From 292cefd2b515cf6481930f694b4e16655a6ba2b6 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Fri, 19 Aug 2016 19:17:38 +0000
Subject: [PATCH] GNUTLS: Cleanup fingerprint generation

Removes intermediate buffer, properly check return values
---
 rb/gnutls.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/rb/gnutls.c b/rb/gnutls.c
index 4a8ffb39a..d29007701 100644
--- a/rb/gnutls.c
+++ b/rb/gnutls.c
@@ -608,7 +608,6 @@ static int
 make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
 {
 	gnutls_digest_algorithm_t algo;
-	uint8_t digest[RB_SSL_CERTFP_LEN * 2];
 	size_t digest_size;
 	bool spki = false;
 	int len;
@@ -637,7 +636,7 @@ make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int metho
 
 	if (!spki)
 	{
-		if (gnutls_x509_crt_get_fingerprint(cert, algo, digest, &digest_size) < 0)
+		if (gnutls_x509_crt_get_fingerprint(cert, algo, certfp, &digest_size) != 0)
 			len = 0;
 	}
 	else
@@ -667,7 +666,7 @@ make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int metho
 
 		if (der_pubkey)
 		{
-			if (gnutls_hash_fast(algo, der_pubkey, der_pubkey_len, digest) != 0)
+			if (gnutls_hash_fast(algo, der_pubkey, der_pubkey_len, certfp) != 0)
 				len = 0;
 
 			rb_free(der_pubkey);
@@ -678,8 +677,6 @@ make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int metho
 		}
 	}
 
-	if (len)
-		memcpy(certfp, digest, len);
 	return len;
 }