diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-12-16 17:30:42 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-12-16 17:30:42 +0100 |
commit | 6eb6bbfe8e504a611145f454f4045e8f49fd5e44 (patch) | |
tree | baba850cc86ee2d9d61de89da1cdfe408ad8694a | |
parent | bdcfdac13179eccee6294402f2654fece149f82b (diff) | |
download | gnutls-6eb6bbfe8e504a611145f454f4045e8f49fd5e44.tar.gz |
Indented code. Use same indentation but with -nut to avoid usage of tabs. In several editors tabs can be configured not to be 8 spaces and this produces artifacts with the current indentation that is a mixture of tabs and spaces.
290 files changed, 22446 insertions, 22433 deletions
diff --git a/doc/errcodes.c b/doc/errcodes.c index 789b8199dc..915ae66fc5 100644 --- a/doc/errcodes.c +++ b/doc/errcodes.c @@ -49,7 +49,7 @@ main (int argc, char *argv[]) int i, j; const char *desc; const char *_name; - error_name names_to_sort[400]; /* up to 400 names */ + error_name names_to_sort[400]; /* up to 400 names */ printf ("@table @code\n"); @@ -59,7 +59,7 @@ main (int argc, char *argv[]) { _name = gnutls_strerror_name (i); if (_name == NULL) - continue; + continue; strcpy (names_to_sort[j].name, _name); names_to_sort[j].error_index = i; @@ -73,7 +73,7 @@ main (int argc, char *argv[]) _name = names_to_sort[i].name; desc = gnutls_strerror (names_to_sort[i].error_index); if (desc == NULL || _name == NULL) - continue; + continue; printf ("@item %s:\n%s\n\n", _name, desc); } diff --git a/doc/examples/ex-alert.c b/doc/examples/ex-alert.c index 11aff1c137..6bc14562fe 100644 --- a/doc/examples/ex-alert.c +++ b/doc/examples/ex-alert.c @@ -28,11 +28,11 @@ check_alert (gnutls_session_t session, int ret) * a server, and we had requested a rehandshake. */ if (last_alert == GNUTLS_A_NO_RENEGOTIATION && - ret == GNUTLS_E_WARNING_ALERT_RECEIVED) - printf ("* Received NO_RENEGOTIATION alert. " - "Client Does not support renegotiation.\n"); + ret == GNUTLS_E_WARNING_ALERT_RECEIVED) + printf ("* Received NO_RENEGOTIATION alert. " + "Client Does not support renegotiation.\n"); else - printf ("* Received alert '%d': %s.\n", last_alert, - gnutls_alert_get_name (last_alert)); + printf ("* Received alert '%d': %s.\n", last_alert, + gnutls_alert_get_name (last_alert)); } } diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c index 75f755509f..4177618f8b 100644 --- a/doc/examples/ex-cert-select-pkcs11.c +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -35,9 +35,9 @@ extern int tcp_connect (void); extern void tcp_close (int sd); static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st); + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st); gnutls_x509_crt_t crt; gnutls_pkcs11_privkey_t key; @@ -56,12 +56,12 @@ load_keys (void) /* some tokens require login to read data */ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) ret = gnutls_x509_crt_import_pkcs11_url (crt, CERT_URL, - GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -71,7 +71,7 @@ load_keys (void) if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -79,14 +79,14 @@ load_keys (void) static int pin_callback (void *user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char *pin, - size_t pin_max) + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { const char *password; int len; printf ("PIN required for token '%s' with URL '%s'\n", token_label, - token_url); + token_url); if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) printf ("*** This is the final try before locking!\n"); if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) @@ -216,9 +216,9 @@ end: static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st) + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st) { char issuer_dn[256]; int i, ret; @@ -238,10 +238,10 @@ cert_callback (gnutls_session_t session, len = sizeof (issuer_dn); ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len); if (ret >= 0) - { - printf (" [%d]: ", i); - printf ("%s\n", issuer_dn); - } + { + printf (" [%d]: ", i); + printf ("%s\n", issuer_dn); + } } /* Select a certificate and return it. @@ -259,39 +259,39 @@ cert_callback (gnutls_session_t session, ret = gnutls_x509_crt_get_signature_algorithm (crt); if (ret < 0) - { - /* error reading signature algorithm - */ - return -1; - } + { + /* error reading signature algorithm + */ + return -1; + } cert_algo = ret; i = 0; do - { - ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo); - if (ret >= 0 && cert_algo == req_algo) - { - match = 1; - break; - } - - /* server has not requested anything specific */ - if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - match = 1; - break; - } - i++; - } + { + ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo); + if (ret >= 0 && cert_algo == req_algo) + { + match = 1; + break; + } + + /* server has not requested anything specific */ + if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + match = 1; + break; + } + i++; + } while (ret >= 0); if (match == 0) - { - printf - ("- Could not find a suitable certificate to send to server\n"); - return -1; - } + { + printf + ("- Could not find a suitable certificate to send to server\n"); + return -1; + } st->cert_type = type; st->ncerts = 1; diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c index 16b97e2898..09b9a5e57c 100644 --- a/doc/examples/ex-cert-select.c +++ b/doc/examples/ex-cert-select.c @@ -31,9 +31,9 @@ extern int tcp_connect (void); extern void tcp_close (int sd); static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st); + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st); gnutls_x509_crt_t crt; gnutls_x509_privkey_t key; @@ -90,7 +90,7 @@ load_keys (void) if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -109,7 +109,7 @@ load_keys (void) if (ret < 0) { fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -223,9 +223,9 @@ end: static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st) + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st) { char issuer_dn[256]; int i, ret; @@ -245,10 +245,10 @@ cert_callback (gnutls_session_t session, len = sizeof (issuer_dn); ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len); if (ret >= 0) - { - printf (" [%d]: ", i); - printf ("%s\n", issuer_dn); - } + { + printf (" [%d]: ", i); + printf ("%s\n", issuer_dn); + } } /* Select a certificate and return it. @@ -266,39 +266,39 @@ cert_callback (gnutls_session_t session, ret = gnutls_x509_crt_get_signature_algorithm (crt); if (ret < 0) - { - /* error reading signature algorithm - */ - return -1; - } + { + /* error reading signature algorithm + */ + return -1; + } cert_algo = ret; i = 0; do - { - ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo); - if (ret >= 0 && cert_algo == req_algo) - { - match = 1; - break; - } - - /* server has not requested anything specific */ - if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - match = 1; - break; - } - i++; - } + { + ret = gnutls_sign_algorithm_get_requested (session, i, &req_algo); + if (ret >= 0 && cert_algo == req_algo) + { + match = 1; + break; + } + + /* server has not requested anything specific */ + if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + match = 1; + break; + } + i++; + } while (ret >= 0); if (match == 0) - { - printf - ("- Could not find a suitable certificate to send to server\n"); - return -1; - } + { + printf + ("- Could not find a suitable certificate to send to server\n"); + return -1; + } st->cert_type = type; st->ncerts = 1; diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c index 2947b2c081..2264f076b2 100644 --- a/doc/examples/ex-client-psk.c +++ b/doc/examples/ex-client-psk.c @@ -36,7 +36,7 @@ main (void) gnutls_psk_allocate_client_credentials (&pskcred); gnutls_psk_set_client_credentials (pskcred, "test", &key, - GNUTLS_PSK_KEY_HEX); + GNUTLS_PSK_KEY_HEX); /* Initialize TLS session */ @@ -47,9 +47,9 @@ main (void) if (ret < 0) { if (ret == GNUTLS_E_INVALID_REQUEST) - { - fprintf (stderr, "Syntax error at: %s\n", err); - } + { + fprintf (stderr, "Syntax error at: %s\n", err); + } exit (1); } diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c index f38b8d9924..9e6e9b60fd 100644 --- a/doc/examples/ex-client-resume.c +++ b/doc/examples/ex-client-resume.c @@ -42,7 +42,7 @@ main (void) gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); for (t = 0; t < 2; t++) - { /* connect 2 times to the server */ + { /* connect 2 times to the server */ sd = tcp_connect (); @@ -53,11 +53,11 @@ main (void) gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); if (t > 0) - { - /* if this is not the first time we connect */ - gnutls_session_set_data (session, session_data, session_data_size); - free (session_data); - } + { + /* if this is not the first time we connect */ + gnutls_session_set_data (session, session_data, session_data_size); + free (session_data); + } gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); @@ -66,39 +66,39 @@ main (void) ret = gnutls_handshake (session); if (ret < 0) - { - fprintf (stderr, "*** Handshake failed\n"); - gnutls_perror (ret); - goto end; - } + { + fprintf (stderr, "*** Handshake failed\n"); + gnutls_perror (ret); + goto end; + } else - { - printf ("- Handshake was completed\n"); - } + { + printf ("- Handshake was completed\n"); + } if (t == 0) - { /* the first time we connect */ - /* get the session data size */ - gnutls_session_get_data (session, NULL, &session_data_size); - session_data = malloc (session_data_size); + { /* the first time we connect */ + /* get the session data size */ + gnutls_session_get_data (session, NULL, &session_data_size); + session_data = malloc (session_data_size); - /* put session data to the session variable */ - gnutls_session_get_data (session, session_data, &session_data_size); + /* put session data to the session variable */ + gnutls_session_get_data (session, session_data, &session_data_size); - } + } else - { /* the second time we connect */ - - /* check if we actually resumed the previous session */ - if (gnutls_session_is_resumed (session) != 0) - { - printf ("- Previous session was resumed\n"); - } - else - { - fprintf (stderr, "*** Previous session was NOT resumed\n"); - } - } + { /* the second time we connect */ + + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed (session) != 0) + { + printf ("- Previous session was resumed\n"); + } + else + { + fprintf (stderr, "*** Previous session was NOT resumed\n"); + } + } /* This function was defined in a previous example */ @@ -108,21 +108,21 @@ main (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - printf ("- Peer has closed the TLS connection\n"); - goto end; - } + { + printf ("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } + { + fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); + goto end; + } printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); gnutls_bye (session, GNUTLS_SHUT_RDWR); @@ -133,7 +133,7 @@ main (void) gnutls_deinit (session); - } /* for() */ + } /* for() */ gnutls_certificate_free_credentials (xcred); diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c index 7094a79921..a7109b6167 100644 --- a/doc/examples/ex-client-srp.c +++ b/doc/examples/ex-client-srp.c @@ -43,7 +43,7 @@ main (void) gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_srp_set_client_credentials (srp_cred, USERNAME, PASSWORD); /* connects to server @@ -87,15 +87,15 @@ main (void) if (gnutls_error_is_fatal (ret) == 1 || ret == 0) { if (ret == 0) - { - printf ("- Peer has closed the GnuTLS connection\n"); - goto end; - } + { + printf ("- Peer has closed the GnuTLS connection\n"); + goto end; + } else - { - fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); - goto end; - } + { + fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret)); + goto end; + } } else check_alert (session, ret); @@ -104,9 +104,9 @@ main (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } gnutls_bye (session, GNUTLS_SHUT_RDWR); diff --git a/doc/examples/ex-client-tlsia.c b/doc/examples/ex-client-tlsia.c index 909ade1348..99d36402af 100644 --- a/doc/examples/ex-client-tlsia.c +++ b/doc/examples/ex-client-tlsia.c @@ -25,12 +25,12 @@ extern void tcp_close (int sd); static int client_avp (gnutls_session_t session, void *ptr, - const char *last, size_t lastlen, char **new, size_t * newlen) + const char *last, size_t lastlen, char **new, size_t * newlen) { if (last) printf ("- received %d bytes AVP: `%.*s'\n", - (int) lastlen, (int) lastlen, last); + (int) lastlen, (int) lastlen, last); else printf ("- new application phase\n"); @@ -111,15 +111,15 @@ main (void) ret = gnutls_ia_handshake (session); if (ret < 0) - { - fprintf (stderr, "*** TLS/IA handshake failed\n"); - gnutls_perror (ret); - goto end; - } + { + fprintf (stderr, "*** TLS/IA handshake failed\n"); + gnutls_perror (ret); + goto end; + } else - { - printf ("- TLS/IA Handshake was completed\n"); - } + { + printf ("- TLS/IA Handshake was completed\n"); + } } diff --git a/doc/examples/ex-client1.c b/doc/examples/ex-client1.c index 87e721f448..4d7c94734f 100644 --- a/doc/examples/ex-client1.c +++ b/doc/examples/ex-client1.c @@ -41,7 +41,7 @@ main (void) /* Use default priorities */ gnutls_priority_set_direct (session, "PERFORMANCE:+ANON-DH:!ARCFOUR-128", - NULL); + NULL); /* put the anonymous credentials to the current session */ diff --git a/doc/examples/ex-client2.c b/doc/examples/ex-client2.c index 2946c75955..e58c910143 100644 --- a/doc/examples/ex-client2.c +++ b/doc/examples/ex-client2.c @@ -50,9 +50,9 @@ main (void) if (ret < 0) { if (ret == GNUTLS_E_INVALID_REQUEST) - { - fprintf (stderr, "Syntax error at: %s\n", err); - } + { + fprintf (stderr, "Syntax error at: %s\n", err); + } exit (1); } diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c index 59fedb36b2..c8961d8799 100644 --- a/doc/examples/ex-crq.c +++ b/doc/examples/ex-crq.c @@ -41,10 +41,10 @@ main (void) /* Add stuff to the distinguished name */ gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COUNTRY_NAME, - 0, "GR", 2); + 0, "GR", 2); gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, - 0, "Nikos", strlen ("Nikos")); + 0, "Nikos", strlen ("Nikos")); /* Set the request version. */ diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c index 10d35c7c65..0be058e924 100644 --- a/doc/examples/ex-pkcs12.c +++ b/doc/examples/ex-pkcs12.c @@ -21,7 +21,7 @@ */ int write_pkcs12 (const gnutls_datum_t * cert, - const gnutls_datum_t * pkcs8_key, const char *password) + const gnutls_datum_t * pkcs8_key, const char *password) { gnutls_pkcs12_t pkcs12; int ret, bag_index; @@ -73,8 +73,8 @@ write_pkcs12 (const gnutls_datum_t * cert, */ ret = gnutls_pkcs12_bag_set_data (key_bag, - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, - pkcs8_key); + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, + pkcs8_key); if (ret < 0) { fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); @@ -110,7 +110,7 @@ write_pkcs12 (const gnutls_datum_t * cert, pkcs12_struct_size = sizeof (pkcs12_struct); ret = gnutls_pkcs12_export (pkcs12, GNUTLS_X509_FMT_DER, pkcs12_struct, - &pkcs12_struct_size); + &pkcs12_struct_size); if (ret < 0) { fprintf (stderr, "ret: %s\n", gnutls_strerror (ret)); diff --git a/doc/examples/ex-rfc2818.c b/doc/examples/ex-rfc2818.c index dac194502f..04114f41ba 100644 --- a/doc/examples/ex-rfc2818.c +++ b/doc/examples/ex-rfc2818.c @@ -96,7 +96,7 @@ verify_certificate_callback (gnutls_session_t session) if (!gnutls_x509_crt_check_hostname (cert, hostname)) { printf ("The certificate's owner does not match hostname '%s'\n", - hostname); + hostname); return GNUTLS_E_CERTIFICATE_ERROR; } @@ -126,7 +126,7 @@ main (void) gnutls_certificate_set_x509_trust_file (xcred, CAFILE, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_verify_function (xcred, verify_certificate_callback); gnutls_certificate_set_verify_flags (xcred, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); /* Initialize TLS session */ @@ -139,9 +139,9 @@ main (void) if (ret < 0) { if (ret == GNUTLS_E_INVALID_REQUEST) - { - fprintf (stderr, "Syntax error at: %s\n", err); - } + { + fprintf (stderr, "Syntax error at: %s\n", err); + } exit (1); } diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c index 68b1dff675..88f38acfef 100644 --- a/doc/examples/ex-serv-anon.c +++ b/doc/examples/ex-serv-anon.c @@ -22,7 +22,7 @@ #define SA struct sockaddr #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -92,10 +92,10 @@ main (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); @@ -112,47 +112,47 @@ main (void) sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } + { + close (sd); + gnutls_deinit (session); + fprintf (stderr, "*** Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + continue; + } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ for (;;) - { - memset (buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("\n- Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fprintf (stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } printf ("\n"); /* do not wait for the peer to close the connection. */ diff --git a/doc/examples/ex-serv-pgp.c b/doc/examples/ex-serv-pgp.c index 9b016c9f74..43744839f6 100644 --- a/doc/examples/ex-serv-pgp.c +++ b/doc/examples/ex-serv-pgp.c @@ -27,7 +27,7 @@ #define SA struct sockaddr #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -89,10 +89,10 @@ main (void) gnutls_certificate_allocate_credentials (&cred); gnutls_certificate_set_openpgp_keyring_file (cred, RINGFILE, - GNUTLS_OPENPGP_FMT_BASE64); + GNUTLS_OPENPGP_FMT_BASE64); gnutls_certificate_set_openpgp_key_file (cred, CERTFILE, KEYFILE, - GNUTLS_OPENPGP_FMT_BASE64); + GNUTLS_OPENPGP_FMT_BASE64); generate_dh_params (); @@ -106,10 +106,10 @@ main (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); @@ -126,47 +126,47 @@ main (void) sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } + { + close (sd); + gnutls_deinit (session); + fprintf (stderr, "*** Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + continue; + } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ for (;;) - { - memset (buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("\n- Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fprintf (stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } printf ("\n"); /* do not wait for the peer to close the connection. */ diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c index 1374cd65be..d2b907f4e1 100644 --- a/doc/examples/ex-serv-psk.c +++ b/doc/examples/ex-serv-psk.c @@ -28,7 +28,7 @@ #define SA struct sockaddr #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -106,13 +106,13 @@ main (void) gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_psk_allocate_server_credentials (&psk_cred); gnutls_psk_set_server_credentials_function (psk_cred, pskfunc); @@ -132,10 +132,10 @@ main (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); @@ -152,47 +152,47 @@ main (void) sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } + { + close (sd); + gnutls_deinit (session); + fprintf (stderr, "*** Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + continue; + } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ for (;;) - { - memset (buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("\n- Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fprintf (stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } printf ("\n"); /* do not wait for the peer to close the connection. */ diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c index fcd94c4155..96a0a7432e 100644 --- a/doc/examples/ex-serv-srp.c +++ b/doc/examples/ex-serv-srp.c @@ -29,7 +29,7 @@ #define SA struct sockaddr #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ /* These are global */ gnutls_srp_server_credentials_t srp_cred; @@ -75,19 +75,19 @@ main (void) /* these must be called once in the program */ gnutls_global_init (); - gnutls_global_init_extra (); /* for SRP */ + gnutls_global_init_extra (); /* for SRP */ /* SRP_PASSWD a password file (created with the included srptool utility) */ gnutls_srp_allocate_server_credentials (&srp_cred); gnutls_srp_set_server_credentials_file (srp_cred, SRP_PASSWD, - SRP_PASSWD_CONF); + SRP_PASSWD_CONF); gnutls_certificate_allocate_credentials (&cert_cred); gnutls_certificate_set_x509_trust_file (cert_cred, CAFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (cert_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); /* TCP socket operations */ @@ -97,10 +97,10 @@ main (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); @@ -117,46 +117,46 @@ main (void) sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } + { + close (sd); + gnutls_deinit (session); + fprintf (stderr, "*** Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + continue; + } printf ("- Handshake was completed\n"); /* print_info(session); */ for (;;) - { - memset (buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("\n- Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fprintf (stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } printf ("\n"); /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); diff --git a/doc/examples/ex-serv1.c b/doc/examples/ex-serv1.c index a6d84a842e..7166657e9d 100644 --- a/doc/examples/ex-serv1.c +++ b/doc/examples/ex-serv1.c @@ -27,7 +27,7 @@ #define SA struct sockaddr #define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -95,13 +95,13 @@ main (void) gnutls_certificate_allocate_credentials (&x509_cred); gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); generate_dh_params (); @@ -118,10 +118,10 @@ main (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); SOCKET_ERR (err, "bind"); @@ -138,47 +138,47 @@ main (void) sd = accept (listen_sd, (SA *) & sa_cli, &client_len); printf ("- connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fprintf (stderr, "*** Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - continue; - } + { + close (sd); + gnutls_deinit (session); + fprintf (stderr, "*** Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + continue; + } printf ("- Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ for (;;) - { - memset (buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("\n- Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0) - { - fprintf (stderr, "\n*** Received corrupted " - "data(%d). Closing the connection.\n\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("\n- Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fprintf (stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } printf ("\n"); /* do not wait for the peer to close the connection. */ diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c index 946ec5b44f..c8404dd158 100644 --- a/doc/examples/ex-session-info.c +++ b/doc/examples/ex-session-info.c @@ -41,7 +41,7 @@ print_info (gnutls_session_t session) #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: printf ("- SRP session with username %s\n", - gnutls_srp_server_get_username (session)); + gnutls_srp_server_get_username (session)); break; #endif @@ -49,37 +49,37 @@ print_info (gnutls_session_t session) /* This returns NULL in server side. */ if (gnutls_psk_client_get_hint (session) != NULL) - printf ("- PSK authentication. PSK hint '%s'\n", - gnutls_psk_client_get_hint (session)); + printf ("- PSK authentication. PSK hint '%s'\n", + gnutls_psk_client_get_hint (session)); /* This returns NULL in client side. */ if (gnutls_psk_server_get_username (session) != NULL) - printf ("- PSK authentication. Connected as '%s'\n", - gnutls_psk_server_get_username (session)); + printf ("- PSK authentication. Connected as '%s'\n", + gnutls_psk_server_get_username (session)); break; - case GNUTLS_CRD_ANON: /* anonymous authentication */ + case GNUTLS_CRD_ANON: /* anonymous authentication */ printf ("- Anonymous DH using prime of %d bits\n", - gnutls_dh_get_prime_bits (session)); + gnutls_dh_get_prime_bits (session)); break; - case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ + case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ /* Check if we have been using ephemeral Diffie-Hellman. */ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) - { - printf ("\n- Ephemeral DH using prime of %d bits\n", - gnutls_dh_get_prime_bits (session)); - } + { + printf ("\n- Ephemeral DH using prime of %d bits\n", + gnutls_dh_get_prime_bits (session)); + } /* if the certificate list is available, then * print some information about it. */ print_x509_certificate_info (session); - } /* switch */ + } /* switch */ /* print the protocol's name (ie TLS 1.0) */ diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c index a08cd418a1..5165e45877 100644 --- a/doc/examples/ex-verify.c +++ b/doc/examples/ex-verify.c @@ -22,12 +22,12 @@ gnutls_x509_crt_t *ca_list; int ca_list_size; static void verify_cert2 (gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_x509_crl_t * crl_list, int crl_list_size); + gnutls_x509_crt_t issuer, + gnutls_x509_crl_t * crl_list, int crl_list_size); static void verify_last_cert (gnutls_x509_crt_t crt, - gnutls_x509_crt_t * ca_list, int ca_list_size, - gnutls_x509_crl_t * crl_list, - int crl_list_size); + gnutls_x509_crt_t * ca_list, int ca_list_size, + gnutls_x509_crl_t * crl_list, + int crl_list_size); /* This function will try to verify the peer's certificate chain, and @@ -35,9 +35,9 @@ static void verify_last_cert (gnutls_x509_crt_t crt, */ void verify_certificate_chain (gnutls_session_t session, - const char *hostname, - const gnutls_datum_t * cert_chain, - int cert_chain_length) + const char *hostname, + const gnutls_datum_t * cert_chain, + int cert_chain_length) { int i; gnutls_x509_crt_t *cert; @@ -58,7 +58,7 @@ verify_certificate_chain (gnutls_session_t session, * list. */ if (gnutls_x509_crt_check_issuer (cert[cert_chain_length - 1], - cert[cert_chain_length - 1]) > 0 + cert[cert_chain_length - 1]) > 0 && cert_chain_length > 0) { cert_chain_length--; @@ -76,14 +76,14 @@ verify_certificate_chain (gnutls_session_t session, * our trusted CA list. */ verify_last_cert (cert[cert_chain_length - 1], - ca_list, ca_list_size, crl_list, crl_list_size); + ca_list, ca_list_size, crl_list, crl_list_size); /* Check if the name in the first certificate matches our destination! */ if (!gnutls_x509_crt_check_hostname (cert[0], hostname)) { printf ("The certificate's owner does not match hostname '%s'\n", - hostname); + hostname); } for (i = 0; i < cert_chain_length; i++) @@ -99,7 +99,7 @@ verify_certificate_chain (gnutls_session_t session, */ static void verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_crl_t * crl_list, int crl_list_size) + gnutls_x509_crl_t * crl_list, int crl_list_size) { unsigned int output; int ret; @@ -135,13 +135,13 @@ verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, fprintf (stderr, "Not trusted"); if (output & GNUTLS_CERT_SIGNER_NOT_FOUND) - fprintf (stderr, ": no issuer was found"); + fprintf (stderr, ": no issuer was found"); if (output & GNUTLS_CERT_SIGNER_NOT_CA) - fprintf (stderr, ": issuer is not a CA"); + fprintf (stderr, ": issuer is not a CA"); if (output & GNUTLS_CERT_NOT_ACTIVATED) - fprintf (stderr, ": not yet activated\n"); + fprintf (stderr, ": not yet activated\n"); if (output & GNUTLS_CERT_EXPIRED) - fprintf (stderr, ": expired\n"); + fprintf (stderr, ": expired\n"); fprintf (stderr, "\n"); } @@ -152,7 +152,7 @@ verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, */ ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size); if (ret == 1) - { /* revoked */ + { /* revoked */ fprintf (stderr, "Revoked\n"); } } @@ -163,8 +163,8 @@ verify_cert2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, */ static void verify_last_cert (gnutls_x509_crt_t crt, - gnutls_x509_crt_t * ca_list, int ca_list_size, - gnutls_x509_crl_t * crl_list, int crl_list_size) + gnutls_x509_crt_t * ca_list, int ca_list_size, + gnutls_x509_crl_t * crl_list, int crl_list_size) { unsigned int output; int ret; @@ -187,18 +187,18 @@ verify_last_cert (gnutls_x509_crt_t crt, /* Do the actual verification. */ gnutls_x509_crt_verify (crt, ca_list, ca_list_size, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &output); + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, &output); if (output & GNUTLS_CERT_INVALID) { fprintf (stderr, "Not trusted"); if (output & GNUTLS_CERT_SIGNER_NOT_CA) - fprintf (stderr, ": Issuer is not a CA\n"); + fprintf (stderr, ": Issuer is not a CA\n"); if (output & GNUTLS_CERT_NOT_ACTIVATED) - fprintf (stderr, ": Not yet activated\n"); + fprintf (stderr, ": Not yet activated\n"); if (output & GNUTLS_CERT_EXPIRED) - fprintf (stderr, ": Expired\n"); + fprintf (stderr, ": Expired\n"); fprintf (stderr, "\n"); } else @@ -209,7 +209,7 @@ verify_last_cert (gnutls_x509_crt_t crt, */ ret = gnutls_x509_crt_check_revocation (crt, crl_list, crl_list_size); if (ret == 1) - { /* revoked */ + { /* revoked */ fprintf (stderr, "Revoked\n"); } } diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c index 3251e0bd9d..d2f39cf437 100644 --- a/doc/examples/ex-x509-info.c +++ b/doc/examples/ex-x509-info.c @@ -74,10 +74,10 @@ print_x509_certificate_info (gnutls_session_t session) ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &cinfo); if (ret == 0) - { - printf ("\t%s\n", cinfo.data); - gnutls_free (cinfo.data); - } + { + printf ("\t%s\n", cinfo.data); + gnutls_free (cinfo.data); + } /* If you want to extract fields manually for some other reason, below are popular example calls. */ @@ -100,13 +100,13 @@ print_x509_certificate_info (gnutls_session_t session) algo = gnutls_x509_crt_get_pk_algorithm (cert, &bits); printf ("Certificate public key: %s", - gnutls_pk_algorithm_get_name (algo)); + gnutls_pk_algorithm_get_name (algo)); /* Print the version of the X.509 * certificate. */ printf ("\tCertificate version: #%d\n", - gnutls_x509_crt_get_version (cert)); + gnutls_x509_crt_get_version (cert)); size = sizeof (dn); gnutls_x509_crt_get_dn (cert, dn, &size); diff --git a/doc/examples/examples.h b/doc/examples/examples.h index e88784fa0c..bca087a84e 100644 --- a/doc/examples/examples.h +++ b/doc/examples/examples.h @@ -5,7 +5,7 @@ void check_alert (gnutls_session_t session, int ret); int write_pkcs12 (const gnutls_datum_t * cert, - const gnutls_datum_t * pkcs8_key, const char *password); + const gnutls_datum_t * pkcs8_key, const char *password); void verify_certificate (gnutls_session_t session, const char *hostname); @@ -15,8 +15,8 @@ void print_x509_certificate_info (gnutls_session_t session); void verify_certificate_chain (gnutls_session_t session, - const char *hostname, - const gnutls_datum_t * cert_chain, - int cert_chain_length); + const char *hostname, + const gnutls_datum_t * cert_chain, + int cert_chain_length); #endif /* EXAMPLES_H */ diff --git a/doc/examples/tcp.c b/doc/examples/tcp.c index bf47f449f3..6961c4eef6 100644 --- a/doc/examples/tcp.c +++ b/doc/examples/tcp.c @@ -54,6 +54,6 @@ tcp_connect (void) extern void tcp_close (int sd) { - shutdown (sd, SHUT_RDWR); /* no more receptions */ + shutdown (sd, SHUT_RDWR); /* no more receptions */ close (sd); } diff --git a/doc/printlist.c b/doc/printlist.c index 140f08012d..743ffdac06 100644 --- a/doc/printlist.c +++ b/doc/printlist.c @@ -41,12 +41,12 @@ main (void) printf ("Available cipher suites:\n"); printf ("@multitable @columnfractions .60 .20 .20\n"); for (i = 0; (name = gnutls_cipher_suite_info - (i, id, &kx, &cipher, &mac, &version)); i++) + (i, id, &kx, &cipher, &mac, &version)); i++) { - printf ("@item %s\n@tab 0x%02x 0x%02x\n@tab %s\n", - name, - (unsigned char) id[0], (unsigned char) id[1], - gnutls_protocol_get_name (version)); + printf ("@item %s\n@tab 0x%02x 0x%02x\n@tab %s\n", + name, + (unsigned char) id[0], (unsigned char) id[1], + gnutls_protocol_get_name (version)); } printf ("@end multitable\n"); } @@ -57,7 +57,7 @@ main (void) printf ("\n\nAvailable certificate types:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_certificate_type_get_name (*p)); + printf ("@item %s\n", gnutls_certificate_type_get_name (*p)); } printf ("@end itemize\n"); } @@ -68,7 +68,7 @@ main (void) printf ("\nAvailable protocols:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_protocol_get_name (*p)); + printf ("@item %s\n", gnutls_protocol_get_name (*p)); } printf ("@end itemize\n"); } @@ -79,7 +79,7 @@ main (void) printf ("\nAvailable ciphers:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_cipher_get_name (*p)); + printf ("@item %s\n", gnutls_cipher_get_name (*p)); } printf ("@end itemize\n"); } @@ -90,7 +90,7 @@ main (void) printf ("\nAvailable MAC algorithms:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_mac_get_name (*p)); + printf ("@item %s\n", gnutls_mac_get_name (*p)); } printf ("@end itemize\n"); } @@ -101,7 +101,7 @@ main (void) printf ("\nAvailable key exchange methods:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_kx_get_name (*p)); + printf ("@item %s\n", gnutls_kx_get_name (*p)); } printf ("@end itemize\n"); } @@ -112,7 +112,7 @@ main (void) printf ("\nAvailable public key algorithms:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_pk_get_name (*p)); + printf ("@item %s\n", gnutls_pk_get_name (*p)); } printf ("@end itemize\n"); } @@ -123,7 +123,7 @@ main (void) printf ("\nAvailable public key signature algorithms:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_sign_get_name (*p)); + printf ("@item %s\n", gnutls_sign_get_name (*p)); } printf ("@end itemize\n"); } @@ -134,7 +134,7 @@ main (void) printf ("\nAvailable compression methods:\n@itemize\n"); for (; *p; p++) { - printf ("@item %s\n", gnutls_compression_get_name (*p)); + printf ("@item %s\n", gnutls_compression_get_name (*p)); } printf ("@end itemize\n"); } diff --git a/guile/src/core.c b/guile/src/core.c index 803e56f4e4..dfe0fc33dd 100644 --- a/guile/src/core.c +++ b/guile/src/core.c @@ -92,9 +92,9 @@ SCM_SMOB_MARK (scm_tc16_gnutls_session, mark_session, session) } SCM_DEFINE (scm_gnutls_version, "gnutls-version", 0, 0, 0, - (void), - "Return a string denoting the version number of the underlying " - "GnuTLS library, e.g., @code{\"1.7.2\"}.") + (void), + "Return a string denoting the version number of the underlying " + "GnuTLS library, e.g., @code{\"1.7.2\"}.") #define FUNC_NAME s_scm_gnutls_version { return (scm_from_locale_string (gnutls_check_version (NULL))); @@ -103,9 +103,9 @@ SCM_DEFINE (scm_gnutls_version, "gnutls-version", 0, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_make_session, "make-session", 1, 0, 0, - (SCM end), - "Return a new session for connection end @var{end}, either " - "@code{connection-end/server} or @code{connection-end/client}.") + (SCM end), + "Return a new session for connection end @var{end}, either " + "@code{connection-end/server} or @code{connection-end/client}.") #define FUNC_NAME s_scm_gnutls_make_session { int err; @@ -129,8 +129,8 @@ SCM_DEFINE (scm_gnutls_make_session, "make-session", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_bye, "bye", 2, 0, 0, - (SCM session, SCM how), - "Close @var{session} according to @var{how}.") + (SCM session, SCM how), + "Close @var{session} according to @var{how}.") #define FUNC_NAME s_scm_gnutls_bye { int err; @@ -150,7 +150,7 @@ SCM_DEFINE (scm_gnutls_bye, "bye", 2, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_handshake, "handshake", 1, 0, 0, - (SCM session), "Perform a handshake for @var{session}.") + (SCM session), "Perform a handshake for @var{session}.") #define FUNC_NAME s_scm_gnutls_handshake { int err; @@ -168,7 +168,7 @@ SCM_DEFINE (scm_gnutls_handshake, "handshake", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_rehandshake, "rehandshake", 1, 0, 0, - (SCM session), "Perform a re-handshaking for @var{session}.") + (SCM session), "Perform a re-handshaking for @var{session}.") #define FUNC_NAME s_scm_gnutls_rehandshake { int err; @@ -186,7 +186,7 @@ SCM_DEFINE (scm_gnutls_rehandshake, "rehandshake", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_alert_get, "alert-get", 1, 0, 0, - (SCM session), "Get an aleter from @var{session}.") + (SCM session), "Get an aleter from @var{session}.") #define FUNC_NAME s_scm_gnutls_alert_get { gnutls_session_t c_session; @@ -202,8 +202,8 @@ SCM_DEFINE (scm_gnutls_alert_get, "alert-get", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_alert_send, "alert-send", 3, 0, 0, - (SCM session, SCM level, SCM alert), - "Send @var{alert} via @var{session}.") + (SCM session, SCM level, SCM alert), + "Send @var{alert} via @var{session}.") #define FUNC_NAME s_scm_gnutls_alert_send { int err; @@ -230,7 +230,7 @@ SCM_DEFINE (scm_gnutls_alert_send, "alert-send", 3, 0, 0, /* Session accessors. */ SCM_DEFINE (scm_gnutls_session_cipher, "session-cipher", 1, 0, 0, - (SCM session), "Return @var{session}'s cipher.") + (SCM session), "Return @var{session}'s cipher.") #define FUNC_NAME s_scm_gnutls_session_cipher { gnutls_session_t c_session; @@ -246,7 +246,7 @@ SCM_DEFINE (scm_gnutls_session_cipher, "session-cipher", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_kx, "session-kx", 1, 0, 0, - (SCM session), "Return @var{session}'s kx.") + (SCM session), "Return @var{session}'s kx.") #define FUNC_NAME s_scm_gnutls_session_kx { gnutls_session_t c_session; @@ -262,7 +262,7 @@ SCM_DEFINE (scm_gnutls_session_kx, "session-kx", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_mac, "session-mac", 1, 0, 0, - (SCM session), "Return @var{session}'s MAC.") + (SCM session), "Return @var{session}'s MAC.") #define FUNC_NAME s_scm_gnutls_session_mac { gnutls_session_t c_session; @@ -278,8 +278,8 @@ SCM_DEFINE (scm_gnutls_session_mac, "session-mac", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_compression_method, - "session-compression-method", 1, 0, 0, - (SCM session), "Return @var{session}'s compression method.") + "session-compression-method", 1, 0, 0, + (SCM session), "Return @var{session}'s compression method.") #define FUNC_NAME s_scm_gnutls_session_compression_method { gnutls_session_t c_session; @@ -295,8 +295,8 @@ SCM_DEFINE (scm_gnutls_session_compression_method, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_certificate_type, - "session-certificate-type", 1, 0, 0, - (SCM session), "Return @var{session}'s certificate type.") + "session-certificate-type", 1, 0, 0, + (SCM session), "Return @var{session}'s certificate type.") #define FUNC_NAME s_scm_gnutls_session_certificate_type { gnutls_session_t c_session; @@ -312,7 +312,7 @@ SCM_DEFINE (scm_gnutls_session_certificate_type, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_protocol, "session-protocol", 1, 0, 0, - (SCM session), "Return the protocol used by @var{session}.") + (SCM session), "Return the protocol used by @var{session}.") #define FUNC_NAME s_scm_gnutls_session_protocol { gnutls_session_t c_session; @@ -328,11 +328,11 @@ SCM_DEFINE (scm_gnutls_session_protocol, "session-protocol", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_authentication_type, - "session-authentication-type", - 1, 0, 0, - (SCM session), - "Return the authentication type (a @code{credential-type} value) " - "used by @var{session}.") + "session-authentication-type", + 1, 0, 0, + (SCM session), + "Return the authentication type (a @code{credential-type} value) " + "used by @var{session}.") #define FUNC_NAME s_scm_gnutls_session_authentication_type { gnutls_session_t c_session; @@ -348,11 +348,11 @@ SCM_DEFINE (scm_gnutls_session_authentication_type, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_server_authentication_type, - "session-server-authentication-type", - 1, 0, 0, - (SCM session), - "Return the server authentication type (a " - "@code{credential-type} value) used in @var{session}.") + "session-server-authentication-type", + 1, 0, 0, + (SCM session), + "Return the server authentication type (a " + "@code{credential-type} value) used in @var{session}.") #define FUNC_NAME s_scm_gnutls_session_server_authentication_type { gnutls_session_t c_session; @@ -368,11 +368,11 @@ SCM_DEFINE (scm_gnutls_session_server_authentication_type, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_client_authentication_type, - "session-client-authentication-type", - 1, 0, 0, - (SCM session), - "Return the client authentication type (a " - "@code{credential-type} value) used in @var{session}.") + "session-client-authentication-type", + 1, 0, 0, + (SCM session), + "Return the client authentication type (a " + "@code{credential-type} value) used in @var{session}.") #define FUNC_NAME s_scm_gnutls_session_client_authentication_type { gnutls_session_t c_session; @@ -388,15 +388,15 @@ SCM_DEFINE (scm_gnutls_session_client_authentication_type, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_peer_certificate_chain, - "session-peer-certificate-chain", - 1, 0, 0, - (SCM session), - "Return the a list of certificates in raw format (u8vectors) " - "where the first one is the peer's certificate. In the case " - "of OpenPGP, there is always exactly one certificate. In the " - "case of X.509, subsequent certificates indicate form a " - "certificate chain. Return the empty list if no certificate " - "was sent.") + "session-peer-certificate-chain", + 1, 0, 0, + (SCM session), + "Return the a list of certificates in raw format (u8vectors) " + "where the first one is the peer's certificate. In the case " + "of OpenPGP, there is always exactly one certificate. In the " + "case of X.509, subsequent certificates indicate form a " + "certificate chain. Return the empty list if no certificate " + "was sent.") #define FUNC_NAME s_scm_gnutls_session_peer_certificate_chain { SCM result; @@ -418,17 +418,17 @@ SCM_DEFINE (scm_gnutls_session_peer_certificate_chain, result = scm_make_list (scm_from_uint (c_list_size), SCM_UNSPECIFIED); for (i = 0, pair = result; i < c_list_size; i++, pair = SCM_CDR (pair)) - { - unsigned char *c_cert_copy; + { + unsigned char *c_cert_copy; - c_cert_copy = (unsigned char *) malloc (c_cert[i].size); - if (EXPECT_FALSE (c_cert_copy == NULL)) - scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); + c_cert_copy = (unsigned char *) malloc (c_cert[i].size); + if (EXPECT_FALSE (c_cert_copy == NULL)) + scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); - memcpy (c_cert_copy, c_cert[i].data, c_cert[i].size); + memcpy (c_cert_copy, c_cert[i].data, c_cert[i].size); - SCM_SETCAR (pair, scm_take_u8vector (c_cert_copy, c_cert[i].size)); - } + SCM_SETCAR (pair, scm_take_u8vector (c_cert_copy, c_cert[i].size)); + } } return result; @@ -437,13 +437,13 @@ SCM_DEFINE (scm_gnutls_session_peer_certificate_chain, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_session_our_certificate_chain, - "session-our-certificate-chain", - 1, 0, 0, - (SCM session), - "Return our certificate chain for @var{session} (as sent to " - "the peer) in raw format (a u8vector). In the case of OpenPGP " - "there is exactly one certificate. Return the empty list " - "if no certificate was used.") + "session-our-certificate-chain", + 1, 0, 0, + (SCM session), + "Return our certificate chain for @var{session} (as sent to " + "the peer) in raw format (a u8vector). In the case of OpenPGP " + "there is exactly one certificate. Return the empty list " + "if no certificate was used.") #define FUNC_NAME s_scm_gnutls_session_our_certificate_chain { SCM result; @@ -464,7 +464,7 @@ SCM_DEFINE (scm_gnutls_session_our_certificate_chain, { c_cert_copy = (unsigned char *) malloc (c_cert->size); if (EXPECT_FALSE (c_cert_copy == NULL)) - scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); + scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); memcpy (c_cert_copy, c_cert->data, c_cert->size); @@ -477,13 +477,13 @@ SCM_DEFINE (scm_gnutls_session_our_certificate_chain, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_server_session_certificate_request_x, - "set-server-session-certificate-request!", - 2, 0, 0, - (SCM session, SCM request), - "Tell how @var{session}, a server-side session, should deal " - "with certificate requests. @var{request} should be either " - "@code{certificate-request/request} or " - "@code{certificate-request/require}.") + "set-server-session-certificate-request!", + 2, 0, 0, + (SCM session, SCM request), + "Tell how @var{session}, a server-side session, should deal " + "with certificate requests. @var{request} should be either " + "@code{certificate-request/request} or " + "@code{certificate-request/require}.") #define FUNC_NAME s_scm_gnutls_set_server_session_certificate_request_x { gnutls_session_t c_session; @@ -505,8 +505,8 @@ SCM_DEFINE (scm_gnutls_set_server_session_certificate_request_x, #include "priorities.i.c" SCM_DEFINE (scm_gnutls_set_default_priority_x, - "set-session-default-priority!", 1, 0, 0, - (SCM session), "Have @var{session} use the default priorities.") + "set-session-default-priority!", 1, 0, 0, + (SCM session), "Have @var{session} use the default priorities.") #define FUNC_NAME s_scm_gnutls_set_default_priority_x { gnutls_session_t c_session; @@ -520,9 +520,9 @@ SCM_DEFINE (scm_gnutls_set_default_priority_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_default_export_priority_x, - "set-session-default-export-priority!", 1, 0, 0, - (SCM session), - "Have @var{session} use the default export priorities.") + "set-session-default-export-priority!", 1, 0, 0, + (SCM session), + "Have @var{session} use the default export priorities.") #define FUNC_NAME s_scm_gnutls_set_default_export_priority_x { gnutls_session_t c_session; @@ -536,9 +536,9 @@ SCM_DEFINE (scm_gnutls_set_default_export_priority_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_cipher_suite_to_string, "cipher-suite->string", - 3, 0, 0, - (SCM kx, SCM cipher, SCM mac), - "Return the name of the given cipher suite.") + 3, 0, 0, + (SCM kx, SCM cipher, SCM mac), + "Return the name of the given cipher suite.") #define FUNC_NAME s_scm_gnutls_cipher_suite_to_string { gnutls_kx_algorithm_t c_kx; @@ -558,9 +558,9 @@ SCM_DEFINE (scm_gnutls_cipher_suite_to_string, "cipher-suite->string", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_session_credentials_x, "set-session-credentials!", - 2, 0, 0, - (SCM session, SCM cred), - "Use @var{cred} as @var{session}'s credentials.") + 2, 0, 0, + (SCM session, SCM cred), + "Use @var{cred} as @var{session}'s credentials.") #define FUNC_NAME s_scm_gnutls_set_session_credentials_x { int err = 0; @@ -574,25 +574,25 @@ SCM_DEFINE (scm_gnutls_set_session_credentials_x, "set-session-credentials!", c_cred = scm_to_gnutls_certificate_credentials (cred, 2, FUNC_NAME); err = - gnutls_credentials_set (c_session, GNUTLS_CRD_CERTIFICATE, c_cred); + gnutls_credentials_set (c_session, GNUTLS_CRD_CERTIFICATE, c_cred); } else if (SCM_SMOB_PREDICATE - (scm_tc16_gnutls_anonymous_client_credentials, cred)) + (scm_tc16_gnutls_anonymous_client_credentials, cred)) { gnutls_anon_client_credentials_t c_cred; c_cred = scm_to_gnutls_anonymous_client_credentials (cred, 2, - FUNC_NAME); + FUNC_NAME); err = gnutls_credentials_set (c_session, GNUTLS_CRD_ANON, c_cred); } else if (SCM_SMOB_PREDICATE (scm_tc16_gnutls_anonymous_server_credentials, - cred)) + cred)) { gnutls_anon_server_credentials_t c_cred; c_cred = scm_to_gnutls_anonymous_server_credentials (cred, 2, - FUNC_NAME); + FUNC_NAME); err = gnutls_credentials_set (c_session, GNUTLS_CRD_ANON, c_cred); } #ifdef ENABLE_SRP @@ -640,9 +640,9 @@ SCM_DEFINE (scm_gnutls_set_session_credentials_x, "set-session-credentials!", /* Record layer. */ SCM_DEFINE (scm_gnutls_record_send, "record-send", 2, 0, 0, - (SCM session, SCM array), - "Send the record constituted by @var{array} through " - "@var{session}.") + (SCM session, SCM array), + "Send the record constituted by @var{array} through " + "@var{session}.") #define FUNC_NAME s_scm_gnutls_record_send { SCM result; @@ -672,10 +672,10 @@ SCM_DEFINE (scm_gnutls_record_send, "record-send", 2, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_record_receive_x, "record-receive!", 2, 0, 0, - (SCM session, SCM array), - "Receive data from @var{session} into @var{array}, a uniform " - "homogeneous array. Return the number of bytes actually " - "received.") + (SCM session, SCM array), + "Receive data from @var{session} into @var{array}, a uniform " + "homogeneous array. Return the number of bytes actually " + "received.") #define FUNC_NAME s_scm_gnutls_record_receive_x { SCM result; @@ -689,7 +689,7 @@ SCM_DEFINE (scm_gnutls_record_receive_x, "record-receive!", 2, 0, 0, SCM_VALIDATE_ARRAY (2, array); c_array = scm_gnutls_get_writable_array (array, &c_handle, &c_len, - FUNC_NAME); + FUNC_NAME); c_result = gnutls_record_recv (c_session, c_array, c_len); @@ -754,7 +754,7 @@ free_session_record_port (SCM port) /* Free the input buffer of PORT. */ c_port = SCM_PTAB_ENTRY (port); scm_gc_free (c_port->read_buf, c_port->read_buf_size, - session_record_port_gc_hint); + session_record_port_gc_hint); return 0; } @@ -782,7 +782,7 @@ do_fill_port (void *data) c_port = args->c_port; result = gnutls_record_recv (args->c_session, - c_port->read_buf, c_port->read_buf_size); + c_port->read_buf, c_port->read_buf_size); if (EXPECT_TRUE (result > 0)) { c_port->read_pos = c_port->read_buf; @@ -818,13 +818,13 @@ fill_session_record_port_input (SCM port) c_args.c_port = c_port; if (SCM_GNUTLS_SESSION_TRANSPORT_IS_FD (c_session)) - /* SESSION's underlying transport is a raw file descriptor, so we - must leave "Guile mode" to allow the GC to run. */ - chr = (intptr_t) scm_without_guile (do_fill_port, &c_args); + /* SESSION's underlying transport is a raw file descriptor, so we + must leave "Guile mode" to allow the GC to run. */ + chr = (intptr_t) scm_without_guile (do_fill_port, &c_args); else - /* SESSION's underlying transport is a port, so don't leave "Guile - mode". */ - chr = (intptr_t) do_fill_port (&c_args); + /* SESSION's underlying transport is a port, so don't leave "Guile + mode". */ + chr = (intptr_t) do_fill_port (&c_args); } else chr = (int) *c_port->read_pos; @@ -850,11 +850,11 @@ write_to_session_record_port (SCM port, const void *data, size_t size) while (c_sent < size) { c_result = gnutls_record_send (c_session, (char *) data + c_sent, - size - c_sent); + size - c_sent); if (EXPECT_FALSE (c_result < 0)) - scm_gnutls_error (c_result, FUNC_NAME); + scm_gnutls_error (c_result, FUNC_NAME); else - c_sent += c_result; + c_sent += c_result; } } @@ -897,11 +897,11 @@ make_session_record_port (SCM session) } SCM_DEFINE (scm_gnutls_session_record_port, "session-record-port", 1, 0, 0, - (SCM session), - "Return a read-write port that may be used to communicate over " - "@var{session}. All invocations of @code{session-port} on a " - "given session return the same object (in the sense of " - "@code{eq?}).") + (SCM session), + "Return a read-write port that may be used to communicate over " + "@var{session}. All invocations of @code{session-port} on a " + "given session return the same object (in the sense of " + "@code{eq?}).") #define FUNC_NAME s_scm_gnutls_session_record_port { SCM port; @@ -928,8 +928,8 @@ scm_init_gnutls_session_record_port_type (void) { session_record_port_type = scm_make_port_type ("gnutls-session-port", - fill_session_record_port_input, - write_to_session_record_port); + fill_session_record_port_input, + write_to_session_record_port); /* Guile >= 1.9.3 doesn't need a custom mark procedure, and doesn't need a finalizer (since memory associated with the port is automatically @@ -944,9 +944,9 @@ scm_init_gnutls_session_record_port_type (void) /* Transport. */ SCM_DEFINE (scm_gnutls_set_session_transport_fd_x, - "set-session-transport-fd!", 2, 0, 0, (SCM session, SCM fd), - "Use file descriptor @var{fd} as the underlying transport for " - "@var{session}.") + "set-session-transport-fd!", 2, 0, 0, (SCM session, SCM fd), + "Use file descriptor @var{fd} as the underlying transport for " + "@var{session}.") #define FUNC_NAME s_scm_gnutls_set_session_transport_fd_x { gnutls_session_t c_session; @@ -956,7 +956,7 @@ SCM_DEFINE (scm_gnutls_set_session_transport_fd_x, c_fd = (int) scm_to_uint (fd); gnutls_transport_set_ptr (c_session, - (gnutls_transport_ptr_t) (intptr_t) c_fd); + (gnutls_transport_ptr_t) (intptr_t) c_fd); SCM_GNUTLS_SET_SESSION_TRANSPORT_IS_FD (c_session, 1); @@ -994,10 +994,10 @@ push_to_port (gnutls_transport_ptr_t transport, const void *data, size_t size) } SCM_DEFINE (scm_gnutls_set_session_transport_port_x, - "set-session-transport-port!", - 2, 0, 0, - (SCM session, SCM port), - "Use @var{port} as the input/output port for @var{session}.") + "set-session-transport-port!", + 2, 0, 0, + (SCM session, SCM port), + "Use @var{port} as the input/output port for @var{session}.") #define FUNC_NAME s_scm_gnutls_set_session_transport_port_x { gnutls_session_t c_session; @@ -1011,7 +1011,7 @@ SCM_DEFINE (scm_gnutls_set_session_transport_port_x, when they wish to do it. */ gnutls_transport_set_ptr (c_session, - (gnutls_transport_ptr_t) SCM_UNPACK (port)); + (gnutls_transport_ptr_t) SCM_UNPACK (port)); gnutls_transport_set_push_function (c_session, push_to_port); gnutls_transport_set_pull_function (c_session, pull_from_port); @@ -1026,7 +1026,7 @@ SCM_DEFINE (scm_gnutls_set_session_transport_port_x, /* Diffie-Hellman. */ typedef int (*pkcs_export_function_t) (void *, gnutls_x509_crt_fmt_t, - unsigned char *, size_t *); + unsigned char *, size_t *); /* Hint for the `scm_gc' functions. */ static const char pkcs_export_gc_hint[] = "gnutls-pkcs-export"; @@ -1036,8 +1036,8 @@ static const char pkcs_export_gc_hint[] = "gnutls-pkcs-export"; Return a `u8vector'. */ static inline SCM pkcs_export_parameters (pkcs_export_function_t export, - void *params, gnutls_x509_crt_fmt_t format, - const char *func_name) + void *params, gnutls_x509_crt_fmt_t format, + const char *func_name) #define FUNC_NAME func_name { int err; @@ -1045,18 +1045,18 @@ pkcs_export_parameters (pkcs_export_function_t export, size_t output_len, output_total_len = 4096; output = (unsigned char *) scm_gc_malloc (output_total_len, - pkcs_export_gc_hint); + pkcs_export_gc_hint); do { output_len = output_total_len; err = export (params, format, output, &output_len); if (err == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - output = scm_gc_realloc (output, output_total_len, - output_total_len * 2, pkcs_export_gc_hint); - output_total_len *= 2; - } + { + output = scm_gc_realloc (output, output_total_len, + output_total_len * 2, pkcs_export_gc_hint); + output_total_len *= 2; + } } while (err == GNUTLS_E_SHORT_MEMORY_BUFFER); @@ -1069,7 +1069,7 @@ pkcs_export_parameters (pkcs_export_function_t export, if (output_len != output_total_len) /* Shrink the output buffer. */ output = scm_gc_realloc (output, output_total_len, - output_len, pkcs_export_gc_hint); + output_len, pkcs_export_gc_hint); return (scm_take_u8vector (output, output_len)); } @@ -1078,7 +1078,7 @@ pkcs_export_parameters (pkcs_export_function_t export, SCM_DEFINE (scm_gnutls_make_dh_parameters, "make-dh-parameters", 1, 0, 0, - (SCM bits), "Return new Diffie-Hellman parameters.") + (SCM bits), "Return new Diffie-Hellman parameters.") #define FUNC_NAME s_scm_gnutls_make_dh_parameters { int err; @@ -1104,13 +1104,13 @@ SCM_DEFINE (scm_gnutls_make_dh_parameters, "make-dh-parameters", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_pkcs3_import_dh_parameters, - "pkcs3-import-dh-parameters", - 2, 0, 0, - (SCM array, SCM format), - "Import Diffie-Hellman parameters in PKCS3 format (further " - "specified by @var{format}, an @code{x509-certificate-format} " - "value) from @var{array} (a homogeneous array) and return a " - "new @code{dh-params} object.") + "pkcs3-import-dh-parameters", + 2, 0, 0, + (SCM array, SCM format), + "Import Diffie-Hellman parameters in PKCS3 format (further " + "specified by @var{format}, an @code{x509-certificate-format} " + "value) from @var{array} (a homogeneous array) and return a " + "new @code{dh-params} object.") #define FUNC_NAME s_scm_gnutls_pkcs3_import_dh_parameters { int err; @@ -1149,13 +1149,13 @@ SCM_DEFINE (scm_gnutls_pkcs3_import_dh_parameters, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_pkcs3_export_dh_parameters, - "pkcs3-export-dh-parameters", - 2, 0, 0, - (SCM dh_params, SCM format), - "Export Diffie-Hellman parameters @var{dh_params} in PKCS3 " - "format according for @var{format} (an " - "@code{x509-certificate-format} value). Return a " - "@code{u8vector} containing the result.") + "pkcs3-export-dh-parameters", + 2, 0, 0, + (SCM dh_params, SCM format), + "Export Diffie-Hellman parameters @var{dh_params} in PKCS3 " + "format according for @var{format} (an " + "@code{x509-certificate-format} value). Return a " + "@code{u8vector} containing the result.") #define FUNC_NAME s_scm_gnutls_pkcs3_export_dh_parameters { SCM result; @@ -1166,8 +1166,8 @@ SCM_DEFINE (scm_gnutls_pkcs3_export_dh_parameters, c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); result = pkcs_export_parameters ((pkcs_export_function_t) - gnutls_dh_params_export_pkcs3, - (void *) c_dh_params, c_format, FUNC_NAME); + gnutls_dh_params_export_pkcs3, + (void *) c_dh_params, c_format, FUNC_NAME); return (result); } @@ -1175,9 +1175,9 @@ SCM_DEFINE (scm_gnutls_pkcs3_export_dh_parameters, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_session_dh_prime_bits_x, - "set-session-dh-prime-bits!", 2, 0, 0, - (SCM session, SCM bits), - "Use @var{bits} DH prime bits for @var{session}.") + "set-session-dh-prime-bits!", 2, 0, 0, + (SCM session, SCM bits), + "Use @var{bits} DH prime bits for @var{session}.") #define FUNC_NAME s_scm_gnutls_set_session_dh_prime_bits_x { unsigned int c_bits; @@ -1197,8 +1197,8 @@ SCM_DEFINE (scm_gnutls_set_session_dh_prime_bits_x, /* Anonymous credentials. */ SCM_DEFINE (scm_gnutls_make_anon_server_credentials, - "make-anonymous-server-credentials", - 0, 0, 0, (void), "Return anonymous server credentials.") + "make-anonymous-server-credentials", + 0, 0, 0, (void), "Return anonymous server credentials.") #define FUNC_NAME s_scm_gnutls_make_anon_server_credentials { int err; @@ -1215,8 +1215,8 @@ SCM_DEFINE (scm_gnutls_make_anon_server_credentials, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_make_anon_client_credentials, - "make-anonymous-client-credentials", - 0, 0, 0, (void), "Return anonymous client credentials.") + "make-anonymous-client-credentials", + 0, 0, 0, (void), "Return anonymous client credentials.") #define FUNC_NAME s_scm_gnutls_make_anon_client_credentials { int err; @@ -1233,10 +1233,10 @@ SCM_DEFINE (scm_gnutls_make_anon_client_credentials, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_anonymous_server_dh_parameters_x, - "set-anonymous-server-dh-parameters!", 2, 0, 0, - (SCM cred, SCM dh_params), - "Set the Diffie-Hellman parameters of anonymous server " - "credentials @var{cred}.") + "set-anonymous-server-dh-parameters!", 2, 0, 0, + (SCM cred, SCM dh_params), + "Set the Diffie-Hellman parameters of anonymous server " + "credentials @var{cred}.") #define FUNC_NAME s_scm_gnutls_set_anonymous_server_dh_parameters_x { gnutls_dh_params_t c_dh_params; @@ -1256,7 +1256,7 @@ SCM_DEFINE (scm_gnutls_set_anonymous_server_dh_parameters_x, /* RSA parameters. */ SCM_DEFINE (scm_gnutls_make_rsa_parameters, "make-rsa-parameters", 1, 0, 0, - (SCM bits), "Return new RSA parameters.") + (SCM bits), "Return new RSA parameters.") #define FUNC_NAME s_scm_gnutls_make_rsa_parameters { int err; @@ -1282,13 +1282,13 @@ SCM_DEFINE (scm_gnutls_make_rsa_parameters, "make-rsa-parameters", 1, 0, 0, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_pkcs1_import_rsa_parameters, - "pkcs1-import-rsa-parameters", - 2, 0, 0, - (SCM array, SCM format), - "Import Diffie-Hellman parameters in PKCS1 format (further " - "specified by @var{format}, an @code{x509-certificate-format} " - "value) from @var{array} (a homogeneous array) and return a " - "new @code{rsa-params} object.") + "pkcs1-import-rsa-parameters", + 2, 0, 0, + (SCM array, SCM format), + "Import Diffie-Hellman parameters in PKCS1 format (further " + "specified by @var{format}, an @code{x509-certificate-format} " + "value) from @var{array} (a homogeneous array) and return a " + "new @code{rsa-params} object.") #define FUNC_NAME s_scm_gnutls_pkcs1_import_rsa_parameters { int err; @@ -1327,13 +1327,13 @@ SCM_DEFINE (scm_gnutls_pkcs1_import_rsa_parameters, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_pkcs1_export_rsa_parameters, - "pkcs1-export-rsa-parameters", - 2, 0, 0, - (SCM rsa_params, SCM format), - "Export Diffie-Hellman parameters @var{rsa_params} in PKCS1 " - "format according for @var{format} (an " - "@code{x509-certificate-format} value). Return a " - "@code{u8vector} containing the result.") + "pkcs1-export-rsa-parameters", + 2, 0, 0, + (SCM rsa_params, SCM format), + "Export Diffie-Hellman parameters @var{rsa_params} in PKCS1 " + "format according for @var{format} (an " + "@code{x509-certificate-format} value). Return a " + "@code{u8vector} containing the result.") #define FUNC_NAME s_scm_gnutls_pkcs1_export_rsa_parameters { SCM result; @@ -1344,9 +1344,9 @@ SCM_DEFINE (scm_gnutls_pkcs1_export_rsa_parameters, c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); result = pkcs_export_parameters ((pkcs_export_function_t) - gnutls_rsa_params_export_pkcs1, - (void *) c_rsa_params, - c_format, FUNC_NAME); + gnutls_rsa_params_export_pkcs1, + (void *) c_rsa_params, + c_format, FUNC_NAME); return (result); } @@ -1358,18 +1358,18 @@ SCM_DEFINE (scm_gnutls_pkcs1_export_rsa_parameters, typedef int (*certificate_set_file_function_t) (gnutls_certificate_credentials_t, - const char *, - gnutls_x509_crt_fmt_t); + const char *, + gnutls_x509_crt_fmt_t); typedef int (*certificate_set_data_function_t) (gnutls_certificate_credentials_t, - const gnutls_datum_t *, - gnutls_x509_crt_fmt_t); + const gnutls_datum_t *, + gnutls_x509_crt_fmt_t); /* Helper function to implement the `set-file!' functions. */ static unsigned int set_certificate_file (certificate_set_file_function_t set_file, - SCM cred, SCM file, SCM format, const char *func_name) + SCM cred, SCM file, SCM format, const char *func_name) #define FUNC_NAME func_name { int err; @@ -1402,7 +1402,7 @@ set_certificate_file (certificate_set_file_function_t set_file, /* Helper function implementing the `set-data!' functions. */ static inline unsigned int set_certificate_data (certificate_set_data_function_t set_data, - SCM cred, SCM data, SCM format, const char *func_name) + SCM cred, SCM data, SCM format, const char *func_name) #define FUNC_NAME func_name { int err; @@ -1435,11 +1435,11 @@ set_certificate_data (certificate_set_data_function_t set_data, SCM_DEFINE (scm_gnutls_make_certificate_credentials, - "make-certificate-credentials", - 0, 0, 0, - (void), - "Return new certificate credentials (i.e., for use with " - "either X.509 or OpenPGP certificates.") + "make-certificate-credentials", + 0, 0, 0, + (void), + "Return new certificate credentials (i.e., for use with " + "either X.509 or OpenPGP certificates.") #define FUNC_NAME s_scm_gnutls_make_certificate_credentials { int err; @@ -1455,11 +1455,11 @@ SCM_DEFINE (scm_gnutls_make_certificate_credentials, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_dh_params_x, - "set-certificate-credentials-dh-parameters!", - 2, 0, 0, - (SCM cred, SCM dh_params), - "Use Diffie-Hellman parameters @var{dh_params} for " - "certificate credentials @var{cred}.") + "set-certificate-credentials-dh-parameters!", + 2, 0, 0, + (SCM cred, SCM dh_params), + "Use Diffie-Hellman parameters @var{dh_params} for " + "certificate credentials @var{cred}.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_dh_params_x { gnutls_dh_params_t c_dh_params; @@ -1476,11 +1476,11 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_dh_params_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_rsa_export_params_x, - "set-certificate-credentials-rsa-export-parameters!", - 2, 0, 0, - (SCM cred, SCM rsa_params), - "Use RSA parameters @var{rsa_params} for certificate " - "credentials @var{cred}.") + "set-certificate-credentials-rsa-export-parameters!", + 2, 0, 0, + (SCM cred, SCM rsa_params), + "Use RSA parameters @var{rsa_params} for certificate " + "credentials @var{cred}.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_rsa_export_params_x { gnutls_rsa_params_t c_rsa_params; @@ -1497,11 +1497,11 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_rsa_export_params_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_files_x, - "set-certificate-credentials-x509-key-files!", - 4, 0, 0, - (SCM cred, SCM cert_file, SCM key_file, SCM format), - "Use @var{file} as the password file for PSK server " - "credentials @var{cred}.") + "set-certificate-credentials-x509-key-files!", + 4, 0, 0, + (SCM cred, SCM cert_file, SCM key_file, SCM format), + "Use @var{file} as the password file for PSK server " + "credentials @var{cred}.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_key_files_x { int err; @@ -1522,13 +1522,13 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_files_x, c_key_file = (char *) alloca (c_key_file_len + 1); (void) scm_to_locale_stringbuf (cert_file, c_cert_file, - c_cert_file_len + 1); + c_cert_file_len + 1); c_cert_file[c_cert_file_len] = '\0'; (void) scm_to_locale_stringbuf (key_file, c_key_file, c_key_file_len + 1); c_key_file[c_key_file_len] = '\0'; err = gnutls_certificate_set_x509_key_file (c_cred, c_cert_file, c_key_file, - c_format); + c_format); if (EXPECT_FALSE (err)) scm_gnutls_error (err, FUNC_NAME); @@ -1538,18 +1538,18 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_files_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_trust_file_x, - "set-certificate-credentials-x509-trust-file!", - 3, 0, 0, - (SCM cred, SCM file, SCM format), - "Use @var{file} as the X.509 trust file for certificate " - "credentials @var{cred}. On success, return the number of " - "certificates processed.") + "set-certificate-credentials-x509-trust-file!", + 3, 0, 0, + (SCM cred, SCM file, SCM format), + "Use @var{file} as the X.509 trust file for certificate " + "credentials @var{cred}. On success, return the number of " + "certificates processed.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_trust_file_x { unsigned int count; count = set_certificate_file (gnutls_certificate_set_x509_trust_file, - cred, file, format, FUNC_NAME); + cred, file, format, FUNC_NAME); return scm_from_uint (count); } @@ -1557,18 +1557,18 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_trust_file_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_crl_file_x, - "set-certificate-credentials-x509-crl-file!", - 3, 0, 0, - (SCM cred, SCM file, SCM format), - "Use @var{file} as the X.509 CRL (certificate revocation list) " - "file for certificate credentials @var{cred}. On success, " - "return the number of CRLs processed.") + "set-certificate-credentials-x509-crl-file!", + 3, 0, 0, + (SCM cred, SCM file, SCM format), + "Use @var{file} as the X.509 CRL (certificate revocation list) " + "file for certificate credentials @var{cred}. On success, " + "return the number of CRLs processed.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_crl_file_x { unsigned int count; count = set_certificate_file (gnutls_certificate_set_x509_crl_file, - cred, file, format, FUNC_NAME); + cred, file, format, FUNC_NAME); return scm_from_uint (count); } @@ -1576,18 +1576,18 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_crl_file_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_trust_data_x, - "set-certificate-credentials-x509-trust-data!", - 3, 0, 0, - (SCM cred, SCM data, SCM format), - "Use @var{data} (a uniform array) as the X.509 trust " - "database for @var{cred}. On success, return the number " - "of certificates processed.") + "set-certificate-credentials-x509-trust-data!", + 3, 0, 0, + (SCM cred, SCM data, SCM format), + "Use @var{data} (a uniform array) as the X.509 trust " + "database for @var{cred}. On success, return the number " + "of certificates processed.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_trust_data_x { unsigned int count; count = set_certificate_data (gnutls_certificate_set_x509_trust_mem, - cred, data, format, FUNC_NAME); + cred, data, format, FUNC_NAME); return scm_from_uint (count); } @@ -1595,18 +1595,18 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_trust_data_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_crl_data_x, - "set-certificate-credentials-x509-crl-data!", - 3, 0, 0, - (SCM cred, SCM data, SCM format), - "Use @var{data} (a uniform array) as the X.509 CRL " - "(certificate revocation list) database for @var{cred}. " - "On success, return the number of CRLs processed.") + "set-certificate-credentials-x509-crl-data!", + 3, 0, 0, + (SCM cred, SCM data, SCM format), + "Use @var{data} (a uniform array) as the X.509 CRL " + "(certificate revocation list) database for @var{cred}. " + "On success, return the number of CRLs processed.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_crl_data_x { unsigned int count; count = set_certificate_data (gnutls_certificate_set_x509_crl_mem, - cred, data, format, FUNC_NAME); + cred, data, format, FUNC_NAME); return scm_from_uint (count); } @@ -1614,13 +1614,13 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_crl_data_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_data_x, - "set-certificate-credentials-x509-key-data!", - 4, 0, 0, - (SCM cred, SCM cert, SCM key, SCM format), - "Use X.509 certificate @var{cert} and private key @var{key}, " - "both uniform arrays containing the X.509 certificate and key " - "in format @var{format}, for certificate credentials " - "@var{cred}.") + "set-certificate-credentials-x509-key-data!", + 4, 0, 0, + (SCM cred, SCM cert, SCM key, SCM format), + "Use X.509 certificate @var{cert} and private key @var{key}, " + "both uniform arrays containing the X.509 certificate and key " + "in format @var{format}, for certificate credentials " + "@var{cred}.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_key_data_x { int err; @@ -1639,7 +1639,7 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_data_x, /* FIXME: If the second call fails, an exception is raised and C_CERT_HANDLE is not released. */ c_cert = scm_gnutls_get_array (cert, &c_cert_handle, &c_cert_len, - FUNC_NAME); + FUNC_NAME); c_key = scm_gnutls_get_array (key, &c_key_handle, &c_key_len, FUNC_NAME); c_cert_d.data = (unsigned char *) c_cert; @@ -1648,7 +1648,7 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_data_x, c_key_d.size = c_key_len; err = gnutls_certificate_set_x509_key_mem (c_cred, &c_cert_d, &c_key_d, - c_format); + c_format); scm_gnutls_release_array (&c_cert_handle); scm_gnutls_release_array (&c_key_handle); @@ -1661,12 +1661,12 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_data_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_keys_x, - "set-certificate-credentials-x509-keys!", - 3, 0, 0, - (SCM cred, SCM certs, SCM privkey), - "Have certificate credentials @var{cred} use the X.509 " - "certificates listed in @var{certs} and X.509 private key " - "@var{privkey}.") + "set-certificate-credentials-x509-keys!", + 3, 0, 0, + (SCM cred, SCM certs, SCM privkey), + "Have certificate credentials @var{cred} use the X.509 " + "certificates listed in @var{certs} and X.509 private key " + "@var{privkey}.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_x509_keys_x { int err; @@ -1683,11 +1683,11 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_keys_x, for (i = 0; scm_is_pair (certs); certs = SCM_CDR (certs), i++) { c_certs[i] = scm_to_gnutls_x509_certificate (SCM_CAR (certs), - 2, FUNC_NAME); + 2, FUNC_NAME); } err = gnutls_certificate_set_x509_key (c_cred, c_certs, c_cert_count, - c_key); + c_key); if (EXPECT_FALSE (err)) scm_gnutls_error (err, FUNC_NAME); @@ -1697,13 +1697,13 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_keys_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_limits_x, - "set-certificate-credentials-verify-limits!", - 3, 0, 0, - (SCM cred, SCM max_bits, SCM max_depth), - "Set the verification limits of @code{peer-certificate-status} " - "for certificate credentials @var{cred} to @var{max_bits} " - "bits for an acceptable certificate and @var{max_depth} " - "as the maximum depth of a certificate chain.") + "set-certificate-credentials-verify-limits!", + 3, 0, 0, + (SCM cred, SCM max_bits, SCM max_depth), + "Set the verification limits of @code{peer-certificate-status} " + "for certificate credentials @var{cred} to @var{max_bits} " + "bits for an acceptable certificate and @var{max_depth} " + "as the maximum depth of a certificate chain.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_verify_limits_x { gnutls_certificate_credentials_t c_cred; @@ -1721,11 +1721,11 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_limits_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_flags_x, - "set-certificate-credentials-verify-flags!", - 1, 0, 1, - (SCM cred, SCM flags), - "Set the certificate verification flags to @var{flags}, a " - "series of @code{certificate-verify} values.") + "set-certificate-credentials-verify-flags!", + 1, 0, 1, + (SCM cred, SCM flags), + "Set the certificate verification flags to @var{flags}, a " + "series of @code{certificate-verify} values.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_verify_flags_x { unsigned int c_flags, c_pos; @@ -1737,7 +1737,7 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_flags_x, !scm_is_null (flags); flags = SCM_CDR (flags), c_pos++) { c_flags |= (unsigned int) - scm_to_gnutls_certificate_verify (SCM_CAR (flags), c_pos, FUNC_NAME); + scm_to_gnutls_certificate_verify (SCM_CAR (flags), c_pos, FUNC_NAME); } gnutls_certificate_set_verify_flags (c_cred, c_flags); @@ -1748,12 +1748,12 @@ SCM_DEFINE (scm_gnutls_set_certificate_credentials_verify_flags_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_peer_certificate_status, "peer-certificate-status", - 1, 0, 0, - (SCM session), - "Verify the peer certificate for @var{session} and return " - "a list of @code{certificate-status} values (such as " - "@code{certificate-status/revoked}), or the empty list if " - "the certificate is valid.") + 1, 0, 0, + (SCM session), + "Verify the peer certificate for @var{session} and return " + "a list of @code{certificate-status} values (such as " + "@code{certificate-status/revoked}), or the empty list if " + "the certificate is valid.") #define FUNC_NAME s_scm_gnutls_peer_certificate_status { int err; @@ -1797,8 +1797,8 @@ SCM_DEFINE (scm_gnutls_peer_certificate_status, "peer-certificate-status", #ifdef ENABLE_SRP SCM_DEFINE (scm_gnutls_make_srp_server_credentials, - "make-srp-server-credentials", - 0, 0, 0, (void), "Return new SRP server credentials.") + "make-srp-server-credentials", + 0, 0, 0, (void), "Return new SRP server credentials.") #define FUNC_NAME s_scm_gnutls_make_srp_server_credentials { int err; @@ -1814,11 +1814,11 @@ SCM_DEFINE (scm_gnutls_make_srp_server_credentials, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_srp_server_credentials_files_x, - "set-srp-server-credentials-files!", - 3, 0, 0, - (SCM cred, SCM password_file, SCM password_conf_file), - "Set the credentials files for @var{cred}, an SRP server " - "credentials object.") + "set-srp-server-credentials-files!", + 3, 0, 0, + (SCM cred, SCM password_file, SCM password_conf_file), + "Set the credentials files for @var{cred}, an SRP server " + "credentials object.") #define FUNC_NAME s_scm_gnutls_set_srp_server_credentials_files_x { int err; @@ -1837,14 +1837,14 @@ SCM_DEFINE (scm_gnutls_set_srp_server_credentials_files_x, c_password_conf_file = (char *) alloca (c_password_conf_file_len + 1); (void) scm_to_locale_stringbuf (password_file, c_password_file, - c_password_file_len + 1); + c_password_file_len + 1); c_password_file[c_password_file_len] = '\0'; (void) scm_to_locale_stringbuf (password_conf_file, c_password_conf_file, - c_password_conf_file_len + 1); + c_password_conf_file_len + 1); c_password_conf_file[c_password_conf_file_len] = '\0'; err = gnutls_srp_set_server_credentials_file (c_cred, c_password_file, - c_password_conf_file); + c_password_conf_file); if (EXPECT_FALSE (err)) scm_gnutls_error (err, FUNC_NAME); @@ -1854,8 +1854,8 @@ SCM_DEFINE (scm_gnutls_set_srp_server_credentials_files_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_make_srp_client_credentials, - "make-srp-client-credentials", - 0, 0, 0, (void), "Return new SRP client credentials.") + "make-srp-client-credentials", + 0, 0, 0, (void), "Return new SRP client credentials.") #define FUNC_NAME s_scm_gnutls_make_srp_client_credentials { int err; @@ -1872,11 +1872,11 @@ SCM_DEFINE (scm_gnutls_make_srp_client_credentials, SCM_DEFINE (scm_gnutls_set_srp_client_credentials_x, - "set-srp-client-credentials!", - 3, 0, 0, - (SCM cred, SCM username, SCM password), - "Use @var{username} and @var{password} as the credentials " - "for @var{cred}, a client-side SRP credentials object.") + "set-srp-client-credentials!", + 3, 0, 0, + (SCM cred, SCM username, SCM password), + "Use @var{username} and @var{password} as the credentials " + "for @var{cred}, a client-side SRP credentials object.") #define FUNC_NAME s_scm_gnutls_make_srp_client_credentials { int err; @@ -1909,11 +1909,11 @@ SCM_DEFINE (scm_gnutls_set_srp_client_credentials_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_server_session_srp_username, - "server-session-srp-username", - 1, 0, 0, - (SCM session), - "Return the SRP username used in @var{session} (a server-side " - "session).") + "server-session-srp-username", + 1, 0, 0, + (SCM session), + "Return the SRP username used in @var{session} (a server-side " + "session).") #define FUNC_NAME s_scm_gnutls_server_session_srp_username { SCM result; @@ -1934,10 +1934,10 @@ SCM_DEFINE (scm_gnutls_server_session_srp_username, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_srp_base64_encode, "srp-base64-encode", - 1, 0, 0, - (SCM str), - "Encode @var{str} using SRP's base64 algorithm. Return " - "the encoded string.") + 1, 0, 0, + (SCM str), + "Encode @var{str} using SRP's base64 algorithm. Return " + "the encoded string.") #define FUNC_NAME s_scm_gnutls_srp_base64_encode { int err; @@ -1965,20 +1965,20 @@ SCM_DEFINE (scm_gnutls_srp_base64_encode, "srp-base64-encode", { c_result_actual_len = c_result_len; err = gnutls_srp_base64_encode (&c_str_d, c_result, - &c_result_actual_len); + &c_result_actual_len); if (err == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - char *c_new_buf; - - c_new_buf = scm_realloc (c_result, c_result_len * 2); - if (EXPECT_FALSE (c_new_buf == NULL)) - { - free (c_result); - scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); - } - else - c_result = c_new_buf, c_result_len *= 2; - } + { + char *c_new_buf; + + c_new_buf = scm_realloc (c_result, c_result_len * 2); + if (EXPECT_FALSE (c_new_buf == NULL)) + { + free (c_result); + scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); + } + else + c_result = c_new_buf, c_result_len *= 2; + } } while (EXPECT_FALSE (err == GNUTLS_E_SHORT_MEMORY_BUFFER)); @@ -1997,10 +1997,10 @@ SCM_DEFINE (scm_gnutls_srp_base64_encode, "srp-base64-encode", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_srp_base64_decode, "srp-base64-decode", - 1, 0, 0, - (SCM str), - "Decode @var{str}, an SRP-base64 encoded string, and return " - "the decoded string.") + 1, 0, 0, + (SCM str), + "Decode @var{str}, an SRP-base64 encoded string, and return " + "the decoded string.") #define FUNC_NAME s_scm_gnutls_srp_base64_decode { int err; @@ -2040,8 +2040,8 @@ SCM_DEFINE (scm_gnutls_srp_base64_decode, "srp-base64-decode", /* PSK credentials. */ SCM_DEFINE (scm_gnutls_make_psk_server_credentials, - "make-psk-server-credentials", - 0, 0, 0, (void), "Return new PSK server credentials.") + "make-psk-server-credentials", + 0, 0, 0, (void), "Return new PSK server credentials.") #define FUNC_NAME s_scm_gnutls_make_psk_server_credentials { int err; @@ -2057,11 +2057,11 @@ SCM_DEFINE (scm_gnutls_make_psk_server_credentials, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_psk_server_credentials_file_x, - "set-psk-server-credentials-file!", - 2, 0, 0, - (SCM cred, SCM file), - "Use @var{file} as the password file for PSK server " - "credentials @var{cred}.") + "set-psk-server-credentials-file!", + 2, 0, 0, + (SCM cred, SCM file), + "Use @var{file} as the password file for PSK server " + "credentials @var{cred}.") #define FUNC_NAME s_scm_gnutls_set_psk_server_credentials_file_x { int err; @@ -2088,8 +2088,8 @@ SCM_DEFINE (scm_gnutls_set_psk_server_credentials_file_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_make_psk_client_credentials, - "make-psk-client-credentials", - 0, 0, 0, (void), "Return a new PSK client credentials object.") + "make-psk-client-credentials", + 0, 0, 0, (void), "Return a new PSK client credentials object.") #define FUNC_NAME s_scm_gnutls_make_psk_client_credentials { int err; @@ -2105,11 +2105,11 @@ SCM_DEFINE (scm_gnutls_make_psk_client_credentials, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_psk_client_credentials_x, - "set-psk-client-credentials!", - 4, 0, 0, - (SCM cred, SCM username, SCM key, SCM key_format), - "Set the client credentials for @var{cred}, a PSK client " - "credentials object.") + "set-psk-client-credentials!", + 4, 0, 0, + (SCM cred, SCM username, SCM key, SCM key_format), + "Set the client credentials for @var{cred}, a PSK client " + "credentials object.") #define FUNC_NAME s_scm_gnutls_set_psk_client_credentials_x { int err; @@ -2137,7 +2137,7 @@ SCM_DEFINE (scm_gnutls_set_psk_client_credentials_x, c_datum.size = c_key_len; err = gnutls_psk_set_client_credentials (c_cred, c_username, - &c_datum, c_key_format); + &c_datum, c_key_format); scm_gnutls_release_array (&c_handle); if (EXPECT_FALSE (err)) @@ -2149,11 +2149,11 @@ SCM_DEFINE (scm_gnutls_set_psk_client_credentials_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_server_session_psk_username, - "server-session-psk-username", - 1, 0, 0, - (SCM session), - "Return the username associated with PSK server session " - "@var{session}.") + "server-session-psk-username", + 1, 0, 0, + (SCM session), + "Return the username associated with PSK server session " + "@var{session}.") #define FUNC_NAME s_scm_gnutls_server_session_psk_username { SCM result; @@ -2177,11 +2177,11 @@ SCM_DEFINE (scm_gnutls_server_session_psk_username, /* X.509 certificates. */ SCM_DEFINE (scm_gnutls_import_x509_certificate, "import-x509-certificate", - 2, 0, 0, - (SCM data, SCM format), - "Return a new X.509 certificate object resulting from the " - "import of @var{data} (a uniform array) according to " - "@var{format}.") + 2, 0, 0, + (SCM data, SCM format), + "Return a new X.509 certificate object resulting from the " + "import of @var{data} (a uniform array) according to " + "@var{format}.") #define FUNC_NAME s_scm_gnutls_import_x509_certificate { int err; @@ -2196,7 +2196,7 @@ SCM_DEFINE (scm_gnutls_import_x509_certificate, "import-x509-certificate", c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len, - FUNC_NAME); + FUNC_NAME); c_data_d.data = (unsigned char *) c_data; c_data_d.size = c_data_len; @@ -2222,11 +2222,11 @@ SCM_DEFINE (scm_gnutls_import_x509_certificate, "import-x509-certificate", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_import_x509_private_key, "import-x509-private-key", - 2, 0, 0, - (SCM data, SCM format), - "Return a new X.509 private key object resulting from the " - "import of @var{data} (a uniform array) according to " - "@var{format}.") + 2, 0, 0, + (SCM data, SCM format), + "Return a new X.509 private key object resulting from the " + "import of @var{data} (a uniform array) according to " + "@var{format}.") #define FUNC_NAME s_scm_gnutls_import_x509_private_key { int err; @@ -2241,7 +2241,7 @@ SCM_DEFINE (scm_gnutls_import_x509_private_key, "import-x509-private-key", c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME); c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len, - FUNC_NAME); + FUNC_NAME); c_data_d.data = (unsigned char *) c_data; c_data_d.size = c_data_len; @@ -2267,15 +2267,15 @@ SCM_DEFINE (scm_gnutls_import_x509_private_key, "import-x509-private-key", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_pkcs8_import_x509_private_key, - "pkcs8-import-x509-private-key", - 2, 2, 0, - (SCM data, SCM format, SCM pass, SCM encrypted), - "Return a new X.509 private key object resulting from the " - "import of @var{data} (a uniform array) according to " - "@var{format}. Optionally, if @var{pass} is not @code{#f}, " - "it should be a string denoting a passphrase. " - "@var{encrypted} tells whether the private key is encrypted " - "(@code{#t} by default).") + "pkcs8-import-x509-private-key", + 2, 2, 0, + (SCM data, SCM format, SCM pass, SCM encrypted), + "Return a new X.509 private key object resulting from the " + "import of @var{data} (a uniform array) according to " + "@var{format}. Optionally, if @var{pass} is not @code{#f}, " + "it should be a string denoting a passphrase. " + "@var{encrypted} tells whether the private key is encrypted " + "(@code{#t} by default).") #define FUNC_NAME s_scm_gnutls_pkcs8_import_x509_private_key { int err; @@ -2306,13 +2306,13 @@ SCM_DEFINE (scm_gnutls_pkcs8_import_x509_private_key, { SCM_VALIDATE_BOOL (4, encrypted); if (scm_is_true (encrypted)) - c_flags = 0; + c_flags = 0; else - c_flags = GNUTLS_PKCS8_PLAIN; + c_flags = GNUTLS_PKCS8_PLAIN; } c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len, - FUNC_NAME); + FUNC_NAME); c_data_d.data = (unsigned char *) c_data; c_data_d.size = c_data_len; @@ -2324,7 +2324,7 @@ SCM_DEFINE (scm_gnutls_pkcs8_import_x509_private_key, } err = gnutls_x509_privkey_import_pkcs8 (c_key, &c_data_d, c_format, c_pass, - c_flags); + c_flags); scm_gnutls_release_array (&c_data_handle); if (EXPECT_FALSE (err)) @@ -2361,11 +2361,11 @@ SCM_DEFINE (scm_gnutls_pkcs8_import_x509_private_key, return (scm_from_locale_string (c_dn)); SCM_DEFINE (scm_gnutls_x509_certificate_dn, "x509-certificate-dn", - 1, 0, 0, - (SCM cert), - "Return the distinguished name (DN) of X.509 certificate " - "@var{cert}. The form of the DN is as described in @uref{" - "http://tools.ietf.org/html/rfc2253, RFC 2253}.") + 1, 0, 0, + (SCM cert), + "Return the distinguished name (DN) of X.509 certificate " + "@var{cert}. The form of the DN is as described in @uref{" + "http://tools.ietf.org/html/rfc2253, RFC 2253}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_dn { X509_CERTIFICATE_DN_FUNCTION_BODY (gnutls_x509_crt_get_dn); @@ -2374,11 +2374,11 @@ SCM_DEFINE (scm_gnutls_x509_certificate_dn, "x509-certificate-dn", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_issuer_dn, - "x509-certificate-issuer-dn", - 1, 0, 0, - (SCM cert), - "Return the distinguished name (DN) of X.509 certificate " - "@var{cert}.") + "x509-certificate-issuer-dn", + 1, 0, 0, + (SCM cert), + "Return the distinguished name (DN) of X.509 certificate " + "@var{cert}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_issuer_dn { X509_CERTIFICATE_DN_FUNCTION_BODY (gnutls_x509_crt_get_issuer_dn); @@ -2437,10 +2437,10 @@ SCM_DEFINE (scm_gnutls_x509_certificate_issuer_dn, return result; SCM_DEFINE (scm_gnutls_x509_certificate_dn_oid, "x509-certificate-dn-oid", - 2, 0, 0, - (SCM cert, SCM index), - "Return OID (a string) at @var{index} from @var{cert}. " - "Return @code{#f} if no OID is available at @var{index}.") + 2, 0, 0, + (SCM cert, SCM index), + "Return OID (a string) at @var{index} from @var{cert}. " + "Return @code{#f} if no OID is available at @var{index}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_dn_oid { X509_CERTIFICATE_DN_OID_FUNCTION_BODY (gnutls_x509_crt_get_dn_oid); @@ -2449,12 +2449,12 @@ SCM_DEFINE (scm_gnutls_x509_certificate_dn_oid, "x509-certificate-dn-oid", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_issuer_dn_oid, - "x509-certificate-issuer-dn-oid", - 2, 0, 0, - (SCM cert, SCM index), - "Return the OID (a string) at @var{index} from @var{cert}'s " - "issuer DN. Return @code{#f} if no OID is available at " - "@var{index}.") + "x509-certificate-issuer-dn-oid", + 2, 0, 0, + (SCM cert, SCM index), + "Return the OID (a string) at @var{index} from @var{cert}'s " + "issuer DN. Return @code{#f} if no OID is available at " + "@var{index}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_issuer_dn_oid { X509_CERTIFICATE_DN_OID_FUNCTION_BODY (gnutls_x509_crt_get_issuer_dn_oid); @@ -2466,13 +2466,13 @@ SCM_DEFINE (scm_gnutls_x509_certificate_issuer_dn_oid, SCM_DEFINE (scm_gnutls_x509_certificate_matches_hostname_p, - "x509-certificate-matches-hostname?", - 2, 0, 0, - (SCM cert, SCM hostname), - "Return true if @var{cert} matches @var{hostname}, a string " - "denoting a DNS host name. This is the basic implementation " - "of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. " - "HTTPS).") + "x509-certificate-matches-hostname?", + 2, 0, 0, + (SCM cert, SCM hostname), + "Return true if @var{cert} matches @var{hostname}, a string " + "denoting a DNS host name. This is the basic implementation " + "of @uref{http://tools.ietf.org/html/rfc2818, RFC 2818} (aka. " + "HTTPS).") #define FUNC_NAME s_scm_gnutls_x509_certificate_matches_hostname_p { SCM result; @@ -2500,11 +2500,11 @@ SCM_DEFINE (scm_gnutls_x509_certificate_matches_hostname_p, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_signature_algorithm, - "x509-certificate-signature-algorithm", - 1, 0, 0, - (SCM cert), - "Return the signature algorithm used by @var{cert} (i.e., " - "one of the @code{sign-algorithm/} values).") + "x509-certificate-signature-algorithm", + 1, 0, 0, + (SCM cert), + "Return the signature algorithm used by @var{cert} (i.e., " + "one of the @code{sign-algorithm/} values).") #define FUNC_NAME s_scm_gnutls_x509_certificate_signature_algorithm { int c_result; @@ -2522,12 +2522,12 @@ SCM_DEFINE (scm_gnutls_x509_certificate_signature_algorithm, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_public_key_algorithm, - "x509-certificate-public-key-algorithm", - 1, 0, 0, - (SCM cert), - "Return two values: the public key algorithm (i.e., " - "one of the @code{pk-algorithm/} values) of @var{cert} " - "and the number of bits used.") + "x509-certificate-public-key-algorithm", + 1, 0, 0, + (SCM cert), + "Return two values: the public key algorithm (i.e., " + "one of the @code{pk-algorithm/} values) of @var{cert} " + "and the number of bits used.") #define FUNC_NAME s_scm_gnutls_x509_certificate_public_key_algorithm { gnutls_x509_crt_t c_cert; @@ -2539,18 +2539,18 @@ SCM_DEFINE (scm_gnutls_x509_certificate_public_key_algorithm, c_pk = gnutls_x509_crt_get_pk_algorithm (c_cert, &c_bits); return (scm_values (scm_list_2 (scm_from_gnutls_pk_algorithm (c_pk), - scm_from_uint (c_bits)))); + scm_from_uint (c_bits)))); } #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_key_usage, - "x509-certificate-key-usage", - 1, 0, 0, - (SCM cert), - "Return the key usage of @var{cert} (i.e., a list of " - "@code{key-usage/} values), or the empty list if @var{cert} " - "does not contain such information.") + "x509-certificate-key-usage", + 1, 0, 0, + (SCM cert), + "Return the key usage of @var{cert} (i.e., a list of " + "@code{key-usage/} values), or the empty list if @var{cert} " + "does not contain such information.") #define FUNC_NAME s_scm_gnutls_x509_certificate_key_usage { int err; @@ -2564,9 +2564,9 @@ SCM_DEFINE (scm_gnutls_x509_certificate_key_usage, if (EXPECT_FALSE (err)) { if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - usage = SCM_EOL; + usage = SCM_EOL; else - scm_gnutls_error (err, FUNC_NAME); + scm_gnutls_error (err, FUNC_NAME); } else usage = scm_from_gnutls_key_usage_flags (c_usage); @@ -2577,7 +2577,7 @@ SCM_DEFINE (scm_gnutls_x509_certificate_key_usage, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_version, "x509-certificate-version", - 1, 0, 0, (SCM cert), "Return the version of @var{cert}.") + 1, 0, 0, (SCM cert), "Return the version of @var{cert}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_version { int c_result; @@ -2595,11 +2595,11 @@ SCM_DEFINE (scm_gnutls_x509_certificate_version, "x509-certificate-version", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_key_id, "x509-certificate-key-id", - 1, 0, 0, - (SCM cert), - "Return a statistically unique ID (a u8vector) for @var{cert} " - "that depends on its public key parameters. This is normally " - "a 20-byte SHA-1 hash.") + 1, 0, 0, + (SCM cert), + "Return a statistically unique ID (a u8vector) for @var{cert} " + "that depends on its public key parameters. This is normally " + "a 20-byte SHA-1 hash.") #define FUNC_NAME s_scm_gnutls_x509_certificate_key_id { int err; @@ -2627,11 +2627,11 @@ SCM_DEFINE (scm_gnutls_x509_certificate_key_id, "x509-certificate-key-id", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_authority_key_id, - "x509-certificate-authority-key-id", - 1, 0, 0, - (SCM cert), - "Return the key ID (a u8vector) of the X.509 certificate " - "authority of @var{cert}.") + "x509-certificate-authority-key-id", + 1, 0, 0, + (SCM cert), + "Return the key ID (a u8vector) of the X.509 certificate " + "authority of @var{cert}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_authority_key_id { int err; @@ -2659,10 +2659,10 @@ SCM_DEFINE (scm_gnutls_x509_certificate_authority_key_id, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_subject_key_id, - "x509-certificate-subject-key-id", - 1, 0, 0, - (SCM cert), - "Return the subject key ID (a u8vector) for @var{cert}.") + "x509-certificate-subject-key-id", + 1, 0, 0, + (SCM cert), + "Return the subject key ID (a u8vector) for @var{cert}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_subject_key_id { int err; @@ -2690,14 +2690,14 @@ SCM_DEFINE (scm_gnutls_x509_certificate_subject_key_id, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_x509_certificate_subject_alternative_name, - "x509-certificate-subject-alternative-name", - 2, 0, 0, - (SCM cert, SCM index), - "Return two values: the alternative name type for @var{cert} " - "(i.e., one of the @code{x509-subject-alternative-name/} values) " - "and the actual subject alternative name (a string) at " - "@var{index}. Both values are @code{#f} if no alternative name " - "is available at @var{index}.") + "x509-certificate-subject-alternative-name", + 2, 0, 0, + (SCM cert, SCM index), + "Return two values: the alternative name type for @var{cert} " + "(i.e., one of the @code{x509-subject-alternative-name/} values) " + "and the actual subject alternative name (a string) at " + "@var{index}. Both values are @code{#f} if no alternative name " + "is available at @var{index}.") #define FUNC_NAME s_scm_gnutls_x509_certificate_subject_alternative_name { int err; @@ -2715,13 +2715,13 @@ SCM_DEFINE (scm_gnutls_x509_certificate_subject_alternative_name, { c_name_actual_len = c_name_len; err = gnutls_x509_crt_get_subject_alt_name (c_cert, c_index, - c_name, &c_name_actual_len, - NULL); + c_name, &c_name_actual_len, + NULL); if (err == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - c_name = scm_realloc (c_name, c_name_len * 2); - c_name_len *= 2; - } + { + c_name = scm_realloc (c_name, c_name_len * 2); + c_name_len *= 2; + } } while (err == GNUTLS_E_SHORT_MEMORY_BUFFER); @@ -2730,19 +2730,19 @@ SCM_DEFINE (scm_gnutls_x509_certificate_subject_alternative_name, free (c_name); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - result = scm_values (scm_list_2 (SCM_BOOL_F, SCM_BOOL_F)); + result = scm_values (scm_list_2 (SCM_BOOL_F, SCM_BOOL_F)); else - scm_gnutls_error (err, FUNC_NAME); + scm_gnutls_error (err, FUNC_NAME); } else { if (c_name_actual_len < c_name_len) - c_name = scm_realloc (c_name, c_name_actual_len); + c_name = scm_realloc (c_name, c_name_actual_len); result = - scm_values (scm_list_2 - (scm_from_gnutls_x509_subject_alternative_name (err), - scm_take_locale_string (c_name))); + scm_values (scm_list_2 + (scm_from_gnutls_x509_subject_alternative_name (err), + scm_take_locale_string (c_name))); } return result; @@ -2760,14 +2760,14 @@ scm_gnutls_log (int level, const char *str) { if (scm_is_true (log_procedure)) (void) scm_call_2 (log_procedure, scm_from_int (level), - scm_from_locale_string (str)); + scm_from_locale_string (str)); } SCM_DEFINE (scm_gnutls_set_log_procedure_x, "set-log-procedure!", - 1, 0, 0, - (SCM proc), - "Use @var{proc} (a two-argument procedure) as the global " - "GnuTLS log procedure.") + 1, 0, 0, + (SCM proc), + "Use @var{proc} (a two-argument procedure) as the global " + "GnuTLS log procedure.") #define FUNC_NAME s_scm_gnutls_set_log_procedure_x { SCM_VALIDATE_PROC (1, proc); @@ -2784,8 +2784,8 @@ SCM_DEFINE (scm_gnutls_set_log_procedure_x, "set-log-procedure!", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_set_log_level_x, "set-log-level!", 1, 0, 0, - (SCM level), - "Enable GnuTLS logging up to @var{level} (an integer).") + (SCM level), + "Enable GnuTLS logging up to @var{level} (an integer).") #define FUNC_NAME s_scm_gnutls_set_log_level_x { unsigned int c_level; diff --git a/guile/src/extra.c b/guile/src/extra.c index 86a6ee7751..1cbbb886f7 100644 --- a/guile/src/extra.c +++ b/guile/src/extra.c @@ -54,10 +54,10 @@ #define GUILE_GNUTLS_MAX_OPENPGP_NAME_LENGTH 2048 SCM_DEFINE (scm_gnutls_import_openpgp_certificate, - "import-openpgp-certificate", 2, 0, 0, (SCM data, SCM format), - "Return a new OpenPGP certificate object resulting from the " - "import of @var{data} (a uniform array) according to " - "@var{format}.") + "import-openpgp-certificate", 2, 0, 0, (SCM data, SCM format), + "Return a new OpenPGP certificate object resulting from the " + "import of @var{data} (a uniform array) according to " + "@var{format}.") #define FUNC_NAME s_scm_gnutls_import_openpgp_certificate { int err; @@ -72,7 +72,7 @@ SCM_DEFINE (scm_gnutls_import_openpgp_certificate, c_format = scm_to_gnutls_openpgp_certificate_format (format, 2, FUNC_NAME); c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len, - FUNC_NAME); + FUNC_NAME); c_data_d.data = (unsigned char *) c_data; c_data_d.size = c_data_len; @@ -98,11 +98,11 @@ SCM_DEFINE (scm_gnutls_import_openpgp_certificate, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_import_openpgp_private_key, - "import-openpgp-private-key", 2, 1, 0, (SCM data, SCM format, - SCM pass), - "Return a new OpenPGP private key object resulting from the " - "import of @var{data} (a uniform array) according to " - "@var{format}. Optionally, a passphrase may be provided.") + "import-openpgp-private-key", 2, 1, 0, (SCM data, SCM format, + SCM pass), + "Return a new OpenPGP private key object resulting from the " + "import of @var{data} (a uniform array) according to " + "@var{format}. Optionally, a passphrase may be provided.") #define FUNC_NAME s_scm_gnutls_import_openpgp_private_key { int err; @@ -127,7 +127,7 @@ SCM_DEFINE (scm_gnutls_import_openpgp_private_key, } c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len, - FUNC_NAME); + FUNC_NAME); c_data_d.data = (unsigned char *) c_data; c_data_d.size = c_data_len; @@ -139,7 +139,7 @@ SCM_DEFINE (scm_gnutls_import_openpgp_private_key, } err = gnutls_openpgp_privkey_import (c_key, &c_data_d, c_format, c_pass, - 0 /* currently unused */ ); + 0 /* currently unused */ ); scm_gnutls_release_array (&c_data_handle); if (EXPECT_FALSE (err)) @@ -154,10 +154,10 @@ SCM_DEFINE (scm_gnutls_import_openpgp_private_key, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_id, "openpgp-certificate-id", - 1, 0, 0, - (SCM key), - "Return the ID (an 8-element u8vector) of certificate " - "@var{key}.") + 1, 0, 0, + (SCM key), + "Return the ID (an 8-element u8vector) of certificate " + "@var{key}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_id { int err; @@ -180,10 +180,10 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_id, "openpgp-certificate-id", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_id_x, "openpgp-certificate-id!", - 2, 0, 0, - (SCM key, SCM id), - "Store the ID (an 8 byte sequence) of certificate " - "@var{key} in @var{id} (a u8vector).") + 2, 0, 0, + (SCM key, SCM id), + "Store the ID (an 8 byte sequence) of certificate " + "@var{key} in @var{id} (a u8vector).") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_id_x { int err; @@ -194,7 +194,7 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_id_x, "openpgp-certificate-id!", c_key = scm_to_gnutls_openpgp_certificate (key, 1, FUNC_NAME); c_id = scm_gnutls_get_writable_array (id, &c_id_handle, &c_id_size, - FUNC_NAME); + FUNC_NAME); if (EXPECT_FALSE (c_id_size < 8)) { @@ -214,11 +214,11 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_id_x, "openpgp-certificate-id!", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerpint_x, - "openpgp-certificate-fingerprint!", - 2, 0, 0, - (SCM key, SCM fpr), - "Store in @var{fpr} (a u8vector) the fingerprint of @var{key}. " - "Return the number of bytes stored in @var{fpr}.") + "openpgp-certificate-fingerprint!", + 2, 0, 0, + (SCM key, SCM fpr), + "Store in @var{fpr} (a u8vector) the fingerprint of @var{key}. " + "Return the number of bytes stored in @var{fpr}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_fingerpint_x { int err; @@ -231,7 +231,7 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerpint_x, SCM_VALIDATE_ARRAY (2, fpr); c_fpr = scm_gnutls_get_writable_array (fpr, &c_fpr_handle, &c_fpr_len, - FUNC_NAME); + FUNC_NAME); err = gnutls_openpgp_crt_get_fingerprint (c_key, c_fpr, &c_actual_len); scm_gnutls_release_array (&c_fpr_handle); @@ -245,10 +245,10 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerpint_x, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerprint, - "openpgp-certificate-fingerprint", - 1, 0, 0, - (SCM key), - "Return a new u8vector denoting the fingerprint of " "@var{key}.") + "openpgp-certificate-fingerprint", + 1, 0, 0, + (SCM key), + "Return a new u8vector denoting the fingerprint of " "@var{key}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_fingerprint { int err; @@ -269,22 +269,22 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerprint, c_actual_len = 0; err = gnutls_openpgp_crt_get_fingerprint (c_key, c_fpr, &c_actual_len); if (err == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - /* Grow C_FPR. */ - unsigned char *c_new; - - c_new = (unsigned char *) realloc (c_fpr, c_fpr_len * 2); - if (EXPECT_FALSE (c_new == NULL)) - { - free (c_fpr); - scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); - } - else - { - c_fpr_len *= 2; - c_fpr = c_new; - } - } + { + /* Grow C_FPR. */ + unsigned char *c_new; + + c_new = (unsigned char *) realloc (c_fpr, c_fpr_len * 2); + if (EXPECT_FALSE (c_new == NULL)) + { + free (c_fpr); + scm_gnutls_error (GNUTLS_E_MEMORY_ERROR, FUNC_NAME); + } + else + { + c_fpr_len *= 2; + c_fpr = c_new; + } + } } while (err == GNUTLS_E_SHORT_MEMORY_BUFFER); @@ -304,9 +304,9 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_fingerprint, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_name, "openpgp-certificate-name", - 2, 0, 0, - (SCM key, SCM index), - "Return the @var{index}th name of @var{key}.") + 2, 0, 0, + (SCM key, SCM index), + "Return the @var{index}th name of @var{key}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_name { int err; @@ -329,7 +329,7 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_name, "openpgp-certificate-name", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_names, "openpgp-certificate-names", - 1, 0, 0, (SCM key), "Return the list of names for @var{key}.") + 1, 0, 0, (SCM key), "Return the list of names for @var{key}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_names { int err; @@ -345,10 +345,10 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_names, "openpgp-certificate-names", { err = gnutls_openpgp_crt_get_name (c_key, c_index, c_name, &c_name_len); if (!err) - { - result = scm_cons (scm_from_locale_string (c_name), result); - c_index++; - } + { + result = scm_cons (scm_from_locale_string (c_name), result); + c_index++; + } } while (!err); @@ -361,11 +361,11 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_names, "openpgp-certificate-names", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_algorithm, - "openpgp-certificate-algorithm", - 1, 0, 0, - (SCM key), - "Return two values: the certificate algorithm used by " - "@var{key} and the number of bits used.") + "openpgp-certificate-algorithm", + 1, 0, 0, + (SCM key), + "Return two values: the certificate algorithm used by " + "@var{key} and the number of bits used.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_algorithm { gnutls_openpgp_crt_t c_key; @@ -376,17 +376,17 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_algorithm, c_algo = gnutls_openpgp_crt_get_pk_algorithm (c_key, &c_bits); return (scm_values (scm_list_2 (scm_from_gnutls_pk_algorithm (c_algo), - scm_from_uint (c_bits)))); + scm_from_uint (c_bits)))); } #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_version, - "openpgp-certificate-version", - 1, 0, 0, - (SCM key), - "Return the version of the OpenPGP message format (RFC2440) " - "honored by @var{key}.") + "openpgp-certificate-version", + 1, 0, 0, + (SCM key), + "Return the version of the OpenPGP message format (RFC2440) " + "honored by @var{key}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_version { int c_version; @@ -401,9 +401,9 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_version, #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_certificate_usage, "openpgp-certificate-usage", - 1, 0, 0, - (SCM key), - "Return a list of values denoting the key usage of @var{key}.") + 1, 0, 0, + (SCM key), + "Return a list of values denoting the key usage of @var{key}.") #define FUNC_NAME s_scm_gnutls_openpgp_certificate_usage { int err; @@ -426,10 +426,10 @@ SCM_DEFINE (scm_gnutls_openpgp_certificate_usage, "openpgp-certificate-usage", /* OpenPGP keyrings. */ SCM_DEFINE (scm_gnutls_import_openpgp_keyring, "import-openpgp-keyring", - 2, 0, 0, - (SCM data, SCM format), - "Import @var{data} (a u8vector) according to @var{format} " - "and return the imported keyring.") + 2, 0, 0, + (SCM data, SCM format), + "Import @var{data} (a u8vector) according to @var{format} " + "and return the imported keyring.") #define FUNC_NAME s_scm_gnutls_import_openpgp_keyring { int err; @@ -444,7 +444,7 @@ SCM_DEFINE (scm_gnutls_import_openpgp_keyring, "import-openpgp-keyring", c_format = scm_to_gnutls_openpgp_certificate_format (format, 2, FUNC_NAME); c_data = scm_gnutls_get_array (data, &c_data_handle, &c_data_len, - FUNC_NAME); + FUNC_NAME); c_data_d.data = (unsigned char *) c_data; c_data_d.size = c_data_len; @@ -471,11 +471,11 @@ SCM_DEFINE (scm_gnutls_import_openpgp_keyring, "import-openpgp-keyring", #undef FUNC_NAME SCM_DEFINE (scm_gnutls_openpgp_keyring_contains_key_id_p, - "openpgp-keyring-contains-key-id?", - 2, 0, 0, - (SCM keyring, SCM id), - "Return @code{#f} if key ID @var{id} is in @var{keyring}, " - "@code{#f} otherwise.") + "openpgp-keyring-contains-key-id?", + 2, 0, 0, + (SCM keyring, SCM id), + "Return @code{#f} if key ID @var{id} is in @var{keyring}, " + "@code{#f} otherwise.") #define FUNC_NAME s_scm_gnutls_openpgp_keyring_contains_key_id_p { int c_result; @@ -495,8 +495,8 @@ SCM_DEFINE (scm_gnutls_openpgp_keyring_contains_key_id_p, } c_result = gnutls_openpgp_keyring_check_id (c_keyring, - (unsigned char *) c_id, - 0 /* unused */ ); + (unsigned char *) c_id, + 0 /* unused */ ); scm_gnutls_release_array (&c_id_handle); @@ -509,11 +509,11 @@ SCM_DEFINE (scm_gnutls_openpgp_keyring_contains_key_id_p, /* Certificates. */ SCM_DEFINE (scm_gnutls_set_certificate_credentials_openpgp_keys_x, - "set-certificate-credentials-openpgp-keys!", - 3, 0, 0, - (SCM cred, SCM pub, SCM sec), - "Use certificate @var{pub} and secret key @var{sec} in " - "certificate credentials @var{cred}.") + "set-certificate-credentials-openpgp-keys!", + 3, 0, 0, + (SCM cred, SCM pub, SCM sec), + "Use certificate @var{pub} and secret key @var{sec} in " + "certificate credentials @var{cred}.") #define FUNC_NAME s_scm_gnutls_set_certificate_credentials_openpgp_keys_x { int err; diff --git a/guile/src/utils.h b/guile/src/utils.h index 1f6470f0a1..22803c7dfb 100644 --- a/guile/src/utils.h +++ b/guile/src/utils.h @@ -45,7 +45,7 @@ extern const char scm_gnutls_array_error_message[]; corresponding to ARRAY. */ static inline const char * scm_gnutls_get_array (SCM array, scm_t_array_handle * c_handle, - size_t * c_len, const char *func_name) + size_t * c_len, const char *func_name) { const char *c_array = NULL; const scm_t_array_dim *c_dims; @@ -56,7 +56,7 @@ scm_gnutls_get_array (SCM array, scm_t_array_handle * c_handle, { scm_array_handle_release (c_handle); scm_misc_error (func_name, scm_gnutls_array_error_message, - scm_list_1 (array)); + scm_list_1 (array)); } else { @@ -75,7 +75,7 @@ scm_gnutls_get_array (SCM array, scm_t_array_handle * c_handle, corresponding to ARRAY. The returned array can be written to. */ static inline char * scm_gnutls_get_writable_array (SCM array, scm_t_array_handle * c_handle, - size_t * c_len, const char *func_name) + size_t * c_len, const char *func_name) { char *c_array = NULL; const scm_t_array_dim *c_dims; @@ -86,7 +86,7 @@ scm_gnutls_get_writable_array (SCM array, scm_t_array_handle * c_handle, { scm_array_handle_release (c_handle); scm_misc_error (func_name, scm_gnutls_array_error_message, - scm_list_1 (array)); + scm_list_1 (array)); } else { @@ -96,7 +96,7 @@ scm_gnutls_get_writable_array (SCM array, scm_t_array_handle * c_handle, *c_len = c_elem_size * (c_dims->ubnd - c_dims->lbnd + 1); c_array = - (char *) scm_array_handle_uniform_writable_elements (c_handle); + (char *) scm_array_handle_uniform_writable_elements (c_handle); } return (c_array); diff --git a/lib/abstract_int.h b/lib/abstract_int.h index 70fc880c1c..d0bec14f48 100644 --- a/lib/abstract_int.h +++ b/lib/abstract_int.h @@ -3,7 +3,7 @@ #include <gnutls/abstract.h> -int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key, - bigint_t * params, int *params_size); - +int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key, + bigint_t * params, int *params_size); + #endif diff --git a/lib/auth_anon.c b/lib/auth_anon.c index 93446ba9b3..fce66d13fd 100644 --- a/lib/auth_anon.c +++ b/lib/auth_anon.c @@ -50,12 +50,12 @@ const mod_auth_st anon_auth_struct = { NULL, NULL, gen_anon_server_kx, - _gnutls_gen_dh_common_client_kx, /* this can be shared */ + _gnutls_gen_dh_common_client_kx, /* this can be shared */ NULL, NULL, NULL, - NULL, /* certificate */ + NULL, /* certificate */ proc_anon_server_kx, proc_anon_client_kx, NULL, @@ -93,7 +93,7 @@ gen_anon_server_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_ANON, - sizeof (anon_auth_info_st), 1)) < 0) + sizeof (anon_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -113,7 +113,7 @@ gen_anon_server_kx (gnutls_session_t session, opaque ** data) static int proc_anon_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { gnutls_anon_server_credentials_t cred; int ret; @@ -149,7 +149,7 @@ proc_anon_client_kx (gnutls_session_t session, opaque * data, int proc_anon_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { int ret; @@ -157,7 +157,7 @@ proc_anon_server_kx (gnutls_session_t session, opaque * data, /* set auth_info */ if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_ANON, - sizeof (anon_auth_info_st), 1)) < 0) + sizeof (anon_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 2c0a5f2d16..760db40566 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -52,18 +52,18 @@ #include "openpgp/gnutls_openpgp.h" static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t - key, int deinit); + key, int deinit); static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert); #endif static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, - unsigned); + unsigned); static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key, - int deinit); + int deinit); static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t - key, int deinit); + key, int deinit); /* Copies data from a internal certificate struct (gnutls_cert) to @@ -71,7 +71,7 @@ static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t */ static int _gnutls_copy_certificate_auth_info (cert_auth_info_t info, - gnutls_cert * cert, size_t ncerts) + gnutls_cert * cert, size_t ncerts) { /* Copy peer's information to auth_info_t */ @@ -81,7 +81,7 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info, if (info->raw_certificate_list != NULL) { for (j = 0; j < info->ncerts; j++) - _gnutls_free_datum (&info->raw_certificate_list[j]); + _gnutls_free_datum (&info->raw_certificate_list[j]); gnutls_free (info->raw_certificate_list); } @@ -103,16 +103,16 @@ _gnutls_copy_certificate_auth_info (cert_auth_info_t info, for (i = 0; i < ncerts; i++) { if (cert->raw.size > 0) - { - ret = - _gnutls_set_datum (&info->raw_certificate_list[i], - cert[i].raw.data, cert[i].raw.size); - if (ret < 0) - { - gnutls_assert (); - goto clear; - } - } + { + ret = + _gnutls_set_datum (&info->raw_certificate_list[i], + cert[i].raw.data, cert[i].raw.size); + if (ret < 0) + { + gnutls_assert (); + goto clear; + } + } } info->ncerts = ncerts; @@ -148,16 +148,16 @@ clear: */ inline static int _gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t * - pk_algos, int pk_algos_length, - gnutls_pk_algorithm_t algo_to_check) + pk_algos, int pk_algos_length, + gnutls_pk_algorithm_t algo_to_check) { int i; for (i = 0; i < pk_algos_length; i++) { if (algo_to_check == pk_algos[i]) - { - return 0; - } + { + return 0; + } } return -1; } @@ -190,7 +190,7 @@ _gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn) } result = asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size, - "tbsCertificate.issuer", &start, &end); + "tbsCertificate.issuer", &start, &end); if (result != ASN1_SUCCESS) { @@ -218,9 +218,9 @@ _gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn) */ static int _find_x509_cert (const gnutls_certificate_credentials_t cred, - opaque * _data, size_t _data_size, - const gnutls_pk_algorithm_t * pk_algos, - int pk_algos_length, int *indx) + opaque * _data, size_t _data_size, + const gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, int *indx) { unsigned size; gnutls_datum_t odn = { NULL, 0 }; @@ -240,40 +240,40 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred, data += 2; for (i = 0; i < cred->ncerts; i++) - { - for (j = 0; j < cred->cert_list_length[i]; j++) - { - if ((result = - _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], - &odn)) < 0) - { - gnutls_assert (); - return result; - } - - if (odn.size != size) - continue; - - /* If the DN matches and - * the *_SIGN algorithm matches - * the cert is our cert! - */ - cert_pk = cred->cert_list[i][0].subject_pk_algorithm; - - if ((memcmp (odn.data, data, size) == 0) && - (_gnutls_check_pk_algo_in_list - (pk_algos, pk_algos_length, cert_pk) == 0)) - { - *indx = i; - break; - } - } - if (*indx != -1) - break; - } + { + for (j = 0; j < cred->cert_list_length[i]; j++) + { + if ((result = + _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j], + &odn)) < 0) + { + gnutls_assert (); + return result; + } + + if (odn.size != size) + continue; + + /* If the DN matches and + * the *_SIGN algorithm matches + * the cert is our cert! + */ + cert_pk = cred->cert_list[i][0].subject_pk_algorithm; + + if ((memcmp (odn.data, data, size) == 0) && + (_gnutls_check_pk_algo_in_list + (pk_algos, pk_algos_length, cert_pk) == 0)) + { + *indx = i; + break; + } + } + if (*indx != -1) + break; + } if (*indx != -1) - break; + break; /* move to next record */ data += size; @@ -290,8 +290,8 @@ _find_x509_cert (const gnutls_certificate_credentials_t cred, */ static int _find_openpgp_cert (const gnutls_certificate_credentials_t cred, - gnutls_pk_algorithm_t * pk_algos, - int pk_algos_length, int *indx) + gnutls_pk_algorithm_t * pk_algos, + int pk_algos_length, int *indx) { unsigned i, j; @@ -300,22 +300,22 @@ _find_openpgp_cert (const gnutls_certificate_credentials_t cred, for (i = 0; i < cred->ncerts; i++) { for (j = 0; j < cred->cert_list_length[i]; j++) - { - - /* If the *_SIGN algorithm matches - * the cert is our cert! - */ - if ((_gnutls_check_pk_algo_in_list - (pk_algos, pk_algos_length, - cred->cert_list[i][0].subject_pk_algorithm) == 0) - && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP)) - { - *indx = i; - break; - } - } + { + + /* If the *_SIGN algorithm matches + * the cert is our cert! + */ + if ((_gnutls_check_pk_algo_in_list + (pk_algos, pk_algos_length, + cred->cert_list[i][0].subject_pk_algorithm) == 0) + && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP)) + { + *indx = i; + break; + } + } if (*indx != -1) - break; + break; } return 0; @@ -342,25 +342,25 @@ get_issuers_num (gnutls_session_t session, opaque * data, ssize_t data_size) if (data_size > 0) do { - /* This works like DECR_LEN() - */ - result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - DECR_LENGTH_COM (data_size, 2, goto error); - size = _gnutls_read_uint16 (data); + /* This works like DECR_LEN() + */ + result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + DECR_LENGTH_COM (data_size, 2, goto error); + size = _gnutls_read_uint16 (data); - result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - DECR_LENGTH_COM (data_size, size, goto error); + result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + DECR_LENGTH_COM (data_size, size, goto error); - data += 2; + data += 2; - if (size > 0) - { - issuers_dn_len++; - data += size; - } + if (size > 0) + { + issuers_dn_len++; + data += size; + } - if (data_size == 0) - break; + if (data_size == 0) + break; } while (1); @@ -376,8 +376,8 @@ error: */ static int get_issuers (gnutls_session_t session, - gnutls_datum_t * issuers_dn, int issuers_len, - opaque * data, size_t data_size) + gnutls_datum_t * issuers_dn, int issuers_len, + opaque * data, size_t data_size) { int i; unsigned size; @@ -392,22 +392,22 @@ get_issuers (gnutls_session_t session, { for (i = 0; i < issuers_len; i++) - { - /* The checks here for the buffer boundaries - * are not needed since the buffer has been - * parsed above. - */ - data_size -= 2; + { + /* The checks here for the buffer boundaries + * are not needed since the buffer has been + * parsed above. + */ + data_size -= 2; - size = _gnutls_read_uint16 (data); + size = _gnutls_read_uint16 (data); - data += 2; + data += 2; - issuers_dn[i].data = data; - issuers_dn[i].size = size; + issuers_dn[i].data = data; + issuers_dn[i].size = size; - data += size; - } + data += size; + } } return 0; @@ -448,9 +448,9 @@ st_to_st2 (gnutls_retr2_st * st2, gnutls_retr_st * st) */ static int call_get_cert_callback (gnutls_session_t session, - const gnutls_datum_t * issuers_dn, - int issuers_dn_length, - gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) + const gnutls_datum_t * issuers_dn, + int issuers_dn_length, + gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) { unsigned i; gnutls_cert *local_certs = NULL; @@ -473,39 +473,39 @@ call_get_cert_callback (gnutls_session_t session, if (cred->get_cert_callback) { ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length, &st2); + pk_algos, pk_algos_length, &st2); } else - { /* compatibility mode */ + { /* compatibility mode */ gnutls_retr_st st; memset (&st, 0, sizeof (st)); if (session->security_parameters.entity == GNUTLS_SERVER) - { - if (cred->server_get_cert_callback == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = cred->server_get_cert_callback (session, &st); - if (ret >= 0) - st_to_st2 (&st2, &st); - } + { + if (cred->server_get_cert_callback == NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + ret = cred->server_get_cert_callback (session, &st); + if (ret >= 0) + st_to_st2 (&st2, &st); + } else - { /* CLIENT */ - - if (cred->client_get_cert_callback == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = cred->client_get_cert_callback (session, - issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length, - &st); - if (ret >= 0) - st_to_st2 (&st2, &st); - } + { /* CLIENT */ + + if (cred->client_get_cert_callback == NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + ret = cred->client_get_cert_callback (session, + issuers_dn, issuers_dn_length, + pk_algos, pk_algos_length, + &st); + if (ret >= 0) + st_to_st2 (&st2, &st); + } } if (ret < 0) @@ -515,7 +515,7 @@ call_get_cert_callback (gnutls_session_t session, } if (st2.ncerts == 0) - return 0; /* no certificate was selected */ + return 0; /* no certificate was selected */ if (type != st2.cert_type) { @@ -530,16 +530,16 @@ call_get_cert_callback (gnutls_session_t session, local_certs = alloc_and_load_x509_certs (st2.cert.x509, st2.ncerts); } else - { /* PGP */ + { /* PGP */ if (st2.ncerts > 1) - { - gnutls_assert (); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } + { + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } #ifdef ENABLE_OPENPGP { - local_certs = alloc_and_load_pgp_certs (st2.cert.pgp); + local_certs = alloc_and_load_pgp_certs (st2.cert.pgp); } #else ret = GNUTLS_E_UNIMPLEMENTED_FEATURE; @@ -559,47 +559,47 @@ call_get_cert_callback (gnutls_session_t session, case GNUTLS_PRIVKEY_OPENPGP: #ifdef ENABLE_OPENPGP if (st2.key.pgp != NULL) - { - local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all); - if (local_key == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - } + { + local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all); + if (local_key == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } break; #endif case GNUTLS_PRIVKEY_PKCS11: if (st2.key.pkcs11 != NULL) - { - local_key = - alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all); - if (local_key == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - } + { + local_key = + alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all); + if (local_key == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } break; case GNUTLS_PRIVKEY_X509: if (st2.key.x509 != NULL) - { - local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all); - if (local_key == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - } + { + local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all); + if (local_key == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + } break; } _gnutls_selected_certs_set (session, local_certs, - (local_certs != NULL) ? st2.ncerts : 0, - local_key, 1); + (local_certs != NULL) ? st2.ncerts : 0, + local_key, 1); ret = 0; @@ -608,27 +608,27 @@ cleanup: if (st2.cert_type == GNUTLS_CRT_X509) { if (st2.deinit_all) - { - for (i = 0; i < st2.ncerts; i++) - { - gnutls_x509_crt_deinit (st2.cert.x509[i]); - } - } + { + for (i = 0; i < st2.ncerts; i++) + { + gnutls_x509_crt_deinit (st2.cert.x509[i]); + } + } } else { #ifdef ENABLE_OPENPGP if (st2.deinit_all) - { - gnutls_openpgp_crt_deinit (st2.cert.pgp); - } + { + gnutls_openpgp_crt_deinit (st2.cert.pgp); + } #endif } if (ret < 0) { if (local_key != NULL) - gnutls_privkey_deinit (local_key); + gnutls_privkey_deinit (local_key); } return ret; @@ -643,8 +643,8 @@ cleanup: */ static int _select_client_cert (gnutls_session_t session, - opaque * _data, size_t _data_size, - gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) + opaque * _data, size_t _data_size, + gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) { int result; int indx = -1; @@ -669,40 +669,40 @@ _select_client_cert (gnutls_session_t session, /* use a callback to get certificate */ if (session->security_parameters.cert_type != GNUTLS_CRT_X509) - issuers_dn_length = 0; + issuers_dn_length = 0; else - { - issuers_dn_length = get_issuers_num (session, data, data_size); - if (issuers_dn_length < 0) - { - gnutls_assert (); - return issuers_dn_length; - } - - if (issuers_dn_length > 0) - { - issuers_dn = - gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length); - if (issuers_dn == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - result = - get_issuers (session, issuers_dn, issuers_dn_length, - data, data_size); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - } - } + { + issuers_dn_length = get_issuers_num (session, data, data_size); + if (issuers_dn_length < 0) + { + gnutls_assert (); + return issuers_dn_length; + } + + if (issuers_dn_length > 0) + { + issuers_dn = + gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length); + if (issuers_dn == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + result = + get_issuers (session, issuers_dn, issuers_dn_length, + data, data_size); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + } + } result = - call_get_cert_callback (session, issuers_dn, issuers_dn_length, - pk_algos, pk_algos_length); + call_get_cert_callback (session, issuers_dn, issuers_dn_length, + pk_algos, pk_algos_length); goto cleanup; } @@ -713,32 +713,32 @@ _select_client_cert (gnutls_session_t session, result = 0; if (session->security_parameters.cert_type == GNUTLS_CRT_X509) - result = - _find_x509_cert (cred, _data, _data_size, - pk_algos, pk_algos_length, &indx); + result = + _find_x509_cert (cred, _data, _data_size, + pk_algos, pk_algos_length, &indx); #ifdef ENABLE_OPENPGP if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP) - result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); + result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx); #endif if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } if (indx >= 0) - { - _gnutls_selected_certs_set (session, - &cred->cert_list[indx][0], - cred->cert_list_length[indx], - cred->pkey[indx], 0); - } + { + _gnutls_selected_certs_set (session, + &cred->cert_list[indx][0], + cred->cert_list_length[indx], + cred->pkey[indx], 0); + } else - { - _gnutls_selected_certs_set (session, NULL, 0, NULL, 0); - } + { + _gnutls_selected_certs_set (session, NULL, 0, NULL, 0); + } result = 0; } @@ -765,7 +765,7 @@ _gnutls_gen_x509_crt (gnutls_session_t session, opaque ** data) */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -823,7 +823,7 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -835,7 +835,7 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session, opaque ** data) if (apr_cert_list_length > 0) { if (apr_cert_list[0].use_subkey != 0) - ret += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */ + ret += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */ ret += apr_cert_list[0].raw.size; } @@ -856,25 +856,25 @@ _gnutls_gen_openpgp_certificate (gnutls_session_t session, opaque ** data) if (apr_cert_list_length > 0) { if (apr_cert_list[0].use_subkey != 0) - { - *pdata = PGP_KEY_SUBKEY; - pdata++; - *pdata = sizeof (apr_cert_list[0].subkey_id); - pdata++; - memcpy (pdata, apr_cert_list[0].subkey_id, - sizeof (apr_cert_list[0].subkey_id)); - pdata += sizeof (apr_cert_list[0].subkey_id); - } + { + *pdata = PGP_KEY_SUBKEY; + pdata++; + *pdata = sizeof (apr_cert_list[0].subkey_id); + pdata++; + memcpy (pdata, apr_cert_list[0].subkey_id, + sizeof (apr_cert_list[0].subkey_id)); + pdata += sizeof (apr_cert_list[0].subkey_id); + } else - { - *pdata = PGP_KEY; - pdata++; - } + { + *pdata = PGP_KEY; + pdata++; + } _gnutls_write_datum24 (pdata, apr_cert_list[0].raw); pdata += (3 + apr_cert_list[0].raw.size); } - else /* empty - no certificate */ + else /* empty - no certificate */ { *pdata = PGP_KEY; pdata++; @@ -897,7 +897,7 @@ _gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -906,13 +906,13 @@ _gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session, opaque ** data) packet_size = 3 + 1; if (apr_cert_list[0].use_subkey) - packet_size += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */ + packet_size += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */ /* Only v4 fingerprints are sent */ if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4) packet_size += 20 + 1; - else /* empty certificate case */ + else /* empty certificate case */ return _gnutls_gen_openpgp_certificate (session, data); (*data) = gnutls_malloc (packet_size); @@ -934,12 +934,12 @@ _gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session, opaque ** data) *pdata = sizeof (apr_cert_list[0].subkey_id); pdata++; memcpy (pdata, apr_cert_list[0].subkey_id, - sizeof (apr_cert_list[0].subkey_id)); + sizeof (apr_cert_list[0].subkey_id)); pdata += sizeof (apr_cert_list[0].subkey_id); } else { - *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */ + *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */ pdata++; } @@ -950,7 +950,7 @@ _gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata, - &fpr_size)) < 0) + &fpr_size)) < 0) { gnutls_assert (); return ret; @@ -969,9 +969,9 @@ _gnutls_gen_cert_client_certificate (gnutls_session_t session, opaque ** data) #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: if (_gnutls_openpgp_send_fingerprint (session) == 0) - return _gnutls_gen_openpgp_certificate (session, data); + return _gnutls_gen_openpgp_certificate (session, data); else - return _gnutls_gen_openpgp_certificate_fpr (session, data); + return _gnutls_gen_openpgp_certificate_fpr (session, data); #endif case GNUTLS_CRT_X509: return _gnutls_gen_x509_crt (session, data); @@ -1005,7 +1005,7 @@ _gnutls_gen_cert_server_certificate (gnutls_session_t session, opaque ** data) #define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x]) static int _gnutls_proc_x509_server_certificate (gnutls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int size, len, ret; opaque *p = data; @@ -1028,7 +1028,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 1)) < 0) + sizeof (cert_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -1088,7 +1088,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, return GNUTLS_E_MEMORY_ERROR; } memset (peer_certificate_list, 0, sizeof (gnutls_cert) * - peer_certificate_list_size); + peer_certificate_list_size); p = data + 3; @@ -1106,24 +1106,24 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, tmp.data = p; if ((ret = - _gnutls_x509_raw_cert_to_gcert (&peer_certificate_list - [j], &tmp, - CERT_ONLY_EXTENSIONS)) < 0) - { - gnutls_assert (); - goto cleanup; - } + _gnutls_x509_raw_cert_to_gcert (&peer_certificate_list + [j], &tmp, + CERT_ONLY_EXTENSIONS)) < 0) + { + gnutls_assert (); + goto cleanup; + } /* check if signature algorithm is supported */ ret = - _gnutls_session_sign_algo_enabled (session, - peer_certificate_list - [j].sign_algo); + _gnutls_session_sign_algo_enabled (session, + peer_certificate_list + [j].sign_algo); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } p += len; } @@ -1131,8 +1131,8 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, if ((ret = _gnutls_copy_certificate_auth_info (info, - peer_certificate_list, - peer_certificate_list_size)) < 0) + peer_certificate_list, + peer_certificate_list_size)) < 0) { gnutls_assert (); goto cleanup; @@ -1140,7 +1140,7 @@ _gnutls_proc_x509_server_certificate (gnutls_session_t session, if ((ret = _gnutls_check_key_usage (&peer_certificate_list[0], - gnutls_kx_get (session))) < 0) + gnutls_kx_get (session))) < 0) { gnutls_assert (); goto cleanup; @@ -1159,7 +1159,7 @@ cleanup: #ifdef ENABLE_OPENPGP static int _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int size, ret, len; opaque *p = data; @@ -1183,7 +1183,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 1)) < 0) + sizeof (cert_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -1218,10 +1218,10 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, { /* check size */ if (*p != sizeof (subkey_id)) - { - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } DECR_LEN (dsize, 1); p++; @@ -1237,17 +1237,17 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, /* read the actual key or fingerprint */ if (key_type == PGP_KEY_FINGERPRINT || key_type == PGP_KEY_FINGERPRINT_SUBKEY) - { /* the fingerprint */ + { /* the fingerprint */ DECR_LEN (dsize, 1); len = (uint8_t) * p; p++; if (len != 20) - { - gnutls_assert (); - return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED; - } + { + gnutls_assert (); + return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED; + } DECR_LEN (dsize, 20); @@ -1255,17 +1255,17 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, * a key server or anything. */ if ((ret = - _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0) + { + gnutls_assert (); + return ret; + } tmp = akey; peer_certificate_list_size++; } else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY) - { /* the whole key */ + { /* the whole key */ /* Read the actual certificate */ DECR_LEN (dsize, 3); @@ -1273,11 +1273,11 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, p += 3; if (len == 0) - { - gnutls_assert (); - /* no certificate was sent */ - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } + { + gnutls_assert (); + /* no certificate was sent */ + return GNUTLS_E_NO_CERTIFICATE_FOUND; + } DECR_LEN (dsize, len); peer_certificate_list_size++; @@ -1310,12 +1310,12 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, goto cleanup; } memset (peer_certificate_list, 0, sizeof (gnutls_cert) * - peer_certificate_list_size); + peer_certificate_list_size); if ((ret = _gnutls_openpgp_raw_crt_to_gcert (&peer_certificate_list[0], - &tmp, - subkey_id_set ? subkey_id : NULL)) < + &tmp, + subkey_id_set ? subkey_id : NULL)) < 0) { gnutls_assert (); @@ -1324,8 +1324,8 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, if ((ret = _gnutls_copy_certificate_auth_info (info, - peer_certificate_list, - peer_certificate_list_size)) < 0) + peer_certificate_list, + peer_certificate_list_size)) < 0) { gnutls_assert (); goto cleanup; @@ -1333,7 +1333,7 @@ _gnutls_proc_openpgp_server_certificate (gnutls_session_t session, if ((ret = _gnutls_check_key_usage (&peer_certificate_list[0], - gnutls_kx_get (session))) < 0) + gnutls_kx_get (session))) < 0) { gnutls_assert (); goto cleanup; @@ -1353,15 +1353,15 @@ cleanup: int _gnutls_proc_cert_server_certificate (gnutls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int ret; gnutls_certificate_credentials_t cred; cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, - GNUTLS_CRD_CERTIFICATE, - NULL); + GNUTLS_CRD_CERTIFICATE, + NULL); if (cred == NULL) { gnutls_assert (); @@ -1373,7 +1373,7 @@ _gnutls_proc_cert_server_certificate (gnutls_session_t session, #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: ret = _gnutls_proc_openpgp_server_certificate (session, - data, data_size); + data, data_size); break; #endif case GNUTLS_CRT_X509: @@ -1388,7 +1388,7 @@ _gnutls_proc_cert_server_certificate (gnutls_session_t session, { ret = cred->verify_callback (session); if (ret != 0) - ret = GNUTLS_E_CERTIFICATE_ERROR; + ret = GNUTLS_E_CERTIFICATE_ERROR; } return ret; @@ -1419,7 +1419,7 @@ _gnutls_check_supported_sign_algo (CertificateSigType algo) int _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { int size, ret; opaque *p; @@ -1440,7 +1440,7 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) + sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); return ret; @@ -1459,13 +1459,13 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, { DECR_LEN (dsize, 1); if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0) - { - if (j < MAX_SIGN_ALGOS) - { - pk_algos[j++] = ret; - pk_algos_length++; - } - } + { + if (j < MAX_SIGN_ALGOS) + { + pk_algos[j++] = ret; + pk_algos_length++; + } + } } if (pk_algos_length == 0) @@ -1485,10 +1485,10 @@ _gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data, ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } p += hash_num; } @@ -1543,7 +1543,7 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -1552,13 +1552,13 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) if (apr_cert_list_length > 0) { if ((ret = - _gnutls_handshake_sign_cert_vrfy (session, - &apr_cert_list[0], - apr_pkey, &signature)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_handshake_sign_cert_vrfy (session, + &apr_cert_list[0], + apr_pkey, &signature)) < 0) + { + gnutls_assert (); + return ret; + } sign_algo = ret; } else @@ -1605,7 +1605,7 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int size, ret; ssize_t dsize = data_size; @@ -1633,10 +1633,10 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_PK_UNKNOWN) - { - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } pdata += 2; } @@ -1657,8 +1657,8 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, sig.size = size; ret = _gnutls_get_auth_info_gcert (&peer_cert, - session->security_parameters.cert_type, - info, CERT_NO_COPY); + session->security_parameters.cert_type, + info, CERT_NO_COPY); if (ret < 0) { @@ -1668,7 +1668,7 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, if ((ret = _gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig, - sign_algo)) < 0) + sign_algo)) < 0) { gnutls_assert (); _gnutls_gcert_deinit (&peer_cert); @@ -1703,8 +1703,8 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq - */ + size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq + */ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 && session->internals.ignore_rdn_sequence == 0) @@ -1727,18 +1727,18 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) pdata[0] = CERTTYPE_SIZE - 1; pdata[1] = RSA_SIGN; - pdata[2] = DSA_SIGN; /* only these for now */ + pdata[2] = DSA_SIGN; /* only these for now */ pdata += CERTTYPE_SIZE; if (_gnutls_version_has_selectable_sighash (ver)) { ret = - _gnutls_sign_algorithm_write_params (session, pdata, signalgosize); + _gnutls_sign_algorithm_write_params (session, pdata, signalgosize); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* recalculate size */ size = size - signalgosize + ret; @@ -1770,9 +1770,9 @@ _gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data) */ int _gnutls_get_selected_cert (gnutls_session_t session, - gnutls_cert ** apr_cert_list, - int *apr_cert_list_length, - gnutls_privkey_t * apr_pkey) + gnutls_cert ** apr_cert_list, + int *apr_cert_list_length, + gnutls_privkey_t * apr_pkey) { if (session->security_parameters.entity == GNUTLS_SERVER) { @@ -1785,15 +1785,15 @@ _gnutls_get_selected_cert (gnutls_session_t session, *apr_cert_list_length = session->internals.selected_cert_list_length; if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) - { - gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } + { + gnutls_assert (); + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } } else - { /* CLIENT SIDE - */ + { /* CLIENT SIDE + */ /* we have already decided which certificate * to send. @@ -1831,16 +1831,16 @@ alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, unsigned ncerts) { ret = _gnutls_x509_crt_to_gcert (&local_certs[i], certs[i], 0); if (ret < 0) - break; + break; } if (ret < 0) { gnutls_assert (); for (j = 0; j < i; j++) - { - _gnutls_gcert_deinit (&local_certs[j]); - } + { + _gnutls_gcert_deinit (&local_certs[j]); + } gnutls_free (local_certs); return NULL; } @@ -1869,8 +1869,8 @@ alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit) ret = gnutls_privkey_import_x509 (local_key, key, - deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE : - 0); + deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE : + 0); if (ret < 0) { gnutls_assert (); @@ -1947,8 +1947,8 @@ alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit) ret = gnutls_privkey_import_openpgp (local_key, key, - deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE - : 0); + deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE + : 0); if (ret < 0) { gnutls_assert (); @@ -1981,8 +1981,8 @@ alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t key, int deinit) ret = gnutls_privkey_import_pkcs11 (local_key, key, - deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE - : 0); + deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE + : 0); if (ret < 0) { gnutls_assert (); @@ -2001,9 +2001,9 @@ _gnutls_selected_certs_deinit (gnutls_session_t session) int i; for (i = 0; i < session->internals.selected_cert_list_length; i++) - { - _gnutls_gcert_deinit (&session->internals.selected_cert_list[i]); - } + { + _gnutls_gcert_deinit (&session->internals.selected_cert_list[i]); + } gnutls_free (session->internals.selected_cert_list); session->internals.selected_cert_list = NULL; session->internals.selected_cert_list_length = 0; @@ -2016,8 +2016,8 @@ _gnutls_selected_certs_deinit (gnutls_session_t session) void _gnutls_selected_certs_set (gnutls_session_t session, - gnutls_cert * certs, int ncerts, - gnutls_privkey_t key, int need_free) + gnutls_cert * certs, int ncerts, + gnutls_privkey_t key, int need_free) { _gnutls_selected_certs_deinit (session); @@ -2041,7 +2041,7 @@ _gnutls_selected_certs_set (gnutls_session_t session, */ int _gnutls_server_select_cert (gnutls_session_t session, - gnutls_pk_algorithm_t requested_algo) + gnutls_pk_algorithm_t requested_algo) { unsigned i; int idx; @@ -2063,7 +2063,7 @@ _gnutls_server_select_cert (gnutls_session_t session, /* Otherwise... */ - idx = -1; /* default is use no certificate */ + idx = -1; /* default is use no certificate */ for (i = 0; i < cred->ncerts; i++) @@ -2071,10 +2071,10 @@ _gnutls_server_select_cert (gnutls_session_t session, /* find one compatible certificate */ if (requested_algo == GNUTLS_PK_ANY || - requested_algo == cred->cert_list[i][0].subject_pk_algorithm) - { - /* if cert type and signature algorithm matches - */ + requested_algo == cred->cert_list[i][0].subject_pk_algorithm) + { + /* if cert type and signature algorithm matches + */ /* *INDENT-OFF* */ if (session->security_parameters.cert_type == cred->cert_list[i][0].cert_type @@ -2091,7 +2091,7 @@ _gnutls_server_select_cert (gnutls_session_t session, break; } /* *INDENT-ON* */ - } + } } /* store the certificate pointer for future use, in the handshake. @@ -2100,9 +2100,9 @@ _gnutls_server_select_cert (gnutls_session_t session, if (idx >= 0) { _gnutls_selected_certs_set (session, - &cred->cert_list[idx][0], - cred->cert_list_length[idx], - cred->pkey[idx], 0); + &cred->cert_list[idx][0], + cred->cert_list_length[idx], + cred->pkey[idx], 0); } else /* Certificate does not support REQUESTED_ALGO. */ diff --git a/lib/auth_cert.h b/lib/auth_cert.h index 9a4e79921e..95ca2e06d0 100644 --- a/lib/auth_cert.h +++ b/lib/auth_cert.h @@ -55,9 +55,9 @@ typedef struct gnutls_certificate_credentials_st /* contains the number of the certificates in a * row (should be 1 for OpenPGP keys). */ - unsigned ncerts; /* contains the number of columns in cert_list. - * This is the same with the number of pkeys. - */ + unsigned ncerts; /* contains the number of columns in cert_list. + * This is the same with the number of pkeys. + */ gnutls_privkey_t *pkey; /* private keys. It contains ncerts private @@ -73,16 +73,16 @@ typedef struct gnutls_certificate_credentials_st /* X509 specific stuff */ gnutls_x509_crt_t *x509_ca_list; - unsigned x509_ncas; /* number of CAs in the ca_list - */ + unsigned x509_ncas; /* number of CAs in the ca_list + */ gnutls_x509_crl_t *x509_crl_list; - unsigned x509_ncrls; /* number of CRLs in the crl_list - */ + unsigned x509_ncrls; /* number of CRLs in the crl_list + */ - unsigned int verify_flags; /* flags to be used at - * certificate verification. - */ + unsigned int verify_flags; /* flags to be used at + * certificate verification. + */ unsigned int verify_depth; unsigned int verify_bits; @@ -93,8 +93,8 @@ typedef struct gnutls_certificate_credentials_st */ gnutls_datum_t x509_rdn_sequence; - gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */ - gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */ + gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */ + gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */ gnutls_certificate_verify_function *verify_callback; gnutls_certificate_retrieve_function *get_cert_callback; @@ -117,10 +117,10 @@ typedef struct cert_auth_info_st dh_info_st dh; rsa_info_st rsa_export; - gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the - * peer. - */ - unsigned int ncerts; /* holds the size of the list above */ + gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the + * peer. + */ + unsigned int ncerts; /* holds the size of the list above */ gnutls_certificate_type_t cert_type; gnutls_sign_algorithm_t sign_algo; @@ -143,33 +143,33 @@ int _gnutls_proc_cert_cert_req (gnutls_session_t, opaque *, size_t); int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t, opaque *, size_t); int _gnutls_proc_cert_server_certificate (gnutls_session_t, opaque *, size_t); int _gnutls_get_selected_cert (gnutls_session_t session, - gnutls_cert ** apr_cert_list, - int *apr_cert_list_length, - gnutls_privkey_t * apr_pkey); + gnutls_cert ** apr_cert_list, + int *apr_cert_list_length, + gnutls_privkey_t * apr_pkey); int _gnutls_server_select_cert (struct gnutls_session_int *, - gnutls_pk_algorithm_t); + gnutls_pk_algorithm_t); void _gnutls_selected_certs_deinit (gnutls_session_t session); void _gnutls_selected_certs_set (gnutls_session_t session, - gnutls_cert * certs, int ncerts, - gnutls_privkey_t key, int need_free); + gnutls_cert * certs, int ncerts, + gnutls_privkey_t key, int need_free); #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t - rsa_params, - gnutls_params_function - * func, - gnutls_session_t); + rsa_params, + gnutls_params_function + * func, + gnutls_session_t); int _gnutls_get_auth_info_gcert (gnutls_cert * gcert, - gnutls_certificate_type_t type, - cert_auth_info_t info, - int flags /* OR of ConvFlags */ ); + gnutls_certificate_type_t type, + cert_auth_info_t info, + int flags /* OR of ConvFlags */ ); int certificate_credential_append_crt_list (gnutls_certificate_credentials_t - res, gnutls_cert * crt, int nr); + res, gnutls_cert * crt, int nr); int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res, - gnutls_privkey_t pkey); + gnutls_privkey_t pkey); #endif diff --git a/lib/auth_dh_common.c b/lib/auth_dh_common.c index 456ce3ad9f..61f8a63f71 100644 --- a/lib/auth_dh_common.c +++ b/lib/auth_dh_common.c @@ -54,8 +54,8 @@ _gnutls_free_dh_info (dh_info_st * dh) int _gnutls_proc_dh_common_client_kx (gnutls_session_t session, - opaque * data, size_t _data_size, - bigint_t g, bigint_t p) + opaque * data, size_t _data_size, + bigint_t g, bigint_t p) { uint16_t n_Y; size_t _n_Y; @@ -95,15 +95,15 @@ _gnutls_proc_dh_common_client_kx (gnutls_session_t session, { ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); } - else /* In DHE_PSK the key is set differently */ + else /* In DHE_PSK the key is set differently */ { gnutls_datum_t tmp_dh_key; ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = _gnutls_set_psk_session_key (session, &tmp_dh_key); _gnutls_free_datum (&tmp_dh_key); @@ -130,7 +130,7 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data) *data = NULL; X = gnutls_calc_dh_secret (&x, session->key->client_g, - session->key->client_p); + session->key->client_p); if (X == NULL || x == NULL) { gnutls_assert (); @@ -176,15 +176,15 @@ _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque ** data) { ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key); } - else /* In DHE_PSK the key is set differently */ + else /* In DHE_PSK the key is set differently */ { gnutls_datum_t tmp_dh_key; ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } ret = _gnutls_set_psk_session_key (session, &tmp_dh_key); _gnutls_free_datum (&tmp_dh_key); @@ -211,7 +211,7 @@ error: int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, - opaque * data, size_t _data_size, int psk) + opaque * data, size_t _data_size, int psk) { uint16_t n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p; @@ -292,7 +292,7 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, } _gnutls_dh_set_group (session, session->key->client_g, - session->key->client_p); + session->key->client_p); _gnutls_dh_set_peer_public (session, session->key->client_Y); ret = n_Y + n_p + n_g + 6; @@ -306,8 +306,8 @@ _gnutls_proc_dh_common_server_kx (gnutls_session_t session, * be inserted */ int _gnutls_dh_common_print_server_kx (gnutls_session_t session, - bigint_t g, bigint_t p, opaque ** data, - int psk) + bigint_t g, bigint_t p, opaque ** data, + int psk) { bigint_t x, X; size_t n_X, n_g, n_p; diff --git a/lib/auth_dh_common.h b/lib/auth_dh_common.h index 00ed02915d..7a8be7c661 100644 --- a/lib/auth_dh_common.h +++ b/lib/auth_dh_common.h @@ -38,11 +38,11 @@ typedef struct void _gnutls_free_dh_info (dh_info_st * dh); int _gnutls_gen_dh_common_client_kx (gnutls_session_t, opaque **); int _gnutls_proc_dh_common_client_kx (gnutls_session_t session, - opaque * data, size_t _data_size, - bigint_t p, bigint_t g); + opaque * data, size_t _data_size, + bigint_t p, bigint_t g); int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g, - bigint_t p, opaque ** data, int psk); + bigint_t p, opaque ** data, int psk); int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size, int psk); + size_t _data_size, int psk); #endif diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 0a3c286e00..82a8df6569 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -51,15 +51,15 @@ const mod_auth_st dhe_rsa_auth_struct = { _gnutls_gen_cert_client_certificate, gen_dhe_server_kx, _gnutls_gen_dh_common_client_kx, - _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, proc_dhe_server_kx, proc_dhe_client_kx, - _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; const mod_auth_st dhe_dss_auth_struct = { @@ -68,15 +68,15 @@ const mod_auth_st dhe_dss_auth_struct = { _gnutls_gen_cert_client_certificate, gen_dhe_server_kx, _gnutls_gen_dh_common_client_kx, - _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, proc_dhe_server_kx, proc_dhe_client_kx, - _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; @@ -106,7 +106,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -125,7 +125,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) g = mpis[1]; if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) + sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); return ret; @@ -149,19 +149,19 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) if (apr_cert_list_length > 0) { if ((ret = - _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) - { - gnutls_assert (); - gnutls_free (*data); - return ret; - } + _gnutls_handshake_sign_data (session, &apr_cert_list[0], + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) + { + gnutls_assert (); + gnutls_free (*data); + return ret; + } } else { gnutls_assert (); - return data_size; /* do not put a signature - ILLEGAL! */ + return data_size; /* do not put a signature - ILLEGAL! */ } *data = gnutls_realloc_fast (*data, data_size + signature.size + 4); @@ -177,11 +177,11 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) sign_algorithm_st aid; if (sign_algo == GNUTLS_SIGN_UNKNOWN) - { - _gnutls_free_datum (&signature); - gnutls_assert (); - return GNUTLS_E_UNKNOWN_PK_ALGORITHM; - } + { + _gnutls_free_datum (&signature); + gnutls_assert (); + return GNUTLS_E_UNKNOWN_PK_ALGORITHM; + } aid = _gnutls_sign_to_tls_aid (sign_algo); (*data)[data_size++] = aid.hash_algorithm; @@ -198,7 +198,7 @@ gen_dhe_server_kx (gnutls_session_t session, opaque ** data) static int proc_dhe_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { int sigsize; opaque *sigdata; @@ -240,10 +240,10 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, aid.sign_algorithm = *sigdata++; sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_SIGN_UNKNOWN) - { - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } } DECR_LEN (data_size, 2); sigsize = _gnutls_read_uint16 (sigdata); @@ -255,8 +255,8 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, if ((ret = _gnutls_get_auth_info_gcert (&peer_cert, - session->security_parameters.cert_type, - info, CERT_NO_COPY)) < 0) + session->security_parameters.cert_type, + info, CERT_NO_COPY)) < 0) { gnutls_assert (); return ret; @@ -264,7 +264,7 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, - sign_algo); + sign_algo); _gnutls_gcert_deinit (&peer_cert); if (ret < 0) @@ -280,7 +280,7 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, static int proc_dhe_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { gnutls_certificate_credentials_t cred; int ret; diff --git a/lib/auth_dhe_psk.c b/lib/auth_dhe_psk.c index f281b1df5a..85e145243d 100644 --- a/lib/auth_dhe_psk.c +++ b/lib/auth_dhe_psk.c @@ -55,7 +55,7 @@ const mod_auth_st dhe_psk_auth_struct = { NULL, NULL, - NULL, /* certificate */ + NULL, /* certificate */ proc_psk_server_kx, proc_psk_client_kx, NULL, @@ -146,7 +146,7 @@ gen_psk_server_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1)) < 0) + sizeof (psk_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -166,7 +166,7 @@ gen_psk_server_kx (gnutls_session_t session, opaque ** data) static int proc_psk_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { int ret; bigint_t p, g; @@ -188,7 +188,7 @@ proc_psk_client_kx (gnutls_session_t session, opaque * data, if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1)) < 0) + sizeof (psk_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -237,7 +237,7 @@ proc_psk_client_kx (gnutls_session_t session, opaque * data, int proc_psk_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { int ret; @@ -245,7 +245,7 @@ proc_psk_server_kx (gnutls_session_t session, opaque * data, /* set auth_info */ if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1)) < 0) + sizeof (psk_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; diff --git a/lib/auth_psk.c b/lib/auth_psk.c index b55203ab35..43f400aafe 100644 --- a/lib/auth_psk.c +++ b/lib/auth_psk.c @@ -42,7 +42,7 @@ int _gnutls_gen_psk_client_kx (gnutls_session_t, opaque **); int _gnutls_proc_psk_client_kx (gnutls_session_t, opaque *, size_t); int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size); + size_t _data_size); const mod_auth_st psk_auth_struct = { "PSK", @@ -54,7 +54,7 @@ const mod_auth_st psk_auth_struct = { NULL, NULL, - NULL, /* certificate */ + NULL, /* certificate */ _gnutls_proc_psk_server_kx, _gnutls_proc_psk_client_kx, NULL, @@ -65,7 +65,7 @@ const mod_auth_st psk_auth_struct = { */ int _gnutls_set_psk_session_key (gnutls_session_t session, - gnutls_datum_t * dh_secret) + gnutls_datum_t * dh_secret) { gnutls_datum_t pwd_psk = { NULL, 0 }; gnutls_datum_t *ppsk; @@ -77,19 +77,19 @@ _gnutls_set_psk_session_key (gnutls_session_t session, gnutls_psk_client_credentials_t cred; cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL); if (cred == NULL) - { - gnutls_assert (); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } + { + gnutls_assert (); + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } ppsk = &cred->key; } else - { /* SERVER side */ + { /* SERVER side */ psk_auth_info_t info; info = _gnutls_get_auth_info (session); @@ -98,10 +98,10 @@ _gnutls_set_psk_session_key (gnutls_session_t session, */ ret = _gnutls_psk_pwd_find_entry (session, info->username, &pwd_psk); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ppsk = &pwd_psk; } @@ -176,27 +176,27 @@ _gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** data) ret = cred->get_function (session, &username, &key); if (ret) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = _gnutls_set_datum (&cred->username, username, strlen (username)); gnutls_free (username); if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (&key); - return ret; - } + { + gnutls_assert (); + _gnutls_free_datum (&key); + return ret; + } ret = _gnutls_set_datum (&cred->key, key.data, key.size); _gnutls_free_datum (&key); if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } } else if (cred->username.data == NULL || cred->key.data == NULL) { @@ -228,7 +228,7 @@ _gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** data) */ int _gnutls_proc_psk_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { ssize_t data_size = _data_size; int ret; @@ -247,7 +247,7 @@ _gnutls_proc_psk_client_kx (gnutls_session_t session, opaque * data, if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1)) < 0) + sizeof (psk_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -341,7 +341,7 @@ _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque ** data) */ int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { ssize_t data_size = _data_size; int ret; @@ -360,7 +360,7 @@ _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data, if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1)) < 0) + sizeof (psk_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; diff --git a/lib/auth_psk_passwd.c b/lib/auth_psk_passwd.c index a1a1935525..f91c03f872 100644 --- a/lib/auth_psk_passwd.c +++ b/lib/auth_psk_passwd.c @@ -124,7 +124,7 @@ _randomize_psk (gnutls_datum_t * psk) */ int _gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username, - gnutls_datum_t * psk) + gnutls_datum_t * psk) { gnutls_psk_server_credentials_t cred; FILE *fd; @@ -148,21 +148,21 @@ _gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username, ret = cred->pwd_callback (session, username, psk); if (ret == 1) - { /* the user does not exist */ - ret = _randomize_psk (psk); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - return 0; - } + { /* the user does not exist */ + ret = _randomize_psk (psk); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + return 0; + } if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_SRP_PWD_ERROR; + } return 0; } @@ -190,21 +190,21 @@ _gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username, /* move to first ':' */ i = 0; while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } + { + i++; + } if (strncmp (username, line, MAX (i, len)) == 0) - { - ret = pwd_put_values (psk, line); - fclose (fd); - if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_SRP_PWD_ERROR; - } - return 0; - } + { + ret = pwd_put_values (psk, line); + fclose (fd); + if (ret < 0) + { + gnutls_assert (); + return GNUTLS_E_SRP_PWD_ERROR; + } + return 0; + } } fclose (fd); diff --git a/lib/auth_psk_passwd.h b/lib/auth_psk_passwd.h index 4a9be34031..ba64a5b313 100644 --- a/lib/auth_psk_passwd.h +++ b/lib/auth_psk_passwd.h @@ -26,6 +26,6 @@ /* this is locally allocated. It should be freed using the provided function */ int _gnutls_psk_pwd_find_entry (gnutls_session_t, char *username, - gnutls_datum_t * key); + gnutls_datum_t * key); #endif /* ENABLE_SRP */ diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 1605c9b77c..068c8e2caa 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -50,25 +50,25 @@ const mod_auth_st rsa_auth_struct = { "RSA", _gnutls_gen_cert_server_certificate, _gnutls_gen_cert_client_certificate, - NULL, /* gen server kx */ + NULL, /* gen server kx */ _gnutls_gen_rsa_client_kx, - _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, - NULL, /* proc server kx */ - proc_rsa_client_kx, /* proc client kx */ - _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + NULL, /* proc server kx */ + proc_rsa_client_kx, /* proc client kx */ + _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; /* This function reads the RSA parameters from peer's certificate; */ static int _gnutls_get_public_rsa_params (gnutls_session_t session, - bigint_t params[MAX_PUBLIC_PARAMS_SIZE], - int *params_len) + bigint_t params[MAX_PUBLIC_PARAMS_SIZE], + int *params_len) { int ret; cert_auth_info_t info; @@ -87,8 +87,8 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, ret = _gnutls_get_auth_info_gcert (&peer_cert, - session->security_parameters.cert_type, - info, CERT_ONLY_PUBKEY | CERT_NO_COPY); + session->security_parameters.cert_type, + info, CERT_ONLY_PUBKEY | CERT_NO_COPY); if (ret < 0) { @@ -107,21 +107,21 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, _gnutls_gcert_deinit (&peer_cert); if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } if (*params_len < 2) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } *params_len = 2; for (i = 0; i < *params_len; i++) - { - params[i] = _gnutls_mpi_copy (session->key->rsa[i]); - } + { + params[i] = _gnutls_mpi_copy (session->key->rsa[i]); + } return 0; } @@ -146,7 +146,7 @@ _gnutls_get_public_rsa_params (gnutls_session_t session, static int proc_rsa_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { gnutls_datum_t plaintext; gnutls_datum_t ciphertext; @@ -170,16 +170,16 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, dsize = _gnutls_read_uint16 (data); if (dsize != data_size) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } ciphertext.size = dsize; } ret = gnutls_privkey_decrypt_data (session->internals.selected_key, 0, - &ciphertext, &plaintext); + &ciphertext, &plaintext); if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { @@ -197,18 +197,18 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, * check the version number. */ if (_gnutls_get_adv_version_major (session) != plaintext.data[0] - || _gnutls_get_adv_version_minor (session) != plaintext.data[1]) - { - /* No error is returned here, if the version number check - * fails. We proceed normally. - * That is to defend against the attack described in the paper - * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, - * Ondej Pokorny and Tomas Rosa. - */ - gnutls_assert (); - _gnutls_x509_log - ("auth_rsa: Possible PKCS #1 version check format attack\n"); - } + || _gnutls_get_adv_version_minor (session) != plaintext.data[1]) + { + /* No error is returned here, if the version number check + * fails. We proceed normally. + * That is to defend against the attack described in the paper + * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, + * Ondej Pokorny and Tomas Rosa. + */ + gnutls_assert (); + _gnutls_x509_log + ("auth_rsa: Possible PKCS #1 version check format attack\n"); + } } if (randomize_key != 0) @@ -216,20 +216,20 @@ proc_rsa_client_kx (gnutls_session_t session, opaque * data, session->key->key.size = GNUTLS_MASTER_SIZE; session->key->key.data = gnutls_malloc (session->key->key.size); if (session->key->key.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } /* we do not need strong random numbers here. */ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, - session->key->key.size); + session->key->key.size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } else @@ -255,7 +255,7 @@ int _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data) { cert_auth_info_t auth = session->key->auth_info; - gnutls_datum_t sdata; /* data to send */ + gnutls_datum_t sdata; /* data to send */ bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_len = MAX_PUBLIC_PARAMS_SIZE; int ret, i; @@ -280,7 +280,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data) } ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data, - session->key->key.size); + session->key->key.size); if (ret < 0) { gnutls_assert (); @@ -295,7 +295,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data) session->key->key.data[1] = _gnutls_version_get_minor (ver); } else - { /* use the version provided */ + { /* use the version provided */ session->key->key.data[0] = session->internals.rsa_pms_version[0]; session->key->key.data[1] = session->internals.rsa_pms_version[1]; } @@ -311,7 +311,7 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_pkcs1_rsa_encrypt (&sdata, &session->key->key, - params, params_len, 2)) < 0) + params, params_len, 2)) < 0) { gnutls_assert (); return ret; @@ -327,13 +327,13 @@ _gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data) return sdata.size; } else - { /* TLS 1 */ + { /* TLS 1 */ *data = gnutls_malloc (sdata.size + 2); if (*data == NULL) - { - _gnutls_free_datum (&sdata); - return GNUTLS_E_MEMORY_ERROR; - } + { + _gnutls_free_datum (&sdata); + return GNUTLS_E_MEMORY_ERROR; + } _gnutls_write_datum16 (*data, sdata); ret = sdata.size + 2; _gnutls_free_datum (&sdata); diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 47cef3690a..ed35fcc3d4 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -48,7 +48,7 @@ int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **); static int gen_rsa_export_server_kx (gnutls_session_t, opaque **); static int proc_rsa_export_server_kx (gnutls_session_t, opaque *, size_t); static int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size); + size_t _data_size); const mod_auth_st rsa_export_auth_struct = { "RSA EXPORT", @@ -56,22 +56,22 @@ const mod_auth_st rsa_export_auth_struct = { _gnutls_gen_cert_client_certificate, gen_rsa_export_server_kx, _gnutls_gen_rsa_client_kx, - _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_cert_server_certificate, _gnutls_proc_cert_client_certificate, proc_rsa_export_server_kx, - proc_rsa_export_client_kx, /* proc client kx */ - _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + proc_rsa_export_client_kx, /* proc client kx */ + _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; /* This function reads the RSA parameters from the private key */ static int _gnutls_get_private_rsa_params (gnutls_session_t session, - bigint_t ** params, int *params_size) + bigint_t ** params, int *params_size) { int bits; gnutls_certificate_credentials_t cred; @@ -93,7 +93,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, bits = _gnutls_mpi_get_nbits (session->internals. - selected_cert_list[0].params[0]); + selected_cert_list[0].params[0]); if (_gnutls_cipher_suite_get_kx_algo (&session->security_parameters.current_cipher_suite) @@ -105,7 +105,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, rsa_params = _gnutls_certificate_get_rsa_params (cred->rsa_params, - cred->params_func, session); + cred->params_func, session); /* EXPORT case: */ if (rsa_params == NULL) { @@ -125,7 +125,7 @@ _gnutls_get_private_rsa_params (gnutls_session_t session, int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { gnutls_datum_t plaintext; gnutls_datum_t ciphertext; @@ -151,10 +151,10 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, dsize = _gnutls_read_uint16 (data); if (dsize != data_size) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } ciphertext.size = dsize; } @@ -165,7 +165,7 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, return ret; } - ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ + ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { @@ -183,18 +183,18 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, * check the version number. */ if (_gnutls_get_adv_version_major (session) != plaintext.data[0] - || _gnutls_get_adv_version_minor (session) != plaintext.data[1]) - { - /* No error is returned here, if the version number check - * fails. We proceed normally. - * That is to defend against the attack described in the paper - * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, - * Ondej Pokorny and Tomas Rosa. - */ - gnutls_assert (); - _gnutls_x509_log - ("auth_rsa: Possible PKCS #1 version check format attack\n"); - } + || _gnutls_get_adv_version_minor (session) != plaintext.data[1]) + { + /* No error is returned here, if the version number check + * fails. We proceed normally. + * That is to defend against the attack described in the paper + * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima, + * Ondej Pokorny and Tomas Rosa. + */ + gnutls_assert (); + _gnutls_x509_log + ("auth_rsa: Possible PKCS #1 version check format attack\n"); + } } if (randomize_key != 0) @@ -202,20 +202,20 @@ proc_rsa_export_client_kx (gnutls_session_t session, opaque * data, session->key->key.size = GNUTLS_MASTER_SIZE; session->key->key.data = gnutls_malloc (session->key->key.size); if (session->key->key.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } /* we do not need strong random numbers here. */ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data, - session->key->key.size); + session->key->key.size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } else @@ -260,7 +260,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -278,7 +278,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) rsa_params = _gnutls_certificate_get_rsa_params (cred->rsa_params, cred->params_func, - session); + session); rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params); if (rsa_mpis == NULL) { @@ -287,7 +287,7 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) } if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 0)) < 0) + sizeof (cert_auth_info_st), 0)) < 0) { gnutls_assert (); return ret; @@ -325,20 +325,20 @@ gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data) if (apr_cert_list_length > 0) { if ((ret = - _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) - { - gnutls_assert (); - gnutls_free (*data); - *data = NULL; - return ret; - } + _gnutls_handshake_sign_data (session, &apr_cert_list[0], + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) + { + gnutls_assert (); + gnutls_free (*data); + *data = NULL; + return ret; + } } else { gnutls_assert (); - return data_size; /* do not put a signature - ILLEGAL! */ + return data_size; /* do not put a signature - ILLEGAL! */ } *data = gnutls_realloc_fast (*data, data_size + signature.size + 2); @@ -375,8 +375,8 @@ _gnutls_peers_cert_less_512 (gnutls_session_t session) if ((ret = _gnutls_get_auth_info_gcert (&peer_cert, - session->security_parameters.cert_type, - info, CERT_NO_COPY)) < 0) + session->security_parameters.cert_type, + info, CERT_NO_COPY)) < 0) { gnutls_assert (); return 0; @@ -402,7 +402,7 @@ _gnutls_peers_cert_less_512 (gnutls_session_t session) static int proc_rsa_export_server_kx (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { uint16_t n_m, n_e; size_t _n_m, _n_e; @@ -458,7 +458,7 @@ proc_rsa_export_server_kx (gnutls_session_t session, } _gnutls_rsa_export_set_pubkey (session, session->key->rsa[1], - session->key->rsa[0]); + session->key->rsa[0]); /* VERIFY SIGNATURE */ @@ -474,8 +474,8 @@ proc_rsa_export_server_kx (gnutls_session_t session, if ((ret = _gnutls_get_auth_info_gcert (&peer_cert, - session->security_parameters.cert_type, - info, CERT_NO_COPY)) < 0) + session->security_parameters.cert_type, + info, CERT_NO_COPY)) < 0) { gnutls_assert (); return ret; @@ -483,7 +483,7 @@ proc_rsa_export_server_kx (gnutls_session_t session, ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, - GNUTLS_SIGN_UNKNOWN); + GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/lib/auth_srp.c b/lib/auth_srp.c index ff78c430fb..714e50c6db 100644 --- a/lib/auth_srp.c +++ b/lib/auth_srp.c @@ -48,7 +48,7 @@ const mod_auth_st srp_auth_struct = { NULL, NULL, - NULL, /* certificate */ + NULL, /* certificate */ _gnutls_proc_srp_server_kx, _gnutls_proc_srp_client_kx, NULL, @@ -147,7 +147,7 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) srp_ext_st *priv; ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv); - if (ret < 0) /* peer didn't send a username */ + if (ret < 0) /* peer didn't send a username */ { gnutls_assert (); return GNUTLS_E_UNKNOWN_SRP_USERNAME; @@ -156,7 +156,7 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_SRP, - sizeof (srp_server_auth_info_st), 1)) < 0) + sizeof (srp_server_auth_info_st), 1)) < 0) { gnutls_assert (); return ret; @@ -217,7 +217,7 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) */ data_size = (pwd_entry->n.size + 2 + pwd_entry->g.size + 2 + - pwd_entry->salt.size + 1) + (n_b + 2); + pwd_entry->salt.size + 1) + (n_b + 2); (*data) = gnutls_malloc (data_size); if ((*data) == NULL) @@ -257,8 +257,8 @@ _gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data) _gnutls_write_uint16 (n_b, data_b); _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b, - _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf), - NULL)); + _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf), + NULL)); _gnutls_srp_entry_free (pwd_entry); @@ -279,7 +279,7 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) srp_ext_st *priv; ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv); - if (ret < 0) /* peer didn't send a username */ + if (ret < 0) /* peer didn't send a username */ { gnutls_assert (); return GNUTLS_E_UNKNOWN_SRP_USERNAME; @@ -387,8 +387,8 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) } _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a, - _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf), - NULL)); + _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf), + NULL)); _gnutls_mpi_release (&A); @@ -401,7 +401,7 @@ _gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data) /* just read A and put it to session */ int _gnutls_proc_srp_client_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { size_t _n_A; ssize_t data_size = _data_size; @@ -623,8 +623,8 @@ group_check_g_n (gnutls_session_t session, bigint_t g, bigint_t n) int ret; if (_gnutls_mpi_get_nbits (n) < (session->internals.srp_prime_bits - ? session->internals.srp_prime_bits - : 2048)) + ? session->internals.srp_prime_bits + : 2048)) { gnutls_assert (); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; @@ -724,7 +724,7 @@ error: */ int _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { uint8_t n_s; uint16_t n_g, n_n, n_b; @@ -849,10 +849,10 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data, { _gnutls_x509_log ("Checking the SRP group parameters.\n"); if ((ret = group_check_g_n (session, G, N)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } /* Checks if b % n == 0 @@ -869,7 +869,7 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data, */ if ((ret = _gnutls_calc_srp_x (username, password, (opaque *) data_s, n_s, - &_n_g, hd)) < 0) + &_n_g, hd)) < 0) { gnutls_assert (); return ret; @@ -882,9 +882,9 @@ _gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data, } - return i; /* return the processed data - * needed in auth_srp_rsa. - */ + return i; /* return the processed data + * needed in auth_srp_rsa. + */ } #endif /* ENABLE_SRP */ diff --git a/lib/auth_srp.h b/lib/auth_srp.h index 245b6a5b99..a60217f596 100644 --- a/lib/auth_srp.h +++ b/lib/auth_srp.h @@ -54,9 +54,9 @@ typedef struct srp_server_auth_info_st #ifdef ENABLE_SRP int _gnutls_proc_srp_server_hello (gnutls_session_t state, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); int _gnutls_gen_srp_server_hello (gnutls_session_t state, opaque * data, - size_t data_size); + size_t data_size); int _gnutls_gen_srp_server_kx (gnutls_session_t, opaque **); int _gnutls_gen_srp_client_kx (gnutls_session_t, opaque **); diff --git a/lib/auth_srp_passwd.c b/lib/auth_srp_passwd.c index e67edf550f..5616377146 100644 --- a/lib/auth_srp_passwd.c +++ b/lib/auth_srp_passwd.c @@ -56,7 +56,7 @@ pwd_put_values (SRP_PWD_ENTRY * entry, char *str) size_t verifier_size; int indx; - p = strrchr (str, ':'); /* we have index */ + p = strrchr (str, ':'); /* we have index */ if (p == NULL) { gnutls_assert (); @@ -74,7 +74,7 @@ pwd_put_values (SRP_PWD_ENTRY * entry, char *str) } /* now go for salt */ - p = strrchr (str, ':'); /* we have salt */ + p = strrchr (str, ':'); /* we have salt */ if (p == NULL) { gnutls_assert (); @@ -95,7 +95,7 @@ pwd_put_values (SRP_PWD_ENTRY * entry, char *str) } /* now go for verifier */ - p = strrchr (str, ':'); /* we have verifier */ + p = strrchr (str, ':'); /* we have verifier */ if (p == NULL) { _gnutls_free_datum (&entry->salt); @@ -145,7 +145,7 @@ pwd_put_values2 (SRP_PWD_ENTRY * entry, char *str) opaque *tmp; int ret; - p = strrchr (str, ':'); /* we have g */ + p = strrchr (str, ':'); /* we have g */ if (p == NULL) { gnutls_assert (); @@ -171,7 +171,7 @@ pwd_put_values2 (SRP_PWD_ENTRY * entry, char *str) entry->g.size = ret; /* now go for n - modulo */ - p = strrchr (str, ':'); /* we have n */ + p = strrchr (str, ':'); /* we have n */ if (p == NULL) { _gnutls_free_datum (&entry->g); @@ -210,7 +210,7 @@ pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) unsigned i, len; char indexstr[10]; - sprintf (indexstr, "%d", idx); /* Flawfinder: ignore */ + sprintf (indexstr, "%d", idx); /* Flawfinder: ignore */ fd = fopen (pconf_file, "r"); if (fd == NULL) @@ -225,18 +225,18 @@ pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) /* move to first ':' */ i = 0; while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } + { + i++; + } if (strncmp (indexstr, line, MAX (i, len)) == 0) - { - if ((idx = pwd_put_values2 (entry, line)) >= 0) - return 0; - else - { - return GNUTLS_E_SRP_PWD_ERROR; - } - } + { + if ((idx = pwd_put_values2 (entry, line)) >= 0) + return 0; + else + { + return GNUTLS_E_SRP_PWD_ERROR; + } + } } return GNUTLS_E_SRP_PWD_ERROR; @@ -244,7 +244,7 @@ pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) int _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, - SRP_PWD_ENTRY ** _entry) + SRP_PWD_ENTRY ** _entry) { gnutls_srp_server_credentials_t cred; FILE *fd; @@ -277,34 +277,34 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, if (cred->pwd_callback != NULL) { ret = cred->pwd_callback (state, username, &entry->salt, - &entry->v, &entry->g, &entry->n); + &entry->v, &entry->g, &entry->n); if (ret == 1) - { /* the user does not exist */ - if (entry->g.size != 0 && entry->n.size != 0) - { - ret = _randomize_pwd_entry (entry); - if (ret < 0) - { - gnutls_assert (); - _gnutls_srp_entry_free (entry); - return ret; - } - return 0; - } - else - { - gnutls_assert (); - ret = -1; /* error in the callback */ - } - } + { /* the user does not exist */ + if (entry->g.size != 0 && entry->n.size != 0) + { + ret = _randomize_pwd_entry (entry); + if (ret < 0) + { + gnutls_assert (); + _gnutls_srp_entry_free (entry); + return ret; + } + return 0; + } + else + { + gnutls_assert (); + ret = -1; /* error in the callback */ + } + } if (ret < 0) - { - gnutls_assert (); - _gnutls_srp_entry_free (entry); - return GNUTLS_E_SRP_PWD_ERROR; - } + { + gnutls_assert (); + _gnutls_srp_entry_free (entry); + return GNUTLS_E_SRP_PWD_ERROR; + } return 0; } @@ -328,7 +328,7 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, return GNUTLS_E_SRP_PWD_ERROR; } - last_idx = 1; /* a default value */ + last_idx = 1; /* a default value */ len = strlen (username); while (fgets (line, sizeof (line), fd) != NULL) @@ -336,37 +336,37 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, /* move to first ':' */ i = 0; while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } + { + i++; + } if (strncmp (username, line, MAX (i, len)) == 0) - { - if ((idx = pwd_put_values (entry, line)) >= 0) - { - /* Keep the last index in memory, so we can retrieve fake parameters (g,n) - * when the user does not exist. - */ - /* XXX: last_idx will not be read as both if block branches return. */ - last_idx = idx; - if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0) - { - return 0; - } - else - { - gnutls_assert (); - _gnutls_srp_entry_free (entry); - return GNUTLS_E_SRP_PWD_ERROR; - } - } - else - { - gnutls_assert (); - _gnutls_srp_entry_free (entry); - return GNUTLS_E_SRP_PWD_ERROR; - } - } + { + if ((idx = pwd_put_values (entry, line)) >= 0) + { + /* Keep the last index in memory, so we can retrieve fake parameters (g,n) + * when the user does not exist. + */ + /* XXX: last_idx will not be read as both if block branches return. */ + last_idx = idx; + if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0) + { + return 0; + } + else + { + gnutls_assert (); + _gnutls_srp_entry_free (entry); + return GNUTLS_E_SRP_PWD_ERROR; + } + } + else + { + gnutls_assert (); + _gnutls_srp_entry_free (entry); + return GNUTLS_E_SRP_PWD_ERROR; + } + } } /* user was not found. Fake him. Actually read the g,n values from @@ -376,11 +376,11 @@ _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, { ret = _randomize_pwd_entry (entry); if (ret < 0) - { - gnutls_assert (); - _gnutls_srp_entry_free (entry); - return ret; - } + { + gnutls_assert (); + _gnutls_srp_entry_free (entry); + return ret; + } return 0; } diff --git a/lib/auth_srp_passwd.h b/lib/auth_srp_passwd.h index 014d630073..b8cf855e25 100644 --- a/lib/auth_srp_passwd.h +++ b/lib/auth_srp_passwd.h @@ -37,9 +37,9 @@ typedef struct /* this is locally allocated. It should be freed using the provided function */ int _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username, - SRP_PWD_ENTRY **); + SRP_PWD_ENTRY **); void _gnutls_srp_entry_free (SRP_PWD_ENTRY * entry); int _gnutls_sbase64_decode (uint8_t * data, size_t data_size, - uint8_t ** result); + uint8_t ** result); #endif /* ENABLE_SRP */ diff --git a/lib/auth_srp_rsa.c b/lib/auth_srp_rsa.c index 3967c57211..d9267903cf 100644 --- a/lib/auth_srp_rsa.c +++ b/lib/auth_srp_rsa.c @@ -55,7 +55,7 @@ const mod_auth_st srp_rsa_auth_struct = { NULL, _gnutls_proc_cert_server_certificate, - NULL, /* certificate */ + NULL, /* certificate */ proc_srp_cert_server_kx, _gnutls_proc_srp_client_kx, NULL, @@ -72,7 +72,7 @@ const mod_auth_st srp_dss_auth_struct = { NULL, _gnutls_proc_cert_server_certificate, - NULL, /* certificate */ + NULL, /* certificate */ proc_srp_cert_server_kx, _gnutls_proc_srp_client_kx, NULL, @@ -110,7 +110,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data) /* find the appropriate certificate */ if ((ret = _gnutls_get_selected_cert (session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) + &apr_cert_list_length, &apr_pkey)) < 0) { gnutls_assert (); return ret; @@ -118,8 +118,8 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data) if ((ret = _gnutls_handshake_sign_data (session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert (); gnutls_free (*data); @@ -145,7 +145,7 @@ gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data) static int proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, - size_t _data_size) + size_t _data_size) { ssize_t ret; int sigsize; @@ -171,7 +171,7 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, /* VERIFY SIGNATURE */ - vparams.size = ret; /* all the data minus the signature */ + vparams.size = ret; /* all the data minus the signature */ vparams.data = data; p = &data[vparams.size]; @@ -185,8 +185,8 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, ret = _gnutls_get_auth_info_gcert (&peer_cert, - session->security_parameters.cert_type, - info, CERT_NO_COPY); + session->security_parameters.cert_type, + info, CERT_NO_COPY); if (ret < 0) { @@ -196,7 +196,7 @@ proc_srp_cert_server_kx (gnutls_session_t session, opaque * data, ret = _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature, - GNUTLS_SIGN_UNKNOWN); + GNUTLS_SIGN_UNKNOWN); _gnutls_gcert_deinit (&peer_cert); if (ret < 0) diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c index 327a24cdf5..1ded485d38 100644 --- a/lib/auth_srp_sb64.c +++ b/lib/auth_srp_sb64.c @@ -82,61 +82,61 @@ encode (uint8_t * result, const uint8_t * rdata, int left) case 3: result[0] = b64table[((data[0] & 0xfc) >> 2)]; result[1] = - b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | - ((data[1] & 0xf0) >> 4))]; + b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | + ((data[1] & 0xf0) >> 4))]; result[2] = - b64table[((((data[1] & 0x0f) << 2) & 0xff) | - ((data[2] & 0xc0) >> 6))]; + b64table[((((data[1] & 0x0f) << 2) & 0xff) | + ((data[2] & 0xc0) >> 6))]; result[3] = b64table[(data[2] & 0x3f) & 0xff]; break; case 2: if ((c = ((data[0] & 0xf0) >> 4)) != 0) - { - result[0] = b64table[c]; - result[1] = - b64table[((((data[0] & 0x0f) << 2) & 0xff) | - ((data[1] & 0xc0) >> 6))]; - result[2] = b64table[(data[1] & 0x3f) & 0xff]; - result[3] = '\0'; - ret -= 1; - } + { + result[0] = b64table[c]; + result[1] = + b64table[((((data[0] & 0x0f) << 2) & 0xff) | + ((data[1] & 0xc0) >> 6))]; + result[2] = b64table[(data[1] & 0x3f) & 0xff]; + result[3] = '\0'; + ret -= 1; + } else - { - if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0) - { - result[0] = b64table[c]; - result[1] = b64table[data[1] & 0x3f]; - result[2] = '\0'; - result[3] = '\0'; - ret -= 2; - } - else - { - result[0] = b64table[data[0] & 0x3f]; - result[1] = '\0'; - result[2] = '\0'; - result[3] = '\0'; - ret -= 3; - } - } + { + if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0) + { + result[0] = b64table[c]; + result[1] = b64table[data[1] & 0x3f]; + result[2] = '\0'; + result[3] = '\0'; + ret -= 2; + } + else + { + result[0] = b64table[data[0] & 0x3f]; + result[1] = '\0'; + result[2] = '\0'; + result[3] = '\0'; + ret -= 3; + } + } break; case 1: if ((c = ((data[0] & 0xc0) >> 6)) != 0) - { - result[0] = b64table[c]; - result[1] = b64table[(data[0] & 0x3f) & 0xff]; - result[2] = '\0'; - result[3] = '\0'; - ret -= 2; - } + { + result[0] = b64table[c]; + result[1] = b64table[(data[0] & 0x3f) & 0xff]; + result[2] = '\0'; + result[3] = '\0'; + ret -= 2; + } else - { - result[0] = b64table[(data[0] & 0x3f) & 0xff]; - result[1] = '\0'; - result[2] = '\0'; - result[3] = '\0'; - ret -= 3; - } + { + result[0] = b64table[(data[0] & 0x3f) & 0xff]; + result[1] = '\0'; + result[2] = '\0'; + result[3] = '\0'; + ret -= 3; + } break; default: return -1; @@ -176,10 +176,10 @@ _gnutls_sbase64_encode (uint8_t * data, size_t data_size, uint8_t ** result) { tmp = encode (tmpres, &data[0], mod); if (tmp < 0) - { - gnutls_free ((*result)); - return tmp; - } + { + gnutls_free ((*result)); + return tmp; + } memcpy (&(*result)[0], tmpres, tmp); i = mod; @@ -192,10 +192,10 @@ _gnutls_sbase64_encode (uint8_t * data, size_t data_size, uint8_t ** result) { tmp = encode (tmpres, &data[i], data_size - i); if (tmp < 0) - { - gnutls_free ((*result)); - return tmp; - } + { + gnutls_free ((*result)); + return tmp; + } memcpy (&(*result)[j], tmpres, tmp); } @@ -280,15 +280,15 @@ _gnutls_sbase64_decode (uint8_t * data, size_t idata_size, uint8_t ** result) tmp = decode (tmpres, datrev); if (tmp < 0) - { - gnutls_free ((*result)); - *result = NULL; - return tmp; - } + { + gnutls_free ((*result)); + *result = NULL; + return tmp; + } memcpy (*result, &tmpres[3 - tmp], tmp); if (tmp < 3) - ret -= (3 - tmp); + ret -= (3 - tmp); } /* rest data */ @@ -296,14 +296,14 @@ _gnutls_sbase64_decode (uint8_t * data, size_t idata_size, uint8_t ** result) { tmp = decode (tmpres, &data[i]); if (tmp < 0) - { - gnutls_free ((*result)); - *result = NULL; - return tmp; - } + { + gnutls_free ((*result)); + *result = NULL; + return tmp; + } memcpy (&(*result)[j], tmpres, tmp); if (tmp < 3) - ret -= (3 - tmp); + ret -= (3 - tmp); j += 3; } @@ -329,7 +329,7 @@ _gnutls_sbase64_decode (uint8_t * data, size_t idata_size, uint8_t ** result) **/ int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result, - size_t * result_size) + size_t * result_size) { opaque *ret; int size; @@ -373,7 +373,7 @@ gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result, **/ int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data, - gnutls_datum_t * result) + gnutls_datum_t * result) { opaque *ret; int size; @@ -415,7 +415,7 @@ gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data, **/ int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result, - size_t * result_size) + size_t * result_size) { opaque *ret; int size; @@ -458,7 +458,7 @@ gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result, **/ int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data, - gnutls_datum_t * result) + gnutls_datum_t * result) { opaque *ret; int size; diff --git a/lib/crypto-api.c b/lib/crypto-api.c index 517568eb66..d89b7a2b53 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -48,8 +48,8 @@ **/ int gnutls_cipher_init (gnutls_cipher_hd_t * handle, - gnutls_cipher_algorithm_t cipher, - const gnutls_datum_t * key, const gnutls_datum_t * iv) + gnutls_cipher_algorithm_t cipher, + const gnutls_datum_t * key, const gnutls_datum_t * iv) { *handle = gnutls_malloc (sizeof (cipher_hd_st)); if (*handle == NULL) @@ -95,10 +95,10 @@ gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, size_t textlen) **/ int gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext, - size_t ciphertextlen) + size_t ciphertextlen) { return _gnutls_cipher_decrypt ((cipher_hd_st *) handle, ciphertext, - ciphertextlen); + ciphertextlen); } /** @@ -118,10 +118,10 @@ gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext, **/ int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen, - void *ciphertext, size_t ciphertextlen) + void *ciphertext, size_t ciphertextlen) { return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen, - ciphertext, ciphertextlen); + ciphertext, ciphertextlen); } /** @@ -141,10 +141,10 @@ gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen, **/ int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext, - size_t ciphertextlen, void *text, size_t textlen) + size_t ciphertextlen, void *text, size_t textlen) { return _gnutls_cipher_decrypt2 ((cipher_hd_st *) handle, ciphertext, - ciphertextlen, text, textlen); + ciphertextlen, text, textlen); } /** @@ -184,8 +184,8 @@ gnutls_cipher_deinit (gnutls_cipher_hd_t handle) **/ int gnutls_hmac_init (gnutls_hmac_hd_t * dig, - gnutls_digest_algorithm_t algorithm, - const void *key, size_t keylen) + gnutls_digest_algorithm_t algorithm, + const void *key, size_t keylen) { *dig = gnutls_malloc (sizeof (digest_hd_st)); if (*dig == NULL) @@ -283,8 +283,8 @@ gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm) **/ int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, - const void *key, size_t keylen, - const void *text, size_t textlen, void *digest) + const void *key, size_t keylen, + const void *text, size_t textlen, void *digest) { return _gnutls_hmac_fast (algorithm, key, keylen, text, textlen, digest); } @@ -402,7 +402,7 @@ gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm) **/ int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, - const void *text, size_t textlen, void *digest) + const void *text, size_t textlen, void *digest) { return _gnutls_hash_fast (algorithm, text, textlen, digest); } diff --git a/lib/crypto.c b/lib/crypto.c index 571a4c4bc8..853df9ed70 100644 --- a/lib/crypto.c +++ b/lib/crypto.c @@ -60,24 +60,24 @@ _algo_register (algo_list * al, int algorithm, int priority, const void *s) while (cl && cl->alg_data) { if (cl->algorithm == algorithm) - { - if (cl->priority < priority) - { - gnutls_assert (); - return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; - } - else - { - /* the current has higher priority -> overwrite */ - cl->algorithm = algorithm; - cl->priority = priority; - cl->alg_data = s; - return 0; - } - } + { + if (cl->priority < priority) + { + gnutls_assert (); + return GNUTLS_E_CRYPTO_ALREADY_REGISTERED; + } + else + { + /* the current has higher priority -> overwrite */ + cl->algorithm = algorithm; + cl->priority = priority; + cl->alg_data = s; + return 0; + } + } cl = cl->next; if (cl) - last_cl = cl; + last_cl = cl; } cl = gnutls_calloc (1, sizeof (cipher_list)); @@ -108,9 +108,9 @@ _get_algo (algo_list * al, int algo) while (cl && cl->alg_data) { if (cl->algorithm == algo) - { - return cl->alg_data; - } + { + return cl->alg_data; + } cl = cl->next; } @@ -170,8 +170,8 @@ _gnutls_crypto_deregister (void) **/ int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm, - int priority, int version, - const gnutls_crypto_cipher_st * s) + int priority, int version, + const gnutls_crypto_cipher_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -211,7 +211,7 @@ _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo) **/ int gnutls_crypto_rnd_register2 (int priority, int version, - const gnutls_crypto_rnd_st * s) + const gnutls_crypto_rnd_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -252,8 +252,8 @@ gnutls_crypto_rnd_register2 (int priority, int version, **/ int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm, - int priority, int version, - const gnutls_crypto_mac_st * s) + int priority, int version, + const gnutls_crypto_mac_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -294,8 +294,8 @@ _gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo) **/ int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm, - int priority, int version, - const gnutls_crypto_digest_st * s) + int priority, int version, + const gnutls_crypto_digest_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -338,7 +338,7 @@ _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo) **/ int gnutls_crypto_bigint_register2 (int priority, int version, - const gnutls_crypto_bigint_st * s) + const gnutls_crypto_bigint_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -382,7 +382,7 @@ gnutls_crypto_bigint_register2 (int priority, int version, **/ int gnutls_crypto_pk_register2 (int priority, int version, - const gnutls_crypto_pk_st * s) + const gnutls_crypto_pk_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -423,7 +423,7 @@ gnutls_crypto_pk_register2 (int priority, int version, **/ int gnutls_crypto_cipher_register2 (int priority, int version, - const gnutls_crypto_cipher_st * s) + const gnutls_crypto_cipher_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -464,7 +464,7 @@ gnutls_crypto_cipher_register2 (int priority, int version, **/ int gnutls_crypto_mac_register2 (int priority, int version, - const gnutls_crypto_mac_st * s) + const gnutls_crypto_mac_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { @@ -505,7 +505,7 @@ gnutls_crypto_mac_register2 (int priority, int version, **/ int gnutls_crypto_digest_register2 (int priority, int version, - const gnutls_crypto_digest_st * s) + const gnutls_crypto_digest_st * s) { if (version != GNUTLS_CRYPTO_API_VERSION) { diff --git a/lib/crypto.h b/lib/crypto.h index 8202adf23d..3e6321574d 100644 --- a/lib/crypto.h +++ b/lib/crypto.h @@ -30,7 +30,7 @@ const gnutls_crypto_cipher_st const gnutls_crypto_digest_st * _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo); const gnutls_crypto_mac_st *_gnutls_get_crypto_mac (gnutls_mac_algorithm_t - algo); + algo); void _gnutls_crypto_deregister (void); #endif /* CRYPTO_H */ diff --git a/lib/cryptodev.c b/lib/cryptodev.c index fb74be75f2..4e09c4d108 100644 --- a/lib/cryptodev.c +++ b/lib/cryptodev.c @@ -118,7 +118,7 @@ cryptodev_setiv (void *_ctx, const void *iv, size_t iv_size) static int cryptodev_encrypt (void *_ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize) + void *encr, size_t encrsize) { struct cryptodev_ctx *ctx = _ctx; ctx->cryp.len = plainsize; @@ -135,7 +135,7 @@ cryptodev_encrypt (void *_ctx, const void *plain, size_t plainsize, static int cryptodev_decrypt (void *_ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize) + void *plain, size_t plainsize) { struct cryptodev_ctx *ctx = _ctx; @@ -183,7 +183,7 @@ register_crypto (int cfd) i++) { if (gnutls_cipher_map[i] == 0) - continue; + continue; /* test if a cipher is support it and if yes register it */ sess.cipher = gnutls_cipher_map[i]; @@ -191,20 +191,20 @@ register_crypto (int cfd) sess.key = fake_key; if (ioctl (cfd, CIOCGSESSION, &sess)) - { - continue; - } + { + continue; + } ioctl (cfd, CIOCFSESSION, &sess); _gnutls_debug_log ("/dev/crypto: registering: %s\n", - gnutls_cipher_get_name (i)); + gnutls_cipher_get_name (i)); ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } @@ -230,15 +230,15 @@ _gnutls_cryptodev_init (void) /* Clone file descriptor */ if (ioctl (cryptodev_fd, CRIOGET, &cfd)) { - gnutls_assert (); - return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; + gnutls_assert (); + return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; } /* Set close-on-exec (not really neede here) */ if (fcntl (cfd, F_SETFD, 1) == -1) { - gnutls_assert (); - return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; + gnutls_assert (); + return GNUTLS_E_CRYPTODEV_IOCTL_ERROR; } close (cryptodev_fd); @@ -254,7 +254,7 @@ _gnutls_cryptodev_init (void) { ret = register_mac (cryptodev_fd); if (ret < 0) - gnutls_assert (); + gnutls_assert (); } if (ret < 0) @@ -383,27 +383,27 @@ register_mac (int cfd) for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++) { if (gnutls_mac_map[i] == 0) - continue; + continue; sess.mac = gnutls_mac_map[i]; sess.keylen = 8; sess.key = fake_key; if (ioctl (cfd, CIOCGSESSION, &sess)) - { - continue; - } + { + continue; + } ioctl (cfd, CIOCFSESSION, &sess); _gnutls_debug_log ("/dev/crypto: registering: %s\n", - gnutls_mac_get_name (i)); + gnutls_mac_get_name (i)); ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } diff --git a/lib/debug.c b/lib/debug.c index a791ba3c69..ec4988af5e 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -38,10 +38,10 @@ _gnutls_dump_mpi (const char *prefix, bigint_t a) size_t n = sizeof buf; if (_gnutls_mpi_print (a, buf, &n)) - strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */ + strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */ _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix, - _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex), - NULL)); + _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex), + NULL)); } diff --git a/lib/ext_cert_type.c b/lib/ext_cert_type.c index 3fe0c12841..ca5f7a0e0c 100644 --- a/lib/ext_cert_type.c +++ b/lib/ext_cert_type.c @@ -40,10 +40,10 @@ inline static int _gnutls_num2cert_type (int num); inline static int _gnutls_cert_type2num (int record_size); static int _gnutls_cert_type_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_cert_type_send_params (gnutls_session_t session, - opaque * data, size_t); + opaque * data, size_t); extension_entry_st ext_mod_cert_type = { .name = "CERT TYPE", @@ -68,7 +68,7 @@ extension_entry_st ext_mod_cert_type = { static int _gnutls_cert_type_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { int new_type = -1, ret, i; ssize_t data_size = _data_size; @@ -76,83 +76,83 @@ _gnutls_cert_type_recv_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT) { if (data_size > 0) - { - if (data_size != 1) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - new_type = _gnutls_num2cert_type (data[0]); - - if (new_type < 0) - { - gnutls_assert (); - return new_type; - } - - /* Check if we support this cert_type */ - if ((ret = - _gnutls_session_cert_type_supported (session, new_type)) < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_session_cert_type_set (session, new_type); - } + { + if (data_size != 1) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + new_type = _gnutls_num2cert_type (data[0]); + + if (new_type < 0) + { + gnutls_assert (); + return new_type; + } + + /* Check if we support this cert_type */ + if ((ret = + _gnutls_session_cert_type_supported (session, new_type)) < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_session_cert_type_set (session, new_type); + } } else - { /* SERVER SIDE - we must check if the sent cert type is the right one - */ + { /* SERVER SIDE - we must check if the sent cert type is the right one + */ if (data_size > 1) - { - uint8_t len; - - DECR_LEN (data_size, 1); - len = data[0]; - DECR_LEN (data_size, len); - - for (i = 0; i < len; i++) - { - new_type = _gnutls_num2cert_type (data[i + 1]); - - if (new_type < 0) - continue; - - /* Check if we support this cert_type */ - if ((ret = - _gnutls_session_cert_type_supported (session, - new_type)) < 0) - { - gnutls_assert (); - continue; - } - else - break; - /* new_type is ok */ - } - - if (new_type < 0) - { - gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - - if ((ret = - _gnutls_session_cert_type_supported (session, new_type)) < 0) - { - gnutls_assert (); - /* The peer has requested unsupported certificate - * types. Instead of failing, procceed normally. - * (the ciphersuite selection would fail, or a - * non certificate ciphersuite will be selected). - */ - return 0; - } - - _gnutls_session_cert_type_set (session, new_type); - } + { + uint8_t len; + + DECR_LEN (data_size, 1); + len = data[0]; + DECR_LEN (data_size, len); + + for (i = 0; i < len; i++) + { + new_type = _gnutls_num2cert_type (data[i + 1]); + + if (new_type < 0) + continue; + + /* Check if we support this cert_type */ + if ((ret = + _gnutls_session_cert_type_supported (session, + new_type)) < 0) + { + gnutls_assert (); + continue; + } + else + break; + /* new_type is ok */ + } + + if (new_type < 0) + { + gnutls_assert (); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } + + if ((ret = + _gnutls_session_cert_type_supported (session, new_type)) < 0) + { + gnutls_assert (); + /* The peer has requested unsupported certificate + * types. Instead of failing, procceed normally. + * (the ciphersuite selection would fail, or a + * non certificate ciphersuite will be selected). + */ + return 0; + } + + _gnutls_session_cert_type_set (session, new_type); + } } @@ -164,7 +164,7 @@ _gnutls_cert_type_recv_params (gnutls_session_t session, */ static int _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { unsigned len, i; @@ -173,55 +173,55 @@ _gnutls_cert_type_send_params (gnutls_session_t session, opaque * data, { if (session->internals.priorities.cert_type.algorithms > 0) - { - - len = session->internals.priorities.cert_type.algorithms; - - if (len == 1 && - session->internals.priorities.cert_type.priority[0] == - GNUTLS_CRT_X509) - { - /* We don't use this extension if X.509 certificates - * are used. - */ - return 0; - } - - if (data_size < len + 1) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - /* this is a vector! - */ - data[0] = (uint8_t) len; - - for (i = 0; i < len; i++) - { - data[i + 1] = - _gnutls_cert_type2num (session->internals.priorities. - cert_type.priority[i]); - } - return len + 1; - } + { + + len = session->internals.priorities.cert_type.algorithms; + + if (len == 1 && + session->internals.priorities.cert_type.priority[0] == + GNUTLS_CRT_X509) + { + /* We don't use this extension if X.509 certificates + * are used. + */ + return 0; + } + + if (data_size < len + 1) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + /* this is a vector! + */ + data[0] = (uint8_t) len; + + for (i = 0; i < len; i++) + { + data[i + 1] = + _gnutls_cert_type2num (session->internals.priorities. + cert_type.priority[i]); + } + return len + 1; + } } else - { /* server side */ + { /* server side */ if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE) - { - len = 1; - if (data_size < len) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = - _gnutls_cert_type2num (session->security_parameters.cert_type); - return len; - } + { + len = 1; + if (data_size < len) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + data[0] = + _gnutls_cert_type2num (session->security_parameters.cert_type); + return len; + } } diff --git a/lib/ext_max_record.c b/lib/ext_max_record.c index ca3fc4e220..35931d8e1a 100644 --- a/lib/ext_max_record.c +++ b/lib/ext_max_record.c @@ -32,15 +32,15 @@ #include <ext_max_record.h> static int _gnutls_max_record_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_max_record_send_params (gnutls_session_t session, - opaque * data, size_t); + opaque * data, size_t); static int _gnutls_max_record_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv); + extension_priv_data_t * _priv); static int _gnutls_max_record_pack (extension_priv_data_t _priv, - gnutls_buffer_st * ps); + gnutls_buffer_st * ps); /* Maps record size to numbers according to the * extensions draft. @@ -73,7 +73,7 @@ extension_entry_st ext_mod_max_record_size = { static int _gnutls_max_record_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { ssize_t new_size; ssize_t data_size = _data_size; @@ -83,54 +83,54 @@ _gnutls_max_record_recv_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) - { - DECR_LEN (data_size, 1); + { + DECR_LEN (data_size, 1); - new_size = _gnutls_mre_num2record (data[0]); + new_size = _gnutls_mre_num2record (data[0]); - if (new_size < 0) - { - gnutls_assert (); - return new_size; - } + if (new_size < 0) + { + gnutls_assert (); + return new_size; + } - session->security_parameters.max_record_send_size = new_size; - session->security_parameters.max_record_recv_size = new_size; - } + session->security_parameters.max_record_send_size = new_size; + session->security_parameters.max_record_recv_size = new_size; + } } else - { /* CLIENT SIDE - we must check if the sent record size is the right one - */ + { /* CLIENT SIDE - we must check if the sent record size is the right one + */ if (data_size > 0) - { - ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_MAX_RECORD_SIZE, - &epriv); - if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - if (data_size != 1) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - new_size = _gnutls_mre_num2record (data[0]); - - if (new_size < 0 || new_size != epriv.num) - { - gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } - else - { - session->security_parameters.max_record_recv_size = epriv.num; - } - - } + { + ret = _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_MAX_RECORD_SIZE, + &epriv); + if (ret < 0) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + if (data_size != 1) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } + + new_size = _gnutls_mre_num2record (data[0]); + + if (new_size < 0 || new_size != epriv.num) + { + gnutls_assert (); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } + else + { + session->security_parameters.max_record_recv_size = epriv.num; + } + + } } @@ -142,7 +142,7 @@ _gnutls_max_record_recv_params (gnutls_session_t session, */ static int _gnutls_max_record_send_params (gnutls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { uint16_t len; int ret; @@ -153,46 +153,46 @@ _gnutls_max_record_send_params (gnutls_session_t session, opaque * data, extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_MAX_RECORD_SIZE, - &epriv); - if (ret < 0) /* it is ok not to have it */ - { - return 0; - } + GNUTLS_EXTENSION_MAX_RECORD_SIZE, + &epriv); + if (ret < 0) /* it is ok not to have it */ + { + return 0; + } if (epriv.num != DEFAULT_MAX_RECORD_SIZE) - { - len = 1; - if (data_size < len) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num); - return len; - } + { + len = 1; + if (data_size < len) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num); + return len; + } } else - { /* server side */ + { /* server side */ if (session->security_parameters.max_record_recv_size != - DEFAULT_MAX_RECORD_SIZE) - { - len = 1; - if (data_size < len) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = - (uint8_t) - _gnutls_mre_record2num - (session->security_parameters.max_record_recv_size); - return len; - } + DEFAULT_MAX_RECORD_SIZE) + { + len = 1; + if (data_size < len) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + data[0] = + (uint8_t) + _gnutls_mre_record2num + (session->security_parameters.max_record_recv_size); + return len; + } } @@ -214,7 +214,7 @@ _gnutls_max_record_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) static int _gnutls_max_record_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv) + extension_priv_data_t * _priv) { extension_priv_data_t epriv; int ret; @@ -332,7 +332,7 @@ gnutls_record_set_max_size (gnutls_session_t session, size_t size) epriv.num = size; _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE, - epriv); + epriv); return 0; } diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index 5c9cdb012d..c34d450ef2 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -28,9 +28,9 @@ static int _gnutls_sr_recv_params (gnutls_session_t state, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); static int _gnutls_sr_send_params (gnutls_session_t state, - opaque * data, size_t); + opaque * data, size_t); static void _gnutls_sr_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_sr = { @@ -47,7 +47,7 @@ extension_entry_st ext_mod_sr = { int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, - size_t vdata_size, int dir) + size_t vdata_size, int dir) { int ret; sr_ext_st *priv; @@ -59,8 +59,8 @@ _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { gnutls_assert (); @@ -105,8 +105,8 @@ _gnutls_ext_sr_verify (gnutls_session_t session) } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret >= 0) priv = epriv.ptr; @@ -115,85 +115,85 @@ _gnutls_ext_sr_verify (gnutls_session_t session) if (priv && priv->safe_renegotiation_received) { if ((priv->ri_extension_data_len < priv->client_verify_data_len) || - (memcmp (priv->ri_extension_data, - priv->client_verify_data, priv->client_verify_data_len))) - { - gnutls_assert (); - _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n", - session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } + (memcmp (priv->ri_extension_data, + priv->client_verify_data, priv->client_verify_data_len))) + { + gnutls_assert (); + _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n", + session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } if (session->security_parameters.entity == GNUTLS_CLIENT) - { - if ((priv->ri_extension_data_len != - priv->client_verify_data_len + priv->server_verify_data_len) || - memcmp (priv->ri_extension_data + priv->client_verify_data_len, - priv->server_verify_data, - priv->server_verify_data_len) != 0) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Safe renegotiation failed [2]\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } - else /* Make sure there are 0 extra bytes */ - { - if (priv->ri_extension_data_len != priv->client_verify_data_len) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Safe renegotiation failed [3]\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if ((priv->ri_extension_data_len != + priv->client_verify_data_len + priv->server_verify_data_len) || + memcmp (priv->ri_extension_data + priv->client_verify_data_len, + priv->server_verify_data, + priv->server_verify_data_len) != 0) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Safe renegotiation failed [2]\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } + else /* Make sure there are 0 extra bytes */ + { + if (priv->ri_extension_data_len != priv->client_verify_data_len) + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Safe renegotiation failed [3]\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n", - session); + session); } - else /* safe renegotiation not received... */ + else /* safe renegotiation not received... */ { if (priv && priv->connection_using_safe_renegotiation) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Peer previously asked for safe renegotiation\n", - session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Peer previously asked for safe renegotiation\n", + session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } /* Clients can't tell if it's an initial negotiation */ if (session->internals.initial_negotiation_completed) - { - if (session->internals.priorities.sr < SR_PARTIAL) - { - _gnutls_handshake_log - ("HSK[%p]: Allowing unsafe (re)negotiation\n", session); - } - else - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Denying unsafe (re)negotiation\n", session); - return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; - } - } + { + if (session->internals.priorities.sr < SR_PARTIAL) + { + _gnutls_handshake_log + ("HSK[%p]: Allowing unsafe (re)negotiation\n", session); + } + else + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Denying unsafe (re)negotiation\n", session); + return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED; + } + } else - { - if (session->internals.priorities.sr < SR_SAFE) - { - _gnutls_handshake_log - ("HSK[%p]: Allowing unsafe initial negotiation\n", session); - } - else - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Denying unsafe initial negotiation\n", session); - return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; - } - } + { + if (session->internals.priorities.sr < SR_SAFE) + { + _gnutls_handshake_log + ("HSK[%p]: Allowing unsafe initial negotiation\n", session); + } + else + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Denying unsafe initial negotiation\n", session); + return GNUTLS_E_SAFE_RENEGOTIATION_FAILED; + } + } } return 0; @@ -209,8 +209,8 @@ _gnutls_ext_sr_recv_cs (gnutls_session_t session) extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -225,10 +225,10 @@ _gnutls_ext_sr_recv_cs (gnutls_session_t session) { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -239,7 +239,7 @@ _gnutls_ext_sr_recv_cs (gnutls_session_t session) if (set != 0) _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } @@ -252,8 +252,8 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -268,10 +268,10 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -279,14 +279,14 @@ _gnutls_ext_sr_send_cs (gnutls_session_t session) if (set != 0) _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } static int _gnutls_sr_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { int len = data[0]; ssize_t data_size = _data_size; @@ -303,8 +303,8 @@ _gnutls_sr_recv_params (gnutls_session_t session, } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER) { set = 1; @@ -319,10 +319,10 @@ _gnutls_sr_recv_params (gnutls_session_t session, { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -357,13 +357,13 @@ _gnutls_sr_recv_params (gnutls_session_t session, if (set != 0) _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv); return 0; } static int _gnutls_sr_send_params (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { /* The format of this extension is a one-byte length of verify data followed * by the verify data itself. Note that the length byte does not include @@ -382,8 +382,8 @@ _gnutls_sr_send_params (gnutls_session_t session, } ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { set = 1; @@ -393,15 +393,15 @@ _gnutls_sr_send_params (gnutls_session_t session, { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + epriv); } else priv = epriv.ptr; @@ -418,24 +418,24 @@ _gnutls_sr_send_params (gnutls_session_t session, DECR_LEN (data_size, priv->client_verify_data_len); if (priv->client_verify_data_len > 0) - memcpy (&data[1], priv->client_verify_data, - priv->client_verify_data_len); + memcpy (&data[1], priv->client_verify_data, + priv->client_verify_data_len); if (session->security_parameters.entity == GNUTLS_SERVER) - { - data[0] += priv->server_verify_data_len; + { + data[0] += priv->server_verify_data_len; - DECR_LEN (data_size, priv->server_verify_data_len); + DECR_LEN (data_size, priv->server_verify_data_len); - if (priv->server_verify_data_len > 0) - memcpy (&data[1 + priv->client_verify_data_len], - priv->server_verify_data, priv->server_verify_data_len); - } + if (priv->server_verify_data_len > 0) + memcpy (&data[1 + priv->client_verify_data_len], + priv->server_verify_data, priv->server_verify_data_len); + } } else return 0; - return 1 + data[0]; /* don't forget the length byte */ + return 1 + data[0]; /* don't forget the length byte */ } static void @@ -464,8 +464,8 @@ gnutls_safe_renegotiation_status (gnutls_session_t session) extension_priv_data_t epriv; ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION, - &epriv); + GNUTLS_EXTENSION_SAFE_RENEGOTIATION, + &epriv); if (ret < 0) { gnutls_assert (); diff --git a/lib/ext_safe_renegotiation.h b/lib/ext_safe_renegotiation.h index 3328bdeb6b..4cef706a36 100644 --- a/lib/ext_safe_renegotiation.h +++ b/lib/ext_safe_renegotiation.h @@ -33,7 +33,7 @@ typedef struct size_t client_verify_data_len; uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE]; size_t server_verify_data_len; - uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */ + uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */ size_t ri_extension_data_len; int safe_renegotiation_received:1; @@ -44,7 +44,7 @@ typedef struct extern extension_entry_st ext_mod_sr; int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata, - size_t vdata_size, int dir); + size_t vdata_size, int dir); int _gnutls_ext_sr_recv_cs (gnutls_session_t session); int _gnutls_ext_sr_verify (gnutls_session_t session); int _gnutls_ext_sr_send_cs (gnutls_session_t); diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index afb6bb33b8..1dccb709bf 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -30,15 +30,15 @@ #include <ext_server_name.h> static int _gnutls_server_name_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_server_name_send_params (gnutls_session_t session, - opaque * data, size_t); + opaque * data, size_t); static int _gnutls_server_name_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv); + extension_priv_data_t * _priv); static int _gnutls_server_name_pack (extension_priv_data_t _priv, - gnutls_buffer_st * ps); + gnutls_buffer_st * ps); static void _gnutls_server_name_deinit_data (extension_priv_data_t priv); @@ -65,7 +65,7 @@ extension_entry_st ext_mod_server_name = { */ static int _gnutls_server_name_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { int i; const unsigned char *p; @@ -81,89 +81,89 @@ _gnutls_server_name_recv_params (gnutls_session_t session, len = _gnutls_read_uint16 (data); if (len != data_size) - { - /* This is unexpected packet length, but - * just ignore it, for now. - */ - gnutls_assert (); - return 0; - } + { + /* This is unexpected packet length, but + * just ignore it, for now. + */ + gnutls_assert (); + return 0; + } p = data + 2; /* Count all server_names in the packet. */ while (data_size > 0) - { - DECR_LENGTH_RET (data_size, 1, 0); - p++; - - DECR_LEN (data_size, 2); - len = _gnutls_read_uint16 (p); - p += 2; - - if (len > 0) - { - DECR_LENGTH_RET (data_size, len, 0); - server_names++; - p += len; - } - else - _gnutls_handshake_log - ("HSK[%p]: Received zero size server name (under attack?)\n", - session); - - } + { + DECR_LENGTH_RET (data_size, 1, 0); + p++; + + DECR_LEN (data_size, 2); + len = _gnutls_read_uint16 (p); + p += 2; + + if (len > 0) + { + DECR_LENGTH_RET (data_size, len, 0); + server_names++; + p += len; + } + else + _gnutls_handshake_log + ("HSK[%p]: Received zero size server name (under attack?)\n", + session); + + } /* we cannot accept more server names. */ if (server_names > MAX_SERVER_NAME_EXTENSIONS) - { - _gnutls_handshake_log - ("HSK[%p]: Too many server names received (under attack?)\n", - session); - server_names = MAX_SERVER_NAME_EXTENSIONS; - } + { + _gnutls_handshake_log + ("HSK[%p]: Too many server names received (under attack?)