diff options
47 files changed, 239 insertions, 101 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0ba9f7eb52..6a7652ddeb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -261,8 +261,9 @@ MinGW32.DLLs: echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache i686-w64-mingw32-gcc" - - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc && - mingw32-make -j$(nproc) && mingw32-make -C tests check -j$(nproc) + - dash ./configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc + - mingw32-make -j$(nproc) + - mingw32-make -C tests check -j$(nproc) # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit @@ -299,8 +300,9 @@ MinGW64.DLLs: echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - ./bootstrap - export CC="ccache x86_64-w64-mingw32-gcc" - - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc && - mingw64-make -j$(nproc) && mingw64-make -C tests check -j$(nproc) + - dash ./configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-full-test-suite --disable-doc + - mingw64-make -j$(nproc) + - mingw64-make -C tests check -j$(nproc) # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit @@ -337,9 +339,10 @@ MinGW64: - export CC="ccache x86_64-w64-mingw32-gcc" - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc && echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register && - mkdir -p build && cd build && - ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc && - mingw64-make -j$(nproc) && mingw64-make -C tests check -j$(nproc) + mkdir -p build && cd build + - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc + - mingw64-make -j$(nproc) + - mingw64-make -C tests check -j$(nproc) - cd .. tags: - shared @@ -363,9 +366,10 @@ MinGW32: - export CC="ccache i686-w64-mingw32-gcc" - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc && echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register && - mkdir -p build && cd build && - dash ../configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc && - mingw32-make -j$(nproc) && mingw32-make -C tests check -j$(nproc) + mkdir -p build && cd build + - dash ../configure --disable-gcc-warnings --host=i686-w64-mingw32 --target=i686-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc + - mingw32-make -j$(nproc) + - mingw32-make -C tests check -j$(nproc) - cd .. tags: - shared @@ -446,9 +450,10 @@ Debian.x86_64: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD script: - ./bootstrap - - mkdir -p build && cd build && - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --disable-doc --disable-guile --disable-full-test-suite LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' && - make -j$(nproc) && make check -j$(nproc) + - mkdir -p build && cd build + - dash ../configure --disable-gcc-warnings --cache-file ../cache/config.cache --disable-doc --disable-guile --disable-full-test-suite LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' + - make -j$(nproc) + - make check -j$(nproc) - cd .. tags: - shared diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c index 5897cc2ace..8d00cfdc2a 100644 --- a/lib/accelerated/cryptodev.c +++ b/lib/accelerated/cryptodev.c @@ -251,7 +251,7 @@ int _gnutls_cryptodev_init(void) return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; } - /* Set close-on-exec (not really neede here) */ + /* Set close-on-exec (not really needed here) */ if (fcntl(cfd, F_SETFD, 1) == -1) { gnutls_assert(); return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index c2203c7ed3..d5d0943242 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -92,7 +92,7 @@ int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage) * server. Therefore the correct cert type needs to be retrieved to be * used for the _gnutls_get_auth_info_pcert call. If this * function is to be called on the server side in the future, extra - * checks need to be build in order to retrieve te correct + * checks need to be build in order to retrieve the correct * certificate type. */ int @@ -213,12 +213,12 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, session->key.key.size); /* After this point, any conditional on failure that cause differences * in execution may create a timing or cache access pattern side - * channel that can be used as an oracle, so tread very carefully */ + * channel that can be used as an oracle, so treat very carefully */ /* Error handling logic: * In case decryption fails then don't inform the peer. Just use the * random key previously generated. (in order to avoid attack against - * pkcs-1 formating). + * pkcs-1 formatting). * * If we get version mismatches no error is returned either. We * proceed normally. This is to defend against the attack described diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index 644f2e8b29..791fcd8bb7 