diff options
63 files changed, 320 insertions, 261 deletions
@@ -2,6 +2,8 @@ Version 0.5.10 - Updated documentation. - Added server name extension. This allows clients to specify the name of the server they connect to. Useful to HTTPS. +- Several corrections in the code base, mostly in signed/unsigned, + checkings. Version 0.5.9 (10/10/2002) - Corrected some code which worked fine in gcc 3.2, but not with any diff --git a/configure.in b/configure.in index 3078ee1223..640df0f923 100644 --- a/configure.in +++ b/configure.in @@ -116,7 +116,7 @@ affect compiling.]) if test $ac_cv_c_compiler_gnu != no; then if test x$opt_developer_mode = xyes; then - CFLAGS="${CFLAGS} -Wall -Wpointer-arith -Wstrict-prototypes" # -Werror + CFLAGS="${CFLAGS} -Wall -Wcast-align -W -Wpointer-arith -Wchar-subscripts -Wformat-security -Wmissing-braces -Wsign-compare -Winline -Wstrict-prototypes" else CFLAGS="${CFLAGS} -O2 -finline-functions" fi @@ -172,6 +172,10 @@ AC_CHECK_TYPES(ptrdiff_t,,, [ # include <sys/types.h> ]) +AC_CHECK_TYPES(uint,,, [ +# include <sys/types.h> +]) + AC_CHECK_TYPE(size_t, DEFINE_SIZE_T="#include <sys/types.h>" AC_SUBST( DEFINE_SIZE_T) diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 8875f2ff50..ab02231faa 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -38,8 +38,8 @@ int gen_anon_server_kx( gnutls_session, opaque**); int gen_anon_client_kx( gnutls_session, opaque**); -int proc_anon_server_kx( gnutls_session, opaque*, int); -int proc_anon_client_kx( gnutls_session, opaque*, int); +int proc_anon_server_kx( gnutls_session, opaque*, size_t); +int proc_anon_client_kx( gnutls_session, opaque*, size_t); const MOD_AUTH_STRUCT anon_auth_struct = { "ANON", @@ -194,13 +194,14 @@ int ret; return n_X+2; } -int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) { +int proc_anon_server_kx( gnutls_session session, opaque* data, size_t _data_size) { uint16 n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p; uint8 *data_p; uint8 *data_g; uint8 *data_Y; - int i, ret; + int i, ret, bits; + ssize_t data_size = _data_size; i = 0; DECR_LEN( data_size, 2); @@ -255,7 +256,13 @@ int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) { return ret; } - if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( session)) { + bits = _gnutls_dh_get_prime_bits( session); + if (bits < 0) { + gnutls_assert(); + return bits; + } + + if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < (size_t)bits) { /* the prime used by the peer is not acceptable */ gnutls_assert(); @@ -280,12 +287,14 @@ int proc_anon_server_kx( gnutls_session session, opaque* data, int data_size) { return 0; } -int proc_anon_client_kx( gnutls_session session, opaque* data, int data_size) { +int proc_anon_client_kx( gnutls_session session, opaque* data, size_t _data_size) +{ uint16 n_Y; size_t _n_Y; GNUTLS_MPI g, p; int bits, ret; const gnutls_anon_server_credentials cred; + ssize_t data_size = _data_size; cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_ANON, NULL); if (cred == NULL) { diff --git a/lib/auth_cert.c b/lib/auth_cert.c index eb9a9bb3d1..552abce866 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -46,6 +46,9 @@ #include <gnutls_extra.h> #include "debug.h" +static int _gnutls_server_find_cert_list_index(gnutls_session session, + gnutls_pk_algorithm requested_algo); + /* Copies data from a internal certificate struct (gnutls_cert) to * exported certificate struct (CERTIFICATE_AUTH_INFO) */ @@ -165,14 +168,15 @@ inline * given DN. If indx == -1 then no certificate was found. */ static int _find_x509_cert(const gnutls_certificate_credentials cred, - opaque * _data, int _data_size, + opaque * _data, size_t _data_size, gnutls_pk_algorithm * pk_algos, int pk_algos_length, int *indx) { - int size; + uint size; gnutls_datum odn; opaque *data = _data; - int data_size = _data_size, i, j; + ssize_t data_size = _data_size; + uint i, j; int result; *indx = -1; @@ -221,9 +225,6 @@ static int _find_x509_cert(const gnutls_certificate_credentials cred, break; /* move to next record */ - if (data_size <= 0) - break; - data += size; } while (1); @@ -238,7 +239,7 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred, gnutls_pk_algorithm * pk_algos, int pk_algos_length, int *indx) { - int i, j; + uint i, j; *indx = -1; @@ -274,16 +275,17 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred, */ static int _gnutls_find_acceptable_client_cert(gnutls_session session, opaque * _data, - int _data_size, int *ind, + size_t _data_size, int *ind, gnutls_pk_algorithm * pk_algos, int pk_algos_length) { int result, size; int indx = -1; - int i, j, try = 0, *ij_map = NULL; + uint i, j; + int try = 0, *ij_map = NULL; const gnutls_certificate_credentials cred; opaque *data = _data; - int data_size = _data_size; + ssize_t data_size = _data_size; cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, @@ -334,9 +336,9 @@ static int _gnutls_find_acceptable_client_cert(gnutls_session session, if (indx == -1 && session->internals.client_cert_callback != NULL && cred->ncerts > 0) { /* use a callback to get certificate */ gnutls_datum *my_certs = NULL; gnutls_datum *issuers_dn = NULL; - int issuers_dn_len = 0; + uint issuers_dn_len = 0; opaque* dataptr = data; - int dataptr_size = data_size; + ssize_t dataptr_size = data_size; /* Count the number of the given issuers; * This is used to allocate the issuers_dn without @@ -661,13 +663,13 @@ int _gnutls_gen_cert_server_certificate(gnutls_session session, opaque ** data) #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_free_cert(peer_certificate_list[x]) int _gnutls_proc_x509_server_certificate(gnutls_session session, opaque * data, - int data_size) + size_t data_size) { int size, len, ret; opaque *p = data; CERTIFICATE_AUTH_INFO info; const gnutls_certificate_credentials cred; - int dsize = data_size; + ssize_t dsize = data_size; int i, j, x; gnutls_cert *peer_certificate_list; int peer_certificate_list_size = 0; @@ -795,13 +797,13 @@ int _gnutls_proc_x509_server_certificate(gnutls_session session, opaque * data, #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_free_cert(peer_certificate_list[x]) int _gnutls_proc_openpgp_server_certificate(gnutls_session session, - opaque * data, int data_size) + opaque * data, size_t data_size) { int size, ret, len; opaque *p = data; CERTIFICATE_AUTH_INFO info; const gnutls_certificate_credentials cred; - int dsize = data_size; + ssize_t dsize = data_size; int i, x; gnutls_cert *peer_certificate_list; int peer_certificate_list_size = 0; @@ -962,7 +964,7 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session, } int _gnutls_proc_cert_server_certificate(gnutls_session session, opaque * data, - int data_size) + size_t data_size) { switch (session->security_parameters.cert_type) { case GNUTLS_CRT_OPENPGP: @@ -999,13 +1001,13 @@ int _gnutls_check_supported_sign_algo(CertificateSigType algo) } int _gnutls_proc_cert_cert_req(gnutls_session session, opaque * data, - int data_size) + size_t data_size) { int size, ret; opaque *p = data; const gnutls_certificate_credentials cred; CERTIFICATE_AUTH_INFO info; - int dsize = data_size; + ssize_t dsize = data_size; int i, j, ind; gnutls_pk_algorithm pk_algos[MAX_SIGN_ALGOS]; int pk_algos_length; @@ -1129,10 +1131,10 @@ int _gnutls_gen_cert_client_cert_vrfy(gnutls_session session, opaque ** data) } int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, opaque * data, - int data_size) + size_t data_size) { int size, ret; - int dsize = data_size; + ssize_t dsize = data_size; opaque *pdata = data; gnutls_datum sig; CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(session); @@ -1182,9 +1184,7 @@ int _gnutls_proc_cert_client_cert_vrfy(gnutls_session session, opaque * data, } if ((ret = - _gnutls_verify_sig_hdata(session, &peer_cert, &sig, - data_size + HANDSHAKE_HEADER_SIZE)) < - 0) { + _gnutls_verify_sig_hdata(session, &peer_cert, &sig)) < 0) { gnutls_assert(); _gnutls_free_cert(peer_cert); return ret; @@ -1339,8 +1339,6 @@ const gnutls_cert *_gnutls_server_find_cert(gnutls_session session, return NULL; i = _gnutls_server_find_cert_list_index(session, - x509_cred->cert_list, - x509_cred->ncerts, requested_algo); if (i < 0) @@ -1355,12 +1353,11 @@ const gnutls_cert *_gnutls_server_find_cert(gnutls_session session, * requested_algo holds the parameters required by the peer (RSA, DSA * or -1 for any). */ -int _gnutls_server_find_cert_list_index(gnutls_session session, - gnutls_cert ** cert_list, - int cert_list_length, +static int _gnutls_server_find_cert_list_index(gnutls_session session, gnutls_pk_algorithm requested_algo) { - int i, index = -1, j; + uint i, j; + int index = -1; const gnutls_certificate_credentials cred; int my_certs_length; int *ij_map = NULL; @@ -1377,7 +1374,7 @@ int _gnutls_server_find_cert_list_index(gnutls_session session, for (i = 0; i < cred->ncerts; i++) { /* find one compatible certificate */ - if (requested_algo == -1 || + if (requested_algo == (gnutls_pk_algorithm)-1 || requested_algo == cred->cert_list[i][0].subject_pk_algorithm) { /* if cert type matches */ @@ -1406,7 +1403,7 @@ int _gnutls_server_find_cert_list_index(gnutls_session session, j = 0; for (i = 0; i < cred->ncerts; i++) { /* Add compatible certificates */ - if (requested_algo == -1 || + if (requested_algo == (gnutls_pk_algorithm)-1 || requested_algo == cred->cert_list[i][0].subject_pk_algorithm) { diff --git a/lib/auth_cert.h b/lib/auth_cert.h index adeb6a8c1c..347cb95c1d 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -16,11 +16,11 @@ typedef struct { * (if more than one, one certificate certifies the one before) * [1] certificate2, certificate22, ... */ - int * cert_list_length; + uint * cert_list_length; /* contains the number of the certificates in a * row (should be 1 for OpenPGP keys). */ - int ncerts; /* contains the number of columns in cert_list. + uint ncerts; /* contains the number of columns in cert_list. * This is the same with the number of pkeys. */ @@ -41,7 +41,7 @@ typedef struct { /* X509 specific stuff */ gnutls_cert * x509_ca_list; - int x509_ncas; /* number of CAs in the ca_list + uint x509_ncas; /* number of CAs in the ca_list */ /* holds a sequence of the @@ -67,7 +67,7 @@ typedef struct CERTIFICATE_AUTH_INFO_INT { gnutls_datum* raw_certificate_list; /* holds the raw certificate of the * peer. */ - int ncerts; /* holds the size of the list above */ + unsigned int ncerts; /* holds the size of the list above */ } *CERTIFICATE_AUTH_INFO; typedef struct CERTIFICATE_AUTH_INFO_INT CERTIFICATE_AUTH_INFO_INT; @@ -77,13 +77,12 @@ int _gnutls_gen_cert_server_certificate(gnutls_session, opaque **); int _gnutls_gen_cert_client_certificate(gnutls_session, opaque **); int _gnutls_gen_cert_client_cert_vrfy(gnutls_session, opaque **); int _gnutls_gen_cert_server_cert_req(gnutls_session, opaque **); -int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, int); -int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, int); -int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, int); +int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, size_t); +int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, size_t); +int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, size_t); int _gnutls_find_apr_cert( gnutls_session session, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_private_key** apr_pkey); int _gnutls_find_dn( gnutls_datum* odn, gnutls_cert* cert); const gnutls_cert* _gnutls_server_find_cert( struct gnutls_session_int*, gnutls_pk_algorithm); -int _gnutls_server_find_cert_list_index( struct gnutls_session_int*, gnutls_cert ** cert_list, int cert_list_length, gnutls_pk_algorithm); #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index d169469c7f..f8fc0cf510 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -38,8 +38,8 @@ static int gen_dhe_server_kx(gnutls_session, opaque **); static int gen_dhe_client_kx(gnutls_session, opaque **); -static int proc_dhe_server_kx(gnutls_session, opaque *, int); -static int proc_dhe_client_kx(gnutls_session, opaque *, int); +static int proc_dhe_server_kx(gnutls_session, opaque *, size_t); +static int proc_dhe_client_kx(gnutls_session, opaque *, size_t); const MOD_AUTH_STRUCT dhe_rsa_auth_struct = { "DHE_RSA", @@ -286,7 +286,7 @@ static int gen_dhe_client_kx(gnutls_session session, opaque ** data) OPENPGP_CERT2GNUTLS_CERT _E_gnutls_openpgp_cert2gnutls_cert = NULL; static int proc_dhe_server_kx(gnutls_session session, opaque * data, - int data_size) + size_t _data_size) { uint16 n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p; @@ -295,8 +295,9 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data, uint8 *data_Y; int i, sigsize; gnutls_datum vparams, signature; - int ret; + int ret, bits; CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); + ssize_t data_size = _data_size; gnutls_cert peer_cert; if (info == NULL || info->ncerts==0) { @@ -364,7 +365,12 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data, return ret; } - if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < _gnutls_dh_get_prime_bits( session)) { + bits = _gnutls_dh_get_prime_bits( session); + if (bits < 0) { + gnutls_assert(); + return bits; + } + if ( _gnutls_mpi_get_nbits( session->gnutls_key->client_p) < (size_t)bits) { /* the prime used by the peer is not acceptable */ gnutls_assert(); @@ -433,12 +439,13 @@ static int proc_dhe_server_kx(gnutls_session session, opaque * data, } static int proc_dhe_client_kx(gnutls_session session, opaque * data, - int data_size) + size_t _data_size) { uint16 n_Y; size_t _n_Y; GNUTLS_MPI g, p; int bits, ret; + ssize_t data_size = _data_size; const gnutls_certificate_credentials cred; cred = _gnutls_get_cred(session->gnutls_key, GNUTLS_CRD_CERTIFICATE, NULL); diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index bd1a7fda00..86f3c8006d 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -42,7 +42,7 @@ #include <gnutls_extra.h> int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **); -int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, int); +int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, size_t); const MOD_AUTH_STRUCT rsa_auth_struct = { "RSA", @@ -211,13 +211,14 @@ const gnutls_certificate_credentials cred; return GNUTLS_E_MEMORY_ERROR; \ } -int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, int data_size) +int _gnutls_proc_rsa_client_kx(gnutls_session session, opaque * data, size_t _data_size) { gnutls_sdatum plaintext; gnutls_datum ciphertext; int ret, dsize; GNUTLS_MPI *params; int params_len; + ssize_t data_size = _data_size; if (gnutls_protocol_get_version(session) == GNUTLS_SSL3) { /* SSL 3.0 */ diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 52bda95ae2..64c551ba96 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -44,9 +44,9 @@ #include <gnutls_state.h> int _gnutls_gen_rsa_client_kx(gnutls_session, opaque **); -int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, int); +int _gnutls_proc_rsa_client_kx(gnutls_session, opaque *, size_t); static int gen_rsa_export_server_kx(gnutls_session, opaque **); -static int proc_rsa_export_server_kx(gnutls_session, opaque *, int); +static int proc_rsa_export_server_kx(gnutls_session, opaque *, size_t); const MOD_AUTH_STRUCT rsa_export_auth_struct = { "RSA EXPORT", @@ -239,7 +239,7 @@ CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info( session); } static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, - int data_size) + size_t _data_size) { uint16 n_m, n_e; size_t _n_m, _n_e; @@ -248,6 +248,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, int i, sigsize; gnutls_datum vparams, signature; int ret; + ssize_t data_size = _data_size; CERTIFICATE_AUTH_INFO info; gnutls_cert peer_cert; diff --git a/lib/defines.h b/lib/defines.h index bd418f1fdd..de24ba48a1 100644 --- a/lib/defines.h +++ b/lib/defines.h @@ -93,6 +93,11 @@ typedef long ptrdiff_t; # define USE_MCRYPT #endif +#ifndef HAVE_UINT +typedef unsigned int uint; +typedef signed int sint; +#endif + #if SIZEOF_UNSIGNED_LONG == 8 # define HAVE_UINT64 /* only used native uint64 in 64 bit machines */ diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index b86615d4c7..26a2252f1e 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -39,10 +39,11 @@ * */ -int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, int data_size) +int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, size_t _data_size) { int new_type = -1, ret, i; - + ssize_t data_size = _data_size; + if (session->security_parameters.entity == GNUTLS_CLIENT) { if (data_size > 0) { if ( data_size != 1) { @@ -108,8 +109,8 @@ int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, i /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, int data_size) { - uint16 len, i; +int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, size_t data_size) { + uint len, i; /* this function sends the client extension data (dnsname) */ if (session->security_parameters.entity == GNUTLS_CLIENT) { diff --git a/lib/ext_cert_type.h b/lib/ext_cert_type.h index d6b0fc4d25..f7520cdab2 100644 --- a/lib/ext_cert_type.h +++ b/lib/ext_cert_type.h @@ -3,5 +3,5 @@ */ int _gnutls_num2cert_type( int num); int _gnutls_cert_type2num( int record_size); -int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, int data_size); -int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, int); +int _gnutls_cert_type_recv_params( gnutls_session session, const opaque* data, size_t data_size); +int _gnutls_cert_type_send_params( gnutls_session session, opaque* data, size_t); diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c index 9338fcb585..a340a6ff12 100644 --- a/lib/ext_max_record.c +++ b/lib/ext_max_record.c @@ -37,8 +37,9 @@ * */ -int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, int data_size) { +int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, size_t _data_size) { ssize_t new_size; + ssize_t data_size = _data_size; if (session->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) { @@ -83,7 +84,7 @@ int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_max_record_send_params( gnutls_session session, opaque* data, int data_size) { +int _gnutls_max_record_send_params( gnutls_session session, opaque* data, size_t data_size) { uint16 len; /* this function sends the client extension data (dnsname) */ if (session->security_parameters.entity == GNUTLS_CLIENT) { diff --git a/lib/ext_max_record.h b/lib/ext_max_record.h index 77392a50f6..f804915ab3 100644 --- a/lib/ext_max_record.h +++ b/lib/ext_max_record.h @@ -3,5 +3,5 @@ */ int _gnutls_mre_num2record( int num); int _gnutls_mre_record2num( uint16 record_size); -int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, int data_size); -int _gnutls_max_record_send_params( gnutls_session