\n", + session); + server_names = MAX_SERVER_NAME_EXTENSIONS; + } if (server_names == 0) - return 0; /* no names found */ + return 0; /* no names found */ priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } priv->server_names_size = server_names; p = data + 2; for (i = 0; i < server_names; i++) - { - type = *p; - p++; - - len = _gnutls_read_uint16 (p); - p += 2; - - switch (type) - { - case 0: /* NAME_DNS */ - if (len <= MAX_SERVER_NAME_SIZE) - { - memcpy (priv->server_names[i].name, p, len); - priv->server_names[i].name_length = len; - priv->server_names[i].type = GNUTLS_NAME_DNS; - break; - } - } - - /* move to next record */ - p += len; - } + { + type = *p; + p++; + + len = _gnutls_read_uint16 (p); + p += 2; + + switch (type) + { + case 0: /* NAME_DNS */ + if (len <= MAX_SERVER_NAME_SIZE) + { + memcpy (priv->server_names[i].name, p, len); + priv->server_names[i].name_length = len; + priv->server_names[i].type = GNUTLS_NAME_DNS; + break; + } + } + + /* move to next record */ + p += len; + } epriv.ptr = priv; _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, - epriv); + epriv); } @@ -174,7 +174,7 @@ _gnutls_server_name_recv_params (gnutls_session_t session, */ static int _gnutls_server_name_send_params (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { uint16_t len; opaque *p; @@ -186,7 +186,7 @@ _gnutls_server_name_send_params (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, - &epriv); + &epriv); if (ret < 0) return 0; @@ -198,21 +198,21 @@ _gnutls_server_name_send_params (gnutls_session_t session, priv = epriv.ptr; if (priv->server_names_size == 0) - return 0; + return 0; /* uint16_t */ total_size = 2; for (i = 0; i < priv->server_names_size; i++) - { - /* count the total size - */ - len = priv->server_names[i].name_length; + { + /* count the total size + */ + len = priv->server_names[i].name_length; - /* uint8_t + uint16_t + size - */ - total_size += 1 + 2 + len; - } + /* uint8_t + uint16_t + size + */ + total_size += 1 + 2 + len; + } p = data; @@ -222,36 +222,36 @@ _gnutls_server_name_send_params (gnutls_session_t session, _gnutls_write_uint16 (total_size - 2, p); p += 2; for (i = 0; i < priv->server_names_size; i++) - { - - switch (priv->server_names[i].type) - { - case GNUTLS_NAME_DNS: - len = priv->server_names[i].name_length; - if (len == 0) - break; - - /* UINT8: type of this extension - * UINT16: size of the first name - * LEN: the actual server name. - */ - DECR_LENGTH_RET (data_size, len + 3, - GNUTLS_E_SHORT_MEMORY_BUFFER); - - *p = 0; /* NAME_DNS type */ - p++; - - _gnutls_write_uint16 (len, p); - p += 2; - - memcpy (p, priv->server_names[i].name, len); - p += len; - break; - default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - } + { + + switch (priv->server_names[i].type) + { + case GNUTLS_NAME_DNS: + len = priv->server_names[i].name_length; + if (len == 0) + break; + + /* UINT8: type of this extension + * UINT16: size of the first name + * LEN: the actual server name. + */ + DECR_LENGTH_RET (data_size, len + 3, + GNUTLS_E_SHORT_MEMORY_BUFFER); + + *p = 0; /* NAME_DNS type */ + p++; + + _gnutls_write_uint16 (len, p); + p += 2; + + memcpy (p, priv->server_names[i].name, len); + p += len; + break; + default: + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + } } return total_size; @@ -287,8 +287,8 @@ _gnutls_server_name_send_params (gnutls_session_t session, **/ int gnutls_server_name_get (gnutls_session_t session, void *data, - size_t * data_length, - unsigned int *type, unsigned int indx) + size_t * data_length, + unsigned int *type, unsigned int indx) { char *_data = data; server_name_ext_st *priv; @@ -303,7 +303,7 @@ gnutls_server_name_get (gnutls_session_t session, void *data, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -319,14 +319,14 @@ gnutls_server_name_get (gnutls_session_t session, void *data, *type = priv->server_names[indx].type; - if (*data_length > /* greater since we need one extra byte for the null */ + if (*data_length > /* greater since we need one extra byte for the null */ priv->server_names[indx].name_length) { *data_length = priv->server_names[indx].name_length; memcpy (data, priv->server_names[indx].name, *data_length); - if (*type == GNUTLS_NAME_DNS) /* null terminate */ - _data[(*data_length)] = 0; + if (*type == GNUTLS_NAME_DNS) /* null terminate */ + _data[(*data_length)] = 0; } else @@ -360,8 +360,8 @@ gnutls_server_name_get (gnutls_session_t session, void *data, **/ int gnutls_server_name_set (gnutls_session_t session, - gnutls_server_name_type_t type, - const void *name, size_t name_length) + gnutls_server_name_type_t type, + const void *name, size_t name_length) { int server_names, ret; server_name_ext_st *priv; @@ -379,7 +379,7 @@ gnutls_server_name_set (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, - &epriv); + &epriv); if (ret < 0) { set = 1; @@ -389,10 +389,10 @@ gnutls_server_name_set (gnutls_session_t session, { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; } else @@ -411,7 +411,7 @@ gnutls_server_name_set (gnutls_session_t session, if (set != 0) _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, - epriv); + epriv); return 0; } @@ -433,14 +433,14 @@ _gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) { BUFFER_APPEND_NUM (ps, priv->server_names[i].type); BUFFER_APPEND_PFX (ps, priv->server_names[i].name, - priv->server_names[i].name_length); + priv->server_names[i].name_length); } return 0; } static int _gnutls_server_name_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv) + extension_priv_data_t * _priv) { server_name_ext_st *priv; int i, ret; @@ -459,13 +459,13 @@ _gnutls_server_name_unpack (gnutls_buffer_st * ps, BUFFER_POP_NUM (ps, priv->server_names[i].type); BUFFER_POP_NUM (ps, priv->server_names[i].name_length); if (priv->server_names[i].name_length > - sizeof (priv->server_names[i].name)) - { - gnutls_assert (); - return GNUTLS_E_PARSING_ERROR; - } + sizeof (priv->server_names[i].name)) + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; + } BUFFER_POP (ps, priv->server_names[i].name, - priv->server_names[i].name_length); + priv->server_names[i].name_length); } epriv.ptr = priv; diff --git a/lib/ext_session_ticket.c b/lib/ext_session_ticket.c index 29f63af198..3c778689bd 100644 --- a/lib/ext_session_ticket.c +++ b/lib/ext_session_ticket.c @@ -46,13 +46,13 @@ #define MAC_SIZE 32 static int session_ticket_recv_params (gnutls_session_t session, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); static int session_ticket_send_params (gnutls_session_t session, - opaque * data, size_t data_size); + opaque * data, size_t data_size); static int session_ticket_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv); + extension_priv_data_t * _priv); static int session_ticket_pack (extension_priv_data_t _priv, - gnutls_buffer_st * ps); + gnutls_buffer_st * ps); static void session_ticket_deinit_data (extension_priv_data_t priv); extension_entry_st ext_mod_session_ticket = { @@ -97,14 +97,14 @@ struct ticket static int digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, - opaque * digest) + opaque * digest) { digest_hd_st digest_hd; uint16_t length16; int ret; ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data, - key->size); + key->size); if (ret < 0) { gnutls_assert (); @@ -115,7 +115,7 @@ digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len); _gnutls_hmac (&digest_hd, &length16, 2); _gnutls_hmac (&digest_hd, ticket->encrypted_state, - ticket->encrypted_state_len); + ticket->encrypted_state_len); _gnutls_hmac_deinit (&digest_hd, digest); return 0; @@ -123,7 +123,7 @@ digest_ticket (const gnutls_datum_t * key, struct ticket *ticket, static int decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, - struct ticket *ticket) + struct ticket *ticket) { cipher_hd_st cipher_hd; gnutls_datum_t key, IV, mac_secret, state; @@ -160,7 +160,7 @@ decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, return ret; } ret = _gnutls_cipher_decrypt (&cipher_hd, ticket->encrypted_state, - ticket->encrypted_state_len); + ticket->encrypted_state_len); _gnutls_cipher_deinit (&cipher_hd); if (ret < 0) { @@ -193,7 +193,7 @@ decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, static int encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, - struct ticket *ticket) + struct ticket *ticket) { cipher_hd_st cipher_hd; gnutls_datum_t key, IV, mac_secret, state, encrypted_state; @@ -237,7 +237,7 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, } ret = _gnutls_cipher_encrypt (&cipher_hd, encrypted_state.data, - encrypted_state.size); + encrypted_state.size); _gnutls_cipher_deinit (&cipher_hd); if (ret < 0) { @@ -267,7 +267,7 @@ encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv, static int session_ticket_recv_params (gnutls_session_t session, - const opaque * data, size_t _data_size) + const opaque * data, size_t _data_size) { ssize_t data_size = _data_size; session_ticket_ext_st *priv = NULL; @@ -276,7 +276,7 @@ session_ticket_recv_params (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET, - &epriv); + &epriv); if (ret < 0) { return 0; @@ -294,10 +294,10 @@ session_ticket_recv_params (gnutls_session_t session, /* The client requested a new session ticket. */ if (data_size == 0) - { - priv->session_ticket_renew = 1; - return 0; - } + { + priv->session_ticket_renew = 1; + return 0; + } DECR_LEN (data_size, KEY_NAME_SIZE); memcpy (ticket.key_name, data, KEY_NAME_SIZE); @@ -306,10 +306,10 @@ session_ticket_recv_params (gnutls_session_t session, /* If the key name of the ticket does not match the one that we hold, issue a new ticket. */ if (memcmp (ticket.key_name, priv->key.key_name, KEY_NAME_SIZE)) - { - priv->session_ticket_renew = 1; - return 0; - } + { + priv->session_ticket_renew = 1; + return 0; + } DECR_LEN (data_size, IV_SIZE); memcpy (ticket.IV, data, IV_SIZE); @@ -329,28 +329,28 @@ session_ticket_recv_params (gnutls_session_t session, ticket.encrypted_state = gnutls_malloc (ticket.encrypted_state_len); if (!ticket.encrypted_state) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } memcpy (ticket.encrypted_state, encrypted_state, - ticket.encrypted_state_len); + ticket.encrypted_state_len); ret = decrypt_ticket (session, priv, &ticket); gnutls_free (ticket.encrypted_state); if (ret < 0) - { - priv->session_ticket_renew = 1; - return 0; - } + { + priv->session_ticket_renew = 1; + return 0; + } } - else /* Client */ + else /* Client */ { if (data_size == 0) - { - priv->session_ticket_renew = 1; - return 0; - } + { + priv->session_ticket_renew = 1; + return 0; + } } return 0; @@ -361,7 +361,7 @@ session_ticket_recv_params (gnutls_session_t session, */ static int session_ticket_send_params (gnutls_session_t session, - opaque * data, size_t _data_size) + opaque * data, size_t _data_size) { ssize_t data_size = _data_size; session_ticket_ext_st *priv = NULL; @@ -370,7 +370,7 @@ session_ticket_send_params (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET, - &epriv); + &epriv); if (ret >= 0) priv = epriv.ptr; @@ -380,35 +380,35 @@ session_ticket_send_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { if (priv && priv->session_ticket_renew) - { - return GNUTLS_E_INT_RET_0; - } + { + return GNUTLS_E_INT_RET_0; + } } else { ret = - _gnutls_ext_get_resumed_session_data (session, - GNUTLS_EXTENSION_SESSION_TICKET, - &epriv); + _gnutls_ext_get_resumed_session_data (session, + GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret >= 0) - priv = epriv.ptr; + priv = epriv.ptr; /* no previous data. Just advertize it */ if (ret < 0) - return GNUTLS_E_INT_RET_0; + return GNUTLS_E_INT_RET_0; /* previous data had session tickets disabled. Don't advertize. Ignore. */ if (!priv->session_ticket_enable) - return 0; + return 0; if (priv->session_ticket_len > 0) - { - DECR_LENGTH_RET (data_size, priv->session_ticket_len, - GNUTLS_E_SHORT_MEMORY_BUFFER); - memcpy (data, priv->session_ticket, priv->session_ticket_len); + { + DECR_LENGTH_RET (data_size, priv->session_ticket_len, + GNUTLS_E_SHORT_MEMORY_BUFFER); + memcpy (data, priv->session_ticket, priv->session_ticket_len); - return priv->session_ticket_len; - } + return priv->session_ticket_len; + } } return 0; } @@ -538,7 +538,7 @@ gnutls_session_ticket_enable_client (gnutls_session_t session) epriv.ptr = priv; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SESSION_TICKET, epriv); + GNUTLS_EXTENSION_SESSION_TICKET, epriv); return 0; } @@ -559,7 +559,7 @@ gnutls_session_ticket_enable_client (gnutls_session_t session) **/ int gnutls_session_ticket_enable_server (gnutls_session_t session, - const gnutls_datum_t * key) + const gnutls_datum_t * key) { int ret; session_ticket_ext_st *priv = NULL; @@ -591,7 +591,7 @@ gnutls_session_ticket_enable_server (gnutls_session_t session, priv->session_ticket_enable = 1; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SESSION_TICKET, epriv); + GNUTLS_EXTENSION_SESSION_TICKET, epriv); return 0; } @@ -612,51 +612,51 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) if (again == 0) { ret = - _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SESSION_TICKET, - &epriv); + _gnutls_ext_get_session_data (session, + GNUTLS_EXTENSION_SESSION_TICKET, + &epriv); if (ret < 0) - return 0; + return 0; priv = epriv.ptr; if (!priv->session_ticket_renew) - return 0; + return 0; /* XXX: Temporarily set write algorithms to be used. _gnutls_write_connection_state_init() does this job, but it also triggers encryption, while NewSessionTicket should not be encrypted in the record layer. */ ret = - _gnutls_epoch_set_keys (session, - session->security_parameters.epoch_next); + _gnutls_epoch_set_keys (session, + session->security_parameters.epoch_next); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } session->security_parameters.epoch_write = - session->security_parameters.epoch_next; + session->security_parameters.epoch_next; ret = encrypt_ticket (session, priv, &ticket); session->security_parameters.epoch_write = epoch_saved; if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len - + MAC_SIZE; + + MAC_SIZE; bufel = - _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len); + _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len); if (!bufel) - { - gnutls_assert (); - gnutls_free (ticket.encrypted_state); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + gnutls_free (ticket.encrypted_state); + return GNUTLS_E_MEMORY_ERROR; + } data = _mbuffer_get_udata_ptr (bufel); p = data; @@ -686,7 +686,7 @@ _gnutls_send_new_session_ticket (gnutls_session_t session, int again) data_size = p - data; } ret = _gnutls_send_handshake (session, data_size ? bufel : NULL, - GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); + GNUTLS_HANDSHAKE_NEW_SESSION_TICKET); return ret; } @@ -704,7 +704,7 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -716,8 +716,8 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) return 0; ret = _gnutls_recv_handshake (session, &data, &data_size, - GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, - MANDATORY_PACKET); + GNUTLS_HANDSHAKE_NEW_SESSION_TICKET, + MANDATORY_PACKET); if (ret < 0) { gnutls_assert (); @@ -747,8 +747,8 @@ _gnutls_recv_new_session_ticket (gnutls_session_t session) /* Discard the current session ID. (RFC5077 3.4) */ ret = _gnutls_generate_session_id (session->security_parameters.session_id, - &session-> - security_parameters.session_id_size); + &session-> + security_parameters.session_id_size); if (ret < 0) { gnutls_assert (); diff --git a/lib/ext_signature.c b/lib/ext_signature.c index 03b47d12dc..6eebd39d6a 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -36,15 +36,15 @@ #include <gnutls_algorithms.h> static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_signature_algorithm_send_params (gnutls_session_t session, - opaque * data, size_t); + opaque * data, size_t); static void signature_algorithms_deinit_data (extension_priv_data_t priv); static int signature_algorithms_pack (extension_priv_data_t epriv, - gnutls_buffer_st * ps); + gnutls_buffer_st * ps); static int signature_algorithms_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv); + extension_priv_data_t * _priv); extension_entry_st ext_mod_sig = { .name = "SIGNATURE ALGORITHMS", @@ -70,7 +70,7 @@ typedef struct */ int _gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data, - size_t max_data_size) + size_t max_data_size) { opaque *p = data; int len, i, j; @@ -89,8 +89,8 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data, for (i = j = 0; i < len; i += 2, j++) { aid = - _gnutls_sign_to_tls_aid (session->internals.priorities. - sign_algo.priority[j]); + _gnutls_sign_to_tls_aid (session->internals.priorities. + sign_algo.priority[j]); *p = aid.hash_algorithm; p++; *p = aid.sign_algorithm; @@ -106,7 +106,7 @@ _gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data, */ int _gnutls_sign_algorithm_parse_data (gnutls_session_t session, - const opaque * data, size_t data_size) + const opaque * data, size_t data_size) { int sig, i; sig_ext_st *priv; @@ -128,16 +128,16 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, sig = _gnutls_tls_aid_to_sign (&aid); if (sig != GNUTLS_SIGN_UNKNOWN) - { - priv->sign_algorithms[priv->sign_algorithms_size++] = sig; - if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS) - break; - } + { + priv->sign_algorithms[priv->sign_algorithms_size++] = sig; + if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS) + break; + } } epriv.ptr = priv; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv); + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv); return 0; } @@ -153,8 +153,8 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session, - const opaque * data, - size_t _data_size) + const opaque * data, + size_t _data_size) { ssize_t data_size = _data_size; int ret; @@ -174,20 +174,20 @@ _gnutls_signature_algorithm_recv_params (gnutls_session_t session, /* SERVER SIDE - we must check if the sent cert type is the right one */ if (data_size > 2) - { - uint16_t len; - - DECR_LEN (data_size, 2); - len = _gnutls_read_uint16 (data); - DECR_LEN (data_size, len); - - ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + uint16_t len; + + DECR_LEN (data_size, 2); + len = _gnutls_read_uint16 (data); + DECR_LEN (data_size, len); + + ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } } return 0; @@ -197,7 +197,7 @@ _gnutls_signature_algorithm_recv_params (gnutls_session_t session, */ static int _gnutls_signature_algorithm_send_params (gnutls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { int ret; gnutls_protocol_t ver = gnutls_protocol_get_version (session); @@ -207,16 +207,16 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t session, && _gnutls_version_has_selectable_sighash (ver)) { if (session->internals.priorities.sign_algo.algorithms > 0) - { - ret = - _gnutls_sign_algorithm_write_params (session, data, data_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - return ret; - } + { + ret = + _gnutls_sign_algorithm_write_params (session, data, data_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + return ret; + } } /* if we are here it means we don't send the extension */ @@ -229,8 +229,8 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t session, */ gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t session, - gnutls_pk_algorithm_t pk, - gnutls_digest_algorithm_t * hash) + gnutls_pk_algorithm_t pk, + gnutls_digest_algorithm_t * hash) { unsigned i; int ret; @@ -240,8 +240,8 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); priv = epriv.ptr; if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver) @@ -255,10 +255,10 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, for (i = 0; i < priv->sign_algorithms_size; i++) { if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == pk) - { - *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]); - return priv->sign_algorithms[i]; - } + { + *hash = _gnutls_sign_get_hash_algorithm (priv->sign_algorithms[i]); + return priv->sign_algorithms[i]; + } } return GNUTLS_SIGN_UNKNOWN; @@ -271,7 +271,7 @@ _gnutls_session_get_sign_algo (gnutls_session_t session, */ int _gnutls_session_sign_algo_requested (gnutls_session_t session, - gnutls_sign_algorithm_t sig) + gnutls_sign_algorithm_t sig) { unsigned i; int ret, hash; @@ -286,17 +286,17 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); if (ret < 0) { gnutls_assert (); /* extension not received allow SHA1 and SHA256 */ hash = _gnutls_sign_get_hash_algorithm (sig); if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256) - return 0; + return 0; else - return ret; + return ret; } priv = epriv.ptr; @@ -309,9 +309,9 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, for (i = 0; i < priv->sign_algorithms_size; i++) { if (priv->sign_algorithms[i] == sig) - { - return 0; /* ok */ - } + { + return 0; /* ok */ + } } return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; @@ -323,7 +323,7 @@ _gnutls_session_sign_algo_requested (gnutls_session_t session, */ int _gnutls_session_sign_algo_enabled (gnutls_session_t session, - gnutls_sign_algorithm_t sig) + gnutls_sign_algorithm_t sig) { unsigned i; int ret; @@ -333,8 +333,8 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); if (ret < 0) { gnutls_assert (); @@ -352,9 +352,9 @@ _gnutls_session_sign_algo_enabled (gnutls_session_t session, for (i = 0; i < session->internals.priorities.sign_algo.algorithms; i++) { if (session->internals.priorities.sign_algo.priority[i] == sig) - { - return 0; /* ok */ - } + { + return 0; /* ok */ + } } return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; @@ -382,7 +382,7 @@ signature_algorithms_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) static int signature_algorithms_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv) + extension_priv_data_t * _priv) { sig_ext_st *priv; int i, ret; @@ -436,8 +436,8 @@ error: **/ int gnutls_sign_algorithm_get_requested (gnutls_session_t session, - size_t indx, - gnutls_sign_algorithm_t * algo) + size_t indx, + gnutls_sign_algorithm_t * algo) { gnutls_protocol_t ver = gnutls_protocol_get_version (session); sig_ext_st *priv; @@ -446,8 +446,8 @@ gnutls_sign_algorithm_get_requested (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, - GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, - &epriv); + GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, + &epriv); if (ret < 0) { gnutls_assert (); diff --git a/lib/ext_signature.h b/lib/ext_signature.h index c7c3ab438c..9d507ed816 100644 --- a/lib/ext_signature.h +++ b/lib/ext_signature.h @@ -33,18 +33,18 @@ extern extension_entry_st ext_mod_sig; int _gnutls_session_sign_algo_requested (gnutls_session_t session, - gnutls_sign_algorithm_t sig); + gnutls_sign_algorithm_t sig); gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t - session, - gnutls_pk_algorithm_t - pk, - gnutls_digest_algorithm_t - * hash); + session, + gnutls_pk_algorithm_t + pk, + gnutls_digest_algorithm_t + * hash); int _gnutls_sign_algorithm_parse_data (gnutls_session_t session, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); int _gnutls_sign_algorithm_write_params (gnutls_session_t session, - opaque * data, size_t max_data_size); + opaque * data, size_t max_data_size); int _gnutls_session_sign_algo_enabled (gnutls_session_t session, - gnutls_sign_algorithm_t sig); + gnutls_sign_algorithm_t sig); #endif diff --git a/lib/ext_srp.c b/lib/ext_srp.c index 886ebd03ec..e77be77bc0 100644 --- a/lib/ext_srp.c +++ b/lib/ext_srp.c @@ -36,14 +36,14 @@ #include <gnutls_extensions.h> static int _gnutls_srp_unpack (gnutls_buffer_st * ps, - extension_priv_data_t * _priv); + extension_priv_data_t * _priv); static int _gnutls_srp_pack (extension_priv_data_t epriv, - gnutls_buffer_st * ps); + gnutls_buffer_st * ps); static void _gnutls_srp_deinit_data (extension_priv_data_t epriv); static int _gnutls_srp_recv_params (gnutls_session_t state, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data, - size_t); + size_t); extension_entry_st ext_mod_srp = { .name = "SRP", @@ -60,7 +60,7 @@ extension_entry_st ext_mod_srp = { static int _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, - size_t _data_size) + size_t _data_size) { uint8_t len; ssize_t data_size = _data_size; @@ -70,34 +70,34 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, if (session->security_parameters.entity == GNUTLS_SERVER) { if (data_size > 0) - { - len = data[0]; - DECR_LEN (data_size, len); - - if (MAX_USERNAME_SIZE < len) - { - gnutls_assert (); - return GNUTLS_E_ILLEGAL_SRP_USERNAME; - } - - priv = gnutls_calloc (1, sizeof (*priv)); - if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - priv->username = gnutls_malloc (len + 1); - if (priv->username) - { - memcpy (priv->username, &data[1], len); - /* null terminated */ - priv->username[len] = 0; - } - - epriv.ptr = priv; - _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv); - } + { + len = data[0]; + DECR_LEN (data_size, len); + + if (MAX_USERNAME_SIZE < len) + { + gnutls_assert (); + return GNUTLS_E_ILLEGAL_SRP_USERNAME; + } + + priv = gnutls_calloc (1, sizeof (*priv)); + if (priv == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + priv->username = gnutls_malloc (len + 1); + if (priv->username) + { + memcpy (priv->username, &data[1], len); + /* null terminated */ + priv->username[len] = 0; + } + + epriv.ptr = priv; + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv); + } } return 0; } @@ -107,7 +107,7 @@ _gnutls_srp_recv_params (gnutls_session_t session, const opaque * data, */ static int _gnutls_srp_send_params (gnutls_session_t session, opaque * data, - size_t data_size) + size_t data_size) { unsigned len; extension_priv_data_t epriv; @@ -126,65 +126,65 @@ _gnutls_srp_send_params (gnutls_session_t session, opaque * data, if (session->security_parameters.entity == GNUTLS_CLIENT) { gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL); if (cred == NULL) - return 0; + return 0; if (cred->username != NULL) - { /* send username */ - len = MIN (strlen (cred->username), 255); - - if (data_size < len + 1) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - data[0] = (uint8_t) len; - memcpy (&data[1], cred->username, len); - return len + 1; - } + { /* send username */ + len = MIN (strlen (cred->username), 255); + + if (data_size < len + 1) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + data[0] = (uint8_t) len; + memcpy (&data[1], cred->username, len); + return len + 1; + } else if (cred->get_function != NULL) - { - /* Try the callback - */ - char *username = NULL, *password = NULL; - - if (cred->get_function (session, &username, &password) < 0 - || username == NULL || password == NULL) - { - gnutls_assert (); - return GNUTLS_E_ILLEGAL_SRP_USERNAME; - } - - len = MIN (strlen (username), 255); - - if (data_size < len + 1) - { - gnutls_free (username); - gnutls_free (password); - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - priv = gnutls_malloc (sizeof (*priv)); - if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - priv->username = username; - priv->password = password; - - epriv.ptr = priv; - _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv); - - data[0] = (uint8_t) len; - memcpy (&data[1], username, len); - return len + 1; - } + { + /* Try the callback + */ + char *username = NULL, *password = NULL; + + if (cred->get_function (session, &username, &password) < 0 + || username == NULL || password == NULL) + { + gnutls_assert (); + return GNUTLS_E_ILLEGAL_SRP_USERNAME; + } + + len = MIN (strlen (username), 255); + + if (data_size < len + 1) + { + gnutls_free (username); + gnutls_free (password); + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + priv = gnutls_malloc (sizeof (*priv)); + if (priv == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + priv->username = username; + priv->password = password; + + epriv.ptr = priv; + _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv); + + data[0] = (uint8_t) len; + memcpy (&data[1], username, len); + return len + 1; + } } return 0; } diff --git a/lib/gcrypt/cipher.c b/lib/gcrypt/cipher.c index 229fd2ecbe..965d8db093 100644 --- a/lib/gcrypt/cipher.c +++ b/lib/gcrypt/cipher.c @@ -43,58 +43,58 @@ wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx) { case GNUTLS_CIPHER_AES_128_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128, + GCRY_CIPHER_MODE_CBC, 0); break; case GNUTLS_CIPHER_AES_192_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192, + GCRY_CIPHER_MODE_CBC, 0); break; case GNUTLS_CIPHER_AES_256_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256, + GCRY_CIPHER_MODE_CBC, 0); break; case GNUTLS_CIPHER_3DES_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES, + GCRY_CIPHER_MODE_CBC, 0); break; case GNUTLS_CIPHER_DES_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES, + GCRY_CIPHER_MODE_CBC, 0); break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR, - GCRY_CIPHER_MODE_STREAM, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR, + GCRY_CIPHER_MODE_STREAM, 0); break; case GNUTLS_CIPHER_RC2_40_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40, + GCRY_CIPHER_MODE_CBC, 0); break; #ifdef ENABLE_CAMELLIA case GNUTLS_CIPHER_CAMELLIA_128_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128, + GCRY_CIPHER_MODE_CBC, 0); break; case GNUTLS_CIPHER_CAMELLIA_256_CBC: err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256, - GCRY_CIPHER_MODE_CBC, 0); + gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256, + GCRY_CIPHER_MODE_CBC, 0); break; #endif default: @@ -125,7 +125,7 @@ wrap_gcry_cipher_setiv (void *ctx, const void *iv, size_t ivsize) static int wrap_gcry_cipher_decrypt (void *ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize) + void *plain, size_t plainsize) { int err; @@ -139,7 +139,7 @@ wrap_gcry_cipher_decrypt (void *ctx, const void *encr, size_t encrsize, static int wrap_gcry_cipher_encrypt (void *ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize) + void *encr, size_t encrsize) { int err; diff --git a/lib/gcrypt/init.c b/lib/gcrypt/init.c index 6d530a98a4..be867d38e5 100644 --- a/lib/gcrypt/init.c +++ b/lib/gcrypt/init.c @@ -52,25 +52,25 @@ gnutls_crypto_init (void) const char *p; if (gnutls_mutex_init != NULL) - { - gct.mutex_init = gnutls_mutex_init; - gct.mutex_destroy = gnutls_mutex_deinit; - gct.mutex_lock = gnutls_mutex_lock; - gct.mutex_unlock = gnutls_mutex_unlock; + { + gct.mutex_init = gnutls_mutex_init; + gct.mutex_destroy = gnutls_mutex_deinit; + gct.mutex_lock = gnutls_mutex_lock; + gct.mutex_unlock = gnutls_mutex_unlock; - gcry_control (GCRYCTL_SET_THREAD_CBS, &gct); - } + gcry_control (GCRYCTL_SET_THREAD_CBS, &gct); + } p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION); if (p == NULL) - { - gnutls_assert (); - _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n", - gcry_check_version (NULL), - GNUTLS_MIN_LIBGCRYPT_VERSION); - return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; - } + { + gnutls_assert (); + _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n", + gcry_check_version (NULL), + GNUTLS_MIN_LIBGCRYPT_VERSION); + return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; + } /* for gcrypt in order to be able to allocate memory */ gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0); diff --git a/lib/gcrypt/mac.c b/lib/gcrypt/mac.c index d4075d8e62..0b1099e289 100644 --- a/lib/gcrypt/mac.c +++ b/lib/gcrypt/mac.c @@ -150,7 +150,7 @@ wrap_gcry_mac_output (void *src_ctx, void *digest, size_t digestsize) unsigned int len = gcry_md_get_algo_dlen (gcry_md_get_algo (src_ctx)); if (len <= digestsize && digest != NULL) - memcpy (digest, _digest, len); + memcpy (digest, _digest, len); return 0; } diff --git a/lib/gcrypt/mpi.c b/lib/gcrypt/mpi.c index fbba1e8f05..c3bdd619a1 100644 --- a/lib/gcrypt/mpi.c +++ b/lib/gcrypt/mpi.c @@ -51,7 +51,7 @@ _format_conv (gnutls_bigint_format_t format) */ static bigint_t wrap_gcry_mpi_scan (const void *buffer, size_t nbytes, - gnutls_bigint_format_t format) + gnutls_bigint_format_t format) { gcry_mpi_t ret_mpi = NULL; int ret; @@ -65,7 +65,7 @@ wrap_gcry_mpi_scan (const void *buffer, size_t nbytes, static int wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes, - gnutls_bigint_format_t format) + gnutls_bigint_format_t format) { int ret; size_t init_bytes = *nbytes; @@ -79,16 +79,16 @@ wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes, if (!ret) { if (buffer == NULL || init_bytes < *nbytes) - { - - /* in STD format we may want to include - * an extra byte for zero. Sometimes the gcry_ - * function doesn't add it. - */ - if (format == GNUTLS_MPI_FORMAT_STD) - (*nbytes)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + + /* in STD format we may want to include + * an extra byte for zero. Sometimes the gcry_ + * function doesn't add it. + */ + if (format == GNUTLS_MPI_FORMAT_STD) + (*nbytes)++; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } return 0; } @@ -155,7 +155,7 @@ wrap_gcry_mpi_mod (const bigint_t a, const bigint_t b) static bigint_t wrap_gcry_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = _gnutls_mpi_alloc_like (m); @@ -170,7 +170,7 @@ wrap_gcry_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e, static bigint_t wrap_gcry_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = _gnutls_mpi_alloc_like (m); @@ -185,7 +185,7 @@ wrap_gcry_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b, static bigint_t wrap_gcry_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = _gnutls_mpi_alloc_like (m); @@ -200,7 +200,7 @@ wrap_gcry_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b, static bigint_t wrap_gcry_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = _gnutls_mpi_alloc_like (m); @@ -336,7 +336,7 @@ wrap_gcry_generate_group (gnutls_group_st * group, unsigned int bits) qbits = (bits / 40) + 105; } - if (qbits & 1) /* better have an even number */ + if (qbits & 1) /* better have an even number */ qbits++; /* find a prime number of size bits. @@ -344,19 +344,19 @@ wrap_gcry_generate_group (gnutls_group_st * group, unsigned int bits) do { if (times) - { - gcry_mpi_release (prime); - gcry_prime_release_factors (factors); - } + { + gcry_mpi_release (prime); + gcry_prime_release_factors (factors); + } err = gcry_prime_generate (&prime, bits, qbits, &factors, - NULL, NULL, GCRY_STRONG_RANDOM, - GCRY_PRIME_FLAG_SPECIAL_FACTOR); + NULL, NULL, GCRY_STRONG_RANDOM, + GCRY_PRIME_FLAG_SPECIAL_FACTOR); if (err != 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } err = gcry_prime_check (prime, 0); diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c index 95507b17b5..e039d9d67b 100644 --- a/lib/gcrypt/pk.c +++ b/lib/gcrypt/pk.c @@ -44,13 +44,13 @@ */ int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ , - gnutls_pk_params_st *); + gnutls_pk_params_st *); static int _wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo, - gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - const gnutls_pk_params_st * pk_params) + gnutls_datum_t * ciphertext, + const gnutls_datum_t * plaintext, + const gnutls_pk_params_st * pk_params) { gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL; int rc = -1; @@ -69,9 +69,9 @@ _wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo, { case GNUTLS_PK_RSA: if (pk_params->params_nr >= 2) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(rsa(n%m)(e%m)))", - pk_params->params[0], pk_params->params[1]); + rc = gcry_sexp_build (&s_pkey, NULL, + "(public-key(rsa(n%m)(e%m)))", + pk_params->params[0], pk_params->params[1]); break; default: @@ -145,9 +145,9 @@ cleanup: static int _wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo, - gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - const gnutls_pk_params_st * pk_params) + gnutls_datum_t * plaintext, + const gnutls_datum_t * ciphertext, + const gnutls_pk_params_st * pk_params) { gcry_sexp_t s_plain = NULL, s_data = NULL, s_pkey = NULL; int rc = -1; @@ -165,11 +165,11 @@ _wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo, { case GNUTLS_PK_RSA: if (pk_params->params_nr >= 6) - rc = gcry_sexp_build (&s_pkey, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3], - pk_params->params[4], pk_params->params[5]); + rc = gcry_sexp_build (&s_pkey, NULL, + "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", + pk_params->params[0], pk_params->params[1], + pk_params->params[2], pk_params->params[3], + pk_params->params[4], pk_params->params[5]); break; default: @@ -238,8 +238,8 @@ cleanup: */ static int _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature, - const gnutls_datum_t * vdata, - const gnutls_pk_params_st * pk_params) + const gnutls_datum_t * vdata, + const gnutls_pk_params_st * pk_params) { gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL; gcry_sexp_t list = NULL; @@ -258,28 +258,28 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature, { case GNUTLS_PK_DSA: if (pk_params->params_nr >= 5) - rc = gcry_sexp_build (&s_key, NULL, - "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3], - pk_params->params[4]); + rc = gcry_sexp_build (&s_key, NULL, + "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", + pk_params->params[0], pk_params->params[1], + pk_params->params[2], pk_params->params[3], + pk_params->params[4]); else - { - gnutls_assert (); - } + { + gnutls_assert (); + } break; case GNUTLS_PK_RSA: if (pk_params->params_nr >= 6) - rc = gcry_sexp_build (&s_key, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3], - pk_params->params[4], pk_params->params[5]); + rc = gcry_sexp_build (&s_key, NULL, + "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", + pk_params->params[0], pk_params->params[1], + pk_params->params[2], pk_params->params[3], + pk_params->params[4], pk_params->params[5]); else - { - gnutls_assert (); - } + { + gnutls_assert (); + } break; default: @@ -319,56 +319,56 @@ _wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature, { case GNUTLS_PK_DSA: { - list = gcry_sexp_find_token (s_sig, "r", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (s_sig, "s", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res[1] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - ret = _gnutls_encode_ber_rs (signature, res[0], res[1]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + list = gcry_sexp_find_token (s_sig, "r", 0); + if (list == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + res[0] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); + + list = gcry_sexp_find_token (s_sig, "s", 0); + if (list == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + res[1] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); + + ret = _gnutls_encode_ber_rs (signature, res[0], res[1]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } } break; case GNUTLS_PK_RSA: { - list = gcry_sexp_find_token (s_sig, "s", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - ret = _gnutls_mpi_dprint (res[0], signature); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + list = gcry_sexp_find_token (s_sig, "s", 0); + if (list == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; + } + + res[0] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); + + ret = _gnutls_mpi_dprint (res[0], signature); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } } break; @@ -398,9 +398,9 @@ cleanup: static int _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, - const gnutls_datum_t * vdata, - const gnutls_datum_t * signature, - const gnutls_pk_params_st * pk_params) + const gnutls_datum_t * vdata, + const gnutls_datum_t * signature, + const gnutls_pk_params_st * pk_params) { gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL; int rc = -1, ret; @@ -418,16 +418,16 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, { case GNUTLS_PK_DSA: if (pk_params->params_nr >= 4) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3]); + rc = gcry_sexp_build (&s_pkey, NULL, + "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", + pk_params->params[0], pk_params->params[1], + pk_params->params[2], pk_params->params[3]); break; case GNUTLS_PK_RSA: if (pk_params->params_nr >= 2) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(rsa(n%m)(e%m)))", - pk_params->params[0], pk_params->params[1]); + rc = gcry_sexp_build (&s_pkey, NULL, + "(public-key(rsa(n%m)(e%m)))", + pk_params->params[0], pk_params->params[1]); break; default: @@ -456,12 +456,12 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } rc = gcry_sexp_build (&s_sig, NULL, - "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]); + "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]); _gnutls_mpi_release (&tmp[0]); _gnutls_mpi_release (&tmp[1]); break; @@ -469,10 +469,10 @@ _wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, case GNUTLS_PK_RSA: ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]); _gnutls_mpi_release (&tmp[0]); break; @@ -763,8 +763,8 @@ cleanup: static int wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo, - unsigned int level /*bits */ , - gnutls_pk_params_st * params) + unsigned int level /*bits */ , + gnutls_pk_params_st * params) { switch (algo) @@ -773,19 +773,19 @@ wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: params->params_nr = DSA_PRIVATE_PARAMS; if (params->params_nr > GNUTLS_MAX_PK_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } return _dsa_generate_params (params->params, ¶ms->params_nr, level); case GNUTLS_PK_RSA: params->params_nr = RSA_PRIVATE_PARAMS; if (params->params_nr > GNUTLS_MAX_PK_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } return _rsa_generate_params (params->params, ¶ms->params_nr, level); default: @@ -797,8 +797,8 @@ wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo, static int wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, - gnutls_direction_t direction, - gnutls_pk_params_st * params) + gnutls_direction_t direction, + gnutls_pk_params_st * params) { int ret, result; @@ -825,14 +825,14 @@ wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, _gnutls_mpi_release (¶ms->params[7]); result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } ret = - gcry_mpi_invm (params->params[5], params->params[3], - params->params[4]); + gcry_mpi_invm (params->params[5], params->params[3], + params->params[4]); params->params_nr = RSA_PRIVATE_PARAMS; } diff --git a/lib/gnutls_alert.c b/lib/gnutls_alert.c index 1560d55879..2f65d19ab0 100644 --- a/lib/gnutls_alert.c +++ b/lib/gnutls_alert.c @@ -118,7 +118,7 @@ gnutls_alert_get_name (gnutls_alert_description_t alert) **/ int gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level, - gnutls_alert_description_t desc) + gnutls_alert_description_t desc) { uint8_t data[2]; int ret; @@ -131,11 +131,11 @@ gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level, if (name == NULL) name = "(unknown)"; _gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0], - data[1], name); + data[1], name); if ((ret = _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data, - 2, MBUFFER_FLUSH)) >= 0) + 2, MBUFFER_FLUSH)) >= 0) return 0; else return ret; @@ -163,7 +163,7 @@ gnutls_error_to_alert (int err, int *level) int ret, _level = -1; switch (err) - { /* send appropriate alert */ + { /* send appropriate alert */ case GNUTLS_E_DECRYPTION_FAILED: /* GNUTLS_A_DECRYPTION_FAILED is not sent, because * it is not defined in SSL3. Note that we must diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index be89b34cc3..56958715c2 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -34,13 +34,13 @@ typedef struct { const char *name; gnutls_sec_param_t sec_param; - int bits; /* security level */ - int pk_bits; /* DH, RSA, SRP */ - int dsa_bits; /* bits for DSA. Handled differently since - * choice of key size in DSA is political. - */ - int subgroup_bits; /* subgroup bits */ - int ecc_bits; /* bits for ECC keys */ + int bits; /* security level */ + int pk_bits; /* DH, RSA, SRP */ + int dsa_bits; /* bits for DSA. Handled differently since + * choice of key size in DSA is political. + */ + int subgroup_bits; /* subgroup bits */ + int ecc_bits; /* bits for ECC keys */ } gnutls_sec_params_entry; static const gnutls_sec_params_entry sec_params[] = { @@ -65,8 +65,8 @@ typedef struct { gnutls_kx_algorithm_t algorithm; gnutls_credentials_type_t client_type; - gnutls_credentials_type_t server_type; /* The type of credentials a server - * needs to set */ + gnutls_credentials_type_t server_type; /* The type of credentials a server + * needs to set */ } gnutls_cred_map; static const gnutls_cred_map cred_mappings[] = { @@ -95,13 +95,13 @@ typedef struct { gnutls_kx_algorithm_t kx_algorithm; gnutls_pk_algorithm_t pk_algorithm; - enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used - * for encryption, CIPHER_SIGN if signature only, - * CIPHER_IGN if this does not apply at all. - * - * This is useful to certificate cipher suites, which check - * against the certificate key usage bits. - */ + enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used + * for encryption, CIPHER_SIGN if signature only, + * CIPHER_IGN if this does not apply at all. + * + * This is useful to certificate cipher suites, which check + * against the certificate key usage bits. + */ } gnutls_pk_map; /* This table maps the Key exchange algorithms to @@ -133,10 +133,10 @@ static const gnutls_pk_map pk_mappings[] = { typedef struct { const char *name; - gnutls_protocol_t id; /* gnutls internal version number */ - int major; /* defined by the protocol */ - int minor; /* defined by the protocol */ - int supported; /* 0 not supported, > 0 is supported */ + gnutls_protocol_t id; /* gnutls internal version number */ + int major; /* defined by the protocol */ + int minor; /* defined by the protocol */ + int supported; /* 0 not supported, > 0 is supported */ } gnutls_version_entry; static const gnutls_version_entry sup_versions[] = { @@ -171,7 +171,7 @@ struct gnutls_cipher_entry uint16_t keysize; cipher_type_t block; uint16_t iv; - int export_flag; /* 0 non export */ + int export_flag; /* 0 non export */ }; typedef struct gnutls_cipher_entry gnutls_cipher_entry; @@ -249,7 +249,7 @@ struct gnutls_hash_entry const char *name; const char *oid; gnutls_mac_algorithm_t id; - size_t key_size; /* in case of mac */ + size_t key_size; /* in case of mac */ }; typedef struct gnutls_hash_entry gnutls_hash_entry; @@ -259,7 +259,7 @@ static const gnutls_hash_entry hash_algorithms[] = { {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32}, {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48}, {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64}, - {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */ + {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20}, {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0}, {0, 0, 0, 0} @@ -373,10 +373,10 @@ typedef struct gnutls_cipher_algorithm_t block_algorithm; gnutls_kx_algorithm_t kx_algorithm; gnutls_mac_algorithm_t mac_algorithm; - gnutls_protocol_t min_version; /* this cipher suite is supported - * from 'version' and above; - */ - gnutls_protocol_t max_version; /* this cipher suite is not supported after that */ + gnutls_protocol_t min_version; /* this cipher suite is supported + * from 'version' and above; + */ + gnutls_protocol_t max_version; /* this cipher suite is not supported after that */ } gnutls_cipher_suite_entry; /* RSA with NULL cipher and MD5 MAC @@ -507,255 +507,255 @@ typedef struct static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ANON_DH */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, - GNUTLS_SSL3, GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, + GNUTLS_SSL3, GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), #endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), /* PSK */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), /* DHE-PSK */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), /* SRP */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), /* DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), #endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), /* DHE_RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), #endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), /* RSA-NULL */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA1, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA256, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), /* RSA-EXPORT */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5, - GNUTLS_CIPHER_ARCFOUR_40, - GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, - GNUTLS_SSL3, GNUTLS_TLS1_0), + GNUTLS_CIPHER_ARCFOUR_40, + GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5, + GNUTLS_SSL3, GNUTLS_TLS1_0), /* RSA */ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_3DES_CBC, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_MAX), #endif GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_VERSION_MAX), GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST, - GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN, - GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3, - GNUTLS_VERSION_MAX), + GNUTLS_CIPHER_UNKNOWN, GNUTLS_KX_UNKNOWN, + GNUTLS_MAC_UNKNOWN, GNUTLS_SSL3, + GNUTLS_VERSION_MAX), {0, {{0, 0}}, 0, 0, 0, 0, 0} }; @@ -772,13 +772,13 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { int _gnutls_mac_priority (gnutls_session_t session, - gnutls_mac_algorithm_t algorithm) -{ /* actually returns the priority */ + gnutls_mac_algorithm_t algorithm) +{ /* actually returns the priority */ unsigned int i; for (i = 0; i < session->internals.priorities.mac.algorithms; i++) { if (session->internals.priorities.mac.priority[i] == algorithm) - return i; + return i; } return -1; } @@ -877,8 +877,8 @@ _gnutls_x509_oid2mac_algorithm (const char *oid) gnutls_mac_algorithm_t ret = 0; GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0) - { - ret = p->id; break;} + { + ret = p->id; break;} ); if (ret == 0) @@ -923,13 +923,13 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm) /* returns the priority */ int _gnutls_cipher_priority (gnutls_session_t session, - gnutls_cipher_algorithm_t algorithm) + gnutls_cipher_algorithm_t algorithm) { unsigned int i; for (i = 0; i < session->internals.priorities.cipher.algorithms; i++) { if (session->internals.priorities.cipher.priority[i] == algorithm) - return i; + return i; } return -1; } @@ -956,7 +956,7 @@ _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm) **/ size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm) -{ /* In bytes */ +{ /* In bytes */ size_t ret = 0; GNUTLS_ALG_LOOP (ret = p->keysize); return ret; @@ -965,7 +965,7 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm) int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) -{ /* In bytes */ +{ /* In bytes */ size_t ret = 0; GNUTLS_ALG_LOOP (ret = p->iv); return ret; @@ -974,7 +974,7 @@ _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm) -{ /* In bytes */ +{ /* In bytes */ size_t ret = 0; GNUTLS_ALG_LOOP (ret = p->export_flag); return ret; @@ -1063,13 +1063,13 @@ _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm) int _gnutls_kx_priority (gnutls_session_t session, - gnutls_kx_algorithm_t algorithm) + gnutls_kx_algorithm_t algorithm) { unsigned int i; for (i = 0; i < session->internals.priorities.kx.algorithms; i++) { if (session->internals.priorities.kx.priority[i] == algorithm) - return i; + return i; } return -1; } @@ -1160,47 +1160,47 @@ _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm) /* Version */ int _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version) -{ /* actually returns the priority */ +{ /* actually returns the priority */ unsigned int i; for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) { if (session->internals.priorities.protocol.priority[i] == version) - return i; + return i; } return -1; } gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session) -{ /* returns the lowest version supported */ +{ /* returns the lowest version supported */ unsigned int i, min = 0xff; for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) { if (session->internals.priorities.protocol.priority[i] < min) - min = session->internals.priorities.protocol.priority[i]; + min = session->internals.priorities.protocol.priority[i]; } if (min == 0xff) - return GNUTLS_VERSION_UNKNOWN; /* unknown version */ + return GNUTLS_VERSION_UNKNOWN; /* unknown version */ return min; } gnutls_protocol_t _gnutls_version_max (gnutls_session_t session) -{ /* returns the maximum version supported */ +{ /* returns the maximum version supported */ unsigned int i, max = 0x00; for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) { if (session->internals.priorities.protocol.priority[i] > max) - max = session->internals.priorities.protocol.priority[i]; + max = session->internals.priorities.protocol.priority[i]; } if (max == 0x00) - return GNUTLS_VERSION_UNKNOWN; /* unknown version */ + return GNUTLS_VERSION_UNKNOWN; /* unknown version */ return max; } @@ -1274,7 +1274,7 @@ _gnutls_version_get (int major, int minor) int ret = -1; GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor)) - ret = p->id); + ret = p->id); return ret; } @@ -1291,7 +1291,7 @@ _gnutls_version_get_major (gnutls_protocol_t version) int _gnutls_version_is_supported (gnutls_session_t session, - const gnutls_protocol_t version) + const gnutls_protocol_t version) { int ret = 0; @@ -1300,7 +1300,7 @@ _gnutls_version_is_supported (gnutls_session_t session, return 0; if (_gnutls_version_priority (session, version) < 0) - return 0; /* disabled by the user */ + return 0; /* disabled by the user */ else return 1; } @@ -1394,12 +1394,12 @@ _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server) if (server) { GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = - p->server_type); + p->server_type); } else { GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = - p->client_type); + p->client_type); } return ret; @@ -1417,13 +1417,13 @@ _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite) gnutls_protocol_t _gnutls_cipher_suite_is_version_supported (const cipher_suite_st * suite, - gnutls_protocol_t version) + gnutls_protocol_t version) { int ret = 0; GNUTLS_CIPHER_SUITE_ALG_LOOP ((version >= p->min_version - && version <= p->max_version) ? (ret = - 1) : (ret = - 0)); + && version <= p->max_version) ? (ret = + 1) : (ret = + 0)); return ret; } @@ -1439,7 +1439,7 @@ _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st * suite) gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite) -{ /* In bytes */ +{ /* In bytes */ int ret = 0; GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm); return ret; @@ -1471,16 +1471,16 @@ _gnutls_cipher_suite_get_name (cipher_suite_st * suite) **/ const char * gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm, - gnutls_cipher_algorithm_t cipher_algorithm, - gnutls_mac_algorithm_t mac_algorithm) + gnutls_cipher_algorithm_t cipher_algorithm, + gnutls_mac_algorithm_t mac_algorithm) { const char *ret = NULL; /* avoid prefix */ GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm == p->kx_algorithm && - cipher_algorithm == p->block_algorithm && - mac_algorithm == p->mac_algorithm) - ret = p->name + sizeof ("GNUTLS_") - 1); + cipher_algorithm == p->block_algorithm && + mac_algorithm == p->mac_algorithm) + ret = p->name + sizeof ("GNUTLS_") - 1); return ret; } @@ -1505,11 +1505,11 @@ gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm, **/ const char * gnutls_cipher_suite_info (size_t idx, - char *cs_id, - gnutls_kx_algorithm_t * kx, - gnutls_cipher_algorithm_t * cipher, - gnutls_mac_algorithm_t * mac, - gnutls_protocol_t * min_version) + char *cs_id, + gnutls_kx_algorithm_t * kx, + gnutls_cipher_algorithm_t * cipher, + gnutls_mac_algorithm_t * mac, + gnutls_protocol_t * min_version) { if (idx >= CIPHER_SUITES_COUNT) return NULL; @@ -1551,9 +1551,9 @@ _gnutls_cipher_suite_is_ok (cipher_suite_st * suite) #define MAX_ELEM_SIZE 4 static inline int _gnutls_partition (gnutls_session_t session, void *_base, - size_t nmemb, size_t size, - int (*compar) (gnutls_session_t, - const void *, const void *)) + size_t nmemb, size_t size, + int (*compar) (gnutls_session_t, + const void *, const void *)) { uint8_t *base = _base; uint8_t tmp[MAX_ELEM_SIZE]; @@ -1565,21 +1565,21 @@ _gnutls_partition (gnutls_session_t session, void *_base, i = pivot = 0; j = full = (nmemb - 1) * size; - memcpy (ptmp, &base[0], size); /* set pivot item */ + memcpy (ptmp, &base[0], size); /* set pivot item */ while (i < j) { while ((compar (session, &base[i], ptmp) <= 0) && (i < full)) - { - i += size; - } + { + i += size; + } while ((compar (session, &base[j], ptmp) >= 0) && (j > 0)) - j -= size; + j -= size; if (i < j) - { - SWAP (&base[j], &base[i]); - } + { + SWAP (&base[j], &base[i]); + } } if (j > pivot) @@ -1597,8 +1597,8 @@ _gnutls_partition (gnutls_session_t session, void *_base, static void _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb, - size_t size, int (*compar) (gnutls_session_t, const void *, - const void *)) + size_t size, int (*compar) (gnutls_session_t, const void *, + const void *)) { unsigned int pivot; char *base = _base; @@ -1618,9 +1618,9 @@ _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb, pivot = _gnutls_partition (session, _base, nmemb, size, compar); _gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 : pivot, size, - compar); + compar); _gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1, - size, compar); + size, compar); } @@ -1629,7 +1629,7 @@ _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb, */ static int _gnutls_compare_algo (gnutls_session_t session, const void *i_A1, - const void *i_A2) + const void *i_A2) { gnutls_kx_algorithm_t kA1 = _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1); @@ -1658,9 +1658,9 @@ _gnutls_compare_algo (gnutls_session_t session, const void *i_A1, else { if (p1 == p2) - { - return 0; - } + { + return 0; + } return -1; } } @@ -1668,8 +1668,8 @@ _gnutls_compare_algo (gnutls_session_t session, const void *i_A1, #ifdef SORT_DEBUG static void _gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb, - size_t size, int (*compar) (gnutls_session_t, const void *, - const void *)) + size_t size, int (*compar) (gnutls_session_t, const void *, + const void *)) { unsigned int i, j; int full = nmemb * size; @@ -1679,12 +1679,12 @@ _gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb, for (i = 0; i < full; i += size) { for (j = 0; j < full; j += size) - { - if (compar (session, &base[i], &base[j]) < 0) - { - SWAP (&base[j], &base[i]); - } - } + { + if (compar (session, &base[i], &base[j]) < 0) + { + SWAP (&base[j], &base[i]); + } + } } } @@ -1692,7 +1692,7 @@ _gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb, int _gnutls_supported_ciphersuites_sorted (gnutls_session_t session, - cipher_suite_st ** ciphers) + cipher_suite_st ** ciphers) { #ifdef SORT_DEBUG @@ -1710,17 +1710,17 @@ _gnutls_supported_ciphersuites_sorted (gnutls_session_t session, _gnutls_debug_log ("Unsorted: \n"); for (i = 0; i < count; i++) _gnutls_debug_log ("\t%d: %s\n", i, - _gnutls_cipher_suite_get_name ((*ciphers)[i])); + _gnutls_cipher_suite_get_name ((*ciphers)[i])); #endif _gnutls_qsort (session, *ciphers, count, - sizeof (cipher_suite_st), _gnutls_compare_algo); + sizeof (cipher_suite_st), _gnutls_compare_algo); #ifdef SORT_DEBUG _gnutls_debug_log ("Sorted: \n"); for (i = 0; i < count; i++) _gnutls_debug_log ("\t%d: %s\n", i, - _gnutls_cipher_suite_get_name ((*ciphers)[i])); + _gnutls_cipher_suite_get_name ((*ciphers)[i])); #endif return count; @@ -1728,7 +1728,7 @@ _gnutls_supported_ciphersuites_sorted (gnutls_session_t session, int _gnutls_supported_ciphersuites (gnutls_session_t session, - cipher_suite_st ** _ciphers) + cipher_suite_st ** _ciphers) { unsigned int i, ret_count, j; @@ -1758,7 +1758,7 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, for (i = 0; i < count; i++) { memcpy (&tmp_ciphers[i], &cs_algorithms[i].id, - sizeof (cipher_suite_st)); + sizeof (cipher_suite_st)); } for (i = j = 0; i < count; i++) @@ -1766,26 +1766,26 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, /* remove private cipher suites, if requested. */ if (tmp_ciphers[i].suite[0] == 0xFF && - session->internals.enable_private == 0) - continue; + session->internals.enable_private == 0) + continue; /* remove cipher suites which do not support the * protocol version used. */ if (_gnutls_cipher_suite_is_version_supported (&tmp_ciphers[i], version) - == 0) - continue; + == 0) + continue; if (_gnutls_kx_priority - (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0) - continue; + (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0) + continue; if (_gnutls_mac_priority - (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0) - continue; + (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0) + continue; if (_gnutls_cipher_priority - (session, - _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0) - continue; + (session, + _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0) + continue; memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st)); j++; @@ -1793,19 +1793,19 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, ret_count = j; -#if 0 /* expensive */ +#if 0 /* expensive */ if (ret_count > 0 && ret_count != count) { ciphers = - gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st)); + gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st)); } else { if (ret_count != count) - { - gnutls_free (ciphers); - ciphers = NULL; - } + { + gnutls_free (ciphers); + ciphers = NULL; + } } #endif @@ -2064,8 +2064,8 @@ _gnutls_x509_oid2sign_algorithm (const char *oid) gnutls_sign_algorithm_t ret = 0; GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0) - { - ret = p->id; break;} + { + ret = p->id; break;} ); if (ret == 0) @@ -2082,8 +2082,8 @@ _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac) gnutls_sign_algorithm_t ret = 0; GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac) - { - ret = p->id; break;} + { + ret = p->id; break;} ); if (ret == 0) @@ -2093,7 +2093,7 @@ _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac) const char * _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk, - gnutls_mac_algorithm_t mac) + gnutls_mac_algorithm_t mac) { gnutls_sign_algorithm_t sign; const char *ret = NULL; @@ -2132,9 +2132,9 @@ _gnutls_tls_aid_to_sign (const sign_algorithm_st * aid) gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm - && p->aid.sign_algorithm == aid->sign_algorithm) - { - ret = p->id; break;} + && p->aid.sign_algorithm == aid->sign_algorithm) + { + ret = p->id; break;} ); return ret; @@ -2166,9 +2166,9 @@ static const gnutls_pk_entry pk_algorithms[] = { /* having duplicate entries is ok, as long as the one * we want to return OID from is first */ {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA}, - {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */ - {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */ - {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ + {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */ + {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */ + {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, @@ -2193,8 +2193,8 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm) for (p = pk_algorithms; p->name != NULL; p++) if (p->id == algorithm) { - ret = p->name; - break; + ret = p->name; + break; } return ret; @@ -2248,8 +2248,8 @@ gnutls_pk_get_id (const char *name) for (p = pk_algorithms; p->name != NULL; p++) if (name && strcmp (p->name, name) == 0) { - ret = p->id; - break; + ret = p->id; + break; } return ret; @@ -2275,8 +2275,8 @@ gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm) for (p = pk_algorithms; p->name != NULL; p++) if (algorithm == p->id) { - ret = p->name; - break; + ret = p->name; + break; } return ret; @@ -2291,8 +2291,8 @@ _gnutls_x509_oid2pk_algorithm (const char *oid) for (p = pk_algorithms; p->name != NULL; p++) if (p->oid && strcmp (p->oid, oid) == 0) { - ret = p->id; - break; + ret = p->id; + break; } return ret; @@ -2307,8 +2307,8 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm) for (p = pk_algorithms; p->name != NULL; p++) if (p->id == algorithm) { - ret = p->oid; - break; + ret = p->oid; + break; } return ret; @@ -2330,7 +2330,7 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm) **/ unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, - gnutls_sec_param_t param) + gnutls_sec_param_t param) { unsigned int ret = 0; @@ -2338,15 +2338,15 @@ gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, if (algo == GNUTLS_PK_DSA) { GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) - { - ret = p->dsa_bits; break;} + { + ret = p->dsa_bits; break;} ); return ret; } GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) - { - ret = p->pk_bits; break;} + { + ret = p->pk_bits; break;} ); return ret; @@ -2361,8 +2361,8 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) unsigned int ret = 0; GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits) - { - ret = p->subgroup_bits; break;} + { + ret = p->subgroup_bits; break;} ); return ret; @@ -2384,8 +2384,8 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param) const char *ret = "Unknown"; GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) - { - ret = p->name; break;} + { + ret = p->name; break;} ); return ret; @@ -2409,9 +2409,9 @@ gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits) gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK; GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits) - { - break;} - ret = p->sec_param;); + { + break;} + ret = p->sec_param;); return ret; } diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 191a808eb3..60834d1a7c 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -35,9 +35,9 @@ gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session); gnutls_protocol_t _gnutls_version_max (gnutls_session_t session); int _gnutls_version_priority (gnutls_session_t session, - gnutls_protocol_t version); + gnutls_protocol_t version); int _gnutls_version_is_supported (gnutls_session_t session, - const gnutls_protocol_t version); + const gnutls_protocol_t version); int _gnutls_version_get_major (gnutls_protocol_t ver); int _gnutls_version_get_minor (gnutls_protocol_t ver); gnutls_protocol_t _gnutls_version_get (int major, int minor); @@ -56,24 +56,24 @@ const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac); /* Functions for cipher suites. */ int _gnutls_supported_ciphersuites (gnutls_session_t session, - cipher_suite_st ** ciphers); + cipher_suite_st ** ciphers); int _gnutls_supported_ciphersuites_sorted (gnutls_session_t session, - cipher_suite_st ** ciphers); + cipher_suite_st ** ciphers); const char *_gnutls_cipher_suite_get_name (cipher_suite_st * algorithm); gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const - cipher_suite_st - * algorithm); + cipher_suite_st + * algorithm); gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st - * algorithm); + * algorithm); gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const - cipher_suite_st * - algorithm); + cipher_suite_st * + algorithm); gnutls_protocol_t _gnutls_cipher_suite_is_version_supported (const - cipher_suite_st * - algorithm, - gnutls_protocol_t); + cipher_suite_st * + algorithm, + gnutls_protocol_t); cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st * - algorithm); + algorithm); /* Functions for ciphers. */ int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm); @@ -89,13 +89,13 @@ int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm); /* Type to KX mappings. */ gnutls_kx_algorithm_t _gnutls_map_kx_get_kx (gnutls_credentials_type_t type, - int server); + int server); gnutls_credentials_type_t _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t - algorithm, int server); + algorithm, int server); /* KX to PK mapping. */ gnutls_pk_algorithm_t _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t - kx_algorithm); + kx_algorithm); gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid); const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk); @@ -107,23 +107,23 @@ enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm); /* Functions for sign algorithms. */ gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid); gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, - gnutls_mac_algorithm_t mac); + gnutls_mac_algorithm_t mac); gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign); const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t, - gnutls_mac_algorithm_t mac); + gnutls_mac_algorithm_t mac); gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st * - aid); + aid); sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign); gnutls_mac_algorithm_t _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t); gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t); int _gnutls_mac_priority (gnutls_session_t session, - gnutls_mac_algorithm_t algorithm); + gnutls_mac_algorithm_t algorithm); int _gnutls_cipher_priority (gnutls_session_t session, - gnutls_cipher_algorithm_t algorithm); + gnutls_cipher_algorithm_t algorithm); int _gnutls_kx_priority (gnutls_session_t session, - gnutls_kx_algorithm_t algorithm); + gnutls_kx_algorithm_t algorithm); unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits); diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index 0b5f66cd97..e97ec32ff0 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -59,7 +59,7 @@ gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc) **/ int gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * - sc) + sc) { *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st)); @@ -94,7 +94,7 @@ static const gnutls_anon_client_credentials_t anon_dummy = &anon_dummy_struct; **/ int gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t * - sc) + sc) { /* anon_dummy is only there for *sc not to be null. * it is not used at all; @@ -115,7 +115,7 @@ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t * **/ void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res, - gnutls_dh_params_t dh_params) + gnutls_dh_params_t dh_params) { res->dh_params = dh_params; } @@ -131,7 +131,7 @@ gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res, **/ void gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res, - gnutls_params_function * func) + gnutls_params_function * func) { res->params_func = func; } diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 5e3fc8e6d3..a6003af3f3 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -48,15 +48,15 @@ void gnutls_credentials_clear (gnutls_session_t session) { if (session->key && session->key->cred) - { /* beginning of the list */ + { /* beginning of the list */ auth_cred_st *ccred, *ncred; ccred = session->key->cred; while (ccred != NULL) - { - ncred = ccred->next; - gnutls_free (ccred); - ccred = ncred; - } + { + ncred = ccred->next; + gnutls_free (ccred); + ccred = ncred; + } session->key->cred = NULL; } } @@ -97,17 +97,17 @@ gnutls_credentials_clear (gnutls_session_t session) **/ int gnutls_credentials_set (gnutls_session_t session, - gnutls_credentials_type_t type, void *cred) + gnutls_credentials_type_t type, void *cred) { auth_cred_st *ccred = NULL, *pcred = NULL; int exists = 0; if (session->key->cred == NULL) - { /* beginning of the list */ + { /* beginning of the list */ session->key->cred = gnutls_malloc (sizeof (auth_cred_st)); if (session->key->cred == NULL) - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; /* copy credentials locally */ session->key->cred->credentials = cred; @@ -119,36 +119,36 @@ gnutls_credentials_set (gnutls_session_t session, { ccred = session->key->cred; while (ccred != NULL) - { - if (ccred->algorithm == type) - { - exists = 1; - break; - } - pcred = ccred; - ccred = ccred->next; - } + { + if (ccred->algorithm == type) + { + exists = 1; + break; + } + pcred = ccred; + ccred = ccred->next; + } /* After this, pcred is not null. */ if (exists == 0) - { /* new entry */ - pcred->next = gnutls_malloc (sizeof (auth_cred_st)); - if (pcred->next == NULL) - return GNUTLS_E_MEMORY_ERROR; + { /* new entry */ + pcred->next = gnutls_malloc (sizeof (auth_cred_st)); + if (pcred->next == NULL) + return GNUTLS_E_MEMORY_ERROR; - ccred = pcred->next; + ccred = pcred->next; - /* copy credentials locally */ - ccred->credentials = cred; + /* copy credentials locally */ + ccred->credentials = cred; - ccred->next = NULL; - ccred->algorithm = type; - } + ccred->next = NULL; + ccred->algorithm = type; + } else - { /* modify existing entry */ - ccred->credentials = cred; - } + { /* modify existing entry */ + ccred->credentials = cred; + } } return 0; @@ -179,9 +179,9 @@ gnutls_auth_get_type (gnutls_session_t session) return _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite), - server); + (&session-> + security_parameters.current_cipher_suite), + server); } /** @@ -200,8 +200,8 @@ gnutls_auth_server_get_type (gnutls_session_t session) { return _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite), 1); + (&session-> + security_parameters.current_cipher_suite), 1); } /** @@ -220,8 +220,8 @@ gnutls_auth_client_get_type (gnutls_session_t session) { return _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite), 0); + (&session-> + security_parameters.current_cipher_suite), 0); } @@ -231,12 +231,12 @@ gnutls_auth_client_get_type (gnutls_session_t session) */ const void * _gnutls_get_kx_cred (gnutls_session_t session, - gnutls_kx_algorithm_t algo, int *err) + gnutls_kx_algorithm_t algo, int *err) { int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; return _gnutls_get_cred (session->key, - _gnutls_map_kx_get_cred (algo, server), err); + _gnutls_map_kx_get_cred (algo, server), err); } const void * @@ -253,9 +253,9 @@ _gnutls_get_cred (gnutls_key_st key, gnutls_credentials_type_t type, int *err) while (ccred != NULL) { if (ccred->algorithm == type) - { - break; - } + { + break; + } ccred = ccred->next; } if (ccred == NULL) @@ -315,47 +315,47 @@ _gnutls_free_auth_info (gnutls_session_t session) break; case GNUTLS_CRD_ANON: { - anon_auth_info_t info = _gnutls_get_auth_info (session); + anon_auth_info_t info = _gnutls_get_auth_info (session); - if (info == NULL) - break; + if (info == NULL) + break; - dh_info = &info->dh; - _gnutls_free_dh_info (dh_info); + dh_info = &info->dh; + _gnutls_free_dh_info (dh_info); } break; case GNUTLS_CRD_PSK: { - psk_auth_info_t info = _gnutls_get_auth_info (session); + psk_auth_info_t info = _gnutls_get_auth_info (session); - if (info == NULL) - break; + if (info == NULL) + break; - dh_info = &info->dh; - _gnutls_free_dh_info (dh_info); + dh_info = &info->dh; + _gnutls_free_dh_info (dh_info); } break; case GNUTLS_CRD_CERTIFICATE: { - unsigned int i; - cert_auth_info_t info = _gnutls_get_auth_info (session); + unsigned int i; + cert_auth_info_t info = _gnutls_get_auth_info (session); - if (info == NULL) - break; + if (info == NULL) + break; - dh_info = &info->dh; - rsa_info = &info->rsa_export; - for (i = 0; i < info->ncerts; i++) - { - _gnutls_free_datum (&info->raw_certificate_list[i]); - } + dh_info = &info->dh; + rsa_info = &info->rsa_export; + for (i = 0; i < info->ncerts; i++) + { + _gnutls_free_datum (&info->raw_certificate_list[i]); + } - gnutls_free (info->raw_certificate_list); - info->raw_certificate_list = NULL; - info->ncerts = 0; + gnutls_free (info->raw_certificate_list); + info->raw_certificate_list = NULL; + info->ncerts = 0; - _gnutls_free_dh_info (dh_info); - _gnutls_free_rsa_info (rsa_info); + _gnutls_free_dh_info (dh_info); + _gnutls_free_rsa_info (rsa_info); } @@ -379,60 +379,60 @@ _gnutls_free_auth_info (gnutls_session_t session) */ int _gnutls_auth_info_set (gnutls_session_t session, - gnutls_credentials_type_t type, int size, - int allow_change) + gnutls_credentials_type_t type, int size, + int allow_change) { if (session->key->auth_info == NULL) { session->key->auth_info = gnutls_calloc (1, size); if (session->key->auth_info == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } session->key->auth_info_type = type; session->key->auth_info_size = size; } else { if (allow_change == 0) - { - /* If the credentials for the current authentication scheme, - * are not the one we want to set, then it's an error. - * This may happen if a rehandshake is performed an the - * ciphersuite which is negotiated has different authentication - * schema. - */ - if (gnutls_auth_get_type (session) != session->key->auth_info_type) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - } + { + /* If the credentials for the current authentication scheme, + * are not the one we want to set, then it's an error. + * This may happen if a rehandshake is performed an the + * ciphersuite which is negotiated has different authentication + * schema. + */ + if (gnutls_auth_get_type (session) != session->key->auth_info_type) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + } else - { - /* The new behaviour: Here we reallocate the auth info structure - * in order to be able to negotiate different authentication - * types. Ie. perform an auth_anon and then authenticate again using a - * certificate (in order to prevent revealing the certificate's contents, - * to passive eavesdropers. - */ - if (gnutls_auth_get_type (session) != session->key->auth_info_type) - { - - _gnutls_free_auth_info (session); - - session->key->auth_info = calloc (1, size); - if (session->key->auth_info == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - session->key->auth_info_type = type; - session->key->auth_info_size = size; - } - } + { + /* The new behaviour: Here we reallocate the auth info structure + * in order to be able to negotiate different authentication + * types. Ie. perform an auth_anon and then authenticate again using a + * certificate (in order to prevent revealing the certificate's contents, + * to passive eavesdropers. + */ + if (gnutls_auth_get_type (session) != session->key->auth_info_type) + { + + _gnutls_free_auth_info (session); + + session->key->auth_info = calloc (1, size); + if (session->key->auth_info == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + session->key->auth_info_type = type; + session->key->auth_info_size = size; + } + } } return 0; } diff --git a/lib/gnutls_auth.h b/lib/gnutls_auth.h index 4738c5c9f0..f4123b6e07 100644 --- a/lib/gnutls_auth.h +++ b/lib/gnutls_auth.h @@ -28,33 +28,33 @@ typedef struct mod_auth_st_int { - const char *name; /* null terminated */ + const char *name; /* null terminated */ int (*gnutls_generate_server_certificate) (gnutls_session_t, opaque **); int (*gnutls_generate_client_certificate) (gnutls_session_t, opaque **); int (*gnutls_generate_server_kx) (gnutls_session_t, opaque **); - int (*gnutls_generate_client_kx) (gnutls_session_t, opaque **); /* used in SRP */ + int (*gnutls_generate_client_kx) (gnutls_session_t, opaque **); /* used in SRP */ int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, opaque **); int (*gnutls_generate_server_certificate_request) (gnutls_session_t, - opaque **); + opaque **); int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *, - size_t); + size_t); int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *, - size_t); + size_t); int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t); int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t); int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t); int (*gnutls_process_server_certificate_request) (gnutls_session_t, - opaque *, size_t); + opaque *, size_t); } mod_auth_st; const void *_gnutls_get_cred (gnutls_key_st key, - gnutls_credentials_type_t kx, int *err); + gnutls_credentials_type_t kx, int *err); const void *_gnutls_get_kx_cred (gnutls_session_t session, - gnutls_kx_algorithm_t algo, int *err); + gnutls_kx_algorithm_t algo, int *err); void *_gnutls_get_auth_info (gnutls_session_t session); int _gnutls_auth_info_set (gnutls_session_t session, - gnutls_credentials_type_t type, int size, - int allow_change); + gnutls_credentials_type_t type, int size, + int allow_change); #endif diff --git a/lib/gnutls_buffers.c b/lib/gnutls_buffers.c index c190a3de70..e71476e013 100644 --- a/lib/gnutls_buffers.c +++ b/lib/gnutls_buffers.c @@ -123,8 +123,8 @@ gnutls_transport_set_global_errno (int err) */ int _gnutls_record_buffer_put (content_type_t type, - gnutls_session_t session, opaque * data, - size_t length) + gnutls_session_t session, opaque * data, + size_t length) { gnutls_buffer_st *buf; @@ -136,19 +136,19 @@ _gnutls_record_buffer_put (content_type_t type, case GNUTLS_APPLICATION_DATA: buf = &session->internals.application_data_buffer; _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n", - (int) length, (int) type); + (int) length, (int) type); break; case GNUTLS_HANDSHAKE: buf = &session->internals.handshake_data_buffer; _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n", - (int) length, (int) type); + (int) length, (int) type); break; case GNUTLS_INNER_APPLICATION: buf = &session->internals.ia_data_buffer; _gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n", - (int) length, (int) type); + (int) length, (int) type); break; default: @@ -207,8 +207,8 @@ gnutls_record_check_pending (gnutls_session_t session) int _gnutls_record_buffer_get (content_type_t type, - gnutls_session_t session, opaque * data, - size_t length) + gnutls_session_t session, opaque * data, + size_t length) { if (length == 0 || data == NULL) { @@ -220,24 +220,24 @@ _gnutls_record_buffer_get (content_type_t type, { case GNUTLS_APPLICATION_DATA: _gnutls_buffer_pop_data (&session->internals.application_data_buffer, - data, &length); + data, &length); _gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n", - (int) length, (int) type); + (int) length, (int) type); break; case GNUTLS_HANDSHAKE: _gnutls_buffer_pop_data (&session->internals.handshake_data_buffer, - data, &length); + data, &length); _gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n", - (int) length, (int) type); + (int) length, (int) type); break; case GNUTLS_INNER_APPLICATION: _gnutls_buffer_pop_data (&session->internals.ia_data_buffer, data, - &length); + &length); _gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n", - (int) length, (int) type); + (int) length, (int) type); break; default: @@ -262,7 +262,7 @@ get_errno (gnutls_session_t session) return session->internals.errnum; else return session->internals.errno_func (session-> - internals.transport_recv_ptr); + internals.transport_recv_ptr); } @@ -273,7 +273,7 @@ get_errno (gnutls_session_t session) */ static ssize_t _gnutls_read (gnutls_session_t session, mbuffer_st ** bufel, - size_t size, gnutls_pull_func pull_func) + size_t size, gnutls_pull_func pull_func) { size_t left; ssize_t i = 0; @@ -304,41 +304,41 @@ _gnutls_read (gnutls_session_t session, mbuffer_st ** bufel, i = pull_func (fd, &ptr[size - left], left); if (i < 0) - { - int err = get_errno (session); - - _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n", - (int) i, fd, errno, session->internals.errnum); - - if (err == EAGAIN || err == EINTR) - { - if (size - left > 0) - { - - _gnutls_read_log ("READ: returning %d bytes from %p\n", - (int) (size - left), fd); - - goto finish; - } - - if (err == EAGAIN) - return GNUTLS_E_AGAIN; - return GNUTLS_E_INTERRUPTED; - } - else - { - gnutls_assert (); - return GNUTLS_E_PULL_ERROR; - } - } + { + int err = get_errno (session); + + _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n", + (int) i, fd, errno, session->internals.errnum); + + if (err == EAGAIN || err == EINTR) + { + if (size - left > 0) + { + + _gnutls_read_log ("READ: returning %d bytes from %p\n", + (int) (size - left), fd); + + goto finish; + } + + if (err == EAGAIN) + return GNUTLS_E_AGAIN; + return GNUTLS_E_INTERRUPTED; + } + else + { + gnutls_assert (); + return GNUTLS_E_PULL_ERROR; + } + } else - { + { - _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd); + _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd); - if (i == 0) - break; /* EOF */ - } + if (i == 0) + break; /* EOF */ + } left -= i; (*bufel)->msg.size += i; @@ -349,7 +349,7 @@ finish: if (_gnutls_log_level >= 7) { _gnutls_read_log ("READ: read %d bytes from %p\n", - (int) (size - left), fd); + (int) (size - left), fd); } @@ -360,7 +360,7 @@ finish: static ssize_t _gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec, - int giovec_cnt) + int giovec_cnt) { int ret, j = 0; gnutls_transport_ptr_t fd = session->internals.transport_send_ptr; @@ -376,7 +376,7 @@ _gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec, ret = session->internals.push_func (fd, iptr, sizeOfPtr); if (ret == -1) - break; + break; total += ret; } @@ -389,7 +389,7 @@ _gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec, static ssize_t _gnutls_writev (gnutls_session_t session, const giovec_t * giovec, - int giovec_cnt) + int giovec_cnt) { int i; gnutls_transport_ptr_t fd = session->internals.transport_send_ptr; @@ -406,14 +406,14 @@ _gnutls_writev (gnutls_session_t session, const giovec_t * giovec, int err = get_errno (session); _gnutls_debug_log ("errno: %d\n", err); if (err == EAGAIN) - return GNUTLS_E_AGAIN; + return GNUTLS_E_AGAIN; else if (err == EINTR) - return GNUTLS_E_INTERRUPTED; + return GNUTLS_E_INTERRUPTED; else - { - gnutls_assert (); - return GNUTLS_E_PUSH_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_PUSH_ERROR; + } } return i; } @@ -435,16 +435,16 @@ _gnutls_io_clear_peeked_data (gnutls_session_t session) /* this was already read by using MSG_PEEK - so it shouldn't fail */ sum = 0; do - { /* we need this to finish now */ + { /* we need this to finish now */ ret = - _gnutls_read (session, &peekdata, RCVLOWAT - sum, - session->internals.pull_func); + _gnutls_read (session, &peekdata, RCVLOWAT - sum, + session->internals.pull_func); if (ret > 0) - sum += ret; + sum += ret; _mbuffer_xfree (&peekdata); } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN - || sum < RCVLOWAT); + || sum < RCVLOWAT); if (ret < 0) { @@ -468,7 +468,7 @@ _gnutls_io_clear_peeked_data (gnutls_session_t session) */ ssize_t _gnutls_io_read_buffered (gnutls_session_t session, size_t total, - content_type_t recv_type) + content_type_t recv_type) { ssize_t ret = 0, ret2 = 0; size_t min; @@ -477,7 +477,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, if (total > MAX_RECV_SIZE || total == 0) { - gnutls_assert (); /* internal error */ + gnutls_assert (); /* internal error */ return GNUTLS_E_INVALID_REQUEST; } @@ -495,10 +495,10 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, * data in gnutls session. */ if (recv_type != GNUTLS_APPLICATION_DATA - && session->internals.have_peeked_data == 0) - recvlowat = 0; + && session->internals.have_peeked_data == 0) + recvlowat = 0; else - recvlowat = RCVLOWAT; + recvlowat = RCVLOWAT; } @@ -513,9 +513,9 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, * then just return them. */ if (min == total) - { - return min; - } + { + return min; + } } /* min is over zero. recvdata is the data we must @@ -530,7 +530,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, if ((session->internals.record_recv_buffer.byte_length + recvdata) > MAX_RECV_SIZE) { - gnutls_assert (); /* internal error */ + gnutls_assert (); /* internal error */ return GNUTLS_E_INVALID_REQUEST; } @@ -545,17 +545,17 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, if (readsize > 0) { ret = - _gnutls_read (session, &bufel, readsize, - session->internals.pull_func); + _gnutls_read (session, &bufel, readsize, + session->internals.pull_func); /* return immediately if we got an interrupt or eagain * error. */ if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - _mbuffer_xfree (&bufel); - return ret; - } + { + _mbuffer_xfree (&bufel); + return ret; + } } /* copy fresh data to our buffer. @@ -563,8 +563,8 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, if (ret > 0) { _gnutls_read_log - ("RB: Have %d bytes into buffer. Adding %d bytes.\n", - (int) session->internals.record_recv_buffer.byte_length, (int) ret); + ("RB: Have %d bytes into buffer. Adding %d bytes.\n", + (int) session->internals.record_recv_buffer.byte_length, (int) ret); _gnutls_read_log ("RB: Requested %d bytes\n", (int) total); _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel); @@ -583,24 +583,24 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, ret2 = _gnutls_read (session, &bufel, recvlowat, system_read_peek); if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0) - { - _mbuffer_xfree (&bufel); - return ret2; - } + { + _mbuffer_xfree (&bufel); + return ret2; + } if (ret2 > 0) - { - _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", - (int) ret2); - _gnutls_read_log - ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", - (int) session->internals.record_recv_buffer.byte_length, - (int) ret2, (int) total); - session->internals.have_peeked_data = 1; - _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel); - } + { + _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n", + (int) ret2); + _gnutls_read_log + ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n", + (int) session->internals.record_recv_buffer.byte_length, + (int) ret2, (int) total); + session->internals.have_peeked_data = 1; + _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel); + } else - _mbuffer_xfree (&bufel); + _mbuffer_xfree (&bufel); } if (ret < 0 || ret2 < 0) @@ -619,7 +619,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, } if (ret == 0) - { /* EOF */ + { /* EOF */ gnutls_assert (); return 0; } @@ -653,7 +653,7 @@ _gnutls_io_read_buffered (gnutls_session_t session, size_t total, */ ssize_t _gnutls_io_write_buffered (gnutls_session_t session, - mbuffer_st * bufel, unsigned int mflag) + mbuffer_st * bufel, unsigned int mflag) { mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer; @@ -688,7 +688,7 @@ _gnutls_io_write_flush (gnutls_session_t session) mbuffer_st *cur; _gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n", - (int) send_buffer->byte_length); + (int) send_buffer->byte_length); for (cur = _mbuffer_get_first (send_buffer, &msg); cur != NULL; cur = _mbuffer_get_next (cur, &msg)) @@ -699,10 +699,10 @@ _gnutls_io_write_flush (gnutls_session_t session) /* we buffer up to MAX_QUEUE messages */ if (i >= sizeof (iovec) / sizeof (iovec[0])) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } } ret = _gnutls_writev (session, iovec, i); @@ -710,20 +710,20 @@ _gnutls_io_write_flush (gnutls_session_t session) { _mbuffer_remove_bytes (send_buffer, ret); _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n", - ret, (int) send_buffer->byte_length); + ret, (int) send_buffer->byte_length); sent += ret; } else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) { _gnutls_write_log ("WRITE interrupted: %d bytes left.\n", - (int) send_buffer->byte_length); + (int) send_buffer->byte_length); return ret; } else { _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n", - ret, (int) send_buffer->byte_length); + ret, (int) send_buffer->byte_length); gnutls_assert (); return ret; @@ -754,33 +754,33 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session) mbuffer_st *cur; _gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n", - (int) send_buffer->byte_length); + (int) send_buffer->byte_length); for (cur = _mbuffer_get_first (send_buffer, &msg); cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg)) { ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE, - session->internals.handshake_send_buffer_htype, - EPOCH_WRITE_CURRENT, - msg.data, msg.size, 0 /* do not flush */ ); + session->internals.handshake_send_buffer_htype, + EPOCH_WRITE_CURRENT, + msg.data, msg.size, 0 /* do not flush */ ); if (ret >= 0) - { - _mbuffer_remove_bytes (send_buffer, ret); + { + _mbuffer_remove_bytes (send_buffer, ret); - _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n", - ret, (int) send_buffer->byte_length); + _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n", + ret, (int) send_buffer->byte_length); - total += ret; - } + total += ret; + } else - { - _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n", - ret, (int) send_buffer->byte_length); + { + _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n", + ret, (int) send_buffer->byte_length); - gnutls_assert (); - return ret; - } + gnutls_assert (); + return ret; + } } return _gnutls_io_write_flush (session); @@ -794,8 +794,8 @@ _gnutls_handshake_io_write_flush (gnutls_session_t session) */ void _gnutls_handshake_io_cache_int (gnutls_session_t session, - gnutls_handshake_description_t htype, - mbuffer_st * bufel) + gnutls_handshake_description_t htype, + mbuffer_st * bufel) { mbuffer_head_st *const send_buffer = &session->internals.handshake_send_buffer; @@ -815,9 +815,9 @@ _gnutls_handshake_io_cache_int (gnutls_session_t session, */ ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t session, - content_type_t type, - gnutls_handshake_description_t htype, - void *iptr, size_t sizeOfPtr) + content_type_t type, + gnutls_handshake_description_t htype, + void *iptr, size_t sizeOfPtr) { size_t left; ssize_t i; @@ -839,21 +839,21 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, /* if we have already received some data */ if (sizeOfPtr <= session->internals.handshake_recv_buffer.length) - { - /* if requested less data then return it. - */ - gnutls_assert (); - - tmp = sizeOfPtr; - _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer, - iptr, &tmp); - return tmp; - } + { + /* if requested less data then return it. + */ + gnutls_assert (); + + tmp = sizeOfPtr; + _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer, + iptr, &tmp); + return tmp; + } gnutls_assert (); tmp = sizeOfPtr; _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer, - iptr, &tmp); + iptr, &tmp); left -= tmp; htype = session->internals.handshake_recv_buffer_htype; @@ -865,26 +865,26 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, dsize = sizeOfPtr - left; i = _gnutls_recv_int (session, type, htype, &ptr[dsize], left); if (i < 0) - { + { - if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN)) - { - gnutls_assert (); + if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN)) + { + gnutls_assert (); - _gnutls_buffer_append_data (&session->internals. - handshake_recv_buffer, iptr, dsize); + _gnutls_buffer_append_data (&session->internals. + handshake_recv_buffer, iptr, dsize); - session->internals.handshake_recv_buffer_htype = htype; - session->internals.handshake_recv_buffer_type = type; - } + session->internals.handshake_recv_buffer_htype = htype; + session->internals.handshake_recv_buffer_type = type; + } - return i; - } + return i; + } else - { - if (i == 0) - break; /* EOF */ - } + { + if (i == 0) + break; /* EOF */ + } left -= i; @@ -901,7 +901,7 @@ _gnutls_handshake_io_recv_int (gnutls_session_t session, */ int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, - size_t length) + size_t length) { if (length == 0) @@ -917,7 +917,7 @@ _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length); if (_gnutls_buffer_append_data (&session->internals.handshake_hash_buffer, - data, length) < 0) + data, length) < 0) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -938,13 +938,13 @@ _gnutls_handshake_buffer_get_size (gnutls_session_t session) */ int _gnutls_handshake_buffer_get_ptr (gnutls_session_t session, - opaque ** data_ptr, size_t * length) + opaque ** data_ptr, size_t * length) { if (length != NULL) *length = session->internals.handshake_hash_buffer.length; _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n", - (int) session->internals.handshake_hash_buffer.length); + (int) session->internals.handshake_hash_buffer.length); if (data_ptr != NULL) *data_ptr = session->internals.handshake_hash_buffer.data; @@ -990,7 +990,7 @@ _gnutls_handshake_buffer_clear (gnutls_session_t session) **/ void gnutls_transport_set_pull_function (gnutls_session_t session, - gnutls_pull_func pull_func) + gnutls_pull_func pull_func) { session->internals.pull_func = pull_func; } @@ -1011,7 +1011,7 @@ gnutls_transport_set_pull_function (gnutls_session_t session, **/ void gnutls_transport_set_push_function (gnutls_session_t session, - gnutls_push_func push_func) + gnutls_push_func push_func) { session->internals.push_func = push_func; session->internals.vec_push_func = NULL; @@ -1033,7 +1033,7 @@ gnutls_transport_set_push_function (gnutls_session_t session, **/ void gnutls_transport_set_push_function2 (gnutls_session_t session, - gnutls_vec_push_func vec_func) + gnutls_vec_push_func vec_func) { session->internals.push_func = NULL; session->internals.vec_push_func = vec_func; @@ -1053,7 +1053,7 @@ gnutls_transport_set_push_function2 (gnutls_session_t session, **/ void gnutls_transport_set_errno_function (gnutls_session_t session, - gnutls_errno_func errno_func) + gnutls_errno_func errno_func) { session->internals.errno_func = errno_func; } diff --git a/lib/gnutls_buffers.h b/lib/gnutls_buffers.h index 0275b716e6..3dfad550fe 100644 --- a/lib/gnutls_buffers.h +++ b/lib/gnutls_buffers.h @@ -28,37 +28,37 @@ #define MBUFFER_FLUSH 1 int _gnutls_record_buffer_put (content_type_t type, - gnutls_session_t session, opaque * data, - size_t length); + gnutls_session_t session, opaque * data, + size_t length); int _gnutls_record_buffer_get_size (content_type_t type, - gnutls_session_t session); + gnutls_session_t session); int _gnutls_record_buffer_get (content_type_t type, - gnutls_session_t session, opaque * data, - size_t length); + gnutls_session_t session, opaque * data, + size_t length); ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t); int _gnutls_io_clear_peeked_data (gnutls_session_t session); ssize_t _gnutls_io_write_buffered (gnutls_session_t session, - mbuffer_st * bufel, unsigned int mflag); + mbuffer_st * bufel, unsigned int mflag); int _gnutls_handshake_buffer_get_size (gnutls_session_t session); int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data, - size_t length); + size_t length); int _gnutls_handshake_buffer_clear (gnutls_session_t session); int _gnutls_handshake_buffer_empty (gnutls_session_t session); int _gnutls_handshake_buffer_get_ptr (gnutls_session_t session, - opaque ** data_ptr, size_t * length); + opaque ** data_ptr, size_t * length); #define _gnutls_handshake_io_buffer_clear( session) \ _mbuffer_clear( &session->internals.handshake_send_buffer); \ _gnutls_buffer_clear( &session->internals.handshake_recv_buffer); ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t, content_type_t, - gnutls_handshake_description_t, void *, - size_t); + gnutls_handshake_description_t, void *, + size_t); void _gnutls_handshake_io_cache_int (gnutls_session_t, - gnutls_handshake_description_t, - mbuffer_st * bufel); + gnutls_handshake_description_t, + mbuffer_st * bufel); ssize_t _gnutls_io_write_flush (gnutls_session_t session); ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session); diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index bd55de5553..8b27b631f8 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -62,9 +62,9 @@ gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc) for (i = 0; i < sc->ncerts; i++) { for (j = 0; j < sc->cert_list_length[i]; j++) - { - _gnutls_gcert_deinit (&sc->cert_list[i][j]); - } + { + _gnutls_gcert_deinit (&sc->cert_list[i][j]); + } gnutls_free (sc->cert_list[i]); } @@ -125,8 +125,8 @@ gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc) **/ void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc, - gnutls_x509_crt_t ** x509_ca_list, - unsigned int *ncas) + gnutls_x509_crt_t ** x509_ca_list, + unsigned int *ncas) { *x509_ca_list = sc->x509_ca_list; *ncas = sc->x509_ncas; @@ -145,8 +145,8 @@ gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc, **/ void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc, - gnutls_x509_crl_t ** x509_crl_list, - unsigned int *ncrls) + gnutls_x509_crl_t ** x509_crl_list, + unsigned int *ncrls) { *x509_crl_list = sc->x509_crl_list; *ncrls = sc->x509_ncrls; @@ -166,7 +166,7 @@ gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc, **/ void gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t sc, - gnutls_openpgp_keyring_t * keyring) + gnutls_openpgp_keyring_t * keyring) { *keyring = sc->keyring; } @@ -203,8 +203,8 @@ gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc) -*/ gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params, - gnutls_params_function * func, - gnutls_session_t session) + gnutls_params_function * func, + gnutls_session_t session) { gnutls_params_st params; int ret; @@ -222,10 +222,10 @@ _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params, { ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, ¶ms); if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT) - { - session->internals.params.rsa_params = params.params.rsa_export; - session->internals.params.free_rsa_params = params.deinit; - } + { + session->internals.params.rsa_params = params.params.rsa_export; + session->internals.params.free_rsa_params = params.deinit; + } } return session->internals.params.rsa_params; @@ -272,7 +272,7 @@ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc) **/ int gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t * - res) + res) { *res = gnutls_calloc (1, sizeof (certificate_credentials_st)); @@ -294,8 +294,8 @@ gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t * */ int _gnutls_selected_cert_supported_kx (gnutls_session_t session, - gnutls_kx_algorithm_t ** alg, - int *alg_size) + gnutls_kx_algorithm_t ** alg, + int *alg_size) { gnutls_kx_algorithm_t kx; gnutls_pk_algorithm_t pk; @@ -317,14 +317,14 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session, { pk = _gnutls_map_pk_get_pk (kx); if (pk == cert->subject_pk_algorithm) - { - /* then check key usage */ - if (_gnutls_check_key_usage (cert, kx) == 0) - { - kxlist[i] = kx; - i++; - } - } + { + /* then check key usage */ + if (_gnutls_check_key_usage (cert, kx) == 0) + { + kxlist[i] = kx; + i++; + } + } } if (i == 0) @@ -358,7 +358,7 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session, **/ void gnutls_certificate_server_set_request (gnutls_session_t session, - gnutls_certificate_request_t req) + gnutls_certificate_request_t req) { session->internals.send_cert_req = req; } @@ -577,7 +577,7 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) -*/ static int _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, - unsigned int *status) + unsigned int *status) { cert_auth_info_t info; gnutls_certificate_credentials_t cred; @@ -618,7 +618,7 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, */ ret = _gnutls_openpgp_verify_key (cred, &info->raw_certificate_list[0], - peer_certificate_list_size, status); + peer_certificate_list_size, status); if (ret < 0) { @@ -653,7 +653,7 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, **/ int gnutls_certificate_verify_peers2 (gnutls_session_t session, - unsigned int *status) + unsigned int *status) { cert_auth_info_t info; @@ -747,13 +747,13 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session) { case GNUTLS_CRT_X509: return - _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list - [0]); + _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list + [0]); #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return - _gnutls_openpgp_get_raw_key_expiration_time - (&info->raw_certificate_list[0]); + _gnutls_openpgp_get_raw_key_expiration_time + (&info->raw_certificate_list[0]); #endif default: return (time_t) - 1; @@ -794,13 +794,13 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session) { case GNUTLS_CRT_X509: return - _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list - [0]); + _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list + [0]); #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return - _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list - [0]); + _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list + [0]); #endif default: return (time_t) - 1; @@ -812,22 +812,22 @@ gnutls_certificate_activation_time_peers (gnutls_session_t session) */ int _gnutls_get_auth_info_gcert (gnutls_cert * gcert, - gnutls_certificate_type_t type, - cert_auth_info_t info, - int flags /* OR of ConvFlags */ ) + gnutls_certificate_type_t type, + cert_auth_info_t info, + int flags /* OR of ConvFlags */ ) { switch (type) { case GNUTLS_CRT_X509: return _gnutls_x509_raw_cert_to_gcert (gcert, - &info->raw_certificate_list[0], - flags); + &info->raw_certificate_list[0], + flags); #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: return _gnutls_openpgp_raw_crt_to_gcert (gcert, - &info->raw_certificate_list[0], - info->use_subkey ? info-> - subkey_id : NULL); + &info->raw_certificate_list[0], + info->use_subkey ? info-> + subkey_id : NULL); #endif default: gnutls_assert (); @@ -846,8 +846,8 @@ _gnutls_get_auth_info_gcert (gnutls_cert * gcert, */ int _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert, - const gnutls_datum_t * derCert, - int flags /* OR of ConvFlags */ ) + const gnutls_datum_t * derCert, + int flags /* OR of ConvFlags */ ) { int ret; gnutls_x509_crt_t cert; @@ -877,7 +877,7 @@ _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert, */ int _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, - gnutls_x509_crt_t cert, unsigned int flags) + gnutls_x509_crt_t cert, unsigned int flags) { int ret = 0; @@ -896,39 +896,39 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, */ der = gnutls_malloc (SMALL_DER); if (der == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } ret = - gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, &der_size); + gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, &der_size); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - gnutls_assert (); - gnutls_free (der); - return ret; - } + { + gnutls_assert (); + gnutls_free (der); + return ret; + } if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - der = gnutls_realloc (der, der_size); - if (der == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, - &der_size); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (der); - return ret; - } - } + { + der = gnutls_realloc (der, der_size); + if (der == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, + &der_size); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (der); + return ret; + } + } gcert->raw.data = der; gcert->raw.size = der_size; @@ -942,12 +942,12 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, { ret = gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - gcert->key_usage = 0; + gcert->key_usage = 0; else if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } gcert->version = gnutls_x509_crt_get_version (cert); } gcert->subject_pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL); @@ -956,12 +956,12 @@ _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, { gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; ret = - _gnutls_x509_crt_get_mpis (cert, gcert->params, &gcert->params_size); + _gnutls_x509_crt_get_mpis (cert, gcert->params, &gcert->params_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } return 0; @@ -1005,7 +1005,7 @@ _gnutls_gcert_deinit (gnutls_cert * cert) **/ void gnutls_sign_callback_set (gnutls_session_t session, - gnutls_sign_func sign_func, void *userdata) + gnutls_sign_func sign_func, void *userdata) { session->internals.sign_func = sign_func; session->internals.sign_func_userdata = userdata; diff --git a/lib/gnutls_cert.h b/lib/gnutls_cert.h index 0afb78c528..57faf2f232 100644 --- a/lib/gnutls_cert.h +++ b/lib/gnutls_cert.h @@ -30,7 +30,7 @@ #include "x509/x509_int.h" #include <gnutls/openpgp.h> -#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ +#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PUBLIC_PARAMS 4 @@ -61,12 +61,12 @@ typedef struct gnutls_cert * [3] is public key */ bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_size; /* holds the size of MPI params */ + int params_size; /* holds the size of MPI params */ gnutls_pk_algorithm_t subject_pk_algorithm; - unsigned int key_usage; /* bits from KEY_* - */ + unsigned int key_usage; /* bits from KEY_* + */ unsigned int version; /* holds the type (PGP, X509) @@ -93,15 +93,15 @@ typedef enum ConvFlags } ConvFlags; int _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert, - const gnutls_datum_t * derCert, - int flags); + const gnutls_datum_t * derCert, + int flags); int _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert, - unsigned int flags); + unsigned int flags); void _gnutls_gcert_deinit (gnutls_cert * cert); int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session, - gnutls_kx_algorithm_t ** alg, - int *alg_size); + gnutls_kx_algorithm_t ** alg, + int *alg_size); #endif diff --git a/lib/gnutls_cipher.c b/lib/gnutls_cipher.c index b94055f754..22d02f64f0 100644 --- a/lib/gnutls_cipher.c +++ b/lib/gnutls_cipher.c @@ -74,10 +74,10 @@ is_read_comp_null (gnutls_session_t session) */ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, int random_pad, - record_parameters_st * params) + size_t headers_size, const opaque * data, + size_t data_size, opaque * ciphertext, + size_t ciphertext_size, content_type_t type, int random_pad, + record_parameters_st * params) { gnutls_datum_t plain; gnutls_datum_t comp; @@ -99,15 +99,15 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, */ ret = _gnutls_m_plaintext2compressed (session, &comp, &plain, params); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size], - ciphertext_size - headers_size, - comp, type, random_pad, params); + ciphertext_size - headers_size, + comp, type, random_pad, params); if (free_comp) _gnutls_free_datum (&comp); @@ -131,9 +131,9 @@ _gnutls_encrypt (gnutls_session_t session, const opaque * headers, */ int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, - size_t max_data_size, content_type_t type, - record_parameters_st * params) + size_t ciphertext_size, uint8_t * data, + size_t max_data_size, content_type_t type, + record_parameters_st * params) { gnutls_datum_t gtxt; gnutls_datum_t gcipher; @@ -147,7 +147,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, ret = _gnutls_ciphertext2compressed (session, data, max_data_size, - gcipher, type, params); + gcipher, type, params); if (ret < 0) { return ret; @@ -169,27 +169,27 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, gcomp.size = ret; ret = _gnutls_m_compressed2plaintext (session, >xt, &gcomp, params); if (ret < 0) - { - return ret; - } + { + return ret; + } if (gtxt.size > MAX_RECORD_RECV_SIZE) - { - gnutls_assert (); - _gnutls_free_datum (>xt); - /* This shouldn't have happen and - * is a TLS fatal error. - */ - return GNUTLS_E_DECOMPRESSION_FAILED; - } + { + gnutls_assert (); + _gnutls_free_datum (>xt); + /* This shouldn't have happen and + * is a TLS fatal error. + */ + return GNUTLS_E_DECOMPRESSION_FAILED; + } /* This check is not really needed */ if (max_data_size < MAX_RECORD_RECV_SIZE) - { - gnutls_assert (); - _gnutls_free_datum (>xt); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + _gnutls_free_datum (>xt); + return GNUTLS_E_INTERNAL_ERROR; + } memcpy (data, gtxt.data, gtxt.size); ret = gtxt.size; @@ -202,7 +202,7 @@ _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, static inline int mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret, - int secret_size, int ver) + int secret_size, int ver) { int ret = 0; @@ -212,11 +212,11 @@ mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret, } if (ver == GNUTLS_SSL3) - { /* SSL 3.0 */ + { /* SSL 3.0 */ ret = _gnutls_mac_init_ssl3 (td, mac, secret, secret_size); } else - { /* TLS 1.x */ + { /* TLS 1.x */ ret = _gnutls_hmac_init (td, mac, secret, secret_size); } @@ -227,7 +227,7 @@ static inline void mac_hash (digest_hd_st * td, void *data, int data_size, int ver) { if (ver == GNUTLS_SSL3) - { /* SSL 3.0 */ + { /* SSL 3.0 */ _gnutls_hash (td, data, data_size); } else @@ -240,7 +240,7 @@ static inline void mac_deinit (digest_hd_st * td, opaque * res, int ver) { if (ver == GNUTLS_SSL3) - { /* SSL 3.0 */ + { /* SSL 3.0 */ _gnutls_mac_deinit_ssl3 (td, res); } else @@ -251,8 +251,8 @@ mac_deinit (digest_hd_st * td, opaque * res, int ver) inline static int calc_enc_length (gnutls_session_t session, int data_size, - int hash_size, uint8_t * pad, int random_pad, - cipher_type_t block_algo, uint16_t blocksize) + int hash_size, uint8_t * pad, int random_pad, + cipher_type_t block_algo, uint16_t blocksize) { uint8_t rnd; int length, ret; @@ -268,26 +268,26 @@ calc_enc_length (gnutls_session_t session, int data_size, case CIPHER_BLOCK: ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* make rnd a multiple of blocksize */ if (session->security_parameters.version == GNUTLS_SSL3 || - random_pad == 0) - { - rnd = 0; - } + random_pad == 0) + { + rnd = 0; + } else - { - rnd = (rnd / blocksize) * blocksize; - /* added to avoid the case of pad calculated 0 - * seen below for pad calculation. - */ - if (rnd > blocksize) - rnd -= blocksize; - } + { + rnd = (rnd / blocksize) * blocksize; + /* added to avoid the case of pad calculated 0 + * seen below for pad calculation. + */ + if (rnd > blocksize) + rnd -= blocksize; + } length = data_size + hash_size; @@ -295,8 +295,8 @@ calc_enc_length (gnutls_session_t session, int data_size, length += *pad; if (_gnutls_version_has_explicit_iv - (session->security_parameters.version)) - length += blocksize; /* for the IV */ + (session->security_parameters.version)) + length += blocksize; /* for the IV */ break; default: @@ -310,7 +310,7 @@ calc_enc_length (gnutls_session_t session, int data_size, #define PREAMBLE_SIZE 16 static inline int make_preamble (opaque * uint64_data, opaque type, uint16_t c_length, - opaque ver, opaque * preamble) + opaque ver, opaque * preamble) { opaque minor = _gnutls_version_get_minor (ver); opaque major = _gnutls_version_get_major (ver); @@ -321,7 +321,7 @@ make_preamble (opaque * uint64_data, opaque type, uint16_t c_length, *p = type; p++; if (_gnutls_version_has_variable_padding (ver)) - { /* TLS 1.0 or higher */ + { /* TLS 1.0 or higher */ *p = major; p++; *p = minor; @@ -339,10 +339,10 @@ make_preamble (opaque * uint64_data, opaque type, uint16_t c_length, */ int _gnutls_compressed2ciphertext (gnutls_session_t session, - opaque * cipher_data, int cipher_size, - gnutls_datum_t compressed, - content_type_t _type, int random_pad, - record_parameters_st * params) + opaque * cipher_data, int cipher_size, + gnutls_datum_t compressed, + content_type_t _type, int random_pad, + record_parameters_st * params) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -364,22 +364,22 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, c_length = _gnutls_conv_uint16 (compressed.size); if (params->mac_algorithm != GNUTLS_MAC_NULL) - { /* actually when the algorithm in not the NULL one */ + { /* actually when the algorithm in not the NULL one */ digest_hd_st td; ret = mac_init (&td, params->mac_algorithm, - params->write.mac_secret.data, - params->write.mac_secret.size, ver); + params->write.mac_secret.data, + params->write.mac_secret.size, ver); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } preamble_size = - make_preamble (UINT64DATA - (params->write.sequence_number), - type, c_length, ver, preamble); + make_preamble (UINT64DATA + (params->write.sequence_number), + type, c_length, ver, preamble); mac_hash (&td, preamble, preamble_size, ver); mac_hash (&td, compressed.data, compressed.size, ver); mac_deinit (&td, MAC, ver); @@ -390,7 +390,7 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, */ length = calc_enc_length (session, compressed.size, hash_size, &pad, - random_pad, block_algo, blocksize); + random_pad, block_algo, blocksize); if (length < 0) { gnutls_assert (); @@ -413,10 +413,10 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, */ ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } data_ptr += blocksize; } @@ -454,10 +454,10 @@ _gnutls_compressed2ciphertext (gnutls_session_t session, */ int _gnutls_ciphertext2compressed (gnutls_session_t session, - opaque * compress_data, - int compress_size, - gnutls_datum_t ciphertext, uint8_t type, - record_parameters_st * params) + opaque * compress_data, + int compress_size, + gnutls_datum_t ciphertext, uint8_t type, + record_parameters_st * params) { uint8_t MAC[MAX_HASH_SIZE]; uint16_t c_length; @@ -479,71 +479,71 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, { case CIPHER_STREAM: if ((ret = - _gnutls_cipher_decrypt (¶ms->read.cipher_state, - ciphertext.data, ciphertext.size)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_cipher_decrypt (¶ms->read.cipher_state, + ciphertext.data, ciphertext.size)) < 0) + { + gnutls_assert (); + return ret; + } length = ciphertext.size - hash_size; break; case CIPHER_BLOCK: if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0)) - { - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } if ((ret = - _gnutls_cipher_decrypt (¶ms->read.cipher_state, - ciphertext.data, ciphertext.size)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_cipher_decrypt (¶ms->read.cipher_state, + ciphertext.data, ciphertext.size)) < 0) + { + gnutls_assert (); + return ret; + } /* ignore the IV in TLS 1.1. */ if (_gnutls_version_has_explicit_iv - (session->security_parameters.version)) - { - ciphertext.size -= blocksize; - ciphertext.data += blocksize; + (session->security_parameters.version)) + { + ciphertext.size -= blocksize; + ciphertext.data += blocksize; - if (ciphertext.size == 0) - { - gnutls_assert (); - return GNUTLS_E_DECRYPTION_FAILED; - } - } + if (ciphertext.size == 0) + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; + } + } - pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ + pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */ if ((int) pad > (int) ciphertext.size - hash_size) - { - gnutls_assert (); - _gnutls_record_log - ("REC[%p]: Short record length %d > %d - %d (under attack?)\n", - session, pad, ciphertext.size, hash_size); - /* We do not fail here. We check below for the - * the pad_failed. If zero means success. - */ - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } + { + gnutls_assert (); + _gnutls_record_log + ("REC[%p]: Short record length %d > %d - %d (under attack?)\n", + session, pad, ciphertext.size, hash_size); + /* We do not fail here. We check below for the + * the pad_failed. If zero means success. + */ + pad_failed = GNUTLS_E_DECRYPTION_FAILED; + } length = ciphertext.size - hash_size - pad; /* Check the pading bytes (TLS 1.x) */ if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0) - for (i = 2; i < pad; i++) - { - if (ciphertext.data[ciphertext.size - i] != - ciphertext.data[ciphertext.size - 1]) - pad_failed = GNUTLS_E_DECRYPTION_FAILED; - } + for (i = 2; i < pad; i++) + { + if (ciphertext.data[ciphertext.size - i] != + ciphertext.data[ciphertext.size - 1]) + pad_failed = GNUTLS_E_DECRYPTION_FAILED; + } break; default: gnutls_assert (); @@ -562,22 +562,22 @@ _gnutls_ciphertext2compressed (gnutls_session_t session, digest_hd_st td; ret = mac_init (&td, params->mac_algorithm, - params->read.mac_secret.data, - params->read.mac_secret.size, ver); + params->read.mac_secret.data, + params->read.mac_secret.size, ver); if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } preamble_size = - make_preamble (UINT64DATA - (params->read.sequence_number), type, - c_length, ver, preamble); + make_preamble (UINT64DATA + (params->read.sequence_number), type, + c_length, ver, preamble); mac_hash (&td, preamble, preamble_size, ver); if (length > 0) - mac_hash (&td, ciphertext.data, length, ver); + mac_hash (&td, ciphertext.data, length, ver); mac_deinit (&td, MAC, ver); } diff --git a/lib/gnutls_cipher.h b/lib/gnutls_cipher.h index defa697321..c90467f488 100644 --- a/lib/gnutls_cipher.h +++ b/lib/gnutls_cipher.h @@ -24,21 +24,21 @@ */ int _gnutls_encrypt (gnutls_session_t session, const opaque * headers, - size_t headers_size, const opaque * data, - size_t data_size, opaque * ciphertext, - size_t ciphertext_size, content_type_t type, - int random_pad, record_parameters_st * params); + size_t headers_size, const opaque * data, + size_t data_size, opaque * ciphertext, + size_t ciphertext_size, content_type_t type, + int random_pad, record_parameters_st * params); int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext, - size_t ciphertext_size, uint8_t * data, size_t data_size, - content_type_t type, record_parameters_st * params); + size_t ciphertext_size, uint8_t * data, size_t data_size, + content_type_t type, record_parameters_st * params); int _gnutls_compressed2ciphertext (gnutls_session_t session, - opaque * cipher_data, int cipher_size, - gnutls_datum_t compressed, - content_type_t _type, int random_pad, - record_parameters_st * params); + opaque * cipher_data, int cipher_size, + gnutls_datum_t compressed, + content_type_t _type, int random_pad, + record_parameters_st * params); int _gnutls_ciphertext2compressed (gnutls_session_t session, - opaque * compress_data, - int compress_size, - gnutls_datum_t ciphertext, uint8_t type, - record_parameters_st * params); + opaque * compress_data, + int compress_size, + gnutls_datum_t ciphertext, uint8_t type, + record_parameters_st * params); diff --git a/lib/gnutls_cipher_int.c b/lib/gnutls_cipher_int.c index 6db6728a7d..d3b7698a94 100644 --- a/lib/gnutls_cipher_int.c +++ b/lib/gnutls_cipher_int.c @@ -37,7 +37,7 @@ int _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher, - const gnutls_datum_t * key, const gnutls_datum_t * iv) + const gnutls_datum_t * key, const gnutls_datum_t * iv) { int ret = GNUTLS_E_INTERNAL_ERROR; const gnutls_crypto_cipher_st *cc = NULL; @@ -55,7 +55,7 @@ _gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher, handle->deinit = cc->deinit; if (iv && iv->data && iv->size && cc->setiv) - SR (cc->setiv (handle->handle, iv->data, iv->size), cc_cleanup); + SR (cc->setiv (handle->handle, iv->data, iv->size), cc_cleanup); return 0; } @@ -105,36 +105,36 @@ _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen) int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext, - int ciphertextlen) + int ciphertextlen) { if (handle != NULL && handle->handle != NULL) { return handle->decrypt (handle->handle, ciphertext, ciphertextlen, - ciphertext, ciphertextlen); + ciphertext, ciphertextlen); } return 0; } int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text, - int textlen, void *ciphertext, int ciphertextlen) + int textlen, void *ciphertext, int ciphertextlen) { if (handle != NULL && handle->handle != NULL) { return handle->encrypt (handle->handle, text, textlen, ciphertext, - ciphertextlen); + ciphertextlen); } return 0; } int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext, - int ciphertextlen, void *text, int textlen) + int ciphertextlen, void *text, int textlen) { if (handle != NULL && handle->handle != NULL) { return handle->decrypt (handle->handle, ciphertext, ciphertextlen, - text, textlen); + text, textlen); } return 0; } diff --git a/lib/gnutls_cipher_int.h b/lib/gnutls_cipher_int.h index 1936dd3110..89d7966370 100644 --- a/lib/gnutls_cipher_int.h +++ b/lib/gnutls_cipher_int.h @@ -32,9 +32,9 @@ extern int crypto_cipher_prio; extern gnutls_crypto_cipher_st _gnutls_cipher_ops; typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t, - void *ciphertext, size_t); + void *ciphertext, size_t); typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t, - void *plaintext, size_t); + void *plaintext, size_t); typedef void (*cipher_deinit_func) (void *hd); typedef struct @@ -46,18 +46,18 @@ typedef struct } cipher_hd_st; int _gnutls_cipher_init (cipher_hd_st *, gnutls_cipher_algorithm_t cipher, - const gnutls_datum_t * key, - const gnutls_datum_t * iv); + const gnutls_datum_t * key, + const gnutls_datum_t * iv); int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, - int textlen); + int textlen); int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext, - int ciphertextlen); + int ciphertextlen); int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text, - int textlen, void *ciphertext, - int ciphertextlen); + int textlen, void *ciphertext, + int ciphertextlen); int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle, - const void *ciphertext, int ciphertextlen, - void *text, int textlen); + const void *ciphertext, int ciphertextlen, + void *text, int textlen); void _gnutls_cipher_deinit (cipher_hd_st * handle); #endif /* GNUTLS_CIPHER_INT */ diff --git a/lib/gnutls_compress.c b/lib/gnutls_compress.c index 922819d3fd..2520832edd 100644 --- a/lib/gnutls_compress.c +++ b/lib/gnutls_compress.c @@ -38,17 +38,17 @@ */ int _gnutls_m_plaintext2compressed (gnutls_session_t session, - gnutls_datum_t * compressed, - const gnutls_datum_t * plaintext, - const record_parameters_st * params) + gnutls_datum_t * compressed, + const gnutls_datum_t * plaintext, + const record_parameters_st * params) { int size; opaque *data; size = _gnutls_compress (params->write.compression_state, - plaintext->data, plaintext->size, &data, - MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); + plaintext->data, plaintext->size, &data, + MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE); if (size < 0) { gnutls_assert (); @@ -62,17 +62,17 @@ _gnutls_m_plaintext2compressed (gnutls_session_t session, int _gnutls_m_compressed2plaintext (gnutls_session_t session, - gnutls_datum_t * plain, - const gnutls_datum_t * compressed, - const record_parameters_st * params) + gnutls_datum_t * plain, + const gnutls_datum_t * compressed, + const record_parameters_st * params) { int size; opaque *data; size = _gnutls_decompress (params->read.compression_state, - compressed->data, compressed->size, &data, - MAX_RECORD_RECV_SIZE); + compressed->data, compressed->size, &data, + MAX_RECORD_RECV_SIZE); if (size < 0) { gnutls_assert (); @@ -158,9 +158,9 @@ gnutls_compression_get_id (const char *name) gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN; GNUTLS_COMPRESSION_LOOP (if - (strcasecmp - (p->name + sizeof ("GNUTLS_COMP_") - 1, - name) == 0) ret = p->id); + (strcasecmp + (p->name + sizeof ("GNUTLS_COMP_") - 1, + name) == 0) ret = p->id); return ret; } @@ -261,7 +261,7 @@ _gnutls_compression_is_ok (gnutls_compression_method_t algorithm) #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms int _gnutls_supported_compression_methods (gnutls_session_t session, - uint8_t ** comp) + uint8_t ** comp) { unsigned int i, j; @@ -272,17 +272,17 @@ _gnutls_supported_compression_methods (gnutls_session_t session, for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++) { int tmp = - _gnutls_compression_get_num (session->internals. - priorities.compression.priority[i]); + _gnutls_compression_get_num (session->internals. + priorities.compression.priority[i]); /* remove private compression algorithms, if requested. */ if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO && - session->internals.enable_private == 0)) - { - gnutls_assert (); - continue; - } + session->internals.enable_private == 0)) + { + gnutls_assert (); + continue; + } (*comp)[j] = (uint8_t) tmp; j++; @@ -342,42 +342,42 @@ _gnutls_comp_init (gnutls_compression_method_t method, int d) case GNUTLS_COMP_DEFLATE: #ifdef HAVE_LIBZ { - int window_bits, mem_level; - int comp_level; - z_stream *zhandle; - int err; - - window_bits = get_wbits (method); - mem_level = get_mem_level (method); - comp_level = get_comp_level (method); - - ret->handle = gnutls_malloc (sizeof (z_stream)); - if (ret->handle == NULL) - { - gnutls_assert (); - goto cleanup_ret; - } - - zhandle = ret->handle; - - zhandle->zalloc = (alloc_func) 0; - zhandle->zfree = (free_func) 0; - zhandle->opaque = (voidpf) 0; - - if (d) - err = inflateInit2 (zhandle, window_bits); - else - { - err = deflateInit2 (zhandle, - comp_level, Z_DEFLATED, - window_bits, mem_level, Z_DEFAULT_STRATEGY); - } - if (err != Z_OK) - { - gnutls_assert (); - gnutls_free (ret->handle); - goto cleanup_ret; - } + int window_bits, mem_level; + int comp_level; + z_stream *zhandle; + int err; + + window_bits = get_wbits (method); + mem_level = get_mem_level (method); + comp_level = get_comp_level (method); + + ret->handle = gnutls_malloc (sizeof (z_stream)); + if (ret->handle == NULL) + { + gnutls_assert (); + goto cleanup_ret; + } + + zhandle = ret->handle; + + zhandle->zalloc = (alloc_func) 0; + zhandle->zfree = (free_func) 0; + zhandle->opaque = (voidpf) 0; + + if (d) + err = inflateInit2 (zhandle, window_bits); + else + { + err = deflateInit2 (zhandle, + comp_level, Z_DEFLATED, + window_bits, mem_level, Z_DEFAULT_STRATEGY); + } + if (err != Z_OK) + { + gnutls_assert (); + gnutls_free (ret->handle); + goto cleanup_ret; + } } break; #endif @@ -385,15 +385,15 @@ _gnutls_comp_init (gnutls_compression_method_t method, int d) #ifdef USE_LZO /* LZO does not use memory on decompressor */ if (!d) - { - ret->handle = gnutls_malloc (LZO1X_1_MEM_COMPRESS); - - if (ret->handle == NULL) - { - gnutls_assert (); - goto cleanup_ret; - } - } + { + ret->handle = gnutls_malloc (LZO1X_1_MEM_COMPRESS); + + if (ret->handle == NULL) + { + gnutls_assert (); + goto cleanup_ret; + } + } break; #endif case GNUTLS_COMP_NULL: @@ -417,22 +417,22 @@ _gnutls_comp_deinit (comp_hd_t handle, int d) if (handle != NULL) { switch (handle->algo) - { + { #ifdef HAVE_LIBZ - case GNUTLS_COMP_DEFLATE: - { - int err; - - if (d) - err = inflateEnd (handle->handle); - else - err = deflateEnd (handle->handle); - break; - } + case GNUTLS_COMP_DEFLATE: + { + int err; + + if (d) + err = inflateEnd (handle->handle); + else + err = deflateEnd (handle->handle); + break; + } #endif - default: - break; - } + default: + break; + } gnutls_free (handle->handle); gnutls_free (handle); @@ -444,8 +444,8 @@ _gnutls_comp_deinit (comp_hd_t handle, int d) int _gnutls_compress (comp_hd_t handle, const opaque * plain, - size_t plain_size, opaque ** compressed, - size_t max_comp_size) + size_t plain_size, opaque ** compressed, + size_t max_comp_size) { int compressed_size = GNUTLS_E_COMPRESSION_FAILED; @@ -462,80 +462,80 @@ _gnutls_compress (comp_hd_t handle, const opaque * plain, #ifdef USE_LZO case GNUTLS_COMP_LZO: { - lzo_uint out_len; - size_t size; - int err; - - if (_gnutls_lzo1x_1_compress == NULL) - return GNUTLS_E_COMPRESSION_FAILED; - - size = plain_size + plain_size / 64 + 16 + 3; - *compressed = gnutls_malloc (size); - if (*compressed == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - err = _gnutls_lzo1x_1_compress (plain, plain_size, *compressed, - &out_len, handle->handle); - - if (err != LZO_E_OK) - { - gnutls_assert (); - gnutls_free (*compressed); - *compressed = NULL; - return GNUTLS_E_COMPRESSION_FAILED; - } - - compressed_size = out_len; - break; + lzo_uint out_len; + size_t size; + int err; + + if (_gnutls_lzo1x_1_compress == NULL) + return GNUTLS_E_COMPRESSION_FAILED; + + size = plain_size + plain_size / 64 + 16 + 3; + *compressed = gnutls_malloc (size); + if (*compressed == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + err = _gnutls_lzo1x_1_compress (plain, plain_size, *compressed, + &out_len, handle->handle); + + if (err != LZO_E_OK) + { + gnutls_assert (); + gnutls_free (*compressed); + *compressed = NULL; + return GNUTLS_E_COMPRESSION_FAILED; + } + + compressed_size = out_len; + break; } #endif #ifdef HAVE_LIBZ case GNUTLS_COMP_DEFLATE: { - uLongf size; - z_stream *zhandle; - int err; - - size = (plain_size + plain_size) + 10; - *compressed = gnutls_malloc (size); - if (*compressed == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - zhandle = handle->handle; - - zhandle->next_in = (Bytef *) plain; - zhandle->avail_in = plain_size; - zhandle->next_out = (Bytef *) * compressed; - zhandle->avail_out = size; - - err = deflate (zhandle, Z_SYNC_FLUSH); - - if (err != Z_OK || zhandle->avail_in != 0) - { - gnutls_assert (); - gnutls_free (*compressed); - *compressed = NULL; - return GNUTLS_E_COMPRESSION_FAILED; - } - - compressed_size = size - zhandle->avail_out; - break; + uLongf size; + z_stream *zhandle; + int err; + + size = (plain_size + plain_size) + 10; + *compressed = gnutls_malloc (size); + if (*compressed == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + zhandle = handle->handle; + + zhandle->next_in = (Bytef *) plain; + zhandle->avail_in = plain_size; + zhandle->next_out = (Bytef *) * compressed; + zhandle->avail_out = size; + + err = deflate (zhandle, Z_SYNC_FLUSH); + + if (err != Z_OK || zhandle->avail_in != 0) + { + gnutls_assert (); + gnutls_free (*compressed); + *compressed = NULL; + return GNUTLS_E_COMPRESSION_FAILED; + } + + compressed_size = size - zhandle->avail_out; + break; } #endif default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; - } /* switch */ + } /* switch */ #ifdef COMPRESSION_DEBUG _gnutls_debug_log ("Compression ratio: %f\n", - (float) ((float) compressed_size / (float) plain_size)); + (float) ((float) compressed_size / (float) plain_size)); #endif if ((size_t) compressed_size > max_comp_size) @@ -552,8 +552,8 @@ _gnutls_compress (comp_hd_t handle, const opaque * plain, int _gnutls_decompress (comp_hd_t handle, opaque * compressed, - size_t compressed_size, opaque ** plain, - size_t max_record_size) + size_t compressed_size, opaque ** plain, + size_t max_record_size) { int plain_size = GNUTLS_E_DECOMPRESSION_FAILED; @@ -577,105 +577,105 @@ _gnutls_decompress (comp_hd_t handle, opaque * compressed, #ifdef USE_LZO case GNUTLS_COMP_LZO: { - lzo_uint out_size; - lzo_uint new_size; - int err; - - if (_gnutls_lzo1x_decompress_safe == NULL) - return GNUTLS_E_DECOMPRESSION_FAILED; - - *plain = NULL; - out_size = compressed_size + compressed_size; - plain_size = 0; - - do - { - out_size += 512; - *plain = gnutls_realloc_fast (*plain, out_size); - if (*plain == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - new_size = out_size; - err = - _gnutls_lzo1x_decompress_safe (compressed, - compressed_size, *plain, - &new_size, NULL); - - } - while ((err == LZO_E_OUTPUT_OVERRUN && out_size < max_record_size)); - - if (err != LZO_E_OK) - { - gnutls_assert (); - gnutls_free (*plain); - *plain = NULL; - return GNUTLS_E_DECOMPRESSION_FAILED; - } - - plain_size = new_size; - break; + lzo_uint out_size; + lzo_uint new_size; + int err; + + if (_gnutls_lzo1x_decompress_safe == NULL) + return GNUTLS_E_DECOMPRESSION_FAILED; + + *plain = NULL; + out_size = compressed_size + compressed_size; + plain_size = 0; + + do + { + out_size += 512; + *plain = gnutls_realloc_fast (*plain, out_size); + if (*plain == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + new_size = out_size; + err = + _gnutls_lzo1x_decompress_safe (compressed, + compressed_size, *plain, + &new_size, NULL); + + } + while ((err == LZO_E_OUTPUT_OVERRUN && out_size < max_record_size)); + + if (err != LZO_E_OK) + { + gnutls_assert (); + gnutls_free (*plain); + *plain = NULL; + return GNUTLS_E_DECOMPRESSION_FAILED; + } + + plain_size = new_size; + break; } #endif #ifdef HAVE_LIBZ case GNUTLS_COMP_DEFLATE: { - uLongf out_size; - z_stream *zhandle; - int cur_pos; - int err; - - *plain = NULL; - out_size = compressed_size + compressed_size; - plain_size = 0; - - zhandle = handle->handle; - - zhandle->next_in = (Bytef *) compressed; - zhandle->avail_in = compressed_size; - - cur_pos = 0; - - do - { - out_size += 512; - *plain = gnutls_realloc_fast (*plain, out_size); - if (*plain == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - zhandle->next_out = (Bytef *) (*plain + cur_pos); - zhandle->avail_out = out_size - cur_pos; - - err = inflate (zhandle, Z_SYNC_FLUSH); - - cur_pos = out_size - zhandle->avail_out; - - } - while ((err == Z_BUF_ERROR && zhandle->avail_out == 0 - && out_size < max_record_size) - || (err == Z_OK && zhandle->avail_in != 0)); - - if (err != Z_OK) - { - gnutls_assert (); - gnutls_free (*plain); - *plain = NULL; - return GNUTLS_E_DECOMPRESSION_FAILED; - } - - plain_size = out_size - zhandle->avail_out; - break; + uLongf out_size; + z_stream *zhandle; + int cur_pos; + int err; + + *plain = NULL; + out_size = compressed_size + compressed_size; + plain_size = 0; + + zhandle = handle->handle; + + zhandle->next_in = (Bytef *) compressed; + zhandle->avail_in = compressed_size; + + cur_pos = 0; + + do + { + out_size += 512; + *plain = gnutls_realloc_fast (*plain, out_size); + if (*plain == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + zhandle->next_out = (Bytef *) (*plain + cur_pos); + zhandle->avail_out = out_size - cur_pos; + + err = inflate (zhandle, Z_SYNC_FLUSH); + + cur_pos = out_size - zhandle->avail_out; + + } + while ((err == Z_BUF_ERROR && zhandle->avail_out == 0 + && out_size < max_record_size) + || (err == Z_OK && zhandle->avail_in != 0)); + + if (err != Z_OK) + { + gnutls_assert (); + gnutls_free (*plain); + *plain = NULL; + return GNUTLS_E_DECOMPRESSION_FAILED; + } + + plain_size = out_size - zhandle->avail_out; + break; } #endif default: gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; - } /* switch */ + } /* switch */ if ((size_t) plain_size > max_record_size) { diff --git a/lib/gnutls_compress.h b/lib/gnutls_compress.h index 87c9ca81bd..35af229d5c 100644 --- a/lib/gnutls_compress.h +++ b/lib/gnutls_compress.h @@ -26,17 +26,17 @@ #define GNUTLS_COMPRESS_H int _gnutls_m_plaintext2compressed (gnutls_session_t session, - gnutls_datum_t * compressed, - const gnutls_datum_t * plaintext, - const record_parameters_st * params); + gnutls_datum_t * compressed, + const gnutls_datum_t * plaintext, + const record_parameters_st * params); int _gnutls_m_compressed2plaintext (gnutls_session_t session, - gnutls_datum_t * plain, - const gnutls_datum_t * compressed, - const record_parameters_st * params); + gnutls_datum_t * plain, + const gnutls_datum_t * compressed, + const record_parameters_st * params); /* Algorithm handling. */ int _gnutls_supported_compression_methods (gnutls_session_t session, - uint8_t ** comp); + uint8_t ** comp); int _gnutls_compression_is_ok (gnutls_compression_method_t algorithm); int _gnutls_compression_get_num (gnutls_compression_method_t algorithm); gnutls_compression_method_t _gnutls_compression_get_id (int num); @@ -57,10 +57,10 @@ comp_hd_t _gnutls_comp_init (gnutls_compression_method_t, int d); void _gnutls_comp_deinit (comp_hd_t handle, int d); int _gnutls_decompress (comp_hd_t handle, opaque * compressed, - size_t compressed_size, opaque ** plain, - size_t max_record_size); + size_t compressed_size, opaque ** plain, + size_t max_record_size); int _gnutls_compress (comp_hd_t, const opaque * plain, size_t plain_size, - opaque ** compressed, size_t max_comp_size); + opaque ** compressed, size_t max_comp_size); struct gnutls_compression_entry { diff --git a/lib/gnutls_constate.c b/lib/gnutls_constate.c index 6120d109bc..a3f2b028de 100644 --- a/lib/gnutls_constate.c +++ b/lib/gnutls_constate.c @@ -59,7 +59,7 @@ static const int servwrite_length = sizeof (servwrite) - 1; */ static int _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, - int hash_size, int IV_size, int key_size, int export_flag) + int hash_size, int IV_size, int key_size, int export_flag) { /* FIXME: This function is too long */ @@ -70,7 +70,7 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, char buf[65]; /* avoid using malloc */ opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE + - 2 * MAX_CIPHER_BLOCK_SIZE]; + 2 * MAX_CIPHER_BLOCK_SIZE]; record_state_st *client_write, *server_write; client_write = @@ -85,50 +85,50 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, block_size += 2 * IV_size; memcpy (rnd, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (&rnd[GNUTLS_RANDOM_SIZE], - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); memcpy (rrnd, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (&rrnd[GNUTLS_RANDOM_SIZE], - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ + { /* SSL 3 */ ret = - _gnutls_ssl3_generate_random - (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd, - 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); + _gnutls_ssl3_generate_random + (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd, + 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); } else - { /* TLS 1.0 */ + { /* TLS 1.0 */ ret = - _gnutls_PRF (session, session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE, keyexp, keyexp_length, - rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); + _gnutls_PRF (session, session->security_parameters.master_secret, + GNUTLS_MASTER_SIZE, keyexp, keyexp_length, + rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block); } if (ret < 0) return gnutls_assert_val (ret); _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size, - _gnutls_bin2hex (key_block, block_size, buf, - sizeof (buf), NULL)); + _gnutls_bin2hex (key_block, block_size, buf, + sizeof (buf), NULL)); pos = 0; if (hash_size > 0) { if (_gnutls_sset_datum - (&client_write->mac_secret, &key_block[pos], hash_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&client_write->mac_secret, &key_block[pos], hash_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += hash_size; if (_gnutls_sset_datum - (&server_write->mac_secret, &key_block[pos], hash_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->mac_secret, &key_block[pos], hash_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += hash_size; } @@ -141,94 +141,94 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, int client_write_key_size, server_write_key_size; if (export_flag == 0) - { - client_write_key = &key_block[pos]; - client_write_key_size = key_size; + { + client_write_key = &key_block[pos]; + client_write_key_size = key_size; - pos += key_size; + pos += key_size; - server_write_key = &key_block[pos]; - server_write_key_size = key_size; + server_write_key = &key_block[pos]; + server_write_key_size = key_size; - pos += key_size; + pos += key_size; - } + } else - { /* export */ - client_write_key = key1; - server_write_key = key2; - - /* generate the final keys */ - - if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5 (&key_block[pos], - key_size, rrnd, - 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - client_write_key); - - } - else - { /* TLS 1.0 */ - ret = - _gnutls_PRF (session, &key_block[pos], key_size, - cliwrite, cliwrite_length, - rrnd, - 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, client_write_key); - } - - if (ret < 0) - return gnutls_assert_val (ret); - - client_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - - if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ - ret = - _gnutls_ssl3_hash_md5 (&key_block[pos], key_size, - rnd, 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, - server_write_key); - } - else - { /* TLS 1.0 */ - ret = - _gnutls_PRF (session, &key_block[pos], key_size, - servwrite, servwrite_length, - rrnd, 2 * GNUTLS_RANDOM_SIZE, - EXPORT_FINAL_KEY_SIZE, server_write_key); - } - - if (ret < 0) - return gnutls_assert_val (ret); - - server_write_key_size = EXPORT_FINAL_KEY_SIZE; - pos += key_size; - } + { /* export */ + client_write_key = key1; + server_write_key = key2; + + /* generate the final keys */ + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 (&key_block[pos], + key_size, rrnd, + 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + client_write_key); + + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (session, &key_block[pos], key_size, + cliwrite, cliwrite_length, + rrnd, + 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, client_write_key); + } + + if (ret < 0) + return gnutls_assert_val (ret); + + client_write_key_size = EXPORT_FINAL_KEY_SIZE; + pos += key_size; + + if (session->security_parameters.version == GNUTLS_SSL3) + { /* SSL 3 */ + ret = + _gnutls_ssl3_hash_md5 (&key_block[pos], key_size, + rnd, 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, + server_write_key); + } + else + { /* TLS 1.0 */ + ret = + _gnutls_PRF (session, &key_block[pos], key_size, + servwrite, servwrite_length, + rrnd, 2 * GNUTLS_RANDOM_SIZE, + EXPORT_FINAL_KEY_SIZE, server_write_key); + } + + if (ret < 0) + return gnutls_assert_val (ret); + + server_write_key_size = EXPORT_FINAL_KEY_SIZE; + pos += key_size; + } if (_gnutls_sset_datum - (&client_write->key, client_write_key, client_write_key_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&client_write->key, client_write_key, client_write_key_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n", - client_write_key_size, - _gnutls_bin2hex (client_write_key, - client_write_key_size, buf, - sizeof (buf), NULL)); + client_write_key_size, + _gnutls_bin2hex (client_write_key, + client_write_key_size, buf, + sizeof (buf), NULL)); if (_gnutls_sset_datum - (&server_write->key, server_write_key, server_write_key_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->key, server_write_key, server_write_key_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n", - server_write_key_size, - _gnutls_bin2hex (server_write_key, - server_write_key_size, buf, - sizeof (buf), NULL)); + server_write_key_size, + _gnutls_bin2hex (server_write_key, + server_write_key_size, buf, + sizeof (buf), NULL)); } @@ -238,14 +238,14 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, if (IV_size > 0 && export_flag == 0) { if (_gnutls_sset_datum - (&client_write->IV, &key_block[pos], IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&client_write->IV, &key_block[pos], IV_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += IV_size; if (_gnutls_sset_datum - (&server_write->IV, &key_block[pos], IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->IV, &key_block[pos], IV_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); pos += IV_size; @@ -255,36 +255,36 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2]; if (session->security_parameters.version == GNUTLS_SSL3) - { /* SSL 3 */ - ret = _gnutls_ssl3_hash_md5 ("", 0, - rrnd, GNUTLS_RANDOM_SIZE * 2, - IV_size, iv_block); + { /* SSL 3 */ + ret = _gnutls_ssl3_hash_md5 ("", 0, + rrnd, GNUTLS_RANDOM_SIZE * 2, + IV_size, iv_block); - if (ret < 0) - return gnutls_assert_val (ret); + if (ret < 0) + return gnutls_assert_val (ret); - ret = _gnutls_ssl3_hash_md5 ("", 0, rnd, - GNUTLS_RANDOM_SIZE * 2, - IV_size, &iv_block[IV_size]); + ret = _gnutls_ssl3_hash_md5 ("", 0, rnd, + GNUTLS_RANDOM_SIZE * 2, + IV_size, &iv_block[IV_size]); - } + } else - { /* TLS 1.0 */ - ret = _gnutls_PRF (session, "", 0, - ivblock, ivblock_length, rrnd, - 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block); - } + { /* TLS 1.0 */ + ret = _gnutls_PRF (session, "", 0, + ivblock, ivblock_length, rrnd, + 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block); + } if (ret < 0) - return gnutls_assert_val (ret); + return gnutls_assert_val (ret); if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); if (_gnutls_sset_datum - (&server_write->IV, &iv_block[IV_size], IV_size) < 0) - return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); + (&server_write->IV, &iv_block[IV_size], IV_size) < 0) + return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR); } return 0; @@ -292,13 +292,13 @@ _gnutls_set_keys (gnutls_session_t session, record_parameters_st * params, static int _gnutls_init_record_state (record_parameters_st * params, int read, - record_state_st * state) + record_state_st * state) { int ret; ret = _gnutls_cipher_init (&state->cipher_state, - params->cipher_algorithm, - &state->key, &state->IV); + params->cipher_algorithm, + &state->key, &state->IV); if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL) return gnutls_assert_val (ret); @@ -313,7 +313,7 @@ _gnutls_init_record_state (record_parameters_st * params, int read, int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, - int epoch_rel, cipher_suite_st * suite) + int epoch_rel, cipher_suite_st * suite) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -344,8 +344,8 @@ _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int _gnutls_epoch_set_compression (gnutls_session_t session, - int epoch_rel, - gnutls_compression_method_t comp_algo) + int epoch_rel, + gnutls_compression_method_t comp_algo) { record_parameters_st *params; int ret; @@ -368,7 +368,7 @@ _gnutls_epoch_set_compression (gnutls_session_t session, void _gnutls_epoch_set_null_algos (gnutls_session_t session, - record_parameters_st * params) + record_parameters_st * params) { /* This is only called on startup. We are extra paranoid about this because it may cause unencrypted application data to go out on @@ -490,8 +490,8 @@ _gnutls_connection_state_init (gnutls_session_t session) static int _gnutls_check_algos (gnutls_session_t session, - cipher_suite_st * suite, - gnutls_compression_method_t comp_algo) + cipher_suite_st * suite, + gnutls_compression_method_t comp_algo) { gnutls_cipher_algorithm_t cipher_algo; gnutls_mac_algorithm_t mac_algo; @@ -534,18 +534,18 @@ _gnutls_read_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session-> - security_parameters.current_cipher_suite, - session->internals.compression_method); + &session-> + security_parameters.current_cipher_suite, + session->internals.compression_method); if (ret < 0) - return ret; + return ret; ret = _gnutls_set_kx (session, - _gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_kx_algo + (&session-> + security_parameters.current_cipher_suite)); if (ret < 0) - return ret; + return ret; } else if (session->security_parameters.entity == GNUTLS_CLIENT) _gnutls_set_resumed_parameters (session); @@ -555,10 +555,10 @@ _gnutls_read_connection_state_init (gnutls_session_t session) return ret; _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", - session, - _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + session, + _gnutls_cipher_suite_get_name + (&session-> + security_parameters.current_cipher_suite)); session->security_parameters.epoch_read = epoch_next; _gnutls_epoch_gc (session); @@ -583,18 +583,18 @@ _gnutls_write_connection_state_init (gnutls_session_t session) if (session->internals.resumed == RESUME_FALSE) { ret = _gnutls_check_algos (session, - &session-> - security_parameters.current_cipher_suite, - session->internals.compression_method); + &session-> + security_parameters.current_cipher_suite, + session->internals.compression_method); if (ret < 0) - return ret; + return ret; ret = _gnutls_set_kx (session, - _gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_kx_algo + (&session-> + security_parameters.current_cipher_suite)); if (ret < 0) - return ret; + return ret; } else if (session->security_parameters.entity == GNUTLS_SERVER) _gnutls_set_resumed_parameters (session); @@ -604,9 +604,9 @@ _gnutls_write_connection_state_init (gnutls_session_t session) return gnutls_assert_val (ret); _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session, - _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_name + (&session-> + security_parameters.current_cipher_suite)); _gnutls_handshake_log ("HSK[%p]: Initializing internal [write] cipher sessions\n", session); @@ -638,7 +638,7 @@ _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo) static inline int epoch_resolve (gnutls_session_t session, - unsigned int epoch_rel, uint16_t * epoch_out) + unsigned int epoch_rel, uint16_t * epoch_out) { switch (epoch_rel) { @@ -656,7 +656,7 @@ epoch_resolve (gnutls_session_t session, default: if (epoch_rel > 0xffffu) - return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST); *epoch_out = epoch_rel; return 0; @@ -680,7 +680,7 @@ epoch_get_slot (gnutls_session_t session, uint16_t epoch) int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, - record_parameters_st ** params_out) + record_parameters_st ** params_out) { uint16_t epoch; record_parameters_st **params; @@ -701,7 +701,7 @@ _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, - record_parameters_st ** out) + record_parameters_st ** out) { record_parameters_st **slot; @@ -738,8 +738,8 @@ epoch_alive (gnutls_session_t session, record_parameters_st * params) /* DTLS will, in addition, need to check the epoch timeout value. */ return (params->epoch == sp->epoch_read - || params->epoch == sp->epoch_write - || params->epoch == sp->epoch_next); + || params->epoch == sp->epoch_write + || params->epoch == sp->epoch_next); } void @@ -753,10 +753,10 @@ _gnutls_epoch_gc (gnutls_session_t session) /* Free all dead cipher state */ for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL - && !epoch_alive (session, session->record_parameters[i])) + && !epoch_alive (session, session->record_parameters[i])) { - _gnutls_epoch_free (session, session->record_parameters[i]); - session->record_parameters[i] = NULL; + _gnutls_epoch_free (session, session->record_parameters[i]); + session->record_parameters[i] = NULL; } /* Look for contiguous NULLs at the start of the array */ diff --git a/lib/gnutls_constate.h b/lib/gnutls_constate.h index 4fad30bd84..aa1cad8e21 100644 --- a/lib/gnutls_constate.h +++ b/lib/gnutls_constate.h @@ -27,11 +27,11 @@ #define GNUTLS_CONSTATE_H int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel, - cipher_suite_st * suite); + cipher_suite_st * suite); int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel, - gnutls_compression_method_t comp_algo); + gnutls_compression_method_t comp_algo); void _gnutls_epoch_set_null_algos (gnutls_session_t session, - record_parameters_st * params); + record_parameters_st * params); int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch); int _gnutls_connection_state_init (gnutls_session_t session); int _gnutls_read_connection_state_init (gnutls_session_t session); @@ -40,11 +40,11 @@ int _gnutls_write_connection_state_init (gnutls_session_t session); int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo); int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel, - record_parameters_st ** params_out); + record_parameters_st ** params_out); int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch, - record_parameters_st ** out); + record_parameters_st ** out); void _gnutls_epoch_gc (gnutls_session_t session); void _gnutls_epoch_free (gnutls_session_t session, - record_parameters_st * state); + record_parameters_st * state); #endif diff --git a/lib/gnutls_datum.c b/lib/gnutls_datum.c index 7dd3fb7fd6..e21126c9ad 100644 --- a/lib/gnutls_datum.c +++ b/lib/gnutls_datum.c @@ -69,7 +69,7 @@ _gnutls_write_datum8 (opaque * dest, gnutls_datum_t dat) int _gnutls_set_datum_m (gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_alloc_function galloc_func) + size_t data_size, gnutls_alloc_function galloc_func) { if (data_size == 0 || data == NULL) { @@ -90,8 +90,8 @@ _gnutls_set_datum_m (gnutls_datum_t * dat, const void *data, int _gnutls_datum_append_m (gnutls_datum_t * dst, const void *data, - size_t data_size, - gnutls_realloc_function grealloc_func) + size_t data_size, + gnutls_realloc_function grealloc_func) { dst->data = grealloc_func (dst->data, data_size + dst->size); diff --git a/lib/gnutls_datum.h b/lib/gnutls_datum.h index eb89bf71e8..894821b95a 100644 --- a/lib/gnutls_datum.h +++ b/lib/gnutls_datum.h @@ -32,12 +32,12 @@ void _gnutls_write_datum32 (opaque * dest, gnutls_datum_t dat); void _gnutls_write_datum8 (opaque * dest, gnutls_datum_t dat); int _gnutls_set_datum_m (gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_alloc_function); + size_t data_size, gnutls_alloc_function); #define _gnutls_set_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_malloc) #define _gnutls_sset_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_secure_malloc) int _gnutls_datum_append_m (gnutls_datum_t * dat, const void *data, - size_t data_size, gnutls_realloc_function); + size_t data_size, gnutls_realloc_function); #define _gnutls_datum_append(x,y,z) _gnutls_datum_append_m(x,y,z, gnutls_realloc) void _gnutls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function); diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index c6ea2f5012..1c26ffb8c7 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -52,7 +52,7 @@ **/ void gnutls_db_set_retrieve_function (gnutls_session_t session, - gnutls_db_retr_func retr_func) + gnutls_db_retr_func retr_func) { session->internals.db_retrieve_func = retr_func; } @@ -70,7 +70,7 @@ gnutls_db_set_retrieve_function (gnutls_session_t session, **/ void gnutls_db_set_remove_function (gnutls_session_t session, - gnutls_db_remove_func rem_func) + gnutls_db_remove_func rem_func) { session->internals.db_remove_func = rem_func; } @@ -88,7 +88,7 @@ gnutls_db_set_remove_function (gnutls_session_t session, **/ void gnutls_db_set_store_function (gnutls_session_t session, - gnutls_db_store_func store_func) + gnutls_db_store_func store_func) { session->internals.db_store_func = store_func; } @@ -157,11 +157,11 @@ gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry) if (session_entry.data != NULL) if (timestamp - - ((security_parameters_st *) (session_entry.data))->timestamp <= - session->internals.expire_time - || ((security_parameters_st *) (session_entry.data))->timestamp > - timestamp - || ((security_parameters_st *) (session_entry.data))->timestamp == 0) + ((security_parameters_st *) (session_entry.data))->timestamp <= + session->internals.expire_time + || ((security_parameters_st *) (session_entry.data))->timestamp > + timestamp + || ((security_parameters_st *) (session_entry.data))->timestamp == 0) return GNUTLS_E_EXPIRED; return 0; @@ -224,7 +224,7 @@ _gnutls_db_func_is_ok (gnutls_session_t session) int _gnutls_server_restore_session (gnutls_session_t session, - uint8_t * session_id, int session_id_size) + uint8_t * session_id, int session_id_size) { gnutls_datum_t data; gnutls_datum_t key; @@ -262,7 +262,7 @@ _gnutls_server_restore_session (gnutls_session_t session, int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, - int session_id_size) + int session_id_size) { gnutls_datum_t key; @@ -277,7 +277,7 @@ _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, */ int _gnutls_store_session (gnutls_session_t session, - gnutls_datum_t session_id, gnutls_datum_t session_data) + gnutls_datum_t session_id, gnutls_datum_t session_data) { int ret = 0; @@ -308,7 +308,7 @@ _gnutls_store_session (gnutls_session_t session, if (session->internals.db_store_func != NULL) ret = session->internals.db_store_func (session->internals.db_ptr, - session_id, session_data); + session_id, session_data); return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); @@ -330,7 +330,7 @@ _gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id) if (session->internals.db_retrieve_func != NULL) ret = session->internals.db_retrieve_func (session->internals.db_ptr, - session_id); + session_id); return ret; @@ -355,7 +355,7 @@ _gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id) if (session->internals.db_remove_func != NULL) ret = session->internals.db_remove_func (session->internals.db_ptr, - session_id); + session_id); return (ret == 0 ? ret : GNUTLS_E_DB_ERROR); @@ -377,6 +377,6 @@ void gnutls_db_remove_session (gnutls_session_t session) { _gnutls_db_remove_session (session, - session->security_parameters.session_id, - session->security_parameters.session_id_size); + session->security_parameters.session_id, + session->security_parameters.session_id_size); } diff --git a/lib/gnutls_db.h b/lib/gnutls_db.h index 6f943c2758..911c5ec9ab 100644 --- a/lib/gnutls_db.h +++ b/lib/gnutls_db.h @@ -25,14 +25,14 @@ int _gnutls_server_register_current_session (gnutls_session_t session); int _gnutls_server_restore_session (gnutls_session_t session, - uint8_t * session_id, - int session_id_size); + uint8_t * session_id, + int session_id_size); int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id, - int session_id_size); + int session_id_size); int _gnutls_store_session (gnutls_session_t session, - gnutls_datum_t session_id, - gnutls_datum_t session_data); + gnutls_datum_t session_id, + gnutls_datum_t session_data); gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session, - gnutls_datum_t session_id); + gnutls_datum_t session_id); int _gnutls_remove_session (gnutls_session_t session, - gnutls_datum_t session_id); + gnutls_datum_t session_id); diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c index 64804d8187..2c6a6c32a2 100644 --- a/lib/gnutls_dh.c +++ b/lib/gnutls_dh.c @@ -75,7 +75,7 @@ gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime) { gnutls_assert (); if (ret_x) - *ret_x = NULL; + *ret_x = NULL; _gnutls_mpi_release (&x); return NULL; @@ -121,8 +121,8 @@ gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime) -*/ gnutls_dh_params_t _gnutls_get_dh_params (gnutls_dh_params_t dh_params, - gnutls_params_function * func, - gnutls_session_t session) + gnutls_params_function * func, + gnutls_session_t session) { gnutls_params_st params; int ret; @@ -139,10 +139,10 @@ _gnutls_get_dh_params (gnutls_dh_params_t dh_params, { ret = func (session, GNUTLS_PARAMS_DH, ¶ms); if (ret == 0 && params.type == GNUTLS_PARAMS_DH) - { - session->internals.params.dh_params = params.params.dh; - session->internals.params.free_dh_params = params.deinit; - } + { + session->internals.params.dh_params = params.params.dh; + session->internals.params.free_dh_params = params.deinit; + } } return session->internals.params.dh_params; diff --git a/lib/gnutls_dh.h b/lib/gnutls_dh.h index c37d343add..e5854e7262 100644 --- a/lib/gnutls_dh.h +++ b/lib/gnutls_dh.h @@ -32,7 +32,7 @@ bigint_t gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime); gnutls_dh_params_t _gnutls_get_dh_params (gnutls_dh_params_t dh_params, - gnutls_params_function * func, - gnutls_session_t session); + gnutls_params_function * func, + gnutls_session_t session); #endif diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 194de232c3..c85d9db89b 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -26,7 +26,7 @@ #include <gnutls_int.h> #include <gnutls_errors.h> #include <gnutls_datum.h> -#include <x509_b64.h> /* for PKCS3 PEM decoding */ +#include <x509_b64.h> /* for PKCS3 PEM decoding */ #include <gnutls_global.h> #include <gnutls_dh.h> #include <gnutls_pk.h> @@ -65,8 +65,8 @@ _gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes) **/ int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params, - const gnutls_datum_t * prime, - const gnutls_datum_t * generator) + const gnutls_datum_t * prime, + const gnutls_datum_t * generator) { bigint_t tmp_prime, tmp_g; size_t siz; @@ -220,8 +220,8 @@ gnutls_dh_params_generate2 (gnutls_dh_params_t params, unsigned int bits) **/ int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, - const gnutls_datum_t * pkcs3_params, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * pkcs3_params, + gnutls_x509_crt_fmt_t format) { ASN1_TYPE c2; int result, need_free = 0; @@ -232,16 +232,16 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, opaque *out; result = _gnutls_fbase64_decode ("DH PARAMETERS", - pkcs3_params->data, - pkcs3_params->size, &out); + pkcs3_params->data, + pkcs3_params->size, &out); if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } _params.data = out; _params.size = result; @@ -261,10 +261,10 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, { gnutls_assert (); if (need_free != 0) - { - gnutls_free (_params.data); - _params.data = NULL; - } + { + gnutls_free (_params.data); + _params.data = NULL; + } return _gnutls_asn2err (result); } @@ -332,9 +332,9 @@ gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, **/ int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, - gnutls_x509_crt_fmt_t format, - unsigned char *params_data, - size_t * params_data_size) + gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * params_data_size) { ASN1_TYPE c2; int result, _params_data_size; @@ -374,7 +374,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, /* Write PRIME */ if ((result = asn1_write_value (c2, "prime", - p_data, p_size)) != ASN1_SUCCESS) + p_data, p_size)) != ASN1_SUCCESS) { gnutls_assert (); gnutls_free (all_data); @@ -385,7 +385,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, /* Write the GENERATOR */ if ((result = asn1_write_value (c2, "base", - g_data, g_size)) != ASN1_SUCCESS) + g_data, g_size)) != ASN1_SUCCESS) { gnutls_assert (); gnutls_free (all_data); @@ -396,7 +396,7 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, gnutls_free (all_data); if ((result = asn1_write_value (c2, "privateValueLength", - NULL, 0)) != ASN1_SUCCESS) + NULL, 0)) != ASN1_SUCCESS) { gnutls_assert (); asn1_delete_structure (&c2); @@ -406,26 +406,26 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, if (format == GNUTLS_X509_FMT_DER) { if (params_data == NULL) - *params_data_size = 0; + *params_data_size = 0; _params_data_size = *params_data_size; result = - asn1_der_coding (c2, "", params_data, &_params_data_size, NULL); + asn1_der_coding (c2, "", params_data, &_params_data_size, NULL); *params_data_size = _params_data_size; asn1_delete_structure (&c2); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - if (result == ASN1_MEM_ERROR) - return GNUTLS_E_SHORT_MEMORY_BUFFER; + { + gnutls_assert (); + if (result == ASN1_MEM_ERROR) + return GNUTLS_E_SHORT_MEMORY_BUFFER; - return _gnutls_asn2err (result); - } + return _gnutls_asn2err (result); + } } else - { /* PEM */ + { /* PEM */ opaque *tmp; opaque *out; int len; @@ -435,20 +435,20 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, tmp = gnutls_malloc (len); if (tmp == NULL) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + asn1_delete_structure (&c2); + return GNUTLS_E_MEMORY_ERROR; + } if ((result = - asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (tmp); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } + asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (tmp); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); + } asn1_delete_structure (&c2); @@ -457,30 +457,30 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, gnutls_free (tmp); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } if (result == 0) - { /* oooops */ - gnutls_assert (); - gnutls_free (out); - return GNUTLS_E_INTERNAL_ERROR; - } + { /* oooops */ + gnutls_assert (); + gnutls_free (out); + return GNUTLS_E_INTERNAL_ERROR; + } if ((unsigned) result > *params_data_size) - { - gnutls_assert (); - gnutls_free (out); - *params_data_size = result; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + gnutls_assert (); + gnutls_free (out); + *params_data_size = result; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } *params_data_size = result - 1; if (params_data) - memcpy (params_data, out, result); + memcpy (params_data, out, result); gnutls_free (out); @@ -506,8 +506,8 @@ gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, **/ int gnutls_dh_params_export_raw (gnutls_dh_params_t params, - gnutls_datum_t * prime, - gnutls_datum_t * generator, unsigned int *bits) + gnutls_datum_t * prime, + gnutls_datum_t * generator, unsigned int *bits) { int ret; diff --git a/lib/gnutls_errors.c b/lib/gnutls_errors.c index 5485db384e..c7661cd4ad 100644 --- a/lib/gnutls_errors.c +++ b/lib/gnutls_errors.c @@ -43,9 +43,9 @@ struct gnutls_error_entry const char *desc; const char *_name; int number; - int fatal; /* whether this error is fatal and the session for handshake - * should be terminated. - */ + int fatal; /* whether this error is fatal and the session for handshake + * should be terminated. + */ }; typedef struct gnutls_error_entry gnutls_error_entry; @@ -53,270 +53,270 @@ static const gnutls_error_entry error_algorithms[] = { /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */ ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0), ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."), - GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1), + GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1), ERROR_ENTRY (N_("The cipher type is unsupported."), - GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1), + GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1), ERROR_ENTRY (N_("The certificate and the given key do not match."), - GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1), + GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1), ERROR_ENTRY (N_("Could not negotiate a supported compression method."), - GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1), + GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1), ERROR_ENTRY (N_("An unknown public key algorithm was encountered."), - GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1), + GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1), ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."), - GNUTLS_E_UNWANTED_ALGORITHM, 1), + GNUTLS_E_UNWANTED_ALGORITHM, 1), ERROR_ENTRY (N_("A large TLS record packet was received."), - GNUTLS_E_LARGE_PACKET, 1), + GNUTLS_E_LARGE_PACKET, 1), ERROR_ENTRY (N_("A record packet with illegal version was received."), - GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1), + GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1), ERROR_ENTRY (N_ - ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."), - GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1), + ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."), + GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1), ERROR_ENTRY (N_("A TLS packet with unexpected length was received."), - GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1), + GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1), ERROR_ENTRY (N_ - ("The specified session has been invalidated for some reason."), - GNUTLS_E_INVALID_SESSION, 1), + ("The specified session has been invalidated for some reason."), + GNUTLS_E_INVALID_SESSION, 1), ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1), ERROR_ENTRY (N_("An illegal TLS extension was received."), - GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1), + GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1), ERROR_ENTRY (N_("A TLS fatal alert has been received."), - GNUTLS_E_FATAL_ALERT_RECEIVED, 1), + GNUTLS_E_FATAL_ALERT_RECEIVED, 1), ERROR_ENTRY (N_("An unexpected TLS packet was received."), - GNUTLS_E_UNEXPECTED_PACKET, 1), + GNUTLS_E_UNEXPECTED_PACKET, 1), ERROR_ENTRY (N_("A TLS warning alert has been received."), - GNUTLS_E_WARNING_ALERT_RECEIVED, 0), + GNUTLS_E_WARNING_ALERT_RECEIVED, 0), ERROR_ENTRY (N_ - ("An error was encountered at the TLS Finished packet calculation."), - GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1), + ("An error was encountered at the TLS Finished packet calculation."), + GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1), ERROR_ENTRY (N_("The peer did not send any certificate."), - GNUTLS_E_NO_CERTIFICATE_FOUND, 1), + GNUTLS_E_NO_CERTIFICATE_FOUND, 1), ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."), - GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1), + GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1), ERROR_ENTRY (N_("No temporary RSA parameters were found."), - GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1), + GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1), ERROR_ENTRY (N_("No temporary DH parameters were found."), - GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1), + GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1), ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."), - GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1), + GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1), ERROR_ENTRY (N_("The scanning of a large integer has failed."), - GNUTLS_E_MPI_SCAN_FAILED, 1), + GNUTLS_E_MPI_SCAN_FAILED, 1), ERROR_ENTRY (N_("Could not export a large integer."), - GNUTLS_E_MPI_PRINT_FAILED, 1), + GNUTLS_E_MPI_PRINT_FAILED, 1), ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1), ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1), ERROR_ENTRY (N_("Public key decryption has failed."), - GNUTLS_E_PK_DECRYPTION_FAILED, 1), + GNUTLS_E_PK_DECRYPTION_FAILED, 1), ERROR_ENTRY (N_("Public key encryption has failed."), - GNUTLS_E_PK_ENCRYPTION_FAILED, 1), + GNUTLS_E_PK_ENCRYPTION_FAILED, 1), ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED, - 1), + 1), ERROR_ENTRY (N_("Public key signature verification has failed."), - GNUTLS_E_PK_SIG_VERIFY_FAILED, 1), + GNUTLS_E_PK_SIG_VERIFY_FAILED, 1), ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."), - GNUTLS_E_DECOMPRESSION_FAILED, 1), + GNUTLS_E_DECOMPRESSION_FAILED, 1), ERROR_ENTRY (N_("Compression of the TLS record packet has failed."), - GNUTLS_E_COMPRESSION_FAILED, 1), + GNUTLS_E_COMPRESSION_FAILED, 1), ERROR_ENTRY (N_("Internal error in memory allocation."), - GNUTLS_E_MEMORY_ERROR, 1), + GNUTLS_E_MEMORY_ERROR, 1), ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."), - GNUTLS_E_UNIMPLEMENTED_FEATURE, 1), + GNUTLS_E_UNIMPLEMENTED_FEATURE, 1), ERROR_ENTRY (N_("Insufficient credentials for that request."), - GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1), + GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1), ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1), ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD, - 1), + 1), ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1), ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1), ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR, - 1), + 1), ERROR_ENTRY (N_("Base64 unexpected header error."), - GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR, - 1), + GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR, + 1), ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR, - 1), + 1), ERROR_ENTRY (N_("Parsing error in password file."), - GNUTLS_E_SRP_PWD_PARSING_ERROR, 1), + GNUTLS_E_SRP_PWD_PARSING_ERROR, 1), ERROR_ENTRY (N_("The requested data were not available."), - GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1), + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1), ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1), ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1), ERROR_ENTRY (N_ - ("The upper limit of record packet sequence numbers has been reached. Wow!"), - GNUTLS_E_RECORD_LIMIT_REACHED, 1), + ("The upper limit of record packet sequence numbers has been reached. Wow!"), + GNUTLS_E_RECORD_LIMIT_REACHED, 1), ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR, - 1), + 1), ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."), - GNUTLS_E_X509_UNKNOWN_SAN, 1), + GNUTLS_E_X509_UNKNOWN_SAN, 1), ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."), - GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1), + GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1), ERROR_ENTRY (N_("Key usage violation in certificate has been detected."), - GNUTLS_E_KEY_USAGE_VIOLATION, 1), + GNUTLS_E_KEY_USAGE_VIOLATION, 1), ERROR_ENTRY (N_("Resource temporarily unavailable, try again."), - GNUTLS_E_AGAIN, 0), + GNUTLS_E_AGAIN, 0), ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0), ERROR_ENTRY (N_("Rehandshake was requested by the peer."), - GNUTLS_E_REHANDSHAKE, 0), + GNUTLS_E_REHANDSHAKE, 0), ERROR_ENTRY (N_ - ("TLS Application data were received, while expecting handshake data."), - GNUTLS_E_GOT_APPLICATION_DATA, 1), + ("TLS Application data were received, while expecting handshake data."), + GNUTLS_E_GOT_APPLICATION_DATA, 1), ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1), ERROR_ENTRY (N_("The certificate type is not supported."), - GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1), + GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1), ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."), - GNUTLS_E_SHORT_MEMORY_BUFFER, 1), + GNUTLS_E_SHORT_MEMORY_BUFFER, 1), ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1), ERROR_ENTRY (N_("An illegal parameter has been received."), - GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1), + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1), ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1), ERROR_ENTRY (N_("ASN1 parser: Element was not found."), - GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1), + GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1), ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"), - GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1), + GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1), ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."), - GNUTLS_E_ASN1_DER_ERROR, 1), + GNUTLS_E_ASN1_DER_ERROR, 1), ERROR_ENTRY (N_("ASN1 parser: Value was not found."), - GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1), + GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1), ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."), - GNUTLS_E_ASN1_GENERIC_ERROR, 1), + GNUTLS_E_ASN1_GENERIC_ERROR, 1), ERROR_ENTRY (N_("ASN1 parser: Value is not valid."), - GNUTLS_E_ASN1_VALUE_NOT_VALID, 1), + GNUTLS_E_ASN1_VALUE_NOT_VALID, 1), ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1), ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"), - GNUTLS_E_ASN1_TAG_IMPLICIT, 1), + GNUTLS_E_ASN1_TAG_IMPLICIT, 1), ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."), - GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1), + GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1), ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR, - 1), + 1), ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."), - GNUTLS_E_ASN1_DER_OVERFLOW, 1), + GNUTLS_E_ASN1_DER_OVERFLOW, 1), ERROR_ENTRY (N_("Too many empty record packets have been received."), - GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1), + GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1), ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."), - GNUTLS_E_INIT_LIBEXTRA, 1), + GNUTLS_E_INIT_LIBEXTRA, 1), ERROR_ENTRY (N_ - ("The GnuTLS library version does not match the GnuTLS-extra library version."), - GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1), + ("The GnuTLS library version does not match the GnuTLS-extra library version."), + GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1), ERROR_ENTRY (N_("The gcrypt library version is too old."), - GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1), + GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1), ERROR_ENTRY (N_("The tasn1 library version is too old."), - GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1), + GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1), ERROR_ENTRY (N_("The OpenPGP User ID is revoked."), - GNUTLS_E_OPENPGP_UID_REVOKED, 1), + GNUTLS_E_OPENPGP_UID_REVOKED, 1), ERROR_ENTRY (N_("Error loading the keyring."), - GNUTLS_E_OPENPGP_KEYRING_ERROR, 1), + GNUTLS_E_OPENPGP_KEYRING_ERROR, 1), ERROR_ENTRY (N_("The initialization of crypto backend has failed."), - GNUTLS_E_CRYPTO_INIT_FAILED, 1), + GNUTLS_E_CRYPTO_INIT_FAILED, 1), ERROR_ENTRY (N_("The initialization of LZO has failed."), - GNUTLS_E_LZO_INIT_FAILED, 1), + GNUTLS_E_LZO_INIT_FAILED, 1), ERROR_ENTRY (N_("No supported compression algorithms have been found."), - GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1), + GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1), ERROR_ENTRY (N_("No supported cipher suites have been found."), - GNUTLS_E_NO_CIPHER_SUITES, 1), + GNUTLS_E_NO_CIPHER_SUITES, 1), ERROR_ENTRY (N_("Could not get OpenPGP key."), - GNUTLS_E_OPENPGP_GETKEY_FAILED, 1), + GNUTLS_E_OPENPGP_GETKEY_FAILED, 1), ERROR_ENTRY (N_("Could not find OpenPGP subkey."), - GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1), + GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1), ERROR_ENTRY (N_("Safe renegotiation failed."), - GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1), + GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1), ERROR_ENTRY (N_("Unsafe renegotiation denied."), - GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1), + GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1), ERROR_ENTRY (N_("The SRP username supplied is illegal."), - GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), + GNUTLS_E_ILLEGAL_SRP_USERNAME, 1), ERROR_ENTRY (N_("The SRP username supplied is unknown."), - GNUTLS_E_UNKNOWN_SRP_USERNAME, 1), + GNUTLS_E_UNKNOWN_SRP_USERNAME, 1), ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."), - GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1), + GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1), ERROR_ENTRY (N_("The signature algorithm is not supported."), - GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1), + GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1), ERROR_ENTRY (N_("The certificate has unsupported attributes."), - GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), + GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1), ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID, - 1), + 1), ERROR_ENTRY (N_("The hash algorithm is unknown."), - GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1), + GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1), ERROR_ENTRY (N_("The PKCS structure's content type is unknown."), - GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1), + GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1), ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."), - GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1), + GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1), ERROR_ENTRY (N_("The given password contains invalid characters."), - GNUTLS_E_INVALID_PASSWORD, 1), + GNUTLS_E_INVALID_PASSWORD, 1), ERROR_ENTRY (N_("The Message Authentication Code verification failed."), - GNUTLS_E_MAC_VERIFY_FAILED, 1), + GNUTLS_E_MAC_VERIFY_FAILED, 1), ERROR_ENTRY (N_("Some constraint limits were reached."), - GNUTLS_E_CONSTRAINT_ERROR, 1), + GNUTLS_E_CONSTRAINT_ERROR, 1), ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED, - 1), + 1), ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"), - GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0), + GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0), ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"), - GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0), + GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0), ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"), - GNUTLS_E_IA_VERIFY_FAILED, 1), + GNUTLS_E_IA_VERIFY_FAILED, 1), ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."), - GNUTLS_E_UNKNOWN_ALGORITHM, 1), + GNUTLS_E_UNKNOWN_ALGORITHM, 1), ERROR_ENTRY (N_("The handshake data size is too large (DoS?), " - "check gnutls_handshake_set_max_packet_length()."), - GNUTLS_E_HANDSHAKE_TOO_LARGE, 1), + "check gnutls_handshake_set_max_packet_length()."), + GNUTLS_E_HANDSHAKE_TOO_LARGE, 1), ERROR_ENTRY (N_("Error opening /dev/crypto"), - GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1), + GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1), ERROR_ENTRY (N_("Error interfacing with /dev/crypto"), - GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1), + GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1), ERROR_ENTRY (N_("Channel binding data not available"), - GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1), + GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1), ERROR_ENTRY (N_("PKCS #11 error."), - GNUTLS_E_PKCS11_ERROR, 1), + GNUTLS_E_PKCS11_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 initialization error."), - GNUTLS_E_PKCS11_LOAD_ERROR, 1), + GNUTLS_E_PKCS11_LOAD_ERROR, 1), ERROR_ENTRY (N_("Error in parsing."), - GNUTLS_E_PARSING_ERROR, 1), + GNUTLS_E_PARSING_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in PIN."), - GNUTLS_E_PKCS11_PIN_ERROR, 1), + GNUTLS_E_PKCS11_PIN_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 PIN should be saved."), - GNUTLS_E_PKCS11_ERROR, 1), + GNUTLS_E_PKCS11_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in slot"), - GNUTLS_E_PKCS11_SLOT_ERROR, 1), + GNUTLS_E_PKCS11_SLOT_ERROR, 1), ERROR_ENTRY (N_("Thread locking error"), - GNUTLS_E_LOCKING_ERROR, 1), + GNUTLS_E_LOCKING_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in attribute"), - GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1), + GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in device"), - GNUTLS_E_PKCS11_DEVICE_ERROR, 1), + GNUTLS_E_PKCS11_DEVICE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in data"), - GNUTLS_E_PKCS11_DATA_ERROR, 1), + GNUTLS_E_PKCS11_DATA_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 unsupported feature"), - GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1), + GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in key"), - GNUTLS_E_PKCS11_KEY_ERROR, 1), + GNUTLS_E_PKCS11_KEY_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 PIN expired"), - GNUTLS_E_PKCS11_PIN_EXPIRED, 1), + GNUTLS_E_PKCS11_PIN_EXPIRED, 1), ERROR_ENTRY (N_("PKCS #11 PIN locked"), - GNUTLS_E_PKCS11_PIN_LOCKED, 1), + GNUTLS_E_PKCS11_PIN_LOCKED, 1), ERROR_ENTRY (N_("PKCS #11 error in session"), - GNUTLS_E_PKCS11_SESSION_ERROR, 1), + GNUTLS_E_PKCS11_SESSION_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in signature"), - GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1), + GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 error in token"), - GNUTLS_E_PKCS11_TOKEN_ERROR, 1), + GNUTLS_E_PKCS11_TOKEN_ERROR, 1), ERROR_ENTRY (N_("PKCS #11 user error"), - GNUTLS_E_PKCS11_USER_ERROR, 1), + GNUTLS_E_PKCS11_USER_ERROR, 1), {NULL, NULL, 0, 0} }; @@ -350,10 +350,10 @@ gnutls_error_is_fatal (int error) for (p = error_algorithms; p->desc != NULL; p++) { if (p->number == error) - { - ret = p->fatal; - break; - } + { + ret = p->fatal; + break; + } } return ret; @@ -394,10 +394,10 @@ gnutls_strerror (int error) for (p = error_algorithms; p->desc != NULL; p++) { if (p->number == error) - { - ret = p->desc; - break; - } + { + ret = p->desc; + break; + } } /* avoid prefix */ @@ -429,10 +429,10 @@ gnutls_strerror_name (int error) for (p = error_algorithms; p->desc != NULL; p++) { if (p->number == error) - { - ret = p->_name; - break; - } + { + ret = p->_name; + break; + } } return ret; @@ -490,7 +490,7 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) { gnutls_assert (); _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, - (int) binlen); + (int) binlen); return; } @@ -514,7 +514,7 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) { gnutls_assert (); _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res, - (int) binlen); + (int) binlen); gnutls_free (binbuf); return; } @@ -533,7 +533,7 @@ _gnutls_mpi_log (const char *prefix, bigint_t a) _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen, NULL); _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix, - hexbuf); + hexbuf); gnutls_free (hexbuf); gnutls_free (binbuf); diff --git a/lib/gnutls_extensions.c b/lib/gnutls_extensions.c index 81152911ad..a3b3c0f749 100644 --- a/lib/gnutls_extensions.c +++ b/lib/gnutls_extensions.c @@ -43,7 +43,7 @@ static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session, - uint16_t type); + uint16_t type); static size_t extfunc_size = 0; @@ -57,7 +57,7 @@ _gnutls_ext_parse_type (uint16_t type) for (i = 0; i < extfunc_size; i++) { if (extfunc[i].type == type) - return extfunc[i].parse_type; + return extfunc[i].parse_type; } return GNUTLS_EXT_NONE; @@ -71,7 +71,7 @@ _gnutls_ext_func_recv (uint16_t type, gnutls_ext_parse_type_t parse_type) for (i = 0; i < extfunc_size; i++) if (extfunc[i].type == type) if (parse_type == GNUTLS_EXT_ANY || extfunc[i].parse_type == parse_type) - return extfunc[i].recv_func; + return extfunc[i].recv_func; return NULL; } @@ -124,10 +124,10 @@ _gnutls_extension_list_check (gnutls_session_t session, uint16_t type) int i; for (i = 0; i < session->internals.extensions_sent_size; i++) - { - if (type == session->internals.extensions_sent[i]) - return 0; /* ok found */ - } + { + if (type == session->internals.extensions_sent[i]) + return 0; /* ok found */ + } return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION; } @@ -137,8 +137,8 @@ _gnutls_extension_list_check (gnutls_session_t session, uint16_t type) int _gnutls_parse_extensions (gnutls_session_t session, - gnutls_ext_parse_type_t parse_type, - const opaque * data, int data_size) + gnutls_ext_parse_type_t parse_type, + const opaque * data, int data_size) { int next, ret; int pos = 0; @@ -153,10 +153,10 @@ _gnutls_parse_extensions (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT) for (i = 0; i < session->internals.extensions_sent_size; i++) { - _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", - session, - _gnutls_extension_get_name - (session->internals.extensions_sent[i])); + _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n", + session, + _gnutls_extension_get_name + (session->internals.extensions_sent[i])); } #endif @@ -174,14 +174,14 @@ _gnutls_parse_extensions (gnutls_session_t session, #if 0 _gnutls_debug_log ("EXT[%p]: Found extension '%s/%d'\n", session, - _gnutls_extension_get_name (type), type); + _gnutls_extension_get_name (type), type); #endif if ((ret = _gnutls_extension_list_check (session, type)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } DECR_LENGTH_RET (next, 2, 0); size = _gnutls_read_uint16 (&data[pos]); @@ -193,17 +193,17 @@ _gnutls_parse_extensions (gnutls_session_t session, ext_recv = _gnutls_ext_func_recv (type, parse_type); if (ext_recv == NULL) - continue; + continue; _gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n", - session, _gnutls_extension_get_name (type), type, - size); + session, _gnutls_extension_get_name (type), type, + size); if ((ret = ext_recv (session, sdata, size)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } while (next > 2); @@ -223,21 +223,21 @@ _gnutls_extension_list_add (gnutls_session_t session, uint16_t type) if (session->security_parameters.entity == GNUTLS_CLIENT) { if (session->internals.extensions_sent_size < MAX_EXT_TYPES) - { - session->internals.extensions_sent[session->internals. - extensions_sent_size] = type; - session->internals.extensions_sent_size++; - } + { + session->internals.extensions_sent[session->internals. + extensions_sent_size] = type; + session->internals.extensions_sent_size++; + } else - { - _gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n"); - } + { + _gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n"); + } } } int _gnutls_gen_extensions (gnutls_session_t session, opaque * data, - size_t data_size, gnutls_ext_parse_type_t parse_type) + size_t data_size, gnutls_ext_parse_type_t parse_type) { int size; uint16_t pos = 0; @@ -267,57 +267,57 @@ _gnutls_gen_extensions (gnutls_session_t session, opaque * data, extension_entry_st *p = &extfunc[i]; if (p->send_func == NULL) - continue; + continue; if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type) - continue; + continue; size = p->send_func (session, sdata, sdata_size); if (size > 0 || size == GNUTLS_E_INT_RET_0) - { - if (size == GNUTLS_E_INT_RET_0) - size = 0; - - if (data_size < pos + (size_t) size + 4) - { - gnutls_assert (); - gnutls_free (sdata); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* write extension type */ - _gnutls_write_uint16 (p->type, &data[pos]); - pos += 2; - - /* write size */ - _gnutls_write_uint16 (size, &data[pos]); - pos += 2; - - memcpy (&data[pos], sdata, size); - pos += size; - - /* add this extension to the extension list - */ - _gnutls_extension_list_add (session, p->type); - - _gnutls_debug_log ("EXT[%p]: Sending extension %s (%d bytes)\n", - session, p->name, size); - } + { + if (size == GNUTLS_E_INT_RET_0) + size = 0; + + if (data_size < pos + (size_t) size + 4) + { + gnutls_assert (); + gnutls_free (sdata); + return GNUTLS_E_INTERNAL_ERROR; + } + + /* write extension type */ + _gnutls_write_uint16 (p->type, &data[pos]); + pos += 2; + + /* write size */ + _gnutls_write_uint16 (size, &data[pos]); + pos += 2; + + memcpy (&data[pos], sdata, size); + pos += size; + + /* add this extension to the extension list + */ + _gnutls_extension_list_add (session, p->type); + + _gnutls_debug_log ("EXT[%p]: Sending extension %s (%d bytes)\n", + session, p->name, size); + } else if (size < 0) - { - gnutls_assert (); - gnutls_free (sdata); - return size; - } + { + gnutls_assert (); + gnutls_free (sdata); + return size; + } } size = pos; - pos -= 2; /* remove the size of the size header! */ + pos -= 2; /* remove the size of the size header! */ _gnutls_write_uint16 (pos, data); if (size == 2) - { /* empty */ + { /* empty */ size = 0; } @@ -412,10 +412,10 @@ _gnutls_ext_register (extension_entry_st * mod) **/ int gnutls_ext_register (int type, - const char *name, - gnutls_ext_parse_type_t parse_type, - gnutls_ext_recv_func recv_func, - gnutls_ext_send_func send_func) + const char *name, + gnutls_ext_parse_type_t parse_type, + gnutls_ext_recv_func recv_func, + gnutls_ext_send_func send_func) { extension_entry_st ee; @@ -447,26 +447,26 @@ _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed) { ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data); if (ret >= 0 && extfunc[i].pack_func != NULL) - { - BUFFER_APPEND_NUM (packed, extfunc[i].type); - - size_offset = packed->length; - BUFFER_APPEND_NUM (packed, 0); - - cur_size = packed->length; - - ret = extfunc[i].pack_func (data, packed); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - exts++; - /* write the actual size */ - _gnutls_write_uint32 (packed->length - cur_size, - packed->data + size_offset); - } + { + BUFFER_APPEND_NUM (packed, extfunc[i].type); + + size_offset = packed->length; + BUFFER_APPEND_NUM (packed, 0); + + cur_size = packed->length; + + ret = extfunc[i].pack_func (data, packed); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + exts++; + /* write the actual size */ + _gnutls_write_uint32 (packed->length - cur_size, + packed->data + size_offset); + } } _gnutls_write_uint32 (exts, packed->data + total_exts_pos); @@ -485,34 +485,34 @@ _gnutls_ext_restore_resumed_session (gnutls_session_t session) for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.extension_int_data[i].set != 0 && - _gnutls_ext_parse_type (session->internals. - extension_int_data[i].type) != - GNUTLS_EXT_MANDATORY) - { - _gnutls_ext_unset_session_data (session, - session-> - internals.extension_int_data[i]. - type); - } + _gnutls_ext_parse_type (session->internals. + extension_int_data[i].type) != + GNUTLS_EXT_MANDATORY) + { + _gnutls_ext_unset_session_data (session, + session-> + internals.extension_int_data[i]. + type); + } } /* copy resumed to main */ for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.resumed_extension_int_data[i].set != 0 && - _gnutls_ext_parse_type (session-> - internals.resumed_extension_int_data[i]. - type) != GNUTLS_EXT_MANDATORY) - { - _gnutls_ext_set_session_data (session, - session-> - internals.resumed_extension_int_data - [i].type, - session-> - internals.resumed_extension_int_data - [i].priv); - session->internals.resumed_extension_int_data[i].set = 0; - } + _gnutls_ext_parse_type (session-> + internals.resumed_extension_int_data[i]. + type) != GNUTLS_EXT_MANDATORY) + { + _gnutls_ext_set_session_data (session, + session-> + internals.resumed_extension_int_data + [i].type, + session-> + internals.resumed_extension_int_data + [i].priv); + session->internals.resumed_extension_int_data[i].set = 0; + } } } @@ -520,24 +520,24 @@ _gnutls_ext_restore_resumed_session (gnutls_session_t session) static void _gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type, - extension_priv_data_t data) + extension_priv_data_t data) { int i; for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.resumed_extension_int_data[i].type == type - || session->internals.resumed_extension_int_data[i].set == 0) - { + || session->internals.resumed_extension_int_data[i].set == 0) + { - if (session->internals.resumed_extension_int_data[i].set != 0) - _gnutls_ext_unset_resumed_session_data (session, type); + if (session->internals.resumed_extension_int_data[i].set != 0) + _gnutls_ext_unset_resumed_session_data (session, type); - session->internals.resumed_extension_int_data[i].type = type; - session->internals.resumed_extension_int_data[i].priv = data; - session->internals.resumed_extension_int_data[i].set = 1; - return; - } + session->internals.resumed_extension_int_data[i].type = type; + session->internals.resumed_extension_int_data[i].priv = data; + session->internals.resumed_extension_int_data[i].set = 1; + return; + } } } @@ -562,25 +562,25 @@ _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed) unpack = _gnutls_ext_func_unpack (type); if (unpack == NULL) - { - gnutls_assert (); - return GNUTLS_E_PARSING_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; + } ret = unpack (packed, &data); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* verify that unpack read the correct bytes */ cur_pos = cur_pos - packed->length; if (cur_pos /* read length */ != size_for_type) - { - gnutls_assert (); - return GNUTLS_E_PARSING_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; + } _gnutls_ext_set_resumed_session_data (session, type, data); } @@ -609,17 +609,17 @@ _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type) for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.extension_int_data[i].type == type) - { - session->internals.extension_int_data[i].set = 0; - return; - } + { + session->internals.extension_int_data[i].set = 0; + return; + } } } static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session, - uint16_t type) + uint16_t type) { gnutls_ext_deinit_data_func deinit; extension_priv_data_t data; @@ -636,10 +636,10 @@ _gnutls_ext_unset_resumed_session_data (gnutls_session_t session, for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.resumed_extension_int_data[i].type == type) - { - session->internals.resumed_extension_int_data[i].set = 0; - return; - } + { + session->internals.resumed_extension_int_data[i].set = 0; + return; + } } } @@ -669,7 +669,7 @@ _gnutls_ext_free_session_data (gnutls_session_t session) */ void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type, - extension_priv_data_t data) + extension_priv_data_t data) { int i; gnutls_ext_deinit_data_func deinit; @@ -679,54 +679,54 @@ _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type, for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.extension_int_data[i].type == type - || session->internals.extension_int_data[i].set == 0) - { - if (session->internals.extension_int_data[i].set != 0) - { - if (deinit) - deinit (session->internals.extension_int_data[i].priv); - } - session->internals.extension_int_data[i].type = type; - session->internals.extension_int_data[i].priv = data; - session->internals.extension_int_data[i].set = 1; - return; - } + || session->internals.extension_int_data[i].set == 0) + { + if (session->internals.extension_int_data[i].set != 0) + { + if (deinit) + deinit (session->internals.extension_int_data[i].priv); + } + session->internals.extension_int_data[i].type = type; + session->internals.extension_int_data[i].priv = data; + session->internals.extension_int_data[i].set = 1; + return; + } } } int _gnutls_ext_get_session_data (gnutls_session_t session, - uint16_t type, extension_priv_data_t * data) + uint16_t type, extension_priv_data_t * data) { int i; for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.extension_int_data[i].set != 0 && - session->internals.extension_int_data[i].type == type) - { - *data = session->internals.extension_int_data[i].priv; - return 0; - } + session->internals.extension_int_data[i].type == type) + { + *data = session->internals.extension_int_data[i].priv; + return 0; + } } return GNUTLS_E_INVALID_REQUEST; } int _gnutls_ext_get_resumed_session_data (gnutls_session_t session, - uint16_t type, - extension_priv_data_t * data) + uint16_t type, + extension_priv_data_t * data) { int i; for (i = 0; i < MAX_EXT_TYPES; i++) { if (session->internals.resumed_extension_int_data[i].set != 0 && - session->internals.resumed_extension_int_data[i].type == type) - { - *data = session->internals.resumed_extension_int_data[i].priv; - return 0; - } + session->internals.resumed_extension_int_data[i].type == type) + { + *data = session->internals.resumed_extension_int_data[i].priv; + return 0; + } } return GNUTLS_E_INVALID_REQUEST; } diff --git a/lib/gnutls_extensions.h b/lib/gnutls_extensions.h index e6f3263da8..a381b823ec 100644 --- a/lib/gnutls_extensions.h +++ b/lib/gnutls_extensions.h @@ -27,10 +27,10 @@ #define GNUTLS_EXTENSIONS_H int _gnutls_parse_extensions (gnutls_session_t session, - gnutls_ext_parse_type_t parse_type, - const opaque * data, int data_size); + gnutls_ext_parse_type_t parse_type, + const opaque * data, int data_size); int _gnutls_gen_extensions (gnutls_session_t session, opaque * data, - size_t data_size, gnutls_ext_parse_type_t); + size_t data_size, gnutls_ext_parse_type_t); int _gnutls_ext_init (void); void _gnutls_ext_deinit (void); @@ -38,9 +38,9 @@ void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type); typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data); typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data, - gnutls_buffer_st * packed_data); + gnutls_buffer_st * packed_data); typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data, - extension_priv_data_t * data); + extension_priv_data_t * data); void _gnutls_ext_free_session_data (gnutls_session_t session); @@ -48,12 +48,12 @@ void _gnutls_ext_free_session_data (gnutls_session_t session); */ void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type); void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type, - extension_priv_data_t); + extension_priv_data_t); int _gnutls_ext_get_session_data (gnutls_session_t session, - uint16_t type, extension_priv_data_t *); + uint16_t type, extension_priv_data_t *); int _gnutls_ext_get_resumed_session_data (gnutls_session_t session, - uint16_t type, - extension_priv_data_t * data); + uint16_t type, + extension_priv_data_t * data); void _gnutls_ext_restore_resumed_session (gnutls_session_t session); @@ -80,11 +80,11 @@ typedef struct */ gnutls_ext_send_func send_func; - gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize - * internal data - */ - gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */ - gnutls_ext_unpack_func unpack_func; /* unpacks internal data */ + gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize + * internal data + */ + gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */ + gnutls_ext_unpack_func unpack_func; /* unpacks internal data */ } extension_entry_st; diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c index ae9bdf6eb0..1a59bdfc19 100644 --- a/lib/gnutls_global.c +++ b/lib/gnutls_global.c @@ -30,7 +30,7 @@ #include <random.h> #include <gnutls/pkcs11.h> -#include <gnutls_extensions.h> /* for _gnutls_ext_init */ +#include <gnutls_extensions.h> /* for _gnutls_ext_init */ #include <gnutls_cryptodev.h> #include <locks.h> @@ -48,7 +48,7 @@ ASN1_TYPE _gnutls_pkix1_asn; ASN1_TYPE _gnutls_gnutls_asn; gnutls_log_func _gnutls_log_func; -int _gnutls_log_level = 0; /* default log level */ +int _gnutls_log_level = 0; /* default log level */ /** * gnutls_global_set_log_function: @@ -104,10 +104,10 @@ gnutls_global_set_log_level (int level) **/ void gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func, - gnutls_alloc_function secure_alloc_func, - gnutls_is_secure_function is_secure_func, - gnutls_realloc_function realloc_func, - gnutls_free_function free_func) + gnutls_alloc_function secure_alloc_func, + gnutls_is_secure_function is_secure_func, + gnutls_realloc_function realloc_func, + gnutls_free_function free_func) { gnutls_secure_malloc = secure_alloc_func; gnutls_malloc = alloc_func; @@ -127,7 +127,7 @@ gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func, gnutls_calloc = calloc; } else - { /* use the included ones */ + { /* use the included ones */ gnutls_calloc = _gnutls_calloc; } gnutls_strdup = _gnutls_strdup; @@ -195,8 +195,8 @@ gnutls_global_init (void) { gnutls_assert (); _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n", - asn1_check_version (NULL), - GNUTLS_MIN_LIBTASN1_VERSION); + asn1_check_version (NULL), + GNUTLS_MIN_LIBTASN1_VERSION); return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY; } diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index e69bad4bf4..5715306f3a 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -52,9 +52,9 @@ #include <ext_srp.h> #include <ext_session_ticket.h> #include <ext_safe_renegotiation.h> -#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */ -#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */ -#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */ +#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */ +#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */ +#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */ #include <random.h> #ifdef HANDSHAKE_DEBUG @@ -68,12 +68,12 @@ static int _gnutls_handshake_hash_init (gnutls_session_t session); static int _gnutls_server_select_comp_method (gnutls_session_t session, - opaque * data, int datalen); + opaque * data, int datalen); static int _gnutls_handshake_hash_add_recvd (gnutls_session_t session, - gnutls_handshake_description_t recv_type, - opaque * header, uint16_t header_size, - opaque * dataptr, uint32_t datalen); + gnutls_handshake_description_t recv_type, + opaque * header, uint16_t header_size, + opaque * dataptr, uint32_t datalen); @@ -86,17 +86,17 @@ _gnutls_handshake_hash_buffers_clear (gnutls_session_t session) HANDSHAKE_MAC_TYPE_10) { _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5, - NULL); + NULL); _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.sha, - NULL); + NULL); } else if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_12) + HANDSHAKE_MAC_TYPE_12) { _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12. - sha256, NULL); + sha256, NULL); _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12. - sha1, NULL); + sha1, NULL); } session->security_parameters.handshake_mac_handle_type = 0; session->internals.handshake_mac_handle_init = 0; @@ -112,24 +112,24 @@ resume_copy_required_values (gnutls_session_t session) { /* get the new random values */ memcpy (session->internals.resumed_security_parameters.server_random, - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); memcpy (session->internals.resumed_security_parameters.client_random, - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); /* keep the ciphersuite and compression * That is because the client must see these in our * hello message. */ memcpy (session->security_parameters.current_cipher_suite.suite, - session->internals.resumed_security_parameters.current_cipher_suite. - suite, 2); + session->internals.resumed_security_parameters.current_cipher_suite. + suite, 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - internals.resumed_security_parameters.current_cipher_suite); + &session-> + internals.resumed_security_parameters.current_cipher_suite); _gnutls_epoch_set_compression (session, EPOCH_NEXT, - session-> - internals.resumed_compression_method); + session-> + internals.resumed_compression_method); /* or write_compression_algorithm * they are the same @@ -139,15 +139,15 @@ resume_copy_required_values (gnutls_session_t session) session->internals.resumed_security_parameters.entity; _gnutls_set_current_version (session, - session->internals.resumed_security_parameters. - version); + session->internals.resumed_security_parameters. + version); session->security_parameters.cert_type = session->internals.resumed_security_parameters.cert_type; memcpy (session->security_parameters.session_id, - session->internals.resumed_security_parameters.session_id, - sizeof (session->security_parameters.session_id)); + session->internals.resumed_security_parameters.session_id, + sizeof (session->security_parameters.session_id)); session->security_parameters.session_id_size = session->internals.resumed_security_parameters.session_id_size; @@ -157,14 +157,14 @@ void _gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd) { memcpy (session->security_parameters.server_random, rnd, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); } void _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd) { memcpy (session->security_parameters.client_random, rnd, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); } /* Calculate The SSL3 Finished message @@ -185,25 +185,25 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) HANDSHAKE_MAC_TYPE_10) { rc = - _gnutls_hash_copy (&td_md5, - &session->internals.handshake_mac_handle.tls10. - md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle.tls10. + md5); if (rc < 0) - { - gnutls_assert (); - return rc; - } + { + gnutls_assert (); + return rc; + } rc = - _gnutls_hash_copy (&td_sha, - &session->internals.handshake_mac_handle.tls10. - sha); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls10. + sha); if (rc < 0) - { - gnutls_assert (); - _gnutls_hash_deinit (&td_md5, NULL); - return rc; - } + { + gnutls_assert (); + _gnutls_hash_deinit (&td_md5, NULL); + return rc; + } } else { @@ -224,13 +224,13 @@ _gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret) _gnutls_hash (&td_sha, mesg, siz); _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret, - session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE); _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16], - session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE); return 0; } @@ -255,41 +255,41 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret) HANDSHAKE_MAC_TYPE_10) { rc = - _gnutls_hash_copy (&td_md5, - &session->internals.handshake_mac_handle.tls10. - md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle.tls10. + md5); if (rc < 0) - { - gnutls_assert (); - return rc; - } + { + gnutls_assert (); + return rc; + } rc = - _gnutls_hash_copy (&td_sha, - &session->internals.handshake_mac_handle.tls10. - sha); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls10. + sha); if (rc < 0) - { - gnutls_assert (); - _gnutls_hash_deinit (&td_md5, NULL); - return rc; - } + { + gnutls_assert (); + _gnutls_hash_deinit (&td_md5, NULL); + return rc; + } _gnutls_hash_deinit (&td_md5, concat); _gnutls_hash_deinit (&td_sha, &concat[16]); } else if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_12) + HANDSHAKE_MAC_TYPE_12) { rc = - _gnutls_hash_copy (&td_sha, - &session->internals.handshake_mac_handle.tls12. - sha256); + _gnutls_hash_copy (&td_sha, + &session->internals.handshake_mac_handle.tls12. + sha256); if (rc < 0) - { - gnutls_assert (); - return rc; - } + { + gnutls_assert (); + return rc; + } _gnutls_hash_deinit (&td_sha, concat); len = _gnutls_hash_get_algo_len (td_sha.algorithm); @@ -305,7 +305,7 @@ _gnutls_finished (gnutls_session_t session, int type, void *ret) } return _gnutls_PRF (session, session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); + GNUTLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret); } /* this function will produce GNUTLS_RANDOM_SIZE==32 bytes of random data @@ -340,7 +340,7 @@ _gnutls_tls_create_random (opaque * dst) */ int _gnutls_negotiate_version (gnutls_session_t session, - gnutls_protocol_t adv_version) + gnutls_protocol_t adv_version) { int ret; @@ -352,12 +352,12 @@ _gnutls_negotiate_version (gnutls_session_t session, */ ret = _gnutls_version_max (session); if (ret == GNUTLS_VERSION_UNKNOWN) - { - /* this check is not really needed. - */ - gnutls_assert (); - return GNUTLS_E_UNKNOWN_CIPHER_SUITE; - } + { + /* this check is not really needed. + */ + gnutls_assert (); + return GNUTLS_E_UNKNOWN_CIPHER_SUITE; + } } else { @@ -371,7 +371,7 @@ _gnutls_negotiate_version (gnutls_session_t session, int _gnutls_user_hello_func (gnutls_session_t session, - gnutls_protocol_t adv_version) + gnutls_protocol_t adv_version) { int ret; @@ -379,19 +379,19 @@ _gnutls_user_hello_func (gnutls_session_t session, { ret = session->internals.user_hello_func (session); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* Here we need to renegotiate the version since the callee might * have disabled some TLS versions. */ ret = _gnutls_negotiate_version (session, adv_version); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } return 0; } @@ -403,7 +403,7 @@ _gnutls_user_hello_func (gnutls_session_t session, */ static int _gnutls_read_client_hello (gnutls_session_t session, opaque * data, - int datalen) + int datalen) { uint8_t session_id_len; int pos = 0, ret; @@ -414,13 +414,13 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, opaque rnd[GNUTLS_RANDOM_SIZE], *suite_ptr, *comp_ptr, *session_id; if (session->internals.v2_hello != 0) - { /* version 2.0 */ + { /* version 2.0 */ return _gnutls_read_client_hello_v2 (session, data, datalen); } DECR_LEN (len, 2); _gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session, - data[pos], data[pos + 1]); + data[pos], data[pos + 1]); adv_version = _gnutls_version_get (data[pos], data[pos + 1]); set_adv_version (session, data[pos], data[pos + 1]); @@ -461,7 +461,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, pos += session_id_len; if (ret == 0) - { /* resumed using default TLS resumption! */ + { /* resumed using default TLS resumption! */ /* Parse only the safe renegotiation extension * We don't want to parse any other extensions since * we don't want new extension values to overwrite the @@ -477,17 +477,17 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, pos += suite_size; DECR_LEN (len, 1); - comp_size = data[pos++]; /* z is the number of compression methods */ + comp_size = data[pos++]; /* z is the number of compression methods */ DECR_LEN (len, comp_size); pos += comp_size; ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY, - &data[pos], len); + &data[pos], len); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } resume_copy_required_values (session); session->internals.resumed = RESUME_TRUE; @@ -497,8 +497,8 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, else { _gnutls_generate_session_id (session->security_parameters.session_id, - &session-> - security_parameters.session_id_size); + &session-> + security_parameters.session_id_size); session->internals.resumed = RESUME_FALSE; } @@ -516,7 +516,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, /* Point to the compression methods */ DECR_LEN (len, 1); - comp_size = data[pos++]; /* z is the number of compression methods */ + comp_size = data[pos++]; /* z is the number of compression methods */ DECR_LEN (len, comp_size); comp_ptr = &data[pos]; @@ -528,7 +528,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, * sslv3 and higher, even though sslv3 doesn't officially support them. */ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION, - &data[pos], len); + &data[pos], len); /* len is the rest of the parsed length */ if (ret < 0) { @@ -544,7 +544,7 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, } ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY, - &data[pos], len); + &data[pos], len); if (ret < 0) { gnutls_assert (); @@ -563,14 +563,14 @@ _gnutls_read_client_hello (gnutls_session_t session, opaque * data, { /* to indicate the client that the current session is resumed */ memcpy (session->internals.resumed_security_parameters.session_id, - session_id, session_id_len); + session_id, session_id_len); session->internals.resumed_security_parameters.session_id_size = - session_id_len; + session_id_len; session->internals.resumed_security_parameters.max_record_recv_size = - session->security_parameters.max_record_recv_size; + session->security_parameters.max_record_recv_size; session->internals.resumed_security_parameters.max_record_send_size = - session->security_parameters.max_record_send_size; + session->security_parameters.max_record_send_size; resume_copy_required_values (session); @@ -623,21 +623,21 @@ _gnutls_handshake_hash_pending (gnutls_session_t session) if (siz > 0) { if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_10) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, - data, siz); - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, - data, siz); - } + HANDSHAKE_MAC_TYPE_10) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, + data, siz); + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, + data, siz); + } else if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_12) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, - data, siz); - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, - data, siz); - } + HANDSHAKE_MAC_TYPE_12) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, + data, siz); + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, + data, siz); + } } _gnutls_handshake_buffer_empty (session); @@ -661,69 +661,69 @@ _gnutls_send_finished (gnutls_session_t session, int again) if (again == 0) { bufel = - _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE); + _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE); if (bufel == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } data = _mbuffer_get_udata_ptr (bufel); /* This is needed in order to hash all the required * messages. */ if ((ret = _gnutls_handshake_hash_pending (session)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) - { - ret = - _gnutls_ssl3_finished (session, - session->security_parameters.entity, data); - _mbuffer_set_udata_size (bufel, 36); - } + { + ret = + _gnutls_ssl3_finished (session, + session->security_parameters.entity, data); + _mbuffer_set_udata_size (bufel, 36); + } else - { /* TLS 1.0+ */ - ret = _gnutls_finished (session, - session->security_parameters.entity, data); - _mbuffer_set_udata_size (bufel, 12); - } + { /* TLS 1.0+ */ + ret = _gnutls_finished (session, + session->security_parameters.entity, data); + _mbuffer_set_udata_size (bufel, 12); + } if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } vdata_size = _mbuffer_get_udata_size (bufel); if (session->internals.finished_func) - session->internals.finished_func (session, data, vdata_size); + session->internals.finished_func (session, data, vdata_size); ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if ((session->internals.resumed == RESUME_FALSE - && session->security_parameters.entity == GNUTLS_CLIENT) - || (session->internals.resumed == RESUME_TRUE - && session->security_parameters.entity == GNUTLS_SERVER)) - { - /* if we are a client not resuming - or we are a server resuming */ - _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n", - session); - memcpy (session->internals.cb_tls_unique, data, vdata_size); - session->internals.cb_tls_unique_len = vdata_size; - } + && session->security_parameters.entity == GNUTLS_CLIENT) + || (session->internals.resumed == RESUME_TRUE + && session->security_parameters.entity == GNUTLS_SERVER)) + { + /* if we are a client not resuming - or we are a server resuming */ + _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n", + session); + memcpy (session->internals.cb_tls_unique, data, vdata_size); + session->internals.cb_tls_unique_len = vdata_size; + } ret = - _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED); + _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED); } else { @@ -746,7 +746,7 @@ _gnutls_recv_finished (gnutls_session_t session) ret = _gnutls_recv_handshake (session, &vrfy, &vrfysize, - GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); + GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET); if (ret < 0) { ERR ("recv finished int", ret); @@ -774,16 +774,16 @@ _gnutls_recv_finished (gnutls_session_t session) if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) { ret = - _gnutls_ssl3_finished (session, - (session->security_parameters.entity + 1) % 2, - data); + _gnutls_ssl3_finished (session, + (session->security_parameters.entity + 1) % 2, + data); } else - { /* TLS 1.0 */ + { /* TLS 1.0 */ ret = - _gnutls_finished (session, - (session->security_parameters.entity + - 1) % 2, data); + _gnutls_finished (session, + (session->security_parameters.entity + + 1) % 2, data); } if (ret < 0) @@ -810,11 +810,11 @@ _gnutls_recv_finished (gnutls_session_t session) if ((session->internals.resumed == RESUME_TRUE && session->security_parameters.entity == GNUTLS_CLIENT) || (session->internals.resumed == RESUME_FALSE - && session->security_parameters.entity == GNUTLS_SERVER)) + && session->security_parameters.entity == GNUTLS_SERVER)) { /* if we are a client resuming - or we are a server not resuming */ _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n", - session); + session); memcpy (session->internals.cb_tls_unique, data, data_size); session->internals.cb_tls_unique_len = data_size; } @@ -829,7 +829,7 @@ _gnutls_recv_finished (gnutls_session_t session) */ static int _gnutls_server_find_pk_algos_in_ciphersuites (const opaque * - data, unsigned int datalen) + data, unsigned int datalen) { unsigned int j; gnutls_pk_algorithm_t algo = GNUTLS_PK_NONE, prev_algo = 0; @@ -848,13 +848,13 @@ _gnutls_server_find_pk_algos_in_ciphersuites (const opaque * kx = _gnutls_cipher_suite_get_kx_algo (&cs); if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE) - { - algo = _gnutls_map_pk_get_pk (kx); + { + algo = _gnutls_map_pk_get_pk (kx); - if (algo != prev_algo && prev_algo != 0) - return GNUTLS_PK_ANY; - prev_algo = algo; - } + if (algo != prev_algo && prev_algo != 0) + return GNUTLS_PK_ANY; + prev_algo = algo; + } } return algo; @@ -865,14 +865,14 @@ _gnutls_server_find_pk_algos_in_ciphersuites (const opaque * */ int _gnutls_server_select_suite (gnutls_session_t session, opaque * data, - int datalen) + int datalen) { int x, i, j; cipher_suite_st *ciphers, cs; int retval, err; - gnutls_pk_algorithm_t pk_algo; /* will hold the pk algorithms - * supported by the peer. - */ + gnutls_pk_algorithm_t pk_algo; /* will hold the pk algorithms + * supported by the peer. + */ /* First, check for safe renegotiation SCSV. */ @@ -881,29 +881,29 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, int offset; for (offset = 0; offset < datalen; offset += 2) - { - /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */ - if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR && - data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) - { - _gnutls_handshake_log - ("HSK[%p]: Received safe renegotiation CS\n", session); - retval = _gnutls_ext_sr_recv_cs (session); - if (retval < 0) - { - gnutls_assert (); - return retval; - } - break; - } - } + { + /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */ + if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR && + data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR) + { + _gnutls_handshake_log + ("HSK[%p]: Received safe renegotiation CS\n", session); + retval = _gnutls_ext_sr_recv_cs (session); + if (retval < 0) + { + gnutls_assert (); + return retval; + } + break; + } + } } pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen); x = _gnutls_supported_ciphersuites (session, &ciphers); if (x < 0) - { /* the case x==0 is handled within the function. */ + { /* the case x==0 is handled within the function. */ gnutls_assert (); return x; } @@ -918,9 +918,9 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, gnutls_assert (); gnutls_free (ciphers); if (x < 0) - return x; + return x; else - return GNUTLS_E_UNKNOWN_CIPHER_SUITE; + return GNUTLS_E_UNKNOWN_CIPHER_SUITE; } /* Data length should be zero mod 2 since @@ -943,7 +943,7 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, _gnutls_handshake_log ("HSK[%p]: Supported cipher suites: \n", session); for (j = 0; j < x; j++) _gnutls_handshake_log ("\t%s\n", - _gnutls_cipher_suite_get_name (&ciphers[j])); + _gnutls_cipher_suite_get_name (&ciphers[j])); #endif memset (session->security_parameters.current_cipher_suite.suite, '\0', 2); @@ -952,25 +952,25 @@ _gnutls_server_select_suite (gnutls_session_t session, opaque * data, for (j = 0; j < datalen; j += 2) { for (i = 0; i < x; i++) - { - if (memcmp (ciphers[i].suite, &data[j], 2) == 0) - { - memcpy (&cs.suite, &data[j], 2); + { + if (memcmp (ciphers[i].suite, &data[j], 2) == 0) + { + memcpy (&cs.suite, &data[j], 2); - _gnutls_handshake_log - ("HSK[%p]: Selected cipher suite: %s\n", session, - _gnutls_cipher_suite_get_name (&cs)); - memcpy (session->security_parameters.current_cipher_suite.suite, - ciphers[i].suite, 2); - _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - security_parameters.current_cipher_suite); + _gnutls_handshake_log + ("HSK[%p]: Selected cipher suite: %s\n", session, + _gnutls_cipher_suite_get_name (&cs)); + memcpy (session->security_parameters.current_cipher_suite.suite, + ciphers[i].suite, 2); + _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, + &session-> + security_parameters.current_cipher_suite); - retval = 0; - goto finish; - } - } + retval = 0; + goto finish; + } + } } finish: @@ -987,7 +987,7 @@ finish: if (_gnutls_get_kx_cred (session, _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite), + security_parameters.current_cipher_suite), &err) == NULL && err != 0) { gnutls_assert (); @@ -1001,14 +1001,14 @@ finish: */ session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (&session-> + security_parameters.current_cipher_suite)); if (session->internals.auth_struct == NULL) { _gnutls_handshake_log - ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n", - session); + ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n", + session); gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } @@ -1022,7 +1022,7 @@ finish: */ static int _gnutls_server_select_comp_method (gnutls_session_t session, - opaque * data, int datalen) + opaque * data, int datalen) { int x, i, j; uint8_t *comps; @@ -1035,31 +1035,31 @@ _gnutls_server_select_comp_method (gnutls_session_t session, } memset (&session->internals.compression_method, 0, - sizeof (gnutls_compression_method_t)); + sizeof (gnutls_compression_method_t)); for (j = 0; j < datalen; j++) { for (i = 0; i < x; i++) - { - if (comps[i] == data[j]) - { - gnutls_compression_method_t method = - _gnutls_compression_get_id (comps[i]); + { + if (comps[i] == data[j]) + { + gnutls_compression_method_t method = + _gnutls_compression_get_id (comps[i]); - session->internals.compression_method = method; - gnutls_free (comps); + session->internals.compression_method = method; + gnutls_free (comps); - _gnutls_epoch_set_compression (session, EPOCH_NEXT, method); + _gnutls_epoch_set_compression (session, EPOCH_NEXT, method); - _gnutls_handshake_log - ("HSK[%p]: Selected Compression Method: %s\n", session, - gnutls_compression_get_name (session-> - internals.compression_method)); + _gnutls_handshake_log + ("HSK[%p]: Selected Compression Method: %s\n", session, + gnutls_compression_get_name (session-> + internals.compression_method)); - return 0; - } - } + return 0; + } + } } /* we were not able to find a compatible compression @@ -1078,7 +1078,7 @@ _gnutls_server_select_comp_method (gnutls_session_t session, */ static int _gnutls_send_empty_handshake (gnutls_session_t session, - gnutls_handshake_description_t type, int again) + gnutls_handshake_description_t type, int again) { mbuffer_st *bufel; @@ -1086,10 +1086,10 @@ _gnutls_send_empty_handshake (gnutls_session_t session, { bufel = _gnutls_handshake_alloc (0, 0); if (bufel == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } } else bufel = NULL; @@ -1102,8 +1102,8 @@ _gnutls_send_empty_handshake (gnutls_session_t session, */ static int _gnutls_handshake_hash_add_sent (gnutls_session_t session, - gnutls_handshake_description_t type, - opaque * dataptr, uint32_t datalen) + gnutls_handshake_description_t type, + opaque * dataptr, uint32_t datalen) { int ret; @@ -1112,11 +1112,11 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, { /* do not hash immediatelly since the hash has not yet been initialized */ if ((ret = - _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0) + { + gnutls_assert (); + return ret; + } return 0; } @@ -1129,21 +1129,21 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) { if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_10) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, - dataptr, datalen); - _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, - dataptr, datalen); - } + HANDSHAKE_MAC_TYPE_10) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha, + dataptr, datalen); + _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5, + dataptr, datalen); + } else if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_12) - { - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, - dataptr, datalen); - _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, - dataptr, datalen); - } + HANDSHAKE_MAC_TYPE_12) + { + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256, + dataptr, datalen); + _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1, + dataptr, datalen); + } } return 0; @@ -1157,7 +1157,7 @@ _gnutls_handshake_hash_add_sent (gnutls_session_t session, */ int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, - gnutls_handshake_description_t type) + gnutls_handshake_description_t type) { int ret; uint8_t *data; @@ -1184,19 +1184,19 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, pos += 3; _gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n", - session, _gnutls_handshake2str (type), - (long) datasize); + session, _gnutls_handshake2str (type), + (long) datasize); /* Here we keep the handshake messages in order to hash them... */ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST) if ((ret = - _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0) + _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0) { - gnutls_assert (); - gnutls_free (bufel); - return ret; + gnutls_assert (); + gnutls_free (bufel); + return ret; } session->internals.last_handshake_out = type; @@ -1205,13 +1205,13 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, switch (type) { - case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone - * or ClientKeyExchange always. - */ - case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */ - case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */ - case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */ - case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */ + case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone + * or ClientKeyExchange always. + */ + case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */ + case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */ + case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */ + case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */ /* now for client Certificate, ClientKeyExchange and * CertificateVerify are always followed by ChangeCipherSpec @@ -1238,12 +1238,12 @@ _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, #define SSL2_HEADERS 1 static int _gnutls_recv_handshake_header (gnutls_session_t session, - gnutls_handshake_description_t type, - gnutls_handshake_description_t * recv_type) + gnutls_handshake_description_t type, + gnutls_handshake_description_t * recv_type) { int ret; uint32_t length32 = 0; - uint8_t *dataptr = NULL; /* for realloc */ + uint8_t *dataptr = NULL; /* for realloc */ size_t handshake_header_size = HANDSHAKE_HEADER_SIZE; /* if we have data into the buffer then return them, do not read the next packet. @@ -1252,20 +1252,20 @@ _gnutls_recv_handshake_header (gnutls_session_t session, */ if (session->internals.handshake_header_buffer.header_size == handshake_header_size || (session->internals.v2_hello != 0 - && type == GNUTLS_HANDSHAKE_CLIENT_HELLO - && session->internals.handshake_header_buffer. - packet_length > 0)) + && type == GNUTLS_HANDSHAKE_CLIENT_HELLO + && session->internals.handshake_header_buffer. + packet_length > 0)) { *recv_type = session->internals.handshake_header_buffer.recv_type; if (*recv_type != type) - { - gnutls_assert (); - _gnutls_handshake_log - ("HSK[%p]: Handshake type mismatch (under attack?)\n", session); - return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; - } + { + gnutls_assert (); + _gnutls_handshake_log + ("HSK[%p]: Handshake type mismatch (under attack?)\n", session); + return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; + } return session->internals.handshake_header_buffer.packet_length; } @@ -1279,21 +1279,21 @@ _gnutls_recv_handshake_header (gnutls_session_t session, if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS) { ret = - _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, dataptr, SSL2_HEADERS); + _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, + type, dataptr, SSL2_HEADERS); if (ret < 0) - { - return ret; - } + { + return ret; + } /* The case ret==0 is caught here. */ if (ret != SSL2_HEADERS) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } session->internals.handshake_header_buffer.header_size = SSL2_HEADERS; } @@ -1301,28 +1301,28 @@ _gnutls_recv_handshake_header (gnutls_session_t session, || type != GNUTLS_HANDSHAKE_CLIENT_HELLO) { ret = - _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, - &dataptr - [session-> - internals.handshake_header_buffer. - header_size], - HANDSHAKE_HEADER_SIZE - - session-> - internals.handshake_header_buffer. - header_size); + _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, + type, + &dataptr + [session-> + internals.handshake_header_buffer. + header_size], + HANDSHAKE_HEADER_SIZE - + session-> + internals.handshake_header_buffer. + header_size); if (ret <= 0) - { - gnutls_assert (); - return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { + gnutls_assert (); + return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } if ((size_t) ret != - HANDSHAKE_HEADER_SIZE - - session->internals.handshake_header_buffer.header_size) - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + HANDSHAKE_HEADER_SIZE - + session->internals.handshake_header_buffer.header_size) + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } *recv_type = dataptr[0]; /* we do not use DECR_LEN because we know @@ -1332,27 +1332,27 @@ _gnutls_recv_handshake_header (gnutls_session_t session, handshake_header_size = HANDSHAKE_HEADER_SIZE; _gnutls_handshake_log ("HSK[%p]: %s was received [%ld bytes]\n", - session, _gnutls_handshake2str (dataptr[0]), - (long int) (length32 + HANDSHAKE_HEADER_SIZE)); + session, _gnutls_handshake2str (dataptr[0]), + (long int) (length32 + HANDSHAKE_HEADER_SIZE)); } else - { /* v2 hello */ - length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */ + { /* v2 hello */ + length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */ - handshake_header_size = SSL2_HEADERS; /* we've already read one byte */ + handshake_header_size = SSL2_HEADERS; /* we've already read one byte */ *recv_type = dataptr[0]; _gnutls_handshake_log ("HSK[%p]: %s(v2) was received [%ld bytes]\n", - session, _gnutls_handshake2str (*recv_type), - (long int) (length32 + handshake_header_size)); + session, _gnutls_handshake2str (*recv_type), + (long int) (length32 + handshake_header_size)); if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO) - { /* it should be one or nothing */ - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; - } + { /* it should be one or nothing */ + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; + } } /* put the packet into the buffer */ @@ -1379,9 +1379,9 @@ _gnutls_recv_handshake_header (gnutls_session_t session, */ static int _gnutls_handshake_hash_add_recvd (gnutls_session_t session, - gnutls_handshake_description_t recv_type, - opaque * header, uint16_t header_size, - opaque * dataptr, uint32_t datalen) + gnutls_handshake_description_t recv_type, + opaque * header, uint16_t header_size, + opaque * dataptr, uint32_t datalen) { int ret; @@ -1391,13 +1391,13 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, if ((session->security_parameters.entity == GNUTLS_SERVER || recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO) && (session->security_parameters.entity == GNUTLS_CLIENT - || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)) + || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)) { if ((ret = _gnutls_handshake_hash_pending (session)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } /* here we buffer the handshake messages - needed at Finished message */ @@ -1405,21 +1405,21 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, { if ((ret = - _gnutls_handshake_buffer_put (session, header, header_size)) < 0) - { - gnutls_assert (); - return ret; - } + _gnutls_handshake_buffer_put (session, header, header_size)) < 0) + { + gnutls_assert (); + return ret; + } if (datalen > 0) - { - if ((ret = - _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0) - { - gnutls_assert (); - return ret; - } - } + { + if ((ret = + _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0) + { + gnutls_assert (); + return ret; + } + } } return 0; @@ -1433,8 +1433,8 @@ _gnutls_handshake_hash_add_recvd (gnutls_session_t session, */ int _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, - int *datalen, gnutls_handshake_description_t type, - Optional optional) + int *datalen, gnutls_handshake_description_t type, + Optional optional) { int ret; uint32_t length32 = 0; @@ -1446,14 +1446,14 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, { if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET - && optional == OPTIONAL_PACKET) - { - if (datalen != NULL) - *datalen = 0; - if (data != NULL) - *data = NULL; - return 0; /* ok just ignore the packet */ - } + && optional == OPTIONAL_PACKET) + { + if (datalen != NULL) + *datalen = 0; + if (data != NULL) + *data = NULL; + return 0; /* ok just ignore the packet */ + } return ret; } @@ -1482,14 +1482,14 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, if (length32 > 0) { ret = - _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, - type, dataptr, length32); + _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE, + type, dataptr, length32); if (ret <= 0) - { - gnutls_assert (); - gnutls_free (dataptr); - return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret; - } + { + gnutls_assert (); + gnutls_free (dataptr); + return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret; + } } if (data != NULL && length32 > 0) @@ -1497,12 +1497,12 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, ret = _gnutls_handshake_hash_add_recvd (session, recv_type, - session-> - internals.handshake_header_buffer. - header, - session-> - internals.handshake_header_buffer. - header_size, dataptr, length32); + session-> + internals.handshake_header_buffer. + header, + session-> + internals.handshake_header_buffer. + header_size, dataptr, length32); if (ret < 0) { gnutls_assert (); @@ -1526,25 +1526,25 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, * need it */ gnutls_free (dataptr); if (data != NULL) - *data = NULL; + *data = NULL; if (ret < 0) - break; + break; /* initialize the hashes for both - (client will know server's version * and server as well at this point) */ if ((ret = _gnutls_handshake_hash_init (session)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: if (length32 == 0) - ret = 0; + ret = 0; else - ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; break; case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: case GNUTLS_HANDSHAKE_FINISHED: @@ -1560,7 +1560,7 @@ _gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data, gnutls_assert (); gnutls_free (dataptr); if (data != NULL) - *data = NULL; + *data = NULL; ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET; } @@ -1589,10 +1589,10 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) for (i = 0; i < cipher_suite_num; i++) { if (memcmp (&cipher_suites[i], suite, 2) == 0) - { - z = 0; - break; - } + { + z = 0; + break; + } } gnutls_free (cipher_suites); @@ -1605,13 +1605,13 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2); _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT, - &session-> - security_parameters.current_cipher_suite); + &session-> + security_parameters.current_cipher_suite); _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session, - _gnutls_cipher_suite_get_name - (&session-> - security_parameters.current_cipher_suite)); + _gnutls_cipher_suite_get_name + (&session-> + security_parameters.current_cipher_suite)); /* check if the credentials (username, public key etc.) are ok. @@ -1634,15 +1634,15 @@ _gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2]) */ session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (&session-> + security_parameters.current_cipher_suite)); if (session->internals.auth_struct == NULL) { _gnutls_handshake_log - ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n", - session); + ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n", + session); gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } @@ -1661,7 +1661,7 @@ _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method) int i; comp_methods_num = _gnutls_supported_compression_methods (session, - &compression_methods); + &compression_methods); if (comp_methods_num < 0) { gnutls_assert (); @@ -1671,10 +1671,10 @@ _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method) for (i = 0; i < comp_methods_num; i++) { if (compression_methods[i] == comp_method) - { - comp_methods_num = 0; - break; - } + { + comp_methods_num = 0; + break; + } } gnutls_free (compression_methods); @@ -1688,7 +1688,7 @@ _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method) session->internals.compression_method = _gnutls_compression_get_id (comp_method); _gnutls_epoch_set_compression (session, EPOCH_NEXT, - session->internals.compression_method); + session->internals.compression_method); return 0; } @@ -1699,48 +1699,48 @@ _gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method) */ static int _gnutls_client_check_if_resuming (gnutls_session_t session, - opaque * session_id, int session_id_len) + opaque * session_id, int session_id_len) { opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1]; _gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session, - session_id_len); + session_id_len); _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session, - _gnutls_bin2hex (session_id, session_id_len, buf, - sizeof (buf), NULL)); + _gnutls_bin2hex (session_id, session_id_len, buf, + sizeof (buf), NULL)); if (session_id_len > 0 && session->internals.resumed_security_parameters.session_id_size == session_id_len && memcmp (session_id, - session->internals.resumed_security_parameters.session_id, - session_id_len) == 0) + session->internals.resumed_security_parameters.session_id, + session_id_len) == 0) { /* resume session */ memcpy (session->internals.resumed_security_parameters.server_random, - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); memcpy (session->internals.resumed_security_parameters.client_random, - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); _gnutls_epoch_set_cipher_suite - (session, EPOCH_NEXT, - &session->internals. - resumed_security_parameters.current_cipher_suite); + (session, EPOCH_NEXT, + &session->internals. + resumed_security_parameters.current_cipher_suite); _gnutls_epoch_set_compression (session, EPOCH_NEXT, - session-> - internals.resumed_compression_method); + session-> + internals.resumed_compression_method); - session->internals.resumed = RESUME_TRUE; /* we are resuming */ + session->internals.resumed = RESUME_TRUE; /* we are resuming */ return 0; } else { /* keep the new session id */ - session->internals.resumed = RESUME_FALSE; /* we are not resuming */ + session->internals.resumed = RESUME_FALSE; /* we are not resuming */ session->security_parameters.session_id_size = session_id_len; memcpy (session->security_parameters.session_id, - session_id, session_id_len); + session_id, session_id_len); return -1; } @@ -1753,7 +1753,7 @@ _gnutls_client_check_if_resuming (gnutls_session_t session, */ static int _gnutls_read_server_hello (gnutls_session_t session, - opaque * data, int datalen) + opaque * data, int datalen) { uint8_t session_id_len = 0; int pos = 0; @@ -1768,7 +1768,7 @@ _gnutls_read_server_hello (gnutls_session_t session, } _gnutls_handshake_log ("HSK[%p]: Server's version: %d.