnamesize;
int found_dnsname = 0;
- int ret;
+ int ret = 0;
gnutls_DN dn;
int i = 0;
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index e87e67123d..3144ae3dda 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -25,10 +25,11 @@
#include "gnutls_int.h"
#include "gnutls_errors.h"
#include <gnutls_datum.h>
+#include <x509_b64.h>
-const static uint8 b64table[64] =
+static const uint8 b64table[64] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-const static uint8 asciitable[128] = {
+static const uint8 asciitable[128] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -135,9 +136,10 @@ inline static int decode(uint8 * result, const uint8 * data)
/* encodes data and puts the result into result (localy alocated)
* The result_size is the return value
*/
-int _gnutls_base64_encode(const uint8 * data, int data_size, uint8 ** result)
+int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result)
{
- int i, ret, tmp, j;
+ unsigned int i, j;
+ int ret, tmp;
char tmpres[4];
ret = data_size % 3;
@@ -327,9 +329,10 @@ int size, res;
/* decodes data and puts the result into result (localy alocated)
* The result_size is the return value
*/
-int _gnutls_base64_decode(const uint8 * data, int data_size, uint8 ** result)
+int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result)
{
- int i, ret, tmp, j;
+ unsigned int i, j;
+ int ret, tmp;
uint8 tmpres[3];
data_size /= 4;
@@ -380,7 +383,7 @@ inline static int cpydata(const uint8 * data, int data_size, uint8 ** result)
* The result_size is the return value
*/
#define ENDSTR "-----\n"
-int _gnutls_fbase64_decode( const char* header, const uint8 * data, int data_size,
+int _gnutls_fbase64_decode( const opaque* header, const opaque * data, size_t data_size,
uint8 ** result)
{
int ret;
diff --git a/lib/x509_b64.h b/lib/x509_b64.h
index 6ec73459c7..6c7b014707 100644
--- a/lib/x509_b64.h
+++ b/lib/x509_b64.h
@@ -1,6 +1,6 @@
-int _gnutls_base64_encode(uint8 * data, int data_size, uint8 ** result);
+int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result);
int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
uint8 ** result);
-int _gnutls_base64_decode(const char* header, uint8 * data, int data_size, uint8 ** result);
-int _gnutls_fbase64_decode( const char* header, const uint8 * data, int data_size,
+int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result);
+int _gnutls_fbase64_decode( const opaque* header, const uint8 * data, size_t data_size,
uint8 ** result);
diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c
index 83c745c60d..a83af0833d 100644
--- a/lib/x509_sig_check.c
+++ b/lib/x509_sig_check.c
@@ -107,7 +107,7 @@ int len;
return _gnutls_asn2err(result);
}
- *hash = -1;
+ *hash = (gnutls_mac_algorithm)-1;
if ( strcmp(str, "1 2 840 113549 2 5")==0) { /* MD5 */
*hash = GNUTLS_MAC_MD5;
@@ -116,7 +116,7 @@ int len;
*hash = GNUTLS_MAC_SHA;
}
- if (*hash==-1) {
+ if (*hash==(gnutls_mac_algorithm)-1) {
_gnutls_x509_log( "X509_SIG: HASH OID: %s\n", str);
diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c
index c211c0e788..0c5dc34d91 100644
--- a/libextra/auth_srp.c
+++ b/libextra/auth_srp.c
@@ -35,8 +35,8 @@
int gen_srp_server_kx2(gnutls_session, opaque **);
int gen_srp_client_kx0(gnutls_session, opaque **);
-int proc_srp_server_kx2(gnutls_session, opaque *, int);
-int proc_srp_client_kx0(gnutls_session, opaque *, int);
+int proc_srp_server_kx2(gnutls_session, opaque *, size_t);
+int proc_srp_client_kx0(gnutls_session, opaque *, size_t);
const MOD_AUTH_STRUCT srp_auth_struct = {
"SRP",
@@ -72,15 +72,16 @@ const MOD_AUTH_STRUCT srp_auth_struct = {
/* Send the first key exchange message ( g, n, s) and append the verifier algorithm number
* Data is allocated by the caller, and should have data_size size.
