summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/auth_anon.c8
-rw-r--r--lib/auth_dhe_rsa.c8
-rw-r--r--lib/auth_srp.c16
-rw-r--r--lib/auth_srp_passwd.c8
-rw-r--r--lib/auth_x509.c4
-rw-r--r--lib/gnutls_buffers.c21
-rw-r--r--lib/gnutls_cert.c8
-rw-r--r--lib/gnutls_dh.c6
-rw-r--r--lib/gnutls_dh_primes.c8
-rw-r--r--lib/gnutls_gcry.c11
-rw-r--r--lib/gnutls_gcry.h8
-rw-r--r--lib/gnutls_pk.c14
-rw-r--r--lib/gnutls_privkey.c4
-rw-r--r--lib/gnutls_record.c52
-rw-r--r--lib/gnutls_session.c2
-rw-r--r--lib/gnutls_sig.c3
-rw-r--r--lib/gnutls_srp.c28
-rw-r--r--lib/x509_sig_check.c34
18 files changed, 131 insertions, 112 deletions
diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index c69dc5c955..17284e6a7d 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -219,18 +219,18 @@ int proc_anon_server_kx( GNUTLS_STATE state, opaque* data, int data_size) {
_n_g = n_g;
_n_p = n_p;
- if (gcry_mpi_scan(&state->gnutls_key->client_Y,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_Y,
GCRYMPI_FMT_USG, data_Y, &_n_Y) != 0 || state->gnutls_key->client_Y==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (gcry_mpi_scan(&state->gnutls_key->client_g,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_g,
GCRYMPI_FMT_USG, data_g, &_n_g) != 0 || state->gnutls_key->client_g==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (gcry_mpi_scan(&state->gnutls_key->client_p,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_p,
GCRYMPI_FMT_USG, data_p, &_n_p) != 0 || state->gnutls_key->client_p==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -266,7 +266,7 @@ int proc_anon_client_kx( GNUTLS_STATE state, opaque* data, int data_size) {
n_Y = READuint16( &data[0]);
_n_Y = n_Y;
- if (gcry_mpi_scan(&state->gnutls_key->client_Y,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_Y,
GCRYMPI_FMT_USG, &data[2], &_n_Y) !=0 || state->gnutls_key->client_Y==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
diff --git a/lib/auth_dhe_rsa.c b/lib/auth_dhe_rsa.c
index cbbc455701..519a80cdf9 100644
--- a/lib/auth_dhe_rsa.c
+++ b/lib/auth_dhe_rsa.c
@@ -279,18 +279,18 @@ static int proc_dhe_rsa_server_kx(GNUTLS_STATE state, opaque * data,
_n_g = n_g;
_n_p = n_p;
- if (gcry_mpi_scan(&state->gnutls_key->client_Y,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_Y,
GCRYMPI_FMT_USG, data_Y, &_n_Y) != 0) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (gcry_mpi_scan(&state->gnutls_key->client_g,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_g,
GCRYMPI_FMT_USG, data_g, &_n_g) != 0) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (gcry_mpi_scan(&state->gnutls_key->client_p,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_p,
GCRYMPI_FMT_USG, data_p, &_n_p) != 0) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -341,7 +341,7 @@ static int proc_dhe_rsa_client_kx(GNUTLS_STATE state, opaque * data,
n_Y = READuint16(&data[0]);
_n_Y = n_Y;
- if (gcry_mpi_scan(&state->gnutls_key->client_Y,
+ if (_gnutls_mpi_scan(&state->gnutls_key->client_Y,
GCRYMPI_FMT_USG, &data[2], &_n_Y)) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
diff --git a/lib/auth_srp.c b/lib/auth_srp.c
index e2b609854d..dad9eb68bc 100644
--- a/lib/auth_srp.c
+++ b/lib/auth_srp.c
@@ -113,9 +113,9 @@ int gen_srp_server_hello(GNUTLS_STATE state, opaque ** data)
}
/* copy from pwd_entry to local variables (actually in state) */
- G = gcry_mpi_alloc_like(pwd_entry->g);
- N = gcry_mpi_alloc_like(pwd_entry->n);
- V = gcry_mpi_alloc_like(pwd_entry->v);
+ G = _gnutls_mpi_alloc_like(pwd_entry->g);
+ N = _gnutls_mpi_alloc_like(pwd_entry->n);
+ V = _gnutls_mpi_alloc_like(pwd_entry->v);
if (G==NULL || N == NULL || V == NULL) {
gnutls_assert();
@@ -356,12 +356,12 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
_n_g = n_g;
_n_n = n_n;
- if (gcry_mpi_scan(&N, GCRYMPI_FMT_USG, data_n, &_n_n) != 0 || N == NULL) {