%d\n", - session, data[pos], data[pos + 1]); + session, data[pos], data[pos + 1]); DECR_LEN (len, 2); version = _gnutls_version_get (data[pos], data[pos + 1]); @@ -1811,12 +1811,12 @@ _gnutls_read_server_hello (gnutls_session_t session, DECR_LEN (len, 2 + 1); ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY, - &data[pos], len); + &data[pos], len); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } return 0; } @@ -1865,8 +1865,8 @@ _gnutls_read_server_hello (gnutls_session_t session, */ static int _gnutls_copy_ciphersuites (gnutls_session_t session, - opaque * ret_data, size_t ret_data_size, - int add_scsv) + opaque * ret_data, size_t ret_data_size, + int add_scsv) { int ret, i; cipher_suite_st *cipher_suites; @@ -1908,7 +1908,7 @@ _gnutls_copy_ciphersuites (gnutls_session_t session, cipher_num = ret; - cipher_num *= sizeof (uint16_t); /* in order to get bytes */ + cipher_num *= sizeof (uint16_t); /* in order to get bytes */ datalen = pos = 0; @@ -1938,11 +1938,11 @@ _gnutls_copy_ciphersuites (gnutls_session_t session, ret_data[pos++] = 0xff; ret = _gnutls_ext_sr_send_cs (session); if (ret < 0) - { - gnutls_assert (); - gnutls_free (cipher_suites); - return ret; - } + { + gnutls_assert (); + gnutls_free (cipher_suites); + return ret; + } } gnutls_free (cipher_suites); @@ -1956,7 +1956,7 @@ _gnutls_copy_ciphersuites (gnutls_session_t session, */ static int _gnutls_copy_comp_methods (gnutls_session_t session, - opaque * ret_data, size_t ret_data_size) + opaque * ret_data, size_t ret_data_size) { int ret, i; uint8_t *compression_methods, comp_num; @@ -1980,7 +1980,7 @@ _gnutls_copy_comp_methods (gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - ret_data[pos++] = comp_num; /* put the number of compression methods */ + ret_data[pos++] = comp_num; /* put the number of compression methods */ for (i = 0; i < comp_num; i++) { @@ -2027,45 +2027,45 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) */ bufel = - _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH); + _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH); if (bufel == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } data = _mbuffer_get_udata_ptr (bufel); extdatalen = MAX_EXT_DATA_LENGTH; extdata = gnutls_malloc (extdatalen); if (extdata == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } /* if we are resuming a session then we set the * version number to the previously established. */ if (session_id_len == 0) - { - if (rehandshake) /* already negotiated version thus version_max == negotiated version */ - hver = session->security_parameters.version; - else /* new handshake. just get the max */ - hver = _gnutls_version_max (session); - } + { + if (rehandshake) /* already negotiated version thus version_max == negotiated version */ + hver = session->security_parameters.version; + else /* new handshake. just get the max */ + hver = _gnutls_version_max (session); + } else - { - /* we are resuming a session */ - hver = session->internals.resumed_security_parameters.version; - } + { + /* we are resuming a session */ + hver = session->internals.resumed_security_parameters.version; + } if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0) - { - gnutls_assert (); - gnutls_free (bufel); - gnutls_free (extdata); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + gnutls_free (bufel); + gnutls_free (extdata); + return GNUTLS_E_INTERNAL_ERROR; + } data[pos++] = _gnutls_version_get_major (hver); data[pos++] = _gnutls_version_get_minor (hver); @@ -2077,15 +2077,15 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) _gnutls_set_current_version (session, hver); if (session->internals.priorities.no_ssl3_record_version != 0) - { - /* Advertize the SSL 3.0 record packet version in - * record packets during the handshake. - * That is to avoid confusing implementations - * that do not support TLS 1.2 and don't know - * how 3,3 version of record packets look like. - */ - _gnutls_record_set_default_version (session, 3, 0); - } + { + /* Advertize the SSL 3.0 record packet version in + * record packets during the handshake. + * That is to avoid confusing implementations + * that do not support TLS 1.2 and don't know + * how 3,3 version of record packets look like. + */ + _gnutls_record_set_default_version (session, 3, 0); + } /* In order to know when this session was initiated. */ @@ -2104,12 +2104,12 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) data[pos++] = session_id_len; if (session_id_len > 0) - { - memcpy (&data[pos], - session->internals.resumed_security_parameters.session_id, - session_id_len); - pos += session_id_len; - } + { + memcpy (&data[pos], + session->internals.resumed_security_parameters.session_id, + session_id_len); + pos += session_id_len; + } /* Copy the ciphersuites. @@ -2119,92 +2119,92 @@ _gnutls_send_client_hello (gnutls_session_t session, int again) * handled with the RI extension below). */ if (!session->internals.initial_negotiation_completed && - session->security_parameters.entity == GNUTLS_CLIENT && - gnutls_protocol_get_version (session) == GNUTLS_SSL3) - { - ret = - _gnutls_copy_ciphersuites (session, extdata, extdatalen, TRUE); - _gnutls_extension_list_add (session, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION); - } + session->security_parameters.entity == GNUTLS_CLIENT && + gnutls_protocol_get_version (session) == GNUTLS_SSL3) + { + ret = + _gnutls_copy_ciphersuites (session, extdata, extdatalen, TRUE); + _gnutls_extension_list_add (session, + GNUTLS_EXTENSION_SAFE_RENEGOTIATION); + } else - ret = _gnutls_copy_ciphersuites (session, extdata, extdatalen, FALSE); + ret = _gnutls_copy_ciphersuites (session, extdata, extdatalen, FALSE); if (ret > 0) - { - ret = _mbuffer_append_data (bufel, extdata, ret); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (extdata); - return ret; - } - } + { + ret = _mbuffer_append_data (bufel, extdata, ret); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (extdata); + return ret; + } + } else - { - if (extdatalen == 0) - extdatalen = GNUTLS_E_INTERNAL_ERROR; - gnutls_free (bufel); - gnutls_free (extdata); - gnutls_assert (); - return ret; - } + { + if (extdatalen == 0) + extdatalen = GNUTLS_E_INTERNAL_ERROR; + gnutls_free (bufel); + gnutls_free (extdata); + gnutls_assert (); + return ret; + } /* Copy the compression methods. */ ret = _gnutls_copy_comp_methods (session, extdata, extdatalen); if (ret > 0) - { - ret = _mbuffer_append_data (bufel, extdata, ret); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (extdata); - return ret; - } - } + { + ret = _mbuffer_append_data (bufel, extdata, ret); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (extdata); + return ret; + } + } else - { - if (extdatalen == 0) - extdatalen = GNUTLS_E_INTERNAL_ERROR; - gnutls_free (bufel); - gnutls_free (extdata); - gnutls_assert (); - return ret; - } + { + if (extdatalen == 0) + extdatalen = GNUTLS_E_INTERNAL_ERROR; + gnutls_free (bufel); + gnutls_free (extdata); + gnutls_assert (); + return ret; + } /* Generate and copy TLS extensions. */ if (_gnutls_version_has_extensions (hver)) - type = GNUTLS_EXT_ANY; + type = GNUTLS_EXT_ANY; else - { - if (session->internals.initial_negotiation_completed != 0) - type = GNUTLS_EXT_MANDATORY; - else - type = GNUTLS_EXT_NONE; - } + { + if (session->internals.initial_negotiation_completed != 0) + type = GNUTLS_EXT_MANDATORY; + else + type = GNUTLS_EXT_NONE; + } ret = _gnutls_gen_extensions (session, extdata, extdatalen, type); if (ret > 0) - { - ret = _mbuffer_append_data (bufel, extdata, ret); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (extdata); - return ret; - } - } + { + ret = _mbuffer_append_data (bufel, extdata, ret); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (extdata); + return ret; + } + } else if (ret < 0) - { - gnutls_assert (); - gnutls_free (bufel); - gnutls_free (extdata); - return ret; - } + { + gnutls_assert (); + gnutls_free (bufel); + gnutls_free (extdata); + return ret; + } } gnutls_free (extdata); @@ -2235,71 +2235,71 @@ _gnutls_send_server_hello (gnutls_session_t session, int again) extdata = gnutls_malloc (MAX_EXT_DATA_LENGTH); if (extdata == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3; ret = - _gnutls_gen_extensions (session, extdata, MAX_EXT_DATA_LENGTH, - GNUTLS_EXT_ANY); + _gnutls_gen_extensions (session, extdata, MAX_EXT_DATA_LENGTH, + GNUTLS_EXT_ANY); if (ret < 0) - { - gnutls_assert (); - goto fail; - } + { + gnutls_assert (); + goto fail; + } extdatalen = ret; bufel = - _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen); + _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen); if (bufel == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto fail; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto fail; + } data = _mbuffer_get_udata_ptr (bufel); data[pos++] = - _gnutls_version_get_major (session->security_parameters.version); + _gnutls_version_get_major (session->security_parameters.version); data[pos++] = - _gnutls_version_get_minor (session->security_parameters.version); + _gnutls_version_get_minor (session->security_parameters.version); memcpy (&data[pos], - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); pos += GNUTLS_RANDOM_SIZE; data[pos++] = session_id_len; if (session_id_len > 0) - { - memcpy (&data[pos], session->security_parameters.session_id, - session_id_len); - } + { + memcpy (&data[pos], session->security_parameters.session_id, + session_id_len); + } pos += session_id_len; _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session, - _gnutls_bin2hex (session->security_parameters. - session_id, session_id_len, buf, - sizeof (buf), NULL)); + _gnutls_bin2hex (session->security_parameters. + session_id, session_id_len, buf, + sizeof (buf), NULL)); memcpy (&data[pos], - session->security_parameters.current_cipher_suite.suite, 2); + session->security_parameters.current_cipher_suite.suite, 2); pos += 2; comp = - (uint8_t) _gnutls_compression_get_num (session->internals. - compression_method); + (uint8_t) _gnutls_compression_get_num (session->internals. + compression_method); data[pos++] = comp; if (extdatalen > 0) - { - datalen += extdatalen; + { + datalen += extdatalen; - memcpy (&data[pos], extdata, extdatalen); - } + memcpy (&data[pos], extdata, extdatalen); + } } ret = @@ -2321,7 +2321,7 @@ _gnutls_send_hello (gnutls_session_t session, int again) } else - { /* SERVER */ + { /* SERVER */ ret = _gnutls_send_server_hello (session, again); } @@ -2341,20 +2341,20 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) { ret = _gnutls_read_server_hello (session, data, datalen); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } else - { /* Server side reading a client hello */ + { /* Server side reading a client hello */ ret = _gnutls_read_client_hello (session, data, datalen); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } ret = _gnutls_ext_sr_verify (session); @@ -2443,7 +2443,7 @@ gnutls_rehandshake (gnutls_session_t session) ret = _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST, - AGAIN (STATE50)); + AGAIN (STATE50)); STATE = STATE50; if (ret < 0) @@ -2483,63 +2483,63 @@ _gnutls_handshake_hash_init (gnutls_session_t session) /* set the hash type for handshake message hashing */ if (_gnutls_version_has_selectable_prf (ver)) - session->security_parameters.handshake_mac_handle_type = - HANDSHAKE_MAC_TYPE_12; + session->security_parameters.handshake_mac_handle_type = + HANDSHAKE_MAC_TYPE_12; else - session->security_parameters.handshake_mac_handle_type = - HANDSHAKE_MAC_TYPE_10; + session->security_parameters.handshake_mac_handle_type = + HANDSHAKE_MAC_TYPE_10; if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_10) - { - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10. - md5, GNUTLS_MAC_MD5); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10. - sha, GNUTLS_MAC_SHA1); - if (ret < 0) - { - gnutls_assert (); - _gnutls_hash_deinit (&session->internals.handshake_mac_handle. - tls10.md5, NULL); - return GNUTLS_E_MEMORY_ERROR; - } - } + HANDSHAKE_MAC_TYPE_10) + { + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10. + md5, GNUTLS_MAC_MD5); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10. + sha, GNUTLS_MAC_SHA1); + if (ret < 0) + { + gnutls_assert (); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle. + tls10.md5, NULL); + return GNUTLS_E_MEMORY_ERROR; + } + } else if (session->security_parameters.handshake_mac_handle_type == - HANDSHAKE_MAC_TYPE_12) - { - /* The algorithm to compute hash over handshake messages must be - same as the one used as the basis for PRF. By now we use - SHA256. */ - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12. - sha256, GNUTLS_DIG_SHA256); - if (ret < 0) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12. - sha1, GNUTLS_DIG_SHA1); - if (ret < 0) - { - gnutls_assert (); - _gnutls_hash_deinit (&session->internals.handshake_mac_handle. - tls12.sha256, NULL); - return GNUTLS_E_MEMORY_ERROR; - } - } + HANDSHAKE_MAC_TYPE_12) + { + /* The algorithm to compute hash over handshake messages must be + same as the one used as the basis for PRF. By now we use + SHA256. */ + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12. + sha256, GNUTLS_DIG_SHA256); + if (ret < 0) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12. + sha1, GNUTLS_DIG_SHA1); + if (ret < 0) + { + gnutls_assert (); + _gnutls_hash_deinit (&session->internals.handshake_mac_handle. + tls12.sha256, NULL); + return GNUTLS_E_MEMORY_ERROR; + } + } session->internals.handshake_mac_handle_init = 1; } @@ -2565,23 +2565,23 @@ _gnutls_send_supplemental (gnutls_session_t session, int again) ret = _gnutls_gen_supplemental (session, &buf); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } bufel = _gnutls_handshake_alloc (buf.length, buf.length); if (bufel == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } _mbuffer_set_udata (bufel, buf.data, buf.length); _gnutls_buffer_clear (&buf); ret = _gnutls_send_handshake (session, bufel, - GNUTLS_HANDSHAKE_SUPPLEMENTAL); + GNUTLS_HANDSHAKE_SUPPLEMENTAL); } return ret; @@ -2597,8 +2597,8 @@ _gnutls_recv_supplemental (gnutls_session_t session) _gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session); ret = _gnutls_recv_handshake (session, &data, &datalen, - GNUTLS_HANDSHAKE_SUPPLEMENTAL, - OPTIONAL_PACKET); + GNUTLS_HANDSHAKE_SUPPLEMENTAL, + OPTIONAL_PACKET); if (ret < 0) { gnutls_assert (); @@ -2652,18 +2652,18 @@ gnutls_handshake (gnutls_session_t session) record_parameters_st *params; ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next, - ¶ms); + ¶ms); if (ret < 0) { /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */ ret = - _gnutls_epoch_alloc (session, session->security_parameters.epoch_next, - NULL); + _gnutls_epoch_alloc (session, session->security_parameters.epoch_next, + NULL); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } if (session->security_parameters.entity == GNUTLS_CLIENT) @@ -2680,7 +2680,7 @@ gnutls_handshake (gnutls_session_t session) * we should reset the handshake's internal state. */ if (_gnutls_abort_handshake (session, ret) == 0) - STATE = STATE0; + STATE = STATE0; return ret; } @@ -2690,7 +2690,7 @@ gnutls_handshake (gnutls_session_t session) if (ret < 0) { if (_gnutls_abort_handshake (session, ret) == 0) - STATE = STATE0; + STATE = STATE0; return ret; } @@ -2735,11 +2735,11 @@ _gnutls_handshake_client (gnutls_session_t session) if (session->internals.resumed_security_parameters.session_id_size > 0) _gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session, - _gnutls_bin2hex (session-> - internals.resumed_security_parameters.session_id, - session-> - internals.resumed_security_parameters.session_id_size, - buf, sizeof (buf), NULL)); + _gnutls_bin2hex (session-> + internals.resumed_security_parameters.session_id, + session-> + internals.resumed_security_parameters.session_id_size, + buf, sizeof (buf), NULL)); #endif switch (STATE) @@ -2753,31 +2753,31 @@ _gnutls_handshake_client (gnutls_session_t session) case STATE2: /* receive the server hello */ ret = - _gnutls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_SERVER_HELLO, - MANDATORY_PACKET); + _gnutls_recv_handshake (session, NULL, NULL, + GNUTLS_HANDSHAKE_SERVER_HELLO, + MANDATORY_PACKET); STATE = STATE2; IMED_RET ("recv hello", ret, 1); case STATE70: if (session->security_parameters.do_recv_supplemental) - { - ret = _gnutls_recv_supplemental (session); - STATE = STATE70; - IMED_RET ("recv supplemental", ret, 1); - } + { + ret = _gnutls_recv_supplemental (session); + STATE = STATE70; + IMED_RET ("recv supplemental", ret, 1); + } case STATE3: /* RECV CERTIFICATE */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_certificate (session); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_server_certificate (session); STATE = STATE3; IMED_RET ("recv server certificate", ret, 1); case STATE4: /* receive the server key exchange */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_kx_message (session); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_server_kx_message (session); STATE = STATE4; IMED_RET ("recv server kx message", ret, 1); @@ -2785,48 +2785,48 @@ _gnutls_handshake_client (gnutls_session_t session) /* receive the server certificate request - if any */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_server_certificate_request (session); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_server_certificate_request (session); STATE = STATE5; IMED_RET ("recv server certificate request message", ret, 1); case STATE6: /* receive the server hello done */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - _gnutls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - MANDATORY_PACKET); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = + _gnutls_recv_handshake (session, NULL, NULL, + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, + MANDATORY_PACKET); STATE = STATE6; IMED_RET ("recv server hello done", ret, 1); case STATE71: if (session->security_parameters.do_send_supplemental) - { - ret = _gnutls_send_supplemental (session, AGAIN (STATE71)); - STATE = STATE71; - IMED_RET ("send supplemental", ret, 0); - } + { + ret = _gnutls_send_supplemental (session, AGAIN (STATE71)); + STATE = STATE71; + IMED_RET ("send supplemental", ret, 0); + } case STATE7: /* send our certificate - if any and if requested */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_send_client_certificate (session, AGAIN (STATE7)); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_send_client_certificate (session, AGAIN (STATE7)); STATE = STATE7; IMED_RET ("send client certificate", ret, 0); case STATE8: - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8)); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8)); STATE = STATE8; IMED_RET ("send client kx", ret, 0); case STATE9: /* send client certificate verify */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - _gnutls_send_client_certificate_verify (session, AGAIN (STATE9)); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = + _gnutls_send_client_certificate_verify (session, AGAIN (STATE9)); STATE = STATE9; IMED_RET ("send client certificate verify", ret, 1); @@ -2857,50 +2857,50 @@ _gnutls_send_handshake_final (gnutls_session_t session, int init) ret = _gnutls_handshake_io_write_flush (session); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } case STATE21: ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21)); STATE = STATE21; if (ret < 0) - { - ERR ("send ChangeCipherSpec", ret); - gnutls_assert (); - return ret; - } + { + ERR ("send ChangeCipherSpec", ret); + gnutls_assert (); + return ret; + } /* Initialize the connection session (start encryption) - in case of client */ if (init == TRUE) - { - ret = _gnutls_connection_state_init (session); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + ret = _gnutls_connection_state_init (session); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } ret = _gnutls_write_connection_state_init (session); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } case STATE22: /* send the finished message */ ret = _gnutls_send_finished (session, AGAIN (STATE22)); STATE = STATE22; if (ret < 0) - { - ERR ("send Finished", ret); - gnutls_assert (); - return ret; - } + { + ERR ("send Finished", ret); + gnutls_assert (); + return ret; + } STATE = STATE0; default: @@ -2927,39 +2927,39 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init) ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1); STATE = STATE30; if (ret <= 0) - { - ERR ("recv ChangeCipherSpec", ret); - gnutls_assert (); - return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { + ERR ("recv ChangeCipherSpec", ret); + gnutls_assert (); + return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } /* Initialize the connection session (start encryption) - in case of server */ if (init == TRUE) - { - ret = _gnutls_connection_state_init (session); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + ret = _gnutls_connection_state_init (session); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } ret = _gnutls_read_connection_state_init (session); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } case STATE31: ret = _gnutls_recv_finished (session); STATE = STATE31; if (ret < 0) - { - ERR ("recv finished", ret); - gnutls_assert (); - return ret; - } + { + ERR ("recv finished", ret); + gnutls_assert (); + return ret; + } STATE = STATE0; default: break; @@ -2983,9 +2983,9 @@ _gnutls_handshake_server (gnutls_session_t session) case STATE0: case STATE1: ret = - _gnutls_recv_handshake (session, NULL, NULL, - GNUTLS_HANDSHAKE_CLIENT_HELLO, - MANDATORY_PACKET); + _gnutls_recv_handshake (session, NULL, NULL, + GNUTLS_HANDSHAKE_CLIENT_HELLO, + MANDATORY_PACKET); STATE = STATE1; IMED_RET ("recv hello", ret, 1); @@ -2996,77 +2996,77 @@ _gnutls_handshake_server (gnutls_session_t session) case STATE70: if (session->security_parameters.do_send_supplemental) - { - ret = _gnutls_send_supplemental (session, AGAIN (STATE70)); - STATE = STATE70; - IMED_RET ("send supplemental data", ret, 0); - } + { + ret = _gnutls_send_supplemental (session, AGAIN (STATE70)); + STATE = STATE70; + IMED_RET ("send supplemental data", ret, 0); + } /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */ case STATE3: /* NOTE: these should not be send if we are resuming */ if (session->internals.resumed == RESUME_FALSE) - ret = _gnutls_send_server_certificate (session, AGAIN (STATE3)); + ret = _gnutls_send_server_certificate (session, AGAIN (STATE3)); STATE = STATE3; IMED_RET ("send server certificate", ret, 0); case STATE4: /* send server key exchange (A) */ if (session->internals.resumed == RESUME_FALSE) - ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4)); + ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4)); STATE = STATE4; IMED_RET ("send server kx", ret, 0); case STATE5: /* Send certificate request - if requested to */ if (session->internals.resumed == RESUME_FALSE) - ret = - _gnutls_send_server_certificate_request (session, AGAIN (STATE5)); + ret = + _gnutls_send_server_certificate_request (session, AGAIN (STATE5)); STATE = STATE5; IMED_RET ("send server cert request", ret, 0); case STATE6: /* send the server hello done */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = - _gnutls_send_empty_handshake (session, - GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, - AGAIN (STATE6)); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = + _gnutls_send_empty_handshake (session, + GNUTLS_HANDSHAKE_SERVER_HELLO_DONE, + AGAIN (STATE6)); STATE = STATE6; IMED_RET ("send server hello done", ret, 1); case STATE71: if (session->security_parameters.do_recv_supplemental) - { - ret = _gnutls_recv_supplemental (session); - STATE = STATE71; - IMED_RET ("recv client supplemental", ret, 1); - } + { + ret = _gnutls_recv_supplemental (session); + STATE = STATE71; + IMED_RET ("recv client supplemental", ret, 1); + } /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */ case STATE7: /* receive the client certificate message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_certificate (session); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_client_certificate (session); STATE = STATE7; IMED_RET ("recv client certificate", ret, 1); case STATE8: /* receive the client key exchange message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_kx_message (session); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_client_kx_message (session); STATE = STATE8; IMED_RET ("recv client kx", ret, 1); case STATE9: /* receive the client certificate verify message */ - if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ - ret = _gnutls_recv_client_certificate_verify_message (session); + if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */ + ret = _gnutls_recv_client_certificate_verify_message (session); STATE = STATE9; IMED_RET ("recv client certificate verify", ret, 1); - STATE = STATE0; /* finished thus clear session */ + STATE = STATE0; /* finished thus clear session */ default: break; } @@ -3083,7 +3083,7 @@ _gnutls_handshake_common (gnutls_session_t session) if ((session->internals.resumed == RESUME_TRUE && session->security_parameters.entity == GNUTLS_CLIENT) || (session->internals.resumed == RESUME_FALSE - && session->security_parameters.entity == GNUTLS_SERVER)) + && session->security_parameters.entity == GNUTLS_SERVER)) { /* if we are a client resuming - or we are a server not resuming */ @@ -3092,16 +3092,16 @@ _gnutls_handshake_common (gnutls_session_t session) #ifdef ENABLE_SESSION_TICKET switch (STATE) - { - case STATE0: - case STATE40: - ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40)); - STATE = STATE40; - IMED_RET ("send handshake new session ticket", ret, 0); - STATE = STATE0; - default: - break; - } + { + case STATE0: + case STATE40: + ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40)); + STATE = STATE40; + IMED_RET ("send handshake new session ticket", ret, 0); + STATE = STATE0; + default: + break; + } #endif ret = _gnutls_send_handshake_final (session, FALSE); @@ -3109,29 +3109,29 @@ _gnutls_handshake_common (gnutls_session_t session) /* only store if we are not resuming */ if (session->security_parameters.entity == GNUTLS_SERVER) - { - /* in order to support session resuming */ - _gnutls_server_register_current_session (session); - } + { + /* in order to support session resuming */ + _gnutls_server_register_current_session (session); + } } else - { /* if we are a client not resuming - or we are a server resuming */ + { /* if we are a client not resuming - or we are a server resuming */ ret = _gnutls_send_handshake_final (session, TRUE); IMED_RET ("send handshake final 2", ret, 1); #ifdef ENABLE_SESSION_TICKET switch (STATE) - { - case STATE0: - case STATE41: - ret = _gnutls_recv_new_session_ticket (session); - STATE = STATE41; - IMED_RET ("recv handshake new session ticket", ret, 1); - STATE = STATE0; - default: - break; - } + { + case STATE0: + case STATE41: + ret = _gnutls_recv_new_session_ticket (session); + STATE = STATE41; + IMED_RET ("recv handshake new session ticket", ret, 1); + STATE = STATE0; + default: + break; + } #endif ret = _gnutls_recv_handshake_final (session, FALSE); @@ -3165,7 +3165,7 @@ _gnutls_generate_session_id (opaque * session_id, uint8_t * len) int _gnutls_recv_hello_request (gnutls_session_t session, void *data, - uint32_t data_size) + uint32_t data_size) { uint8_t type; @@ -3194,8 +3194,8 @@ _gnutls_recv_hello_request (gnutls_session_t session, void *data, */ inline static int check_server_params (gnutls_session_t session, - gnutls_kx_algorithm_t kx, - gnutls_kx_algorithm_t * alg, int alg_size) + gnutls_kx_algorithm_t kx, + gnutls_kx_algorithm_t * alg, int alg_size) { int cred_type; gnutls_dh_params_t dh_params = NULL; @@ -3210,69 +3210,69 @@ check_server_params (gnutls_session_t session, { int delete; gnutls_certificate_credentials_t x509_cred = - (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, - cred_type, NULL); + (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, + cred_type, NULL); if (x509_cred != NULL) - { - dh_params = - _gnutls_get_dh_params (x509_cred->dh_params, - x509_cred->params_func, session); - rsa_params = - _gnutls_certificate_get_rsa_params (x509_cred->rsa_params, - x509_cred->params_func, - session); - } + { + dh_params = + _gnutls_get_dh_params (x509_cred->dh_params, + x509_cred->params_func, session); + rsa_params = + _gnutls_certificate_get_rsa_params (x509_cred->rsa_params, + x509_cred->params_func, + session); + } /* Check also if the certificate supports the * KX method. */ delete = 1; for (j = 0; j < alg_size; j++) - { - if (alg[j] == kx) - { - delete = 0; - break; - } - } + { + if (alg[j] == kx) + { + delete = 0; + break; + } + } if (delete == 1) - return 1; + return 1; #ifdef ENABLE_ANON } else if (cred_type == GNUTLS_CRD_ANON) { gnutls_anon_server_credentials_t anon_cred = - (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key, - cred_type, NULL); + (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key, + cred_type, NULL); if (anon_cred != NULL) - { - dh_params = - _gnutls_get_dh_params (anon_cred->dh_params, - anon_cred->params_func, session); - } + { + dh_params = + _gnutls_get_dh_params (anon_cred->dh_params, + anon_cred->params_func, session); + } #endif #ifdef ENABLE_PSK } else if (cred_type == GNUTLS_CRD_PSK) { gnutls_psk_server_credentials_t psk_cred = - (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key, - cred_type, NULL); + (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key, + cred_type, NULL); if (psk_cred != NULL) - { - dh_params = - _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, - session); - } + { + dh_params = + _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func, + session); + } #endif } else - return 0; /* no need for params */ + return 0; /* no need for params */ /* If the key exchange method needs RSA or DH params, @@ -3282,20 +3282,20 @@ check_server_params (gnutls_session_t session, { /* needs rsa params. */ if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL) - { - gnutls_assert (); - return 1; - } + { + gnutls_assert (); + return 1; + } } if (_gnutls_kx_needs_dh_params (kx) != 0) { /* needs DH params. */ if (_gnutls_dh_params_to_mpi (dh_params) == NULL) - { - gnutls_assert (); - return 1; - } + { + gnutls_assert (); + return 1; + } } return 0; @@ -3310,9 +3310,9 @@ check_server_params (gnutls_session_t session, */ int _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, - cipher_suite_st ** cipherSuites, - int numCipherSuites, - gnutls_pk_algorithm_t requested_pk_algo) + cipher_suite_st ** cipherSuites, + int numCipherSuites, + gnutls_pk_algorithm_t requested_pk_algo) { int ret = 0; @@ -3332,8 +3332,8 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, cert_cred = (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key, - GNUTLS_CRD_CERTIFICATE, - NULL); + GNUTLS_CRD_CERTIFICATE, + NULL); /* If there are certificate credentials, find an appropriate certificate * or disable them; @@ -3343,12 +3343,12 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, { ret = _gnutls_server_select_cert (session, requested_pk_algo); if (ret < 0) - { - gnutls_assert (); - _gnutls_x509_log ("Could not find an appropriate certificate: %s\n", - gnutls_strerror (ret)); - cert_cred = NULL; - } + { + gnutls_assert (); + _gnutls_x509_log ("Could not find an appropriate certificate: %s\n", + gnutls_strerror (ret)); + cert_cred = NULL; + } } /* get all the key exchange algorithms that are @@ -3383,46 +3383,46 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, /* if it is defined but had no credentials */ if (_gnutls_get_kx_cred (session, kx, NULL) == NULL) - { - delete = 1; - } + { + delete = 1; + } else - { - delete = 0; + { + delete = 0; - if (server) - delete = check_server_params (session, kx, alg, alg_size); - } + if (server) + delete = check_server_params (session, kx, alg, alg_size); + } /* These two SRP kx's are marked to require a CRD_CERTIFICATE, (see cred_mappings in gnutls_algorithms.c), but it also requires a SRP credential. Don't use SRP kx unless we have a SRP credential too. */ if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS) - { - if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL)) - delete = 1; - } + { + if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL)) + delete = 1; + } memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2); if (delete == 0) - { + { - _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n", - session, - _gnutls_cipher_suite_get_name (&cs)); + _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n", + session, + _gnutls_cipher_suite_get_name (&cs)); - memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); - newSuiteSize++; - } + memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2); + newSuiteSize++; + } else - { - _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n", - session, - _gnutls_cipher_suite_get_name (&cs)); + { + _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n", + session, + _gnutls_cipher_suite_get_name (&cs)); - } + } } gnutls_free (alg); @@ -3459,14 +3459,14 @@ void _gnutls_set_adv_version (gnutls_session_t session, gnutls_protocol_t ver) { set_adv_version (session, _gnutls_version_get_major (ver), - _gnutls_version_get_minor (ver)); + _gnutls_version_get_minor (ver)); } gnutls_protocol_t _gnutls_get_adv_version (gnutls_session_t session) { return _gnutls_version_get (_gnutls_get_adv_version_major (session), - _gnutls_get_adv_version_minor (session)); + _gnutls_get_adv_version_minor (session)); } /** diff --git a/lib/gnutls_handshake.h b/lib/gnutls_handshake.h index 055e6950cd..0af8e12477 100644 --- a/lib/gnutls_handshake.h +++ b/lib/gnutls_handshake.h @@ -27,14 +27,14 @@ typedef enum Optional { OPTIONAL_PACKET, MANDATORY_PACKET } Optional; int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel, - gnutls_handshake_description_t type); + gnutls_handshake_description_t type); int _gnutls_recv_hello_request (gnutls_session_t session, void *data, - uint32_t data_size); + uint32_t data_size); int _gnutls_send_hello (gnutls_session_t session, int again); int _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen); int _gnutls_recv_handshake (gnutls_session_t session, uint8_t **, int *, - gnutls_handshake_description_t, - Optional optional); + gnutls_handshake_description_t, + Optional optional); int _gnutls_generate_session_id (opaque * session_id, uint8_t * len); int _gnutls_handshake_common (gnutls_session_t session); int _gnutls_handshake_client (gnutls_session_t session); @@ -43,17 +43,17 @@ void _gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd); void _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd); int _gnutls_tls_create_random (opaque * dst); int _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session, - cipher_suite_st ** cipherSuites, - int numCipherSuites, - gnutls_pk_algorithm_t); + cipher_suite_st ** cipherSuites, + int numCipherSuites, + gnutls_pk_algorithm_t); int _gnutls_find_pk_algos_in_ciphersuites (opaque * data, int datalen); int _gnutls_server_select_suite (gnutls_session_t session, opaque * data, - int datalen); + int datalen); int _gnutls_negotiate_version (gnutls_session_t session, - gnutls_protocol_t adv_version); + gnutls_protocol_t adv_version); int _gnutls_user_hello_func (gnutls_session_t session, - gnutls_protocol_t adv_version); + gnutls_protocol_t adv_version); void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session); diff --git a/lib/gnutls_hash_int.c b/lib/gnutls_hash_int.c index 77ea874f83..5990d98852 100644 --- a/lib/gnutls_hash_int.c +++ b/lib/gnutls_hash_int.c @@ -72,10 +72,10 @@ _gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm) if (cc != NULL) { if (cc->init (algorithm, &dig->handle) < 0) - { - gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; + } dig->hash = cc->hash; dig->copy = cc->copy; @@ -165,7 +165,7 @@ _gnutls_hash_deinit (digest_hd_st * handle, void *digest) int _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, - const void *text, size_t textlen, void *digest) + const void *text, size_t textlen, void *digest) { digest_hd_st dig; int ret; @@ -200,7 +200,7 @@ _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm) int _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, - int keylen, const void *text, size_t textlen, void *digest) + int keylen, const void *text, size_t textlen, void *digest) { digest_hd_st dig; int ret; @@ -226,7 +226,7 @@ _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, int _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, - const void *key, int keylen) + const void *key, int keylen) { int result; const gnutls_crypto_mac_st *cc = NULL; @@ -241,17 +241,17 @@ _gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm, if (cc != NULL) { if (cc->init (algorithm, &dig->handle) < 0) - { - gnutls_assert (); - return GNUTLS_E_HASH_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; + } if (cc->setkey (dig->handle, key, keylen) < 0) - { - gnutls_assert (); - cc->deinit (dig->handle); - return GNUTLS_E_HASH_FAILED; - } + { + gnutls_assert (); + cc->deinit (dig->handle); + return GNUTLS_E_HASH_FAILED; + } dig->hash = cc->hash; dig->output = cc->output; @@ -334,7 +334,7 @@ get_padsize (gnutls_mac_algorithm_t algorithm) int _gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm, - void *key, int keylen) + void *key, int keylen) { opaque ipad[48]; int padsize, result; @@ -397,7 +397,7 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest) _gnutls_hash (&td, opad, padsize); block = _gnutls_hmac_get_algo_len (handle->algorithm); - _gnutls_hash_deinit (handle, ret); /* get the previous hash */ + _gnutls_hash_deinit (handle, ret); /* get the previous hash */ _gnutls_hash (&td, ret, block); _gnutls_hash_deinit (&td, digest); @@ -407,8 +407,8 @@ _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest) void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, - void *digest, opaque * key, - uint32_t key_size) + void *digest, opaque * key, + uint32_t key_size) { opaque ret[MAX_HASH_SIZE]; digest_hd_st td; @@ -443,7 +443,7 @@ _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, if (key_size > 0) _gnutls_hash (handle, key, key_size); _gnutls_hash (handle, ipad, padsize); - _gnutls_hash_deinit (handle, ret); /* get the previous hash */ + _gnutls_hash_deinit (handle, ret); /* get the previous hash */ _gnutls_hash (&td, ret, block); @@ -454,7 +454,7 @@ _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, static int ssl3_sha (int i, opaque * secret, int secret_len, - opaque * rnd, int rnd_len, void *digest) + opaque * rnd, int rnd_len, void *digest) { int j, ret; opaque text1[26]; @@ -463,7 +463,7 @@ ssl3_sha (int i, opaque * secret, int secret_len, for (j = 0; j < i + 1; j++) { - text1[j] = 65 + i; /* A==65 */ + text1[j] = 65 + i; /* A==65 */ } ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1); @@ -483,7 +483,7 @@ ssl3_sha (int i, opaque * secret, int secret_len, static int ssl3_md5 (int i, opaque * secret, int secret_len, - opaque * rnd, int rnd_len, void *digest) + opaque * rnd, int rnd_len, void *digest) { opaque tmp[MAX_HASH_SIZE]; digest_hd_st td; @@ -514,8 +514,8 @@ ssl3_md5 (int i, opaque * secret, int secret_len, int _gnutls_ssl3_hash_md5 (const void *first, int first_len, - const void *second, int second_len, - int ret_len, opaque * ret) + const void *second, int second_len, + int ret_len, opaque * ret) { opaque digest[MAX_HASH_SIZE]; digest_hd_st td; @@ -548,8 +548,8 @@ _gnutls_ssl3_hash_md5 (const void *first, int first_len, int _gnutls_ssl3_generate_random (void *secret, int secret_len, - void *rnd, int rnd_len, - int ret_bytes, opaque * ret) + void *rnd, int rnd_len, + int ret_bytes, opaque * ret) { int i = 0, copy, output_bytes; opaque digest[MAX_HASH_SIZE]; @@ -570,19 +570,19 @@ _gnutls_ssl3_generate_random (void *secret, int secret_len, result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } if ((1 + i) * block < ret_bytes) - { - copy = block; - } + { + copy = block; + } else - { - copy = ret_bytes - (i) * block; - } + { + copy = ret_bytes - (i) * block; + } memcpy (&ret[i * block], digest, copy); } diff --git a/lib/gnutls_hash_int.h b/lib/gnutls_hash_int.h index a98a4d0744..ca6bba02b6 100644 --- a/lib/gnutls_hash_int.h +++ b/lib/gnutls_hash_int.h @@ -59,13 +59,13 @@ typedef struct /* basic functions */ int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm, - const void *key, int keylen); + const void *key, int keylen); int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm); int _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen); int _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, - int keylen, const void *text, size_t textlen, - void *digest); + int keylen, const void *text, size_t textlen, + void *digest); void _gnutls_hmac_deinit (digest_hd_st * handle, void *digest); void _gnutls_hmac_output (digest_hd_st * handle, void *digest); @@ -78,22 +78,22 @@ void _gnutls_hash_output (digest_hd_st * handle, void *digest); int _gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, - const void *text, size_t textlen, void *digest); + const void *text, size_t textlen, void *digest); /* help functions */ int _gnutls_mac_init_ssl3 (digest_hd_st *, gnutls_mac_algorithm_t algorithm, - void *key, int keylen); + void *key, int keylen); void _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest); int _gnutls_ssl3_generate_random (void *secret, int secret_len, - void *rnd, int random_len, int bytes, - opaque * ret); + void *rnd, int random_len, int bytes, + opaque * ret); int _gnutls_ssl3_hash_md5 (const void *first, int first_len, - const void *second, int second_len, - int ret_len, opaque * ret); + const void *second, int second_len, + int ret_len, opaque * ret); void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest, - opaque * key, uint32_t key_size); + opaque * key, uint32_t key_size); int _gnutls_hash_copy (digest_hd_st * dst_handle, digest_hd_st * src_handle); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 3df5dfcb06..00a6f209e9 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -176,7 +176,7 @@ typedef enum extensions_t GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13, GNUTLS_EXTENSION_SESSION_TICKET = 35, GNUTLS_EXTENSION_INNER_APPLICATION = 37703, - GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */ + GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */ } extensions_t; typedef enum @@ -207,7 +207,7 @@ typedef struct mbuffer_st message. Mark should only be non-zero when this buffer is the head of the queue. */ size_t mark; - unsigned int user_mark; /* only used during fill in */ + unsigned int user_mark; /* only used during fill in */ size_t maximum_size; } mbuffer_st; @@ -222,8 +222,8 @@ typedef struct mbuffer_head_st typedef enum { - HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */ - HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */ + HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */ + HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */ } handshake_mac_type_t; /* Store & Retrieve functions defines: @@ -267,11 +267,11 @@ struct gnutls_key_st */ void *auth_info; gnutls_credentials_type_t auth_info_type; - int auth_info_size; /* needed in order to store to db for restoring - */ + int auth_info_size; /* needed in order to store to db for restoring + */ uint8_t crypt_algo; - auth_cred_st *cred; /* used to specify keys/certificates etc */ + auth_cred_st *cred; /* used to specify keys/certificates etc */ int certificate_requested; /* some ciphersuites use this @@ -307,7 +307,7 @@ typedef struct typedef struct { uint8_t hash_algorithm; - uint8_t sign_algorithm; /* pk algorithm actually */ + uint8_t sign_algorithm; /* pk algorithm actually */ } sign_algorithm_st; /* This structure holds parameters got from TLS extension @@ -317,7 +317,7 @@ typedef struct #define MAX_SIGNATURE_ALGORITHMS 16 -#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */ +#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */ /* auth_info_t structures now MAY contain malloced * elements. @@ -341,7 +341,7 @@ typedef struct { gnutls_connection_end_t entity; gnutls_kx_algorithm_t kx_algorithm; - handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */ + handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */ /* The epoch used to read and write */ uint16_t epoch_read; @@ -372,7 +372,7 @@ typedef struct uint16_t max_record_recv_size; /* holds the negotiated certificate type */ gnutls_certificate_type_t cert_type; - gnutls_protocol_t version; /* moved here */ + gnutls_protocol_t version; /* moved here */ /* FIXME: The following are not saved in the session storage * for session resumption. @@ -486,42 +486,42 @@ typedef union typedef struct { - gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */ - gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake - * message */ + gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */ + gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake + * message */ union { struct { - digest_hd_st sha; /* hash of the handshake messages */ - digest_hd_st md5; /* hash of the handshake messages */ + digest_hd_st sha; /* hash of the handshake messages */ + digest_hd_st md5; /* hash of the handshake messages */ } tls10; struct { - digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */ - digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */ + digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */ + digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */ } tls12; } handshake_mac_handle; - int handshake_mac_handle_init; /* 1 when the previous union and type were initialized */ - - gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */ - gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */ - int resumable:1; /* TRUE or FALSE - if we can resume that session */ - handshake_state_t handshake_state; /* holds - * a number which indicates where - * the handshake procedure has been - * interrupted. If it is 0 then - * no interruption has happened. - */ - - int invalid_connection:1; /* true or FALSE - if this session is valid */ - - int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write - */ + int handshake_mac_handle_init; /* 1 when the previous union and type were initialized */ + + gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */ + gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */ + int resumable:1; /* TRUE or FALSE - if we can resume that session */ + handshake_state_t handshake_state; /* holds + * a number which indicates where + * the handshake procedure has been + * interrupted. If it is 0 then + * no interruption has happened. + */ + + int invalid_connection:1; /* true or FALSE - if this session is valid */ + + int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write + */ int may_not_write:1; - int read_eof:1; /* non-zero if we have received a closure alert. */ + int read_eof:1; /* non-zero if we have received a closure alert. */ - int last_alert; /* last alert received */ + int last_alert; /* last alert received */ /* The last handshake messages sent or received. */ @@ -535,7 +535,7 @@ typedef struct struct gnutls_priority_st priorities; /* resumed session */ - int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */ + int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */ security_parameters_st resumed_security_parameters; gnutls_compression_method_t resumed_compression_method; @@ -555,25 +555,25 @@ typedef struct * non blocking IO. */ mbuffer_head_st record_recv_buffer; - mbuffer_head_st record_send_buffer; /* holds cached data - * for the gnutls_io_write_buffered() - * function. - */ - size_t record_send_buffer_user_size; /* holds the - * size of the user specified data to - * send. - */ + mbuffer_head_st record_send_buffer; /* holds cached data + * for the gnutls_io_write_buffered() + * function. + */ + size_t record_send_buffer_user_size; /* holds the + * size of the user specified data to + * send. + */ /* 0 if no peeked data was kept, 1 otherwise. */ int have_peeked_data:1; - int expire_time; /* after expire_time seconds this session will expire */ - struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ - int v2_hello; /* 0 if the client hello is v3+. - * non-zero if we got a v2 hello. - */ + int expire_time; /* after expire_time seconds this session will expire */ + struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */ + int v2_hello; /* 0 if the client hello is v3+. + * non-zero if we got a v2 hello. + */ /* keeps the headers of the handshake packet */ handshake_header_buffer_st handshake_header_buffer; @@ -650,10 +650,10 @@ typedef struct void *user_ptr; - int enable_private; /* non zero to - * enable cipher suites - * which have 0xFF status. - */ + int enable_private; /* non zero to + * enable cipher suites + * which have 0xFF status. + */ /* Holds 0 if the last called function was interrupted while * receiving, and non zero otherwise. @@ -750,7 +750,7 @@ struct gnutls_session_int /* functions */ void _gnutls_set_current_version (gnutls_session_t session, - gnutls_protocol_t version); + gnutls_protocol_t version); void _gnutls_free_auth_info (gnutls_session_t session); /* These two macros return the advertized TLS version of diff --git a/lib/gnutls_kx.c b/lib/gnutls_kx.c index 90cbce3432..e24292c0bf 100644 --- a/lib/gnutls_kx.c +++ b/lib/gnutls_kx.c @@ -39,14 +39,14 @@ #include <gnutls_datum.h> #include <gnutls_rsa_export.h> #include <gnutls_mbuffers.h> -#include "../libextra/ext_inner_application.h" /* isn't this too much? */ +#include "../libextra/ext_inner_application.h" /* isn't this too much? */ /* This is a temporary function to be used before the generate_* internal API is changed to use mbuffers. For now we don't avoid the extra alloc + memcpy. */ static inline int send_handshake (gnutls_session_t session, opaque * data, size_t size, - gnutls_handshake_description_t type) + gnutls_handshake_description_t type) { mbuffer_st *bufel; @@ -96,32 +96,32 @@ generate_normal_master (gnutls_session_t session, int keep_premaster) char buf[512]; _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size, - _gnutls_bin2hex (PREMASTER.data, PREMASTER.size, buf, - sizeof (buf), NULL)); + _gnutls_bin2hex (PREMASTER.data, PREMASTER.size, buf, + sizeof (buf), NULL)); _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32, - _gnutls_bin2hex (session-> - security_parameters.client_random, 32, - buf, sizeof (buf), NULL)); + _gnutls_bin2hex (session-> + security_parameters.client_random, 32, + buf, sizeof (buf), NULL)); _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32, - _gnutls_bin2hex (session-> - security_parameters.server_random, 32, - buf, sizeof (buf), NULL)); + _gnutls_bin2hex (session-> + security_parameters.server_random, 32, + buf, sizeof (buf), NULL)); if (gnutls_protocol_get_version (session) == GNUTLS_SSL3) { opaque rnd[2 * GNUTLS_RANDOM_SIZE + 1]; memcpy (rnd, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (&rnd[GNUTLS_RANDOM_SIZE], - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); ret = - _gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, - rnd, 2 * GNUTLS_RANDOM_SIZE, - GNUTLS_MASTER_SIZE, - session-> - security_parameters.master_secret); + _gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size, + rnd, 2 * GNUTLS_RANDOM_SIZE, + GNUTLS_MASTER_SIZE, + session-> + security_parameters.master_secret); } else @@ -129,15 +129,15 @@ generate_normal_master (gnutls_session_t session, int keep_premaster) opaque rnd[2 * GNUTLS_RANDOM_SIZE + 1]; memcpy (rnd, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (&rnd[GNUTLS_RANDOM_SIZE], - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); ret = - _gnutls_PRF (session, PREMASTER.data, PREMASTER.size, - MASTER_SECRET, strlen (MASTER_SECRET), - rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE, - session->security_parameters.master_secret); + _gnutls_PRF (session, PREMASTER.data, PREMASTER.size, + MASTER_SECRET, strlen (MASTER_SECRET), + rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE, + session->security_parameters.master_secret); } /* TLS/IA inner secret is derived from the master secret. */ @@ -150,10 +150,10 @@ generate_normal_master (gnutls_session_t session, int keep_premaster) return ret; _gnutls_hard_log ("INT: MASTER SECRET: %s\n", - _gnutls_bin2hex (session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE, buf, sizeof (buf), - NULL)); + _gnutls_bin2hex (session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE, buf, sizeof (buf), + NULL)); return ret; } @@ -179,24 +179,24 @@ _gnutls_send_server_kx_message (gnutls_session_t session, int again) if (again == 0) { data_size = - session->internals.auth_struct->gnutls_generate_server_kx (session, - &data); + session->internals.auth_struct->gnutls_generate_server_kx (session, + &data); if (data_size == GNUTLS_E_INT_RET_0) - { - gnutls_assert (); - return 0; - } + { + gnutls_assert (); + return 0; + } if (data_size < 0) - { - gnutls_assert (); - return data_size; - } + { + gnutls_assert (); + return data_size; + } } ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE); gnutls_free (data); if (ret < 0) @@ -230,18 +230,18 @@ _gnutls_send_server_certificate_request (gnutls_session_t session, int again) if (again == 0) { data_size = - session->internals. - auth_struct->gnutls_generate_server_certificate_request (session, - &data); + session->internals. + auth_struct->gnutls_generate_server_certificate_request (session, + &data); if (data_size < 0) - { - gnutls_assert (); - return data_size; - } + { + gnutls_assert (); + return data_size; + } } ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST); gnutls_free (data); if (ret < 0) @@ -273,16 +273,16 @@ _gnutls_send_client_kx_message (gnutls_session_t session, int again) if (again == 0) { data_size = - session->internals.auth_struct->gnutls_generate_client_kx (session, - &data); + session->internals.auth_struct->gnutls_generate_client_kx (session, + &data); if (data_size < 0) - { - gnutls_assert (); - return data_size; - } + { + gnutls_assert (); + return data_size; + } } ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE); gnutls_free (data); if (ret < 0) @@ -319,8 +319,8 @@ _gnutls_send_client_certificate_verify (gnutls_session_t session, int again) NULL) { gnutls_assert (); - return 0; /* this algorithm does not support cli_cert_vrfy - */ + return 0; /* this algorithm does not support cli_cert_vrfy + */ } data = NULL; @@ -329,19 +329,19 @@ _gnutls_send_client_certificate_verify (gnutls_session_t session, int again) if (again == 0) { data_size = - session->internals. - auth_struct->gnutls_generate_client_cert_vrfy (session, &data); + session->internals. + auth_struct->gnutls_generate_client_cert_vrfy (session, &data); if (data_size < 0) - { - gnutls_assert (); - return data_size; - } + { + gnutls_assert (); + return data_size; + } if (data_size == 0) - return 0; + return 0; } ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); + GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY); gnutls_free (data); return ret; @@ -362,38 +362,38 @@ _gnutls_recv_server_kx_message (gnutls_session_t session) /* EXCEPTION FOR RSA_EXPORT cipher suite */ if (_gnutls_session_is_export (session) != 0 && - _gnutls_peers_cert_less_512 (session) != 0) - { - gnutls_assert (); - return 0; - } + _gnutls_peers_cert_less_512 (session) != 0) + { + gnutls_assert (); + return 0; + } /* Server key exchange packet is optional for PSK. */ if (_gnutls_session_is_psk (session)) - optflag = OPTIONAL_PACKET; + optflag = OPTIONAL_PACKET; ret = - _gnutls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, - optflag); + _gnutls_recv_handshake (session, &data, + &datasize, + GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE, + optflag); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = - session->internals.auth_struct->gnutls_process_server_kx (session, - data, - datasize); + session->internals.auth_struct->gnutls_process_server_kx (session, + data, + datasize); gnutls_free (data); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } return ret; @@ -411,23 +411,23 @@ _gnutls_recv_server_certificate_request (gnutls_session_t session) { ret = - _gnutls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, - OPTIONAL_PACKET); + _gnutls_recv_handshake (session, &data, + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST, + OPTIONAL_PACKET); if (ret < 0) - return ret; + return ret; if (ret == 0 && datasize == 0) - return 0; /* ignored */ + return 0; /* ignored */ ret = - session->internals. - auth_struct->gnutls_process_server_certificate_request (session, data, - datasize); + session->internals. + auth_struct->gnutls_process_server_certificate_request (session, data, + datasize); gnutls_free (data); if (ret < 0) - return ret; + return ret; } return ret; @@ -446,20 +446,20 @@ _gnutls_recv_client_kx_message (gnutls_session_t session) { ret = - _gnutls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, - MANDATORY_PACKET); + _gnutls_recv_handshake (session, &data, + &datasize, + GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE, + MANDATORY_PACKET); if (ret < 0) - return ret; + return ret; ret = - session->internals.auth_struct->gnutls_process_client_kx (session, - data, - datasize); + session->internals.auth_struct->gnutls_process_client_kx (session, + data, + datasize); gnutls_free (data); if (ret < 0) - return ret; + return ret; } @@ -490,20 +490,20 @@ _gnutls_send_client_certificate (gnutls_session_t session, int again) if (again == 0) { if (gnutls_protocol_get_version (session) != GNUTLS_SSL3 || - session->internals.selected_cert_list_length > 0) - { - /* TLS 1.0 or SSL 3.0 with a valid certificate - */ - data_size = - session->internals. - auth_struct->gnutls_generate_client_certificate (session, &data); - - if (data_size < 0) - { - gnutls_assert (); - return data_size; - } - } + session->internals.selected_cert_list_length > 0) + { + /* TLS 1.0 or SSL 3.0 with a valid certificate + */ + data_size = + session->internals. + auth_struct->gnutls_generate_client_certificate (session, &data); + + if (data_size < 0) + { + gnutls_assert (); + return data_size; + } + } } /* In the SSL 3.0 protocol we need to send a @@ -514,15 +514,15 @@ _gnutls_send_client_certificate (gnutls_session_t session, int again) session->internals.selected_cert_list_length == 0) { ret = - gnutls_alert_send (session, GNUTLS_AL_WARNING, - GNUTLS_A_SSL3_NO_CERTIFICATE); + gnutls_alert_send (session, GNUTLS_AL_WARNING, + GNUTLS_A_SSL3_NO_CERTIFICATE); } else - { /* TLS 1.0 or SSL 3.0 with a valid certificate - */ + { /* TLS 1.0 or SSL 3.0 with a valid certificate + */ ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT); gnutls_free (data); } @@ -556,17 +556,17 @@ _gnutls_send_server_certificate (gnutls_session_t session, int again) if (again == 0) { data_size = - session->internals. - auth_struct->gnutls_generate_server_certificate (session, &data); + session->internals. + auth_struct->gnutls_generate_server_certificate (session, &data); if (data_size < 0) - { - gnutls_assert (); - return data_size; - } + { + gnutls_assert (); + return data_size; + } } ret = send_handshake (session, data, data_size, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT); + GNUTLS_HANDSHAKE_CERTIFICATE_PKT); gnutls_free (data); if (ret < 0) @@ -594,79 +594,79 @@ _gnutls_recv_client_certificate (gnutls_session_t session) /* if we have not requested a certificate then just return */ if (session->internals.send_cert_req == 0) - { - return 0; - } + { + return 0; + } if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) - optional = MANDATORY_PACKET; + optional = MANDATORY_PACKET; else - optional = OPTIONAL_PACKET; + optional = OPTIONAL_PACKET; ret = - _gnutls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); + _gnutls_recv_handshake (session, &data, + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional); if (ret < 0) - { - /* Handle the case of old SSL3 clients who send - * a warning alert instead of an empty certificate to indicate - * no certificate. - */ - if (optional == OPTIONAL_PACKET && - ret == GNUTLS_E_WARNING_ALERT_RECEIVED && - gnutls_protocol_get_version (session) == GNUTLS_SSL3 && - gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) - { - - /* SSL3 does not send an empty certificate, - * but this alert. So we just ignore it. - */ - gnutls_assert (); - return 0; - } - - /* certificate was required - */ - if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - && optional == MANDATORY_PACKET) - { - gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } - - return ret; - } + { + /* Handle the case of old SSL3 clients who send + * a warning alert instead of an empty certificate to indicate + * no certificate. + */ + if (optional == OPTIONAL_PACKET && + ret == GNUTLS_E_WARNING_ALERT_RECEIVED && + gnutls_protocol_get_version (session) == GNUTLS_SSL3 && + gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE) + { + + /* SSL3 does not send an empty certificate, + * but this alert. So we just ignore it. + */ + gnutls_assert (); + return 0; + } + + /* certificate was required + */ + if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + && optional == MANDATORY_PACKET) + { + gnutls_assert (); + return GNUTLS_E_NO_CERTIFICATE_FOUND; + } + + return ret; + } if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET) - { - /* Client has not sent the certificate message. - * well I'm not sure we should accept this - * behaviour. - */ - gnutls_assert (); - return 0; - } + { + /* Client has not sent the certificate message. + * well I'm not sure we should accept this + * behaviour. + */ + gnutls_assert (); + return 0; + } ret = - session->internals. - auth_struct->gnutls_process_client_certificate (session, data, - datasize); + session->internals. + auth_struct->gnutls_process_client_certificate (session, data, + datasize); gnutls_free (data); if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* ok we should expect a certificate verify message now */ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET) - ret = 0; + ret = 0; else - session->key->certificate_requested = 1; + session->key->certificate_requested = 1; } @@ -685,26 +685,26 @@ _gnutls_recv_server_certificate (gnutls_session_t session) { ret = - _gnutls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_PKT, - MANDATORY_PACKET); + _gnutls_recv_handshake (session, &data, + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_PKT, + MANDATORY_PACKET); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = - session->internals. - auth_struct->gnutls_process_server_certificate (session, data, - datasize); + session->internals. + auth_struct->gnutls_process_server_certificate (session, data, + datasize); gnutls_free (data); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } return ret; @@ -726,34 +726,34 @@ _gnutls_recv_client_certificate_verify_message (gnutls_session_t session) { if (session->internals.send_cert_req == 0 || - session->key->certificate_requested == 0) - { - return 0; - } + session->key->certificate_requested == 0) + { + return 0; + } ret = - _gnutls_recv_handshake (session, &data, - &datasize, - GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, - OPTIONAL_PACKET); + _gnutls_recv_handshake (session, &data, + &datasize, + GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY, + OPTIONAL_PACKET); if (ret < 0) - return ret; + return ret; if (ret == 0 && datasize == 0 - && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) - { - /* certificate was required */ - gnutls_assert (); - return GNUTLS_E_NO_CERTIFICATE_FOUND; - } + && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE) + { + /* certificate was required */ + gnutls_assert (); + return GNUTLS_E_NO_CERTIFICATE_FOUND; + } ret = - session->internals. - auth_struct->gnutls_process_client_cert_vrfy (session, data, - datasize); + session->internals. + auth_struct->gnutls_process_client_cert_vrfy (session, data, + datasize); gnutls_free (data); if (ret < 0) - return ret; + return ret; } diff --git a/lib/gnutls_kx.h b/lib/gnutls_kx.h index 91cb491a7e..b2b692715b 100644 --- a/lib/gnutls_kx.h +++ b/lib/gnutls_kx.h @@ -28,7 +28,7 @@ int _gnutls_send_client_kx_message (gnutls_session_t session, int again); int _gnutls_recv_server_kx_message (gnutls_session_t session); int _gnutls_recv_client_kx_message (gnutls_session_t session); int _gnutls_send_client_certificate_verify (gnutls_session_t session, - int again); + int again); int _gnutls_send_server_certificate (gnutls_session_t session, int again); int _gnutls_generate_master (gnutls_session_t session, int keep_premaster); int _gnutls_recv_client_certificate (gnutls_session_t session); @@ -36,5 +36,5 @@ int _gnutls_recv_server_certificate (gnutls_session_t session); int _gnutls_send_client_certificate (gnutls_session_t session, int again); int _gnutls_recv_server_certificate_request (gnutls_session_t session); int _gnutls_send_server_certificate_request (gnutls_session_t session, - int again); + int again); int _gnutls_recv_client_certificate_verify_message (gnutls_session_t session); diff --git a/lib/gnutls_mbuffers.c b/lib/gnutls_mbuffers.c index 846c1a5e10..a12f640790 100644 --- a/lib/gnutls_mbuffers.c +++ b/lib/gnutls_mbuffers.c @@ -198,16 +198,16 @@ _mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes) next = bufel->next; if (left >= (bufel->msg.size - bufel->mark)) - { - left -= (bufel->msg.size - bufel->mark); - remove_front (buf); - } + { + left -= (bufel->msg.size - bufel->mark); + remove_front (buf); + } else - { - bufel->mark += left; - buf->byte_length -= left; - left = 0; - } + { + bufel->mark += left; + buf->byte_length -= left; + left = 0; + } } return 0; diff --git a/lib/gnutls_mbuffers.h b/lib/gnutls_mbuffers.h index 9eaf310f6a..99b0addf4b 100644 --- a/lib/gnutls_mbuffers.h +++ b/lib/gnutls_mbuffers.h @@ -41,7 +41,7 @@ mbuffer_st *_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg); * one. */ int _mbuffer_append_data (mbuffer_st * bufel, void *newdata, - size_t newdata_size); + size_t newdata_size); int _mbuffer_linearize (mbuffer_head_st * buf); @@ -96,7 +96,7 @@ inline static mbuffer_st * _gnutls_handshake_alloc (size_t size, size_t maximum) { mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size, - HANDSHAKE_HEADER_SIZE + maximum); + HANDSHAKE_HEADER_SIZE + maximum); if (!ret) return NULL; diff --git a/lib/gnutls_mem.h b/lib/gnutls_mem.h index 46811a34c8..41b1657a5f 100644 --- a/lib/gnutls_mem.h +++ b/lib/gnutls_mem.h @@ -26,7 +26,7 @@ #ifndef GNUTLS_MEM_H #define GNUTLS_MEM_H -typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ +typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */ extern int (*_gnutls_is_secure_memory) (const void *); diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index b3d5760ce0..b42a95ec06 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -41,7 +41,7 @@ bigint_t _gnutls_mpi_randomize (bigint_t r, unsigned int bits, - gnutls_rnd_level_t level) + gnutls_rnd_level_t level) { size_t size = 1 + (bits / 8); int ret; @@ -59,10 +59,10 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits, { buf = gnutls_malloc (size); if (buf == NULL) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } buf_release = 1; } @@ -84,7 +84,7 @@ _gnutls_mpi_randomize (bigint_t r, unsigned int bits, else { for (i = 8; i >= rem; i--) - buf[0] = clearbit (buf[0], i); + buf[0] = clearbit (buf[0], i); } ret = _gnutls_mpi_scan (&tmp, buf, size); @@ -260,7 +260,7 @@ _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, size_t size) { size_t diff = size - bytes; for (i = 0; i < diff; i++) - buf[i] = 0; + buf[i] = 0; ret = _gnutls_mpi_print (a, &buf[diff], &bytes); } else @@ -329,7 +329,7 @@ _gnutls_x509_read_int (ASN1_TYPE node, const char *value, bigint_t * ret_mpi) */ int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi, - int lz) + int lz) { opaque *tmpstr; size_t s_len; diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index a9daddd3b8..19154ef267 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -34,7 +34,7 @@ extern int crypto_bigint_prio; extern gnutls_crypto_bigint_st _gnutls_mpi_ops; bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits, - gnutls_rnd_level_t level); + gnutls_rnd_level_t level); #define _gnutls_mpi_new(x) _gnutls_mpi_ops.bigint_new(x) #define _gnutls_mpi_cmp(x,y) _gnutls_mpi_ops.bigint_cmp(x,y) @@ -65,14 +65,14 @@ void _gnutls_mpi_release (bigint_t * x); int _gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes); int _gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer, - size_t nbytes); + size_t nbytes); int _gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer, - size_t nbytes); + size_t nbytes); int _gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest); int _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest); int _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, - size_t size); + size_t size); #define _gnutls_mpi_generate_group( gg, bits) _gnutls_mpi_ops.bigint_generate_group( gg, bits) diff --git a/lib/gnutls_num.c b/lib/gnutls_num.c index 0c25976f6a..2c75541ca6 100644 --- a/lib/gnutls_num.c +++ b/lib/gnutls_num.c @@ -46,18 +46,18 @@ _gnutls_uint64pp (uint64 * x) { y = 0; if (x->i[i] == 0xff) - { - x->i[i] = 0; - y = 1; - } + { + x->i[i] = 0; + y = 1; + } else - x->i[i]++; + x->i[i]++; if (y == 0) - break; + break; } if (y != 0) - return -1; /* over 64 bits! WOW */ + return -1; /* over 64 bits! WOW */ return 0; } diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 73609bf284..90e9daf3e4 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -44,9 +44,9 @@ */ int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - bigint_t * params, unsigned params_len, - unsigned btype) + const gnutls_datum_t * plaintext, + bigint_t * params, unsigned params_len, + unsigned btype) { unsigned int i, pad; int ret; @@ -92,43 +92,43 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, case 2: /* using public key */ if (params_len < RSA_PUBLIC_PARAMS) - { - gnutls_assert (); - gnutls_free (edata); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + gnutls_free (edata); + return GNUTLS_E_INTERNAL_ERROR; + } ret = _gnutls_rnd (GNUTLS_RND_RANDOM, ps, psize); if (ret < 0) - { - gnutls_assert (); - gnutls_free (edata); - return ret; - } + { + gnutls_assert (); + gnutls_free (edata); + return ret; + } for (i = 0; i < psize; i++) - while (ps[i] == 0) - { - ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (edata); - return ret; - } - } + while (ps[i] == 0) + { + ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (edata); + return ret; + } + } break; case 1: /* using private key */ if (params_len < RSA_PRIVATE_PARAMS) - { - gnutls_assert (); - gnutls_free (edata); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + gnutls_free (edata); + return GNUTLS_E_INTERNAL_ERROR; + } for (i = 0; i < psize; i++) - ps[i] = 0xff; + ps[i] = 0xff; break; default: gnutls_assert (); @@ -142,10 +142,10 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, to_encrypt.data = edata; to_encrypt.size = k; - if (btype == 2) /* encrypt */ + if (btype == 2) /* encrypt */ ret = _gnutls_pk_encrypt (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params); - else /* sign */ + else /* sign */ ret = _gnutls_pk_sign (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params); @@ -174,7 +174,7 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, return 0; } else - { /* psize > k !!! */ + { /* psize > k !!! */ /* This is an impossible situation */ gnutls_assert (); _gnutls_free_datum (&encrypted); @@ -207,9 +207,9 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, */ int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - bigint_t * params, unsigned params_len, - unsigned btype) + const gnutls_datum_t * ciphertext, + bigint_t * params, unsigned params_len, + unsigned btype) { unsigned int k, i; int ret; @@ -239,12 +239,12 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, if (btype == 2) { ret = - _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); + _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); } else { ret = - _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); + _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); } if (ret < 0) @@ -272,31 +272,31 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, { case 2: for (i = 2; i < plaintext->size; i++) - { - if (plaintext->data[i] == 0) - { - ret = 0; - break; - } - } + { + if (plaintext->data[i] == 0) + { + ret = 0; + break; + } + } break; case 1: for (i = 2; i < plaintext->size; i++) - { - if (plaintext->data[i] == 0 && i > 2) - { - ret = 0; - break; - } - if (plaintext->data[i] != 0xff) - { - _gnutls_handshake_log ("PKCS #1 padding error"); - _gnutls_free_datum (plaintext); - /* PKCS #1 padding error. Don't use - GNUTLS_E_PKCS1_WRONG_PAD here. */ - break; - } - } + { + if (plaintext->data[i] == 0 && i > 2) + { + ret = 0; + break; + } + if (plaintext->data[i] != 0xff) + { + _gnutls_handshake_log ("PKCS #1 padding error"); + _gnutls_free_datum (plaintext); + /* PKCS #1 padding error. Don't use + GNUTLS_E_PKCS1_WRONG_PAD here. */ + break; + } + } break; default: gnutls_assert (); @@ -321,8 +321,8 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, int _gnutls_rsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * ciphertext, bigint_t * params, - int params_len, int btype) + const gnutls_datum_t * ciphertext, bigint_t * params, + int params_len, int btype) { gnutls_datum_t plain; @@ -331,7 +331,7 @@ _gnutls_rsa_verify (const gnutls_datum_t * vdata, /* decrypt signature */ if ((ret = _gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, - btype)) < 0) + btype)) < 0) { gnutls_assert (); return ret; @@ -353,7 +353,7 @@ _gnutls_rsa_verify (const gnutls_datum_t * vdata, _gnutls_free_datum (&plain); - return 0; /* ok */ + return 0; /* ok */ } /* encodes the Dss-Sig-Value structure @@ -366,8 +366,8 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.DSASignatureValue", - &sig)) != ASN1_SUCCESS) + "GNUTLS.DSASignatureValue", + &sig)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -407,8 +407,8 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) */ int _gnutls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * hash, bigint_t * params, - unsigned int params_len) + const gnutls_datum_t * hash, bigint_t * params, + unsigned int params_len) { int ret; size_t i; @@ -421,7 +421,7 @@ _gnutls_dsa_sign (gnutls_datum_t * signature, k = hash->size; if (k < 20) - { /* SHA1 or better only */ + { /* SHA1 or better only */ gnutls_assert (); return GNUTLS_E_PK_SIGN_FAILED; } @@ -442,15 +442,15 @@ _gnutls_dsa_sign (gnutls_datum_t * signature, */ int _gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r, - bigint_t * s) + bigint_t * s) { ASN1_TYPE sig; int result; if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.DSASignatureValue", - &sig)) != ASN1_SUCCESS) + "GNUTLS.DSASignatureValue", + &sig)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -490,8 +490,8 @@ _gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r, */ int _gnutls_dsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * sig_value, bigint_t * params, - int params_len) + const gnutls_datum_t * sig_value, bigint_t * params, + int params_len) { int ret, i; @@ -502,7 +502,7 @@ _gnutls_dsa_verify (const gnutls_datum_t * vdata, pk_params.params_nr = params_len; if (vdata->size > 20) - { /* SHA1 or better only */ + { /* SHA1 or better only */ gnutls_assert (); return GNUTLS_E_PK_SIG_VERIFY_FAILED; } @@ -516,13 +516,13 @@ _gnutls_dsa_verify (const gnutls_datum_t * vdata, return ret; } - return 0; /* ok */ + return 0; /* ok */ } /* some generic pk functions */ static int _generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len, - int bits) + int bits) { gnutls_pk_params_st params; int ret; @@ -540,7 +540,7 @@ _generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len, { *resarr_len = params.params_nr; for (i = 0; i < params.params_nr; i++) - resarr[i] = params.params[i]; + resarr[i] = params.params[i]; } else { @@ -554,21 +554,21 @@ _generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len, int _gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len, - int bits) + int bits) { return _generate_params (GNUTLS_PK_RSA, resarr, resarr_len, bits); } int _gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len, - int bits) + int bits) { return _generate_params (GNUTLS_PK_DSA, resarr, resarr_len, bits); } int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params, - int params_len) + int params_len) { int i, j; dst->params_nr = 0; @@ -583,11 +583,11 @@ _gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params, { dst->params[i] = _gnutls_mpi_set (NULL, params[i]); if (dst->params[i] == NULL) - { - for (j = 0; j < i; j++) - _gnutls_mpi_release (&dst->params[j]); - return GNUTLS_E_MEMORY_ERROR; - } + { + for (j = 0; j < i; j++) + _gnutls_mpi_release (&dst->params[j]); + return GNUTLS_E_MEMORY_ERROR; + } dst->params_nr++; } @@ -647,19 +647,19 @@ _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size) int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params, - int params_size, - gnutls_digest_algorithm_t * dig, - unsigned int *mand) + int params_size, + gnutls_digest_algorithm_t * dig, + unsigned int *mand) { if (mand) { if (pk == GNUTLS_PK_DSA) - *mand = 1; + *mand = 1; else - *mand = 0; + *mand = 0; } return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) dig, - NULL, pk, params, params_size); + NULL, pk, params, params_size); } diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h index 93e2de0afc..f9b5174d56 100644 --- a/lib/gnutls_pk.h +++ b/lib/gnutls_pk.h @@ -36,7 +36,7 @@ extern gnutls_crypto_pk_st _gnutls_pk_ops; inline static int _gnutls_pk_fixup (gnutls_pk_algorithm_t algo, gnutls_direction_t direction, - gnutls_pk_params_st * params) + gnutls_pk_params_st * params) { if (_gnutls_pk_ops.pk_fixup_private_params) return _gnutls_pk_ops.pk_fixup_private_params (algo, direction, params); @@ -44,44 +44,44 @@ _gnutls_pk_fixup (gnutls_pk_algorithm_t algo, gnutls_direction_t direction, } int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params, - int params_len); + int params_len); int _gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len, - int bits); + int bits); int _gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len, - int bits); + int bits); /* The internal PK interface */ int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - bigint_t * params, unsigned params_len, - unsigned btype); + const gnutls_datum_t * plaintext, + bigint_t * params, unsigned params_len, + unsigned btype); int _gnutls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * plaintext, bigint_t * params, - unsigned params_len); + const gnutls_datum_t * plaintext, bigint_t * params, + unsigned params_len); int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - bigint_t * params, unsigned params_len, - unsigned btype); + const gnutls_datum_t * ciphertext, + bigint_t * params, unsigned params_len, + unsigned btype); int _gnutls_rsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * ciphertext, bigint_t * params, - int params_len, int btype); + const gnutls_datum_t * ciphertext, bigint_t * params, + int params_len, int btype); int _gnutls_dsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * sig_value, bigint_t * params, - int params_len); + const gnutls_datum_t * sig_value, bigint_t * params, + int params_len); int _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s); int _gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r, - bigint_t * s); + bigint_t * s); int _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size); int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, - bigint_t * params, int params_size, - gnutls_digest_algorithm_t * dig, - unsigned int *mand); + bigint_t * params, int params_size, + gnutls_digest_algorithm_t * dig, + unsigned int *mand); #endif /* GNUTLS_PK_H */ diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 0589d9950e..5021c52256 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -33,8 +33,8 @@ static void break_comma_list (char *etag, - char **broken_etag, int *elements, int max_elements, - char sep); + char **broken_etag, int *elements, int max_elements, + char sep); /** * gnutls_cipher_set_priority: @@ -195,7 +195,7 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list) **/ int gnutls_certificate_type_set_priority (gnutls_session_t session, - const int *list) + const int *list) { #ifdef ENABLE_OPENPGP return _set_priority (&session->internals.priorities.cert_type, list); @@ -384,12 +384,12 @@ static void prio_remove (priority_st * priority_list, unsigned int algo) { int i = 0; - int pos = -1; /* the position of the cipher to remove */ + int pos = -1; /* the position of the cipher to remove */ while (priority_list->priority[i] != 0) { if (priority_list->priority[i] == algo) - pos = i; + pos = i; i++; } @@ -410,7 +410,7 @@ prio_add (priority_st * priority_list, unsigned int algo) while (priority_list->priority[i] != 0) { if (algo == priority_list->priority[i]) - return; /* if it exists */ + return; /* if it exists */ i++; } @@ -444,15 +444,15 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) } memcpy (&session->internals.priorities, priority, - sizeof (struct gnutls_priority_st)); + sizeof (struct gnutls_priority_st)); /* set the current version to the first in the chain. * This will be overridden later. */ if (session->internals.priorities.protocol.algorithms > 0) _gnutls_set_current_version (session, - session->internals.priorities.protocol. - priority[0]); + session->internals.priorities.protocol. + priority[0]); return 0; } @@ -574,7 +574,7 @@ gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) **/ int gnutls_priority_init (gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos) + const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size = 0, i = 0, j; @@ -624,185 +624,185 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, for (; i < broken_list_size; i++) { if (strcasecmp (broken_list[i], "PERFORMANCE") == 0) - { - _set_priority (&(*priority_cache)->cipher, - cipher_priority_performance); - _set_priority (&(*priority_cache)->kx, kx_priority_performance); - _set_priority (&(*priority_cache)->mac, mac_priority_performance); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } + { + _set_priority (&(*priority_cache)->cipher, + cipher_priority_performance); + _set_priority (&(*priority_cache)->kx, kx_priority_performance); + _set_priority (&(*priority_cache)->mac, mac_priority_performance); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } else if (strcasecmp (broken_list[i], "NORMAL") == 0) - { - _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); - _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } + { + _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); + _set_priority (&(*priority_cache)->kx, kx_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } else if (strcasecmp (broken_list[i], "SECURE256") == 0 - || strcasecmp (broken_list[i], "SECURE") == 0) - { - _set_priority (&(*priority_cache)->cipher, - cipher_priority_secure256); - _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_secure256); - } + || strcasecmp (broken_list[i], "SECURE") == 0) + { + _set_priority (&(*priority_cache)->cipher, + cipher_priority_secure256); + _set_priority (&(*priority_cache)->kx, kx_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure256); + } else if (strcasecmp (broken_list[i], "SECURE128") == 0) - { - _set_priority (&(*priority_cache)->cipher, - cipher_priority_secure128); - _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_secure128); - } + { + _set_priority (&(*priority_cache)->cipher, + cipher_priority_secure128); + _set_priority (&(*priority_cache)->kx, kx_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_secure128); + } else if (strcasecmp (broken_list[i], "EXPORT") == 0) - { - _set_priority (&(*priority_cache)->cipher, cipher_priority_export); - _set_priority (&(*priority_cache)->kx, kx_priority_export); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } /* now check if the element is something like -ALGO */ + { + _set_priority (&(*priority_cache)->cipher, cipher_priority_export); + _set_priority (&(*priority_cache)->kx, kx_priority_export); + _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } /* now check if the element is something like -ALGO */ else if (broken_list[i][0] == '!' || broken_list[i][0] == '+' - || broken_list[i][0] == '-') - { - if (broken_list[i][0] == '+') - fn = prio_add; - else - fn = prio_remove; - - if ((algo = - gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) - fn (&(*priority_cache)->mac, algo); - else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) != - GNUTLS_CIPHER_UNKNOWN) - fn (&(*priority_cache)->cipher, algo); - else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) != - GNUTLS_KX_UNKNOWN) - fn (&(*priority_cache)->kx, algo); - else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0) - { - if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0) - { - _set_priority (&(*priority_cache)->protocol, - protocol_priority); - } - else - { - if ((algo = - gnutls_protocol_get_id (&broken_list[i][6])) != - GNUTLS_VERSION_UNKNOWN) - fn (&(*priority_cache)->protocol, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) - { - if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0) - { - _set_priority (&(*priority_cache)->compression, - comp_priority); - } - else - { - if ((algo = - gnutls_compression_get_id (&broken_list[i][6])) != - GNUTLS_COMP_UNKNOWN) - fn (&(*priority_cache)->compression, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) - { - if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0) - { - _set_priority (&(*priority_cache)->cert_type, - cert_type_priority); - } - else - { - if ((algo = - gnutls_certificate_type_get_id (&broken_list[i][7])) != - GNUTLS_CRT_UNKNOWN) - fn (&(*priority_cache)->cert_type, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) - { - if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0) - { - _set_priority (&(*priority_cache)->sign_algo, - sign_priority_default); - } - else - { - if ((algo = - gnutls_sign_get_id (&broken_list[i][6])) != - GNUTLS_SIGN_UNKNOWN) - fn (&(*priority_cache)->sign_algo, algo); - else - goto error; - } - } /* now check if the element is something like -ALGO */ - else - goto error; - } + || broken_list[i][0] == '-') + { + if (broken_list[i][0] == '+') + fn = prio_add; + else + fn = prio_remove; + + if ((algo = + gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN) + fn (&(*priority_cache)->mac, algo); + else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) != + GNUTLS_CIPHER_UNKNOWN) + fn (&(*priority_cache)->cipher, algo); + else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) != + GNUTLS_KX_UNKNOWN) + fn (&(*priority_cache)->kx, algo); + else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0) + { + if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0) + { + _set_priority (&(*priority_cache)->protocol, + protocol_priority); + } + else + { + if ((algo = + gnutls_protocol_get_id (&broken_list[i][6])) != + GNUTLS_VERSION_UNKNOWN) + fn (&(*priority_cache)->protocol, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0) + { + if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0) + { + _set_priority (&(*priority_cache)->compression, + comp_priority); + } + else + { + if ((algo = + gnutls_compression_get_id (&broken_list[i][6])) != + GNUTLS_COMP_UNKNOWN) + fn (&(*priority_cache)->compression, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0) + { + if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0) + { + _set_priority (&(*priority_cache)->cert_type, + cert_type_priority); + } + else + { + if ((algo = + gnutls_certificate_type_get_id (&broken_list[i][7])) != + GNUTLS_CRT_UNKNOWN) + fn (&(*priority_cache)->cert_type, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0) + { + if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0) + { + _set_priority (&(*priority_cache)->sign_algo, + sign_priority_default); + } + else + { + if ((algo = + gnutls_sign_get_id (&broken_list[i][6])) != + GNUTLS_SIGN_UNKNOWN) + fn (&(*priority_cache)->sign_algo, algo); + else + goto error; + } + } /* now check if the element is something like -ALGO */ + else + goto error; + } else if (broken_list[i][0] == '%') - { - if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) - { - (*priority_cache)->no_padding = 1; - (*priority_cache)->allow_large_records = 1; - } - else if (strcasecmp (&broken_list[i][1], - "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) - { - prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); - (*priority_cache)->additional_verify_flags |= - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; - } - else if (strcasecmp (&broken_list[i][1], - "SSL3_RECORD_VERSION") == 0) - (*priority_cache)->no_ssl3_record_version = 0; - else if (strcasecmp (&broken_list[i][1], - "LATEST_RECORD_VERSION") == 0) - (*priority_cache)->no_ssl3_record_version = 1; - else if (strcasecmp (&broken_list[i][1], - "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) - (*priority_cache)->additional_verify_flags |= - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; - else if (strcasecmp (&broken_list[i][1], - "UNSAFE_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_UNSAFE; - } - else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_SAFE; - } - else if (strcasecmp (&broken_list[i][1], - "PARTIAL_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_PARTIAL; - } - else if (strcasecmp (&broken_list[i][1], - "DISABLE_SAFE_RENEGOTIATION") == 0) - { - (*priority_cache)->sr = SR_DISABLED; - } - else - goto error; - } + { + if (strcasecmp (&broken_list[i][1], "COMPAT") == 0) + { + (*priority_cache)->no_padding = 1; + (*priority_cache)->allow_large_records = 1; + } + else if (strcasecmp (&broken_list[i][1], + "VERIFY_ALLOW_SIGN_RSA_MD5") == 0) + { + prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5); + (*priority_cache)->additional_verify_flags |= + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; + } + else if (strcasecmp (&broken_list[i][1], + "SSL3_RECORD_VERSION") == 0) + (*priority_cache)->no_ssl3_record_version = 0; + else if (strcasecmp (&broken_list[i][1], + "LATEST_RECORD_VERSION") == 0) + (*priority_cache)->no_ssl3_record_version = 1; + else if (strcasecmp (&broken_list[i][1], + "VERIFY_ALLOW_X509_V1_CA_CRT") == 0) + (*priority_cache)->additional_verify_flags |= + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; + else if (strcasecmp (&broken_list[i][1], + "UNSAFE_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_UNSAFE; + } + else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_SAFE; + } + else if (strcasecmp (&broken_list[i][1], + "PARTIAL_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_PARTIAL; + } + else if (strcasecmp (&broken_list[i][1], + "DISABLE_SAFE_RENEGOTIATION") == 0) + { + (*priority_cache)->sr = SR_DISABLED; + } + else + goto error; + } else - goto error; + goto error; } gnutls_free (darg); @@ -813,9 +813,9 @@ error: { *err_pos = priorities; for (j = 0; j < i; j++) - { - (*err_pos) += strlen (broken_list[j]) + 1; - } + { + (*err_pos) += strlen (broken_list[j]) + 1; + } } gnutls_free (darg); gnutls_free (*priority_cache); @@ -853,7 +853,7 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache) **/ int gnutls_priority_set_direct (gnutls_session_t session, - const char *priorities, const char **err_pos) + const char *priorities, const char **err_pos) { gnutls_priority_t prio; int ret; @@ -882,8 +882,8 @@ gnutls_priority_set_direct (gnutls_session_t session, */ static void break_comma_list (char *etag, - char **broken_etag, int *elements, int max_elements, - char sep) + char **broken_etag, int *elements, int max_elements, + char sep) { char *p = etag; if (sep == 0) @@ -899,14 +899,14 @@ break_comma_list (char *etag, p = strchr (p, sep); if (p) - { - *p = 0; - p++; /* move to next entry and skip white - * space. - */ - while (*p == ' ') - p++; - } + { + *p = 0; + p++; /* move to next entry and skip white + * space. + */ + while (*p == ' ') + p++; + } } while (p != NULL && *elements < max_elements); } diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index e6b932a207..a398621ebc 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -95,7 +95,7 @@ gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits) return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits); case GNUTLS_PRIVKEY_X509: if (bits) - *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]); + *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]); return gnutls_x509_privkey_get_pk_algorithm (key->key.x509); default: gnutls_assert (); @@ -106,8 +106,8 @@ gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits) static int privkey_to_pubkey (gnutls_pk_algorithm_t pk, - const bigint_t * params, int params_size, - bigint_t * new_params, int *new_params_size) + const bigint_t * params, int params_size, + bigint_t * new_params, int *new_params_size) { int ret, i; @@ -115,11 +115,11 @@ privkey_to_pubkey (gnutls_pk_algorithm_t pk, { case GNUTLS_PK_RSA: if (*new_params_size < RSA_PUBLIC_PARAMS - || params_size < RSA_PRIVATE_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + || params_size < RSA_PRIVATE_PARAMS) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } new_params[0] = _gnutls_mpi_copy (params[0]); new_params[1] = _gnutls_mpi_copy (params[1]); @@ -127,20 +127,20 @@ privkey_to_pubkey (gnutls_pk_algorithm_t pk, *new_params_size = RSA_PUBLIC_PARAMS; if (new_params[0] == NULL || new_params[1] == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } break; case GNUTLS_PK_DSA: if (*new_params_size < DSA_PUBLIC_PARAMS - || params_size < DSA_PRIVATE_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + || params_size < DSA_PRIVATE_PARAMS) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } new_params[0] = _gnutls_mpi_copy (params[0]); new_params[1] = _gnutls_mpi_copy (params[1]); @@ -150,12 +150,12 @@ privkey_to_pubkey (gnutls_pk_algorithm_t pk, *new_params_size = DSA_PUBLIC_PARAMS; if (new_params[0] == NULL || new_params[1] == NULL || - new_params[2] == NULL || new_params[3] == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } + new_params[2] == NULL || new_params[3] == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } break; default: @@ -175,7 +175,7 @@ cleanup: */ int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key, - bigint_t * params, int *params_size) + bigint_t * params, int *params_size) { int ret; gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm (key, NULL); @@ -185,38 +185,38 @@ _gnutls_privkey_get_public_mpis (gnutls_privkey_t key, #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: { - bigint_t tmp_params[MAX_PRIV_PARAMS_SIZE]; - int tmp_params_size = MAX_PRIV_PARAMS_SIZE; - uint32_t kid[2], i; - gnutls_openpgp_keyid_t keyid; - - ret = - gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp, - keyid); - if (ret == 0) - { - KEYID_IMPORT (kid, keyid); - ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid, - tmp_params, - &tmp_params_size); - } - else - ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL, - tmp_params, - &tmp_params_size); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = privkey_to_pubkey (pk, - tmp_params, tmp_params_size, - params, params_size); - - for (i = 0; i < tmp_params_size; i++) - _gnutls_mpi_release (&tmp_params[i]); + bigint_t tmp_params[MAX_PRIV_PARAMS_SIZE]; + int tmp_params_size = MAX_PRIV_PARAMS_SIZE; + uint32_t kid[2], i; + gnutls_openpgp_keyid_t keyid; + + ret = + gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp, + keyid); + if (ret == 0) + { + KEYID_IMPORT (kid, keyid); + ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid, + tmp_params, + &tmp_params_size); + } + else + ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL, + tmp_params, + &tmp_params_size); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = privkey_to_pubkey (pk, + tmp_params, tmp_params_size, + params, params_size); + + for (i = 0; i < tmp_params_size; i++) + _gnutls_mpi_release (&tmp_params[i]); } @@ -224,9 +224,9 @@ _gnutls_privkey_get_public_mpis (gnutls_privkey_t key, #endif case GNUTLS_PRIVKEY_X509: ret = privkey_to_pubkey (pk, - key->key.x509->params, - key->key.x509->params_size, params, - params_size); + key->key.x509->params, + key->key.x509->params_size, params, + params_size); break; default: gnutls_assert (); @@ -272,12 +272,12 @@ gnutls_privkey_deinit (gnutls_privkey_t key) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: - return gnutls_openpgp_privkey_deinit (key->key.openpgp); + return gnutls_openpgp_privkey_deinit (key->key.openpgp); #endif case GNUTLS_PRIVKEY_PKCS11: - return gnutls_pkcs11_privkey_deinit (key->key.pkcs11); + return gnutls_pkcs11_privkey_deinit (key->key.pkcs11); case GNUTLS_PRIVKEY_X509: - return gnutls_x509_privkey_deinit (key->key.x509); + return gnutls_x509_privkey_deinit (key->key.x509); } gnutls_free (key); } @@ -296,7 +296,7 @@ gnutls_privkey_deinit (gnutls_privkey_t key) **/ int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t key, unsigned int flags) + gnutls_pkcs11_privkey_t key, unsigned int flags) { pkey->key.pkcs11 = key; pkey->type = GNUTLS_PRIVKEY_PKCS11; @@ -320,7 +320,7 @@ gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, **/ int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, - gnutls_x509_privkey_t key, unsigned int flags) + gnutls_x509_privkey_t key, unsigned int flags) { pkey->key.x509 = key; pkey->type = GNUTLS_PRIVKEY_X509; @@ -345,8 +345,8 @@ gnutls_privkey_import_x509 (gnutls_privkey_t pkey, **/ int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, - gnutls_openpgp_privkey_t key, - unsigned int flags) + gnutls_openpgp_privkey_t key, + unsigned int flags) { pkey->key.openpgp = key; pkey->type = GNUTLS_PRIVKEY_OPENPGP; @@ -375,10 +375,10 @@ gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, **/ int gnutls_privkey_sign_data (gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; @@ -434,10 +434,10 @@ cleanup: **/ int gnutls_privkey_sign_hash2 (gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; @@ -486,23 +486,23 @@ cleanup: -*/ int _gnutls_privkey_sign_hash (gnutls_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { switch (key->type) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: return _gnutls_openpgp_privkey_sign_hash (key->key.openpgp, - hash, signature); + hash, signature); #endif case GNUTLS_PRIVKEY_PKCS11: return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11, - hash, signature); + hash, signature); case GNUTLS_PRIVKEY_X509: return _gnutls_soft_sign (key->key.x509->pk_algorithm, - key->key.x509->params, - key->key.x509->params_size, hash, signature); + key->key.x509->params, + key->key.x509->params_size, hash, signature); default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -524,9 +524,9 @@ _gnutls_privkey_sign_hash (gnutls_privkey_t key, **/ int gnutls_privkey_decrypt_data (gnutls_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { if (key->pk_algorithm != GNUTLS_PK_RSA) { @@ -539,16 +539,16 @@ gnutls_privkey_decrypt_data (gnutls_privkey_t key, #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: return gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags, - ciphertext, plaintext); + ciphertext, plaintext); #endif case GNUTLS_PRIVKEY_X509: return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, - key->key.x509->params, - key->key.x509->params_size, 2); + key->key.x509->params, + key->key.x509->params_size, 2); case GNUTLS_PRIVKEY_PKCS11: return gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11, - flags, - ciphertext, plaintext); + flags, + ciphertext, plaintext); default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c index a1f27740ac..20b9a06f33 100644 --- a/lib/gnutls_psk.c +++ b/lib/gnutls_psk.c @@ -92,9 +92,9 @@ gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc) **/ int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res, - const char *username, - const gnutls_datum_t * key, - gnutls_psk_key_flags flags) + const char *username, + const gnutls_datum_t * key, + gnutls_psk_key_flags flags) { int ret; @@ -111,31 +111,31 @@ gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res, if (flags == GNUTLS_PSK_KEY_RAW) { if (_gnutls_set_datum (&res->key, key->data, key->size) < 0) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; + } } else - { /* HEX key */ + { /* HEX key */ size_t size; size = res->key.size = key->size / 2; res->key.data = gnutls_malloc (size); if (res->key.data == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; + } ret = gnutls_hex_decode (key, (char *) res->key.data, &size); res->key.size = (unsigned int) size; if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } @@ -195,7 +195,7 @@ gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc) **/ int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t - res, const char *password_file) + res, const char *password_file) { if (password_file == NULL) @@ -237,7 +237,7 @@ gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t **/ int gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res, - const char *hint) + const char *hint) { res->hint = gnutls_strdup (hint); if (res->hint == NULL) @@ -271,9 +271,9 @@ gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res, **/ void gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t - cred, - gnutls_psk_server_credentials_function - * func) + cred, + gnutls_psk_server_credentials_function + * func) { cred->pwd_callback = func; } @@ -300,9 +300,9 @@ gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t **/ void gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t - cred, - gnutls_psk_client_credentials_function - * func) + cred, + gnutls_psk_client_credentials_function + * func) { cred->get_function = func; } @@ -379,13 +379,13 @@ gnutls_psk_client_get_hint (gnutls_session_t session) **/ int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result, - size_t * result_size) + size_t * result_size) { int ret; ret = _gnutls_hex2bin (hex_data->data, hex_data->size, (opaque *) result, - result_size); + result_size); if (ret < 0) return ret; @@ -406,7 +406,7 @@ gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result, **/ int gnutls_hex_encode (const gnutls_datum_t * data, char *result, - size_t * result_size) + size_t * result_size) { size_t res = data->size + data->size + 1; @@ -433,7 +433,7 @@ gnutls_hex_encode (const gnutls_datum_t * data, char *result, **/ void gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res, - gnutls_dh_params_t dh_params) + gnutls_dh_params_t dh_params) { res->dh_params = dh_params; } @@ -449,7 +449,7 @@ gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res, **/ void gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res, - gnutls_params_function * func) + gnutls_params_function * func) { res->params_func = func; } diff --git a/lib/gnutls_psk_netconf.c b/lib/gnutls_psk_netconf.c index 42b589fd8d..3c24ba0497 100644 --- a/lib/gnutls_psk_netconf.c +++ b/lib/gnutls_psk_netconf.c @@ -47,9 +47,9 @@ **/ int gnutls_psk_netconf_derive_key (const char *password, - const char *psk_identity, - const char *psk_identity_hint, - gnutls_datum_t * output_key) + const char *psk_identity, + const char *psk_identity_hint, + gnutls_datum_t * output_key) { const char netconf_key_pad[] = "Key Pad for Netconf"; size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1); diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index 113d5a0da0..a169871b74 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -45,7 +45,7 @@ struct gnutls_pubkey_st { gnutls_pk_algorithm_t pk_algorithm; - unsigned int bits; /* an indication of the security parameter */ + unsigned int bits; /* an indication of the security parameter */ /* the size of params depends on the public * key algorithm @@ -57,9 +57,9 @@ struct gnutls_pubkey_st * [3] is public key */ bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_size; /* holds the size of MPI params */ + int params_size; /* holds the size of MPI params */ - unsigned int key_usage; /* bits from GNUTLS_KEY_* */ + unsigned int key_usage; /* bits from GNUTLS_KEY_* */ }; /** @@ -150,7 +150,7 @@ gnutls_pubkey_deinit (gnutls_pubkey_t key) **/ int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, - unsigned int flags) + unsigned int flags) { int ret; @@ -166,18 +166,18 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, case GNUTLS_PK_RSA: ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; case GNUTLS_PK_DSA: ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; default: @@ -203,7 +203,7 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, **/ int gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, - unsigned int usage, unsigned int flags) + unsigned int usage, unsigned int flags) { key->pk_algorithm = gnutls_privkey_get_pk_algorithm (pkey, &key->bits); @@ -212,7 +212,7 @@ gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, key->params_size = sizeof (key->params) / sizeof (key->params[0]); return _gnutls_privkey_get_public_mpis (pkey, key->params, - &key->params_size); + &key->params_size); } /** @@ -232,8 +232,8 @@ gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, **/ int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { int ret; @@ -244,8 +244,8 @@ gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, } ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm, - key->params, key->params_size, - hash, mand); + key->params, key->params_size, + hash, mand); return ret; } @@ -265,7 +265,7 @@ gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, **/ int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, - gnutls_pkcs11_obj_t obj, unsigned int flags) + gnutls_pkcs11_obj_t obj, unsigned int flags) { int ret; @@ -282,12 +282,12 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, { case GNUTLS_PK_RSA: ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0], - &obj->pubkey[1]); + &obj->pubkey[1]); break; case GNUTLS_PK_DSA: ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0], - &obj->pubkey[1], - &obj->pubkey[2], &obj->pubkey[3]); + &obj->pubkey[1], + &obj->pubkey[2], &obj->pubkey[3]); break; default: gnutls_assert (); @@ -318,9 +318,9 @@ gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, **/ int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flags) + gnutls_openpgp_crt_t crt, + gnutls_openpgp_keyid_t keyid, + unsigned int flags) { int ret; uint32_t kid32[2]; @@ -344,23 +344,23 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, { case GNUTLS_PK_RSA: ret = - _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params, - &key->params_size); + _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params, + &key->params_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; case GNUTLS_PK_DSA: ret = - _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params, - &key->params_size); + _gnutls_openpgp_crt_get_mpis (crt, kid32, key->params, + &key->params_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; default: gnutls_assert (); @@ -394,8 +394,8 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, **/ int gnutls_pubkey_export (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { int result; ASN1_TYPE spk = ASN1_TYPE_EMPTY; @@ -416,8 +416,8 @@ gnutls_pubkey_export (gnutls_pubkey_t key, result = _gnutls_x509_encode_and_copy_PKI_params (spk, "", - key->pk_algorithm, - key->params, key->params_size); + key->pk_algorithm, + key->params, key->params_size); if (result < 0) { gnutls_assert (); @@ -425,8 +425,8 @@ gnutls_pubkey_export (gnutls_pubkey_t key, } result = _gnutls_x509_export_int_named (spk, "", - format, PK_PEM_HEADER, - output_data, output_data_size); + format, PK_PEM_HEADER, + output_data, output_data_size); if (result < 0) { gnutls_assert (); @@ -464,8 +464,8 @@ cleanup: **/ int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) + unsigned char *output_data, + size_t * output_data_size) { int ret = 0; @@ -477,7 +477,7 @@ gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, ret = _gnutls_get_key_id (key->pk_algorithm, key->params, - key->params_size, output_data, output_data_size); + key->params_size, output_data, output_data_size); if (ret < 0) { gnutls_assert (); @@ -501,7 +501,7 @@ gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, **/ int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e) + gnutls_datum_t * m, gnutls_datum_t * e) { int ret; @@ -551,8 +551,8 @@ gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, **/ int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { int ret; @@ -626,8 +626,8 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, **/ int gnutls_pubkey_import (gnutls_pubkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -650,15 +650,15 @@ gnutls_pubkey_import (gnutls_pubkey_t key, /* Try the first header */ result = - _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out); + _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out); if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } _data.data = out; _data.size = result; @@ -729,10 +729,10 @@ gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) } result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - key->pk_algorithm, - key->params, - key->params_size); + "tbsCertificate.subjectPublicKeyInfo", + key->pk_algorithm, + key->params, + key->params_size); if (result < 0) { @@ -818,7 +818,7 @@ gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage) int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, - unsigned int flags) + unsigned int flags) { gnutls_pkcs11_obj_t pcrt; int ret; @@ -866,8 +866,8 @@ cleanup: **/ int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e) + const gnutls_datum_t * m, + const gnutls_datum_t * e) { size_t siz = 0; @@ -915,10 +915,10 @@ gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, **/ int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y) + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y) { size_t siz = 0; @@ -984,8 +984,8 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, **/ int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { int ret; @@ -997,7 +997,7 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, ret = pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm, - key->params, key->params_size); + key->params, key->params_size); return ret; } @@ -1016,8 +1016,8 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, **/ int gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash) { if (key == NULL) { @@ -1026,8 +1026,8 @@ gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, } return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) - hash, signature, - key->pk_algorithm, - key->params, key->params_size); + hash, signature, + key->pk_algorithm, + key->params, key->params_size); } diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index c960a8ed3a..dda177b925 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -63,7 +63,7 @@ gnutls_protocol_get_version (gnutls_session_t session) void _gnutls_set_current_version (gnutls_session_t session, - gnutls_protocol_t version) + gnutls_protocol_t version) { session->security_parameters.version = version; } @@ -115,7 +115,7 @@ gnutls_record_disable_padding (gnutls_session_t session) **/ void gnutls_transport_set_ptr (gnutls_session_t session, - gnutls_transport_ptr_t ptr) + gnutls_transport_ptr_t ptr) { session->internals.transport_recv_ptr = ptr; session->internals.transport_send_ptr = ptr; @@ -134,8 +134,8 @@ gnutls_transport_set_ptr (gnutls_session_t session, **/ void gnutls_transport_set_ptr2 (gnutls_session_t session, - gnutls_transport_ptr_t recv_ptr, - gnutls_transport_ptr_t send_ptr) + gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr) { session->internals.transport_send_ptr = send_ptr; session->internals.transport_recv_ptr = recv_ptr; @@ -169,8 +169,8 @@ gnutls_transport_get_ptr (gnutls_session_t session) **/ void gnutls_transport_get_ptr2 (gnutls_session_t session, - gnutls_transport_ptr_t * recv_ptr, - gnutls_transport_ptr_t * send_ptr) + gnutls_transport_ptr_t * recv_ptr, + gnutls_transport_ptr_t * send_ptr) { *recv_ptr = session->internals.transport_recv_ptr; @@ -222,41 +222,41 @@ gnutls_bye (gnutls_session_t session, gnutls_close_request_t how) ret = _gnutls_io_write_flush (session); STATE = STATE60; if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } case STATE61: ret = - gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); + gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY); STATE = STATE61; if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } case STATE62: STATE = STATE62; if (how == GNUTLS_SHUT_RDWR) - { - do - { - _gnutls_io_clear_peeked_data (session); - ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0); - } - while (ret == GNUTLS_E_GOT_APPLICATION_DATA); - - if (ret >= 0) - session->internals.may_not_read = 1; - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + do + { + _gnutls_io_clear_peeked_data (session); + ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0); + } + while (ret == GNUTLS_E_GOT_APPLICATION_DATA); + + if (ret >= 0) + session->internals.may_not_read = 1; + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } STATE = STATE62; break; @@ -300,7 +300,7 @@ session_is_valid (gnutls_session_t session) */ inline static void copy_record_version (gnutls_session_t session, - gnutls_handshake_description_t htype, opaque version[2]) + gnutls_handshake_description_t htype, opaque version[2]) { gnutls_protocol_t lver; @@ -335,9 +335,9 @@ copy_record_version (gnutls_session_t session, */ ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, - unsigned int epoch_rel, const void *_data, - size_t sizeofdata, unsigned int mflags) + gnutls_handshake_description_t htype, + unsigned int epoch_rel, const void *_data, + size_t sizeofdata, unsigned int mflags) { mbuffer_st *bufel; size_t cipher_size; @@ -375,11 +375,11 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, return GNUTLS_E_INVALID_REQUEST; } - if (type != GNUTLS_ALERT) /* alert messages are sent anyway */ + if (type != GNUTLS_ALERT) /* alert messages are sent anyway */ if (session_is_valid (session) || session->internals.may_not_write != 0) { - gnutls_assert (); - return GNUTLS_E_INVALID_SESSION; + gnutls_assert (); + return GNUTLS_E_INVALID_SESSION; } headers[0] = type; @@ -407,9 +407,9 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, { ret = _gnutls_io_write_flush (session); if (ret > 0) - cipher_size = ret; + cipher_size = ret; else - cipher_size = 0; + cipher_size = 0; retval = session->internals.record_send_buffer_user_size; } @@ -421,25 +421,25 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, cipher_size = data2send_size + MAX_RECORD_OVERHEAD; bufel = _mbuffer_alloc (cipher_size, cipher_size); if (bufel == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } cipher_size = - _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data, - data2send_size, _mbuffer_get_udata_ptr (bufel), - cipher_size, type, - (session->internals.priorities.no_padding == - 0) ? 1 : 0, record_params); + _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data, + data2send_size, _mbuffer_get_udata_ptr (bufel), + cipher_size, type, + (session->internals.priorities.no_padding == + 0) ? 1 : 0, record_params); if (cipher_size <= 0) - { - gnutls_assert (); - if (cipher_size == 0) - cipher_size = GNUTLS_E_ENCRYPTION_FAILED; - gnutls_free (bufel); - return cipher_size; /* error */ - } + { + gnutls_assert (); + if (cipher_size == 0) + cipher_size = GNUTLS_E_ENCRYPTION_FAILED; + gnutls_free (bufel); + return cipher_size; /* error */ + } retval = data2send_size; session->internals.record_send_buffer_user_size = data2send_size; @@ -447,12 +447,12 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, /* increase sequence number */ if (_gnutls_uint64pp (&record_state->sequence_number) != 0) - { - session_invalidate (session); - gnutls_assert (); - gnutls_free (bufel); - return GNUTLS_E_RECORD_LIMIT_REACHED; - } + { + session_invalidate (session); + gnutls_assert (); + gnutls_free (bufel); + return GNUTLS_E_RECORD_LIMIT_REACHED; + } _mbuffer_set_udata_size (bufel, cipher_size); ret = _gnutls_io_write_buffered (session, bufel, mflags); @@ -461,19 +461,19 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, if (ret != cipher_size) { if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - { - /* If we have sent any data then just return - * the error value. Do not invalidate the session. - */ - gnutls_assert (); - return ret; - } + { + /* If we have sent any data then just return + * the error value. Do not invalidate the session. + */ + gnutls_assert (); + return ret; + } if (ret > 0) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + } session_unresumable (session); session->internals.may_not_write = 1; gnutls_assert (); @@ -483,11 +483,11 @@ _gnutls_send_int (gnutls_session_t session, content_type_t type, session->internals.record_send_buffer_user_size = 0; _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) with length: %d\n", - session, - (int) - _gnutls_uint64touint32 - (&record_state->sequence_number), - _gnutls_packet2str (type), type, (int) cipher_size); + session, + (int) + _gnutls_uint64touint32 + (&record_state->sequence_number), + _gnutls_packet2str (type), type, (int) cipher_size); return retval; } @@ -504,7 +504,7 @@ _gnutls_send_change_cipher_spec (gnutls_session_t session, int again) if (again == 0) return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, - EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH); + EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH); else { return _gnutls_io_write_flush (session); @@ -535,7 +535,7 @@ check_recv_type (content_type_t recv_type) */ static int check_buffers (gnutls_session_t session, content_type_t type, - opaque * data, int sizeofdata) + opaque * data, int sizeofdata) { if ((type == GNUTLS_APPLICATION_DATA || type == GNUTLS_HANDSHAKE || @@ -545,20 +545,20 @@ check_buffers (gnutls_session_t session, content_type_t type, int ret, ret2; ret = _gnutls_record_buffer_get (type, session, data, sizeofdata); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* if the buffer just got empty */ if (_gnutls_record_buffer_get_size (type, session) == 0) - { - if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0) - { - gnutls_assert (); - return ret2; - } - } + { + if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0) + { + gnutls_assert (); + return ret2; + } + } return ret; } @@ -572,12 +572,12 @@ check_buffers (gnutls_session_t session, content_type_t type, */ static int record_check_headers (gnutls_session_t session, - uint8_t headers[RECORD_HEADER_SIZE], - content_type_t type, - gnutls_handshake_description_t htype, - /*output */ content_type_t * recv_type, - opaque version[2], uint16_t * length, - uint16_t * header_size) + uint8_t headers[RECORD_HEADER_SIZE], + content_type_t type, + gnutls_handshake_description_t htype, + /*output */ content_type_t * recv_type, + opaque version[2], uint16_t * length, + uint16_t * header_size) { /* Read the first two bytes to determine if this is a @@ -591,15 +591,15 @@ record_check_headers (gnutls_session_t session, /* if msb set and expecting handshake message * it should be SSL 2 hello */ - version[0] = 3; /* assume SSL 3.0 */ + version[0] = 3; /* assume SSL 3.0 */ version[1] = 0; *length = (((headers[0] & 0x7f) << 8)) | headers[1]; /* SSL 2.0 headers */ *header_size = 2; - *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello - */ + *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello + */ /* in order to assist the handshake protocol. * V2 compatibility is a mess. @@ -607,7 +607,7 @@ record_check_headers (gnutls_session_t session, session->internals.v2_hello = *length; _gnutls_record_log ("REC[%p]: V2 packet received. Length: %d\n", - session, *length); + session, *length); } else @@ -631,24 +631,24 @@ record_check_headers (gnutls_session_t session, */ inline static int record_check_version (gnutls_session_t session, - gnutls_handshake_description_t htype, opaque version[2]) + gnutls_handshake_description_t htype, opaque version[2]) { if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO) { /* Reject hello packets with major version higher than 3. */ if (version[0] > 3) - { - gnutls_assert (); - _gnutls_record_log - ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session, - htype, version[0], version[1]); - return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; - } + { + gnutls_assert (); + _gnutls_record_log + ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session, + htype, version[0], version[1]); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; + } } else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO && - gnutls_protocol_get_version (session) != - _gnutls_version_get (version[0], version[1])) + gnutls_protocol_get_version (session) != + _gnutls_version_get (version[0], version[1])) { /* Reject record packets that have a different version than the * one negotiated. Note that this version is not protected by any @@ -656,7 +656,7 @@ record_check_version (gnutls_session_t session, */ gnutls_assert (); _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", - session, htype, version[0], version[1]); + session, htype, version[0], version[1]); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } @@ -669,141 +669,141 @@ record_check_version (gnutls_session_t session, */ static int record_check_type (gnutls_session_t session, - content_type_t recv_type, content_type_t type, - gnutls_handshake_description_t htype, opaque * data, - int data_size) + content_type_t recv_type, content_type_t type, + gnutls_handshake_description_t htype, opaque * data, + int data_size) { int ret; if ((recv_type == type) && (type == GNUTLS_APPLICATION_DATA || - type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION)) + type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION)) { _gnutls_record_buffer_put (type, session, (void *) data, data_size); } else { switch (recv_type) - { - case GNUTLS_ALERT: - - _gnutls_record_log - ("REC[%p]: Alert[%d|%d] - %s - was received\n", session, - data[0], data[1], gnutls_alert_get_name ((int) data[1])); - - session->internals.last_alert = data[1]; - - /* if close notify is received and - * the alert is not fatal - */ - if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) - { - /* If we have been expecting for an alert do - */ - session->internals.read_eof = 1; - return GNUTLS_E_INT_RET_0; /* EOF */ - } - else - { - - /* if the alert is FATAL or WARNING - * return the apropriate message - */ - - gnutls_assert (); - ret = GNUTLS_E_WARNING_ALERT_RECEIVED; - if (data[0] == GNUTLS_AL_FATAL) - { - session_unresumable (session); - session_invalidate (session); - ret = GNUTLS_E_FATAL_ALERT_RECEIVED; - } - - return ret; - } - break; - - case GNUTLS_CHANGE_CIPHER_SPEC: - /* this packet is now handled in the recv_int() - * function - */ - gnutls_assert (); - - return GNUTLS_E_UNEXPECTED_PACKET; - - case GNUTLS_APPLICATION_DATA: - /* even if data is unexpected put it into the buffer */ - if ((ret = - _gnutls_record_buffer_put (recv_type, session, - (void *) data, data_size)) < 0) - { - gnutls_assert (); - return ret; - } - - /* the got_application data is only returned - * if expecting client hello (for rehandshake - * reasons). Otherwise it is an unexpected packet - */ - if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO - && type == GNUTLS_HANDSHAKE)) - return GNUTLS_E_GOT_APPLICATION_DATA; - else - { - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - } - - break; - case GNUTLS_HANDSHAKE: - /* This is legal if HELLO_REQUEST is received - and we are a client. - * If we are a server, a client may initiate a renegotiation at any time. - */ - if (session->security_parameters.entity == GNUTLS_SERVER) - { - gnutls_assert (); - ret = - _gnutls_record_buffer_put (recv_type, session, (void *) data, - data_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - return GNUTLS_E_REHANDSHAKE; - } - - /* If we are already in a handshake then a Hello - * Request is illegal. But here we don't really care - * since this message will never make it up here. - */ - - /* So we accept it */ - return _gnutls_recv_hello_request (session, data, data_size); - - break; - case GNUTLS_INNER_APPLICATION: - /* even if data is unexpected put it into the buffer */ - if ((ret = _gnutls_record_buffer_put (recv_type, session, - (void *) data, - data_size)) < 0) - { - gnutls_assert (); - return ret; - } - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET; - break; - default: - - _gnutls_record_log - ("REC[%p]: Received Unknown packet %d expecting %d\n", - session, recv_type, type); - - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + case GNUTLS_ALERT: + + _gnutls_record_log + ("REC[%p]: Alert[%d|%d] - %s - was received\n", session, + data[0], data[1], gnutls_alert_get_name ((int) data[1])); + + session->internals.last_alert = data[1]; + + /* if close notify is received and + * the alert is not fatal + */ + if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL) + { + /* If we have been expecting for an alert do + */ + session->internals.read_eof = 1; + return GNUTLS_E_INT_RET_0; /* EOF */ + } + else + { + + /* if the alert is FATAL or WARNING + * return the apropriate message + */ + + gnutls_assert (); + ret = GNUTLS_E_WARNING_ALERT_RECEIVED; + if (data[0] == GNUTLS_AL_FATAL) + { + session_unresumable (session); + session_invalidate (session); + ret = GNUTLS_E_FATAL_ALERT_RECEIVED; + } + + return ret; + } + break; + + case GNUTLS_CHANGE_CIPHER_SPEC: + /* this packet is now handled in the recv_int() + * function + */ + gnutls_assert (); + + return GNUTLS_E_UNEXPECTED_PACKET; + + case GNUTLS_APPLICATION_DATA: + /* even if data is unexpected put it into the buffer */ + if ((ret = + _gnutls_record_buffer_put (recv_type, session, + (void *) data, data_size)) < 0) + { + gnutls_assert (); + return ret; + } + + /* the got_application data is only returned + * if expecting client hello (for rehandshake + * reasons). Otherwise it is an unexpected packet + */ + if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO + && type == GNUTLS_HANDSHAKE)) + return GNUTLS_E_GOT_APPLICATION_DATA; + else + { + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET; + } + + break; + case GNUTLS_HANDSHAKE: + /* This is legal if HELLO_REQUEST is received - and we are a client. + * If we are a server, a client may initiate a renegotiation at any time. + */ + if (session->security_parameters.entity == GNUTLS_SERVER) + { + gnutls_assert (); + ret = + _gnutls_record_buffer_put (recv_type, session, (void *) data, + data_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + return GNUTLS_E_REHANDSHAKE; + } + + /* If we are already in a handshake then a Hello + * Request is illegal. But here we don't really care + * since this message will never make it up here. + */ + + /* So we accept it */ + return _gnutls_recv_hello_request (session, data, data_size); + + break; + case GNUTLS_INNER_APPLICATION: + /* even if data is unexpected put it into the buffer */ + if ((ret = _gnutls_record_buffer_put (recv_type, session, + (void *) data, + data_size)) < 0) + { + gnutls_assert (); + return ret; + } + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET; + break; + default: + + _gnutls_record_log + ("REC[%p]: Received Unknown packet %d expecting %d\n", + session, recv_type, type); + + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } } return 0; @@ -838,13 +838,13 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) /* Initialize the internal buffer. */ session->internals.recv_buffer.data = - gnutls_realloc (session->internals.recv_buffer.data, max_record_size); + gnutls_realloc (session->internals.recv_buffer.data, max_record_size); if (session->internals.recv_buffer.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } session->internals.recv_buffer.size = max_record_size; } @@ -867,8 +867,8 @@ get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp) */ ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, - opaque * data, size_t sizeofdata) + gnutls_handshake_description_t htype, + opaque * data, size_t sizeofdata) { int decrypted_length; opaque version[2]; @@ -918,7 +918,7 @@ begin: return 0; } else if (session_is_valid (session) != 0 - || session->internals.may_not_read != 0) + || session->internals.may_not_read != 0) { gnutls_assert (); return GNUTLS_E_INVALID_SESSION; @@ -940,14 +940,14 @@ begin: _gnutls_io_read_buffered (session, header_size, -1)) != header_size) { if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - return ret; + return ret; session_invalidate (session); if (type == GNUTLS_ALERT) - { - gnutls_assert (); - return 0; /* we were expecting close notify */ - } + { + gnutls_assert (); + return 0; /* we were expecting close notify */ + } session_unresumable (session); gnutls_assert (); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; @@ -964,7 +964,7 @@ begin: if ((ret = record_check_headers (session, data_enc.data, type, htype, &recv_type, - version, &length, &header_size)) < 0) + version, &length, &header_size)) < 0) { gnutls_assert (); return ret; @@ -994,16 +994,16 @@ begin: (int) _gnutls_uint64touint32 (&record_state->sequence_number), _gnutls_packet2str (type), type, (int) sizeofdata); _gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n", - session, - (int) - _gnutls_uint64touint32 (&record_state->sequence_number), - _gnutls_packet2str (recv_type), recv_type, length); + session, + (int) + _gnutls_uint64touint32 (&record_state->sequence_number), + _gnutls_packet2str (recv_type), recv_type, length); if (length > MAX_RECV_SIZE) { _gnutls_record_log - ("REC[%p]: FATAL ERROR: Received packet with length: %d\n", - session, length); + ("REC[%p]: FATAL ERROR: Received packet with length: %d\n", + session, length); session_unresumable (session); session_invalidate (session); @@ -1015,10 +1015,10 @@ begin: */ if ((ret = _gnutls_io_read_buffered (session, header_size + length, - recv_type)) != header_size + length) + recv_type)) != header_size + length) { if (ret < 0 && gnutls_error_is_fatal (ret) == 0) - return ret; + return ret; session_unresumable (session); session_invalidate (session); @@ -1050,7 +1050,7 @@ begin: */ ret = _gnutls_decrypt (session, ciphertext, length, tmp.data, tmp.size, - recv_type, record_params); + recv_type, record_params); if (ret < 0) { session_unresumable (session); @@ -1059,7 +1059,7 @@ begin: return ret; } _mbuffer_remove_bytes (&session->internals.record_recv_buffer, - header_size + length); + header_size + length); decrypted_length = ret; /* Check if this is a CHANGE_CIPHER_SPEC @@ -1069,13 +1069,13 @@ begin: { _gnutls_record_log - ("REC[%p]: ChangeCipherSpec Packet was received\n", session); + ("REC[%p]: ChangeCipherSpec Packet was received\n", session); if ((size_t) ret != sizeofdata) - { /* sizeofdata should be 1 */ - gnutls_assert (); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { /* sizeofdata should be 1 */ + gnutls_assert (); + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } memcpy (data, tmp.data, sizeofdata); return ret; @@ -1097,11 +1097,11 @@ begin: ret = record_check_type (session, recv_type, type, htype, tmp.data, - decrypted_length); + decrypted_length); if (ret < 0) { if (ret == GNUTLS_E_INT_RET_0) - return 0; + return 0; gnutls_assert (); return ret; } @@ -1115,21 +1115,21 @@ begin: ret = _gnutls_record_buffer_get (type, session, data, sizeofdata); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* if the buffer just got empty */ if (_gnutls_record_buffer_get_size (type, session) == 0) - { - if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0) - { - gnutls_assert (); - return ret2; - } - } + { + if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0) + { + gnutls_assert (); + return ret2; + } + } } else { @@ -1186,11 +1186,11 @@ begin: **/ ssize_t gnutls_record_send (gnutls_session_t session, const void *data, - size_t sizeofdata) + size_t sizeofdata) { return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1, - EPOCH_WRITE_CURRENT, data, sizeofdata, - MBUFFER_FLUSH); + EPOCH_WRITE_CURRENT, data, sizeofdata, + MBUFFER_FLUSH); } /** @@ -1227,5 +1227,5 @@ ssize_t gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata) { return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data, - sizeofdata); + sizeofdata); } diff --git a/lib/gnutls_record.h b/lib/gnutls_record.h index 6e920daa70..32773143fc 100644 --- a/lib/gnutls_record.h +++ b/lib/gnutls_record.h @@ -30,12 +30,12 @@ #include <gnutls_buffers.h> ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t htype, - unsigned int epoch_rel, const void *data, - size_t sizeofdata, unsigned int mflags); + gnutls_handshake_description_t htype, + unsigned int epoch_rel, const void *data, + size_t sizeofdata, unsigned int mflags); ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type, - gnutls_handshake_description_t, opaque * data, - size_t sizeofdata); + gnutls_handshake_description_t, opaque * data, + size_t sizeofdata); ssize_t _gnutls_send_change_cipher_spec (gnutls_session_t session, int again); #endif diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index a2d2e50316..e867927c56 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -66,12 +66,12 @@ _gnutls_rsa_params_to_mpi (gnutls_rsa_params_t rsa_params) **/ int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u) + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u) { return gnutls_x509_privkey_import_rsa_raw (rsa_params, m, e, d, p, q, u); } @@ -167,8 +167,8 @@ gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits) **/ int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params, - const gnutls_datum_t * pkcs1_params, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * pkcs1_params, + gnutls_x509_crt_fmt_t format) { return gnutls_x509_privkey_import (params, pkcs1_params, format); } @@ -191,12 +191,12 @@ gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params, **/ int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params, - gnutls_x509_crt_fmt_t format, - unsigned char *params_data, - size_t * params_data_size) + gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * params_data_size) { return gnutls_x509_privkey_export (params, format, - params_data, params_data_size); + params_data, params_data_size); } /** @@ -218,10 +218,10 @@ gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params, **/ int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - unsigned int *bits) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u, + unsigned int *bits) { int ret; diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c index 1383ba52f9..6a37f13c6d 100644 --- a/lib/gnutls_session.c +++ b/lib/gnutls_session.c @@ -48,7 +48,7 @@ **/ int gnutls_session_get_data (gnutls_session_t session, - void *session_data, size_t * session_data_size) + void *session_data, size_t * session_data_size) { gnutls_datum_t psession; @@ -146,7 +146,7 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data) **/ int gnutls_session_get_id (gnutls_session_t session, - void *session_id, size_t * session_id_size) + void *session_id, size_t * session_id_size) { size_t given_session_id_size = *session_id_size; @@ -164,7 +164,7 @@ gnutls_session_get_id (gnutls_session_t session, } memcpy (session_id, &session->security_parameters.session_id, - *session_id_size); + *session_id_size); return 0; } @@ -189,7 +189,7 @@ gnutls_session_get_id (gnutls_session_t session, **/ int gnutls_session_set_data (gnutls_session_t session, - const void *session_data, size_t session_data_size) + const void *session_data, size_t session_data_size) { int ret; gnutls_datum_t psession; diff --git a/lib/gnutls_session_pack.c b/lib/gnutls_session_pack.c index aa6b8e3026..1579864313 100644 --- a/lib/gnutls_session_pack.c +++ b/lib/gnutls_session_pack.c @@ -45,29 +45,29 @@ #include <gnutls_constate.h> static int pack_certificate_auth_info (gnutls_session_t, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int unpack_certificate_auth_info (gnutls_session_t, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int unpack_srp_auth_info (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int pack_srp_auth_info (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int unpack_psk_auth_info (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int pack_psk_auth_info (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int unpack_anon_auth_info (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int pack_anon_auth_info (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int unpack_security_parameters (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); static int pack_security_parameters (gnutls_session_t session, - gnutls_buffer_st * packed_session); + gnutls_buffer_st * packed_session); /* Since auth_info structures contain malloced data, this function @@ -80,7 +80,7 @@ static int pack_security_parameters (gnutls_session_t session, */ int _gnutls_session_pack (gnutls_session_t session, - gnutls_datum_t * packed_session) + gnutls_datum_t * packed_session) { int ret; gnutls_buffer_st sb; @@ -103,39 +103,39 @@ _gnutls_session_pack (gnutls_session_t session, case GNUTLS_CRD_SRP: ret = pack_srp_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: ret = pack_psk_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; #endif #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: ret = pack_anon_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; #endif case GNUTLS_CRD_CERTIFICATE: ret = pack_certificate_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; default: return GNUTLS_E_INTERNAL_ERROR; @@ -171,7 +171,7 @@ _gnutls_session_pack (gnutls_session_t session, */ int _gnutls_session_unpack (gnutls_session_t session, - const gnutls_datum_t * packed_session) + const gnutls_datum_t * packed_session) { int ret; gnutls_buffer_st sb; @@ -187,7 +187,7 @@ _gnutls_session_unpack (gnutls_session_t session, ret = _gnutls_buffer_append_data (&sb, packed_session->data, - packed_session->size); + packed_session->size); if (ret < 0) { gnutls_assert (); @@ -207,39 +207,39 @@ _gnutls_session_unpack (gnutls_session_t session, case GNUTLS_CRD_SRP: ret = unpack_srp_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } break; #endif #ifdef ENABLE_PSK case GNUTLS_CRD_PSK: ret = unpack_psk_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } break; #endif #ifdef ENABLE_ANON case GNUTLS_CRD_ANON: ret = unpack_anon_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; #endif case GNUTLS_CRD_CERTIFICATE: ret = unpack_certificate_auth_info (session, &sb); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } break; default: gnutls_assert (); @@ -315,19 +315,19 @@ pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM (ps, info->dh.secret_bits); BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size); BUFFER_APPEND_PFX (ps, info->dh.generator.data, - info->dh.generator.size); + info->dh.generator.size); BUFFER_APPEND_PFX (ps, info->dh.public_key.data, - info->dh.public_key.size); + info->dh.public_key.size); BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data, - info->rsa_export.modulus.size); + info->rsa_export.modulus.size); BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data, - info->rsa_export.exponent.size); + info->rsa_export.exponent.size); BUFFER_APPEND_NUM (ps, info->ncerts); for (i = 0; i < info->ncerts; i++) - BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data, - info->raw_certificate_list[i].size); + BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data, + info->raw_certificate_list[i].size); } /* write the real size */ @@ -350,13 +350,13 @@ unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_POP_NUM (ps, pack_size); if (pack_size == 0) - return 0; /* nothing to be done */ + return 0; /* nothing to be done */ /* client and server have the same auth_info here */ ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE, - sizeof (cert_auth_info_st), 1); + sizeof (cert_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -383,13 +383,13 @@ unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) if (info->ncerts > 0) { info->raw_certificate_list = - gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t)); + gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t)); if (info->raw_certificate_list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; + } } for (i = 0; i < info->ncerts; i++) @@ -410,7 +410,7 @@ error: _gnutls_free_datum (&info->rsa_export.exponent); for (j = 0; j < i; j++) - _gnutls_free_datum (&info->raw_certificate_list[j]); + _gnutls_free_datum (&info->raw_certificate_list[j]); gnutls_free (info->raw_certificate_list); } @@ -437,7 +437,7 @@ pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) size_t cur_size; if (info && info->username) - len = strlen (info->username) + 1; /* include the terminating null */ + len = strlen (info->username) + 1; /* include the terminating null */ else len = 0; @@ -471,7 +471,7 @@ unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) ret = _gnutls_auth_info_set (session, GNUTLS_CRD_SRP, - sizeof (srp_server_auth_info_st), 1); + sizeof (srp_server_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -526,9 +526,9 @@ pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND_NUM (ps, info->dh.secret_bits); BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size); BUFFER_APPEND_PFX (ps, info->dh.generator.data, - info->dh.generator.size); + info->dh.generator.size); BUFFER_APPEND_PFX (ps, info->dh.public_key.data, - info->dh.public_key.size); + info->dh.public_key.size); } /* write the real size */ @@ -548,13 +548,13 @@ unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_POP_NUM (ps, pack_size); if (pack_size == 0) - return 0; /* nothing to be done */ + return 0; /* nothing to be done */ /* client and server have the same auth_info here */ ret = _gnutls_auth_info_set (session, GNUTLS_CRD_ANON, - sizeof (anon_auth_info_st), 1); + sizeof (anon_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -618,12 +618,12 @@ pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) info = _gnutls_get_auth_info (session); if (info && info->username) - username_len = strlen (info->username) + 1; /* include the terminating null */ + username_len = strlen (info->username) + 1; /* include the terminating null */ else username_len = 0; if (info && info->hint) - hint_len = strlen (info->hint) + 1; /* include the terminating null */ + hint_len = strlen (info->hint) + 1; /* include the terminating null */ else hint_len = 0; @@ -654,7 +654,7 @@ unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps) ret = _gnutls_auth_info_set (session, GNUTLS_CRD_PSK, - sizeof (psk_auth_info_st), 1); + sizeof (psk_auth_info_st), 1); if (ret < 0) { gnutls_assert (); @@ -769,25 +769,25 @@ pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) BUFFER_APPEND (ps, &session->security_parameters.entity, 1); BUFFER_APPEND (ps, &session->security_parameters.kx_algorithm, 1); BUFFER_APPEND (ps, - &session->security_parameters.current_cipher_suite.suite[0], - 1); + &session->security_parameters.current_cipher_suite.suite[0], + 1); BUFFER_APPEND (ps, - &session->security_parameters.current_cipher_suite.suite[1], - 1); + &session->security_parameters.current_cipher_suite.suite[1], + 1); BUFFER_APPEND (ps, ¶ms->compression_algorithm, 1); BUFFER_APPEND (ps, &session->security_parameters.cert_type, 1); BUFFER_APPEND (ps, &session->security_parameters.version, 1); BUFFER_APPEND (ps, session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + GNUTLS_MASTER_SIZE); BUFFER_APPEND (ps, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); BUFFER_APPEND (ps, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size); BUFFER_APPEND (ps, session->security_parameters.session_id, - session->security_parameters.session_id_size); + session->security_parameters.session_id_size); BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size); BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size); @@ -811,48 +811,48 @@ unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps) return GNUTLS_E_INVALID_REQUEST; memset (&session->internals.resumed_security_parameters, 0, - sizeof (session->internals.resumed_security_parameters)); + sizeof (session->internals.resumed_security_parameters)); BUFFER_POP (ps, &session->internals.resumed_security_parameters.entity, 1); BUFFER_POP (ps, - &session->internals.resumed_security_parameters.kx_algorithm, - 1); + &session->internals.resumed_security_parameters.kx_algorithm, + 1); BUFFER_POP (ps, - &session->internals. - resumed_security_parameters.current_cipher_suite.suite[0], 1); + &session->internals. + resumed_security_parameters.current_cipher_suite.suite[0], 1); BUFFER_POP (ps, - &session->internals.resumed_security_parameters. - current_cipher_suite.suite[1], 1); + &session->internals.resumed_security_parameters. + current_cipher_suite.suite[1], 1); BUFFER_POP (ps, &session->internals.resumed_compression_method, 1); BUFFER_POP (ps, &session->internals.resumed_security_parameters.cert_type, - 1); + 1); BUFFER_POP (ps, &session->internals.resumed_security_parameters.version, 1); BUFFER_POP (ps, - &session->internals.resumed_security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + &session->internals.resumed_security_parameters.master_secret, + GNUTLS_MASTER_SIZE); BUFFER_POP (ps, - &session->internals.resumed_security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + &session->internals.resumed_security_parameters.client_random, + GNUTLS_RANDOM_SIZE); BUFFER_POP (ps, - &session->internals.resumed_security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + &session->internals.resumed_security_parameters.server_random, + GNUTLS_RANDOM_SIZE); BUFFER_POP_NUM (ps, - session->internals. - resumed_security_parameters.session_id_size); + session->internals. + resumed_security_parameters.session_id_size); BUFFER_POP (ps, &session->internals.resumed_security_parameters.session_id, - session->internals.resumed_security_parameters.session_id_size); + session->internals.resumed_security_parameters.session_id_size); BUFFER_POP_NUM (ps, - session->internals. - resumed_security_parameters.max_record_send_size); + session->internals. + resumed_security_parameters.max_record_send_size); BUFFER_POP_NUM (ps, - session->internals. - resumed_security_parameters.max_record_recv_size); + session->internals. + resumed_security_parameters.max_record_recv_size); BUFFER_POP_NUM (ps, - session->internals.resumed_security_parameters.timestamp); + session->internals.resumed_security_parameters.timestamp); if (timestamp - session->internals.resumed_security_parameters.timestamp > session->internals.expire_time diff --git a/lib/gnutls_session_pack.h b/lib/gnutls_session_pack.h index 44dabcd2de..f5e8f5424a 100644 --- a/lib/gnutls_session_pack.h +++ b/lib/gnutls_session_pack.h @@ -24,6 +24,6 @@ */ int _gnutls_session_pack (gnutls_session_t session, - gnutls_datum_t * packed_session); + gnutls_datum_t * packed_session); int _gnutls_session_unpack (gnutls_session_t session, - const gnutls_datum_t * packed_session); + const gnutls_datum_t * packed_session); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 1c60ef46e5..961203f228 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -44,9 +44,9 @@ static int _gnutls_tls_sign (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey_t pkey, - const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature); + gnutls_cert * cert, gnutls_privkey_t pkey, + const gnutls_datum_t * hash_concat, + gnutls_datum_t * signature); /* While this is currently equal to the length of RSA/SHA512 * signature, it should also be sufficient for DSS signature and any @@ -60,8 +60,8 @@ _gnutls_tls_sign (gnutls_session_t session, */ static int _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { ASN1_TYPE di; const char *oid; @@ -82,7 +82,7 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, } if ((result = asn1_write_value (di, "digestAlgorithm.algorithm", - oid, strlen (oid))) != ASN1_SUCCESS) + oid, strlen (oid))) != ASN1_SUCCESS) { gnutls_assert (); asn1_delete_structure (&di); @@ -91,7 +91,7 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, /* Use NULL parameters. */ if ((result = asn1_write_value (di, "digestAlgorithm.parameters", - ASN1_NULL, ASN1_NULL_SIZE)) != ASN1_SUCCESS) + ASN1_NULL, ASN1_NULL_SIZE)) != ASN1_SUCCESS) { gnutls_assert (); asn1_delete_structure (&di); @@ -99,7 +99,7 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, } if ((result = asn1_write_value (di, "digest", - hash->data, hash->size)) != ASN1_SUCCESS) + hash->data, hash->size)) != ASN1_SUCCESS) { gnutls_assert (); asn1_delete_structure (&di); @@ -128,9 +128,9 @@ _gnutls_rsa_encode_sig (gnutls_mac_algorithm_t algo, */ int _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, - gnutls_privkey_t pkey, gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t * sign_algo) + gnutls_privkey_t pkey, gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t * sign_algo) { gnutls_datum_t dconcat; int ret; @@ -141,7 +141,7 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, *sign_algo = _gnutls_session_get_sign_algo (session, cert->subject_pk_algorithm, - &hash_algo); + &hash_algo); if (*sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert (); @@ -156,60 +156,60 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, } _gnutls_hash (&td_sha, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); _gnutls_hash (&td_sha, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); _gnutls_hash (&td_sha, params->data, params->size); switch (cert->subject_pk_algorithm) { case GNUTLS_PK_RSA: if (!_gnutls_version_has_selectable_prf (ver)) - { - digest_hd_st td_md5; - - ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_hash (&td_md5, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); - _gnutls_hash (&td_md5, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); - _gnutls_hash (&td_md5, params->data, params->size); - - _gnutls_hash_deinit (&td_md5, concat); - _gnutls_hash_deinit (&td_sha, &concat[16]); - - dconcat.data = concat; - dconcat.size = 36; - } + { + digest_hd_st td_md5; + + ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + _gnutls_hash (&td_md5, session->security_parameters.client_random, + GNUTLS_RANDOM_SIZE); + _gnutls_hash (&td_md5, session->security_parameters.server_random, + GNUTLS_RANDOM_SIZE); + _gnutls_hash (&td_md5, params->data, params->size); + + _gnutls_hash_deinit (&td_md5, concat); + _gnutls_hash_deinit (&td_sha, &concat[16]); + + dconcat.data = concat; + dconcat.size = 36; + } else - { /* TLS 1.2 way */ - gnutls_datum_t hash; + { /* TLS 1.2 way */ + gnutls_datum_t hash; - _gnutls_hash_deinit (&td_sha, concat); + _gnutls_hash_deinit (&td_sha, concat); - hash.data = concat; - hash.size = _gnutls_hash_get_algo_len (hash_algo); - dconcat.data = concat; - dconcat.size = sizeof concat; + hash.data = concat; + hash.size = _gnutls_hash_get_algo_len (hash_algo); + dconcat.data = concat; + dconcat.size = sizeof concat; - _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat); - } + _gnutls_rsa_encode_sig (hash_algo, &hash, &dconcat); + } break; case GNUTLS_PK_DSA: _gnutls_hash_deinit (&td_sha, concat); if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224) - && (hash_algo != GNUTLS_DIG_SHA256)) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + && (hash_algo != GNUTLS_DIG_SHA256)) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } dconcat.data = concat; dconcat.size = _gnutls_hash_get_algo_len (hash_algo); break; @@ -235,8 +235,8 @@ _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert, */ int _gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params, - int params_size, const gnutls_datum_t * data, - gnutls_datum_t * signature) + int params_size, const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; @@ -245,20 +245,20 @@ _gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params, case GNUTLS_PK_RSA: /* encrypt */ if ((ret = _gnutls_pkcs1_rsa_encrypt (signature, data, params, - params_size, 1)) < 0) - { - gnutls_assert (); - return ret; - } + params_size, 1)) < 0) + { + gnutls_assert (); + return ret; + } break; case GNUTLS_PK_DSA: /* sign */ if ((ret = _gnutls_dsa_sign (signature, data, params, params_size)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; default: gnutls_assert (); @@ -275,9 +275,9 @@ _gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params, */ static int _gnutls_tls_sign (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey_t pkey, - const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature) + gnutls_cert * cert, gnutls_privkey_t pkey, + const gnutls_datum_t * hash_concat, + gnutls_datum_t * signature) { /* If our certificate supports signing @@ -286,22 +286,22 @@ _gnutls_tls_sign (gnutls_session_t session, if (cert != NULL) { if (cert->key_usage != 0) - if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) - { - gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } + if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) + { + gnutls_assert (); + return GNUTLS_E_KEY_USAGE_VIOLATION; + } /* External signing. */ if (!pkey) - { - if (!session->internals.sign_func) - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + { + if (!session->internals.sign_func) + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - return (*session->internals.sign_func) - (session, session->internals.sign_func_userdata, - cert->cert_type, &cert->raw, hash_concat, signature); - } + return (*session->internals.sign_func) + (session, session->internals.sign_func_userdata, + cert->cert_type, &cert->raw, hash_concat, signature); + } } return _gnutls_privkey_sign_hash (pkey, hash_concat, signature); @@ -309,17 +309,17 @@ _gnutls_tls_sign (gnutls_session_t session, static int _gnutls_verify_sig (gnutls_cert * cert, - const gnutls_datum_t * hash_concat, - gnutls_datum_t * signature, size_t sha1pos, - gnutls_pk_algorithm_t pk_algo) + const gnutls_datum_t * hash_concat, + gnutls_datum_t * signature, size_t sha1pos, + gnutls_pk_algorithm_t pk_algo) { int ret; gnutls_datum_t vdata; if (cert == NULL || cert->version == 0) - { /* this is the only way to check - * if it is initialized - */ + { /* this is the only way to check + * if it is initialized + */ gnutls_assert (); return GNUTLS_E_CERTIFICATE_ERROR; } @@ -329,8 +329,8 @@ _gnutls_verify_sig (gnutls_cert * cert, if (cert->key_usage != 0) if (!(cert->key_usage & KEY_DIGITAL_SIGNATURE)) { - gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; + gnutls_assert (); + return GNUTLS_E_KEY_USAGE_VIOLATION; } if (pk_algo == GNUTLS_PK_UNKNOWN) @@ -344,11 +344,11 @@ _gnutls_verify_sig (gnutls_cert * cert, /* verify signature */ if ((ret = _gnutls_rsa_verify (&vdata, signature, cert->params, - cert->params_size, 1)) < 0) - { - gnutls_assert (); - return ret; - } + cert->params_size, 1)) < 0) + { + gnutls_assert (); + return ret; + } break; case GNUTLS_PK_DSA: @@ -358,11 +358,11 @@ _gnutls_verify_sig (gnutls_cert * cert, /* verify signature */ if ((ret = _gnutls_dsa_verify (&vdata, signature, cert->params, - cert->params_size)) < 0) - { - gnutls_assert (); - return ret; - } + cert->params_size)) < 0) + { + gnutls_assert (); + return ret; + } break; @@ -382,9 +382,9 @@ _gnutls_verify_sig (gnutls_cert * cert, */ int _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t algo) + const gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t algo) { gnutls_datum_t dconcat; int ret; @@ -405,15 +405,15 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, { ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } _gnutls_hash (&td_md5, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); _gnutls_hash (&td_md5, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); _gnutls_hash (&td_md5, params->data, params->size); } @@ -425,14 +425,14 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, { gnutls_assert (); if (!_gnutls_version_has_selectable_prf (ver)) - _gnutls_hash_deinit (&td_md5, NULL); + _gnutls_hash_deinit (&td_md5, NULL); return ret; } _gnutls_hash (&td_sha, session->security_parameters.client_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); _gnutls_hash (&td_sha, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); _gnutls_hash (&td_sha, params->data, params->size); if (!_gnutls_version_has_selectable_prf (ver)) @@ -457,9 +457,9 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, } ret = _gnutls_verify_sig (cert, &dconcat, signature, - dconcat.size - - _gnutls_hash_get_algo_len (hash_algo), - _gnutls_sign_get_pk_algorithm (algo)); + dconcat.size - + _gnutls_hash_get_algo_len (hash_algo), + _gnutls_sign_get_pk_algorithm (algo)); if (ret < 0) { gnutls_assert (); @@ -477,9 +477,9 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert, */ static int _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, - gnutls_cert * cert, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t sign_algo) + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; @@ -499,12 +499,12 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; _sign_algo = - _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo != _sign_algo) - { - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } } ret = _gnutls_hash_copy (&td, handshake_td); @@ -521,7 +521,7 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, ret = _gnutls_verify_sig (cert, &dconcat, signature, 0, - cert->subject_pk_algorithm); + cert->subject_pk_algorithm); if (ret < 0) { gnutls_assert (); @@ -537,9 +537,9 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session, */ int _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, - gnutls_cert * cert, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t sign_algo) + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t sign_algo) { int ret; opaque concat[MAX_SIG_SIZE]; @@ -552,10 +552,10 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, HANDSHAKE_MAC_TYPE_12) { return _gnutls_handshake_verify_cert_vrfy12 (session, cert, signature, - sign_algo); + sign_algo); } else if (session->security_parameters.handshake_mac_handle_type != - HANDSHAKE_MAC_TYPE_10) + HANDSHAKE_MAC_TYPE_10) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -563,7 +563,7 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, ret = _gnutls_hash_copy (&td_md5, - &session->internals.handshake_mac_handle.tls10.md5); + &session->internals.handshake_mac_handle.tls10.md5); if (ret < 0) { gnutls_assert (); @@ -572,7 +572,7 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, ret = _gnutls_hash_copy (&td_sha, - &session->internals.handshake_mac_handle.tls10.sha); + &session->internals.handshake_mac_handle.tls10.sha); if (ret < 0) { gnutls_assert (); @@ -584,19 +584,19 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, { ret = _gnutls_generate_master (session, 1); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat, - session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE); _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16], - session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE); } else { @@ -605,11 +605,11 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, } dconcat.data = concat; - dconcat.size = 20 + 16; /* md5+ sha */ + dconcat.size = 20 + 16; /* md5+ sha */ ret = _gnutls_verify_sig (cert, &dconcat, signature, 16, - cert->subject_pk_algorithm); + cert->subject_pk_algorithm); if (ret < 0) { gnutls_assert (); @@ -624,8 +624,8 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, */ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey_t pkey, - gnutls_datum_t * signature) + gnutls_cert * cert, gnutls_privkey_t pkey, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -649,29 +649,29 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, handshake_td = &session->internals.handshake_mac_handle.tls12.sha256; hash_algo = handshake_td->algorithm; sign_algo = - _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); + _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo); if (sign_algo == GNUTLS_SIGN_UNKNOWN) - { - gnutls_assert (); - return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; - } + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; + } ret = _gnutls_session_sign_algo_requested (session, sign_algo); if (ret < 0) - { - gnutls_assert (); - _gnutls_x509_log - ("Server did not allow either '%s' or '%s' for signing\n", - gnutls_mac_get_name (hash_algo), - gnutls_mac_get_name (session->internals.handshake_mac_handle. - tls12.sha1.algorithm)); - return ret; - } + { + gnutls_assert (); + _gnutls_x509_log + ("Server did not allow either '%s' or '%s' for signing\n", + gnutls_mac_get_name (hash_algo), + gnutls_mac_get_name (session->internals.handshake_mac_handle. + tls12.sha1.algorithm)); + return ret; + } } _gnutls_x509_log ("sign handshake cert vrfy: picked %s with %s\n", - gnutls_sign_algorithm_get_name (sign_algo), - gnutls_mac_get_name (hash_algo)); + gnutls_sign_algorithm_get_name (sign_algo), + gnutls_mac_get_name (hash_algo)); ret = _gnutls_hash_copy (&td, handshake_td); if (ret < 0) @@ -706,8 +706,8 @@ _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, */ int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, - gnutls_cert * cert, gnutls_privkey_t pkey, - gnutls_datum_t * signature) + gnutls_cert * cert, gnutls_privkey_t pkey, + gnutls_datum_t * signature) { gnutls_datum_t dconcat; int ret; @@ -720,10 +720,10 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, HANDSHAKE_MAC_TYPE_12) { return _gnutls_handshake_sign_cert_vrfy12 (session, cert, pkey, - signature); + signature); } else if (session->security_parameters.handshake_mac_handle_type != - HANDSHAKE_MAC_TYPE_10) + HANDSHAKE_MAC_TYPE_10) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -731,7 +731,7 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, ret = _gnutls_hash_copy (&td_sha, - &session->internals.handshake_mac_handle.tls10.sha); + &session->internals.handshake_mac_handle.tls10.sha); if (ret < 0) { gnutls_assert (); @@ -742,15 +742,15 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, { ret = _gnutls_generate_master (session, 1); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16], - session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE); } else _gnutls_hash_deinit (&td_sha, &concat[16]); @@ -759,22 +759,22 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, { case GNUTLS_PK_RSA: ret = - _gnutls_hash_copy (&td_md5, - &session->internals.handshake_mac_handle.tls10. - md5); + _gnutls_hash_copy (&td_md5, + &session->internals.handshake_mac_handle.tls10. + md5); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (ver == GNUTLS_SSL3) - _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat, - session-> - security_parameters.master_secret, - GNUTLS_MASTER_SIZE); + _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat, + session-> + security_parameters.master_secret, + GNUTLS_MASTER_SIZE); else - _gnutls_hash_deinit (&td_md5, concat); + _gnutls_hash_deinit (&td_md5, concat); dconcat.data = concat; dconcat.size = 36; @@ -797,9 +797,10 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, return ret; } -int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, - bigint_t * params, - const gnutls_datum_t * data, gnutls_datum_t * digest) +int +pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, + bigint_t * params, + const gnutls_datum_t * data, gnutls_datum_t * digest) { int ret; @@ -807,7 +808,7 @@ int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, { case GNUTLS_PK_RSA: if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 && - hash != GNUTLS_DIG_SHA256) + hash != GNUTLS_DIG_SHA256) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; @@ -821,7 +822,7 @@ int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, } break; default: - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } @@ -833,17 +834,17 @@ int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, return GNUTLS_E_MEMORY_ERROR; } - ret = _gnutls_hash_fast(hash, data->data, data->size, digest->data); + ret = _gnutls_hash_fast (hash, data->data, data->size, digest->data); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); goto cleanup; } return 0; cleanup: - gnutls_free(digest->data); + gnutls_free (digest->data); return ret; } @@ -852,13 +853,13 @@ cleanup: */ static int encode_ber_digest_info (gnutls_digest_algorithm_t hash, - const gnutls_datum_t * digest, - gnutls_datum_t * output) + const gnutls_datum_t * digest, + gnutls_datum_t * output) { ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; int result; const char *algo; - opaque* tmp_output; + opaque *tmp_output; int tmp_output_size; algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash); @@ -870,8 +871,8 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, } if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.DigestInfo", - &dinfo)) != ASN1_SUCCESS) + "GNUTLS.DigestInfo", + &dinfo)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -891,7 +892,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, Regardless of what is correct, this appears to be what most implementations do. */ result = asn1_write_value (dinfo, "digestAlgorithm.parameters", - ASN1_NULL, ASN1_NULL_SIZE); + ASN1_NULL, ASN1_NULL_SIZE); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -927,7 +928,7 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, } asn1_delete_structure (&dinfo); - + output->size = tmp_output_size; output->data = tmp_output; @@ -941,29 +942,28 @@ encode_ber_digest_info (gnutls_digest_algorithm_t hash, */ int pk_prepare_hash (gnutls_pk_algorithm_t pk, - gnutls_digest_algorithm_t hash, - gnutls_datum_t * digest) + gnutls_digest_algorithm_t hash, gnutls_datum_t * digest) { int ret; gnutls_datum old_digest = { digest->data, digest->size }; - switch(pk) + switch (pk) { - case GNUTLS_PK_RSA: - /* Encode the digest as a DigestInfo - */ - if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0) - { - gnutls_assert (); - return ret; - } + case GNUTLS_PK_RSA: + /* Encode the digest as a DigestInfo + */ + if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0) + { + gnutls_assert (); + return ret; + } - _gnutls_free_datum(&old_digest); - case GNUTLS_PK_DSA: - break; - default: - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; + _gnutls_free_datum (&old_digest); + case GNUTLS_PK_DSA: + break; + default: + gnutls_assert (); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; } return 0; diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index 6b59d93dab..cce964faeb 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -29,41 +29,42 @@ #include <gnutls/abstract.h> int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session, - gnutls_cert * cert, - gnutls_privkey_t pkey, - gnutls_datum_t * signature); + gnutls_cert * cert, + gnutls_privkey_t pkey, + gnutls_datum_t * signature); int _gnutls_handshake_sign_data (gnutls_session_t session, - gnutls_cert * cert, - gnutls_privkey_t pkey, - gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t * algo); + gnutls_cert * cert, + gnutls_privkey_t pkey, + gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t * algo); int _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session, - gnutls_cert * cert, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t); + gnutls_cert * cert, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t); int _gnutls_handshake_verify_data (gnutls_session_t session, - gnutls_cert * cert, - const gnutls_datum_t * params, - gnutls_datum_t * signature, - gnutls_sign_algorithm_t algo); + gnutls_cert * cert, + const gnutls_datum_t * params, + gnutls_datum_t * signature, + gnutls_sign_algorithm_t algo); int _gnutls_soft_sign (gnutls_pk_algorithm_t algo, - bigint_t * params, int params_size, - const gnutls_datum_t * data, - gnutls_datum_t * signature); + bigint_t * params, int params_size, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int pk_prepare_hash (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, - gnutls_datum_t * output); -int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, - bigint_t * params, const gnutls_datum_t * data, gnutls_datum_t * digest); + gnutls_datum_t * output); +int pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, + bigint_t * params, const gnutls_datum_t * data, + gnutls_datum_t * digest); int _gnutls_privkey_sign_hash (gnutls_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + const gnutls_datum_t * hash, + gnutls_datum_t * signature); #endif diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 82ed6d54f8..df4e55e80e 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -44,7 +44,7 @@ int _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result, - bigint_t g, bigint_t prime, gnutls_alloc_function galloc_func) + bigint_t g, bigint_t prime, gnutls_alloc_function galloc_func) { bigint_t x, e; size_t result_size; @@ -73,7 +73,7 @@ _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result, { *result = galloc_func (result_size); if ((*result) == NULL) - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; _gnutls_mpi_print (e, *result, &result_size); ret = result_size; @@ -187,7 +187,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n) if (a_size > n_size || b_size > n_size) { gnutls_assert (); - return NULL; /* internal error */ + return NULL; /* internal error */ } holder_size = n_size + n_size; @@ -211,7 +211,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n) /* convert the bytes of hd to integer */ - hash_size = 20; /* SHA */ + hash_size = 20; /* SHA */ ret = _gnutls_mpi_scan_nz (&res, hd, hash_size); gnutls_free (holder); @@ -229,7 +229,7 @@ _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n) */ bigint_t _gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v, - bigint_t n) + bigint_t n) { bigint_t tmp1 = NULL, tmp2 = NULL; bigint_t S = NULL; @@ -294,8 +294,8 @@ _gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n) */ static int _gnutls_calc_srp_sha (const char *username, const char *password, - opaque * salt, int salt_size, size_t * size, - void *digest) + opaque * salt, int salt_size, size_t * size, + void *digest) { digest_hd_st td; opaque res[MAX_HASH_SIZE]; @@ -321,7 +321,7 @@ _gnutls_calc_srp_sha (const char *username, const char *password, } _gnutls_hash (&td, salt, salt_size); - _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */ + _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */ _gnutls_hash_deinit (&td, digest); @@ -330,11 +330,11 @@ _gnutls_calc_srp_sha (const char *username, const char *password, int _gnutls_calc_srp_x (char *username, char *password, opaque * salt, - size_t salt_size, size_t * size, void *digest) + size_t salt_size, size_t * size, void *digest) { return _gnutls_calc_srp_sha (username, password, salt, - salt_size, size, digest); + salt_size, size, digest); } @@ -343,7 +343,7 @@ _gnutls_calc_srp_x (char *username, char *password, opaque * salt, */ bigint_t _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a, - bigint_t u, bigint_t n) + bigint_t u, bigint_t n) { bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL; bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL; @@ -367,8 +367,8 @@ _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a, goto freeall; } - _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */ - _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */ + _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */ + _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */ _gnutls_mpi_subm (tmp2, B, tmp3, n); tmp4 = _gnutls_mpi_alloc_like (n); @@ -450,7 +450,7 @@ gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc) **/ int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res, - const char *username, const char *password) + const char *username, const char *password) { if (username == NULL || password == NULL) @@ -526,8 +526,8 @@ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc) **/ int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res, - const char *password_file, - const char *password_conf_file) + const char *password_file, + const char *password_conf_file) { if (password_file == NULL || password_conf_file == NULL) @@ -600,9 +600,9 @@ gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res, **/ void gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t - cred, - gnutls_srp_server_credentials_function - * func) + cred, + gnutls_srp_server_credentials_function + * func) { cred->pwd_callback = func; } @@ -634,9 +634,9 @@ gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t **/ void gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t - cred, - gnutls_srp_client_credentials_function - * func) + cred, + gnutls_srp_client_credentials_function + * func) { cred->get_function = func; } @@ -688,9 +688,9 @@ gnutls_srp_server_get_username (gnutls_session_t session) **/ int gnutls_srp_verifier (const char *username, const char *password, - const gnutls_datum_t * salt, - const gnutls_datum_t * generator, - const gnutls_datum_t * prime, gnutls_datum_t * res) + const gnutls_datum_t * salt, + const gnutls_datum_t * generator, + const gnutls_datum_t * prime, gnutls_datum_t * res) { bigint_t _n, _g; int ret; @@ -698,7 +698,7 @@ gnutls_srp_verifier (const char *username, const char *password, opaque digest[20]; ret = _gnutls_calc_srp_sha (username, password, salt->data, - salt->size, &digest_size, digest); + salt->size, &digest_size, digest); if (ret < 0) { gnutls_assert (); diff --git a/lib/gnutls_srp.h b/lib/gnutls_srp.h index 80f502aa78..76a257deac 100644 --- a/lib/gnutls_srp.h +++ b/lib/gnutls_srp.h @@ -26,17 +26,17 @@ #ifdef ENABLE_SRP int _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result, - bigint_t g, bigint_t prime, gnutls_alloc_function); + bigint_t g, bigint_t prime, gnutls_alloc_function); bigint_t _gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n, - bigint_t v); + bigint_t v); bigint_t _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t N); bigint_t _gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v, - bigint_t n); + bigint_t n); bigint_t _gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n); bigint_t _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a, - bigint_t u, bigint_t n); + bigint_t u, bigint_t n); int _gnutls_calc_srp_x (char *username, char *password, opaque * salt, - size_t salt_size, size_t * size, void *digest); + size_t salt_size, size_t * size, void *digest); int _gnutls_srp_gn (opaque ** ret_g, opaque ** ret_n, int bits); /* g is defined to be 2 */ diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index f253b196fa..2d9d79c544 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -53,11 +53,11 @@ them public functions? */ void _gnutls_rsa_pms_set_version (gnutls_session_t session, - unsigned char major, unsigned char minor); + unsigned char major, unsigned char minor); void _gnutls_session_cert_type_set (gnutls_session_t session, - gnutls_certificate_type_t ct) + gnutls_certificate_type_t ct) { session->security_parameters.cert_type = ct; } @@ -153,7 +153,7 @@ gnutls_compression_get (gnutls_session_t session) */ int _gnutls_session_cert_type_supported (gnutls_session_t session, - gnutls_certificate_type_t cert_type) + gnutls_certificate_type_t cert_type) { unsigned i; unsigned cert_found = 0; @@ -162,28 +162,28 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_SERVER) { cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL); if (cred == NULL) - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; if (cred->server_get_cert_callback == NULL - && cred->get_cert_callback == NULL) - { - for (i = 0; i < cred->ncerts; i++) - { - if (cred->cert_list[i][0].cert_type == cert_type) - { - cert_found = 1; - break; - } - } - - if (cert_found == 0) - /* no certificate is of that type. - */ - return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; - } + && cred->get_cert_callback == NULL) + { + for (i = 0; i < cred->ncerts; i++) + { + if (cred->cert_list[i][0].cert_type == cert_type) + { + cert_found = 1; + break; + } + } + + if (cert_found == 0) + /* no certificate is of that type. + */ + return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } } if (session->internals.priorities.cert_type.algorithms == 0 @@ -193,9 +193,9 @@ _gnutls_session_cert_type_supported (gnutls_session_t session, for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++) { if (session->internals.priorities.cert_type.priority[i] == cert_type) - { - return 0; /* ok */ - } + { + return 0; /* ok */ + } } return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; @@ -233,7 +233,7 @@ _gnutls_handshake_internal_state_init (gnutls_session_t session) session->internals.adv_version_minor = 0; session->internals.v2_hello = 0; memset (&session->internals.handshake_header_buffer, 0, - sizeof (handshake_header_buffer_st)); + sizeof (handshake_header_buffer_st)); session->internals.adv_version_minor = 0; session->internals.adv_version_minor = 0; session->internals.direction = 0; @@ -320,14 +320,14 @@ gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end) return GNUTLS_E_MEMORY_ERROR; } - (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ + (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */ gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS); - gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ + gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */ gnutls_handshake_set_max_packet_length ((*session), - MAX_HANDSHAKE_PACKET_SIZE); + MAX_HANDSHAKE_PACKET_SIZE); /* set the socket pointers to -1; */ @@ -398,8 +398,8 @@ gnutls_deinit (gnutls_session_t session) for (i = 0; i < MAX_EPOCH_INDEX; i++) if (session->record_parameters[i] != NULL) { - _gnutls_epoch_free (session, session->record_parameters[i]); - session->record_parameters[i] = NULL; + _gnutls_epoch_free (session, session->record_parameters[i]); + session->record_parameters[i] = NULL; } _gnutls_buffer_clear (&session->internals.ia_data_buffer); @@ -458,34 +458,34 @@ _gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public) { case GNUTLS_CRD_ANON: { - anon_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + anon_auth_info_t info; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } case GNUTLS_CRD_PSK: { - psk_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + psk_auth_info_t info; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } case GNUTLS_CRD_CERTIFICATE: { - cert_auth_info_t info; + cert_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } default: gnutls_assert (); @@ -512,35 +512,35 @@ _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits) { case GNUTLS_CRD_ANON: { - anon_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - info->dh.secret_bits = bits; - break; + anon_auth_info_t info; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + info->dh.secret_bits = bits; + break; } case GNUTLS_CRD_PSK: { - psk_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - info->dh.secret_bits = bits; - break; + psk_auth_info_t info; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + info->dh.secret_bits = bits; + break; } case GNUTLS_CRD_CERTIFICATE: { - cert_auth_info_t info; + cert_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - info->dh.secret_bits = bits; - break; + info->dh.secret_bits = bits; + break; default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } } @@ -552,7 +552,7 @@ _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits) */ int _gnutls_rsa_export_set_pubkey (gnutls_session_t session, - bigint_t exponent, bigint_t modulus) + bigint_t exponent, bigint_t modulus) { cert_auth_info_t info; int ret; @@ -598,34 +598,34 @@ _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime) { case GNUTLS_CRD_ANON: { - anon_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + anon_auth_info_t info; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } case GNUTLS_CRD_PSK: { - psk_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + psk_auth_info_t info; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } case GNUTLS_CRD_CERTIFICATE: { - cert_auth_info_t info; + cert_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } default: gnutls_assert (); @@ -673,7 +673,7 @@ _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime) **/ void gnutls_openpgp_send_cert (gnutls_session_t session, - gnutls_openpgp_crt_status_t status) + gnutls_openpgp_crt_status_t status) { session->internals.pgp_fingerprint = status; } @@ -695,7 +695,7 @@ gnutls_openpgp_send_cert (gnutls_session_t session, **/ void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session, - int status) + int status) { session->internals.ignore_rdn_sequence = status; } @@ -720,7 +720,7 @@ _gnutls_openpgp_send_fingerprint (gnutls_session_t session) -*/ void _gnutls_record_set_default_version (gnutls_session_t session, - unsigned char major, unsigned char minor) + unsigned char major, unsigned char minor) { session->internals.default_record_version[0] = major; session->internals.default_record_version[1] = minor; @@ -750,8 +750,8 @@ gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow) inline static int _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm, - const void *secret, int secret_size, - const void *seed, int seed_size, void *result) + const void *secret, int secret_size, + const void *seed, int seed_size, void *result) { digest_hd_st td1; int ret; @@ -776,9 +776,9 @@ _gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm, */ static int _gnutls_P_hash (gnutls_mac_algorithm_t algorithm, - const opaque * secret, int secret_size, - const opaque * seed, int seed_size, - int total_bytes, opaque * ret) + const opaque * secret, int secret_size, + const opaque * seed, int seed_size, + int total_bytes, opaque * ret) { digest_hd_st td2; @@ -812,20 +812,20 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm, { result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } /* here we calculate A(i+1) */ if ((result = - _gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp, - A_size, Atmp)) < 0) - { - gnutls_assert (); - _gnutls_hmac_deinit (&td2, final); - return result; - } + _gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp, + A_size, Atmp)) < 0) + { + gnutls_assert (); + _gnutls_hmac_deinit (&td2, final); + return result; + } A_size = blocksize; @@ -834,18 +834,18 @@ _gnutls_P_hash (gnutls_mac_algorithm_t algorithm, _gnutls_hmac_deinit (&td2, final); if ((1 + i) * blocksize < total_bytes) - { - how = blocksize; - } + { + how = blocksize; + } else - { - how = total_bytes - (i) * blocksize; - } + { + how = total_bytes - (i) * blocksize; + } if (how > 0) - { - memcpy (&ret[i * blocksize], final, how); - } + { + memcpy (&ret[i * blocksize], final, how); + } } return 0; @@ -873,9 +873,9 @@ _gnutls_xor (opaque * o1, opaque * o2, int length) */ int _gnutls_PRF (gnutls_session_t session, - const opaque * secret, int secret_size, const char *label, - int label_size, const opaque * seed, int seed_size, - int total_bytes, void *ret) + const opaque * secret, int secret_size, const char *label, + int label_size, const opaque * seed, int seed_size, + int total_bytes, void *ret) { int l_s, s_seed_size; const opaque *s1, *s2; @@ -904,13 +904,13 @@ _gnutls_PRF (gnutls_session_t session, if (_gnutls_version_has_selectable_prf (ver)) { result = - _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size, - s_seed, s_seed_size, total_bytes, ret); + _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size, + s_seed, s_seed_size, total_bytes, ret); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } else { @@ -920,34 +920,34 @@ _gnutls_PRF (gnutls_session_t session, s2 = &secret[l_s]; if (secret_size % 2 != 0) - { - l_s++; - } + { + l_s++; + } result = - _gnutls_P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, - total_bytes, o1); + _gnutls_P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size, + total_bytes, o1); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } result = - _gnutls_P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, - total_bytes, o2); + _gnutls_P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size, + total_bytes, o2); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } _gnutls_xor (o1, o2, total_bytes); memcpy (ret, o1, total_bytes); } - return 0; /* ok */ + return 0; /* ok */ } @@ -982,17 +982,17 @@ _gnutls_PRF (gnutls_session_t session, **/ int gnutls_prf_raw (gnutls_session_t session, - size_t label_size, - const char *label, - size_t seed_size, const char *seed, size_t outsize, char *out) + size_t label_size, + const char *label, + size_t seed_size, const char *seed, size_t outsize, char *out) { int ret; ret = _gnutls_PRF (session, - session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE, - label, - label_size, (opaque *) seed, seed_size, outsize, out); + session->security_parameters.master_secret, + GNUTLS_MASTER_SIZE, + label, + label_size, (opaque *) seed, seed_size, outsize, out); return ret; } @@ -1028,10 +1028,10 @@ gnutls_prf_raw (gnutls_session_t session, **/ int gnutls_prf (gnutls_session_t session, - size_t label_size, - const char *label, - int server_random_first, - size_t extra_size, const char *extra, size_t outsize, char *out) + size_t label_size, + const char *label, + int server_random_first, + size_t extra_size, const char *extra, size_t outsize, char *out) { int ret; opaque *seed; @@ -1045,17 +1045,17 @@ gnutls_prf (gnutls_session_t session, } memcpy (seed, server_random_first ? - session->security_parameters.server_random : - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random : + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); memcpy (seed + GNUTLS_RANDOM_SIZE, server_random_first ? - session->security_parameters.client_random : - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random : + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size); ret = _gnutls_PRF (session, session->security_parameters.master_secret, - GNUTLS_MASTER_SIZE, - label, label_size, seed, seedsize, outsize, out); + GNUTLS_MASTER_SIZE, + label, label_size, seed, seedsize, outsize, out); gnutls_free (seed); @@ -1149,7 +1149,7 @@ gnutls_session_get_master_secret (gnutls_session_t session) **/ void gnutls_session_set_finished_function (gnutls_session_t session, - gnutls_finished_callback_func func) + gnutls_finished_callback_func func) { session->internals.finished_func = func; } @@ -1169,18 +1169,18 @@ gnutls_session_is_resumed (gnutls_session_t session) if (session->security_parameters.entity == GNUTLS_CLIENT) { if (session->security_parameters.session_id_size > 0 && - session->security_parameters.session_id_size == - session->internals.resumed_security_parameters.session_id_size - && memcmp (session->security_parameters.session_id, - session->internals. - resumed_security_parameters.session_id, - session->security_parameters.session_id_size) == 0) - return 1; + session->security_parameters.session_id_size == + session->internals.resumed_security_parameters.session_id_size + && memcmp (session->security_parameters.session_id, + session->internals. + resumed_security_parameters.session_id, + session->security_parameters.session_id_size) == 0) + return 1; } else { if (session->internals.resumed == RESUME_TRUE) - return 1; + return 1; } return 0; @@ -1199,7 +1199,7 @@ _gnutls_session_is_export (gnutls_session_t session) cipher = _gnutls_cipher_suite_get_cipher_algo (&session-> - security_parameters.current_cipher_suite); + security_parameters.current_cipher_suite); if (_gnutls_cipher_get_export_flag (cipher) != 0) return 1; @@ -1221,7 +1221,7 @@ _gnutls_session_is_psk (gnutls_session_t session) kx = _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite); + security_parameters.current_cipher_suite); if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK) return 1; @@ -1295,7 +1295,7 @@ gnutls_record_get_direction (gnutls_session_t session) -*/ void _gnutls_rsa_pms_set_version (gnutls_session_t session, - unsigned char major, unsigned char minor) + unsigned char major, unsigned char minor) { session->internals.rsa_pms_version[0] = major; session->internals.rsa_pms_version[1] = minor; @@ -1324,8 +1324,8 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session, **/ void gnutls_handshake_set_post_client_hello_function (gnutls_session_t session, - gnutls_handshake_post_client_hello_func - func) + gnutls_handshake_post_client_hello_func + func) { session->internals.user_hello_func = func; } @@ -1366,8 +1366,8 @@ gnutls_session_enable_compatibility_mode (gnutls_session_t session) **/ int gnutls_session_channel_binding (gnutls_session_t session, - gnutls_channel_binding_t cbtype, - gnutls_datum_t * cb) + gnutls_channel_binding_t cbtype, + gnutls_datum_t * cb) { if (cbtype != GNUTLS_CB_TLS_UNIQUE) return GNUTLS_E_UNIMPLEMENTED_FEATURE; diff --git a/lib/gnutls_state.h b/lib/gnutls_state.h index b62300d451..2112cd596f 100644 --- a/lib/gnutls_state.h +++ b/lib/gnutls_state.h @@ -29,10 +29,10 @@ #include <gnutls_int.h> void _gnutls_session_cert_type_set (gnutls_session_t session, - gnutls_certificate_type_t); + gnutls_certificate_type_t); void _gnutls_record_set_default_version (gnutls_session_t session, - unsigned char major, unsigned char minor); + unsigned char major, unsigned char minor); #include <gnutls_auth.h> @@ -44,18 +44,18 @@ _gnutls_record_set_default_version (gnutls_session_t session, #endif int _gnutls_session_cert_type_supported (gnutls_session_t, - gnutls_certificate_type_t); + gnutls_certificate_type_t); int _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits); int _gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public); int _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, - bigint_t prime); + bigint_t prime); int _gnutls_dh_get_allowed_prime_bits (gnutls_session_t session); void _gnutls_handshake_internal_state_clear (gnutls_session_t); int _gnutls_rsa_export_set_pubkey (gnutls_session_t session, - bigint_t exponent, bigint_t modulus); + bigint_t exponent, bigint_t modulus); int _gnutls_session_is_resumable (gnutls_session_t session); int _gnutls_session_is_export (gnutls_session_t session); @@ -65,9 +65,9 @@ int _gnutls_session_is_psk (gnutls_session_t session); int _gnutls_openpgp_send_fingerprint (gnutls_session_t session); int _gnutls_PRF (gnutls_session_t session, - const opaque * secret, int secret_size, - const char *label, int label_size, - const opaque * seed, int seed_size, - int total_bytes, void *ret); + const opaque * secret, int secret_size, + const char *label, int label_size, + const opaque * seed, int seed_size, + int total_bytes, void *ret); #define DEFAULT_CERT_TYPE GNUTLS_CRT_X509 diff --git a/lib/gnutls_str.c b/lib/gnutls_str.c index 740b4065e2..a28b2b32ee 100644 --- a/lib/gnutls_str.c +++ b/lib/gnutls_str.c @@ -48,10 +48,10 @@ _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src) else { if (dest_tot_size - dest_size > 0) - { - strncat (dest, src, (dest_tot_size - dest_size) - 1); - dest[dest_tot_size - 1] = 0; - } + { + strncat (dest, src, (dest_tot_size - dest_size) - 1); + dest[dest_tot_size - 1] = 0; + } } } @@ -67,16 +67,16 @@ _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src) else { if (dest_tot_size > 0) - { - strncpy (dest, src, (dest_tot_size) - 1); - dest[dest_tot_size - 1] = 0; - } + { + strncpy (dest, src, (dest_tot_size) - 1); + dest[dest_tot_size - 1] = 0; + } } } void _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, - size_t src_size) + size_t src_size) { if (dest_tot_size >= src_size) @@ -86,9 +86,9 @@ _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, else { if (dest_tot_size > 0) - { - memcpy (dest, src, dest_tot_size); - } + { + memcpy (dest, src, dest_tot_size); + } } } @@ -116,7 +116,7 @@ _gnutls_buffer_clear (gnutls_buffer_st * str) int _gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data, - size_t data_size) + size_t data_size) { size_t tot_len = data_size + dest->length; @@ -125,12 +125,12 @@ _gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data, size_t unused = MEMSUB (dest->data, dest->allocd); if (dest->max_length - unused <= tot_len) - { - if (dest->length && dest->data) - memmove (dest->allocd, dest->data, dest->length); + { + if (dest->length && dest->data) + memmove (dest->allocd, dest->data, dest->length); - dest->data = dest->allocd; - } + dest->data = dest->allocd; + } memmove (&dest->data[dest->length], data, data_size); dest->length = tot_len; @@ -140,19 +140,19 @@ _gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data, { size_t unused = MEMSUB (dest->data, dest->allocd); size_t new_len = - MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); + MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); dest->allocd = gnutls_realloc (dest->allocd, new_len); if (dest->allocd == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } dest->max_length = new_len; dest->data = dest->allocd + unused; if (dest->length && dest->data) - memmove (dest->allocd, dest->data, dest->length); + memmove (dest->allocd, dest->data, dest->length); dest->data = dest->allocd; memcpy (&dest->data[dest->length], data, data_size); @@ -169,11 +169,11 @@ _gnutls_buffer_resize (gnutls_buffer_st * dest, size_t new_size) { size_t unused = MEMSUB (dest->data, dest->allocd); if (dest->max_length - unused <= new_size) - { - if (dest->length && dest->data) - memmove (dest->allocd, dest->data, dest->length); - dest->data = dest->allocd; - } + { + if (dest->length && dest->data) + memmove (dest->allocd, dest->data, dest->length); + dest->data = dest->allocd; + } return 0; } @@ -181,19 +181,19 @@ _gnutls_buffer_resize (gnutls_buffer_st * dest, size_t new_size) { size_t unused = MEMSUB (dest->data, dest->allocd); size_t alloc_len = - MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); + MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK); dest->allocd = gnutls_realloc (dest->allocd, alloc_len); if (dest->allocd == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } dest->max_length = alloc_len; dest->data = dest->allocd + unused; if (dest->length && dest->data) - memmove (dest->allocd, dest->data, dest->length); + memmove (dest->allocd, dest->data, dest->length); dest->data = dest->allocd; return 0; @@ -212,7 +212,7 @@ _gnutls_buffer_append_str (gnutls_buffer_st * dest, const char *src) */ void _gnutls_buffer_pop_datum (gnutls_buffer_st * str, gnutls_datum_t * data, - size_t req_size) + size_t req_size) { if (str->length == 0) @@ -257,10 +257,10 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) { data->data = gnutls_malloc (str->length); if (data->data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } memcpy (data->data, str->data, str->length); data->size = str->length; _gnutls_buffer_clear (str); @@ -278,7 +278,7 @@ _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data) */ void _gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data, - size_t * req_size) + size_t * req_size) { gnutls_datum_t tdata; @@ -313,12 +313,12 @@ _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...) static int _gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str, - size_t str_size) + size_t str_size) { size_t orig_length = dest->length; int ret; - ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */ + ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */ if (ret < 0) return ret; @@ -334,7 +334,7 @@ static void _gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size) { memmove (&dest->data[pos], &dest->data[pos + str_size], - dest->length - pos - str_size); + dest->length - pos - str_size); dest->length -= str_size; @@ -344,7 +344,7 @@ _gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size) int _gnutls_buffer_escape (gnutls_buffer_st * dest, - const char *const invalid_chars) + const char *const invalid_chars) { int rv = -1; char t[5]; @@ -354,20 +354,20 @@ _gnutls_buffer_escape (gnutls_buffer_st * dest, { if (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos]) - || !isgraph (dest->data[pos])) - { + || !isgraph (dest->data[pos])) + { - snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]); + snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]); - _gnutls_buffer_delete_data (dest, pos, 1); + _gnutls_buffer_delete_data (dest, pos, 1); - if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0) - { - rv = -1; - goto cleanup; - } + if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0) + { + rv = -1; + goto cleanup; + } - } + } pos++; } @@ -387,22 +387,22 @@ _gnutls_buffer_unescape (gnutls_buffer_st * dest) while (pos < dest->length) { if (dest->data[pos] == '%') - { - char b[3]; - unsigned int u; - unsigned char x; + { + char b[3]; + unsigned int u; + unsigned char x; - b[0] = dest->data[pos + 1]; - b[1] = dest->data[pos + 2]; - b[2] = 0; + b[0] = dest->data[pos + 1]; + b[1] = dest->data[pos + 2]; + b[2] = 0; - sscanf (b, "%02x", &u); + sscanf (b, "%02x", &u); - x = u; + x = u; - _gnutls_buffer_delete_data (dest, pos, 3); - _gnutls_buffer_insert_data (dest, pos, &x, 1); - } + _gnutls_buffer_delete_data (dest, pos, 3); + _gnutls_buffer_insert_data (dest, pos, &x, 1); + } pos++; } @@ -419,7 +419,7 @@ _gnutls_buffer_unescape (gnutls_buffer_st * dest) */ char * _gnutls_bin2hex (const void *_old, size_t oldlen, - char *buffer, size_t buffer_size, const char *separator) + char *buffer, size_t buffer_size, const char *separator) { unsigned int i, j; const opaque *old = _old; @@ -462,14 +462,14 @@ _gnutls_bin2hex (const void *_old, size_t oldlen, **/ int gnutls_hex2bin (const char *hex_data, - size_t hex_size, char *bin_data, size_t * bin_size) + size_t hex_size, char *bin_data, size_t * bin_size) { return _gnutls_hex2bin (hex_data, (int) hex_size, bin_data, bin_size); } int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, - size_t * bin_size) + size_t * bin_size) { int i, j; opaque hex2_data[3]; @@ -479,17 +479,17 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, for (i = j = 0; i < hex_size;) { - if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */ - { - i++; - continue; - } + if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */ + { + i++; + continue; + } if (j > *bin_size) - { - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } hex2_data[0] = hex_data[i]; hex2_data[1] = hex_data[i + 1]; @@ -497,10 +497,10 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, val = strtoul ((char *) hex2_data, NULL, 16); if (val == ULONG_MAX) - { - gnutls_assert (); - return GNUTLS_E_PARSING_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; + } bin_data[j] = val; j++; } @@ -518,7 +518,7 @@ _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, */ int _gnutls_hostname_compare (const char *certname, - size_t certnamesize, const char *hostname) + size_t certnamesize, const char *hostname) { /* find the first different character */ for (; *certname && *hostname && toupper (*certname) == toupper (*hostname); @@ -537,17 +537,17 @@ _gnutls_hostname_compare (const char *certname, certnamesize--; while (1) - { - /* Use a recursive call to allow multiple wildcards */ - if (_gnutls_hostname_compare (certname, certnamesize, hostname)) - return 1; - - /* wildcards are only allowed to match a single domain - component or component fragment */ - if (*hostname == '\0' || *hostname == '.') - break; - hostname++; - } + { + /* Use a recursive call to allow multiple wildcards */ + if (_gnutls_hostname_compare (certname, certnamesize, hostname)) + return 1; + + /* wildcards are only allowed to match a single domain + component or component fragment */ + if (*hostname == '\0' || *hostname == '.') + break; + hostname++; + } return 0; } @@ -568,7 +568,7 @@ _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size) */ int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size, - int check) + int check) { size_t size; @@ -595,7 +595,7 @@ _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size, int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, - gnutls_datum_t * data) + gnutls_datum_t * data) { size_t size; int ret; @@ -612,10 +612,10 @@ _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, size_t osize = size; _gnutls_buffer_pop_datum (buf, data, size); if (osize != data->size) - { - gnutls_assert (); - return GNUTLS_E_PARSING_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_PARSING_ERROR; + } } else { @@ -628,7 +628,7 @@ _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data, - size_t data_size) + size_t data_size) { _gnutls_buffer_append_prefix (buf, data_size); if (data_size > 0) @@ -639,7 +639,7 @@ _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data, int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data, - size_t * data_size) + size_t * data_size) { size_t size; int ret; diff --git a/lib/gnutls_str.h b/lib/gnutls_str.h index 133a7dc667..1b92815706 100644 --- a/lib/gnutls_str.h +++ b/lib/gnutls_str.h @@ -31,15 +31,15 @@ void _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src); void _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src, - size_t src_size); + size_t src_size); void _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src); typedef struct { - opaque *allocd; /* pointer to allocated data */ - opaque *data; /* API: pointer to data to copy from */ + opaque *allocd; /* pointer to allocated data */ + opaque *data; /* API: pointer to data to copy from */ size_t max_length; - size_t length; /* API: current length */ + size_t length; /* API: current length */ } gnutls_buffer_st; void _gnutls_buffer_init (gnutls_buffer_st *); @@ -48,50 +48,50 @@ int _gnutls_buffer_resize (gnutls_buffer_st *, size_t new_size); int _gnutls_buffer_append_str (gnutls_buffer_st *, const char *str); int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data, - size_t data_size); + size_t data_size); #include <gnutls_num.h> int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size); int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, - const void *data, size_t data_size); + const void *data, size_t data_size); void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size); void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *, - size_t max_size); + size_t max_size); int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size, - int check); + int check); int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data, - size_t * data_size); + size_t * data_size); int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf, - gnutls_datum_t * data); + gnutls_datum_t * data); int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data); int _gnutls_buffer_escape (gnutls_buffer_st * dest, - const char *const invalid_chars); + const char *const invalid_chars); int _gnutls_buffer_unescape (gnutls_buffer_st * dest); #ifndef __attribute__ /* This feature is available in gcc versions 2.5 and later. */ #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -#define __attribute__(Spec) /* empty */ +#define __attribute__(Spec) /* empty */ #endif #endif int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, - ...) + ...) __attribute__ ((format (printf, 2, 3))); char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer, - size_t buffer_size, const char *separator); + size_t buffer_size, const char *separator); int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data, - size_t * bin_size); + size_t * bin_size); int _gnutls_hostname_compare (const char *certname, size_t certnamesize, - const char *hostname); + const char *hostname); #define MAX_CN 256 #define BUFFER_APPEND(b, x, s) { \ diff --git a/lib/gnutls_supplemental.c b/lib/gnutls_supplemental.c index b468b63824..38fda58203 100644 --- a/lib/gnutls_supplemental.c +++ b/lib/gnutls_supplemental.c @@ -51,9 +51,9 @@ #include "gnutls_num.h" typedef int (*supp_recv_func) (gnutls_session_t session, - const opaque * data, size_t data_size); + const opaque * data, size_t data_size); typedef int (*supp_send_func) (gnutls_session_t session, - gnutls_buffer_st * buf); + gnutls_buffer_st * buf); typedef struct { @@ -123,28 +123,28 @@ _gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf) /* Make room for supplement type and length byte length field. */ ret = _gnutls_buffer_append_data (buf, "\0\0\0\0", 4); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = supp_send (session, buf); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* If data were added, store type+length, otherwise reset. */ if (buf->length > sizepos + 4) - { - buf->data[sizepos] = 0; - buf->data[sizepos + 1] = p->type; - buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF; - buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF; - } + { + buf->data[sizepos] = 0; + buf->data[sizepos + 1] = p->type; + buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF; + buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF; + } else - buf->length -= 4; + buf->length -= 4; } buf->data[0] = ((buf->length - 3) >> 16) & 0xFF; @@ -152,14 +152,14 @@ _gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf) buf->data[2] = (buf->length - 3) & 0xFF; _gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n", - session, (int) buf->length); + session, (int) buf->length); return buf->length; } int _gnutls_parse_supplemental (gnutls_session_t session, - const uint8_t * data, int datalen) + const uint8_t * data, int datalen) { const opaque *p = data; ssize_t dsize = datalen; @@ -190,23 +190,23 @@ _gnutls_parse_supplemental (gnutls_session_t session, p += 2; _gnutls_debug_log ("EXT[%p]: Got supplemental type=%02x length=%d\n", - session, supp_data_type, supp_data_length); + session, supp_data_type, supp_data_length); recv_func = get_supp_func_recv (supp_data_type); if (recv_func) - { - int ret = recv_func (session, p, supp_data_length); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + int ret = recv_func (session, p, supp_data_length); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } else - { - gnutls_assert (); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - } + { + gnutls_assert (); + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + } DECR_LEN (dsize, supp_data_length); p += supp_data_length; diff --git a/lib/gnutls_supplemental.h b/lib/gnutls_supplemental.h index e0e2fb4af8..153b79bdb0 100644 --- a/lib/gnutls_supplemental.h +++ b/lib/gnutls_supplemental.h @@ -25,6 +25,6 @@ #include <gnutls_int.h> int _gnutls_parse_supplemental (gnutls_session_t session, - const uint8_t * data, int data_size); + const uint8_t * data, int data_size); int _gnutls_gen_supplemental (gnutls_session_t session, - gnutls_buffer_st * buf); + gnutls_buffer_st * buf); diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 42027987dd..c2d5b8850b 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -80,7 +80,7 @@ gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits) **/ int gnutls_dh_get_group (gnutls_session_t session, - gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) + gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime) { dh_info_st *dh; int ret; @@ -93,19 +93,19 @@ gnutls_dh_get_group (gnutls_session_t session, case GNUTLS_CRD_ANON: anon_info = _gnutls_get_auth_info (session); if (anon_info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_INTERNAL_ERROR; dh = &anon_info->dh; break; case GNUTLS_CRD_PSK: psk_info = _gnutls_get_auth_info (session); if (psk_info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_INTERNAL_ERROR; dh = &psk_info->dh; break; case GNUTLS_CRD_CERTIFICATE: cert_info = _gnutls_get_auth_info (session); if (cert_info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_INTERNAL_ERROR; dh = &cert_info->dh; break; default: @@ -156,28 +156,28 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key) { case GNUTLS_CRD_ANON: { - anon_info = _gnutls_get_auth_info (session); - if (anon_info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - dh = &anon_info->dh; - break; + anon_info = _gnutls_get_auth_info (session); + if (anon_info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + dh = &anon_info->dh; + break; } case GNUTLS_CRD_PSK: { - psk_info = _gnutls_get_auth_info (session); - if (psk_info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - dh = &psk_info->dh; - break; + psk_info = _gnutls_get_auth_info (session); + if (psk_info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + dh = &psk_info->dh; + break; } case GNUTLS_CRD_CERTIFICATE: { - cert_info = _gnutls_get_auth_info (session); - if (cert_info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - dh = &cert_info->dh; - break; + cert_info = _gnutls_get_auth_info (session); + if (cert_info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + dh = &cert_info->dh; + break; } default: gnutls_assert (); @@ -185,7 +185,7 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key) } return _gnutls_set_datum (raw_key, dh->public_key.data, - dh->public_key.size); + dh->public_key.size); } /** @@ -203,8 +203,8 @@ gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key) **/ int gnutls_rsa_export_get_pubkey (gnutls_session_t session, - gnutls_datum_t * exponent, - gnutls_datum_t * modulus) + gnutls_datum_t * exponent, + gnutls_datum_t * modulus) { cert_auth_info_t info; int ret; @@ -213,24 +213,24 @@ gnutls_rsa_export_get_pubkey (gnutls_session_t session, { info = _gnutls_get_auth_info (session); if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_INTERNAL_ERROR; ret = _gnutls_set_datum (modulus, info->rsa_export.modulus.data, - info->rsa_export.modulus.size); + info->rsa_export.modulus.size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = _gnutls_set_datum (exponent, info->rsa_export.exponent.data, - info->rsa_export.exponent.size); + info->rsa_export.exponent.size); if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (modulus); - return ret; - } + { + gnutls_assert (); + _gnutls_free_datum (modulus); + return ret; + } return 0; } @@ -257,31 +257,31 @@ gnutls_dh_get_secret_bits (gnutls_session_t session) { case GNUTLS_CRD_ANON: { - anon_auth_info_t info; + anon_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - return info->dh.secret_bits; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + return info->dh.secret_bits; } case GNUTLS_CRD_PSK: { - psk_auth_info_t info; + psk_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - return info->dh.secret_bits; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + return info->dh.secret_bits; } case GNUTLS_CRD_CERTIFICATE: { - cert_auth_info_t info; + cert_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - return info->dh.secret_bits; + return info->dh.secret_bits; } default: gnutls_assert (); @@ -331,34 +331,34 @@ gnutls_dh_get_prime_bits (gnutls_session_t session) { case GNUTLS_CRD_ANON: { - anon_auth_info_t info; + anon_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + dh = &info->dh; + break; } case GNUTLS_CRD_PSK: { - psk_auth_info_t info; + psk_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; + dh = &info->dh; + break; } case GNUTLS_CRD_CERTIFICATE: { - cert_auth_info_t info; + cert_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } default: gnutls_assert (); @@ -408,36 +408,36 @@ gnutls_dh_get_peers_public_bits (gnutls_session_t session) { case GNUTLS_CRD_ANON: { - anon_auth_info_t info; + anon_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } case GNUTLS_CRD_PSK: { - psk_auth_info_t info; + psk_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } case GNUTLS_CRD_CERTIFICATE: { - cert_auth_info_t info; + cert_auth_info_t info; - info = _gnutls_get_auth_info (session); - if (info == NULL) - return GNUTLS_E_INTERNAL_ERROR; + info = _gnutls_get_auth_info (session); + if (info == NULL) + return GNUTLS_E_INTERNAL_ERROR; - dh = &info->dh; - break; + dh = &info->dh; + break; } default: gnutls_assert (); @@ -502,7 +502,7 @@ gnutls_certificate_get_ours (gnutls_session_t session) **/ const gnutls_datum_t * gnutls_certificate_get_peers (gnutls_session_t - session, unsigned int *list_size) + session, unsigned int *list_size) { cert_auth_info_t info; @@ -555,8 +555,8 @@ gnutls_certificate_client_get_request_status (gnutls_session_t session) **/ int gnutls_fingerprint (gnutls_digest_algorithm_t algo, - const gnutls_datum_t * data, void *result, - size_t * result_size) + const gnutls_datum_t * data, void *result, + size_t * result_size) { digest_hd_st td; int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo)); @@ -572,10 +572,10 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo, { int ret = _gnutls_hash_init (&td, HASH2MAC (algo)); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } _gnutls_hash (&td, data->data, data->size); @@ -601,7 +601,7 @@ gnutls_fingerprint (gnutls_digest_algorithm_t algo, **/ void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res, - gnutls_dh_params_t dh_params) + gnutls_dh_params_t dh_params) { res->dh_params = dh_params; } @@ -617,7 +617,7 @@ gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res, **/ void gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res, - gnutls_params_function * func) + gnutls_params_function * func) { res->params_func = func; } @@ -635,7 +635,7 @@ gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res, **/ void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t - res, unsigned int flags) + res, unsigned int flags) { res->verify_flags = flags; } @@ -653,8 +653,8 @@ gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t **/ void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res, - unsigned int max_bits, - unsigned int max_depth) + unsigned int max_bits, + unsigned int max_depth) { res->verify_depth = max_depth; res->verify_bits = max_bits; @@ -671,7 +671,7 @@ gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res, **/ void gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t - res, gnutls_rsa_params_t rsa_params) + res, gnutls_rsa_params_t rsa_params) { res->rsa_params = rsa_params; } @@ -687,7 +687,7 @@ gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t **/ void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res, - gnutls_params_function * func) + gnutls_params_function * func) { res->params_func = func; } @@ -703,7 +703,7 @@ gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res, **/ void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res, - gnutls_params_function * func) + gnutls_params_function * func) { res->params_func = func; } diff --git a/lib/gnutls_v2_compat.c b/lib/gnutls_v2_compat.c index 101e320c0f..020ced2456 100644 --- a/lib/gnutls_v2_compat.c +++ b/lib/gnutls_v2_compat.c @@ -46,14 +46,14 @@ /* This selects the best supported ciphersuite from the ones provided */ static int _gnutls_handshake_select_v2_suite (gnutls_session_t session, - opaque * data, int datalen) + opaque * data, int datalen) { int i, j, ret; opaque *_data; int _datalen; _gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n", - session); + session); _data = gnutls_malloc (datalen); if (_data == NULL) @@ -72,11 +72,11 @@ _gnutls_handshake_select_v2_suite (gnutls_session_t session, for (j = 0; j < datalen; j += 3) { if (data[j] == 0) - { - memcpy (&_data[i], &data[j + 1], 2); - i += 2; - _datalen += 2; - } + { + memcpy (&_data[i], &data[j + 1], 2); + i += 2; + _datalen += 2; + } } ret = _gnutls_server_select_suite (session, _data, _datalen); @@ -92,7 +92,7 @@ _gnutls_handshake_select_v2_suite (gnutls_session_t session, */ int _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, - int datalen) + int datalen) { uint16_t session_id_len = 0; int pos = 0; @@ -180,7 +180,7 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, if (_gnutls_get_kx_cred (session, _gnutls_cipher_suite_get_kx_algo (&session-> - security_parameters.current_cipher_suite), + security_parameters.current_cipher_suite), &err) == NULL && err != 0) { gnutls_assert (); @@ -193,14 +193,14 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, */ session->internals.auth_struct = _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo - (&session-> - security_parameters.current_cipher_suite)); + (&session-> + security_parameters.current_cipher_suite)); if (session->internals.auth_struct == NULL) { _gnutls_handshake_log - ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n", - session); + ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n", + session); gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -209,7 +209,7 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, /* read random new values -skip session id for now */ - DECR_LEN (len, session_id_len); /* skip session id for now */ + DECR_LEN (len, session_id_len); /* skip session id for now */ memcpy (session_id, &data[pos], session_id_len); pos += session_id_len; @@ -234,12 +234,12 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, ret = _gnutls_server_restore_session (session, session_id, session_id_len); if (ret == 0) - { /* resumed! */ + { /* resumed! */ /* get the new random values */ memcpy (session->internals.resumed_security_parameters.server_random, - session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.server_random, GNUTLS_RANDOM_SIZE); memcpy (session->internals.resumed_security_parameters.client_random, - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); session->internals.resumed = RESUME_TRUE; return 0; @@ -247,8 +247,8 @@ _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, else { _gnutls_generate_session_id (session->security_parameters.session_id, - &session-> - security_parameters.session_id_size); + &session-> + security_parameters.session_id_size); session->internals.resumed = RESUME_FALSE; } diff --git a/lib/gnutls_v2_compat.h b/lib/gnutls_v2_compat.h index bbc12feb0f..28885ec2ba 100644 --- a/lib/gnutls_v2_compat.h +++ b/lib/gnutls_v2_compat.h @@ -24,4 +24,4 @@ */ int _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data, - int datalen); + int datalen); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 1ea19e3b43..0d705b821b 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -94,7 +94,7 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits) -*/ int _gnutls_x509_cert_verify_peers (gnutls_session_t session, - unsigned int *status) + unsigned int *status) { cert_auth_info_t info; gnutls_certificate_credentials_t cred; @@ -143,30 +143,30 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, { ret = gnutls_x509_crt_init (&peer_certificate_list[i]); if (ret < 0) - { - gnutls_assert (); - CLEAR_CERTS; - return ret; - } + { + gnutls_assert (); + CLEAR_CERTS; + return ret; + } ret = - gnutls_x509_crt_import (peer_certificate_list[i], - &info->raw_certificate_list[i], - GNUTLS_X509_FMT_DER); + gnutls_x509_crt_import (peer_certificate_list[i], + &info->raw_certificate_list[i], + GNUTLS_X509_FMT_DER); if (ret < 0) - { - gnutls_assert (); - CLEAR_CERTS; - return ret; - } + { + gnutls_assert (); + CLEAR_CERTS; + return ret; + } ret = check_bits (peer_certificate_list[i], cred->verify_bits); if (ret < 0) - { - gnutls_assert (); - CLEAR_CERTS; - return ret; - } + { + gnutls_assert (); + CLEAR_CERTS; + return ret; + } } @@ -174,12 +174,12 @@ _gnutls_x509_cert_verify_peers (gnutls_session_t session, */ ret = gnutls_x509_crt_list_verify (peer_certificate_list, - peer_certificate_list_size, - cred->x509_ca_list, cred->x509_ncas, - cred->x509_crl_list, cred->x509_ncrls, - cred->verify_flags | session->internals. - priorities.additional_verify_flags, - status); + peer_certificate_list_size, + cred->x509_ca_list, cred->x509_ncas, + cred->x509_crl_list, cred->x509_ncrls, + cred->verify_flags | session->internals. + priorities.additional_verify_flags, + status); CLEAR_CERTS; @@ -219,7 +219,7 @@ _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res) */ static int parse_der_cert_mem (gnutls_certificate_credentials_t res, - const void *input_cert, int input_cert_size) + const void *input_cert, int input_cert_size) { gnutls_datum_t tmp; gnutls_x509_crt_t crt; @@ -279,7 +279,7 @@ parse_der_cert_mem (gnutls_certificate_credentials_t res, */ static int parse_pem_cert_mem (gnutls_certificate_credentials_t res, - const char *input_cert, int input_cert_size) + const char *input_cert, int input_cert_size) { int size, siz2; const char *ptr; @@ -291,10 +291,10 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, /* move to the certificate */ ptr = memmem (input_cert, input_cert_size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); if (ptr == NULL) ptr = memmem (input_cert, input_cert_size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); if (ptr == NULL) { @@ -311,31 +311,31 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, siz2 = _gnutls_fbase64_decode (NULL, ptr, size, &ptr2); if (siz2 < 0) - { - gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_BASE64_DECODING_ERROR; + } certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert)); if (certs == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } tmp.data = ptr2; tmp.size = siz2; ret = _gnutls_x509_raw_cert_to_gcert (&certs[count], &tmp, 0); if (ret < 0) - { - gnutls_assert (); - gnutls_free (certs); - return ret; - } + { + gnutls_assert (); + gnutls_free (certs); + return ret; + } - _gnutls_free_datum (&tmp); /* free ptr2 */ + _gnutls_free_datum (&tmp); /* free ptr2 */ /* now we move ptr after the pem header */ @@ -345,18 +345,18 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, size = input_cert_size - (ptr - input_cert); if (size > 0) - { - char *ptr3; + { + char *ptr3; - ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr3 == NULL) - ptr3 = memmem (ptr, size, PEM_CERT_SEP2, - sizeof (PEM_CERT_SEP2) - 1); + ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + if (ptr3 == NULL) + ptr3 = memmem (ptr, size, PEM_CERT_SEP2, + sizeof (PEM_CERT_SEP2) - 1); - ptr = ptr3; - } + ptr = ptr3; + } else - ptr = NULL; + ptr = NULL; count++; @@ -380,7 +380,7 @@ parse_pem_cert_mem (gnutls_certificate_credentials_t res, */ static int read_cert_mem (gnutls_certificate_credentials_t res, const void *cert, - int cert_size, gnutls_x509_crt_fmt_t type) + int cert_size, gnutls_x509_crt_fmt_t type) { int ret; @@ -400,8 +400,8 @@ read_cert_mem (gnutls_certificate_credentials_t res, const void *cert, static int _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey, - const gnutls_datum_t * raw_key, - gnutls_x509_crt_fmt_t type) + const gnutls_datum_t * raw_key, + gnutls_x509_crt_fmt_t type) { gnutls_x509_privkey_t tmpkey; int ret; @@ -431,7 +431,7 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey, ret = gnutls_privkey_import_x509 (*privkey, tmpkey, - GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_assert (); @@ -449,7 +449,7 @@ _gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey, */ static int read_key_mem (gnutls_certificate_credentials_t res, - const void *key, int key_size, gnutls_x509_crt_fmt_t type) + const void *key, int key_size, gnutls_x509_crt_fmt_t type) { int ret; gnutls_datum_t tmp; @@ -462,18 +462,18 @@ read_key_mem (gnutls_certificate_credentials_t res, ret = _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = certificate_credentials_append_pkey (res, privkey); if (ret < 0) - { - gnutls_assert (); - gnutls_privkey_deinit (privkey); - return ret; - } + { + gnutls_assert (); + gnutls_privkey_deinit (privkey); + return ret; + } } else @@ -521,7 +521,7 @@ read_key_url (gnutls_certificate_credentials_t res, const char *url) ret = gnutls_privkey_import_pkcs11 (pkey, key1, - GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_assert (); @@ -560,7 +560,7 @@ read_cas_url (gnutls_certificate_credentials_t res, const char *url) /* FIXME: should we use login? */ ret = gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url, - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_assert (); @@ -582,7 +582,7 @@ read_cas_url (gnutls_certificate_credentials_t res, const char *url) ret = gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url, - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0); if (ret < 0) { gnutls_assert (); @@ -599,7 +599,7 @@ read_cas_url (gnutls_certificate_credentials_t res, const char *url) ret = gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list, - 0); + 0); if (xcrt_list == NULL) { gnutls_assert (); @@ -651,7 +651,7 @@ read_cert_url (gnutls_certificate_credentials_t res, const char *url) if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) ret = gnutls_x509_crt_import_pkcs11_url (crt, url, - GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); if (ret < 0) { @@ -687,7 +687,7 @@ read_cert_url (gnutls_certificate_credentials_t res, const char *url) */ static int read_cert_file (gnutls_certificate_credentials_t res, - const char *certfile, gnutls_x509_crt_fmt_t type) + const char *certfile, gnutls_x509_crt_fmt_t type) { int ret; size_t size; @@ -720,7 +720,7 @@ read_cert_file (gnutls_certificate_credentials_t res, */ static int read_key_file (gnutls_certificate_credentials_t res, - const char *keyfile, gnutls_x509_crt_fmt_t type) + const char *keyfile, gnutls_x509_crt_fmt_t type) { int ret; size_t size; @@ -777,16 +777,16 @@ read_key_file (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_x509_crt_fmt_t type) + const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_x509_crt_fmt_t type) { int ret; /* this should be first */ if ((ret = read_key_mem (res, key ? key->data : NULL, - key ? key->size : 0, type)) < 0) + key ? key->size : 0, type)) < 0) return ret; if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0) @@ -805,12 +805,12 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, int certificate_credential_append_crt_list (gnutls_certificate_credentials_t res, - gnutls_cert * crt, int nr) + gnutls_cert * crt, int nr) { res->cert_list = gnutls_realloc_fast (res->cert_list, - (1 + - res->ncerts) * - sizeof (gnutls_cert *)); + (1 + + res->ncerts) * + sizeof (gnutls_cert *)); if (res->cert_list == NULL) { gnutls_assert (); @@ -818,8 +818,8 @@ certificate_credential_append_crt_list (gnutls_certificate_credentials_t res, } res->cert_list_length = gnutls_realloc_fast (res->cert_list_length, - (1 + - res->ncerts) * sizeof (int)); + (1 + + res->ncerts) * sizeof (int)); if (res->cert_list_length == NULL) { gnutls_assert (); @@ -835,11 +835,11 @@ certificate_credential_append_crt_list (gnutls_certificate_credentials_t res, int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res, - gnutls_privkey_t pkey) + gnutls_privkey_t pkey) { res->pkey = gnutls_realloc_fast (res->pkey, - (1 + res->ncerts) * - sizeof (gnutls_privkey_t)); + (1 + res->ncerts) * + sizeof (gnutls_privkey_t)); if (res->pkey == NULL) { gnutls_assert (); @@ -873,9 +873,9 @@ certificate_credentials_append_pkey (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, - gnutls_x509_crt_t * cert_list, - int cert_list_size, - gnutls_x509_privkey_t key) + gnutls_x509_crt_t * cert_list, + int cert_list_size, + gnutls_x509_privkey_t key) { int ret, i; gnutls_privkey_t pkey; @@ -916,10 +916,10 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, { ret = _gnutls_x509_crt_to_gcert (&pcerts[i], cert_list[i], 0); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } ret = certificate_credential_append_crt_list (res, pcerts, cert_list_size); @@ -965,9 +965,9 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res, - const char *certfile, - const char *keyfile, - gnutls_x509_crt_fmt_t type) + const char *certfile, + const char *keyfile, + gnutls_x509_crt_fmt_t type) { int ret; @@ -1015,26 +1015,26 @@ add_new_crt_to_rdn_seq (gnutls_certificate_credentials_t res, int new) for (i = res->x509_ncas - new; i < res->x509_ncas; i++) { if ((ret = gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } newsize = res->x509_rdn_sequence.size + 2 + tmp.size; if (newsize < res->x509_rdn_sequence.size) - { - gnutls_assert (); - _gnutls_free_datum (&tmp); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + gnutls_assert (); + _gnutls_free_datum (&tmp); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } newdata = gnutls_realloc (res->x509_rdn_sequence.data, newsize); if (newdata == NULL) - { - gnutls_assert (); - _gnutls_free_datum (&tmp); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + _gnutls_free_datum (&tmp); + return GNUTLS_E_MEMORY_ERROR; + } _gnutls_write_datum16 (newdata + res->x509_rdn_sequence.size, tmp); _gnutls_free_datum (&tmp); @@ -1070,34 +1070,34 @@ _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) encipher_type = _gnutls_kx_encipher_type (alg); if (key_usage != 0 && encipher_type != CIPHER_IGN) - { - /* If key_usage has been set in the certificate - */ - - if (encipher_type == CIPHER_ENCRYPT) - { - /* If the key exchange method requires an encipher - * type algorithm, and key's usage does not permit - * encipherment, then fail. - */ - if (!