diff options
| author | Daiki Ueno <ueno@gnu.org> | 2023-04-24 12:39:42 +0900 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2023-04-24 12:45:46 +0900 |
| commit | aa5950abab56b011331ad4331409b6ff8efb8aeb (patch) | |
| tree | ad363fb38e8b65c942876641cda9c76caa13b498 /lib/priority.c | |
| parent | 0fe9cb6842d63761718046cc7dd7eb437e6c5163 (diff) | |
| download | gnutls-aa5950abab56b011331ad4331409b6ff8efb8aeb.tar.gz | |
build: re-indent code
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/priority.c')
| -rw-r--r-- | lib/priority.c | 1567 |
1 files changed, 703 insertions, 864 deletions
diff --git a/lib/priority.c b/lib/priority.c index 0455b87ee8..f5ac656e57 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -45,11 +45,13 @@ #define MAX_ELEMENTS GNUTLS_MAX_ALGORITHM_NUM -#define ENABLE_PROFILE(c, profile) do { \ - c->additional_verify_flags &= 0x00ffffff; \ - c->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(profile); \ - c->level = _gnutls_profile_to_sec_level(profile); \ - } while(0) +#define ENABLE_PROFILE(c, profile) \ + do { \ + c->additional_verify_flags &= 0x00ffffff; \ + c->additional_verify_flags |= \ + GNUTLS_PROFILE_TO_VFLAGS(profile); \ + c->level = _gnutls_profile_to_sec_level(profile); \ + } while (0) /* This function is used by the test suite */ char *_gnutls_resolve_priorities(const char *priorities); @@ -62,13 +64,13 @@ char *_gnutls_resolve_priorities(const char *priorities); */ const char *_gnutls_default_priority_string = DEFAULT_PRIORITY_STRING; -static void prio_remove(priority_st * priority_list, unsigned int algo); -static void prio_add(priority_st * priority_list, unsigned int algo); +static void prio_remove(priority_st *priority_list, unsigned int algo); +static void prio_add(priority_st *priority_list, unsigned int algo); static void break_list(char *etag, char *broken_etag[MAX_ELEMENTS], int *size); -typedef void (bulk_rmadd_func) (priority_st * priority_list, const int *); +typedef void(bulk_rmadd_func)(priority_st *priority_list, const int *); -inline static void _set_priority(priority_st * st, const int *list) +inline static void _set_priority(priority_st *st, const int *list) { int num = 0, i; @@ -85,7 +87,7 @@ inline static void _set_priority(priority_st * st, const int *list) return; } -inline static void _add_priority(priority_st * st, const int *list) +inline static void _add_priority(priority_st *st, const int *list) { int num, i, j, init; @@ -111,12 +113,12 @@ inline static void _add_priority(priority_st * st, const int *list) return; } -static void _clear_priorities(priority_st * st, const int *list) +static void _clear_priorities(priority_st *st, const int *list) { memset(st, 0, sizeof(*st)); } -static void _clear_given_priorities(priority_st * st, const int *list) +static void _clear_given_priorities(priority_st *st, const int *list) { unsigned i; @@ -126,22 +128,16 @@ static void _clear_given_priorities(priority_st * st, const int *list) } static const int _supported_groups_dh[] = { - GNUTLS_GROUP_FFDHE2048, - GNUTLS_GROUP_FFDHE3072, - GNUTLS_GROUP_FFDHE4096, - GNUTLS_GROUP_FFDHE6144, - GNUTLS_GROUP_FFDHE8192, - 0 + GNUTLS_GROUP_FFDHE2048, GNUTLS_GROUP_FFDHE3072, GNUTLS_GROUP_FFDHE4096, + GNUTLS_GROUP_FFDHE6144, GNUTLS_GROUP_FFDHE8192, 0 }; -static const int _supported_groups_ecdh[] = { - GNUTLS_GROUP_SECP256R1, - GNUTLS_GROUP_SECP384R1, - GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* RFC 8422 */ - GNUTLS_GROUP_X448, /* RFC 8422 */ - 0 -}; +static const int _supported_groups_ecdh[] = { GNUTLS_GROUP_SECP256R1, + GNUTLS_GROUP_SECP384R1, + GNUTLS_GROUP_SECP521R1, + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ + 0 }; static const int _supported_groups_gost[] = { #ifdef ENABLE_GOST @@ -157,126 +153,86 @@ static const int _supported_groups_gost[] = { }; static const int _supported_groups_normal[] = { - GNUTLS_GROUP_SECP256R1, - GNUTLS_GROUP_SECP384R1, - GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* RFC 8422 */ - GNUTLS_GROUP_X448, /* RFC 8422 */ + GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ /* These should stay last as our default behavior * is to send key shares for two top types (GNUTLS_KEY_SHARE_TOP2) * and we wouldn't want to have these sent by all clients * by default as they are quite expensive CPU-wise. */ - GNUTLS_GROUP_FFDHE2048, - GNUTLS_GROUP_FFDHE3072, - GNUTLS_GROUP_FFDHE4096, - GNUTLS_GROUP_FFDHE6144, - GNUTLS_GROUP_FFDHE8192, - 0 + GNUTLS_GROUP_FFDHE2048, GNUTLS_GROUP_FFDHE3072, GNUTLS_GROUP_FFDHE4096, + GNUTLS_GROUP_FFDHE6144, GNUTLS_GROUP_FFDHE8192, 0 }; static const int *supported_groups_normal = _supported_groups_normal; static const int _supported_groups_secure128[] = { - GNUTLS_GROUP_SECP256R1, - GNUTLS_GROUP_SECP384R1, - GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_X25519, /* RFC 8422 */ - GNUTLS_GROUP_X448, /* RFC 8422 */ - GNUTLS_GROUP_FFDHE2048, - GNUTLS_GROUP_FFDHE3072, - GNUTLS_GROUP_FFDHE4096, - GNUTLS_GROUP_FFDHE6144, - GNUTLS_GROUP_FFDHE8192, - 0 + GNUTLS_GROUP_SECP256R1, GNUTLS_GROUP_SECP384R1, GNUTLS_GROUP_SECP521R1, + GNUTLS_GROUP_X25519, /* RFC 8422 */ + GNUTLS_GROUP_X448, /* RFC 8422 */ + GNUTLS_GROUP_FFDHE2048, GNUTLS_GROUP_FFDHE3072, GNUTLS_GROUP_FFDHE4096, + GNUTLS_GROUP_FFDHE6144, GNUTLS_GROUP_FFDHE8192, 0 }; static const int *supported_groups_secure128 = _supported_groups_secure128; -static const int _supported_groups_suiteb128[] = { - GNUTLS_GROUP_SECP256R1, - GNUTLS_GROUP_SECP384R1, - 0 -}; +static const int _supported_groups_suiteb128[] = { GNUTLS_GROUP_SECP256R1, + GNUTLS_GROUP_SECP384R1, 0 }; static const int *supported_groups_suiteb128 = _supported_groups_suiteb128; -static const int _supported_groups_suiteb192[] = { - GNUTLS_GROUP_SECP384R1, - 0 -}; +static const int _supported_groups_suiteb192[] = { GNUTLS_GROUP_SECP384R1, 0 }; static const int *supported_groups_suiteb192 = _supported_groups_suiteb192; -static const int _supported_groups_secure192[] = { - GNUTLS_GROUP_SECP384R1, - GNUTLS_GROUP_SECP521R1, - GNUTLS_GROUP_FFDHE8192, - 0 -}; +static const int _supported_groups_secure192[] = { GNUTLS_GROUP_SECP384R1, + GNUTLS_GROUP_SECP521R1, + GNUTLS_GROUP_FFDHE8192, 0 }; static const int *supported_groups_secure192 = _supported_groups_secure192; -static const int protocol_priority[] = { - GNUTLS_TLS1_3, - GNUTLS_TLS1_2, - GNUTLS_TLS1_1, - GNUTLS_TLS1_0, - GNUTLS_DTLS1_2, - GNUTLS_DTLS1_0, - 0 -}; +static const int protocol_priority[] = { GNUTLS_TLS1_3, + GNUTLS_TLS1_2, + GNUTLS_TLS1_1, + GNUTLS_TLS1_0, + GNUTLS_DTLS1_2, + GNUTLS_DTLS1_0, + 0 }; /* contains all the supported TLS protocols, intended to be used for eliminating them */ -static const int stream_protocol_priority[] = { - GNUTLS_TLS1_3, - GNUTLS_TLS1_2, - GNUTLS_TLS1_1, - GNUTLS_TLS1_0, - 0 -}; +static const int stream_protocol_priority[] = { GNUTLS_TLS1_3, GNUTLS_TLS1_2, + GNUTLS_TLS1_1, GNUTLS_TLS1_0, + 0 }; /* contains all the supported DTLS protocols, intended to be used for eliminating them */ -static const int dgram_protocol_priority[] = { - GNUTLS_DTLS1_2, - GNUTLS_DTLS1_0, - GNUTLS_DTLS0_9, - 0 -}; +static const int dgram_protocol_priority[] = { GNUTLS_DTLS1_2, GNUTLS_DTLS1_0, + GNUTLS_DTLS0_9, 0 }; -static const int dtls_protocol_priority[] = { - GNUTLS_DTLS1_2, - GNUTLS_DTLS1_0, - 0 -}; +static const int dtls_protocol_priority[] = { GNUTLS_DTLS1_2, GNUTLS_DTLS1_0, + 0 }; -static const int _protocol_priority_suiteb[] = { - GNUTLS_TLS1_2, - 0 -}; +static const int _protocol_priority_suiteb[] = { GNUTLS_TLS1_2, 0 }; static const int *protocol_priority_suiteb = _protocol_priority_suiteb; -static const int _kx_priority_performance[] = { - GNUTLS_KX_RSA, +static const int _kx_priority_performance[] = { GNUTLS_KX_RSA, #ifdef ENABLE_ECDHE - GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_KX_ECDHE_RSA, + GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_KX_ECDHE_RSA, #endif #ifdef ENABLE_DHE - GNUTLS_KX_DHE_RSA, + GNUTLS_KX_DHE_RSA, #endif - 0 -}; + 0 }; static const int *kx_priority_performance = _kx_priority_performance; static const int _kx_priority_pfs[] = { #ifdef ENABLE_ECDHE - GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_KX_ECDHE_RSA, + GNUTLS_KX_ECDHE_ECDSA, GNUTLS_KX_ECDHE_RSA, #endif #ifdef ENABLE_DHE GNUTLS_KX_DHE_RSA, @@ -286,23 +242,19 @@ static const int _kx_priority_pfs[] = { static const int *kx_priority_pfs = _kx_priority_pfs; -static const int _kx_priority_suiteb[] = { - GNUTLS_KX_ECDHE_ECDSA, - 0 -}; +static const int _kx_priority_suiteb[] = { GNUTLS_KX_ECDHE_ECDSA, 0 }; static const int *kx_priority_suiteb = _kx_priority_suiteb; static const int _kx_priority_secure[] = { - /* The ciphersuites that offer forward secrecy take +/* The ciphersuites that offer forward secrecy take * precedence */ #ifdef ENABLE_ECDHE - GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_KX_ECDHE_RSA, + GNUTLS_KX_ECDHE_ECDSA, GNUTLS_KX_ECDHE_RSA, #endif GNUTLS_KX_RSA, - /* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility +/* KX-RSA is now ahead of DHE-RSA and DHE-DSS due to the compatibility * issues the DHE ciphersuites have. That is, one cannot enforce a specific * security level without dropping the connection. */ @@ -326,25 +278,17 @@ static const int _kx_priority_gost[] = { static const int *kx_priority_gost = _kx_priority_gost; static const int _cipher_priority_performance_default[] = { - GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CHACHA20_POLY1305, - GNUTLS_CIPHER_AES_128_CCM, - GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_AES_256_CBC, - 0 + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_256_GCM, + GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_AES_256_CBC, 0 }; static const int _cipher_priority_performance_no_aesni[] = { - GNUTLS_CIPHER_CHACHA20_POLY1305, - GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_AES_128_CCM, - GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_AES_256_CBC, - 0 + GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_128_GCM, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_AES_256_CBC, 0 }; /* If GCM and AES acceleration is available then prefer @@ -353,17 +297,14 @@ static const int _cipher_priority_performance_no_aesni[] = { * proof). */ static const int _cipher_priority_normal_default[] = { - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CHACHA20_POLY1305, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_AES_128_CCM, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_128_CCM, - GNUTLS_CIPHER_AES_128_CBC, - 