more fixes by Arne.

13 files changed, 89 insertions, 98 deletions

diff --git a/lib/auth_anon.c b/lib/auth_anon.c
index 1f12226309..65707806db 100644
--- a/lib/auth_anon.c
+++ b/lib/auth_anon.c
@@ -60,8 +60,7 @@ const MOD_AUTH_STRUCT anon_auth_struct = {
 
 static int gen_anon_server_kx( gnutls_session session, opaque** data) {
 	GNUTLS_MPI g, p;
-	int bits, ret;
-	ANON_SERVER_AUTH_INFO info;
+	int ret;
 	const gnutls_anon_server_credentials cred;
 	
 	cred = _gnutls_get_cred(session->key, GNUTLS_CRD_ANON, NULL);
@@ -70,8 +69,6 @@ static int gen_anon_server_kx( gnutls_session session, opaque** data) {
 		return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
 	}
 
-	bits = _gnutls_dh_get_prime_bits( session);
-
 	if ( (ret=_gnutls_get_dh_params( cred->dh_params, &p, &g)) < 0) {
 		gnutls_assert();
 		return ret;
@@ -79,13 +76,15 @@ static int gen_anon_server_kx( gnutls_session session, opaque** data) {
 
 	if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_ANON, sizeof( ANON_SERVER_AUTH_INFO_INT), 1)) < 0) {
 		gnutls_assert();
+		cleanup_gp:
+		_gnutls_mpi_release(&g);
+		_gnutls_mpi_release(&p);
 		return ret;
 	}
 
-	info = _gnutls_get_auth_info( session);	
 	if ((ret=_gnutls_dh_set_prime_bits( session, _gnutls_mpi_get_nbits(p))) < 0) {
 		gnutls_assert();
-		return ret;
+		goto cleanup_gp;
 	}
 	
 	ret = _gnutls_dh_common_print_server_kx( session, g, p, data);
@@ -94,7 +93,6 @@ static int gen_anon_server_kx( gnutls_session session, opaque** data) {
 
 	if (ret < 0) {
 		gnutls_assert();
-		return ret;
 	}
 
 	return ret;
diff --git a/lib/dh_compat.c b/lib/dh_compat.c
index 30c25ba428..f6f1f49a05 100644
--- a/lib/dh_compat.c
+++ b/lib/dh_compat.c
@@ -83,12 +83,12 @@ int gnutls_dh_params_set(gnutls_dh_params dh_params, gnutls_datum prime,
   * This function will generate a new pair of prime and generator for use in 
   * the Diffie-Hellman key exchange. The new parameters will be allocated using
   * gnutls_malloc() and will be stored in the appropriate datum.
-  * This function is normally very slow. An other function
+  * This function is normally very slow. Another function
   * (gnutls_dh_params_set()) should be called in order to replace the 
   * included DH primes in the gnutls library.
   * 
   * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
-  * Also note that the generation of new DH parameters is only usefull
+  * Also note that the generation of new DH parameters is only useful
   * to servers. Clients use the parameters sent by the server, thus it's
   * no use calling this in client side.
   *
diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c
index 5ffba69067..459c25ffc8 100644
--- a/lib/gnutls_cipher_int.c
+++ b/lib/gnutls_cipher_int.c
@@ -61,6 +61,9 @@ gcry_error_t err = GPG_ERR_GENERAL; /* doesn't matter */
 	if (err == 0) {
 		gcry_cipher_setkey(ret, key->data, key->size);
 		if (iv->data!=NULL && iv->size>0) gcry_cipher_setiv(ret, iv->data, iv->size);
+	} else if (cipher != GNUTLS_CIPHER_NULL) {
+		gnutls_assert();
+		_gnutls_x509_log("Gcrypt cipher[%d] error: %s\n", cipher, gcry_strerror(err));
 	}
 
 	return ret;	
diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c
index 4e34b31db2..18e4a253d3 100644
--- a/lib/gnutls_compress.c
+++ b/lib/gnutls_compress.c
@@ -38,8 +38,6 @@ int _gnutls_m_plaintext2compressed(gnutls_session session,
 	int size;
 	char *data;
 	
-	data=NULL;
-	
 	size = _gnutls_compress( session->connection_state.write_compression_state,
 		plaintext.data, plaintext.size, &data, MAX_RECORD_SEND_SIZE+1024);
 	if (size < 0) {
@@ -60,8 +58,6 @@ int _gnutls_m_compressed2plaintext(gnutls_session session,
 	int size;
 	char* data;
 
