diff options
| author | Simon Josefsson <simon@josefsson.org> | 2005-11-07 23:27:56 +0000 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2005-11-07 23:27:56 +0000 |
| commit | a5891d75997c9529b9fc5c273df8bd0df4093cd0 (patch) | |
| tree | fd6eec448a88c5eb891cc145921c5793662da604 /lib/x509 | |
| parent | af21484a8daf15da48f7d00c4fe632708a757a64 (diff) | |
| download | gnutls-a5891d75997c9529b9fc5c273df8bd0df4093cd0.tar.gz | |
Use GNU coding style.
Diffstat (limited to 'lib/x509')
35 files changed, 11756 insertions, 10264 deletions
diff --git a/lib/x509/common.c b/lib/x509/common.c index a619e59625..ae707c2afc 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -35,69 +35,73 @@ #include <mpi.h> #include <time.h> -typedef struct _oid2string { - const char *oid; - const char *ldap_desc; - int choice; /* of type DirectoryString */ - int printable; +typedef struct _oid2string +{ + const char *oid; + const char *ldap_desc; + int choice; /* of type DirectoryString */ + int printable; } oid2string; /* This list contains all the OIDs that may be * contained in a rdnSequence and are printable. */ static const oid2string _oid2str[] = { - /* PKIX - */ - {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1}, - {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1}, - {"1.3.6.1.5.5.7.9.3", "gender", 0, 1}, - {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1}, - {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1}, - - {"2.5.4.6", "C", 0, 1}, - {"2.5.4.9", "STREET", 1, 1}, - {"2.5.4.12", "T", 1, 1}, - {"2.5.4.10", "O", 1, 1}, - {"2.5.4.11", "OU", 1, 1}, - {"2.5.4.3", "CN", 1, 1}, - {"2.5.4.7", "L", 1, 1}, - {"2.5.4.8", "ST", 1, 1}, - - {"2.5.4.5", "serialNumber", 0, 1}, - {"2.5.4.20", "telephoneNumber", 0, 1}, - {"2.5.4.4", "surName", 1, 1}, - {"2.5.4.43", "initials", 1, 1}, - {"2.5.4.44", "generationQualifier", 1, 1}, - {"2.5.4.42", "givenName", 1, 1}, - {"2.5.4.65", "pseudonym", 1, 1}, - {"2.5.4.46", "dnQualifier", 0, 1}, - - {"0.9.2342.19200300.100.1.25", "DC", 0, 1}, - {"0.9.2342.19200300.100.1.1", "UID", 0, 1}, - - /* PKCS #9 - */ - {"1.2.840.113549.1.9.1", "EMAIL", 0, 1}, - {"1.2.840.113549.1.9.7", NULL, 1, 1}, - - /* friendly name */ - {"1.2.840.113549.1.9.20", NULL, 0, 1}, - {NULL, NULL, 0, 0} + /* PKIX + */ + {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1}, + {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1}, + {"1.3.6.1.5.5.7.9.3", "gender", 0, 1}, + {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1}, + {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1}, + + {"2.5.4.6", "C", 0, 1}, + {"2.5.4.9", "STREET", 1, 1}, + {"2.5.4.12", "T", 1, 1}, + {"2.5.4.10", "O", 1, 1}, + {"2.5.4.11", "OU", 1, 1}, + {"2.5.4.3", "CN", 1, 1}, + {"2.5.4.7", "L", 1, 1}, + {"2.5.4.8", "ST", 1, 1}, + + {"2.5.4.5", "serialNumber", 0, 1}, + {"2.5.4.20", "telephoneNumber", 0, 1}, + {"2.5.4.4", "surName", 1, 1}, + {"2.5.4.43", "initials", 1, 1}, + {"2.5.4.44", "generationQualifier", 1, 1}, + {"2.5.4.42", "givenName", 1, 1}, + {"2.5.4.65", "pseudonym", 1, 1}, + {"2.5.4.46", "dnQualifier", 0, 1}, + + {"0.9.2342.19200300.100.1.25", "DC", 0, 1}, + {"0.9.2342.19200300.100.1.1", "UID", 0, 1}, + + /* PKCS #9 + */ + {"1.2.840.113549.1.9.1", "EMAIL", 0, 1}, + {"1.2.840.113549.1.9.7", NULL, 1, 1}, + + /* friendly name */ + {"1.2.840.113549.1.9.20", NULL, 0, 1}, + {NULL, NULL, 0, 0} }; /* Returns 1 if the data defined by the OID are printable. */ -int _gnutls_x509_oid_data_printable(const char *oid) +int +_gnutls_x509_oid_data_printable (const char *oid) { - int i = 0; + int i = 0; - do { - if (strcmp(_oid2str[i].oid, oid) == 0) - return _oid2str[i].printable; - i++; - } while (_oid2str[i].oid != NULL); + do + { + if (strcmp (_oid2str[i].oid, oid) == 0) + return _oid2str[i].printable; + i++; + } + while (_oid2str[i].oid != NULL); - return 0; + return 0; } /** @@ -114,46 +118,55 @@ int _gnutls_x509_oid_data_printable(const char *oid) * Returns 1 on known OIDs and 0 otherwise. * **/ -int gnutls_x509_dn_oid_known(const char *oid) +int +gnutls_x509_dn_oid_known (const char *oid) { - int i = 0; + int i = 0; - do { - if (strcmp(_oid2str[i].oid, oid) == 0) - return 1; - i++; - } while (_oid2str[i].oid != NULL); + do + { + if (strcmp (_oid2str[i].oid, oid) == 0) + return 1; + i++; + } + while (_oid2str[i].oid != NULL); - return 0; + return 0; } /* Returns 1 if the data defined by the OID are of a choice * type. */ -int _gnutls_x509_oid_data_choice(const char *oid) +int +_gnutls_x509_oid_data_choice (const char *oid) { - int i = 0; + int i = 0; - do { - if (strcmp(_oid2str[i].oid, oid) == 0) - return _oid2str[i].choice; - i++; - } while (_oid2str[i].oid != NULL); + do + { + if (strcmp (_oid2str[i].oid, oid) == 0) + return _oid2str[i].choice; + i++; + } + while (_oid2str[i].oid != NULL); - return 0; + return 0; } -const char *_gnutls_x509_oid2ldap_string(const char *oid) +const char * +_gnutls_x509_oid2ldap_string (const char *oid) { - int i = 0; + int i = 0; - do { - if (strcmp(_oid2str[i].oid, oid) == 0) - return _oid2str[i].ldap_desc; - i++; - } while (_oid2str[i].oid != NULL); + do + { + if (strcmp (_oid2str[i].oid, oid) == 0) + return _oid2str[i].ldap_desc; + i++; + } + while (_oid2str[i].oid != NULL); - return NULL; + return NULL; } /* This function will convert an attribute value, specified by the OID, @@ -162,166 +175,187 @@ const char *_gnutls_x509_oid2ldap_string(const char *oid) * res may be null. This will just return the res_size, needed to * hold the string. */ -int _gnutls_x509_oid_data2string(const char *oid, void *value, - int value_size, char *res, - size_t * res_size) +int +_gnutls_x509_oid_data2string (const char *oid, void *value, + int value_size, char *res, size_t * res_size) { - char str[MAX_STRING_LEN], tmpname[128]; - const char *ANAME = NULL; - int CHOICE = -1, len = -1, result; - ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; - - if (value == NULL || value_size <= 0 || res_size == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + char str[MAX_STRING_LEN], tmpname[128]; + const char *ANAME = NULL; + int CHOICE = -1, len = -1, result; + ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; + + if (value == NULL || value_size <= 0 || res_size == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (_gnutls_x509_oid_data_printable(oid) == 0) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (_gnutls_x509_oid_data_printable (oid) == 0) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - ANAME = asn1_find_structure_from_oid(_gnutls_get_pkix(), oid); - CHOICE = _gnutls_x509_oid_data_choice(oid); + ANAME = asn1_find_structure_from_oid (_gnutls_get_pkix (), oid); + CHOICE = _gnutls_x509_oid_data_choice (oid); - if (ANAME == NULL) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (ANAME == NULL) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - _gnutls_str_cpy(str, sizeof(str), "PKIX1."); - _gnutls_str_cat(str, sizeof(str), ANAME); + _gnutls_str_cpy (str, sizeof (str), "PKIX1."); + _gnutls_str_cat (str, sizeof (str), ANAME); - if ((result = - asn1_create_element(_gnutls_get_pkix(), str, - &tmpasn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = + asn1_create_element (_gnutls_get_pkix (), str, + &tmpasn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if ((result = - asn1_der_decoding(&tmpasn, value, value_size, - NULL)) != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&tmpasn); - return _gnutls_asn2err(result); + if ((result = + asn1_der_decoding (&tmpasn, value, value_size, NULL)) != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&tmpasn); + return _gnutls_asn2err (result); } - /* If this is a choice then we read the choice. Otherwise it - * is the value; - */ - len = sizeof(str) - 1; - if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */ - gnutls_assert(); - asn1_delete_structure(&tmpasn); - return _gnutls_asn2err(result); + /* If this is a choice then we read the choice. Otherwise it + * is the value; + */ + len = sizeof (str) - 1; + if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS) + { /* CHOICE */ + gnutls_assert (); + asn1_delete_structure (&tmpasn); + return _gnutls_asn2err (result); } - if (CHOICE == 0) { - str[len] = 0; - - if (res) - _gnutls_str_cpy(res, *res_size, str); - *res_size = len; + if (CHOICE == 0) + { + str[len] = 0; - asn1_delete_structure(&tmpasn); - } else { /* CHOICE */ - int non_printable = 0, teletex = 0; - str[len] = 0; + if (res) + _gnutls_str_cpy (res, *res_size, str); + *res_size = len; - /* Note that we do not support strings other than - * UTF-8 (thus ASCII as well). - */ - if (strcmp(str, "printableString") != 0 && - strcmp(str, "utf8String") != 0) { - non_printable = 1; + asn1_delete_structure (&tmpasn); + } + else + { /* CHOICE */ + int non_printable = 0, teletex = 0; + str[len] = 0; + + /* Note that we do not support strings other than + * UTF-8 (thus ASCII as well). + */ + if (strcmp (str, "printableString") != 0 && + strcmp (str, "utf8String") != 0) + { + non_printable = 1; } - if (strcmp(str, "teletexString") == 0) - teletex = 1; + if (strcmp (str, "teletexString") == 0) + teletex = 1; - _gnutls_str_cpy(tmpname, sizeof(tmpname), str); + _gnutls_str_cpy (tmpname, sizeof (tmpname), str); - len = sizeof(str) - 1; - if ((result = - asn1_read_value(tmpasn, tmpname, str, - &len)) != ASN1_SUCCESS) { - asn1_delete_structure(&tmpasn); - return _gnutls_asn2err(result); + len = sizeof (str) - 1; + if ((result = + asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS) + { + asn1_delete_structure (&tmpasn); + return _gnutls_asn2err (result); } - asn1_delete_structure(&tmpasn); + asn1_delete_structure (&tmpasn); - if (teletex != 0) { - int ascii = 0, i; - /* HACK: if the teletex string contains only ascii - * characters then treat it as printable. - */ - for (i = 0; i < len; i++) - if (!isascii(str[i])) - ascii = 1; + if (teletex != 0) + { + int ascii = 0, i; + /* HACK: if the teletex string contains only ascii + * characters then treat it as printable. + */ + for (i = 0; i < len; i++) + if (!isascii (str[i])) + ascii = 1; - if (ascii == 0) - non_printable = 0; + if (ascii == 0) + non_printable = 0; } - if (res) { - if (non_printable == 0) { - str[len] = 0; - _gnutls_str_cpy(res, *res_size, str); - *res_size = len; - } else { - result = _gnutls_x509_data2hex(str, len, res, res_size); - if (result < 0) { - gnutls_assert(); - return result; + if (res) + { + if (non_printable == 0) + { + str[len] = 0; + _gnutls_str_cpy (res, *res_size, str); + *res_size = len; + } + else + { + result = _gnutls_x509_data2hex (str, len, res, res_size); + if (result < 0) + { + gnutls_assert (); + return result; } } } } - return 0; + return 0; } /* Converts a data string to an LDAP rfc2253 hex string * something like '#01020304' */ -int _gnutls_x509_data2hex(const opaque * data, size_t data_size, - opaque * out, size_t * sizeof_out) +int +_gnutls_x509_data2hex (const opaque * data, size_t data_size, + opaque * out, size_t * sizeof_out) { - char *res; - char escaped[MAX_STRING_LEN]; - - if (2 * data_size + 1 > MAX_STRING_LEN) - { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; - } - - res = _gnutls_bin2hex(data, data_size, escaped, sizeof(escaped)); - - if (res) { - unsigned int size = strlen(res) + 1; - if (size + 1 > *sizeof_out) { - *sizeof_out = size; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + char *res; + char escaped[MAX_STRING_LEN]; + + if (2 * data_size + 1 > MAX_STRING_LEN) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; + } + + res = _gnutls_bin2hex (data, data_size, escaped, sizeof (escaped)); + + if (res) + { + unsigned int size = strlen (res) + 1; + if (size + 1 > *sizeof_out) + { + *sizeof_out = size; + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *sizeof_out = size; /* -1 for the null +1 for the '#' */ + *sizeof_out = size; /* -1 for the null +1 for the '#' */ - if (out) { - strcpy(out, "#"); - strcat(out, res); + if (out) + { + strcpy (out, "#"); + strcat (out, res); } - return 0; - } else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + return 0; + } + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - return 0; + return 0; } @@ -329,12 +363,13 @@ int _gnutls_x509_data2hex(const opaque * data, size_t data_size, * numbers to characters. Use a character string of MAX_INT_DIGITS, in * order to have enough space for it. */ -void _gnutls_int2str(unsigned int k, char *data) +void +_gnutls_int2str (unsigned int k, char *data) { - if (k > 999) - sprintf(data, "%d", 999); - else - sprintf(data, "%d", k); + if (k > 999) + sprintf (data, "%d", 999); + else + sprintf (data, "%d", k); } /* TIME functions @@ -346,13 +381,14 @@ void _gnutls_int2str(unsigned int k, char *data) * Since we do not use libc's functions, we don't need to * depend on the libc structure. */ -typedef struct fake_tm { - int tm_mon; - int tm_year; /* FULL year - ie 1971 */ - int tm_mday; - int tm_hour; - int tm_min; - int tm_sec; +typedef struct fake_tm +{ + int tm_mon; + int tm_year; /* FULL year - ie 1971 */ + int tm_mday; + int tm_hour; + int tm_min; + int tm_sec; } fake_tm; /* The mktime_utc function is due to Russ Allbery (rra@stanford.edu), @@ -362,7 +398,7 @@ typedef struct fake_tm { /* The number of days in each month. */ static const int MONTHDAYS[] = { - 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 + 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; /* Whether a given year is a leap year. */ @@ -375,31 +411,32 @@ static const int MONTHDAYS[] = { ** convertable. Note that this function does not canonicalize the provided ** struct tm, nor does it allow out of range values or years before 1970. */ -static time_t mktime_utc(const struct fake_tm *tm) +static time_t +mktime_utc (const struct fake_tm *tm) { - time_t result = 0; - int i; + time_t result = 0; + int i; /* We do allow some ill-formed dates, but we don't do anything special * with them and our callers really shouldn't pass them to us. Do * explicitly disallow the ones that would cause invalid array accesses * or other algorithm problems. */ - if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) - return (time_t) - 1; + if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970) + return (time_t) - 1; /* Convert to a time_t. */ - for (i = 1970; i < tm->tm_year; i++) - result += 365 + ISLEAP(i); - for (i = 0; i < tm->tm_mon; i++) - result += MONTHDAYS[i]; - if (tm->tm_mon > 1 && ISLEAP(tm->tm_year)) - result++; - result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour; - result = 60 * result + tm->tm_min; - result = 60 * result + tm->tm_sec; - return result; + for (i = 1970; i < tm->tm_year; i++) + result += 365 + ISLEAP (i); + for (i = 0; i < tm->tm_mon; i++) + result += MONTHDAYS[i]; + if (tm->tm_mon > 1 && ISLEAP (tm->tm_year)) + result++; + result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour; + result = 60 * result + tm->tm_min; + result = 60 * result + tm->tm_sec; + return result; } @@ -407,61 +444,65 @@ static time_t mktime_utc(const struct fake_tm *tm) * month|day|hour|minute|sec* (2 chars each) * and year is given. Returns a time_t date. */ -time_t _gnutls_x509_time2gtime(const char *ttime, int year) +time_t +_gnutls_x509_time2gtime (const char *ttime, int year) { - char xx[3]; - struct fake_tm etime; - time_t ret; - - if (strlen(ttime) < 8) { - gnutls_assert(); - return (time_t) - 1; + char xx[3]; + struct fake_tm etime; + time_t ret; + + if (strlen (ttime) < 8) + { + gnutls_assert (); + return (time_t) - 1; } - etime.tm_year = year; + etime.tm_year = year; - /* In order to work with 32 bit - * time_t. - */ - if (sizeof(time_t) <= 4 && etime.tm_year >= 2038) - return (time_t) 2145914603; /* 2037-12-31 23:23:23 */ + /* In order to work with 32 bit + * time_t. + */ + if (sizeof (time_t) <= 4 && etime.tm_year >= 2038) + return (time_t) 2145914603; /* 2037-12-31 23:23:23 */ - xx[2] = 0; + xx[2] = 0; /* get the month */ - memcpy(xx, ttime, 2); /* month */ - etime.tm_mon = atoi(xx) - 1; - ttime += 2; + memcpy (xx, ttime, 2); /* month */ + etime.tm_mon = atoi (xx) - 1; + ttime += 2; /* get the day */ - memcpy(xx, ttime, 2); /* day */ - etime.tm_mday = atoi(xx); - ttime += 2; + memcpy (xx, ttime, 2); /* day */ + etime.tm_mday = atoi (xx); + ttime += 2; /* get the hour */ - memcpy(xx, ttime, 2); /* hour */ - etime.tm_hour = atoi(xx); - ttime += 2; + memcpy (xx, ttime, 2); /* hour */ + etime.tm_hour = atoi (xx); + ttime += 2; /* get the minutes */ - memcpy(xx, ttime, 2); /* minutes */ - etime.tm_min = atoi(xx); - ttime += 2; - - if (strlen(ttime) >= 2) { - memcpy(xx, ttime, 2); - etime.tm_sec = atoi(xx); - ttime += 2; - } else - etime.tm_sec = 0; + memcpy (xx, ttime, 2); /* minutes */ + etime.tm_min = atoi (xx); + ttime += 2; + + if (strlen (ttime) >= 2) + { + memcpy (xx, ttime, 2); + etime.tm_sec = atoi (xx); + ttime += 2; + } + else + etime.tm_sec = 0; - ret = mktime_utc(&etime); + ret = mktime_utc (&etime); - return ret; + return ret; } @@ -471,59 +512,62 @@ time_t _gnutls_x509_time2gtime(const char *ttime, int year) * * (seconds are optional) */ -time_t _gnutls_x509_utcTime2gtime(const char *ttime) +time_t +_gnutls_x509_utcTime2gtime (const char *ttime) { - char xx[3]; - int year; + char xx[3]; + int year; - if (strlen(ttime) < 10) { - gnutls_assert(); - return (time_t) - 1; + if (strlen (ttime) < 10) + { + gnutls_assert (); + return (time_t) - 1; } - xx[2] = 0; + xx[2] = 0; /* get the year */ - memcpy(xx, ttime, 2); /* year */ - year = atoi(xx); - ttime += 2; + memcpy (xx, ttime, 2); /* year */ + year = atoi (xx); + ttime += 2; - if (year > 49) - year += 1900; - else - year += 2000; + if (year > 49) + year += 1900; + else + year += 2000; - return _gnutls_x509_time2gtime(ttime, year); + return _gnutls_x509_time2gtime (ttime, year); } /* returns a time value that contains the given time. * The given time is expressed as: * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2) */ -int _gnutls_x509_gtime2utcTime(time_t gtime, char *str_time, - int str_time_size) +int +_gnutls_x509_gtime2utcTime (time_t gtime, char *str_time, int str_time_size) { - size_t ret; + size_t ret; #ifdef HAVE_GMTIME_R - struct tm _tm; + struct tm _tm; - gmtime_r(>ime, &_tm); + gmtime_r (>ime, &_tm); - ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm); + ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm); #else - struct tm *_tm; + struct tm *_tm; - _tm = gmtime(>ime); + _tm = gmtime (>ime); - ret = strftime(str_time, str_time_size, "%y%m%d%H%M%SZ", _tm); + ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", _tm); #endif - if (!ret) { - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (!ret) + { + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - return 0; + return 0; } @@ -531,31 +575,34 @@ int _gnutls_x509_gtime2utcTime(time_t gtime, char *str_time, * The given time is expressed as: * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)* */ -time_t _gnutls_x509_generalTime2gtime(const char *ttime) +time_t +_gnutls_x509_generalTime2gtime (const char *ttime) { - char xx[5]; - int year; + char xx[5]; + int year; - if (strlen(ttime) < 12) { - gnutls_assert(); - return (time_t) - 1; + if (strlen (ttime) < 12) + { + gnutls_assert (); + return (time_t) - 1; } - if (strchr(ttime, 'Z') == 0) { - gnutls_assert(); - /* sorry we don't support it yet - */ - return (time_t) - 1; + if (strchr (ttime, 'Z') == 0) + { + gnutls_assert (); + /* sorry we don't support it yet + */ + return (time_t) - 1; } - xx[4] = 0; + xx[4] = 0; /* get the year */ - memcpy(xx, ttime, 4); /* year */ - year = atoi(xx); - ttime += 4; + memcpy (xx, ttime, 4); /* year */ + year = atoi (xx); + ttime += 4; - return _gnutls_x509_time2gtime(ttime, year); + return _gnutls_x509_time2gtime (ttime, year); } @@ -563,240 +610,267 @@ time_t _gnutls_x509_generalTime2gtime(const char *ttime) * be something like "tbsCertList.thisUpdate". */ #define MAX_TIME 1024 -time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when) +time_t +_gnutls_x509_get_time (ASN1_TYPE c2, const char *when) { - char ttime[MAX_TIME]; - char name[1024]; - time_t c_time = (time_t) - 1; - int len, result; - - _gnutls_str_cpy(name, sizeof(name), when); - - len = sizeof(ttime) - 1; - if ((result = asn1_read_value(c2, name, ttime, &len)) < 0) { - gnutls_assert(); - return (time_t) (-1); + char ttime[MAX_TIME]; + char name[1024]; + time_t c_time = (time_t) - 1; + int len, result; + + _gnutls_str_cpy (name, sizeof (name), when); + + len = sizeof (ttime) - 1; + if ((result = asn1_read_value (c2, name, ttime, &len)) < 0) + { + gnutls_assert (); + return (time_t) (-1); } - /* CHOICE */ - if (strcmp(ttime, "generalTime") == 0) { - - _gnutls_str_cat(name, sizeof(name), ".generalTime"); - len = sizeof(ttime) - 1; - result = asn1_read_value(c2, name, ttime, &len); - if (result == ASN1_SUCCESS) - c_time = _gnutls_x509_generalTime2gtime(ttime); - } else { /* UTCTIME */ + /* CHOICE */ + if (strcmp (ttime, "generalTime") == 0) + { - _gnutls_str_cat(name, sizeof(name), ".utcTime"); - len = sizeof(ttime) - 1; - result = asn1_read_value(c2, name, ttime, &len); - if (result == ASN1_SUCCESS) - c_time = _gnutls_x509_utcTime2gtime(ttime); + _gnutls_str_cat (name, sizeof (name), ".generalTime"); + len = sizeof (ttime) - 1; + result = asn1_read_value (c2, name, ttime, &len); + if (result == ASN1_SUCCESS) + c_time = _gnutls_x509_generalTime2gtime (ttime); + } + else + { /* UTCTIME */ + + _gnutls_str_cat (name, sizeof (name), ".utcTime"); + len = sizeof (ttime) - 1; + result = asn1_read_value (c2, name, ttime, &len); + if (result == ASN1_SUCCESS) + c_time = _gnutls_x509_utcTime2gtime (ttime); } - /* We cannot handle dates after 2031 in 32 bit machines. - * a time_t of 64bits has to be used. - */ + /* We cannot handle dates after 2031 in 32 bit machines. + * a time_t of 64bits has to be used. + */ - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return (time_t) (-1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return (time_t) (-1); } - return c_time; + return c_time; } /* Sets the time in time_t in the ASN1_TYPE given. Where should * be something like "tbsCertList.thisUpdate". */ -int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim) +int +_gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim) { - char str_time[MAX_TIME]; - char name[1024]; - int result, len; + char str_time[MAX_TIME]; + char name[1024]; + int result, len; - _gnutls_str_cpy(name, sizeof(name), where); + _gnutls_str_cpy (name, sizeof (name), where); - if ((result = asn1_write_value(c2, name, "utcTime", 1)) < 0) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_write_value (c2, name, "utcTime", 1)) < 0) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = _gnutls_x509_gtime2utcTime(tim, str_time, sizeof(str_time)); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time)); + if (result < 0) + { + gnutls_assert (); + return result; } - _gnutls_str_cat(name, sizeof(name), ".utcTime"); + _gnutls_str_cat (name, sizeof (name), ".utcTime"); - len = strlen( str_time); - result = asn1_write_value(c2, name, str_time, len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + len = strlen (str_time); + result = asn1_write_value (c2, name, str_time, len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } -gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type) +gnutls_x509_subject_alt_name_t +_gnutls_x509_san_find_type (char *str_type) { - if (strcmp(str_type, "dNSName") == 0) - return GNUTLS_SAN_DNSNAME; - if (strcmp(str_type, "rfc822Name") == 0) - return GNUTLS_SAN_RFC822NAME; - if (strcmp(str_type, "uniformResourceIdentifier") == 0) - return GNUTLS_SAN_URI; - if (strcmp(str_type, "iPAddress") == 0) - return GNUTLS_SAN_IPADDRESS; - return (gnutls_x509_subject_alt_name_t) - 1; + if (strcmp (str_type, "dNSName") == 0) + return GNUTLS_SAN_DNSNAME; + if (strcmp (str_type, "rfc822Name") == 0) + return GNUTLS_SAN_RFC822NAME; + if (strcmp (str_type, "uniformResourceIdentifier") == 0) + return GNUTLS_SAN_URI; + if (strcmp (str_type, "iPAddress") == 0) + return GNUTLS_SAN_IPADDRESS; + return (gnutls_x509_subject_alt_name_t) - 1; } /* A generic export function. Will export the given ASN.1 encoded data * to PEM or DER raw data. */ -int _gnutls_x509_export_int(ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt_t format, char *pem_header, - int tmp_buf_size, unsigned char *output_data, - size_t * output_data_size) +int +_gnutls_x509_export_int (ASN1_TYPE asn1_data, + gnutls_x509_crt_fmt_t format, char *pem_header, + int tmp_buf_size, unsigned char *output_data, + size_t * output_data_size) { - int result, len; - if (tmp_buf_size == 0) - tmp_buf_size = 16 * 1024; - - if (format == GNUTLS_X509_FMT_DER) { - - if (output_data == NULL) - *output_data_size = 0; - - len = *output_data_size; - - if ((result = - asn1_der_coding(asn1_data, "", output_data, &len, - NULL)) != ASN1_SUCCESS) { - *output_data_size = len; - if (result == ASN1_MEM_ERROR) { - return GNUTLS_E_SHORT_MEMORY_BUFFER; + int result, len; + if (tmp_buf_size == 0) + tmp_buf_size = 16 * 1024; + + if (format == GNUTLS_X509_FMT_DER) + { + + if (output_data == NULL) + *output_data_size = 0; + + len = *output_data_size; + + if ((result = + asn1_der_coding (asn1_data, "", output_data, &len, + NULL)) != ASN1_SUCCESS) + { + *output_data_size = len; + if (result == ASN1_MEM_ERROR) + { + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - gnutls_assert(); - return _gnutls_asn2err(result); + gnutls_assert (); + return _gnutls_asn2err (result); } - *output_data_size = len; - - } else { /* PEM */ - opaque *tmp; - opaque *out; + *output_data_size = len; - len = tmp_buf_size; - - tmp = gnutls_alloca(len); - if (tmp == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + } + else + { /* PEM */ + opaque *tmp; + opaque *out; + + len = tmp_buf_size; + + tmp = gnutls_alloca (len); + if (tmp == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - if ((result = - asn1_der_coding(asn1_data, "", tmp, &len, - NULL)) != ASN1_SUCCESS) { - gnutls_assert(); - if (result == ASN1_MEM_ERROR) { - *output_data_size = B64FSIZE(strlen(pem_header), len) + 1; + if ((result = + asn1_der_coding (asn1_data, "", tmp, &len, NULL)) != ASN1_SUCCESS) + { + gnutls_assert (); + if (result == ASN1_MEM_ERROR) + { + *output_data_size = B64FSIZE (strlen (pem_header), len) + 1; } - gnutls_afree(tmp); - return _gnutls_asn2err(result); + gnutls_afree (tmp); + return _gnutls_asn2err (result); } - result = _gnutls_fbase64_encode(pem_header, tmp, len, &out); + result = _gnutls_fbase64_encode (pem_header, tmp, len, &out); - gnutls_afree(tmp); + gnutls_afree (tmp); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - if (result == 0) { /* oooops */ - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (result == 0) + { /* oooops */ + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - if ((uint) result > *output_data_size) { - gnutls_assert(); - gnutls_free(out); - *output_data_size = result; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if ((uint) result > *output_data_size) + { + gnutls_assert (); + gnutls_free (out); + *output_data_size = result; + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *output_data_size = result; + *output_data_size = result; - if (output_data) { - memcpy(output_data, out, result); + if (output_data) + { + memcpy (output_data, out, result); - /* do not include the null character into output size. - */ - *output_data_size = result - 1; + /* do not include the null character into output size. + */ + *output_data_size = result - 1; } - gnutls_free(out); + gnutls_free (out); } - return 0; + return 0; } /* Decodes an octet string. Leave string_type null for a normal * octet string. Otherwise put something like BMPString, PrintableString * etc. */ -int _gnutls_x509_decode_octet_string( const char* string_type, - const opaque* der, size_t der_size, - opaque* output, size_t* output_size) +int +_gnutls_x509_decode_octet_string (const char *string_type, + const opaque * der, size_t der_size, + opaque * output, size_t * output_size) { -ASN1_TYPE c2 = ASN1_TYPE_EMPTY; -int result, tmp_output_size; -char strname[64]; - - if (string_type == NULL) - _gnutls_str_cpy( strname, sizeof(strname), "PKIX1.pkcs-7-Data"); - else { - _gnutls_str_cpy( strname, sizeof(strname), "PKIX1."); - _gnutls_str_cat( strname, sizeof(strname), string_type); - } - - if ((result = asn1_create_element - (_gnutls_get_pkix(), strname, - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, tmp_output_size; + char strname[64]; + + if (string_type == NULL) + _gnutls_str_cpy (strname, sizeof (strname), "PKIX1.pkcs-7-Data"); + else + { + _gnutls_str_cpy (strname, sizeof (strname), "PKIX1."); + _gnutls_str_cat (strname, sizeof (strname), string_type); + } - result = asn1_der_decoding(&c2, der, der_size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } + if ((result = asn1_create_element + (_gnutls_get_pkix (), strname, &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } - tmp_output_size = *output_size; - result = asn1_read_value(c2, "", output, &tmp_output_size); - *output_size = tmp_output_size; + result = asn1_der_decoding (&c2, der, der_size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - return 0; - - cleanup: - if (c2) - asn1_delete_structure(&c2); - - return result; + tmp_output_size = *output_size; + result = asn1_read_value (c2, "", output, &tmp_output_size); + *output_size = tmp_output_size; + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + return 0; + +cleanup: + if (c2) + asn1_delete_structure (&c2); + + return result; } @@ -805,55 +879,61 @@ char strname[64]; * If str is non zero, then the output will be treated as * an octet string. */ -int _gnutls_x509_read_value(ASN1_TYPE c, const char *root, - gnutls_datum_t * ret, int str) +int +_gnutls_x509_read_value (ASN1_TYPE c, const char *root, + gnutls_datum_t * ret, int str) { - int len = 0, result; - size_t slen; - opaque *tmp = NULL; - - result = asn1_read_value(c, root, NULL, &len); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - result = _gnutls_asn2err(result); - return result; + int len = 0, result; + size_t slen; + opaque *tmp = NULL; + + result = asn1_read_value (c, root, NULL, &len); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + return result; } - tmp = gnutls_malloc(len); - if (tmp == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; + tmp = gnutls_malloc (len); + if (tmp == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } - result = asn1_read_value(c, root, tmp, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_read_value (c, root, tmp, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Extract the OCTET STRING. - */ - - if (str) { - slen = len; - result = _gnutls_x509_decode_octet_string(NULL, tmp, slen, tmp, &slen); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - len = slen; + /* Extract the OCTET STRING. + */ + + if (str) + { + slen = len; + result = _gnutls_x509_decode_octet_string (NULL, tmp, slen, tmp, &slen); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + len = slen; } - ret->data = tmp; - ret->size = len; + ret->data = tmp; + ret->size = len; - return 0; + return 0; - cleanup: - gnutls_free(tmp); - return result; +cleanup: + gnutls_free (tmp); + return result; } @@ -861,79 +941,86 @@ int _gnutls_x509_read_value(ASN1_TYPE c, const char *root, * the given datum. If str is non null then the data are encoded as * an OCTET STRING. */ -int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * res, int str) +int +_gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, + gnutls_datum_t * res, int str) { - int size, result; - int asize; - opaque *data = NULL; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - size = 0; - result = asn1_der_coding(src, src_name, NULL, &size, NULL); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* allocate data for the der - */ - - if (str) - size += 16; /* for later to include the octet tags */ - asize = size; - - data = gnutls_malloc(size); - if (data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - result = asn1_der_coding(src, src_name, data, &size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if (str) { - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + int size, result; + int asize; + opaque *data = NULL; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + size = 0; + result = asn1_der_coding (src, src_name, NULL, &size, NULL); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* allocate data for the der + */ + + if (str) + size += 16; /* for later to include the octet tags */ + asize = size; + + data = gnutls_malloc (size); + if (data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + result = asn1_der_coding (src, src_name, data, &size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if (str) + { + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_write_value(c2, "", data, size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "", data, size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_der_coding(c2, "", data, &asize, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_der_coding (c2, "", data, &asize, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - size = asize; + size = asize; - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); } - res->data = data; - res->size = size; - return 0; + res->data = data; + res->size = size; + return 0; - cleanup: - gnutls_free(data); - asn1_delete_structure(&c2); - return result; +cleanup: + gnutls_free (data); + asn1_delete_structure (&c2); + return result; } @@ -942,438 +1029,485 @@ int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name, * as OCTET. If str is non null then the data are encoded as * an OCTET STRING. */ -int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name, - ASN1_TYPE dest, const char *dest_name, - int str) +int +_gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, + ASN1_TYPE dest, const char *dest_name, + int str) { - int result; - gnutls_datum_t encoded; + int result; + gnutls_datum_t encoded; - result = _gnutls_x509_der_encode(src, src_name, &encoded, str); + result = _gnutls_x509_der_encode (src, src_name, &encoded, str); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - /* Write the data. - */ - result = asn1_write_value(dest, dest_name, encoded.data, encoded.size); + /* Write the data. + */ + result = asn1_write_value (dest, dest_name, encoded.data, encoded.size); - _gnutls_free_datum(&encoded); + _gnutls_free_datum (&encoded); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /* Writes the value of the datum in the given ASN1_TYPE. If str is non * zero it encodes it as OCTET STRING. */ -int _gnutls_x509_write_value(ASN1_TYPE c, const char *root, - const gnutls_datum_t * data, int str) +int +_gnutls_x509_write_value (ASN1_TYPE c, const char *root, + const gnutls_datum_t * data, int str) { - int result; - int asize; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - gnutls_datum_t val; - - asize = data->size + 16; - - val.data = gnutls_malloc(asize); - if (val.data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - if (str) { - /* Convert it to OCTET STRING - */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-Data", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + int result; + int asize; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + gnutls_datum_t val; + + asize = data->size + 16; + + val.data = gnutls_malloc (asize); + if (val.data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + if (str) + { + /* Convert it to OCTET STRING + */ + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_write_value(c2, "", data->data, data->size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "", data->data, data->size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = _gnutls_x509_der_encode(c2, "", &val, 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_der_encode (c2, "", &val, 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else { - val.data = data->data; - val.size = data->size; + } + else + { + val.data = data->data; + val.size = data->size; } - /* Write the data. - */ - result = asn1_write_value(c, root, val.data, val.size); + /* Write the data. + */ + result = asn1_write_value (c, root, val.data, val.size); - if (val.data != data->data) - _gnutls_free_datum(&val); + if (val.data != data->data) + _gnutls_free_datum (&val); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; - cleanup: - if (val.data != data->data) - _gnutls_free_datum(&val); - return result; +cleanup: + if (val.data != data->data) + _gnutls_free_datum (&val); + return result; } /* Encodes and copies the private key parameters into a * subjectPublicKeyInfo structure. * */ -int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst, - const char *dst_name, - gnutls_pk_algorithm_t - pk_algorithm, mpi_t * params, - int params_size) +int +_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, + const char *dst_name, + gnutls_pk_algorithm_t + pk_algorithm, mpi_t * params, + int params_size) { - const char *pk; - gnutls_datum_t der = { NULL, 0 }; - int result; - char name[128]; - - pk = _gnutls_x509_pk_to_oid(pk_algorithm); - if (pk == NULL) { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_PK_ALGORITHM; - } - - /* write the OID - */ - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".algorithm.algorithm"); - result = asn1_write_value(dst, name, pk, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - if (pk_algorithm == GNUTLS_PK_RSA) { - /* disable parameters, which are not used in RSA. - */ - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".algorithm.parameters"); - result = asn1_write_value(dst, name, NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + const char *pk; + gnutls_datum_t der = { NULL, 0 }; + int result; + char name[128]; + + pk = _gnutls_x509_pk_to_oid (pk_algorithm); + if (pk == NULL) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_PK_ALGORITHM; + } + + /* write the OID + */ + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".algorithm.algorithm"); + result = asn1_write_value (dst, name, pk, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + if (pk_algorithm == GNUTLS_PK_RSA) + { + /* disable parameters, which are not used in RSA. + */ + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".algorithm.parameters"); + result = asn1_write_value (dst, name, NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = _gnutls_x509_write_rsa_params(params, params_size, &der); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_write_rsa_params (params, params_size, &der); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Write the DER parameters. (in bits) - */ - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey"); - result = asn1_write_value(dst, name, der.data, der.size * 8); + /* Write the DER parameters. (in bits) + */ + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".subjectPublicKey"); + result = asn1_write_value (dst, name, der.data, der.size * 8); - _gnutls_free_datum(&der); + _gnutls_free_datum (&der); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - } else if (pk_algorithm == GNUTLS_PK_DSA) { - - result = _gnutls_x509_write_dsa_params(params, params_size, &der); - if (result < 0) { - gnutls_assert(); - return result; + } + else if (pk_algorithm == GNUTLS_PK_DSA) + { + + result = _gnutls_x509_write_dsa_params (params, params_size, &der); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Write the DER parameters. - */ - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".algorithm.parameters"); - result = asn1_write_value(dst, name, der.data, der.size); + /* Write the DER parameters. + */ + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".algorithm.parameters"); + result = asn1_write_value (dst, name, der.data, der.size); - _gnutls_free_datum(&der); + _gnutls_free_datum (&der); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_write_dsa_public_key(params, params_size, &der); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_write_dsa_public_key (params, params_size, &der); + if (result < 0) + { + gnutls_assert (); + return result; } - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey"); - result = asn1_write_value(dst, name, der.data, der.size * 8); + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".subjectPublicKey"); + result = asn1_write_value (dst, name, der.data, der.size * 8); - _gnutls_free_datum(&der); + _gnutls_free_datum (&der); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - } else - return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } + else + return GNUTLS_E_UNIMPLEMENTED_FEATURE; - return 0; + return 0; } /* Reads and returns the PK algorithm of the given certificate-like * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo". */ -int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name, - unsigned int *bits) +int +_gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, + unsigned int *bits) { - int result; - opaque *str = NULL; - int algo; - char oid[64]; - int len; - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; - char name[128]; - - _gnutls_str_cpy(name, sizeof(name), src_name); - _gnutls_str_cat(name, sizeof(name), ".algorithm.algorithm"); - - len = sizeof(oid); - result = asn1_read_value(src, name, oid, &len); - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + int result; + opaque *str = NULL; + int algo; + char oid[64]; + int len; + mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; + char name[128]; + + _gnutls_str_cpy (name, sizeof (name), src_name); + _gnutls_str_cat (name, sizeof (name), ".algorithm.algorithm"); + + len = sizeof (oid); + result = asn1_read_value (src, name, oid, &len); + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - algo = _gnutls_x509_oid2pk_algorithm(oid); + algo = _gnutls_x509_oid2pk_algorithm (oid); - if (bits == NULL) { - gnutls_free(str); - return algo; + if (bits == NULL) + { + gnutls_free (str); + return algo; } - /* Now read the parameters' bits - */ - _gnutls_str_cpy(name, sizeof(name), src_name); - _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey"); - - len = 0; - result = asn1_read_value(src, name, NULL, &len); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* Now read the parameters' bits + */ + _gnutls_str_cpy (name, sizeof (name), src_name); + _gnutls_str_cat (name, sizeof (name), ".subjectPublicKey"); + + len = 0; + result = asn1_read_value (src, name, NULL, &len); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if (len % 8 != 0) { - gnutls_assert(); - return GNUTLS_E_CERTIFICATE_ERROR; + if (len % 8 != 0) + { + gnutls_assert (); + return GNUTLS_E_CERTIFICATE_ERROR; } - len /= 8; + len /= 8; - str = gnutls_malloc(len); - if (str == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + str = gnutls_malloc (len); + if (str == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_str_cpy(name, sizeof(name), src_name); - _gnutls_str_cat(name, sizeof(name), ".subjectPublicKey"); + _gnutls_str_cpy (name, sizeof (name), src_name); + _gnutls_str_cat (name, sizeof (name), ".subjectPublicKey"); - result = asn1_read_value(src, name, str, &len); + result = asn1_read_value (src, name, str, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free(str); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (str); + return _gnutls_asn2err (result); } - len /= 8; + len /= 8; - if (algo == GNUTLS_PK_RSA) { - if ((result = _gnutls_x509_read_rsa_params(str, len, params)) < 0) { - gnutls_assert(); - return result; + if (algo == GNUTLS_PK_RSA) + { + if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0) + { + gnutls_assert (); + return result; } - bits[0] = _gnutls_mpi_get_nbits(params[0]); + bits[0] = _gnutls_mpi_get_nbits (params[0]); - _gnutls_mpi_release(¶ms[0]); - _gnutls_mpi_release(¶ms[1]); + _gnutls_mpi_release (¶ms[0]); + _gnutls_mpi_release (¶ms[1]); } - if (algo == GNUTLS_PK_DSA) { + if (algo == GNUTLS_PK_DSA) + { - if ((result = _gnutls_x509_read_dsa_pubkey(str, len, params)) < 0) { - gnutls_assert(); - return result; + if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0) + { + gnutls_assert (); + return result; } - bits[0] = _gnutls_mpi_get_nbits(params[3]); + bits[0] = _gnutls_mpi_get_nbits (params[3]); - _gnutls_mpi_release(¶ms[3]); + _gnutls_mpi_release (¶ms[3]); } - gnutls_free(str); - return algo; + gnutls_free (str); + return algo; } -ASN1_TYPE _asn1_find_node(ASN1_TYPE pointer, const char *name); +ASN1_TYPE _asn1_find_node (ASN1_TYPE pointer, const char *name); -int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name, - ASN1_TYPE src, const char *src_name) +int +_gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, + ASN1_TYPE src, const char *src_name) { - int result; - gnutls_datum_t der; - ASN1_TYPE dst_node; + int result; + gnutls_datum_t der; + ASN1_TYPE dst_node; - result = _gnutls_x509_der_encode(src, src_name, &der, 0); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_der_encode (src, src_name, &der, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - dst_node = _asn1_find_node(*dst, dst_name); - if (dst_node == NULL) { - gnutls_assert(); - return _gnutls_asn2err(ASN1_ELEMENT_NOT_FOUND); + dst_node = _asn1_find_node (*dst, dst_name); + if (dst_node == NULL) + { + gnutls_assert (); + return _gnutls_asn2err (ASN1_ELEMENT_NOT_FOUND); } - result = asn1_der_decoding(&dst_node, der.data, der.size, NULL); + result = asn1_der_decoding (&dst_node, der.data, der.size, NULL); #if 0 - result = asn1_der_decoding_element(dst, dst_name, der.data, - der.size, NULL); + result = asn1_der_decoding_element (dst, dst_name, der.data, + der.size, NULL); #endif - _gnutls_free_datum(&der); + _gnutls_free_datum (&der); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /* Reads the DER signed data from the certificate and allocates space and * returns them into signed_data. */ -int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signed_data) +int +_gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, + gnutls_datum_t * signed_data) { - gnutls_datum_t der; - int start, end, result; - - result = _gnutls_x509_der_encode(src, "", &der, 0); - if (result < 0) { - gnutls_assert(); - return result; + gnutls_datum_t der; + int start, end, result; + + result = _gnutls_x509_der_encode (src, "", &der, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Get the signed data - */ - result = asn1_der_decoding_startEnd(src, der.data, der.size, - src_name, &start, &end); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + /* Get the signed data + */ + result = asn1_der_decoding_startEnd (src, der.data, der.size, + src_name, &start, &end); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - result = - _gnutls_set_datum(signed_data, &der.data[start], end - start + 1); + result = _gnutls_set_datum (signed_data, &der.data[start], end - start + 1); - if (result < 0) { - gnutls_assert(); - goto cleanup; + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = 0; + result = 0; - cleanup: - _gnutls_free_datum(&der); +cleanup: + _gnutls_free_datum (&der); - return result; + return result; } /* Reads the DER signature from the certificate and allocates space and * returns them into signed_data. */ -int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signature) +int +_gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, + gnutls_datum_t * signature) { - int bits, result, len; + int bits, result, len; - signature->data = NULL; - signature->size = 0; + signature->data = NULL; + signature->size = 0; - /* Read the signature - */ - bits = 0; - result = asn1_read_value(src, src_name, NULL, &bits); + /* Read the signature + */ + bits = 0; + result = asn1_read_value (src, src_name, NULL, &bits); - if (result != ASN1_MEM_ERROR) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + if (result != ASN1_MEM_ERROR) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - if (bits % 8 != 0) { - gnutls_assert(); - result = GNUTLS_E_CERTIFICATE_ERROR; - goto cleanup; + if (bits % 8 != 0) + { + gnutls_assert (); + result = GNUTLS_E_CERTIFICATE_ERROR; + goto cleanup; } - len = bits / 8; + len = bits / 8; - signature->data = gnutls_malloc(len); - if (signature->data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - return result; + signature->data = gnutls_malloc (len); + if (signature->data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + return result; } - /* read the bit string of the signature - */ - bits = len; - result = asn1_read_value(src, src_name, signature->data, &bits); + /* read the bit string of the signature + */ + bits = len; + result = asn1_read_value (src, src_name, signature->data, &bits); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - signature->size = len; + signature->size = len; - return 0; + return 0; - cleanup: - return result; +cleanup: + return result; } diff --git a/lib/x509/common.h b/lib/x509/common.h index ec700faa04..cd82c4e14b 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -29,7 +29,7 @@ /* for int2str */ #define MAX_INT_DIGITS 4 -void _gnutls_int2str(unsigned int k, char *data); +void _gnutls_int2str (unsigned int k, char *data); #define MAX_STRING_LEN 512 @@ -58,60 +58,69 @@ void _gnutls_int2str(unsigned int k, char *data); #define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" #define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" -time_t _gnutls_x509_utcTime2gtime(const char *ttime); -time_t _gnutls_x509_generalTime2gtime(const char *ttime); -int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim); - -int _gnutls_x509_decode_octet_string( const char* string_type, - const opaque* der, size_t der_size, opaque* output, size_t* output_size); -int _gnutls_x509_oid_data2string(const char *OID, void *value, - int value_size, char *res, size_t * res_size); -int _gnutls_x509_data2hex(const opaque * data, size_t data_size, - opaque * out, size_t * sizeof_out); - -const char *_gnutls_x509_oid2ldap_string(const char *OID); - -int _gnutls_x509_oid_data_choice(const char *OID); -int _gnutls_x509_oid_data_printable(const char *OID); - -time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when); - -gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type); - -int _gnutls_x509_der_encode_and_copy(ASN1_TYPE src, const char *src_name, - ASN1_TYPE dest, const char *dest_name, - int str); -int _gnutls_x509_der_encode(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * res, int str); - -int _gnutls_x509_export_int(ASN1_TYPE asn1_data, - gnutls_x509_crt_fmt_t format, char *pem_header, - int tmp_buf_size, unsigned char *output_data, - size_t * output_data_size); - -int _gnutls_x509_read_value(ASN1_TYPE c, const char *root, - gnutls_datum_t * ret, int str); -int _gnutls_x509_write_value(ASN1_TYPE c, const char *root, - const gnutls_datum_t * data, int str); - -int _gnutls_x509_encode_and_write_attribute(const char *given_oid, - ASN1_TYPE asn1_struct, const char *where, const void *data, - int sizeof_data, int multi); -int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, - const char *where, char *oid, int oid_size, gnutls_datum_t * value, int multi, int octet); - -int _gnutls_x509_get_pk_algorithm(ASN1_TYPE src, const char *src_name, - unsigned int *bits); - -int _gnutls_x509_encode_and_copy_PKI_params(ASN1_TYPE dst, - const char *dst_name, gnutls_pk_algorithm_t pk_algorithm, mpi_t * params, - int params_size); -int _gnutls_asn1_copy_node(ASN1_TYPE * dst, const char *dst_name, - ASN1_TYPE src, const char *src_name); - -int _gnutls_x509_get_signed_data(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signed_data); -int _gnutls_x509_get_signature(ASN1_TYPE src, const char *src_name, - gnutls_datum_t * signature); +time_t _gnutls_x509_utcTime2gtime (const char *ttime); +time_t _gnutls_x509_generalTime2gtime (const char *ttime); +int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim); + +int _gnutls_x509_decode_octet_string (const char *string_type, + const opaque * der, size_t der_size, + opaque * output, size_t * output_size); +int _gnutls_x509_oid_data2string (const char *OID, void *value, + int value_size, char *res, + size_t * res_size); +int _gnutls_x509_data2hex (const opaque * data, size_t data_size, + opaque * out, size_t * sizeof_out); + +const char *_gnutls_x509_oid2ldap_string (const char *OID); + +int _gnutls_x509_oid_data_choice (const char *OID); +int _gnutls_x509_oid_data_printable (const char *OID); + +time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when); + +gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type); + +int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name, + ASN1_TYPE dest, const char *dest_name, + int str); +int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name, + gnutls_datum_t * res, int str); + +int _gnutls_x509_export_int (ASN1_TYPE asn1_data, + gnutls_x509_crt_fmt_t format, char *pem_header, + int tmp_buf_size, unsigned char *output_data, + size_t * output_data_size); + +int _gnutls_x509_read_value (ASN1_TYPE c, const char *root, + gnutls_datum_t * ret, int str); +int _gnutls_x509_write_value (ASN1_TYPE c, const char *root, + const gnutls_datum_t * data, int str); + +int _gnutls_x509_encode_and_write_attribute (const char *given_oid, + ASN1_TYPE asn1_struct, + const char *where, + const void *data, + int sizeof_data, int multi); +int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, + const char *where, char *oid, + int oid_size, + gnutls_datum_t * value, int multi, + int octet); + +int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name, + unsigned int *bits); + +int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, + const char *dst_name, + gnutls_pk_algorithm_t + pk_algorithm, mpi_t * params, + int params_size); +int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, + ASN1_TYPE src, const char *src_name); + +int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, + gnutls_datum_t * signed_data); +int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name, + gnutls_datum_t * signature); #endif diff --git a/lib/x509/compat.c b/lib/x509/compat.c index ea3c6db596..f3e5a50a4c 100644 --- a/lib/x509/compat.c +++ b/lib/x509/compat.c @@ -38,27 +38,28 @@ * Returns a (time_t) -1 in case of an error. * -*/ -time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * - cert) +time_t +_gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t * cert) { - gnutls_x509_crt_t xcert; - time_t result; + gnutls_x509_crt_t xcert; + time_t result; - result = gnutls_x509_crt_init(&xcert); - if (result < 0) - return result; + result = gnutls_x509_crt_init (&xcert); + if (result < 0) + return result; - result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) { - gnutls_x509_crt_deinit(xcert); - return result; + result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); + if (result < 0) + { + gnutls_x509_crt_deinit (xcert); + return result; } - result = gnutls_x509_crt_get_activation_time(xcert); + result = gnutls_x509_crt_get_activation_time (xcert); - gnutls_x509_crt_deinit(xcert); + gnutls_x509_crt_deinit (xcert); - return result; + return result; } /*- @@ -70,25 +71,26 @@ time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t * * Returns a (time_t) -1 in case of an error. * -*/ -time_t _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t * - cert) +time_t +_gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) { - gnutls_x509_crt_t xcert; - time_t result; + gnutls_x509_crt_t xcert; + time_t result; - result = gnutls_x509_crt_init(&xcert); - if (result < 0) - return result; + result = gnutls_x509_crt_init (&xcert); + if (result < 0) + return result; - result = gnutls_x509_crt_import(xcert, cert, GNUTLS_X509_FMT_DER); - if (result < 0) { - gnutls_x509_crt_deinit(xcert); - return result; + result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER); + if (result < 0) + { + gnutls_x509_crt_deinit (xcert); + return result; } - result = gnutls_x509_crt_get_expiration_time(xcert); + result = gnutls_x509_crt_get_expiration_time (xcert); - gnutls_x509_crt_deinit(xcert); + gnutls_x509_crt_deinit (xcert); - return result; + return result; } diff --git a/lib/x509/compat.h b/lib/x509/compat.h index d0639ec542..d5e8fdde43 100644 --- a/lib/x509/compat.h +++ b/lib/x509/compat.h @@ -22,5 +22,5 @@ * */ -time_t _gnutls_x509_get_raw_crt_activation_time(const gnutls_datum_t *); -time_t _gnutls_x509_get_raw_crt_expiration_time(const gnutls_datum_t *); +time_t _gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t *); +time_t _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t *); diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 20f8321209..3fd0431dbf 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -48,22 +48,25 @@ * Returns 0 on success. * **/ -int gnutls_x509_crl_init(gnutls_x509_crl_t * crl) +int +gnutls_x509_crl_init (gnutls_x509_crl_t * crl) { - *crl = gnutls_calloc(1, sizeof(gnutls_x509_crl_int)); - - if (*crl) { - int result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.CertificateList", - &(*crl)->crl); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free(*crl); - return _gnutls_asn2err(result); + *crl = gnutls_calloc (1, sizeof (gnutls_x509_crl_int)); + + if (*crl) + { + int result = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.CertificateList", + &(*crl)->crl); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (*crl); + return _gnutls_asn2err (result); } - return 0; /* success */ + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /** @@ -73,15 +76,16 @@ int gnutls_x509_crl_init(gnutls_x509_crl_t * crl) * This function will deinitialize a CRL structure. * **/ -void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl) +void +gnutls_x509_crl_deinit (gnutls_x509_crl_t crl) { - if (!crl) - return; + if (!crl) + return; - if (crl->crl) - asn1_delete_structure(&crl->crl); + if (crl->crl) + asn1_delete_structure (&crl->crl); - gnutls_free(crl); + gnutls_free (crl); } /** @@ -98,59 +102,63 @@ void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl) * Returns 0 on success. * **/ -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int +gnutls_x509_crl_import (gnutls_x509_crl_t crl, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; + int result = 0, need_free = 0; + gnutls_datum_t _data; - _data.data = data->data; - _data.size = data->size; + _data.data = data->data; + _data.size = data->size; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* If the CRL is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; + /* If the CRL is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; - result = - _gnutls_fbase64_decode(PEM_CRL, data->data, data->size, &out); + result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out); - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - result = asn1_der_decoding(&crl->crl, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + result = asn1_der_decoding (&crl->crl, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - if (need_free) - _gnutls_free_datum(&_data); + if (need_free) + _gnutls_free_datum (&_data); - return 0; + return 0; - cleanup: - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + if (need_free) + _gnutls_free_datum (&_data); + return result; } @@ -171,17 +179,19 @@ int gnutls_x509_crl_import(gnutls_x509_crl_t crl, * 0 on success. * **/ -int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl, char *buf, - size_t * sizeof_buf) +int +gnutls_x509_crl_get_issuer_dn (gnutls_x509_crl_t crl, char *buf, + size_t * sizeof_buf) { - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn(crl->crl, - "tbsCertList.issuer.rdnSequence", - buf, sizeof_buf); + return _gnutls_x509_parse_dn (crl->crl, + "tbsCertList.issuer.rdnSequence", + buf, sizeof_buf); } /** @@ -209,19 +219,21 @@ int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl_t crl, char *buf, * and 0 on success. * **/ -int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf) +int +gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf) { - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn_oid(crl->crl, - "tbsCertList.issuer.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + return _gnutls_x509_parse_dn_oid (crl->crl, + "tbsCertList.issuer.