0 + GNUTLS_CIPHER_AES_128_CBC, 0 }; static const int cipher_priority_performance_fips[] = { @@ -378,51 +319,37 @@ static const int cipher_priority_performance_fips[] = { }; static const int cipher_priority_normal_fips[] = { - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_AES_256_CCM, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_AES_128_CCM, - 0 + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_AES_128_CCM, 0 }; -static const int _cipher_priority_suiteb128[] = { - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_AES_128_GCM, - 0 -}; +static const int _cipher_priority_suiteb128[] = { GNUTLS_CIPHER_AES_256_GCM, + GNUTLS_CIPHER_AES_128_GCM, + 0 }; static const int *cipher_priority_suiteb128 = _cipher_priority_suiteb128; -static const int _cipher_priority_suiteb192[] = { - GNUTLS_CIPHER_AES_256_GCM, - 0 -}; +static const int _cipher_priority_suiteb192[] = { GNUTLS_CIPHER_AES_256_GCM, + 0 }; static const int *cipher_priority_suiteb192 = _cipher_priority_suiteb192; static const int _cipher_priority_secure128[] = { - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CHACHA20_POLY1305, - GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_AES_256_CCM, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_AES_128_CCM, - 0 + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_AES_128_CCM, 0 }; static const int *cipher_priority_secure128 = _cipher_priority_secure128; static const int _cipher_priority_secure192[] = { - GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CHACHA20_POLY1305, - GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_AES_256_CCM, - 0 + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_256_CCM, 0 }; static const int *cipher_priority_secure192 = _cipher_priority_secure192; @@ -460,19 +387,14 @@ static const int _sign_priority_default[] = { static const int *sign_priority_default = _sign_priority_default; static const int _sign_priority_suiteb128[] = { - GNUTLS_SIGN_ECDSA_SHA256, - GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, - GNUTLS_SIGN_ECDSA_SHA384, - GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, - 0 + GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, + GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, 0 }; static const int *sign_priority_suiteb128 = _sign_priority_suiteb128; static const int _sign_priority_suiteb192[] = { - GNUTLS_SIGN_ECDSA_SHA384, - GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, - 0 + GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, 0 }; static const int *sign_priority_suiteb192 = _sign_priority_suiteb192; @@ -525,28 +447,21 @@ static const int *sign_priority_secure192 = _sign_priority_secure192; static const int _sign_priority_gost[] = { #ifdef ENABLE_GOST - GNUTLS_SIGN_GOST_256, - GNUTLS_SIGN_GOST_512, + GNUTLS_SIGN_GOST_256, GNUTLS_SIGN_GOST_512, #endif 0 }; static const int *sign_priority_gost = _sign_priority_gost; -static const int mac_priority_normal_default[] = { - GNUTLS_MAC_SHA1, - GNUTLS_MAC_AEAD, - 0 -}; +static const int mac_priority_normal_default[] = { GNUTLS_MAC_SHA1, + GNUTLS_MAC_AEAD, 0 }; -static const int mac_priority_normal_fips[] = { - GNUTLS_MAC_SHA1, - GNUTLS_MAC_AEAD, - 0 -}; +static const int mac_priority_normal_fips[] = { GNUTLS_MAC_SHA1, + GNUTLS_MAC_AEAD, 0 }; static const int *cipher_priority_performance = - _cipher_priority_performance_default; + _cipher_priority_performance_default; static const int *cipher_priority_normal = _cipher_priority_normal_default; static const int *mac_priority_normal = mac_priority_normal_default; @@ -582,46 +497,31 @@ void _gnutls_priority_update_non_aesni(void) * prefer fast stream ciphers */ if (_gnutls_fips_mode_enabled() == 0) { cipher_priority_performance = - _cipher_priority_performance_no_aesni; + _cipher_priority_performance_no_aesni; } } -static const int _mac_priority_suiteb[] = { - GNUTLS_MAC_AEAD, - 0 -}; +static const int _mac_priority_suiteb[] = { GNUTLS_MAC_AEAD, 0 }; static const int *mac_priority_suiteb = _mac_priority_suiteb; -static const int _mac_priority_secure128[] = { - GNUTLS_MAC_SHA1, - GNUTLS_MAC_AEAD, - 0 -}; +static const int _mac_priority_secure128[] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_AEAD, + 0 }; static const int *mac_priority_secure128 = _mac_priority_secure128; -static const int _mac_priority_secure192[] = { - GNUTLS_MAC_AEAD, - 0 -}; +static const int _mac_priority_secure192[] = { GNUTLS_MAC_AEAD, 0 }; static const int *mac_priority_secure192 = _mac_priority_secure192; -static const int cert_type_priority_default[] = { - GNUTLS_CRT_X509, - 0 -}; +static const int cert_type_priority_default[] = { GNUTLS_CRT_X509, 0 }; -static const int cert_type_priority_all[] = { - GNUTLS_CRT_X509, - GNUTLS_CRT_RAWPK, - 0 -}; +static const int cert_type_priority_all[] = { GNUTLS_CRT_X509, GNUTLS_CRT_RAWPK, + 0 }; -typedef void (rmadd_func) (priority_st * priority_list, unsigned int alg); +typedef void(rmadd_func)(priority_st *priority_list, unsigned int alg); -static void prio_remove(priority_st * priority_list, unsigned int algo) +static void prio_remove(priority_st *priority_list, unsigned int algo) { unsigned int i; @@ -632,10 +532,10 @@ static void prio_remove(priority_st * priority_list, unsigned int algo) memmove(&priority_list->priorities[i], &priority_list->priorities[i + 1], (priority_list->num_priorities - - i) * - sizeof(priority_list->priorities[0])); - priority_list->priorities[priority_list-> - num_priorities] = 0; + i) * sizeof(priority_list + ->priorities[0])); + priority_list + ->priorities[priority_list->num_priorities] = 0; break; } } @@ -643,16 +543,16 @@ static void prio_remove(priority_st * priority_list, unsigned int algo) return; } -static void prio_add(priority_st * priority_list, unsigned int algo) +static void prio_add(priority_st *priority_list, unsigned int algo) { unsigned int i, l = priority_list->num_priorities; if (l >= MAX_ALGOS) - return; /* can't add it anyway */ + return; /* can't add it anyway */ for (i = 0; i < l; ++i) { if (algo == priority_list->priorities[i]) - return; /* if it exists */ + return; /* if it exists */ } priority_list->priorities[l] = algo; @@ -688,9 +588,8 @@ int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t priority) * negotiated version. */ if (!session->internals.handshake_in_progress && !session->internals.initial_negotiation_completed) { - ret = _gnutls_set_current_version(session, - priority-> - protocol.priorities[0]); + ret = _gnutls_set_current_version( + session, priority->protocol.priorities[0]); if (ret < 0) return gnutls_assert_val(ret); } @@ -760,95 +659,99 @@ struct priority_groups_st { }; static const struct priority_groups_st pgroups[] = { - {.name = LEVEL_NORMAL, - .cipher_list = &cipher_priority_normal, - .mac_list = &mac_priority_normal, - .kx_list = &kx_priority_secure, - .sign_list = &sign_priority_default, - .group_list = &supported_groups_normal, - .profile = GNUTLS_PROFILE_LOW, - .sec_param = GNUTLS_SEC_PARAM_WEAK}, - {.name = LEVEL_PFS, - .cipher_list = &cipher_priority_normal, - .mac_list = &mac_priority_secure128, - .kx_list = &kx_priority_pfs, - .sign_list = &sign_priority_default, - .group_list = &supported_groups_normal, - .profile = GNUTLS_PROFILE_LOW, - .sec_param = GNUTLS_SEC_PARAM_WEAK, - .no_tickets_tls12 = 1}, - {.name = LEVEL_SECURE128, - .alias = "SECURE", - .cipher_list = &cipher_priority_secure128, - .mac_list = &mac_priority_secure128, - .kx_list = &kx_priority_secure, - .sign_list = &sign_priority_secure128, - .group_list = &supported_groups_secure128, - /* The profile should have been HIGH but if we don't allow + { .name = LEVEL_NORMAL, + .cipher_list = &cipher_priority_normal, + .mac_list = &mac_priority_normal, + .kx_list = &kx_priority_secure, + .sign_list = &sign_priority_default, + .group_list = &supported_groups_normal, + .profile = GNUTLS_PROFILE_LOW, + .sec_param = GNUTLS_SEC_PARAM_WEAK }, + { .name = LEVEL_PFS, + .cipher_list = &cipher_priority_normal, + .mac_list = &mac_priority_secure128, + .kx_list = &kx_priority_pfs, + .sign_list = &sign_priority_default, + .group_list = &supported_groups_normal, + .profile = GNUTLS_PROFILE_LOW, + .sec_param = GNUTLS_SEC_PARAM_WEAK, + .no_tickets_tls12 = 1 }, + { .name = LEVEL_SECURE128, + .alias = "SECURE", + .cipher_list = &cipher_priority_secure128, + .mac_list = &mac_priority_secure128, + .kx_list = &kx_priority_secure, + .sign_list = &sign_priority_secure128, + .group_list = &supported_groups_secure128, + /* The profile should have been HIGH but if we don't allow * SHA-1 (80-bits) as signature algorithm we are not able * to connect anywhere with this level */ - .profile = GNUTLS_PROFILE_LOW, - .sec_param = GNUTLS_SEC_PARAM_LOW}, - {.name = LEVEL_SECURE192, - .alias = LEVEL_SECURE256, - .cipher_list = &cipher_priority_secure192, - .mac_list = &mac_priority_secure192, - .kx_list = &kx_priority_secure, - .sign_list = &sign_priority_secure192, - .group_list = &supported_groups_secure192, - .profile = GNUTLS_PROFILE_HIGH, - .sec_param = GNUTLS_SEC_PARAM_HIGH}, - {.name = LEVEL_SUITEB128, - .proto_list = &protocol_priority_suiteb, - .cipher_list = &cipher_priority_suiteb128, - .mac_list = &mac_priority_suiteb, - .kx_list = &kx_priority_suiteb, - .sign_list = &sign_priority_suiteb128, - .group_list = &supported_groups_suiteb128, - .profile = GNUTLS_PROFILE_SUITEB128, - .sec_param = GNUTLS_SEC_PARAM_HIGH}, - {.name = LEVEL_SUITEB192, - .proto_list = &protocol_priority_suiteb, - .cipher_list = &cipher_priority_suiteb192, - .mac_list = &mac_priority_suiteb, - .kx_list = &kx_priority_suiteb, - .sign_list = &sign_priority_suiteb192, - .group_list = &supported_groups_suiteb192, - .profile = GNUTLS_PROFILE_SUITEB192, - .sec_param = GNUTLS_SEC_PARAM_ULTRA}, - {.name = LEVEL_LEGACY, - .cipher_list = &cipher_priority_normal, - .mac_list = &mac_priority_normal, - .kx_list = &kx_priority_secure, - .sign_list = &sign_priority_default, - .group_list = &supported_groups_normal, - .sec_param = GNUTLS_SEC_PARAM_VERY_WEAK}, - {.name = LEVEL_PERFORMANCE, - .cipher_list = &cipher_priority_performance, - .mac_list = &mac_priority_normal, - .kx_list = &kx_priority_performance, - .sign_list = &sign_priority_default, - .group_list = &supported_groups_normal, - .profile = GNUTLS_PROFILE_LOW, - .sec_param = GNUTLS_SEC_PARAM_WEAK}, + .profile = GNUTLS_PROFILE_LOW, + .sec_param = GNUTLS_SEC_PARAM_LOW }, + { .name = LEVEL_SECURE192, + .alias = LEVEL_SECURE256, + .cipher_list = &cipher_priority_secure192, + .mac_list = &mac_priority_secure192, + .kx_list = &kx_priority_secure, + .sign_list = &sign_priority_secure192, + .group_list = &supported_groups_secure192, + .profile = GNUTLS_PROFILE_HIGH, + .sec_param = GNUTLS_SEC_PARAM_HIGH }, + { .name = LEVEL_SUITEB128, + .proto_list = &protocol_priority_suiteb, + .cipher_list = &cipher_priority_suiteb128, + .mac_list = &mac_priority_suiteb, + .kx_list = &kx_priority_suiteb, + .sign_list = &sign_priority_suiteb128, + .group_list = &supported_groups_suiteb128, + .profile = GNUTLS_PROFILE_SUITEB128, + .sec_param = GNUTLS_SEC_PARAM_HIGH }, + { .name = LEVEL_SUITEB192, + .proto_list = &protocol_priority_suiteb, + .cipher_list = &cipher_priority_suiteb192, + .mac_list = &mac_priority_suiteb, + .kx_list = &kx_priority_suiteb, + .sign_list = &sign_priority_suiteb192, + .group_list = &supported_groups_suiteb192, + .profile = GNUTLS_PROFILE_SUITEB192, + .sec_param = GNUTLS_SEC_PARAM_ULTRA }, + { .name = LEVEL_LEGACY, + .cipher_list = &cipher_priority_normal, + .mac_list = &mac_priority_normal, + .kx_list = &kx_priority_secure, + .sign_list = &sign_priority_default, + .group_list = &supported_groups_normal, + .sec_param = GNUTLS_SEC_PARAM_VERY_WEAK }, + { .name = LEVEL_PERFORMANCE, + .cipher_list = &cipher_priority_performance, + .mac_list = &mac_priority_normal, + .kx_list = &kx_priority_performance, + .sign_list = &sign_priority_default, + .group_list = &supported_groups_normal, + .profile = GNUTLS_PROFILE_LOW, + .sec_param = GNUTLS_SEC_PARAM_WEAK }, { - .name = NULL, - } + .name = NULL, + } }; -#define SET_PROFILE(to_set) \ - profile = GNUTLS_VFLAGS_TO_PROFILE(priority_cache->additional_verify_flags); \ - if (profile == 0 || profile > to_set) { \ - priority_cache->additional_verify_flags &= ~GNUTLS_VFLAGS_PROFILE_MASK; \ - priority_cache->additional_verify_flags |= GNUTLS_PROFILE_TO_VFLAGS(to_set); \ +#define SET_PROFILE(to_set) \ + profile = GNUTLS_VFLAGS_TO_PROFILE( \ + priority_cache->additional_verify_flags); \ + if (profile == 0 || profile > to_set) { \ + priority_cache->additional_verify_flags &= \ + ~GNUTLS_VFLAGS_PROFILE_MASK; \ + priority_cache->additional_verify_flags |= \ + GNUTLS_PROFILE_TO_VFLAGS(to_set); \ } -#define SET_LEVEL(to_set) \ - if (priority_cache->level == 0 || (unsigned)priority_cache->level > (unsigned)to_set) \ - priority_cache->level = to_set +#define SET_LEVEL(to_set) \ + if (priority_cache->level == 0 || \ + (unsigned)priority_cache->level > (unsigned)to_set) \ + priority_cache->level = to_set -static -int check_level(const char *level, gnutls_priority_t priority_cache, int add) +static int check_level(const char *level, gnutls_priority_t priority_cache, + int add) { bulk_rmadd_func *func; unsigned profile = 0; @@ -866,8 +769,8 @@ int check_level(const char *level, gnutls_priority_t priority_cache, int add) return 0; if (c_strcasecmp(level, pgroups[i].name) == 0 || - (pgroups[i].alias != NULL - && c_strcasecmp(level, pgroups[i].alias) == 0)) { + (pgroups[i].alias != NULL && + c_strcasecmp(level, pgroups[i].alias) == 0)) { if (pgroups[i].proto_list != NULL) func(&priority_cache->protocol, *pgroups[i].proto_list); @@ -880,21 +783,21 @@ int check_level(const char *level, gnutls_priority_t priority_cache, int add) *pgroups[i].group_list); if (pgroups[i].profile != 0) { - SET_PROFILE(pgroups[i].profile); /* set certificate level */ + SET_PROFILE( + pgroups[i].profile); /* set certificate level */ } - SET_LEVEL(pgroups[i].sec_param); /* set DH params level */ + SET_LEVEL( + pgroups[i].sec_param); /* set DH params level */ priority_cache->no_tickets = pgroups[i].no_tickets; priority_cache->no_tickets_tls12 = - pgroups[i].no_tickets_tls12; + pgroups[i].no_tickets_tls12; if (priority_cache->have_cbc == 0) { for (j = 0; (*pgroups[i].cipher_list)[j] != 0; j++) { - centry = - cipher_to_entry((*pgroups - [i].cipher_list) - [j]); - if (centry != NULL - && centry->type == CIPHER_BLOCK) { + centry = cipher_to_entry( + (*pgroups[i].cipher_list)[j]); + if (centry != NULL && + centry->type == CIPHER_BLOCK) { priority_cache->have_cbc = 1; break; } @@ -1018,7 +921,6 @@ static void enable_profile_suiteb192(gnutls_priority_t c) static void enable_safe_renegotiation(gnutls_priority_t c) { c->sr = SR_SAFE; - } static void enable_unsafe_renegotiation(gnutls_priority_t c) @@ -1257,8 +1159,8 @@ static inline int /* allowlisting-only */ _cfg_sigs_remark(struct cfg *cfg) } } for (i = 0; cfg->sigs_for_cert[i] != 0; i++) { - int ret = _gnutls_sign_set_secure(cfg->sigs_for_cert[i], - _SECURE); + int ret = + _gnutls_sign_set_secure(cfg->sigs_for_cert[i], _SECURE); if (unlikely(ret < 0)) { return gnutls_assert_val(ret); } @@ -1281,8 +1183,8 @@ static inline int /* allowlisting-only */ _cfg_versions_remark(struct cfg *cfg) } /* global side-effect! modifies `supported` in `ecc_curves[]` */ -static inline int /* allowlisting-only */ _cfg_ecc_curves_remark(struct cfg - *cfg) +static inline int /* allowlisting-only */ +_cfg_ecc_curves_remark(struct cfg *cfg) { size_t i; _gnutls_ecc_curve_mark_disabled_all(); @@ -1299,29 +1201,24 @@ static inline int /* allowlisting-only */ _cfg_ecc_curves_remark(struct cfg * setting arrays of struct cfg: from other arrays */ -static inline int /* allowlisting-only */ cfg_hashes_set_array(struct cfg *cfg, - gnutls_digest_algorithm_t - * src, - size_t len) +static inline int /* allowlisting-only */ +cfg_hashes_set_array(struct cfg *cfg, gnutls_digest_algorithm_t *src, + size_t len) { if (unlikely(len >= MAX_ALGOS)) { return gnutls_assert_val(GNUTLS_A_INTERNAL_ERROR); } if (len) { - memcpy(cfg->hashes, - src, sizeof(gnutls_digest_algorithm_t) * len); + memcpy(cfg->hashes, src, + sizeof(gnutls_digest_algorithm_t) * len); } cfg->hashes[len] = 0; return _cfg_hashes_remark(cfg); } -static inline int /* allowlisting-only */ cfg_sigs_set_arrays(struct cfg *cfg, - gnutls_sign_algorithm_t - * src, size_t len, - gnutls_sign_algorithm_t - * src_for_cert, - size_t - len_for_cert) +static inline int /* allowlisting-only */ +cfg_sigs_set_arrays(struct cfg *cfg, gnutls_sign_algorithm_t *src, size_t len, + gnutls_sign_algorithm_t *src_for_cert, size_t len_for_cert) { if (unlikely(len >= MAX_ALGOS)) { return gnutls_assert_val(GNUTLS_A_INTERNAL_ERROR); @@ -1341,11 +1238,8 @@ static inline int /* allowlisting-only */ cfg_sigs_set_arrays(struct cfg *cfg, return _cfg_sigs_remark(cfg); } -static inline int /* allowlisting-only */ cfg_versions_set_array(struct cfg - *cfg, - gnutls_protocol_t - * src, - size_t len) +static inline int /* allowlisting-only */ +cfg_versions_set_array(struct cfg *cfg, gnutls_protocol_t *src, size_t len) { if (unlikely(len >= MAX_ALGOS)) { return gnutls_assert_val(GNUTLS_A_INTERNAL_ERROR); @@ -1357,11 +1251,8 @@ static inline int /* allowlisting-only */ cfg_versions_set_array(struct cfg return _cfg_versions_remark(cfg); } -static inline int /* allowlisting-only */ cfg_ecc_curves_set_array(struct cfg - *cfg, - gnutls_ecc_curve_t - * src, - size_t len) +static inline int /* allowlisting-only */ +cfg_ecc_curves_set_array(struct cfg *cfg, gnutls_ecc_curve_t *src, size_t len) { if (unlikely(len >= MAX_ALGOS)) { return gnutls_assert_val(GNUTLS_A_INTERNAL_ERROR); @@ -1383,24 +1274,23 @@ static inline int /* allowlisting-only */ cfg_ecc_curves_set_array(struct cfg * (hacky, every call is +4 lines, needs a portable static assert) * 3. macro whole functions, not just this operation (harder to find/read) */ -#define APPEND_TO_NULL_TERMINATED_ARRAY(dst, element) \ - do { \ - size_t i; \ - for (i = 0; dst[i] != 0; i++) { \ - if (dst[i] == element) { \ - return 0; \ - } \ - } \ - if (unlikely(i >= MAX_ALGOS)) { \ +#define APPEND_TO_NULL_TERMINATED_ARRAY(dst, element) \ + do { \ + size_t i; \ + for (i = 0; dst[i] != 0; i++) { \ + if (dst[i] == element) { \ + return 0; \ + } \ + } \ + if (unlikely(i >= MAX_ALGOS)) { \ return gnutls_assert_val(GNUTLS_A_INTERNAL_ERROR); \ - } \ - dst[i] = element; \ - dst[i + 1] = 0; \ + } \ + dst[i] = element; \ + dst[i + 1] = 0; \ } while (0) -static inline int /* allowlisting-only */ cfg_hashes_add(struct cfg *cfg, - gnutls_digest_algorithm_t - dig) +static inline int /* allowlisting-only */ +cfg_hashes_add(struct cfg *cfg, gnutls_digest_algorithm_t dig) { _gnutls_debug_log("cfg: enabling digest algorithm %s\n", gnutls_digest_get_name(dig)); @@ -1408,31 +1298,30 @@ static inline int /* allowlisting-only */ cfg_hashes_add(struct cfg *cfg, return _cfg_hashes_remark(cfg); } -static inline int /* allowlisting-only */ cfg_sigs_add(struct cfg *cfg, - gnutls_sign_algorithm_t - sig) +static inline int /* allowlisting-only */ +cfg_sigs_add(struct cfg *cfg, gnutls_sign_algorithm_t sig) { _gnutls_debug_log("cfg: enabling signature algorithm " "(for non-certificate usage) " - "%s\n", gnutls_sign_get_name(sig)); + "%s\n", + gnutls_sign_get_name(sig)); APPEND_TO_NULL_TERMINATED_ARRAY(cfg->sigs, sig); return _cfg_sigs_remark(cfg); } -static inline int /* allowlisting-only */ cfg_sigs_for_cert_add(struct cfg *cfg, - gnutls_sign_algorithm_t - sig) +static inline int /* allowlisting-only */ +cfg_sigs_for_cert_add(struct cfg *cfg, gnutls_sign_algorithm_t sig) { _gnutls_debug_log("cfg: enabling signature algorithm" "(for certificate usage) " - "%s\n", gnutls_sign_get_name(sig)); + "%s\n", + gnutls_sign_get_name(sig)); APPEND_TO_NULL_TERMINATED_ARRAY(cfg->sigs_for_cert, sig); return _cfg_sigs_remark(cfg); } -static inline int /* allowlisting-only */ cfg_versions_add(struct cfg *cfg, - gnutls_protocol_t - prot) +static inline int /* allowlisting-only */ +cfg_versions_add(struct cfg *cfg, gnutls_protocol_t prot) { _gnutls_debug_log("cfg: enabling version %s\n", gnutls_protocol_get_name(prot)); @@ -1440,9 +1329,8 @@ static inline int /* allowlisting-only */ cfg_versions_add(struct cfg *cfg, return _cfg_versions_remark(cfg); } -static inline int /* allowlisting-only */ cfg_ecc_curves_add(struct cfg *cfg, - gnutls_ecc_curve_t - curve) +static inline int /* allowlisting-only */ +cfg_ecc_curves_add(struct cfg *cfg, gnutls_ecc_curve_t curve) { _gnutls_debug_log("cfg: enabling curve %s\n", gnutls_ecc_curve_get_name(curve)); @@ -1457,21 +1345,20 @@ static inline int /* allowlisting-only */ cfg_ecc_curves_add(struct cfg *cfg, */ /* polymorphic way to DRY this