(key_usage & KEY_KEY_ENCIPHERMENT)) - { - gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } - } - - if (encipher_type == CIPHER_SIGN) - { - /* The same as above, but for sign only keys - */ - if (!(key_usage & KEY_DIGITAL_SIGNATURE)) - { - gnutls_assert (); - return GNUTLS_E_KEY_USAGE_VIOLATION; - } - } - } + { + /* If key_usage has been set in the certificate + */ + + if (encipher_type == CIPHER_ENCRYPT) + { + /* If the key exchange method requires an encipher + * type algorithm, and key's usage does not permit + * encipherment, then fail. + */ + if (!(key_usage & KEY_KEY_ENCIPHERMENT)) + { + gnutls_assert (); + return GNUTLS_E_KEY_USAGE_VIOLATION; + } + } + + if (encipher_type == CIPHER_SIGN) + { + /* The same as above, but for sign only keys + */ + if (!(key_usage & KEY_DIGITAL_SIGNATURE)) + { + gnutls_assert (); + return GNUTLS_E_KEY_USAGE_VIOLATION; + } + } + } } return 0; } @@ -1106,7 +1106,7 @@ _gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg) static int parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, - const opaque * input_cert, int input_cert_size) + const opaque * input_cert, int input_cert_size) { int i, size; const opaque *ptr; @@ -1116,10 +1116,10 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, /* move to the certificate */ ptr = memmem (input_cert, input_cert_size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); if (ptr == NULL) ptr = memmem (input_cert, input_cert_size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); if (ptr == NULL) { @@ -1135,35 +1135,35 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, { *cert_list = - (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list, - i * - sizeof - (gnutls_x509_crt_t)); + (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list, + i * + sizeof + (gnutls_x509_crt_t)); if (*cert_list == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } ret = gnutls_x509_crt_init (&cert_list[0][i - 1]); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } tmp.data = (opaque *) ptr; tmp.size = size; ret = - gnutls_x509_crt_import (cert_list[0][i - 1], - &tmp, GNUTLS_X509_FMT_PEM); + gnutls_x509_crt_import (cert_list[0][i - 1], + &tmp, GNUTLS_X509_FMT_PEM); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* now we move ptr after the pem header */ @@ -1173,19 +1173,19 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, */ if (size > 0) - { - char *ptr3; + { + char *ptr3; - ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr3 == NULL) - ptr3 = memmem (ptr, size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + if (ptr3 == NULL) + ptr3 = memmem (ptr, size, + PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); - ptr = ptr3; - size = input_cert_size - (ptr - input_cert); - } + ptr = ptr3; + size = input_cert_size - (ptr - input_cert); + } else - ptr = NULL; + ptr = NULL; i++; count++; @@ -1203,7 +1203,7 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, */ static int parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, - const void *input_cert, int input_cert_size) + const void *input_cert, int input_cert_size) { int i; gnutls_datum_t tmp; @@ -1213,8 +1213,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, *cert_list = (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list, - i * - sizeof (gnutls_x509_crt_t)); + i * + sizeof (gnutls_x509_crt_t)); if (*cert_list == NULL) { @@ -1242,7 +1242,7 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, *ncerts = i; - return 1; /* one certificate parsed */ + return 1; /* one certificate parsed */ } /** @@ -1266,17 +1266,17 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, **/ int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, - const gnutls_datum_t * ca, - gnutls_x509_crt_fmt_t type) + const gnutls_datum_t * ca, + gnutls_x509_crt_fmt_t type) { int ret, ret2; if (type == GNUTLS_X509_FMT_DER) ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, - ca->data, ca->size); + ca->data, ca->size); else ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, - ca->data, ca->size); + ca->data, ca->size); if ((ret2 = add_new_crt_to_rdn_seq (res, ret)) < 0) return ret2; @@ -1306,15 +1306,15 @@ gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, - gnutls_x509_crt_t * ca_list, - int ca_list_size) + gnutls_x509_crt_t * ca_list, + int ca_list_size) { int ret, i, ret2; res->x509_ca_list = gnutls_realloc_fast (res->x509_ca_list, - (ca_list_size + - res->x509_ncas) * - sizeof (gnutls_x509_crt_t)); + (ca_list_size + + res->x509_ncas) * + sizeof (gnutls_x509_crt_t)); if (res->x509_ca_list == NULL) { gnutls_assert (); @@ -1325,19 +1325,19 @@ gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, { ret = gnutls_x509_crt_init (&res->x509_ca_list[res->x509_ncas]); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = _gnutls_x509_crt_cpy (res->x509_ca_list[res->x509_ncas], - ca_list[i]); + ca_list[i]); if (ret < 0) - { - gnutls_assert (); - gnutls_x509_crt_deinit (res->x509_ca_list[res->x509_ncas]); - return ret; - } + { + gnutls_assert (); + gnutls_x509_crt_deinit (res->x509_ca_list[res->x509_ncas]); + return ret; + } res->x509_ncas++; } @@ -1371,8 +1371,8 @@ gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, - const char *cafile, - gnutls_x509_crt_fmt_t type) + const char *cafile, + gnutls_x509_crt_fmt_t type) { int ret, ret2; size_t size; @@ -1413,7 +1413,7 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, static int parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, - const opaque * input_crl, int input_crl_size) + const opaque * input_crl, int input_crl_size) { int size, i; const opaque *ptr; @@ -1423,7 +1423,7 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, /* move to the certificate */ ptr = memmem (input_crl, input_crl_size, - PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); + PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); if (ptr == NULL) { gnutls_assert (); @@ -1439,35 +1439,35 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, { *crl_list = - (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list, - i * - sizeof - (gnutls_x509_crl_t)); + (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list, + i * + sizeof + (gnutls_x509_crl_t)); if (*crl_list == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } ret = gnutls_x509_crl_init (&crl_list[0][i - 1]); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } tmp.data = (char *) ptr; tmp.size = size; ret = - gnutls_x509_crl_import (crl_list[0][i - 1], - &tmp, GNUTLS_X509_FMT_PEM); + gnutls_x509_crl_import (crl_list[0][i - 1], + &tmp, GNUTLS_X509_FMT_PEM); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* now we move ptr after the pem header */ @@ -1478,9 +1478,9 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, size = input_crl_size - (ptr - input_crl); if (size > 0) - ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); + ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); else - ptr = NULL; + ptr = NULL; i++; count++; @@ -1497,7 +1497,7 @@ parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, */ static int parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, - const void *input_crl, int input_crl_size) + const void *input_crl, int input_crl_size) { int i; gnutls_datum_t tmp; @@ -1507,8 +1507,8 @@ parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, *crl_list = (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list, - i * - sizeof (gnutls_x509_crl_t)); + i * + sizeof (gnutls_x509_crl_t)); if (*crl_list == NULL) { @@ -1536,7 +1536,7 @@ parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, *ncrls = i; - return 1; /* one certificate parsed */ + return 1; /* one certificate parsed */ } @@ -1544,16 +1544,16 @@ parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls, */ static int read_crl_mem (gnutls_certificate_credentials_t res, const void *crl, - int crl_size, gnutls_x509_crt_fmt_t type) + int crl_size, gnutls_x509_crt_fmt_t type) { int ret; /* allocate space for the certificate to add */ res->x509_crl_list = gnutls_realloc_fast (res->x509_crl_list, - (1 + - res->x509_ncrls) * - sizeof (gnutls_x509_crl_t)); + (1 + + res->x509_ncrls) * + sizeof (gnutls_x509_crl_t)); if (res->x509_crl_list == NULL) { gnutls_assert (); @@ -1562,10 +1562,10 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl, if (type == GNUTLS_X509_FMT_DER) ret = parse_der_crl_mem (&res->x509_crl_list, - &res->x509_ncrls, crl, crl_size); + &res->x509_ncrls, crl, crl_size); else ret = parse_pem_crl_mem (&res->x509_crl_list, - &res->x509_ncrls, crl, crl_size); + &res->x509_ncrls, crl, crl_size); if (ret < 0) { @@ -1592,8 +1592,8 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl, **/ int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res, - const gnutls_datum_t * CRL, - gnutls_x509_crt_fmt_t type) + const gnutls_datum_t * CRL, + gnutls_x509_crt_fmt_t type) { int ret; @@ -1621,15 +1621,15 @@ gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, - gnutls_x509_crl_t * crl_list, - int crl_list_size) + gnutls_x509_crl_t * crl_list, + int crl_list_size) { int ret, i; res->x509_crl_list = gnutls_realloc_fast (res->x509_crl_list, - (crl_list_size + - res->x509_ncrls) * - sizeof (gnutls_x509_crl_t)); + (crl_list_size + + res->x509_ncrls) * + sizeof (gnutls_x509_crl_t)); if (res->x509_crl_list == NULL) { gnutls_assert (); @@ -1640,18 +1640,18 @@ gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, { ret = gnutls_x509_crl_init (&res->x509_crl_list[res->x509_ncrls]); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = _gnutls_x509_crl_cpy (res->x509_crl_list[res->x509_ncrls], - crl_list[i]); + crl_list[i]); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } res->x509_ncrls++; } @@ -1674,8 +1674,8 @@ gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, - const char *crlfile, - gnutls_x509_crt_fmt_t type) + const char *crlfile, + gnutls_x509_crt_fmt_t type) { int ret; size_t size; @@ -1689,10 +1689,10 @@ gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, if (type == GNUTLS_X509_FMT_DER) ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls, - data, size); + data, size); else ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls, - data, size); + data, size); free (data); @@ -1709,10 +1709,10 @@ gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, static int parse_pkcs12 (gnutls_certificate_credentials_t res, - gnutls_pkcs12_t p12, - const char *password, - gnutls_x509_privkey_t * key, - gnutls_x509_crt_t * cert, gnutls_x509_crl_t * crl) + gnutls_pkcs12_t p12, + const char *password, + gnutls_x509_privkey_t * key, + gnutls_x509_crt_t * cert, gnutls_x509_crl_t * crl) { gnutls_pkcs12_bag_t bag = NULL; int idx = 0; @@ -1735,117 +1735,117 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, ret = gnutls_pkcs12_bag_init (&bag); if (ret < 0) - { - bag = NULL; - gnutls_assert (); - goto done; - } + { + bag = NULL; + gnutls_assert (); + goto done; + } ret = gnutls_pkcs12_get_bag (p12, idx, bag); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + break; if (ret < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } ret = gnutls_pkcs12_bag_get_type (bag, 0); if (ret < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } if (ret == GNUTLS_BAG_ENCRYPTED) - { - ret = gnutls_pkcs12_bag_decrypt (bag, password); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - } + { + ret = gnutls_pkcs12_bag_decrypt (bag, password); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + } elements_in_bag = gnutls_pkcs12_bag_get_count (bag); if (elements_in_bag < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } for (i = 0; i < elements_in_bag; i++) - { - int type; - gnutls_datum_t data; - - type = gnutls_pkcs12_bag_get_type (bag, i); - if (type < 0) - { - gnutls_assert (); - goto done; - } - - ret = gnutls_pkcs12_bag_get_data (bag, i, &data); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - - switch (type) - { - case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: - case GNUTLS_BAG_PKCS8_KEY: - if (*key != NULL) /* too simple to continue */ - { - gnutls_assert (); - break; - } - - ret = gnutls_x509_privkey_init (key); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - - ret = gnutls_x509_privkey_import_pkcs8 - (*key, &data, GNUTLS_X509_FMT_DER, password, - type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0); - if (ret < 0) - { - gnutls_assert (); - gnutls_x509_privkey_deinit (*key); - goto done; - } - - key_id_size = sizeof (key_id); - ret = - gnutls_x509_privkey_get_key_id (*key, 0, key_id, - &key_id_size); - if (ret < 0) - { - gnutls_assert (); - gnutls_x509_privkey_deinit (*key); - goto done; - } - - privkey_ok = 1; /* break */ - break; - default: - break; - } - } + { + int type; + gnutls_datum_t data; + + type = gnutls_pkcs12_bag_get_type (bag, i); + if (type < 0) + { + gnutls_assert (); + goto done; + } + + ret = gnutls_pkcs12_bag_get_data (bag, i, &data); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + + switch (type) + { + case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: + case GNUTLS_BAG_PKCS8_KEY: + if (*key != NULL) /* too simple to continue */ + { + gnutls_assert (); + break; + } + + ret = gnutls_x509_privkey_init (key); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + + ret = gnutls_x509_privkey_import_pkcs8 + (*key, &data, GNUTLS_X509_FMT_DER, password, + type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0); + if (ret < 0) + { + gnutls_assert (); + gnutls_x509_privkey_deinit (*key); + goto done; + } + + key_id_size = sizeof (key_id); + ret = + gnutls_x509_privkey_get_key_id (*key, 0, key_id, + &key_id_size); + if (ret < 0) + { + gnutls_assert (); + gnutls_x509_privkey_deinit (*key); + goto done; + } + + privkey_ok = 1; /* break */ + break; + default: + break; + } + } idx++; gnutls_pkcs12_bag_deinit (bag); - if (privkey_ok != 0) /* private key was found */ - break; + if (privkey_ok != 0) /* private key was found */ + break; } - if (privkey_ok == 0) /* no private key */ + if (privkey_ok == 0) /* no private key */ { gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -1862,138 +1862,138 @@ parse_pkcs12 (gnutls_certificate_credentials_t res, ret = gnutls_pkcs12_bag_init (&bag); if (ret < 0) - { - bag = NULL; - gnutls_assert (); - goto done; - } + { + bag = NULL; + gnutls_assert (); + goto done; + } ret = gnutls_pkcs12_get_bag (p12, idx, bag); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + break; if (ret < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } ret = gnutls_pkcs12_bag_get_type (bag, 0); if (ret < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } if (ret == GNUTLS_BAG_ENCRYPTED) - { - ret = gnutls_pkcs12_bag_decrypt (bag, password); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - } + { + ret = gnutls_pkcs12_bag_decrypt (bag, password); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + } elements_in_bag = gnutls_pkcs12_bag_get_count (bag); if (elements_in_bag < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } for (i = 0; i < elements_in_bag; i++) - { - int type; - gnutls_datum_t data; - - type = gnutls_pkcs12_bag_get_type (bag, i); - if (type < 0) - { - gnutls_assert (); - goto done; - } - - ret = gnutls_pkcs12_bag_get_data (bag, i, &data); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - - switch (type) - { - case GNUTLS_BAG_CERTIFICATE: - if (*cert != NULL) /* no need to set it again */ - { - gnutls_assert (); - break; - } - - ret = gnutls_x509_crt_init (cert); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - - ret = - gnutls_x509_crt_import (*cert, &data, GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_assert (); - gnutls_x509_crt_deinit (*cert); - goto done; - } - - /* check if the key id match */ - cert_id_size = sizeof (cert_id); - ret = - gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size); - if (ret < 0) - { - gnutls_assert (); - gnutls_x509_crt_deinit (*cert); - goto done; - } - - if (memcmp (cert_id, key_id, cert_id_size) != 0) - { /* they don't match - skip the certificate */ - gnutls_x509_crt_deinit (*cert); - *cert = NULL; - } - break; - - case GNUTLS_BAG_CRL: - if (*crl != NULL) - { - gnutls_assert (); - break; - } - - ret = gnutls_x509_crl_init (crl); - if (ret < 0) - { - gnutls_assert (); - goto done; - } - - ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER); - if (ret < 0) - { - gnutls_assert (); - gnutls_x509_crl_deinit (*crl); - goto done; - } - break; - - case GNUTLS_BAG_ENCRYPTED: - /* XXX Bother to recurse one level down? Unlikely to - use the same password anyway. */ - case GNUTLS_BAG_EMPTY: - default: - break; - } - } + { + int type; + gnutls_datum_t data; + + type = gnutls_pkcs12_bag_get_type (bag, i); + if (type < 0) + { + gnutls_assert (); + goto done; + } + + ret = gnutls_pkcs12_bag_get_data (bag, i, &data); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + + switch (type) + { + case GNUTLS_BAG_CERTIFICATE: + if (*cert != NULL) /* no need to set it again */ + { + gnutls_assert (); + break; + } + + ret = gnutls_x509_crt_init (cert); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + + ret = + gnutls_x509_crt_import (*cert, &data, GNUTLS_X509_FMT_DER); + if (ret < 0) + { + gnutls_assert (); + gnutls_x509_crt_deinit (*cert); + goto done; + } + + /* check if the key id match */ + cert_id_size = sizeof (cert_id); + ret = + gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size); + if (ret < 0) + { + gnutls_assert (); + gnutls_x509_crt_deinit (*cert); + goto done; + } + + if (memcmp (cert_id, key_id, cert_id_size) != 0) + { /* they don't match - skip the certificate */ + gnutls_x509_crt_deinit (*cert); + *cert = NULL; + } + break; + + case GNUTLS_BAG_CRL: + if (*crl != NULL) + { + gnutls_assert (); + break; + } + + ret = gnutls_x509_crl_init (crl); + if (ret < 0) + { + gnutls_assert (); + goto done; + } + + ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER); + if (ret < 0) + { + gnutls_assert (); + gnutls_x509_crl_deinit (*crl); + goto done; + } + break; + + case GNUTLS_BAG_ENCRYPTED: + /* XXX Bother to recurse one level down? Unlikely to + use the same password anyway. */ + case GNUTLS_BAG_EMPTY: + default: + break; + } + } idx++; gnutls_pkcs12_bag_deinit (bag); @@ -2059,7 +2059,7 @@ int ret = gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type, - password); + password); free (p12blob.data); return ret; @@ -2129,11 +2129,11 @@ int { ret = gnutls_pkcs12_verify_mac (p12, password); if (ret < 0) - { - gnutls_assert (); - gnutls_pkcs12_deinit (p12); - return ret; - } + { + gnutls_assert (); + gnutls_pkcs12_deinit (p12); + return ret; + } } ret = parse_pkcs12 (res, p12, password, &key, &cert, &crl); @@ -2148,20 +2148,20 @@ int { ret = gnutls_certificate_set_x509_key (res, &cert, 1, key); if (ret < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } } if (crl) { ret = gnutls_certificate_set_x509_crl (res, &crl, 1); if (ret < 0) - { - gnutls_assert (); - goto done; - } + { + gnutls_assert (); + goto done; + } } ret = 0; diff --git a/lib/gnutls_x509.h b/lib/gnutls_x509.h index d1ba1cbcba..db10589425 100644 --- a/lib/gnutls_x509.h +++ b/lib/gnutls_x509.h @@ -27,7 +27,7 @@ #include <gnutls/abstract.h> int _gnutls_x509_cert_verify_peers (gnutls_session_t session, - unsigned int *status); + unsigned int *status); #define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE" #define PEM_CERT_SEP "-----BEGIN CERTIFICATE" @@ -38,8 +38,8 @@ int _gnutls_x509_cert_verify_peers (gnutls_session_t session, #define PEM_KEY_DSA_SEP "-----BEGIN DSA" int _gnutls_check_key_usage (const gnutls_cert * cert, - gnutls_kx_algorithm_t alg); + gnutls_kx_algorithm_t alg); int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey_t * privkey, - const gnutls_datum_t * raw_key, - gnutls_x509_crt_fmt_t type); + const gnutls_datum_t * raw_key, + gnutls_x509_crt_fmt_t type); diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h index 5fcbc3cd89..8bffeb52f4 100644 --- a/lib/includes/gnutls/abstract.h +++ b/lib/includes/gnutls/abstract.h @@ -20,55 +20,55 @@ void gnutls_pubkey_deinit (gnutls_pubkey_t key); int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits); int gnutls_pubkey_import_x509 (gnutls_pubkey_t pkey, gnutls_x509_crt_t crt, - unsigned int flags); + unsigned int flags); int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey, - gnutls_pkcs11_obj_t crt, unsigned int flags); + gnutls_pkcs11_obj_t crt, unsigned int flags); int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flags); + gnutls_openpgp_crt_t crt, + gnutls_openpgp_keyid_t keyid, + unsigned int flags); int gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, - unsigned int usage, unsigned int flags); + unsigned int usage, unsigned int flags); int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand); + gnutls_digest_algorithm_t * + hash, unsigned int *mand); int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t crt, - gnutls_datum_t * m, gnutls_datum_t * e); + gnutls_datum_t * m, gnutls_datum_t * e); int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y); + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y); int gnutls_pubkey_export (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); + unsigned char *output_data, + size_t * output_data_size); int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage); int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage); int gnutls_pubkey_import (gnutls_pubkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y); + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y); int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t pubkey, - const gnutls_datum_t * m, - const gnutls_datum_t * e); + const gnutls_datum_t * m, + const gnutls_datum_t * e); int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key); @@ -76,66 +76,66 @@ int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key); int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature); + const gnutls_datum_t * hash, + const gnutls_datum_t * signature); int gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash); + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash); /* Private key operations */ int gnutls_privkey_init (gnutls_privkey_t * key); void gnutls_privkey_deinit (gnutls_privkey_t key); int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, - unsigned int *bits); + unsigned int *bits); gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key); #define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1 int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey, - gnutls_pkcs11_privkey_t key, - unsigned int flags); + gnutls_pkcs11_privkey_t key, + unsigned int flags); int gnutls_privkey_import_x509 (gnutls_privkey_t pkey, - gnutls_x509_privkey_t key, - unsigned int flags); + gnutls_x509_privkey_t key, + unsigned int flags); int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey, - gnutls_openpgp_privkey_t key, - unsigned int flags); + gnutls_openpgp_privkey_t key, + unsigned int flags); int gnutls_privkey_sign_data (gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_privkey_sign_hash2 (gnutls_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature); int gnutls_privkey_decrypt_data (gnutls_privkey_t signer, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, - gnutls_privkey_t key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_privkey_t key, + gnutls_digest_algorithm_t dig, + unsigned int flags); #endif diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h index 635cfbf921..e0191e14ab 100644 --- a/lib/includes/gnutls/compat.h +++ b/lib/includes/gnutls/compat.h @@ -123,7 +123,7 @@ typedef struct gnutls_retr_st gnutls_x509_crt_t *x509; gnutls_openpgp_crt_t pgp; } cert; - unsigned int ncerts; /* one for pgp keys */ + unsigned int ncerts; /* one for pgp keys */ union { @@ -131,22 +131,22 @@ typedef struct gnutls_retr_st gnutls_openpgp_privkey_t pgp; } key; - unsigned int deinit_all; /* if non zero all keys will be deinited */ + unsigned int deinit_all; /* if non zero all keys will be deinited */ } gnutls_retr_st; typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t, - const - gnutls_datum_t * - req_ca_rdn, - int nreqs, - const - gnutls_pk_algorithm_t - * pk_algos, - int - pk_algos_length, - gnutls_retr_st *); + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr_st *); typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t, - gnutls_retr_st *); + gnutls_retr_st *); void gnutls_certificate_client_set_retrieve_function (gnutls_certificate_credentials_t cred, @@ -161,15 +161,15 @@ void /* External signing callback. No longer supported because it * was deprecated by the PKCS #11 API. */ typedef int (*gnutls_sign_func) (gnutls_session_t session, - void *userdata, - gnutls_certificate_type_t cert_type, - const gnutls_datum_t * cert, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + void *userdata, + gnutls_certificate_type_t cert_type, + const gnutls_datum_t * cert, + const gnutls_datum_t * hash, + gnutls_datum_t * signature); void gnutls_sign_callback_set (gnutls_session_t session, - gnutls_sign_func sign_func, void *userdata) + gnutls_sign_func sign_func, void *userdata) _GNUTLS_GCC_ATTR_DEPRECATED; gnutls_sign_func gnutls_sign_callback_get (gnutls_session_t session, void **userdata); @@ -178,21 +178,21 @@ gnutls_sign_callback_get (gnutls_session_t session, void **userdata); * structures are used. */ int gnutls_ext_register (int type, - const char *name, - gnutls_ext_parse_type_t parse_type, - gnutls_ext_recv_func recv_func, - gnutls_ext_send_func send_func) + const char *name, + gnutls_ext_parse_type_t parse_type, + gnutls_ext_recv_func recv_func, + gnutls_ext_send_func send_func) _GNUTLS_GCC_ATTR_DEPRECATED; /* We no longer support the finished callback. Use * gnutls_session_channel_binding for similar functionality. */ typedef void (*gnutls_finished_callback_func) (gnutls_session_t session, - const void *finished, - size_t len); + const void *finished, + size_t len); void gnutls_session_set_finished_function (gnutls_session_t session, - gnutls_finished_callback_func - func) + gnutls_finished_callback_func + func) _GNUTLS_GCC_ATTR_DEPRECATED; /* returns security values. @@ -209,18 +209,18 @@ gnutls_sign_callback_get (gnutls_session_t session, void **userdata); _GNUTLS_GCC_ATTR_DEPRECATED; int gnutls_psk_netconf_derive_key (const char *password, - const char *psk_identity, - const char *psk_identity_hint, - gnutls_datum_t * - output_key) + const char *psk_identity, + const char *psk_identity_hint, + gnutls_datum_t * + output_key) _GNUTLS_GCC_ATTR_DEPRECATED; /* This is a very dangerous and error-prone function. * Do not use. */ - int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) - _GNUTLS_GCC_ATTR_DEPRECATED; + int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, + const gnutls_datum_t * hash, + gnutls_datum_t * signature) + _GNUTLS_GCC_ATTR_DEPRECATED; #endif /* _GNUTLS_COMPAT_H */ diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 13ddf20417..0f61981d99 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -30,48 +30,49 @@ extern "C" { #endif -typedef struct cipher_hd_st *gnutls_cipher_hd_t; - -int gnutls_cipher_init (gnutls_cipher_hd_t * handle, - gnutls_cipher_algorithm_t cipher, - const gnutls_datum_t * key, - const gnutls_datum_t * iv); -int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle, - void *text, size_t textlen); -int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, - void *ciphertext, size_t ciphertextlen); -int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext, - size_t ciphertextlen, void *text, size_t textlen); -int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, - size_t textlen, void *ciphertext, - size_t ciphertextlen); - -void gnutls_cipher_deinit (gnutls_cipher_hd_t handle); -int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm); - - -typedef struct hash_hd_st *gnutls_hash_hd_t; -typedef struct hmac_hd_st *gnutls_hmac_hd_t; - -int gnutls_hmac_init (gnutls_hmac_hd_t * dig, - gnutls_digest_algorithm_t algorithm, const void *key, - size_t keylen); -int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen); -void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest); -void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest); -int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm); -int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, - size_t keylen, const void *text, size_t textlen, - void *digest); - -int gnutls_hash_init (gnutls_hash_hd_t * dig, - gnutls_digest_algorithm_t algorithm); -int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen); -void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest); -void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest); -int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm); -int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, - const void *text, size_t textlen, void *digest); + typedef struct cipher_hd_st *gnutls_cipher_hd_t; + + int gnutls_cipher_init (gnutls_cipher_hd_t * handle, + gnutls_cipher_algorithm_t cipher, + const gnutls_datum_t * key, + const gnutls_datum_t * iv); + int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle, + void *text, size_t textlen); + int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle, + void *ciphertext, size_t ciphertextlen); + int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, + const void *ciphertext, size_t ciphertextlen, + void *text, size_t textlen); + int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, + size_t textlen, void *ciphertext, + size_t ciphertextlen); + + void gnutls_cipher_deinit (gnutls_cipher_hd_t handle); + int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm); + + + typedef struct hash_hd_st *gnutls_hash_hd_t; + typedef struct hmac_hd_st *gnutls_hmac_hd_t; + + int gnutls_hmac_init (gnutls_hmac_hd_t * dig, + gnutls_digest_algorithm_t algorithm, const void *key, + size_t keylen); + int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen); + void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest); + void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest); + int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm); + int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key, + size_t keylen, const void *text, size_t textlen, + void *digest); + + int gnutls_hash_init (gnutls_hash_hd_t * dig, + gnutls_digest_algorithm_t algorithm); + int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen); + void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest); + void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest); + int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm); + int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, + const void *text, size_t textlen, void *digest); /* register ciphers */ @@ -81,35 +82,35 @@ int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, #define gnutls_crypto_single_mac_st gnutls_crypto_mac_st #define gnutls_crypto_single_digest_st gnutls_crypto_digest_st -typedef struct -{ - int (*init) (gnutls_cipher_algorithm_t, void **ctx); - int (*setkey) (void *ctx, const void *key, size_t keysize); - int (*setiv) (void *ctx, const void *iv, size_t ivsize); - int (*encrypt) (void *ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize); - int (*decrypt) (void *ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize); - void (*deinit) (void *ctx); -} gnutls_crypto_cipher_st; - -typedef struct -{ - int (*init) (gnutls_mac_algorithm_t, void **ctx); - int (*setkey) (void *ctx, const void *key, size_t keysize); - int (*hash) (void *ctx, const void *text, size_t textsize); - int (*output) (void *src_ctx, void *digest, size_t digestsize); - void (*deinit) (void *ctx); -} gnutls_crypto_mac_st; - -typedef struct -{ - int (*init) (gnutls_mac_algorithm_t, void **ctx); - int (*hash) (void *ctx, const void *text, size_t textsize); - int (*copy) (void **dst_ctx, void *src_ctx); - int (*output) (void *src_ctx, void *digest, size_t digestsize); - void (*deinit) (void *ctx); -} gnutls_crypto_digest_st; + typedef struct + { + int (*init) (gnutls_cipher_algorithm_t, void **ctx); + int (*setkey) (void *ctx, const void *key, size_t keysize); + int (*setiv) (void *ctx, const void *iv, size_t ivsize); + int (*encrypt) (void *ctx, const void *plain, size_t plainsize, + void *encr, size_t encrsize); + int (*decrypt) (void *ctx, const void *encr, size_t encrsize, + void *plain, size_t plainsize); + void (*deinit) (void *ctx); + } gnutls_crypto_cipher_st; + + typedef struct + { + int (*init) (gnutls_mac_algorithm_t, void **ctx); + int (*setkey) (void *ctx, const void *key, size_t keysize); + int (*hash) (void *ctx, const void *text, size_t textsize); + int (*output) (void *src_ctx, void *digest, size_t digestsize); + void (*deinit) (void *ctx); + } gnutls_crypto_mac_st; + + typedef struct + { + int (*init) (gnutls_mac_algorithm_t, void **ctx); + int (*hash) (void *ctx, const void *text, size_t textsize); + int (*copy) (void **dst_ctx, void *src_ctx); + int (*output) (void *src_ctx, void *digest, size_t digestsize); + void (*deinit) (void *ctx); + } gnutls_crypto_digest_st; /** * gnutls_rnd_level_t: @@ -121,14 +122,14 @@ typedef struct * * Enumeration of random quality levels. */ -typedef enum gnutls_rnd_level -{ - GNUTLS_RND_NONCE = 0, - GNUTLS_RND_RANDOM = 1, - GNUTLS_RND_KEY = 2 -} gnutls_rnd_level_t; + typedef enum gnutls_rnd_level + { + GNUTLS_RND_NONCE = 0, + GNUTLS_RND_RANDOM = 1, + GNUTLS_RND_KEY = 2 + } gnutls_rnd_level_t; -int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len); + int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len); /** @@ -137,19 +138,19 @@ int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len); * * Enumeration of public-key flag. */ -typedef enum -{ - GNUTLS_PK_FLAG_NONE = 0 -} gnutls_pk_flag_t; + typedef enum + { + GNUTLS_PK_FLAG_NONE = 0 + } gnutls_pk_flag_t; -typedef struct gnutls_crypto_rnd -{ - int (*init) (void **ctx); - int (*rnd) (void *ctx, int level, void *data, size_t datasize); - void (*deinit) (void *ctx); -} gnutls_crypto_rnd_st; + typedef struct gnutls_crypto_rnd + { + int (*init) (void **ctx); + int (*rnd) (void *ctx, int level, void *data, size_t datasize); + void (*deinit) (void *ctx); + } gnutls_crypto_rnd_st; -typedef void *bigint_t; + typedef void *bigint_t; /** * gnutls_bigint_format_t: @@ -160,90 +161,93 @@ typedef void *bigint_t; * * Enumeration of different bignum integer encoding formats. */ -typedef enum -{ - /* raw unsigned integer format */ - GNUTLS_MPI_FORMAT_USG = 0, - /* raw signed integer format - always a leading zero when positive */ - GNUTLS_MPI_FORMAT_STD = 1, - /* the pgp integer format */ - GNUTLS_MPI_FORMAT_PGP = 2 -} gnutls_bigint_format_t; - -typedef struct -{ - bigint_t g; /* group generator */ - bigint_t p; /* prime */ -} gnutls_group_st; + typedef enum + { + /* raw unsigned integer format */ + GNUTLS_MPI_FORMAT_USG = 0, + /* raw signed integer format - always a leading zero when positive */ + GNUTLS_MPI_FORMAT_STD = 1, + /* the pgp integer format */ + GNUTLS_MPI_FORMAT_PGP = 2 + } gnutls_bigint_format_t; + + typedef struct + { + bigint_t g; /* group generator */ + bigint_t p; /* prime */ + } gnutls_group_st; /* Multi precision integer arithmetic */ -typedef struct gnutls_crypto_bigint -{ - bigint_t (*bigint_new) (int nbits); - void (*bigint_release) (bigint_t n); - /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */ - int (*bigint_cmp) (const bigint_t m1, const bigint_t m2); - /* as bigint_cmp */ - int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2); - /* ret = a % b */ - bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b); - /* a = b -> ret == a */ - bigint_t (*bigint_set) (bigint_t a, const bigint_t b); - /* a = b -> ret == a */ - bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b); - unsigned int (*bigint_get_nbits) (const bigint_t a); - /* w = b ^ e mod m */ - bigint_t (*bigint_powm) (bigint_t w, const bigint_t b, - const bigint_t e, const bigint_t m); - /* w = a + b mod m */ - bigint_t (*bigint_addm) (bigint_t w, const bigint_t a, - const bigint_t b, const bigint_t m); - /* w = a - b mod m */ - bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m); - /* w = a * b mod m */ - bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m); - /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a, - const bigint_t b); - /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a, - const bigint_t b); - /* w = a * b */ - bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b); - /* w = a + b */ - bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a, unsigned long b); - /* w = a - b */ - bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a, unsigned long b); - /* w = a * b */ - bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a, unsigned long b); - /* q = a / b */ - bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b); - /* 0 if prime */ - int (*bigint_prime_check) (const bigint_t pp); - int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits); - - /* reads an bigint from a buffer */ - /* stores an bigint into the buffer. returns - * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to - * store this integer, and updates the buf_size; - */ - bigint_t (*bigint_scan) (const void *buf, size_t buf_size, - gnutls_bigint_format_t format); - int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size, - gnutls_bigint_format_t format); -} gnutls_crypto_bigint_st; + typedef struct gnutls_crypto_bigint + { + bigint_t (*bigint_new) (int nbits); + void (*bigint_release) (bigint_t n); + /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */ + int (*bigint_cmp) (const bigint_t m1, const bigint_t m2); + /* as bigint_cmp */ + int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2); + /* ret = a % b */ + bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b); + /* a = b -> ret == a */ + bigint_t (*bigint_set) (bigint_t a, const bigint_t b); + /* a = b -> ret == a */ + bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b); + unsigned int (*bigint_get_nbits) (const bigint_t a); + /* w = b ^ e mod m */ + bigint_t (*bigint_powm) (bigint_t w, const bigint_t b, + const bigint_t e, const bigint_t m); + /* w = a + b mod m */ + bigint_t (*bigint_addm) (bigint_t w, const bigint_t a, + const bigint_t b, const bigint_t m); + /* w = a - b mod m */ + bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m); + /* w = a * b mod m */ + bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b, + const bigint_t m); + /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a, + const bigint_t b); + /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a, + const bigint_t b); + /* w = a * b */ + bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b); + /* w = a + b */ + bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a, + unsigned long b); + /* w = a - b */ + bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a, + unsigned long b); + /* w = a * b */ + bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a, + unsigned long b); + /* q = a / b */ + bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b); + /* 0 if prime */ + int (*bigint_prime_check) (const bigint_t pp); + int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits); + + /* reads an bigint from a buffer */ + /* stores an bigint into the buffer. returns + * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to + * store this integer, and updates the buf_size; + */ + bigint_t (*bigint_scan) (const void *buf, size_t buf_size, + gnutls_bigint_format_t format); + int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size, + gnutls_bigint_format_t format); + } gnutls_crypto_bigint_st; #define GNUTLS_MAX_PK_PARAMS 16 -typedef struct -{ - bigint_t params[GNUTLS_MAX_PK_PARAMS]; - unsigned int params_nr; /* the number of parameters */ - unsigned int flags; -} gnutls_pk_params_st; + typedef struct + { + bigint_t params[GNUTLS_MAX_PK_PARAMS]; + unsigned int params_nr; /* the number of parameters */ + unsigned int flags; + } gnutls_pk_params_st; -void gnutls_pk_params_release (gnutls_pk_params_st * p); -void gnutls_pk_params_init (gnutls_pk_params_st * p); + void gnutls_pk_params_release (gnutls_pk_params_st * p); + void gnutls_pk_params_init (gnutls_pk_params_st * p); /* params are: * RSA: @@ -274,40 +278,40 @@ void gnutls_pk_params_init (gnutls_pk_params_st * p); * * Enumeration of different directions. */ -typedef enum -{ - GNUTLS_IMPORT = 0, - GNUTLS_EXPORT = 1 -} gnutls_direction_t; + typedef enum + { + GNUTLS_IMPORT = 0, + GNUTLS_EXPORT = 1 + } gnutls_direction_t; /* Public key algorithms */ -typedef struct gnutls_crypto_pk -{ - /* The params structure should contain the private or public key - * parameters, depending on the operation */ - int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - const gnutls_pk_params_st * pub); - int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - const gnutls_pk_params_st * priv); - - int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature, - const gnutls_datum_t * data, - const gnutls_pk_params_st * priv); - int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data, - const gnutls_datum_t * signature, - const gnutls_pk_params_st * pub); - - int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits, - gnutls_pk_params_st *); - /* this function should convert params to ones suitable - * for the above functions - */ - int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t, - gnutls_pk_params_st *); - -} gnutls_crypto_pk_st; + typedef struct gnutls_crypto_pk + { + /* The params structure should contain the private or public key + * parameters, depending on the operation */ + int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext, + const gnutls_datum_t * plaintext, + const gnutls_pk_params_st * pub); + int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext, + const gnutls_datum_t * ciphertext, + const gnutls_pk_params_st * priv); + + int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature, + const gnutls_datum_t * data, + const gnutls_pk_params_st * priv); + int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data, + const gnutls_datum_t * signature, + const gnutls_pk_params_st * pub); + + int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits, + gnutls_pk_params_st *); + /* this function should convert params to ones suitable + * for the above functions + */ + int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t, + gnutls_pk_params_st *); + + } gnutls_crypto_pk_st; /* priority: infinity for backend algorithms, 90 for kernel algorithms, lowest wins @@ -322,22 +326,22 @@ typedef struct gnutls_crypto_pk gnutls_crypto_single_digest_register2(algo, prio, \ GNUTLS_CRYPTO_API_VERSION, st) -int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t - algorithm, int priority, - int version, - const - gnutls_crypto_single_cipher_st * - s); -int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm, - int priority, int version, - const gnutls_crypto_single_mac_st * - s); -int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t - algorithm, int priority, - int version, - const - gnutls_crypto_single_digest_st * - s); + int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t + algorithm, int priority, + int version, + const + gnutls_crypto_single_cipher_st * + s); + int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm, + int priority, int version, + const gnutls_crypto_single_mac_st * + s); + int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t + algorithm, int priority, + int version, + const + gnutls_crypto_single_digest_st * + s); #define gnutls_crypto_cipher_register(prio, st) \ gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) @@ -346,12 +350,12 @@ int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t #define gnutls_crypto_digest_register(prio, st) \ gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -int gnutls_crypto_cipher_register2 (int priority, int version, - const gnutls_crypto_cipher_st * s); -int gnutls_crypto_mac_register2 (int priority, int version, - const gnutls_crypto_mac_st * s); -int gnutls_crypto_digest_register2 (int priority, int version, - const gnutls_crypto_digest_st * s); + int gnutls_crypto_cipher_register2 (int priority, int version, + const gnutls_crypto_cipher_st * s); + int gnutls_crypto_mac_register2 (int priority, int version, + const gnutls_crypto_mac_st * s); + int gnutls_crypto_digest_register2 (int priority, int version, + const gnutls_crypto_digest_st * s); #define gnutls_crypto_rnd_register(prio, st) \ gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) @@ -360,12 +364,12 @@ int gnutls_crypto_digest_register2 (int priority, int version, #define gnutls_crypto_bigint_register(prio, st) \ gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st) -int gnutls_crypto_rnd_register2 (int priority, int version, - const gnutls_crypto_rnd_st * s); -int gnutls_crypto_pk_register2 (int priority, int version, - const gnutls_crypto_pk_st * s); -int gnutls_crypto_bigint_register2 (int priority, int version, - const gnutls_crypto_bigint_st * s); + int gnutls_crypto_rnd_register2 (int priority, int version, + const gnutls_crypto_rnd_st * s); + int gnutls_crypto_pk_register2 (int priority, int version, + const gnutls_crypto_pk_st * s); + int gnutls_crypto_bigint_register2 (int priority, int version, + const gnutls_crypto_bigint_st * s); #ifdef __cplusplus } diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 139ac612f7..b7725b959f 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -270,9 +270,9 @@ extern "C" GNUTLS_COMP_NULL = 1, GNUTLS_COMP_DEFLATE = 2, GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE, - GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has - been initialized - */ + GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has + been initialized + */ } gnutls_compression_method_t; /** @@ -673,12 +673,12 @@ extern "C" } gnutls_params_st; typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t, - gnutls_params_st *); + gnutls_params_st *); /* internal functions */ int gnutls_init (gnutls_session_t * session, - gnutls_connection_end_t con_end); + gnutls_connection_end_t con_end); void gnutls_deinit (gnutls_session_t session); #define _gnutls_deinit(x) gnutls_deinit(x) @@ -689,16 +689,16 @@ extern "C" gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session); int gnutls_alert_send (gnutls_session_t session, - gnutls_alert_level_t level, - gnutls_alert_description_t desc); + gnutls_alert_level_t level, + gnutls_alert_description_t desc); int gnutls_alert_send_appropriate (gnutls_session_t session, int err); const char *gnutls_alert_get_name (gnutls_alert_description_t alert); gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, - unsigned int bits); + unsigned int bits); const char *gnutls_sec_param_get_name (gnutls_sec_param_t param); unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, - gnutls_sec_param_t param); + gnutls_sec_param_t param); /* get information on the current session */ gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session); @@ -709,8 +709,8 @@ extern "C" gnutls_certificate_type_t gnutls_certificate_type_get (gnutls_session_t session); int gnutls_sign_algorithm_get_requested (gnutls_session_t session, - size_t indx, - gnutls_sign_algorithm_t * algo); + size_t indx, + gnutls_sign_algorithm_t * algo); size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm); size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm); @@ -719,10 +719,10 @@ extern "C" const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm); const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm); const char *gnutls_compression_get_name (gnutls_compression_method_t - algorithm); + algorithm); const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm); const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t - type); + type); const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm); const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm); @@ -745,11 +745,11 @@ extern "C" const gnutls_pk_algorithm_t *gnutls_pk_list (void); const gnutls_sign_algorithm_t *gnutls_sign_list (void); const char *gnutls_cipher_suite_info (size_t idx, - char *cs_id, - gnutls_kx_algorithm_t * kx, - gnutls_cipher_algorithm_t * cipher, - gnutls_mac_algorithm_t * mac, - gnutls_protocol_t * version); + char *cs_id, + gnutls_kx_algorithm_t * kx, + gnutls_cipher_algorithm_t * cipher, + gnutls_mac_algorithm_t * mac, + gnutls_protocol_t * version); /* error functions */ int gnutls_error_is_fatal (int error); @@ -762,7 +762,7 @@ extern "C" /* Semi-internal functions. */ void gnutls_handshake_set_private_extensions (gnutls_session_t session, - int allow); + int allow); gnutls_handshake_description_t gnutls_handshake_get_last_out (gnutls_session_t session); gnutls_handshake_description_t @@ -771,9 +771,9 @@ extern "C" /* Record layer functions. */ ssize_t gnutls_record_send (gnutls_session_t session, const void *data, - size_t sizeofdata); + size_t sizeofdata); ssize_t gnutls_record_recv (gnutls_session_t session, void *data, - size_t sizeofdata); + size_t sizeofdata); #define gnutls_read gnutls_record_recv #define gnutls_write gnutls_record_send @@ -789,22 +789,22 @@ extern "C" size_t gnutls_record_check_pending (gnutls_session_t session); int gnutls_prf (gnutls_session_t session, - size_t label_size, const char *label, - int server_random_first, - size_t extra_size, const char *extra, - size_t outsize, char *out); + size_t label_size, const char *label, + int server_random_first, + size_t extra_size, const char *extra, + size_t outsize, char *out); int gnutls_prf_raw (gnutls_session_t session, - size_t label_size, const char *label, - size_t seed_size, const char *seed, - size_t outsize, char *out); + size_t label_size, const char *label, + size_t seed_size, const char *seed, + size_t outsize, char *out); /* TLS Extensions */ typedef int (*gnutls_ext_recv_func) (gnutls_session_t session, - const unsigned char *data, size_t len); + const unsigned char *data, size_t len); typedef int (*gnutls_ext_send_func) (gnutls_session_t session, - unsigned char *data, size_t len); + unsigned char *data, size_t len); /** * gnutls_ext_parse_type_t: @@ -842,12 +842,12 @@ extern "C" } gnutls_server_name_type_t; int gnutls_server_name_set (gnutls_session_t session, - gnutls_server_name_type_t type, - const void *name, size_t name_length); + gnutls_server_name_type_t type, + const void *name, size_t name_length); int gnutls_server_name_get (gnutls_session_t session, - void *data, size_t * data_length, - unsigned int *type, unsigned int indx); + void *data, size_t * data_length, + unsigned int *type, unsigned int indx); /* Safe renegotiation */ int gnutls_safe_renegotiation_status (gnutls_session_t session); @@ -865,37 +865,37 @@ extern "C" const char *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t - type); + type); /* SessionTicket, RFC 5077. */ int gnutls_session_ticket_key_generate (gnutls_datum_t * key); int gnutls_session_ticket_enable_client (gnutls_session_t session); int gnutls_session_ticket_enable_server (gnutls_session_t session, - const gnutls_datum_t * key); + const gnutls_datum_t * key); /* functions to set priority of cipher suites */ int gnutls_cipher_set_priority (gnutls_session_t session, const int *list); int gnutls_mac_set_priority (gnutls_session_t session, const int *list); int gnutls_compression_set_priority (gnutls_session_t session, - const int *list); + const int *list); int gnutls_kx_set_priority (gnutls_session_t session, const int *list); int gnutls_protocol_set_priority (gnutls_session_t session, - const int *list); + const int *list); int gnutls_certificate_type_set_priority (gnutls_session_t session, - const int *list); + const int *list); /* if you just want some defaults, use the following. */ int gnutls_priority_init (gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos); + const char *priorities, const char **err_pos); void gnutls_priority_deinit (gnutls_priority_t priority_cache); int gnutls_priority_set (gnutls_session_t session, - gnutls_priority_t priority); + gnutls_priority_t priority); int gnutls_priority_set_direct (gnutls_session_t session, - const char *priorities, - const char **err_pos); + const char *priorities, + const char **err_pos); /* for compatibility */ @@ -904,11 +904,11 @@ extern "C" /* Returns the name of a cipher suite */ const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t - kx_algorithm, - gnutls_cipher_algorithm_t - cipher_algorithm, - gnutls_mac_algorithm_t - mac_algorithm); + kx_algorithm, + gnutls_cipher_algorithm_t + cipher_algorithm, + gnutls_mac_algorithm_t + mac_algorithm); /* get the currently used protocol version */ gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session); @@ -919,29 +919,29 @@ extern "C" /* get/set session */ int gnutls_session_set_data (gnutls_session_t session, - const void *session_data, - size_t session_data_size); + const void *session_data, + size_t session_data_size); int gnutls_session_get_data (gnutls_session_t session, void *session_data, - size_t * session_data_size); + size_t * session_data_size); int gnutls_session_get_data2 (gnutls_session_t session, - gnutls_datum_t * data); + gnutls_datum_t * data); /* returns the session ID */ #define GNUTLS_MAX_SESSION_ID 32 int gnutls_session_get_id (gnutls_session_t session, void *session_id, - size_t * session_id_size); + size_t * session_id_size); int gnutls_session_channel_binding (gnutls_session_t session, - gnutls_channel_binding_t cbtype, - gnutls_datum_t * cb); + gnutls_channel_binding_t cbtype, + gnutls_datum_t * cb); /* checks if this session is a resumed one */ int gnutls_session_is_resumed (gnutls_session_t session); typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key, - gnutls_datum_t data); + gnutls_datum_t data); typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key); typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key); @@ -949,24 +949,24 @@ extern "C" void gnutls_db_remove_session (gnutls_session_t session); void gnutls_db_set_retrieve_function (gnutls_session_t session, - gnutls_db_retr_func retr_func); + gnutls_db_retr_func retr_func); void gnutls_db_set_remove_function (gnutls_session_t session, - gnutls_db_remove_func rem_func); + gnutls_db_remove_func rem_func); void gnutls_db_set_store_function (gnutls_session_t session, - gnutls_db_store_func store_func); + gnutls_db_store_func store_func); void gnutls_db_set_ptr (gnutls_session_t session, void *ptr); void *gnutls_db_get_ptr (gnutls_session_t session); int gnutls_db_check_entry (gnutls_session_t session, - gnutls_datum_t session_entry); + gnutls_datum_t session_entry); typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t); void gnutls_handshake_set_post_client_hello_function (gnutls_session_t session, - gnutls_handshake_post_client_hello_func - func); + gnutls_handshake_post_client_hello_func + func); void gnutls_handshake_set_max_packet_length (gnutls_session_t session, - size_t max); + size_t max); /* returns libgnutls version (call it with a NULL argument) */ @@ -979,7 +979,7 @@ extern "C" /* cred is a structure defined by the kx algorithm */ int gnutls_credentials_set (gnutls_session_t session, - gnutls_credentials_type_t type, void *cred); + gnutls_credentials_type_t type, void *cred); #define gnutls_cred_set gnutls_credentials_set /* Credential structures - used in gnutls_credentials_set(); */ @@ -998,24 +998,24 @@ extern "C" *gnutls_anon_client_credentials_t; void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t - sc); + sc); int gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t - * sc); + * sc); void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res, - gnutls_dh_params_t dh_params); + gnutls_dh_params_t dh_params); void gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t - res, - gnutls_params_function * func); + res, + gnutls_params_function * func); void gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc); int gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t - * sc); + * sc); /* CERTFILE is an x509 certificate in PEM form. * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys). @@ -1024,7 +1024,7 @@ extern "C" gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc); int gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t - * res); + * res); void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc); void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc); @@ -1032,45 +1032,45 @@ extern "C" void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc); void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res, - gnutls_dh_params_t dh_params); + gnutls_dh_params_t dh_params); void gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t - res, - gnutls_rsa_params_t rsa_params); + res, + gnutls_rsa_params_t rsa_params); void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t - res, unsigned int flags); + res, unsigned int flags); void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t - res, unsigned int max_bits, - unsigned int max_depth); + res, unsigned int max_bits, + unsigned int max_depth); int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t - res, const char *cafile, - gnutls_x509_crt_fmt_t type); + res, const char *cafile, + gnutls_x509_crt_fmt_t type); int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * ca, - gnutls_x509_crt_fmt_t type); + res, const gnutls_datum_t * ca, + gnutls_x509_crt_fmt_t type); int gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t - res, const char *crlfile, - gnutls_x509_crt_fmt_t type); + res, const char *crlfile, + gnutls_x509_crt_fmt_t type); int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * CRL, - gnutls_x509_crt_fmt_t type); + res, const gnutls_datum_t * CRL, + gnutls_x509_crt_fmt_t type); int gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - gnutls_x509_crt_fmt_t type); + res, const char *certfile, + const char *keyfile, + gnutls_x509_crt_fmt_t type); int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_x509_crt_fmt_t type); + res, const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_x509_crt_fmt_t type); void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session, - int status); + int status); int gnutls_certificate_set_x509_simple_pkcs12_file (gnutls_certificate_credentials_t res, const char *pkcs12file, @@ -1094,29 +1094,29 @@ extern "C" typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t; int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, - gnutls_x509_crt_t * cert_list, - int cert_list_size, - gnutls_x509_privkey_t key); + gnutls_x509_crt_t * cert_list, + int cert_list_size, + gnutls_x509_privkey_t key); int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, - gnutls_x509_crt_t * ca_list, - int ca_list_size); + gnutls_x509_crt_t * ca_list, + int ca_list_size); int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, - gnutls_x509_crl_t * crl_list, - int crl_list_size); + gnutls_x509_crl_t * crl_list, + int crl_list_size); void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc, - gnutls_x509_crt_t ** x509_ca_list, - unsigned int *ncas); + gnutls_x509_crt_t ** x509_ca_list, + unsigned int *ncas); void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc, - gnutls_x509_crl_t ** x509_crl_list, - unsigned int *ncrls); + gnutls_x509_crl_t ** x509_crl_list, + unsigned int *ncrls); void gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t - sc, - gnutls_openpgp_keyring_t * - keyring); + sc, + gnutls_openpgp_keyring_t * + keyring); /* global state functions */ @@ -1129,7 +1129,7 @@ extern "C" typedef int (*mutex_deinit_func) (void **mutex); void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func, - mutex_lock_func, mutex_unlock_func); + mutex_lock_func, mutex_unlock_func); typedef void *(*gnutls_alloc_function) (size_t); typedef void *(*gnutls_calloc_function) (size_t, size_t); @@ -1139,10 +1139,10 @@ extern "C" void gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func, - gnutls_alloc_function secure_alloc_func, - gnutls_is_secure_function is_secure_func, - gnutls_realloc_function realloc_func, - gnutls_free_function free_func); + gnutls_alloc_function secure_alloc_func, + gnutls_is_secure_function is_secure_func, + gnutls_realloc_function realloc_func, + gnutls_free_function free_func); /* For use in callbacks */ extern gnutls_alloc_function gnutls_malloc; @@ -1162,21 +1162,21 @@ extern "C" int gnutls_dh_params_init (gnutls_dh_params_t * dh_params); void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params); int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params, - const gnutls_datum_t * prime, - const gnutls_datum_t * generator); + const gnutls_datum_t * prime, + const gnutls_datum_t * generator); int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params, - const gnutls_datum_t * pkcs3_params, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * pkcs3_params, + gnutls_x509_crt_fmt_t format); int gnutls_dh_params_generate2 (gnutls_dh_params_t params, - unsigned int bits); + unsigned int bits); int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params, - gnutls_x509_crt_fmt_t format, - unsigned char *params_data, - size_t * params_data_size); + gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * params_data_size); int gnutls_dh_params_export_raw (gnutls_dh_params_t params, - gnutls_datum_t * prime, - gnutls_datum_t * generator, - unsigned int *bits); + gnutls_datum_t * prime, + gnutls_datum_t * generator, + unsigned int *bits); int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src); @@ -1185,70 +1185,70 @@ extern "C" int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params); void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params); int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, - gnutls_rsa_params_t src); + gnutls_rsa_params_t src); int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u); + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, - unsigned int bits); + unsigned int bits); int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - unsigned int *bits); + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u, + unsigned int *bits); int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params, - gnutls_x509_crt_fmt_t format, - unsigned char *params_data, - size_t * params_data_size); + gnutls_x509_crt_fmt_t format, + unsigned char *params_data, + size_t * params_data_size); int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params, - const gnutls_datum_t * pkcs1_params, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * pkcs1_params, + gnutls_x509_crt_fmt_t format); /* Session stuff */ typedef struct { - void *iov_base; /* Starting address */ - size_t iov_len; /* Number of bytes to transfer */ + void *iov_base; /* Starting address */ + size_t iov_len; /* Number of bytes to transfer */ } giovec_t; typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *, - size_t); + size_t); typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *, - size_t); + size_t); typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, - const giovec_t * iov, int iovcnt); + const giovec_t * iov, int iovcnt); typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t); void gnutls_transport_set_ptr (gnutls_session_t session, - gnutls_transport_ptr_t ptr); + gnutls_transport_ptr_t ptr); void gnutls_transport_set_ptr2 (gnutls_session_t session, - gnutls_transport_ptr_t recv_ptr, - gnutls_transport_ptr_t send_ptr); + gnutls_transport_ptr_t recv_ptr, + gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session); void gnutls_transport_get_ptr2 (gnutls_session_t session, - gnutls_transport_ptr_t * recv_ptr, - gnutls_transport_ptr_t * send_ptr); + gnutls_transport_ptr_t * recv_ptr, + gnutls_transport_ptr_t * send_ptr); void gnutls_transport_set_lowat (gnutls_session_t session, int num); void gnutls_transport_set_push_function2 (gnutls_session_t session, - gnutls_vec_push_func vec_func); + gnutls_vec_push_func vec_func); void gnutls_transport_set_push_function (gnutls_session_t session, - gnutls_push_func push_func); + gnutls_push_func push_func); void gnutls_transport_set_pull_function (gnutls_session_t session, - gnutls_pull_func pull_func); + gnutls_pull_func pull_func); void gnutls_transport_set_errno_function (gnutls_session_t session, - gnutls_errno_func errno_func); + gnutls_errno_func errno_func); void gnutls_transport_set_errno (gnutls_session_t session, int err); void gnutls_transport_set_global_errno (int err); @@ -1259,14 +1259,14 @@ extern "C" void *gnutls_session_get_ptr (gnutls_session_t session); void gnutls_openpgp_send_cert (gnutls_session_t session, - gnutls_openpgp_crt_status_t status); + gnutls_openpgp_crt_status_t status); /* fingerprint * Actually this function returns the hash of the given data. */ int gnutls_fingerprint (gnutls_digest_algorithm_t algo, - const gnutls_datum_t * data, void *result, - size_t * result_size); + const gnutls_datum_t * data, void *result, + size_t * result_size); /* SRP @@ -1281,31 +1281,31 @@ extern "C" gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc); int gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * - sc); + sc); int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res, - const char *username, - const char *password); + const char *username, + const char *password); void gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc); int gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * - sc); + sc); int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t - res, const char *password_file, - const char *password_conf_file); + res, const char *password_file, + const char *password_conf_file); const char *gnutls_srp_server_get_username (gnutls_session_t session); extern void gnutls_srp_set_prime_bits (gnutls_session_t session, - unsigned int bits); + unsigned int bits); int gnutls_srp_verifier (const char *username, - const char *password, - const gnutls_datum_t * salt, - const gnutls_datum_t * generator, - const gnutls_datum_t * prime, - gnutls_datum_t * res); + const char *password, + const gnutls_datum_t * salt, + const gnutls_datum_t * generator, + const gnutls_datum_t * prime, + gnutls_datum_t * res); /* The static parameters defined in draft-ietf-tls-srp-05 * Those should be used as input to gnutls_srp_verifier(). @@ -1320,34 +1320,34 @@ extern "C" extern const gnutls_datum_t gnutls_srp_1024_group_generator; typedef int gnutls_srp_server_credentials_function (gnutls_session_t, - const char *username, - gnutls_datum_t * salt, - gnutls_datum_t * - verifier, - gnutls_datum_t * - generator, - gnutls_datum_t * prime); + const char *username, + gnutls_datum_t * salt, + gnutls_datum_t * + verifier, + gnutls_datum_t * + generator, + gnutls_datum_t * prime); void gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t cred, gnutls_srp_server_credentials_function * func); typedef int gnutls_srp_client_credentials_function (gnutls_session_t, - char **, char **); + char **, char **); void gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t cred, gnutls_srp_client_credentials_function * func); int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result, - size_t * result_size); + size_t * result_size); int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data, - gnutls_datum_t * result); + gnutls_datum_t * result); int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result, - size_t * result_size); + size_t * result_size); int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data, - gnutls_datum_t * result); + gnutls_datum_t * result); /* PSK stuff */ typedef struct gnutls_psk_server_credentials_st @@ -1372,56 +1372,56 @@ extern "C" gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc); int gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * - sc); + sc); int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res, - const char *username, - const gnutls_datum_t * key, - gnutls_psk_key_flags format); + const char *username, + const gnutls_datum_t * key, + gnutls_psk_key_flags format); void gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc); int gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * - sc); + sc); int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t - res, const char *password_file); + res, const char *password_file); int gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t - res, const char *hint); + res, const char *hint); const char *gnutls_psk_server_get_username (gnutls_session_t session); const char *gnutls_psk_client_get_hint (gnutls_session_t session); typedef int gnutls_psk_server_credentials_function (gnutls_session_t, - const char *username, - gnutls_datum_t * key); + const char *username, + gnutls_datum_t * key); void gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t cred, gnutls_psk_server_credentials_function * func); typedef int gnutls_psk_client_credentials_function (gnutls_session_t, - char **username, - gnutls_datum_t * key); + char **username, + gnutls_datum_t * key); void gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t cred, gnutls_psk_client_credentials_function * func); int gnutls_hex_encode (const gnutls_datum_t * data, char *result, - size_t * result_size); + size_t * result_size); int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result, - size_t * result_size); + size_t * result_size); void gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res, - gnutls_dh_params_t dh_params); + gnutls_dh_params_t dh_params); void gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t - res, - gnutls_params_function * func); + res, + gnutls_params_function * func); /** * gnutls_x509_subject_alt_name_t: @@ -1461,9 +1461,9 @@ extern "C" typedef enum { - GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */ - GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */ - GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */ + GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */ + GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */ + GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */ } gnutls_privkey_type_t; typedef struct gnutls_retr2_st @@ -1476,7 +1476,7 @@ extern "C" gnutls_x509_crt_t *x509; gnutls_openpgp_crt_t pgp; } cert; - unsigned int ncerts; /* one for pgp keys */ + unsigned int ncerts; /* one for pgp keys */ union { @@ -1485,7 +1485,7 @@ extern "C" gnutls_pkcs11_privkey_t pkcs11; } key; - unsigned int deinit_all; /* if non zero all keys will be deinited */ + unsigned int deinit_all; /* if non zero all keys will be deinited */ } gnutls_retr2_st; @@ -1506,14 +1506,14 @@ extern "C" int gnutls_dh_get_prime_bits (gnutls_session_t session); int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen, - gnutls_datum_t * raw_prime); + gnutls_datum_t * raw_prime); int gnutls_dh_get_pubkey (gnutls_session_t session, - gnutls_datum_t * raw_key); + gnutls_datum_t * raw_key); /* RSA */ int gnutls_rsa_export_get_pubkey (gnutls_session_t session, - gnutls_datum_t * exponent, - gnutls_datum_t * modulus); + gnutls_datum_t * exponent, + gnutls_datum_t * modulus); int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session); /* X509PKI */ @@ -1523,16 +1523,16 @@ extern "C" */ typedef int gnutls_certificate_retrieve_function (gnutls_session_t, - const - gnutls_datum_t * - req_ca_rdn, - int nreqs, - const - gnutls_pk_algorithm_t - * pk_algos, - int - pk_algos_length, - gnutls_retr2_st *); + const + gnutls_datum_t * + req_ca_rdn, + int nreqs, + const + gnutls_pk_algorithm_t + * pk_algos, + int + pk_algos_length, + gnutls_retr2_st *); void gnutls_certificate_set_retrieve_function @@ -1542,45 +1542,45 @@ extern "C" typedef int gnutls_certificate_verify_function (gnutls_session_t); void gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t - cred, - gnutls_certificate_verify_function - * func); + cred, + gnutls_certificate_verify_function + * func); void gnutls_certificate_server_set_request (gnutls_session_t session, - gnutls_certificate_request_t req); + gnutls_certificate_request_t req); /* get data from the session */ const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t - session, - unsigned int - *list_size); + session, + unsigned int + *list_size); const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t - session); + session); time_t gnutls_certificate_activation_time_peers (gnutls_session_t session); time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session); int gnutls_certificate_client_get_request_status (gnutls_session_t session); int gnutls_certificate_verify_peers2 (gnutls_session_t session, - unsigned int *status); + unsigned int *status); /* this is obsolete (?). */ int gnutls_certificate_verify_peers (gnutls_session_t session); int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, - char *result, size_t * result_size); + char *result, size_t * result_size); int gnutls_pem_base64_decode (const char *header, - const gnutls_datum_t * b64_data, - unsigned char *result, size_t * result_size); + const gnutls_datum_t * b64_data, + unsigned char *result, size_t * result_size); int gnutls_pem_base64_encode_alloc (const char *msg, - const gnutls_datum_t * data, - gnutls_datum_t * result); + const gnutls_datum_t * data, + gnutls_datum_t * result); int gnutls_pem_base64_decode_alloc (const char *header, - const gnutls_datum_t * b64_data, - gnutls_datum_t * result); + const gnutls_datum_t * b64_data, + gnutls_datum_t * result); /* key_usage will be an OR of the following values: */ @@ -1599,15 +1599,15 @@ extern "C" void gnutls_certificate_set_params_function (gnutls_certificate_credentials_t - res, - gnutls_params_function * func); + res, + gnutls_params_function * func); void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res, - gnutls_params_function * func); + gnutls_params_function * func); void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res, - gnutls_params_function * func); + gnutls_params_function * func); int gnutls_hex2bin (const char *hex_data, size_t hex_size, - char *bin_data, size_t * bin_size); + char *bin_data, size_t * bin_size); /* Gnutls error codes. The mapping to a TLS alert is also shown in * comments. @@ -1617,35 +1617,35 @@ extern "C" #define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3 #define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6 #define GNUTLS_E_LARGE_PACKET -7 -#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ -#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ +#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */ +#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */ #define GNUTLS_E_INVALID_SESSION -10 #define GNUTLS_E_FATAL_ALERT_RECEIVED -12 -#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ +#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */ #define GNUTLS_E_WARNING_ALERT_RECEIVED -16 #define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18 #define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19 -#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ +#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */ #define GNUTLS_E_UNWANTED_ALGORITHM -22 #define GNUTLS_E_MPI_SCAN_FAILED -23 -#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ +#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */ #define GNUTLS_E_MEMORY_ERROR -25 -#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ +#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */ #define GNUTLS_E_COMPRESSION_FAILED -27 #define GNUTLS_E_AGAIN -28 #define GNUTLS_E_EXPIRED -29 #define GNUTLS_E_DB_ERROR -30 #define GNUTLS_E_SRP_PWD_ERROR -31 #define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32 -#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ +#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ #define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS -#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ +#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */ #define GNUTLS_E_HASH_FAILED -33 #define GNUTLS_E_BASE64_DECODING_ERROR -34 #define GNUTLS_E_MPI_PRINT_FAILED -35 -#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ +#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */ #define GNUTLS_E_GOT_APPLICATION_DATA -38 #define GNUTLS_E_RECORD_LIMIT_REACHED -39 #define GNUTLS_E_ENCRYPTION_FAILED -40 @@ -1655,13 +1655,13 @@ extern "C" #define GNUTLS_E_PK_SIGN_FAILED -46 #define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47 #define GNUTLS_E_KEY_USAGE_VIOLATION -48 -#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ +#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */ #define GNUTLS_E_INVALID_REQUEST -50 #define GNUTLS_E_SHORT_MEMORY_BUFFER -51 #define GNUTLS_E_INTERRUPTED -52 #define GNUTLS_E_PUSH_ERROR -53 #define GNUTLS_E_PULL_ERROR -54 -#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ +#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */ #define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56 #define GNUTLS_E_PKCS1_WRONG_PAD -57 #define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58 @@ -1712,7 +1712,7 @@ extern "C" #define GNUTLS_E_CERTIFICATE_ERROR -43 #define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR #define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60 -#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ +#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */ #define GNUTLS_E_X509_UNKNOWN_SAN -62 #define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94 #define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95 @@ -1720,7 +1720,7 @@ extern "C" #define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97 #define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98 #define GNUTLS_E_INVALID_PASSWORD -99 -#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ +#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */ #define GNUTLS_E_CONSTRAINT_ERROR -101 #define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102 @@ -1734,7 +1734,7 @@ extern "C" #define GNUTLS_E_UNKNOWN_SRP_USERNAME -109 #define GNUTLS_E_BASE64_ENCODING_ERROR -201 -#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ +#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */ #define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202 #define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203 @@ -1790,4 +1790,4 @@ extern "C" #include <gnutls/compat.h> -#endif /* GNUTLS_H */ +#endif /* GNUTLS_H */ diff --git a/lib/includes/gnutls/gnutlsxx.h b/lib/includes/gnutls/gnutlsxx.h index 462c7a5ffb..70f326419c 100644 --- a/lib/includes/gnutls/gnutlsxx.h +++ b/lib/includes/gnutls/gnutlsxx.h @@ -42,13 +42,13 @@ namespace gnutls dh_params (); ~dh_params (); void import_raw (const gnutls_datum_t & prime, - const gnutls_datum_t & generator); + const gnutls_datum_t & generator); void import_pkcs3 (const gnutls_datum_t & pkcs3_params, - gnutls_x509_crt_fmt_t format); + gnutls_x509_crt_fmt_t format); void generate (unsigned int bits); void export_pkcs3 (gnutls_x509_crt_fmt_t format, - unsigned char *params_data, size_t * params_data_size); + unsigned char *params_data, size_t * params_data_size); void export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator); gnutls_dh_params_t get_params_t () const; @@ -64,19 +64,19 @@ namespace gnutls rsa_params (); ~rsa_params (); void import_raw (const gnutls_datum_t & m, - const gnutls_datum_t & e, - const gnutls_datum_t & d, - const gnutls_datum_t & p, - const gnutls_datum_t & q, const gnutls_datum_t & u); + const gnutls_datum_t & e, + const gnutls_datum_t & d, + const gnutls_datum_t & p, + const gnutls_datum_t & q, const gnutls_datum_t & u); void import_pkcs1 (const gnutls_datum_t & pkcs1_params, - gnutls_x509_crt_fmt_t format); + gnutls_x509_crt_fmt_t format); void generate (unsigned int bits); void export_pkcs1 (gnutls_x509_crt_fmt_t format, - unsigned char *params_data, size_t * params_data_size); + unsigned char *params_data, size_t * params_data_size); void export_raw (gnutls_datum_t & m, gnutls_datum_t & e, - gnutls_datum_t & d, gnutls_datum_t & p, - gnutls_datum_t & q, gnutls_datum_t & u); + gnutls_datum_t & d, gnutls_datum_t & p, + gnutls_datum_t & q, gnutls_datum_t & u); gnutls_rsa_params_t get_params_t () const; rsa_params & operator= (const rsa_params & src); @@ -98,7 +98,7 @@ namespace gnutls gnutls_alert_description_t get_alert () const; int send_alert (gnutls_alert_level_t level, - gnutls_alert_description_t desc); + gnutls_alert_description_t desc); int send_appropriate_alert (int err); gnutls_cipher_algorithm_t get_cipher () const; @@ -125,13 +125,13 @@ namespace gnutls size_t check_pending () const; void prf (size_t label_size, const char *label, - int server_random_first, - size_t extra_size, const char *extra, - size_t outsize, char *out); + int server_random_first, + size_t extra_size, const char *extra, + size_t outsize, char *out); void prf_raw (size_t label_size, const char *label, - size_t seed_size, const char *seed, - size_t outsize, char *out); + size_t seed_size, const char *seed, + size_t outsize, char *out); void set_cipher_priority (const int *list); void set_mac_priority (const int *list); @@ -162,10 +162,10 @@ namespace gnutls void set_transport_ptr (gnutls_transport_ptr_t ptr); void set_transport_ptr (gnutls_transport_ptr_t recv_ptr, - gnutls_transport_ptr_t send_ptr); + gnutls_transport_ptr_t send_ptr); gnutls_transport_ptr_t get_transport_ptr () const; void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr, - gnutls_transport_ptr_t & send_ptr) const; + gnutls_transport_ptr_t & send_ptr) const; void set_transport_lowat (size_t num); void set_transport_push_function (gnutls_push_func push_func); @@ -188,14 +188,14 @@ namespace gnutls void get_dh_group (gnutls_datum_t & gen, gnutls_datum_t & prime) const; void get_dh_pubkey (gnutls_datum_t & raw_key) const; void get_rsa_export_pubkey (gnutls_datum_t & exponent, - gnutls_datum_t & modulus) const; + gnutls_datum_t & modulus) const; unsigned int get_rsa_export_modulus_bits () const; void get_our_certificate (gnutls_datum_t & cert) const; bool get_peers_certificate (std::vector < gnutls_datum_t > - &out_certs) const; + &out_certs) const; bool get_peers_certificate (const gnutls_datum_t ** certs, - unsigned int *certs_size) const; + unsigned int *certs_size) const; time_t get_peers_certificate_activation_time () const; time_t get_peers_certificate_expiration_time () const; @@ -209,9 +209,9 @@ namespace gnutls public: virtual ~ DB () = 0; virtual bool store (const gnutls_datum_t & key, - const gnutls_datum_t & data) = 0; + const gnutls_datum_t & data) = 0; virtual bool retrieve (const gnutls_datum_t & key, - gnutls_datum_t & data) = 0; + gnutls_datum_t & data) = 0; virtual bool remove (const gnutls_datum_t & key) = 0; }; @@ -233,7 +233,7 @@ namespace gnutls const char *get_psk_username () const; void get_server_name (void *data, size_t * data_length, - unsigned int *type, unsigned int indx) const; + unsigned int *type, unsigned int indx) const; int rehandshake (); void set_certificate_request (gnutls_certificate_request_t); @@ -246,7 +246,7 @@ namespace gnutls ~client_session (); void set_server_name (gnutls_server_name_type_t type, - const void *name, size_t name_length); + const void *name, size_t name_length); bool get_request_status (); }; @@ -287,28 +287,28 @@ namespace gnutls void set_x509_trust_file (const char *cafile, gnutls_x509_crt_fmt_t type); void set_x509_trust (const gnutls_datum_t & CA, - gnutls_x509_crt_fmt_t type); + gnutls_x509_crt_fmt_t type); // FIXME: use classes instead of gnutls_x509_crt_t void set_x509_trust (gnutls_x509_crt_t * ca_list, int ca_list_size); void set_x509_crl_file (const char *crlfile, gnutls_x509_crt_fmt_t type); void set_x509_crl (const gnutls_datum_t & CRL, - gnutls_x509_crt_fmt_t type); + gnutls_x509_crt_fmt_t type); void set_x509_crl (gnutls_x509_crl_t * crl_list, int crl_list_size); void set_x509_key_file (const char *certfile, const char *KEYFILE, - gnutls_x509_crt_fmt_t type); + gnutls_x509_crt_fmt_t type); void set_x509_key (const gnutls_datum_t & CERT, - const gnutls_datum_t & KEY, - gnutls_x509_crt_fmt_t type); + const gnutls_datum_t & KEY, + gnutls_x509_crt_fmt_t type); // FIXME: use classes void set_x509_key (gnutls_x509_crt_t * cert_list, int cert_list_size, - gnutls_x509_privkey_t key); + gnutls_x509_privkey_t key); void set_simple_pkcs12_file (const char *pkcs12file, - gnutls_x509_crt_fmt_t type, - const char *password); + gnutls_x509_crt_fmt_t type, + const char *password); void set_retrieve_function (gnutls_certificate_retrieve_function * func); @@ -357,9 +357,9 @@ namespace gnutls srp_server_credentials (); ~srp_server_credentials (); void set_credentials_file (const char *password_file, - const char *password_conf_file); + const char *password_conf_file); void set_credentials_function (gnutls_srp_server_credentials_function * - func); + func); protected: gnutls_srp_server_credentials_t cred; }; @@ -371,7 +371,7 @@ namespace gnutls ~srp_client_credentials (); void set_credentials (const char *username, const char *password); void set_credentials_function (gnutls_srp_client_credentials_function * - func); + func); protected: gnutls_srp_client_credentials_t cred; }; @@ -384,7 +384,7 @@ namespace gnutls ~psk_server_credentials (); void set_credentials_file (const char *password_file); void set_credentials_function (gnutls_psk_server_credentials_function * - func); + func); void set_dh_params (const dh_params & params); void set_params_function (gnutls_params_function * func); protected: @@ -397,14 +397,14 @@ namespace gnutls psk_client_credentials (); ~psk_client_credentials (); void set_credentials (const char *username, const gnutls_datum_t & key, - gnutls_psk_key_flags flags); + gnutls_psk_key_flags flags); void set_credentials_function (gnutls_psk_client_credentials_function * - func); + func); protected: gnutls_psk_client_credentials_t cred; }; -} /* namespace */ +} /* namespace */ #endif /* GNUTLSXX_H */ diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h index 5f15e915b3..79291071c5 100644 --- a/lib/includes/gnutls/openpgp.h +++ b/lib/includes/gnutls/openpgp.h @@ -64,34 +64,34 @@ extern "C" void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format); int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - void *output_data, - size_t * output_data_size); + gnutls_openpgp_crt_fmt_t format, + void *output_data, + size_t * output_data_size); int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); /* The key_usage flags are defined in gnutls.h. They are * the GNUTLS_KEY_* definitions. */ int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, - unsigned int *key_usage); + unsigned int *key_usage); int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr, - size_t * fprlen); + size_t * fprlen); int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, - unsigned int idx, - void *fpr, size_t * fprlen); + unsigned int idx, + void *fpr, size_t * fprlen); int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, - int idx, char *buf, size_t * sizeof_buf); + int idx, char *buf, size_t * sizeof_buf); gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int *bits); + unsigned int *bits); int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key); @@ -99,59 +99,59 @@ extern "C" time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid); + gnutls_openpgp_keyid_t keyid); int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, - const char *hostname); + const char *hostname); int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key); int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t keyid); + const gnutls_openpgp_keyid_t keyid); int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key, - unsigned int idx); + unsigned int idx); gnutls_pk_algorithm_t gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *bits); + unsigned int idx, + unsigned int *bits); time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t - key, unsigned int idx); + key, unsigned int idx); time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t - key, - unsigned int idx); + key, + unsigned int idx); int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid); + unsigned int idx, + gnutls_openpgp_keyid_t keyid); int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *key_usage); + unsigned int idx, + unsigned int *key_usage); int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y); + unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y); int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e); + unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e); int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y); + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y); int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * m, - gnutls_datum_t * e); + gnutls_datum_t * m, + gnutls_datum_t * e); int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid); + gnutls_openpgp_keyid_t keyid); int gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t - keyid); + const gnutls_openpgp_keyid_t + keyid); /* privkey stuff. */ @@ -159,124 +159,124 @@ extern "C" void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key); gnutls_pk_algorithm_t gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int *bits); + unsigned int *bits); gnutls_sec_param_t gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key); int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const char *password, - unsigned int flags); + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const char *password, + unsigned int flags); int gnutls_openpgp_privkey_sign_hash2 (gnutls_openpgp_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature); - int gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature); + int gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt, + unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature); int gnutls_openpgp_privkey_sign_data2 (gnutls_openpgp_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, - void *fpr, size_t * fprlen); + void *fpr, size_t * fprlen); int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t - key, unsigned int idx, - void *fpr, - size_t * fprlen); + key, unsigned int idx, + void *fpr, + size_t * fprlen); int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, - gnutls_openpgp_keyid_t keyid); + gnutls_openpgp_keyid_t keyid); int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key); int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t - keyid); + const gnutls_openpgp_keyid_t + keyid); int gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t - key, unsigned int idx); + key, unsigned int idx); int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t - key); + key); gnutls_pk_algorithm_t gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t - key, unsigned int idx, - unsigned int *bits); + key, unsigned int idx, + unsigned int *bits); time_t gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t key, unsigned int idx); int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid); + unsigned int idx, + gnutls_openpgp_keyid_t keyid); time_t gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t - key, unsigned int idx); + key, unsigned int idx); int gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t - pkey, unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); + pkey, unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t - pkey, unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); + pkey, unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key, - gnutls_openpgp_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size); + gnutls_openpgp_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size); int gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t - keyid); + const gnutls_openpgp_keyid_t + keyid); int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t - key, - gnutls_openpgp_keyid_t - keyid); + key, + gnutls_openpgp_keyid_t + keyid); int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flag); + gnutls_openpgp_keyid_t keyid, + unsigned int flag); /* Keyring stuff. */ @@ -285,26 +285,26 @@ extern "C" void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring); int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format); int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, - const gnutls_openpgp_keyid_t keyid, - unsigned int flags); + const gnutls_openpgp_keyid_t keyid, + unsigned int flags); int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify - /* the output of the verification */ ); + gnutls_openpgp_keyring_t keyring, + unsigned int flags, unsigned int *verify + /* the output of the verification */ ); int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, - unsigned int flags, - unsigned int *verify); + unsigned int flags, + unsigned int *verify); int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring, - unsigned int idx, - gnutls_openpgp_crt_t * cert); + unsigned int idx, + gnutls_openpgp_crt_t * cert); int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring); @@ -326,47 +326,47 @@ extern "C" * otherwise an error code is returned. */ typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session, - const unsigned char *keyfpr, - unsigned int keyfpr_length, - gnutls_datum_t * key); + const unsigned char *keyfpr, + unsigned int keyfpr_length, + gnutls_datum_t * key); void gnutls_openpgp_set_recv_key_function (gnutls_session_t session, - gnutls_openpgp_recv_key_func func); + gnutls_openpgp_recv_key_func func); /* certificate authentication stuff. */ int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t - res, gnutls_openpgp_crt_t key, - gnutls_openpgp_privkey_t pkey); + res, gnutls_openpgp_crt_t key, + gnutls_openpgp_privkey_t pkey); int gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - gnutls_openpgp_crt_fmt_t format); + res, const char *certfile, + const char *keyfile, + gnutls_openpgp_crt_fmt_t format); int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t - res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_openpgp_crt_fmt_t - format); + res, + const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_openpgp_crt_fmt_t + format); int gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t - format); + res, const char *certfile, + const char *keyfile, + const char *subkey_id, + gnutls_openpgp_crt_fmt_t + format); int gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t - res, const gnutls_datum_t * cert, - const gnutls_datum_t * key, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t format); + res, const gnutls_datum_t * cert, + const gnutls_datum_t * key, + const char *subkey_id, + gnutls_openpgp_crt_fmt_t format); int gnutls_certificate_set_openpgp_keyring_mem @@ -382,4 +382,4 @@ extern "C" } #endif -#endif /* GNUTLS_OPENPGP_H */ +#endif /* GNUTLS_OPENPGP_H */ diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 937193fd48..5aeff8e1cf 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -16,8 +16,8 @@ * will be increased. */ typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data, - const char *const label, - const unsigned retry); + const char *const label, + const unsigned retry); /* flags */ typedef enum @@ -29,18 +29,18 @@ typedef enum } gnutls_pkcs11_pin_flag_t; typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt, - const char *token_url, - const char *token_label, - unsigned int flags - /*gnutls_pkcs11_pin_flag_t */ , - char *pin, size_t pin_max); + const char *token_url, + const char *token_label, + unsigned int flags + /*gnutls_pkcs11_pin_flag_t */ , + char *pin, size_t pin_max); struct gnutls_pkcs11_obj_st; typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; -#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ -#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ +#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */ +#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */ /* pkcs11.conf format: * load = /lib/xxx-pkcs11.so @@ -50,49 +50,49 @@ typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t; int gnutls_pkcs11_init (unsigned int flags, const char *configfile); void gnutls_pkcs11_deinit (void); void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, - void *userdata); + void *userdata); void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t callback, - void *data); + void *data); int gnutls_pkcs11_add_provider (const char *name, const char *params); int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * certificate); -#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ -#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ +#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */ +#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */ typedef enum { - GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ - GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ - GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ + GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */ + GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */ + GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */ } gnutls_pkcs11_url_type_t; int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t, - gnutls_pkcs11_url_type_t detailed, - char **url); + gnutls_pkcs11_url_type_t detailed, + char **url); void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t); int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj, - void *output_data, size_t * output_data_size); + void *output_data, size_t * output_data_size); int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt, - const char *label, unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); -int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t crt, const char *label, unsigned int key_usage /*GNUTLS_KEY_* */ - , unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + const char *label, unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); +int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t crt, const char *label, unsigned int key_usage /*GNUTLS_KEY_* */ + , unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_pkcs11_copy_secret_key (const char *token_url, - gnutls_datum_t * key, const char *label, - unsigned int key_usage /* GNUTLS_KEY_* */ , - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + gnutls_datum_t * key, const char *label, + unsigned int key_usage /* GNUTLS_KEY_* */ , + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); typedef enum { @@ -110,17 +110,17 @@ typedef enum } gnutls_pkcs11_obj_info_t; int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, - gnutls_pkcs11_obj_info_t itype, void *output, - size_t * output_size); + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size); typedef enum { - GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ - GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ - GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ - GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ - GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */ + GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */ + GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */ + GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */ + GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */ } gnutls_pkcs11_obj_attr_t; /* token info */ @@ -144,42 +144,42 @@ typedef enum int gnutls_pkcs11_token_init (const char *token_url, - const char *so_pin, const char *label); + const char *so_pin, const char *label); int gnutls_pkcs11_token_get_mechanism (const char *url, int idx, - unsigned long *mechanism); + unsigned long *mechanism); -int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */ +int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */ ); int gnutls_pkcs11_token_get_url (unsigned int seq, - gnutls_pkcs11_url_type_t detailed, - char **url); + gnutls_pkcs11_url_type_t detailed, + char **url); int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t, - void *output, size_t * output_size); + void *output, size_t * output_size); #define GNUTLS_PKCS11_TOKEN_HW 1 int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags); int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, - unsigned int *const n_list, - const char *url, - gnutls_pkcs11_obj_attr_t attrs, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + unsigned int *const n_list, + const char *url, + gnutls_pkcs11_obj_attr_t attrs, + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, - gnutls_pkcs11_obj_t pkcs11_crt); + gnutls_pkcs11_obj_t pkcs11_crt); int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url, - unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); + unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ); gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t - certificate); + certificate); const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t); -int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */ +int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max, gnutls_pkcs11_obj_t * const pkcs11_certs, unsigned int flags /* must be zero */ ); @@ -187,34 +187,34 @@ int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key); void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key); int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, - unsigned int *bits); + unsigned int *bits); int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t crt, - gnutls_pkcs11_obj_info_t itype, - void *output, size_t * output_size); + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size); int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t key, - const char *url, unsigned int flags); + const char *url, unsigned int flags); int gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature); int gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext); + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext); int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, - gnutls_pkcs11_url_type_t detailed, - char **url); + gnutls_pkcs11_url_type_t detailed, + char **url); /** @} */ diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h index 6b146218d2..f2d212eb3d 100644 --- a/lib/includes/gnutls/pkcs12.h +++ b/lib/includes/gnutls/pkcs12.h @@ -44,14 +44,14 @@ extern "C" int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags); int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag); + int indx, gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass); @@ -59,7 +59,7 @@ extern "C" int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass); int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, - unsigned int flags); + unsigned int flags); /** * gnutls_pkcs12_bag_type_t: @@ -81,11 +81,11 @@ extern "C" GNUTLS_BAG_PKCS8_KEY = 2, GNUTLS_BAG_CERTIFICATE = 3, GNUTLS_BAG_CRL = 4, - GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12, - * gnutls extension. We use the PKCS-9 - * random nonce ID 1.2.840.113549.1.9.25.3 - * to store randomly generated keys. - */ + GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12, + * gnutls extension. We use the PKCS-9 + * random nonce ID 1.2.840.113549.1.9.25.3 + * to store randomly generated keys. + */ GNUTLS_BAG_ENCRYPTED = 10, GNUTLS_BAG_UNKNOWN = 20 } gnutls_pkcs12_bag_type_t; @@ -93,31 +93,31 @@ extern "C" gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx); int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * data); + gnutls_datum_t * data); int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, - gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * data); + gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * data); int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, - gnutls_x509_crl_t crl); + gnutls_x509_crl_t crl); int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, - gnutls_x509_crt_t crt); + gnutls_x509_crt_t crt); int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag); int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * id); + gnutls_datum_t * id); int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, - const gnutls_datum_t * id); + const gnutls_datum_t * id); int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, - char **name); + char **name); int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx, - const char *name); + const char *name); #ifdef __cplusplus } #endif -#endif /* GNUTLS_PKCS12_H */ +#endif /* GNUTLS_PKCS12_H */ diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 8c9570b003..646c5843e1 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -103,63 +103,63 @@ extern "C" int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); int gnutls_x509_crt_import (gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, - unsigned int *cert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags); + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); int gnutls_x509_crt_export (gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, - size_t * sizeof_buf); + size_t * sizeof_buf); int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, - void *buf, size_t * sizeof_buf); + const char *oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, - size_t * sizeof_buf); + size_t * sizeof_buf); int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf); + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, - const char *hostname); + const char *hostname); int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, - char *sig, size_t * sizeof_sig); + char *sig, size_t * sizeof_sig); int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t - * hash, - unsigned int *mand); + gnutls_digest_algorithm_t + * hash, + unsigned int *mand); int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, - const void *id, size_t id_size); + const void *id, size_t id_size); int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, - void *ret, size_t * ret_size, - unsigned int *critical); + void *ret, size_t * ret_size, + unsigned int *critical); int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, - void *ret, size_t * ret_size, - unsigned int *critical); + void *ret, size_t * ret_size, + unsigned int *critical); int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * sizeof_buf); + size_t * sizeof_buf); int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * sizeof_buf); + size_t * sizeof_buf); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 @@ -173,191 +173,191 @@ extern "C" #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *reason_flags, - unsigned int *critical); + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical); int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - unsigned int reason_flags); + gnutls_x509_subject_alt_name_t + type, const void *data, + unsigned int data_size, + unsigned int reason_flags); int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data_string, - unsigned int reason_flags); + gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags); int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, - gnutls_x509_crt_t src); + gnutls_x509_crt_t src); time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, - size_t * result_size); + size_t * result_size); int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, - unsigned int *bits); + unsigned int *bits); int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e); + gnutls_datum_t * m, gnutls_datum_t * e); int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y); + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y); int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *critical); + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical); int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical); + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical); int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size); + unsigned int seq, + void *ret, + size_t * ret_size); int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *critical); + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical); int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical); + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical); int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, - size_t * ret_size); + unsigned int seq, + void *ret, + size_t * ret_size); int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, - unsigned int *critical); + unsigned int *critical); int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, - unsigned int *critical, - int *ca, int *pathlen); + unsigned int *critical, + int *ca, int *pathlen); /* The key_usage flags are defined in gnutls.h. They are the * GNUTLS_KEY_* definitions. */ int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical); + unsigned int *key_usage, + unsigned int *critical); int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, - unsigned int usage); + unsigned int usage); int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, - unsigned int *critical, - int *pathlen, - char **policyLanguage, - char **policy, size_t * sizeof_policy); + unsigned int *critical, + int *pathlen, + char **policyLanguage, + char **policy, size_t * sizeof_policy); int gnutls_x509_dn_oid_known (const char *oid); /* Read extensions by OID. */ int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - void *buf, - size_t * sizeof_buf, - unsigned int *critical); + const char *oid, int indx, + void *buf, + size_t * sizeof_buf, + unsigned int *critical); /* Read extensions by sequence number. */ int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid, - int *critical); + void *oid, size_t * sizeof_oid, + int *critical); int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, - void *data, size_t * sizeof_data); + void *data, size_t * sizeof_data); int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, - const char *oid, - const void *buf, - size_t sizeof_buf, - unsigned int critical); + const char *oid, + const void *buf, + size_t sizeof_buf, + unsigned int critical); /* X.509 Certificate writing. */ int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, - unsigned int version); + unsigned int version); int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, - gnutls_x509_privkey_t key); + gnutls_x509_privkey_t key); int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, - unsigned int ca, - int pathLenConstraint); + unsigned int ca, + int pathLenConstraint); int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, - const char *data_string); + gnutls_x509_subject_alt_name_t + type, + const char *data_string); int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - unsigned int flags); + gnutls_x509_subject_alt_name_t + type, const void *data, + unsigned int data_size, + unsigned int flags); int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); + gnutls_x509_privkey_t issuer_key); int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, - time_t act_time); + time_t act_time); int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, - time_t exp_time); + time_t exp_time); int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial, - size_t serial_size); + size_t serial_size); int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, - const void *id, size_t id_size); + const void *id, size_t id_size); int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, - gnutls_x509_crt_t eecrt, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); + gnutls_x509_crt_t eecrt, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, - int pathLenConstraint, - const char *policyLanguage, - const char *policy, size_t sizeof_policy); + int pathLenConstraint, + const char *policyLanguage, + const char *policy, size_t sizeof_policy); int gnutls_x509_crt_print (gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); int gnutls_x509_crl_print (gnutls_x509_crl_t crl, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); /* Access to internal Certificate fields. */ int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, - gnutls_datum_t * start); + gnutls_datum_t * start); int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, - gnutls_datum_t * start); + gnutls_datum_t * start); /* RDN handling. */ int gnutls_x509_rdn_get (const gnutls_datum_t * idn, - char *buf, size_t * sizeof_buf); + char *buf, size_t * sizeof_buf); int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, - int indx, void *buf, size_t * sizeof_buf); + int indx, void *buf, size_t * sizeof_buf); int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf); + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); typedef void *gnutls_x509_dn_t; @@ -369,20 +369,20 @@ extern "C" } gnutls_x509_ava_st; int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, - gnutls_x509_dn_t * dn); + gnutls_x509_dn_t * dn); int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, - gnutls_x509_dn_t * dn); + gnutls_x509_dn_t * dn); int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn, - int iava, gnutls_x509_ava_st * ava); + int iava, gnutls_x509_ava_st * ava); int gnutls_x509_dn_init (gnutls_x509_dn_t * dn); int gnutls_x509_dn_import (gnutls_x509_dn_t dn, - const gnutls_datum_t * data); + const gnutls_datum_t * data); int gnutls_x509_dn_export (gnutls_x509_dn_t dn, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size); + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size); void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn); @@ -393,24 +393,24 @@ extern "C" void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); int gnutls_x509_crl_import (gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); int gnutls_x509_crl_export (gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, - char *buf, size_t * sizeof_buf); + char *buf, size_t * sizeof_buf); int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, - const char *oid, int indx, - unsigned int raw_flag, - void *buf, size_t * sizeof_buf); + const char *oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, - char *sig, size_t * sizeof_sig); + char *sig, size_t * sizeof_sig); int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); @@ -418,59 +418,59 @@ extern "C" int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, - unsigned char *serial, - size_t * serial_size, time_t * t); + unsigned char *serial, + size_t * serial_size, time_t * t); #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer); + gnutls_x509_crt_t issuer); /* CRL writing. */ int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, - unsigned int version); + unsigned int version); int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, - time_t act_time); + time_t act_time); int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, - time_t exp_time); + time_t exp_time); int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, - const void *serial, - size_t serial_size, - time_t revocation_time); + const void *serial, + size_t serial_size, + time_t revocation_time); int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, - gnutls_x509_crt_t crt, time_t revocation_time); + gnutls_x509_crt_t crt, time_t revocation_time); int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret, - size_t * ret_size, - unsigned int *critical); + size_t * ret_size, + unsigned int *critical); int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret, - size_t * ret_size, unsigned int *critical); + size_t * ret_size, unsigned int *critical); int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid, - int *critical); + void *oid, size_t * sizeof_oid, + int *critical); int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx, - void *data, size_t * sizeof_data); + void *data, size_t * sizeof_data); int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl, - const void *id, size_t id_size); + const void *id, size_t id_size); int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, - const void *nr, size_t nr_size); + const void *nr, size_t nr_size); /* PKCS7 structures handling @@ -481,27 +481,27 @@ extern "C" int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx, - void *certificate, size_t * certificate_size); + void *certificate, size_t * certificate_size); int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crt); + const gnutls_datum_t * crt); int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, - int indx, void *crl, size_t * crl_size); + int indx, void *crl, size_t * crl_size); int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crl); + const gnutls_datum_t * crl); int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); @@ -552,40 +552,40 @@ extern "C" } gnutls_certificate_verify_flags; int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); + gnutls_x509_crt_t issuer); int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, - int cert_list_length, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, - const gnutls_x509_crl_t * CRL_list, - int CRL_list_length, - unsigned int flags, unsigned int *verify); + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, + unsigned int flags, unsigned int *verify); int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify); + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify); + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * - crl_list, int crl_list_length); + const gnutls_x509_crl_t * + crl_list, int crl_list_length); int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, - void *buf, size_t * sizeof_buf); + gnutls_digest_algorithm_t algo, + void *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, - int indx, void *oid, - size_t * sizeof_oid, - unsigned int *critical); + int indx, void *oid, + size_t * sizeof_oid, + unsigned int *critical); int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, - const void *oid, - unsigned int critical); + const void *oid, + unsigned int critical); /* Private key handling. */ @@ -629,121 +629,121 @@ extern "C" int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t - key); + key); int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, - gnutls_x509_privkey_t src); + gnutls_x509_privkey_t src); int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags); int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u); + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u, - const gnutls_datum_t * exp1, - const gnutls_datum_t * exp2); + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u, + const gnutls_datum_t * exp1, + const gnutls_datum_t * exp2); int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x); + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y, - const gnutls_datum_t * x); + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x); int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, - unsigned int bits, unsigned int flags); + gnutls_pk_algorithm_t algo, + unsigned int bits, unsigned int flags); int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, - size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size); int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u, - gnutls_datum_t * e1, - gnutls_datum_t * e2); + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u, + gnutls_datum_t * e1, + gnutls_datum_t * e2); int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u); + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); /* Signing stuff. */ int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, - size_t * signature_size); + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, + size_t * signature_size); int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature); int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature); + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature); + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); int gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature); + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature); int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature); + unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature); int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash); + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash); @@ -753,127 +753,127 @@ extern "C" typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; int gnutls_x509_crq_print (gnutls_x509_crq_t crq, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out); + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out); int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); int gnutls_x509_crq_import (gnutls_x509_crq_t crq, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, - gnutls_digest_algorithm_t - * hash, - unsigned int *mand); + gnutls_digest_algorithm_t + * hash, + unsigned int *mand); int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, - size_t * sizeof_buf); + size_t * sizeof_buf); int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf); + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, - const char *oid, - unsigned int raw_flag, - const void *data, - unsigned int sizeof_data); + const char *oid, + unsigned int raw_flag, + const void *data, + unsigned int sizeof_data); int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, - unsigned int version); + unsigned int version); int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq); int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key); + gnutls_x509_privkey_t key); int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t dig, - unsigned int flags); + gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t dig, + unsigned int flags); int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, - const char *pass); + const char *pass); int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, - char *pass, - size_t * sizeof_pass); + char *pass, + size_t * sizeof_pass); int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, - const char *oid, void *buf, - size_t sizeof_buf); + const char *oid, void *buf, + size_t sizeof_buf); int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - void *buf, size_t * sizeof_buf); + const char *oid, int indx, + void *buf, size_t * sizeof_buf); int gnutls_x509_crq_export (gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq); + gnutls_x509_crq_t crq); int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq, - const gnutls_datum_t * m, - const gnutls_datum_t * e); + const gnutls_datum_t * m, + const gnutls_datum_t * e); int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq, - gnutls_x509_subject_alt_name_t nt, - const void *data, - unsigned int data_size, - unsigned int flags); + gnutls_x509_subject_alt_name_t nt, + const void *data, + unsigned int data_size, + unsigned int flags); int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, - unsigned int usage); + unsigned int usage); int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq, - unsigned int ca, - int pathLenConstraint); + unsigned int ca, + int pathLenConstraint); int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, - const void *oid, - unsigned int critical); + const void *oid, + unsigned int critical); int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid, - unsigned int *critical); + void *oid, size_t * sizeof_oid, + unsigned int *critical); int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, - void *data, size_t * sizeof_data); + void *data, size_t * sizeof_data); int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid, - int *critical); + void *oid, size_t * sizeof_oid, + int *critical); int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx, - void *data, size_t * sizeof_data); + void *data, size_t * sizeof_data); int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid); + void *oid, size_t * sizeof_oid); int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, - unsigned int *bits); + unsigned int *bits); int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size); + unsigned char *output_data, + size_t * output_data_size); int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq, - gnutls_datum_t * m, - gnutls_datum_t * e); + gnutls_datum_t * m, + gnutls_datum_t * e); int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq, - unsigned int *key_usage, - unsigned int *critical); + unsigned int *key_usage, + unsigned int *critical); int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, - unsigned int *critical, - int *ca, int *pathlen); + unsigned int *critical, + int *ca, int *pathlen); int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical); + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical); int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq, - unsigned int seq, - void *ret, - size_t * ret_size); + unsigned int seq, + void *ret, + size_t * ret_size); int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - void *buf, size_t * sizeof_buf, - unsigned int *critical); + const char *oid, int indx, + void *buf, size_t * sizeof_buf, + unsigned int *critical); #ifdef __cplusplus } #endif -#endif /* GNUTLS_X509_H */ +#endif /* GNUTLS_X509_H */ diff --git a/lib/locks.c b/lib/locks.c index d3bc2e1fea..339f890dfe 100644 --- a/lib/locks.c +++ b/lib/locks.c @@ -50,7 +50,7 @@ **/ void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit, - mutex_lock_func lock, mutex_unlock_func unlock) + mutex_lock_func lock, mutex_unlock_func unlock) { if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL) return; diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index c0d0b13afa..7669b5b09b 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -42,15 +42,15 @@ #define MAX_BLOCK_SIZE 32 typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *, - unsigned, uint8_t *, const uint8_t *); + unsigned, uint8_t *, const uint8_t *); typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *, - unsigned, uint8_t *, const uint8_t *); + unsigned, uint8_t *, const uint8_t *); typedef void (*setkey_func) (void *, unsigned, const uint8_t *); static void stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size, - uint8_t * iv, unsigned length, uint8_t * dst, - const uint8_t * src) + uint8_t * iv, unsigned length, uint8_t * dst, + const uint8_t * src) { func (ctx, length, dst, src); } @@ -63,7 +63,7 @@ struct aes_bidi_ctx static void aes_bidi_setkey (struct aes_bidi_ctx *ctx, unsigned length, - const uint8_t * key) + const uint8_t * key) { aes_set_encrypt_key (&ctx->encrypt, length, key); aes_invert_key (&ctx->decrypt, &ctx->encrypt); @@ -71,14 +71,14 @@ aes_bidi_setkey (struct aes_bidi_ctx *ctx, unsigned length, static void aes_bidi_encrypt (struct aes_bidi_ctx *ctx, - unsigned length, uint8_t * dst, const uint8_t * src) + unsigned length, uint8_t * dst, const uint8_t * src) { aes_encrypt (&ctx->encrypt, length, dst, src); } static void aes_bidi_decrypt (struct aes_bidi_ctx *ctx, - unsigned length, uint8_t * dst, const uint8_t * src) + unsigned length, uint8_t * dst, const uint8_t * src) { aes_decrypt (&ctx->decrypt, length, dst, src); } @@ -91,7 +91,7 @@ struct camellia_bidi_ctx static void camellia_bidi_setkey (struct camellia_bidi_ctx *ctx, unsigned length, - const uint8_t * key) + const uint8_t * key) { camellia_set_encrypt_key (&ctx->encrypt, length, key); camellia_invert_key (&ctx->decrypt, &ctx->encrypt); @@ -99,14 +99,14 @@ camellia_bidi_setkey (struct camellia_bidi_ctx *ctx, unsigned length, static void camellia_bidi_encrypt (struct camellia_bidi_ctx *ctx, - unsigned length, uint8_t * dst, const uint8_t * src) + unsigned length, uint8_t * dst, const uint8_t * src) { camellia_crypt (&ctx->encrypt, length, dst, src); } static void camellia_bidi_decrypt (struct camellia_bidi_ctx *ctx, - unsigned length, uint8_t * dst, const uint8_t * src) + unsigned length, uint8_t * dst, const uint8_t * src) { camellia_crypt (&ctx->decrypt, length, dst, src); } @@ -231,34 +231,34 @@ wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize) break; case GNUTLS_CIPHER_3DES_CBC: if (keysize != DES3_KEY_SIZE) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } des_fix_parity (keysize, des_key, key); /* this fails on weak keys */ if (des3_set_key (ctx->ctx_ptr, des_key) != 1) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } break; case GNUTLS_CIPHER_DES_CBC: if (keysize != DES_KEY_SIZE) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } des_fix_parity (keysize, des_key, key); if (des_set_key (ctx->ctx_ptr, des_key) != 1) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } break; case GNUTLS_CIPHER_ARCFOUR_128: case GNUTLS_CIPHER_ARCFOUR_40: @@ -292,24 +292,24 @@ wrap_nettle_cipher_setiv (void *_ctx, const void *iv, size_t ivsize) static int wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize) + void *plain, size_t plainsize) { struct nettle_cipher_ctx *ctx = _ctx; ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv, - encrsize, plain, encr); + encrsize, plain, encr); return 0; } static int wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize) + void *encr, size_t encrsize) { struct nettle_cipher_ctx *ctx = _ctx; ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv, - plainsize, encr, plain); + plainsize, encr, plain); return 0; } diff --git a/lib/nettle/egd.c b/lib/nettle/egd.c index 4e720e4921..b1886d4040 100644 --- a/lib/nettle/egd.c +++ b/lib/nettle/egd.c @@ -49,11 +49,11 @@ do_write (int fd, void *buf, size_t nbytes) { nwritten = write (fd, buf, nleft); if (nwritten < 0) - { - if (errno == EINTR) - continue; - return -1; - } + { + if (errno == EINTR) + continue; + return -1; + } nleft -= nwritten; buf = (char *) buf + nwritten; } @@ -68,14 +68,14 @@ do_read (int fd, void *buf, size_t nbytes) do { do - { - n = read (fd, (char *) buf + nread, nbytes); - } + { + n = read (fd, (char *) buf + nread, nbytes); + } while (n == -1 && errno == EINTR); if (n == -1) - return nread ? nread : -1; + return nread ? nread : -1; if (n == 0) - return -1; + return -1; nread += n; nbytes -= n; } @@ -102,12 +102,12 @@ find_egd_name (void) do { if (stat (egd_names[i], &st) != 0) - continue; + continue; if (st.st_mode & S_IFSOCK) - { /* found */ - return egd_names[i]; - } + { /* found */ + return egd_names[i]; + } } while (egd_names[++i] != NULL); @@ -144,19 +144,19 @@ _rndegd_connect_socket (void) addr.sun_family = AF_LOCAL; strcpy (addr.sun_path, name); addr_len = (offsetof (struct sockaddr_un, sun_path) - + strlen (addr.sun_path)); + + strlen (addr.sun_path)); fd = socket (AF_LOCAL, SOCK_STREAM, 0); if (fd == -1) { _gnutls_debug_log ("can't create unix domain socket: %s\n", - strerror (errno)); + strerror (errno)); return -1; } else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1) { _gnutls_debug_log ("can't connect to EGD socket `%s': %s\n", - name, strerror (errno)); + name, strerror (errno)); close (fd); fd = -1; } @@ -196,7 +196,7 @@ restart: nbytes = length < 255 ? length : 255; /* First time we do it with a non blocking request */ - buffer[0] = 1; /* non blocking */ + buffer[0] = 1; /* non blocking */ buffer[1] = nbytes; if (do_write (*fd, buffer, 2) == -1) @@ -215,17 +215,17 @@ restart: { n = do_read (*fd, buffer, n); if (n == -1) - { - _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); - do_restart = 1; - goto restart; - } + { + _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); + do_restart = 1; + goto restart; + } if (n > length) - { - _gnutls_debug_log ("read error on EGD: returned more bytes!\n"); - n = length; - } + { + _gnutls_debug_log ("read error on EGD: returned more bytes!\n"); + n = length; + } memcpy (output, buffer, n); output += n; @@ -236,28 +236,28 @@ restart: { nbytes = length < 255 ? length : 255; - buffer[0] = 2; /* blocking */ + buffer[0] = 2; /* blocking */ buffer[1] = nbytes; if (do_write (*fd, buffer, 2) == -1) - _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno)); + _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno)); n = do_read (*fd, buffer, nbytes); if (n == -1) - { - _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); - do_restart = 1; - goto restart; - } + { + _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno)); + do_restart = 1; + goto restart; + } if (n > length) - { - _gnutls_debug_log ("read error on EGD: returned more bytes!\n"); - n = length; - } + { + _gnutls_debug_log ("read error on EGD: returned more bytes!\n"); + n = length; + } memcpy (output, buffer, n); output += n; length -= n; } - return _length; /* success */ + return _length; /* success */ } diff --git a/lib/nettle/mpi.c b/lib/nettle/mpi.c index 2f374028dd..0f9b183879 100644 --- a/lib/nettle/mpi.c +++ b/lib/nettle/mpi.c @@ -39,7 +39,7 @@ static int wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes, - gnutls_bigint_format_t format) + gnutls_bigint_format_t format) { unsigned int size; mpz_t *p = (void *) a; @@ -103,7 +103,7 @@ wrap_nettle_mpi_new (int nbits) static bigint_t wrap_nettle_mpi_scan (const void *buffer, size_t nbytes, - gnutls_bigint_format_t format) + gnutls_bigint_format_t format) { bigint_t r = wrap_nettle_mpi_new (nbytes * 8); @@ -127,19 +127,19 @@ wrap_nettle_mpi_scan (const void *buffer, size_t nbytes, size_t size; if (nbytes < 3) - { - gnutls_assert (); - goto fail; - } + { + gnutls_assert (); + goto fail; + } size = (buf[0] << 8) | buf[1]; size = (size + 7) / 8; if (size > nbytes - 2) - { - gnutls_assert (); - goto fail; - } + { + gnutls_assert (); + goto fail; + } nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2); } else @@ -228,7 +228,7 @@ wrap_nettle_mpi_mod (const bigint_t a, const bigint_t b) static bigint_t wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m)); @@ -243,7 +243,7 @@ wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e, static bigint_t wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); @@ -259,7 +259,7 @@ wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b, static bigint_t wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a)); @@ -275,7 +275,7 @@ wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b, static bigint_t wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) + const bigint_t m) { if (w == NULL) w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m)); @@ -402,7 +402,7 @@ wrap_nettle_prime_check (bigint_t pp) return 0; } - return GNUTLS_E_INTERNAL_ERROR; /* ignored */ + return GNUTLS_E_INTERNAL_ERROR; /* ignored */ } @@ -444,7 +444,7 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) _gnutls_debug_log ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n", nbits, q_bytes * 8); - buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */ + buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */ if (buffer == NULL) { gnutls_assert (); @@ -463,10 +463,10 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) { ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes); if (ret < 0) - { - gnutls_assert (); - goto fail; - } + { + gnutls_assert (); + goto fail; + } nettle_mpz_set_str_256_u (q, q_bytes, buffer); /* always odd */ @@ -474,9 +474,9 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM); if (ret > 0) - { - break; - } + { + break; + } } /* now generate w of size p_bytes - q_bytes */ @@ -495,10 +495,10 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) { ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } nettle_mpz_set_str_256_u (w, w_bytes, buffer); /* always odd */ @@ -506,9 +506,9 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM); if (ret == 0) - { - continue; - } + { + continue; + } /* check if 2wq+1 is prime */ mpz_mul_ui (*prime, w, 2); @@ -517,13 +517,13 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM); if (ret > 0) - { - break; - } + { + break; + } } _gnutls_debug_log ("Found prime w of %u bits. Looking for generator...\n", - wrap_nettle_mpi_get_nbits (&w)); + wrap_nettle_mpi_get_nbits (&w)); /* finally a prime! Let calculate generator */ @@ -536,17 +536,17 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) */ r_bytes = p_bytes; - mpz_mul_ui (w, w, 2); /* w = w*2 */ + mpz_mul_ui (w, w, 2); /* w = w*2 */ mpz_fdiv_r (w, w, *prime); for (;;) { ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } nettle_mpz_set_str_256_u (q, r_bytes, buffer); mpz_fdiv_r (q, q, *prime); @@ -555,15 +555,15 @@ gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits) mpz_powm (*generator, q, w, *prime); if (mpz_cmp_ui (*generator, 1) == 0) - continue; + continue; else - break; + break; } _gnutls_debug_log ("Found generator g of %u bits\n", - wrap_nettle_mpi_get_nbits (generator)); + wrap_nettle_mpi_get_nbits (generator)); _gnutls_debug_log ("Prime n is of %u bits\n", - wrap_nettle_mpi_get_nbits (prime)); + wrap_nettle_mpi_get_nbits (prime)); mpz_clear (q); mpz_clear (w); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index d4c8806d0d..001b9b2d46 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -53,7 +53,7 @@ rnd_func (void *_ctx, unsigned length, uint8_t * data) static void _dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params, - struct dsa_public_key *pub) + struct dsa_public_key *pub) { memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t)); memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t)); @@ -63,14 +63,14 @@ _dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params, static void _dsa_params_to_privkey (const gnutls_pk_params_st * pk_params, - struct dsa_private_key *pub) + struct dsa_private_key *pub) { memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t)); } static void _rsa_params_to_privkey (const gnutls_pk_params_st * pk_params, - struct rsa_private_key *priv) + struct rsa_private_key *priv) { memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t)); memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t)); @@ -83,9 +83,9 @@ _rsa_params_to_privkey (const gnutls_pk_params_st * pk_params, static int _wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo, - gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - const gnutls_pk_params_st * pk_params) + gnutls_datum_t * ciphertext, + const gnutls_datum_t * plaintext, + const gnutls_pk_params_st * pk_params) { int ret; @@ -94,27 +94,27 @@ _wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo, { case GNUTLS_PK_RSA: { - bigint_t p; + bigint_t p; - if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } + if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } - mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ , - TOMPZ (pk_params->params[0] /*m */ )); + mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ , + TOMPZ (pk_params->params[0] /*m */ )); - ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size); - _gnutls_mpi_release (&p); + ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size); + _gnutls_mpi_release (&p); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } - break; + break; } default: gnutls_assert (); @@ -155,7 +155,7 @@ rsa_blind (bigint_t c, bigint_t e, bigint_t n, bigint_t * _ri) } r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits (n), - GNUTLS_RND_NONCE); + GNUTLS_RND_NONCE); if (r == NULL) { gnutls_assert (); @@ -196,9 +196,9 @@ rsa_unblind (bigint_t c, bigint_t ri, bigint_t n) static int _wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, - gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - const gnutls_pk_params_st * pk_params) + gnutls_datum_t * plaintext, + const gnutls_datum_t * ciphertext, + const gnutls_pk_params_st * pk_params) { int ret; @@ -207,43 +207,43 @@ _wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo, { case GNUTLS_PK_RSA: { - struct rsa_private_key priv; - bigint_t c, ri, nc; + struct rsa_private_key priv; + bigint_t c, ri, nc; - if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } + if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } - nc = rsa_blind (c, pk_params->params[1] /*e */ , - pk_params->params[0] /*m */ , &ri); - _gnutls_mpi_release (&c); - if (nc == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + nc = rsa_blind (c, pk_params->params[1] /*e */ , + pk_params->params[0] /*m */ , &ri); + _gnutls_mpi_release (&c); + if (nc == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } - rsa_private_key_init (&priv); - _rsa_params_to_privkey (pk_params, &priv); + rsa_private_key_init (&priv); + _rsa_params_to_privkey (pk_params, &priv); - rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); + rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); - rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); + rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); - ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size); + ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size); - _gnutls_mpi_release (&nc); - _gnutls_mpi_release (&ri); + _gnutls_mpi_release (&nc); + _gnutls_mpi_release (&ri); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } - break; + break; } default: gnutls_assert (); @@ -262,9 +262,9 @@ cleanup: */ static int _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, - gnutls_datum_t * signature, - const gnutls_datum_t * vdata, - const gnutls_pk_params_st * pk_params) + gnutls_datum_t * signature, + const gnutls_datum_t * vdata, + const gnutls_pk_params_st * pk_params) { int ret, hash; @@ -273,87 +273,87 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: { - struct dsa_public_key pub; - struct dsa_private_key priv; - struct dsa_signature sig; - - dsa_public_key_init (&pub); - dsa_private_key_init (&priv); - _dsa_params_to_pubkey (pk_params, &pub); - _dsa_params_to_privkey (pk_params, &priv); - - dsa_signature_init (&sig); - - hash = _gnutls_dsa_q_to_hash (pub.q); - if (vdata->size != _gnutls_hash_get_algo_len (hash)) - { - gnutls_assert (); - ret = GNUTLS_E_PK_SIGN_FAILED; - goto dsa_fail; - } - - ret = - _dsa_sign (&pub, &priv, NULL, rnd_func, - vdata->size, vdata->data, &sig); - if (ret == 0) - { - gnutls_assert (); - ret = GNUTLS_E_PK_SIGN_FAILED; - goto dsa_fail; - } - - ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s); + struct dsa_public_key pub; + struct dsa_private_key priv; + struct dsa_signature sig; + + dsa_public_key_init (&pub); + dsa_private_key_init (&priv); + _dsa_params_to_pubkey (pk_params, &pub); + _dsa_params_to_privkey (pk_params, &priv); + + dsa_signature_init (&sig); + + hash = _gnutls_dsa_q_to_hash (pub.q); + if (vdata->size != _gnutls_hash_get_algo_len (hash)) + { + gnutls_assert (); + ret = GNUTLS_E_PK_SIGN_FAILED; + goto dsa_fail; + } + + ret = + _dsa_sign (&pub, &priv, NULL, rnd_func, + vdata->size, vdata->data, &sig); + if (ret == 0) + { + gnutls_assert (); + ret = GNUTLS_E_PK_SIGN_FAILED; + goto dsa_fail; + } + + ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s); dsa_fail: - dsa_signature_clear (&sig); - - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - break; + dsa_signature_clear (&sig); + + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + break; } case GNUTLS_PK_RSA: { - struct rsa_private_key priv; - bigint_t hash, nc, ri; + struct rsa_private_key priv; + bigint_t hash, nc, ri; - if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } - rsa_private_key_init (&priv); - _rsa_params_to_privkey (pk_params, &priv); + rsa_private_key_init (&priv); + _rsa_params_to_privkey (pk_params, &priv); - nc = rsa_blind (hash, pk_params->params[1] /*e */ , - pk_params->params[0] /*m */ , &ri); + nc = rsa_blind (hash, pk_params->params[1] /*e */ , + pk_params->params[0] /*m */ , &ri); - _gnutls_mpi_release (&hash); + _gnutls_mpi_release (&hash); - if (nc == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + if (nc == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } - rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); + rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc)); - rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); + rsa_unblind (nc, ri, pk_params->params[0] /*m */ ); - ret = _gnutls_mpi_dprint (nc, signature); - _gnutls_mpi_release (&nc); - _gnutls_mpi_release (&ri); + ret = _gnutls_mpi_dprint (nc, signature); + _gnutls_mpi_release (&nc); + _gnutls_mpi_release (&ri); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } - break; + break; } default: gnutls_assert (); @@ -370,7 +370,7 @@ cleanup: static int _int_rsa_verify (const gnutls_pk_params_st * pk_params, - bigint_t m, bigint_t s) + bigint_t m, bigint_t s) { int res; @@ -383,7 +383,7 @@ _int_rsa_verify (const gnutls_pk_params_st * pk_params, mpz_init (m1); mpz_powm (m1, TOMPZ (s), TOMPZ (pk_params->params[1]), - TOMPZ (pk_params->params[0])); + TOMPZ (pk_params->params[0])); res = !mpz_cmp (TOMPZ (m), m1); @@ -399,9 +399,9 @@ _int_rsa_verify (const gnutls_pk_params_st * pk_params, static int _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, - const gnutls_datum_t * vdata, - const gnutls_datum_t * signature, - const gnutls_pk_params_st * pk_params) + const gnutls_datum_t * vdata, + const gnutls_datum_t * signature, + const gnutls_pk_params_st * pk_params) { int ret, hash; bigint_t tmp[2] = { NULL, NULL }; @@ -410,60 +410,60 @@ _wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo, { case GNUTLS_PK_DSA: { - struct dsa_public_key pub; - struct dsa_signature sig; - - ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - dsa_public_key_init (&pub); - _dsa_params_to_pubkey (pk_params, &pub); - memcpy (&sig.r, tmp[0], sizeof (sig.r)); - memcpy (&sig.s, tmp[1], sizeof (sig.s)); - - hash = _gnutls_dsa_q_to_hash (pub.q); - if (vdata->size != _gnutls_hash_get_algo_len (hash)) - { - gnutls_assert (); - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - goto dsa_fail; - } - - ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig); - if (ret == 0) - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - else - ret = 0; + struct dsa_public_key pub; + struct dsa_signature sig; + + ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + dsa_public_key_init (&pub); + _dsa_params_to_pubkey (pk_params, &pub); + memcpy (&sig.r, tmp[0], sizeof (sig.r)); + memcpy (&sig.s, tmp[1], sizeof (sig.s)); + + hash = _gnutls_dsa_q_to_hash (pub.q); + if (vdata->size != _gnutls_hash_get_algo_len (hash)) + { + gnutls_assert (); + ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; + goto dsa_fail; + } + + ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig); + if (ret == 0) + ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; + else + ret = 0; dsa_fail: - _gnutls_mpi_release (&tmp[0]); - _gnutls_mpi_release (&tmp[1]); - break; + _gnutls_mpi_release (&tmp[0]); + _gnutls_mpi_release (&tmp[1]); + break; } case GNUTLS_PK_RSA: { - bigint_t hash; - - if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = _int_rsa_verify (pk_params, hash, tmp[0]); - _gnutls_mpi_release (&tmp[0]); - _gnutls_mpi_release (&hash); - break; + bigint_t hash; + + if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) + { + gnutls_assert (); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = _int_rsa_verify (pk_params, hash, tmp[0]); + _gnutls_mpi_release (&tmp[0]); + _gnutls_mpi_release (&hash); + break; } default: gnutls_assert (); @@ -478,8 +478,8 @@ cleanup: static int wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, - unsigned int level /*bits */ , - gnutls_pk_params_st * params) + unsigned int level /*bits */ , + gnutls_pk_params_st * params) { int ret, i; int q_bits; @@ -489,97 +489,97 @@ wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: { - struct dsa_public_key pub; - struct dsa_private_key priv; - - dsa_public_key_init (&pub); - dsa_private_key_init (&priv); - - /* the best would be to use _gnutls_pk_bits_to_subgroup_bits() - * but we do NIST DSA here */ - if (level <= 1024) - q_bits = 160; - else - q_bits = 256; - - ret = - dsa_generate_keypair (&pub, &priv, NULL, - rnd_func, NULL, NULL, level, q_bits); - if (ret != 1) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - params->params_nr = 0; - for (i = 0; i < DSA_PRIVATE_PARAMS; i++) - { - params->params[i] = _gnutls_mpi_alloc_like (&pub.p); - if (params->params[i] == NULL) - { - ret = GNUTLS_E_MEMORY_ERROR; - dsa_private_key_clear (&priv); - dsa_public_key_clear (&pub); - goto fail; - } - params->params_nr++; - } - _gnutls_mpi_set (params->params[0], pub.p); - _gnutls_mpi_set (params->params[1], pub.q); - _gnutls_mpi_set (params->params[2], pub.g); - _gnutls_mpi_set (params->params[3], pub.y); - _gnutls_mpi_set (params->params[4], priv.x); - - dsa_private_key_clear (&priv); - dsa_public_key_clear (&pub); - - break; + struct dsa_public_key pub; + struct dsa_private_key priv; + + dsa_public_key_init (&pub); + dsa_private_key_init (&priv); + + /* the best would be to use _gnutls_pk_bits_to_subgroup_bits() + * but we do NIST DSA here */ + if (level <= 1024) + q_bits = 160; + else + q_bits = 256; + + ret = + dsa_generate_keypair (&pub, &priv, NULL, + rnd_func, NULL, NULL, level, q_bits); + if (ret != 1) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + params->params_nr = 0; + for (i = 0; i < DSA_PRIVATE_PARAMS; i++) + { + params->params[i] = _gnutls_mpi_alloc_like (&pub.p); + if (params->params[i] == NULL) + { + ret = GNUTLS_E_MEMORY_ERROR; + dsa_private_key_clear (&priv); + dsa_public_key_clear (&pub); + goto fail; + } + params->params_nr++; + } + _gnutls_mpi_set (params->params[0], pub.p); + _gnutls_mpi_set (params->params[1], pub.q); + _gnutls_mpi_set (params->params[2], pub.g); + _gnutls_mpi_set (params->params[3], pub.y); + _gnutls_mpi_set (params->params[4], priv.x); + + dsa_private_key_clear (&priv); + dsa_public_key_clear (&pub); + + break; } case GNUTLS_PK_RSA: { - struct rsa_public_key pub; - struct rsa_private_key priv; - - rsa_public_key_init (&pub); - rsa_private_key_init (&priv); - - _gnutls_mpi_set_ui (&pub.e, 65537); - - ret = - rsa_generate_keypair (&pub, &priv, NULL, - rnd_func, NULL, NULL, level, 0); - if (ret != 1) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - params->params_nr = 0; - for (i = 0; i < RSA_PRIVATE_PARAMS; i++) - { - params->params[i] = _gnutls_mpi_alloc_like (&pub.n); - if (params->params[i] == NULL) - { - ret = GNUTLS_E_MEMORY_ERROR; - rsa_private_key_clear (&priv); - rsa_public_key_clear (&pub); - goto fail; - } - params->params_nr++; - - } - _gnutls_mpi_set (params->params[0], pub.n); - _gnutls_mpi_set (params->params[1], pub.e); - _gnutls_mpi_set (params->params[2], priv.d); - _gnutls_mpi_set (params->params[3], priv.p); - _gnutls_mpi_set (params->params[4], priv.q); - _gnutls_mpi_set (params->params[5], priv.c); - _gnutls_mpi_set (params->params[6], priv.a); - _gnutls_mpi_set (params->params[7], priv.b); - rsa_private_key_clear (&priv); - rsa_public_key_clear (&pub); - - break; + struct rsa_public_key pub; + struct rsa_private_key priv; + + rsa_public_key_init (&pub); + rsa_private_key_init (&priv); + + _gnutls_mpi_set_ui (&pub.e, 65537); + + ret = + rsa_generate_keypair (&pub, &priv, NULL, + rnd_func, NULL, NULL, level, 0); + if (ret != 1) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + params->params_nr = 0; + for (i = 0; i < RSA_PRIVATE_PARAMS; i++) + { + params->params[i] = _gnutls_mpi_alloc_like (&pub.n); + if (params->params[i] == NULL) + { + ret = GNUTLS_E_MEMORY_ERROR; + rsa_private_key_clear (&priv); + rsa_public_key_clear (&pub); + goto fail; + } + params->params_nr++; + + } + _gnutls_mpi_set (params->params[0], pub.n); + _gnutls_mpi_set (params->params[1], pub.e); + _gnutls_mpi_set (params->params[2], priv.d); + _gnutls_mpi_set (params->params[3], priv.p); + _gnutls_mpi_set (params->params[4], priv.q); + _gnutls_mpi_set (params->params[5], priv.c); + _gnutls_mpi_set (params->params[6], priv.a); + _gnutls_mpi_set (params->params[7], priv.b); + rsa_private_key_clear (&priv); + rsa_public_key_clear (&pub); + + break; } default: gnutls_assert (); @@ -602,8 +602,8 @@ fail: static int wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo, - gnutls_direction_t direction, - gnutls_pk_params_st * params) + gnutls_direction_t direction, + gnutls_pk_params_st * params) { int result; @@ -615,7 +615,7 @@ wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo, * keys were as old. */ mpz_invert (TOMPZ (params->params[5]), - TOMPZ (params->params[4]), TOMPZ (params->params[3])); + TOMPZ (params->params[4]), TOMPZ (params->params[3])); /* calculate exp1 [6] and exp2 [7] */ _gnutls_mpi_release (¶ms->params[6]); @@ -623,10 +623,10 @@ wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo, result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS - 2); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } params->params_nr = RSA_PRIVATE_PARAMS; } diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c index 0166cddcaf..e623c90db5 100644 --- a/lib/nettle/rnd.c +++ b/lib/nettle/rnd.c @@ -88,7 +88,7 @@ do_trivia_source (int init) } return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy, - sizeof (event), (const uint8_t *) &event); + sizeof (event), (const uint8_t *) &event); } static int @@ -102,14 +102,14 @@ do_device_source (int init) int old; if (!CryptAcquireContext - (&device_fd, NULL, NULL, PROV_RSA_FULL, - CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) - { - _gnutls_debug_log ("error in CryptAcquireContext!\n"); - return GNUTLS_E_INTERNAL_ERROR; - } + (&device_fd, NULL, NULL, PROV_RSA_FULL, + CRYPT_SILENT | CRYPT_VERIFYCONTEXT)) + { + _gnutls_debug_log ("error in CryptAcquireContext!\n"); + return GNUTLS_E_INTERNAL_ERROR; + } device_last_read = now; - read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ + read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ } if ((device_fd != NULL) @@ -120,17 +120,17 @@ do_device_source (int init) uint8_t buf[DEVICE_READ_SIZE_MAX]; if (!CryptGenRandom (device_fd, (DWORD) read_size, buf)) - { - _gnutls_debug_log ("Error in CryptGenRandom: %s\n", - GetLastError ()); - return GNUTLS_E_INTERNAL_ERROR; - } + { + _gnutls_debug_log ("Error in CryptGenRandom: %s\n", + GetLastError ()); + return GNUTLS_E_INTERNAL_ERROR; + } device_last_read = now; return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, - read_size * 8 / - 2 /* we trust the system RNG */ , - read_size, buf); + read_size * 8 / + 2 /* we trust the system RNG */ , + read_size, buf); } return 0; } @@ -204,22 +204,22 @@ do_trivia_source (int init) event.count = trivia_time_count++; if (event.now.tv_sec != trivia_previous_time) - { - /* Count one bit of entropy if we either have more than two - * invocations in one second, or more than two seconds - * between invocations. */ - if ((trivia_time_count > 2) - || ((event.now.tv_sec - trivia_previous_time) > 2)) - entropy++; - - trivia_time_count = 0; - } + { + /* Count one bit of entropy if we either have more than two + * invocations in one second, or more than two seconds + * between invocations. */ + if ((trivia_time_count > 2) + || ((event.now.tv_sec - trivia_previous_time) > 2)) + entropy++; + + trivia_time_count = 0; + } } trivia_previous_time = event.now.tv_sec; event.pid = getpid (); return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy, - sizeof (event), (const uint8_t *) &event); + sizeof (event), (const uint8_t *) &event); } static int @@ -234,16 +234,16 @@ do_device_source_urandom (int init) device_fd = open ("/dev/urandom", O_RDONLY); if (device_fd < 0) - { - _gnutls_debug_log ("Cannot open urandom!\n"); - return GNUTLS_E_FILE_ERROR; - } + { + _gnutls_debug_log ("Cannot open urandom!\n"); + return GNUTLS_E_FILE_ERROR; + } old = fcntl (device_fd, F_GETFD); fcntl (device_fd, F_SETFD, old | 1); device_last_read = now; - read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ + read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ } if ((device_fd > 0) @@ -255,35 +255,35 @@ do_device_source_urandom (int init) uint32_t done; for (done = 0; done < read_size;) - { - int res; - do - res = read (device_fd, buf + done, sizeof (buf) - done); - while (res < 0 && errno == EINTR); - - if (res <= 0) - { - if (res < 0) - { - _gnutls_debug_log ("Failed to read /dev/urandom: %s\n", - strerror (errno)); - } - else - { - _gnutls_debug_log - ("Failed to read /dev/urandom: end of file\n"); - } - - return GNUTLS_E_INTERNAL_ERROR; - } - - done += res; - } + { + int res; + do + res = read (device_fd, buf + done, sizeof (buf) - done); + while (res < 0 && errno == EINTR); + + if (res <= 0) + { + if (res < 0) + { + _gnutls_debug_log ("Failed to read /dev/urandom: %s\n", + strerror (errno)); + } + else + { + _gnutls_debug_log + ("Failed to read /dev/urandom: end of file\n"); + } + + return GNUTLS_E_INTERNAL_ERROR; + } + + done += res; + } device_last_read = now; return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, - read_size * 8 / 2 /* we trust the RNG */ , - read_size, buf); + read_size * 8 / 2 /* we trust the RNG */ , + read_size, buf); } return 0; } @@ -298,14 +298,14 @@ do_device_source_egd (int init) { device_fd = _rndegd_connect_socket (); if (device_fd < 0) - { - _gnutls_debug_log ("Cannot open egd socket!\n"); - return GNUTLS_E_FILE_ERROR; - } + { + _gnutls_debug_log ("Cannot open egd socket!\n"); + return GNUTLS_E_FILE_ERROR; + } device_last_read = now; - read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ + read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */ } if ((device_fd > 0) @@ -317,28 +317,28 @@ do_device_source_egd (int init) uint32_t done; for (done = 0; done < read_size;) - { - int res; - res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done); - if (res <= 0) - { - if (res < 0) - { - _gnutls_debug_log ("Failed to read egd.\n"); - } - else - { - _gnutls_debug_log ("Failed to read egd: end of file\n"); - } - - return GNUTLS_E_INTERNAL_ERROR; - } - done += res; - } + { + int res; + res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done); + if (res <= 0) + { + if (res < 0) + { + _gnutls_debug_log ("Failed to read egd.\n"); + } + else + { + _gnutls_debug_log ("Failed to read egd: end of file\n"); + } + + return GNUTLS_E_INTERNAL_ERROR; + } + done += res; + } device_last_read = now; return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2, - read_size, buf); + read_size, buf); } return 0; } @@ -357,16 +357,16 @@ do_device_source (int init) do_source = do_device_source_urandom; ret = do_source (init); if (ret < 0) - { - do_source = do_device_source_egd; - ret = do_source (init); - } + { + do_source = do_device_source_egd; + ret = do_source (init); + } if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } return ret; } diff --git a/lib/opencdk/armor.c b/lib/opencdk/armor.c index da14a74874..b731226f9a 100644 --- a/lib/opencdk/armor.c +++ b/lib/opencdk/armor.c @@ -184,7 +184,7 @@ base64_encode (char *out, const byte * in, size_t len, size_t olen) *out++ = b64chars[in[0] >> 2]; fragment = (in[0] << 4) & 0x30; if (len > 1) - fragment |= in[1] >> 4; + fragment |= in[1] >> 4; *out++ = b64chars[fragment]; *out++ = (len < 2) ? '=' : b64chars[(in[1] << 2) & 0x3c]; *out++ = '='; @@ -213,43 +213,43 @@ base64_decode (byte * out, const char *in) { digit1 = in[0]; if (digit1 > 127 || b64val (digit1) == BAD) - { - gnutls_assert (); - return -1; - } + { + gnutls_assert (); + return -1; + } digit2 = in[1]; if (digit2 > 127 || b64val (digit2) == BAD) - { - gnutls_assert (); - return -1; - } + { + gnutls_assert (); + return -1; + } digit3 = in[2]; if (digit3 > 127 || ((digit3 != '=') && (b64val (digit3) == BAD))) - { - gnutls_assert (); - return -1; - } + { + gnutls_assert (); + return -1; + } digit4 = in[3]; if (digit4 > 127 || ((digit4 != '=') && (b64val (digit4) == BAD))) - { - gnutls_assert (); - return -1; - } + { + gnutls_assert (); + return -1; + } in += 4; /* digits are already sanity-checked */ *out++ = (b64val (digit1) << 2) | (b64val (digit2) >> 4); len++; if (digit3 != '=') - { - *out++ = ((b64val (digit2) << 4) & 0xf0) | (b64val (digit3) >> 2); - len++; - if (digit4 != '=') - { - *out++ = ((b64val (digit3) << 6) & 0xc0) | b64val (digit4); - len++; - } - } + { + *out++ = ((b64val (digit2) << 4) & 0xf0) | (b64val (digit3) >> 2); + len++; + if (digit4 != '=') + { + *out++ = ((b64val (digit3) << 6) & 0xc0) | b64val (digit4); + len++; + } + } } while (*in && digit4 != '='); @@ -273,22 +273,22 @@ compress_get_algo (cdk_stream_t inp, int *r_zipalgo) { nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nread || nread == -1) - break; + break; if (nread == 1 && !cdk_stream_eof (inp) - && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0) - { - base64_decode (plain, buf); - if (!(*plain & 0x80)) - break; - pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf); - if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo) - { - _gnutls_buffers_log ("armor compressed (algo=%d)\n", - *(plain + 1)); - *r_zipalgo = *(plain + 1); - } - break; - } + && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0) + { + base64_decode (plain, buf); + if (!(*plain & 0x80)) + break; + pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf); + if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo) + { + _gnutls_buffers_log ("armor compressed (algo=%d)\n", + *(plain + 1)); + *r_zipalgo = *(plain + 1); + } + break; + } } return 0; } @@ -307,10 +307,10 @@ check_armor (cdk_stream_t inp, int *r_zipalgo) { buf[nread] = '\0'; if (strstr (buf, "-----BEGIN PGP")) - { - compress_get_algo (inp, r_zipalgo); - check = 1; - } + { + compress_get_algo (inp, r_zipalgo); + check = 1; + } cdk_stream_seek (inp, 0); } return check; @@ -325,7 +325,7 @@ is_armored (int ctb) if (!(ctb & 0x80)) { gnutls_assert (); - return 1; /* invalid packet: assume it is armored */ + return 1; /* invalid packet: assume it is armored */ } pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf); switch (pkttype) @@ -338,7 +338,7 @@ is_armored (int ctb) case CDK_PKT_SIGNATURE: case CDK_PKT_LITERAL: case CDK_PKT_COMPRESSED: - return 0; /* seems to be a regular packet: not armored */ + return 0; /* seems to be a regular packet: not armored */ } return 1; } @@ -402,12 +402,12 @@ armor_encode (void *data, FILE * in, FILE * out) { nread = fread (raw, 1, DIM (raw) - 1, in); if (!nread) - break; + break; if (ferror (in)) - { - gnutls_assert (); - return CDK_File_Error; - } + { + gnutls_assert (); + return CDK_File_Error; + } afx->crc = update_crc (afx->crc, (byte *) raw, nread); base64_encode (buf, (byte *) raw, nread, DIM (buf) - 1); fprintf (out, "%s%s", buf, lf); @@ -442,14 +442,14 @@ cdk_armor_filter_use (cdk_stream_t inp) zipalgo = 0; c = cdk_stream_getc (inp); if (c == EOF) - return 0; /* EOF, doesn't matter whether armored or not */ + return 0; /* EOF, doesn't matter whether armored or not */ cdk_stream_seek (inp, 0); check = is_armored (c); if (check) { check = check_armor (inp, &zipalgo); if (zipalgo) - _cdk_stream_set_compress_algo (inp, zipalgo); + _cdk_stream_set_compress_algo (inp, zipalgo); } return check; } @@ -469,7 +469,7 @@ search_header (const char *buf, const char **array) for (i = 0; (s = array[i]); i++) { if (!strncmp (s, buf + 5, strlen (s))) - return i; + return i; } return -1; } @@ -508,16 +508,16 @@ armor_decode (void *data, FILE * in, FILE * out) { s = fgets (buf, DIM (buf) - 1, in); if (!s) - break; + break; afx->idx = search_header (buf, armor_begin); if (afx->idx >= 0) - pgp_data = 1; + pgp_data = 1; } if (feof (in) || !pgp_data) { gnutls_assert (); - return CDK_Armor_Error; /* no data found */ + return CDK_Armor_Error; /* no data found */ } /* Parse header until the empty line is reached */ @@ -525,33 +525,33 @@ armor_decode (void *data, FILE * in, FILE * out) { s = fgets (buf, DIM (buf) - 1, in); if (!s) - return CDK_EOF; + return CDK_EOF; if (strlen (s) == strlen (LF)) - { - rc = 0; - break; /* empty line */ - } + { + rc = 0; + break; /* empty line */ + } /* From RFC2440: OpenPGP should consider improperly formatted Armor Headers to be corruption of the ASCII Armor. A colon and a single space separate the key and value. */ if (!strstr (buf, ": ")) - { - gnutls_assert (); - return CDK_Armor_Error; - } + { + gnutls_assert (); + return CDK_Armor_Error; + } rc = CDK_General_Error; for (i = 0; (s = valid_headers[i]); i++) - { - if (!strncmp (s, buf, strlen (s))) - rc = 0; - } + { + if (!strncmp (s, buf, strlen (s))) + rc = 0; + } if (rc) - { - /* From RFC2440: Unknown keys should be reported to the user, - but OpenPGP should continue to process the message. */ - _cdk_log_info ("unknown header: `%s'\n", buf); - rc = 0; - } + { + /* From RFC2440: Unknown keys should be reported to the user, + but OpenPGP should continue to process the message. */ + _cdk_log_info ("unknown header: `%s'\n", buf); + rc = 0; + } } /* Read the data body */ @@ -559,23 +559,23 @@ armor_decode (void *data, FILE * in, FILE * out) { s = fgets (buf, DIM (buf) - 1, in); if (!s) - break; + break; buf[strlen (buf) - strlen (LF)] = '\0'; if (buf[0] == '=' && strlen (s) == 5) - { /* CRC */ - memset (crcbuf, 0, sizeof (crcbuf)); - base64_decode (crcbuf, buf + 1); - crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2]; - break; /* stop here */ - } + { /* CRC */ + memset (crcbuf, 0, sizeof (crcbuf)); + base64_decode (crcbuf, buf + 1); + crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2]; + break; /* stop here */ + } else - { - nread = base64_decode (raw, buf); - if (nread == -1 || nread == 0) - break; - afx->crc = update_crc (afx->crc, raw, nread); - fwrite (raw, 1, nread, out); - } + { + nread = base64_decode (raw, buf); + if (nread == -1 || nread == 0) + break; + afx->crc = update_crc (afx->crc, raw, nread); + fwrite (raw, 1, nread, out); + } } /* Search the tail of the message */ @@ -586,7 +586,7 @@ armor_decode (void *data, FILE * in, FILE * out) rc = CDK_General_Error; afx->idx2 = search_header (buf, armor_end); if (afx->idx2 >= 0) - rc = 0; + rc = 0; } /* This catches error when no tail was found or the header is @@ -598,7 +598,7 @@ armor_decode (void *data, FILE * in, FILE * out) if (!afx->crc_okay && !rc) { _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n", - (unsigned int) crc2, (unsigned int) afx->crc); + (unsigned int) crc2, (unsigned int) afx->crc); rc = CDK_Armor_CRC_Error; } @@ -642,7 +642,7 @@ cdk_file_armor (cdk_ctx_t hd, const char *file, const char *output) cdk_stream_set_armor_flag (out, CDK_ARMOR_MESSAGE); if (hd->opt.compress) rc = cdk_stream_set_compress_flag (out, hd->compress.algo, - hd->compress.level); + hd->compress.level); if (!rc) rc = cdk_stream_set_literal_flag (out, 0, file); if (!rc) @@ -697,13 +697,13 @@ cdk_file_dearmor (const char *file, const char *output) rc = cdk_stream_set_literal_flag (inp, 0, NULL); zipalgo = cdk_stream_is_compressed (inp); if (zipalgo) - rc = cdk_stream_set_compress_flag (inp, zipalgo, 0); + rc = cdk_stream_set_compress_flag (inp, zipalgo, 0); if (!rc) - rc = cdk_stream_set_armor_flag (inp, 0); + rc = cdk_stream_set_armor_flag (inp, 0); if (!rc) - rc = cdk_stream_kick_off (inp, out); + rc = cdk_stream_kick_off (inp, out); if (!rc) - rc = _cdk_stream_get_errno (inp); + rc = _cdk_stream_get_errno (inp); } cdk_stream_close (inp); @@ -724,12 +724,12 @@ _cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out) { armor_filter_t *afx = data; if (afx) - { - _gnutls_buffers_log ("free armor filter\n"); - afx->idx = afx->idx2 = 0; - afx->crc = afx->crc_okay = 0; - return 0; - } + { + _gnutls_buffers_log ("free armor filter\n"); + afx->idx = afx->idx2 = 0; + afx->crc = afx->crc_okay = 0; + return 0; + } } gnutls_assert (); @@ -750,8 +750,8 @@ _cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out) **/ cdk_error_t cdk_armor_encode_buffer (const byte * inbuf, size_t inlen, - char *outbuf, size_t outlen, - size_t * nwritten, int type) + char *outbuf, size_t outlen, + size_t * nwritten, int type) { const char *head, *tail, *le; byte tempbuf[48]; @@ -805,17 +805,17 @@ cdk_armor_encode_buffer (const byte * inbuf, size_t inlen, for (off = 0; off < inlen;) { if (rest > 48) - { - memcpy (tempbuf, inbuf + off, 48); - off += 48; - len = 48; - } + { + memcpy (tempbuf, inbuf + off, 48); + off += 48; + len = 48; + } else - { - memcpy (tempbuf, inbuf + off, rest); - off += rest; - len = rest; - } + { + memcpy (tempbuf, inbuf + off, rest); + off += rest; + len = rest; + } rest -= len; base64_encode (tempout, tempbuf, len, DIM (tempout) - 1); memcpy (outbuf + pos, tempout, strlen (tempout)); diff --git a/lib/opencdk/context.h b/lib/opencdk/context.h index 0b4aee293d..7c32ea7d8a 100644 --- a/lib/opencdk/context.h +++ b/lib/opencdk/context.h @@ -133,7 +133,7 @@ struct cdk_dek_s int algo; int keylen; int use_mdc; - byte key[32]; /* 256-bit */ + byte key[32]; /* 256-bit */ }; struct cdk_strlist_s diff --git a/lib/opencdk/dummy.c b/lib/opencdk/dummy.c index 0ede7ed41d..be44a35170 100644 --- a/lib/opencdk/dummy.c +++ b/lib/opencdk/dummy.c @@ -8,8 +8,8 @@ cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data, - const char *output, cdk_stream_t outstream, - digest_hd_st * md) + const char *output, cdk_stream_t outstream, + digest_hd_st * md) { return 0; } diff --git a/lib/opencdk/filters.h b/lib/opencdk/filters.h index d948d1436f..fc770eaabc 100644 --- a/lib/opencdk/filters.h +++ b/lib/opencdk/filters.h @@ -55,7 +55,7 @@ typedef struct typedef struct { - const char *le; /* line endings */ + const char *le; /* line endings */ const char *hdrlines; u32 crc; int crc_okay; @@ -65,7 +65,7 @@ typedef struct typedef struct { cdk_lit_format_t mode; - char *orig_filename; /* This original name of the input file. */ + char *orig_filename; /* This original name of the input file. */ char *filename; digest_hd_st md; int md_initialized; @@ -82,7 +82,7 @@ typedef struct byte inbuf[8192]; size_t outbufsize; byte outbuf[8192]; - int algo; /* compress algo */ + int algo; /* compress algo */ int level; } compress_filter_t; @@ -105,6 +105,6 @@ int _cdk_filter_text (void *opaque, int ctl, FILE * in, FILE * out); /*-- compress.c --*/ cdk_error_t _cdk_filter_compress (void *opaque, int ctl, - FILE * in, FILE * out); + FILE * in, FILE * out); #endif /* CDK_FILTERS_H */ diff --git a/lib/opencdk/hash.c b/lib/opencdk/hash.c index 9ac9d9c682..349845d653 100644 --- a/lib/opencdk/hash.c +++ b/lib/opencdk/hash.c @@ -52,10 +52,10 @@ hash_encode (void *data, FILE * in, FILE * out) { err = _gnutls_hash_init (&mfx->md, mfx->digest_algo); if (err < 0) - { - gnutls_assert (); - return map_gnutls_error (err); - } + { + gnutls_assert (); + return map_gnutls_error (err); + } mfx->md_initialized = 1; } @@ -64,7 +64,7 @@ hash_encode (void *data, FILE * in, FILE * out) { nread = fread (buf, 1, BUFSIZE, in); if (!nread) - break; + break; _gnutls_hash (&mfx->md, buf, nread); } @@ -81,12 +81,12 @@ _cdk_filter_hash (void *data, int ctl, FILE * in, FILE * out) { md_filter_t *mfx = data; if (mfx) - { - _cdk_log_debug ("free hash filter\n"); - _gnutls_hash_deinit (&mfx->md, NULL); - mfx->md_initialized = 0; - return 0; - } + { + _cdk_log_debug ("free hash filter\n"); + _gnutls_hash_deinit (&mfx->md, NULL); + mfx->md_initialized = 0; + return 0; + } } gnutls_assert (); diff --git a/lib/opencdk/kbnode.c b/lib/opencdk/kbnode.c index b93c5c9a8e..e2ebab2f38 100644 --- a/lib/opencdk/kbnode.c +++ b/lib/opencdk/kbnode.c @@ -78,7 +78,7 @@ cdk_kbnode_release (cdk_kbnode_t node) { n2 = node->next; if (!node->is_cloned) - cdk_pkt_release (node->pkt); + cdk_pkt_release (node->pkt); cdk_free (node); node = n2; } @@ -122,7 +122,7 @@ _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node) **/ void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node, - cdk_packet_type_t pkttype) + cdk_packet_type_t pkttype) { if (!pkttype) { @@ -134,12 +134,12 @@ cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node, cdk_kbnode_t n1; for (n1 = root; n1->next; n1 = n1->next) - if (pkttype != n1->next->pkt->pkttype) - { - node->next = n1->next; - n1->next = node; - return; - } + if (pkttype != n1->next->pkt->pkttype) + { + node->next = n1->next; + n1->next = node; + return; + } /* No such packet, append */ node->next = NULL; n1->next = node; @@ -158,14 +158,14 @@ cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node, **/ cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node, - cdk_packet_type_t pkttype) + cdk_packet_type_t pkttype) { cdk_kbnode_t n1; for (n1 = NULL; root && root != node; root = root->next) { if (!pkttype || root->pkt->pkttype == pkttype) - n1 = root; + n1 = root; } return n1; } @@ -189,18 +189,18 @@ cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype) for (node = node->next; node; node = node->next) { if (!pkttype) - return node; + return node; else if (pkttype == CDK_PKT_USER_ID && - (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || - node->pkt->pkttype == CDK_PKT_SECRET_KEY)) - return NULL; + (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || + node->pkt->pkttype == CDK_PKT_SECRET_KEY)) + return NULL; else if (pkttype == CDK_PKT_SIGNATURE && - (node->pkt->pkttype == CDK_PKT_USER_ID || - node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || - node->pkt->pkttype == CDK_PKT_SECRET_KEY)) - return NULL; + (node->pkt->pkttype == CDK_PKT_USER_ID || + node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || + node->pkt->pkttype == CDK_PKT_SECRET_KEY)) + return NULL; else if (node->pkt->pkttype == pkttype) - return node; + return node; } return NULL; } @@ -219,7 +219,7 @@ cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype) for (; node; node = node->next) { if (node->pkt->pkttype == pkttype) - return node; + return node; } return NULL; } @@ -258,15 +258,15 @@ cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, int all) do { if (!*ctx) - { - *ctx = root; - n = root; - } + { + *ctx = root; + n = root; + } else - { - n = (*ctx)->next; - *ctx = n; - } + { + n = (*ctx)->next; + *ctx = n; + } } while (!all && n && n->is_deleted); return n; @@ -292,18 +292,18 @@ cdk_kbnode_commit (cdk_kbnode_t * root) for (n = *root, nl = NULL; n; n = nl->next) { if (n->is_deleted) - { - if (n == *root) - *root = nl = n->next; - else - nl->next = n->next; - if (!n->is_cloned) - cdk_pkt_release (n->pkt); - cdk_free (n); - changed = 1; - } + { + if (n == *root) + *root = nl = n->next; + else + nl->next = n->next; + if (!n->is_cloned) + cdk_pkt_release (n->pkt); + cdk_free (n); + changed = 1; + } else - nl = n; + nl = n; } return changed; } @@ -324,17 +324,17 @@ cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node) for (n = *root, nl = NULL; n; n = nl->next) { if (n == node) - { - if (n == *root) - *root = nl = n->next; - else - nl->next = n->next; - if (!n->is_cloned) - cdk_pkt_release (n->pkt); - cdk_free (n); - } + { + if (n == *root) + *root = nl = n->next; + else + nl->next = n->next; + if (!n->is_cloned) + cdk_pkt_release (n->pkt); + cdk_free (n); + } else - nl = n; + nl = n; } } @@ -358,18 +358,18 @@ cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where) for (prev = *root; prev && prev->next != node; prev = prev->next) ; if (!prev) - return; /* Node is not in the list */ + return; /* Node is not in the list */ if (!where) - { /* Move node before root */ + { /* Move node before root */ if (node == *root) - return; + return; prev->next = node->next; node->next = *root; *root = node; return; } - if (node == where) /* Move it after where. */ + if (node == where) /* Move it after where. */ return; tmp = node->next; node->next = where->next; @@ -405,7 +405,7 @@ cdk_kbnode_get_packet (cdk_kbnode_t node) **/ cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node, - const byte * buf, size_t buflen) + const byte * buf, size_t buflen) { cdk_stream_t inp; cdk_error_t rc; @@ -439,7 +439,7 @@ cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node, */ cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node, - byte ** r_buf, size_t * r_buflen) + byte ** r_buf, size_t * r_buflen) { cdk_kbnode_t n; cdk_stream_t s; @@ -466,20 +466,20 @@ cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node, { /* Skip all packets which cannot occur in a key composition. */ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY && - n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY && - n->pkt->pkttype != CDK_PKT_SECRET_KEY && - n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY && - n->pkt->pkttype != CDK_PKT_SIGNATURE && - n->pkt->pkttype != CDK_PKT_USER_ID && - n->pkt->pkttype != CDK_PKT_ATTRIBUTE) - continue; + n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY && + n->pkt->pkttype != CDK_PKT_SECRET_KEY && + n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY && + n->pkt->pkttype != CDK_PKT_SIGNATURE && + n->pkt->pkttype != CDK_PKT_USER_ID && + n->pkt->pkttype != CDK_PKT_ATTRIBUTE) + continue; rc = cdk_pkt_write (s, n->pkt); if (rc) - { - cdk_stream_close (s); - gnutls_assert (); - return rc; - } + { + cdk_stream_close (s); + gnutls_assert (); + return rc; + } } cdk_stream_seek (s, 0); @@ -527,27 +527,27 @@ cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes) { /* Skip all packets which cannot occur in a key composition. */ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY && - n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY && - n->pkt->pkttype != CDK_PKT_SECRET_KEY && - n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY && - n->pkt->pkttype != CDK_PKT_SIGNATURE && - n->pkt->pkttype != CDK_PKT_USER_ID && - n->pkt->pkttype != CDK_PKT_ATTRIBUTE) - continue; + n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY && + n->pkt->pkttype != CDK_PKT_SECRET_KEY && + n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY && + n->pkt->pkttype != CDK_PKT_SIGNATURE && + n->pkt->pkttype != CDK_PKT_USER_ID && + n->pkt->pkttype != CDK_PKT_ATTRIBUTE) + continue; rc = cdk_pkt_write (s, n->pkt); if (rc) - { - cdk_stream_close (s); - gnutls_assert (); - return rc; - } + { + cdk_stream_close (s); + gnutls_assert (); + return rc; + } } cdk_stream_seek (s, 0); len = cdk_stream_get_length (s); if (!buf) { - *r_nbytes = len; /* Only return the length of the buffer */ + *r_nbytes = len; /* Only return the length of the buffer */ cdk_stream_close (s); return 0; } @@ -580,7 +580,7 @@ cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes) **/ cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4, - cdk_packet_type_t pkttype, int flags) + cdk_packet_type_t pkttype, int flags) { cdk_packet_t pkt; @@ -598,10 +598,10 @@ cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4, { pkt = cdk_kbnode_find_packet (node, pkttype); if (!pkt) - { - gnutls_assert (); - return CDK_Inv_Packet; - } + { + gnutls_assert (); + return CDK_Inv_Packet; + } } switch (pkttype) diff --git a/lib/opencdk/keydb.c b/lib/opencdk/keydb.c index ab7e65d0ba..7ef91e4caf 100644 --- a/lib/opencdk/keydb.c +++ b/lib/opencdk/keydb.c @@ -119,21 +119,21 @@ keydb_idx_build (const char *file) rc = cdk_pkt_read (inp, pkt); if (rc) - { - _cdk_log_debug ("index build failed packet off=%lu\n", pos); - /* FIXME: The index is incomplete */ - break; - } + { + _cdk_log_debug ("index build failed packet off=%lu\n", pos); + /* FIXME: The index is incomplete */ + break; + } if (pkt->pkttype == CDK_PKT_PUBLIC_KEY || - pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - { - _cdk_u32tobuf (pos, buf); - cdk_pk_get_keyid (pkt->pkt.public_key, keyid); - _cdk_u32tobuf (keyid[0], buf + 4); - _cdk_u32tobuf (keyid[1], buf + 8); - cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12); - cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN); - } + pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) + { + _cdk_u32tobuf (pos, buf); + cdk_pk_get_keyid (pkt->pkt.public_key, keyid); + _cdk_u32tobuf (keyid[0], buf + 4); + _cdk_u32tobuf (keyid[1], buf + 8); + cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12); + cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN); + } cdk_pkt_free (pkt); } @@ -187,10 +187,10 @@ cdk_keydb_idx_rebuild (cdk_keydb_hd_t db, cdk_keydb_search_t dbs) { dbs->idx_name = keydb_idx_mkname (db->name); if (!dbs->idx_name) - { - gnutls_assert (); - return CDK_Out_Of_Core; - } + { + gnutls_assert (); + return CDK_Out_Of_Core; + } } rc = keydb_idx_build (db->name); if (!rc) @@ -223,7 +223,7 @@ keydb_idx_parse (cdk_stream_t inp, key_idx_t * r_idx) while (!cdk_stream_eof (inp)) { if (cdk_stream_read (inp, buf, 4) == CDK_EOF) - break; + break; idx->offset = _cdk_buftou32 (buf); cdk_stream_read (inp, buf, 4); idx->keyid[0] = _cdk_buftou32 (buf); @@ -239,7 +239,7 @@ keydb_idx_parse (cdk_stream_t inp, key_idx_t * r_idx) static cdk_error_t keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr, - off_t * r_off) + off_t * r_off) { key_idx_t idx; @@ -262,15 +262,15 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr, while (keydb_idx_parse (inp, &idx) != CDK_EOF) { if (keyid && KEYID_CMP (keyid, idx->keyid)) - { - *r_off = idx->offset; - break; - } + { + *r_off = idx->offset; + break; + } else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN)) - { - *r_off = idx->offset; - break; - } + { + *r_off = idx->offset; + break; + } cdk_free (idx); idx = NULL; } @@ -289,7 +289,7 @@ keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr, */ cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret, - const void *data, size_t datlen) + const void *data, size_t datlen) { cdk_keydb_hd_t db; cdk_error_t rc; @@ -397,7 +397,7 @@ cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data, size_t count) case CDK_DBTYPE_PK_KEYRING: case CDK_DBTYPE_SK_KEYRING: return cdk_keydb_new_from_file (r_hd, type == CDK_DBTYPE_SK_KEYRING, - (const char *) data); + (const char *) data); case CDK_DBTYPE_DATA: return cdk_keydb_new_from_mem (r_hd, 0, data, count); @@ -465,15 +465,15 @@ _cdk_keydb_open (cdk_keydb_hd_t hd, cdk_stream_t * ret_kr) cdk_stream_seek (kr, 0); } else if (hd->type == CDK_DBTYPE_PK_KEYRING || - hd->type == CDK_DBTYPE_SK_KEYRING) + hd->type == CDK_DBTYPE_SK_KEYRING) { rc = cdk_stream_open (hd->name, &kr); if (rc) - goto leave; + goto leave; if (cdk_armor_filter_use (kr)) - cdk_stream_set_armor_flag (kr, 0); + cdk_stream_set_armor_flag (kr, 0); } else { @@ -497,28 +497,28 @@ find_by_keyid (cdk_kbnode_t knode, cdk_keydb_search_t ks) for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || - node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || - node->pkt->pkttype == CDK_PKT_SECRET_KEY || - node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - { - _cdk_pkt_get_keyid (node->pkt, keyid); - switch (ks->type) - { - case CDK_DBSEARCH_SHORT_KEYID: - if (keyid[1] == ks->u.keyid[1]) - return 1; - break; - - case CDK_DBSEARCH_KEYID: - if (KEYID_CMP (keyid, ks->u.keyid)) - return 1; - break; - - default: - _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type); - return 0; - } - } + node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || + node->pkt->pkttype == CDK_PKT_SECRET_KEY || + node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + { + _cdk_pkt_get_keyid (node->pkt, keyid); + switch (ks->type) + { + case CDK_DBSEARCH_SHORT_KEYID: + if (keyid[1] == ks->u.keyid[1]) + return 1; + break; + + case CDK_DBSEARCH_KEYID: + if (KEYID_CMP (keyid, ks->u.keyid)) + return 1; + break; + + default: + _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type); + return 0; + } + } } return 0; } @@ -536,15 +536,15 @@ find_by_fpr (cdk_kbnode_t knode, cdk_keydb_search_t ks) for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || - node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || - node->pkt->pkttype == CDK_PKT_SECRET_KEY || - node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - { - _cdk_pkt_get_fingerprint (node->pkt, fpr); - if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN)) - return 1; - break; - } + node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || + node->pkt->pkttype == CDK_PKT_SECRET_KEY || + node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + { + _cdk_pkt_get_fingerprint (node->pkt, fpr); + if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN)) + return 1; + break; + } } return 0; @@ -561,32 +561,32 @@ find_by_pattern (cdk_kbnode_t knode, cdk_keydb_search_t ks) for (node = knode; node; node = node->next) { if (node->pkt->pkttype != CDK_PKT_USER_ID) - continue; + continue; if (node->pkt->pkt.user_id->attrib_img != NULL) - continue; /* Skip attribute packets. */ + continue; /* Skip attribute packets. */ uidlen = node->pkt->pkt.user_id->len; name = node->pkt->pkt.user_id->name; switch (ks->type) - { - case CDK_DBSEARCH_EXACT: - if (name && - (strlen (ks->u.pattern) == uidlen && - !strncmp (ks->u.pattern, name, uidlen))) - return 1; - break; - - case CDK_DBSEARCH_SUBSTR: - if (uidlen > 65536) - break; - if (name && strlen (ks->u.pattern) > uidlen) - break; - if (name && _cdk_memistr (name, uidlen, ks->u.pattern)) - return 1; - break; - - default: /* Invalid mode */ - return 0; - } + { + case CDK_DBSEARCH_EXACT: + if (name && + (strlen (ks->u.pattern) == uidlen && + !strncmp (ks->u.pattern, name, uidlen))) + return 1; + break; + + case CDK_DBSEARCH_SUBSTR: + if (uidlen > 65536) + break; + if (name && strlen (ks->u.pattern) > uidlen) + break; + if (name && _cdk_memistr (name, uidlen, ks->u.pattern)) + return 1; + break; + + default: /* Invalid mode */ + return 0; + } } return 0; } @@ -616,29 +616,29 @@ keydb_cache_find (cdk_keydb_search_t desc) for (t = cache; t; t = t->next) { switch (desc->type) - { - case CDK_DBSEARCH_SHORT_KEYID: - case CDK_DBSEARCH_KEYID: - if (KEYID_CMP (desc->u.keyid, desc->u.keyid)) - return t; - break; - - case CDK_DBSEARCH_EXACT: - if (strlen (desc->u.pattern) == strlen (desc->u.pattern) && - !strcmp (desc->u.pattern, desc->u.pattern)) - return t; - break; - - case CDK_DBSEARCH_SUBSTR: - if (strstr (desc->u.pattern, desc->u.pattern)) - return t; - break; - - case CDK_DBSEARCH_FPR: - if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN)) - return t; - break; - } + { + case CDK_DBSEARCH_SHORT_KEYID: + case CDK_DBSEARCH_KEYID: + if (KEYID_CMP (desc->u.keyid, desc->u.keyid)) + return t; + break; + + case CDK_DBSEARCH_EXACT: + if (strlen (desc->u.pattern) == strlen (desc->u.pattern) && + !strcmp (desc->u.pattern, desc->u.pattern)) + return t; + break; + + case CDK_DBSEARCH_SUBSTR: + if (strstr (desc->u.pattern, desc->u.pattern)) + return t; + break; + + case CDK_DBSEARCH_FPR: + if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN)) + return t; + break; + } } return NULL; @@ -651,7 +651,7 @@ keydb_cache_add (cdk_keydb_search_t dbs, off_t offset) key_table_t k; if (dbs->ncache > KEYDB_CACHE_ENTRIES) - return 0; /* FIXME: we should replace the last entry. */ + return 0; /* FIXME: we should replace the last entry. */ k = cdk_calloc (1, sizeof *k); if (!k) { @@ -665,7 +665,7 @@ keydb_cache_add (cdk_keydb_search_t dbs, off_t offset) dbs->cache = k; dbs->ncache++; _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset, - (int) dbs->type); + (int) dbs->type); return 0; } @@ -692,20 +692,20 @@ idx_init (cdk_keydb_hd_t db, cdk_keydb_search_t dbs) { rc = keydb_idx_build (db->name); if (!rc) - rc = cdk_stream_open (dbs->idx_name, &dbs->idx); + rc = cdk_stream_open (dbs->idx_name, &dbs->idx); if (!rc) - { - _cdk_log_debug ("create key index table\n"); - } + { + _cdk_log_debug ("create key index table\n"); + } else - { - /* This is no real error, it just means we can't create - the index at the given directory. maybe we've no write - access. in this case, we simply disable the index. */ - _cdk_log_debug ("disable key index table err=%d\n", rc); - rc = 0; - dbs->no_cache = 1; - } + { + /* This is no real error, it just means we can't create + the index at the given directory. maybe we've no write + access. in this case, we simply disable the index. */ + _cdk_log_debug ("disable key index table err=%d\n", rc); + rc = 0; + dbs->no_cache = 1; + } } leave: @@ -724,7 +724,7 @@ leave: **/ cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type, - void *desc) + void *desc) { u32 *keyid; char *p, tmp[3]; @@ -765,11 +765,11 @@ cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type, cdk_free ((*st)->u.pattern); (*st)->u.pattern = cdk_strdup (desc); if (!(*st)->u.pattern) - { - cdk_free (*st); - gnutls_assert (); - return CDK_Out_Of_Core; - } + { + cdk_free (*st); + gnutls_assert (); + return CDK_Out_Of_Core; + } break; case CDK_DBSEARCH_SHORT_KEYID: @@ -794,59 +794,59 @@ cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type, /* Override the type with the actual db search type. */ (*st)->type = classify_data (desc, strlen (desc)); switch ((*st)->type) - { - case CDK_DBSEARCH_SUBSTR: - case CDK_DBSEARCH_EXACT: - cdk_free ((*st)->u.pattern); - p = (*st)->u.pattern = cdk_strdup (desc); - if (!p) - { - cdk_free (*st); - gnutls_assert (); - return CDK_Out_Of_Core; - } - break; - - case CDK_DBSEARCH_SHORT_KEYID: - case CDK_DBSEARCH_KEYID: - p = desc; - if (!strncmp (p, "0x", 2)) - p += 2; - if (strlen (p) == 8) - { - (*st)->u.keyid[0] = 0; - (*st)->u.keyid[1] = strtoul (p, NULL, 16); - } - else if (strlen (p) == 16) - { - (*st)->u.keyid[0] = strtoul (p, NULL, 16); - (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16); - } - else - { /* Invalid key ID object. */ - cdk_free (*st); - gnutls_assert (); - return CDK_Inv_Mode; - } - break; - - case CDK_DBSEARCH_FPR: - p = desc; - if (strlen (p) != 2 * KEY_FPR_LEN) - { - cdk_free (*st); - gnutls_assert (); - return CDK_Inv_Mode; - } - for (i = 0; i < KEY_FPR_LEN; i++) - { - tmp[0] = p[2 * i]; - tmp[1] = p[2 * i + 1]; - tmp[2] = 0x00; - (*st)->u.fpr[i] = strtoul (tmp, NULL, 16); - } - break; - } + { + case CDK_DBSEARCH_SUBSTR: + case CDK_DBSEARCH_EXACT: + cdk_free ((*st)->u.pattern); + p = (*st)->u.pattern = cdk_strdup (desc); + if (!p) + { + cdk_free (*st); + gnutls_assert (); + return CDK_Out_Of_Core; + } + break; + + case CDK_DBSEARCH_SHORT_KEYID: + case CDK_DBSEARCH_KEYID: + p = desc; + if (!strncmp (p, "0x", 2)) + p += 2; + if (strlen (p) == 8) + { + (*st)->u.keyid[0] = 0; + (*st)->u.keyid[1] = strtoul (p, NULL, 16); + } + else if (strlen (p) == 16) + { + (*st)->u.keyid[0] = strtoul (p, NULL, 16); + (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16); + } + else + { /* Invalid key ID object. */ + cdk_free (*st); + gnutls_assert (); + return CDK_Inv_Mode; + } + break; + + case CDK_DBSEARCH_FPR: + p = desc; + if (strlen (p) != 2 * KEY_FPR_LEN) + { + cdk_free (*st); + gnutls_assert (); + return CDK_Inv_Mode; + } + for (i = 0; i < KEY_FPR_LEN; i++) + { + tmp[0] = p[2 * i]; + tmp[1] = p[2 * i + 1]; + tmp[2] = 0x00; + (*st)->u.fpr[i] = strtoul (tmp, NULL, 16); + } + break; + } break; default: @@ -862,7 +862,7 @@ cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type, static cdk_error_t keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks, - int *r_cache_hit, off_t * r_off) + int *r_cache_hit, off_t * r_off) { key_table_t c; @@ -892,25 +892,25 @@ keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks, if (ks->idx) { if (ks->type == CDK_DBSEARCH_KEYID) - { - if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off)) - { - gnutls_assert (); - return CDK_Error_No_Key; - } - _cdk_log_debug ("cache: found keyid entry in idx table.\n"); - *r_cache_hit = 1; - } + { + if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off)) + { + gnutls_assert (); + return CDK_Error_No_Key; + } + _cdk_log_debug ("cache: found keyid entry in idx table.\n"); + *r_cache_hit = 1; + } else if (ks->type == CDK_DBSEARCH_FPR) - { - if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off)) - { - gnutls_assert (); - return CDK_Error_No_Key; - } - _cdk_log_debug ("cache: found fpr entry in idx table.\n"); - *r_cache_hit = 1; - } + { + if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off)) + { + gnutls_assert (); + return CDK_Error_No_Key; + } + _cdk_log_debug ("cache: found fpr entry in idx table.\n"); + *r_cache_hit = 1; + } } return 0; @@ -943,7 +943,7 @@ cdk_keydb_search_release (cdk_keydb_search_t st) **/ cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd, - cdk_kbnode_t * ret_key) + cdk_kbnode_t * ret_key) { cdk_stream_t kr; cdk_kbnode_t knode; @@ -974,7 +974,7 @@ cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd, and continue our normal search procedure. */ rc = keydb_pos_from_cache (hd, st, &cache_hit, &off); if (rc) - cache_hit = 0; + cache_hit = 0; } knode = NULL; @@ -982,53 +982,53 @@ cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd, while (!key_found && !rc) { if (cache_hit && st->type != CDK_DBSEARCH_NEXT) - cdk_stream_seek (kr, off); + cdk_stream_seek (kr, off); else if (st->type == CDK_DBSEARCH_NEXT) - cdk_stream_seek (kr, st->off); + cdk_stream_seek (kr, st->off); pos = cdk_stream_tell (kr); rc = cdk_keydb_get_keyblock (kr, &knode); if (rc) - { - if (rc == CDK_EOF) - break; - else - { - gnutls_assert (); - return rc; - } - } + { + if (rc == CDK_EOF) + break; + else + { + gnutls_assert (); + return rc; + } + } switch (st->type) - { - case CDK_DBSEARCH_SHORT_KEYID: - case CDK_DBSEARCH_KEYID: - key_found = find_by_keyid (knode, st); - break; - - case CDK_DBSEARCH_FPR: - key_found = find_by_fpr (knode, st); - break; - - case CDK_DBSEARCH_EXACT: - case CDK_DBSEARCH_SUBSTR: - key_found = find_by_pattern (knode, st); - break; - - case CDK_DBSEARCH_NEXT: - st->off = cdk_stream_tell (kr); - key_found = knode ? 1 : 0; - break; - } + { + case CDK_DBSEARCH_SHORT_KEYID: + case CDK_DBSEARCH_KEYID: + key_found = find_by_keyid (knode, st); + break; + + case CDK_DBSEARCH_FPR: + key_found = find_by_fpr (knode, st); + break; + + case CDK_DBSEARCH_EXACT: + case CDK_DBSEARCH_SUBSTR: + key_found = find_by_pattern (knode, st); + break; + + case CDK_DBSEARCH_NEXT: + st->off = cdk_stream_tell (kr); + key_found = knode ? 1 : 0; + break; + } if (key_found) - { - if (!keydb_cache_find (st)) - keydb_cache_add (st, pos); - break; - } + { + if (!keydb_cache_find (st)) + keydb_cache_add (st, pos); + break; + } cdk_kbnode_release (knode); knode = NULL; @@ -1068,7 +1068,7 @@ cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, u32 * keyid, cdk_kbnode_t * ret_key) cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr, - cdk_kbnode_t * r_key) + cdk_kbnode_t * r_key) { cdk_error_t rc; cdk_keydb_search_t st; @@ -1090,7 +1090,7 @@ cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr, cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt, - cdk_kbnode_t * ret_key) + cdk_kbnode_t * ret_key) { cdk_error_t rc; cdk_keydb_search_t st; @@ -1126,12 +1126,12 @@ keydb_check_key (cdk_packet_t pkt) is_sk = 0; } else if (pkt->pkttype == CDK_PKT_SECRET_KEY || - pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + pkt->pkttype == CDK_PKT_SECRET_SUBKEY) { pk = pkt->pkt.secret_key->pk; is_sk = 1; } - else /* No key object. */ + else /* No key object. */ return 0; valid = !pk->is_revoked && !pk->has_expired; if (is_sk) @@ -1150,9 +1150,9 @@ kbnode_find_valid (cdk_kbnode_t root, cdk_packet_type_t pkttype) for (n = root; n; n = n->next) { if (n->pkt->pkttype != pkttype) - continue; + continue; if (keydb_check_key (n->pkt)) - return n; + return n; } return NULL; @@ -1182,21 +1182,21 @@ keydb_find_byusage (cdk_kbnode_t root, int req_usage, int is_pk) for (node = root; node; node = node->next) { if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || - node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - && keydb_check_key (node->pkt) - && (node->pkt->pkt.public_key->pubkey_usage & req_usage)) - { - if (node->pkt->pkt.public_key->timestamp > timestamp) - key = node; - } + node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) + && keydb_check_key (node->pkt) + && (node->pkt->pkt.public_key->pubkey_usage & req_usage)) + { + if (node->pkt->pkt.public_key->timestamp > timestamp) + key = node; + } if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY || - node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - && keydb_check_key (node->pkt) - && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage)) - { - if (node->pkt->pkt.secret_key->pk->timestamp > timestamp) - key = node; - } + node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + && keydb_check_key (node->pkt) + && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage)) + { + if (node->pkt->pkt.secret_key->pk->timestamp > timestamp) + key = node; + } } return key; @@ -1212,11 +1212,11 @@ keydb_find_bykeyid (cdk_kbnode_t root, const u32 * keyid, int search_mode) for (node = root; node; node = node->next) { if (!_cdk_pkt_get_keyid (node->pkt, kid)) - continue; + continue; if (search_mode == CDK_DBSEARCH_SHORT_KEYID && kid[1] == keyid[1]) - return node; + return node; else if (kid[0] == keyid[0] && kid[1] == keyid[1]) - return node; + return node; } return NULL; } @@ -1224,7 +1224,7 @@ keydb_find_bykeyid (cdk_kbnode_t root, const u32 * keyid, int search_mode) cdk_error_t _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name, - cdk_seckey_t * ret_sk, int usage) + cdk_seckey_t * ret_sk, int usage) { cdk_kbnode_t knode = NULL; cdk_kbnode_t node, sk_node, pk_node; @@ -1279,14 +1279,14 @@ _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name, for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_USER_ID) - { - s = node->pkt->pkt.user_id->name; - if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name)) - { - _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id); - break; - } - } + { + s = node->pkt->pkt.user_id->name; + if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name)) + { + _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id); + break; + } + } } /* To find the self signature, we need the primary public key because @@ -1312,7 +1312,7 @@ _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name, cdk_error_t _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name, - cdk_pubkey_t * ret_pk, int usage) + cdk_pubkey_t * ret_pk, int usage) { cdk_kbnode_t knode, node, pk_node; cdk_pkt_pubkey_t pk; @@ -1356,14 +1356,14 @@ _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name, for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_USER_ID) - { - s = node->pkt->pkt.user_id->name; - if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name)) - { - _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id); - break; - } - } + { + s = node->pkt->pkt.user_id->name; + if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name)) + { + _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id); + break; + } + } } /* Same as in the sk code, the selected key can be a sub key @@ -1536,10 +1536,10 @@ find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk) for (n = key; n; n = n->next) { if (is_selfsig (n, keyid) && n->pkt->pkt.signature->timestamp > ts) - { - ts = n->pkt->pkt.signature->timestamp; - sig = n; - } + { + ts = n->pkt->pkt.signature->timestamp; + sig = n; + } } return sig; @@ -1550,19 +1550,19 @@ key_usage_to_cdk_usage (unsigned int usage) { unsigned key_usage = 0; - if (usage & 0x01) /* cert + sign data */ + if (usage & 0x01) /* cert + sign data */ key_usage |= CDK_KEY_USG_CERT_SIGN; - if (usage & 0x02) /* cert + sign data */ + if (usage & 0x02) /* cert + sign data */ key_usage |= CDK_KEY_USG_DATA_SIGN; - if (usage & 0x04) /* encrypt comm. + storage */ + if (usage & 0x04) /* encrypt comm. + storage */ key_usage |= CDK_KEY_USG_COMM_ENCR; - if (usage & 0x08) /* encrypt comm. + storage */ + if (usage & 0x08) /* encrypt comm. + storage */ key_usage |= CDK_KEY_USG_STORAGE_ENCR; - if (usage & 0x10) /* encrypt comm. + storage */ + if (usage & 0x10) /* encrypt comm. + storage */ key_usage |= CDK_KEY_USG_SPLIT_KEY; if (usage & 0x20) key_usage |= CDK_KEY_USG_AUTH; - if (usage & 0x80) /* encrypt comm. + storage */ + if (usage & 0x80) /* encrypt comm. + storage */ key_usage |= CDK_KEY_USG_SHARED_KEY; return key_usage; @@ -1588,78 +1588,78 @@ keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid) for (node = key; node; node = node->next) { if (!is_selfsig (node, keyid)) - continue; + continue; unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID); if (!unode) - { - gnutls_assert (); - return CDK_Error_No_Key; - } + { + gnutls_assert (); + return CDK_Error_No_Key; + } uid = unode->pkt->pkt.user_id; sig = node->pkt->pkt.signature; s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID); if (s) - uid->is_primary = 1; + uid->is_primary = 1; s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES); if (s && s->size == 1 && s->d[0] & 0x01) - uid->mdc_feature = 1; + uid->mdc_feature = 1; s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE); if (s && s->size == 4) - key_expire = _cdk_buftou32 (s->d); + key_expire = _cdk_buftou32 (s->d); s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM); if (s) - { - symalg = s->d; - nsymalg = s->size; - n += s->size + 1; - } + { + symalg = s->d; + nsymalg = s->size; + n += s->size + 1; + } s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH); if (s) - { - hashalg = s->d; - nhashalg = s->size; - n += s->size + 1; - } + { + hashalg = s->d; + nhashalg = s->size; + n += s->size + 1; + } s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP); if (s) - { - compalg = s->d; - ncompalg = s->size; - n += s->size + 1; - } + { + compalg = s->d; + ncompalg = s->size; + n += s->size + 1; + } if (uid->prefs != NULL) - cdk_free (uid->prefs); + cdk_free (uid->prefs); if (!n || !hashalg || !compalg || !symalg) - uid->prefs = NULL; + uid->prefs = NULL; else - { - uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1)); - if (!uid->prefs) - { - gnutls_assert (); - return CDK_Out_Of_Core; - } - n = 0; - for (; nsymalg; nsymalg--, n++) - { - uid->prefs[n].type = CDK_PREFTYPE_SYM; - uid->prefs[n].value = *symalg++; - } - for (; nhashalg; nhashalg--, n++) - { - uid->prefs[n].type = CDK_PREFTYPE_HASH; - uid->prefs[n].value = *hashalg++; - } - for (; ncompalg; ncompalg--, n++) - { - uid->prefs[n].type = CDK_PREFTYPE_ZIP; - uid->prefs[n].value = *compalg++; - } - - uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */ - uid->prefs[n].value = 0; - uid->prefs_size = n; - } + { + uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1)); + if (!uid->prefs) + { + gnutls_assert (); + return CDK_Out_Of_Core; + } + n = 0; + for (; nsymalg; nsymalg--, n++) + { + uid->prefs[n].type = CDK_PREFTYPE_SYM; + uid->prefs[n].value = *symalg++; + } + for (; nhashalg; nhashalg--, n++) + { + uid->prefs[n].type = CDK_PREFTYPE_HASH; + uid->prefs[n].value = *hashalg++; + } + for (; ncompalg; ncompalg--, n++) + { + uid->prefs[n].type = CDK_PREFTYPE_ZIP; + uid->prefs[n].value = *compalg++; + } + + uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */ + uid->prefs[n].value = 0; + uid->prefs_size = n; + } } /* Now we add the extracted information to the primary key. */ @@ -1668,17 +1668,17 @@ keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid) { cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key; if (uid && uid->prefs && n) - { - if (pk->prefs != NULL) - cdk_free (pk->prefs); - pk->prefs = _cdk_copy_prefs (uid->prefs); - pk->prefs_size = n; - } + { + if (pk->prefs != NULL) + cdk_free (pk->prefs); + pk->prefs = _cdk_copy_prefs (uid->prefs); + pk->prefs_size = n; + } if (key_expire) - { - pk->expiredate = pk->timestamp + key_expire; - pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1; - } + { + pk->expiredate = pk->timestamp + key_expire; + pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1; + } pk->is_invalid = 0; } @@ -1716,10 +1716,10 @@ keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check) for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_USER_ID) - node->pkt->pkt.user_id->is_revoked = 0; + node->pkt->pkt.user_id->is_revoked = 0; else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY || - node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - node->pkt->pkt.public_key->is_revoked = 0; + node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) + node->pkt->pkt.public_key->is_revoked = 0; } kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY); @@ -1733,109 +1733,109 @@ keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check) for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_SIGNATURE) - { - sig = node->pkt->pkt.signature; - /* Revocation certificates for primary keys */ - if (sig->sig_class == 0x20) - { - kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY); - if (kb) - { - kb->pkt->pkt.public_key->is_revoked = 1; - if (check) - _cdk_pk_check_sig (hd, kb, node, NULL, NULL); - } - else - { - gnutls_assert (); - return CDK_Error_No_Key; - } - } - /* Revocation certificates for subkeys */ - else if (sig->sig_class == 0x28) - { - kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY); - if (kb) - { - kb->pkt->pkt.public_key->is_revoked = 1; - if (check) - _cdk_pk_check_sig (hd, kb, node, NULL, NULL); - } - else - { - gnutls_assert (); - return CDK_Error_No_Key; - } - } - /* Revocation certifcates for user ID's */ - else if (sig->sig_class == 0x30) - { - if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1]) - continue; /* revokes an earlier signature, no userID. */ - kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID); - if (kb) - { - kb->pkt->pkt.user_id->is_revoked = 1; - if (check) - _cdk_pk_check_sig (hd, kb, node, NULL, NULL); - } - else - { - gnutls_assert (); - return CDK_Error_No_Key; - } - } - /* Direct certificates for primary keys */ - else if (sig->sig_class == 0x1F) - { - kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY); - if (kb) - { - pk = kb->pkt->pkt.public_key; - pk->is_invalid = 0; - s = cdk_subpkt_find (node->pkt->pkt.signature->hashed, - CDK_SIGSUBPKT_KEY_EXPIRE); - if (s) - { - expiredate = _cdk_buftou32 (s->d); - pk->expiredate = pk->timestamp + expiredate; - pk->has_expired = pk->expiredate > curtime ? 0 : 1; - } - if (check) - _cdk_pk_check_sig (hd, kb, node, NULL, NULL); - } - else - { - gnutls_assert (); - return CDK_Error_No_Key; - } - } - /* Direct certificates for subkeys */ - else if (sig->sig_class == 0x18) - { - kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY); - if (kb) - { - pk = kb->pkt->pkt.public_key; - pk->is_invalid = 0; - s = cdk_subpkt_find (node->pkt->pkt.signature->hashed, - CDK_SIGSUBPKT_KEY_EXPIRE); - if (s) - { - expiredate = _cdk_buftou32 (s->d); - pk->expiredate = pk->timestamp + expiredate; - pk->has_expired = pk->expiredate > curtime ? 0 : 1; - } - if (check) - _cdk_pk_check_sig (hd, kb, node, NULL, NULL); - } - else - { - gnutls_assert (); - return CDK_Error_No_Key; - } - } - } + { + sig = node->pkt->pkt.signature; + /* Revocation certificates for primary keys */ + if (sig->sig_class == 0x20) + { + kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY); + if (kb) + { + kb->pkt->pkt.public_key->is_revoked = 1; + if (check) + _cdk_pk_check_sig (hd, kb, node, NULL, NULL); + } + else + { + gnutls_assert (); + return CDK_Error_No_Key; + } + } + /* Revocation certificates for subkeys */ + else if (sig->sig_class == 0x28) + { + kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY); + if (kb) + { + kb->pkt->pkt.public_key->is_revoked = 1; + if (check) + _cdk_pk_check_sig (hd, kb, node, NULL, NULL); + } + else + { + gnutls_assert (); + return CDK_Error_No_Key; + } + } + /* Revocation certifcates for user ID's */ + else if (sig->sig_class == 0x30) + { + if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1]) + continue; /* revokes an earlier signature, no userID. */ + kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID); + if (kb) + { + kb->pkt->pkt.user_id->is_revoked = 1; + if (check) + _cdk_pk_check_sig (hd, kb, node, NULL, NULL); + } + else + { + gnutls_assert (); + return CDK_Error_No_Key; + } + } + /* Direct certificates for primary keys */ + else if (sig->sig_class == 0x1F) + { + kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY); + if (kb) + { + pk = kb->pkt->pkt.public_key; + pk->is_invalid = 0; + s = cdk_subpkt_find (node->pkt->pkt.signature->hashed, + CDK_SIGSUBPKT_KEY_EXPIRE); + if (s) + { + expiredate = _cdk_buftou32 (s->d); + pk->expiredate = pk->timestamp + expiredate; + pk->has_expired = pk->expiredate > curtime ? 0 : 1; + } + if (check) + _cdk_pk_check_sig (hd, kb, node, NULL, NULL); + } + else + { + gnutls_assert (); + return CDK_Error_No_Key; + } + } + /* Direct certificates for subkeys */ + else if (sig->sig_class == 0x18) + { + kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY); + if (kb) + { + pk = kb->pkt->pkt.public_key; + pk->is_invalid = 0; + s = cdk_subpkt_find (node->pkt->pkt.signature->hashed, + CDK_SIGSUBPKT_KEY_EXPIRE); + if (s) + { + expiredate = _cdk_buftou32 (s->d); + pk->expiredate = pk->timestamp + expiredate; + pk->has_expired = pk->expiredate > curtime ? 0 : 1; + } + if (check) + _cdk_pk_check_sig (hd, kb, node, NULL, NULL); + } + else + { + gnutls_assert (); + return CDK_Error_No_Key; + } + } + } } node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY); if (node && node->pkt->pkt.public_key->version == 3) @@ -1844,24 +1844,24 @@ keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check) we say the key is valid when we have at least a self signature. */ pk = node->pkt->pkt.public_key; for (node = knode; node; node = node->next) - { - if (is_selfsig (node, keyid)) - { - pk->is_invalid = 0; - break; - } - } + { + if (is_selfsig (node, keyid)) + { + pk->is_invalid = 0; + break; + } + } } if (node && (node->pkt->pkt.public_key->is_revoked || - node->pkt->pkt.public_key->has_expired)) + node->pkt->pkt.public_key->has_expired)) { /* If the primary key has been revoked, mark all subkeys as invalid because without a primary key they are not useable */ for (node = knode; node; node = node->next) - { - if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - node->pkt->pkt.public_key->is_invalid = 1; - } + { + if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) + node->pkt->pkt.public_key->is_invalid = 1; + } } return 0; @@ -1878,13 +1878,13 @@ add_key_usage (cdk_kbnode_t knode, u32 keyid[2], unsigned int usage) { pkt = cdk_kbnode_get_packet (p); if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY - || pkt->pkttype == CDK_PKT_PUBLIC_KEY) - && pkt->pkt.public_key->keyid[0] == keyid[0] - && pkt->pkt.public_key->keyid[1] == keyid[1]) - { - pkt->pkt.public_key->pubkey_usage = usage; - return; - } + || pkt->pkttype == CDK_PKT_PUBLIC_KEY) + && pkt->pkt.public_key->keyid[0] == keyid[0] + && pkt->pkt.public_key->keyid[1] == keyid[1]) + { + pkt->pkt.public_key->pubkey_usage = usage; + return; + } } return; } @@ -1921,83 +1921,83 @@ cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode) old_off = cdk_stream_tell (inp); rc = cdk_pkt_read (inp, pkt); if (rc) - { - cdk_pkt_release (pkt); - if (rc == CDK_EOF) - break; - else - { /* Release all packets we reached so far. */ - _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc); - cdk_kbnode_release (knode); - gnutls_assert (); - return rc; - } - } + { + cdk_pkt_release (pkt); + if (rc == CDK_EOF) + break; + else + { /* Release all packets we reached so far. */ + _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc); + cdk_kbnode_release (knode); + gnutls_assert (); + return rc; + } + } if (pkt->pkttype == CDK_PKT_PUBLIC_KEY || - pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || - pkt->pkttype == CDK_PKT_SECRET_KEY || - pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - { - if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY || - pkt->pkttype == CDK_PKT_SECRET_KEY)) - { - /* The next key starts here so set the file pointer - and leave the loop. */ - cdk_stream_seek (inp, old_off); - cdk_pkt_release (pkt); - break; - } - if (pkt->pkttype == CDK_PKT_PUBLIC_KEY || - pkt->pkttype == CDK_PKT_SECRET_KEY) - { - _cdk_pkt_get_keyid (pkt, main_keyid); - key_seen = 1; - } - else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || - pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - { - if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - { - pkt->pkt.public_key->main_keyid[0] = main_keyid[0]; - pkt->pkt.public_key->main_keyid[1] = main_keyid[1]; - } - else - { - pkt->pkt.secret_key->main_keyid[0] = main_keyid[0]; - pkt->pkt.secret_key->main_keyid[1] = main_keyid[1]; - } - } - /* We save this for the signature */ - _cdk_pkt_get_keyid (pkt, keyid); - got_key = 1; - } + pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || + pkt->pkttype == CDK_PKT_SECRET_KEY || + pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + { + if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY || + pkt->pkttype == CDK_PKT_SECRET_KEY)) + { + /* The next key starts here so set the file pointer + and leave the loop. */ + cdk_stream_seek (inp, old_off); + cdk_pkt_release (pkt); + break; + } + if (pkt->pkttype == CDK_PKT_PUBLIC_KEY || + pkt->pkttype == CDK_PKT_SECRET_KEY) + { + _cdk_pkt_get_keyid (pkt, main_keyid); + key_seen = 1; + } + else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY || + pkt->pkttype == CDK_PKT_SECRET_SUBKEY) + { + if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) + { + pkt->pkt.public_key->main_keyid[0] = main_keyid[0]; + pkt->pkt.public_key->main_keyid[1] = main_keyid[1]; + } + else + { + pkt->pkt.secret_key->main_keyid[0] = main_keyid[0]; + pkt->pkt.secret_key->main_keyid[1] = main_keyid[1]; + } + } + /* We save this for the signature */ + _cdk_pkt_get_keyid (pkt, keyid); + got_key = 1; + } else if (pkt->pkttype == CDK_PKT_USER_ID) - ; + ; else if (pkt->pkttype == CDK_PKT_SIGNATURE) - { - cdk_subpkt_t s; - - pkt->pkt.signature->key[0] = keyid[0]; - pkt->pkt.signature->key[1] = keyid[1]; - if (pkt->pkt.signature->sig_class == 0x1F && - pkt->pkt.signature->revkeys) - revkeys = pkt->pkt.signature->revkeys; - - s = - cdk_subpkt_find (pkt->pkt.signature->hashed, - CDK_SIGSUBPKT_KEY_FLAGS); - if (s) - { - unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]); - add_key_usage (knode, pkt->pkt.signature->key, key_usage); - } - } + { + cdk_subpkt_t s; + + pkt->pkt.signature->key[0] = keyid[0]; + pkt->pkt.signature->key[1] = keyid[1]; + if (pkt->pkt.signature->sig_class == 0x1F && + pkt->pkt.signature->revkeys) + revkeys = pkt->pkt.signature->revkeys; + + s = + cdk_subpkt_find (pkt->pkt.signature->hashed, + CDK_SIGSUBPKT_KEY_FLAGS); + if (s) + { + unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]); + add_key_usage (knode, pkt->pkt.signature->key, key_usage); + } + } node = cdk_kbnode_new (pkt); if (!knode) - knode = node; + knode = node; else - _cdk_kbnode_add (knode, node); + _cdk_kbnode_add (knode, node); } if (got_key) @@ -2005,11 +2005,11 @@ cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode) keydb_merge_selfsig (knode, main_keyid); rc = keydb_parse_allsigs (knode, NULL, 0); if (revkeys) - { - node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY); - if (node) - node->pkt->pkt.public_key->revkeys = revkeys; - } + { + node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY); + if (node) + node->pkt->pkt.public_key->revkeys = revkeys; + } } else cdk_kbnode_release (knode); @@ -2033,7 +2033,7 @@ classify_data (const byte * buf, size_t len) unsigned int i; if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X')) - { /* Skip hex prefix. */ + { /* Skip hex prefix. */ buf += 2; len -= 2; } @@ -2045,7 +2045,7 @@ classify_data (const byte * buf, size_t len) for (i = 0; i < len; i++) { if (!isxdigit (buf[i])) - return CDK_DBSEARCH_SUBSTR; + return CDK_DBSEARCH_SUBSTR; } if (i != len) return CDK_DBSEARCH_SUBSTR; @@ -2092,57 +2092,57 @@ cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr) { rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d); if (rc) - { - gnutls_assert (); - return rc; - } + { + gnutls_assert (); + return rc; + } rc = cdk_keydb_search (st, hd, &knode); cdk_keydb_search_release (st); if (rc) - { - gnutls_assert (); - return rc; - } + { + gnutls_assert (); + return rc; + } node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY); if (!node) - { - gnutls_assert (); - return CDK_Error_No_Key; - } + { + gnutls_assert (); + return CDK_Error_No_Key; + } /* If the key is a version 3 key, use the old packet format for the output. */ if (node->pkt->pkt.public_key->version == 3) - old_ctb = 1; + old_ctb = 1; else - old_ctb = 0; + old_ctb = 0; for (node = knode; node; node = node->next) - { - /* No specified format; skip them */ - if (node->pkt->pkttype == CDK_PKT_RING_TRUST) - continue; - /* We never export local signed signatures */ - if (node->pkt->pkttype == CDK_PKT_SIGNATURE && - !node->pkt->pkt.signature->flags.exportable) - continue; - /* Filter out invalid signatures */ - if (node->pkt->pkttype == CDK_PKT_SIGNATURE && - (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo))) - continue; - - /* Adjust the ctb flag if needed. */ - node->pkt->old_ctb = old_ctb; - rc = cdk_pkt_write (out, node->pkt); - if (rc) - { - cdk_kbnode_release (knode); - gnutls_assert (); - return rc; - } - } + { + /* No specified format; skip them */ + if (node->pkt->pkttype == CDK_PKT_RING_TRUST) + continue; + /* We never export local signed signatures */ + if (node->pkt->pkttype == CDK_PKT_SIGNATURE && + !node->pkt->pkt.signature->flags.exportable) + continue; + /* Filter out invalid signatures */ + if (node->pkt->pkttype == CDK_PKT_SIGNATURE && + (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo))) + continue; + + /* Adjust the ctb flag if needed. */ + node->pkt->old_ctb = old_ctb; + rc = cdk_pkt_write (out, node->pkt); + if (rc) + { + cdk_kbnode_release (knode); + gnutls_assert (); + return rc; + } + } cdk_kbnode_release (knode); knode = NULL; } @@ -2160,7 +2160,7 @@ find_key_packet (cdk_kbnode_t knode, int *r_is_sk) { pkt = cdk_kbnode_find_packet (knode, CDK_PKT_SECRET_KEY); if (r_is_sk) - *r_is_sk = pkt ? 1 : 0; + *r_is_sk = pkt ? 1 : 0; } return pkt; } @@ -2215,7 +2215,7 @@ cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode) chk = NULL; cdk_keydb_get_bykeyid (hd, keyid, &chk); if (chk) - { /* FIXME: search for new signatures */ + { /* FIXME: search for new signatures */ cdk_kbnode_release (chk); return 0; } @@ -2238,28 +2238,28 @@ cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode) for (node = knode; node; node = node->next) { if (node->pkt->pkttype == CDK_PKT_RING_TRUST) - continue; /* No uniformed syntax for this packet */ + continue; /* No uniformed syntax for this packet */ if (node->pkt->pkttype == CDK_PKT_SIGNATURE && - !node->pkt->pkt.signature->flags.exportable) - { - _cdk_log_debug ("key db import: skip local signature\n"); - continue; - } + !node->pkt->pkt.signature->flags.exportable) + { + _cdk_log_debug ("key db import: skip local signature\n"); + continue; + } if (!is_key_node (node)) - { - _cdk_log_debug ("key db import: skip invalid node of type %d\n", - node->pkt->pkttype); - continue; - } + { + _cdk_log_debug ("key db import: skip invalid node of type %d\n", + node->pkt->pkttype); + continue; + } rc = cdk_pkt_write (out, node->pkt); if (rc) - { - cdk_stream_close (out); - gnutls_assert (); - return rc; - } + { + cdk_stream_close (out); + gnutls_assert (); + return rc; + } } cdk_stream_close (out); @@ -2365,17 +2365,17 @@ cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid) while (!cdk_pkt_read (db, pkt)) { if (pkt->pkttype != CDK_PKT_SECRET_KEY && - pkt->pkttype != CDK_PKT_SECRET_SUBKEY) - { - cdk_pkt_free (pkt); - continue; - } + pkt->pkttype != CDK_PKT_SECRET_SUBKEY) + { + cdk_pkt_free (pkt); + continue; + } cdk_sk_get_keyid (pkt->pkt.secret_key, kid); if (KEYID_CMP (kid, keyid)) - { - cdk_pkt_release (pkt); - return 0; - } + { + cdk_pkt_release (pkt); + return 0; + } cdk_pkt_free (pkt); } cdk_pkt_release (pkt); @@ -2398,7 +2398,7 @@ cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid) **/ cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db, - const char *patt, cdk_strlist_t fpatt) + const char *patt, cdk_strlist_t fpatt) { cdk_listkey_t ctx; cdk_stream_t inp; @@ -2432,16 +2432,16 @@ cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db, { ctx->u.patt = cdk_strdup (patt); if (!ctx->u.patt) - { - gnutls_assert (); - return CDK_Out_Of_Core; - } + { + gnutls_assert (); + return CDK_Out_Of_Core; + } } else if (fpatt) { cdk_strlist_t l; for (l = fpatt; l; l = l->next) - cdk_strlist_add (&ctx->u.fpatt, l->d); + cdk_strlist_add (&ctx->u.fpatt, l->d); } ctx->type = patt ? 