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -241,17 +253,19 @@ int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, * On success 0 is returned. * **/ -int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, - int indx, void *oid, size_t * sizeof_oid) +int +gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, + int indx, void *oid, size_t * sizeof_oid) { - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn_oid(crl->crl, - "tbsCertList.issuer.rdnSequence", indx, - oid, sizeof_oid); + return _gnutls_x509_get_dn_oid (crl->crl, + "tbsCertList.issuer.rdnSequence", indx, + oid, sizeof_oid); } @@ -265,34 +279,37 @@ int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, * Returns a negative value on error. * **/ -int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl) +int +gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl) { - int result; - gnutls_datum_t sa; + int result; + gnutls_datum_t sa; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Read the signature algorithm. Note that parameters are not - * read. They will be read from the issuer's certificate if needed. - */ + /* Read the signature algorithm. Note that parameters are not + * read. They will be read from the issuer's certificate if needed. + */ - result = - _gnutls_x509_read_value(crl->crl, "signatureAlgorithm.algorithm", - &sa, 0); + result = + _gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm", + &sa, 0); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - result = _gnutls_x509_oid2sign_algorithm((const char *) sa.data); + result = _gnutls_x509_oid2sign_algorithm ((const char *) sa.data); - _gnutls_free_datum(&sa); + _gnutls_free_datum (&sa); - return result; + return result; } /** @@ -304,25 +321,28 @@ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl) * Returns a negative value on error. * **/ -int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl) +int +gnutls_x509_crl_get_version (gnutls_x509_crl_t crl) { - opaque version[5]; - int len, result; + opaque version[5]; + int len, result; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - len = sizeof(version); - if ((result = - asn1_read_value(crl->crl, "tbsCertList.version", version, - &len)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + len = sizeof (version); + if ((result = + asn1_read_value (crl->crl, "tbsCertList.version", version, + &len)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return (int) version[0] + 1; + return (int) version[0] + 1; } /** @@ -334,14 +354,16 @@ int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl) * Returns (time_t)-1 on error. * **/ -time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl) +time_t +gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl) { - if (crl == NULL) { - gnutls_assert(); - return (time_t) - 1; + if (crl == NULL) + { + gnutls_assert (); + return (time_t) - 1; } - return _gnutls_x509_get_time(crl->crl, "tbsCertList.thisUpdate"); + return _gnutls_x509_get_time (crl->crl, "tbsCertList.thisUpdate"); } /** @@ -355,14 +377,16 @@ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl) * Returns (time_t)-1 on error. * **/ -time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl) +time_t +gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl) { - if (crl == NULL) { - gnutls_assert(); - return (time_t) - 1; + if (crl == NULL) + { + gnutls_assert (); + return (time_t) - 1; } - return _gnutls_x509_get_time(crl->crl, "tbsCertList.nextUpdate"); + return _gnutls_x509_get_time (crl->crl, "tbsCertList.nextUpdate"); } /** @@ -375,26 +399,29 @@ time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl) * Returns a negative value on failure. * **/ -int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl) +int +gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl) { - int count, result; + int count, result; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = - asn1_number_of_elements(crl->crl, - "tbsCertList.revokedCertificates", &count); + result = + asn1_number_of_elements (crl->crl, + "tbsCertList.revokedCertificates", &count); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return 0; /* no certificates */ + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return 0; /* no certificates */ } - return count; + return count; } /** @@ -411,48 +438,52 @@ int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl) * Returns a negative value on failure. * **/ -int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx, - unsigned char *serial, - size_t * serial_size, time_t * t) +int +gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, + unsigned char *serial, + size_t * serial_size, time_t * t) { - int result, _serial_size; - char str_index[MAX_INT_DIGITS]; - char serial_name[64]; - char date_name[64]; + int result, _serial_size; + char str_index[MAX_INT_DIGITS]; + char serial_name[64]; + char date_name[64]; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - _gnutls_int2str(indx + 1, str_index); - _gnutls_str_cpy(serial_name, sizeof(serial_name), - "tbsCertList.revokedCertificates.?"); - _gnutls_str_cat(serial_name, sizeof(serial_name), str_index); - _gnutls_str_cat(serial_name, sizeof(serial_name), ".userCertificate"); - - _gnutls_str_cpy(date_name, sizeof(date_name), - "tbsCertList.revokedCertificates.?"); - _gnutls_str_cat(date_name, sizeof(date_name), str_index); - _gnutls_str_cat(date_name, sizeof(date_name), ".revocationDate"); - - _serial_size = *serial_size; - result = asn1_read_value(crl->crl, serial_name, serial, &_serial_size); - - *serial_size = _serial_size; - if (result != ASN1_SUCCESS) { - gnutls_assert(); - if (result == ASN1_ELEMENT_NOT_FOUND) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - return _gnutls_asn2err(result); + _gnutls_int2str (indx + 1, str_index); + _gnutls_str_cpy (serial_name, sizeof (serial_name), + "tbsCertList.revokedCertificates.?"); + _gnutls_str_cat (serial_name, sizeof (serial_name), str_index); + _gnutls_str_cat (serial_name, sizeof (serial_name), ".userCertificate"); + + _gnutls_str_cpy (date_name, sizeof (date_name), + "tbsCertList.revokedCertificates.?"); + _gnutls_str_cat (date_name, sizeof (date_name), str_index); + _gnutls_str_cat (date_name, sizeof (date_name), ".revocationDate"); + + _serial_size = *serial_size; + result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size); + + *serial_size = _serial_size; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + if (result == ASN1_ELEMENT_NOT_FOUND) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return _gnutls_asn2err (result); } - if (t) { - *t = _gnutls_x509_get_time(crl->crl, date_name); + if (t) + { + *t = _gnutls_x509_get_time (crl->crl, date_name); } - return 0; + return 0; } /*- @@ -466,68 +497,72 @@ int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx, * Returns a negative value on error, and zero on success. * -*/ -int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, - gnutls_datum_t * dn) +int +_gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, + gnutls_datum_t * dn) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, len1; - int start1, end1; - gnutls_datum_t crl_signed_data; - - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, len1; + int start1, end1; + gnutls_datum_t crl_signed_data; + + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* get the issuer of 'crl' - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertList", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* get the issuer of 'crl' + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertList", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_get_signed_data(crl->crl, "tbsCertList", - &crl_signed_data); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = - asn1_der_decoding(&c2, crl_signed_data.data, - crl_signed_data.size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&c2); - result = _gnutls_asn2err(result); - goto cleanup; + result = + asn1_der_decoding (&c2, crl_signed_data.data, crl_signed_data.size, NULL); + if (result != ASN1_SUCCESS) + { + /* couldn't decode DER */ + gnutls_assert (); + asn1_delete_structure (&c2); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - asn1_der_decoding_startEnd(c2, crl_signed_data.data, - crl_signed_data.size, "issuer", - &start1, &end1); + result = + asn1_der_decoding_startEnd (c2, crl_signed_data.data, + crl_signed_data.size, "issuer", + &start1, &end1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - len1 = end1 - start1 + 1; + len1 = end1 - start1 + 1; - _gnutls_set_datum(dn, &crl_signed_data.data[start1], len1); + _gnutls_set_datum (dn, &crl_signed_data.data[start1], len1); - result = 0; + result = 0; - cleanup: - asn1_delete_structure(&c2); - _gnutls_free_datum(&crl_signed_data); - return result; +cleanup: + asn1_delete_structure (&c2); + _gnutls_free_datum (&crl_signed_data); + return result; } /** @@ -548,18 +583,20 @@ int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, * Returns 0 on success, and a negative value on failure. * **/ -int gnutls_x509_crl_export(gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +int +gnutls_x509_crl_export (gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(crl->crl, format, PEM_CRL, - *output_data_size, output_data, - output_data_size); + return _gnutls_x509_export_int (crl->crl, format, PEM_CRL, + *output_data_size, output_data, + output_data_size); } /*- @@ -572,45 +609,49 @@ int gnutls_x509_crl_export(gnutls_x509_crl_t crl, * Returns 0 on success. * -*/ -int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src) +int +_gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src) { - int ret; - size_t der_size; - opaque *der; - gnutls_datum_t tmp; - - ret = - gnutls_x509_crl_export(src, GNUTLS_X509_FMT_DER, NULL, &der_size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - return ret; + int ret; + size_t der_size; + opaque *der; + gnutls_datum_t tmp; + + ret = gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_assert (); + return ret; } - der = gnutls_alloca(der_size); - if (der == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + der = gnutls_alloca (der_size); + if (der == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - ret = gnutls_x509_crl_export(src, GNUTLS_X509_FMT_DER, der, &der_size); - if (ret < 0) { - gnutls_assert(); - gnutls_afree(der); - return ret; + ret = gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, der, &der_size); + if (ret < 0) + { + gnutls_assert (); + gnutls_afree (der); + return ret; } - tmp.data = der; - tmp.size = der_size; - ret = gnutls_x509_crl_import(dest, &tmp, GNUTLS_X509_FMT_DER); + tmp.data = der; + tmp.size = der_size; + ret = gnutls_x509_crl_import (dest, &tmp, GNUTLS_X509_FMT_DER); - gnutls_afree(der); + gnutls_afree (der); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index a92a359f5b..97b7ece4f0 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -42,7 +42,7 @@ #include <extensions.h> #include <libtasn1.h> -static void disable_optional_stuff(gnutls_x509_crl_t crl); +static void disable_optional_stuff (gnutls_x509_crl_t crl); /** * gnutls_x509_crl_set_version - This function will set the CRL version @@ -56,28 +56,30 @@ static void disable_optional_stuff(gnutls_x509_crl_t crl); * Returns 0 on success. * **/ -int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, - unsigned int version) +int +gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version) { - int result; - char null = version; + int result; + char null = version; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - null -= 1; - if (null < 0) - null = 0; + null -= 1; + if (null < 0) + null = 0; - result = asn1_write_value(crl->crl, "tbsCertList.version", &null, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /** @@ -97,28 +99,32 @@ int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, * Returns 0 on success. * **/ -int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags) +int +gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, unsigned int flags) { - int result; + int result; - if (crl == NULL || issuer == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL || issuer == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* disable all the unneeded OPTIONAL fields. - */ - disable_optional_stuff(crl); + /* disable all the unneeded OPTIONAL fields. + */ + disable_optional_stuff (crl); - result = _gnutls_x509_pkix_sign(crl->crl, "tbsCertList", - dig, issuer, issuer_key); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList", + dig, issuer, issuer_key); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -133,10 +139,11 @@ int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, * Returns 0 on success. * **/ -int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) +int +gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) { - return gnutls_x509_crl_sign2( crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); + return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); } /** @@ -149,15 +156,16 @@ int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, time_t act_time) +int +gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time) { - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_time(crl->crl, "tbsCertList.thisUpdate", - act_time); + return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time); } /** @@ -170,14 +178,15 @@ int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, time_t act_time) * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time) +int +gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) { - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_time(crl->crl, "tbsCertList.nextUpdate", - exp_time); + return _gnutls_x509_set_time (crl->crl, "tbsCertList.nextUpdate", exp_time); } /** @@ -192,53 +201,58 @@ int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time) * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, - const void *serial, size_t serial_size, - time_t revocation_time) +int +gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, + const void *serial, size_t serial_size, + time_t revocation_time) { - int ret; + int ret; - if (crl == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crl == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = - asn1_write_value(crl->crl, "tbsCertList.revokedCertificates", - "NEW", 1); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(ret); + ret = + asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (ret); } - ret = - asn1_write_value(crl->crl, - "tbsCertList.revokedCertificates.?LAST.userCertificate", - serial, serial_size); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(ret); + ret = + asn1_write_value (crl->crl, + "tbsCertList.revokedCertificates.?LAST.userCertificate", + serial, serial_size); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (ret); } - ret = - _gnutls_x509_set_time(crl->crl, - "tbsCertList.revokedCertificates.?LAST.revocationDate", - revocation_time); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = + _gnutls_x509_set_time (crl->crl, + "tbsCertList.revokedCertificates.?LAST.revocationDate", + revocation_time); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = - asn1_write_value(crl->crl, - "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", - NULL, 0); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(ret); + ret = + asn1_write_value (crl->crl, + "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions", + NULL, 0); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (ret); } - return 0; + return 0; } /** @@ -252,46 +266,51 @@ int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, - time_t revocation_time) +int +gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, + time_t revocation_time) { - int ret; - opaque serial[128]; - size_t serial_size; - - if (crl == NULL || crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + int ret; + opaque serial[128]; + size_t serial_size; + + if (crl == NULL || crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - serial_size = sizeof(serial); - ret = gnutls_x509_crt_get_serial(crt, serial, &serial_size); - if (ret < 0) { - gnutls_assert(); - return ret; + serial_size = sizeof (serial); + ret = gnutls_x509_crt_get_serial (crt, serial, &serial_size); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = - gnutls_x509_crl_set_crt_serial(crl, serial, serial_size, - revocation_time); - if (ret < 0) { - gnutls_assert(); - return _gnutls_asn2err(ret); + ret = + gnutls_x509_crl_set_crt_serial (crl, serial, serial_size, + revocation_time); + if (ret < 0) + { + gnutls_assert (); + return _gnutls_asn2err (ret); } - return 0; + return 0; } /* If OPTIONAL fields have not been initialized then * disable them. */ -static void disable_optional_stuff(gnutls_x509_crl_t crl) +static void +disable_optional_stuff (gnutls_x509_crl_t crl) { - asn1_write_value(crl->crl, "tbsCertList.crlExtensions", NULL, 0); + asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0); - return; + return; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 016afdee3d..35dd524f9f 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -51,22 +51,25 @@ * Returns 0 on success. * **/ -int gnutls_x509_crq_init(gnutls_x509_crq_t * crq) +int +gnutls_x509_crq_init (gnutls_x509_crq_t * crq) { - *crq = gnutls_calloc(1, sizeof(gnutls_x509_crq_int)); - - if (*crq) { - int result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-10-CertificationRequest", - &((*crq)->crq)); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free(*crq); - return _gnutls_asn2err(result); + *crq = gnutls_calloc (1, sizeof (gnutls_x509_crq_int)); + + if (*crq) + { + int result = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-10-CertificationRequest", + &((*crq)->crq)); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (*crq); + return _gnutls_asn2err (result); } - return 0; /* success */ + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /** @@ -76,15 +79,16 @@ int gnutls_x509_crq_init(gnutls_x509_crq_t * crq) * This function will deinitialize a CRL structure. * **/ -void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq) +void +gnutls_x509_crq_deinit (gnutls_x509_crq_t crq) { - if (!crq) - return; + if (!crq) + return; - if (crq->crq) - asn1_delete_structure(&crq->crq); + if (crq->crq) + asn1_delete_structure (&crq->crq); - gnutls_free(crq); + gnutls_free (crq); } #define PEM_CRQ "NEW CERTIFICATE REQUEST" @@ -104,61 +108,64 @@ void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq) * Returns 0 on success. * **/ -int gnutls_x509_crq_import(gnutls_x509_crq_t crq, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int +gnutls_x509_crq_import (gnutls_x509_crq_t crq, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; + int result = 0, need_free = 0; + gnutls_datum_t _data; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - _data.data = data->data; - _data.size = data->size; + _data.data = data->data; + _data.size = data->size; - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; - /* Try the first header */ - result = _gnutls_fbase64_decode(PEM_CRQ, data->data, data->size, - &out); + /* Try the first header */ + result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &out); - if (result <= 0) /* Go for the second header */ - result = - _gnutls_fbase64_decode(PEM_CRQ2, data->data, data->size, - &out); + if (result <= 0) /* Go for the second header */ + result = + _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out); - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - result = asn1_der_decoding(&crq->crq, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + result = asn1_der_decoding (&crq->crq, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - result = 0; + result = 0; - cleanup: - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + if (need_free) + _gnutls_free_datum (&_data); + return result; } @@ -181,17 +188,18 @@ int gnutls_x509_crq_import(gnutls_x509_crq_t crq, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, - size_t * sizeof_buf) +int +gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf) { - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - buf, sizeof_buf); + return _gnutls_x509_parse_dn (crq->crq, + "certificationRequestInfo.subject.rdnSequence", + buf, sizeof_buf); } /** @@ -222,18 +230,20 @@ int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) +int +gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn_oid(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + return _gnutls_x509_parse_dn_oid (crq->crq, + "certificationRequestInfo.subject.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -253,17 +263,19 @@ int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, - int indx, void *oid, size_t * sizeof_oid) +int +gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, + int indx, void *oid, size_t * sizeof_oid) { - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn_oid(crq->crq, - "certificationRequestInfo.subject.rdnSequence", - indx, oid, sizeof_oid); + return _gnutls_x509_get_dn_oid (crq->crq, + "certificationRequestInfo.subject.rdnSequence", + indx, oid, sizeof_oid); } /* Parses an Attribute list in the asn1_struct, and searches for the @@ -274,127 +286,146 @@ int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, * asn1_attr_name must be a string in the form "certificationRequestInfo.attributes" * */ -static int parse_attribute(ASN1_TYPE asn1_struct, - const char *attr_name, const char *given_oid, int indx, int raw, - char *buf, size_t * sizeof_buf) +static int +parse_attribute (ASN1_TYPE asn1_struct, + const char *attr_name, const char *given_oid, int indx, + int raw, char *buf, size_t * sizeof_buf) { - int k1, result; - char tmpbuffer1[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - char value[200]; - char oid[128]; - int len, printable; - - if (*sizeof_buf == 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + int k1, result; + char tmpbuffer1[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + char value[200]; + char oid[128]; + int len, printable; + + if (*sizeof_buf == 0) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - buf[0] = 0; + buf[0] = 0; - k1 = 0; - do { + k1 = 0; + do + { - k1++; - /* create a string like "attribute.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), attr_name); + k1++; + /* create a string like "attribute.?1" + */ + _gnutls_int2str (k1, counter); + _gnutls_str_cpy (tmpbuffer1, sizeof (tmpbuffer1), attr_name); - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); + if (strlen (tmpbuffer1) > 0) + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "."); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "?"); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), counter); - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Move to the attibute type and values - */ - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer1); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); - - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Move to the attibute type and values + */ + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); + + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (strcmp(oid, given_oid) == 0) { /* Found the OID */ + if (strcmp (oid, given_oid) == 0) + { /* Found the OID */ - /* Read the Value - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer1); + /* Read the Value + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1); - _gnutls_int2str(indx + 1, counter); + _gnutls_int2str (indx + 1, counter); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".values.?"); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), counter); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".values.?"); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), counter); - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, value, &len); + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (raw==0) { - printable = _gnutls_x509_oid_data_printable(oid); - if (printable == 1) { - if ((result = - _gnutls_x509_oid_data2string - (oid, value, len, buf, sizeof_buf)) < 0) { - gnutls_assert(); - goto cleanup; - } - return 0; - } else { - gnutls_assert(); - return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE; - } - } else { /* raw!=0 */ - if (*sizeof_buf > (size_t)len && buf!=NULL) { - *sizeof_buf = len; - memcpy( buf, value, len); - - return 0; - } else { - *sizeof_buf = len; - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - } + if (raw == 0) + { + printable = _gnutls_x509_oid_data_printable (oid); + if (printable == 1) + { + if ((result = + _gnutls_x509_oid_data2string + (oid, value, len, buf, sizeof_buf)) < 0) + { + gnutls_assert (); + goto cleanup; + } + return 0; + } + else + { + gnutls_assert (); + return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE; + } + } + else + { /* raw!=0 */ + if (*sizeof_buf > (size_t) len && buf != NULL) + { + *sizeof_buf = len; + memcpy (buf, value, len); + + return 0; + } + else + { + *sizeof_buf = len; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + } } - } while (1); + } + while (1); - gnutls_assert(); + gnutls_assert (); - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: - return result; +cleanup: + return result; } /** @@ -409,17 +440,19 @@ static int parse_attribute(ASN1_TYPE asn1_struct, * Returns 0 on success. * **/ -int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, - const char *pass, - size_t * sizeof_pass) +int +gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, + const char *pass, + size_t * sizeof_pass) { - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return parse_attribute(crq->crq, "certificationRequestInfo.attributes", - "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass); + return parse_attribute (crq->crq, "certificationRequestInfo.attributes", + "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass); } /** @@ -435,37 +468,43 @@ int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, * Returns 0 on success. * **/ -int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, - const char* oid, void* buf, size_t sizeof_buf) +int +gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, + const char *oid, void *buf, + size_t sizeof_buf) { - int result; + int result; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Add the attribute. - */ - result = - asn1_write_value(crq->crq, "certificationRequestInfo.attributes", - "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* Add the attribute. + */ + result = + asn1_write_value (crq->crq, "certificationRequestInfo.attributes", + "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_encode_and_write_attribute(oid, - crq->crq, "certificationRequestInfo.attributes.?LAST", - buf, sizeof_buf, 1); + result = + _gnutls_x509_encode_and_write_attribute (oid, + crq->crq, + "certificationRequestInfo.attributes.?LAST", + buf, sizeof_buf, 1); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -483,16 +522,19 @@ int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, * Returns 0 on success. * **/ -int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, - const char* oid, int indx, void* buf, size_t* sizeof_buf) +int +gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, + const char *oid, int indx, void *buf, + size_t * sizeof_buf) { - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return parse_attribute(crq->crq, "certificationRequestInfo.attributes", - oid, indx, 1, buf, sizeof_buf); + return parse_attribute (crq->crq, "certificationRequestInfo.attributes", + oid, indx, 1, buf, sizeof_buf); } /** @@ -515,17 +557,19 @@ int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, * Returns 0 on success. * **/ -int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, - unsigned int raw_flag, const void *data, - unsigned int sizeof_data) +int +gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, + unsigned int raw_flag, const void *data, + unsigned int sizeof_data) { - if (sizeof_data == 0 || data == NULL || crq == NULL) { - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_data == 0 || data == NULL || crq == NULL) + { + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_dn_oid(crq->crq, - "certificationRequestInfo.subject", oid, - raw_flag, data, sizeof_data); + return _gnutls_x509_set_dn_oid (crq->crq, + "certificationRequestInfo.subject", oid, + raw_flag, data, sizeof_data); } /** @@ -539,29 +583,30 @@ int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char *oid, * Returns 0 on success. * **/ -int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, - unsigned int version) +int +gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version) { - int result; - unsigned char null = version; + int result; + unsigned char null = version; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (null > 0) - null--; + if (null > 0) + null--; - result = - asn1_write_value(crq->crq, "certificationRequestInfo.version", - &null, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_write_value (crq->crq, "certificationRequestInfo.version", &null, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /** @@ -573,28 +618,31 @@ int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, * Returns a negative value on error. * **/ -int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq) +int +gnutls_x509_crq_get_version (gnutls_x509_crq_t crq) { - opaque version[5]; - int len, result; + opaque version[5]; + int len, result; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - len = sizeof(version); - if ((result = - asn1_read_value(crq->crq, "certificationRequestInfo.version", - version, &len)) != ASN1_SUCCESS) { + len = sizeof (version); + if ((result = + asn1_read_value (crq->crq, "certificationRequestInfo.version", + version, &len)) != ASN1_SUCCESS) + { - if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + return 1; /* the DEFAULT version */ + gnutls_assert (); + return _gnutls_asn2err (result); } - return (int) version[0] + 1; + return (int) version[0] + 1; } /** @@ -608,28 +656,30 @@ int gnutls_x509_crq_get_version(gnutls_x509_crq_t crq) * Returns 0 on success. * **/ -int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, - gnutls_x509_privkey_t key) +int +gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) { - int result; + int result; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_encode_and_copy_PKI_params(crq->crq, - "certificationRequestInfo.subjectPKInfo", - key->pk_algorithm, - key->params, - key->params_size); + result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq, + "certificationRequestInfo.subjectPKInfo", + key->pk_algorithm, + key->params, + key->params_size); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -642,38 +692,42 @@ int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, * Returns 0 on success. * **/ -int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, - const char *pass) +int +gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, + const char *pass) { - int result; + int result; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Add the attribute. - */ - result = - asn1_write_value(crq->crq, "certificationRequestInfo.attributes", - "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* Add the attribute. + */ + result = + asn1_write_value (crq->crq, "certificationRequestInfo.attributes", + "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_encode_and_write_attribute("1.2.840.113549.1.9.7", - crq->crq, - "certificationRequestInfo.attributes.?LAST", - pass, strlen(pass), 1); + result = + _gnutls_x509_encode_and_write_attribute ("1.2.840.113549.1.9.7", + crq->crq, + "certificationRequestInfo.attributes.?LAST", + pass, strlen (pass), 1); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -693,51 +747,57 @@ int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, * Returns 0 on success. * **/ -int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t dig, unsigned int flags) +int +gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t dig, unsigned int flags) { - int result; - gnutls_datum_t signature; + int result; + gnutls_datum_t signature; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Step 1. Self sign the request. - */ - result = - _gnutls_x509_sign_tbs(crq->crq, "certificationRequestInfo", - dig, key, &signature); + /* Step 1. Self sign the request. + */ + result = + _gnutls_x509_sign_tbs (crq->crq, "certificationRequestInfo", + dig, key, &signature); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. write the signature (bits) - */ - result = - asn1_write_value(crq->crq, "signature", signature.data, - signature.size * 8); + /* Step 2. write the signature (bits) + */ + result = + asn1_write_value (crq->crq, "signature", signature.data, + signature.size * 8); - _gnutls_free_datum(&signature); + _gnutls_free_datum (&signature); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* Step 3. Write the signatureAlgorithm field. - */ - result = _gnutls_x509_write_sig_params(crq->crq, "signatureAlgorithm", - key->pk_algorithm, dig, key->params, key->params_size); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 3. Write the signatureAlgorithm field. + */ + result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm", + key->pk_algorithm, dig, key->params, + key->params_size); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -751,9 +811,10 @@ int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, * Returns 0 on success. * **/ -int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) +int +gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) { - return gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0); + return gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0); } /** @@ -777,18 +838,20 @@ int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) * returned, and 0 on success. * **/ -int gnutls_x509_crq_export(gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +int +gnutls_x509_crq_export (gnutls_x509_crq_t crq, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(crq->crq, format, PEM_CRQ, - *output_data_size, output_data, - output_data_size); + return _gnutls_x509_export_int (crq->crq, format, PEM_CRQ, + *output_data_size, output_data, + output_data_size); } /** @@ -808,25 +871,27 @@ int gnutls_x509_crq_export(gnutls_x509_crq_t crq, * or a negative value on error. * **/ -int gnutls_x509_crq_get_pk_algorithm(gnutls_x509_crq_t crq, - unsigned int *bits) +int +gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits) { - int result; + int result; - if (crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = - _gnutls_x509_get_pk_algorithm(crq->crq, - "certificationRequestInfo.subjectPKInfo", - bits); - if (result < 0) { - gnutls_assert(); + result = + _gnutls_x509_get_pk_algorithm (crq->crq, + "certificationRequestInfo.subjectPKInfo", + bits); + if (result < 0) + { + gnutls_assert (); } - return result; + return result; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/crq.h b/lib/x509/crq.h index 96b215ea9d..6021096b5c 100644 --- a/lib/x509/crq.h +++ b/lib/x509/crq.h @@ -24,6 +24,7 @@ #include <gnutls/x509.h> -typedef struct gnutls_x509_crq_int { +typedef struct gnutls_x509_crq_int +{ ASN1_TYPE crq; } gnutls_x509_crq_int; diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 9f4a23b7e1..c8b28c5fb3 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -39,42 +39,45 @@ /* Converts the given OID to an ldap acceptable string or * a dotted OID. */ -static const char *oid2ldap_string(const char *oid) +static const char * +oid2ldap_string (const char *oid) { - const char *ret; + const char *ret; - ret = _gnutls_x509_oid2ldap_string(oid); - if (ret) - return ret; + ret = _gnutls_x509_oid2ldap_string (oid); + if (ret) + return ret; - /* else return the OID in dotted format */ - return oid; + /* else return the OID in dotted format */ + return oid; } /* Escapes a string following the rules from RFC2253. */ -static char *str_escape(char *str, char *buffer, unsigned int buffer_size) +static char * +str_escape (char *str, char *buffer, unsigned int buffer_size) { - int str_length, j, i; + int str_length, j, i; - if (str == NULL || buffer == NULL) - return NULL; + if (str == NULL || buffer == NULL) + return NULL; - str_length = MIN(strlen(str), buffer_size - 1); + str_length = MIN (strlen (str), buffer_size - 1); - for (i = j = 0; i < str_length; i++) { - if (str[i] == ',' || str[i] == '+' || str[i] == '"' - || str[i] == '\\' || str[i] == '<' || str[i] == '>' - || str[i] == ';') - buffer[j++] = '\\'; + for (i = j = 0; i < str_length; i++) + { + if (str[i] == ',' || str[i] == '+' || str[i] == '"' + || str[i] == '\\' || str[i] == '<' || str[i] == '>' + || str[i] == ';') + buffer[j++] = '\\'; - buffer[j++] = str[i]; + buffer[j++] = str[i]; } - /* null terminate the string */ - buffer[j] = 0; + /* null terminate the string */ + buffer[j] = 0; - return buffer; + return buffer; } /* Parses an X509 DN in the asn1_struct, and puts the output into @@ -83,224 +86,241 @@ static char *str_escape(char *str, char *buffer, unsigned int buffer_size) * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence". * That is to point in the rndSequence. */ -int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf) +int +_gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf) { - gnutls_string out_str; - int k2, k1, result; - char tmpbuffer1[64]; - char tmpbuffer2[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - opaque value[MAX_STRING_LEN], *value2 = NULL; - char *escaped = NULL; - const char *ldap_desc; - char oid[128]; - int len, printable; - char *string = NULL; - size_t sizeof_string, sizeof_escaped; - - if (sizeof_buf == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_string out_str; + int k2, k1, result; + char tmpbuffer1[64]; + char tmpbuffer2[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + opaque value[MAX_STRING_LEN], *value2 = NULL; + char *escaped = NULL; + const char *ldap_desc; + char oid[128]; + int len, printable; + char *string = NULL; + size_t sizeof_string, sizeof_escaped; + + if (sizeof_buf == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (buf) - buf[0] = 0; - else - *sizeof_buf = 0; + if (buf) + buf[0] = 0; + else + *sizeof_buf = 0; + + _gnutls_string_init (&out_str, gnutls_malloc, gnutls_realloc, gnutls_free); + + k1 = 0; + do + { + + k1++; + /* create a string like "tbsCertList.issuer.rdnSequence.?1" + */ + _gnutls_int2str (k1, counter); + _gnutls_str_cpy (tmpbuffer1, sizeof (tmpbuffer1), asn1_rdn_name); + if (strlen (tmpbuffer1) > 0) + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "."); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "?"); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), counter); + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; + } - _gnutls_string_init(&out_str, gnutls_malloc, gnutls_realloc, - gnutls_free); + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } - k1 = 0; - do { + k2 = 0; - k1++; - /* create a string like "tbsCertList.issuer.rdnSequence.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); + do + { /* Move to the attibute type and values + */ + k2++; - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); + _gnutls_int2str (k2, counter); + _gnutls_str_cpy (tmpbuffer2, sizeof (tmpbuffer2), tmpbuffer1); + if (strlen (tmpbuffer2) > 0) + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), "."); + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), "?"); + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), counter); - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; - } + /* Try to read the RelativeDistinguishedName attributes. + */ - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - k2 = 0; + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); - do { /* Move to the attibute type and values - */ - k2++; - - _gnutls_int2str(k2, counter); - _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); - if (strlen(tmpbuffer2) > 0) - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); - - /* Try to read the RelativeDistinguishedName attributes. - */ - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Read the Value - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); + /* Read the Value + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); - len = 0; - result = asn1_read_value(asn1_struct, tmpbuffer3, NULL, &len); + len = 0; + result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len); - value2 = gnutls_malloc(len); - if (value2 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; + value2 = gnutls_malloc (len); + if (value2 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } - result = - asn1_read_value(asn1_struct, tmpbuffer3, value2, &len); + result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } #define STR_APPEND(y) if ((result=_gnutls_string_append_str( &out_str, y)) < 0) { \ gnutls_assert(); \ goto cleanup; \ } - /* The encodings of adjoining RelativeDistinguishedNames are separated - * by a comma character (',' ASCII 44). - */ - - /* Where there is a multi-valued RDN, the outputs from adjoining - * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) - * character. - */ - if (k1 != 1) { /* the first time do not append a comma */ - if (k2 != 1) { /* adjoining multi-value RDN */ - STR_APPEND("+"); - } else { - STR_APPEND(","); + /* The encodings of adjoining RelativeDistinguishedNames are separated + * by a comma character (',' ASCII 44). + */ + + /* Where there is a multi-valued RDN, the outputs from adjoining + * AttributeTypeAndValues are separated by a plus ('+' ASCII 43) + * character. + */ + if (k1 != 1) + { /* the first time do not append a comma */ + if (k2 != 1) + { /* adjoining multi-value RDN */ + STR_APPEND ("+"); + } + else + { + STR_APPEND (","); } } - ldap_desc = oid2ldap_string(oid); - printable = _gnutls_x509_oid_data_printable(oid); + ldap_desc = oid2ldap_string (oid); + printable = _gnutls_x509_oid_data_printable (oid); - sizeof_escaped = 2 * len + 1; + sizeof_escaped = 2 * len + 1; - escaped = gnutls_malloc(sizeof_escaped); - if (escaped == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; + escaped = gnutls_malloc (sizeof_escaped); + if (escaped == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } - sizeof_string = 2 * len + 2; /* in case it is not printable */ + sizeof_string = 2 * len + 2; /* in case it is not printable */ - string = gnutls_malloc(sizeof_string); - if (string == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; + string = gnutls_malloc (sizeof_string); + if (string == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } - STR_APPEND(ldap_desc); - STR_APPEND("="); - if (printable) - result = - _gnutls_x509_oid_data2string(oid, - value2, len, - string, &sizeof_string); - else - result = - _gnutls_x509_data2hex(value2, len, string, - &sizeof_string); - - if (result < 0) { - gnutls_assert(); - _gnutls_x509_log - ("Found OID: '%s' with value '%s'\n", - oid, _gnutls_bin2hex(value2, - len, escaped, sizeof_escaped)); - goto cleanup; + STR_APPEND (ldap_desc); + STR_APPEND ("="); + if (printable) + result = + _gnutls_x509_oid_data2string (oid, + value2, len, + string, &sizeof_string); + else + result = + _gnutls_x509_data2hex (value2, len, string, &sizeof_string); + + if (result < 0) + { + gnutls_assert (); + _gnutls_x509_log + ("Found OID: '%s' with value '%s'\n", + oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped)); + goto cleanup; } - STR_APPEND(str_escape(string, escaped, sizeof_escaped)); - gnutls_free(string); - string = NULL; + STR_APPEND (str_escape (string, escaped, sizeof_escaped)); + gnutls_free (string); + string = NULL; - gnutls_free(escaped); - escaped = NULL; - gnutls_free(value2); - value2 = NULL; + gnutls_free (escaped); + escaped = NULL; + gnutls_free (value2); + value2 = NULL; - } while (1); - - } while (1); + } + while (1); - if (out_str.length >= (unsigned int) *sizeof_buf) { - gnutls_assert(); - *sizeof_buf = out_str.length + 1; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; + } + while (1); + + if (out_str.length >= (unsigned int) *sizeof_buf) + { + gnutls_assert (); + *sizeof_buf = out_str.length + 1; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - if (buf) { - memcpy(buf, out_str.data, out_str.length); - buf[out_str.length] = 0; + if (buf) + { + memcpy (buf, out_str.data, out_str.length); + buf[out_str.length] = 0; } - *sizeof_buf = out_str.length; + *sizeof_buf = out_str.length; - result = 0; + result = 0; - cleanup: - gnutls_free(value2); - gnutls_free(string); - gnutls_free(escaped); - _gnutls_string_clear(&out_str); - return result; +cleanup: + gnutls_free (value2); + gnutls_free (string); + gnutls_free (escaped); + _gnutls_string_clear (&out_str); + return result; } /* Parses an X509 DN in the asn1_struct, and searches for the @@ -315,162 +335,176 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, * indx specifies which OID to return. Ie 0 means return the first specified * OID found, 1 the second etc. */ -int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - const char *given_oid, int indx, - unsigned int raw_flag, - void *buf, size_t * sizeof_buf) +int +_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, + const char *given_oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { - int k2, k1, result; - char tmpbuffer1[64]; - char tmpbuffer2[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - opaque value[256]; - char oid[128]; - int len, printable; - int i = 0; - char *cbuf = buf; - - if (cbuf == NULL) - *sizeof_buf = 0; - else - cbuf[0] = 0; - - k1 = 0; - do { - - k1++; - /* create a string like "tbsCertList.issuer.rdnSequence.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); - - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; + int k2, k1, result; + char tmpbuffer1[64]; + char tmpbuffer2[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + opaque value[256]; + char oid[128]; + int len, printable; + int i = 0; + char *cbuf = buf; + + if (cbuf == NULL) + *sizeof_buf = 0; + else + cbuf[0] = 0; + + k1 = 0; + do + { + + k1++; + /* create a string like "tbsCertList.issuer.rdnSequence.?1" + */ + _gnutls_int2str (k1, counter); + _gnutls_str_cpy (tmpbuffer1, sizeof (tmpbuffer1), asn1_rdn_name); + + if (strlen (tmpbuffer1) > 0) + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "."); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "?"); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), counter); + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - k2 = 0; + k2 = 0; - do { /* Move to the attibute type and values + do + { /* Move to the attibute type and values */ - k2++; + k2++; - _gnutls_int2str(k2, counter); - _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); + _gnutls_int2str (k2, counter); + _gnutls_str_cpy (tmpbuffer2, sizeof (tmpbuffer2), tmpbuffer1); - if (strlen(tmpbuffer2) > 0) - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); + if (strlen (tmpbuffer2) > 0) + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), "."); + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), "?"); + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), counter); - /* Try to read the RelativeDistinguishedName attributes. - */ + /* Try to read the RelativeDistinguishedName attributes. + */ - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (strcmp(oid, given_oid) == 0 && indx == i++) { /* Found the OID */ + if (strcmp (oid, given_oid) == 0 && indx == i++) + { /* Found the OID */ - /* Read the Value - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), - tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".value"); + /* Read the Value + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value"); - len = *sizeof_buf; - result = - asn1_read_value(asn1_struct, tmpbuffer3, buf, &len); + len = *sizeof_buf; + result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - if (result==ASN1_MEM_ERROR) - *sizeof_buf = len; - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + if (result == ASN1_MEM_ERROR) + *sizeof_buf = len; + result = _gnutls_asn2err (result); + goto cleanup; } - if (raw_flag != 0) { - if ((uint) len > *sizeof_buf) { - *sizeof_buf = len; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; + if (raw_flag != 0) + { + if ((uint) len > *sizeof_buf) + { + *sizeof_buf = len; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - *sizeof_buf = len; - - return 0; - - } else { /* parse data. raw_flag == 0 */ - printable = _gnutls_x509_oid_data_printable(oid); + *sizeof_buf = len; - if (printable == 1) - result = - _gnutls_x509_oid_data2string(oid, buf, len, - cbuf, sizeof_buf); - else - result = - _gnutls_x509_data2hex(buf, len, cbuf, - sizeof_buf); + return 0; - if (result < 0) { - gnutls_assert(); - goto cleanup; + } + else + { /* parse data. raw_flag == 0 */ + printable = _gnutls_x509_oid_data_printable (oid); + + if (printable == 1) + result = + _gnutls_x509_oid_data2string (oid, buf, len, + cbuf, sizeof_buf); + else + result = + _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf); + + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - return 0; + return 0; } /* raw_flag == 0 */ } - } while (1); + } + while (1); - } while (1); + } + while (1); - gnutls_assert(); + gnutls_assert (); - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: - return result; +cleanup: + return result; } @@ -483,281 +517,309 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, * indx specifies which OID to return. Ie 0 means return the first specified * OID found, 1 the second etc. */ -int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t * sizeof_oid) +int +_gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid) { - int k2, k1, result; - char tmpbuffer1[64]; - char tmpbuffer2[64]; - char tmpbuffer3[64]; - char counter[MAX_INT_DIGITS]; - char value[256]; - char oid[128]; - int len; - int i = 0; - - k1 = 0; - do { - - k1++; - /* create a string like "tbsCertList.issuer.rdnSequence.?1" - */ - _gnutls_int2str(k1, counter); - _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), asn1_rdn_name); - - if (strlen(tmpbuffer1) > 0) - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "."); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), "?"); - _gnutls_str_cat(tmpbuffer1, sizeof(tmpbuffer1), counter); - - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer1, value, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; + int k2, k1, result; + char tmpbuffer1[64]; + char tmpbuffer2[64]; + char tmpbuffer3[64]; + char counter[MAX_INT_DIGITS]; + char value[256]; + char oid[128]; + int len; + int i = 0; + + k1 = 0; + do + { + + k1++; + /* create a string like "tbsCertList.issuer.rdnSequence.?1" + */ + _gnutls_int2str (k1, counter); + _gnutls_str_cpy (tmpbuffer1, sizeof (tmpbuffer1), asn1_rdn_name); + + if (strlen (tmpbuffer1) > 0) + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "."); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), "?"); + _gnutls_str_cat (tmpbuffer1, sizeof (tmpbuffer1), counter); + + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - k2 = 0; + k2 = 0; - do { /* Move to the attibute type and values + do + { /* Move to the attibute type and values */ - k2++; + k2++; - _gnutls_int2str(k2, counter); - _gnutls_str_cpy(tmpbuffer2, sizeof(tmpbuffer2), tmpbuffer1); + _gnutls_int2str (k2, counter); + _gnutls_str_cpy (tmpbuffer2, sizeof (tmpbuffer2), tmpbuffer1); - if (strlen(tmpbuffer2) > 0) - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "."); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), "?"); - _gnutls_str_cat(tmpbuffer2, sizeof(tmpbuffer2), counter); + if (strlen (tmpbuffer2) > 0) + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), "."); + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), "?"); + _gnutls_str_cat (tmpbuffer2, sizeof (tmpbuffer2), counter); - /* Try to read the RelativeDistinguishedName attributes. - */ + /* Try to read the RelativeDistinguishedName attributes. + */ - len = sizeof(value) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer2, value, &len); + len = sizeof (value) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; } - if (result != ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer3, sizeof(tmpbuffer3), tmpbuffer2); - _gnutls_str_cat(tmpbuffer3, sizeof(tmpbuffer3), ".type"); + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2); + _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type"); - len = sizeof(oid) - 1; - result = asn1_read_value(asn1_struct, tmpbuffer3, oid, &len); + len = sizeof (oid) - 1; + result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (indx == i++) { /* Found the OID */ + if (indx == i++) + { /* Found the OID */ - len = strlen(oid) + 1; + len = strlen (oid) + 1; - if (*sizeof_oid < (uint) len) { - *sizeof_oid = len; - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (*sizeof_oid < (uint) len) + { + *sizeof_oid = len; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - memcpy(_oid, oid, len); - *sizeof_oid = len - 1; + memcpy (_oid, oid, len); + *sizeof_oid = len - 1; - return 0; + return 0; } - } while (1); + } + while (1); - } while (1); + } + while (1); - gnutls_assert(); + gnutls_assert (); - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - cleanup: - return result; +cleanup: + return result; } /* This will encode and write the AttributeTypeAndValue field. * 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute. * In all cases only one value is written. */ -int _gnutls_x509_encode_and_write_attribute(const char *given_oid, - ASN1_TYPE asn1_struct, - const char *where, - const void *_data, - int sizeof_data, int multi) +int +_gnutls_x509_encode_and_write_attribute (const char *given_oid, + ASN1_TYPE asn1_struct, + const char *where, + const void *_data, + int sizeof_data, int multi) { - const char *val_name; - const opaque *data = _data; - char tmp[128]; - ASN1_TYPE c2; - int result; - - - /* Find how to encode the data. - */ - val_name = asn1_find_structure_from_oid(_gnutls_get_pkix(), given_oid); - if (val_name == NULL) { - gnutls_assert(); - return GNUTLS_E_X509_UNSUPPORTED_OID; + const char *val_name; + const opaque *data = _data; + char tmp[128]; + ASN1_TYPE c2; + int result; + + + /* Find how to encode the data. + */ + val_name = asn1_find_structure_from_oid (_gnutls_get_pkix (), given_oid); + if (val_name == NULL) + { + gnutls_assert (); + return GNUTLS_E_X509_UNSUPPORTED_OID; } - _gnutls_str_cpy(tmp, sizeof(tmp), "PKIX1."); - _gnutls_str_cat(tmp, sizeof(tmp), val_name); + _gnutls_str_cpy (tmp, sizeof (tmp), "PKIX1."); + _gnutls_str_cat (tmp, sizeof (tmp), val_name); - result = asn1_create_element(_gnutls_get_pkix(), tmp, &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_create_element (_gnutls_get_pkix (), tmp, &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - tmp[0] = 0; + tmp[0] = 0; - if ((result = _gnutls_x509_oid_data_choice(given_oid)) > 0) { - char *string_type; - int i; + if ((result = _gnutls_x509_oid_data_choice (given_oid)) > 0) + { + char *string_type; + int i; - string_type = "printableString"; + string_type = "printableString"; - /* Check if the data is plain ascii, and use - * the UTF8 string type if not. - */ - for (i = 0; i < sizeof_data; i++) { - if (!isascii(data[i])) { - string_type = "utf8String"; - break; + /* Check if the data is plain ascii, and use + * the UTF8 string type if not. + */ + for (i = 0; i < sizeof_data; i++) + { + if (!isascii (data[i])) + { + string_type = "utf8String"; + break; } } - /* if the type is a CHOICE then write the - * type we'll use. - */ - result = asn1_write_value(c2, "", string_type, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + /* if the type is a CHOICE then write the + * type we'll use. + */ + result = asn1_write_value (c2, "", string_type, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - _gnutls_str_cpy(tmp, sizeof(tmp), string_type); + _gnutls_str_cpy (tmp, sizeof (tmp), string_type); } - result = asn1_write_value(c2, tmp, data, sizeof_data); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + result = asn1_write_value (c2, tmp, data, sizeof_data); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - /* write the data (value) - */ + /* write the data (value) + */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".value"); + _gnutls_str_cpy (tmp, sizeof (tmp), where); + _gnutls_str_cat (tmp, sizeof (tmp), ".value"); - if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ + if (multi != 0) + { /* if not writing an AttributeTypeAndValue, but an Attribute */ + _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */ - result = asn1_write_value(asn1_struct, tmp, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (asn1_struct, tmp, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); + _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST"); } - result = _gnutls_x509_der_encode_and_copy(c2, "", asn1_struct, tmp, 0); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_der_encode_and_copy (c2, "", asn1_struct, tmp, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - /* write the type - */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".type"); + /* write the type + */ + _gnutls_str_cpy (tmp, sizeof (tmp), where); + _gnutls_str_cat (tmp, sizeof (tmp), ".type"); - result = asn1_write_value(asn1_struct, tmp, given_oid, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (asn1_struct, tmp, given_oid, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /* This will write the AttributeTypeAndValue field. The data must be already DER encoded. * 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute. * In all cases only one value is written. */ -int _gnutls_x509_write_attribute(const char *given_oid, - ASN1_TYPE asn1_struct, const char *where, - const void *_data, int sizeof_data, - int multi) +int +_gnutls_x509_write_attribute (const char *given_oid, + ASN1_TYPE asn1_struct, const char *where, + const void *_data, int sizeof_data, int multi) { - char tmp[128]; - int result; + char tmp[128]; + int result; - /* write the data (value) - */ + /* write the data (value) + */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".value"); + _gnutls_str_cpy (tmp, sizeof (tmp), where); + _gnutls_str_cat (tmp, sizeof (tmp), ".value"); - if (multi != 0) { /* if not writing an AttributeTypeAndValue, but an Attribute */ - _gnutls_str_cat(tmp, sizeof(tmp), "s"); /* values */ + if (multi != 0) + { /* if not writing an AttributeTypeAndValue, but an Attribute */ + _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */ - result = asn1_write_value(asn1_struct, tmp, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (asn1_struct, tmp, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); + _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST"); } - result = asn1_write_value(asn1_struct, tmp, _data, sizeof_data); - if (result < 0) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (asn1_struct, tmp, _data, sizeof_data); + if (result < 0) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* write the type - */ - _gnutls_str_cpy(tmp, sizeof(tmp), where); - _gnutls_str_cat(tmp, sizeof(tmp), ".type"); + /* write the type + */ + _gnutls_str_cpy (tmp, sizeof (tmp), where); + _gnutls_str_cat (tmp, sizeof (tmp), ".type"); - result = asn1_write_value(asn1_struct, tmp, given_oid, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (asn1_struct, tmp, given_oid, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } @@ -769,43 +831,48 @@ int _gnutls_x509_write_attribute(const char *given_oid, * * The output is allocated and stored in value. */ -int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, - const char *where, char *oid, int oid_size, - gnutls_datum_t * value, int multi, int octet_string) +int +_gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct, + const char *where, char *oid, + int oid_size, gnutls_datum_t * value, + int multi, int octet_string) { - char tmpbuffer[128]; - int len, result; - - /* Read the OID - */ - _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where); - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type"); - - len = oid_size - 1; - result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len); - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - return result; + char tmpbuffer[128]; + int len, result; + + /* Read the OID + */ + _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); + _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type"); + + len = oid_size - 1; + result = asn1_read_value (asn1_struct, tmpbuffer, oid, &len); + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + return result; } - /* Read the Value - */ + /* Read the Value + */ - _gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where); - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value"); + _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where); + _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value"); - if (multi) - _gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1"); /* .values.?1 */ + if (multi) + _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */ - result = _gnutls_x509_read_value(asn1_struct, tmpbuffer, value, octet_string); - if (result < 0) { - gnutls_assert(); - return result; + result = + _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } @@ -816,73 +883,80 @@ int _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct, * That is to point before the rndSequence. * */ -int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_name, const char *given_oid, - int raw_flag, const char *name, - int sizeof_name) +int +_gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, + const char *asn1_name, const char *given_oid, + int raw_flag, const char *name, int sizeof_name) { - int result; - char tmp[64], asn1_rdn_name[64]; + int result; + char tmp[64], asn1_rdn_name[64]; - if (sizeof_name == 0 || name == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_name == 0 || name == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* create the rdnSequence - */ - result = asn1_write_value(asn1_struct, asn1_name, "rdnSequence", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* create the rdnSequence + */ + result = asn1_write_value (asn1_struct, asn1_name, "rdnSequence", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cpy(asn1_rdn_name, sizeof(asn1_rdn_name), asn1_name); - _gnutls_str_cat(asn1_rdn_name, sizeof(asn1_rdn_name), ".rdnSequence"); + _gnutls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name); + _gnutls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence"); - /* create a new element - */ - result = asn1_write_value(asn1_struct, asn1_rdn_name, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* create a new element + */ + result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST"); + _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name); + _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST"); - /* create the set with only one element - */ - result = asn1_write_value(asn1_struct, tmp, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* create the set with only one element + */ + result = asn1_write_value (asn1_struct, tmp, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* Encode and write the data - */ - _gnutls_str_cpy(tmp, sizeof(tmp), asn1_rdn_name); - _gnutls_str_cat(tmp, sizeof(tmp), ".?LAST.?LAST"); - - if (!raw_flag) { - result = - _gnutls_x509_encode_and_write_attribute(given_oid, - asn1_struct, - tmp, name, - sizeof_name, 0); - } else { - result = - _gnutls_x509_write_attribute(given_oid, asn1_struct, - tmp, name, sizeof_name, 0); + /* Encode and write the data + */ + _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name); + _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST"); + + if (!raw_flag) + { + result = + _gnutls_x509_encode_and_write_attribute (given_oid, + asn1_struct, + tmp, name, sizeof_name, 0); + } + else + { + result = + _gnutls_x509_write_attribute (given_oid, asn1_struct, + tmp, name, sizeof_name, 0); } - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } @@ -901,40 +975,44 @@ int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, * success 0 is returned. * **/ -int gnutls_x509_rdn_get(const gnutls_datum_t * idn, - char *buf, size_t * sizeof_buf) +int +gnutls_x509_rdn_get (const gnutls_datum_t * idn, + char *buf, size_t * sizeof_buf) { - int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE dn = ASN1_TYPE_EMPTY; - if (sizeof_buf == 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_buf == 0) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (buf) - buf[0] = 0; + if (buf) + buf[0] = 0; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.Name", &dn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&dn); - return _gnutls_asn2err(result); + result = asn1_der_decoding (&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) + { + /* couldn't decode DER */ + gnutls_assert (); + asn1_delete_structure (&dn); + return _gnutls_asn2err (result); } - result = _gnutls_x509_parse_dn(dn, "rdnSequence", buf, sizeof_buf); + result = _gnutls_x509_parse_dn (dn, "rdnSequence", buf, sizeof_buf); - asn1_delete_structure(&dn); - return result; + asn1_delete_structure (&dn); + return result; } @@ -956,38 +1034,42 @@ int gnutls_x509_rdn_get(const gnutls_datum_t * idn, * the provided buffer is not long enough, and 0 on success. * **/ -int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) +int +gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid, + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { - int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE dn = ASN1_TYPE_EMPTY; - if (sizeof_buf == 0) { - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_buf == 0) + { + return GNUTLS_E_INVALID_REQUEST; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.Name", &dn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&dn); - return _gnutls_asn2err(result); + result = asn1_der_decoding (&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) + { + /* couldn't decode DER */ + gnutls_assert (); + asn1_delete_structure (&dn); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_parse_dn_oid(dn, "rdnSequence", oid, indx, - raw_flag, buf, sizeof_buf); + result = + _gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx, + raw_flag, buf, sizeof_buf); - asn1_delete_structure(&dn); - return result; + asn1_delete_structure (&dn); + return result; } @@ -1005,36 +1087,39 @@ int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char *oid, * the provided buffer is not long enough, and 0 on success. * **/ -int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, - int indx, void *buf, size_t * sizeof_buf) +int +gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, + int indx, void *buf, size_t * sizeof_buf) { - int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE dn = ASN1_TYPE_EMPTY; - if (sizeof_buf == 0) { - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_buf == 0) + { + return GNUTLS_E_INVALID_REQUEST; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.Name", &dn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&dn, idn->data, idn->size, NULL); - if (result != ASN1_SUCCESS) { - /* couldn't decode DER */ - gnutls_assert(); - asn1_delete_structure(&dn); - return _gnutls_asn2err(result); + result = asn1_der_decoding (&dn, idn->data, idn->size, NULL); + if (result != ASN1_SUCCESS) + { + /* couldn't decode DER */ + gnutls_assert (); + asn1_delete_structure (&dn); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_get_dn_oid(dn, "rdnSequence", indx, buf, sizeof_buf); + result = _gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, sizeof_buf); - asn1_delete_structure(&dn); - return result; + asn1_delete_structure (&dn); + return result; } @@ -1046,17 +1131,20 @@ int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, * Returns 1 if the DN's match and zero if they don't match. Otherwise * a negative value is returned to indicate error. */ -int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2) +int +_gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, + const gnutls_datum_t * dn2) { - if (dn1->size != dn2->size) { - gnutls_assert(); - return 0; + if (dn1->size != dn2->size) + { + gnutls_assert (); + return 0; } - if (memcmp(dn1->data, dn2->data, dn2->size) != 0) { - gnutls_assert(); - return 0; + if (memcmp (dn1->data, dn2->data, dn2->size) != 0) + { + gnutls_assert (); + return 0; } - return 1; /* they match */ + return 1; /* they match */ } diff --git a/lib/x509/dn.h b/lib/x509/dn.h index 77d0356470..08cce091aa 100644 --- a/lib/x509/dn.h +++ b/lib/x509/dn.h @@ -37,23 +37,22 @@ #define OID_LDAP_UID "0.9.2342.19200300.100.1.1" #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" -int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, char *buf, - size_t * sizeof_buf); - -int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, const char *oid, - int indx, unsigned int raw_flag, void *buf, - size_t * sizeof_buf); - -int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, const char *oid, - int raw_flag, const char *name, - int sizeof_name); - -int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct, - const char *asn1_rdn_name, - int indx, void *_oid, size_t * sizeof_oid); +int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, char *buf, + size_t * sizeof_buf); + +int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, const char *oid, + int indx, unsigned int raw_flag, void *buf, + size_t * sizeof_buf); + +int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, const char *oid, + int raw_flag, const char *name, int sizeof_name); + +int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct, + const char *asn1_rdn_name, + int indx, void *_oid, size_t * sizeof_oid); #endif diff --git a/lib/x509/dsa.c b/lib/x509/dsa.c index 358fbb91bc..46559746e1 100644 --- a/lib/x509/dsa.c +++ b/lib/x509/dsa.c @@ -32,95 +32,104 @@ /* resarr will contain: p(0), q(1), g(2), y(3), x(4). */ -int _gnutls_dsa_generate_params(mpi_t * resarr, int *resarr_len, int bits) +int +_gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) { - int ret; - gcry_sexp_t parms, key, list; + int ret; + gcry_sexp_t parms, key, list; - if (bits < 512 || bits > 1024) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bits < 512 || bits > 1024) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = gcry_sexp_build(&parms, NULL, "(genkey(dsa(nbits %d)))", bits); - if (ret != 0) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits); + if (ret != 0) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - /* generate the DSA key - */ - ret = gcry_pk_genkey(&key, parms); - gcry_sexp_release(parms); + /* generate the DSA key + */ + ret = gcry_pk_genkey (&key, parms); + gcry_sexp_release (parms); - if (ret != 0) { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (ret != 0) + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - list = gcry_sexp_find_token(key, "p", 0); - if (list == NULL) { - gnutls_assert(); - gcry_sexp_release(key); - return GNUTLS_E_INTERNAL_ERROR; + list = gcry_sexp_find_token (key, "p", 0); + if (list == NULL) + { + gnutls_assert (); + gcry_sexp_release (key); + return GNUTLS_E_INTERNAL_ERROR; } - resarr[0] = gcry_sexp_nth_mpi(list, 1, 0); - gcry_sexp_release(list); + resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); - list = gcry_sexp_find_token(key, "q", 0); - if (list == NULL) { - gnutls_assert(); - gcry_sexp_release(key); - return GNUTLS_E_INTERNAL_ERROR; + list = gcry_sexp_find_token (key, "q", 0); + if (list == NULL) + { + gnutls_assert (); + gcry_sexp_release (key); + return GNUTLS_E_INTERNAL_ERROR; } - resarr[1] = gcry_sexp_nth_mpi(list, 1, 0); - gcry_sexp_release(list); + resarr[1] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); - list = gcry_sexp_find_token(key, "g", 0); - if (list == NULL) { - gnutls_assert(); - gcry_sexp_release(key); - return GNUTLS_E_INTERNAL_ERROR; + list = gcry_sexp_find_token (key, "g", 0); + if (list == NULL) + { + gnutls_assert (); + gcry_sexp_release (key); + return GNUTLS_E_INTERNAL_ERROR; } - resarr[2] = gcry_sexp_nth_mpi(list, 1, 0); - gcry_sexp_release(list); + resarr[2] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); - list = gcry_sexp_find_token(key, "y", 0); - if (list == NULL) { - gnutls_assert(); - gcry_sexp_release(key); - return GNUTLS_E_INTERNAL_ERROR; + list = gcry_sexp_find_token (key, "y", 0); + if (list == NULL) + { + gnutls_assert (); + gcry_sexp_release (key); + return GNUTLS_E_INTERNAL_ERROR; } - resarr[3] = gcry_sexp_nth_mpi(list, 1, 0); - gcry_sexp_release(list); + resarr[3] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); - list = gcry_sexp_find_token(key, "x", 0); - if (list == NULL) { - gnutls_assert(); - gcry_sexp_release(key); - return GNUTLS_E_INTERNAL_ERROR; + list = gcry_sexp_find_token (key, "x", 0); + if (list == NULL) + { + gnutls_assert (); + gcry_sexp_release (key); + return GNUTLS_E_INTERNAL_ERROR; } - resarr[4] = gcry_sexp_nth_mpi(list, 1, 0); - gcry_sexp_release(list); + resarr[4] = gcry_sexp_nth_mpi (list, 1, 0); + gcry_sexp_release (list); - gcry_sexp_release(key); + gcry_sexp_release (key); - _gnutls_dump_mpi("p: ", resarr[0]); - _gnutls_dump_mpi("q: ", resarr[1]); - _gnutls_dump_mpi("g: ", resarr[2]); - _gnutls_dump_mpi("y: ", resarr[3]); - _gnutls_dump_mpi("x: ", resarr[4]); + _gnutls_dump_mpi ("p: ", resarr[0]); + _gnutls_dump_mpi ("q: ", resarr[1]); + _gnutls_dump_mpi ("g: ", resarr[2]); + _gnutls_dump_mpi ("y: ", resarr[3]); + _gnutls_dump_mpi ("x: ", resarr[4]); - *resarr_len = 5; + *resarr_len = 5; - return 0; + return 0; } diff --git a/lib/x509/dsa.h b/lib/x509/dsa.h index 0ab9f113fc..2d1e2fda9b 100644 --- a/lib/x509/dsa.h +++ b/lib/x509/dsa.h @@ -22,4 +22,4 @@ * */ -int _gnutls_dsa_generate_params(mpi_t * resarr, int *resarr_len, int bits); +int _gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits); diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index 435a1d94d9..2961ce6914 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -43,116 +43,130 @@ * If the extension does not exist, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. */ -int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * ret, - unsigned int *_critical) +int +_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, + const char *extension_id, int indx, + gnutls_datum_t * ret, unsigned int *_critical) { - int k, result, len; - char name[128], name2[128], counter[MAX_INT_DIGITS]; - char str[1024]; - char str_critical[10]; - int critical = 0; - char extnID[128]; - gnutls_datum_t value; - int indx_counter = 0; - - ret->data = NULL; - ret->size = 0; - - k = 0; - do { - k++; - - _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); - _gnutls_int2str(k, counter); - _gnutls_str_cat(name, sizeof(name), counter); - - len = sizeof(str) - 1; - result = asn1_read_value(cert->cert, name, str, &len); - - /* move to next - */ - - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; + int k, result, len; + char name[128], name2[128], counter[MAX_INT_DIGITS]; + char str[1024]; + char str_critical[10]; + int critical = 0; + char extnID[128]; + gnutls_datum_t value; + int indx_counter = 0; + + ret->data = NULL; + ret->size = 0; + + k = 0; + do + { + k++; + + _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); + _gnutls_int2str (k, counter); + _gnutls_str_cat (name, sizeof (name), counter); + + len = sizeof (str) - 1; + result = asn1_read_value (cert->cert, name, str, &len); + + /* move to next + */ + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; } - do { + do + { - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".extnID"); + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - len = sizeof(extnID) - 1; - result = asn1_read_value(cert->cert, name2, extnID, &len); + len = sizeof (extnID) - 1; + result = asn1_read_value (cert->cert, name2, extnID, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; - } else if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* Handle Extension - */ - if (strcmp(extnID, extension_id) == 0 - && indx == indx_counter++) { - /* extension was found - */ - - /* read the critical status. - */ - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".critical"); - - len = sizeof(str_critical); - result = - asn1_read_value(cert->cert, name2, str_critical, &len); - - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; - } else if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* Handle Extension + */ + if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++) + { + /* extension was found + */ + + /* read the critical status. + */ + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".critical"); + + len = sizeof (str_critical); + result = + asn1_read_value (cert->cert, name2, str_critical, &len); + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if (str_critical[0] == 'T') - critical = 1; - else - critical = 0; - - /* read the value. - */ - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".extnValue"); - - result = _gnutls_x509_read_value(cert->cert, name2, - &value, 0); - if (result < 0) { - gnutls_assert(); - return result; + if (str_critical[0] == 'T') + critical = 1; + else + critical = 0; + + /* read the value. + */ + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnValue"); + + result = _gnutls_x509_read_value (cert->cert, name2, &value, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - ret->data = value.data; - ret->size = value.size; + ret->data = value.data; + ret->size = value.size; - if (_critical) - *_critical = critical; + if (_critical) + *_critical = critical; - return 0; + return 0; } - } while (0); - } while (1); + } + while (0); + } + while (1); - if (result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } else { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + else + { + gnutls_assert (); + return _gnutls_asn2err (result); } } @@ -162,76 +176,89 @@ int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will * be returned. */ -int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, - int indx, void *oid, - size_t * sizeof_oid) +int +_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, + int indx, void *oid, size_t * sizeof_oid) { - int k, result, len; - char name[128], name2[128], counter[MAX_INT_DIGITS]; - char str[1024]; - char extnID[128]; - int indx_counter = 0; - - k = 0; - do { - k++; - - _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); - _gnutls_int2str(k, counter); - _gnutls_str_cat(name, sizeof(name), counter); - - len = sizeof(str) - 1; - result = asn1_read_value(cert->cert, name, str, &len); - - /* move to next - */ - - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; + int k, result, len; + char name[128], name2[128], counter[MAX_INT_DIGITS]; + char str[1024]; + char extnID[128]; + int indx_counter = 0; + + k = 0; + do + { + k++; + + _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); + _gnutls_int2str (k, counter); + _gnutls_str_cat (name, sizeof (name), counter); + + len = sizeof (str) - 1; + result = asn1_read_value (cert->cert, name, str, &len); + + /* move to next + */ + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; } - do { + do + { - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".extnID"); + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - len = sizeof(extnID) - 1; - result = asn1_read_value(cert->cert, name2, extnID, &len); + len = sizeof (extnID) - 1; + result = asn1_read_value (cert->cert, name2, extnID, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; - } else if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* Handle Extension - */ - if (indx == indx_counter++) { - len = strlen(extnID) + 1; - - if (*sizeof_oid < (uint) len) { - *sizeof_oid = len; - gnutls_assert(); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + /* Handle Extension + */ + if (indx == indx_counter++) + { + len = strlen (extnID) + 1; + + if (*sizeof_oid < (uint) len) + { + *sizeof_oid = len; + gnutls_assert (); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - memcpy(oid, extnID, len); - *sizeof_oid = len - 1; + memcpy (oid, extnID, len); + *sizeof_oid = len - 1; - return 0; + return 0; } - } while (0); - } while (1); + } + while (0); + } + while (1); - if (result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } else { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + else + { + gnutls_assert (); + return _gnutls_asn2err (result); } } @@ -240,94 +267,100 @@ int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, * * Critical will be either 0 or 1. */ -static int set_extension(ASN1_TYPE asn, const char *extension_id, - const gnutls_datum_t * ext_data, - unsigned int critical) +static int +set_extension (ASN1_TYPE asn, const char *extension_id, + const gnutls_datum_t * ext_data, unsigned int critical) { - int result; - const char *str; + int result; + const char *str; - /* Add a new extension in the list. - */ - result = asn1_write_value(asn, "tbsCertificate.extensions", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* Add a new extension in the list. + */ + result = asn1_write_value (asn, "tbsCertificate.extensions", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - asn1_write_value(asn, "tbsCertificate.extensions.?LAST.extnID", - extension_id, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_write_value (asn, "tbsCertificate.extensions.?LAST.extnID", + extension_id, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if (critical == 0) - str = "FALSE"; - else - str = "TRUE"; + if (critical == 0) + str = "FALSE"; + else + str = "TRUE"; - result = - asn1_write_value(asn, "tbsCertificate.extensions.?LAST.critical", - str, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_write_value (asn, "tbsCertificate.extensions.?LAST.critical", + str, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_write_value(asn, - "tbsCertificate.extensions.?LAST.extnValue", - ext_data, 0); - if (result < 0) { - gnutls_assert(); - return result; + result = + _gnutls_x509_write_value (asn, + "tbsCertificate.extensions.?LAST.extnValue", + ext_data, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /* Overwrite the given extension (using the index) * index here starts from one. */ -static int overwrite_extension(ASN1_TYPE asn, unsigned int indx, - const gnutls_datum_t * ext_data, - unsigned int critical) +static int +overwrite_extension (ASN1_TYPE asn, unsigned int indx, + const gnutls_datum_t * ext_data, unsigned int critical) { - char name[128], name2[128], counter[MAX_INT_DIGITS]; - const char *str; - int result; + char name[128], name2[128], counter[MAX_INT_DIGITS]; + const char *str; + int result; - _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); - _gnutls_int2str(indx, counter); - _gnutls_str_cat(name, sizeof(name), counter); + _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); + _gnutls_int2str (indx, counter); + _gnutls_str_cat (name, sizeof (name), counter); - if (critical == 0) - str = "FALSE"; - else - str = "TRUE"; + if (critical == 0) + str = "FALSE"; + else + str = "TRUE"; - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".critical"); + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".critical"); - result = asn1_write_value(asn, name2, str, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (asn, name2, str, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".extnValue"); + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnValue"); - result = _gnutls_x509_write_value(asn, name2, ext_data, 0); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_write_value (asn, name2, ext_data, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /* This function will attempt to overwrite the requested extension with @@ -335,412 +368,456 @@ static int overwrite_extension(ASN1_TYPE asn, unsigned int indx, * * Critical will be either 0 or 1. */ -int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, - const char *ext_id, - const gnutls_datum_t * ext_data, - unsigned int critical) +int +_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, + const char *ext_id, + const gnutls_datum_t * ext_data, + unsigned int critical) { - int result; - int k, len; - char name[128], name2[128], counter[MAX_INT_DIGITS]; - char extnID[128]; - - /* Find the index of the given extension. - */ - k = 0; - do { - k++; - - _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); - _gnutls_int2str(k, counter); - _gnutls_str_cat(name, sizeof(name), counter); - - len = sizeof(extnID) - 1; - result = asn1_read_value(cert->cert, name, extnID, &len); - - /* move to next - */ - - if (result == ASN1_ELEMENT_NOT_FOUND) { - break; + int result; + int k, len; + char name[128], name2[128], counter[MAX_INT_DIGITS]; + char extnID[128]; + + /* Find the index of the given extension. + */ + k = 0; + do + { + k++; + + _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); + _gnutls_int2str (k, counter); + _gnutls_str_cat (name, sizeof (name), counter); + + len = sizeof (extnID) - 1; + result = asn1_read_value (cert->cert, name, extnID, &len); + + /* move to next + */ + + if (result == ASN1_ELEMENT_NOT_FOUND) + { + break; } - do { + do + { - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".extnID"); + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - len = sizeof(extnID) - 1; - result = asn1_read_value(cert->cert, name2, extnID, &len); + len = sizeof (extnID) - 1; + result = asn1_read_value (cert->cert, name2, extnID, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - break; - } else if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + break; + } + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* Handle Extension - */ - if (strcmp(extnID, ext_id) == 0) { - /* extension was found - */ - return overwrite_extension(cert->cert, k, ext_data, - critical); + /* Handle Extension + */ + if (strcmp (extnID, ext_id) == 0) + { + /* extension was found + */ + return overwrite_extension (cert->cert, k, ext_data, critical); } - } while (0); - } while (1); + } + while (0); + } + while (1); - if (result == ASN1_ELEMENT_NOT_FOUND) { - return set_extension(cert->cert, ext_id, ext_data, critical); - } else { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + { + return set_extension (cert->cert, ext_id, ext_data, critical); + } + else + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /* Here we only extract the KeyUsage field, from the DER encoded * extension. */ -int _gnutls_x509_ext_extract_keyUsage(uint16 * keyUsage, - opaque * extnValue, int extnValueLen) +int +_gnutls_x509_ext_extract_keyUsage (uint16 * keyUsage, + opaque * extnValue, int extnValueLen) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - int len, result; - uint8 str[2]; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + int len, result; + uint8 str[2]; - str[0] = str[1] = 0; - *keyUsage = 0; + str[0] = str[1] = 0; + *keyUsage = 0; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL); + result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - len = sizeof(str); - result = asn1_read_value(ext, "", str, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return 0; + len = sizeof (str); + result = asn1_read_value (ext, "", str, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return 0; } - *keyUsage = str[0] | (str[1] << 8); + *keyUsage = str[0] | (str[1] << 8); - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - return 0; + return 0; } /* extract the basicConstraints from the DER encoded extension */ -int _gnutls_x509_ext_extract_basicConstraints(int *CA, opaque * extnValue, - int extnValueLen) +int +_gnutls_x509_ext_extract_basicConstraints (int *CA, opaque * extnValue, + int extnValueLen) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - char str[128]; - int len, result; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + char str[128]; + int len, result; - *CA = 0; + *CA = 0; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.BasicConstraints", - &ext)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&ext, extnValue, extnValueLen, NULL); + result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - len = sizeof(str) - 1; - /* the default value of cA is false. - */ - result = asn1_read_value(ext, "cA", str, &len); - if (result != ASN1_SUCCESS) { - asn1_delete_structure(&ext); - return 0; + len = sizeof (str) - 1; + /* the default value of cA is false. + */ + result = asn1_read_value (ext, "cA", str, &len); + if (result != ASN1_SUCCESS) + { + asn1_delete_structure (&ext); + return 0; } - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - if (strcmp(str, "TRUE") == 0) - *CA = 1; - else - *CA = 0; + if (strcmp (str, "TRUE") == 0) + *CA = 1; + else + *CA = 0; - return 0; + return 0; } /* generate the basicConstraints in a DER encoded extension * Use 0 or 1 (TRUE) for CA. */ -int _gnutls_x509_ext_gen_basicConstraints(int CA, gnutls_datum_t * der_ext) +int +_gnutls_x509_ext_gen_basicConstraints (int CA, gnutls_datum_t * der_ext) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - const char *str; - int result; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + const char *str; + int result; - if (CA == 0) - str = "FALSE"; - else - str = "TRUE"; + if (CA == 0) + str = "FALSE"; + else + str = "TRUE"; - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.BasicConstraints", - &ext); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_create_element (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_write_value(ext, "cA", str, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, "cA", str, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - asn1_write_value(ext, "pathLenConstraint", NULL, 0); + asn1_write_value (ext, "pathLenConstraint", NULL, 0); - result = _gnutls_x509_der_encode(ext, "", der_ext, 0); + result = _gnutls_x509_der_encode (ext, "", der_ext, 0); - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /* generate the keyUsage in a DER encoded extension * Use an ORed SEQUENCE of GNUTLS_KEY_* for usage. */ -int _gnutls_x509_ext_gen_keyUsage(uint16 usage, gnutls_datum_t * der_ext) +int +_gnutls_x509_ext_gen_keyUsage (uint16 usage, gnutls_datum_t * der_ext) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - int result; - uint8 str[2]; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + int result; + uint8 str[2]; - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - str[0] = usage & 0xff; - str[1] = usage >> 8; + str[0] = usage & 0xff; + str[1] = usage >> 8; - result = asn1_write_value(ext, "", str, 9); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, "", str, 9); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - result = _gnutls_x509_der_encode(ext, "", der_ext, 0); + result = _gnutls_x509_der_encode (ext, "", der_ext, 0); - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } -static int write_new_general_name(ASN1_TYPE ext, const char *ext_name, - gnutls_x509_subject_alt_name_t type, - const char *data_string) +static int +write_new_general_name (ASN1_TYPE ext, const char *ext_name, + gnutls_x509_subject_alt_name_t type, + const char *data_string) { - const char *str; - int result; - char name[128]; + const char *str; + int result; + char name[128]; - result = asn1_write_value(ext, ext_name, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, ext_name, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - switch (type) { + switch (type) + { case GNUTLS_SAN_DNSNAME: - str = "dNSName"; - break; + str = "dNSName"; + break; case GNUTLS_SAN_RFC822NAME: - str = "rfc822Name"; - break; + str = "rfc822Name"; + break; case GNUTLS_SAN_URI: - str = "uniformResourceIdentifier"; - break; + str = "uniformResourceIdentifier"; + break; case GNUTLS_SAN_IPADDRESS: - str = "iPAddress"; - break; + str = "iPAddress"; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - if (ext_name[0] == 0) { /* no dot */ - _gnutls_str_cpy(name, sizeof(name), "?LAST"); - } else { - _gnutls_str_cpy(name, sizeof(name), ext_name); - _gnutls_str_cat(name, sizeof(name), ".?LAST"); + if (ext_name[0] == 0) + { /* no dot */ + _gnutls_str_cpy (name, sizeof (name), "?LAST"); + } + else + { + _gnutls_str_cpy (name, sizeof (name), ext_name); + _gnutls_str_cat (name, sizeof (name), ".?LAST"); } - result = asn1_write_value(ext, name, str, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, name, str, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cat(name, sizeof(name), "."); - _gnutls_str_cat(name, sizeof(name), str); + _gnutls_str_cat (name, sizeof (name), "."); + _gnutls_str_cat (name, sizeof (name), str); - result = asn1_write_value(ext, name, data_string, strlen(data_string)); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, name, data_string, strlen (data_string)); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - return 0; + return 0; } /* Convert the given name to GeneralNames in a DER encoded extension. * This is the same as subject alternative name. */ -int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t - type, const char *data_string, - gnutls_datum_t * der_ext) +int +_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t + type, const char *data_string, + gnutls_datum_t * der_ext) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - int result; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + int result; - result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.GeneralNames", - &ext); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_create_element (_gnutls_get_pkix (), "PKIX1.GeneralNames", &ext); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = write_new_general_name(ext, "", type, data_string); - if (result < 0) { - gnutls_assert(); - asn1_delete_structure(&ext); - return result; + result = write_new_general_name (ext, "", type, data_string); + if (result < 0) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return result; } - result = _gnutls_x509_der_encode(ext, "", der_ext, 0); + result = _gnutls_x509_der_encode (ext, "", der_ext, 0); - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /* generate the SubjectKeyID in a DER encoded extension */ -int _gnutls_x509_ext_gen_key_id(const void *id, size_t id_size, - gnutls_datum_t * der_ext) +int +_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, + gnutls_datum_t * der_ext) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - int result; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + int result; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.SubjectKeyIdentifier", &ext); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.SubjectKeyIdentifier", &ext); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_write_value(ext, "", id, id_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, "", id, id_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - result = _gnutls_x509_der_encode(ext, "", der_ext, 0); + result = _gnutls_x509_der_encode (ext, "", der_ext, 0); - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /* generate the AuthorityKeyID in a DER encoded extension */ -int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, - gnutls_datum_t * der_ext) +int +_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, + gnutls_datum_t * der_ext) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - int result; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + int result; - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.AuthorityKeyIdentifier", &ext); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.AuthorityKeyIdentifier", &ext); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_write_value(ext, "keyIdentifier", id, id_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&ext); - return _gnutls_asn2err(result); + result = asn1_write_value (ext, "keyIdentifier", id, id_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&ext); + return _gnutls_asn2err (result); } - asn1_write_value(ext, "authorityCertIssuer", NULL, 0); - asn1_write_value(ext, "authorityCertSerialNumber", NULL, 0); + asn1_write_value (ext, "authorityCertIssuer", NULL, 0); + asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0); - result = _gnutls_x509_der_encode(ext, "", der_ext, 0); + result = _gnutls_x509_der_encode (ext, "", der_ext, 0); - asn1_delete_structure(&ext); + asn1_delete_structure (&ext); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } @@ -749,95 +826,106 @@ int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*. * */ -int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t - type, const void *data_string, - unsigned int reason_flags, - gnutls_datum_t * der_ext) +int +_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags, + gnutls_datum_t * der_ext) { - ASN1_TYPE ext = ASN1_TYPE_EMPTY; - gnutls_datum_t gnames = { NULL, 0 }; - int result; - uint8 reasons[2]; - - reasons[0] = reason_flags & 0xff; - reasons[1] = reason_flags >> 8; - - result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.CRLDistributionPoints", &ext); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - result = asn1_write_value(ext, "", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if (reason_flags) { - result = asn1_write_value(ext, "?LAST.reasons", reasons, 9); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + ASN1_TYPE ext = ASN1_TYPE_EMPTY; + gnutls_datum_t gnames = { NULL, 0 }; + int result; + uint8 reasons[2]; + + reasons[0] = reason_flags & 0xff; + reasons[1] = reason_flags >> 8; + + result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.CRLDistributionPoints", &ext); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + result = asn1_write_value (ext, "", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if (reason_flags) + { + result = asn1_write_value (ext, "?LAST.reasons", reasons, 9); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - } else { - result = asn1_write_value(ext, "?LAST.reasons", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + } + else + { + result = asn1_write_value (ext, "?LAST.reasons", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } } - result = asn1_write_value(ext, "?LAST.cRLIssuer", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* When used as type CHOICE. - */ - result = - asn1_write_value(ext, "?LAST.distributionPoint", "fullName", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* When used as type CHOICE. + */ + result = asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } #if 0 - /* only needed in old code (where defined as SEQUENCE OF) */ - asn1_write_value(ext, - "?LAST.distributionPoint.nameRelativeToCRLIssuer", - NULL, 0); + /* only needed in old code (where defined as SEQUENCE OF) */ + asn1_write_value (ext, + "?LAST.distributionPoint.nameRelativeToCRLIssuer", + NULL, 0); #endif - result = - write_new_general_name(ext, "?LAST.distributionPoint.fullName", - type, data_string); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + write_new_general_name (ext, "?LAST.distributionPoint.fullName", + type, data_string); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_der_encode(ext, "", der_ext, 0); + result = _gnutls_x509_der_encode (ext, "", der_ext, 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = 0; + result = 0; - cleanup: - _gnutls_free_datum(&gnames); - asn1_delete_structure(&ext); +cleanup: + _gnutls_free_datum (&gnames); + asn1_delete_structure (&ext); - return result; + return result; } diff --git a/lib/x509/extensions.h b/lib/x509/extensions.h index 96fa52bf2b..13bf0b8177 100644 --- a/lib/x509/extensions.h +++ b/lib/x509/extensions.h @@ -22,35 +22,33 @@ * */ -int _gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert, - const char *extension_id, int indx, - gnutls_datum_t * ret, - unsigned int *critical); +int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert, + const char *extension_id, int indx, + gnutls_datum_t * ret, + unsigned int *critical); -int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, - int indx, void *ret, - size_t * ret_size); -int _gnutls_x509_ext_extract_keyUsage(uint16 * keyUsage, - opaque * extnValue, - int extnValueLen); -int _gnutls_x509_ext_extract_basicConstraints(int *CA, opaque * extnValue, - int extnValueLen); +int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, + int indx, void *ret, + size_t * ret_size); +int _gnutls_x509_ext_extract_keyUsage (uint16 * keyUsage, + opaque * extnValue, int extnValueLen); +int _gnutls_x509_ext_extract_basicConstraints (int *CA, opaque * extnValue, + int extnValueLen); -int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert, - const char *extension_id, - const gnutls_datum_t * ext_data, - unsigned int critical); -int _gnutls_x509_ext_gen_basicConstraints(int CA, +int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert, + const char *extension_id, + const gnutls_datum_t * ext_data, + unsigned int critical); +int _gnutls_x509_ext_gen_basicConstraints (int CA, gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_keyUsage (uint16 usage, gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t + type, const char *data_string, + gnutls_datum_t * der_ext); +int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags, gnutls_datum_t * der_ext); -int _gnutls_x509_ext_gen_keyUsage(uint16 usage, gnutls_datum_t * der_ext); -int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t - type, const char *data_string, - gnutls_datum_t * der_ext); -int _gnutls_x509_ext_gen_crl_dist_points(gnutls_x509_subject_alt_name_t - type, const void *data_string, - unsigned int reason_flags, - gnutls_datum_t * der_ext); -int _gnutls_x509_ext_gen_key_id(const void *id, size_t id_size, - gnutls_datum_t * der_data); -int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size, - gnutls_datum_t * der_data); +int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size, + gnutls_datum_t * der_data); +int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size, + gnutls_datum_t * der_data); diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 280aa794f5..4c891c4159 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -37,44 +37,49 @@ * extraction. This reads the BIT STRING subjectPublicKey. * Returns 2 parameters (m,e). */ -int _gnutls_x509_read_rsa_params(opaque * der, int dersize, mpi_t * params) +int +_gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk)) - != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&spk, der, dersize, NULL); + result = asn1_der_decoding (&spk, der, dersize, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&spk); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&spk); + return _gnutls_asn2err (result); } - if ((result = _gnutls_x509_read_int(spk, "modulus", ¶ms[0])) < 0) { - gnutls_assert(); - asn1_delete_structure(&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; + if ((result = _gnutls_x509_read_int (spk, "modulus", ¶ms[0])) < 0) + { + gnutls_assert (); + asn1_delete_structure (&spk); + return GNUTLS_E_ASN1_GENERIC_ERROR; } - if ((result = _gnutls_x509_read_int(spk, "publicExponent", - ¶ms[1])) < 0) { - gnutls_assert(); - _gnutls_mpi_release(¶ms[0]); - asn1_delete_structure(&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; + if ((result = _gnutls_x509_read_int (spk, "publicExponent", + ¶ms[1])) < 0) + { + gnutls_assert (); + _gnutls_mpi_release (¶ms[0]); + asn1_delete_structure (&spk); + return GNUTLS_E_ASN1_GENERIC_ERROR; } - asn1_delete_structure(&spk); + asn1_delete_structure (&spk); - return 0; + return 0; } @@ -83,60 +88,66 @@ int _gnutls_x509_read_rsa_params(opaque * der, int dersize, mpi_t * params) * from the certificate (subjectPublicKey BIT STRING). * params[0-2] */ -int _gnutls_x509_read_dsa_params(opaque * der, int dersize, mpi_t * params) +int +_gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&spk, der, dersize, NULL); + result = asn1_der_decoding (&spk, der, dersize, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&spk); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&spk); + return _gnutls_asn2err (result); } - /* FIXME: If the parameters are not included in the certificate - * then the issuer's parameters should be used. This is not - * done yet. - */ + /* FIXME: If the parameters are not included in the certificate + * then the issuer's parameters should be used. This is not + * done yet. + */ - /* Read p */ + /* Read p */ - if ((result = _gnutls_x509_read_int(spk, "p", ¶ms[0])) < 0) { - gnutls_assert(); - asn1_delete_structure(&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; + if ((result = _gnutls_x509_read_int (spk, "p", ¶ms[0])) < 0) + { + gnutls_assert (); + asn1_delete_structure (&spk); + return GNUTLS_E_ASN1_GENERIC_ERROR; } - /* Read q */ + /* Read q */ - if ((result = _gnutls_x509_read_int(spk, "q", ¶ms[1])) < 0) { - gnutls_assert(); - asn1_delete_structure(&spk); - _gnutls_mpi_release(¶ms[0]); - return GNUTLS_E_ASN1_GENERIC_ERROR; + if ((result = _gnutls_x509_read_int (spk, "q", ¶ms[1])) < 0) + { + gnutls_assert (); + asn1_delete_structure (&spk); + _gnutls_mpi_release (¶ms[0]); + return GNUTLS_E_ASN1_GENERIC_ERROR; } - /* Read g */ + /* Read g */ - if ((result = _gnutls_x509_read_int(spk, "g", ¶ms[2])) < 0) { - gnutls_assert(); - asn1_delete_structure(&spk); - _gnutls_mpi_release(¶ms[0]); - _gnutls_mpi_release(¶ms[1]); - return GNUTLS_E_ASN1_GENERIC_ERROR; + if ((result = _gnutls_x509_read_int (spk, "g", ¶ms[2])) < 0) + { + gnutls_assert (); + asn1_delete_structure (&spk); + _gnutls_mpi_release (¶ms[0]); + _gnutls_mpi_release (¶ms[1]); + return GNUTLS_E_ASN1_GENERIC_ERROR; } - asn1_delete_structure(&spk); + asn1_delete_structure (&spk); - return 0; + return 0; } @@ -144,133 +155,146 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, mpi_t * params) * from the certificate * only sets params[3] */ -int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, mpi_t * params) +int +_gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", - &spk)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", + &spk)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&spk, der, dersize, NULL); + result = asn1_der_decoding (&spk, der, dersize, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&spk); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&spk); + return _gnutls_asn2err (result); } - /* Read Y */ + /* Read Y */ - if ((result = _gnutls_x509_read_int(spk, "", ¶ms[3])) < 0) { - gnutls_assert(); - asn1_delete_structure(&spk); - return _gnutls_asn2err(result); + if ((result = _gnutls_x509_read_int (spk, "", ¶ms[3])) < 0) + { + gnutls_assert (); + asn1_delete_structure (&spk); + return _gnutls_asn2err (result); } - asn1_delete_structure(&spk); + asn1_delete_structure (&spk); - return 0; + return 0; } /* Extracts DSA and RSA parameters from a certificate. */ -int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, - mpi_t * params, int *params_size) +int +_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, + mpi_t * params, int *params_size) { - int len, result; - opaque str[5 * 1024]; - int pk_algorithm; - - /* Read the algorithm's OID - */ - pk_algorithm = gnutls_x509_crt_get_pk_algorithm(cert, NULL); - - /* Read the algorithm's parameters - */ - len = sizeof(str); - result = asn1_read_value(cert->cert, - "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", - str, &len); - len /= 8; - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - switch (pk_algorithm) { + int len, result; + opaque str[5 * 1024]; + int pk_algorithm; + + /* Read the algorithm's OID + */ + pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL); + + /* Read the algorithm's parameters + */ + len = sizeof (str); + result = asn1_read_value (cert->cert, + "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", + str, &len); + len /= 8; + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + switch (pk_algorithm) + { case GNUTLS_PK_RSA: - /* params[0] is the modulus, - * params[1] is the exponent - */ - if (*params_size < RSA_PUBLIC_PARAMS) { - gnutls_assert(); - /* internal error. Increase the mpi_ts in params */ - return GNUTLS_E_INTERNAL_ERROR; + /* params[0] is the modulus, + * params[1] is the exponent + */ + if (*params_size < RSA_PUBLIC_PARAMS) + { + gnutls_assert (); + /* internal error. Increase the mpi_ts in params */ + return GNUTLS_E_INTERNAL_ERROR; } - if ((result = _gnutls_x509_read_rsa_params(str, len, params)) < 0) { - gnutls_assert(); - return result; + if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0) + { + gnutls_assert (); + return result; } - *params_size = RSA_PUBLIC_PARAMS; + *params_size = RSA_PUBLIC_PARAMS; - return 0; - break; + return 0; + break; case GNUTLS_PK_DSA: - /* params[0] is p, - * params[1] is q, - * params[2] is q, - * params[3] is pub. - */ - - if (*params_size < DSA_PUBLIC_PARAMS) { - gnutls_assert(); - /* internal error. Increase the mpi_ts in params */ - return GNUTLS_E_INTERNAL_ERROR; + /* params[0] is p, + * params[1] is q, + * params[2] is q, + * params[3] is pub. + */ + + if (*params_size < DSA_PUBLIC_PARAMS) + { + gnutls_assert (); + /* internal error. Increase the mpi_ts in params */ + return GNUTLS_E_INTERNAL_ERROR; } - if ((result = _gnutls_x509_read_dsa_pubkey(str, len, params)) < 0) { - gnutls_assert(); - return result; + if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0) + { + gnutls_assert (); + return result; } - /* Now read the parameters - */ + /* Now read the parameters + */ - len = sizeof(str); - result = asn1_read_value(cert->cert, - "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters", - str, &len); + len = sizeof (str); + result = asn1_read_value (cert->cert, + "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters", + str, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if ((result = _gnutls_x509_read_dsa_params(str, len, params)) < 0) { - gnutls_assert(); - return result; + if ((result = _gnutls_x509_read_dsa_params (str, len, params)) < 0) + { + gnutls_assert (); + return result; } - *params_size = DSA_PUBLIC_PARAMS; + *params_size = DSA_PUBLIC_PARAMS; - return 0; - break; + return 0; + break; default: - /* other types like DH - * currently not supported - */ - gnutls_assert(); + /* other types like DH + * currently not supported + */ + gnutls_assert (); - return GNUTLS_E_X509_CERTIFICATE_ERROR; + return GNUTLS_E_X509_CERTIFICATE_ERROR; } } @@ -281,116 +305,132 @@ int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, * * Allocates the space used to store the DER data. */ -int _gnutls_x509_write_rsa_params(mpi_t * params, int params_size, - gnutls_datum_t * der) +int +_gnutls_x509_write_rsa_params (mpi_t * params, int params_size, + gnutls_datum_t * der) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - der->data = NULL; - der->size = 0; + der->data = NULL; + der->size = 0; - if (params_size < 2) { - gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; - goto cleanup; + if (params_size < 2) + { + gnutls_assert (); + result = GNUTLS_E_INVALID_REQUEST; + goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk)) - != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = _gnutls_x509_write_int(spk, "modulus", params[0], 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_write_int (spk, "modulus", params[0], 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_write_int(spk, "publicExponent", params[1], 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_der_encode(spk, "", der, 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_der_encode (spk, "", der, 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&spk); - return 0; + asn1_delete_structure (&spk); + return 0; - cleanup: - asn1_delete_structure(&spk); +cleanup: + asn1_delete_structure (&spk); - return result; + return result; } /* * This function writes and encodes the parameters for DSS or RSA keys. * This is the "signatureAlgorithm" fields. */ -int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name, - gnutls_pk_algorithm_t pk_algorithm, gnutls_digest_algorithm_t dig, - mpi_t * params, int params_size) +int +_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, + gnutls_pk_algorithm_t pk_algorithm, + gnutls_digest_algorithm_t dig, mpi_t * params, + int params_size) { - gnutls_datum_t der; - int result; - char name[128]; - const char *pk; + gnutls_datum_t der; + int result; + char name[128]; + const char *pk; - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".algorithm"); + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".algorithm"); - pk = _gnutls_x509_sign_to_oid(pk_algorithm, HASH2MAC(dig)); - if (pk == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + pk = _gnutls_x509_sign_to_oid (pk_algorithm, HASH2MAC (dig)); + if (pk == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* write the OID. - */ - result = asn1_write_value(dst, name, pk, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* write the OID. + */ + result = asn1_write_value (dst, name, pk, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cpy(name, sizeof(name), dst_name); - _gnutls_str_cat(name, sizeof(name), ".parameters"); + _gnutls_str_cpy (name, sizeof (name), dst_name); + _gnutls_str_cat (name, sizeof (name), ".parameters"); - if (pk_algorithm == GNUTLS_PK_DSA) { - result = _gnutls_x509_write_dsa_params(params, params_size, &der); - if (result < 0) { - gnutls_assert(); - return result; + if (pk_algorithm == GNUTLS_PK_DSA) + { + result = _gnutls_x509_write_dsa_params (params, params_size, &der); + if (result < 0) + { + gnutls_assert (); + return result; } - result = asn1_write_value(dst, name, der.data, der.size); - _gnutls_free_datum(&der); + result = asn1_write_value (dst, name, der.data, der.size); + _gnutls_free_datum (&der); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - } else { /* RSA */ - result = asn1_write_value(dst, name, NULL, 0); - - if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { - /* Here we ignore the element not found error, since this - * may have been disabled before. - */ - gnutls_assert(); - return _gnutls_asn2err(result); + } + else + { /* RSA */ + result = asn1_write_value (dst, name, NULL, 0); + + if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) + { + /* Here we ignore the element not found error, since this + * may have been disabled before. + */ + gnutls_assert (); + return _gnutls_asn2err (result); } } - return 0; + return 0; } /* @@ -399,58 +439,65 @@ int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name, * * Allocates the space used to store the DER data. */ -int _gnutls_x509_write_dsa_params(mpi_t * params, int params_size, - gnutls_datum_t * der) +int +_gnutls_x509_write_dsa_params (mpi_t * params, int params_size, + gnutls_datum_t * der) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - der->data = NULL; - der->size = 0; + der->data = NULL; + der->size = 0; - if (params_size < 3) { - gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; - goto cleanup; + if (params_size < 3) + { + gnutls_assert (); + result = GNUTLS_E_INVALID_REQUEST; + goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAParameters", &spk)) - != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.DSAParameters", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = _gnutls_x509_write_int(spk, "p", params[0], 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_write_int (spk, "p", params[0], 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_write_int(spk, "q", params[1], 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_write_int (spk, "q", params[1], 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_write_int(spk, "g", params[2], 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_write_int (spk, "g", params[2], 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_der_encode(spk, "", der, 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_der_encode (spk, "", der, 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&spk); - return 0; + asn1_delete_structure (&spk); + return 0; - cleanup: - asn1_delete_structure(&spk); - return result; +cleanup: + asn1_delete_structure (&spk); + return result; } /* @@ -459,46 +506,51 @@ int _gnutls_x509_write_dsa_params(mpi_t * params, int params_size, * * Allocates the space used to store the DER data. */ -int _gnutls_x509_write_dsa_public_key(mpi_t * params, int params_size, - gnutls_datum_t * der) +int +_gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, + gnutls_datum_t * der) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - der->data = NULL; - der->size = 0; + der->data = NULL; + der->size = 0; - if (params_size < 3) { - gnutls_assert(); - result = GNUTLS_E_INVALID_REQUEST; - goto cleanup; + if (params_size < 3) + { + gnutls_assert (); + result = GNUTLS_E_INVALID_REQUEST; + goto cleanup; } - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk)) - != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk)) + != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = _gnutls_x509_write_int(spk, "", params[3], 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_write_int (spk, "", params[3], 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_der_encode(spk, "", der, 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_der_encode (spk, "", der, 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&spk); - return 0; + asn1_delete_structure (&spk); + return 0; - cleanup: - asn1_delete_structure(&spk); - return result; +cleanup: + asn1_delete_structure (&spk); + return result; } @@ -506,66 +558,71 @@ int _gnutls_x509_write_dsa_public_key(mpi_t * params, int params_size, * from asn1 structs. Combines the read and the convertion * steps. */ -int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value, - unsigned int *ret) +int +_gnutls_x509_read_uint (ASN1_TYPE node, const char *value, unsigned int *ret) { - int len, result; - opaque *tmpstr; + int len, result; + opaque *tmpstr; - len = 0; - result = asn1_read_value(node, value, NULL, &len); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - return _gnutls_asn2err(result); + len = 0; + result = asn1_read_value (node, value, NULL, &len); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - tmpstr = gnutls_alloca(len); - if (tmpstr == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + tmpstr = gnutls_alloca (len); + if (tmpstr == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - result = asn1_read_value(node, value, tmpstr, &len); + result = asn1_read_value (node, value, tmpstr, &len); - gnutls_afree(tmpstr); + gnutls_afree (tmpstr); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if (len == 1) - *ret = tmpstr[0]; - else if (len == 2) - *ret = _gnutls_read_uint16(tmpstr); - else if (len == 3) - *ret = _gnutls_read_uint24(tmpstr); - else if (len == 4) - *ret = _gnutls_read_uint32(tmpstr); - else { - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + if (len == 1) + *ret = tmpstr[0]; + else if (len == 2) + *ret = _gnutls_read_uint16 (tmpstr); + else if (len == 3) + *ret = _gnutls_read_uint24 (tmpstr); + else if (len == 4) + *ret = _gnutls_read_uint32 (tmpstr); + else + { + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } - return 0; + return 0; } /* Writes the specified integer into the specified node. */ -int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value, - uint32 num) +int +_gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, uint32 num) { - opaque tmpstr[4]; - int result; + opaque tmpstr[4]; + int result; - _gnutls_write_uint32(num, tmpstr); + _gnutls_write_uint32 (num, tmpstr); - result = asn1_write_value(node, value, tmpstr, 4); + result = asn1_write_value (node, value, tmpstr, 4); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } diff --git a/lib/x509/mpi.h b/lib/x509/mpi.h index af5c0eb3eb..2244aa62d4 100644 --- a/lib/x509/mpi.h +++ b/lib/x509/mpi.h @@ -25,31 +25,29 @@ #include <gnutls_int.h> #include "x509.h" -int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, - mpi_t * params, int *params_size); -int _gnutls_x509_read_rsa_params(opaque * der, int dersize, - mpi_t * params); -int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, - mpi_t * params); -int _gnutls_x509_read_dsa_params(opaque * der, int dersize, - mpi_t * params); +int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, + mpi_t * params, int *params_size); +int _gnutls_x509_read_rsa_params (opaque * der, int dersize, mpi_t * params); +int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, mpi_t * params); +int _gnutls_x509_read_dsa_params (opaque * der, int dersize, mpi_t * params); -int _gnutls_x509_write_rsa_params(mpi_t * params, int params_size, - gnutls_datum_t * der); -int _gnutls_x509_write_dsa_params(mpi_t * params, int params_size, - gnutls_datum_t * der); -int _gnutls_x509_write_dsa_public_key(mpi_t * params, int params_size, - gnutls_datum_t * der); +int _gnutls_x509_write_rsa_params (mpi_t * params, int params_size, + gnutls_datum_t * der); +int _gnutls_x509_write_dsa_params (mpi_t * params, int params_size, + gnutls_datum_t * der); +int _gnutls_x509_write_dsa_public_key (mpi_t * params, int params_size, + gnutls_datum_t * der); -int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value, - unsigned int *ret); +int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value, + unsigned int *ret); -int _gnutls_x509_read_int(ASN1_TYPE node, const char *value, - mpi_t * ret_mpi); -int _gnutls_x509_write_int(ASN1_TYPE node, const char *value, mpi_t mpi, - int lz); -int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value, uint32 num); +int _gnutls_x509_read_int (ASN1_TYPE node, const char *value, + mpi_t * ret_mpi); +int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, mpi_t mpi, + int lz); +int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, uint32 num); -int _gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name, - gnutls_pk_algorithm_t pk_algorithm, gnutls_digest_algorithm_t, - mpi_t * params, int params_size); +int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, + gnutls_pk_algorithm_t pk_algorithm, + gnutls_digest_algorithm_t, mpi_t * params, + int params_size); diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index d71716316d..78de1c24c1 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -45,74 +45,82 @@ /* Decodes the PKCS #12 auth_safe, and returns the allocated raw data, * which holds them. Returns an ASN1_TYPE of authenticatedSafe. */ -static -int _decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, - gnutls_datum_t * raw) +static int +_decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, + gnutls_datum_t * raw) { - char oid[128]; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - gnutls_datum_t auth_safe = { NULL, 0 }; - int tmp_size, len, result; - - len = sizeof(oid) - 1; - result = asn1_read_value(pkcs12, "authSafe.contentType", oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + char oid[128]; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + gnutls_datum_t auth_safe = { NULL, 0 }; + int tmp_size, len, result; + + len = sizeof (oid) - 1; + result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if (strcmp(oid, DATA_OID) != 0) { - gnutls_assert(); - _gnutls_x509_log("Unknown PKCS12 Content OID '%s'\n", oid); - return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; + if (strcmp (oid, DATA_OID) != 0) + { + gnutls_assert (); + _gnutls_x509_log ("Unknown PKCS12 Content OID '%s'\n", oid); + return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; } - /* Step 1. Read the content data - */ + /* Step 1. Read the content data + */ - tmp_size = 0; - result = - _gnutls_x509_read_value(pkcs12, "authSafe.content", &auth_safe, 1); - if (result < 0) { - gnutls_assert(); - goto cleanup; + tmp_size = 0; + result = + _gnutls_x509_read_value (pkcs12, "authSafe.content", &auth_safe, 1); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - /* Step 2. Extract the authenticatedSafe. - */ + /* Step 2. Extract the authenticatedSafe. + */ - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_der_decoding(&c2, auth_safe.data, auth_safe.size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_der_decoding (&c2, auth_safe.data, auth_safe.size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (raw == NULL) { - _gnutls_free_datum(&auth_safe); - } else { - raw->data = auth_safe.data; - raw->size = auth_safe.size; + if (raw == NULL) + { + _gnutls_free_datum (&auth_safe); + } + else + { + raw->data = auth_safe.data; + raw->size = auth_safe.size; } - if (authen_safe) - *authen_safe = c2; + if (authen_safe) + *authen_safe = c2; - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - _gnutls_free_datum(&auth_safe); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + _gnutls_free_datum (&auth_safe); + return result; } /** @@ -126,21 +134,25 @@ int _decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe, * Returns 0 on success. * **/ -int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12) +int +gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12) { - *pkcs12 = gnutls_calloc(1, sizeof(gnutls_pkcs12_int)); - - if (*pkcs12) { - int result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-PFX", &(*pkcs12)->pkcs12); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free(*pkcs12); - return _gnutls_asn2err(result); + *pkcs12 = gnutls_calloc (1, sizeof (gnutls_pkcs12_int)); + + if (*pkcs12) + { + int result = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-PFX", + &(*pkcs12)->pkcs12); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (*pkcs12); + return _gnutls_asn2err (result); } - return 0; /* success */ + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /** @@ -150,15 +162,16 @@ int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12) * This function will deinitialize a PKCS12 structure. * **/ -void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12) +void +gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12) { - if (!pkcs12) - return; + if (!pkcs12) + return; - if (pkcs12->pkcs12) - asn1_delete_structure(&pkcs12->pkcs12); + if (pkcs12->pkcs12) + asn1_delete_structure (&pkcs12->pkcs12); - gnutls_free(pkcs12); + gnutls_free (pkcs12); } /** @@ -176,59 +189,63 @@ void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12) * Returns 0 on success. * **/ -int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags) +int +gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags) { - int result = 0, need_free = 0; - gnutls_datum_t _data; + int result = 0, need_free = 0; + gnutls_datum_t _data; - _data.data = data->data; - _data.size = data->size; + _data.data = data->data; + _data.size = data->size; - if (pkcs12 == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (pkcs12 == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* If the PKCS12 is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; - - result = _gnutls_fbase64_decode(PEM_PKCS12, data->data, data->size, - &out); - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + /* If the PKCS12 is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; + + result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size, + &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - result = - asn1_der_decoding(&pkcs12->pkcs12, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + result = asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - if (need_free) - _gnutls_free_datum(&_data); + if (need_free) + _gnutls_free_datum (&_data); - return 0; + return 0; - cleanup: - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + if (need_free) + _gnutls_free_datum (&_data); + return result; } @@ -253,282 +270,311 @@ int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, * returned, and 0 on success. * **/ -int gnutls_pkcs12_export(gnutls_pkcs12_t pkcs12, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +int +gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - if (pkcs12 == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (pkcs12 == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(pkcs12->pkcs12, format, PEM_PKCS12, - *output_data_size, output_data, - output_data_size); + return _gnutls_x509_export_int (pkcs12->pkcs12, format, PEM_PKCS12, + *output_data_size, output_data, + output_data_size); } -static int oid2bag(const char *oid) +static int +oid2bag (const char *oid) { - if (strcmp(oid, BAG_PKCS8_KEY) == 0) - return GNUTLS_BAG_PKCS8_KEY; - if (strcmp(oid, BAG_PKCS8_ENCRYPTED_KEY) == 0) - return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY; - if (strcmp(oid, BAG_CERTIFICATE) == 0) - return GNUTLS_BAG_CERTIFICATE; - if (strcmp(oid, BAG_CRL) == 0) - return GNUTLS_BAG_CRL; - - return GNUTLS_BAG_UNKNOWN; + if (strcmp (oid, BAG_PKCS8_KEY) == 0) + return GNUTLS_BAG_PKCS8_KEY; + if (strcmp (oid, BAG_PKCS8_ENCRYPTED_KEY) == 0) + return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY; + if (strcmp (oid, BAG_CERTIFICATE) == 0) + return GNUTLS_BAG_CERTIFICATE; + if (strcmp (oid, BAG_CRL) == 0) + return GNUTLS_BAG_CRL; + + return GNUTLS_BAG_UNKNOWN; } -static const char *bag_to_oid(int bag) +static const char * +bag_to_oid (int bag) { - switch (bag) { + switch (bag) + { case GNUTLS_BAG_PKCS8_KEY: - return BAG_PKCS8_KEY; + return BAG_PKCS8_KEY; case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: - return BAG_PKCS8_ENCRYPTED_KEY; + return BAG_PKCS8_ENCRYPTED_KEY; case GNUTLS_BAG_CERTIFICATE: - return BAG_CERTIFICATE; + return BAG_CERTIFICATE; case GNUTLS_BAG_CRL: - return BAG_CRL; + return BAG_CRL; } - return NULL; + return NULL; } -static inline char *ucs2_to_ascii(char *data, int size) +static inline char * +ucs2_to_ascii (char *data, int size) { - int i, j; - - for (i = 0; i < size / 2; i++) { - j = 2*i + 1; - if (isascii(data[j])) - data[i] = data[i * 2 + 1]; - else - data[i] = '?'; + int i, j; + + for (i = 0; i < size / 2; i++) + { + j = 2 * i + 1; + if (isascii (data[j])) + data[i] = data[i * 2 + 1]; + else + data[i] = '?'; } - data[i] = 0; + data[i] = 0; - return data; + return data; } /* Decodes the SafeContents, and puts the output in * the given bag. */ int -_pkcs12_decode_safe_contents(const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag) +_pkcs12_decode_safe_contents (const gnutls_datum_t * content, + gnutls_pkcs12_bag_t bag) { - char oid[128], root[128]; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int len, result; - int bag_type; - gnutls_datum_t attr_val; - int count = 0, i, attributes, j; - char counter[MAX_INT_DIGITS]; - size_t size; - - /* Step 1. Extract the SEQUENCE. - */ - - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + char oid[128], root[128]; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int len, result; + int bag_type; + gnutls_datum_t attr_val; + int count = 0, i, attributes, j; + char counter[MAX_INT_DIGITS]; + size_t size; + + /* Step 1. Extract the SEQUENCE. + */ + + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_der_decoding(&c2, content->data, content->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_der_decoding (&c2, content->data, content->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Count the number of bags - */ - result = asn1_number_of_elements(c2, "", &count); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Count the number of bags + */ + result = asn1_number_of_elements (c2, "", &count); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - bag->bag_elements = MIN(MAX_BAG_ELEMENTS, count); + bag->bag_elements = MIN (MAX_BAG_ELEMENTS, count); - for (i = 0; i < bag->bag_elements; i++) { + for (i = 0; i < bag->bag_elements; i++) + { - _gnutls_str_cpy(root, sizeof(root), "?"); - _gnutls_int2str(i + 1, counter); - _gnutls_str_cat(root, sizeof(root), counter); - _gnutls_str_cat(root, sizeof(root), ".bagId"); + _gnutls_str_cpy (root, sizeof (root), "?"); + _gnutls_int2str (i + 1, counter); + _gnutls_str_cat (root, sizeof (root), counter); + _gnutls_str_cat (root, sizeof (root), ".bagId"); - len = sizeof(oid); - result = asn1_read_value(c2, root, oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + len = sizeof (oid); + result = asn1_read_value (c2, root, oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Read the Bag type - */ - bag_type = oid2bag(oid); + /* Read the Bag type + */ + bag_type = oid2bag (oid); - if (bag_type < 0) { - gnutls_assert(); - goto cleanup; + if (bag_type < 0) + { + gnutls_assert (); + goto cleanup; } - /* Read the Bag Value - */ + /* Read the Bag Value + */ - _gnutls_str_cpy(root, sizeof(root), "?"); - _gnutls_int2str(i + 1, counter); - _gnutls_str_cat(root, sizeof(root), counter); - _gnutls_str_cat(root, sizeof(root), ".bagValue"); + _gnutls_str_cpy (root, sizeof (root), "?"); + _gnutls_int2str (i + 1, counter); + _gnutls_str_cat (root, sizeof (root), counter); + _gnutls_str_cat (root, sizeof (root), ".bagValue"); - result = - _gnutls_x509_read_value(c2, root, &bag->element[i].data, 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_read_value (c2, root, &bag->element[i].data, 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - if (bag_type == GNUTLS_BAG_CERTIFICATE || - bag_type == GNUTLS_BAG_CRL) { - gnutls_datum_t tmp = bag->element[i].data; + if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL) + { + gnutls_datum_t tmp = bag->element[i].data; - result = - _pkcs12_decode_crt_bag(bag_type, &tmp, - &bag->element[i].data); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - _gnutls_free_datum(&tmp); + _gnutls_free_datum (&tmp); } - /* read the bag attributes - */ - _gnutls_str_cpy(root, sizeof(root), "?"); - _gnutls_int2str(i + 1, counter); - _gnutls_str_cat(root, sizeof(root), counter); - _gnutls_str_cat(root, sizeof(root), ".bagAttributes"); - - result = asn1_number_of_elements(c2, root, &attributes); - if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* read the bag attributes + */ + _gnutls_str_cpy (root, sizeof (root), "?"); + _gnutls_int2str (i + 1, counter); + _gnutls_str_cat (root, sizeof (root), counter); + _gnutls_str_cat (root, sizeof (root), ".bagAttributes"); + + result = asn1_number_of_elements (c2, root, &attributes); + if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (attributes < 0) - attributes = 1; + if (attributes < 0) + attributes = 1; - if (result != ASN1_ELEMENT_NOT_FOUND) - for (j = 0; j < attributes; j++) { + if (result != ASN1_ELEMENT_NOT_FOUND) + for (j = 0; j < attributes; j++) + { - _gnutls_str_cpy(root, sizeof(root), "?"); - _gnutls_int2str(i + 1, counter); - _gnutls_str_cat(root, sizeof(root), counter); - _gnutls_str_cat(root, sizeof(root), ".bagAttributes.?"); - _gnutls_int2str(j + 1, counter); - _gnutls_str_cat(root, sizeof(root), counter); + _gnutls_str_cpy (root, sizeof (root), "?"); + _gnutls_int2str (i + 1, counter); + _gnutls_str_cat (root, sizeof (root), counter); + _gnutls_str_cat (root, sizeof (root), ".bagAttributes.?"); + _gnutls_int2str (j + 1, counter); + _gnutls_str_cat (root, sizeof (root), counter); - result = - _gnutls_x509_decode_and_read_attribute(c2, root, oid, - sizeof(oid), &attr_val, 1, 0); - - if (result < 0) { - gnutls_assert(); - continue; /* continue in case we find some known attributes */ - } - - if (strcmp(oid, KEY_ID_OID) == 0) { - size = attr_val.size; - - result = _gnutls_x509_decode_octet_string( NULL, attr_val.data, size, - attr_val.data, &size); - attr_val.size = size; - if (result < 0) { - _gnutls_free_datum( &attr_val); - gnutls_assert(); - _gnutls_x509_log - ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); - continue; - } - bag->element[i].local_key_id = attr_val; - } else if (strcmp(oid, FRIENDLY_NAME_OID) == 0) { - size = attr_val.size; - result = _gnutls_x509_decode_octet_string( "BMPString", attr_val.data, size, - attr_val.data, &size); - attr_val.size = size; - if (result < 0) { - _gnutls_free_datum( &attr_val); - gnutls_assert(); - _gnutls_x509_log - ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); - continue; - } - bag->element[i].friendly_name = - ucs2_to_ascii(attr_val.data, attr_val.size); - } else { - _gnutls_free_datum( &attr_val); - _gnutls_x509_log - ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid); - } - } + result = + _gnutls_x509_decode_and_read_attribute (c2, root, oid, + sizeof (oid), &attr_val, + 1, 0); + + if (result < 0) + { + gnutls_assert (); + continue; /* continue in case we find some known attributes */ + } + if (strcmp (oid, KEY_ID_OID) == 0) + { + size = attr_val.size; - bag->element[i].type = bag_type; + result = + _gnutls_x509_decode_octet_string (NULL, attr_val.data, size, + attr_val.data, &size); + attr_val.size = size; + if (result < 0) + { + _gnutls_free_datum (&attr_val); + gnutls_assert (); + _gnutls_x509_log + ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); + continue; + } + bag->element[i].local_key_id = attr_val; + } + else if (strcmp (oid, FRIENDLY_NAME_OID) == 0) + { + size = attr_val.size; + result = + _gnutls_x509_decode_octet_string ("BMPString", + attr_val.data, size, + attr_val.data, &size); + attr_val.size = size; + if (result < 0) + { + _gnutls_free_datum (&attr_val); + gnutls_assert (); + _gnutls_x509_log + ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid); + continue; + } + bag->element[i].friendly_name = + ucs2_to_ascii (attr_val.data, attr_val.size); + } + else + { + _gnutls_free_datum (&attr_val); + _gnutls_x509_log + ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid); + } + } + + + bag->element[i].type = bag_type; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + return result; } -static -int _parse_safe_contents(ASN1_TYPE sc, const char *sc_name, - gnutls_pkcs12_bag_t bag) +static int +_parse_safe_contents (ASN1_TYPE sc, const char *sc_name, + gnutls_pkcs12_bag_t bag) { - gnutls_datum_t content = { NULL, 0 }; - int result; + gnutls_datum_t content = { NULL, 0 }; + int result; - /* Step 1. Extract the content. - */ + /* Step 1. Extract the content. + */ - result = _gnutls_x509_read_value(sc, sc_name, &content, 1); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_read_value (sc, sc_name, &content, 1); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _pkcs12_decode_safe_contents(&content, bag); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _pkcs12_decode_safe_contents (&content, bag); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - _gnutls_free_datum(&content); + _gnutls_free_datum (&content); - return 0; + return 0; - cleanup: - _gnutls_free_datum(&content); - return result; +cleanup: + _gnutls_free_datum (&content); + return result; } @@ -545,137 +591,148 @@ int _parse_safe_contents(ASN1_TYPE sc, const char *sc_name, * will be returned. * **/ -int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag) +int +gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, + int indx, gnutls_pkcs12_bag_t bag) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, len; - char root2[64]; - char oid[128]; - char counter[MAX_INT_DIGITS]; - gnutls_datum_t tmp = { NULL, 0 }; - - if (pkcs12 == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, len; + char root2[64]; + char oid[128]; + char counter[MAX_INT_DIGITS]; + gnutls_datum_t tmp = { NULL, 0 }; + + if (pkcs12 == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Step 1. decode the data. - */ - result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 1. decode the data. + */ + result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Parse the AuthenticatedSafe - */ + /* Step 2. Parse the AuthenticatedSafe + */ - _gnutls_str_cpy(root2, sizeof(root2), "?"); - _gnutls_int2str(indx + 1, counter); - _gnutls_str_cat(root2, sizeof(root2), counter); - _gnutls_str_cat(root2, sizeof(root2), ".contentType"); + _gnutls_str_cpy (root2, sizeof (root2), "?"); + _gnutls_int2str (indx + 1, counter); + _gnutls_str_cat (root2, sizeof (root2), counter); + _gnutls_str_cat (root2, sizeof (root2), ".contentType"); - len = sizeof(oid) - 1; + len = sizeof (oid) - 1; - result = asn1_read_value(c2, root2, oid, &len); + result = asn1_read_value (c2, root2, oid, &len); - if (result == ASN1_ELEMENT_NOT_FOUND) { - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - goto cleanup; + if (result == ASN1_ELEMENT_NOT_FOUND) + { + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + goto cleanup; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Not encrypted Bag - */ + /* Not encrypted Bag + */ - _gnutls_str_cpy(root2, sizeof(root2), "?"); - _gnutls_int2str(indx + 1, counter); - _gnutls_str_cat(root2, sizeof(root2), counter); - _gnutls_str_cat(root2, sizeof(root2), ".content"); + _gnutls_str_cpy (root2, sizeof (root2), "?"); + _gnutls_int2str (indx + 1, counter); + _gnutls_str_cat (root2, sizeof (root2), counter); + _gnutls_str_cat (root2, sizeof (root2), ".content"); - if (strcmp(oid, DATA_OID) == 0) { - result = _parse_safe_contents(c2, root2, bag); - goto cleanup; + if (strcmp (oid, DATA_OID) == 0) + { + result = _parse_safe_contents (c2, root2, bag); + goto cleanup; } - /* ENC_DATA_OID needs decryption */ + /* ENC_DATA_OID needs decryption */ - bag->element[0].type = GNUTLS_BAG_ENCRYPTED; - bag->bag_elements = 1; + bag->element[0].type = GNUTLS_BAG_ENCRYPTED; + bag->bag_elements = 1; - result = _gnutls_x509_read_value(c2, root2, &bag->element[0].data, 0); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_read_value (c2, root2, &bag->element[0].data, 0); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; - cleanup: - _gnutls_free_datum(&tmp); - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + _gnutls_free_datum (&tmp); + if (c2) + asn1_delete_structure (&c2); + return result; } /* Creates an empty PFX structure for the PKCS12 structure. */ -static int create_empty_pfx(ASN1_TYPE pkcs12) +static int +create_empty_pfx (ASN1_TYPE pkcs12) { - uint8 three = 3; - int result; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - /* Use version 3 - */ - result = asn1_write_value(pkcs12, "version", &three, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + uint8 three = 3; + int result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + /* Use version 3 + */ + result = asn1_write_value (pkcs12, "version", &three, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Write the content type of the data - */ - result = asn1_write_value(pkcs12, "authSafe.contentType", DATA_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Write the content type of the data + */ + result = asn1_write_value (pkcs12, "authSafe.contentType", DATA_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Check if the authenticatedSafe content is empty, and encode a - * null one in that case. - */ - - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Check if the authenticatedSafe content is empty, and encode a + * null one in that case. + */ + + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs12, - "authSafe.content", 1); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _gnutls_x509_der_encode_and_copy (c2, "", pkcs12, "authSafe.content", 1); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - asn1_delete_structure(&c2); - return result; +cleanup: + asn1_delete_structure (&c2); + return result; } @@ -688,114 +745,126 @@ static int create_empty_pfx(ASN1_TYPE pkcs12) * Returns 0 on success. * **/ -int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) +int +gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; - int result; - int enc = 0, dum = 1; - char null; - - if (pkcs12 == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; + int result; + int enc = 0, dum = 1; + char null; + + if (pkcs12 == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Step 1. Check if the pkcs12 structure is empty. In that - * case generate an empty PFX. - */ - result = - asn1_read_value(pkcs12->pkcs12, "authSafe.content", &null, &dum); - if (result == ASN1_VALUE_NOT_FOUND) { - result = create_empty_pfx(pkcs12->pkcs12); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 1. Check if the pkcs12 structure is empty. In that + * case generate an empty PFX. + */ + result = asn1_read_value (pkcs12->pkcs12, "authSafe.content", &null, &dum); + if (result == ASN1_VALUE_NOT_FOUND) + { + result = create_empty_pfx (pkcs12->pkcs12); + if (result < 0) + { + gnutls_assert (); + return result; } } - /* Step 2. decode the authenticatedSafe. - */ - result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, &c2, NULL); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 2. decode the authenticatedSafe. + */ + result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 3. Encode the bag elements into a SafeContents - * structure. - */ - result = _pkcs12_encode_safe_contents(bag, &safe_cont, &enc); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 3. Encode the bag elements into a SafeContents + * structure. + */ + result = _pkcs12_encode_safe_contents (bag, &safe_cont, &enc); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe - * structure. - */ - result = asn1_write_value(c2, "", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe + * structure. + */ + result = asn1_write_value (c2, "", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (enc) - result = - asn1_write_value(c2, "?LAST.contentType", ENC_DATA_OID, 1); - else - result = asn1_write_value(c2, "?LAST.contentType", DATA_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (enc) + result = asn1_write_value (c2, "?LAST.contentType", ENC_DATA_OID, 1); + else + result = asn1_write_value (c2, "?LAST.contentType", DATA_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (enc) { - /* Encrypted packets are written directly. - */ - result = - asn1_write_value(c2, "?LAST.content", - bag->element[0].data.data, - bag->element[0].data.size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (enc) + { + /* Encrypted packets are written directly. + */ + result = + asn1_write_value (c2, "?LAST.content", + bag->element[0].data.data, + bag->element[0].data.size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - } else { - result = - _gnutls_x509_der_encode_and_copy(safe_cont, "", c2, - "?LAST.content", 1); - if (result < 0) { - gnutls_assert(); - goto cleanup; + } + else + { + result = + _gnutls_x509_der_encode_and_copy (safe_cont, "", c2, + "?LAST.content", 1); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } } - asn1_delete_structure(&safe_cont); + asn1_delete_structure (&safe_cont); - /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12 - * structure. - */ - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs12->pkcs12, - "authSafe.content", 1); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12 + * structure. + */ + result = + _gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12, + "authSafe.content", 1); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - asn1_delete_structure(&c2); - asn1_delete_structure(&safe_cont); - return result; +cleanup: + asn1_delete_structure (&c2); + asn1_delete_structure (&safe_cont); + return result; } /** @@ -807,117 +876,127 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) * Returns 0 on success. * **/ -int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass) +int +gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) { - opaque salt[8], key[20]; - int result; - const int iter = 1; - mac_hd_t td1 = NULL; - gnutls_datum_t tmp = { NULL, 0 }; - opaque sha_mac[20]; - - if (pkcs12 == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + opaque salt[8], key[20]; + int result; + const int iter = 1; + mac_hd_t td1 = NULL; + gnutls_datum_t tmp = { NULL, 0 }; + opaque sha_mac[20]; + + if (pkcs12 == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Generate the salt. - */ - if (gc_nonce (salt, sizeof(salt)) != GC_OK) { - gnutls_assert(); + /* Generate the salt. + */ + if (gc_nonce (salt, sizeof (salt)) != GC_OK) + { + gnutls_assert (); return GNUTLS_E_RANDOM_FAILED; } - /* Write the salt into the structure. - */ - result = - asn1_write_value(pkcs12->pkcs12, "macData.macSalt", salt, - sizeof(salt)); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Write the salt into the structure. + */ + result = + asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt)); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* write the iterations - */ - - if (iter > 1) { - result = - _gnutls_x509_write_uint32(pkcs12->pkcs12, "macData.iterations", - iter); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* write the iterations + */ + + if (iter > 1) + { + result = + _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations", + iter); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } } - /* Generate the key. - */ - result = _pkcs12_string_to_key(3 /*MAC*/, salt, sizeof(salt), - iter, pass, sizeof(key), key); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Generate the key. + */ + result = _pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt), + iter, pass, sizeof (key), key); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - /* Get the data to be MACed - */ - result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Get the data to be MACed + */ + result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - /* MAC the data - */ - td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA1, key, sizeof(key)); - if (td1 == GNUTLS_MAC_FAILED) { - gnutls_assert(); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; + /* MAC the data + */ + td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key)); + if (td1 == GNUTLS_MAC_FAILED) + { + gnutls_assert (); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } - _gnutls_hmac(td1, tmp.data, tmp.size); - _gnutls_free_datum(&tmp); + _gnutls_hmac (td1, tmp.data, tmp.size); + _gnutls_free_datum (&tmp); - _gnutls_hmac_deinit(td1, sha_mac); + _gnutls_hmac_deinit (td1, sha_mac); - result = - asn1_write_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac, - sizeof(sha_mac)); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = + asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac, + sizeof (sha_mac)); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - asn1_write_value(pkcs12->pkcs12, - "macData.mac.digestAlgorithm.parameters", NULL, - 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = + asn1_write_value (pkcs12->pkcs12, + "macData.mac.digestAlgorithm.parameters", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - asn1_write_value(pkcs12->pkcs12, - "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1, - 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = + asn1_write_value (pkcs12->pkcs12, + "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1, + 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - return 0; + return 0; - cleanup: - _gnutls_free_datum(&tmp); - return result; +cleanup: + _gnutls_free_datum (&tmp); + return result; } /** @@ -929,195 +1008,214 @@ int gnutls_pkcs12_generate_mac(gnutls_pkcs12_t pkcs12, const char *pass) * Returns 0 on success. * **/ -int gnutls_pkcs12_verify_mac(gnutls_pkcs12_t pkcs12, const char *pass) +int +gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) { - opaque key[20]; - int result; - unsigned int iter; - int len; - mac_hd_t td1 = NULL; - gnutls_datum_t tmp = { NULL, 0 }, salt = { - NULL, 0}; - opaque sha_mac[20]; - opaque sha_mac_orig[20]; - - if (pkcs12 == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + opaque key[20]; + int result; + unsigned int iter; + int len; + mac_hd_t td1 = NULL; + gnutls_datum_t tmp = { NULL, 0 }, salt = + { + NULL, 0}; + opaque sha_mac[20]; + opaque sha_mac_orig[20]; + + if (pkcs12 == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* read the iterations - */ + /* read the iterations + */ - result = - _gnutls_x509_read_uint(pkcs12->pkcs12, "macData.iterations", - &iter); - if (result < 0) { - iter = 1; /* the default */ + result = + _gnutls_x509_read_uint (pkcs12->pkcs12, "macData.iterations", &iter); + if (result < 0) + { + iter = 1; /* the default */ } - /* Read the salt from the structure. - */ - result = - _gnutls_x509_read_value(pkcs12->pkcs12, "macData.macSalt", &salt, - 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Read the salt from the structure. + */ + result = + _gnutls_x509_read_value (pkcs12->pkcs12, "macData.macSalt", &salt, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Generate the key. - */ - result = _pkcs12_string_to_key(3 /*MAC*/, salt.data, salt.size, - iter, pass, sizeof(key), key); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Generate the key. + */ + result = _pkcs12_string_to_key (3 /*MAC*/, salt.data, salt.size, + iter, pass, sizeof (key), key); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - _gnutls_free_datum(&salt); + _gnutls_free_datum (&salt); - /* Get the data to be MACed - */ - result = _decode_pkcs12_auth_safe(pkcs12->pkcs12, NULL, &tmp); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Get the data to be MACed + */ + result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - /* MAC the data - */ - td1 = _gnutls_hmac_init(GNUTLS_MAC_SHA1, key, sizeof(key)); - if (td1 == GNUTLS_MAC_FAILED) { - gnutls_assert(); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; + /* MAC the data + */ + td1 = _gnutls_hmac_init (GNUTLS_MAC_SHA1, key, sizeof (key)); + if (td1 == GNUTLS_MAC_FAILED) + { + gnutls_assert (); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } - _gnutls_hmac(td1, tmp.data, tmp.size); - _gnutls_free_datum(&tmp); + _gnutls_hmac (td1, tmp.data, tmp.size); + _gnutls_free_datum (&tmp); - _gnutls_hmac_deinit(td1, sha_mac); + _gnutls_hmac_deinit (td1, sha_mac); - len = sizeof(sha_mac_orig); - result = - asn1_read_value(pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig, - &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + len = sizeof (sha_mac_orig); + result = + asn1_read_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig, + &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (memcmp(sha_mac_orig, sha_mac, sizeof(sha_mac)) != 0) { - gnutls_assert(); - return GNUTLS_E_MAC_VERIFY_FAILED; + if (memcmp (sha_mac_orig, sha_mac, sizeof (sha_mac)) != 0) + { + gnutls_assert (); + return GNUTLS_E_MAC_VERIFY_FAILED; } - return 0; + return 0; - cleanup: - _gnutls_free_datum(&tmp); - _gnutls_free_datum(&salt); - return result; +cleanup: + _gnutls_free_datum (&tmp); + _gnutls_free_datum (&salt); + return result; } -static int write_attributes(gnutls_pkcs12_bag_t bag, int elem, - ASN1_TYPE c2, const char *where) +static int +write_attributes (gnutls_pkcs12_bag_t bag, int elem, + ASN1_TYPE c2, const char *where) { - int result; - char root[128]; - - /* If the bag attributes are empty, then write - * nothing to the attribute field. - */ - if (bag->element[elem].friendly_name == NULL && - bag->element[elem].local_key_id.data == NULL) { - /* no attributes - */ - result = asn1_write_value(c2, where, NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + int result; + char root[128]; + + /* If the bag attributes are empty, then write + * nothing to the attribute field. + */ + if (bag->element[elem].friendly_name == NULL && + bag->element[elem].local_key_id.data == NULL) + { + /* no attributes + */ + result = asn1_write_value (c2, where, NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } - if (bag->element[elem].local_key_id.data != NULL) { + if (bag->element[elem].local_key_id.data != NULL) + { - /* Add a new Attribute - */ - result = asn1_write_value(c2, where, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* Add a new Attribute + */ + result = asn1_write_value (c2, where, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - _gnutls_str_cpy(root, sizeof(root), where); - _gnutls_str_cat(root, sizeof(root), ".?LAST"); - - result = - _gnutls_x509_encode_and_write_attribute(KEY_ID_OID, c2, root, - bag->element[elem]. - local_key_id.data, - bag->element[elem]. - local_key_id.size, 1); - if (result < 0) { - gnutls_assert(); - return result; + _gnutls_str_cpy (root, sizeof (root), where); + _gnutls_str_cat (root, sizeof (root), ".?LAST"); + + result = + _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root, + bag->element[elem]. + local_key_id.data, + bag->element[elem]. + local_key_id.size, 1); + if (result < 0) + { + gnutls_assert (); + return result; } } - if (bag->element[elem].friendly_name != NULL) { - opaque *name; - int size, i; - const char *p; - - /* Add a new Attribute - */ - result = asn1_write_value(c2, where, "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (bag->element[elem].friendly_name != NULL) + { + opaque *name; + int size, i; + const char *p; + + /* Add a new Attribute + */ + result = asn1_write_value (c2, where, "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* convert name to BMPString - */ - size = strlen(bag->element[elem].friendly_name) * 2; - name = gnutls_malloc(size); + /* convert name to BMPString + */ + size = strlen (bag->element[elem].friendly_name) * 2; + name = gnutls_malloc (size); - if (name == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + if (name == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - p = bag->element[elem].friendly_name; - for (i = 0; i < size; i += 2) { - name[i] = 0; - name[i + 1] = *p; - p++; + p = bag->element[elem].friendly_name; + for (i = 0; i < size; i += 2) + { + name[i] = 0; + name[i + 1] = *p; + p++; } - _gnutls_str_cpy(root, sizeof(root), where); - _gnutls_str_cat(root, sizeof(root), ".?LAST"); + _gnutls_str_cpy (root, sizeof (root), where); + _gnutls_str_cat (root, sizeof (root), ".?LAST"); - result = - _gnutls_x509_encode_and_write_attribute(FRIENDLY_NAME_OID, c2, - root, name, size, 1); + result = + _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2, + root, name, size, 1); - gnutls_free(name); + gnutls_free (name); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } } - return 0; + return 0; } @@ -1125,114 +1223,126 @@ static int write_attributes(gnutls_pkcs12_bag_t bag, int elem, * the given datum. Enc is set to non zero if the data are encrypted; */ int -_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, - int *enc) +_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents, + int *enc) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result; - int i; - const char *oid; - - if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) { - *enc = 1; - return 0; /* ENCRYPTED BAG, do nothing. */ - } else if (enc) - *enc = 0; - - /* Step 1. Create the SEQUENCE. - */ - - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-12-SafeContents", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; + int i; + const char *oid; + + if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc) + { + *enc = 1; + return 0; /* ENCRYPTED BAG, do nothing. */ + } + else if (enc) + *enc = 0; + + /* Step 1. Create the SEQUENCE. + */ + + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - for (i = 0; i < bag->bag_elements; i++) { + for (i = 0; i < bag->bag_elements; i++) + { - oid = bag_to_oid(bag->element[i].type); - if (oid == NULL) { - gnutls_assert(); - continue; + oid = bag_to_oid (bag->element[i].type); + if (oid == NULL) + { + gnutls_assert (); + continue; } - result = asn1_write_value(c2, "", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Copy the bag type. - */ - result = asn1_write_value(c2, "?LAST.bagId", oid, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Copy the bag type. + */ + result = asn1_write_value (c2, "?LAST.bagId", oid, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Set empty attributes - */ - result = write_attributes(bag, i, c2, "?LAST.bagAttributes"); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Set empty attributes + */ + result = write_attributes (bag, i, c2, "?LAST.bagAttributes"); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - /* Copy the Bag Value - */ + /* Copy the Bag Value + */ - if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE || - bag->element[i].type == GNUTLS_BAG_CRL) { - gnutls_datum_t tmp; + if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE || + bag->element[i].type == GNUTLS_BAG_CRL) + { + gnutls_datum_t tmp; - /* in that case encode it to a CertBag or - * a CrlBag. - */ + /* in that case encode it to a CertBag or + * a CrlBag. + */ - result = - _pkcs12_encode_crt_bag(bag->element[i].type, - &bag->element[i].data, &tmp); + result = + _pkcs12_encode_crt_bag (bag->element[i].type, + &bag->element[i].data, &tmp); - if (result < 0) { - gnutls_assert(); - goto cleanup; + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = _gnutls_x509_write_value(c2, "?LAST.bagValue", - &tmp, 0); + result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0); - _gnutls_free_datum(&tmp); + _gnutls_free_datum (&tmp); - } else { + } + else + { - result = _gnutls_x509_write_value(c2, "?LAST.bagValue", - &bag->element[i].data, 0); + result = _gnutls_x509_write_value (c2, "?LAST.bagValue", + &bag->element[i].data, 0); } - if (result < 0) { - gnutls_assert(); - goto cleanup; + if (result < 0) + { + gnutls_assert (); + goto cleanup; } } - /* Encode the data and copy them into the datum - */ - *contents = c2; + /* Encode the data and copy them into the datum + */ + *contents = c2; - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + return result; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/pkcs12.h b/lib/x509/pkcs12.h index 45769c995e..5f547830bc 100644 --- a/lib/x509/pkcs12.h +++ b/lib/x509/pkcs12.h @@ -22,33 +22,37 @@ * */ -typedef struct gnutls_pkcs12_int { - ASN1_TYPE pkcs12; +typedef struct gnutls_pkcs12_int +{ + ASN1_TYPE pkcs12; } gnutls_pkcs12_int; -typedef enum gnutls_pkcs12_bag_type_t { - GNUTLS_BAG_EMPTY = 0, +typedef enum gnutls_pkcs12_bag_type_t +{ + GNUTLS_BAG_EMPTY = 0, - GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1, - GNUTLS_BAG_PKCS8_KEY, - GNUTLS_BAG_CERTIFICATE, - GNUTLS_BAG_CRL, - GNUTLS_BAG_ENCRYPTED = 10, - GNUTLS_BAG_UNKNOWN = 20 + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1, + GNUTLS_BAG_PKCS8_KEY, + GNUTLS_BAG_CERTIFICATE, + GNUTLS_BAG_CRL, + GNUTLS_BAG_ENCRYPTED = 10, + GNUTLS_BAG_UNKNOWN = 20 } gnutls_pkcs12_bag_type_t; #define MAX_BAG_ELEMENTS 32 -struct bag_element { - gnutls_datum_t data; - gnutls_pkcs12_bag_type_t type; - gnutls_datum_t local_key_id; - char *friendly_name; +struct bag_element +{ + gnutls_datum_t data; + gnutls_pkcs12_bag_type_t type; + gnutls_datum_t local_key_id; + char *friendly_name; }; -typedef struct gnutls_pkcs12_bag_int { - struct bag_element element[MAX_BAG_ELEMENTS]; - int bag_elements; +typedef struct gnutls_pkcs12_bag_int +{ + struct bag_element element[MAX_BAG_ELEMENTS]; + int bag_elements; } gnutls_pkcs12_bag_int; #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1" @@ -69,47 +73,46 @@ typedef struct gnutls_pkcs12_bag_int { typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t; typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t; -int gnutls_pkcs12_init(gnutls_pkcs12_t * pkcs12); -void gnutls_pkcs12_deinit(gnutls_pkcs12_t pkcs12); -int gnutls_pkcs12_import(gnutls_pkcs12_t pkcs12, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, unsigned int flags); +int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12); +void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12); +int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags); -int gnutls_pkcs12_get_bag(gnutls_pkcs12_t pkcs12, - int indx, gnutls_pkcs12_bag_t bag); +int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, + int indx, gnutls_pkcs12_bag_t bag); -int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag); -void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag); +int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag); +void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag); int -_pkcs12_string_to_key(unsigned int id, const opaque * salt, - unsigned int salt_size, unsigned int iter, - const char *pw, unsigned int req_keylen, - opaque * keybuf); - -int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, - const char *password, gnutls_datum_t * dec); - -typedef enum schema_id { - PBES2, /* the stuff in PKCS #5 */ - PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ - PKCS12_ARCFOUR_SHA1, - PKCS12_RC2_40_SHA1 +_pkcs12_string_to_key (unsigned int id, const opaque * salt, + unsigned int salt_size, unsigned int iter, + const char *pw, unsigned int req_keylen, + opaque * keybuf); + +int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, + const char *password, gnutls_datum_t * dec); + +typedef enum schema_id +{ + PBES2, /* the stuff in PKCS #5 */ + PKCS12_3DES_SHA1, /* the fucking stuff in PKCS #12 */ + PKCS12_ARCFOUR_SHA1, + PKCS12_RC2_40_SHA1 } schema_id; -int _gnutls_pkcs7_encrypt_data(schema_id schema, - const gnutls_datum_t * data, - const char *password, gnutls_datum_t * enc); -int _pkcs12_decode_safe_contents(const gnutls_datum_t * content, - gnutls_pkcs12_bag_t bag); +int _gnutls_pkcs7_encrypt_data (schema_id schema, + const gnutls_datum_t * data, + const char *password, gnutls_datum_t * enc); +int _pkcs12_decode_safe_contents (const gnutls_datum_t * content, + gnutls_pkcs12_bag_t bag); int -_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * content, - int *enc); - -int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, - gnutls_datum_t * out); -int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, - gnutls_datum_t * out); +_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content, + int *enc); + +int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * in, gnutls_datum_t * out); +int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * raw, gnutls_datum_t * out); diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index 6c3d3b5164..5ffcf4ad99 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -47,26 +47,30 @@ * Returns 0 on success. * **/ -int gnutls_pkcs12_bag_init(gnutls_pkcs12_bag_t * bag) +int +gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag) { - *bag = gnutls_calloc(1, sizeof(gnutls_pkcs12_bag_int)); + *bag = gnutls_calloc (1, sizeof (gnutls_pkcs12_bag_int)); - if (*bag) { - return 0; /* success */ + if (*bag) + { + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } -static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) +static inline void +_pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag) { - int i; + int i; - for (i = 0; i < bag->bag_elements; i++) { - _gnutls_free_datum(&bag->element[i].data); - _gnutls_free_datum(&bag->element[i].local_key_id); - gnutls_free(bag->element[i].friendly_name); - bag->element[i].friendly_name = NULL; - bag->element[i].type = 0; + for (i = 0; i < bag->bag_elements; i++) + { + _gnutls_free_datum (&bag->element[i].data); + _gnutls_free_datum (&bag->element[i].local_key_id); + gnutls_free (bag->element[i].friendly_name); + bag->element[i].friendly_name = NULL; + bag->element[i].type = 0; } } @@ -79,14 +83,15 @@ static inline void _pkcs12_bag_free_data(gnutls_pkcs12_bag_t bag) * This function will deinitialize a PKCS12 Bag structure. * **/ -void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag) +void +gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag) { - if (!bag) - return; + if (!bag) + return; - _pkcs12_bag_free_data(bag); + _pkcs12_bag_free_data (bag); - gnutls_free(bag); + gnutls_free (bag); } /** @@ -98,17 +103,18 @@ void gnutls_pkcs12_bag_deinit(gnutls_pkcs12_bag_t bag) * enumerations. * **/ -gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t - bag, int indx) +gnutls_pkcs12_bag_type_t +gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (indx >= bag->bag_elements) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - return bag->element[indx].type; + if (indx >= bag->bag_elements) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return bag->element[indx].type; } /** @@ -118,14 +124,16 @@ gnutls_pkcs12_bag_type_t gnutls_pkcs12_bag_get_type(gnutls_pkcs12_bag_t * This function will return the number of the elements withing the bag. * **/ -int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag) +int +gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return bag->bag_elements; + return bag->bag_elements; } /** @@ -141,157 +149,179 @@ int gnutls_pkcs12_bag_get_count(gnutls_pkcs12_bag_t bag) * Returns 0 on success and a negative error code on error. * **/ -int gnutls_pkcs12_bag_get_data(gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * data) +int +gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx, + gnutls_datum_t * data) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (indx >= bag->bag_elements) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (indx >= bag->bag_elements) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - data->data = bag->element[indx].data.data; - data->size = bag->element[indx].data.size; + data->data = bag->element[indx].data.data; + data->size = bag->element[indx].data.size; - return 0; + return 0; } #define X509_CERT_OID "1.2.840.113549.1.9.22.1" #define X509_CRL_OID "1.2.840.113549.1.9.23.1" -int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * in, gnutls_datum_t * out) +int +_pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * in, gnutls_datum_t * out) { - int ret; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (type == GNUTLS_BAG_CERTIFICATE) { - if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CertBag", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + int ret; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (type == GNUTLS_BAG_CERTIFICATE) + { + if ((ret = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-CertBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = asn1_der_decoding(&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = _gnutls_x509_read_value(c2, "certValue", out, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_read_value (c2, "certValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - } else { /* CRL */ - if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CRLBag", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + } + else + { /* CRL */ + if ((ret = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-CRLBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = asn1_der_decoding(&c2, in->data, in->size, NULL); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + ret = asn1_der_decoding (&c2, in->data, in->size, NULL); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = _gnutls_x509_read_value(c2, "crlValue", out, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_read_value (c2, "crlValue", out, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: +cleanup: - asn1_delete_structure(&c2); - return ret; + asn1_delete_structure (&c2); + return ret; } -int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * raw, - gnutls_datum_t * out) +int +_pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * raw, gnutls_datum_t * out) { - int ret; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (type == GNUTLS_BAG_CERTIFICATE) { - if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CertBag", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + int ret; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (type == GNUTLS_BAG_CERTIFICATE) + { + if ((ret = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-CertBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = asn1_write_value(c2, "certId", X509_CERT_OID, 1); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = _gnutls_x509_write_value(c2, "certValue", raw, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_write_value (c2, "certValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - } else { /* CRL */ - if ((ret = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-CRLBag", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + } + else + { /* CRL */ + if ((ret = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-CRLBag", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = asn1_write_value(c2, "crlId", X509_CRL_OID, 1); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(ret); - goto cleanup; + ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + ret = _gnutls_asn2err (ret); + goto cleanup; } - ret = _gnutls_x509_write_value(c2, "crlValue", raw, 1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } } - ret = _gnutls_x509_der_encode(c2, "", out, 0); + ret = _gnutls_x509_der_encode (c2, "", out, 0); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: +cleanup: - asn1_delete_structure(&c2); - return ret; + asn1_delete_structure (&c2); + return ret; } @@ -308,49 +338,55 @@ int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type, * value on error. * **/ -int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, - gnutls_pkcs12_bag_type_t type, - const gnutls_datum_t * data) +int +gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag, + gnutls_pkcs12_bag_type_t type, + const gnutls_datum_t * data) { - int ret; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (bag->bag_elements == MAX_BAG_ELEMENTS - 1) { - gnutls_assert(); - /* bag is full */ - return GNUTLS_E_MEMORY_ERROR; - } - - if (bag->bag_elements == 1) { - /* A bag with a key or an encrypted bag, must have - * only one element. - */ - - if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY || - bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || - bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + int ret; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (bag->bag_elements == MAX_BAG_ELEMENTS - 1) + { + gnutls_assert (); + /* bag is full */ + return GNUTLS_E_MEMORY_ERROR; + } + + if (bag->bag_elements == 1) + { + /* A bag with a key or an encrypted bag, must have + * only one element. + */ + + if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY || + bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY || + bag->element[0].type == GNUTLS_BAG_ENCRYPTED) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } } - ret = - _gnutls_set_datum(&bag->element[bag->bag_elements].data, - data->data, data->size); + ret = + _gnutls_set_datum (&bag->element[bag->bag_elements].data, + data->data, data->size); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - bag->element[bag->bag_elements].type = type; + bag->element[bag->bag_elements].type = type; - bag->bag_elements++; + bag->bag_elements++; - return bag->bag_elements - 1; + return bag->bag_elements - 1; } /** @@ -365,28 +401,30 @@ int gnutls_pkcs12_bag_set_data(gnutls_pkcs12_bag_t bag, * value on failure. * **/ -int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, - gnutls_x509_crt_t crt) +int +gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt) { - int ret; - gnutls_datum_t data; + int ret; + gnutls_datum_t data; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, &data); + ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, &data); - _gnutls_free_datum(&data); + _gnutls_free_datum (&data); - return ret; + return ret; } /** @@ -401,29 +439,31 @@ int gnutls_pkcs12_bag_set_crt(gnutls_pkcs12_bag_t bag, * value on failure. * **/ -int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, - gnutls_x509_crl_t crl) +int +gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) { - int ret; - gnutls_datum_t data; + int ret; + gnutls_datum_t data; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CRL, &data); + ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CRL, &data); - _gnutls_free_datum(&data); + _gnutls_free_datum (&data); - return ret; + return ret; } /** @@ -439,31 +479,35 @@ int gnutls_pkcs12_bag_set_crl(gnutls_pkcs12_bag_t bag, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, - const gnutls_datum_t * id) +int +gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, + const gnutls_datum_t * id) { - int ret; + int ret; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (indx > bag->bag_elements - 1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (indx > bag->bag_elements - 1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_set_datum(&bag->element[indx].local_key_id, - id->data, id->size); + ret = _gnutls_set_datum (&bag->element[indx].local_key_id, + id->data, id->size); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } /** @@ -478,23 +522,26 @@ int gnutls_pkcs12_bag_set_key_id(gnutls_pkcs12_bag_t bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, - gnutls_datum_t * id) +int +gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, + gnutls_datum_t * id) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (indx > bag->bag_elements - 1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (indx > bag->bag_elements - 1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - id->data = bag->element[indx].local_key_id.data; - id->size = bag->element[indx].local_key_id.size; + id->data = bag->element[indx].local_key_id.data; + id->size = bag->element[indx].local_key_id.size; - return 0; + return 0; } /** @@ -509,22 +556,25 @@ int gnutls_pkcs12_bag_get_key_id(gnutls_pkcs12_bag_t bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx, - char **name) +int +gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, + char **name) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (indx > bag->bag_elements - 1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (indx > bag->bag_elements - 1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - *name = bag->element[indx].friendly_name; + *name = bag->element[indx].friendly_name; - return 0; + return 0; } @@ -541,27 +591,31 @@ int gnutls_pkcs12_bag_get_friendly_name(gnutls_pkcs12_bag_t bag, int indx, * Returns 0 on success, or a negative value on error. * **/ -int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx, - const char *name) +int +gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx, + const char *name) { - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (indx > bag->bag_elements - 1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (indx > bag->bag_elements - 1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - bag->element[indx].friendly_name = gnutls_strdup(name); + bag->element[indx].friendly_name = gnutls_strdup (name); - if (name == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + if (name == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - return 0; + return 0; } @@ -573,44 +627,49 @@ int gnutls_pkcs12_bag_set_friendly_name(gnutls_pkcs12_bag_t bag, int indx, * This function will decrypt the given encrypted bag and return 0 on success. * **/ -int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass) +int +gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass) { - int ret; - gnutls_datum_t dec; + int ret; + gnutls_datum_t dec; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_pkcs7_decrypt_data(&bag->element[0].data, pass, &dec); + ret = _gnutls_pkcs7_decrypt_data (&bag->element[0].data, pass, &dec); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* decryption succeeded. Now decode the SafeContents - * stuff, and parse it. - */ + /* decryption succeeded. Now decode the SafeContents + * stuff, and parse it. + */ - _gnutls_free_datum(&bag->element[0].data); + _gnutls_free_datum (&bag->element[0].data); - ret = _pkcs12_decode_safe_contents(&dec, bag); + ret = _pkcs12_decode_safe_contents (&dec, bag); - _gnutls_free_datum(&dec); + _gnutls_free_datum (&dec); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } /** @@ -622,83 +681,90 @@ int gnutls_pkcs12_bag_decrypt(gnutls_pkcs12_bag_t bag, const char *pass) * This function will encrypt the given bag and return 0 on success. * **/ -int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag, const char *pass, - unsigned int flags) +int +gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass, + unsigned int flags) { - int ret; - ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; - gnutls_datum_t der = { NULL, 0 }; - gnutls_datum_t enc = { NULL, 0 }; - schema_id id; + int ret; + ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY; + gnutls_datum_t der = { NULL, 0 }; + gnutls_datum_t enc = { NULL, 0 }; + schema_id id; - if (bag == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Encode the whole bag to a safe contents - * structure. - */ - ret = _pkcs12_encode_safe_contents(bag, &safe_cont, NULL); - if (ret < 0) { - gnutls_assert(); - return ret; + /* Encode the whole bag to a safe contents + * structure. + */ + ret = _pkcs12_encode_safe_contents (bag, &safe_cont, NULL); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* DER encode the SafeContents. - */ - ret = _gnutls_x509_der_encode(safe_cont, "", &der, 0); + /* DER encode the SafeContents. + */ + ret = _gnutls_x509_der_encode (safe_cont, "", &der, 0); - asn1_delete_structure(&safe_cont); + asn1_delete_structure (&safe_cont); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (flags & GNUTLS_PKCS_PLAIN) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (flags & GNUTLS_PKCS_PLAIN) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) - id = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) - id = PKCS12_RC2_40_SHA1; - else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) - id = PBES2; - else - id = PKCS12_3DES_SHA1; + if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) + id = PKCS12_ARCFOUR_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) + id = PKCS12_RC2_40_SHA1; + else if (flags & GNUTLS_PKCS_USE_PBES2_3DES) + id = PBES2; + else + id = PKCS12_3DES_SHA1; - /* Now encrypt them. - */ - ret = _gnutls_pkcs7_encrypt_data(id, &der, pass, &enc); + /* Now encrypt them. + */ + ret = _gnutls_pkcs7_encrypt_data (id, &der, pass, &enc); - _gnutls_free_datum(&der); + _gnutls_free_datum (&der); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* encryption succeeded. - */ + /* encryption succeeded. + */ - _pkcs12_bag_free_data(bag); + _pkcs12_bag_free_data (bag); - bag->element[0].type = GNUTLS_BAG_ENCRYPTED; - bag->element[0].data = enc; + bag->element[0].type = GNUTLS_BAG_ENCRYPTED; + bag->element[0].data = enc; - bag->bag_elements = 1; + bag->bag_elements = 1; - return 0; + return 0; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/pkcs12_encr.c b/lib/x509/pkcs12_encr.c index e7827b14fb..edbec8b702 100644 --- a/lib/x509/pkcs12_encr.c +++ b/lib/x509/pkcs12_encr.c @@ -32,18 +32,20 @@ /* Returns 0 if the password is ok, or a negative error * code instead. */ -static int _pkcs12_check_pass(const char *pass, size_t plen) +static int +_pkcs12_check_pass (const char *pass, size_t plen) { - const unsigned char *p = pass; - unsigned int i; - - for (i = 0; i < plen; i++) { - if (isascii(p[i])) - continue; - return GNUTLS_E_INVALID_PASSWORD; + const unsigned char *p = pass; + unsigned int i; + + for (i = 0; i < plen; i++) + { + if (isascii (p[i])) + continue; + return GNUTLS_E_INVALID_PASSWORD; } - return 0; + return 0; } /* ID should be: @@ -52,103 +54,116 @@ static int _pkcs12_check_pass(const char *pass, size_t plen) * 1 for encryption key */ int -_pkcs12_string_to_key(unsigned int id, const opaque * salt, - unsigned int salt_size, unsigned int iter, - const char *pw, unsigned int req_keylen, - opaque * keybuf) +_pkcs12_string_to_key (unsigned int id, const opaque * salt, + unsigned int salt_size, unsigned int iter, + const char *pw, unsigned int req_keylen, + opaque * keybuf) { - int rc; - unsigned int i, j; - gc_hash_handle md; - mpi_t num_b1 = NULL; - unsigned int pwlen; - opaque hash[20], buf_b[64], buf_i[128], *p; - size_t cur_keylen; - size_t n; - - cur_keylen = 0; - - if (pw == NULL) - pwlen = 0; - else - pwlen = strlen(pw); - - if (pwlen > 63 / 2) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + int rc; + unsigned int i, j; + gc_hash_handle md; + mpi_t num_b1 = NULL; + unsigned int pwlen; + opaque hash[20], buf_b[64], buf_i[128], *p; + size_t cur_keylen; + size_t n; + + cur_keylen = 0; + + if (pw == NULL) + pwlen = 0; + else + pwlen = strlen (pw); + + if (pwlen > 63 / 2) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if ((rc = _pkcs12_check_pass(pw, pwlen)) < 0) { - gnutls_assert(); - return rc; + if ((rc = _pkcs12_check_pass (pw, pwlen)) < 0) + { + gnutls_assert (); + return rc; } - /* Store salt and password in BUF_I */ - p = buf_i; - for (i = 0; i < 64; i++) - *p++ = salt[i % salt_size]; - if (pw) { - for (i = j = 0; i < 64; i += 2) { - *p++ = 0; - *p++ = pw[j]; - if (++j > pwlen) /* Note, that we include the trailing zero */ - j = 0; - } - } else - memset(p, 0, 64); - - for (;;) { - rc = gc_hash_open(GC_SHA1, 0, &md); - if (rc) { - gnutls_assert(); - return GNUTLS_E_DECRYPTION_FAILED; + /* Store salt and password in BUF_I */ + p = buf_i; + for (i = 0; i < 64; i++) + *p++ = salt[i % salt_size]; + if (pw) + { + for (i = j = 0; i < 64; i += 2) + { + *p++ = 0; + *p++ = pw[j]; + if (++j > pwlen) /* Note, that we include the trailing zero */ + j = 0; + } + } + else + memset (p, 0, 64); + + for (;;) + { + rc = gc_hash_open (GC_SHA1, 0, &md); + if (rc) + { + gnutls_assert (); + return GNUTLS_E_DECRYPTION_FAILED; } - for (i = 0; i < 64; i++) { - unsigned char lid = id & 0xFF; - gc_hash_write(md, 1, &lid); + for (i = 0; i < 64; i++) + { + unsigned char lid = id & 0xFF; + gc_hash_write (md, 1, &lid); } - gc_hash_write(md, pw?128:64, buf_i); - memcpy(hash, gc_hash_read(md), 20); - gc_hash_close(md); - for (i = 1; i < iter; i++) - gc_hash_buffer(GC_SHA1, hash, 20, hash); - for (i = 0; i < 20 && cur_keylen < req_keylen; i++) - keybuf[cur_keylen++] = hash[i]; - if (cur_keylen == req_keylen) { - gcry_mpi_release(num_b1); - return 0; /* ready */ + gc_hash_write (md, pw ? 128 : 64, buf_i); + memcpy (hash, gc_hash_read (md), 20); + gc_hash_close (md); + for (i = 1; i < iter; i++) + gc_hash_buffer (GC_SHA1, hash, 20, hash); + for (i = 0; i < 20 && cur_keylen < req_keylen; i++) + keybuf[cur_keylen++] = hash[i]; + if (cur_keylen == req_keylen) + { + gcry_mpi_release (num_b1); + return 0; /* ready */ } - /* need more bytes. */ - for (i = 0; i < 64; i++) - buf_b[i] = hash[i % 20]; - n = 64; - rc = _gnutls_mpi_scan(&num_b1, buf_b, &n); - if (rc < 0) { - gnutls_assert(); - return rc; + /* need more bytes. */ + for (i = 0; i < 64; i++) + buf_b[i] = hash[i % 20]; + n = 64; + rc = _gnutls_mpi_scan (&num_b1, buf_b, &n); + if (rc < 0) + { + gnutls_assert (); + return rc; } - gcry_mpi_add_ui(num_b1, num_b1, 1); - for (i = 0; i < 128; i += 64) { - mpi_t num_ij; - - n = 64; - rc = _gnutls_mpi_scan(&num_ij, buf_i + i, &n); - if (rc < 0) { - gnutls_assert(); - return rc; + gcry_mpi_add_ui (num_b1, num_b1, 1); + for (i = 0; i < 128; i += 64) + { + mpi_t num_ij; + + n = 64; + rc = _gnutls_mpi_scan (&num_ij, buf_i + i, &n); + if (rc < 0) + { + gnutls_assert (); + return rc; } - gcry_mpi_add(num_ij, num_ij, num_b1); - gcry_mpi_clear_highbit(num_ij, 64 * 8); - n = 64; - rc = _gnutls_mpi_print(buf_i + i, &n, num_ij); - if (rc < 0) { - gnutls_assert(); - return rc; + gcry_mpi_add (num_ij, num_ij, num_b1); + gcry_mpi_clear_highbit (num_ij, 64 * 8); + n = 64; + rc = _gnutls_mpi_print (buf_i + i, &n, num_ij); + if (rc < 0) + { + gnutls_assert (); + return rc; } - gcry_mpi_release(num_ij); + gcry_mpi_release (num_ij); } } } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 6507704546..6a915bef6b 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -44,90 +44,99 @@ * which holds them. If raw is non null then the raw decoded * data are copied (they are locally allocated) there. */ -static -int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata, - gnutls_datum_t * raw) +static int +_decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata, + gnutls_datum_t * raw) { - char oid[128]; - ASN1_TYPE c2; - opaque *tmp = NULL; - int tmp_size, len, result; - - len = sizeof(oid) - 1; - result = asn1_read_value(pkcs7, "contentType", oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + char oid[128]; + ASN1_TYPE c2; + opaque *tmp = NULL; + int tmp_size, len, result; + + len = sizeof (oid) - 1; + result = asn1_read_value (pkcs7, "contentType", oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - if (strcmp(oid, SIGNED_DATA_OID) != 0) { - gnutls_assert(); - _gnutls_x509_log("Unknown PKCS7 Content OID '%s'\n", oid); - return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; + if (strcmp (oid, SIGNED_DATA_OID) != 0) + { + gnutls_assert (); + _gnutls_x509_log ("Unknown PKCS7 Content OID '%s'\n", oid); + return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; } - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData", &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* the Signed-data has been created, so - * decode them. - */ - tmp_size = 0; - result = asn1_read_value(pkcs7, "content", NULL, &tmp_size); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* the Signed-data has been created, so + * decode them. + */ + tmp_size = 0; + result = asn1_read_value (pkcs7, "content", NULL, &tmp_size); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - tmp = gnutls_malloc(tmp_size); - if (tmp == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; + tmp = gnutls_malloc (tmp_size); + if (tmp == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; } - result = asn1_read_value(pkcs7, "content", tmp, &tmp_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_read_value (pkcs7, "content", tmp, &tmp_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* tmp, tmp_size hold the data and the size of the CertificateSet structure - * actually the ANY stuff. - */ + /* tmp, tmp_size hold the data and the size of the CertificateSet structure + * actually the ANY stuff. + */ - /* Step 1. In case of a signed structure extract certificate set. - */ + /* Step 1. In case of a signed structure extract certificate set. + */ - result = asn1_der_decoding(&c2, tmp, tmp_size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_der_decoding (&c2, tmp, tmp_size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - if (raw == NULL) { - gnutls_free(tmp); - } else { - raw->data = tmp; - raw->size = tmp_size; + if (raw == NULL) + { + gnutls_free (tmp); + } + else + { + raw->data = tmp; + raw->size = tmp_size; } - *sdata = c2; + *sdata = c2; - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - gnutls_free(tmp); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + gnutls_free (tmp); + return result; } /** @@ -141,22 +150,25 @@ int _decode_pkcs7_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata, * Returns 0 on success. * **/ -int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7) +int +gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7) { - *pkcs7 = gnutls_calloc(1, sizeof(gnutls_pkcs7_int)); - - if (*pkcs7) { - int result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-ContentInfo", - &(*pkcs7)->pkcs7); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free(*pkcs7); - return _gnutls_asn2err(result); + *pkcs7 = gnutls_calloc (1, sizeof (gnutls_pkcs7_int)); + + if (*pkcs7) + { + int result = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-7-ContentInfo", + &(*pkcs7)->pkcs7); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (*pkcs7); + return _gnutls_asn2err (result); } - return 0; /* success */ + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /** @@ -166,15 +178,16 @@ int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7) * This function will deinitialize a PKCS7 structure. * **/ -void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7) +void +gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7) { - if (!pkcs7) - return; + if (!pkcs7) + return; - if (pkcs7->pkcs7) - asn1_delete_structure(&pkcs7->pkcs7); + if (pkcs7->pkcs7) + asn1_delete_structure (&pkcs7->pkcs7); - gnutls_free(pkcs7); + gnutls_free (pkcs7); } /** @@ -191,57 +204,60 @@ void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7) * Returns 0 on success. * **/ -int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int +gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - _data.data = data->data; - _data.size = data->size; - - /* If the PKCS7 is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; - - result = _gnutls_fbase64_decode(PEM_PKCS7, data->data, data->size, - &out); - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + int result = 0, need_free = 0; + gnutls_datum_t _data; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + _data.data = data->data; + _data.size = data->size; + + /* If the PKCS7 is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; + + result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size, + &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - result = - asn1_der_decoding(&pkcs7->pkcs7, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + result = asn1_der_decoding (&pkcs7->pkcs7, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - if (need_free) - _gnutls_free_datum(&_data); + if (need_free) + _gnutls_free_datum (&_data); - return 0; + return 0; - cleanup: - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + if (need_free) + _gnutls_free_datum (&_data); + return result; } /** @@ -259,88 +275,97 @@ int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, * will be returned. * **/ -int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, - int indx, void *certificate, - size_t * certificate_size) +int +gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, + int indx, void *certificate, + size_t * certificate_size) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, len; - char root2[64]; - char oid[128]; - char counter[MAX_INT_DIGITS]; - gnutls_datum_t tmp = { NULL, 0 }; - - if (certificate_size == NULL || pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, len; + char root2[64]; + char oid[128]; + char counter[MAX_INT_DIGITS]; + gnutls_datum_t tmp = { NULL, 0 }; + + if (certificate_size == NULL || pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Parse the CertificateSet - */ + /* Step 2. Parse the CertificateSet + */ - _gnutls_str_cpy(root2, sizeof(root2), "certificates.?"); - _gnutls_int2str(indx + 1, counter); - _gnutls_str_cat(root2, sizeof(root2), counter); + _gnutls_str_cpy (root2, sizeof (root2), "certificates.?"); + _gnutls_int2str (indx + 1, counter); + _gnutls_str_cat (root2, sizeof (root2), counter); - len = sizeof(oid) - 1; + len = sizeof (oid) - 1; - result = asn1_read_value(c2, root2, oid, &len); + result = asn1_read_value (c2, root2, oid, &len); - if (result == ASN1_VALUE_NOT_FOUND) { - result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - goto cleanup; + if (result == ASN1_VALUE_NOT_FOUND) + { + result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + goto cleanup; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* if 'Certificate' is the choice found: - */ - if (strcmp(oid, "certificate") == 0) { - int start, end; + /* if 'Certificate' is the choice found: + */ + if (strcmp (oid, "certificate") == 0) + { + int start, end; - result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size, - root2, &start, &end); + result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, + root2, &start, &end); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - end = end - start + 1; + end = end - start + 1; - if ((uint) end > *certificate_size) { - *certificate_size = end; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; + if ((uint) end > *certificate_size) + { + *certificate_size = end; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - if (certificate) - memcpy(certificate, &tmp.data[start], end); + if (certificate) + memcpy (certificate, &tmp.data[start], end); - *certificate_size = end; + *certificate_size = end; - result = 0; + result = 0; - } else { - result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; + } + else + { + result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; } - cleanup: - _gnutls_free_datum(&tmp); - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + _gnutls_free_datum (&tmp); + if (c2) + asn1_delete_structure (&c2); + return result; } /** @@ -353,34 +378,37 @@ int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, * Returns a negative value on failure. * **/ -int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) +int +gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, count; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, count; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Count the CertificateSet */ + /* Step 2. Count the CertificateSet */ - result = asn1_number_of_elements(c2, "certificates", &count); + result = asn1_number_of_elements (c2, "certificates", &count); - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return 0; /* no certificates */ + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return 0; /* no certificates */ } - return count; + return count; } @@ -405,89 +433,95 @@ int gnutls_pkcs7_get_crt_count(gnutls_pkcs7_t pkcs7) * returned, and 0 on success. * **/ -int gnutls_pkcs7_export(gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +int +gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; - return _gnutls_x509_export_int(pkcs7->pkcs7, format, PEM_PKCS7, - *output_data_size, output_data, - output_data_size); + return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7, + *output_data_size, output_data, + output_data_size); } /* Creates an empty signed data structure in the pkcs7 * structure and returns a handle to the signed data. */ -static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) +static int +create_empty_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata) { - uint8 one = 1; - int result; - - *sdata = ASN1_TYPE_EMPTY; - - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.pkcs-7-SignedData", - sdata)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + uint8 one = 1; + int result; + + *sdata = ASN1_TYPE_EMPTY; + + if ((result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData", + sdata)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Use version 1 - */ - result = asn1_write_value(*sdata, "version", &one, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Use version 1 + */ + result = asn1_write_value (*sdata, "version", &one, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Use no digest algorithms - */ - - /* id-data */ - result = - asn1_write_value(*sdata, "encapContentInfo.eContentType", - "1.2.840.113549.1.7.5", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Use no digest algorithms + */ + + /* id-data */ + result = + asn1_write_value (*sdata, "encapContentInfo.eContentType", + "1.2.840.113549.1.7.5", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - asn1_write_value(*sdata, "encapContentInfo.eContent", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (*sdata, "encapContentInfo.eContent", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Add no certificates. - */ + /* Add no certificates. + */ - /* Add no crls. - */ + /* Add no crls. + */ - /* Add no signerInfos. - */ + /* Add no signerInfos. + */ - /* Write the content type of the signed data - */ - result = asn1_write_value(pkcs7, "contentType", SIGNED_DATA_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + /* Write the content type of the signed data + */ + result = asn1_write_value (pkcs7, "contentType", SIGNED_DATA_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - return 0; + return 0; - cleanup: - asn1_delete_structure(sdata); - return result; +cleanup: + asn1_delete_structure (sdata); + return result; } @@ -500,81 +534,87 @@ static int create_empty_signed_data(ASN1_TYPE pkcs7, ASN1_TYPE * sdata) * Returns 0 on success. * **/ -int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crt) +int +gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL); - if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - return result; - } - - /* If the signed data are uninitialized - * then create them. - */ - if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) { - /* The pkcs7 structure is new, so create the - * signedData. - */ - result = create_empty_signed_data(pkcs7->pkcs7, &c2); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL); + if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + return result; + } + + /* If the signed data are uninitialized + * then create them. + */ + if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) + { + /* The pkcs7 structure is new, so create the + * signedData. + */ + result = create_empty_signed_data (pkcs7->pkcs7, &c2); + if (result < 0) + { + gnutls_assert (); + return result; } } - /* Step 2. Append the new certificate. - */ + /* Step 2. Append the new certificate. + */ - result = asn1_write_value(c2, "certificates", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "certificates", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_write_value(c2, "certificates.?LAST", "certificate", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "certificates.?LAST", "certificate", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - asn1_write_value(c2, "certificates.?LAST.certificate", crt->data, - crt->size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = + asn1_write_value (c2, "certificates.?LAST.certificate", crt->data, + crt->size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Step 3. Replace the old content with the new - */ - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content", - 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Step 3. Replace the old content with the new + */ + result = + _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + return result; } /** @@ -588,30 +628,33 @@ int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, * Returns 0 on success. * **/ -int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) +int +gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) { - int ret; - gnutls_datum_t data; + int ret; + gnutls_datum_t data; - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; - ret = _gnutls_x509_der_encode(crt->cert, "", &data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = gnutls_pkcs7_set_crt_raw(pkcs7, &data); + ret = gnutls_pkcs7_set_crt_raw (pkcs7, &data); - _gnutls_free_datum(&data); + _gnutls_free_datum (&data); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } @@ -624,56 +667,59 @@ int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) * Index starts from 0. Returns 0 on success. * **/ -int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) +int +gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result; - char counter[MAX_INT_DIGITS]; - char root2[64]; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. Decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; + char counter[MAX_INT_DIGITS]; + char root2[64]; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. Decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Delete the certificate. - */ + /* Step 2. Delete the certificate. + */ - _gnutls_str_cpy(root2, sizeof(root2), "certificates.?"); - _gnutls_int2str(indx + 1, counter); - _gnutls_str_cat(root2, sizeof(root2), counter); + _gnutls_str_cpy (root2, sizeof (root2), "certificates.?"); + _gnutls_int2str (indx + 1, counter); + _gnutls_str_cat (root2, sizeof (root2), counter); - result = asn1_write_value(c2, root2, NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, root2, NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Step 3. Replace the old content with the new - */ - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content", - 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Step 3. Replace the old content with the new + */ + result = + _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + return result; } /* Read and write CRLs @@ -694,66 +740,70 @@ int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx) * will be returned. * **/ -int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, - int indx, void *crl, size_t * crl_size) +int +gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, + int indx, void *crl, size_t * crl_size) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result; - char root2[64]; - char counter[MAX_INT_DIGITS]; - gnutls_datum_t tmp = { NULL, 0 }; - int start, end; - - if (pkcs7 == NULL || crl_size == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, &tmp); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; + char root2[64]; + char counter[MAX_INT_DIGITS]; + gnutls_datum_t tmp = { NULL, 0 }; + int start, end; + + if (pkcs7 == NULL || crl_size == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Parse the CertificateSet - */ + /* Step 2. Parse the CertificateSet + */ - _gnutls_str_cpy(root2, sizeof(root2), "crls.?"); - _gnutls_int2str(indx + 1, counter); - _gnutls_str_cat(root2, sizeof(root2), counter); + _gnutls_str_cpy (root2, sizeof (root2), "crls.?"); + _gnutls_int2str (indx + 1, counter); + _gnutls_str_cat (root2, sizeof (root2), counter); - /* Get the raw CRL - */ - result = asn1_der_decoding_startEnd(c2, tmp.data, tmp.size, - root2, &start, &end); + /* Get the raw CRL + */ + result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size, + root2, &start, &end); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - end = end - start + 1; + end = end - start + 1; - if ((uint) end > *crl_size) { - *crl_size = end; - result = GNUTLS_E_SHORT_MEMORY_BUFFER; - goto cleanup; + if ((uint) end > *crl_size) + { + *crl_size = end; + result = GNUTLS_E_SHORT_MEMORY_BUFFER; + goto cleanup; } - if (crl) - memcpy(crl, &tmp.data[start], end); + if (crl) + memcpy (crl, &tmp.data[start], end); - *crl_size = end; + *crl_size = end; - result = 0; + result = 0; - cleanup: - _gnutls_free_datum(&tmp); - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + _gnutls_free_datum (&tmp); + if (c2) + asn1_delete_structure (&c2); + return result; } /** @@ -766,34 +816,37 @@ int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, * Returns a negative value on failure. * **/ -int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) +int +gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, count; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, count; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Count the CertificateSet */ + /* Step 2. Count the CertificateSet */ - result = asn1_number_of_elements(c2, "crls", &count); + result = asn1_number_of_elements (c2, "crls", &count); - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return 0; /* no crls */ + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return 0; /* no crls */ } - return count; + return count; } @@ -806,72 +859,77 @@ int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7) * Returns 0 on success. * **/ -int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, - const gnutls_datum_t * crl) +int +gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL); - if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) { - gnutls_assert(); - return result; - } - - /* If the signed data are uninitialized - * then create them. - */ - if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) { - /* The pkcs7 structure is new, so create the - * signedData. - */ - result = create_empty_signed_data(pkcs7->pkcs7, &c2); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL); + if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND) + { + gnutls_assert (); + return result; + } + + /* If the signed data are uninitialized + * then create them. + */ + if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND) + { + /* The pkcs7 structure is new, so create the + * signedData. + */ + result = create_empty_signed_data (pkcs7->pkcs7, &c2); + if (result < 0) + { + gnutls_assert (); + return result; } } - /* Step 2. Append the new crl. - */ + /* Step 2. Append the new crl. + */ - result = asn1_write_value(c2, "crls", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "crls", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - result = asn1_write_value(c2, "crls.?LAST", crl->data, crl->size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, "crls.?LAST", crl->data, crl->size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Step 3. Replace the old content with the new - */ - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content", - 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Step 3. Replace the old content with the new + */ + result = + _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + return result; } /** @@ -883,30 +941,33 @@ int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, * Returns 0 on success. * **/ -int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl) +int +gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl) { - int ret; - gnutls_datum_t data; + int ret; + gnutls_datum_t data; - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; - ret = _gnutls_x509_der_encode(crl->crl, "", &data, 0); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = gnutls_pkcs7_set_crl_raw(pkcs7, &data); + ret = gnutls_pkcs7_set_crl_raw (pkcs7, &data); - _gnutls_free_datum(&data); + _gnutls_free_datum (&data); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } /** @@ -918,56 +979,59 @@ int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl) * Index starts from 0. Returns 0 on success. * **/ -int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx) +int +gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result; - char counter[MAX_INT_DIGITS]; - char root2[64]; - - if (pkcs7 == NULL) - return GNUTLS_E_INVALID_REQUEST; - - /* Step 1. Decode the signed data. - */ - result = _decode_pkcs7_signed_data(pkcs7->pkcs7, &c2, NULL); - if (result < 0) { - gnutls_assert(); - return result; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result; + char counter[MAX_INT_DIGITS]; + char root2[64]; + + if (pkcs7 == NULL) + return GNUTLS_E_INVALID_REQUEST; + + /* Step 1. Decode the signed data. + */ + result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Delete the crl. - */ + /* Step 2. Delete the crl. + */ - _gnutls_str_cpy(root2, sizeof(root2), "crls.?"); - _gnutls_int2str(indx + 1, counter); - _gnutls_str_cat(root2, sizeof(root2), counter); + _gnutls_str_cpy (root2, sizeof (root2), "crls.?"); + _gnutls_int2str (indx + 1, counter); + _gnutls_str_cat (root2, sizeof (root2), counter); - result = asn1_write_value(c2, root2, NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_write_value (c2, root2, NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - /* Step 3. Replace the old content with the new - */ - result = - _gnutls_x509_der_encode_and_copy(c2, "", pkcs7->pkcs7, "content", - 0); - if (result < 0) { - gnutls_assert(); - goto cleanup; + /* Step 3. Replace the old content with the new + */ + result = + _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - return 0; + return 0; - cleanup: - if (c2) - asn1_delete_structure(&c2); - return result; +cleanup: + if (c2) + asn1_delete_structure (&c2); + return result; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/pkcs7.h b/lib/x509/pkcs7.h index d51858e317..7f9e3b8627 100644 --- a/lib/x509/pkcs7.h +++ b/lib/x509/pkcs7.h @@ -24,6 +24,7 @@ #include <gnutls/x509.h> -typedef struct gnutls_pkcs7_int { +typedef struct gnutls_pkcs7_int +{ ASN1_TYPE pkcs7; } gnutls_pkcs7_int; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 1b0409e448..dd29e89d4d 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -38,8 +38,8 @@ #include <dsa.h> #include <verify.h> -static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params); -static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params); +static int _encode_rsa (ASN1_TYPE * c2, mpi_t * params); +static int _encode_dsa (ASN1_TYPE * c2, mpi_t * params); /* remove this when libgcrypt can handle the PKCS #1 coefficients from * rsa keys @@ -55,17 +55,19 @@ static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params); * Returns 0 on success. * **/ -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) +int +gnutls_x509_privkey_init (gnutls_x509_privkey_t * key) { - *key = gnutls_calloc(1, sizeof(gnutls_x509_privkey_int)); + *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int)); - if (*key) { - (*key)->key = ASN1_TYPE_EMPTY; - (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; - return 0; /* success */ + if (*key) + { + (*key)->key = ASN1_TYPE_EMPTY; + (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /** @@ -75,19 +77,21 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) * This function will deinitialize a private key structure. * **/ -void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key) +void +gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key) { - int i; + int i; - if (!key) - return; + if (!key) + return; - for (i = 0; i < key->params_size; i++) { - _gnutls_mpi_release(&key->params[i]); + for (i = 0; i < key->params_size; i++) + { + _gnutls_mpi_release (&key->params[i]); } - asn1_delete_structure(&key->key); - gnutls_free(key); + asn1_delete_structure (&key->key); + gnutls_free (key); } /** @@ -98,216 +102,234 @@ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key) * This function will copy a private key from source to destination key. * **/ -int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, - gnutls_x509_privkey_t src) +int +gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) { - int i, ret; + int i, ret; - if (!src || !dst) - return GNUTLS_E_INVALID_REQUEST; + if (!src || !dst) + return GNUTLS_E_INVALID_REQUEST; - for (i = 0; i < src->params_size; i++) { - dst->params[i] = _gnutls_mpi_copy(src->params[i]); - if (dst->params[i] == NULL) - return GNUTLS_E_MEMORY_ERROR; + for (i = 0; i < src->params_size; i++) + { + dst->params[i] = _gnutls_mpi_copy (src->params[i]); + if (dst->params[i] == NULL) + return GNUTLS_E_MEMORY_ERROR; } - dst->params_size = src->params_size; - dst->pk_algorithm = src->pk_algorithm; - dst->crippled = src->crippled; + dst->params_size = src->params_size; + dst->pk_algorithm = src->pk_algorithm; + dst->crippled = src->crippled; - if (!src->crippled) { - switch (dst->pk_algorithm) { + if (!src->crippled) + { + switch (dst->pk_algorithm) + { case GNUTLS_PK_DSA: - ret = _encode_dsa(&dst->key, dst->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_dsa (&dst->key, dst->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; case GNUTLS_PK_RSA: - ret = _encode_rsa(&dst->key, dst->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_rsa (&dst->key, dst->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } } - return 0; + return 0; } /* Converts an RSA PKCS#1 key to * an internal structure (gnutls_private_key) */ -ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( - const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) +ASN1_TYPE +_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, + gnutls_x509_privkey_t pkey) { - int result; - ASN1_TYPE pkey_asn; + int result; + ASN1_TYPE pkey_asn; - if ((result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.RSAPrivateKey", - &pkey_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return NULL; + if ((result = + asn1_create_element (_gnutls_get_gnutls_asn (), + "GNUTLS.RSAPrivateKey", + &pkey_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return NULL; } - if ((sizeof(pkey->params) / sizeof(mpi_t)) < RSA_PRIVATE_PARAMS) { - gnutls_assert(); - /* internal error. Increase the mpi_ts in params */ - return NULL; + if ((sizeof (pkey->params) / sizeof (mpi_t)) < RSA_PRIVATE_PARAMS) + { + gnutls_assert (); + /* internal error. Increase the mpi_ts in params */ + return NULL; } - result = - asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; + result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(pkey_asn, "modulus", - &pkey->params[0])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "modulus", + &pkey->params[0])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = - _gnutls_x509_read_int(pkey_asn, "publicExponent", - &pkey->params[1])) < 0) { - gnutls_assert(); - goto error; + if ((result = + _gnutls_x509_read_int (pkey_asn, "publicExponent", + &pkey->params[1])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = - _gnutls_x509_read_int(pkey_asn, "privateExponent", - &pkey->params[2])) < 0) { - gnutls_assert(); - goto error; + if ((result = + _gnutls_x509_read_int (pkey_asn, "privateExponent", + &pkey->params[2])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(pkey_asn, "prime1", - &pkey->params[3])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "prime1", + &pkey->params[3])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(pkey_asn, "prime2", - &pkey->params[4])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "prime2", + &pkey->params[4])) < 0) + { + gnutls_assert (); + goto error; } #ifdef CALC_COEFF - /* Calculate the coefficient. This is because the gcrypt - * library is uses the p,q in the reverse order. - */ - pkey->params[5] = - _gnutls_mpi_snew(_gnutls_mpi_get_nbits(pkey->params[0])); + /* Calculate the coefficient. This is because the gcrypt + * library is uses the p,q in the reverse order. + */ + pkey->params[5] = + _gnutls_mpi_snew (_gnutls_mpi_get_nbits (pkey->params[0])); - if (pkey->params[5] == NULL) { - gnutls_assert(); - goto error; + if (pkey->params[5] == NULL) + { + gnutls_assert (); + goto error; } - _gnutls_mpi_invm(pkey->params[5], pkey->params[3], pkey->params[4]); - /* p, q */ + _gnutls_mpi_invm (pkey->params[5], pkey->params[3], pkey->params[4]); + /* p, q */ #else - if ((result = _gnutls_x509_read_int(pkey_asn, "coefficient", - &pkey->params[5])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient", + &pkey->params[5])) < 0) + { + gnutls_assert (); + goto error; } #endif - pkey->params_size = 6; + pkey->params_size = 6; - return pkey_asn; + return pkey_asn; - error: - asn1_delete_structure(&pkey_asn); - _gnutls_mpi_release(&pkey->params[0]); - _gnutls_mpi_release(&pkey->params[1]); - _gnutls_mpi_release(&pkey->params[2]); - _gnutls_mpi_release(&pkey->params[3]); - _gnutls_mpi_release(&pkey->params[4]); - _gnutls_mpi_release(&pkey->params[5]); - return NULL; +error: + asn1_delete_structure (&pkey_asn); + _gnutls_mpi_release (&pkey->params[0]); + _gnutls_mpi_release (&pkey->params[1]); + _gnutls_mpi_release (&pkey->params[2]); + _gnutls_mpi_release (&pkey->params[3]); + _gnutls_mpi_release (&pkey->params[4]); + _gnutls_mpi_release (&pkey->params[5]); + return NULL; } -static ASN1_TYPE decode_dsa_key(const gnutls_datum_t * raw_key, - gnutls_x509_privkey_t pkey) +static ASN1_TYPE +decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) { - int result; - ASN1_TYPE dsa_asn; + int result; + ASN1_TYPE dsa_asn; - if ((result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.DSAPrivateKey", - &dsa_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return NULL; + if ((result = + asn1_create_element (_gnutls_get_gnutls_asn (), + "GNUTLS.DSAPrivateKey", + &dsa_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return NULL; } - if ((sizeof(pkey->params) / sizeof(mpi_t)) < DSA_PRIVATE_PARAMS) { - gnutls_assert(); - /* internal error. Increase the mpi_ts in params */ - return NULL; + if ((sizeof (pkey->params) / sizeof (mpi_t)) < DSA_PRIVATE_PARAMS) + { + gnutls_assert (); + /* internal error. Increase the mpi_ts in params */ + return NULL; } - result = - asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; + result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "p", - &pkey->params[0])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params[0])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "q", - &pkey->params[1])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params[1])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "g", - &pkey->params[2])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params[2])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "Y", - &pkey->params[3])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params[3])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "priv", - &pkey->params[4])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "priv", + &pkey->params[4])) < 0) + { + gnutls_assert (); + goto error; } - pkey->params_size = 5; + pkey->params_size = 5; - return dsa_asn; + return dsa_asn; - error: - asn1_delete_structure(&dsa_asn); - _gnutls_mpi_release(&pkey->params[0]); - _gnutls_mpi_release(&pkey->params[1]); - _gnutls_mpi_release(&pkey->params[2]); - _gnutls_mpi_release(&pkey->params[3]); - _gnutls_mpi_release(&pkey->params[4]); - return NULL; +error: + asn1_delete_structure (&dsa_asn); + _gnutls_mpi_release (&pkey->params[0]); + _gnutls_mpi_release (&pkey->params[1]); + _gnutls_mpi_release (&pkey->params[2]); + _gnutls_mpi_release (&pkey->params[3]); + _gnutls_mpi_release (&pkey->params[4]); + return NULL; } @@ -330,99 +352,113 @@ static ASN1_TYPE decode_dsa_key(const gnutls_datum_t * raw_key, * Returns 0 on success. * **/ -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) +int +gnutls_x509_privkey_import (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; - - /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_KEY_RSA, data->data, data->size, - &out); - key->pk_algorithm = GNUTLS_PK_RSA; - - if (result <= 0) { - /* try for the second header */ - result = - _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size, - &out); - key->pk_algorithm = GNUTLS_PK_DSA; - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + int result = 0, need_free = 0; + gnutls_datum_t _data; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + _data.data = data->data; + _data.size = data->size; + + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; + + /* Try the first header */ + result = + _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); + key->pk_algorithm = GNUTLS_PK_RSA; + + if (result <= 0) + { + /* try for the second header */ + result = + _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size, + &out); + key->pk_algorithm = GNUTLS_PK_DSA; + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - if (key->pk_algorithm == GNUTLS_PK_RSA) { - key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key); - if (key->key == NULL) { - gnutls_assert(); - result = GNUTLS_E_ASN1_DER_ERROR; - goto cleanup; + if (key->pk_algorithm == GNUTLS_PK_RSA) + { + key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); + if (key->key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_ASN1_DER_ERROR; + goto cleanup; } - } else if (key->pk_algorithm == GNUTLS_PK_DSA) { - key->key = decode_dsa_key(&_data, key); - if (key->key == NULL) { - gnutls_assert(); - result = GNUTLS_E_ASN1_DER_ERROR; - goto cleanup; + } + else if (key->pk_algorithm == GNUTLS_PK_DSA) + { + key->key = decode_dsa_key (&_data, key); + if (key->key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_ASN1_DER_ERROR; + goto cleanup; } - } else { - /* Try decoding with both, and accept the one that - * succeeds. - */ - key->pk_algorithm = GNUTLS_PK_DSA; - key->key = decode_dsa_key(&_data, key); - - if (key->key == NULL) { - key->pk_algorithm = GNUTLS_PK_RSA; - key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key); - if (key->key == NULL) { - gnutls_assert(); - result = GNUTLS_E_ASN1_DER_ERROR; - goto cleanup; + } + else + { + /* Try decoding with both, and accept the one that + * succeeds. + */ + key->pk_algorithm = GNUTLS_PK_DSA; + key->key = decode_dsa_key (&_data, key); + + if (key->key == NULL) + { + key->pk_algorithm = GNUTLS_PK_RSA; + key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); + if (key->key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_ASN1_DER_ERROR; + goto cleanup; } } } - if (need_free) - _gnutls_free_datum(&_data); + if (need_free) + _gnutls_free_datum (&_data); - /* The key has now been decoded. - */ + /* The key has now been decoded. + */ - return 0; + return 0; - cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + if (need_free) + _gnutls_free_datum (&_data); + return result; } #define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ @@ -444,86 +480,100 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, * to the native gnutls_x509_privkey_t format. The output will be stored in @key. * **/ -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, const gnutls_datum_t * e, const gnutls_datum_t * d, - const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * u) +int +gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u) { - int i = 0, ret; - size_t siz = 0; + int i = 0, ret; + size_t siz = 0; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - siz = m->size; - if (_gnutls_mpi_scan_nz(&key->params[0], m->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = m->size; + if (_gnutls_mpi_scan_nz (&key->params[0], m->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = e->size; - if (_gnutls_mpi_scan_nz(&key->params[1], e->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = e->size; + if (_gnutls_mpi_scan_nz (&key->params[1], e->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = d->size; - if (_gnutls_mpi_scan_nz(&key->params[2], d->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = d->size; + if (_gnutls_mpi_scan_nz (&key->params[2], d->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = p->size; - if (_gnutls_mpi_scan_nz(&key->params[3], p->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = p->size; + if (_gnutls_mpi_scan_nz (&key->params[3], p->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = q->size; - if (_gnutls_mpi_scan_nz(&key->params[4], q->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = q->size; + if (_gnutls_mpi_scan_nz (&key->params[4], q->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } #ifdef CALC_COEFF - key->params[5] = - _gnutls_mpi_snew(_gnutls_mpi_get_nbits(key->params[0])); + key->params[5] = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0])); - if (key->params[5] == NULL) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MEMORY_ERROR; + if (key->params[5] == NULL) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_mpi_invm(key->params[5], key->params[3], key->params[4]); + _gnutls_mpi_invm (key->params[5], key->params[3], key->params[4]); #else - siz = u->size; - if (_gnutls_mpi_scan_nz(&key->params[5], u->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = u->size; + if (_gnutls_mpi_scan_nz (&key->params[5], u->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } #endif - if (!key->crippled) { - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return ret; + if (!key->crippled) + { + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return ret; } } - key->params_size = RSA_PRIVATE_PARAMS; - key->pk_algorithm = GNUTLS_PK_RSA; + key->params_size = RSA_PRIVATE_PARAMS; + key->pk_algorithm = GNUTLS_PK_RSA; - return 0; + return 0; } @@ -540,66 +590,78 @@ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, * to the native gnutls_x509_privkey_t format. The output will be stored in @key. * **/ -int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * g, - const gnutls_datum_t * y, const gnutls_datum_t * x) +int +gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x) { - int i = 0, ret; - size_t siz = 0; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - siz = p->size; - if (_gnutls_mpi_scan_nz(&key->params[0], p->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = q->size; - if (_gnutls_mpi_scan_nz(&key->params[1], q->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = g->size; - if (_gnutls_mpi_scan_nz(&key->params[2], g->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = y->size; - if (_gnutls_mpi_scan_nz(&key->params[3], y->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = x->size; - if (_gnutls_mpi_scan_nz(&key->params[4], x->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - if (!key->crippled) { - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return ret; + int i = 0, ret; + size_t siz = 0; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + siz = p->size; + if (_gnutls_mpi_scan_nz (&key->params[0], p->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = q->size; + if (_gnutls_mpi_scan_nz (&key->params[1], q->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = g->size; + if (_gnutls_mpi_scan_nz (&key->params[2], g->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = y->size; + if (_gnutls_mpi_scan_nz (&key->params[3], y->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = x->size; + if (_gnutls_mpi_scan_nz (&key->params[4], x->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + if (!key->crippled) + { + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return ret; } } - key->params_size = DSA_PRIVATE_PARAMS; - key->pk_algorithm = GNUTLS_PK_DSA; + key->params_size = DSA_PRIVATE_PARAMS; + key->pk_algorithm = GNUTLS_PK_DSA; - return 0; + return 0; } @@ -615,14 +677,16 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, * or a negative value on error. * **/ -int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key) +int +gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key) { - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return key->pk_algorithm; + return key->pk_algorithm; } @@ -649,49 +713,57 @@ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key) * returned, and 0 on success. * **/ -int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) +int +gnutls_x509_privkey_export (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - char *msg; - int ret; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm == GNUTLS_PK_RSA) - msg = PEM_KEY_RSA; - else if (key->pk_algorithm == GNUTLS_PK_DSA) - msg = PEM_KEY_DSA; - else - msg = NULL; - - if (key->crippled) { /* encode the parameters on the fly. + char *msg; + int ret; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm == GNUTLS_PK_RSA) + msg = PEM_KEY_RSA; + else if (key->pk_algorithm == GNUTLS_PK_DSA) + msg = PEM_KEY_DSA; + else + msg = NULL; + + if (key->crippled) + { /* encode the parameters on the fly. */ - switch (key->pk_algorithm) { + switch (key->pk_algorithm) + { case GNUTLS_PK_DSA: - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; case GNUTLS_PK_RSA: - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } } - return _gnutls_x509_export_int(key->key, format, msg, - *output_data_size, output_data, output_data_size); + return _gnutls_x509_export_int (key->key, format, msg, + *output_data_size, output_data, + output_data_size); } @@ -710,93 +782,103 @@ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, * gnutls_malloc() and will be stored in the appropriate datum. * **/ -int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, - gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u) +int +gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u) { - int ret; - mpi_t coeff = NULL; + int ret; + mpi_t coeff = NULL; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - - m->data=e->data=d->data=p->data=q->data=u->data=NULL; - m->size=e->size=d->size=p->size=q->size=u->size=0; - ret = _gnutls_mpi_dprint(m, key->params[0]); - if (ret < 0) { - gnutls_assert(); - goto error; + m->data = e->data = d->data = p->data = q->data = u->data = NULL; + m->size = e->size = d->size = p->size = q->size = u->size = 0; + + ret = _gnutls_mpi_dprint (m, key->params[0]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* E */ - ret = _gnutls_mpi_dprint(e, key->params[1]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* E */ + ret = _gnutls_mpi_dprint (e, key->params[1]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* D */ - ret = _gnutls_mpi_dprint(d, key->params[2]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* D */ + ret = _gnutls_mpi_dprint (d, key->params[2]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* P */ - ret = _gnutls_mpi_dprint(p, key->params[3]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* P */ + ret = _gnutls_mpi_dprint (p, key->params[3]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* Q */ - ret = _gnutls_mpi_dprint(q, key->params[4]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* Q */ + ret = _gnutls_mpi_dprint (q, key->params[4]); + if (ret < 0) + { + gnutls_assert (); + goto error; } #ifdef CALC_COEFF - coeff = - _gnutls_mpi_snew(_gnutls_mpi_get_nbits(key->params[0])); + coeff = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0])); - if (coeff == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; + if (coeff == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; } - _gnutls_mpi_invm(coeff, key->params[4], key->params[3]); - ret = _gnutls_mpi_dprint(u, coeff); - if (ret < 0) { - gnutls_assert(); - goto error; + _gnutls_mpi_invm (coeff, key->params[4], key->params[3]); + ret = _gnutls_mpi_dprint (u, coeff); + if (ret < 0) + { + gnutls_assert (); + goto error; } - _gnutls_mpi_release( &coeff); + _gnutls_mpi_release (&coeff); #else - /* U */ - ret = _gnutls_mpi_dprint(u, key->params[5]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* U */ + ret = _gnutls_mpi_dprint (u, key->params[5]); + if (ret < 0) + { + gnutls_assert (); + goto error; } #endif - return 0; + return 0; error: - _gnutls_free_datum(m); - _gnutls_free_datum(d); - _gnutls_free_datum(e); - _gnutls_free_datum(p); - _gnutls_free_datum(q); - _gnutls_mpi_release( &coeff); - - return ret; + _gnutls_free_datum (m); + _gnutls_free_datum (d); + _gnutls_free_datum (e); + _gnutls_free_datum (p); + _gnutls_free_datum (q); + _gnutls_mpi_release (&coeff); + + return ret; } /** @@ -813,391 +895,422 @@ error: * gnutls_malloc() and will be stored in the appropriate datum. * **/ -int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, - gnutls_datum_t * y, gnutls_datum_t * x) +int +gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * x) { - int ret; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* P */ - ret = _gnutls_mpi_dprint(p, key->params[0]); - if (ret < 0) { - gnutls_assert(); - return ret; + /* P */ + ret = _gnutls_mpi_dprint (p, key->params[0]); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* Q */ - ret = _gnutls_mpi_dprint(q, key->params[1]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - return ret; + /* Q */ + ret = _gnutls_mpi_dprint (q, key->params[1]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + return ret; } - /* G */ - ret = _gnutls_mpi_dprint(g, key->params[2]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(q); - return ret; + /* G */ + ret = _gnutls_mpi_dprint (g, key->params[2]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (q); + return ret; } - /* Y */ - ret = _gnutls_mpi_dprint(y, key->params[3]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(g); - _gnutls_free_datum(q); - return ret; + /* Y */ + ret = _gnutls_mpi_dprint (y, key->params[3]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (g); + _gnutls_free_datum (q); + return ret; } - /* X */ - ret = _gnutls_mpi_dprint(x, key->params[4]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(y); - _gnutls_free_datum(p); - _gnutls_free_datum(g); - _gnutls_free_datum(q); - return ret; + /* X */ + ret = _gnutls_mpi_dprint (x, key->params[4]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (y); + _gnutls_free_datum (p); + _gnutls_free_datum (g); + _gnutls_free_datum (q); + return ret; } - return 0; + return 0; } /* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ -static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params) +static int +_encode_rsa (ASN1_TYPE * c2, mpi_t * params) { - int result, i; - size_t size[8], total; - opaque *m_data, *pube_data, *prie_data; - opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data; - opaque *all_data = NULL, *p; - mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL, u=NULL; - opaque null = '\0'; - - /* Read all the sizes */ - total = 0; - for (i = 0; i < 5; i++) { - _gnutls_mpi_print_lz(NULL, &size[i], params[i]); - total += size[i]; - } - - /* Now generate exp1 and exp2 - */ - exp1 = _gnutls_mpi_salloc_like(params[0]); /* like modulus */ - if (exp1 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - exp2 = _gnutls_mpi_salloc_like(params[0]); - if (exp2 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - q1 = _gnutls_mpi_salloc_like(params[4]); - if (q1 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - p1 = _gnutls_mpi_salloc_like(params[3]); - if (p1 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - u = _gnutls_mpi_salloc_like(params[3]); - if (u == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - _gnutls_mpi_invm(u, params[4], params[3]); - /* inverse of q mod p */ - _gnutls_mpi_print_lz(NULL, &size[5], u); - total += size[5]; - - _gnutls_mpi_sub_ui(p1, params[3], 1); - _gnutls_mpi_sub_ui(q1, params[4], 1); - - _gnutls_mpi_mod(exp1, params[2], p1); - _gnutls_mpi_mod(exp2, params[2], q1); - - - /* calculate exp's size */ - _gnutls_mpi_print_lz(NULL, &size[6], exp1); - total += size[6]; - - _gnutls_mpi_print_lz(NULL, &size[7], exp2); - total += size[7]; - - /* Encoding phase. - * allocate data enough to hold everything - */ - all_data = gnutls_secure_malloc(total); - if (all_data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - p = all_data; - m_data = p; - p += size[0]; - pube_data = p; - p += size[1]; - prie_data = p; - p += size[2]; - p1_data = p; - p += size[3]; - p2_data = p; - p += size[4]; - u_data = p; - p += size[5]; - exp1_data = p; - p += size[6]; - exp2_data = p; - - _gnutls_mpi_print_lz(m_data, &size[0], params[0]); - _gnutls_mpi_print_lz(pube_data, &size[1], params[1]); - _gnutls_mpi_print_lz(prie_data, &size[2], params[2]); - _gnutls_mpi_print_lz(p1_data, &size[3], params[3]); - _gnutls_mpi_print_lz(p2_data, &size[4], params[4]); - _gnutls_mpi_print_lz(u_data, &size[5], u); - _gnutls_mpi_print_lz(exp1_data, &size[6], exp1); - _gnutls_mpi_print_lz(exp2_data, &size[7], exp2); - - /* Ok. Now we have the data. Create the asn1 structures - */ - - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2)) - != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Write PRIME - */ - if ((result = asn1_write_value(*c2, "modulus", - m_data, size[0])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "publicExponent", - pube_data, size[1])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "privateExponent", - prie_data, size[2])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "prime1", - p1_data, size[3])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "prime2", - p2_data, size[4])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "exponent1", - exp1_data, size[6])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "exponent2", - exp2_data, size[7])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "coefficient", - u_data, size[5])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - _gnutls_mpi_release(&exp1); - _gnutls_mpi_release(&exp2); - _gnutls_mpi_release(&q1); - _gnutls_mpi_release(&p1); - _gnutls_mpi_release(&u); - gnutls_free(all_data); - - if ((result = asn1_write_value(*c2, "otherPrimeInfos", - NULL, 0)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "version", - &null, 1)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - return 0; + int result, i; + size_t size[8], total; + opaque *m_data, *pube_data, *prie_data; + opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data; + opaque *all_data = NULL, *p; + mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL, u = NULL; + opaque null = '\0'; + + /* Read all the sizes */ + total = 0; + for (i = 0; i < 5; i++) + { + _gnutls_mpi_print_lz (NULL, &size[i], params[i]); + total += size[i]; + } + + /* Now generate exp1 and exp2 + */ + exp1 = _gnutls_mpi_salloc_like (params[0]); /* like modulus */ + if (exp1 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + exp2 = _gnutls_mpi_salloc_like (params[0]); + if (exp2 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + q1 = _gnutls_mpi_salloc_like (params[4]); + if (q1 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + p1 = _gnutls_mpi_salloc_like (params[3]); + if (p1 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + u = _gnutls_mpi_salloc_like (params[3]); + if (u == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + _gnutls_mpi_invm (u, params[4], params[3]); + /* inverse of q mod p */ + _gnutls_mpi_print_lz (NULL, &size[5], u); + total += size[5]; + + _gnutls_mpi_sub_ui (p1, params[3], 1); + _gnutls_mpi_sub_ui (q1, params[4], 1); + + _gnutls_mpi_mod (exp1, params[2], p1); + _gnutls_mpi_mod (exp2, params[2], q1); + + + /* calculate exp's size */ + _gnutls_mpi_print_lz (NULL, &size[6], exp1); + total += size[6]; + + _gnutls_mpi_print_lz (NULL, &size[7], exp2); + total += size[7]; + + /* Encoding phase. + * allocate data enough to hold everything + */ + all_data = gnutls_secure_malloc (total); + if (all_data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + p = all_data; + m_data = p; + p += size[0]; + pube_data = p; + p += size[1]; + prie_data = p; + p += size[2]; + p1_data = p; + p += size[3]; + p2_data = p; + p += size[4]; + u_data = p; + p += size[5]; + exp1_data = p; + p += size[6]; + exp2_data = p; + + _gnutls_mpi_print_lz (m_data, &size[0], params[0]); + _gnutls_mpi_print_lz (pube_data, &size[1], params[1]); + _gnutls_mpi_print_lz (prie_data, &size[2], params[2]); + _gnutls_mpi_print_lz (p1_data, &size[3], params[3]); + _gnutls_mpi_print_lz (p2_data, &size[4], params[4]); + _gnutls_mpi_print_lz (u_data, &size[5], u); + _gnutls_mpi_print_lz (exp1_data, &size[6], exp1); + _gnutls_mpi_print_lz (exp2_data, &size[7], exp2); + + /* Ok. Now we have the data. Create the asn1 structures + */ + + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2)) + != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Write PRIME + */ + if ((result = asn1_write_value (*c2, "modulus", + m_data, size[0])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "publicExponent", + pube_data, size[1])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "privateExponent", + prie_data, size[2])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "prime1", + p1_data, size[3])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "prime2", + p2_data, size[4])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "exponent1", + exp1_data, size[6])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "exponent2", + exp2_data, size[7])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "coefficient", + u_data, size[5])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + _gnutls_mpi_release (&exp1); + _gnutls_mpi_release (&exp2); + _gnutls_mpi_release (&q1); + _gnutls_mpi_release (&p1); + _gnutls_mpi_release (&u); + gnutls_free (all_data); + + if ((result = asn1_write_value (*c2, "otherPrimeInfos", + NULL, 0)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + return 0; + +cleanup: + _gnutls_mpi_release (&u); + _gnutls_mpi_release (&exp1); + _gnutls_mpi_release (&exp2); + _gnutls_mpi_release (&q1); + _gnutls_mpi_release (&p1); + asn1_delete_structure (c2); + gnutls_free (all_data); - cleanup: - _gnutls_mpi_release(&u); - _gnutls_mpi_release(&exp1); - _gnutls_mpi_release(&exp2); - _gnutls_mpi_release(&q1); - _gnutls_mpi_release(&p1); - asn1_delete_structure(c2); - gnutls_free(all_data); - - return result; + return result; } /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. */ -static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params) +static int +_encode_dsa (ASN1_TYPE * c2, mpi_t * params) { - int result, i; - size_t size[DSA_PRIVATE_PARAMS], total; - opaque *p_data, *q_data, *g_data, *x_data, *y_data; - opaque *all_data = NULL, *p; - opaque null = '\0'; - - /* Read all the sizes */ - total = 0; - for (i = 0; i < DSA_PRIVATE_PARAMS; i++) { - _gnutls_mpi_print_lz(NULL, &size[i], params[i]); - total += size[i]; - } - - /* Encoding phase. - * allocate data enough to hold everything - */ - all_data = gnutls_secure_malloc(total); - if (all_data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - p = all_data; - p_data = p; - p += size[0]; - q_data = p; - p += size[1]; - g_data = p; - p += size[2]; - y_data = p; - p += size[3]; - x_data = p; - - _gnutls_mpi_print_lz(p_data, &size[0], params[0]); - _gnutls_mpi_print_lz(q_data, &size[1], params[1]); - _gnutls_mpi_print_lz(g_data, &size[2], params[2]); - _gnutls_mpi_print_lz(y_data, &size[3], params[3]); - _gnutls_mpi_print_lz(x_data, &size[4], params[4]); - - /* Ok. Now we have the data. Create the asn1 structures - */ - - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2)) - != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Write PRIME - */ - if ((result = asn1_write_value(*c2, "p", - p_data, size[0])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "q", - q_data, size[1])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "g", - g_data, size[2])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "Y", - y_data, size[3])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "priv", - x_data, size[4])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - gnutls_free(all_data); - - if ((result = asn1_write_value(*c2, "version", - &null, 1)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - return 0; - - cleanup: - asn1_delete_structure(c2); - gnutls_free(all_data); - - return result; + int result, i; + size_t size[DSA_PRIVATE_PARAMS], total; + opaque *p_data, *q_data, *g_data, *x_data, *y_data; + opaque *all_data = NULL, *p; + opaque null = '\0'; + + /* Read all the sizes */ + total = 0; + for (i = 0; i < DSA_PRIVATE_PARAMS; i++) + { + _gnutls_mpi_print_lz (NULL, &size[i], params[i]); + total += size[i]; + } + + /* Encoding phase. + * allocate data enough to hold everything + */ + all_data = gnutls_secure_malloc (total); + if (all_data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + p = all_data; + p_data = p; + p += size[0]; + q_data = p; + p += size[1]; + g_data = p; + p += size[2]; + y_data = p; + p += size[3]; + x_data = p; + + _gnutls_mpi_print_lz (p_data, &size[0], params[0]); + _gnutls_mpi_print_lz (q_data, &size[1], params[1]); + _gnutls_mpi_print_lz (g_data, &size[2], params[2]); + _gnutls_mpi_print_lz (y_data, &size[3], params[3]); + _gnutls_mpi_print_lz (x_data, &size[4], params[4]); + + /* Ok. Now we have the data. Create the asn1 structures + */ + + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2)) + != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Write PRIME + */ + if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "priv", + x_data, size[4])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + gnutls_free (all_data); + + if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + return 0; + +cleanup: + asn1_delete_structure (c2); + gnutls_free (all_data); + + return result; } @@ -1214,69 +1327,79 @@ static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params) * Returns 0 on success or a negative value on error. * **/ -int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, unsigned int bits, unsigned int flags) +int +gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, unsigned int bits, + unsigned int flags) { - int ret, params_len; - int i; + int ret, params_len; + int i; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - switch (algo) { + switch (algo) + { case GNUTLS_PK_DSA: - ret = _gnutls_dsa_generate_params(key->params, ¶ms_len, bits); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits); + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (!key->crippled) { - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + if (!key->crippled) + { + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } } - key->params_size = params_len; - key->pk_algorithm = GNUTLS_PK_DSA; + key->params_size = params_len; + key->pk_algorithm = GNUTLS_PK_DSA; - break; + break; case GNUTLS_PK_RSA: - ret = _gnutls_rsa_generate_params(key->params, ¶ms_len, bits); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits); + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (!key->crippled) { - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + if (!key->crippled) + { + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } } - key->params_size = params_len; - key->pk_algorithm = GNUTLS_PK_RSA; + key->params_size = params_len; + key->pk_algorithm = GNUTLS_PK_RSA; - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return 0; + return 0; - cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - key->params_size = 0; - for (i = 0; i < params_len; i++) - _gnutls_mpi_release(&key->params[i]); +cleanup: + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->params_size = 0; + for (i = 0; i < params_len; i++) + _gnutls_mpi_release (&key->params[i]); - return ret; + return ret; } /** @@ -1300,63 +1423,72 @@ int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, * returned, and 0 on success. * **/ -int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) +int +gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { - int result; - GNUTLS_HASH_HANDLE hd; - gnutls_datum_t der = { NULL, 0 }; - - if (key == NULL || key->crippled) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (*output_data_size < 20) { - gnutls_assert(); - *output_data_size = 20; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - if (key->pk_algorithm == GNUTLS_PK_RSA) { - result = - _gnutls_x509_write_rsa_params(key->params, key->params_size, - &der); - if (result < 0) { - gnutls_assert(); - goto cleanup; + int result; + GNUTLS_HASH_HANDLE hd; + gnutls_datum_t der = { NULL, 0 }; + + if (key == NULL || key->crippled) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (*output_data_size < 20) + { + gnutls_assert (); + *output_data_size = 20; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + if (key->pk_algorithm == GNUTLS_PK_RSA) + { + result = + _gnutls_x509_write_rsa_params (key->params, key->params_size, &der); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else if (key->pk_algorithm == GNUTLS_PK_DSA) { - result = - _gnutls_x509_write_dsa_public_key(key->params, - key->params_size, &der); - if (result < 0) { - gnutls_assert(); - goto cleanup; + } + else if (key->pk_algorithm == GNUTLS_PK_DSA) + { + result = + _gnutls_x509_write_dsa_public_key (key->params, + key->params_size, &der); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else - return GNUTLS_E_INTERNAL_ERROR; + } + else + return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (hd == GNUTLS_HASH_FAILED) { - gnutls_assert(); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; + hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (hd == GNUTLS_HASH_FAILED) + { + gnutls_assert (); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } - _gnutls_hash(hd, der.data, der.size); + _gnutls_hash (hd, der.data, der.size); - _gnutls_hash_deinit(hd, output_data); - *output_data_size = 20; + _gnutls_hash_deinit (hd, output_data); + *output_data_size = 20; - result = 0; + result = 0; - cleanup: +cleanup: - _gnutls_free_datum(&der); - return result; + _gnutls_free_datum (&der); + return result; } #ifdef ENABLE_PKI @@ -1384,38 +1516,42 @@ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, * 0 on success. * **/ -int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, size_t * signature_size) +int +gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, size_t * signature_size) { - int result; - gnutls_datum_t sig = { NULL, 0 }; + int result; + gnutls_datum_t sig = { NULL, 0 }; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_sign(data, digest, key, &sig); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_sign (data, digest, key, &sig); + if (result < 0) + { + gnutls_assert (); + return result; } - if (*signature_size < sig.size) { - *signature_size = sig.size; - _gnutls_free_datum(&sig); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (*signature_size < sig.size) + { + *signature_size = sig.size; + _gnutls_free_datum (&sig); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *signature_size = sig.size; - memcpy(signature, sig.data, sig.size); + *signature_size = sig.size; + memcpy (signature, sig.data, sig.size); - _gnutls_free_datum(&sig); + _gnutls_free_datum (&sig); - return 0; + return 0; } /** @@ -1432,25 +1568,28 @@ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, * 1 on success. * **/ -int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +int +gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { - int result; + int result; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_privkey_verify_signature(data, signature, key); - if (result < 0) { - gnutls_assert(); - return 0; + result = _gnutls_x509_privkey_verify_signature (data, signature, key); + if (result < 0) + { + gnutls_assert (); + return 0; } - return result; + return result; } /** @@ -1464,37 +1603,43 @@ int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, * returned, and 0 on success. * **/ -int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key) +int +gnutls_x509_privkey_fix (gnutls_x509_privkey_t key) { - int ret; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (!key->crippled) asn1_delete_structure(&key->key); - switch (key->pk_algorithm) { - case GNUTLS_PK_DSA: - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - case GNUTLS_PK_RSA: - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (!key->crippled) + asn1_delete_structure (&key->key); + switch (key->pk_algorithm) + { + case GNUTLS_PK_DSA: + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_RSA: + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return 0; + return 0; } #endif diff --git a/lib/x509/privkey.h b/lib/x509/privkey.h index 60ea116ba0..0100aeec3a 100644 --- a/lib/x509/privkey.h +++ b/lib/x509/privkey.h @@ -24,5 +24,6 @@ #include <gnutls/x509.h> -ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t *raw_key, - gnutls_x509_privkey_t pkey); +ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * + raw_key, + gnutls_x509_privkey_t pkey); diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 1e16df7541..0e1e021327 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -54,49 +54,51 @@ #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1" #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6" -struct pbkdf2_params { - opaque salt[32]; - int salt_size; - unsigned int iter_count; - unsigned int key_size; +struct pbkdf2_params +{ + opaque salt[32]; + int salt_size; + unsigned int iter_count; + unsigned int key_size; }; -struct pbe_enc_params { - gnutls_cipher_algorithm_t cipher; - opaque iv[8]; - int iv_size; +struct pbe_enc_params +{ + gnutls_cipher_algorithm_t cipher; + opaque iv[8]; + int iv_size; }; -static int generate_key(schema_id schema, const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, - gnutls_datum_t * key); -static int read_pbkdf2_params(ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, - struct pbkdf2_params *params); -static int read_pbe_enc_params(ASN1_TYPE pbes2_asn, +static int generate_key (schema_id schema, const char *password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, + gnutls_datum_t * key); +static int read_pbkdf2_params (ASN1_TYPE pbes2_asn, const gnutls_datum_t * der, - struct pbe_enc_params *params); -static int decrypt_data(schema_id, ASN1_TYPE pkcs8_asn, const char *root, - const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * decrypted_data); -static int decode_private_key_info(const gnutls_datum_t * der, - gnutls_x509_privkey_t pkey, - ASN1_TYPE * out); -static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params); -static int encrypt_data(const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * key, gnutls_datum_t * encrypted); - -static int read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, - struct pbkdf2_params *params); -static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, - const struct pbkdf2_params *params); + struct pbkdf2_params *params); +static int read_pbe_enc_params (ASN1_TYPE pbes2_asn, + const gnutls_datum_t * der, + struct pbe_enc_params *params); +static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root, + const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * decrypted_data); +static int decode_private_key_info (const gnutls_datum_t * der, + gnutls_x509_privkey_t pkey, + ASN1_TYPE * out); +static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params); +static int encrypt_data (const gnutls_datum_t * plain, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * key, gnutls_datum_t * encrypted); + +static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, + struct pbkdf2_params *params); +static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, + const struct pbkdf2_params *params); #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY" @@ -104,25 +106,25 @@ static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, /* Returns a negative error code if the encryption schema in * the OID is not supported. The schema ID is returned. */ -inline static int check_schema(const char *oid) +inline static int +check_schema (const char *oid) { - if (strcmp(oid, PBES2_OID) == 0) - return PBES2; + if (strcmp (oid, PBES2_OID) == 0) + return PBES2; - if (strcmp(oid, PKCS12_PBE_3DES_SHA1_OID) == 0) - return PKCS12_3DES_SHA1; + if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0) + return PKCS12_3DES_SHA1; - if (strcmp(oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0) - return PKCS12_ARCFOUR_SHA1; + if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0) + return PKCS12_ARCFOUR_SHA1; - if (strcmp(oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0) - return PKCS12_RC2_40_SHA1; + if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0) + return PKCS12_RC2_40_SHA1; - _gnutls_x509_log("PKCS encryption schema OID '%s' is unsupported.\n", - oid); + _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid); - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; + return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } /* @@ -130,247 +132,265 @@ inline static int check_schema(const char *oid) * info. The output will be allocated and stored into der. Also * the ASN1_TYPE of private key info will be returned. */ -static int encode_to_private_key_info(gnutls_x509_privkey_t pkey, - gnutls_datum_t * der, - ASN1_TYPE * pkey_info) +static int +encode_to_private_key_info (gnutls_x509_privkey_t pkey, + gnutls_datum_t * der, ASN1_TYPE * pkey_info) { - int result, len; - size_t size; - opaque *data = NULL; - opaque null = 0; - - if (pkey->pk_algorithm != GNUTLS_PK_RSA) { - gnutls_assert(); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-PrivateKeyInfo", - pkey_info)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Write the version. - */ - result = asn1_write_value(*pkey_info, "version", &null, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* write the privateKeyAlgorithm - * fields. (OID+NULL data) - */ - result = - asn1_write_value(*pkey_info, "privateKeyAlgorithm.algorithm", - PK_PKIX1_RSA_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - result = - asn1_write_value(*pkey_info, "privateKeyAlgorithm.parameters", - NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Write the raw private key - */ - size = 0; - result = - gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, NULL, &size); - if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - goto error; - } - - data = gnutls_alloca(size); - if (data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - - result = - gnutls_x509_privkey_export(pkey, GNUTLS_X509_FMT_DER, data, &size); - if (result < 0) { - gnutls_assert(); - goto error; - } - - result = asn1_write_value(*pkey_info, "privateKey", data, size); - - gnutls_afree(data); - data = NULL; - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Append an empty Attributes field. - */ - result = asn1_write_value(*pkey_info, "attributes", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* DER Encode the generated private key info. - */ - len = 0; - result = asn1_der_coding(*pkey_info, "", NULL, &len, NULL); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* allocate data for the der - */ - der->size = len; - der->data = gnutls_malloc(len); - if (der->data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + int result, len; + size_t size; + opaque *data = NULL; + opaque null = 0; + + if (pkey->pk_algorithm != GNUTLS_PK_RSA) + { + gnutls_assert (); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } + + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-8-PrivateKeyInfo", + pkey_info)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Write the version. + */ + result = asn1_write_value (*pkey_info, "version", &null, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* write the privateKeyAlgorithm + * fields. (OID+NULL data) + */ + result = + asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", + PK_PKIX1_RSA_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + result = + asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Write the raw private key + */ + size = 0; + result = + gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); + if (result != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_assert (); + goto error; + } + + data = gnutls_alloca (size); + if (data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto error; + } + + + result = + gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + result = asn1_write_value (*pkey_info, "privateKey", data, size); + + gnutls_afree (data); + data = NULL; + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Append an empty Attributes field. + */ + result = asn1_write_value (*pkey_info, "attributes", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* DER Encode the generated private key info. + */ + len = 0; + result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* allocate data for the der + */ + der->size = len; + der->data = gnutls_malloc (len); + if (der->data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + return 0; + +error: + asn1_delete_structure (pkey_info); + if (data != NULL) + { + gnutls_afree (data); } - - result = asn1_der_coding(*pkey_info, "", der->data, &len, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - return 0; - - error: - asn1_delete_structure(pkey_info); - if (data != NULL) { - gnutls_afree(data); - } - return result; + return result; } /* Converts a PKCS #8 private key info to * a PKCS #8 EncryptedPrivateKeyInfo. */ -static -int encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, - const char *password, ASN1_TYPE * out) +static int +encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, + const char *password, ASN1_TYPE * out) { - int result; - gnutls_datum_t key = { NULL, 0 }; - gnutls_datum_t tmp = { NULL, 0 }; - ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; - struct pbkdf2_params kdf_params; - struct pbe_enc_params enc_params; - - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Write the encryption schema OID - */ - switch (schema) { + int result; + gnutls_datum_t key = { NULL, 0 }; + gnutls_datum_t tmp = { NULL, 0 }; + ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; + struct pbkdf2_params kdf_params; + struct pbe_enc_params enc_params; + + + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Write the encryption schema OID + */ + switch (schema) + { case PBES2: - result = - asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - PBES2_OID, 1); - break; + result = + asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", + PBES2_OID, 1); + break; case PKCS12_3DES_SHA1: - result = - asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - PKCS12_PBE_3DES_SHA1_OID, 1); - break; + result = + asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", + PKCS12_PBE_3DES_SHA1_OID, 1); + break; case PKCS12_ARCFOUR_SHA1: - result = - asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - PKCS12_PBE_ARCFOUR_SHA1_OID, 1); - break; + result = + asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", + PKCS12_PBE_ARCFOUR_SHA1_OID, 1); + break; case PKCS12_RC2_40_SHA1: - result = - asn1_write_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - PKCS12_PBE_RC2_40_SHA1_OID, 1); - break; + result = + asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", + PKCS12_PBE_RC2_40_SHA1_OID, 1); + break; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - /* Generate a symmetric key. - */ + /* Generate a symmetric key. + */ - result = - generate_key(schema, password, &kdf_params, &enc_params, &key); - if (result < 0) { - gnutls_assert(); - goto error; + result = generate_key (schema, password, &kdf_params, &enc_params, &key); + if (result < 0) + { + gnutls_assert (); + goto error; } - result = - write_schema_params(schema, pkcs8_asn, - "encryptionAlgorithm.parameters", &kdf_params, - &enc_params); - if (result < 0) { - gnutls_assert(); - goto error; + result = + write_schema_params (schema, pkcs8_asn, + "encryptionAlgorithm.parameters", &kdf_params, + &enc_params); + if (result < 0) + { + gnutls_assert (); + goto error; } - /* Parameters have been encoded. Now - * encrypt the Data. - */ - result = encrypt_data(der_key, &enc_params, &key, &tmp); - if (result < 0) { - gnutls_assert(); - goto error; + /* Parameters have been encoded. Now + * encrypt the Data. + */ + result = encrypt_data (der_key, &enc_params, &key, &tmp); + if (result < 0) + { + gnutls_assert (); + goto error; } - /* write the encrypted data. - */ - result = - asn1_write_value(pkcs8_asn, "encryptedData", tmp.data, tmp.size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* write the encrypted data. + */ + result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - _gnutls_free_datum(&tmp); - _gnutls_free_datum(&key); + _gnutls_free_datum (&tmp); + _gnutls_free_datum (&key); - *out = pkcs8_asn; + *out = pkcs8_asn; - return 0; + return 0; - error: - _gnutls_free_datum(&key); - _gnutls_free_datum(&tmp); - asn1_delete_structure(&pkcs8_asn); - return result; +error: + _gnutls_free_datum (&key); + _gnutls_free_datum (&tmp); + asn1_delete_structure (&pkcs8_asn); + return result; } @@ -405,198 +425,220 @@ int encode_to_pkcs8_key(schema_id schema, const gnutls_datum_t * der_key, * returned, and 0 on success. * **/ -int gnutls_x509_privkey_export_pkcs8(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size) +int +gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size) { - ASN1_TYPE pkcs8_asn, pkey_info; - int ret; - gnutls_datum_t tmp; - schema_id schema; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - /* Get the private key info - * tmp holds the DER encoding. - */ - ret = encode_to_private_key_info(key, &tmp, &pkey_info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - if (flags & GNUTLS_PKCS_USE_PKCS12_3DES) - schema = PKCS12_3DES_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) - schema = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) - schema = PKCS12_RC2_40_SHA1; - else - schema = PBES2; - - - if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) { - _gnutls_free_datum(&tmp); - - ret = - _gnutls_x509_export_int(pkey_info, format, - PEM_UNENCRYPTED_PKCS8, - *output_data_size, output_data, - output_data_size); - - asn1_delete_structure(&pkey_info); - } else { - asn1_delete_structure(&pkey_info); /* we don't need it */ - - ret = encode_to_pkcs8_key(schema, &tmp, password, &pkcs8_asn); - _gnutls_free_datum(&tmp); - - if (ret < 0) { - gnutls_assert(); - return ret; + ASN1_TYPE pkcs8_asn, pkey_info; + int ret; + gnutls_datum_t tmp; + schema_id schema; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + /* Get the private key info + * tmp holds the DER encoding. + */ + ret = encode_to_private_key_info (key, &tmp, &pkey_info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + if (flags & GNUTLS_PKCS_USE_PKCS12_3DES) + schema = PKCS12_3DES_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) + schema = PKCS12_ARCFOUR_SHA1; + else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) + schema = PKCS12_RC2_40_SHA1; + else + schema = PBES2; + + + if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) + { + _gnutls_free_datum (&tmp); + + ret = + _gnutls_x509_export_int (pkey_info, format, + PEM_UNENCRYPTED_PKCS8, + *output_data_size, output_data, + output_data_size); + + asn1_delete_structure (&pkey_info); + } + else + { + asn1_delete_structure (&pkey_info); /* we don't need it */ + + ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); + _gnutls_free_datum (&tmp); + + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = - _gnutls_x509_export_int(pkcs8_asn, format, PEM_PKCS8, - *output_data_size, output_data, - output_data_size); + ret = + _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8, + *output_data_size, output_data, + output_data_size); - asn1_delete_structure(&pkcs8_asn); + asn1_delete_structure (&pkcs8_asn); } - return ret; + return ret; } /* Read the parameters cipher, IV, salt etc using the given * schema ID. */ -static -int read_pkcs_schema_params(schema_id schema, const char *password, - const opaque * data, int data_size, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params) +static int +read_pkcs_schema_params (schema_id schema, const char *password, + const opaque * data, int data_size, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params) { - ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; - int result; - gnutls_datum_t tmp; + ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; + int result; + gnutls_datum_t tmp; - switch (schema) { + switch (schema) + { case PBES2: - /* Now check the key derivation and the encryption - * functions. - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBES2-params", - &pbes2_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* Now check the key derivation and the encryption + * functions. + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-PBES2-params", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - /* Decode the parameters. - */ - result = asn1_der_decoding(&pbes2_asn, data, data_size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* Decode the parameters. + */ + result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - tmp.data = (opaque *) data; - tmp.size = data_size; + tmp.data = (opaque *) data; + tmp.size = data_size; - result = read_pbkdf2_params(pbes2_asn, &tmp, kdf_params); - if (result < 0) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params); + if (result < 0) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - result = read_pbe_enc_params(pbes2_asn, &tmp, enc_params); - if (result < 0) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params); + if (result < 0) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - asn1_delete_structure(&pbes2_asn); - return 0; - break; + asn1_delete_structure (&pbes2_asn); + return 0; + break; case PKCS12_3DES_SHA1: case PKCS12_ARCFOUR_SHA1: case PKCS12_RC2_40_SHA1: - if ((schema) == PKCS12_3DES_SHA1) { - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - enc_params->iv_size = 8; - } else if ((schema) == PKCS12_ARCFOUR_SHA1) { - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; - enc_params->iv_size = 0; - } else if ((schema) == PKCS12_RC2_40_SHA1) { - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; - enc_params->iv_size = 8; + if ((schema) == PKCS12_3DES_SHA1) + { + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + enc_params->iv_size = 8; + } + else if ((schema) == PKCS12_ARCFOUR_SHA1) + { + enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + enc_params->iv_size = 0; + } + else if ((schema) == PKCS12_RC2_40_SHA1) + { + enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + enc_params->iv_size = 8; } - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-PbeParams", - &pbes2_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-PbeParams", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - /* Decode the parameters. - */ - result = asn1_der_decoding(&pbes2_asn, data, data_size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* Decode the parameters. + */ + result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - result = read_pkcs12_kdf_params(pbes2_asn, kdf_params); - if (result < 0) { - gnutls_assert(); - goto error; + result = read_pkcs12_kdf_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; } - if (enc_params->iv_size) { - result = - _pkcs12_string_to_key(2 /*IV*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - enc_params->iv_size, enc_params->iv); - if (result < 0) { - gnutls_assert(); - goto error; + if (enc_params->iv_size) + { + result = + _pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + enc_params->iv_size, enc_params->iv); + if (result < 0) + { + gnutls_assert (); + goto error; } } - asn1_delete_structure(&pbes2_asn); + asn1_delete_structure (&pbes2_asn); - return 0; - break; + return 0; + break; } /* switch */ - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; + return GNUTLS_E_UNKNOWN_CIPHER_TYPE; - error: - asn1_delete_structure(&pbes2_asn); - return result; +error: + asn1_delete_structure (&pbes2_asn); + return result; } @@ -604,202 +646,216 @@ int read_pkcs_schema_params(schema_id schema, const char *password, * an internal structure (gnutls_private_key) * (normally a PKCS #1 encoded RSA key) */ -static -int decode_pkcs8_key(const gnutls_datum_t * raw_key, - const char *password, - gnutls_x509_privkey_t pkey, ASN1_TYPE * out) +static int +decode_pkcs8_key (const gnutls_datum_t * raw_key, + const char *password, + gnutls_x509_privkey_t pkey, ASN1_TYPE * out) { - int result, len; - char enc_oid[64]; - gnutls_datum_t tmp; - ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY; - ASN1_TYPE ret_asn; - int params_start, params_end, params_len; - struct pbkdf2_params kdf_params; - struct pbe_enc_params enc_params; - schema_id schema; - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - result = - asn1_der_decoding(&pkcs8_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Check the encryption schema OID - */ - len = sizeof(enc_oid); - result = - asn1_read_value(pkcs8_asn, "encryptionAlgorithm.algorithm", - enc_oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; - } - - if ((result = check_schema(enc_oid)) < 0) { - gnutls_assert(); - goto error; - } - - schema = result; - - /* Get the DER encoding of the parameters. - */ - result = - asn1_der_decoding_startEnd(pkcs8_asn, raw_key->data, - raw_key->size, - "encryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - params_len = params_end - params_start + 1; - - result = - read_pkcs_schema_params(schema, password, - &raw_key->data[params_start], - params_len, &kdf_params, &enc_params); - - - /* Parameters have been decoded. Now - * decrypt the EncryptedData. - */ - result = - decrypt_data(schema, pkcs8_asn, "encryptedData", password, - &kdf_params, &enc_params, &tmp); - if (result < 0) { - gnutls_assert(); - goto error; - } - - asn1_delete_structure(&pkcs8_asn); - - result = decode_private_key_info(&tmp, pkey, &ret_asn); - _gnutls_free_datum(&tmp); - - if (result < 0) { - gnutls_assert(); - goto error; - } - - *out = ret_asn; - - return 0; - - error: - asn1_delete_structure(&pbes2_asn); - asn1_delete_structure(&pkcs8_asn); - return result; + int result, len; + char enc_oid[64]; + gnutls_datum_t tmp; + ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY; + ASN1_TYPE ret_asn; + int params_start, params_end, params_len; + struct pbkdf2_params kdf_params; + struct pbe_enc_params enc_params; + schema_id schema; + + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Check the encryption schema OID + */ + len = sizeof (enc_oid); + result = + asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm", + enc_oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; + } + + if ((result = check_schema (enc_oid)) < 0) + { + gnutls_assert (); + goto error; + } + + schema = result; + + /* Get the DER encoding of the parameters. + */ + result = + asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data, + raw_key->size, + "encryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + params_len = params_end - params_start + 1; + + result = + read_pkcs_schema_params (schema, password, + &raw_key->data[params_start], + params_len, &kdf_params, &enc_params); + + + /* Parameters have been decoded. Now + * decrypt the EncryptedData. + */ + result = + decrypt_data (schema, pkcs8_asn, "encryptedData", password, + &kdf_params, &enc_params, &tmp); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + asn1_delete_structure (&pkcs8_asn); + + result = decode_private_key_info (&tmp, pkey, &ret_asn); + _gnutls_free_datum (&tmp); + + if (result < 0) + { + gnutls_assert (); + goto error; + } + + *out = ret_asn; + + return 0; + +error: + asn1_delete_structure (&pbes2_asn); + asn1_delete_structure (&pkcs8_asn); + return result; } -static -int decode_private_key_info(const gnutls_datum_t * der, - gnutls_x509_privkey_t pkey, ASN1_TYPE * out) +static int +decode_private_key_info (const gnutls_datum_t * der, + gnutls_x509_privkey_t pkey, ASN1_TYPE * out) { - int result, len; - opaque oid[64], *data = NULL; - gnutls_datum_t tmp; - ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; - ASN1_TYPE ret_asn; - int data_size; + int result, len; + opaque oid[64], *data = NULL; + gnutls_datum_t tmp; + ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; + ASN1_TYPE ret_asn; + int data_size; - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-8-PrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-8-PrivateKeyInfo", + &pkcs8_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - result = asn1_der_decoding(&pkcs8_asn, der->data, der->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; + result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; } - /* Check the private key algorithm OID - */ - len = sizeof(oid); - result = - asn1_read_value(pkcs8_asn, "privateKeyAlgorithm.algorithm", - oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* Check the private key algorithm OID + */ + len = sizeof (oid); + result = + asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - /* we only support RSA private keys. - */ - if (strcmp(oid, PK_PKIX1_RSA_OID) != 0) { - gnutls_assert(); - _gnutls_x509_log - ("PKCS #8 private key OID '%s' is unsupported.