more patches by Arne Thomassen.

16 files changed, 81 insertions, 111 deletions

diff --git a/doc/tex/record_weaknesses.tex b/doc/tex/record_weaknesses.tex
index 8b6e93df5e..e2a3280d18 100644
--- a/doc/tex/record_weaknesses.tex
+++ b/doc/tex/record_weaknesses.tex
@@ -12,7 +12,7 @@ and exploit the facts that \tls{}
 
 \gnutls{} implements all the known counter-measures for these attacks. For the first
 two cases, \gnutls{} does only have one error code for both of the decryption failures,
-and processes the message normaly even if a padding error occured. This avoids
+and processes the message normally even if a padding error occured. This avoids
 both of these attacks.
 For the latter, an empty record can be sent before every record packet, and this is
 believed to avoid the known attacks in CBC encrypted packets. See the function
diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c
index a52c64c737..7c3910e7c8 100644
--- a/lib/gnutls_anon_cred.c
+++ b/lib/gnutls_anon_cred.c
@@ -19,10 +19,10 @@
  *
  */
 
-#include "gnutls_int.h"
-
 #ifdef ENABLE_ANON
 
+#include "gnutls_int.h"
+
 #include "gnutls_errors.h"
 #include "auth_anon.h"
 #include "gnutls_auth_int.h"
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c
index 8454984469..05dddc6199 100644
--- a/lib/gnutls_auth.c
+++ b/lib/gnutls_auth.c
@@ -41,13 +41,12 @@
   *
   **/
 void gnutls_credentials_clear( gnutls_session session) {
-	AUTH_CRED * ccred, *ncred;
-	
-	if (session->key && session->key->cred) { /* begining of the list */
+	if (session->key && session->key->cred) { /* beginning of the list */
+		AUTH_CRED * ccred, *ncred;
 		ccred = session->key->cred;
 		while(ccred!=NULL) {
 			ncred = ccred->next;
-			if (ccred!=NULL) gnutls_free(ccred);
+			gnutls_free(ccred);
 			ccred = ncred;
 		}
 		session->key->cred = NULL;
@@ -87,12 +86,12 @@ int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type
 	AUTH_CRED * ccred=NULL, *pcred=NULL;
 	int exists=0;	
 	
-	if (session->key->cred==NULL) { /* begining of the list */
+	if (session->key->cred==NULL) { /* beginning of the list */
 		
 		session->key->cred = gnutls_malloc(sizeof(AUTH_CRED));
 		if (session->key->cred == NULL) return GNUTLS_E_MEMORY_ERROR;
 		
-		/* copy credentials localy */
+		/* copy credentials locally */
 		session->key->cred->credentials = cred;
 		
 		session->key->cred->next = NULL;
@@ -116,7 +115,7 @@ int gnutls_credentials_set( gnutls_session session, gnutls_credentials_type type
 		
 			ccred = pcred->next;
 
-			/* copy credentials localy */
+			/* copy credentials locally */
 			ccred->credentials = cred;
 
 			ccred->next = NULL;
@@ -154,7 +153,7 @@ int server = session->security_parameters.entity==GNUTLS_SERVER?0:1;
 }
 
 /* 
- * This returns an pointer to the linked list. Don't
+ * This returns a pointer to the linked list. Don't
  * free that!!!
  */
 const void *_gnutls_get_kx_cred( gnutls_session session, gnutls_kx_algorithm algo, int *err) 
diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c
index d346ca88ef..5dc1d290be 100644
--- a/lib/gnutls_buffers.c
+++ b/lib/gnutls_buffers.c
@@ -35,7 +35,7 @@
  * 
  * HANDSHAKE LAYER:
  *  1. Uses a buffer to hold data that was not sent or received
- *  complete. (Ie. sent 10 bytes of a handshake packet that is 20 bytes
+ *  complete. (E.g. sent 10 bytes of a handshake packet that is 20 bytes
  *  long).
  * (see _gnutls_handshake_send_int(), _gnutls_handshake_recv_int())
  *
@@ -117,7 +117,6 @@ int _gnutls_record_buffer_get_size(ContentType type, gnutls_session session)
 		default:
 			return GNUTLS_E_INVALID_REQUEST;
 	}
-	return 0;
 }
 