1 : 0; ctx->init = 1; @@ -2500,33 +2500,33 @@ cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key) cdk_error_t rc; for (;;) - { - rc = cdk_keydb_get_keyblock (ctx->inp, &node); - if (rc) - { - gnutls_assert (); - return rc; - } - memset (&ks, 0, sizeof (ks)); - ks.type = CDK_DBSEARCH_SUBSTR; - ks.u.pattern = ctx->u.patt; - if (find_by_pattern (node, &ks)) - { - *ret_key = node; - return 0; - } - cdk_kbnode_release (node); - node = NULL; - } + { + rc = cdk_keydb_get_keyblock (ctx->inp, &node); + if (rc) + { + gnutls_assert (); + return rc; + } + memset (&ks, 0, sizeof (ks)); + ks.type = CDK_DBSEARCH_SUBSTR; + ks.u.pattern = ctx->u.patt; + if (find_by_pattern (node, &ks)) + { + *ret_key = node; + return 0; + } + cdk_kbnode_release (node); + node = NULL; + } } else { if (!ctx->t) - ctx->t = ctx->u.fpatt; + ctx->t = ctx->u.fpatt; else if (ctx->t->next) - ctx->t = ctx->t->next; + ctx->t = ctx->t->next; else - return CDK_EOF; + return CDK_EOF; return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key); } gnutls_assert (); diff --git a/lib/opencdk/keydb.h b/lib/opencdk/keydb.h index fb2bf4903f..e88f054d89 100644 --- a/lib/opencdk/keydb.h +++ b/lib/opencdk/keydb.h @@ -17,36 +17,36 @@ typedef struct key_table_s *key_table_t; typedef struct cdk_keydb_search_s { - off_t off; /* last file offset */ + off_t off; /* last file offset */ union { - char *pattern; /* A search is performed by pattern. */ - u32 keyid[2]; /* A search by keyid. */ - byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */ + char *pattern; /* A search is performed by pattern. */ + u32 keyid[2]; /* A search by keyid. */ + byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */ } u; int type; struct key_table_s *cache; size_t ncache; - unsigned int no_cache:1; /* disable the index cache. */ + unsigned int no_cache:1; /* disable the index cache. */ cdk_stream_t idx; - char *idx_name; /* name of the index file or NULL. */ + char *idx_name; /* name of the index file or NULL. */ } cdk_keydb_search_s; /* Internal key database handle. */ struct cdk_keydb_hd_s { - int type; /* type of the key db handle. */ - int fp_ref; /* 1=means it is a reference and shall not be closed. */ + int type; /* type of the key db handle. */ + int fp_ref; /* 1=means it is a reference and shall not be closed. */ cdk_stream_t fp; - char *name; /* name of the underlying file or NULL. */ - unsigned int secret:1; /* contain secret keys. */ - unsigned int isopen:1; /* the underlying stream is opened. */ + char *name; /* name of the underlying file or NULL. */ + unsigned int secret:1; /* contain secret keys. */ + unsigned int isopen:1; /* the underlying stream is opened. */ /* structure to store some stats about the keydb. */ struct { - size_t new_keys; /* amount of new keys that were imported. */ + size_t new_keys; /* amount of new keys that were imported. */ } stats; }; diff --git a/lib/opencdk/literal.c b/lib/opencdk/literal.c index 769f117e74..4c8f966124 100644 --- a/lib/opencdk/literal.c +++ b/lib/opencdk/literal.c @@ -104,16 +104,16 @@ literal_decode (void *data, FILE * in, FILE * out) from the original name and cut off the OpenPGP extension. If this is not possible, we return an error. */ if (!stristr (pfx->orig_filename, ".gpg") && - !stristr (pfx->orig_filename, ".pgp") && - !stristr (pfx->orig_filename, ".asc")) - { - cdk_pkt_release (pkt); - cdk_stream_close (si); - cdk_stream_close (so); - _cdk_log_debug - ("literal filter: no file name and no PGP extension\n"); - return CDK_Inv_Mode; - } + !stristr (pfx->orig_filename, ".pgp") && + !stristr (pfx->orig_filename, ".asc")) + { + cdk_pkt_release (pkt); + cdk_stream_close (si); + cdk_stream_close (so); + _cdk_log_debug + ("literal filter: no file name and no PGP extension\n"); + return CDK_Inv_Mode; + } _cdk_log_debug ("literal filter: derrive file name from original\n"); pfx->filename = dup_trim_filename (pfx->orig_filename); pfx->filename[strlen (pfx->filename) - 4] = '\0'; @@ -122,29 +122,29 @@ literal_decode (void *data, FILE * in, FILE * out) while (!feof (in)) { _cdk_log_debug ("literal_decode: part on %d size %lu\n", - (int) pfx->blkmode.on, pfx->blkmode.size); + (int) pfx->blkmode.on, pfx->blkmode.size); if (pfx->blkmode.on) - bufsize = pfx->blkmode.size; + bufsize = pfx->blkmode.size; else - bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf); + bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf); nread = cdk_stream_read (pt->buf, buf, bufsize); if (nread == EOF) - { - rc = CDK_File_Error; - break; - } + { + rc = CDK_File_Error; + break; + } if (pfx->md_initialized) - _gnutls_hash (&pfx->md, buf, nread); + _gnutls_hash (&pfx->md, buf, nread); cdk_stream_write (so, buf, nread); pt->len -= nread; if (pfx->blkmode.on) - { - pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on); - if ((ssize_t) pfx->blkmode.size == EOF) - return CDK_Inv_Packet; - } + { + pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on); + if ((ssize_t) pfx->blkmode.size == EOF) + return CDK_Inv_Packet; + } if (pt->len <= 0 && !pfx->blkmode.on) - break; + break; } cdk_stream_close (si); @@ -191,7 +191,7 @@ literal_encode (void *data, FILE * in, FILE * out) { pfx->filename = cdk_strdup ("_CONSOLE"); if (!pfx->filename) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; } rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si); @@ -237,14 +237,14 @@ _cdk_filter_literal (void *data, int ctl, FILE * in, FILE * out) { literal_filter_t *pfx = data; if (pfx) - { - _cdk_log_debug ("free literal filter\n"); - cdk_free (pfx->filename); - pfx->filename = NULL; - cdk_free (pfx->orig_filename); - pfx->orig_filename = NULL; - return 0; - } + { + _cdk_log_debug ("free literal filter\n"); + cdk_free (pfx->filename); + pfx->filename = NULL; + cdk_free (pfx->orig_filename); + pfx->orig_filename = NULL; + return 0; + } } return CDK_Inv_Mode; } @@ -264,7 +264,7 @@ text_encode (void *data, FILE * in, FILE * out) { s = fgets (buf, DIM (buf) - 1, in); if (!s) - break; + break; _cdk_trim_string (buf, 1); fwrite (buf, 1, strlen (buf), out); } @@ -287,7 +287,7 @@ text_decode (void *data, FILE * in, FILE * out) { s = fgets (buf, DIM (buf) - 1, in); if (!s) - break; + break; _cdk_trim_string (buf, 0); fwrite (buf, 1, strlen (buf), out); fwrite (tfx->lf, 1, strlen (tfx->lf), out); @@ -308,10 +308,10 @@ _cdk_filter_text (void *data, int ctl, FILE * in, FILE * out) { text_filter_t *tfx = data; if (tfx) - { - _cdk_log_debug ("free text filter\n"); - tfx->lf = NULL; - } + { + _cdk_log_debug ("free text filter\n"); + tfx->lf = NULL; + } } return CDK_Inv_Mode; } diff --git a/lib/opencdk/main.c b/lib/opencdk/main.c index 3052bf1387..1dd0ea23eb 100644 --- a/lib/opencdk/main.c +++ b/lib/opencdk/main.c @@ -94,9 +94,9 @@ handle_set_compress (cdk_ctx_t hd, int algo, int level) else { if (level > 0 && level < 10) - hd->compress.level = level; + hd->compress.level = level; else - hd->compress.level = 6; + hd->compress.level = 6; } } @@ -125,59 +125,59 @@ cdk_handle_control (cdk_ctx_t hd, int action, int cmd, ...) { case CDK_CTL_ARMOR: if (set) - hd->opt.armor = va_arg (arg_ptr, int); + hd->opt.armor = va_arg (arg_ptr, int); else - val = hd->opt.armor; + val = hd->opt.armor; break; case CDK_CTL_DIGEST: if (set) - handle_set_digest (hd, va_arg (arg_ptr, int)); + handle_set_digest (hd, va_arg (arg_ptr, int)); else - val = hd->digest_algo; + val = hd->digest_algo; break; case CDK_CTL_OVERWRITE: if (set) - hd->opt.overwrite = va_arg (arg_ptr, int); + hd->opt.overwrite = va_arg (arg_ptr, int); else - val = hd->opt.overwrite; + val = hd->opt.overwrite; break; case CDK_CTL_COMPRESS: if (set) - { - int algo = va_arg (arg_ptr, int); - int level = va_arg (arg_ptr, int); - handle_set_compress (hd, algo, level); - } + { + int algo = va_arg (arg_ptr, int); + int level = va_arg (arg_ptr, int); + handle_set_compress (hd, algo, level); + } else - val = hd->compress.algo; + val = hd->compress.algo; break; case CDK_CTL_S2K: if (set) - { - int mode = va_arg (arg_ptr, int); - int digest = va_arg (arg_ptr, int); - handle_set_s2k (hd, mode, digest); - } + { + int mode = va_arg (arg_ptr, int); + int digest = va_arg (arg_ptr, int); + handle_set_s2k (hd, mode, digest); + } else - val = hd->_s2k.mode; + val = hd->_s2k.mode; break; case CDK_CTL_FORCE_DIGEST: if (set) - hd->opt.force_digest = va_arg (arg_ptr, int); + hd->opt.force_digest = va_arg (arg_ptr, int); else - val = hd->opt.force_digest; + val = hd->opt.force_digest; break; case CDK_CTL_BLOCKMODE_ON: if (set) - hd->opt.blockmode = va_arg (arg_ptr, int); + hd->opt.blockmode = va_arg (arg_ptr, int); else - val = hd->opt.blockmode; + val = hd->opt.blockmode; break; default: @@ -309,8 +309,8 @@ cdk_handle_get_keydb (cdk_ctx_t hd, int type) **/ void cdk_handle_set_passphrase_cb (cdk_ctx_t hd, - char *(*cb) (void *opa, const char *prompt), - void *cb_value) + char *(*cb) (void *opa, const char *prompt), + void *cb_value) { if (!hd) return; @@ -351,9 +351,9 @@ cdk_handle_free (cdk_ctx_t hd) if (hd->db.close_db) { if (hd->db.pub) - cdk_keydb_free (hd->db.pub); + cdk_keydb_free (hd->db.pub); if (hd->db.sec) - cdk_keydb_free (hd->db.sec); + cdk_keydb_free (hd->db.sec); hd->db.pub = hd->db.sec = NULL; } cdk_free (hd); diff --git a/lib/opencdk/main.h b/lib/opencdk/main.h index fe324fedc8..bc7d5230fe 100644 --- a/lib/opencdk/main.h +++ b/lib/opencdk/main.h @@ -47,7 +47,7 @@ cdk_error_t map_gnutls_error (int err); /* This is the default block size for the partial length packet mode. */ #define DEF_BLOCKSIZE 8192 -#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */ +#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */ /* For now SHA-1 is used to create fingerprint for keys. But if this will ever change, it is a good idea to @@ -107,9 +107,9 @@ FILE *_cdk_tmpfile (void); /*-- proc-packet.c --*/ cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, - cdk_stream_t data, - const char *output, cdk_stream_t outstream, - digest_hd_st * md); + cdk_stream_t data, + const char *output, cdk_stream_t outstream, + digest_hd_st * md); cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx); /*-- pubkey.c --*/ @@ -126,15 +126,15 @@ void _cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx); /*-- sig-check.c --*/ cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig, - digest_hd_st * digest, int *r_expired); + digest_hd_st * digest, int *r_expired); cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * hd); cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version, - digest_hd_st * md); + digest_hd_st * md); cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st * md, - int use_fpr); + int use_fpr); cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd, cdk_kbnode_t knode, - cdk_kbnode_t snode, int *is_selfsig, - char **ret_uid); + cdk_kbnode_t snode, int *is_selfsig, + char **ret_uid); /*-- kbnode.c --*/ void _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node); @@ -142,31 +142,31 @@ void _cdk_kbnode_clone (cdk_kbnode_t node); /*-- sesskey.c --*/ cdk_error_t _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, - int pk_algo, - const byte * md, - int digest_algo, unsigned nbits); + int pk_algo, + const byte * md, + int digest_algo, unsigned nbits); cdk_error_t _cdk_sk_unprotect_auto (cdk_ctx_t hd, cdk_pkt_seckey_t sk); /*-- keydb.c --*/ int _cdk_keydb_is_secret (cdk_keydb_hd_t db); cdk_error_t _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name, - cdk_pkt_pubkey_t * ret_pk, int usage); + cdk_pkt_pubkey_t * ret_pk, int usage); cdk_error_t _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name, - cdk_pkt_seckey_t * ret_sk, int usage); + cdk_pkt_seckey_t * ret_sk, int usage); cdk_error_t _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, - const char *id); + const char *id); /*-- sign.c --*/ int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk); void _cdk_trim_string (char *s, int canon); cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig); cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk, - digest_hd_st * hd); + digest_hd_st * hd); /*-- stream.c --*/ void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo); cdk_error_t _cdk_stream_open_mode (const char *file, const char *mode, - cdk_stream_t * ret_s); + cdk_stream_t * ret_s); void *_cdk_stream_get_opaque (cdk_stream_t s, int fid); const char *_cdk_stream_get_fname (cdk_stream_t s); FILE *_cdk_stream_get_fp (cdk_stream_t s); @@ -177,7 +177,7 @@ cdk_error_t _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes); int _cdk_stream_get_blockmode (cdk_stream_t s); int _cdk_stream_puts (cdk_stream_t s, const char *buf); cdk_error_t _cdk_stream_fpopen (FILE * fp, unsigned write_mode, - cdk_stream_t * ret_out); + cdk_stream_t * ret_out); /*-- verify.c --*/ void _cdk_result_verify_free (cdk_verify_result_t res); diff --git a/lib/opencdk/misc.c b/lib/opencdk/misc.c index a6f69187b3..a2608addea 100644 --- a/lib/opencdk/misc.c +++ b/lib/opencdk/misc.c @@ -140,16 +140,16 @@ _cdk_memistr (const char *buf, size_t buflen, const char *sub) for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--) { if (toupper (*t) == toupper (*s)) - { - for (buf = t++, buflen = n--, s++; - n && toupper (*t) == toupper ((byte) * s); t++, s++, n--) - ; - if (!*s) - return buf; - t = (byte *) buf; - n = buflen; - s = (byte *) sub; - } + { + for (buf = t++, buflen = n--, s++; + n && toupper (*t) == toupper ((byte) * s); t++, s++, n--) + ; + if (!*s) + return buf; + t = (byte *) buf; + n = buflen; + s = (byte *) sub; + } } return NULL; @@ -175,9 +175,9 @@ void _cdk_trim_string (char *s, int canon) { while (s && *s && - (s[strlen (s) - 1] == '\t' || - s[strlen (s) - 1] == '\r' || - s[strlen (s) - 1] == '\n' || s[strlen (s) - 1] == ' ')) + (s[strlen (s) - 1] == '\t' || + s[strlen (s) - 1] == '\r' || + s[strlen (s) - 1] == '\n' || s[strlen (s) - 1] == ' ')) s[strlen (s) - 1] = '\0'; if (canon) strcat (s, "\r\n"); @@ -226,7 +226,7 @@ _cdk_tmpfile (void) /* We need to make sure the file will be deleted when it is closed. */ fd = _open (buf, _O_CREAT | _O_EXCL | _O_TEMPORARY | - _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE); + _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE); if (fd == -1) return NULL; fp = fdopen (fd, "w+b"); diff --git a/lib/opencdk/new-packet.c b/lib/opencdk/new-packet.c index 55b0cfd1a3..b4e09331d0 100644 --- a/lib/opencdk/new-packet.c +++ b/lib/opencdk/new-packet.c @@ -290,7 +290,7 @@ cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype) case CDK_PKT_USER_ID: pkt->pkt.user_id = cdk_calloc (1, sizeof pkt->pkt.user_id); if (!pkt->pkt.user_id) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pkt->pkt.user_id->name = NULL; break; @@ -298,40 +298,40 @@ cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype) case CDK_PKT_PUBLIC_SUBKEY: pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key); if (!pkt->pkt.public_key) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; break; case CDK_PKT_SECRET_KEY: case CDK_PKT_SECRET_SUBKEY: pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key); pkt->pkt.secret_key->pk = - cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk); + cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk); if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; break; case CDK_PKT_SIGNATURE: pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature); if (!pkt->pkt.signature) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; break; case CDK_PKT_PUBKEY_ENC: pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc); if (!pkt->pkt.pubkey_enc) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; break; case CDK_PKT_MDC: pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc); if (!pkt->pkt.mdc) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; break; case CDK_PKT_ONEPASS_SIG: pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig); if (!pkt->pkt.onepass_sig) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; break; case CDK_PKT_LITERAL: @@ -339,7 +339,7 @@ cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype) bytes, otherwise the result would be useless. */ pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal); if (!pkt->pkt.literal) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pkt->pkt.literal->name = NULL; break; @@ -448,7 +448,7 @@ _cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src) { k->encdata = cdk_calloc (1, src->enclen + 1); if (!k->encdata) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; memcpy (k->encdata, src->encdata, src->enclen); } @@ -522,7 +522,7 @@ _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b) for (i = 0; i < na; i++) { if (_gnutls_mpi_cmp (a->mpi[i], b->mpi[i])) - return -1; + return -1; } return 0; @@ -580,7 +580,7 @@ cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type) for (s = ctx; s; s = s->next) { if (s->type == type) - count++; + count++; } return count; @@ -605,7 +605,7 @@ cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, size_t idx) for (s = ctx; s; s = s->next) { if (s->type == type && pos++ == idx) - return s; + return s; } return NULL; @@ -686,20 +686,20 @@ _cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes) if (!s) { if (r_nbytes) - *r_nbytes = 0; + *r_nbytes = 0; return NULL; } for (n = 0, list = s; list; list = list->next) { - n++; /* type */ + n++; /* type */ n += list->size; if (list->size < 192) - n++; + n++; else if (list->size < 8384) - n += 2; + n += 2; else - n += 5; + n += 5; } buf = cdk_calloc (1, n + 1); if (!buf) @@ -708,22 +708,22 @@ _cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes) n = 0; for (list = s; list; list = list->next) { - nbytes = 1 + list->size; /* type */ + nbytes = 1 + list->size; /* type */ if (nbytes < 192) - buf[n++] = nbytes; + buf[n++] = nbytes; else if (nbytes < 8384) - { - buf[n++] = nbytes / 256 + 192; - buf[n++] = nbytes % 256; - } + { + buf[n++] = nbytes / 256 + 192; + buf[n++] = nbytes % 256; + } else - { - buf[n++] = 0xFF; - buf[n++] = nbytes >> 24; - buf[n++] = nbytes >> 16; - buf[n++] = nbytes >> 8; - buf[n++] = nbytes; - } + { + buf[n++] = 0xFF; + buf[n++] = nbytes >> 24; + buf[n++] = nbytes >> 16; + buf[n++] = nbytes >> 8; + buf[n++] = nbytes; + } buf[n++] = list->type; memcpy (buf + n, list->d, list->size); n += list->size; @@ -753,15 +753,15 @@ _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src) { node = cdk_subpkt_new (p->size); if (node) - { - memcpy (node->d, p->d, p->size); - node->type = p->type; - node->size = p->size; - } + { + memcpy (node->d, p->d, p->size); + node->type = p->type; + node->size = p->size; + } if (!root) - root = node; + root = node; else - cdk_subpkt_add (root, node); + cdk_subpkt_add (root, node); } *r_dst = root; return 0; @@ -779,7 +779,7 @@ _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src) **/ void cdk_subpkt_init (cdk_subpkt_t node, size_t type, - const void *buf, size_t buflen) + const void *buf, size_t buflen) { if (!node) return; @@ -792,8 +792,8 @@ cdk_subpkt_init (cdk_subpkt_t node, size_t type, /* FIXME: We need to think of a public interface for it. */ const byte * cdk_key_desig_revoker_walk (cdk_desig_revoker_t root, - cdk_desig_revoker_t * ctx, - int *r_class, int *r_algid) + cdk_desig_revoker_t * ctx, + int *r_class, int *r_algid) { cdk_desig_revoker_t n; @@ -834,9 +834,9 @@ cdk_subpkt_find_next (cdk_subpkt_t root, size_t type) for (node = root->next; node; node = node->next) { if (!type) - return node; + return node; else if (node->type == type) - return node; + return node; } return NULL; diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h index d7bd415b60..6516824a1e 100644 --- a/lib/opencdk/opencdk.h +++ b/lib/opencdk/opencdk.h @@ -26,7 +26,7 @@ #ifndef OPENCDK_H #define OPENCDK_H -#include <stddef.h> /* for size_t */ +#include <stddef.h> /* for size_t */ #include <stdarg.h> #include <gnutls_int.h> #include <gnutls_mem.h> @@ -142,23 +142,23 @@ extern "C" enum cdk_control_flags { - CDK_CTLF_SET = 0, /* Value to set an option */ - CDK_CTLF_GET = 1, /* Value to get an option */ - CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */ - CDK_CTL_ARMOR = 12, /* Option to enable armor output. */ - CDK_CTL_COMPRESS = 13, /* Option to enable compression. */ - CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */ - CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */ - CDK_CTL_S2K = 16, /* Option to set S2K values. */ - CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */ - CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */ + CDK_CTLF_SET = 0, /* Value to set an option */ + CDK_CTLF_GET = 1, /* Value to get an option */ + CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */ + CDK_CTL_ARMOR = 12, /* Option to enable armor output. */ + CDK_CTL_COMPRESS = 13, /* Option to enable compression. */ + CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */ + CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */ + CDK_CTL_S2K = 16, /* Option to set S2K values. */ + CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */ + CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */ }; /* Specifies all valid log levels. */ enum cdk_log_level_t { - CDK_LOG_NONE = 0, /* No log message will be shown. */ + CDK_LOG_NONE = 0, /* No log message will be shown. */ CDK_LOG_INFO = 1, CDK_LOG_DEBUG = 2, CDK_LOG_DEBUG_PKT = 3 @@ -171,7 +171,7 @@ extern "C" CDK_COMPRESS_NONE = 0, CDK_COMPRESS_ZIP = 1, CDK_COMPRESS_ZLIB = 2, - CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */ + CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */ }; /* All valid public key algorithms valid in OpenPGP */ @@ -179,8 +179,8 @@ extern "C" { CDK_PK_UNKNOWN = 0, CDK_PK_RSA = 1, - CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */ - CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */ + CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */ + CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */ CDK_PK_ELG_E = 16, CDK_PK_DSA = 17 }; @@ -201,9 +201,9 @@ extern "C" enum cdk_pref_type_t { CDK_PREFTYPE_NONE = 0, - CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */ - CDK_PREFTYPE_HASH = 2, /* Message digests */ - CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */ + CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */ + CDK_PREFTYPE_HASH = 2, /* Message digests */ + CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */ }; @@ -248,18 +248,18 @@ extern "C" enum cdk_keydb_flag_t { /* Valid database search modes */ - CDK_DBSEARCH_EXACT = 1, /* Exact string search */ - CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */ - CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */ - CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */ - CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */ - CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */ - CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */ + CDK_DBSEARCH_EXACT = 1, /* Exact string search */ + CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */ + CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */ + CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */ + CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */ + CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */ + CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */ /* Valid database types */ - CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */ - CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */ - CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */ - CDK_DBTYPE_STREAM = 103 /* A stream is used to read keys from */ + CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */ + CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */ + CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */ + CDK_DBTYPE_STREAM = 103 /* A stream is used to read keys from */ }; @@ -294,9 +294,9 @@ extern "C" enum cdk_key_flag_t { CDK_KEY_VALID = 0, - CDK_KEY_INVALID = 1, /* Missing or wrong self signature */ - CDK_KEY_EXPIRED = 2, /* Key is expired. */ - CDK_KEY_REVOKED = 4, /* Key has been revoked. */ + CDK_KEY_INVALID = 1, /* Missing or wrong self signature */ + CDK_KEY_EXPIRED = 2, /* Key is expired. */ + CDK_KEY_REVOKED = 4, /* Key has been revoked. */ CDK_KEY_NOSIGNER = 8 }; @@ -326,7 +326,7 @@ extern "C" CDK_SIGSTAT_GOOD = 1, CDK_SIGSTAT_BAD = 2, CDK_SIGSTAT_NOKEY = 3, - CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */ + CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */ /* FIXME: We need indicators for revoked/expires signatures. */ /* Signature modes */ @@ -416,7 +416,7 @@ extern "C" unsigned valid:1; unsigned missing_key:1; } flags; - unsigned int key[2]; /* only valid for key signatures */ + unsigned int key[2]; /* only valid for key signatures */ }; typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t; @@ -429,7 +429,7 @@ extern "C" unsigned mdc_feature:1; cdk_prefitem_t prefs; size_t prefs_size; - unsigned char *attrib_img; /* Tag 17 if not null */ + unsigned char *attrib_img; /* Tag 17 if not null */ size_t attrib_len; cdk_pkt_signature_t selfsig; char *name; @@ -474,7 +474,7 @@ extern "C" struct { unsigned char algo; - unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */ + unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */ cdk_s2k_t s2k; unsigned char iv[16]; unsigned char ivlen; @@ -557,9 +557,9 @@ extern "C" /* Structure which represents a single OpenPGP packet. */ struct cdk_packet_s { - size_t pktlen; /* real packet length */ - size_t pktsize; /* length with all headers */ - int old_ctb; /* 1 if RFC1991 mode is used */ + size_t pktlen; /* real packet length */ + size_t pktsize; /* length with all headers */ + int old_ctb; /* 1 if RFC1991 mode is used */ cdk_packet_type_t pkttype; union { @@ -590,7 +590,7 @@ extern "C" The user can directly use the file name, the rest is done internally. */ cdk_error_t cdk_handle_set_keyring (cdk_ctx_t hd, int type, - const char *kringname); + const char *kringname); /* Return keydb handle stored in the session handle. */ cdk_keydb_hd_t cdk_handle_get_keydb (cdk_ctx_t hd, int type); @@ -598,9 +598,9 @@ extern "C" /* Set a passphrase callback for the given session handle. */ void cdk_handle_set_passphrase_cb (cdk_ctx_t hd, - char *(*cb) (void *opa, - const char *prompt), - void *cb_value); + char *(*cb) (void *opa, + const char *prompt), + void *cb_value); /* shortcuts for some controls */ @@ -630,18 +630,18 @@ extern "C" /* This context holds all information of the verification process. */ struct cdk_verify_result_s { - int sig_ver; /* Version of the signature. */ - int sig_status; /* The status (GOOD, BAD) of the signature */ - int sig_flags; /* May contain expired or revoked flags */ - unsigned int keyid[2]; /* The issuer key ID */ - unsigned int created; /* Timestamp when the sig was created. */ + int sig_ver; /* Version of the signature. */ + int sig_status; /* The status (GOOD, BAD) of the signature */ + int sig_flags; /* May contain expired or revoked flags */ + unsigned int keyid[2]; /* The issuer key ID */ + unsigned int created; /* Timestamp when the sig was created. */ unsigned int expires; int pubkey_algo; int digest_algo; - char *user_id; /* NULL or user ID which issued the signature. */ - char *policy_url; /* If set, the policy the sig was created under. */ - size_t sig_len; /* Size of the signature data inbits. */ - unsigned char *sig_data; /* Raw signature data. */ + char *user_id; /* NULL or user ID which issued the signature. */ + char *policy_url; /* If set, the policy the sig was created under. */ + size_t sig_len; /* Size of the signature data inbits. */ + unsigned char *sig_data; /* Raw signature data. */ }; typedef struct cdk_verify_result_s *cdk_verify_result_t; @@ -671,19 +671,19 @@ extern "C" cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type); size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type); cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, - size_t index); + size_t index); cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node); const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx, - size_t * r_type, - size_t * r_nbytes); + size_t * r_type, + size_t * r_nbytes); void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf, - size_t buflen); + size_t buflen); /* Designated Revoker routines */ const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root, - cdk_desig_revoker_t * ctx, - int *r_class, - int *r_algid); + cdk_desig_revoker_t * ctx, + int *r_class, + int *r_algid); #define is_RSA(a) ((a) == CDK_PK_RSA \ || (a) == CDK_PK_RSA_E \ @@ -694,22 +694,22 @@ extern "C" /* Encrypt the given session key @SK with the public key @PK and write the contents into the packet @PKE. */ cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke, - bigint_t sk); + bigint_t sk); /* Decrypt the given encrypted session key in @PKE with the secret key @SK and store it in @R_SK. */ cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke, - bigint_t * r_sk); + bigint_t * r_sk); /* Sign the given message digest @MD with the secret key @SK and store the signature in the packet @SIG. */ cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig, - const unsigned char *md); + const unsigned char *md); /* Verify the given signature in @SIG with the public key @PK and compare it against the message digest @MD. */ cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig, - const unsigned char *md); + const unsigned char *md); /* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much multiprecision integers a key consists of. */ @@ -718,13 +718,13 @@ extern "C" in the buffer @BUF. @R_NWRITTEN will contain the length in octets. Optional @R_NBITS may contain the size in bits. */ cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx, - unsigned char *buf, size_t buflen, - size_t * r_nwritten, size_t * r_nbits); + unsigned char *buf, size_t buflen, + size_t * r_nwritten, size_t * r_nbits); /* Same as the function above but of the secret key. */ cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx, - unsigned char *buf, size_t buflen, - size_t * r_nwritten, size_t * r_nbits); + unsigned char *buf, size_t buflen, + size_t * r_nwritten, size_t * r_nbits); /* Helper to get the exact number of multi precision integers for the given object. */ @@ -742,20 +742,20 @@ extern "C" /* Same as above, but with additional sanity checks of the buffer size. */ cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk, - unsigned char *fpr, size_t fprlen, - size_t * r_nout); + unsigned char *fpr, size_t fprlen, + size_t * r_nout); /* Derive the keyid from the fingerprint. This is only possible for modern, version 4 keys. */ unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr, - size_t fprlen, - unsigned int *keyid); + size_t fprlen, + unsigned int *keyid); /* Various functions to get the keyid from the specific packet type. */ unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid); unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid); unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig, - unsigned int *keyid); + unsigned int *keyid); /* Key release functions. */ void cdk_pk_release (cdk_pubkey_t pk); @@ -771,11 +771,11 @@ extern "C" /* String to Key routines. */ cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo, - const unsigned char *salt); + const unsigned char *salt); void cdk_s2k_free (cdk_s2k_t s2k); cdk_error_t cdk_file_armor (cdk_ctx_t hd, const char *file, - const char *output); + const char *output); cdk_error_t cdk_file_dearmor (const char *file, const char *output); int cdk_armor_filter_use (cdk_stream_t inp); @@ -783,9 +783,9 @@ extern "C" If @outbuf and @outlen are NULL, the function returns the calculated size of the base64 encoded data in @nwritten. */ cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf, - size_t inlen, char *outbuf, - size_t outlen, size_t * nwritten, - int type); + size_t inlen, char *outbuf, + size_t outlen, size_t * nwritten, + int type); /* This context contain user callbacks for different stream operations. @@ -805,7 +805,7 @@ extern "C" /* Return a stream object which is associated to a socket. */ cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port, - cdk_stream_t * ret_out); + cdk_stream_t * ret_out); /* Return a stream object which is associated to an existing file. */ cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s); @@ -817,11 +817,11 @@ extern "C" /* Return a stream object with custom callback functions for the various core operations. */ cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa, - cdk_stream_t * ret_s); + cdk_stream_t * ret_s); cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s); cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out); cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen, - cdk_stream_t * r_out); + cdk_stream_t * r_out); void cdk_stream_tmp_set_mode (cdk_stream_t s, int val); cdk_error_t cdk_stream_flush (cdk_stream_t s); cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val); @@ -839,19 +839,19 @@ extern "C" /* Push the literal filter for the given stream. */ cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s, - cdk_lit_format_t mode, - const char *fname); + cdk_lit_format_t mode, + const char *fname); cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo, - int level); + int level); cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo); cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf); cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out); cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf, - size_t * ret_buflen); + size_t * ret_buflen); cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len, - unsigned char **ret_buf, - size_t * ret_buflen); + unsigned char **ret_buf, + size_t * ret_buflen); /* Read from the stream but restore the file pointer after reading the requested amount of bytes. */ @@ -861,36 +861,36 @@ extern "C" the function does not support all combinations, the dedicated functions should be preferred. */ cdk_error_t cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data, - size_t count); + size_t count); /* Create a new key db handle from a memory buffer. */ cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret, - const void *data, size_t datlen); + const void *data, size_t datlen); /* Create a new key db which uses an existing file. */ cdk_error_t cdk_keydb_new_from_file (cdk_keydb_hd_t * r_hd, int secret, - const char *fname); + const char *fname); /* Uses a stream as the key db input. For searching it is important that the seek function is supported on the stream. Furthermore, the stream is not closed in cdk_keydb_free(). The caller must do it. */ cdk_error_t cdk_keydb_new_from_stream (cdk_keydb_hd_t * r_hd, int secret, - cdk_stream_t in); + cdk_stream_t in); /* Check that a secret key with the given key ID is available. */ cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid); /* Prepare the key db search. */ cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st, - cdk_keydb_hd_t db, int type, - void *desc); + cdk_keydb_hd_t db, int type, + void *desc); void cdk_keydb_search_release (cdk_keydb_search_t st); /* Return a key which matches a valid description given in cdk_keydb_search_start(). */ cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd, - cdk_kbnode_t * ret_key); + cdk_kbnode_t * ret_key); /* Release the key db handle and all its resources. */ void cdk_keydb_free (cdk_keydb_hd_t hd); @@ -898,35 +898,35 @@ extern "C" /* The following functions will try to find a key in the given key db handle either by keyid, by fingerprint or by some pattern. */ cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid, - cdk_kbnode_t * ret_pk); + cdk_kbnode_t * ret_pk); cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, - const unsigned char *fpr, - cdk_kbnode_t * ret_pk); + const unsigned char *fpr, + cdk_kbnode_t * ret_pk); cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt, - cdk_kbnode_t * ret_pk); + cdk_kbnode_t * ret_pk); /* These function, in contrast to most other key db functions, only return the public or secret key packet without the additional signatures and user IDs. */ cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid, - cdk_pubkey_t * ret_pk); + cdk_pubkey_t * ret_pk); cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid, - cdk_seckey_t * ret_sk); + cdk_seckey_t * ret_sk); /* Try to read the next key block from the given input stream. The key will be returned in @RET_KEY on success. */ cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp, - cdk_kbnode_t * ret_key); + cdk_kbnode_t * ret_key); /* Rebuild the key db index if possible. */ cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db, - cdk_keydb_search_t dbs); + cdk_keydb_search_t dbs); /* Export one or more keys from the given key db handle into the stream @OUT. The export is done by substring search and uses the string list @REMUSR for the pattern. */ cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, - cdk_strlist_t remusr); + cdk_strlist_t remusr); /* Import the given key node @knode into the key db. */ cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode); @@ -937,7 +937,7 @@ extern "C" /* Start the key list process. Either use @PATT for a pattern search or @FPATT for a list of pattern. */ cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db, - const char *patt, cdk_strlist_t fpatt); + const char *patt, cdk_strlist_t fpatt); void cdk_listkey_close (cdk_listkey_t ctx); /* Return the next key which matches the pattern. */ @@ -945,40 +945,40 @@ extern "C" cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt); cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node, - const unsigned char *buf, - size_t buflen); + const unsigned char *buf, + size_t buflen); cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node, - unsigned char *buf, size_t * r_nbytes); + unsigned char *buf, size_t * r_nbytes); cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node, - unsigned char **r_buf, - size_t * r_buflen); + unsigned char **r_buf, + size_t * r_buflen); void cdk_kbnode_release (cdk_kbnode_t node); void cdk_kbnode_delete (cdk_kbnode_t node); void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node, - cdk_packet_type_t pkttype); + cdk_packet_type_t pkttype); int cdk_kbnode_commit (cdk_kbnode_t * root); void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node); void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, - cdk_kbnode_t where); + cdk_kbnode_t where); cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, - int all); + int all); cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node, - cdk_packet_type_t pkttype); + cdk_packet_type_t pkttype); cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node); cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype); cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node, - cdk_packet_type_t pkttype); + cdk_packet_type_t pkttype); cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node, - cdk_packet_type_t pkttype); + cdk_packet_type_t pkttype); cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, - int is_v4, cdk_packet_type_t pkttype, - int flags); + int is_v4, cdk_packet_type_t pkttype, + int flags); /* Check each signature in the key node and return a summary of the key status in @r_status. Values of cdk_key_flag_t are used. */ cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, - int *r_status); + int *r_status); /* Check the self signature of the key to make sure it is valid. */ cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status); @@ -991,75 +991,75 @@ extern "C" MDC feature. */ int cdk_pklist_use_mdc (cdk_keylist_t pkl); cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd, - cdk_strlist_t remusr, int use); + cdk_strlist_t remusr, int use); void cdk_pklist_release (cdk_keylist_t pkl); /* Secret key lists */ cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl, - cdk_keydb_hd_t db, cdk_ctx_t hd, - cdk_strlist_t locusr, - int unlock, unsigned int use); + cdk_keydb_hd_t db, cdk_ctx_t hd, + cdk_strlist_t locusr, + int unlock, unsigned int use); void cdk_sklist_release (cdk_keylist_t skl); cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp, - digest_hd_st * mdctx, int sigclass, - int sigver); + digest_hd_st * mdctx, int sigclass, + int sigver); cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp, - int sigclass, int mdalgo); + int sigclass, int mdalgo); /* Encrypt the given stream @INP with the recipients given in @REMUSR. If @REMUSR is NULL, symmetric encryption will be used. The output will be written to @OUT. */ cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr, - cdk_stream_t inp, cdk_stream_t out); + cdk_stream_t inp, cdk_stream_t out); /* Decrypt the @INP stream into @OUT. */ cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp, - cdk_stream_t out); + cdk_stream_t out); /* Same as the function above but it works on files. */ cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr, - const char *file, const char *output); + const char *file, const char *output); cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file, - const char *output); + const char *output); /* Generic function to transform data. The mode can be either sign, verify, encrypt, decrypt, import or export. The meanings of the parameters are similar to the functions above. @OUTBUF will contain the output and @OUTSIZE the length of it. */ cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode, - cdk_strlist_t locusr, cdk_strlist_t remusr, - const void *inbuf, size_t insize, - unsigned char **outbuf, size_t * outsize, - int modval); + cdk_strlist_t locusr, cdk_strlist_t remusr, + const void *inbuf, size_t insize, + unsigned char **outbuf, size_t * outsize, + int modval); /* Sign the stream @INP. Optionally, the output will be encrypted if @REMUSR is not NULL and the @ENCRYPTFLAG is set. The output will be written to @OUT. @LOCUSR contains one ore more pattern for the secret key(s) to use. */ cdk_error_t cdk_stream_sign (cdk_ctx_t hd, cdk_stream_t inp, - cdk_stream_t out, cdk_strlist_t locusr, - cdk_strlist_t remusr, int encryptflag, - int sigmode); + cdk_stream_t out, cdk_strlist_t locusr, + cdk_strlist_t remusr, int encryptflag, + int sigmode); /* Same as the function above but it works on files. */ cdk_error_t cdk_file_sign (cdk_ctx_t hd, cdk_strlist_t locusr, - cdk_strlist_t remusr, - const char *file, const char *output, - int sigmode, int encryptflag); + cdk_strlist_t remusr, + const char *file, const char *output, + int sigmode, int encryptflag); cdk_error_t cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, - cdk_stream_t data, cdk_stream_t out); + cdk_stream_t data, cdk_stream_t out); /* Verify the given file @FILE. For a detached signature, @DATA_FILE contains the actual file data and @FILE is only the signature. If the @OUTPUT is not NULL, the plaintext will be written to this file. */ cdk_error_t cdk_file_verify (cdk_ctx_t hd, const char *file, - const char *data_file, const char *output); + const char *data_file, const char *output); int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id, - int *r_val); + int *r_val); int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk, - int *r_val, int *r_flags); + int *r_val, int *r_flags); void cdk_strlist_free (cdk_strlist_t sl); cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string); @@ -1073,4 +1073,4 @@ extern "C" } #endif -#endif /* OPENCDK_H */ +#endif /* OPENCDK_H */ diff --git a/lib/opencdk/packet.h b/lib/opencdk/packet.h index aca38e06cb..eda8735d0f 100644 --- a/lib/opencdk/packet.h +++ b/lib/opencdk/packet.h @@ -43,7 +43,7 @@ cdk_error_t _cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src); cdk_error_t _cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src); cdk_error_t _cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk); cdk_error_t _cdk_copy_signature (cdk_pkt_signature_t * dst, - cdk_pkt_signature_t src); + cdk_pkt_signature_t src); cdk_error_t _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b); #endif /* CDK_PACKET_H */ diff --git a/lib/opencdk/pubkey.c b/lib/opencdk/pubkey.c index dc2e2ea788..835e6b531b 100644 --- a/lib/opencdk/pubkey.c +++ b/lib/opencdk/pubkey.c @@ -49,13 +49,13 @@ sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig) { err = _gnutls_mpi_dprint (sig->mpi[0], r_sig); if (err < 0) - rc = map_gnutls_error (err); + rc = map_gnutls_error (err); } else if (is_DSA (sig->pubkey_algo)) { err = _gnutls_encode_ber_rs (r_sig, sig->mpi[0], sig->mpi[1]); if (err < 0) - rc = map_gnutls_error (err); + rc = map_gnutls_error (err); } else rc = CDK_Inv_Algo; @@ -106,7 +106,7 @@ cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md) } rc = _cdk_digest_encode_pkcs1 (&encmd, &enclen, pk->pubkey_algo, md, - sig->digest_algo, cdk_pk_get_nbits (pk)); + sig->digest_algo, cdk_pk_get_nbits (pk)); if (rc) { gnutls_assert (); @@ -193,7 +193,7 @@ cdk_pk_get_nskey (int algo) int ret; if (is_RSA (algo)) - ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */ + ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */ else if (is_DSA (algo)) ret = DSA_PRIVATE_PARAMS; else if (is_ELG (algo)) @@ -278,7 +278,7 @@ _cdk_pk_algo_usage (int algo) */ static cdk_error_t mpi_to_buffer (bigint_t a, byte * buf, size_t buflen, - size_t * r_nwritten, size_t * r_nbits) + size_t * r_nwritten, size_t * r_nbits) { size_t nbits; int err; @@ -323,8 +323,8 @@ mpi_to_buffer (bigint_t a, byte * buf, size_t buflen, **/ cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx, - byte * buf, size_t buflen, size_t * r_nwritten, - size_t * r_nbits) + byte * buf, size_t buflen, size_t * r_nwritten, + size_t * r_nbits) { if (!pk || !r_nwritten) return CDK_Inv_Value; @@ -349,8 +349,8 @@ cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx, **/ cdk_error_t cdk_sk_get_mpi (cdk_pkt_seckey_t sk, size_t idx, - byte * buf, size_t buflen, size_t * r_nwritten, - size_t * r_nbits) + byte * buf, size_t buflen, size_t * r_nwritten, + size_t * r_nbits) { if (!sk || !r_nwritten) return CDK_Inv_Value; @@ -431,7 +431,7 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr) return CDK_Inv_Value; if (pk->version < 4 && is_RSA (pk->pubkey_algo)) - md_algo = GNUTLS_DIG_MD5; /* special */ + md_algo = GNUTLS_DIG_MD5; /* special */ else md_algo = GNUTLS_DIG_SHA1; dlen = _gnutls_hash_get_algo_len (md_algo); @@ -461,7 +461,7 @@ cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr) **/ cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk, - byte * fprbuf, size_t fprbuflen, size_t * r_nout) + byte * fprbuf, size_t fprbuflen, size_t * r_nout) { size_t key_fprlen; cdk_error_t err; @@ -541,23 +541,23 @@ cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid) if (pk && (!pk->keyid[0] || !pk->keyid[1])) { if (pk->version < 4 && is_RSA (pk->pubkey_algo)) - { - byte p[MAX_MPI_BYTES]; - size_t n; - - n = MAX_MPI_BYTES; - _gnutls_mpi_print (pk->mpi[0], p, &n); - pk->keyid[0] = - p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5]; - pk->keyid[1] = - p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1]; - } + { + byte p[MAX_MPI_BYTES]; + size_t n; + + n = MAX_MPI_BYTES; + _gnutls_mpi_print (pk->mpi[0], p, &n); + pk->keyid[0] = + p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5]; + pk->keyid[1] = + p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1]; + } else if (pk->version == 4) - { - cdk_pk_get_fingerprint (pk, buf); - pk->keyid[0] = _cdk_buftou32 (buf + 12); - pk->keyid[1] = _cdk_buftou32 (buf + 16); - } + { + cdk_pk_get_fingerprint (pk, buf); + pk->keyid[0] = _cdk_buftou32 (buf + 12); + pk->keyid[1] = _cdk_buftou32 (buf + 16); + } } lowbits = pk ? pk->keyid[1] : 0; if (keyid && pk) diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c index 6e7fcefd56..313e779b35 100644 --- a/lib/opencdk/read-packet.c +++ b/lib/opencdk/read-packet.c @@ -92,12 +92,12 @@ read_s2k (cdk_stream_t inp, cdk_s2k_t s2k) else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED) { if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread)) - return CDK_Inv_Packet; + return CDK_Inv_Packet; if (nread != DIM (s2k->salt)) - return CDK_Inv_Packet; + return CDK_Inv_Packet; if (s2k->mode == CDK_S2K_ITERSALTED) - s2k->count = cdk_stream_getc (inp); + s2k->count = cdk_stream_getc (inp); } else if (s2k->mode == CDK_S2K_GNU_EXT) { @@ -130,14 +130,14 @@ read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure) if (nbits > MAX_MPI_BITS || nbits == 0) { _gnutls_write_log ("read_mpi: too large %d bits\n", (int) nbits); - return CDK_MPI_Error; /* Sanity check */ + return CDK_MPI_Error; /* Sanity check */ } rc = stream_read (inp, buf + 2, nread, &nread); if (!rc && nread != ((nbits + 7) / 8)) { _gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread, - (int) ((nbits + 7) / 8)); + (int) ((nbits + 7) / 8)); return CDK_MPI_Error; } @@ -166,14 +166,14 @@ _cdk_pkt_read_len (FILE * inp, size_t * ret_partial) if (c1 == EOF) return (size_t) EOF; if (c1 < 224 || c1 == 255) - *ret_partial = 0; /* End of partial data */ + *ret_partial = 0; /* End of partial data */ if (c1 < 192) pktlen = c1; else if (c1 >= 192 && c1 <= 223) { c2 = fgetc (inp); if (c2 == EOF) - return (size_t) EOF; + return (size_t) EOF; pktlen = ((c1 - 192) << 8) + c2 + 192; } else if (c1 == 255) @@ -208,7 +208,7 @@ read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke) pke->keyid[0] = read_32 (inp); pke->keyid[1] = read_32 (inp); if (!pke->keyid[0] && !pke->keyid[1]) - pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */ + pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */ pke->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp)); nenc = cdk_pk_get_nenc (pke->pubkey_algo); if (!nenc) @@ -217,7 +217,7 @@ read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke) { cdk_error_t rc = read_mpi (inp, &pke->mpi[i], 0); if (rc) - return rc; + return rc; } return 0; @@ -281,7 +281,7 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk) if (DEBUG_PKT) _gnutls_write_log ("read_public_key: %d octets\n", (int) pktlen); - pk->is_invalid = 1; /* default to detect missing self signatures */ + pk->is_invalid = 1; /* default to detect missing self signatures */ pk->is_revoked = 0; pk->has_expired = 0; @@ -293,7 +293,7 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk) { ndays = read_16 (inp); if (ndays) - pk->expiredate = pk->timestamp + ndays * 86400L; + pk->expiredate = pk->timestamp + ndays * 86400L; } pk->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp)); @@ -302,14 +302,14 @@ read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk) { gnutls_assert (); _gnutls_write_log ("invalid public key algorithm %d\n", - pk->pubkey_algo); + pk->pubkey_algo); return CDK_Inv_Algo; } for (i = 0; i < npkey; i++) { cdk_error_t rc = read_mpi (inp, &pk->mpi[i], 0); if (rc) - return rc; + return rc; } /* This value is just for the first run and will be @@ -353,24 +353,24 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk) sk->protect.algo = _pgp_cipher_to_gnutls (cdk_stream_getc (inp)); sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k); if (!sk->protect.s2k) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_s2k (inp, sk->protect.s2k); if (rc) - return rc; + return rc; /* refer to --export-secret-subkeys in gpg(1) */ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) - sk->protect.ivlen = 0; + sk->protect.ivlen = 0; else - { - sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo); - if (!sk->protect.ivlen) - return CDK_Inv_Packet; - rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); - if (rc) - return rc; - if (nread != sk->protect.ivlen) - return CDK_Inv_Packet; - } + { + sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo); + if (!sk->protect.ivlen) + return CDK_Inv_Packet; + rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread); + if (rc) + return rc; + if (nread != sk->protect.ivlen) + return CDK_Inv_Packet; + } } else sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage); @@ -379,16 +379,16 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk) sk->csum = 0; nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); if (!nskey) - { - gnutls_assert (); - return CDK_Inv_Algo; - } + { + gnutls_assert (); + return CDK_Inv_Algo; + } for (i = 0; i < nskey; i++) - { - rc = read_mpi (inp, &sk->mpi[i], 1); - if (rc) - return rc; - } + { + rc = read_mpi (inp, &sk->mpi[i], 1); + if (rc) + return rc; + } sk->csum = read_16 (inp); sk->is_protected = 0; } @@ -397,16 +397,16 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk) /* The length of each multiprecision integer is stored in plaintext. */ nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); if (!nskey) - { - gnutls_assert (); - return CDK_Inv_Algo; - } + { + gnutls_assert (); + return CDK_Inv_Algo; + } for (i = 0; i < nskey; i++) - { - rc = read_mpi (inp, &sk->mpi[i], 1); - if (rc) - return rc; - } + { + rc = read_mpi (inp, &sk->mpi[i], 1); + if (rc) + return rc; + } sk->csum = read_16 (inp); sk->is_protected = 1; } @@ -418,38 +418,38 @@ read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk) p2 -= p1; sk->enclen = pktlen - p2; if (sk->enclen < 2) - return CDK_Inv_Packet; /* at least 16 bits for the checksum! */ + return CDK_Inv_Packet; /* at least 16 bits for the checksum! */ sk->encdata = cdk_calloc (1, sk->enclen + 1); if (!sk->encdata) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; if (stream_read (inp, sk->encdata, sk->enclen, &nread)) - return CDK_Inv_Packet; + return CDK_Inv_Packet; /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT) - { - unsigned char gnumode; - if ((sk->enclen < strlen ("GNU") + 1) || - (0 != memcmp ("GNU", sk->encdata, strlen ("GNU")))) - return CDK_Inv_Packet; - gnumode = sk->encdata[strlen ("GNU")]; - /* we only handle gnu-dummy (mode 1). - mode 2 should refer to external smart cards. - */ - if (gnumode != 1) - return CDK_Inv_Packet; - /* gnu-dummy should have no more data */ - if (sk->enclen != strlen ("GNU") + 1) - return CDK_Inv_Packet; - } + { + unsigned char gnumode; + if ((sk->enclen < strlen ("GNU") + 1) || + (0 != memcmp ("GNU", sk->encdata, strlen ("GNU")))) + return CDK_Inv_Packet; + gnumode = sk->encdata[strlen ("GNU")]; + /* we only handle gnu-dummy (mode 1). + mode 2 should refer to external smart cards. + */ + if (gnumode != 1) + return CDK_Inv_Packet; + /* gnu-dummy should have no more data */ + if (sk->enclen != strlen ("GNU") + 1) + return CDK_Inv_Packet; + } nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo); if (!nskey) - { - gnutls_assert (); - return CDK_Inv_Algo; - } + { + gnutls_assert (); + return CDK_Inv_Algo; + } /* We mark each MPI entry with NULL to indicate a protected key. */ for (i = 0; i < nskey; i++) - sk->mpi[i] = NULL; + sk->mpi[i] = NULL; sk->is_protected = 1; } @@ -510,16 +510,16 @@ read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr) else if (len >= 192) { if (pktlen < 2) - { - cdk_free (buf); - return CDK_Inv_Packet; - } + { + cdk_free (buf); + return CDK_Inv_Packet; + } len = ((len - 192) << 8) + *p + 192; p++; pktlen--; } - if (*p != 1) /* Currently only 1, meaning an image, is defined. */ + if (*p != 1) /* Currently only 1, meaning an image, is defined. */ { cdk_free (buf); return CDK_Inv_Packet; @@ -595,7 +595,7 @@ read_subpkt (cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes) c1 = cdk_stream_getc (inp); n++; if (c1 == 0) - return 0; + return 0; size = ((c - 192) << 8) + c1 + 192; } else if (c < 192) @@ -659,61 +659,61 @@ parse_sig_subpackets (cdk_pkt_signature_t sig) for (node = sig->unhashed; node; node = node->next) { if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8) - { - sig->keyid[0] = _cdk_buftou32 (node->d); - sig->keyid[1] = _cdk_buftou32 (node->d + 4); - } + { + sig->keyid[0] = _cdk_buftou32 (node->d); + sig->keyid[1] = _cdk_buftou32 (node->d + 4); + } else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0) - { - /* Sometimes this packet might be placed in the unhashed area */ - sig->flags.exportable = 0; - } + { + /* Sometimes this packet might be placed in the unhashed area */ + sig->flags.exportable = 0; + } } for (node = sig->hashed; node; node = node->next) { if (node->type == CDK_SIGSUBPKT_SIG_CREATED && node->size >= 4) - sig->timestamp = _cdk_buftou32 (node->d); + sig->timestamp = _cdk_buftou32 (node->d); else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4) - { - sig->expiredate = _cdk_buftou32 (node->d); - if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL)) - sig->flags.expired = 1; - } + { + sig->expiredate = _cdk_buftou32 (node->d); + if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL)) + sig->flags.expired = 1; + } else if (node->type == CDK_SIGSUBPKT_POLICY) - sig->flags.policy_url = 1; + sig->flags.policy_url = 1; else if (node->type == CDK_SIGSUBPKT_NOTATION) - sig->flags.notation = 1; + sig->flags.notation = 1; else if (node->type == CDK_SIGSUBPKT_REVOCABLE && node->d[0] == 0) - sig->flags.revocable = 0; + sig->flags.revocable = 0; else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0) - sig->flags.exportable = 0; + sig->flags.exportable = 0; } if (sig->sig_class == 0x1F) { cdk_desig_revoker_t r, rnode; for (node = sig->hashed; node; node = node->next) - { - if (node->type == CDK_SIGSUBPKT_REV_KEY) - { - if (node->size < 22) - continue; - rnode = cdk_calloc (1, sizeof *rnode); - if (!rnode) - return CDK_Out_Of_Core; - rnode->r_class = node->d[0]; - rnode->algid = node->d[1]; - memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN); - if (!sig->revkeys) - sig->revkeys = rnode; - else - { - for (r = sig->revkeys; r->next; r = r->next) - ; - r->next = rnode; - } - } - } + { + if (node->type == CDK_SIGSUBPKT_REV_KEY) + { + if (node->size < 22) + continue; + rnode = cdk_calloc (1, sizeof *rnode); + if (!rnode) + return CDK_Out_Of_Core; + rnode->r_class = node->d[0]; + rnode->algid = node->d[1]; + memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN); + if (!sig->revkeys) + sig->revkeys = rnode; + else + { + for (r = sig->revkeys; r->next; r = r->next) + ; + r->next = rnode; + } + } + } } return 0; @@ -745,7 +745,7 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig) if (sig->version < 4) { if (cdk_stream_getc (inp) != 5) - return CDK_Inv_Packet; + return CDK_Inv_Packet; sig->sig_class = cdk_stream_getc (inp); sig->timestamp = read_32 (inp); sig->keyid[0] = read_32 (inp); @@ -756,13 +756,13 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig) sig->digest_start[1] = cdk_stream_getc (inp); nsig = cdk_pk_get_nsig (sig->pubkey_algo); if (!nsig) - return CDK_Inv_Algo; + return CDK_Inv_Algo; for (i = 0; i < nsig; i++) - { - rc = read_mpi (inp, &sig->mpi[i], 0); - if (rc) - return rc; - } + { + rc = read_mpi (inp, &sig->mpi[i], 0); + if (rc) + return rc; + } } else { @@ -773,38 +773,38 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig) size = sig->hashed_size; sig->hashed = NULL; while (size > 0) - { - rc = read_subpkt (inp, &sig->hashed, &nbytes); - if (rc) - return rc; - size -= nbytes; - } + { + rc = read_subpkt (inp, &sig->hashed, &nbytes); + if (rc) + return rc; + size -= nbytes; + } sig->unhashed_size = read_16 (inp); size = sig->unhashed_size; sig->unhashed = NULL; while (size > 0) - { - rc = read_subpkt (inp, &sig->unhashed, &nbytes); - if (rc) - return rc; - size -= nbytes; - } + { + rc = read_subpkt (inp, &sig->unhashed, &nbytes); + if (rc) + return rc; + size -= nbytes; + } rc = parse_sig_subpackets (sig); if (rc) - return rc; + return rc; sig->digest_start[0] = cdk_stream_getc (inp); sig->digest_start[1] = cdk_stream_getc (inp); nsig = cdk_pk_get_nsig (sig->pubkey_algo); if (!nsig) - return CDK_Inv_Algo; + return CDK_Inv_Algo; for (i = 0; i < nsig; i++) - { - rc = read_mpi (inp, &sig->mpi[i], 0); - if (rc) - return rc; - } + { + rc = read_mpi (inp, &sig->mpi[i], 0); + if (rc) + return rc; + } } return 0; @@ -813,7 +813,7 @@ read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig) static cdk_error_t read_literal (cdk_stream_t inp, size_t pktlen, - cdk_pkt_literal_t * ret_pt, int is_partial) + cdk_pkt_literal_t * ret_pt, int is_partial) { cdk_pkt_literal_t pt = *ret_pt; size_t nread; @@ -836,13 +836,13 @@ read_literal (cdk_stream_t inp, size_t pktlen, { *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2); if (!pt) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pt->name = (char *) pt + sizeof (*pt); rc = stream_read (inp, pt->name, pt->namelen, &nread); if (rc) - return rc; + return rc; if ((int) nread != pt->namelen) - return CDK_Inv_Packet; + return CDK_Inv_Packet; pt->name[pt->namelen] = '\0'; } pt->timestamp = read_32 (inp); @@ -887,7 +887,7 @@ read_old_length (cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size) /* Read a new CTB and decode the body length. */ static void read_new_length (cdk_stream_t inp, - size_t * r_len, size_t * r_size, size_t * r_partial) + size_t * r_len, size_t * r_size, size_t * r_partial) { int c, c1; @@ -959,17 +959,17 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) if (!(ctb & 0x80)) { _cdk_log_info ("cdk_pkt_read: no openpgp data found. " - "(ctb=%02X; fpos=%02X)\n", (int) ctb, - (int) cdk_stream_tell (inp)); + "(ctb=%02X; fpos=%02X)\n", (int) ctb, + (int) cdk_stream_tell (inp)); return CDK_Inv_Packet; } - if (ctb & 0x40) /* RFC2440 packet format. */ + if (ctb & 0x40) /* RFC2440 packet format. */ { pkttype = ctb & 0x3f; is_newctb = 1; } - else /* the old RFC1991 packet format. */ + else /* the old RFC1991 packet format. */ { pkttype = ctb & 0x3f; pkttype >>= 2; @@ -997,11 +997,11 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) { case CDK_PKT_ATTRIBUTE: pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id - + pkt->pktlen + 16 + 1); + + pkt->pktlen + 16 + 1); if (!pkt->pkt.user_id) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pkt->pkt.user_id->name = - (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); + (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); rc = read_attribute (inp, pktlen, pkt->pkt.user_id); pkt->pkttype = CDK_PKT_ATTRIBUTE; @@ -1009,89 +1009,89 @@ cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt) case CDK_PKT_USER_ID: pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id - + pkt->pktlen + 1); + + pkt->pktlen + 1); if (!pkt->pkt.user_id) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pkt->pkt.user_id->name = - (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); + (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id); rc = read_user_id (inp, pktlen, pkt->pkt.user_id); break; case CDK_PKT_PUBLIC_KEY: pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key); if (!pkt->pkt.public_key) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_public_key (inp, pktlen, pkt->pkt.public_key); break; case CDK_PKT_PUBLIC_SUBKEY: pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key); if (!pkt->pkt.public_key) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key); break; case CDK_PKT_SECRET_KEY: pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key); if (!pkt->pkt.secret_key) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pkt->pkt.secret_key->pk = cdk_calloc (1, - sizeof *pkt->pkt.secret_key->pk); + sizeof *pkt->pkt.secret_key->pk); if (!pkt->pkt.secret_key->pk) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key); break; case CDK_PKT_SECRET_SUBKEY: pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key); if (!pkt->pkt.secret_key) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; pkt->pkt.secret_key->pk = cdk_calloc (1, - sizeof *pkt->pkt.secret_key->pk); + sizeof *pkt->pkt.secret_key->pk); if (!pkt->pkt.secret_key->pk) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key); break; case CDK_PKT_LITERAL: pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal); if (!pkt->pkt.literal) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial); break; case CDK_PKT_ONEPASS_SIG: pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig); if (!pkt->pkt.onepass_sig) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig); break; case CDK_PKT_SIGNATURE: pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature); if (!pkt->pkt.signature) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_signature (inp, pktlen, pkt->pkt.signature); break; case CDK_PKT_PUBKEY_ENC: pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc); if (!pkt->pkt.pubkey_enc) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc); break; case CDK_PKT_COMPRESSED: pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed); if (!pkt->pkt.compressed) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_compressed (inp, pktlen, pkt->pkt.compressed); break; case CDK_PKT_MDC: pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc); if (!pkt->pkt.mdc) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = read_mdc (inp, pkt->pkt.mdc); break; diff --git a/lib/opencdk/seskey.c b/lib/opencdk/seskey.c index 8830905098..27de038beb 100644 --- a/lib/opencdk/seskey.c +++ b/lib/opencdk/seskey.c @@ -40,7 +40,7 @@ */ static cdk_error_t do_encode_md (byte ** r_frame, size_t * r_flen, const byte * md, int algo, - size_t len, unsigned nbits, const byte * asn, size_t asnlen) + size_t len, unsigned nbits, const byte * asn, size_t asnlen) { byte *frame = NULL; size_t nframe = (nbits + 7) / 8; @@ -81,43 +81,43 @@ do_encode_md (byte ** r_frame, size_t * r_flen, const byte * md, int algo, return 0; } -static const byte md5_asn[18] = /* Object ID is 1.2.840.113549.2.5 */ +static const byte md5_asn[18] = /* Object ID is 1.2.840.113549.2.5 */ { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 }; -static const byte sha1_asn[15] = /* Object ID is 1.3.14.3.2.26 */ +static const byte sha1_asn[15] = /* Object ID is 1.3.14.3.2.26 */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; -static const byte sha224_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */ +static const byte sha224_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C }; -static const byte sha256_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */ +static const byte sha256_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; -static const byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */ +static const byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */ { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 }; -static const byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */ +static const byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */ { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 }; -static const byte rmd160_asn[15] = /* Object ID is 1.3.36.3.2.1 */ +static const byte rmd160_asn[15] = /* Object ID is 1.3.36.3.2.1 */ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 }; @@ -158,7 +158,7 @@ _gnutls_get_digest_oid (gnutls_digest_algorithm_t algo, const byte ** data) /* Encode the given digest into a pkcs#1 compatible format. */ cdk_error_t _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, int pk_algo, - const byte * md, int digest_algo, unsigned nbits) + const byte * md, int digest_algo, unsigned nbits) { size_t dlen; @@ -169,10 +169,10 @@ _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, int pk_algo, if (dlen <= 0) return CDK_Inv_Algo; if (is_DSA (pk_algo)) - { /* DSS does not use a special encoding. */ + { /* DSS does not use a special encoding. */ *r_md = cdk_malloc (dlen + 1); if (!*r_md) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; *r_mdlen = dlen; memcpy (*r_md, md, dlen); return 0; @@ -185,10 +185,10 @@ _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, int pk_algo, asnlen = _gnutls_get_digest_oid (digest_algo, &asn); if (asnlen < 0) - return asnlen; + return asnlen; rc = do_encode_md (r_md, r_mdlen, md, digest_algo, dlen, - nbits, asn, asnlen); + nbits, asn, asnlen); return rc; } return 0; @@ -207,7 +207,7 @@ _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, int pk_algo, **/ cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo, - const byte * salt) + const byte * salt) { cdk_s2k_t s2k; diff --git a/lib/opencdk/sig-check.c b/lib/opencdk/sig-check.c index cf007d4e34..c1a9154396 100644 --- a/lib/opencdk/sig-check.c +++ b/lib/opencdk/sig-check.c @@ -38,7 +38,7 @@ static int hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr) { - byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */ + byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */ size_t nbytes; size_t i, npkey; int err; @@ -53,15 +53,15 @@ hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr) err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes); if (err < 0) - { - gnutls_assert (); - return map_gnutls_error (err); - } + { + gnutls_assert (); + return map_gnutls_error (err); + } if (!usefpr || pk->version == 4) - _gnutls_hash (md, buf, nbytes); - else /* without the prefix. */ - _gnutls_hash (md, buf + 2, nbytes - 2); + _gnutls_hash (md, buf, nbytes); + else /* without the prefix. */ + _gnutls_hash (md, buf + 2, nbytes - 2); } return 0; } @@ -105,7 +105,7 @@ _cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int usefpr) /* Convert the expiration date into days. */ if (pk->expiredate) - a = (u16) ((pk->expiredate - pk->timestamp) / 86400L); + a = (u16) ((pk->expiredate - pk->timestamp) / 86400L); buf[i++] = a >> 8; buf[i++] = a; } @@ -178,24 +178,24 @@ _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * md) tmp = _gnutls_hash_algo_to_pgp (sig->digest_algo); _gnutls_hash (md, &tmp, 1); if (sig->hashed != NULL) - { - byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n); - assert (p != NULL); - buf[0] = n >> 8; - buf[1] = n >> 0; - _gnutls_hash (md, buf, 2); - _gnutls_hash (md, p, n); - cdk_free (p); - sig->hashed_size = n; - n = sig->hashed_size + 6; - } + { + byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n); + assert (p != NULL); + buf[0] = n >> 8; + buf[1] = n >> 0; + _gnutls_hash (md, buf, 2); + _gnutls_hash (md, p, n); + cdk_free (p); + sig->hashed_size = n; + n = sig->hashed_size + 6; + } else - { - tmp = 0x00; - _gnutls_hash (md, &tmp, 1); - _gnutls_hash (md, &tmp, 1); - n = 6; - } + { + tmp = 0x00; + _gnutls_hash (md, &tmp, 1); + _gnutls_hash (md, &tmp, 1); + n = 6; + } _gnutls_hash (md, &sig->version, 1); tmp = 0xff; _gnutls_hash (md, &tmp, 1); @@ -232,7 +232,7 @@ cache_sig_result (cdk_pkt_signature_t sig, int res) Use the digest handle @digest. */ cdk_error_t _cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig, - digest_hd_st * digest, int *r_expired) + digest_hd_st * digest, int *r_expired) { cdk_error_t rc; byte md[MAX_DIGEST_LEN]; @@ -274,8 +274,8 @@ _cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig, @knode is the key node and @snode the signature node. */ cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t keydb, - cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig, - char **ret_uid) + cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig, + char **ret_uid) { digest_hd_st md; int err; @@ -312,74 +312,74 @@ _cdk_pk_check_sig (cdk_keydb_hd_t keydb, is_expired = 0; if (sig->sig_class == 0x20) - { /* key revocation */ + { /* key revocation */ cdk_kbnode_hash (knode, &md, 0, 0, 0); rc = _cdk_sig_check (pk, sig, &md, &is_expired); } else if (sig->sig_class == 0x28) - { /* subkey revocation */ + { /* subkey revocation */ node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY); if (!node) - { /* no subkey for subkey revocation packet */ - gnutls_assert (); - rc = CDK_Error_No_Key; - goto fail; - } + { /* no subkey for subkey revocation packet */ + gnutls_assert (); + rc = CDK_Error_No_Key; + goto fail; + } cdk_kbnode_hash (knode, &md, 0, 0, 0); cdk_kbnode_hash (node, &md, 0, 0, 0); rc = _cdk_sig_check (pk, sig, &md, &is_expired); } else if (sig->sig_class == 0x18 || sig->sig_class == 0x19) - { /* primary/secondary key binding */ + { /* primary/secondary key binding */ node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY); if (!node) - { /* no subkey for subkey binding packet */ - gnutls_assert (); - rc = CDK_Error_No_Key; - goto fail; - } + { /* no subkey for subkey binding packet */ + gnutls_assert (); + rc = CDK_Error_No_Key; + goto fail; + } cdk_kbnode_hash (knode, &md, 0, 0, 0); cdk_kbnode_hash (node, &md, 0, 0, 0); rc = _cdk_sig_check (pk, sig, &md, &is_expired); } else if (sig->sig_class == 0x1F) - { /* direct key signature */ + { /* direct key signature */ cdk_kbnode_hash (knode, &md, 0, 0, 0); rc = _cdk_sig_check (pk, sig, &md, &is_expired); } else - { /* all other classes */ + { /* all other classes */ cdk_pkt_userid_t uid; node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_USER_ID); if (!node) - { /* no user ID for key signature packet */ - gnutls_assert (); - rc = CDK_Error_No_Key; - goto fail; - } + { /* no user ID for key signature packet */ + gnutls_assert (); + rc = CDK_Error_No_Key; + goto fail; + } uid = node->pkt->pkt.user_id; if (ret_uid) - { - *ret_uid = uid->name; - } + { + *ret_uid = uid->name; + } cdk_kbnode_hash (knode, &md, 0, 0, 0); cdk_kbnode_hash (node, &md, sig->version == 4, 0, 0); if (pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1]) - { - rc = _cdk_sig_check (pk, sig, &md, &is_expired); - if (is_selfsig) - *is_selfsig = 1; - } + { + rc = _cdk_sig_check (pk, sig, &md, &is_expired); + if (is_selfsig) + *is_selfsig = 1; + } else if (keydb != NULL) - { - cdk_pubkey_t sig_pk; - rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk); - if (!rc) - rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired); - cdk_pk_release (sig_pk); - } + { + cdk_pubkey_t sig_pk; + rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk); + if (!rc) + rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired); + cdk_pk_release (sig_pk); + } } fail: _gnutls_hash_deinit (&md, NULL); @@ -395,17 +395,17 @@ struct verify_uid static int uid_list_add_sig (struct verify_uid **list, const char *uid, - unsigned int flag) + unsigned int flag) { if (*list == NULL) { *list = cdk_calloc (1, sizeof (struct verify_uid)); if (*list == NULL) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; (*list)->name = uid; if (flag != 0) - (*list)->nsigs++; + (*list)->nsigs++; } else { @@ -415,30 +415,30 @@ uid_list_add_sig (struct verify_uid **list, const char *uid, p = *list; while (p != NULL) - { - if (strcmp (uid, p->name) == 0) - { - found = 1; - break; - } - prev_p = p; - p = p->next; - } + { + if (strcmp (uid, p->name) == 0) + { + found = 1; + break; + } + prev_p = p; + p = p->next; + } if (found == 0) - { /* not found add to the last */ - prev_p->next = cdk_calloc (1, sizeof (struct verify_uid)); - if (prev_p->next == NULL) - return CDK_Out_Of_Core; - prev_p->next->name = uid; - if (flag != 0) - prev_p->next->nsigs++; - } + { /* not found add to the last */ + prev_p->next = cdk_calloc (1, sizeof (struct verify_uid)); + if (prev_p->next == NULL) + return CDK_Out_Of_Core; + prev_p->next->name = uid; + if (flag != 0) + prev_p->next->nsigs++; + } else - { /* found... increase sigs */ - if (flag != 0) - p->nsigs++; - } + { /* found... increase sigs */ + if (flag != 0) + p->nsigs++; + } } return CDK_Success; @@ -474,12 +474,12 @@ uid_list_all_signed (struct verify_uid *list) while (p != NULL) { if (p->nsigs == 0) - { - return 0; - } + { + return 0; + } p = p->next; } - return 1; /* all signed */ + return 1; /* all signed */ } /** @@ -530,42 +530,42 @@ cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status) for (node = key; node; node = node->next) { if (node->pkt->pkttype != CDK_PKT_SIGNATURE) - continue; + continue; sig = node->pkt->pkt.signature; rc = _cdk_pk_check_sig (keydb, key, node, &is_selfsig, &uid_name); if (rc && rc != CDK_Error_No_Key) - { - /* It might be possible that a single signature has been - corrupted, thus we do not consider it a problem when - one ore more signatures are bad. But at least the self - signature has to be valid. */ - if (is_selfsig) - { - key_status |= CDK_KEY_INVALID; - break; - } - } + { + /* It might be possible that a single signature has been + corrupted, thus we do not consider it a problem when + one ore more signatures are bad. But at least the self + signature has to be valid. */ + if (is_selfsig) + { + key_status |= CDK_KEY_INVALID; + break; + } + } _cdk_log_debug ("signature %s: signer %08X keyid %08X\n", - rc == CDK_Bad_Sig ? "BAD" : "good", - (unsigned int) sig->keyid[1], (unsigned int) keyid); + rc == CDK_Bad_Sig ? "BAD" : "good", + (unsigned int) sig->keyid[1], (unsigned int) keyid); if (IS_UID_SIG (sig) && uid_name != NULL) - { - /* add every uid in the uid list. Only consider valid: - * - verification was ok - * - not a selfsig - */ - rc = - uid_list_add_sig (&uid_list, uid_name, - (rc == CDK_Success && is_selfsig == 0) ? 1 : 0); - if (rc != CDK_Success) - { - gnutls_assert (); - goto exit; - } - } + { + /* add every uid in the uid list. Only consider valid: + * - verification was ok + * - not a selfsig + */ + rc = + uid_list_add_sig (&uid_list, uid_name, + (rc == CDK_Success && is_selfsig == 0) ? 1 : 0); + if (rc != CDK_Success) + { + gnutls_assert (); + goto exit; + } + } } @@ -609,40 +609,40 @@ cdk_pk_check_self_sig (cdk_kbnode_t key, int *r_status) { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY - && pkt->pkttype != CDK_PKT_PUBLIC_KEY) - continue; + && pkt->pkttype != CDK_PKT_PUBLIC_KEY) + continue; /* FIXME: we should set expire/revoke here also but callers expect CDK_KEY_VALID=0 if the key is okay. */ sig_ok = 0; for (node = p; node; node = node->next) - { - if (node->pkt->pkttype != CDK_PKT_SIGNATURE) - continue; - sig = node->pkt->pkt.signature; - - cdk_sig_get_keyid (sig, sigid); - if (sigid[0] != keyid[0] || sigid[1] != keyid[1]) - continue; - /* FIXME: Now we check all self signatures. */ - rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL); - if (rc) - { - *r_status = CDK_KEY_INVALID; - return rc; - } - else /* For each valid self sig we increase this counter. */ - sig_ok++; - } + { + if (node->pkt->pkttype != CDK_PKT_SIGNATURE) + continue; + sig = node->pkt->pkt.signature; + + cdk_sig_get_keyid (sig, sigid); + if (sigid[0] != keyid[0] || sigid[1] != keyid[1]) + continue; + /* FIXME: Now we check all self signatures. */ + rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL); + if (rc) + { + *r_status = CDK_KEY_INVALID; + return rc; + } + else /* For each valid self sig we increase this counter. */ + sig_ok++; + } /* A key without a self signature is not valid. At least one * signature for the given key has to be found. */ if (!sig_ok) - { - *r_status = CDK_KEY_INVALID; - return CDK_General_Error; - } + { + *r_status = CDK_KEY_INVALID; + return CDK_General_Error; + } } /* No flags indicate a valid key. */ diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c index 01fd8855f1..29bea09bac 100644 --- a/lib/opencdk/stream.c +++ b/lib/opencdk/stream.c @@ -48,7 +48,7 @@ static cdk_error_t stream_flush (cdk_stream_t s); static cdk_error_t stream_filter_write (cdk_stream_t s); static int stream_cache_flush (cdk_stream_t s, FILE * fp); struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc, - int type); + int type); /* FIXME: The read/write/putc/getc function cannot directly @@ -74,7 +74,7 @@ cdk_stream_open (const char *file, cdk_stream_t * ret_s) /* Helper function to allow to open a stream in different modes. */ cdk_error_t _cdk_stream_open_mode (const char *file, const char *mode, - cdk_stream_t * ret_s) + cdk_stream_t * ret_s) { cdk_stream_t s; @@ -125,7 +125,7 @@ _cdk_stream_open_mode (const char *file, const char *mode, */ cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa, - cdk_stream_t * ret_s) + cdk_stream_t * ret_s) { cdk_stream_t s; @@ -192,11 +192,11 @@ cdk_stream_new (const char *file, cdk_stream_t * ret_s) { s->fname = cdk_strdup (file); if (!s->fname) - { - cdk_free (s); - gnutls_assert (); - return CDK_Out_Of_Core; - } + { + cdk_free (s); + gnutls_assert (); + return CDK_Out_Of_Core; + } } s->fp = _cdk_tmpfile (); if (!s->fp) @@ -410,19 +410,19 @@ cdk_stream_flush (cdk_stream_t s) if (!s->flags.filtrated) { if (!cdk_stream_get_length (s)) - return 0; + return 0; rc = cdk_stream_seek (s, 0); if (!rc) - rc = stream_flush (s); + rc = stream_flush (s); if (!rc) - rc = stream_filter_write (s); + rc = stream_filter_write (s); s->flags.filtrated = 1; if (rc) - { - s->error = rc; - gnutls_assert (); - return rc; - } + { + s->error = rc; + gnutls_assert (); + return rc; + } } return 0; } @@ -460,16 +460,16 @@ cdk_stream_close (cdk_stream_t s) } _gnutls_read_log ("close stream ref=%d `%s'\n", - s->fp_ref, s->fname ? s->fname : "[temp]"); + s->fp_ref, s->fname ? s->fname : "[temp]"); /* In the user callback mode, we call the release cb if possible and just free the stream. */ if (s->cbs_hd) { if (s->cbs.release) - rc = s->cbs.release (s->cbs_hd); + rc = s->cbs.release (s->cbs_hd); else - rc = 0; + rc = 0; cdk_free (s); gnutls_assert (); return rc; @@ -487,7 +487,7 @@ cdk_stream_close (cdk_stream_t s) err = fclose (s->fp); s->fp = NULL; if (err) - rc = CDK_File_Error; + rc = CDK_File_Error; } /* Iterate over the filter list and use the cleanup flag to @@ -497,7 +497,7 @@ cdk_stream_close (cdk_stream_t s) { f2 = f->next; if (f->fnct) - f->fnct (f->opaque, STREAMCTL_FREE, NULL, NULL); + f->fnct (f->opaque, STREAMCTL_FREE, NULL, NULL); cdk_free (f); f = f2; } @@ -627,7 +627,7 @@ filter_search (cdk_stream_t s, filter_fnct_t fnc) for (f = s->filters; f; f = f->next) { if (f->fnct == fnc) - return f; + return f; } return NULL; @@ -757,7 +757,7 @@ stream_fp_replace (cdk_stream_t s, FILE ** tmp) assert (s); _gnutls_read_log ("replace stream fd=%d with fd=%d\n", - fileno (s->fp), fileno (*tmp)); + fileno (s->fp), fileno (*tmp)); rc = fclose (s->fp); if (rc) { @@ -790,40 +790,40 @@ stream_filter_write (cdk_stream_t s) for (f = s->filters; f; f = f->next) { if (!f->flags.enabled) - continue; + continue; /* if there is no next filter, create the final output file */ _gnutls_read_log ("filter [write]: last filter=%d fname=%s\n", - f->next ? 1 : 0, s->fname); + f->next ? 1 : 0, s->fname); if (!f->next && s->fname) - f->tmp = fopen (s->fname, "w+b"); + f->tmp = fopen (s->fname, "w+b"); else - f->tmp = _cdk_tmpfile (); + f->tmp = _cdk_tmpfile (); if (!f->tmp) - { - rc = CDK_File_Error; - break; - } + { + rc = CDK_File_Error; + break; + } /* If there is no next filter, flush the cache. We also do this when the next filter is the armor filter because this filter is special and before it starts, all data should be written. */ if ((!f->next || f->next->type == fARMOR) && s->cache.size) - { - rc = stream_cache_flush (s, f->tmp); - if (rc) - break; - } + { + rc = stream_cache_flush (s, f->tmp); + if (rc) + break; + } rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp); _gnutls_read_log ("filter [write]: type=%d rc=%d\n", f->type, rc); if (!rc) - rc = stream_fp_replace (s, &f->tmp); + rc = stream_fp_replace (s, &f->tmp); if (!rc) - rc = cdk_stream_seek (s, 0); + rc = cdk_stream_seek (s, 0); if (rc) - { - _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp)); - fclose (f->tmp); - break; - } + { + _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp)); + fclose (f->tmp); + break; + } } return rc; } @@ -848,46 +848,46 @@ stream_filter_read (cdk_stream_t s) for (f = s->filters; f; f = f->next) { if (!f->flags.enabled) - continue; + continue; if (f->flags.error) - { - _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n", - s->fname ? s->fname : "[temp]"); - continue; - } + { + _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n", + s->fname ? s->fname : "[temp]"); + continue; + } f->tmp = _cdk_tmpfile (); if (!f->tmp) - { - rc = CDK_File_Error; - break; - } + { + rc = CDK_File_Error; + break; + } rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp); _gnutls_read_log ("filter %s [read]: type=%d rc=%d\n", - s->fname ? s->fname : "[temp]", f->type, rc); + s->fname ? s->fname : "[temp]", f->type, rc); if (rc) - { - f->flags.error = 1; - break; - } + { + f->flags.error = 1; + break; + } f->flags.error = 0; /* If the filter is read-only, do not replace the FP because the contents were not altered in any way. */ if (!f->flags.rdonly) - { - rc = stream_fp_replace (s, &f->tmp); - if (rc) - break; - } + { + rc = stream_fp_replace (s, &f->tmp); + if (rc) + break; + } else - { - fclose (f->tmp); - f->tmp = NULL; - } + { + fclose (f->tmp); + f->tmp = NULL; + } rc = cdk_stream_seek (s, 0); if (rc) - break; + break; /* Disable the filter after it was successfully used. The idea is the following: let's say the armor filter was pushed and later more filters were added. The second time the filter code @@ -911,7 +911,7 @@ _cdk_stream_get_opaque (cdk_stream_t s, int fid) for (f = s->filters; f; f = f->next) { if ((int) f->type == fid) - return f->opaque; + return f->opaque; } return NULL; } @@ -943,7 +943,7 @@ cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen) if (s->cbs_hd) { if (s->cbs.read) - return s->cbs.read (s->cbs_hd, buf, buflen); + return s->cbs.read (s->cbs_hd, buf, buflen); return 0; } @@ -951,20 +951,20 @@ cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen) { s->error = CDK_Inv_Mode; gnutls_assert (); - return EOF; /* This is a write stream */ + return EOF; /* This is a write stream */ } if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated) { rc = stream_filter_read (s); if (rc) - { - s->error = rc; - if (feof (s->fp)) - s->flags.eof = 1; - gnutls_assert (); - return EOF; - } + { + s->error = rc; + if (feof (s->fp)) + s->flags.eof = 1; + gnutls_assert (); + return EOF; + } s->flags.filtrated = 1; } @@ -1031,13 +1031,13 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) if (s->cbs_hd) { if (s->cbs.write) - return s->cbs.write (s->cbs_hd, buf, count); + return s->cbs.write (s->cbs_hd, buf, count); return 0; } if (!s->flags.write) { - s->error = CDK_Inv_Mode; /* this is a read stream */ + s->error = CDK_Inv_Mode; /* this is a read stream */ gnutls_assert (); return EOF; } @@ -1051,17 +1051,17 @@ cdk_stream_write (cdk_stream_t s, const void *buf, size_t count) fit into it. We allocate more memory to avoid to resize it the next time the function is used. */ if (s->cache.size + count > s->cache.alloced) - { - byte *old = s->cache.buf; - - s->cache.buf = - cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE); - s->cache.alloced += (count + STREAM_BUFSIZE); - memcpy (s->cache.buf, old, s->cache.size); - cdk_free (old); - _gnutls_read_log ("stream: enlarge cache to %d octets\n", - (int) s->cache.alloced); - } + { + byte *old = s->cache.buf; + + s->cache.buf = + cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE); + s->cache.alloced += (count + STREAM_BUFSIZE); + memcpy (s->cache.buf, old, s->cache.size); + cdk_free (old); + _gnutls_read_log ("stream: enlarge cache to %d octets\n", + (int) s->cache.alloced); + } memcpy (s->cache.buf + s->cache.size, buf, count); s->cache.size += count; return count; @@ -1114,7 +1114,7 @@ cdk_stream_seek (cdk_stream_t s, off_t offset) if (s->cbs_hd) { if (s->cbs.seek) - return s->cbs.seek (s->cbs_hd, offset); + return s->cbs.seek (s->cbs_hd, offset); return 0; } @@ -1192,7 +1192,7 @@ cdk_stream_set_armor_flag (cdk_stream_t s, int armor_type) **/ cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode, - const char *fname) + const char *fname) { struct stream_filter_s *f; const char *orig_fname; @@ -1350,7 +1350,7 @@ cdk_stream_enable_cache (cdk_stream_t s, int val) s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE); s->cache.alloced = STREAM_BUFSIZE; _gnutls_read_log ("stream: allocate cache of %d octets\n", - STREAM_BUFSIZE); + STREAM_BUFSIZE); } return 0; } @@ -1368,10 +1368,10 @@ stream_cache_flush (cdk_stream_t s, FILE * fp) { nwritten = fwrite (s->cache.buf, 1, s->cache.size, fp); if (!nwritten) - { - gnutls_assert (); - return CDK_File_Error; - } + { + gnutls_assert (); + return CDK_File_Error; + } s->cache.size = 0; s->cache.on = 0; wipemem (s->cache.buf, s->cache.alloced); @@ -1405,13 +1405,13 @@ cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out) { nread = cdk_stream_read (inp, buf, DIM (buf)); if (!nread || nread == EOF) - break; + break; nwritten = cdk_stream_write (out, buf, nread); if (!nwritten || nwritten == EOF) - { /* In case of errors, we leave the loop. */ - rc = inp->error; - break; - } + { /* In case of errors, we leave the loop. */ + rc = inp->error; + break; + } } wipemem (buf, sizeof (buf)); @@ -1432,7 +1432,7 @@ cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out) **/ cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len, - byte ** ret_buf, size_t * ret_buflen) + byte ** ret_buf, size_t * ret_buflen) { cdk_error_t rc; off_t oldpos; @@ -1554,10 +1554,10 @@ _cdk_stream_gets (cdk_stream_t s, char *buf, size_t count) { c = cdk_stream_getc (s); if (c == EOF || c == '\r' || c == '\n') - { - buf[i++] = '\0'; - break; - } + { + buf[i++] = '\0'; + break; + } buf[i++] = c; count--; } @@ -1580,7 +1580,7 @@ _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes) assert (s); _gnutls_read_log ("stream: activate block mode with blocksize %d\n", - (int) nbytes); + (int) nbytes); s->blkmode = nbytes; return 0; } diff --git a/lib/opencdk/stream.h b/lib/opencdk/stream.h index 491e330099..50553b6946 100644 --- a/lib/opencdk/stream.h +++ b/lib/opencdk/stream.h @@ -41,7 +41,7 @@ enum /* Type definition for the filter function. */ typedef cdk_error_t (*filter_fnct_t) (void *opaque, int ctl, FILE * in, - FILE * out); + FILE * out); /* The stream filter context structure. */ struct stream_filter_s diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c index ee5fb2be66..957eb98cfc 100644 --- a/lib/opencdk/verify.c +++ b/lib/opencdk/verify.c @@ -60,7 +60,7 @@ struct static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *, - const char *); + const char *); /** @@ -74,7 +74,7 @@ static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *, */ cdk_error_t cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data, - cdk_stream_t out) + cdk_stream_t out) { /* FIXME: out is not currently used. */ if (cdk_armor_filter_use (inp)) @@ -93,7 +93,7 @@ cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data, **/ cdk_error_t cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file, - const char *output) + const char *output) { struct stat stbuf; cdk_stream_t inp, data; @@ -113,13 +113,13 @@ cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file, { n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1); if (!n || n == -1) - return CDK_EOF; + return CDK_EOF; buf[n] = '\0'; if (strstr (buf, "BEGIN PGP SIGNED MESSAGE")) - { - cdk_stream_close (inp); - return file_verify_clearsign (hd, file, output); - } + { + cdk_stream_close (inp); + return file_verify_clearsign (hd, file, output); + } cdk_stream_set_armor_flag (inp, 0); } @@ -127,10 +127,10 @@ cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file, { rc = cdk_stream_open (data_file, &data); if (rc) - { - cdk_stream_close (inp); - return rc; - } + { + cdk_stream_close (inp); + return rc; + } } else data = NULL; @@ -183,14 +183,14 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { rc = cdk_stream_create (output, &out); if (rc) - return rc; + return rc; } rc = cdk_stream_open (file, &inp); if (rc) { if (output) - cdk_stream_close (out); + cdk_stream_close (out); return rc; } @@ -199,12 +199,12 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) - break; + break; if (!strncmp (buf, s, strlen (s))) - { - is_signed = 1; - break; - } + { + is_signed = 1; + break; + } } if (cdk_stream_eof (inp) && !is_signed) @@ -217,20 +217,20 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) - break; - if (nbytes == 1) /* Empty line */ - break; + break; + if (nbytes == 1) /* Empty line */ + break; else if (!strncmp (buf, "Hash: ", 6)) - { - for (i = 0; digest_table[i].name; i++) - { - if (!strcmp (buf + 6, digest_table[i].name)) - { - digest_algo = digest_table[i].algo; - break; - } - } - } + { + for (i = 0; digest_table[i].name; i++) + { + if (!strcmp (buf + 6, digest_table[i].name)) + { + digest_algo = digest_table[i].algo; + break; + } + } + } } if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0) @@ -255,27 +255,27 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) - break; + break; if (!strncmp (buf, s, strlen (s))) - break; + break; else - { - cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1); - i = strncmp (chk, s, strlen (s)); - if (strlen (buf) == 0 && i == 0) - continue; /* skip last '\n' */ - _cdk_trim_string (buf, i == 0 ? 0 : 1); - _gnutls_hash (&md, buf, strlen (buf)); - } - if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */ - memmove (buf, buf + 2, nbytes - 2); + { + cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1); + i = strncmp (chk, s, strlen (s)); + if (strlen (buf) == 0 && i == 0) + continue; /* skip last '\n' */ + _cdk_trim_string (buf, i == 0 ? 0 : 1); + _gnutls_hash (&md, buf, strlen (buf)); + } + if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */ + memmove (buf, buf + 2, nbytes - 2); if (out) - { - if (strstr (buf, "\r\n")) - buf[strlen (buf) - 2] = '\0'; - cdk_stream_write (out, buf, strlen (buf)); - _cdk_stream_puts (out, _cdk_armor_get_lineend ()); - } + { + if (strstr (buf, "\r\n")) + buf[strlen (buf) - 2] = '\0'; + cdk_stream_write (out, buf, strlen (buf)); + _cdk_stream_puts (out, _cdk_armor_get_lineend ()); + } } /* We create a temporary stream object to store the @@ -290,12 +290,12 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output) { nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1); if (!nbytes || nbytes == -1) - break; + break; if (nbytes < (int) (DIM (buf) - 3)) - { - buf[nbytes - 1] = '\n'; - buf[nbytes] = '\0'; - } + { + buf[nbytes - 1] = '\n'; + buf[nbytes] = '\0'; + } cdk_stream_write (tmp, buf, nbytes); } diff --git a/lib/opencdk/write-packet.c b/lib/opencdk/write-packet.c index 265c40ddcb..12f432eb05 100644 --- a/lib/opencdk/write-packet.c +++ b/lib/opencdk/write-packet.c @@ -137,7 +137,7 @@ write_mpibuf (cdk_stream_t out, bigint_t mpi[MAX_CDK_PK_PARTS], size_t count) { rc = write_mpi (out, mpi[i]); if (rc) - return rc; + return rc; } return 0; } @@ -163,13 +163,13 @@ pkt_encode_len (cdk_stream_t out, size_t pktlen) pktlen -= 192; rc = stream_putc (out, (pktlen / 256) + 192); if (!rc) - rc = stream_putc (out, (pktlen % 256)); + rc = stream_putc (out, (pktlen % 256)); } else { rc = stream_putc (out, 255); if (!rc) - rc = write_32 (out, pktlen); + rc = write_32 (out, pktlen); } return rc; @@ -217,11 +217,11 @@ write_head_old (cdk_stream_t out, size_t size, int type) if (!rc) { if (size < 256) - rc = stream_putc (out, size); + rc = stream_putc (out, size); else if (size < 65536) - rc = write_16 (out, size); + rc = write_16 (out, size); else - rc = write_32 (out, size); + rc = write_32 (out, size); } return rc; @@ -301,7 +301,7 @@ write_mdc (cdk_stream_t out, cdk_pkt_mdc_t mdc) _gnutls_write_log ("write_mdc:\n"); /* This packet requires a fixed header encoding */ - rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */ + rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */ if (!rc) rc = stream_putc (out, 0x14); if (!rc) @@ -399,7 +399,7 @@ write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb) { buf = _cdk_subpkt_get_array (sig->hashed, 0, &nbytes); if (!buf) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = stream_write (out, buf, nbytes); cdk_free (buf); } @@ -409,7 +409,7 @@ write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb) { buf = _cdk_subpkt_get_array (sig->unhashed, 0, &nbytes); if (!buf) - return CDK_Out_Of_Core; + return CDK_Out_Of_Core; rc = stream_write (out, buf, nbytes); cdk_free (buf); } @@ -425,7 +425,7 @@ write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb) static cdk_error_t write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk, - int is_subkey, int old_ctb) + int is_subkey, int old_ctb) { int pkttype, ndays = 0; size_t npkey = 0, size = 6; @@ -445,7 +445,7 @@ write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk, if (!npkey) return CDK_Inv_Algo; if (pk->version < 4) - size += 2; /* expire date */ + size += 2; /* expire date */ if (is_subkey) old_ctb = 0; size += calc_mpisize (pk->mpi, npkey); @@ -460,7 +460,7 @@ write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk, if (!rc && pk->version < 4) { if (pk->expiredate) - ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L); + ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L); rc = write_16 (out, ndays); } if (!rc) @@ -491,14 +491,14 @@ calc_s2ksize (cdk_pkt_seckey_t sk) break; } nbytes += sk->protect.ivlen; - nbytes++; /* single cipher byte */ + nbytes++; /* single cipher byte */ return nbytes; } static cdk_error_t write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, - int is_subkey, int old_ctb) + int is_subkey, int old_ctb) { cdk_pkt_pubkey_t pk = NULL; size_t size = 6, npkey, nskey; @@ -536,16 +536,16 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, if (sk->version == 3 || !sk->is_protected) { if (sk->version == 3) - { - size += 2; /* force simple checksum */ - sk->protect.sha1chk = 0; - } + { + size += 2; /* force simple checksum */ + sk->protect.sha1chk = 0; + } else - size += sk->protect.sha1chk ? 20 : 2; + size += sk->protect.sha1chk ? 20 : 2; size += calc_mpisize (sk->mpi, nskey); } - else /* We do not know anything about the encrypted mpi's so we - treat the data as opaque. */ + else /* We do not know anything about the encrypted mpi's so we + treat the data as opaque. */ size += sk->enclen; pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY; @@ -558,7 +558,7 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, { u16 ndays = 0; if (pk->expiredate) - ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L); + ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L); rc = write_16 (out, ndays); } if (!rc) @@ -570,50 +570,50 @@ write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk, if (!rc) { if (sk->is_protected == 0) - rc = stream_putc (out, 0x00); + rc = stream_putc (out, 0x00); else - { - if (is_RSA (pk->pubkey_algo) && pk->version < 4) - rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); - else if (sk->protect.s2k) - { - s2k_mode = sk->protect.s2k->mode; - rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF); - if (!rc) - rc = - stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); - if (!rc) - rc = stream_putc (out, sk->protect.s2k->mode); - if (!rc) - rc = stream_putc (out, sk->protect.s2k->hash_algo); - if (!rc && (s2k_mode == 1 || s2k_mode == 3)) - { - rc = stream_write (out, sk->protect.s2k->salt, 8); - if (!rc && s2k_mode == 3) - rc = stream_putc (out, sk->protect.s2k->count); - } - } - else - return CDK_Inv_Value; - if (!rc) - rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); - } + { + if (is_RSA (pk->pubkey_algo) && pk->version < 4) + rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); + else if (sk->protect.s2k) + { + s2k_mode = sk->protect.s2k->mode; + rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF); + if (!rc) + rc = + stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo)); + if (!rc) + rc = stream_putc (out, sk->protect.s2k->mode); + if (!rc) + rc = stream_putc (out, sk->protect.s2k->hash_algo); + if (!rc && (s2k_mode == 1 || s2k_mode == 3)) + { + rc = stream_write (out, sk->protect.s2k->salt, 8); + if (!rc && s2k_mode == 3) + rc = stream_putc (out, sk->protect.s2k->count); + } + } + else + return CDK_Inv_Value; + if (!rc) + rc = stream_write (out, sk->protect.iv, sk->protect.ivlen); + } } if (!rc && sk->is_protected && pk->version == 4) { if (sk->encdata && sk->enclen) - rc = stream_write (out, sk->encdata, sk->enclen); + rc = stream_write (out, sk->encdata, sk->enclen); } else { if (!rc) - rc = write_mpibuf (out, sk->mpi, nskey); + rc = write_mpibuf (out, sk->mpi, nskey); if (!rc) - { - if (!sk->csum) - sk->csum = _cdk_sk_get_csum (sk); - rc = write_16 (out, sk->csum); - } + { + if (!sk->csum) + sk->csum = _cdk_sk_get_csum (sk); + rc = write_16 (out, sk->csum); + } } return rc; @@ -680,7 +680,7 @@ write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb) { rc = stream_read (pt->buf, buf, DIM (buf), &size); if (!rc) - rc = stream_write (out, buf, size); + rc = stream_write (out, buf, size); } wipemem (buf, sizeof (buf)); @@ -723,7 +723,7 @@ write_onepass_sig (cdk_stream_t out, cdk_pkt_onepass_sig_t sig) static cdk_error_t write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb, - int pkttype) + int pkttype) { cdk_error_t rc; @@ -733,11 +733,11 @@ write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb, if (pkttype == CDK_PKT_ATTRIBUTE) { if (!id->attrib_img) - return CDK_Inv_Value; + return CDK_Inv_Value; rc = - pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE); + pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE); if (rc) - return rc; + return rc; /* Write subpacket part. */ stream_putc (out, 255); write_32 (out, id->attrib_len + 1); @@ -747,10 +747,10 @@ write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb, else { if (!id->name) - return CDK_Inv_Value; + return CDK_Inv_Value; rc = pkt_write_head (out, old_ctb, id->len, CDK_PKT_USER_ID); if (!rc) - rc = stream_write (out, id->name, id->len); + rc = stream_write (out, id->name, id->len); } return rc; diff --git a/lib/openpgp/compat.c b/lib/openpgp/compat.c index 50cbbd2e8d..75ef9450c4 100644 --- a/lib/openpgp/compat.c +++ b/lib/openpgp/compat.c @@ -47,8 +47,8 @@ -*/ int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status) + const gnutls_datum_t * cert_list, + int cert_list_length, unsigned int *status) { int ret = 0; gnutls_openpgp_crt_t key = NULL; @@ -79,10 +79,10 @@ _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred, { ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify); if (ret < 0) - { - gnutls_assert (); - goto leave; - } + { + gnutls_assert (); + goto leave; + } } /* Now try the self signature. */ @@ -118,7 +118,7 @@ leave: -*/ int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen) + unsigned char *fpr, size_t * fprlen) { gnutls_openpgp_crt_t key; int ret; diff --git a/lib/openpgp/extras.c b/lib/openpgp/extras.c index 9e0aec9d32..8ae4bbe0a9 100644 --- a/lib/openpgp/extras.c +++ b/lib/openpgp/extras.c @@ -51,7 +51,7 @@ gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring) *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int)); if (*keyring) - return 0; /* success */ + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } @@ -90,8 +90,8 @@ gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring) **/ int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, - const gnutls_openpgp_keyid_t keyid, - unsigned int flags) + const gnutls_openpgp_keyid_t keyid, + unsigned int flags) { cdk_pkt_pubkey_t pk; uint32_t id[2]; @@ -123,8 +123,8 @@ gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring, **/ int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format) { cdk_error_t err; cdk_stream_t input = NULL; @@ -138,7 +138,7 @@ gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, } _gnutls_debug_log ("PGP: keyring import format '%s'\n", - format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); + format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64"); /* Create a new stream from the given data, decode it, and import * the raw database. This to avoid using opencdk streams which are @@ -150,45 +150,45 @@ gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring, err = cdk_stream_tmp_from_mem (data->data, data->size, &input); if (!err) - err = cdk_stream_set_armor_flag (input, 0); + err = cdk_stream_set_armor_flag (input, 0); if (err) - { - gnutls_assert (); - err = _gnutls_map_cdk_rc (err); - goto error; - } + { + gnutls_assert (); + err = _gnutls_map_cdk_rc (err); + goto error; + } raw_len = cdk_stream_get_length (input); if (raw_len == 0) - { - gnutls_assert (); - err = GNUTLS_E_BASE64_DECODING_ERROR; - goto error; - } + { + gnutls_assert (); + err = GNUTLS_E_BASE64_DECODING_ERROR; + goto error; + } raw_data = gnutls_malloc (raw_len); if (raw_data == NULL) - { - gnutls_assert (); - err = GNUTLS_E_MEMORY_ERROR; - goto error; - } + { + gnutls_assert (); + err = GNUTLS_E_MEMORY_ERROR; + goto error; + } do - { - err = - cdk_stream_read (input, raw_data + written, raw_len - written); + { + err = + cdk_stream_read (input, raw_data + written, raw_len - written); - if (err > 0) - written += err; - } + if (err > 0) + written += err; + } while (written < raw_len && err != EOF && err > 0); raw_len = written; } else - { /* RAW */ + { /* RAW */ raw_len = data->size; raw_data = data->data; } @@ -237,14 +237,14 @@ gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring) { err = cdk_keydb_search (st, ring->db, &knode); if (err != CDK_Error_No_Key && err != CDK_Success) - { - gnutls_assert (); - cdk_keydb_search_release (st); - return _gnutls_map_cdk_rc (err); - } + { + gnutls_assert (); + cdk_keydb_search_release (st); + return _gnutls_map_cdk_rc (err); + } if (knode_is_pkey (knode)) - ret++; + ret++; cdk_kbnode_release (knode); @@ -270,7 +270,7 @@ gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring) **/ int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring, - unsigned int idx, gnutls_openpgp_crt_t * cert) + unsigned int idx, gnutls_openpgp_crt_t * cert) { cdk_kbnode_t knode; cdk_error_t err; @@ -289,23 +289,23 @@ gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring, { err = cdk_keydb_search (st, ring->db, &knode); if (err != CDK_EOF && err != CDK_Success) - { - gnutls_assert (); - cdk_keydb_search_release (st); - return _gnutls_map_cdk_rc (err); - } + { + gnutls_assert (); + cdk_keydb_search_release (st); + return _gnutls_map_cdk_rc (err); + } if (idx == count && err == CDK_Success) - { - ret = gnutls_openpgp_crt_init (cert); - if (ret == 0) - (*cert)->knode = knode; - cdk_keydb_search_release (st); - return ret; - } + { + ret = gnutls_openpgp_crt_init (cert); + if (ret == 0) + (*cert)->knode = knode; + cdk_keydb_search_release (st); + return ret; + } if (knode_is_pkey (knode)) - count++; + count++; cdk_kbnode_release (knode); diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c index 0bf640d893..5d14668706 100644 --- a/lib/openpgp/gnutls_openpgp.c +++ b/lib/openpgp/gnutls_openpgp.c @@ -77,8 +77,8 @@ _gnutls_map_cdk_rc (int rc) -*/ int _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert, - const gnutls_datum_t * raw, - const gnutls_openpgp_keyid_t keyid) + const gnutls_datum_t * raw, + const gnutls_openpgp_keyid_t keyid) { gnutls_openpgp_crt_t pcrt; int ret; @@ -102,11 +102,11 @@ _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert, { ret = gnutls_openpgp_crt_set_preferred_key_id (pcrt, keyid); if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_crt_deinit (pcrt); - return ret; - } + { + gnutls_assert (); + gnutls_openpgp_crt_deinit (pcrt); + return ret; + } } ret = _gnutls_openpgp_crt_to_gcert (gcert, pcrt); @@ -133,8 +133,8 @@ _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert, **/ int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, - gnutls_openpgp_crt_t crt, - gnutls_openpgp_privkey_t pkey) + gnutls_openpgp_crt_t crt, + gnutls_openpgp_privkey_t pkey) { int ret; gnutls_privkey_t privkey; @@ -150,7 +150,7 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, ret = gnutls_privkey_import_openpgp (privkey, pkey, - GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); + GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE); if (ret < 0) { gnutls_privkey_deinit (privkey); @@ -207,8 +207,8 @@ gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res, -*/ int gnutls_openpgp_get_key (gnutls_datum_t * key, - gnutls_openpgp_keyring_t keyring, key_attr_t by, - opaque * pattern) + gnutls_openpgp_keyring_t keyring, key_attr_t by, + opaque * pattern) { cdk_kbnode_t knode = NULL; unsigned long keyid[2]; @@ -284,12 +284,12 @@ leave: **/ int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - gnutls_openpgp_crt_fmt_t format) + const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_openpgp_crt_fmt_t format) { return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key, - NULL, format); + NULL, format); } /** @@ -308,12 +308,12 @@ gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res, - const char *certfile, - const char *keyfile, - gnutls_openpgp_crt_fmt_t format) + const char *certfile, + const char *keyfile, + gnutls_openpgp_crt_fmt_t format) { return gnutls_certificate_set_openpgp_key_file2 (res, certfile, - keyfile, NULL, format); + keyfile, NULL, format); } static int @@ -324,7 +324,7 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str) if (strlen (str) != 16) { _gnutls_debug_log - ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); + ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); return GNUTLS_E_INVALID_REQUEST; } @@ -360,10 +360,10 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str) **/ int gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, - const gnutls_datum_t * cert, - const gnutls_datum_t * key, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t format) + const gnutls_datum_t * cert, + const gnutls_datum_t * key, + const char *subkey_id, + gnutls_openpgp_crt_fmt_t format) { gnutls_openpgp_privkey_t pkey; gnutls_openpgp_crt_t crt; @@ -405,27 +405,27 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, if (subkey_id != NULL) { if (strcasecmp (subkey_id, "auto") == 0) - ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); + ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1); else - ret = get_keyid (keyid, subkey_id); + ret = get_keyid (keyid, subkey_id); if (ret < 0) - gnutls_assert (); + gnutls_assert (); if (ret >= 0) - { - ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); - if (ret >= 0) - ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); - } + { + ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid); + if (ret >= 0) + ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid); + } if (ret < 0) - { - gnutls_assert (); - gnutls_openpgp_privkey_deinit (pkey); - gnutls_openpgp_crt_deinit (crt); - return ret; - } + { + gnutls_assert (); + gnutls_openpgp_privkey_deinit (pkey); + gnutls_openpgp_crt_deinit (crt); + return ret; + } } ret = gnutls_certificate_set_openpgp_key (res, crt, pkey); @@ -457,10 +457,10 @@ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res, **/ int gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t - res, const char *certfile, - const char *keyfile, - const char *subkey_id, - gnutls_openpgp_crt_fmt_t format) + res, const char *certfile, + const char *keyfile, + const char *subkey_id, + gnutls_openpgp_crt_fmt_t format) { struct stat statbuf; gnutls_datum_t key, cert; @@ -498,7 +498,7 @@ gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t rc = gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id, - format); + format); free (cert.data); free (key.data); @@ -537,10 +537,10 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert) { p = cdk_kbnode_walk (knode, &ctx, 0); if (!p) - break; + break; pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_USER_ID) - nuids++; + nuids++; } cdk_kbnode_release (knode); @@ -563,8 +563,8 @@ gnutls_openpgp_count_key_names (const gnutls_datum_t * cert) **/ int gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t - c, const char *file, - gnutls_openpgp_crt_fmt_t format) + c, const char *file, + gnutls_openpgp_crt_fmt_t format) { gnutls_datum_t ring; size_t size; @@ -586,7 +586,7 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t rc = gnutls_certificate_set_openpgp_keyring_mem (c, ring.data, ring.size, - format); + format); free (ring.data); @@ -610,9 +610,9 @@ gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t **/ int gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t - c, const opaque * data, - size_t dlen, - gnutls_openpgp_crt_fmt_t format) + c, const opaque * data, + size_t dlen, + gnutls_openpgp_crt_fmt_t format) { gnutls_datum_t ddata; int rc; @@ -657,8 +657,8 @@ gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t -*/ int _gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret, - const gnutls_certificate_credentials_t cred, - opaque * key_fpr, int key_fpr_size) + const gnutls_certificate_credentials_t cred, + opaque * key_fpr, int key_fpr_size) { int rc = 0; @@ -669,11 +669,11 @@ _gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret, } if (key_fpr_size != 16 && key_fpr_size != 20) - return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */ + return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */ rc = gnutls_openpgp_get_key (ret, cred->keyring, KEY_ATTR_FPR, key_fpr); - if (rc >= 0) /* key was found */ + if (rc >= 0) /* key was found */ { rc = 0; goto error; @@ -685,14 +685,14 @@ _gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret, if (session->internals.openpgp_recv_key_func != NULL) { rc = session->internals.openpgp_recv_key_func (session, - key_fpr, - key_fpr_size, ret); + key_fpr, + key_fpr_size, ret); if (rc < 0) - { - gnutls_assert (); - rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - goto error; - } + { + gnutls_assert (); + rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; + goto error; + } } error: @@ -712,7 +712,7 @@ error: **/ void gnutls_openpgp_set_recv_key_function (gnutls_session_t session, - gnutls_openpgp_recv_key_func func) + gnutls_openpgp_recv_key_func func) { session->internals.openpgp_recv_key_func = func; } @@ -729,7 +729,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) memset (gcert, 0, sizeof (gnutls_cert)); gcert->cert_type = GNUTLS_CRT_OPENPGP; - gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */ + gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */ gcert->version = gnutls_openpgp_crt_get_version (cert); gcert->params_size = MAX_PUBLIC_PARAMS_SIZE; @@ -742,21 +742,21 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) uint32_t kid32[2]; _gnutls_debug_log - ("Importing Openpgp cert and using openpgp sub key: %s\n", - _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf), - NULL)); + ("Importing Openpgp cert and using openpgp sub key: %s\n", + _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf), + NULL)); KEYID_IMPORT (kid32, keyid); idx = gnutls_openpgp_crt_get_subkey_idx (cert, keyid); if (idx < 0) - { - gnutls_assert (); - return idx; - } + { + gnutls_assert (); + return idx; + } gcert->subject_pk_algorithm = - gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL); + gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL); gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage); gcert->use_subkey = 1; @@ -764,20 +764,20 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) memcpy (gcert->subkey_id, keyid, sizeof (keyid)); ret = - _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params, - &gcert->params_size); + _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params, + &gcert->params_size); } else { _gnutls_debug_log - ("Importing Openpgp cert and using main openpgp key\n"); + ("Importing Openpgp cert and using main openpgp key\n"); gcert->subject_pk_algorithm = - gnutls_openpgp_crt_get_pk_algorithm (cert, NULL); + gnutls_openpgp_crt_get_pk_algorithm (cert, NULL); gnutls_openpgp_crt_get_key_usage (cert, &gcert->key_usage); ret = - _gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params, - &gcert->params_size); + _gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params, + &gcert->params_size); gcert->use_subkey = 0; } @@ -787,7 +787,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) return ret; } - { /* copy the raw certificate */ + { /* copy the raw certificate */ #define SMALL_RAW 512 opaque *raw; size_t raw_size = SMALL_RAW; @@ -798,38 +798,38 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) raw = gnutls_malloc (raw_size); if (raw == NULL) { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } ret = gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw, - &raw_size); + &raw_size); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert (); - gnutls_free (raw); - return ret; + gnutls_assert (); + gnutls_free (raw); + return ret; } if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { - raw = gnutls_realloc (raw, raw_size); - if (raw == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = - gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw, - &raw_size); - if (ret < 0) - { - gnutls_assert (); - gnutls_free (raw); - return ret; - } + raw = gnutls_realloc (raw, raw_size); + if (raw == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + ret = + gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw, + &raw_size); + if (ret < 0) + { + gnutls_assert (); + gnutls_free (raw); + return ret; + } } gcert->raw.data = raw; @@ -839,4 +839,3 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert) return 0; } - diff --git a/lib/openpgp/gnutls_openpgp.h b/lib/openpgp/gnutls_openpgp.h index c89b867f1c..f30b563f53 100644 --- a/lib/openpgp/gnutls_openpgp.h +++ b/lib/openpgp/gnutls_openpgp.h @@ -21,38 +21,38 @@ typedef enum int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert); int gnutls_openpgp_get_key (gnutls_datum_t * key, - gnutls_openpgp_keyring_t keyring, - key_attr_t by, opaque * pattern); + gnutls_openpgp_keyring_t keyring, + key_attr_t by, opaque * pattern); /* internal */ int _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * cert, - const gnutls_datum_t * raw, - const gnutls_openpgp_keyid_t); + const gnutls_datum_t * raw, + const gnutls_openpgp_keyid_t); int _gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey_t * pkey, - const gnutls_datum_t * raw_key); + const gnutls_datum_t * raw_key); int _gnutls_openpgp_request_key (gnutls_session_t, - gnutls_datum_t * ret, - const gnutls_certificate_credentials_t cred, - opaque * key_fpr, int key_fpr_size); + gnutls_datum_t * ret, + const gnutls_certificate_credentials_t cred, + opaque * key_fpr, int key_fpr_size); int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t, - const gnutls_datum_t * cert_list, - int cert_list_length, unsigned int *status); + const gnutls_datum_t * cert_list, + int cert_list_length, unsigned int *status); int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert, - unsigned char *fpr, size_t * fprlen); + unsigned char *fpr, size_t * fprlen); time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * - cert); + cert); time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * - cert); + cert); int _gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + const gnutls_datum_t * hash, + gnutls_datum_t * signature); #endif /*GNUTLS_OPENPGP_LOCAL_H */ diff --git a/lib/openpgp/openpgp_int.h b/lib/openpgp/openpgp_int.h index 235bcfd482..bf0a970352 100644 --- a/lib/openpgp/openpgp_int.h +++ b/lib/openpgp/openpgp_int.h @@ -39,12 +39,12 @@ typedef struct gnutls_openpgp_keyring_int int _gnutls_map_cdk_rc (int rc); int _gnutls_openpgp_export (cdk_kbnode_t node, - gnutls_openpgp_crt_fmt_t format, - void *output_data, size_t * output_data_size, - int private); + gnutls_openpgp_crt_fmt_t format, + void *output_data, size_t * output_data_size, + int private); int _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, - gnutls_openpgp_crt_t cert); + gnutls_openpgp_crt_t cert); cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type); @@ -52,21 +52,21 @@ unsigned int _gnutls_get_pgp_key_usage (unsigned int pgp_usage); int _gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, uint32_t keyid[2], - bigint_t * params, int *params_size); + bigint_t * params, int *params_size); int _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, - uint32_t keyid[2], bigint_t * params, - int *params_size); + uint32_t keyid[2], bigint_t * params, + int *params_size); cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv); + unsigned int priv); int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx, - bigint_t * m); + bigint_t * m); int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv); + unsigned int priv); int _gnutls_openpgp_get_algo (int cdk_algo); diff --git a/lib/openpgp/output.c b/lib/openpgp/output.c index eaa1902d68..b832253fb7 100644 --- a/lib/openpgp/output.c +++ b/lib/openpgp/output.c @@ -38,7 +38,7 @@ static void hexdump (gnutls_buffer_st * str, const char *data, size_t len, - const char *spc) + const char *spc) { size_t j; @@ -47,15 +47,15 @@ hexdump (gnutls_buffer_st * str, const char *data, size_t len, for (j = 0; j < len; j++) { if (((j + 1) % 16) == 0) - { - addf (str, "%.2x\n", (unsigned char) data[j]); - if (spc && j != (len - 1)) - adds (str, spc); - } + { + addf (str, "%.2x\n", (unsigned char) data[j]); + if (spc && j != (len - 1)) + adds (str, spc); + } else if (j == (len - 1)) - addf (str, "%.2x", (unsigned char) data[j]); + addf (str, "%.2x", (unsigned char) data[j]); else - addf (str, "%.2x:", (unsigned char) data[j]); + addf (str, "%.2x:", (unsigned char) data[j]); } if ((j % 16) != 0) adds (str, "\n"); @@ -71,13 +71,13 @@ hexprint (gnutls_buffer_st * str, const char *data, size_t len) else { for (j = 0; j < len; j++) - addf (str, "%.2x", (unsigned char) data[j]); + addf (str, "%.2x", (unsigned char) data[j]); } } static void print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, - unsigned int idx) + unsigned int idx) { unsigned int key_usage; int err; @@ -204,16 +204,16 @@ print_key_times (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) if (tim == 0) { - adds (str, _("\t\tExpiration: Never\n")); + adds (str, _("\t\tExpiration: Never\n")); } else { - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); - else if (strftime (s, max, "%a %b %e %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); - else - addf (str, _("\t\tExpiration: %s\n"), s); + if (gmtime_r (&tim, &t) == NULL) + addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); + else if (strftime (s, max, "%a %b %e %H:%M:%S UTC %Y", &t) == 0) + addf (str, "error: strftime (%ld)\n", (unsigned long) tim); + else + addf (str, _("\t\tExpiration: %s\n"), s); } } } @@ -235,77 +235,77 @@ print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx) { const char *name = gnutls_pk_algorithm_get_name (err); if (name == NULL) - name = _("unknown"); + name = _("unknown"); addf (str, _("\tPublic Key Algorithm: %s\n"), name); addf (str, _("\tKey Security Level: %s\n"), - gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param - (err, bits))); + gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param + (err, bits))); switch (err) - { - case GNUTLS_PK_RSA: - { - gnutls_datum_t m, e; - - if (idx == -1) - err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e); - else - err = - gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e); - - if (err < 0) - addf (str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tModulus (bits %d):\n"), bits); - hexdump (str, m.data, m.size, "\t\t\t"); - adds (str, _("\t\tExponent:\n")); - hexdump (str, e.data, e.size, "\t\t\t"); - - gnutls_free (m.data); - gnutls_free (e.data); - } - - } - break; - - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - if (idx == -1) - err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y); - else - err = - gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q, - &g, &y); - if (err < 0) - addf (str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tPublic key (bits %d):\n"), bits); - hexdump (str, y.data, y.size, "\t\t\t"); - adds (str, _("\t\tP:\n")); - hexdump (str, p.data, p.size, "\t\t\t"); - adds (str, _("\t\tQ:\n")); - hexdump (str, q.data, q.size, "\t\t\t"); - adds (str, _("\t\tG:\n")); - hexdump (str, g.data, g.size, "\t\t\t"); - - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - } - } - break; - - default: - break; - } + { + case GNUTLS_PK_RSA: + { + gnutls_datum_t m, e; + + if (idx == -1) + err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e); + else + err = + gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e); + + if (err < 0) + addf (str, "error: get_pk_rsa_raw: %s\n", + gnutls_strerror (err)); + else + { + addf (str, _("\t\tModulus (bits %d):\n"), bits); + hexdump (str, m.data, m.size, "\t\t\t"); + adds (str, _("\t\tExponent:\n")); + hexdump (str, e.data, e.size, "\t\t\t"); + + gnutls_free (m.data); + gnutls_free (e.data); + } + + } + break; + + case GNUTLS_PK_DSA: + { + gnutls_datum_t p, q, g, y; + + if (idx == -1) + err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y); + else + err = + gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q, + &g, &y); + if (err < 0) + addf (str, "error: get_pk_dsa_raw: %s\n", + gnutls_strerror (err)); + else + { + addf (str, _("\t\tPublic key (bits %d):\n"), bits); + hexdump (str, y.data, y.size, "\t\t\t"); + adds (str, _("\t\tP:\n")); + hexdump (str, p.data, p.size, "\t\t\t"); + adds (str, _("\t\tQ:\n")); + hexdump (str, q.data, q.size, "\t\t\t"); + adds (str, _("\t\tG:\n")); + hexdump (str, g.data, g.size, "\t\t\t"); + + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + } + } + break; + + default: + break; + } } } @@ -340,29 +340,29 @@ print_cert (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER - && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "error: get_name: %s\n", gnutls_strerror (err)); + && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + && err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf (str, "error: get_name: %s\n", gnutls_strerror (err)); else - { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "error: malloc (%d): %s\n", (int) dn_size, - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size); - if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && - err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "error: get_name: %s\n", gnutls_strerror (err)); - else if (err >= 0) - addf (str, _("\tName[%d]: %s\n"), i, dn); - else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn); - - gnutls_free (dn); - } - } + { + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "error: malloc (%d): %s\n", (int) dn_size, + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size); + if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && + err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf (str, "error: get_name: %s\n", gnutls_strerror (err)); + else if (err >= 0) + addf (str, _("\tName[%d]: %s\n"), i, dn); + else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) + addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn); + + gnutls_free (dn); + } + } i++; } @@ -403,29 +403,29 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER - && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - && err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "unknown name (%s), ", gnutls_strerror (err)); + && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + && err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf (str, "unknown name (%s), ", gnutls_strerror (err)); else - { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "unknown name (%s), ", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size); - if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && - err != GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, "unknown name (%s), ", gnutls_strerror (err)); - else if (err >= 0) - addf (str, _("name[%d]: %s, "), i, dn); - else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) - addf (str, _("revoked name[%d]: %s, "), i, dn); - - gnutls_free (dn); - } - } + { + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "unknown name (%s), ", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size); + if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE && + err != GNUTLS_E_OPENPGP_UID_REVOKED) + addf (str, "unknown name (%s), ", gnutls_strerror (err)); + else if (err >= 0) + addf (str, _("name[%d]: %s, "), i, dn); + else if (err == GNUTLS_E_OPENPGP_UID_REVOKED) + addf (str, _("revoked name[%d]: %s, "), i, dn); + + gnutls_free (dn); + } + } i++; } @@ -441,9 +441,9 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err)); else { - adds (str, _("fingerprint: ")); - hexprint (str, fpr, fpr_size); - addf (str, ", "); + adds (str, _("fingerprint: ")); + hexprint (str, fpr, fpr_size); + addf (str, ", "); } } @@ -457,11 +457,11 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) struct tm t; if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim); + addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim); else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) - addf (str, "error: strftime (%ld), ", (unsigned long) tim); + addf (str, "error: strftime (%ld), ", (unsigned long) tim); else - addf (str, _("created: %s, "), s); + addf (str, _("created: %s, "), s); } tim = gnutls_openpgp_crt_get_expiration_time (cert); @@ -471,16 +471,16 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) struct tm t; if (tim == 0) - adds (str, _("never expires, ")); + adds (str, _("never expires, ")); else - { - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim); - else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) - addf (str, "error: strftime (%ld), ", (unsigned long) tim); - else - addf (str, _("expires: %s, "), s); - } + { + if (gmtime_r (&tim, &t) == NULL) + addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim); + else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) + addf (str, "error: strftime (%ld), ", (unsigned long) tim); + else + addf (str, _("expires: %s, "), s); + } } } @@ -514,8 +514,8 @@ print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert) **/ int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) { gnutls_buffer_st str; @@ -526,7 +526,7 @@ gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert, else { _gnutls_buffer_append_str (&str, - _("OpenPGP Certificate Information:\n")); + _("OpenPGP Certificate Information:\n")); print_cert (&str, cert); } diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c index fb6953b000..4dc8af4cf3 100644 --- a/lib/openpgp/pgp.c +++ b/lib/openpgp/pgp.c @@ -49,7 +49,7 @@ gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key) *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int)); if (*key) - return 0; /* success */ + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } @@ -88,8 +88,8 @@ gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key) **/ int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format) { cdk_stream_t inp; cdk_packet_t pkt; @@ -105,35 +105,35 @@ gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, { rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } if (cdk_armor_filter_use (inp)) - rc = cdk_stream_set_armor_flag (inp, 0); + rc = cdk_stream_set_armor_flag (inp, 0); if (!rc) - rc = cdk_keydb_get_keyblock (inp, &key->knode); + rc = cdk_keydb_get_keyblock (inp, &key->knode); cdk_stream_close (inp); if (rc) - { - if (rc == CDK_Inv_Packet) - rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; - else - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + if (rc == CDK_Inv_Packet) + rc = GNUTLS_E_OPENPGP_GETKEY_FAILED; + else + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } /* Test if the import was successful. */ @@ -151,9 +151,9 @@ gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key, */ int _gnutls_openpgp_export (cdk_kbnode_t node, - gnutls_openpgp_crt_fmt_t format, - void *output_data, - size_t * output_data_size, int private) + gnutls_openpgp_crt_fmt_t format, + void *output_data, + size_t * output_data_size, int private) { size_t input_data_size = *output_data_size; size_t calc_size; @@ -183,30 +183,30 @@ _gnutls_openpgp_export (cdk_kbnode_t node, /* Calculate the size of the encoded data and check if the provided buffer is large enough. */ rc = cdk_armor_encode_buffer (in, *output_data_size, - NULL, 0, &calc_size, - private ? CDK_ARMOR_SECKEY : - CDK_ARMOR_PUBKEY); + NULL, 0, &calc_size, + private ? CDK_ARMOR_SECKEY : + CDK_ARMOR_PUBKEY); if (rc || calc_size > input_data_size) - { - gnutls_free (in); - *output_data_size = calc_size; - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + gnutls_free (in); + *output_data_size = calc_size; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } rc = cdk_armor_encode_buffer (in, *output_data_size, - output_data, input_data_size, &calc_size, - private ? CDK_ARMOR_SECKEY : - CDK_ARMOR_PUBKEY); + output_data, input_data_size, &calc_size, + private ? CDK_ARMOR_SECKEY : + CDK_ARMOR_PUBKEY); gnutls_free (in); *output_data_size = calc_size; if (rc) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } return 0; @@ -229,11 +229,11 @@ _gnutls_openpgp_export (cdk_kbnode_t node, **/ int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, - gnutls_openpgp_crt_fmt_t format, - void *output_data, size_t * output_data_size) + gnutls_openpgp_crt_fmt_t format, + void *output_data, size_t * output_data_size) { return _gnutls_openpgp_export (key->knode, format, output_data, - output_data_size, 0); + output_data_size, 0); } /** @@ -249,7 +249,7 @@ gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, - void *fpr, size_t * fprlen) + void *fpr, size_t * fprlen) { cdk_packet_t pkt; cdk_pkt_pubkey_t pk = NULL; @@ -296,7 +296,7 @@ _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key) { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_USER_ID) - nuids++; + nuids++; } return nuids; @@ -320,7 +320,7 @@ _gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key) **/ int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, - int idx, char *buf, size_t * sizeof_buf) + int idx, char *buf, size_t * sizeof_buf) { cdk_kbnode_t ctx = NULL, p; cdk_packet_t pkt = NULL; @@ -341,11 +341,11 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_USER_ID) - { - if (pos == idx) - break; - pos++; - } + { + if (pos == idx) + break; + pos++; + } } if (!pkt) @@ -365,7 +365,7 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, if (buf) { memcpy (buf, uid->name, uid->len); - buf[uid->len] = '\0'; /* make sure it's a string */ + buf[uid->len] = '\0'; /* make sure it's a string */ } *sizeof_buf = uid->len + 1; @@ -392,7 +392,7 @@ gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key, **/ gnutls_pk_algorithm_t gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int *bits) + unsigned int *bits) { cdk_packet_t pkt; int algo; @@ -408,7 +408,7 @@ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key, if (pkt) { if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.public_key); + *bits = cdk_pk_get_nbits (pkt->pkt.public_key); algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); } @@ -510,7 +510,7 @@ gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key) **/ int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid) + gnutls_openpgp_keyid_t keyid) { cdk_packet_t pkt; uint32_t kid[2]; @@ -576,7 +576,7 @@ gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key) **/ int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, - const char *hostname) + const char *hostname) { char dnsname[MAX_CN]; size_t dnsnamesize; @@ -590,14 +590,14 @@ gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key, ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize); if (ret == 0) - { - /* Length returned by gnutls_openpgp_crt_get_name includes - the terminating zero. */ - dnsnamesize--; + { + /* Length returned by gnutls_openpgp_crt_get_name includes + the terminating zero. */ + dnsnamesize--; - if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) - return 1; - } + if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) + return 1; + } } /* not found a matching name */ @@ -636,7 +636,7 @@ _gnutls_get_pgp_key_usage (unsigned int cdk_usage) */ int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key, - unsigned int *key_usage) + unsigned int *key_usage) { cdk_packet_t pkt; @@ -685,7 +685,7 @@ gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key) { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY) - subkeys++; + subkeys++; } return subkeys; @@ -711,7 +711,7 @@ _get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx) { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY && indx == subkeys++) - return pkt; + return pkt; } return NULL; @@ -724,7 +724,7 @@ _get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx) */ cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv) + unsigned int priv) { cdk_kbnode_t p, ctx; cdk_packet_t pkt; @@ -736,24 +736,24 @@ _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], pkt = cdk_kbnode_get_packet (p); if ((priv == 0 - && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY - || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0 - && (pkt->pkttype == - CDK_PKT_SECRET_SUBKEY - || pkt->pkttype - == - CDK_PKT_SECRET_KEY))) - { - if (priv == 0) - cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid); - else - cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); - - if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) - { - return pkt; - } - } + && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY + || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0 + && (pkt->pkttype == + CDK_PKT_SECRET_SUBKEY + || pkt->pkttype + == + CDK_PKT_SECRET_KEY))) + { + if (priv == 0) + cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid); + else + cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); + + if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) + { + return pkt; + } + } } gnutls_assert (); @@ -767,7 +767,7 @@ _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2], */ int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], - unsigned int priv) + unsigned int priv) { cdk_kbnode_t p, ctx; cdk_packet_t pkt; @@ -782,21 +782,21 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], pkt = cdk_kbnode_get_packet (p); if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) || - (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY))) - { - if (priv == 0) - cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid); - else - cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); - - _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0], - local_keyid[1]); - if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) - { - return i; - } - i++; - } + (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY))) + { + if (priv == 0) + cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid); + else + cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid); + + _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0], + local_keyid[1]); + if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1]) + { + return i; + } + i++; + } } gnutls_assert (); @@ -817,7 +817,7 @@ _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2], **/ int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key, - unsigned int idx) + unsigned int idx) { cdk_packet_t pkt; @@ -856,8 +856,8 @@ gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key, **/ gnutls_pk_algorithm_t gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *bits) + unsigned int idx, + unsigned int *bits) { cdk_packet_t pkt; int algo; @@ -874,7 +874,7 @@ gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, if (pkt) { if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.public_key); + *bits = cdk_pk_get_nbits (pkt->pkt.public_key); algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo); } @@ -894,7 +894,7 @@ gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key, **/ time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key, - unsigned int idx) + unsigned int idx) { cdk_packet_t pkt; time_t timestamp; @@ -926,7 +926,7 @@ gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key, **/ time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key, - unsigned int idx) + unsigned int idx) { cdk_packet_t pkt; time_t expiredate; @@ -955,8 +955,8 @@ gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid) + unsigned int idx, + gnutls_openpgp_keyid_t keyid) { cdk_packet_t pkt; uint32_t kid[2]; @@ -994,8 +994,8 @@ gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, - unsigned int idx, - void *fpr, size_t * fprlen) + unsigned int idx, + void *fpr, size_t * fprlen) { cdk_packet_t pkt; cdk_pkt_pubkey_t pk = NULL; @@ -1036,7 +1036,7 @@ gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t keyid) + const gnutls_openpgp_keyid_t keyid) { int ret; uint32_t kid[2]; @@ -1076,8 +1076,8 @@ gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key, */ int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key, - unsigned int idx, - unsigned int *key_usage) + unsigned int idx, + unsigned int *key_usage) { cdk_packet_t pkt; @@ -1098,7 +1098,7 @@ gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key, int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx, - bigint_t * m) + bigint_t * m) { size_t buf_size = 512; opaque *buf = gnutls_malloc (buf_size); @@ -1119,47 +1119,47 @@ _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx, if (priv == 0) err = cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size, - NULL); + NULL); else { if (idx < max_pub_params) - err = - cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size, - &buf_size, NULL); + err = + cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size, + &buf_size, NULL); else - { - err = - cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf, - buf_size, &buf_size, NULL); - } + { + err = + cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf, + buf_size, &buf_size, NULL); + } } if (err == CDK_Too_Short) { buf = gnutls_realloc_fast (buf, buf_size); if (buf == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } if (priv == 0) - err = - cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size, - NULL); + err = + cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size, + NULL); else - { - if (idx < max_pub_params) - err = - cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size, - &buf_size, NULL); - else - { - err = - cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, - buf, buf_size, &buf_size, NULL); - } - } + { + if (idx < max_pub_params) + err = + cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size, + &buf_size, NULL); + else + { + err = + cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, + buf, buf_size, &buf_size, NULL); + } + } } if (err != CDK_Success) @@ -1186,8 +1186,8 @@ _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx, */ int _gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, - uint32_t * keyid /* [2] */ , - bigint_t * params, int *params_size) + uint32_t * keyid /* [2] */ , + bigint_t * params, int *params_size) { int result, i; int pk_algorithm, local_params; @@ -1231,10 +1231,10 @@ _gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, { result = _gnutls_read_pgp_mpi (pkt, 0, i, ¶ms[i]); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } return 0; @@ -1253,7 +1253,7 @@ error: */ static int _get_pk_rsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * m, gnutls_datum_t * e) + gnutls_datum_t * m, gnutls_datum_t * e) { int pk_algorithm, ret, i; cdk_packet_t pkt; @@ -1318,8 +1318,8 @@ cleanup: static int _get_pk_dsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { int pk_algorithm, ret, i; cdk_packet_t pkt; @@ -1424,7 +1424,7 @@ cleanup: **/ int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e) + gnutls_datum_t * m, gnutls_datum_t * e) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1457,8 +1457,8 @@ gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, **/ int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1490,9 +1490,9 @@ gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, **/ int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e) + unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1526,11 +1526,11 @@ gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt, **/ int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt, - unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y) + unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1557,7 +1557,7 @@ gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt, **/ int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyid_t keyid) + gnutls_openpgp_keyid_t keyid) { if (!key || !keyid || !key->preferred_set) { @@ -1583,7 +1583,7 @@ gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, - const gnutls_openpgp_keyid_t keyid) + const gnutls_openpgp_keyid_t keyid) { int ret; @@ -1627,8 +1627,8 @@ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt, - gnutls_openpgp_keyid_t keyid, - unsigned int flag) + gnutls_openpgp_keyid_t keyid, + unsigned int flag) { int ret, subkeys, i; unsigned int usage; @@ -1648,38 +1648,38 @@ gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt, { ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i); - if (ret != 0) /* it is revoked. ignore it */ - continue; + if (ret != 0) /* it is revoked. ignore it */ + continue; if (keyid_init == 0) - { /* keep the first valid subkey */ - ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + { /* keep the first valid subkey */ + ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid); + if (ret < 0) + { + gnutls_assert (); + return ret; + } - keyid_init = 1; - } + keyid_init = 1; + } ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (usage & GNUTLS_KEY_KEY_AGREEMENT) - { - ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - return 0; - } + { + ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + return 0; + } } if (flag && keyid_init) @@ -1703,15 +1703,15 @@ gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt, **/ int gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { int ret; bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_size = MAX_PUBLIC_PARAMS_SIZE; gnutls_pk_algorithm_t pk; uint32_t kid[2]; - + if (crt == NULL || !crt->preferred_set) { gnutls_assert (); @@ -1725,7 +1725,7 @@ gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt, unsigned int flags, return ret; } pk = ret; - + KEYID_IMPORT (kid, crt->preferred_keyid); ret = _gnutls_openpgp_crt_get_mpis (crt, kid, params, ¶ms_size); if (ret < 0) @@ -1734,7 +1734,7 @@ gnutls_openpgp_crt_verify_hash (gnutls_openpgp_crt_t crt, unsigned int flags, return ret; } - ret = pubkey_verify_sig( NULL, hash, signature, pk, params, params_size); + ret = pubkey_verify_sig (NULL, hash, signature, pk, params, params_size); if (ret < 0) { gnutls_assert (); diff --git a/lib/openpgp/pgpverify.c b/lib/openpgp/pgpverify.c index 94daf6718b..3a5771b528 100644 --- a/lib/openpgp/pgpverify.c +++ b/lib/openpgp/pgpverify.c @@ -58,8 +58,8 @@ **/ int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, - gnutls_openpgp_keyring_t keyring, - unsigned int flags, unsigned int *verify) + gnutls_openpgp_keyring_t keyring, + unsigned int flags, unsigned int *verify) { gnutls_openpgp_keyid_t id; cdk_error_t rc; @@ -101,15 +101,15 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, { rc = gnutls_openpgp_crt_get_key_id (key, id); if (rc < 0) - { - gnutls_assert (); - return rc; - } + { + gnutls_assert (); + return rc; + } rc = gnutls_openpgp_keyring_check_id (keyring, id, 0); /* If it exists in the keyring don't treat it as unknown. */ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND) - *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; + *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND; } return 0; @@ -132,7 +132,7 @@ gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key, **/ int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key, - unsigned int flags, unsigned int *verify) + unsigned int flags, unsigned int *verify) { int status; cdk_error_t rc; diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c index 29dfe51009..304fc9d574 100644 --- a/lib/openpgp/privkey.c +++ b/lib/openpgp/privkey.c @@ -50,7 +50,7 @@ gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key) *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int)); if (*key) - return 0; /* success */ + return 0; /* success */ return GNUTLS_E_MEMORY_ERROR; } @@ -117,9 +117,9 @@ gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key) **/ int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const char *password, unsigned int flags) + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const char *password, unsigned int flags) { cdk_stream_t inp; cdk_packet_t pkt; @@ -135,43 +135,43 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, { rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size); if (rc != 0) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } else { rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp); if (rc != 0) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } if (cdk_armor_filter_use (inp)) - { - rc = cdk_stream_set_armor_flag (inp, 0); - if (rc != 0) - { - rc = _gnutls_map_cdk_rc (rc); - cdk_stream_close (inp); - gnutls_assert (); - return rc; - } - } + { + rc = cdk_stream_set_armor_flag (inp, 0); + if (rc != 0) + { + rc = _gnutls_map_cdk_rc (rc); + cdk_stream_close (inp); + gnutls_assert (); + return rc; + } + } rc = cdk_keydb_get_keyblock (inp, &key->knode); cdk_stream_close (inp); if (rc != 0) - { - rc = _gnutls_map_cdk_rc (rc); - gnutls_assert (); - return rc; - } + { + rc = _gnutls_map_cdk_rc (rc); + gnutls_assert (); + return rc; + } } /* Test if the import was successful. */ @@ -205,13 +205,13 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key, - gnutls_openpgp_crt_fmt_t format, - const char *password, unsigned int flags, - void *output_data, size_t * output_data_size) + gnutls_openpgp_crt_fmt_t format, + const char *password, unsigned int flags, + void *output_data, size_t * output_data_size) { /* FIXME for now we do not export encrypted keys */ return _gnutls_openpgp_export (key->knode, format, output_data, - output_data_size, 1); + output_data_size, 1); } @@ -234,7 +234,7 @@ gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key, **/ gnutls_pk_algorithm_t gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int *bits) + unsigned int *bits) { cdk_packet_t pkt; int algo; @@ -250,7 +250,7 @@ gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key, if (pkt) { if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk); + *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk); algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo); } @@ -321,7 +321,7 @@ gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key) **/ int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, - void *fpr, size_t * fprlen) + void *fpr, size_t * fprlen) { cdk_packet_t pkt; cdk_pkt_pubkey_t pk = NULL; @@ -365,7 +365,7 @@ gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key, - gnutls_openpgp_keyid_t keyid) + gnutls_openpgp_keyid_t keyid) { cdk_packet_t pkt; uint32_t kid[2]; @@ -418,7 +418,7 @@ gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key) { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY) - subkeys++; + subkeys++; } return subkeys; @@ -438,7 +438,7 @@ _get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx) { pkt = cdk_kbnode_get_packet (p); if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY && indx == subkeys++) - return pkt; + return pkt; } return NULL; @@ -458,7 +458,7 @@ _get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx) **/ int gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t - key, unsigned int idx) + key, unsigned int idx) { cdk_packet_t pkt; @@ -497,8 +497,8 @@ gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t **/ gnutls_pk_algorithm_t gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key, - unsigned int idx, - unsigned int *bits) + unsigned int idx, + unsigned int *bits) { cdk_packet_t pkt; int algo; @@ -515,14 +515,14 @@ gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key, if (pkt) { if (bits) - *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk); + *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk); algo = pkt->pkt.secret_key->pubkey_algo; if (is_RSA (algo)) - algo = GNUTLS_PK_RSA; + algo = GNUTLS_PK_RSA; else if (is_DSA (algo)) - algo = GNUTLS_PK_DSA; + algo = GNUTLS_PK_DSA; else - algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; + algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM; } return algo; @@ -541,7 +541,7 @@ gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t keyid) + const gnutls_openpgp_keyid_t keyid) { int ret; uint32_t kid[2]; @@ -576,7 +576,7 @@ gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key, **/ time_t gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key, - unsigned int idx) + unsigned int idx) { cdk_packet_t pkt; time_t timestamp; @@ -607,7 +607,7 @@ gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key, **/ time_t gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t - key, unsigned int idx) + key, unsigned int idx) { cdk_packet_t pkt; time_t expiredate; @@ -638,8 +638,8 @@ gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t **/ int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key, - unsigned int idx, - gnutls_openpgp_keyid_t keyid) + unsigned int idx, + gnutls_openpgp_keyid_t keyid) { cdk_packet_t pkt; uint32_t kid[2]; @@ -677,8 +677,8 @@ gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key, - unsigned int idx, - void *fpr, size_t * fprlen) + unsigned int idx, + void *fpr, size_t * fprlen) { cdk_packet_t pkt; cdk_pkt_pubkey_t pk = NULL; @@ -711,8 +711,8 @@ gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key, */ int _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, - uint32_t * keyid /*[2] */ , - bigint_t * params, int *params_size) + uint32_t * keyid /*[2] */ , + bigint_t * params, int *params_size) { int result, i; int pk_algorithm; @@ -754,10 +754,10 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey, { result = _gnutls_read_pgp_mpi (pkt, 1, i, &pk_params.params[i]); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } /* fixup will generate exp1 and exp2 that are not * available here. @@ -795,9 +795,9 @@ error: */ static int _get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u) { int pk_algorithm, ret, i; cdk_packet_t pkt; @@ -905,8 +905,8 @@ cleanup: static int _get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x) { int pk_algorithm, ret, i; cdk_packet_t pkt; @@ -1027,9 +1027,9 @@ cleanup: **/ int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1063,9 +1063,9 @@ gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey, **/ int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, - gnutls_datum_t * x) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * x) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1101,13 +1101,13 @@ gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey, **/ int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey, - unsigned int idx, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * u) + unsigned int idx, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1142,12 +1142,12 @@ gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey, **/ int gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey, - unsigned int idx, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, - gnutls_datum_t * x) + unsigned int idx, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x) { gnutls_openpgp_keyid_t keyid; int ret; @@ -1174,7 +1174,7 @@ gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey, **/ int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key, - gnutls_openpgp_keyid_t keyid) + gnutls_openpgp_keyid_t keyid) { if (!key || !keyid || !key->preferred_set) { @@ -1199,8 +1199,8 @@ gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, - const gnutls_openpgp_keyid_t - keyid) + const gnutls_openpgp_keyid_t + keyid) { int ret; @@ -1240,8 +1240,8 @@ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key, -*/ int _gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { int result, i; bigint_t params[MAX_PRIV_PARAMS_SIZE]; @@ -1265,15 +1265,15 @@ _gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid); pk_algorithm = - gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL); + gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL); result = - _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size); + _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size); } else { pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); result = _gnutls_openpgp_privkey_get_mpis (key, NULL, - params, ¶ms_size); + params, ¶ms_size); } if (result < 0) @@ -1315,25 +1315,26 @@ _gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key, **/ int gnutls_openpgp_privkey_sign_hash2 (gnutls_openpgp_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - digest.data = gnutls_malloc(hash_data->size); + digest.data = gnutls_malloc (hash_data->size); if (digest.data == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } digest.size = hash_data->size; - memcpy(digest.data, hash_data->data, digest.size); + memcpy (digest.data, hash_data->data, digest.size); - ret = pk_prepare_hash (gnutls_openpgp_privkey_get_pk_algorithm (signer, NULL), - hash_algo, &digest); + ret = + pk_prepare_hash (gnutls_openpgp_privkey_get_pk_algorithm (signer, NULL), + hash_algo, &digest); if (ret < 0) { gnutls_assert (); @@ -1350,7 +1351,7 @@ gnutls_openpgp_privkey_sign_hash2 (gnutls_openpgp_privkey_t signer, ret = 0; cleanup: - _gnutls_free_datum(&digest); + _gnutls_free_datum (&digest); return ret; } @@ -1378,22 +1379,26 @@ cleanup: **/ int gnutls_openpgp_privkey_sign_data2 (gnutls_openpgp_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - ret = pk_hash_data(gnutls_openpgp_privkey_get_pk_algorithm(signer,NULL), hash, NULL, data, &digest); + ret = + pk_hash_data (gnutls_openpgp_privkey_get_pk_algorithm (signer, NULL), + hash, NULL, data, &digest); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } - ret = gnutls_openpgp_privkey_sign_hash2(signer, hash, flags, &digest, signature); + ret = + gnutls_openpgp_privkey_sign_hash2 (signer, hash, flags, &digest, + signature); if (ret < 0) { gnutls_assert (); @@ -1423,9 +1428,9 @@ cleanup: **/ int gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { int result, i; bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; @@ -1446,12 +1451,12 @@ gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key, KEYID_IMPORT (kid, keyid); result = _gnutls_openpgp_privkey_get_mpis (key, kid, - params, ¶ms_size); + params, ¶ms_size); } else { result = _gnutls_openpgp_privkey_get_mpis (key, NULL, - params, ¶ms_size); + params, ¶ms_size); } if (result < 0) diff --git a/lib/pakchois/pakchois.c b/lib/pakchois/pakchois.c index 0665cb3425..d04b3caba3 100644 --- a/lib/pakchois/pakchois.c +++ b/lib/pakchois/pakchois.c @@ -129,9 +129,9 @@ pkcs11ize (const char *name) if (suffix != NULL) { if (strncmp (suffix, ".so", 3) == 0) - { - suffix[0] = 0; /* null terminate before . */ - } + { + suffix[0] = 0; /* null terminate before . */ + } } /* check and remove for -p11 or -pkcs11 */ @@ -139,11 +139,11 @@ pkcs11ize (const char *name) while ((suffix = strchr (suffix, '-')) != NULL) { if (strncasecmp (suffix, "-p11", 4) == 0 || - strncasecmp (suffix, "-pkcs11", 7) == 0) - { - suffix[0] = 0; - break; - } + strncasecmp (suffix, "-pkcs11", 7) == 0) + { + suffix[0] = 0; + break; + } suffix++; } @@ -192,30 +192,30 @@ find_pkcs11_module_name (const char *hint, dev_t * dev, ino_t * ino) unsigned i; if (sep) - { - *sep++ = '\0'; - next = sep; - } + { + *sep++ = '\0'; + next = sep; + } else - { - next = NULL; - } + { + next = NULL; + } for (i = 0; suffix_prefixes[i][0]; i++) - { - char path[PATH_MAX]; + { + char path[PATH_MAX]; - snprintf (path, sizeof path, "%s/%s%s%s", dir, - suffix_prefixes[i][0], hint, suffix_prefixes[i][1]); + snprintf (path, sizeof path, "%s/%s%s%s", dir, + suffix_prefixes[i][0], hint, suffix_prefixes[i][1]); - if (stat (path, &st) < 0) - continue; + if (stat (path, &st) < 0) + continue; - *dev = st.st_dev; - *ino = st.st_ino; + *dev = st.st_dev; + *ino = st.st_ino; - return strdup (path); - } + return strdup (path); + } } return NULL; @@ -236,11 +236,11 @@ find_real_module_name (const char *name, dev_t * dev, ino_t * ino) len = wordexp (name, &we, 0); if (len == 0) - { /* success */ + { /* success */ if (we.we_wordc > 0) - { /* we care about the 1st */ - exname = strdup (we.we_wordv[0]); - } + { /* we care about the 1st */ + exname = strdup (we.we_wordv[0]); + } wordfree (&we); } #endif @@ -252,15 +252,15 @@ find_real_module_name (const char *name, dev_t * dev, ino_t * ino) if (exname != NULL) { if (stat (exname, &st) >= 0) - { - *dev = st.st_dev; - *ino = st.st_ino; - } + { + *dev = st.st_dev; + *ino = st.st_ino; + } else - { - free (exname); - return NULL; - } + { + free (exname); + return NULL; + } } return exname; @@ -274,9 +274,9 @@ find_provider (dev_t dev, ino_t ino) for (p = provider_list; p; p = p->next) { if (dev == p->dev && ino == p->ino) - { - return p; - } + { + return p; + } } return NULL; @@ -286,7 +286,7 @@ find_provider (dev_t dev, ino_t ino) */ static ck_rv_t load_pkcs11_module (struct provider **provider, - const char *name, dev_t dev, ino_t ino, void *reserved) + const char *name, dev_t dev, ino_t ino, void *reserved) { struct provider *prov; CK_C_GetFunctionList gfl; @@ -372,7 +372,7 @@ fail_dso: */ static ck_rv_t load_provider (struct provider **provider, const char *name, - void *reserved, int real_name) + void *reserved, int real_name) { ck_rv_t rv; char *cname = NULL; @@ -439,7 +439,7 @@ providers_reinit (void) { args.reserved = p->reserved; rv = p->fns->C_Initialize (&args); - assert (rv == CKR_OK); /* what can we do? */ + assert (rv == CKR_OK); /* what can we do? */ } gnutls_mutex_unlock (&provider_mutex); @@ -447,7 +447,7 @@ providers_reinit (void) static ck_rv_t load_module (pakchois_module_t ** module, const char *name, - void *reserved, unsigned int real_name) + void *reserved, unsigned int real_name) { ck_rv_t rv; pakchois_module_t *pm = malloc (sizeof *pm); @@ -499,36 +499,36 @@ pakchois_module_load_abs (pakchois_module_t ** module, const char *name) ck_rv_t pakchois_module_nssload (pakchois_module_t ** module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, const char *secmod_db) + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, const char *secmod_db) { char buf[256]; snprintf (buf, sizeof buf, - "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", - directory, cert_prefix ? cert_prefix : "", - key_prefix ? key_prefix : "", - secmod_db ? secmod_db : "secmod.db"); + "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", + directory, cert_prefix ? cert_prefix : "", + key_prefix ? key_prefix : "", + secmod_db ? secmod_db : "secmod.db"); return load_module (module, name, buf, 0); } ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, const char *secmod_db) + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, const char *secmod_db) { char buf[256]; snprintf (buf, sizeof buf, - "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", - directory, cert_prefix ? cert_prefix : "", - key_prefix ? key_prefix : "", - secmod_db ? secmod_db : "secmod.db"); + "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'", + directory, cert_prefix ? cert_prefix : "", + key_prefix ? key_prefix : "", + secmod_db ? secmod_db : "secmod.db"); return load_module (module, name, buf, 1); } @@ -546,9 +546,9 @@ provider_unref (struct provider *prov) dlclose (prov->handle); *prov->prevref = prov->next; if (prov->next) - { - prov->next->prevref = prov->prevref; - } + { + prov->next->prevref = prov->prevref; + } free (prov->name); free (prov); } @@ -592,30 +592,30 @@ pakchois_get_info (pakchois_module_t * mod, struct ck_info *info) ck_rv_t pakchois_get_slot_list (pakchois_module_t * mod, - unsigned char token_present, - ck_slot_id_t * slot_list, unsigned long *count) + unsigned char token_present, + ck_slot_id_t * slot_list, unsigned long *count) { return CALL (GetSlotList, (token_present, slot_list, count)); } ck_rv_t pakchois_get_slot_info (pakchois_module_t * mod, - ck_slot_id_t slot_id, struct ck_slot_info * info) + ck_slot_id_t slot_id, struct ck_slot_info * info) { return CALL (GetSlotInfo, (slot_id, info)); } ck_rv_t pakchois_get_token_info (pakchois_module_t * mod, - ck_slot_id_t slot_id, struct ck_token_info * info) + ck_slot_id_t slot_id, struct ck_token_info * info) { return CALL (GetTokenInfo, (slot_id, info)); } ck_rv_t pakchois_wait_for_slot_event (pakchois_module_t * mod, - ck_flags_t flags, ck_slot_id_t * slot, - void *reserved) + ck_flags_t flags, ck_slot_id_t * slot, + void *reserved) { ck_rv_t rv; @@ -631,48 +631,48 @@ pakchois_wait_for_slot_event (pakchois_module_t * mod, ck_rv_t pakchois_get_mechanism_list (pakchois_module_t * mod, - ck_slot_id_t slot_id, - ck_mechanism_type_t * mechanism_list, - unsigned long *count) + ck_slot_id_t slot_id, + ck_mechanism_type_t * mechanism_list, + unsigned long *count) { return CALL (GetMechanismList, (slot_id, mechanism_list, count)); } ck_rv_t pakchois_get_mechanism_info (pakchois_module_t * mod, - ck_slot_id_t slot_id, - ck_mechanism_type_t type, - struct ck_mechanism_info * info) + ck_slot_id_t slot_id, + ck_mechanism_type_t type, + struct ck_mechanism_info * info) { return CALL (GetMechanismInfo, (slot_id, type, info)); } ck_rv_t pakchois_init_token (pakchois_module_t * mod, - ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label) + ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label) { return CALL (InitToken, (slot_id, pin, pin_len, label)); } ck_rv_t pakchois_init_pin (pakchois_session_t * sess, unsigned char *pin, - unsigned long pin_len) + unsigned long pin_len) { return CALLS2 (InitPIN, pin, pin_len); } ck_rv_t pakchois_set_pin (pakchois_session_t * sess, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len) + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len) { return CALLS4 (SetPIN, old_pin, old_len, new_pin, new_len); } static ck_rv_t notify_thunk (ck_session_handle_t session, - ck_notification_t event, void *application) + ck_notification_t event, void *application) { pakchois_session_t *sess = application; @@ -717,7 +717,7 @@ find_or_create_slot (pakchois_module_t * mod, ck_slot_id_t id) static ck_rv_t insert_session (pakchois_module_t * mod, - pakchois_session_t * session, ck_slot_id_t id) + pakchois_session_t * session, ck_slot_id_t id) { struct slot *slot = find_or_create_slot (mod, id); @@ -739,9 +739,9 @@ insert_session (pakchois_module_t * mod, ck_rv_t pakchois_open_session (pakchois_module_t * mod, - ck_slot_id_t slot_id, ck_flags_t flags, - void *application, pakchois_notify_t notify, - pakchois_session_t ** session) + ck_slot_id_t slot_id, ck_flags_t flags, + void *application, pakchois_notify_t notify, + pakchois_session_t ** session) { ck_session_handle_t sh; pakchois_session_t *sess; @@ -799,9 +799,9 @@ pakchois_close_all_sessions (pakchois_module_t * mod, ck_slot_id_t slot_id) { rv = pakchois_close_session (slot->sessions); if (rv != CKR_OK) - { - frv = rv; - } + { + frv = rv; + } } return frv; @@ -809,33 +809,33 @@ pakchois_close_all_sessions (pakchois_module_t * mod, ck_slot_id_t slot_id) ck_rv_t pakchois_get_session_info (pakchois_session_t * sess, - struct ck_session_info * info) + struct ck_session_info * info) { return CALLS1 (GetSessionInfo, info); } ck_rv_t pakchois_get_operation_state (pakchois_session_t * sess, - unsigned char *operation_state, - unsigned long *operation_state_len) + unsigned char *operation_state, + unsigned long *operation_state_len) { return CALLS2 (GetOperationState, operation_state, operation_state_len); } ck_rv_t pakchois_set_operation_state (pakchois_session_t * sess, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key) + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key) { return CALLS4 (SetOperationState, operation_state, - operation_state_len, encryption_key, authentiation_key); + operation_state_len, encryption_key, authentiation_key); } ck_rv_t pakchois_login (pakchois_session_t * sess, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len) + unsigned char *pin, unsigned long pin_len) { return CALLS3 (Login, user_type, pin, pin_len); } @@ -848,17 +848,17 @@ pakchois_logout (pakchois_session_t * sess) ck_rv_t pakchois_create_object (pakchois_session_t * sess, - struct ck_attribute * templ, - unsigned long count, ck_object_handle_t * object) + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * object) { return CALLS3 (CreateObject, templ, count, object); } ck_rv_t pakchois_copy_object (pakchois_session_t * sess, - ck_object_handle_t object, - struct ck_attribute * templ, - unsigned long count, ck_object_handle_t * new_object) + ck_object_handle_t object, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * new_object) { return CALLS4 (CopyObject, object, templ, count, new_object); } @@ -871,41 +871,41 @@ pakchois_destroy_object (pakchois_session_t * sess, ck_object_handle_t object) ck_rv_t pakchois_get_object_size (pakchois_session_t * sess, - ck_object_handle_t object, unsigned long *size) + ck_object_handle_t object, unsigned long *size) { return CALLS2 (GetObjectSize, object, size); } ck_rv_t pakchois_get_attribute_value (pakchois_session_t * sess, - ck_object_handle_t object, - struct ck_attribute * templ, - unsigned long count) + ck_object_handle_t object, + struct ck_attribute * templ, + unsigned long count) { return CALLS3 (GetAttributeValue, object, templ, count); } ck_rv_t pakchois_set_attribute_value (pakchois_session_t * sess, - ck_object_handle_t object, - struct ck_attribute * templ, - unsigned long count) + ck_object_handle_t object, + struct ck_attribute * templ, + unsigned long count) { return CALLS3 (SetAttributeValue, object, templ, count); } ck_rv_t pakchois_find_objects_init (pakchois_session_t * sess, - struct ck_attribute * templ, unsigned long count) + struct ck_attribute * templ, unsigned long count) { return CALLS2 (FindObjectsInit, templ, count); } ck_rv_t pakchois_find_objects (pakchois_session_t * sess, - ck_object_handle_t * object, - unsigned long max_object_count, - unsigned long *object_count) + ck_object_handle_t * object, + unsigned long max_object_count, + unsigned long *object_count) { return CALLS3 (FindObjects, object, max_object_count, object_count); } @@ -918,93 +918,93 @@ pakchois_find_objects_final (pakchois_session_t * sess) ck_rv_t pakchois_encrypt_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) + struct ck_mechanism * mechanism, + ck_object_handle_t key) { return CALLS2 (EncryptInit, mechanism, key); } ck_rv_t pakchois_encrypt (pakchois_session_t * sess, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len) + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len) { return CALLS4 (Encrypt, data, data_len, encrypted_data, encrypted_data_len); } ck_rv_t pakchois_encrypt_update (pakchois_session_t * sess, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len) + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len) { return CALLS4 (EncryptUpdate, part, part_len, - encrypted_part, encrypted_part_len); + encrypted_part, encrypted_part_len); } ck_rv_t pakchois_encrypt_final (pakchois_session_t * sess, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len) + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len) { return CALLS2 (EncryptFinal, last_encrypted_part, last_encrypted_part_len); } ck_rv_t pakchois_decrypt_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) + struct ck_mechanism * mechanism, + ck_object_handle_t key) { return CALLS2 (DecryptInit, mechanism, key); } ck_rv_t pakchois_decrypt (pakchois_session_t * sess, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len) + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len) { return CALLS4 (Decrypt, encrypted_data, encrypted_data_len, data, data_len); } ck_rv_t pakchois_decrypt_update (pakchois_session_t * sess, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len) + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len) { return CALLS4 (DecryptUpdate, encrypted_part, encrypted_part_len, - part, part_len); + part, part_len); } ck_rv_t pakchois_decrypt_final (pakchois_session_t * sess, - unsigned char *last_part, - unsigned long *last_part_len) + unsigned char *last_part, + unsigned long *last_part_len) { return CALLS2 (DecryptFinal, last_part, last_part_len); } ck_rv_t pakchois_digest_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism) + struct ck_mechanism * mechanism) { return CALLS1 (DigestInit, mechanism); } ck_rv_t pakchois_digest (pakchois_session_t * sess, unsigned char *data, - unsigned long data_len, unsigned char *digest, - unsigned long *digest_len) + unsigned long data_len, unsigned char *digest, + unsigned long *digest_len) { return CALLS4 (Digest, data, data_len, digest, digest_len); } ck_rv_t pakchois_digest_update (pakchois_session_t * sess, - unsigned char *part, unsigned long part_len) + unsigned char *part, unsigned long part_len) { return CALLS2 (DigestUpdate, part, part_len); } @@ -1017,203 +1017,203 @@ pakchois_digest_key (pakchois_session_t * sess, ck_object_handle_t key) ck_rv_t pakchois_digest_final (pakchois_session_t * sess, - unsigned char *digest, unsigned long *digest_len) + unsigned char *digest, unsigned long *digest_len) { return CALLS2 (DigestFinal, digest, digest_len); } ck_rv_t pakchois_sign_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism, ck_object_handle_t key) + struct ck_mechanism * mechanism, ck_object_handle_t key) { return CALLS2 (SignInit, mechanism, key); } ck_rv_t pakchois_sign (pakchois_session_t * sess, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long *signature_len) + unsigned long data_len, unsigned char *signature, + unsigned long *signature_len) { return CALLS4 (Sign, data, data_len, signature, signature_len); } ck_rv_t pakchois_sign_update (pakchois_session_t * sess, - unsigned char *part, unsigned long part_len) + unsigned char *part, unsigned long part_len) { return CALLS2 (SignUpdate, part, part_len); } ck_rv_t pakchois_sign_final (pakchois_session_t * sess, - unsigned char *signature, unsigned long *signature_len) + unsigned char *signature, unsigned long *signature_len) { return CALLS2 (SignFinal, signature, signature_len); } ck_rv_t pakchois_sign_recover_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) + struct ck_mechanism * mechanism, + ck_object_handle_t key) { return CALLS2 (SignRecoverInit, mechanism, key); } ck_rv_t pakchois_sign_recover (pakchois_session_t * sess, - unsigned char *data, unsigned long data_len, - unsigned char *signature, unsigned long *signature_len) + unsigned char *data, unsigned long data_len, + unsigned char *signature, unsigned long *signature_len) { return CALLS4 (SignRecover, data, data_len, signature, signature_len); } ck_rv_t pakchois_verify_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism, ck_object_handle_t key) + struct ck_mechanism * mechanism, ck_object_handle_t key) { return CALLS2 (VerifyInit, mechanism, key); } ck_rv_t pakchois_verify (pakchois_session_t * sess, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long signature_len) + unsigned long data_len, unsigned char *signature, + unsigned long signature_len) { return CALLS4 (Verify, data, data_len, signature, signature_len); } ck_rv_t pakchois_verify_update (pakchois_session_t * sess, - unsigned char *part, unsigned long part_len) + unsigned char *part, unsigned long part_len) { return CALLS2 (VerifyUpdate, part, part_len); } ck_rv_t pakchois_verify_final (pakchois_session_t * sess, - unsigned char *signature, unsigned long signature_len) + unsigned char *signature, unsigned long signature_len) { return CALLS2 (VerifyFinal, signature, signature_len); } ck_rv_t pakchois_verify_recover_init (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t key) + struct ck_mechanism * mechanism, + ck_object_handle_t key) { return CALLS2 (VerifyRecoverInit, mechanism, key); } ck_rv_t pakchois_verify_recover (pakchois_session_t * sess, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, unsigned long *data_len) + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, unsigned long *data_len) { return CALLS4 (VerifyRecover, signature, signature_len, data, data_len); } ck_rv_t pakchois_digest_encrypt_update (pakchois_session_t * sess, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len) + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len) { return CALLS4 (DigestEncryptUpdate, part, part_len, - encrypted_part, encrypted_part_len); + encrypted_part, encrypted_part_len); } ck_rv_t pakchois_decrypt_digest_update (pakchois_session_t * sess, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len) + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len) { return CALLS4 (DecryptDigestUpdate, encrypted_part, - encrypted_part_len, part, part_len); + encrypted_part_len, part, part_len); } ck_rv_t pakchois_sign_encrypt_update (pakchois_session_t * sess, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len) + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len) { return CALLS4 (SignEncryptUpdate, part, part_len, - encrypted_part, encrypted_part_len); + encrypted_part, encrypted_part_len); } ck_rv_t pakchois_decrypt_verify_update (pakchois_session_t * sess, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len) + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len) { return CALLS4 (DecryptVerifyUpdate, encrypted_part, - encrypted_part_len, part, part_len); + encrypted_part_len, part, part_len); } ck_rv_t pakchois_generate_key (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - struct ck_attribute * templ, - unsigned long count, ck_object_handle_t * key) + struct ck_mechanism * mechanism, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * key) { return CALLS4 (GenerateKey, mechanism, templ, count, key); } ck_rv_t pakchois_generate_key_pair (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - struct ck_attribute * - public_key_template, - unsigned long - public_key_attribute_count, - struct ck_attribute * - private_key_template, - unsigned long - private_key_attribute_count, - ck_object_handle_t * public_key, - ck_object_handle_t * private_key) + struct ck_mechanism * mechanism, + struct ck_attribute * + public_key_template, + unsigned long + public_key_attribute_count, + struct ck_attribute * + private_key_template, + unsigned long + private_key_attribute_count, + ck_object_handle_t * public_key, + ck_object_handle_t * private_key) { return CALLS7 (GenerateKeyPair, mechanism, - public_key_template, public_key_attribute_count, - private_key_template, private_key_attribute_count, - public_key, private_key); + public_key_template, public_key_attribute_count, + private_key_template, private_key_attribute_count, + public_key, private_key); } ck_rv_t pakchois_wrap_key (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, unsigned long *wrapped_key_len) + struct ck_mechanism * mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, unsigned long *wrapped_key_len) { return CALLS5 (WrapKey, mechanism, wrapping_key, - key, wrapped_key, wrapped_key_len); + key, wrapped_key, wrapped_key_len); } ck_rv_t pakchois_unwrap_key (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute * templ, - unsigned long attribute_count, ck_object_handle_t * key) + struct ck_mechanism * mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute * templ, + unsigned long attribute_count, ck_object_handle_t * key) { return CALLS7 (UnwrapKey, mechanism, unwrapping_key, - wrapped_key, wrapped_key_len, templ, attribute_count, key); + wrapped_key, wrapped_key_len, templ, attribute_count, key); } ck_rv_t pakchois_derive_key (pakchois_session_t * sess, - struct ck_mechanism * mechanism, - ck_object_handle_t base_key, - struct ck_attribute * templ, - unsigned long attribute_count, ck_object_handle_t * key) + struct ck_mechanism * mechanism, + ck_object_handle_t base_key, + struct ck_attribute * templ, + unsigned long attribute_count, ck_object_handle_t * key) { return CALLS5 (DeriveKey, mechanism, base_key, templ, attribute_count, key); } @@ -1221,15 +1221,15 @@ pakchois_derive_key (pakchois_session_t * sess, ck_rv_t pakchois_seed_random (pakchois_session_t * sess, - unsigned char *seed, unsigned long seed_len) + unsigned char *seed, unsigned long seed_len) { return CALLS2 (SeedRandom, seed, seed_len); } ck_rv_t pakchois_generate_random (pakchois_session_t * sess, - unsigned char *random_data, - unsigned long random_len) + unsigned char *random_data, + unsigned long random_len) { return CALLS2 (GenerateRandom, random_data, random_len); } diff --git a/lib/pakchois/pakchois.h b/lib/pakchois/pakchois.h index e4b67b2577..a7f8069fcd 100644 --- a/lib/pakchois/pakchois.h +++ b/lib/pakchois/pakchois.h @@ -72,7 +72,7 @@ ck_rv_t pakchois_module_load (pakchois_module_t ** module, const char *name); * multiple times within an application; the underlying PKCS#11 provider will * be loaded only once. */ ck_rv_t pakchois_module_load_abs (pakchois_module_t ** module, - const char *name); + const char *name); /* Load an NSS "softokn" which violates the PKCS#11 standard in * initialization, with given name (e.g. "softokn3"). The directory @@ -80,18 +80,18 @@ ck_rv_t pakchois_module_load_abs (pakchois_module_t ** module, * arguments may be NULL to use defaults. Returns CKR_OK on * success. */ ck_rv_t pakchois_module_nssload (pakchois_module_t ** module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, - const char *secmod_db); + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, + const char *secmod_db); ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module, - const char *name, - const char *directory, - const char *cert_prefix, - const char *key_prefix, - const char *secmod_db); + const char *name, + const char *directory, + const char *cert_prefix, + const char *key_prefix, + const char *secmod_db); /* Destroy a PKCS#11 module. */ void pakchois_module_destroy (pakchois_module_t * module); @@ -135,244 +135,244 @@ const char *pakchois_error (ck_rv_t rv); ck_rv_t pakchois_get_info (pakchois_module_t * module, struct ck_info *info); ck_rv_t pakchois_get_slot_list (pakchois_module_t * module, - unsigned char token_present, - ck_slot_id_t * slot_list, - unsigned long *count); + unsigned char token_present, + ck_slot_id_t * slot_list, + unsigned long *count); ck_rv_t pakchois_get_slot_info (pakchois_module_t * module, - ck_slot_id_t slot_id, - struct ck_slot_info *info); + ck_slot_id_t slot_id, + struct ck_slot_info *info); ck_rv_t pakchois_get_token_info (pakchois_module_t * module, - ck_slot_id_t slot_id, - struct ck_token_info *info); + ck_slot_id_t slot_id, + struct ck_token_info *info); ck_rv_t pakchois_wait_for_slot_event (pakchois_module_t * module, - ck_flags_t flags, ck_slot_id_t * slot, - void *reserved); + ck_flags_t flags, ck_slot_id_t * slot, + void *reserved); ck_rv_t pakchois_get_mechanism_list (pakchois_module_t * module, - ck_slot_id_t slot_id, - ck_mechanism_type_t * mechanism_list, - unsigned long *count); + ck_slot_id_t slot_id, + ck_mechanism_type_t * mechanism_list, + unsigned long *count); ck_rv_t pakchois_get_mechanism_info (pakchois_module_t * module, - ck_slot_id_t slot_id, - ck_mechanism_type_t type, - struct ck_mechanism_info *info); + ck_slot_id_t slot_id, + ck_mechanism_type_t type, + struct ck_mechanism_info *info); ck_rv_t pakchois_init_token (pakchois_module_t * module, - ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label); + ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label); ck_rv_t pakchois_init_pin (pakchois_session_t * session, unsigned char *pin, - unsigned long pin_len); + unsigned long pin_len); ck_rv_t pakchois_set_pin (pakchois_session_t * session, - unsigned char *old_pin, unsigned long old_len, - unsigned char *new_pin, unsigned long new_len); + unsigned char *old_pin, unsigned long old_len, + unsigned char *new_pin, unsigned long new_len); typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t * sess, - ck_notification_t event, - void *application); + ck_notification_t event, + void *application); ck_rv_t pakchois_open_session (pakchois_module_t * module, - ck_slot_id_t slot_id, ck_flags_t flags, - void *application, pakchois_notify_t notify, - pakchois_session_t ** session); + ck_slot_id_t slot_id, ck_flags_t flags, + void *application, pakchois_notify_t notify, + pakchois_session_t ** session); ck_rv_t pakchois_close_session (pakchois_session_t * session); ck_rv_t pakchois_close_all_sessions (pakchois_module_t * module, - ck_slot_id_t slot_id); + ck_slot_id_t slot_id); ck_rv_t pakchois_get_session_info (pakchois_session_t * session, - struct ck_session_info *info); + struct ck_session_info *info); ck_rv_t pakchois_get_operation_state (pakchois_session_t * session, - unsigned char *operation_state, - unsigned long *operation_state_len); + unsigned char *operation_state, + unsigned long *operation_state_len); ck_rv_t pakchois_set_operation_state (pakchois_session_t * session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key); + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key); ck_rv_t pakchois_login (pakchois_session_t * session, - ck_user_type_t user_type, unsigned char *pin, - unsigned long pin_len); + ck_user_type_t user_type, unsigned char *pin, + unsigned long pin_len); ck_rv_t pakchois_logout (pakchois_session_t * session); ck_rv_t pakchois_create_object (pakchois_session_t * session, - struct ck_attribute *templ, - unsigned long count, - ck_object_handle_t * object); + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t * object); ck_rv_t pakchois_copy_object (pakchois_session_t * session, - ck_object_handle_t object, - struct ck_attribute *templ, unsigned long count, - ck_object_handle_t * new_object); + ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t * new_object); ck_rv_t pakchois_destroy_object (pakchois_session_t * session, - ck_object_handle_t object); + ck_object_handle_t object); ck_rv_t pakchois_get_object_size (pakchois_session_t * session, - ck_object_handle_t object, - unsigned long *size); + ck_object_handle_t object, + unsigned long *size); ck_rv_t pakchois_get_attribute_value (pakchois_session_t * session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count); + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count); ck_rv_t pakchois_set_attribute_value (pakchois_session_t * session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count); + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count); ck_rv_t pakchois_find_objects_init (pakchois_session_t * session, - struct ck_attribute *templ, - unsigned long count); + struct ck_attribute *templ, + unsigned long count); ck_rv_t pakchois_find_objects (pakchois_session_t * session, - ck_object_handle_t * object, - unsigned long max_object_count, - unsigned long *object_count); + ck_object_handle_t * object, + unsigned long max_object_count, + unsigned long *object_count); ck_rv_t pakchois_find_objects_final (pakchois_session_t * session); ck_rv_t pakchois_encrypt_init (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); + struct ck_mechanism *mechanism, + ck_object_handle_t key); ck_rv_t pakchois_encrypt (pakchois_session_t * session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len); + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len); ck_rv_t pakchois_encrypt_update (pakchois_session_t * session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len); + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len); ck_rv_t pakchois_encrypt_final (pakchois_session_t * session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len); + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len); ck_rv_t pakchois_decrypt_init (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); + struct ck_mechanism *mechanism, + ck_object_handle_t key); ck_rv_t pakchois_decrypt (pakchois_session_t * session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len); + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len); ck_rv_t pakchois_decrypt_update (pakchois_session_t * session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len); + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len); ck_rv_t pakchois_decrypt_final (pakchois_session_t * session, - unsigned char *last_part, - unsigned long *last_part_len); + unsigned char *last_part, + unsigned long *last_part_len); ck_rv_t pakchois_digest_init (pakchois_session_t * session, - struct ck_mechanism *mechanism); + struct ck_mechanism *mechanism); ck_rv_t pakchois_digest (pakchois_session_t * session, unsigned char *data, - unsigned long data_len, unsigned char *digest, - unsigned long *digest_len); + unsigned long data_len, unsigned char *digest, + unsigned long *digest_len); ck_rv_t pakchois_digest_update (pakchois_session_t * session, - unsigned char *part, unsigned long part_len); + unsigned char *part, unsigned long part_len); ck_rv_t pakchois_digest_key (pakchois_session_t * session, - ck_object_handle_t key); + ck_object_handle_t key); ck_rv_t pakchois_digest_final (pakchois_session_t * session, - unsigned char *digest, - unsigned long *digest_len); + unsigned char *digest, + unsigned long *digest_len); ck_rv_t pakchois_sign_init (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); + struct ck_mechanism *mechanism, + ck_object_handle_t key); ck_rv_t pakchois_sign (pakchois_session_t * session, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long *signature_len); + unsigned long data_len, unsigned char *signature, + unsigned long *signature_len); ck_rv_t pakchois_sign_update (pakchois_session_t * session, - unsigned char *part, unsigned long part_len); + unsigned char *part, unsigned long part_len); ck_rv_t pakchois_sign_final (pakchois_session_t * session, - unsigned char *signature, - unsigned long *signature_len); + unsigned char *signature, + unsigned long *signature_len); ck_rv_t pakchois_sign_recover_init (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); + struct ck_mechanism *mechanism, + ck_object_handle_t key); ck_rv_t pakchois_sign_recover (pakchois_session_t * session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len); + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len); ck_rv_t pakchois_verify_init (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); + struct ck_mechanism *mechanism, + ck_object_handle_t key); ck_rv_t pakchois_verify (pakchois_session_t * session, unsigned char *data, - unsigned long data_len, unsigned char *signature, - unsigned long signature_len); + unsigned long data_len, unsigned char *signature, + unsigned long signature_len); ck_rv_t pakchois_verify_update (pakchois_session_t * session, - unsigned char *part, unsigned long part_len); + unsigned char *part, unsigned long part_len); ck_rv_t pakchois_verify_final (pakchois_session_t * session, - unsigned char *signature, - unsigned long signature_len); + unsigned char *signature, + unsigned long signature_len); ck_rv_t pakchois_verify_recover_init (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t key); + struct ck_mechanism *mechanism, + ck_object_handle_t key); ck_rv_t pakchois_verify_recover (pakchois_session_t * session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, - unsigned long *data_len); + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len); ck_rv_t pakchois_digest_encrypt_update (pakchois_session_t * session, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len); + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len); ck_rv_t pakchois_decrypt_digest_update (pakchois_session_t * session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len); + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len); ck_rv_t pakchois_sign_encrypt_update (pakchois_session_t * session, - unsigned char *part, - unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len); + unsigned char *part, + unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len); ck_rv_t pakchois_decrypt_verify_update (pakchois_session_t * session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len); + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len); ck_rv_t pakchois_generate_key (pakchois_session_t * session, - struct ck_mechanism *mechanism, - struct ck_attribute *templ, - unsigned long count, ck_object_handle_t * key); + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t * key); ck_rv_t pakchois_generate_key_pair (pakchois_session_t * session, - struct ck_mechanism *mechanism, - struct ck_attribute *public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute *private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t * public_key, - ck_object_handle_t * private_key); + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t * public_key, + ck_object_handle_t * private_key); ck_rv_t pakchois_wrap_key (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, unsigned char *wrapped_key, - unsigned long *wrapped_key_len); + struct ck_mechanism *mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, unsigned char *wrapped_key, + unsigned long *wrapped_key_len); ck_rv_t pakchois_unwrap_key (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t * key); + struct ck_mechanism *mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t * key); ck_rv_t pakchois_derive_key (pakchois_session_t * session, - struct ck_mechanism *mechanism, - ck_object_handle_t base_key, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t * key); + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t * key); ck_rv_t pakchois_seed_random (pakchois_session_t * session, - unsigned char *seed, unsigned long seed_len); + unsigned char *seed, unsigned long seed_len); ck_rv_t pakchois_generate_random (pakchois_session_t * session, - unsigned char *random_data, - unsigned long random_len); + unsigned char *random_data, + unsigned long random_len); #endif /* PAKCHOIS_H */ diff --git a/lib/pakchois/pakchois11.h b/lib/pakchois/pakchois11.h index 60021d0f0e..3e29bb94fc 100644 --- a/lib/pakchois/pakchois11.h +++ b/lib/pakchois/pakchois11.h @@ -180,7 +180,7 @@ extern "C" #define unlock_mutex UnlockMutex #define reserved pReserved -#endif /* CRYPTOKI_COMPAT */ +#endif /* CRYPTOKI_COMPAT */ @@ -732,7 +732,7 @@ extern "C" typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, - ck_notification_t event, void *application); + ck_notification_t event, void *application); /* Forward reference. */ struct ck_function_list; @@ -745,268 +745,268 @@ ck_rv_t CK_SPEC name args _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info * info)); _CK_DECLARE_FUNCTION (C_GetFunctionList, - (struct ck_function_list ** function_list)); + (struct ck_function_list ** function_list)); _CK_DECLARE_FUNCTION (C_GetSlotList, - (unsigned char token_present, - ck_slot_id_t * slot_list, unsigned long *count)); + (unsigned char token_present, + ck_slot_id_t * slot_list, unsigned long *count)); _CK_DECLARE_FUNCTION (C_GetSlotInfo, - (ck_slot_id_t slot_id, struct ck_slot_info * info)); + (ck_slot_id_t slot_id, struct ck_slot_info * info)); _CK_DECLARE_FUNCTION (C_GetTokenInfo, - (ck_slot_id_t slot_id, - struct ck_token_info * info)); + (ck_slot_id_t slot_id, + struct ck_token_info * info)); _CK_DECLARE_FUNCTION (C_WaitForSlotEvent, - (ck_flags_t flags, ck_slot_id_t * slot, - void *reserved)); + (ck_flags_t flags, ck_slot_id_t * slot, + void *reserved)); _CK_DECLARE_FUNCTION (C_GetMechanismList, - (ck_slot_id_t slot_id, - ck_mechanism_type_t * mechanism_list, - unsigned long *count)); + (ck_slot_id_t slot_id, + ck_mechanism_type_t * mechanism_list, + unsigned long *count)); _CK_DECLARE_FUNCTION (C_GetMechanismInfo, - (ck_slot_id_t slot_id, ck_mechanism_type_t type, - struct ck_mechanism_info * info)); + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info * info)); _CK_DECLARE_FUNCTION (C_InitToken, - (ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label)); + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); _CK_DECLARE_FUNCTION (C_InitPIN, - (ck_session_handle_t session, unsigned char *pin, - unsigned long pin_len)); + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); _CK_DECLARE_FUNCTION (C_SetPIN, - (ck_session_handle_t session, - unsigned char *old_pin, unsigned long old_len, - unsigned char *new_pin, unsigned long new_len)); + (ck_session_handle_t session, + unsigned char *old_pin, unsigned long old_len, + unsigned char *new_pin, unsigned long new_len)); _CK_DECLARE_FUNCTION (C_OpenSession, - (ck_slot_id_t slot_id, ck_flags_t flags, - void *application, ck_notify_t notify, - ck_session_handle_t * session)); + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t * session)); _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); _CK_DECLARE_FUNCTION (C_GetSessionInfo, - (ck_session_handle_t session, - struct ck_session_info * info)); + (ck_session_handle_t session, + struct ck_session_info * info)); _CK_DECLARE_FUNCTION (C_GetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long *operation_state_len)); + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); _CK_DECLARE_FUNCTION (C_SetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key)); + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); _CK_DECLARE_FUNCTION (C_Login, - (ck_session_handle_t session, - ck_user_type_t user_type, unsigned char *pin, - unsigned long pin_len)); + (ck_session_handle_t session, + ck_user_type_t user_type, unsigned char *pin, + unsigned long pin_len)); _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CreateObject, - (ck_session_handle_t session, - struct ck_attribute * templ, - unsigned long count, ck_object_handle_t * object)); + (ck_session_handle_t session, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * object)); _CK_DECLARE_FUNCTION (C_CopyObject, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute * templ, unsigned long count, - ck_object_handle_t * new_object)); + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute * templ, unsigned long count, + ck_object_handle_t * new_object)); _CK_DECLARE_FUNCTION (C_DestroyObject, - (ck_session_handle_t session, - ck_object_handle_t object)); + (ck_session_handle_t session, + ck_object_handle_t object)); _CK_DECLARE_FUNCTION (C_GetObjectSize, - (ck_session_handle_t session, - ck_object_handle_t object, unsigned long *size)); + (ck_session_handle_t session, + ck_object_handle_t object, unsigned long *size)); _CK_DECLARE_FUNCTION (C_GetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute * templ, unsigned long count)); + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute * templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_SetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute * templ, unsigned long count)); + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute * templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_FindObjectsInit, - (ck_session_handle_t session, - struct ck_attribute * templ, unsigned long count)); + (ck_session_handle_t session, + struct ck_attribute * templ, unsigned long count)); _CK_DECLARE_FUNCTION (C_FindObjects, - (ck_session_handle_t session, - ck_object_handle_t * object, - unsigned long max_object_count, - unsigned long *object_count)); + (ck_session_handle_t session, + ck_object_handle_t * object, + unsigned long max_object_count, + unsigned long *object_count)); _CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_EncryptInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Encrypt, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len)); + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); _CK_DECLARE_FUNCTION (C_EncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_EncryptFinal, - (ck_session_handle_t session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len)); + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Decrypt, - (ck_session_handle_t session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len)); + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION (C_DecryptUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_DecryptFinal, - (ck_session_handle_t session, - unsigned char *last_part, - unsigned long *last_part_len)); + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); _CK_DECLARE_FUNCTION (C_DigestInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism)); _CK_DECLARE_FUNCTION (C_Digest, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *digest, unsigned long *digest_len)); + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, unsigned long *digest_len)); _CK_DECLARE_FUNCTION (C_DigestUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_DigestKey, - (ck_session_handle_t session, - ck_object_handle_t key)); + (ck_session_handle_t session, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_DigestFinal, - (ck_session_handle_t session, unsigned char *digest, - unsigned long *digest_len)); + (ck_session_handle_t session, unsigned char *digest, + unsigned long *digest_len)); _CK_DECLARE_FUNCTION (C_SignInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Sign, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_SignUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_SignFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long *signature_len)); + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_SignRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_SignRecover, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); _CK_DECLARE_FUNCTION (C_VerifyInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_Verify, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long signature_len)); + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); _CK_DECLARE_FUNCTION (C_VerifyUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); _CK_DECLARE_FUNCTION (C_VerifyFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len)); + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); _CK_DECLARE_FUNCTION (C_VerifyRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t key)); _CK_DECLARE_FUNCTION (C_VerifyRecover, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, unsigned long *data_len)); + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, unsigned long *data_len)); _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_SignEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); _CK_DECLARE_FUNCTION (C_GenerateKey, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - struct ck_attribute * templ, - unsigned long count, ck_object_handle_t * key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + struct ck_attribute * templ, + unsigned long count, ck_object_handle_t * key)); _CK_DECLARE_FUNCTION (C_GenerateKeyPair, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - struct ck_attribute * public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute * private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t * public_key, - ck_object_handle_t * private_key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + struct ck_attribute * public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute * private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t * public_key, + ck_object_handle_t * private_key)); _CK_DECLARE_FUNCTION (C_WrapKey, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, - unsigned long *wrapped_key_len)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); _CK_DECLARE_FUNCTION (C_UnwrapKey, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute * templ, - unsigned long attribute_count, - ck_object_handle_t * key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute * templ, + unsigned long attribute_count, + ck_object_handle_t * key)); _CK_DECLARE_FUNCTION (C_DeriveKey, - (ck_session_handle_t session, - struct ck_mechanism * mechanism, - ck_object_handle_t base_key, - struct ck_attribute * templ, - unsigned long attribute_count, - ck_object_handle_t * key)); + (ck_session_handle_t session, + struct ck_mechanism * mechanism, + ck_object_handle_t base_key, + struct ck_attribute * templ, + unsigned long attribute_count, + ck_object_handle_t * key)); _CK_DECLARE_FUNCTION (C_SeedRandom, - (ck_session_handle_t session, unsigned char *seed, - unsigned long seed_len)); + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); _CK_DECLARE_FUNCTION (C_GenerateRandom, - (ck_session_handle_t session, - unsigned char *random_data, - unsigned long random_len)); + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); @@ -1354,7 +1354,7 @@ ck_rv_t CK_SPEC name args #undef unlock_mutex #undef reserved -#endif /* CRYPTOKI_COMPAT */ +#endif /* CRYPTOKI_COMPAT */ /* System dependencies. */ @@ -1366,4 +1366,4 @@ ck_rv_t CK_SPEC name args } #endif -#endif /* PKCS11_H */ +#endif /* PKCS11_H */ diff --git a/lib/pkcs11.c b/lib/pkcs11.c index d04727e045..06242e2c0d 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -172,7 +172,7 @@ pkcs11_rescan_slots (void) unsigned long slots; pakchois_get_slot_list (providers[active_providers - 1].module, 0, - NULL, &slots); + NULL, &slots); } /** @@ -218,7 +218,7 @@ gnutls_pkcs11_add_provider (const char *name, const char *params) providers[active_providers - 1].slots = gnutls_malloc (sizeof (*providers[active_providers - 1].slots) * - providers[active_providers - 1].nslots); + providers[active_providers - 1].nslots); if (providers[active_providers - 1].slots == NULL) { gnutls_assert (); @@ -236,19 +236,19 @@ gnutls_pkcs11_add_provider (const char *name, const char *params) } memset (&providers[active_providers - 1].info, 0, - sizeof (providers[active_providers - 1].info)); + sizeof (providers[active_providers - 1].info)); pakchois_get_info (providers[active_providers - 1].module, - &providers[active_providers - 1].info); + &providers[active_providers - 1].info); terminate_string (providers[active_providers - 1].info.manufacturer_id, - sizeof (providers[active_providers - 1]. - info.manufacturer_id)); + sizeof (providers[active_providers - 1]. + info.manufacturer_id)); terminate_string (providers[active_providers - 1].info.library_description, - sizeof (providers[active_providers - 1]. - info.library_description)); + sizeof (providers[active_providers - 1]. + info.library_description)); _gnutls_debug_log ("p11: loaded provider '%s' with %d slots\n", - name, (int) providers[active_providers - 1].nslots); + name, (int) providers[active_providers - 1].nslots); return 0; @@ -276,16 +276,16 @@ fail: **/ int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt, - gnutls_pkcs11_obj_info_t itype, - void *output, size_t * output_size) + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size) { return pkcs11_get_info (&crt->info, itype, output, output_size); } int pkcs11_get_info (struct pkcs11_url_info *info, - gnutls_pkcs11_obj_info_t itype, void *output, - size_t * output_size) + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size) { const char *str = NULL; size_t len; @@ -294,12 +294,12 @@ pkcs11_get_info (struct pkcs11_url_info *info, { case GNUTLS_PKCS11_OBJ_ID: if (*output_size < info->certid_raw_size) - { - *output_size = info->certid_raw_size; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + *output_size = info->certid_raw_size; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } if (output) - memcpy (output, info->certid_raw, info->certid_raw_size); + memcpy (output, info->certid_raw, info->certid_raw_size); *output_size = info->certid_raw_size; return 0; @@ -390,42 +390,42 @@ gnutls_pkcs11_init (unsigned int flags, const char *configfile) const char *library; if (configfile == NULL) - configfile = "/etc/gnutls/pkcs11.conf"; + configfile = "/etc/gnutls/pkcs11.conf"; fp = fopen (configfile, "r"); if (fp == NULL) - { - gnutls_assert (); - _gnutls_debug_log ("Cannot load %s\n", configfile); - return GNUTLS_E_FILE_ERROR; - } + { + gnutls_assert (); + _gnutls_debug_log ("Cannot load %s\n", configfile); + return GNUTLS_E_FILE_ERROR; + } while (fgets (line, sizeof (line), fp) != NULL) - { - if (strncmp (line, "load", sizeof ("load") - 1) == 0) - { - char *p; - p = strchr (line, '='); - if (p == NULL) - continue; - - library = ++p; - - p = strchr (line, '\n'); - if (p != NULL) - { - *p = 0; - } - - ret = gnutls_pkcs11_add_provider (library, NULL); - if (ret < 0) - { - gnutls_assert (); - _gnutls_debug_log ("Cannot load provider: %s\n", library); - continue; - } - } - } + { + if (strncmp (line, "load", sizeof ("load") - 1) == 0) + { + char *p; + p = strchr (line, '='); + if (p == NULL) + continue; + + library = ++p; + + p = strchr (line, '\n'); + if (p != NULL) + { + *p = 0; + } + + ret = gnutls_pkcs11_add_provider (library, NULL); + if (ret < 0) + { + gnutls_assert (); + _gnutls_debug_log ("Cannot load provider: %s\n", library); + continue; + } + } + } } return 0; @@ -488,7 +488,7 @@ gnutls_pkcs11_deinit (void) **/ void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, - void *userdata) + void *userdata) { pin_func = fn; pin_data = userdata; @@ -507,7 +507,7 @@ gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn, **/ void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, - void *userdata) + void *userdata) { token_func = fn; token_data = userdata; @@ -515,7 +515,7 @@ gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn, static int unescape_string (char *output, const char *input, size_t * size, - char terminator) + char terminator) { gnutls_buffer_st str; int ret = 0; @@ -581,9 +581,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->lib_manufacturer, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "library-description=")) != NULL) @@ -593,9 +593,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->lib_desc, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "library-version=")) != NULL) @@ -605,9 +605,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->lib_version, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, ";manufacturer=")) != NULL || @@ -619,9 +619,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->manufacturer, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "token=")) != NULL) @@ -631,9 +631,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->token, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "object=")) != NULL) @@ -643,9 +643,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->label, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "serial=")) != NULL) @@ -655,9 +655,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->serial, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "model=")) != NULL) @@ -667,9 +667,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->model, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if ((p1 = strstr (url, "objecttype=")) != NULL) @@ -679,9 +679,9 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) ret = unescape_string (info->type, p1, &l, ';'); if (ret < 0) - { - goto cleanup; - } + { + goto cleanup; + } } if (((p1 = strstr (url, ";id=")) != NULL) @@ -690,19 +690,19 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) p1 += sizeof (";id=") - 1; if ((p2 = strchr (p1, ';')) == NULL) - { - l = strlen (p1); - } + { + l = strlen (p1); + } else - { - l = p2 - p1; - } + { + l = p2 - p1; + } if (l > sizeof (info->id) - 1) - { - gnutls_assert (); - ret = GNUTLS_E_PARSING_ERROR; - } + { + gnutls_assert (); + ret = GNUTLS_E_PARSING_ERROR; + } memcpy (info->id, p1, l); info->id[l] = 0; @@ -710,13 +710,13 @@ pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info) /* convert to raw */ info->certid_raw_size = sizeof (info->certid_raw); ret = - _gnutls_hex2bin (info->id, strlen (info->id), - info->certid_raw, &info->certid_raw_size); + _gnutls_hex2bin (info->id, strlen (info->id), + info->certid_raw, &info->certid_raw_size); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } ret = 0; @@ -731,7 +731,7 @@ cleanup: static int append (gnutls_buffer_st * dest, const char *tname, - const char *p11name, int init) + const char *p11name, int init) { gnutls_buffer_st tmpstr; int ret; @@ -758,8 +758,8 @@ append (gnutls_buffer_st * dest, const char *tname, if ((ret = _gnutls_buffer_append_printf (dest, "%s%s=%s", - (init != 0) ? ";" : "", p11name, - tmpstr.data)) < 0) + (init != 0) ? ";" : "", p11name, + tmpstr.data)) < 0) { gnutls_assert (); goto cleanup; @@ -777,7 +777,7 @@ cleanup: int pkcs11_info_to_url (const struct pkcs11_url_info *info, - gnutls_pkcs11_url_type_t detailed, char **url) + gnutls_pkcs11_url_type_t detailed, char **url) { gnutls_buffer_st str; int init = 0; @@ -791,10 +791,10 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info, { ret = append (&str, info->token, "token", init); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } init = 1; } @@ -802,10 +802,10 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info, { ret = append (&str, info->serial, "serial", init); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } init = 1; } @@ -813,10 +813,10 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info, { ret = append (&str, info->model, "model", init); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } init = 1; } @@ -825,10 +825,10 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info, { ret = append (&str, info->manufacturer, "manufacturer", init); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } init = 1; } @@ -836,10 +836,10 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info, { ret = append (&str, info->label, "object", init); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } init = 1; } @@ -847,62 +847,62 @@ pkcs11_info_to_url (const struct pkcs11_url_info *info, { ret = append (&str, info->type, "objecttype", init); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } init = 1; } if (detailed > GNUTLS_PKCS11_URL_GENERIC) { if (info->lib_manufacturer[0]) - { - ret = - append (&str, info->lib_manufacturer, "library-manufacturer", - init); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - init = 1; - } + { + ret = + append (&str, info->lib_manufacturer, "library-manufacturer", + init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } if (info->lib_desc[0]) - { - ret = append (&str, info->lib_desc, "library-description", init); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - init = 1; - } + { + ret = append (&str, info->lib_desc, "library-description", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } } if (detailed > GNUTLS_PKCS11_URL_LIB) { if (info->lib_version[0]) - { - ret = append (&str, info->lib_version, "library-version", init); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - init = 1; - } + { + ret = append (&str, info->lib_version, "library-version", init); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + init = 1; + } } if (info->id[0] != 0) { ret = _gnutls_buffer_append_printf (&str, ";id=%s", info->id); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } _gnutls_buffer_append_data (&str, "", 1); @@ -974,7 +974,7 @@ gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t crt) **/ int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj, - void *output_data, size_t * output_data_size) + void *output_data, size_t * output_data_size) { if (obj == NULL || obj->raw.data == NULL) { @@ -1012,8 +1012,8 @@ terminate_string (unsigned char *str, size_t len) int pkcs11_find_object (pakchois_session_t ** _pks, - ck_object_handle_t * _obj, - struct pkcs11_url_info *info, unsigned int flags) + ck_object_handle_t * _obj, + struct pkcs11_url_info *info, unsigned int flags) { int ret; pakchois_session_t *pks; @@ -1080,61 +1080,61 @@ static void fix_strings (struct token_info *info) { terminate_string (info->tinfo.manufacturer_id, - sizeof info->tinfo.manufacturer_id); + sizeof info->tinfo.manufacturer_id); terminate_string (info->tinfo.label, sizeof info->tinfo.label); terminate_string (info->tinfo.model, sizeof info->tinfo.model); terminate_string (info->tinfo.serial_number, - sizeof info->tinfo.serial_number); + sizeof info->tinfo.serial_number); terminate_string (info->sinfo.slot_description, - sizeof info->sinfo.slot_description); + sizeof info->sinfo.slot_description); } int pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot, - struct pkcs11_url_info *info, struct token_info *_tinfo) + struct pkcs11_url_info *info, struct token_info *_tinfo) { int x, z; for (x = 0; x < active_providers; x++) { for (z = 0; z < providers[x].nslots; z++) - { - struct token_info tinfo; + { + struct token_info tinfo; - if (pakchois_get_token_info - (providers[x].module, providers[x].slots[z], - &tinfo.tinfo) != CKR_OK) - { - continue; - } - tinfo.sid = providers[x].slots[z]; - tinfo.prov = &providers[x]; + if (pakchois_get_token_info + (providers[x].module, providers[x].slots[z], + &tinfo.tinfo) != CKR_OK) + { + continue; + } + tinfo.sid = providers[x].slots[z]; + tinfo.prov = &providers[x]; - if (pakchois_get_slot_info - (providers[x].module, providers[x].slots[z], - &tinfo.sinfo) != CKR_OK) - { - continue; - } + if (pakchois_get_slot_info + (providers[x].module, providers[x].slots[z], + &tinfo.sinfo) != CKR_OK) + { + continue; + } - /* XXX make wrapper for token_info? */ - fix_strings (&tinfo); + /* XXX make wrapper for token_info? */ + fix_strings (&tinfo); - if (pkcs11_token_matches_info (info, &tinfo.tinfo, - &providers[x].info) < 0) - { - continue; - } + if (pkcs11_token_matches_info (info, &tinfo.tinfo, + &providers[x].info) < 0) + { + continue; + } - /* ok found */ - *module = providers[x].module; - *slot = providers[x].slots[z]; + /* ok found */ + *module = providers[x].module; + *slot = providers[x].slots[z]; - if (_tinfo != NULL) - memcpy (_tinfo, &tinfo, sizeof (tinfo)); + if (_tinfo != NULL) + memcpy (_tinfo, &tinfo, sizeof (tinfo)); - return 0; - } + return 0; + } } gnutls_assert (); @@ -1143,7 +1143,7 @@ pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot, int pkcs11_open_session (pakchois_session_t ** _pks, - struct pkcs11_url_info *info, unsigned int flags) + struct pkcs11_url_info *info, unsigned int flags) { ck_rv_t rv; int ret; @@ -1160,10 +1160,10 @@ pkcs11_open_session (pakchois_session_t ** _pks, } rv = pakchois_open_session (module, - slot, - ((flags & SESSION_WRITE) - ? CKF_RW_SESSION : 0) | - CKF_SERIAL_SESSION, NULL, NULL, &pks); + slot, + ((flags & SESSION_WRITE) + ? CKF_RW_SESSION : 0) | + CKF_SERIAL_SESSION, NULL, NULL, &pks); if (rv != CKR_OK) { gnutls_assert (); @@ -1174,11 +1174,11 @@ pkcs11_open_session (pakchois_session_t ** _pks, { ret = pkcs11_login (pks, &tinfo, (flags & SESSION_SO) ? 1 : 0); if (ret < 0) - { - gnutls_assert (); - pakchois_close_session (pks); - return ret; - } + { + gnutls_assert (); + pakchois_close_session (pks); + return ret; + } } /* ok found */ @@ -1189,7 +1189,7 @@ pkcs11_open_session (pakchois_session_t ** _pks, int _pkcs11_traverse_tokens (find_func_t find_func, void *input, - unsigned int flags) + unsigned int flags) { ck_rv_t rv; int found = 0, x, z, ret; @@ -1198,63 +1198,63 @@ _pkcs11_traverse_tokens (find_func_t find_func, void *input, for (x = 0; x < active_providers; x++) { for (z = 0; z < providers[x].nslots; z++) - { - struct token_info info; - - ret = GNUTLS_E_PKCS11_ERROR; - - if (pakchois_get_token_info - (providers[x].module, providers[x].slots[z], - &info.tinfo) != CKR_OK) - { - continue; - } - info.sid = providers[x].slots[z]; - info.prov = &providers[x]; - - if (pakchois_get_slot_info - (providers[x].module, providers[x].slots[z], - &info.sinfo) != CKR_OK) - { - continue; - } - - /* XXX make wrapper for token_info? */ - fix_strings (&info); - - rv = pakchois_open_session (providers[x].module, - providers[x].slots[z], - ((flags & SESSION_WRITE) - ? CKF_RW_SESSION : 0) | - CKF_SERIAL_SESSION, NULL, NULL, &pks); - if (rv != CKR_OK) - { - continue; - } - - if (flags & SESSION_LOGIN) - { - ret = pkcs11_login (pks, &info, (flags & SESSION_SO) ? 1 : 0); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } - - ret = find_func (pks, &info, &providers[x].info, input); - - if (ret == 0) - { - found = 1; - goto finish; - } - else - { - pakchois_close_session (pks); - pks = NULL; - } - } + { + struct token_info info; + + ret = GNUTLS_E_PKCS11_ERROR; + + if (pakchois_get_token_info + (providers[x].module, providers[x].slots[z], + &info.tinfo) != CKR_OK) + { + continue; + } + info.sid = providers[x].slots[z]; + info.prov = &providers[x]; + + if (pakchois_get_slot_info + (providers[x].module, providers[x].slots[z], + &info.sinfo) != CKR_OK) + { + continue; + } + + /* XXX make wrapper for token_info? */ + fix_strings (&info); + + rv = pakchois_open_session (providers[x].module, + providers[x].slots[z], + ((flags & SESSION_WRITE) + ? CKF_RW_SESSION : 0) | + CKF_SERIAL_SESSION, NULL, NULL, &pks); + if (rv != CKR_OK) + { + continue; + } + + if (flags & SESSION_LOGIN) + { + ret = pkcs11_login (pks, &info, (flags & SESSION_SO) ? 1 : 0); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } + + ret = find_func (pks, &info, &providers[x].info, input); + + if (ret == 0) + { + found = 1; + goto finish; + } + else + { + pakchois_close_session (pks); + pks = NULL; + } + } } finish: @@ -1302,10 +1302,10 @@ pkcs11_obj_type_to_str (gnutls_pkcs11_obj_type_t type) */ static int pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj, - const gnutls_datum_t * data, - const gnutls_datum_t * id, - const gnutls_datum_t * label, - struct ck_token_info *tinfo, struct ck_info *lib_info) + const gnutls_datum_t * data, + const gnutls_datum_t * id, + const gnutls_datum_t * label, + struct ck_token_info *tinfo, struct ck_info *lib_info) { char *s; int ret; @@ -1338,10 +1338,10 @@ pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj, { ret = _gnutls_set_datum (&obj->raw, data->data, data->size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } } terminate_string (tinfo->manufacturer_id, sizeof tinfo->manufacturer_id); @@ -1351,19 +1351,19 @@ pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj, /* write data */ snprintf (obj->info.manufacturer, sizeof (obj->info.manufacturer), - "%s", tinfo->manufacturer_id); + "%s", tinfo->manufacturer_id); snprintf (obj->info.token, sizeof (obj->info.token), "%s", tinfo->label); snprintf (obj->info.model, sizeof (obj->info.model), "%s", tinfo->model); snprintf (obj->info.serial, sizeof (obj->info.serial), "%s", - tinfo->serial_number); + tinfo->serial_number); snprintf (obj->info.lib_manufacturer, sizeof (obj->info.lib_manufacturer), - "%s", lib_info->manufacturer_id); + "%s", lib_info->manufacturer_id); snprintf (obj->info.lib_desc, sizeof (obj->info.lib_desc), "%s", - lib_info->library_description); + lib_info->library_description); snprintf (obj->info.lib_version, sizeof (obj->info.lib_version), "%u.%u", - (unsigned int) lib_info->library_version.major, - (unsigned int) lib_info->library_version.minor); + (unsigned int) lib_info->library_version.major, + (unsigned int) lib_info->library_version.minor); @@ -1376,12 +1376,12 @@ pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj, if (id && id->data) { s = _gnutls_bin2hex (id->data, id->size, obj->info.id, - sizeof (obj->info.id), ":"); + sizeof (obj->info.id), ":"); if (s == NULL) - { - gnutls_assert (); - return GNUTLS_E_PKCS11_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } memmove (obj->info.certid_raw, id->data, id->size); obj->info.certid_raw_size = id->size; @@ -1392,12 +1392,12 @@ pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj, static int pkcs11_obj_import_pubkey (pakchois_session_t * pks, - ck_object_handle_t obj, - gnutls_pkcs11_obj_t crt, - const gnutls_datum_t * id, - const gnutls_datum_t * label, - struct ck_token_info *tinfo, - struct ck_info *lib_info) + ck_object_handle_t obj, + gnutls_pkcs11_obj_t crt, + const gnutls_datum_t * id, + const gnutls_datum_t * label, + struct ck_token_info *tinfo, + struct ck_info *lib_info) { struct ck_attribute a[4]; @@ -1414,114 +1414,114 @@ pkcs11_obj_import_pubkey (pakchois_session_t * pks, if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) { switch (key_type) - { - case CKK_RSA: - a[0].type = CKA_MODULUS; - a[0].value = tmp1; - a[0].value_len = sizeof (tmp1); - a[1].type = CKA_PUBLIC_EXPONENT; - a[1].value = tmp2; - a[1].value_len = sizeof (tmp2); - - if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) - { - - ret = - _gnutls_set_datum (&crt->pubkey[0], - a[0].value, a[0].value_len); - - if (ret >= 0) - ret = - _gnutls_set_datum (&crt->pubkey - [1], a[1].value, a[1].value_len); - - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (&crt->pubkey[1]); - _gnutls_free_datum (&crt->pubkey[0]); - return GNUTLS_E_MEMORY_ERROR; - } - } - else - { - gnutls_assert (); - return GNUTLS_E_PKCS11_ERROR; - } - crt->pk_algorithm = GNUTLS_PK_RSA; - break; - case CKK_DSA: - a[0].type = CKA_PRIME; - a[0].value = tmp1; - a[0].value_len = sizeof (tmp1); - a[1].type = CKA_SUBPRIME; - a[1].value = tmp2; - a[1].value_len = sizeof (tmp2); - - if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) - { - ret = - _gnutls_set_datum (&crt->pubkey[0], - a[0].value, a[0].value_len); - - if (ret >= 0) - ret = - _gnutls_set_datum (&crt->pubkey - [1], a[1].value, a[1].value_len); - - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (&crt->pubkey[1]); - _gnutls_free_datum (&crt->pubkey[0]); - return GNUTLS_E_MEMORY_ERROR; - } - } - else - { - gnutls_assert (); - return GNUTLS_E_PKCS11_ERROR; - } - - a[0].type = CKA_BASE; - a[0].value = tmp1; - a[0].value_len = sizeof (tmp1); - a[1].type = CKA_VALUE; - a[1].value = tmp2; - a[1].value_len = sizeof (tmp2); - - if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) - { - ret = - _gnutls_set_datum (&crt->pubkey[2], - a[0].value, a[0].value_len); - - if (ret >= 0) - ret = - _gnutls_set_datum (&crt->pubkey - [3], a[1].value, a[1].value_len); - - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (&crt->pubkey[0]); - _gnutls_free_datum (&crt->pubkey[1]); - _gnutls_free_datum (&crt->pubkey[2]); - _gnutls_free_datum (&crt->pubkey[3]); - return GNUTLS_E_MEMORY_ERROR; - } - } - else - { - gnutls_assert (); - return GNUTLS_E_PKCS11_ERROR; - } - crt->pk_algorithm = GNUTLS_PK_RSA; - break; - default: - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } + { + case CKK_RSA: + a[0].type = CKA_MODULUS; + a[0].value = tmp1; + a[0].value_len = sizeof (tmp1); + a[1].type = CKA_PUBLIC_EXPONENT; + a[1].value = tmp2; + a[1].value_len = sizeof (tmp2); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + + ret = + _gnutls_set_datum (&crt->pubkey[0], + a[0].value, a[0].value_len); + + if (ret >= 0) + ret = + _gnutls_set_datum (&crt->pubkey + [1], a[1].value, a[1].value_len); + + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&crt->pubkey[1]); + _gnutls_free_datum (&crt->pubkey[0]); + return GNUTLS_E_MEMORY_ERROR; + } + } + else + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + crt->pk_algorithm = GNUTLS_PK_RSA; + break; + case CKK_DSA: + a[0].type = CKA_PRIME; + a[0].value = tmp1; + a[0].value_len = sizeof (tmp1); + a[1].type = CKA_SUBPRIME; + a[1].value = tmp2; + a[1].value_len = sizeof (tmp2); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + ret = + _gnutls_set_datum (&crt->pubkey[0], + a[0].value, a[0].value_len); + + if (ret >= 0) + ret = + _gnutls_set_datum (&crt->pubkey + [1], a[1].value, a[1].value_len); + + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&crt->pubkey[1]); + _gnutls_free_datum (&crt->pubkey[0]); + return GNUTLS_E_MEMORY_ERROR; + } + } + else + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + + a[0].type = CKA_BASE; + a[0].value = tmp1; + a[0].value_len = sizeof (tmp1); + a[1].type = CKA_VALUE; + a[1].value = tmp2; + a[1].value_len = sizeof (tmp2); + + if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) + { + ret = + _gnutls_set_datum (&crt->pubkey[2], + a[0].value, a[0].value_len); + + if (ret >= 0) + ret = + _gnutls_set_datum (&crt->pubkey + [3], a[1].value, a[1].value_len); + + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (&crt->pubkey[0]); + _gnutls_free_datum (&crt->pubkey[1]); + _gnutls_free_datum (&crt->pubkey[2]); + _gnutls_free_datum (&crt->pubkey[3]); + return GNUTLS_E_MEMORY_ERROR; + } + } + else + { + gnutls_assert (); + return GNUTLS_E_PKCS11_ERROR; + } + crt->pk_algorithm = GNUTLS_PK_RSA; + break; + default: + gnutls_assert (); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } } /* read key usage flags */ @@ -1532,9 +1532,9 @@ pkcs11_obj_import_pubkey (pakchois_session_t * pks, if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) { if (tval != 0) - { - crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT; - } + { + crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT; + } } a[0].type = CKA_VERIFY; @@ -1544,11 +1544,11 @@ pkcs11_obj_import_pubkey (pakchois_session_t * pks, if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) { if (tval != 0) - { - crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | - GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN - | GNUTLS_KEY_NON_REPUDIATION; - } + { + crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN + | GNUTLS_KEY_NON_REPUDIATION; + } } a[0].type = CKA_VERIFY_RECOVER; @@ -1558,11 +1558,11 @@ pkcs11_obj_import_pubkey (pakchois_session_t * pks, if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) { if (tval != 0) - { - crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | - GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN - | GNUTLS_KEY_NON_REPUDIATION; - } + { + crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE | + GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN + | GNUTLS_KEY_NON_REPUDIATION; + } } a[0].type = CKA_DERIVE; @@ -1572,9 +1572,9 @@ pkcs11_obj_import_pubkey (pakchois_session_t * pks, if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) { if (tval != 0) - { - crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT; - } + { + crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT; + } } a[0].type = CKA_WRAP; @@ -1584,13 +1584,13 @@ pkcs11_obj_import_pubkey (pakchois_session_t * pks, if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) { if (tval != 0) - { - crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; - } + { + crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; + } } return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label, - tinfo, lib_info); + tinfo, lib_info); } ck_object_class_t @@ -1629,7 +1629,7 @@ pkcs11_strtype_to_class (const char *type) static int find_obj_url (pakchois_session_t * pks, struct token_info *info, - struct ck_info *lib_info, void *input) + struct ck_info *lib_info, void *input) { struct url_find_data_st *find_data = input; struct ck_attribute a[4]; @@ -1643,7 +1643,7 @@ find_obj_url (pakchois_session_t * pks, struct token_info *info, char label_tmp[PKCS11_LABEL_SIZE]; if (info == NULL) - { /* we don't support multiple calls */ + { /* we don't support multiple calls */ gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1661,13 +1661,13 @@ find_obj_url (pakchois_session_t * pks, struct token_info *info, { class = pkcs11_strtype_to_class (find_data->crt->info.type); if (class == CKO_CERTIFICATE) - type = CKC_X_509; + type = CKC_X_509; if (class == -1) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } /* search the token for the id */ @@ -1723,42 +1723,42 @@ find_obj_url (pakchois_session_t * pks, struct token_info *info, a[1].value_len = sizeof (label_tmp); if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK) - { - gnutls_datum_t id = { find_data->crt->info.certid_raw, - find_data->crt->info.certid_raw_size - }; - gnutls_datum_t data = { a[0].value, a[0].value_len }; - gnutls_datum_t label = { a[1].value, a[1].value_len }; - - if (class == CKO_PUBLIC_KEY) - { - ret = - pkcs11_obj_import_pubkey (pks, obj, - find_data->crt, - &id, &label, - &info->tinfo, lib_info); - } - else - { - ret = - pkcs11_obj_import (class, - find_data->crt, - &data, &id, &label, - &info->tinfo, lib_info); - } - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - found = 1; - break; - } + { + gnutls_datum_t id = { find_data->crt->info.certid_raw, + find_data->crt->info.certid_raw_size + }; + gnutls_datum_t data = { a[0].value, a[0].value_len }; + gnutls_datum_t label = { a[1].value, a[1].value_len }; + + if (class == CKO_PUBLIC_KEY) + { + ret = + pkcs11_obj_import_pubkey (pks, obj, + find_data->crt, + &id, &label, + &info->tinfo, lib_info); + } + else + { + ret = + pkcs11_obj_import (class, + find_data->crt, + &data, &id, &label, + &info->tinfo, lib_info); + } + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + found = 1; + break; + } else - { - _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n"); - } + { + _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n"); + } } if (found == 0) @@ -1805,7 +1805,7 @@ pkcs11_obj_flags_to_int (unsigned int flags) **/ int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url, - unsigned int flags) + unsigned int flags) { int ret; struct url_find_data_st find_data; @@ -1822,7 +1822,7 @@ gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url, ret = _pkcs11_traverse_tokens (find_obj_url, &find_data, - pkcs11_obj_flags_to_int (flags)); + pkcs11_obj_flags_to_int (flags)); if (ret < 0) { @@ -1836,19 +1836,19 @@ gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url, struct token_num { struct pkcs11_url_info info; - unsigned int seq; /* which one we are looking for */ - unsigned int current; /* which one are we now */ + unsigned int seq; /* which one we are looking for */ + unsigned int current; /* which one are we now */ }; static int find_token_num (pakchois_session_t * pks, - struct token_info *tinfo, - struct ck_info *lib_info, void *input) + struct token_info *tinfo, + struct ck_info *lib_info, void *input) { struct token_num *find_data = input; if (tinfo == NULL) - { /* we don't support multiple calls */ + { /* we don't support multiple calls */ gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -1863,9 +1863,9 @@ find_token_num (pakchois_session_t * pks, strcpy (find_data->info.lib_manufacturer, lib_info->manufacturer_id); strcpy (find_data->info.lib_desc, lib_info->library_description); snprintf (find_data->info.lib_version, - sizeof (find_data->info.lib_version), "%u.