+ if (_gnutls_mpi_scan(&N, GCRYMPI_FMT_USG, data_n, &_n_n) != 0 || N == NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (gcry_mpi_scan(&G, GCRYMPI_FMT_USG, data_g, &_n_g) != 0 || G == NULL) {
+ if (_gnutls_mpi_scan(&G, GCRYMPI_FMT_USG, data_g, &_n_g) != 0 || G == NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
@@ -374,7 +374,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size
return ret;
}
- if (gcry_mpi_scan(&state->gnutls_key->x, GCRYMPI_FMT_USG, hd, &_n_g) != 0 || state->gnutls_key->x==NULL) {
+ if (_gnutls_mpi_scan(&state->gnutls_key->x, GCRYMPI_FMT_USG, hd, &_n_g) != 0 || state->gnutls_key->x==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
@@ -389,7 +389,7 @@ int proc_srp_client_kx0(GNUTLS_STATE state, opaque * data, int data_size)
_n_A = READuint16( &data[0]);
- if (gcry_mpi_scan(&A, GCRYMPI_FMT_USG, &data[2], &_n_A) || A == NULL) {
+ if (_gnutls_mpi_scan(&A, GCRYMPI_FMT_USG, &data[2], &_n_A) || A == NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
@@ -405,7 +405,7 @@ int proc_srp_server_kx2(GNUTLS_STATE state, opaque * data, int data_size)
_n_B = READuint16( &data[0]);
- if (gcry_mpi_scan(&B, GCRYMPI_FMT_USG, &data[2], &_n_B) || B==NULL) {
+ if (_gnutls_mpi_scan(&B, GCRYMPI_FMT_USG, &data[2], &_n_B) || B==NULL) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c
index 3348f4cfac..9874892309 100644
--- a/lib/auth_srp_passwd.c
+++ b/lib/auth_srp_passwd.c
@@ -108,7 +108,7 @@ int indx;
return GNUTLS_E_PARSING_ERROR;
}
- if (gcry_mpi_scan(&entry->v, GCRYMPI_FMT_USG, verifier, &verifier_size) || entry->v == NULL) {
+ if (_gnutls_mpi_scan(&entry->v, GCRYMPI_FMT_USG, verifier, &verifier_size) || entry->v == NULL) {
gnutls_assert();
gnutls_free(entry->salt);
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -151,7 +151,7 @@ int tmp_size;
gnutls_assert();
return GNUTLS_E_PARSING_ERROR;
}
- if (gcry_mpi_scan(&entry->g, GCRYMPI_FMT_USG, tmp, &tmp_size) || entry->g==NULL) {
+ if (_gnutls_mpi_scan(&entry->g, GCRYMPI_FMT_USG, tmp, &tmp_size) || entry->g==NULL) {
gnutls_assert();
gnutls_free(tmp);
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -179,7 +179,7 @@ int tmp_size;
_gnutls_mpi_release(&entry->g);
return GNUTLS_E_PARSING_ERROR;
}
- if (gcry_mpi_scan(&entry->n, GCRYMPI_FMT_USG, tmp, &tmp_size) || entry->n==NULL) {
+ if (_gnutls_mpi_scan(&entry->n, GCRYMPI_FMT_USG, tmp, &tmp_size) || entry->n==NULL) {
gnutls_assert();
gnutls_free(tmp);
_gnutls_mpi_release(&entry->g);
@@ -309,7 +309,7 @@ GNUTLS_SRP_PWD_ENTRY* _gnutls_randomize_pwd_entry() {
}
strcpy( pwd_entry->username, RNDUSER); /* Flawfinder: ignore */
- pwd_entry->v = gcry_mpi_new(160);
+ pwd_entry->v = _gnutls_mpi_new(160);
if (pwd_entry->v==NULL) {
gnutls_assert();
_gnutls_srp_clear_pwd_entry( pwd_entry);
diff --git a/lib/auth_x509.c b/lib/auth_x509.c
index 5981485f3e..edfeff8b7a 100644
--- a/lib/auth_x509.c
+++ b/lib/auth_x509.c
@@ -136,7 +136,7 @@ static int _gnutls_get_rsa_params(RSA_Params * params,
asn1_delete_structure(spk);
return GNUTLS_E_ASN1_PARSING_ERROR;
}
- if (gcry_mpi_scan(mod, GCRYMPI_FMT_USG, str, &len) != 0) {
+ if (_gnutls_mpi_scan(mod, GCRYMPI_FMT_USG, str, &len) != 0) {
gnutls_assert();
asn1_delete_structure(spk);
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -159,7 +159,7 @@ static int _gnutls_get_rsa_params(RSA_Params * params,
_gnutls_mpi_release(mod);
return GNUTLS_E_ASN1_PARSING_ERROR;
}
- if (gcry_mpi_scan(exp, GCRYMPI_FMT_USG, str, &len) != 0) {
+ if (_gnutls_mpi_scan(exp, GCRYMPI_FMT_USG, str, &len) != 0) {
gnutls_assert();
_gnutls_mpi_release(mod);
if (params != NULL)
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 7da299cd20..33b09af921 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -277,7 +277,6 @@ void _gnutls_clear_read_buffer( GNUTLS_STATE state) {
*
* This is not a general purpose function. It returns EXACTLY the data requested.