removal, see APPEND_TO_NULL_TERMINATED_ARRAY */ -#define REMOVE_FROM_NULL_TERMINATED_ARRAY(dst, element) \ - do { \ - size_t i, j; \ - for (i = 0; dst[i] != 0; i++) { \ - if (dst[i] == element) { \ +#define REMOVE_FROM_NULL_TERMINATED_ARRAY(dst, element) \ + do { \ + size_t i, j; \ + for (i = 0; dst[i] != 0; i++) { \ + if (dst[i] == element) { \ for (j = i; dst[j] != 0; j++) { \ - dst[j] = dst[j + 1]; \ - } \ - } \ - } \ + dst[j] = dst[j + 1]; \ + } \ + } \ + } \ } while (0) -static inline int /* allowlisting-only */ cfg_hashes_remove(struct cfg *cfg, - gnutls_digest_algorithm_t - dig) +static inline int /* allowlisting-only */ +cfg_hashes_remove(struct cfg *cfg, gnutls_digest_algorithm_t dig) { _gnutls_debug_log("cfg: disabling digest algorithm %s\n", gnutls_digest_get_name(dig)); @@ -1479,32 +1366,30 @@ static inline int /* allowlisting-only */ cfg_hashes_remove(struct cfg *cfg, return _cfg_hashes_remark(cfg); } -static inline int /* allowlisting-only */ cfg_sigs_remove(struct cfg *cfg, - gnutls_sign_algorithm_t - sig) +static inline int /* allowlisting-only */ +cfg_sigs_remove(struct cfg *cfg, gnutls_sign_algorithm_t sig) { _gnutls_debug_log("cfg: disabling signature algorithm " "(for non-certificate usage) " - "%s\n", gnutls_sign_get_name(sig)); + "%s\n", + gnutls_sign_get_name(sig)); REMOVE_FROM_NULL_TERMINATED_ARRAY(cfg->sigs, sig); return _cfg_sigs_remark(cfg); } -static inline int /* allowlisting-only */ cfg_sigs_for_cert_remove(struct cfg - *cfg, - gnutls_sign_algorithm_t - sig) +static inline int /* allowlisting-only */ +cfg_sigs_for_cert_remove(struct cfg *cfg, gnutls_sign_algorithm_t sig) { _gnutls_debug_log("cfg: disabling signature algorithm" "(for certificate usage) " - "%s\n", gnutls_sign_get_name(sig)); + "%s\n", + gnutls_sign_get_name(sig)); REMOVE_FROM_NULL_TERMINATED_ARRAY(cfg->sigs_for_cert, sig); return _cfg_sigs_remark(cfg); } -static inline int /* allowlisting-only */ cfg_versions_remove(struct cfg *cfg, - gnutls_protocol_t - prot) +static inline int /* allowlisting-only */ +cfg_versions_remove(struct cfg *cfg, gnutls_protocol_t prot) { _gnutls_debug_log("cfg: disabling version %s\n", gnutls_protocol_get_name(prot)); @@ -1512,9 +1397,8 @@ static inline int /* allowlisting-only */ cfg_versions_remove(struct cfg *cfg, return _cfg_versions_remark(cfg); } -static inline int /* allowlisting-only */ cfg_ecc_curves_remove(struct cfg *cfg, - gnutls_ecc_curve_t - curve) +static inline int /* allowlisting-only */ +cfg_ecc_curves_remove(struct cfg *cfg, gnutls_ecc_curve_t curve) { _gnutls_debug_log("cfg: disabling curve %s\n", gnutls_ecc_curve_get_name(curve)); @@ -1547,14 +1431,14 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) return gnutls_assert_val(ret); } /* also updates `supported` field of global `sup_versions[]` */ - ret = cfg_versions_set_array(cfg, - ctx->versions, ctx->versions_size); + ret = cfg_versions_set_array(cfg, ctx->versions, + ctx->versions_size); if (unlikely(ret < 0)) { return gnutls_assert_val(ret); } /* also updates `supported` field of global `ecc_curves[]` */ - ret = cfg_ecc_curves_set_array(cfg, - ctx->curves, ctx->curves_size); + ret = cfg_ecc_curves_set_array(cfg, ctx->curves, + ctx->curves_size); if (unlikely(ret < 0)) { return gnutls_assert_val(ret); } @@ -1576,9 +1460,8 @@ static inline int cfg_apply(struct cfg *cfg, struct ini_ctx *ctx) } } for (i = 0; i < ctx->sigs_for_cert_size; i++) { - ret = - _gnutls_sign_mark_insecure(ctx->sigs_for_cert[i], - _INSECURE_FOR_CERTS); + ret = _gnutls_sign_mark_insecure(ctx->sigs_for_cert[i], + _INSECURE_FOR_CERTS); if (unlikely(ret < 0)) { return ret; } @@ -1617,8 +1500,8 @@ static int global_ini_handler(void *ctx, const char *section, const char *name, } else if (c_strcasecmp(p, "blocklist") == 0) { cfg->allowlisting = false; } else { - _gnutls_debug_log - ("cfg: unknown override mode %s\n", p); + _gnutls_debug_log( + "cfg: unknown override mode %s\n", p); if (fail_on_invalid_config) return 0; } @@ -1649,24 +1532,21 @@ static bool override_allowed(bool allowlisting, const char *name) static const struct { const char *allowlist_name; const char *blocklist_name; - } names[] = { - {"secure-hash", "insecure-hash"}, - {"secure-sig", "insecure-sig"}, - {"secure-sig-for-cert", "insecure-sig-for-cert"}, - {"enabled-version", "disabled-version"}, - {"enabled-curve", "disabled-curve"}, - {"tls-enabled-cipher", "tls-disabled-cipher"}, - {"tls-enabled-group", "tls-disabled-group"}, - {"tls-enabled-kx", "tls-disabled-kx"}, - {"tls-enabled-mac", "tls-disabled-mac"} - }; + } names[] = { { "secure-hash", "insecure-hash" }, + { "secure-sig", "insecure-sig" }, + { "secure-sig-for-cert", "insecure-sig-for-cert" }, + { "enabled-version", "disabled-version" }, + { "enabled-curve", "disabled-curve" }, + { "tls-enabled-cipher", "tls-disabled-cipher" }, + { "tls-enabled-group", "tls-disabled-group" }, + { "tls-enabled-kx", "tls-disabled-kx" }, + { "tls-enabled-mac", "tls-disabled-mac" } }; size_t i; for (i = 0; i < sizeof(names) / sizeof(names[0]); i++) { - if (c_strcasecmp(name, - allowlisting ? - names[i].blocklist_name : - names[i].allowlist_name) == 0) + if (c_strcasecmp(name, allowlisting ? + names[i].blocklist_name : + names[i].allowlist_name) == 0) return false; } @@ -1690,19 +1570,19 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, * not use that value after we handle it. */ /* Parse sections */ - if (section == NULL || section[0] == 0 - || c_strcasecmp(section, CUSTOM_PRIORITY_SECTION) == 0) { + if (section == NULL || section[0] == 0 || + c_strcasecmp(section, CUSTOM_PRIORITY_SECTION) == 0) { _gnutls_debug_log("cfg: adding priority: %s -> %s\n", name, value); - ret = - _name_val_array_append(&cfg->priority_strings, name, value); + ret = _name_val_array_append(&cfg->priority_strings, name, + value); if (ret < 0) return 0; } else if (c_strcasecmp(section, OVERRIDES_SECTION) == 0) { if (!override_allowed(cfg->allowlisting, name)) { - _gnutls_debug_log - ("cfg: %s is not allowed in this mode\n", name); + _gnutls_debug_log( + "cfg: %s is not allowed in this mode\n", name); if (fail_on_invalid_config) return 0; } else if (c_strcasecmp(name, "default-priority-string") == 0) { @@ -1711,18 +1591,19 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, cfg->default_priority_string = NULL; } p = clear_spaces(value, str); - _gnutls_debug_log - ("cfg: setting default-priority-string to %s\n", p); + _gnutls_debug_log( + "cfg: setting default-priority-string to %s\n", + p); if (strlen(p) > 0) { cfg->default_priority_string = gnutls_strdup(p); if (!cfg->default_priority_string) { - _gnutls_debug_log - ("cfg: failed setting default-priority-string\n"); + _gnutls_debug_log( + "cfg: failed setting default-priority-string\n"); return 0; } } else { - _gnutls_debug_log - ("cfg: empty default-priority-string, using default\n"); + _gnutls_debug_log( + "cfg: empty default-priority-string, using default\n"); if (fail_on_invalid_config) return 0; } @@ -1733,35 +1614,35 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p = clear_spaces(value, str); if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: marking hash %s as secure\n", p); + _gnutls_debug_log( + "cfg: marking hash %s as secure\n", p); } else { - _gnutls_debug_log - ("cfg: marking hash %s as insecure\n", p); + _gnutls_debug_log( + "cfg: marking hash %s as insecure\n", + p); } dig = gnutls_digest_get_id(p); if (dig == GNUTLS_DIG_UNKNOWN) { - _gnutls_debug_log - ("cfg: found unknown hash %s in %s\n", p, - name); + _gnutls_debug_log( + "cfg: found unknown hash %s in %s\n", p, + name); if (fail_on_invalid_config) return 0; goto exit; } - tmp = _gnutls_reallocarray(ctx->hashes, - ctx->hashes_size + 1, - sizeof - (gnutls_digest_algorithm_t)); + tmp = _gnutls_reallocarray( + ctx->hashes, ctx->hashes_size + 1, + sizeof(gnutls_digest_algorithm_t)); if (!tmp) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: failed marking hash %s as secure\n", - p); + _gnutls_debug_log( + "cfg: failed marking hash %s as secure\n", + p); } else { - _gnutls_debug_log - ("cfg: failed marking hash %s as insecure\n", - p); + _gnutls_debug_log( + "cfg: failed marking hash %s as insecure\n", + p); } if (fail_on_invalid_config) return 0; @@ -1778,37 +1659,36 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p = clear_spaces(value, str); if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: marking signature %s as secure\n", - p); + _gnutls_debug_log( + "cfg: marking signature %s as secure\n", + p); } else { - _gnutls_debug_log - ("cfg: marking signature %s as insecure\n", - p); + _gnutls_debug_log( + "cfg: marking signature %s as insecure\n", + p); } sig = gnutls_sign_get_id(p); if (sig == GNUTLS_SIGN_UNKNOWN) { - _gnutls_debug_log - ("cfg: found unknown signature algorithm %s in %s\n", - p, name); + _gnutls_debug_log( + "cfg: found unknown signature algorithm %s in %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; } - tmp = _gnutls_reallocarray(ctx->sigs, - ctx->sigs_size + 1, - sizeof - (gnutls_sign_algorithm_t)); + tmp = _gnutls_reallocarray( + ctx->sigs, ctx->sigs_size + 1, + sizeof(gnutls_sign_algorithm_t)); if (!tmp) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: failed marking signature %s as secure\n", - p); + _gnutls_debug_log( + "cfg: failed marking signature %s as secure\n", + p); } else { - _gnutls_debug_log - ("cfg: failed marking signature %s as insecure\n", - p); + _gnutls_debug_log( + "cfg: failed marking signature %s as insecure\n", + p); } if (fail_on_invalid_config) return 0; @@ -1825,37 +1705,36 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p = clear_spaces(value, str); if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: marking signature %s as secure for certs\n", - p); + _gnutls_debug_log( + "cfg: marking signature %s as secure for certs\n", + p); } else { - _gnutls_debug_log - ("cfg: marking signature %s as insecure for certs\n", - p); + _gnutls_debug_log( + "cfg: marking signature %s as insecure for certs\n", + p); } sig = gnutls_sign_get_id(p); if (sig == GNUTLS_SIGN_UNKNOWN) { - _gnutls_debug_log - ("cfg: found unknown signature algorithm %s in %s\n", - p, name); + _gnutls_debug_log( + "cfg: found unknown signature algorithm %s in %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; } - tmp = _gnutls_reallocarray(ctx->sigs_for_cert, - ctx->sigs_for_cert_size + 1, - sizeof - (gnutls_sign_algorithm_t)); + tmp = _gnutls_reallocarray( + ctx->sigs_for_cert, ctx->sigs_for_cert_size + 1, + sizeof(gnutls_sign_algorithm_t)); if (!tmp) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: failed marking signature %s as secure for certs\n", - p); + _gnutls_debug_log( + "cfg: failed marking signature %s as secure for certs\n", + p); } else { - _gnutls_debug_log - ("cfg: failed marking signature %s as insecure for certs\n", - p); + _gnutls_debug_log( + "cfg: failed marking signature %s as insecure for certs\n", + p); } if (fail_on_invalid_config) return 0; @@ -1881,9 +1760,9 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, prot = gnutls_protocol_get_id(p); if (prot == GNUTLS_VERSION_UNKNOWN) { - _gnutls_debug_log - ("cfg: found unknown version %s in %s\n", p, - name); + _gnutls_debug_log( + "cfg: found unknown version %s in %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; @@ -1893,13 +1772,13 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, sizeof(gnutls_protocol_t)); if (!tmp) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: failed enabling version %s\n", - p); + _gnutls_debug_log( + "cfg: failed enabling version %s\n", + p); } else { - _gnutls_debug_log - ("cfg: failed disabling version %s\n", - p); + _gnutls_debug_log( + "cfg: failed disabling version %s\n", + p); } if (fail_on_invalid_config) return 0; @@ -1925,9 +1804,9 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, curve = gnutls_ecc_curve_get_id(p); if (curve == GNUTLS_ECC_CURVE_INVALID) { - _gnutls_debug_log - ("cfg: found unknown curve %s in %s\n", p, - name); + _gnutls_debug_log( + "cfg: found unknown curve %s in %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; @@ -1937,13 +1816,13 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, sizeof(gnutls_ecc_curve_t)); if (!tmp) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: failed enabling curve %s\n", - p); + _gnutls_debug_log( + "cfg: failed enabling curve %s\n", + p); } else { - _gnutls_debug_log - ("cfg: failed disabling curve %s\n", - p); + _gnutls_debug_log( + "cfg: failed disabling curve %s\n", + p); } if (fail_on_invalid_config) return 0; @@ -1953,16 +1832,17 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, ctx->curves = tmp; ctx->curves[ctx->curves_size] = curve; ctx->curves_size++; - } else if (c_strcasecmp(name, "min-verification-profile") == 0) { + } else if (c_strcasecmp(name, "min-verification-profile") == + 0) { gnutls_certificate_verification_profiles_t profile; profile = - gnutls_certificate_verification_profile_get_id - (value); + gnutls_certificate_verification_profile_get_id( + value); if (profile == GNUTLS_PROFILE_UNKNOWN) { - _gnutls_debug_log - ("cfg: found unknown profile %s in %s\n", - value, name); + _gnutls_debug_log( + "cfg: found unknown profile %s in %s\n", + value, name); if (fail_on_invalid_config) return 0; goto exit; @@ -1976,18 +1856,19 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p = clear_spaces(value, str); if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: enabling cipher %s for TLS\n", p); + _gnutls_debug_log( + "cfg: enabling cipher %s for TLS\n", p); } else { - _gnutls_debug_log - ("cfg: disabling cipher %s for TLS\n", p); + _gnutls_debug_log( + "cfg: disabling cipher %s for TLS\n", + p); } algo = gnutls_cipher_get_id(p); if (algo == GNUTLS_CIPHER_UNKNOWN) { - _gnutls_debug_log - ("cfg: unknown algorithm %s listed at %s\n", - p, name); + _gnutls_debug_log( + "cfg: unknown algorithm %s listed at %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; @@ -1999,13 +1880,13 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, if (i > MAX_ALGOS - 1) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: too many (%d) enabled ciphers from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) enabled ciphers from %s\n", + i, name); } else { - _gnutls_debug_log - ("cfg: too many (%d) disabled ciphers from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) disabled ciphers from %s\n", + i, name); } if (fail_on_invalid_config) return 0; @@ -2021,18 +1902,18 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p = clear_spaces(value, str); if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: enabling MAC %s for TLS\n", p); + _gnutls_debug_log( + "cfg: enabling MAC %s for TLS\n", p); } else { - _gnutls_debug_log - ("cfg: disabling MAC %s for TLS\n", p); + _gnutls_debug_log( + "cfg: disabling MAC %s for TLS\n", p); } algo = gnutls_mac_get_id(p); if (algo == 0) { - _gnutls_debug_log - ("cfg: unknown algorithm %s listed at %s\n", - p, name); + _gnutls_debug_log( + "cfg: unknown algorithm %s listed at %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; @@ -2044,13 +1925,13 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, if (i > MAX_ALGOS - 1) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: too many (%d) enabled MACs from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) enabled MACs from %s\n", + i, name); } else { - _gnutls_debug_log - ("cfg: too many (%d) disabled MACs from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) disabled MACs from %s\n", + i, name); } if (fail_on_invalid_config) return 0; @@ -2068,18 +1949,18 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p += 6; if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: enabling group %s for TLS\n", p); + _gnutls_debug_log( + "cfg: enabling group %s for TLS\n", p); } else { - _gnutls_debug_log - ("cfg: disabling group %s for TLS\n", p); + _gnutls_debug_log( + "cfg: disabling group %s for TLS\n", p); } algo = _gnutls_group_get_id(p); if (algo == 0) { - _gnutls_debug_log - ("cfg: unknown group %s listed at %s\n", p, - name); + _gnutls_debug_log( + "cfg: unknown group %s listed at %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; @@ -2091,13 +1972,13 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, if (i > MAX_ALGOS - 1) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: too many (%d) enabled groups from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) enabled groups from %s\n", + i, name); } else { - _gnutls_debug_log - ("cfg: too many (%d) disabled groups from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) disabled groups from %s\n", + i, name); } if (fail_on_invalid_config) return 0; @@ -2112,20 +1993,20 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, p = clear_spaces(value, str); if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: enabling key exchange %s for TLS\n", - p); + _gnutls_debug_log( + "cfg: enabling key exchange %s for TLS\n", + p); } else { - _gnutls_debug_log - ("cfg: disabling key exchange %s for TLS\n", - p); + _gnutls_debug_log( + "cfg: disabling key exchange %s for TLS\n", + p); } algo = gnutls_kx_get_id(p); if (algo == 0) { - _gnutls_debug_log - ("cfg: unknown key exchange %s listed at %s\n", - p, name); + _gnutls_debug_log( + "cfg: unknown key exchange %s listed at %s\n", + p, name); if (fail_on_invalid_config) return 0; goto exit; @@ -2137,13 +2018,13 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, if (i > MAX_ALGOS - 1) { if (cfg->allowlisting) { - _gnutls_debug_log - ("cfg: too many (%d) enabled key exchanges from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) enabled key exchanges from %s\n", + i, name); } else { - _gnutls_debug_log - ("cfg: too many (%d) disabled key exchanges from %s\n", - i, name); + _gnutls_debug_log( + "cfg: too many (%d) disabled key exchanges from %s\n", + i, name); } if (fail_on_invalid_config) return 0; @@ -2162,12 +2043,12 @@ static int cfg_ini_handler(void *_ctx, const char *section, const char *name, return 0; } - exit: +exit: return 1; } static int /* not locking system_wide_config */ -construct_system_wide_priority_string(gnutls_buffer_st * buf) +construct_system_wide_priority_string(gnutls_buffer_st *buf) { int ret; size_t i; @@ -2187,9 +2068,8 @@ construct_system_wide_priority_string(gnutls_buffer_st * buf) return ret; } - ret = _gnutls_buffer_append_str(buf, - gnutls_kx_get_name - (system_wide_config.kxs[i])); + ret = _gnutls_buffer_append_str( + buf, gnutls_kx_get_name(system_wide_config.kxs[i])); if (ret < 0) { _gnutls_buffer_clear(buf); return ret; @@ -2203,9 +2083,9 @@ construct_system_wide_priority_string(gnutls_buffer_st * buf) return ret; } - ret = _gnutls_buffer_append_str(buf, - gnutls_group_get_name - (system_wide_config.groups[i])); + ret = _gnutls_buffer_append_str( + buf, + gnutls_group_get_name(system_wide_config.groups[i])); if (ret < 0) { _gnutls_buffer_clear(buf); return ret; @@ -2219,10 +2099,9 @@ construct_system_wide_priority_string(gnutls_buffer_st * buf) return ret; } - ret = _gnutls_buffer_append_str(buf, - gnutls_cipher_get_name - (system_wide_config.ciphers - [i])); + ret = _gnutls_buffer_append_str( + buf, + gnutls_cipher_get_name(system_wide_config.ciphers[i])); if (ret < 0) { _gnutls_buffer_clear(buf); return ret; @@ -2236,9 +2115,8 @@ construct_system_wide_priority_string(gnutls_buffer_st * buf) return ret; } - ret = _gnutls_buffer_append_str(buf, - gnutls_mac_get_name - (system_wide_config.macs[i])); + ret = _gnutls_buffer_append_str( + buf, gnutls_mac_get_name(system_wide_config.macs[i])); if (ret < 0) { _gnutls_buffer_clear(buf); return ret; @@ -2252,9 +2130,8 @@ construct_system_wide_priority_string(gnutls_buffer_st * buf) return ret; } - ret = _gnutls_buffer_append_str(buf, - gnutls_sign_get_name - (system_wide_config.sigs[i])); + ret = _gnutls_buffer_append_str( + buf, gnutls_sign_get_name(system_wide_config.sigs[i])); if (ret < 0) { _gnutls_buffer_clear(buf); return ret; @@ -2268,10 +2145,9 @@ construct_system_wide_priority_string(gnutls_buffer_st * buf) return ret; } - ret = _gnutls_buffer_append_str(buf, - gnutls_protocol_get_name - (system_wide_config.versions - [i])); + ret = _gnutls_buffer_append_str( + buf, gnutls_protocol_get_name( + system_wide_config.versions[i])); if (ret < 0) { _gnutls_buffer_clear(buf); return ret; @@ -2327,7 +2203,7 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) _gnutls_debug_log("cfg: system priority %s has not changed\n", system_priority_file); if (system_wide_config.priority_string) { - goto out; /* nothing to do */ + goto out; /* nothing to do */ } } @@ -2343,7 +2219,7 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) */ if (system_priority_file_loaded) { system_priority_file_loaded = - (system_priority_last_mod == sb.st_mtime); + (system_priority_last_mod == sb.st_mtime); } if (!system_priority_file_loaded) { @@ -2386,7 +2262,6 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) _gnutls_debug_log("cfg: loaded system config %s mtime %lld\n", system_priority_file, (unsigned long long)sb.st_mtime); - } if (system_wide_config.allowlisting) { @@ -2404,9 +2279,9 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) "system-wide priority string\n"); } if (ret < 0) { - _gnutls_debug_log - ("cfg: unable to build priority string: %s\n", - gnutls_strerror(ret)); + _gnutls_debug_log( + "cfg: unable to build priority string: %s\n", + gnutls_strerror(ret)); if (fail_on_invalid_config) exit(1); goto out; @@ -2416,7 +2291,7 @@ static int _gnutls_update_system_priorities(bool defer_system_wide) system_priority_file_loaded = 1; system_priority_last_mod = sb.st_mtime; - out: +out: (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); if (err && fail_on_invalid_config) { @@ -2439,7 +2314,7 @@ void _gnutls_prepare_to_load_system_priorities(void) if (p != NULL && p[0] == '1' && p[1] == 0) fail_on_invalid_config = 1; - ret = _gnutls_update_system_priorities(true /* defer_system_wide */ ); + ret = _gnutls_update_system_priorities(true /* defer_system_wide */); if (ret < 0) { _gnutls_debug_log("failed to update system priorities: %s\n", gnutls_strerror(ret)); @@ -2469,7 +2344,7 @@ const char *gnutls_get_system_config_file(void) return system_priority_file; } -#define S(str) ((str!