 /**
@@ -278,7 +277,7 @@ static ssize_t _gnutls_read( gnutls_session session, void *iptr, size_t sizeOfPt
  * Clears the peeked data (read with MSG_PEEK).
  */
 int _gnutls_io_clear_peeked_data( gnutls_session session) {
-char *peekdata = NULL;
+char *peekdata;
 int ret, sum;
 
 	if (session->internals.have_peeked_data==0 || RCVLOWAT==0)
@@ -319,8 +318,6 @@ void _gnutls_io_clear_read_buffer( gnutls_session session) {
  * This function reads data from the socket and keeps them in a buffer, of up to
  * MAX_RECV_SIZE. 
  *
- * sizeOfPtr should be unsigned.
- *
  * This is not a general purpose function. It returns EXACTLY the data requested,
  * which are stored in a local (in the session) buffer. A pointer (iptr) to this buffer is returned.
  *
@@ -704,8 +701,6 @@ ssize_t _gnutls_handshake_io_write_flush( gnutls_session session)
     if (session->internals.handshake_send_buffer.length == 0) {
 	ret = session->internals.handshake_send_buffer_prev_size; /* done */
 	session->internals.handshake_send_buffer_prev_size = 0;
-
-	return ret;
     }
 
     return ret;
@@ -718,7 +713,7 @@ ssize_t _gnutls_handshake_io_write_flush( gnutls_session session)
 ssize_t _gnutls_handshake_io_send_int( gnutls_session session, ContentType type, HandshakeType htype, const void *iptr, size_t n)
 {
 	size_t left;
-	ssize_t i = 0, ret=0;
+	ssize_t ret=0;
 	const opaque *ptr;
         ssize_t retval = 0;
 
@@ -740,8 +735,9 @@ ssize_t _gnutls_handshake_io_send_int( gnutls_session session, ContentType type,
 	} else if (session->internals.handshake_send_buffer.length > 0) {
 		gnutls_assert();
 		return GNUTLS_E_INTERNAL_ERROR;
-	} else {
+	}
 #ifdef WRITE_DEBUG
+	else {
 		size_t sum=0, x, j;
 		
 		_gnutls_write_log( "HWRITE: will write %d bytes to %d.\n", n, gnutls_transport_get_ptr(session));
@@ -758,10 +754,8 @@ ssize_t _gnutls_handshake_io_send_int( gnutls_session session, ContentType type,
 			_gnutls_write_log( "\n");
 		}
 		_gnutls_write_log( "\n");
-#endif
-
-	
 	}
+#endif
 
 	if (n==0) { /* if we have no data to send */
 		gnutls_assert();
@@ -804,8 +798,7 @@ ssize_t _gnutls_handshake_io_send_int( gnutls_session session, ContentType type,
 			gnutls_assert();
 			return ret;
 		}
-		i = ret;
-		left -= i;
+		left -= ret;
 	}
 
 	retval = n + session->internals.handshake_send_buffer_prev_size;
diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c
index 354c5732f6..c99b67cb25 100644
--- a/lib/gnutls_cert.c
+++ b/lib/gnutls_cert.c
@@ -133,7 +133,7 @@ void gnutls_certificate_free_credentials(gnutls_certificate_credentials sc)
 
 
 /**
-  * gnutls_certificate_allocate_credentials - Used to allocate an gnutls_certificate_credentials structure
+  * gnutls_certificate_allocate_credentials - Used to allocate a gnutls_certificate_credentials structure
   * @res: is a pointer to an &gnutls_certificate_credentials structure.
   *
   * This structure is complex enough to manipulate directly thus
@@ -226,7 +226,7 @@ void gnutls_certificate_server_set_request(gnutls_session session,
   *
   * 'req_ca_cert', is only used in X.509 certificates. 
   * Contains a list with the CA names that the server considers trusted. 
-  * Normaly we should send a certificate that is signed
+  * Normally we should send a certificate that is signed
   * by one of these CAs. These names are DER encoded. To get a more
   * meaningful value use the function gnutls_x509_rdn_get().
   *
@@ -244,8 +244,6 @@ void gnutls_certificate_server_set_request(gnutls_session session,
   * choosen by the user. The index is relative to the certificates in the
   * callback's parameter. The value (-1) indicates that the user
   * does not want to use client authentication.
-  *
-  * This function returns 0 on success.
   **/
 void gnutls_certificate_client_set_select_function(gnutls_session session,
 					     certificate_client_select_func
@@ -346,10 +344,8 @@ int _gnutls_openpgp_cert_verify_peers(gnutls_session session)
 
 	if (verify < 0) {
 		gnutls_assert();
-		return verify;
 	}
 
-
 	return verify;
 }
 
@@ -470,7 +466,7 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session session)
 }
 