*
- * FIXME: make the buffer, be dynamically allocated.
*/
ssize_t _gnutls_read_buffered( int fd, GNUTLS_STATE state, opaque **iptr, size_t sizeOfPtr, ContentType recv_type)
{
@@ -557,21 +556,25 @@ ssize_t _gnutls_handshake_send_int( SOCKET fd, GNUTLS_STATE state, ContentType t
return _gnutls_flush( fd, state);
}
- /* Fixme: Potential problem here. If ie one message has been
- * sent, and the next send_int() gets an interrupt.
- * This might be more dangerous with small message fragments.
- * (setting max_record_size to a smaller value)
+ /* FIXME: Potential problem here. If ie one message has been
+ * sent, and the next send_int() gets an interrupt (or e_again).
+ * This might be more dangerous, since a non blocking server may
+ * block here. Should a buffer be used here?
*/
left = n;
while (left > 0) {
i = gnutls_send_int(fd, state, type, htype, &ptr[i], left);
if (i <= 0) {
- gnutls_assert();
- if (n-left > 0) {
+ if (i==GNUTLS_E_INTERRUPTED || i==GNUTLS_E_AGAIN) {
+ i = 0;
+ } else {
gnutls_assert();
- return n-left;
+ if (n-left > 0) {
+ gnutls_assert();
+ return n-left;
+ }
+ return i;
}
- return i;
}
left -= i;
}
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 1825ea017e..0830152bd8 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -479,8 +479,12 @@ static int _read_rsa_params(opaque * der, int dersize, MPI ** params)
/* allocate size for the parameters (2) */
*params = gnutls_calloc(1, 2 * sizeof(MPI));
+ if (*params==NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- if (gcry_mpi_scan(&(*params)[0], GCRYMPI_FMT_USG, str, &len) != 0) {
+ if (_gnutls_mpi_scan(&(*params)[0], GCRYMPI_FMT_USG, str, &len) != 0) {
gnutls_assert();
gnutls_free((*params));
asn1_delete_structure(spk);
@@ -500,7 +504,7 @@ static int _read_rsa_params(opaque * der, int dersize, MPI ** params)
}
- if (gcry_mpi_scan(&(*params)[1], GCRYMPI_FMT_USG, str, &len) != 0) {
+ if (_gnutls_mpi_scan(&(*params)[1], GCRYMPI_FMT_USG, str, &len) != 0) {
gnutls_assert();
_gnutls_mpi_release(&(*params)[0]);
gnutls_free((*params));
diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c
index 71fcaae801..c4f66a3308 100644
--- a/lib/gnutls_dh.c
+++ b/lib/gnutls_dh.c
@@ -60,7 +60,7 @@ MPI gnutls_calc_dh_secret(MPI * ret_x, MPI g, MPI prime)
MPI e, x;
int x_size = get_x_size(gcry_mpi_get_nbits(prime));
- x = gcry_mpi_new(x_size); /* FIXME: allocate in secure memory */
+ x = _gnutls_mpi_new(x_size); /* FIXME: allocate in secure memory */
if (x == NULL) {
if (ret_x)
*ret_x = NULL;
@@ -70,7 +70,7 @@ MPI gnutls_calc_dh_secret(MPI * ret_x, MPI g, MPI prime)
gcry_mpi_randomize(x, x_size, GCRY_STRONG_RANDOM);
/* fixme: set high bit of x and select a larger one */
- e = gcry_mpi_alloc_like(prime);
+ e = _gnutls_mpi_alloc_like(prime);
if (e == NULL) {
if (ret_x)
*ret_x = NULL;
@@ -90,7 +90,7 @@ MPI gnutls_calc_dh_key(MPI f, MPI x, MPI prime)
{
MPI k;
- k = gcry_mpi_alloc_like(prime);
+ k = _gnutls_mpi_alloc_like(prime);
