diff --git a/apps/cmdline.c b/apps/cmdline.c index b9ecafb..eb95d9a 100644 --- a/apps/cmdline.c +++ b/apps/cmdline.c @@ -152,7 +152,7 @@ xmlSecAppCmdLineValueCreate(xmlSecAppCmdLineParamPtr param, int pos) { assert(param != NULL); value = (xmlSecAppCmdLineValuePtr) malloc(sizeof(xmlSecAppCmdLineValue)); if(value == NULL) { - fprintf(stderr, "Error: malloc failed (%d bytes).\n", sizeof(xmlSecAppCmdLineValue)); + fprintf(stderr, "Error: malloc failed (%d bytes).\n", (int)sizeof(xmlSecAppCmdLineValue)); return(NULL); } memset(value, 0, sizeof(xmlSecAppCmdLineValue)); @@ -284,7 +284,7 @@ xmlSecAppCmdLineParamRead(xmlSecAppCmdLineParamPtr param, const char** argv, int value->strValue = argv[++pos]; buf = (char*)malloc(strlen(value->strValue) + 2); if(buf == NULL) { - fprintf(stderr, "Error: failed to allocate memory (%d bytes).\n", strlen(value->strValue) + 2); + fprintf(stderr, "Error: failed to allocate memory (%d bytes).\n", (int)strlen(value->strValue) + 2); return(-1); } memset(buf, 0, strlen(value->strValue) + 2); diff --git a/apps/xmlsec.c b/apps/xmlsec.c index c2f3196..c9e5534 100644 --- a/apps/xmlsec.c +++ b/apps/xmlsec.c @@ -2986,7 +2986,7 @@ xmlSecAppWriteResult(xmlDocPtr doc, xmlSecBufferPtr buffer) { if(doc != NULL) { xmlDocDump(f, doc); } else if((buffer != NULL) && (xmlSecBufferGetData(buffer) != NULL)) { - fwrite(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), 1, f); + (void)fwrite(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), 1, f); } else { fprintf(stderr, "Error: both result doc and result buffer are null\n"); xmlSecAppCloseFile(f); diff --git a/docs/index.html b/docs/index.html index c46aefe..96fea05 100644 --- a/docs/index.html +++ b/docs/index.html @@ -70,7 +70,7 @@ see the Copyright file in the distribution for details.

The XML Security Library 1.2.20 release fixes a number of miscellaneous bugs and updates expired or soon-to-be-expired certificates in the test suite. -
  • March 24 2013
    +
  • March 24 2013
    The XML Security Library 1.2.19 release adds support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512 and fixes a number of miscellaneous bugs.
  • diff --git a/docs/news.html b/docs/news.html index c0ff702..8aaa252 100644 --- a/docs/news.html +++ b/docs/news.html @@ -51,7 +51,7 @@ The XML Security Library 1.2.20 release fixes a number of miscellaneous bugs and updates expired or soon-to-be-expired certificates in the test suite. -
  • March 24 2013
    +
  • March 24 2013
    The XML Security Library 1.2.19 release adds support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, ECDSA-SHA512 and fixes a number of miscellaneous bugs.
  • diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h index aec5fb3..b2fbea9 100644 --- a/include/xmlsec/openssl/crypto.h +++ b/include/xmlsec/openssl/crypto.h @@ -308,7 +308,7 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformGost2001GostR3411_9 * The GOSTR3411_94 signature transform klass. */ #define xmlSecOpenSSLTransformGostR3411_94Id \ - xmlSecOpenSSLTransformGostR3411_94GetKlass() + xmlSecOpenSSLTransformGostR3411_94GetKlass() XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformGostR3411_94GetKlass(void); #endif /* XMLSEC_NO_GOST */ diff --git a/src/base64.c b/src/base64.c index 53e6694..0546582 100644 --- a/src/base64.c +++ b/src/base64.c @@ -161,7 +161,7 @@ xmlSecBase64CtxCreate(int encode, int columns) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecBase64Ctx)=%d", - sizeof(xmlSecBase64Ctx)); + (int)sizeof(xmlSecBase64Ctx)); return(NULL); } diff --git a/src/buffer.c b/src/buffer.c index 0efbfed..52c5fc9 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -67,7 +67,7 @@ xmlSecBufferCreate(xmlSecSize size) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecBuffer)=%d", sizeof(xmlSecBuffer)); + "sizeof(xmlSecBuffer)=%d", (int)sizeof(xmlSecBuffer)); return(NULL); } diff --git a/src/dl.c b/src/dl.c index 5ffc2ff..255818f 100644 --- a/src/dl.c +++ b/src/dl.c @@ -102,7 +102,7 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(lib)); + "size=%d", (int)sizeof(lib)); return(NULL); } memset(lib, 0, sizeof(xmlSecCryptoDLLibrary)); diff --git a/src/gcrypt/asn1.c b/src/gcrypt/asn1.c index 9a2b5cf..f718139 100644 --- a/src/gcrypt/asn1.c +++ b/src/gcrypt/asn1.c @@ -304,11 +304,11 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case 3: /* Public RSA */ type = xmlSecGCryptDerKeyTypePublicRsa; - break; + break; case 5: /* Public DSA */ type = xmlSecGCryptDerKeyTypePublicDsa; - break; + break; case 