=NULL)?str:"") +#define S(str) ((str != NULL) ? str : "") /* Returns the new priorities if a priority string prefixed * with '@' is provided, or just a copy of the provided @@ -2506,7 +2381,7 @@ char *_gnutls_resolve_priorities(const char *priorities) /* Always try to refresh the cached data, to allow it to be * updated without restarting all applications. */ - ret = _gnutls_update_system_priorities(false /* defer_system_wide */ ); + ret = _gnutls_update_system_priorities(false /* defer_system_wide */); if (ret < 0) { _gnutls_debug_log("failed to update system priorities: %s\n", gnutls_strerror(ret)); @@ -2535,9 +2410,9 @@ char *_gnutls_resolve_priorities(const char *priorities) ret = gnutls_rwlock_rdlock(&system_wide_config_rwlock); if (ret < 0) { - _gnutls_debug_log - ("cannot read system priority strings: %s\n", - gnutls_strerror(ret)); + _gnutls_debug_log( + "cannot read system priority strings: %s\n", + gnutls_strerror(ret)); break; } if (system_wide_config.allowlisting && @@ -2545,8 +2420,9 @@ char *_gnutls_resolve_priorities(const char *priorities) strncmp(LEVEL_SYSTEM, ss, ss_len) == 0) { p = system_wide_config.priority_string; } else { - p = _name_val_array_value - (system_wide_config.priority_strings, ss, ss_len); + p = _name_val_array_value( + system_wide_config.priority_strings, ss, + ss_len); } _gnutls_debug_log("resolved '%.*s' to '%s', next '%.*s'\n", @@ -2592,17 +2468,17 @@ static void add_ec(gnutls_priority_t priority_cache) unsigned i; for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { - ge = _gnutls_id_to_group(priority_cache-> - _supported_ecc.priorities[i]); - if (ge != NULL - && priority_cache->groups.size < - sizeof(priority_cache->groups.entry) / - sizeof(priority_cache->groups.entry[0])) { + ge = _gnutls_id_to_group( + priority_cache->_supported_ecc.priorities[i]); + if (ge != NULL && + priority_cache->groups.size < + sizeof(priority_cache->groups.entry) / + sizeof(priority_cache->groups.entry[0])) { /* do not add groups which do not correspond to enabled ciphersuites */ if (!ge->curve) continue; - priority_cache->groups.entry[priority_cache-> - groups.size++] = ge; + priority_cache->groups + .entry[priority_cache->groups.size++] = ge; } } } @@ -2613,17 +2489,17 @@ static void add_dh(gnutls_priority_t priority_cache) unsigned i; for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { - ge = _gnutls_id_to_group(priority_cache-> - _supported_ecc.priorities[i]); - if (ge != NULL - && priority_cache->groups.size < - sizeof(priority_cache->groups.entry) / - sizeof(priority_cache->groups.entry[0])) { + ge = _gnutls_id_to_group( + priority_cache->_supported_ecc.priorities[i]); + if (ge != NULL && + priority_cache->groups.size < + sizeof(priority_cache->groups.entry) / + sizeof(priority_cache->groups.entry[0])) { /* do not add groups which do not correspond to enabled ciphersuites */ if (!ge->prime) continue; - priority_cache->groups.entry[priority_cache-> - groups.size++] = ge; + priority_cache->groups + .entry[priority_cache->groups.size++] = ge; priority_cache->groups.have_ffdhe = 1; } } @@ -2677,7 +2553,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (priority_cache->_kx.priorities[i] != system_wide_config.kxs[z]) priority_cache->_kx.priorities[j++] = - priority_cache->_kx.priorities[i]; + priority_cache->_kx + .priorities[i]; } priority_cache->_kx.num_priorities = j; z++; @@ -2689,13 +2566,13 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) for (i = j = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { - if (priority_cache-> - _supported_ecc.priorities[i] != + if (priority_cache->_supported_ecc + .priorities[i] != system_wide_config.groups[z]) - priority_cache-> - _supported_ecc.priorities[j++] = - priority_cache-> - _supported_ecc.priorities[i]; + priority_cache->_supported_ecc + .priorities[j++] = + priority_cache->_supported_ecc + .priorities[i]; } priority_cache->_supported_ecc.num_priorities = j; z++; @@ -2708,10 +2585,9 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) i < priority_cache->_cipher.num_priorities; i++) { if (priority_cache->_cipher.priorities[i] != system_wide_config.ciphers[z]) - priority_cache-> - _cipher.priorities[j++] = - priority_cache-> - _cipher.priorities[i]; + priority_cache->_cipher.priorities[j++] = + priority_cache->_cipher + .priorities[i]; } priority_cache->_cipher.num_priorities = j; z++; @@ -2725,7 +2601,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (priority_cache->_mac.priorities[i] != system_wide_config.macs[z]) priority_cache->_mac.priorities[j++] = - priority_cache->_mac.priorities[i]; + priority_cache->_mac + .priorities[i]; } priority_cache->_mac.num_priorities = j; z++; @@ -2733,7 +2610,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } for (j = 0; j < priority_cache->_cipher.num_priorities; j++) { - if (priority_cache->_cipher.priorities[j] == GNUTLS_CIPHER_NULL) { + if (priority_cache->_cipher.priorities[j] == + GNUTLS_CIPHER_NULL) { have_null = 1; break; } @@ -2742,7 +2620,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) for (i = 0; i < priority_cache->_kx.num_priorities; i++) { if (IS_SRP_KX(priority_cache->_kx.priorities[i])) { have_srp = 1; - } else if (_gnutls_kx_is_psk(priority_cache->_kx.priorities[i])) { + } else if (_gnutls_kx_is_psk( + priority_cache->_kx.priorities[i])) { if (priority_cache->_kx.priorities[i] == GNUTLS_KX_RSA_PSK) have_rsa_psk = 1; @@ -2758,22 +2637,21 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) (system_wide_config.allowlisting && vers->supported_revertible)) priority_cache->protocol.priorities[j++] = - priority_cache->protocol.priorities[i]; + priority_cache->protocol.priorities[i]; } priority_cache->protocol.num_priorities = j; /* if we have NULL ciphersuites, SRP, or RSA-PSK enabled remove TLS1.3+ * protocol versions; they cannot be negotiated under TLS1.3. */ - if (have_null || have_srp || have_rsa_psk - || priority_cache->no_extensions) { + if (have_null || have_srp || have_rsa_psk || + priority_cache->no_extensions) { for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) { - vers = - version_to_entry(priority_cache-> - protocol.priorities[i]); + vers = version_to_entry( + priority_cache->protocol.priorities[i]); if (!vers || !vers->tls13_sem) priority_cache->protocol.priorities[j++] = - priority_cache->protocol.priorities[i]; + priority_cache->protocol.priorities[i]; } priority_cache->protocol.num_priorities = j; } @@ -2783,7 +2661,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (!vers) continue; - if (vers->transport == GNUTLS_STREAM) { /* TLS */ + if (vers->transport == GNUTLS_STREAM) { /* TLS */ tls_sig_sem |= vers->tls_sig_sem; if (vers->tls13_sem) have_tls13 = 1; @@ -2797,7 +2675,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) tlsmax = vers; if (tlsmin == NULL || vers->age < tlsmin->age) tlsmin = vers; - } else { /* dtls */ + } else { /* dtls */ tls_sig_sem |= vers->tls_sig_sem; /* we need to introduce similar handling to above @@ -2828,11 +2706,9 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) /* Add TLS 1.3 ciphersuites (no KX) */ for (j = 0; j < priority_cache->_cipher.num_priorities; j++) { for (z = 0; z < priority_cache->_mac.num_priorities; z++) { - ce = cipher_suite_get(0, - priority_cache-> - _cipher.priorities[j], - priority_cache-> - _mac.priorities[z]); + ce = cipher_suite_get( + 0, priority_cache->_cipher.priorities[j], + priority_cache->_mac.priorities[z]); if (ce == NULL) continue; @@ -2843,8 +2719,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) continue; if (priority_cache->cs.size < MAX_CIPHERSUITE_SIZE) - priority_cache->cs.entry[priority_cache-> - cs.size++] = ce; + priority_cache->cs + .entry[priority_cache->cs.size++] = ce; } } @@ -2852,12 +2728,10 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) for (j = 0; j < priority_cache->_cipher.num_priorities; j++) { for (z = 0; z < priority_cache->_mac.num_priorities; z++) { - ce = cipher_suite_get(priority_cache-> - _kx.priorities[i], - priority_cache-> - _cipher.priorities[j], - priority_cache-> - _mac.priorities[z]); + ce = cipher_suite_get( + priority_cache->_kx.priorities[i], + priority_cache->_cipher.priorities[j], + priority_cache->_mac.priorities[z]); if (ce == NULL) continue; @@ -2870,18 +2744,16 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (priority_cache->cs.size == MAX_CIPHERSUITE_SIZE) continue; - priority_cache->cs.entry[priority_cache-> - cs.size++] = ce; - if (!have_ec - && (_gnutls_kx_is_ecc(ce->kx_algorithm) - || - _gnutls_kx_is_vko_gost - (ce->kx_algorithm))) { + priority_cache->cs + .entry[priority_cache->cs.size++] = ce; + if (!have_ec && + (_gnutls_kx_is_ecc(ce->kx_algorithm) || + _gnutls_kx_is_vko_gost(ce->kx_algorithm))) { have_ec = 1; add_ec(priority_cache); } - if (!have_dh - && _gnutls_kx_is_dhe(ce->kx_algorithm)) { + if (!have_dh && + _gnutls_kx_is_dhe(ce->kx_algorithm)) { have_dh = 1; add_dh(priority_cache); } @@ -2894,8 +2766,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) for (i = 0; i < priority_cache->_supported_ecc.num_priorities; i++) { const gnutls_group_entry_st *ge; - ge = _gnutls_id_to_group(priority_cache-> - _supported_ecc.priorities[i]); + ge = _gnutls_id_to_group( + priority_cache->_supported_ecc.priorities[i]); if (ge) { if (ge->curve && !have_ec) { add_ec(priority_cache); @@ -2909,36 +2781,36 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) break; } } - } for (i = 0; i < priority_cache->_sign_algo.num_priorities; i++) { - se = _gnutls_sign_to_entry(priority_cache-> - _sign_algo.priorities[i]); - if (se != NULL - && priority_cache->sigalg.size < - sizeof(priority_cache->sigalg.entry) / - sizeof(priority_cache->sigalg.entry[0])) { + se = _gnutls_sign_to_entry( + priority_cache->_sign_algo.priorities[i]); + if (se != NULL && + priority_cache->sigalg.size < + sizeof(priority_cache->sigalg.entry) / + sizeof(priority_cache->sigalg.entry[0])) { /* if the signature algorithm semantics is not * compatible with the protocol's, or the algorithm is * marked as insecure, then skip. */ if ((se->aid.tls_sem & tls_sig_sem) == 0 || - !