X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Ftls-gnu.c;h=6d60409d7a310fb115936fe7a115f2fae0cfed18;hb=11b31159ac7d1acef923c29053fc3d9c6bbf5c12;hp=42d54a9c586874d6e5949245d6e58abb9e908521;hpb=4312da48dab2e6510199a598ae15dbfe1787e3e2;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 42d54a9c5..6d60409d7 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -475,16 +475,16 @@ tls_channelbinding_b64 = NULL; #ifdef HAVE_GNUTLS_SESSION_CHANNEL_BINDING channel.data = NULL; channel.size = 0; -rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel); -if (rc) { - DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); -} else { +if ((rc = gnutls_session_channel_binding(state->session, GNUTLS_CB_TLS_UNIQUE, &channel))) + { DEBUG(D_tls) debug_printf("Channel binding error: %s\n", gnutls_strerror(rc)); } +else + { old_pool = store_pool; store_pool = POOL_PERM; - tls_channelbinding_b64 = b64encode(channel.data, (int)channel.size); + tls_channelbinding_b64 = b64encode(CUS channel.data, (int)channel.size); store_pool = old_pool; DEBUG(D_tls) debug_printf("Have channel bindings cached for possible auth usage.\n"); -} + } #endif /* peercert is set in peer_status() */ @@ -1483,7 +1483,7 @@ gnutls_kx_algorithm_t kx; gnutls_mac_algorithm_t mac; gnutls_certificate_type_t ct; gnutls_x509_crt_t crt; -uschar *p, *dn_buf; +uschar *dn_buf; size_t sz; if (state->have_set_peerdn) @@ -1507,7 +1507,7 @@ string_format(cipherbuf, sizeof(cipherbuf), /* I don't see a way that spaces could occur, in the current GnuTLS code base, but it was a concern in the old code and perhaps older GnuTLS releases did return "TLS 1.0"; play it safe, just in case. */ -for (p = cipherbuf; *p != '\0'; ++p) +for (uschar * p = cipherbuf; *p != '\0'; ++p) if (isspace(*p)) *p = '-'; old_pool = store_pool; @@ -2129,7 +2129,7 @@ if (rc != GNUTLS_E_SUCCESS) gnutls_certificate_free_credentials(state->x509_cred); millisleep(500); shutdown(state->fd_out, SHUT_WR); - for (rc = 1024; fgetc(smtp_in) != EOF && rc > 0; ) rc--; /* drain skt */ + for (int i = 1024; fgetc(smtp_in) != EOF && i > 0; ) i--; /* drain skt */ (void)fclose(smtp_out); (void)fclose(smtp_in); smtp_out = smtp_in = NULL; @@ -2213,22 +2213,21 @@ after verification is done.*/ static BOOL dane_tlsa_load(exim_gnutls_state_st * state, dns_answer * dnsa) { -dns_record * rr; dns_scan dnss; int i; const char ** dane_data; int * dane_data_len; -for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 1; - rr; +i = 1; +for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) ) if (rr->type == T_TLSA) i++; dane_data = store_get(i * sizeof(uschar *)); dane_data_len = store_get(i * sizeof(int)); -for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 0; - rr; +i = 0; +for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) ) if (rr->type == T_TLSA && rr->size > 3) { @@ -2562,8 +2561,12 @@ DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(%p, %p, %u)\n", sigalrm_seen = FALSE; if (smtp_receive_timeout > 0) ALARM(smtp_receive_timeout); -inbytes = gnutls_record_recv(state->session, state->xfer_buffer, - MIN(ssl_xfer_buffer_size, lim)); + +do + inbytes = gnutls_record_recv(state->session, state->xfer_buffer, + MIN(ssl_xfer_buffer_size, lim)); +while (inbytes == GNUTLS_E_AGAIN); + if (smtp_receive_timeout > 0) ALARM_CLR(0); if (had_command_timeout) /* set by signal handler */ @@ -2618,7 +2621,7 @@ else if (inbytes == 0) else if (inbytes < 0) { -debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__); + DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__); record_io_error(state, (int) inbytes, US"recv", NULL); state->xfer_error = TRUE; return FALSE; @@ -2740,17 +2743,20 @@ DEBUG(D_tls) debug_printf("Calling gnutls_record_recv(%p, %p, " SIZE_T_FMT ")\n", state->session, buff, len); -inbytes = gnutls_record_recv(state->session, buff, len); +do + inbytes = gnutls_record_recv(state->session, buff, len); +while (inbytes == GNUTLS_E_AGAIN); + if (inbytes > 0) return inbytes; if (inbytes == 0) { DEBUG(D_tls) debug_printf("Got TLS_EOF\n"); } else -{ -debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__); -record_io_error(state, (int)inbytes, US"recv", NULL); -} + { + DEBUG(D_tls) debug_printf("%s: err from gnutls_record_recv(\n", __FUNCTION__); + record_io_error(state, (int)inbytes, US"recv", NULL); + } return -1; } @@ -2792,7 +2798,10 @@ while (left > 0) { DEBUG(D_tls) debug_printf("gnutls_record_send(SSL, %p, " SIZE_T_FMT ")\n", buff, left); - outbytes = gnutls_record_send(state->session, buff, left); + + do + outbytes = gnutls_record_send(state->session, buff, left); + while (outbytes == GNUTLS_E_AGAIN); DEBUG(D_tls) debug_printf("outbytes=" SSIZE_T_FMT "\n", outbytes); if (outbytes < 0) @@ -2854,7 +2863,6 @@ vaguely_random_number(int max) { unsigned int r; int i, needed_len; -uschar *p; uschar smallbuf[sizeof(r)]; if (max <= 1) @@ -2862,7 +2870,8 @@ if (max <= 1) needed_len = sizeof(r); /* Don't take 8 times more entropy than needed if int is 8 octets and we were - * asked for a number less than 10. */ +asked for a number less than 10. */ + for (r = max, i = 0; r; ++i) r >>= 1; i = (i + 7) / 8; @@ -2876,11 +2885,8 @@ if (i < 0) return vaguely_random_number_fallback(max); } r = 0; -for (p = smallbuf; needed_len; --needed_len, ++p) - { - r *= 256; - r += *p; - } +for (uschar * p = smallbuf; needed_len; --needed_len, ++p) + r = r * 256 + *p; /* We don't particularly care about weighted results; if someone wants * smooth distribution and cares enough then they should submit a patch then. */