diff options
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/key_encode.c | 2 | ||||
-rw-r--r-- | lib/x509/krb5.c | 20 | ||||
-rw-r--r-- | lib/x509/krb5.h | 20 | ||||
-rw-r--r-- | lib/x509/name_constraints.c | 2 | ||||
-rw-r--r-- | lib/x509/pkcs12.c | 4 | ||||
-rw-r--r-- | lib/x509/pkcs7-crypt.c | 4 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 2 | ||||
-rw-r--r-- | lib/x509/x509.c | 16 |
8 files changed, 40 insertions, 30 deletions
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 18668c8ad2..3e9e0466bc 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -562,7 +562,7 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, /* For compatibility per R 1323565.1.023—2018 provide digest OID only * for GOST-2001 keys or GOST-2012 keys with CryptoPro curves. Do not - * set this optional paramter for TC26 curves */ + * set this optional parameter for TC26 curves */ if (params->algo == GNUTLS_PK_GOST_01) oid = HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS; else if (params->algo == GNUTLS_PK_GOST_12_256 && diff --git a/lib/x509/krb5.c b/lib/x509/krb5.c index 7fe84e651d..d68c737570 100644 --- a/lib/x509/krb5.c +++ b/lib/x509/krb5.c @@ -1,21 +1,23 @@ /* * Copyright (C) 2015 Red Hat, Inc. * + * Author: Nikos Mavrogiannopoulos + * * This file is part of GnuTLS. * - * GnuTLS is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * - * GnuTLS is distributed in the hope that it will be useful, but + * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see - * <https://www.gnu.org/licenses/>. */ #include <config.h> diff --git a/lib/x509/krb5.h b/lib/x509/krb5.h index d8926af67a..815bb28f72 100644 --- a/lib/x509/krb5.h +++ b/lib/x509/krb5.h @@ -1,21 +1,23 @@ /* * Copyright (C) 2015 Red Hat, Inc. * + * Author: Nikos Mavrogiannopoulos + * * This file is part of GnuTLS. * - * GnuTLS is free software: you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. * - * GnuTLS is distributed in the hope that it will be useful, but + * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see - * <https://www.gnu.org/licenses/>. */ #ifndef GNUTLS_LIB_X509_KRB5_H diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index dba2fd4b9f..b93527ee54 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -178,7 +178,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr, /*- * _gnutls_name_constraints_node_free: - * @node: name constriants node + * @node: name constraints node * * Deallocate a list of name constraints nodes starting at the given node. -*/ diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index cdb284026a..2dc0823905 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -1098,7 +1098,7 @@ int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) return _gnutls_asn2err(result); } - algo = gnutls_oid_to_digest(oid); + algo = DIG_TO_MAC(gnutls_oid_to_digest(oid)); if (algo == GNUTLS_MAC_UNKNOWN) { unknown_mac: gnutls_assert(); @@ -1970,7 +1970,7 @@ gnutls_pkcs12_mac_info(gnutls_pkcs12_t pkcs12, unsigned int *mac, *oid = (char*)tmp.data; } - algo = gnutls_oid_to_digest((char*)tmp.data); + algo = DIG_TO_MAC(gnutls_oid_to_digest((char*)tmp.data)); if (algo == GNUTLS_MAC_UNKNOWN || mac_to_entry(algo) == NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c index 274ac14248..d64862df43 100644 --- a/lib/x509/pkcs7-crypt.c +++ b/lib/x509/pkcs7-crypt.c @@ -237,7 +237,7 @@ int _gnutls_pkcs_flags_to_schema(unsigned int flags) * This function will return a human readable description of the * PKCS12 or PBES2 schema. * - * Returns: a constrant string or %NULL on error. + * Returns: a constraint string or %NULL on error. * * Since: 3.4.0 */ @@ -255,7 +255,7 @@ const char *gnutls_pkcs_schema_get_name(unsigned int schema) * This function will return the object identifier of the * PKCS12 or PBES2 schema. * - * Returns: a constrant string or %NULL on error. + * Returns: a constraint string or %NULL on error. * * Since: 3.4.0 */ diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 98669e8879..0ff55ba04b 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -2277,7 +2277,7 @@ static int write_attributes(ASN1_TYPE c2, const char *root, /* If we add any attribute we should add them all */ /* Add hash */ digest_size = _gnutls_hash_get_algo_len(me); - ret = gnutls_hash_fast(me->id, data->data, data->size, digest); + ret = gnutls_hash_fast(MAC_TO_DIG(me->id), data->data, data->size, digest); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 2091f3ae64..c713f857a0 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -360,7 +360,8 @@ static int compare_sig_algorithm(gnutls_x509_crt_t cert) } if (empty1 != empty2 || - sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) { + sp1.size != sp2.size || + (sp1.size > 0 && memcmp(sp1.data, sp2.data, sp1.size) != 0)) { gnutls_assert(); ret = GNUTLS_E_CERTIFICATE_ERROR; goto cleanup; @@ -2996,10 +2997,15 @@ gnutls_x509_crt_export2(gnutls_x509_crt_t cert, if (!cert->modified && cert->der.size) { if (format == GNUTLS_X509_FMT_DER) return _gnutls_set_datum(out, cert->der.data, cert->der.size); - else - return _gnutls_fbase64_encode(PEM_X509_CERT2, cert->der.data, - cert->der.size, out); - + else { + int ret = _gnutls_fbase64_encode(PEM_X509_CERT2, + cert->der.data, + cert->der.size, + out); + if (ret < 0) + return ret; + return 0; + } } return _gnutls_x509_export_int2(cert->cert, format, PEM_X509_CERT2, |