Bug Summary

File:lib/auth/dh_common.c
Location:line 238, column 3
Description:Value stored to 'i' is never read

Annotated Source Code

1/*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23/* This file contains common stuff in Ephemeral Diffie-Hellman (DHE)
24 * and Anonymous DH key exchange(DHA). These are used in the handshake
25 * procedure of the certificate and anoymous authentication.
26 */
27
28#include "gnutls_int.h"
29#include "gnutls_auth.h"
30#include "gnutls_errors.h"
31#include "gnutls_dh.h"
32#include "gnutls_num.h"
33#include "gnutls_sig.h"
34#include <gnutls_datumgnutls_datum_t.h>
35#include <gnutls_x509.h>
36#include <gnutls_state.h>
37#include <auth/dh_common.h>
38#include <algorithms.h>
39#include <auth/psk.h>
40
41/* Frees the dh_info_st structure.
42 */
43void
44_gnutls_free_dh_info (dh_info_st * dh)
45{
46 dh->secret_bits = 0;
47 _gnutls_free_datum (&dh->prime)_gnutls_free_datum_m(&dh->prime, gnutls_free);
48 _gnutls_free_datum (&dh->generator)_gnutls_free_datum_m(&dh->generator, gnutls_free);
49 _gnutls_free_datum (&dh->public_key)_gnutls_free_datum_m(&dh->public_key, gnutls_free);
50}
51
52int
53_gnutls_proc_dh_common_client_kx (gnutls_session_t session,
54 opaque * data, size_t _data_size,
55 bigint_t g, bigint_t p,
56 gnutls_datum_t* psk_key)
57{
58 uint16_t n_Y;
59 size_t _n_Y;
60 int ret;
61 ssize_t data_size = _data_size;
62
63
64 DECR_LEN (data_size, 2)do { data_size-=2; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",64); } while(0);; return -9;} } while (0)
;
65 n_Y = _gnutls_read_uint16 (&data[0]);
66 _n_Y = n_Y;
67
68 DECR_LEN (data_size, n_Y)do { data_size-=n_Y; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",68); } while(0);; return -9;} } while (0)
;
69 if (_gnutls_mpi_scan_nz (&session->key->client_Y, &data[2], _n_Y))
70 {
71 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",71); } while(0);
;
72 return GNUTLS_E_MPI_SCAN_FAILED-23;
73 }
74
75 _gnutls_dh_set_peer_public (session, session->key->client_Y);
76
77 session->key->KEY =
78 gnutls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
79
80 if (session->key->KEY == NULL((void*)0))
81 {
82 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",82); } while(0);
;
83 return GNUTLS_E_MEMORY_ERROR-25;
84 }
85
86 _gnutls_mpi_release (&session->key->client_Y);
87 _gnutls_mpi_release (&session->key->dh_secret);
88
89
90 if (psk_key == NULL((void*)0))
91 {
92 ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
93 }
94 else /* In DHE_PSK the key is set differently */
95 {
96 gnutls_datum_t tmp_dh_key;
97 ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
98 if (ret < 0)
99 {
100 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",100); } while(0);
;
101 return ret;
102 }
103
104 ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
105 _gnutls_free_datum (&tmp_dh_key)_gnutls_free_datum_m(&tmp_dh_key, gnutls_free);
106
107 }
108
109 _gnutls_mpi_release (&session->key->KEY);
110
111 if (ret < 0)
112 {
113 return ret;
114 }
115
116 return 0;
117}
118
119int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, gnutls_buffer_st* data)
120{
121 return _gnutls_gen_dh_common_client_kx_int(session, data, NULL((void*)0));
122}
123
124int
125_gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, gnutls_buffer_st* data, gnutls_datum_t* pskkey)
126{
127 bigint_t x = NULL((void*)0), X = NULL((void*)0);
128 int ret;
129
130 X = gnutls_calc_dh_secret (&x, session->key->client_g,
131 session->key->client_p, 0);
132 if (X == NULL((void*)0) || x == NULL((void*)0))
133 {
134 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",134); } while(0);
;
135 ret = GNUTLS_E_MEMORY_ERROR-25;
136 goto error;
137 }
138
139 _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x)_gnutls_mpi_ops.bigint_get_nbits(x));
140
141 ret = _gnutls_buffer_append_mpi( data, 16, X, 0);
142 if (ret < 0)
143 {
144 gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",144); } while(0);
;
145 goto error;
146 }
147
148 /* calculate the key after calculating the message */
149 session->key->KEY =
150 gnutls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
151
152 if (session->key->KEY == NULL((void*)0))
153 {
154 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",154); } while(0);
;
155 ret = GNUTLS_E_MEMORY_ERROR-25;
156 goto error;
157 }
158
159 /* THESE SHOULD BE DISCARDED */
160 _gnutls_mpi_release (&session->key->client_Y);
161 _gnutls_mpi_release (&session->key->client_p);
162 _gnutls_mpi_release (&session->key->client_g);
163
164 if (_gnutls_cipher_suite_get_kx_algo
165 (session->security_parameters.cipher_suite)
166 != GNUTLS_KX_DHE_PSK)
167 {
168 ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
169 }
170 else /* In DHE_PSK the key is set differently */
171 {
172 gnutls_datum_t tmp_dh_key;
173
174 ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