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -334,7 +334,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { /* In case decryption fails then don't inform * the peer. Just use a random key. (in order to avoid - * attack against pkcs-1 formating). + * attack against pkcs-1 formatting). */ gnutls_assert(); _gnutls_debug_log diff --git a/lib/cipher-cbc.c b/lib/cipher-cbc.c index 741119223b..2f387c523c 100644 --- a/lib/cipher-cbc.c +++ b/lib/cipher-cbc.c @@ -90,7 +90,7 @@ int cbc_mac_verify(gnutls_session_t session, record_parameters_st *params, pad = data[data_size - 1]; /* pad */ - /* Check the pading bytes (TLS 1.x). + /* Check the padding bytes (TLS 1.x). * Note that we access all 256 bytes of ciphertext for padding check * because there is a timing channel in that memory access (in certain CPUs). */ diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c index 534c407b3a..0fbd4e9e4a 100644 --- a/lib/ext/client_cert_type.c +++ b/lib/ext/client_cert_type.c @@ -91,7 +91,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session, gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } - /* The server picked one of the offered cert types iff he supports + /* The server picked one of the offered cert types if he supports * at least one of them and decided to do a client certificate * request. If both parties play by the rules then we may only * receive a cert type that we offered, i.e. one that we support. diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c index 35c6d751db..b290b7b06e 100644 --- a/lib/ext/server_cert_type.c +++ b/lib/ext/server_cert_type.c @@ -91,7 +91,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session, gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); } - /* The server picked one of the offered cert types iff he supports + /* The server picked one of the offered cert types if he supports * at least one of them. If both parties play by the rules then we * may only receive a cert type that we offered, i.e. one that we * support. Because the world isn't as beautiful as it may seem, diff --git a/lib/extras/hex.h b/lib/extras/hex.h index e2ce3ff28a..15d4e64932 100644 --- a/lib/extras/hex.h +++ b/lib/extras/hex.h @@ -7,7 +7,7 @@ /** * hex_decode - Unpack a hex string. - * @str: the hexidecimal string + * @str: the hexadecimal string * @slen: the length of @str * @buf: the buffer to write the data into * @bufsize: the length of @buf diff --git a/lib/global.h b/lib/global.h index c1aa7863b5..97b0b27281 100644 --- a/lib/global.h +++ b/lib/global.h @@ -33,7 +33,7 @@ extern ASN1_TYPE _gnutls_gnutls_asn; /* removed const from node_asn* to * prevent warnings, since libtasn1 doesn't - * use the const keywork in its functions. + * use the const keyword in its functions. */ #define _gnutls_get_gnutls_asn() ((ASN1_TYPE) _gnutls_gnutls_asn) #define _gnutls_get_pkix() ((ASN1_TYPE) _gnutls_pkix1_asn) diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 8baa8815e7..a0c47efa0f 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1101,7 +1101,7 @@ typedef struct { bool invalid_connection; /* true or FALSE - if this session is valid */ - bool may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write + bool may_not_read; /* if it's 0 then we can read/write, otherwise it's forbidden to read/write */ bool may_not_write; bool read_eof; /* non-zero if we have received a closure alert. */ @@ -1263,7 +1263,7 @@ typedef struct { */ bool ignore_rdn_sequence; - /* This is used to set an arbitary version in the RSA + /* This is used to set an arbitrary version in the RSA * PMS secret. Can be used by clients to test whether the * server checks that version. (** only used in gnutls-cli-debug) */ diff --git a/lib/handshake.c b/lib/handshake.c index d83a51c9bb..70b4486266 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -1626,7 +1626,7 @@ _gnutls_recv_handshake(gnutls_session_t session, default: gnutls_assert(); /* we shouldn't actually arrive here in any case . - * unexpected messages should be catched after _gnutls_handshake_io_recv_int() + * unexpected messages should be caught after _gnutls_handshake_io_recv_int() */ ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; goto cleanup; diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 223fb2ed1f..0aa1018555 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -122,7 +122,7 @@ typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key, */ #define GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO (1<<2) /* Should return the number of bits of the public key algorithm (required for RSA-PSS) - * It is the value that should be retuned by gnutls_pubkey_get_pk_algorithm() */ + * It is the value that should be returned by gnutls_pubkey_get_pk_algorithm() */ #define GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS (1<<3) /* returns information on the public key associated with userdata */ diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 732b9dbeb4..f81d25b47a 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -50,7 +50,7 @@ extern "C" { /* gnutls_connection_end_t was made redundant in 2.99.0 */ typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED; -/* Stuff deprected in 2.x */ +/* Stuff deprecated in 2.x */ typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm _GNUTLS_GCC_ATTR_DEPRECATED; typedef gnutls_kx_algorithm_t gnutls_kx_algorithm diff --git a/lib/mbuffers.c b/lib/mbuffers.c index 2e4c62a295..24395e6496 100644 --- a/lib/mbuffers.c +++ b/lib/mbuffers.c @@ -324,7 +324,7 @@ _mbuffer_append_data(mbuffer_st * bufel, void *newdata, #ifdef ENABLE_ALIGN16 # define ALIGN_SIZE 16 -/* Allocate a 16-byte alligned buffer segment. The segment is not initially "owned" by +/* Allocate a 16-byte aligned buffer segment. The segment is not initially "owned" by * any buffer. * * maximum_size: Amount of data that this segment can contain. diff --git a/lib/nettle/gost/ecc-internal.h b/lib/nettle/gost/ecc-internal.h index 16d6828772..21bd98cfdc 100644 --- a/lib/nettle/gost/ecc-internal.h +++ b/lib/nettle/gost/ecc-internal.h @@ -127,7 +127,7 @@ struct ecc_curve { /* The prime p. */ struct ecc_modulo p; - /* Group order. FIXME: Currently, many fucntions rely on q.size == + /* Group order. FIXME: Currently, many functions rely on q.size == p.size. This has to change for radix-51 implementation of curve25519 mod p arithmetic. */ struct ecc_modulo q; @@ -202,7 +202,7 @@ gost_hash (const struct ecc_modulo *m, /* Converts a point P in jacobian coordinates into a point R in affine coordinates. If op == 1, produce x coordinate only. If op == 2, - produce the x coordiante only, and in also it modulo q. FIXME: For + produce the x coordinate only, and in also it modulo q. FIXME: For the public interface, have separate for the three cases, and use this flag argument only for the internal ecc->h_to_a function. */ void diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c index 30ba004e0f..69f7f8ceba 100644 --- a/lib/nettle/int/dsa-keygen-fips186.c +++ b/lib/nettle/int/dsa-keygen-fips186.c @@ -421,7 +421,7 @@ _dsa_generate_dss_pqg(struct dsa_params *params, if (_gnutls_fips_mode_enabled() != 0) { cert->seed_length = 2 * (q_bits / 8) + 1; - FIPS_RULE(cert->seed_length != seed_size, 0, "unsupported DSA seed length (is %d, shoudl be %d)\n", seed_size, cert->seed_length); + FIPS_RULE(cert->seed_length != seed_size, 0, "unsupported DSA seed length (is %d, should be %d)\n", seed_size, cert->seed_length); } else { cert->seed_length = seed_size; } diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c index a76e5eaa00..438101ef1d 100644 --- a/lib/nettle/int/rsa-keygen-fips186.c +++ b/lib/nettle/int/rsa-keygen-fips186.c @@ -358,7 +358,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub, goto cleanup; } - /* Done! Almost, we must compute the auxillary private values. */ + /* Done! Almost, we must compute the auxiliary private values. */ /* a = d % (p-1) */ mpz_fdiv_r(key->a, key->d, p1); diff --git a/lib/pcert.c b/lib/pcert.c index 816a748b05..23eadf12d0 100644 --- a/lib/pcert.c +++ b/lib/pcert.c @@ -387,7 +387,7 @@ int gnutls_pcert_import_rawpk(gnutls_pcert_st* pcert, /* A pcert struct holds a raw copy of the certificate data. * Therefore we convert our gnutls_pubkey_t to its raw DER * representation and copy it into our pcert. It is this raw data - * that will be transfered to the peer via a Certificate msg. + * that will be transferred to the peer via a Certificate msg. * According to the spec (RFC7250) a DER representation must be used. */ ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &pcert->cert); @@ -452,7 +452,7 @@ int gnutls_pcert_import_rawpk_raw(gnutls_pcert_st* pcert, pcert->pubkey->key_usage = key_usage; /* A pcert struct holds a raw copy of the certificate data. - * It is this raw data that will be transfered to the peer via a + * It is this raw data that will be transferred to the peer via a * Certificate message. According to the spec (RFC7250) a DER * representation must be used. Therefore we check the format and * convert if necessary. diff --git a/lib/pkcs11.c b/lib/pkcs11.c index c974565830..39e2799b1e 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1291,7 +1291,7 @@ void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj) * replaced by the actual size of parameters) * * This function will export the PKCS11 object data. It is normal for - * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST + * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST * will be returned. * * If the buffer provided is not long enough to hold