%u", - (unsigned int) lib_info->library_version.major, - (unsigned int) lib_info->library_version.minor); + sizeof (find_data->info.lib_version), "%u.%u", + (unsigned int) lib_info->library_version.major, + (unsigned int) lib_info->library_version.minor); return 0; } @@ -1874,7 +1874,7 @@ find_token_num (pakchois_session_t * pks, /* search the token for the id */ - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */ + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */ } /** @@ -1892,7 +1892,7 @@ find_token_num (pakchois_session_t * pks, int gnutls_pkcs11_token_get_url (unsigned int seq, - gnutls_pkcs11_url_type_t detailed, char **url) + gnutls_pkcs11_url_type_t detailed, char **url) { int ret; struct token_num tn; @@ -1932,8 +1932,8 @@ gnutls_pkcs11_token_get_url (unsigned int seq, **/ int gnutls_pkcs11_token_get_info (const char *url, - gnutls_pkcs11_token_info_t ttype, - void *output, size_t * output_size) + gnutls_pkcs11_token_info_t ttype, + void *output, size_t * output_size) { const char *str; size_t len; @@ -1994,7 +1994,7 @@ gnutls_pkcs11_token_get_info (const char *url, **/ int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t cert, - gnutls_pkcs11_url_type_t detailed, char **url) + gnutls_pkcs11_url_type_t detailed, char **url) { int ret; @@ -2064,17 +2064,17 @@ pkcs11_login (pakchois_session_t * pks, const struct token_info *info, int so) if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) { if (pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0) == - CKR_OK) - { - return 0; - } + CKR_OK) + { + return 0; + } else - { - gnutls_assert (); - _gnutls_debug_log ("pk11: Protected login failed.\n"); - ret = GNUTLS_E_PKCS11_ERROR; - goto cleanup; - } + { + gnutls_assert (); + _gnutls_debug_log ("pk11: Protected login failed.\n"); + ret = GNUTLS_E_PKCS11_ERROR; + goto cleanup; + } } /* Otherwise, PIN entry is necessary for login, so fail if there's @@ -2096,48 +2096,48 @@ pkcs11_login (pakchois_session_t * pks, const struct token_info *info, int so) /* If login has been attempted once already, check the token * status again, the flags might change. */ if (attempt) - { - if (pakchois_get_token_info - (info->prov->module, info->sid, &tinfo) != CKR_OK) - { - gnutls_assert (); - _gnutls_debug_log ("pk11: GetTokenInfo failed\n"); - ret = GNUTLS_E_PKCS11_ERROR; - goto cleanup; - } - } + { + if (pakchois_get_token_info + (info->prov->module, info->sid, &tinfo) != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: GetTokenInfo failed\n"); + ret = GNUTLS_E_PKCS11_ERROR; + goto cleanup; + } + } flags = 0; if (so == 0) - { - flags |= GNUTLS_PKCS11_PIN_USER; - if (tinfo.flags & CKF_USER_PIN_COUNT_LOW) - flags |= GNUTLS_PKCS11_PIN_COUNT_LOW; - if (tinfo.flags & CKF_USER_PIN_FINAL_TRY) - flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; - } + { + flags |= GNUTLS_PKCS11_PIN_USER; + if (tinfo.flags & CKF_USER_PIN_COUNT_LOW) + flags |= GNUTLS_PKCS11_PIN_COUNT_LOW; + if (tinfo.flags & CKF_USER_PIN_FINAL_TRY) + flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; + } else - { - flags |= GNUTLS_PKCS11_PIN_SO; - if (tinfo.flags & CKF_SO_PIN_COUNT_LOW) - flags |= GNUTLS_PKCS11_PIN_COUNT_LOW; - if (tinfo.flags & CKF_SO_PIN_FINAL_TRY) - flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; - } + { + flags |= GNUTLS_PKCS11_PIN_SO; + if (tinfo.flags & CKF_SO_PIN_COUNT_LOW) + flags |= GNUTLS_PKCS11_PIN_COUNT_LOW; + if (tinfo.flags & CKF_SO_PIN_FINAL_TRY) + flags |= GNUTLS_PKCS11_PIN_FINAL_TRY; + } ret = pin_func (pin_data, attempt++, - (char *) token_url, - (char *) info->tinfo.label, flags, pin, sizeof (pin)); + (char *) token_url, + (char *) info->tinfo.label, flags, pin, sizeof (pin)); if (ret < 0) - { - gnutls_assert (); - ret = GNUTLS_E_PKCS11_PIN_ERROR; - goto cleanup; - } + { + gnutls_assert (); + ret = GNUTLS_E_PKCS11_PIN_ERROR; + goto cleanup; + } pin_len = strlen (pin); rv = pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO, - (unsigned char *) pin, pin_len); + (unsigned char *) pin, pin_len); /* Try to scrub the pin off the stack. Clever compilers will * probably optimize this away, oh well. */ @@ -2149,7 +2149,7 @@ pkcs11_login (pakchois_session_t * pks, const struct token_info *info, int so) ret = (rv == CKR_OK - || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv); + || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv); cleanup: gnutls_free (token_url); @@ -2158,7 +2158,7 @@ cleanup: static int find_privkeys (pakchois_session_t * pks, struct token_info *info, - struct pkey_list *list) + struct pkey_list *list) { struct ck_attribute a[3]; ck_object_class_t class; @@ -2228,14 +2228,14 @@ find_privkeys (pakchois_session_t * pks, struct token_info *info, _gnutls_buffer_init (&list->key_ids[current]); if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) - { - _gnutls_buffer_append_data (&list->key_ids[current], - a[0].value, a[0].value_len); - current++; - } + { + _gnutls_buffer_append_data (&list->key_ids[current], + a[0].value, a[0].value_len); + current++; + } if (current > list->key_ids_size) - break; + break; } pakchois_find_objects_final (pks); @@ -2250,7 +2250,7 @@ find_privkeys (pakchois_session_t * pks, struct token_info *info, static int find_objs (pakchois_session_t * pks, struct token_info *info, - struct ck_info *lib_info, void *input) + struct ck_info *lib_info, void *input) { struct crt_find_data_st *find_data = input; struct ck_attribute a[4]; @@ -2264,15 +2264,15 @@ find_objs (pakchois_session_t * pks, struct token_info *info, char certid_tmp[PKCS11_ID_SIZE]; char label_tmp[PKCS11_LABEL_SIZE]; int ret, i; - struct pkey_list plist; /* private key holder */ + struct pkey_list plist; /* private key holder */ int tot_values = 0; if (info == NULL) - { /* final call */ + { /* final call */ if (find_data->current <= *find_data->n_list) - ret = 0; + ret = 0; else - ret = GNUTLS_E_SHORT_MEMORY_BUFFER; + ret = GNUTLS_E_SHORT_MEMORY_BUFFER; *find_data->n_list = find_data->current; @@ -2292,15 +2292,15 @@ find_objs (pakchois_session_t * pks, struct token_info *info, { class = pkcs11_strtype_to_class (find_data->info.type); if (class == CKO_CERTIFICATE) - type = CKC_X_509; + type = CKC_X_509; else - type = -1; + type = -1; if (class == -1) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } @@ -2310,16 +2310,16 @@ find_objs (pakchois_session_t * pks, struct token_info *info, { ret = find_privkeys (pks, info, &plist); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (plist.key_ids_size == 0) - { - gnutls_assert (); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } } cert_data = gnutls_malloc (MAX_CERT_SIZE); @@ -2389,19 +2389,19 @@ find_objs (pakchois_session_t * pks, struct token_info *info, else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) { if (class != -1) - { - a[tot_values].type = CKA_CLASS; - a[tot_values].value = &class; - a[tot_values].value_len = sizeof class; - tot_values++; - } + { + a[tot_values].type = CKA_CLASS; + a[tot_values].value = &class; + a[tot_values].value_len = sizeof class; + tot_values++; + } if (type != -1) - { - a[tot_values].type = CKA_CERTIFICATE_TYPE; - a[tot_values].value = &type; - a[tot_values].value_len = sizeof type; - tot_values++; - } + { + a[tot_values].type = CKA_CERTIFICATE_TYPE; + a[tot_values].value = &type; + a[tot_values].value_len = sizeof type; + tot_values++; + } } else { @@ -2435,103 +2435,103 @@ find_objs (pakchois_session_t * pks, struct token_info *info, a[0].value_len = sizeof label_tmp; if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) - { - label.data = a[0].value; - label.size = a[0].value_len; - } + { + label.data = a[0].value; + label.size = a[0].value_len; + } else - { - label.data = NULL; - label.size = 0; - } + { + label.data = NULL; + label.size = 0; + } a[0].type = CKA_ID; a[0].value = certid_tmp; a[0].value_len = sizeof certid_tmp; if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) - { - id.data = a[0].value; - id.size = a[0].value_len; - } + { + id.data = a[0].value; + id.size = a[0].value_len; + } else - { - id.data = NULL; - id.size = 0; - } + { + id.data = NULL; + id.size = 0; + } a[0].type = CKA_VALUE; a[0].value = cert_data; a[0].value_len = MAX_CERT_SIZE; if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK) - { - value.data = a[0].value; - value.size = a[0].value_len; - } + { + value.data = a[0].value; + value.size = a[0].value_len; + } else - { - value.data = NULL; - value.size = 0; - } + { + value.data = NULL; + value.size = 0; + } if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL) - { - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof class; + { + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof class; - pakchois_get_attribute_value (pks, obj, a, 1); - } + pakchois_get_attribute_value (pks, obj, a, 1); + } if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY) - { - for (i = 0; i < plist.key_ids_size; i++) - { - if (plist.key_ids[i].length != - a[1].value_len - || memcmp (plist.key_ids[i].data, - a[1].value, a[1].value_len) != 0) - { - /* not found */ - continue; - } - } - } + { + for (i = 0; i < plist.key_ids_size; i++) + { + if (plist.key_ids[i].length != + a[1].value_len + || memcmp (plist.key_ids[i].data, + a[1].value, a[1].value_len) != 0) + { + /* not found */ + continue; + } + } + } if (find_data->current < *find_data->n_list) - { - ret = - gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]); - if (ret < 0) - { - gnutls_assert (); - goto fail; - } - - if (class == CKO_PUBLIC_KEY) - { - ret = - pkcs11_obj_import_pubkey (pks, obj, - find_data->p_list - [find_data->current], - &id, &label, - &info->tinfo, lib_info); - } - else - { - ret = - pkcs11_obj_import (class, - find_data->p_list - [find_data->current], - &value, &id, &label, - &info->tinfo, lib_info); - } - if (ret < 0) - { - gnutls_assert (); - goto fail; - } - } + { + ret = + gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]); + if (ret < 0) + { + gnutls_assert (); + goto fail; + } + + if (class == CKO_PUBLIC_KEY) + { + ret = + pkcs11_obj_import_pubkey (pks, obj, + find_data->p_list + [find_data->current], + &id, &label, + &info->tinfo, lib_info); + } + else + { + ret = + pkcs11_obj_import (class, + find_data->p_list + [find_data->current], + &value, &id, &label, + &info->tinfo, lib_info); + } + if (ret < 0) + { + gnutls_assert (); + goto fail; + } + } find_data->current++; @@ -2540,7 +2540,7 @@ find_objs (pakchois_session_t * pks, struct token_info *info, gnutls_free (cert_data); pakchois_find_objects_final (pks); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */ + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */ fail: gnutls_free (cert_data); @@ -2548,9 +2548,9 @@ fail: if (plist.key_ids != NULL) { for (i = 0; i < plist.key_ids_size; i++) - { - _gnutls_buffer_clear (&plist.key_ids[i]); - } + { + _gnutls_buffer_clear (&plist.key_ids[i]); + } gnutls_free (plist.key_ids); } for (i = 0; i < find_data->current; i++) @@ -2578,10 +2578,10 @@ fail: **/ int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, - unsigned int *n_list, - const char *url, - gnutls_pkcs11_obj_attr_t attrs, - unsigned int flags) + unsigned int *n_list, + const char *url, + gnutls_pkcs11_obj_attr_t attrs, + unsigned int flags) { int ret; struct crt_find_data_st find_data; @@ -2606,7 +2606,7 @@ gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, ret = _pkcs11_traverse_tokens (find_objs, &find_data, - pkcs11_obj_flags_to_int (flags)); + pkcs11_obj_flags_to_int (flags)); if (ret < 0) { gnutls_assert (); @@ -2631,7 +2631,7 @@ gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list, **/ int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, - const char *url, unsigned int flags) + const char *url, unsigned int flags) { gnutls_pkcs11_obj_t pcrt; int ret; @@ -2679,7 +2679,7 @@ cleanup: **/ int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, - gnutls_pkcs11_obj_t pkcs11_crt) + gnutls_pkcs11_obj_t pkcs11_crt) { return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER); } @@ -2699,9 +2699,9 @@ gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, - unsigned int cert_max, - gnutls_pkcs11_obj_t * const objs, - unsigned int flags) + unsigned int cert_max, + gnutls_pkcs11_obj_t * const objs, + unsigned int flags) { int i, j; int ret; @@ -2710,17 +2710,17 @@ gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, { ret = gnutls_x509_crt_init (&certs[i]); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } return 0; @@ -2736,12 +2736,12 @@ cleanup: static int find_flags (pakchois_session_t * pks, struct token_info *info, - struct ck_info *lib_info, void *input) + struct ck_info *lib_info, void *input) { struct flags_find_data_st *find_data = input; if (info == NULL) - { /* we don't support multiple calls */ + { /* we don't support multiple calls */ gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -2814,7 +2814,7 @@ gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags) **/ int gnutls_pkcs11_token_get_mechanism (const char *url, int idx, - unsigned long *mechanism) + unsigned long *mechanism) { int ret; ck_rv_t rv; @@ -2884,43 +2884,43 @@ gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type) int pkcs11_token_matches_info (struct pkcs11_url_info *info, - struct ck_token_info *tinfo, - struct ck_info *lib_info) + struct ck_token_info *tinfo, + struct ck_info *lib_info) { if (info->manufacturer[0] != 0) { if (strcmp (info->manufacturer, tinfo->manufacturer_id) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } if (info->token[0] != 0) { if (strcmp (info->token, tinfo->label) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } if (info->model[0] != 0) { if (strcmp (info->model, tinfo->model) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } if (info->serial[0] != 0) { if (strcmp (info->serial, tinfo->serial_number) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } if (info->lib_manufacturer[0] != 0) { if (strcmp (info->lib_manufacturer, lib_info->manufacturer_id) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } if (info->lib_desc[0] != 0) { if (strcmp (info->lib_desc, lib_info->library_description) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } if (info->lib_version[0] != 0) @@ -2928,10 +2928,10 @@ pkcs11_token_matches_info (struct pkcs11_url_info *info, char version[16]; snprintf (version, sizeof (version), "%u.%u", - (unsigned int) lib_info->library_version.major, - (unsigned int) lib_info->library_version.minor); + (unsigned int) lib_info->library_version.major, + (unsigned int) lib_info->library_version.minor); if (strcmp (info->lib_version, version) != 0) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } return 0; diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 4725d1ef54..7405c42125 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -18,23 +18,23 @@ struct token_info struct pkcs11_url_info { /* everything here is null terminated strings */ - opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */ - opaque type[16]; /* cert/key etc. */ + opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */ + opaque type[16]; /* cert/key etc. */ opaque lib_manufacturer[sizeof - (((struct ck_info *) NULL)->manufacturer_id) + 1]; + (((struct ck_info *) NULL)->manufacturer_id) + 1]; opaque lib_desc[sizeof - (((struct ck_info *) NULL)->library_description) + 1]; + (((struct ck_info *) NULL)->library_description) + 1]; opaque lib_version[12]; opaque manufacturer[sizeof - (((struct ck_token_info *) NULL)->manufacturer_id) + 1]; + (((struct ck_token_info *) NULL)->manufacturer_id) + 1]; opaque token[sizeof (((struct ck_token_info *) NULL)->label) + 1]; opaque serial[sizeof (((struct ck_token_info *) NULL)->serial_number) + 1]; opaque model[sizeof (((struct ck_token_info *) NULL)->model) + 1]; opaque label[PKCS11_LABEL_SIZE + 1]; - opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ + opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ size_t certid_raw_size; }; @@ -55,51 +55,51 @@ struct gnutls_pkcs11_obj_st * It should return 0 if found what it was looking for. */ typedef int (*find_func_t) (pakchois_session_t * pks, - struct token_info * tinfo, struct ck_info *, - void *input); + struct token_info * tinfo, struct ck_info *, + void *input); int pkcs11_rv_to_err (ck_rv_t rv); int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info); int pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot, - struct pkcs11_url_info *info, struct token_info *_tinfo); + struct pkcs11_url_info *info, struct token_info *_tinfo); int pkcs11_get_info (struct pkcs11_url_info *info, - gnutls_pkcs11_obj_info_t itype, void *output, - size_t * output_size); + gnutls_pkcs11_obj_info_t itype, void *output, + size_t * output_size); int pkcs11_login (pakchois_session_t * pks, - const struct token_info *info, int admin); + const struct token_info *info, int admin); extern gnutls_pkcs11_token_callback_t token_func; extern void *token_data; void pkcs11_rescan_slots (void); int pkcs11_info_to_url (const struct pkcs11_url_info *info, - gnutls_pkcs11_url_type_t detailed, char **url); + gnutls_pkcs11_url_type_t detailed, char **url); #define SESSION_WRITE (1<<0) #define SESSION_LOGIN (1<<1) -#define SESSION_SO (1<<2) /* security officer session */ +#define SESSION_SO (1<<2) /* security officer session */ int pkcs11_open_session (pakchois_session_t ** _pks, - struct pkcs11_url_info *info, unsigned int flags); + struct pkcs11_url_info *info, unsigned int flags); int _pkcs11_traverse_tokens (find_func_t find_func, void *input, - unsigned int flags); + unsigned int flags); ck_object_class_t pkcs11_strtype_to_class (const char *type); int pkcs11_token_matches_info (struct pkcs11_url_info *info, - struct ck_token_info *tinfo, - struct ck_info *lib_info); + struct ck_token_info *tinfo, + struct ck_info *lib_info); /* flags are SESSION_* */ int pkcs11_find_object (pakchois_session_t ** _pks, - ck_object_handle_t * _obj, - struct pkcs11_url_info *info, unsigned int flags); + ck_object_handle_t * _obj, + struct pkcs11_url_info *info, unsigned int flags); unsigned int pkcs11_obj_flags_to_int (unsigned int flags); int _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature); + const gnutls_datum_t * hash, + gnutls_datum_t * signature); #endif diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 208e6e7be0..eebda0a647 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -84,10 +84,10 @@ gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key) **/ int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, - unsigned int *bits) + unsigned int *bits) { if (bits) - *bits = 0; /* FIXME */ + *bits = 0; /* FIXME */ return key->pk_algorithm; } @@ -107,8 +107,8 @@ gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key, **/ int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey, - gnutls_pkcs11_obj_info_t itype, - void *output, size_t * output_size) + gnutls_pkcs11_obj_info_t itype, + void *output, size_t * output_size) { return pkcs11_get_info (&pkey->info, itype, output, output_size); } @@ -132,18 +132,18 @@ gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey, **/ int gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - ret = pk_hash_data(signer->pk_algorithm, hash, NULL, data, &digest); + ret = pk_hash_data (signer->pk_algorithm, hash, NULL, data, &digest); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } @@ -199,8 +199,8 @@ cleanup: -*/ int _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { ck_rv_t rv; int ret; @@ -278,22 +278,22 @@ cleanup: **/ int gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - digest.data = gnutls_malloc(hash_data->size); + digest.data = gnutls_malloc (hash_data->size); if (digest.data == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } digest.size = hash_data->size; - memcpy(digest.data, hash_data->data, digest.size); + memcpy (digest.data, hash_data->data, digest.size); ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest); if (ret < 0) @@ -312,7 +312,7 @@ gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer, ret = 0; cleanup: - _gnutls_free_datum(&digest); + _gnutls_free_datum (&digest); return ret; } @@ -332,7 +332,7 @@ cleanup: **/ int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey, - const char *url, unsigned int flags) + const char *url, unsigned int flags) { int ret; @@ -375,9 +375,9 @@ gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey, **/ int gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, - unsigned int flags, - const gnutls_datum_t * ciphertext, - gnutls_datum_t * plaintext) + unsigned int flags, + const gnutls_datum_t * ciphertext, + gnutls_datum_t * plaintext) { ck_rv_t rv; int ret; @@ -405,7 +405,7 @@ gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, /* Work out how long the plaintext must be: */ rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size, - NULL, &siglen); + NULL, &siglen); if (rv != CKR_OK) { gnutls_assert (); @@ -417,7 +417,7 @@ gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, plaintext->size = siglen; rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size, - plaintext->data, &siglen); + plaintext->data, &siglen); if (rv != CKR_OK) { gnutls_free (plaintext->data); @@ -449,8 +449,8 @@ cleanup: **/ int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key, - gnutls_pkcs11_url_type_t detailed, - char **url) + gnutls_pkcs11_url_type_t detailed, + char **url) { int ret; diff --git a/lib/pkcs11_secret.c b/lib/pkcs11_secret.c index eaa09c60c8..6505d4dd51 100644 --- a/lib/pkcs11_secret.c +++ b/lib/pkcs11_secret.c @@ -46,9 +46,9 @@ **/ int gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key, - const char *label, - unsigned int key_usage, unsigned int flags - /* GNUTLS_PKCS11_OBJ_FLAG_* */ ) + const char *label, + unsigned int key_usage, unsigned int flags + /* GNUTLS_PKCS11_OBJ_FLAG_* */ ) { int ret; pakchois_session_t *pks; @@ -79,7 +79,7 @@ gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key, ret = pkcs11_open_session (&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); if (ret < 0) { gnutls_assert (); diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index b3235bb64d..de319f68ca 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -43,8 +43,8 @@ **/ int gnutls_pkcs11_copy_x509_crt (const char *token_url, - gnutls_x509_crt_t crt, const char *label, - unsigned int flags) + gnutls_x509_crt_t crt, const char *label, + unsigned int flags) { int ret; pakchois_session_t *pks; @@ -69,7 +69,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, ret = pkcs11_open_session (&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); if (ret < 0) { gnutls_assert (); @@ -181,9 +181,9 @@ cleanup: **/ int gnutls_pkcs11_copy_x509_privkey (const char *token_url, - gnutls_x509_privkey_t key, - const char *label, - unsigned int key_usage, unsigned int flags) + gnutls_x509_privkey_t key, + const char *label, + unsigned int key_usage, unsigned int flags) { int ret; pakchois_session_t *pks; @@ -219,7 +219,7 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, ret = pkcs11_open_session (&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); if (ret < 0) { gnutls_assert (); @@ -269,92 +269,92 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, case GNUTLS_PK_RSA: { - ret = - gnutls_x509_privkey_export_rsa_raw2 (key, &m, - &e, &d, &p, - &q, &u, &exp1, &exp2); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - type = CKK_RSA; - - a[a_val].type = CKA_MODULUS; - a[a_val].value = m.data; - a[a_val].value_len = m.size; - a_val++; - - a[a_val].type = CKA_PUBLIC_EXPONENT; - a[a_val].value = e.data; - a[a_val].value_len = e.size; - a_val++; - - a[a_val].type = CKA_PRIVATE_EXPONENT; - a[a_val].value = d.data; - a[a_val].value_len = d.size; - a_val++; - - a[a_val].type = CKA_PRIME_1; - a[a_val].value = p.data; - a[a_val].value_len = p.size; - a_val++; - - a[a_val].type = CKA_PRIME_2; - a[a_val].value = q.data; - a[a_val].value_len = q.size; - a_val++; - - a[a_val].type = CKA_COEFFICIENT; - a[a_val].value = u.data; - a[a_val].value_len = u.size; - a_val++; - - a[a_val].type = CKA_EXPONENT_1; - a[a_val].value = exp1.data; - a[a_val].value_len = exp1.size; - a_val++; - - a[a_val].type = CKA_EXPONENT_2; - a[a_val].value = exp2.data; - a[a_val].value_len = exp2.size; - a_val++; - - break; + ret = + gnutls_x509_privkey_export_rsa_raw2 (key, &m, + &e, &d, &p, + &q, &u, &exp1, &exp2); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + type = CKK_RSA; + + a[a_val].type = CKA_MODULUS; + a[a_val].value = m.data; + a[a_val].value_len = m.size; + a_val++; + + a[a_val].type = CKA_PUBLIC_EXPONENT; + a[a_val].value = e.data; + a[a_val].value_len = e.size; + a_val++; + + a[a_val].type = CKA_PRIVATE_EXPONENT; + a[a_val].value = d.data; + a[a_val].value_len = d.size; + a_val++; + + a[a_val].type = CKA_PRIME_1; + a[a_val].value = p.data; + a[a_val].value_len = p.size; + a_val++; + + a[a_val].type = CKA_PRIME_2; + a[a_val].value = q.data; + a[a_val].value_len = q.size; + a_val++; + + a[a_val].type = CKA_COEFFICIENT; + a[a_val].value = u.data; + a[a_val].value_len = u.size; + a_val++; + + a[a_val].type = CKA_EXPONENT_1; + a[a_val].value = exp1.data; + a[a_val].value_len = exp1.size; + a_val++; + + a[a_val].type = CKA_EXPONENT_2; + a[a_val].value = exp2.data; + a[a_val].value_len = exp2.size; + a_val++; + + break; } case GNUTLS_PK_DSA: { - ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - type = CKK_DSA; - - a[a_val].type = CKA_PRIME; - a[a_val].value = p.data; - a[a_val].value_len = p.size; - a_val++; - - a[a_val].type = CKA_SUBPRIME; - a[a_val].value = q.data; - a[a_val].value_len = q.size; - a_val++; - - a[a_val].type = CKA_BASE; - a[a_val].value = g.data; - a[a_val].value_len = g.size; - a_val++; - - a[a_val].type = CKA_VALUE; - a[a_val].value = x.data; - a[a_val].value_len = x.size; - a_val++; - - break; + ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + type = CKK_DSA; + + a[a_val].type = CKA_PRIME; + a[a_val].value = p.data; + a[a_val].value_len = p.size; + a_val++; + + a[a_val].type = CKA_SUBPRIME; + a[a_val].value = q.data; + a[a_val].value_len = q.size; + a_val++; + + a[a_val].type = CKA_BASE; + a[a_val].value = g.data; + a[a_val].value_len = g.size; + a_val++; + + a[a_val].type = CKA_VALUE; + a[a_val].value = x.data; + a[a_val].value_len = x.size; + a_val++; + + break; } default: gnutls_assert (); @@ -378,24 +378,24 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, { case GNUTLS_PK_RSA: { - gnutls_free (m.data); - gnutls_free (e.data); - gnutls_free (d.data); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (u.data); - gnutls_free (exp1.data); - gnutls_free (exp2.data); - break; + gnutls_free (m.data); + gnutls_free (e.data); + gnutls_free (d.data); + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (u.data); + gnutls_free (exp1.data); + gnutls_free (exp2.data); + break; } case GNUTLS_PK_DSA: { - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - gnutls_free (x.data); - break; + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + gnutls_free (x.data); + break; } default: gnutls_assert (); @@ -415,13 +415,13 @@ cleanup: struct delete_data_st { struct pkcs11_url_info info; - unsigned int deleted; /* how many */ + unsigned int deleted; /* how many */ }; static int delete_obj_url (pakchois_session_t * pks, - struct token_info *info, - struct ck_info *lib_info, void *input) + struct token_info *info, + struct ck_info *lib_info, void *input) { struct delete_data_st *find_data = input; struct ck_attribute a[4]; @@ -434,7 +434,7 @@ delete_obj_url (pakchois_session_t * pks, if (info == NULL) - { /* we don't support multiple calls */ + { /* we don't support multiple calls */ gnutls_assert (); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -448,19 +448,19 @@ delete_obj_url (pakchois_session_t * pks, return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - class = CKO_CERTIFICATE; /* default */ + class = CKO_CERTIFICATE; /* default */ if (find_data->info.type[0] != 0) { class = pkcs11_strtype_to_class (find_data->info.type); if (class == CKO_CERTIFICATE) - type = CKC_X_509; + type = CKC_X_509; if (class == -1) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } a_vals = 0; @@ -511,14 +511,14 @@ delete_obj_url (pakchois_session_t * pks, { rv = pakchois_destroy_object (pks, obj); if (rv != CKR_OK) - { - _gnutls_debug_log - ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv)); - } + { + _gnutls_debug_log + ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv)); + } else - { - find_data->deleted++; - } + { + find_data->deleted++; + } found = 1; } @@ -567,7 +567,7 @@ gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags) ret = _pkcs11_traverse_tokens (delete_obj_url, &find_data, - SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); if (ret < 0) { gnutls_assert (); @@ -593,7 +593,7 @@ gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags) **/ int gnutls_pkcs11_token_init (const char *token_url, - const char *so_pin, const char *label) + const char *so_pin, const char *label) { int ret; struct pkcs11_url_info info; @@ -623,7 +623,7 @@ gnutls_pkcs11_token_init (const char *token_url, rv = pakchois_init_token (module, slot, (char *) so_pin, strlen (so_pin), - flabel); + flabel); if (rv != CKR_OK) { gnutls_assert (); @@ -651,8 +651,8 @@ gnutls_pkcs11_token_init (const char *token_url, **/ int gnutls_pkcs11_token_set_pin (const char *token_url, - const char *oldpin, - const char *newpin, unsigned int flags) + const char *oldpin, + const char *newpin, unsigned int flags) { int ret; pakchois_session_t *pks; @@ -684,25 +684,25 @@ gnutls_pkcs11_token_set_pin (const char *token_url, { rv = pakchois_init_pin (pks, (char *) newpin, strlen (newpin)); if (rv != CKR_OK) - { - gnutls_assert (); - _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); - ret = pkcs11_rv_to_err (rv); - goto finish; - } + { + gnutls_assert (); + _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); + ret = pkcs11_rv_to_err (rv); + goto finish; + } } else { rv = pakchois_set_pin (pks, - (char *) oldpin, strlen (oldpin), - (char *) newpin, strlen (newpin)); + (char *) oldpin, strlen (oldpin), + (char *) newpin, strlen (newpin)); if (rv != CKR_OK) - { - gnutls_assert (); - _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); - ret = pkcs11_rv_to_err (rv); - goto finish; - } + { + gnutls_assert (); + _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); + ret = pkcs11_rv_to_err (rv); + goto finish; + } } ret = 0; diff --git a/lib/random.c b/lib/random.c index d3f363949c..c6859b50ed 100644 --- a/lib/random.c +++ b/lib/random.c @@ -37,10 +37,10 @@ _gnutls_rnd_init (void) if (_gnutls_rnd_ops.init != NULL) { if (_gnutls_rnd_ops.init (&rnd_ctx) < 0) - { - gnutls_assert (); - return GNUTLS_E_RANDOM_FAILED; - } + { + gnutls_assert (); + return GNUTLS_E_RANDOM_FAILED; + } } return 0; diff --git a/lib/system.c b/lib/system.c index 0f393c311c..f3bed5f7b7 100644 --- a/lib/system.c +++ b/lib/system.c @@ -85,10 +85,10 @@ system_errno (gnutls_transport_ptr ptr) ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec, - int iovec_cnt) + int iovec_cnt) { return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec, - iovec_cnt); + iovec_cnt); } #endif @@ -152,7 +152,7 @@ gnutls_system_mutex_unlock (void **priv) int _gnutls_atfork (void (*prepare) (void), void (*parent) (void), - void (*child) (void)) + void (*child) (void)) { return 0; } @@ -218,7 +218,7 @@ gnutls_system_mutex_unlock (void **priv) int _gnutls_atfork (void (*prepare) (void), void (*parent) (void), - void (*child) (void)) + void (*child) (void)) { return pthread_atfork (prepare, parent, child); } @@ -253,7 +253,7 @@ gnutls_system_mutex_unlock (void **priv) int _gnutls_atfork (void (*prepare) (void), void (*parent) (void), - void (*child) (void)) + void (*child) (void)) { return 0; } diff --git a/lib/system.h b/lib/system.h index 773915c9df..860bca80f9 100644 --- a/lib/system.h +++ b/lib/system.h @@ -4,22 +4,22 @@ #include <gnutls_int.h> #ifndef _WIN32 -#include <sys/uio.h> /* for writev */ +#include <sys/uio.h> /* for writev */ #endif int system_errno (gnutls_transport_ptr); #ifdef _WIN32 ssize_t system_write (gnutls_transport_ptr ptr, const void *data, - size_t data_size); + size_t data_size); #else #define HAVE_WRITEV ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec, - int iovec_cnt); + int iovec_cnt); #endif ssize_t system_read (gnutls_transport_ptr ptr, void *data, size_t data_size); ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data, - size_t data_size); + size_t data_size); #ifdef _WIN32 #define HAVE_WIN32_LOCKS @@ -32,6 +32,6 @@ ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data, #endif int _gnutls_atfork (void (*prepare) (void), void (*parent) (void), - void (*child) (void)); + void (*child) (void)); #endif /* SYSTEM_H */ diff --git a/lib/x509/common.c b/lib/x509/common.c index c90b4e2d5e..5119cbedac 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -40,9 +40,9 @@ struct oid2string { const char *oid; const char *ldap_desc; - int choice; /* of type DirectoryString */ + int choice; /* of type DirectoryString */ int printable; - const char *asn_desc; /* description in the pkix file */ + const char *asn_desc; /* description in the pkix file */ }; /* This list contains all the OIDs that may be @@ -118,7 +118,7 @@ _gnutls_x509_oid_data_printable (const char *oid) do { if (strcmp (_oid2str[i].oid, oid) == 0) - return _oid2str[i].printable; + return _oid2str[i].printable; i++; } while (_oid2str[i].oid != NULL); @@ -148,7 +148,7 @@ gnutls_x509_dn_oid_known (const char *oid) do { if (strcmp (_oid2str[i].oid, oid) == 0) - return 1; + return 1; i++; } while (_oid2str[i].oid != NULL); @@ -167,7 +167,7 @@ _gnutls_x509_oid_data_choice (const char *oid) do { if (strcmp (_oid2str[i].oid, oid) == 0) - return _oid2str[i].choice; + return _oid2str[i].choice; i++; } while (_oid2str[i].oid != NULL); @@ -183,7 +183,7 @@ _gnutls_x509_oid2ldap_string (const char *oid) do { if (strcmp (_oid2str[i].oid, oid) == 0) - return _oid2str[i].ldap_desc; + return _oid2str[i].ldap_desc; i++; } while (_oid2str[i].oid != NULL); @@ -199,7 +199,7 @@ _gnutls_x509_oid2asn_string (const char *oid) do { if (strcmp (_oid2str[i].oid, oid) == 0) - return _oid2str[i].asn_desc; + return _oid2str[i].asn_desc; i++; } while (_oid2str[i].oid != NULL); @@ -216,7 +216,7 @@ _gnutls_x509_oid2asn_string (const char *oid) */ int _gnutls_x509_oid_data2string (const char *oid, void *value, - int value_size, char *res, size_t * res_size) + int value_size, char *res, size_t * res_size) { char str[MAX_STRING_LEN], tmpname[128]; const char *ANAME = NULL; @@ -247,7 +247,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, if ((result = asn1_create_element (_gnutls_get_pkix (), ANAME, - &tmpasn)) != ASN1_SUCCESS) + &tmpasn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -255,7 +255,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, if ((result = asn1_der_decoding (&tmpasn, value, value_size, - asn1_err)) != ASN1_SUCCESS) + asn1_err)) != ASN1_SUCCESS) { gnutls_assert (); _gnutls_x509_log ("asn1_der_decoding: %s:%s\n", str, asn1_err); @@ -268,7 +268,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, */ len = sizeof (str) - 1; if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS) - { /* CHOICE */ + { /* CHOICE */ gnutls_assert (); asn1_delete_structure (&tmpasn); return _gnutls_asn2err (result); @@ -280,16 +280,16 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, /* Refuse to deal with strings containing NULs. */ if (strlen (str) != len) - return GNUTLS_E_ASN1_DER_ERROR; + return GNUTLS_E_ASN1_DER_ERROR; if (res) - _gnutls_str_cpy (res, *res_size, str); + _gnutls_str_cpy (res, *res_size, str); *res_size = len; asn1_delete_structure (&tmpasn); } else - { /* CHOICE */ + { /* CHOICE */ int non_printable = 0, teletex = 0; str[len] = 0; @@ -297,61 +297,61 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, * UTF-8 (thus ASCII as well). */ if (strcmp (str, "printableString") != 0 && - strcmp (str, "ia5String") != 0 && strcmp (str, "utf8String") != 0) - { - non_printable = 1; - } + strcmp (str, "ia5String") != 0 && strcmp (str, "utf8String") != 0) + { + non_printable = 1; + } if (strcmp (str, "teletexString") == 0) - teletex = 1; + teletex = 1; _gnutls_str_cpy (tmpname, sizeof (tmpname), str); len = sizeof (str) - 1; if ((result = - asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS) - { - asn1_delete_structure (&tmpasn); - return _gnutls_asn2err (result); - } + asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS) + { + asn1_delete_structure (&tmpasn); + return _gnutls_asn2err (result); + } asn1_delete_structure (&tmpasn); if (teletex != 0) - { - int ascii = 0, i; - /* HACK: if the teletex string contains only ascii - * characters then treat it as printable. - */ - for (i = 0; i < len; i++) - if (!isascii (str[i])) - ascii = 1; - - if (ascii == 0) - non_printable = 0; - } + { + int ascii = 0, i; + /* HACK: if the teletex string contains only ascii + * characters then treat it as printable. + */ + for (i = 0; i < len; i++) + if (!isascii (str[i])) + ascii = 1; + + if (ascii == 0) + non_printable = 0; + } if (non_printable == 0) - { - str[len] = 0; + { + str[len] = 0; - /* Refuse to deal with strings containing NULs. */ - if (strlen (str) != len) - return GNUTLS_E_ASN1_DER_ERROR; + /* Refuse to deal with strings containing NULs. */ + if (strlen (str) != len) + return GNUTLS_E_ASN1_DER_ERROR; - if (res) - _gnutls_str_cpy (res, *res_size, str); - *res_size = len; - } + if (res) + _gnutls_str_cpy (res, *res_size, str); + *res_size = len; + } else - { - result = _gnutls_x509_data2hex (str, len, res, res_size); - if (result < 0) - { - gnutls_assert (); - return result; - } - } + { + result = _gnutls_x509_data2hex (str, len, res, res_size); + if (result < 0) + { + gnutls_assert (); + return result; + } + } } return 0; @@ -363,7 +363,7 @@ _gnutls_x509_oid_data2string (const char *oid, void *value, */ int _gnutls_x509_data2hex (const opaque * data, size_t data_size, - opaque * out, size_t * sizeof_out) + opaque * out, size_t * sizeof_out) { char *res; char escaped[MAX_STRING_LEN]; @@ -388,7 +388,7 @@ _gnutls_x509_data2hex (const opaque * data, size_t data_size, *sizeof_out = size; return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *sizeof_out = size; /* -1 for the null +1 for the '#' */ + *sizeof_out = size; /* -1 for the null +1 for the '#' */ if (out) { @@ -412,7 +412,7 @@ _gnutls_x509_data2hex (const opaque * data, size_t data_size, typedef struct fake_tm { int tm_mon; - int tm_year; /* FULL year - ie 1971 */ + int tm_year; /* FULL year - ie 1971 */ int tm_mday; int tm_hour; int tm_min; @@ -491,7 +491,7 @@ _gnutls_x509_time2gtime (const char *ttime, int year) * time_t. */ if (sizeof (time_t) <= 4 && etime.tm_year >= 2038) - return (time_t) 2145914603; /* 2037-12-31 23:23:23 */ + return (time_t) 2145914603; /* 2037-12-31 23:23:23 */ if (etime.tm_year < 1970) return (time_t) 0; @@ -500,25 +500,25 @@ _gnutls_x509_time2gtime (const char *ttime, int year) /* get the month */ - memcpy (xx, ttime, 2); /* month */ + memcpy (xx, ttime, 2); /* month */ etime.tm_mon = atoi (xx) - 1; ttime += 2; /* get the day */ - memcpy (xx, ttime, 2); /* day */ + memcpy (xx, ttime, 2); /* day */ etime.tm_mday = atoi (xx); ttime += 2; /* get the hour */ - memcpy (xx, ttime, 2); /* hour */ + memcpy (xx, ttime, 2); /* hour */ etime.tm_hour = atoi (xx); ttime += 2; /* get the minutes */ - memcpy (xx, ttime, 2); /* minutes */ + memcpy (xx, ttime, 2); /* minutes */ etime.tm_min = atoi (xx); ttime += 2; @@ -557,7 +557,7 @@ _gnutls_x509_utcTime2gtime (const char *ttime) xx[2] = 0; /* get the year */ - memcpy (xx, ttime, 2); /* year */ + memcpy (xx, ttime, 2); /* year */ year = atoi (xx); ttime += 2; @@ -624,7 +624,7 @@ _gnutls_x509_generalTime2gtime (const char *ttime) /* get the year */ - memcpy (xx, ttime, 4); /* year */ + memcpy (xx, ttime, 4); /* year */ year = atoi (xx); ttime += 4; @@ -661,16 +661,16 @@ _gnutls_x509_get_time (ASN1_TYPE c2, const char *when) len = sizeof (ttime) - 1; result = asn1_read_value (c2, name, ttime, &len); if (result == ASN1_SUCCESS) - c_time = _gnutls_x509_generalTime2gtime (ttime); + c_time = _gnutls_x509_generalTime2gtime (ttime); } else - { /* UTCTIME */ + { /* UTCTIME */ _gnutls_str_cat (name, sizeof (name), ".utcTime"); len = sizeof (ttime) - 1; result = asn1_read_value (c2, name, ttime, &len); if (result == ASN1_SUCCESS) - c_time = _gnutls_x509_utcTime2gtime (ttime); + c_time = _gnutls_x509_utcTime2gtime (ttime); } /* We cannot handle dates after 2031 in 32 bit machines. @@ -747,10 +747,10 @@ _gnutls_x509_san_find_type (char *str_type) */ int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name, - gnutls_x509_crt_fmt_t format, - const char *pem_header, - unsigned char *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, + const char *pem_header, + unsigned char *output_data, + size_t * output_data_size) { int result, len; @@ -758,72 +758,72 @@ _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name, { if (output_data == NULL) - *output_data_size = 0; + *output_data_size = 0; len = *output_data_size; if ((result = - asn1_der_coding (asn1_data, name, output_data, &len, - NULL)) != ASN1_SUCCESS) - { - *output_data_size = len; - if (result == ASN1_MEM_ERROR) - { - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - gnutls_assert (); - return _gnutls_asn2err (result); - } + asn1_der_coding (asn1_data, name, output_data, &len, + NULL)) != ASN1_SUCCESS) + { + *output_data_size = len; + if (result == ASN1_MEM_ERROR) + { + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + gnutls_assert (); + return _gnutls_asn2err (result); + } *output_data_size = len; } else - { /* PEM */ + { /* PEM */ opaque *out; gnutls_datum_t tmp; result = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } result = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, &out); _gnutls_free_datum (&tmp); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } if (result == 0) - { /* oooops */ - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } + { /* oooops */ + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } if ((unsigned) result > *output_data_size) - { - gnutls_assert (); - gnutls_free (out); - *output_data_size = result; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + gnutls_assert (); + gnutls_free (out); + *output_data_size = result; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } *output_data_size = result; if (output_data) - { - memcpy (output_data, out, result); + { + memcpy (output_data, out, result); - /* do not include the null character into output size. - */ - *output_data_size = result - 1; - } + /* do not include the null character into output size. + */ + *output_data_size = result - 1; + } gnutls_free (out); } @@ -833,14 +833,14 @@ _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name, int _gnutls_x509_export_int (ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt_t format, - const char *pem_header, - unsigned char *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, + const char *pem_header, + unsigned char *output_data, + size_t * output_data_size) { return _gnutls_x509_export_int_named (asn1_data, "", - format, pem_header, output_data, - output_data_size); + format, pem_header, output_data, + output_data_size); } /* Decodes an octet string. Leave string_type null for a normal @@ -849,8 +849,8 @@ _gnutls_x509_export_int (ASN1_TYPE asn1_data, */ int _gnutls_x509_decode_octet_string (const char *string_type, - const opaque * der, size_t der_size, - opaque * output, size_t * output_size) + const opaque * der, size_t der_size, + opaque * output, size_t * output_size) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, tmp_output_size; @@ -909,7 +909,7 @@ cleanup: */ int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, - gnutls_datum_t * ret, int flags) + gnutls_datum_t * ret, int flags) { int len = 0, result; size_t slen; @@ -953,10 +953,10 @@ _gnutls_x509_read_value (ASN1_TYPE c, const char *root, slen = len; result = _gnutls_x509_decode_octet_string (NULL, tmp, slen, tmp, &slen); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } len = slen; } @@ -977,7 +977,7 @@ cleanup: */ int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * res, int str) + gnutls_datum_t * res, int str) { int size, result; int asize; @@ -997,7 +997,7 @@ _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, */ if (str) - size += 16; /* for later to include the octet tags */ + size += 16; /* for later to include the octet tags */ asize = size; data = gnutls_malloc (size); @@ -1019,28 +1019,28 @@ _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, if (str) { if ((result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } result = asn1_write_value (c2, "", data, size); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } result = asn1_der_coding (c2, "", data, &asize, NULL); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } size = asize; @@ -1065,8 +1065,8 @@ cleanup: */ int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, - ASN1_TYPE dest, const char *dest_name, - int str) + ASN1_TYPE dest, const char *dest_name, + int str) { int result; gnutls_datum_t encoded; @@ -1099,7 +1099,7 @@ _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, */ int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, - const gnutls_datum_t * data, int str) + const gnutls_datum_t * data, int str) { int result; int asize; @@ -1114,34 +1114,34 @@ _gnutls_x509_write_value (ASN1_TYPE c, const char *root, */ val.data = gnutls_malloc (asize); if (val.data == NULL) - { - gnutls_assert (); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } if ((result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } result = asn1_write_value (c2, "", data->data, data->size); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } result = _gnutls_x509_der_encode (c2, "", &val, 0); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else @@ -1173,7 +1173,7 @@ cleanup: void _asnstr_append_name (char *name, size_t name_size, const char *part1, - const char *part2) + const char *part2) { if (part1[0] != 0) { @@ -1191,10 +1191,10 @@ _asnstr_append_name (char *name, size_t name_size, const char *part1, */ int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, - const char *dst_name, - gnutls_pk_algorithm_t - pk_algorithm, bigint_t * params, - int params_size) + const char *dst_name, + gnutls_pk_algorithm_t + pk_algorithm, bigint_t * params, + int params_size) { const char *pk; gnutls_datum_t der = { NULL, 0 }; @@ -1224,78 +1224,78 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, /* disable parameters, which are not used in RSA. */ _asnstr_append_name (name, sizeof (name), dst_name, - ".algorithm.parameters"); + ".algorithm.parameters"); result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } result = _gnutls_x509_write_rsa_params (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } /* Write the DER parameters. (in bits) */ _asnstr_append_name (name, sizeof (name), dst_name, - ".subjectPublicKey"); + ".subjectPublicKey"); result = asn1_write_value (dst, name, der.data, der.size * 8); _gnutls_free_datum (&der); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } } else if (pk_algorithm == GNUTLS_PK_DSA) { result = _gnutls_x509_write_dsa_params (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } /* Write the DER parameters. */ _asnstr_append_name (name, sizeof (name), dst_name, - ".algorithm.parameters"); + ".algorithm.parameters"); result = asn1_write_value (dst, name, der.data, der.size); _gnutls_free_datum (&der); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } result = _gnutls_x509_write_dsa_public_key (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } _asnstr_append_name (name, sizeof (name), dst_name, - ".subjectPublicKey"); + ".subjectPublicKey"); result = asn1_write_value (dst, name, der.data, der.size * 8); _gnutls_free_datum (&der); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } } else @@ -1309,7 +1309,7 @@ _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, */ int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, - unsigned int *bits) + unsigned int *bits) { int result; opaque *str = NULL; @@ -1334,7 +1334,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, if (algo == GNUTLS_PK_UNKNOWN) { _gnutls_x509_log - ("%s: unknown public key algorithm: %s\n", __func__, oid); + ("%s: unknown public key algorithm: %s\n", __func__, oid); } if (bits == NULL) @@ -1386,30 +1386,30 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, { case GNUTLS_PK_RSA: { - if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0) - { - gnutls_assert (); - return result; - } + if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0) + { + gnutls_assert (); + return result; + } - bits[0] = _gnutls_mpi_get_nbits (params[0]); + bits[0] = _gnutls_mpi_get_nbits (params[0]); - _gnutls_mpi_release (¶ms[0]); - _gnutls_mpi_release (¶ms[1]); + _gnutls_mpi_release (¶ms[0]); + _gnutls_mpi_release (¶ms[1]); } break; case GNUTLS_PK_DSA: { - if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0) - { - gnutls_assert (); - return result; - } + if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0) + { + gnutls_assert (); + return result; + } - bits[0] = _gnutls_mpi_get_nbits (params[3]); + bits[0] = _gnutls_mpi_get_nbits (params[3]); - _gnutls_mpi_release (¶ms[3]); + _gnutls_mpi_release (¶ms[3]); } break; } @@ -1423,7 +1423,7 @@ _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, */ int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signed_data) + gnutls_datum_t * signed_data) { gnutls_datum_t der; int start, end, result; @@ -1438,7 +1438,7 @@ _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, /* Get the signed data */ result = asn1_der_decoding_startEnd (src, der.data, der.size, - src_name, &start, &end); + src_name, &start, &end); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err (result); @@ -1467,7 +1467,7 @@ cleanup: */ int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signature) + gnutls_datum_t * signature) { int bits, result, len; diff --git a/lib/x509/common.h b/lib/x509/common.h index 62468248ca..05526fd83a 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -70,13 +70,13 @@ int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); int _gnutls_x509_decode_octet_string (const char *string_type, - const opaque * der, size_t der_size, - opaque * output, size_t * output_size); + const opaque * der, size_t der_size, + opaque * output, size_t * output_size); int _gnutls_x509_oid_data2string (const char *OID, void *value, - int value_size, char *res, - size_t * res_size); + int value_size, char *res, + size_t * res_size); int _gnutls_x509_data2hex (const opaque * data, size_t data_size, - opaque * out, size_t * sizeof_out); + opaque * out, size_t * sizeof_out); const char *_gnutls_x509_oid2asn_string (const char *oid); @@ -90,71 +90,71 @@ time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when); gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, - ASN1_TYPE dest, const char *dest_name, - int str); + ASN1_TYPE dest, const char *dest_name, + int str); int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * res, int str); + gnutls_datum_t * res, int str); int _gnutls_x509_export_int (ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt_t format, - const char *pem_header, - unsigned char *output_data, - size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + const char *pem_header, + unsigned char *output_data, + size_t * output_data_size); int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name, - gnutls_x509_crt_fmt_t format, - const char *pem_header, - unsigned char *output_data, - size_t * output_data_size); + gnutls_x509_crt_fmt_t format, + const char *pem_header, + unsigned char *output_data, + size_t * output_data_size); int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, - gnutls_datum_t * ret, int str); + gnutls_datum_t * ret, int str); int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, - const gnutls_datum_t * data, int str); + const gnutls_datum_t * data, int str); int _gnutls_x509_encode_and_write_attribute (const char *given_oid, - ASN1_TYPE asn1_struct, - const char *where, - const void *data, - int sizeof_data, int multi); + ASN1_TYPE asn1_struct, + const char *where, + const void *data, + int sizeof_data, int multi); int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, - const char *where, char *oid, - int oid_size, - gnutls_datum_t * value, int multi, - int octet); + const char *where, char *oid, + int oid_size, + gnutls_datum_t * value, int multi, + int octet); int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, - unsigned int *bits); + unsigned int *bits); int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, - const char *dst_name, - gnutls_pk_algorithm_t - pk_algorithm, bigint_t * params, - int params_size); + const char *dst_name, + gnutls_pk_algorithm_t + pk_algorithm, bigint_t * params, + int params_size); int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, - ASN1_TYPE src, const char *src_name); + ASN1_TYPE src, const char *src_name); int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signed_data); + gnutls_datum_t * signed_data); int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signature); + gnutls_datum_t * signature); gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash (bigint_t q); int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, - bigint_t * params, int *params_size); + bigint_t * params, int *params_size); int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params, - int params_size, unsigned char *output_data, - size_t * output_data_size); + int params_size, unsigned char *output_data, + size_t * output_data_size); void _asnstr_append_name (char *name, size_t name_size, const char *part1, - const char *part2); + const char *part2); int pubkey_verify_sig (const gnutls_datum_t * tbs, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, bigint_t * issuer_params, - int issuer_params_size); + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_pk_algorithm_t pk, bigint_t * issuer_params, + int issuer_params_size); #endif diff --git a/lib/x509/crl.c b/lib/x509/crl.c index c2f4a8edce..5d996eb6a2 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -56,15 +56,15 @@ gnutls_x509_crl_init (gnutls_x509_crl_t * crl) if (*crl) { int result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.CertificateList", - &(*crl)->crl); + "PKIX1.CertificateList", + &(*crl)->crl); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (*crl); - return _gnutls_asn2err (result); - } - return 0; /* success */ + { + gnutls_assert (); + gnutls_free (*crl); + return _gnutls_asn2err (result); + } + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -103,8 +103,8 @@ gnutls_x509_crl_deinit (gnutls_x509_crl_t crl) **/ int gnutls_x509_crl_import (gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -127,12 +127,12 @@ gnutls_x509_crl_import (gnutls_x509_crl_t crl, result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out); if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } _data.data = out; _data.size = result; @@ -181,7 +181,7 @@ cleanup: **/ int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, - size_t * sizeof_buf) + size_t * sizeof_buf) { if (crl == NULL) { @@ -190,8 +190,8 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, } return _gnutls_x509_parse_dn (crl->crl, - "tbsCertList.issuer.rdnSequence", - buf, sizeof_buf); + "tbsCertList.issuer.rdnSequence", + buf, sizeof_buf); } /** @@ -222,9 +222,9 @@ gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, **/ int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf) + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf) { if (crl == NULL) { @@ -233,8 +233,8 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, } return _gnutls_x509_parse_dn_oid (crl->crl, - "tbsCertList.issuer.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + "tbsCertList.issuer.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -255,7 +255,7 @@ gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, **/ int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { if (crl == NULL) { @@ -264,8 +264,8 @@ gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, } return _gnutls_x509_get_dn_oid (crl->crl, - "tbsCertList.issuer.rdnSequence", indx, - oid, sizeof_oid); + "tbsCertList.issuer.rdnSequence", indx, + oid, sizeof_oid); } @@ -297,7 +297,7 @@ gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl) result = _gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm", - &sa, 0); + &sa, 0); if (result < 0) { @@ -325,7 +325,7 @@ gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl) **/ int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, - char *sig, size_t * sizeof_sig) + char *sig, size_t * sizeof_sig) { int result; int bits; @@ -392,7 +392,7 @@ gnutls_x509_crl_get_version (gnutls_x509_crl_t crl) len = sizeof (version); if ((result = asn1_read_value (crl->crl, "tbsCertList.version", version, - &len)) != ASN1_SUCCESS) + &len)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -466,12 +466,12 @@ gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl) result = asn1_number_of_elements (crl->crl, - "tbsCertList.revokedCertificates", &count); + "tbsCertList.revokedCertificates", &count); if (result != ASN1_SUCCESS) { gnutls_assert (); - return 0; /* no certificates */ + return 0; /* no certificates */ } return count; @@ -493,8 +493,8 @@ gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl) **/ int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, - unsigned char *serial, - size_t * serial_size, time_t * t) + unsigned char *serial, + size_t * serial_size, time_t * t) { int result, _serial_size; @@ -508,9 +508,9 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, } snprintf (serial_name, sizeof (serial_name), - "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1); + "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1); snprintf (date_name, sizeof (date_name), - "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1); + "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1); _serial_size = *serial_size; result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size); @@ -520,7 +520,7 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, { gnutls_assert (); if (result == ASN1_ELEMENT_NOT_FOUND) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; return _gnutls_asn2err (result); } @@ -544,7 +544,7 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, -*/ int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, - gnutls_datum_t * dn) + gnutls_datum_t * dn) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len1; @@ -561,7 +561,7 @@ _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, */ if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertList", - &c2)) != ASN1_SUCCESS) + &c2)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -588,8 +588,8 @@ _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, result = asn1_der_decoding_startEnd (c2, crl_signed_data.data, - crl_signed_data.size, "issuer", - &start1, &end1); + crl_signed_data.size, "issuer", + &start1, &end1); if (result != ASN1_SUCCESS) { @@ -631,8 +631,8 @@ cleanup: **/ int gnutls_x509_crl_export (gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { if (crl == NULL) { @@ -641,7 +641,7 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl, } return _gnutls_x509_export_int (crl->crl, format, PEM_CRL, - output_data, output_data_size); + output_data, output_data_size); } /*- @@ -720,8 +720,8 @@ _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src) **/ int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret, - size_t * ret_size, - unsigned int *critical) + size_t * ret_size, + unsigned int *critical) { int result, len; gnutls_datum_t id; @@ -741,7 +741,7 @@ gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret, if ((result = _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &id, - critical)) < 0) + critical)) < 0) { return result; } @@ -809,7 +809,7 @@ gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret, **/ int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret, - size_t * ret_size, unsigned int *critical) + size_t * ret_size, unsigned int *critical) { int result; gnutls_datum_t id; @@ -828,7 +828,7 @@ gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret, if ((result = _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &id, - critical)) < 0) + critical)) < 0) { return result; } @@ -872,7 +872,7 @@ gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret, **/ int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid) + void *oid, size_t * sizeof_oid) { int result; @@ -919,8 +919,8 @@ gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx, **/ int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, - void *oid, size_t * sizeof_oid, - int *critical) + void *oid, size_t * sizeof_oid, + int *critical) { int result; char str_critical[10]; @@ -934,7 +934,7 @@ gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, } snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnID", - indx + 1); + indx + 1); len = *sizeof_oid; result = asn1_read_value (crl->crl, name, oid, &len); @@ -949,7 +949,7 @@ gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, } snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.critical", - indx + 1); + indx + 1); len = sizeof (str_critical); result = asn1_read_value (crl->crl, name, str_critical, &len); if (result != ASN1_SUCCESS) @@ -961,9 +961,9 @@ gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, if (critical) { if (str_critical[0] == 'T') - *critical = 1; + *critical = 1; else - *critical = 0; + *critical = 0; } return 0; @@ -995,7 +995,7 @@ gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, **/ int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx, - void *data, size_t * sizeof_data) + void *data, size_t * sizeof_data) { int result, len; char name[ASN1_MAX_NAME_SIZE]; @@ -1007,7 +1007,7 @@ gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx, } snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnValue", - indx + 1); + indx + 1); len = *sizeof_data; result = asn1_read_value (crl->crl, name, data, &len); diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index a374cf676a..8d772dcba0 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -97,8 +97,8 @@ gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version) **/ int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_privkey_t privkey; @@ -152,7 +152,7 @@ fail: **/ int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) + gnutls_x509_privkey_t issuer_key) { return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); } @@ -214,8 +214,8 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) **/ int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, - const void *serial, size_t serial_size, - time_t revocation_time) + const void *serial, size_t serial_size, + time_t revocation_time) { int ret; @@ -235,8 +235,8 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, ret = asn1_write_value (crl->crl, - "tbsCertList.revokedCertificates.?LAST.userCertificate", - serial, serial_size); + "tbsCertList.revokedCertificates.?LAST.userCertificate", + serial, serial_size); if (ret != ASN1_SUCCESS) { gnutls_assert (); @@ -245,8 +245,8 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, ret = _gnutls_x509_set_time (crl->crl, - "tbsCertList.revokedCertificates.?LAST.revocationDate", - revocation_time); + "tbsCertList.revokedCertificates.?LAST.revocationDate", + revocation_time); if (ret < 0) { gnutls_assert (); @@ -255,8 +255,8 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, ret = asn1_write_value (crl->crl, - "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", - NULL, 0); + "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", + NULL, 0); if (ret != ASN1_SUCCESS) { gnutls_assert (); @@ -279,7 +279,7 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, **/ int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, - time_t revocation_time) + time_t revocation_time) { int ret; opaque serial[128]; @@ -301,7 +301,7 @@ gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, ret = gnutls_x509_crl_set_crt_serial (crl, serial, serial_size, - revocation_time); + revocation_time); if (ret < 0) { gnutls_assert (); @@ -343,7 +343,7 @@ disable_optional_stuff (gnutls_x509_crl_t crl) **/ int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl, - const void *id, size_t id_size) + const void *id, size_t id_size) { int result; gnutls_datum_t old_id, der_data; @@ -407,7 +407,7 @@ gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl, **/ int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, - const void *nr, size_t nr_size) + const void *nr, size_t nr_size) { int result; gnutls_datum_t old_id, der_data; @@ -475,9 +475,9 @@ gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, **/ int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags) + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; @@ -492,7 +492,7 @@ gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, disable_optional_stuff (crl); result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList", - dig, issuer, issuer_key); + dig, issuer, issuer_key); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 6e13661f3a..c51ce8d1be 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -60,8 +60,8 @@ gnutls_x509_crq_init (gnutls_x509_crq_t * crq) return GNUTLS_E_MEMORY_ERROR; result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-10-CertificationRequest", - &((*crq)->crq)); + "PKIX1.pkcs-10-CertificationRequest", + &((*crq)->crq)); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -112,8 +112,8 @@ gnutls_x509_crq_deinit (gnutls_x509_crq_t crq) **/ int gnutls_x509_crq_import (gnutls_x509_crq_t crq, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -136,17 +136,17 @@ gnutls_x509_crq_import (gnutls_x509_crq_t crq, /* Try the first header */ result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &out); - if (result <= 0) /* Go for the second header */ - result = - _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out); + if (result <= 0) /* Go for the second header */ + result = + _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out); if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } _data.data = out; _data.size = result; @@ -198,8 +198,8 @@ gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf) } return _gnutls_x509_parse_dn (crq->crq, - "certificationRequestInfo.subject.rdnSequence", - buf, sizeof_buf); + "certificationRequestInfo.subject.rdnSequence", + buf, sizeof_buf); } /** @@ -229,8 +229,8 @@ gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf) **/ int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { if (crq == NULL) { @@ -260,7 +260,7 @@ gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, **/ int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { if (crq == NULL) { @@ -269,8 +269,8 @@ gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, } return _gnutls_x509_get_dn_oid (crq->crq, - "certificationRequestInfo.subject.rdnSequence", - indx, oid, sizeof_oid); + "certificationRequestInfo.subject.rdnSequence", + indx, oid, sizeof_oid); } /* Parses an Attribute list in the asn1_struct, and searches for the @@ -285,8 +285,8 @@ gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, */ static int parse_attribute (ASN1_TYPE asn1_struct, - const char *attr_name, const char *given_oid, int indx, - int raw, char *buf, size_t * sizeof_buf) + const char *attr_name, const char *given_oid, int indx, + int raw, char *buf, size_t * sizeof_buf) { int k1, result; char tmpbuffer1[ASN1_MAX_NAME_SIZE]; @@ -303,25 +303,25 @@ parse_attribute (ASN1_TYPE asn1_struct, /* create a string like "attribute.?1" */ if (attr_name[0] != 0) - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1); else - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); len = sizeof (value) - 1; result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } + { + gnutls_assert (); + break; + } if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } /* Move to the attibute type and values */ @@ -334,68 +334,68 @@ parse_attribute (ASN1_TYPE asn1_struct, result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); if (result == ASN1_ELEMENT_NOT_FOUND) - break; + break; else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } if (strcmp (oid, given_oid) == 0) - { /* Found the OID */ - - /* Read the Value - */ - snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", - tmpbuffer1, indx + 1); - - len = sizeof (value) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - if (raw == 0) - { - printable = _gnutls_x509_oid_data_printable (oid); - if (printable == 1) - { - if ((result = - _gnutls_x509_oid_data2string - (oid, value, len, buf, sizeof_buf)) < 0) - { - gnutls_assert (); - goto cleanup; - } - return 0; - } - else - { - gnutls_assert (); - return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE; - } - } - else - { /* raw!=0 */ - if (*sizeof_buf >= (size_t) len && buf != NULL) - { - *sizeof_buf = len; - memcpy (buf, value, len); - - return 0; - } - else - { - *sizeof_buf = len; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - } - } + { /* Found the OID */ + + /* Read the Value + */ + snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u", + tmpbuffer1, indx + 1); + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len); + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if (raw == 0) + { + printable = _gnutls_x509_oid_data_printable (oid); + if (printable == 1) + { + if ((result = + _gnutls_x509_oid_data2string + (oid, value, len, buf, sizeof_buf)) < 0) + { + gnutls_assert (); + goto cleanup; + } + return 0; + } + else + { + gnutls_assert (); + return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE; + } + } + else + { /* raw!=0 */ + if (*sizeof_buf >= (size_t) len && buf != NULL) + { + *sizeof_buf = len; + memcpy (buf, value, len); + + return 0; + } + else + { + *sizeof_buf = len; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + } + } } while (1); @@ -423,7 +423,7 @@ cleanup: **/ int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, - char *pass, size_t * sizeof_pass) + char *pass, size_t * sizeof_pass) { if (crq == NULL) { @@ -432,7 +432,7 @@ gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, } return parse_attribute (crq->crq, "certificationRequestInfo.attributes", - "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass); + "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass); } /* This function will attempt to set the requested attribute in @@ -442,7 +442,7 @@ gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, */ static int add_attribute (ASN1_TYPE asn, const char *root, const char *attribute_id, - const gnutls_datum_t * ext_data) + const gnutls_datum_t * ext_data) { int result; char name[ASN1_MAX_NAME_SIZE]; @@ -493,7 +493,7 @@ add_attribute (ASN1_TYPE asn, const char *root, const char *attribute_id, */ static int overwrite_attribute (ASN1_TYPE asn, const char *root, unsigned int indx, - const gnutls_datum_t * ext_data) + const gnutls_datum_t * ext_data) { char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; int result; @@ -516,7 +516,7 @@ overwrite_attribute (ASN1_TYPE asn, const char *root, unsigned int indx, static int set_attribute (ASN1_TYPE asn, const char *root, - const char *ext_id, const gnutls_datum_t * ext_data) + const char *ext_id, const gnutls_datum_t * ext_data) { int result; int k, len; @@ -539,41 +539,41 @@ set_attribute (ASN1_TYPE asn, const char *root, */ if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } + { + break; + } do - { - - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".type"); - - len = sizeof (extnID) - 1; - result = asn1_read_value (asn, name2, extnID, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - /* Handle Extension - */ - if (strcmp (extnID, ext_id) == 0) - { - /* attribute was found - */ - return overwrite_attribute (asn, root, k, ext_data); - } - - - } + { + + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".type"); + + len = sizeof (extnID) - 1; + result = asn1_read_value (asn, name2, extnID, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* Handle Extension + */ + if (strcmp (extnID, ext_id) == 0) + { + /* attribute was found + */ + return overwrite_attribute (asn, root, k, ext_data); + } + + + } while (0); } while (1); @@ -608,8 +608,8 @@ set_attribute (ASN1_TYPE asn, const char *root, **/ int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, - const char *oid, void *buf, - size_t sizeof_buf) + const char *oid, void *buf, + size_t sizeof_buf) { gnutls_datum_t data; @@ -623,7 +623,7 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, } return set_attribute (crq->crq, "certificationRequestInfo.attributes", - oid, &data); + oid, &data); } /** @@ -644,8 +644,8 @@ gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, void *buf, - size_t * sizeof_buf) + const char *oid, int indx, void *buf, + size_t * sizeof_buf) { if (crq == NULL) { @@ -654,7 +654,7 @@ gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, } return parse_attribute (crq->crq, "certificationRequestInfo.attributes", - oid, indx, 1, buf, sizeof_buf); + oid, indx, 1, buf, sizeof_buf); } /** @@ -680,8 +680,8 @@ gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, - unsigned int raw_flag, const void *data, - unsigned int sizeof_data) + unsigned int raw_flag, const void *data, + unsigned int sizeof_data) { if (sizeof_data == 0 || data == NULL || crq == NULL) { @@ -689,8 +689,8 @@ gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, } return _gnutls_x509_set_dn_oid (crq->crq, - "certificationRequestInfo.subject", oid, - raw_flag, data, sizeof_data); + "certificationRequestInfo.subject", oid, + raw_flag, data, sizeof_data); } /** @@ -755,11 +755,11 @@ gnutls_x509_crq_get_version (gnutls_x509_crq_t crq) len = sizeof (version); if ((result = asn1_read_value (crq->crq, "certificationRequestInfo.version", - version, &len)) != ASN1_SUCCESS) + version, &len)) != ASN1_SUCCESS) { if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ + return 1; /* the DEFAULT version */ gnutls_assert (); return _gnutls_asn2err (result); } @@ -820,7 +820,7 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) **/ int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq, - gnutls_datum_t * m, gnutls_datum_t * e) + gnutls_datum_t * m, gnutls_datum_t * e) { int ret; bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; @@ -888,8 +888,8 @@ cleanup: **/ int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq, - const gnutls_datum_t * m, - const gnutls_datum_t * e) + const gnutls_datum_t * m, + const gnutls_datum_t * e) { int result, ret; size_t siz = 0; @@ -952,7 +952,7 @@ error: **/ int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, - const char *pass) + const char *pass) { int result; @@ -965,7 +965,7 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, /* Add the attribute. */ result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes", - "NEW", 1); + "NEW", 1); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1011,7 +1011,7 @@ gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t dig, unsigned int flags) + gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_privkey_t privkey; @@ -1100,8 +1100,8 @@ gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) **/ int gnutls_x509_crq_export (gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { if (crq == NULL) { @@ -1110,7 +1110,7 @@ gnutls_x509_crq_export (gnutls_x509_crq_t crq, } return _gnutls_x509_export_int (crq->crq, format, PEM_CRQ, - output_data, output_data_size); + output_data, output_data_size); } /** @@ -1175,7 +1175,7 @@ gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits) **/ int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid) + void *oid, size_t * sizeof_oid) { int result; char name[ASN1_MAX_NAME_SIZE]; @@ -1188,7 +1188,7 @@ gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx, } snprintf (name, sizeof (name), - "certificationRequestInfo.attributes.?%u.type", indx + 1); + "certificationRequestInfo.attributes.?%u.type", indx + 1); len = *sizeof_oid; result = asn1_read_value (crq->crq, name, oid, &len); @@ -1231,7 +1231,7 @@ gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx, **/ int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx, - void *data, size_t * sizeof_data) + void *data, size_t * sizeof_data) { int result, len; char name[ASN1_MAX_NAME_SIZE]; @@ -1243,7 +1243,7 @@ gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx, } snprintf (name, sizeof (name), - "certificationRequestInfo.attributes.?%u.values.?1", indx + 1); + "certificationRequestInfo.attributes.?%u.values.?1", indx + 1); len = *sizeof_data; result = asn1_read_value (crq->crq, name, data, &len); @@ -1287,8 +1287,8 @@ gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx, **/ int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, - void *oid, size_t * sizeof_oid, - int *critical) + void *oid, size_t * sizeof_oid, + int *critical) { int result; char str_critical[10]; @@ -1306,20 +1306,20 @@ gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, /* read extensionRequest */ result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14", - 0, NULL, &extensions_size); + 0, NULL, &extensions_size); if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) { extensions = gnutls_malloc (extensions_size); if (extensions == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } result = gnutls_x509_crq_get_attribute_by_oid (crq, - "1.2.840.113549.1.9.14", - 0, extensions, - &extensions_size); + "1.2.840.113549.1.9.14", + 0, extensions, + &extensions_size); } if (result < 0) { @@ -1380,9 +1380,9 @@ gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, if (critical) { if (str_critical[0] == 'T') - *critical = 1; + *critical = 1; else - *critical = 0; + *critical = 0; } result = 0; @@ -1417,7 +1417,7 @@ out: **/ int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, - void *data, size_t * sizeof_data) + void *data, size_t * sizeof_data) { int result, len; char name[ASN1_MAX_NAME_SIZE]; @@ -1433,12 +1433,12 @@ gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, /* read extensionRequest */ result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14", - 0, NULL, &extensions_size); + 0, NULL, &extensions_size); if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) { gnutls_assert (); if (result == 0) - return GNUTLS_E_INTERNAL_ERROR; + return GNUTLS_E_INTERNAL_ERROR; return result; } @@ -1450,8 +1450,8 @@ gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, } result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14", - 0, extensions, - &extensions_size); + 0, extensions, + &extensions_size); if (result < 0) { gnutls_assert (); @@ -1517,8 +1517,8 @@ gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, **/ int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq, - unsigned int *key_usage, - unsigned int *critical) + unsigned int *key_usage, + unsigned int *critical) { int result; uint16_t _usage; @@ -1532,7 +1532,7 @@ gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq, } result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.15", 0, - buf, &buf_size, critical); + buf, &buf_size, critical); if (result < 0) { gnutls_assert (); @@ -1576,8 +1576,8 @@ gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, - unsigned int *critical, - int *ca, int *pathlen) + unsigned int *critical, + int *ca, int *pathlen) { int result; int tmp_ca; @@ -1591,7 +1591,7 @@ gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, } result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.19", 0, - buf, &buf_size, critical); + buf, &buf_size, critical); if (result < 0) { gnutls_assert (); @@ -1600,7 +1600,7 @@ gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, result = _gnutls_x509_ext_extract_basicConstraints (&tmp_ca, - pathlen, buf, buf_size); + pathlen, buf, buf_size); if (ca) *ca = tmp_ca; @@ -1615,9 +1615,9 @@ gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, static int get_subject_alt_name (gnutls_x509_crq_t crq, - unsigned int seq, void *ret, - size_t * ret_size, unsigned int *ret_type, - unsigned int *critical, int othername_oid) + unsigned int seq, void *ret, + size_t * ret_size, unsigned int *ret_type, + unsigned int *critical, int othername_oid) { int result; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -1639,7 +1639,7 @@ get_subject_alt_name (gnutls_x509_crq_t crq, /* Extract extension. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, - NULL, &dns_size, critical); + NULL, &dns_size, critical); if (result < 0) { gnutls_assert (); @@ -1655,8 +1655,8 @@ get_subject_alt_name (gnutls_x509_crq_t crq, } result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, - dnsname.data, &dns_size, - critical); + dnsname.data, &dns_size, + critical); if (result < 0) { gnutls_assert (); @@ -1683,7 +1683,7 @@ get_subject_alt_name (gnutls_x509_crq_t crq, } result = _gnutls_parse_general_name (c2, "", seq, ret, ret_size, - ret_type, othername_oid); + ret_type, othername_oid); asn1_delete_structure (&c2); if (result < 0) { @@ -1725,13 +1725,13 @@ get_subject_alt_name (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical) + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical) { return get_subject_alt_name (crq, seq, ret, ret_size, ret_type, critical, - 0); + 0); } /** @@ -1764,8 +1764,8 @@ gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq, - unsigned int seq, - void *ret, size_t * ret_size) + unsigned int seq, + void *ret, size_t * ret_size) { return get_subject_alt_name (crq, seq, ret, ret_size, NULL, NULL, 1); } @@ -1793,9 +1793,9 @@ gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq, - const char *oid, int indx, - void *buf, size_t * sizeof_buf, - unsigned int *critical) + const char *oid, int indx, + void *buf, size_t * sizeof_buf, + unsigned int *critical) { int result; unsigned int i; @@ -1806,22 +1806,22 @@ gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq, { oid_size = sizeof (_oid); result = - gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size, - critical); + gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size, + critical); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } if (strcmp (oid, _oid) == 0) - { /* found */ - if (indx == 0) - return gnutls_x509_crq_get_extension_data (crq, i, buf, - sizeof_buf); - else - indx--; - } + { /* found */ + if (indx == 0) + return gnutls_x509_crq_get_extension_data (crq, i, buf, + sizeof_buf); + else + indx--; + } } @@ -1858,10 +1858,10 @@ gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq, - gnutls_x509_subject_alt_name_t nt, - const void *data, - unsigned int data_size, - unsigned int flags) + gnutls_x509_subject_alt_name_t nt, + const void *data, + unsigned int data_size, + unsigned int flags) { int result = 0; gnutls_datum_t der_data = { NULL, 0 }; @@ -1880,46 +1880,46 @@ gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq, if (flags == GNUTLS_FSAN_APPEND) { result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, - NULL, &prev_data_size, - &critical); + NULL, &prev_data_size, + &critical); prev_der_data.size = prev_data_size; switch (result) - { - case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE: - /* Replacing non-existing data means the same as set data. */ - break; - - case GNUTLS_E_SUCCESS: - prev_der_data.data = gnutls_malloc (prev_der_data.size); - if (prev_der_data.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, - prev_der_data.data, - &prev_data_size, - &critical); - if (result < 0) - { - gnutls_assert (); - gnutls_free (prev_der_data.data); - return result; - } - break; - - default: - gnutls_assert (); - return result; - } + { + case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE: + /* Replacing non-existing data means the same as set data. */ + break; + + case GNUTLS_E_SUCCESS: + prev_der_data.data = gnutls_malloc (prev_der_data.size); + if (prev_der_data.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0, + prev_der_data.data, + &prev_data_size, + &critical); + if (result < 0) + { + gnutls_assert (); + gnutls_free (prev_der_data.data); + return result; + } + break; + + default: + gnutls_assert (); + return result; + } } /* generate the extension. */ result = _gnutls_x509_ext_gen_subject_alt_name (nt, data, data_size, - &prev_der_data, &der_data); + &prev_der_data, &der_data); gnutls_free (prev_der_data.data); if (result < 0) { @@ -1928,7 +1928,7 @@ gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq, } result = _gnutls_x509_crq_set_extension (crq, "2.5.29.17", &der_data, - critical); + critical); _gnutls_free_datum (&der_data); @@ -1961,7 +1961,7 @@ finish: **/ int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq, - unsigned int ca, int pathLenConstraint) + unsigned int ca, int pathLenConstraint) { int result; gnutls_datum_t der_data; @@ -1975,7 +1975,7 @@ gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq, /* generate the extension. */ result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint, - &der_data); + &der_data); if (result < 0) { gnutls_assert (); @@ -2062,8 +2062,8 @@ gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage) **/ int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, - int indx, void *oid, size_t * sizeof_oid, - unsigned int *critical) + int indx, void *oid, size_t * sizeof_oid, + unsigned int *critical) { char tmpstr[ASN1_MAX_NAME_SIZE]; int result, len; @@ -2079,7 +2079,7 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, /* Extract extension. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - NULL, &prev_size, critical); + NULL, &prev_size, critical); prev.size = prev_size; if (result < 0) @@ -2096,8 +2096,8 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, } result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - prev.data, &prev_size, - critical); + prev.data, &prev_size, + critical); if (result < 0) { gnutls_assert (); @@ -2142,7 +2142,7 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, if (result != ASN1_SUCCESS) { if (result != ASN1_MEM_ERROR) - gnutls_assert (); + gnutls_assert (); return _gnutls_asn2err (result); } @@ -2168,7 +2168,7 @@ gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, - const void *oid, unsigned int critical) + const void *oid, unsigned int critical) { int result; gnutls_datum_t prev = { NULL, 0 }, der_data; @@ -2178,7 +2178,7 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, /* Read existing extension, if there is one. */ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - NULL, &prev_size, &critical); + NULL, &prev_size, &critical); prev.size = prev_size; switch (result) @@ -2190,20 +2190,20 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, case GNUTLS_E_SUCCESS: prev.data = gnutls_malloc (prev.size); if (prev.data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0, - prev.data, &prev_size, - &critical); + prev.data, &prev_size, + &critical); if (result < 0) - { - gnutls_assert (); - gnutls_free (prev.data); - return result; - } + { + gnutls_assert (); + gnutls_free (prev.data); + return result; + } break; default: @@ -2212,7 +2212,7 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, } result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.ExtKeyUsageSyntax", &c2); + "PKIX1.ExtKeyUsageSyntax", &c2); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -2227,11 +2227,11 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, result = asn1_der_decoding (&c2, prev.data, prev.size, NULL); gnutls_free (prev.data); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); + } } /* generate the extension. @@ -2266,7 +2266,7 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, } result = _gnutls_x509_crq_set_extension (crq, "2.5.29.37", - &der_data, critical); + &der_data, critical); _gnutls_free_datum (&der_data); if (result < 0) { @@ -2294,8 +2294,8 @@ gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, **/ int gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_size; @@ -2317,8 +2317,8 @@ gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, ret = _gnutls_pk_get_hash_algorithm (gnutls_x509_crq_get_pk_algorithm - (crq, NULL), params, params_size, hash, - mand); + (crq, NULL), params, params_size, hash, + mand); /* release allocated mpis */ for (i = 0; i < params_size; i++) @@ -2332,7 +2332,7 @@ gnutls_x509_crq_get_preferred_hash_algorithm (gnutls_x509_crq_t crq, static int rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk, - unsigned char *output_data, size_t * output_data_size) + unsigned char *output_data, size_t * output_data_size) { bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_size = MAX_PUBLIC_PARAMS_SIZE; @@ -2351,19 +2351,19 @@ rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk, { result = _gnutls_x509_write_rsa_params (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else if (pk == GNUTLS_PK_DSA) { result = _gnutls_x509_write_dsa_public_key (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else return GNUTLS_E_INTERNAL_ERROR; @@ -2419,8 +2419,8 @@ cleanup: **/ int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) + unsigned char *output_data, + size_t * output_data_size) { int pk, result = 0; gnutls_datum_t pubkey; @@ -2457,7 +2457,7 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, pubkey.size = 0; result = asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL, - &pubkey.size, NULL); + &pubkey.size, NULL); if (result != ASN1_MEM_ERROR) { gnutls_assert (); @@ -2473,7 +2473,7 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, result = asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", - pubkey.data, &pubkey.size, NULL); + pubkey.data, &pubkey.size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -2482,7 +2482,7 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, } result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey, - output_data, output_data_size); + output_data, output_data_size); gnutls_free (pubkey.data); @@ -2512,8 +2512,8 @@ gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, **/ int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, - gnutls_digest_algorithm_t dig, - unsigned int flags) + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; gnutls_datum_t signature; @@ -2530,10 +2530,10 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, { result = gnutls_x509_crq_set_version (crq, 1); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } /* Step 1. Self sign the request. @@ -2559,7 +2559,7 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, */ result = asn1_write_value (crq->crq, "signature", signature.data, - signature.size * 8); + signature.size * 8); _gnutls_free_datum (&signature); @@ -2572,8 +2572,8 @@ gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key, /* Step 3. Write the signatureAlgorithm field. */ result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm", - gnutls_privkey_get_pk_algorithm - (key, NULL), dig); + gnutls_privkey_get_pk_algorithm + (key, NULL), dig); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 81b8890375..9757258fa6 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -67,9 +67,9 @@ str_escape (char *str, char *buffer, unsigned int buffer_size) for (i = j = 0; i < str_length; i++) { if (str[i] == ',' || str[i] == '+' || str[i] == '"' - || str[i] == '\\' || str[i] == '<' || str[i] == '>' - || str[i] == ';') - buffer[j++] = '\\'; + || str[i] == '\\' || str[i] == '<' || str[i] == '>' + || str[i] == ';') + buffer[j++] = '\\'; buffer[j++] = str[i]; } @@ -88,8 +88,8 @@ str_escape (char *str, char *buffer, unsigned int buffer_size) */ int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf) + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf) { gnutls_buffer_st out_str; int k2, k1, result; @@ -125,176 +125,176 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ if (asn1_rdn_name[0] != 0) - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name, - k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name, + k1); else - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); len = sizeof (value) - 1; result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } + { + break; + } if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } k2 = 0; do - { /* Move to the attibute type and values - */ - k2++; - - if (tmpbuffer1[0] != 0) - snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1, - k2); - else - snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof (value) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - /* Read the OID - */ - _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); - _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); - - len = sizeof (oid) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - /* Read the Value - */ - _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); - _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); - - len = 0; - result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len); - - value2 = gnutls_malloc (len); - if (value2 == NULL) - { - gnutls_assert (); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { /* Move to the attibute type and values + */ + k2++; + + if (tmpbuffer1[0] != 0) + snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1, + k2); + else + snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2); + + /* Try to read the RelativeDistinguishedName attributes. + */ + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); + + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Read the Value + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); + + len = 0; + result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len); + + value2 = gnutls_malloc (len); + if (value2 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len); + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } #define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \ gnutls_assert(); \ goto cleanup; \ } - /* The encodings of adjoining RelativeDistinguishedNames are separated - * by a comma character (',' ASCII 44). - */ - - /* Where there is a multi-valued RDN, the outputs from adjoining - * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) - * character. - */ - if (k1 != 1) - { /* the first time do not append a comma */ - if (k2 != 1) - { /* adjoining multi-value RDN */ - STR_APPEND ("+"); - } - else - { - STR_APPEND (","); - } - } - - ldap_desc = oid2ldap_string (oid); - printable = _gnutls_x509_oid_data_printable (oid); - - /* leading #, hex encoded value and terminating NULL */ - sizeof_escaped = 2 * len + 2; - - escaped = gnutls_malloc (sizeof_escaped); - if (escaped == NULL) - { - gnutls_assert (); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - sizeof_string = 2 * len + 2; /* in case it is not printable */ - - string = gnutls_malloc (sizeof_string); - if (string == NULL) - { - gnutls_assert (); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - STR_APPEND (ldap_desc); - STR_APPEND ("="); - result = 0; - - if (printable) - result = - _gnutls_x509_oid_data2string (oid, - value2, len, - string, &sizeof_string); - - if (!printable || result < 0) - result = - _gnutls_x509_data2hex (value2, len, string, &sizeof_string); - - if (result < 0) - { - gnutls_assert (); - _gnutls_x509_log - ("Found OID: '%s' with value '%s'\n", - oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped, - NULL)); - goto cleanup; - } - STR_APPEND (str_escape (string, escaped, sizeof_escaped)); - gnutls_free (string); - string = NULL; - - gnutls_free (escaped); - escaped = NULL; - gnutls_free (value2); - value2 = NULL; - - } + /* The encodings of adjoining RelativeDistinguishedNames are separated + * by a comma character (',' ASCII 44). + */ + + /* Where there is a multi-valued RDN, the outputs from adjoining + * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) + * character. + */ + if (k1 != 1) + { /* the first time do not append a comma */ + if (k2 != 1) + { /* adjoining multi-value RDN */ + STR_APPEND ("+"); + } + else + { + STR_APPEND (","); + } + } + + ldap_desc = oid2ldap_string (oid); + printable = _gnutls_x509_oid_data_printable (oid); + + /* leading #, hex encoded value and terminating NULL */ + sizeof_escaped = 2 * len + 2; + + escaped = gnutls_malloc (sizeof_escaped); + if (escaped == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + sizeof_string = 2 * len + 2; /* in case it is not printable */ + + string = gnutls_malloc (sizeof_string); + if (string == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + STR_APPEND (ldap_desc); + STR_APPEND ("="); + result = 0; + + if (printable) + result = + _gnutls_x509_oid_data2string (oid, + value2, len, + string, &sizeof_string); + + if (!printable || result < 0) + result = + _gnutls_x509_data2hex (value2, len, string, &sizeof_string); + + if (result < 0) + { + gnutls_assert (); + _gnutls_x509_log + ("Found OID: '%s' with value '%s'\n", + oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped, + NULL)); + goto cleanup; + } + STR_APPEND (str_escape (string, escaped, sizeof_escaped)); + gnutls_free (string); + string = NULL; + + gnutls_free (escaped); + escaped = NULL; + gnutls_free (value2); + value2 = NULL; + + } while (1); } @@ -340,10 +340,10 @@ cleanup: */ int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - const char *given_oid, int indx, - unsigned int raw_flag, - void *buf, size_t * sizeof_buf) + const char *asn1_rdn_name, + const char *given_oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { int k2, k1, result; char tmpbuffer1[ASN1_MAX_NAME_SIZE]; @@ -368,130 +368,130 @@ _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ if (asn1_rdn_name[0] != 0) - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name, - k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name, + k1); else - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); len = sizeof (value) - 1; result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } + { + gnutls_assert (); + break; + } if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } k2 = 0; do - { /* Move to the attibute type and values - */ - k2++; - - if (tmpbuffer1[0] != 0) - snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1, - k2); - else - snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof (value) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } - if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - /* Read the OID - */ - _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); - _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); - - len = sizeof (oid) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - if (strcmp (oid, given_oid) == 0 && indx == i++) - { /* Found the OID */ - - /* Read the Value - */ - _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); - _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); - - len = *sizeof_buf; - result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - if (result == ASN1_MEM_ERROR) - *sizeof_buf = len; - result = _gnutls_asn2err (result); - goto cleanup; - } - - if (raw_flag != 0) - { - if ((unsigned) len > *sizeof_buf) - { - *sizeof_buf = len; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; - } - *sizeof_buf = len; - - return 0; - - } - else - { /* parse data. raw_flag == 0 */ - printable = _gnutls_x509_oid_data_printable (oid); - - if (printable == 1) - result = - _gnutls_x509_oid_data2string (oid, buf, len, - cbuf, sizeof_buf); - else - result = - _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf); - - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - return 0; - - } /* raw_flag == 0 */ - } - } + { /* Move to the attibute type and values + */ + k2++; + + if (tmpbuffer1[0] != 0) + snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1, + k2); + else + snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2); + + /* Try to read the RelativeDistinguishedName attributes. + */ + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; + } + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); + + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if (strcmp (oid, given_oid) == 0 && indx == i++) + { /* Found the OID */ + + /* Read the Value + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); + + len = *sizeof_buf; + result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len); + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + if (result == ASN1_MEM_ERROR) + *sizeof_buf = len; + result = _gnutls_asn2err (result); + goto cleanup; + } + + if (raw_flag != 0) + { + if ((unsigned) len > *sizeof_buf) + { + *sizeof_buf = len; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; + } + *sizeof_buf = len; + + return 0; + + } + else + { /* parse data. raw_flag == 0 */ + printable = _gnutls_x509_oid_data_printable (oid); + + if (printable == 1) + result = + _gnutls_x509_oid_data2string (oid, buf, len, + cbuf, sizeof_buf); + else + result = + _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf); + + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + + return 0; + + } /* raw_flag == 0 */ + } + } while (1); } @@ -517,8 +517,8 @@ cleanup: */ int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t * sizeof_oid) + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid) { int k2, k1, result; char tmpbuffer1[ASN1_MAX_NAME_SIZE]; @@ -537,92 +537,92 @@ _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ if (asn1_rdn_name[0] != 0) - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name, - k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name, + k1); else - snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); + snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1); len = sizeof (value) - 1; result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } + { + gnutls_assert (); + break; + } if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } k2 = 0; do - { /* Move to the attibute type and values - */ - k2++; - - if (tmpbuffer1[0] != 0) - snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1, - k2); - else - snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof (value) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } - if (result != ASN1_VALUE_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - /* Read the OID - */ - _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); - _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); - - len = sizeof (oid) - 1; - result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - if (indx == i++) - { /* Found the OID */ - - len = strlen (oid) + 1; - - if (*sizeof_oid < (unsigned) len) - { - *sizeof_oid = len; - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - memcpy (_oid, oid, len); - *sizeof_oid = len - 1; - - return 0; - } - } + { /* Move to the attibute type and values + */ + k2++; + + if (tmpbuffer1[0] != 0) + snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1, + k2); + else + snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2); + + /* Try to read the RelativeDistinguishedName attributes. + */ + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; + } + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); + + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if (indx == i++) + { /* Found the OID */ + + len = strlen (oid) + 1; + + if (*sizeof_oid < (unsigned) len) + { + *sizeof_oid = len; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + memcpy (_oid, oid, len); + *sizeof_oid = len - 1; + + return 0; + } + } while (1); } @@ -642,10 +642,10 @@ cleanup: */ int _gnutls_x509_encode_and_write_attribute (const char *given_oid, - ASN1_TYPE asn1_struct, - const char *where, - const void *_data, - int sizeof_data, int multi) + ASN1_TYPE asn1_struct, + const char *where, + const void *_data, + int sizeof_data, int multi) { const char *val_name; const opaque *data = _data; @@ -684,24 +684,24 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, * the UTF8 string type if not. */ for (i = 0; i < sizeof_data; i++) - { - if (!isascii (data[i])) - { - string_type = "utf8String"; - break; - } - } + { + if (!isascii (data[i])) + { + string_type = "utf8String"; + break; + } + } /* if the type is a CHOICE then write the * type we'll use. */ result = asn1_write_value (c2, "", string_type, 1); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } _gnutls_str_cpy (tmp, sizeof (tmp), string_type); } @@ -722,16 +722,16 @@ _gnutls_x509_encode_and_write_attribute (const char *given_oid, _gnutls_str_cat (tmp, sizeof (tmp), ".value"); if (multi != 0) - { /* if not writing an AttributeTypeAndValue, but an Attribute */ - _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */ + { /* if not writing an AttributeTypeAndValue, but an Attribute */ + _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */ result = asn1_write_value (asn1_struct, tmp, "NEW", 1); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST"); @@ -771,8 +771,8 @@ error: */ static int _gnutls_x509_write_attribute (const char *given_oid, - ASN1_TYPE asn1_struct, const char *where, - const void *_data, int sizeof_data) + ASN1_TYPE asn1_struct, const char *where, + const void *_data, int sizeof_data) { char tmp[128]; int result; @@ -816,9 +816,9 @@ _gnutls_x509_write_attribute (const char *given_oid, */ int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, - const char *where, char *oid, - int oid_size, gnutls_datum_t * value, - int multi, int octet_string) + const char *where, char *oid, + int oid_size, gnutls_datum_t * value, + int multi, int octet_string) { char tmpbuffer[128]; int len, result; @@ -845,7 +845,7 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); if (multi) - _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ + _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ result = _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); @@ -868,8 +868,8 @@ _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, */ int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_name, const char *given_oid, - int raw_flag, const char *name, int sizeof_name) + const char *asn1_name, const char *given_oid, + int raw_flag, const char *name, int sizeof_name) { int result; char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE]; @@ -922,15 +922,15 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, if (!raw_flag) { result = - _gnutls_x509_encode_and_write_attribute (given_oid, - asn1_struct, - tmp, name, sizeof_name, 0); + _gnutls_x509_encode_and_write_attribute (given_oid, + asn1_struct, + tmp, name, sizeof_name, 0); } else { result = - _gnutls_x509_write_attribute (given_oid, asn1_struct, - tmp, name, sizeof_name); + _gnutls_x509_write_attribute (given_oid, asn1_struct, + tmp, name, sizeof_name); } if (result < 0) @@ -964,7 +964,7 @@ gnutls_x509_dn_init (gnutls_x509_dn_t * dn) if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS) + "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -997,7 +997,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; result = asn1_der_decoding ((ASN1_TYPE *) & dn, - data->data, data->size, err); + data->data, data->size, err); if (result != ASN1_SUCCESS) { /* couldn't decode DER */ @@ -1041,7 +1041,7 @@ gnutls_x509_dn_deinit (gnutls_x509_dn_t dn) **/ int gnutls_x509_rdn_get (const gnutls_datum_t * idn, - char *buf, size_t * sizeof_buf) + char *buf, size_t * sizeof_buf) { int result; ASN1_TYPE dn = ASN1_TYPE_EMPTY; @@ -1058,7 +1058,7 @@ gnutls_x509_rdn_get (const gnutls_datum_t * idn, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1101,8 +1101,8 @@ gnutls_x509_rdn_get (const gnutls_datum_t * idn, **/ int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { int result; ASN1_TYPE dn = ASN1_TYPE_EMPTY; @@ -1114,7 +1114,7 @@ gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1131,7 +1131,7 @@ gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid, result = _gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx, - raw_flag, buf, sizeof_buf); + raw_flag, buf, sizeof_buf); asn1_delete_structure (&dn); return result; @@ -1157,7 +1157,7 @@ gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid, **/ int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, - int indx, void *buf, size_t * sizeof_buf) + int indx, void *buf, size_t * sizeof_buf) { int result; ASN1_TYPE dn = ASN1_TYPE_EMPTY; @@ -1169,7 +1169,7 @@ gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1201,7 +1201,7 @@ gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, */ int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2) + const gnutls_datum_t * dn2) { if (dn1->size != dn2->size) @@ -1214,7 +1214,7 @@ _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, gnutls_assert (); return 0; } - return 1; /* they match */ + return 1; /* they match */ } /** @@ -1239,8 +1239,8 @@ _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, **/ int gnutls_x509_dn_export (gnutls_x509_dn_t dn, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { ASN1_TYPE asn1 = dn; @@ -1251,6 +1251,6 @@ gnutls_x509_dn_export (gnutls_x509_dn_t dn, } return _gnutls_x509_export_int_named (asn1, "rdnSequence", - format, "NAME", - output_data, output_data_size); + format, "NAME", + output_data, output_data_size); } diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 1633023065..19b0e1a76a 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -36,8 +36,8 @@ static int get_extension (ASN1_TYPE asn, const char *root, - const char *extension_id, int indx, - gnutls_datum_t * ret, unsigned int *_critical) + const char *extension_id, int indx, + gnutls_datum_t * ret, unsigned int *_critical) { int k, result, len; char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; @@ -65,84 +65,84 @@ get_extension (ASN1_TYPE asn, const char *root, */ if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } + { + break; + } do - { - - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - - len = sizeof (extnID) - 1; - result = asn1_read_value (asn, name2, extnID, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - /* Handle Extension - */ - if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) - { - /* extension was found - */ - - /* read the critical status. - */ - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".critical"); - - len = sizeof (str_critical); - result = asn1_read_value (asn, name2, str_critical, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - if (str_critical[0] == 'T') - critical = 1; - else - critical = 0; - - /* read the value. - */ - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".extnValue"); - - result = _gnutls_x509_read_value (asn, name2, &value, 0); - if (result < 0) - { - gnutls_assert (); - return result; - } - - ret->data = value.data; - ret->size = value.size; - - if (_critical) - *_critical = critical; - - return 0; - } - - - } + { + + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); + + len = sizeof (extnID) - 1; + result = asn1_read_value (asn, name2, extnID, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* Handle Extension + */ + if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) + { + /* extension was found + */ + + /* read the critical status. + */ + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".critical"); + + len = sizeof (str_critical); + result = asn1_read_value (asn, name2, str_critical, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + if (str_critical[0] == 'T') + critical = 1; + else + critical = 0; + + /* read the value. + */ + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnValue"); + + result = _gnutls_x509_read_value (asn, name2, &value, 0); + if (result < 0) + { + gnutls_assert (); + return result; + } + + ret->data = value.data; + ret->size = value.size; + + if (_critical) + *_critical = critical; + + return 0; + } + + + } while (0); } while (1); @@ -169,20 +169,20 @@ get_extension (ASN1_TYPE asn, const char *root, */ int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * ret, unsigned int *_critical) + const char *extension_id, int indx, + gnutls_datum_t * ret, unsigned int *_critical) { return get_extension (cert->cert, "tbsCertificate.extensions", extension_id, - indx, ret, _critical); + indx, ret, _critical); } int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl, - const char *extension_id, int indx, - gnutls_datum_t * ret, unsigned int *_critical) + const char *extension_id, int indx, + gnutls_datum_t * ret, unsigned int *_critical) { return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id, - indx, ret, _critical); + indx, ret, _critical); } @@ -194,7 +194,7 @@ _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl, */ static int get_extension_oid (ASN1_TYPE asn, const char *root, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { int k, result, len; char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; @@ -216,51 +216,51 @@ get_extension_oid (ASN1_TYPE asn, const char *root, */ if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } + { + break; + } do - { - - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - - len = sizeof (extnID) - 1; - result = asn1_read_value (asn, name2, extnID, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - /* Handle Extension - */ - if (indx == indx_counter++) - { - len = strlen (extnID) + 1; - - if (*sizeof_oid < (unsigned) len) - { - *sizeof_oid = len; - gnutls_assert (); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - memcpy (oid, extnID, len); - *sizeof_oid = len - 1; - - return 0; - } - - - } + { + + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); + + len = sizeof (extnID) - 1; + result = asn1_read_value (asn, name2, extnID, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* Handle Extension + */ + if (indx == indx_counter++) + { + len = strlen (extnID) + 1; + + if (*sizeof_oid < (unsigned) len) + { + *sizeof_oid = len; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + memcpy (oid, extnID, len); + *sizeof_oid = len - 1; + + return 0; + } + + + } while (0); } while (1); @@ -284,18 +284,18 @@ get_extension_oid (ASN1_TYPE asn, const char *root, */ int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx, - oid, sizeof_oid); + oid, sizeof_oid); } int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid, - sizeof_oid); + sizeof_oid); } /* This function will attempt to set the requested extension in @@ -305,7 +305,7 @@ _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, */ static int add_extension (ASN1_TYPE asn, const char *root, const char *extension_id, - const gnutls_datum_t * ext_data, unsigned int critical) + const gnutls_datum_t * ext_data, unsigned int critical) { int result; const char *str; @@ -371,7 +371,7 @@ add_extension (ASN1_TYPE asn, const char *root, const char *extension_id, */ static int overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx, - const gnutls_datum_t * ext_data, unsigned int critical) + const gnutls_datum_t * ext_data, unsigned int critical) { char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE]; const char *str; @@ -412,8 +412,8 @@ overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx, static int set_extension (ASN1_TYPE asn, const char *root, - const char *ext_id, - const gnutls_datum_t * ext_data, unsigned int critical) + const char *ext_id, + const gnutls_datum_t * ext_data, unsigned int critical) { int result; int k, len; @@ -428,9 +428,9 @@ set_extension (ASN1_TYPE asn, const char *root, k++; if (root[0] != 0) - snprintf (name, sizeof (name), "%s.?%u", root, k); + snprintf (name, sizeof (name), "%s.?%u", root, k); else - snprintf (name, sizeof (name), "?%u", k); + snprintf (name, sizeof (name), "?%u", k); len = sizeof (extnID) - 1; result = asn1_read_value (asn, name, extnID, &len); @@ -439,41 +439,41 @@ set_extension (ASN1_TYPE asn, const char *root, */ if (result == ASN1_ELEMENT_NOT_FOUND) - { - break; - } + { + break; + } do - { - - _gnutls_str_cpy (name2, sizeof (name2), name); - _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - - len = sizeof (extnID) - 1; - result = asn1_read_value (asn, name2, extnID, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - break; - } - else if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - /* Handle Extension - */ - if (strcmp (extnID, ext_id) == 0) - { - /* extension was found - */ - return overwrite_extension (asn, root, k, ext_data, critical); - } - - - } + { + + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); + + len = sizeof (extnID) - 1; + result = asn1_read_value (asn, name2, extnID, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* Handle Extension + */ + if (strcmp (extnID, ext_id) == 0) + { + /* extension was found + */ + return overwrite_extension (asn, root, k, ext_data, critical); + } + + + } while (0); } while (1); @@ -499,30 +499,30 @@ set_extension (ASN1_TYPE asn, const char *root, */ int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) + const char *ext_id, + const gnutls_datum_t * ext_data, + unsigned int critical) { return set_extension (cert->cert, "tbsCertificate.extensions", ext_id, - ext_data, critical); + ext_data, critical); } int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) + const char *ext_id, + const gnutls_datum_t * ext_data, + unsigned int critical) { return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id, - ext_data, critical); + ext_data, critical); } #ifdef ENABLE_PKI int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) + const char *ext_id, + const gnutls_datum_t * ext_data, + unsigned int critical) { unsigned char *extensions = NULL; size_t extensions_size = 0; @@ -531,33 +531,33 @@ _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq, int result; result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14", - 0, NULL, &extensions_size); + 0, NULL, &extensions_size); if (result == GNUTLS_E_SHORT_MEMORY_BUFFER) { extensions = gnutls_malloc (extensions_size); if (extensions == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } result = gnutls_x509_crq_get_attribute_by_oid (crq, - "1.2.840.113549.1.9.14", - 0, extensions, - &extensions_size); + "1.2.840.113549.1.9.14", + 0, extensions, + &extensions_size); } if (result < 0) { if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - extensions_size = 0; - } + { + extensions_size = 0; + } else - { - gnutls_assert (); - gnutls_free (extensions); - return result; - } + { + gnutls_assert (); + gnutls_free (extensions); + return result; + } } result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2); @@ -573,11 +573,11 @@ _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq, result = asn1_der_decoding (&c2, extensions, extensions_size, NULL); gnutls_free (extensions); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); + } } result = set_extension (c2, "", ext_id, ext_data, critical); @@ -599,7 +599,7 @@ _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq, } result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14", - der.data, der.size); + der.data, der.size); gnutls_free (der.data); if (result < 0) { @@ -618,7 +618,7 @@ _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq, */ int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, - opaque * extnValue, int extnValueLen) + opaque * extnValue, int extnValueLen) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int len, result; @@ -663,9 +663,9 @@ _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, */ int _gnutls_x509_ext_extract_basicConstraints (int *CA, - int *pathLenConstraint, - opaque * extnValue, - int extnValueLen) + int *pathLenConstraint, + opaque * extnValue, + int extnValueLen) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; char str[128]; @@ -689,15 +689,15 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA, if (pathLenConstraint) { result = _gnutls_x509_read_uint (ext, "pathLenConstraint", - pathLenConstraint); + pathLenConstraint); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) - *pathLenConstraint = -1; + *pathLenConstraint = -1; else if (result != GNUTLS_E_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&ext); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); + } } /* the default value of cA is false. @@ -721,8 +721,8 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA, */ int _gnutls_x509_ext_gen_basicConstraints (int CA, - int pathLenConstraint, - gnutls_datum_t * der_ext) + int pathLenConstraint, + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; const char *str; @@ -753,11 +753,11 @@ _gnutls_x509_ext_gen_basicConstraints (int CA, { result = asn1_write_value (ext, "pathLenConstraint", NULL, 0); if (result < 0) - result = _gnutls_asn2err (result); + result = _gnutls_asn2err (result); } else result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint", - pathLenConstraint); + pathLenConstraint); if (result < 0) { gnutls_assert (); @@ -782,8 +782,8 @@ _gnutls_x509_ext_gen_basicConstraints (int CA, */ int _gnutls_x509_ext_extract_number (opaque * number, - size_t * _nr_size, - opaque * extnValue, int extnValueLen) + size_t * _nr_size, + opaque * extnValue, int extnValueLen) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; @@ -794,7 +794,7 @@ _gnutls_x509_ext_extract_number (opaque * number, */ if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber", - &ext)) != ASN1_SUCCESS) + &ext)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -827,14 +827,14 @@ _gnutls_x509_ext_extract_number (opaque * number, */ int _gnutls_x509_ext_gen_number (const opaque * number, size_t nr_size, - gnutls_datum_t * der_ext) + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber", - &ext); + &ext); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -905,8 +905,8 @@ _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext) static int write_new_general_name (ASN1_TYPE ext, const char *ext_name, - gnutls_x509_subject_alt_name_t type, - const void *data, unsigned int data_size) + gnutls_x509_subject_alt_name_t type, + const void *data, unsigned int data_size) { const char *str; int result; @@ -939,7 +939,7 @@ write_new_general_name (ASN1_TYPE ext, const char *ext_name, } if (ext_name[0] == 0) - { /* no dot */ + { /* no dot */ _gnutls_str_cpy (name, sizeof (name), "?LAST"); } else @@ -974,10 +974,10 @@ write_new_general_name (ASN1_TYPE ext, const char *ext_name, */ int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - gnutls_datum_t * prev_der_ext, - gnutls_datum_t * der_ext) + type, const void *data, + unsigned int data_size, + gnutls_datum_t * prev_der_ext, + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; @@ -994,15 +994,15 @@ _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t && prev_der_ext->size != 0) { result = - asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size, - NULL); + asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size, + NULL); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&ext); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); + } } result = write_new_general_name (ext, "", type, data, data_size); @@ -1030,14 +1030,14 @@ _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t */ int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, - gnutls_datum_t * der_ext) + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.SubjectKeyIdentifier", &ext); + "PKIX1.SubjectKeyIdentifier", &ext); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1069,14 +1069,14 @@ _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, */ int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, - gnutls_datum_t * der_ext) + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.AuthorityKeyIdentifier", &ext); + "PKIX1.AuthorityKeyIdentifier", &ext); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1115,10 +1115,10 @@ _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, */ int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - unsigned int reason_flags, - gnutls_datum_t * der_ext) + type, const void *data, + unsigned int data_size, + unsigned int reason_flags, + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; gnutls_datum_t gnames = { NULL, 0 }; @@ -1130,7 +1130,7 @@ _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.CRLDistributionPoints", &ext); + "PKIX1.CRLDistributionPoints", &ext); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1150,21 +1150,21 @@ _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t { result = asn1_write_value (ext, "?LAST.reasons", reasons, 9); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } } else { result = asn1_write_value (ext, "?LAST.reasons", NULL, 0); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } } result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0); @@ -1188,13 +1188,13 @@ _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t #if 0 /* only needed in old code (where defined as SEQUENCE OF) */ asn1_write_value (ext, - "?LAST.distributionPoint.nameRelativeToCRLIssuer", - NULL, 0); + "?LAST.distributionPoint.nameRelativeToCRLIssuer", + NULL, 0); #endif result = write_new_general_name (ext, "?LAST.distributionPoint.fullName", - type, data, data_size); + type, data, data_size); if (result < 0) { gnutls_assert (); @@ -1222,10 +1222,10 @@ cleanup: */ int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, - char **policyLanguage, - char **policy, - size_t * sizeof_policy, - opaque * extnValue, int extnValueLen) + char **policyLanguage, + char **policy, + size_t * sizeof_policy, + opaque * extnValue, int extnValueLen) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; @@ -1249,18 +1249,18 @@ _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, if (pathLenConstraint) { result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint", - pathLenConstraint); + pathLenConstraint); if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) - *pathLenConstraint = -1; + *pathLenConstraint = -1; else if (result != GNUTLS_E_SUCCESS) - { - asn1_delete_structure (&ext); - return _gnutls_asn2err (result); - } + { + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); + } } result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage", - &value, 0); + &value, 0); if (result < 0) { gnutls_assert (); @@ -1275,9 +1275,9 @@ _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) { if (policy) - *policy = NULL; + *policy = NULL; if (sizeof_policy) - *sizeof_policy = 0; + *sizeof_policy = 0; } else if (result < 0) { @@ -1288,9 +1288,9 @@ _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, else { if (policy) - *policy = value.data; + *policy = value.data; if (sizeof_policy) - *sizeof_policy = value.size; + *sizeof_policy = value.size; } asn1_delete_structure (&ext); @@ -1302,16 +1302,16 @@ _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, */ int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, - const char *policyLanguage, - const char *policy, - size_t sizeof_policy, - gnutls_datum_t * der_ext) + const char *policyLanguage, + const char *policy, + size_t sizeof_policy, + gnutls_datum_t * der_ext) { ASN1_TYPE ext = ASN1_TYPE_EMPTY; int result; result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.ProxyCertInfo", &ext); + "PKIX1.ProxyCertInfo", &ext); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1322,11 +1322,11 @@ _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, { result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0); if (result < 0) - result = _gnutls_asn2err (result); + result = _gnutls_asn2err (result); } else result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint", - pathLenConstraint); + pathLenConstraint); if (result < 0) { gnutls_assert (); @@ -1335,7 +1335,7 @@ _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, } result = asn1_write_value (ext, "proxyPolicy.policyLanguage", - policyLanguage, 1); + policyLanguage, 1); if (result < 0) { gnutls_assert (); @@ -1344,7 +1344,7 @@ _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, } result = asn1_write_value (ext, "proxyPolicy.policy", - policy, sizeof_policy); + policy, sizeof_policy); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 4b1aa169ed..9e5fabd81e 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -69,7 +69,7 @@ _gnutls_x509_read_rsa_params (opaque * der, int dersize, bigint_t * params) } if ((result = _gnutls_x509_read_int (spk, "publicExponent", - ¶ms[1])) < 0) + ¶ms[1])) < 0) { gnutls_assert (); _gnutls_mpi_release (¶ms[0]); @@ -163,7 +163,7 @@ _gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out) /* == INTEGER */ if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", - &spk)) != ASN1_SUCCESS) + &spk)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -208,7 +208,7 @@ _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, bigint_t * params) */ int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, - bigint_t * params, int *params_size) + bigint_t * params, int *params_size) { int result; char name[256]; @@ -242,19 +242,19 @@ _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, * params[1] is the exponent */ if (*params_size < RSA_PUBLIC_PARAMS) - { - gnutls_assert (); - /* internal error. Increase the bigint_ts in params */ - result = GNUTLS_E_INTERNAL_ERROR; - goto error; - } + { + gnutls_assert (); + /* internal error. Increase the bigint_ts in params */ + result = GNUTLS_E_INTERNAL_ERROR; + goto error; + } if ((result = - _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0) - { - gnutls_assert (); - goto error; - } + _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0) + { + gnutls_assert (); + goto error; + } *params_size = RSA_PUBLIC_PARAMS; break; @@ -266,26 +266,26 @@ _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, */ if (*params_size < DSA_PUBLIC_PARAMS) - { - gnutls_assert (); - /* internal error. Increase the bigint_ts in params */ - result = GNUTLS_E_INTERNAL_ERROR; - goto error; - } + { + gnutls_assert (); + /* internal error. Increase the bigint_ts in params */ + result = GNUTLS_E_INTERNAL_ERROR; + goto error; + } if ((result = - _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0) - { - gnutls_assert (); - goto error; - } + _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0) + { + gnutls_assert (); + goto error; + } /* Now read the parameters */ _gnutls_free_datum (&tmp); _asnstr_append_name (name, sizeof (name), root, - ".algorithm.parameters"); + ".algorithm.parameters"); result = _gnutls_x509_read_value (asn, name, &tmp, 0); /* FIXME: If the parameters are not included in the certificate @@ -294,17 +294,17 @@ _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, */ if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } if ((result = - _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0) - { - gnutls_assert (); - goto error; - } + _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0) + { + gnutls_assert (); + goto error; + } *params_size = DSA_PUBLIC_PARAMS; break; @@ -329,13 +329,13 @@ error: */ int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, - bigint_t * params, int *params_size) + bigint_t * params, int *params_size) { /* Read the algorithm's OID */ return _gnutls_get_asn_mpis (cert->cert, - "tbsCertificate.subjectPublicKeyInfo", params, - params_size); + "tbsCertificate.subjectPublicKeyInfo", params, + params_size); } #ifdef ENABLE_PKI @@ -344,13 +344,13 @@ _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, */ int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert, - bigint_t * params, int *params_size) + bigint_t * params, int *params_size) { /* Read the algorithm's OID */ return _gnutls_get_asn_mpis (cert->crq, - "certificationRequestInfo.subjectPKInfo", - params, params_size); + "certificationRequestInfo.subjectPKInfo", + params, params_size); } #endif @@ -364,7 +364,7 @@ _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert, */ int _gnutls_x509_write_rsa_params (bigint_t * params, int params_size, - gnutls_datum_t * der) + gnutls_datum_t * der) { int result; ASN1_TYPE spk = ASN1_TYPE_EMPTY; @@ -423,8 +423,8 @@ cleanup: */ int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, - gnutls_pk_algorithm_t pk_algorithm, - gnutls_digest_algorithm_t dig) + gnutls_pk_algorithm_t pk_algorithm, + gnutls_digest_algorithm_t dig) { int result; char name[128]; @@ -438,8 +438,8 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, { gnutls_assert (); _gnutls_debug_log - ("Cannot find OID for sign algorithm pk: %d dig: %d\n", - (int) pk_algorithm, (int) dig); + ("Cannot find OID for sign algorithm pk: %d dig: %d\n", + (int) pk_algorithm, (int) dig); return GNUTLS_E_INVALID_REQUEST; } @@ -481,7 +481,7 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, */ int _gnutls_x509_write_dsa_params (bigint_t * params, int params_size, - gnutls_datum_t * der) + gnutls_datum_t * der) { int result; ASN1_TYPE spk = ASN1_TYPE_EMPTY; @@ -547,7 +547,7 @@ cleanup: */ int _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size, - gnutls_datum_t * der) + gnutls_datum_t * der) { int result; ASN1_TYPE spk = ASN1_TYPE_EMPTY; diff --git a/lib/x509/output.c b/lib/x509/output.c index b8336803c9..8583f15065 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -44,7 +44,7 @@ static void hexdump (gnutls_buffer_st * str, const char *data, size_t len, - const char *spc) + const char *spc) { size_t j; @@ -53,15 +53,15 @@ hexdump (gnutls_buffer_st * str, const char *data, size_t len, for (j = 0; j < len; j++) { if (((j + 1) % 16) == 0) - { - addf (str, "%.2x\n", (unsigned char) data[j]); - if (spc && j != (len - 1)) - adds (str, spc); - } + { + addf (str, "%.2x\n", (unsigned char) data[j]); + if (spc && j != (len - 1)) + adds (str, spc); + } else if (j == (len - 1)) - addf (str, "%.2x", (unsigned char) data[j]); + addf (str, "%.2x", (unsigned char) data[j]); else - addf (str, "%.2x:", (unsigned char) data[j]); + addf (str, "%.2x:", (unsigned char) data[j]); } if ((j % 16) != 0) adds (str, "\n"); @@ -77,7 +77,7 @@ hexprint (gnutls_buffer_st * str, const char *data, size_t len) else { for (j = 0; j < len; j++) - addf (str, "%.2x", (unsigned char) data[j]); + addf (str, "%.2x", (unsigned char) data[j]); } } @@ -125,10 +125,10 @@ ip_to_string (void *_ip, int ip_size, char *string, int string_size) break; case 16: sprintf (string, "%x:%x:%x:%x:%x:%x:%x:%x", - (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3], - (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7], - (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11], - (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]); + (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3], + (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7], + (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11], + (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]); break; } @@ -145,8 +145,8 @@ print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert) int err; err = gnutls_x509_crt_get_proxy (cert, NULL, - &pathlen, &policyLanguage, - &policy, &npolicy); + &pathlen, &policyLanguage, + &policy, &npolicy); if (err < 0) { addf (str, "error: get_proxy: %s\n", gnutls_strerror (err)); @@ -190,7 +190,7 @@ print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert) if (!buffer) { addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); return; } @@ -253,7 +253,7 @@ print_aki (gnutls_buffer_st * str, int type, cert_type_t cert) if (!buffer) { addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); return; } @@ -280,7 +280,7 @@ print_aki (gnutls_buffer_st * str, int type, cert_type_t cert) static void print_key_usage (gnutls_buffer_st * str, const char *prefix, int type, - cert_type_t cert) + cert_type_t cert) { unsigned int key_usage; int err; @@ -334,80 +334,80 @@ print_crldist (gnutls_buffer_st * str, gnutls_x509_crt_t cert) { size = 0; err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size, - NULL, NULL); + NULL, NULL); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - return; + return; if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - addf (str, "error: get_crl_dist_points: %s\n", - gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_crl_dist_points: %s\n", + gnutls_strerror (err)); + return; + } buffer = gnutls_malloc (size); if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size, - NULL, NULL); + NULL, NULL); if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_crl_dist_points2: %s\n", - gnutls_strerror (err)); - return; - } + { + gnutls_free (buffer); + addf (str, "error: get_crl_dist_points2: %s\n", + gnutls_strerror (err)); + return; + } if ((err == GNUTLS_SAN_DNSNAME - || err == GNUTLS_SAN_RFC822NAME - || err == GNUTLS_SAN_URI) && strlen (buffer) != size) - { - adds (str, _("warning: distributionPoint contains an embedded NUL, " - "replacing with '!'\n")); - while (strlen (buffer) < size) - buffer[strlen (buffer)] = '!'; - } + || err == GNUTLS_SAN_RFC822NAME + || err == GNUTLS_SAN_URI) && strlen (buffer) != size) + { + adds (str, _("warning: distributionPoint contains an embedded NUL, " + "replacing with '!'\n")); + while (strlen (buffer) < size) + buffer[strlen (buffer)] = '!'; + } switch (err) - { - case GNUTLS_SAN_DNSNAME: - addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer); - break; - - case GNUTLS_SAN_RFC822NAME: - addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer); - break; - - case GNUTLS_SAN_URI: - addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer); - break; - - case GNUTLS_SAN_IPADDRESS: - p = ip_to_string (buffer, size, str_ip, sizeof (str_ip)); - if (p == NULL) - p = ERROR_STR; - addf (str, "\t\t\tIPAddress: %s\n", p); - break; - - case GNUTLS_SAN_DN: - addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer); - break; - - default: - addf (str, "error: unknown SAN\n"); - break; - } + { + case GNUTLS_SAN_DNSNAME: + addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer); + break; + + case GNUTLS_SAN_RFC822NAME: + addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer); + break; + + case GNUTLS_SAN_URI: + addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer); + break; + + case GNUTLS_SAN_IPADDRESS: + p = ip_to_string (buffer, size, str_ip, sizeof (str_ip)); + if (p == NULL) + p = ERROR_STR; + addf (str, "\t\t\tIPAddress: %s\n", p); + break; + + case GNUTLS_SAN_DN: + addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer); + break; + + default: + addf (str, "error: unknown SAN\n"); + break; + } gnutls_free (buffer); } } static void print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type, - cert_type_t cert) + cert_type_t cert) { int indx; char *buffer = NULL; @@ -418,64 +418,64 @@ print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type, { size = 0; if (type == TYPE_CRT) - err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer, - &size, NULL); + err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer, + &size, NULL); else if (type == TYPE_CRQ) - err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer, - &size, NULL); + err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer, + &size, NULL); else - return; + return; if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - return; + return; if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - addf (str, "error: get_key_purpose_oid: %s\n", - gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_key_purpose_oid: %s\n", + gnutls_strerror (err)); + return; + } buffer = gnutls_malloc (size); if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } if (type == TYPE_CRT) - err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer, - &size, NULL); + err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer, + &size, NULL); else - err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer, - &size, NULL); + err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer, + &size, NULL); if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_key_purpose_oid2: %s\n", - gnutls_strerror (err)); - return; - } + { + gnutls_free (buffer); + addf (str, "error: get_key_purpose_oid2: %s\n", + gnutls_strerror (err)); + return; + } if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0) - addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix); + addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0) - addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix); + addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0) - addf (str, _("%s\t\t\tCode signing.\n"), prefix); + addf (str, _("%s\t\t\tCode signing.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0) - addf (str, _("%s\t\t\tEmail protection.\n"), prefix); + addf (str, _("%s\t\t\tEmail protection.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0) - addf (str, _("%s\t\t\tTime stamping.\n"), prefix); + addf (str, _("%s\t\t\tTime stamping.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0) - addf (str, _("%s\t\t\tOCSP signing.\n"), prefix); + addf (str, _("%s\t\t\tOCSP signing.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_IPSEC_IKE) == 0) - addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix); + addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix); else if (strcmp (buffer, GNUTLS_KP_ANY) == 0) - addf (str, _("%s\t\t\tAny purpose.\n"), prefix); + addf (str, _("%s\t\t\tAny purpose.\n"), prefix); else - addf (str, "%s\t\t\t%s\n", prefix, buffer); + addf (str, "%s\t\t\t%s\n", prefix, buffer); gnutls_free (buffer); } @@ -485,7 +485,7 @@ print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type, static void print_basic (gnutls_buffer_st * str, const char *prefix, int type, - cert_type_t cert) + cert_type_t cert) { int pathlen; int err; @@ -517,7 +517,7 @@ print_basic (gnutls_buffer_st * str, const char *prefix, int type, static void print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type, - cert_type_t cert) + cert_type_t cert) { unsigned int altname_idx; char str_ip[64]; @@ -530,178 +530,178 @@ print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type, int err; if (altname_type == TYPE_CRT_SAN) - err = - gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer, - &size, NULL); + err = + gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer, + &size, NULL); else if (altname_type == TYPE_CRQ_SAN) - err = - gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer, - &size, NULL, NULL); + err = + gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer, + &size, NULL, NULL); else if (altname_type == TYPE_CRT_IAN) - err = - gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer, - &size, NULL); + err = + gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer, + &size, NULL); else - return; + return; if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + break; if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - addf (str, "error: get_subject/issuer_alt_name: %s\n", - gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_subject/issuer_alt_name: %s\n", + gnutls_strerror (err)); + return; + } buffer = gnutls_malloc (size); if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } if (altname_type == TYPE_CRT_SAN) - err = - gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer, - &size, NULL); + err = + gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer, + &size, NULL); else if (altname_type == TYPE_CRQ_SAN) - err = - gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer, - &size, NULL, NULL); + err = + gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer, + &size, NULL, NULL); else if (altname_type == TYPE_CRT_IAN) - err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, - buffer, &size, NULL); + err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, + buffer, &size, NULL); if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_subject/issuer_alt_name2: %s\n", - gnutls_strerror (err)); - return; - } + { + gnutls_free (buffer); + addf (str, "error: get_subject/issuer_alt_name2: %s\n", + gnutls_strerror (err)); + return; + } if ((err == GNUTLS_SAN_DNSNAME - || err == GNUTLS_SAN_RFC822NAME - || err == GNUTLS_SAN_URI) && strlen (buffer) != size) - { - adds (str, _("warning: altname contains an embedded NUL, " - "replacing with '!'\n")); - while (strlen (buffer) < size) - buffer[strlen (buffer)] = '!'; - } + || err == GNUTLS_SAN_RFC822NAME + || err == GNUTLS_SAN_URI) && strlen (buffer) != size) + { + adds (str, _("warning: altname contains an embedded NUL, " + "replacing with '!'\n")); + while (strlen (buffer) < size) + buffer[strlen (buffer)] = '!'; + } switch (err) - { - case GNUTLS_SAN_DNSNAME: - addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer); - break; - - case GNUTLS_SAN_RFC822NAME: - addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size, - buffer); - break; - - case GNUTLS_SAN_URI: - addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer); - break; - - case GNUTLS_SAN_IPADDRESS: - p = ip_to_string (buffer, size, str_ip, sizeof (str_ip)); - if (p == NULL) - p = ERROR_STR; - addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p); - break; - - case GNUTLS_SAN_DN: - addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix, - (int) size, buffer); - break; - - case GNUTLS_SAN_OTHERNAME: - { - char *oid = NULL; - size_t oidsize; - - oidsize = 0; - if (altname_type == TYPE_CRT_SAN) - err = gnutls_x509_crt_get_subject_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRQ_SAN) - err = gnutls_x509_crq_get_subject_alt_othername_oid - (cert.crq, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRT_IAN) - err = gnutls_x509_crt_get_issuer_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - - if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - gnutls_free (buffer); - addf (str, - "error: get_subject/issuer_alt_othername_oid: %s\n", - gnutls_strerror (err)); - return; - } - - oid = gnutls_malloc (oidsize); - if (!oid) - { - gnutls_free (buffer); - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } - - if (altname_type == TYPE_CRT_SAN) - err = gnutls_x509_crt_get_subject_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRQ_SAN) - err = gnutls_x509_crq_get_subject_alt_othername_oid - (cert.crq, altname_idx, oid, &oidsize); - else if (altname_type == TYPE_CRT_IAN) - err = gnutls_x509_crt_get_issuer_alt_othername_oid - (cert.crt, altname_idx, oid, &oidsize); - - if (err < 0) - { - gnutls_free (buffer); - gnutls_free (oid); - addf (str, "error: get_subject_alt_othername_oid2: %s\n", - gnutls_strerror (err)); - return; - } - - if (err == GNUTLS_SAN_OTHERNAME_XMPP) - { - if (strlen (buffer) != size) - { - adds (str, _("warning: altname contains an embedded NUL, " - "replacing with '!'\n")); - while (strlen (buffer) < size) - buffer[strlen (buffer)] = '!'; - } - - addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix, - (int) size, buffer); - } - else - { - addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix, - (int) oidsize, oid); - addf (str, _("%s\t\t\totherName DER: "), prefix); - hexprint (str, buffer, size); - addf (str, _("\n%s\t\t\totherName ASCII: "), prefix); - asciiprint (str, buffer, size); - addf (str, "\n"); - } - gnutls_free (oid); - } - break; - - default: - addf (str, "error: unknown altname\n"); - break; - } + { + case GNUTLS_SAN_DNSNAME: + addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer); + break; + + case GNUTLS_SAN_RFC822NAME: + addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size, + buffer); + break; + + case GNUTLS_SAN_URI: + addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer); + break; + + case GNUTLS_SAN_IPADDRESS: + p = ip_to_string (buffer, size, str_ip, sizeof (str_ip)); + if (p == NULL) + p = ERROR_STR; + addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p); + break; + + case GNUTLS_SAN_DN: + addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix, + (int) size, buffer); + break; + + case GNUTLS_SAN_OTHERNAME: + { + char *oid = NULL; + size_t oidsize; + + oidsize = 0; + if (altname_type == TYPE_CRT_SAN) + err = gnutls_x509_crt_get_subject_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRQ_SAN) + err = gnutls_x509_crq_get_subject_alt_othername_oid + (cert.crq, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRT_IAN) + err = gnutls_x509_crt_get_issuer_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + + if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_free (buffer); + addf (str, + "error: get_subject/issuer_alt_othername_oid: %s\n", + gnutls_strerror (err)); + return; + } + + oid = gnutls_malloc (oidsize); + if (!oid) + { + gnutls_free (buffer); + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } + + if (altname_type == TYPE_CRT_SAN) + err = gnutls_x509_crt_get_subject_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRQ_SAN) + err = gnutls_x509_crq_get_subject_alt_othername_oid + (cert.crq, altname_idx, oid, &oidsize); + else if (altname_type == TYPE_CRT_IAN) + err = gnutls_x509_crt_get_issuer_alt_othername_oid + (cert.crt, altname_idx, oid, &oidsize); + + if (err < 0) + { + gnutls_free (buffer); + gnutls_free (oid); + addf (str, "error: get_subject_alt_othername_oid2: %s\n", + gnutls_strerror (err)); + return; + } + + if (err == GNUTLS_SAN_OTHERNAME_XMPP) + { + if (strlen (buffer) != size) + { + adds (str, _("warning: altname contains an embedded NUL, " + "replacing with '!'\n")); + while (strlen (buffer) < size) + buffer[strlen (buffer)] = '!'; + } + + addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix, + (int) size, buffer); + } + else + { + addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix, + (int) oidsize, oid); + addf (str, _("%s\t\t\totherName DER: "), prefix); + hexprint (str, buffer, size); + addf (str, _("\n%s\t\t\totherName ASCII: "), prefix); + asciiprint (str, buffer, size); + addf (str, "\n"); + } + gnutls_free (oid); + } + break; + + default: + addf (str, "error: unknown altname\n"); + break; + } gnutls_free (buffer); } @@ -709,7 +709,7 @@ print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type, static void guiddump (gnutls_buffer_st * str, const char *data, size_t len, - const char *spc) + const char *spc) { size_t j; @@ -741,7 +741,7 @@ static void print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) { int result; - char buf[256]; /* if its longer, we won't bother to print it */ + char buf[256]; /* if its longer, we won't bother to print it */ ssize_t buf_size = 256; result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size); @@ -750,9 +750,9 @@ print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) addf (str, ("\t\tIssuer Unique ID:\n")); hexdump (str, buf, buf_size, "\t\t\t"); if (buf_size == 16) - { /* this could be a GUID */ - guiddump (str, buf, buf_size, "\t\t\t"); - } + { /* this could be a GUID */ + guiddump (str, buf, buf_size, "\t\t\t"); + } } buf_size = 256; @@ -762,15 +762,15 @@ print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert) addf (str, ("\t\tSubject Unique ID:\n")); hexdump (str, buf, buf_size, "\t\t\t"); if (buf_size == 16) - { /* this could be a GUID */ - guiddump (str, buf, buf_size, "\t\t\t"); - } + { /* this could be a GUID */ + guiddump (str, buf, buf_size, "\t\t\t"); + } } } static void print_extensions (gnutls_buffer_st * str, const char *prefix, int type, - cert_type_t cert) + cert_type_t cert) { int i, err; int san_idx = 0; @@ -790,238 +790,238 @@ print_extensions (gnutls_buffer_st * str, const char *prefix, int type, int critical; if (type == TYPE_CRT) - err = gnutls_x509_crt_get_extension_info (cert.crt, i, - oid, &sizeof_oid, - &critical); + err = gnutls_x509_crt_get_extension_info (cert.crt, i, + oid, &sizeof_oid, + &critical); else if (type == TYPE_CRQ) - err = gnutls_x509_crq_get_extension_info (cert.crq, i, - oid, &sizeof_oid, - &critical); + err = gnutls_x509_crq_get_extension_info (cert.crq, i, + oid, &sizeof_oid, + &critical); else - { - gnutls_assert (); - return; - } + { + gnutls_assert (); + return; + } if (err < 0) - { - if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; - addf (str, "error: get_extension_info: %s\n", - gnutls_strerror (err)); - continue; - } + { + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + addf (str, "error: get_extension_info: %s\n", + gnutls_strerror (err)); + continue; + } if (i == 0) - addf (str, _("%s\tExtensions:\n"), prefix); + addf (str, _("%s\tExtensions:\n"), prefix); if (strcmp (oid, "2.5.29.19") == 0) - { - if (basic_idx) - { - addf (str, "error: more than one basic constraint\n"); - continue; - } + { + if (basic_idx) + { + addf (str, "error: more than one basic constraint\n"); + continue; + } - addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - print_basic (str, prefix, type, cert); + print_basic (str, prefix, type, cert); - basic_idx++; - } + basic_idx++; + } else if (strcmp (oid, "2.5.29.14") == 0) - { - if (ski_idx) - { - addf (str, "error: more than one SKI extension\n"); - continue; - } + { + if (ski_idx) + { + addf (str, "error: more than one SKI extension\n"); + continue; + } - addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - if (type == TYPE_CRT) - print_ski (str, cert.crt); + if (type == TYPE_CRT) + print_ski (str, cert.crt); - ski_idx++; - } + ski_idx++; + } else if (strcmp (oid, "2.5.29.35") == 0) - { + { - if (aki_idx) - { - addf (str, "error: more than one AKI extension\n"); - continue; - } + if (aki_idx) + { + addf (str, "error: more than one AKI extension\n"); + continue; + } - addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - if (type == TYPE_CRT) - print_aki (str, TYPE_CRT, cert); + if (type == TYPE_CRT) + print_aki (str, TYPE_CRT, cert); - aki_idx++; - } + aki_idx++; + } else if (strcmp (oid, "2.5.29.15") == 0) - { - if (keyusage_idx) - { - addf (str, "error: more than one key usage extension\n"); - continue; - } + { + if (keyusage_idx) + { + addf (str, "error: more than one key usage extension\n"); + continue; + } - addf (str, _("%s\t\tKey Usage (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tKey Usage (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - print_key_usage (str, prefix, type, cert); + print_key_usage (str, prefix, type, cert); - keyusage_idx++; - } + keyusage_idx++; + } else if (strcmp (oid, "2.5.29.37") == 0) - { - if (keypurpose_idx) - { - addf (str, "error: more than one key purpose extension\n"); - continue; - } + { + if (keypurpose_idx) + { + addf (str, "error: more than one key purpose extension\n"); + continue; + } - addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); #ifdef ENABLE_PKI - print_key_purpose (str, prefix, type, cert); + print_key_purpose (str, prefix, type, cert); #endif - keypurpose_idx++; - } + keypurpose_idx++; + } else if (strcmp (oid, "2.5.29.17") == 0) - { - if (san_idx) - { - addf (str, "error: more than one SKI extension\n"); - continue; - } + { + if (san_idx) + { + addf (str, "error: more than one SKI extension\n"); + continue; + } - addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - print_altname (str, prefix, type, cert); + print_altname (str, prefix, type, cert); - san_idx++; - } + san_idx++; + } else if (strcmp (oid, "2.5.29.18") == 0) - { - if (ian_idx) - { - addf (str, "error: more than one Issuer AltName extension\n"); - continue; - } + { + if (ian_idx) + { + addf (str, "error: more than one Issuer AltName extension\n"); + continue; + } - addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - print_altname (str, prefix, TYPE_CRT_IAN, cert); + print_altname (str, prefix, TYPE_CRT_IAN, cert); - ian_idx++; - } + ian_idx++; + } else if (strcmp (oid, "2.5.29.31") == 0) - { - if (crldist_idx) - { - addf (str, "error: more than one CRL distribution point\n"); - continue; - } + { + if (crldist_idx) + { + addf (str, "error: more than one CRL distribution point\n"); + continue; + } - addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); #ifdef ENABLE_PKI - if (type == TYPE_CRT) - print_crldist (str, cert.crt); + if (type == TYPE_CRT) + print_crldist (str, cert.crt); #endif - crldist_idx++; - } + crldist_idx++; + } else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0) - { - if (proxy_idx) - { - addf (str, "error: more than one proxy extension\n"); - continue; - } + { + if (proxy_idx) + { + addf (str, "error: more than one proxy extension\n"); + continue; + } - addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix, - critical ? _("critical") : _("not critical")); + addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix, + critical ? _("critical") : _("not critical")); - if (type == TYPE_CRT) - print_proxy (str, cert.crt); + if (type == TYPE_CRT) + print_proxy (str, cert.crt); - proxy_idx++; - } + proxy_idx++; + } else - { - char *buffer; - size_t extlen = 0; - - addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid, - critical ? _("critical") : _("not critical")); - - if (type == TYPE_CRT) - err = - gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen); - else if (type == TYPE_CRQ) - err = - gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen); - else - { - gnutls_assert (); - return; - } - - if (err < 0) - { - addf (str, "error: get_extension_data: %s\n", - gnutls_strerror (err)); - continue; - } - - buffer = gnutls_malloc (extlen); - if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - continue; - } - - if (type == TYPE_CRT) - err = - gnutls_x509_crt_get_extension_data (cert.crt, i, buffer, - &extlen); - else if (type == TYPE_CRQ) - err = - gnutls_x509_crq_get_extension_data (cert.crq, i, buffer, - &extlen); - - if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_extension_data2: %s\n", - gnutls_strerror (err)); - continue; - } - - addf (str, _("%s\t\t\tASCII: "), prefix); - asciiprint (str, buffer, extlen); - addf (str, "\n"); - - addf (str, _("%s\t\t\tHexdump: "), prefix); - hexprint (str, buffer, extlen); - adds (str, "\n"); - - gnutls_free (buffer); - } + { + char *buffer; + size_t extlen = 0; + + addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid, + critical ? _("critical") : _("not critical")); + + if (type == TYPE_CRT) + err = + gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen); + else if (type == TYPE_CRQ) + err = + gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen); + else + { + gnutls_assert (); + return; + } + + if (err < 0) + { + addf (str, "error: get_extension_data: %s\n", + gnutls_strerror (err)); + continue; + } + + buffer = gnutls_malloc (extlen); + if (!buffer) + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + continue; + } + + if (type == TYPE_CRT) + err = + gnutls_x509_crt_get_extension_data (cert.crt, i, buffer, + &extlen); + else if (type == TYPE_CRQ) + err = + gnutls_x509_crq_get_extension_data (cert.crq, i, buffer, + &extlen); + + if (err < 0) + { + gnutls_free (buffer); + addf (str, "error: get_extension_data2: %s\n", + gnutls_strerror (err)); + continue; + } + + addf (str, _("%s\t\t\tASCII: "), prefix); + asciiprint (str, buffer, extlen); + addf (str, "\n"); + + addf (str, _("%s\t\t\tHexdump: "), prefix); + hexprint (str, buffer, extlen); + adds (str, "\n"); + + gnutls_free (buffer); + } } } @@ -1048,9 +1048,9 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) addf (str, "error: get_serial: %s\n", gnutls_strerror (err)); else { - adds (str, _("\tSerial Number (hex): ")); - hexprint (str, serial, serial_size); - adds (str, "\n"); + adds (str, _("\tSerial Number (hex): ")); + hexprint (str, serial, serial_size); + adds (str, "\n"); } } @@ -1063,24 +1063,24 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err)); + addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err)); else - { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "error: malloc (%d): %s\n", (int) dn_size, - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size); - if (err < 0) - addf (str, "error: get_issuer_dn: %s\n", - gnutls_strerror (err)); - else - addf (str, _("\tIssuer: %s\n"), dn); - gnutls_free (dn); - } - } + { + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "error: malloc (%d): %s\n", (int) dn_size, + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size); + if (err < 0) + addf (str, "error: get_issuer_dn: %s\n", + gnutls_strerror (err)); + else + addf (str, _("\tIssuer: %s\n"), dn); + gnutls_free (dn); + } + } } /* Validity. */ @@ -1096,11 +1096,11 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) struct tm t; if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); + addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); + addf (str, "error: strftime (%ld)\n", (unsigned long) tim); else - addf (str, _("\t\tNot Before: %s\n"), s); + addf (str, _("\t\tNot Before: %s\n"), s); } tim = gnutls_x509_crt_get_expiration_time (cert); @@ -1110,11 +1110,11 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) struct tm t; if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); + addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); + addf (str, "error: strftime (%ld)\n", (unsigned long) tim); else - addf (str, _("\t\tNot After: %s\n"), s); + addf (str, _("\t\tNot After: %s\n"), s); } } @@ -1129,19 +1129,19 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) addf (str, "error: get_dn: %s\n", gnutls_strerror (err)); else { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "error: malloc (%d): %s\n", (int) dn_size, - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_x509_crt_get_dn (cert, dn, &dn_size); - if (err < 0) - addf (str, "error: get_dn: %s\n", gnutls_strerror (err)); - else - addf (str, _("\tSubject: %s\n"), dn); - gnutls_free (dn); - } + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "error: malloc (%d): %s\n", (int) dn_size, + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_x509_crt_get_dn (cert, dn, &dn_size); + if (err < 0) + addf (str, "error: get_dn: %s\n", gnutls_strerror (err)); + else + addf (str, _("\tSubject: %s\n"), dn); + gnutls_free (dn); + } } } @@ -1155,71 +1155,71 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err)); else { - const char *name = gnutls_pk_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); + const char *name = gnutls_pk_algorithm_get_name (err); + if (name == NULL) + name = _("unknown"); - addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); - addf (str, _("\tCertificate Security Level: %s\n"), - gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param - (err, bits))); + addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); + addf (str, _("\tCertificate Security Level: %s\n"), + gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param + (err, bits))); #ifdef ENABLE_PKI - switch (err) - { - case GNUTLS_PK_RSA: - { - gnutls_datum_t m, e; - - err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e); - if (err < 0) - addf (str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tModulus (bits %d):\n"), bits); - hexdump (str, m.data, m.size, "\t\t\t"); - addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8); - hexdump (str, e.data, e.size, "\t\t\t"); - - gnutls_free (m.data); - gnutls_free (e.data); - } - - } - break; - - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y); - if (err < 0) - addf (str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tPublic key (bits %d):\n"), bits); - hexdump (str, y.data, y.size, "\t\t\t"); - adds (str, _("\t\tP:\n")); - hexdump (str, p.data, p.size, "\t\t\t"); - adds (str, _("\t\tQ:\n")); - hexdump (str, q.data, q.size, "\t\t\t"); - adds (str, _("\t\tG:\n")); - hexdump (str, g.data, g.size, "\t\t\t"); - - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - - } - } - break; - - default: - break; - } + switch (err) + { + case GNUTLS_PK_RSA: + { + gnutls_datum_t m, e; + + err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e); + if (err < 0) + addf (str, "error: get_pk_rsa_raw: %s\n", + gnutls_strerror (err)); + else + { + addf (str, _("\t\tModulus (bits %d):\n"), bits); + hexdump (str, m.data, m.size, "\t\t\t"); + addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8); + hexdump (str, e.data, e.size, "\t\t\t"); + + gnutls_free (m.data); + gnutls_free (e.data); + } + + } + break; + + case GNUTLS_PK_DSA: + { + gnutls_datum_t p, q, g, y; + + err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y); + if (err < 0) + addf (str, "error: get_pk_dsa_raw: %s\n", + gnutls_strerror (err)); + else + { + addf (str, _("\t\tPublic key (bits %d):\n"), bits); + hexdump (str, y.data, y.size, "\t\t\t"); + adds (str, _("\t\tP:\n")); + hexdump (str, p.data, p.size, "\t\t\t"); + adds (str, _("\t\tQ:\n")); + hexdump (str, q.data, q.size, "\t\t\t"); + adds (str, _("\t\tG:\n")); + hexdump (str, g.data, g.size, "\t\t\t"); + + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + + } + } + break; + + default: + break; + } #endif } } @@ -1244,43 +1244,43 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) err = gnutls_x509_crt_get_signature_algorithm (cert); if (err < 0) - addf (str, "error: get_signature_algorithm: %s\n", - gnutls_strerror (err)); + addf (str, "error: get_signature_algorithm: %s\n", + gnutls_strerror (err)); else - { - const char *name = gnutls_sign_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - addf (str, _("\tSignature Algorithm: %s\n"), name); - } + { + const char *name = gnutls_sign_algorithm_get_name (err); + if (name == NULL) + name = _("unknown"); + addf (str, _("\tSignature Algorithm: %s\n"), name); + } if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2) - { - adds (str, _("warning: signed using a broken signature " - "algorithm that can be forged.\n")); - } + { + adds (str, _("warning: signed using a broken signature " + "algorithm that can be forged.\n")); + } err = gnutls_x509_crt_get_signature (cert, buffer, &size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - addf (str, "error: get_signature: %s\n", gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_signature: %s\n", gnutls_strerror (err)); + return; + } buffer = gnutls_malloc (size); if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } err = gnutls_x509_crt_get_signature (cert, buffer, &size); if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_signature2: %s\n", gnutls_strerror (err)); - return; - } + { + gnutls_free (buffer); + addf (str, "error: get_signature2: %s\n", gnutls_strerror (err)); + return; + } adds (str, _("\tSignature:\n")); hexdump (str, buffer, size, "\t\t"); @@ -1291,7 +1291,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned) static void print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo) + gnutls_digest_algorithm_t algo) { int err; char buffer[MAX_HASH_SIZE]; @@ -1356,19 +1356,19 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) addf (str, "unknown subject (%s), ", gnutls_strerror (err)); else { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "unknown subject (%s), ", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_x509_crt_get_dn (cert, dn, &dn_size); - if (err < 0) - addf (str, "unknown subject (%s), ", gnutls_strerror (err)); - else - addf (str, "subject `%s', ", dn); - gnutls_free (dn); - } + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "unknown subject (%s), ", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_x509_crt_get_dn (cert, dn, &dn_size); + if (err < 0) + addf (str, "unknown subject (%s), ", gnutls_strerror (err)); + else + addf (str, "subject `%s', ", dn); + gnutls_free (dn); + } } } @@ -1383,19 +1383,19 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) addf (str, "unknown issuer (%s), ", gnutls_strerror (err)); else { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "unknown issuer (%s), ", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size); - if (err < 0) - addf (str, "unknown issuer (%s), ", gnutls_strerror (err)); - else - addf (str, "issuer `%s', ", dn); - gnutls_free (dn); - } + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "unknown issuer (%s), ", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size); + if (err < 0) + addf (str, "unknown issuer (%s), ", gnutls_strerror (err)); + else + addf (str, "issuer `%s', ", dn); + gnutls_free (dn); + } } } @@ -1418,13 +1418,13 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) addf (str, "unknown signature algorithm (%s), ", gnutls_strerror (err)); else { - const char *name = gnutls_sign_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2) - addf (str, _("signed using %s (broken!), "), name); - else - addf (str, _("signed using %s, "), name); + const char *name = gnutls_sign_algorithm_get_name (err); + if (name == NULL) + name = _("unknown"); + if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2) + addf (str, _("signed using %s (broken!), "), name); + else + addf (str, _("signed using %s, "), name); } } @@ -1439,11 +1439,11 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) struct tm t; if (gmtime_r (&tim, &t) == NULL) - addf (str, "unknown activation (%ld), ", (unsigned long) tim); + addf (str, "unknown activation (%ld), ", (unsigned long) tim); else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) - addf (str, "failed activation (%ld), ", (unsigned long) tim); + addf (str, "failed activation (%ld), ", (unsigned long) tim); else - addf (str, "activated `%s', ", s); + addf (str, "activated `%s', ", s); } tim = gnutls_x509_crt_get_expiration_time (cert); @@ -1453,11 +1453,11 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) struct tm t; if (gmtime_r (&tim, &t) == NULL) - addf (str, "unknown expiry (%ld), ", (unsigned long) tim); + addf (str, "unknown expiry (%ld), ", (unsigned long) tim); else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0) - addf (str, "failed expiry (%ld), ", (unsigned long) tim); + addf (str, "failed expiry (%ld), ", (unsigned long) tim); else - addf (str, "expires `%s', ", s); + addf (str, "expires `%s', ", s); } } @@ -1467,21 +1467,21 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) int err; err = gnutls_x509_crt_get_proxy (cert, NULL, - &pathlen, &policyLanguage, NULL, NULL); + &pathlen, &policyLanguage, NULL, NULL); if (err == 0) { - addf (str, "proxy certificate (policy="); - if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0) - addf (str, "id-ppl-inheritALL"); - else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0) - addf (str, "id-ppl-independent"); - else - addf (str, "%s", policyLanguage); - if (pathlen >= 0) - addf (str, ", pathlen=%d), ", pathlen); - else - addf (str, "), "); - gnutls_free (policyLanguage); + addf (str, "proxy certificate (policy="); + if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0) + addf (str, "id-ppl-inheritALL"); + else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0) + addf (str, "id-ppl-independent"); + else + addf (str, "%s", policyLanguage); + if (pathlen >= 0) + addf (str, ", pathlen=%d), ", pathlen); + else + addf (str, "), "); + gnutls_free (policyLanguage); } } @@ -1491,16 +1491,16 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) int err; err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1, - buffer, &size); + buffer, &size); if (err < 0) { - addf (str, "unknown fingerprint (%s)", gnutls_strerror (err)); + addf (str, "unknown fingerprint (%s)", gnutls_strerror (err)); } else { - addf (str, "SHA-1 fingerprint `"); - hexprint (str, buffer, size); - adds (str, "'"); + addf (str, "SHA-1 fingerprint `"); + hexprint (str, buffer, size); + adds (str, "'"); } } @@ -1527,8 +1527,8 @@ print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert) **/ int gnutls_x509_crt_print (gnutls_x509_crt_t cert, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) { gnutls_buffer_st str; @@ -1593,24 +1593,24 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) err = gnutls_x509_crl_get_issuer_dn (crl, NULL, &dn_size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err)); + addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err)); else - { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "error: malloc (%d): %s\n", (int) dn_size, - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size); - if (err < 0) - addf (str, "error: get_issuer_dn: %s\n", - gnutls_strerror (err)); - else - addf (str, _("\tIssuer: %s\n"), dn); - } - gnutls_free (dn); - } + { + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "error: malloc (%d): %s\n", (int) dn_size, + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size); + if (err < 0) + addf (str, "error: get_issuer_dn: %s\n", + gnutls_strerror (err)); + else + addf (str, _("\tIssuer: %s\n"), dn); + } + gnutls_free (dn); + } } /* Validity. */ @@ -1626,11 +1626,11 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) struct tm t; if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); + addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); + addf (str, "error: strftime (%ld)\n", (unsigned long) tim); else - addf (str, _("\t\tIssued: %s\n"), s); + addf (str, _("\t\tIssued: %s\n"), s); } tim = gnutls_x509_crl_get_next_update (crl); @@ -1640,13 +1640,13 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) struct tm t; if (tim == -1) - addf (str, "\t\tNo next update time.\n"); + addf (str, "\t\tNo next update time.\n"); else if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); + addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); + addf (str, "error: strftime (%ld)\n", (unsigned long) tim); else - addf (str, _("\t\tNext at: %s\n"), s); + addf (str, _("\t\tNext at: %s\n"), s); } } @@ -1659,116 +1659,116 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) int crl_nr = 0; for (i = 0;; i++) - { - char oid[MAX_OID_SIZE] = ""; - size_t sizeof_oid = sizeof (oid); - int critical; - - err = gnutls_x509_crl_get_extension_info (crl, i, - oid, &sizeof_oid, - &critical); - if (err < 0) - { - if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; - addf (str, "error: get_extension_info: %s\n", - gnutls_strerror (err)); - continue; - } - - if (i == 0) - adds (str, _("\tExtensions:\n")); - - if (strcmp (oid, "2.5.29.20") == 0) - { - char nr[128]; - size_t nr_size = sizeof (nr); - - if (crl_nr) - { - addf (str, "error: more than one CRL number\n"); - continue; - } - - err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical); - - addf (str, _("\t\tCRL Number (%s): "), - critical ? _("critical") : _("not critical")); - - if (err < 0) - addf (str, "error: get_number: %s\n", gnutls_strerror (err)); - else - { - hexprint (str, nr, nr_size); - addf (str, "\n"); - } - - crl_nr++; - } - else if (strcmp (oid, "2.5.29.35") == 0) - { - cert_type_t ccert; - - if (aki_idx) - { - addf (str, "error: more than one AKI extension\n"); - continue; - } - - addf (str, _("\t\tAuthority Key Identifier (%s):\n"), - critical ? _("critical") : _("not critical")); - - ccert.crl = crl; - print_aki (str, TYPE_CRL, ccert); - - aki_idx++; - } - else - { - char *buffer; - size_t extlen = 0; - - addf (str, _("\t\tUnknown extension %s (%s):\n"), oid, - critical ? _("critical") : _("not critical")); - - err = gnutls_x509_crl_get_extension_data (crl, i, - NULL, &extlen); - if (err < 0) - { - addf (str, "error: get_extension_data: %s\n", - gnutls_strerror (err)); - continue; - } - - buffer = gnutls_malloc (extlen); - if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - continue; - } - - err = gnutls_x509_crl_get_extension_data (crl, i, - buffer, &extlen); - if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_extension_data2: %s\n", - gnutls_strerror (err)); - continue; - } - - adds (str, _("\t\t\tASCII: ")); - asciiprint (str, buffer, extlen); - adds (str, "\n"); - - adds (str, _("\t\t\tHexdump: ")); - hexprint (str, buffer, extlen); - adds (str, "\n"); - - gnutls_free (buffer); - } - } + { + char oid[MAX_OID_SIZE] = ""; + size_t sizeof_oid = sizeof (oid); + int critical; + + err = gnutls_x509_crl_get_extension_info (crl, i, + oid, &sizeof_oid, + &critical); + if (err < 0) + { + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + addf (str, "error: get_extension_info: %s\n", + gnutls_strerror (err)); + continue; + } + + if (i == 0) + adds (str, _("\tExtensions:\n")); + + if (strcmp (oid, "2.5.29.20") == 0) + { + char nr[128]; + size_t nr_size = sizeof (nr); + + if (crl_nr) + { + addf (str, "error: more than one CRL number\n"); + continue; + } + + err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical); + + addf (str, _("\t\tCRL Number (%s): "), + critical ? _("critical") : _("not critical")); + + if (err < 0) + addf (str, "error: get_number: %s\n", gnutls_strerror (err)); + else + { + hexprint (str, nr, nr_size); + addf (str, "\n"); + } + + crl_nr++; + } + else if (strcmp (oid, "2.5.29.35") == 0) + { + cert_type_t ccert; + + if (aki_idx) + { + addf (str, "error: more than one AKI extension\n"); + continue; + } + + addf (str, _("\t\tAuthority Key Identifier (%s):\n"), + critical ? _("critical") : _("not critical")); + + ccert.crl = crl; + print_aki (str, TYPE_CRL, ccert); + + aki_idx++; + } + else + { + char *buffer; + size_t extlen = 0; + + addf (str, _("\t\tUnknown extension %s (%s):\n"), oid, + critical ? _("critical") : _("not critical")); + + err = gnutls_x509_crl_get_extension_data (crl, i, + NULL, &extlen); + if (err < 0) + { + addf (str, "error: get_extension_data: %s\n", + gnutls_strerror (err)); + continue; + } + + buffer = gnutls_malloc (extlen); + if (!buffer) + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + continue; + } + + err = gnutls_x509_crl_get_extension_data (crl, i, + buffer, &extlen); + if (err < 0) + { + gnutls_free (buffer); + addf (str, "error: get_extension_data2: %s\n", + gnutls_strerror (err)); + continue; + } + + adds (str, _("\t\t\tASCII: ")); + asciiprint (str, buffer, extlen); + adds (str, "\n"); + + adds (str, _("\t\t\tHexdump: ")); + hexprint (str, buffer, extlen); + adds (str, "\n"); + + gnutls_free (buffer); + } + } } @@ -1784,32 +1784,32 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) for (j = 0; j < num; j++) { - char serial[128]; - size_t serial_size = sizeof (serial); - int err; - time_t tim; - - err = gnutls_x509_crl_get_crt_serial (crl, j, serial, - &serial_size, &tim); - if (err < 0) - addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err)); - else - { - char s[42]; - size_t max = sizeof (s); - struct tm t; - - adds (str, _("\t\tSerial Number (hex): ")); - hexprint (str, serial, serial_size); - adds (str, "\n"); - - if (gmtime_r (&tim, &t) == NULL) - addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); - else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) - addf (str, "error: strftime (%ld)\n", (unsigned long) tim); - else - addf (str, _("\t\tRevoked at: %s\n"), s); - } + char serial[128]; + size_t serial_size = sizeof (serial); + int err; + time_t tim; + + err = gnutls_x509_crl_get_crt_serial (crl, j, serial, + &serial_size, &tim); + if (err < 0) + addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err)); + else + { + char s[42]; + size_t max = sizeof (s); + struct tm t; + + adds (str, _("\t\tSerial Number (hex): ")); + hexprint (str, serial, serial_size); + adds (str, "\n"); + + if (gmtime_r (&tim, &t) == NULL) + addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim); + else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0) + addf (str, "error: strftime (%ld)\n", (unsigned long) tim); + else + addf (str, _("\t\tRevoked at: %s\n"), s); + } } } @@ -1822,43 +1822,43 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) err = gnutls_x509_crl_get_signature_algorithm (crl); if (err < 0) - addf (str, "error: get_signature_algorithm: %s\n", - gnutls_strerror (err)); + addf (str, "error: get_signature_algorithm: %s\n", + gnutls_strerror (err)); else - { - const char *name = gnutls_sign_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - addf (str, _("\tSignature Algorithm: %s\n"), name); - } + { + const char *name = gnutls_sign_algorithm_get_name (err); + if (name == NULL) + name = _("unknown"); + addf (str, _("\tSignature Algorithm: %s\n"), name); + } if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2) - { - adds (str, _("warning: signed using a broken signature " - "algorithm that can be forged.\n")); - } + { + adds (str, _("warning: signed using a broken signature " + "algorithm that can be forged.\n")); + } err = gnutls_x509_crl_get_signature (crl, buffer, &size); if (err != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - addf (str, "error: get_signature: %s\n", gnutls_strerror (err)); - return; - } + { + addf (str, "error: get_signature: %s\n", gnutls_strerror (err)); + return; + } buffer = gnutls_malloc (size); if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - return; - } + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + return; + } err = gnutls_x509_crl_get_signature (crl, buffer, &size); if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_signature2: %s\n", gnutls_strerror (err)); - return; - } + { + gnutls_free (buffer); + addf (str, "error: get_signature2: %s\n", gnutls_strerror (err)); + return; + } adds (str, _("\tSignature:\n")); hexdump (str, buffer, size, "\t\t"); @@ -1883,8 +1883,8 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned) **/ int gnutls_x509_crl_print (gnutls_x509_crl_t crl, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) { gnutls_buffer_st str; @@ -1925,19 +1925,19 @@ print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert) addf (str, "error: get_dn: %s\n", gnutls_strerror (err)); else { - dn = gnutls_malloc (dn_size); - if (!dn) - addf (str, "error: malloc (%d): %s\n", (int) dn_size, - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - else - { - err = gnutls_x509_crq_get_dn (cert, dn, &dn_size); - if (err < 0) - addf (str, "error: get_dn: %s\n", gnutls_strerror (err)); - else - addf (str, _("\tSubject: %s\n"), dn); - gnutls_free (dn); - } + dn = gnutls_malloc (dn_size); + if (!dn) + addf (str, "error: malloc (%d): %s\n", (int) dn_size, + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + else + { + err = gnutls_x509_crq_get_dn (cert, dn, &dn_size); + if (err < 0) + addf (str, "error: get_dn: %s\n", gnutls_strerror (err)); + else + addf (str, _("\tSubject: %s\n"), dn); + gnutls_free (dn); + } } } @@ -1951,66 +1951,66 @@ print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert) addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err)); else { - const char *name = gnutls_pk_algorithm_get_name (err); - if (name == NULL) - name = _("unknown"); - - addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); - switch (err) - { - case GNUTLS_PK_RSA: - { - gnutls_datum_t m, e; - - err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e); - if (err < 0) - addf (str, "error: get_pk_rsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tModulus (bits %d):\n"), bits); - hexdump (str, m.data, m.size, "\t\t\t"); - adds (str, _("\t\tExponent:\n")); - hexdump (str, e.data, e.size, "\t\t\t"); - - gnutls_free (m.data); - gnutls_free (e.data); - } - - } - break; -#if 0 /* not implemented yet */ - case GNUTLS_PK_DSA: - { - gnutls_datum_t p, q, g, y; - - err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y); - if (err < 0) - addf (str, "error: get_pk_dsa_raw: %s\n", - gnutls_strerror (err)); - else - { - addf (str, _("\t\tPublic key (bits %d):\n"), bits); - hexdump (str, y.data, y.size, "\t\t\t"); - addf (str, _("\t\tP:\n")); - hexdump (str, p.data, p.size, "\t\t\t"); - addf (str, _("\t\tQ:\n")); - hexdump (str, q.data, q.size, "\t\t\t"); - addf (str, _("\t\tG:\n")); - hexdump (str, g.data, g.size, "\t\t\t"); - - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - gnutls_free (y.data); - - } - } - break; + const char *name = gnutls_pk_algorithm_get_name (err); + if (name == NULL) + name = _("unknown"); + + addf (str, _("\tSubject Public Key Algorithm: %s\n"), name); + switch (err) + { + case GNUTLS_PK_RSA: + { + gnutls_datum_t m, e; + + err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e); + if (err < 0) + addf (str, "error: get_pk_rsa_raw: %s\n", + gnutls_strerror (err)); + else + { + addf (str, _("\t\tModulus (bits %d):\n"), bits); + hexdump (str, m.data, m.size, "\t\t\t"); + adds (str, _("\t\tExponent:\n")); + hexdump (str, e.data, e.size, "\t\t\t"); + + gnutls_free (m.data); + gnutls_free (e.data); + } + + } + break; +#if 0 /* not implemented yet */ + case GNUTLS_PK_DSA: + { + gnutls_datum_t p, q, g, y; + + err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y); + if (err < 0) + addf (str, "error: get_pk_dsa_raw: %s\n", + gnutls_strerror (err)); + else + { + addf (str, _("\t\tPublic key (bits %d):\n"), bits); + hexdump (str, y.data, y.size, "\t\t\t"); + addf (str, _("\t\tP:\n")); + hexdump (str, p.data, p.size, "\t\t\t"); + addf (str, _("\t\tQ:\n")); + hexdump (str, q.data, q.size, "\t\t\t"); + addf (str, _("\t\tG:\n")); + hexdump (str, g.data, g.size, "\t\t\t"); + + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + + } + } + break; #endif - default: - break; - } + default: + break; + } } } @@ -2023,121 +2023,121 @@ print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert) for (i = 0;; i++) { - char oid[MAX_OID_SIZE] = ""; - size_t sizeof_oid = sizeof (oid); - - err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid); - if (err < 0) - { - if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; - addf (str, "error: get_extension_info: %s\n", - gnutls_strerror (err)); - continue; - } - - if (i == 0) - adds (str, _("\tAttributes:\n")); - - if (strcmp (oid, "1.2.840.113549.1.9.14") == 0) - { - cert_type_t ccert; - - if (extensions) - { - addf (str, "error: more than one extensionsRequest\n"); - continue; - } - - ccert.crq = cert; - print_extensions (str, "\t", TYPE_CRQ, ccert); - - extensions++; - } - else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0) - { - char *pass; - size_t size; - - if (challenge) - { - adds (str, - "error: more than one Challenge password attribute\n"); - continue; - } - - err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size); - if (err < 0) - { - addf (str, "error: get_challenge_password: %s\n", - gnutls_strerror (err)); - continue; - } - - size++; - - pass = gnutls_malloc (size); - if (!pass) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - continue; - } - - err = gnutls_x509_crq_get_challenge_password (cert, pass, &size); - if (err < 0) - addf (str, "error: get_challenge_password: %s\n", - gnutls_strerror (err)); - else - addf (str, _("\t\tChallenge password: %s\n"), pass); - - gnutls_free (pass); - - challenge++; - } - else - { - char *buffer; - size_t extlen = 0; - - addf (str, _("\t\tUnknown attribute %s:\n"), oid); - - err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen); - if (err < 0) - { - addf (str, "error: get_attribute_data: %s\n", - gnutls_strerror (err)); - continue; - } - - buffer = gnutls_malloc (extlen); - if (!buffer) - { - addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); - continue; - } - - err = gnutls_x509_crq_get_attribute_data (cert, i, - buffer, &extlen); - if (err < 0) - { - gnutls_free (buffer); - addf (str, "error: get_attribute_data2: %s\n", - gnutls_strerror (err)); - continue; - } - - adds (str, _("\t\t\tASCII: ")); - asciiprint (str, buffer, extlen); - adds (str, "\n"); - - adds (str, _("\t\t\tHexdump: ")); - hexprint (str, buffer, extlen); - adds (str, "\n"); - - gnutls_free (buffer); - } + char oid[MAX_OID_SIZE] = ""; + size_t sizeof_oid = sizeof (oid); + + err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid); + if (err < 0) + { + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + addf (str, "error: get_extension_info: %s\n", + gnutls_strerror (err)); + continue; + } + + if (i == 0) + adds (str, _("\tAttributes:\n")); + + if (strcmp (oid, "1.2.840.113549.1.9.14") == 0) + { + cert_type_t ccert; + + if (extensions) + { + addf (str, "error: more than one extensionsRequest\n"); + continue; + } + + ccert.crq = cert; + print_extensions (str, "\t", TYPE_CRQ, ccert); + + extensions++; + } + else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0) + { + char *pass; + size_t size; + + if (challenge) + { + adds (str, + "error: more than one Challenge password attribute\n"); + continue; + } + + err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size); + if (err < 0) + { + addf (str, "error: get_challenge_password: %s\n", + gnutls_strerror (err)); + continue; + } + + size++; + + pass = gnutls_malloc (size); + if (!pass) + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + continue; + } + + err = gnutls_x509_crq_get_challenge_password (cert, pass, &size); + if (err < 0) + addf (str, "error: get_challenge_password: %s\n", + gnutls_strerror (err)); + else + addf (str, _("\t\tChallenge password: %s\n"), pass); + + gnutls_free (pass); + + challenge++; + } + else + { + char *buffer; + size_t extlen = 0; + + addf (str, _("\t\tUnknown attribute %s:\n"), oid); + + err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen); + if (err < 0) + { + addf (str, "error: get_attribute_data: %s\n", + gnutls_strerror (err)); + continue; + } + + buffer = gnutls_malloc (extlen); + if (!buffer) + { + addf (str, "error: malloc: %s\n", + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + continue; + } + + err = gnutls_x509_crq_get_attribute_data (cert, i, + buffer, &extlen); + if (err < 0) + { + gnutls_free (buffer); + addf (str, "error: get_attribute_data2: %s\n", + gnutls_strerror (err)); + continue; + } + + adds (str, _("\t\t\tASCII: ")); + asciiprint (str, buffer, extlen); + adds (str, "\n"); + + adds (str, _("\t\t\tHexdump: ")); + hexprint (str, buffer, extlen); + adds (str, "\n"); + + gnutls_free (buffer); + } } } } @@ -2160,7 +2160,7 @@ print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq) if (!buffer) { addf (str, "error: malloc: %s\n", - gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); + gnutls_strerror (GNUTLS_E_MEMORY_ERROR)); return; } @@ -2197,8 +2197,8 @@ print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq) **/ int gnutls_x509_crq_print (gnutls_x509_crq_t crq, - gnutls_certificate_print_formats_t format, - gnutls_datum_t * out) + gnutls_certificate_print_formats_t format, + gnutls_datum_t * out) { gnutls_buffer_st str; diff --git a/lib/x509/pbkdf2-sha1.c b/lib/x509/pbkdf2-sha1.c index 09143db532..2026ce26cd 100644 --- a/lib/x509/pbkdf2-sha1.c +++ b/lib/x509/pbkdf2-sha1.c @@ -53,8 +53,8 @@ int _gnutls_pbkdf2_sha1 (const char *P, size_t Plen, - const char *S, size_t Slen, - unsigned int c, char *DK, size_t dkLen) + const char *S, size_t Slen, + unsigned int c, char *DK, size_t dkLen) { unsigned int hLen = 20; char U[20]; @@ -164,29 +164,29 @@ _gnutls_pbkdf2_sha1 (const char *P, size_t Plen, memset (T, 0, hLen); for (u = 1; u <= c; u++) - { - if (u == 1) - { - tmp[Slen + 0] = (i & 0xff000000) >> 24; - tmp[Slen + 1] = (i & 0x00ff0000) >> 16; - tmp[Slen + 2] = (i & 0x0000ff00) >> 8; - tmp[Slen + 3] = (i & 0x000000ff) >> 0; - - rc = - _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U); - } - else - rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U); - - if (rc < 0) - { - gnutls_free (tmp); - return rc; - } - - for (k = 0; k < hLen; k++) - T[k] ^= U[k]; - } + { + if (u == 1) + { + tmp[Slen + 0] = (i & 0xff000000) >> 24; + tmp[Slen + 1] = (i & 0x00ff0000) >> 16; + tmp[Slen + 2] = (i & 0x0000ff00) >> 8; + tmp[Slen + 3] = (i & 0x000000ff) >> 0; + + rc = + _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U); + } + else + rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U); + + if (rc < 0) + { + gnutls_free (tmp); + return rc; + } + + for (k = 0; k < hLen; k++) + T[k] ^= U[k]; + } memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen); } diff --git a/lib/x509/pbkdf2-sha1.h b/lib/x509/pbkdf2-sha1.h index 5f47c7fee2..b5dbdfbe8c 100644 --- a/lib/x509/pbkdf2-sha1.h +++ b/lib/x509/pbkdf2-sha1.h @@ -1,3 +1,3 @@ int _gnutls_pbkdf2_sha1 (const char *P, size_t Plen, - const char *S, size_t Slen, - unsigned int c, char *DK, size_t dkLen); + const char *S, size_t Slen, + unsigned int c, char *DK, size_t dkLen); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index d173de45fd..32a8f4697a 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -46,7 +46,7 @@ */ static int _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, - gnutls_datum_t * raw) + gnutls_datum_t * raw) { char oid[MAX_OID_SIZE]; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -85,7 +85,7 @@ _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe", - &c2)) != ASN1_SUCCESS) + &c2)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -144,15 +144,15 @@ gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12) if (*pkcs12) { int result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-PFX", - &(*pkcs12)->pkcs12); + "PKIX1.pkcs-12-PFX", + &(*pkcs12)->pkcs12); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (*pkcs12); - return _gnutls_asn2err (result); - } - return 0; /* success */ + { + gnutls_assert (); + gnutls_free (*pkcs12); + return _gnutls_asn2err (result); + } + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -192,8 +192,8 @@ gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12) **/ int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -215,15 +215,15 @@ gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, opaque *out; result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size, - &out); + &out); if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } _data.data = out; _data.size = result; @@ -275,8 +275,8 @@ cleanup: **/ int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { if (pkcs12 == NULL) { @@ -285,7 +285,7 @@ gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, } return _gnutls_x509_export_int (pkcs12->pkcs12, format, PEM_PKCS12, - output_data, output_data_size); + output_data, output_data_size); } static int @@ -333,9 +333,9 @@ ucs2_to_ascii (char *data, int size) { j = 2 * i + 1; if (isascii (data[j])) - data[i] = data[i * 2 + 1]; + data[i] = data[i * 2 + 1]; else - data[i] = '?'; + data[i] = '?'; } data[i] = 0; @@ -347,7 +347,7 @@ ucs2_to_ascii (char *data, int size) */ int _pkcs12_decode_safe_contents (const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag) + gnutls_pkcs12_bag_t bag) { char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE]; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -362,7 +362,7 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents", - &c2)) != ASN1_SUCCESS) + &c2)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -397,21 +397,21 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, len = sizeof (oid); result = asn1_read_value (c2, root, oid, &len); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } /* Read the Bag type */ bag_type = oid2bag (oid); if (bag_type < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } /* Read the Bag Value */ @@ -420,26 +420,26 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, result = _gnutls_x509_read_value (c2, root, &bag->element[i].data, 0); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL - || bag_type == GNUTLS_BAG_SECRET) - { - gnutls_datum_t tmp = bag->element[i].data; + || bag_type == GNUTLS_BAG_SECRET) + { + gnutls_datum_t tmp = bag->element[i].data; - result = - _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + result = + _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } - _gnutls_free_datum (&tmp); - } + _gnutls_free_datum (&tmp); + } /* read the bag attributes */ @@ -447,77 +447,77 @@ _pkcs12_decode_safe_contents (const gnutls_datum_t * content, result = asn1_number_of_elements (c2, root, &attributes); if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } if (attributes < 0) - attributes = 1; + attributes = 1; if (result != ASN1_ELEMENT_NOT_FOUND) - for (j = 0; j < attributes; j++) - { - - snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1, - j + 1); - - result = - _gnutls_x509_decode_and_read_attribute (c2, root, oid, - sizeof (oid), &attr_val, - 1, 0); - - if (result < 0) - { - gnutls_assert (); - continue; /* continue in case we find some known attributes */ - } - - if (strcmp (oid, KEY_ID_OID) == 0) - { - size = attr_val.size; - - result = - _gnutls_x509_decode_octet_string (NULL, attr_val.data, size, - attr_val.data, &size); - attr_val.size = size; - if (result < 0) - { - _gnutls_free_datum (&attr_val); - gnutls_assert (); - _gnutls_x509_log - ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); - continue; - } - bag->element[i].local_key_id = attr_val; - } - else if (strcmp (oid, FRIENDLY_NAME_OID) == 0) - { - size = attr_val.size; - result = - _gnutls_x509_decode_octet_string ("BMPString", - attr_val.data, size, - attr_val.data, &size); - attr_val.size = size; - if (result < 0) - { - _gnutls_free_datum (&attr_val); - gnutls_assert (); - _gnutls_x509_log - ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); - continue; - } - bag->element[i].friendly_name = - ucs2_to_ascii (attr_val.data, attr_val.size); - } - else - { - _gnutls_free_datum (&attr_val); - _gnutls_x509_log - ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid); - } - } + for (j = 0; j < attributes; j++) + { + + snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1, + j + 1); + + result = + _gnutls_x509_decode_and_read_attribute (c2, root, oid, + sizeof (oid), &attr_val, + 1, 0); + + if (result < 0) + { + gnutls_assert (); + continue; /* continue in case we find some known attributes */ + } + + if (strcmp (oid, KEY_ID_OID) == 0) + { + size = attr_val.size; + + result = + _gnutls_x509_decode_octet_string (NULL, attr_val.data, size, + attr_val.data, &size); + attr_val.size = size; + if (result < 0) + { + _gnutls_free_datum (&attr_val); + gnutls_assert (); + _gnutls_x509_log + ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); + continue; + } + bag->element[i].local_key_id = attr_val; + } + else if (strcmp (oid, FRIENDLY_NAME_OID) == 0) + { + size = attr_val.size; + result = + _gnutls_x509_decode_octet_string ("BMPString", + attr_val.data, size, + attr_val.data, &size); + attr_val.size = size; + if (result < 0) + { + _gnutls_free_datum (&attr_val); + gnutls_assert (); + _gnutls_x509_log + ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); + continue; + } + bag->element[i].friendly_name = + ucs2_to_ascii (attr_val.data, attr_val.size); + } + else + { + _gnutls_free_datum (&attr_val); + _gnutls_x509_log + ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid); + } + } bag->element[i].type = bag_type; @@ -539,7 +539,7 @@ cleanup: static int _parse_safe_contents (ASN1_TYPE sc, const char *sc_name, - gnutls_pkcs12_bag_t bag) + gnutls_pkcs12_bag_t bag) { gnutls_datum_t content = { NULL, 0 }; int result; @@ -587,7 +587,7 @@ cleanup: **/ int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag) + int indx, gnutls_pkcs12_bag_t bag) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len; @@ -696,7 +696,7 @@ create_empty_pfx (ASN1_TYPE pkcs12) if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe", - &c2)) != ASN1_SUCCESS) + &c2)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -753,10 +753,10 @@ gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) { result = create_empty_pfx (pkcs12->pkcs12); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } /* Step 2. decode the authenticatedSafe. @@ -805,26 +805,26 @@ gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) /* Encrypted packets are written directly. */ result = - asn1_write_value (c2, "?LAST.content", - bag->element[0].data.data, - bag->element[0].data.size); + asn1_write_value (c2, "?LAST.content", + bag->element[0].data.data, + bag->element[0].data.size); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } } else { result = - _gnutls_x509_der_encode_and_copy (safe_cont, "", c2, - "?LAST.content", 1); + _gnutls_x509_der_encode_and_copy (safe_cont, "", c2, + "?LAST.content", 1); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } asn1_delete_structure (&safe_cont); @@ -835,7 +835,7 @@ gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) */ result = _gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12, - "authSafe.content", 1); + "authSafe.content", 1); if (result < 0) { gnutls_assert (); @@ -904,19 +904,19 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) if (iter > 1) { result = - _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations", - iter); + _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations", + iter); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } /* Generate the key. */ result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt), - iter, pass, sizeof (key), key); + iter, pass, sizeof (key), key); if (result < 0) { gnutls_assert (); @@ -949,7 +949,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) result = asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac, - sizeof (sha_mac)); + sizeof (sha_mac)); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -959,7 +959,7 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) result = asn1_write_value (pkcs12->pkcs12, - "macData.mac.digestAlgorithm.parameters", NULL, 0); + "macData.mac.digestAlgorithm.parameters", NULL, 0); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -969,8 +969,8 @@ gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) result = asn1_write_value (pkcs12->pkcs12, - "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1, - 1); + "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1, + 1); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1022,7 +1022,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) _gnutls_x509_read_uint (pkcs12->pkcs12, "macData.iterations", &iter); if (result < 0) { - iter = 1; /* the default */ + iter = 1; /* the default */ } @@ -1040,7 +1040,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) /* Generate the key. */ result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt.data, salt.size, - iter, pass, sizeof (key), key); + iter, pass, sizeof (key), key); if (result < 0) { gnutls_assert (); @@ -1075,7 +1075,7 @@ gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) len = sizeof (sha_mac_orig); result = asn1_read_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig, - &len); + &len); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1100,7 +1100,7 @@ cleanup: static int write_attributes (gnutls_pkcs12_bag_t bag, int elem, - ASN1_TYPE c2, const char *where) + ASN1_TYPE c2, const char *where) { int result; char root[128]; @@ -1115,10 +1115,10 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem, */ result = asn1_write_value (c2, where, NULL, 0); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } return 0; } @@ -1130,27 +1130,27 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem, */ result = asn1_write_value (c2, where, "NEW", 1); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } _gnutls_str_cpy (root, sizeof (root), where); _gnutls_str_cat (root, sizeof (root), ".?LAST"); result = - _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root, - bag-> - element[elem].local_key_id. - data, - bag-> - element[elem].local_key_id. - size, 1); + _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root, + bag-> + element[elem].local_key_id. + data, + bag-> + element[elem].local_key_id. + size, 1); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } if (bag->element[elem].friendly_name != NULL) @@ -1163,10 +1163,10 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem, */ result = asn1_write_value (c2, where, "NEW", 1); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } /* convert name to BMPString */ @@ -1174,33 +1174,33 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem, name = gnutls_malloc (size); if (name == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } p = bag->element[elem].friendly_name; for (i = 0; i < size; i += 2) - { - name[i] = 0; - name[i + 1] = *p; - p++; - } + { + name[i] = 0; + name[i + 1] = *p; + p++; + } _gnutls_str_cpy (root, sizeof (root), where); _gnutls_str_cat (root, sizeof (root), ".?LAST"); result = - _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2, - root, name, size, 1); + _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2, + root, name, size, 1); gnutls_free (name); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } return 0; @@ -1212,7 +1212,7 @@ write_attributes (gnutls_pkcs12_bag_t bag, int elem, */ int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, - int *enc) + int *enc) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; @@ -1222,7 +1222,7 @@ _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) { *enc = 1; - return 0; /* ENCRYPTED BAG, do nothing. */ + return 0; /* ENCRYPTED BAG, do nothing. */ } else if (enc) *enc = 0; @@ -1232,7 +1232,7 @@ _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents", - &c2)) != ASN1_SUCCESS) + &c2)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1244,79 +1244,79 @@ _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, oid = bag_to_oid (bag->element[i].type); if (oid == NULL) - { - gnutls_assert (); - continue; - } + { + gnutls_assert (); + continue; + } result = asn1_write_value (c2, "", "NEW", 1); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } /* Copy the bag type. */ result = asn1_write_value (c2, "?LAST.bagId", oid, 1); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } /* Set empty attributes */ result = write_attributes (bag, i, c2, "?LAST.bagAttributes"); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } /* Copy the Bag Value */ if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE || - bag->element[i].type == GNUTLS_BAG_SECRET || - bag->element[i].type == GNUTLS_BAG_CRL) - { - gnutls_datum_t tmp; + bag->element[i].type == GNUTLS_BAG_SECRET || + bag->element[i].type == GNUTLS_BAG_CRL) + { + gnutls_datum_t tmp; - /* in that case encode it to a CertBag or - * a CrlBag. - */ + /* in that case encode it to a CertBag or + * a CrlBag. + */ - result = - _pkcs12_encode_crt_bag (bag->element[i].type, - &bag->element[i].data, &tmp); + result = + _pkcs12_encode_crt_bag (bag->element[i].type, + &bag->element[i].data, &tmp); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } - result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0); + result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0); - _gnutls_free_datum (&tmp); + _gnutls_free_datum (&tmp); - } + } else - { + { - result = _gnutls_x509_write_value (c2, "?LAST.bagValue", - &bag->element[i].data, 0); - } + result = _gnutls_x509_write_value (c2, "?LAST.bagValue", + &bag->element[i].data, 0); + } if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index c48fdf5cff..3602b6f887 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -54,7 +54,7 @@ gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag) if (*bag) { - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -152,7 +152,7 @@ gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag) **/ int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * data) + gnutls_datum_t * data) { if (bag == NULL) { @@ -175,7 +175,7 @@ gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx, int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, gnutls_datum_t * out) + const gnutls_datum_t * in, gnutls_datum_t * out) { int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -184,80 +184,80 @@ _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, { case GNUTLS_BAG_CERTIFICATE: if ((ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-CertBag", - &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + "PKIX1.pkcs-12-CertBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = asn1_der_decoding (&c2, in->data, in->size, NULL); if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = _gnutls_x509_read_value (c2, "certValue", out, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } break; case GNUTLS_BAG_CRL: if ((ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-CRLBag", - &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + "PKIX1.pkcs-12-CRLBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = asn1_der_decoding (&c2, in->data, in->size, NULL); if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = _gnutls_x509_read_value (c2, "crlValue", out, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } break; case GNUTLS_BAG_SECRET: if ((ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-SecretBag", - &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + "PKIX1.pkcs-12-SecretBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = asn1_der_decoding (&c2, in->data, in->size, NULL); if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = _gnutls_x509_read_value (c2, "secretValue", out, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } break; default: @@ -280,7 +280,7 @@ cleanup: int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, gnutls_datum_t * out) + const gnutls_datum_t * raw, gnutls_datum_t * out) { int ret; ASN1_TYPE c2 = ASN1_TYPE_EMPTY; @@ -289,80 +289,80 @@ _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, { case GNUTLS_BAG_CERTIFICATE: if ((ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-CertBag", - &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + "PKIX1.pkcs-12-CertBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1); if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = _gnutls_x509_write_value (c2, "certValue", raw, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } break; case GNUTLS_BAG_CRL: if ((ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-CRLBag", - &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + "PKIX1.pkcs-12-CRLBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1); if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } break; case GNUTLS_BAG_SECRET: if ((ret = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-SecretBag", - &c2)) != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + "PKIX1.pkcs-12-SecretBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1); if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; + } ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } break; default: @@ -405,8 +405,8 @@ cleanup: **/ int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, - gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * data) + gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * data) { int ret; if (bag == NULL) @@ -429,17 +429,17 @@ gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, */ if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY || - bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || - bag->element[0].type == GNUTLS_BAG_ENCRYPTED) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || + bag->element[0].type == GNUTLS_BAG_ENCRYPTED) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } ret = _gnutls_set_datum (&bag->element[bag->bag_elements].data, - data->data, data->size); + data->data, data->size); if (ret < 0) { @@ -545,7 +545,7 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) **/ int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, - const gnutls_datum_t * id) + const gnutls_datum_t * id) { int ret; @@ -563,7 +563,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, } ret = _gnutls_set_datum (&bag->element[indx].local_key_id, - id->data, id->size); + id->data, id->size); if (ret < 0) { @@ -589,7 +589,7 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, **/ int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * id) + gnutls_datum_t * id) { if (bag == NULL) { @@ -624,7 +624,7 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, **/ int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, - char **name) + char **name) { if (bag == NULL) { @@ -660,7 +660,7 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, **/ int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx, - const char *name) + const char *name) { if (bag == NULL) { @@ -755,7 +755,7 @@ gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass) **/ int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, - unsigned int flags) + unsigned int flags) { int ret; ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c index bb6c4ca904..b4c83cf9a1 100644 --- a/lib/x509/pkcs12_encr.c +++ b/lib/x509/pkcs12_encr.c @@ -41,7 +41,7 @@ _pkcs12_check_pass (const char *pass, size_t plen) for (i = 0; i < plen; i++) { if (isascii (p[i])) - continue; + continue; return GNUTLS_E_INVALID_PASSWORD; } @@ -55,9 +55,9 @@ _pkcs12_check_pass (const char *pass, size_t plen) */ int _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt, - unsigned int salt_size, unsigned int iter, - const char *pw, unsigned int req_keylen, - opaque * keybuf) + unsigned int salt_size, unsigned int iter, + const char *pw, unsigned int req_keylen, + opaque * keybuf) { int rc; unsigned int i, j; @@ -68,7 +68,7 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt, opaque hash[20], buf_b[64], buf_i[128], *p; size_t cur_keylen; size_t n, m; - const opaque buf_512[] = /* 2^64 */ + const opaque buf_512[] = /* 2^64 */ { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -110,12 +110,12 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt, if (pw) { for (i = j = 0; i < 64; i += 2) - { - *p++ = 0; - *p++ = pw[j]; - if (++j > pwlen) /* Note, that we include the trailing zero */ - j = 0; - } + { + *p++ = 0; + *p++ = pw[j]; + if (++j > pwlen) /* Note, that we include the trailing zero */ + j = 0; + } } else memset (p, 0, 64); @@ -124,72 +124,72 @@ _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt, { rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1); if (rc < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } for (i = 0; i < 64; i++) - { - unsigned char lid = id & 0xFF; - _gnutls_hash (&md, &lid, 1); - } + { + unsigned char lid = id & 0xFF; + _gnutls_hash (&md, &lid, 1); + } _gnutls_hash (&md, buf_i, pw ? 128 : 64); _gnutls_hash_deinit (&md, hash); for (i = 1; i < iter; i++) - { - rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1); - if (rc < 0) - { - gnutls_assert (); - goto cleanup; - } - _gnutls_hash (&md, hash, 20); - _gnutls_hash_deinit (&md, hash); - } + { + rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1); + if (rc < 0) + { + gnutls_assert (); + goto cleanup; + } + _gnutls_hash (&md, hash, 20); + _gnutls_hash_deinit (&md, hash); + } for (i = 0; i < 20 && cur_keylen < req_keylen; i++) - keybuf[cur_keylen++] = hash[i]; + keybuf[cur_keylen++] = hash[i]; if (cur_keylen == req_keylen) - { - rc = 0; /* ready */ - goto cleanup; - } + { + rc = 0; /* ready */ + goto cleanup; + } /* need more bytes. */ for (i = 0; i < 64; i++) - buf_b[i] = hash[i % 20]; + buf_b[i] = hash[i % 20]; n = 64; rc = _gnutls_mpi_scan (&num_b1, buf_b, n); if (rc < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } _gnutls_mpi_add_ui (num_b1, num_b1, 1); for (i = 0; i < 128; i += 64) - { - n = 64; - rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n); - if (rc < 0) - { - gnutls_assert (); - goto cleanup; - } - _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512); - n = 64; + { + n = 64; + rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n); + if (rc < 0) + { + gnutls_assert (); + goto cleanup; + } + _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512); + n = 64; #ifndef PKCS12_BROKEN_KEYGEN - m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8; + m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8; #else - m = n; + m = n; #endif - memset (buf_i + i, 0, n - m); - rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n); - if (rc < 0) - { - gnutls_assert (); - goto cleanup; - } - _gnutls_mpi_release (&num_ij); - } + memset (buf_i + i, 0, n - m); + rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n); + if (rc < 0) + { + gnutls_assert (); + goto cleanup; + } + _gnutls_mpi_release (&num_ij); + } } cleanup: _gnutls_mpi_release (&num_ij); diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 59f94249aa..2e5b52a4bc 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -45,7 +45,7 @@ */ static int _decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata, - gnutls_datum_t * raw) + gnutls_datum_t * raw) { char oid[MAX_OID_SIZE]; ASN1_TYPE c2; @@ -157,15 +157,15 @@ gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7) if (*pkcs7) { int result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-7-ContentInfo", - &(*pkcs7)->pkcs7); + "PKIX1.pkcs-7-ContentInfo", + &(*pkcs7)->pkcs7); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (*pkcs7); - return _gnutls_asn2err (result); - } - return 0; /* success */ + { + gnutls_assert (); + gnutls_free (*pkcs7); + return _gnutls_asn2err (result); + } + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; } @@ -205,7 +205,7 @@ gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7) **/ int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -223,15 +223,15 @@ gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, opaque *out; result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size, - &out); + &out); if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } _data.data = out; _data.size = result; @@ -280,8 +280,8 @@ cleanup: **/ int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, - int indx, void *certificate, - size_t * certificate_size) + int indx, void *certificate, + size_t * certificate_size) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len; @@ -330,26 +330,26 @@ gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int start, end; result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, - root2, &start, &end); + root2, &start, &end); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } end = end - start + 1; if ((unsigned) end > *certificate_size) - { - *certificate_size = end; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; - } + { + *certificate_size = end; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; + } if (certificate) - memcpy (certificate, &tmp.data[start], end); + memcpy (certificate, &tmp.data[start], end); *certificate_size = end; @@ -405,7 +405,7 @@ gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7) if (result != ASN1_SUCCESS) { gnutls_assert (); - return 0; /* no certificates */ + return 0; /* no certificates */ } return count; @@ -434,14 +434,14 @@ gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7) **/ int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { if (pkcs7 == NULL) return GNUTLS_E_INVALID_REQUEST; return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7, - output_data, output_data_size); + output_data, output_data_size); } /* Creates an empty signed data structure in the pkcs7 @@ -457,7 +457,7 @@ create_empty_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata) if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData", - sdata)) != ASN1_SUCCESS) + sdata)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -480,7 +480,7 @@ create_empty_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata) /* id-data */ result = asn1_write_value (*sdata, "encapContentInfo.eContentType", - "1.2.840.113549.1.7.5", 1); + "1.2.840.113549.1.7.5", 1); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -562,10 +562,10 @@ gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) */ result = create_empty_signed_data (pkcs7->pkcs7, &c2); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } /* Step 2. Append the new certificate. @@ -589,7 +589,7 @@ gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) result = asn1_write_value (c2, "certificates.?LAST.certificate", crt->data, - crt->size); + crt->size); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -742,7 +742,7 @@ cleanup: **/ int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, - int indx, void *crl, size_t * crl_size) + int indx, void *crl, size_t * crl_size) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result; @@ -770,7 +770,7 @@ gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, /* Get the raw CRL */ result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, - root2, &start, &end); + root2, &start, &end); if (result != ASN1_SUCCESS) { @@ -839,7 +839,7 @@ gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7) if (result != ASN1_SUCCESS) { gnutls_assert (); - return 0; /* no crls */ + return 0; /* no crls */ } return count; @@ -884,10 +884,10 @@ gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) */ result = create_empty_signed_data (pkcs7->pkcs7, &c2); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } /* Step 2. Append the new crl. diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9636883fdf..7d3caa317e 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -56,7 +56,7 @@ gnutls_x509_privkey_init (gnutls_x509_privkey_t * key) { (*key)->key = ASN1_TYPE_EMPTY; (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; - return 0; /* success */ + return 0; /* success */ } return GNUTLS_E_MEMORY_ERROR; @@ -108,7 +108,7 @@ gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) { dst->params[i] = _gnutls_mpi_copy (src->params[i]); if (dst->params[i] == NULL) - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } dst->params_size = src->params_size; @@ -118,27 +118,27 @@ gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) if (!src->crippled) { switch (dst->pk_algorithm) - { - case GNUTLS_PK_DSA: - ret = _gnutls_asn1_encode_dsa (&dst->key, dst->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - break; - case GNUTLS_PK_RSA: - ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + { + case GNUTLS_PK_DSA: + ret = _gnutls_asn1_encode_dsa (&dst->key, dst->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_RSA: + ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } return 0; @@ -149,7 +149,7 @@ gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) */ ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, - gnutls_x509_privkey_t pkey) + gnutls_x509_privkey_t pkey) { int result; ASN1_TYPE pkey_asn; @@ -160,8 +160,8 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.RSAPrivateKey", - &pkey_asn)) != ASN1_SUCCESS) + "GNUTLS.RSAPrivateKey", + &pkey_asn)) != ASN1_SUCCESS) { gnutls_assert (); return NULL; @@ -175,7 +175,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, } if ((result = _gnutls_x509_read_int (pkey_asn, "modulus", - &pk_params.params[0])) < 0) + &pk_params.params[0])) < 0) { gnutls_assert (); goto error; @@ -183,7 +183,7 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, if ((result = _gnutls_x509_read_int (pkey_asn, "publicExponent", - &pk_params.params[1])) < 0) + &pk_params.params[1])) < 0) { gnutls_assert (); goto error; @@ -191,42 +191,42 @@ _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, if ((result = _gnutls_x509_read_int (pkey_asn, "privateExponent", - &pk_params.params[2])) < 0) + &pk_params.params[2])) < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_int (pkey_asn, "prime1", - &pk_params.params[3])) < 0) + &pk_params.params[3])) < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_int (pkey_asn, "prime2", - &pk_params.params[4])) < 0) + &pk_params.params[4])) < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient", - &pk_params.params[5])) < 0) + &pk_params.params[5])) < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1", - &pk_params.params[6])) < 0) + &pk_params.params[6])) < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2", - &pk_params.params[7])) < 0) + &pk_params.params[7])) < 0) { gnutls_assert (); goto error; @@ -267,8 +267,8 @@ decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.DSAPrivateKey", - &dsa_asn)) != ASN1_SUCCESS) + "GNUTLS.DSAPrivateKey", + &dsa_asn)) != ASN1_SUCCESS) { gnutls_assert (); return NULL; @@ -306,7 +306,7 @@ decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) } if ((result = _gnutls_x509_read_int (dsa_asn, "priv", - &pkey->params[4])) < 0) + &pkey->params[4])) < 0) { gnutls_assert (); goto error; @@ -348,8 +348,8 @@ error: **/ int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -373,28 +373,28 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, /* Try the first header */ result = - _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); if (result >= 0) - key->pk_algorithm = GNUTLS_PK_RSA; + key->pk_algorithm = GNUTLS_PK_RSA; if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) - { - /* try for the second header */ - result = - _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size, - &out); - if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - - goto failover; - } - - key->pk_algorithm = GNUTLS_PK_DSA; - } + { + /* try for the second header */ + result = + _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size, + &out); + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + + goto failover; + } + + key->pk_algorithm = GNUTLS_PK_DSA; + } _data.data = out; _data.size = result; @@ -406,13 +406,13 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, { key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); if (key->key == NULL) - gnutls_assert (); + gnutls_assert (); } else if (key->pk_algorithm == GNUTLS_PK_DSA) { key->key = decode_dsa_key (&_data, key); if (key->key == NULL) - gnutls_assert (); + gnutls_assert (); } else { @@ -423,12 +423,12 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); if (key->key == NULL) - { - key->pk_algorithm = GNUTLS_PK_DSA; - key->key = decode_dsa_key (&_data, key); - if (key->key == NULL) - gnutls_assert (); - } + { + key->pk_algorithm = GNUTLS_PK_DSA; + key->key = decode_dsa_key (&_data, key); + if (key->key == NULL) + gnutls_assert (); + } } if (key->key == NULL) @@ -453,7 +453,7 @@ failover: { _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n"); result = gnutls_x509_privkey_import_pkcs8 (key, data, format, - NULL, GNUTLS_PKCS_PLAIN); + NULL, GNUTLS_PKCS_PLAIN); } #endif @@ -487,15 +487,15 @@ failover: **/ int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u) + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u) { return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL, - NULL); + NULL); } /** @@ -517,14 +517,14 @@ gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e, - const gnutls_datum_t * d, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * u, - const gnutls_datum_t * e1, - const gnutls_datum_t * e2) + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u, + const gnutls_datum_t * e1, + const gnutls_datum_t * e2) { int i = 0, ret; size_t siz = 0; @@ -598,20 +598,20 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, { siz = e1->size; if (_gnutls_mpi_scan_nz (&key->params[6], e1->data, siz)) - { - gnutls_assert (); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } key->params_size++; siz = e2->size; if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz)) - { - gnutls_assert (); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } key->params_size++; } @@ -640,11 +640,11 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, { ret = _gnutls_asn1_encode_rsa (&key->key, key->params); if (ret < 0) - { - gnutls_assert (); - FREE_RSA_PRIVATE_PARAMS; - return ret; - } + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return ret; + } } key->params_size = RSA_PRIVATE_PARAMS; @@ -672,11 +672,11 @@ gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y, - const gnutls_datum_t * x) + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x) { int i = 0, ret; size_t siz = 0; @@ -731,11 +731,11 @@ gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, { ret = _gnutls_asn1_encode_dsa (&key->key, key->params); if (ret < 0) - { - gnutls_assert (); - FREE_DSA_PRIVATE_PARAMS; - return ret; - } + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return ret; + } } key->params_size = DSA_PRIVATE_PARAMS; @@ -792,8 +792,8 @@ gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key) **/ int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { const char *msg; int ret; @@ -812,34 +812,34 @@ gnutls_x509_privkey_export (gnutls_x509_privkey_t key, msg = NULL; if (key->crippled) - { /* encode the parameters on the fly. - */ + { /* encode the parameters on the fly. + */ switch (key->pk_algorithm) - { - case GNUTLS_PK_DSA: - ret = _gnutls_asn1_encode_dsa (&key->key, key->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - break; - case GNUTLS_PK_RSA: - ret = _gnutls_asn1_encode_rsa (&key->key, key->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + { + case GNUTLS_PK_DSA: + ret = _gnutls_asn1_encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_RSA: + ret = _gnutls_asn1_encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } } return _gnutls_x509_export_int (key->key, format, msg, - output_data, output_data_size); + output_data, output_data_size); } /** @@ -860,12 +860,12 @@ gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key) switch (key->pk_algorithm) { case GNUTLS_PK_RSA: - ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */ - )); + ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */ + )); break; case GNUTLS_PK_DSA: - ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */ - )); + ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */ + )); break; default: ret = GNUTLS_SEC_PARAM_UNKNOWN; @@ -893,13 +893,13 @@ gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key) **/ int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u) { return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL, - NULL); + NULL); } /** @@ -923,10 +923,10 @@ gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t * e1, gnutls_datum_t * e2) + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u, + gnutls_datum_t * e1, gnutls_datum_t * e2) { int ret; gnutls_pk_params_st pk_params; @@ -1008,10 +1008,10 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, { ret = _gnutls_mpi_dprint_lz (key->params[6], e1); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } /* E2 */ @@ -1019,10 +1019,10 @@ gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, { ret = _gnutls_mpi_dprint_lz (key->params[7], e2); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } gnutls_pk_params_release (&pk_params); @@ -1058,9 +1058,9 @@ error: **/ int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, - gnutls_datum_t * x) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * x) { int ret; @@ -1241,7 +1241,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) /* Write PRIME */ if ((result = asn1_write_value (*c2, "modulus", - m.data, m.size)) != ASN1_SUCCESS) + m.data, m.