if (k == NULL)
return NULL;
gcry_mpi_powm(k, f, x, prime);
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index 1f0c63a514..aa447b99ff 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -306,7 +306,7 @@ int i, n;
n = dh_primes[i].prime.size;
_gnutls_mpi_release( &dh_primes[i]._prime);
- if (gcry_mpi_scan(&dh_primes[i]._prime, GCRYMPI_FMT_USG,
+ if (_gnutls_mpi_scan(&dh_primes[i]._prime, GCRYMPI_FMT_USG,
dh_primes[i].prime.data, &n)
|| dh_primes[i]._prime == NULL) {
gnutls_assert();
@@ -317,7 +317,7 @@ int i, n;
n = dh_primes[i].generator.size;
_gnutls_mpi_release( &dh_primes[i]._generator);
- if (gcry_mpi_scan(&dh_primes[i]._generator, GCRYMPI_FMT_USG,
+ if (_gnutls_mpi_scan(&dh_primes[i]._generator, GCRYMPI_FMT_USG,
dh_primes[i].generator.data, &n)
|| dh_primes[i]._generator == NULL) {
gnutls_assert();
@@ -454,14 +454,14 @@ int gnutls_dh_replace_params( gnutls_datum prime, gnutls_datum generator, int bi
} while(dh_primes[i].bits!=0);
siz = prime.size;
- if (gcry_mpi_scan(&tmp_prime, GCRYMPI_FMT_USG,
+ if (_gnutls_mpi_scan(&tmp_prime, GCRYMPI_FMT_USG,
prime.data, &siz)) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
siz = generator.size;
- if (gcry_mpi_scan(&tmp_g, GCRYMPI_FMT_USG,
+ if (_gnutls_mpi_scan(&tmp_g, GCRYMPI_FMT_USG,
generator.data, &siz)) {
_gnutls_mpi_release( &tmp_prime);
gnutls_assert();
diff --git a/lib/gnutls_gcry.c b/lib/gnutls_gcry.c
index d0f032e8d9..41685d650a 100644
--- a/lib/gnutls_gcry.c
+++ b/lib/gnutls_gcry.c
@@ -28,4 +28,13 @@ void _gnutls_mpi_release( MPI* x) {
gcry_mpi_release(*x);
*x=NULL;
}
- \ No newline at end of file
+
+MPI _gnutls_mpi_new( int bits) {
+ return gcry_mpi_new( bits);
+}
+
+int _gnutls_mpi_scan( GCRY_MPI *ret_mpi, enum gcry_mpi_format format,
+ const char *buffer, size_t *nbytes ) {
+ return gcry_mpi_scan( ret_mpi, format, buffer, nbytes);
+
+}
diff --git a/lib/gnutls_gcry.h b/lib/gnutls_gcry.h
index 914ecca9f2..eec1d13352 100644
--- a/lib/gnutls_gcry.h
+++ b/lib/gnutls_gcry.h
@@ -3,8 +3,14 @@
# include <gcrypt.h>
-# define gcry_mpi_alloc_like(x) gcry_mpi_new(gcry_mpi_get_nbits(x))
+MPI _gnutls_mpi_new( int);
+
+# define _gnutls_mpi_alloc_like(x) _gnutls_mpi_new(gcry_mpi_get_nbits(x))
void _gnutls_mpi_release( MPI* x);
+int _gnutls_mpi_scan( GCRY_MPI *ret_mpi, enum gcry_mpi_format format,
+ const char *buffer, size_t *nbytes );
+
+
#endif
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 30ec57d75b..704adb0309 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -91,7 +91,7 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
ps[psize] = 0;
memcpy(&ps[psize + 1], plaintext.data, plaintext.size);
- if (gcry_mpi_scan(&m, GCRYMPI_FMT_USG, edata, &k) != 0) {
+ if (_gnutls_mpi_scan(&m, GCRYMPI_FMT_USG, edata, &k) != 0) {
gnutls_assert();
gnutls_free(edata);
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -113,13 +113,13 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum * ciphertext, gnutls_datum plaintext,
