diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-27 10:29:14 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-11-27 10:29:14 +0000 |
| commit | 16b0cdcc2636fea9dbd7b9020ed7e06066521f9c (patch) | |
| tree | c6a125becee51029d7dd3f00682f2e3625d7952e /lib | |
| parent | ac0fdb2d0acd63821f8889f8cc2d6833c37cbee7 (diff) | |
| download | gnutls-16b0cdcc2636fea9dbd7b9020ed7e06066521f9c.tar.gz | |
corrected some bugs that affected openpgp authentication.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/auth_cert.c | 44 | ||||
| -rw-r--r-- | lib/auth_rsa_export.c | 16 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 2 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_mem.h | 17 | ||||
| -rw-r--r-- | lib/gnutls_mpi.c | 4 | ||||
| -rw-r--r-- | lib/gnutls_mpi.h | 4 | ||||
| -rw-r--r-- | lib/gnutls_x509.c | 8 |
9 files changed, 60 insertions, 41 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 1508ec38b7..f289026e7d 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -292,6 +292,8 @@ static int _gnutls_find_acceptable_client_cert(gnutls_session session, if (gnutls_certificate_type_get(session) == GNUTLS_CRT_X509) { + /* Makes the issuers_dn stuff. + */ do { /* This works like DECR_LEN() */ @@ -314,12 +316,14 @@ static int _gnutls_find_acceptable_client_cert(gnutls_session session, } while (issuers_dn_len < MAX_ISSUERS); - my_certs = - gnutls_alloca(cred->ncerts * sizeof(gnutls_datum)); - if (my_certs == NULL) { - result = GNUTLS_E_MEMORY_ERROR; - gnutls_assert(); - goto error; + if (cred->ncerts != 0) { + my_certs = + gnutls_alloca(cred->ncerts * sizeof(gnutls_datum)); + if (my_certs == NULL) { + result = GNUTLS_E_MEMORY_ERROR; + gnutls_assert(); + goto error; + } } /* put the requested DNs to req_dn, only in case @@ -362,12 +366,18 @@ static int _gnutls_find_acceptable_client_cert(gnutls_session session, issuers_dn = NULL; } - /* maps j -> i */ - ij_map = gnutls_alloca(sizeof(int) * cred->ncerts); - if (ij_map == NULL) { - result = GNUTLS_E_MEMORY_ERROR; - gnutls_assert(); - goto error; + /* If not certificates are present. + */ + /* maps j -> i + */ + + if (cred->ncerts != 0) { + ij_map = gnutls_alloca(sizeof(int) * cred->ncerts); + if (ij_map == NULL) { + result = GNUTLS_E_MEMORY_ERROR; + gnutls_assert(); + goto error; + } } /* put our certificate's issuer and dn into cdn, idn @@ -405,12 +415,14 @@ static int _gnutls_find_acceptable_client_cert(gnutls_session session, * This will make it relative to the certificates * we've got. */ - if (indx != -1) + if (indx != -1 && cred->ncerts != 0) indx = ij_map[indx]; + else + indx = -1; - gnutls_afree(my_certs); - gnutls_afree(ij_map); - gnutls_afree(issuers_dn); + if (my_certs) gnutls_afree(my_certs); + if (ij_map) gnutls_afree(ij_map); + if (issuers_dn) gnutls_afree(issuers_dn); } *ind = indx; diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 66d4f25280..3ae0096690 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -99,6 +99,7 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data) * of 512 bits or less. */ if ( _gnutls_mpi_get_nbits( apr_pkey->params[0]) <= 512) { + gnutls_assert(); return GNUTLS_E_INT_RET_0; } @@ -108,7 +109,8 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data) return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; } - if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_CERTIFICATE, sizeof( CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { + if ( (ret=_gnutls_auth_info_set( session, GNUTLS_CRD_CERTIFICATE, + sizeof( CERTIFICATE_AUTH_INFO_INT), 0)) < 0) { gnutls_assert(); return ret; } @@ -167,7 +169,7 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } - _gnutls_write_datum16(&(*data)[data_size], signature); + _gnutls_write_datum16(&((*data)[data_size]), signature); data_size += signature.size + 2; _gnutls_free_datum(&signature); @@ -265,10 +267,6 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, DECR_LEN( data_size, n_m); data_m = &data[i]; i += n_m; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } DECR_LEN( data_size, 2); n_e = _gnutls_read_uint16(&data[i]); @@ -277,10 +275,6 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, DECR_LEN( data_size, n_e); data_e = &data[i]; i += n_e; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } _n_e = n_e; _n_m = n_m; @@ -297,7 +291,7 @@ static int proc_rsa_export_server_kx(gnutls_session session, opaque * data, ret=_gnutls_rsa_export_set_modulus_bits( session, _gnutls_mpi_get_nbits( session->key->rsa[0])); - if (ret<0) { + if (ret < 0) { gnutls_assert(); return ret; } diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 5c53a61575..07b7ec4803 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -85,7 +85,7 @@ typedef enum gnutls_digest_algorithm { GNUTLS_DIG_NULL=1, GNUTLS_DIG_MD5, /* exported for other gnutls headers. This is the maximum number * of algorithms (ciphers, kx or macs). */ -#define GNUTLS_MAX_ALGORITHM_NUM 10 +#define GNUTLS_MAX_ALGORITHM_NUM 16 typedef enum gnutls_compression_method { GNUTLS_COMP_NULL=1, GNUTLS_COMP_ZLIB, diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 872e3b854b..2296914feb 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2317,8 +2317,9 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session session, */ cert = NULL; - if (session->security_parameters.entity == GNUTLS_SERVER) + if (session->security_parameters.entity == GNUTLS_SERVER) { cert = _gnutls_server_find_cert(session, requested_pk_algo); + } if (cert == NULL) { /* No certificate was found @@ -2371,7 +2372,6 @@ int _gnutls_remove_unwanted_ciphersuites(gnutls_session session, * is compatible with the certificate. */ for (j = 0; j < alg_size; j++) { - if (alg[j] == kx) { keep = 0; break; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 0929dd6f11..8f7aa0dc5a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -156,7 +156,7 @@ typedef struct { /* This is the maximum number of algorithms (ciphers or macs etc). * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h */ -#define MAX_ALGOS 10 +#define MAX_ALGOS 16 #define MAX_CIPHERSUITES 256 diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h index 2526ec8d58..959757a27f 100644 --- a/lib/gnutls_mem.h +++ b/lib/gnutls_mem.h @@ -11,15 +11,24 @@ typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ * memory leaks may occur in systems which do not * support alloca. */ +#ifdef USE_EFENCE +# define gnutls_alloca gnutls_malloc +# define gnutls_afree gnutls_free +#endif + #ifdef HAVE_ALLOCA # ifdef HAVE_ALLOCA_H # include <alloca.h> # endif -# define gnutls_alloca alloca -# define gnutls_afree(x) +# ifndef gnutls_alloca +# define gnutls_alloca alloca +# define gnutls_afree(x) +# endif #else -# define gnutls_alloca gnutls_malloc -# define gnutls_afree gnutls_free +# ifndef gnutls_alloca +# define gnutls_alloca gnutls_malloc +# define gnutls_afree gnutls_free +# endif #endif /* HAVE_ALLOCA */ typedef void* (*gnutls_alloc_function)(size_t); diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index c6149396f9..337f396c94 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -71,7 +71,7 @@ int ret; return 0; } -int _gnutls_mpi_print( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ) +int _gnutls_mpi_print( void *buffer, size_t *nbytes, const GNUTLS_MPI a ) { int ret; @@ -82,7 +82,7 @@ int ret; } /* Always has the first bit zero */ -int _gnutls_mpi_print_lz( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ) +int _gnutls_mpi_print_lz( void *buffer, size_t *nbytes, const GNUTLS_MPI a ) { int ret; diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 07333349d5..2ac9eae663 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -32,8 +32,8 @@ void _gnutls_mpi_release( GNUTLS_MPI* x); int _gnutls_mpi_scan( GNUTLS_MPI *ret_mpi, const opaque *buffer, size_t *nbytes ); int _gnutls_mpi_scan_pgp( GNUTLS_MPI *ret_mpi, const opaque *buffer, size_t *nbytes ); -int _gnutls_mpi_print( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ); -int _gnutls_mpi_print_lz( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ); +int _gnutls_mpi_print( void *buffer, size_t *nbytes, const GNUTLS_MPI a ); +int _gnutls_mpi_print_lz( void *buffer, size_t *nbytes, const GNUTLS_MPI a ); #endif diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 1bfadf9f05..b09f4df2fa 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1003,17 +1003,21 @@ int _gnutls_check_key_usage( const gnutls_cert* cert, * type algorithm, and key's usage does not permit * encipherment, then fail. */ - if (!(keyUsage & KEY_KEY_ENCIPHERMENT)) + if (!(keyUsage & KEY_KEY_ENCIPHERMENT)) { + gnutls_assert(); return GNUTLS_E_KEY_USAGE_VIOLATION; + } } if ( encipher_type == CIPHER_SIGN) { /* The same as above, but for sign only keys */ - if (!(keyUsage & KEY_DIGITAL_SIGNATURE)) + if (!(keyUsage & KEY_DIGITAL_SIGNATURE)) { + gnutls_assert(); return GNUTLS_E_KEY_USAGE_VIOLATION; + } } } } |