session, opaque* data, int); +int _gnutls_max_record_recv_params( gnutls_session session, const opaque* data, size_t data_size); +int _gnutls_max_record_send_params( gnutls_session session, opaque* data, size_t); diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index 7beb5434fe..1bafbb1374 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -254,7 +254,6 @@ int gnutls_set_server_name(gnutls_session session, gnutls_server_name_type type, const void *name, int name_length) { - const char *dnsname; int server_names; if (session->security_parameters.entity == GNUTLS_SERVER) diff --git a/lib/ext_server_name.h b/lib/ext_server_name.h index 61ba1f3606..6d9c476000 100644 --- a/lib/ext_server_name.h +++ b/lib/ext_server_name.h @@ -1,5 +1,5 @@ -int _gnutls_server_name_recv_params( gnutls_session session, const opaque* data, int data_size); -int _gnutls_server_name_send_params( gnutls_session session, opaque* data, int); +int _gnutls_server_name_recv_params( gnutls_session session, const opaque* data, size_t data_size); +int _gnutls_server_name_send_params( gnutls_session session, opaque* data, size_t); int gnutls_get_server_name(gnutls_session session, void* data, int* data_length, int *type, int index); diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 99a133130f..eded9cb695 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -121,7 +121,7 @@ typedef struct gnutls_rsa_params_int* gnutls_rsa_params; typedef struct { unsigned char * data; - int size; + unsigned int size; } gnutls_datum; /* internal functions */ @@ -137,7 +137,7 @@ int gnutls_rehandshake( gnutls_session session); gnutls_alert_description gnutls_alert_get( gnutls_session session); int gnutls_alert_send( gnutls_session, gnutls_alert_level, gnutls_alert_description); int gnutls_alert_send_appropriate( gnutls_session session, int err); -const char* gnutls_alert_get_name( int alert); +const char* gnutls_alert_get_name( gnutls_alert_description alert); /* get information on the current session */ gnutls_cipher_algorithm gnutls_cipher_get( gnutls_session session); diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index deb93f20e4..10e6eafa6b 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -26,7 +26,7 @@ #include <debug.h> typedef struct { - AlertDescription alert; + gnutls_alert_description alert; const char *desc; } gnutls_alert_entry; @@ -72,7 +72,7 @@ static const gnutls_alert_entry sup_alerts[] = { * See. gnutls_alert_get(). * **/ -const char* gnutls_alert_get_name( int alert) { +const char* gnutls_alert_get_name( gnutls_alert_level alert) { const char* ret = NULL; GNUTLS_ALERT_ID_LOOP( ret = p->desc); @@ -93,7 +93,7 @@ const char* ret = NULL; * Returns 0 on success. * **/ -int gnutls_alert_send( gnutls_session session, GNUTLS_AlertLevel level, GNUTLS_AlertDescription desc) +int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc) { uint8 data[2]; int ret; @@ -238,7 +238,7 @@ int level; * The peer may send alerts if he thinks some things were not * right. Check gnutls.h for the available alert descriptions. **/ -GNUTLS_AlertDescription gnutls_alert_get( gnutls_session session) { +gnutls_alert_description gnutls_alert_get( gnutls_session session) { return session->internals.last_alert; } diff --git a/lib/gnutls_alert.h b/lib/gnutls_alert.h index ad9b747467..e0599cc31d 100644 --- a/lib/gnutls_alert.h +++ b/lib/gnutls_alert.h @@ -1,6 +1,5 @@ -typedef enum AlertLevel { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL -} AlertLevel; -#define GNUTLS_AlertLevel AlertLevel +typedef enum gnutls_alert_level { GNUTLS_AL_WARNING=1, GNUTLS_AL_FATAL +} gnutls_alert_level; typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSAGE=10, @@ -15,8 +14,7 @@ typedef enum AlertDescription { GNUTLS_A_PROTOCOL_VERSION=70, GNUTLS_A_INSUFFICIENT_SECURITY, GNUTLS_A_INTERNAL_ERROR=80, GNUTLS_A_USER_CANCELED=90, GNUTLS_A_NO_RENEGOTIATION=100 -} AlertDescription; -#define GNUTLS_AlertDescription AlertDescription +} gnutls_alert_description; -AlertDescription gnutls_alert_get( gnutls_session session); -int gnutls_alert_send( gnutls_session session, AlertLevel level, AlertDescription desc); +gnutls_alert_description gnutls_alert_get( gnutls_session session); +int gnutls_alert_send( gnutls_session session, gnutls_alert_level level, gnutls_alert_description desc); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 64f7f988e3..da131c584c 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -77,10 +77,10 @@ static const gnutls_version_entry sup_versions[] = { struct gnutls_cipher_entry { const char *name; gnutls_cipher_algorithm id; - size_t blocksize; - size_t keysize; + uint16 blocksize; + uint16 keysize; CipherType block; - size_t iv; + uint16 iv; int export_flag; /* 0 non export */ }; typedef struct gnutls_cipher_entry gnutls_cipher_entry; @@ -399,7 +399,7 @@ int _gnutls_mac_get_digest_size(gnutls_mac_algorithm algorithm) inline int _gnutls_mac_priority(gnutls_session session, gnutls_mac_algorithm algorithm) { /* actually returns the priority */ - int i; + unsigned int i; for (i = 0; i < session->internals.mac_algorithm_priority.algorithms; i++) { @@ -431,7 +431,7 @@ const char *gnutls_mac_get_name( gnutls_mac_algorithm algorithm) int _gnutls_mac_is_ok(gnutls_mac_algorithm algorithm) { - size_t ret = -1; + ssize_t ret = -1; GNUTLS_HASH_ALG_LOOP(ret = p->id); if (ret >= 0) ret = 0; @@ -445,7 +445,7 @@ inline int _gnutls_compression_priority(gnutls_session session, gnutls_compression_method algorithm) { /* actually returns the priority */ - int i; + unsigned int i; for (i = 0; i < session->internals.compression_method_priority.algorithms; @@ -527,7 +527,7 @@ gnutls_compression_method _gnutls_compression_get_id(int num) int _gnutls_compression_is_ok(gnutls_compression_method algorithm) { - size_t ret = -1; + ssize_t ret = -1; GNUTLS_COMPRESSION_ALG_LOOP(ret = p->id); if (ret >= 0) ret = 0; @@ -552,7 +552,7 @@ inline int _gnutls_cipher_priority(gnutls_session session, gnutls_cipher_algorithm algorithm) { - int i; + unsigned int i; for (i = 0; i < session->internals. @@ -626,7 +626,7 @@ const char *gnutls_cipher_get_name( gnutls_cipher_algorithm algorithm) int _gnutls_cipher_is_ok(gnutls_cipher_algorithm algorithm) { - size_t ret = -1; + ssize_t ret = -1; GNUTLS_ALG_LOOP(ret = p->id); if (ret >= 0) ret = 0; @@ -647,7 +647,7 @@ MOD_AUTH_STRUCT *_gnutls_kx_auth_struct(gnutls_kx_algorithm algorithm) inline int _gnutls_kx_priority(gnutls_session session, gnutls_kx_algorithm algorithm) { - int i; + unsigned int i; for (i = 0; i < session->internals.kx_algorithm_priority.algorithms; i++) { @@ -677,7 +677,7 @@ const char *gnutls_kx_get_name( gnutls_kx_algorithm algorithm) int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm) { - size_t ret = -1; + ssize_t ret = -1; GNUTLS_KX_ALG_LOOP(ret = p->algorithm); if (ret >= 0) ret = 0; @@ -690,7 +690,7 @@ int _gnutls_kx_is_ok(gnutls_kx_algorithm algorithm) int _gnutls_version_priority(gnutls_session session, gnutls_protocol_version version) { /* actually returns the priority */ - int i; + unsigned int i; if (session->internals.protocol_priority.priority==NULL) { gnutls_assert(); @@ -711,7 +711,7 @@ int _gnutls_version_priority(gnutls_session session, gnutls_protocol_version _gnutls_version_lowest(gnutls_session session) { /* returns the lowest version supported */ - int i, min = 0xff; + unsigned int i, min = 0xff; if (session->internals.protocol_priority.priority==NULL) { return GNUTLS_VERSION_UNKNOWN; @@ -728,7 +728,7 @@ gnutls_protocol_version _gnutls_version_lowest(gnutls_session session) gnutls_protocol_version _gnutls_version_max(gnutls_session session) { /* returns the maximum version supported */ - int i, max=0x00; + unsigned int i, max=0x00; if (session->internals.protocol_priority.priority==NULL) { return GNUTLS_VERSION_UNKNOWN; @@ -926,9 +926,9 @@ inline uint8 *base = _base; uint8 tmp[MAX_ELEM_SIZE]; uint8 ptmp[MAX_ELEM_SIZE]; - int pivot; - int i, j; - int full; + unsigned int pivot; + unsigned int i, j; + unsigned int full; i = pivot = 0; j = full = (nmemb - 1) * size; @@ -961,9 +961,9 @@ static void _gnutls_qsort(gnutls_session session, void *_base, size_t nmemb, size_t size, int (*compar) (gnutls_session, const void *, const void *)) { - int pivot; + unsigned int pivot; char *base = _base; - int snmemb = nmemb; + size_t snmemb = nmemb; #ifdef DEBUG if (size > MAX_ELEM_SIZE) { @@ -1031,7 +1031,7 @@ _gnutls_bsort(gnutls_session session, void *_base, size_t nmemb, size_t size, int (*compar) (gnutls_session, const void *, const void *)) { - int i, j; + unsigned int i, j; int full = nmemb * size; char *base = _base; char tmp[MAX_ELEM_SIZE]; @@ -1053,7 +1053,7 @@ _gnutls_supported_ciphersuites_sorted(gnutls_session session, { #ifdef SORT_DEBUG - int i; + unsigned int i; #endif int count; @@ -1088,8 +1088,8 @@ _gnutls_supported_ciphersuites(gnutls_session session, GNUTLS_CipherSuite ** _ciphers) { - int i, ret_count, j; - int count = CIPHER_SUITES_COUNT; + unsigned int i, ret_count, j; + unsigned int count = CIPHER_SUITES_COUNT; GNUTLS_CipherSuite *tmp_ciphers; GNUTLS_CipherSuite* ciphers; gnutls_protocol_version version; @@ -1192,7 +1192,8 @@ _gnutls_supported_ciphersuites(gnutls_session session, int _gnutls_supported_compression_methods(gnutls_session session, uint8 ** comp) { - int i, tmp, j=0; + unsigned int i, j=0; + int tmp; *comp = gnutls_malloc( sizeof(uint8) * SUPPORTED_COMPRESSION_METHODS); if (*comp == NULL) diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index d3e3a036de..058afd9001 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -209,7 +209,7 @@ void _gnutls_free_auth_info( gnutls_session session) { break; case GNUTLS_CRD_CERTIFICATE: { - int i; + unsigned int i; CERTIFICATE_AUTH_INFO info = _gnutls_get_auth_info(session); diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index 21d3acb6ea..bde3fbc008 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -12,14 +12,14 @@ typedef struct MOD_AUTH_STRUCT_INT { int (*gnutls_generate_client_cert_vrfy) ( gnutls_session, opaque**); int (*gnutls_generate_server_certificate_request) ( gnutls_session, opaque**); - int (*gnutls_process_server_certificate)( gnutls_session, opaque*, int); - int (*gnutls_process_client_certificate)( gnutls_session, opaque*, int); - int (*gnutls_process_server_kx)( gnutls_session, opaque*, int); - int (*gnutls_process_server_kx2)( gnutls_session, opaque*, int); - int (*gnutls_process_client_kx0)( gnutls_session, opaque*, int); - int (*gnutls_process_client_kx)( gnutls_session, opaque*, int); - int (*gnutls_process_client_cert_vrfy) ( gnutls_session, opaque*, int); - int (*gnutls_process_server_certificate_request) ( gnutls_session, opaque*, int); + int (*gnutls_process_server_certificate)( gnutls_session, opaque*, size_t); + int (*gnutls_process_client_certificate)( gnutls_session, opaque*, size_t); + int (*gnutls_process_server_kx)( gnutls_session, opaque*, size_t); + int (*gnutls_process_server_kx2)( gnutls_session, opaque*, size_t); + int (*gnutls_process_client_kx0)( gnutls_session, opaque*, size_t); + int (*gnutls_process_client_kx)( gnutls_session, opaque*, size_t); + int (*gnutls_process_client_cert_vrfy) ( gnutls_session, opaque*, size_t); + int (*gnutls_process_server_certificate_request) ( gnutls_session, opaque*, size_t); } MOD_AUTH_STRUCT; #endif diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index 63c8a40ba9..910dcf3ed3 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -72,7 +72,7 @@ static int RET( int err) { /* Buffers received packets of type APPLICATION DATA and * HANDSHAKE DATA. */ -int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, int length) +int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, size_t length) { if (length==0) return 0; switch( type) { @@ -136,9 +136,9 @@ size_t gnutls_record_check_pending(gnutls_session session) { return _gnutls_record_buffer_get_size(GNUTLS_APPLICATION_DATA, session); } -int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, int length) +int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, size_t length) { - if (length < 0 || data==NULL) { + if (length==0 || data==NULL) { gnutls_assert(); return GNUTLS_E_INVALID_PARAMETERS; } @@ -323,7 +323,8 @@ void _gnutls_io_clear_read_buffer( gnutls_session session) { ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t sizeOfPtr, ContentType recv_type) { ssize_t ret=0, ret2=0; - int min, buf_pos; + size_t min; + int buf_pos; char *buf; int recvlowat = RCVLOWAT; int recvdata, alloc_size; @@ -331,7 +332,8 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t *iptr = session->internals.record_recv_buffer.data; if ( sizeOfPtr > MAX_RECV_SIZE || sizeOfPtr == 0 - || (session->internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) { + || (session->internals.record_recv_buffer.size+sizeOfPtr) > MAX_RECV_SIZE) + { gnutls_assert(); /* internal error */ return GNUTLS_E_INVALID_PARAMETERS; } @@ -441,7 +443,7 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t ret = session->internals.record_recv_buffer.size; - if ((ret > 0) && (ret < sizeOfPtr)) { + if ((ret > 0) && ((size_t)ret < sizeOfPtr)) { /* Short Read */ gnutls_assert(); return GNUTLS_E_AGAIN; @@ -456,12 +458,12 @@ ssize_t _gnutls_io_read_buffered( gnutls_session session, opaque **iptr, size_t * the data left to sent, in order to send them later. */ -#define MEMSUB(x,y) (x-y) +#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y)) inline -static int _gnutls_buffer_insert( gnutls_datum * buffer, const opaque* _data, int data_size) { +static int _gnutls_buffer_insert( gnutls_datum * buffer, const opaque* _data, size_t data_size) { - if ( ( MEMSUB(_data, buffer->data) >= 0) && (MEMSUB(_data, buffer->data) < buffer->size) ) { + if ( ( MEMSUB(_data, buffer->data) >= 0) && (MEMSUB(_data, buffer->data) < (ssize_t)buffer->size) ) { /* the given _data is part of the buffer. */ if (data_size > buffer->size) { @@ -883,7 +885,7 @@ ssize_t _gnutls_handshake_io_recv_int( gnutls_session session, ContentType type, * for finished messages to use them. Used in HMAC calculation * and finished messages. */ -int _gnutls_handshake_buffer_put( gnutls_session session, char *data, int length) +int _gnutls_handshake_buffer_put( gnutls_session session, char *data, size_t length) { if (length==0) return 0; @@ -915,7 +917,7 @@ int _gnutls_handshake_buffer_get_size( gnutls_session session) /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int length) +int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, size_t length) { if (length > session->internals.handshake_hash_buffer.size) { length = session->internals.handshake_hash_buffer.size; @@ -930,7 +932,7 @@ int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int lengt /* this function does not touch the buffer * and returns data from it (peek mode!) */ -int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, int *length) +int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, size_t *length) { if (length!=NULL) *length = session->internals.handshake_hash_buffer.size; diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index 8481e9f659..dbbd10c326 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -18,9 +18,9 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, int length); +int _gnutls_record_buffer_put(ContentType type, gnutls_session session, char *data, size_t length); int _gnutls_record_buffer_get_size(ContentType type, gnutls_session session); -int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, int length); +int _gnutls_record_buffer_get(ContentType type, gnutls_session session, char *data, size_t length); ssize_t _gnutls_io_read_buffered( gnutls_session, opaque **iptr, size_t n, ContentType); void _gnutls_io_clear_read_buffer( gnutls_session); int _gnutls_io_clear_peeked_data( gnutls_session session); @@ -30,11 +30,11 @@ ssize_t _gnutls_io_write_buffered2( gnutls_session, const void *iptr, size_t n, const void* iptr2, size_t n2); int _gnutls_handshake_buffer_get_size( gnutls_session session); -int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, int length); -int _gnutls_handshake_buffer_put( gnutls_session session, char *data, int length); +int _gnutls_handshake_buffer_peek( gnutls_session session, char *data, size_t length); +int _gnutls_handshake_buffer_put( gnutls_session session, char *data, size_t length); int _gnutls_handshake_buffer_clear( gnutls_session session); int _gnutls_handshake_buffer_empty( gnutls_session session); -int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, int *length); +int _gnutls_handshake_buffer_get_ptr( gnutls_session session, char **data_ptr, size_t *length); #define _gnutls_handshake_io_buffer_clear( session) \ gnutls_free( session->internals.handshake_send_buffer.data); \ diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 3666d1562b..b2ed6aff0f 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -108,7 +108,7 @@ void _gnutls_free_cert(gnutls_cert cert) **/ void gnutls_certificate_free_credentials(gnutls_certificate_credentials sc) { - int i, j; + uint i, j; for (i = 0; i < sc->ncerts; i++) { for (j = 0; j < sc->cert_list_length[i]; j++) { @@ -329,7 +329,7 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; const gnutls_certificate_credentials cred; - gnutls_certificate_status verify; + int verify; int peer_certificate_list_size; CHECK_AUTH(GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST); diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index c07477b1d7..4a338756bd 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -60,9 +60,9 @@ is_read_comp_null( gnutls_session session) { * * If random pad != 0 then the random pad data will be appended. */ -int _gnutls_encrypt(gnutls_session session, const char* headers, int headers_size, +int _gnutls_encrypt(gnutls_session session, const char* headers, size_t headers_size, const char *data, size_t data_size, - opaque * ciphertext, int ciphertext_size, ContentType type, int random_pad) + opaque * ciphertext, size_t ciphertext_size, ContentType type, int random_pad) { const gnutls_datum plain = { (opaque*) data, data_size }; gnutls_datum comp; @@ -104,7 +104,7 @@ int _gnutls_encrypt(gnutls_session session, const char* headers, int headers_siz int _gnutls_decrypt(gnutls_session session, char *ciphertext, - size_t ciphertext_size, uint8 * data, int data_size, + size_t ciphertext_size, uint8 * data, size_t data_size, ContentType type) { gnutls_datum gtxt; @@ -180,7 +180,7 @@ static void mac_deinit( GNUTLS_MAC_HANDLE td, opaque* res, int ver) { inline static int calc_enc_length( gnutls_session session, int data_size, int hash_size, uint8* pad, int random_pad, - CipherType block_algo, int blocksize) + CipherType block_algo, uint16 blocksize) { uint8 rand; int length; @@ -335,7 +335,8 @@ int _gnutls_ciphertext2compressed(gnutls_session session, uint64 seq_num; uint16 length; GNUTLS_MAC_HANDLE td; - int blocksize, ret, i; + uint16 blocksize; + int ret, i; uint8 major, minor; gnutls_protocol_version ver; int hash_size = _gnutls_mac_get_digest_size(session->security_parameters.read_mac_algorithm); diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h index c090d4e6aa..003f3160ab 100644 --- a/lib/gnutls_cipher.h +++ b/lib/gnutls_cipher.h @@ -18,11 +18,11 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -int _gnutls_encrypt( gnutls_session session, const char* headers, int headers_size, const char* data, size_t data_size, - uint8* ciphertext, int ciphertext_size, ContentType type, int random_pad); +int _gnutls_encrypt( gnutls_session session, const char* headers, size_t headers_size, const char* data, size_t data_size, + opaque* ciphertext, size_t ciphertext_size, ContentType type, int random_pad); int _gnutls_decrypt(gnutls_session session, char *ciphertext, - size_t ciphertext_size, uint8 * data, int data_size, + size_t ciphertext_size, uint8 * data, size_t data_size, ContentType type); int _gnutls_compressed2ciphertext(gnutls_session session, opaque* cipher_data, int cipher_size, gnutls_datum compressed, ContentType _type, int random_pad); diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c index daa3d639d2..82d46d53f7 100644 --- a/lib/gnutls_compress_int.c +++ b/lib/gnutls_compress_int.c @@ -103,6 +103,7 @@ int err; break; default: + break; } #endif return ret; @@ -124,6 +125,7 @@ int err; break; #endif default: + break; } gnutls_free( handle->handle); gnutls_free( handle); @@ -136,7 +138,8 @@ int err; /* These functions are memory consuming */ -int _gnutls_compress( GNUTLS_COMP_HANDLE handle, const char* plain, int plain_size, char** compressed, int max_comp_size) +int _gnutls_compress( GNUTLS_COMP_HANDLE handle, const char* plain, size_t plain_size, + char** compressed, size_t max_comp_size) { int compressed_size=GNUTLS_E_COMPRESSION_FAILED; int err; @@ -215,7 +218,7 @@ int err; _gnutls_log("Compression ratio: %f\n", (float)((float)compressed_size / (float)plain_size)); #endif - if (compressed_size > max_comp_size) { + if ((size_t)compressed_size > max_comp_size) { gnutls_free(*compressed); return GNUTLS_E_COMPRESSION_FAILED; } @@ -225,8 +228,8 @@ int err; -int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, int compressed_size, - char** plain, int max_record_size) +int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, size_t compressed_size, + char** plain, size_t max_record_size) { int plain_size=GNUTLS_E_DECOMPRESSION_FAILED, err; int cur_pos; @@ -324,7 +327,7 @@ int cur_pos; return GNUTLS_E_INTERNAL_ERROR; } /* switch */ - if (plain_size > max_record_size) { + if ((size_t)plain_size > max_record_size) { gnutls_assert(); gnutls_free( *plain); return GNUTLS_E_DECOMPRESSION_FAILED; diff --git a/lib/gnutls_compress_int.h b/lib/gnutls_compress_int.h index a5ac2e302a..010e53553d 100644 --- a/lib/gnutls_compress_int.h +++ b/lib/gnutls_compress_int.h @@ -35,7 +35,7 @@ typedef struct GNUTLS_COMP_HANDLE_STRUCT { GNUTLS_COMP_HANDLE _gnutls_comp_init( gnutls_compression_method, int d); void _gnutls_comp_deinit(GNUTLS_COMP_HANDLE handle, int d); -int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, int compressed_size, char** plain, int max_record_size); -int _gnutls_compress( GNUTLS_COMP_HANDLE, const char* plain, int plain_size, char** compressed, int max_comp_size); +int _gnutls_decompress( GNUTLS_COMP_HANDLE handle, char* compressed, size_t compressed_size, char** plain, size_t max_record_size); +int _gnutls_compress( GNUTLS_COMP_HANDLE, const char* plain, size_t plain_size, char** compressed, size_t max_comp_size); #endif diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index 3b7290da27..549acb0bc6 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -165,11 +165,12 @@ int ret = 0; } /* allocate space for data */ - content.size = _gnutls_session_size( session); - if (content.size < 0) { + ret = _gnutls_session_size( session); + if (ret < 0) { gnutls_assert(); - return content.size; + return ret; } + content.size = ret; content.data = gnutls_malloc( content.size); if (content.data==NULL) { diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index c9a84b5a69..2dea0cd3c8 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -258,8 +258,8 @@ _gnutls_dh_params _gnutls_dh_default_params[] = { , 0} }; -const -static _gnutls_dh_params _gnutls_dh_copy_params[] = { +static const + _gnutls_dh_params _gnutls_dh_copy_params[] = { {768, NULL, NULL, {DH_G_1024, sizeof(DH_G_1024)} , {diffie_hellman_prime_1024, sizeof diffie_hellman_prime_1024} , 0} @@ -289,7 +289,7 @@ static _gnutls_dh_params _gnutls_dh_copy_params[] = { * number of bits. Ie a number of bits that we have a prime in the * dh_primes structure. */ -static int supported_bits[] = { 768, 1024, 2048, 3072, 4096, 0 }; +static const int supported_bits[] = { 768, 1024, 2048, 3072, 4096, 0 }; static int normalize_bits(int bits) { if (bits >= 4096) diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h index 16ab105a20..8a1d564009 100644 --- a/lib/gnutls_extensions.h +++ b/lib/gnutls_extensions.h @@ -29,6 +29,6 @@ int _gnutls_gen_extensions( gnutls_session session, opaque** data); typedef struct { const char *name; uint16 type; - int (*gnutls_ext_func_recv)( gnutls_session, const opaque*, int); /* recv data */ - int (*gnutls_ext_func_send)( gnutls_session, opaque*, int); /* send data */ + int (*gnutls_ext_func_recv)( gnutls_session, const opaque*, size_t); /* recv data */ + int (*gnutls_ext_func_send)( gnutls_session, opaque*, size_t); /* send data */ } gnutls_extension_entry; diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index f45dccd5f8..e1aa31cb3b 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -64,7 +64,7 @@ void gnutls_global_set_log_function( GNUTLS_LOG_FUNC log_func) { /* default logging function */ static void dlog( const char* str) { #ifdef DEBUG - fprintf( stderr, "%s", str); + fputs( str, stderr); #endif } diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index b5d9fac045..c0f2fb03ea 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -365,7 +365,8 @@ int _gnutls_read_client_hello(gnutls_session session, opaque * data, */ inline static int _gnutls_handshake_hash_pending( gnutls_session session) { -int siz, ret; +size_t siz; +int ret; char * data; if (session->internals.handshake_mac_handle_sha==NULL || @@ -788,7 +789,7 @@ static int _gnutls_recv_handshake_header(gnutls_session session, int ret; uint32 length32 = 0; uint8 *dataptr = NULL; /* for realloc */ - int handshake_header_size = HANDSHAKE_HEADER_SIZE; + size_t handshake_header_size = HANDSHAKE_HEADER_SIZE; /* if we have data into the buffer then return them, do not read the next packet. * In order to return we need a full TLS handshake header, or in case of a version 2 @@ -855,7 +856,7 @@ static int _gnutls_recv_handshake_header(gnutls_session session, 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } - if (ret != + if ((size_t)ret != HANDSHAKE_HEADER_SIZE - session->internals.handshake_header_buffer. header_size) { @@ -2004,6 +2005,7 @@ int gnutls_handshake_client(gnutls_session session) STATE = STATE0; default: + break; } @@ -2058,6 +2060,7 @@ static int _gnutls_send_handshake_final(gnutls_session session, int init) STATE = STATE0; default: + break; } return 0; @@ -2112,6 +2115,7 @@ static int _gnutls_recv_handshake_final(gnutls_session session, int init) } STATE = STATE0; default: + break; } @@ -2227,6 +2231,7 @@ int gnutls_handshake_server(gnutls_session session) STATE = STATE0; /* finished thus clear session */ default: + break; } return 0; diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 9adec856f8..446ef71669 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -100,7 +100,7 @@ int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm) } -int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, int textlen) +int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void *text, size_t textlen) { if (textlen > 0) #ifdef USE_MHASH @@ -251,7 +251,7 @@ int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm) } -int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void *text, int textlen) +int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void *text, size_t textlen) { #ifdef USE_MHASH diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index df526ab0aa..fa59828ee5 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -47,7 +47,7 @@ typedef GNUTLS_MAC_HANDLE GNUTLS_HASH_HANDLE; GNUTLS_MAC_HANDLE _gnutls_hmac_init( gnutls_mac_algorithm algorithm, const void* key, int keylen); int _gnutls_hmac_get_algo_len(gnutls_mac_algorithm algorithm); -int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void* text, int textlen); +int _gnutls_hmac(GNUTLS_MAC_HANDLE handle, const void* text, size_t textlen); void _gnutls_hmac_deinit( GNUTLS_MAC_HANDLE handle, void* digest); GNUTLS_MAC_HANDLE _gnutls_mac_init_ssl3( gnutls_mac_algorithm algorithm, void* key, int keylen); @@ -55,7 +55,7 @@ void _gnutls_mac_deinit_ssl3( GNUTLS_MAC_HANDLE handle, void* digest); GNUTLS_HASH_HANDLE _gnutls_hash_init(gnutls_mac_algorithm algorithm); int _gnutls_hash_get_algo_len(gnutls_mac_algorithm algorithm); -int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, int textlen); +int _gnutls_hash(GNUTLS_HASH_HANDLE handle, const void* text, size_t textlen); void _gnutls_hash_deinit(GNUTLS_HASH_HANDLE handle, void* digest); int _gnutls_ssl3_generate_random(void *secret, int secret_len, void *random, int random_len, int bytes, opaque* ret); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5e39d81c75..2d126cd888 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -86,8 +86,8 @@ typedef int gnutls_transport_ptr; /* the maximum size of encrypted packets */ #define DEFAULT_MAX_RECORD_SIZE 16384 #define RECORD_HEADER_SIZE 5 -#define MAX_RECORD_SEND_SIZE session->security_parameters.max_record_send_size -#define MAX_RECORD_RECV_SIZE session->security_parameters.max_record_recv_size +#define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size +#define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size #define MAX_PAD_SIZE 255 #define EXTRA_COMP_SIZE 2048 #define MAX_RECORD_OVERHEAD MAX_PAD_SIZE+EXTRA_COMP_SIZE @@ -136,7 +136,7 @@ typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_S typedef struct { opaque * data; - int size; + unsigned int size; } gnutls_datum; typedef gnutls_datum gnutls_sdatum; @@ -388,8 +388,8 @@ typedef struct { typedef struct { - int priority[MAX_ALGOS]; - int algorithms; + unsigned int priority[MAX_ALGOS]; + unsigned int algorithms; } GNUTLS_Priority; typedef int certificate_client_select_func(struct gnutls_session_int*, const gnutls_datum *, int, const gnutls_datum *, int); @@ -399,9 +399,9 @@ typedef int srp_server_select_func(struct gnutls_session_int*, char**, char**, i typedef struct { opaque header[HANDSHAKE_HEADER_SIZE]; /* this holds the number of bytes in the handshake_header[] */ - int header_size; + size_t header_size; /* this holds the length of the handshake packet */ - int packet_length; + size_t packet_length; HandshakeType recv_type; } HANDSHAKE_HEADER_BUFFER; @@ -512,9 +512,9 @@ typedef struct { * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits() * to access it. */ - int dh_prime_bits; - - int max_handshake_data_buffer_size; + uint16 dh_prime_bits; + + size_t max_handshake_data_buffer_size; /* PUSH & PULL functions. */ diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c index 340e82f19e..9b02527331 100644 --- a/lib/gnutls_mem.c +++ b/lib/gnutls_mem.c @@ -39,7 +39,7 @@ int (*_gnutls_is_secure_memory)(const void*) = _gnutls_is_secure_mem_null; void *_gnutls_calloc(size_t nmemb, size_t size) { void *ret; - ret = gnutls_malloc(size); + ret = gnutls_malloc(size*nmemb); if (ret == NULL) return ret; @@ -51,7 +51,7 @@ void *_gnutls_calloc(size_t nmemb, size_t size) svoid *gnutls_secure_calloc(size_t nmemb, size_t size) { svoid *ret; - ret = gnutls_secure_malloc(size); + ret = gnutls_secure_malloc(size*nmemb); if (ret == NULL) return ret; diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 53af12d312..73ce3f9fef 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -43,10 +43,11 @@ static int _gnutls_pk_decrypt(int algo, GNUTLS_MPI * resarr, GNUTLS_MPI data, GN */ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, GNUTLS_MPI* params, - int params_len, - int btype) + uint params_len, + uint btype) { - int i, ret, pad; + unsigned int i, pad; + int ret; GNUTLS_MPI m, res; opaque *edata, *ps; size_t k, psize; @@ -167,10 +168,11 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, * Can decrypt block type 1 and type 2 packets. */ int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, - gnutls_datum ciphertext, GNUTLS_MPI* params, int params_len, - int btype) + gnutls_datum ciphertext, GNUTLS_MPI* params, uint params_len, + uint btype) { - int k, i, ret; + uint k, i; + int ret; GNUTLS_MPI c, res; opaque *edata; size_t esize, mod_bits; @@ -375,7 +377,7 @@ size_t tot_len = 0; /* Do DSA signature calculation. params is p, q, g, y, x in that order. */ int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *hash, - GNUTLS_MPI * params, int params_len) + GNUTLS_MPI * params, uint params_len) { GNUTLS_MPI rs[2], mdata; int ret; diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h index 814800971f..30483992ad 100644 --- a/lib/gnutls_pk.h +++ b/lib/gnutls_pk.h @@ -2,11 +2,11 @@ # define GNUTLS_PK_H int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext, - MPI * params, int params_len, int btype); + MPI * params, uint params_len, uint btype); int _gnutls_dsa_sign(gnutls_datum * signature, const gnutls_datum *plaintext, - MPI *params, int params_len); + MPI *params, uint params_len); int _gnutls_pkcs1_rsa_decrypt(gnutls_datum * plaintext, gnutls_datum ciphertext, - MPI * params, int params_len, int btype); + MPI * params, uint params_len, uint btype); int _gnutls_rsa_verify( const gnutls_datum* vdata, const gnutls_datum *ciphertext, MPI* params, int params_len, int btype); int _gnutls_dsa_verify( const gnutls_datum* vdata, const gnutls_datum *sig_value, diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index e337cccca1..87c3ce1622 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -224,7 +224,7 @@ static int _gnutls_session_is_valid( gnutls_session session) { static ssize_t _gnutls_create_empty_record( gnutls_session session, ContentType type, - opaque* erecord, int erecord_size) + opaque* erecord, unsigned int erecord_size) { int cipher_size; int retval; @@ -804,7 +804,7 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType _gnutls_record_log( "REC: ChangeCipherSpec Packet was received\n"); - if (tmplen!=sizeofdata) { /* sizeofdata should be 1 */ + if ((size_t)tmplen!=sizeofdata) { /* sizeofdata should be 1 */ gnutls_assert(); gnutls_afree(tmpdata); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index 48336c1eba..0676181b99 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -325,7 +325,8 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, GNUTLS_MPI rsa_params[RSA_PRIVATE_PARAMS]; size_t siz; - int i, ret; + uint i; + int ret; if (check_bits(bits) < 0) { gnutls_assert(); diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index e59a4a3f21..1c1ade4c20 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -178,7 +178,7 @@ int _gnutls_session_unpack(gnutls_session session, { uint32 pack_size; int ret; - uint32 timestamp = time(0); + time_t timestamp = time(0); SecurityParameters sp; if (packed_session==NULL || packed_session->size == 0) { @@ -325,7 +325,7 @@ int _gnutls_session_unpack(gnutls_session session, int _gnutls_pack_certificate_auth_info( CERTIFICATE_AUTH_INFO info, gnutls_datum * packed_session) { - uint32 pos, i; + unsigned int pos, i; int info_size; packed_session->size = _gnutls_pack_certificate_auth_info_size( info); @@ -359,7 +359,7 @@ int _gnutls_pack_certificate_auth_info( CERTIFICATE_AUTH_INFO info, static int _gnutls_pack_certificate_auth_info_size( CERTIFICATE_AUTH_INFO info) { uint32 pack_size = sizeof(CERTIFICATE_AUTH_INFO_INT); - int i; + unsigned int i; if (info == NULL) return sizeof(uint32) + PACK_HEADER_SIZE; @@ -375,7 +375,8 @@ static int _gnutls_pack_certificate_auth_info_size( CERTIFICATE_AUTH_INFO info) int _gnutls_unpack_certificate_auth_info(CERTIFICATE_AUTH_INFO info, const gnutls_datum * packed_session) { -int ret, i, pos, j; +unsigned int i,j, pos; +int ret; uint32 size; memcpy(info, diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 3e0d4d1f9e..0f0213c659 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -258,10 +258,10 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *hash_co /* Verifies a TLS signature (like the one in the client certificate - * verify message). ubuffer_size is a buffer to remove from the hash buffer - * in order to avoid hashing the last message. + * verify message). */ -int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size) { +int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature) +{ int ret; opaque concat[36]; GNUTLS_MAC_HANDLE td_md5; diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index 8e2d568b77..7026c4a778 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -6,7 +6,7 @@ gnutls_certificate_status gnutls_x509_verify_signature(gnutls_cert* cert, gnutls int _gnutls_pkcs1_rsa_generate_sig( gnutls_cert* cert, gnutls_private_key *pkey, const gnutls_datum* hash_concat, gnutls_datum *signature); int _gnutls_generate_sig_from_hdata( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum *signature); int _gnutls_generate_sig_params( gnutls_session session, gnutls_cert* cert, gnutls_private_key *pkey, gnutls_datum* params, gnutls_datum *signature); -int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature, int ubuffer_size); +int _gnutls_verify_sig_hdata( gnutls_session session, gnutls_cert *cert, gnutls_datum* signature); int _gnutls_verify_sig_params( gnutls_session session, gnutls_cert *cert, const gnutls_datum* params, gnutls_datum* signature); #endif diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index e26780baec..80bc7bfa0c 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -102,7 +102,7 @@ gnutls_compression_method gnutls_compression_get( gnutls_session session) { } int _gnutls_session_cert_type_supported( gnutls_session session, gnutls_certificate_type cert_type) { -int i; +uint i; if (session->internals.cert_type_priority.algorithms==0 && cert_type == DEFAULT_CERT_TYPE) return 0; diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index c5471375ce..b3437c5347 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -280,7 +280,7 @@ int