-	data=NULL;
-	
 	size = _gnutls_decompress( session->connection_state.read_compression_state,
 		compressed.data, compressed.size, &data, MAX_RECORD_RECV_SIZE);
 	if (size < 0) {
@@ -73,7 +69,3 @@ int _gnutls_m_compressed2plaintext(gnutls_session session,
 
 	return 0;
 }
-
-
-
-
diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c
index e0932b16e2..737a4b062b 100644
--- a/lib/gnutls_dh_primes.c
+++ b/lib/gnutls_dh_primes.c
@@ -34,8 +34,6 @@
 int _gnutls_get_dh_params(gnutls_dh_params dh_primes,
 				GNUTLS_MPI * ret_p, GNUTLS_MPI * ret_g)
 {
-	GNUTLS_MPI g = NULL, prime = NULL;
-
 	if (dh_primes == NULL || dh_primes->_prime == NULL ||
 		dh_primes->_generator == NULL) 
 	{
@@ -43,21 +41,23 @@ int _gnutls_get_dh_params(gnutls_dh_params dh_primes,
 		return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
 	}
 
-	prime = _gnutls_mpi_copy(dh_primes->_prime);
-	g = _gnutls_mpi_copy(dh_primes->_generator);
+	if (ret_p != NULL) { /* caller wants the prime */
+		*ret_p = _gnutls_mpi_copy(dh_primes->_prime);
+		if (*ret_p == NULL) {
+			gnutls_assert();
+			return GNUTLS_E_MEMORY_ERROR;
+		}
+	}
 
-	if (prime == NULL || g == NULL) {	/* if not prime was found */
-		gnutls_assert();
-		_gnutls_mpi_release(&g);
-		_gnutls_mpi_release(&prime);
-		*ret_p = NULL;
-		return GNUTLS_E_MEMORY_ERROR;
+	if (ret_g != NULL) { /* caller wants the generator */
+		*ret_g = _gnutls_mpi_copy(dh_primes->_generator);
+		if (*ret_g == NULL) {
+			gnutls_assert();
+			if (ret_p) _gnutls_mpi_release(ret_p);
+			return GNUTLS_E_MEMORY_ERROR;
+		}
 	}
 
-	if (ret_p)
-		*ret_p = prime;
-	if (ret_g)
-		*ret_g = g;
 	return 0;
 }
 
@@ -69,7 +69,6 @@ GNUTLS_MPI _gcry_generate_elg_prime(int mode, unsigned pbits,
 int _gnutls_dh_generate_prime(GNUTLS_MPI * ret_g, GNUTLS_MPI * ret_n,
 			      int bits)
 {
-
 	GNUTLS_MPI g, prime;
 	int qbits;
 
@@ -84,21 +83,24 @@ int _gnutls_dh_generate_prime(GNUTLS_MPI * ret_g, GNUTLS_MPI * ret_n,
 	 * bad emulation.
 	 */
 	qbits = 120 + (((bits / 256) - 1) * 20);
-	if (qbits & 1)		/* better have a even one */
+	if (qbits & 1)		/* better have an even number */
 		qbits++;
 
 	prime = _gcry_generate_elg_prime(0, bits, qbits, g, NULL);
-	if (prime == NULL || g == NULL) {
-		_gnutls_mpi_release(&g);
-		_gnutls_mpi_release(&prime);
+	if (prime == NULL) {
 		gnutls_assert();
+		_gnutls_mpi_release(&g);
 		return GNUTLS_E_MEMORY_ERROR;
 	}
 
 	if (ret_g)
 		*ret_g = g;
+	else
+		_gnutls_mpi_release(&g);
 	if (ret_n)
 		*ret_n = prime;
+	else
+		_gnutls_mpi_release(&prime);
 
 	return 0;
 
@@ -122,7 +124,7 @@ int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *
 			const gnutls_datum* generator)
 {
 	GNUTLS_MPI tmp_prime, tmp_g;
-	size_t siz = 0;
+	size_t siz;
 
 	siz = prime->size;
 	if (_gnutls_mpi_scan(&tmp_prime, prime->data, &siz)) {
@@ -137,7 +139,7 @@ int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
-	/* copy the generated values to the structure
+	/* store the generated values
 	 */
 	dh_params->_prime = tmp_prime;
 	dh_params->_generator = tmp_g;
@@ -196,9 +198,9 @@ void gnutls_dh_params_deinit(gnutls_dh_params dh_params)
   * This function is normally slow. 
   * 
   * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096.
-  * Also note that the DH parameters are only usefull to servers. 
-  * Since clients use the parameters sent by the server, thus it's
-  * no use calling this in client side.
+  * Also note that the DH parameters are only useful to servers.
+  * Since clients use the parameters sent by the server, it's of
+  * no use to call this in client side.
   *
   **/
 int gnutls_dh_params_generate2(gnutls_dh_params params, int bits)
@@ -215,7 +217,7 @@ int gnutls_dh_params_generate2(gnutls_dh_params params, int bits)
 