\n", oid); - result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; - goto error; + /* we only support RSA private keys. + */ + if (strcmp (oid, PK_PKIX1_RSA_OID) != 0) + { + gnutls_assert (); + _gnutls_x509_log + ("PKCS #8 private key OID '%s' is unsupported.\n", oid); + result = GNUTLS_E_UNKNOWN_PK_ALGORITHM; + goto error; } - /* Get the DER encoding of the actual private key. - */ - data_size = 0; - result = asn1_read_value(pkcs8_asn, "privateKey", NULL, &data_size); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* Get the DER encoding of the actual private key. + */ + data_size = 0; + result = asn1_read_value (pkcs8_asn, "privateKey", NULL, &data_size); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - data = gnutls_alloca(data_size); - if (data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto error; + data = gnutls_alloca (data_size); + if (data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto error; } - result = asn1_read_value(pkcs8_asn, "privateKey", data, &data_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + result = asn1_read_value (pkcs8_asn, "privateKey", data, &data_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - asn1_delete_structure(&pkcs8_asn); + asn1_delete_structure (&pkcs8_asn); - tmp.data = data; - tmp.size = data_size; + tmp.data = data; + tmp.size = data_size; - pkey->pk_algorithm = GNUTLS_PK_RSA; + pkey->pk_algorithm = GNUTLS_PK_RSA; - ret_asn = _gnutls_privkey_decode_pkcs1_rsa_key(&tmp, pkey); - if (ret_asn == NULL) { - gnutls_assert(); + ret_asn = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey); + if (ret_asn == NULL) + { + gnutls_assert (); } - *out = ret_asn; + *out = ret_asn; - return 0; + return 0; - error: - asn1_delete_structure(&pkcs8_asn); - if (data != NULL) { - gnutls_afree(data); +error: + asn1_delete_structure (&pkcs8_asn); + if (data != NULL) + { + gnutls_afree (data); } - return result; + return result; } @@ -826,1122 +882,1220 @@ int decode_private_key_info(const gnutls_datum_t * der, * Returns 0 on success. * **/ -int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags) +int +gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *password, unsigned int flags) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - int encrypted; + int result = 0, need_free = 0; + gnutls_datum_t _data; + int encrypted; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - _data.data = data->data; - _data.size = data->size; + _data.data = data->data; + _data.size = data->size; - key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->pk_algorithm = GNUTLS_PK_UNKNOWN; - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; - /* Try the first header - */ - result = - _gnutls_fbase64_decode(PEM_UNENCRYPTED_PKCS8, - data->data, data->size, &out); - encrypted = 0; + /* Try the first header + */ + result = + _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8, + data->data, data->size, &out); + encrypted = 0; - if (result < 0) { /* Try the encrypted header + if (result < 0) + { /* Try the encrypted header */ - result = - _gnutls_fbase64_decode(PEM_PKCS8, data->data, - data->size, &out); - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + result = + _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } - encrypted = 1; + encrypted = 1; } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - if (flags & GNUTLS_PKCS_PLAIN) { - result = decode_private_key_info(&_data, key, &key->key); - } else { /* encrypted. */ - result = decode_pkcs8_key(&_data, password, key, &key->key); + if (flags & GNUTLS_PKCS_PLAIN) + { + result = decode_private_key_info (&_data, key, &key->key); + } + else + { /* encrypted. */ + result = decode_pkcs8_key (&_data, password, key, &key->key); } - if (result < 0) { - gnutls_assert(); - goto cleanup; + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - if (need_free) - _gnutls_free_datum(&_data); + if (need_free) + _gnutls_free_datum (&_data); - /* The key has now been decoded. - */ + /* The key has now been decoded. + */ - return 0; + return 0; - cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + if (need_free) + _gnutls_free_datum (&_data); + return result; } /* Reads the PBKDF2 parameters. */ -static int read_pbkdf2_params(ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, - struct pbkdf2_params *params) +static int +read_pbkdf2_params (ASN1_TYPE pbes2_asn, + const gnutls_datum_t * der, struct pbkdf2_params *params) { - int params_start, params_end; - int params_len, len, result; - ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; - char oid[64]; - - memset(params, 0, sizeof(params)); - - /* Check the key derivation algorithm - */ - len = sizeof(oid); - result = - asn1_read_value(pbes2_asn, "keyDerivationFunc.algorithm", oid, - &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - _gnutls_hard_log("keyDerivationFunc.algorithm: %s\n", oid); - - if (strcmp(oid, PBKDF2_OID) != 0) { - gnutls_assert(); - _gnutls_x509_log - ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); - return _gnutls_asn2err(result); - } - - result = - asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size, - "keyDerivationFunc.parameters", - ¶ms_start, ¶ms_end); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - params_len = params_end - params_start + 1; - - /* Now check the key derivation and the encryption - * functions. - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBKDF2-params", - &pbkdf2_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = - asn1_der_decoding(&pbkdf2_asn, &der->data[params_start], - params_len, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* read the salt */ - params->salt_size = sizeof(params->salt); - result = - asn1_read_value(pbkdf2_asn, "salt.specified", params->salt, - ¶ms->salt_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - _gnutls_hard_log("salt.specified.size: %d\n", params->salt_size); - - /* read the iteration count - */ - result = - _gnutls_x509_read_uint(pbkdf2_asn, "iterationCount", - ¶ms->iter_count); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; - } - _gnutls_hard_log("iterationCount: %d\n", params->iter_count); - - /* read the keylength, if it is set. - */ - result = - _gnutls_x509_read_uint(pbkdf2_asn, "keyLength", ¶ms->key_size); - if (result < 0) { - params->key_size = 0; - } - _gnutls_hard_log("keyLength: %d\n", params->key_size); - - /* We don't read the PRF. We only use the default. - */ - - return 0; - - error: - asn1_delete_structure(&pbkdf2_asn); - return result; + int params_start, params_end; + int params_len, len, result; + ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; + char oid[64]; + + memset (params, 0, sizeof (params)); + + /* Check the key derivation algorithm + */ + len = sizeof (oid); + result = + asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid); + + if (strcmp (oid, PBKDF2_OID) != 0) + { + gnutls_assert (); + _gnutls_x509_log + ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid); + return _gnutls_asn2err (result); + } + + result = + asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, + "keyDerivationFunc.parameters", + ¶ms_start, ¶ms_end); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + params_len = params_end - params_start + 1; + + /* Now check the key derivation and the encryption + * functions. + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-PBKDF2-params", + &pbkdf2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = + asn1_der_decoding (&pbkdf2_asn, &der->data[params_start], + params_len, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* read the salt */ + params->salt_size = sizeof (params->salt); + result = + asn1_read_value (pbkdf2_asn, "salt.specified", params->salt, + ¶ms->salt_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size); + + /* read the iteration count + */ + result = + _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount", + ¶ms->iter_count); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; + } + _gnutls_hard_log ("iterationCount: %d\n", params->iter_count); + + /* read the keylength, if it is set. + */ + result = + _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", ¶ms->key_size); + if (result < 0) + { + params->key_size = 0; + } + _gnutls_hard_log ("keyLength: %d\n", params->key_size); + + /* We don't read the PRF. We only use the default. + */ + + return 0; + +error: + asn1_delete_structure (&pbkdf2_asn); + return result; } /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA). */ -static int read_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, - struct pbkdf2_params *params) +static int +read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params) { - int result; + int result; - memset(params, 0, sizeof(params)); + memset (params, 0, sizeof (params)); - /* read the salt */ - params->salt_size = sizeof(params->salt); - result = - asn1_read_value(pbes2_asn, "salt", params->salt, - ¶ms->salt_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* read the salt */ + params->salt_size = sizeof (params->salt); + result = + asn1_read_value (pbes2_asn, "salt", params->salt, ¶ms->salt_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - _gnutls_hard_log("salt.size: %d\n", params->salt_size); + _gnutls_hard_log ("salt.size: %d\n", params->salt_size); - /* read the iteration count - */ - result = - _gnutls_x509_read_uint(pbes2_asn, "iterations", - ¶ms->iter_count); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; + /* read the iteration count + */ + result = + _gnutls_x509_read_uint (pbes2_asn, "iterations", ¶ms->iter_count); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; } - _gnutls_hard_log("iterationCount: %d\n", params->iter_count); + _gnutls_hard_log ("iterationCount: %d\n", params->iter_count); - params->key_size = 0; + params->key_size = 0; - return 0; + return 0; - error: - return result; +error: + return result; } /* Writes the PBE parameters for PKCS-12 schemas. */ -static int write_pkcs12_kdf_params(ASN1_TYPE pbes2_asn, - const struct pbkdf2_params *kdf_params) +static int +write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, + const struct pbkdf2_params *kdf_params) { - int result; - - /* write the salt - */ - result = - asn1_write_value(pbes2_asn, "salt", - kdf_params->salt, kdf_params->salt_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - _gnutls_hard_log("salt.size: %d\n", kdf_params->salt_size); - - /* write the iteration count - */ - result = - _gnutls_x509_write_uint32(pbes2_asn, "iterations", - kdf_params->iter_count); - if (result < 0) { - gnutls_assert(); - goto error; - } - _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count); - - return 0; - - error: - return result; + int result; + + /* write the salt + */ + result = + asn1_write_value (pbes2_asn, "salt", + kdf_params->salt, kdf_params->salt_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size); + + /* write the iteration count + */ + result = + _gnutls_x509_write_uint32 (pbes2_asn, "iterations", + kdf_params->iter_count); + if (result < 0) + { + gnutls_assert (); + goto error; + } + _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count); + + return 0; + +error: + return result; } /* Converts an OID to a gnutls cipher type. */ -inline - static int oid2cipher(const char *oid, - gnutls_cipher_algorithm_t * algo) +inline static int +oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo) { - *algo = 0; + *algo = 0; - if (strcmp(oid, DES_EDE3_CBC_OID) == 0) { - *algo = GNUTLS_CIPHER_3DES_CBC; - return 0; + if (strcmp (oid, DES_EDE3_CBC_OID) == 0) + { + *algo = GNUTLS_CIPHER_3DES_CBC; + return 0; } - if (strcmp(oid, DES_CBC_OID) == 0) { - *algo = GNUTLS_CIPHER_DES_CBC; - return 0; + if (strcmp (oid, DES_CBC_OID) == 0) + { + *algo = GNUTLS_CIPHER_DES_CBC; + return 0; } - _gnutls_x509_log("PKCS #8 encryption OID '%s' is unsupported.\n", oid); - return GNUTLS_E_UNKNOWN_CIPHER_TYPE; + _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid); + return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } -static int read_pbe_enc_params(ASN1_TYPE pbes2_asn, - const gnutls_datum_t * der, - struct pbe_enc_params *params) +static int +read_pbe_enc_params (ASN1_TYPE pbes2_asn, + const gnutls_datum_t * der, + struct pbe_enc_params *params) { - int params_start, params_end; - int params_len, len, result; - ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; - char oid[64]; - - memset(params, 0, sizeof(params)); - - /* Check the encryption algorithm - */ - len = sizeof(oid); - result = - asn1_read_value(pbes2_asn, "encryptionScheme.algorithm", oid, - &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; - } - _gnutls_hard_log("encryptionScheme.algorithm: %s\n", oid); - - if ((result = oid2cipher(oid, ¶ms->cipher)) < 0) { - gnutls_assert(); - goto error; - } - - result = - asn1_der_decoding_startEnd(pbes2_asn, der->data, der->size, - "encryptionScheme.parameters", - ¶ms_start, ¶ms_end); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - params_len = params_end - params_start + 1; - - /* Now check the encryption parameters. - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-des-EDE3-CBC-params", - &pbe_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = - asn1_der_decoding(&pbe_asn, &der->data[params_start], - params_len, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* read the IV */ - params->iv_size = sizeof(params->iv); - result = asn1_read_value(pbe_asn, "", params->iv, ¶ms->iv_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - _gnutls_hard_log("IV.size: %d\n", params->iv_size); - - return 0; - - error: - asn1_delete_structure(&pbe_asn); - return result; + int params_start, params_end; + int params_len, len, result; + ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; + char oid[64]; + + memset (params, 0, sizeof (params)); + + /* Check the encryption algorithm + */ + len = sizeof (oid); + result = + asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; + } + _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid); + + if ((result = oid2cipher (oid, ¶ms->cipher)) < 0) + { + gnutls_assert (); + goto error; + } + + result = + asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size, + "encryptionScheme.parameters", + ¶ms_start, ¶ms_end); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + params_len = params_end - params_start + 1; + + /* Now check the encryption parameters. + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-des-EDE3-CBC-params", + &pbe_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = + asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* read the IV */ + params->iv_size = sizeof (params->iv); + result = asn1_read_value (pbe_asn, "", params->iv, ¶ms->iv_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + _gnutls_hard_log ("IV.size: %d\n", params->iv_size); + + return 0; + +error: + asn1_delete_structure (&pbe_asn); + return result; } -static int decrypt_data(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *root, const char *password, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * decrypted_data) +static int +decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn, + const char *root, const char *password, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * decrypted_data) { - int result; - int data_size; - opaque *data = NULL, *key = NULL; - gnutls_datum_t dkey, d_iv; - cipher_hd_t ch = NULL; - int key_size; - - data_size = 0; - result = asn1_read_value(pkcs8_asn, root, NULL, &data_size); - if (result != ASN1_MEM_ERROR) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - data = gnutls_malloc(data_size); - if (data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - result = asn1_read_value(pkcs8_asn, root, data, &data_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - if (kdf_params->key_size == 0) { - key_size = gnutls_cipher_get_key_size(enc_params->cipher); - } else - key_size = kdf_params->key_size; - - key = gnutls_alloca(key_size); - if (key == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - /* generate the key - */ - if (schema == PBES2) { - result = gc_pbkdf2_sha1(password, strlen(password), - kdf_params->salt, kdf_params->salt_size, - kdf_params->iter_count, key, key_size); - - if (result != GC_OK) { - gnutls_assert(); - result = GNUTLS_E_DECRYPTION_FAILED; - goto error; + int result; + int data_size; + opaque *data = NULL, *key = NULL; + gnutls_datum_t dkey, d_iv; + cipher_hd_t ch = NULL; + int key_size; + + data_size = 0; + result = asn1_read_value (pkcs8_asn, root, NULL, &data_size); + if (result != ASN1_MEM_ERROR) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + data = gnutls_malloc (data_size); + if (data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; + } + + result = asn1_read_value (pkcs8_asn, root, data, &data_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + if (kdf_params->key_size == 0) + { + key_size = gnutls_cipher_get_key_size (enc_params->cipher); + } + else + key_size = kdf_params->key_size; + + key = gnutls_alloca (key_size); + if (key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto error; + } + + /* generate the key + */ + if (schema == PBES2) + { + result = gc_pbkdf2_sha1 (password, strlen (password), + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, key, key_size); + + if (result != GC_OK) + { + gnutls_assert (); + result = GNUTLS_E_DECRYPTION_FAILED; + goto error; } - } else { - result = - _pkcs12_string_to_key(1 /*KEY*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - key_size, key); - - if (result < 0) { - gnutls_assert(); - goto error; + } + else + { + result = + _pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + key_size, key); + + if (result < 0) + { + gnutls_assert (); + goto error; } } - /* do the decryption. - */ - dkey.data = key; - dkey.size = key_size; + /* do the decryption. + */ + dkey.data = key; + dkey.size = key_size; - d_iv.data = (opaque *) enc_params->iv; - d_iv.size = enc_params->iv_size; - ch = _gnutls_cipher_init(enc_params->cipher, &dkey, &d_iv); + d_iv.data = (opaque *) enc_params->iv; + d_iv.size = enc_params->iv_size; + ch = _gnutls_cipher_init (enc_params->cipher, &dkey, &d_iv); - gnutls_afree(key); - key = NULL; + gnutls_afree (key); + key = NULL; - if (ch == NULL) { - gnutls_assert(); - result = GNUTLS_E_DECRYPTION_FAILED; - goto error; + if (ch == NULL) + { + gnutls_assert (); + result = GNUTLS_E_DECRYPTION_FAILED; + goto error; } - result = _gnutls_cipher_decrypt(ch, data, data_size); - if (result < 0) { - gnutls_assert(); - goto error; + result = _gnutls_cipher_decrypt (ch, data, data_size); + if (result < 0) + { + gnutls_assert (); + goto error; } - decrypted_data->data = data; + decrypted_data->data = data; - if (_gnutls_cipher_get_block_size(enc_params->cipher) != 1) - decrypted_data->size = data_size - data[data_size - 1]; - else - decrypted_data->size = data_size; + if (_gnutls_cipher_get_block_size (enc_params->cipher) != 1) + decrypted_data->size = data_size - data[data_size - 1]; + else + decrypted_data->size = data_size; - _gnutls_cipher_deinit(ch); + _gnutls_cipher_deinit (ch); - return 0; + return 0; - error: - gnutls_free(data); - gnutls_afree(key); - if (ch != NULL) - _gnutls_cipher_deinit(ch); - return result; +error: + gnutls_free (data); + gnutls_afree (key); + if (ch != NULL) + _gnutls_cipher_deinit (ch); + return result; } /* Writes the PBKDF2 parameters. */ -static int write_pbkdf2_params(ASN1_TYPE pbes2_asn, - const struct pbkdf2_params *kdf_params) +static int +write_pbkdf2_params (ASN1_TYPE pbes2_asn, + const struct pbkdf2_params *kdf_params) { - int result; - ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; - opaque tmp[64]; - - /* Write the key derivation algorithm - */ - result = - asn1_write_value(pbes2_asn, "keyDerivationFunc.algorithm", - PBKDF2_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - /* Now write the key derivation and the encryption - * functions. - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBKDF2-params", - &pbkdf2_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - result = asn1_write_value(pbkdf2_asn, "salt", "specified", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* write the salt - */ - result = - asn1_write_value(pbkdf2_asn, "salt.specified", - kdf_params->salt, kdf_params->salt_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - _gnutls_hard_log("salt.specified.size: %d\n", kdf_params->salt_size); - - /* write the iteration count - */ - _gnutls_write_uint32(kdf_params->iter_count, tmp); - - result = asn1_write_value(pbkdf2_asn, "iterationCount", tmp, 4); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - _gnutls_hard_log("iterationCount: %d\n", kdf_params->iter_count); - - /* write the keylength, if it is set. - */ - result = asn1_write_value(pbkdf2_asn, "keyLength", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* We write an emptry prf. - */ - result = asn1_write_value(pbkdf2_asn, "prf", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* now encode them an put the DER output - * in the keyDerivationFunc.parameters - */ - result = _gnutls_x509_der_encode_and_copy(pbkdf2_asn, "", - pbes2_asn, - "keyDerivationFunc.parameters", - 0); - if (result < 0) { - gnutls_assert(); - goto error; - } - - return 0; - - error: - asn1_delete_structure(&pbkdf2_asn); - return result; + int result; + ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY; + opaque tmp[64]; + + /* Write the key derivation algorithm + */ + result = + asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm", + PBKDF2_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* Now write the key derivation and the encryption + * functions. + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-PBKDF2-params", + &pbkdf2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* write the salt + */ + result = + asn1_write_value (pbkdf2_asn, "salt.specified", + kdf_params->salt, kdf_params->salt_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size); + + /* write the iteration count + */ + _gnutls_write_uint32 (kdf_params->iter_count, tmp); + + result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count); + + /* write the keylength, if it is set. + */ + result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* We write an emptry prf. + */ + result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* now encode them an put the DER output + * in the keyDerivationFunc.parameters + */ + result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "", + pbes2_asn, + "keyDerivationFunc.parameters", + 0); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + return 0; + +error: + asn1_delete_structure (&pbkdf2_asn); + return result; } -static int write_pbe_enc_params(ASN1_TYPE pbes2_asn, - const struct pbe_enc_params *params) +static int +write_pbe_enc_params (ASN1_TYPE pbes2_asn, + const struct pbe_enc_params *params) { - int result; - ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; - - /* Write the encryption algorithm - */ - result = - asn1_write_value(pbes2_asn, "encryptionScheme.algorithm", - DES_EDE3_CBC_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; - } - _gnutls_hard_log("encryptionScheme.algorithm: %s\n", DES_EDE3_CBC_OID); - - /* Now check the encryption parameters. - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-des-EDE3-CBC-params", - &pbe_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - /* read the salt */ - result = asn1_write_value(pbe_asn, "", params->iv, params->iv_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - _gnutls_hard_log("IV.size: %d\n", params->iv_size); - - /* now encode them an put the DER output - * in the encryptionScheme.parameters - */ - result = _gnutls_x509_der_encode_and_copy(pbe_asn, "", - pbes2_asn, - "encryptionScheme.parameters", - 0); - if (result < 0) { - gnutls_assert(); - goto error; - } - - return 0; - - error: - asn1_delete_structure(&pbe_asn); - return result; + int result; + ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY; + + /* Write the encryption algorithm + */ + result = + asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", + DES_EDE3_CBC_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; + } + _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", DES_EDE3_CBC_OID); + + /* Now check the encryption parameters. + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-des-EDE3-CBC-params", + &pbe_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* read the salt */ + result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + _gnutls_hard_log ("IV.size: %d\n", params->iv_size); + + /* now encode them an put the DER output + * in the encryptionScheme.parameters + */ + result = _gnutls_x509_der_encode_and_copy (pbe_asn, "", + pbes2_asn, + "encryptionScheme.parameters", + 0); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + return 0; + +error: + asn1_delete_structure (&pbe_asn); + return result; } /* Generates a key and also stores the key parameters. */ -static int generate_key(schema_id schema, - const char *password, - struct pbkdf2_params *kdf_params, - struct pbe_enc_params *enc_params, - gnutls_datum_t * key) +static int +generate_key (schema_id schema, + const char *password, + struct pbkdf2_params *kdf_params, + struct pbe_enc_params *enc_params, gnutls_datum_t * key) { - opaque rnd[2]; - int ret; - - /* We should use the flags here to use different - * encryption algorithms etc. - */ - - if (schema == PKCS12_ARCFOUR_SHA1) - enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; - else if (schema == PKCS12_3DES_SHA1) - enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; - else if (schema == PKCS12_RC2_40_SHA1) - enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; - - if (gc_pseudo_random (rnd, 2) != GC_OK) { - gnutls_assert(); + opaque rnd[2]; + int ret; + + /* We should use the flags here to use different + * encryption algorithms etc. + */ + + if (schema == PKCS12_ARCFOUR_SHA1) + enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128; + else if (schema == PKCS12_3DES_SHA1) + enc_params->cipher = GNUTLS_CIPHER_3DES_CBC; + else if (schema == PKCS12_RC2_40_SHA1) + enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC; + + if (gc_pseudo_random (rnd, 2) != GC_OK) + { + gnutls_assert (); return GNUTLS_E_RANDOM_FAILED; } - /* generate salt */ + /* generate salt */ - if (schema == PBES2) - kdf_params->salt_size = - MIN(sizeof(kdf_params->salt), (uint) (10 + (rnd[1] % 10))); - else - kdf_params->salt_size = 8; + if (schema == PBES2) + kdf_params->salt_size = + MIN (sizeof (kdf_params->salt), (uint) (10 + (rnd[1] % 10))); + else + kdf_params->salt_size = 8; - if (gc_pseudo_random (kdf_params->salt, kdf_params->salt_size) != GC_OK) { - gnutls_assert(); + if (gc_pseudo_random (kdf_params->salt, kdf_params->salt_size) != GC_OK) + { + gnutls_assert (); return GNUTLS_E_RANDOM_FAILED; } - kdf_params->iter_count = 256 + rnd[0]; - key->size = kdf_params->key_size = - gnutls_cipher_get_key_size(enc_params->cipher); + kdf_params->iter_count = 256 + rnd[0]; + key->size = kdf_params->key_size = + gnutls_cipher_get_key_size (enc_params->cipher); - enc_params->iv_size = _gnutls_cipher_get_iv_size(enc_params->cipher); + enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher); - key->data = gnutls_secure_malloc(key->size); - if (key->data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + key->data = gnutls_secure_malloc (key->size); + if (key->data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - /* now generate the key. - */ + /* now generate the key. + */ - if (schema == PBES2) { + if (schema == PBES2) + { - ret = gc_pbkdf2_sha1(password, strlen(password), - kdf_params->salt, kdf_params->salt_size, - kdf_params->iter_count, - key->data, kdf_params->key_size); - if (ret != GC_OK) { - gnutls_assert(); - return GNUTLS_E_ENCRYPTION_FAILED; + ret = gc_pbkdf2_sha1 (password, strlen (password), + kdf_params->salt, kdf_params->salt_size, + kdf_params->iter_count, + key->data, kdf_params->key_size); + if (ret != GC_OK) + { + gnutls_assert (); + return GNUTLS_E_ENCRYPTION_FAILED; } - if (enc_params->iv_size && - gc_nonce (enc_params->iv, enc_params->iv_size) != GC_OK) { - gnutls_assert(); - return GNUTLS_E_RANDOM_FAILED; + if (enc_params->iv_size && + gc_nonce (enc_params->iv, enc_params->iv_size) != GC_OK) + { + gnutls_assert (); + return GNUTLS_E_RANDOM_FAILED; } - } else { /* PKCS12 schemas */ - ret = - _pkcs12_string_to_key(1 /*KEY*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - kdf_params->key_size, key->data); - if (ret < 0) { - gnutls_assert(); - return ret; + } + else + { /* PKCS12 schemas */ + ret = + _pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + kdf_params->key_size, key->data); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* Now generate the IV - */ - if (enc_params->iv_size) { - ret = - _pkcs12_string_to_key(2 /*IV*/, kdf_params->salt, - kdf_params->salt_size, - kdf_params->iter_count, password, - enc_params->iv_size, enc_params->iv); - if (ret < 0) { - gnutls_assert(); - return ret; + /* Now generate the IV + */ + if (enc_params->iv_size) + { + ret = + _pkcs12_string_to_key (2 /*IV*/, kdf_params->salt, + kdf_params->salt_size, + kdf_params->iter_count, password, + enc_params->iv_size, enc_params->iv); + if (ret < 0) + { + gnutls_assert (); + return ret; } } } - return 0; + return 0; } /* Encodes the parameters to be written in the encryptionAlgorithm.parameters * part. */ -static int write_schema_params(schema_id schema, ASN1_TYPE pkcs8_asn, - const char *where, - const struct pbkdf2_params *kdf_params, - const struct pbe_enc_params *enc_params) +static int +write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn, + const char *where, + const struct pbkdf2_params *kdf_params, + const struct pbe_enc_params *enc_params) { - int result; - ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; - - if (schema == PBES2) { - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-5-PBES2-params", - &pbes2_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + int result; + ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY; + + if (schema == PBES2) + { + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-5-PBES2-params", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = write_pbkdf2_params(pbes2_asn, kdf_params); - if (result < 0) { - gnutls_assert(); - goto error; + result = write_pbkdf2_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; } - result = write_pbe_enc_params(pbes2_asn, enc_params); - if (result < 0) { - gnutls_assert(); - goto error; + result = write_pbe_enc_params (pbes2_asn, enc_params); + if (result < 0) + { + gnutls_assert (); + goto error; } - result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "", - pkcs8_asn, where, 0); - if (result < 0) { - gnutls_assert(); - goto error; + result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", + pkcs8_asn, where, 0); + if (result < 0) + { + gnutls_assert (); + goto error; } - asn1_delete_structure(&pbes2_asn); - } else { /* PKCS12 schemas */ + asn1_delete_structure (&pbes2_asn); + } + else + { /* PKCS12 schemas */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-12-PbeParams", - &pbes2_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-12-PbeParams", + &pbes2_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - result = write_pkcs12_kdf_params(pbes2_asn, kdf_params); - if (result < 0) { - gnutls_assert(); - goto error; + result = write_pkcs12_kdf_params (pbes2_asn, kdf_params); + if (result < 0) + { + gnutls_assert (); + goto error; } - result = _gnutls_x509_der_encode_and_copy(pbes2_asn, "", - pkcs8_asn, where, 0); - if (result < 0) { - gnutls_assert(); - goto error; + result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "", + pkcs8_asn, where, 0); + if (result < 0) + { + gnutls_assert (); + goto error; } - asn1_delete_structure(&pbes2_asn); + asn1_delete_structure (&pbes2_asn); } - return 0; + return 0; - error: - asn1_delete_structure(&pbes2_asn); - return result; +error: + asn1_delete_structure (&pbes2_asn); + return result; } -static int encrypt_data(const gnutls_datum_t * plain, - const struct pbe_enc_params *enc_params, - gnutls_datum_t * key, gnutls_datum_t * encrypted) +static int +encrypt_data (const gnutls_datum_t * plain, + const struct pbe_enc_params *enc_params, + gnutls_datum_t * key, gnutls_datum_t * encrypted) { - int result; - int data_size; - opaque *data = NULL; - gnutls_datum_t d_iv; - cipher_hd_t ch = NULL; - opaque pad, pad_size; + int result; + int data_size; + opaque *data = NULL; + gnutls_datum_t d_iv; + cipher_hd_t ch = NULL; + opaque pad, pad_size; - pad_size = _gnutls_cipher_get_block_size(enc_params->cipher); + pad_size = _gnutls_cipher_get_block_size (enc_params->cipher); - if (pad_size == 1) /* stream */ - pad_size = 0; + if (pad_size == 1) /* stream */ + pad_size = 0; - data = gnutls_malloc(plain->size + pad_size); - if (data == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + data = gnutls_malloc (plain->size + pad_size); + if (data == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - memcpy(data, plain->data, plain->size); + memcpy (data, plain->data, plain->size); - if (pad_size > 0) { - pad = pad_size - (plain->size % pad_size); - if (pad == 0) - pad = pad_size; - memset(&data[plain->size], pad, pad); - } else - pad = 0; + if (pad_size > 0) + { + pad = pad_size - (plain->size % pad_size); + if (pad == 0) + pad = pad_size; + memset (&data[plain->size], pad, pad); + } + else + pad = 0; - data_size = plain->size + pad; + data_size = plain->size + pad; - d_iv.data = (opaque *) enc_params->iv; - d_iv.size = enc_params->iv_size; - ch = _gnutls_cipher_init(enc_params->cipher, key, &d_iv); + d_iv.data = (opaque *) enc_params->iv; + d_iv.size = enc_params->iv_size; + ch = _gnutls_cipher_init (enc_params->cipher, key, &d_iv); - if (ch == GNUTLS_CIPHER_FAILED) { - gnutls_assert(); - result = GNUTLS_E_ENCRYPTION_FAILED; - goto error; + if (ch == GNUTLS_CIPHER_FAILED) + { + gnutls_assert (); + result = GNUTLS_E_ENCRYPTION_FAILED; + goto error; } - result = _gnutls_cipher_encrypt(ch, data, data_size); - if (result < 0) { - gnutls_assert(); - goto error; + result = _gnutls_cipher_encrypt (ch, data, data_size); + if (result < 0) + { + gnutls_assert (); + goto error; } - encrypted->data = data; - encrypted->size = data_size; + encrypted->data = data; + encrypted->size = data_size; - _gnutls_cipher_deinit(ch); + _gnutls_cipher_deinit (ch); - return 0; + return 0; - error: - gnutls_free(data); - if (ch != NULL) - _gnutls_cipher_deinit(ch); - return result; +error: + gnutls_free (data); + if (ch != NULL) + _gnutls_cipher_deinit (ch); + return result; } /* Decrypts a PKCS #7 encryptedData. The output is allocated * and stored in dec. */ -int _gnutls_pkcs7_decrypt_data(const gnutls_datum_t * data, - const char *password, gnutls_datum_t * dec) +int +_gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data, + const char *password, gnutls_datum_t * dec) { - int result, len; - char enc_oid[64]; - gnutls_datum_t tmp; - ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY; - int params_start, params_end, params_len; - struct pbkdf2_params kdf_params; - struct pbe_enc_params enc_params; - schema_id schema; - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - result = asn1_der_decoding(&pkcs7_asn, data->data, data->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Check the encryption schema OID - */ - len = sizeof(enc_oid); - result = - asn1_read_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - enc_oid, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - if ((result = check_schema(enc_oid)) < 0) { - gnutls_assert(); - goto error; - } - schema = result; - - /* Get the DER encoding of the parameters. - */ - result = - asn1_der_decoding_startEnd(pkcs7_asn, data->data, data->size, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - ¶ms_start, ¶ms_end); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - params_len = params_end - params_start + 1; - - result = - read_pkcs_schema_params(schema, password, - &data->data[params_start], - params_len, &kdf_params, &enc_params); - if (result < ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Parameters have been decoded. Now - * decrypt the EncryptedData. - */ - - result = - decrypt_data(schema, pkcs7_asn, - "encryptedContentInfo.encryptedContent", password, - &kdf_params, &enc_params, &tmp); - if (result < 0) { - gnutls_assert(); - goto error; - } - - asn1_delete_structure(&pkcs7_asn); - - *dec = tmp; - - return 0; - - error: - asn1_delete_structure(&pbes2_asn); - asn1_delete_structure(&pkcs7_asn); - return result; + int result, len; + char enc_oid[64]; + gnutls_datum_t tmp; + ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY; + int params_start, params_end, params_len; + struct pbkdf2_params kdf_params; + struct pbe_enc_params enc_params; + schema_id schema; + + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Check the encryption schema OID + */ + len = sizeof (enc_oid); + result = + asn1_read_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + enc_oid, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + if ((result = check_schema (enc_oid)) < 0) + { + gnutls_assert (); + goto error; + } + schema = result; + + /* Get the DER encoding of the parameters. + */ + result = + asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size, + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + ¶ms_start, ¶ms_end); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + params_len = params_end - params_start + 1; + + result = + read_pkcs_schema_params (schema, password, + &data->data[params_start], + params_len, &kdf_params, &enc_params); + if (result < ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Parameters have been decoded. Now + * decrypt the EncryptedData. + */ + + result = + decrypt_data (schema, pkcs7_asn, + "encryptedContentInfo.encryptedContent", password, + &kdf_params, &enc_params, &tmp); + if (result < 0) + { + gnutls_assert (); + goto error; + } + + asn1_delete_structure (&pkcs7_asn); + + *dec = tmp; + + return 0; + +error: + asn1_delete_structure (&pbes2_asn); + asn1_delete_structure (&pkcs7_asn); + return result; } /* Encrypts to a PKCS #7 encryptedData. The output is allocated * and stored in enc. */ -int _gnutls_pkcs7_encrypt_data(schema_id schema, - const gnutls_datum_t * data, - const char *password, gnutls_datum_t * enc) +int +_gnutls_pkcs7_encrypt_data (schema_id schema, + const gnutls_datum_t * data, + const char *password, gnutls_datum_t * enc) { - int result; - gnutls_datum_t key = { NULL, 0 }; - gnutls_datum_t tmp = { NULL, 0 }; - ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY; - struct pbkdf2_params kdf_params; - struct pbe_enc_params enc_params; - - - if ((result = - asn1_create_element(_gnutls_get_pkix(), - "PKIX1.pkcs-7-EncryptedData", - &pkcs7_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; - } - - /* Write the encryption schema OID - */ - switch (schema) { + int result; + gnutls_datum_t key = { NULL, 0 }; + gnutls_datum_t tmp = { NULL, 0 }; + ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY; + struct pbkdf2_params kdf_params; + struct pbe_enc_params enc_params; + + + if ((result = + asn1_create_element (_gnutls_get_pkix (), + "PKIX1.pkcs-7-EncryptedData", + &pkcs7_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; + } + + /* Write the encryption schema OID + */ + switch (schema) + { case PBES2: - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - PBES2_OID, 1); - break; + result = + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + PBES2_OID, 1); + break; case PKCS12_3DES_SHA1: - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - PKCS12_PBE_3DES_SHA1_OID, 1); - break; + result = + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + PKCS12_PBE_3DES_SHA1_OID, 1); + break; case PKCS12_ARCFOUR_SHA1: - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - PKCS12_PBE_ARCFOUR_SHA1_OID, 1); - break; + result = + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + PKCS12_PBE_ARCFOUR_SHA1_OID, 1); + break; case PKCS12_RC2_40_SHA1: - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", - PKCS12_PBE_RC2_40_SHA1_OID, 1); - break; + result = + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.algorithm", + PKCS12_PBE_RC2_40_SHA1_OID, 1); + break; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - /* Generate a symmetric key. - */ + /* Generate a symmetric key. + */ - result = - generate_key(schema, password, &kdf_params, &enc_params, &key); - if (result < 0) { - gnutls_assert(); - goto error; + result = generate_key (schema, password, &kdf_params, &enc_params, &key); + if (result < 0) + { + gnutls_assert (); + goto error; } - result = write_schema_params(schema, pkcs7_asn, - "encryptedContentInfo.contentEncryptionAlgorithm.parameters", - &kdf_params, &enc_params); - if (result < 0) { - gnutls_assert(); - goto error; + result = write_schema_params (schema, pkcs7_asn, + "encryptedContentInfo.contentEncryptionAlgorithm.parameters", + &kdf_params, &enc_params); + if (result < 0) + { + gnutls_assert (); + goto error; } - /* Parameters have been encoded. Now - * encrypt the Data. - */ - result = encrypt_data(data, &enc_params, &key, &tmp); - if (result < 0) { - gnutls_assert(); - goto error; + /* Parameters have been encoded. Now + * encrypt the Data. + */ + result = encrypt_data (data, &enc_params, &key, &tmp); + if (result < 0) + { + gnutls_assert (); + goto error; } - /* write the encrypted data. - */ - result = - asn1_write_value(pkcs7_asn, - "encryptedContentInfo.encryptedContent", tmp.data, - tmp.size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + /* write the encrypted data. + */ + result = + asn1_write_value (pkcs7_asn, + "encryptedContentInfo.encryptedContent", tmp.data, + tmp.size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - _gnutls_free_datum(&tmp); - _gnutls_free_datum(&key); + _gnutls_free_datum (&tmp); + _gnutls_free_datum (&key); - /* Now write the rest of the pkcs-7 stuff. - */ + /* Now write the rest of the pkcs-7 stuff. + */ - result = _gnutls_x509_write_uint32(pkcs7_asn, "version", 0); - if (result < 0) { - gnutls_assert(); - goto error; + result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0); + if (result < 0) + { + gnutls_assert (); + goto error; } - result = - asn1_write_value(pkcs7_asn, "encryptedContentInfo.contentType", - DATA_OID, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + result = + asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType", + DATA_OID, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - result = asn1_write_value(pkcs7_asn, "unprotectedAttrs", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto error; + result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto error; } - /* Now encode and copy the DER stuff. - */ - result = _gnutls_x509_der_encode(pkcs7_asn, "", enc, 0); + /* Now encode and copy the DER stuff. + */ + result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0); - asn1_delete_structure(&pkcs7_asn); + asn1_delete_structure (&pkcs7_asn); - if (result < 0) { - gnutls_assert(); - goto error; + if (result < 0) + { + gnutls_assert (); + goto error; } - error: - _gnutls_free_datum(&key); - _gnutls_free_datum(&tmp); - asn1_delete_structure(&pkcs7_asn); - return result; +error: + _gnutls_free_datum (&key); + _gnutls_free_datum (&tmp); + asn1_delete_structure (&pkcs7_asn); + return result; } diff --git a/lib/x509/rfc2818.h b/lib/x509/rfc2818.h index ed9749a734..4bea2165f6 100644 --- a/lib/x509/rfc2818.h +++ b/lib/x509/rfc2818.h @@ -22,5 +22,5 @@ * */ -int _gnutls_hostname_compare(const char *certname, const char *hostname); +int _gnutls_hostname_compare (const char *certname, const char *hostname); #define MAX_CN 256 diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c index a1075ce24a..e52a905fd4 100644 --- a/lib/x509/rfc2818_hostname.c +++ b/lib/x509/rfc2818_hostname.c @@ -32,38 +32,43 @@ /* compare hostname against certificate, taking account of wildcards * return 1 on success or 0 on error */ -int _gnutls_hostname_compare(const char *certname, const char *hostname) +int +_gnutls_hostname_compare (const char *certname, const char *hostname) { - const char *cmpstr1, *cmpstr2; + const char *cmpstr1, *cmpstr2; - if (strlen(certname) == 0 || strlen(hostname) == 0) - return 0; + if (strlen (certname) == 0 || strlen (hostname) == 0) + return 0; - if (strlen(certname) > 2 && strncmp(certname, "*.", 2) == 0) { - /* a wildcard certificate */ + if (strlen (certname) > 2 && strncmp (certname, "*.", 2) == 0) + { + /* a wildcard certificate */ - cmpstr1 = certname + 1; + cmpstr1 = certname + 1; - /* find the first dot in hostname, compare from there on */ - cmpstr2 = strchr(hostname, '.'); + /* find the first dot in hostname, compare from there on */ + cmpstr2 = strchr (hostname, '.'); - if (cmpstr2 == NULL) { - /* error, the hostname we're connecting to is only a local part */ - return 0; + if (cmpstr2 == NULL) + { + /* error, the hostname we're connecting to is only a local part */ + return 0; } - if (strcasecmp(cmpstr1, cmpstr2) == 0) { - return 1; + if (strcasecmp (cmpstr1, cmpstr2) == 0) + { + return 1; } - return 0; + return 0; } - if (strcasecmp(certname, hostname) == 0) { - return 1; + if (strcasecmp (certname, hostname) == 0) + { + return 1; } - return 0; + return 0; } /** @@ -79,64 +84,69 @@ int _gnutls_hostname_compare(const char *certname, const char *hostname) * Returns non zero on success, and zero on failure. * **/ -int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, - const char *hostname) +int +gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname) { - char dnsname[MAX_CN]; - size_t dnsnamesize; - int found_dnsname = 0; - int ret = 0; - int i = 0; - - /* try matching against: - * 1) a DNS name as an alternative name (subjectAltName) extension - * in the certificate - * 2) the common name (CN) in the certificate - * - * either of these may be of the form: *.domain.tld - * - * only try (2) if there is no subjectAltName extension of - * type dNSName - */ - - /* Check through all included subjectAltName extensions, comparing - * against all those of type dNSName. - */ - for (i = 0; !(ret < 0); i++) { - - dnsnamesize = sizeof(dnsname); - ret = - gnutls_x509_crt_get_subject_alt_name(cert, i, - dnsname, &dnsnamesize, - NULL); - - if (ret == GNUTLS_SAN_DNSNAME) { - found_dnsname = 1; - if (_gnutls_hostname_compare(dnsname, hostname)) { - return 1; + char dnsname[MAX_CN]; + size_t dnsnamesize; + int found_dnsname = 0; + int ret = 0; + int i = 0; + + /* try matching against: + * 1) a DNS name as an alternative name (subjectAltName) extension + * in the certificate + * 2) the common name (CN) in the certificate + * + * either of these may be of the form: *.domain.tld + * + * only try (2) if there is no subjectAltName extension of + * type dNSName + */ + + /* Check through all included subjectAltName extensions, comparing + * against all those of type dNSName. + */ + for (i = 0; !(ret < 0); i++) + { + + dnsnamesize = sizeof (dnsname); + ret = + gnutls_x509_crt_get_subject_alt_name (cert, i, + dnsname, &dnsnamesize, NULL); + + if (ret == GNUTLS_SAN_DNSNAME) + { + found_dnsname = 1; + if (_gnutls_hostname_compare (dnsname, hostname)) + { + return 1; } } } - if (!found_dnsname) { - /* not got the necessary extension, use CN instead - */ - dnsnamesize = sizeof(dnsname); - if (gnutls_x509_crt_get_dn_by_oid(cert, OID_X520_COMMON_NAME, 0, - 0, dnsname, &dnsnamesize) < 0) { - /* got an error, can't find a name - */ - return 1; + if (!found_dnsname) + { + /* not got the necessary extension, use CN instead + */ + dnsnamesize = sizeof (dnsname); + if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0, + 0, dnsname, &dnsnamesize) < 0) + { + /* got an error, can't find a name + */ + return 1; } - if (_gnutls_hostname_compare(dnsname, hostname)) { - return 1; + if (_gnutls_hostname_compare (dnsname, hostname)) + { + return 1; } } - /* not found a matching name - */ - return 0; + /* not found a matching name + */ + return 0; } diff --git a/lib/x509/sign.c b/lib/x509/sign.c index e712858a1e..a26956adc2 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -48,68 +48,75 @@ /* Writes the digest information and the digest in a DER encoded * structure. The digest info is allocated and stored into the info structure. */ -static int encode_ber_digest_info(gnutls_digest_algorithm_t hash, - const gnutls_datum_t * digest, gnutls_datum_t * info) +static int +encode_ber_digest_info (gnutls_digest_algorithm_t hash, + const gnutls_datum_t * digest, gnutls_datum_t * info) { - ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; - int result; - const char *algo; - - algo = _gnutls_x509_mac_to_oid(hash); - if (algo == NULL) { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_PK_ALGORITHM; + ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; + int result; + const char *algo; + + algo = _gnutls_x509_mac_to_oid (hash); + if (algo == NULL) + { + gnutls_assert (); + return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } - if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.DigestInfo", - &dinfo)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), + "GNUTLS.DigestInfo", + &dinfo)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - result = - asn1_write_value(dinfo, "digestAlgorithm.parameters", NULL, 0); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + result = asn1_write_value (dinfo, "digestAlgorithm.parameters", NULL, 0); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - result = asn1_write_value(dinfo, "digest", digest->data, digest->size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + result = asn1_write_value (dinfo, "digest", digest->data, digest->size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - info->size = 0; - asn1_der_coding(dinfo, "", NULL, &info->size, NULL); + info->size = 0; + asn1_der_coding (dinfo, "", NULL, &info->size, NULL); - info->data = gnutls_malloc(info->size); - if (info->data == NULL) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return GNUTLS_E_MEMORY_ERROR; + info->data = gnutls_malloc (info->size); + if (info->data == NULL) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return GNUTLS_E_MEMORY_ERROR; } - result = asn1_der_coding(dinfo, "", info->data, &info->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + result = asn1_der_coding (dinfo, "", info->data, &info->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - asn1_delete_structure(&dinfo); + asn1_delete_structure (&dinfo); - return 0; + return 0; } /* if hash==MD5 then we do RSA-MD5 @@ -118,75 +125,80 @@ static int encode_ber_digest_info(gnutls_digest_algorithm_t hash, * params[1] is public key */ static int -pkcs1_rsa_sign(gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, - mpi_t * params, int params_len, gnutls_datum_t * signature) +pkcs1_rsa_sign (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, + mpi_t * params, int params_len, gnutls_datum_t * signature) { - int ret; - opaque _digest[MAX_HASH_SIZE]; - GNUTLS_HASH_HANDLE hd; - gnutls_datum_t digest, info; - - hd = _gnutls_hash_init(HASH2MAC(hash)); - if (hd == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + int ret; + opaque _digest[MAX_HASH_SIZE]; + GNUTLS_HASH_HANDLE hd; + gnutls_datum_t digest, info; + + hd = _gnutls_hash_init (HASH2MAC (hash)); + if (hd == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(hd, text->data, text->size); - _gnutls_hash_deinit(hd, _digest); + _gnutls_hash (hd, text->data, text->size); + _gnutls_hash_deinit (hd, _digest); - digest.data = _digest; - digest.size = _gnutls_hash_get_algo_len(HASH2MAC(hash)); + digest.data = _digest; + digest.size = _gnutls_hash_get_algo_len (HASH2MAC (hash)); - /* Encode the digest as a DigestInfo - */ - if ((ret = encode_ber_digest_info(hash, &digest, &info)) != 0) { - gnutls_assert(); - return ret; + /* Encode the digest as a DigestInfo + */ + if ((ret = encode_ber_digest_info (hash, &digest, &info)) != 0) + { + gnutls_assert (); + return ret; } - if ((ret = - _gnutls_sign(GNUTLS_PK_RSA, params, params_len, &info, - signature)) < 0) { - gnutls_assert(); - _gnutls_free_datum(&info); - return ret; + if ((ret = + _gnutls_sign (GNUTLS_PK_RSA, params, params_len, &info, + signature)) < 0) + { + gnutls_assert (); + _gnutls_free_datum (&info); + return ret; } - _gnutls_free_datum(&info); + _gnutls_free_datum (&info); - return 0; + return 0; } static int -dsa_sign(const gnutls_datum_t * text, - mpi_t * params, int params_len, gnutls_datum_t * signature) +dsa_sign (const gnutls_datum_t * text, + mpi_t * params, int params_len, gnutls_datum_t * signature) { - int ret; - opaque _digest[MAX_HASH_SIZE]; - GNUTLS_HASH_HANDLE hd; - gnutls_datum_t digest; - - hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (hd == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + int ret; + opaque _digest[MAX_HASH_SIZE]; + GNUTLS_HASH_HANDLE hd; + gnutls_datum_t digest; + + hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (hd == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(hd, text->data, text->size); - _gnutls_hash_deinit(hd, _digest); + _gnutls_hash (hd, text->data, text->size); + _gnutls_hash_deinit (hd, _digest); - digest.data = _digest; - digest.size = 20; + digest.data = _digest; + digest.size = 20; - if ((ret = - _gnutls_sign(GNUTLS_PK_DSA, params, params_len, &digest, - signature)) < 0) { - gnutls_assert(); - return ret; + if ((ret = + _gnutls_sign (GNUTLS_PK_DSA, params, params_len, &digest, + signature)) < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } /* Signs the given data using the parameters from the signer's @@ -198,36 +210,39 @@ dsa_sign(const gnutls_datum_t * text, * 'signature' will hold the signature! * 'hash' is only used in PKCS1 RSA signing. */ -int _gnutls_x509_sign(const gnutls_datum_t * tbs, - gnutls_digest_algorithm_t hash, gnutls_x509_privkey_t signer, - gnutls_datum_t * signature) +int +_gnutls_x509_sign (const gnutls_datum_t * tbs, + gnutls_digest_algorithm_t hash, + gnutls_x509_privkey_t signer, gnutls_datum_t * signature) { - int ret; + int ret; - switch (signer->pk_algorithm) { + switch (signer->pk_algorithm) + { case GNUTLS_PK_RSA: - ret = - pkcs1_rsa_sign(hash, tbs, signer->params, signer->params_size, - signature); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = + pkcs1_rsa_sign (hash, tbs, signer->params, signer->params_size, + signature); + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; - break; + return 0; + break; case GNUTLS_PK_DSA: - ret = - dsa_sign(tbs, signer->params, signer->params_size, signature); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = dsa_sign (tbs, signer->params, signer->params_size, signature); + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; - break; + return 0; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } } @@ -236,39 +251,43 @@ int _gnutls_x509_sign(const gnutls_datum_t * tbs, * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER * of the TBS and sign it on the fly. */ -int _gnutls_x509_sign_tbs(ASN1_TYPE cert, const char *tbs_name, - gnutls_digest_algorithm_t hash, gnutls_x509_privkey_t signer, - gnutls_datum_t * signature) +int +_gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, + gnutls_digest_algorithm_t hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature) { - int result; - opaque *buf; - int buf_size; - gnutls_datum_t tbs; - - buf_size = 0; - asn1_der_coding(cert, tbs_name, NULL, &buf_size, NULL); - - buf = gnutls_alloca(buf_size); - if (buf == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + int result; + opaque *buf; + int buf_size; + gnutls_datum_t tbs; + + buf_size = 0; + asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL); + + buf = gnutls_alloca (buf_size); + if (buf == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - result = asn1_der_coding(cert, tbs_name, buf, &buf_size, NULL); + result = asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_afree(buf); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_afree (buf); + return _gnutls_asn2err (result); } - tbs.data = buf; - tbs.size = buf_size; + tbs.data = buf; + tbs.size = buf_size; - result = _gnutls_x509_sign(&tbs, hash, signer, signature); - gnutls_afree(buf); + result = _gnutls_x509_sign (&tbs, hash, signer, signature); + gnutls_afree (buf); - return result; + return result; } /*- @@ -283,75 +302,82 @@ int _gnutls_x509_sign_tbs(ASN1_TYPE cert, const char *tbs_name, * Returns 0 on success. * -*/ -int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name, - gnutls_digest_algorithm_t dig, - gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) +int +_gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, + gnutls_digest_algorithm_t dig, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) { - int result; - gnutls_datum_t signature; - char name[128]; - - /* Step 1. Copy the issuer's name into the certificate. - */ - _gnutls_str_cpy(name, sizeof(name), src_name); - _gnutls_str_cat(name, sizeof(name), ".issuer"); - - result = _gnutls_asn1_copy_node(&src, name, - issuer->cert, "tbsCertificate.subject"); - if (result < 0) { - gnutls_assert(); - return result; + int result; + gnutls_datum_t signature; + char name[128]; + + /* Step 1. Copy the issuer's name into the certificate. + */ + _gnutls_str_cpy (name, sizeof (name), src_name); + _gnutls_str_cat (name, sizeof (name), ".issuer"); + + result = _gnutls_asn1_copy_node (&src, name, + issuer->cert, "tbsCertificate.subject"); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 1.5. Write the signature stuff in the tbsCertificate. - */ - _gnutls_str_cpy(name, sizeof(name), src_name); - _gnutls_str_cat(name, sizeof(name), ".signature"); - - result = _gnutls_x509_write_sig_params(src, name, - issuer_key->pk_algorithm, dig, issuer_key->params, - issuer_key->params_size); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 1.5. Write the signature stuff in the tbsCertificate. + */ + _gnutls_str_cpy (name, sizeof (name), src_name); + _gnutls_str_cat (name, sizeof (name), ".signature"); + + result = _gnutls_x509_write_sig_params (src, name, + issuer_key->pk_algorithm, dig, + issuer_key->params, + issuer_key->params_size); + if (result < 0) + { + gnutls_assert (); + return result; } - /* Step 2. Sign the certificate. - */ - result = _gnutls_x509_sign_tbs(src, src_name, dig, - issuer_key, &signature); + /* Step 2. Sign the certificate. + */ + result = _gnutls_x509_sign_tbs (src, src_name, dig, issuer_key, &signature); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - /* write the signature (bits) - */ - result = - asn1_write_value(src, "signature", signature.data, - signature.size * 8); + /* write the signature (bits) + */ + result = + asn1_write_value (src, "signature", signature.data, signature.size * 8); - _gnutls_free_datum(&signature); + _gnutls_free_datum (&signature); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - /* Step 3. Move up and write the AlgorithmIdentifier, which is also - * the same. - */ - - result = _gnutls_x509_write_sig_params(src, "signatureAlgorithm", - issuer_key->pk_algorithm, dig, issuer_key->params, - issuer_key->params_size); - if (result < 0) { - gnutls_assert(); - return result; + /* Step 3. Move up and write the AlgorithmIdentifier, which is also + * the same. + */ + + result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm", + issuer_key->pk_algorithm, dig, + issuer_key->params, + issuer_key->params_size); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } #endif diff --git a/lib/x509/sign.h b/lib/x509/sign.h index b06e57e48c..8ac00f43ed 100644 --- a/lib/x509/sign.h +++ b/lib/x509/sign.h @@ -22,12 +22,15 @@ * */ -int _gnutls_x509_sign(const gnutls_datum_t * tbs, - gnutls_digest_algorithm_t hash, gnutls_x509_privkey_t signer, - gnutls_datum_t * signature); -int _gnutls_x509_sign_tbs(ASN1_TYPE cert, const char *tbs_name, - gnutls_digest_algorithm_t hash, gnutls_x509_privkey_t signer, - gnutls_datum_t * signature); -int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name, - gnutls_digest_algorithm_t, - gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key); +int _gnutls_x509_sign (const gnutls_datum_t * tbs, + gnutls_digest_algorithm_t hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature); +int _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, + gnutls_digest_algorithm_t hash, + gnutls_x509_privkey_t signer, + gnutls_datum_t * signature); +int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, + gnutls_digest_algorithm_t, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 5cca9431fa..fc2f2759a6 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -41,17 +41,20 @@ #include <common.h> #include <verify.h> -static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t *trusted_cas, int tcas_size, - unsigned int flags, unsigned int *output); -int _gnutls_x509_verify_signature(const gnutls_datum_t * signed_data, - const gnutls_datum_t * signature, gnutls_x509_crt_t issuer); +static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output); +int _gnutls_x509_verify_signature (const gnutls_datum_t * signed_data, + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer); static -int is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert); -static int _gnutls_verify_crl2(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, int tcas_size, unsigned int flags, - unsigned int *output); + int is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert); +static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output); /* Checks if the issuer of a certificate is a @@ -61,81 +64,88 @@ static int _gnutls_verify_crl2(gnutls_x509_crl_t crl, * Returns true or false, if the issuer is a CA, * or not. */ -static int check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, - unsigned int flags) +static int +check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, + unsigned int flags) { - gnutls_datum_t cert_signed_data = { NULL, 0 }; - gnutls_datum_t issuer_signed_data = { NULL, 0 }; - gnutls_datum_t cert_signature = { NULL, 0 }; - gnutls_datum_t issuer_signature = { NULL, 0 }; - int result; - - /* Check if the issuer is the same with the - * certificate. This is added in order for trusted - * certificates to be able to verify themselves. - */ - - result = - _gnutls_x509_get_signed_data(issuer->cert, "tbsCertificate", - &issuer_signed_data); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - - result = - _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate", - &cert_signed_data); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - - result = - _gnutls_x509_get_signature(issuer->cert, "signature", - &issuer_signature); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - - result = - _gnutls_x509_get_signature(cert->cert, "signature", - &cert_signature); - if (result < 0) { - gnutls_assert(); - goto cleanup; - } - - /* If the subject certificate is the same as the issuer - * return true. - */ - if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) - if (cert_signed_data.size == issuer_signed_data.size) { - if ((memcmp(cert_signed_data.data, issuer_signed_data.data, - cert_signed_data.size) == 0) && - (cert_signature.size == issuer_signature.size) && - (memcmp(cert_signature.data, issuer_signature.data, - cert_signature.size) == 0)) { - result = 1; - goto cleanup; - } - } + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t issuer_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_datum_t issuer_signature = { NULL, 0 }; + int result; + + /* Check if the issuer is the same with the + * certificate. This is added in order for trusted + * certificates to be able to verify themselves. + */ + + result = + _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate", + &issuer_signed_data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + + result = + _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", + &cert_signed_data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } - if (gnutls_x509_crt_get_ca_status(issuer, NULL) == 1) { - result = 1; - goto cleanup; - } else - gnutls_assert(); + result = + _gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + + result = + _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature); + if (result < 0) + { + gnutls_assert (); + goto cleanup; + } + + /* If the subject certificate is the same as the issuer + * return true. + */ + if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME)) + if (cert_signed_data.size == issuer_signed_data.size) + { + if ((memcmp (cert_signed_data.data, issuer_signed_data.data, + cert_signed_data.size) == 0) && + (cert_signature.size == issuer_signature.size) && + (memcmp (cert_signature.data, issuer_signature.data, + cert_signature.size) == 0)) + { + result = 1; + goto cleanup; + } + } + + if (gnutls_x509_crt_get_ca_status (issuer, NULL) == 1) + { + result = 1; + goto cleanup; + } + else + gnutls_assert (); - result = 0; + result = 0; - cleanup: - _gnutls_free_datum(&cert_signed_data); - _gnutls_free_datum(&issuer_signed_data); - _gnutls_free_datum(&cert_signature); - _gnutls_free_datum(&issuer_signature); - return result; +cleanup: + _gnutls_free_datum (&cert_signed_data); + _gnutls_free_datum (&issuer_signed_data); + _gnutls_free_datum (&cert_signature); + _gnutls_free_datum (&issuer_signature); + return result; } @@ -146,52 +156,55 @@ static int check_if_ca(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, * Returns 1 if they match and zero if they don't match. Otherwise * a negative value is returned to indicate error. */ -static -int is_issuer(gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert) +static int +is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert) { - gnutls_datum_t dn1 = { NULL, 0 }, dn2 = { - NULL, 0}; - int ret; + gnutls_datum_t dn1 = { NULL, 0 }, dn2 = + { + NULL, 0}; + int ret; - ret = _gnutls_x509_crt_get_raw_issuer_dn(cert, &dn1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - ret = _gnutls_x509_crt_get_raw_dn(issuer_cert, &dn2); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2); + ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2); - cleanup: - _gnutls_free_datum(&dn1); - _gnutls_free_datum(&dn2); - return ret; +cleanup: + _gnutls_free_datum (&dn1); + _gnutls_free_datum (&dn2); + return ret; } -static inline - gnutls_x509_crt_t find_issuer(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size) +static inline gnutls_x509_crt_t +find_issuer (gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * trusted_cas, int tcas_size) { - int i; + int i; - /* this is serial search. - */ + /* this is serial search. + */ - for (i = 0; i < tcas_size; i++) { - if (is_issuer(cert, trusted_cas[i]) == 1) - return trusted_cas[i]; + for (i = 0; i < tcas_size; i++) + { + if (is_issuer (cert, trusted_cas[i]) == 1) + return trusted_cas[i]; } - gnutls_assert(); - return NULL; + gnutls_assert (); + return NULL; } @@ -208,91 +221,102 @@ static inline * Output will hold some extra information about the verification * procedure. */ -static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t *trusted_cas, int tcas_size, - unsigned int flags, unsigned int *output) +static int +_gnutls_verify_certificate2 (gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, + unsigned int *output) { - gnutls_datum_t cert_signed_data = { NULL, 0 }; - gnutls_datum_t cert_signature = { NULL, 0 }; - gnutls_x509_crt_t issuer; - int ret, issuer_version, result; - - if (output) - *output = 0; - - if (tcas_size >= 1) - issuer = find_issuer(cert, trusted_cas, tcas_size); - else { - gnutls_assert(); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; - return 0; + gnutls_datum_t cert_signed_data = { NULL, 0 }; + gnutls_datum_t cert_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer; + int ret, issuer_version, result; + + if (output) + *output = 0; + + if (tcas_size >= 1) + issuer = find_issuer (cert, trusted_cas, tcas_size); + else + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + return 0; } - /* issuer is not in trusted certificate - * authorities. - */ - if (issuer == NULL) { - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; - gnutls_assert(); - return 0; + /* issuer is not in trusted certificate + * authorities. + */ + if (issuer == NULL) + { + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + gnutls_assert (); + return 0; } - issuer_version = gnutls_x509_crt_get_version(issuer); - if (issuer_version < 0) { - gnutls_assert(); - return issuer_version; + issuer_version = gnutls_x509_crt_get_version (issuer); + if (issuer_version < 0) + { + gnutls_assert (); + return issuer_version; } - if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && - !((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT) - && issuer_version == 1)) { - if (check_if_ca(cert, issuer, flags) == 0) { - gnutls_assert(); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; - return 0; + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && + !((flags & GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT) && issuer_version == 1)) + { + if (check_if_ca (cert, issuer, flags) == 0) + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; + return 0; } } - result = - _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate", - &cert_signed_data); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", + &cert_signed_data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = - _gnutls_x509_get_signature(cert->cert, "signature", - &cert_signature); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - ret = - _gnutls_x509_verify_signature(&cert_signed_data, &cert_signature, - issuer); - if (ret < 0) { - gnutls_assert(); - } else if (ret == 0) { - gnutls_assert(); - /* error. ignore it */ - if (output) - *output |= GNUTLS_CERT_INVALID; - ret = 0; + ret = + _gnutls_x509_verify_signature (&cert_signed_data, &cert_signature, + issuer); + if (ret < 0) + { + gnutls_assert (); + } + else if (ret == 0) + { + gnutls_assert (); + /* error. ignore it */ + if (output) + *output |= GNUTLS_CERT_INVALID; + ret = 0; } - /* If the certificate is not self signed check if the algorithms - * used are secure. If the certificate is self signed it doesn't - * really matter. - */ - if (is_issuer(cert, cert) == 0) { + /* If the certificate is not self signed check if the algorithms + * used are secure. If the certificate is self signed it doesn't + * really matter. + */ + if (is_issuer (cert, cert) == 0) + { int sigalg; - sigalg = gnutls_x509_crt_get_signature_algorithm(cert); + sigalg = gnutls_x509_crt_get_signature_algorithm (cert); if (((sigalg == GNUTLS_SIGN_RSA_MD2) && !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || @@ -304,13 +328,13 @@ static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, } } - result = ret; + result = ret; - cleanup: - _gnutls_free_datum(&cert_signed_data); - _gnutls_free_datum(&cert_signature); +cleanup: + _gnutls_free_datum (&cert_signed_data); + _gnutls_free_datum (&cert_signature); - return result; + return result; } /** @@ -325,10 +349,11 @@ static int _gnutls_verify_certificate2(gnutls_x509_crt_t cert, * A negative value is returned in case of an error. * **/ -int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer) +int +gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer) { - return is_issuer(cert, issuer); + return is_issuer (cert, issuer); } @@ -343,80 +368,89 @@ int gnutls_x509_crt_check_issuer(gnutls_x509_crt_t cert, * This function verifies a X.509 certificate list. The certificate list should * lead to a trusted CA in order to be trusted. */ -static -unsigned int _gnutls_x509_verify_certificate( - const gnutls_x509_crt_t *certificate_list, int clist_size, - const gnutls_x509_crt_t *trusted_cas, int tcas_size, - const gnutls_x509_crl_t *CRLs, int crls_size, - unsigned int flags) +static unsigned int +_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, + int clist_size, + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, + const gnutls_x509_crl_t * CRLs, + int crls_size, unsigned int flags) { - int i = 0, ret; - unsigned int status = 0, output; - - /* Verify the last certificate in the certificate path - * against the trusted CA certificate list. - * - * If no CAs are present returns CERT_INVALID. Thus works - * in self signed etc certificates. - */ - ret = - _gnutls_verify_certificate2(certificate_list[clist_size-1], - trusted_cas, tcas_size, flags, &output); - - if (ret == 0) { - /* if the last certificate in the certificate - * list is invalid, then the certificate is not - * trusted. - */ - gnutls_assert(); - status |= output; - status |= GNUTLS_CERT_INVALID; - return status; - } - - /* Check for revoked certificates in the chain - */ + int i = 0, ret; + unsigned int status = 0, output; + + /* Verify the last certificate in the certificate path + * against the trusted CA certificate list. + * + * If no CAs are present returns CERT_INVALID. Thus works + * in self signed etc certificates. + */ + ret = + _gnutls_verify_certificate2 (certificate_list[clist_size - 1], + trusted_cas, tcas_size, flags, &output); + + if (ret == 0) + { + /* if the last certificate in the certificate + * list is invalid, then the certificate is not + * trusted. + */ + gnutls_assert (); + status |= output; + status |= GNUTLS_CERT_INVALID; + return status; + } + + /* Check for revoked certificates in the chain + */ #ifdef ENABLE_PKI - for (i = 0; i < clist_size; i++) { - ret = gnutls_x509_crt_check_revocation(certificate_list[i], - CRLs, crls_size); - if (ret == 1) { /* revoked */ - status |= GNUTLS_CERT_REVOKED; - status |= GNUTLS_CERT_INVALID; - return status; + for (i = 0; i < clist_size; i++) + { + ret = gnutls_x509_crt_check_revocation (certificate_list[i], + CRLs, crls_size); + if (ret == 1) + { /* revoked */ + status |= GNUTLS_CERT_REVOKED; + status |= GNUTLS_CERT_INVALID; + return status; } } #endif - /* Check if the last certificate in the path is self signed. - * In that case ignore it (a certificate is trusted only if it - * leads to a trusted party by us, not the server's). - */ - if (gnutls_x509_crt_check_issuer( certificate_list[clist_size-1], - certificate_list[clist_size-1]) > 0 && clist_size > 0) { - clist_size--; - } - - /* Verify the certificate path (chain) - */ - for (i = clist_size-1; i > 0; i--) { - if (i - 1 < 0) - break; - - /* note that here we disable this V1 CA flag. So that no version 1 - * certificates can exist in a supplied chain. - */ - if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) - flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; - if ((ret = - _gnutls_verify_certificate2(certificate_list[i-1], - &certificate_list[i], 1, flags, NULL)) == 0) { - status |= GNUTLS_CERT_INVALID; - return status; + /* Check if the last certificate in the path is self signed. + * In that case ignore it (a certificate is trusted only if it + * leads to a trusted party by us, not the server's). + */ + if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], + certificate_list[clist_size - 1]) > 0 + && clist_size > 0) + { + clist_size--; + } + + /* Verify the certificate path (chain) + */ + for (i = clist_size - 1; i > 0; i--) + { + if (i - 1 < 0) + break; + + /* note that here we disable this V1 CA flag. So that no version 1 + * certificates can exist in a supplied chain. + */ + if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT)) + flags ^= GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT; + if ((ret = + _gnutls_verify_certificate2 (certificate_list[i - 1], + &certificate_list[i], 1, flags, + NULL)) == 0) + { + status |= GNUTLS_CERT_INVALID; + return status; } } - return 0; + return 0; } @@ -424,59 +458,64 @@ unsigned int _gnutls_x509_verify_certificate( * we use DER here, although we should use BER. It works fine * anyway. */ -static int decode_ber_digest_info(const gnutls_datum_t * info, - gnutls_mac_algorithm_t * hash, - opaque * digest, int *digest_size) +static int +decode_ber_digest_info (const gnutls_datum_t * info, + gnutls_mac_algorithm_t * hash, + opaque * digest, int *digest_size) { - ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; - int result; - char str[1024]; - int len; - - if ((result = asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.DigestInfo", - &dinfo)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; + int result; + char str[1024]; + int len; + + if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), + "GNUTLS.DigestInfo", + &dinfo)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&dinfo, info->data, info->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + result = asn1_der_decoding (&dinfo, info->data, info->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - len = sizeof(str) - 1; - result = - asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + len = sizeof (str) - 1; + result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - *hash = _gnutls_x509_oid2mac_algorithm(str); + *hash = _gnutls_x509_oid2mac_algorithm (str); - if (*hash == GNUTLS_MAC_UNKNOWN) { + if (*hash == GNUTLS_MAC_UNKNOWN) + { - _gnutls_x509_log("verify.c: HASH OID: %s\n", str); + _gnutls_x509_log ("verify.c: HASH OID: %s\n", str); - gnutls_assert(); - asn1_delete_structure(&dinfo); - return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; + gnutls_assert (); + asn1_delete_structure (&dinfo); + return GNUTLS_E_UNKNOWN_HASH_ALGORITHM; } - result = asn1_read_value(dinfo, "digest", digest, digest_size); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&dinfo); - return _gnutls_asn2err(result); + result = asn1_read_value (dinfo, "digest", digest, digest_size); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&dinfo); + return _gnutls_asn2err (result); } - asn1_delete_structure(&dinfo); + asn1_delete_structure (&dinfo); - return 0; + return 0; } /* if hash==MD5 then we do RSA-MD5 @@ -485,123 +524,131 @@ static int decode_ber_digest_info(const gnutls_datum_t * info, * params[1] is public key */ static int -_pkcs1_rsa_verify_sig(const gnutls_datum_t * text, - const gnutls_datum_t * signature, mpi_t * params, - int params_len) +_pkcs1_rsa_verify_sig (const gnutls_datum_t * text, + const gnutls_datum_t * signature, mpi_t * params, + int params_len) { - gnutls_mac_algorithm_t hash; - int ret; - opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE]; - int digest_size; - GNUTLS_HASH_HANDLE hd; - gnutls_datum_t decrypted; - - ret = - _gnutls_pkcs1_rsa_decrypt(&decrypted, signature, params, - params_len, 1); - if (ret < 0) { - gnutls_assert(); - return ret; + gnutls_mac_algorithm_t hash; + int ret; + opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE]; + int digest_size; + GNUTLS_HASH_HANDLE hd; + gnutls_datum_t decrypted; + + ret = + _gnutls_pkcs1_rsa_decrypt (&decrypted, signature, params, params_len, 1); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* decrypted is a BER encoded data of type DigestInfo - */ + /* decrypted is a BER encoded data of type DigestInfo + */ - digest_size = sizeof(digest); - if ((ret = - decode_ber_digest_info(&decrypted, &hash, digest, - &digest_size)) != 0) { - gnutls_assert(); - _gnutls_free_datum(&decrypted); - return ret; + digest_size = sizeof (digest); + if ((ret = + decode_ber_digest_info (&decrypted, &hash, digest, &digest_size)) != 0) + { + gnutls_assert (); + _gnutls_free_datum (&decrypted); + return ret; } - _gnutls_free_datum(&decrypted); + _gnutls_free_datum (&decrypted); - if (digest_size != _gnutls_hash_get_algo_len(hash)) { - gnutls_assert(); - return GNUTLS_E_ASN1_GENERIC_ERROR; + if (digest_size != _gnutls_hash_get_algo_len (hash)) + { + gnutls_assert (); + return GNUTLS_E_ASN1_GENERIC_ERROR; } - hd = _gnutls_hash_init(hash); - if (hd == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + hd = _gnutls_hash_init (hash); + if (hd == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(hd, text->data, text->size); - _gnutls_hash_deinit(hd, md); + _gnutls_hash (hd, text->data, text->size); + _gnutls_hash_deinit (hd, md); - if (memcmp(md, digest, digest_size) != 0) { - gnutls_assert(); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; + if (memcmp (md, digest, digest_size) != 0) + { + gnutls_assert (); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; } - return 0; + return 0; } /* Hashes input data and verifies a DSA signature. */ static int -dsa_verify_sig(const gnutls_datum_t * text, - const gnutls_datum_t * signature, mpi_t * params, - int params_len) +dsa_verify_sig (const gnutls_datum_t * text, + const gnutls_datum_t * signature, mpi_t * params, + int params_len) { - int ret; - opaque _digest[MAX_HASH_SIZE]; - gnutls_datum_t digest; - GNUTLS_HASH_HANDLE hd; + int ret; + opaque _digest[MAX_HASH_SIZE]; + gnutls_datum_t digest; + GNUTLS_HASH_HANDLE hd; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (hd == NULL) { - gnutls_assert(); - return GNUTLS_E_HASH_FAILED; + hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (hd == NULL) + { + gnutls_assert (); + return GNUTLS_E_HASH_FAILED; } - _gnutls_hash(hd, text->data, text->size); - _gnutls_hash_deinit(hd, _digest); + _gnutls_hash (hd, text->data, text->size); + _gnutls_hash_deinit (hd, _digest); - digest.data = _digest; - digest.size = 20; + digest.data = _digest; + digest.size = 20; - ret = _gnutls_dsa_verify(&digest, signature, params, params_len); + ret = _gnutls_dsa_verify (&digest, signature, params, params_len); - return ret; + return ret; } /* Verifies the signature data, and returns 0 if not verified, * or 1 otherwise. */ -static int verify_sig(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_pk_algorithm_t pk, mpi_t * issuer_params, - int issuer_params_size) +static int +verify_sig (const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_pk_algorithm_t pk, mpi_t * issuer_params, + int issuer_params_size) { - switch (pk) { + switch (pk) + { case GNUTLS_PK_RSA: - if (_pkcs1_rsa_verify_sig - (tbs, signature, issuer_params, issuer_params_size) != 0) { - gnutls_assert(); - return 0; + if (_pkcs1_rsa_verify_sig + (tbs, signature, issuer_params, issuer_params_size) != 0) + { + gnutls_assert (); + return 0; } - return 1; - break; + return 1; + break; case GNUTLS_PK_DSA: - if (dsa_verify_sig - (tbs, signature, issuer_params, issuer_params_size) != 0) { - gnutls_assert(); - return 0; + if (dsa_verify_sig + (tbs, signature, issuer_params, issuer_params_size) != 0) + { + gnutls_assert (); + return 0; } - return 1; - break; + return 1; + break; default: - gnutls_assert(); - return GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return GNUTLS_E_INTERNAL_ERROR; } } @@ -612,39 +659,42 @@ static int verify_sig(const gnutls_datum_t * tbs, * 'tbs' is the signed data * 'signature' is the signature! */ -int _gnutls_x509_verify_signature(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_x509_crt_t issuer) +int +_gnutls_x509_verify_signature (const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer) { - mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; - int ret, issuer_params_size, i; - - /* Read the MPI parameters from the issuer's certificate. - */ - issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; - ret = - _gnutls_x509_crt_get_mpis(issuer, issuer_params, - &issuer_params_size); - if (ret < 0) { - gnutls_assert(); - return ret; + mpi_t issuer_params[MAX_PUBLIC_PARAMS_SIZE]; + int ret, issuer_params_size, i; + + /* Read the MPI parameters from the issuer's certificate. + */ + issuer_params_size = MAX_PUBLIC_PARAMS_SIZE; + ret = + _gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = - verify_sig(tbs, signature, - gnutls_x509_crt_get_pk_algorithm(issuer, NULL), - issuer_params, issuer_params_size); - if (ret < 0) { - gnutls_assert(); + ret = + verify_sig (tbs, signature, + gnutls_x509_crt_get_pk_algorithm (issuer, NULL), + issuer_params, issuer_params_size); + if (ret < 0) + { + gnutls_assert (); } - /* release all allocated MPIs - */ - for (i = 0; i < issuer_params_size; i++) { - _gnutls_mpi_release(&issuer_params[i]); + /* release all allocated MPIs + */ + for (i = 0; i < issuer_params_size; i++) + { + _gnutls_mpi_release (&issuer_params[i]); } - return ret; + return ret; } /* verifies if the certificate is properly signed. @@ -653,19 +703,21 @@ int _gnutls_x509_verify_signature(const gnutls_datum_t * tbs, * 'tbs' is the signed data * 'signature' is the signature! */ -int _gnutls_x509_privkey_verify_signature(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, - gnutls_x509_privkey_t issuer) +int +_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer) { - int ret; + int ret; - ret = verify_sig(tbs, signature, issuer->pk_algorithm, - issuer->params, issuer->params_size); - if (ret < 0) { - gnutls_assert(); + ret = verify_sig (tbs, signature, issuer->pk_algorithm, + issuer->params, issuer->params_size); + if (ret < 0) + { + gnutls_assert (); } - return ret; + return ret; } /** @@ -702,22 +754,26 @@ int _gnutls_x509_privkey_verify_signature(const gnutls_datum_t * tbs, * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, - int cert_list_length, const gnutls_x509_crt_t * CA_list, - int CA_list_length, const gnutls_x509_crl_t * CRL_list, - int CRL_list_length, unsigned int flags, unsigned int *verify) +int +gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, unsigned int flags, + unsigned int *verify) { - if (cert_list == NULL || cert_list_length == 0) - return GNUTLS_E_NO_CERTIFICATE_FOUND; + if (cert_list == NULL || cert_list_length == 0) + return GNUTLS_E_NO_CERTIFICATE_FOUND; - /* Verify certificate - */ - *verify = - _gnutls_x509_verify_certificate(cert_list, cert_list_length, - CA_list, CA_list_length, CRL_list, - CRL_list_length, flags); + /* Verify certificate + */ + *verify = + _gnutls_x509_verify_certificate (cert_list, cert_list_length, + CA_list, CA_list_length, CRL_list, + CRL_list_length, flags); - return 0; + return 0; } /** @@ -734,22 +790,25 @@ int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, unsigned int *verify) +int +gnutls_x509_crt_verify (gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify) { - int ret; - /* Verify certificate - */ - ret = - _gnutls_verify_certificate2(cert, CA_list, CA_list_length, flags, - verify); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return 0; + int ret; + /* Verify certificate + */ + ret = + _gnutls_verify_certificate2 (cert, CA_list, CA_list_length, flags, + verify); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return 0; } @@ -768,10 +827,11 @@ int gnutls_x509_crt_verify(gnutls_x509_crt_t cert, * A negative value is returned in case of an error. * **/ -int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t cert, - gnutls_x509_crt_t issuer) +int +gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert, + gnutls_x509_crt_t issuer) { - return is_crl_issuer(cert, issuer); + return is_crl_issuer (cert, issuer); } /** @@ -789,71 +849,76 @@ int gnutls_x509_crl_check_issuer(gnutls_x509_crl_t cert, * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crl_verify(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * CA_list, - int CA_list_length, unsigned int flags, - unsigned int *verify) +int +gnutls_x509_crl_verify (gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify) { - int ret; - /* Verify crl - */ - ret = _gnutls_verify_crl2(crl, CA_list, CA_list_length, flags, verify); - if (ret < 0) { - gnutls_assert(); - return ret; + int ret; + /* Verify crl + */ + ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify); + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } /* The same as above, but here we've got a CRL. */ -static -int is_crl_issuer(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert) +static int +is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert) { - gnutls_datum_t dn1 = { NULL, 0 }, dn2 = { - NULL, 0}; - int ret; + gnutls_datum_t dn1 = { NULL, 0 }, dn2 = + { + NULL, 0}; + int ret; - ret = _gnutls_x509_crl_get_raw_issuer_dn(crl, &dn1); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_x509_crl_get_raw_issuer_dn (crl, &dn1); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - ret = _gnutls_x509_crt_get_raw_dn(issuer_cert, &dn2); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2); + ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2); - cleanup: - _gnutls_free_datum(&dn1); - _gnutls_free_datum(&dn2); +cleanup: + _gnutls_free_datum (&dn1); + _gnutls_free_datum (&dn2); - return ret; + return ret; } -static inline - gnutls_x509_crt_t find_crl_issuer(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * - trusted_cas, int tcas_size) +static inline gnutls_x509_crt_t +find_crl_issuer (gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * trusted_cas, int tcas_size) { - int i; + int i; - /* this is serial search. - */ + /* this is serial search. + */ - for (i = 0; i < tcas_size; i++) { - if (is_crl_issuer(crl, trusted_cas[i]) == 1) - return trusted_cas[i]; + for (i = 0; i < tcas_size; i++) + { + if (is_crl_issuer (crl, trusted_cas[i]) == 1) + return trusted_cas[i]; } - gnutls_assert(); - return NULL; + gnutls_assert (); + return NULL; } /* @@ -865,98 +930,104 @@ static inline * Output will hold information about the verification * procedure. */ -static int _gnutls_verify_crl2(gnutls_x509_crl_t crl, - const gnutls_x509_crt_t * trusted_cas, - int tcas_size, unsigned int flags, - unsigned int *output) +static int +_gnutls_verify_crl2 (gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * trusted_cas, + int tcas_size, unsigned int flags, unsigned int *output) { /* CRL is ignored for now */ - gnutls_datum_t crl_signed_data = { NULL, 0 }; - gnutls_datum_t crl_signature = { NULL, 0 }; - gnutls_x509_crt_t issuer; - int ret, result; - - if (output) - *output = 0; - - if (tcas_size >= 1) - issuer = find_crl_issuer(crl, trusted_cas, tcas_size); - else { - gnutls_assert(); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; - return 0; + gnutls_datum_t crl_signed_data = { NULL, 0 }; + gnutls_datum_t crl_signature = { NULL, 0 }; + gnutls_x509_crt_t issuer; + int ret, result; + + if (output) + *output = 0; + + if (tcas_size >= 1) + issuer = find_crl_issuer (crl, trusted_cas, tcas_size); + else + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + return 0; } - /* issuer is not in trusted certificate - * authorities. - */ - if (issuer == NULL) { - gnutls_assert(); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; - return 0; + /* issuer is not in trusted certificate + * authorities. + */ + if (issuer == NULL) + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID; + return 0; } - if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) { - if (gnutls_x509_crt_get_ca_status(issuer, NULL) != 1) { - gnutls_assert(); - if (output) - *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; - return 0; + if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN)) + { + if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1) + { + gnutls_assert (); + if (output) + *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; + return 0; } } - result = - _gnutls_x509_get_signed_data(crl->crl, "tbsCertList", - &crl_signed_data); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = - _gnutls_x509_get_signature(crl->crl, "signature", &crl_signature); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - ret = - _gnutls_x509_verify_signature(&crl_signed_data, &crl_signature, - issuer); - if (ret < 0) { - gnutls_assert(); - } else if (ret == 0) { - gnutls_assert(); - /* error. ignore it */ - if (output) - *output |= GNUTLS_CERT_INVALID; - ret = 0; + ret = + _gnutls_x509_verify_signature (&crl_signed_data, &crl_signature, issuer); + if (ret < 0) + { + gnutls_assert (); } - + else if (ret == 0) { - int sigalg; + gnutls_assert (); + /* error. ignore it */ + if (output) + *output |= GNUTLS_CERT_INVALID; + ret = 0; + } - sigalg = gnutls_x509_crl_get_signature_algorithm(crl); + { + int sigalg; - if (((sigalg == GNUTLS_SIGN_RSA_MD2) && - !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || - ((sigalg == GNUTLS_SIGN_RSA_MD5) && - !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) - { - if (output) - *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; - } - } + sigalg = gnutls_x509_crl_get_signature_algorithm (crl); + + if (((sigalg == GNUTLS_SIGN_RSA_MD2) && + !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) || + ((sigalg == GNUTLS_SIGN_RSA_MD5) && + !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5))) + { + if (output) + *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID; + } + } - result = ret; + result = ret; - cleanup: - _gnutls_free_datum(&crl_signed_data); - _gnutls_free_datum(&crl_signature); +cleanup: + _gnutls_free_datum (&crl_signed_data); + _gnutls_free_datum (&crl_signature); - return result; + return result; } #endif diff --git a/lib/x509/verify.h b/lib/x509/verify.h index deb28e8638..3f2bbfa1e9 100644 --- a/lib/x509/verify.h +++ b/lib/x509/verify.h @@ -24,9 +24,11 @@ #include "x509.h" -int gnutls_x509_crt_is_issuer(gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); -int _gnutls_x509_verify_signature(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, gnutls_x509_crt_t issuer); -int _gnutls_x509_privkey_verify_signature(const gnutls_datum_t * tbs, - const gnutls_datum_t * signature, gnutls_x509_privkey_t issuer); +int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer); +int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_x509_crt_t issuer); +int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, + const gnutls_datum_t * signature, + gnutls_x509_privkey_t issuer); diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 71b145923e..3d25d74fb4 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -49,22 +49,25 @@ * Returns 0 on success. * **/ -int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) +int +gnutls_x509_crt_init (gnutls_x509_crt_t * cert) { - *cert = gnutls_calloc(1, sizeof(gnutls_x509_crt_int)); - - if (*cert) { - int result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Certificate", - &(*cert)->cert); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free(*cert); - return _gnutls_asn2err(result); + *cert = gnutls_calloc (1, sizeof (gnutls_x509_crt_int)); + + if (*cert) + { + int result = asn1_create_element (_gnutls_get_pkix (), + "PKIX1.Certificate", + &(*cert)->cert); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_free (*cert); + return _gnutls_asn2err (result); } - return 0; /* success */ + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /*- @@ -77,45 +80,49 @@ int gnutls_x509_crt_init(gnutls_x509_crt_t * cert) * Returns 0 on success. * -*/ -int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src) +int +_gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) { - int ret; - size_t der_size; - opaque *der; - gnutls_datum_t tmp; + int ret; + size_t der_size; + opaque *der; + gnutls_datum_t tmp; - ret = - gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, NULL, &der_size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - return ret; + ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size); + if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_assert (); + return ret; } - der = gnutls_alloca(der_size); - if (der == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + der = gnutls_alloca (der_size); + if (der == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - ret = gnutls_x509_crt_export(src, GNUTLS_X509_FMT_DER, der, &der_size); - if (ret < 0) { - gnutls_assert(); - gnutls_afree(der); - return ret; + ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size); + if (ret < 0) + { + gnutls_assert (); + gnutls_afree (der); + return ret; } - tmp.data = der; - tmp.size = der_size; - ret = gnutls_x509_crt_import(dest, &tmp, GNUTLS_X509_FMT_DER); + tmp.data = der; + tmp.size = der_size; + ret = gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER); - gnutls_afree(der); + gnutls_afree (der); - if (ret < 0) { - gnutls_assert(); - return ret; + if (ret < 0) + { + gnutls_assert (); + return ret; } - return 0; + return 0; } @@ -126,15 +133,16 @@ int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src) * This function will deinitialize a CRL structure. * **/ -void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert) +void +gnutls_x509_crt_deinit (gnutls_x509_crt_t cert) { - if (!cert) - return; + if (!cert) + return; - if (cert->cert) - asn1_delete_structure(&cert->cert); + if (cert->cert) + asn1_delete_structure (&cert->cert); - gnutls_free(cert); + gnutls_free (cert); } /** @@ -152,72 +160,77 @@ void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert) * Returns 0 on success. * **/ -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +int +gnutls_x509_crt_import (gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - opaque *signature = NULL; - - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; - - /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_X509_CERT2, data->data, data->size, - &out); - - if (result <= 0) { - /* try for the second header */ - result = - _gnutls_fbase64_decode(PEM_X509_CERT, data->data, - data->size, &out); - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + int result = 0, need_free = 0; + gnutls_datum_t _data; + opaque *signature = NULL; + + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + _data.data = data->data; + _data.size = data->size; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; + + /* Try the first header */ + result = + _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out); + + if (result <= 0) + { + /* try for the second header */ + result = + _gnutls_fbase64_decode (PEM_X509_CERT, data->data, + data->size, &out); + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - result = asn1_der_decoding(&cert->cert, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) { - result = _gnutls_asn2err(result); - gnutls_assert(); - goto cleanup; + result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) + { + result = _gnutls_asn2err (result); + gnutls_assert (); + goto cleanup; } - /* Since we do not want to disable any extension - */ - cert->use_extensions = 1; - if (need_free) - _gnutls_free_datum(&_data); + /* Since we do not want to disable any extension + */ + cert->use_extensions = 1; + if (need_free) + _gnutls_free_datum (&_data); - return 0; + return 0; - cleanup: - gnutls_free(signature); - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + gnutls_free (signature); + if (need_free) + _gnutls_free_datum (&_data); + return result; } @@ -239,17 +252,19 @@ int gnutls_x509_crt_import(gnutls_x509_crt_t cert, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, - size_t * sizeof_buf) +int +gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, + size_t * sizeof_buf) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn(cert->cert, - "tbsCertificate.issuer.rdnSequence", buf, - sizeof_buf); + return _gnutls_x509_parse_dn (cert->cert, + "tbsCertificate.issuer.rdnSequence", buf, + sizeof_buf); } /** @@ -279,19 +294,21 @@ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, int indx, - unsigned int raw_flag, void *buf, - size_t * sizeof_buf) +int +gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn_oid(cert->cert, - "tbsCertificate.issuer.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + return _gnutls_x509_parse_dn_oid (cert->cert, + "tbsCertificate.issuer.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -311,18 +328,19 @@ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, - int indx, void *oid, - size_t * sizeof_oid) +int +gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, + int indx, void *oid, size_t * sizeof_oid) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn_oid(cert->cert, - "tbsCertificate.issuer.rdnSequence", - indx, oid, sizeof_oid); + return _gnutls_x509_get_dn_oid (cert->cert, + "tbsCertificate.issuer.rdnSequence", + indx, oid, sizeof_oid); } /** @@ -343,17 +361,19 @@ int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, - size_t * sizeof_buf) +int +gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, + size_t * sizeof_buf) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn(cert->cert, - "tbsCertificate.subject.rdnSequence", buf, - sizeof_buf); + return _gnutls_x509_parse_dn (cert->cert, + "tbsCertificate.subject.rdnSequence", buf, + sizeof_buf); } /** @@ -383,18 +403,20 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, - int indx, unsigned int raw_flag, - void *buf, size_t * sizeof_buf) +int +gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, + int indx, unsigned int raw_flag, + void *buf, size_t * sizeof_buf) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn_oid(cert->cert, - "tbsCertificate.subject.rdnSequence", - oid, indx, raw_flag, buf, sizeof_buf); + return _gnutls_x509_parse_dn_oid (cert->cert, + "tbsCertificate.subject.rdnSequence", + oid, indx, raw_flag, buf, sizeof_buf); } /** @@ -414,17 +436,19 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, - int indx, void *oid, size_t * sizeof_oid) +int +gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, + int indx, void *oid, size_t * sizeof_oid) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_get_dn_oid(cert->cert, - "tbsCertificate.subject.rdnSequence", - indx, oid, sizeof_oid); + return _gnutls_x509_get_dn_oid (cert->cert, + "tbsCertificate.subject.rdnSequence", + indx, oid, sizeof_oid); } /** @@ -437,33 +461,36 @@ int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, * Returns a negative value on error. * **/ -int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert) +int +gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert) { - int result; - gnutls_datum_t sa; + int result; + gnutls_datum_t sa; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Read the signature algorithm. Note that parameters are not - * read. They will be read from the issuer's certificate if needed. - */ - result = - _gnutls_x509_read_value(cert->cert, "signatureAlgorithm.algorithm", - &sa, 0); + /* Read the signature algorithm. Note that parameters are not + * read. They will be read from the issuer's certificate if needed. + */ + result = + _gnutls_x509_read_value (cert->cert, "signatureAlgorithm.algorithm", + &sa, 0); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - result = _gnutls_x509_oid2sign_algorithm(sa.data); + result = _gnutls_x509_oid2sign_algorithm (sa.data); - _gnutls_free_datum(&sa); + _gnutls_free_datum (&sa); - return result; + return result; } /** @@ -475,28 +502,31 @@ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert) * Returns a negative value on error. * **/ -int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert) +int +gnutls_x509_crt_get_version (gnutls_x509_crt_t cert) { - opaque version[5]; - int len, result; + opaque version[5]; + int len, result; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - len = sizeof(version); - if ((result = - asn1_read_value(cert->cert, "tbsCertificate.version", version, - &len)) != ASN1_SUCCESS) { + len = sizeof (version); + if ((result = + asn1_read_value (cert->cert, "tbsCertificate.version", version, + &len)) != ASN1_SUCCESS) + { - if (result == ASN1_ELEMENT_NOT_FOUND) - return 1; /* the DEFAULT version */ - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + return 1; /* the DEFAULT version */ + gnutls_assert (); + return _gnutls_asn2err (result); } - return (int) version[0] + 1; + return (int) version[0] + 1; } /** @@ -508,15 +538,17 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert) * Returns (time_t)-1 on error. * **/ -time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) +time_t +gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert) { - if (cert == NULL) { - gnutls_assert(); - return (time_t) - 1; + if (cert == NULL) + { + gnutls_assert (); + return (time_t) - 1; } - return _gnutls_x509_get_time(cert->cert, - "tbsCertificate.validity.notBefore"); + return _gnutls_x509_get_time (cert->cert, + "tbsCertificate.validity.notBefore"); } /** @@ -528,15 +560,17 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert) * Returns (time_t)-1 on error. * **/ -time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) +time_t +gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) { - if (cert == NULL) { - gnutls_assert(); - return (time_t) - 1; + if (cert == NULL) + { + gnutls_assert (); + return (time_t) - 1; } - return _gnutls_x509_get_time(cert->cert, - "tbsCertificate.validity.notAfter"); + return _gnutls_x509_get_time (cert->cert, + "tbsCertificate.validity.notAfter"); } /** @@ -554,28 +588,30 @@ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert) * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, - size_t * result_size) +int +gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, + size_t * result_size) { - int ret, len; + int ret, len; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - - len = *result_size; - ret = - asn1_read_value(cert->cert, "tbsCertificate.serialNumber", result, - &len); - *result_size = len; - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(ret); + len = *result_size; + ret = + asn1_read_value (cert->cert, "tbsCertificate.serialNumber", result, &len); + *result_size = len; + + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (ret); } - return 0; + return 0; } /** @@ -592,69 +628,76 @@ int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, - size_t * ret_size, - unsigned int *critical) +int +gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, + size_t * ret_size, unsigned int *critical) { - int result, len; - gnutls_datum_t id; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, len; + gnutls_datum_t id; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (ret) - memset(ret, 0, *ret_size); - else - *ret_size = 0; + if (ret) + memset (ret, 0, *ret_size); + else + *ret_size = 0; - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &id, - critical)) < 0) { - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id, + critical)) < 0) + { + return result; } - if (id.size == 0 || id.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (id.size == 0 || id.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectKeyIdentifier", &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - _gnutls_free_datum(&id); - return _gnutls_asn2err(result); + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + _gnutls_free_datum (&id); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&c2, id.data, id.size, NULL); - _gnutls_free_datum(&id); + result = asn1_der_decoding (&c2, id.data, id.size, NULL); + _gnutls_free_datum (&id); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - len = *ret_size; - result = asn1_read_value(c2, "", ret, &len); + len = *ret_size; + result = asn1_read_value (c2, "", ret, &len); - *ret_size = len; - asn1_delete_structure(&c2); + *ret_size = len; + asn1_delete_structure (&c2); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) + { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /** @@ -672,69 +715,77 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void *ret, * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *ret, - size_t * ret_size, - unsigned int *critical) +int +gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret, + size_t * ret_size, + unsigned int *critical) { - int result, len; - gnutls_datum_t id; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, len; + gnutls_datum_t id; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (ret) - memset(ret, 0, *ret_size); - else - *ret_size = 0; + if (ret) + memset (ret, 0, *ret_size); + else + *ret_size = 0; - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &id, - critical)) < 0) { - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id, + critical)) < 0) + { + return result; } - if (id.size == 0 || id.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (id.size == 0 || id.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.AuthorityKeyIdentifier", &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - _gnutls_free_datum(&id); - return _gnutls_asn2err(result); + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + _gnutls_free_datum (&id); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&c2, id.data, id.size, NULL); - _gnutls_free_datum(&id); + result = asn1_der_decoding (&c2, id.data, id.size, NULL); + _gnutls_free_datum (&id); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - len = *ret_size; - result = asn1_read_value(c2, "keyIdentifier", ret, &len); + len = *ret_size; + result = asn1_read_value (c2, "keyIdentifier", ret, &len); - *ret_size = len; - asn1_delete_structure(&c2); + *ret_size = len; + asn1_delete_structure (&c2); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) + { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /** @@ -754,87 +805,94 @@ int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void *ret, * or a negative value on error. * **/ -int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, - unsigned int *bits) +int +gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits) { - int result; + int result; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = - _gnutls_x509_get_pk_algorithm(cert->cert, - "tbsCertificate.subjectPublicKeyInfo", - bits); + result = + _gnutls_x509_get_pk_algorithm (cert->cert, + "tbsCertificate.subjectPublicKeyInfo", + bits); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return result; + return result; } /* returns the type and the name. */ -static int parse_general_name(ASN1_TYPE src, const char *src_name, - int seq, void *name, size_t * name_size) +static int +parse_general_name (ASN1_TYPE src, const char *src_name, + int seq, void *name, size_t * name_size) { - int len; - char num[MAX_INT_DIGITS]; - char nptr[128]; - int result; - opaque choice_type[128]; - gnutls_x509_subject_alt_name_t type; + int len; + char num[MAX_INT_DIGITS]; + char nptr[128]; + int result; + opaque choice_type[128]; + gnutls_x509_subject_alt_name_t type; - seq++; /* 0->1, 1->2 etc */ - _gnutls_int2str(seq, num); + seq++; /* 0->1, 1->2 etc */ + _gnutls_int2str (seq, num); - _gnutls_str_cpy(nptr, sizeof(nptr), src_name); - if (src_name[0] != 0) - _gnutls_str_cat(nptr, sizeof(nptr), "."); + _gnutls_str_cpy (nptr, sizeof (nptr), src_name); + if (src_name[0] != 0) + _gnutls_str_cat (nptr, sizeof (nptr), "."); - _gnutls_str_cat(nptr, sizeof(nptr), "?"); - _gnutls_str_cat(nptr, sizeof(nptr), num); + _gnutls_str_cat (nptr, sizeof (nptr), "?"); + _gnutls_str_cat (nptr, sizeof (nptr), num); - len = sizeof(choice_type); - result = asn1_read_value(src, nptr, choice_type, &len); + len = sizeof (choice_type); + result = asn1_read_value (src, nptr, choice_type, &len); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) + { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - type = _gnutls_x509_san_find_type(choice_type); - if (type == (gnutls_x509_subject_alt_name_t) - 1) { - gnutls_assert(); - return GNUTLS_E_X509_UNKNOWN_SAN; + type = _gnutls_x509_san_find_type (choice_type); + if (type == (gnutls_x509_subject_alt_name_t) - 1) + { + gnutls_assert (); + return GNUTLS_E_X509_UNKNOWN_SAN; } - _gnutls_str_cat(nptr, sizeof(nptr), "."); - _gnutls_str_cat(nptr, sizeof(nptr), choice_type); + _gnutls_str_cat (nptr, sizeof (nptr), "."); + _gnutls_str_cat (nptr, sizeof (nptr), choice_type); - len = *name_size; - result = asn1_read_value(src, nptr, name, &len); - *name_size = len; + len = *name_size; + result = asn1_read_value (src, nptr, name, &len); + *name_size = len; - if (result == ASN1_MEM_ERROR) - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (result == ASN1_MEM_ERROR) + return GNUTLS_E_SHORT_MEMORY_BUFFER; - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return type; + return type; } /** @@ -860,65 +918,72 @@ static int parse_general_name(ASN1_TYPE src, const char *src_name, * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; * **/ -int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, void *ret, - size_t * ret_size, - unsigned int *critical) +int +gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical) { - int result; - gnutls_datum_t dnsname; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - gnutls_x509_subject_alt_name_t type; + int result; + gnutls_datum_t dnsname; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + gnutls_x509_subject_alt_name_t type; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (ret) - memset(ret, 0, *ret_size); - else - *ret_size = 0; + if (ret) + memset (ret, 0, *ret_size); + else + *ret_size = 0; - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &dnsname, - critical)) < 0) { - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.17", 0, &dnsname, + critical)) < 0) + { + return result; } - if (dnsname.size == 0 || dnsname.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (dnsname.size == 0 || dnsname.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - _gnutls_free_datum(&dnsname); - return _gnutls_asn2err(result); + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.SubjectAltName", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + _gnutls_free_datum (&dnsname); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&c2, dnsname.data, dnsname.size, NULL); - _gnutls_free_datum(&dnsname); + result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL); + _gnutls_free_datum (&dnsname); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - result = parse_general_name(c2, "", seq, ret, ret_size); + result = parse_general_name (c2, "", seq, ret, ret_size); - asn1_delete_structure(&c2); + asn1_delete_structure (&c2); - if (result < 0) { - return result; + if (result < 0) + { + return result; } - type = result; + type = result; - return type; + return type; } /** @@ -936,42 +1001,45 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * **/ -int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, - unsigned int *critical) +int +gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) { - int result; - gnutls_datum_t basicConstraints; - int ca; + int result; + gnutls_datum_t basicConstraints; + int ca; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0, - &basicConstraints, - critical)) < 0) { - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0, + &basicConstraints, critical)) < 0) + { + return result; } - if (basicConstraints.size == 0 || basicConstraints.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (basicConstraints.size == 0 || basicConstraints.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = - _gnutls_x509_ext_extract_basicConstraints(&ca, - basicConstraints.data, - basicConstraints.size); - _gnutls_free_datum(&basicConstraints); + result = + _gnutls_x509_ext_extract_basicConstraints (&ca, + basicConstraints.data, + basicConstraints.size); + _gnutls_free_datum (&basicConstraints); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return ca; + return ca; } /** @@ -993,42 +1061,47 @@ int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * **/ -int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, - unsigned int *key_usage, - unsigned int *critical) +int +gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical) { - int result; - gnutls_datum_t keyUsage; - uint16 _usage; + int result; + gnutls_datum_t keyUsage; + uint16 _usage; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, &keyUsage, - critical)) < 0) { - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage, + critical)) < 0) + { + return result; } - if (keyUsage.size == 0 || keyUsage.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (keyUsage.size == 0 || keyUsage.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = _gnutls_x509_ext_extract_keyUsage(&_usage, keyUsage.data, - keyUsage.size); - _gnutls_free_datum(&keyUsage); + result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data, + keyUsage.size); + _gnutls_free_datum (&keyUsage); - *key_usage = _usage; + *key_usage = _usage; - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -1049,45 +1122,50 @@ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * **/ -int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, - const char *oid, int indx, - void *buf, size_t * sizeof_buf, - unsigned int *critical) +int +gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, + void *buf, size_t * sizeof_buf, + unsigned int *critical) { - int result; - gnutls_datum_t output; + int result; + gnutls_datum_t output; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if ((result = - _gnutls_x509_crt_get_extension(cert, oid, indx, &output, - critical)) < 0) { - gnutls_assert(); - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, oid, indx, &output, + critical)) < 0) + { + gnutls_assert (); + return result; } - if (output.size == 0 || output.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (output.size == 0 || output.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if (output.size > (unsigned int) *sizeof_buf) { - *sizeof_buf = output.size; - _gnutls_free_datum(&output); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (output.size > (unsigned int) *sizeof_buf) + { + *sizeof_buf = output.size; + _gnutls_free_datum (&output); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *sizeof_buf = output.size; + *sizeof_buf = output.size; - if (buf) - memcpy(buf, output.data, output.size); + if (buf) + memcpy (buf, output.data, output.size); - _gnutls_free_datum(&output); + _gnutls_free_datum (&output); - return 0; + return 0; } @@ -1106,82 +1184,86 @@ int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. * **/ -int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx, - void *oid, size_t * sizeof_oid) +int +gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, + void *oid, size_t * sizeof_oid) { - int result; + int result; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = - _gnutls_x509_crt_get_extension_oid(cert, indx, oid, sizeof_oid); - if (result < 0) { - return result; + result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, sizeof_oid); + if (result < 0) + { + return result; } - return 0; + return 0; } -static -int _gnutls_x509_crt_get_raw_dn2(gnutls_x509_crt_t cert, - const char *whom, gnutls_datum_t * start) +static int +_gnutls_x509_crt_get_raw_dn2 (gnutls_x509_crt_t cert, + const char *whom, gnutls_datum_t * start) { - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - int result, len1; - int start1, end1; - gnutls_datum_t signed_data = { NULL, 0 }; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + int result, len1; + int start1, end1; + gnutls_datum_t signed_data = { NULL, 0 }; - /* get the issuer of 'cert' - */ - if ((result = - asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertificate", - &c2)) != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + /* get the issuer of 'cert' + */ + if ((result = + asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertificate", + &c2)) != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = - _gnutls_x509_get_signed_data(cert->cert, "tbsCertificate", - &signed_data); - if (result < 0) { - gnutls_assert(); - goto cleanup; + result = + _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", &signed_data); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - result = - asn1_der_decoding(&c2, signed_data.data, signed_data.size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - result = _gnutls_asn2err(result); - goto cleanup; + result = asn1_der_decoding (&c2, signed_data.data, signed_data.size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + result = _gnutls_asn2err (result); + goto cleanup; } - result = - asn1_der_decoding_startEnd(c2, signed_data.data, signed_data.size, - whom, &start1, &end1); + result = + asn1_der_decoding_startEnd (c2, signed_data.data, signed_data.size, + whom, &start1, &end1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; } - len1 = end1 - start1 + 1; + len1 = end1 - start1 + 1; - _gnutls_set_datum(start, &signed_data.data[start1], len1); + _gnutls_set_datum (start, &signed_data.data[start1], len1); - result = 0; + result = 0; - cleanup: - asn1_delete_structure(&c2); - _gnutls_free_datum(&signed_data); - return result; +cleanup: + asn1_delete_structure (&c2); + _gnutls_free_datum (&signed_data); + return result; } /*- @@ -1195,10 +1277,11 @@ int _gnutls_x509_crt_get_raw_dn2(gnutls_x509_crt_t cert, * Returns 0 on success or a negative value on error. * -*/ -int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, - gnutls_datum_t * start) +int +_gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, + gnutls_datum_t * start) { - return _gnutls_x509_crt_get_raw_dn2(cert, "issuer", start); + return _gnutls_x509_crt_get_raw_dn2 (cert, "issuer", start); } /*- @@ -1212,10 +1295,10 @@ int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, * Returns 0 on success, or a negative value on error. * -*/ -int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, - gnutls_datum_t * start) +int +_gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, gnutls_datum_t * start) { - return _gnutls_x509_crt_get_raw_dn2(cert, "subject", start); + return _gnutls_x509_crt_get_raw_dn2 (cert, "subject", start); } @@ -1236,44 +1319,47 @@ int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, - void *buf, size_t * sizeof_buf) +int +gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, + gnutls_digest_algorithm_t algo, + void *buf, size_t * sizeof_buf) { - opaque *cert_buf; - int cert_buf_size; - int result; - gnutls_datum_t tmp; + opaque *cert_buf; + int cert_buf_size; + int result; + gnutls_datum_t tmp; - if (sizeof_buf == 0 || cert == NULL) { - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_buf == 0 || cert == NULL) + { + return GNUTLS_E_INVALID_REQUEST; } - cert_buf_size = 0; - asn1_der_coding(cert->cert, "", NULL, &cert_buf_size, NULL); + cert_buf_size = 0; + asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL); - cert_buf = gnutls_alloca(cert_buf_size); - if (cert_buf == NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + cert_buf = gnutls_alloca (cert_buf_size); + if (cert_buf == NULL) + { + gnutls_assert (); + return GNUTLS_E_MEMORY_ERROR; } - result = asn1_der_coding(cert->cert, "", - cert_buf, &cert_buf_size, NULL); + result = asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_afree(cert_buf); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + gnutls_afree (cert_buf); + return _gnutls_asn2err (result); } - tmp.data = cert_buf; - tmp.size = cert_buf_size; + tmp.data = cert_buf; + tmp.size = cert_buf_size; - result = gnutls_fingerprint(algo, &tmp, buf, sizeof_buf); - gnutls_afree(cert_buf); + result = gnutls_fingerprint (algo, &tmp, buf, sizeof_buf); + gnutls_afree (cert_buf); - return result; + return result; } /** @@ -1297,18 +1383,20 @@ int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, * returned, and 0 on success. * **/ -int gnutls_x509_crt_export(gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +int +gnutls_x509_crt_export (gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_export_int(cert->cert, format, "CERTIFICATE", - *output_data_size, output_data, - output_data_size); + return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE", + *output_data_size, output_data, + output_data_size); } @@ -1333,81 +1421,93 @@ int gnutls_x509_crt_export(gnutls_x509_crt_t cert, * returned, and 0 on success. * **/ -int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) +int +gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_size = MAX_PUBLIC_PARAMS_SIZE; - int i, pk, result = 0; - gnutls_datum_t der = { NULL, 0 }; - GNUTLS_HASH_HANDLE hd; + mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; + int params_size = MAX_PUBLIC_PARAMS_SIZE; + int i, pk, result = 0; + gnutls_datum_t der = { NULL, 0 }; + GNUTLS_HASH_HANDLE hd; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (*output_data_size < 20) { - gnutls_assert(); - *output_data_size = 20; - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (*output_data_size < 20) + { + gnutls_assert (); + *output_data_size = 20; + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL); + pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL); - if (pk < 0) { - gnutls_assert(); - return pk; + if (pk < 0) + { + gnutls_assert (); + return pk; } - result = _gnutls_x509_crt_get_mpis(crt, params, ¶ms_size); + result = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - if (pk == GNUTLS_PK_RSA) { - result = _gnutls_x509_write_rsa_params(params, params_size, &der); - if (result < 0) { - gnutls_assert(); - goto cleanup; + if (pk == GNUTLS_PK_RSA) + { + result = _gnutls_x509_write_rsa_params (params, params_size, &der); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else if (pk == GNUTLS_PK_DSA) { - result = - _gnutls_x509_write_dsa_public_key(params, params_size, &der); - if (result < 0) { - gnutls_assert(); - goto cleanup; + } + else if (pk == GNUTLS_PK_DSA) + { + result = _gnutls_x509_write_dsa_public_key (params, params_size, &der); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else - return GNUTLS_E_INTERNAL_ERROR; + } + else + return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (hd == GNUTLS_HASH_FAILED) { - gnutls_assert(); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; + hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (hd == GNUTLS_HASH_FAILED) + { + gnutls_assert (); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } - _gnutls_hash(hd, der.data, der.size); + _gnutls_hash (hd, der.data, der.size); - _gnutls_hash_deinit(hd, output_data); - *output_data_size = 20; + _gnutls_hash_deinit (hd, output_data); + *output_data_size = 20; - result = 0; + result = 0; - cleanup: +cleanup: - _gnutls_free_datum(&der); + _gnutls_free_datum (&der); - /* release all allocated MPIs - */ - for (i = 0; i < params_size; i++) { - _gnutls_mpi_release(¶ms[i]); + /* release all allocated MPIs + */ + for (i = 0; i < params_size; i++) + { + _gnutls_mpi_release (¶ms[i]); } - return result; + return result; } @@ -1426,89 +1526,99 @@ int gnutls_x509_crt_get_key_id(gnutls_x509_crt_t crt, unsigned int flags, * A negative value is returned on error. * **/ -int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length) +int +gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * crl_list, + int crl_list_length) { - opaque serial[64]; - opaque cert_serial[64]; - size_t serial_size, cert_serial_size; - int ncerts, ret, i, j; - gnutls_datum_t dn1, dn2; - - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - for (j = 0; j < crl_list_length; j++) { /* do for all the crls */ - - /* Step 1. check if issuer's DN match - */ - ret = _gnutls_x509_crl_get_raw_issuer_dn(crl_list[j], &dn1); - if (ret < 0) { - gnutls_assert(); - return ret; + opaque serial[64]; + opaque cert_serial[64]; + size_t serial_size, cert_serial_size; + int ncerts, ret, i, j; + gnutls_datum_t dn1, dn2; + + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + for (j = 0; j < crl_list_length; j++) + { /* do for all the crls */ + + /* Step 1. check if issuer's DN match + */ + ret = _gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = _gnutls_x509_crt_get_raw_issuer_dn(cert, &dn2); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = _gnutls_x509_compare_raw_dn(&dn1, &dn2); - _gnutls_free_datum(&dn1); - _gnutls_free_datum(&dn2); - if (ret == 0) { - /* issuers do not match so don't even - * bother checking. - */ - continue; + ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2); + _gnutls_free_datum (&dn1); + _gnutls_free_datum (&dn2); + if (ret == 0) + { + /* issuers do not match so don't even + * bother checking. + */ + continue; } - /* Step 2. Read the certificate's serial number - */ - cert_serial_size = sizeof(cert_serial); - ret = - gnutls_x509_crt_get_serial(cert, cert_serial, - &cert_serial_size); - if (ret < 0) { - gnutls_assert(); - return ret; + /* Step 2. Read the certificate's serial number + */ + cert_serial_size = sizeof (cert_serial); + ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* Step 3. cycle through the CRL serials and compare with - * certificate serial we have. - */ + /* Step 3. cycle through the CRL serials and compare with + * certificate serial we have. + */ - ncerts = gnutls_x509_crl_get_crt_count(crl_list[j]); - if (ncerts < 0) { - gnutls_assert(); - return ncerts; + ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]); + if (ncerts < 0) + { + gnutls_assert (); + return ncerts; } - for (i = 0; i < ncerts; i++) { - serial_size = sizeof(serial); - ret = - gnutls_x509_crl_get_crt_serial(crl_list[j], i, serial, - &serial_size, NULL); - - if (ret < 0) { - gnutls_assert(); - return ret; + for (i = 0; i < ncerts; i++) + { + serial_size = sizeof (serial); + ret = + gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial, + &serial_size, NULL); + + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (serial_size == cert_serial_size) { - if (memcmp(serial, cert_serial, serial_size) == 0) { - /* serials match */ - return 1; /* revoked! */ + if (serial_size == cert_serial_size) + { + if (memcmp (serial, cert_serial, serial_size) == 0) + { + /* serials match */ + return 1; /* revoked! */ } } } } - return 0; /* not revoked. */ + return 0; /* not revoked. */ } /** @@ -1525,24 +1635,27 @@ int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, * 1 on success. * **/ -int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +int +gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { - int result; + int result; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_verify_signature(data, signature, crt); - if (result < 0) { - gnutls_assert(); - return 0; + result = _gnutls_x509_verify_signature (data, signature, crt); + if (result < 0) + { + gnutls_assert (); + return 0; } - return result; + return result; } /** @@ -1575,96 +1688,106 @@ int gnutls_x509_crt_verify_data(gnutls_x509_crt_t crt, unsigned int flags, * sequence number then returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; * **/ -int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, - unsigned int seq, void *ret, size_t * ret_size, - unsigned int *reason_flags, unsigned int *critical) +int +gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical) { - int result; - gnutls_datum_t dist_points = { NULL, 0 }; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - char name[128]; - int len; - char num[MAX_INT_DIGITS]; - gnutls_x509_subject_alt_name_t type; - uint8 reasons[2]; + int result; + gnutls_datum_t dist_points = { NULL, 0 }; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + char name[128]; + int len; + char num[MAX_INT_DIGITS]; + gnutls_x509_subject_alt_name_t type; + uint8 reasons[2]; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (ret) - memset(ret, 0, *ret_size); - else - *ret_size = 0; + if (ret) + memset (ret, 0, *ret_size); + else + *ret_size = 0; - if (reason_flags) - *reason_flags = 0; + if (reason_flags) + *reason_flags = 0; - result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.31", 0, &dist_points, - critical); - if (result < 0) { - return result; + result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points, + critical); + if (result < 0) + { + return result; } - if (dist_points.size == 0 || dist_points.