*/
-int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size)
+int gen_srp_server_hello(gnutls_session state, opaque * data, size_t _data_size)
{
size_t n_g, n_n, n_s;
- size_t ret;
+ int ret;
uint8 *data_n, *data_s;
uint8 *data_g, *username;
GNUTLS_SRP_PWD_ENTRY *pwd_entry;
int err;
SRP_SERVER_AUTH_INFO info;
+ ssize_t data_size = _data_size;
if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_SRP, sizeof( SRP_SERVER_AUTH_INFO_INT), 1)) < 0) {
gnutls_assert();
@@ -127,7 +128,7 @@ int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size)
_gnutls_mpi_set(N, pwd_entry->n);
_gnutls_mpi_set(V, pwd_entry->v);
- if (data_size < n_n + n_g + pwd_entry->salt_size + 5) {
+ if ((size_t)data_size < n_n + n_g + pwd_entry->salt_size + 5) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
@@ -285,7 +286,7 @@ int gen_srp_client_kx0(gnutls_session state, opaque ** data)
}
/* receive the first key exchange message ( g, n, s) */
-int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_size)
+int proc_srp_server_hello(gnutls_session state, const opaque * data, size_t _data_size)
{
uint8 n_s;
uint16 n_g, n_n;
@@ -295,8 +296,9 @@ int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_si
const uint8 *data_s;
int i, ret;
opaque hd[SRP_MAX_HASH_SIZE];
- char *username;
- char *password;
+ char *username, *password;
+ ssize_t data_size = _data_size;
+
const gnutls_srp_client_credentials cred =
_gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_SRP, NULL);
@@ -370,9 +372,10 @@ int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_si
}
/* just read A and put it to state */
-int proc_srp_client_kx0(gnutls_session state, opaque * data, int data_size)
+int proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _data_size)
{
size_t _n_A;
+ ssize_t data_size = _data_size;
DECR_LEN( data_size, 2);
_n_A = _gnutls_read_uint16( &data[0]);
@@ -387,9 +390,10 @@ int proc_srp_client_kx0(gnutls_session state, opaque * data, int data_size)
}
-int proc_srp_server_kx2(gnutls_session state, opaque * data, int data_size)
+int proc_srp_server_kx2(gnutls_session state, opaque * data, size_t _data_size)
{
size_t _n_B;
+ ssize_t data_size = _data_size;
int ret;
DECR_LEN( data_size, 2);
diff --git a/libextra/auth_srp.h b/libextra/auth_srp.h
index baa7dc3eb3..988e24f5ef 100644
--- a/libextra/auth_srp.h
+++ b/libextra/auth_srp.h
@@ -23,8 +23,8 @@ typedef struct SRP_SERVER_AUTH_INFO_INT {
#ifdef ENABLE_SRP
-int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_size);
-int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size);
+int proc_srp_server_hello(gnutls_session state, const opaque * data, size_t data_size);
+int gen_srp_server_hello(gnutls_session state, opaque * data, size_t data_size);
typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT;
diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c
index a39bbd44ba..98915a1b94 100644
--- a/libextra/auth_srp_passwd.c
+++ b/libextra/auth_srp_passwd.c
@@ -38,7 +38,7 @@
/* this function parses tpasswd.conf file. Format is:
* string(username):base64(v):base64(salt):int(index)
*/
-static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) {
+static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str) {
char * p;
int len, ret;
opaque *verifier;
@@ -124,7 +124,8 @@ int indx;
/* this function parses tpasswd.conf file. Format is:
* int(index):base64(n):int(g)
*/
-static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) {
+static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str)
+{
char * p;
int len;
opaque * tmp;
@@ -198,7 +199,7 @@ size_t tmp_size;
static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, int index) {
FILE * fd;
char line[2*1024];
- int i;
+ uint i;
char indexstr[10];
sprintf( indexstr, "%d", index); /* Flawfinder: ignore */
@@ -216,7 +217,7 @@ static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, i
i++;
}
if (strncmp( indexstr, line, strlen(indexstr)) == 0) {
- if ((index = pwd_put_values2( entry, line, strlen(line))) >= 0)
+ if ((index = pwd_put_values2( entry, line)) >= 0)
return 0;
else {
return GNUTLS_E_PWD_ERROR;
@@ -232,7 +233,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us
const gnutls_srp_server_credentials cred;
FILE * fd;
char line[2*1024];
- int i, len;
+ uint i, len;
GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY));
int index;
int pwd_index = 0;
@@ -286,7 +287,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us
}
len = strlen(username);
if (strncmp( username, line, (i>len)?i:len) == 0) {
- if ((index = pwd_put_values( entry, line, strlen(line))) >= 0)
+ if ((index = pwd_put_values( entry, line)) >= 0)
if (pwd_read_conf( cred->password_conf_file[pwd_index], entry, index)==0) {
return entry;
} else {
diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h
index 1918b4356c..cb9ef01b28 100644
--- a/libextra/auth_srp_passwd.h
+++ b/libextra/auth_srp_passwd.h
@@ -15,7 +15,7 @@ typedef struct {
GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int* err);
void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry);
GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void);
-int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result);
-int _gnutls_sbase64_decode(uint8 * data, int data_size, uint8 ** result);
+int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result);
+int _gnutls_sbase64_decode(uint8 * data, size_t data_size, uint8 ** result);
#endif /* ENABLE_SRP */
diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c
index f3b90fb550..7941dc33ce 100644
--- a/libextra/auth_srp_sb64.c
+++ b/libextra/auth_srp_sb64.c
@@ -25,10 +25,10 @@
/* this a modified base64 for srp !!!
* It seems that everybody makes it's own base64 convertion.