 /**
   * gnutls_dh_params_import_pkcs3 - This function will import DH params from a pkcs3 structure
-  * @params: A structure were the parameters will be copied to
+  * @params: A structure where the parameters will be copied to
   * @pkcs3_params: should contain a PKCS3 DHParams structure PEM or DER encoded
   * @format: the format of params. PEM or DER.
   *
@@ -265,13 +267,18 @@ int gnutls_dh_params_import_pkcs3(gnutls_dh_params params,
 	     (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2))
 	    != ASN1_SUCCESS) {
 		gnutls_assert();
+		if (need_free != 0) {
+			gnutls_free( _params.data); _params.data = NULL;
+		}
 		return _gnutls_asn2err(result);
 	}
 
 	result =
 	    asn1_der_decoding(&c2, _params.data, _params.size, NULL);
 	    
-	if (need_free != 0) gnutls_free( _params.data);
+	if (need_free != 0) {
+		gnutls_free( _params.data); _params.data = NULL;
+	}
 
 	if (result != ASN1_SUCCESS) {
 		/* couldn't decode DER */
@@ -416,9 +423,10 @@ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params,
 		tmp = gnutls_alloca( len);
 		if (tmp == NULL) {
 			gnutls_assert();
+			asn1_delete_structure(&c2);
 			return GNUTLS_E_MEMORY_ERROR;
 		}
-		
+
 		if ((result=asn1_der_coding( c2, "", tmp, &len, NULL)) != ASN1_SUCCESS) {
 			gnutls_assert();
 			gnutls_afree( tmp);
@@ -440,6 +448,7 @@ int gnutls_dh_params_export_pkcs3( gnutls_dh_params params,
 
 		if (result == 0) {	/* oooops */
 			gnutls_assert();
+			gnutls_free(out);
 			return GNUTLS_E_INTERNAL_ERROR;
 		}
 
diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c
index 349bd87fbc..f2dff9f2f2 100644
--- a/lib/gnutls_errors.c
+++ b/lib/gnutls_errors.c
@@ -84,7 +84,8 @@ static gnutls_error_entry error_algorithms[] = {
 	ERROR_ENTRY("Wrong padding in PKCS1 packet.", GNUTLS_E_PKCS1_WRONG_PAD, 1 ), 
 	ERROR_ENTRY("The requested session has expired.", GNUTLS_E_EXPIRED, 1 ), 
 	ERROR_ENTRY("Hashing has failed.", GNUTLS_E_HASH_FAILED, 1 ), 
-	ERROR_ENTRY("Certificate parsing error.", GNUTLS_E_BASE64_DECODING_ERROR, 1 ), 
+	ERROR_ENTRY("Base64 decoding error.", GNUTLS_E_BASE64_DECODING_ERROR, 1 ), 
+	ERROR_ENTRY("Base64 encoding error.", GNUTLS_E_BASE64_ENCODING_ERROR, 1 ), 
 	ERROR_ENTRY("Parsing error in SRP password file.", GNUTLS_E_SRP_PWD_PARSING_ERROR, 1 ), 
 	ERROR_ENTRY("The requested data, were not available.", GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 0 ), 
 	ERROR_ENTRY("Error in the pull function.", GNUTLS_E_PULL_ERROR, 1 ), 
diff --git a/lib/gnutls_errors_int.h b/lib/gnutls_errors_int.h
index 6e153abcb2..8bd3cea8eb 100644
--- a/lib/gnutls_errors_int.h
+++ b/lib/gnutls_errors_int.h
@@ -117,6 +117,8 @@
 #define GNUTLS_E_INVALID_PASSWORD -99
 #define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
 
+#define GNUTLS_E_BASE64_ENCODING_ERROR -101
+
 #define GNUTLS_E_UNIMPLEMENTED_FEATURE -250
 
 /* _INT_ internal errors. Not exported */
diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c
index 836287e74a..869d2a5c0e 100644
--- a/lib/gnutls_mem.c
+++ b/lib/gnutls_mem.c
@@ -66,7 +66,6 @@ void *ret;
 	ret = gnutls_realloc( ptr, size);
 	if ( ret == NULL) {
 		gnutls_free( ptr);
-		return NULL;
 	}
 