 
-/* This function will convert a der certificate, to a format
+/* This function will convert a der certificate to a format
  * (structure) that gnutls can understand and use. Actually the
  * important thing on this function is that it extracts the 
  * certificate's (public key) parameters.
@@ -482,7 +478,7 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session session)
 int _gnutls_x509_cert2gnutls_cert(gnutls_cert * gcert, const gnutls_datum *derCert,
 	int flags /* OR of ConvFlags */)
 {
-	int ret = 0;
+	int ret;
 	gnutls_x509_crt cert;
 	
 	ret = gnutls_x509_crt_init( &cert);
@@ -533,6 +529,7 @@ int _gnutls_x509_crt2gnutls_cert(gnutls_cert * gcert, gnutls_x509_crt cert,
 		ret = gnutls_x509_crt_export( cert, GNUTLS_X509_FMT_DER, der, &der_size);
 		if (ret < 0) {
 			gnutls_assert();
+			gnutls_free(der);
 			return ret;
 		}
 
diff --git a/lib/gnutls_compress_int.c b/lib/gnutls_compress_int.c
index d43f2c5522..be125d471f 100644
--- a/lib/gnutls_compress_int.c
+++ b/lib/gnutls_compress_int.c
@@ -37,7 +37,7 @@ typedef int (*LZO_FUNC)();
 LZO_FUNC _gnutls_lzo1x_decompress_safe = NULL;
 LZO_FUNC _gnutls_lzo1x_1_compress = NULL;
 
-/* The flag d is the direction (compressed, decompress). Non zero is
+/* The flag d is the direction (compress, decompress). Non zero is
  * decompress.
  */
 GNUTLS_COMP_HANDLE _gnutls_comp_init( gnutls_compression_method method, int d)
@@ -86,15 +86,15 @@ int err;
 		}
 		if (err!=Z_OK) {
 			gnutls_assert();
-			gnutls_free( ret);
 			gnutls_free( ret->handle);
+			gnutls_free( ret);
 			return NULL;
 		}
 		break;
 	    }
 	    case GNUTLS_COMP_LZO:
 	        if (d) /* LZO does not use memory on decompressor */
-	           ret->handle = NULL;
+	        { /* ret->handle = NULL; */ }
 	        else {
   		   ret->handle = gnutls_malloc( LZO1X_1_MEM_COMPRESS);
   		  
@@ -105,9 +105,6 @@ int err;
 		}
 		
 		break;
-
-	    default:
-	    	break;
 	}
 #endif
 	return ret;
@@ -117,20 +114,18 @@ void _gnutls_comp_deinit(GNUTLS_COMP_HANDLE handle, int d) {
 int err;
 
 	if (handle!=NULL) {
-		switch( handle->algo) {
-			case GNUTLS_COMP_LZO:
-				break;
 #ifdef HAVE_LIBZ
+		switch( handle->algo) {
+			/* case GNUTLS_COMP_LZO:
+				break; */
 			case GNUTLS_COMP_ZLIB:
 				if (d)
 					err = inflateEnd( handle->handle);
 				else
 					err = deflateEnd( handle->handle);
 				break;
-#endif
-			default:
-				break;
 		}
+#endif
 		gnutls_free( handle->handle);
 		gnutls_free( handle);
 
@@ -158,22 +153,20 @@ int err;
 				return GNUTLS_E_COMPRESSION_FAILED;
 			
 			size = plain_size + plain_size / 64 + 16 + 3;
-			*compressed=NULL;
-
 			*compressed = gnutls_malloc(size);
 			if (*compressed==NULL) {
 				gnutls_assert();
 				return GNUTLS_E_MEMORY_ERROR;
 			}
 
-		 	err = _gnutls_lzo1x_1_compress( plain, plain_size, *compressed,
-		 	        &out_len, handle->handle);
+			err = _gnutls_lzo1x_1_compress( plain, plain_size, *compressed,
+			        &out_len, handle->handle);
 