*/
-const static uint8 b64table[64] =
+static const uint8 b64table[64] =
"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
-const static uint8 asciitable[128] = {
+static const uint8 asciitable[128] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
@@ -132,9 +132,10 @@ inline static int encode(uint8 * result, const uint8 * rdata, int left)
/* encodes data and puts the result into result (localy alocated)
* The result_size is the return value
*/
-int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result)
+int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result)
{
- int ret, tmp, j, i;
+ uint i,j;
+ int ret, tmp;
char tmpres[4];
int mod = data_size % 3;
@@ -217,9 +218,10 @@ inline static int decode(uint8 * result, const uint8 * data)
* That function does not ignore newlines tabs etc. You should remove them
* before calling it.
*/
-int _gnutls_sbase64_decode(uint8 * data, int idata_size, uint8 ** result)
+int _gnutls_sbase64_decode(uint8 * data, size_t idata_size, uint8 ** result)
{
- int i, ret, j, left;
+ uint i,j;
+ int ret, left;
int data_size, tmp;
uint8 datrev[4];
uint8 tmpres[3];
diff --git a/libextra/crypt.c b/libextra/crypt.c
index 4680e048f8..0d8ad19ad8 100644
--- a/libextra/crypt.c
+++ b/libextra/crypt.c
@@ -24,6 +24,7 @@
#include "crypt_srpsha1.h"
#include "gnutls_random.h"
+#include <crypt.h>
char * _gnutls_srp_crypt(const char* username, const char *passwd, int salt, GNUTLS_MPI g, GNUTLS_MPI n) {
diff --git a/libextra/crypt_srpsha1.c b/libextra/crypt_srpsha1.c
index f09dff5a14..25cf2399fa 100644
--- a/libextra/crypt_srpsha1.c
+++ b/libextra/crypt_srpsha1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2001 Nikos Mavroyanopoulos
+ * Copyright (C) 2001,2002 Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
@@ -27,6 +27,7 @@
#include "auth_srp_passwd.h"
#include "gnutls_srp.h"
#include <gnutls_errors.h>
+#include <crypt_srpsha1.h>
/*
* x = SHA(<salt> | SHA(<username> | ":" | <raw password>))
@@ -40,16 +41,16 @@ char *_gnutls_crypt_srpsha1(const char *username, const char *passwd,
const char *salt, GNUTLS_MPI g, GNUTLS_MPI n)
{
unsigned char *sp, *spe, r1[MAX_HASH_SIZE];
- int salt_size = strlen(salt);
+ uint salt_size, passwd_len;
unsigned char *local_salt, *v;
- int passwd_len;
GNUTLS_HASH_HANDLE h1;
int vsize, hash_len = _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA);
opaque *tmp;
uint8 *rtext, *csalt;
- int rsalt_size, tmpsize;
+ int tmpsize, rsalt_size;
size_t len;
+ salt_size = strlen(salt);
passwd_len = strlen(passwd); /* we do not want the null */
h1 = _gnutls_hash_init(GNUTLS_MAC_SHA);
diff --git a/libextra/ext_srp.c b/libextra/ext_srp.c
index 96cd773f21..03637693d6 100644
--- a/libextra/ext_srp.c
+++ b/libextra/ext_srp.c
@@ -19,6 +19,7 @@
*/
#include "gnutls_int.h"
+#include <ext_srp.h>
#ifdef ENABLE_SRP
@@ -27,8 +28,9 @@
#include "gnutls_errors.h"
#include "gnutls_algorithms.h"
-int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_size) {
+int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, size_t _data_size) {
uint8 len;
+ ssize_t data_size = _data_size;
if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) {
/* algorithm was not allowed in this state
@@ -62,8 +64,8 @@ int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_
/* returns data_size or a negative number on failure
* data is allocated localy
*/
-int _gnutls_srp_send_params( gnutls_session state, opaque* data, int data_size) {
- uint8 len;
+int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t data_size) {
+ uint len;
if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) {
/* algorithm was not allowed in this state
@@ -78,7 +80,7 @@ int _gnutls_srp_send_params( gnutls_session state, opaque* data, int data_size)
if (cred==NULL) return 0;
if (cred->username!=NULL) { /* send username */
- len = strlen(cred->username);
+ len = strlen(cred->username) % 256;
if (data_size < len+1) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
diff --git a/libextra/ext_srp.h b/libextra/ext_srp.h
index 2b555937ca..63c85eac9a 100644
--- a/libextra/ext_srp.h
+++ b/libextra/ext_srp.h
@@ -1,6 +1,6 @@
#ifdef ENABLE_SRP
-int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_size);
-int _gnutls_srp_send_params( gnutls_session state, opaque* data, int);
+int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, size_t data_size);
+int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t);
#endif
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index fecfefc6cc..b4004c8dec 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1392,7 +1392,8 @@ gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid,
char buffer[4096];
int fd = -1;
int rc = 0, state = 0;
- ssize_t nbytes = 0, n = 0;
+ size_t nbytes = 0;
+ ssize_t n = 0;
if ( !host || !key )
return GNUTLS_E_INVALID_PARAMETERS;