6: /* Private DSA */ type = xmlSecGCryptDerKeyTypePrivateDsa; diff --git a/src/io.c b/src/io.c index 42e9133..3f3b9ef 100644 --- a/src/io.c +++ b/src/io.c @@ -66,7 +66,7 @@ xmlSecIOCallbackCreate(xmlInputMatchCallback matchFunc, xmlInputOpenCallback ope NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecIOCallback)=%d", - sizeof(xmlSecIOCallback)); + (int)sizeof(xmlSecIOCallback)); return(NULL); } memset(callbacks, 0, sizeof(xmlSecIOCallback)); diff --git a/src/keyinfo.c b/src/keyinfo.c index 00390fa..7fc6a4b 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -227,7 +227,7 @@ xmlSecKeyInfoCtxCreate(xmlSecKeysMngrPtr keysMngr) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecKeyInfoCtx)); + "size=%d", (int)sizeof(xmlSecKeyInfoCtx)); return(NULL); } @@ -761,7 +761,16 @@ xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, /* finally set key name if it is not there */ if(xmlSecKeyGetName(key) == NULL) { - xmlSecKeySetName(key, newName); + ret = xmlSecKeySetName(key, newName); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeySetName", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlFree(newName); + return(-1); + } } xmlFree(newName); return(0); diff --git a/src/keys.c b/src/keys.c index 1d2f733..27f3690 100644 --- a/src/keys.c +++ b/src/keys.c @@ -112,7 +112,7 @@ xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecKeyUseWith)=%d", - sizeof(xmlSecKeyUseWith)); + (int)sizeof(xmlSecKeyUseWith)); return(NULL); } memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith)); @@ -548,7 +548,7 @@ xmlSecKeyCreate(void) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecKey)=%d", - sizeof(xmlSecKey)); + (int)sizeof(xmlSecKey)); return(NULL); } memset(key, 0, sizeof(xmlSecKey)); diff --git a/src/keysdata.c b/src/keysdata.c index de854ba..0367b16 100644 --- a/src/keysdata.c +++ b/src/keysdata.c @@ -255,7 +255,7 @@ xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) { } ret = (data->id->duplicate)(newData, data); - if(newData == NULL) { + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), "id->duplicate", diff --git a/src/keysmngr.c b/src/keysmngr.c index 31a03e9..ad253c9 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -53,7 +53,7 @@ xmlSecKeysMngrCreate(void) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecKeysMngr)=%d", - sizeof(xmlSecKeysMngr)); + (int)sizeof(xmlSecKeysMngr)); return(NULL); } memset(mngr, 0, sizeof(xmlSecKeysMngr)); diff --git a/src/list.c b/src/list.c index d1a0053..1d48cc6 100644 --- a/src/list.c +++ b/src/list.c @@ -65,7 +65,7 @@ xmlSecPtrListCreate(xmlSecPtrListId id) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecPtrList)=%d", - sizeof(xmlSecPtrList)); + (int)sizeof(xmlSecPtrList)); return(NULL); } @@ -479,7 +479,7 @@ xmlSecPtrListEnsureSize(xmlSecPtrListPtr list, xmlSecSize size) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecPtr)*%d=%d", - newSize, sizeof(xmlSecPtr) * newSize); + newSize, (int)(sizeof(xmlSecPtr) * newSize)); return(-1); } diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c index 16b63db..6541a6c 100644 --- a/src/mscrypto/x509vfy.c +++ b/src/mscrypto/x509vfy.c @@ -1183,7 +1183,7 @@ xmlSecMSCryptoX509GetCertName(const xmlChar * name) { "xmlSecMSCryptoConvertUtf8ToTstr", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(name2); + xmlFree(name2); return(NULL); } diff --git a/src/nodeset.c b/src/nodeset.c index 04ae810..fbb3ecd 100644 --- a/src/nodeset.c +++ b/src/nodeset.c @@ -57,7 +57,7 @@ xmlSecNodeSetCreate(xmlDocPtr doc, xmlNodeSetPtr nodes, xmlSecNodeSetType type) NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecNodeSet)=%d", - sizeof(xmlSecNodeSet)); + (int)sizeof(xmlSecNodeSet)); return(NULL); } memset(nset, 0, sizeof(xmlSecNodeSet)); diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c index f07e44b..057fc45 100644 --- a/src/nss/keysstore.c +++ b/src/nss/keysstore.c @@ -271,7 +271,7 @@ xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); ss = xmlSecNssKeysStoreGetSS(store); - xmlSecAssert2((*ss == NULL), -1); + xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1); *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(*ss == NULL) { diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index ae9e29b..5ede4cc 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -752,6 +752,15 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE); + if(handle == CK_INVALID_HANDLE) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "PK11_ImportPublicKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + ret = -1; + goto done; + } data = xmlSecKeyDataCreate(id); if(data == NULL ) { diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c index fdb866f..9e957fe 100644 --- a/src/nss/x509vfy.c +++ b/src/nss/x509vfy.c @@ -233,7 +233,8 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, NULL, XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", - cert->subjectName); + (cert != NULL) ? cert->subjectName : "(NULL)" + ); break; case SEC_ERROR_EXPIRED_CERTIFICATE: xmlSecError(XMLSEC_ERRORS_HERE, @@ -241,7 +242,8 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, NULL, XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "cert with subject name %s has expired", - cert->subjectName); + (cert != NULL) ? cert->subjectName : "(NULL)" + ); break; case SEC_ERROR_REVOKED_CERTIFICATE: xmlSecError(XMLSEC_ERRORS_HERE, @@ -249,15 +251,16 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, NULL, XMLSEC_ERRORS_R_CERT_REVOKED, "cert with subject name %s has been revoked", - cert->subjectName); + (cert != NULL) ? cert->subjectName : "(NULL)" + ); break; default: xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), NULL, XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert with subject name %s could not be verified, errcode %d", - cert->subjectName, + "cert with subject name %s could not be verified, errcode %d", + (cert != NULL) ? cert->subjectName : "(NULL)", PORT_GetError()); break; } @@ -690,11 +693,10 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { } memcpy(p, value, valueLen); p+=valueLen; - if (len > 0) + if (len > 0) { *p++=','; + } } - } else { - valueLen = 0; } if(len > 0) { ++str; --len; diff --git a/src/openssl/app.c b/src/openssl/app.c index 4f8f79e..4154d2e 100644 --- a/src/openssl/app.c +++ b/src/openssl/app.c @@ -255,7 +255,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, } if(pKey == NULL) { /* go to start of the file and try to read public key */ - BIO_reset(bio); + (void)BIO_reset(bio); pKey = PEM_read_bio_PUBKEY(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); @@ -274,7 +274,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, pKey = d2i_PrivateKey_bio(bio, NULL); if(pKey == NULL) { /* go to start of the file and try to read public key */ - BIO_reset(bio); + (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, diff --git a/src/openssl/digests.c b/src/openssl/digests.c index fa26fa6..b103035 100644 --- a/src/openssl/digests.c +++ b/src/openssl/digests.c @@ -174,15 +174,14 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_GOST if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_94Id)) { ctx->digest = EVP_get_digestbyname("md_gost94"); - if (!ctx->digest) - { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + if (!ctx->digest) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_TRANSFORM, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } else #endif /* XMLSEC_NO_GOST*/ diff --git a/src/openssl/evp.c b/src/openssl/evp.c index e042f26..464a5a3 100644 --- a/src/openssl/evp.c +++ b/src/openssl/evp.c @@ -1060,8 +1060,8 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataEcdsaKlass = { NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ NULL, /* xmlSecKeyDataBinReadMethod binRead; */ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ @@ -1887,17 +1887,17 @@ static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataGost2001Klass = { /* get info */ xmlSecOpenSSLKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */ xmlSecOpenSSLKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - NULL, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ xmlSecOpenSSLKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecOpenSSLKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecOpenSSLKeyDataGost2001DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ NULL, /* void* reserved0; */ @@ -1941,9 +1941,9 @@ xmlSecOpenSSLKeyDataGost2001Finalize(xmlSecKeyDataPtr data) { static xmlSecKeyDataType xmlSecOpenSSLKeyDataGost2001GetType(xmlSecKeyDataPtr data) { - /* Now I don't know how to find whether we have both private and public key - or the public only*/ - return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); + /* Now I don't know how to find whether we have both private and public key + or the public only*/ + return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); } static xmlSecSize diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c index 1cf1aba..8c022d5 100644 --- a/src/openssl/kt_rsa.c +++ b/src/openssl/kt_rsa.c @@ -845,7 +845,12 