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1249,7 +1249,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "publicExponent", - e.data, e.size)) != ASN1_SUCCESS) + e.data, e.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1257,7 +1257,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "privateExponent", - d.data, d.size)) != ASN1_SUCCESS) + d.data, d.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1265,7 +1265,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "prime1", - p.data, p.size)) != ASN1_SUCCESS) + p.data, p.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1273,7 +1273,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "prime2", - q.data, q.size)) != ASN1_SUCCESS) + q.data, q.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1281,7 +1281,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "coefficient", - u.data, u.size)) != ASN1_SUCCESS) + u.data, u.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1290,7 +1290,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "exponent1", - exp1.data, exp1.size)) != ASN1_SUCCESS) + exp1.data, exp1.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1298,7 +1298,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "exponent2", - exp2.data, exp2.size)) != ASN1_SUCCESS) + exp2.data, exp2.size)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1306,7 +1306,7 @@ _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "otherPrimeInfos", - NULL, 0)) != ASN1_SUCCESS) + NULL, 0)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1437,7 +1437,7 @@ _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params) } if ((result = asn1_write_value (*c2, "priv", - x_data, size[4])) != ASN1_SUCCESS) + x_data, size[4])) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1480,8 +1480,8 @@ cleanup: **/ int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, unsigned int bits, - unsigned int flags) + gnutls_pk_algorithm_t algo, unsigned int bits, + unsigned int flags) { int ret; unsigned int params_len = MAX_PRIV_PARAMS_SIZE; @@ -1498,26 +1498,26 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, case GNUTLS_PK_DSA: ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits); if (params_len != DSA_PRIVATE_PARAMS) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + } if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (!key->crippled) - { - ret = _gnutls_asn1_encode_dsa (&key->key, key->params); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } + { + ret = _gnutls_asn1_encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + } key->params_size = params_len; key->pk_algorithm = GNUTLS_PK_DSA; @@ -1525,25 +1525,25 @@ gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, case GNUTLS_PK_RSA: ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits); if (params_len != RSA_PRIVATE_PARAMS) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - } + { + gnutls_assert (); + ret = GNUTLS_E_INTERNAL_ERROR; + } if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (!key->crippled) - { - ret = _gnutls_asn1_encode_rsa (&key->key, key->params); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } + { + ret = _gnutls_asn1_encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + } key->params_size = params_len; key->pk_algorithm = GNUTLS_PK_RSA; @@ -1587,9 +1587,9 @@ cleanup: **/ int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { int result; digest_hd_st hd; @@ -1611,23 +1611,23 @@ gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, if (key->pk_algorithm == GNUTLS_PK_RSA) { result = - _gnutls_x509_write_rsa_params (key->params, key->params_size, &der); + _gnutls_x509_write_rsa_params (key->params, key->params_size, &der); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else if (key->pk_algorithm == GNUTLS_PK_DSA) { result = - _gnutls_x509_write_dsa_public_key (key->params, - key->params_size, &der); + _gnutls_x509_write_dsa_public_key (key->params, + key->params_size, &der); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else return GNUTLS_E_INTERNAL_ERROR; @@ -1681,22 +1681,24 @@ cleanup: **/ int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer, - gnutls_digest_algorithm_t hash, - unsigned int flags, - const gnutls_datum_t * data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash, + unsigned int flags, + const gnutls_datum_t * data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - ret = pk_hash_data(signer->pk_algorithm, hash, signer->params, data, &digest); + ret = + pk_hash_data (signer->pk_algorithm, hash, signer->params, data, &digest); if (ret < 0) { - gnutls_assert(); + gnutls_assert (); return ret; } - ret = gnutls_x509_privkey_sign_hash2(signer, hash, flags, &digest, signature); + ret = + gnutls_x509_privkey_sign_hash2 (signer, hash, flags, &digest, signature); if (ret < 0) { gnutls_assert (); @@ -1726,8 +1728,8 @@ cleanup: -*/ int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, - const gnutls_datum_t * hash, - gnutls_datum_t * signature) + const gnutls_datum_t * hash, + gnutls_datum_t * signature) { int result; @@ -1738,7 +1740,7 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, } result = _gnutls_soft_sign (key->pk_algorithm, key->params, - key->params_size, hash, signature); + key->params_size, hash, signature); if (result < 0) { gnutls_assert (); @@ -1772,22 +1774,22 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer, - gnutls_digest_algorithm_t hash_algo, - unsigned int flags, - const gnutls_datum_t * hash_data, - gnutls_datum_t * signature) + gnutls_digest_algorithm_t hash_algo, + unsigned int flags, + const gnutls_datum_t * hash_data, + gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; - digest.data = gnutls_malloc(hash_data->size); + digest.data = gnutls_malloc (hash_data->size); if (digest.data == NULL) { - gnutls_assert(); + gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; } digest.size = hash_data->size; - memcpy(digest.data, hash_data->data, digest.size); + memcpy (digest.data, hash_data->data, digest.size); ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest); if (ret < 0) @@ -1797,7 +1799,7 @@ gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer, } ret = _gnutls_soft_sign (signer->pk_algorithm, signer->params, - signer->params_size, &digest, signature); + signer->params_size, &digest, signature); if (ret < 0) { @@ -1808,7 +1810,7 @@ gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer, ret = 0; cleanup: - _gnutls_free_datum(&digest); + _gnutls_free_datum (&digest); return ret; } @@ -1840,10 +1842,10 @@ cleanup: **/ int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, size_t * signature_size) + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, size_t * signature_size) { int result; gnutls_datum_t sig = { NULL, 0 }; @@ -1892,9 +1894,9 @@ gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, **/ int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { int result; @@ -1942,18 +1944,18 @@ gnutls_x509_privkey_fix (gnutls_x509_privkey_t key) case GNUTLS_PK_DSA: ret = _gnutls_asn1_encode_dsa (&key->key, key->params); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; case GNUTLS_PK_RSA: ret = _gnutls_asn1_encode_rsa (&key->key, key->params); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } break; default: gnutls_assert (); diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 989c7346d7..a06520502f 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -69,34 +69,34 @@ struct pbe_enc_params }; static int generate_key (schema_id schema, const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, - gnutls_datum_t * key); + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, + gnutls_datum_t * key); static int read_pbkdf2_params (ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, - struct pbkdf2_params *params); + const gnutls_datum_t * der, + struct pbkdf2_params *params); static int read_pbe_enc_params (ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, - struct pbe_enc_params *params); + const gnutls_datum_t * der, + struct pbe_enc_params *params); static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root, - const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * decrypted_data); + const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * decrypted_data); static int decode_private_key_info (const gnutls_datum_t * der, - gnutls_x509_privkey_t pkey); + gnutls_x509_privkey_t pkey); static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params); + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params); static int encrypt_data (const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * key, gnutls_datum_t * encrypted); + const struct pbe_enc_params *enc_params, + gnutls_datum_t * key, gnutls_datum_t * encrypted); static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, - struct pbkdf2_params *params); + struct pbkdf2_params *params); static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, - const struct pbkdf2_params *params); + const struct pbkdf2_params *params); #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY" @@ -109,7 +109,7 @@ check_schema (const char *oid) { if (strcmp (oid, PBES2_OID) == 0) - return PBES2_GENERIC; /* ok */ + return PBES2_GENERIC; /* ok */ if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0) return PKCS12_3DES_SHA1; @@ -141,29 +141,29 @@ _encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) { case GNUTLS_PK_RSA: ret = - gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); + gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } data = gnutls_malloc (size); if (data == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; + } ret = - gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size); + gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } raw->data = data; raw->size = size; @@ -171,25 +171,25 @@ _encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) case GNUTLS_PK_DSA: /* DSAPublicKey == INTEGER */ if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk)) - != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (ret); - } + (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (ret); + } ret = _gnutls_x509_write_int (spk, "", pkey->params[4], 1); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } ret = _gnutls_x509_der_encode (spk, "", raw, 0); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } asn1_delete_structure (&spk); break; @@ -215,7 +215,7 @@ error: */ static int encode_to_private_key_info (gnutls_x509_privkey_t pkey, - gnutls_datum_t * der, ASN1_TYPE * pkey_info) + gnutls_datum_t * der, ASN1_TYPE * pkey_info) { int result, len; opaque null = 0; @@ -240,19 +240,19 @@ encode_to_private_key_info (gnutls_x509_privkey_t pkey, { oid = PK_DSA_OID; result = - _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size, - &algo_params); + _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size, + &algo_params); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-8-PrivateKeyInfo", - pkey_info)) != ASN1_SUCCESS) + "PKIX1.pkcs-8-PrivateKeyInfo", + pkey_info)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -283,7 +283,7 @@ encode_to_private_key_info (gnutls_x509_privkey_t pkey, result = asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters", - algo_params.data, algo_params.size); + algo_params.data, algo_params.size); _gnutls_free_datum (&algo_params); if (result != ASN1_SUCCESS) { @@ -304,7 +304,7 @@ encode_to_private_key_info (gnutls_x509_privkey_t pkey, result = asn1_write_value (*pkey_info, "privateKey", algo_privkey.data, - algo_privkey.size); + algo_privkey.size); _gnutls_free_datum (&algo_privkey); if (result != ASN1_SUCCESS) @@ -370,22 +370,22 @@ cipher_to_pkcs_params (int cipher, const char **oid) { case GNUTLS_CIPHER_AES_128_CBC: if (oid) - *oid = AES_128_CBC_OID; + *oid = AES_128_CBC_OID; return "PKIX1.pkcs-5-aes128-CBC-params"; break; case GNUTLS_CIPHER_AES_192_CBC: if (oid) - *oid = AES_192_CBC_OID; + *oid = AES_192_CBC_OID; return "PKIX1.pkcs-5-aes192-CBC-params"; break; case GNUTLS_CIPHER_AES_256_CBC: if (oid) - *oid = AES_256_CBC_OID; + *oid = AES_256_CBC_OID; return "PKIX1.pkcs-5-aes256-CBC-params"; break; case GNUTLS_CIPHER_3DES_CBC: if (oid) - *oid = DES_EDE3_CBC_OID; + *oid = DES_EDE3_CBC_OID; return "PKIX1.pkcs-5-des-EDE3-CBC-params"; break; default: @@ -439,8 +439,8 @@ _gnutls_pkcs_flags_to_schema (unsigned int flags) { gnutls_assert (); _gnutls_x509_log - ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", - flags); + ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", + flags); schema = PKCS12_3DES_SHA1; } @@ -484,7 +484,7 @@ schema_to_oid (schema_id schema, const char **str_oid) */ static int encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, - const char *password, ASN1_TYPE * out) + const char *password, ASN1_TYPE * out) { int result; gnutls_datum_t key = { NULL, 0 }; @@ -497,8 +497,8 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -536,8 +536,8 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, result = write_schema_params (schema, pkcs8_asn, - "encryptionAlgorithm.parameters", &kdf_params, - &enc_params); + "encryptionAlgorithm.parameters", &kdf_params, + &enc_params); if (result < 0) { gnutls_assert (); @@ -610,11 +610,11 @@ error: **/ int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size) { ASN1_TYPE pkcs8_asn, pkey_info; int ret; @@ -644,28 +644,28 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, _gnutls_free_datum (&tmp); ret = - _gnutls_x509_export_int (pkey_info, format, - PEM_UNENCRYPTED_PKCS8, - output_data, output_data_size); + _gnutls_x509_export_int (pkey_info, format, + PEM_UNENCRYPTED_PKCS8, + output_data, output_data_size); asn1_delete_structure (&pkey_info); } else { - asn1_delete_structure (&pkey_info); /* we don't need it */ + asn1_delete_structure (&pkey_info); /* we don't need it */ ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); _gnutls_free_datum (&tmp); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = - _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8, - output_data, output_data_size); + _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8, + output_data, output_data_size); asn1_delete_structure (&pkcs8_asn); } @@ -679,9 +679,9 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, */ static int read_pkcs_schema_params (schema_id * schema, const char *password, - const opaque * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params) + const opaque * data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params) { ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; int result; @@ -696,52 +696,52 @@ read_pkcs_schema_params (schema_id * schema, const char *password, * functions. */ if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-5-PBES2-params", - &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-PBES2-params", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } /* Decode the parameters. */ result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } tmp.data = (opaque *) data; tmp.size = data_size; result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params); if (result < 0) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params); if (result < 0) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } asn1_delete_structure (&pbes2_asn); result = cipher_to_schema (enc_params->cipher); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } *schema = result; return 0; @@ -751,63 +751,63 @@ read_pkcs_schema_params (schema_id * schema, const char *password, case PKCS12_RC2_40_SHA1: if ((*schema) == PKCS12_3DES_SHA1) - { - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - enc_params->iv_size = 8; - } + { + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + enc_params->iv_size = 8; + } else if ((*schema) == PKCS12_ARCFOUR_SHA1) - { - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; - enc_params->iv_size = 0; - } + { + enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + enc_params->iv_size = 0; + } else if ((*schema) == PKCS12_RC2_40_SHA1) - { - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; - enc_params->iv_size = 8; - } + { + enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + enc_params->iv_size = 8; + } if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-PbeParams", - &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-PbeParams", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } /* Decode the parameters. */ result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } result = read_pkcs12_kdf_params (pbes2_asn, kdf_params); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } if (enc_params->iv_size) - { - result = - _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - enc_params->iv_size, - enc_params->iv); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - } + { + result = + _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + enc_params->iv_size, + enc_params->iv); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + } asn1_delete_structure (&pbes2_asn); @@ -815,7 +815,7 @@ read_pkcs_schema_params (schema_id * schema, const char *password, default: gnutls_assert (); - } /* switch */ + } /* switch */ return GNUTLS_E_UNKNOWN_CIPHER_TYPE; @@ -831,7 +831,7 @@ error: */ static int decode_pkcs8_key (const gnutls_datum_t * raw_key, - const char *password, gnutls_x509_privkey_t pkey) + const char *password, gnutls_x509_privkey_t pkey) { int result, len; char enc_oid[64]; @@ -844,8 +844,8 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -865,7 +865,7 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, len = sizeof (enc_oid); result = asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - enc_oid, &len); + enc_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -884,9 +884,9 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, */ result = asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data, - raw_key->size, - "encryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); + raw_key->size, + "encryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -897,8 +897,8 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, result = read_pkcs_schema_params (&schema, password, - &raw_key->data[params_start], - params_len, &kdf_params, &enc_params); + &raw_key->data[params_start], + params_len, &kdf_params, &enc_params); if (result < 0) { @@ -911,7 +911,7 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, */ result = decrypt_data (schema, pkcs8_asn, "encryptedData", password, - &kdf_params, &enc_params, &tmp); + &kdf_params, &enc_params, &tmp); if (result < 0) { gnutls_assert (); @@ -930,19 +930,19 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key, * Sadly like 90% of random data is somehow valid DER for the * a first small number of bytes, so no easy way to guarantee. */ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || - result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND || - result == GNUTLS_E_ASN1_DER_ERROR || - result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || - result == GNUTLS_E_ASN1_GENERIC_ERROR || - result == GNUTLS_E_ASN1_VALUE_NOT_VALID || - result == GNUTLS_E_ASN1_TAG_ERROR || - result == GNUTLS_E_ASN1_TAG_IMPLICIT || - result == GNUTLS_E_ASN1_TYPE_ANY_ERROR || - result == GNUTLS_E_ASN1_SYNTAX_ERROR || - result == GNUTLS_E_ASN1_DER_OVERFLOW) - { - result = GNUTLS_E_DECRYPTION_FAILED; - } + result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND || + result == GNUTLS_E_ASN1_DER_ERROR || + result == GNUTLS_E_ASN1_VALUE_NOT_FOUND || + result == GNUTLS_E_ASN1_GENERIC_ERROR || + result == GNUTLS_E_ASN1_VALUE_NOT_VALID || + result == GNUTLS_E_ASN1_TAG_ERROR || + result == GNUTLS_E_ASN1_TAG_IMPLICIT || + result == GNUTLS_E_ASN1_TYPE_ANY_ERROR || + result == GNUTLS_E_ASN1_SYNTAX_ERROR || + result == GNUTLS_E_ASN1_DER_OVERFLOW) + { + result = GNUTLS_E_DECRYPTION_FAILED; + } gnutls_assert (); goto error; @@ -1012,7 +1012,7 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey) ret = _gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters", - &tmp, 0); + &tmp, 0); if (ret < 0) { gnutls_assert (); @@ -1036,16 +1036,16 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey) } _gnutls_mpi_powm (pkey->params[3], pkey->params[2], pkey->params[4], - pkey->params[0]); + pkey->params[0]); if (!pkey->crippled) { ret = _gnutls_asn1_encode_dsa (&pkey->key, pkey->params); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } pkey->params_size = DSA_PRIVATE_PARAMS; @@ -1060,7 +1060,7 @@ error: static int decode_private_key_info (const gnutls_datum_t * der, - gnutls_x509_privkey_t pkey) + gnutls_x509_privkey_t pkey) { int result, len; opaque oid[64]; @@ -1069,8 +1069,8 @@ decode_private_key_info (const gnutls_datum_t * der, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-8-PrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-8-PrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -1107,7 +1107,7 @@ decode_private_key_info (const gnutls_datum_t * der, { gnutls_assert (); _gnutls_x509_log - ("PKCS #8 private key OID '%s' is unsupported.\n", oid); + ("PKCS #8 private key OID '%s' is unsupported.\n", oid); result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; goto error; } @@ -1162,9 +1162,9 @@ error: **/ int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *password, unsigned int flags) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, unsigned int flags) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -1189,25 +1189,25 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, /* Try the first header */ result = - _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8, - data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8, + data->data, data->size, &out); if (result < 0) - { /* Try the encrypted header - */ - result = - _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out); - - if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } - } + { /* Try the encrypted header + */ + result = + _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } + } else if (flags == 0) - flags |= GNUTLS_PKCS_PLAIN; + flags |= GNUTLS_PKCS_PLAIN; _data.data = out; _data.size = result; @@ -1220,7 +1220,7 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, result = decode_private_key_info (&_data, key); } else - { /* encrypted. */ + { /* encrypted. */ result = decode_pkcs8_key (&_data, password, key); } @@ -1249,7 +1249,7 @@ cleanup: */ static int read_pbkdf2_params (ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, struct pbkdf2_params *params) + const gnutls_datum_t * der, struct pbkdf2_params *params) { int params_start, params_end; int params_len, len, result; @@ -1274,14 +1274,14 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn, { gnutls_assert (); _gnutls_x509_log - ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); + ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); return _gnutls_asn2err (result); } result = asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, - "keyDerivationFunc.parameters", - ¶ms_start, ¶ms_end); + "keyDerivationFunc.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1294,8 +1294,8 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn, */ if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-5-PBKDF2-params", - &pbkdf2_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-5-PBKDF2-params", + &pbkdf2_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1303,7 +1303,7 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn, result = asn1_der_decoding (&pbkdf2_asn, &der->data[params_start], - params_len, NULL); + params_len, NULL); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1315,7 +1315,7 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn, params->salt_size = sizeof (params->salt); result = asn1_read_value (pbkdf2_asn, "salt.specified", params->salt, - ¶ms->salt_size); + ¶ms->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1328,7 +1328,7 @@ read_pbkdf2_params (ASN1_TYPE pbes2_asn, */ result = _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount", - ¶ms->iter_count); + ¶ms->iter_count); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1402,7 +1402,7 @@ error: */ static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, - const struct pbkdf2_params *kdf_params) + const struct pbkdf2_params *kdf_params) { int result; @@ -1410,7 +1410,7 @@ write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, */ result = asn1_write_value (pbes2_asn, "salt", - kdf_params->salt, kdf_params->salt_size); + kdf_params->salt, kdf_params->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1423,7 +1423,7 @@ write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, */ result = _gnutls_x509_write_uint32 (pbes2_asn, "iterations", - kdf_params->iter_count); + kdf_params->iter_count); if (result < 0) { gnutls_assert (); @@ -1481,8 +1481,8 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) static int read_pbe_enc_params (ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, - struct pbe_enc_params *params) + const gnutls_datum_t * der, + struct pbe_enc_params *params) { int params_start, params_end; int params_len, len, result; @@ -1512,8 +1512,8 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn, result = asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, - "encryptionScheme.parameters", - ¶ms_start, ¶ms_end); + "encryptionScheme.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1532,7 +1532,7 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn, if ((result = asn1_create_element (_gnutls_get_pkix (), - eparams, &pbe_asn)) != ASN1_SUCCESS) + eparams, &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1568,10 +1568,10 @@ error: static int decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, - const char *root, const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * decrypted_data) + const char *root, const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * decrypted_data) { int result; int data_size; @@ -1629,27 +1629,27 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, case PBES2_AES_256: result = _gnutls_pbkdf2_sha1 (password, strlen (password), - kdf_params->salt, kdf_params->salt_size, - kdf_params->iter_count, key, key_size); + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, key, key_size); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } break; default: result = - _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - key_size, key); + _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + key_size, key); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } } /* do the decryption. @@ -1703,7 +1703,7 @@ error: */ static int write_pbkdf2_params (ASN1_TYPE pbes2_asn, - const struct pbkdf2_params *kdf_params) + const struct pbkdf2_params *kdf_params) { int result; ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; @@ -1713,7 +1713,7 @@ write_pbkdf2_params (ASN1_TYPE pbes2_asn, */ result = asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm", - PBKDF2_OID, 1); + PBKDF2_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1725,8 +1725,8 @@ write_pbkdf2_params (ASN1_TYPE pbes2_asn, */ if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-5-PBKDF2-params", - &pbkdf2_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-5-PBKDF2-params", + &pbkdf2_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1744,7 +1744,7 @@ write_pbkdf2_params (ASN1_TYPE pbes2_asn, */ result = asn1_write_value (pbkdf2_asn, "salt.specified", - kdf_params->salt, kdf_params->salt_size); + kdf_params->salt, kdf_params->salt_size); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -1790,9 +1790,9 @@ write_pbkdf2_params (ASN1_TYPE pbes2_asn, * in the keyDerivationFunc.parameters */ result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "", - pbes2_asn, - "keyDerivationFunc.parameters", - 0); + pbes2_asn, + "keyDerivationFunc.parameters", + 0); if (result < 0) { gnutls_assert (); @@ -1810,7 +1810,7 @@ error: static int write_pbe_enc_params (ASN1_TYPE pbes2_asn, - const struct pbe_enc_params *params) + const struct pbe_enc_params *params) { int result; ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; @@ -1837,7 +1837,7 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn, */ if ((result = asn1_create_element (_gnutls_get_pkix (), - eparams, &pbe_asn)) != ASN1_SUCCESS) + eparams, &pbe_asn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1857,9 +1857,9 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn, * in the encryptionScheme.parameters */ result = _gnutls_x509_der_encode_and_copy (pbe_asn, "", - pbes2_asn, - "encryptionScheme.parameters", - 0); + pbes2_asn, + "encryptionScheme.parameters", + 0); if (result < 0) { gnutls_assert (); @@ -1878,9 +1878,9 @@ error: */ static int generate_key (schema_id schema, - const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, gnutls_datum_t * key) + const char *password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, gnutls_datum_t * key) { opaque rnd[2]; int ret; @@ -1929,7 +1929,7 @@ generate_key (schema_id schema, } ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt, - kdf_params->salt_size); + kdf_params->salt_size); if (ret < 0) { gnutls_assert (); @@ -1959,55 +1959,55 @@ generate_key (schema_id schema, case PBES2_AES_256: ret = _gnutls_pbkdf2_sha1 (password, strlen (password), - kdf_params->salt, kdf_params->salt_size, - kdf_params->iter_count, - key->data, kdf_params->key_size); + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, + key->data, kdf_params->key_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } if (enc_params->iv_size) - { - ret = _gnutls_rnd (GNUTLS_RND_NONCE, - enc_params->iv, enc_params->iv_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + ret = _gnutls_rnd (GNUTLS_RND_NONCE, + enc_params->iv, enc_params->iv_size); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } break; default: ret = - _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - kdf_params->key_size, key->data); + _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + kdf_params->key_size, key->data); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* Now generate the IV */ if (enc_params->iv_size) - { - ret = - _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - enc_params->iv_size, - enc_params->iv); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - } + { + ret = + _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + enc_params->iv_size, + enc_params->iv); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + } } @@ -2020,9 +2020,9 @@ generate_key (schema_id schema, */ static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params) + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params) { int result; ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; @@ -2034,35 +2034,35 @@ write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, case PBES2_AES_192: case PBES2_AES_256: if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-5-PBES2-params", - &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-PBES2-params", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } result = write_pbkdf2_params (pbes2_asn, kdf_params); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } result = write_pbe_enc_params (pbes2_asn, enc_params); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", - pkcs8_asn, where, 0); + pkcs8_asn, where, 0); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } asn1_delete_structure (&pbes2_asn); break; @@ -2070,29 +2070,29 @@ write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, default: if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-12-PbeParams", - &pbes2_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto error; - } + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-PbeParams", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", - pkcs8_asn, where, 0); + pkcs8_asn, where, 0); if (result < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } asn1_delete_structure (&pbes2_asn); @@ -2108,8 +2108,8 @@ error: static int encrypt_data (const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * key, gnutls_datum_t * encrypted) + const struct pbe_enc_params *enc_params, + gnutls_datum_t * key, gnutls_datum_t * encrypted) { int result; int data_size; @@ -2121,7 +2121,7 @@ encrypt_data (const gnutls_datum_t * plain, pad_size = gnutls_cipher_get_block_size (enc_params->cipher); - if (pad_size == 1) /* stream */ + if (pad_size == 1) /* stream */ pad_size = 0; data = gnutls_malloc (plain->size + pad_size); @@ -2137,7 +2137,7 @@ encrypt_data (const gnutls_datum_t * plain, { pad = pad_size - (plain->size % pad_size); if (pad == 0) - pad = pad_size; + pad = pad_size; memset (&data[plain->size], pad, pad); } else @@ -2183,7 +2183,7 @@ error: */ int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, - const char *password, gnutls_datum_t * dec) + const char *password, gnutls_datum_t * dec) { int result, len; char enc_oid[64]; @@ -2196,8 +2196,8 @@ _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -2217,8 +2217,8 @@ _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, len = sizeof (enc_oid); result = asn1_read_value (pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - enc_oid, &len); + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + enc_oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -2237,8 +2237,8 @@ _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, */ result = asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -2249,8 +2249,8 @@ _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, result = read_pkcs_schema_params (&schema, password, - &data->data[params_start], - params_len, &kdf_params, &enc_params); + &data->data[params_start], + params_len, &kdf_params, &enc_params); if (result < ASN1_SUCCESS) { gnutls_assert (); @@ -2264,8 +2264,8 @@ _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, result = decrypt_data (schema, pkcs7_asn, - "encryptedContentInfo.encryptedContent", password, - &kdf_params, &enc_params, &tmp); + "encryptedContentInfo.encryptedContent", password, + &kdf_params, &enc_params, &tmp); if (result < 0) { gnutls_assert (); @@ -2289,8 +2289,8 @@ error: */ int _gnutls_pkcs7_encrypt_data (schema_id schema, - const gnutls_datum_t * data, - const char *password, gnutls_datum_t * enc) + const gnutls_datum_t * data, + const char *password, gnutls_datum_t * enc) { int result; gnutls_datum_t key = { NULL, 0 }; @@ -2302,8 +2302,8 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) { gnutls_assert (); result = _gnutls_asn2err (result); @@ -2321,8 +2321,8 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, result = asn1_write_value (pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - str_oid, 1); + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + str_oid, 1); if (result != ASN1_SUCCESS) { @@ -2342,8 +2342,8 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, } result = write_schema_params (schema, pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - &kdf_params, &enc_params); + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + &kdf_params, &enc_params); if (result < 0) { gnutls_assert (); @@ -2364,8 +2364,8 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, */ result = asn1_write_value (pkcs7_asn, - "encryptedContentInfo.encryptedContent", tmp.data, - tmp.size); + "encryptedContentInfo.encryptedContent", tmp.data, + tmp.size); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -2388,7 +2388,7 @@ _gnutls_pkcs7_encrypt_data (schema_id schema, result = asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType", - DATA_OID, 1); + DATA_OID, 1); if (result != ASN1_SUCCESS) { gnutls_assert (); diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c index 753deb144b..676be34837 100644 --- a/lib/x509/rfc2818_hostname.c +++ b/lib/x509/rfc2818_hostname.c @@ -69,27 +69,27 @@ gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname) dnsnamesize = sizeof (dnsname); ret = gnutls_x509_crt_get_subject_alt_name (cert, i, - dnsname, &dnsnamesize, - NULL); + dnsname, &dnsnamesize, + NULL); if (ret == GNUTLS_SAN_DNSNAME) - { - found_dnsname = 1; - if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) - { - return 1; - } - } + { + found_dnsname = 1; + if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) + { + return 1; + } + } else if (ret == GNUTLS_SAN_IPADDRESS) - { - found_dnsname = 1; /* RFC 2818 is unclear whether the CN - should be compared for IP addresses - too, but we won't do it. */ - if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) - { - return 1; - } - } + { + found_dnsname = 1; /* RFC 2818 is unclear whether the CN + should be compared for IP addresses + too, but we won't do it. */ + if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) + { + return 1; + } + } } if (!found_dnsname) @@ -98,17 +98,17 @@ gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname) */ dnsnamesize = sizeof (dnsname); if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0, - 0, dnsname, &dnsnamesize) < 0) - { - /* got an error, can't find a name - */ - return 0; - } + 0, dnsname, &dnsnamesize) < 0) + { + /* got an error, can't find a name + */ + return 0; + } if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname)) - { - return 1; - } + { + return 1; + } } /* not found a matching name diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 07f7ef6c60..7860855ab9 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -35,7 +35,7 @@ #include <gnutls_cert.h> #include <libtasn1.h> #include <gnutls_global.h> -#include <gnutls_num.h> /* MAX */ +#include <gnutls_num.h> /* MAX */ #include <gnutls_sig.h> #include <gnutls_str.h> #include <gnutls_datum.h> @@ -49,7 +49,7 @@ */ int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name, - gnutls_datum_t * tbs) + gnutls_datum_t * tbs) { int result; opaque *buf; @@ -94,8 +94,8 @@ _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name, -*/ int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, - gnutls_digest_algorithm_t dig, - gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key) + gnutls_digest_algorithm_t dig, + gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key) { int result; gnutls_datum_t signature; @@ -120,8 +120,8 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, _gnutls_str_cat (name, sizeof (name), ".signature"); result = _gnutls_x509_write_sig_params (src, name, - gnutls_privkey_get_pk_algorithm - (issuer_key, NULL), dig); + gnutls_privkey_get_pk_algorithm + (issuer_key, NULL), dig); if (result < 0) { gnutls_assert (); @@ -165,8 +165,8 @@ _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, */ result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", - gnutls_privkey_get_pk_algorithm - (issuer_key, NULL), dig); + gnutls_privkey_get_pk_algorithm + (issuer_key, NULL), dig); if (result < 0) { gnutls_assert (); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 077ccd8a7d..5bb77e8a06 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -32,7 +32,7 @@ #include <gnutls_cert.h> #include <libtasn1.h> #include <gnutls_global.h> -#include <gnutls_num.h> /* MAX */ +#include <gnutls_num.h> /* MAX */ #include <gnutls_sig.h> #include <gnutls_str.h> #include <gnutls_datum.h> @@ -40,18 +40,18 @@ #include <common.h> static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, - unsigned int *output, - gnutls_x509_crt_t * issuer); + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output, + gnutls_x509_crt_t * issuer); static int is_crl_issuer (gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer_cert); + gnutls_x509_crt_t issuer_cert); static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, - unsigned int *output); + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output); /* Checks if two certs are identical. Return 0 on match. */ static int @@ -122,7 +122,7 @@ cleanup: */ static int check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, - unsigned int flags) + unsigned int flags) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t issuer_signed_data = { NULL, 0 }; @@ -137,7 +137,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, result = _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate", - &issuer_signed_data); + &issuer_signed_data); if (result < 0) { gnutls_assert (); @@ -146,7 +146,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, result = _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", - &cert_signed_data); + &cert_signed_data); if (result < 0) { gnutls_assert (); @@ -175,15 +175,15 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) if (cert_signed_data.size == issuer_signed_data.size) { - if ((memcmp (cert_signed_data.data, issuer_signed_data.data, - cert_signed_data.size) == 0) && - (cert_signature.size == issuer_signature.size) && - (memcmp (cert_signature.data, issuer_signature.data, - cert_signature.size) == 0)) - { - result = 1; - goto cleanup; - } + if ((memcmp (cert_signed_data.data, issuer_signed_data.data, + cert_signed_data.size) == 0) && + (cert_signature.size == issuer_signature.size) && + (memcmp (cert_signature.data, issuer_signature.data, + cert_signature.size) == 0)) + { + result = 1; + goto cleanup; + } } result = gnutls_x509_crt_get_ca_status (issuer, NULL); @@ -195,9 +195,9 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, /* Handle V1 CAs that do not have a basicConstraint, but accept these certs only if the appropriate flags are set. */ else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) && - ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) || - (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) && - (gnutls_x509_crt_check_issuer (issuer, issuer) == 1)))) + ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) || + (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) && + (gnutls_x509_crt_check_issuer (issuer, issuer) == 1)))) { gnutls_assert (); result = 1; @@ -258,7 +258,7 @@ cleanup: static inline gnutls_x509_crt_t find_issuer (gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, int tcas_size) + const gnutls_x509_crt_t * trusted_cas, int tcas_size) { int i; @@ -268,7 +268,7 @@ find_issuer (gnutls_x509_crt_t cert, for (i = 0; i < tcas_size; i++) { if (is_issuer (cert, trusted_cas[i]) == 1) - return trusted_cas[i]; + return trusted_cas[i]; } gnutls_assert (); @@ -291,10 +291,10 @@ find_issuer (gnutls_x509_crt_t cert, */ static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, - unsigned int *output, - gnutls_x509_crt_t * _issuer) + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output, + gnutls_x509_crt_t * _issuer) { gnutls_datum_t cert_signed_data = { NULL, 0 }; gnutls_datum_t cert_signature = { NULL, 0 }; @@ -310,7 +310,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, { gnutls_assert (); if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; return 0; } @@ -320,7 +320,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (issuer == NULL) { if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; gnutls_assert (); return 0; } @@ -340,17 +340,17 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, || issuer_version != 1)) { if (check_if_ca (cert, issuer, flags) == 0) - { - gnutls_assert (); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; - return 0; - } + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; + return 0; + } } result = _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", - &cert_signed_data); + &cert_signed_data); if (result < 0) { gnutls_assert (); @@ -367,7 +367,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, ret = _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature, - issuer); + issuer); if (ret < 0) { gnutls_assert (); @@ -377,7 +377,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, gnutls_assert (); /* error. ignore it */ if (output) - *output |= GNUTLS_CERT_INVALID; + *output |= GNUTLS_CERT_INVALID; ret = 0; } @@ -392,14 +392,14 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, sigalg = gnutls_x509_crt_get_signature_algorithm (cert); if (((sigalg == GNUTLS_SIGN_RSA_MD2) && - !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || - ((sigalg == GNUTLS_SIGN_RSA_MD5) && - !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) - { - if (output) - *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; - ret = 0; - } + !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || + ((sigalg == GNUTLS_SIGN_RSA_MD5) && + !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) + { + if (output) + *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; + ret = 0; + } } result = ret; @@ -425,7 +425,7 @@ cleanup: **/ int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer) + gnutls_x509_crt_t issuer) { return is_issuer (cert, issuer); } @@ -464,11 +464,11 @@ check_time (gnutls_x509_crt_t crt, time_t now) */ static unsigned int _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, - int clist_size, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, - const gnutls_x509_crl_t * CRLs, - int crls_size, unsigned int flags) + int clist_size, + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, + const gnutls_x509_crl_t * CRLs, + int crls_size, unsigned int flags) { int i = 0, ret; unsigned int status = 0, output; @@ -487,10 +487,10 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, * MD2 algorithm. */ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], - certificate_list[clist_size - 1]) > 0) - { - clist_size--; - } + certificate_list[clist_size - 1]) > 0) + { + clist_size--; + } } /* We want to shorten the chain by removing the cert that matches @@ -499,34 +499,34 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, * self-signed E but already removed above), and we trust B, remove * B, C and D. */ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - i = 0; /* also replace the first one */ + i = 0; /* also replace the first one */ else - i = 1; /* do not replace the first one */ + i = 1; /* do not replace the first one */ for (; i < clist_size; i++) { int j; for (j = 0; j < tcas_size; j++) - { - if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0) - { - /* explicity time check for trusted CA that we remove from - * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS - */ - if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS) - && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) - { - status |= check_time (trusted_cas[j], now); - if (status != 0) - { - return status; - } - } - clist_size = i; - break; - } - } + { + if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0) + { + /* explicity time check for trusted CA that we remove from + * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS + */ + if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS) + && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS)) + { + status |= check_time (trusted_cas[j], now); + if (status != 0) + { + return status; + } + } + clist_size = i; + break; + } + } /* clist_size may have been changed which gets out of loop */ } @@ -542,8 +542,8 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, * in self signed etc certificates. */ ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1], - trusted_cas, tcas_size, flags, &output, - &issuer); + trusted_cas, tcas_size, flags, &output, + &issuer); if (ret == 0) { /* if the last certificate in the certificate @@ -562,13 +562,13 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, for (i = 0; i < clist_size; i++) { ret = gnutls_x509_crt_check_revocation (certificate_list[i], - CRLs, crls_size); + CRLs, crls_size); if (ret == 1) - { /* revoked */ - status |= GNUTLS_CERT_REVOKED; - status |= GNUTLS_CERT_INVALID; - return status; - } + { /* revoked */ + status |= GNUTLS_CERT_REVOKED; + status |= GNUTLS_CERT_INVALID; + return status; + } } #endif @@ -579,28 +579,28 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, { /* check the time of the issuer first */ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)) - { - if (issuer == NULL) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - status |= check_time (issuer, now); - if (status != 0) - { - return status; - } - } + { + if (issuer == NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + status |= check_time (issuer, now); + if (status != 0) + { + return status; + } + } for (i = 0; i < clist_size; i++) - { - status |= check_time (certificate_list[i], now); - if (status != 0) - { - return status; - } - } + { + status |= check_time (certificate_list[i], now); + if (status != 0) + { + return status; + } + } } /* Verify the certificate path (chain) @@ -608,21 +608,21 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, for (i = clist_size - 1; i > 0; i--) { if (i - 1 < 0) - break; + break; /* note that here we disable this V1 CA flag. So that no version 1 * certificates can exist in a supplied chain. */ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) - flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); if ((ret = - _gnutls_verify_certificate2 (certificate_list[i - 1], - &certificate_list[i], 1, flags, - NULL, NULL)) == 0) - { - status |= GNUTLS_CERT_INVALID; - return status; - } + _gnutls_verify_certificate2 (certificate_list[i - 1], + &certificate_list[i], 1, flags, + NULL, NULL)) == 0) + { + status |= GNUTLS_CERT_INVALID; + return status; + } } return 0; @@ -635,8 +635,8 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, */ static int decode_ber_digest_info (const gnutls_datum_t * info, - gnutls_mac_algorithm_t * hash, - opaque * digest, int *digest_size) + gnutls_mac_algorithm_t * hash, + opaque * digest, int *digest_size) { ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; int result; @@ -644,8 +644,8 @@ decode_ber_digest_info (const gnutls_datum_t * info, int len; if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.DigestInfo", - &dinfo)) != ASN1_SUCCESS) + "GNUTLS.DigestInfo", + &dinfo)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -685,8 +685,8 @@ decode_ber_digest_info (const gnutls_datum_t * info, /* To avoid permitting garbage in the parameters field, either the parameters field is not present, or it contains 0x05 0x00. */ if (!(result == ASN1_ELEMENT_NOT_FOUND || - (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE && - memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0))) + (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE && + memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0))) { gnutls_assert (); asn1_delete_structure (&dinfo); @@ -713,9 +713,9 @@ decode_ber_digest_info (const gnutls_datum_t * info, */ static int _pkcs1_rsa_verify_sig (const gnutls_datum_t * text, - const gnutls_datum_t * prehash, - const gnutls_datum_t * signature, bigint_t * params, - int params_len) + const gnutls_datum_t * prehash, + const gnutls_datum_t * signature, bigint_t * params, + int params_len) { gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN; int ret; @@ -759,17 +759,17 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text, else { if (!text) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } ret = _gnutls_hash_init (&hd, hash); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } _gnutls_hash (&hd, text->data, text->size); _gnutls_hash_deinit (&hd, md); @@ -790,9 +790,9 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text, */ static int dsa_verify_sig (const gnutls_datum_t * text, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, bigint_t * params, - int params_len) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, bigint_t * params, + int params_len) { int ret; opaque _digest[MAX_HASH_SIZE]; @@ -807,10 +807,10 @@ dsa_verify_sig (const gnutls_datum_t * text, { ret = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } _gnutls_hash (&hd, text->data, text->size); _gnutls_hash_deinit (&hd, _digest); @@ -829,10 +829,10 @@ dsa_verify_sig (const gnutls_datum_t * text, */ int pubkey_verify_sig (const gnutls_datum_t * tbs, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, bigint_t * issuer_params, - int issuer_params_size) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_pk_algorithm_t pk, bigint_t * issuer_params, + int issuer_params_size) { switch (pk) @@ -840,22 +840,22 @@ pubkey_verify_sig (const gnutls_datum_t * tbs, case GNUTLS_PK_RSA: if (_pkcs1_rsa_verify_sig - (tbs, hash, signature, issuer_params, issuer_params_size) != 0) - { - gnutls_assert (); - return 0; - } + (tbs, hash, signature, issuer_params, issuer_params_size) != 0) + { + gnutls_assert (); + return 0; + } return 1; break; case GNUTLS_PK_DSA: if (dsa_verify_sig - (tbs, hash, signature, issuer_params, issuer_params_size) != 0) - { - gnutls_assert (); - return 0; - } + (tbs, hash, signature, issuer_params, issuer_params_size) != 0) + { + gnutls_assert (); + return 0; + } return 1; break; @@ -891,10 +891,10 @@ _gnutls_dsa_q_to_hash (bigint_t q) */ int _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm pk, - bigint_t * issuer_params, - unsigned int issuer_params_size) + const gnutls_datum_t * signature, + gnutls_pk_algorithm pk, + bigint_t * issuer_params, + unsigned int issuer_params_size) { opaque digest[MAX_HASH_SIZE]; gnutls_datum_t decrypted; @@ -906,46 +906,46 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, case GNUTLS_PK_DSA: if (hash) - *hash = _gnutls_dsa_q_to_hash (issuer_params[1]); + *hash = _gnutls_dsa_q_to_hash (issuer_params[1]); ret = 0; break; case GNUTLS_PK_RSA: if (signature == NULL) - { /* return a sensible algorithm */ - if (hash) - *hash = GNUTLS_DIG_SHA256; - return 0; - } + { /* return a sensible algorithm */ + if (hash) + *hash = GNUTLS_DIG_SHA256; + return 0; + } ret = - _gnutls_pkcs1_rsa_decrypt (&decrypted, signature, - issuer_params, issuer_params_size, 1); + _gnutls_pkcs1_rsa_decrypt (&decrypted, signature, + issuer_params, issuer_params_size, 1); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } digest_size = sizeof (digest); if ((ret = - decode_ber_digest_info (&decrypted, hash, digest, - &digest_size)) != 0) - { - gnutls_assert (); - _gnutls_free_datum (&decrypted); - goto cleanup; - } + decode_ber_digest_info (&decrypted, hash, digest, + &digest_size)) != 0) + { + gnutls_assert (); + _gnutls_free_datum (&decrypted); + goto cleanup; + } _gnutls_free_datum (&decrypted); if (digest_size != _gnutls_hash_get_algo_len (*hash)) - { - gnutls_assert (); - ret = GNUTLS_E_ASN1_GENERIC_ERROR; - goto cleanup; - } + { + gnutls_assert (); + ret = GNUTLS_E_ASN1_GENERIC_ERROR; + goto cleanup; + } ret = 0; break; @@ -969,9 +969,9 @@ cleanup: */ int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_x509_crt_t issuer) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer) { bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; int ret, issuer_params_size, i; @@ -989,8 +989,8 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, ret = pubkey_verify_sig (tbs, hash, signature, - gnutls_x509_crt_get_pk_algorithm (issuer, NULL), - issuer_params, issuer_params_size); + gnutls_x509_crt_get_pk_algorithm (issuer, NULL), + issuer_params, issuer_params_size); if (ret < 0) { gnutls_assert (); @@ -1014,13 +1014,13 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, */ int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_x509_privkey_t issuer) + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer) { int ret; ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm, - issuer->params, issuer->params_size); + issuer->params, issuer->params_size); if (ret < 0) { gnutls_assert (); @@ -1063,12 +1063,12 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, **/ int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, - int cert_list_length, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, - const gnutls_x509_crl_t * CRL_list, - int CRL_list_length, unsigned int flags, - unsigned int *verify) + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, unsigned int flags, + unsigned int *verify) { if (cert_list == NULL || cert_list_length == 0) return GNUTLS_E_NO_CERTIFICATE_FOUND; @@ -1077,8 +1077,8 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, */ *verify = _gnutls_x509_verify_certificate (cert_list, cert_list_length, - CA_list, CA_list_length, CRL_list, - CRL_list_length, flags); + CA_list, CA_list_length, CRL_list, + CRL_list_length, flags); return 0; } @@ -1099,15 +1099,15 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, **/ int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify) + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify) { /* Verify certificate */ *verify = _gnutls_x509_verify_certificate (&cert, 1, - CA_list, CA_list_length, NULL, 0, flags); + CA_list, CA_list_length, NULL, 0, flags); return 0; } @@ -1129,7 +1129,7 @@ gnutls_x509_crt_verify (gnutls_x509_crt_t cert, **/ int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert, - gnutls_x509_crt_t issuer) + gnutls_x509_crt_t issuer) { return is_crl_issuer (cert, issuer); } @@ -1151,9 +1151,9 @@ gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert, **/ int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify) + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify) { int ret; /* Verify crl @@ -1204,7 +1204,7 @@ cleanup: static inline gnutls_x509_crt_t find_crl_issuer (gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, int tcas_size) + const gnutls_x509_crt_t * trusted_cas, int tcas_size) { int i; @@ -1214,7 +1214,7 @@ find_crl_issuer (gnutls_x509_crl_t crl, for (i = 0; i < tcas_size; i++) { if (is_crl_issuer (crl, trusted_cas[i]) == 1) - return trusted_cas[i]; + return trusted_cas[i]; } gnutls_assert (); @@ -1232,8 +1232,8 @@ find_crl_issuer (gnutls_x509_crl_t crl, */ static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, unsigned int *output) + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, unsigned int *output) { /* CRL is ignored for now */ gnutls_datum_t crl_signed_data = { NULL, 0 }; @@ -1250,7 +1250,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, { gnutls_assert (); if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; return 0; } @@ -1261,19 +1261,19 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, { gnutls_assert (); if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; return 0; } if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) { if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1) - { - gnutls_assert (); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; - return 0; - } + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; + return 0; + } } result = @@ -1293,7 +1293,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, ret = _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature, - issuer); + issuer); if (ret < 0) { gnutls_assert (); @@ -1303,7 +1303,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, gnutls_assert (); /* error. ignore it */ if (output) - *output |= GNUTLS_CERT_INVALID; + *output |= GNUTLS_CERT_INVALID; ret = 0; } @@ -1313,13 +1313,13 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl, sigalg = gnutls_x509_crl_get_signature_algorithm (crl); if (((sigalg == GNUTLS_SIGN_RSA_MD2) && - !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || - ((sigalg == GNUTLS_SIGN_RSA_MD5) && - !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) + !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || + ((sigalg == GNUTLS_SIGN_RSA_MD5) && + !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) { - if (output) - *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; - ret = 0; + if (output) + *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; + ret = 0; } } diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 12d13320d9..c3b9090793 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -54,7 +54,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) return GNUTLS_E_MEMORY_ERROR; result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Certificate", &tmp->cert); + "PKIX1.Certificate", &tmp->cert); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -67,7 +67,7 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) *cert = tmp; - return 0; /* success */ + return 0; /* success */ } /*- @@ -162,8 +162,8 @@ gnutls_x509_crt_deinit (gnutls_x509_crt_t cert) **/ int gnutls_x509_crt_import (gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { int result = 0, need_free = 0; gnutls_datum_t _data; @@ -185,23 +185,23 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert, /* Try the first header */ result = - _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out); + _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out); if (result <= 0) - { - /* try for the second header */ - result = - _gnutls_fbase64_decode (PEM_X509_CERT, data->data, - data->size, &out); - - if (result <= 0) - { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert (); - return result; - } - } + { + /* try for the second header */ + result = + _gnutls_fbase64_decode (PEM_X509_CERT, data->data, + data->size, &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; + } + } _data.data = out; _data.size = result; @@ -217,13 +217,13 @@ gnutls_x509_crt_import (gnutls_x509_crt_t cert, asn1_delete_structure (&cert->cert); result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Certificate", &cert->cert); + "PKIX1.Certificate", &cert->cert); if (result != ASN1_SUCCESS) - { - result = _gnutls_asn2err (result); - gnutls_assert (); - goto cleanup; - } + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; + } } result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL); @@ -268,7 +268,7 @@ cleanup: **/ int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, - size_t * sizeof_buf) + size_t * sizeof_buf) { if (cert == NULL) { @@ -277,8 +277,8 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, } return _gnutls_x509_parse_dn (cert->cert, - "tbsCertificate.issuer.rdnSequence", buf, - sizeof_buf); + "tbsCertificate.issuer.rdnSequence", buf, + sizeof_buf); } /** @@ -309,9 +309,9 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, **/ int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf) + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf) { if (cert == NULL) { @@ -320,8 +320,8 @@ gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, } return _gnutls_x509_parse_dn_oid (cert->cert, - "tbsCertificate.issuer.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + "tbsCertificate.issuer.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -342,7 +342,7 @@ gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { if (cert == NULL) { @@ -351,8 +351,8 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, } return _gnutls_x509_get_dn_oid (cert->cert, - "tbsCertificate.issuer.rdnSequence", - indx, oid, sizeof_oid); + "tbsCertificate.issuer.rdnSequence", + indx, oid, sizeof_oid); } /** @@ -374,7 +374,7 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, - size_t * sizeof_buf) + size_t * sizeof_buf) { if (cert == NULL) { @@ -383,8 +383,8 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, } return _gnutls_x509_parse_dn (cert->cert, - "tbsCertificate.subject.rdnSequence", buf, - sizeof_buf); + "tbsCertificate.subject.rdnSequence", buf, + sizeof_buf); } /** @@ -415,8 +415,8 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, **/ int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { if (cert == NULL) { @@ -425,8 +425,8 @@ gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, } return _gnutls_x509_parse_dn_oid (cert->cert, - "tbsCertificate.subject.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + "tbsCertificate.subject.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -447,7 +447,7 @@ gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, **/ int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * sizeof_oid) + int indx, void *oid, size_t * sizeof_oid) { if (cert == NULL) { @@ -456,8 +456,8 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, } return _gnutls_x509_get_dn_oid (cert->cert, - "tbsCertificate.subject.rdnSequence", - indx, oid, sizeof_oid); + "tbsCertificate.subject.rdnSequence", + indx, oid, sizeof_oid); } /** @@ -488,7 +488,7 @@ gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert) */ result = _gnutls_x509_read_value (cert->cert, "signatureAlgorithm.algorithm", - &sa, 0); + &sa, 0); if (result < 0) { @@ -516,7 +516,7 @@ gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert) **/ int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, - char *sig, size_t * sizeof_sig) + char *sig, size_t * sizeof_sig) { int result; int bits, len; @@ -582,11 +582,11 @@ gnutls_x509_crt_get_version (gnutls_x509_crt_t cert) len = sizeof (version); if ((result = asn1_read_value (cert->cert, "tbsCertificate.version", version, - &len)) != ASN1_SUCCESS) + &len)) != ASN1_SUCCESS) { if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ + return 1; /* the DEFAULT version */ gnutls_assert (); return _gnutls_asn2err (result); } @@ -613,7 +613,7 @@ gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert) } return _gnutls_x509_get_time (cert->cert, - "tbsCertificate.validity.notBefore"); + "tbsCertificate.validity.notBefore"); } /** @@ -635,7 +635,7 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) } return _gnutls_x509_get_time (cert->cert, - "tbsCertificate.validity.notAfter"); + "tbsCertificate.validity.notAfter"); } /** @@ -654,7 +654,7 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) **/ int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, - size_t * result_size) + size_t * result_size) { int ret, len; @@ -694,7 +694,7 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, **/ int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, - size_t * ret_size, unsigned int *critical) + size_t * ret_size, unsigned int *critical) { int result, len; gnutls_datum_t id; @@ -714,7 +714,7 @@ gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, if ((result = _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id, - critical)) < 0) + critical)) < 0) { return result; } @@ -758,7 +758,7 @@ gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, if (result != ASN1_SUCCESS) { if (result != ASN1_MEM_ERROR) - gnutls_assert (); + gnutls_assert (); return _gnutls_asn2err (result); } @@ -782,8 +782,8 @@ gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, **/ int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret, - size_t * ret_size, - unsigned int *critical) + size_t * ret_size, + unsigned int *critical) { int result, len; gnutls_datum_t id; @@ -803,7 +803,7 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret, if ((result = _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id, - critical)) < 0) + critical)) < 0) { return result; } @@ -847,7 +847,7 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret, if (result != ASN1_SUCCESS) { if (result != ASN1_MEM_ERROR) - gnutls_assert (); + gnutls_assert (); return _gnutls_asn2err (result); } @@ -883,8 +883,8 @@ gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits) result = _gnutls_x509_get_pk_algorithm (cert->cert, - "tbsCertificate.subjectPublicKeyInfo", - bits); + "tbsCertificate.subjectPublicKeyInfo", + bits); if (result < 0) { @@ -913,8 +913,8 @@ is_type_printable (int type) */ int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, - int seq, void *name, size_t * name_size, - unsigned int *ret_type, int othername_oid) + int seq, void *name, size_t * name_size, + unsigned int *ret_type, int othername_oid) { unsigned int len; char nptr[ASN1_MAX_NAME_SIZE]; @@ -922,7 +922,7 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, opaque choice_type[128]; gnutls_x509_subject_alt_name_t type; - seq++; /* 0->1, 1->2 etc */ + seq++; /* 0->1, 1->2 etc */ if (src_name[0] != 0) snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq); @@ -957,100 +957,100 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, if (type == GNUTLS_SAN_OTHERNAME) { if (othername_oid) - _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id"); + _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id"); else - _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value"); + _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value"); len = *name_size; result = asn1_read_value (src, nptr, name, &len); *name_size = len; if (result == ASN1_MEM_ERROR) - return GNUTLS_E_SHORT_MEMORY_BUFFER; + return GNUTLS_E_SHORT_MEMORY_BUFFER; if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } if (othername_oid) - { - if (len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0) - type = GNUTLS_SAN_OTHERNAME_XMPP; - } + { + if (len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0) + type = GNUTLS_SAN_OTHERNAME_XMPP; + } else - { - char oid[42]; - - if (src_name[0] != 0) - snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id", - src_name, seq); - else - snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq); - - len = sizeof (oid); - result = asn1_read_value (src, nptr, oid, &len); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0) - { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - size_t orig_name_size = *name_size; - - result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&c2, name, *name_size, NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } - - len = *name_size; - result = asn1_read_value (c2, "", name, &len); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - *name_size = len + 1; - return _gnutls_asn2err (result); - } - asn1_delete_structure (&c2); - - if (len + 1 > orig_name_size) - { - gnutls_assert (); - *name_size = len + 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - *name_size = len; - /* null terminate it */ - ((char *) name)[*name_size] = 0; - } - } + { + char oid[42]; + + if (src_name[0] != 0) + snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id", + src_name, seq); + else + snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq); + + len = sizeof (oid); + result = asn1_read_value (src, nptr, oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0) + { + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + size_t orig_name_size = *name_size; + + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = asn1_der_decoding (&c2, name, *name_size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); + } + + len = *name_size; + result = asn1_read_value (c2, "", name, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + *name_size = len + 1; + return _gnutls_asn2err (result); + } + asn1_delete_structure (&c2); + + if (len + 1 > orig_name_size) + { + gnutls_assert (); + *name_size = len + 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + *name_size = len; + /* null terminate it */ + ((char *) name)[*name_size] = 0; + } + } } else if (type == GNUTLS_SAN_DN) { _gnutls_str_cat (nptr, sizeof (nptr), ".directoryName"); result = _gnutls_x509_parse_dn (src, nptr, name, name_size); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } else if (othername_oid) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; @@ -1066,31 +1066,31 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, *name_size = len; if (result == ASN1_MEM_ERROR) - { - if (is_type_printable (type)) - (*name_size)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + if (is_type_printable (type)) + (*name_size)++; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + return _gnutls_asn2err (result); + } if (is_type_printable (type)) - { + { - if (len + 1 > orig_name_size) - { - gnutls_assert (); - (*name_size)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + if (len + 1 > orig_name_size) + { + gnutls_assert (); + (*name_size)++; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } - /* null terminate it */ - ((char *) name)[*name_size] = 0; - } + /* null terminate it */ + ((char *) name)[*name_size] = 0; + } } @@ -1099,9 +1099,9 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, static int get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, - unsigned int seq, void *ret, - size_t * ret_size, unsigned int *ret_type, - unsigned int *critical, int othername_oid) + unsigned int seq, void *ret, + size_t * ret_size, unsigned int *ret_type, + unsigned int *critical, int othername_oid) { int result; gnutls_datum_t dnsname; @@ -1121,7 +1121,7 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, if ((result = _gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname, - critical)) < 0) + critical)) < 0) { return result; } @@ -1134,10 +1134,10 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, if (strcmp ("2.5.29.17", extension_id) == 0) result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.SubjectAltName", &c2); + "PKIX1.SubjectAltName", &c2); else if (strcmp ("2.5.29.18", extension_id) == 0) result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.IssuerAltName", &c2); + "PKIX1.IssuerAltName", &c2); else { gnutls_assert (); @@ -1163,7 +1163,7 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, result = _gnutls_parse_general_name (c2, "", seq, ret, ret_size, ret_type, - othername_oid); + othername_oid); asn1_delete_structure (&c2); @@ -1210,12 +1210,12 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, **/ int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *critical) + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical) { return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, critical, - 0); + 0); } /** @@ -1253,12 +1253,12 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *critical) + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical) { return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, critical, - 0); + 0); } /** @@ -1287,13 +1287,13 @@ gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical) + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical) { return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, ret_type, - critical, 0); + critical, 0); } /** @@ -1325,13 +1325,13 @@ gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *ret_type, - unsigned int *critical) + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *ret_type, + unsigned int *critical) { return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, ret_type, - critical, 0); + critical, 0); } /** @@ -1362,8 +1362,8 @@ gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, size_t * ret_size) + unsigned int seq, + void *ret, size_t * ret_size) { return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, NULL, 1); } @@ -1398,8 +1398,8 @@ gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, - unsigned int seq, - void *ret, size_t * ret_size) + unsigned int seq, + void *ret, size_t * ret_size) { return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, NULL, 1); } @@ -1426,8 +1426,8 @@ gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, - unsigned int *critical, - int *ca, int *pathlen) + unsigned int *critical, + int *ca, int *pathlen) { int result; gnutls_datum_t basicConstraints; @@ -1441,7 +1441,7 @@ gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, if ((result = _gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0, - &basicConstraints, critical)) < 0) + &basicConstraints, critical)) < 0) { return result; } @@ -1454,9 +1454,9 @@ gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, result = _gnutls_x509_ext_extract_basicConstraints (&tmp_ca, - pathlen, - basicConstraints.data, - basicConstraints.size); + pathlen, + basicConstraints.data, + basicConstraints.size); if (ca) *ca = tmp_ca; _gnutls_free_datum (&basicConstraints); @@ -1492,7 +1492,7 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) { int ca, pathlen; return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca, - &pathlen); + &pathlen); } /** @@ -1516,8 +1516,8 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) **/ int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical) + unsigned int *key_usage, + unsigned int *critical) { int result; gnutls_datum_t keyUsage; @@ -1531,7 +1531,7 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, if ((result = _gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage, - critical)) < 0) + critical)) < 0) { return result; } @@ -1543,7 +1543,7 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, } result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data, - keyUsage.size); + keyUsage.size); _gnutls_free_datum (&keyUsage); *key_usage = _usage; @@ -1576,10 +1576,10 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, - unsigned int *critical, - int *pathlen, - char **policyLanguage, - char **policy, size_t * sizeof_policy) + unsigned int *critical, + int *pathlen, + char **policyLanguage, + char **policy, size_t * sizeof_policy) { int result; gnutls_datum_t proxyCertInfo; @@ -1592,7 +1592,7 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, if ((result = _gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0, - &proxyCertInfo, critical)) < 0) + &proxyCertInfo, critical)) < 0) { return result; } @@ -1604,11 +1604,11 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, } result = _gnutls_x509_ext_extract_proxyCertInfo (pathlen, - policyLanguage, - policy, - sizeof_policy, - proxyCertInfo.data, - proxyCertInfo.size); + policyLanguage, + policy, + sizeof_policy, + proxyCertInfo.data, + proxyCertInfo.size); _gnutls_free_datum (&proxyCertInfo); if (result < 0) { @@ -1639,9 +1639,9 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, - const char *oid, int indx, - void *buf, size_t * sizeof_buf, - unsigned int *critical) + const char *oid, int indx, + void *buf, size_t * sizeof_buf, + unsigned int *critical) { int result; gnutls_datum_t output; @@ -1654,7 +1654,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, if ((result = _gnutls_x509_crt_get_extension (cert, oid, indx, &output, - critical)) < 0) + critical)) < 0) { gnutls_assert (); return result; @@ -1701,7 +1701,7 @@ gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid) + void *oid, size_t * sizeof_oid) { int result; @@ -1746,8 +1746,8 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, **/ int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid, - int *critical) + void *oid, size_t * sizeof_oid, + int *critical) { int result; char str_critical[10]; @@ -1761,7 +1761,7 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, } snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID", - indx + 1); + indx + 1); len = *sizeof_oid; result = asn1_read_value (cert->cert, name, oid, &len); @@ -1776,7 +1776,7 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, } snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical", - indx + 1); + indx + 1); len = sizeof (str_critical); result = asn1_read_value (cert->cert, name, str_critical, &len); if (result != ASN1_SUCCESS) @@ -1788,9 +1788,9 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, if (critical) { if (str_critical[0] == 'T') - *critical = 1; + *critical = 1; else - *critical = 0; + *critical = 0; } return 0; @@ -1820,7 +1820,7 @@ gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, **/ int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, - void *data, size_t * sizeof_data) + void *data, size_t * sizeof_data) { int result, len; char name[ASN1_MAX_NAME_SIZE]; @@ -1832,7 +1832,7 @@ gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, } snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue", - indx + 1); + indx + 1); len = *sizeof_data; result = asn1_read_value (cert->cert, name, data, &len); @@ -1851,7 +1851,7 @@ gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, static int _gnutls_x509_crt_get_raw_dn2 (gnutls_x509_crt_t cert, - const char *whom, gnutls_datum_t * start) + const char *whom, gnutls_datum_t * start) { ASN1_TYPE c2 = ASN1_TYPE_EMPTY; int result, len1; @@ -1862,7 +1862,7 @@ _gnutls_x509_crt_get_raw_dn2 (gnutls_x509_crt_t cert, */ if ((result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertificate", - &c2)) != ASN1_SUCCESS) + &c2)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); @@ -1887,7 +1887,7 @@ _gnutls_x509_crt_get_raw_dn2 (gnutls_x509_crt_t cert, result = asn1_der_decoding_startEnd (c2, signed_data.data, signed_data.size, - whom, &start1, &end1); + whom, &start1, &end1); if (result != ASN1_SUCCESS) { @@ -1922,7 +1922,7 @@ cleanup: **/ int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, - gnutls_datum_t * start) + gnutls_datum_t * start) { return _gnutls_x509_crt_get_raw_dn2 (cert, "issuer", start); } @@ -2012,7 +2012,7 @@ gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn) **/ int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, - int irdn, int iava, gnutls_x509_ava_st * ava) + int irdn, int iava, gnutls_x509_ava_st * ava) { ASN1_TYPE rdn, elem; long len; @@ -2021,7 +2021,7 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, unsigned char cls, *ptr; iava++; - irdn++; /* 0->1, 1->2 etc */ + irdn++; /* 0->1, 1->2 etc */ snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava); rdn = asn1_find_node (dn, rbuf); @@ -2081,8 +2081,8 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, tmp = asn1_get_length_der (ptr, remlen, &lenlen); if (tmp < 0) { - gnutls_assert (); - return GNUTLS_E_ASN1_DER_ERROR; + gnutls_assert (); + return GNUTLS_E_ASN1_DER_ERROR; } ava->value.size = tmp; } @@ -2109,8 +2109,8 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, **/ int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, - void *buf, size_t * sizeof_buf) + gnutls_digest_algorithm_t algo, + void *buf, size_t * sizeof_buf) { opaque *cert_buf; int cert_buf_size; @@ -2172,8 +2172,8 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_export (gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { if (cert == NULL) { @@ -2182,13 +2182,13 @@ gnutls_x509_crt_export (gnutls_x509_crt_t cert, } return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE", - output_data, output_data_size); + output_data, output_data_size); } int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params, - int params_size, unsigned char *output_data, - size_t * output_data_size) + int params_size, unsigned char *output_data, + size_t * output_data_size) { int result = 0; gnutls_datum_t der = { NULL, 0 }; @@ -2205,19 +2205,19 @@ _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params, { result = _gnutls_x509_write_rsa_params (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else if (pk == GNUTLS_PK_DSA) { result = _gnutls_x509_write_dsa_public_key (params, params_size, &der); if (result < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } else return GNUTLS_E_INTERNAL_ERROR; @@ -2245,7 +2245,7 @@ cleanup: static int rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk, - unsigned char *output_data, size_t * output_data_size) + unsigned char *output_data, size_t * output_data_size) { bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; int params_size = MAX_PUBLIC_PARAMS_SIZE; @@ -2260,7 +2260,7 @@ rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk, result = _gnutls_get_key_id (pk, params, params_size, output_data, - output_data_size); + output_data_size); if (result < 0) { gnutls_assert (); @@ -2302,8 +2302,8 @@ cleanup: **/ int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) + unsigned char *output_data, + size_t * output_data_size) { int pk, result = 0; gnutls_datum_t pubkey; @@ -2343,7 +2343,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, */ pubkey.size = 0; result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo", - NULL, &pubkey.size, NULL); + NULL, &pubkey.size, NULL); if (result != ASN1_MEM_ERROR) { gnutls_assert (); @@ -2358,7 +2358,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, } result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo", - pubkey.data, &pubkey.size, NULL); + pubkey.data, &pubkey.size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -2367,7 +2367,7 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, } result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey, - output_data, output_data_size); + output_data, output_data_size); gnutls_free (pubkey.data); @@ -2391,8 +2391,8 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, **/ int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length) + const gnutls_x509_crl_t * crl_list, + int crl_list_length) { opaque serial[64]; opaque cert_serial[64]; @@ -2407,44 +2407,44 @@ gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, } for (j = 0; j < crl_list_length; j++) - { /* do for all the crls */ + { /* do for all the crls */ /* Step 1. check if issuer's DN match */ ret = _gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2); _gnutls_free_datum (&dn1); _gnutls_free_datum (&dn2); if (ret == 0) - { - /* issuers do not match so don't even - * bother checking. - */ - continue; - } + { + /* issuers do not match so don't even + * bother checking. + */ + continue; + } /* Step 2. Read the certificate's serial number */ cert_serial_size = sizeof (cert_serial); ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } /* Step 3. cycle through the CRL serials and compare with * certificate serial we have. @@ -2452,36 +2452,36 @@ gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]); if (ncerts < 0) - { - gnutls_assert (); - return ncerts; - } + { + gnutls_assert (); + return ncerts; + } for (i = 0; i < ncerts; i++) - { - serial_size = sizeof (serial); - ret = - gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial, - &serial_size, NULL); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (serial_size == cert_serial_size) - { - if (memcmp (serial, cert_serial, serial_size) == 0) - { - /* serials match */ - return 1; /* revoked! */ - } - } - } - - } - return 0; /* not revoked. */ + { + serial_size = sizeof (serial); + ret = + gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial, + &serial_size, NULL); + + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + if (serial_size == cert_serial_size) + { + if (memcmp (serial, cert_serial, serial_size) == 0) + { + /* serials match */ + return 1; /* revoked! */ + } + } + } + + } + return 0; /* not revoked. */ } /** @@ -2500,8 +2500,8 @@ gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash) { bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; int issuer_params_size; @@ -2522,10 +2522,10 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, } ret = _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash, - signature, - gnutls_x509_crt_get_pk_algorithm (crt, - NULL), - issuer_params, issuer_params_size); + signature, + gnutls_x509_crt_get_pk_algorithm (crt, + NULL), + issuer_params, issuer_params_size); /* release allocated mpis */ for (i = 0; i < issuer_params_size; i++) @@ -2555,8 +2555,8 @@ gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; int issuer_params_size; @@ -2578,8 +2578,8 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, ret = _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm - (crt, NULL), issuer_params, - issuer_params_size, hash, mand); + (crt, NULL), issuer_params, + issuer_params_size, hash, mand); /* release allocated mpis */ for (i = 0; i < issuer_params_size; i++) @@ -2605,8 +2605,8 @@ gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { int result; @@ -2641,8 +2641,8 @@ gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags, **/ int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { int result; @@ -2695,10 +2695,10 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, **/ int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *reason_flags, - unsigned int *critical) + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical) { int result; gnutls_datum_t dist_points = { NULL, 0 }; @@ -2724,7 +2724,7 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, result = _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points, - critical); + critical); if (result < 0) { return result; @@ -2782,11 +2782,11 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, result = asn1_read_value (c2, name, reasons, &len); if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); + } *reason_flags = reasons[0] | (reasons[1] << 8); } @@ -2815,8 +2815,8 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, - int indx, void *oid, size_t * sizeof_oid, - unsigned int *critical) + int indx, void *oid, size_t * sizeof_oid, + unsigned int *critical) { char tmpstr[ASN1_MAX_NAME_SIZE]; int result, len; @@ -2836,7 +2836,7 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, if ((result = _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id, - critical)) < 0) + critical)) < 0) { return result; } @@ -2906,7 +2906,7 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e) + gnutls_datum_t * m, gnutls_datum_t * e) { int ret; bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; @@ -2974,8 +2974,8 @@ cleanup: **/ int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { int ret; bigint_t params[MAX_PUBLIC_PARAMS_SIZE]; @@ -3075,9 +3075,9 @@ cleanup: **/ int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, - unsigned int *cert_max, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags) { int size; const char *ptr; @@ -3088,26 +3088,26 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, if (format == GNUTLS_X509_FMT_DER) { if (*cert_max < 1) - { - *cert_max = 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } + { + *cert_max = 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } - count = 1; /* import only the first one */ + count = 1; /* import only the first one */ ret = gnutls_x509_crt_init (&certs[0]); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } ret = gnutls_x509_crt_import (certs[0], data, format); if (ret < 0) - { - gnutls_assert (); - goto error; - } + { + gnutls_assert (); + goto error; + } *cert_max = 1; return 1; @@ -3116,10 +3116,10 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, /* move to the certificate */ ptr = memmem (data->data, data->size, - PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); if (ptr == NULL) ptr = memmem (data->data, data->size, - PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); if (ptr == NULL) { @@ -3132,33 +3132,33 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, do { if (count >= *cert_max) - { - if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) - break; - else - nocopy = 1; - } + { + if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) + break; + else + nocopy = 1; + } if (!nocopy) - { - ret = gnutls_x509_crt_init (&certs[count]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - tmp.data = (void *) ptr; - tmp.size = data->size - (ptr - (char *) data->data); - - ret = - gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - } + { + ret = gnutls_x509_crt_init (&certs[count]); + if (ret < 0) + { + gnutls_assert (); + goto error; + } + + tmp.data = (void *) ptr; + tmp.size = data->size - (ptr - (char *) data->data); + + ret = + gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + gnutls_assert (); + goto error; + } + } /* now we move ptr after the pem header */ @@ -3168,18 +3168,18 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, size = data->size - (ptr - (char *) data->data); if (size > 0) - { - char *ptr2; + { + char *ptr2; - ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); - if (ptr2 == NULL) - ptr2 = memmem (ptr, size, PEM_CERT_SEP2, - sizeof (PEM_CERT_SEP2) - 1); + ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + if (ptr2 == NULL) + ptr2 = memmem (ptr, size, PEM_CERT_SEP2, + sizeof (PEM_CERT_SEP2) - 1); - ptr = ptr2; - } + ptr = ptr2; + } else - ptr = NULL; + ptr = NULL; count++; } @@ -3216,17 +3216,17 @@ error: **/ int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * sizeof_buf) + size_t * sizeof_buf) { int result; gnutls_datum_t datum = { NULL, 0 }; result = _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID", - &datum, 2); + &datum, 2); if (datum.size > *sizeof_buf) - { /* then we're not going to fit */ + { /* then we're not going to fit */ *sizeof_buf = datum.size; buf[0] = '\0'; result = GNUTLS_E_SHORT_MEMORY_BUFFER; @@ -3260,17 +3260,17 @@ gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, **/ int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, - size_t * sizeof_buf) + size_t * sizeof_buf) { int result; gnutls_datum_t datum = { NULL, 0 }; result = _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID", - &datum, 2); + &datum, 2); if (datum.size > *sizeof_buf) - { /* then we're not going to fit */ + { /* then we're not going to fit */ *sizeof_buf = datum.size; buf[0] = '\0'; result = GNUTLS_E_SHORT_MEMORY_BUFFER; diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index 924dee341c..f444280a12 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -72,7 +72,7 @@ typedef struct gnutls_pkcs7_int ASN1_TYPE pkcs7; } gnutls_pkcs7_int; -#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */ +#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */ /* parameters should not be larger than this limit */ #define DSA_PRIVATE_PARAMS 5 @@ -115,7 +115,7 @@ typedef struct gnutls_x509_privkey_int * [3] is y (public key) * [4] is x (private key) */ - int params_size; /* holds the number of params */ + int params_size; /* holds the number of params */ gnutls_pk_algorithm_t pk_algorithm; @@ -132,20 +132,20 @@ int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src); int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2); + const gnutls_datum_t * dn2); int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src); int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, - gnutls_datum_t * dn); + gnutls_datum_t * dn); /* sign.c */ int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name, - gnutls_datum_t * tbs); + gnutls_datum_t * tbs); int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, - gnutls_digest_algorithm_t, - gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key); + gnutls_digest_algorithm_t, + gnutls_x509_crt_t issuer, + gnutls_privkey_t issuer_key); /* dn.c */ #define OID_X520_COUNTRY_NAME "2.5.4.6" @@ -159,160 +159,160 @@ int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf); + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf); int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, const char *oid, - int indx, unsigned int raw_flag, void *buf, - size_t * sizeof_buf); + const char *asn1_rdn_name, const char *oid, + int indx, unsigned int raw_flag, void *buf, + size_t * sizeof_buf); int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, const char *oid, - int raw_flag, const char *name, int sizeof_name); + const char *asn1_rdn_name, const char *oid, + int raw_flag, const char *name, int sizeof_name); int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t * sizeof_oid); + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid); int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name, - int seq, void *name, size_t * name_size, - unsigned int *ret_type, int othername_oid); + int seq, void *name, size_t * name_size, + unsigned int *ret_type, int othername_oid); /* dsa.c */ /* verify.c */ int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); + gnutls_x509_crt_t issuer); int _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_algorithm pk, - bigint_t * issuer_params, - unsigned int issuer_params_size); + const gnutls_datum_t * signature, + gnutls_pk_algorithm pk, + bigint_t * issuer_params, + unsigned int issuer_params_size); int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_x509_crt_t issuer); + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer); int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_x509_privkey_t issuer); + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer); /* privkey.h */ ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * - raw_key, - gnutls_x509_privkey_t pkey); + raw_key, + gnutls_x509_privkey_t pkey); int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params); /* extensions.c */ int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl, - const char *extension_id, int indx, - gnutls_datum_t * ret, - unsigned int *_critical); + const char *extension_id, int indx, + gnutls_datum_t * ret, + unsigned int *_critical); int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, - int indx, void *oid, - size_t * sizeof_oid); + int indx, void *oid, + size_t * sizeof_oid); int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical); + const char *ext_id, + const gnutls_datum_t * ext_data, + unsigned int critical); int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * ret, - unsigned int *critical); + const char *extension_id, int indx, + gnutls_datum_t * ret, + unsigned int *critical); int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, - int indx, void *ret, - size_t * ret_size); + int indx, void *ret, + size_t * ret_size); int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage, - opaque * extnValue, int extnValueLen); + opaque * extnValue, int extnValueLen); int _gnutls_x509_ext_extract_basicConstraints (int *CA, - int *pathLenConstraint, - opaque * extnValue, - int extnValueLen); + int *pathLenConstraint, + opaque * extnValue, + int extnValueLen); int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, - const char *extension_id, - const gnutls_datum_t * ext_data, - unsigned int critical); + const char *extension_id, + const gnutls_datum_t * ext_data, + unsigned int critical); int _gnutls_x509_ext_extract_number (opaque * number, - size_t * nr_size, - opaque * extnValue, int extnValueLen); + size_t * nr_size, + opaque * extnValue, int extnValueLen); int _gnutls_x509_ext_gen_number (const opaque * nuber, size_t nr_size, - gnutls_datum_t * der_ext); + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint, - gnutls_datum_t * der_ext); + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t - type, const void *data, - unsigned int data_size, - gnutls_datum_t * prev_der_ext, - gnutls_datum_t * der_ext); + type, const void *data, + unsigned int data_size, + gnutls_datum_t * prev_der_ext, + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type, - const void *data, - unsigned int data_size, - unsigned int reason_flags, - gnutls_datum_t * der_ext); + const void *data, + unsigned int data_size, + unsigned int reason_flags, + gnutls_datum_t * der_ext); int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, - gnutls_datum_t * der_data); + gnutls_datum_t * der_data); int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, - gnutls_datum_t * der_data); + gnutls_datum_t * der_data); int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint, - char **policyLanguage, - char **policy, - size_t * sizeof_policy, - opaque * extnValue, - int extnValueLen); + char **policyLanguage, + char **policy, + size_t * sizeof_policy, + opaque * extnValue, + int extnValueLen); int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint, - const char *policyLanguage, - const char *policy, - size_t sizeof_policy, - gnutls_datum_t * der_ext); + const char *policyLanguage, + const char *policy, + size_t sizeof_policy, + gnutls_datum_t * der_ext); /* mpi.c */ int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert, - bigint_t * params, int *params_size); + bigint_t * params, int *params_size); int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, - bigint_t * params, int *params_size); + bigint_t * params, int *params_size); int _gnutls_x509_read_rsa_params (opaque * der, int dersize, - bigint_t * params); + bigint_t * params); int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, - bigint_t * params); + bigint_t * params); int _gnutls_x509_read_dsa_params (opaque * der, int dersize, - bigint_t * params); + bigint_t * params); int _gnutls_x509_write_rsa_params (bigint_t * params, int params_size, - gnutls_datum_t * der); + gnutls_datum_t * der); int _gnutls_x509_write_dsa_params (bigint_t * params, int params_size, - gnutls_datum_t * der); + gnutls_datum_t * der); int _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size, - gnutls_datum_t * der); + gnutls_datum_t * der); int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, - unsigned int *ret); + unsigned int *ret); int _gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out); int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, - bigint_t * ret_mpi); + bigint_t * ret_mpi); int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi, - int lz); + int lz); int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, - uint32_t num); + uint32_t num); int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, - gnutls_pk_algorithm_t pk_algorithm, - gnutls_digest_algorithm_t); + gnutls_pk_algorithm_t pk_algorithm, + gnutls_digest_algorithm_t); /* pkcs12.h */ #include <gnutls/pkcs12.h> @@ -356,45 +356,45 @@ typedef struct gnutls_pkcs12_bag_int int _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt, - unsigned int salt_size, unsigned int iter, - const char *pw, unsigned int req_keylen, - opaque * keybuf); + unsigned int salt_size, unsigned int iter, + const char *pw, unsigned int req_keylen, + opaque * keybuf); int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, - const char *password, gnutls_datum_t * dec); + const char *password, gnutls_datum_t * dec); typedef enum schema_id { - PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */ - PBES2_3DES, /* the stuff in PKCS #5 */ + PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */ + PBES2_3DES, /* the stuff in PKCS #5 */ PBES2_AES_128, PBES2_AES_192, PBES2_AES_256, - PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */ + PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */ PKCS12_ARCFOUR_SHA1, PKCS12_RC2_40_SHA1 } schema_id; int _gnutls_pkcs_flags_to_schema (unsigned int flags); int _gnutls_pkcs7_encrypt_data (schema_id schema, - const gnutls_datum_t * data, - const char *password, gnutls_datum_t * enc); + const gnutls_datum_t * data, + const char *password, gnutls_datum_t * enc); int _pkcs12_decode_safe_contents (const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag); + gnutls_pkcs12_bag_t bag); int _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content, - int *enc); + int *enc); int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, gnutls_datum_t * out); + const gnutls_datum_t * in, gnutls_datum_t * out); int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, gnutls_datum_t * out); + const gnutls_datum_t * raw, gnutls_datum_t * out); /* crq */ int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical); + const char *ext_id, + const gnutls_datum_t * ext_data, + unsigned int critical); #endif diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index e848f1d750..a0b830e695 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -64,8 +64,8 @@ static void disable_optional_stuff (gnutls_x509_crt_t cert); **/ int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid, - unsigned int raw_flag, const void *name, - unsigned int sizeof_name) + unsigned int raw_flag, const void *name, + unsigned int sizeof_name) { if (sizeof_name == 0 || name == NULL || crt == NULL) { @@ -73,7 +73,7 @@ gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid, } return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject", - oid, raw_flag, name, sizeof_name); + oid, raw_flag, name, sizeof_name); } /** @@ -103,10 +103,10 @@ gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid, **/ int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name) + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name) { if (sizeof_name == 0 || name == NULL || crt == NULL) { @@ -114,7 +114,7 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, } return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.issuer", oid, - raw_flag, name, sizeof_name); + raw_flag, name, sizeof_name); } /** @@ -136,8 +136,8 @@ gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt, - unsigned int raw_flag, const void *name, - unsigned int sizeof_name) + unsigned int raw_flag, const void *name, + unsigned int sizeof_name) { int result; @@ -147,7 +147,7 @@ gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt, } result = asn1_copy_node (crt->cert, "tbsCertificate.subject", - eecrt->cert, "tbsCertificate.subject"); + eecrt->cert, "tbsCertificate.subject"); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -157,8 +157,8 @@ gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt, if (name && sizeof_name) { return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject", - GNUTLS_OID_X520_COMMON_NAME, - raw_flag, name, sizeof_name); + GNUTLS_OID_X520_COMMON_NAME, + raw_flag, name, sizeof_name); } return 0; @@ -231,10 +231,10 @@ gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key) } result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - key->pk_algorithm, - key->params, - key->params_size); + "tbsCertificate.subjectPublicKeyInfo", + key->pk_algorithm, + key->params, + key->params_size); if (result < 0) { @@ -269,7 +269,7 @@ gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) } result = asn1_copy_node (crt->cert, "tbsCertificate.subject", - crq->crq, "certificationRequestInfo.subject"); + crq->crq, "certificationRequestInfo.subject"); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -278,7 +278,7 @@ gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) result = asn1_copy_node (crt->cert, "tbsCertificate.subjectPublicKeyInfo", - crq->crq, "certificationRequestInfo.subjectPKInfo"); + crq->crq, "certificationRequestInfo.subjectPKInfo"); if (result != ASN1_SUCCESS) { gnutls_assert (); @@ -303,7 +303,7 @@ gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) **/ int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, - gnutls_x509_crq_t crq) + gnutls_x509_crq_t crq) { size_t i; @@ -325,40 +325,40 @@ gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, oid_size = sizeof (oid); result = gnutls_x509_crq_get_extension_info (crq, i, oid, - &oid_size, &critical); + &oid_size, &critical); if (result < 0) - { - if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + { + if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; - gnutls_assert (); - return result; - } + gnutls_assert (); + return result; + } extensions_size = 0; result = gnutls_x509_crq_get_extension_data (crq, i, NULL, - &extensions_size); + &extensions_size); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } extensions = gnutls_malloc (extensions_size); if (extensions == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } result = gnutls_x509_crq_get_extension_data (crq, i, extensions, - &extensions_size); + &extensions_size); if (result < 0) - { - gnutls_assert (); - gnutls_free (extensions); - return result; - } + { + gnutls_assert (); + gnutls_free (extensions); + return result; + } ext.data = extensions; ext.size = extensions_size; @@ -366,10 +366,10 @@ gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, result = _gnutls_x509_crt_set_extension (crt, oid, &ext, critical); gnutls_free (extensions); if (result < 0) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } if (i > 0) @@ -395,9 +395,9 @@ gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, - const char *oid, const void *buf, - size_t sizeof_buf, - unsigned int critical) + const char *oid, const void *buf, + size_t sizeof_buf, + unsigned int critical) { int result; gnutls_datum_t der_data; @@ -439,7 +439,7 @@ gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, - unsigned int ca, int pathLenConstraint) + unsigned int ca, int pathLenConstraint) { int result; gnutls_datum_t der_data; @@ -453,7 +453,7 @@ gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, /* generate the extension. */ result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint, - &der_data); + &der_data); if (result < 0) { gnutls_assert (); @@ -557,8 +557,8 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) **/ int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const char *data_string) + gnutls_x509_subject_alt_name_t + type, const char *data_string) { if (crt == NULL) { @@ -575,8 +575,8 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, } return gnutls_x509_crt_set_subject_alt_name (crt, type, data_string, - strlen (data_string), - GNUTLS_FSAN_SET); + strlen (data_string), + GNUTLS_FSAN_SET); } /** @@ -607,10 +607,10 @@ gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data, - unsigned int data_size, - unsigned int flags) + gnutls_x509_subject_alt_name_t type, + const void *data, + unsigned int data_size, + unsigned int flags) { int result; gnutls_datum_t der_data = { NULL, 0 }; @@ -629,18 +629,18 @@ gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, if (flags == GNUTLS_FSAN_APPEND) { result = _gnutls_x509_crt_get_extension (crt, "2.5.29.17", 0, - &prev_der_data, &critical); + &prev_der_data, &critical); if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - gnutls_assert (); - return result; - } + { + gnutls_assert (); + return result; + } } /* generate the extension. */ result = _gnutls_x509_ext_gen_subject_alt_name (type, data, data_size, - &prev_der_data, &der_data); + &prev_der_data, &der_data); if (flags == GNUTLS_FSAN_APPEND) _gnutls_free_datum (&prev_der_data); @@ -652,7 +652,7 @@ gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, } result = _gnutls_x509_crt_set_extension (crt, "2.5.29.17", &der_data, - critical); + critical); _gnutls_free_datum (&der_data); @@ -688,9 +688,9 @@ finish: **/ int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, - int pathLenConstraint, - const char *policyLanguage, - const char *policy, size_t sizeof_policy) + int pathLenConstraint, + const char *policyLanguage, + const char *policy, size_t sizeof_policy) { int result; gnutls_datum_t der_data; @@ -704,9 +704,9 @@ gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, /* generate the extension. */ result = _gnutls_x509_ext_gen_proxyCertInfo (pathLenConstraint, - policyLanguage, - policy, sizeof_policy, - &der_data); + policyLanguage, + policy, sizeof_policy, + &der_data); if (result < 0) { gnutls_assert (); @@ -714,7 +714,7 @@ gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, } result = _gnutls_x509_crt_set_extension (crt, "1.3.6.1.5.5.7.1.14", - &der_data, 1); + &der_data, 1); _gnutls_free_datum (&der_data); @@ -748,8 +748,8 @@ gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, unsigned int flags) + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, unsigned int flags) { int result; gnutls_privkey_t privkey; @@ -803,7 +803,7 @@ fail: **/ int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) + gnutls_x509_privkey_t issuer_key) { return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); } @@ -829,8 +829,8 @@ gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time) } return _gnutls_x509_set_time (cert->cert, - "tbsCertificate.validity.notBefore", - act_time); + "tbsCertificate.validity.notBefore", + act_time); } /** @@ -852,7 +852,7 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time) return GNUTLS_E_INVALID_REQUEST; } return _gnutls_x509_set_time (cert->cert, - "tbsCertificate.validity.notAfter", exp_time); + "tbsCertificate.validity.notAfter", exp_time); } /** @@ -871,7 +871,7 @@ gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time) **/ int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial, - size_t serial_size) + size_t serial_size) { int ret; @@ -883,7 +883,7 @@ gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial, ret = asn1_write_value (cert->cert, "tbsCertificate.serialNumber", serial, - serial_size); + serial_size); if (ret != ASN1_SUCCESS) { gnutls_assert (); @@ -928,13 +928,13 @@ disable_optional_stuff (gnutls_x509_crt_t cert) **/ int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data_string, - unsigned int reason_flags) + gnutls_x509_subject_alt_name_t type, + const void *data_string, + unsigned int reason_flags) { return gnutls_x509_crt_set_crl_dist_points2 (crt, type, data_string, - strlen (data_string), - reason_flags); + strlen (data_string), + reason_flags); } /** @@ -954,10 +954,10 @@ gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t type, - const void *data, - unsigned int data_size, - unsigned int reason_flags) + gnutls_x509_subject_alt_name_t type, + const void *data, + unsigned int data_size, + unsigned int reason_flags) { int result; gnutls_datum_t der_data = { NULL, 0 }; @@ -987,7 +987,7 @@ gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, */ result = _gnutls_x509_ext_gen_crl_dist_points (type, data, data_size, - reason_flags, &der_data); + reason_flags, &der_data); if (result < 0) { gnutls_assert (); @@ -1024,7 +1024,7 @@ gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, **/ int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, - gnutls_x509_crt_t src) + gnutls_x509_crt_t src) { int result; gnutls_datum_t der_data; @@ -1040,7 +1040,7 @@ gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, */ result = _gnutls_x509_crt_get_extension (src, "2.5.29.31", 0, &der_data, - &critical); + &critical); if (result < 0) { gnutls_assert (); @@ -1076,7 +1076,7 @@ gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, **/ int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, - const void *id, size_t id_size) + const void *id, size_t id_size) { int result; gnutls_datum_t old_id, der_data; @@ -1139,7 +1139,7 @@ gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, - const void *id, size_t id_size) + const void *id, size_t id_size) { int result; gnutls_datum_t old_id, der_data; @@ -1205,7 +1205,7 @@ gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, - const void *oid, unsigned int critical) + const void *oid, unsigned int critical) { int result; gnutls_datum_t old_id, der_data; @@ -1238,11 +1238,11 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, _gnutls_free_datum (&old_id); if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&c2); - return _gnutls_asn2err (result); - } + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); + } } @@ -1278,7 +1278,7 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, } result = _gnutls_x509_crt_set_extension (cert, "2.5.29.37", - &der_data, critical); + &der_data, critical); _gnutls_free_datum (&der_data); @@ -1313,9 +1313,9 @@ gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, **/ int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_privkey_t issuer_key, - gnutls_digest_algorithm_t dig, - unsigned int flags) + gnutls_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, + unsigned int flags) { int result; @@ -1330,7 +1330,7 @@ gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, disable_optional_stuff (crt); result = _gnutls_x509_pkix_sign (crt->cert, "tbsCertificate", - dig, issuer, issuer_key); + dig, issuer, issuer_key); if (result < 0) { gnutls_assert (); diff --git a/lib/x509_b64.c b/lib/x509_b64.c index a07e8e2b4f..de3c0999ef 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -45,7 +45,7 @@ static const uint8_t asciitable[128] = { 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, - 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */ + 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, @@ -75,17 +75,17 @@ encode (char *result, const uint8_t * data, int left) case 3: result[0] = b64table[(data[0] >> 2)]; result[1] = - b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | - (data[1] >> 4))]; + b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | + (data[1] >> 4))]; result[2] = - b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))]; + b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))]; result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)]; break; case 2: result[0] = b64table[(data[0] >> 2)]; result[1] = - b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | - (data[1] >> 4))]; + b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | + (data[1] >> 4))]; result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)]; result[3] = '='; break; @@ -144,7 +144,7 @@ decode (uint8_t * result, const opaque * data) */ int _gnutls_base64_encode (const uint8_t * data, size_t data_size, - uint8_t ** result) + uint8_t ** result) { unsigned int i, j; int ret, tmp; @@ -160,13 +160,13 @@ _gnutls_base64_encode (const uint8_t * data, size_t data_size, { tmp = encode (tmpres, &data[i], data_size - i); if (tmp == -1) - { - gnutls_free ((*result)); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_free ((*result)); + return GNUTLS_E_MEMORY_ERROR; + } memcpy (&(*result)[j], tmpres, tmp); } - (*result)[ret] = 0; /* null terminated */ + (*result)[ret] = 0; /* null terminated */ return ret; } @@ -186,7 +186,7 @@ _gnutls_base64_encode (const uint8_t * data, size_t data_size, */ int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, - int data_size, uint8_t ** result) + int data_size, uint8_t ** result) { int i, ret, tmp, j; char tmpres[4]; @@ -205,13 +205,13 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, memset (bottom, 0, sizeof (bottom)); memset (top, 0, sizeof (top)); - strcat (top, "-----BEGIN "); /* Flawfinder: ignore */ - strcat (top, msg); /* Flawfinder: ignore */ - strcat (top, "-----"); /* Flawfinder: ignore */ + strcat (top, "-----BEGIN "); /* Flawfinder: ignore */ + strcat (top, msg); /* Flawfinder: ignore */ + strcat (top, "-----"); /* Flawfinder: ignore */ - strcat (bottom, "\n-----END "); /* Flawfinder: ignore */ - strcat (bottom, msg); /* Flawfinder: ignore */ - strcat (bottom, "-----\n"); /* Flawfinder: ignore */ + strcat (bottom, "\n-----END "); /* Flawfinder: ignore */ + strcat (bottom, msg); /* Flawfinder: ignore */ + strcat (bottom, "-----\n"); /* Flawfinder: ignore */ top_len = strlen (top); bottom_len = strlen (bottom); @@ -229,53 +229,53 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, INCR (bytes, top_len); pos = top_len; - strcpy (*result, top); /* Flawfinder: ignore */ + strcpy (*result, top); /* Flawfinder: ignore */ for (i = j = 0; i < data_size; i += 3, j += 4) { tmp = encode (tmpres, &data[i], data_size - i); if (tmp == -1) - { - gnutls_assert (); - gnutls_free ((*result)); - *result = NULL; - return GNUTLS_E_BASE64_ENCODING_ERROR; - } + { + gnutls_assert (); + gnutls_free ((*result)); + *result = NULL; + return GNUTLS_E_BASE64_ENCODING_ERROR; + } INCR (bytes, 4); ptr = &(*result)[j + pos]; if ((j) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } + { + INCR (bytes, 1); + pos++; + *ptr++ = '\n'; + } *ptr++ = tmpres[0]; if ((j + 1) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } + { + INCR (bytes, 1); + pos++; + *ptr++ = '\n'; + } *ptr++ = tmpres[1]; if ((j + 2) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } + { + INCR (bytes, 1); + pos++; + *ptr++ = '\n'; + } *ptr++ = tmpres[2]; if ((j + 3) % 64 == 0) - { - INCR (bytes, 1); - pos++; - *ptr++ = '\n'; - } + { + INCR (bytes, 1); + pos++; + *ptr++ = '\n'; + } *ptr++ = tmpres[3]; } @@ -306,7 +306,7 @@ _gnutls_fbase64_encode (const char *msg, const uint8_t * data, **/ int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, - char *result, size_t * result_size) + char *result, size_t * result_size) { opaque *ret; int size; @@ -349,8 +349,8 @@ gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data, **/ int gnutls_pem_base64_encode_alloc (const char *msg, - const gnutls_datum_t * data, - gnutls_datum_t * result) + const gnutls_datum_t * data, + gnutls_datum_t * result) { opaque *ret; int size; @@ -373,7 +373,7 @@ gnutls_pem_base64_encode_alloc (const char *msg, */ int _gnutls_base64_decode (const uint8_t * data, size_t data_size, - uint8_t ** result) + uint8_t ** result) { unsigned int i, j; int ret, tmp, est; @@ -389,11 +389,11 @@ _gnutls_base64_decode (const uint8_t * data, size_t data_size, { tmp = decode (tmpres, &data[i]); if (tmp < 0) - { - gnutls_free (*result); - *result = NULL; - return tmp; - } + { + gnutls_free (*result); + *result = NULL; + return tmp; + } memcpy (&(*result)[j], tmpres, tmp); ret += tmp; } @@ -415,8 +415,8 @@ cpydata (const uint8_t * data, int data_size, uint8_t ** result) for (j = i = 0; i < data_size; i++) { if (data[i] == '\n' || data[i] == '\r' || data[i] == ' ' - || data[i] == '\t') - continue; + || data[i] == '\t') + continue; (*result)[j] = data[i]; j++; } @@ -431,7 +431,7 @@ cpydata (const uint8_t * data, int data_size, uint8_t ** result) #define ENDSTR "-----" int _gnutls_fbase64_decode (const char *header, const opaque * data, - size_t data_size, uint8_t ** result) + size_t data_size, uint8_t ** result) { int ret; static const char top[] = "-----BEGIN "; @@ -540,8 +540,8 @@ _gnutls_fbase64_decode (const char *header, const opaque * data, **/ int gnutls_pem_base64_decode (const char *header, - const gnutls_datum_t * b64_data, - unsigned char *result, size_t * result_size) + const gnutls_datum_t * b64_data, + unsigned char *result, size_t * result_size) { opaque *ret; int size; @@ -586,8 +586,8 @@ gnutls_pem_base64_decode (const char *header, **/ int gnutls_pem_base64_decode_alloc (const char *header, - const gnutls_datum_t * b64_data, - gnutls_datum_t * result) + const gnutls_datum_t * b64_data, + gnutls_datum_t * result) { opaque *ret; int size; diff --git a/lib/x509_b64.h b/lib/x509_b64.h index 44ed95a2a0..055944ee5f 100644 --- a/lib/x509_b64.h +++ b/lib/x509_b64.h @@ -24,13 +24,13 @@ */ int _gnutls_base64_encode (const uint8_t * data, size_t data_size, - uint8_t ** result); + uint8_t ** result); int _gnutls_fbase64_encode (const char *msg, const uint8_t * data, - int data_size, uint8_t ** result); + int data_size, uint8_t ** result); int _gnutls_base64_decode (const uint8_t * data, size_t data_size, - uint8_t ** result); + uint8_t ** result); int _gnutls_fbase64_decode (const char *header, const uint8_t * data, - size_t data_size, uint8_t ** result); + size_t data_size, uint8_t ** result); #define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4))) diff --git a/libextra/ext_inner_application.c b/libextra/ext_inner_application.c index a72d87bb23..329e4ec9a7 100644 --- a/libextra/ext_inner_application.c +++ b/libextra/ext_inner_application.c @@ -32,10 +32,10 @@ #define YES 1 static int _gnutls_inner_application_recv_params (gnutls_session_t session, - const opaque * data, - size_t data_size); + const opaque * data, + size_t data_size); static int _gnutls_inner_application_send_params (gnutls_session_t session, - opaque * data, size_t); + opaque * data, size_t); static int ia_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv); static int ia_pack (extension_priv_data_t _priv, gnutls_buffer_st * ps); static void ia_deinit_data (extension_priv_data_t priv); @@ -54,7 +54,7 @@ extension_entry_st ext_mod_ia = { static int _gnutls_inner_application_recv_params (gnutls_session_t session, - const opaque * data, size_t data_size) + const opaque * data, size_t data_size) { extension_priv_data_t epriv; ia_ext_st *priv; @@ -68,20 +68,20 @@ _gnutls_inner_application_recv_params (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_INNER_APPLICATION, - epriv); + GNUTLS_EXTENSION_INNER_APPLICATION, + epriv); } else priv = epriv.ptr; @@ -91,7 +91,7 @@ _gnutls_inner_application_recv_params (gnutls_session_t session, switch ((unsigned char) *data) { - case NO: /* Peer's ia_on_resume == no */ + case NO: /* Peer's ia_on_resume == no */ priv->flags |= IA_PEER_ALLOW_SKIP; break; @@ -111,7 +111,7 @@ _gnutls_inner_application_recv_params (gnutls_session_t session, */ static int _gnutls_inner_application_send_params (gnutls_session_t session, - opaque * data, size_t data_size) + opaque * data, size_t data_size) { extension_priv_data_t epriv; ia_ext_st *priv = NULL; @@ -119,20 +119,20 @@ _gnutls_inner_application_send_params (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { priv = gnutls_calloc (1, sizeof (*priv)); if (priv == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } epriv.ptr = priv; _gnutls_ext_set_session_data (session, - GNUTLS_EXTENSION_INNER_APPLICATION, - epriv); + GNUTLS_EXTENSION_INNER_APPLICATION, + epriv); } else priv = epriv.ptr; @@ -143,20 +143,20 @@ _gnutls_inner_application_send_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT) { gnutls_ia_client_credentials_t cred = (gnutls_ia_client_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); if (cred) - priv->flags |= IA_ENABLE; + priv->flags |= IA_ENABLE; } - else /* SERVER */ + else /* SERVER */ { gnutls_ia_server_credentials_t cred; cred = (gnutls_ia_server_credentials_t) - _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); + _gnutls_get_cred (session->key, GNUTLS_CRD_IA, NULL); if (cred) - priv->flags |= IA_PEER_ENABLE; + priv->flags |= IA_PEER_ENABLE; } /* If we don't want gnutls_ia locally, or we are a server and the @@ -188,7 +188,7 @@ _gnutls_inner_application_send_params (gnutls_session_t session, /* Client: value follows local setting */ if (priv->flags & IA_ALLOW_SKIP) - *data = NO; + *data = NO; } else { @@ -206,9 +206,9 @@ _gnutls_inner_application_send_params (gnutls_session_t session, * to record the peer's support for IA at all. Simon? */ if ((priv->flags & IA_ALLOW_SKIP) && - (priv->flags & IA_PEER_ALLOW_SKIP) && - session->internals.resumed == RESUME_TRUE) - *data = NO; + (priv->flags & IA_PEER_ALLOW_SKIP) && + session->internals.resumed == RESUME_TRUE) + *data = NO; } return 1; diff --git a/libextra/ext_inner_application.h b/libextra/ext_inner_application.h index 8590841e14..a137c08c2d 100644 --- a/libextra/ext_inner_application.h +++ b/libextra/ext_inner_application.h @@ -49,7 +49,7 @@ _gnutls_ia_derive_inner_secret (gnutls_session_t session) ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { return; @@ -57,7 +57,7 @@ _gnutls_ia_derive_inner_secret (gnutls_session_t session) priv = epriv.ptr; memcpy (priv->inner_secret, - session->security_parameters.master_secret, GNUTLS_MASTER_SIZE); + session->security_parameters.master_secret, GNUTLS_MASTER_SIZE); } diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c index b5772d592f..e890fbf43f 100644 --- a/libextra/gnutls_extra.c +++ b/libextra/gnutls_extra.c @@ -65,7 +65,7 @@ _gnutls_add_lzo_comp (void) for (i = 0; i < _gnutls_comp_algorithms_size; i++) { if (_gnutls_compression_algorithms[i].name == NULL) - break; + break; } if (_gnutls_compression_algorithms[i].name == NULL @@ -81,7 +81,7 @@ _gnutls_add_lzo_comp (void) _gnutls_lzo1x_decompress_safe = lzo1x_decompress_safe; _gnutls_lzo1x_1_compress = lzo1x_1_compress; - return 0; /* ok */ + return 0; /* ok */ } @@ -157,8 +157,8 @@ gnutls_global_init_extra (void) { ret = gnutls_register_md5_handler (); if (ret) - fprintf (stderr, "gnutls_register_md5_handler: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "gnutls_register_md5_handler: %s\n", + gnutls_strerror (ret)); } #endif #endif diff --git a/libextra/gnutls_ia.c b/libextra/gnutls_ia.c index 65d75a8d8c..e692bde43f 100644 --- a/libextra/gnutls_ia.c +++ b/libextra/gnutls_ia.c @@ -75,8 +75,8 @@ static const char challenge_label[] = "inner application challenge"; with data==NULL&&sizeofdata=0NULL until it returns successfully. */ static ssize_t _gnutls_send_inner_application (gnutls_session_t session, - gnutls_ia_apptype_t msg_type, - const char *data, size_t sizeofdata) + gnutls_ia_apptype_t msg_type, + const char *data, size_t sizeofdata) { opaque *p = NULL; size_t plen = 0; @@ -87,10 +87,10 @@ _gnutls_send_inner_application (gnutls_session_t session, plen = sizeofdata + 4; p = gnutls_malloc (plen); if (!p) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } *(unsigned char *) p = (unsigned char) (msg_type & 0xFF); _gnutls_write_uint24 (sizeofdata, p + 1); @@ -99,7 +99,7 @@ _gnutls_send_inner_application (gnutls_session_t session, len = _gnutls_send_int (session, GNUTLS_INNER_APPLICATION, -1, - EPOCH_WRITE_CURRENT, p, plen, MBUFFER_FLUSH); + EPOCH_WRITE_CURRENT, p, plen, MBUFFER_FLUSH); if (p) gnutls_free (p); @@ -112,8 +112,8 @@ _gnutls_send_inner_application (gnutls_session_t session, number of bytes read, or an error code. */ static ssize_t _gnutls_recv_inner_application (gnutls_session_t session, - gnutls_ia_apptype_t * msg_type, - opaque * data, size_t sizeofdata) + gnutls_ia_apptype_t * msg_type, + opaque * data, size_t sizeofdata) { ssize_t len; uint32_t len24; @@ -147,13 +147,13 @@ _gnutls_recv_inner_application (gnutls_session_t session, uint32_t tmplen = len24; len24 = _gnutls_recv_int (session, GNUTLS_INNER_APPLICATION, -1, - data, tmplen); + data, tmplen); if (len24 != tmplen) - { - gnutls_assert (); - /* XXX Correct? */ - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } + { + gnutls_assert (); + /* XXX Correct? */ + return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; + } } return len24; @@ -166,10 +166,10 @@ _gnutls_recv_inner_application (gnutls_session_t session, result is placed in pre-allocated OUT of OUTSIZE length. */ static int _gnutls_ia_prf (gnutls_session_t session, - size_t label_size, - const char *label, - size_t extra_size, - const char *extra, size_t outsize, opaque * out) + size_t label_size, + const char *label, + size_t extra_size, + const char *extra, size_t outsize, opaque * out) { int ret; opaque *seed; @@ -179,7 +179,7 @@ _gnutls_ia_prf (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -195,14 +195,14 @@ _gnutls_ia_prf (gnutls_session_t session, } memcpy (seed, session->security_parameters.server_random, - GNUTLS_RANDOM_SIZE); + GNUTLS_RANDOM_SIZE); memcpy (seed + GNUTLS_RANDOM_SIZE, - session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); + session->security_parameters.client_random, GNUTLS_RANDOM_SIZE); memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size); ret = _gnutls_PRF (session, priv->inner_secret, - GNUTLS_MASTER_SIZE, - label, label_size, seed, seedsize, outsize, out); + GNUTLS_MASTER_SIZE, + label, label_size, seed, seedsize, outsize, out); gnutls_free (seed); @@ -225,8 +225,8 @@ _gnutls_ia_prf (gnutls_session_t session, **/ int gnutls_ia_permute_inner_secret (gnutls_session_t session, - size_t session_keys_size, - const char *session_keys) + size_t session_keys_size, + const char *session_keys) { extension_priv_data_t epriv; ia_ext_st *priv; @@ -234,7 +234,7 @@ gnutls_ia_permute_inner_secret (gnutls_session_t session, ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -243,11 +243,11 @@ gnutls_ia_permute_inner_secret (gnutls_session_t session, priv = epriv.ptr; return _gnutls_ia_prf (session, - sizeof (inner_permutation_label) - 1, - inner_permutation_label, - session_keys_size, - session_keys, - GNUTLS_RANDOM_SIZE, priv->inner_secret); + sizeof (inner_permutation_label) - 1, + inner_permutation_label, + session_keys_size, + session_keys, + GNUTLS_RANDOM_SIZE, priv->inner_secret); } /** @@ -263,11 +263,11 @@ gnutls_ia_permute_inner_secret (gnutls_session_t session, **/ int gnutls_ia_generate_challenge (gnutls_session_t session, - size_t buffer_size, char *buffer) + size_t buffer_size, char *buffer) { return _gnutls_ia_prf (session, - sizeof (challenge_label) - 1, - challenge_label, 0, NULL, buffer_size, buffer); + sizeof (challenge_label) - 1, + challenge_label, 0, NULL, buffer_size, buffer); } /** @@ -295,7 +295,7 @@ gnutls_ia_extract_inner_secret (gnutls_session_t session, char *buffer) ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -336,7 +336,7 @@ gnutls_ia_endphase_send (gnutls_session_t session, int final_p) ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -345,9 +345,9 @@ gnutls_ia_endphase_send (gnutls_session_t session, int final_p) priv = epriv.ptr; ret = _gnutls_PRF (session, priv->inner_secret, - GNUTLS_MASTER_SIZE, label, size_of_label - 1, - /* XXX specification unclear on seed. */ - "", 0, CHECKSUM_SIZE, local_checksum); + GNUTLS_MASTER_SIZE, label, size_of_label - 1, + /* XXX specification unclear on seed. */ + "", 0, CHECKSUM_SIZE, local_checksum); if (ret < 0) return ret; @@ -401,7 +401,7 @@ gnutls_ia_verify_endphase (gnutls_session_t session, const char *checksum) ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -410,9 +410,9 @@ gnutls_ia_verify_endphase (gnutls_session_t session, const char *checksum) priv = epriv.ptr; ret = _gnutls_PRF (session, priv->inner_secret, - GNUTLS_MASTER_SIZE, - label, size_of_label - 1, - "", 0, CHECKSUM_SIZE, local_checksum); + GNUTLS_MASTER_SIZE, + label, size_of_label - 1, + "", 0, CHECKSUM_SIZE, local_checksum); if (ret < 0) { gnutls_assert (); @@ -422,12 +422,12 @@ gnutls_ia_verify_endphase (gnutls_session_t session, const char *checksum) if (memcmp (local_checksum, checksum, CHECKSUM_SIZE) != 0) { ret = gnutls_alert_send (session, GNUTLS_AL_FATAL, - GNUTLS_A_INNER_APPLICATION_VERIFICATION); + GNUTLS_A_INNER_APPLICATION_VERIFICATION); if (ret < 0) - { - gnutls_assert (); - return ret; - } + { + gnutls_assert (); + return ret; + } return GNUTLS_E_IA_VERIFY_FAILED; } @@ -468,8 +468,8 @@ gnutls_ia_send (gnutls_session_t session, const char *data, size_t sizeofdata) ssize_t len; len = _gnutls_send_inner_application (session, - GNUTLS_IA_APPLICATION_PAYLOAD, - data, sizeofdata); + GNUTLS_IA_APPLICATION_PAYLOAD, + data, sizeofdata); return len; } @@ -527,7 +527,7 @@ _gnutls_ia_client_handshake (gnutls_session_t session) { char *buf = NULL; size_t buflen = 0; - char tmp[1024]; /* XXX */ + char tmp[1024]; /* XXX */ ssize_t len; int ret; const struct gnutls_ia_client_credentials_st *cred = @@ -542,47 +542,47 @@ _gnutls_ia_client_handshake (gnutls_session_t session) size_t avplen; ret = cred->avp_func (session, cred->avp_ptr, - buf, buflen, &avp, &avplen); + buf, buflen, &avp, &avplen); if (ret) - { - int tmpret; - tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL, - GNUTLS_A_INNER_APPLICATION_FAILURE); - if (tmpret < 0) - gnutls_assert (); - return ret; - } + { + int tmpret; + tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL, + GNUTLS_A_INNER_APPLICATION_FAILURE); + if (tmpret < 0) + gnutls_assert (); + return ret; + } len = gnutls_ia_send (session, avp, avplen); gnutls_free (avp); if (len < 0) - return len; + return len; len = gnutls_ia_recv (session, tmp, sizeof (tmp)); if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED || - len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED) - { - ret = gnutls_ia_verify_endphase (session, tmp); - if (ret < 0) - return ret; - - ret = gnutls_ia_endphase_send - (session, len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED); - if (ret < 0) - return ret; - } + len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED) + { + ret = gnutls_ia_verify_endphase (session, tmp); + if (ret < 0) + return ret; + + ret = gnutls_ia_endphase_send + (session, len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED); + if (ret < 0) + return ret; + } if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED) - { - buf = NULL; - buflen = 0; - continue; - } + { + buf = NULL; + buflen = 0; + continue; + } else if (len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED) - break; + break; if (len < 0) - return len; + return len; buflen = len; buf = tmp; @@ -611,51 +611,51 @@ _gnutls_ia_server_handshake (gnutls_session_t session) len = gnutls_ia_recv (session, buf, sizeof (buf)); if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED || - len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED) - { - ret = gnutls_ia_verify_endphase (session, buf); - if (ret < 0) - return ret; - } + len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED) + { + ret = gnutls_ia_verify_endphase (session, buf); + if (ret < 0) + return ret; + } if (len == GNUTLS_E_WARNING_IA_IPHF_RECEIVED) - continue; + continue; else if (len == GNUTLS_E_WARNING_IA_FPHF_RECEIVED) - break; + break; if (len < 0) - return len; + return len; avp = NULL; avplen = 0; ret = cred->avp_func (session, cred->avp_ptr, buf, len, &avp, &avplen); if (ret < 0) - { - int tmpret; - tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL, - GNUTLS_A_INNER_APPLICATION_FAILURE); - if (tmpret < 0) - gnutls_assert (); - return ret; - } + { + int tmpret; + tmpret = gnutls_alert_send (session, GNUTLS_AL_FATAL, + GNUTLS_A_INNER_APPLICATION_FAILURE); + if (tmpret < 0) + gnutls_assert (); + return ret; + } msg_type = ret; if (msg_type != GNUTLS_IA_APPLICATION_PAYLOAD) - { - ret = gnutls_ia_endphase_send (session, msg_type == - GNUTLS_IA_FINAL_PHASE_FINISHED); - if (ret < 0) - return ret; - } + { + ret = gnutls_ia_endphase_send (session, msg_type == + GNUTLS_IA_FINAL_PHASE_FINISHED); + if (ret < 0) + return ret; + } else - { - len = gnutls_ia_send (session, avp, avplen); - gnutls_free (avp); - if (len < 0) - return len; - } + { + len = gnutls_ia_send (session, avp, avplen); + gnutls_free (avp); + if (len < 0) + return len; + } } while (1); @@ -681,7 +681,7 @@ gnutls_ia_handshake_p (gnutls_session_t session) ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME, - &epriv); + &epriv); if (ret < 0) { gnutls_assert (); @@ -804,7 +804,7 @@ gnutls_ia_free_client_credentials (gnutls_ia_client_credentials_t sc) **/ void gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred, - gnutls_ia_avp_func avp_func) + gnutls_ia_avp_func avp_func) { cred->avp_func = avp_func; } @@ -920,7 +920,7 @@ gnutls_ia_free_server_credentials (gnutls_ia_server_credentials_t sc) **/ void gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred, - gnutls_ia_avp_func avp_func) + gnutls_ia_avp_func avp_func) { cred->avp_func = avp_func; } @@ -999,6 +999,6 @@ gnutls_ia_enable (gnutls_session_t session, int allow_skip_on_resume) priv->flags |= IA_ALLOW_SKIP; _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, - epriv); + epriv); } diff --git a/libextra/gnutls_openssl.c b/libextra/gnutls_openssl.c index 6d33c8f01d..74feafb9bb 100644 --- a/libextra/gnutls_openssl.c +++ b/libextra/gnutls_openssl.c @@ -114,7 +114,7 @@ SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, int type) void SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode, - int (*verify_callback) (int, X509_STORE_CTX *)) + int (*verify_callback) (int, X509_STORE_CTX *)) { ctx->verify_mode = verify_mode; ctx->verify_callback = verify_callback; @@ -232,24 +232,24 @@ SSL_new (SSL_CTX * ctx) gnutls_init (&ssl->gnutls_state, ctx->method->connend); gnutls_protocol_set_priority (ssl->gnutls_state, - ctx->method->protocol_priority); + ctx->method->protocol_priority); gnutls_cipher_set_priority (ssl->gnutls_state, - ctx->method->cipher_priority); + ctx->method->cipher_priority); gnutls_compression_set_priority (ssl->gnutls_state, - ctx->method->comp_priority); + ctx->method->comp_priority); gnutls_kx_set_priority (ssl->gnutls_state, ctx->method->kx_priority); gnutls_mac_set_priority (ssl->gnutls_state, ctx->method->mac_priority); gnutls_credentials_set (ssl->gnutls_state, GNUTLS_CRD_CERTIFICATE, - ssl->gnutls_cred); + ssl->gnutls_cred); if (ctx->certfile) gnutls_certificate_set_x509_trust_file (ssl->gnutls_cred, - ctx->certfile, - ctx->certfile_type); + ctx->certfile, + ctx->certfile_type); if (ctx->keyfile) gnutls_certificate_set_x509_key_file (ssl->gnutls_cred, - ctx->certfile, ctx->keyfile, - ctx->keyfile_type); + ctx->certfile, ctx->keyfile, + ctx->keyfile_type); ssl->ctx = ctx; ssl->verify_mode = ctx->verify_mode; ssl->verify_callback = ctx->verify_callback; @@ -333,7 +333,7 @@ SSL_pending (SSL * ssl) void SSL_set_verify (SSL * ssl, int verify_mode, - int (*verify_callback) (int, X509_STORE_CTX *)) + int (*verify_callback) (int, X509_STORE_CTX *)) { ssl->verify_mode = verify_mode; ssl->verify_callback = verify_callback; @@ -346,7 +346,7 @@ SSL_get_peer_certificate (SSL * ssl) int cert_list_size = 0; cert_list = gnutls_certificate_get_peers (ssl->gnutls_state, - &cert_list_size); + &cert_list_size); return cert_list; } @@ -367,17 +367,17 @@ SSL_connect (SSL * ssl) if (ssl->options & SSL_OP_NO_TLSv1) { for (i = 0, j = 0; - i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++) - { - if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1) - j++; - else - x_priority[i] = ssl->ctx->method->protocol_priority[j]; - } + i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++) + { + if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1) + j++; + else + x_priority[i] = ssl->ctx->method->protocol_priority[j]; + } if (i < GNUTLS_MAX_ALGORITHM_NUM) - x_priority[i] = 0; + x_priority[i] = 0; gnutls_protocol_set_priority (ssl->gnutls_state, - ssl->ctx->method->protocol_priority); + ssl->ctx->method->protocol_priority); } err = gnutls_handshake (ssl->gnutls_state); @@ -392,7 +392,7 @@ SSL_connect (SSL * ssl) store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX)); store->ssl = ssl; store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state, - &cert_list_size); + &cert_list_size); if (ssl->verify_callback) { @@ -422,17 +422,17 @@ SSL_accept (SSL * ssl) if (ssl->options & SSL_OP_NO_TLSv1) { for (i = 0, j = 0; - i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++) - { - if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1) - j++; - else - x_priority[i] = ssl->ctx->method->protocol_priority[j]; - } + i < GNUTLS_MAX_ALGORITHM_NUM && x_priority[i] != 0; i++, j++) + { + if (ssl->ctx->method->protocol_priority[j] == GNUTLS_TLS1) + j++; + else + x_priority[i] = ssl->ctx->method->protocol_priority[j]; + } if (i < GNUTLS_MAX_ALGORITHM_NUM) - x_priority[i] = 0; + x_priority[i] = 0; gnutls_protocol_set_priority (ssl->gnutls_state, - ssl->ctx->method->protocol_priority); + ssl->ctx->method->protocol_priority); } /* FIXME: dh params, do we want client cert? */ @@ -449,7 +449,7 @@ SSL_accept (SSL * ssl) store = (X509_STORE_CTX *) calloc (1, sizeof (X509_STORE_CTX)); store->ssl = ssl; store->cert_list = gnutls_certificate_get_peers (ssl->gnutls_state, - &cert_list_size); + &cert_list_size); if (ssl->verify_callback) { @@ -788,7 +788,7 @@ SSL_CIPHER_get_name (SSL_CIPHER * cipher) return ("NONE"); return gnutls_cipher_suite_get_name (cipher->kx, - cipher->cipher, cipher->mac); + cipher->cipher, cipher->mac); } int @@ -843,13 +843,13 @@ SSL_CIPHER_description (SSL_CIPHER * cipher, char *buf, int size) } if (snprintf (tmpbuf, tmpsize, "%s %s %s %s", - gnutls_protocol_get_name (cipher->version), - gnutls_kx_get_name (cipher->kx), - gnutls_cipher_get_name (cipher->cipher), - gnutls_mac_get_name (cipher->mac)) == -1) + gnutls_protocol_get_name (cipher->version), + gnutls_kx_get_name (cipher->kx), + gnutls_cipher_get_name (cipher->cipher), + gnutls_mac_get_name (cipher->mac)) == -1) { if (local_alloc) - free (tmpbuf); + free (tmpbuf); return (char *) "Buffer too small"; } @@ -894,10 +894,10 @@ X509_NAME_oneline (gnutls_x509_dn * name, char *buf, int len) memset (buf, 0, len); snprintf (buf, len - 1, - "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s", - name->country, name->state_or_province_name, - name->locality_name, name->organization, - name->organizational_unit_name, name->common_name, name->email); + "C=%s, ST=%s, L=%s, O=%s, OU=%s, CN=%s/Email=%s", + name->country, name->state_or_province_name, + name->locality_name, name->organization, + name->organizational_unit_name, name->common_name, name->email); return buf; } diff --git a/libextra/includes/gnutls/extra.h b/libextra/includes/gnutls/extra.h index 4e93aaea1a..1218fc1344 100644 --- a/libextra/includes/gnutls/extra.h +++ b/libextra/includes/gnutls/extra.h @@ -61,8 +61,8 @@ extern "C" */ typedef int (*gnutls_ia_avp_func) (gnutls_session_t session, void *ptr, - const char *last, size_t lastlen, - char **next, size_t * nextlen); + const char *last, size_t lastlen, + char **next, size_t * nextlen); typedef struct gnutls_ia_server_credentials_st *gnutls_ia_server_credentials_t; @@ -74,33 +74,33 @@ extern "C" gnutls_ia_free_client_credentials (gnutls_ia_client_credentials_t sc); extern int gnutls_ia_allocate_client_credentials (gnutls_ia_client_credentials_t * - sc); + sc); extern void gnutls_ia_free_server_credentials (gnutls_ia_server_credentials_t sc); extern int gnutls_ia_allocate_server_credentials (gnutls_ia_server_credentials_t * - sc); + sc); /* Client TLS/IA credential functions. */ extern void gnutls_ia_set_client_avp_function (gnutls_ia_client_credentials_t cred, - gnutls_ia_avp_func avp_func); + gnutls_ia_avp_func avp_func); extern void gnutls_ia_set_client_avp_ptr (gnutls_ia_client_credentials_t cred, - void *ptr); + void *ptr); extern void *gnutls_ia_get_client_avp_ptr (gnutls_ia_client_credentials_t - cred); + cred); /* Server TLS/IA credential functions. */ extern void gnutls_ia_set_server_avp_function (gnutls_ia_server_credentials_t cred, - gnutls_ia_avp_func avp_func); + gnutls_ia_avp_func avp_func); extern void gnutls_ia_set_server_avp_ptr (gnutls_ia_server_credentials_t cred, - void *ptr); + void *ptr); extern void *gnutls_ia_get_server_avp_ptr (gnutls_ia_server_credentials_t - cred); + cred); /* TLS/IA handshake. */ extern int gnutls_ia_handshake_p (gnutls_session_t session); @@ -110,27 +110,27 @@ extern "C" /* TLS/IA low level interface. */ extern int gnutls_ia_permute_inner_secret (gnutls_session_t session, - size_t session_keys_size, - const char *session_keys); + size_t session_keys_size, + const char *session_keys); extern int gnutls_ia_endphase_send (gnutls_session_t session, int final_p); extern int gnutls_ia_verify_endphase (gnutls_session_t session, - const char *checksum); + const char *checksum); extern ssize_t gnutls_ia_send (gnutls_session_t session, - const char *data, size_t sizeofdata); + const char *data, size_t sizeofdata); extern ssize_t gnutls_ia_recv (gnutls_session_t session, - char *data, size_t sizeofdata); + char *data, size_t sizeofdata); /* Utility stuff. */ extern int gnutls_ia_generate_challenge (gnutls_session_t session, - size_t buffer_size, char *buffer); + size_t buffer_size, char *buffer); extern void gnutls_ia_extract_inner_secret (gnutls_session_t session, - char *buffer); + char *buffer); /* Define whether inner phases are wanted. */ extern void gnutls_ia_enable (gnutls_session_t session, - int allow_skip_on_resume); + int allow_skip_on_resume); int gnutls_global_init_extra (void); diff --git a/libextra/includes/gnutls/openssl.h b/libextra/includes/gnutls/openssl.h index be326f0c14..6397fd4c93 100644 --- a/libextra/includes/gnutls/openssl.h +++ b/libextra/includes/gnutls/openssl.h @@ -202,11 +202,11 @@ extern "C" void SSL_CTX_free (SSL_CTX * ctx); int SSL_CTX_set_default_verify_paths (SSL_CTX * ctx); int SSL_CTX_use_certificate_file (SSL_CTX * ctx, const char *certfile, - int type); + int type); int SSL_CTX_use_PrivateKey_file (SSL_CTX * ctx, const char *keyfile, - int type); + int type); void SSL_CTX_set_verify (SSL_CTX * ctx, int verify_mode, - int (*verify_callback) (int, X509_STORE_CTX *)); + int (*verify_callback) (int, X509_STORE_CTX *)); unsigned long SSL_CTX_set_options (SSL_CTX * ctx, unsigned long options); long SSL_CTX_set_mode (SSL_CTX * ctx, long mode); int SSL_CTX_set_cipher_list (SSL_CTX * ctx, const char *list); @@ -239,7 +239,7 @@ extern "C" void SSL_set_connect_state (SSL * ssl); int SSL_pending (SSL * ssl); void SSL_set_verify (SSL * ssl, int verify_mode, - int (*verify_callback) (int, X509_STORE_CTX *)); + int (*verify_callback) (int, X509_STORE_CTX *)); const X509 *SSL_get_peer_certificate (SSL * ssl); /* SSL connection open/close/read/write functions */ @@ -322,13 +322,13 @@ extern "C" void MD5_Update (MD5_CTX * ctx, const void *buf, int len); void MD5_Final (unsigned char *md, MD5_CTX * ctx); unsigned char *MD5 (const unsigned char *buf, unsigned long len, - unsigned char *md); + unsigned char *md); void RIPEMD160_Init (RIPEMD160_CTX * ctx); void RIPEMD160_Update (RIPEMD160_CTX * ctx, const void *buf, int len); void RIPEMD160_Final (unsigned char *md, RIPEMD160_CTX * ctx); unsigned char *RIPEMD160 (const unsigned char *buf, unsigned long len, - unsigned char *md); + unsigned char *md); #ifdef __cplusplus } diff --git a/libextra/openssl_compat.c b/libextra/openssl_compat.c index 5c5ae02f4a..83b8a1670c 100644 --- a/libextra/openssl_compat.c +++ b/libextra/openssl_compat.c @@ -29,7 +29,7 @@ #include <gnutls_global.h> #include <gnutls_errors.h> -#include <string.h> /* memset */ +#include <string.h> /* memset */ #include <x509/x509_int.h> #include <libtasn1.h> #include <gnutls/x509.h> @@ -54,7 +54,7 @@ gnutls_x509_extract_dn (const gnutls_datum_t * idn, gnutls_x509_dn * rdn) if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) + "PKIX1.Name", &dn)) != ASN1_SUCCESS) { return _gnutls_asn2err (result); } @@ -71,33 +71,33 @@ gnutls_x509_extract_dn (const gnutls_datum_t * idn, gnutls_x509_dn * rdn) len = sizeof (rdn->country); _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, 0, - rdn->country, &len); + rdn->country, &len); len = sizeof (rdn->organization); _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0, - 0, rdn->organization, &len); + 0, rdn->organization, &len); len = sizeof (rdn->organizational_unit_name); _gnutls_x509_parse_dn_oid (dn, "", - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, - 0, rdn->organizational_unit_name, &len); + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, + 0, rdn->organizational_unit_name, &len); len = sizeof (rdn->common_name); _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, 0, - rdn->common_name, &len); + rdn->common_name, &len); len = sizeof (rdn->locality_name); _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, 0, - rdn->locality_name, &len); + rdn->locality_name, &len); len = sizeof (rdn->state_or_province_name); _gnutls_x509_parse_dn_oid (dn, "", - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0, - rdn->state_or_province_name, &len); + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, 0, + rdn->state_or_province_name, &len); len = sizeof (rdn->email); _gnutls_x509_parse_dn_oid (dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, 0, - rdn->email, &len); + rdn->email, &len); asn1_delete_structure (&dn); @@ -116,7 +116,7 @@ gnutls_x509_extract_dn (const gnutls_datum_t * idn, gnutls_x509_dn * rdn) -*/ int gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert, - gnutls_x509_dn * ret) + gnutls_x509_dn * ret) { gnutls_x509_crt_t xcert; int result; @@ -135,33 +135,33 @@ gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert, len = sizeof (ret->country); gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COUNTRY_NAME, 0, - 0, ret->country, &len); + 0, ret->country, &len); len = sizeof (ret->organization); gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_ORGANIZATION_NAME, - 0, 0, ret->organization, &len); + 0, 0, ret->organization, &len); len = sizeof (ret->organizational_unit_name); gnutls_x509_crt_get_dn_by_oid (xcert, - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, - 0, 0, ret->organizational_unit_name, &len); + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, + 0, 0, ret->organizational_unit_name, &len); len = sizeof (ret->common_name); gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_COMMON_NAME, 0, 0, - ret->common_name, &len); + ret->common_name, &len); len = sizeof (ret->locality_name); gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_X520_LOCALITY_NAME, 0, - 0, ret->locality_name, &len); + 0, ret->locality_name, &len); len = sizeof (ret->state_or_province_name); gnutls_x509_crt_get_dn_by_oid (xcert, - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, - 0, 0, ret->state_or_province_name, &len); + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, + 0, 0, ret->state_or_province_name, &len); len = sizeof (ret->email); gnutls_x509_crt_get_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0, 0, - ret->email, &len); + ret->email, &len); gnutls_x509_crt_deinit (xcert); @@ -180,7 +180,7 @@ gnutls_x509_extract_certificate_dn (const gnutls_datum_t * cert, -*/ int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert, - gnutls_x509_dn * ret) + gnutls_x509_dn * ret) { gnutls_x509_crt_t xcert; int result; @@ -199,39 +199,39 @@ gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert, len = sizeof (ret->country); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, - GNUTLS_OID_X520_COUNTRY_NAME, 0, - 0, ret->country, &len); + GNUTLS_OID_X520_COUNTRY_NAME, 0, + 0, ret->country, &len); len = sizeof (ret->organization); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, - GNUTLS_OID_X520_ORGANIZATION_NAME, - 0, 0, ret->organization, &len); + GNUTLS_OID_X520_ORGANIZATION_NAME, + 0, 0, ret->organization, &len); len = sizeof (ret->organizational_unit_name); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, - 0, 0, - ret->organizational_unit_name, &len); + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, + 0, 0, + ret->organizational_unit_name, &len); len = sizeof (ret->common_name); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, - GNUTLS_OID_X520_COMMON_NAME, 0, 0, - ret->common_name, &len); + GNUTLS_OID_X520_COMMON_NAME, 0, 0, + ret->common_name, &len); len = sizeof (ret->locality_name); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, - GNUTLS_OID_X520_LOCALITY_NAME, 0, - 0, ret->locality_name, &len); + GNUTLS_OID_X520_LOCALITY_NAME, 0, + 0, ret->locality_name, &len); len = sizeof (ret->state_or_province_name); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, - 0, 0, ret->state_or_province_name, - &len); + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, + 0, 0, ret->state_or_province_name, + &len); len = sizeof (ret->email); gnutls_x509_crt_get_issuer_dn_by_oid (xcert, GNUTLS_OID_PKCS9_EMAIL, 0, - 0, ret->email, &len); + 0, ret->email, &len); gnutls_x509_crt_deinit (xcert); @@ -258,8 +258,8 @@ gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t * cert, -*/ int gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t * - cert, int seq, - char *ret, int *ret_size) + cert, int seq, + char *ret, int *ret_size) { gnutls_x509_crt_t xcert; int result; @@ -434,7 +434,7 @@ gnutls_x509_extract_certificate_version (const gnutls_datum_t * cert) -*/ int gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert, - char *result, int *result_size) + char *result, int *result_size) { gnutls_x509_crt_t xcert; size_t size = *result_size; @@ -478,7 +478,7 @@ gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert, -*/ int gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t * - cert, int *bits) + cert, int *bits) { gnutls_x509_crt_t xcert; int result; @@ -518,9 +518,9 @@ gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t * -*/ int gnutls_x509_extract_certificate_dn_string (char *buf, - unsigned int sizeof_buf, - const gnutls_datum_t * cert, - int issuer) + unsigned int sizeof_buf, + const gnutls_datum_t * cert, + int issuer) { gnutls_x509_crt_t xcert; int result; @@ -584,11 +584,11 @@ gnutls_x509_extract_certificate_dn_string (char *buf, -*/ int gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, - int cert_list_length, - const gnutls_datum_t * CA_list, - int CA_list_length, - const gnutls_datum_t * CRL_list, - int CRL_list_length) + int cert_list_length, + const gnutls_datum_t * CA_list, + int CA_list_length, + const gnutls_datum_t * CRL_list, + int CRL_list_length) { unsigned int verify; gnutls_x509_crt_t *peer_certificate_list = NULL; @@ -640,19 +640,19 @@ gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, { ret = gnutls_x509_crt_init (&peer_certificate_list[i]); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } ret = - gnutls_x509_crt_import (peer_certificate_list[i], - &cert_list[i], GNUTLS_X509_FMT_DER); + gnutls_x509_crt_import (peer_certificate_list[i], + &cert_list[i], GNUTLS_X509_FMT_DER); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } /* convert CA_list to gnutls_x509_cert* list @@ -661,19 +661,19 @@ gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, { ret = gnutls_x509_crt_init (&ca_certificate_list[i]); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } ret = - gnutls_x509_crt_import (ca_certificate_list[i], - &CA_list[i], GNUTLS_X509_FMT_DER); + gnutls_x509_crt_import (ca_certificate_list[i], + &CA_list[i], GNUTLS_X509_FMT_DER); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } #ifdef ENABLE_PKI @@ -683,19 +683,19 @@ gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, { ret = gnutls_x509_crl_init (&crl_list[i]); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } ret = - gnutls_x509_crl_import (crl_list[i], - &CRL_list[i], GNUTLS_X509_FMT_DER); + gnutls_x509_crl_import (crl_list[i], + &CRL_list[i], GNUTLS_X509_FMT_DER); if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } + { + gnutls_assert (); + goto cleanup; + } } #endif @@ -703,10 +703,10 @@ gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, */ ret = gnutls_x509_crt_list_verify (peer_certificate_list, - peer_certificate_list_size, - ca_certificate_list, - ca_certificate_list_size, crl_list, - crl_list_size, 0, &verify); + peer_certificate_list_size, + ca_certificate_list, + ca_certificate_list_size, crl_list, + crl_list_size, 0, &verify); if (ret < 0) { @@ -721,22 +721,22 @@ cleanup: if (peer_certificate_list != NULL) for (x = 0; x < peer_certificate_list_size; x++) { - if (peer_certificate_list[x] != NULL) - gnutls_x509_crt_deinit (peer_certificate_list[x]); + if (peer_certificate_list[x] != NULL) + gnutls_x509_crt_deinit (peer_certificate_list[x]); } if (ca_certificate_list != NULL) for (x = 0; x < ca_certificate_list_size; x++) { - if (ca_certificate_list[x] != NULL) - gnutls_x509_crt_deinit (ca_certificate_list[x]); + if (ca_certificate_list[x] != NULL) + gnutls_x509_crt_deinit (ca_certificate_list[x]); } #ifdef ENABLE_PKI if (crl_list != NULL) for (x = 0; x < crl_list_size; x++) { - if (crl_list[x] != NULL) - gnutls_x509_crl_deinit (crl_list[x]); + if (crl_list[x] != NULL) + gnutls_x509_crl_deinit (crl_list[x]); } gnutls_free (crl_list); @@ -802,9 +802,9 @@ gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key) -*/ int gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t * - pkcs7_struct, int indx, - char *certificate, - int *certificate_size) + pkcs7_struct, int indx, + char *certificate, + int *certificate_size) { gnutls_pkcs7_t pkcs7; int result; diff --git a/libextra/openssl_compat.h b/libextra/openssl_compat.h index 4720ad1e81..52484f2b19 100644 --- a/libextra/openssl_compat.h +++ b/libextra/openssl_compat.h @@ -31,40 +31,40 @@ int gnutls_x509_extract_dn (const gnutls_datum_t *, gnutls_x509_dn *); int gnutls_x509_extract_dn_string (const gnutls_datum_t * idn, - char *buf, unsigned int sizeof_buf); + char *buf, unsigned int sizeof_buf); int gnutls_x509_extract_certificate_dn (const gnutls_datum_t *, - gnutls_x509_dn *); + gnutls_x509_dn *); int gnutls_x509_extract_certificate_dn_string (char *buf, - unsigned int sizeof_buf, - const gnutls_datum_t * cert, - int issuer); + unsigned int sizeof_buf, + const gnutls_datum_t * cert, + int issuer); int gnutls_x509_extract_certificate_issuer_dn (const gnutls_datum_t *, - gnutls_x509_dn *); + gnutls_x509_dn *); int gnutls_x509_extract_certificate_version (const gnutls_datum_t *); int gnutls_x509_extract_certificate_serial (const gnutls_datum_t * cert, - char *result, int *result_size); + char *result, int *result_size); time_t gnutls_x509_extract_certificate_activation_time (const gnutls_datum_t - *); + *); time_t gnutls_x509_extract_certificate_expiration_time (const gnutls_datum_t - *); + *); int gnutls_x509_extract_certificate_subject_alt_name (const gnutls_datum_t - *, int seq, char *, - int *); + *, int seq, char *, + int *); int gnutls_x509_pkcs7_extract_certificate (const gnutls_datum_t * - pkcs7_struct, int indx, - char *certificate, - int *certificate_size); + pkcs7_struct, int indx, + char *certificate, + int *certificate_size); int gnutls_x509_extract_certificate_pk_algorithm (const gnutls_datum_t * - cert, int *bits); + cert, int *bits); int gnutls_x509_extract_certificate_ca_status (const gnutls_datum_t * cert); int gnutls_x509_extract_key_pk_algorithm (const gnutls_datum_t * key); int gnutls_x509_verify_certificate (const gnutls_datum_t * cert_list, - int cert_list_length, - const gnutls_datum_t * CA_list, - int CA_list_length, - const gnutls_datum_t * CRL_list, - int CRL_list_length); + int cert_list_length, + const gnutls_datum_t * CA_list, + int CA_list_length, + const gnutls_datum_t * CRL_list, + int CRL_list_length); #define gnutls_x509_fingerprint gnutls_fingerprint #define gnutls_x509_certificate_format gnutls_x509_crt_fmt_t @@ -1208,8 +1208,8 @@ refresh-po: INDENT_SOURCES ?= $(C_SOURCES) .PHONY: indent indent: - indent $(INDENT_SOURCES) - indent $(INDENT_SOURCES) + indent -nut $(INDENT_SOURCES) + indent -nut $(INDENT_SOURCES) # If you want to set UPDATE_COPYRIGHT_* environment variables, # put the assignments in this variable. diff --git a/src/benchmark.c b/src/benchmark.c index bd7ea7ce56..df96f533d2 100644 --- a/src/benchmark.c +++ b/src/benchmark.c @@ -29,7 +29,7 @@ #include <gnutls/crypto.h> #include <time.h> #include <signal.h> -#include "timespec.h" /* gnulib gettime */ +#include "timespec.h" /* gnulib gettime */ static unsigned char data[64 * 1024]; @@ -49,7 +49,7 @@ tls_log_func (int level, const char *str) static void value2human (double bytes, double time, double *data, double *speed, - char *metric) + char *metric) { if (bytes > 1000 && bytes < 1000 * 1000) { @@ -113,7 +113,7 @@ cipher_bench (int algo, int size) key.size = keysize; printf ("Checking %s (%dkb payload)... ", gnutls_cipher_get_name (algo), - size); + size); fflush (stdout); must_finish = 0; @@ -140,7 +140,7 @@ cipher_bench (int algo, int size) gettime (&stop); secs = (stop.tv_sec * 1000 + stop.tv_nsec / (1000 * 1000) - - (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000))); + (start.tv_sec * 1000 + start.tv_nsec / (1000 * 1000))); secs /= 1000; value2human (data_size, secs, &ddata, &dspeed, metric); diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index f9ed00d9bd..72038160bd 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -208,7 +208,7 @@ read_crt_set (gnutls_x509_crt_t crt, const char *input_str, const char *oid) if (fgets (input, sizeof (input), stdin) == NULL) return; - if (strlen (input) == 1) /* only newline */ + if (strlen (input) == 1) /* only newline */ return; ret = @@ -230,7 +230,7 @@ read_crq_set (gnutls_x509_crq_t crq, const char *input_str, const char *oid) if (fgets (input, sizeof (input), stdin) == NULL) return; - if (strlen (input) == 1) /* only newline */ + if (strlen (input) == 1) /* only newline */ return; ret = @@ -318,7 +318,7 @@ read_yesno (const char *input_str) if (fgets (input, sizeof (input), stdin) == NULL) return 0; - if (strlen (input) == 1) /* only newline */ + if (strlen (input) == 1) /* only newline */ return 0; if (input[0] == 'y' || input[0] == 'Y') @@ -350,16 +350,16 @@ get_confirmed_pass (bool empty_ok) char *copy = NULL; do - { - if (pass) - printf ("Password missmatch, try again.\n"); + { + if (pass) + printf ("Password missmatch, try again.\n"); - free (copy); + free (copy); - pass = getpass ("Enter password: "); - copy = strdup (pass); - pass = getpass ("Confirm password: "); - } + pass = getpass ("Enter password: "); + copy = strdup (pass); + pass = getpass ("Confirm password: "); + } while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0')); free (copy); @@ -394,21 +394,21 @@ get_country_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.country) - return; + return; ret = - gnutls_x509_crt_set_dn_by_oid (crt, - GNUTLS_OID_X520_COUNTRY_NAME, 0, - cfg.country, strlen (cfg.country)); + gnutls_x509_crt_set_dn_by_oid (crt, + GNUTLS_OID_X520_COUNTRY_NAME, 0, + cfg.country, strlen (cfg.country)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crt_set (crt, "Country name (2 chars): ", - GNUTLS_OID_X520_COUNTRY_NAME); + GNUTLS_OID_X520_COUNTRY_NAME); } } @@ -421,23 +421,23 @@ get_organization_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.organization) - return; + return; ret = - gnutls_x509_crt_set_dn_by_oid (crt, - GNUTLS_OID_X520_ORGANIZATION_NAME, - 0, cfg.organization, - strlen (cfg.organization)); + gnutls_x509_crt_set_dn_by_oid (crt, + GNUTLS_OID_X520_ORGANIZATION_NAME, + 0, cfg.organization, + strlen (cfg.organization)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crt_set (crt, "Organization name: ", - GNUTLS_OID_X520_ORGANIZATION_NAME); + GNUTLS_OID_X520_ORGANIZATION_NAME); } } @@ -450,22 +450,22 @@ get_unit_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.unit) - return; + return; ret = - gnutls_x509_crt_set_dn_by_oid (crt, - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, - 0, cfg.unit, strlen (cfg.unit)); + gnutls_x509_crt_set_dn_by_oid (crt, + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, + 0, cfg.unit, strlen (cfg.unit)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crt_set (crt, "Organizational unit name: ", - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); } } @@ -478,21 +478,21 @@ get_state_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.state) - return; + return; ret = - gnutls_x509_crt_set_dn_by_oid (crt, - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, - 0, cfg.state, strlen (cfg.state)); + gnutls_x509_crt_set_dn_by_oid (crt, + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, + 0, cfg.state, strlen (cfg.state)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crt_set (crt, "State or province name: ", - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); } } @@ -505,16 +505,16 @@ get_locality_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.locality) - return; + return; ret = - gnutls_x509_crt_set_dn_by_oid (crt, - GNUTLS_OID_X520_LOCALITY_NAME, 0, - cfg.locality, strlen (cfg.locality)); + gnutls_x509_crt_set_dn_by_oid (crt, + GNUTLS_OID_X520_LOCALITY_NAME, 0, + cfg.locality, strlen (cfg.locality)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -531,15 +531,15 @@ get_cn_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.cn) - return; + return; ret = - gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME, - 0, cfg.cn, strlen (cfg.cn)); + gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_X520_COMMON_NAME, + 0, cfg.cn, strlen (cfg.cn)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -556,14 +556,14 @@ get_uid_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.uid) - return; + return; ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_LDAP_UID, 0, - cfg.uid, strlen (cfg.uid)); + cfg.uid, strlen (cfg.uid)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -580,25 +580,25 @@ get_oid_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.dn_oid) - return; + return; for (i = 0; cfg.dn_oid[i] != NULL; i += 2) - { - if (cfg.dn_oid[i + 1] == NULL) - { - fprintf (stderr, "dn_oid: %s does not have an argument.\n", - cfg.dn_oid[i]); - exit (1); - } - ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0, - cfg.dn_oid[i + 1], - strlen (cfg.dn_oid[i + 1])); - - if (ret < 0) - { - fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret)); - exit (1); - } - } + { + if (cfg.dn_oid[i + 1] == NULL) + { + fprintf (stderr, "dn_oid: %s does not have an argument.\n", + cfg.dn_oid[i]); + exit (1); + } + ret = gnutls_x509_crt_set_dn_by_oid (crt, cfg.dn_oid[i], 0, + cfg.dn_oid[i + 1], + strlen (cfg.dn_oid[i + 1])); + + if (ret < 0) + { + fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret)); + exit (1); + } + } } } @@ -610,20 +610,20 @@ get_key_purpose_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.key_purpose_oids) - return; + return; for (i = 0; cfg.key_purpose_oids[i] != NULL; i++) - { - ret = - gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i], - 0); + { + ret = + gnutls_x509_crt_set_key_purpose_oid (crt, cfg.key_purpose_oids[i], + 0); - if (ret < 0) - { - fprintf (stderr, "set_key_purpose_oid (%s): %s\n", - cfg.key_purpose_oids[i], gnutls_strerror (ret)); - exit (1); - } - } + if (ret < 0) + { + fprintf (stderr, "set_key_purpose_oid (%s): %s\n", + cfg.key_purpose_oids[i], gnutls_strerror (ret)); + exit (1); + } + } } } @@ -637,15 +637,15 @@ get_pkcs9_email_crt_set (gnutls_x509_crt_t crt) if (batch) { if (!cfg.pkcs9_email) - return; + return; ret = gnutls_x509_crt_set_dn_by_oid (crt, GNUTLS_OID_PKCS9_EMAIL, 0, - cfg.pkcs9_email, - strlen (cfg.pkcs9_email)); + cfg.pkcs9_email, + strlen (cfg.pkcs9_email)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -662,14 +662,14 @@ get_serial (void) if (batch) { if (cfg.serial < 0) - return default_serial; + return default_serial; return cfg.serial; } else { return read_int_with_default - ("Enter the certificate's serial number in decimal (default: %u): ", - default_serial); + ("Enter the certificate's serial number in decimal (default: %u): ", + default_serial); } } @@ -681,16 +681,16 @@ get_days (void) if (batch) { if (cfg.expiration_days <= 0) - return 365; + return 365; else - return cfg.expiration_days; + return cfg.expiration_days; } else { do - { - days = read_int ("The certificate will expire in (days): "); - } + { + days = read_int ("The certificate will expire in (days): "); + } while (days == 0); return days; } @@ -706,7 +706,7 @@ get_ca_status (void) else { return - read_yesno ("Does the certificate belong to an authority? (y/N): "); + read_yesno ("Does the certificate belong to an authority? (y/N): "); } } @@ -720,8 +720,8 @@ get_crq_extensions_status (void) else { return - read_yesno - ("Do you want to honour the extensions from the request? (y/N): "); + read_yesno + ("Do you want to honour the extensions from the request? (y/N): "); } } @@ -748,7 +748,7 @@ get_path_len (void) else { return read_int_with_default - ("Path length constraint (decimal, %d for no constraint): ", -1); + ("Path length constraint (decimal, %d for no constraint): ", -1); } } @@ -760,15 +760,15 @@ get_pkcs12_key_name (void) if (batch) { if (!cfg.pkcs12_key_name) - return "Anonymous"; + return "Anonymous"; return cfg.pkcs12_key_name; } else { do - { - name = read_str ("Enter a name for the key: "); - } + { + name = read_str ("Enter a name for the key: "); + } while (name == NULL); } return name; @@ -797,7 +797,7 @@ get_tls_server_status (void) else { return - read_yesno ("Is this also a TLS web server certificate? (y/N): "); + read_yesno ("Is this also a TLS web server certificate? (y/N): "); } } @@ -814,26 +814,26 @@ string_to_ip (unsigned char *ip, const char *str) #if HAVE_IPV6 if (strchr (str, ':') != NULL || len > 16) - { /* IPv6 */ + { /* IPv6 */ ret = inet_pton (AF_INET6, str, ip); if (ret <= 0) - { - fprintf (stderr, "Error in IPv6 address %s\n", str); - exit (1); - } + { + fprintf (stderr, "Error in IPv6 address %s\n", str); + exit (1); + } /* To be done */ return 16; } else #endif - { /* IPv4 */ + { /* IPv4 */ ret = inet_pton (AF_INET, str, ip); if (ret <= 0) - { - fprintf (stderr, "Error in IPv4 address %s\n", str); - exit (1); - } + { + fprintf (stderr, "Error in IPv4 address %s\n", str); + exit (1); + } return 4; } @@ -850,56 +850,56 @@ get_ip_addr_set (int type, void *crt) if (batch) { if (!cfg.ip_addr) - return; + return; for (i = 0; cfg.ip_addr[i] != NULL; i++) - { - len = string_to_ip (ip, cfg.ip_addr[i]); - if (len <= 0) - { - fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]); - exit (1); - } - - if (type == TYPE_CRT) - ret = - gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, - ip, len, - GNUTLS_FSAN_APPEND); - else - ret = - gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, - ip, len, - GNUTLS_FSAN_APPEND); - - if (ret < 0) - break; - } + { + len = string_to_ip (ip, cfg.ip_addr[i]); + if (len <= 0) + { + fprintf (stderr, "Error parsing address: %s\n", cfg.ip_addr[i]); + exit (1); + } + + if (type == TYPE_CRT) + ret = + gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, + ip, len, + GNUTLS_FSAN_APPEND); + else + ret = + gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, + ip, len, + GNUTLS_FSAN_APPEND); + + if (ret < 0) + break; + } } else { const char *p; p = - read_str ("Enter the IP address of the subject of the certificate: "); + read_str ("Enter the IP address of the subject of the certificate: "); if (!p) - return; + return; len = string_to_ip (ip, p); if (len <= 0) - { - fprintf (stderr, "Error parsing address: %s\n", p); - exit (1); - } + { + fprintf (stderr, "Error parsing address: %s\n", p); + exit (1); + } if (type == TYPE_CRT) - ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, - ip, len, - GNUTLS_FSAN_APPEND); + ret = gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, + ip, len, + GNUTLS_FSAN_APPEND); else - ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, - ip, len, - GNUTLS_FSAN_APPEND); + ret = gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_IPADDRESS, + ip, len, + GNUTLS_FSAN_APPEND); } if (ret < 0) @@ -918,28 +918,28 @@ get_email_set (int type, void *crt) if (batch) { if (!cfg.email) - return; + return; for (i = 0; cfg.email[i] != NULL; i++) - { - if (type == TYPE_CRT) - ret = - gnutls_x509_crt_set_subject_alt_name (crt, - GNUTLS_SAN_RFC822NAME, - cfg.email[i], - strlen (cfg.email[i]), - GNUTLS_FSAN_APPEND); - else - ret = - gnutls_x509_crq_set_subject_alt_name (crt, - GNUTLS_SAN_RFC822NAME, - cfg.email[i], - strlen (cfg.email[i]), - GNUTLS_FSAN_APPEND); - - if (ret < 0) - break; - } + { + if (type == TYPE_CRT) + ret = + gnutls_x509_crt_set_subject_alt_name (crt, + GNUTLS_SAN_RFC822NAME, + cfg.email[i], + strlen (cfg.email[i]), + GNUTLS_FSAN_APPEND); + else + ret = + gnutls_x509_crq_set_subject_alt_name (crt, + GNUTLS_SAN_RFC822NAME, + cfg.email[i], + strlen (cfg.email[i]), + GNUTLS_FSAN_APPEND); + + if (ret < 0) + break; + } } else { @@ -947,18 +947,18 @@ get_email_set (int type, void *crt) p = read_str ("Enter the e-mail of the subject of the certificate: "); if (!p) - return; + return; if (type == TYPE_CRT) - ret = - gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p, - strlen (p), - GNUTLS_FSAN_APPEND); + ret = + gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p, + strlen (p), + GNUTLS_FSAN_APPEND); else - ret = - gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p, - strlen (p), - GNUTLS_FSAN_APPEND); + ret = + gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_RFC822NAME, p, + strlen (p), + GNUTLS_FSAN_APPEND); } if (ret < 0) @@ -976,45 +976,45 @@ get_dns_name_set (int type, void *crt) if (batch) { if (!cfg.dns_name) - return; + return; for (i = 0; cfg.dns_name[i] != NULL; i++) - { - if (type == TYPE_CRT) - ret = - gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME, - cfg.dns_name[i], - strlen (cfg.dns_name[i]), - GNUTLS_FSAN_APPEND); - else - ret = - gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME, - cfg.dns_name[i], - strlen (cfg.dns_name[i]), - GNUTLS_FSAN_APPEND); - - if (ret < 0) - break; - } + { + if (type == TYPE_CRT) + ret = + gnutls_x509_crt_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME, + cfg.dns_name[i], + strlen (cfg.dns_name[i]), + GNUTLS_FSAN_APPEND); + else + ret = + gnutls_x509_crq_set_subject_alt_name (crt, GNUTLS_SAN_DNSNAME, + cfg.dns_name[i], + strlen (cfg.dns_name[i]), + GNUTLS_FSAN_APPEND); + + if (ret < 0) + break; + } } else { const char *p; do - { - p = - read_str ("Enter a dnsName of the subject of the certificate: "); - if (!p) - return; - - if (type == TYPE_CRT) - ret = gnutls_x509_crt_set_subject_alt_name - (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND); - else - ret = gnutls_x509_crq_set_subject_alt_name - (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND); - } + { + p = + read_str ("Enter a dnsName of the subject of the certificate: "); + if (!p) + return; + + if (type == TYPE_CRT) + ret = gnutls_x509_crt_set_subject_alt_name + (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND); + else + ret = gnutls_x509_crq_set_subject_alt_name + (crt, GNUTLS_SAN_DNSNAME, p, strlen (p), GNUTLS_FSAN_APPEND); + } while (p); } @@ -1038,11 +1038,11 @@ get_sign_status (int server) else { if (server) - msg = - "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): "; + msg = + "Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (y/N): "; else - msg = - "Will the certificate be used for signing (required for TLS)? (y/N): "; + msg = + "Will the certificate be used for signing (required for TLS)? (y/N): "; return read_yesno (msg); } } @@ -1059,11 +1059,11 @@ get_encrypt_status (int server) else { if (server) - msg = - "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): "; + msg = + "Will the certificate be used for encryption (RSA ciphersuites)? (y/N): "; else - msg = - "Will the certificate be used for encryption (not required for TLS)? (y/N): "; + msg = + "Will the certificate be used for encryption (not required for TLS)? (y/N): "; return read_yesno (msg); } } @@ -1078,8 +1078,8 @@ get_cert_sign_status (void) else { return - read_yesno - ("Will the certificate be used to sign other certificates? (y/N): "); + read_yesno + ("Will the certificate be used to sign other certificates? (y/N): "); } } @@ -1093,7 +1093,7 @@ get_crl_sign_status (void) else { return - read_yesno ("Will the certificate be used to sign CRLs? (y/N): "); + read_yesno ("Will the certificate be used to sign CRLs? (y/N): "); } } @@ -1107,7 +1107,7 @@ get_code_sign_status (void) else { return - read_yesno ("Will the certificate be used to sign code? (y/N): "); + read_yesno ("Will the certificate be used to sign code? (y/N): "); } } @@ -1121,8 +1121,8 @@ get_ocsp_sign_status (void) else { return - read_yesno - ("Will the certificate be used to sign OCSP requests? (y/N): "); + read_yesno + ("Will the certificate be used to sign OCSP requests? (y/N): "); } } @@ -1136,8 +1136,8 @@ get_time_stamp_status (void) else { return - read_yesno - ("Will the certificate be used for time stamping? (y/N): "); + read_yesno + ("Will the certificate be used for time stamping? (y/N): "); } } @@ -1151,8 +1151,8 @@ get_ipsec_ike_status (void) else { return - read_yesno - ("Will the certificate be used for IPsec IKE operations? (y/N): "); + read_yesno + ("Will the certificate be used for IPsec IKE operations? (y/N): "); } } @@ -1164,16 +1164,16 @@ get_crl_next_update (void) if (batch) { if (cfg.crl_next_update <= 0) - return 365; + return 365; else - return cfg.crl_next_update; + return cfg.crl_next_update; } else { do - { - days = read_int ("The next CRL will be issued in (days): "); - } + { + days = read_int ("The next CRL will be issued in (days): "); + } while (days == 0); return days; } @@ -1188,14 +1188,14 @@ get_proxy_policy (char **policy, size_t * policylen) { ret = cfg.proxy_policy_language; if (!ret) - ret = "1.3.6.1.5.5.7.21.1"; + ret = "1.3.6.1.5.5.7.21.1"; } else { do - { - ret = read_str ("Enter the OID of the proxy policy language: "); - } + { + ret = read_str ("Enter the OID of the proxy policy language: "); + } while (ret == NULL); } @@ -1221,21 +1221,21 @@ get_country_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.country) - return; + return; ret = - gnutls_x509_crq_set_dn_by_oid (crq, - GNUTLS_OID_X520_COUNTRY_NAME, 0, - cfg.country, strlen (cfg.country)); + gnutls_x509_crq_set_dn_by_oid (crq, + GNUTLS_OID_X520_COUNTRY_NAME, 0, + cfg.country, strlen (cfg.country)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crq_set (crq, "Country name (2 chars): ", - GNUTLS_OID_X520_COUNTRY_NAME); + GNUTLS_OID_X520_COUNTRY_NAME); } } @@ -1248,23 +1248,23 @@ get_organization_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.organization) - return; + return; ret = - gnutls_x509_crq_set_dn_by_oid (crq, - GNUTLS_OID_X520_ORGANIZATION_NAME, - 0, cfg.organization, - strlen (cfg.organization)); + gnutls_x509_crq_set_dn_by_oid (crq, + GNUTLS_OID_X520_ORGANIZATION_NAME, + 0, cfg.organization, + strlen (cfg.organization)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crq_set (crq, "Organization name: ", - GNUTLS_OID_X520_ORGANIZATION_NAME); + GNUTLS_OID_X520_ORGANIZATION_NAME); } } @@ -1277,22 +1277,22 @@ get_unit_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.unit) - return; + return; ret = - gnutls_x509_crq_set_dn_by_oid (crq, - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, - 0, cfg.unit, strlen (cfg.unit)); + gnutls_x509_crq_set_dn_by_oid (crq, + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, + 0, cfg.unit, strlen (cfg.unit)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crq_set (crq, "Organizational unit name: ", - GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); + GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME); } } @@ -1305,21 +1305,21 @@ get_state_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.state) - return; + return; ret = - gnutls_x509_crq_set_dn_by_oid (crq, - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, - 0, cfg.state, strlen (cfg.state)); + gnutls_x509_crq_set_dn_by_oid (crq, + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, + 0, cfg.state, strlen (cfg.state)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { read_crq_set (crq, "State or province name: ", - GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); + GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME); } } @@ -1332,16 +1332,16 @@ get_locality_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.locality) - return; + return; ret = - gnutls_x509_crq_set_dn_by_oid (crq, - GNUTLS_OID_X520_LOCALITY_NAME, 0, - cfg.locality, strlen (cfg.locality)); + gnutls_x509_crq_set_dn_by_oid (crq, + GNUTLS_OID_X520_LOCALITY_NAME, 0, + cfg.locality, strlen (cfg.locality)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -1358,15 +1358,15 @@ get_cn_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.cn) - return; + return; ret = - gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, - 0, cfg.cn, strlen (cfg.cn)); + gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, + 0, cfg.cn, strlen (cfg.cn)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -1383,14 +1383,14 @@ get_uid_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.uid) - return; + return; ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_LDAP_UID, 0, - cfg.uid, strlen (cfg.uid)); + cfg.uid, strlen (cfg.uid)); if (ret < 0) - { - fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "set_dn: %s\n", gnutls_strerror (ret)); + exit (1); + } } else { @@ -1407,25 +1407,25 @@ get_oid_crq_set (gnutls_x509_crq_t crq) if (batch) { if (!cfg.dn_oid) - return; + return; for (i = 0; cfg.dn_oid[i] != NULL; i += 2) - { - if (cfg.dn_oid[i + 1] == NULL) - { - fprintf (stderr, "dn_oid: %s does not have an argument.\n", - cfg.dn_oid[i]); - exit (1); - } - ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0, - cfg.dn_oid[i + 1], - strlen (cfg.dn_oid[i + 1])); - - if (ret < 0) - { - fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret)); - exit (1); - } - } + { + if (cfg.dn_oid[i + 1] == NULL) + { + fprintf (stderr, "dn_oid: %s does not have an argument.\n", + cfg.dn_oid[i]); + exit (1); + } + ret = gnutls_x509_crq_set_dn_by_oid (crq, cfg.dn_oid[i], 0, + cfg.dn_oid[i + 1], + strlen (cfg.dn_oid[i + 1])); + + if (ret < 0) + { + fprintf (stderr, "set_dn_oid: %s\n", gnutls_strerror (ret)); + exit (1); + } + } } } diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 1def3a4b65..502dc7f88c 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -5,9 +5,9 @@ void cfg_init (void); int template_parse (const char *template); void read_crt_set (gnutls_x509_crt_t crt, const char *input_str, - const char *oid); + const char *oid); void read_crq_set (gnutls_x509_crq_t crq, const char *input_str, - const char *oid); + const char *oid); int read_int (const char *input_str); const char *read_str (const char *input_str); int read_yesno (const char *input_str); diff --git a/src/certtool-common.c b/src/certtool-common.c index 34706ff966..f3c6658167 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -86,9 +86,9 @@ load_secret_key (int mand, common_info_st * info) if (info->secret_key == NULL) { if (mand) - error (EXIT_FAILURE, 0, "missing --secret-key"); + error (EXIT_FAILURE, 0, "missing --secret-key"); else - return NULL; + return NULL; } hex_key.data = (char *) info->secret_key; @@ -135,8 +135,8 @@ load_private_key (int mand, common_info_st * info) { const char *pass = get_pass (); ret = - gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format, - pass, 0); + gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format, + pass, 0); } else ret = gnutls_x509_privkey_import (key, &dat, info->incert_format); @@ -146,13 +146,13 @@ load_private_key (int mand, common_info_st * info) if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { error (EXIT_FAILURE, 0, - "import error: could not find a valid PEM header; " - "check if your key is PKCS #8 or PKCS #12 encoded"); + "import error: could not find a valid PEM header; " + "check if your key is PKCS #8 or PKCS #12 encoded"); } if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s", - info->privkey, gnutls_strerror (ret)); + info->privkey, gnutls_strerror (ret)); return key; } @@ -193,9 +193,9 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info) if (info->cert == NULL) { if (mand) - error (EXIT_FAILURE, 0, "missing --load-certificate"); + error (EXIT_FAILURE, 0, "missing --load-certificate"); else - return NULL; + return NULL; } fd = fopen (info->cert, "r"); @@ -214,28 +214,28 @@ load_cert_list (int mand, size_t * crt_size, common_info_st * info) { ret = gnutls_x509_crt_init (&crt[i]); if (ret < 0) - error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret)); dat.data = ptr; dat.size = ptr_size; ret = gnutls_x509_crt_import (crt[i], &dat, info->incert_format); if (ret < 0 && *crt_size > 0) - break; + break; if (ret < 0) - error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "crt_import: %s", gnutls_strerror (ret)); ptr = strstr (ptr, "---END"); if (ptr == NULL) - break; + break; ptr++; ptr_size = size; ptr_size -= - (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer); + (unsigned int) ((unsigned char *) ptr - (unsigned char *) buffer); if (ptr_size < 0) - break; + break; (*crt_size)++; } @@ -271,13 +271,13 @@ load_request (common_info_st * info) if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { error (EXIT_FAILURE, 0, - "import error: could not find a valid PEM header"); + "import error: could not find a valid PEM header"); } free (dat.data); if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-request: %s: %s", - info->request, gnutls_strerror (ret)); + info->request, gnutls_strerror (ret)); return crq; } @@ -304,21 +304,21 @@ load_ca_private_key (common_info_st * info) if (!dat.data) error (EXIT_FAILURE, errno, "reading --load-ca-privkey: %s", - info->ca_privkey); + info->ca_privkey); if (info->pkcs8) { const char *pass = get_pass (); ret = - gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format, - pass, 0); + gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format, + pass, 0); } else ret = gnutls_x509_privkey_import (key, &dat, info->incert_format); free (dat.data); if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-ca-privkey: %s: %s", - info->ca_privkey, gnutls_strerror (ret)); + info->ca_privkey, gnutls_strerror (ret)); return key; } @@ -345,13 +345,13 @@ load_ca_cert (common_info_st * info) if (!dat.data) error (EXIT_FAILURE, errno, "reading --load-ca-certificate: %s", - info->ca); + info->ca); ret = gnutls_x509_crt_import (crt, &dat, info->incert_format); free (dat.data); if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-ca-certificate: %s: %s", - info->ca, gnutls_strerror (ret)); + info->ca, gnutls_strerror (ret)); return crt; } @@ -390,13 +390,13 @@ load_pubkey (int mand, common_info_st * info) if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { error (EXIT_FAILURE, 0, - "import error: could not find a valid PEM header; " - "check if your key has the PUBLIC KEY header"); + "import error: could not find a valid PEM header; " + "check if your key has the PUBLIC KEY header"); } if (ret < 0) error (EXIT_FAILURE, 0, "importing --load-pubkey: %s: %s", - info->pubkey, gnutls_strerror (ret)); + info->pubkey, gnutls_strerror (ret)); return key; } diff --git a/src/certtool-common.h b/src/certtool-common.h index ec75ad2d10..b9b77d5600 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -63,7 +63,7 @@ gnutls_x509_crt_t load_cert (int mand, common_info_st * info); gnutls_datum *load_secret_key (int mand, common_info_st * info); gnutls_pubkey_t load_pubkey (int mand, common_info_st * info); gnutls_x509_crt_t *load_cert_list (int mand, size_t * size, - common_info_st * info); + common_info_st * info); /* returns the bits specified in cmd */ int get_bits (gnutls_pk_algorithm_t); diff --git a/src/certtool.c b/src/certtool.c index 681a77ba55..a470f42377 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -71,7 +71,7 @@ static void gaa_parser (int argc, char **argv); void generate_self_signed (common_info_st *); void generate_request (common_info_st *); static void print_certificate_info (gnutls_x509_crt_t crt, FILE * out, - unsigned int all); + unsigned int all); static void print_hex_datum (gnutls_datum_t * dat); @@ -115,7 +115,7 @@ raw_to_string (const unsigned char *raw, size_t raw_size) for (i = 0; i < raw_size; i++) { sprintf (&(buf[i * 3]), "%02X%s", raw[i], - (i == raw_size - 1) ? "" : ":"); + (i == raw_size - 1) ? "" : ":"); } buf[sizeof (buf) - 1] = '\0'; @@ -124,7 +124,7 @@ raw_to_string (const unsigned char *raw, size_t raw_size) static void print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * g) + gnutls_datum_t * q, gnutls_datum_t * g) { if (x) { @@ -143,8 +143,8 @@ print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, static void print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, - gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t * exp1, gnutls_datum_t * exp2) + gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, + gnutls_datum_t * exp1, gnutls_datum_t * exp2) { fprintf (outfile, "modulus:"); print_hex_datum (m); @@ -161,12 +161,12 @@ print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, fprintf (outfile, "coefficient:"); print_hex_datum (u); if (exp1 && exp2) - { - fprintf (outfile, "exp1:"); - print_hex_datum (exp1); - fprintf (outfile, "exp2:"); - print_hex_datum (exp2); - } + { + fprintf (outfile, "exp1:"); + print_hex_datum (exp1); + fprintf (outfile, "exp2:"); + print_hex_datum (exp2); + } } } @@ -207,24 +207,24 @@ get_bits (gnutls_pk_algorithm_t key_type) static int warned = 0; if (warned == 0) - { - warned = 1; - fprintf (stderr, - "** Note: Please use the --sec-param instead of --bits\n"); - } + { + warned = 1; + fprintf (stderr, + "** Note: Please use the --sec-param instead of --bits\n"); + } bits = info.bits; } else { if (info.sec_param) - { - bits = - gnutls_sec_param_to_pk_bits (key_type, - str_to_sec_param (info.sec_param)); - } + { + bits = + gnutls_sec_param_to_pk_bits (key_type, + str_to_sec_param (info.sec_param)); + } else - bits = - gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL); + bits = + gnutls_sec_param_to_pk_bits (key_type, GNUTLS_SEC_PARAM_NORMAL); } return bits; @@ -251,12 +251,12 @@ generate_private_key_int (void) bits = get_bits (key_type); fprintf (stderr, "Generating a %d bit %s private key...\n", - get_bits (key_type), gnutls_pk_algorithm_get_name (key_type)); + get_bits (key_type), gnutls_pk_algorithm_get_name (key_type)); if (info.quick_random == 0) fprintf (stderr, - "This might take several minutes depending on availability of randomness" - " in /dev/random.\n"); + "This might take several minutes depending on availability of randomness" + " in /dev/random.\n"); ret = gnutls_x509_privkey_generate (key, key_type, get_bits (key_type), 0); if (ret < 0) @@ -315,9 +315,9 @@ print_private_key (gnutls_x509_privkey_t key) { size = buffer_size; ret = gnutls_x509_privkey_export (key, info.outcert_format, - buffer, &size); + buffer, &size); if (ret < 0) - error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "privkey_export: %s", gnutls_strerror (ret)); } else { @@ -325,20 +325,20 @@ print_private_key (gnutls_x509_privkey_t key) const char *pass; if (info.export) - flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; else - flags = cipher_to_flags (info.pkcs_cipher); + flags = cipher_to_flags (info.pkcs_cipher); if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0') - flags = GNUTLS_PKCS_PLAIN; + flags = GNUTLS_PKCS_PLAIN; size = buffer_size; ret = - gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass, - flags, buffer, &size); + gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, pass, + flags, buffer, &size); if (ret < 0) - error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s", - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "privkey_export_pkcs8: %s", + gnutls_strerror (ret)); } fwrite (buffer, 1, size, outfile); @@ -359,8 +359,8 @@ generate_private_key (void) static gnutls_x509_crt_t generate_certificate (gnutls_x509_privkey_t * ret_key, - gnutls_x509_crt_t ca_crt, int proxy, - common_info_st * cinfo) + gnutls_x509_crt_t ca_crt, int proxy, + common_info_st * cinfo) { gnutls_x509_crt_t crt; gnutls_x509_privkey_t key = NULL; @@ -370,7 +370,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, int days, result, ca_status = 0, is_ike = 0, path_len; int vers; unsigned int usage = 0, server; - gnutls_x509_crq_t crq; /* request */ + gnutls_x509_crq_t crq; /* request */ ret = gnutls_x509_crt_init (&crt); if (ret < 0) @@ -384,49 +384,49 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, key = load_private_key (1, cinfo); if (!batch) - fprintf (stderr, - "Please enter the details of the certificate's distinguished name. " - "Just press enter to ignore a field.\n"); + fprintf (stderr, + "Please enter the details of the certificate's distinguished name. " + "Just press enter to ignore a field.\n"); /* set the DN. */ if (proxy) - { - result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0); - if (result < 0) - error (EXIT_FAILURE, 0, "set_proxy_dn: %s", - gnutls_strerror (result)); - - get_cn_crt_set (crt); - } + { + result = gnutls_x509_crt_set_proxy_dn (crt, ca_crt, 0, NULL, 0); + if (result < 0) + error (EXIT_FAILURE, 0, "set_proxy_dn: %s", + gnutls_strerror (result)); + + get_cn_crt_set (crt); + } else - { - get_country_crt_set (crt); - get_organization_crt_set (crt); - get_unit_crt_set (crt); - get_locality_crt_set (crt); - get_state_crt_set (crt); - get_cn_crt_set (crt); - get_uid_crt_set (crt); - get_oid_crt_set (crt); - get_key_purpose_set (crt); - - if (!batch) - fprintf (stderr, - "This field should not be used in new certificates.\n"); - - get_pkcs9_email_crt_set (crt); - } + { + get_country_crt_set (crt); + get_organization_crt_set (crt); + get_unit_crt_set (crt); + get_locality_crt_set (crt); + get_state_crt_set (crt); + get_cn_crt_set (crt); + get_uid_crt_set (crt); + get_oid_crt_set (crt); + get_key_purpose_set (crt); + + if (!batch) + fprintf (stderr, + "This field should not be used in new certificates.\n"); + + get_pkcs9_email_crt_set (crt); + } result = gnutls_x509_crt_set_key (crt, key); if (result < 0) - error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "set_key: %s", gnutls_strerror (result)); } else { result = gnutls_x509_crt_set_crq (crt, crq); if (result < 0) - error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result)); } @@ -454,7 +454,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, result = gnutls_x509_crt_set_expiration_time (crt, - time (NULL) + days * 24 * 60 * 60); + time (NULL) + days * 24 * 60 * 60); if (result < 0) error (EXIT_FAILURE, 0, "set_expiration: %s", gnutls_strerror (result)); @@ -466,7 +466,7 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, { result = gnutls_x509_crt_set_crq_extensions (crt, crq); if (result < 0) - error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "set_crq: %s", gnutls_strerror (result)); } /* append additional extensions */ @@ -474,200 +474,200 @@ generate_certificate (gnutls_x509_privkey_t * ret_key, { if (proxy) - { - const char *policylanguage; - char *policy; - size_t policylen; - int proxypathlen = get_path_len (); - - if (!batch) - { - printf ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n"); - printf ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n"); - } - - policylanguage = get_proxy_policy (&policy, &policylen); - - result = - gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage, - policy, policylen); - if (result < 0) - error (EXIT_FAILURE, 0, "set_proxy: %s", - gnutls_strerror (result)); - } + { + const char *policylanguage; + char *policy; + size_t policylen; + int proxypathlen = get_path_len (); + + if (!batch) + { + printf ("1.3.6.1.5.5.7.21.1 ::= id-ppl-inheritALL\n"); + printf ("1.3.6.1.5.5.7.21.2 ::= id-ppl-independent\n"); + } + + policylanguage = get_proxy_policy (&policy, &policylen); + + result = + gnutls_x509_crt_set_proxy (crt, proxypathlen, policylanguage, + policy, policylen); + if (result < 0) + error (EXIT_FAILURE, 0, "set_proxy: %s", + gnutls_strerror (result)); + } if (!proxy) - ca_status = get_ca_status (); + ca_status = get_ca_status (); if (ca_status) - path_len = get_path_len (); + path_len = get_path_len (); else - path_len = -1; + path_len = -1; result = - gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len); + gnutls_x509_crt_set_basic_constraints (crt, ca_status, path_len); if (result < 0) - error (EXIT_FAILURE, 0, "basic_constraints: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "basic_constraints: %s", + gnutls_strerror (result)); client = get_tls_client_status (); if (client != 0) - { - result = gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_TLS_WWW_CLIENT, - 0); - if (result < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result)); - } + { + result = gnutls_x509_crt_set_key_purpose_oid (crt, + GNUTLS_KP_TLS_WWW_CLIENT, + 0); + if (result < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result)); + } is_ike = get_ipsec_ike_status (); server = get_tls_server_status (); if ((server != 0 && !proxy) || is_ike) - { - get_dns_name_set (TYPE_CRT, crt); - get_ip_addr_set (TYPE_CRT, crt); - } + { + get_dns_name_set (TYPE_CRT, crt); + get_ip_addr_set (TYPE_CRT, crt); + } if (server != 0) - { - result = 0; - - result = - gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_TLS_WWW_SERVER, 0); - if (result < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result)); - } + { + result = 0; + + result = + gnutls_x509_crt_set_key_purpose_oid (crt, + GNUTLS_KP_TLS_WWW_SERVER, 0); + if (result < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (result)); + } else if (!proxy) - { - get_email_set (TYPE_CRT, crt); - } + { + get_email_set (TYPE_CRT, crt); + } if (!ca_status || server) - { - int pk; - - - pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL); - - if (pk != GNUTLS_PK_DSA) - { /* DSA keys can only sign. - */ - result = get_sign_status (server); - if (result) - usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; - - result = get_encrypt_status (server); - if (result) - usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; - } - else - usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; - - if (is_ike) - { - result = - gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_IPSEC_IKE, 0); - if (result < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", - gnutls_strerror (result)); - } - } + { + int pk; + + + pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL); + + if (pk != GNUTLS_PK_DSA) + { /* DSA keys can only sign. + */ + result = get_sign_status (server); + if (result) + usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; + + result = get_encrypt_status (server); + if (result) + usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; + } + else + usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; + + if (is_ike) + { + result = + gnutls_x509_crt_set_key_purpose_oid (crt, + GNUTLS_KP_IPSEC_IKE, 0); + if (result < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", + gnutls_strerror (result)); + } + } if (ca_status) - { - result = get_cert_sign_status (); - if (result) - usage |= GNUTLS_KEY_KEY_CERT_SIGN; - - result = get_crl_sign_status (); - if (result) - usage |= GNUTLS_KEY_CRL_SIGN; - - result = get_code_sign_status (); - if (result) - { - result = - gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_CODE_SIGNING, - 0); - if (result < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", - gnutls_strerror (result)); - } - - result = get_ocsp_sign_status (); - if (result) - { - result = - gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_OCSP_SIGNING, - 0); - if (result < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", - gnutls_strerror (result)); - } - - result = get_time_stamp_status (); - if (result) - { - result = - gnutls_x509_crt_set_key_purpose_oid (crt, - GNUTLS_KP_TIME_STAMPING, - 0); - if (result < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", - gnutls_strerror (result)); - } - } + { + result = get_cert_sign_status (); + if (result) + usage |= GNUTLS_KEY_KEY_CERT_SIGN; + + result = get_crl_sign_status (); + if (result) + usage |= GNUTLS_KEY_CRL_SIGN; + + result = get_code_sign_status (); + if (result) + { + result = + gnutls_x509_crt_set_key_purpose_oid (crt, + GNUTLS_KP_CODE_SIGNING, + 0); + if (result < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", + gnutls_strerror (result)); + } + + result = get_ocsp_sign_status (); + if (result) + { + result = + gnutls_x509_crt_set_key_purpose_oid (crt, + GNUTLS_KP_OCSP_SIGNING, + 0); + if (result < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", + gnutls_strerror (result)); + } + + result = get_time_stamp_status (); + if (result) + { + result = + gnutls_x509_crt_set_key_purpose_oid (crt, + GNUTLS_KP_TIME_STAMPING, + 0); + if (result < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", + gnutls_strerror (result)); + } + } if (usage != 0) - { - /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is - set, then either digitalSignature or the nonRepudiation bits in the - KeyUsage extension MUST for all IKE certs */ - if (is_ike && (get_sign_status (server) != 1)) - usage |= GNUTLS_KEY_NON_REPUDIATION; - result = gnutls_x509_crt_set_key_usage (crt, usage); - if (result < 0) - error (EXIT_FAILURE, 0, "key_usage: %s", - gnutls_strerror (result)); - } + { + /* http://tools.ietf.org/html/rfc4945#section-5.1.3.2: if any KU is + set, then either digitalSignature or the nonRepudiation bits in the + KeyUsage extension MUST for all IKE certs */ + if (is_ike && (get_sign_status (server) != 1)) + usage |= GNUTLS_KEY_NON_REPUDIATION; + result = gnutls_x509_crt_set_key_usage (crt, usage); + if (result < 0) + error (EXIT_FAILURE, 0, "key_usage: %s", + gnutls_strerror (result)); + } /* Subject Key ID. */ size = buffer_size; result = gnutls_x509_crt_get_key_id (crt, 0, buffer, &size); if (result >= 0) - { - result = gnutls_x509_crt_set_subject_key_id (crt, buffer, size); - if (result < 0) - error (EXIT_FAILURE, 0, "set_subject_key_id: %s", - gnutls_strerror (result)); - } + { + result = gnutls_x509_crt_set_subject_key_id (crt, buffer, size); + if (result < 0) + error (EXIT_FAILURE, 0, "set_subject_key_id: %s", + gnutls_strerror (result)); + } /* Authority Key ID. */ if (ca_crt != NULL) - { - size = buffer_size; - result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer, - &size, NULL); - if (result < 0) - { - size = buffer_size; - result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size); - } - if (result >= 0) - { - result = - gnutls_x509_crt_set_authority_key_id (crt, buffer, size); - if (result < 0) - error (EXIT_FAILURE, 0, "set_authority_key_id: %s", - gnutls_strerror (result)); - } - } + { + size = buffer_size; + result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer, + &size, NULL); + if (result < 0) + { + size = buffer_size; + result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size); + } + if (result >= 0) + { + result = + gnutls_x509_crt_set_authority_key_id (crt, buffer, size); + if (result < 0) + error (EXIT_FAILURE, 0, "set_authority_key_id: %s", + gnutls_strerror (result)); + } + } } /* Version. @@ -705,7 +705,7 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo) { result = gnutls_x509_crl_set_crt (crl, crts[i], now); if (result < 0) - error (EXIT_FAILURE, 0, "crl_set_crt: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "crl_set_crt: %s", gnutls_strerror (result)); } result = gnutls_x509_crl_set_this_update (crl, now); @@ -729,19 +729,19 @@ generate_crl (gnutls_x509_crt_t ca_crt, common_info_st * cinfo) { size = buffer_size; result = gnutls_x509_crt_get_subject_key_id (ca_crt, buffer, - &size, NULL); + &size, NULL); if (result < 0) - { - size = buffer_size; - result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size); - } + { + size = buffer_size; + result = gnutls_x509_crt_get_key_id (ca_crt, 0, buffer, &size); + } if (result >= 0) - { - result = gnutls_x509_crl_set_authority_key_id (crl, buffer, size); - if (result < 0) - error (EXIT_FAILURE, 0, "set_authority_key_id: %s", - gnutls_strerror (result)); - } + { + result = gnutls_x509_crl_set_authority_key_id (crl, buffer, size); + if (result < 0) + error (EXIT_FAILURE, 0, "set_authority_key_id: %s", + gnutls_strerror (result)); + } } { @@ -773,7 +773,7 @@ get_dig (gnutls_x509_crt crt) if (result < 0) { error (EXIT_FAILURE, 0, "crl_preferred_hash_algorithm: %s", - gnutls_strerror (result)); + gnutls_strerror (result)); } /* if algorithm allows alternatives */ @@ -803,11 +803,11 @@ generate_self_signed (common_info_st * cinfo) if (uri) { result = gnutls_x509_crt_set_crl_dist_points (crt, GNUTLS_SAN_URI, - uri, - 0 /* all reasons */ ); + uri, + 0 /* all reasons */ ); if (result < 0) - error (EXIT_FAILURE, 0, "crl_dist_points: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "crl_dist_points: %s", + gnutls_strerror (result)); } print_certificate_info (crt, stderr, 0); @@ -982,7 +982,7 @@ gaa_parser (int argc, char **argv) if (gaa (argc, argv, &info) != -1) { fprintf (stderr, "Try `%s --help' for more information.\n", - program_name); + program_name); exit (1); } @@ -990,7 +990,7 @@ gaa_parser (int argc, char **argv) { outfile = safe_open_rw (info.outfile, info.privkey_op); if (outfile == NULL) - error (EXIT_FAILURE, errno, "%s", info.outfile); + error (EXIT_FAILURE, errno, "%s", info.outfile); } else outfile = stdout; @@ -999,7 +999,7 @@ gaa_parser (int argc, char **argv) { infile = fopen (info.infile, "rb"); if (infile == NULL) - error (EXIT_FAILURE, errno, "%s", info.infile); + error (EXIT_FAILURE, errno, "%s", info.infile); } else infile = stdin; @@ -1018,25 +1018,25 @@ gaa_parser (int argc, char **argv) if (info.hash != NULL) { if (strcasecmp (info.hash, "md5") == 0) - { - fprintf (stderr, - "Warning: MD5 is broken, and should not be used any more for digital signatures.\n"); - default_dig = GNUTLS_DIG_MD5; - } + { + fprintf (stderr, + "Warning: MD5 is broken, and should not be used any more for digital signatures.\n"); + default_dig = GNUTLS_DIG_MD5; + } else if (strcasecmp (info.hash, "sha1") == 0) - default_dig = GNUTLS_DIG_SHA1; + default_dig = GNUTLS_DIG_SHA1; else if (strcasecmp (info.hash, "sha256") == 0) - default_dig = GNUTLS_DIG_SHA256; + default_dig = GNUTLS_DIG_SHA256; else if (strcasecmp (info.hash, "sha224") == 0) - default_dig = GNUTLS_DIG_SHA224; + default_dig = GNUTLS_DIG_SHA224; else if (strcasecmp (info.hash, "sha384") == 0) - default_dig = GNUTLS_DIG_SHA384; + default_dig = GNUTLS_DIG_SHA384; else if (strcasecmp (info.hash, "sha512") == 0) - default_dig = GNUTLS_DIG_SHA512; + default_dig = GNUTLS_DIG_SHA512; else if (strcasecmp (info.hash, "rmd160") == 0) - default_dig = GNUTLS_DIG_RMD160; + default_dig = GNUTLS_DIG_RMD160; else - error (EXIT_FAILURE, 0, "invalid hash: %s", info.hash); + error (EXIT_FAILURE, 0, "invalid hash: %s", info.hash); } batch = 0; @@ -1172,14 +1172,14 @@ certificate_info (int pubkey, common_info_st * cinfo) crt_num = MAX_CRTS; ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem, info.incert_format, - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { error (0, 0, "too many certificates (%d); " - "will only read the first %d", crt_num, MAX_CRTS); + "will only read the first %d", crt_num, MAX_CRTS); crt_num = MAX_CRTS; ret = gnutls_x509_crt_list_import (crt, &crt_num, &pem, - info.incert_format, 0); + info.incert_format, 0); } if (ret < 0) error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret)); @@ -1191,28 +1191,28 @@ certificate_info (int pubkey, common_info_st * cinfo) if (count > 1 && info.outcert_format == GNUTLS_X509_FMT_DER) { error (0, 0, "cannot output multiple certificates in DER format; " - "using PEM instead"); + "using PEM instead"); info.outcert_format = GNUTLS_X509_FMT_PEM; } for (i = 0; i < count; i++) { if (i > 0) - fprintf (outfile, "\n"); + fprintf (outfile, "\n"); if (info.outcert_format == GNUTLS_X509_FMT_PEM) - print_certificate_info (crt[i], outfile, 1); + print_certificate_info (crt[i], outfile, 1); size = buffer_size; ret = gnutls_x509_crt_export (crt[i], info.outcert_format, buffer, - &size); + &size); if (ret < 0) - error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); fwrite (buffer, 1, size, outfile); if (pubkey) - pubkey_info (crt[i], cinfo); + pubkey_info (crt[i], cinfo); gnutls_x509_crt_deinit (crt[i]); } @@ -1248,10 +1248,10 @@ pgp_certificate_info (void) ret = gnutls_openpgp_crt_print (crt, 0, &out_data); if (ret == 0) - { - fprintf (outfile, "%s\n", out_data.data); - gnutls_free (out_data.data); - } + { + fprintf (outfile, "%s\n", out_data.data); + gnutls_free (out_data.data); + } } @@ -1259,7 +1259,7 @@ pgp_certificate_info (void) if (ret < 0) { error (EXIT_FAILURE, 0, "verify signature error: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); } if (verify_status & GNUTLS_CERT_INVALID) @@ -1269,7 +1269,7 @@ pgp_certificate_info (void) else { fprintf (outfile, "Self Signature verification: ok (%x)\n\n", - verify_status); + verify_status); } size = buffer_size; @@ -1303,7 +1303,7 @@ pgp_privkey_info (void) pem.size = size; ret = gnutls_openpgp_privkey_import (key, &pem, info.incert_format, - NULL, 0); + NULL, 0); if (ret < 0) error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret)); @@ -1313,92 +1313,92 @@ pgp_privkey_info (void) subkeys = gnutls_openpgp_privkey_get_subkey_count (key); if (subkeys < 0) error (EXIT_FAILURE, 0, "privkey_get_subkey_count: %s", - gnutls_strerror (subkeys)); + gnutls_strerror (subkeys)); for (i = -1; i < subkeys; i++) { if (i != -1) - fprintf (outfile, "Subkey[%d]:\n", i); + fprintf (outfile, "Subkey[%d]:\n", i); fprintf (outfile, "Public Key Info:\n"); if (i == -1) - ret = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); + ret = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL); else - ret = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL); + ret = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL); fprintf (outfile, "\tPublic Key Algorithm: "); cprint = gnutls_pk_algorithm_get_name (ret); fprintf (outfile, "%s\n", cprint ? cprint : "Unknown"); fprintf (outfile, "\tKey Security Level: %s\n", - gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param - (key))); + gnutls_sec_param_get_name (gnutls_openpgp_privkey_sec_param + (key))); /* Print the raw public and private keys */ if (ret == GNUTLS_PK_RSA) - { - gnutls_datum_t m, e, d, p, q, u; - - if (i == -1) - ret = - gnutls_openpgp_privkey_export_rsa_raw (key, &m, &e, &d, &p, - &q, &u); - else - ret = - gnutls_openpgp_privkey_export_subkey_rsa_raw (key, i, &m, - &e, &d, &p, - &q, &u); - if (ret < 0) - fprintf (stderr, "Error in key RSA data export: %s\n", - gnutls_strerror (ret)); - else - print_rsa_pkey (&m, &e, &d, &p, &q, &u, NULL, NULL); - - } + { + gnutls_datum_t m, e, d, p, q, u; + + if (i == -1) + ret = + gnutls_openpgp_privkey_export_rsa_raw (key, &m, &e, &d, &p, + &q, &u); + else + ret = + gnutls_openpgp_privkey_export_subkey_rsa_raw (key, i, &m, + &e, &d, &p, + &q, &u); + if (ret < 0) + fprintf (stderr, "Error in key RSA data export: %s\n", + gnutls_strerror (ret)); + else + print_rsa_pkey (&m, &e, &d, &p, &q, &u, NULL, NULL); + + } else if (ret == GNUTLS_PK_DSA) - { - gnutls_datum_t p, q, g, y, x; - - if (i == -1) - ret = - gnutls_openpgp_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); - else - ret = - gnutls_openpgp_privkey_export_subkey_dsa_raw (key, i, &p, - &q, &g, &y, &x); - if (ret < 0) - fprintf (stderr, "Error in key DSA data export: %s\n", - gnutls_strerror (ret)); - else - print_dsa_pkey (&x, &y, &p, &q, &g); - } + { + gnutls_datum_t p, q, g, y, x; + + if (i == -1) + ret = + gnutls_openpgp_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); + else + ret = + gnutls_openpgp_privkey_export_subkey_dsa_raw (key, i, &p, + &q, &g, &y, &x); + if (ret < 0) + fprintf (stderr, "Error in key DSA data export: %s\n", + gnutls_strerror (ret)); + else + print_dsa_pkey (&x, &y, &p, &q, &g); + } fprintf (outfile, "\n"); size = buffer_size; if (i == -1) - ret = gnutls_openpgp_privkey_get_key_id (key, keyid); + ret = gnutls_openpgp_privkey_get_key_id (key, keyid); else - ret = gnutls_openpgp_privkey_get_subkey_id (key, i, keyid); + ret = gnutls_openpgp_privkey_get_subkey_id (key, i, keyid); if (ret < 0) - { - fprintf (stderr, "Error in key id calculation: %s\n", - gnutls_strerror (ret)); - } + { + fprintf (stderr, "Error in key id calculation: %s\n", + gnutls_strerror (ret)); + } else - { - fprintf (outfile, "Public Key ID: %s\n", raw_to_string (keyid, 8)); - } + { + fprintf (outfile, "Public Key ID: %s\n", raw_to_string (keyid, 8)); + } } size = buffer_size; ret = gnutls_openpgp_privkey_export (key, GNUTLS_OPENPGP_FMT_BASE64, - NULL, 0, buffer, &size); + NULL, 0, buffer, &size); if (ret < 0) error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); @@ -1422,7 +1422,7 @@ pgp_ring_info (void) ret = gnutls_openpgp_keyring_init (&ring); if (ret < 0) error (EXIT_FAILURE, 0, "openpgp_keyring_init: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); ret = gnutls_openpgp_keyring_import (ring, &pem, info.incert_format); @@ -1441,13 +1441,13 @@ pgp_ring_info (void) { ret = gnutls_openpgp_keyring_get_crt (ring, i, &crt); if (ret < 0) - error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); size = buffer_size; ret = gnutls_openpgp_crt_export (crt, info.outcert_format, - buffer, &size); + buffer, &size); if (ret < 0) - error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "export error: %s", gnutls_strerror (ret)); fwrite (buffer, 1, size, outfile); fprintf (outfile, "\n\n"); @@ -1473,7 +1473,7 @@ print_hex_datum (gnutls_datum_t * dat) { fprintf (outfile, "%.2x:", (unsigned char) dat->data[j]); if ((j + 1) % 15 == 0) - fprintf (outfile, "\n" SPACE); + fprintf (outfile, "\n" SPACE); } fprintf (outfile, "\n"); } @@ -1495,10 +1495,10 @@ print_certificate_info (gnutls_x509_crt_t crt, FILE * out, unsigned int all) gnutls_free (cinfo.data); } - if (out == stderr && batch == 0) /* interactive */ + if (out == stderr && batch == 0) /* interactive */ if (read_yesno ("Is the above information ok? (y/N): ") == 0) { - exit (1); + exit (1); } } @@ -1542,7 +1542,7 @@ crl_info (void) if (!pem.data) error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile : - "standard input"); + "standard input"); ret = gnutls_x509_crl_import (crl, &pem, info.incert_format); @@ -1566,7 +1566,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out) { ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &cinfo); if (ret < 0) - error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret)); fprintf (out, "%s\n", cinfo.data); @@ -1598,7 +1598,7 @@ crq_info (void) if (!pem.data) error (EXIT_FAILURE, errno, "%s", info.infile ? info.infile : - "standard input"); + "standard input"); ret = gnutls_x509_crq_import (crq, &pem, info.incert_format); @@ -1637,11 +1637,11 @@ privkey_info (void) if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) { if (info.pass) - pass = info.pass; + pass = info.pass; else - pass = get_pass (); + pass = get_pass (); ret = gnutls_x509_privkey_import_pkcs8 (key, &pem, - info.incert_format, pass, 0); + info.incert_format, pass, 0); } if (ret < 0) error (EXIT_FAILURE, 0, "import error: %s", gnutls_strerror (ret)); @@ -1655,7 +1655,7 @@ privkey_info (void) cprint = gnutls_pk_algorithm_get_name (ret); fprintf (outfile, "%s\n", cprint ? cprint : "Unknown"); fprintf (outfile, "\tKey Security Level: %s\n", - gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key))); + gnutls_sec_param_get_name (gnutls_x509_privkey_sec_param (key))); /* Print the raw public and private keys */ @@ -1664,23 +1664,23 @@ privkey_info (void) gnutls_datum_t m, e, d, p, q, u, exp1, exp2; ret = - gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u, - &exp1, &exp2); + gnutls_x509_privkey_export_rsa_raw2 (key, &m, &e, &d, &p, &q, &u, + &exp1, &exp2); if (ret < 0) - fprintf (stderr, "Error in key RSA data export: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "Error in key RSA data export: %s\n", + gnutls_strerror (ret)); else - { - print_rsa_pkey (&m, &e, &d, &p, &q, &u, &exp1, &exp2); - gnutls_free (m.data); - gnutls_free (e.data); - gnutls_free (d.data); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (u.data); - gnutls_free (exp1.data); - gnutls_free (exp2.data); - } + { + print_rsa_pkey (&m, &e, &d, &p, &q, &u, &exp1, &exp2); + gnutls_free (m.data); + gnutls_free (e.data); + gnutls_free (d.data); + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (u.data); + gnutls_free (exp1.data); + gnutls_free (exp2.data); + } } else if (ret == GNUTLS_PK_DSA) { @@ -1688,17 +1688,17 @@ privkey_info (void) ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); if (ret < 0) - fprintf (stderr, "Error in key DSA data export: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "Error in key DSA data export: %s\n", + gnutls_strerror (ret)); else - { - print_dsa_pkey (&x, &y, &p, &q, &g); - gnutls_free (x.data); - gnutls_free (y.data); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - } + { + print_dsa_pkey (&x, &y, &p, &q, &g); + gnutls_free (x.data); + gnutls_free (y.data); + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + } } fprintf (outfile, "\n"); @@ -1707,7 +1707,7 @@ privkey_info (void) if ((ret = gnutls_x509_privkey_get_key_id (key, 0, buffer, &size)) < 0) { fprintf (stderr, "Error in key id calculation: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); } else { @@ -1718,7 +1718,7 @@ privkey_info (void) { ret = gnutls_x509_privkey_fix (key); if (ret < 0) - error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "privkey_fix: %s", gnutls_strerror (ret)); } size = buffer_size; @@ -1780,100 +1780,100 @@ generate_request (common_info_st * cinfo) { ret = gnutls_x509_crq_set_challenge_password (crq, pass); if (ret < 0) - error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "set_pass: %s", gnutls_strerror (ret)); } if (info.crq_extensions != 0) { ca_status = get_ca_status (); if (ca_status) - path_len = get_path_len (); + path_len = get_path_len (); else - path_len = -1; + path_len = -1; ret = gnutls_x509_crq_set_basic_constraints (crq, ca_status, path_len); if (ret < 0) - error (EXIT_FAILURE, 0, "set_basic_constraints: %s", - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "set_basic_constraints: %s", + gnutls_strerror (ret)); ret = get_sign_status (1); if (ret) - usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; + usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; ret = get_encrypt_status (1); if (ret) - usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; + usage |= GNUTLS_KEY_KEY_ENCIPHERMENT; else - usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; + usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; if (ca_status) - { - ret = get_cert_sign_status (); - if (ret) - usage |= GNUTLS_KEY_KEY_CERT_SIGN; - - ret = get_crl_sign_status (); - if (ret) - usage |= GNUTLS_KEY_CRL_SIGN; - - ret = get_code_sign_status (); - if (ret) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_CODE_SIGNING, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } - - ret = get_ocsp_sign_status (); - if (ret) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_OCSP_SIGNING, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } - - ret = get_time_stamp_status (); - if (ret) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_TIME_STAMPING, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } - - ret = get_ipsec_ike_status (); - if (ret) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_IPSEC_IKE, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } - } + { + ret = get_cert_sign_status (); + if (ret) + usage |= GNUTLS_KEY_KEY_CERT_SIGN; + + ret = get_crl_sign_status (); + if (ret) + usage |= GNUTLS_KEY_CRL_SIGN; + + ret = get_code_sign_status (); + if (ret) + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_CODE_SIGNING, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } + + ret = get_ocsp_sign_status (); + if (ret) + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_OCSP_SIGNING, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } + + ret = get_time_stamp_status (); + if (ret) + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_TIME_STAMPING, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } + + ret = get_ipsec_ike_status (); + if (ret) + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_IPSEC_IKE, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } + } ret = gnutls_x509_crq_set_key_usage (crq, usage); if (ret < 0) - error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "key_usage: %s", gnutls_strerror (ret)); ret = get_tls_client_status (); if (ret != 0) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_TLS_WWW_CLIENT, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } ret = get_tls_server_status (); if (ret != 0) - { - ret = gnutls_x509_crq_set_key_purpose_oid - (crq, GNUTLS_KP_TLS_WWW_SERVER, 0); - if (ret < 0) - error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); - } + { + ret = gnutls_x509_crq_set_key_purpose_oid + (crq, GNUTLS_KP_TLS_WWW_SERVER, 0); + if (ret < 0) + error (EXIT_FAILURE, 0, "key_kp: %s", gnutls_strerror (ret)); + } } ret = gnutls_x509_crq_set_key (crq, key); @@ -1892,9 +1892,9 @@ generate_request (common_info_st * cinfo) } static void print_verification_res (gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_x509_crl_t * crl_list, - int crl_list_size, unsigned int flags); + gnutls_x509_crt_t issuer, + gnutls_x509_crl_t * crl_list, + int crl_list_size, unsigned int flags); #define CERT_SEP "-----BEGIN CERT" #define CRL_SEP "-----BEGIN X509 CRL" @@ -1922,37 +1922,37 @@ _verify_x509_mem (const void *cert, int cert_size) i = 1; - if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */ + if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */ do { - x509_crl_list = - (gnutls_x509_crl_t *) realloc (x509_crl_list, - i * sizeof (gnutls_x509_crl_t)); - if (x509_crl_list == NULL) - error (EXIT_FAILURE, 0, "memory error"); - - tmp.data = (char *) ptr; - tmp.size = cert_size; - tmp.size -= - (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert); - - ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]); - if (ret < 0) - error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i, - gnutls_strerror (ret)); - - ret = gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp, - GNUTLS_X509_FMT_PEM); - if (ret < 0) - error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i, - gnutls_strerror (ret)); - - /* now we move ptr after the pem header */ - ptr = strstr (ptr, CRL_SEP); - if (ptr != NULL) - ptr++; - - i++; + x509_crl_list = + (gnutls_x509_crl_t *) realloc (x509_crl_list, + i * sizeof (gnutls_x509_crl_t)); + if (x509_crl_list == NULL) + error (EXIT_FAILURE, 0, "memory error"); + + tmp.data = (char *) ptr; + tmp.size = cert_size; + tmp.size -= + (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert); + + ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]); + if (ret < 0) + error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i, + gnutls_strerror (ret)); + + ret = gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + error (EXIT_FAILURE, 0, "error parsing CRL[%d]: %s", i, + gnutls_strerror (ret)); + + /* now we move ptr after the pem header */ + ptr = strstr (ptr, CRL_SEP); + if (ptr != NULL) + ptr++; + + i++; } while ((ptr = strstr (ptr, CRL_SEP)) != NULL); @@ -1968,88 +1968,88 @@ _verify_x509_mem (const void *cert, int cert_size) do { x509_cert_list = - (gnutls_x509_crt_t *) realloc (x509_cert_list, - i * sizeof (gnutls_x509_crt_t)); + (gnutls_x509_crt_t *) realloc (x509_cert_list, + i * sizeof (gnutls_x509_crt_t)); if (x509_cert_list == NULL) - error (EXIT_FAILURE, 0, "memory error"); + error (EXIT_FAILURE, 0, "memory error"); tmp.data = (char *) ptr; tmp.size = cert_size; tmp.size -= - (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert); + (unsigned int) ((unsigned char *) ptr - (unsigned char *) cert); ret = gnutls_x509_crt_init (&x509_cert_list[i - 1]); if (ret < 0) - error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i, - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i, + gnutls_strerror (ret)); ret = - gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp, - GNUTLS_X509_FMT_PEM); + gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp, + GNUTLS_X509_FMT_PEM); if (ret < 0) - error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i, - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "error parsing certificate[%d]: %s", i, + gnutls_strerror (ret)); if (i - 1 != 0) - { - /* verify the previous certificate using this one - * as CA. - */ - - name_size = sizeof (name); - ret = - gnutls_x509_crt_get_dn (x509_cert_list[i - 2], name, &name_size); - if (ret < 0) - error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret)); - - fprintf (outfile, "Certificate[%d]: %s\n", i - 2, name); - - /* print issuer - */ - issuer_name_size = sizeof (issuer_name); - ret = - gnutls_x509_crt_get_issuer_dn (x509_cert_list[i - 2], - issuer_name, &issuer_name_size); - if (ret < 0) - error (EXIT_FAILURE, 0, "get_issuer_dn: %s", - gnutls_strerror (ret)); - - fprintf (outfile, "\tIssued by: %s\n", issuer_name); - - /* Get the Issuer's name - */ - name_size = sizeof (name); - ret = - gnutls_x509_crt_get_dn (x509_cert_list[i - 1], name, &name_size); - if (ret < 0) - error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret)); - - fprintf (outfile, "\tVerifying against certificate[%d].\n", i - 1); - - if (strcmp (issuer_name, name) != 0) - { - fprintf (stderr, "Error: Issuer's name: %s\n", name); - error (EXIT_FAILURE, 0, - "issuer name does not match the next certificate"); - } - - fprintf (outfile, "\tVerification output: "); - print_verification_res (x509_cert_list[i - 2], - x509_cert_list[i - 1], x509_crl_list, - x509_ncrls, - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME); - fprintf (outfile, ".