the output, then @@ -1329,7 +1329,7 @@ gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj, * @out: will contain the object data * * This function will export the PKCS11 object data. It is normal for - * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST + * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST * will be returned. * * The output buffer is allocated using gnutls_malloc(). @@ -1352,7 +1352,7 @@ gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj, gnutls_datum_t * out) * @fmt: The format of the exported data * * This function will export the PKCS11 object data. It is normal for - * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST + * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST * will be returned. * * The output buffer is allocated using gnutls_malloc(). @@ -4252,7 +4252,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, * * This function will return the issuer of a given certificate, if it * is stored in the token. By default only marked as trusted issuers - * are retuned. If any issuer should be returned specify + * are returned. If any issuer should be returned specify * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a @@ -4355,7 +4355,7 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, * * This function will return the certificate with the given DN, if it * is stored in the token. By default only marked as trusted issuers - * are retuned. If any issuer should be returned specify + * are returned. If any issuer should be returned specify * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags. * * The name of the function includes issuer because it can @@ -4440,7 +4440,7 @@ int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *d * * This function will return the certificate with the given DN and @spki, if it * is stored in the token. By default only marked as trusted issuers - * are retuned. If any issuer should be returned specify + * are returned. If any issuer should be returned specify * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags. * * The name of the function includes issuer because it can diff --git a/lib/record.c b/lib/record.c index 73c484ed56..2dc997d09b 100644 --- a/lib/record.c +++ b/lib/record.c @@ -872,7 +872,7 @@ record_add_to_buffers(gnutls_session_t session, goto cleanup; } else { /* if the alert is FATAL or WARNING - * return the apropriate message + * return the appropriate message */ gnutls_assert(); ret = GNUTLS_E_WARNING_ALERT_RECEIVED; diff --git a/lib/str-idna.c b/lib/str-idna.c index 8a1dce980a..30a09407c0 100644 --- a/lib/str-idna.c +++ b/lib/str-idna.c @@ -73,7 +73,7 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig /* IDN2_NONTRANSITIONAL automatically converts to lowercase * IDN2_NFC_INPUT converts to NFC before toASCII conversion * - * Since IDN2_NONTRANSITIONAL implicitely does NFC conversion, we don't need + * Since IDN2_NONTRANSITIONAL implicitly does NFC conversion, we don't need * the additional IDN2_NFC_INPUT. But just for the unlikely case that the linked * library is not matching the headers when building and it doesn't support TR46, * we provide IDN2_NFC_INPUT. */ @@ -223,7 +223,7 @@ _gnutls_buffer_pop_datum(gnutls_buffer_st * str, gnutls_datum_t * data, str->data += req_size; str->length -= req_size; - /* if string becomes empty start from begining */ + /* if string becomes empty start from beginning */ if (str->length == 0) { str->data = str->allocd; } diff --git a/lib/tls-sig.c b/lib/tls-sig.c index 87016172e2..75f88e5fbd 100644 --- a/lib/tls-sig.c +++ b/lib/tls-sig.c @@ -547,7 +547,7 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session, } /* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2. - * Returns the used signature algorihm, or a negative error code. + * Returns the used signature algorithm, or a negative error code. */ static int _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session, @@ -668,7 +668,7 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session, * For TLS1.x, x<2 returns negative for failure and zero or unspecified for success. * For TLS1.2 returns the signature algorithm used on success, or a negative error code; * - * Returns the used signature algorihm, or a negative error code. + * Returns the used signature algorithm, or a negative error code. */ int _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session, diff --git a/lib/x509/attributes.c b/lib/x509/attributes.c index 4d116be4ec..9c83ca8414 100644 --- a/lib/x509/attributes.c +++ b/lib/x509/attributes.c @@ -110,7 +110,7 @@ _x509_parse_attribute(ASN1_TYPE asn1_struct, goto cleanup; } - /* Move to the attibute type and values + /* Move to the attribute type and values */ /* Read the OID */ diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 