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (dist_points.size == 0 || dist_points.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.CRLDistributionPoints", &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - _gnutls_free_datum(&dist_points); - return _gnutls_asn2err(result); + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + _gnutls_free_datum (&dist_points); + return _gnutls_asn2err (result); } - result = - asn1_der_decoding(&c2, dist_points.data, dist_points.size, NULL); - _gnutls_free_datum(&dist_points); + result = asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL); + _gnutls_free_datum (&dist_points); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - /* Return the different names from the first CRLDistr. point. - * The whole thing is a mess. - */ - _gnutls_str_cpy(name, sizeof(name), "?1.distributionPoint.fullName"); + /* Return the different names from the first CRLDistr. point. + * The whole thing is a mess. + */ + _gnutls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName"); - result = parse_general_name(c2, name, seq, ret, ret_size); - if (result < 0) { - asn1_delete_structure(&c2); - return result; + result = parse_general_name (c2, name, seq, ret, ret_size); + if (result < 0) + { + asn1_delete_structure (&c2); + return result; } - type = result; + type = result; - /* Read the CRL reasons. - */ - if (reason_flags) { - _gnutls_str_cpy(name, sizeof(name), "?"); - _gnutls_str_cat(name, sizeof(name), num); - _gnutls_str_cat(name, sizeof(name), ".reasons"); + /* Read the CRL reasons. + */ + if (reason_flags) + { + _gnutls_str_cpy (name, sizeof (name), "?"); + _gnutls_str_cat (name, sizeof (name), num); + _gnutls_str_cat (name, sizeof (name), ".reasons"); - len = sizeof(reasons); - result = asn1_read_value(c2, name, reasons, &len); + len = sizeof (reasons); + result = asn1_read_value (c2, name, reasons, &len); - if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - *reason_flags = reasons[0] | (reasons[1] << 8); + *reason_flags = reasons[0] | (reasons[1] << 8); } - return type; + return type; } /** @@ -1686,76 +1809,85 @@ int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, * the required size. On success 0 is returned. * **/ -int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, - int indx, void *oid, size_t * sizeof_oid, unsigned int *critical) +int +gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, + int indx, void *oid, size_t * sizeof_oid, + unsigned int *critical) { - char counter[MAX_INT_DIGITS]; - char tmpstr[64]; - int result, len; - gnutls_datum_t id; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + char counter[MAX_INT_DIGITS]; + char tmpstr[64]; + int result, len; + gnutls_datum_t id; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (oid) - memset(oid, 0, *sizeof_oid); - else - *sizeof_oid = 0; + if (oid) + memset (oid, 0, *sizeof_oid); + else + *sizeof_oid = 0; - if ((result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &id, - critical)) < 0) { - return result; + if ((result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id, + critical)) < 0) + { + return result; } - if (id.size == 0 || id.data == NULL) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (id.size == 0 || id.data == NULL) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - _gnutls_free_datum(&id); - return _gnutls_asn2err(result); + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + _gnutls_free_datum (&id); + return _gnutls_asn2err (result); } - result = asn1_der_decoding(&c2, id.data, id.size, NULL); - _gnutls_free_datum(&id); + result = asn1_der_decoding (&c2, id.data, id.size, NULL); + _gnutls_free_datum (&id); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - indx++; - /* create a string like "?1" - */ - _gnutls_int2str(indx, counter); - _gnutls_str_cpy(tmpstr, sizeof(tmpstr), "?"); - _gnutls_str_cat(tmpstr, sizeof(tmpstr), counter); + indx++; + /* create a string like "?1" + */ + _gnutls_int2str (indx, counter); + _gnutls_str_cpy (tmpstr, sizeof (tmpstr), "?"); + _gnutls_str_cat (tmpstr, sizeof (tmpstr), counter); - len = *sizeof_oid; - result = asn1_read_value(c2, tmpstr, oid, &len); + len = *sizeof_oid; + result = asn1_read_value (c2, tmpstr, oid, &len); - *sizeof_oid = len; - asn1_delete_structure(&c2); + *sizeof_oid = len; + asn1_delete_structure (&c2); - if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) { - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND) + { + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } @@ -1770,51 +1902,58 @@ int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, * gnutls_malloc() and will be stored in the appropriate datum. * **/ -int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t * e) +int +gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, + gnutls_datum_t * m, gnutls_datum_t * e) { - int ret; - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_size = MAX_PUBLIC_PARAMS_SIZE; - int i; + int ret; + mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; + int params_size = MAX_PUBLIC_PARAMS_SIZE; + int i; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL); - if (ret != GNUTLS_PK_RSA) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL); + if (ret != GNUTLS_PK_RSA) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_crt_get_mpis(crt, params, ¶ms_size); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size); + if (ret < 0) + { + gnutls_assert (); + return ret; } - ret = _gnutls_mpi_dprint(m, params[0]); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + ret = _gnutls_mpi_dprint (m, params[0]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - ret = _gnutls_mpi_dprint(e, params[1]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(m); - goto cleanup; + ret = _gnutls_mpi_dprint (e, params[1]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (m); + goto cleanup; } - ret = 0; + ret = 0; - cleanup: - for (i = 0; i < params_size; i++) { - _gnutls_mpi_release(¶ms[i]); +cleanup: + for (i = 0; i < params_size; i++) + { + _gnutls_mpi_release (¶ms[i]); } - return ret; + return ret; } /** @@ -1830,76 +1969,85 @@ int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, * gnutls_malloc() and will be stored in the appropriate datum. * **/ -int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +int +gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { - int ret; - mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; - int params_size = MAX_PUBLIC_PARAMS_SIZE; - int i; + int ret; + mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; + int params_size = MAX_PUBLIC_PARAMS_SIZE; + int i; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL); - if (ret != GNUTLS_PK_DSA) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL); + if (ret != GNUTLS_PK_DSA) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_crt_get_mpis(crt, params, ¶ms_size); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* P */ - ret = _gnutls_mpi_dprint(p, params[0]); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + /* P */ + ret = _gnutls_mpi_dprint (p, params[0]); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } - /* Q */ - ret = _gnutls_mpi_dprint(q, params[1]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - goto cleanup; + /* Q */ + ret = _gnutls_mpi_dprint (q, params[1]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + goto cleanup; } - /* G */ - ret = _gnutls_mpi_dprint(g, params[2]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(q); - goto cleanup; + /* G */ + ret = _gnutls_mpi_dprint (g, params[2]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (q); + goto cleanup; } - /* Y */ - ret = _gnutls_mpi_dprint(y, params[3]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(g); - _gnutls_free_datum(q); - goto cleanup; + /* Y */ + ret = _gnutls_mpi_dprint (y, params[3]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (g); + _gnutls_free_datum (q); + goto cleanup; } - ret = 0; + ret = 0; - cleanup: - for (i = 0; i < params_size; i++) { - _gnutls_mpi_release(¶ms[i]); +cleanup: + for (i = 0; i < params_size; i++) + { + _gnutls_mpi_release (¶ms[i]); } - return ret; + return ret; } @@ -1925,112 +2073,127 @@ int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, * Returns the number of certificates read or a negative error value. * **/ -int gnutls_x509_crt_list_import(gnutls_x509_crt_t *certs, unsigned int* cert_max, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, unsigned int flags) +int +gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, unsigned int flags) { - int size; - const char *ptr; - gnutls_datum_t tmp; - int ret, nocopy=0; - unsigned int count=0,j; - - if (format==GNUTLS_X509_FMT_DER) { - if (*cert_max < 1) { - *cert_max = 1; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - count = 1; /* import only the first one */ - - ret = gnutls_x509_crt_init( &certs[0]); - if (ret < 0) { - gnutls_assert(); - goto error; - } - - ret = gnutls_x509_crt_import( certs[0], data, format); - if (ret < 0) { - gnutls_assert(); - goto error; - } - - *cert_max = 1; - return 1; - } - - /* move to the certificate - */ - ptr = memmem(data->data, data->size, - PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); - if (ptr == NULL) - ptr = memmem(data->data, data->size, - PEM_CERT_SEP2, sizeof(PEM_CERT_SEP2) - 1); - - if (ptr == NULL) { - gnutls_assert(); - return GNUTLS_E_BASE64_DECODING_ERROR; - } - size = data->size - (ptr - (char*)data->data); - - count = 0; - - do { - if (count >= *cert_max) { - if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) - break; - else - nocopy = 1; - } - - if (!nocopy) { - ret = gnutls_x509_crt_init( &certs[count]); - if (ret < 0) { - gnutls_assert(); - goto error; - } - - tmp.data = (void*)ptr; - tmp.size = size; - - ret = gnutls_x509_crt_import( certs[count], &tmp, GNUTLS_X509_FMT_PEM); - if (ret < 0) { - gnutls_assert(); - goto error; - } - } - - /* now we move ptr after the pem header - */ - ptr++; - /* find the next certificate (if any) - */ - size = data->size - (ptr - (char*)data->data); - - if (size > 0) { - char *ptr2; - - ptr2 = - memmem(ptr, size, PEM_CERT_SEP, sizeof(PEM_CERT_SEP) - 1); - if (ptr2 == NULL) - ptr2 = memmem(ptr, size, PEM_CERT_SEP2, - sizeof(PEM_CERT_SEP2) - 1); - - ptr = ptr2; - } else - ptr = NULL; - - count++; - } while (ptr != NULL); - - *cert_max = count; - - if (nocopy==0) - return count; - else - return GNUTLS_E_SHORT_MEMORY_BUFFER; + int size; + const char *ptr; + gnutls_datum_t tmp; + int ret, nocopy = 0; + unsigned int count = 0, j; + + if (format == GNUTLS_X509_FMT_DER) + { + if (*cert_max < 1) + { + *cert_max = 1; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + count = 1; /* import only the first one */ + + ret = gnutls_x509_crt_init (&certs[0]); + if (ret < 0) + { + gnutls_assert (); + goto error; + } + + ret = gnutls_x509_crt_import (certs[0], data, format); + if (ret < 0) + { + gnutls_assert (); + goto error; + } + + *cert_max = 1; + return 1; + } + + /* move to the certificate + */ + ptr = memmem (data->data, data->size, + PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + if (ptr == NULL) + ptr = memmem (data->data, data->size, + PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); + + if (ptr == NULL) + { + gnutls_assert (); + return GNUTLS_E_BASE64_DECODING_ERROR; + } + size = data->size - (ptr - (char *) data->data); + + count = 0; + + do + { + if (count >= *cert_max) + { + if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED)) + break; + else + nocopy = 1; + } + + if (!nocopy) + { + ret = gnutls_x509_crt_init (&certs[count]); + if (ret < 0) + { + gnutls_assert (); + goto error; + } + + tmp.data = (void *) ptr; + tmp.size = size; + + ret = + gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + gnutls_assert (); + goto error; + } + } + + /* now we move ptr after the pem header + */ + ptr++; + /* find the next certificate (if any) + */ + size = data->size - (ptr - (char *) data->data); + + if (size > 0) + { + char *ptr2; + + ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); + if (ptr2 == NULL) + ptr2 = memmem (ptr, size, PEM_CERT_SEP2, + sizeof (PEM_CERT_SEP2) - 1); + + ptr = ptr2; + } + else + ptr = NULL; + + count++; + } + while (ptr != NULL); + + *cert_max = count; + + if (nocopy == 0) + return count; + else + return GNUTLS_E_SHORT_MEMORY_BUFFER; error: - CLEAR_CERTS; - return ret; + CLEAR_CERTS; + return ret; } - diff --git a/lib/x509/x509.h b/lib/x509/x509.h index c1b911a2f5..7f36abb77e 100644 --- a/lib/x509/x509.h +++ b/lib/x509/x509.h @@ -32,13 +32,15 @@ #define HASH_OID_MD2 "1.2.840.113549.2.2" #define HASH_OID_RMD160 "1.3.36.3.2.1" -typedef struct gnutls_x509_crl_int { - ASN1_TYPE crl; +typedef struct gnutls_x509_crl_int +{ + ASN1_TYPE crl; } gnutls_x509_crl_int; -typedef struct gnutls_x509_crt_int { - ASN1_TYPE cert; - int use_extensions; +typedef struct gnutls_x509_crt_int +{ + ASN1_TYPE cert; + int use_extensions; } gnutls_x509_crt_int; #define MAX_PRIV_PARAMS_SIZE 6 /* ok for RSA and DSA */ @@ -57,113 +59,131 @@ typedef struct gnutls_x509_crt_int { # error INCREASE MAX_PRIV_PARAMS #endif -typedef struct gnutls_x509_privkey_int { - mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public +typedef struct gnutls_x509_privkey_int +{ + mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public * key algorithm */ - /* - * RSA: [0] is modulus - * [1] is public exponent - * [2] is private exponent - * [3] is prime1 (p) - * [4] is prime2 (q) - * [5] is coefficient (u == inverse of p mod q) - * note that other packages used inverse of q mod p, - * so we need to perform conversions. - * DSA: [0] is p - * [1] is q - * [2] is g - * [3] is y (public key) - * [4] is x (private key) - */ - int params_size; /* holds the number of params */ - - gnutls_pk_algorithm_t pk_algorithm; - - int crippled; /* The crippled keys will not use the ASN1_TYPE key. + /* + * RSA: [0] is modulus + * [1] is public exponent + * [2] is private exponent + * [3] is prime1 (p) + * [4] is prime2 (q) + * [5] is coefficient (u == inverse of p mod q) + * note that other packages used inverse of q mod p, + * so we need to perform conversions. + * DSA: [0] is p + * [1] is q + * [2] is g + * [3] is y (public key) + * [4] is x (private key) + */ + int params_size; /* holds the number of params */ + + gnutls_pk_algorithm_t pk_algorithm; + + int crippled; /* The crippled keys will not use the ASN1_TYPE key. * The encoding will only be performed at the export * phase, to optimize copying etc. Cannot be used with * the exported API (used internally only). */ - ASN1_TYPE key; + ASN1_TYPE key; } gnutls_x509_privkey_int; -int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, - const char *oid, int indx, unsigned int raw_flag, void *buf, - size_t * sizeof_buf); -int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, void *ret, size_t * ret_size, - unsigned int *critical); -int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid, - int indx, unsigned int raw_flag, void *buf, size_t * sizeof_buf); -int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, - unsigned int *critical); -int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert, - unsigned int *bits); - -int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src); -int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert, - gnutls_datum_t * start); -int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert, - gnutls_datum_t * start); - -int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result, - size_t * result_size); - -int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1, - const gnutls_datum_t * dn2); - -int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, int crl_list_length); - - -int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src); -int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl, - gnutls_datum_t * dn); -int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); -int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx, - unsigned char *serial, size_t * serial_size, time_t * t); - -void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); -int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); -int gnutls_x509_crl_export(gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size); - -int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); -void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); -int gnutls_x509_crt_export(gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size); - -int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert, - unsigned int *key_usage, unsigned int *critical); -int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); - -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); -void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); - -int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, unsigned int bits, unsigned int flags); - -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); -int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key); -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, const gnutls_datum_t * e, - const gnutls_datum_t * d, const gnutls_datum_t * p, - const gnutls_datum_t * q, const gnutls_datum_t * u); -int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, - gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u); -int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size); +int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); +int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical); +int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, + int indx, unsigned int raw_flag, void *buf, + size_t * sizeof_buf); +int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, + unsigned int *critical); +int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, + unsigned int *bits); + +int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src); +int _gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, + gnutls_datum_t * start); +int _gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, + gnutls_datum_t * start); + +int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, + size_t * result_size); + +int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1, + const gnutls_datum_t * dn2); + +int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * crl_list, + int crl_list_length); + + +int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src); +int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, + gnutls_datum_t * dn); +int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); +int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, + unsigned char *serial, + size_t * serial_size, time_t * t); + +void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); +int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); +int gnutls_x509_crl_import (gnutls_x509_crl_t crl, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_crl_export (gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size); + +int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); +void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); +int gnutls_x509_crt_import (gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_crt_export (gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size); + +int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical); +int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); +int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); + +int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); +void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); + +int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, + unsigned int bits, unsigned int flags); + +int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); +int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); +int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); +int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); +int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 60d21dcd42..2a97cc353a 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -42,7 +42,7 @@ #include <extensions.h> #include <libtasn1.h> -static void disable_optional_stuff(gnutls_x509_crt_t cert); +static void disable_optional_stuff (gnutls_x509_crt_t cert); /** * gnutls_x509_crt_set_dn_by_oid - This function will set the Certificate request subject's distinguished name @@ -64,16 +64,18 @@ static void disable_optional_stuff(gnutls_x509_crt_t cert); * Returns 0 on success. * **/ -int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, - unsigned int raw_flag, const void *name, - unsigned int sizeof_name) +int +gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid, + unsigned int raw_flag, const void *name, + unsigned int sizeof_name) { - if (sizeof_name == 0 || name == NULL || crt == NULL) { - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_name == 0 || name == NULL || crt == NULL) + { + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.subject", - oid, raw_flag, name, sizeof_name); + return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject", + oid, raw_flag, name, sizeof_name); } /** @@ -99,18 +101,20 @@ int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char *oid, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, - const char *oid, - unsigned int raw_flag, - const void *name, - unsigned int sizeof_name) +int +gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name) { - if (sizeof_name == 0 || name == NULL || crt == NULL) { - return GNUTLS_E_INVALID_REQUEST; + if (sizeof_name == 0 || name == NULL || crt == NULL) + { + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_dn_oid(crt->cert, "tbsCertificate.issuer", oid, - raw_flag, name, sizeof_name); + return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.issuer", oid, + raw_flag, name, sizeof_name); } /** @@ -125,28 +129,29 @@ int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, - unsigned int version) +int +gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version) { - int result; - unsigned char null = version; + int result; + unsigned char null = version; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (null > 0) - null--; + if (null > 0) + null--; - result = - asn1_write_value(crt->cert, "tbsCertificate.version", &null, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + result = asn1_write_value (crt->cert, "tbsCertificate.version", &null, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - return 0; + return 0; } /** @@ -160,28 +165,30 @@ int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, - gnutls_x509_privkey_t key) +int +gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key) { - int result; + int result; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - key->pk_algorithm, - key->params, - key->params_size); + result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert, + "tbsCertificate.subjectPublicKeyInfo", + key->pk_algorithm, + key->params, + key->params_size); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -195,37 +202,41 @@ int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) +int +gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) { - int result; - int pk_algorithm; + int result; + int pk_algorithm; - if (crt == NULL || crq == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL || crq == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - pk_algorithm = gnutls_x509_crq_get_pk_algorithm(crq, NULL); + pk_algorithm = gnutls_x509_crq_get_pk_algorithm (crq, NULL); - result = _gnutls_asn1_copy_node(&crt->cert, "tbsCertificate.subject", - crq->crq, - "certificationRequestInfo.subject"); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_asn1_copy_node (&crt->cert, "tbsCertificate.subject", + crq->crq, + "certificationRequestInfo.subject"); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_asn1_copy_node(&crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - crq->crq, - "certificationRequestInfo.subjectPKInfo"); - if (result < 0) { - gnutls_assert(); - return result; + result = + _gnutls_asn1_copy_node (&crt->cert, + "tbsCertificate.subjectPublicKeyInfo", + crq->crq, + "certificationRequestInfo.subjectPKInfo"); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -242,31 +253,34 @@ int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq) * Returns 0 on success and a negative value in case of an error. * **/ -int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, - const char *oid, const void *buf, size_t sizeof_buf, - unsigned int critical) +int +gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, + const char *oid, const void *buf, + size_t sizeof_buf, + unsigned int critical) { - int result; - gnutls_datum_t der_data; + int result; + gnutls_datum_t der_data; - der_data.data =(void*)buf; - der_data.size = sizeof_buf; + der_data.data = (void *) buf; + der_data.size = sizeof_buf; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = - _gnutls_x509_crt_set_extension(crt, oid, &der_data, critical); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_crt_set_extension (crt, oid, &der_data, critical); + if (result < 0) + { + gnutls_assert (); + return result; } - crt->use_extensions = 1; + crt->use_extensions = 1; - return 0; + return 0; } @@ -281,37 +295,40 @@ int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca) +int +gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca) { - int result; - gnutls_datum_t der_data; + int result; + gnutls_datum_t der_data; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* generate the extension. - */ - result = _gnutls_x509_ext_gen_basicConstraints(ca, &der_data); - if (result < 0) { - gnutls_assert(); - return result; + /* generate the extension. + */ + result = _gnutls_x509_ext_gen_basicConstraints (ca, &der_data); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.19", &der_data, 1); + result = _gnutls_x509_crt_set_extension (crt, "2.5.29.19", &der_data, 1); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - crt->use_extensions = 1; + crt->use_extensions = 1; - return 0; + return 0; } /** @@ -324,38 +341,40 @@ int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca) * Returns 0 on success. * **/ -int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, - unsigned int usage) +int +gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) { - int result; - gnutls_datum_t der_data; + int result; + gnutls_datum_t der_data; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* generate the extension. - */ - result = _gnutls_x509_ext_gen_keyUsage((uint16) usage, &der_data); - if (result < 0) { - gnutls_assert(); - return result; + /* generate the extension. + */ + result = _gnutls_x509_ext_gen_keyUsage ((uint16) usage, &der_data); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.15", &der_data, 1); + result = _gnutls_x509_crt_set_extension (crt, "2.5.29.15", &der_data, 1); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - crt->use_extensions = 1; + crt->use_extensions = 1; - return 0; + return 0; } /** @@ -369,57 +388,58 @@ int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, - const char *data_string) +int +gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, const char *data_string) { - int result; - gnutls_datum_t der_data; - gnutls_datum_t dnsname; - unsigned int critical; + int result; + gnutls_datum_t der_data; + gnutls_datum_t dnsname; + unsigned int critical; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Check if the extension already exists. - */ - result = - _gnutls_x509_crt_get_extension(crt, "2.5.29.17", 0, &dnsname, - &critical); + /* Check if the extension already exists. + */ + result = + _gnutls_x509_crt_get_extension (crt, "2.5.29.17", 0, &dnsname, &critical); - if (result >= 0) - _gnutls_free_datum(&dnsname); - if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (result >= 0) + _gnutls_free_datum (&dnsname); + if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* generate the extension. - */ - result = - _gnutls_x509_ext_gen_subject_alt_name(type, data_string, - &der_data); - if (result < 0) { - gnutls_assert(); - return result; + /* generate the extension. + */ + result = + _gnutls_x509_ext_gen_subject_alt_name (type, data_string, &der_data); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.17", &der_data, 0); + result = _gnutls_x509_crt_set_extension (crt, "2.5.29.17", &der_data, 0); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - crt->use_extensions = 1; + crt->use_extensions = 1; - return 0; + return 0; } /** @@ -439,28 +459,32 @@ int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags) +int +gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t dig, unsigned int flags) { - int result; + int result; - if (crt == NULL || issuer == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL || issuer == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* disable all the unneeded OPTIONAL fields. - */ - disable_optional_stuff(crt); + /* disable all the unneeded OPTIONAL fields. + */ + disable_optional_stuff (crt); - result = _gnutls_x509_pkix_sign(crt->cert, "tbsCertificate", - dig, issuer, issuer_key); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_pkix_sign (crt->cert, "tbsCertificate", + dig, issuer, issuer_key); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /** @@ -475,10 +499,11 @@ int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, * Returns 0 on success. * **/ -int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key) +int +gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key) { - return gnutls_x509_crt_sign2( crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); + return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0); } /** @@ -491,17 +516,18 @@ int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, - time_t act_time) +int +gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_time(cert->cert, - "tbsCertificate.validity.notBefore", - act_time); + return _gnutls_x509_set_time (cert->cert, + "tbsCertificate.validity.notBefore", + act_time); } /** @@ -514,16 +540,16 @@ int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, - time_t exp_time) +int +gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time) { - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_set_time(cert->cert, - "tbsCertificate.validity.notAfter", - exp_time); + return _gnutls_x509_set_time (cert->cert, + "tbsCertificate.validity.notAfter", exp_time); } /** @@ -540,45 +566,49 @@ int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void *serial, - size_t serial_size) +int +gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial, + size_t serial_size) { - int ret; + int ret; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - ret = - asn1_write_value(cert->cert, "tbsCertificate.serialNumber", serial, - serial_size); - if (ret != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(ret); + ret = + asn1_write_value (cert->cert, "tbsCertificate.serialNumber", serial, + serial_size); + if (ret != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (ret); } - return 0; + return 0; } /* If OPTIONAL fields have not been initialized then * disable them. */ -static void disable_optional_stuff(gnutls_x509_crt_t cert) +static void +disable_optional_stuff (gnutls_x509_crt_t cert) { - asn1_write_value(cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0); + asn1_write_value (cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0); - asn1_write_value(cert->cert, "tbsCertificate.subjectUniqueID", NULL, - 0); + asn1_write_value (cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0); - if (cert->use_extensions == 0) { - _gnutls_x509_log("Disabling X.509 extensions.\n"); - asn1_write_value(cert->cert, "tbsCertificate.extensions", NULL, 0); + if (cert->use_extensions == 0) + { + _gnutls_x509_log ("Disabling X.509 extensions.\n"); + asn1_write_value (cert->cert, "tbsCertificate.extensions", NULL, 0); } - return; + return; } /** @@ -593,57 +623,60 @@ static void disable_optional_stuff(gnutls_x509_crt_t cert) * Returns 0 on success. * **/ -int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data_string, - unsigned int reason_flags) +int +gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags) { - int result; - gnutls_datum_t der_data; - gnutls_datum_t oldname; - unsigned int critical; + int result; + gnutls_datum_t der_data; + gnutls_datum_t oldname; + unsigned int critical; - if (crt == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (crt == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Check if the extension already exists. - */ - result = - _gnutls_x509_crt_get_extension(crt, "2.5.29.31", 0, &oldname, - &critical); + /* Check if the extension already exists. + */ + result = + _gnutls_x509_crt_get_extension (crt, "2.5.29.31", 0, &oldname, &critical); - if (result >= 0) - _gnutls_free_datum(&oldname); - if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (result >= 0) + _gnutls_free_datum (&oldname); + if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* generate the extension. - */ - result = - _gnutls_x509_ext_gen_crl_dist_points(type, data_string, - reason_flags, &der_data); - if (result < 0) { - gnutls_assert(); - return result; + /* generate the extension. + */ + result = + _gnutls_x509_ext_gen_crl_dist_points (type, data_string, + reason_flags, &der_data); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(crt, "2.5.29.31", &der_data, 0); + result = _gnutls_x509_crt_set_extension (crt, "2.5.29.31", &der_data, 0); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - crt->use_extensions = 1; + crt->use_extensions = 1; - return 0; + return 0; } /** @@ -658,41 +691,44 @@ int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, * Returns 0 on success. * **/ -int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, - gnutls_x509_crt_t src) +int +gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, + gnutls_x509_crt_t src) { - int result; - gnutls_datum_t der_data; - unsigned int critical; + int result; + gnutls_datum_t der_data; + unsigned int critical; - if (dst == NULL || src == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (dst == NULL || src == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Check if the extension already exists. - */ - result = - _gnutls_x509_crt_get_extension(src, "2.5.29.31", 0, &der_data, - &critical); - if (result < 0) { - gnutls_assert(); - return result; + /* Check if the extension already exists. + */ + result = + _gnutls_x509_crt_get_extension (src, "2.5.29.31", 0, &der_data, + &critical); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(dst, "2.5.29.31", &der_data, - critical); - _gnutls_free_datum(&der_data); + result = + _gnutls_x509_crt_set_extension (dst, "2.5.29.31", &der_data, critical); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - dst->use_extensions = 1; + dst->use_extensions = 1; - return 0; + return 0; } /** @@ -706,52 +742,55 @@ int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, - const void *id, size_t id_size) +int +gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, + const void *id, size_t id_size) { - int result; - gnutls_datum_t old_id, der_data; - unsigned int critical; + int result; + gnutls_datum_t old_id, der_data; + unsigned int critical; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Check if the extension already exists. - */ - result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.14", 0, &old_id, - &critical); + /* Check if the extension already exists. + */ + result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &old_id, &critical); - if (result >= 0) - _gnutls_free_datum(&old_id); - if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (result >= 0) + _gnutls_free_datum (&old_id); + if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* generate the extension. - */ - result = _gnutls_x509_ext_gen_key_id(id, id_size, &der_data); - if (result < 0) { - gnutls_assert(); - return result; + /* generate the extension. + */ + result = _gnutls_x509_ext_gen_key_id (id, id_size, &der_data); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(cert, "2.5.29.14", &der_data, 0); + result = _gnutls_x509_crt_set_extension (cert, "2.5.29.14", &der_data, 0); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - cert->use_extensions = 1; + cert->use_extensions = 1; - return 0; + return 0; } /** @@ -766,52 +805,55 @@ int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, * Returns 0 on success, or a negative value in case of an error. * **/ -int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, - const void *id, size_t id_size) +int +gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, + const void *id, size_t id_size) { - int result; - gnutls_datum_t old_id, der_data; - unsigned int critical; + int result; + gnutls_datum_t old_id, der_data; + unsigned int critical; - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* Check if the extension already exists. - */ - result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.35", 0, &old_id, - &critical); + /* Check if the extension already exists. + */ + result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &old_id, &critical); - if (result >= 0) - _gnutls_free_datum(&old_id); - if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (result >= 0) + _gnutls_free_datum (&old_id); + if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* generate the extension. - */ - result = _gnutls_x509_ext_gen_auth_key_id(id, id_size, &der_data); - if (result < 0) { - gnutls_assert(); - return result; + /* generate the extension. + */ + result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data); + if (result < 0) + { + gnutls_assert (); + return result; } - result = - _gnutls_x509_crt_set_extension(cert, "2.5.29.35", &der_data, 0); + result = _gnutls_x509_crt_set_extension (cert, "2.5.29.35", &der_data, 0); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - cert->use_extensions = 1; + cert->use_extensions = 1; - return 0; + return 0; } /** @@ -829,88 +871,95 @@ int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, * On success 0 is returned. * **/ -int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, - const void *oid, - unsigned int critical) +int +gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, + const void *oid, unsigned int critical) { - int result; - gnutls_datum_t old_id, der_data; - ASN1_TYPE c2 = ASN1_TYPE_EMPTY; - - if (cert == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.ExtKeyUsageSyntax", &c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); - } - - /* Check if the extension already exists. - */ - result = - _gnutls_x509_crt_get_extension(cert, "2.5.29.37", 0, &old_id, - NULL); - - if (result >= 0) { - /* decode it. - */ - result = asn1_der_decoding(&c2, old_id.data, old_id.size, NULL); - _gnutls_free_datum(&old_id); - - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + int result; + gnutls_datum_t old_id, der_data; + ASN1_TYPE c2 = ASN1_TYPE_EMPTY; + + if (cert == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + result = asn1_create_element + (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); + } + + /* Check if the extension already exists. + */ + result = + _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &old_id, NULL); + + if (result >= 0) + { + /* decode it. + */ + result = asn1_der_decoding (&c2, old_id.data, old_id.size, NULL); + _gnutls_free_datum (&old_id); + + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } } - /* generate the extension. - */ - /* 1. create a new element. - */ - result = asn1_write_value(c2, "", "NEW", 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + /* generate the extension. + */ + /* 1. create a new element. + */ + result = asn1_write_value (c2, "", "NEW", 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - /* 2. Add the OID. - */ - result = asn1_write_value(c2, "?LAST", oid, 1); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - asn1_delete_structure(&c2); - return _gnutls_asn2err(result); + /* 2. Add the OID. + */ + result = asn1_write_value (c2, "?LAST", oid, 1); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + asn1_delete_structure (&c2); + return _gnutls_asn2err (result); } - result = _gnutls_x509_der_encode(c2, "", &der_data, 0); - asn1_delete_structure(&c2); + result = _gnutls_x509_der_encode (c2, "", &der_data, 0); + asn1_delete_structure (&c2); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - result = _gnutls_x509_crt_set_extension(cert, "2.5.29.37", - &der_data, critical); + result = _gnutls_x509_crt_set_extension (cert, "2.5.29.37", + &der_data, critical); - _gnutls_free_datum(&der_data); + _gnutls_free_datum (&der_data); - if (result < 0) { - gnutls_assert(); - return result; + if (result < 0) + { + gnutls_assert (); + return result; } - cert->use_extensions = 1; + cert->use_extensions = 1; - return 0; + return 0; } -#endif /* ENABLE_PKI */ +#endif /* ENABLE_PKI */ diff --git a/lib/x509/xml.c b/lib/x509/xml.c index ef45f630e1..2585f55ad7 100644 --- a/lib/x509/xml.c +++ b/lib/x509/xml.c @@ -49,83 +49,96 @@ #include <x509.h> #include <common.h> -const char *asn1_find_structure_from_oid(ASN1_TYPE definitions, - const char *oidValue); +const char *asn1_find_structure_from_oid (ASN1_TYPE definitions, + const char *oidValue); -static int _gnutls_x509_expand_extensions(ASN1_TYPE * rasn); +static int _gnutls_x509_expand_extensions (ASN1_TYPE * rasn); -static const void *find_default_value(ASN1_TYPE x) +static const void * +find_default_value (ASN1_TYPE x) { - ASN1_TYPE p = x; - - if (x->value == NULL && x->type & CONST_DEFAULT) { - if (x->down) { - x = x->down; - do { - if (type_field(x->type) == TYPE_DEFAULT) { - if (type_field(p->type) == TYPE_BOOLEAN) { - if (x->type & CONST_TRUE) - return "TRUE"; - else - return "FALSE"; - } else - return x->value; + ASN1_TYPE p = x; + + if (x->value == NULL && x->type & CONST_DEFAULT) + { + if (x->down) + { + x = x->down; + do + { + if (type_field (x->type) == TYPE_DEFAULT) + { + if (type_field (p->type) == TYPE_BOOLEAN) + { + if (x->type & CONST_TRUE) + return "TRUE"; + else + return "FALSE"; + } + else + return x->value; } - x = x->right; - } while (x != NULL); + x = x->right; + } + while (x != NULL); } } - return NULL; + return NULL; } -static int is_node_printable(ASN1_TYPE x) +static int +is_node_printable (ASN1_TYPE x) { - switch (type_field(x->type)) { + switch (type_field (x->type)) + { case TYPE_TAG: case TYPE_SIZE: case TYPE_DEFAULT: - return 0; - case TYPE_CONSTANT:{ - ASN1_TYPE up = _asn1_find_up(x); - - if (up != NULL && type_field(up->type) != TYPE_ANY && - up->value != NULL) - return 0; - } - return 1; + return 0; + case TYPE_CONSTANT: + { + ASN1_TYPE up = _asn1_find_up (x); + + if (up != NULL && type_field (up->type) != TYPE_ANY && + up->value != NULL) + return 0; + } + return 1; } - if (x->name == NULL && _asn1_find_up(x) != NULL) - return 0; - if (x->value == NULL && x->down == NULL) - return 0; - return 1; + if (x->name == NULL && _asn1_find_up (x) != NULL) + return 0; + if (x->value == NULL && x->down == NULL) + return 0; + return 1; } /* returns true if the node is the only one printable in * the level down of it. */ -static int is_leaf(ASN1_TYPE p) +static int +is_leaf (ASN1_TYPE p) { - ASN1_TYPE x; + ASN1_TYPE x; - if (p == NULL) - return 1; - if (p->down == NULL) - return 1; + if (p == NULL) + return 1; + if (p->down == NULL) + return 1; - x = p->down; + x = p->down; - while (x != NULL) { - if (is_node_printable(x)) - return 0; - if (is_leaf(x) == 0) - return 0; - x = x->right; + while (x != NULL) + { + if (is_node_printable (x)) + return 0; + if (is_leaf (x) == 0) + return 0; + x = x->right; } - return 1; + return 1; } @@ -144,57 +157,66 @@ static int is_leaf(ASN1_TYPE p) #define ROOT "certificate" /* This function removes the '?' character from ASN.1 names */ -static int normalize_name(ASN1_TYPE p, char *output, int output_size) +static int +normalize_name (ASN1_TYPE p, char *output, int output_size) { - const char *name; - - if (output_size > 0) - output[0] = 0; - else - return GNUTLS_E_INTERNAL_ERROR; - - if (p == NULL) - return GNUTLS_E_INTERNAL_ERROR; - - name = p->name; - if (name == NULL) - name = ROOT; - - if (type_field(p->type) == TYPE_CONSTANT) { - ASN1_TYPE up = _asn1_find_up(p); - const char *tmp; - - if (up && type_field(up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field(up->left->type) == TYPE_OBJECT_ID) { - - tmp = - asn1_find_structure_from_oid(_gnutls_get_pkix(), - up->left->value); - if (tmp != NULL) - _gnutls_str_cpy(output, output_size, tmp); - else { - _gnutls_str_cpy(output, output_size, "DEFINED_BY_"); - _gnutls_str_cat(output, output_size, name); + const char *name; + + if (output_size > 0) + output[0] = 0; + else + return GNUTLS_E_INTERNAL_ERROR; + + if (p == NULL) + return GNUTLS_E_INTERNAL_ERROR; + + name = p->name; + if (name == NULL) + name = ROOT; + + if (type_field (p->type) == TYPE_CONSTANT) + { + ASN1_TYPE up = _asn1_find_up (p); + const char *tmp; + + if (up && type_field (up->type) == TYPE_ANY && + up->left && up->left->value && + up->type & CONST_DEFINED_BY && + type_field (up->left->type) == TYPE_OBJECT_ID) + { + + tmp = + asn1_find_structure_from_oid (_gnutls_get_pkix (), + up->left->value); + if (tmp != NULL) + _gnutls_str_cpy (output, output_size, tmp); + else + { + _gnutls_str_cpy (output, output_size, "DEFINED_BY_"); + _gnutls_str_cat (output, output_size, name); } - } else { - _gnutls_str_cpy(output, output_size, "DEFINED_BY_"); - _gnutls_str_cat(output, output_size, name); + } + else + { + _gnutls_str_cpy (output, output_size, "DEFINED_BY_"); + _gnutls_str_cat (output, output_size, name); } - return 0; + return 0; } - if (name[0] == '?') { - _gnutls_str_cpy(output, output_size, UNNAMED); - if (strlen(name) > 1) - _gnutls_str_cat(output, output_size, &name[1]); - } else { - _gnutls_str_cpy(output, output_size, name); + if (name[0] == '?') + { + _gnutls_str_cpy (output, output_size, UNNAMED); + if (strlen (name) > 1) + _gnutls_str_cat (output, output_size, &name[1]); } - return 0; + else + { + _gnutls_str_cpy (output, output_size, name); + } + return 0; } #define XML_HEADER "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n" \ @@ -203,287 +225,323 @@ static int normalize_name(ASN1_TYPE p, char *output, int output_size) #define XML_FOOTER "</gnutls:x509:certificate>\n" static int -_gnutls_asn1_get_structure_xml(ASN1_TYPE structure, - gnutls_datum_t * res, int detail) +_gnutls_asn1_get_structure_xml (ASN1_TYPE structure, + gnutls_datum_t * res, int detail) { - node_asn *p, *root; - int k, indent = 0, len, len2, len3; - opaque tmp[1024]; - char nname[256]; - int ret; - gnutls_string str; - - if (res == NULL || structure == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + node_asn *p, *root; + int k, indent = 0, len, len2, len3; + opaque tmp[1024]; + char nname[256]; + int ret; + gnutls_string str; + + if (res == NULL || structure == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - _gnutls_string_init(&str, malloc, realloc, free); + _gnutls_string_init (&str, malloc, realloc, free); - STR_APPEND(XML_HEADER); - indent = 1; + STR_APPEND (XML_HEADER); + indent = 1; - root = _asn1_find_node(structure, ""); + root = _asn1_find_node (structure, ""); - if (root == NULL) { - gnutls_assert(); - _gnutls_string_clear(&str); - return GNUTLS_E_INTERNAL_ERROR; + if (root == NULL) + { + gnutls_assert (); + _gnutls_string_clear (&str); + return GNUTLS_E_INTERNAL_ERROR; } - if (detail == GNUTLS_XML_SHOW_ALL) - ret = asn1_expand_any_defined_by(_gnutls_get_pkix(), &structure); - /* we don't need to check the error value - * here. - */ - - if (detail == GNUTLS_XML_SHOW_ALL) { - ret = _gnutls_x509_expand_extensions(&structure); - if (ret < 0) { - gnutls_assert(); - return ret; + if (detail == GNUTLS_XML_SHOW_ALL) + ret = asn1_expand_any_defined_by (_gnutls_get_pkix (), &structure); + /* we don't need to check the error value + * here. + */ + + if (detail == GNUTLS_XML_SHOW_ALL) + { + ret = _gnutls_x509_expand_extensions (&structure); + if (ret < 0) + { + gnutls_assert (); + return ret; } } - p = root; - while (p) { - if (is_node_printable(p)) { - for (k = 0; k < indent; k++) - APPEND(" ", 1); - - if ((ret = normalize_name(p, nname, sizeof(nname))) < 0) { - _gnutls_string_clear(&str); - gnutls_assert(); - return ret; + p = root; + while (p) + { + if (is_node_printable (p)) + { + for (k = 0; k < indent; k++) + APPEND (" ", 1); + + if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) + { + _gnutls_string_clear (&str); + gnutls_assert (); + return ret; } - APPEND("<", 1); - STR_APPEND(nname); + APPEND ("<", 1); + STR_APPEND (nname); } - if (is_node_printable(p)) { - switch (type_field(p->type)) { + if (is_node_printable (p)) + { + switch (type_field (p->type)) + { case TYPE_DEFAULT: - STR_APPEND(" type=\"DEFAULT\""); - break; + STR_APPEND (" type=\"DEFAULT\""); + break; case TYPE_NULL: - STR_APPEND(" type=\"NULL\""); - break; + STR_APPEND (" type=\"NULL\""); + break; case TYPE_IDENTIFIER: - STR_APPEND(" type=\"IDENTIFIER\""); - break; + STR_APPEND (" type=\"IDENTIFIER\""); + break; case TYPE_INTEGER: - STR_APPEND(" type=\"INTEGER\""); - STR_APPEND(" encoding=\"HEX\""); - break; + STR_APPEND (" type=\"INTEGER\""); + STR_APPEND (" encoding=\"HEX\""); + break; case TYPE_ENUMERATED: - STR_APPEND(" type=\"ENUMERATED\""); - STR_APPEND(" encoding=\"HEX\""); - break; + STR_APPEND (" type=\"ENUMERATED\""); + STR_APPEND (" encoding=\"HEX\""); + break; case TYPE_TIME: - STR_APPEND(" type=\"TIME\""); - break; + STR_APPEND (" type=\"TIME\""); + break; case TYPE_BOOLEAN: - STR_APPEND(" type=\"BOOLEAN\""); - break; + STR_APPEND (" type=\"BOOLEAN\""); + break; case TYPE_SEQUENCE: - STR_APPEND(" type=\"SEQUENCE\""); - break; + STR_APPEND (" type=\"SEQUENCE\""); + break; case TYPE_BIT_STRING: - STR_APPEND(" type=\"BIT STRING\""); - STR_APPEND(" encoding=\"HEX\""); - break; + STR_APPEND (" type=\"BIT STRING\""); + STR_APPEND (" encoding=\"HEX\""); + break; case TYPE_OCTET_STRING: - STR_APPEND(" type=\"OCTET STRING\""); - STR_APPEND(" encoding=\"HEX\""); - break; + STR_APPEND (" type=\"OCTET STRING\""); + STR_APPEND (" encoding=\"HEX\""); + break; case TYPE_SEQUENCE_OF: - STR_APPEND(" type=\"SEQUENCE OF\""); - break; + STR_APPEND (" type=\"SEQUENCE OF\""); + break; case TYPE_OBJECT_ID: - STR_APPEND(" type=\"OBJECT ID\""); - break; + STR_APPEND (" type=\"OBJECT ID\""); + break; case TYPE_ANY: - STR_APPEND(" type=\"ANY\""); - if (!p->down) - STR_APPEND(" encoding=\"HEX\""); - break; - case TYPE_CONSTANT:{ - ASN1_TYPE up = _asn1_find_up(p); - - if (up && type_field(up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field(up->left->type) == TYPE_OBJECT_ID) { - - if (_gnutls_x509_oid_data_printable - (up->left->value) == 0) { - STR_APPEND(" encoding=\"HEX\""); - } - - } - } - break; + STR_APPEND (" type=\"ANY\""); + if (!p->down) + STR_APPEND (" encoding=\"HEX\""); + break; + case TYPE_CONSTANT: + { + ASN1_TYPE up = _asn1_find_up (p); + + if (up && type_field (up->type) == TYPE_ANY && + up->left && up->left->value && + up->type & CONST_DEFINED_BY && + type_field (up->left->type) == TYPE_OBJECT_ID) + { + + if (_gnutls_x509_oid_data_printable + (up->left->value) == 0) + { + STR_APPEND (" encoding=\"HEX\""); + } + + } + } + break; case TYPE_SET: - STR_APPEND(" type=\"SET\""); - break; + STR_APPEND (" type=\"SET\""); + break; case TYPE_SET_OF: - STR_APPEND(" type=\"SET OF\""); - break; + STR_APPEND (" type=\"SET OF\""); + break; case TYPE_CHOICE: - STR_APPEND(" type=\"CHOICE\""); - break; + STR_APPEND (" type=\"CHOICE\""); + break; case TYPE_DEFINITIONS: - STR_APPEND(" type=\"DEFINITIONS\""); - break; + STR_APPEND (" type=\"DEFINITIONS\""); + break; default: - break; + break; } } - if (p->type == TYPE_BIT_STRING) { - len2 = -1; - len = _asn1_get_length_der(p->value, &len2); - snprintf(tmp, sizeof(tmp), " length=\"%i\"", - (len - 1) * 8 - (p->value[len2])); - STR_APPEND(tmp); + if (p->type == TYPE_BIT_STRING) + { + len2 = -1; + len = _asn1_get_length_der (p->value, &len2); + snprintf (tmp, sizeof (tmp), " length=\"%i\"", + (len - 1) * 8 - (p->value[len2])); + STR_APPEND (tmp); } - if (is_node_printable(p)) - STR_APPEND(">"); + if (is_node_printable (p)) + STR_APPEND (">"); - if (is_node_printable(p)) { - const unsigned char *value; + if (is_node_printable (p)) + { + const unsigned char *value; - if (p->value == NULL) - value = find_default_value(p); - else - value = p->value; + if (p->value == NULL) + value = find_default_value (p); + else + value = p->value; - switch (type_field(p->type)) { + switch (type_field (p->type)) + { case TYPE_DEFAULT: - if (value) - STR_APPEND(value); - break; + if (value) + STR_APPEND (value); + break; case TYPE_IDENTIFIER: - if (value) - STR_APPEND(value); - break; + if (value) + STR_APPEND (value); + break; case TYPE_INTEGER: - if (value) { - len2 = -1; - len = _asn1_get_length_der(value, &len2); - - for (k = 0; k < len; k++) { - snprintf(tmp, sizeof(tmp), - "%02X", (value)[k + len2]); - STR_APPEND(tmp); + if (value) + { + len2 = -1; + len = _asn1_get_length_der (value, &len2); + + for (k = 0; k < len; k++) + { + snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); + STR_APPEND (tmp); } } - break; + break; case TYPE_ENUMERATED: - if (value) { - len2 = -1; - len = _asn1_get_length_der(value, &len2); - - for (k = 0; k < len; k++) { - snprintf(tmp, sizeof(tmp), - "%02X", (value)[k + len2]); - STR_APPEND(tmp); + if (value) + { + len2 = -1; + len = _asn1_get_length_der (value, &len2); + + for (k = 0; k < len; k++) + { + snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); + STR_APPEND (tmp); } } - break; + break; case TYPE_TIME: - if (value) - STR_APPEND(value); - break; + if (value) + STR_APPEND (value); + break; case TYPE_BOOLEAN: - if (value) { - if (value[0] == 'T') { - STR_APPEND("TRUE"); - } else if (value[0] == 'F') { - STR_APPEND("FALSE"); + if (value) + { + if (value[0] == 'T') + { + STR_APPEND ("TRUE"); + } + else if (value[0] == 'F') + { + STR_APPEND ("FALSE"); } } - break; + break; case TYPE_BIT_STRING: - if (value) { - len2 = -1; - len = _asn1_get_length_der(value, &len2); - - for (k = 1; k < len; k++) { - snprintf(tmp, sizeof(tmp), - "%02X", (value)[k + len2]); - STR_APPEND(tmp); + if (value) + { + len2 = -1; + len = _asn1_get_length_der (value, &len2); + + for (k = 1; k < len; k++) + { + snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); + STR_APPEND (tmp); } } - break; + break; case TYPE_OCTET_STRING: - if (value) { - len2 = -1; - len = _asn1_get_length_der(value, &len2); - for (k = 0; k < len; k++) { - snprintf(tmp, sizeof(tmp), - "%02X", (value)[k + len2]); - STR_APPEND(tmp); + if (value) + { + len2 = -1; + len = _asn1_get_length_der (value, &len2); + for (k = 0; k < len; k++) + { + snprintf (tmp, sizeof (tmp), "%02X", (value)[k + len2]); + STR_APPEND (tmp); } } - break; + break; case TYPE_OBJECT_ID: - if (value) - STR_APPEND(value); - break; + if (value) + STR_APPEND (value); + break; case TYPE_ANY: - if (!p->down) { - if (value) { - len3 = -1; - len2 = _asn1_get_length_der(value, &len3); - for (k = 0; k < len2; k++) { - snprintf(tmp, sizeof(tmp), - "%02X", (value)[k + len3]); - STR_APPEND(tmp); + if (!p->down) + { + if (value) + { + len3 = -1; + len2 = _asn1_get_length_der (value, &len3); + for (k = 0; k < len2; k++) + { + snprintf (tmp, sizeof (tmp), + "%02X", (value)[k + len3]); + STR_APPEND (tmp); } } } - break; - case TYPE_CONSTANT:{ - ASN1_TYPE up = _asn1_find_up(p); - - if (up && type_field(up->type) == TYPE_ANY && - up->left && up->left->value && - up->type & CONST_DEFINED_BY && - type_field(up->left->type) == TYPE_OBJECT_ID) { - - len2 = _asn1_get_length_der(up->value, &len3); - - if (len2 > 0 && strcmp(p->name, "type") == 0) { - size_t tmp_len = sizeof(tmp); - ret = - _gnutls_x509_oid_data2string(up->left-> - value, up->value + len3, len2, - tmp, &tmp_len); - - if (ret >= 0) { - STR_APPEND(tmp); - } - } else { - for (k = 0; k < len2; k++) { - snprintf(tmp, sizeof(tmp), - "%02X", (up->value)[k + len3]); - STR_APPEND(tmp); - } - - } - } else { - if (value) - STR_APPEND(value); - } - - } - break; + break; + case TYPE_CONSTANT: + { + ASN1_TYPE up = _asn1_find_up (p); + + if (up && type_field (up->type) == TYPE_ANY && + up->left && up->left->value && + up->type & CONST_DEFINED_BY && + type_field (up->left->type) == TYPE_OBJECT_ID) + { + + len2 = _asn1_get_length_der (up->value, &len3); + + if (len2 > 0 && strcmp (p->name, "type") == 0) + { + size_t tmp_len = sizeof (tmp); + ret = + _gnutls_x509_oid_data2string (up->left-> + value, + up->value + len3, + len2, tmp, &tmp_len); + + if (ret >= 0) + { + STR_APPEND (tmp); + } + } + else + { + for (k = 0; k < len2; k++) + { + snprintf (tmp, sizeof (tmp), + "%02X", (up->value)[k + len3]); + STR_APPEND (tmp); + } + + } + } + else + { + if (value) + STR_APPEND (value); + } + + } + break; case TYPE_SET: case TYPE_SET_OF: case TYPE_CHOICE: @@ -491,98 +549,115 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE structure, case TYPE_SEQUENCE_OF: case TYPE_SEQUENCE: case TYPE_NULL: - break; + break; default: - break; + break; } } - if (p->down && is_node_printable(p)) { - ASN1_TYPE x; - p = p->down; - indent += 2; - x = p; - do { - if (is_node_printable(x)) { - STR_APPEND("\n"); - break; + if (p->down && is_node_printable (p)) + { + ASN1_TYPE x; + p = p->down; + indent += 2; + x = p; + do + { + if (is_node_printable (x)) + { + STR_APPEND ("\n"); + break; } - x = x->right; - } while (x != NULL); - } else if (p == root) { - if (is_node_printable(p)) { - if ((ret = normalize_name(p, nname, sizeof(nname))) < 0) { - _gnutls_string_clear(&str); - gnutls_assert(); - return ret; + x = x->right; + } + while (x != NULL); + } + else if (p == root) + { + if (is_node_printable (p)) + { + if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) + { + _gnutls_string_clear (&str); + gnutls_assert (); + return ret; } - APPEND("</", 2); - STR_APPEND(nname); - APPEND(">\n", 2); + APPEND ("</", 2); + STR_APPEND (nname); + APPEND (">\n", 2); } - p = NULL; - break; - } else { - if (is_node_printable(p)) { - if ((ret = normalize_name(p, nname, sizeof(nname))) < 0) { - _gnutls_string_clear(&str); - gnutls_assert(); - return ret; + p = NULL; + break; + } + else + { + if (is_node_printable (p)) + { + if ((ret = normalize_name (p, nname, sizeof (nname))) < 0) + { + _gnutls_string_clear (&str); + gnutls_assert (); + return ret; } - APPEND("</", 2); - STR_APPEND(nname); - APPEND(">\n", 2); + APPEND ("</", 2); + STR_APPEND (nname); + APPEND (">\n", 2); } - if (p->right) - p = p->right; - else { - while (1) { - ASN1_TYPE old_p; - - old_p = p; - - p = _asn1_find_up(p); - indent -= 2; - if (is_node_printable(p)) { - if (!is_leaf(p)) /* XXX */ - for (k = 0; k < indent; k++) - STR_APPEND(" "); - - if ((ret = - normalize_name(p, nname, - sizeof(nname))) < 0) { - _gnutls_string_clear(&str); - gnutls_assert(); - return ret; + if (p->right) + p = p->right; + else + { + while (1) + { + ASN1_TYPE old_p; + + old_p = p; + + p = _asn1_find_up (p); + indent -= 2; + if (is_node_printable (p)) + { + if (!is_leaf (p)) /* XXX */ + for (k = 0; k < indent; k++) + STR_APPEND (" "); + + if ((ret = + normalize_name (p, nname, sizeof (nname))) < 0) + { + _gnutls_string_clear (&str); + gnutls_assert (); + return ret; } - APPEND("</", 2); - STR_APPEND(nname); - APPEND(">\n", 2); + APPEND ("</", 2); + STR_APPEND (nname); + APPEND (">\n", 2); } - if (p == root) { - p = NULL; - break; + if (p == root) + { + p = NULL; + break; } - if (p->right) { - p = p->right; - break; + if (p->right) + { + p = p->right; + break; } } } } } - STR_APPEND(XML_FOOTER); - APPEND("\n\0", 2); + STR_APPEND (XML_FOOTER); + APPEND ("\n\0", 2); - *res = _gnutls_string2datum(&str); - res->size -= 1; /* null is not included in size */ + *res = _gnutls_string2datum (&str); + res->size -= 1; /* null is not included in size */ - return 0; + return 0; } /** @@ -596,21 +671,23 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE structure, * Returns a negative error code in case of an error. * **/ -int gnutls_x509_crt_to_xml(gnutls_x509_crt_t cert, gnutls_datum_t * res, - int detail) +int +gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, gnutls_datum_t * res, + int detail) { - int result; + int result; - res->data = NULL; - res->size = 0; + res->data = NULL; + res->size = 0; - result = _gnutls_asn1_get_structure_xml(cert->cert, res, detail); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_asn1_get_structure_xml (cert->cert, res, detail); + if (result < 0) + { + gnutls_assert (); + return result; } - return 0; + return 0; } /* This function will attempt to parse Extensions in @@ -619,45 +696,49 @@ int gnutls_x509_crt_to_xml(gnutls_x509_crt_t cert, gnutls_datum_t * res, * If no_critical_ext is non zero, then unsupported critical extensions * do not lead into a fatal error. */ -static int _gnutls_x509_expand_extensions(ASN1_TYPE * rasn) +static int +_gnutls_x509_expand_extensions (ASN1_TYPE * rasn) { - int k, result, len; - char name[128], name2[128], counter[MAX_INT_DIGITS]; - char name1[128]; - char extnID[128]; + int k, result, len; + char name[128], name2[128], counter[MAX_INT_DIGITS]; + char name1[128]; + char extnID[128]; - k = 0; - do { - k++; + k = 0; + do + { + k++; - _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); - _gnutls_int2str(k, counter); - _gnutls_str_cat(name, sizeof(name), counter); + _gnutls_str_cpy (name, sizeof (name), "tbsCertificate.extensions.?"); + _gnutls_int2str (k, counter); + _gnutls_str_cat (name, sizeof (name), counter); - _gnutls_str_cpy(name2, sizeof(name2), name); - _gnutls_str_cat(name2, sizeof(name2), ".extnID"); + _gnutls_str_cpy (name2, sizeof (name2), name); + _gnutls_str_cat (name2, sizeof (name2), ".extnID"); - _gnutls_str_cpy(name1, sizeof(name1), name); - _gnutls_str_cat(name1, sizeof(name1), ".extnValue"); + _gnutls_str_cpy (name1, sizeof (name1), name); + _gnutls_str_cat (name1, sizeof (name1), ".extnValue"); - len = sizeof(extnID) - 1; + len = sizeof (extnID) - 1; - result = asn1_expand_octet_string(_gnutls_get_pkix(), - rasn, name1, name2); + result = asn1_expand_octet_string (_gnutls_get_pkix (), + rasn, name1, name2); - if (result == ASN1_ELEMENT_NOT_FOUND) - break; - else if (result != ASN1_SUCCESS) { - gnutls_assert(); - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + break; + else if (result != ASN1_SUCCESS) + { + gnutls_assert (); + return _gnutls_asn2err (result); } - } while (1); + } + while (1); - if (result == ASN1_ELEMENT_NOT_FOUND) - return 0; - else - return _gnutls_asn2err(result); + if (result == ASN1_ELEMENT_NOT_FOUND) + return 0; + else + return _gnutls_asn2err (result); } #endif |