 	return ret;
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 75e64bd4df..b0a16da933 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -67,7 +67,7 @@ void _gnutls_set_current_version(gnutls_session session, gnutls_protocol_version
   * if there are pending data to socket buffer. Used only   
   * if you have changed the default low water value (default is 1).
   * Normally you will not need that function. 
-  * This function is only usefull if using berkeley style sockets.
+  * This function is only useful if using berkeley style sockets.
   * Otherwise it must be called and set lowat to zero.
   *
   **/
diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c
index c33dc7402a..0b3b5d5878 100644
--- a/lib/gnutls_rsa_export.c
+++ b/lib/gnutls_rsa_export.c
@@ -209,7 +209,7 @@ void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params)
   * 
   * Note that if the parameters are to be used in export cipher suites the 
   * bits value should be 512 or less.
-  * Also note that the generation of new RSA parameters is only usefull
+  * Also note that the generation of new RSA parameters is only useful
   * to servers. Clients use the parameters sent by the server, thus it's
   * no use calling this in client side.
   *
diff --git a/lib/rsa_compat.c b/lib/rsa_compat.c
index 5539d5e6c8..67e4d10141 100644
--- a/lib/rsa_compat.c
+++ b/lib/rsa_compat.c
@@ -46,13 +46,13 @@ static int check_bits(int bits)
 	return 0;
 }
 
-#define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \
-		_gnutls_mpi_release(&rsa_params->params[i])
 
+#define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \
+               _gnutls_mpi_release(&rsa_params->params[i]);
 
 /*-
   * gnutls_rsa_params_set - This function will replace the old RSA parameters
-  * @rsa_params: Is a structure will hold the parameters
+  * @rsa_params: Is a structure which will hold the parameters
   * @m: holds the modulus
   * @e: holds the public exponent
   * @d: holds the private exponent
@@ -75,58 +75,52 @@ int gnutls_rsa_params_set(gnutls_rsa_params rsa_params,
 	gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u,
 	int bits) 
 {
-	int i = 0;
-	size_t siz = 0;
+	int i;
+	size_t siz;
 
 	if (check_bits(bits) < 0) {
 		gnutls_assert();
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
-	for (i=0;i<RSA_PRIVATE_PARAMS;i++) {
-		_gnutls_mpi_release(&rsa_params->params[i]);
-	}
+	FREE_PRIVATE_PARAMS
 
 	siz = m.size;
 	if (_gnutls_mpi_scan(&rsa_params->params[0], m.data, &siz)) {
 		gnutls_assert();
-		FREE_PRIVATE_PARAMS;
+		failed:
+		FREE_PRIVATE_PARAMS
 		return GNUTLS_E_MPI_SCAN_FAILED;
 	}
 
 	siz = e.size;
 	if (_gnutls_mpi_scan(&rsa_params->params[1], e.data, &siz)) {
 		gnutls_assert();
-		FREE_PRIVATE_PARAMS;
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		goto failed;
 	}
 
 	siz = d.size;
 	if (_gnutls_mpi_scan(&rsa_params->params[2], d.data, &siz)) {
 		gnutls_assert();
-		FREE_PRIVATE_PARAMS;
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		goto failed;
 	}
 
 	siz = p.size;
 	if (_gnutls_mpi_scan(&rsa_params->params[3], p.data, &siz)) {
 		gnutls_assert();
-		FREE_PRIVATE_PARAMS;
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		goto failed;
 	}
 
 	siz = q.size;
 	if (_gnutls_mpi_scan(&rsa_params->params[4], q.data, &siz)) {
 		gnutls_assert();
-		FREE_PRIVATE_PARAMS;
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		goto failed;
 	}
 
 	siz = u.size;
 	if (_gnutls_mpi_scan(&rsa_params->params[5], u.data, &siz)) {
 		gnutls_assert();
-		FREE_PRIVATE_PARAMS;
-		return GNUTLS_E_MPI_SCAN_FAILED;
+		goto failed;
 	}
 
 	return 0;
@@ -155,7 +149,7 @@ int gnutls_rsa_params_set(gnutls_rsa_params rsa_params,
   * generated RSA parameters.
   * 
   * Note that the bits value should be 512.
-  * Also note that the generation of new RSA parameters is only usefull
+  * Also note that the generation of new RSA parameters is only useful
   * to servers. Clients use the parameters sent by the server, thus it's
   * no use calling this in client side.
   *
diff --git a/lib/x509/common.c b/lib/x509/common.c
index 60d7487d20..5aab61a833 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -735,12 +735,6 @@ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
 
 	res->data = data;
 	res->size = size;
-
-	if (result != ASN1_SUCCESS) {
-		gnutls_assert();
-		return _gnutls_asn2err(result);
-	}
-
 	return 0;
 
 	cleanup:
@@ -751,7 +745,7 @@ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
 }
 