_gnutls_sign_is_secure2(se, - system_wide_config.allowlisting - ? - GNUTLS_SIGN_FLAG_ALLOW_INSECURE_REVERTIBLE - : 0)) { + !_gnutls_sign_is_secure2( + se, + system_wide_config.allowlisting ? + GNUTLS_SIGN_FLAG_ALLOW_INSECURE_REVERTIBLE : + 0)) { continue; } - priority_cache->sigalg.entry[priority_cache-> - sigalg.size++] = se; + priority_cache->sigalg + .entry[priority_cache->sigalg.size++] = se; } } - _gnutls_debug_log - ("added %d protocols, %d ciphersuites, %d sig algos and %d groups into priority list\n", - priority_cache->protocol.num_priorities, priority_cache->cs.size, - priority_cache->sigalg.size, priority_cache->groups.size); + _gnutls_debug_log( + "added %d protocols, %d ciphersuites, %d sig algos and %d groups into priority list\n", + priority_cache->protocol.num_priorities, + priority_cache->cs.size, priority_cache->sigalg.size, + priority_cache->groups.size); if (priority_cache->sigalg.size == 0) { /* no signature algorithms; eliminate TLS 1.2 or DTLS 1.2 and later */ @@ -2950,13 +2822,13 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (priority_cache->protocol.priorities[i] < GNUTLS_TLS1_2) { newp.priorities[newp.num_priorities++] = - priority_cache->protocol.priorities[i]; + priority_cache->protocol.priorities[i]; } else if (priority_cache->protocol.priorities[i] >= - GNUTLS_DTLS_VERSION_MIN - && priority_cache->protocol.priorities[i] < - GNUTLS_DTLS1_2) { + GNUTLS_DTLS_VERSION_MIN && + priority_cache->protocol.priorities[i] < + GNUTLS_DTLS1_2) { newp.priorities[newp.num_priorities++] = - priority_cache->protocol.priorities[i]; + priority_cache->protocol.priorities[i]; } } memcpy(&priority_cache->protocol, &newp, sizeof(newp)); @@ -2967,9 +2839,9 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) goto out; } #ifndef ENABLE_SSL3 - else if (unlikely - (priority_cache->protocol.num_priorities == 1 - && priority_cache->protocol.priorities[0] == GNUTLS_SSL3)) { + else if (unlikely(priority_cache->protocol.num_priorities == 1 && + priority_cache->protocol.priorities[0] == + GNUTLS_SSL3)) { ret = gnutls_assert_val(GNUTLS_E_NO_PRIORITIES_WERE_SET); goto out; } @@ -2984,20 +2856,17 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) * we require TLS1.2 to be enabled if TLS1.3 is asked for, and * a pre-TLS1.2 protocol is there; that is because servers which * do not support TLS1.3 will negotiate TLS1.2 if seen a TLS1.3 handshake */ - if (unlikely - ((!have_psk && tlsmax && tlsmax->id >= GNUTLS_TLS1_3 - && priority_cache->groups.size == 0)) || (!have_tls12 - && have_pre_tls12 - && have_tls13)) { + if (unlikely((!have_psk && tlsmax && tlsmax->id >= GNUTLS_TLS1_3 && + priority_cache->groups.size == 0)) || + (!have_tls12 && have_pre_tls12 && have_tls13)) { for (i = j = 0; i < priority_cache->protocol.num_priorities; i++) { - vers = - version_to_entry(priority_cache-> - protocol.priorities[i]); - if (!vers || vers->transport != GNUTLS_STREAM - || !vers->tls13_sem) + vers = version_to_entry( + priority_cache->protocol.priorities[i]); + if (!vers || vers->transport != GNUTLS_STREAM || + !vers->tls13_sem) priority_cache->protocol.priorities[j++] = - priority_cache->protocol.priorities[i]; + priority_cache->protocol.priorities[i]; } priority_cache->protocol.num_priorities = j; } @@ -3006,8 +2875,8 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) if (system_wide_config.verification_profile) { gnutls_sec_param_t level = priority_cache->level; gnutls_sec_param_t system_wide_level = - _gnutls_profile_to_sec_level - (system_wide_config.verification_profile); + _gnutls_profile_to_sec_level( + system_wide_config.verification_profile); if (level < system_wide_level) { ENABLE_PROFILE(priority_cache, @@ -3015,7 +2884,7 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) } } - out: +out: (void)gnutls_rwlock_unlock(&system_wide_config_rwlock); return ret; } @@ -3121,10 +2990,9 @@ static int set_ciphersuite_list(gnutls_priority_t priority_cache) * * Since: 3.6.3 **/ -int -gnutls_priority_init2(gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos, - unsigned flags) +int gnutls_priority_init2(gnutls_priority_t *priority_cache, + const char *priorities, const char **err_pos, + unsigned flags) { gnutls_buffer_st buf; const char *ep; @@ -3140,9 +3008,8 @@ gnutls_priority_init2(gnutls_priority_t * priority_cache, _gnutls_buffer_init(&buf); - ret = - _gnutls_buffer_append_str(&buf, - _gnutls_default_priority_string); + ret = _gnutls_buffer_append_str( + &buf, _gnutls_default_priority_string); if (ret < 0) { _gnutls_buffer_clear(&buf); return gnutls_assert_val(ret); @@ -3160,13 +3027,12 @@ gnutls_priority_init2(gnutls_priority_t * priority_cache, return gnutls_assert_val(ret); } - ret = - gnutls_priority_init(priority_cache, (const char *)buf.data, - &ep); + ret = gnutls_priority_init(priority_cache, + (const char *)buf.data, &ep); if (ret < 0 && ep != (const char *)buf.data && ep != NULL) { ptrdiff_t diff = (ptrdiff_t)ep - (ptrdiff_t)buf.data; unsigned hlen = - strlen(_gnutls_default_priority_string) + 1; + strlen(_gnutls_default_priority_string) + 1; if (err_pos && diff > hlen) { *err_pos = priorities + diff - hlen; @@ -3180,7 +3046,8 @@ gnutls_priority_init2(gnutls_priority_t * priority_cache, } } -#define PRIO_MATCH(name) c_strncasecmp(&broken_list[i][1], name, sizeof(name) - 1) +#define PRIO_MATCH(name) \ + c_strncasecmp(&broken_list[i][1], name, sizeof(name) - 1) /** * gnutls_priority_init: @@ -3202,9 +3069,8 @@ gnutls_priority_init2(gnutls_priority_t * priority_cache, * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned, * %GNUTLS_E_SUCCESS on success, or an error code. **/ -int -gnutls_priority_init(gnutls_priority_t * priority_cache, - const char *priorities, const char **err_pos) +int gnutls_priority_init(gnutls_priority_t *priority_cache, + const char *priorities, const char **err_pos) { char *broken_list[MAX_ELEMENTS]; int broken_list_size = 0, i = 0, j; @@ -3280,13 +3146,13 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, } for (; i < broken_list_size; i++) { - if (check_level(broken_list[i], *priority_cache, ikeyword_set) - != 0) { + if (check_level(broken_list[i], *priority_cache, + ikeyword_set) != 0) { ikeyword_set = 1; continue; - } else if (broken_list[i][0] == '!' - || broken_list[i][0] == '+' - || broken_list[i][0] == '-') { + } else if (broken_list[i][0] == '!' || + broken_list[i][0] == '+' || + broken_list[i][0] == '-') { if (broken_list[i][0] == '+') { fn = prio_add; bulk_fn = _add_priority; @@ -3297,108 +3163,95 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, bulk_given_fn = _clear_given_priorities; } - if (broken_list[i][0] == '+' - && check_level(&broken_list[i][1], - *priority_cache, 1) != 0) { + if (broken_list[i][0] == '+' && + check_level(&broken_list[i][1], *priority_cache, + 1) != 0) { continue; - } else if ((algo = - gnutls_mac_get_id(&broken_list[i][1])) - != GNUTLS_MAC_UNKNOWN) { + } else if ((algo = gnutls_mac_get_id( + &broken_list[i][1])) != + GNUTLS_MAC_UNKNOWN) { fn(&(*priority_cache)->_mac, algo); - } else - if ((centry = - cipher_name_to_entry(&broken_list[i][1])) != - NULL) { + } else if ((centry = cipher_name_to_entry( + &broken_list[i][1])) != NULL) { if (_gnutls_cipher_exists(centry->id)) { fn(&(*priority_cache)->_cipher, centry->id); if (centry->type == CIPHER_BLOCK) (*priority_cache)->have_cbc = 1; } - } else if ((algo = - _gnutls_kx_get_id(&broken_list[i][1])) != + } else if ((algo = _gnutls_kx_get_id( + &broken_list[i][1])) != GNUTLS_KX_UNKNOWN) { if (algo != GNUTLS_KX_INVALID) fn(&(*priority_cache)->_kx, algo); } else if (PRIO_MATCH("VERS-") == 0) { if (PRIO_MATCH("VERS-TLS-ALL") == 0) { - bulk_given_fn(& - (*priority_cache)-> - protocol, - stream_protocol_priority); + bulk_given_fn( + &(*priority_cache)->protocol, + stream_protocol_priority); } else if (PRIO_MATCH("VERS-DTLS-ALL") == 0) { - bulk_given_fn(& - (*priority_cache)-> - protocol, - (bulk_given_fn == - _add_priority) ? - dtls_protocol_priority : - dgram_protocol_priority); + bulk_given_fn( + &(*priority_cache)->protocol, + (bulk_given_fn == + _add_priority) ? + dtls_protocol_priority : + dgram_protocol_priority); } else if (PRIO_MATCH("VERS-ALL") == 0) { bulk_fn(&(*priority_cache)->protocol, protocol_priority); } else { - if ((algo = - gnutls_protocol_get_id - (&broken_list[i][6])) != + if ((algo = gnutls_protocol_get_id( + &broken_list[i][6])) != GNUTLS_VERSION_UNKNOWN) { fn(&(*priority_cache)->protocol, algo); } else goto error; - } - } /* now check if the element is something like -ALGO */ + } /* now check if the element is something like -ALGO */ else if (PRIO_MATCH("COMP-") == 0) { /* ignore all compression methods */ continue; - } /* now check if the element is something like -ALGO */ + } /* now check if the element is something like -ALGO */ else if (PRIO_MATCH("CURVE-") == 0) { if (PRIO_MATCH("CURVE-ALL") == 0) { - bulk_fn(& - (*priority_cache)-> - _supported_ecc, + bulk_fn(&(*priority_cache) + ->_supported_ecc, supported_groups_normal); } else { - if ((algo = - gnutls_ecc_curve_get_id - (&broken_list[i][7])) != + if ((algo = gnutls_ecc_curve_get_id( + &broken_list[i][7])) != GNUTLS_ECC_CURVE_INVALID) - fn(& - (*priority_cache)-> - _supported_ecc, algo); + fn(&(*priority_cache) + ->_supported_ecc, + algo); else goto error; } } else if (PRIO_MATCH("GROUP-") == 0) { if (PRIO_MATCH("GROUP-ALL") == 0) { - bulk_fn(& - (*priority_cache)-> - _supported_ecc, + bulk_fn(&(*priority_cache) + ->_supported_ecc, supported_groups_normal); } else if (PRIO_MATCH("GROUP-DH-ALL") == 0) { - bulk_given_fn(& - (*priority_cache)-> - _supported_ecc, + bulk_given_fn(&(*priority_cache) + ->_supported_ecc, _supported_groups_dh); } else if (PRIO_MATCH("GROUP-EC-ALL") == 0) { - bulk_given_fn(& - (*priority_cache)-> - _supported_ecc, + bulk_given_fn(&(*priority_cache) + ->_supported_ecc, _supported_groups_ecdh); } else if (PRIO_MATCH("GROUP-GOST-ALL") == 0) { - bulk_given_fn(& - (*priority_cache)-> - _supported_ecc, + bulk_given_fn(&(*priority_cache) + ->_supported_ecc, _supported_groups_gost); } else { - if ((algo = - _gnutls_group_get_id - (&broken_list[i][7])) != + if ((algo = _gnutls_group_get_id( + &broken_list[i][7])) != GNUTLS_GROUP_INVALID) - fn(& - (*priority_cache)-> - _supported_ecc, algo); + fn(&(*priority_cache) + ->_supported_ecc, + algo); else goto error; } @@ -3406,27 +3259,24 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, // Certificate types if (PRIO_MATCH("CTYPE-ALL") == 0) { // Symmetric cert types, all types allowed - bulk_fn(& - (*priority_cache)->client_ctype, + bulk_fn(&(*priority_cache)->client_ctype, cert_type_priority_all); - bulk_fn(& - (*priority_cache)->server_ctype, + bulk_fn(&(*priority_cache)->server_ctype, cert_type_priority_all); } else if (PRIO_MATCH("CTYPE-CLI-") == 0) { // Client certificate types if (PRIO_MATCH("CTYPE-CLI-ALL") == 0) { // All client cert types allowed - bulk_fn(& - (*priority_cache)->client_ctype, + bulk_fn(&(*priority_cache) + ->client_ctype, cert_type_priority_all); - } else - if ((algo = - gnutls_certificate_type_get_id - (&broken_list[i][11])) != - GNUTLS_CRT_UNKNOWN) { + } else if ((algo = gnutls_certificate_type_get_id( + &broken_list[i] + [11])) != + GNUTLS_CRT_UNKNOWN) { // Specific client cert type allowed - fn(& - (*priority_cache)->client_ctype, + fn(&(*priority_cache) + ->client_ctype, algo); } else goto error; @@ -3434,33 +3284,32 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, // Server certificate types if (PRIO_MATCH("CTYPE-SRV-ALL") == 0) { // All server cert types allowed - bulk_fn(& - (*priority_cache)->server_ctype, + bulk_fn(&(*priority_cache) + ->server_ctype, cert_type_priority_all); - } else - if ((algo = - gnutls_certificate_type_get_id - (&broken_list[i][11])) != - GNUTLS_CRT_UNKNOWN) { + } else if ((algo = gnutls_certificate_type_get_id( + &broken_list[i] + [11])) != + GNUTLS_CRT_UNKNOWN) { // Specific server cert type allowed - fn(& - (*priority_cache)->server_ctype, + fn(&(*priority_cache) + ->server_ctype, algo); } else goto error; - } else { // Symmetric certificate type - if ((algo = - gnutls_certificate_type_get_id - (&broken_list[i][7])) != + } else { // Symmetric certificate type + if ((algo = gnutls_certificate_type_get_id( + &broken_list[i][7])) != GNUTLS_CRT_UNKNOWN) { - fn(& - (*priority_cache)->client_ctype, + fn(&(*priority_cache) + ->client_ctype, algo); - fn(& - (*priority_cache)->server_ctype, + fn(&(*priority_cache) + ->server_ctype, algo); - } else if (PRIO_MATCH("CTYPE-OPENPGP") - == 0) { + } else if (PRIO_MATCH( + "CTYPE-OPENPGP") == + 0) { /* legacy openpgp option - ignore */ continue; } else @@ -3474,13 +3323,12 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, bulk_fn(&(*priority_cache)->_sign_algo, sign_priority_gost); } else { - if ((algo = - gnutls_sign_get_id - (&broken_list[i][6])) != + if ((algo = gnutls_sign_get_id( + &broken_list[i][6])) != GNUTLS_SIGN_UNKNOWN) - fn(& - (*priority_cache)-> - _sign_algo, algo); + fn(&(*priority_cache) + ->_sign_algo, + algo); else goto error; } @@ -3509,9 +3357,9 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, kx_priority_gost); } } else if (PRIO_MATCH("GOST") == 0) { - bulk_given_fn(& - (*priority_cache)->_supported_ecc, - _supported_groups_gost); + bulk_given_fn( + &(*priority_cache)->_supported_ecc, + _supported_groups_gost); bulk_fn(&(*priority_cache)->_sign_algo, sign_priority_gost); bulk_fn(&(*priority_cache)->_mac, @@ -3547,7 +3395,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, return 0; - error: +error: if (err_pos != NULL && i < broken_list_size && resolved_match) { *err_pos = priorities; for (j = 0; j < i; j++) { @@ -3556,7 +3404,7 @@ gnutls_priority_init(gnutls_priority_t * priority_cache, } ret = GNUTLS_E_INVALID_REQUEST; - error_cleanup: +error_cleanup: gnutls_free(darg); gnutls_priority_deinit(*priority_cache); *priority_cache = NULL; @@ -3609,9 +3457,8 @@ void gnutls_priority_deinit(gnutls_priority_t priority_cache) * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned, * %GNUTLS_E_SUCCESS on success, or an error code. **/ -int -gnutls_priority_set_direct(gnutls_session_t session, - const char *priorities, const char **err_pos) +int gnutls_priority_set_direct(gnutls_session_t session, const char *priorities, + const char **err_pos) { gnutls_priority_t prio; int ret; @@ -3651,14 +3498,13 @@ static void break_list(char *list, char *broken_list[MAX_ELEMENTS], int *size) p = strchr(p, ':'); if (p) { *p = 0; - p++; /* move to next entry and skip white + p++; /* move to next entry and skip white * space. */ while (*p == ' ') p++; } - } - while (p != NULL && *size < MAX_ELEMENTS); + } while (p != NULL && *size < MAX_ELEMENTS); } /** @@ -3723,9 +3569,8 @@ int gnutls_set_default_priority_append(gnutls_session_t session, gnutls_priority_t prio; int ret; - ret = - gnutls_priority_init2(&prio, add_prio, err_pos, - GNUTLS_PRIORITY_INIT_DEF_APPEND); + ret = gnutls_priority_init2(&prio, add_prio, err_pos, + GNUTLS_PRIORITY_INIT_DEF_APPEND); if (ret < 0) { gnutls_assert(); return ret; @@ -3758,9 +3603,8 @@ int gnutls_set_default_priority_append(gnutls_session_t session, * * Since: 3.0 **/ -int -gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, - const unsigned int **list) +int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, + const unsigned int **list) { unsigned i; @@ -3790,8 +3634,8 @@ gnutls_priority_ecc_curve_list(gnutls_priority_t pcache, * * Since: 3.6.0 **/ -int -gnutls_priority_group_list(gnutls_priority_t pcache, const unsigned int **list) +int gnutls_priority_group_list(gnutls_priority_t pcache, + const unsigned int **list) { if (pcache->_supported_ecc.num_priorities == 0) return 0; @@ -3831,8 +3675,8 @@ int gnutls_priority_kx_list(gnutls_priority_t pcache, const unsigned int **list) * Returns: the number of items, or an error code. * Since: 3.2.3 **/ -int -gnutls_priority_cipher_list(gnutls_priority_t pcache, const unsigned int **list) +int gnutls_priority_cipher_list(gnutls_priority_t pcache, + const unsigned int **list) { if (pcache->_cipher.num_priorities == 0) return 0; @@ -3852,8 +3696,8 @@ gnutls_priority_cipher_list(gnutls_priority_t pcache, const unsigned int **list) * Returns: the number of items, or an error code. * Since: 3.2.3 **/ -int -gnutls_priority_mac_list(gnutls_priority_t pcache, const unsigned int **list) +int gnutls_priority_mac_list(gnutls_priority_t pcache, + const unsigned int **list) { if (pcache->_mac.num_priorities == 0) return 0; @@ -3873,9 +3717,8 @@ gnutls_priority_mac_list(gnutls_priority_t pcache, const unsigned int **list) * Returns: the number of methods, or an error code. * Since: 3.0 **/ -int -gnutls_priority_compression_list(gnutls_priority_t pcache, - const unsigned int **list) +int gnutls_priority_compression_list(gnutls_priority_t pcache, + const unsigned int **list) { static const unsigned int priority[1] = { GNUTLS_COMP_NULL }; @@ -3894,9 +3737,8 @@ gnutls_priority_compression_list(gnutls_priority_t pcache, * Returns: the number of protocols, or an error code. * Since: 3.0 **/ -int -gnutls_priority_protocol_list(gnutls_priority_t pcache, - const unsigned int **list) +int gnutls_priority_protocol_list(gnutls_priority_t pcache, + const unsigned int **list) { if (pcache->protocol.num_priorities == 0) return 0; @@ -3916,8 +3758,8 @@ gnutls_priority_protocol_list(gnutls_priority_t pcache, * Returns: the number of algorithms, or an error code. * Since: 3.0 **/ -int -gnutls_priority_sign_list(gnutls_priority_t pcache, const unsigned int **list) +int gnutls_priority_sign_list(gnutls_priority_t pcache, + const unsigned int **list) { if (pcache->_sign_algo.num_priorities == 0) return 0; @@ -3943,13 +3785,12 @@ gnutls_priority_sign_list(gnutls_priority_t pcache, const unsigned int **list) * Returns: the number of certificate types, or an error code. * Since: 3.0 **/ -int -gnutls_priority_certificate_type_list(gnutls_priority_t pcache, - const unsigned int **list) +int gnutls_priority_certificate_type_list(gnutls_priority_t pcache, + const unsigned int **list) { - gnutls_ctype_target_t target = - pcache->server_precedence ? GNUTLS_CTYPE_SERVER : - GNUTLS_CTYPE_CLIENT; + gnutls_ctype_target_t target = pcache->server_precedence ? + GNUTLS_CTYPE_SERVER : + GNUTLS_CTYPE_CLIENT; return gnutls_priority_certificate_type_list2(pcache, list, target); } @@ -3968,10 +3809,9 @@ gnutls_priority_certificate_type_list(gnutls_priority_t pcache, * * Since: 3.6.4 **/ -int -gnutls_priority_certificate_type_list2(gnutls_priority_t pcache, - const unsigned int **list, - gnutls_ctype_target_t target) +int gnutls_priority_certificate_type_list2(gnutls_priority_t pcache, + const unsigned int **list, + gnutls_ctype_target_t target) { switch (target) { case GNUTLS_CTYPE_CLIENT: @@ -4040,7 +3880,7 @@ system_wide_config_is_malleable(void) } if (system_wide_config.priority_string) { _gnutls_audit_log(NULL, "priority strings have already been " - "initialized!\n"); + "initialized!\n"); return false; } return true; @@ -4173,9 +4013,8 @@ int gnutls_sign_set_secure(gnutls_sign_algorithm_t sign, unsigned int secure) * * Since: 3.7.3 */ -int -gnutls_sign_set_secure_for_certs(gnutls_sign_algorithm_t sign, - unsigned int secure) +int gnutls_sign_set_secure_for_certs(gnutls_sign_algorithm_t sign, + unsigned int secure) { #ifndef DISABLE_SYSTEM_CONFIG int ret; @@ -4231,9 +4070,9 @@ gnutls_sign_set_secure_for_certs(gnutls_sign_algorithm_t sign, * * Since: 3.7.3 */ -int /* allowlisting-only */ - /* not thread-safe */ gnutls_protocol_set_enabled(gnutls_protocol_t version, - unsigned int enabled) +int /* allowlisting-only */ +/* not thread-safe */ +gnutls_protocol_set_enabled(gnutls_protocol_t version, unsigned int enabled) { #ifndef DISABLE_SYSTEM_CONFIG int ret; |