diff options
| author | Simon Josefsson <simon@josefsson.org> | 2005-11-07 23:27:56 +0000 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2005-11-07 23:27:56 +0000 |
| commit | a5891d75997c9529b9fc5c273df8bd0df4093cd0 (patch) | |
| tree | fd6eec448a88c5eb891cc145921c5793662da604 /lib/gnutls_auth.c | |
| parent | af21484a8daf15da48f7d00c4fe632708a757a64 (diff) | |
| download | gnutls-a5891d75997c9529b9fc5c273df8bd0df4093cd0.tar.gz | |
Use GNU coding style.
Diffstat (limited to 'lib/gnutls_auth.c')
| -rw-r--r-- | lib/gnutls_auth.c | 406 |
1 files changed, 219 insertions, 187 deletions
diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index c92e115c55..8d36be1660 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -43,17 +43,20 @@ * Clears all the credentials previously set in this session. * **/ -void gnutls_credentials_clear(gnutls_session_t session) +void +gnutls_credentials_clear (gnutls_session_t session) { - if (session->key && session->key->cred) { /* beginning of the list */ - auth_cred_st *ccred, *ncred; - ccred = session->key->cred; - while (ccred != NULL) { - ncred = ccred->next; - gnutls_free(ccred); - ccred = ncred; + if (session->key && session->key->cred) + { /* beginning of the list */ + auth_cred_st *ccred, *ncred; + ccred = session->key->cred; + while (ccred != NULL) + { + ncred = ccred->next; + gnutls_free (ccred); + ccred = ncred; } - session->key->cred = NULL; + session->key->cred = NULL; } } @@ -86,55 +89,64 @@ void gnutls_credentials_clear(gnutls_session_t session) * For GNUTLS_CRD_CERTIFICATE cred should be gnutls_certificate_credentials_t. * **/ -int gnutls_credentials_set(gnutls_session_t session, - gnutls_credentials_type_t type, void *cred) +int +gnutls_credentials_set (gnutls_session_t session, + gnutls_credentials_type_t type, void *cred) { - auth_cred_st *ccred = NULL, *pcred = NULL; - int exists = 0; + auth_cred_st *ccred = NULL, *pcred = NULL; + int exists = 0; - if (session->key->cred == NULL) { /* beginning of the list */ + if (session->key->cred == NULL) + { /* beginning of the list */ - session->key->cred = gnutls_malloc(sizeof(auth_cred_st)); - if (session->key->cred == NULL) - return GNUTLS_E_MEMORY_ERROR; + session->key->cred = gnutls_malloc (sizeof (auth_cred_st)); + if (session->key->cred == NULL) + return GNUTLS_E_MEMORY_ERROR; + + /* copy credentials locally */ + session->key->cred->credentials = cred; - /* copy credentials locally */ - session->key->cred->credentials = cred; - - session->key->cred->next = NULL; - session->key->cred->algorithm = type; - } else { - ccred = session->key->cred; - while (ccred != NULL) { - if (ccred->algorithm == type) { - exists = 1; - break; + session->key->cred->next = NULL; + session->key->cred->algorithm = type; + } + else + { + ccred = session->key->cred; + while (ccred != NULL) + { + if (ccred->algorithm == type) + { + exists = 1; + break; } - pcred = ccred; - ccred = ccred->next; + pcred = ccred; + ccred = ccred->next; } - /* After this, pcred is not null. - */ + /* After this, pcred is not null. + */ - if (exists == 0) { /* new entry */ - pcred->next = gnutls_malloc(sizeof(auth_cred_st)); - if (pcred->next == NULL) - return GNUTLS_E_MEMORY_ERROR; + if (exists == 0) + { /* new entry */ + pcred->next = gnutls_malloc (sizeof (auth_cred_st)); + if (pcred->next == NULL) + return GNUTLS_E_MEMORY_ERROR; - ccred = pcred->next; + ccred = pcred->next; - /* copy credentials locally */ - ccred->credentials = cred; + /* copy credentials locally */ + ccred->credentials = cred; - ccred->next = NULL; - ccred->algorithm = type; - } else { /* modify existing entry */ - gnutls_free(ccred->credentials); - ccred->credentials = cred; + ccred->next = NULL; + ccred->algorithm = type; + } + else + { /* modify existing entry */ + gnutls_free (ccred->credentials); + ccred->credentials = cred; } } - return 0; + return 0; } /** @@ -148,18 +160,18 @@ int gnutls_credentials_set(gnutls_session_t session, * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: KX_RSA, KX_DHE_RSA), * the same function are to be used to access the authentication data. **/ -gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session) +gnutls_credentials_type_t +gnutls_auth_get_type (gnutls_session_t session) { /* This is not the credentials we must set, but the authentication data * we get by the peer, so it should be reversed. */ - int server = - session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1; + int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1; - return - _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), server); + return + _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite), server); } /** @@ -172,12 +184,12 @@ gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session) * **/ gnutls_credentials_type_t -gnutls_auth_server_get_type(gnutls_session_t session) +gnutls_auth_server_get_type (gnutls_session_t session) { - return - _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), 1); + return + _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite), 1); } /** @@ -190,12 +202,12 @@ gnutls_auth_server_get_type(gnutls_session_t session) * **/ gnutls_credentials_type_t -gnutls_auth_client_get_type(gnutls_session_t session) +gnutls_auth_client_get_type (gnutls_session_t session) { - return - _gnutls_map_kx_get_cred(_gnutls_cipher_suite_get_kx_algo - (&session->security_parameters. - current_cipher_suite), 0); + return + _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo + (&session->security_parameters. + current_cipher_suite), 0); } @@ -203,43 +215,45 @@ gnutls_auth_client_get_type(gnutls_session_t session) * This returns a pointer to the linked list. Don't * free that!!! */ -const void *_gnutls_get_kx_cred(gnutls_session_t session, - gnutls_kx_algorithm_t algo, int *err) +const void * +_gnutls_get_kx_cred (gnutls_session_t session, + gnutls_kx_algorithm_t algo, int *err) { - int server = - session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; + int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0; - return _gnutls_get_cred(session->key, - _gnutls_map_kx_get_cred(algo, server), err); + return _gnutls_get_cred (session->key, + _gnutls_map_kx_get_cred (algo, server), err); } -const void *_gnutls_get_cred(gnutls_key_st key, - gnutls_credentials_type_t type, int *err) +const void * +_gnutls_get_cred (gnutls_key_st key, gnutls_credentials_type_t type, int *err) { - const void *retval = NULL; - int _err = -1; - auth_cred_st *ccred; - - if (key == NULL) - goto out; - - ccred = key->cred; - while (ccred != NULL) { - if (ccred->algorithm == type) { - break; + const void *retval = NULL; + int _err = -1; + auth_cred_st *ccred; + + if (key == NULL) + goto out; + + ccred = key->cred; + while (ccred != NULL) + { + if (ccred->algorithm == type) + { + break; } - ccred = ccred->next; + ccred = ccred->next; } - if (ccred == NULL) - goto out; + if (ccred == NULL) + goto out; - _err = 0; - retval = ccred->credentials; + _err = 0; + retval = ccred->credentials; - out: - if (err != NULL) - *err = _err; - return retval; +out: + if (err != NULL) + *err = _err; + return retval; } /*- @@ -255,9 +269,10 @@ const void *_gnutls_get_cred(gnutls_key_st key, * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; -*/ -void *_gnutls_get_auth_info(gnutls_session_t session) +void * +_gnutls_get_auth_info (gnutls_session_t session) { - return session->key->auth_info; + return session->key->auth_info; } /*- @@ -268,61 +283,67 @@ void *_gnutls_get_auth_info(gnutls_session_t session) * null. It must be called since some structures contain malloced * elements. -*/ -void _gnutls_free_auth_info(gnutls_session_t session) +void +_gnutls_free_auth_info (gnutls_session_t session) { -dh_info_st *dh_info; -rsa_info_st * rsa_info; + dh_info_st *dh_info; + rsa_info_st *rsa_info; - if (session == NULL || session->key == NULL) { - gnutls_assert(); - return; + if (session == NULL || session->key == NULL) + { + gnutls_assert (); + return; } - switch (session->key->auth_info_type) { + switch (session->key->auth_info_type) + { case GNUTLS_CRD_SRP: - break; - case GNUTLS_CRD_ANON: { - anon_auth_info_t info = _gnutls_get_auth_info(session); - - if (info == NULL) - break; - - dh_info = &info->dh; - _gnutls_free_dh_info( dh_info); - } - break; - case GNUTLS_CRD_CERTIFICATE:{ - unsigned int i; - cert_auth_info_t info = _gnutls_get_auth_info(session); - - if (info == NULL) - break; - - dh_info = &info->dh; - rsa_info = &info->rsa_export; - for (i = 0; i < info->ncerts; i++) { - _gnutls_free_datum(&info->raw_certificate_list[i]); - } - - gnutls_free(info->raw_certificate_list); - info->raw_certificate_list = NULL; - info->ncerts = 0; - - _gnutls_free_dh_info( dh_info); - _gnutls_free_rsa_info( rsa_info); - } - - - break; + break; + case GNUTLS_CRD_ANON: + { + anon_auth_info_t info = _gnutls_get_auth_info (session); + + if (info == NULL) + break; + + dh_info = &info->dh; + _gnutls_free_dh_info (dh_info); + } + break; + case GNUTLS_CRD_CERTIFICATE: + { + unsigned int i; + cert_auth_info_t info = _gnutls_get_auth_info (session); + + if (info == NULL) + break; + + dh_info = &info->dh; + rsa_info = &info->rsa_export; + for (i = 0; i < info->ncerts; i++) + { + _gnutls_free_datum (&info->raw_certificate_list[i]); + } + + gnutls_free (info->raw_certificate_list); + info->raw_certificate_list = NULL; + info->ncerts = 0; + + _gnutls_free_dh_info (dh_info); + _gnutls_free_rsa_info (rsa_info); + } + + + break; default: - return; + return; } - gnutls_free(session->key->auth_info); - session->key->auth_info = NULL; - session->key->auth_info_size = 0; - session->key->auth_info_type = 0; + gnutls_free (session->key->auth_info); + session->key->auth_info = NULL; + session->key->auth_info_size = 0; + session->key->auth_info_type = 0; } @@ -331,69 +352,80 @@ rsa_info_st * rsa_info; * If allow change is !=0 then this will allow changing the auth * info structure to a different type. */ -int _gnutls_auth_info_set(gnutls_session_t session, - gnutls_credentials_type_t type, int size, - int allow_change) +int +_gnutls_auth_info_set (gnutls_session_t session, + gnutls_credentials_type_t type, int size, + int allow_change) { - if (session->key->auth_info == NULL) { - session->key->auth_info = gnutls_calloc(1, size); - if (session->key->auth_info == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + if (session->key->auth_info == NULL) + { + session->key->auth_info = gnutls_calloc (1, size); + if (session->key->auth_info == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - session->key->auth_info_type = type; - session->key->auth_info_size = size; - } else { - if (allow_change == 0) { - /* If the credentials for the current authentication scheme, - * are not the one we want to set, then it's an error. - * This may happen if a rehandshake is performed an the - * ciphersuite which is negotiated has different authentication - * schema. - */ - if (gnutls_auth_get_type(session) != - session->key->auth_info_type) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + session->key->auth_info_type = type; + session->key->auth_info_size = size; + } + else + { + if (allow_change == 0) + { + /* If the credentials for the current authentication scheme, + * are not the one we want to set, then it's an error. + * This may happen if a rehandshake is performed an the + * ciphersuite which is negotiated has different authentication + * schema. + */ + if (gnutls_auth_get_type (session) != session->key->auth_info_type) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - } else { - /* The new behaviour: Here we reallocate the auth info structure - * in order to be able to negotiate different authentication - * types. Ie. perform an auth_anon and then authenticate again using a - * certificate (in order to prevent revealing the certificate's contents, - * to passive eavesdropers. - */ - if (gnutls_auth_get_type(session) != - session->key->auth_info_type) { - session->key->auth_info = - gnutls_realloc_fast(session->key->auth_info, size); - if (session->key->auth_info == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + } + else + { + /* The new behaviour: Here we reallocate the auth info structure + * in order to be able to negotiate different authentication + * types. Ie. perform an auth_anon and then authenticate again using a + * certificate (in order to prevent revealing the certificate's contents, + * to passive eavesdropers. + */ + if (gnutls_auth_get_type (session) != session->key->auth_info_type) + { + session->key->auth_info = + gnutls_realloc_fast (session->key->auth_info, size); + if (session->key->auth_info == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - memset(session->key->auth_info, 0, size); - session->key->auth_info_type = type; - session->key->auth_info_size = size; + memset (session->key->auth_info, 0, size); + session->key->auth_info_type = type; + session->key->auth_info_size = size; } } } - return 0; + return 0; } /* this function will copy an mpi_t key to * opaque data. */ -int _gnutls_generate_session_key(gnutls_key_st key) +int +_gnutls_generate_session_key (gnutls_key_st key) { - size_t tmp; + size_t tmp; - _gnutls_mpi_print(NULL, &tmp, key->KEY); - key->key.data = gnutls_secure_malloc(tmp); - if (key->key.data == NULL) { - return GNUTLS_E_MEMORY_ERROR; + _gnutls_mpi_print (NULL, &tmp, key->KEY); + key->key.data = gnutls_secure_malloc (tmp); + if (key->key.data == NULL) + { + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_mpi_print(key->key.data, &tmp, key->KEY); + _gnutls_mpi_print (key->key.data, &tmp, key->KEY); - key->key.size = tmp; - return 0; + key->key.size = tmp; + return 0; } |