175 if (ret < 0)
176 {
177 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",177); } while(0);
;
178 goto error;
179 }
180
181 ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
182 _gnutls_free_datum (&tmp_dh_key)_gnutls_free_datum_m(&tmp_dh_key, gnutls_free);
183 }
184
185 _gnutls_mpi_release (&session->key->KEY);
186
187 if (ret < 0)
188 {
189 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",189); } while(0);
;
190 goto error;
191 }
192
193 ret = data->length;
194
195error:
196 _gnutls_mpi_release (&x);
197 _gnutls_mpi_release (&X);
198 return ret;
199}
200
201/* Returns the bytes parsed */
202int
203_gnutls_proc_dh_common_server_kx (gnutls_session_t session,
204 opaque * data, size_t _data_size)
205{
206 uint16_t n_Y, n_g, n_p;
207 size_t _n_Y, _n_g, _n_p;
208 uint8_t *data_p;
209 uint8_t *data_g;
210 uint8_t *data_Y;
211 int i, bits, ret;
212 ssize_t data_size = _data_size;
213
214 i = 0;
215
216 DECR_LEN (data_size, 2)do { data_size-=2; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",216); } while(0);; return -9;} } while (0)
;
217 n_p = _gnutls_read_uint16 (&data[i]);
218 i += 2;
219
220 DECR_LEN (data_size, n_p)do { data_size-=n_p; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",220); } while(0);; return -9;} } while (0)
;
221 data_p = &data[i];
222 i += n_p;
223
224 DECR_LEN (data_size, 2)do { data_size-=2; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",224); } while(0);; return -9;} } while (0)
;
225 n_g = _gnutls_read_uint16 (&data[i]);
226 i += 2;
227
228 DECR_LEN (data_size, n_g)do { data_size-=n_g; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",228); } while(0);; return -9;} } while (0)
;
229 data_g = &data[i];
230 i += n_g;
231
232 DECR_LEN (data_size, 2)do { data_size-=2; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",232); } while(0);; return -9;} } while (0)
;
233 n_Y = _gnutls_read_uint16 (&data[i]);
234 i += 2;
235
236 DECR_LEN (data_size, n_Y)do { data_size-=n_Y; if (data_size<0) {do { if (__builtin_expect
((_gnutls_log_level >= 2), 0)) _gnutls_log( 2, "ASSERT: %s:%d\n"
, "dh_common.c",236); } while(0);; return -9;} } while (0)
;
237 data_Y = &data[i];
238 i += n_Y;
Value stored to 'i' is never read
239
240 _n_Y = n_Y;
241 _n_g = n_g;
242 _n_p = n_p;
243
244 if (_gnutls_mpi_scan_nz (&session->key->client_Y, data_Y, _n_Y) != 0)
245 {
246 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",246); } while(0);
;
247 return GNUTLS_E_MPI_SCAN_FAILED-23;
248 }
249
250 if (_gnutls_mpi_scan_nz (&session->key->client_g, data_g, _n_g) != 0)
251 {
252 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",252); } while(0);
;
253 return GNUTLS_E_MPI_SCAN_FAILED-23;
254 }
255 if (_gnutls_mpi_scan_nz (&session->key->client_p, data_p, _n_p) != 0)
256 {
257 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",257); } while(0);
;
258 return GNUTLS_E_MPI_SCAN_FAILED-23;
259 }
260
261 bits = _gnutls_dh_get_allowed_prime_bits (session);
262 if (bits < 0)
263 {
264 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",264); } while(0);
;
265 return bits;
266 }
267
268 if (_gnutls_mpi_get_nbits (session->key->client_p)_gnutls_mpi_ops.bigint_get_nbits(session->key->client_p
)
< (size_t) bits)
269 {
270 /* the prime used by the peer is not acceptable
271 */
272 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",272); } while(0);
;
273 return GNUTLS_E_DH_PRIME_UNACCEPTABLE-63;
274 }
275
276 _gnutls_dh_set_group (session, session->key->client_g,
277 session->key->client_p);
278 _gnutls_dh_set_peer_public (session, session->key->client_Y);
279
280 ret = n_Y + n_p + n_g + 6;
281
282 return ret;
283}
284
285int
286_gnutls_dh_common_print_server_kx (gnutls_session_t session,
287 bigint_t g, bigint_t p, unsigned int q_bits,
288 gnutls_buffer_st* data)
289{
290 bigint_t x, Y;
291 int ret;
292
293 /* Y=g^x mod p */
294 Y = gnutls_calc_dh_secret (&x, g, p, q_bits);
295 if (Y == NULL((void*)0) || x == NULL((void*)0))
296 {
297 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "dh_common.c",297); } while(0);
;
298 return GNUTLS_E_MEMORY_ERROR-25;
299 }
300
301 session->key->dh_secret = x;
302 _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x)_gnutls_mpi_ops.bigint_get_nbits(x));
303
304 ret = _gnutls_buffer_append_mpi(data, 16, p, 0);
305 if (ret < 0)
306 {
307 ret = gnutls_assert_val(ret)gnutls_assert_val_int(ret, "dh_common.c", 307);
308 goto cleanup;
309 }
310
311 ret = _gnutls_buffer_append_mpi(data, 16, g, 0);
312 if (ret < 0)
313 {
314 ret = gnutls_assert_val(ret)gnutls_assert_val_int(ret, "dh_common.c", 314);
315 goto cleanup;
316 }
317
318 ret = _gnutls_buffer_append_mpi(data, 16, Y, 0);
319 if (ret < 0)
320 {
321 ret = gnutls_assert_val(ret)gnutls_assert_val_int(ret, "dh_common.c", 321);
322 goto cleanup;
323 }
324
325cleanup:
326 _gnutls_mpi_release (&Y);
327
328 return data->length;
329}