From 31eefe1c0cfacf17b5c66aeacfdbc531abb1b98c Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 15 Mar 2019 17:00:17 +0100 Subject: Removed all FIXME comments in code [ci skip] We expand informational comments on limitations, but with removing FIXME (keyword didn't help fixing these), and remove completely unhelpful comments, obsolete ones, or comments about ideas. Signed-off-by: Nikos Mavrogiannopoulos --- lib/algorithms/kx.c | 2 +- lib/buffers.c | 2 +- lib/cert-cred.c | 9 ++++----- lib/constate.c | 2 -- lib/handshake.c | 4 ---- lib/pkcs11.c | 1 - lib/pkcs11_secret.c | 4 ++-- lib/pkcs11_write.c | 4 ++-- lib/str-unicode.c | 2 +- lib/x509/key_decode.c | 4 ++-- lib/x509/mpi.c | 4 ---- lib/x509/verify-high.c | 8 -------- src/certtool.c | 3 +-- 13 files changed, 14 insertions(+), 35 deletions(-) diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c index 151b3dc025..9b670693b4 100644 --- a/lib/algorithms/kx.c +++ b/lib/algorithms/kx.c @@ -44,7 +44,7 @@ extern mod_auth_st srp_dss_auth_struct; /* Cred type mappings to KX algorithms - * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require + * The mappings are not 1-1. Some KX such as SRP_RSA require * more than one credentials type. */ typedef struct { diff --git a/lib/buffers.c b/lib/buffers.c index 73f96ab6c2..076a39f06b 100644 --- a/lib/buffers.c +++ b/lib/buffers.c @@ -277,7 +277,7 @@ _gnutls_dgram_read(gnutls_session_t session, mbuffer_st ** bufel, fd); if (i == 0) { /* If we get here, we likely have a stream socket. - * FIXME: this probably breaks DCCP. */ + * That assumption may not work on DCCP. */ gnutls_assert(); ret = 0; goto cleanup; diff --git a/lib/cert-cred.c b/lib/cert-cred.c index 8a08d26d8c..e2cc798cbc 100644 --- a/lib/cert-cred.c +++ b/lib/cert-cred.c @@ -273,14 +273,13 @@ void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) * gnutls_certificate_free_cas: * @sc: is a #gnutls_certificate_credentials_t type. * - * This function will delete all the CAs associated with the given - * credentials. Servers that do not use - * gnutls_certificate_verify_peers2() may call this to save some - * memory. + * This function was operational on very early versions of gnutls. + * Due to internal refactorings and the fact that this was hardly ever + * used, it is currently a no-op. + * **/ void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc) { - /* FIXME: do nothing for now */ return; } diff --git a/lib/constate.c b/lib/constate.c index d28c00bc31..be784bce64 100644 --- a/lib/constate.c +++ b/lib/constate.c @@ -56,8 +56,6 @@ static int _gnutls_set_keys(gnutls_session_t session, record_parameters_st * params, unsigned hash_size, unsigned IV_size, unsigned key_size) { - /* FIXME: This function is too long - */ uint8_t rnd[2 * GNUTLS_RANDOM_SIZE]; int pos, ret; int block_size; diff --git a/lib/handshake.c b/lib/handshake.c index 8446da45e5..da1f87d183 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2499,7 +2499,6 @@ recv_hello_verify_request(gnutls_session_t session, return GNUTLS_E_UNEXPECTED_PACKET; } - /* TODO: determine if we need to do anything with the server version field */ DECR_LEN(len, 2); pos += 2; @@ -3671,9 +3670,6 @@ gnutls_handshake_get_last_out(gnutls_session_t session) } /* This returns the session hash as in draft-ietf-tls-session-hash-02. - * - * FIXME: It duplicates some of the actions in _gnutls_handshake_sign_crt_vrfy*. - * See whether they can be merged. */ int _gnutls_handshake_get_session_hash(gnutls_session_t session, gnutls_datum_t *shash) { diff --git a/lib/pkcs11.c b/lib/pkcs11.c index fbe2b48f22..2ec642bf8a 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2999,7 +2999,6 @@ find_privkeys(struct pkcs11_session_info *sinfo, /* Find an object with private key class and a certificate ID * which matches the certificate. */ - /* FIXME: also match the cert subject. */ a[0].type = CKA_CLASS; a[0].value = &class; a[0].value_len = sizeof class; diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c