-		 	if (err!=LZO_E_OK) {
-		 		gnutls_assert();
-		 		gnutls_free( *compressed);
-		 		return GNUTLS_E_COMPRESSION_FAILED;
-		 	}
+			if (err!=LZO_E_OK) {
+				gnutls_assert();
+				gnutls_free( *compressed);
+				return GNUTLS_E_COMPRESSION_FAILED;
+			}
 
 			compressed_size = out_len;
 			break;
@@ -184,8 +177,6 @@ int err;
 			z_stream *zhandle;
 			
 			size = (plain_size+plain_size)+10;
-			*compressed=NULL;
-
 			*compressed = gnutls_malloc(size);
 			if (*compressed==NULL) {
 				gnutls_assert();
@@ -199,13 +190,13 @@ int err;
 			zhandle->next_out = (Bytef*) *compressed;
 			zhandle->avail_out = size;
 		
-		 	err = deflate( zhandle, Z_SYNC_FLUSH);
+			err = deflate( zhandle, Z_SYNC_FLUSH);
 
-		 	if (err!=Z_OK || zhandle->avail_in != 0) {
-		 		gnutls_assert();
-		 		gnutls_free( *compressed);
-		 		return GNUTLS_E_COMPRESSION_FAILED;
-		 	}
+			if (err!=Z_OK || zhandle->avail_in != 0) {
+				gnutls_assert();
+				gnutls_free( *compressed);
+				return GNUTLS_E_COMPRESSION_FAILED;
+			}
 
 			compressed_size = size - zhandle->avail_out;
 			break;
@@ -307,9 +298,9 @@ int cur_pos;
 				zhandle->next_out = (Bytef*) (*plain + cur_pos);
 				zhandle->avail_out = out_size - cur_pos;
 
-			 	err = inflate( zhandle, Z_SYNC_FLUSH);
+				err = inflate( zhandle, Z_SYNC_FLUSH);
 			 	
-			 	cur_pos = out_size - zhandle->avail_out;
+				cur_pos = out_size - zhandle->avail_out;
 
 			} while( (err==Z_BUF_ERROR && zhandle->avail_out==0 && out_size < max_record_size) 
 				|| ( err==Z_OK && zhandle->avail_in != 0));
diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c
index d8d8690d30..0076c1f513 100644
--- a/lib/gnutls_db.c
+++ b/lib/gnutls_db.c
@@ -318,7 +318,7 @@ int ret = 0;
   * This function will remove the current session data from the session
   * database. This will prevent future handshakes reusing these session
   * data. This function should be called if a session was terminated
-  * abnormaly, and before gnutls_deinit() is called.
+  * abnormally, and before gnutls_deinit() is called.
   *
   * Normally gnutls_deinit() will remove abnormally terminated sessions.
   *
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index d45071ff17..df2642d658 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -44,7 +44,7 @@ ASN1_TYPE _gnutls_gnutls_asn;
   *
   * This is the function where you set the logging function gnutls
   * is going to use. This function only accepts a character array.
-  * Normaly you may not use this function since it is only used 
+  * Normally you may not use this function since it is only used 
   * for debugging purposes.
   *
   * gnutls_log_func is of the form, 
@@ -248,7 +248,7 @@ void gnutls_global_deinit( void) {
   * @session: gnutls session
   *
   * This is the function where you set a function for gnutls 
-  * to receive data. Normaly, if you use berkeley style sockets,
+  * to receive data. Normally, if you use berkeley style sockets,
   * you may not use this function since the default (recv(2)) will 
   * probably be ok.
   * This function should be called once and after gnutls_global_init().
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 555c7344c3..7df65edcfc 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -1308,7 +1308,7 @@ static int _gnutls_read_server_hello(gnutls_session session, char *data,
 }
 
 
-/* This function copies the appropriate ciphersuites, to a localy allocated buffer 
+/* This function copies the appropriate ciphersuites to a locally allocated buffer
  * Needed in client hello messages. Returns the new data length.
  */
 static int _gnutls_copy_ciphersuites(gnutls_session session,
@@ -1372,7 +1372,7 @@ static int _gnutls_copy_ciphersuites(gnutls_session session,
 }
 
 
-/* This function copies the appropriate compression methods, to a localy allocated buffer 
+/* This function copies the appropriate compression methods, to a locally allocated buffer 
  * Needed in hello messages. Returns the new data length.
  */
 static int _gnutls_copy_comp_methods(gnutls_session session,
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 0b997cfad3..9621442830 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -39,24 +39,18 @@ int (*_gnutls_is_secure_memory)(const void*) = _gnutls_is_secure_mem_null;
 void *_gnutls_calloc(size_t nmemb, size_t size)
 {
 	void *ret;
-	ret = gnutls_malloc(size*nmemb);
-	if (ret == NULL)
-		return ret;
-
-	memset(ret, 0, size);
-
+	size *= nmemb;
+	ret = gnutls_malloc(size);
+	if (ret != NULL) memset(ret, 0, size);
 	return ret;
 }
 
 svoid *gnutls_secure_calloc(size_t nmemb, size_t size)
 {
 	svoid *ret;
-	ret = gnutls_secure_malloc(size*nmemb);
-	if (ret == NULL)
-		return ret;
-
-	memset(ret, 0, size);
-
+	size *= nmemb;
+	ret = gnutls_secure_malloc(size);
+	if (ret != NULL) memset(ret, 0, size);
 	return ret;
 }
 