ciphertext->data = gnutls_malloc(psize);
if (ciphertext->data == NULL) {
gnutls_assert();
- gcry_mpi_release(res);
+ _gnutls_mpi_release(&res);
return GNUTLS_E_MEMORY_ERROR;
}
gcry_mpi_print(GCRYMPI_FMT_USG, ciphertext->data, &psize, res);
ciphertext->size = psize;
- gcry_mpi_release(res);
+ _gnutls_mpi_release(&res);
return 0;
}
@@ -145,7 +145,7 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, gnutls_datum ciphertext
return GNUTLS_E_PK_DECRYPTION_FAILED;
}
- if (gcry_mpi_scan(&c, GCRYMPI_FMT_USG, ciphertext.data, &esize) != 0) {
+ if (_gnutls_mpi_scan(&c, GCRYMPI_FMT_USG, ciphertext.data, &esize) != 0) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
@@ -154,7 +154,7 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, gnutls_datum ciphertext
_pkey[1] = &pkey;
ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, c, _pkey);
- gcry_mpi_release(c);
+ _gnutls_mpi_release(&c);
if (ret < 0) {
gnutls_assert();
@@ -165,12 +165,12 @@ int _gnutls_pkcs1_rsa_decrypt(gnutls_sdatum * plaintext, gnutls_datum ciphertext
edata = gnutls_malloc(esize+1);
if (edata == NULL) {
gnutls_assert();
- gcry_mpi_release(res);
+ _gnutls_mpi_release(&res);
return GNUTLS_E_MEMORY_ERROR;
}
gcry_mpi_print(GCRYMPI_FMT_USG, &edata[1], &esize, res);
- gcry_mpi_release(res);
+ _gnutls_mpi_release(&res);
/* EB = 00||BT||PS||00||D
* (use block type 'btype')
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index dd34815937..7a64d6b3f0 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -64,7 +64,7 @@ int _gnutls_pkcs1key2gnutlsKey(gnutls_private_key * pkey, gnutls_datum cert) {
asn1_delete_structure(pkcs_asn);
return GNUTLS_E_ASN1_PARSING_ERROR;
}
- if (gcry_mpi_scan( &pkey->params[0], /* u */
+ if (_gnutls_mpi_scan( &pkey->params[0], /* u */
GCRYMPI_FMT_USG, str, &len) != 0 || pkey->params[0]==NULL) {
gnutls_assert();
asn1_delete_structure(pkcs_asn);
@@ -82,7 +82,7 @@ int _gnutls_pkcs1key2gnutlsKey(gnutls_private_key * pkey, gnutls_datum cert) {
return GNUTLS_E_ASN1_PARSING_ERROR;
}
- if (gcry_mpi_scan( &pkey->params[1], /* A */
+ if (_gnutls_mpi_scan( &pkey->params[1], /* A */
GCRYMPI_FMT_USG, str, &len) != 0 || pkey->params[1] == NULL) {
gnutls_assert();
asn1_delete_structure(pkcs_asn);
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index a95eb8f21c..4196622c59 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -64,6 +64,7 @@ int gnutls_set_lowat(GNUTLS_STATE state, int num) {
return 0;
}
+#define _gnutls_free(x) if(x!=NULL) gnutls_free(x)
/**
* gnutls_init - This function initializes the state to null (null encryption etc...).
* @con_end: is used to indicate if this state is to be used for server or
@@ -128,7 +129,6 @@ int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end)
return 0;
}
-#define GNUTLS_FREE(x) if(x!=NULL) gnutls_free(x)
/**
* gnutls_deinit - This function clears all buffers associated with the &state
* @state: is a &GNUTLS_STATE structure.