 /* DER Encodes the src ASN1_TYPE and stores it to
- * dest in dest_name. Usefull to encode something and store it
+ * dest in dest_name. Useful to encode something and store it
  * as OCTET. If str is non null then the data are encoded as
  * an OCTET STRING.
  */
diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 3f5e774574..19d6487037 100644
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -173,13 +173,14 @@ int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
 	uint8 top[80];
 	uint8 bottom[80];
 	int pos;
+	size_t msglen = strlen(msg);
+
+	if (msglen > 50)
+		return GNUTLS_E_BASE64_ENCODING_ERROR;
 
 	memset(bottom, 0, sizeof(bottom));
 	memset(top, 0, sizeof(top));
 
-	if (strlen(msg) > 50)
-		return GNUTLS_E_MEMORY_ERROR;
-
 	strcat(top, "-----BEGIN "); /* Flawfinder: ignore */
 	strcat(top, msg); /* Flawfinder: ignore */
 	strcat(top, "-----"); /* Flawfinder: ignore */
@@ -188,20 +189,20 @@ int _gnutls_fbase64_encode(const char *msg, const uint8 * data, int data_size,
 	strcat(bottom, msg); /* Flawfinder: ignore */
 	strcat(bottom, "-----\n"); /* Flawfinder: ignore */
 
-	ret = B64FSIZE( strlen(msg), data_size);
+	ret = B64FSIZE( msglen, data_size);
 
 	(*result) = gnutls_calloc(1, ret + 1);
 	if ((*result) == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
-	strcat(*result, top); /* Flawfinder: ignore */
+	strcpy(*result, top); /* Flawfinder: ignore */
 	pos = strlen(top);
 
 	for (i = j = 0; i < data_size; i += 3, j += 4) {
 		tmp = encode(tmpres, &data[i], data_size - i);
 		if (tmp == -1) {
-			gnutls_free( (*result));
-			return GNUTLS_E_MEMORY_ERROR;
+			gnutls_free( (*result)); *result = NULL;
+			return GNUTLS_E_BASE64_ENCODING_ERROR;
 		}
 		ptr = &(*result)[j + pos];
 
@@ -309,22 +310,19 @@ int _gnutls_base64_decode(const uint8 * data, size_t data_size, uint8 ** result)
 	uint8 tmpres[3];
 
 	est = ((data_size * 3) / 4) + 1;
-	ret = 0;
-
 	(*result) = gnutls_malloc(est);
 	if ((*result) == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
-	for (i = j = 0; i < data_size; i += 4) {
+	ret = 0;
+	for (i = j = 0; i < data_size; i += 4, j += 3) {
 		tmp = decode(tmpres, &data[i]);
 		if (tmp < 0) {
-			gnutls_free( *result);
+			gnutls_free( *result); *result = NULL;
 			return tmp;
 		}
 		memcpy(&(*result)[j], tmpres, tmp);
 		ret += tmp;
-
-		j += 3;
 	}
 	return ret;
 }
@@ -338,7 +336,7 @@ inline static int cpydata(const uint8 * data, int data_size, uint8 ** result)
 
 	(*result) = gnutls_malloc(data_size);
 	if (*result == NULL)
-		return -1;
+		return GNUTLS_E_MEMORY_ERROR;
 
 	for (j = i = 0; i < data_size; i++) {
 		if (data[i] == '\n' || data[i] == '\r')
@@ -416,8 +414,14 @@ int _gnutls_fbase64_decode( const opaque* header, const opaque * data, size_t da
 
 	kdata_size = cpydata(rdata, rdata_size, &kdata);
 
+	if (kdata_size < 0) {
+		gnutls_assert();
+		return kdata_size;
+	}
+
 	if (kdata_size < 4) {
 		gnutls_assert();
+		gnutls_free(kdata);
 		return GNUTLS_E_BASE64_DECODING_ERROR;
 	}
 
@@ -489,18 +493,13 @@ int gnutls_pem_base64_decode_alloc( const char* header, const gnutls_datum *b64_
 opaque* ret;
 int size;
 
+	if (result==NULL) return GNUTLS_E_INVALID_REQUEST;
+
 	size = _gnutls_fbase64_decode( header, b64_data->data, b64_data->size, &ret);
 	if (size < 0)
 		return size;
 
-	if (result==NULL) {
-		gnutls_free(ret);
-		return GNUTLS_E_INVALID_REQUEST;
-	} else {
-		result->data = ret;
-		result->size = size;
-	}
-
+	result->data = ret;
+	result->size = size;
 	return 0;
 }
-