828bd9059d..033531970d 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -74,7 +74,7 @@ static int append_elements(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, gnu goto cleanup; } - do { /* Move to the attibute type and values + do { /* Move to the attribute type and values */ k2++; @@ -359,7 +359,7 @@ _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, k2 = 0; - do { /* Move to the attibute type and values + do { /* Move to the attribute type and values */ k2++; @@ -519,7 +519,7 @@ _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, k2 = 0; - do { /* Move to the attibute type and values + do { /* Move to the attribute type and values */ k2++; diff --git a/lib/x509/ip-in-cidr.h b/lib/x509/ip-in-cidr.h index 86fd8e50e4..8bb5dd48ae 100644 --- a/lib/x509/ip-in-cidr.h +++ b/lib/x509/ip-in-cidr.h @@ -30,7 +30,7 @@ * The @ip version must match the @cidr version (v4/v6), * (this is not checked). * - * Returns: 1 if @ip lies withing @cidr, 0 otherwise + * Returns: 1 if @ip lies within @cidr, 0 otherwise -*/ static unsigned ip_in_cidr(const gnutls_datum_t *ip, const gnutls_datum_t *cidr) { diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 20a64690a3..bb914420f1 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -378,7 +378,7 @@ _gnutls_x509_write_sign_params(ASN1_TYPE dst, const char *dst_name, } /* this function reads a (small) unsigned integer - * from asn1 structs. Combines the read and the convertion + * from asn1 structs. Combines the read and the conversion * steps. */ int diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c index c4d78026fe..a2cca38450 100644 --- a/lib/x509/name_constraints.c +++ b/lib/x509/name_constraints.c @@ -242,7 +242,7 @@ static name_constraints_node_st* name_constraints_node_new(unsigned type, * @_nc_excluded: Corresponding excluded name constraints list * * This function finds the intersection of @_nc and @_nc2. The result is placed in @_nc, - * the original @_nc is deallocated. @_nc2 is not chenged. If necessary, a universal + * the original @_nc is deallocated. @_nc2 is not changed. If necessary, a universal * excluded name constraint node of the right type is added to the list provided * in @_nc_excluded. * diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index db54b3ea22..a52c4aa428 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -2575,7 +2575,7 @@ time_t _gnutls_ocsp_get_validity(gnutls_ocsp_resp_t resp) now = gnutls_time(0); if (ntime == -1) { - /* This is a problematic case, and there is no concensus on how + /* This is a problematic case, and there is no consensus on how * to treat these responses. It doesn't contain the time after which * the response is invalid, thus it is an OCSP response effectively * valid forever defeating the purpose of OCSP. We set here the same diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 1f5b4bdf88..447eb8e2c9 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -827,7 +827,7 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) asn1_delete_structure(&safe_cont); - /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12 + /* Step 5. Re-encode and copy the AuthenticatedSafe into the pkcs12 * structure. */ result = diff --git a/lib/x509/time.c b/lib/x509/time.c index 4d2b789268..2632a795a9 100644 --- a/lib/x509/time.c +++ b/lib/x509/time.c @@ -35,7 +35,7 @@ #include <common.h> /* TIME functions - * Convertions between generalized or UTC time to time_t + * Conversions between generalized or UTC time to time_t * */ @@ -69,7 +69,7 @@ static const int MONTHDAYS[] = { /* ** Given a struct tm representing a calendar time in UTC, convert it to ** seconds since epoch. Returns (time_t) -1 if the time is not - ** convertable. Note that this function does not canonicalize the provided + ** convertible. Note that this function does not canonicalize the provided ** struct tm, nor does it allow out of range values or years before 1970. */ static time_t mktime_utc(const struct fake_tm *tm) diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index 7f640f1a13..5969b36146 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -1203,7 +1203,7 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list, /* This macro is introduced to detect a verification output * which indicates an unknown signer, or a signer which uses * an insecure algorithm (e.g., sha1), something that indicates - * a superceded signer */ + * a superseded signer */ #define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM)) #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND)) diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 58acf42b86..d4eafd4fdd 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -593,7 +593,7 @@ static int _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign, * trusted