@@ -143,7 +143,7 @@ int gnutls_deinit(GNUTLS_STATE state)
}
/* remove auth info firstly */
- GNUTLS_FREE(state->gnutls_key->auth_info);
+ _gnutls_free(state->gnutls_key->auth_info);
#ifdef HAVE_LIBGDBM
/* close the database - resuming sessions */
@@ -154,11 +154,11 @@ int gnutls_deinit(GNUTLS_STATE state)
gnutls_sfree_datum(&state->connection_state.read_mac_secret);
gnutls_sfree_datum(&state->connection_state.write_mac_secret);
- GNUTLS_FREE(state->gnutls_internals.recv_buffer.data);
- GNUTLS_FREE(state->gnutls_internals.buffer.data);
- GNUTLS_FREE(state->gnutls_internals.buffer_handshake.data);
- GNUTLS_FREE(state->gnutls_internals.hash_buffer.data);
- GNUTLS_FREE(state->gnutls_internals.send_buffer.data);
+ _gnutls_free(state->gnutls_internals.recv_buffer.data);
+ _gnutls_free(state->gnutls_internals.buffer.data);
+ _gnutls_free(state->gnutls_internals.buffer_handshake.data);
+ _gnutls_free(state->gnutls_internals.hash_buffer.data);
+ _gnutls_free(state->gnutls_internals.send_buffer.data);
gnutls_clear_creds( state);
@@ -174,34 +174,34 @@ int gnutls_deinit(GNUTLS_STATE state)
gnutls_sfree_datum( &state->cipher_specs.server_write_key);
gnutls_sfree_datum( &state->cipher_specs.client_write_key);
- mpi_release(state->gnutls_key->KEY);
- mpi_release(state->gnutls_key->client_Y);
- mpi_release(state->gnutls_key->client_p);
- mpi_release(state->gnutls_key->client_g);
+ _gnutls_mpi_release(&state->gnutls_key->KEY);
+ _gnutls_mpi_release(&state->gnutls_key->client_Y);
+ _gnutls_mpi_release(&state->gnutls_key->client_p);
+ _gnutls_mpi_release(&state->gnutls_key->client_g);
- mpi_release(state->gnutls_key->u);
- mpi_release(state->gnutls_key->a);
- mpi_release(state->gnutls_key->x);
- mpi_release(state->gnutls_key->A);
- mpi_release(state->gnutls_key->B);
- mpi_release(state->gnutls_key->b);
+ _gnutls_mpi_release(&state->gnutls_key->u);
+ _gnutls_mpi_release(&state->gnutls_key->a);
+ _gnutls_mpi_release(&state->gnutls_key->x);
+ _gnutls_mpi_release(&state->gnutls_key->A);
+ _gnutls_mpi_release(&state->gnutls_key->B);
+ _gnutls_mpi_release(&state->gnutls_key->b);
- mpi_release(state->gnutls_key->dh_secret);
- GNUTLS_FREE(state->gnutls_key);
+ _gnutls_mpi_release(&state->gnutls_key->dh_secret);
+ _gnutls_free(state->gnutls_key);
/* free priorities */
- GNUTLS_FREE(state->gnutls_internals.MACAlgorithmPriority.algorithm_priority);
- GNUTLS_FREE(state->gnutls_internals.ProtocolPriority.algorithm_priority);
- GNUTLS_FREE(state->gnutls_internals.KXAlgorithmPriority.algorithm_priority);
- GNUTLS_FREE(state->gnutls_internals.BulkCipherAlgorithmPriority.algorithm_priority);
- GNUTLS_FREE(state->gnutls_internals.CompressionMethodPriority.algorithm_priority);
+ _gnutls_free(state->gnutls_internals.MACAlgorithmPriority.algorithm_priority);
+ _gnutls_free(state->gnutls_internals.ProtocolPriority.algorithm_priority);
+ _gnutls_free(state->gnutls_internals.KXAlgorithmPriority.algorithm_priority);
+ _gnutls_free(state->gnutls_internals.BulkCipherAlgorithmPriority.algorithm_priority);
+ _gnutls_free(state->gnutls_internals.CompressionMethodPriority.algorithm_priority);
- GNUTLS_FREE(state->gnutls_internals.db_name);
+ _gnutls_free(state->gnutls_internals.db_name);
gnutls_free_cert( state->gnutls_internals.peer_cert);
memset( state, 0, sizeof(struct GNUTLS_STATE_INT));
- GNUTLS_FREE(state);
