18 files changed, 98 insertions, 67 deletions

diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c
index 722d1fc07a..098432aaf7 100644
--- a/doc/examples/ex-serv-anon.c
+++ b/doc/examples/ex-serv-anon.c
@@ -64,7 +64,7 @@ generate_dh_params (void)
 int
 main (void)
 {
-  int err, listen_sd, i;
+  int err, listen_sd;
   int sd, ret;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
@@ -129,7 +129,6 @@ main (void)
       /* see the Getting peer's information example */
       /* print_info(session); */
 
-      i = 0;
       for (;;)
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c
index d3d33a6e1d..f86a0c28bb 100644
--- a/doc/examples/ex-serv-export.c
+++ b/doc/examples/ex-serv-export.c
@@ -119,7 +119,7 @@ generate_rsa_params (void)
 int
 main (void)
 {
-  int err, listen_sd, i;
+  int err, listen_sd;
   int sd, ret;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
@@ -207,7 +207,6 @@ main (void)
 
       /* print_info(session); */
 
-      i = 0;
       for (;;)
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c
index e9070565f9..e0cfcdc1a1 100644
--- a/doc/examples/ex-serv-pgp.c
+++ b/doc/examples/ex-serv-pgp.c
@@ -70,7 +70,7 @@ initialize_tls_session (void)
 int
 main (void)
 {
-  int err, listen_sd, i;
+  int err, listen_sd;
   int sd, ret;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
@@ -143,7 +143,6 @@ main (void)
       /* see the Getting peer's information example */
       /* print_info(session); */
 
-      i = 0;
       for (;;)
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c
index 6e5d77a837..e010313a89 100644
--- a/doc/examples/ex-serv-psk.c
+++ b/doc/examples/ex-serv-psk.c
@@ -91,7 +91,7 @@ pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
 int
 main (void)
 {
-  int err, listen_sd, i;
+  int err, listen_sd;
   int sd, ret;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
@@ -174,7 +174,6 @@ main (void)
       /* see the Getting peer's information example */
       /* print_info(session); */
 
-      i = 0;
       for (;;)
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c
index 559f7ac7bc..859b2f0743 100644
--- a/doc/examples/ex-serv-srp.c
+++ b/doc/examples/ex-serv-srp.c
@@ -59,7 +59,7 @@ initialize_tls_session (void)
 int
 main (void)
 {
-  int err, listen_sd, i;
+  int err, listen_sd;
   int sd, ret;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
@@ -133,7 +133,6 @@ main (void)
 
       /* print_info(session); */
 
-      i = 0;
       for (;;)
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c
index 0a47cc140a..6dd8164ef5 100644
--- a/doc/examples/ex-serv1.c
+++ b/doc/examples/ex-serv1.c
@@ -80,7 +80,7 @@ generate_dh_params (void)
 int
 main (void)
 {
-  int err, listen_sd, i;
+  int err, listen_sd;
   int sd, ret;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
@@ -160,7 +160,6 @@ main (void)
       /* see the Getting peer's information example */
       /* print_info(session); */
 
-      i = 0;
       for (;;)
 	{
 	  memset (buffer, 0, MAX_BUF + 1);
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 3d47d459c8..c0e7547e85 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -1065,7 +1065,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session,
   cert_auth_info_t info;
   gnutls_certificate_credentials_t cred;
   ssize_t dsize = data_size;
-  int i, x, key_type;
+  int x, key_type;
   gnutls_cert *peer_certificate_list = NULL;
   int peer_certificate_list_size = 0;
   gnutls_datum_t tmp, akey = { NULL, 0 };
@@ -1106,7 +1106,6 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session,
       /* no certificate was sent */
       return GNUTLS_E_NO_CERTIFICATE_FOUND;
     }
-  i = dsize;
 
   /* Read PGPKeyDescriptor */
   DECR_LEN (dsize, 1);
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index 52d3b41049..e31d0645af 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -1115,7 +1115,7 @@ _gnutls_handshake_buffer_get_ptr (gnutls_session_t session,
   if (length != NULL)
     *length = session->internals.handshake_hash_buffer.length;
 
