12 files changed, 47 insertions, 29 deletions

diff --git a/ChangeLog b/ChangeLog
index 2526572d58..ebed0c9454 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2002-03-09 21:06  twoaday <twoaday@gnutls.org>
+
+	* lib/: gnutls_openpgp.c, x509_ASN.c:
+
+	Patches for the new OpenCDK version and some stricter checks for
+	memory leaks.  
+
+2002-03-09 19:08  nmav <nmav@gnutls.org>
+
+	* ChangeLog, NEWS, doc/tex/ex3.tex, lib/gnutls.h.in.in,
+	lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_constate.c,
+	lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+	lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_state.h,
+	lib/x509_verify.c, src/common.c:
+
+	removed GNUTLS_CERT_TRUSTED enumeration 
+
 2002-03-08 22:42  nmav <nmav@gnutls.org>
 
 	* lib/: gnutls_errors.c, gnutls_errors_int.h, gnutls_record.c:
diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c
index 2c8a2163bd..cea17c6620 100644
--- a/lib/gnutls_constate.c
+++ b/lib/gnutls_constate.c
@@ -25,6 +25,7 @@
 #include <gnutls_algorithms.h>
 #include <gnutls_num.h>
 #include <gnutls_datum.h>
+#include <gnutls_state.h>
 
 /* This function is to be called after handshake, when master_secret,
  *  client_random and server_random have been initialized. 
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 526114c2a8..0701bd9fe9 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -52,7 +52,7 @@ static gnutls_error_entry error_algorithms[] = {
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_INVALID_SESSION, 1),
-	GNUTLS_ERROR_ENTRY( GNUTLS_E_INTERNAL, 1),
+	GNUTLS_ERROR_ENTRY( GNUTLS_E_INTERNAL_ERROR, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_UNABLE_SEND_DATA, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_FATAL_ALERT_RECEIVED ,1),
@@ -98,8 +98,8 @@ static gnutls_error_entry error_algorithms[] = {
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_INVALID_PARAMETERS, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_INVALID_REQUEST, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_ILLEGAL_PARAMETER, 1),
-	GNUTLS_ERROR_ENTRY( GNUTLS_E_FILE, 1),
-	GNUTLS_ERROR_ENTRY( GNUTLS_E_ASCII_ARMOR, 1),
+	GNUTLS_ERROR_ENTRY( GNUTLS_E_FILE_ERROR, 1),
+	GNUTLS_ERROR_ENTRY( GNUTLS_E_ASCII_ARMOR_ERROR, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_UNIX_TIME_LIMIT_EXCEEDED, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
 	GNUTLS_ERROR_ENTRY( GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h
index 0654737989..4969b3fa96 100644
--- a/lib/gnutls_errors_int.h
+++ b/lib/gnutls_errors_int.h
@@ -56,13 +56,13 @@
 #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
 #define GNUTLS_E_PKCS1_WRONG_PAD -57
 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
-#define GNUTLS_E_INTERNAL -59
+#define GNUTLS_E_INTERNAL_ERROR -59
 #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
 #define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
 #define GNUTLS_E_X509_UNKNOWN_SAN -62
 #define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
-#define GNUTLS_E_FILE -64
-#define GNUTLS_E_ASCII_ARMOR -65
+#define GNUTLS_E_FILE_ERROR -64
+#define GNUTLS_E_ASCII_ARMOR_ERROR -65
 #define GNUTLS_E_UNIX_TIME_LIMIT_EXCEEDED -66
 #define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
 #define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 3b142d1124..3b9e576241 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -366,7 +366,7 @@ char * data;
 	if (state->gnutls_internals.handshake_mac_handle_sha==NULL ||
 		state->gnutls_internals.handshake_mac_handle_md5==NULL) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	/* We check if there are pending data to hash.
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 3045754edc..c490347e26 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -131,7 +131,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext,
 		pad = 0;
 	} else { /* psize > k !!! */
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	ciphertext->data = gnutls_malloc(psize);
@@ -445,7 +445,7 @@ int _gnutls_dsa_verify( const gnutls_datum* vdata, const gnutls_datum *sig_value
 
 	if (vdata->size != 20) { /* sha-1 only */
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	if (decode_ber_rs( sig_value, &rs[0], &rs[1])!=0) {
@@ -531,7 +531,7 @@ int _gnutls_pk_encrypt(int algo, MPI * resarr, MPI data, MPI * pkey)
 		if (resarr[0] == NULL) {
 			gnutls_assert();
 			gcry_sexp_release(s_ciph);
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 		}
 	}
 