+ gnutls_free(state);
return 0;
}
diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c
index f7bce5ea8e..8474d59c3d 100644
--- a/lib/gnutls_session.c
+++ b/lib/gnutls_session.c
@@ -38,7 +38,7 @@
**/
int gnutls_get_current_session( GNUTLS_STATE state, opaque* session, int *session_size) {
- if (*session_size < SESSION_SIZE) {
+ if (*session_size < SESSION_SIZE || session==NULL) {
*session_size = SESSION_SIZE;
session = NULL; /* return with the new session_size value */
}
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 47daf20d10..e1ab900ec4 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -216,13 +216,16 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_cert *cert, const gnutls_datum *data, g
if (plain.size != vdata.size) {
gnutls_assert();
+ gnutls_sfree_datum( &plain);
return GNUTLS_E_PK_SIGNATURE_FAILED;
}
if ( memcmp(plain.data, vdata.data, plain.size)!=0) {
gnutls_assert();
+ gnutls_sfree_datum( &plain);
return GNUTLS_E_PK_SIGNATURE_FAILED;
}
+ gnutls_sfree_datum( &plain);
return 0;
}
diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c
index 354d2e3f6b..4d1c122e49 100644
--- a/lib/gnutls_srp.c
+++ b/lib/gnutls_srp.c
@@ -39,12 +39,12 @@ int _gnutls_srp_gx(opaque * text, int textsize, opaque ** result, MPI g,
MPI x, e;
int result_size;
- if (gcry_mpi_scan(&x, GCRYMPI_FMT_USG, text, &textsize)) {
+ if (_gnutls_mpi_scan(&x, GCRYMPI_FMT_USG, text, &textsize)) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- e = gcry_mpi_alloc_like(prime);
+ e = _gnutls_mpi_alloc_like(prime);
if (e==NULL) {
gnutls_assert();
_gnutls_mpi_release(&x);
@@ -82,7 +82,7 @@ MPI _gnutls_calc_srp_B(MPI * ret_b, MPI g, MPI n, MPI v)
/* calculate: B = (v + g^b) % N */
bits = gcry_mpi_get_nbits(n);
- b = gcry_mpi_new(bits); /* FIXME: allocate in secure memory */
+ b = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */
if (b==NULL) {
gnutls_assert();
return NULL;
@@ -90,14 +90,14 @@ MPI _gnutls_calc_srp_B(MPI * ret_b, MPI g, MPI n, MPI v)
gcry_mpi_randomize(b, bits, GCRY_STRONG_RANDOM);
- tmpB = gcry_mpi_new(bits); /* FIXME: allocate in secure memory */
+ tmpB = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */
if (tmpB==NULL) {
gnutls_assert();
_gnutls_mpi_release( &b);
return NULL;
}
- B = gcry_mpi_new(bits); /* FIXME: allocate in secure memory */
+ B = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */
if (tmpB==NULL) {
gnutls_assert();
_gnutls_mpi_release( &b);
@@ -163,12 +163,12 @@ MPI _gnutls_calc_srp_S1(MPI A, MPI b, MPI u, MPI v, MPI n)
MPI tmp1, tmp2;
MPI S;
- S = gcry_mpi_alloc_like(n);
+ S = _gnutls_mpi_alloc_like(n);
if (S==NULL)
return NULL;
- tmp1 = gcry_mpi_alloc_like(n);
- tmp2 = gcry_mpi_alloc_like(n);
+ tmp1 = _gnutls_mpi_alloc_like(n);
+ tmp2 = _gnutls_mpi_alloc_like(n);
if (tmp1 == NULL || tmp2 == NULL) {
_gnutls_mpi_release(&tmp1);
@@ -196,7 +196,7 @@ MPI _gnutls_calc_srp_A(MPI * a, MPI g, MPI n)
int bits;
bits = gcry_mpi_get_nbits(n);
- tmpa = gcry_mpi_new(bits); /* FIXME: allocate in secure memory */
+ tmpa = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */
if (tmpa==NULL) {
gnutls_assert();
return NULL;
@@ -204,7 +204,7 @@ MPI _gnutls_calc_srp_A(MPI * a, MPI g, MPI n)
gcry_mpi_randomize(tmpa, bits, GCRY_STRONG_RANDOM);
- A = gcry_mpi_new(bits); /* FIXME: allocate in secure memory */
+ A = _gnutls_mpi_new(bits); /* FIXME: allocate in secure memory */