-  _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", (int)*length);
+  _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", (int)session->internals.handshake_hash_buffer.length);
 
   if (data_ptr != NULL)
     *data_ptr = session->internals.handshake_hash_buffer.data;
diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c
index 85579e5bd4..8365d06928 100644
--- a/lib/gnutls_mpi.c
+++ b/lib/gnutls_mpi.c
@@ -341,6 +341,12 @@ _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
     result = _gnutls_mpi_print_lz (mpi, NULL, &s_len);
   else
     result = _gnutls_mpi_print (mpi, NULL, &s_len);
+  
+  if (result != 0)
+    {
+      gnutls_assert();
+      return result;
+    }
 
   tmpstr = gnutls_malloc (s_len);
   if (tmpstr == NULL)
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index a08349bb49..2609252c69 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -361,7 +361,7 @@ int
 _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
 {
   ASN1_TYPE sig;
-  int result, tot_len;
+  int result;
 
   if ((result =
        asn1_create_element (_gnutls_get_gnutls_asn (),
@@ -388,8 +388,6 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
       return result;
     }
 
-  tot_len = 0;
-
   result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
 
   asn1_delete_structure (&sig);
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index dfb1a8ff1b..81f5aa355b 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -270,22 +270,24 @@ _gnutls_tls_sign (gnutls_session_t session,
    */
 
   if (cert != NULL)
-    if (cert->key_usage != 0)
-      if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
-	{
-	  gnutls_assert ();
-	  return GNUTLS_E_KEY_USAGE_VIOLATION;
-	}
-
-  /* External signing. */
-  if (!pkey || pkey->params_size == 0)
     {
-      if (!session->internals.sign_func)
-	return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
-
-      return (*session->internals.sign_func)
-	(session, session->internals.sign_func_userdata,
-	 cert->cert_type, &cert->raw, hash_concat, signature);
+      if (cert->key_usage != 0)
+        if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE))
+	  {
+  	    gnutls_assert ();
+	    return GNUTLS_E_KEY_USAGE_VIOLATION;
+  	  }
+
+      /* External signing. */
+      if (!pkey || pkey->params_size == 0)
+        {
+          if (!session->internals.sign_func)
+	    return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+
+          return (*session->internals.sign_func)
+	    (session, session->internals.sign_func_userdata,
+	     cert->cert_type, &cert->raw, hash_concat, signature);
+        }
     }
 
   return _gnutls_sign (pkey->pk_algorithm, pkey->params,
diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
index 60823cbf5c..7171371a7d 100644
--- a/lib/opencdk/stream.c
+++ b/lib/opencdk/stream.c
@@ -932,7 +932,6 @@ cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen)
 
   if (!s)
     {
-      s->error = CDK_Inv_Value;
       gnutls_assert ();
       return EOF;
     }
@@ -989,7 +988,6 @@ cdk_stream_getc (cdk_stream_t s)
 
   if (!s)
     {
-      s->error = CDK_Inv_Value;
       gnutls_assert ();
       return EOF;
     }
@@ -1022,7 +1020,6 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count)
 
   if (!s)
     {
-      s->error = CDK_Inv_Value;
       gnutls_assert ();
       return EOF;
     }
@@ -1081,7 +1078,6 @@ cdk_stream_putc (cdk_stream_t s, int c)
 