index 828fbff6da..95bbfae757 100644 --- a/lib/pkcs11_secret.c +++ b/lib/pkcs11_secret.c @@ -89,8 +89,8 @@ gnutls_pkcs11_copy_secret_key(const char *token_url, gnutls_datum_t * key, return ret; } - /* FIXME: copy key usage flags */ - + /* We do not copy key usage flags. + */ a[0].type = CKA_CLASS; a[0].value = &class; a[0].value_len = sizeof(class); diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index b1176fb0ff..ab740dcd62 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -187,6 +187,8 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, a[1].value_len = cid->size; } + /* we do not use the key usage flags; these are apparent from + * the certificate itself. */ a[2].type = CKA_VALUE; a[2].value = der; a[2].value_len = der_size; @@ -196,7 +198,6 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, a[4].type = CKA_CERTIFICATE_TYPE; a[4].value = &type; a[4].value_len = sizeof(type); - /* FIXME: copy key usage flags */ a_val = 5; @@ -715,7 +716,6 @@ gnutls_pkcs11_copy_x509_privkey2(const char *token_url, pk = gnutls_x509_privkey_get_pk_algorithm(key); FIX_KEY_USAGE(pk, key_usage); - /* FIXME: copy key usage flags */ a_val = 0; a[a_val].type = CKA_CLASS; a[a_val].value = &class; diff --git a/lib/str-unicode.c b/lib/str-unicode.c index 0cd47d4953..d66710a5f2 100644 --- a/lib/str-unicode.c +++ b/lib/str-unicode.c @@ -123,7 +123,7 @@ static int check_for_valid_freeformclass(uint32_t *ucs4, unsigned ucs4_size) /* Disallowed o Old Hangul Jamo characters, i.e., the OldHangulJamo ("I") category - [FIXME: not handled in this code] + (not handled in this code) o Control characters, i.e., the Controls ("L") category diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index 1e07bbc441..00f1950acb 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -193,9 +193,9 @@ _gnutls_x509_read_dsa_params(uint8_t * der, int dersize, return _gnutls_asn2err(result); } - /* FIXME: If the parameters are not included in the certificate + /* If the parameters are not included in the certificate * then the issuer's parameters should be used. This is not - * done yet. + * implemented, and is not used in practice (along with DSA). */ /* Read p */ diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 664b22c509..1be3da484e 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -134,10 +134,6 @@ _gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root, _asnstr_append_name(name, sizeof(name), root, ".algorithm.parameters"); - /* FIXME: If the parameters are not included in the certificate - * then the issuer's parameters should be used. This is not - * needed in practice though. - */ if (pk_algorithm != GNUTLS_PK_RSA && pk_algorithm != GNUTLS_PK_EDDSA_ED25519 && pk_algorithm != GNUTLS_PK_ECDH_X25519) { /* RSA and EdDSA do not use parameters */ result = _gnutls_x509_read_value(asn, name, &tmp); diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c index bbb54a0f93..5515d54ff9 100644 --- a/lib/x509/verify-high.c +++ b/lib/x509/verify-high.c @@ -186,14 +186,6 @@ add_new_ca_to_rdn_seq(gnutls_x509_trust_list_t list, * This will be sent to clients when a certificate * request message is sent. */ - - /* FIXME: in case of a client it is not needed - * to do that. This would save time and memory. - * However we don't have that information available - * here. - * Further, this function is now much more efficient, - * so optimizing that is less important. - */ tmp.data = ca->raw_dn.data; tmp.size = ca->raw_dn.size; diff --git a/src/certtool.c b/src/certtool.c index ea8fc81c67..11dc27a6fd 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -3702,8 +3702,7 @@ void smime_to_pkcs7(void) char *lineptr = NULL; ssize_t len; - /* Find body. FIXME: Handle non-b64 Content-Transfer-Encoding. - Reject non-S/MIME tagged Content-Type's? */ + /* Find body. We do not handle non-b64 Content-Transfer-Encoding. */ do { len = getline(&lineptr, &linesize, infile); if (len == -1) { -- cgit v1.2.1