@@ -563,7 +563,7 @@ int _gnutls_pk_sign(int algo, MPI* data, MPI hash, MPI * pkey)
 
 	if (rc != 0) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	/* put the data into a simple list */
@@ -586,7 +586,7 @@ int _gnutls_pk_sign(int algo, MPI* data, MPI hash, MPI * pkey)
 		if (list == NULL) {
 			gnutls_assert();
 			gcry_sexp_release(s_sig);
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 		}
 
 		data[0] = gcry_sexp_nth_mpi( list, 1, 0 );
@@ -596,7 +596,7 @@ int _gnutls_pk_sign(int algo, MPI* data, MPI hash, MPI * pkey)
 		if (list == NULL) {
 			gnutls_assert();
 			gcry_sexp_release(s_sig);
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 		}
 
 		data[1] = gcry_sexp_nth_mpi( list, 1, 0 );
@@ -624,12 +624,12 @@ static int _gnutls_pk_verify(int algo, MPI hash, MPI* data, MPI *pkey)
 
 	default:
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	if (rc != 0) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	/* put the data into a simple list */
@@ -650,14 +650,14 @@ static int _gnutls_pk_verify(int algo, MPI hash, MPI* data, MPI *pkey)
 		gnutls_assert();
 		gcry_sexp_release(s_pkey);
 		gcry_sexp_release(s_hash);
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	if (rc != 0) {
 		gnutls_assert();
 		gcry_sexp_release(s_pkey);
 		gcry_sexp_release(s_hash);
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	rc = gcry_pk_verify( s_sig, s_hash, s_pkey );
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 693713d2df..3a060629e4 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -49,7 +49,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, gnutls_datum raw_key)
 	if ((sizeof( pkey->params)/sizeof(MPI)) < RSA_PARAMS) {
 		gnutls_assert();
 		/* internal error. Increase the MPIs in params */
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	result = asn1_get_der( pkey_asn, raw_key.data, raw_key.size);
@@ -113,7 +113,7 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, gnutls_datum raw_key) {
 	if ((sizeof( pkey->params)/sizeof(MPI)) < DSA_PRIVATE_PARAMS) {
 		gnutls_assert();
 		/* internal error. Increase the MPIs in params */
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	result = asn1_get_der( dsa_asn, raw_key.data, raw_key.size);
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 8f2a7dc162..516fa8e255 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -198,7 +198,7 @@ ssize_t gnutls_create_empty_record( GNUTLS_STATE state, ContentType type,
 	lver = gnutls_protocol_get_version(state);
 	if (lver==GNUTLS_VERSION_UNKNOWN) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	headers[1]=_gnutls_version_get_major( lver);
@@ -267,7 +267,7 @@ ssize_t gnutls_send_int( GNUTLS_STATE state, ContentType type, HandshakeType hty
 	lver = gnutls_protocol_get_version(state);
 	if (lver==GNUTLS_VERSION_UNKNOWN) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	headers[1]=_gnutls_version_get_major( lver);
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index b853eefe73..ecd9ba026f 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -76,7 +76,7 @@ GNUTLS_MAC_HANDLE td_sha;
 		
 		default:
 			gnutls_assert();
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 	}
 	ret = _gnutls_generate_sig( cert, pkey, &dconcat, signature);
 	if (ret < 0)
@@ -134,7 +134,7 @@ opaque concat[36];
 		
 		default:
 			gnutls_assert();
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 	}
 	ret = _gnutls_generate_sig( cert, pkey, &dconcat, signature);
 	if (ret < 0)
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 8dd43ec765..e2ad3e9ede 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -424,7 +424,7 @@ static int gnutls_P_hash( MACAlgorithm algorithm, opaque * secret, int secret_si
 
 	if (seed_size > MAX_SEED_SIZE || total_bytes<=0) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 	
 	blocksize = gnutls_hmac_get_algo_len(algorithm);
@@ -503,14 +503,14 @@ int _gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_size
 
 	if (total_bytes > MAX_PRF_BYTES) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 	/* label+seed = s_seed */
 	s_seed_size = seed_size + label_size;
 
 	if (s_seed_size > MAX_SEED_SIZE) {
 		gnutls_assert();
-		return GNUTLS_E_INTERNAL;
+		return GNUTLS_E_INTERNAL_ERROR;
 	}
 
 	memcpy(s_seed, label, label_size);
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index d7fcbfef44..409fc58421 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1575,7 +1575,7 @@ int len, result;
 		if ((sizeof(gCert->params) / sizeof(MPI)) < RSA_PARAMS) {
 			gnutls_assert();
 			/* internal error. Increase the MPIs in params */
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 		}
 
 		if ((result =
@@ -1610,7 +1610,7 @@ int len, result;
 		if ((sizeof(gCert->params) / sizeof(MPI)) < DSA_PUBLIC_PARAMS) {
 			gnutls_assert();
 			/* internal error. Increase the MPIs in params */
-			return GNUTLS_E_INTERNAL;
+			return GNUTLS_E_INTERNAL_ERROR;
 		}
 
 		if ((result =
diff --git a/lib/x509_asn1.h b/lib/x509_asn1.h
index 96dc3c02d7..b8165ed836 100755
--- a/lib/x509_asn1.h
+++ b/lib/x509_asn1.h
@@ -74,7 +74,7 @@
 
 
 #define ASN_OK                    0
-#define ASN_FILE_NOT_FOUND        GNUTLS_E_FILE
+#define ASN_FILE_NOT_FOUND        GNUTLS_E_FILE_ERROR
 #define ASN_ELEMENT_NOT_FOUND     GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
 #define ASN_IDENTIFIER_NOT_FOUND  GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND
 #define ASN_DER_ERROR             GNUTLS_E_ASN1_DER_ERROR