if (A==NULL) {
gnutls_assert();
_gnutls_mpi_release( &tmpa);
@@ -277,12 +277,12 @@ MPI _gnutls_calc_srp_S2(MPI B, MPI g, MPI x, MPI a, MPI u, MPI n)
{
MPI S, tmp1, tmp2, tmp4;
- S = gcry_mpi_alloc_like(n);
+ S = _gnutls_mpi_alloc_like(n);
if (S==NULL)
return NULL;
- tmp1 = gcry_mpi_alloc_like(n);
- tmp2 = gcry_mpi_alloc_like(n);
+ tmp1 = _gnutls_mpi_alloc_like(n);
+ tmp2 = _gnutls_mpi_alloc_like(n);
if (tmp1 == NULL || tmp2 == NULL) {
_gnutls_mpi_release(&tmp1);
_gnutls_mpi_release(&tmp2);
@@ -293,7 +293,7 @@ MPI _gnutls_calc_srp_S2(MPI B, MPI g, MPI x, MPI a, MPI u, MPI n)
gcry_mpi_subm(tmp2, B, tmp1, n);
- tmp4 = gcry_mpi_alloc_like(n);
+ tmp4 = _gnutls_mpi_alloc_like(n);
if (tmp4==NULL)
return NULL;
diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c
index 93df424358..d7620724e3 100644
--- a/lib/x509_sig_check.c
+++ b/lib/x509_sig_check.c
@@ -32,23 +32,23 @@
#include <gnutls_pk.h>
#include <debug.h>
-static gnutls_datum* _gnutls_get_tbs( gnutls_cert* cert) {
+static gnutls_datum _gnutls_get_tbs( gnutls_cert* cert) {
node_asn *c2;
-gnutls_datum * ret;
+gnutls_datum ret = {NULL, 0};
opaque *str;
int result, len;
int start, end;
if (asn1_create_structure( _gnutls_get_pkix(), "PKIX1Implicit88.Certificate", &c2, "certificate")!=ASN_OK) {
gnutls_assert();
- return NULL;
+ return ret;
}
result = asn1_get_der( c2, cert->raw.data, cert->raw.size);
if (result != ASN_OK) {
gnutls_assert();
asn1_delete_structure(c2);
- return NULL;
+ return ret;
}
result = asn1_get_start_end_der( c2, cert->raw.data, cert->raw.size,
@@ -57,22 +57,15 @@ int start, end;
if (result != ASN_OK) {
gnutls_assert();
- return NULL;
+ return ret;
}
len = end - start + 1;
str = &cert->raw.data[start];
- ret = gnutls_malloc(sizeof(gnutls_datum));
- if (ret==NULL) {
+ if (gnutls_set_datum( &ret, str, len) < 0) {
gnutls_assert();
- return NULL;
- }
-
- if (gnutls_set_datum( ret, str, len) < 0) {
- gnutls_assert();
- gnutls_free(ret);
- return NULL;
+ return ret;
}
return ret;
@@ -165,10 +158,11 @@ _pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI e, MPI m
digest_size = sizeof(digest);
if ( (ret = _gnutls_get_ber_digest_info( &decrypted, &hash, digest, &digest_size )) != 0) {
gnutls_assert();
+ gnutls_sfree_datum( &decrypted);
return ret;
}
- gnutls_free_datum( &decrypted);
+ gnutls_sfree_datum( &decrypted);
if (digest_size != gnutls_hash_get_algo_len(hash)) {
gnutls_assert();
@@ -189,24 +183,24 @@ _pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum* text, MPI e, MPI m
CertificateStatus gnutls_x509_verify_signature(gnutls_cert* cert, gnutls_cert* issuer) {
gnutls_datum signature;
-gnutls_datum* tbs;
+gnutls_datum tbs;
if ( issuer->subject_pk_algorithm == GNUTLS_PK_RSA) {
signature.data = cert->signature;
signature.size = cert->signature_size;
tbs = _gnutls_get_tbs( cert);
- if (tbs==NULL) {
+ if (tbs.data==NULL) {
gnutls_assert();
return GNUTLS_CERT_INVALID;
}
- if (_pkcs1_rsa_verify_sig( &signature, tbs, issuer->params[1], issuer->params[0])!=0) {
+ if (_pkcs1_rsa_verify_sig( &signature, &tbs, issuer->params[1], issuer->params[0])!=0) {
gnutls_assert();
- gnutls_free_datum( tbs);
+ gnutls_free_datum( &tbs);
return GNUTLS_CERT_NOT_TRUSTED;
}
- gnutls_free_datum(tbs);
+ gnutls_free_datum(&tbs);
return GNUTLS_CERT_TRUSTED;
}
#ifdef DEBUG
View Lorry Controller Status