diff options
| -rw-r--r-- | lib/auth/cert.c | 18 | ||||
| -rw-r--r-- | lib/auth/srp_rsa.c | 6 | ||||
| -rw-r--r-- | lib/ext/signature.c | 14 | ||||
| -rw-r--r-- | lib/gnutls_cipher.c | 16 | ||||
| -rw-r--r-- | lib/gnutls_constate.c | 3 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 23 | ||||
| -rw-r--r-- | lib/gnutls_sig.c | 5 |
7 files changed, 77 insertions, 8 deletions
diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 589acf5621..9a5f5590c5 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -1458,6 +1458,9 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, uint8_t * data, int pk_algos_length; const version_entry_st* ver = get_version (session); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) @@ -1564,6 +1567,9 @@ _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t session, gnutls_sign_algorithm_t sign_algo; const version_entry_st* ver = get_version (session); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, @@ -1638,7 +1644,7 @@ _gnutls_proc_cert_client_crt_vrfy (gnutls_session_t session, gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; const version_entry_st* ver = get_version (session); - if (info == NULL || info->ncerts == 0) + if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) { gnutls_assert (); /* we need this in order to get peer's certificate */ @@ -1710,6 +1716,9 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, uint8_t tmp_data[CERTTYPE_SIZE]; const version_entry_st* ver = get_version (session); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + /* Now we need to generate the RDN sequence. This is * already in the CERTIFICATE_CRED structure, to improve * performance. @@ -2207,9 +2216,12 @@ gnutls_privkey_t apr_pkey; int apr_cert_list_length; gnutls_datum_t signature = { NULL, 0 }, ddata; gnutls_sign_algorithm_t sign_algo; -const version_entry_st* ver = get_version (session); +const version_entry_st* ver = get_version (session); int ret; + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + ddata.data = plain; ddata.size = plain_size; @@ -2296,7 +2308,7 @@ _gnutls_proc_dhe_signature (gnutls_session_t session, uint8_t * data, gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; const version_entry_st* ver = get_version (session); - if (info == NULL || info->ncerts == 0) + if (unlikely(info == NULL || info->ncerts == 0 || ver == NULL)) { gnutls_assert (); /* we need this in order to get peer's certificate */ diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c index 1e84d9df39..97b5e918f5 100644 --- a/lib/auth/srp_rsa.c +++ b/lib/auth/srp_rsa.c @@ -89,6 +89,9 @@ gen_srp_cert_server_kx (gnutls_session_t session, gnutls_buffer_st* data) gnutls_sign_algorithm_t sign_algo; const version_entry_st* ver = get_version (session); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + ret = _gnutls_gen_srp_server_kx (session, data); if (ret < 0) @@ -182,6 +185,9 @@ proc_srp_cert_server_kx (gnutls_session_t session, uint8_t * data, gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; const version_entry_st* ver = get_version (session); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + ret = _gnutls_proc_srp_server_kx (session, data, _data_size); if (ret < 0) return ret; diff --git a/lib/ext/signature.c b/lib/ext/signature.c index 1d2fb9c518..69ce76f1d4 100644 --- a/lib/ext/signature.c +++ b/lib/ext/signature.c @@ -214,6 +214,9 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t session, int ret; size_t init_length = extdata->length; const version_entry_st* ver = get_version (session); + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* this function sends the client extension data */ if (session->security_parameters.entity == GNUTLS_CLIENT @@ -252,7 +255,10 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pcert_st* cert) sig_ext_st *priv; extension_priv_data_t epriv; unsigned int cert_algo; - + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + cert_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL); ret = @@ -299,6 +305,9 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session, sig_ext_st *priv; extension_priv_data_t epriv; + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, @@ -412,6 +421,9 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session, extension_priv_data_t epriv; int ret; + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index f218b49aea..198cb34d15 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -325,6 +325,9 @@ compressed_to_ciphertext (gnutls_session_t session, uint8_t nonce[MAX_CIPHER_BLOCK_SIZE]; unsigned iv_size; + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + iv_size = _gnutls_cipher_get_iv_size(params->cipher); _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n", @@ -455,6 +458,9 @@ compressed_to_ciphertext_new (gnutls_session_t session, uint8_t nonce[MAX_CIPHER_BLOCK_SIZE]; unsigned iv_size; + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + iv_size = _gnutls_cipher_get_iv_size(params->cipher); _gnutls_hard_log("ENC[%p]: cipher: %s, MAC: %s, Epoch: %u\n", @@ -636,7 +642,10 @@ ciphertext_to_compressed (gnutls_session_t session, unsigned int tag_size = _gnutls_auth_cipher_tag_len (¶ms->read.cipher_state); unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver); unsigned iv_size; - + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + iv_size = _gnutls_cipher_get_iv_size(params->cipher); blocksize = _gnutls_cipher_get_block_size (params->cipher); @@ -825,7 +834,10 @@ ciphertext_to_compressed_new (gnutls_session_t restrict session, unsigned int tag_size = _gnutls_auth_cipher_tag_len (¶ms->read.cipher_state); unsigned int explicit_iv = _gnutls_version_has_explicit_iv (ver); unsigned iv_size; - + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + iv_size = _gnutls_cipher_get_iv_size(params->cipher); blocksize = _gnutls_cipher_get_block_size (params->cipher); diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index ca6d4088d5..717cacf716 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -305,6 +305,9 @@ _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch) record_parameters_st *params; int ret; const version_entry_st* ver = get_version (session); + + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); ret = _gnutls_epoch_get (session, epoch, ¶ms); if (ret < 0) diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 1f3e4f7e4a..ab04e7be8a 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -667,6 +667,9 @@ _gnutls_send_finished (gnutls_session_t session, int again) data = _mbuffer_get_udata_ptr (bufel); vers = get_version(session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + if (vers->id == GNUTLS_SSL3) { ret = @@ -732,6 +735,9 @@ _gnutls_recv_finished (gnutls_session_t session) int vrfy_size; const version_entry_st* vers = get_version (session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + ret = _gnutls_recv_handshake (session, GNUTLS_HANDSHAKE_FINISHED, 0, &buf); @@ -1260,6 +1266,9 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, int ret; const version_entry_st* vers = get_version (session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + if ((vers->id != GNUTLS_DTLS0_9 && recv_type == GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST) || recv_type == GNUTLS_HANDSHAKE_HELLO_REQUEST) @@ -1297,6 +1306,9 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, int ret; const version_entry_st* vers = get_version (session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + /* We don't check for GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST because it * is not sent via that channel. */ @@ -2079,6 +2091,9 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) data = _mbuffer_get_udata_ptr (bufel); vers = get_version(session); + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + data[pos++] = vers->major; data[pos++] = vers->minor; @@ -2784,7 +2799,9 @@ send_change_cipher_spec (gnutls_session_t session, int again) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); vers = get_version (session); - + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + if (vers->id == GNUTLS_DTLS0_9) _mbuffer_set_uhead_size(bufel, 3); else @@ -2910,7 +2927,9 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init) } vers = get_version (session); - + if (unlikely(vers == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + if (vers->id == GNUTLS_DTLS0_9) ccs_len = 3; diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 8a0e229f97..d9afa677aa 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -463,6 +463,8 @@ _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session, _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n", session, gnutls_sign_algorithm_get_name (sign_algo)); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); if (_gnutls_version_has_selectable_sighash(ver)) return _gnutls_handshake_verify_crt_vrfy12 (session, cert, signature, @@ -609,6 +611,9 @@ _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session, const version_entry_st* ver = get_version (session); gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL); + if (unlikely(ver == NULL)) + return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + if (_gnutls_version_has_selectable_sighash(ver)) return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey, signature); |