\n\n"); - - } + { + /* verify the previous certificate using this one + * as CA. + */ + + name_size = sizeof (name); + ret = + gnutls_x509_crt_get_dn (x509_cert_list[i - 2], name, &name_size); + if (ret < 0) + error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret)); + + fprintf (outfile, "Certificate[%d]: %s\n", i - 2, name); + + /* print issuer + */ + issuer_name_size = sizeof (issuer_name); + ret = + gnutls_x509_crt_get_issuer_dn (x509_cert_list[i - 2], + issuer_name, &issuer_name_size); + if (ret < 0) + error (EXIT_FAILURE, 0, "get_issuer_dn: %s", + gnutls_strerror (ret)); + + fprintf (outfile, "\tIssued by: %s\n", issuer_name); + + /* Get the Issuer's name + */ + name_size = sizeof (name); + ret = + gnutls_x509_crt_get_dn (x509_cert_list[i - 1], name, &name_size); + if (ret < 0) + error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret)); + + fprintf (outfile, "\tVerifying against certificate[%d].\n", i - 1); + + if (strcmp (issuer_name, name) != 0) + { + fprintf (stderr, "Error: Issuer's name: %s\n", name); + error (EXIT_FAILURE, 0, + "issuer name does not match the next certificate"); + } + + fprintf (outfile, "\tVerification output: "); + print_verification_res (x509_cert_list[i - 2], + x509_cert_list[i - 1], x509_crl_list, + x509_ncrls, + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME); + fprintf (outfile, ".\n\n"); + + } /* now we move ptr after the pem header */ ptr = strstr (ptr, CERT_SEP); if (ptr != NULL) - ptr++; + ptr++; i++; } @@ -2062,7 +2062,7 @@ _verify_x509_mem (const void *cert, int cert_size) */ name_size = sizeof (name); ret = gnutls_x509_crt_get_dn (x509_cert_list[x509_ncerts - 1], name, - &name_size); + &name_size); if (ret < 0) error (EXIT_FAILURE, 0, "get_dn: %s", gnutls_strerror (ret)); @@ -2073,7 +2073,7 @@ _verify_x509_mem (const void *cert, int cert_size) issuer_name_size = sizeof (issuer_name); ret = gnutls_x509_crt_get_issuer_dn (x509_cert_list[x509_ncerts - 1], - issuer_name, &issuer_name_size); + issuer_name, &issuer_name_size); if (ret < 0) error (EXIT_FAILURE, 0, "get_issuer_dn: %s", gnutls_strerror (ret)); @@ -2084,12 +2084,12 @@ _verify_x509_mem (const void *cert, int cert_size) fprintf (outfile, "\tVerification output: "); print_verification_res (x509_cert_list[x509_ncerts - 1], - x509_cert_list[x509_ncerts - 1], x509_crl_list, - /* we add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT since it is - * self signed. */ - x509_ncrls, - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME | - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + x509_cert_list[x509_ncerts - 1], x509_crl_list, + /* we add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT since it is + * self signed. */ + x509_ncrls, + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME | + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); fprintf (outfile, ".\n\n"); @@ -2098,37 +2098,37 @@ _verify_x509_mem (const void *cert, int cert_size) int verify_status; ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts, - &x509_cert_list[x509_ncerts - 1], 1, - x509_crl_list, - x509_ncrls, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT | - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, - &verify_status); + &x509_cert_list[x509_ncerts - 1], 1, + x509_crl_list, + x509_ncrls, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT | + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME, + &verify_status); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); fprintf (outfile, "Chain verification output: "); if (verify_status & GNUTLS_CERT_INVALID) { - fprintf (outfile, "Not verified"); + fprintf (outfile, "Not verified"); } else { - fprintf (outfile, "Verified"); + fprintf (outfile, "Verified"); } if (verify_status & GNUTLS_CERT_SIGNER_NOT_CA) { - fprintf (outfile, ", "); - fprintf (outfile, "Issuer is not a CA"); + fprintf (outfile, ", "); + fprintf (outfile, "Issuer is not a CA"); } if (verify_status & GNUTLS_CERT_INSECURE_ALGORITHM) { - fprintf (outfile, ", "); - fprintf (outfile, "Insecure algorithm"); + fprintf (outfile, ", "); + fprintf (outfile, "Insecure algorithm"); } fprintf (outfile, ".\n"); @@ -2151,9 +2151,9 @@ _verify_x509_mem (const void *cert, int cert_size) static void print_verification_res (gnutls_x509_crt_t crt, - gnutls_x509_crt_t issuer, - gnutls_x509_crl_t * crl_list, int crl_list_size, - unsigned int flags) + gnutls_x509_crt_t issuer, + gnutls_x509_crl_t * crl_list, int crl_list_size, + unsigned int flags) { unsigned int output; int comma = 0; @@ -2177,7 +2177,7 @@ print_verification_res (gnutls_x509_crt_t crt, if (output & GNUTLS_CERT_SIGNER_NOT_CA) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Issuer is not a CA"); comma = 1; } @@ -2185,7 +2185,7 @@ print_verification_res (gnutls_x509_crt_t crt, if (output & GNUTLS_CERT_INSECURE_ALGORITHM) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Insecure algorithm"); comma = 1; } @@ -2193,7 +2193,7 @@ print_verification_res (gnutls_x509_crt_t crt, if (output & GNUTLS_CERT_NOT_ACTIVATED) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Not activated"); comma = 1; } @@ -2201,7 +2201,7 @@ print_verification_res (gnutls_x509_crt_t crt, if (output & GNUTLS_CERT_EXPIRED) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Expired"); comma = 1; } @@ -2211,9 +2211,9 @@ print_verification_res (gnutls_x509_crt_t crt, error (EXIT_FAILURE, 0, "revocation check: %s", gnutls_strerror (ret)); if (ret == 1) - { /* revoked */ + { /* revoked */ if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); comma = 1; fprintf (outfile, "Revoked"); } @@ -2292,7 +2292,7 @@ verify_crl (common_info_st * cinfo) if (output & GNUTLS_CERT_SIGNER_NOT_CA) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Issuer is not a CA"); comma = 1; } @@ -2300,7 +2300,7 @@ verify_crl (common_info_st * cinfo) if (output & GNUTLS_CERT_INSECURE_ALGORITHM) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); fprintf (outfile, "Insecure algorithm"); comma = 1; } @@ -2311,7 +2311,7 @@ verify_crl (common_info_st * cinfo) if (gnutls_x509_crl_get_this_update (crl) > now) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); comma = 1; fprintf (outfile, "Issued in the future!"); } @@ -2319,7 +2319,7 @@ verify_crl (common_info_st * cinfo) if (gnutls_x509_crl_get_next_update (crl) < now) { if (comma) - fprintf (outfile, ", "); + fprintf (outfile, ", "); comma = 1; fprintf (outfile, "CRL is not up to date"); } @@ -2359,7 +2359,7 @@ generate_pkcs8 (common_info_st * cinfo) size = buffer_size; result = gnutls_x509_privkey_export_pkcs8 (key, info.outcert_format, - password, flags, buffer, &size); + password, flags, buffer, &size); if (result < 0) error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result)); @@ -2411,46 +2411,46 @@ generate_pkcs12 (common_info_st * cinfo) result = gnutls_pkcs12_bag_init (&bag); if (result < 0) - error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); result = gnutls_pkcs12_bag_set_crt (bag, crts[i]); if (result < 0) - error (EXIT_FAILURE, 0, "set_crt[%d]: %s", i, - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "set_crt[%d]: %s", i, + gnutls_strerror (result)); indx = result; result = gnutls_pkcs12_bag_set_friendly_name (bag, indx, name); if (result < 0) - error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s", + gnutls_strerror (result)); size = sizeof (_key_id); result = gnutls_x509_crt_get_key_id (crts[i], 0, _key_id, &size); if (result < 0) - error (EXIT_FAILURE, 0, "key_id[%d]: %s", i, - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "key_id[%d]: %s", i, + gnutls_strerror (result)); key_id.data = _key_id; key_id.size = size; result = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id); if (result < 0) - error (EXIT_FAILURE, 0, "bag_set_key_id: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_set_key_id: %s", + gnutls_strerror (result)); if (info.export) - flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; else - flags = cipher_to_flags (info.pkcs_cipher); + flags = cipher_to_flags (info.pkcs_cipher); result = gnutls_pkcs12_bag_encrypt (bag, pass, flags); if (result < 0) - error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_encrypt: %s", gnutls_strerror (result)); result = gnutls_pkcs12_set_bag (pkcs12, bag); if (result < 0) - error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result)); } if (key) @@ -2459,51 +2459,51 @@ generate_pkcs12 (common_info_st * cinfo) result = gnutls_pkcs12_bag_init (&kbag); if (result < 0) - error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); if (info.export) - flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; else - flags = cipher_to_flags (info.pkcs_cipher); + flags = cipher_to_flags (info.pkcs_cipher); size = buffer_size; result = - gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER, - pass, flags, buffer, &size); + gnutls_x509_privkey_export_pkcs8 (key, GNUTLS_X509_FMT_DER, + pass, flags, buffer, &size); if (result < 0) - error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "key_export: %s", gnutls_strerror (result)); data.data = buffer; data.size = size; result = - gnutls_pkcs12_bag_set_data (kbag, - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data); + gnutls_pkcs12_bag_set_data (kbag, + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, &data); if (result < 0) - error (EXIT_FAILURE, 0, "bag_set_data: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_set_data: %s", gnutls_strerror (result)); indx = result; result = gnutls_pkcs12_bag_set_friendly_name (kbag, indx, name); if (result < 0) - error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_set_friendly_name: %s", + gnutls_strerror (result)); size = sizeof (_key_id); result = gnutls_x509_privkey_get_key_id (key, 0, _key_id, &size); if (result < 0) - error (EXIT_FAILURE, 0, "key_id: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "key_id: %s", gnutls_strerror (result)); key_id.data = _key_id; key_id.size = size; result = gnutls_pkcs12_bag_set_key_id (kbag, indx, &key_id); if (result < 0) - error (EXIT_FAILURE, 0, "bag_set_key_id: %s", - gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_set_key_id: %s", + gnutls_strerror (result)); result = gnutls_pkcs12_set_bag (pkcs12, kbag); if (result < 0) - error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "set_bag: %s", gnutls_strerror (result)); } result = gnutls_pkcs12_generate_mac (pkcs12, pass); @@ -2562,56 +2562,56 @@ print_bag_data (gnutls_pkcs12_bag_t bag) { type = gnutls_pkcs12_bag_get_type (bag, i); if (type < 0) - error (EXIT_FAILURE, 0, "get_type: %s", gnutls_strerror (type)); + error (EXIT_FAILURE, 0, "get_type: %s", gnutls_strerror (type)); fprintf (stderr, "\tType: %s\n", BAGTYPE (type)); name = NULL; result = gnutls_pkcs12_bag_get_friendly_name (bag, i, (char **) &name); if (result < 0) - error (EXIT_FAILURE, 0, "get_friendly_name: %s", - gnutls_strerror (type)); + error (EXIT_FAILURE, 0, "get_friendly_name: %s", + gnutls_strerror (type)); if (name) - fprintf (outfile, "\tFriendly name: %s\n", name); + fprintf (outfile, "\tFriendly name: %s\n", name); id.data = NULL; id.size = 0; result = gnutls_pkcs12_bag_get_key_id (bag, i, &id); if (result < 0) - error (EXIT_FAILURE, 0, "get_key_id: %s", gnutls_strerror (type)); + error (EXIT_FAILURE, 0, "get_key_id: %s", gnutls_strerror (type)); fprintf (outfile, "\tKey ID: %s\n", raw_to_string (id.data, id.size)); result = gnutls_pkcs12_bag_get_data (bag, i, &cdata); if (result < 0) - error (EXIT_FAILURE, 0, "get_data: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "get_data: %s", gnutls_strerror (result)); switch (type) - { - case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: - str = "ENCRYPTED PRIVATE KEY"; - break; - case GNUTLS_BAG_PKCS8_KEY: - str = "PRIVATE KEY"; - break; - case GNUTLS_BAG_CERTIFICATE: - str = "CERTIFICATE"; - break; - case GNUTLS_BAG_CRL: - str = "CRL"; - break; - case GNUTLS_BAG_ENCRYPTED: - case GNUTLS_BAG_EMPTY: - default: - str = NULL; - } + { + case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: + str = "ENCRYPTED PRIVATE KEY"; + break; + case GNUTLS_BAG_PKCS8_KEY: + str = "PRIVATE KEY"; + break; + case GNUTLS_BAG_CERTIFICATE: + str = "CERTIFICATE"; + break; + case GNUTLS_BAG_CRL: + str = "CRL"; + break; + case GNUTLS_BAG_ENCRYPTED: + case GNUTLS_BAG_EMPTY: + default: + str = NULL; + } if (str != NULL) - { - gnutls_pem_base64_encode_alloc (str, &cdata, &out); - fprintf (outfile, "%s\n", out.data); + { + gnutls_pem_base64_encode_alloc (str, &cdata, &out); + fprintf (outfile, "%s\n", out.data); - gnutls_free (out.data); - } + gnutls_free (out.data); + } } } @@ -2652,40 +2652,40 @@ pkcs12_info (void) { result = gnutls_pkcs12_bag_init (&bag); if (result < 0) - error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); result = gnutls_pkcs12_get_bag (pkcs12, indx, bag); if (result < 0) - break; + break; result = gnutls_pkcs12_bag_get_count (bag); if (result < 0) - error (EXIT_FAILURE, 0, "bag_count: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_count: %s", gnutls_strerror (result)); fprintf (outfile, "BAG #%d\n", indx); result = gnutls_pkcs12_bag_get_type (bag, 0); if (result < 0) - error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "bag_init: %s", gnutls_strerror (result)); if (result == GNUTLS_BAG_ENCRYPTED) - { - fprintf (stderr, "\tType: %s\n", BAGTYPE (result)); - fprintf (stderr, "\n\tDecrypting...\n"); + { + fprintf (stderr, "\tType: %s\n", BAGTYPE (result)); + fprintf (stderr, "\n\tDecrypting...\n"); - result = gnutls_pkcs12_bag_decrypt (bag, pass); + result = gnutls_pkcs12_bag_decrypt (bag, pass); - if (result < 0) - { - error (0, 0, "bag_decrypt: %s", gnutls_strerror (result)); - continue; - } + if (result < 0) + { + error (0, 0, "bag_decrypt: %s", gnutls_strerror (result)); + continue; + } - result = gnutls_pkcs12_bag_get_count (bag); - if (result < 0) - error (EXIT_FAILURE, 0, "encrypted bag_count: %s", - gnutls_strerror (result)); - } + result = gnutls_pkcs12_bag_get_count (bag); + if (result < 0) + error (EXIT_FAILURE, 0, "encrypted bag_count: %s", + gnutls_strerror (result)); + } print_bag_data (bag); @@ -2732,14 +2732,14 @@ pkcs7_info (void) size = buffer_size; result = gnutls_pkcs7_get_crt_raw (pkcs7, indx, buffer, &size); if (result < 0) - break; + break; data.data = buffer; data.size = size; result = gnutls_pem_base64_encode_alloc ("CERTIFICATE", &data, &b64); if (result < 0) - error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result)); fputs (b64.data, outfile); gnutls_free (b64.data); @@ -2763,14 +2763,14 @@ pkcs7_info (void) size = buffer_size; result = gnutls_pkcs7_get_crl_raw (pkcs7, indx, buffer, &size); if (result < 0) - break; + break; data.data = buffer; data.size = size; result = gnutls_pem_base64_encode_alloc ("X509 CRL", &data, &b64); if (result < 0) - error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result)); + error (EXIT_FAILURE, 0, "encoding: %s", gnutls_strerror (result)); fputs (b64.data, outfile); gnutls_free (b64.data); @@ -2790,7 +2790,7 @@ smime_to_pkcs7 (void) { len = getline (&lineptr, &linesize, infile); if (len == -1) - error (EXIT_FAILURE, 0, "cannot find RFC 2822 header/body separator"); + error (EXIT_FAILURE, 0, "cannot find RFC 2822 header/body separator"); } while (strcmp (lineptr, "\r\n") != 0 && strcmp (lineptr, "\n") != 0); @@ -2798,7 +2798,7 @@ smime_to_pkcs7 (void) { len = getline (&lineptr, &linesize, infile); if (len == -1) - error (EXIT_FAILURE, 0, "message has RFC 2822 header but no body"); + error (EXIT_FAILURE, 0, "message has RFC 2822 header but no body"); } while (strcmp (lineptr, "\r\n") == 0 && strcmp (lineptr, "\n") == 0); @@ -2807,10 +2807,10 @@ smime_to_pkcs7 (void) do { while (len > 0 - && (lineptr[len - 1] == '\r' || lineptr[len - 1] == '\n')) - lineptr[--len] = '\0'; + && (lineptr[len - 1] == '\r' || lineptr[len - 1] == '\n')) + lineptr[--len] = '\0'; if (strcmp (lineptr, "") != 0) - fprintf (outfile, "%s\n", lineptr); + fprintf (outfile, "%s\n", lineptr); len = getline (&lineptr, &linesize, infile); } while (len != -1); @@ -2827,7 +2827,7 @@ certtool_version (void) if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) p = PACKAGE_STRING; version_etc (stdout, program_name, p, gnutls_check_version (NULL), - "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL); + "Nikos Mavrogiannopoulos", "Simon Josefsson", (char *) NULL); } static void @@ -2903,10 +2903,10 @@ pubkey_info (gnutls_x509_crt crt, common_info_st * cinfo) { ret = gnutls_pubkey_import_x509 (pubkey, crt, 0); if (ret < 0) - { - error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", - gnutls_strerror (ret)); - } + { + error (EXIT_FAILURE, 0, "pubkey_import_x509: %s", + gnutls_strerror (ret)); + } } else { @@ -2929,14 +2929,14 @@ pubkey_info (gnutls_x509_crt crt, common_info_st * cinfo) ret = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e); if (ret < 0) - fprintf (stderr, "Error in key RSA data export: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "Error in key RSA data export: %s\n", + gnutls_strerror (ret)); else - { - print_rsa_pkey (&m, &e, NULL, NULL, NULL, NULL, NULL, NULL); - gnutls_free (m.data); - gnutls_free (e.data); - } + { + print_rsa_pkey (&m, &e, NULL, NULL, NULL, NULL, NULL, NULL); + gnutls_free (m.data); + gnutls_free (e.data); + } } else if (ret == GNUTLS_PK_DSA) { @@ -2944,23 +2944,23 @@ pubkey_info (gnutls_x509_crt crt, common_info_st * cinfo) ret = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y); if (ret < 0) - fprintf (stderr, "Error in key DSA data export: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "Error in key DSA data export: %s\n", + gnutls_strerror (ret)); else - { - print_dsa_pkey (NULL, &y, &p, &q, &g); - gnutls_free (y.data); - gnutls_free (p.data); - gnutls_free (q.data); - gnutls_free (g.data); - } + { + print_dsa_pkey (NULL, &y, &p, &q, &g); + gnutls_free (y.data); + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + } } ret = gnutls_pubkey_get_key_usage (pubkey, &usage); if (ret < 0) { error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); } fprintf (outfile, "Public Key Usage:\n"); @@ -2972,7 +2972,7 @@ pubkey_info (gnutls_x509_crt crt, common_info_st * cinfo) if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0) { fprintf (stderr, "Error in key id calculation: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); } else { @@ -108,7 +108,7 @@ typedef struct ssize_t socket_recv (const socket_st * socket, void *buffer, int buffer_size); ssize_t socket_send (const socket_st * socket, const void *buffer, - int buffer_size); + int buffer_size); void socket_open (socket_st * hd, const char *hostname, const char *service); void socket_connect (const socket_st * hd); void socket_bye (socket_st * socket); @@ -157,7 +157,7 @@ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str) if (strlen (str) != 16) { fprintf (stderr, - "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); + "The OpenPGP subkey ID has to be 16 hexadecimal characters.\n"); exit (1); } @@ -182,195 +182,195 @@ load_keys (void) if (x509_certfile != NULL && x509_keyfile != NULL) { if (strncmp (x509_certfile, "pkcs11:", 7) == 0) - { - crt_num = 1; - gnutls_x509_crt_init (&x509_crt[0]); - - ret = - gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, 0); - - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - ret = - gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, - GNUTLS_PKCS11_OBJ_FLAG_LOGIN); - - if (ret < 0) - { - fprintf (stderr, "*** Error loading cert file.\n"); - exit (1); - } - x509_crt_size = 1; - } + { + crt_num = 1; + gnutls_x509_crt_init (&x509_crt[0]); + + ret = + gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, 0); + + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + ret = + gnutls_x509_crt_import_pkcs11_url (x509_crt[0], x509_certfile, + GNUTLS_PKCS11_OBJ_FLAG_LOGIN); + + if (ret < 0) + { + fprintf (stderr, "*** Error loading cert file.\n"); + exit (1); + } + x509_crt_size = 1; + } else - { - - data = load_file (x509_certfile); - if (data.data == NULL) - { - fprintf (stderr, "*** Error loading cert file.\n"); - exit (1); - } - - crt_num = MAX_CRT; - ret = - gnutls_x509_crt_list_import (x509_crt, &crt_num, &data, - GNUTLS_X509_FMT_PEM, - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); - if (ret < 0) - { - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - fprintf (stderr, - "*** Error loading cert file: Too many certs %d\n", - crt_num); - - } - else - { - fprintf (stderr, - "*** Error loading cert file: %s\n", - gnutls_strerror (ret)); - } - exit (1); - } - x509_crt_size = ret; - } + { + + data = load_file (x509_certfile); + if (data.data == NULL) + { + fprintf (stderr, "*** Error loading cert file.\n"); + exit (1); + } + + crt_num = MAX_CRT; + ret = + gnutls_x509_crt_list_import (x509_crt, &crt_num, &data, + GNUTLS_X509_FMT_PEM, + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + if (ret < 0) + { + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + fprintf (stderr, + "*** Error loading cert file: Too many certs %d\n", + crt_num); + + } + else + { + fprintf (stderr, + "*** Error loading cert file: %s\n", + gnutls_strerror (ret)); + } + exit (1); + } + x509_crt_size = ret; + } fprintf (stderr, "Processed %d client certificates...\n", ret); unload_file (data); if (strncmp (x509_keyfile, "pkcs11:", 7) == 0) - { - gnutls_pkcs11_privkey_init (&pkcs11_key); - - ret = - gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading url: %s\n", - gnutls_strerror (ret)); - exit (1); - } - } + { + gnutls_pkcs11_privkey_init (&pkcs11_key); + + ret = + gnutls_pkcs11_privkey_import_url (pkcs11_key, x509_keyfile, 0); + if (ret < 0) + { + fprintf (stderr, "*** Error loading url: %s\n", + gnutls_strerror (ret)); + exit (1); + } + } else - { - data = load_file (x509_keyfile); - if (data.data == NULL) - { - fprintf (stderr, "*** Error loading key file.\n"); - exit (1); - } - - gnutls_x509_privkey_init (&x509_key); - - ret = - gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - fprintf (stderr, "*** Error loading key file: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - unload_file (data); - } + { + data = load_file (x509_keyfile); + if (data.data == NULL) + { + fprintf (stderr, "*** Error loading key file.\n"); + exit (1); + } + + gnutls_x509_privkey_init (&x509_key); + + ret = + gnutls_x509_privkey_import (x509_key, &data, GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + fprintf (stderr, "*** Error loading key file: %s\n", + gnutls_strerror (ret)); + exit (1); + } + + unload_file (data); + } fprintf (stderr, "Processed %d client X.509 certificates...\n", - x509_crt_size); + x509_crt_size); } #ifdef ENABLE_OPENPGP if (pgp_certfile != NULL && pgp_keyfile != NULL) { data = load_file (pgp_certfile); if (data.data == NULL) - { - fprintf (stderr, "*** Error loading PGP cert file.\n"); - exit (1); - } + { + fprintf (stderr, "*** Error loading PGP cert file.\n"); + exit (1); + } gnutls_openpgp_crt_init (&pgp_crt); ret = - gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64); + gnutls_openpgp_crt_import (pgp_crt, &data, GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) - { - fprintf (stderr, - "*** Error loading PGP cert file: %s\n", - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, + "*** Error loading PGP cert file: %s\n", + gnutls_strerror (ret)); + exit (1); + } unload_file (data); if (strncmp (pgp_keyfile, "pkcs11:", 7) == 0) - { - gnutls_pkcs11_privkey_init (&pkcs11_key); - - ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0); - if (ret < 0) - { - fprintf (stderr, "*** Error loading url: %s\n", - gnutls_strerror (ret)); - exit (1); - } - } + { + gnutls_pkcs11_privkey_init (&pkcs11_key); + + ret = gnutls_pkcs11_privkey_import_url (pkcs11_key, pgp_keyfile, 0); + if (ret < 0) + { + fprintf (stderr, "*** Error loading url: %s\n", + gnutls_strerror (ret)); + exit (1); + } + } else - { - - data = load_file (pgp_keyfile); - if (data.data == NULL) - { - fprintf (stderr, "*** Error loading PGP key file.\n"); - exit (1); - } - - gnutls_openpgp_privkey_init (&pgp_key); - - ret = - gnutls_openpgp_privkey_import (pgp_key, &data, - GNUTLS_OPENPGP_FMT_BASE64, NULL, - 0); - if (ret < 0) - { - fprintf (stderr, - "*** Error loading PGP key file: %s\n", - gnutls_strerror (ret)); - exit (1); - } - - unload_file (data); - } + { + + data = load_file (pgp_keyfile); + if (data.data == NULL) + { + fprintf (stderr, "*** Error loading PGP key file.\n"); + exit (1); + } + + gnutls_openpgp_privkey_init (&pgp_key); + + ret = + gnutls_openpgp_privkey_import (pgp_key, &data, + GNUTLS_OPENPGP_FMT_BASE64, NULL, + 0); + if (ret < 0) + { + fprintf (stderr, + "*** Error loading PGP key file: %s\n", + gnutls_strerror (ret)); + exit (1); + } + + unload_file (data); + } if (info.pgp_subkey != NULL) - { - gnutls_openpgp_keyid_t keyid; - - if (strcasecmp (info.pgp_subkey, "auto") == 0) - { - ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1); - if (ret < 0) - { - fprintf (stderr, - "*** Error setting preferred sub key id (%s): %s\n", - info.pgp_subkey, gnutls_strerror (ret)); - exit (1); - } - } - else - get_keyid (keyid, info.pgp_subkey); - - ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid); - if (ret >= 0) - ret = - gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid); - if (ret < 0) - { - fprintf (stderr, - "*** Error setting preferred sub key id (%s): %s\n", - info.pgp_subkey, gnutls_strerror (ret)); - exit (1); - } - } + { + gnutls_openpgp_keyid_t keyid; + + if (strcasecmp (info.pgp_subkey, "auto") == 0) + { + ret = gnutls_openpgp_crt_get_auth_subkey (pgp_crt, keyid, 1); + if (ret < 0) + { + fprintf (stderr, + "*** Error setting preferred sub key id (%s): %s\n", + info.pgp_subkey, gnutls_strerror (ret)); + exit (1); + } + } + else + get_keyid (keyid, info.pgp_subkey); + + ret = gnutls_openpgp_crt_set_preferred_key_id (pgp_crt, keyid); + if (ret >= 0) + ret = + gnutls_openpgp_privkey_set_preferred_key_id (pgp_key, keyid); + if (ret < 0) + { + fprintf (stderr, + "*** Error setting preferred sub key id (%s): %s\n", + info.pgp_subkey, gnutls_strerror (ret)); + exit (1); + } + } fprintf (stderr, "Processed 1 client PGP certificate...\n"); } @@ -392,7 +392,7 @@ cert_verify_callback (gnutls_session_t session) { printf ("*** Verifying server certificate failed...\n"); if (!insecure) - return -1; + return -1; } return 0; @@ -405,9 +405,9 @@ cert_verify_callback (gnutls_session_t session) static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st) + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st) { char issuer_dn[256]; int i, ret; @@ -418,21 +418,21 @@ cert_callback (gnutls_session_t session, /* Print the server's trusted CAs */ if (nreqs > 0) - printf ("- Server's trusted authorities:\n"); + printf ("- Server's trusted authorities:\n"); else - printf ("- Server did not send us any trusted authorities names.\n"); + printf ("- Server did not send us any trusted authorities names.\n"); /* print the names (if any) */ for (i = 0; i < nreqs; i++) - { - len = sizeof (issuer_dn); - ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len); - if (ret >= 0) - { - printf (" [%d]: ", i); - printf ("%s\n", issuer_dn); - } - } + { + len = sizeof (issuer_dn); + ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len); + if (ret >= 0) + { + printf (" [%d]: ", i); + printf ("%s\n", issuer_dn); + } + } } /* Select a certificate and return it. @@ -450,98 +450,98 @@ cert_callback (gnutls_session_t session, int i, match = 0; if (x509_crt_size > 0) - { - ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]); - if (ret < 0) - { - /* error reading signature algorithm */ - return -1; - } - cert_algo = ret; - - i = 0; - do - { - ret = - gnutls_sign_algorithm_get_requested (session, i, &req_algo); - if (ret >= 0 && cert_algo == req_algo) - { - match = 1; - break; - } - - /* server has not requested anything specific */ - if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - { - match = 1; - break; - } - i++; - } - while (ret >= 0); - - if (match == 0) - { - printf - ("- Could not find a suitable certificate to send to server\n"); - return -1; - } - - if (x509_key != NULL) - { - st->key.x509 = x509_key; - st->key_type = GNUTLS_PRIVKEY_X509; - } - else if (pkcs11_key != NULL) - { - st->key.pkcs11 = pkcs11_key; - st->key_type = GNUTLS_PRIVKEY_PKCS11; - } - else - { - printf ("- Could not find a suitable key to send to server\n"); - return -1; - } - - st->ncerts = x509_crt_size; - - st->cert.x509 = x509_crt; - - st->deinit_all = 0; - - return 0; - } + { + ret = gnutls_x509_crt_get_signature_algorithm (x509_crt[0]); + if (ret < 0) + { + /* error reading signature algorithm */ + return -1; + } + cert_algo = ret; + + i = 0; + do + { + ret = + gnutls_sign_algorithm_get_requested (session, i, &req_algo); + if (ret >= 0 && cert_algo == req_algo) + { + match = 1; + break; + } + + /* server has not requested anything specific */ + if (i == 0 && ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + match = 1; + break; + } + i++; + } + while (ret >= 0); + + if (match == 0) + { + printf + ("- Could not find a suitable certificate to send to server\n"); + return -1; + } + + if (x509_key != NULL) + { + st->key.x509 = x509_key; + st->key_type = GNUTLS_PRIVKEY_X509; + } + else if (pkcs11_key != NULL) + { + st->key.pkcs11 = pkcs11_key; + st->key_type = GNUTLS_PRIVKEY_PKCS11; + } + else + { + printf ("- Could not find a suitable key to send to server\n"); + return -1; + } + + st->ncerts = x509_crt_size; + + st->cert.x509 = x509_crt; + + st->deinit_all = 0; + + return 0; + } } else if (st->cert_type == GNUTLS_CRT_OPENPGP) { if (pgp_crt != NULL) - { - - if (pgp_key != NULL) - { - st->key.pgp = pgp_key; - st->key_type = GNUTLS_PRIVKEY_OPENPGP; - } - else if (pkcs11_key != NULL) - { - st->key.pkcs11 = pkcs11_key; - st->key_type = GNUTLS_PRIVKEY_PKCS11; - } - else - { - printf ("- Could not find a suitable key to send to server\n"); - return -1; - } - - st->ncerts = 1; - - st->cert.pgp = pgp_crt; - - st->deinit_all = 0; - - return 0; - } + { + + if (pgp_key != NULL) + { + st->key.pgp = pgp_key; + st->key_type = GNUTLS_PRIVKEY_OPENPGP; + } + else if (pkcs11_key != NULL) + { + st->key.pkcs11 = pkcs11_key; + st->key_type = GNUTLS_PRIVKEY_PKCS11; + } + else + { + printf ("- Could not find a suitable key to send to server\n"); + return -1; + } + + st->ncerts = 1; + + st->cert.pgp = pgp_crt; + + st->deinit_all = 0; + + return 0; + } } printf ("- Successfully sent %d certificate(s) to server.\n", st->ncerts); @@ -572,9 +572,9 @@ init_tls_session (const char *hostname) { gnutls_handshake_set_private_extensions (session, 1); gnutls_server_name_set (session, GNUTLS_NAME_DNS, hostname, - strlen (hostname)); + strlen (hostname)); if (cert_type_priority[0]) - gnutls_certificate_type_set_priority (session, cert_type_priority); + gnutls_certificate_type_set_priority (session, cert_type_priority); } if (cipher_priority[0]) @@ -611,13 +611,13 @@ init_tls_session (const char *hostname) if (record_max_size > 0 && disable_extensions == 0) { if (gnutls_record_set_max_size (session, record_max_size) < 0) - { - fprintf (stderr, - "Cannot set the maximum record size to %d.\n", - record_max_size); - fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n"); - exit (1); - } + { + fprintf (stderr, + "Cannot set the maximum record size to %d.\n", + record_max_size); + fprintf (stderr, "Possible values: 512, 1024, 2048, 4096.\n"); + exit (1); + } } #ifdef ENABLE_SESSION_TICKET @@ -663,7 +663,7 @@ handle_error (socket_st * hd, int err) alert = gnutls_alert_get (hd->session); str = gnutls_alert_get_name (alert); if (str == NULL) - str = str_unknown; + str = str_unknown; printf ("*** Received alert [%d]: %s\n", alert, str); /* In SRP if the alert is MISSING_SRP_USERNAME, @@ -754,58 +754,58 @@ main (int argc, char **argv) if (i == 1) - { - hd.session = init_tls_session (hostname); - gnutls_session_set_data (hd.session, session_data, - session_data_size); - free (session_data); - } + { + hd.session = init_tls_session (hostname); + gnutls_session_set_data (hd.session, session_data, + session_data_size); + free (session_data); + } ret = do_handshake (&hd); if (ret < 0) - { - fprintf (stderr, "*** Handshake has failed\n"); - gnutls_perror (ret); - gnutls_deinit (hd.session); - return 1; - } + { + fprintf (stderr, "*** Handshake has failed\n"); + gnutls_perror (ret); + gnutls_deinit (hd.session); + return 1; + } else - { - printf ("- Handshake was completed\n"); - if (gnutls_session_is_resumed (hd.session) != 0) - printf ("*** This is a resumed session\n"); - } + { + printf ("- Handshake was completed\n"); + if (gnutls_session_is_resumed (hd.session) != 0) + printf ("*** This is a resumed session\n"); + } if (resume != 0 && i == 0) - { + { - gnutls_session_get_data (hd.session, NULL, &session_data_size); - session_data = malloc (session_data_size); + gnutls_session_get_data (hd.session, NULL, &session_data_size); + session_data = malloc (session_data_size); - gnutls_session_get_data (hd.session, session_data, - &session_data_size); + gnutls_session_get_data (hd.session, session_data, + &session_data_size); - gnutls_session_get_id (hd.session, NULL, &session_id_size); + gnutls_session_get_id (hd.session, NULL, &session_id_size); - session_id = malloc (session_id_size); - gnutls_session_get_id (hd.session, session_id, &session_id_size); + session_id = malloc (session_id_size); + gnutls_session_get_id (hd.session, session_id, &session_id_size); - /* print some information */ - print_info (hd.session, hostname, info.insecure); + /* print some information */ + print_info (hd.session, hostname, info.insecure); - printf ("- Disconnecting\n"); - socket_bye (&hd); + printf ("- Disconnecting\n"); + socket_bye (&hd); - printf - ("\n\n- Connecting again- trying to resume previous session\n"); - socket_open (&hd, hostname, service); - socket_connect (&hd); - } + printf + ("\n\n- Connecting again- trying to resume previous session\n"); + socket_open (&hd, hostname, service); + socket_connect (&hd); + } else - { - break; - } + { + break; + } } after_handshake: @@ -819,16 +819,16 @@ after_handshake: ret = do_handshake (&hd); if (ret < 0) - { - fprintf (stderr, "*** ReHandshake has failed\n"); - gnutls_perror (ret); - gnutls_deinit (hd.session); - return 1; - } + { + fprintf (stderr, "*** ReHandshake has failed\n"); + gnutls_perror (ret); + gnutls_deinit (hd.session); + return 1; + } else - { - printf ("- ReHandshake was completed\n"); - } + { + printf ("- ReHandshake was completed\n"); + } } #ifndef _WIN32 @@ -848,20 +848,20 @@ after_handshake: for (;;) { if (starttls_alarmed && !hd.secure) - { - /* Warning! Do not touch this text string, it is used by - external programs to search for when gnutls-cli has - reached this point. */ - fprintf (stderr, "*** Starting TLS handshake\n"); - ret = do_handshake (&hd); - if (ret < 0) - { - fprintf (stderr, "*** Handshake has failed\n"); - user_term = 1; - retval = 1; - break; - } - } + { + /* Warning! Do not touch this text string, it is used by + external programs to search for when gnutls-cli has + reached this point. */ + fprintf (stderr, "*** Starting TLS handshake\n"); + ret = do_handshake (&hd); + if (ret < 0) + { + fprintf (stderr, "*** Handshake has failed\n"); + user_term = 1; + retval = 1; + break; + } + } FD_ZERO (&rset); FD_SET (fileno (stdin), &rset); @@ -873,89 +873,89 @@ after_handshake: err = select (maxfd + 1, &rset, NULL, NULL, &tv); if (err < 0) - continue; + continue; if (FD_ISSET (hd.fd, &rset)) - { - memset (buffer, 0, MAX_BUF + 1); - ret = socket_recv (&hd, buffer, MAX_BUF); - - if (ret == 0) - { - printf ("- Peer has closed the GnuTLS connection\n"); - break; - } - else if (handle_error (&hd, ret) < 0 && user_term == 0) - { - fprintf (stderr, - "*** Server has terminated the connection abnormally.\n"); - retval = 1; - break; - } - else if (ret > 0) - { - if (verbose != 0) - printf ("- Received[%d]: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } - fflush (stdout); - } - - if (user_term != 0) - break; - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = socket_recv (&hd, buffer, MAX_BUF); + + if (ret == 0) + { + printf ("- Peer has closed the GnuTLS connection\n"); + break; + } + else if (handle_error (&hd, ret) < 0 && user_term == 0) + { + fprintf (stderr, + "*** Server has terminated the connection abnormally.\n"); + retval = 1; + break; + } + else if (ret > 0) + { + if (verbose != 0) + printf ("- Received[%d]: ", ret); + for (ii = 0; ii < ret; ii++) + { + fputc (buffer[ii], stdout); + } + fflush (stdout); + } + + if (user_term != 0) + break; + } if (FD_ISSET (fileno (stdin), &rset)) - { - if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0) - { - if (hd.secure == 0) - { - /* Warning! Do not touch this text string, it is - used by external programs to search for when - gnutls-cli has reached this point. */ - fprintf (stderr, "*** Starting TLS handshake\n"); - ret = do_handshake (&hd); - clearerr (stdin); - if (ret < 0) - { - fprintf (stderr, "*** Handshake has failed\n"); - user_term = 1; - retval = 1; - break; - } - } - else - { - user_term = 1; - break; - } - continue; - } - - if (crlf != 0) - { - char *b = strchr (buffer, '\n'); - if (b != NULL) - { - strcpy (b, "\r\n"); - bytes++; - } - } - - ret = socket_send (&hd, buffer, bytes); - - if (ret > 0) - { - if (verbose != 0) - printf ("- Sent: %d bytes\n", ret); - } - else - handle_error (&hd, ret); - - } + { + if ((bytes = read (fileno (stdin), buffer, MAX_BUF - 1)) <= 0) + { + if (hd.secure == 0) + { + /* Warning! Do not touch this text string, it is + used by external programs to search for when + gnutls-cli has reached this point. */ + fprintf (stderr, "*** Starting TLS handshake\n"); + ret = do_handshake (&hd); + clearerr (stdin); + if (ret < 0) + { + fprintf (stderr, "*** Handshake has failed\n"); + user_term = 1; + retval = 1; + break; + } + } + else + { + user_term = 1; + break; + } + continue; + } + + if (crlf != 0) + { + char *b = strchr (buffer, '\n'); + if (b != NULL) + { + strcpy (b, "\r\n"); + bytes++; + } + } + + ret = socket_send (&hd, buffer, bytes); + + if (ret > 0) + { + if (verbose != 0) + printf ("- Sent: %d bytes\n", ret); + } + else + handle_error (&hd, ret); + + } } if (user_term != 0) @@ -989,7 +989,7 @@ gaa_parser (int argc, char **argv) if (gaa (argc, argv, &info) != -1) { fprintf (stderr, - "Error in the arguments. Use the --help or -h parameters to get more information.\n"); + "Error in the arguments. Use the --help or -h parameters to get more information.\n"); exit (1); } @@ -1051,7 +1051,7 @@ cli_version (void) if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) p = PACKAGE_STRING; version_etc (stdout, program_name, p, gnutls_check_version (NULL), - "Nikos Mavrogiannopoulos", (char *) NULL); + "Nikos Mavrogiannopoulos", (char *) NULL); } @@ -1071,13 +1071,13 @@ check_rehandshake (socket_st * socket, int ret) ret = do_handshake (socket); if (ret == 0) - { - printf ("*** Rehandshake was performed.\n"); - } + { + printf ("*** Rehandshake was performed.\n"); + } else - { - printf ("*** Rehandshake Failed.\n"); - } + { + printf ("*** Rehandshake Failed.\n"); + } } } @@ -1088,16 +1088,16 @@ do_handshake (socket_st * socket) int ret; gnutls_transport_set_ptr (socket->session, - (gnutls_transport_ptr_t) - gl_fd_to_handle (socket->fd)); + (gnutls_transport_ptr_t) + gl_fd_to_handle (socket->fd)); do { ret = gnutls_handshake (socket->session); if (ret < 0) - { - handle_error (socket, ret); - } + { + handle_error (socket, ret); + } } while (ret < 0 && gnutls_error_is_fatal (ret) == 0); @@ -1120,7 +1120,7 @@ do_handshake (socket_st * socket) static int srp_username_callback (gnutls_session_t session, - char **username, char **password) + char **username, char **password) { if (srp_username == NULL || srp_passwd == NULL) { @@ -1162,15 +1162,15 @@ psk_callback (gnutls_session_t session, char **username, gnutls_datum_t * key) len = getline (&tmp, &n, stdin); if (tmp == NULL) - { - fprintf (stderr, "No username given, aborting...\n"); - return GNUTLS_E_INSUFFICIENT_CREDENTIALS; - } + { + fprintf (stderr, "No username given, aborting...\n"); + return GNUTLS_E_INSUFFICIENT_CREDENTIALS; + } if (tmp[strlen (tmp) - 1] == '\n') - tmp[strlen (tmp) - 1] = '\0'; + tmp[strlen (tmp) - 1] = '\0'; if (tmp[strlen (tmp) - 1] == '\r') - tmp[strlen (tmp) - 1] = '\0'; + tmp[strlen (tmp) - 1] = '\0'; *username = gnutls_strdup (tmp); free (tmp); @@ -1197,7 +1197,7 @@ psk_callback (gnutls_session_t session, char **username, gnutls_datum_t * key) if (ret < 0) { fprintf (stderr, "Error deriving password: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); gnutls_free (*username); return ret; } @@ -1233,29 +1233,29 @@ init_global_tls_stuff (void) if (x509_cafile != NULL) { ret = gnutls_certificate_set_x509_trust_file (xcred, - x509_cafile, x509ctype); + x509_cafile, x509ctype); if (ret < 0) - { - fprintf (stderr, "Error setting the x509 trust file\n"); - } + { + fprintf (stderr, "Error setting the x509 trust file\n"); + } else - { - printf ("Processed %d CA certificate(s).\n", ret); - } + { + printf ("Processed %d CA certificate(s).\n", ret); + } } #ifdef ENABLE_PKI if (x509_crlfile != NULL) { ret = gnutls_certificate_set_x509_crl_file (xcred, x509_crlfile, - x509ctype); + x509ctype); if (ret < 0) - { - fprintf (stderr, "Error setting the x509 CRL file\n"); - } + { + fprintf (stderr, "Error setting the x509 CRL file\n"); + } else - { - printf ("Processed %d CRL(s).\n", ret); - } + { + printf ("Processed %d CRL(s).\n", ret); + } } #endif @@ -1265,12 +1265,12 @@ init_global_tls_stuff (void) if (pgp_keyring != NULL) { ret = - gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring, - GNUTLS_OPENPGP_FMT_BASE64); + gnutls_certificate_set_openpgp_keyring_file (xcred, pgp_keyring, + GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) - { - fprintf (stderr, "Error setting the OpenPGP keyring file\n"); - } + { + fprintf (stderr, "Error setting the OpenPGP keyring file\n"); + } } #endif @@ -1279,12 +1279,12 @@ init_global_tls_stuff (void) { /* SRP stuff */ if (gnutls_srp_allocate_client_credentials (&srp_cred) < 0) - { - fprintf (stderr, "SRP authentication error\n"); - } + { + fprintf (stderr, "SRP authentication error\n"); + } gnutls_srp_set_client_credentials_function (srp_cred, - srp_username_callback); + srp_username_callback); } #endif @@ -1298,13 +1298,13 @@ init_global_tls_stuff (void) if (psk_username && psk_key.data) { ret = gnutls_psk_set_client_credentials (psk_cred, - psk_username, &psk_key, - GNUTLS_PSK_KEY_HEX); + psk_username, &psk_key, + GNUTLS_PSK_KEY_HEX); if (ret < 0) - { - fprintf (stderr, "Error setting the PSK credentials: %s\n", - gnutls_strerror (ret)); - } + { + fprintf (stderr, "Error setting the PSK credentials: %s\n", + gnutls_strerror (ret)); + } } gnutls_psk_set_client_credentials_function (psk_cred, psk_callback); #endif @@ -1330,13 +1330,13 @@ socket_recv (const socket_st * socket, void *buffer, int buffer_size) if (socket->secure) do { - ret = gnutls_record_recv (socket->session, buffer, buffer_size); + ret = gnutls_record_recv (socket->session, buffer, buffer_size); } while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); else do { - ret = recv (socket->fd, buffer, buffer_size, 0); + ret = recv (socket->fd, buffer, buffer_size, 0); } while (ret == -1 && errno == EINTR); @@ -1351,19 +1351,19 @@ socket_send (const socket_st * socket, const void *buffer, int buffer_size) if (socket->secure) do { - ret = gnutls_record_send (socket->session, buffer, buffer_size); + ret = gnutls_record_send (socket->session, buffer, buffer_size); } while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED); else do { - ret = send (socket->fd, buffer, buffer_size, 0); + ret = send (socket->fd, buffer, buffer_size, 0); } while (ret == -1 && errno == EINTR); if (ret > 0 && ret != buffer_size && verbose) fprintf (stderr, - "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); + "*** Only sent %d bytes instead of %d.\n", ret, buffer_size); return ret; } @@ -1375,11 +1375,11 @@ socket_bye (socket_st * socket) if (socket->secure) { do - ret = gnutls_bye (socket->session, GNUTLS_SHUT_WR); + ret = gnutls_bye (socket->session, GNUTLS_SHUT_WR); while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); if (ret < 0) - fprintf (stderr, "*** gnutls_bye() error: %s\n", - gnutls_strerror (ret)); + fprintf (stderr, "*** gnutls_bye() error: %s\n", + gnutls_strerror (ret)); gnutls_deinit (socket->session); socket->session = NULL; } @@ -1391,7 +1391,7 @@ socket_bye (socket_st * socket) free (socket->hostname); free (socket->service); - shutdown (socket->fd, SHUT_RDWR); /* no more receptions */ + shutdown (socket->fd, SHUT_RDWR); /* no more receptions */ close (socket->fd); socket->fd = -1; @@ -1409,7 +1409,7 @@ socket_connect (const socket_st * hd) if (err < 0) { fprintf (stderr, "Cannot connect to %s:%s: %s\n", hd->hostname, - hd->service, strerror (errno)); + hd->service, strerror (errno)); exit (1); } } @@ -1429,7 +1429,7 @@ socket_open (socket_st * hd, const char *hostname, const char *service) if ((err = getaddrinfo (hostname, service, &hints, &res))) { fprintf (stderr, "Cannot resolve %s:%s: %s\n", hostname, service, - gai_strerror (err)); + gai_strerror (err)); exit (1); } @@ -1438,16 +1438,16 @@ socket_open (socket_st * hd, const char *hostname, const char *service) { sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); if (sd == -1) - continue; + continue; if ((err = getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, - portname, sizeof (portname), - NI_NUMERICHOST | NI_NUMERICSERV)) != 0) - { - fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err)); - freeaddrinfo (res); - exit (1); - } + portname, sizeof (portname), + NI_NUMERICHOST | NI_NUMERICSERV)) != 0) + { + fprintf (stderr, "getnameinfo(): %s\n", gai_strerror (err)); + freeaddrinfo (res); + exit (1); + } break; } diff --git a/src/common.c b/src/common.c index cbd40e2d9c..5f79273ef6 100644 --- a/src/common.c +++ b/src/common.c @@ -62,7 +62,7 @@ raw_to_string (const unsigned char *raw, size_t raw_size) for (i = 0; i < raw_size; i++) { sprintf (&(buf[i * 3]), "%02X%s", raw[i], - (i == raw_size - 1) ? "" : ":"); + (i == raw_size - 1) ? "" : ":"); } buf[sizeof (buf) - 1] = '\0'; @@ -94,64 +94,64 @@ print_x509_info (gnutls_session_t session, const char *hostname, int insecure) gnutls_x509_crt_init (&crt); ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER); if (ret < 0) - { - fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); - return; - } + { + fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); + return; + } printf (" - Certificate[%d] info:\n - ", j); if (verbose) - ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo); + ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo); else - ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo); + ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo); if (ret == 0) - { - printf ("%s\n", cinfo.data); - gnutls_free (cinfo.data); - } + { + printf ("%s\n", cinfo.data); + gnutls_free (cinfo.data); + } if (print_cert) - { - size_t size = 0; - char *p = NULL; - - ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size); - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - p = malloc (size); - if (!p) - { - fprintf (stderr, "gnutls_malloc\n"); - exit (1); - } - - ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, - p, &size); - } - if (ret < 0) - { - fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); - return; - } - - fputs ("\n", stdout); - fputs (p, stdout); - fputs ("\n", stdout); - - gnutls_free (p); - } + { + size_t size = 0; + char *p = NULL; + + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + p = malloc (size); + if (!p) + { + fprintf (stderr, "gnutls_malloc\n"); + exit (1); + } + + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, + p, &size); + } + if (ret < 0) + { + fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); + return; + } + + fputs ("\n", stdout); + fputs (p, stdout); + fputs ("\n", stdout); + + gnutls_free (p); + } if (j == 0 && hostname != NULL) - { - /* Check the hostname of the first certificate if it matches - * the name of the host we connected to. - */ - if (gnutls_x509_crt_check_hostname (crt, hostname) == 0) - hostname_ok = 1; - else - hostname_ok = 2; - } + { + /* Check the hostname of the first certificate if it matches + * the name of the host we connected to. + */ + if (gnutls_x509_crt_check_hostname (crt, hostname) == 0) + hostname_ok = 1; + else + hostname_ok = 2; + } gnutls_x509_crt_deinit (crt); } @@ -159,9 +159,9 @@ print_x509_info (gnutls_session_t session, const char *hostname, int insecure) if (hostname_ok == 1) { printf ("- The hostname in the certificate does NOT match '%s'\n", - hostname); + hostname); if (!insecure) - exit (1); + exit (1); } else if (hostname_ok == 2) { @@ -173,7 +173,7 @@ print_x509_info (gnutls_session_t session, const char *hostname, int insecure) static void print_openpgp_info (gnutls_session_t session, const char *hostname, - int insecure) + int insecure) { gnutls_openpgp_crt_t crt; @@ -190,65 +190,65 @@ print_openpgp_info (gnutls_session_t session, const char *hostname, gnutls_openpgp_crt_init (&crt); ret = gnutls_openpgp_crt_import (crt, &cert_list[0], - GNUTLS_OPENPGP_FMT_RAW); + GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) - { - fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); - return; - } + { + fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret)); + return; + } if (verbose) - ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo); + ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo); else - ret = - gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo); + ret = + gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo); if (ret == 0) - { - printf (" - %s\n", cinfo.data); - gnutls_free (cinfo.data); - } + { + printf (" - %s\n", cinfo.data); + gnutls_free (cinfo.data); + } if (print_cert) - { - size_t size = 0; - char *p = NULL; - - ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64, - p, &size); - if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) - { - p = malloc (size); - if (!p) - { - fprintf (stderr, "gnutls_malloc\n"); - exit (1); - } - - ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64, - p, &size); - } - if (ret < 0) - { - fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); - return; - } - - fputs (p, stdout); - fputs ("\n", stdout); - - gnutls_free (p); - } + { + size_t size = 0; + char *p = NULL; + + ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64, + p, &size); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + p = malloc (size); + if (!p) + { + fprintf (stderr, "gnutls_malloc\n"); + exit (1); + } + + ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64, + p, &size); + } + if (ret < 0) + { + fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret)); + return; + } + + fputs (p, stdout); + fputs ("\n", stdout); + + gnutls_free (p); + } if (hostname != NULL) - { - /* Check the hostname of the first certificate if it matches - * the name of the host we connected to. - */ - if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0) - hostname_ok = 1; - else - hostname_ok = 2; - } + { + /* Check the hostname of the first certificate if it matches + * the name of the host we connected to. + */ + if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0) + hostname_ok = 1; + else + hostname_ok = 2; + } gnutls_openpgp_crt_deinit (crt); } @@ -256,9 +256,9 @@ print_openpgp_info (gnutls_session_t session, const char *hostname, if (hostname_ok == 1) { printf ("- The hostname in the certificate does NOT match '%s'\n", - hostname); + hostname); if (!insecure) - exit (1); + exit (1); } else if (hostname_ok == 2) { @@ -278,7 +278,7 @@ print_cert_vrfy (gnutls_session_t session) if (rc < 0) { printf ("- Could not verify certificate (err: %s)\n", - gnutls_strerror (rc)); + gnutls_strerror (rc)); return; } @@ -291,31 +291,31 @@ print_cert_vrfy (gnutls_session_t session) if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509) { if (status & GNUTLS_CERT_REVOKED) - printf ("- Peer's certificate chain revoked\n"); + printf ("- Peer's certificate chain revoked\n"); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - printf ("- Peer's certificate issuer is unknown\n"); + printf ("- Peer's certificate issuer is unknown\n"); if (status & GNUTLS_CERT_SIGNER_NOT_CA) - printf ("- Peer's certificate issuer is not a CA\n"); + printf ("- Peer's certificate issuer is not a CA\n"); if (status & GNUTLS_CERT_INSECURE_ALGORITHM) - printf ("- Peer's certificate chain uses insecure algorithm\n"); + printf ("- Peer's certificate chain uses insecure algorithm\n"); if (status & GNUTLS_CERT_NOT_ACTIVATED) - printf - ("- Peer's certificate chain uses not yet valid certificate\n"); + printf + ("- Peer's certificate chain uses not yet valid certificate\n"); if (status & GNUTLS_CERT_EXPIRED) - printf ("- Peer's certificate chain uses expired certificate\n"); + printf ("- Peer's certificate chain uses expired certificate\n"); if (status & GNUTLS_CERT_INVALID) - printf ("- Peer's certificate is NOT trusted\n"); + printf ("- Peer's certificate is NOT trusted\n"); else - printf ("- Peer's certificate is trusted\n"); + printf ("- Peer's certificate is trusted\n"); } else { if (status & GNUTLS_CERT_INVALID) - printf ("- Peer's key is invalid\n"); + printf ("- Peer's key is invalid\n"); else - printf ("- Peer's key is valid\n"); + printf ("- Peer's key is valid\n"); if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) - printf ("- Could not find a signer of the peer's key\n"); + printf ("- Could not find a signer of the peer's key\n"); } } @@ -326,7 +326,7 @@ print_dh_info (gnutls_session_t session, const char *str) printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session)); printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session)); printf (" - Peer's public key: %d bits\n", - gnutls_dh_get_peers_public_bits (session)); + gnutls_dh_get_peers_public_bits (session)); if (print_cert) { @@ -339,52 +339,52 @@ print_dh_info (gnutls_session_t session, const char *str) ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime); if (ret) - { - fprintf (stderr, "gnutls_dh_get_group %d\n", ret); - goto out; - } + { + fprintf (stderr, "gnutls_dh_get_group %d\n", ret); + goto out; + } ret = gnutls_dh_params_init (&dh_params); if (ret) - { - fprintf (stderr, "gnutls_dh_params_init %d\n", ret); - goto out; - } + { + fprintf (stderr, "gnutls_dh_params_init %d\n", ret); + goto out; + } ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen); if (ret) - { - fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret); - goto out; - } + { + fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret); + goto out; + } ret = gnutls_dh_params_export_pkcs3 (dh_params, - GNUTLS_X509_FMT_PEM, - params_data, ¶ms_data_size); + GNUTLS_X509_FMT_PEM, + params_data, ¶ms_data_size); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret); - goto out; - } + { + fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret); + goto out; + } params_data = gnutls_malloc (params_data_size); if (!params_data) - { - fprintf (stderr, "gnutls_malloc %d\n", ret); - goto out; - } + { + fprintf (stderr, "gnutls_malloc %d\n", ret); + goto out; + } ret = gnutls_dh_params_export_pkcs3 (dh_params, - GNUTLS_X509_FMT_PEM, - params_data, ¶ms_data_size); + GNUTLS_X509_FMT_PEM, + params_data, ¶ms_data_size); if (ret) - { - fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret); - goto out; - } + { + fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret); + goto out; + } printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size, - params_data); + params_data); out: gnutls_free (params_data); @@ -420,8 +420,8 @@ print_info (gnutls_session_t session, const char *hostname, int insecure) * side. */ if (gnutls_srp_server_get_username (session) != NULL) - printf ("- SRP authentication. Connected as '%s'\n", - gnutls_srp_server_get_username (session)); + printf ("- SRP authentication. Connected as '%s'\n", + gnutls_srp_server_get_username (session)); break; #endif #ifdef ENABLE_PSK @@ -429,15 +429,15 @@ print_info (gnutls_session_t session, const char *hostname, int insecure) /* This returns NULL in server side. */ if (gnutls_psk_client_get_hint (session) != NULL) - printf ("- PSK authentication. PSK hint '%s'\n", - gnutls_psk_client_get_hint (session)); + printf ("- PSK authentication. PSK hint '%s'\n", + gnutls_psk_client_get_hint (session)); /* This returns NULL in client side. */ if (gnutls_psk_server_get_username (session) != NULL) - printf ("- PSK authentication. Connected as '%s'\n", - gnutls_psk_server_get_username (session)); + printf ("- PSK authentication. Connected as '%s'\n", + gnutls_psk_server_get_username (session)); if (kx == GNUTLS_KX_DHE_PSK) - print_dh_info (session, "Ephemeral "); + print_dh_info (session, "Ephemeral "); break; #endif case GNUTLS_CRD_IA: @@ -445,19 +445,19 @@ print_info (gnutls_session_t session, const char *hostname, int insecure) break; case GNUTLS_CRD_CERTIFICATE: { - char dns[256]; - size_t dns_size = sizeof (dns); - unsigned int type; - - /* This fails in client side */ - if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) - { - printf ("- Given server name[%d]: %s\n", type, dns); - } + char dns[256]; + size_t dns_size = sizeof (dns); + unsigned int type; + + /* This fails in client side */ + if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) + { + printf ("- Given server name[%d]: %s\n", type, dns); + } } if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) - print_dh_info (session, "Ephemeral "); + print_dh_info (session, "Ephemeral "); print_cert_info (session, hostname, insecure); @@ -494,18 +494,18 @@ print_info (gnutls_session_t session, const char *hostname, int insecure) int rc; rc = - gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb); + gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb); if (rc) - fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc)); + fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc)); else - { - size_t i; - - printf ("- Channel binding 'tls-unique': "); - for (i = 0; i < cb.size; i++) - printf ("%02x", cb.data[i]); - printf ("\n"); - } + { + size_t i; + + printf ("- Channel binding 'tls-unique': "); + for (i = 0; i < cb.size; i++) + printf ("%02x", cb.data[i]); + printf ("\n"); + } } /* Warning: Do not print anything more here. The 'Compression:' @@ -531,7 +531,7 @@ print_cert_info (gnutls_session_t session, const char *hostname, int insecure) printf ("Unknown\n"); if (!insecure) - exit (1); + exit (1); break; case GNUTLS_CRT_X509: printf ("X.509\n"); @@ -560,16 +560,16 @@ print_list (int verbose) printf ("Cipher suites:\n"); for (i = 0; (name = gnutls_cipher_suite_info - (i, id, &kx, &cipher, &mac, &version)); i++) + (i, id, &kx, &cipher, &mac, &version)); i++) { - printf ("%-50s\t0x%02x, 0x%02x\t%s\n", - name, - (unsigned char) id[0], (unsigned char) id[1], - gnutls_protocol_get_name (version)); - if (verbose) - printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", - gnutls_kx_get_name (kx), - gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); + printf ("%-50s\t0x%02x, 0x%02x\t%s\n", + name, + (unsigned char) id[0], (unsigned char) id[1], + gnutls_protocol_get_name (version)); + if (verbose) + printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", + gnutls_kx_get_name (kx), + gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); } } @@ -579,11 +579,11 @@ print_list (int verbose) printf ("Certificate types: "); for (; *p; p++) { - printf ("%s", gnutls_certificate_type_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_certificate_type_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -593,11 +593,11 @@ print_list (int verbose) printf ("Protocols: "); for (; *p; p++) { - printf ("%s", gnutls_protocol_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_protocol_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -607,11 +607,11 @@ print_list (int verbose) printf ("Ciphers: "); for (; *p; p++) { - printf ("%s", gnutls_cipher_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_cipher_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -621,11 +621,11 @@ print_list (int verbose) printf ("MACs: "); for (; *p; p++) { - printf ("%s", gnutls_mac_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_mac_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -635,11 +635,11 @@ print_list (int verbose) printf ("Key exchange algorithms: "); for (; *p; p++) { - printf ("%s", gnutls_kx_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_kx_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -649,11 +649,11 @@ print_list (int verbose) printf ("Compression: "); for (; *p; p++) { - printf ("%s", gnutls_compression_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_compression_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -663,11 +663,11 @@ print_list (int verbose) printf ("Public Key Systems: "); for (; *p; p++) { - printf ("%s", gnutls_pk_algorithm_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_pk_algorithm_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } @@ -677,11 +677,11 @@ print_list (int verbose) printf ("PK-signatures: "); for (; *p; p++) { - printf ("%s", gnutls_sign_algorithm_get_name (*p)); - if (*(p + 1)) - printf (", "); - else - printf ("\n"); + printf ("%s", gnutls_sign_algorithm_get_name (*p)); + if (*(p + 1)) + printf (", "); + else + printf ("\n"); } } } @@ -702,18 +702,18 @@ parse_protocols (char **protocols, int protocols_size, int *protocol_priority) DEPRECATED; for (j = i = 0; i < protocols_size; i++) - { - if (strncasecmp (protocols[i], "SSL", 3) == 0) - protocol_priority[j++] = GNUTLS_SSL3; - else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0) - protocol_priority[j++] = GNUTLS_TLS1_1; - else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0) - protocol_priority[j++] = GNUTLS_TLS1_2; - else if (strncasecmp (protocols[i], "TLS", 3) == 0) - protocol_priority[j++] = GNUTLS_TLS1_0; - else - fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]); - } + { + if (strncasecmp (protocols[i], "SSL", 3) == 0) + protocol_priority[j++] = GNUTLS_SSL3; + else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0) + protocol_priority[j++] = GNUTLS_TLS1_1; + else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0) + protocol_priority[j++] = GNUTLS_TLS1_2; + else if (strncasecmp (protocols[i], "TLS", 3) == 0) + protocol_priority[j++] = GNUTLS_TLS1_0; + else + fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]); + } protocol_priority[j] = 0; } } @@ -728,28 +728,28 @@ parse_ciphers (char **ciphers, int nciphers, int *cipher_priority) { DEPRECATED; for (j = i = 0; i < nciphers; i++) - { - if (strncasecmp (ciphers[i], "AES-2", 5) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC; - else if (strncasecmp (ciphers[i], "AES", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC; - else if (strncasecmp (ciphers[i], "3DE", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; - else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0) - cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40; - else if (strcasecmp (ciphers[i], "ARCFOUR") == 0) - cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128; + { + if (strncasecmp (ciphers[i], "AES-2", 5) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC; + else if (strncasecmp (ciphers[i], "AES", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC; + else if (strncasecmp (ciphers[i], "3DE", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; + else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0) + cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40; + else if (strcasecmp (ciphers[i], "ARCFOUR") == 0) + cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128; #ifdef ENABLE_CAMELLIA - else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC; - else if (strncasecmp (ciphers[i], "CAM", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC; + else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC; + else if (strncasecmp (ciphers[i], "CAM", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC; #endif - else if (strncasecmp (ciphers[i], "NUL", 3) == 0) - cipher_priority[j++] = GNUTLS_CIPHER_NULL; - else - fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]); - } + else if (strncasecmp (ciphers[i], "NUL", 3) == 0) + cipher_priority[j++] = GNUTLS_CIPHER_NULL; + else + fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]); + } cipher_priority[j] = 0; } } @@ -764,22 +764,22 @@ parse_macs (char **macs, int nmacs, int *mac_priority) { DEPRECATED; for (j = i = 0; i < nmacs; i++) - { - if (strncasecmp (macs[i], "MD5", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_MD5; - else if (strncasecmp (macs[i], "RMD", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_RMD160; - else if (strncasecmp (macs[i], "SHA512", 6) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA512; - else if (strncasecmp (macs[i], "SHA384", 6) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA384; - else if (strncasecmp (macs[i], "SHA256", 6) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA256; - else if (strncasecmp (macs[i], "SHA", 3) == 0) - mac_priority[j++] = GNUTLS_MAC_SHA1; - else - fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]); - } + { + if (strncasecmp (macs[i], "MD5", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_MD5; + else if (strncasecmp (macs[i], "RMD", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_RMD160; + else if (strncasecmp (macs[i], "SHA512", 6) == 0) + mac_priority[j++] = GNUTLS_MAC_SHA512; + else if (strncasecmp (macs[i], "SHA384", 6) == 0) + mac_priority[j++] = GNUTLS_MAC_SHA384; + else if (strncasecmp (macs[i], "SHA256", 6) == 0) + mac_priority[j++] = GNUTLS_MAC_SHA256; + else if (strncasecmp (macs[i], "SHA", 3) == 0) + mac_priority[j++] = GNUTLS_MAC_SHA1; + else + fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]); + } mac_priority[j] = 0; } } @@ -793,14 +793,14 @@ parse_ctypes (char **ctype, int nctype, int *cert_type_priority) { DEPRECATED; for (j = i = 0; i < nctype; i++) - { - if (strncasecmp (ctype[i], "OPE", 3) == 0) - cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; - else if (strncasecmp (ctype[i], "X", 1) == 0) - cert_type_priority[j++] = GNUTLS_CRT_X509; - else - fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]); - } + { + if (strncasecmp (ctype[i], "OPE", 3) == 0) + cert_type_priority[j++] = GNUTLS_CRT_OPENPGP; + else if (strncasecmp (ctype[i], "X", 1) == 0) + cert_type_priority[j++] = GNUTLS_CRT_X509; + else + fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]); + } cert_type_priority[j] = 0; } } @@ -815,30 +815,30 @@ parse_kx (char **kx, int nkx, int *kx_priority) { DEPRECATED; for (j = i = 0; i < nkx; i++) - { - if (strcasecmp (kx[i], "SRP") == 0) - kx_priority[j++] = GNUTLS_KX_SRP; - else if (strcasecmp (kx[i], "SRP-RSA") == 0) - kx_priority[j++] = GNUTLS_KX_SRP_RSA; - else if (strcasecmp (kx[i], "SRP-DSS") == 0) - kx_priority[j++] = GNUTLS_KX_SRP_DSS; - else if (strcasecmp (kx[i], "RSA") == 0) - kx_priority[j++] = GNUTLS_KX_RSA; - else if (strcasecmp (kx[i], "PSK") == 0) - kx_priority[j++] = GNUTLS_KX_PSK; - else if (strcasecmp (kx[i], "DHE-PSK") == 0) - kx_priority[j++] = GNUTLS_KX_DHE_PSK; - else if (strcasecmp (kx[i], "RSA-EXPORT") == 0) - kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; - else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0) - kx_priority[j++] = GNUTLS_KX_DHE_RSA; - else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0) - kx_priority[j++] = GNUTLS_KX_DHE_DSS; - else if (strncasecmp (kx[i], "ANON", 4) == 0) - kx_priority[j++] = GNUTLS_KX_ANON_DH; - else - fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]); - } + { + if (strcasecmp (kx[i], "SRP") == 0) + kx_priority[j++] = GNUTLS_KX_SRP; + else if (strcasecmp (kx[i], "SRP-RSA") == 0) + kx_priority[j++] = GNUTLS_KX_SRP_RSA; + else if (strcasecmp (kx[i], "SRP-DSS") == 0) + kx_priority[j++] = GNUTLS_KX_SRP_DSS; + else if (strcasecmp (kx[i], "RSA") == 0) + kx_priority[j++] = GNUTLS_KX_RSA; + else if (strcasecmp (kx[i], "PSK") == 0) + kx_priority[j++] = GNUTLS_KX_PSK; + else if (strcasecmp (kx[i], "DHE-PSK") == 0) + kx_priority[j++] = GNUTLS_KX_DHE_PSK; + else if (strcasecmp (kx[i], "RSA-EXPORT") == 0) + kx_priority[j++] = GNUTLS_KX_RSA_EXPORT; + else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0) + kx_priority[j++] = GNUTLS_KX_DHE_RSA; + else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0) + kx_priority[j++] = GNUTLS_KX_DHE_DSS; + else if (strncasecmp (kx[i], "ANON", 4) == 0) + kx_priority[j++] = GNUTLS_KX_ANON_DH; + else + fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]); + } kx_priority[j] = 0; } } @@ -852,18 +852,18 @@ parse_comp (char **comp, int ncomp, int *comp_priority) { DEPRECATED; for (j = i = 0; i < ncomp; i++) - { - if (strncasecmp (comp[i], "NUL", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_NULL; - else if (strncasecmp (comp[i], "ZLI", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_DEFLATE; - else if (strncasecmp (comp[i], "DEF", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_DEFLATE; - else if (strncasecmp (comp[i], "LZO", 3) == 0) - comp_priority[j++] = GNUTLS_COMP_LZO; - else - fprintf (stderr, "Unknown compression: '%s'\n", comp[i]); - } + { + if (strncasecmp (comp[i], "NUL", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_NULL; + else if (strncasecmp (comp[i], "ZLI", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_DEFLATE; + else if (strncasecmp (comp[i], "DEF", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_DEFLATE; + else if (strncasecmp (comp[i], "LZO", 3) == 0) + comp_priority[j++] = GNUTLS_COMP_LZO; + else + fprintf (stderr, "Unknown compression: '%s'\n", comp[i]); + } comp_priority[j] = 0; } } @@ -910,8 +910,8 @@ service_to_port (const char *service) static int pin_callback (void *user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char *pin, - size_t pin_max) + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { const char *password; int len; @@ -920,7 +920,7 @@ pin_callback (void *user, int attempt, const char *token_url, static char cached_pin[32] = ""; printf ("PIN required for token '%s' with URL '%s'\n", token_label, - token_url); + token_url); if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) printf ("*** This is the final try before locking!\n"); if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) @@ -929,10 +929,10 @@ pin_callback (void *user, int attempt, const char *token_url, if (flags == 0 && cached_url != NULL) { if (strcmp (cached_url, token_url) == 0) - { - strcpy (pin, cached_pin); - return 0; - } + { + strcpy (pin, cached_pin); + return 0; + } } password = getpass ("Enter pin: "); diff --git a/src/common.h b/src/common.h index e18ed4b676..78d5e35b51 100644 --- a/src/common.h +++ b/src/common.h @@ -16,7 +16,7 @@ #ifndef __attribute__ #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -#define __attribute__(Spec) /* empty */ +#define __attribute__(Spec) /* empty */ #endif #endif @@ -28,7 +28,7 @@ extern const char str_unknown[]; int print_info (gnutls_session_t state, const char *hostname, int insecure); void print_cert_info (gnutls_session_t state, const char *hostname, - int insecure); + int insecure); void print_list (int verbose); void parse_comp (char **comp, int ncomp, int *comp_priority); @@ -37,7 +37,7 @@ void parse_ctypes (char **ctype, int nctype, int *cert_type_priority); void parse_macs (char **macs, int nmacs, int *mac_priority); void parse_ciphers (char **ciphers, int nciphers, int *cipher_priority); void parse_protocols (char **protocols, int protocols_size, - int *protocol_priority); + int *protocol_priority); const char *raw_to_string (const unsigned char *raw, size_t raw_size); int service_to_port (const char *service); void pkcs11_common (void); diff --git a/src/crypt.c b/src/crypt.c index b4545612c9..26736837d5 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -27,7 +27,7 @@ #include <gnutls/gnutls.h> #include <gnutls/extra.h> #include <crypt-gaa.h> -#include "../lib/random.h" /* for random */ +#include "../lib/random.h" /* for random */ #include <sys/types.h> #include <sys/stat.h> @@ -50,13 +50,13 @@ */ int crypt_int (const char *username, const char *passwd, int salt, - char *tpasswd_conf, char *tpasswd, int uindex); + char *tpasswd_conf, char *tpasswd, int uindex); static int read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, - char *str); + char *str); static int _verify_passwd_int (const char *username, const char *passwd, - char *verifier, char *salt, - const gnutls_datum_t * g, - const gnutls_datum_t * n); + char *verifier, char *salt, + const gnutls_datum_t * g, + const gnutls_datum_t * n); static void print_num (const char *msg, const gnutls_datum_t * num) @@ -68,9 +68,9 @@ print_num (const char *msg, const gnutls_datum_t * num) for (i = 0; i < num->size; i++) { if (i != 0 && i % 12 == 0) - printf ("\n\t"); + printf ("\n\t"); else if (i != 0 && i != num->size) - printf (":"); + printf (":"); printf ("%.2x", num->data[i]); } printf ("\n\n"); @@ -97,36 +97,36 @@ generate_create_conf (char *tpasswd_conf) { if (index == 1) - { - n = gnutls_srp_1024_group_prime; - g = gnutls_srp_1024_group_generator; - } + { + n = gnutls_srp_1024_group_prime; + g = gnutls_srp_1024_group_generator; + } else if (index == 2) - { - n = gnutls_srp_1536_group_prime; - g = gnutls_srp_1536_group_generator; - } + { + n = gnutls_srp_1536_group_prime; + g = gnutls_srp_1536_group_generator; + } else - { - n = gnutls_srp_2048_group_prime; - g = gnutls_srp_2048_group_generator; - } + { + n = gnutls_srp_2048_group_prime; + g = gnutls_srp_2048_group_generator; + } printf ("\nGroup %d, of %d bits:\n", index, n.size * 8); print_num ("Generator", &g); print_num ("Prime", &n); if (gnutls_srp_base64_encode_alloc (&n, &str_n) < 0) - { - fprintf (stderr, "Could not encode\n"); - return -1; - } + { + fprintf (stderr, "Could not encode\n"); + return -1; + } if (gnutls_srp_base64_encode_alloc (&g, &str_g) < 0) - { - fprintf (stderr, "Could not encode\n"); - return -1; - } + { + fprintf (stderr, "Could not encode\n"); + return -1; + } sprintf (line, "%d:%s:%s\n", index, str_n.data, str_g.data); @@ -150,8 +150,8 @@ generate_create_conf (char *tpasswd_conf) */ static int _verify_passwd_int (const char *username, const char *passwd, - char *verifier, char *salt, - const gnutls_datum_t * g, const gnutls_datum_t * n) + char *verifier, char *salt, + const gnutls_datum_t * g, const gnutls_datum_t * n) { char _salt[1024]; gnutls_datum_t tmp, raw_salt, new_verifier; @@ -236,7 +236,7 @@ filecopy (char *src, char *dst) { p = fgets (line, sizeof (line) - 1, fd2); if (p == NULL) - break; + break; fputs (line, fd); } @@ -269,17 +269,17 @@ find_strchr (char *username, char *file) /* move to first ':' */ i = 0; while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } + { + i++; + } if (strncmp (username, line, MAX (i, strlen (username))) == 0) - { - /* find the index */ - pos = strrchr (line, ':'); - pos++; - fclose (fd); - return atoi (pos); - } + { + /* find the index */ + pos = strrchr (line, ':'); + pos++; + fclose (fd); + return atoi (pos); + } } fclose (fd); @@ -291,7 +291,7 @@ find_strchr (char *username, char *file) */ static int verify_passwd (char *conffile, char *tpasswd, char *username, - const char *passwd) + const char *passwd) { FILE *fd; char line[5 * 1024]; @@ -349,36 +349,36 @@ verify_passwd (char *conffile, char *tpasswd, char *username, */ i = 0; while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line))) - { - i++; - } + { + i++; + } if (strncmp (username, line, MAX (i, strlen (username))) == 0) - { - char *verifier_pos, *salt_pos; - - pos = strchr (line, ':'); - fclose (fd); - if (pos == NULL) - { - fprintf (stderr, "Cannot parse conf file '%s'\n", conffile); - return -1; - } - pos++; - verifier_pos = pos; - - /* Move to the salt */ - pos = strchr (pos, ':'); - if (pos == NULL) - { - fprintf (stderr, "Cannot parse conf file '%s'\n", conffile); - return -1; - } - pos++; - salt_pos = pos; - - return _verify_passwd_int (username, passwd, - verifier_pos, salt_pos, &g, &n); - } + { + char *verifier_pos, *salt_pos; + + pos = strchr (line, ':'); + fclose (fd); + if (pos == NULL) + { + fprintf (stderr, "Cannot parse conf file '%s'\n", conffile); + return -1; + } + pos++; + verifier_pos = pos; + + /* Move to the salt */ + pos = strchr (pos, ':'); + if (pos == NULL) + { + fprintf (stderr, "Cannot parse conf file '%s'\n", conffile); + return -1; + } + pos++; + salt_pos = pos; + + return _verify_passwd_int (username, passwd, + verifier_pos, salt_pos, &g, &n); + } } fclose (fd); @@ -429,10 +429,10 @@ main (int argc, char **argv) pwd = getpwuid (getuid ()); if (pwd == NULL) - { - fprintf (stderr, "No such user\n"); - return -1; - } + { + fprintf (stderr, "No such user\n"); + return -1; + } info.username = pwd->pw_name; #else @@ -454,18 +454,18 @@ main (int argc, char **argv) if (info.verify != 0) { return verify_passwd (info.passwd_conf, info.passwd, - info.username, passwd); + info.username, passwd); } return crypt_int (info.username, passwd, salt_size, - info.passwd_conf, info.passwd, info.index); + info.passwd_conf, info.passwd, info.index); } static char * _srp_crypt (const char *username, const char *passwd, int salt_size, - const gnutls_datum_t * g, const gnutls_datum_t * n) + const gnutls_datum_t * g, const gnutls_datum_t * n) { char salt[128]; static char result[1024]; @@ -519,7 +519,7 @@ _srp_crypt (const char *username, const char *passwd, int salt_size, int crypt_int (const char *username, const char *passwd, int salt_size, - char *tpasswd_conf, char *tpasswd, int uindex) + char *tpasswd_conf, char *tpasswd, int uindex) { FILE *fd; char *cr; @@ -537,7 +537,7 @@ crypt_int (const char *username, const char *passwd, int salt_size, } do - { /* find the specified uindex in file */ + { /* find the specified uindex in file */ p = fgets (line, sizeof (line) - 1, fd); iindex = atoi (p); } @@ -571,69 +571,69 @@ crypt_int (const char *username, const char *passwd, int salt_size, int put; if (strlen (tpasswd) > sizeof (tmpname) + 5) - { - fprintf (stderr, "file '%s' is tooooo long\n", tpasswd); - return -1; - } + { + fprintf (stderr, "file '%s' is tooooo long\n", tpasswd); + return -1; + } strcpy (tmpname, tpasswd); strcat (tmpname, ".tmp"); if (stat (tmpname, &st) != -1) - { - fprintf (stderr, "file '%s' is locked\n", tpasswd); - return -1; - } + { + fprintf (stderr, "file '%s' is locked\n", tpasswd); + return -1; + } if (filecopy (tpasswd, tmpname) != 0) - { - fprintf (stderr, "Cannot copy '%s' to '%s'\n", tpasswd, tmpname); - return -1; - } + { + fprintf (stderr, "Cannot copy '%s' to '%s'\n", tpasswd, tmpname); + return -1; + } fd = fopen (tpasswd, "w"); if (fd == NULL) - { - fprintf (stderr, "Cannot open '%s' for write\n", tpasswd); - remove (tmpname); - return -1; - } + { + fprintf (stderr, "Cannot open '%s' for write\n", tpasswd); + remove (tmpname); + return -1; + } fd2 = fopen (tmpname, "r"); if (fd2 == NULL) - { - fprintf (stderr, "Cannot open '%s' for read\n", tmpname); - remove (tmpname); - return -1; - } + { + fprintf (stderr, "Cannot open '%s' for read\n", tmpname); + remove (tmpname); + return -1; + } put = 0; do - { - p = fgets (line, sizeof (line) - 1, fd2); - if (p == NULL) - break; - - pp = strchr (line, ':'); - if (pp == NULL) - continue; - - if (strncmp (p, username, - MAX (strlen (username), (unsigned int) (pp - p))) == 0) - { - put = 1; - fprintf (fd, "%s:%s:%u\n", username, cr, iindex); - } - else - { - fputs (line, fd); - } - } + { + p = fgets (line, sizeof (line) - 1, fd2); + if (p == NULL) + break; + + pp = strchr (line, ':'); + if (pp == NULL) + continue; + + if (strncmp (p, username, + MAX (strlen (username), (unsigned int) (pp - p))) == 0) + { + put = 1; + fprintf (fd, "%s:%s:%u\n", username, cr, iindex); + } + else + { + fputs (line, fd); + } + } while (1); if (put == 0) - { - fprintf (fd, "%s:%s:%u\n", username, cr, iindex); - } + { + fprintf (fd, "%s:%s:%u\n", username, cr, iindex); + } fclose (fd); fclose (fd2); @@ -661,7 +661,7 @@ read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str) index = atoi (str); - p = strrchr (str, ':'); /* we have g */ + p = strrchr (str, ':'); /* we have g */ if (p == NULL) { return -1; @@ -686,7 +686,7 @@ read_conf_values (gnutls_datum_t * g, gnutls_datum_t * n, char *str) } /* now go for n - modulo */ - p = strrchr (str, ':'); /* we have n */ + p = strrchr (str, ':'); /* we have n */ if (p == NULL) { return -1; @@ -719,5 +719,5 @@ srptool_version (void) if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) p = PACKAGE_STRING; version_etc (stdout, "srptool", p, gnutls_check_version (NULL), - "Nikos Mavrogiannopoulos", (char *) NULL); + "Nikos Mavrogiannopoulos", (char *) NULL); } diff --git a/src/p11tool.c b/src/p11tool.c index cca778118c..01255314bf 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -84,7 +84,7 @@ gaa_parser (int argc, char **argv) if (gaa (argc, argv, &info) != -1) { fprintf (stderr, "Try `%s --help' for more information.\n", - program_name); + program_name); exit (1); } @@ -100,27 +100,27 @@ gaa_parser (int argc, char **argv) { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_MANUAL, NULL); if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); else - { - ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); - if (ret < 0) - error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", - gnutls_strerror (ret)); - } + { + ret = gnutls_pkcs11_add_provider (info.pkcs11_provider, NULL); + if (ret < 0) + error (EXIT_FAILURE, 0, "pkcs11_add_provider: %s", + gnutls_strerror (ret)); + } } else { ret = gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL); if (ret < 0) - fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); + fprintf (stderr, "pkcs11_init: %s", gnutls_strerror (ret)); } if (info.outfile) { outfile = safe_open_rw (info.outfile, 0); if (outfile == NULL) - error (EXIT_FAILURE, errno, "%s", info.outfile); + error (EXIT_FAILURE, errno, "%s", info.outfile); } else outfile = stdout; @@ -136,21 +136,21 @@ gaa_parser (int argc, char **argv) { case ACTION_PKCS11_LIST: pkcs11_list (outfile, info.pkcs11_url, info.pkcs11_type, - info.pkcs11_login, info.pkcs11_detailed_url, &cinfo); + info.pkcs11_login, info.pkcs11_detailed_url, &cinfo); break; case ACTION_PKCS11_TOKENS: pkcs11_token_list (outfile, info.pkcs11_detailed_url, &cinfo); break; case ACTION_PKCS11_MECHANISMS: pkcs11_mechanism_list (outfile, info.pkcs11_url, info.pkcs11_login, - &cinfo); + &cinfo); break; case ACTION_PKCS11_EXPORT_URL: pkcs11_export (outfile, info.pkcs11_url, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_WRITE_URL: pkcs11_write (outfile, info.pkcs11_url, info.pkcs11_label, - info.pkcs11_trusted, info.pkcs11_login, &cinfo); + info.pkcs11_trusted, info.pkcs11_login, &cinfo); break; case ACTION_PKCS11_TOKEN_INIT: pkcs11_init (outfile, info.pkcs11_url, info.pkcs11_label, &cinfo); diff --git a/src/p11tool.h b/src/p11tool.h index dc034a6984..ec48c79a4a 100644 --- a/src/p11tool.h +++ b/src/p11tool.h @@ -4,20 +4,20 @@ #include "certtool-common.h" void pkcs11_list (FILE * outfile, const char *url, int type, - unsigned int login, unsigned int detailed, - common_info_st *); + unsigned int login, unsigned int detailed, + common_info_st *); void pkcs11_mechanism_list (FILE * outfile, const char *url, - unsigned int login, common_info_st *); + unsigned int login, common_info_st *); void pkcs11_export (FILE * outfile, const char *pkcs11_url, - unsigned int login, common_info_st *); + unsigned int login, common_info_st *); void pkcs11_token_list (FILE * outfile, unsigned int detailed, - common_info_st *); + common_info_st *); void pkcs11_write (FILE * outfile, const char *pkcs11_url, const char *label, - int trusted, unsigned int login, common_info_st *); + int trusted, unsigned int login, common_info_st *); void pkcs11_delete (FILE * outfile, const char *pkcs11_url, int batch, - unsigned int login, common_info_st *); + unsigned int login, common_info_st *); void pkcs11_init (FILE * outfile, const char *pkcs11_url, const char *label, - common_info_st *); + common_info_st *); #define PKCS11_TYPE_CRT_ALL 1 #define PKCS11_TYPE_TRUSTED 2 diff --git a/src/pkcs11.c b/src/pkcs11.c index 87fd113164..c6aceb5c5a 100644 --- a/src/pkcs11.c +++ b/src/pkcs11.c @@ -35,8 +35,8 @@ static int pin_callback (void *user, int attempt, const char *token_url, - const char *token_label, unsigned int flags, char *pin, - size_t pin_max) + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) { const char *password; int len; @@ -45,7 +45,7 @@ pin_callback (void *user, int attempt, const char *token_url, static char cached_pin[32] = ""; printf ("PIN required for token '%s' with URL '%s'\n", token_label, - token_url); + token_url); if (flags & GNUTLS_PKCS11_PIN_FINAL_TRY) printf ("*** This is the final try before locking!\n"); if (flags & GNUTLS_PKCS11_PIN_COUNT_LOW) @@ -54,10 +54,10 @@ pin_callback (void *user, int attempt, const char *token_url, if (flags == 0 && cached_url != NULL) { if (strcmp (cached_url, token_url) == 0) - { - strcpy (pin, cached_pin); - return 0; - } + { + strcpy (pin, cached_pin); + return 0; + } } password = getpass ("Enter pin: "); @@ -89,7 +89,7 @@ pkcs11_common (void) void pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, - common_info_st * info) + common_info_st * info) { int ret; unsigned int obj_flags = 0; @@ -100,20 +100,20 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, if (!batch) { pkcs11_list (outfile, url, PKCS11_TYPE_ALL, login, - GNUTLS_PKCS11_URL_LIB, info); + GNUTLS_PKCS11_URL_LIB, info); ret = - read_yesno ("Are you sure you want to delete those objects? (y/N): "); + read_yesno ("Are you sure you want to delete those objects? (y/N): "); if (ret == 0) - { - exit (1); - } + { + exit (1); + } } ret = gnutls_pkcs11_delete_url (url, obj_flags); if (ret < 0) { fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -126,7 +126,7 @@ pkcs11_delete (FILE * outfile, const char *url, int batch, unsigned int login, */ void pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, - unsigned int detailed, common_info_st * info) + unsigned int detailed, common_info_st * info) { gnutls_pkcs11_obj_t *crt_list; gnutls_x509_crt_t xcrt; @@ -176,11 +176,11 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, } ret = gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, - attrs, obj_flags); + attrs, obj_flags); if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { fprintf (stderr, "Error in crt_list_import (1): %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -194,20 +194,20 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, { crt_list = realloc (crt_list, sizeof (*crt_list) * crt_list_size); if (crt_list == NULL) - { - fprintf (stderr, "Memory error\n"); - exit (1); - } + { + fprintf (stderr, "Memory error\n"); + exit (1); + } ret = - gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, - attrs, obj_flags); + gnutls_pkcs11_obj_list_import_url (crt_list, &crt_list_size, url, + attrs, obj_flags); if (ret < 0) - { - fprintf (stderr, "Error in crt_list_import: %s\n", - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in crt_list_import: %s\n", + gnutls_strerror (ret)); + exit (1); + } } for (i = 0; i < crt_list_size; i++) @@ -217,73 +217,73 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, ret = gnutls_pkcs11_obj_export_url (crt_list[i], detailed, &output); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output); fprintf (outfile, "\tType: %s\n", - gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type - (crt_list[i]))); + gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type + (crt_list[i]))); size = sizeof (buf); ret = - gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, - &size); + gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_LABEL, buf, + &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "\tLabel: %s\n", buf); size = sizeof (buf); ret = - gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, - buf, &size); + gnutls_pkcs11_obj_get_info (crt_list[i], GNUTLS_PKCS11_OBJ_ID_HEX, + buf, &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "\tID: %s\n\n", buf); if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL - || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) - continue; + || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY) + continue; ret = gnutls_x509_crt_init (&xcrt); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt_list[i]); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } #if 0 size = buffer_size; ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fwrite (buffer, 1, size, outfile); fputs ("\n\n", outfile); @@ -299,7 +299,7 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login, void pkcs11_export (FILE * outfile, const char *url, unsigned int login, - common_info_st * info) + common_info_st * info) { gnutls_pkcs11_obj_t crt; gnutls_x509_crt_t xcrt; @@ -320,7 +320,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login, if (ret < 0) { fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -328,7 +328,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login, if (ret < 0) { fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -337,28 +337,28 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login, case GNUTLS_PKCS11_OBJ_X509_CRT: ret = gnutls_x509_crt_init (&xcrt); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } ret = gnutls_x509_crt_import_pkcs11 (xcrt, crt); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } size = buffer_size; ret = gnutls_x509_crt_export (xcrt, GNUTLS_X509_FMT_PEM, buffer, &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fwrite (buffer, 1, size, outfile); gnutls_x509_crt_deinit (xcrt); @@ -366,58 +366,58 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login, case GNUTLS_PKCS11_OBJ_PUBKEY: ret = gnutls_pubkey_init (&pubkey); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } ret = gnutls_pubkey_import_pkcs11 (pubkey, crt, 0); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } size = buffer_size; ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fwrite (buffer, 1, size, outfile); gnutls_pubkey_deinit (pubkey); break; default: { - gnutls_datum data, enc; - - size = buffer_size; - ret = gnutls_pkcs11_obj_export (crt, buffer, &size); - if (ret < 0) - { - break; - } - - data.data = buffer; - data.size = size; - - ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc); - if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } - - fwrite (enc.data, 1, enc.size, outfile); - - gnutls_free (enc.data); - break; + gnutls_datum data, enc; + + size = buffer_size; + ret = gnutls_pkcs11_obj_export (crt, buffer, &size); + if (ret < 0) + { + break; + } + + data.data = buffer; + data.size = size; + + ret = gnutls_pem_base64_encode_alloc ("DATA", &data, &enc); + if (ret < 0) + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } + + fwrite (enc.data, 1, enc.size, outfile); + + gnutls_free (enc.data); + break; } } fputs ("\n\n", outfile); @@ -431,7 +431,7 @@ pkcs11_export (FILE * outfile, const char *url, unsigned int login, void pkcs11_token_list (FILE * outfile, unsigned int detailed, - common_info_st * info) + common_info_st * info) { int ret; int i; @@ -445,66 +445,66 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed, { ret = gnutls_pkcs11_token_get_url (i, detailed, &url); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + break; if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "Token %d:\n\tURL: %s\n", i, url); size = sizeof (buf); ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf, - &size); + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_LABEL, buf, + &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "\tLabel: %s\n", buf); size = sizeof (buf); ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, - buf, &size); + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MANUFACTURER, + buf, &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "\tManufacturer: %s\n", buf); size = sizeof (buf); ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf, - &size); + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_MODEL, buf, + &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "\tModel: %s\n", buf); size = sizeof (buf); ret = - gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, - &size); + gnutls_pkcs11_token_get_info (url, GNUTLS_PKCS11_TOKEN_SERIAL, buf, + &size); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } fprintf (outfile, "\tSerial: %s\n", buf); fprintf (outfile, "\n\n"); @@ -518,7 +518,7 @@ pkcs11_token_list (FILE * outfile, unsigned int detailed, void pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, - unsigned int login, common_info_st * info) + unsigned int login, common_info_st * info) { gnutls_x509_crt_t xcrt; gnutls_x509_privkey_t xkey; @@ -539,29 +539,29 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, if (secret_key != NULL) { ret = - gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage, - flags | - GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + gnutls_pkcs11_copy_secret_key (url, secret_key, label, key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } } xcrt = load_cert (0, info); if (xcrt != NULL) { if (trusted) - flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; ret = gnutls_pkcs11_copy_x509_crt (url, xcrt, label, flags); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } gnutls_x509_crt_get_key_usage (xcrt, &key_usage, NULL); } @@ -570,21 +570,21 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, if (xkey != NULL) { ret = - gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage, - flags | - GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); + gnutls_pkcs11_copy_x509_privkey (url, xkey, label, key_usage, + flags | + GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE); if (ret < 0) - { - fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, + gnutls_strerror (ret)); + exit (1); + } } if (xkey == NULL && xcrt == NULL && secret_key == NULL) { fprintf (stderr, - "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n"); + "You must use --load-privkey, --load-certificate or --secret-key to load the file to be copied\n"); exit (1); } @@ -593,7 +593,7 @@ pkcs11_write (FILE * outfile, const char *url, const char *label, int trusted, void pkcs11_init (FILE * outfile, const char *url, const char *label, - common_info_st * info) + common_info_st * info) { int ret; char *pin; @@ -621,7 +621,7 @@ pkcs11_init (FILE * outfile, const char *url, const char *label, if (ret < 0) { fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -629,7 +629,7 @@ pkcs11_init (FILE * outfile, const char *url, const char *label, if (ret < 0) { fprintf (stderr, "Error in %s:%d: %s\n", __func__, __LINE__, - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -844,7 +844,7 @@ const char *mech_list[] = { void pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login, - common_info_st * info) + common_info_st * info) { int ret; int idx; @@ -865,15 +865,15 @@ pkcs11_mechanism_list (FILE * outfile, const char *url, unsigned int login, { ret = gnutls_pkcs11_token_get_mechanism (url, idx++, &mechanism); if (ret >= 0) - { - str = NULL; - if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0])) - str = mech_list[mechanism]; - if (str == NULL) - str = "UNKNOWN"; - - fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str); - } + { + str = NULL; + if (mechanism <= sizeof (mech_list) / sizeof (mech_list[0])) + str = mech_list[mechanism]; + if (str == NULL) + str = "UNKNOWN"; + + fprintf (outfile, "[0x%.4lx] %s\n", mechanism, str); + } } while (ret >= 0); diff --git a/src/prime.c b/src/prime.c index 41f64a7e3e..4c4efd3440 100644 --- a/src/prime.c +++ b/src/prime.c @@ -58,46 +58,46 @@ generate_prime (int how) { ret = gnutls_dh_params_generate2 (dh_params, bits); if (ret < 0) - { - fprintf (stderr, "Error generating parameters: %s\n", - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error generating parameters: %s\n", + gnutls_strerror (ret)); + exit (1); + } ret = gnutls_dh_params_export_raw (dh_params, &p, &g, NULL); if (ret < 0) - { - fprintf (stderr, "Error exporting parameters: %s\n", - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error exporting parameters: %s\n", + gnutls_strerror (ret)); + exit (1); + } } else { #ifdef ENABLE_SRP if (bits <= 1024) - { - p = gnutls_srp_1024_group_prime; - g = gnutls_srp_1024_group_generator; - } + { + p = gnutls_srp_1024_group_prime; + g = gnutls_srp_1024_group_generator; + } else if (bits <= 1536) - { - p = gnutls_srp_1536_group_prime; - g = gnutls_srp_1536_group_generator; - } + { + p = gnutls_srp_1536_group_prime; + g = gnutls_srp_1536_group_generator; + } else - { - p = gnutls_srp_2048_group_prime; - g = gnutls_srp_2048_group_generator; - } + { + p = gnutls_srp_2048_group_prime; + g = gnutls_srp_2048_group_generator; + } ret = gnutls_dh_params_import_raw (dh_params, &p, &g); if (ret < 0) - { - fprintf (stderr, "Error exporting parameters: %s\n", - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error exporting parameters: %s\n", + gnutls_strerror (ret)); + exit (1); + } #else fprintf (stderr, "Parameters unavailable as SRP disabled.\n"); #endif @@ -110,13 +110,13 @@ generate_prime (int how) fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size); for (i = 0; i < g.size; i++) - { - if (i % 7 == 0) - fprintf (outfile, "\n\t"); - fprintf (outfile, "0x%.2x", g.data[i]); - if (i != g.size - 1) - fprintf (outfile, ", "); - } + { + if (i % 7 == 0) + fprintf (outfile, "\n\t"); + fprintf (outfile, "0x%.2x", g.data[i]); + if (i != g.size - 1) + fprintf (outfile, ", "); + } fprintf (outfile, "\n};\n\n"); } @@ -125,14 +125,14 @@ generate_prime (int how) fprintf (outfile, "\nGenerator: "); for (i = 0; i < g.size; i++) - { - if (i != 0 && i % 12 == 0) - fprintf (outfile, "\n\t"); - else if (i != 0 && i != g.size) - fprintf (outfile, ":"); + { + if (i != 0 && i % 12 == 0) + fprintf (outfile, "\n\t"); + else if (i != 0 && i != g.size) + fprintf (outfile, ":"); - fprintf (outfile, "%.2x", g.data[i]); - } + fprintf (outfile, "%.2x", g.data[i]); + } fprintf (outfile, "\n\n"); } @@ -145,13 +145,13 @@ generate_prime (int how) fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size); for (i = 0; i < p.size; i++) - { - if (i % 7 == 0) - fprintf (outfile, "\n\t"); - fprintf (outfile, "0x%.2x", p.data[i]); - if (i != p.size - 1) - fprintf (outfile, ", "); - } + { + if (i % 7 == 0) + fprintf (outfile, "\n\t"); + fprintf (outfile, "0x%.2x", p.data[i]); + if (i != p.size - 1) + fprintf (outfile, ", "); + } fprintf (outfile, "\n};\n"); } @@ -160,34 +160,34 @@ generate_prime (int how) fprintf (outfile, "Prime: "); for (i = 0; i < p.size; i++) - { - if (i != 0 && i % 12 == 0) - fprintf (outfile, "\n\t"); - else if (i != 0 && i != p.size) - fprintf (outfile, ":"); - fprintf (outfile, "%.2x", p.data[i]); - } + { + if (i != 0 && i % 12 == 0) + fprintf (outfile, "\n\t"); + else if (i != 0 && i != p.size) + fprintf (outfile, ":"); + fprintf (outfile, "%.2x", p.data[i]); + } fprintf (outfile, "\n\n"); } if (!cparams) - { /* generate a PKCS#3 structure */ + { /* generate a PKCS#3 structure */ size_t len = buffer_size; ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM, - buffer, &len); + buffer, &len); if (ret == 0) - { - fprintf (outfile, "\n%s", buffer); - } + { + fprintf (outfile, "\n%s", buffer); + } else - { - fprintf (stderr, "Error: %s\n", gnutls_strerror (ret)); - } + { + fprintf (stderr, "Error: %s\n", gnutls_strerror (ret)); + } } @@ -44,7 +44,7 @@ main (int argc, char **argv) #include <gnutls/extra.h> #include <psk-gaa.h> -#include "../lib/random.h" /* for random */ +#include "../lib/random.h" /* for random */ #include <sys/types.h> #include <sys/stat.h> @@ -61,7 +61,7 @@ main (int argc, char **argv) #include "getpass.h" static int write_key (const char *username, const char *key, int key_size, - char *passwd_file); + char *passwd_file); #define KPASSWD "/etc/passwd.psk" #define MAX_KEY_SIZE 64 @@ -101,10 +101,10 @@ main (int argc, char **argv) pwd = getpwuid (getuid ()); if (pwd == NULL) - { - fprintf (stderr, "No such user\n"); - return -1; - } + { + fprintf (stderr, "No such user\n"); + return -1; + } info.username = pwd->pw_name; #else @@ -175,7 +175,7 @@ filecopy (char *src, char *dst) { p = fgets (line, sizeof (line) - 1, fd2); if (p == NULL) - break; + break; fputs (line, fd); } @@ -189,7 +189,7 @@ filecopy (char *src, char *dst) static int write_key (const char *username, const char *key, int key_size, - char *passwd_file) + char *passwd_file) { FILE *fd; char line[5 * 1024]; @@ -243,22 +243,22 @@ write_key (const char *username, const char *key, int key_size, { p = fgets (line, sizeof (line) - 1, fd2); if (p == NULL) - break; + break; pp = strchr (line, ':'); if (pp == NULL) - continue; + continue; if (strncmp (p, username, - MAX (strlen (username), (unsigned int) (pp - p))) == 0) - { - put = 1; - fprintf (fd, "%s:%s\n", username, key); - } + MAX (strlen (username), (unsigned int) (pp - p))) == 0) + { + put = 1; + fprintf (fd, "%s:%s\n", username, key); + } else - { - fputs (line, fd); - } + { + fputs (line, fd); + } } while (1); @@ -287,5 +287,5 @@ psktool_version (void) if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) p = PACKAGE_STRING; version_etc (stdout, "psktool", p, gnutls_check_version (NULL), - "Nikos Mavrogiannopoulos", (char *) NULL); + "Nikos Mavrogiannopoulos", (char *) NULL); } diff --git a/src/serv.c b/src/serv.c index 7834139d6d..3d348d2cd2 100644 --- a/src/serv.c +++ b/src/serv.c @@ -126,11 +126,11 @@ static int wrap_db_delete (void *dbf, gnutls_datum_t key); #define HTTP_STATE_CLOSING 3 LIST_TYPE_DECLARE (listener_item, char *http_request; char *http_response; - int request_length; int response_length; - int response_written; int http_state; - int listen_socket; int fd; - gnutls_session_t tls_session; - int handshake_ok; + int request_length; int response_length; + int response_written; int http_state; + int listen_socket; int fd; + gnutls_session_t tls_session; + int handshake_ok; ); static const char * @@ -259,7 +259,7 @@ static_dh_params (void) } ret = gnutls_dh_params_import_pkcs3 (dh_params, ¶ms, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (ret < 0) { @@ -274,19 +274,19 @@ static_dh_params (void) static int get_params (gnutls_session_t session, gnutls_params_type_t type, - gnutls_params_st * st) + gnutls_params_st * st) { if (type == GNUTLS_PARAMS_RSA_EXPORT) { if (rsa_params == NULL) - return -1; + return -1; st->params.rsa_export = rsa_params; } else if (type == GNUTLS_PARAMS_DH) { if (dh_params == NULL) - return -1; + return -1; st->params.dh = dh_params; } else @@ -392,9 +392,9 @@ initialize_session (void) else { if (require_cert) - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE); + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE); else - gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); + gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); } return session; @@ -412,7 +412,7 @@ static const char DEFAULT_DATA[] = #define tmp2 &http_buffer[strlen(http_buffer)], len-strlen(http_buffer) static char * peer_print_info (gnutls_session_t session, int *ret_length, - const char *header) + const char *header) { const char *tmp; unsigned char sesid[32]; @@ -427,14 +427,14 @@ peer_print_info (gnutls_session_t session, int *ret_length, { http_buffer = malloc (len); if (http_buffer == NULL) - return NULL; + return NULL; strcpy (http_buffer, HTTP_BEGIN); strcpy (&http_buffer[sizeof (HTTP_BEGIN) - 1], DEFAULT_DATA); strcpy (&http_buffer[sizeof (HTTP_BEGIN) + sizeof (DEFAULT_DATA) - 2], - HTTP_END); + HTTP_END); *ret_length = - sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3; + sizeof (DEFAULT_DATA) + sizeof (HTTP_BEGIN) + sizeof (HTTP_END) - 3; return http_buffer; } @@ -447,29 +447,29 @@ peer_print_info (gnutls_session_t session, int *ret_length, cert_list = gnutls_certificate_get_peers (session, &cert_list_size); for (i = 0; i < cert_list_size; i++) - { - gnutls_x509_crt_t cert; - gnutls_datum_t info; - - if (gnutls_x509_crt_init (&cert) == 0 && - gnutls_x509_crt_import (cert, &cert_list[i], - GNUTLS_X509_FMT_DER) == 0 && - gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_FULL, &info) == 0) - { - const char *post = "</PRE><P><PRE>"; - - crtinfo = realloc (crtinfo, ncrtinfo + info.size + - strlen (post) + 1); - if (crtinfo == NULL) - return NULL; - memcpy (crtinfo + ncrtinfo, info.data, info.size); - ncrtinfo += info.size; - memcpy (crtinfo + ncrtinfo, post, strlen (post)); - ncrtinfo += strlen (post); - crtinfo[ncrtinfo] = '\0'; - gnutls_free (info.data); - } - } + { + gnutls_x509_crt_t cert; + gnutls_datum_t info; + + if (gnutls_x509_crt_init (&cert) == 0 && + gnutls_x509_crt_import (cert, &cert_list[i], + GNUTLS_X509_FMT_DER) == 0 && + gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_FULL, &info) == 0) + { + const char *post = "</PRE><P><PRE>"; + + crtinfo = realloc (crtinfo, ncrtinfo + info.size + + strlen (post) + 1); + if (crtinfo == NULL) + return NULL; + memcpy (crtinfo + ncrtinfo, info.data, info.size); + ncrtinfo += info.size; + memcpy (crtinfo + ncrtinfo, post, strlen (post)); + ncrtinfo += strlen (post); + crtinfo[ncrtinfo] = '\0'; + gnutls_free (info.data); + } + } } http_buffer = malloc (len); @@ -488,8 +488,8 @@ peer_print_info (gnutls_session_t session, int *ret_length, snprintf (tmp2, "%.2X", sesid[i]); snprintf (tmp2, "</i></p>\n"); snprintf (tmp2, - "<h5>If your browser supports session resuming, then you should see the " - "same session ID, when you press the <b>reload</b> button.</h5>\n"); + "<h5>If your browser supports session resuming, then you should see the " + "same session ID, when you press the <b>reload</b> button.</h5>\n"); /* Here unlike print_info() we use the kx algorithm to distinguish * the functions to call. @@ -501,7 +501,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0) { - snprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns); + snprintf (tmp2, "\n<p>Server Name: %s</p>\n", dns); } } @@ -513,7 +513,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, if (kx_alg == GNUTLS_KX_SRP) { snprintf (tmp2, "<p>Connected as user '%s'.</p>\n", - gnutls_srp_server_get_username (session)); + gnutls_srp_server_get_username (session)); } #endif @@ -521,7 +521,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, if (kx_alg == GNUTLS_KX_PSK) { snprintf (tmp2, "<p>Connected as user '%s'.</p>\n", - gnutls_psk_server_get_username (session)); + gnutls_psk_server_get_username (session)); } #endif @@ -529,16 +529,16 @@ peer_print_info (gnutls_session_t session, int *ret_length, if (kx_alg == GNUTLS_KX_ANON_DH) { snprintf (tmp2, - "<p> Connect using anonymous DH (prime of %d bits)</p>\n", - gnutls_dh_get_prime_bits (session)); + "<p> Connect using anonymous DH (prime of %d bits)</p>\n", + gnutls_dh_get_prime_bits (session)); } #endif if (kx_alg == GNUTLS_KX_DHE_RSA || kx_alg == GNUTLS_KX_DHE_DSS) { snprintf (tmp2, - "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", - gnutls_dh_get_prime_bits (session)); + "Ephemeral DH using prime of <b>%d</b> bits.<br>\n", + gnutls_dh_get_prime_bits (session)); } /* print session information */ @@ -548,18 +548,18 @@ peer_print_info (gnutls_session_t session, int *ret_length, if (tmp == NULL) tmp = str_unknown; snprintf (tmp2, - "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n", - tmp); + "<TABLE border=1><TR><TD>Protocol version:</TD><TD>%s</TD></TR>\n", + tmp); if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE) { tmp = - gnutls_certificate_type_get_name (gnutls_certificate_type_get - (session)); + gnutls_certificate_type_get_name (gnutls_certificate_type_get + (session)); if (tmp == NULL) - tmp = str_unknown; + tmp = str_unknown; snprintf (tmp2, "<TR><TD>Certificate Type:</TD><TD>%s</TD></TR>\n", - tmp); + tmp); } tmp = gnutls_kx_get_name (kx_alg); @@ -583,12 +583,12 @@ peer_print_info (gnutls_session_t session, int *ret_length, snprintf (tmp2, "<TR><TD>MAC</TD><TD>%s</TD></TR>\n", tmp); tmp = gnutls_cipher_suite_get_name (kx_alg, - gnutls_cipher_get (session), - gnutls_mac_get (session)); + gnutls_cipher_get (session), + gnutls_mac_get (session)); if (tmp == NULL) tmp = str_unknown; snprintf (tmp2, "<TR><TD>Ciphersuite</TD><TD>%s</TD></TR></p></TABLE>\n", - tmp); + tmp); if (crtinfo) { @@ -597,7 +597,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, } snprintf (tmp2, "<hr><P>Your HTTP header was:<PRE>%s</PRE></P>\n" HTTP_END, - header); + header); *ret_length = strlen (http_buffer); @@ -606,7 +606,7 @@ peer_print_info (gnutls_session_t session, int *ret_length, static const char * human_addr (const struct sockaddr *sa, socklen_t salen, - char *buf, size_t buflen) + char *buf, size_t buflen) { const char *save_buf = buf; size_t l; @@ -676,41 +676,41 @@ listen_socket (const char *name, int listen_port) { /* Print what we are doing. */ { - char topbuf[512]; + char topbuf[512]; - fprintf (stderr, "%s listening on %s...", - name, human_addr (ptr->ai_addr, ptr->ai_addrlen, - topbuf, sizeof (topbuf))); + fprintf (stderr, "%s listening on %s...", + name, human_addr (ptr->ai_addr, ptr->ai_addrlen, + topbuf, sizeof (topbuf))); } if ((s = socket (ptr->ai_family, ptr->ai_socktype, - ptr->ai_protocol)) < 0) - { - perror ("socket() failed"); - continue; - } + ptr->ai_protocol)) < 0) + { + perror ("socket() failed"); + continue; + } yes = 1; if (setsockopt (s, SOL_SOCKET, SO_REUSEADDR, - (const void *) &yes, sizeof (yes)) < 0) - { - perror ("setsockopt() failed"); - failed: - close (s); - continue; - } + (const void *) &yes, sizeof (yes)) < 0) + { + perror ("setsockopt() failed"); + failed: + close (s); + continue; + } if (bind (s, ptr->ai_addr, ptr->ai_addrlen) < 0) - { - perror ("bind() failed"); - goto failed; - } + { + perror ("bind() failed"); + goto failed; + } if (listen (s, 10) < 0) - { - perror ("listen() failed"); - goto failed; - } + { + perror ("listen() failed"); + goto failed; + } /* new list entry for the connection */ lappend (listener_list); @@ -742,34 +742,34 @@ strip (char *data) for (i = 0; i < len; i++) { if (data[i] == '\r' && data[i + 1] == '\n' && data[i + 1] == 0) - { - data[i] = '\n'; - data[i + 1] = 0; - break; - } + { + data[i] = '\n'; + data[i + 1] = 0; + break; + } } } static void get_response (gnutls_session_t session, char *request, - char **response, int *response_length) + char **response, int *response_length) { char *p, *h; if (http != 0) { if (strncmp (request, "GET ", 4)) - goto unimplemented; + goto unimplemented; if (!(h = strchr (request, '\n'))) - goto unimplemented; + goto unimplemented; *h++ = '\0'; while (*h == '\r' || *h == '\n') - h++; + h++; if (!(p = strchr (request + 4, ' '))) - goto unimplemented; + goto unimplemented; *p = '\0'; } /* *response = peer_print_info(session, request+4, h, response_length); */ @@ -782,18 +782,18 @@ get_response (gnutls_session_t session, char *request, strip (request); fprintf (stderr, "received: %s\n", request); if (request[0] == request[1] && request[0] == '*') - { - if (strncmp - (request, "**REHANDSHAKE**", - sizeof ("**REHANDSHAKE**") - 1) == 0) - { - fprintf (stderr, "*** Sending rehandshake request\n"); - gnutls_rehandshake (session); - } - *response = NULL; - *response_length = 0; - return; - } + { + if (strncmp + (request, "**REHANDSHAKE**", + sizeof ("**REHANDSHAKE**") - 1) == 0) + { + fprintf (stderr, "*** Sending rehandshake request\n"); + gnutls_rehandshake (session); + } + *response = NULL; + *response_length = 0; + return; + } *response = strdup (request); *response_length = ((*response) ? strlen (*response) : 0); } @@ -823,12 +823,12 @@ check_alert (gnutls_session_t session, int ret) { int last_alert = gnutls_alert_get (session); if (last_alert == GNUTLS_A_NO_RENEGOTIATION && - ret == GNUTLS_E_WARNING_ALERT_RECEIVED) - printf - ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n"); + ret == GNUTLS_E_WARNING_ALERT_RECEIVED) + printf + ("* Received NO_RENEGOTIATION alert. Client does not support renegotiation.\n"); else - printf ("* Received alert '%d': %s.\n", last_alert, - gnutls_alert_get_name (last_alert)); + printf ("* Received alert '%d': %s.\n", last_alert, + gnutls_alert_get_name (last_alert)); } } @@ -857,7 +857,7 @@ main (int argc, char **argv) signal (SIGHUP, SIG_IGN); signal (SIGTERM, terminate); if (signal (SIGINT, terminate) == SIG_IGN) - signal (SIGINT, SIG_IGN); /* e.g. background process */ + signal (SIGINT, SIG_IGN); /* e.g. background process */ #endif sockets_init (); @@ -919,31 +919,31 @@ main (int argc, char **argv) if (x509_cafile != NULL) { if ((ret = gnutls_certificate_set_x509_trust_file - (cert_cred, x509_cafile, x509ctype)) < 0) - { - fprintf (stderr, "Error reading '%s'\n", x509_cafile); - GERR (ret); - exit (1); - } + (cert_cred, x509_cafile, x509ctype)) < 0) + { + fprintf (stderr, "Error reading '%s'\n", x509_cafile); + GERR (ret); + exit (1); + } else - { - printf ("Processed %d CA certificate(s).\n", ret); - } + { + printf ("Processed %d CA certificate(s).\n", ret); + } } #ifdef ENABLE_PKI if (x509_crlfile != NULL) { if ((ret = gnutls_certificate_set_x509_crl_file - (cert_cred, x509_crlfile, x509ctype)) < 0) - { - fprintf (stderr, "Error reading '%s'\n", x509_crlfile); - GERR (ret); - exit (1); - } + (cert_cred, x509_crlfile, x509ctype)) < 0) + { + fprintf (stderr, "Error reading '%s'\n", x509_crlfile); + GERR (ret); + exit (1); + } else - { - printf ("Processed %d CRL(s).\n", ret); - } + { + printf ("Processed %d CRL(s).\n", ret); + } } #endif @@ -951,53 +951,53 @@ main (int argc, char **argv) if (pgp_keyring != NULL) { ret = - gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring, - GNUTLS_OPENPGP_FMT_BASE64); + gnutls_certificate_set_openpgp_keyring_file (cert_cred, pgp_keyring, + GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) - { - fprintf (stderr, "Error setting the OpenPGP keyring file\n"); - GERR (ret); - } + { + fprintf (stderr, "Error setting the OpenPGP keyring file\n"); + GERR (ret); + } } if (pgp_certfile != NULL) { if (info.pgp_subkey != NULL) - ret = gnutls_certificate_set_openpgp_key_file2 - (cert_cred, pgp_certfile, pgp_keyfile, info.pgp_subkey, - GNUTLS_OPENPGP_FMT_BASE64); + ret = gnutls_certificate_set_openpgp_key_file2 + (cert_cred, pgp_certfile, pgp_keyfile, info.pgp_subkey, + GNUTLS_OPENPGP_FMT_BASE64); else - ret = gnutls_certificate_set_openpgp_key_file - (cert_cred, pgp_certfile, pgp_keyfile, GNUTLS_OPENPGP_FMT_BASE64); + ret = gnutls_certificate_set_openpgp_key_file + (cert_cred, pgp_certfile, pgp_keyfile, GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) - { - fprintf (stderr, - "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n", - ret, pgp_certfile, pgp_keyfile); - GERR (ret); - } + { + fprintf (stderr, + "Error[%d] while reading the OpenPGP key pair ('%s', '%s')\n", + ret, pgp_certfile, pgp_keyfile); + GERR (ret); + } } #endif if (x509_certfile != NULL) if ((ret = gnutls_certificate_set_x509_key_file - (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0) + (cert_cred, x509_certfile, x509_keyfile, x509ctype)) < 0) { - fprintf (stderr, - "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile); - GERR (ret); - exit (1); + fprintf (stderr, + "Error reading '%s' or '%s'\n", x509_certfile, x509_keyfile); + GERR (ret); + exit (1); } if (x509_dsacertfile != NULL) if ((ret = gnutls_certificate_set_x509_key_file - (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0) + (cert_cred, x509_dsacertfile, x509_dsakeyfile, x509ctype)) < 0) { - fprintf (stderr, "Error reading '%s' or '%s'\n", - x509_dsacertfile, x509_dsakeyfile); - GERR (ret); - exit (1); + fprintf (stderr, "Error reading '%s' or '%s'\n", + x509_dsacertfile, x509_dsakeyfile); + GERR (ret); + exit (1); } gnutls_certificate_set_params_function (cert_cred, get_params); @@ -1014,14 +1014,14 @@ main (int argc, char **argv) gnutls_srp_allocate_server_credentials (&srp_cred); if ((ret = - gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd, - srp_passwd_conf)) < 0) - { - /* only exit is this function is not disabled - */ - fprintf (stderr, "Error while setting SRP parameters\n"); - GERR (ret); - } + gnutls_srp_set_server_credentials_file (srp_cred, srp_passwd, + srp_passwd_conf)) < 0) + { + /* only exit is this function is not disabled + */ + fprintf (stderr, "Error while setting SRP parameters\n"); + GERR (ret); + } } #endif @@ -1033,24 +1033,24 @@ main (int argc, char **argv) gnutls_psk_allocate_server_credentials (&psk_cred); if ((ret = - gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0) - { - /* only exit is this function is not disabled - */ - fprintf (stderr, "Error while setting PSK parameters\n"); - GERR (ret); - } + gnutls_psk_set_server_credentials_file (psk_cred, psk_passwd)) < 0) + { + /* only exit is this function is not disabled + */ + fprintf (stderr, "Error while setting PSK parameters\n"); + GERR (ret); + } if (info.psk_hint) - { - ret = gnutls_psk_set_server_credentials_hint (psk_cred, - info.psk_hint); - if (ret) - { - fprintf (stderr, "Error setting PSK identity hint.\n"); - GERR (ret); - } - } + { + ret = gnutls_psk_set_server_credentials_hint (psk_cred, + info.psk_hint); + if (ret) + { + fprintf (stderr, "Error setting PSK identity hint.\n"); + GERR (ret); + } + } gnutls_psk_set_server_params_function (psk_cred, get_params); } @@ -1086,333 +1086,333 @@ main (int argc, char **argv) { #ifndef _WIN32 - val = fcntl (j->fd, F_GETFL, 0); - if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0)) - { - perror ("fcntl()"); - exit (1); - } + val = fcntl (j->fd, F_GETFL, 0); + if ((val == -1) || (fcntl (j->fd, F_SETFL, val | O_NONBLOCK) < 0)) + { + perror ("fcntl()"); + exit (1); + } #endif - if (j->listen_socket) - { - FD_SET (j->fd, &rd); - n = MAX (n, j->fd); - } - if (j->http_state == HTTP_STATE_REQUEST) - { - FD_SET (j->fd, &rd); - n = MAX (n, j->fd); - } - if (j->http_state == HTTP_STATE_RESPONSE) - { - FD_SET (j->fd, &wr); - n = MAX (n, j->fd); - } + if (j->listen_socket) + { + FD_SET (j->fd, &rd); + n = MAX (n, j->fd); + } + if (j->http_state == HTTP_STATE_REQUEST) + { + FD_SET (j->fd, &rd); + n = MAX (n, j->fd); + } + if (j->http_state == HTTP_STATE_RESPONSE) + { + FD_SET (j->fd, &wr); + n = MAX (n, j->fd); + } } lloopend (listener_list, j); /* core operation */ n = select (n + 1, &rd, &wr, NULL, NULL); if (n == -1 && errno == EINTR) - continue; + continue; if (n < 0) - { - perror ("select()"); - exit (1); - } + { + perror ("select()"); + exit (1); + } /* read or write to each connection as indicated by select()'s return argument */ lloopstart (listener_list, j) { - /* a new connection has arrived */ - if (FD_ISSET (j->fd, &rd) && j->listen_socket) - { - gnutls_session_t tls_session; - - tls_session = initialize_session (); - - calen = sizeof (client_address); - memset (&client_address, 0, calen); - accept_fd = accept (j->fd, (struct sockaddr *) &client_address, - &calen); - - if (accept_fd < 0) - { - perror ("accept()"); - } - else - { - time_t tt; - char *ctt; - - /* new list entry for the connection */ - lappend (listener_list); - j = listener_list.tail; - j->http_request = (char *) strdup (""); - j->http_state = HTTP_STATE_REQUEST; - j->fd = accept_fd; - - j->tls_session = tls_session; - gnutls_transport_set_ptr (tls_session, - (gnutls_transport_ptr_t) - gl_fd_to_handle (accept_fd)); - j->handshake_ok = 0; - - if (verbose == 0) - { - tt = time (0); - ctt = ctime (&tt); - ctt[strlen (ctt) - 1] = 0; - - printf ("\n* Accepted connection from %s on %s\n", - human_addr ((struct sockaddr *) - &client_address, calen, topbuf, - sizeof (topbuf)), ctt); - } - } - } - - if (FD_ISSET (j->fd, &rd) && !j->listen_socket) - { + /* a new connection has arrived */ + if (FD_ISSET (j->fd, &rd) && j->listen_socket) + { + gnutls_session_t tls_session; + + tls_session = initialize_session (); + + calen = sizeof (client_address); + memset (&client_address, 0, calen); + accept_fd = accept (j->fd, (struct sockaddr *) &client_address, + &calen); + + if (accept_fd < 0) + { + perror ("accept()"); + } + else + { + time_t tt; + char *ctt; + + /* new list entry for the connection */ + lappend (listener_list); + j = listener_list.tail; + j->http_request = (char *) strdup (""); + j->http_state = HTTP_STATE_REQUEST; + j->fd = accept_fd; + + j->tls_session = tls_session; + gnutls_transport_set_ptr (tls_session, + (gnutls_transport_ptr_t) + gl_fd_to_handle (accept_fd)); + j->handshake_ok = 0; + + if (verbose == 0) + { + tt = time (0); + ctt = ctime (&tt); + ctt[strlen (ctt) - 1] = 0; + + printf ("\n* Accepted connection from %s on %s\n", + human_addr ((struct sockaddr *) + &client_address, calen, topbuf, + sizeof (topbuf)), ctt); + } + } + } + + if (FD_ISSET (j->fd, &rd) && !j->listen_socket) + { /* read partial GET request */ - char buf[1024]; - int r, ret; - - if (j->handshake_ok == 0) - { - r = gnutls_handshake (j->tls_session); - if (r < 0 && gnutls_error_is_fatal (r) == 0) - { - check_alert (j->tls_session, r); - /* nothing */ - } - else if (r < 0 && gnutls_error_is_fatal (r) == 1) - { - check_alert (j->tls_session, r); - fprintf (stderr, "Error in handshake\n"); - GERR (r); - - do - { - ret = - gnutls_alert_send_appropriate (j->tls_session, r); - } - while (ret == GNUTLS_E_AGAIN - || ret == GNUTLS_E_INTERRUPTED); - j->http_state = HTTP_STATE_CLOSING; - } - else if (r == 0) - { - if (gnutls_session_is_resumed (j->tls_session) != 0 - && verbose == 0) - printf ("*** This is a resumed session\n"); - - if (verbose == 0) - { - printf ("\n* Successful handshake from %s\n", - human_addr ((struct sockaddr *) - &client_address, calen, topbuf, - sizeof (topbuf))); - print_info (j->tls_session, NULL, 1); - } - j->handshake_ok = 1; - } - } - - if (j->handshake_ok == 1) - { - r = gnutls_record_recv (j->tls_session, buf, - MIN (1024, SMALL_READ_TEST)); - if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) - { - /* do nothing */ - } - else if (r <= 0) - { - if (r == GNUTLS_E_REHANDSHAKE) - { - fprintf (stderr, "*** Received hello message\n"); - do - { - r = gnutls_handshake (j->tls_session); - } - while (r == GNUTLS_E_INTERRUPTED - || r == GNUTLS_E_AGAIN); - - if (r < 0) - { - do - { - ret = gnutls_alert_send_appropriate - (j->tls_session, r); - } - while (ret == GNUTLS_E_AGAIN - || ret == GNUTLS_E_INTERRUPTED); - - GERR (r); - j->http_state = HTTP_STATE_CLOSING; - } - } - else - { - j->http_state = HTTP_STATE_CLOSING; - if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) - { - check_alert (j->tls_session, r); - fprintf (stderr, "Error while receiving data\n"); - GERR (r); - } - } - } - else - { - j->http_request = - realloc (j->http_request, j->request_length + r + 1); - if (j->http_request != NULL) - { - memcpy (j->http_request + j->request_length, buf, r); - j->request_length += r; - j->http_request[j->request_length] = '\0'; - } - else - j->http_state = HTTP_STATE_CLOSING; - - } + char buf[1024]; + int r, ret; + + if (j->handshake_ok == 0) + { + r = gnutls_handshake (j->tls_session); + if (r < 0 && gnutls_error_is_fatal (r) == 0) + { + check_alert (j->tls_session, r); + /* nothing */ + } + else if (r < 0 && gnutls_error_is_fatal (r) == 1) + { + check_alert (j->tls_session, r); + fprintf (stderr, "Error in handshake\n"); + GERR (r); + + do + { + ret = + gnutls_alert_send_appropriate (j->tls_session, r); + } + while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + j->http_state = HTTP_STATE_CLOSING; + } + else if (r == 0) + { + if (gnutls_session_is_resumed (j->tls_session) != 0 + && verbose == 0) + printf ("*** This is a resumed session\n"); + + if (verbose == 0) + { + printf ("\n* Successful handshake from %s\n", + human_addr ((struct sockaddr *) + &client_address, calen, topbuf, + sizeof (topbuf))); + print_info (j->tls_session, NULL, 1); + } + j->handshake_ok = 1; + } + } + + if (j->handshake_ok == 1) + { + r = gnutls_record_recv (j->tls_session, buf, + MIN (1024, SMALL_READ_TEST)); + if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) + { + /* do nothing */ + } + else if (r <= 0) + { + if (r == GNUTLS_E_REHANDSHAKE) + { + fprintf (stderr, "*** Received hello message\n"); + do + { + r = gnutls_handshake (j->tls_session); + } + while (r == GNUTLS_E_INTERRUPTED + || r == GNUTLS_E_AGAIN); + + if (r < 0) + { + do + { + ret = gnutls_alert_send_appropriate + (j->tls_session, r); + } + while (ret == GNUTLS_E_AGAIN + || ret == GNUTLS_E_INTERRUPTED); + + GERR (r); + j->http_state = HTTP_STATE_CLOSING; + } + } + else + { + j->http_state = HTTP_STATE_CLOSING; + if (r < 0 && r != GNUTLS_E_UNEXPECTED_PACKET_LENGTH) + { + check_alert (j->tls_session, r); + fprintf (stderr, "Error while receiving data\n"); + GERR (r); + } + } + } + else + { + j->http_request = + realloc (j->http_request, j->request_length + r + 1); + if (j->http_request != NULL) + { + memcpy (j->http_request + j->request_length, buf, r); + j->request_length += r; + j->http_request[j->request_length] = '\0'; + } + else + j->http_state = HTTP_STATE_CLOSING; + + } /* check if we have a full HTTP header */ - j->http_response = NULL; - if (j->http_request != NULL) - { - if ((http == 0 && strchr (j->http_request, '\n')) - || strstr (j->http_request, "\r\n\r\n") - || strstr (j->http_request, "\n\n")) - { - get_response (j->tls_session, j->http_request, - &j->http_response, &j->response_length); - j->http_state = HTTP_STATE_RESPONSE; - j->response_written = 0; - } - } - } - } - if (FD_ISSET (j->fd, &wr)) - { + j->http_response = NULL; + if (j->http_request != NULL) + { + if ((http == 0 && strchr (j->http_request, '\n')) + || strstr (j->http_request, "\r\n\r\n") + || strstr (j->http_request, "\n\n")) + { + get_response (j->tls_session, j->http_request, + &j->http_response, &j->response_length); + j->http_state = HTTP_STATE_RESPONSE; + j->response_written = 0; + } + } + } + } + if (FD_ISSET (j->fd, &wr)) + { /* write partial response request */ - int r; - - if (j->handshake_ok == 0) - { - r = gnutls_handshake (j->tls_session); - if (r < 0 && gnutls_error_is_fatal (r) == 0) - { - check_alert (j->tls_session, r); - /* nothing */ - } - else if (r < 0 && gnutls_error_is_fatal (r) == 1) - { - int ret; - - j->http_state = HTTP_STATE_CLOSING; - check_alert (j->tls_session, r); - fprintf (stderr, "Error in handshake\n"); - GERR (r); - - do - { - ret = - gnutls_alert_send_appropriate (j->tls_session, r); - } - while (ret == GNUTLS_E_AGAIN); - } - else if (r == 0) - { - if (gnutls_session_is_resumed (j->tls_session) != 0 - && verbose == 0) - printf ("*** This is a resumed session\n"); - if (verbose == 0) - { - printf ("- connection from %s\n", - human_addr ((struct sockaddr *) - &client_address, calen, topbuf, - sizeof (topbuf))); - - print_info (j->tls_session, NULL, 1); - } - j->handshake_ok = 1; - } - } - - if (j->handshake_ok == 1 && j->http_response != NULL) - { - /* FIXME if j->http_response == NULL? */ - r = gnutls_record_send (j->tls_session, - j->http_response + - j->response_written, - MIN (j->response_length - - j->response_written, - SMALL_READ_TEST)); - if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) - { - /* do nothing */ - } - else if (r <= 0) - { - if (http != 0) - j->http_state = HTTP_STATE_CLOSING; - else - { - j->http_state = HTTP_STATE_REQUEST; - free (j->http_response); - j->response_length = 0; - j->request_length = 0; - j->http_request[0] = 0; - } - - if (r < 0) - { - fprintf (stderr, "Error while sending data\n"); - GERR (r); - } - check_alert (j->tls_session, r); - } - else - { - j->response_written += r; + int r; + + if (j->handshake_ok == 0) + { + r = gnutls_handshake (j->tls_session); + if (r < 0 && gnutls_error_is_fatal (r) == 0) + { + check_alert (j->tls_session, r); + /* nothing */ + } + else if (r < 0 && gnutls_error_is_fatal (r) == 1) + { + int ret; + + j->http_state = HTTP_STATE_CLOSING; + check_alert (j->tls_session, r); + fprintf (stderr, "Error in handshake\n"); + GERR (r); + + do + { + ret = + gnutls_alert_send_appropriate (j->tls_session, r); + } + while (ret == GNUTLS_E_AGAIN); + } + else if (r == 0) + { + if (gnutls_session_is_resumed (j->tls_session) != 0 + && verbose == 0) + printf ("*** This is a resumed session\n"); + if (verbose == 0) + { + printf ("- connection from %s\n", + human_addr ((struct sockaddr *) + &client_address, calen, topbuf, + sizeof (topbuf))); + + print_info (j->tls_session, NULL, 1); + } + j->handshake_ok = 1; + } + } + + if (j->handshake_ok == 1 && j->http_response != NULL) + { + /* FIXME if j->http_response == NULL? */ + r = gnutls_record_send (j->tls_session, + j->http_response + + j->response_written, + MIN (j->response_length - + j->response_written, + SMALL_READ_TEST)); + if (r == GNUTLS_E_INTERRUPTED || r == GNUTLS_E_AGAIN) + { + /* do nothing */ + } + else if (r <= 0) + { + if (http != 0) + j->http_state = HTTP_STATE_CLOSING; + else + { + j->http_state = HTTP_STATE_REQUEST; + free (j->http_response); + j->response_length = 0; + j->request_length = 0; + j->http_request[0] = 0; + } + + if (r < 0) + { + fprintf (stderr, "Error while sending data\n"); + GERR (r); + } + check_alert (j->tls_session, r); + } + else + { + j->response_written += r; /* check if we have written a complete response */ - if (j->response_written == j->response_length) - { - if (http != 0) - j->http_state = HTTP_STATE_CLOSING; - else - { - j->http_state = HTTP_STATE_REQUEST; - free (j->http_response); - j->response_length = 0; - j->request_length = 0; - j->http_request[0] = 0; - } - } - } - } - else - { - j->request_length = 0; - j->http_request[0] = 0; - j->http_state = HTTP_STATE_REQUEST; - } - } + if (j->response_written == j->response_length) + { + if (http != 0) + j->http_state = HTTP_STATE_CLOSING; + else + { + j->http_state = HTTP_STATE_REQUEST; + free (j->http_response); + j->response_length = 0; + j->request_length = 0; + j->http_request[0] = 0; + } + } + } + } + else + { + j->request_length = 0; + j->http_request[0] = 0; + j->http_state = HTTP_STATE_REQUEST; + } + } } lloopend (listener_list, j); /* loop through all connections, closing those that are in error */ lloopstart (listener_list, j) { - if (j->http_state == HTTP_STATE_CLOSING) - { - ldeleteinc (listener_list, j); - } + if (j->http_state == HTTP_STATE_CLOSING) + { + ldeleteinc (listener_list, j); + } } lloopend (listener_list, j); } @@ -1453,7 +1453,7 @@ gaa_parser (int argc, char **argv) if (gaa (argc, argv, &info) != -1) { fprintf (stderr, - "Error in the arguments. Use the --help or -h parameters to get more information.\n"); + "Error in the arguments. Use the --help or -h parameters to get more information.\n"); exit (1); } @@ -1515,7 +1515,7 @@ serv_version (void) if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) p = PACKAGE_STRING; version_etc (stdout, program_name, p, gnutls_check_version (NULL), - "Nikos Mavrogiannopoulos", (char *) NULL); + "Nikos Mavrogiannopoulos", (char *) NULL); } /* session resuming support */ @@ -1583,18 +1583,18 @@ wrap_db_fetch (void *dbf, gnutls_datum_t key) for (i = 0; i < ssl_session_cache; i++) { if (key.size == cache_db[i].session_id_size && - memcmp (key.data, cache_db[i].session_id, key.size) == 0) - { - res.size = cache_db[i].session_data_size; + memcmp (key.data, cache_db[i].session_id, key.size) == 0) + { + res.size = cache_db[i].session_data_size; - res.data = gnutls_malloc (res.size); - if (res.data == NULL) - return res; + res.data = gnutls_malloc (res.size); + if (res.data == NULL) + return res; - memcpy (res.data, cache_db[i].session_data, res.size); + memcpy (res.data, cache_db[i].session_data, res.size); - return res; - } + return res; + } } return res; } @@ -1610,14 +1610,14 @@ wrap_db_delete (void *dbf, gnutls_datum_t key) for (i = 0; i < ssl_session_cache; i++) { if (key.size == (unsigned int) cache_db[i].session_id_size && - memcmp (key.data, cache_db[i].session_id, key.size) == 0) - { + memcmp (key.data, cache_db[i].session_id, key.size) == 0) + { - cache_db[i].session_id_size = 0; - cache_db[i].session_data_size = 0; + cache_db[i].session_id_size = 0; + cache_db[i].session_data_size = 0; - return 0; - } + return 0; + } } return -1; diff --git a/src/tests.c b/src/tests.c index bb07d138ed..7fb9e2b206 100644 --- a/src/tests.c +++ b/src/tests.c @@ -71,13 +71,13 @@ do_handshake (gnutls_session_t session) if (ret < 0 && verbose > 1) { if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED - || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - { - alert = gnutls_alert_get (session); - printf ("\n"); - printf ("*** Received alert [%d]: %s\n", - alert, gnutls_alert_get_name (alert)); - } + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + { + alert = gnutls_alert_get (session); + printf ("\n"); + printf ("*** Received alert [%d]: %s\n", + alert, gnutls_alert_get_name (alert)); + } } if (ret < 0) @@ -145,8 +145,8 @@ test_server (gnutls_session_t session) buf[sizeof (buf) - 1] = 0; sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" - ALL_KX ":" "%s", protocol_str, rest); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" + ALL_KX ":" "%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -167,13 +167,13 @@ test_server (gnutls_session_t session) { p++; while (*p != 0 && *p != '\r' && *p != '\n') - { - putc (*p, stdout); - p++; - i++; - if (i > 128) - break; - } + { + putc (*p, stdout); + p++; + i++; + if (i > 128) + break; + } } return TEST_SUCCEED; @@ -192,8 +192,8 @@ test_export (gnutls_session_t session) int ret; sprintf (prio_str, INIT_STR - "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -220,8 +220,8 @@ test_export_info (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, INIT_STR - "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + "+ARCFOUR-40:+RSA-EXPORT:" ALL_COMP ":" ALL_CERTTYPES ":%s:" + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -232,25 +232,25 @@ test_export_info (gnutls_session_t session) { ret2 = gnutls_rsa_export_get_pubkey (session, &exp2, &mod2); if (ret2 >= 0) - { - printf ("\n"); - - print = raw_to_string (exp2.data, exp2.size); - if (print) - printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print); - - print = raw_to_string (mod2.data, mod2.size); - if (print) - printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print); - - if (mod2.size != mod.size || exp2.size != exp.size || - memcmp (mod2.data, mod.data, mod.size) != 0 || - memcmp (exp2.data, exp.data, exp.size) != 0) - { - printf - (" (server uses different public keys per connection)\n"); - } - } + { + printf ("\n"); + + print = raw_to_string (exp2.data, exp2.size); + if (print) + printf (" Exponent [%d bits]: %s\n", exp2.size * 8, print); + + print = raw_to_string (mod2.data, mod2.size); + if (print) + printf (" Modulus [%d bits]: %s\n", mod2.size * 8, print); + + if (mod2.size != mod.size || exp2.size != exp.size || + memcmp (mod2.data, mod.data, mod.size) != 0 || + memcmp (exp2.data, exp.data, exp.size) != 0) + { + printf + (" (server uses different public keys per connection)\n"); + } + } } return ret; @@ -265,8 +265,8 @@ test_dhe (gnutls_session_t session) int ret; sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -285,8 +285,8 @@ test_safe_renegotiation (gnutls_session_t session) int ret; sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" - ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" + ALL_KX ":%%SAFE_RENEGOTIATION", protocol_str); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -302,8 +302,8 @@ test_safe_renegotiation_scsv (gnutls_session_t session) int ret; sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:" - ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION"); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:" + ALL_MACS ":" ALL_KX ":%%SAFE_RENEGOTIATION"); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -324,8 +324,8 @@ test_dhe_group (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":+DHE-RSA:+DHE-DSS:%s", protocol_str, rest); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -338,22 +338,22 @@ test_dhe_group (gnutls_session_t session) print = raw_to_string (gen.data, gen.size); if (print) - printf (" Generator [%d bits]: %s\n", gen.size * 8, print); + printf (" Generator [%d bits]: %s\n", gen.size * 8, print); print = raw_to_string (prime.data, prime.size); if (print) - printf (" Prime [%d bits]: %s\n", prime.size * 8, print); + printf (" Prime [%d bits]: %s\n", prime.size * 8, print); gnutls_dh_get_pubkey (session, &pubkey2); print = raw_to_string (pubkey2.data, pubkey2.size); if (print) - printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print); + printf (" Pubkey [%d bits]: %s\n", pubkey2.size * 8, print); if (pubkey2.data && pubkey2.size == pubkey.size && - memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0) - { - printf (" (public key seems to be static among sessions)\n"); - } + memcmp (pubkey.data, pubkey2.data, pubkey.size) == 0) + { + printf (" (public key seems to be static among sessions)\n"); + } } return ret; } @@ -363,8 +363,8 @@ test_ssl3 (gnutls_session_t session) { int ret; sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:" - ALL_MACS ":" ALL_KX ":%s", rest); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":+VERS-SSL3.0:" + ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -395,8 +395,8 @@ test_bye (gnutls_session_t session) #endif sprintf (prio_str, INIT_STR - ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" - ALL_KX ":%s", protocol_str, rest); + ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS ":" + ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -414,7 +414,7 @@ test_bye (gnutls_session_t session) alarm (secs); #else setsockopt ((int) gnutls_transport_get_ptr (session), SOL_SOCKET, - SO_RCVTIMEO, (char *) &secs, sizeof (int)); + SO_RCVTIMEO, (char *) &secs, sizeof (int)); #endif do @@ -447,8 +447,8 @@ test_aes (gnutls_session_t session) int ret; sprintf (prio_str, INIT_STR - "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + "+AES-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -464,8 +464,8 @@ test_camellia (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" - ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR "+CAMELLIA-128-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" + ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -481,8 +481,8 @@ test_openpgp1 (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":+CTYPE-OPENPGP:%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -505,13 +505,13 @@ test_unknown_ciphersuites (gnutls_session_t session) #ifdef ENABLE_CAMELLIA sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); #else sprintf (prio_str, - INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":%s:" ALL_MACS ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); #endif @@ -527,8 +527,8 @@ test_md5 (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest); + INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":%s:+MD5:" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -544,8 +544,8 @@ test_zlib (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":+COMP-ZLIB:" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":+COMP-ZLIB:" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -561,8 +561,8 @@ test_sha (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest); + INIT_STR "+AES-128-CBC:" ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":%s:+SHA1:" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -576,8 +576,8 @@ test_3des (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR "+3DES-CBC:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -591,8 +591,8 @@ test_arcfour (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR "+ARCFOUR-128:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -606,8 +606,8 @@ test_arcfour_40 (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR "+ARCFOUR-40:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" "+RSA-EXPORT" ":%s", protocol_str, rest); + INIT_STR "+ARCFOUR-40:" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" "+RSA-EXPORT" ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -622,8 +622,8 @@ test_tls1 (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -642,8 +642,8 @@ test_record_padding (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest); + INIT_STR BLOCK_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.0:" ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -666,8 +666,8 @@ test_tls1_2 (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.2:" ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -686,8 +686,8 @@ test_tls1_1 (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.1:" ALL_MACS ":" ALL_KX ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -708,9 +708,9 @@ test_tls1_1_fallback (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES - ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX - ":%s", rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES + ":+VERS-TLS1.1:+VERS-TLS1.0:+VERS-SSL3.0:" ALL_MACS ":" ALL_KX + ":%s", rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -739,8 +739,8 @@ test_tls_disable (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -750,9 +750,9 @@ test_tls_disable (gnutls_session_t session) { /* disable TLS 1.0 */ if (ssl3_ok != 0) - { - strcpy (protocol_str, "+VERS-SSL3.0"); - } + { + strcpy (protocol_str, "+VERS-SSL3.0"); + } } return ret; @@ -769,8 +769,8 @@ test_rsa_pms (gnutls_session_t session) * SSL 3.0 then the handshake will fail. */ sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":+RSA:%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":+RSA:%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -788,8 +788,8 @@ test_max_record_size (gnutls_session_t session) { int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_record_set_max_size (session, 512); @@ -811,8 +811,8 @@ test_hello_extension (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); gnutls_record_set_max_size (session, 512); @@ -822,8 +822,8 @@ test_hello_extension (gnutls_session_t session) } void _gnutls_record_set_default_version (gnutls_session_t session, - unsigned char major, - unsigned char minor); + unsigned char major, + unsigned char minor); test_code_t test_version_rollback (gnutls_session_t session) @@ -840,8 +840,8 @@ test_version_rollback (gnutls_session_t session) * connection will fail. */ sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_record_set_default_version (session, 3, 0); @@ -868,8 +868,8 @@ test_version_oob (gnutls_session_t session) * and we connect using a 5.5 record version. */ sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); _gnutls_record_set_default_version (session, 5, 5); @@ -879,7 +879,7 @@ test_version_oob (gnutls_session_t session) } void _gnutls_rsa_pms_set_version (gnutls_session_t session, - unsigned char major, unsigned char minor); + unsigned char major, unsigned char minor); test_code_t test_rsa_pms_version_check (gnutls_session_t session) @@ -891,11 +891,11 @@ test_rsa_pms_version_check (gnutls_session_t session) * A normal server would abort this handshake. */ sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); - _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */ + _gnutls_rsa_pms_set_version (session, 5, 5); /* use SSL 5.5 version */ ret = do_handshake (session); return ret; @@ -909,8 +909,8 @@ test_anonymous (gnutls_session_t session) int ret; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":+ANON-DH:%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":+ANON-DH:%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_ANON, anon_cred); @@ -934,8 +934,8 @@ test_session_resume2 (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -979,8 +979,8 @@ test_certificate (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); @@ -999,9 +999,9 @@ test_certificate (gnutls_session_t session) */ static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st) + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st) { char issuer_dn[256]; int i, ret; @@ -1024,10 +1024,10 @@ cert_callback (gnutls_session_t session, len = sizeof (issuer_dn); ret = gnutls_x509_rdn_get (&req_ca_rdn[i], issuer_dn, &len); if (ret >= 0) - { - printf (" [%d]: ", i); - printf ("%s\n", issuer_dn); - } + { + printf (" [%d]: ", i); + printf ("%s\n", issuer_dn); + } } return -1; @@ -1046,8 +1046,8 @@ test_server_cas (gnutls_session_t session) return TEST_IGNORE; sprintf (prio_str, - INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS - ":" ALL_KX ":%s", protocol_str, rest); + INIT_STR ALL_CIPHERS ":" ALL_COMP ":" ALL_CERTTYPES ":%s:" ALL_MACS + ":" ALL_KX ":%s", protocol_str, rest); _gnutls_priority_set_direct (session, prio_str); gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, xcred); diff --git a/src/tests.h b/src/tests.h index 426dcde836..5961a710a2 100644 --- a/src/tests.h +++ b/src/tests.h @@ -41,4 +41,4 @@ test_code_t test_rsa_pms_version_check (gnutls_session_t session); test_code_t test_version_oob (gnutls_session_t session); test_code_t test_zlib (gnutls_session_t session); int _test_srp_username_callback (gnutls_session_t session, - char **username, char **password); + char **username, char **password); diff --git a/src/tls_test.c b/src/tls_test.c index 825d45566b..46f5561e3c 100644 --- a/src/tls_test.c +++ b/src/tls_test.c @@ -195,13 +195,13 @@ main (int argc, char **argv) if ((err = getaddrinfo (hostname, portname, &hints, &res)) != 0) { fprintf (stderr, "Cannot resolve %s: %s\n", hostname, - gai_strerror (err)); + gai_strerror (err)); exit (1); } /* X509 stuff */ if (gnutls_certificate_allocate_credentials (&xcred) < 0) - { /* space for 2 certificates */ + { /* space for 2 certificates */ fprintf (stderr, "memory error\n"); exit (1); } @@ -230,64 +230,64 @@ main (int argc, char **argv) { if (tls_tests[i].test_name == NULL) - break; /* finished */ + break; /* finished */ /* if neither of SSL3 and TLSv1 are supported, exit */ if (i > 6 && tls1_1_ok == 0 && tls1_ok == 0 && ssl3_ok == 0) - { - fprintf (stderr, - "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n"); - break; - } + { + fprintf (stderr, + "\nServer does not support any of SSL 3.0, TLS 1.0 and TLS 1.1\n"); + break; + } sd = -1; for (ptr = res; ptr != NULL; ptr = ptr->ai_next) - { - sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); - if (sd == -1) - { - continue; - } - - getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, - NULL, 0, NI_NUMERICHOST); - if (tt++ == 0) - printf ("Connecting to '%s:%d'...\n", buffer, port); - if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0) - { - close (sd); - sd = -1; - continue; - } - } + { + sd = socket (ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); + if (sd == -1) + { + continue; + } + + getnameinfo (ptr->ai_addr, ptr->ai_addrlen, buffer, MAX_BUF, + NULL, 0, NI_NUMERICHOST); + if (tt++ == 0) + printf ("Connecting to '%s:%d'...\n", buffer, port); + if ((err = connect (sd, ptr->ai_addr, ptr->ai_addrlen)) != 0) + { + close (sd); + sd = -1; + continue; + } + } ERR (err, "connect") gnutls_init (&state, GNUTLS_CLIENT); gnutls_transport_set_ptr (state, (gnutls_transport_ptr_t) - gl_fd_to_handle (sd)); + gl_fd_to_handle (sd)); do - { - printf ("Checking %s...", tls_tests[i].test_name); - - ret = tls_tests[i].func (state); - - if (ret == TEST_SUCCEED) - printf (" %s\n", tls_tests[i].suc_str); - else if (ret == TEST_FAILED) - printf (" %s\n", tls_tests[i].fail_str); - else if (ret == TEST_UNSURE) - printf (" %s\n", tls_tests[i].unsure_str); - else if (ret == TEST_IGNORE) - { - printf (" N/A\n"); - i++; - } - } + { + printf ("Checking %s...", tls_tests[i].test_name); + + ret = tls_tests[i].func (state); + + if (ret == TEST_SUCCEED) + printf (" %s\n", tls_tests[i].suc_str); + else if (ret == TEST_FAILED) + printf (" %s\n", tls_tests[i].fail_str); + else if (ret == TEST_UNSURE) + printf (" %s\n", tls_tests[i].unsure_str); + else if (ret == TEST_IGNORE) + { + printf (" N/A\n"); + i++; + } + } while (ret == TEST_IGNORE && tls_tests[i].test_name != NULL); gnutls_deinit (state); - shutdown (sd, SHUT_RDWR); /* no more receptions */ + shutdown (sd, SHUT_RDWR); /* no more receptions */ close (sd); i++; @@ -315,7 +315,7 @@ gaa_parser (int argc, char **argv) if (gaa (argc, argv, &info) != -1) { fprintf (stderr, - "Error in the arguments. Use the -h or --help parameters to get more info.\n"); + "Error in the arguments. Use the -h or --help parameters to get more info.\n"); exit (1); } @@ -340,5 +340,5 @@ tls_test_version (void) if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0) p = PACKAGE_STRING; version_etc (stdout, "gnutls-cli-debug", p, gnutls_check_version (NULL), - "Nikos Mavrogiannopoulos", (char *) NULL); + "Nikos Mavrogiannopoulos", (char *) NULL); } diff --git a/tests/anonself.c b/tests/anonself.c index 40ef7bc4e5..f110e18c71 100644 --- a/tests/anonself.c +++ b/tests/anonself.c @@ -103,13 +103,13 @@ client (void) else { if (debug) - success ("client: Handshake was completed\n"); + success ("client: Handshake was completed\n"); } if (debug) success ("client: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); gnutls_record_send (session, MSG, strlen (MSG)); @@ -117,7 +117,7 @@ client (void) if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -130,9 +130,9 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } @@ -154,7 +154,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -222,10 +222,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -275,8 +275,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); @@ -292,8 +292,8 @@ server (void) if (debug) success ("server: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); /* see the Getting peer's information example */ /* print_info(session); */ @@ -305,22 +305,22 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ diff --git a/tests/certificate_set_x509_crl.c b/tests/certificate_set_x509_crl.c index b242ccd0f1..20ebb3085a 100644 --- a/tests/certificate_set_x509_crl.c +++ b/tests/certificate_set_x509_crl.c @@ -67,12 +67,12 @@ main (void) if (rc) { printf ("gnutls_certificate_allocate_credentials rc %d: %s\n", - rc, gnutls_strerror (rc)); + rc, gnutls_strerror (rc)); return 1; } rc = gnutls_certificate_set_x509_crl_mem (crt, &crldatum, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (rc != 1) { printf ("gnutls_certificate_set_x509_crl_mem num %d\n", rc); @@ -97,7 +97,7 @@ main (void) if (rc) { printf ("gnutls_certificate_set_x509_crl rc %d: %s\n", - rc, gnutls_strerror (rc)); + rc, gnutls_strerror (rc)); return 1; } diff --git a/tests/chainverify.c b/tests/chainverify.c index eb2e761650..800b005a53 100644 --- a/tests/chainverify.c +++ b/tests/chainverify.c @@ -781,97 +781,97 @@ doit (void) size_t j; if (debug) - printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i); + printf ("Chain '%s' (%d)...\n", chains[i].name, (int) i); for (j = 0; chains[i].chain[j]; j++) - { - if (debug > 2) - printf ("\tAdding certificate %d...", (int) j); - - ret = gnutls_x509_crt_init (&certs[j]); - if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d,%d]: %s", - (int) i, (int) j, gnutls_strerror (ret)); - - tmp.data = (char *) chains[i].chain[j]; - tmp.size = strlen (chains[i].chain[j]); - - ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM); - if (debug > 2) - printf ("done\n"); - if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s", - (int) i, (int) j, gnutls_strerror (ret)); - - gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp); - if (debug) - printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data); - gnutls_free (tmp.data); - } + { + if (debug > 2) + printf ("\tAdding certificate %d...", (int) j); + + ret = gnutls_x509_crt_init (&certs[j]); + if (ret < 0) + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d,%d]: %s", + (int) i, (int) j, gnutls_strerror (ret)); + + tmp.data = (char *) chains[i].chain[j]; + tmp.size = strlen (chains[i].chain[j]); + + ret = gnutls_x509_crt_import (certs[j], &tmp, GNUTLS_X509_FMT_PEM); + if (debug > 2) + printf ("done\n"); + if (ret < 0) + error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d,%d]: %s", + (int) i, (int) j, gnutls_strerror (ret)); + + gnutls_x509_crt_print (certs[j], GNUTLS_CRT_PRINT_ONELINE, &tmp); + if (debug) + printf ("\tCertificate %d: %.*s\n", (int) j, tmp.size, tmp.data); + gnutls_free (tmp.data); + } if (debug > 2) - printf ("\tAdding CA certificate..."); + printf ("\tAdding CA certificate..."); ret = gnutls_x509_crt_init (&ca); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", + gnutls_strerror (ret)); tmp.data = (char *) *chains[i].ca; tmp.size = strlen (*chains[i].ca); ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s", - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s", + gnutls_strerror (ret)); if (debug > 2) - printf ("done\n"); + printf ("done\n"); gnutls_x509_crt_print (ca, GNUTLS_CRT_PRINT_ONELINE, &tmp); if (debug) - printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data); + printf ("\tCA Certificate: %.*s\n", tmp.size, tmp.data); gnutls_free (tmp.data); if (debug) - printf ("\tVerifying..."); + printf ("\tVerifying..."); ret = gnutls_x509_crt_list_verify (certs, j, - &ca, 1, NULL, 0, - chains[i].verify_flags, - &verify_status); + &ca, 1, NULL, 0, + chains[i].verify_flags, + &verify_status); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d,%d]: %s", - (int) i, (int) j, gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d,%d]: %s", + (int) i, (int) j, gnutls_strerror (ret)); if (verify_status != chains[i].expected_verify_result) - { - fail ("chain[%s]: verify_status: %d expected: %d\n", chains[i].name, - verify_status, chains[i].expected_verify_result); + { + fail ("chain[%s]: verify_status: %d expected: %d\n", chains[i].name, + verify_status, chains[i].expected_verify_result); #if 0 - j = 0; - do - { - fprintf (stderr, "%s\n", chains[i].chain[j]); - } - while (chains[i].chain[++j] != NULL); + j = 0; + do + { + fprintf (stderr, "%s\n", chains[i].chain[j]); + } + while (chains[i].chain[++j] != NULL); #endif - if (!debug) - exit (1); - } + if (!debug) + exit (1); + } else if (debug) - printf ("done\n"); + printf ("done\n"); if (debug) - printf ("\tCleanup..."); + printf ("\tCleanup..."); gnutls_x509_crt_deinit (ca); for (j = 0; chains[i].chain[j]; j++) - gnutls_x509_crt_deinit (certs[j]); + gnutls_x509_crt_deinit (certs[j]); if (debug) - printf ("done\n\n\n"); + printf ("done\n\n\n"); } gnutls_global_deinit (); diff --git a/tests/crq_apis.c b/tests/crq_apis.c index f61e89cd2a..d316495394 100644 --- a/tests/crq_apis.c +++ b/tests/crq_apis.c @@ -133,7 +133,7 @@ doit (void) ret = gnutls_x509_crq_get_challenge_password (crq, smallbuf, &s); if (ret != 0 || s != 3 || strcmp (smallbuf, "foo") != 0) fail ("gnutls_x509_crq_get_challenge_password3 %d/%d/%s\n", - ret, (int) s, smallbuf); + ret, (int) s, smallbuf); s = 0; ret = gnutls_x509_crq_get_extension_info (crq, 0, NULL, &s, NULL); @@ -146,22 +146,22 @@ doit (void) fail ("gnutls_x509_crq_get_extension_data\n"); ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME, - "foo", 3, 1); + "foo", 3, 1); if (ret != 0) fail ("gnutls_x509_crq_set_subject_alt_name\n"); ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME, - "bar", 3, 1); + "bar", 3, 1); if (ret != 0) fail ("gnutls_x509_crq_set_subject_alt_name\n"); ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME, - "apa", 3, 0); + "apa", 3, 0); if (ret != 0) fail ("gnutls_x509_crq_set_subject_alt_name\n"); ret = gnutls_x509_crq_set_subject_alt_name (crq, GNUTLS_SAN_DNSNAME, - "foo", 3, 1); + "foo", 3, 1); if (ret != 0) fail ("gnutls_x509_crq_set_subject_alt_name\n"); diff --git a/tests/crq_key_id.c b/tests/crq_key_id.c index 6696ba7132..da2461c645 100644 --- a/tests/crq_key_id.c +++ b/tests/crq_key_id.c @@ -67,113 +67,113 @@ doit (void) { ret = gnutls_x509_crq_init (&crq); if (ret < 0) - fail ("gnutls_x509_crq_init: %d\n", ret); + fail ("gnutls_x509_crq_init: %d\n", ret); ret = gnutls_x509_privkey_init (&pkey); if (ret < 0) - { - fail ("gnutls_x509_privkey_init: %d\n", ret); - } + { + fail ("gnutls_x509_privkey_init: %d\n", ret); + } ret = gnutls_x509_privkey_generate (pkey, algorithm, 1024, 0); if (ret < 0) - { - fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret); - } + { + fail ("gnutls_x509_privkey_generate (rsa): %d\n", ret); + } else if (debug) - { - success ("Key[%s] generation ok: %d\n", - gnutls_pk_algorithm_get_name (algorithm), ret); - } + { + success ("Key[%s] generation ok: %d\n", + gnutls_pk_algorithm_get_name (algorithm), ret); + } pkey_key_id_len = 0; ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id, - &pkey_key_id_len); + &pkey_key_id_len); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", - ret); - } + { + fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", + ret); + } pkey_key_id = malloc (sizeof (unsigned char) * pkey_key_id_len); ret = gnutls_x509_privkey_get_key_id (pkey, 0, pkey_key_id, - &pkey_key_id_len); + &pkey_key_id_len); if (ret != GNUTLS_E_SUCCESS) - { - fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", - ret); - } + { + fail ("gnutls_x509_privkey_get_key_id incorrectly returns %d\n", + ret); + } ret = gnutls_x509_crq_set_version (crq, 1); if (ret < 0) - { - fail ("gnutls_x509_crq_set_version: %d\n", ret); - } + { + fail ("gnutls_x509_crq_set_version: %d\n", ret); + } ret = gnutls_x509_crq_set_key (crq, pkey); if (ret < 0) - { - fail ("gnutls_x509_crq_set_key: %d\n", ret); - } + { + fail ("gnutls_x509_crq_set_key: %d\n", ret); + } ret = gnutls_x509_crq_set_dn_by_oid (crq, GNUTLS_OID_X520_COMMON_NAME, - 0, "CN-Test", 7); + 0, "CN-Test", 7); if (ret < 0) - { - fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret); - } + { + fail ("gnutls_x509_crq_set_dn_by_oid: %d\n", ret); + } ret = gnutls_x509_crq_sign (crq, pkey); if (ret) - { - fail ("gnutls_x509_crq_sign: %d\n", ret); - } + { + fail ("gnutls_x509_crq_sign: %d\n", ret); + } crq_key_id_len = 0; ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret); - } + { + fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret); + } crq_key_id = malloc (sizeof (unsigned char) * crq_key_id_len); ret = gnutls_x509_crq_get_key_id (crq, 0, crq_key_id, &crq_key_id_len); if (ret != GNUTLS_E_SUCCESS) - { - fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret); - } + { + fail ("gnutls_x509_crq_get_key_id incorrectly returns %d\n", ret); + } if (crq_key_id_len == pkey_key_id_len) - { - ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len); - if (ret == 0) - { - if (debug) - success ("Key ids are identical. OK.\n"); - } - else - { - fail ("Key ids differ incorrectly: %d\n", ret); - } - } + { + ret = memcmp (crq_key_id, pkey_key_id, crq_key_id_len); + if (ret == 0) + { + if (debug) + success ("Key ids are identical. OK.\n"); + } + else + { + fail ("Key ids differ incorrectly: %d\n", ret); + } + } else - { - fail ("Key_id lengths differ incorrectly: %d - %d\n", - (int) crq_key_id_len, (int) pkey_key_id_len); - } + { + fail ("Key_id lengths differ incorrectly: %d - %d\n", + (int) crq_key_id_len, (int) pkey_key_id_len); + } if (pkey_key_id) - { - free (pkey_key_id); - pkey_key_id = NULL; - } + { + free (pkey_key_id); + pkey_key_id = NULL; + } if (crq_key_id) - { - free (crq_key_id); - crq_key_id = NULL; - } + { + free (crq_key_id); + crq_key_id = NULL; + } gnutls_x509_crq_deinit (crq); gnutls_x509_privkey_deinit (pkey); diff --git a/tests/cve-2008-4989.c b/tests/cve-2008-4989.c index 40af8623d8..2e6de335f5 100644 --- a/tests/cve-2008-4989.c +++ b/tests/cve-2008-4989.c @@ -165,22 +165,22 @@ main (int argc, char *argv[]) { ret = gnutls_x509_crt_init (&certs[i]); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d]: %s", (int) i, - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init[%d]: %s", (int) i, + gnutls_strerror (ret)); tmp.data = (char *) pem_certs[i]; tmp.size = strlen (pem_certs[i]); ret = gnutls_x509_crt_import (certs[i], &tmp, GNUTLS_X509_FMT_PEM); if (ret < 0) - error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d]: %s", (int) i, - gnutls_strerror (ret)); + error (EXIT_FAILURE, 0, "gnutls_x509_crt_import[%d]: %s", (int) i, + gnutls_strerror (ret)); } ret = gnutls_x509_crt_init (&ca); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); tmp.data = (char *) pem_ca; tmp.size = strlen (pem_ca); @@ -188,16 +188,16 @@ main (int argc, char *argv[]) ret = gnutls_x509_crt_import (ca, &tmp, GNUTLS_X509_FMT_PEM); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); ret = gnutls_x509_crt_list_verify (certs, CHAIN_LENGTH, - &ca, 1, - NULL, 0, - GNUTLS_VERIFY_DISABLE_TIME_CHECKS, - &verify_status); + &ca, 1, + NULL, 0, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + &verify_status); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d]: %s", (int) i, - gnutls_strerror (ret)); + gnutls_strerror (ret)); if (verify_status != (GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID)) error (EXIT_FAILURE, 0, "verify_status: %d", verify_status); @@ -212,7 +212,7 @@ main (int argc, char *argv[]) ret = gnutls_x509_crt_init (&self_cert); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); tmp.data = (char *) pem_self_cert; tmp.size = strlen (pem_self_cert); @@ -220,16 +220,16 @@ main (int argc, char *argv[]) ret = gnutls_x509_crt_import (self_cert, &tmp, GNUTLS_X509_FMT_PEM); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s", - gnutls_strerror (ret)); + gnutls_strerror (ret)); ret = gnutls_x509_crt_list_verify (&self_cert, 1, - &self_cert, 1, - NULL, 0, - GNUTLS_VERIFY_DISABLE_TIME_CHECKS, - &verify_status); + &self_cert, 1, + NULL, 0, + GNUTLS_VERIFY_DISABLE_TIME_CHECKS, + &verify_status); if (ret < 0) error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d]: %s", (int) i, - gnutls_strerror (ret)); + gnutls_strerror (ret)); if (verify_status != 0) error (EXIT_FAILURE, 0, "verify_status: %d", verify_status); diff --git a/tests/dhepskself.c b/tests/dhepskself.c index 54c48134c1..00bf679062 100644 --- a/tests/dhepskself.c +++ b/tests/dhepskself.c @@ -71,7 +71,7 @@ client (void) gnutls_psk_allocate_client_credentials (&pskcred); gnutls_psk_set_client_credentials (pskcred, "test", &key, - GNUTLS_PSK_KEY_HEX); + GNUTLS_PSK_KEY_HEX); /* Initialize TLS session */ @@ -103,7 +103,7 @@ client (void) else { if (debug) - success ("client: Handshake was completed\n"); + success ("client: Handshake was completed\n"); } gnutls_record_send (session, MSG, strlen (MSG)); @@ -112,7 +112,7 @@ client (void) if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -125,7 +125,7 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - fputc (buffer[ii], stdout); + fputc (buffer[ii], stdout); fputs ("\n", stdout); } @@ -147,7 +147,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ /* These are global */ gnutls_psk_server_credentials_t server_pskcred; @@ -227,10 +227,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -277,8 +277,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); @@ -302,22 +302,22 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ diff --git a/tests/dn.c b/tests/dn.c index d86af537c0..0fc624ba05 100644 --- a/tests/dn.c +++ b/tests/dn.c @@ -68,21 +68,21 @@ print_dn (gnutls_x509_dn_t dn) for (i = 0; ret == 0; i++) for (j = 0; ret == 0; j++) { - ret = gnutls_x509_dn_get_rdn_ava (dn, i, j, &ava); - if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) - { - if (j > 0) - { - j = 0; - ret = 0; - } - break; - } - if (ret < 0) - fail ("get_rdn_ava %d\n", ret); - if (debug) - printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j, - ava.oid.size, ava.oid.data, ava.value.size, ava.value.data); + ret = gnutls_x509_dn_get_rdn_ava (dn, i, j, &ava); + if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + { + if (j > 0) + { + j = 0; + ret = 0; + } + break; + } + if (ret < 0) + fail ("get_rdn_ava %d\n", ret); + if (debug) + printf ("dn[%d][%d] OID=%.*s\n\tDATA=%.*s\n", i, j, + ava.oid.size, ava.oid.data, ava.value.size, ava.value.data); } } diff --git a/tests/dn2.c b/tests/dn2.c index 3caccd4291..36672d6978 100644 --- a/tests/dn2.c +++ b/tests/dn2.c @@ -92,7 +92,7 @@ doit (void) if (out.size != strlen (info) || strcmp (out.data, info) != 0) fail ("comparison fail (%d/%d)\nexpect: %s\n got: %.*s\n", - out.size, (int) strlen (info), info, out.size, out.data); + out.size, (int) strlen (info), info, out.size, out.data); gnutls_x509_crt_deinit (cert); gnutls_global_deinit (); diff --git a/tests/gc.c b/tests/gc.c index 3f0b1b8353..da3c211d2d 100644 --- a/tests/gc.c +++ b/tests/gc.c @@ -48,37 +48,37 @@ doit (void) else { if (memcmp (digest, "\x3c\xb0\x9d\x83\x28\x01\xef\xc0" - "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0) - { - if (debug) - success ("_gnutls_hmac_fast(MD5) OK\n"); - } + "\x7b\xb3\xaf\x42\x69\xe5\x93\x9a", 16) == 0) + { + if (debug) + success ("_gnutls_hmac_fast(MD5) OK\n"); + } else - { - hexprint (digest, 16); - fail ("_gnutls_hmac_fast(MD5) failure\n"); - } + { + hexprint (digest, 16); + fail ("_gnutls_hmac_fast(MD5) failure\n"); + } } err = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, "keykeykey", 9, "abcdefgh", 8, - digest); + digest); if (err < 0) fail ("_gnutls_hmac_fast(SHA1) failed: %d\n", err); else { if (memcmp (digest, "\x58\x93\x7a\x58\xfe\xea\x82\xf8" - "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa", - 20) == 0) - { - if (debug) - success ("_gnutls_hmac_fast(SHA1) OK\n"); - } + "\x0e\x64\x62\x01\x40\x2b\x2c\xed\x5d\x54\xc1\xfa", + 20) == 0) + { + if (debug) + success ("_gnutls_hmac_fast(SHA1) OK\n"); + } else - { - hexprint (digest, 20); - fail ("_gnutls_hmac_fast(SHA1) failure\n"); - } + { + hexprint (digest, 20); + fail ("_gnutls_hmac_fast(SHA1) failure\n"); + } } err = _gnutls_pbkdf2_sha1 ("password", 8, "salt", 4, 4711, digest, 16); @@ -87,16 +87,16 @@ doit (void) else { if (memcmp (digest, "\x09\xb7\x85\x57\xdd\xf6\x07\x15" - "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0) - { - if (debug) - success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n"); - } + "\x1c\x52\x34\xde\xba\x5c\xdc\x59", 16) == 0) + { + if (debug) + success ("_gnutls_pkcs5_pbkdf2_sha1() OK\n"); + } else - { - hexprint (digest, 16); - fail ("_gnutls_pkcs5_pbkdf2_sha1() failure\n"); - } + { + hexprint (digest, 16); + fail ("_gnutls_pkcs5_pbkdf2_sha1() failure\n"); + } } gnutls_global_deinit (); diff --git a/tests/mini-eagain.c b/tests/mini-eagain.c index 7dbbce6d26..92c912aee1 100644 --- a/tests/mini-eagain.c +++ b/tests/mini-eagain.c @@ -198,18 +198,18 @@ doit (void) do { if (cret == GNUTLS_E_AGAIN) - { - //success ("loop invoking client:\n"); - cret = gnutls_handshake (client); - //success ("client %d: %s\n", cret, gnutls_strerror (cret)); - } + { + //success ("loop invoking client:\n"); + cret = gnutls_handshake (client); + //success ("client %d: %s\n", cret, gnutls_strerror (cret)); + } if (sret == GNUTLS_E_AGAIN) - { - //success ("loop invoking server:\n"); - sret = gnutls_handshake (server); - //success ("server %d: %s\n", sret, gnutls_strerror (sret)); - } + { + //success ("loop invoking server:\n"); + sret = gnutls_handshake (server); + //success ("server %d: %s\n", sret, gnutls_strerror (sret)); + } } while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN); @@ -226,64 +226,64 @@ doit (void) ret = gnutls_record_recv (server, buffer, MAX_BUF); if (ret == 0) - fail ("server: didn't receive any data\n"); + fail ("server: didn't receive any data\n"); else if (ret < 0) - { + { // if (debug) // fputs ("#", stdout); - if (ret != GNUTLS_E_AGAIN) - { - fail ("server: error: %s\n", gnutls_strerror (ret)); - break; - } - } + if (ret != GNUTLS_E_AGAIN) + { + fail ("server: error: %s\n", gnutls_strerror (ret)); + break; + } + } else - { - transferred += ret; + { + transferred += ret; // if (debug) // fputs ("*", stdout); - } + } msglen = strlen (MSG); do - { - ns = gnutls_record_send (server, MSG, msglen); - } + { + ns = gnutls_record_send (server, MSG, msglen); + } while (ns == GNUTLS_E_AGAIN); ret = gnutls_record_recv (client, buffer, MAX_BUF); if (ret == 0) - { - fail ("client: Peer has closed the TLS connection\n"); - } + { + fail ("client: Peer has closed the TLS connection\n"); + } else if (ret < 0) - { - if (debug) - fputs ("!", stdout); - if (ret != GNUTLS_E_AGAIN) - { - fail ("client: Error: %s\n", gnutls_strerror (ret)); - break; - } - } + { + if (debug) + fputs ("!", stdout); + if (ret != GNUTLS_E_AGAIN) + { + fail ("client: Error: %s\n", gnutls_strerror (ret)); + break; + } + } else - { - if (msglen != ret || memcmp (buffer, MSG, msglen) != 0) - { - fail ("client: Transmitted data do not match\n"); - } - - /* echo back */ - do - { - ns = gnutls_record_send (client, buffer, msglen); - } - while (ns == GNUTLS_E_AGAIN); - - transferred += ret; - if (debug) - fputs (".", stdout); - } + { + if (msglen != ret || memcmp (buffer, MSG, msglen) != 0) + { + fail ("client: Transmitted data do not match\n"); + } + + /* echo back */ + do + { + ns = gnutls_record_send (client, buffer, msglen); + } + while (ns == GNUTLS_E_AGAIN); + + transferred += ret; + if (debug) + fputs (".", stdout); + } } while (transferred < 70000); if (debug) diff --git a/tests/mini-x509-rehandshake.c b/tests/mini-x509-rehandshake.c index f95c3796f6..4004a77952 100644 --- a/tests/mini-x509-rehandshake.c +++ b/tests/mini-x509-rehandshake.c @@ -173,8 +173,8 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL", NULL); @@ -193,35 +193,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -249,35 +249,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -298,9 +298,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/mini-x509.c b/tests/mini-x509.c index 551da19961..8b57ca8441 100644 --- a/tests/mini-x509.c +++ b/tests/mini-x509.c @@ -173,8 +173,8 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL", NULL); @@ -193,35 +193,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -242,9 +242,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/mini.c b/tests/mini.c index 54706c021f..30678ecb5a 100644 --- a/tests/mini.c +++ b/tests/mini.c @@ -189,22 +189,22 @@ doit (void) do { if (cret == GNUTLS_E_AGAIN) - { - if (debug) - success ("loop invoking client:\n"); - cret = gnutls_handshake (client); - if (debug) - success ("client %d: %s\n", cret, gnutls_strerror (cret)); - } + { + if (debug) + success ("loop invoking client:\n"); + cret = gnutls_handshake (client); + if (debug) + success ("client %d: %s\n", cret, gnutls_strerror (cret)); + } if (sret == GNUTLS_E_AGAIN) - { - if (debug) - success ("loop invoking server:\n"); - sret = gnutls_handshake (server); - if (debug) - success ("server %d: %s\n", sret, gnutls_strerror (sret)); - } + { + if (debug) + success ("loop invoking server:\n"); + sret = gnutls_handshake (server); + if (debug) + success ("server %d: %s\n", sret, gnutls_strerror (sret)); + } } while (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN); @@ -223,12 +223,12 @@ doit (void) else { if (debug) - { - printf ("server: received %d: ", ret); - for (n = 0; n < ret; n++) - fputc (buffer[n], stdout); - fputs ("\n", stdout); - } + { + printf ("server: received %d: ", ret); + for (n = 0; n < ret; n++) + fputc (buffer[n], stdout); + fputs ("\n", stdout); + } } ns = gnutls_record_send (server, MSG, strlen (MSG)); @@ -247,12 +247,12 @@ doit (void) else { if (debug) - { - printf ("client: received %d: ", ret); - for (n = 0; n < ret; n++) - fputc (buffer[n], stdout); - fputs ("\n", stdout); - } + { + printf ("client: received %d: ", ret); + for (n = 0; n < ret; n++) + fputc (buffer[n], stdout); + fputs ("\n", stdout); + } } gnutls_bye (client, GNUTLS_SHUT_RDWR); diff --git a/tests/mpi.c b/tests/mpi.c index f670490b45..23289de559 100644 --- a/tests/mpi.c +++ b/tests/mpi.c @@ -38,7 +38,7 @@ tls_log_func (int level, const char *str) fprintf (stderr, "|<%d>| %s", level, str); } -#define RND_BITS 510 /* not multiple of 8 */ +#define RND_BITS 510 /* not multiple of 8 */ void doit (void) { diff --git a/tests/nul-in-x509-names.c b/tests/nul-in-x509-names.c index f8bf78283f..a321fb3eac 100644 --- a/tests/nul-in-x509-names.c +++ b/tests/nul-in-x509-names.c @@ -121,7 +121,7 @@ doit (void) if (ret == 0) { if (debug) - success ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)"); + success ("gnutls_x509_crt_check_hostname OK (NUL-IN-CN)"); } else { @@ -139,7 +139,7 @@ doit (void) if (ret == 0) { if (debug) - success ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)"); + success ("gnutls_x509_crt_check_hostname OK (NUL-IN-SAN)"); } else { diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c index d348f5bb84..77a1bfd340 100644 --- a/tests/openpgp-auth.c +++ b/tests/openpgp-auth.c @@ -127,32 +127,32 @@ doit () ssize_t sent; if (debug) - printf ("client process %i\n", getpid ()); + printf ("client process %i\n", getpid ()); err = gnutls_init (&session, GNUTLS_CLIENT); if (err != 0) - fail ("client session %d\n", err); + fail ("client session %d\n", err); gnutls_set_default_priority (session); gnutls_transport_set_ptr (session, - (gnutls_transport_ptr_t) (intptr_t) - sockets[0]); + (gnutls_transport_ptr_t) (intptr_t) + sockets[0]); err = gnutls_certificate_allocate_credentials (&cred); if (err != 0) - fail ("client credentials %d\n", err); + fail ("client credentials %d\n", err); err = - gnutls_certificate_set_openpgp_key_file2 (cred, - pub_key_path, priv_key_path, - key_id, - GNUTLS_OPENPGP_FMT_BASE64); + gnutls_certificate_set_openpgp_key_file2 (cred, + pub_key_path, priv_key_path, + key_id, + GNUTLS_OPENPGP_FMT_BASE64); if (err != 0) - fail ("client openpgp keys %d\n", err); + fail ("client openpgp keys %d\n", err); err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred); if (err != 0) - fail ("client credential_set %d\n", err); + fail ("client credential_set %d\n", err); gnutls_protocol_set_priority (session, protocols); gnutls_certificate_type_set_priority (session, cert_types); @@ -163,21 +163,21 @@ doit () err = gnutls_handshake (session); if (err != 0) - fail ("client handshake %d\n", err); + fail ("client handshake %d\n", err); else if (debug) - printf ("client handshake successful\n"); + printf ("client handshake successful\n"); sent = gnutls_record_send (session, message, sizeof (message)); if (sent != sizeof (message)) - fail ("client sent %li vs. %li\n", - (long) sent, (long) sizeof (message)); + fail ("client sent %li vs. %li\n", + (long) sent, (long) sizeof (message)); err = gnutls_bye (session, GNUTLS_SHUT_RDWR); if (err != 0) - fail ("client bye %d\n", err); + fail ("client bye %d\n", err); if (debug) - printf ("client done\n"); + printf ("client done\n"); } else { @@ -195,60 +195,60 @@ doit () const gnutls_datum_t p3 = { (char *) pkcs3, strlen (pkcs3) }; if (debug) - printf ("server process %i (child %i)\n", getpid (), child); + printf ("server process %i (child %i)\n", getpid (), child); err = gnutls_init (&session, GNUTLS_SERVER); if (err != 0) - fail ("server session %d\n", err); + fail ("server session %d\n", err); gnutls_set_default_priority (session); gnutls_transport_set_ptr (session, - (gnutls_transport_ptr_t) (intptr_t) - sockets[1]); + (gnutls_transport_ptr_t) (intptr_t) + sockets[1]); err = gnutls_certificate_allocate_credentials (&cred); if (err != 0) - fail ("server credentials %d\n", err); + fail ("server credentials %d\n", err); err = - gnutls_certificate_set_openpgp_key_file2 (cred, - pub_key_path, priv_key_path, - key_id, - GNUTLS_OPENPGP_FMT_BASE64); + gnutls_certificate_set_openpgp_key_file2 (cred, + pub_key_path, priv_key_path, + key_id, + GNUTLS_OPENPGP_FMT_BASE64); if (err != 0) - fail ("server openpgp keys %d\n", err); + fail ("server openpgp keys %d\n", err); err = gnutls_dh_params_init (&dh_params); if (err) - fail ("server DH params init %d\n", err); + fail ("server DH params init %d\n", err); err = - gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM); + gnutls_dh_params_import_pkcs3 (dh_params, &p3, GNUTLS_X509_FMT_PEM); if (err) - fail ("server DH params generate %d\n", err); + fail ("server DH params generate %d\n", err); gnutls_certificate_set_dh_params (cred, dh_params); rsa_data.data = - (unsigned char *) read_binary_file (rsa_params_path, &rsa_size); + (unsigned char *) read_binary_file (rsa_params_path, &rsa_size); if (rsa_data.data == NULL) - fail ("server rsa params error\n"); + fail ("server rsa params error\n"); rsa_data.size = rsa_size; err = gnutls_rsa_params_init (&rsa_params); if (err) - fail ("server RSA params init %d\n", err); + fail ("server RSA params init %d\n", err); err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (err) - fail ("server RSA params import %d\n", err); + fail ("server RSA params import %d\n", err); gnutls_certificate_set_rsa_export_params (cred, rsa_params); err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred); if (err != 0) - fail ("server credential_set %d\n", err); + fail ("server credential_set %d\n", err); gnutls_protocol_set_priority (session, protocols); gnutls_certificate_type_set_priority (session, cert_types); @@ -259,36 +259,36 @@ doit () err = gnutls_handshake (session); if (err != 0) - fail ("server handshake %d\n", err); + fail ("server handshake %d\n", err); received = gnutls_record_recv (session, greetings, sizeof (greetings)); if (received != sizeof (message) - || memcmp (greetings, message, sizeof (message))) - fail ("server received %li vs. %li\n", - (long) received, (long) sizeof (message)); + || memcmp (greetings, message, sizeof (message))) + fail ("server received %li vs. %li\n", + (long) received, (long) sizeof (message)); err = gnutls_bye (session, GNUTLS_SHUT_RDWR); if (err != 0) - fail ("server bye %d\n", err); + fail ("server bye %d\n", err); if (debug) - printf ("server done\n"); + printf ("server done\n"); done = wait (&status); if (done < 0) - fail ("wait %s\n", strerror (errno)); + fail ("wait %s\n", strerror (errno)); if (done != child) - fail ("who's that?! %d\n", done); + fail ("who's that?! %d\n", done); if (WIFEXITED (status)) - { - if (WEXITSTATUS (status) != 0) - fail ("child exited with status %d\n", WEXITSTATUS (status)); - } + { + if (WEXITSTATUS (status) != 0) + fail ("child exited with status %d\n", WEXITSTATUS (status)); + } else if (WIFSIGNALED (status)) - fail ("child stopped by signal %d\n", WTERMSIG (status)); + fail ("child stopped by signal %d\n", WTERMSIG (status)); else - fail ("child failed: %d\n", status); + fail ("child failed: %d\n", status); } } diff --git a/tests/openpgp-keyring.c b/tests/openpgp-keyring.c index 6e3224d080..9095ed8ea1 100644 --- a/tests/openpgp-keyring.c +++ b/tests/openpgp-keyring.c @@ -213,7 +213,7 @@ doit (void) data.data = raw_keyring; data.size = sizeof (raw_keyring) / sizeof (raw_keyring[0]); ret = gnutls_openpgp_keyring_import (keyring, &data, - GNUTLS_OPENPGP_FMT_RAW); + GNUTLS_OPENPGP_FMT_RAW); if (ret < 0) fail ("keyring-import %d\n", ret); diff --git a/tests/openpgp_test.c b/tests/openpgp_test.c index 2d1f163ada..4648477b53 100644 --- a/tests/openpgp_test.c +++ b/tests/openpgp_test.c @@ -36,7 +36,7 @@ get_pktime (long timestamp) tb = localtime (×tamp); sprintf (buf, "%04d-%02d-%02d", tb->tm_year + 1900, tb->tm_mon + 1, - tb->tm_mday); + tb->tm_mday); return buf; } diff --git a/tests/openpgpself.c b/tests/openpgpself.c index 3732d3b39f..e3f2c9ffd2 100644 --- a/tests/openpgpself.c +++ b/tests/openpgpself.c @@ -124,7 +124,7 @@ client (void) success ("Setting key files...\n"); ret = gnutls_certificate_set_openpgp_key_mem (xcred, &cert, &key, - GNUTLS_OPENPGP_FMT_BASE64); + GNUTLS_OPENPGP_FMT_BASE64); if (ret < 0) { fail ("Could not set key files...\n"); @@ -166,8 +166,8 @@ client (void) if (debug) success ("client: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); /* see the Getting peer's information example */ if (debug) @@ -179,7 +179,7 @@ client (void) if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -192,9 +192,9 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } @@ -216,7 +216,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -361,10 +361,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -400,8 +400,8 @@ server (void) gnutls_certificate_allocate_credentials (&pgp_cred); ret = gnutls_certificate_set_openpgp_key_mem2 (pgp_cred, &server_crt, - &server_key, "auto", - GNUTLS_OPENPGP_FMT_BASE64); + &server_key, "auto", + GNUTLS_OPENPGP_FMT_BASE64); if (err < 0) { fail ("Could not set server key files...\n"); @@ -422,8 +422,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); @@ -439,8 +439,8 @@ server (void) if (debug) success ("server: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); /* see the Getting peer's information example */ if (debug) @@ -453,22 +453,22 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ diff --git a/tests/openssl.c b/tests/openssl.c index 188d82e9b2..72dc09a644 100644 --- a/tests/openssl.c +++ b/tests/openssl.c @@ -48,7 +48,7 @@ doit (void) MD5_Final (&(md[0]), &c); if (memcmp (md, "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" - "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0) + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72", sizeof (md)) != 0) { hexprint (md, sizeof (md)); fail ("MD5 failure\n"); diff --git a/tests/pgps2kgnu.c b/tests/pgps2kgnu.c index 1076bdea4f..f4ea214fdf 100644 --- a/tests/pgps2kgnu.c +++ b/tests/pgps2kgnu.c @@ -87,16 +87,16 @@ main (void) if (rc) { printf ("gnutls_openpgp_privkey_init rc %d: %s\n", - rc, gnutls_strerror (rc)); + rc, gnutls_strerror (rc)); return 1; } rc = gnutls_openpgp_privkey_import (key, &keydatum, - GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); + GNUTLS_OPENPGP_FMT_BASE64, NULL, 0); if (rc) { printf ("gnutls_openpgp_privkey_import rc %d: %s\n", - rc, gnutls_strerror (rc)); + rc, gnutls_strerror (rc)); return 1; } diff --git a/tests/pkcs12_encode.c b/tests/pkcs12_encode.c index e69104f7e1..06e469c4bc 100644 --- a/tests/pkcs12_encode.c +++ b/tests/pkcs12_encode.c @@ -121,42 +121,42 @@ doit (void) { ret = gnutls_pkcs12_bag_init (&bag); if (ret < 0) - error (EXIT_FAILURE, 0, "bag_init: %d", ret); + error (EXIT_FAILURE, 0, "bag_init: %d", ret); ret = gnutls_pkcs12_bag_set_crt (bag, i == 0 ? client : ca); if (ret < 0) - error (EXIT_FAILURE, 0, "set_crt: %d", ret); + error (EXIT_FAILURE, 0, "set_crt: %d", ret); indx = ret; ret = gnutls_pkcs12_bag_set_friendly_name (bag, indx, - i == 0 ? "client" : "ca"); + i == 0 ? "client" : "ca"); if (ret < 0) - error (EXIT_FAILURE, 0, "set_friendly_name: %d", ret); + error (EXIT_FAILURE, 0, "set_friendly_name: %d", ret); size = sizeof (key_id_buf); ret = gnutls_x509_crt_get_key_id (i == 0 ? client : ca, 0, - key_id_buf, &size); + key_id_buf, &size); if (ret < 0) - error (EXIT_FAILURE, 0, "get_key_id: %d", ret); + error (EXIT_FAILURE, 0, "get_key_id: %d", ret); key_id.data = key_id_buf; key_id.size = size; ret = gnutls_pkcs12_bag_set_key_id (bag, indx, &key_id); if (ret < 0) - error (EXIT_FAILURE, 0, "bag_set_key_id: %d", ret); + error (EXIT_FAILURE, 0, "bag_set_key_id: %d", ret); ret = gnutls_pkcs12_bag_encrypt (bag, "pass", - i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES - : GNUTLS_PKCS_USE_PKCS12_RC2_40); + i == 0 ? GNUTLS_PKCS8_USE_PKCS12_3DES + : GNUTLS_PKCS_USE_PKCS12_RC2_40); if (ret < 0) - error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret, - i == 0 ? "3DES" : "RC2-40"); + error (EXIT_FAILURE, 0, "bag_encrypt: %d: %s", ret, + i == 0 ? "3DES" : "RC2-40"); ret = gnutls_pkcs12_set_bag (pkcs12, bag); if (ret < 0) - error (EXIT_FAILURE, 0, "set_bag: %d", ret); + error (EXIT_FAILURE, 0, "set_bag: %d", ret); gnutls_pkcs12_bag_deinit (bag); } diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c index 41c8d1299f..c00ba590ce 100644 --- a/tests/pkcs12_s2k.c +++ b/tests/pkcs12_s2k.c @@ -124,25 +124,25 @@ doit (void) for (i = 1; i < 4; i++) { for (j = 0; j < 3; j++) - { - rc = - _gnutls_pkcs12_string_to_key (i, salt[j], strlen (salt[j]), - j + i + 15, pw[j], sizeof (key), - key); - if (rc < 0) - fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc); - - if (strcmp (_gnutls_bin2hex (key, sizeof (key), - tmp, sizeof (tmp), NULL), - values[x]) != 0) - fail ("_gnutls_pkcs12_string_to_key failed[1]\n"); - - if (debug) - printf ("ij: %d.%d: %s\n", i, j, - _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp), - NULL)); - x++; - } + { + rc = + _gnutls_pkcs12_string_to_key (i, salt[j], strlen (salt[j]), + j + i + 15, pw[j], sizeof (key), + key); + if (rc < 0) + fail ("_gnutls_pkcs12_string_to_key failed[0]: %d\n", rc); + + if (strcmp (_gnutls_bin2hex (key, sizeof (key), + tmp, sizeof (tmp), NULL), + values[x]) != 0) + fail ("_gnutls_pkcs12_string_to_key failed[1]\n"); + + if (debug) + printf ("ij: %d.%d: %s\n", i, j, + _gnutls_bin2hex (key, sizeof (key), tmp, sizeof (tmp), + NULL)); + x++; + } } if (debug) printf ("\n"); @@ -150,19 +150,19 @@ doit (void) for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++) { rc = _gnutls_pkcs12_string_to_key (tv[i].id, tv[i].salt, 8, - tv[i].iter, tv[i].password, - tv[i].keylen, key); + tv[i].iter, tv[i].password, + tv[i].keylen, key); if (rc < 0) - fail ("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc); + fail ("_gnutls_pkcs12_string_to_key failed[2]: %d\n", rc); if (memcmp (_gnutls_bin2hex (key, tv[i].keylen, - tmp, sizeof (tmp), NULL), - tv[i].key, tv[i].keylen) != 0) - fail ("_gnutls_pkcs12_string_to_key failed[3]\n"); + tmp, sizeof (tmp), NULL), + tv[i].key, tv[i].keylen) != 0) + fail ("_gnutls_pkcs12_string_to_key failed[3]\n"); if (debug) - printf ("tv[%d]: %s\n", i, - _gnutls_bin2hex (key, tv[i].keylen, tmp, sizeof (tmp), NULL)); + printf ("tv[%d]: %s\n", i, + _gnutls_bin2hex (key, tv[i].keylen, tmp, sizeof (tmp), NULL)); } if (debug) printf ("\n"); diff --git a/tests/pkcs12_s2k_pem.c b/tests/pkcs12_s2k_pem.c index ccbd35455b..d20df0cdc5 100644 --- a/tests/pkcs12_s2k_pem.c +++ b/tests/pkcs12_s2k_pem.c @@ -273,19 +273,19 @@ main (void) ret = gnutls_x509_privkey_init (&key); if (ret < 0) - return 1; + return 1; tmp.data = (char *) keys[i].pkcs12key; tmp.size = strlen (tmp.data); ret = gnutls_x509_privkey_import_pkcs8 (key, &tmp, - GNUTLS_X509_FMT_PEM, - keys[i].password, 0); + GNUTLS_X509_FMT_PEM, + keys[i].password, 0); if (ret != keys[i].expected_result) - { - printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret)); - return 1; - } + { + printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret)); + return 1; + } gnutls_x509_privkey_deinit (key); } diff --git a/tests/pskself.c b/tests/pskself.c index 052e09027b..36377c23b2 100644 --- a/tests/pskself.c +++ b/tests/pskself.c @@ -62,7 +62,7 @@ client (void) gnutls_psk_allocate_client_credentials (&pskcred); gnutls_psk_set_client_credentials (pskcred, "test", &key, - GNUTLS_PSK_KEY_HEX); + GNUTLS_PSK_KEY_HEX); /* Initialize TLS session */ @@ -95,7 +95,7 @@ client (void) else { if (debug) - success ("client: Handshake was completed\n"); + success ("client: Handshake was completed\n"); } gnutls_record_send (session, MSG, strlen (MSG)); @@ -104,7 +104,7 @@ client (void) if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -117,9 +117,9 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } @@ -141,7 +141,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ /* These are global */ gnutls_psk_server_credentials_t server_pskcred; @@ -208,10 +208,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -251,8 +251,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); @@ -276,22 +276,22 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ diff --git a/tests/resume.c b/tests/resume.c index 76078b4a59..835d432579 100644 --- a/tests/resume.c +++ b/tests/resume.c @@ -108,7 +108,7 @@ client (struct params_res *params) gnutls_anon_allocate_client_credentials (&anoncred); for (t = 0; t < 2; t++) - { /* connect 2 times to the server */ + { /* connect 2 times to the server */ /* connect to the peer */ sd = tcp_connect (); @@ -127,16 +127,16 @@ client (struct params_res *params) #ifdef ENABLE_SESSION_TICKET if (params->enable_session_ticket_client) - gnutls_session_ticket_enable_client (session); + gnutls_session_ticket_enable_client (session); #endif if (t > 0) - { - /* if this is not the first time we connect */ - gnutls_session_set_data (session, session_data.data, - session_data.size); - gnutls_free (session_data.data); - } + { + /* if this is not the first time we connect */ + gnutls_session_set_data (session, session_data.data, + session_data.size); + gnutls_free (session_data.data); + } gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); @@ -145,75 +145,75 @@ client (struct params_res *params) ret = gnutls_handshake (session); if (ret < 0) - { - fail ("client: Handshake failed\n"); - gnutls_perror (ret); - goto end; - } + { + fail ("client: Handshake failed\n"); + gnutls_perror (ret); + goto end; + } else - { - if (debug) - success ("client: Handshake was completed\n"); - } + { + if (debug) + success ("client: Handshake was completed\n"); + } if (t == 0) - { /* the first time we connect */ - /* get the session data size */ - ret = gnutls_session_get_data2 (session, &session_data); - if (ret < 0) - fail ("Getting resume data failed\n"); - } + { /* the first time we connect */ + /* get the session data size */ + ret = gnutls_session_get_data2 (session, &session_data); + if (ret < 0) + fail ("Getting resume data failed\n"); + } else - { /* the second time we connect */ - - /* check if we actually resumed the previous session */ - if (gnutls_session_is_resumed (session) != 0) - { - if (params->expect_resume) - { - if (debug) - success ("- Previous session was resumed\n"); - } - else - fail ("- Previous session was resumed\n"); - } - else - { - if (params->expect_resume) - fail ("*** Previous session was NOT resumed\n"); - else - { - if (debug) - success - ("*** Previous session was NOT resumed (expected)\n"); - } - } - } + { /* the second time we connect */ + + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed (session) != 0) + { + if (params->expect_resume) + { + if (debug) + success ("- Previous session was resumed\n"); + } + else + fail ("- Previous session was resumed\n"); + } + else + { + if (params->expect_resume) + fail ("*** Previous session was NOT resumed\n"); + else + { + if (debug) + success + ("*** Previous session was NOT resumed (expected)\n"); + } + } + } gnutls_record_send (session, MSG, strlen (MSG)); ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("client: Peer has closed the TLS connection\n"); - goto end; - } + { + if (debug) + success ("client: Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) - { - fail ("client: Error: %s\n", gnutls_strerror (ret)); - goto end; - } + { + fail ("client: Error: %s\n", gnutls_strerror (ret)); + goto end; + } if (debug) - { - printf ("- Received %d bytes: ", ret); - for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } - fputs ("\n", stdout); - } + { + printf ("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) + { + fputc (buffer[ii], stdout); + } + fputs ("\n", stdout); + } gnutls_bye (session, GNUTLS_SHUT_RDWR); @@ -232,7 +232,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -313,10 +313,10 @@ global_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -394,50 +394,50 @@ server (struct params_res *params) sd = accept (listen_sd, (SA *) & sa_cli, &client_len); if (debug) - success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + success ("server: connection from %s, port %d\n", + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); if (ret < 0) - { - close (sd); - gnutls_deinit (session); - fail ("server: Handshake has failed (%s)\n\n", - gnutls_strerror (ret)); - return; - } + { + close (sd); + gnutls_deinit (session); + fail ("server: Handshake has failed (%s)\n\n", + gnutls_strerror (ret)); + return; + } if (debug) - success ("server: Handshake was completed\n"); + success ("server: Handshake was completed\n"); /* see the Getting peer's information example */ /* print_info(session); */ i = 0; for (;;) - { - memset (buffer, 0, MAX_BUF + 1); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - - if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } - else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } - else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } - } + { + memset (buffer, 0, MAX_BUF + 1); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + + if (ret == 0) + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } + else if (ret < 0) + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } + else if (ret > 0) + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } + } /* do not wait for the peer to close the connection. */ gnutls_bye (session, GNUTLS_SHUT_WR); @@ -469,34 +469,34 @@ doit (void) for (i = 0; resume_tests[i].desc; i++) { if (debug) - printf ("%s\n", resume_tests[i].desc); + printf ("%s\n", resume_tests[i].desc); global_start (); if (error_count) - return; + return; child = fork (); if (child < 0) - { - perror ("fork"); - fail ("fork"); - return; - } + { + perror ("fork"); + fail ("fork"); + return; + } if (child) - { - int status; - /* parent */ - server (&resume_tests[i]); - wait (&status); - global_stop (); - } + { + int status; + /* parent */ + server (&resume_tests[i]); + wait (&status); + global_stop (); + } else - { - client (&resume_tests[i]); - gnutls_global_deinit (); - exit (0); - } + { + client (&resume_tests[i]); + gnutls_global_deinit (); + exit (0); + } } } @@ -547,19 +547,19 @@ wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data) unsigned int i; printf ("key:\n"); for (i = 0; i < key.size; i++) - { - printf ("%02x ", key.data[i] & 0xFF); - if ((i + 1) % 16 == 0) - printf ("\n"); - } + { + printf ("%02x ", key.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf ("\n"); + } printf ("\n"); printf ("data:\n"); for (i = 0; i < data.size; i++) - { - printf ("%02x ", data.data[i] & 0xFF); - if ((i + 1) % 16 == 0) - printf ("\n"); - } + { + printf ("%02x ", data.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf ("\n"); + } printf ("\n"); } @@ -596,11 +596,11 @@ wrap_db_fetch (void *dbf, gnutls_datum_t key) unsigned int i; printf ("key:\n"); for (i = 0; i < key.size; i++) - { - printf ("%02x ", key.data[i] & 0xFF); - if ((i + 1) % 16 == 0) - printf ("\n"); - } + { + printf ("%02x ", key.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf ("\n"); + } printf ("\n"); } @@ -610,34 +610,34 @@ wrap_db_fetch (void *dbf, gnutls_datum_t key) for (i = 0; i < TLS_SESSION_CACHE; i++) { if (key.size == cache_db[i].session_id_size && - memcmp (key.data, cache_db[i].session_id, key.size) == 0) - { - if (debug) - success ("resume db fetch... return info\n"); - - res.size = cache_db[i].session_data_size; - - res.data = gnutls_malloc (res.size); - if (res.data == NULL) - return res; - - memcpy (res.data, cache_db[i].session_data, res.size); - - if (debug) - { - unsigned int i; - printf ("data:\n"); - for (i = 0; i < res.size; i++) - { - printf ("%02x ", res.data[i] & 0xFF); - if ((i + 1) % 16 == 0) - printf ("\n"); - } - printf ("\n"); - } - - return res; - } + memcmp (key.data, cache_db[i].session_id, key.size) == 0) + { + if (debug) + success ("resume db fetch... return info\n"); + + res.size = cache_db[i].session_data_size; + + res.data = gnutls_malloc (res.size); + if (res.data == NULL) + return res; + + memcpy (res.data, cache_db[i].session_data, res.size); + + if (debug) + { + unsigned int i; + printf ("data:\n"); + for (i = 0; i < res.size; i++) + { + printf ("%02x ", res.data[i] & 0xFF); + if ((i + 1) % 16 == 0) + printf ("\n"); + } + printf ("\n"); + } + + return res; + } } return res; } @@ -653,14 +653,14 @@ wrap_db_delete (void *dbf, gnutls_datum_t key) for (i = 0; i < TLS_SESSION_CACHE; i++) { if (key.size == cache_db[i].session_id_size && - memcmp (key.data, cache_db[i].session_id, key.size) == 0) - { + memcmp (key.data, cache_db[i].session_id, key.size) == 0) + { - cache_db[i].session_id_size = 0; - cache_db[i].session_data_size = 0; + cache_db[i].session_id_size = 0; + cache_db[i].session_data_size = 0; - return 0; - } + return 0; + } } return -1; diff --git a/tests/safe-renegotiation/srn0.c b/tests/safe-renegotiation/srn0.c index 7310225578..629fd7664b 100644 --- a/tests/safe-renegotiation/srn0.c +++ b/tests/safe-renegotiation/srn0.c @@ -181,8 +181,8 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL", NULL); @@ -201,35 +201,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -264,35 +264,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -301,7 +301,7 @@ main (int argc, char *argv[]) !gnutls_safe_renegotiation_status (server)) { tls_log_func (0, - "Rehandshaked session not using safe renegotiation!\n"); + "Rehandshaked session not using safe renegotiation!\n"); exit_code = EXIT_FAILURE; } @@ -321,9 +321,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/safe-renegotiation/srn1.c b/tests/safe-renegotiation/srn1.c index ee40c3a796..2b996b0c94 100644 --- a/tests/safe-renegotiation/srn1.c +++ b/tests/safe-renegotiation/srn1.c @@ -180,8 +180,8 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL:%SAFE_RENEGOTIATION", NULL); @@ -193,7 +193,7 @@ main (int argc, char *argv[]) gnutls_init (&client, GNUTLS_CLIENT); gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred); gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION", - NULL); + NULL); gnutls_transport_set_push_function (client, client_push); gnutls_transport_set_pull_function (client, client_pull); @@ -209,32 +209,32 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS) - && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS)); + && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED) exit_code = EXIT_FAILURE; @@ -255,9 +255,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/safe-renegotiation/srn2.c b/tests/safe-renegotiation/srn2.c index 6bc92e9a24..8c9d444c6b 100644 --- a/tests/safe-renegotiation/srn2.c +++ b/tests/safe-renegotiation/srn2.c @@ -178,8 +178,8 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL", NULL); @@ -206,35 +206,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -270,35 +270,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -338,35 +338,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -397,35 +397,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = 1; @@ -446,9 +446,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/safe-renegotiation/srn3.c b/tests/safe-renegotiation/srn3.c index 06457a2dc1..71f0ac31ca 100644 --- a/tests/safe-renegotiation/srn3.c +++ b/tests/safe-renegotiation/srn3.c @@ -180,12 +180,12 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION", - NULL); + NULL); gnutls_transport_set_push_function (server, server_push); gnutls_transport_set_pull_function (server, server_pull); @@ -209,32 +209,32 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ((cret == GNUTLS_E_AGAIN || cret == GNUTLS_E_SUCCESS) - && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS)); + && (sret == GNUTLS_E_AGAIN || sret == GNUTLS_E_SUCCESS)); if (cret != GNUTLS_E_SAFE_RENEGOTIATION_FAILED && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -255,9 +255,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/safe-renegotiation/srn4.c b/tests/safe-renegotiation/srn4.c index 488a0c3b69..8ab1bb2ea6 100644 --- a/tests/safe-renegotiation/srn4.c +++ b/tests/safe-renegotiation/srn4.c @@ -180,8 +180,8 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL", NULL); @@ -193,7 +193,7 @@ main (int argc, char *argv[]) gnutls_init (&client, GNUTLS_CLIENT); gnutls_credentials_set (client, GNUTLS_CRD_CERTIFICATE, clientx509cred); gnutls_priority_set_direct (client, "NORMAL:%DISABLE_SAFE_RENEGOTIATION", - NULL); + NULL); gnutls_transport_set_push_function (client, client_push); gnutls_transport_set_pull_function (client, client_pull); @@ -201,35 +201,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -264,36 +264,36 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_AGAIN - && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_AGAIN + && sret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_AGAIN && sret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) exit_code = 1; @@ -302,7 +302,7 @@ main (int argc, char *argv[]) gnutls_safe_renegotiation_status (server)) { tls_log_func (0, - "Rehandshaked session not using safe renegotiation!\n"); + "Rehandshaked session not using safe renegotiation!\n"); exit_code = EXIT_FAILURE; } @@ -322,9 +322,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/safe-renegotiation/srn5.c b/tests/safe-renegotiation/srn5.c index 91d1b9474f..2eb1975143 100644 --- a/tests/safe-renegotiation/srn5.c +++ b/tests/safe-renegotiation/srn5.c @@ -181,12 +181,12 @@ main (int argc, char *argv[]) /* Init server */ gnutls_certificate_allocate_credentials (&serverx509cred); gnutls_certificate_set_x509_key_mem (serverx509cred, - &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + &server_cert, &server_key, + GNUTLS_X509_FMT_PEM); gnutls_init (&server, GNUTLS_SERVER); gnutls_credentials_set (server, GNUTLS_CRD_CERTIFICATE, serverx509cred); gnutls_priority_set_direct (server, "NORMAL:%DISABLE_SAFE_RENEGOTIATION", - NULL); + NULL); gnutls_transport_set_push_function (server, server_push); gnutls_transport_set_pull_function (server, server_pull); @@ -202,35 +202,35 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(cret == GNUTLS_E_SUCCESS && sret == GNUTLS_E_SUCCESS) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (cret != GNUTLS_E_SUCCESS && sret != GNUTLS_E_SUCCESS) exit_code = EXIT_FAILURE; @@ -270,36 +270,36 @@ main (int argc, char *argv[]) { static int max_iter = 0; if (max_iter++ > 10) - abort (); + abort (); if (cret == GNUTLS_E_AGAIN) - { - cret = gnutls_handshake (client); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (client)...\n"); - tls_log_func (0, gnutls_strerror (cret)); - tls_log_func (0, "\n"); - } - } + { + cret = gnutls_handshake (client); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (client)...\n"); + tls_log_func (0, gnutls_strerror (cret)); + tls_log_func (0, "\n"); + } + } if (sret == GNUTLS_E_AGAIN) - { - sret = gnutls_handshake (server); - if (debug_level > 0) - { - tls_log_func (0, "second gnutls_handshake (server)...\n"); - tls_log_func (0, gnutls_strerror (sret)); - tls_log_func (0, "\n"); - } - } + { + sret = gnutls_handshake (server); + if (debug_level > 0) + { + tls_log_func (0, "second gnutls_handshake (server)...\n"); + tls_log_func (0, gnutls_strerror (sret)); + tls_log_func (0, "\n"); + } + } } while ( - /* Not done: */ - !(sret == GNUTLS_E_AGAIN - && cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) - /* No error: */ - && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); + /* Not done: */ + !(sret == GNUTLS_E_AGAIN + && cret == GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) + /* No error: */ + && (cret == GNUTLS_E_AGAIN || sret == GNUTLS_E_AGAIN)); if (sret != GNUTLS_E_AGAIN && cret != GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED) exit_code = 1; @@ -308,7 +308,7 @@ main (int argc, char *argv[]) gnutls_safe_renegotiation_status (server)) { tls_log_func (0, - "Rehandshaked session not using safe renegotiation!\n"); + "Rehandshaked session not using safe renegotiation!\n"); exit_code = EXIT_FAILURE; } @@ -328,9 +328,9 @@ main (int argc, char *argv[]) if (debug_level > 0) { if (exit_code == 0) - puts ("Self-test successful"); + puts ("Self-test successful"); else - puts ("Self-test failed"); + puts ("Self-test failed"); } return exit_code; diff --git a/tests/set_pkcs12_cred.c b/tests/set_pkcs12_cred.c index 579e7aaa6b..8fce5260cd 100644 --- a/tests/set_pkcs12_cred.c +++ b/tests/set_pkcs12_cred.c @@ -53,11 +53,11 @@ doit (void) if (debug) success ("Reading PKCS#12 blob from `%s' using password `%s'.\n", - file, password); + file, password); ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred, - file, - GNUTLS_X509_FMT_DER, - password); + file, + GNUTLS_X509_FMT_DER, + password); if (ret < 0) fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret)); @@ -83,11 +83,11 @@ doit (void) if (debug) success ("Reading PKCS#12 blob from `%s' using password `%s'.\n", - file, password); + file, password); ret = gnutls_certificate_set_x509_simple_pkcs12_file (x509cred, - file, - GNUTLS_X509_FMT_DER, - password); + file, + GNUTLS_X509_FMT_DER, + password); if (ret < 0) fail ("x509_pkcs12 failed %d: %s\n", ret, gnutls_strerror (ret)); diff --git a/tests/simple.c b/tests/simple.c index 4124876b14..532d56d019 100644 --- a/tests/simple.c +++ b/tests/simple.c @@ -52,13 +52,13 @@ doit (void) for (i = 0; algs[i]; i++) { - if (debug) - printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i], - gnutls_pk_algorithm_get_name (algs[i]), - gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))); - if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])) - != algs[i]) - fail ("gnutls_pk id's doesn't match\n"); + if (debug) + printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i], + gnutls_pk_algorithm_get_name (algs[i]), + gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))); + if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])) + != algs[i]) + fail ("gnutls_pk id's doesn't match\n"); } pk = gnutls_pk_get_id ("foo"); @@ -80,14 +80,14 @@ doit (void) for (i = 0; algs[i]; i++) { - if (debug) - printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i], - gnutls_sign_algorithm_get_name (algs[i]), - gnutls_sign_get_id (gnutls_sign_algorithm_get_name - (algs[i]))); - if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) != - algs[i]) - fail ("gnutls_sign id's doesn't match\n"); + if (debug) + printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i], + gnutls_sign_algorithm_get_name (algs[i]), + gnutls_sign_get_id (gnutls_sign_algorithm_get_name + (algs[i]))); + if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) != + algs[i]) + fail ("gnutls_sign id's doesn't match\n"); } pk = gnutls_sign_get_id ("foo"); diff --git a/tests/tlsia.c b/tests/tlsia.c index d4ebce4a66..b63bc296e4 100644 --- a/tests/tlsia.c +++ b/tests/tlsia.c @@ -59,7 +59,7 @@ tls_log_func (int level, const char *str) static int client_avp (gnutls_session_t session, void *ptr, - const char *last, size_t lastlen, char **new, size_t * newlen) + const char *last, size_t lastlen, char **new, size_t * newlen) { static int iter = 0; const char *p; @@ -67,10 +67,10 @@ client_avp (gnutls_session_t session, void *ptr, if (debug) { if (last) - printf ("client: received %d bytes AVP: `%.*s'\n", - (int) lastlen, (int) lastlen, last); + printf ("client: received %d bytes AVP: `%.*s'\n", + (int) lastlen, (int) lastlen, last); else - printf ("client: new application phase\n"); + printf ("client: new application phase\n"); } switch (iter) @@ -171,7 +171,7 @@ client (void) else { if (debug) - success ("client: Handshake was completed\n"); + success ("client: Handshake was completed\n"); } /* @@ -186,21 +186,21 @@ client (void) else { if (debug) - success ("client: TLS/IA handshake\n"); + success ("client: TLS/IA handshake\n"); ret = gnutls_ia_handshake (session); if (ret < 0) - { - fail ("client: TLS/IA handshake failed\n"); - gnutls_perror (ret); - goto end; - } + { + fail ("client: TLS/IA handshake failed\n"); + gnutls_perror (ret); + goto end; + } else - { - if (debug) - success ("client: TLS/IA Handshake was completed\n"); - } + { + if (debug) + success ("client: TLS/IA Handshake was completed\n"); + } } gnutls_record_send (session, MSG, strlen (MSG)); @@ -209,7 +209,7 @@ client (void) if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -222,9 +222,9 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } @@ -248,7 +248,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -303,14 +303,14 @@ int optval = 1; static int server_avp (gnutls_session_t session, void *ptr, - const char *last, size_t lastlen, char **new, size_t * newlen) + const char *last, size_t lastlen, char **new, size_t * newlen) { static int iter = 0; const char *p; if (last && debug) printf ("server: received %d bytes AVP: `%.*s'\n", - (int) lastlen, (int) lastlen, last); + (int) lastlen, (int) lastlen, last); gnutls_ia_permute_inner_secret (session, 3, "foo"); @@ -360,14 +360,14 @@ server_avp (gnutls_session_t session, void *ptr, if (strcmp (p, "1") == 0) { if (debug) - success ("server: Sending IntermediatePhaseFinished...\n"); + success ("server: Sending IntermediatePhaseFinished...\n"); return 1; } if (strcmp (p, "2") == 0) { if (debug) - success ("server: Sending FinalPhaseFinished...\n"); + success ("server: Sending FinalPhaseFinished...\n"); return 2; } @@ -398,10 +398,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -457,8 +457,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); @@ -482,21 +482,21 @@ server (void) else { if (debug) - success ("server: TLS/IA handshake\n"); + success ("server: TLS/IA handshake\n"); ret = gnutls_ia_handshake (session); if (ret < 0) - { - fail ("server: TLS/IA handshake failed\n"); - gnutls_perror (ret); - return; - } + { + fail ("server: TLS/IA handshake failed\n"); + gnutls_perror (ret); + return; + } else - { - if (debug) - success ("server: TLS/IA Handshake was completed\n"); - } + { + if (debug) + success ("server: TLS/IA Handshake was completed\n"); + } } /* see the Getting peer's information example */ @@ -509,32 +509,32 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) - { - gnutls_alert_description_t alert; - const char *err; - alert = gnutls_alert_get (session); - err = gnutls_alert_get_name (alert); - if (err) - printf ("Fatal alert: %s\n", err); - } - - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + if (ret == GNUTLS_E_FATAL_ALERT_RECEIVED) + { + gnutls_alert_description_t alert; + const char *err; + alert = gnutls_alert_get (session); + err = gnutls_alert_get_name (alert); + if (err) + printf ("Fatal alert: %s\n", err); + } + + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ diff --git a/tests/utils.c b/tests/utils.c index 946c62d39d..105869c903 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -73,14 +73,14 @@ escapeprint (const char *str, size_t len) for (i = 0; i < len; i++) { if (((str[i] & 0xFF) >= 'A' && (str[i] & 0xFF) <= 'Z') || - ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') || - ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9') - || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.') - printf ("%c", (str[i] & 0xFF)); + ((str[i] & 0xFF) >= 'a' && (str[i] & 0xFF) <= 'z') || + ((str[i] & 0xFF) >= '0' && (str[i] & 0xFF) <= '9') + || (str[i] & 0xFF) == ' ' || (str[i] & 0xFF) == '.') + printf ("%c", (str[i] & 0xFF)); else - printf ("\\x%02X", (str[i] & 0xFF)); + printf ("\\x%02X", (str[i] & 0xFF)); if ((i + 1) % 16 == 0 && (i + 1) < len) - printf ("'\n\t'"); + printf ("'\n\t'"); } printf ("\n"); } @@ -95,9 +95,9 @@ hexprint (const char *str, size_t len) { printf ("%02x ", (str[i] & 0xFF)); if ((i + 1) % 8 == 0) - printf (" "); + printf (" "); if ((i + 1) % 16 == 0 && i + 1 < len) - printf ("\n\t;; "); + printf ("\n\t;; "); } printf ("\n"); } @@ -111,17 +111,17 @@ binprint (const char *str, size_t len) for (i = 0; i < len; i++) { printf ("%d%d%d%d%d%d%d%d ", - (str[i] & 0xFF) & 0x80 ? 1 : 0, - (str[i] & 0xFF) & 0x40 ? 1 : 0, - (str[i] & 0xFF) & 0x20 ? 1 : 0, - (str[i] & 0xFF) & 0x10 ? 1 : 0, - (str[i] & 0xFF) & 0x08 ? 1 : 0, - (str[i] & 0xFF) & 0x04 ? 1 : 0, - (str[i] & 0xFF) & 0x02 ? 1 : 0, (str[i] & 0xFF) & 0x01 ? 1 : 0); + (str[i] & 0xFF) & 0x80 ? 1 : 0, + (str[i] & 0xFF) & 0x40 ? 1 : 0, + (str[i] & 0xFF) & 0x20 ? 1 : 0, + (str[i] & 0xFF) & 0x10 ? 1 : 0, + (str[i] & 0xFF) & 0x08 ? 1 : 0, + (str[i] & 0xFF) & 0x04 ? 1 : 0, + (str[i] & 0xFF) & 0x02 ? 1 : 0, (str[i] & 0xFF) & 0x01 ? 1 : 0); if ((i + 1) % 3 == 0) - printf (" "); + printf (" "); if ((i + 1) % 6 == 0 && i + 1 < len) - printf ("\n\t;; "); + printf ("\n\t;; "); } printf ("\n"); } @@ -131,18 +131,18 @@ main (int argc, char *argv[]) { do if (strcmp (argv[argc - 1], "-v") == 0 || - strcmp (argv[argc - 1], "--verbose") == 0) + strcmp (argv[argc - 1], "--verbose") == 0) debug = 1; else if (strcmp (argv[argc - 1], "-b") == 0 || - strcmp (argv[argc - 1], "--break-on-error") == 0) + strcmp (argv[argc - 1], "--break-on-error") == 0) break_on_error = 1; else if (strcmp (argv[argc - 1], "-h") == 0 || - strcmp (argv[argc - 1], "-?") == 0 || - strcmp (argv[argc - 1], "--help") == 0) + strcmp (argv[argc - 1], "-?") == 0 || + strcmp (argv[argc - 1], "--help") == 0) { - printf ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n", - argv[0]); - return 1; + printf ("Usage: %s [-vbh?] [--verbose] [--break-on-error] [--help]\n", + argv[0]); + return 1; } while (argc-- > 1); diff --git a/tests/utils.h b/tests/utils.h index 47db94f61e..dfd6aef3e1 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -30,7 +30,7 @@ #ifndef __attribute__ #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5) -#define __attribute__(Spec) /* empty */ +#define __attribute__(Spec) /* empty */ #endif #endif diff --git a/tests/x509_altname.c b/tests/x509_altname.c index 432b44fb98..392e226407 100644 --- a/tests/x509_altname.c +++ b/tests/x509_altname.c @@ -87,33 +87,33 @@ doit (void) for (alt_name_count = 0;; ++alt_name_count) { ret = - gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data, - &data_len, &critical); + gnutls_x509_crt_get_issuer_alt_name (cert, alt_name_count, data, + &data_len, &critical); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - break; + break; if (ret < 0) - fail ("get_issuer_alt_name: %d\n", ret); + fail ("get_issuer_alt_name: %d\n", ret); // TODO: print out / check results if (GNUTLS_SAN_URI == ret) - { - if (strcmp (data, "http://ca.su.se") != 0) - { - fail ("unexpected issuer GNUTLS_SAN_URI: %s\n", data); - } - } + { + if (strcmp (data, "http://ca.su.se") != 0) + { + fail ("unexpected issuer GNUTLS_SAN_URI: %s\n", data); + } + } else if (GNUTLS_SAN_RFC822NAME == ret) - { - if (strcmp (data, "ca@su.se") != 0) - { - fail ("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data); - } - } + { + if (strcmp (data, "ca@su.se") != 0) + { + fail ("unexpected issuer GNUTLS_SAN_RFC822NAME: %s\n", data); + } + } else - { - fail ("unexpected alt name type: %d\n", ret); - } + { + fail ("unexpected alt name type: %d\n", ret); + } data_len = MAX_DATA_SIZE; } diff --git a/tests/x509_test.c b/tests/x509_test.c index d1fa2065a1..27b6ad28ed 100644 --- a/tests/x509_test.c +++ b/tests/x509_test.c @@ -62,7 +62,7 @@ main () gnutls_global_init (); fprintf (stderr, - "This test will perform some checks on X.509 certificate\n"); + "This test will perform some checks on X.509 certificate\n"); fprintf (stderr, "verification functions.\n\n"); for (;;) @@ -71,30 +71,30 @@ main () file = test_files[i++].test_file; if (file == NULL) - break; + break; x = _verify_x509_file (file, CA_FILE); if (x < 0) - { - fprintf (stderr, "Unexpected error: %d\n", x); - exit (1); - } + { + fprintf (stderr, "Unexpected error: %d\n", x); + exit (1); + } printf ("Test %d, file %s: ", i, file); if (x != exp_result) - { - printf ("failed.\n"); - fflush (stdout); - fprintf (stderr, "Unexpected error in verification.\n"); - fprintf (stderr, "Certificate was found to be: \n"); - print_res (x); - } + { + printf ("failed.\n"); + fflush (stdout); + fprintf (stderr, "Unexpected error in verification.\n"); + fprintf (stderr, "Certificate was found to be: \n"); + print_res (x); + } else - { - printf ("ok."); + { + printf ("ok."); - printf ("\n"); - } + printf ("\n"); + } } printf ("\n"); @@ -112,7 +112,7 @@ main () */ int _verify_x509_mem (const char *cert, int cert_size, - const char *ca, int ca_size, const char *crl, int crl_size) + const char *ca, int ca_size, const char *crl, int crl_size) { int siz, i; const char *ptr; @@ -133,7 +133,7 @@ _verify_x509_mem (const char *cert, int cert_size, if (ret < 0) { fprintf (stderr, "Error parsing the CA certificate: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -142,7 +142,7 @@ _verify_x509_mem (const char *cert, int cert_size, if (ret < 0) { fprintf (stderr, "Error parsing the CA certificate: %s\n", - gnutls_strerror (ret)); + gnutls_strerror (ret)); exit (1); } @@ -153,45 +153,45 @@ _verify_x509_mem (const char *cert, int cert_size, i = 1; - if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */ + if (strstr (ptr, CRL_SEP) != NULL) /* if CRLs exist */ do { - x509_crl_list = - (gnutls_x509_crl *) realloc (x509_crl_list, - i * sizeof (gnutls_x509_crl)); - if (x509_crl_list == NULL) - { - fprintf (stderr, "memory error\n"); - exit (1); - } - - tmp.data = (char *) ptr; - tmp.size = siz; - - ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]); - if (ret < 0) - { - fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i, - gnutls_strerror (ret)); - exit (1); - } - - ret = - gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp, - GNUTLS_X509_FMT_PEM); - if (ret < 0) - { - fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i, - gnutls_strerror (ret)); - exit (1); - } - - /* now we move ptr after the pem header */ - ptr = strstr (ptr, CRL_SEP); - if (ptr != NULL) - ptr++; - - i++; + x509_crl_list = + (gnutls_x509_crl *) realloc (x509_crl_list, + i * sizeof (gnutls_x509_crl)); + if (x509_crl_list == NULL) + { + fprintf (stderr, "memory error\n"); + exit (1); + } + + tmp.data = (char *) ptr; + tmp.size = siz; + + ret = gnutls_x509_crl_init (&x509_crl_list[i - 1]); + if (ret < 0) + { + fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); + } + + ret = + gnutls_x509_crl_import (x509_crl_list[i - 1], &tmp, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + fprintf (stderr, "Error parsing the CRL[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); + } + + /* now we move ptr after the pem header */ + ptr = strstr (ptr, CRL_SEP); + if (ptr != NULL) + ptr++; + + i++; } while ((ptr = strstr (ptr, CRL_SEP)) != NULL); @@ -208,39 +208,39 @@ _verify_x509_mem (const char *cert, int cert_size, do { x509_cert_list = - (gnutls_x509_crt *) realloc (x509_cert_list, - i * sizeof (gnutls_x509_crt)); + (gnutls_x509_crt *) realloc (x509_cert_list, + i * sizeof (gnutls_x509_crt)); if (x509_cert_list == NULL) - { - fprintf (stderr, "memory error\n"); - exit (1); - } + { + fprintf (stderr, "memory error\n"); + exit (1); + } tmp.data = (char *) ptr; tmp.size = siz; ret = gnutls_x509_crt_init (&x509_cert_list[i - 1]); if (ret < 0) - { - fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); + } ret = - gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp, - GNUTLS_X509_FMT_PEM); + gnutls_x509_crt_import (x509_cert_list[i - 1], &tmp, + GNUTLS_X509_FMT_PEM); if (ret < 0) - { - fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i, - gnutls_strerror (ret)); - exit (1); - } + { + fprintf (stderr, "Error parsing the certificate[%d]: %s\n", i, + gnutls_strerror (ret)); + exit (1); + } /* now we move ptr after the pem header */ ptr = strstr (ptr, CERT_SEP); if (ptr != NULL) - ptr++; + ptr++; i++; } @@ -249,8 +249,8 @@ _verify_x509_mem (const char *cert, int cert_size, x509_ncerts = i - 1; ret = gnutls_x509_crt_list_verify (x509_cert_list, x509_ncerts, - &x509_ca, 1, x509_crl_list, x509_ncrls, - 0, &output); + &x509_ca, 1, x509_crl_list, x509_ncrls, + 0, &output); gnutls_x509_crt_deinit (x509_ca); diff --git a/tests/x509dn.c b/tests/x509dn.c index 6095b3a8d2..f1518954cb 100644 --- a/tests/x509dn.c +++ b/tests/x509dn.c @@ -111,9 +111,9 @@ const gnutls_datum_t key = { key_pem, sizeof (key_pem) }; static int cert_callback (gnutls_session_t session, - const gnutls_datum_t * req_ca_rdn, int nreqs, - const gnutls_pk_algorithm_t * sign_algos, - int sign_algos_length, gnutls_retr2_st * st) + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_retr2_st * st) { int result; gnutls_x509_dn_t dn; @@ -140,31 +140,31 @@ cert_callback (gnutls_session_t session, gnutls_x509_ava_st val; if (debug) - success ("client: imported DN.\n"); + success ("client: imported DN.\n"); if (gnutls_x509_dn_get_rdn_ava (dn, 0, 0, &val) == 0) - { - if (debug) - success ("client: got RDN 0.\n"); - - if (val.value.size == strlen (EXPECT_RDN0) - && strncmp (val.value.data, EXPECT_RDN0, val.value.size) == 0) - { - if (debug) - success ("client: RND 0 correct.\n"); - } - else - { - fail ("client: RND 0 bad: %.*s\n", - val.value.size, val.value.data); - return -1; - } - } + { + if (debug) + success ("client: got RDN 0.\n"); + + if (val.value.size == strlen (EXPECT_RDN0) + && strncmp (val.value.data, EXPECT_RDN0, val.value.size) == 0) + { + if (debug) + success ("client: RND 0 correct.\n"); + } + else + { + fail ("client: RND 0 bad: %.*s\n", + val.value.size, val.value.data); + return -1; + } + } else - { - fail ("client: could not retrieve RDN 0.\n"); - return -1; - } + { + fail ("client: could not retrieve RDN 0.\n"); + return -1; + } gnutls_x509_dn_deinit (dn); } @@ -229,13 +229,13 @@ client (void) else { if (debug) - success ("client: Handshake was completed\n"); + success ("client: Handshake was completed\n"); } if (debug) success ("client: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); /* see the Getting peer's information example */ if (debug) @@ -247,7 +247,7 @@ client (void) if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -260,9 +260,9 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } @@ -284,7 +284,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -396,10 +396,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -436,7 +436,7 @@ server (void) gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (debug) success ("Launched, generating DH parameters...\n"); @@ -453,8 +453,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); @@ -470,8 +470,8 @@ server (void) if (debug) success ("server: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); /* see the Getting peer's information example */ if (debug) @@ -484,22 +484,22 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ @@ -545,18 +545,18 @@ doit (void) #if defined WIFEXITED && defined WEXITSTATUS if (WIFEXITED (status) && WEXITSTATUS (status)) - { - fail ("server: client failed with exit status %d\n", - WEXITSTATUS (status)); - } + { + fail ("server: client failed with exit status %d\n", + WEXITSTATUS (status)); + } #endif #if defined WIFSIGNALED && defined WTERMSIG if (WIFSIGNALED (status)) - { - fail ("server: client failed with fatal signal %d\n", - WTERMSIG (status)); - } + { + fail ("server: client failed with fatal signal %d\n", + WTERMSIG (status)); + } #endif } diff --git a/tests/x509self.c b/tests/x509self.c index 0039a49398..a25b31ffb1 100644 --- a/tests/x509self.c +++ b/tests/x509self.c @@ -128,7 +128,7 @@ client (void) */ gnutls_certificate_set_x509_trust_mem (xcred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem (xcred, &cert, &key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); /* Initialize TLS session */ @@ -164,8 +164,8 @@ client (void) if (debug) success ("client: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); /* see the Getting peer's information example */ if (debug) @@ -176,7 +176,7 @@ client (void) if (ret == strlen (MSG)) { if (debug) - success ("client: sent record.\n"); + success ("client: sent record.\n"); } else { @@ -193,24 +193,24 @@ client (void) if (ret == GNUTLS_E_REHANDSHAKE) { if (debug) - success ("client: doing handshake!\n"); + success ("client: doing handshake!\n"); ret = gnutls_handshake (session); if (ret == 0) - { - if (debug) - success ("client: handshake complete, reading again.\n"); - ret = gnutls_record_recv (session, buffer, MAX_BUF); - } + { + if (debug) + success ("client: handshake complete, reading again.\n"); + ret = gnutls_record_recv (session, buffer, MAX_BUF); + } else - { - fail ("client: handshake failed.\n"); - } + { + fail ("client: handshake failed.\n"); + } } if (ret == 0) { if (debug) - success ("client: Peer has closed the TLS connection\n"); + success ("client: Peer has closed the TLS connection\n"); goto end; } else if (ret < 0) @@ -223,9 +223,9 @@ client (void) { printf ("- Received %d bytes: ", ret); for (ii = 0; ii < ret; ii++) - { - fputc (buffer[ii], stdout); - } + { + fputc (buffer[ii], stdout); + } fputs ("\n", stdout); } @@ -247,7 +247,7 @@ end: #define SA struct sockaddr #define MAX_BUF 1024 -#define PORT 5556 /* listen to 5556 port */ +#define PORT 5556 /* listen to 5556 port */ #define DH_BITS 1024 /* These are global */ @@ -360,10 +360,10 @@ server_start (void) memset (&sa_serv, '\0', sizeof (sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; - sa_serv.sin_port = htons (PORT); /* Server Port number */ + sa_serv.sin_port = htons (PORT); /* Server Port number */ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, - sizeof (int)); + sizeof (int)); err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv)); if (err == -1) @@ -400,7 +400,7 @@ server (void) gnutls_certificate_set_x509_trust_mem (x509_cred, &ca, GNUTLS_X509_FMT_PEM); gnutls_certificate_set_x509_key_mem (x509_cred, &server_cert, &server_key, - GNUTLS_X509_FMT_PEM); + GNUTLS_X509_FMT_PEM); if (debug) success ("Launched, generating DH parameters...\n"); @@ -417,8 +417,8 @@ server (void) if (debug) success ("server: connection from %s, port %d\n", - inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, - sizeof (topbuf)), ntohs (sa_cli.sin_port)); + inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf, + sizeof (topbuf)), ntohs (sa_cli.sin_port)); gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd); ret = gnutls_handshake (session); @@ -433,8 +433,8 @@ server (void) { success ("server: Handshake was completed\n"); success ("server: TLS version is: %s\n", - gnutls_protocol_get_name (gnutls_protocol_get_version - (session))); + gnutls_protocol_get_name (gnutls_protocol_get_version + (session))); } /* see the Getting peer's information example */ @@ -448,47 +448,47 @@ server (void) ret = gnutls_record_recv (session, buffer, MAX_BUF); if (ret == 0) - { - if (debug) - success ("server: Peer has closed the GnuTLS connection\n"); - break; - } + { + if (debug) + success ("server: Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0) - { - fail ("server: Received corrupted data(%d). Closing...\n", ret); - break; - } + { + fail ("server: Received corrupted data(%d). Closing...\n", ret); + break; + } else if (ret > 0) - { - gnutls_certificate_server_set_request (session, - GNUTLS_CERT_REQUEST); - - if (debug) - success ("server: got data, forcing rehandshake.\n"); - - ret = gnutls_rehandshake (session); - if (ret < 0) - { - fail ("server: rehandshake failed\n"); - gnutls_perror (ret); - break; - } - - ret = gnutls_handshake (session); - if (ret < 0) - { - fail ("server: (re)handshake failed\n"); - gnutls_perror (ret); - break; - } - - if (debug) - success ("server: rehandshake complete.\n"); - - /* echo data back to the client - */ - gnutls_record_send (session, buffer, strlen (buffer)); - } + { + gnutls_certificate_server_set_request (session, + GNUTLS_CERT_REQUEST); + + if (debug) + success ("server: got data, forcing rehandshake.\n"); + + ret = gnutls_rehandshake (session); + if (ret < 0) + { + fail ("server: rehandshake failed\n"); + gnutls_perror (ret); + break; + } + + ret = gnutls_handshake (session); + if (ret < 0) + { + fail ("server: (re)handshake failed\n"); + gnutls_perror (ret); + break; + } + + if (debug) + success ("server: rehandshake complete.\n"); + + /* echo data back to the client + */ + gnutls_record_send (session, buffer, strlen (buffer)); + } } /* do not wait for the peer to close the connection. */ diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c index 8bde0118e0..32a6d67c86 100644 --- a/tests/x509sign-verify.c +++ b/tests/x509sign-verify.c @@ -159,13 +159,15 @@ doit (void) if (ret < 0) fail ("gnutls_x509_privkey_import\n"); - ret = gnutls_x509_privkey_sign_hash2 (key, GNUTLS_DIG_SHA1, 0, &hash_data, - &signature2); + ret = + gnutls_x509_privkey_sign_hash2 (key, GNUTLS_DIG_SHA1, 0, &hash_data, + &signature2); if (ret < 0) fail ("gnutls_x509_privkey_sign_hash\n"); - ret = gnutls_x509_privkey_sign_data2 (key, GNUTLS_DIG_SHA1, 0, &raw_data, - &signature); + ret = + gnutls_x509_privkey_sign_data2 (key, GNUTLS_DIG_SHA1, 0, &raw_data, + &signature); if (ret < 0) fail ("gnutls_x509_privkey_sign_hash\n"); |