   if (!s)
     {
-      s->error = CDK_Inv_Value;
       gnutls_assert ();
       return EOF;
     }
diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c
index 24e47b0574..285f413359 100644
--- a/lib/opencdk/write-packet.c
+++ b/lib/opencdk/write-packet.c
@@ -562,34 +562,40 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
     }
   if (!rc)
     rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
+
   if (!rc)
     rc = write_mpibuf (out, pk->mpi, npkey);
-  if (sk->is_protected == 0)
-    rc = stream_putc (out, 0x00);
-  else
+
+  if (!rc) 
     {
-      if (is_RSA (pk->pubkey_algo) && pk->version < 4)
-	stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
-      else if (sk->protect.s2k)
-	{
-	  s2k_mode = sk->protect.s2k->mode;
-	  rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
-	  if (!rc)
-	    rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
-	  if (!rc)
-	    rc = stream_putc (out, sk->protect.s2k->mode);
-	  if (!rc)
-	    rc = stream_putc (out, sk->protect.s2k->hash_algo);
-	  if (!rc && (s2k_mode == 1 || s2k_mode == 3))
-	    {
-	      rc = stream_write (out, sk->protect.s2k->salt, 8);
-	      if (!rc && s2k_mode == 3)
-		rc = stream_putc (out, sk->protect.s2k->count);
-	    }
-	}
+      if (sk->is_protected == 0)
+        rc = stream_putc (out, 0x00);
       else
-	return CDK_Inv_Value;
-      rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
+        {
+          if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+   	    rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
+          else if (sk->protect.s2k)
+            {
+              s2k_mode = sk->protect.s2k->mode;
+              rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
+              if (!rc)
+                rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
+              if (!rc)
+                rc = stream_putc (out, sk->protect.s2k->mode);
+              if (!rc)
+                rc = stream_putc (out, sk->protect.s2k->hash_algo);
+              if (!rc && (s2k_mode == 1 || s2k_mode == 3))
+                {
+                  rc = stream_write (out, sk->protect.s2k->salt, 8);
+                  if (!rc && s2k_mode == 3)
+                    rc = stream_putc (out, sk->protect.s2k->count);
+                }
+            }
+          else
+            return CDK_Inv_Value;
+          if (!rc)
+          rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
+        }
     }
   if (!rc && sk->is_protected && pk->version == 4)
     {
diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
index d6182e80a8..f23b0ccda2 100644
--- a/lib/openpgp/pgp.c
+++ b/lib/openpgp/pgp.c
@@ -100,7 +100,15 @@ gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
     }
 
   if (format == GNUTLS_OPENPGP_FMT_RAW)
-    rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
+    {
+      rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
+      if (rc)
+	{
+	  rc = _gnutls_map_cdk_rc (rc);
+	  gnutls_assert ();
+	  return rc;
+	}
+    }
   else
     {
       rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
@@ -190,6 +198,13 @@ _gnutls_openpgp_export (cdk_kbnode_t node,
 				    CDK_ARMOR_PUBKEY);
       gnutls_free (in);
       *output_data_size = calc_size;
+
+      if (rc)
+        {
+          rc = _gnutls_map_cdk_rc (rc);
+          gnutls_assert ();
+          return rc;
+        }
     }
 
   return 0;
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index d84a35fcc7..7a9c7cc6e7 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -104,7 +104,15 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
     }
 
   if (format == GNUTLS_OPENPGP_FMT_RAW)
-    rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
+    {
+      rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
+      if (rc != 0)
+	{
+	  rc = _gnutls_map_cdk_rc (rc);
+	  gnutls_assert ();
+	  return rc;
+	}
+    }
   else
     {
       rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index aa777d2395..d6377aef2f 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -794,6 +794,11 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key,
 			     &raw_key->data[params_start],
 			     params_len, &kdf_params, &enc_params);
 
+  if (result < 0)
+    {
+      gnutls_assert();
+      goto error;
+    }
 
   /* Parameters have been decoded. Now
    * decrypt the EncryptedData.
diff --git a/src/certtool.c b/src/certtool.c
index f7342dd955..882cb99b12 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1985,9 +1985,8 @@ static void print_verification_res (gnutls_x509_crt_t crt,
 static int
 _verify_x509_mem (const void *cert, int cert_size)
 {
-  int siz, i;
   const char *ptr;
-  int ret;
+  int ret, i;
   char name[256];
   char issuer_name[256];
   size_t name_size;
@@ -2003,7 +2002,6 @@ _verify_x509_mem (const void *cert, int cert_size)
 
   /* Decode the CRL list
    */
-  siz = cert_size;
   ptr = cert;
 
   i = 1;
@@ -2047,7 +2045,6 @@ _verify_x509_mem (const void *cert, int cert_size)
 
   /* Decode the certificate chain. 
    */
-  siz = cert_size;
   ptr = cert;
 
   i = 1;
diff --git a/src/psk.c b/src/psk.c
index b0047e08ee..7de5ea5e21 100644
--- a/src/psk.c
+++ b/src/psk.c
@@ -138,6 +138,11 @@ main (int argc, char **argv)
       ret = gnutls_psk_netconf_derive_key (passwd,
 					   info.username,
 					   info.netconf_hint, &dkey);
+      if (ret < 0)
+	{
+	  fprintf (stderr, "Deriving the key failed\n");
+	  exit (1);
+	}
     }
   else
     {