@@ -67,7 +61,7 @@ void* gnutls_realloc_fast( void* ptr, size_t size)
 {
 void *ret;
 
-        if (size == 0) return ptr;
+	if (size == 0) return ptr;
 
 	ret = gnutls_realloc( ptr, size);
 	if ( ret == NULL) {
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 0625b95d45..b3b4ed509a 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -225,7 +225,7 @@ static int _gnutls_session_is_valid( gnutls_session session) {
 }
 
 /* Copies the record version into the headers. The 
- * version, must have 2 bytes at least.
+ * version must have 2 bytes at least.
  */
 inline static void copy_record_version( gnutls_session session, HandshakeType htype, 
 	opaque version[2])
@@ -285,7 +285,7 @@ ssize_t _gnutls_create_empty_record( gnutls_session session, ContentType type,
 	return retval;
 }
 
-/* This function behave exactly like write(). The only difference is 
+/* This function behaves exactly like write(). The only difference is
  * that it accepts, the gnutls_session and the ContentType of data to
  * send (if called by the user the Content is specific)
  * It is intended to transfer data, under the current session.    
@@ -474,12 +474,12 @@ static int _gnutls_check_recv_type( ContentType recv_type) {
 }
 
 
-/* Checks if there are pending data into the record buffers. If there are
+/* Checks if there are pending data in the record buffers. If there are
  * then it copies the data.
  */
 static int _gnutls_check_buffers( gnutls_session session, ContentType type, opaque* data, int sizeofdata) {
-	int ret = 0, ret2=0;
 	if ( (type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE) && _gnutls_record_buffer_get_size(type, session) > 0) {
+		int ret = 0, ret2=0;
 		ret = _gnutls_record_buffer_get(type, session, data, sizeofdata);
 		if (ret < 0) {
 			gnutls_assert();
@@ -572,7 +572,7 @@ static int _gnutls_check_record_version( gnutls_session session, HandshakeType h
 }
 
 /* This function will check if the received record type is
- * the one we actually expecting for.
+ * the one we actually expect.
  */
 static int _gnutls_record_check_type( gnutls_session session, ContentType recv_type,
 	ContentType type, HandshakeType htype, opaque* data, int data_size) {
@@ -676,8 +676,8 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t
 
 #define MAX_EMPTY_PACKETS_SEQUENCE 4
 
-/* This function behave exactly like read(). The only difference is 
- * that it accepts, the gnutls_session and the ContentType of data to
+/* This function behaves exactly like read(). The only difference is
+ * that it accepts the gnutls_session and the ContentType of data to
  * send (if called by the user the Content is Userdata only)
  * It is intended to receive data, under the current session.
  */
@@ -695,6 +695,10 @@ ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeTyp
 	uint16 header_size;
 	int empty_packet = 0;
 
+	if (sizeofdata == 0 || data == NULL) {
+		return GNUTLS_E_INVALID_REQUEST;
+	}
+
 	begin:
 	
 	if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE) {
@@ -707,10 +711,6 @@ ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeTyp
 	header_size = RECORD_HEADER_SIZE;
 	ret = 0;
 
-	if (sizeofdata == 0 || data == NULL) {
-		return GNUTLS_E_INVALID_REQUEST;
-	}
-
 	if ( _gnutls_session_is_valid(session)!=0 || session->internals.may_read!=0) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_SESSION;
@@ -877,7 +877,7 @@ ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeTyp
 	 * Actually this code is called if we just received
 	 * an empty packet. An empty TLS packet is usually
 	 * sent to protect some vulnerabilities in the CBC mode.
-	 * In that case we go to the begining and start reading
+	 * In that case we go to the beginning and start reading
 	 * the next packet.
 	 */
 	if (ret==0) {
@@ -900,7 +900,7 @@ ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeTyp
   * error codes.
   *
   * If the EINTR is returned by the internal push function (write())
-  * then GNUTLS_E_INTERRUPTED, will be returned. If GNUTLS_E_INTERRUPTED or
+  * then GNUTLS_E_INTERRUPTED will be returned. If GNUTLS_E_INTERRUPTED or
   * GNUTLS_E_AGAIN is returned you must call this function again, with the 
   * same parameters. Otherwise the write operation will be 
   * corrupted and the connection will be terminated.
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index f7d03957a9..b7ae363310 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -39,7 +39,7 @@
 