gnutls_x509_fingerprint(GNUTLS_DigestAlgorithm algo, const gnutls_datum* dat GNUTLS_HASH_HANDLE td; int hash_len = _gnutls_hash_get_algo_len(algo); - if (hash_len > *result_size || hash_len < 0) { + if (hash_len < 0 || (size_t)hash_len > *result_size) { *result_size = hash_len; return GNUTLS_E_INVALID_REQUEST; } diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index fdeac41dc6..b305f677a5 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -84,7 +84,7 @@ int gnutls_x509_certificate_to_xml(const gnutls_datum * cert, gnutls_datum* res, int gnutls_x509_extract_dn( const gnutls_datum*, gnutls_x509_dn*); int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*); -int gnutls_x509_extract_certificate_dn_string(char *buf, int sizeof_buf, +int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf, const gnutls_datum * cert, int issuer); int gnutls_x509_extract_certificate_issuer_dn( const gnutls_datum*, gnutls_x509_dn *); int gnutls_x509_extract_certificate_version( const gnutls_datum*); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 14e1091226..34dab84c1e 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -72,7 +72,7 @@ static oid2string OID2STR[] = { {"1 2 840 113549 1 1 5", "sha1WithRSAEncryption", 0, 0}, {"1 2 840 10040 4 3", "id-dsa-with-sha1", 0, 0}, {"1 2 840 10040 4 1", "id-dsa", 0, 0}, - {NULL} + {NULL, NULL, 0, 0} }; /* Returns 1 if the data defined by the OID are printable. @@ -605,7 +605,7 @@ int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert, char ext_data[256]; int len; char num[MAX_INT_DIGITS]; - GNUTLS_X509_SUBJECT_ALT_NAME type; + gnutls_x509_subject_alt_name type; memset(ret, 0, *ret_size); @@ -662,7 +662,7 @@ int gnutls_x509_extract_certificate_subject_alt_name(const gnutls_datum * cert, type = _find_type( ext_data); - if (type == -1) { + if (type == (gnutls_x509_subject_alt_name)-1) { gnutls_assert(); return GNUTLS_E_X509_UNKNOWN_SAN; } @@ -826,7 +826,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session) { CERTIFICATE_AUTH_INFO info; const gnutls_certificate_credentials cred; - gnutls_certificate_status verify; + int verify; gnutls_cert *peer_certificate_list; int peer_certificate_list_size, i, x, ret; @@ -934,7 +934,7 @@ int _gnutls_x509_cert_verify_peers(gnutls_session session) **/ int gnutls_x509_verify_certificate( const gnutls_datum* cert_list, int cert_list_length, const gnutls_datum * CA_list, int CA_list_length, const gnutls_datum* CRL_list, int CRL_list_length) { - gnutls_certificate_status verify; + int verify; gnutls_cert *peer_certificate_list; gnutls_cert *ca_certificate_list; int peer_certificate_list_size, i, x, ret, ca_certificate_list_size; @@ -1690,7 +1690,8 @@ int gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials res, con static int generate_rdn_seq( gnutls_certificate_credentials res) { gnutls_datum tmp; -int ret, size, i; +int ret; +uint size, i; opaque *pdata; /* Generate the RDN sequence @@ -2841,7 +2842,7 @@ time_t _gnutls_x509_generalTime2gtime(char *ttime) * Returns GNUTLS_E_INVALID_REQUEST if the provided buffer is not long enough. * **/ -int gnutls_x509_extract_certificate_dn_string(char *buf, int sizeof_buf, +int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf, const gnutls_datum * cert, int issuer) { gnutls_x509_dn dn; diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h index d846aa6adc..ccf2afb276 100644 --- a/lib/gnutls_x509.h +++ b/lib/gnutls_x509.h @@ -34,3 +34,5 @@ int _gnutls_x509_oid_data2string( const char* OID, void* value, const char* _gnutls_x509_oid2string( const char* OID); int _gnutls_x509_oid_data_printable( const char* OID); +int gnutls_x509_extract_certificate_subject_alt_name( const gnutls_datum*, int seq, char*, int*); +int gnutls_x509_extract_certificate_dn( const gnutls_datum*, gnutls_x509_dn*); diff --git a/lib/rfc2818_hostname.c b/lib/rfc2818_hostname.c index a3e11a14b2..ad3acd27dc 100644 --- a/lib/rfc2818_hostname.c +++ b/lib/rfc2818_hostname.c @@ -33,7 +33,7 @@ static int hostname_compare(const char *certname, const char *hostname); * the given hostname. This is a basic implementation of the matching described * in RFC2818 (HTTPS). * - * Returns 1 on success, and 0 on failure. + * Returns non zero on success, and zero on failure. * **/ int gnutls_x509_check_certificates_hostname(const gnutls_datum * cert, @@ -43,7 +43,7 @@ int gnutls_x509_check_certificates_hostname(const gnutls_datum * cert, char dnsname[GNUTLS_X509_CN_SIZE]; int dnsnamesize; int found_dnsname = 0; - int ret; + int ret = 0; gnutls_DN dn; int i = 0; diff --git a/lib/x509_b64.c b/lib/x509_b64.c index e87e67123d..3144ae3dda 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -25,10 +25,11 @@ #include "gnutls_int.h" #include "gnutls_errors.h" #include <gnutls_datum.h> +#include <x509_b64.h> -const static uint8 b64table[64] = +static const uint8 b64table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -const static uint8 asciitable[128] = { +static const uint8 asciitable[128] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, @@ -135,9 +136,10 @@ inline static int decode(uint8 * result, const uint8 * data) /* encodes data and puts the result into result (localy alocated) * The result_size is the return value */ -int _gnutls_base64_encode(const uint8 * data, int data_size, uint8 ** result) +int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result) { - int i, ret, tmp, j; + unsigned int i, j; + int ret, tmp; char tmpres[4]; ret = data_size % 3; @@ -327,9 +329,10 @@ int size, res; /* decodes data and puts the result into result (localy alocated) * The result_size is the return value */ -int _gnutls_base64_decode(const uint8 * data, int data_size, uint8 ** result) +int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result) { - int i, ret, tmp, j; + unsigned int i, j; + int ret, tmp; uint8 tmpres[3]; data_size /= 4; @@ -380,7 +383,7 @@ inline static int cpydata(const uint8 * data, int data_size, uint8 ** result) * The result_size is the return value */ #define ENDSTR "-----\n" -int _gnutls_fbase64_decode( const char* header, const uint8 * data, int data_size, +int _gnutls_fbase64_decode( const opaque* header, const opaque * data, size_t data_size, uint8 ** result) { int ret; diff --git a/lib/x509_b64.h b/lib/x509_b64.h index 6ec73459c7..6c7b014707 100644 --- a/lib/x509_b64.h +++ b/lib/x509_b64.h @@ -1,6 +1,6 @@ -int _gnutls_base64_encode(uint8 * data, int data_size, uint8 ** result); +int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result); int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size, uint8 ** result); -int _gnutls_base64_decode(const char* header, uint8 * data, int data_size, uint8 ** result); -int _gnutls_fbase64_decode( const char* header, const uint8 * data, int data_size, +int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result); +int _gnutls_fbase64_decode( const opaque* header, const uint8 * data, size_t data_size, uint8 ** result); diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index 83c745c60d..a83af0833d 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -107,7 +107,7 @@ int len; return _gnutls_asn2err(result); } - *hash = -1; + *hash = (gnutls_mac_algorithm)-1; if ( strcmp(str, "1 2 840 113549 2 5")==0) { /* MD5 */ *hash = GNUTLS_MAC_MD5; @@ -116,7 +116,7 @@ int len; *hash = GNUTLS_MAC_SHA; } - if (*hash==-1) { + if (*hash==(gnutls_mac_algorithm)-1) { _gnutls_x509_log( "X509_SIG: HASH OID: %s\n", str); diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index c211c0e788..0c5dc34d91 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -35,8 +35,8 @@ int gen_srp_server_kx2(gnutls_session, opaque **); int gen_srp_client_kx0(gnutls_session, opaque **); -int proc_srp_server_kx2(gnutls_session, opaque *, int); -int proc_srp_client_kx0(gnutls_session, opaque *, int); +int proc_srp_server_kx2(gnutls_session, opaque *, size_t); +int proc_srp_client_kx0(gnutls_session, opaque *, size_t); const MOD_AUTH_STRUCT srp_auth_struct = { "SRP", @@ -72,15 +72,16 @@ const MOD_AUTH_STRUCT srp_auth_struct = { /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number * Data is allocated by the caller, and should have data_size size. */ -int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size) +int gen_srp_server_hello(gnutls_session state, opaque * data, size_t _data_size) { size_t n_g, n_n, n_s; - size_t ret; + int ret; uint8 *data_n, *data_s; uint8 *data_g, *username; GNUTLS_SRP_PWD_ENTRY *pwd_entry; int err; SRP_SERVER_AUTH_INFO info; + ssize_t data_size = _data_size; if ( (ret=_gnutls_auth_info_set( state, GNUTLS_CRD_SRP, sizeof( SRP_SERVER_AUTH_INFO_INT), 1)) < 0) { gnutls_assert(); @@ -127,7 +128,7 @@ int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size) _gnutls_mpi_set(N, pwd_entry->n); _gnutls_mpi_set(V, pwd_entry->v); - if (data_size < n_n + n_g + pwd_entry->salt_size + 5) { + if ((size_t)data_size < n_n + n_g + pwd_entry->salt_size + 5) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } @@ -285,7 +286,7 @@ int gen_srp_client_kx0(gnutls_session state, opaque ** data) } /* receive the first key exchange message ( g, n, s) */ -int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_size) +int proc_srp_server_hello(gnutls_session state, const opaque * data, size_t _data_size) { uint8 n_s; uint16 n_g, n_n; @@ -295,8 +296,9 @@ int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_si const uint8 *data_s; int i, ret; opaque