CAs. * * Returns only 0 or 1. If 1 it means that the certificate - * was successfuly verified. + * was successfully verified. * * 'flags': an OR of the gnutls_certificate_verify_flags enumeration. * diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c index 58c3263d1e..8213c6e427 100644 --- a/lib/x509/x509_ext.c +++ b/lib/x509/x509_ext.c @@ -453,7 +453,7 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext, * * This function will convert the provided name constraints type to a * DER-encoded PKIX NameConstraints (2.5.29.30) extension. The output data in - * @ext will be allocated usin gnutls_malloc(). + * @ext will be allocated using gnutls_malloc(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. * @@ -3136,7 +3136,7 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext, * * This function will convert the key purposes type to a * DER-encoded PKIX ExtKeyUsageSyntax (2.5.29.37) extension. The output data in - * @ext will be allocated usin gnutls_malloc(). + * @ext will be allocated using gnutls_malloc(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. * diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index bbd59d1547..c1bacc7b2a 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -313,7 +313,7 @@ _gnutls_x509_ext_extract_number(uint8_t * number, size_t * nr_size, uint8_t * extnValue, int extnValueLen); int -_gnutls_x509_ext_gen_number(const uint8_t * nuber, size_t nr_size, +_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size, gnutls_datum_t * der_ext); diff --git a/tests/alpn-server-prec.c b/tests/alpn-server-prec.c index e8da9ebada..0461c5d39a 100644 --- a/tests/alpn-server-prec.c +++ b/tests/alpn-server-prec.c @@ -45,6 +45,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -262,6 +263,8 @@ static void start(const char *p1, const char *p2, const char *cp1, const char *c int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/key-material-set-dtls.c b/tests/key-material-set-dtls.c index 692c7a6574..4a569162bb 100644 --- a/tests/key-material-set-dtls.c +++ b/tests/key-material-set-dtls.c @@ -42,6 +42,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -354,6 +355,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c index 304d0a171c..bed981451a 100644 --- a/tests/mini-alpn.c +++ b/tests/mini-alpn.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -264,6 +265,8 @@ static void start(const char *p1, const char *p2) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-discard.c b/tests/mini-dtls-discard.c index e9201acaea..97bc6de29b 100644 --- a/tests/mini-dtls-discard.c +++ b/tests/mini-dtls-discard.c @@ -44,6 +44,7 @@ int main() #include <arpa/inet.h> #include <unistd.h> #include <errno.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <assert.h> @@ -266,6 +267,8 @@ void start(const char *prio) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c index bb6fa7e528..cb575f9b2c 100644 --- a/tests/mini-dtls-heartbeat.c +++ b/tests/mini-dtls-heartbeat.c @@ -43,6 +43,7 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -312,6 +313,8 @@ static void start(int server_initiated) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-record.c b/tests/mini-dtls-record.c index 63bba89aaf..4d92d81c54 100644 --- a/tests/mini-dtls-record.c +++ b/tests/mini-dtls-record.c @@ -45,6 +45,7 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -367,6 +368,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-srtp.c b/tests/mini-dtls-srtp.c index 93c06820f8..78c03b3d1e 100644 --- a/tests/mini-dtls-srtp.c +++ b/tests/mini-dtls-srtp.c @@ -43,6 +43,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -304,6 +305,8 @@ static void start(int profile) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-record-failure.c b/tests/mini-record-failure.c index 02b0546270..46df2a1900 100644 --- a/tests/mini-record-failure.c +++ b/tests/mini-record-failure.c @@ -331,6 +331,7 @@ static void ch_handler(int sig) void doit(void) { + signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, ch_handler); start("aes-cbc", AES_CBC, 1); diff --git a/tests/prf.c b/tests/prf.c index 78526cfba8..ff839fe73c 100644 --- a/tests/prf.c +++ b/tests/prf.