 /* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE, 
  * which holds them. If raw is non null then the raw decoded
- * data are copied (they are localy allocated) there.
+ * data are copied (they are locally allocated) there.
  */
 static
 int _decode_pkcs7_signed_data( ASN1_TYPE pkcs7, ASN1_TYPE * sdata, gnutls_datum* raw) 
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index b678696d41..3f5e774574 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -133,7 +133,7 @@ inline static int decode(uint8 * result, const uint8 * data)
 	return ret;
 }
 
-/* encodes data and puts the result into result (localy alocated)
+/* encodes data and puts the result into result (locally allocated)
  * The result_size is the return value
  */
 int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result)
@@ -161,7 +161,7 @@ int _gnutls_base64_encode(const uint8 * data, size_t data_size, uint8 ** result)
 	return ret;
 }
 
-/* encodes data and puts the result into result (localy alocated)
+/* encodes data and puts the result into result (locally allocated)
  * The result_size is the return value
  */
 int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
@@ -287,23 +287,19 @@ int gnutls_pem_base64_encode_alloc( const char* msg, const gnutls_datum *data,
 opaque* ret;
 int size;
 
+	if (result==NULL) return GNUTLS_E_INVALID_REQUEST;
+
 	size = _gnutls_fbase64_encode( msg, data->data, data->size, &ret);
 	if (size < 0)
 		return size;
 
-	if (result==NULL) {
-		gnutls_free(ret);
-		return GNUTLS_E_INVALID_REQUEST;
-	} else {
-		result->data = ret;
-	        result->size = size;
-	}
-
+	result->data = ret;
+	result->size = size;
 	return 0;
 }
 
 
-/* decodes data and puts the result into result (localy alocated)
+/* decodes data and puts the result into result (locally allocated)
  * The result_size is the return value
  */
 int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result)
diff --git a/libextra/auth_srp_passwd.h b/libextra/auth_srp_passwd.h
index 93c2692c3e..a6adf875b8 100644
--- a/libextra/auth_srp_passwd.h
+++ b/libextra/auth_srp_passwd.h
@@ -9,7 +9,7 @@ typedef struct {
 	gnutls_datum n;
 } SRP_PWD_ENTRY;
 
-/* this is localy alocated. It should be freed using the provided function */
+/* this is locally allocated. It should be freed using the provided function */
 int _gnutls_srp_pwd_read_entry( gnutls_session state, char* username, SRP_PWD_ENTRY**);
 void _gnutls_srp_entry_free( SRP_PWD_ENTRY * entry);
 int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result);
diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c
index 61a5fb5262..44b8043cb8 100644
--- a/libextra/auth_srp_sb64.c
+++ b/libextra/auth_srp_sb64.c
@@ -131,7 +131,7 @@ inline static int encode(uint8 * result, const uint8 * rdata, int left)
 
 }
 
-/* encodes data and puts the result into result (localy alocated)
+/* encodes data and puts the result into result (locally allocated)
  * The result_size is the return value
  */
 int _gnutls_sbase64_encode(uint8 * data, size_t data_size, uint8 ** result)
@@ -215,7 +215,7 @@ inline static int decode(uint8 * result, const uint8 * data)
 	return ret;
 }
 
-/* decodes data and puts the result into result (localy alocated)
+/* decodes data and puts the result into result (locally allocated)
  * The result_size is the return value.
  * That function does not ignore newlines tabs etc. You should remove them
  * before calling it.
diff --git a/libextra/ext_srp.c b/libextra/ext_srp.c
index 99cc0fbef2..fc7e145802 100644
--- a/libextra/ext_srp.c
+++ b/libextra/ext_srp.c
@@ -70,7 +70,7 @@ inline static int is_srp( GNUTLS_CipherSuite suite) {
 }
 
 /* returns data_size or a negative number on failure
- * data is allocated localy
+ * data is allocated locally
  */
 int _gnutls_srp_send_params( gnutls_session state, opaque* data, size_t data_size) {
 	uint len;