hd[SRP_MAX_HASH_SIZE]; - char *username; - char *password; + char *username, *password; + ssize_t data_size = _data_size; + const gnutls_srp_client_credentials cred = _gnutls_get_cred(state->gnutls_key, GNUTLS_CRD_SRP, NULL); @@ -370,9 +372,10 @@ int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_si } /* just read A and put it to state */ -int proc_srp_client_kx0(gnutls_session state, opaque * data, int data_size) +int proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _data_size) { size_t _n_A; + ssize_t data_size = _data_size; DECR_LEN( data_size, 2); _n_A = _gnutls_read_uint16( &data[0]); @@ -387,9 +390,10 @@ int proc_srp_client_kx0(gnutls_session state, opaque * data, int data_size) } -int proc_srp_server_kx2(gnutls_session state, opaque * data, int data_size) +int proc_srp_server_kx2(gnutls_session state, opaque * data, size_t _data_size) { size_t _n_B; + ssize_t data_size = _data_size; int ret; DECR_LEN( data_size, 2); diff --git a/libextra/auth_srp.h b/libextra/auth_srp.h index baa7dc3eb3..988e24f5ef 100644 --- a/libextra/auth_srp.h +++ b/libextra/auth_srp.h @@ -23,8 +23,8 @@ typedef struct SRP_SERVER_AUTH_INFO_INT { #ifdef ENABLE_SRP -int proc_srp_server_hello(gnutls_session state, const opaque * data, int data_size); -int gen_srp_server_hello(gnutls_session state, opaque * data, int data_size); +int proc_srp_server_hello(gnutls_session state, const opaque * data, size_t data_size); +int gen_srp_server_hello(gnutls_session state, opaque * data, size_t data_size); typedef struct SRP_SERVER_AUTH_INFO_INT SRP_SERVER_AUTH_INFO_INT; diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c index a39bbd44ba..98915a1b94 100644 --- a/libextra/auth_srp_passwd.c +++ b/libextra/auth_srp_passwd.c @@ -38,7 +38,7 @@ /* this function parses tpasswd.conf file. Format is: * string(username):base64(v):base64(salt):int(index) */ -static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) { +static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str) { char * p; int len, ret; opaque *verifier; @@ -124,7 +124,8 @@ int indx; /* this function parses tpasswd.conf file. Format is: * int(index):base64(n):int(g) */ -static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) { +static int pwd_put_values2( GNUTLS_SRP_PWD_ENTRY *entry, char *str) +{ char * p; int len; opaque * tmp; @@ -198,7 +199,7 @@ size_t tmp_size; static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, int index) { FILE * fd; char line[2*1024]; - int i; + uint i; char indexstr[10]; sprintf( indexstr, "%d", index); /* Flawfinder: ignore */ @@ -216,7 +217,7 @@ static int pwd_read_conf( const char* pconf_file, GNUTLS_SRP_PWD_ENTRY* entry, i i++; } if (strncmp( indexstr, line, strlen(indexstr)) == 0) { - if ((index = pwd_put_values2( entry, line, strlen(line))) >= 0) + if ((index = pwd_put_values2( entry, line)) >= 0) return 0; else { return GNUTLS_E_PWD_ERROR; @@ -232,7 +233,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us const gnutls_srp_server_credentials cred; FILE * fd; char line[2*1024]; - int i, len; + uint i, len; GNUTLS_SRP_PWD_ENTRY * entry = gnutls_malloc(sizeof(GNUTLS_SRP_PWD_ENTRY)); int index; int pwd_index = 0; @@ -286,7 +287,7 @@ GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* us } len = strlen(username); if (strncmp( username, line, (i>len)?i:len) == 0) { - if ((index = pwd_put_values( entry, line, strlen(line))) >= 0) + if ((index = pwd_put_values( entry, line)) >= 0) if (pwd_read_conf( cred->password_conf_file[pwd_index], entry, index)==0) { return entry; } else { diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h index 1918b4356c..cb9ef01b28 100644 --- a/libextra/auth_srp_passwd.h +++ b/libextra/auth_srp_passwd.h @@ -15,7 +15,7 @@ typedef struct { GNUTLS_SRP_PWD_ENTRY *_gnutls_srp_pwd_read_entry( gnutls_session state, char* username, int* err); void _gnutls_srp_clear_pwd_entry( GNUTLS_SRP_PWD_ENTRY * entry); GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry(void); -int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result); -int _gnutls_sbase64_decode(uint8 * data, int data_size, uint8 ** result); +int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result); +int _gnutls_sbase64_decode(uint8 * data, size_t data_size, uint8 ** result); #endif /* ENABLE_SRP */ diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c index f3b90fb550..7941dc33ce 100644 --- a/libextra/auth_srp_sb64.c +++ b/libextra/auth_srp_sb64.c @@ -25,10 +25,10 @@ /* this a modified base64 for srp !!! * It seems that everybody makes it's own base64 convertion. */ -const static uint8 b64table[64] = +static const uint8 b64table[64] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; -const static uint8 asciitable[128] = { +static const uint8 asciitable[128] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, @@ -132,9 +132,10 @@ inline static int encode(uint8 * result, const uint8 * rdata, int left) /* encodes data and puts the result into result (localy alocated) * The result_size is the return value */ -int _gnutls_sbase64_encode(uint8 * data, int data_size, uint8 ** result) +int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result) { - int ret, tmp, j, i; + uint i,j; + int ret, tmp; char tmpres[4]; int mod = data_size % 3; @@ -217,9 +218,10 @@ inline static int decode(uint8 * result, const uint8 * data) * That function does not ignore newlines tabs etc. You should remove them * before calling it. */ -int _gnutls_sbase64_decode(uint8 * data, int idata_size, uint8 ** result) +int _gnutls_sbase64_decode(uint8 * data, size_t idata_size, uint8 ** result) { - int i, ret, j, left; + uint i,j; + int ret, left; int data_size, tmp; uint8 datrev[4]; uint8 tmpres[3]; diff --git a/libextra/crypt.c b/libextra/crypt.c index 4680e048f8..0d8ad19ad8 100644 --- a/libextra/crypt.c +++ b/libextra/crypt.c @@ -24,6 +24,7 @@ #include "crypt_srpsha1.h" #include "gnutls_random.h" +#include <crypt.h> char * _gnutls_srp_crypt(const char* username, const char *passwd, int salt, GNUTLS_MPI g, GNUTLS_MPI n) { diff --git a/libextra/crypt_srpsha1.c b/libextra/crypt_srpsha1.c index f09dff5a14..25cf2399fa 100644 --- a/libextra/crypt_srpsha1.c +++ b/libextra/crypt_srpsha1.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001 Nikos Mavroyanopoulos + * Copyright (C) 2001,2002 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * @@ -27,6 +27,7 @@ #include "auth_srp_passwd.h" #include "gnutls_srp.h" #include <gnutls_errors.h> +#include <crypt_srpsha1.h> /* * x = SHA(<salt> | SHA(<username> | ":" | <raw password>)) @@ -40,16 +41,16 @@ char *_gnutls_crypt_srpsha1(const char *username, const char *passwd, const char *salt, GNUTLS_MPI g, GNUTLS_MPI n) { unsigned char *sp, *spe, r1[MAX_HASH_SIZE]; - int salt_size = strlen(salt); + uint salt_size, passwd_len; unsigned char *local_salt, *v; - int passwd_len; GNUTLS_HASH_HANDLE h1; int vsize, hash_len = _gnutls_hash_get_algo_len(GNUTLS_MAC_SHA); opaque *tmp; uint8 *rtext, *csalt; - int rsalt_size, tmpsize; + int tmpsize, rsalt_size; size_t len; + salt_size = strlen(salt); passwd_len = strlen(passwd); /* we do not want the null */ h1 = _gnutls_hash_init(GNUTLS_MAC_SHA); diff --git a/libextra/ext_srp.c b/libextra/ext_srp.c index 96cd773f21..03637693d6 100644 --- a/libextra/ext_srp.c +++ b/libextra/ext_srp.c @@ -19,6 +19,7 @@ */ #include "gnutls_int.h" +#include <ext_srp.h> #ifdef ENABLE_SRP @@ -27,8 +28,9 @@ #include "gnutls_errors.h" #include "gnutls_algorithms.h" -int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_size) { +int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, size_t _data_size) { uint8 len; + ssize_t data_size = _data_size; if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) { /* algorithm was not allowed in this state @@ -62,8 +64,8 @@ int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_ /* returns data_size or a negative number on failure * data is allocated localy */ -int _gnutls_srp_send_params( gnutls_session state, opaque* data, int data_size) { - uint8 len; +int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t data_size) { + uint len; if (_gnutls_kx_priority( state, GNUTLS_KX_SRP) < 0) { /* algorithm was not allowed in this state @@ -78,7 +80,7 @@ int _gnutls_srp_send_params( gnutls_session state, opaque* data, int data_size) if (cred==NULL) return 0; if (cred->username!=NULL) { /* send username */ - len = strlen(cred->username); + len = strlen(cred->username) % 256; if (data_size < len+1) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; diff --git a/libextra/ext_srp.h b/libextra/ext_srp.h index 2b555937ca..63c85eac9a 100644 --- a/libextra/ext_srp.h +++ b/libextra/ext_srp.h @@ -1,6 +1,6 @@ #ifdef ENABLE_SRP -int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, int data_size); -int _gnutls_srp_send_params( gnutls_session state, opaque* data, int); +int _gnutls_srp_recv_params( gnutls_session state, const opaque* data, size_t data_size); +int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t); #endif diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index fecfefc6cc..b4004c8dec 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -1392,7 +1392,8 @@ gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid, char buffer[4096]; int fd = -1; int rc = 0, state = 0; - ssize_t nbytes = 0, n = 0; + size_t nbytes = 0; + ssize_t n = 0; if ( !host || !key ) return GNUTLS_E_INVALID_PARAMETERS; |