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr } outSize = ret; } else { - xmlSecAssert2("we could not be here" == NULL, -1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Unexpected trasnform operation: %d; paramsSize: %d", + (int)transform->operation, (int)paramsSize); return(-1); } diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c index 7e3dbc7..6751ba0 100644 --- a/src/openssl/signatures.c +++ b/src/openssl/signatures.c @@ -345,15 +345,14 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGost2001GostR3411_94Id)) { ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id; ctx->digest = EVP_get_digestbyname("md_gost94"); - if (!ctx->digest) - { - xmlSecError(XMLSEC_ERRORS_HERE, + if (!ctx->digest) { + xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_TRANSFORM, XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + return(-1); + } } else #endif /* XMLSEC_NO_GOST*/ diff --git a/src/openssl/x509.c b/src/openssl/x509.c index 459a312..11f4571 100644 --- a/src/openssl/x509.c +++ b/src/openssl/x509.c @@ -1941,7 +1941,7 @@ xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) { /* todo: add error checks */ i2d_X509_bio(mem, cert); - BIO_flush(mem); + (void)BIO_flush(mem); size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ @@ -2055,7 +2055,7 @@ xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) { /* todo: add error checks */ i2d_X509_CRL_bio(mem, crl); - BIO_flush(mem); + (void)BIO_flush(mem); size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ @@ -2111,7 +2111,7 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) { return(NULL); } - BIO_flush(mem); /* should call flush ? */ + (void)BIO_flush(mem); /* should call flush ? */ size = BIO_pending(mem); res = xmlMalloc(size + 1); diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c index ca5a462..370694d 100644 --- a/src/openssl/x509vfy.c +++ b/src/openssl/x509vfy.c @@ -178,7 +178,7 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* X509 * cert; X509 * err_cert = NULL; char buf[256]; - int err = 0, depth; + int err = 0; int i; int ret; @@ -287,49 +287,43 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) { X509_STORE_CTX xsc; -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) - X509_VERIFY_PARAM * vpm = NULL; - unsigned long vpm_flags = 0; - - vpm = X509_VERIFY_PARAM_new(); - if(vpm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_VERIFY_PARAM_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - vpm_flags = vpm->flags; -/* - vpm_flags &= (~X509_V_FLAG_X509_STRICT); -*/ - vpm_flags &= (~X509_V_FLAG_CRL_CHECK); - - X509_VERIFY_PARAM_set_depth(vpm, 9); - X509_VERIFY_PARAM_set_flags(vpm, vpm_flags); -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ - - X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2); - if(keyInfoCtx->certsVerificationTime > 0) { -#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) - vpm_flags |= X509_V_FLAG_USE_CHECK_TIME; - X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime); -#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime); } #if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) - X509_STORE_CTX_set0_param(&xsc, vpm); + { + X509_VERIFY_PARAM * vpm = NULL; + unsigned long vpm_flags = 0; + + vpm = X509_VERIFY_PARAM_new(); + if(vpm == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), + "X509_VERIFY_PARAM_new", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + vpm_flags = vpm->flags; + vpm_flags &= (~X509_V_FLAG_CRL_CHECK); + + if(keyInfoCtx->certsVerificationTime > 0) { + vpm_flags |= X509_V_FLAG_USE_CHECK_TIME; + X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime); + } + + X509_VERIFY_PARAM_set_depth(vpm, 9); + X509_VERIFY_PARAM_set_flags(vpm, vpm_flags); + X509_STORE_CTX_set0_param(&xsc, vpm); + } #endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */ ret = X509_verify_cert(&xsc); err_cert = X509_STORE_CTX_get_current_cert(&xsc); err = X509_STORE_CTX_get_error(&xsc); - depth = X509_STORE_CTX_get_error_depth(&xsc); X509_STORE_CTX_cleanup (&xsc); diff --git a/src/parser.c b/src/parser.c index 990ff98..dd902d4 100644 --- a/src/parser.c +++ b/src/parser.c @@ -159,7 +159,7 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, /* required for c14n! */ ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; ctx->parserCtx->replaceEntities = 1; - ctx->parserCtx->options = XML_PARSE_NONET; + ctx->parserCtx->options = XML_PARSE_NONET; transform->status = xmlSecTransformStatusWorking; } else if(transform->status == xmlSecTransformStatusFinished) { @@ -317,7 +317,7 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, } ret = inputPush(ctxt, input); - if(input == NULL) { + if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "inputPush", diff --git a/src/transforms.c b/src/transforms.c index 8a2ded2..d384a0e 100644 --- a/src/transforms.c +++ b/src/transforms.c @@ -355,7 +355,7 @@ xmlSecTransformCtxCreate(void) { NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecTransformCtx)); + "size=%d", (int)sizeof(xmlSecTransformCtx)); return(NULL); } @@ -876,7 +876,7 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP NULL, NULL, XMLSEC_ERRORS_R_STRDUP_FAILED, - "size=%d", xptr - uri); + "size=%d", (int)(xptr - uri)); return(-1); } @@ -932,6 +932,9 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId))); + if(buf != NULL) { + xmlFree(buf); + } return(-1); } @@ -965,6 +968,9 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformVisa3DHackId))); + if(buf != NULL) { + xmlFree(buf); + } return(-1); } @@ -2810,7 +2816,7 @@ xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferMode mode, xmlSecTransformP NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecTransformIOBuffer)); + "size=%d", (int)sizeof(xmlSecTransformIOBuffer)); return(NULL); } memset(buffer, 0, sizeof(xmlSecTransformIOBuffer)); diff --git a/src/xmldsig.c b/src/xmldsig.c index b08b8b1..10ba03f 100644 --- a/src/xmldsig.c +++ b/src/xmldsig.c @@ -73,7 +73,7 @@ xmlSecDSigCtxCreate(xmlSecKeysMngrPtr keysMngr) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecDSigCtx)=%d", - sizeof(xmlSecDSigCtx)); + (int)sizeof(xmlSecDSigCtx)); return(NULL); } @@ -160,10 +160,26 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) { } /* references lists from SignedInfo and Manifest elements */ - xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences), - xmlSecDSigReferenceCtxListId); - xmlSecPtrListInitialize(&(dsigCtx->manifestReferences), - xmlSecDSigReferenceCtxListId); + ret = xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences), + xmlSecDSigReferenceCtxListId); + if(ret != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecPtrListInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(ret); + } + ret = xmlSecPtrListInitialize(&(dsigCtx->manifestReferences), + xmlSecDSigReferenceCtxListId); + if(ret != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecPtrListInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(ret); + } dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeAny; return(0); @@ -773,7 +789,9 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { dsigCtx->signMethod->operation = dsigCtx->operation; /* calculate references */ - cur = xmlSecGetNextElementNode(cur->next); + if(cur != NULL) { + cur = xmlSecGetNextElementNode(cur->next); + } while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) { /* create reference */ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo); @@ -1118,9 +1136,9 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(dsigCtx->result) != NULL)) { fprintf(output, "== Result - start buffer:\n"); - fwrite(xmlSecBufferGetData(dsigCtx->result), - xmlSecBufferGetSize(dsigCtx->result), - 1, output); + (void)fwrite(xmlSecBufferGetData(dsigCtx->result), + xmlSecBufferGetSize(dsigCtx->result), + 1, output); fprintf(output, "\n== Result - end buffer\n"); } if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) && @@ -1128,9 +1146,9 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) { fprintf(output, "== PreSigned data - start buffer:\n"); - fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + 1, output); fprintf(output, "\n== PreSigned data - end buffer\n"); } } @@ -1207,9 +1225,9 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(dsigCtx->result) != NULL)) { fprintf(output, ""); - fwrite(xmlSecBufferGetData(dsigCtx->result), - xmlSecBufferGetSize(dsigCtx->result), - 1, output); + (void)fwrite(xmlSecBufferGetData(dsigCtx->result), + xmlSecBufferGetSize(dsigCtx->result), + 1, output); fprintf(output, "\n"); } if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) && @@ -1217,9 +1235,9 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) { (xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) { fprintf(output, ""); - fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)), + 1, output); fprintf(output, "\n"); } @@ -1260,7 +1278,7 @@ xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, xmlSecDSigReferenceOrigin NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecDSigReferenceCtx)=%d", - sizeof(xmlSecDSigReferenceCtx)); + (int)sizeof(xmlSecDSigReferenceCtx)); return(NULL); } @@ -1669,9 +1687,9 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp (xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) { fprintf(output, "== PreDigest data - start buffer:\n"); - fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + 1, output); fprintf(output, "\n== PreDigest data - end buffer\n"); } @@ -1679,9 +1697,9 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp (xmlSecBufferGetData(dsigRefCtx->result) != NULL)) { fprintf(output, "== Result - start buffer:\n"); - fwrite(xmlSecBufferGetData(dsigRefCtx->result), - xmlSecBufferGetSize(dsigRefCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(dsigRefCtx->result), + xmlSecBufferGetSize(dsigRefCtx->result), 1, + output); fprintf(output, "\n== Result - end buffer\n"); } } @@ -1742,9 +1760,9 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o (xmlSecBufferGetData(dsigRefCtx->result) != NULL)) { fprintf(output, ""); - fwrite(xmlSecBufferGetData(dsigRefCtx->result), - xmlSecBufferGetSize(dsigRefCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(dsigRefCtx->result), + xmlSecBufferGetSize(dsigRefCtx->result), 1, + output); fprintf(output, "\n"); } @@ -1752,9 +1770,9 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o (xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) { fprintf(output, ""); - fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), - 1, output); + (void)fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)), + 1, output); fprintf(output, "\n"); } if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) { diff --git a/src/xmlenc.c b/src/xmlenc.c index 44c9877..3d4e0d2 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -65,7 +65,7 @@ xmlSecEncCtxCreate(xmlSecKeysMngrPtr keysMngr) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecEncCtx)=%d", - sizeof(xmlSecEncCtx)); + (int)sizeof(xmlSecEncCtx)); return(NULL); } @@ -1218,9 +1218,9 @@ xmlSecEncCtxDebugDump(xmlSecEncCtxPtr encCtx, FILE* output) { (encCtx->resultBase64Encoded != 0)) { fprintf(output, "== Result - start buffer:\n"); - fwrite(xmlSecBufferGetData(encCtx->result), - xmlSecBufferGetSize(encCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(encCtx->result), + xmlSecBufferGetSize(encCtx->result), 1, + output); fprintf(output, "\n== Result - end buffer\n"); } } @@ -1311,9 +1311,9 @@ xmlSecEncCtxDebugXmlDump(xmlSecEncCtxPtr encCtx, FILE* output) { (encCtx->resultBase64Encoded != 0)) { fprintf(output, ""); - fwrite(xmlSecBufferGetData(encCtx->result), - xmlSecBufferGetSize(encCtx->result), 1, - output); + (void)fwrite(xmlSecBufferGetData(encCtx->result), + xmlSecBufferGetSize(encCtx->result), 1, + output); fprintf(output, "\n"); } diff --git a/src/xpath.c b/src/xpath.c index e67631e..2c96192 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -91,7 +91,7 @@ xmlSecXPathDataCreate(xmlSecXPathDataType type) { NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "sizeof(xmlSecXPathData)=%d", - sizeof(xmlSecXPathData)); + (int)sizeof(xmlSecXPathData)); return(NULL); } memset(data, 0, sizeof(xmlSecXPathData)); @@ -285,17 +285,17 @@ xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNo to reserve NULL for our own purposes so we simply create an empty node set here */ if(xpathObj->nodesetval == NULL) { - xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL); - if(xpathObj->nodesetval == NULL) { - xmlXPathFreeObject(xpathObj); - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, + xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL); + if(xpathObj->nodesetval == NULL) { + xmlXPathFreeObject(xpathObj); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, "xmlXPathNodeSetCreate", XMLSEC_ERRORS_R_XML_FAILED, "expr=%s", xmlSecErrorsSafeString(data->expr)); - return(NULL); - } + return(NULL); + } } nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType); @@ -613,7 +613,7 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", - xmlStrlen(data->expr) + strlen(xpathPattern) + 1); + (int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); return(-1); } sprintf((char*)tmp, xpathPattern, (char*)data->expr); diff --git a/src/xslt.c b/src/xslt.c index 0353a25..0a010bd 100644 --- a/src/xslt.c +++ b/src/xslt.c @@ -584,7 +584,7 @@ xmlSecXsApplyStylesheet(xmlSecXsltCtxPtr ctx, xmlDocPtr doc) { XMLSEC_ERRORS_R_XSLT_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; - } + } /* set security prefs */ ret = xsltSetCtxtSecurityPrefs(g_xslt_default_security_prefs, xsltCtx);