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -423,6 +424,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/psk-file.c b/tests/psk-file.c index 2512086e0f..0a6eef4b87 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -48,6 +48,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #endif #include <unistd.h> +#include <signal.h> #include <assert.h> #include <gnutls/gnutls.h> @@ -304,6 +305,8 @@ void run_test3(const char *prio, const char *sprio, const char *user, const gnut int err; int sockets[2]; + signal(SIGPIPE, SIG_IGN); + if (expect_fail_serv || expect_fail_cli) { success("ntest %s (user:%s)\n", prio, user); } else { @@ -407,7 +410,7 @@ void doit(void) run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", "jas", &key, 0, GNUTLS_KX_DHE_PSK, 0, 0); /* try without server credentials */ - run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS); + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS); } #endif /* _WIN32 */ diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c index 66b164037d..4a9cd1ea30 100644 --- a/tests/slow/cipher-api-test.c +++ b/tests/slow/cipher-api-test.c @@ -48,14 +48,54 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -static unsigned error_detected = 0; - -static void custom_abrt(int sig) +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_cipher(int algo) { - error_detected = 1; + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = + gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's block conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret >= 0) + fail("succeeded in encrypting partial data on block cipher\n"); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); } -static void test_cipher(int algo, unsigned aead) +/* Test whether an invalid gnutls_cipher_add_auth() is caught */ +static void test_aead_cipher1(int algo) { int ret; gnutls_cipher_hd_t ch; @@ -63,10 +103,9 @@ static void test_cipher(int algo, unsigned aead) uint8_t iv16[32]; uint8_t data[128]; gnutls_datum_t key, iv; - unsigned auth = 1; if (algo == GNUTLS_CIPHER_CHACHA20_POLY1305) - auth = 0; + return; key.data = key16; key.size = gnutls_cipher_get_key_size(algo); @@ -94,44 +133,84 @@ static void test_cipher(int algo, unsigned aead) if (ret < 0) fail("gnutls_cipher_init failed\n"); /*errcode 1 */ - if (aead) { - if (auth) { - ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); - if (ret < 0) - fail("could not add auth data\n"); - - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_add_auth(ch, data, 16); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in adding auth data data after partial data were given\n"); - } + ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not add auth data\n"); - /* try encrypting in a way that violates nettle's AEAD conventions */ - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); - if (ret < 0) - fail("could not encrypt data\n"); + ret = gnutls_cipher_add_auth(ch, data, 16); + if (ret >= 0) + fail("succeeded in adding auth data data after partial data were given\n"); - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in encrypting partial data after partial data were given\n"); + gnutls_cipher_deinit(ch); - } else { - /* try encrypting in a way that violates nettle's block conventions */ - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in encrypting partial data on block cipher\n"); + gnutls_global_deinit(); + return; +} + +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_aead_cipher2(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ } + + ret = + gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's AEAD conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not encrypt data\n"); + + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); + if (ret >= 0) + fail("succeeded in encrypting partial data after partial data were given\n"); + gnutls_cipher_deinit(ch); gnutls_global_deinit(); return; } +static void check_status(int status) +{ + if (WEXITSTATUS(status) != 0 || + (WIFSIGNALED(status) && WTERMSIG(status) != SIGABRT)) { + if (WIFSIGNALED(status)) { + fail("Child died with signal %d\n", WTERMSIG(status)); + } else { + fail("Child died with status %d\n", + WEXITSTATUS(status)); + } + } +} + static void start(const char *name, int algo, unsigned aead) { @@ -152,9 +231,34 @@ void start(const char *name, int algo, unsigned aead) int status; /* parent */ wait(&status); - check_wait_status(status); + check_status(status); + } else { + if (!aead) + test_cipher(algo); + else + test_aead_cipher1(algo); + exit(0); + } + + if (!aead) + return; + + /* check test_aead_cipher2 */ + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + wait(&status); + check_status(status); } else { - test_cipher(algo,aead); + test_aead_cipher2(algo); exit(0); } } diff --git a/tests/utils.h b/tests/utils.h index b905065c52..e5728374fa 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -24,6 +24,7 @@ #define UTILS_H #include <stdio.h> +#include <stdlib.h> #include <signal.h> #include <string.h> #include <stdarg.h> @@ -148,7 +149,7 @@ inline static void _check_wait_status(int status, unsigned sigonly) { #if defined WEXITSTATUS && defined WIFSIGNALED if (WEXITSTATUS(status) != 0 || - (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { + (WIFSIGNALED(status) && WTERMSIG(status) != SIGTERM)) { if (WIFSIGNALED(status)) { fail("Child died with signal %d\n", WTERMSIG(status)); } else { |